adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/55c2797f-1cd0-4d5f-92b9-4f93950d210b.json

35313 lines
No EOL
1.5 MiB
Raw Blame History

{
"type": "bundle",
"id": "bundle--55c2797f-1cd0-4d5f-92b9-4f93950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:41:18.000Z",
"modified": "2015-08-25T13:41:18.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--55c2797f-1cd0-4d5f-92b9-4f93950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:41:18.000Z",
"modified": "2015-08-25T13:41:18.000Z",
"name": "OSINT Technical Analysis Tracks the Sakula Malware Family by SecureWorks",
"published": "2015-08-25T13:41:25Z",
"object_refs": [
"observed-data--55c279a1-10c8-4c40-87af-495d950d210b",
"url--55c279a1-10c8-4c40-87af-495d950d210b",
"observed-data--55c279a1-a61c-4f7d-9928-43af950d210b",
"url--55c279a1-a61c-4f7d-9928-43af950d210b",
"x-misp-attribute--55c36a52-f3c0-4093-ba9e-4fb1950d210b",
"indicator--55c36b1d-1258-42d3-88e8-452a950d210b",
"indicator--55c36b1d-bf8c-4bde-a8a9-4acf950d210b",
"indicator--55c36b1d-f014-4987-840f-4a53950d210b",
"indicator--55c36b2b-3c9c-4c65-9f58-4d4e950d210b",
"indicator--55c36b2c-9bc4-47fd-969e-4e7c950d210b",
"indicator--55c36b2c-9e60-4037-93a7-4560950d210b",
"indicator--55c36b2c-b108-4954-8d9b-47f0950d210b",
"indicator--55c36b2c-cbe0-4726-8f29-4aee950d210b",
"indicator--55c36b2c-8a14-4126-ad99-41b9950d210b",
"indicator--55c36b2d-2c60-4066-a296-44d4950d210b",
"indicator--55c36b2d-b51c-4d7a-bfcb-45e3950d210b",
"indicator--55c36b2d-f6a4-41c9-9741-4321950d210b",
"indicator--55c36b2d-b85c-498d-9024-4955950d210b",
"indicator--55c36b2d-47b0-42f2-8a73-4c50950d210b",
"indicator--55c36b67-ccfc-405b-8199-4db7950d210b",
"indicator--55c36b67-5f9c-4862-a372-4b61950d210b",
"indicator--55c36b67-a4a8-4618-90b9-4788950d210b",
"indicator--55c36b67-8498-4f98-b03d-482f950d210b",
"indicator--55c36b90-bd60-4a62-865f-4e61950d210b",
"indicator--55c36b90-4634-401d-9452-48f5950d210b",
"indicator--55c36b90-5a8c-4aae-ad0a-4510950d210b",
"indicator--55c36b90-a07c-45e0-b406-4724950d210b",
"indicator--55c36b90-2164-40f2-af52-42f7950d210b",
"indicator--55c36b90-7728-44cc-ad2f-4023950d210b",
"indicator--55c36b91-f8f4-4552-ad75-4fdc950d210b",
"indicator--55c36b91-56b0-486e-ba5c-4dff950d210b",
"indicator--55c36b91-d958-4b9d-9cf8-449b950d210b",
"indicator--55c36b91-6ae8-4164-8aac-4709950d210b",
"indicator--55c36b91-9790-4bcd-a03f-43fb950d210b",
"indicator--55c36b92-d420-43d9-96e9-40e3950d210b",
"observed-data--55c36bae-86fc-4d43-b495-45f4950d210b",
"domain-name--55c36bae-86fc-4d43-b495-45f4950d210b",
"observed-data--55c36bae-daf0-45bf-a6ea-4c8d950d210b",
"domain-name--55c36bae-daf0-45bf-a6ea-4c8d950d210b",
"observed-data--55c36baf-7910-4850-980b-4d5b950d210b",
"domain-name--55c36baf-7910-4850-980b-4d5b950d210b",
"indicator--55c36bf5-04a8-4f73-8b23-405a950d210b",
"indicator--55c36bf5-bbf8-4fb8-8c06-4da4950d210b",
"indicator--55c36bf5-3b90-4cc1-aea4-48c9950d210b",
"indicator--55c36bf6-6fe4-4735-a5f9-478c950d210b",
"indicator--55c36bf6-cdb8-441f-a7fd-40c8950d210b",
"indicator--55c36bf6-7e98-4fab-8377-492c950d210b",
"indicator--55c36bf6-d184-48f9-be37-4846950d210b",
"indicator--55c36bf6-985c-4591-af91-405b950d210b",
"indicator--55c36bf7-7868-4b85-baa9-4147950d210b",
"indicator--55c36bf7-bce8-447b-8cdc-4be4950d210b",
"indicator--55c36bf7-8acc-442c-a736-408a950d210b",
"indicator--55c36bf7-5a38-42bd-b5e8-4975950d210b",
"indicator--55c36bf7-1a60-45e0-b4fb-479b950d210b",
"indicator--55c36bf7-a154-42d6-88d2-44b1950d210b",
"indicator--55c36bf8-e868-499b-b12d-4f2a950d210b",
"indicator--55c36bf8-89a0-4468-9177-4220950d210b",
"indicator--55c36bf8-86d0-44c7-a748-4110950d210b",
"indicator--55c36bf8-bbc4-4bf0-a437-462e950d210b",
"indicator--55c36bf8-6794-4b1e-8ea6-4d26950d210b",
"indicator--55c36bf9-9f38-40a7-bdb6-4f58950d210b",
"indicator--55c36bf9-e580-4afb-84b4-48df950d210b",
"indicator--55c36bf9-b6e8-4aa1-8da3-41e7950d210b",
"indicator--55c36bf9-2860-4282-b361-45be950d210b",
"indicator--55c36bf9-d944-4ff9-b8a8-4924950d210b",
"indicator--55c36bfa-ffd0-4a13-8454-4886950d210b",
"indicator--55c36bfa-b0e0-4a89-be39-4b57950d210b",
"indicator--55c36bfa-f99c-4276-8a31-417d950d210b",
"indicator--55c36bfa-68fc-4064-a995-42e5950d210b",
"indicator--55c36bfa-8ba0-460a-90e6-4805950d210b",
"indicator--55c36bfb-2248-4d83-88cd-4bb0950d210b",
"indicator--55c36bfb-1e2c-431e-854a-4929950d210b",
"indicator--55c36bfb-b6fc-4075-b4d0-4223950d210b",
"indicator--55c36bfb-ce94-4a2b-8e85-44c8950d210b",
"indicator--55c36bfb-5644-43f0-b37f-4bc7950d210b",
"indicator--55c36bfb-7a7c-4bf4-b4d4-4887950d210b",
"indicator--55c36bfc-b4f0-4dbc-bea2-4a31950d210b",
"indicator--55c36bfc-0b70-4e27-bf41-486d950d210b",
"indicator--55c36bfc-13c8-46a8-b8f8-4959950d210b",
"indicator--55c36bfc-271c-4339-8f6b-4b91950d210b",
"indicator--55c36bfc-1f2c-485d-803e-46e8950d210b",
"indicator--55c36bfd-1320-4d32-ad03-4558950d210b",
"indicator--55c36bfd-2848-46f5-a1df-430d950d210b",
"indicator--55c36bfd-f780-41b7-9fa0-48b6950d210b",
"indicator--55c36bfd-dda8-4737-b4cc-4fe3950d210b",
"indicator--55c36bfd-374c-41d0-9d27-4b4a950d210b",
"indicator--55c36bfe-3b00-4b7e-8669-402d950d210b",
"indicator--55c36bfe-4dd4-4762-8137-4a43950d210b",
"indicator--55c36bfe-c0dc-456a-96a4-474b950d210b",
"indicator--55c36bfe-22bc-4fc3-abc6-4dd2950d210b",
"indicator--55c36bfe-4ec4-47bf-8f38-43e4950d210b",
"indicator--55c36bfe-dadc-4e57-9527-4387950d210b",
"indicator--55c36bff-480c-4f65-8052-4e69950d210b",
"indicator--55c36bff-4c74-4358-8115-40c9950d210b",
"indicator--55c36bff-57e0-41f8-a98d-4474950d210b",
"indicator--55c36bff-41c4-4349-9d76-41a3950d210b",
"indicator--55c36bff-86ac-42e2-bad6-43a9950d210b",
"indicator--55c36c00-d578-4099-832f-4bf6950d210b",
"indicator--55c36c00-36c8-4feb-99c4-44aa950d210b",
"indicator--55c36c00-6ab4-4b4f-9e3c-4358950d210b",
"indicator--55c36c00-8de0-4b0f-936a-4c19950d210b",
"indicator--55c36c00-5658-4907-b9fe-426e950d210b",
"indicator--55c36c00-1360-4a06-8e48-48d2950d210b",
"indicator--55c36c01-a298-4412-97ad-4f9f950d210b",
"indicator--55c36c01-5d24-43d1-9880-41cf950d210b",
"indicator--55c36c01-e654-4220-a1f7-4755950d210b",
"indicator--55c36c01-8244-4199-8ab6-4339950d210b",
"indicator--55c36c01-0f54-4b08-b306-45a8950d210b",
"indicator--55c36c02-1820-4f50-98ca-49dd950d210b",
"indicator--55c36c02-0d90-4559-9df2-4899950d210b",
"indicator--55c36c02-f7c8-4c05-a570-46dc950d210b",
"indicator--55c36c02-0d74-45cc-a563-4c7b950d210b",
"indicator--55c36c02-866c-4ba6-aecf-45f2950d210b",
"indicator--55c36c03-f674-4b71-8b76-44cb950d210b",
"indicator--55c36c03-e048-4f3f-ba34-4ebc950d210b",
"indicator--55c36c03-3a54-424a-8002-4256950d210b",
"indicator--55c36c03-5f24-40ef-80cf-4ae2950d210b",
"indicator--55c36c03-4938-4a56-b62c-4c69950d210b",
"indicator--55c36c03-b4f0-4c52-82bd-4f00950d210b",
"indicator--55c36c03-0d50-4eba-a5cd-4c61950d210b",
"indicator--55c36c04-74ac-4627-8f26-4fff950d210b",
"indicator--55c36c04-d9a4-4bf7-a097-4a95950d210b",
"indicator--55c36c04-3348-4357-a1a1-4a2c950d210b",
"indicator--55c36c04-4b38-4e09-a5fb-474f950d210b",
"indicator--55c36c04-b960-40fa-8fd8-4f42950d210b",
"indicator--55c36c04-a9b4-48f9-a30f-40b0950d210b",
"indicator--55c36c05-f92c-4358-9fc5-47fa950d210b",
"indicator--55c36c05-b818-46f4-a375-4dd7950d210b",
"indicator--55c36c05-3cc8-4584-9128-40dc950d210b",
"indicator--55c36c05-6394-4216-a078-4824950d210b",
"indicator--55c36c05-c610-48d8-9f1e-4166950d210b",
"indicator--55c36c05-11c4-4db4-a392-41eb950d210b",
"indicator--55c36c06-94d4-4fbc-80d5-4cf5950d210b",
"indicator--55c36c06-0f20-4f69-88e8-4e56950d210b",
"indicator--55c36c06-31ec-4ce9-8675-4751950d210b",
"indicator--55c36c06-1158-4c1d-9006-417e950d210b",
"indicator--55c36c06-53c4-45d9-ab63-4316950d210b",
"indicator--55c36c06-f110-462c-96b7-443c950d210b",
"indicator--55c36c07-6360-461c-b15f-45bf950d210b",
"indicator--55c36c07-d76c-4f19-896e-40a6950d210b",
"indicator--55c36c07-7f30-4c17-bf04-4fb8950d210b",
"indicator--55c36c07-44f0-4c01-ad64-4cb7950d210b",
"indicator--55c36c07-8a50-49d2-8877-4d8c950d210b",
"indicator--55c36c07-5bf0-4981-a5ba-4d71950d210b",
"indicator--55c36c07-513c-40bb-af2d-4362950d210b",
"indicator--55c36c08-2724-4da6-91e0-43d9950d210b",
"indicator--55c36c08-5068-45b3-8aa0-47a7950d210b",
"indicator--55c36c08-be98-4677-ae12-48e2950d210b",
"indicator--55c36c08-0b68-4af9-ab7d-4b9c950d210b",
"indicator--55c36c08-7a20-4b8f-9c5d-47ae950d210b",
"indicator--55c36c08-43b0-4505-a02d-4976950d210b",
"indicator--55c36c09-7354-4204-8101-40fa950d210b",
"indicator--55c36c09-1708-4975-8653-42ae950d210b",
"indicator--55c36c09-d0d0-4ae8-868d-4266950d210b",
"indicator--55c36c09-6020-4df3-b660-4250950d210b",
"indicator--55c36c09-a398-4cc6-a508-411b950d210b",
"indicator--55c36c09-5870-4c06-98c0-40da950d210b",
"indicator--55c36c0a-b62c-43d8-91bd-49dc950d210b",
"indicator--55c36c0a-04c8-4ba6-9d0b-42d4950d210b",
"indicator--55c36c0a-9158-4364-9ba7-41ae950d210b",
"indicator--55c36c0a-f2b4-477d-9a4c-4769950d210b",
"indicator--55c36c0a-da78-4675-b384-470e950d210b",
"indicator--55c36c0a-11b0-45f4-8727-465a950d210b",
"indicator--55c36c0b-538c-467b-9d95-49e0950d210b",
"indicator--55c36c0b-fe84-4dd3-a56b-4d4a950d210b",
"indicator--55c36c0b-b91c-44b4-bad6-423a950d210b",
"indicator--55c36c0b-0b68-41af-a002-43a0950d210b",
"indicator--55c36c0b-5efc-450c-a0bf-4c6a950d210b",
"indicator--55c36c0b-d4c8-481f-91b6-41fd950d210b",
"indicator--55c36c0b-83b4-4e2e-8f4f-41bf950d210b",
"indicator--55c36c0c-c690-48fb-a5a9-43f6950d210b",
"indicator--55c36c0c-693c-451a-8e4c-47b3950d210b",
"indicator--55c36c0c-8804-4ba6-8a88-4f7f950d210b",
"indicator--55c36c0c-9ef4-4676-b908-4ebf950d210b",
"indicator--55c36c0c-d988-49ad-adb3-4fec950d210b",
"indicator--55c36c0c-72f8-404b-831b-43a2950d210b",
"indicator--55c36c0d-d12c-44ec-a9e1-4549950d210b",
"indicator--55c36c0d-f1d4-43f7-80e3-48e4950d210b",
"indicator--55c36c0d-3e34-4dd6-b7c8-4cd5950d210b",
"indicator--55c36c0d-9f50-44ac-9e62-41a7950d210b",
"indicator--55c36c0d-fc28-4008-a47c-4c5a950d210b",
"indicator--55c36c0d-73d4-4c7c-bb5c-49ad950d210b",
"indicator--55c36c0e-4154-4767-a1b3-4ef9950d210b",
"indicator--55c36c0e-508c-46d4-81aa-4afc950d210b",
"indicator--55c36c0e-3df8-4791-b6cd-4cde950d210b",
"indicator--55c36c0e-9b14-474f-8b3b-4895950d210b",
"indicator--55c36c0e-5488-48ae-90ea-40bd950d210b",
"indicator--55c36c0e-d7d0-4ff2-843c-474b950d210b",
"indicator--55c36c0e-ff40-427c-9d9c-4fbd950d210b",
"indicator--55c36c0f-ba10-40e7-b875-45ad950d210b",
"indicator--55c36c0f-7b8c-43b6-a107-47d8950d210b",
"indicator--55c36c0f-8ee0-447f-a450-420b950d210b",
"indicator--55c36c0f-1fa8-4d6e-9947-4309950d210b",
"indicator--55c36c0f-bec0-404a-9f02-4fe8950d210b",
"indicator--55c36c0f-71f8-4f74-ad32-46cd950d210b",
"indicator--55c36c10-7c6c-4e06-87af-400b950d210b",
"indicator--55c36c10-6dd0-4451-9565-4e79950d210b",
"indicator--55c36c10-1614-41be-ae07-4e61950d210b",
"indicator--55c36c10-34e4-4318-ab5b-4192950d210b",
"indicator--55c36c10-ce68-417b-88d0-4e49950d210b",
"indicator--55c36c10-3320-4e95-9330-4d28950d210b",
"indicator--55c36c11-a9b4-46d8-9556-4db5950d210b",
"indicator--55c36c11-5e1c-4485-94df-4985950d210b",
"indicator--55c36c11-12d8-446b-9f88-45ad950d210b",
"indicator--55c36c11-07ac-49c7-922e-46e7950d210b",
"indicator--55c36c11-d854-4140-bf70-4453950d210b",
"indicator--55c36c11-f8bc-44ba-bfc0-4e9f950d210b",
"indicator--55c36c11-60e8-400f-82b6-4d82950d210b",
"indicator--55c36c12-4ef8-4fac-9d85-4c74950d210b",
"indicator--55c36c12-250c-4b68-975b-4a79950d210b",
"indicator--55c36c12-017c-4051-8e88-44a8950d210b",
"indicator--55c36c12-e830-422e-865a-4657950d210b",
"indicator--55c36c12-168c-4fe8-8d61-4ed0950d210b",
"indicator--55c36c12-3120-456c-ac69-4b5d950d210b",
"indicator--55c36c13-077c-4ae6-9e34-4c80950d210b",
"indicator--55c36c13-e944-45b8-9d07-4393950d210b",
"indicator--55c36c13-c844-4e5c-ae86-4ad5950d210b",
"indicator--55c36c13-57f8-4af6-ab93-4a98950d210b",
"indicator--55c36c13-98f0-49bc-905b-4602950d210b",
"indicator--55c36c13-6e50-4156-bca2-47ec950d210b",
"indicator--55c36c14-0fd8-4707-a1b5-491e950d210b",
"indicator--55c36c14-fca4-4f9f-899e-4d9f950d210b",
"indicator--55c36c14-d124-43d0-b7a4-4e1f950d210b",
"indicator--55c36c14-bcec-4605-8d1e-4d35950d210b",
"indicator--55c36c14-05d0-487e-b4cc-47a6950d210b",
"indicator--55c36c14-98f8-4af6-b40d-4993950d210b",
"indicator--55c36c15-9bb4-4125-a86c-45ce950d210b",
"indicator--55c36c15-71b8-45fd-ab2d-4a6d950d210b",
"indicator--55c36c15-51e8-42a6-b7d8-4df4950d210b",
"indicator--55c36c15-85f4-4586-b586-426a950d210b",
"indicator--55c36c15-51d0-46e5-991f-4d36950d210b",
"indicator--55c36c15-6238-4a1b-8724-4bbb950d210b",
"indicator--55c36c15-4938-4520-a98d-48a1950d210b",
"indicator--55c36c16-36b4-4207-9bd6-4608950d210b",
"indicator--55c36c16-7004-45aa-842c-4763950d210b",
"indicator--55c36c16-51ac-4858-8f73-4408950d210b",
"indicator--55c36c16-36e4-4401-8a4d-4354950d210b",
"indicator--55c36c16-3b04-4ca1-86c2-4368950d210b",
"indicator--55c36c16-2e38-48cb-9e48-4f32950d210b",
"indicator--55c36c17-b62c-4d8d-a531-4fe4950d210b",
"indicator--55c36c17-d7c4-4447-9e16-428e950d210b",
"indicator--55c36c17-57e8-4ee5-8782-43b1950d210b",
"indicator--55c36c17-b480-4ec4-b5f7-4747950d210b",
"indicator--55c36c17-cecc-42c8-9148-4019950d210b",
"indicator--55c36c17-123c-4f3d-bbc6-4b08950d210b",
"indicator--55c36c18-2e74-4d69-9cab-4f95950d210b",
"indicator--55c36c18-6d70-4cf1-bdfb-404b950d210b",
"indicator--55c36c18-6cdc-41b7-b411-4014950d210b",
"indicator--55c36c18-e278-47c3-a090-4e19950d210b",
"indicator--55c36c18-f5f4-4a6e-a0ed-4e7f950d210b",
"indicator--55c36c18-14f0-4b99-a21a-446c950d210b",
"indicator--55c36c19-02f4-42cc-be05-447a950d210b",
"indicator--55c36c19-8288-4c06-9d95-450a950d210b",
"indicator--55c36c19-ac6c-428e-a20e-4101950d210b",
"indicator--55c36c19-41f8-44c0-a288-4a3b950d210b",
"indicator--55c36c19-5a48-46c4-af6e-48d7950d210b",
"indicator--55c36c19-65c4-4211-ad27-46dd950d210b",
"indicator--55c36c19-a924-4dec-84b5-498d950d210b",
"indicator--55c36c1a-675c-42dd-b5e7-4a3b950d210b",
"indicator--55c36c1a-6a9c-4dc8-a386-480b950d210b",
"indicator--55c36c1a-a0f4-4050-a2e7-455c950d210b",
"indicator--55c36c1a-d8f0-4f66-9683-4ab5950d210b",
"indicator--55c36c1a-2f8c-4745-b24d-49ef950d210b",
"indicator--55c36c1a-355c-47eb-901d-48a3950d210b",
"indicator--55c36c1b-dde0-42cb-9c6f-47e4950d210b",
"indicator--55c36c1b-4f64-4522-90e0-48c9950d210b",
"indicator--55c36c1b-48d0-4de3-89e2-4a05950d210b",
"indicator--55c36c1b-4954-4d59-9384-4525950d210b",
"indicator--55c36c1b-cf70-4bda-b300-4e14950d210b",
"indicator--55c36c1b-7a90-4fd9-9d40-438c950d210b",
"indicator--55c36c1c-48bc-470d-b4c3-4b7f950d210b",
"indicator--55c36c1c-4bd4-4d12-82f7-499f950d210b",
"indicator--55c36c1c-6470-4333-9944-4900950d210b",
"indicator--55c36c1c-cc78-4c3c-99f8-4c9f950d210b",
"indicator--55c36c1c-cea4-49b3-82f8-465b950d210b",
"indicator--55c36c1c-3888-439a-a2d0-4839950d210b",
"indicator--55c36c1d-72d0-4b37-b298-41ef950d210b",
"indicator--55c36c1d-3850-488b-a6f0-4f3c950d210b",
"indicator--55c36c1d-dfdc-46b3-abfd-4c78950d210b",
"indicator--55c36c1d-8040-4130-9e3d-4d0b950d210b",
"indicator--55c36c1d-7e38-42fd-b096-4f4c950d210b",
"indicator--55c36c1d-7afc-4a18-a883-453f950d210b",
"indicator--55c36c1d-a140-47c2-bbbb-47b7950d210b",
"indicator--55c36c1e-1268-442f-a76b-423b950d210b",
"indicator--55c36c1e-df30-4c13-a769-48bf950d210b",
"indicator--55c36c1e-d848-4c54-b01e-493f950d210b",
"indicator--55c36c1e-0ffc-489d-bb4e-4a02950d210b",
"indicator--55c36c1e-ec08-4866-b9e5-4502950d210b",
"indicator--55c36c1e-2940-4d4a-83a6-4cc4950d210b",
"indicator--55c36c1f-f338-49bc-a1be-4b11950d210b",
"indicator--55c36c1f-fb34-4009-a8c9-416b950d210b",
"indicator--55c36c1f-5530-4560-aa8f-499b950d210b",
"indicator--55c36c1f-1c94-4a12-9988-4626950d210b",
"indicator--55c36c1f-99e4-4f36-a471-4925950d210b",
"indicator--55c36c1f-0864-4377-878d-44d3950d210b",
"indicator--55c36c20-5638-4518-978b-43a6950d210b",
"indicator--55c36c20-8b2c-4799-bcb8-4909950d210b",
"indicator--55c36c20-15b0-4fa3-a7b3-43b9950d210b",
"indicator--55c36c20-80e4-41cd-b95c-459c950d210b",
"indicator--55c36c20-3d6c-4b9b-8c3f-4352950d210b",
"indicator--55c36c20-c3b4-4083-ac65-4348950d210b",
"indicator--55c36c20-c274-4e33-9801-405f950d210b",
"indicator--55c36c21-6aec-4a52-a816-4d3d950d210b",
"indicator--55c36c21-8fa0-40cc-9fc0-4200950d210b",
"indicator--55c36c21-a2e8-45bd-b303-4cd4950d210b",
"indicator--55c36c21-fdc4-4faf-99e3-44a7950d210b",
"indicator--55c36c21-b628-415b-8d07-483f950d210b",
"indicator--55c36c21-964c-473b-ae22-443b950d210b",
"indicator--55c36c22-96a8-4298-9789-4a1d950d210b",
"indicator--55c36c22-bc3c-4e6a-aa3c-4d1a950d210b",
"indicator--55c36c22-ffc4-464c-8634-41ff950d210b",
"indicator--55c36c22-7934-4616-9467-424a950d210b",
"indicator--55c36c22-ac10-450f-b0ba-4e82950d210b",
"indicator--55c36c22-f0ac-4f84-b361-4ce8950d210b",
"indicator--55c36c23-57a8-44db-9133-47c1950d210b",
"indicator--55c36c23-9638-442c-8063-44a0950d210b",
"indicator--55c36c23-9e84-4fbf-83e2-4edf950d210b",
"indicator--55c36c23-d10c-45ba-9f4f-4b65950d210b",
"indicator--55c36c23-16ec-4837-a6a2-4d0d950d210b",
"indicator--55c36c23-eee8-43ae-9a23-4345950d210b",
"indicator--55c36c24-7d8c-4a48-a355-4bf7950d210b",
"indicator--55c36c24-8f24-4818-a0f1-49cb950d210b",
"indicator--55c36c24-2f90-4c5d-a4b8-4b8b950d210b",
"indicator--55c36c24-5040-47ee-8874-4e0f950d210b",
"indicator--55c36c24-f574-449b-8241-4e76950d210b",
"indicator--55c36c24-f2f8-4702-a051-4a79950d210b",
"indicator--55c36c25-deb8-48b1-89d4-4152950d210b",
"indicator--55c36c25-fca4-4690-b678-45ad950d210b",
"indicator--55c36c25-61b0-43b1-a104-42ec950d210b",
"indicator--55c36c25-c958-4103-8f9c-4544950d210b",
"indicator--55c36c25-bf88-4e20-b706-412d950d210b",
"indicator--55c36c25-5860-4660-8998-4c95950d210b",
"indicator--55c36c25-f3b8-47ca-8223-4ded950d210b",
"indicator--55c36c26-d920-4d92-a86d-4c97950d210b",
"indicator--55c36c26-3934-4f5b-9234-4d15950d210b",
"indicator--55c36c26-3554-410c-9939-42d8950d210b",
"indicator--55c36c26-742c-4378-82e5-4204950d210b",
"indicator--55c36c26-93a8-4656-b302-469d950d210b",
"indicator--55c36c26-02bc-4d9f-b222-49b1950d210b",
"indicator--55c36c27-6bdc-40a1-8e71-46fc950d210b",
"indicator--55c36c27-2c60-4aa5-9b73-48e5950d210b",
"indicator--55c36c27-bbb8-4201-b686-4c57950d210b",
"indicator--55c36c27-d7e4-4c54-be7e-4f25950d210b",
"indicator--55c36c27-6afc-4b34-a8d3-4d66950d210b",
"indicator--55c36c27-2884-4f08-bd31-4d0a950d210b",
"indicator--55c36c27-5f14-4418-937d-4247950d210b",
"indicator--55c36c28-19ac-479c-97f2-4100950d210b",
"indicator--55c36c28-6bfc-4277-9105-4986950d210b",
"indicator--55c36c28-17d4-4ac3-9360-4e6d950d210b",
"indicator--55c36c28-b884-45b4-8ac7-4c1f950d210b",
"indicator--55c36c28-5b3c-4841-8729-4c7a950d210b",
"indicator--55c36c28-34a8-459d-8db3-4889950d210b",
"indicator--55c36c29-672c-42dd-aef6-454c950d210b",
"indicator--55c36c29-7494-4e43-865b-4f4e950d210b",
"indicator--55c36c29-85b4-4c63-8bf7-45e8950d210b",
"indicator--55c36c29-5520-423b-8972-4810950d210b",
"indicator--55c36c29-aa88-404b-8164-4b73950d210b",
"indicator--55c36c29-3f7c-46c8-9eb8-449a950d210b",
"indicator--55c36c2a-6cb4-45d4-822b-43d8950d210b",
"indicator--55c36c2a-0ac0-421b-a4f0-4243950d210b",
"indicator--55c36c42-c41c-4e5e-a397-4105950d210b",
"indicator--55c36c42-0090-45a2-9542-497a950d210b",
"indicator--55c36c53-6f04-40c5-98cb-4183950d210b",
"indicator--55c36c6a-9a54-49da-a2e4-44b3950d210b",
"indicator--55c36c6a-65a8-4c5e-b61a-4e01950d210b",
"indicator--55c36c6a-8c10-40d9-9c43-4cbf950d210b",
"indicator--55c36c6a-2adc-41a2-92c8-4621950d210b",
"indicator--55c36c6a-2320-414e-af46-4060950d210b",
"indicator--55c36c6b-4ee0-44ea-96cc-4474950d210b",
"indicator--55c36c6b-d970-47f7-b1dc-4d8c950d210b",
"indicator--55c36c6b-c480-42eb-b524-48fa950d210b",
"indicator--55c36c6b-ecfc-42ab-98f2-4d05950d210b",
"indicator--55c36c6b-0cc4-4f0b-8f9c-4a34950d210b",
"indicator--55c36c6b-c268-40ef-81fa-4d80950d210b",
"indicator--55c36c6c-e9a0-43b9-b6b1-4c2d950d210b",
"indicator--55c36c6c-b3d8-4335-bc30-44f7950d210b",
"indicator--55c36c6c-f054-4831-936e-47e3950d210b",
"indicator--55c36c6c-4dc0-4795-925b-462f950d210b",
"indicator--55c36c6c-d174-4598-9021-4569950d210b",
"indicator--55c36c6d-6548-410f-ac02-4390950d210b",
"indicator--55c36c6d-6264-4120-bba1-4d19950d210b",
"indicator--55c36c6d-6a78-4d0f-a943-4e02950d210b",
"indicator--55c36c6d-c158-4206-ac5a-4f94950d210b",
"indicator--55c36c6d-be10-4524-a67d-4523950d210b",
"indicator--55c36c6e-9cc8-4702-9698-4123950d210b",
"indicator--55c36c6e-4d90-4aaa-838f-47e8950d210b",
"indicator--55c36c79-7ee8-4393-96b6-4105950d210b",
"indicator--55c36c89-9a20-4907-ba11-4988950d210b",
"indicator--55c36c89-1c84-4d70-a60e-4e80950d210b",
"indicator--55dc6f3c-e374-4af3-81a3-4e93950d210b",
"indicator--55dc6f3c-c720-4870-ae5f-4f59950d210b",
"observed-data--55dc6f3d-bf1c-4011-9388-4e8b950d210b",
"url--55dc6f3d-bf1c-4011-9388-4e8b950d210b",
"indicator--55dc6f3d-8b80-4ccd-938f-45c5950d210b",
"indicator--55dc6f3d-ddfc-4350-86cd-4711950d210b",
"observed-data--55dc6f3d-d5bc-4a36-b3ef-4806950d210b",
"url--55dc6f3d-d5bc-4a36-b3ef-4806950d210b",
"indicator--55dc6f3d-3dd8-4e3f-a9fe-437d950d210b",
"indicator--55dc6f3d-649c-46c4-a177-46a0950d210b",
"observed-data--55dc6f3e-58dc-4bcd-b85d-4a0b950d210b",
"url--55dc6f3e-58dc-4bcd-b85d-4a0b950d210b",
"indicator--55dc6f3e-f910-419e-8285-4557950d210b",
"indicator--55dc6f3e-0148-4031-820e-42b5950d210b",
"observed-data--55dc6f3e-4960-4b55-931e-40b9950d210b",
"url--55dc6f3e-4960-4b55-931e-40b9950d210b",
"indicator--55dc6f3e-6b74-442c-8275-4bf8950d210b",
"indicator--55dc6f3f-0f18-415f-bc0c-4d27950d210b",
"observed-data--55dc6f3f-2698-4743-a7b0-4d50950d210b",
"url--55dc6f3f-2698-4743-a7b0-4d50950d210b",
"indicator--55dc6f3f-3f20-4c9f-85cf-4d69950d210b",
"indicator--55dc6f3f-9e50-4093-a1e9-4ad8950d210b",
"observed-data--55dc6f3f-493c-4c96-8bb4-4b4f950d210b",
"url--55dc6f3f-493c-4c96-8bb4-4b4f950d210b",
"indicator--55dc6f3f-5454-4d48-910b-40e6950d210b",
"indicator--55dc6f40-c6b8-476c-bcdc-4fed950d210b",
"observed-data--55dc6f40-e7cc-4adb-98e1-4feb950d210b",
"url--55dc6f40-e7cc-4adb-98e1-4feb950d210b",
"indicator--55dc6f40-0df0-4c11-9e8a-4cf0950d210b",
"indicator--55dc6f40-06fc-4c88-a2fe-419f950d210b",
"observed-data--55dc6f40-88a4-4b11-a060-46c6950d210b",
"url--55dc6f40-88a4-4b11-a060-46c6950d210b",
"indicator--55dc6f40-bdec-4a91-9827-4a26950d210b",
"indicator--55dc6f41-ed84-4551-8e10-4b19950d210b",
"observed-data--55dc6f41-9070-4135-b7f9-484e950d210b",
"url--55dc6f41-9070-4135-b7f9-484e950d210b",
"indicator--55dc6f41-4780-4347-a1f0-446b950d210b",
"indicator--55dc6f41-3d50-4569-9270-410b950d210b",
"observed-data--55dc6f41-15dc-425b-9826-4abd950d210b",
"url--55dc6f41-15dc-425b-9826-4abd950d210b",
"indicator--55dc6f41-a640-4aa7-8e8a-400e950d210b",
"indicator--55dc6f42-d408-4752-95f9-49f5950d210b",
"observed-data--55dc6f42-fc84-4079-9e28-41f3950d210b",
"url--55dc6f42-fc84-4079-9e28-41f3950d210b",
"indicator--55dc6f42-4d74-4eb5-b16b-433c950d210b",
"indicator--55dc6f42-28c4-40eb-a471-4aca950d210b",
"observed-data--55dc6f42-abd8-44ed-8598-4b56950d210b",
"url--55dc6f42-abd8-44ed-8598-4b56950d210b",
"indicator--55dc6f42-5a10-4605-8c4d-4aef950d210b",
"indicator--55dc6f43-0504-4021-8964-43d1950d210b",
"observed-data--55dc6f43-c230-4715-9442-455a950d210b",
"url--55dc6f43-c230-4715-9442-455a950d210b",
"indicator--55dc6f43-62d0-4ee5-bcbe-405d950d210b",
"indicator--55dc6f43-abf8-4e2d-bf83-40a3950d210b",
"observed-data--55dc6f43-ee20-4a9d-a0ac-4665950d210b",
"url--55dc6f43-ee20-4a9d-a0ac-4665950d210b",
"indicator--55dc6f43-1cb8-46f8-a6e6-4cd8950d210b",
"indicator--55dc6f44-f6b0-40cd-ac66-422d950d210b",
"observed-data--55dc6f44-fde8-4d06-bd91-4615950d210b",
"url--55dc6f44-fde8-4d06-bd91-4615950d210b",
"indicator--55dc6f44-79f4-4e11-b456-49c1950d210b",
"indicator--55dc6f44-11a0-4f92-98cc-490d950d210b",
"observed-data--55dc6f44-215c-4a8e-81e7-4585950d210b",
"url--55dc6f44-215c-4a8e-81e7-4585950d210b",
"indicator--55dc6f44-5930-438b-9ea0-4749950d210b",
"indicator--55dc6f45-2474-4d51-955c-4780950d210b",
"observed-data--55dc6f45-5600-4a0d-9223-4254950d210b",
"url--55dc6f45-5600-4a0d-9223-4254950d210b",
"indicator--55dc6f45-64d0-428d-9a70-482d950d210b",
"indicator--55dc6f45-86a8-4d16-97b4-4a7b950d210b",
"observed-data--55dc6f45-e538-4382-8cc9-4044950d210b",
"url--55dc6f45-e538-4382-8cc9-4044950d210b",
"indicator--55dc6f45-4734-4469-aced-4014950d210b",
"indicator--55dc6f46-7c58-4331-b947-4f4e950d210b",
"observed-data--55dc6f46-bda0-47e9-9f9a-4b72950d210b",
"url--55dc6f46-bda0-47e9-9f9a-4b72950d210b",
"indicator--55dc6f46-8a38-442a-8bf4-4e81950d210b",
"indicator--55dc6f46-da58-4cf4-b15b-4669950d210b",
"observed-data--55dc6f46-1f68-4f52-af4c-40d9950d210b",
"url--55dc6f46-1f68-4f52-af4c-40d9950d210b",
"indicator--55dc6f46-3dec-4a33-92a2-47cf950d210b",
"indicator--55dc6f47-47d4-4a62-89eb-4896950d210b",
"observed-data--55dc6f47-d7ac-43dd-9fc2-4bbf950d210b",
"url--55dc6f47-d7ac-43dd-9fc2-4bbf950d210b",
"indicator--55dc6f47-f328-435b-abdd-4bc5950d210b",
"indicator--55dc6f47-bc5c-4b19-8655-46a8950d210b",
"observed-data--55dc6f47-3318-4283-9e25-4eb2950d210b",
"url--55dc6f47-3318-4283-9e25-4eb2950d210b",
"indicator--55dc6f48-00f4-42bf-964e-4439950d210b",
"indicator--55dc6f48-b70c-4e80-8db6-4aad950d210b",
"observed-data--55dc6f48-82fc-4d8d-8c99-46f2950d210b",
"url--55dc6f48-82fc-4d8d-8c99-46f2950d210b",
"indicator--55dc6f48-9ac8-4f51-bb5f-4783950d210b",
"indicator--55dc6f48-1d8c-48c0-83df-4a7e950d210b",
"observed-data--55dc6f48-adf8-4203-8be9-4ce0950d210b",
"url--55dc6f48-adf8-4203-8be9-4ce0950d210b",
"indicator--55dc6f49-ef48-40fe-a006-41b2950d210b",
"indicator--55dc6f49-d310-4f74-8449-477d950d210b",
"observed-data--55dc6f49-0448-4fda-a10f-4b15950d210b",
"url--55dc6f49-0448-4fda-a10f-4b15950d210b",
"indicator--55dc6f49-b1a8-4276-bbf1-4ea2950d210b",
"indicator--55dc6f49-43dc-42e7-961d-4fc2950d210b",
"observed-data--55dc6f49-09d8-4f7b-803c-4758950d210b",
"url--55dc6f49-09d8-4f7b-803c-4758950d210b",
"indicator--55dc6f4a-36d4-401a-81b3-43fe950d210b",
"indicator--55dc6f4a-f354-427a-8e32-4c80950d210b",
"observed-data--55dc6f4a-98d4-4335-b781-4daa950d210b",
"url--55dc6f4a-98d4-4335-b781-4daa950d210b",
"indicator--55dc6f4a-f3b8-4ad2-94dd-426b950d210b",
"indicator--55dc6f4a-2c7c-41e3-bce1-4506950d210b",
"observed-data--55dc6f4a-b53c-4f5f-9c81-44fb950d210b",
"url--55dc6f4a-b53c-4f5f-9c81-44fb950d210b",
"indicator--55dc6f4b-7cb4-4e78-a7b9-4412950d210b",
"indicator--55dc6f4b-bfc4-4de0-820c-412d950d210b",
"observed-data--55dc6f4b-542c-4fcd-95b5-491a950d210b",
"url--55dc6f4b-542c-4fcd-95b5-491a950d210b",
"indicator--55dc6f4b-3fd0-45bd-8f2c-477a950d210b",
"indicator--55dc6f4b-a8d8-4726-bdf0-470b950d210b",
"observed-data--55dc6f4b-6488-4dc3-aad9-49ba950d210b",
"url--55dc6f4b-6488-4dc3-aad9-49ba950d210b",
"indicator--55dc6f4c-69c8-4f65-91b0-42af950d210b",
"indicator--55dc6f4c-65b8-45ff-8e78-49a7950d210b",
"observed-data--55dc6f4c-32c4-4695-987b-4c05950d210b",
"url--55dc6f4c-32c4-4695-987b-4c05950d210b",
"indicator--55dc6f4c-48e0-4f5c-b640-4527950d210b",
"indicator--55dc6f4c-5640-4b4d-847d-4996950d210b",
"observed-data--55dc6f4d-e784-4064-b01f-4d60950d210b",
"url--55dc6f4d-e784-4064-b01f-4d60950d210b",
"indicator--55dc6f4d-cca0-4296-bca7-4ca0950d210b",
"indicator--55dc6f4d-7058-4e79-99b8-423e950d210b",
"observed-data--55dc6f4d-1a80-4290-8652-4957950d210b",
"url--55dc6f4d-1a80-4290-8652-4957950d210b",
"indicator--55dc6f4d-538c-4449-9dd5-44ec950d210b",
"indicator--55dc6f4d-33f0-448b-9d94-4aa3950d210b",
"observed-data--55dc6f4e-fe74-4f65-8e38-4e02950d210b",
"url--55dc6f4e-fe74-4f65-8e38-4e02950d210b",
"indicator--55dc6f4e-065c-45c0-a006-41aa950d210b",
"indicator--55dc6f4e-f024-4f3c-aaab-420e950d210b",
"observed-data--55dc6f4e-4ccc-4b5d-97e6-4cdf950d210b",
"url--55dc6f4e-4ccc-4b5d-97e6-4cdf950d210b",
"indicator--55dc6f4e-a490-40a2-bbb6-4db6950d210b",
"indicator--55dc6f4e-cdc8-4267-9694-4e70950d210b",
"observed-data--55dc6f4f-6fd8-4dc3-8db7-4d1e950d210b",
"url--55dc6f4f-6fd8-4dc3-8db7-4d1e950d210b",
"indicator--55dc6f4f-4d14-4d98-9da6-4ceb950d210b",
"indicator--55dc6f4f-07d4-4b6e-a3e1-4d17950d210b",
"observed-data--55dc6f4f-6c88-40c0-99da-45f0950d210b",
"url--55dc6f4f-6c88-40c0-99da-45f0950d210b",
"indicator--55dc6f4f-4dd4-488f-9b1d-4a39950d210b",
"indicator--55dc6f4f-723c-4ea7-8e27-4a51950d210b",
"observed-data--55dc6f50-7cb0-4f57-9d06-4457950d210b",
"url--55dc6f50-7cb0-4f57-9d06-4457950d210b",
"indicator--55dc6f50-815c-4de7-89e7-4bf3950d210b",
"indicator--55dc6f50-a184-4993-98ec-489e950d210b",
"observed-data--55dc6f50-ba08-43b1-a9d7-4fe5950d210b",
"url--55dc6f50-ba08-43b1-a9d7-4fe5950d210b",
"indicator--55dc6f50-f1d0-4ca1-8011-454d950d210b",
"indicator--55dc6f51-7320-4721-8640-4cd5950d210b",
"observed-data--55dc6f51-b848-44af-b7da-408f950d210b",
"url--55dc6f51-b848-44af-b7da-408f950d210b",
"indicator--55dc6f51-96e4-4022-81f6-4c80950d210b",
"indicator--55dc6f51-9aa0-4f91-8768-4982950d210b",
"observed-data--55dc6f51-f394-4536-9501-458e950d210b",
"url--55dc6f51-f394-4536-9501-458e950d210b",
"indicator--55dc6f51-0094-437c-8a11-4736950d210b",
"indicator--55dc6f52-c224-4b86-8564-4daf950d210b",
"observed-data--55dc6f52-dcb4-465a-9abd-4c44950d210b",
"url--55dc6f52-dcb4-465a-9abd-4c44950d210b",
"indicator--55dc6f52-8f6c-47e9-b0c7-4cd9950d210b",
"indicator--55dc6f52-391c-4015-adb1-443b950d210b",
"observed-data--55dc6f52-2288-4612-94f6-45c6950d210b",
"url--55dc6f52-2288-4612-94f6-45c6950d210b",
"indicator--55dc6f52-8b24-4e92-bad8-4ce9950d210b",
"indicator--55dc6f53-0fbc-4d8f-9064-4b43950d210b",
"observed-data--55dc6f53-073c-4a26-b964-4711950d210b",
"url--55dc6f53-073c-4a26-b964-4711950d210b",
"indicator--55dc6f53-e9dc-44f8-8613-47e4950d210b",
"indicator--55dc6f53-0bb8-460f-a5a5-4a9f950d210b",
"observed-data--55dc6f53-e75c-4786-963b-4bde950d210b",
"url--55dc6f53-e75c-4786-963b-4bde950d210b",
"indicator--55dc6f53-9574-4b4e-8faa-4257950d210b",
"indicator--55dc6f54-d4b8-4377-b1eb-479a950d210b",
"observed-data--55dc6f54-1594-4db5-bba1-4787950d210b",
"url--55dc6f54-1594-4db5-bba1-4787950d210b",
"indicator--55dc6f54-71d4-4005-9add-4686950d210b",
"indicator--55dc6f54-36a4-4525-803c-42a5950d210b",
"observed-data--55dc6f54-2f1c-4240-8a2f-4e4c950d210b",
"url--55dc6f54-2f1c-4240-8a2f-4e4c950d210b",
"indicator--55dc6f55-797c-42ac-bb61-45da950d210b",
"indicator--55dc6f55-8750-44d4-a812-46e9950d210b",
"observed-data--55dc6f55-6ef4-427f-b625-4a33950d210b",
"url--55dc6f55-6ef4-427f-b625-4a33950d210b",
"indicator--55dc6f55-4cec-4602-b240-4ea9950d210b",
"indicator--55dc6f55-5b8c-4162-a0b9-4540950d210b",
"observed-data--55dc6f55-121c-41fb-aa8c-4462950d210b",
"url--55dc6f55-121c-41fb-aa8c-4462950d210b",
"indicator--55dc6f56-8904-4c57-b238-4ef8950d210b",
"indicator--55dc6f56-0058-4c60-a089-4f70950d210b",
"observed-data--55dc6f56-00ac-4b37-977b-4b38950d210b",
"url--55dc6f56-00ac-4b37-977b-4b38950d210b",
"indicator--55dc6f56-a214-4e87-a675-4c38950d210b",
"indicator--55dc6f56-4984-4fbb-88e5-454f950d210b",
"observed-data--55dc6f56-d304-4493-b917-478c950d210b",
"url--55dc6f56-d304-4493-b917-478c950d210b",
"indicator--55dc6f57-5dd0-404d-b4fa-4e73950d210b",
"indicator--55dc6f57-acc4-4357-ba64-449f950d210b",
"observed-data--55dc6f57-6370-4659-a171-4809950d210b",
"url--55dc6f57-6370-4659-a171-4809950d210b",
"indicator--55dc6f57-e1e4-4255-8f83-4950950d210b",
"indicator--55dc6f57-2ef4-4b5f-847f-40cf950d210b",
"observed-data--55dc6f57-4e64-405a-9994-43f2950d210b",
"url--55dc6f57-4e64-405a-9994-43f2950d210b",
"indicator--55dc6f58-8918-4757-8fbc-4bf0950d210b",
"indicator--55dc6f58-2448-48f7-a0c9-4f62950d210b",
"observed-data--55dc6f58-cb60-4924-a43c-4507950d210b",
"url--55dc6f58-cb60-4924-a43c-4507950d210b",
"indicator--55dc6f58-69bc-481d-8fd9-414a950d210b",
"indicator--55dc6f58-7724-482e-a769-4100950d210b",
"observed-data--55dc6f58-7d74-43a9-93bf-4055950d210b",
"url--55dc6f58-7d74-43a9-93bf-4055950d210b",
"indicator--55dc6f59-2d48-4381-9556-444e950d210b",
"indicator--55dc6f59-3e78-4b85-a1ad-4db3950d210b",
"observed-data--55dc6f59-9af0-4f28-97a8-4e49950d210b",
"url--55dc6f59-9af0-4f28-97a8-4e49950d210b",
"indicator--55dc6f59-a854-423f-8282-4096950d210b",
"indicator--55dc6f59-05b4-456e-82e5-4bf9950d210b",
"observed-data--55dc6f5a-c06c-4994-a531-4c14950d210b",
"url--55dc6f5a-c06c-4994-a531-4c14950d210b",
"indicator--55dc6f5a-1e54-4e27-bfec-475b950d210b",
"indicator--55dc6f5a-2470-43cb-8797-4089950d210b",
"observed-data--55dc6f5a-41fc-4ac2-8b0d-4528950d210b",
"url--55dc6f5a-41fc-4ac2-8b0d-4528950d210b",
"indicator--55dc6f5a-a6a4-43e0-a34c-427f950d210b",
"indicator--55dc6f5a-bd04-489e-8891-489c950d210b",
"observed-data--55dc6f5b-ee64-4f5f-81a6-43e3950d210b",
"url--55dc6f5b-ee64-4f5f-81a6-43e3950d210b",
"indicator--55dc6f5b-3904-42ee-8b32-42be950d210b",
"indicator--55dc6f5b-220c-425f-9834-40d1950d210b",
"observed-data--55dc6f5b-14cc-49c2-8ac4-453c950d210b",
"url--55dc6f5b-14cc-49c2-8ac4-453c950d210b",
"indicator--55dc6f5b-a194-42ee-8820-4e0b950d210b",
"indicator--55dc6f5b-ad90-409b-ad4d-4b64950d210b",
"observed-data--55dc6f5c-fadc-45ff-90c4-4cce950d210b",
"url--55dc6f5c-fadc-45ff-90c4-4cce950d210b",
"indicator--55dc6f5c-cdd0-47af-befd-4516950d210b",
"indicator--55dc6f5c-846c-4f9c-a229-4cb6950d210b",
"observed-data--55dc6f5c-0a5c-45ca-9859-427a950d210b",
"url--55dc6f5c-0a5c-45ca-9859-427a950d210b",
"indicator--55dc6f5c-d8cc-44dc-bfa1-4b0b950d210b",
"indicator--55dc6f5c-597c-42e4-b9b7-4942950d210b",
"observed-data--55dc6f5d-3b88-4132-9f4f-4275950d210b",
"url--55dc6f5d-3b88-4132-9f4f-4275950d210b",
"indicator--55dc6f5d-6754-4e5c-a7aa-4368950d210b",
"indicator--55dc6f5d-24d0-4334-baca-4b38950d210b",
"observed-data--55dc6f5d-a71c-4d85-b97b-4fc0950d210b",
"url--55dc6f5d-a71c-4d85-b97b-4fc0950d210b",
"indicator--55dc6f5d-2690-4590-91bf-4ff1950d210b",
"indicator--55dc6f5d-ad80-4aa8-8774-4059950d210b",
"observed-data--55dc6f5e-10e8-4d11-ad0d-402b950d210b",
"url--55dc6f5e-10e8-4d11-ad0d-402b950d210b",
"indicator--55dc6f5e-87b4-47d4-9156-4978950d210b",
"indicator--55dc6f5e-4a68-4097-acf3-4976950d210b",
"observed-data--55dc6f5e-9bcc-452b-baf3-4dc2950d210b",
"url--55dc6f5e-9bcc-452b-baf3-4dc2950d210b",
"indicator--55dc6f5e-9760-49c3-a7b4-4b07950d210b",
"indicator--55dc6f5f-a6e4-4e0c-a401-4b86950d210b",
"observed-data--55dc6f5f-e5f8-4e3e-88be-4ccc950d210b",
"url--55dc6f5f-e5f8-4e3e-88be-4ccc950d210b",
"indicator--55dc6f5f-56ac-4ec8-ba27-4dd7950d210b",
"indicator--55dc6f5f-ea7c-44b7-a3bd-4591950d210b",
"observed-data--55dc6f5f-7d58-4243-8e12-468d950d210b",
"url--55dc6f5f-7d58-4243-8e12-468d950d210b",
"indicator--55dc6f5f-4744-43f7-b355-4780950d210b",
"indicator--55dc6f60-a128-49c5-b76d-408b950d210b",
"observed-data--55dc6f60-6fc8-4a57-a242-44b6950d210b",
"url--55dc6f60-6fc8-4a57-a242-44b6950d210b",
"indicator--55dc6f60-78e0-4dbd-a5d2-49b3950d210b",
"indicator--55dc6f60-088c-4073-8fa7-4d95950d210b",
"observed-data--55dc6f60-b4cc-4d16-a24e-4550950d210b",
"url--55dc6f60-b4cc-4d16-a24e-4550950d210b",
"indicator--55dc6f60-f0dc-4af8-85d3-4b08950d210b",
"indicator--55dc6f61-a318-4ae4-a5f3-4ef3950d210b",
"observed-data--55dc6f61-0e08-402b-9705-4797950d210b",
"url--55dc6f61-0e08-402b-9705-4797950d210b",
"indicator--55dc6f61-7858-4cfe-88d1-4e37950d210b",
"indicator--55dc6f61-6920-4025-bed6-45e0950d210b",
"observed-data--55dc6f61-0d28-4396-a722-4e74950d210b",
"url--55dc6f61-0d28-4396-a722-4e74950d210b",
"indicator--55dc6f61-85e8-4d5f-b274-4bd3950d210b",
"indicator--55dc6f62-1084-4d1a-9511-4163950d210b",
"observed-data--55dc6f62-5bc4-44f0-a363-4422950d210b",
"url--55dc6f62-5bc4-44f0-a363-4422950d210b",
"indicator--55dc6f62-f140-46bb-b40a-474a950d210b",
"indicator--55dc6f62-16ac-4f9e-8e53-4629950d210b",
"observed-data--55dc6f62-28a8-497d-a89c-4ab1950d210b",
"url--55dc6f62-28a8-497d-a89c-4ab1950d210b",
"indicator--55dc6f62-9384-4680-8a50-4fae950d210b",
"indicator--55dc6f63-e490-4f89-99ae-45ee950d210b",
"observed-data--55dc6f63-ff38-4de8-a945-4268950d210b",
"url--55dc6f63-ff38-4de8-a945-4268950d210b",
"indicator--55dc6f63-ade0-4695-9f48-4e36950d210b",
"indicator--55dc6f63-da04-4be4-bd6b-49c4950d210b",
"observed-data--55dc6f63-1ccc-45c6-8e59-4c65950d210b",
"url--55dc6f63-1ccc-45c6-8e59-4c65950d210b",
"indicator--55dc6f63-2f08-45cb-afe6-47ad950d210b",
"indicator--55dc6f64-af8c-4594-ac65-4075950d210b",
"observed-data--55dc6f64-a128-47a4-88c1-4f3a950d210b",
"url--55dc6f64-a128-47a4-88c1-4f3a950d210b",
"indicator--55dc6f64-3184-4c9b-94fd-465b950d210b",
"indicator--55dc6f64-8da0-4220-ae44-48ff950d210b",
"observed-data--55dc6f64-a74c-4c5a-95ae-480e950d210b",
"url--55dc6f64-a74c-4c5a-95ae-480e950d210b",
"indicator--55dc6f64-d140-465a-8e22-43dc950d210b",
"indicator--55dc6f65-f2c0-4230-80a4-41c5950d210b",
"observed-data--55dc6f65-2b94-4171-b3fe-4506950d210b",
"url--55dc6f65-2b94-4171-b3fe-4506950d210b",
"indicator--55dc6f65-5840-4390-a15d-4547950d210b",
"indicator--55dc6f65-b9c0-4317-8b60-4a38950d210b",
"observed-data--55dc6f65-8f58-46cf-96c2-42d0950d210b",
"url--55dc6f65-8f58-46cf-96c2-42d0950d210b",
"indicator--55dc6f66-8fe0-47f3-9eeb-4ce8950d210b",
"indicator--55dc6f66-58f0-47c6-8787-4250950d210b",
"observed-data--55dc6f66-d994-4e3e-912f-41f3950d210b",
"url--55dc6f66-d994-4e3e-912f-41f3950d210b",
"indicator--55dc6f66-62e0-4230-bb94-4daf950d210b",
"indicator--55dc6f66-e9e0-4614-afbf-43a7950d210b",
"observed-data--55dc6f66-ba20-40a4-b2aa-4442950d210b",
"url--55dc6f66-ba20-40a4-b2aa-4442950d210b",
"indicator--55dc6f67-f3ec-4870-a833-42c8950d210b",
"indicator--55dc6f67-125c-425a-aeff-41ea950d210b",
"observed-data--55dc6f67-98b4-4c8f-8d73-406a950d210b",
"url--55dc6f67-98b4-4c8f-8d73-406a950d210b",
"indicator--55dc6f67-0098-4853-bfa7-4a65950d210b",
"indicator--55dc6f67-f934-4900-b671-4d1b950d210b",
"observed-data--55dc6f67-a064-424e-9a9c-40e3950d210b",
"url--55dc6f67-a064-424e-9a9c-40e3950d210b",
"indicator--55dc6f68-f8f4-4928-9848-42d2950d210b",
"indicator--55dc6f68-bc68-4e41-84fd-4bb9950d210b",
"observed-data--55dc6f68-8ec8-49d7-a154-41e9950d210b",
"url--55dc6f68-8ec8-49d7-a154-41e9950d210b",
"indicator--55dc6f68-9b80-49af-bd75-4887950d210b",
"indicator--55dc6f68-8ca8-49e2-a307-4feb950d210b",
"observed-data--55dc6f68-01d8-469a-9548-42b0950d210b",
"url--55dc6f68-01d8-469a-9548-42b0950d210b",
"indicator--55dc6f69-53d0-4935-a8ae-440a950d210b",
"indicator--55dc6f69-c948-461f-9f06-4080950d210b",
"observed-data--55dc6f69-f8b0-4780-b07c-4964950d210b",
"url--55dc6f69-f8b0-4780-b07c-4964950d210b",
"indicator--55dc6f69-3484-413d-8024-4e8f950d210b",
"indicator--55dc6f69-5ee8-409e-9e0d-486d950d210b",
"observed-data--55dc6f69-1644-41bf-bf7e-40a0950d210b",
"url--55dc6f69-1644-41bf-bf7e-40a0950d210b",
"indicator--55dc6f6a-9df4-4752-98fe-4768950d210b",
"indicator--55dc6f6a-31d8-4e4f-ab0a-4537950d210b",
"observed-data--55dc6f6a-ce30-4ad7-8fb7-455a950d210b",
"url--55dc6f6a-ce30-4ad7-8fb7-455a950d210b",
"indicator--55dc6f6a-7870-4638-be41-4022950d210b",
"indicator--55dc6f6a-14fc-46bb-be09-40ff950d210b",
"observed-data--55dc6f6a-5468-42c3-a014-4a32950d210b",
"url--55dc6f6a-5468-42c3-a014-4a32950d210b",
"indicator--55dc6f6b-6700-4ced-9826-4e81950d210b",
"indicator--55dc6f6b-fb90-4c1e-8b9c-4f6c950d210b",
"observed-data--55dc6f6b-2698-4686-9a29-4661950d210b",
"url--55dc6f6b-2698-4686-9a29-4661950d210b",
"indicator--55dc6f6b-88b8-4b13-abae-4c2c950d210b",
"indicator--55dc6f6b-2c60-4d54-997f-46bf950d210b",
"observed-data--55dc6f6b-6c74-4595-bb2d-45a5950d210b",
"url--55dc6f6b-6c74-4595-bb2d-45a5950d210b",
"indicator--55dc6f6c-2458-43dc-baf3-4a1e950d210b",
"indicator--55dc6f6c-0bd0-478a-9e10-4112950d210b",
"observed-data--55dc6f6c-09b0-4960-8bb8-4ccf950d210b",
"url--55dc6f6c-09b0-4960-8bb8-4ccf950d210b",
"indicator--55dc6f6c-2dd8-496d-9585-4a62950d210b",
"indicator--55dc6f6c-03d4-48f0-81b9-4e03950d210b",
"observed-data--55dc6f6c-b280-472c-8258-474b950d210b",
"url--55dc6f6c-b280-472c-8258-474b950d210b",
"indicator--55dc6f6d-52e4-462d-91bc-4e6e950d210b",
"indicator--55dc6f6d-7bac-431d-a64b-4f7f950d210b",
"observed-data--55dc6f6d-4f9c-483f-960f-4aa9950d210b",
"url--55dc6f6d-4f9c-483f-960f-4aa9950d210b",
"indicator--55dc6f6d-7390-45fa-baa8-4422950d210b",
"indicator--55dc6f6d-9cd0-4c10-a747-4707950d210b",
"observed-data--55dc6f6e-2dec-471a-9942-435a950d210b",
"url--55dc6f6e-2dec-471a-9942-435a950d210b",
"indicator--55dc6f6e-2710-4809-a1ec-4d15950d210b",
"indicator--55dc6f6e-3a18-4d91-8a75-4dd5950d210b",
"observed-data--55dc6f6e-f174-409a-9db2-4e30950d210b",
"url--55dc6f6e-f174-409a-9db2-4e30950d210b",
"indicator--55dc6f6e-a2f4-415d-abb9-4420950d210b",
"indicator--55dc6f6e-f0b4-430c-97b1-4677950d210b",
"observed-data--55dc6f6f-fe24-42c2-9a1b-41a5950d210b",
"url--55dc6f6f-fe24-42c2-9a1b-41a5950d210b",
"indicator--55dc6f6f-cb18-4d59-b7b8-4b57950d210b",
"indicator--55dc6f6f-1b50-4a94-9216-4c9a950d210b",
"observed-data--55dc6f6f-c00c-42be-a997-47de950d210b",
"url--55dc6f6f-c00c-42be-a997-47de950d210b",
"indicator--55dc6f6f-f54c-4d3b-8cf5-44de950d210b",
"indicator--55dc6f6f-863c-4998-be40-4ee2950d210b",
"observed-data--55dc6f70-f0fc-4a75-af9e-4288950d210b",
"url--55dc6f70-f0fc-4a75-af9e-4288950d210b",
"indicator--55dc6f70-1f18-42b4-9858-408c950d210b",
"indicator--55dc6f70-b128-451f-9c1f-4927950d210b",
"observed-data--55dc6f70-5b50-4fb0-800b-47eb950d210b",
"url--55dc6f70-5b50-4fb0-800b-47eb950d210b",
"indicator--55dc6f70-15c8-4c8c-bb1f-4f82950d210b",
"indicator--55dc6f70-a2b4-4507-88da-4dba950d210b",
"observed-data--55dc6f71-ddd4-493c-a923-44c4950d210b",
"url--55dc6f71-ddd4-493c-a923-44c4950d210b",
"indicator--55dc6f71-0f38-4027-9a20-4f18950d210b",
"indicator--55dc6f71-c69c-4bfb-9ad4-49dc950d210b",
"observed-data--55dc6f71-5e68-4c4a-a41e-4d11950d210b",
"url--55dc6f71-5e68-4c4a-a41e-4d11950d210b",
"indicator--55dc6f71-6f54-4f3c-9f29-4197950d210b",
"indicator--55dc6f72-8c94-4ae9-96c4-49d3950d210b",
"observed-data--55dc6f72-6244-4d5c-b3be-4376950d210b",
"url--55dc6f72-6244-4d5c-b3be-4376950d210b",
"indicator--55dc6f72-d59c-4eb7-9b48-4da8950d210b",
"indicator--55dc6f72-1c34-4837-b7b2-4c5f950d210b",
"observed-data--55dc6f72-b498-4def-b6cd-4c75950d210b",
"url--55dc6f72-b498-4def-b6cd-4c75950d210b",
"indicator--55dc6f72-9060-4943-94cf-4fb5950d210b",
"indicator--55dc6f73-1cb0-4b4a-9461-4bf1950d210b",
"observed-data--55dc6f73-3358-4346-8d95-4a0c950d210b",
"url--55dc6f73-3358-4346-8d95-4a0c950d210b",
"indicator--55dc6f73-a564-427a-bed4-4126950d210b",
"indicator--55dc6f73-83b0-450f-ba47-4345950d210b",
"observed-data--55dc6f73-20d4-4beb-93ee-47e9950d210b",
"url--55dc6f73-20d4-4beb-93ee-47e9950d210b",
"indicator--55dc6f73-5e88-427b-8ea0-46e8950d210b",
"indicator--55dc6f74-276c-46c8-88bb-4b73950d210b",
"observed-data--55dc6f74-fe50-4092-97d2-49ae950d210b",
"url--55dc6f74-fe50-4092-97d2-49ae950d210b",
"indicator--55dc6f74-a7e4-40c8-9990-4fd0950d210b",
"indicator--55dc6f74-f3f4-4cb9-aa51-4aeb950d210b",
"observed-data--55dc6f74-87e4-4d8e-859c-49d8950d210b",
"url--55dc6f74-87e4-4d8e-859c-49d8950d210b",
"indicator--55dc6f74-f604-4366-95e3-409c950d210b",
"indicator--55dc6f75-cd00-4812-a148-4e57950d210b",
"observed-data--55dc6f75-ca38-422a-b122-4246950d210b",
"url--55dc6f75-ca38-422a-b122-4246950d210b",
"indicator--55dc6f75-e684-440c-aa8d-43e8950d210b",
"indicator--55dc6f75-46d8-4b4a-8d78-4786950d210b",
"observed-data--55dc6f75-47f0-48d8-bce0-4af9950d210b",
"url--55dc6f75-47f0-48d8-bce0-4af9950d210b",
"indicator--55dc6f76-5310-446d-a966-44b4950d210b",
"indicator--55dc6f76-58a4-4fc2-a7fd-4115950d210b",
"observed-data--55dc6f76-3148-41e8-b76f-4459950d210b",
"url--55dc6f76-3148-41e8-b76f-4459950d210b",
"indicator--55dc6f76-08ac-41c0-ac62-42af950d210b",
"indicator--55dc6f76-688c-428f-80cb-4df7950d210b",
"observed-data--55dc6f76-97ec-4183-a71c-4874950d210b",
"url--55dc6f76-97ec-4183-a71c-4874950d210b",
"indicator--55dc6f77-8c74-430e-9f92-4124950d210b",
"indicator--55dc6f77-e344-498a-9ca8-47dc950d210b",
"observed-data--55dc6f77-a8cc-415e-9b19-4fb0950d210b",
"url--55dc6f77-a8cc-415e-9b19-4fb0950d210b",
"indicator--55dc6f77-a6f0-4183-8a20-4bcf950d210b",
"indicator--55dc6f77-e60c-480f-9261-4bf3950d210b",
"observed-data--55dc6f77-e998-47c8-b091-420f950d210b",
"url--55dc6f77-e998-47c8-b091-420f950d210b",
"indicator--55dc6f78-253c-4169-8435-40ca950d210b",
"indicator--55dc6f78-e6e4-44d3-aefa-4978950d210b",
"observed-data--55dc6f78-a620-454f-8016-4f5c950d210b",
"url--55dc6f78-a620-454f-8016-4f5c950d210b",
"indicator--55dc6f78-e824-4a4d-83c1-4e9d950d210b",
"indicator--55dc6f78-2cd4-4f5b-9130-4753950d210b",
"observed-data--55dc6f78-84d4-4247-907c-4794950d210b",
"url--55dc6f78-84d4-4247-907c-4794950d210b",
"indicator--55dc6f79-21f8-4676-905f-48da950d210b",
"indicator--55dc6f79-7a80-4a2b-94c4-4796950d210b",
"observed-data--55dc6f79-57bc-44eb-881e-465c950d210b",
"url--55dc6f79-57bc-44eb-881e-465c950d210b",
"indicator--55dc6f79-e468-4842-83d7-4f77950d210b",
"indicator--55dc6f79-e828-4102-95d3-4227950d210b",
"observed-data--55dc6f7a-83d4-403d-85ce-4be9950d210b",
"url--55dc6f7a-83d4-403d-85ce-4be9950d210b",
"indicator--55dc6f7a-7cc8-4413-adf3-4bd2950d210b",
"indicator--55dc6f7a-badc-4c10-a333-41ea950d210b",
"observed-data--55dc6f7a-1788-4f9e-9c88-4508950d210b",
"url--55dc6f7a-1788-4f9e-9c88-4508950d210b",
"indicator--55dc6f7a-5030-489b-9387-4ab4950d210b",
"indicator--55dc6f7a-bdac-45f0-8f58-427e950d210b",
"observed-data--55dc6f7b-823c-4214-aeb1-4762950d210b",
"url--55dc6f7b-823c-4214-aeb1-4762950d210b",
"indicator--55dc6f7b-4da8-4b8c-9782-4f8e950d210b",
"indicator--55dc6f7b-adf0-4857-8763-4be6950d210b",
"observed-data--55dc6f7b-6038-4c4d-88e3-41da950d210b",
"url--55dc6f7b-6038-4c4d-88e3-41da950d210b",
"indicator--55dc6f7b-6f98-4849-89e5-4bbe950d210b",
"indicator--55dc6f7c-47e4-4a85-855a-4491950d210b",
"observed-data--55dc6f7c-9e40-4ca4-812d-456d950d210b",
"url--55dc6f7c-9e40-4ca4-812d-456d950d210b",
"indicator--55dc6f7c-fafc-4e7a-b55f-4b30950d210b",
"indicator--55dc6f7c-18b8-43f3-8cad-425b950d210b",
"observed-data--55dc6f7c-6fe8-44f6-8b5e-452f950d210b",
"url--55dc6f7c-6fe8-44f6-8b5e-452f950d210b",
"indicator--55dc6f7c-43cc-44aa-952b-4122950d210b",
"indicator--55dc6f7d-d24c-40c2-b1bf-4b46950d210b",
"observed-data--55dc6f7d-0fac-4758-b928-4b4e950d210b",
"url--55dc6f7d-0fac-4758-b928-4b4e950d210b",
"indicator--55dc6f7d-f558-459c-9964-4204950d210b",
"indicator--55dc6f7d-31b4-496e-9181-45e4950d210b",
"observed-data--55dc6f7d-2fc4-45c1-91d0-45d2950d210b",
"url--55dc6f7d-2fc4-45c1-91d0-45d2950d210b",
"indicator--55dc6f7d-60c4-473d-a9a8-4d83950d210b",
"indicator--55dc6f7e-4270-4ee2-bcec-4b3a950d210b",
"observed-data--55dc6f7e-c85c-41fc-9cb0-4034950d210b",
"url--55dc6f7e-c85c-41fc-9cb0-4034950d210b",
"indicator--55dc6f7e-5fb8-4ae9-97f5-46e9950d210b",
"indicator--55dc6f7e-7e74-4577-a571-4102950d210b",
"observed-data--55dc6f7e-4878-4edb-980a-4a34950d210b",
"url--55dc6f7e-4878-4edb-980a-4a34950d210b",
"indicator--55dc6f7f-fb78-43e0-a90c-49b3950d210b",
"indicator--55dc6f7f-2990-4973-8c6b-4ece950d210b",
"observed-data--55dc6f7f-67d4-4bd8-9cb8-4cd1950d210b",
"url--55dc6f7f-67d4-4bd8-9cb8-4cd1950d210b",
"indicator--55dc6f7f-cb78-47d7-9c4d-46cd950d210b",
"indicator--55dc6f7f-21b4-4140-9b5e-4b13950d210b",
"observed-data--55dc6f7f-92a4-4be6-88a6-4ec3950d210b",
"url--55dc6f7f-92a4-4be6-88a6-4ec3950d210b",
"indicator--55dc6f80-d088-462d-96b1-44e2950d210b",
"indicator--55dc6f80-4e94-47f7-8976-4782950d210b",
"observed-data--55dc6f80-ab58-4e15-892e-40fb950d210b",
"url--55dc6f80-ab58-4e15-892e-40fb950d210b",
"indicator--55dc6f80-2650-4fbc-97ed-4533950d210b",
"indicator--55dc6f80-a3e8-470d-bff2-4f96950d210b",
"observed-data--55dc6f80-020c-4248-96aa-4e2f950d210b",
"url--55dc6f80-020c-4248-96aa-4e2f950d210b",
"indicator--55dc6f81-5fc0-4a53-9569-4d53950d210b",
"indicator--55dc6f81-5fd0-42b9-b6eb-4eba950d210b",
"observed-data--55dc6f81-51a0-4544-9cd3-45c0950d210b",
"url--55dc6f81-51a0-4544-9cd3-45c0950d210b",
"indicator--55dc6f81-f294-45cc-aa9d-435c950d210b",
"indicator--55dc6f81-fcd0-470b-8bbb-455f950d210b",
"observed-data--55dc6f81-e178-4ea6-8378-4eaa950d210b",
"url--55dc6f81-e178-4ea6-8378-4eaa950d210b",
"indicator--55dc6f82-3b78-4efb-aa42-4f3f950d210b",
"indicator--55dc6f82-da34-486c-a8e1-42c3950d210b",
"observed-data--55dc6f82-449c-40b7-bc3a-42d4950d210b",
"url--55dc6f82-449c-40b7-bc3a-42d4950d210b",
"indicator--55dc6f82-77d0-4e5a-9caf-4a5c950d210b",
"indicator--55dc6f82-2b58-465f-82e3-4772950d210b",
"observed-data--55dc6f83-c004-4f7f-b189-49db950d210b",
"url--55dc6f83-c004-4f7f-b189-49db950d210b",
"indicator--55dc6f83-c46c-47ac-aac8-4b5c950d210b",
"indicator--55dc6f83-4574-41aa-a51d-446f950d210b",
"observed-data--55dc6f83-8f90-4e76-a29c-42f3950d210b",
"url--55dc6f83-8f90-4e76-a29c-42f3950d210b",
"indicator--55dc6f83-ec3c-468e-b5b6-4af9950d210b",
"indicator--55dc6f83-76d0-4377-afb0-4df3950d210b",
"observed-data--55dc6f84-70d4-41b5-9b55-4fb8950d210b",
"url--55dc6f84-70d4-41b5-9b55-4fb8950d210b",
"indicator--55dc6f84-809c-44d0-b879-495d950d210b",
"indicator--55dc6f84-ab9c-4e40-803f-4c29950d210b",
"observed-data--55dc6f84-6374-4e61-85aa-42e4950d210b",
"url--55dc6f84-6374-4e61-85aa-42e4950d210b",
"indicator--55dc6f84-b8fc-4b89-97f7-4e04950d210b",
"indicator--55dc6f84-0a8c-443d-9e0d-41ca950d210b",
"observed-data--55dc6f85-67b8-48ed-b54e-4505950d210b",
"url--55dc6f85-67b8-48ed-b54e-4505950d210b",
"indicator--55dc6f85-5ef0-43e4-b464-4906950d210b",
"indicator--55dc6f85-b500-4825-b4e4-4197950d210b",
"observed-data--55dc6f85-838c-43c4-88f0-488a950d210b",
"url--55dc6f85-838c-43c4-88f0-488a950d210b",
"indicator--55dc6f85-0964-4ffb-b99c-4620950d210b",
"indicator--55dc6f86-f328-4f3d-91b3-495e950d210b",
"observed-data--55dc6f86-5e34-417f-a6bd-4005950d210b",
"url--55dc6f86-5e34-417f-a6bd-4005950d210b",
"indicator--55dc6f86-f580-4798-86bb-44dc950d210b",
"indicator--55dc6f86-4188-4159-821b-4bcc950d210b",
"observed-data--55dc6f86-3ab4-41a4-b183-4be2950d210b",
"url--55dc6f86-3ab4-41a4-b183-4be2950d210b",
"indicator--55dc6f86-c648-41c0-9074-4dea950d210b",
"indicator--55dc6f87-c17c-40cb-bb67-4474950d210b",
"observed-data--55dc6f87-1cb4-440f-a33e-44c1950d210b",
"url--55dc6f87-1cb4-440f-a33e-44c1950d210b",
"indicator--55dc6f87-6a4c-4b7c-9a35-46e8950d210b",
"indicator--55dc6f87-108c-4f7d-b937-4b46950d210b",
"observed-data--55dc6f87-9194-476a-8f09-4d74950d210b",
"url--55dc6f87-9194-476a-8f09-4d74950d210b",
"indicator--55dc6f87-3e14-4213-8f9a-4232950d210b",
"indicator--55dc6f88-43e4-4ac7-b0a4-492e950d210b",
"observed-data--55dc6f88-63f8-4452-8275-4acb950d210b",
"url--55dc6f88-63f8-4452-8275-4acb950d210b",
"indicator--55dc6f88-1e0c-4ed0-be3c-4110950d210b",
"indicator--55dc6f88-6b1c-49e4-982c-4cc0950d210b",
"observed-data--55dc6f88-6104-46ab-946f-4233950d210b",
"url--55dc6f88-6104-46ab-946f-4233950d210b",
"indicator--55dc6f89-b9f0-4655-b59a-402f950d210b",
"indicator--55dc6f89-4328-420a-b656-4539950d210b",
"observed-data--55dc6f89-73a8-4328-8d5b-41ac950d210b",
"url--55dc6f89-73a8-4328-8d5b-41ac950d210b",
"indicator--55dc6f89-4c78-4e67-8b4b-4758950d210b",
"indicator--55dc6f89-ce78-405b-8bcb-4cf6950d210b",
"observed-data--55dc6f89-e928-4588-ae90-41db950d210b",
"url--55dc6f89-e928-4588-ae90-41db950d210b",
"indicator--55dc6f8a-ef94-46eb-90d7-4289950d210b",
"indicator--55dc6f8a-7894-4d98-9231-406b950d210b",
"observed-data--55dc6f8a-120c-4f29-af97-444b950d210b",
"url--55dc6f8a-120c-4f29-af97-444b950d210b",
"indicator--55dc6f8a-91dc-4b1e-8747-457b950d210b",
"indicator--55dc6f8a-40c8-4a7e-8f54-4a6c950d210b",
"observed-data--55dc6f8a-b12c-42c9-9b25-4c9a950d210b",
"url--55dc6f8a-b12c-42c9-9b25-4c9a950d210b",
"indicator--55dc6f8b-3a7c-4734-8165-43cb950d210b",
"indicator--55dc6f8b-4814-4140-ba7a-4d45950d210b",
"observed-data--55dc6f8b-74d8-45d9-b8e9-4ac1950d210b",
"url--55dc6f8b-74d8-45d9-b8e9-4ac1950d210b",
"indicator--55dc6f8b-1b48-48a5-b600-4ffe950d210b",
"indicator--55dc6f8b-0680-4a2c-bdf5-457c950d210b",
"observed-data--55dc6f8c-648c-4cc0-a1c2-4c43950d210b",
"url--55dc6f8c-648c-4cc0-a1c2-4c43950d210b",
"indicator--55dc6f8c-9140-49fa-b91c-4665950d210b",
"indicator--55dc6f8c-c7dc-48a7-bdee-4ce8950d210b",
"observed-data--55dc6f8c-5b00-408b-8412-4f7c950d210b",
"url--55dc6f8c-5b00-408b-8412-4f7c950d210b",
"indicator--55dc6f8c-f40c-4739-952f-4fe8950d210b",
"indicator--55dc6f8c-26b8-49f6-89c5-4786950d210b",
"observed-data--55dc6f8d-b7e8-49df-82c5-4050950d210b",
"url--55dc6f8d-b7e8-49df-82c5-4050950d210b",
"indicator--55dc6f8d-4f54-44f2-8d11-4074950d210b",
"indicator--55dc6f8d-fe24-4097-a9ce-497d950d210b",
"observed-data--55dc6f8d-4e18-44f1-a6cd-4559950d210b",
"url--55dc6f8d-4e18-44f1-a6cd-4559950d210b",
"indicator--55dc6f8d-6f20-4fc2-bf87-44e1950d210b",
"indicator--55dc6f8d-faa4-4e9c-a3b5-48d2950d210b",
"observed-data--55dc6f8e-e490-4951-9525-41ea950d210b",
"url--55dc6f8e-e490-4951-9525-41ea950d210b",
"indicator--55dc6f8e-463c-4b52-aef9-41d4950d210b",
"indicator--55dc6f8e-55f4-49d9-910e-40bb950d210b",
"observed-data--55dc6f8e-a124-4c89-a432-472c950d210b",
"url--55dc6f8e-a124-4c89-a432-472c950d210b",
"indicator--55dc6f8e-70f0-47ed-ada4-45fa950d210b",
"indicator--55dc6f8e-e500-4f97-b523-41ae950d210b",
"observed-data--55dc6f8f-52b4-494d-946c-45c4950d210b",
"url--55dc6f8f-52b4-494d-946c-45c4950d210b",
"indicator--55dc6f8f-e638-49b3-bab1-4c32950d210b",
"indicator--55dc6f8f-664c-4264-b9a4-4ff5950d210b",
"observed-data--55dc6f8f-9a50-4f88-85e0-4a35950d210b",
"url--55dc6f8f-9a50-4f88-85e0-4a35950d210b",
"indicator--55dc6f8f-26c0-42cf-9332-4901950d210b",
"indicator--55dc6f90-dcfc-4160-a7bc-456f950d210b",
"observed-data--55dc6f90-7e5c-4c59-9c4a-4584950d210b",
"url--55dc6f90-7e5c-4c59-9c4a-4584950d210b",
"indicator--55dc6f90-c56c-4afb-b56e-42b1950d210b",
"indicator--55dc6f90-450c-4bd1-ad42-4da0950d210b",
"observed-data--55dc6f90-3e04-4c62-b2b7-4a62950d210b",
"url--55dc6f90-3e04-4c62-b2b7-4a62950d210b",
"indicator--55dc6f90-891c-4795-8030-47be950d210b",
"indicator--55dc6f91-4e78-48d5-8f7a-4c20950d210b",
"observed-data--55dc6f91-9c34-433b-bcf2-4101950d210b",
"url--55dc6f91-9c34-433b-bcf2-4101950d210b",
"indicator--55dc6f91-bf7c-4c25-b0ab-4343950d210b",
"indicator--55dc6f91-4e4c-478b-bf8e-475b950d210b",
"observed-data--55dc6f91-622c-432d-bb36-4c5d950d210b",
"url--55dc6f91-622c-432d-bb36-4c5d950d210b",
"indicator--55dc6f91-5510-4f13-8eb4-45cc950d210b",
"indicator--55dc6f92-5398-4891-99bf-4cf3950d210b",
"observed-data--55dc6f92-d398-439c-af9e-4305950d210b",
"url--55dc6f92-d398-439c-af9e-4305950d210b",
"indicator--55dc6f92-edf8-49d0-ba60-4fd7950d210b",
"indicator--55dc6f92-8018-4195-8a2f-4d18950d210b",
"observed-data--55dc6f92-681c-4410-ace0-42ec950d210b",
"url--55dc6f92-681c-4410-ace0-42ec950d210b",
"indicator--55dc6f93-fb60-4124-972f-4cbf950d210b",
"indicator--55dc6f93-44d0-4ca8-b854-4efe950d210b",
"observed-data--55dc6f93-2a50-4a85-b839-4930950d210b",
"url--55dc6f93-2a50-4a85-b839-4930950d210b",
"indicator--55dc6f93-5484-4b6e-b187-4701950d210b",
"indicator--55dc6f93-0ac8-4b77-ae24-42af950d210b",
"observed-data--55dc6f93-75b0-42fb-9196-4056950d210b",
"url--55dc6f93-75b0-42fb-9196-4056950d210b",
"indicator--55dc6f94-9304-49c0-b693-47e3950d210b",
"indicator--55dc6f94-659c-4089-ac37-4af3950d210b",
"observed-data--55dc6f94-5c70-4368-be37-4783950d210b",
"url--55dc6f94-5c70-4368-be37-4783950d210b",
"indicator--55dc6f94-c738-4817-8440-4869950d210b",
"indicator--55dc6f94-23b4-4b1e-86bc-44ad950d210b",
"observed-data--55dc6f94-d32c-4d15-85dd-4780950d210b",
"url--55dc6f94-d32c-4d15-85dd-4780950d210b",
"indicator--55dc6f95-8ac4-49a1-86b7-4671950d210b",
"indicator--55dc6f95-c334-4489-b284-4fd9950d210b",
"observed-data--55dc6f95-38dc-4c5e-ac96-4b50950d210b",
"url--55dc6f95-38dc-4c5e-ac96-4b50950d210b",
"indicator--55dc6f95-0de8-465a-83d6-4b19950d210b",
"indicator--55dc6f95-18f4-40fa-9605-42e9950d210b",
"observed-data--55dc6f95-f698-493a-aebe-4115950d210b",
"url--55dc6f95-f698-493a-aebe-4115950d210b",
"indicator--55dc6f96-8d4c-4100-81fb-4e22950d210b",
"indicator--55dc6f96-f7b4-41bc-9d0f-49af950d210b",
"observed-data--55dc6f96-b494-4618-9fd8-42b3950d210b",
"url--55dc6f96-b494-4618-9fd8-42b3950d210b",
"indicator--55dc6f96-2db4-40ea-bc23-498e950d210b",
"indicator--55dc6f96-f040-4c0a-b4ad-4a9e950d210b",
"observed-data--55dc6f97-4290-4620-b216-4327950d210b",
"url--55dc6f97-4290-4620-b216-4327950d210b",
"indicator--55dc6f97-26b0-442e-adda-402c950d210b",
"indicator--55dc6f97-9288-47f4-8035-4b0f950d210b",
"observed-data--55dc6f97-e070-4425-ba87-40b2950d210b",
"url--55dc6f97-e070-4425-ba87-40b2950d210b",
"indicator--55dc6f97-5e54-4667-8b9a-45c2950d210b",
"indicator--55dc6f97-ec24-402e-9cd3-405b950d210b",
"observed-data--55dc6f98-8d8c-4ab3-a0f6-4886950d210b",
"url--55dc6f98-8d8c-4ab3-a0f6-4886950d210b",
"indicator--55dc6f98-ddd0-4ab8-8c92-4466950d210b",
"indicator--55dc6f98-da78-4b8d-96a3-4a8f950d210b",
"observed-data--55dc6f98-d564-4e66-be8e-4841950d210b",
"url--55dc6f98-d564-4e66-be8e-4841950d210b",
"indicator--55dc6f98-df70-48bb-a65d-486a950d210b",
"indicator--55dc6f98-5f18-4338-a553-4834950d210b",
"observed-data--55dc6f99-e9cc-492b-ad7f-43d6950d210b",
"url--55dc6f99-e9cc-492b-ad7f-43d6950d210b",
"indicator--55dc6f99-7134-4a19-be14-4a81950d210b",
"indicator--55dc6f99-2a6c-4a55-bb42-43cb950d210b",
"observed-data--55dc6f99-8700-4a99-990a-4f54950d210b",
"url--55dc6f99-8700-4a99-990a-4f54950d210b",
"indicator--55dc6f99-51f4-4351-9820-4ba7950d210b",
"indicator--55dc6f9a-7094-449b-abce-45f2950d210b",
"observed-data--55dc6f9a-1de8-4028-94d9-422d950d210b",
"url--55dc6f9a-1de8-4028-94d9-422d950d210b",
"indicator--55dc6f9a-0554-4cb5-901e-404c950d210b",
"indicator--55dc6f9a-c208-4787-8167-4ac8950d210b",
"observed-data--55dc6f9a-ba80-4e13-b031-4daa950d210b",
"url--55dc6f9a-ba80-4e13-b031-4daa950d210b",
"indicator--55dc6f9a-458c-437c-ac70-483e950d210b",
"indicator--55dc6f9b-0eb4-4fc1-bff7-42e8950d210b",
"observed-data--55dc6f9b-53c8-4b01-8a5d-4fbd950d210b",
"url--55dc6f9b-53c8-4b01-8a5d-4fbd950d210b",
"indicator--55dc6f9b-2620-430b-b1f4-42c5950d210b",
"indicator--55dc6f9b-bc4c-4ab0-98af-4c9f950d210b",
"observed-data--55dc6f9b-06f0-454b-a60b-4f44950d210b",
"url--55dc6f9b-06f0-454b-a60b-4f44950d210b",
"indicator--55dc6f9b-3f08-41f3-8fce-4c47950d210b",
"indicator--55dc6f9c-8e5c-43d4-a7c0-4922950d210b",
"observed-data--55dc6f9c-73b8-4d26-b4f6-4590950d210b",
"url--55dc6f9c-73b8-4d26-b4f6-4590950d210b",
"indicator--55dc6f9c-3bbc-4403-b5ce-424d950d210b",
"indicator--55dc6f9c-ded8-4a30-8fca-449c950d210b",
"observed-data--55dc6f9c-cb88-46f7-8e65-4fe8950d210b",
"url--55dc6f9c-cb88-46f7-8e65-4fe8950d210b",
"indicator--55dc6f9d-1688-4d40-b6f2-4235950d210b",
"indicator--55dc6f9d-130c-472e-b85e-4ba3950d210b",
"observed-data--55dc6f9d-af88-4fe2-be52-42d9950d210b",
"url--55dc6f9d-af88-4fe2-be52-42d9950d210b",
"indicator--55dc6f9d-6580-43a9-b1af-4e01950d210b",
"indicator--55dc6f9d-278c-433f-b8d8-40e9950d210b",
"observed-data--55dc6f9d-0338-4925-b34a-4e09950d210b",
"url--55dc6f9d-0338-4925-b34a-4e09950d210b",
"indicator--55dc6f9e-8ce4-4a82-a099-4f4b950d210b",
"indicator--55dc6f9e-9c64-461c-b5c0-42a7950d210b",
"observed-data--55dc6f9e-7018-43d0-89d4-408d950d210b",
"url--55dc6f9e-7018-43d0-89d4-408d950d210b",
"indicator--55dc6f9e-e988-4cc5-a0b9-47e7950d210b",
"indicator--55dc6f9e-3f0c-4b7a-ba45-408e950d210b",
"observed-data--55dc6f9e-0450-47fc-8dd7-4306950d210b",
"url--55dc6f9e-0450-47fc-8dd7-4306950d210b",
"indicator--55dc6f9f-bff4-4ea9-b018-47ac950d210b",
"indicator--55dc6f9f-b038-4057-8f40-4a6a950d210b",
"observed-data--55dc6f9f-08c0-4a15-85de-45c6950d210b",
"url--55dc6f9f-08c0-4a15-85de-45c6950d210b",
"indicator--55dc6f9f-52d4-4d5e-b9a7-4b29950d210b",
"indicator--55dc6f9f-87a4-46ca-b8d6-4989950d210b",
"observed-data--55dc6fa0-8624-4c9d-967a-4c28950d210b",
"url--55dc6fa0-8624-4c9d-967a-4c28950d210b",
"indicator--55dc6fa0-a9f0-480d-b4fb-474f950d210b",
"indicator--55dc6fa0-cf50-401e-b018-40c1950d210b",
"observed-data--55dc6fa0-2c20-4fe6-8487-49fe950d210b",
"url--55dc6fa0-2c20-4fe6-8487-49fe950d210b",
"indicator--55dc6fa0-e604-4fca-8f9a-4d78950d210b",
"indicator--55dc6fa1-53e0-48e2-9ab5-419c950d210b",
"observed-data--55dc6fa1-1858-4943-993d-4c75950d210b",
"url--55dc6fa1-1858-4943-993d-4c75950d210b",
"indicator--55dc6fa1-be88-4622-a1e8-4ab9950d210b",
"indicator--55dc6fa1-4bac-4f01-aec4-47be950d210b",
"observed-data--55dc6fa1-fff8-411d-9ee8-40f8950d210b",
"url--55dc6fa1-fff8-411d-9ee8-40f8950d210b",
"indicator--55dc6fa1-ed40-4f85-a1b2-4f30950d210b",
"indicator--55dc6fa2-af98-47a6-93ba-49bf950d210b",
"observed-data--55dc6fa2-ab70-48e6-992a-4df2950d210b",
"url--55dc6fa2-ab70-48e6-992a-4df2950d210b",
"indicator--55dc6fa2-e110-419c-8a06-40ba950d210b",
"indicator--55dc6fa2-5814-48b3-a96e-4a19950d210b",
"observed-data--55dc6fa2-5438-4305-93bb-4c2c950d210b",
"url--55dc6fa2-5438-4305-93bb-4c2c950d210b",
"indicator--55dc6fa3-3480-4a8f-afa0-4dda950d210b",
"indicator--55dc6fa3-7f14-46f2-8c6a-4fa2950d210b",
"observed-data--55dc6fa3-ddbc-42a2-a801-4034950d210b",
"url--55dc6fa3-ddbc-42a2-a801-4034950d210b",
"indicator--55dc6fa3-84d4-49bd-a5f4-4943950d210b",
"indicator--55dc6fa3-35b0-4a9c-a48b-4d4a950d210b",
"observed-data--55dc6fa3-c54c-4d18-aba0-4ccc950d210b",
"url--55dc6fa3-c54c-4d18-aba0-4ccc950d210b",
"indicator--55dc6fa4-7ba8-4653-b209-429c950d210b",
"indicator--55dc6fa4-7a08-4f15-ad84-494f950d210b",
"observed-data--55dc6fa4-b9b4-4031-9113-4e92950d210b",
"url--55dc6fa4-b9b4-4031-9113-4e92950d210b",
"indicator--55dc6fa4-749c-4934-a7dd-4d58950d210b",
"indicator--55dc6fa4-2cf8-48df-91a5-4998950d210b",
"observed-data--55dc6fa4-fbb0-4881-a45e-4838950d210b",
"url--55dc6fa4-fbb0-4881-a45e-4838950d210b",
"indicator--55dc6fa5-6094-43b1-8fcb-436a950d210b",
"indicator--55dc6fa5-0198-4252-8a40-4aab950d210b",
"observed-data--55dc6fa5-c1a0-4011-9c70-49f5950d210b",
"url--55dc6fa5-c1a0-4011-9c70-49f5950d210b",
"indicator--55dc6fa5-c6b0-4ead-ad49-4d5a950d210b",
"indicator--55dc6fa5-f29c-46c0-82e4-4c4f950d210b",
"observed-data--55dc6fa5-bea8-4a7a-beb0-4981950d210b",
"url--55dc6fa5-bea8-4a7a-beb0-4981950d210b",
"indicator--55dc6fa6-3b70-4ca1-bf78-4b63950d210b",
"indicator--55dc6fa6-2014-421f-b332-478b950d210b",
"observed-data--55dc6fa6-e044-4163-9b45-4339950d210b",
"url--55dc6fa6-e044-4163-9b45-4339950d210b",
"indicator--55dc6fa6-dfb0-454b-acae-4380950d210b",
"indicator--55dc6fa6-1004-46c5-b701-485c950d210b",
"observed-data--55dc6fa7-dddc-4d84-85f4-4983950d210b",
"url--55dc6fa7-dddc-4d84-85f4-4983950d210b",
"indicator--55dc6fa7-02d4-42cb-888b-4db7950d210b",
"indicator--55dc6fa7-671c-4be0-a83d-41e5950d210b",
"observed-data--55dc6fa7-29ec-4aec-9d49-444f950d210b",
"url--55dc6fa7-29ec-4aec-9d49-444f950d210b",
"indicator--55dc6fa7-c0c0-43d2-936e-4fca950d210b",
"indicator--55dc6fa7-3374-4e1d-a209-4ed3950d210b",
"observed-data--55dc6fa8-d214-4932-afe2-4543950d210b",
"url--55dc6fa8-d214-4932-afe2-4543950d210b",
"indicator--55dc6fa8-c210-477e-97ff-4926950d210b",
"indicator--55dc6fa8-7354-4e6b-988d-4e1b950d210b",
"observed-data--55dc6fa8-3528-459b-9ac9-4df0950d210b",
"url--55dc6fa8-3528-459b-9ac9-4df0950d210b",
"indicator--55dc6fa8-5cc0-47d3-ad6f-498d950d210b",
"indicator--55dc6fa9-5268-4d85-86b8-4425950d210b",
"observed-data--55dc6fa9-49ec-4c18-8bef-478b950d210b",
"url--55dc6fa9-49ec-4c18-8bef-478b950d210b",
"indicator--55dc6fa9-ce74-4b2f-83d8-4f3f950d210b",
"indicator--55dc6fa9-fd28-4a42-af2a-4d90950d210b",
"observed-data--55dc6fa9-0608-43a9-a28d-4bc5950d210b",
"url--55dc6fa9-0608-43a9-a28d-4bc5950d210b",
"indicator--55dc6fa9-5608-444d-b8d1-4a94950d210b",
"indicator--55dc6faa-db4c-4780-af96-4e4c950d210b",
"observed-data--55dc6faa-d058-42ee-a92c-491b950d210b",
"url--55dc6faa-d058-42ee-a92c-491b950d210b",
"indicator--55dc6faa-152c-4f7a-8754-40b8950d210b",
"indicator--55dc6faa-a900-449e-94e8-416a950d210b",
"observed-data--55dc6faa-f2a0-4a7d-9f47-480c950d210b",
"url--55dc6faa-f2a0-4a7d-9f47-480c950d210b",
"indicator--55dc6faa-bcb0-4ae5-9818-4425950d210b",
"indicator--55dc6fab-df7c-4c4c-9b59-4a0d950d210b",
"observed-data--55dc6fab-409c-4a2e-9400-4e3d950d210b",
"url--55dc6fab-409c-4a2e-9400-4e3d950d210b",
"indicator--55dc6fab-69e8-4bb7-8531-4a6f950d210b",
"indicator--55dc6fab-3870-48af-bc38-4c5c950d210b",
"observed-data--55dc6fab-ef2c-4e90-88b8-4c05950d210b",
"url--55dc6fab-ef2c-4e90-88b8-4c05950d210b",
"indicator--55dc6fac-557c-4cad-8a97-4f24950d210b",
"indicator--55dc6fac-5ea8-4e94-b2a7-4a48950d210b",
"observed-data--55dc6fac-18a8-4ce9-ab56-4da7950d210b",
"url--55dc6fac-18a8-4ce9-ab56-4da7950d210b",
"indicator--55dc6fac-21d0-4972-b8bc-4a81950d210b",
"indicator--55dc6fac-3a18-43d5-bd5c-49b1950d210b",
"observed-data--55dc6fac-66a0-48a9-b56f-4878950d210b",
"url--55dc6fac-66a0-48a9-b56f-4878950d210b",
"indicator--55dc6fad-112c-4e1b-9ec3-4411950d210b",
"indicator--55dc6fad-d5c4-4de4-8dc4-4d2a950d210b",
"observed-data--55dc6fad-e1c4-4dd8-8ac4-4821950d210b",
"url--55dc6fad-e1c4-4dd8-8ac4-4821950d210b",
"indicator--55dc6fad-1258-416d-9186-4694950d210b",
"indicator--55dc6fad-241c-430f-af82-4908950d210b",
"observed-data--55dc6fae-8024-438c-ad41-47d0950d210b",
"url--55dc6fae-8024-438c-ad41-47d0950d210b",
"indicator--55dc6fae-79f8-4fdf-991a-4839950d210b",
"indicator--55dc6fae-b53c-4170-b328-400e950d210b",
"observed-data--55dc6fae-770c-4445-bbd4-4721950d210b",
"url--55dc6fae-770c-4445-bbd4-4721950d210b",
"indicator--55dc6fae-c7c0-493e-a018-4ecf950d210b",
"indicator--55dc6fae-d708-4d4f-8b68-4fed950d210b",
"observed-data--55dc6faf-1f50-4596-9d63-4d42950d210b",
"url--55dc6faf-1f50-4596-9d63-4d42950d210b",
"indicator--55dc6faf-45c4-4197-8ef4-41d5950d210b",
"indicator--55dc6faf-2484-48db-ae9a-4751950d210b",
"observed-data--55dc6faf-9748-48e6-b0d3-45f7950d210b",
"url--55dc6faf-9748-48e6-b0d3-45f7950d210b",
"indicator--55dc6faf-bab0-4506-87c4-4e36950d210b",
"indicator--55dc6faf-ae50-4c4d-840f-452c950d210b",
"observed-data--55dc6fb0-b0dc-485d-80f6-4742950d210b",
"url--55dc6fb0-b0dc-485d-80f6-4742950d210b",
"indicator--55dc6fb0-2760-4a35-bc8f-452f950d210b",
"indicator--55dc6fb0-8d9c-48ea-8e1c-4005950d210b",
"observed-data--55dc6fb0-9ed4-4d0e-8175-4d05950d210b",
"url--55dc6fb0-9ed4-4d0e-8175-4d05950d210b",
"indicator--55dc6fb0-ff8c-4c58-bab3-47bd950d210b",
"indicator--55dc6fb1-f128-4c23-8936-4e7d950d210b",
"observed-data--55dc6fb1-f364-4502-b00c-43a8950d210b",
"url--55dc6fb1-f364-4502-b00c-43a8950d210b",
"indicator--55dc6fb1-0134-4c1a-914a-43ac950d210b",
"indicator--55dc6fb1-5a7c-41a0-93c1-4951950d210b",
"observed-data--55dc6fb1-6ea8-4a7f-8ed5-495e950d210b",
"url--55dc6fb1-6ea8-4a7f-8ed5-495e950d210b",
"indicator--55dc6fb1-a534-47f1-af00-425f950d210b",
"indicator--55dc6fb2-0040-49b8-8940-4b67950d210b",
"observed-data--55dc6fb2-e8d4-405f-8b3c-4689950d210b",
"url--55dc6fb2-e8d4-405f-8b3c-4689950d210b",
"indicator--55dc6fb2-2cc0-43dc-9fc4-4ecc950d210b",
"indicator--55dc6fb2-a8ec-424d-937a-4815950d210b",
"observed-data--55dc6fb2-ac78-4fd8-8fa6-4427950d210b",
"url--55dc6fb2-ac78-4fd8-8fa6-4427950d210b",
"indicator--55dc6fb2-f714-4d02-8fae-495a950d210b",
"indicator--55dc6fb3-5970-47ef-ba65-495f950d210b",
"observed-data--55dc6fb3-587c-4d86-b483-4944950d210b",
"url--55dc6fb3-587c-4d86-b483-4944950d210b",
"indicator--55dc6fb3-7494-4ac5-ab45-4860950d210b",
"indicator--55dc6fb3-d4f4-4908-b5f8-481a950d210b",
"observed-data--55dc6fb3-50ac-4c22-94fa-4ec3950d210b",
"url--55dc6fb3-50ac-4c22-94fa-4ec3950d210b",
"indicator--55dc6fb4-cd84-4c3e-ae36-458d950d210b",
"indicator--55dc6fb4-52bc-42e4-bd7f-4f77950d210b",
"observed-data--55dc6fb4-7a5c-4fa5-815f-49aa950d210b",
"url--55dc6fb4-7a5c-4fa5-815f-49aa950d210b",
"indicator--55dc6fb4-12dc-4967-87c7-4697950d210b",
"indicator--55dc6fb4-c078-45eb-a586-4b6a950d210b",
"observed-data--55dc6fb4-14a0-4cbf-80e8-4e70950d210b",
"url--55dc6fb4-14a0-4cbf-80e8-4e70950d210b",
"indicator--55dc6fb5-b990-4ff0-acc4-4ee3950d210b",
"indicator--55dc6fb5-e0f4-41e3-8922-4849950d210b",
"observed-data--55dc6fb5-60f0-46d6-b94c-4d25950d210b",
"url--55dc6fb5-60f0-46d6-b94c-4d25950d210b",
"indicator--55dc6fb5-c788-4d6a-af43-44c4950d210b",
"indicator--55dc6fb5-3c04-4260-8823-4120950d210b",
"observed-data--55dc6fb6-18b8-44c8-a8eb-4d44950d210b",
"url--55dc6fb6-18b8-44c8-a8eb-4d44950d210b",
"indicator--55dc6fb6-f6a0-4882-aed3-48fe950d210b",
"indicator--55dc6fb6-d4d0-4ec6-8998-4429950d210b",
"observed-data--55dc6fb6-3778-4272-a276-4999950d210b",
"url--55dc6fb6-3778-4272-a276-4999950d210b",
"indicator--55dc6fb6-6990-4706-b552-4670950d210b",
"indicator--55dc6fb6-b7a0-4f22-9ef7-4071950d210b",
"observed-data--55dc6fb7-94e4-4a76-9e51-4ae4950d210b",
"url--55dc6fb7-94e4-4a76-9e51-4ae4950d210b",
"indicator--55dc6fb7-bb20-408b-8e8e-4767950d210b",
"indicator--55dc6fb7-911c-4176-94d0-4b4c950d210b",
"observed-data--55dc6fb7-3a8c-485f-85b6-4be5950d210b",
"url--55dc6fb7-3a8c-485f-85b6-4be5950d210b",
"indicator--55dc6fb7-9b94-4607-8659-4c4f950d210b",
"indicator--55dc6fb7-0c24-4e6b-8e29-4d73950d210b",
"observed-data--55dc6fb8-caf0-440a-87bc-4ec9950d210b",
"url--55dc6fb8-caf0-440a-87bc-4ec9950d210b",
"indicator--55dc6fb8-eb48-4d0e-b7ae-4de9950d210b",
"indicator--55dc6fb8-dc48-41c5-8ab1-4174950d210b",
"observed-data--55dc6fb8-2818-4cb3-a6dd-42cc950d210b",
"url--55dc6fb8-2818-4cb3-a6dd-42cc950d210b",
"indicator--55dc6fb8-fca4-46f5-9d8b-42ba950d210b",
"indicator--55dc6fb9-3a48-4d62-a7c9-4b5c950d210b",
"observed-data--55dc6fb9-db1c-4c05-96f2-404b950d210b",
"url--55dc6fb9-db1c-4c05-96f2-404b950d210b",
"indicator--55dc6fb9-cd04-4ac1-adad-4039950d210b",
"indicator--55dc6fb9-e670-420c-a51b-4839950d210b",
"observed-data--55dc6fb9-d6f8-4244-ab10-42d3950d210b",
"url--55dc6fb9-d6f8-4244-ab10-42d3950d210b",
"indicator--55dc6fb9-51f8-472e-9a31-4f57950d210b",
"indicator--55dc6fba-d3e4-4184-a125-4d79950d210b",
"observed-data--55dc6fba-e8d8-4f61-bf61-4d42950d210b",
"url--55dc6fba-e8d8-4f61-bf61-4d42950d210b",
"indicator--55dc6fba-39f4-4c43-a334-4882950d210b",
"indicator--55dc6fba-4fd0-43d5-80f3-4dcf950d210b",
"observed-data--55dc6fba-f81c-4680-96c7-44f1950d210b",
"url--55dc6fba-f81c-4680-96c7-44f1950d210b",
"indicator--55dc6fbb-e740-4105-bd0c-47c6950d210b",
"indicator--55dc6fbb-3a58-4278-b277-41ec950d210b",
"observed-data--55dc6fbb-9634-4939-a71c-48a4950d210b",
"url--55dc6fbb-9634-4939-a71c-48a4950d210b",
"indicator--55dc6fbb-9c04-4e1e-9854-4f16950d210b",
"indicator--55dc6fbb-7674-416e-81e1-4db6950d210b",
"observed-data--55dc6fbb-7f34-453d-ae88-428d950d210b",
"url--55dc6fbb-7f34-453d-ae88-428d950d210b",
"indicator--55dc6fbc-4450-4e95-a933-4aed950d210b",
"indicator--55dc6fbc-a4e0-498d-8a90-4955950d210b",
"observed-data--55dc6fbc-0964-4341-88d8-4775950d210b",
"url--55dc6fbc-0964-4341-88d8-4775950d210b",
"indicator--55dc6fbc-a760-4b50-9c62-48c9950d210b",
"indicator--55dc6fbc-2088-4f2d-b712-4228950d210b",
"observed-data--55dc6fbc-8a0c-4cae-b1a0-4542950d210b",
"url--55dc6fbc-8a0c-4cae-b1a0-4542950d210b",
"indicator--55dc6fbd-ffc8-413f-8465-4b45950d210b",
"indicator--55dc6fbd-6d84-465e-97fb-4748950d210b",
"observed-data--55dc6fbd-3ae8-4b0e-ab6e-4277950d210b",
"url--55dc6fbd-3ae8-4b0e-ab6e-4277950d210b",
"indicator--55dc6fbd-0804-4337-95fe-4997950d210b",
"indicator--55dc6fbd-0684-49e5-906e-44b1950d210b",
"observed-data--55dc6fbe-e858-49d5-a323-48f1950d210b",
"url--55dc6fbe-e858-49d5-a323-48f1950d210b",
"indicator--55dc6fbe-5314-4d55-9240-43a0950d210b",
"indicator--55dc6fbe-ebcc-45e5-9aab-4a7d950d210b",
"observed-data--55dc6fbe-0478-457c-834b-4776950d210b",
"url--55dc6fbe-0478-457c-834b-4776950d210b",
"indicator--55dc6fbe-087c-4036-baa6-487c950d210b",
"indicator--55dc6fbe-0c80-493a-ab14-4d04950d210b",
"observed-data--55dc6fbf-6a1c-46cf-af96-443d950d210b",
"url--55dc6fbf-6a1c-46cf-af96-443d950d210b",
"indicator--55dc6fbf-f7b0-4549-9a33-4065950d210b",
"indicator--55dc6fbf-ed80-4df4-b688-4396950d210b",
"observed-data--55dc6fbf-1b5c-4063-ad83-4dda950d210b",
"url--55dc6fbf-1b5c-4063-ad83-4dda950d210b",
"indicator--55dc6fbf-8a54-431a-8142-4e33950d210b",
"indicator--55dc6fbf-f710-49ad-bb5d-46f7950d210b",
"observed-data--55dc6fc0-8468-44f0-a08a-4555950d210b",
"url--55dc6fc0-8468-44f0-a08a-4555950d210b",
"indicator--55dc6fc0-a790-4558-8934-456e950d210b",
"indicator--55dc6fc0-ef08-46c6-8711-4e30950d210b",
"observed-data--55dc6fc0-6c78-4671-a1df-4d5a950d210b",
"url--55dc6fc0-6c78-4671-a1df-4d5a950d210b",
"indicator--55dc6fc0-c4b8-4a2f-ae16-41b9950d210b",
"indicator--55dc6fc1-61a4-4b26-9528-4d3b950d210b",
"observed-data--55dc6fc1-1e98-4785-a8e1-4cdc950d210b",
"url--55dc6fc1-1e98-4785-a8e1-4cdc950d210b",
"indicator--55dc6fc1-450c-4535-8cef-4fb7950d210b",
"indicator--55dc6fc1-b8ac-4c4c-813c-4e86950d210b",
"observed-data--55dc6fc1-a9ec-4aae-a25f-4836950d210b",
"url--55dc6fc1-a9ec-4aae-a25f-4836950d210b",
"indicator--55dc6fc1-4878-45f9-aa75-4e1a950d210b",
"indicator--55dc6fc2-8ea4-440e-a00f-435b950d210b",
"observed-data--55dc6fc2-7954-4a63-b373-4ca8950d210b",
"url--55dc6fc2-7954-4a63-b373-4ca8950d210b",
"indicator--55dc6fc2-a554-4915-bb39-415c950d210b",
"indicator--55dc6fc2-c398-4ed0-9aa4-4180950d210b",
"observed-data--55dc6fc2-f0cc-4de6-8ef3-4897950d210b",
"url--55dc6fc2-f0cc-4de6-8ef3-4897950d210b",
"indicator--55dc6fc3-177c-4e5e-855d-4edb950d210b",
"indicator--55dc6fc3-63a4-47e2-84ce-41e4950d210b",
"observed-data--55dc6fc3-e454-4a3e-a133-43f7950d210b",
"url--55dc6fc3-e454-4a3e-a133-43f7950d210b",
"indicator--55dc6fc3-9fc8-4ebf-8edd-42f5950d210b",
"indicator--55dc6fc3-8764-44b7-ae2a-4085950d210b",
"observed-data--55dc6fc3-2d48-4548-bd6f-4e71950d210b",
"url--55dc6fc3-2d48-4548-bd6f-4e71950d210b",
"indicator--55dc6fc4-cce4-4d25-8bca-4037950d210b",
"indicator--55dc6fc4-058c-4308-9555-4d97950d210b",
"observed-data--55dc6fc4-86a8-442f-bbd2-4c17950d210b",
"url--55dc6fc4-86a8-442f-bbd2-4c17950d210b",
"indicator--55dc6fc4-b5a4-4d34-85b3-434c950d210b",
"indicator--55dc6fc4-5284-42d5-a960-4069950d210b",
"observed-data--55dc6fc4-0318-4b77-97ec-4838950d210b",
"url--55dc6fc4-0318-4b77-97ec-4838950d210b",
"indicator--55dc6fc5-9b74-4f12-bfe6-4fc8950d210b",
"indicator--55dc6fc5-bed8-4743-a2ce-417a950d210b",
"observed-data--55dc6fc5-1e24-4b6f-9cbb-4d2c950d210b",
"url--55dc6fc5-1e24-4b6f-9cbb-4d2c950d210b",
"indicator--55dc6fc5-4154-4aca-8c49-43dc950d210b",
"indicator--55dc6fc5-ee48-4483-8ac8-49d5950d210b",
"observed-data--55dc6fc5-0da0-4375-bd6e-4ba1950d210b",
"url--55dc6fc5-0da0-4375-bd6e-4ba1950d210b",
"indicator--55dc6fc6-4cd4-4820-826a-4b2a950d210b",
"indicator--55dc6fc6-d3c0-4fe2-9eb1-4d54950d210b",
"observed-data--55dc6fc6-658c-4879-887f-4944950d210b",
"url--55dc6fc6-658c-4879-887f-4944950d210b",
"indicator--55dc6fc6-df94-49cc-a43f-4c16950d210b",
"indicator--55dc6fc6-d490-4cd1-820a-481f950d210b",
"observed-data--55dc6fc7-542c-45a2-b31a-4e37950d210b",
"url--55dc6fc7-542c-45a2-b31a-4e37950d210b",
"indicator--55dc6fc7-26ac-4662-9871-468e950d210b",
"indicator--55dc6fc7-3e20-49d1-bf10-44b5950d210b",
"observed-data--55dc6fc7-2cb4-4b7b-bfef-4043950d210b",
"url--55dc6fc7-2cb4-4b7b-bfef-4043950d210b",
"indicator--55dc6fc7-35b4-4db0-9d0d-42e4950d210b",
"indicator--55dc6fc7-439c-4575-9e7e-425e950d210b",
"observed-data--55dc6fc8-bb6c-402d-a80a-4fb2950d210b",
"url--55dc6fc8-bb6c-402d-a80a-4fb2950d210b",
"indicator--55dc6fc8-9ed0-4f1e-80fe-43f0950d210b",
"indicator--55dc6fc8-8f60-4da9-91a2-4842950d210b",
"observed-data--55dc6fc8-8758-4f95-9314-4f92950d210b",
"url--55dc6fc8-8758-4f95-9314-4f92950d210b",
"indicator--55dc6fc8-e028-4c4f-b661-4b5e950d210b",
"indicator--55dc6fc8-5928-44ae-b3c9-4ac5950d210b",
"observed-data--55dc6fc9-3628-427f-82b1-4e27950d210b",
"url--55dc6fc9-3628-427f-82b1-4e27950d210b",
"indicator--55dc6fc9-4e94-490f-9f00-454f950d210b",
"indicator--55dc6fc9-cea8-49b7-bb85-421e950d210b",
"observed-data--55dc6fc9-ac94-4c09-83a1-4be3950d210b",
"url--55dc6fc9-ac94-4c09-83a1-4be3950d210b",
"indicator--55dc6fc9-12b4-4b4c-98ac-4616950d210b",
"indicator--55dc6fc9-d2d0-44ac-8c77-43a8950d210b",
"observed-data--55dc6fca-7a4c-4110-8cc9-4577950d210b",
"url--55dc6fca-7a4c-4110-8cc9-4577950d210b",
"indicator--55dc6fca-1bdc-4dcf-a874-4e6f950d210b",
"indicator--55dc6fca-bda4-4c70-a698-45ff950d210b",
"observed-data--55dc6fca-a0a4-470b-a267-4afa950d210b",
"url--55dc6fca-a0a4-470b-a267-4afa950d210b",
"indicator--55dc6fca-f8a0-46f1-ad89-42c1950d210b",
"indicator--55dc6fcb-ac54-4d5d-8a12-45c3950d210b",
"observed-data--55dc6fcb-374c-4590-895d-4d01950d210b",
"url--55dc6fcb-374c-4590-895d-4d01950d210b",
"indicator--55dc6fcb-8918-4640-9986-40a9950d210b",
"indicator--55dc6fcb-7ce4-4527-a3f7-4b61950d210b",
"observed-data--55dc6fcb-8190-4483-b117-4f78950d210b",
"url--55dc6fcb-8190-4483-b117-4f78950d210b",
"indicator--55dc6fcb-750c-4f5e-9717-443b950d210b",
"indicator--55dc6fcc-4c28-4c4c-82ee-4693950d210b",
"observed-data--55dc6fcc-5f00-4772-8031-4425950d210b",
"url--55dc6fcc-5f00-4772-8031-4425950d210b",
"indicator--55dc6fcc-4d04-40b2-81af-4b1a950d210b",
"indicator--55dc6fcc-775c-4b3b-8594-45fe950d210b",
"observed-data--55dc6fcc-b85c-4750-831c-41b7950d210b",
"url--55dc6fcc-b85c-4750-831c-41b7950d210b",
"indicator--55dc6fcc-7138-4b9e-9dd0-478c950d210b",
"indicator--55dc6fcd-970c-4963-8ed3-4437950d210b",
"observed-data--55dc6fcd-fc8c-41d9-b995-4c4c950d210b",
"url--55dc6fcd-fc8c-41d9-b995-4c4c950d210b",
"indicator--55dc6fcd-6544-460f-8191-476b950d210b",
"indicator--55dc6fcd-c0b8-4259-b1a1-44f5950d210b",
"observed-data--55dc6fcd-1348-4611-b100-4d91950d210b",
"url--55dc6fcd-1348-4611-b100-4d91950d210b",
"indicator--55dc6fcd-f2ac-4d51-9715-4033950d210b",
"indicator--55dc6fce-f228-453c-8c7a-4f6a950d210b",
"observed-data--55dc6fce-bfac-429e-bfc1-4a87950d210b",
"url--55dc6fce-bfac-429e-bfc1-4a87950d210b",
"indicator--55dc6fce-b85c-47a2-8d2a-4677950d210b",
"indicator--55dc6fce-2b78-44d8-9da3-4be5950d210b",
"observed-data--55dc6fce-eb70-4d8b-a015-4eae950d210b",
"url--55dc6fce-eb70-4d8b-a015-4eae950d210b",
"indicator--55dc6fcf-d908-456b-8519-4780950d210b",
"indicator--55dc6fcf-3534-4588-b4cf-477c950d210b",
"observed-data--55dc6fcf-5440-4c8e-938d-473e950d210b",
"url--55dc6fcf-5440-4c8e-938d-473e950d210b",
"indicator--55dc6fcf-9520-4da9-adb5-4c3f950d210b",
"indicator--55dc6fcf-0748-41e4-8fd3-409b950d210b",
"observed-data--55dc6fcf-8a18-4ef5-89f3-4263950d210b",
"url--55dc6fcf-8a18-4ef5-89f3-4263950d210b",
"indicator--55dc6fd0-9bf0-4219-ba0e-4346950d210b",
"indicator--55dc6fd0-1740-4f06-b2c1-458e950d210b",
"observed-data--55dc6fd0-a4ac-42c7-b39e-41d0950d210b",
"url--55dc6fd0-a4ac-42c7-b39e-41d0950d210b",
"indicator--55dc6fd0-2720-4c59-b381-43d3950d210b",
"indicator--55dc6fd0-c97c-46c2-9b1b-47f9950d210b",
"observed-data--55dc6fd0-1120-4ad2-a190-4050950d210b",
"url--55dc6fd0-1120-4ad2-a190-4050950d210b",
"indicator--55dc6fd1-bc7c-4ef3-a01d-4095950d210b",
"indicator--55dc6fd1-ac38-4c87-abe2-4cd2950d210b",
"observed-data--55dc6fd1-2eb4-463a-8421-4e98950d210b",
"url--55dc6fd1-2eb4-463a-8421-4e98950d210b",
"indicator--55dc6fd1-02fc-4fe7-99cd-4712950d210b",
"indicator--55dc6fd1-e314-42b0-b0ff-43c4950d210b",
"observed-data--55dc6fd1-fa64-4ce5-a79b-413b950d210b",
"url--55dc6fd1-fa64-4ce5-a79b-413b950d210b",
"indicator--55dc6fd2-3e24-4536-aeba-4b47950d210b",
"indicator--55dc6fd2-ecb4-46d1-8d51-46db950d210b",
"observed-data--55dc6fd2-9130-4f07-a761-41d6950d210b",
"url--55dc6fd2-9130-4f07-a761-41d6950d210b",
"indicator--55dc6fd2-406c-4325-b9b1-4df0950d210b",
"indicator--55dc6fd2-21f4-43a4-9568-4cf2950d210b",
"observed-data--55dc6fd3-2cb0-46e6-9484-4695950d210b",
"url--55dc6fd3-2cb0-46e6-9484-4695950d210b",
"indicator--55dc6fd3-4dbc-4c8c-afdf-4799950d210b",
"indicator--55dc6fd3-dc08-4e1a-ba68-4b0a950d210b",
"observed-data--55dc6fd3-07d8-495e-a65a-453f950d210b",
"url--55dc6fd3-07d8-495e-a65a-453f950d210b",
"indicator--55dc6fd3-b018-4a30-916a-4b06950d210b",
"indicator--55dc6fd3-3104-41eb-ad34-4f01950d210b",
"observed-data--55dc6fd4-3864-4cfb-aa26-4f84950d210b",
"url--55dc6fd4-3864-4cfb-aa26-4f84950d210b",
"indicator--55dc6fd4-d388-4e19-b560-4444950d210b",
"indicator--55dc6fd4-796c-4b73-b477-49a6950d210b",
"observed-data--55dc6fd4-3344-4be8-ab5c-4cd5950d210b",
"url--55dc6fd4-3344-4be8-ab5c-4cd5950d210b",
"indicator--55dc6fd4-e094-4747-98ed-463e950d210b",
"indicator--55dc6fd4-bbfc-41bd-9281-44fa950d210b",
"observed-data--55dc6fd5-5504-4028-86ad-49cb950d210b",
"url--55dc6fd5-5504-4028-86ad-49cb950d210b",
"indicator--55dc6fd5-f5a0-42c8-9015-4a4c950d210b",
"indicator--55dc6fd5-a860-4050-a3dc-4a3f950d210b",
"observed-data--55dc6fd5-ae1c-42d5-9d30-4c5e950d210b",
"url--55dc6fd5-ae1c-42d5-9d30-4c5e950d210b",
"indicator--55dc6fd5-2070-48a8-b2d1-42c4950d210b",
"indicator--55dc6fd6-6a58-4f3a-a037-4ecd950d210b",
"observed-data--55dc6fd6-5e20-4a09-b1d6-40de950d210b",
"url--55dc6fd6-5e20-4a09-b1d6-40de950d210b",
"indicator--55dc6fd6-6258-4c66-8443-4904950d210b",
"indicator--55dc6fd6-558c-4880-b1f4-4f3d950d210b",
"observed-data--55dc6fd6-9b04-4516-9af9-4c71950d210b",
"url--55dc6fd6-9b04-4516-9af9-4c71950d210b",
"indicator--55dc6fd6-ee20-459c-9b02-4196950d210b",
"indicator--55dc6fd7-781c-46f2-9b40-4e3b950d210b",
"observed-data--55dc6fd7-4820-45a4-9501-4084950d210b",
"url--55dc6fd7-4820-45a4-9501-4084950d210b",
"indicator--55dc6fd7-1180-4b1f-a008-4494950d210b",
"indicator--55dc6fd7-ac10-4d21-9fa1-4de2950d210b",
"observed-data--55dc6fd7-d2b8-42f8-9904-43ae950d210b",
"url--55dc6fd7-d2b8-42f8-9904-43ae950d210b",
"indicator--55dc6fd7-c660-42b8-8219-4689950d210b",
"indicator--55dc6fd8-5b30-4a58-8cf8-4907950d210b",
"observed-data--55dc6fd8-8074-427c-84ab-4b64950d210b",
"url--55dc6fd8-8074-427c-84ab-4b64950d210b",
"indicator--55dc6fd8-0cac-4afd-a237-4c88950d210b",
"indicator--55dc6fd8-bc20-429b-a1ff-4616950d210b",
"observed-data--55dc6fd8-cd0c-4f0c-b6e0-4da2950d210b",
"url--55dc6fd8-cd0c-4f0c-b6e0-4da2950d210b",
"indicator--55dc6fd9-6264-4ace-ba34-4149950d210b",
"indicator--55dc6fd9-f4c4-4bba-85d2-4601950d210b",
"observed-data--55dc6fd9-b154-4260-af37-4fd9950d210b",
"url--55dc6fd9-b154-4260-af37-4fd9950d210b",
"indicator--55dc6fd9-a77c-49e0-a640-4cdf950d210b",
"indicator--55dc6fd9-6a0c-498d-b375-4d52950d210b",
"observed-data--55dc6fd9-1958-4c4e-b6b0-4c84950d210b",
"url--55dc6fd9-1958-4c4e-b6b0-4c84950d210b",
"indicator--55dc6fda-4138-4f21-a13f-495e950d210b",
"indicator--55dc6fda-9d5c-447e-8d44-43de950d210b",
"observed-data--55dc6fda-e018-4b84-83e9-4d3c950d210b",
"url--55dc6fda-e018-4b84-83e9-4d3c950d210b",
"indicator--55dc6fda-e6a8-4555-911f-4cfd950d210b",
"indicator--55dc6fda-a60c-4b78-b97b-43d1950d210b",
"observed-data--55dc6fda-7f10-4e85-bf1b-4b96950d210b",
"url--55dc6fda-7f10-4e85-bf1b-4b96950d210b",
"indicator--55dc6fdb-b2fc-4678-a284-465f950d210b",
"indicator--55dc6fdb-02a8-4aaa-8fa8-43aa950d210b",
"observed-data--55dc6fdb-d374-4737-a802-4fd4950d210b",
"url--55dc6fdb-d374-4737-a802-4fd4950d210b",
"indicator--55dc6fdb-944c-4c55-a3f5-4824950d210b",
"indicator--55dc6fdb-cd7c-416d-b8e2-4eaa950d210b",
"observed-data--55dc6fdc-6340-4ee2-8375-4f11950d210b",
"url--55dc6fdc-6340-4ee2-8375-4f11950d210b",
"indicator--55dc6fdc-bbcc-455b-8317-4418950d210b",
"indicator--55dc6fdc-68d4-4dda-9030-4d50950d210b",
"observed-data--55dc6fdc-2c28-4848-97fe-4d83950d210b",
"url--55dc6fdc-2c28-4848-97fe-4d83950d210b",
"indicator--55dc6fdc-6da8-483d-b3be-400e950d210b",
"indicator--55dc6fdc-6d6c-4a42-9bc9-4399950d210b",
"observed-data--55dc6fdd-9868-4577-a361-46ac950d210b",
"url--55dc6fdd-9868-4577-a361-46ac950d210b",
"indicator--55dc6fdd-dbf4-4337-a62e-4aa5950d210b",
"indicator--55dc6fdd-0010-4986-806e-471a950d210b",
"observed-data--55dc6fdd-aaf4-469b-9b38-4794950d210b",
"url--55dc6fdd-aaf4-469b-9b38-4794950d210b",
"indicator--55dc6fdd-a450-4465-ac31-4ce8950d210b",
"indicator--55dc6fdd-05e0-4203-b600-4155950d210b",
"observed-data--55dc6fde-06d8-4844-b701-478a950d210b",
"url--55dc6fde-06d8-4844-b701-478a950d210b",
"indicator--55dc6fde-2f7c-44a6-8f53-404b950d210b",
"indicator--55dc6fde-8df8-4d20-9caa-4f07950d210b",
"observed-data--55dc6fde-90a8-4bdc-b521-49a1950d210b",
"url--55dc6fde-90a8-4bdc-b521-49a1950d210b",
"indicator--55dc6fde-3a9c-4693-b680-4e76950d210b",
"indicator--55dc6fde-1228-4a4f-8587-4d3b950d210b",
"observed-data--55dc6fdf-36a4-46de-8aa6-4cd8950d210b",
"url--55dc6fdf-36a4-46de-8aa6-4cd8950d210b",
"indicator--55dc6fdf-d73c-41ba-9c10-4e2b950d210b",
"indicator--55dc6fdf-6f18-406a-ad8f-487e950d210b",
"observed-data--55dc6fdf-d900-4494-8964-4628950d210b",
"url--55dc6fdf-d900-4494-8964-4628950d210b",
"indicator--55dc6fdf-1010-4ede-96e0-48fb950d210b",
"indicator--55dc6fe0-f308-4ad4-bf5d-4b2f950d210b",
"observed-data--55dc6fe0-c488-48fc-9d5e-4cad950d210b",
"url--55dc6fe0-c488-48fc-9d5e-4cad950d210b",
"indicator--55dc6fe0-7fc8-46e9-972f-45f2950d210b",
"indicator--55dc6fe0-baf8-43b4-bbed-477f950d210b",
"observed-data--55dc6fe0-2ff4-4249-8bbc-4c60950d210b",
"url--55dc6fe0-2ff4-4249-8bbc-4c60950d210b",
"indicator--55dc6fe0-63f0-40c1-9724-4b72950d210b",
"indicator--55dc6fe1-90c8-4aba-a17a-4f50950d210b",
"observed-data--55dc6fe1-9b64-472b-97ef-496b950d210b",
"url--55dc6fe1-9b64-472b-97ef-496b950d210b",
"indicator--55dc6fe1-476c-452c-990f-4d69950d210b",
"indicator--55dc6fe1-a998-4a78-9672-4c15950d210b",
"observed-data--55dc6fe1-16c0-4ebb-af1f-44af950d210b",
"url--55dc6fe1-16c0-4ebb-af1f-44af950d210b",
"indicator--55dc6fe1-0418-44ee-a123-4275950d210b",
"indicator--55dc6fe2-08a8-4c66-952c-47ff950d210b",
"observed-data--55dc6fe2-0718-4015-ae86-4457950d210b",
"url--55dc6fe2-0718-4015-ae86-4457950d210b",
"indicator--55dc6fe2-4764-444c-a26b-4109950d210b",
"indicator--55dc6fe2-f31c-49d5-a151-4b41950d210b",
"observed-data--55dc6fe2-d030-4ae8-906a-4904950d210b",
"url--55dc6fe2-d030-4ae8-906a-4904950d210b",
"indicator--55dc6fe2-ec4c-439d-b360-4bb5950d210b",
"indicator--55dc6fe3-0dc4-4b51-8fea-4192950d210b",
"observed-data--55dc6fe3-90c8-4c43-8c2f-4705950d210b",
"url--55dc6fe3-90c8-4c43-8c2f-4705950d210b",
"indicator--55dc6fe3-f6d4-4b5e-b02d-42f4950d210b",
"indicator--55dc6fe3-03fc-44cf-8496-461b950d210b",
"observed-data--55dc6fe3-a9ac-4661-9a86-476e950d210b",
"url--55dc6fe3-a9ac-4661-9a86-476e950d210b",
"indicator--55dc6fe4-e76c-4f65-95bd-47ff950d210b",
"indicator--55dc6fe4-3f94-4745-8e1d-4807950d210b",
"observed-data--55dc6fe4-3f6c-4031-bd6b-4c42950d210b",
"url--55dc6fe4-3f6c-4031-bd6b-4c42950d210b",
"indicator--55dc6fe4-35a4-4b4a-8ab8-49d8950d210b",
"indicator--55dc6fe4-5e4c-414c-88b4-4e30950d210b",
"observed-data--55dc6fe4-f390-41fd-80fb-4b11950d210b",
"url--55dc6fe4-f390-41fd-80fb-4b11950d210b",
"indicator--55dc6fe5-6934-46b9-a415-4913950d210b",
"indicator--55dc6fe5-8510-4f51-8d3a-4878950d210b",
"observed-data--55dc6fe5-1ddc-4d79-9951-4773950d210b",
"url--55dc6fe5-1ddc-4d79-9951-4773950d210b",
"indicator--55dc6fe5-9178-43e0-90bf-4a4f950d210b",
"indicator--55dc6fe5-3bc4-4404-a8f3-4b73950d210b",
"observed-data--55dc6fe5-23d0-4877-a122-41ef950d210b",
"url--55dc6fe5-23d0-4877-a122-41ef950d210b",
"indicator--55dc6fe6-4f4c-4bb3-8a48-43f2950d210b",
"indicator--55dc6fe6-adf4-4861-ba4c-4eb3950d210b",
"observed-data--55dc6fe6-a240-4bd8-be1c-49c2950d210b",
"url--55dc6fe6-a240-4bd8-be1c-49c2950d210b",
"indicator--55dc6fe6-2ea4-4109-964f-4cd5950d210b",
"indicator--55dc6fe6-7220-4dd3-83fc-4412950d210b",
"observed-data--55dc6fe6-54ec-49c7-990d-4a61950d210b",
"url--55dc6fe6-54ec-49c7-990d-4a61950d210b",
"indicator--55dc6fe7-7a40-4aa1-900d-4dc3950d210b",
"indicator--55dc6fe7-67e0-46f6-a00c-497c950d210b",
"observed-data--55dc6fe7-74dc-4fa6-87c8-4d06950d210b",
"url--55dc6fe7-74dc-4fa6-87c8-4d06950d210b",
"indicator--55dc6fe7-eb94-4cf9-a641-4231950d210b",
"indicator--55dc6fe7-4614-453f-a7d9-4298950d210b",
"observed-data--55dc6fe8-c580-43fb-ace7-4cfc950d210b",
"url--55dc6fe8-c580-43fb-ace7-4cfc950d210b",
"indicator--55dc6fe8-0518-4ddd-be5a-425f950d210b",
"indicator--55dc6fe8-dda8-4d85-a608-45a0950d210b",
"observed-data--55dc6fe8-f4fc-4da5-8525-4536950d210b",
"url--55dc6fe8-f4fc-4da5-8525-4536950d210b",
"indicator--55dc6fe8-cce0-4f5d-8ac5-4acb950d210b",
"indicator--55dc6fe8-193c-490c-8cd0-48e6950d210b",
"observed-data--55dc6fe9-7174-4c49-b163-4236950d210b",
"url--55dc6fe9-7174-4c49-b163-4236950d210b",
"indicator--55dc6fe9-d3e0-4e01-b454-472f950d210b",
"indicator--55dc6fe9-7be4-4679-9802-4e1e950d210b",
"observed-data--55dc6fe9-75a0-47e2-861d-4b00950d210b",
"url--55dc6fe9-75a0-47e2-861d-4b00950d210b",
"indicator--55dc6fe9-9af8-4bf7-8f97-46f3950d210b",
"indicator--55dc6fe9-c330-4e07-8c38-42e2950d210b",
"observed-data--55dc6fea-d044-4976-b807-4b0b950d210b",
"url--55dc6fea-d044-4976-b807-4b0b950d210b",
"indicator--55dc6fea-54ec-4a88-bd42-4d96950d210b",
"indicator--55dc6fea-bb90-45d8-b84f-46c7950d210b",
"observed-data--55dc6fea-90c0-488c-b7e2-49ea950d210b",
"url--55dc6fea-90c0-488c-b7e2-49ea950d210b",
"indicator--55dc6fea-cc78-474f-93ca-4e3e950d210b",
"indicator--55dc6fea-1354-488a-b448-44f4950d210b",
"observed-data--55dc6feb-9734-4d2c-a5b1-4765950d210b",
"url--55dc6feb-9734-4d2c-a5b1-4765950d210b",
"indicator--55dc6feb-c7e8-4002-9f94-4e26950d210b",
"indicator--55dc6feb-2a8c-49d2-9976-468c950d210b",
"observed-data--55dc6feb-a1dc-499a-a633-4892950d210b",
"url--55dc6feb-a1dc-499a-a633-4892950d210b",
"indicator--55dc6feb-4c64-49ad-8442-4259950d210b",
"indicator--55dc6fec-ff7c-411e-829c-4d42950d210b",
"observed-data--55dc6fec-0008-41f0-916c-497a950d210b",
"url--55dc6fec-0008-41f0-916c-497a950d210b",
"indicator--55dc6fec-e858-4a05-ba1b-4705950d210b",
"indicator--55dc6fec-aa88-46f5-a1b5-4b11950d210b",
"observed-data--55dc6fec-f0b8-4bc1-b546-4ffa950d210b",
"url--55dc6fec-f0b8-4bc1-b546-4ffa950d210b",
"indicator--55dc6fec-deec-4702-b26f-48ca950d210b",
"indicator--55dc6fed-cc58-4b6f-b2ca-4603950d210b",
"observed-data--55dc6fed-a1a4-46d1-b658-4f0f950d210b",
"url--55dc6fed-a1a4-46d1-b658-4f0f950d210b",
"indicator--55dc6fed-1878-4b4e-9e79-4fb0950d210b",
"indicator--55dc6fed-e6d0-426b-bef1-4959950d210b",
"observed-data--55dc6fed-d55c-4fa8-8561-4e13950d210b",
"url--55dc6fed-d55c-4fa8-8561-4e13950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55c279a1-10c8-4c40-87af-495d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-05T21:01:21.000Z",
"modified": "2015-08-05T21:01:21.000Z",
"first_observed": "2015-08-05T21:01:21Z",
"last_observed": "2015-08-05T21:01:21Z",
"number_observed": 1,
"object_refs": [
"url--55c279a1-10c8-4c40-87af-495d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55c279a1-10c8-4c40-87af-495d950d210b",
"value": "http://www.secureworks.com/resources/blog/threat-analysis-tracks-the-sakula-malware-family/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55c279a1-a61c-4f7d-9928-43af950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-05T21:01:21.000Z",
"modified": "2015-08-05T21:01:21.000Z",
"first_observed": "2015-08-05T21:01:21Z",
"last_observed": "2015-08-05T21:01:21Z",
"number_observed": 1,
"object_refs": [
"url--55c279a1-a61c-4f7d-9928-43af950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55c279a1-a61c-4f7d-9928-43af950d210b",
"value": "http://www.secureworks.com/cyber-threat-intelligence/threats/sakula-malware-family/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55c36a52-f3c0-4093-ba9e-4fb1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:08:18.000Z",
"modified": "2015-08-06T14:08:18.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_comment": "Malware family",
"x_misp_type": "text",
"x_misp_value": "Sakula"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b1d-1258-42d3-88e8-452a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:11:41.000Z",
"modified": "2015-08-06T14:11:41.000Z",
"pattern": "[url:value = 'http://www.qzbwcq.com/cookie.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:11:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b1d-bf8c-4bde-a8a9-4acf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:11:41.000Z",
"modified": "2015-08-06T14:11:41.000Z",
"pattern": "[url:value = 'http://sharepoint-vaeit.com/login.php?ref']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:11:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b1d-f014-4987-840f-4a53950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:11:41.000Z",
"modified": "2015-08-06T14:11:41.000Z",
"pattern": "[url:value = 'http://extcitrix.we11point.com/vpn/index.php?ref=1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:11:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b2b-3c9c-4c65-9f58-4d4e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:11:55.000Z",
"modified": "2015-08-06T14:11:55.000Z",
"pattern": "[url:value = '/check.asp?imageid=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:11:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b2c-9bc4-47fd-969e-4e7c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:11:56.000Z",
"modified": "2015-08-06T14:11:56.000Z",
"pattern": "[url:value = '/newimage.asp?imageid=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:11:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b2c-9e60-4037-93a7-4560950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:11:56.000Z",
"modified": "2015-08-06T14:11:56.000Z",
"pattern": "[url:value = '/news/view.asp?cookie=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:11:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b2c-b108-4954-8d9b-47f0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:11:56.000Z",
"modified": "2015-08-06T14:11:56.000Z",
"pattern": "[url:value = '/script.asp?imageid=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:11:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b2c-cbe0-4726-8f29-4aee950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:11:56.000Z",
"modified": "2015-08-06T14:11:56.000Z",
"pattern": "[url:value = '/update.asp?cstring=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:11:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b2c-8a14-4126-ad99-41b9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:11:56.000Z",
"modified": "2015-08-06T14:11:56.000Z",
"pattern": "[url:value = '/view.asp?cookie=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:11:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b2d-2c60-4066-a296-44d4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:11:57.000Z",
"modified": "2015-08-06T14:11:57.000Z",
"pattern": "[url:value = '/script.asp?resid=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:11:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b2d-b51c-4d7a-bfcb-45e3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:11:57.000Z",
"modified": "2015-08-06T14:11:57.000Z",
"pattern": "[url:value = '/view.asp?cstring=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:11:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b2d-f6a4-41c9-9741-4321950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:11:57.000Z",
"modified": "2015-08-06T14:11:57.000Z",
"pattern": "[url:value = '/viewphoto.asp?photoid=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:11:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b2d-b85c-498d-9024-4955950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:11:57.000Z",
"modified": "2015-08-06T14:11:57.000Z",
"pattern": "[url:value = '/viewphoto.asp?resid=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:11:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b2d-47b0-42f2-8a73-4c50950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:11:57.000Z",
"modified": "2015-08-06T14:11:57.000Z",
"pattern": "[url:value = '/x0x/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:11:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b67-ccfc-405b-8199-4db7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:12:55.000Z",
"modified": "2015-08-06T14:12:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.128.233.4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:12:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b67-5f9c-4862-a372-4b61950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:12:55.000Z",
"modified": "2015-08-06T14:12:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.47.35.117']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:12:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b67-a4a8-4618-90b9-4788950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:12:55.000Z",
"modified": "2015-08-06T14:12:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.210.206.246']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:12:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b67-8498-4f98-b03d-482f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:12:55.000Z",
"modified": "2015-08-06T14:12:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.27.112.143']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:12:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b90-bd60-4a62-865f-4e61950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:13:36.000Z",
"modified": "2015-08-06T14:13:36.000Z",
"description": "Sakula C2 server",
"pattern": "[domain-name:value = 'secure.devpia.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b90-4634-401d-9452-48f5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:13:36.000Z",
"modified": "2015-08-06T14:13:36.000Z",
"description": "Sakula C2 server",
"pattern": "[domain-name:value = 'login.qzbwcq.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b90-5a8c-4aae-ad0a-4510950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:13:36.000Z",
"modified": "2015-08-06T14:13:36.000Z",
"description": "Sakula C2 server",
"pattern": "[domain-name:value = 'oa.ameteksen.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b90-a07c-45e0-b406-4724950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:13:36.000Z",
"modified": "2015-08-06T14:13:36.000Z",
"description": "Sakula C2 server",
"pattern": "[domain-name:value = 'sinmoung.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b90-2164-40f2-af52-42f7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:13:36.000Z",
"modified": "2015-08-06T14:13:36.000Z",
"description": "Sakula C2 server",
"pattern": "[domain-name:value = 'citrix.vipreclod.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b90-7728-44cc-ad2f-4023950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:13:36.000Z",
"modified": "2015-08-06T14:13:36.000Z",
"description": "Sakula C2 server",
"pattern": "[domain-name:value = 'update.microsoft.co.kr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:13:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b91-f8f4-4552-ad75-4fdc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:13:37.000Z",
"modified": "2015-08-06T14:13:37.000Z",
"description": "Sakula C2 server",
"pattern": "[domain-name:value = 'web.vipreclod.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:13:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b91-56b0-486e-ba5c-4dff950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:13:37.000Z",
"modified": "2015-08-06T14:13:37.000Z",
"description": "Sakula C2 server",
"pattern": "[domain-name:value = 'www.huchin.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:13:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b91-d958-4b9d-9cf8-449b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:13:37.000Z",
"modified": "2015-08-06T14:13:37.000Z",
"description": "Sakula C2 server",
"pattern": "[domain-name:value = 'www.northpoleroute.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:13:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b91-6ae8-4164-8aac-4709950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:13:37.000Z",
"modified": "2015-08-06T14:13:37.000Z",
"description": "Sakula C2 server",
"pattern": "[domain-name:value = 'www.polarroute.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:13:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b91-9790-4bcd-a03f-43fb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:13:37.000Z",
"modified": "2015-08-06T14:13:37.000Z",
"description": "Sakula C2 server",
"pattern": "[domain-name:value = 'www.savmpet.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:13:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36b92-d420-43d9-96e9-40e3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:13:38.000Z",
"modified": "2015-08-06T14:13:38.000Z",
"description": "Sakula C2 server",
"pattern": "[domain-name:value = 'www.we11point.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:13:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55c36bae-86fc-4d43-b495-45f4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:14:18.000Z",
"modified": "2015-08-06T14:14:18.000Z",
"first_observed": "2015-08-06T14:14:18Z",
"last_observed": "2015-08-06T14:14:18Z",
"number_observed": 1,
"object_refs": [
"domain-name--55c36bae-86fc-4d43-b495-45f4950d210b"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--55c36bae-86fc-4d43-b495-45f4950d210b",
"value": "extcitrix.we11point.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55c36bae-daf0-45bf-a6ea-4c8d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:14:18.000Z",
"modified": "2015-08-06T14:14:18.000Z",
"first_observed": "2015-08-06T14:14:18Z",
"last_observed": "2015-08-06T14:14:18Z",
"number_observed": 1,
"object_refs": [
"domain-name--55c36bae-daf0-45bf-a6ea-4c8d950d210b"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--55c36bae-daf0-45bf-a6ea-4c8d950d210b",
"value": "sharepoint-vaeit.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55c36baf-7910-4850-980b-4d5b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:14:18.000Z",
"modified": "2015-08-06T14:14:18.000Z",
"first_observed": "2015-08-06T14:14:18Z",
"last_observed": "2015-08-06T14:14:18Z",
"number_observed": 1,
"object_refs": [
"domain-name--55c36baf-7910-4850-980b-4d5b950d210b"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--55c36baf-7910-4850-980b-4d5b950d210b",
"value": "www.qzbwcq.com"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf5-04a8-4f73-8b23-405a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:17.000Z",
"modified": "2015-08-06T14:15:17.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '031832adb059c8a30bf06e3036813a05']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf5-bbf8-4fb8-8c06-4da4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:17.000Z",
"modified": "2015-08-06T14:15:17.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '034b2d2c7b1b6812d242771fbc382183']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf5-3b90-4cc1-aea4-48c9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:17.000Z",
"modified": "2015-08-06T14:15:17.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '04f17c37259533e301b01a8c64e476e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf6-6fe4-4735-a5f9-478c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:18.000Z",
"modified": "2015-08-06T14:15:18.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '065aa01311ca8f3e0016d8ae546d30a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf6-cdb8-441f-a7fd-40c8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:18.000Z",
"modified": "2015-08-06T14:15:18.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '07af666d2117296a7814c86839ee2ae0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf6-7e98-4fab-8377-492c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:18.000Z",
"modified": "2015-08-06T14:15:18.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '0a8a4cfa745b6350bea1b47f5754595e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf6-d184-48f9-be37-4846950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:18.000Z",
"modified": "2015-08-06T14:15:18.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '0ae8ace203031f32e9b1ac5696c0c070']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf6-985c-4591-af91-405b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:18.000Z",
"modified": "2015-08-06T14:15:18.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '0b6a0ca44e47609910d978ffb1ee49c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf7-7868-4b85-baa9-4147950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:19.000Z",
"modified": "2015-08-06T14:15:19.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '0c693b4ee77c1ebb646334ce28331d5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf7-bce8-447b-8cdc-4be4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:19.000Z",
"modified": "2015-08-06T14:15:19.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '0db52e612d904f4d4212beee4bd5c35c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf7-8acc-442c-a736-408a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:19.000Z",
"modified": "2015-08-06T14:15:19.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '0e5d1b941dcb597eb9b7dc1f0694c65f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf7-5a38-42bd-b5e8-4975950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:19.000Z",
"modified": "2015-08-06T14:15:19.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '0f218e73da96af2939e75ebea7c958dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf7-1a60-45e0-b4fb-479b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:19.000Z",
"modified": "2015-08-06T14:15:19.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '0ff96f4dbfe8aa9c49b489218d862cd7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf7-a154-42d6-88d2-44b1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:19.000Z",
"modified": "2015-08-06T14:15:19.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1098e66986134d71d4a8dd07301640b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf8-e868-499b-b12d-4f2a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:20.000Z",
"modified": "2015-08-06T14:15:20.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '124089995494be38d866de08c12f99ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf8-89a0-4468-9177-4220950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:20.000Z",
"modified": "2015-08-06T14:15:20.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1240fbbabd76110a8fc29803e0c3ccfb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf8-86d0-44c7-a748-4110950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:20.000Z",
"modified": "2015-08-06T14:15:20.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '127cd711193603b4725094dac1bd26f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf8-bbc4-4bf0-a437-462e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:20.000Z",
"modified": "2015-08-06T14:15:20.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1377e513f872a062c6377d1e240225a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf8-6794-4b1e-8ea6-4d26950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:20.000Z",
"modified": "2015-08-06T14:15:20.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '13e99782f29efa20a2753ac00d1c05a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf9-9f38-40a7-bdb6-4f58950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:21.000Z",
"modified": "2015-08-06T14:15:21.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '15ccb0918411b859bab268195957c731']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf9-e580-4afb-84b4-48df950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:21.000Z",
"modified": "2015-08-06T14:15:21.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1893cf1d00980926f87c294c786892d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf9-b6e8-4aa1-8da3-41e7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:21.000Z",
"modified": "2015-08-06T14:15:21.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '191696982f3f21a6ac31bf3549c94108']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf9-2860-4282-b361-45be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:21.000Z",
"modified": "2015-08-06T14:15:21.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '194f79e5f043efecb5707ebc4f9d0573']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bf9-d944-4ff9-b8a8-4924950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:21.000Z",
"modified": "2015-08-06T14:15:21.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1a6c43b693bb49dad5fe1637b02da2c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfa-ffd0-4a13-8454-4886950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:22.000Z",
"modified": "2015-08-06T14:15:22.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1ab782431ed9948bf68196e1aa27cbc9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfa-b0e0-4a89-be39-4b57950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:22.000Z",
"modified": "2015-08-06T14:15:22.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1affacbe9e5889d2e1b7045a828c7252']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfa-f99c-4276-8a31-417d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:22.000Z",
"modified": "2015-08-06T14:15:22.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1de5db7cef81645f3f0e7aabdb7551a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfa-68fc-4064-a995-42e5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:22.000Z",
"modified": "2015-08-06T14:15:22.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '205c9b07c449a9c270aabe923123c0c1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfa-8ba0-460a-90e6-4805950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:22.000Z",
"modified": "2015-08-06T14:15:22.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '230d4212692c867219aba739c57f0792']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfb-2248-4d83-88cd-4bb0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:23.000Z",
"modified": "2015-08-06T14:15:23.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '2567d2bbcce5c8e7dcabcd2c1db2a98a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfb-1e2c-431e-854a-4929950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:23.000Z",
"modified": "2015-08-06T14:15:23.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '259ea5f6f3f1209de99d6eb27a301cb7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfb-b6fc-4075-b4d0-4223950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:23.000Z",
"modified": "2015-08-06T14:15:23.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '2798fa07d5708f7be69ba525e5452d13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfb-ce94-4a2b-8e85-44c8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:23.000Z",
"modified": "2015-08-06T14:15:23.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '28771cb939b989e2ab898408ccaf5504']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfb-5644-43f0-b37f-4bc7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:23.000Z",
"modified": "2015-08-06T14:15:23.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '2d619b2c648d095fa2fb2e0864dbc7c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfb-7a7c-4bf4-b4d4-4887950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:23.000Z",
"modified": "2015-08-06T14:15:23.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '2ffea14b33b78f2e2c92aead708a487a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfc-b4f0-4dbc-bea2-4a31950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:24.000Z",
"modified": "2015-08-06T14:15:24.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '34db8fb5635c7f0f76a07808b35c8e55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfc-0b70-4e27-bf41-486d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:24.000Z",
"modified": "2015-08-06T14:15:24.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '352411e5288b2c6ea5571a2838c8f7f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfc-13c8-46a8-b8f8-4959950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:24.000Z",
"modified": "2015-08-06T14:15:24.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '360273db9ac67e1531257323324d9f62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfc-271c-4339-8f6b-4b91950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:24.000Z",
"modified": "2015-08-06T14:15:24.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '3759833848a8cd424bf973d66e983e91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfc-1f2c-485d-803e-46e8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:24.000Z",
"modified": "2015-08-06T14:15:24.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '379d4a0f24bb56569d6139946b7ccf88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfd-1320-4d32-ad03-4558950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:25.000Z",
"modified": "2015-08-06T14:15:25.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '388a7ae6963fd4da3ec0a4371738f4e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfd-2848-46f5-a1df-430d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:25.000Z",
"modified": "2015-08-06T14:15:25.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '391c01bdbeb5975c85cee0099adb132c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfd-f780-41b7-9fa0-48b6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:25.000Z",
"modified": "2015-08-06T14:15:25.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '3b70ab484857b6e96e62e239c937dea6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfd-dda8-4737-b4cc-4fe3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:25.000Z",
"modified": "2015-08-06T14:15:25.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '3cd598e8e2fd033134d8784251eff59e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfd-374c-41d0-9d27-4b4a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:25.000Z",
"modified": "2015-08-06T14:15:25.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '3ce08f804c5986856a85e16a4e211334']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfe-3b00-4b7e-8669-402d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:26.000Z",
"modified": "2015-08-06T14:15:26.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '3e0016d728b979b7f8fd77a2738047eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfe-4dd4-4762-8137-4a43950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:26.000Z",
"modified": "2015-08-06T14:15:26.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '3fc6405499c25964dfe5d37ee0613a59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfe-c0dc-456a-96a4-474b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:26.000Z",
"modified": "2015-08-06T14:15:26.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '41093a982526c6dc7dbcf4f63814d428']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfe-22bc-4fc3-abc6-4dd2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:26.000Z",
"modified": "2015-08-06T14:15:26.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '419ce8f53d5585abd144e9e76113639d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfe-4ec4-47bf-8f38-43e4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:26.000Z",
"modified": "2015-08-06T14:15:26.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '4297e98e6d7ea326dee3d13e53aa8d70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bfe-dadc-4e57-9527-4387950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:26.000Z",
"modified": "2015-08-06T14:15:26.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '42d3e38db9f1d26f82ef47f0a0ec0499']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bff-480c-4f65-8052-4e69950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:27.000Z",
"modified": "2015-08-06T14:15:27.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '4315274a5eda74cd81a5ec44980876e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bff-4c74-4358-8115-40c9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:27.000Z",
"modified": "2015-08-06T14:15:27.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '442f10bfc2a02831b6a733d6c01b0c59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bff-57e0-41f8-a98d-4474950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:27.000Z",
"modified": "2015-08-06T14:15:27.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '45468c2450e6451cf63d2b9b2b70c632']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bff-41c4-4349-9d76-41a3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:27.000Z",
"modified": "2015-08-06T14:15:27.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '4a6f45ff62e9ab9fe48f1b91b31d110e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36bff-86ac-42e2-bad6-43a9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:27.000Z",
"modified": "2015-08-06T14:15:27.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '4c15781cb47d4a7604788e188fc722de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c00-d578-4099-832f-4bf6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:28.000Z",
"modified": "2015-08-06T14:15:28.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '4dc526eb9d04f022df9fa2518854bbb4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c00-36c8-4feb-99c4-44aa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:28.000Z",
"modified": "2015-08-06T14:15:28.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '4e239b731a0f1dbf26b503d5e2a81514']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c00-6ab4-4b4f-9e3c-4358950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:28.000Z",
"modified": "2015-08-06T14:15:28.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '5382efbecccf8227c7adc443e229542f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c00-8de0-4b0f-936a-4c19950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:28.000Z",
"modified": "2015-08-06T14:15:28.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '5482deee917c374bab43dd83a4a6c722']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c00-5658-4907-b9fe-426e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:28.000Z",
"modified": "2015-08-06T14:15:28.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '586c418bf947a0ef73afd2a7009c4439']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c00-1360-4a06-8e48-48d2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:28.000Z",
"modified": "2015-08-06T14:15:28.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '5b27234b7f28316303351ea8bcfaa740']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c01-a298-4412-97ad-4f9f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:29.000Z",
"modified": "2015-08-06T14:15:29.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '5d04457e3d4026a82ac3ec9b1c0819ec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c01-5d24-43d1-9880-41cf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:29.000Z",
"modified": "2015-08-06T14:15:29.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '5dbdc2839e3f5c2dd35f3def42002663']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c01-e654-4220-a1f7-4755950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:29.000Z",
"modified": "2015-08-06T14:15:29.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '5e1c170d96b0faea3a1281d182c29e02']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c01-8244-4199-8ab6-4339950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:29.000Z",
"modified": "2015-08-06T14:15:29.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '606b9759de1aa61a76cf4afa4ccf8601']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c01-0f54-4b08-b306-45a8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:29.000Z",
"modified": "2015-08-06T14:15:29.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '61fe6f4cb2c54511f0804b1417ab3bd2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c02-1820-4f50-98ca-49dd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:30.000Z",
"modified": "2015-08-06T14:15:30.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '63ae83244a8d7ca1eef4e834eb0eb07f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c02-0d90-4559-9df2-4899950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:30.000Z",
"modified": "2015-08-06T14:15:30.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '63c0978e2fa715a3cad6fb3068f70961']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c02-f7c8-4c05-a570-46dc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:30.000Z",
"modified": "2015-08-06T14:15:30.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '64201ec97467910e74f40140c4aaa5ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c02-0d74-45cc-a563-4c7b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:30.000Z",
"modified": "2015-08-06T14:15:30.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '67112866e800b9dce2892cf827444d60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c02-866c-4ba6-aecf-45f2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:30.000Z",
"modified": "2015-08-06T14:15:30.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '67fceab90a142e1e286bca0922dbffd3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c03-f674-4b71-8b76-44cb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:31.000Z",
"modified": "2015-08-06T14:15:31.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '68e13422b9a5d280f4a19235d8bf7da5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c03-e048-4f3f-ba34-4ebc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:31.000Z",
"modified": "2015-08-06T14:15:31.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '6a2ea24ed959ef96d270af5cdc2f70a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c03-3a54-424a-8002-4256950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:31.000Z",
"modified": "2015-08-06T14:15:31.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '6bd7fb8f4565866ff032f236f0a29ee2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c03-5f24-40ef-80cf-4ae2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:31.000Z",
"modified": "2015-08-06T14:15:31.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '6ccb6d1b964f115f8c7215c6ab67b1cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c03-4938-4a56-b62c-4c69950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:31.000Z",
"modified": "2015-08-06T14:15:31.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '74eb66027ac6fa5a59632383e09915e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c03-b4f0-4c52-82bd-4f00950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:31.000Z",
"modified": "2015-08-06T14:15:31.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '81d74b0e9560f2bf780f12893d885f41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c03-0d50-4eba-a5cd-4c61950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:31.000Z",
"modified": "2015-08-06T14:15:31.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '848fcb062218ae3162d07665874429a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c04-74ac-4627-8f26-4fff950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:32.000Z",
"modified": "2015-08-06T14:15:32.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '8506064925a774a8d11d9fac374eb86a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c04-d9a4-4bf7-a097-4a95950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:32.000Z",
"modified": "2015-08-06T14:15:32.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '8542cf0d32b7c711d92089a7d442333e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c04-3348-4357-a1a1-4a2c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:32.000Z",
"modified": "2015-08-06T14:15:32.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '8a45ea989807636cc685b81effc60d96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c04-4b38-4e09-a5fb-474f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:32.000Z",
"modified": "2015-08-06T14:15:32.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '8ee244ad6b6f2b814d34d26dae880f12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c04-b960-40fa-8fd8-4f42950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:32.000Z",
"modified": "2015-08-06T14:15:32.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '8f523f7fc73e52d54bb4e94dc44768b0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c04-a9b4-48f9-a30f-40b0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:32.000Z",
"modified": "2015-08-06T14:15:32.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '91569c57fc342161c479603f3b527c1d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c05-f92c-4358-9fc5-47fa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:33.000Z",
"modified": "2015-08-06T14:15:33.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '928579b6fd1162c3831075a7a78e3f47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c05-b818-46f4-a375-4dd7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:33.000Z",
"modified": "2015-08-06T14:15:33.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '96fab28f1539f3909a255436bc269062']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c05-3cc8-4584-9128-40dc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:33.000Z",
"modified": "2015-08-06T14:15:33.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '9e45ad7f3f3354ff99b979b9dfe54248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c05-6394-4216-a078-4824950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:33.000Z",
"modified": "2015-08-06T14:15:33.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '9f38fbcc039e0b42e56eb79315a39ee9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c05-c610-48d8-9f1e-4166950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:33.000Z",
"modified": "2015-08-06T14:15:33.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a00a19c85c42cb49ad48c0be349daec0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c05-11c4-4db4-a392-41eb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:33.000Z",
"modified": "2015-08-06T14:15:33.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a00e275feb97b55776c186579d17a218']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c06-94d4-4fbc-80d5-4cf5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:34.000Z",
"modified": "2015-08-06T14:15:34.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a034a674b439d9b3d3ad1718bc0c6bb0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c06-0f20-4f69-88e8-4e56950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:34.000Z",
"modified": "2015-08-06T14:15:34.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a05fb3920fe3842623f55df712914916']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c06-31ec-4ce9-8675-4751950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:34.000Z",
"modified": "2015-08-06T14:15:34.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a068bf4b31738a08ed06924c7bf37223']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c06-1158-4c1d-9006-417e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:34.000Z",
"modified": "2015-08-06T14:15:34.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a104ab14c9a1d425a0e959f046c97f29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c06-53c4-45d9-ab63-4316950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:34.000Z",
"modified": "2015-08-06T14:15:34.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a2030658767635894abdb3742db5e279']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c06-f110-462c-96b7-443c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:34.000Z",
"modified": "2015-08-06T14:15:34.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a225ee8669c52540b5056fd848f1e267']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c07-6360-461c-b15f-45bf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:35.000Z",
"modified": "2015-08-06T14:15:35.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a2bdb2aaf4d8eacbbb634476f553455b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c07-d76c-4f19-896e-40a6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:35.000Z",
"modified": "2015-08-06T14:15:35.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a33c6daba951f7c9a30d69b5e1e58af9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c07-7f30-4c17-bf04-4fb8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:35.000Z",
"modified": "2015-08-06T14:15:35.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a39729153ceaeaf9b3aded9a28d0e4dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c07-44f0-4c01-ad64-4cb7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:35.000Z",
"modified": "2015-08-06T14:15:35.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a53782f0790258d7ae1c9330b4106976']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c07-8a50-49d2-8877-4d8c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:35.000Z",
"modified": "2015-08-06T14:15:35.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a548d3dedd85683930d9732ed0316ec0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c07-5bf0-4981-a5ba-4d71950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:35.000Z",
"modified": "2015-08-06T14:15:35.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a700db7a97eceea15d5f43d1376a6f09']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c07-513c-40bb-af2d-4362950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:35.000Z",
"modified": "2015-08-06T14:15:35.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a759b73716bdc406b9a20ebef394bc6d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c08-2724-4da6-91e0-43d9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:36.000Z",
"modified": "2015-08-06T14:15:36.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a7e467e16834e80a5713e0d6bb73def5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c08-5068-45b3-8aa0-47a7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:36.000Z",
"modified": "2015-08-06T14:15:36.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'ab557f2197647aa3fb7be3de8770a109']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c08-be98-4677-ae12-48e2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:36.000Z",
"modified": "2015-08-06T14:15:36.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'aca2756917024c859d1f13ca1cdcb843']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c08-0b68-4af9-ab7d-4b9c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:36.000Z",
"modified": "2015-08-06T14:15:36.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'ae6f33f6cdc25dc4bda24b2bccff79fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c08-7a20-4b8f-9c5d-47ae950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:36.000Z",
"modified": "2015-08-06T14:15:36.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'aec367555524a71efcc60f45e476c678']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c08-43b0-4505-a02d-4976950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:36.000Z",
"modified": "2015-08-06T14:15:36.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b011a616da408875bd0d39cebf11dd1d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c09-7354-4204-8101-40fa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:37.000Z",
"modified": "2015-08-06T14:15:37.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b297c84e2cdeacdbae86cbf707fc7540']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c09-1708-4975-8653-42ae950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:37.000Z",
"modified": "2015-08-06T14:15:37.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b2d900e2803dd0bcd5e85b64e24c7910']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c09-d0d0-4ae8-868d-4266950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:37.000Z",
"modified": "2015-08-06T14:15:37.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b42417f49dd3aa2d31449fdf06769ca0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c09-6020-4df3-b660-4250950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:37.000Z",
"modified": "2015-08-06T14:15:37.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b4958424c5db8b0eca61ce836b81d192']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c09-a398-4cc6-a508-411b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:37.000Z",
"modified": "2015-08-06T14:15:37.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b4e24a4edba2d2644877cfc933973228']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c09-5870-4c06-98c0-40da950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:37.000Z",
"modified": "2015-08-06T14:15:37.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b6d9a58bacb8a92e428f7d70532cb33e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0a-b62c-43d8-91bd-49dc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:38.000Z",
"modified": "2015-08-06T14:15:38.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b79be0503606ee3e2ce243e497265dbb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0a-04c8-4ba6-9d0b-42d4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:38.000Z",
"modified": "2015-08-06T14:15:38.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b7bd80dd344af7649b4fd6e9b7b5fd5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0a-9158-4364-9ba7-41ae950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:38.000Z",
"modified": "2015-08-06T14:15:38.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b7e3f853e98ea9db74bf3429803f7a4b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0a-f2b4-477d-9a4c-4769950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:38.000Z",
"modified": "2015-08-06T14:15:38.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b8006fde97a095b2c86f8b0a06b7d24f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0a-da78-4675-b384-470e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:38.000Z",
"modified": "2015-08-06T14:15:38.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b83fed01e49300d45afadc61a5e5cf50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0a-11b0-45f4-8727-465a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:38.000Z",
"modified": "2015-08-06T14:15:38.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'bb4bb0d7a794f31129cdb55025ea847b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0b-538c-467b-9d95-49e0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:39.000Z",
"modified": "2015-08-06T14:15:39.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'bc74a557e91597d8b37ed357c367643e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0b-fe84-4dd3-a56b-4d4a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:39.000Z",
"modified": "2015-08-06T14:15:39.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'bccaa2ea0cf2c8ef597c84726c5417d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0b-b91c-44b4-bad6-423a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:39.000Z",
"modified": "2015-08-06T14:15:39.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'bddb68ea6c732613bc4a31503eac3297']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0b-0b68-41af-a002-43a0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:39.000Z",
"modified": "2015-08-06T14:15:39.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'beb174ca92c75c8ef4dc4ee24afeabeb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0b-5efc-450c-a0bf-4c6a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:39.000Z",
"modified": "2015-08-06T14:15:39.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c0e37ffac09a426c5a74167d0e714177']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0b-d4c8-481f-91b6-41fd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:39.000Z",
"modified": "2015-08-06T14:15:39.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c1f09f902a24b5132be481d477b92e5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0b-83b4-4e2e-8f4f-41bf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:39.000Z",
"modified": "2015-08-06T14:15:39.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c2b7bf8a30ac6672d9eb81582bd32a4a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0c-c690-48fb-a5a9-43f6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:40.000Z",
"modified": "2015-08-06T14:15:40.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c35300af4a2b23c1a7d6435c6d4cb987']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0c-693c-451a-8e4c-47b3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:40.000Z",
"modified": "2015-08-06T14:15:40.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c43d74b85001f622aad61e9da5744b52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0c-8804-4ba6-8a88-4f7f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:40.000Z",
"modified": "2015-08-06T14:15:40.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c4f541ab592c8fca4d66235eb2b8eeb2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0c-9ef4-4676-b908-4ebf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:40.000Z",
"modified": "2015-08-06T14:15:40.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c5e90ead14dc49449fa37a2869a45842']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0c-d988-49ad-adb3-4fec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:40.000Z",
"modified": "2015-08-06T14:15:40.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c72fb5b8de6ee95ff509b161fe9828f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0c-72f8-404b-831b-43a2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:40.000Z",
"modified": "2015-08-06T14:15:40.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c823946a7490b8fc5ee29be583f39d23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0d-d12c-44ec-a9e1-4549950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:41.000Z",
"modified": "2015-08-06T14:15:41.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c83500ea6e0c9844ad2e21badb64bb23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0d-f1d4-43f7-80e3-48e4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:41.000Z",
"modified": "2015-08-06T14:15:41.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c8fa5701a43cd817b30327e44dc70369']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0d-3e34-4dd6-b7c8-4cd5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:41.000Z",
"modified": "2015-08-06T14:15:41.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'ca9e06c0679586d2ff3ff7e3416c8b87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0d-9f50-44ac-9e62-41a7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:41.000Z",
"modified": "2015-08-06T14:15:41.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'cb56b1fc08451d1f56481a29bd1047e9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0d-fc28-4008-a47c-4c5a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:41.000Z",
"modified": "2015-08-06T14:15:41.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'cc15a9109b41297f65a7349920f42c09']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0d-73d4-4c7c-bb5c-49ad950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:41.000Z",
"modified": "2015-08-06T14:15:41.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'ce09e671c124f1111fe5f2bde1267a63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0e-4154-4767-a1b3-4ef9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:42.000Z",
"modified": "2015-08-06T14:15:42.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'cec76eec323613641dce1a261ca9a850']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0e-508c-46d4-81aa-4afc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:42.000Z",
"modified": "2015-08-06T14:15:42.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'd00b3169f45e74bb22a1cd684341b14a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0e-3df8-4791-b6cd-4cde950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:42.000Z",
"modified": "2015-08-06T14:15:42.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'd690ba5dbb873c469cfdaf44fe2bd67f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0e-9b14-474f-8b3b-4895950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:42.000Z",
"modified": "2015-08-06T14:15:42.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'd86a4148bd34d78b808fdee7f936f1af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0e-5488-48ae-90ea-40bd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:42.000Z",
"modified": "2015-08-06T14:15:42.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'd87ce47e24ee426d8ac271873b041d50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0e-d7d0-4ff2-843c-474b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:42.000Z",
"modified": "2015-08-06T14:15:42.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'd8b496c4837b80952c52e1375c31648c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0e-ff40-427c-9d9c-4fbd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:42.000Z",
"modified": "2015-08-06T14:15:42.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'dda9f3b2d5e70e70be1be7e4195b7016']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0f-ba10-40e7-b875-45ad950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:43.000Z",
"modified": "2015-08-06T14:15:43.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'df689186b50384026382d5179841abec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0f-7b8c-43b6-a107-47d8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:43.000Z",
"modified": "2015-08-06T14:15:43.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'e2c32ed6b9cd40cb87569b769db669b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0f-8ee0-447f-a450-420b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:43.000Z",
"modified": "2015-08-06T14:15:43.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'e595292b1cdaea69ef365097a36195ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0f-1fa8-4d6e-9947-4309950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:43.000Z",
"modified": "2015-08-06T14:15:43.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'e604176c2638fdf015d6a346803ed6f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0f-bec0-404a-9f02-4fe8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:43.000Z",
"modified": "2015-08-06T14:15:43.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'e66164b4967cf7b3cdb3c1c510abe957']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c0f-71f8-4f74-ad32-46cd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:43.000Z",
"modified": "2015-08-06T14:15:43.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'e7113c872386edd441e7030d185238ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c10-7c6c-4e06-87af-400b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:44.000Z",
"modified": "2015-08-06T14:15:44.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'e9115f553ac156542dcd38042f45ec68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c10-6dd0-4451-9565-4e79950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:44.000Z",
"modified": "2015-08-06T14:15:44.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'e9181ef132fec9e560822551a093bb5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c10-1614-41be-ae07-4e61950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:44.000Z",
"modified": "2015-08-06T14:15:44.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'f0082c886bc04fafe4a2615d75c2eaeb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c10-34e4-4318-ab5b-4192950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:44.000Z",
"modified": "2015-08-06T14:15:44.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'f06b0ee07daa7f914dec27f98a6d8850']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c10-ce68-417b-88d0-4e49950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:44.000Z",
"modified": "2015-08-06T14:15:44.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'f2d59757a9795531796df91097d5fa2b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c10-3320-4e95-9330-4d28950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:44.000Z",
"modified": "2015-08-06T14:15:44.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'f47afcbc291cbc108112c110de77dbb1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c11-a9b4-46d8-9556-4db5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:45.000Z",
"modified": "2015-08-06T14:15:45.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'f583a1fdb3c8be409e2118795ad916ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c11-5e1c-4485-94df-4985950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:45.000Z",
"modified": "2015-08-06T14:15:45.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'f60f94d257ad5d781595b6c909844422']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c11-12d8-446b-9f88-45ad950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:45.000Z",
"modified": "2015-08-06T14:15:45.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'fbb2db8a78645f0a2e0f34316f119144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c11-07ac-49c7-922e-46e7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:45.000Z",
"modified": "2015-08-06T14:15:45.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'fbd85dad36fe13d46eaca7d7f2d50b0b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c11-d854-4140-bf70-4453950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:45.000Z",
"modified": "2015-08-06T14:15:45.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'fc52814e8eb48aca6b87fa43656cbf42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c11-f8bc-44ba-bfc0-4e9f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:45.000Z",
"modified": "2015-08-06T14:15:45.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'fe74dc43af839146f64ec7bea752c4f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c11-60e8-400f-82b6-4d82950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:45.000Z",
"modified": "2015-08-06T14:15:45.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'fedf54586ebd00684e20712ad7eb9189']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c12-4ef8-4fac-9d85-4c74950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:46.000Z",
"modified": "2015-08-06T14:15:46.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '019a5f531f324d5528ccc09faa617f42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c12-250c-4b68-975b-4a79950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:46.000Z",
"modified": "2015-08-06T14:15:46.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '01c45a203526978a7d8d0457594fafbf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c12-017c-4051-8e88-44a8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:46.000Z",
"modified": "2015-08-06T14:15:46.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '023ef99bc3c84b8df3f837454c0e1629']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c12-e830-422e-865a-4657950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:46.000Z",
"modified": "2015-08-06T14:15:46.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '0334b1043c62d48525a29aeb95afcb09']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c12-168c-4fe8-8d61-4ed0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:46.000Z",
"modified": "2015-08-06T14:15:46.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '04e8510007eea6bb009ab3b053f039db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c12-3120-456c-ac69-4b5d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:46.000Z",
"modified": "2015-08-06T14:15:46.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '05cd4bfeac3ad6144b5f5023277afa45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c13-077c-4ae6-9e34-4c80950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:47.000Z",
"modified": "2015-08-06T14:15:47.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '06ec79f67ad8ede9a3bd0810d88e3539']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c13-e944-45b8-9d07-4393950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:47.000Z",
"modified": "2015-08-06T14:15:47.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '07b678ed364b23688b02a13727166a45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c13-c844-4e5c-ae86-4ad5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:47.000Z",
"modified": "2015-08-06T14:15:47.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '0a2c6265a65a25e9bef80f55cdd62229']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c13-57f8-4af6-ab93-4a98950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:47.000Z",
"modified": "2015-08-06T14:15:47.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '0d0f5c0416247bb1dd6e0e2be1114b67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c13-98f0-49bc-905b-4602950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:47.000Z",
"modified": "2015-08-06T14:15:47.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1077a39788e88dbf07c0b6ef3f143fd4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c13-6e50-4156-bca2-47ec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:47.000Z",
"modified": "2015-08-06T14:15:47.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '116dbfd8f5b6c5a5522d3b83a3821268']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c14-0fd8-4707-a1b5-491e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:48.000Z",
"modified": "2015-08-06T14:15:48.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '121320414d091508ac397044495d0d9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c14-fca4-4f9f-899e-4d9f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:48.000Z",
"modified": "2015-08-06T14:15:48.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1371181a6e6852f52374b4515aaa026a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c14-d124-43d0-b7a4-4e1f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:48.000Z",
"modified": "2015-08-06T14:15:48.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1472fffe307ad13669420021f9a2c722']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c14-bcec-4605-8d1e-4d35950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:48.000Z",
"modified": "2015-08-06T14:15:48.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1856a6a28621f241698e4e4287cba7c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c14-05d0-487e-b4cc-47a6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:48.000Z",
"modified": "2015-08-06T14:15:48.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1b826fa3fd70a529623ed1267944cee5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c14-98f8-4af6-b40d-4993950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:48.000Z",
"modified": "2015-08-06T14:15:48.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1bb0fb051cf5ba8772ad8a21616f1edb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c15-9bb4-4125-a86c-45ce950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:49.000Z",
"modified": "2015-08-06T14:15:49.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '1ff57a7aa2aa92698356f6c157290a28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c15-71b8-45fd-ab2d-4a6d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:49.000Z",
"modified": "2015-08-06T14:15:49.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '21131bce815f2cb1bc0eb1fbf00b3c25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c15-51e8-42a6-b7d8-4df4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:49.000Z",
"modified": "2015-08-06T14:15:49.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '21ee6c85f431c2aa085b91ac0c86d27f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c15-85f4-4586-b586-426a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:49.000Z",
"modified": "2015-08-06T14:15:49.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '23169a0a2eee3d12fde0f3efd2cd55f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c15-51d0-46e5-991f-4d36950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:49.000Z",
"modified": "2015-08-06T14:15:49.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '231d0bfe48388082f5769f3deef5bcab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c15-6238-4a1b-8724-4bbb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:49.000Z",
"modified": "2015-08-06T14:15:49.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '2414d83e97cb4c442b5594c6fbafe045']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c15-4938-4520-a98d-48a1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:49.000Z",
"modified": "2015-08-06T14:15:49.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '260349f5343244c439b211d9f9ff53cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c16-36b4-4207-9bd6-4608950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:50.000Z",
"modified": "2015-08-06T14:15:50.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '276f06196001dcfa97a035509f0cd0aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c16-7004-45aa-842c-4763950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:50.000Z",
"modified": "2015-08-06T14:15:50.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '29bd6cfc21250dfa348597a21a4a012b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c16-51ac-4858-8f73-4408950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:50.000Z",
"modified": "2015-08-06T14:15:50.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '2adc305f890f51bd97edbece913abc33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c16-36e4-4401-8a4d-4354950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:50.000Z",
"modified": "2015-08-06T14:15:50.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '2ca3f59590a5aeab648f292bf19f4a5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c16-3b04-4ca1-86c2-4368950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:50.000Z",
"modified": "2015-08-06T14:15:50.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '2f23af251b8535e24614c11d706197c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c16-2e38-48cb-9e48-4f32950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:50.000Z",
"modified": "2015-08-06T14:15:50.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '2ff61b170821191c99d8b75bd01726f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c17-b62c-4d8d-a531-4fe4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:51.000Z",
"modified": "2015-08-06T14:15:51.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '33be8e41a8c3a9203829615ae26a5b6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c17-d7c4-4447-9e16-428e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:51.000Z",
"modified": "2015-08-06T14:15:51.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '34b7aa103deefbe906df59106683cc97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c17-57e8-4ee5-8782-43b1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:51.000Z",
"modified": "2015-08-06T14:15:51.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '3859b0ea4596d8f47677497d09bcc894']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c17-b480-4ec4-b5f7-4747950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:51.000Z",
"modified": "2015-08-06T14:15:51.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '3a1df1ec3ef499bb59f07845e7621155']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c17-cecc-42c8-9148-4019950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:51.000Z",
"modified": "2015-08-06T14:15:51.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '3edbc66089be594233391d4f34ec1f94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c17-123c-4f3d-bbc6-4b08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:51.000Z",
"modified": "2015-08-06T14:15:51.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '3ff30fce107a01d3d17a9768abe6e086']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c18-2e74-4d69-9cab-4f95950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:52.000Z",
"modified": "2015-08-06T14:15:52.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '416e598fb1ed9a7b6ce815a224015cb8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c18-6d70-4cf1-bdfb-404b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:52.000Z",
"modified": "2015-08-06T14:15:52.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '416e831d583665352fe16fe9232d36cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c18-6cdc-41b7-b411-4014950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:52.000Z",
"modified": "2015-08-06T14:15:52.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '421bff8f5dd218727283a2914424eccc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c18-e278-47c3-a090-4e19950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:52.000Z",
"modified": "2015-08-06T14:15:52.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '43e6a46d8789e1563e94ff17eff486d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c18-f5f4-4a6e-a0ed-4e7f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:52.000Z",
"modified": "2015-08-06T14:15:52.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '470e8dd406407b50483ce40de46660af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c18-14f0-4b99-a21a-446c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:52.000Z",
"modified": "2015-08-06T14:15:52.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '488c55d9a13c7fa8ee1aa0c15a43ab1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c19-02f4-42cc-be05-447a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:53.000Z",
"modified": "2015-08-06T14:15:53.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '492c59bddbcbe7cbd2f932655181fb08']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c19-8288-4c06-9d95-450a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:53.000Z",
"modified": "2015-08-06T14:15:53.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '4d8482da8730a886e4d21c5bfb7cd30e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c19-ac6c-428e-a20e-4101950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:53.000Z",
"modified": "2015-08-06T14:15:53.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '501db97a6b60512612909cfe959fbcd0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c19-41f8-44c0-a288-4a3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:53.000Z",
"modified": "2015-08-06T14:15:53.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '5496cff5e3bf46448c74fbe728763325']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c19-5a48-46c4-af6e-48d7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:53.000Z",
"modified": "2015-08-06T14:15:53.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '55daa4271973bb71ad4548225675e389']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c19-65c4-4211-ad27-46dd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:53.000Z",
"modified": "2015-08-06T14:15:53.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '567a33e09af45123678042e620f31769']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c19-a924-4dec-84b5-498d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:53.000Z",
"modified": "2015-08-06T14:15:53.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '5a843bc0b9f4525b1ee512e1eba95641']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1a-675c-42dd-b5e7-4a3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:54.000Z",
"modified": "2015-08-06T14:15:54.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '5a894c18c5cc153f80699145edd1c206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1a-6a9c-4dc8-a386-480b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:54.000Z",
"modified": "2015-08-06T14:15:54.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '5b76c68f9ca61bfd8a5bcbf2817a1437']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1a-a0f4-4050-a2e7-455c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:54.000Z",
"modified": "2015-08-06T14:15:54.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '5bb780344a601f4eff9ce0c55daf4361']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1a-d8f0-4f66-9683-4ab5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:54.000Z",
"modified": "2015-08-06T14:15:54.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '5eea7686abeba0affa7efce4da31f277']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1a-2f8c-4745-b24d-49ef950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:54.000Z",
"modified": "2015-08-06T14:15:54.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '5ff5916c9f7c593d1d589c97c571b45a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1a-355c-47eb-901d-48a3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:54.000Z",
"modified": "2015-08-06T14:15:54.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '617eda7bcba4e3d5acc17663bbc964b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1b-dde0-42cb-9c6f-47e4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:55.000Z",
"modified": "2015-08-06T14:15:55.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '62d4777dd8953743d26510f00b74f444']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1b-4f64-4522-90e0-48c9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:55.000Z",
"modified": "2015-08-06T14:15:55.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '62e82c46647d2d2fe946791b61b72a4d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1b-48d0-4de3-89e2-4a05950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:55.000Z",
"modified": "2015-08-06T14:15:55.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '638304bf859e7be2f0fa39a655fdaffc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1b-4954-4d59-9384-4525950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:55.000Z",
"modified": "2015-08-06T14:15:55.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '63f171705b28a05c84b67750b7e0ebf7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1b-cf70-4bda-b300-4e14950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:55.000Z",
"modified": "2015-08-06T14:15:55.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '69374e5bcb38a82ef60c97ec0569ded3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1b-7a90-4fd9-9d40-438c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:55.000Z",
"modified": "2015-08-06T14:15:55.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '6a273afa0f22d83f97d9fd2dc7dce367']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1c-48bc-470d-b4c3-4b7f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:56.000Z",
"modified": "2015-08-06T14:15:56.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '6a7b2feed82d8d1746ac78df5a429bce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1c-4bd4-4d12-82f7-499f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:56.000Z",
"modified": "2015-08-06T14:15:56.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '6bdf4e5b35b4cc5d3d519edc67086d7f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1c-6470-4333-9944-4900950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:56.000Z",
"modified": "2015-08-06T14:15:56.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '6c3523020a2ba0b7045060707d8833ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1c-cc78-4c3c-99f8-4c9f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:56.000Z",
"modified": "2015-08-06T14:15:56.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '6c4d61fedd83970cf48ef7fdd2a9871b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1c-cea4-49b3-82f8-465b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:56.000Z",
"modified": "2015-08-06T14:15:56.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '6d308fc42618812073481df1cd0452a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1c-3888-439a-a2d0-4839950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:56.000Z",
"modified": "2015-08-06T14:15:56.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '71bbd661a61e0fee1f248f303af06f3f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1d-72d0-4b37-b298-41ef950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:57.000Z",
"modified": "2015-08-06T14:15:57.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '7248d4b73d68cfc023d8d156c63f6b74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1d-3850-488b-a6f0-4f3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:57.000Z",
"modified": "2015-08-06T14:15:57.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '77a25486d425825986d2c6306a61f637']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1d-dfdc-46b3-abfd-4c78950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:57.000Z",
"modified": "2015-08-06T14:15:57.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '7d2c9936bff1e716b8758376cd09505d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1d-8040-4130-9e3d-4d0b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:57.000Z",
"modified": "2015-08-06T14:15:57.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '7ee7a9446d7cf886223274d809d375d6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1d-7e38-42fd-b096-4f4c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:57.000Z",
"modified": "2015-08-06T14:15:57.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '80eb86542ce7ad99acc53a9f85b01885']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1d-7afc-4a18-a883-453f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:57.000Z",
"modified": "2015-08-06T14:15:57.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '836a618341c6149e7c83e99755a7fd5f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1d-a140-47c2-bbbb-47b7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:57.000Z",
"modified": "2015-08-06T14:15:57.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '895dc0a3adfafce2a74d733ff2a8754e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1e-1268-442f-a76b-423b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:58.000Z",
"modified": "2015-08-06T14:15:58.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '8b3de46ecb113cd1ee2d9ec46527358f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1e-df30-4c13-a769-48bf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:58.000Z",
"modified": "2015-08-06T14:15:58.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '8b52cd1df70ef315bce38223ac7f4ec3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1e-d848-4c54-b01e-493f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:58.000Z",
"modified": "2015-08-06T14:15:58.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '8feb7d6eae0ab9c1900fb6d0b236201b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1e-0ffc-489d-bb4e-4a02950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:58.000Z",
"modified": "2015-08-06T14:15:58.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '90bc832fbaa6bbd7e4251c39473e5a4b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1e-ec08-4866-b9e5-4502950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:58.000Z",
"modified": "2015-08-06T14:15:58.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '930af711a1579f3e1326cdb6d0005398']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1e-2940-4d4a-83a6-4cc4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:58.000Z",
"modified": "2015-08-06T14:15:58.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '9526e4abcacc4e4a55fa1b2fc2313123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1f-f338-49bc-a1be-4b11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:59.000Z",
"modified": "2015-08-06T14:15:59.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '97479fa13d9b96da33cdb49749fc2baf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1f-fb34-4009-a8c9-416b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:59.000Z",
"modified": "2015-08-06T14:15:59.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '97a6e9e93bc591baf588bada61559d6a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1f-5530-4560-aa8f-499b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:59.000Z",
"modified": "2015-08-06T14:15:59.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '97fc2d9b514f3183ae7c800408e5c453']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1f-1c94-4a12-9988-4626950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:59.000Z",
"modified": "2015-08-06T14:15:59.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '985e819294cdc3b5561c5befa4bcbc5b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1f-99e4-4f36-a471-4925950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:59.000Z",
"modified": "2015-08-06T14:15:59.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '9c4db94cc3bdb9b5864bde553bff1224']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c1f-0864-4377-878d-44d3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:15:59.000Z",
"modified": "2015-08-06T14:15:59.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = '9cee5c49dcaad59ea0eea6e7b67c304c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:15:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c20-5638-4518-978b-43a6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:00.000Z",
"modified": "2015-08-06T14:16:00.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a006d31515bb2a54b5c3ddda8d66f24b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c20-8b2c-4799-bcb8-4909950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:00.000Z",
"modified": "2015-08-06T14:16:00.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a05bc6c5f63880b565941ac5c5933bfe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c20-15b0-4fa3-a7b3-43b9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:00.000Z",
"modified": "2015-08-06T14:16:00.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a1a15a9e82880e8fc881668c70126315']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c20-80e4-41cd-b95c-459c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:00.000Z",
"modified": "2015-08-06T14:16:00.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a39c424e6df5d10b74aa72fb3a120c0c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c20-3d6c-4b9b-8c3f-4352950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:00.000Z",
"modified": "2015-08-06T14:16:00.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a4856f40fd013b6144db8fe19625434b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c20-c3b4-4083-ac65-4348950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:00.000Z",
"modified": "2015-08-06T14:16:00.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a554e8867a076768e57e923a249f7a09']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c20-c274-4e33-9801-405f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:00.000Z",
"modified": "2015-08-06T14:16:00.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a81569d86c4a7bce2c446f169816a7ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c21-6aec-4a52-a816-4d3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:01.000Z",
"modified": "2015-08-06T14:16:01.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a90e38c3214eeba99aa46ad5e3ec34ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c21-8fa0-40cc-9fc0-4200950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:01.000Z",
"modified": "2015-08-06T14:16:01.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'a91ba2ab82553f43440ed24a9afeef82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c21-a2e8-45bd-b303-4cd4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:01.000Z",
"modified": "2015-08-06T14:16:01.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'ab357c26a2ed7379b62dd1cc869690b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c21-fdc4-4faf-99e3-44a7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:01.000Z",
"modified": "2015-08-06T14:16:01.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'ab8badbf16a0cd7013197977f8b667e9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c21-b628-415b-8d07-483f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:01.000Z",
"modified": "2015-08-06T14:16:01.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'ab91b9e35d2b1e56285c042eef95d324']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c21-964c-473b-ae22-443b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:01.000Z",
"modified": "2015-08-06T14:16:01.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'ae55d7b5c3d3bc7ed338d40ada25902f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c22-96a8-4298-9789-4a1d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:02.000Z",
"modified": "2015-08-06T14:16:02.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'aeed29398ceb645213cf639a9f80367c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c22-bc3c-4e6a-aa3c-4d1a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:02.000Z",
"modified": "2015-08-06T14:16:02.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'af114e711259964b1db0235e9b39a476']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c22-ffc4-464c-8634-41ff950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:02.000Z",
"modified": "2015-08-06T14:16:02.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'af661cb478510d1d00dfdf1f2de4e817']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c22-7934-4616-9467-424a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:02.000Z",
"modified": "2015-08-06T14:16:02.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b31e97c9740d8e95e56a5957777830d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c22-ac10-450f-b0ba-4e82950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:02.000Z",
"modified": "2015-08-06T14:16:02.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b38c4766ec0c5fb9b9e70af0b7414e78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c22-f0ac-4f84-b361-4ce8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:02.000Z",
"modified": "2015-08-06T14:16:02.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b6b3e7b18384bb632602662a7f559bcd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c23-57a8-44db-9133-47c1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:03.000Z",
"modified": "2015-08-06T14:16:03.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'b8346b4a5f8b4a6d79814f9824940504']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c23-9638-442c-8063-44a0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:03.000Z",
"modified": "2015-08-06T14:16:03.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'ba5415f34927a356d4aaffb4bd7fe907']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c23-9e84-4fbf-83e2-4edf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:03.000Z",
"modified": "2015-08-06T14:16:03.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'bb57362757182b928d66d4963104ffe8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c23-d10c-45ba-9f4f-4b65950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:03.000Z",
"modified": "2015-08-06T14:16:03.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'bd48ca50da3b76aa497f28d842954c12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c23-16ec-4837-a6a2-4d0d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:03.000Z",
"modified": "2015-08-06T14:16:03.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'bdb6a8a95e5af85d8b36d73ba33ec691']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c23-eee8-43ae-9a23-4345950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:03.000Z",
"modified": "2015-08-06T14:16:03.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'bf35690e72a3fbd66ff721bd14a6599e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c24-7d8c-4a48-a355-4bf7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:04.000Z",
"modified": "2015-08-06T14:16:04.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c5933a7ca469e98f7799c3ab52a1bc3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c24-8f24-4818-a0f1-49cb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:04.000Z",
"modified": "2015-08-06T14:16:04.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c66b335fb606b542206b5a321beb2a76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c24-2f90-4c5d-a4b8-4b8b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:04.000Z",
"modified": "2015-08-06T14:16:04.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c6d1954b58a17bd203e7b6be9d5047d8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c24-5040-47ee-8874-4e0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:04.000Z",
"modified": "2015-08-06T14:16:04.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'c6eab24761a223e6c6f1a9d15ecca08a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c24-f574-449b-8241-4e76950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:04.000Z",
"modified": "2015-08-06T14:16:04.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'cd1c95aa6f45101735d444aeb447225c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c24-f2f8-4702-a051-4a79950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:04.000Z",
"modified": "2015-08-06T14:16:04.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'cfd1eb4ccdeea554d8cffa17021ffbfa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c25-deb8-48b1-89d4-4152950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:05.000Z",
"modified": "2015-08-06T14:16:05.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'd1f0ff695021aed31ada3397ad1f491e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c25-fca4-4690-b678-45ad950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:05.000Z",
"modified": "2015-08-06T14:16:05.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'd2a27b9acb8dc9a9adbde76d2a10a189']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c25-61b0-43b1-a104-42ec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:05.000Z",
"modified": "2015-08-06T14:16:05.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'd3cb441f03e8370155381d74c2b7d827']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c25-c958-4103-8f9c-4544950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:05.000Z",
"modified": "2015-08-06T14:16:05.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'd57075de72308ed72d8f7e1af9ce8431']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c25-bf88-4e20-b706-412d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:05.000Z",
"modified": "2015-08-06T14:16:05.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'd5d6881b4bef3544d9067b71af3287eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c25-5860-4660-8998-4c95950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:05.000Z",
"modified": "2015-08-06T14:16:05.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'd7351f6937379dbbeedc83d37a86e794']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c25-f3b8-47ca-8223-4ded950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:05.000Z",
"modified": "2015-08-06T14:16:05.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'd810b773e694279ece31106c26fb2869']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c26-d920-4d92-a86d-4c97950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:06.000Z",
"modified": "2015-08-06T14:16:06.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'd82230d1ac02405d16530f849abdde0b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c26-3934-4f5b-9234-4d15950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:06.000Z",
"modified": "2015-08-06T14:16:06.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'd875a70c4b07dcc18770870c9c1d2abd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c26-3554-410c-9939-42d8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:06.000Z",
"modified": "2015-08-06T14:16:06.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'dc7469f6b18cfce712156e3988d238d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c26-742c-4378-82e5-4204950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:06.000Z",
"modified": "2015-08-06T14:16:06.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'df15e0f3169f65080ee7d783c061cda3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c26-93a8-4656-b302-469d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:06.000Z",
"modified": "2015-08-06T14:16:06.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'dfea1e69d2f5d84a1b6c6b67b01b7ff8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c26-02bc-4d9f-b222-49b1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:06.000Z",
"modified": "2015-08-06T14:16:06.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'e0b6a8e23e0d586663e74f1e1d755ae0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c27-6bdc-40a1-8e71-46fc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:07.000Z",
"modified": "2015-08-06T14:16:07.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'e13bf40bbdbba86d638c04e0d72de268']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c27-2c60-4aa5-9b73-48e5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:07.000Z",
"modified": "2015-08-06T14:16:07.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'e1b53ff413915e03245807b2eba504eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c27-bbb8-4201-b686-4c57950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:07.000Z",
"modified": "2015-08-06T14:16:07.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'e1ccd9f1696e4bf943fa2816356a443b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c27-d7e4-4c54-be7e-4f25950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:07.000Z",
"modified": "2015-08-06T14:16:07.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'e36028a1bf428bb5a0993dc445deb5b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c27-6afc-4b34-a8d3-4d66950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:07.000Z",
"modified": "2015-08-06T14:16:07.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'e7139a2e1e28efd6c303dc28f676ffe3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c27-2884-4f08-bd31-4d0a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:07.000Z",
"modified": "2015-08-06T14:16:07.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'e804f5d88ceb937b6ce0c900260793d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c27-5f14-4418-937d-4247950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:07.000Z",
"modified": "2015-08-06T14:16:07.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'ec85830342217b5d03f6bd26a703ce1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c28-19ac-479c-97f2-4100950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:08.000Z",
"modified": "2015-08-06T14:16:08.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'ef855c88842821a15a80bbee00024817']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c28-6bfc-4277-9105-4986950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:08.000Z",
"modified": "2015-08-06T14:16:08.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'ef94e4b0bd689972df09e19a3ed0653e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c28-17d4-4ac3-9360-4e6d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:08.000Z",
"modified": "2015-08-06T14:16:08.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'f1eb2a68d5d438e93a22b2126c812f4d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c28-b884-45b4-8ac7-4c1f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:08.000Z",
"modified": "2015-08-06T14:16:08.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'f349ee3706c815a79a60d2534284935d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c28-5b3c-4841-8729-4c7a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:08.000Z",
"modified": "2015-08-06T14:16:08.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'f4862b793f89b9ca59da6ac38dff0e2d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c28-34a8-459d-8db3-4889950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:08.000Z",
"modified": "2015-08-06T14:16:08.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'f5b9862f2d508c57b81fbaaad91030f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c29-672c-42dd-aef6-454c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:09.000Z",
"modified": "2015-08-06T14:16:09.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'f8dbcfe4f826aa27724ccfd6b080b26d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c29-7494-4e43-865b-4f4e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:09.000Z",
"modified": "2015-08-06T14:16:09.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'f918fc73484f2a1684de53040ec816d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c29-85b4-4c63-8bf7-45e8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:09.000Z",
"modified": "2015-08-06T14:16:09.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'f942344daf85bf211b4a27a1c947843c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c29-5520-423b-8972-4810950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:09.000Z",
"modified": "2015-08-06T14:16:09.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'f9b71e959f79d25bad195f59f5ae502e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c29-aa88-404b-8164-4b73950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:09.000Z",
"modified": "2015-08-06T14:16:09.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'faed2bcd842e81c180a6ac9dde78f8d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c29-3f7c-46c8-9eb8-449a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:09.000Z",
"modified": "2015-08-06T14:16:09.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'fcad5bdeb3eb2eaa6e1c2bb9d9eb2cc0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c2a-6cb4-45d4-822b-43d8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:10.000Z",
"modified": "2015-08-06T14:16:10.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'fd69439c6e2bac79e490b9572b6c91ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c2a-0ac0-421b-a4f0-4243950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:10.000Z",
"modified": "2015-08-06T14:16:10.000Z",
"description": "Sakula malware",
"pattern": "[file:hashes.MD5 = 'ff1d5c6a476a56eb7ca4e38b57761a4e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c42-c41c-4e5e-a397-4105950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:34.000Z",
"modified": "2015-08-06T14:16:34.000Z",
"description": "Decoded UAC bypass DLL file for Sakula",
"pattern": "[file:hashes.MD5 = '51ee4ef7f326e90d391ee9d1c5238b34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c42-0090-45a2-9542-497a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:34.000Z",
"modified": "2015-08-06T14:16:34.000Z",
"description": "Decoded UAC bypass DLL file for Sakula",
"pattern": "[file:hashes.MD5 = '5d54c0756fbe33aae5dc8a4484a7aee5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c53-6f04-40c5-98cb-4183950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:16:51.000Z",
"modified": "2015-08-06T14:16:51.000Z",
"description": "Sakula command component",
"pattern": "[file:hashes.MD5 = 'bc99d3f41dfca74f2b40ce4d4f959af0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:16:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6a-9a54-49da-a2e4-44b3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:14.000Z",
"modified": "2015-08-06T14:17:14.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '07b62497e41898c22e5d5351607aac8e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6a-65a8-4c5e-b61a-4e01950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:14.000Z",
"modified": "2015-08-06T14:17:14.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '1d016bb286980fd356cab21cdfcb49f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6a-8c10-40d9-9c43-4cbf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:14.000Z",
"modified": "2015-08-06T14:17:14.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '230d8a7a60a07df28a291b13ddf3351f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6a-2adc-41a2-92c8-4621950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:14.000Z",
"modified": "2015-08-06T14:17:14.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '3d2c2fdd4104978762b89804ba771e63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6a-2320-414e-af46-4060950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:14.000Z",
"modified": "2015-08-06T14:17:14.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '3f0ba1cd12bab7ba5875d1b02e45dfcf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6b-4ee0-44ea-96cc-4474950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:15.000Z",
"modified": "2015-08-06T14:17:15.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '49c5da72aafabcc0b6896fec637ed167']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6b-d970-47f7-b1dc-4d8c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:15.000Z",
"modified": "2015-08-06T14:17:15.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '4a7b4635af040cba1851b2f57254ba5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6b-c480-42eb-b524-48fa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:15.000Z",
"modified": "2015-08-06T14:17:15.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '4ea3afbed7a0c7d0013f454060243fba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6b-ecfc-42ab-98f2-4d05950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:15.000Z",
"modified": "2015-08-06T14:17:15.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '4f545dff49f81d08736a782751450f71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6b-0cc4-4f0b-8f9c-4a34950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:15.000Z",
"modified": "2015-08-06T14:17:15.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '5acc539355258122f8cdc7f5c13368e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6b-c268-40ef-81fa-4d80950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:15.000Z",
"modified": "2015-08-06T14:17:15.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '69314300da7a4a0e95be545b804565dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6c-e9a0-43b9-b6b1-4c2d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:16.000Z",
"modified": "2015-08-06T14:17:16.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '740561c8d5d2c658d2134d5107802a9d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6c-b3d8-4335-bc30-44f7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:16.000Z",
"modified": "2015-08-06T14:17:16.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '888876810fa9f85a82645bf5d16468e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6c-f054-4831-936e-47e3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:16.000Z",
"modified": "2015-08-06T14:17:16.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '98721c78dfbf8a45d152a888c804427c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6c-4dc0-4795-925b-462f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:16.000Z",
"modified": "2015-08-06T14:17:16.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = '9a63f72911b385a0c17427444c968ed0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6c-d174-4598-9021-4569950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:16.000Z",
"modified": "2015-08-06T14:17:16.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = 'a932a0d01962773e2a8f4a516c5d0515']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6d-6548-410f-ac02-4390950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:17.000Z",
"modified": "2015-08-06T14:17:17.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = 'bf29d2c64db69170ae01ebb4eabe9bd3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6d-6264-4120-bba1-4d19950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:17.000Z",
"modified": "2015-08-06T14:17:17.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = 'c384e7f567abd9ea50f647715a28661a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6d-6a78-4d0f-a943-4e02950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:17.000Z",
"modified": "2015-08-06T14:17:17.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = 'c50612ebe76bfd7bc61174c581fb2a95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6d-c158-4206-ac5a-4f94950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:17.000Z",
"modified": "2015-08-06T14:17:17.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = 'c71b09dfffd870af2c38a8135762e84d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6d-be10-4524-a67d-4523950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:17.000Z",
"modified": "2015-08-06T14:17:17.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = 'c869c75ed1998294af3c676bdbd56851']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6e-9cc8-4702-9698-4123950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:18.000Z",
"modified": "2015-08-06T14:17:18.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = 'd76be14a5e3a6ec45150ad2582f5c1a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c6e-4d90-4aaa-838f-47e8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:18.000Z",
"modified": "2015-08-06T14:17:18.000Z",
"description": "Sakula installer",
"pattern": "[file:hashes.MD5 = 'dba4e180ed355a4ad63ceaf57447b2b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c79-7ee8-4393-96b6-4105950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:29.000Z",
"modified": "2015-08-06T14:17:29.000Z",
"description": "XOR-encoded Sakula malware",
"pattern": "[file:hashes.MD5 = '7b2677c7215fab4e42f4507eb01c4326']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c89-9a20-4907-ba11-4988950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:45.000Z",
"modified": "2015-08-06T14:17:45.000Z",
"description": "XOR-encoded UAC bypass code for Sakula",
"pattern": "[file:hashes.MD5 = '11587f16f3129cad17222498eadc84f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c36c89-1c84-4d70-a60e-4e80950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-06T14:17:45.000Z",
"modified": "2015-08-06T14:17:45.000Z",
"description": "XOR-encoded UAC bypass code for Sakula",
"pattern": "[file:hashes.MD5 = '1d80af301994f9b6bf3fa2389ff125da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-06T14:17:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f3c-e374-4af3-81a3-4e93950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:56.000Z",
"modified": "2015-08-25T13:35:56.000Z",
"description": "XOR-encoded Sakula malware - Xchecked via VT: 7b2677c7215fab4e42f4507eb01c4326",
"pattern": "[file:hashes.SHA256 = 'ef58a6cf9c85e6fe8abf1dca66a4d08bed42be852b5b0a44ff0d6b441afb34aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:35:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f3c-c720-4870-ae5f-4f59950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:56.000Z",
"modified": "2015-08-25T13:35:56.000Z",
"description": "XOR-encoded Sakula malware - Xchecked via VT: 7b2677c7215fab4e42f4507eb01c4326",
"pattern": "[file:hashes.SHA1 = '5cde25d601852f74146c4a110c53ce37548c19be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:35:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f3d-bf1c-4011-9388-4e8b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:57.000Z",
"modified": "2015-08-25T13:35:57.000Z",
"first_observed": "2015-08-25T13:35:57Z",
"last_observed": "2015-08-25T13:35:57Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f3d-bf1c-4011-9388-4e8b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f3d-bf1c-4011-9388-4e8b950d210b",
"value": "https://www.virustotal.com/file/ef58a6cf9c85e6fe8abf1dca66a4d08bed42be852b5b0a44ff0d6b441afb34aa/analysis/1438844307/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f3d-8b80-4ccd-938f-45c5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:57.000Z",
"modified": "2015-08-25T13:35:57.000Z",
"description": "Sakula installer - Xchecked via VT: dba4e180ed355a4ad63ceaf57447b2b7",
"pattern": "[file:hashes.SHA256 = '71a291c5fc66304dfc0abc9248c714f40979e8a01737ea9ab71aa83622493abe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:35:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f3d-ddfc-4350-86cd-4711950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:57.000Z",
"modified": "2015-08-25T13:35:57.000Z",
"description": "Sakula installer - Xchecked via VT: dba4e180ed355a4ad63ceaf57447b2b7",
"pattern": "[file:hashes.SHA1 = '5ef132d06c6a533ce0de7f7da0c46c73590095b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:35:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f3d-d5bc-4a36-b3ef-4806950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:57.000Z",
"modified": "2015-08-25T13:35:57.000Z",
"first_observed": "2015-08-25T13:35:57Z",
"last_observed": "2015-08-25T13:35:57Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f3d-d5bc-4a36-b3ef-4806950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f3d-d5bc-4a36-b3ef-4806950d210b",
"value": "https://www.virustotal.com/file/71a291c5fc66304dfc0abc9248c714f40979e8a01737ea9ab71aa83622493abe/analysis/1439099790/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f3d-3dd8-4e3f-a9fe-437d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:57.000Z",
"modified": "2015-08-25T13:35:57.000Z",
"description": "Sakula installer - Xchecked via VT: d76be14a5e3a6ec45150ad2582f5c1a8",
"pattern": "[file:hashes.SHA256 = '3051c3dc2bf03846c2a635d684a7bffd9b758655dab99aef7ce9b2e77085ff50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:35:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f3d-649c-46c4-a177-46a0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:57.000Z",
"modified": "2015-08-25T13:35:57.000Z",
"description": "Sakula installer - Xchecked via VT: d76be14a5e3a6ec45150ad2582f5c1a8",
"pattern": "[file:hashes.SHA1 = '802923a29d8161a1f821a5317e41df5af3b39699']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:35:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f3e-58dc-4bcd-b85d-4a0b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:58.000Z",
"modified": "2015-08-25T13:35:58.000Z",
"first_observed": "2015-08-25T13:35:58Z",
"last_observed": "2015-08-25T13:35:58Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f3e-58dc-4bcd-b85d-4a0b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f3e-58dc-4bcd-b85d-4a0b950d210b",
"value": "https://www.virustotal.com/file/3051c3dc2bf03846c2a635d684a7bffd9b758655dab99aef7ce9b2e77085ff50/analysis/1438672123/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f3e-f910-419e-8285-4557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:58.000Z",
"modified": "2015-08-25T13:35:58.000Z",
"description": "Sakula installer - Xchecked via VT: c869c75ed1998294af3c676bdbd56851",
"pattern": "[file:hashes.SHA256 = '6b6e92be036b1a67c383d027bafc7eb63cf515006bb3b3c6ca362a2332542801']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:35:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f3e-0148-4031-820e-42b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:58.000Z",
"modified": "2015-08-25T13:35:58.000Z",
"description": "Sakula installer - Xchecked via VT: c869c75ed1998294af3c676bdbd56851",
"pattern": "[file:hashes.SHA1 = 'dd3a61eed9c454cf96d882f290abc86108ffeea5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:35:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f3e-4960-4b55-931e-40b9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:58.000Z",
"modified": "2015-08-25T13:35:58.000Z",
"first_observed": "2015-08-25T13:35:58Z",
"last_observed": "2015-08-25T13:35:58Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f3e-4960-4b55-931e-40b9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f3e-4960-4b55-931e-40b9950d210b",
"value": "https://www.virustotal.com/file/6b6e92be036b1a67c383d027bafc7eb63cf515006bb3b3c6ca362a2332542801/analysis/1436476592/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f3e-6b74-442c-8275-4bf8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:58.000Z",
"modified": "2015-08-25T13:35:58.000Z",
"description": "Sakula installer - Xchecked via VT: c71b09dfffd870af2c38a8135762e84d",
"pattern": "[file:hashes.SHA256 = '9b0669d2478f4c5d6851b79b9b70621141dfaba0858934a59add578f656ee7b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:35:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f3f-0f18-415f-bc0c-4d27950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:59.000Z",
"modified": "2015-08-25T13:35:59.000Z",
"description": "Sakula installer - Xchecked via VT: c71b09dfffd870af2c38a8135762e84d",
"pattern": "[file:hashes.SHA1 = 'f407d95687017ed331e26b1de5560174834b4e61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:35:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f3f-2698-4743-a7b0-4d50950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:59.000Z",
"modified": "2015-08-25T13:35:59.000Z",
"first_observed": "2015-08-25T13:35:59Z",
"last_observed": "2015-08-25T13:35:59Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f3f-2698-4743-a7b0-4d50950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f3f-2698-4743-a7b0-4d50950d210b",
"value": "https://www.virustotal.com/file/9b0669d2478f4c5d6851b79b9b70621141dfaba0858934a59add578f656ee7b2/analysis/1434997206/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f3f-3f20-4c9f-85cf-4d69950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:59.000Z",
"modified": "2015-08-25T13:35:59.000Z",
"description": "Sakula installer - Xchecked via VT: c50612ebe76bfd7bc61174c581fb2a95",
"pattern": "[file:hashes.SHA256 = 'ccf3280290c64e80bd5f5dde1c5c16be5bc884e9108bc04ba3e034101733c5f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:35:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f3f-9e50-4093-a1e9-4ad8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:59.000Z",
"modified": "2015-08-25T13:35:59.000Z",
"description": "Sakula installer - Xchecked via VT: c50612ebe76bfd7bc61174c581fb2a95",
"pattern": "[file:hashes.SHA1 = 'a9d3b0c7533bc51945b43a5e463ca83cd1fcdc65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:35:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f3f-493c-4c96-8bb4-4b4f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:59.000Z",
"modified": "2015-08-25T13:35:59.000Z",
"first_observed": "2015-08-25T13:35:59Z",
"last_observed": "2015-08-25T13:35:59Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f3f-493c-4c96-8bb4-4b4f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f3f-493c-4c96-8bb4-4b4f950d210b",
"value": "https://www.virustotal.com/file/ccf3280290c64e80bd5f5dde1c5c16be5bc884e9108bc04ba3e034101733c5f5/analysis/1434995466/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f3f-5454-4d48-910b-40e6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:35:59.000Z",
"modified": "2015-08-25T13:35:59.000Z",
"description": "Sakula installer - Xchecked via VT: c384e7f567abd9ea50f647715a28661a",
"pattern": "[file:hashes.SHA256 = '02c65c94b522c47599354f4c4598ee04b87b7b5716a830cff42a8b5809b39179']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:35:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f40-c6b8-476c-bcdc-4fed950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:00.000Z",
"modified": "2015-08-25T13:36:00.000Z",
"description": "Sakula installer - Xchecked via VT: c384e7f567abd9ea50f647715a28661a",
"pattern": "[file:hashes.SHA1 = '921ee8f43b058c717e93318b34cd6cebc321e5eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f40-e7cc-4adb-98e1-4feb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:00.000Z",
"modified": "2015-08-25T13:36:00.000Z",
"first_observed": "2015-08-25T13:36:00Z",
"last_observed": "2015-08-25T13:36:00Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f40-e7cc-4adb-98e1-4feb950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f40-e7cc-4adb-98e1-4feb950d210b",
"value": "https://www.virustotal.com/file/02c65c94b522c47599354f4c4598ee04b87b7b5716a830cff42a8b5809b39179/analysis/1432834688/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f40-0df0-4c11-9e8a-4cf0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:00.000Z",
"modified": "2015-08-25T13:36:00.000Z",
"description": "Sakula installer - Xchecked via VT: bf29d2c64db69170ae01ebb4eabe9bd3",
"pattern": "[file:hashes.SHA256 = 'ab33a3bd95341516cd68270445db7ed720c82a87ea134715b3b9ce3669c5f5e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f40-06fc-4c88-a2fe-419f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:00.000Z",
"modified": "2015-08-25T13:36:00.000Z",
"description": "Sakula installer - Xchecked via VT: bf29d2c64db69170ae01ebb4eabe9bd3",
"pattern": "[file:hashes.SHA1 = '4fc413a27cfaa3cc208a7b4f60d3d30c887323f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f40-88a4-4b11-a060-46c6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:00.000Z",
"modified": "2015-08-25T13:36:00.000Z",
"first_observed": "2015-08-25T13:36:00Z",
"last_observed": "2015-08-25T13:36:00Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f40-88a4-4b11-a060-46c6950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f40-88a4-4b11-a060-46c6950d210b",
"value": "https://www.virustotal.com/file/ab33a3bd95341516cd68270445db7ed720c82a87ea134715b3b9ce3669c5f5e7/analysis/1438239290/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f40-bdec-4a91-9827-4a26950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:00.000Z",
"modified": "2015-08-25T13:36:00.000Z",
"description": "Sakula installer - Xchecked via VT: a932a0d01962773e2a8f4a516c5d0515",
"pattern": "[file:hashes.SHA256 = '7099b365b7fe3651d34a12e3a76f389f92abdf39c59d02f6ac3911326dcd674b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f41-ed84-4551-8e10-4b19950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:01.000Z",
"modified": "2015-08-25T13:36:01.000Z",
"description": "Sakula installer - Xchecked via VT: a932a0d01962773e2a8f4a516c5d0515",
"pattern": "[file:hashes.SHA1 = '0395209ecbec26d3632e5fc6336d177b2c7dc49e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f41-9070-4135-b7f9-484e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:01.000Z",
"modified": "2015-08-25T13:36:01.000Z",
"first_observed": "2015-08-25T13:36:01Z",
"last_observed": "2015-08-25T13:36:01Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f41-9070-4135-b7f9-484e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f41-9070-4135-b7f9-484e950d210b",
"value": "https://www.virustotal.com/file/7099b365b7fe3651d34a12e3a76f389f92abdf39c59d02f6ac3911326dcd674b/analysis/1437620084/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f41-4780-4347-a1f0-446b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:01.000Z",
"modified": "2015-08-25T13:36:01.000Z",
"description": "Sakula installer - Xchecked via VT: 9a63f72911b385a0c17427444c968ed0",
"pattern": "[file:hashes.SHA256 = '865d62c4f463ecce2db672f318da04166736f1f899ce04d2f132dd8fe2d628d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f41-3d50-4569-9270-410b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:01.000Z",
"modified": "2015-08-25T13:36:01.000Z",
"description": "Sakula installer - Xchecked via VT: 9a63f72911b385a0c17427444c968ed0",
"pattern": "[file:hashes.SHA1 = 'bb6ba3b8993783a9758324e1843860503e1dd46d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f41-15dc-425b-9826-4abd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:01.000Z",
"modified": "2015-08-25T13:36:01.000Z",
"first_observed": "2015-08-25T13:36:01Z",
"last_observed": "2015-08-25T13:36:01Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f41-15dc-425b-9826-4abd950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f41-15dc-425b-9826-4abd950d210b",
"value": "https://www.virustotal.com/file/865d62c4f463ecce2db672f318da04166736f1f899ce04d2f132dd8fe2d628d5/analysis/1436841001/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f41-a640-4aa7-8e8a-400e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:01.000Z",
"modified": "2015-08-25T13:36:01.000Z",
"description": "Sakula installer - Xchecked via VT: 98721c78dfbf8a45d152a888c804427c",
"pattern": "[file:hashes.SHA256 = '8d168092d5601ebbaed24ec3caeef7454c48cf21366cd76560755eb33aff89e9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f42-d408-4752-95f9-49f5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:02.000Z",
"modified": "2015-08-25T13:36:02.000Z",
"description": "Sakula installer - Xchecked via VT: 98721c78dfbf8a45d152a888c804427c",
"pattern": "[file:hashes.SHA1 = 'e8d06bd24e600f95b67786db6ff37da1c8995854']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f42-fc84-4079-9e28-41f3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:02.000Z",
"modified": "2015-08-25T13:36:02.000Z",
"first_observed": "2015-08-25T13:36:02Z",
"last_observed": "2015-08-25T13:36:02Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f42-fc84-4079-9e28-41f3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f42-fc84-4079-9e28-41f3950d210b",
"value": "https://www.virustotal.com/file/8d168092d5601ebbaed24ec3caeef7454c48cf21366cd76560755eb33aff89e9/analysis/1438252949/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f42-4d74-4eb5-b16b-433c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:02.000Z",
"modified": "2015-08-25T13:36:02.000Z",
"description": "Sakula installer - Xchecked via VT: 888876810fa9f85a82645bf5d16468e8",
"pattern": "[file:hashes.SHA256 = '097afc8d1e62e63fa64da6c34465c351b0ce37e881f9feccee5bd42633f1ee1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f42-28c4-40eb-a471-4aca950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:02.000Z",
"modified": "2015-08-25T13:36:02.000Z",
"description": "Sakula installer - Xchecked via VT: 888876810fa9f85a82645bf5d16468e8",
"pattern": "[file:hashes.SHA1 = '874bfbe6025f859dcfcb2badcd004d089a33b0a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f42-abd8-44ed-8598-4b56950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:02.000Z",
"modified": "2015-08-25T13:36:02.000Z",
"first_observed": "2015-08-25T13:36:02Z",
"last_observed": "2015-08-25T13:36:02Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f42-abd8-44ed-8598-4b56950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f42-abd8-44ed-8598-4b56950d210b",
"value": "https://www.virustotal.com/file/097afc8d1e62e63fa64da6c34465c351b0ce37e881f9feccee5bd42633f1ee1a/analysis/1439469625/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f42-5a10-4605-8c4d-4aef950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:02.000Z",
"modified": "2015-08-25T13:36:02.000Z",
"description": "Sakula installer - Xchecked via VT: 740561c8d5d2c658d2134d5107802a9d",
"pattern": "[file:hashes.SHA256 = '81dd48ed812d571c700c0c097c97a207eb5ac950fcf3c34309cedf9e88b1405d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f43-0504-4021-8964-43d1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:03.000Z",
"modified": "2015-08-25T13:36:03.000Z",
"description": "Sakula installer - Xchecked via VT: 740561c8d5d2c658d2134d5107802a9d",
"pattern": "[file:hashes.SHA1 = '7994c126ece4d430c6b9eba2e81304c26492e6a9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f43-c230-4715-9442-455a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:03.000Z",
"modified": "2015-08-25T13:36:03.000Z",
"first_observed": "2015-08-25T13:36:03Z",
"last_observed": "2015-08-25T13:36:03Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f43-c230-4715-9442-455a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f43-c230-4715-9442-455a950d210b",
"value": "https://www.virustotal.com/file/81dd48ed812d571c700c0c097c97a207eb5ac950fcf3c34309cedf9e88b1405d/analysis/1439469486/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f43-62d0-4ee5-bcbe-405d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:03.000Z",
"modified": "2015-08-25T13:36:03.000Z",
"description": "Sakula installer - Xchecked via VT: 69314300da7a4a0e95be545b804565dd",
"pattern": "[file:hashes.SHA256 = '8a819e450fbd2edc9716dbdea0f56bafc9dbb8274e502cdb9aff3f7c6bfd9b56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f43-abf8-4e2d-bf83-40a3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:03.000Z",
"modified": "2015-08-25T13:36:03.000Z",
"description": "Sakula installer - Xchecked via VT: 69314300da7a4a0e95be545b804565dd",
"pattern": "[file:hashes.SHA1 = '514a30aef41f24b74e34225858863897c5220eb6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f43-ee20-4a9d-a0ac-4665950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:03.000Z",
"modified": "2015-08-25T13:36:03.000Z",
"first_observed": "2015-08-25T13:36:03Z",
"last_observed": "2015-08-25T13:36:03Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f43-ee20-4a9d-a0ac-4665950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f43-ee20-4a9d-a0ac-4665950d210b",
"value": "https://www.virustotal.com/file/8a819e450fbd2edc9716dbdea0f56bafc9dbb8274e502cdb9aff3f7c6bfd9b56/analysis/1439469430/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f43-1cb8-46f8-a6e6-4cd8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:03.000Z",
"modified": "2015-08-25T13:36:03.000Z",
"description": "Sakula installer - Xchecked via VT: 5acc539355258122f8cdc7f5c13368e1",
"pattern": "[file:hashes.SHA256 = '32a6541feb8a679b44c85c3b9d01be52b2176ccf87d77213f8d6f5bbfc3de3cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f44-f6b0-40cd-ac66-422d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:04.000Z",
"modified": "2015-08-25T13:36:04.000Z",
"description": "Sakula installer - Xchecked via VT: 5acc539355258122f8cdc7f5c13368e1",
"pattern": "[file:hashes.SHA1 = '82747363fa7ff4f069a0bd6e5771cf5d87cc58b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f44-fde8-4d06-bd91-4615950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:04.000Z",
"modified": "2015-08-25T13:36:04.000Z",
"first_observed": "2015-08-25T13:36:04Z",
"last_observed": "2015-08-25T13:36:04Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f44-fde8-4d06-bd91-4615950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f44-fde8-4d06-bd91-4615950d210b",
"value": "https://www.virustotal.com/file/32a6541feb8a679b44c85c3b9d01be52b2176ccf87d77213f8d6f5bbfc3de3cf/analysis/1439469326/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f44-79f4-4e11-b456-49c1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:04.000Z",
"modified": "2015-08-25T13:36:04.000Z",
"description": "Sakula installer - Xchecked via VT: 4f545dff49f81d08736a782751450f71",
"pattern": "[file:hashes.SHA256 = '641b225c6954c05482069a7b808b24ab8c9dc8c95790d8cf8f4c63d9ebbd6fec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f44-11a0-4f92-98cc-490d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:04.000Z",
"modified": "2015-08-25T13:36:04.000Z",
"description": "Sakula installer - Xchecked via VT: 4f545dff49f81d08736a782751450f71",
"pattern": "[file:hashes.SHA1 = 'ad82ab937e28a6ddba4a837684185255b26d35ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f44-215c-4a8e-81e7-4585950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:04.000Z",
"modified": "2015-08-25T13:36:04.000Z",
"first_observed": "2015-08-25T13:36:04Z",
"last_observed": "2015-08-25T13:36:04Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f44-215c-4a8e-81e7-4585950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f44-215c-4a8e-81e7-4585950d210b",
"value": "https://www.virustotal.com/file/641b225c6954c05482069a7b808b24ab8c9dc8c95790d8cf8f4c63d9ebbd6fec/analysis/1439469269/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f44-5930-438b-9ea0-4749950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:04.000Z",
"modified": "2015-08-25T13:36:04.000Z",
"description": "Sakula installer - Xchecked via VT: 4ea3afbed7a0c7d0013f454060243fba",
"pattern": "[file:hashes.SHA256 = 'a99ec6d2b109d3887a585bdf48f337ef2901bc185f4a51230100a60463c59e0b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f45-2474-4d51-955c-4780950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:05.000Z",
"modified": "2015-08-25T13:36:05.000Z",
"description": "Sakula installer - Xchecked via VT: 4ea3afbed7a0c7d0013f454060243fba",
"pattern": "[file:hashes.SHA1 = 'cc5b48da0b8aa02d75c6a5b3bb5be2e9f7a5b80d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f45-5600-4a0d-9223-4254950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:05.000Z",
"modified": "2015-08-25T13:36:05.000Z",
"first_observed": "2015-08-25T13:36:05Z",
"last_observed": "2015-08-25T13:36:05Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f45-5600-4a0d-9223-4254950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f45-5600-4a0d-9223-4254950d210b",
"value": "https://www.virustotal.com/file/a99ec6d2b109d3887a585bdf48f337ef2901bc185f4a51230100a60463c59e0b/analysis/1439469264/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f45-64d0-428d-9a70-482d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:05.000Z",
"modified": "2015-08-25T13:36:05.000Z",
"description": "Sakula installer - Xchecked via VT: 4a7b4635af040cba1851b2f57254ba5e",
"pattern": "[file:hashes.SHA256 = '50fa6fff60ad5a33c55f2d87299a46d3f1aa8631524311349ef9bd83566e1a12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f45-86a8-4d16-97b4-4a7b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:05.000Z",
"modified": "2015-08-25T13:36:05.000Z",
"description": "Sakula installer - Xchecked via VT: 4a7b4635af040cba1851b2f57254ba5e",
"pattern": "[file:hashes.SHA1 = 'a25e851fcc3e2212e52f4f3a98aa1fd23e1e4c98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f45-e538-4382-8cc9-4044950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:05.000Z",
"modified": "2015-08-25T13:36:05.000Z",
"first_observed": "2015-08-25T13:36:05Z",
"last_observed": "2015-08-25T13:36:05Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f45-e538-4382-8cc9-4044950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f45-e538-4382-8cc9-4044950d210b",
"value": "https://www.virustotal.com/file/50fa6fff60ad5a33c55f2d87299a46d3f1aa8631524311349ef9bd83566e1a12/analysis/1439469221/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f45-4734-4469-aced-4014950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:05.000Z",
"modified": "2015-08-25T13:36:05.000Z",
"description": "Sakula installer - Xchecked via VT: 49c5da72aafabcc0b6896fec637ed167",
"pattern": "[file:hashes.SHA256 = '546336675d5a34ccbec6bf89355bd94095b56da0ce57f6ea246ddef0152fa84a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f46-7c58-4331-b947-4f4e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:06.000Z",
"modified": "2015-08-25T13:36:06.000Z",
"description": "Sakula installer - Xchecked via VT: 49c5da72aafabcc0b6896fec637ed167",
"pattern": "[file:hashes.SHA1 = '021fe74187ba5d2e54f9636e2b849de597255fc7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f46-bda0-47e9-9f9a-4b72950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:06.000Z",
"modified": "2015-08-25T13:36:06.000Z",
"first_observed": "2015-08-25T13:36:06Z",
"last_observed": "2015-08-25T13:36:06Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f46-bda0-47e9-9f9a-4b72950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f46-bda0-47e9-9f9a-4b72950d210b",
"value": "https://www.virustotal.com/file/546336675d5a34ccbec6bf89355bd94095b56da0ce57f6ea246ddef0152fa84a/analysis/1438844677/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f46-8a38-442a-8bf4-4e81950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:06.000Z",
"modified": "2015-08-25T13:36:06.000Z",
"description": "Sakula installer - Xchecked via VT: 3f0ba1cd12bab7ba5875d1b02e45dfcf",
"pattern": "[file:hashes.SHA256 = '4d21da09b2ca0226c812692ab7cba60af1c8d58ff97dda500df2f850b2c38ef2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f46-da58-4cf4-b15b-4669950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:06.000Z",
"modified": "2015-08-25T13:36:06.000Z",
"description": "Sakula installer - Xchecked via VT: 3f0ba1cd12bab7ba5875d1b02e45dfcf",
"pattern": "[file:hashes.SHA1 = 'a5dfa8bbf1643274d0ef0902626172019173bf52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f46-1f68-4f52-af4c-40d9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:06.000Z",
"modified": "2015-08-25T13:36:06.000Z",
"first_observed": "2015-08-25T13:36:06Z",
"last_observed": "2015-08-25T13:36:06Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f46-1f68-4f52-af4c-40d9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f46-1f68-4f52-af4c-40d9950d210b",
"value": "https://www.virustotal.com/file/4d21da09b2ca0226c812692ab7cba60af1c8d58ff97dda500df2f850b2c38ef2/analysis/1439469130/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f46-3dec-4a33-92a2-47cf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:06.000Z",
"modified": "2015-08-25T13:36:06.000Z",
"description": "Sakula installer - Xchecked via VT: 3d2c2fdd4104978762b89804ba771e63",
"pattern": "[file:hashes.SHA256 = '677aa410df1dd5592297d00b7b7499e8e98e81995122cc71588ca920cedafd80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f47-47d4-4a62-89eb-4896950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:07.000Z",
"modified": "2015-08-25T13:36:07.000Z",
"description": "Sakula installer - Xchecked via VT: 3d2c2fdd4104978762b89804ba771e63",
"pattern": "[file:hashes.SHA1 = '2d4e507ee1a8701f5457b38f9e259d54ba855e36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f47-d7ac-43dd-9fc2-4bbf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:07.000Z",
"modified": "2015-08-25T13:36:07.000Z",
"first_observed": "2015-08-25T13:36:07Z",
"last_observed": "2015-08-25T13:36:07Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f47-d7ac-43dd-9fc2-4bbf950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f47-d7ac-43dd-9fc2-4bbf950d210b",
"value": "https://www.virustotal.com/file/677aa410df1dd5592297d00b7b7499e8e98e81995122cc71588ca920cedafd80/analysis/1439469118/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f47-f328-435b-abdd-4bc5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:07.000Z",
"modified": "2015-08-25T13:36:07.000Z",
"description": "Sakula installer - Xchecked via VT: 230d8a7a60a07df28a291b13ddf3351f",
"pattern": "[file:hashes.SHA256 = 'd4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f47-bc5c-4b19-8655-46a8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:07.000Z",
"modified": "2015-08-25T13:36:07.000Z",
"description": "Sakula installer - Xchecked via VT: 230d8a7a60a07df28a291b13ddf3351f",
"pattern": "[file:hashes.SHA1 = 'de71fd21781ae1eed0dbba6bf915a65cc4c0f984']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f47-3318-4283-9e25-4eb2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:07.000Z",
"modified": "2015-08-25T13:36:07.000Z",
"first_observed": "2015-08-25T13:36:07Z",
"last_observed": "2015-08-25T13:36:07Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f47-3318-4283-9e25-4eb2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f47-3318-4283-9e25-4eb2950d210b",
"value": "https://www.virustotal.com/file/d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d/analysis/1439468914/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f48-00f4-42bf-964e-4439950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:08.000Z",
"modified": "2015-08-25T13:36:08.000Z",
"description": "Sakula installer - Xchecked via VT: 1d016bb286980fd356cab21cdfcb49f4",
"pattern": "[file:hashes.SHA256 = '06979704d1ca036bdb046588c88809bb26760745ac85f9104293800f419945c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f48-b70c-4e80-8db6-4aad950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:08.000Z",
"modified": "2015-08-25T13:36:08.000Z",
"description": "Sakula installer - Xchecked via VT: 1d016bb286980fd356cab21cdfcb49f4",
"pattern": "[file:hashes.SHA1 = '71731027ce38f6840c592b83cc20eb9071eccaa9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f48-82fc-4d8d-8c99-46f2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:08.000Z",
"modified": "2015-08-25T13:36:08.000Z",
"first_observed": "2015-08-25T13:36:08Z",
"last_observed": "2015-08-25T13:36:08Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f48-82fc-4d8d-8c99-46f2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f48-82fc-4d8d-8c99-46f2950d210b",
"value": "https://www.virustotal.com/file/06979704d1ca036bdb046588c88809bb26760745ac85f9104293800f419945c4/analysis/1439468851/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f48-9ac8-4f51-bb5f-4783950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:08.000Z",
"modified": "2015-08-25T13:36:08.000Z",
"description": "Sakula installer - Xchecked via VT: 07b62497e41898c22e5d5351607aac8e",
"pattern": "[file:hashes.SHA256 = '59a7c19afa4baa80c90eec1a6f21311983029e923d1b0a483daf206dab991fc4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f48-1d8c-48c0-83df-4a7e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:08.000Z",
"modified": "2015-08-25T13:36:08.000Z",
"description": "Sakula installer - Xchecked via VT: 07b62497e41898c22e5d5351607aac8e",
"pattern": "[file:hashes.SHA1 = 'd85860554ea5718bbcbe877c1310c301a8d2d2ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f48-adf8-4203-8be9-4ce0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:08.000Z",
"modified": "2015-08-25T13:36:08.000Z",
"first_observed": "2015-08-25T13:36:08Z",
"last_observed": "2015-08-25T13:36:08Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f48-adf8-4203-8be9-4ce0950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f48-adf8-4203-8be9-4ce0950d210b",
"value": "https://www.virustotal.com/file/59a7c19afa4baa80c90eec1a6f21311983029e923d1b0a483daf206dab991fc4/analysis/1439468683/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f49-ef48-40fe-a006-41b2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:09.000Z",
"modified": "2015-08-25T13:36:09.000Z",
"description": "Sakula command component - Xchecked via VT: bc99d3f41dfca74f2b40ce4d4f959af0",
"pattern": "[file:hashes.SHA256 = '4086ae5b9737802b6a93a0466d2daf310ba80af82f52b55148b7382b83167bb5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f49-d310-4f74-8449-477d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:09.000Z",
"modified": "2015-08-25T13:36:09.000Z",
"description": "Sakula command component - Xchecked via VT: bc99d3f41dfca74f2b40ce4d4f959af0",
"pattern": "[file:hashes.SHA1 = 'ae605ef5075020dc8666d0fc29936e8eeb30d19c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f49-0448-4fda-a10f-4b15950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:09.000Z",
"modified": "2015-08-25T13:36:09.000Z",
"first_observed": "2015-08-25T13:36:09Z",
"last_observed": "2015-08-25T13:36:09Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f49-0448-4fda-a10f-4b15950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f49-0448-4fda-a10f-4b15950d210b",
"value": "https://www.virustotal.com/file/4086ae5b9737802b6a93a0466d2daf310ba80af82f52b55148b7382b83167bb5/analysis/1436476584/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f49-b1a8-4276-bbf1-4ea2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:09.000Z",
"modified": "2015-08-25T13:36:09.000Z",
"description": "Decoded UAC bypass DLL file for Sakula - Xchecked via VT: 5d54c0756fbe33aae5dc8a4484a7aee5",
"pattern": "[file:hashes.SHA256 = 'd48a91fb502db77d3d410cc59402c1858123dfcfbf99a4978155860f09027cfb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f49-43dc-42e7-961d-4fc2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:09.000Z",
"modified": "2015-08-25T13:36:09.000Z",
"description": "Decoded UAC bypass DLL file for Sakula - Xchecked via VT: 5d54c0756fbe33aae5dc8a4484a7aee5",
"pattern": "[file:hashes.SHA1 = '97dc6905118f0b9a139b2063d54d94953539de2d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f49-09d8-4f7b-803c-4758950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:09.000Z",
"modified": "2015-08-25T13:36:09.000Z",
"first_observed": "2015-08-25T13:36:09Z",
"last_observed": "2015-08-25T13:36:09Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f49-09d8-4f7b-803c-4758950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f49-09d8-4f7b-803c-4758950d210b",
"value": "https://www.virustotal.com/file/d48a91fb502db77d3d410cc59402c1858123dfcfbf99a4978155860f09027cfb/analysis/1434995043/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4a-36d4-401a-81b3-43fe950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:10.000Z",
"modified": "2015-08-25T13:36:10.000Z",
"description": "Decoded UAC bypass DLL file for Sakula - Xchecked via VT: 51ee4ef7f326e90d391ee9d1c5238b34",
"pattern": "[file:hashes.SHA256 = 'f2ca9d055405f2d81dfb2636d507e9fe782123a505c5267d3cb2c89b2a432647']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4a-f354-427a-8e32-4c80950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:10.000Z",
"modified": "2015-08-25T13:36:10.000Z",
"description": "Decoded UAC bypass DLL file for Sakula - Xchecked via VT: 51ee4ef7f326e90d391ee9d1c5238b34",
"pattern": "[file:hashes.SHA1 = '84eb6f41b35f1c7f571a5e9eea3bd68252889adc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f4a-98d4-4335-b781-4daa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:10.000Z",
"modified": "2015-08-25T13:36:10.000Z",
"first_observed": "2015-08-25T13:36:10Z",
"last_observed": "2015-08-25T13:36:10Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f4a-98d4-4335-b781-4daa950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f4a-98d4-4335-b781-4daa950d210b",
"value": "https://www.virustotal.com/file/f2ca9d055405f2d81dfb2636d507e9fe782123a505c5267d3cb2c89b2a432647/analysis/1357911718/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4a-f3b8-4ad2-94dd-426b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:10.000Z",
"modified": "2015-08-25T13:36:10.000Z",
"description": "Sakula malware - Xchecked via VT: ff1d5c6a476a56eb7ca4e38b57761a4e",
"pattern": "[file:hashes.SHA256 = '6b0b6bd87264f526e5e30e69ddcf644ff5bbccf927c90681c42a1f7d6a736ea3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4a-2c7c-41e3-bce1-4506950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:10.000Z",
"modified": "2015-08-25T13:36:10.000Z",
"description": "Sakula malware - Xchecked via VT: ff1d5c6a476a56eb7ca4e38b57761a4e",
"pattern": "[file:hashes.SHA1 = 'd28b488ba651777790f824385aaf0d9acf02c9c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f4a-b53c-4f5f-9c81-44fb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:10.000Z",
"modified": "2015-08-25T13:36:10.000Z",
"first_observed": "2015-08-25T13:36:10Z",
"last_observed": "2015-08-25T13:36:10Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f4a-b53c-4f5f-9c81-44fb950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f4a-b53c-4f5f-9c81-44fb950d210b",
"value": "https://www.virustotal.com/file/6b0b6bd87264f526e5e30e69ddcf644ff5bbccf927c90681c42a1f7d6a736ea3/analysis/1434997261/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4b-7cb4-4e78-a7b9-4412950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:11.000Z",
"modified": "2015-08-25T13:36:11.000Z",
"description": "Sakula malware - Xchecked via VT: fd69439c6e2bac79e490b9572b6c91ad",
"pattern": "[file:hashes.SHA256 = 'be960cab2bb07a5a062ec7ed2cb2bc1115499fbd569cddd54bebfcc5fe7c2333']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4b-bfc4-4de0-820c-412d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:11.000Z",
"modified": "2015-08-25T13:36:11.000Z",
"description": "Sakula malware - Xchecked via VT: fd69439c6e2bac79e490b9572b6c91ad",
"pattern": "[file:hashes.SHA1 = 'ffc74ab94c5e7a0b67c59f3e053928a4e21bcef7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f4b-542c-4fcd-95b5-491a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:11.000Z",
"modified": "2015-08-25T13:36:11.000Z",
"first_observed": "2015-08-25T13:36:11Z",
"last_observed": "2015-08-25T13:36:11Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f4b-542c-4fcd-95b5-491a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f4b-542c-4fcd-95b5-491a950d210b",
"value": "https://www.virustotal.com/file/be960cab2bb07a5a062ec7ed2cb2bc1115499fbd569cddd54bebfcc5fe7c2333/analysis/1434997381/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4b-3fd0-45bd-8f2c-477a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:11.000Z",
"modified": "2015-08-25T13:36:11.000Z",
"description": "Sakula malware - Xchecked via VT: fcad5bdeb3eb2eaa6e1c2bb9d9eb2cc0",
"pattern": "[file:hashes.SHA256 = '23b27a9e7cc687d9249337923cc720c8d3fee98d782f42c9d7fe04738826eb2f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4b-a8d8-4726-bdf0-470b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:11.000Z",
"modified": "2015-08-25T13:36:11.000Z",
"description": "Sakula malware - Xchecked via VT: fcad5bdeb3eb2eaa6e1c2bb9d9eb2cc0",
"pattern": "[file:hashes.SHA1 = '8a32cdd3834e0629eeb47ca2b5f019497cfcb66b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f4b-6488-4dc3-aad9-49ba950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:11.000Z",
"modified": "2015-08-25T13:36:11.000Z",
"first_observed": "2015-08-25T13:36:11Z",
"last_observed": "2015-08-25T13:36:11Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f4b-6488-4dc3-aad9-49ba950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f4b-6488-4dc3-aad9-49ba950d210b",
"value": "https://www.virustotal.com/file/23b27a9e7cc687d9249337923cc720c8d3fee98d782f42c9d7fe04738826eb2f/analysis/1434997441/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4c-69c8-4f65-91b0-42af950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:12.000Z",
"modified": "2015-08-25T13:36:12.000Z",
"description": "Sakula malware - Xchecked via VT: faed2bcd842e81c180a6ac9dde78f8d5",
"pattern": "[file:hashes.SHA256 = 'bc22523add8140bf785a7a0bb446e95275dcedea3de642f23000e5c705044385']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4c-65b8-45ff-8e78-49a7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:12.000Z",
"modified": "2015-08-25T13:36:12.000Z",
"description": "Sakula malware - Xchecked via VT: faed2bcd842e81c180a6ac9dde78f8d5",
"pattern": "[file:hashes.SHA1 = 'dca21e88ad4e7ae8b0a7214cb53863ac2dfee60c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f4c-32c4-4695-987b-4c05950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:12.000Z",
"modified": "2015-08-25T13:36:12.000Z",
"first_observed": "2015-08-25T13:36:12Z",
"last_observed": "2015-08-25T13:36:12Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f4c-32c4-4695-987b-4c05950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f4c-32c4-4695-987b-4c05950d210b",
"value": "https://www.virustotal.com/file/bc22523add8140bf785a7a0bb446e95275dcedea3de642f23000e5c705044385/analysis/1436840982/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4c-48e0-4f5c-b640-4527950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:12.000Z",
"modified": "2015-08-25T13:36:12.000Z",
"description": "Sakula malware - Xchecked via VT: f9b71e959f79d25bad195f59f5ae502e",
"pattern": "[file:hashes.SHA256 = '7541a99350adbb0fe1046b889bc915689eeb08500c7c76d4cb440b0d2e91ca6f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4c-5640-4b4d-847d-4996950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:12.000Z",
"modified": "2015-08-25T13:36:12.000Z",
"description": "Sakula malware - Xchecked via VT: f9b71e959f79d25bad195f59f5ae502e",
"pattern": "[file:hashes.SHA1 = '0b86b3a098aa6325451225b5ea14ee9d62e0c638']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f4d-e784-4064-b01f-4d60950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:13.000Z",
"modified": "2015-08-25T13:36:13.000Z",
"first_observed": "2015-08-25T13:36:13Z",
"last_observed": "2015-08-25T13:36:13Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f4d-e784-4064-b01f-4d60950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f4d-e784-4064-b01f-4d60950d210b",
"value": "https://www.virustotal.com/file/7541a99350adbb0fe1046b889bc915689eeb08500c7c76d4cb440b0d2e91ca6f/analysis/1434997621/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4d-cca0-4296-bca7-4ca0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:13.000Z",
"modified": "2015-08-25T13:36:13.000Z",
"description": "Sakula malware - Xchecked via VT: f942344daf85bf211b4a27a1c947843c",
"pattern": "[file:hashes.SHA256 = '2ba74a0686a857156828c7531ebb2aa685c3b763bc84d6369e46587468371535']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4d-7058-4e79-99b8-423e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:13.000Z",
"modified": "2015-08-25T13:36:13.000Z",
"description": "Sakula malware - Xchecked via VT: f942344daf85bf211b4a27a1c947843c",
"pattern": "[file:hashes.SHA1 = '5a9a720f91857c1fe784cd475608848d031ec810']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f4d-1a80-4290-8652-4957950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:13.000Z",
"modified": "2015-08-25T13:36:13.000Z",
"first_observed": "2015-08-25T13:36:13Z",
"last_observed": "2015-08-25T13:36:13Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f4d-1a80-4290-8652-4957950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f4d-1a80-4290-8652-4957950d210b",
"value": "https://www.virustotal.com/file/2ba74a0686a857156828c7531ebb2aa685c3b763bc84d6369e46587468371535/analysis/1434997681/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4d-538c-4449-9dd5-44ec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:13.000Z",
"modified": "2015-08-25T13:36:13.000Z",
"description": "Sakula malware - Xchecked via VT: f918fc73484f2a1684de53040ec816d2",
"pattern": "[file:hashes.SHA256 = 'c2e834b5b8c69d71b351cb3df1c14a85ba301ff5f136ea445c6cbb310c75cfa3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4d-33f0-448b-9d94-4aa3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:13.000Z",
"modified": "2015-08-25T13:36:13.000Z",
"description": "Sakula malware - Xchecked via VT: f918fc73484f2a1684de53040ec816d2",
"pattern": "[file:hashes.SHA1 = '796080461264030812d4a8d149b07a012da1f747']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f4e-fe74-4f65-8e38-4e02950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:14.000Z",
"modified": "2015-08-25T13:36:14.000Z",
"first_observed": "2015-08-25T13:36:14Z",
"last_observed": "2015-08-25T13:36:14Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f4e-fe74-4f65-8e38-4e02950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f4e-fe74-4f65-8e38-4e02950d210b",
"value": "https://www.virustotal.com/file/c2e834b5b8c69d71b351cb3df1c14a85ba301ff5f136ea445c6cbb310c75cfa3/analysis/1434997742/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4e-065c-45c0-a006-41aa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:14.000Z",
"modified": "2015-08-25T13:36:14.000Z",
"description": "Sakula malware - Xchecked via VT: f8dbcfe4f826aa27724ccfd6b080b26d",
"pattern": "[file:hashes.SHA256 = '58560834b0a0089f012ddb201e1fdc8fd6133fd681621e70052dbb063030942d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4e-f024-4f3c-aaab-420e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:14.000Z",
"modified": "2015-08-25T13:36:14.000Z",
"description": "Sakula malware - Xchecked via VT: f8dbcfe4f826aa27724ccfd6b080b26d",
"pattern": "[file:hashes.SHA1 = '24efba130f37ce6f5bdd9da13c12941422d9f3b0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f4e-4ccc-4b5d-97e6-4cdf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:14.000Z",
"modified": "2015-08-25T13:36:14.000Z",
"first_observed": "2015-08-25T13:36:14Z",
"last_observed": "2015-08-25T13:36:14Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f4e-4ccc-4b5d-97e6-4cdf950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f4e-4ccc-4b5d-97e6-4cdf950d210b",
"value": "https://www.virustotal.com/file/58560834b0a0089f012ddb201e1fdc8fd6133fd681621e70052dbb063030942d/analysis/1434997801/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4e-a490-40a2-bbb6-4db6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:14.000Z",
"modified": "2015-08-25T13:36:14.000Z",
"description": "Sakula malware - Xchecked via VT: f5b9862f2d508c57b81fbaaad91030f4",
"pattern": "[file:hashes.SHA256 = '565b480e76c25f91d6762d5dcbfd4a9a2e8b6775ee50c9e2aa0682bdc1950594']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4e-cdc8-4267-9694-4e70950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:14.000Z",
"modified": "2015-08-25T13:36:14.000Z",
"description": "Sakula malware - Xchecked via VT: f5b9862f2d508c57b81fbaaad91030f4",
"pattern": "[file:hashes.SHA1 = '400b5d4cd225e35b9199b0da33cb7e5b4c729e5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f4f-6fd8-4dc3-8db7-4d1e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:15.000Z",
"modified": "2015-08-25T13:36:15.000Z",
"first_observed": "2015-08-25T13:36:15Z",
"last_observed": "2015-08-25T13:36:15Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f4f-6fd8-4dc3-8db7-4d1e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f4f-6fd8-4dc3-8db7-4d1e950d210b",
"value": "https://www.virustotal.com/file/565b480e76c25f91d6762d5dcbfd4a9a2e8b6775ee50c9e2aa0682bdc1950594/analysis/1434997924/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4f-4d14-4d98-9da6-4ceb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:15.000Z",
"modified": "2015-08-25T13:36:15.000Z",
"description": "Sakula malware - Xchecked via VT: f4862b793f89b9ca59da6ac38dff0e2d",
"pattern": "[file:hashes.SHA256 = 'a087f8ae228817bdeeabb843bcd680dcf2c3c90f24405f35e0f7de358e9f9182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4f-07d4-4b6e-a3e1-4d17950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:15.000Z",
"modified": "2015-08-25T13:36:15.000Z",
"description": "Sakula malware - Xchecked via VT: f4862b793f89b9ca59da6ac38dff0e2d",
"pattern": "[file:hashes.SHA1 = 'f5cee3ad917b2d19e507387c912b577e2ba036db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f4f-6c88-40c0-99da-45f0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:15.000Z",
"modified": "2015-08-25T13:36:15.000Z",
"first_observed": "2015-08-25T13:36:15Z",
"last_observed": "2015-08-25T13:36:15Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f4f-6c88-40c0-99da-45f0950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f4f-6c88-40c0-99da-45f0950d210b",
"value": "https://www.virustotal.com/file/a087f8ae228817bdeeabb843bcd680dcf2c3c90f24405f35e0f7de358e9f9182/analysis/1434998042/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4f-4dd4-488f-9b1d-4a39950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:15.000Z",
"modified": "2015-08-25T13:36:15.000Z",
"description": "Sakula malware - Xchecked via VT: f349ee3706c815a79a60d2534284935d",
"pattern": "[file:hashes.SHA256 = '48459e241cccaf0c4ada704f7f3dae691c89cd10a60f808d8d402a9df05448d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f4f-723c-4ea7-8e27-4a51950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:15.000Z",
"modified": "2015-08-25T13:36:15.000Z",
"description": "Sakula malware - Xchecked via VT: f349ee3706c815a79a60d2534284935d",
"pattern": "[file:hashes.SHA1 = '13ff314b0f85e4a5c76c2d332842b7a541dd2606']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f50-7cb0-4f57-9d06-4457950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:16.000Z",
"modified": "2015-08-25T13:36:16.000Z",
"first_observed": "2015-08-25T13:36:16Z",
"last_observed": "2015-08-25T13:36:16Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f50-7cb0-4f57-9d06-4457950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f50-7cb0-4f57-9d06-4457950d210b",
"value": "https://www.virustotal.com/file/48459e241cccaf0c4ada704f7f3dae691c89cd10a60f808d8d402a9df05448d5/analysis/1434998102/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f50-815c-4de7-89e7-4bf3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:16.000Z",
"modified": "2015-08-25T13:36:16.000Z",
"description": "Sakula malware - Xchecked via VT: f1eb2a68d5d438e93a22b2126c812f4d",
"pattern": "[file:hashes.SHA256 = '8d1c5699b7d49a787ed0c43b51e887ad8738b499f8d6f1a8b811566859827dd1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f50-a184-4993-98ec-489e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:16.000Z",
"modified": "2015-08-25T13:36:16.000Z",
"description": "Sakula malware - Xchecked via VT: f1eb2a68d5d438e93a22b2126c812f4d",
"pattern": "[file:hashes.SHA1 = 'cdf92217a600be39b672e7160bf966c315106f13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f50-ba08-43b1-a9d7-4fe5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:16.000Z",
"modified": "2015-08-25T13:36:16.000Z",
"first_observed": "2015-08-25T13:36:16Z",
"last_observed": "2015-08-25T13:36:16Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f50-ba08-43b1-a9d7-4fe5950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f50-ba08-43b1-a9d7-4fe5950d210b",
"value": "https://www.virustotal.com/file/8d1c5699b7d49a787ed0c43b51e887ad8738b499f8d6f1a8b811566859827dd1/analysis/1435326260/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f50-f1d0-4ca1-8011-454d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:16.000Z",
"modified": "2015-08-25T13:36:16.000Z",
"description": "Sakula malware - Xchecked via VT: ef94e4b0bd689972df09e19a3ed0653e",
"pattern": "[file:hashes.SHA256 = '8a2ce7a4cd85b723c6f05efb6b5dd4d642a7fc9fab1aef43c971146b6374f03c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f51-7320-4721-8640-4cd5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:17.000Z",
"modified": "2015-08-25T13:36:17.000Z",
"description": "Sakula malware - Xchecked via VT: ef94e4b0bd689972df09e19a3ed0653e",
"pattern": "[file:hashes.SHA1 = 'fd37b9682d15c89f79a73c35eeda2cd381aad446']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f51-b848-44af-b7da-408f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:17.000Z",
"modified": "2015-08-25T13:36:17.000Z",
"first_observed": "2015-08-25T13:36:17Z",
"last_observed": "2015-08-25T13:36:17Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f51-b848-44af-b7da-408f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f51-b848-44af-b7da-408f950d210b",
"value": "https://www.virustotal.com/file/8a2ce7a4cd85b723c6f05efb6b5dd4d642a7fc9fab1aef43c971146b6374f03c/analysis/1434998403/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f51-96e4-4022-81f6-4c80950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:17.000Z",
"modified": "2015-08-25T13:36:17.000Z",
"description": "Sakula malware - Xchecked via VT: ef855c88842821a15a80bbee00024817",
"pattern": "[file:hashes.SHA256 = '71e0fba078adc470d9c1ba33afc12a60a7a56cbf6b146578f3ce6e422c4a99ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f51-9aa0-4f91-8768-4982950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:17.000Z",
"modified": "2015-08-25T13:36:17.000Z",
"description": "Sakula malware - Xchecked via VT: ef855c88842821a15a80bbee00024817",
"pattern": "[file:hashes.SHA1 = '5b28af3c34fd2eddd6e5a715142aa237d8cd0e20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f51-f394-4536-9501-458e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:17.000Z",
"modified": "2015-08-25T13:36:17.000Z",
"first_observed": "2015-08-25T13:36:17Z",
"last_observed": "2015-08-25T13:36:17Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f51-f394-4536-9501-458e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f51-f394-4536-9501-458e950d210b",
"value": "https://www.virustotal.com/file/71e0fba078adc470d9c1ba33afc12a60a7a56cbf6b146578f3ce6e422c4a99ca/analysis/1434998464/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f51-0094-437c-8a11-4736950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:17.000Z",
"modified": "2015-08-25T13:36:17.000Z",
"description": "Sakula malware - Xchecked via VT: ec85830342217b5d03f6bd26a703ce1a",
"pattern": "[file:hashes.SHA256 = 'b6e361c3ca2ba8125e7179a31a2610b53505f3f2d756dfb3656f771c0d97dca2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f52-c224-4b86-8564-4daf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:18.000Z",
"modified": "2015-08-25T13:36:18.000Z",
"description": "Sakula malware - Xchecked via VT: ec85830342217b5d03f6bd26a703ce1a",
"pattern": "[file:hashes.SHA1 = 'b63c0a89da5862f58068e10a7c9e2b624c98a9d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f52-dcb4-465a-9abd-4c44950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:18.000Z",
"modified": "2015-08-25T13:36:18.000Z",
"first_observed": "2015-08-25T13:36:18Z",
"last_observed": "2015-08-25T13:36:18Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f52-dcb4-465a-9abd-4c44950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f52-dcb4-465a-9abd-4c44950d210b",
"value": "https://www.virustotal.com/file/b6e361c3ca2ba8125e7179a31a2610b53505f3f2d756dfb3656f771c0d97dca2/analysis/1438341822/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f52-8f6c-47e9-b0c7-4cd9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:18.000Z",
"modified": "2015-08-25T13:36:18.000Z",
"description": "Sakula malware - Xchecked via VT: e804f5d88ceb937b6ce0c900260793d3",
"pattern": "[file:hashes.SHA256 = '711b1ed8debc066d211ec703468d75af5f3e08185870e808cbecc47237e89d26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f52-391c-4015-adb1-443b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:18.000Z",
"modified": "2015-08-25T13:36:18.000Z",
"description": "Sakula malware - Xchecked via VT: e804f5d88ceb937b6ce0c900260793d3",
"pattern": "[file:hashes.SHA1 = '1433f0b9e4a11af5a9c08479204c015867653f67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f52-2288-4612-94f6-45c6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:18.000Z",
"modified": "2015-08-25T13:36:18.000Z",
"first_observed": "2015-08-25T13:36:18Z",
"last_observed": "2015-08-25T13:36:18Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f52-2288-4612-94f6-45c6950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f52-2288-4612-94f6-45c6950d210b",
"value": "https://www.virustotal.com/file/711b1ed8debc066d211ec703468d75af5f3e08185870e808cbecc47237e89d26/analysis/1434993962/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f52-8b24-4e92-bad8-4ce9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:18.000Z",
"modified": "2015-08-25T13:36:18.000Z",
"description": "Sakula malware - Xchecked via VT: e7139a2e1e28efd6c303dc28f676ffe3",
"pattern": "[file:hashes.SHA256 = 'dca5cf72aa499ad4c834fcd4148727c303a4f6b7877c8ce8167eb7eefb6d2f6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f53-0fbc-4d8f-9064-4b43950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:19.000Z",
"modified": "2015-08-25T13:36:19.000Z",
"description": "Sakula malware - Xchecked via VT: e7139a2e1e28efd6c303dc28f676ffe3",
"pattern": "[file:hashes.SHA1 = '3ba21e1db2977fcd91099e1de3129418aee8bad7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f53-073c-4a26-b964-4711950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:19.000Z",
"modified": "2015-08-25T13:36:19.000Z",
"first_observed": "2015-08-25T13:36:19Z",
"last_observed": "2015-08-25T13:36:19Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f53-073c-4a26-b964-4711950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f53-073c-4a26-b964-4711950d210b",
"value": "https://www.virustotal.com/file/dca5cf72aa499ad4c834fcd4148727c303a4f6b7877c8ce8167eb7eefb6d2f6e/analysis/1434993903/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f53-e9dc-44f8-8613-47e4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:19.000Z",
"modified": "2015-08-25T13:36:19.000Z",
"description": "Sakula malware - Xchecked via VT: e36028a1bf428bb5a0993dc445deb5b8",
"pattern": "[file:hashes.SHA256 = '2756c762aae93f553bcd65968ef1ade8a2884f7cefcc5aa7c7ccc22e8a97bde8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f53-0bb8-460f-a5a5-4a9f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:19.000Z",
"modified": "2015-08-25T13:36:19.000Z",
"description": "Sakula malware - Xchecked via VT: e36028a1bf428bb5a0993dc445deb5b8",
"pattern": "[file:hashes.SHA1 = '9f43ac88662fa6c3603ddf5eba326a4d398b6773']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f53-e75c-4786-963b-4bde950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:19.000Z",
"modified": "2015-08-25T13:36:19.000Z",
"first_observed": "2015-08-25T13:36:19Z",
"last_observed": "2015-08-25T13:36:19Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f53-e75c-4786-963b-4bde950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f53-e75c-4786-963b-4bde950d210b",
"value": "https://www.virustotal.com/file/2756c762aae93f553bcd65968ef1ade8a2884f7cefcc5aa7c7ccc22e8a97bde8/analysis/1434998823/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f53-9574-4b4e-8faa-4257950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:19.000Z",
"modified": "2015-08-25T13:36:19.000Z",
"description": "Sakula malware - Xchecked via VT: e1ccd9f1696e4bf943fa2816356a443b",
"pattern": "[file:hashes.SHA256 = 'a625902d7ae8702103cc4d1852d7f82b894f6ca0bd9042dda1bc1d3417638f65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f54-d4b8-4377-b1eb-479a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:20.000Z",
"modified": "2015-08-25T13:36:20.000Z",
"description": "Sakula malware - Xchecked via VT: e1ccd9f1696e4bf943fa2816356a443b",
"pattern": "[file:hashes.SHA1 = '5bc988d3e354fd09ef8c38ec0e2ebd3a80cc119b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f54-1594-4db5-bba1-4787950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:20.000Z",
"modified": "2015-08-25T13:36:20.000Z",
"first_observed": "2015-08-25T13:36:20Z",
"last_observed": "2015-08-25T13:36:20Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f54-1594-4db5-bba1-4787950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f54-1594-4db5-bba1-4787950d210b",
"value": "https://www.virustotal.com/file/a625902d7ae8702103cc4d1852d7f82b894f6ca0bd9042dda1bc1d3417638f65/analysis/1434995340/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f54-71d4-4005-9add-4686950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:20.000Z",
"modified": "2015-08-25T13:36:20.000Z",
"description": "Sakula malware - Xchecked via VT: e1b53ff413915e03245807b2eba504eb",
"pattern": "[file:hashes.SHA256 = 'e441cf041c8c8d34f62ce404e66602e17e2dcbb40dd0efae4e611ed8e3e2a79b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f54-36a4-4525-803c-42a5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:20.000Z",
"modified": "2015-08-25T13:36:20.000Z",
"description": "Sakula malware - Xchecked via VT: e1b53ff413915e03245807b2eba504eb",
"pattern": "[file:hashes.SHA1 = '32fd151a8ec09bad5cd1bb50d3ed4e2a0c2dbb5b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f54-2f1c-4240-8a2f-4e4c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:20.000Z",
"modified": "2015-08-25T13:36:20.000Z",
"first_observed": "2015-08-25T13:36:20Z",
"last_observed": "2015-08-25T13:36:20Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f54-2f1c-4240-8a2f-4e4c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f54-2f1c-4240-8a2f-4e4c950d210b",
"value": "https://www.virustotal.com/file/e441cf041c8c8d34f62ce404e66602e17e2dcbb40dd0efae4e611ed8e3e2a79b/analysis/1434998887/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f55-797c-42ac-bb61-45da950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:21.000Z",
"modified": "2015-08-25T13:36:21.000Z",
"description": "Sakula malware - Xchecked via VT: e13bf40bbdbba86d638c04e0d72de268",
"pattern": "[file:hashes.SHA256 = '5576012d43193813cdca2a5d95daef6041ea7a2e952d469221a7416e9465f00a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f55-8750-44d4-a812-46e9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:21.000Z",
"modified": "2015-08-25T13:36:21.000Z",
"description": "Sakula malware - Xchecked via VT: e13bf40bbdbba86d638c04e0d72de268",
"pattern": "[file:hashes.SHA1 = '4b28b1c9ff69a8f323d199aa3328de87fc730e74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f55-6ef4-427f-b625-4a33950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:21.000Z",
"modified": "2015-08-25T13:36:21.000Z",
"first_observed": "2015-08-25T13:36:21Z",
"last_observed": "2015-08-25T13:36:21Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f55-6ef4-427f-b625-4a33950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f55-6ef4-427f-b625-4a33950d210b",
"value": "https://www.virustotal.com/file/5576012d43193813cdca2a5d95daef6041ea7a2e952d469221a7416e9465f00a/analysis/1434998943/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f55-4cec-4602-b240-4ea9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:21.000Z",
"modified": "2015-08-25T13:36:21.000Z",
"description": "Sakula malware - Xchecked via VT: e0b6a8e23e0d586663e74f1e1d755ae0",
"pattern": "[file:hashes.SHA256 = 'df51c895bed49da62f0afc10c6654d13d0b51148a2b5e62d6f681f32fec87f05']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f55-5b8c-4162-a0b9-4540950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:21.000Z",
"modified": "2015-08-25T13:36:21.000Z",
"description": "Sakula malware - Xchecked via VT: e0b6a8e23e0d586663e74f1e1d755ae0",
"pattern": "[file:hashes.SHA1 = '089f0e786b460fbb2f16af086e70fc2241f2b585']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f55-121c-41fb-aa8c-4462950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:21.000Z",
"modified": "2015-08-25T13:36:21.000Z",
"first_observed": "2015-08-25T13:36:21Z",
"last_observed": "2015-08-25T13:36:21Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f55-121c-41fb-aa8c-4462950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f55-121c-41fb-aa8c-4462950d210b",
"value": "https://www.virustotal.com/file/df51c895bed49da62f0afc10c6654d13d0b51148a2b5e62d6f681f32fec87f05/analysis/1434999004/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f56-8904-4c57-b238-4ef8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:22.000Z",
"modified": "2015-08-25T13:36:22.000Z",
"description": "Sakula malware - Xchecked via VT: dfea1e69d2f5d84a1b6c6b67b01b7ff8",
"pattern": "[file:hashes.SHA256 = '6cb3b6edf55876576baca05584e801d0d5efa8e99bffedbc2597f28fbf5014cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f56-0058-4c60-a089-4f70950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:22.000Z",
"modified": "2015-08-25T13:36:22.000Z",
"description": "Sakula malware - Xchecked via VT: dfea1e69d2f5d84a1b6c6b67b01b7ff8",
"pattern": "[file:hashes.SHA1 = '77f08cf8ac230a4a12bb0fd41110939d2e37022e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f56-00ac-4b37-977b-4b38950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:22.000Z",
"modified": "2015-08-25T13:36:22.000Z",
"first_observed": "2015-08-25T13:36:22Z",
"last_observed": "2015-08-25T13:36:22Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f56-00ac-4b37-977b-4b38950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f56-00ac-4b37-977b-4b38950d210b",
"value": "https://www.virustotal.com/file/6cb3b6edf55876576baca05584e801d0d5efa8e99bffedbc2597f28fbf5014cb/analysis/1434999069/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f56-a214-4e87-a675-4c38950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:22.000Z",
"modified": "2015-08-25T13:36:22.000Z",
"description": "Sakula malware - Xchecked via VT: df15e0f3169f65080ee7d783c061cda3",
"pattern": "[file:hashes.SHA256 = '66bc68c9cc4667d746c28310a5c9db37842d08f6ce37c081b57665e59efd04df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f56-4984-4fbb-88e5-454f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:22.000Z",
"modified": "2015-08-25T13:36:22.000Z",
"description": "Sakula malware - Xchecked via VT: df15e0f3169f65080ee7d783c061cda3",
"pattern": "[file:hashes.SHA1 = '41432b545cb825ff2ff3767ce61ab6ed30641acd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f56-d304-4493-b917-478c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:22.000Z",
"modified": "2015-08-25T13:36:22.000Z",
"first_observed": "2015-08-25T13:36:22Z",
"last_observed": "2015-08-25T13:36:22Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f56-d304-4493-b917-478c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f56-d304-4493-b917-478c950d210b",
"value": "https://www.virustotal.com/file/66bc68c9cc4667d746c28310a5c9db37842d08f6ce37c081b57665e59efd04df/analysis/1434999185/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f57-5dd0-404d-b4fa-4e73950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:23.000Z",
"modified": "2015-08-25T13:36:23.000Z",
"description": "Sakula malware - Xchecked via VT: dc7469f6b18cfce712156e3988d238d2",
"pattern": "[file:hashes.SHA256 = 'fb7a8202ebd36f172480e8e796a3a2923a387ae0b0a75cf20c7aff1dad586742']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f57-acc4-4357-ba64-449f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:23.000Z",
"modified": "2015-08-25T13:36:23.000Z",
"description": "Sakula malware - Xchecked via VT: dc7469f6b18cfce712156e3988d238d2",
"pattern": "[file:hashes.SHA1 = 'ef75f0f5ee772090018c1e887ef79c280c5a00d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f57-6370-4659-a171-4809950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:23.000Z",
"modified": "2015-08-25T13:36:23.000Z",
"first_observed": "2015-08-25T13:36:23Z",
"last_observed": "2015-08-25T13:36:23Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f57-6370-4659-a171-4809950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f57-6370-4659-a171-4809950d210b",
"value": "https://www.virustotal.com/file/fb7a8202ebd36f172480e8e796a3a2923a387ae0b0a75cf20c7aff1dad586742/analysis/1434999307/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f57-e1e4-4255-8f83-4950950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:23.000Z",
"modified": "2015-08-25T13:36:23.000Z",
"description": "Sakula malware - Xchecked via VT: d875a70c4b07dcc18770870c9c1d2abd",
"pattern": "[file:hashes.SHA256 = 'cd0853891b6bcef8a1e913514a31f7207cedf109b5f72d8a87e3b8e2103cd39c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f57-2ef4-4b5f-847f-40cf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:23.000Z",
"modified": "2015-08-25T13:36:23.000Z",
"description": "Sakula malware - Xchecked via VT: d875a70c4b07dcc18770870c9c1d2abd",
"pattern": "[file:hashes.SHA1 = '2136967db3f4390fe75a0c6254a62ef08fec3f7d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f57-4e64-405a-9994-43f2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:23.000Z",
"modified": "2015-08-25T13:36:23.000Z",
"first_observed": "2015-08-25T13:36:23Z",
"last_observed": "2015-08-25T13:36:23Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f57-4e64-405a-9994-43f2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f57-4e64-405a-9994-43f2950d210b",
"value": "https://www.virustotal.com/file/cd0853891b6bcef8a1e913514a31f7207cedf109b5f72d8a87e3b8e2103cd39c/analysis/1434999427/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f58-8918-4757-8fbc-4bf0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:24.000Z",
"modified": "2015-08-25T13:36:24.000Z",
"description": "Sakula malware - Xchecked via VT: d82230d1ac02405d16530f849abdde0b",
"pattern": "[file:hashes.SHA256 = '56780e7d3f7ab1c49a54e248489cd1a36e04404c1016e590ce17ac008a7ba24e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f58-2448-48f7-a0c9-4f62950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:24.000Z",
"modified": "2015-08-25T13:36:24.000Z",
"description": "Sakula malware - Xchecked via VT: d82230d1ac02405d16530f849abdde0b",
"pattern": "[file:hashes.SHA1 = 'bf0a067fc4e334956983354c887a99d25f203365']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f58-cb60-4924-a43c-4507950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:24.000Z",
"modified": "2015-08-25T13:36:24.000Z",
"first_observed": "2015-08-25T13:36:24Z",
"last_observed": "2015-08-25T13:36:24Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f58-cb60-4924-a43c-4507950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f58-cb60-4924-a43c-4507950d210b",
"value": "https://www.virustotal.com/file/56780e7d3f7ab1c49a54e248489cd1a36e04404c1016e590ce17ac008a7ba24e/analysis/1434999447/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f58-69bc-481d-8fd9-414a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:24.000Z",
"modified": "2015-08-25T13:36:24.000Z",
"description": "Sakula malware - Xchecked via VT: d810b773e694279ece31106c26fb2869",
"pattern": "[file:hashes.SHA256 = 'a9f87bfeff12bd28bf7edced826f9c4577496334332ce96f0a3fa0d9615ce22f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f58-7724-482e-a769-4100950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:24.000Z",
"modified": "2015-08-25T13:36:24.000Z",
"description": "Sakula malware - Xchecked via VT: d810b773e694279ece31106c26fb2869",
"pattern": "[file:hashes.SHA1 = '53e61063698ebf1b97be390a2eeca6f20234aec5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f58-7d74-43a9-93bf-4055950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:24.000Z",
"modified": "2015-08-25T13:36:24.000Z",
"first_observed": "2015-08-25T13:36:24Z",
"last_observed": "2015-08-25T13:36:24Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f58-7d74-43a9-93bf-4055950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f58-7d74-43a9-93bf-4055950d210b",
"value": "https://www.virustotal.com/file/a9f87bfeff12bd28bf7edced826f9c4577496334332ce96f0a3fa0d9615ce22f/analysis/1434999483/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f59-2d48-4381-9556-444e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:25.000Z",
"modified": "2015-08-25T13:36:25.000Z",
"description": "Sakula malware - Xchecked via VT: d7351f6937379dbbeedc83d37a86e794",
"pattern": "[file:hashes.SHA256 = 'c039a4cad765d503ba3ffacc94d76ef0108a2fdcd74f71d2e848b9c8d1884e64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f59-3e78-4b85-a1ad-4db3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:25.000Z",
"modified": "2015-08-25T13:36:25.000Z",
"description": "Sakula malware - Xchecked via VT: d7351f6937379dbbeedc83d37a86e794",
"pattern": "[file:hashes.SHA1 = '65952b8eeff287a8f775bf8a5ad23b75b42f22c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f59-9af0-4f28-97a8-4e49950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:25.000Z",
"modified": "2015-08-25T13:36:25.000Z",
"first_observed": "2015-08-25T13:36:25Z",
"last_observed": "2015-08-25T13:36:25Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f59-9af0-4f28-97a8-4e49950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f59-9af0-4f28-97a8-4e49950d210b",
"value": "https://www.virustotal.com/file/c039a4cad765d503ba3ffacc94d76ef0108a2fdcd74f71d2e848b9c8d1884e64/analysis/1434999502/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f59-a854-423f-8282-4096950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:25.000Z",
"modified": "2015-08-25T13:36:25.000Z",
"description": "Sakula malware - Xchecked via VT: d5d6881b4bef3544d9067b71af3287eb",
"pattern": "[file:hashes.SHA256 = '2b9f38b1b814e78fffe2401f6109406474cb35e3e7eb4bb3fb152dc87888f930']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f59-05b4-456e-82e5-4bf9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:25.000Z",
"modified": "2015-08-25T13:36:25.000Z",
"description": "Sakula malware - Xchecked via VT: d5d6881b4bef3544d9067b71af3287eb",
"pattern": "[file:hashes.SHA1 = '38bc4e34e150e1436a72c3fd23dde61279363981']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f5a-c06c-4994-a531-4c14950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:26.000Z",
"modified": "2015-08-25T13:36:26.000Z",
"first_observed": "2015-08-25T13:36:26Z",
"last_observed": "2015-08-25T13:36:26Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f5a-c06c-4994-a531-4c14950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f5a-c06c-4994-a531-4c14950d210b",
"value": "https://www.virustotal.com/file/2b9f38b1b814e78fffe2401f6109406474cb35e3e7eb4bb3fb152dc87888f930/analysis/1434999543/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5a-1e54-4e27-bfec-475b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:26.000Z",
"modified": "2015-08-25T13:36:26.000Z",
"description": "Sakula malware - Xchecked via VT: d57075de72308ed72d8f7e1af9ce8431",
"pattern": "[file:hashes.SHA256 = '372425f69eeac6903bb56a44de2599784e48f3bccc5e6cd1ae4598925da964fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5a-2470-43cb-8797-4089950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:26.000Z",
"modified": "2015-08-25T13:36:26.000Z",
"description": "Sakula malware - Xchecked via VT: d57075de72308ed72d8f7e1af9ce8431",
"pattern": "[file:hashes.SHA1 = '6733c97d79bebb68465f9011b16f32fa97e8fd69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f5a-41fc-4ac2-8b0d-4528950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:26.000Z",
"modified": "2015-08-25T13:36:26.000Z",
"first_observed": "2015-08-25T13:36:26Z",
"last_observed": "2015-08-25T13:36:26Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f5a-41fc-4ac2-8b0d-4528950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f5a-41fc-4ac2-8b0d-4528950d210b",
"value": "https://www.virustotal.com/file/372425f69eeac6903bb56a44de2599784e48f3bccc5e6cd1ae4598925da964fe/analysis/1434999563/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5a-a6a4-43e0-a34c-427f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:26.000Z",
"modified": "2015-08-25T13:36:26.000Z",
"description": "Sakula malware - Xchecked via VT: d3cb441f03e8370155381d74c2b7d827",
"pattern": "[file:hashes.SHA256 = '523d6a6dee7b77c7bb6f0ac84fa81b1ef024f2890feb8fc6958fa5f6bb35bac9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5a-bd04-489e-8891-489c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:26.000Z",
"modified": "2015-08-25T13:36:26.000Z",
"description": "Sakula malware - Xchecked via VT: d3cb441f03e8370155381d74c2b7d827",
"pattern": "[file:hashes.SHA1 = '5d5e6aa610d7c2e83e4d46d660ada121ca7946c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f5b-ee64-4f5f-81a6-43e3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:27.000Z",
"modified": "2015-08-25T13:36:27.000Z",
"first_observed": "2015-08-25T13:36:27Z",
"last_observed": "2015-08-25T13:36:27Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f5b-ee64-4f5f-81a6-43e3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f5b-ee64-4f5f-81a6-43e3950d210b",
"value": "https://www.virustotal.com/file/523d6a6dee7b77c7bb6f0ac84fa81b1ef024f2890feb8fc6958fa5f6bb35bac9/analysis/1434999607/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5b-3904-42ee-8b32-42be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:27.000Z",
"modified": "2015-08-25T13:36:27.000Z",
"description": "Sakula malware - Xchecked via VT: d2a27b9acb8dc9a9adbde76d2a10a189",
"pattern": "[file:hashes.SHA256 = '7fef78d450dc9a044e96e96d3e52e29ffcb6c638efc6a9d0e5238c52061044fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5b-220c-425f-9834-40d1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:27.000Z",
"modified": "2015-08-25T13:36:27.000Z",
"description": "Sakula malware - Xchecked via VT: d2a27b9acb8dc9a9adbde76d2a10a189",
"pattern": "[file:hashes.SHA1 = '478f296f219a7fbae29d1bd6d914521e30902f90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f5b-14cc-49c2-8ac4-453c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:27.000Z",
"modified": "2015-08-25T13:36:27.000Z",
"first_observed": "2015-08-25T13:36:27Z",
"last_observed": "2015-08-25T13:36:27Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f5b-14cc-49c2-8ac4-453c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f5b-14cc-49c2-8ac4-453c950d210b",
"value": "https://www.virustotal.com/file/7fef78d450dc9a044e96e96d3e52e29ffcb6c638efc6a9d0e5238c52061044fb/analysis/1434999626/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5b-a194-42ee-8820-4e0b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:27.000Z",
"modified": "2015-08-25T13:36:27.000Z",
"description": "Sakula malware - Xchecked via VT: d1f0ff695021aed31ada3397ad1f491e",
"pattern": "[file:hashes.SHA256 = '23b54351664c71eb9492d1df10e8d2a7c3f5ddce3048441a5311f80bb3510a43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5b-ad90-409b-ad4d-4b64950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:27.000Z",
"modified": "2015-08-25T13:36:27.000Z",
"description": "Sakula malware - Xchecked via VT: d1f0ff695021aed31ada3397ad1f491e",
"pattern": "[file:hashes.SHA1 = 'b01dfedb4353beebe2c7099f12d54b330210e7ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f5c-fadc-45ff-90c4-4cce950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:28.000Z",
"modified": "2015-08-25T13:36:28.000Z",
"first_observed": "2015-08-25T13:36:28Z",
"last_observed": "2015-08-25T13:36:28Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f5c-fadc-45ff-90c4-4cce950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f5c-fadc-45ff-90c4-4cce950d210b",
"value": "https://www.virustotal.com/file/23b54351664c71eb9492d1df10e8d2a7c3f5ddce3048441a5311f80bb3510a43/analysis/1434999662/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5c-cdd0-47af-befd-4516950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:28.000Z",
"modified": "2015-08-25T13:36:28.000Z",
"description": "Sakula malware - Xchecked via VT: cfd1eb4ccdeea554d8cffa17021ffbfa",
"pattern": "[file:hashes.SHA256 = 'a3d74f6c50713b638acb08c384e6ed2b0a3859693326d8bdbd2a37074e3b5ed4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5c-846c-4f9c-a229-4cb6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:28.000Z",
"modified": "2015-08-25T13:36:28.000Z",
"description": "Sakula malware - Xchecked via VT: cfd1eb4ccdeea554d8cffa17021ffbfa",
"pattern": "[file:hashes.SHA1 = '82459c4e706dd815406323baaaf1fc389ca72c07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f5c-0a5c-45ca-9859-427a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:28.000Z",
"modified": "2015-08-25T13:36:28.000Z",
"first_observed": "2015-08-25T13:36:28Z",
"last_observed": "2015-08-25T13:36:28Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f5c-0a5c-45ca-9859-427a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f5c-0a5c-45ca-9859-427a950d210b",
"value": "https://www.virustotal.com/file/a3d74f6c50713b638acb08c384e6ed2b0a3859693326d8bdbd2a37074e3b5ed4/analysis/1434999681/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5c-d8cc-44dc-bfa1-4b0b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:28.000Z",
"modified": "2015-08-25T13:36:28.000Z",
"description": "Sakula malware - Xchecked via VT: cd1c95aa6f45101735d444aeb447225c",
"pattern": "[file:hashes.SHA256 = 'd8c3da5b096e08c582c9364e7cfb100d010c7c2cac4523a38d7e6256b92eb58e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5c-597c-42e4-b9b7-4942950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:28.000Z",
"modified": "2015-08-25T13:36:28.000Z",
"description": "Sakula malware - Xchecked via VT: cd1c95aa6f45101735d444aeb447225c",
"pattern": "[file:hashes.SHA1 = '9d19f2899082eab01dfca20ce07026189abae04f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f5d-3b88-4132-9f4f-4275950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:29.000Z",
"modified": "2015-08-25T13:36:29.000Z",
"first_observed": "2015-08-25T13:36:29Z",
"last_observed": "2015-08-25T13:36:29Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f5d-3b88-4132-9f4f-4275950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f5d-3b88-4132-9f4f-4275950d210b",
"value": "https://www.virustotal.com/file/d8c3da5b096e08c582c9364e7cfb100d010c7c2cac4523a38d7e6256b92eb58e/analysis/1434999727/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5d-6754-4e5c-a7aa-4368950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:29.000Z",
"modified": "2015-08-25T13:36:29.000Z",
"description": "Sakula malware - Xchecked via VT: c6eab24761a223e6c6f1a9d15ecca08a",
"pattern": "[file:hashes.SHA256 = '63a626d0841ed7827a378c328fcacec307d67521cb4412bcebaa529d91de8033']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5d-24d0-4334-baca-4b38950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:29.000Z",
"modified": "2015-08-25T13:36:29.000Z",
"description": "Sakula malware - Xchecked via VT: c6eab24761a223e6c6f1a9d15ecca08a",
"pattern": "[file:hashes.SHA1 = '01f6233610a40a6c3ecbc7bab3047c61f5b7b328']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f5d-a71c-4d85-b97b-4fc0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:29.000Z",
"modified": "2015-08-25T13:36:29.000Z",
"first_observed": "2015-08-25T13:36:29Z",
"last_observed": "2015-08-25T13:36:29Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f5d-a71c-4d85-b97b-4fc0950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f5d-a71c-4d85-b97b-4fc0950d210b",
"value": "https://www.virustotal.com/file/63a626d0841ed7827a378c328fcacec307d67521cb4412bcebaa529d91de8033/analysis/1434999908/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5d-2690-4590-91bf-4ff1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:29.000Z",
"modified": "2015-08-25T13:36:29.000Z",
"description": "Sakula malware - Xchecked via VT: c6d1954b58a17bd203e7b6be9d5047d8",
"pattern": "[file:hashes.SHA256 = 'ec681566b955d0b709c5a3a4d09056d84ad3a7efd68a837d1bbcf51cdac10e84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5d-ad80-4aa8-8774-4059950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:29.000Z",
"modified": "2015-08-25T13:36:29.000Z",
"description": "Sakula malware - Xchecked via VT: c6d1954b58a17bd203e7b6be9d5047d8",
"pattern": "[file:hashes.SHA1 = '9cebfa04cd2af4b4aa5d9c56ba271af2af6cc777']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f5e-10e8-4d11-ad0d-402b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:30.000Z",
"modified": "2015-08-25T13:36:30.000Z",
"first_observed": "2015-08-25T13:36:30Z",
"last_observed": "2015-08-25T13:36:30Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f5e-10e8-4d11-ad0d-402b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f5e-10e8-4d11-ad0d-402b950d210b",
"value": "https://www.virustotal.com/file/ec681566b955d0b709c5a3a4d09056d84ad3a7efd68a837d1bbcf51cdac10e84/analysis/1434999927/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5e-87b4-47d4-9156-4978950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:30.000Z",
"modified": "2015-08-25T13:36:30.000Z",
"description": "Sakula malware - Xchecked via VT: c66b335fb606b542206b5a321beb2a76",
"pattern": "[file:hashes.SHA256 = 'caae5733cd0296daa11b9ada45cb675cd014f9858b77c479c37f4fef205f2af7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5e-4a68-4097-acf3-4976950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:30.000Z",
"modified": "2015-08-25T13:36:30.000Z",
"description": "Sakula malware - Xchecked via VT: c66b335fb606b542206b5a321beb2a76",
"pattern": "[file:hashes.SHA1 = '379445450d144ffba2226b983017ebafb6d2d6fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f5e-9bcc-452b-baf3-4dc2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:30.000Z",
"modified": "2015-08-25T13:36:30.000Z",
"first_observed": "2015-08-25T13:36:30Z",
"last_observed": "2015-08-25T13:36:30Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f5e-9bcc-452b-baf3-4dc2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f5e-9bcc-452b-baf3-4dc2950d210b",
"value": "https://www.virustotal.com/file/caae5733cd0296daa11b9ada45cb675cd014f9858b77c479c37f4fef205f2af7/analysis/1434999963/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5e-9760-49c3-a7b4-4b07950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:30.000Z",
"modified": "2015-08-25T13:36:30.000Z",
"description": "Sakula malware - Xchecked via VT: c5933a7ca469e98f7799c3ab52a1bc3c",
"pattern": "[file:hashes.SHA256 = 'f02d6f8241c1bf13725a837749ea358830f9bba2c100fdd442a61402451c0821']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5f-a6e4-4e0c-a401-4b86950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:31.000Z",
"modified": "2015-08-25T13:36:31.000Z",
"description": "Sakula malware - Xchecked via VT: c5933a7ca469e98f7799c3ab52a1bc3c",
"pattern": "[file:hashes.SHA1 = 'a7ad2eb3f58ac1f1292714104662e9f1e2b2f0ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f5f-e5f8-4e3e-88be-4ccc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:31.000Z",
"modified": "2015-08-25T13:36:31.000Z",
"first_observed": "2015-08-25T13:36:31Z",
"last_observed": "2015-08-25T13:36:31Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f5f-e5f8-4e3e-88be-4ccc950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f5f-e5f8-4e3e-88be-4ccc950d210b",
"value": "https://www.virustotal.com/file/f02d6f8241c1bf13725a837749ea358830f9bba2c100fdd442a61402451c0821/analysis/1434999982/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5f-56ac-4ec8-ba27-4dd7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:31.000Z",
"modified": "2015-08-25T13:36:31.000Z",
"description": "Sakula malware - Xchecked via VT: bf35690e72a3fbd66ff721bd14a6599e",
"pattern": "[file:hashes.SHA256 = '1b073f476d1e04f9b1a29198cbe060e244e0c42c8c1f7f1344acc2dc7eeb5059']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5f-ea7c-44b7-a3bd-4591950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:31.000Z",
"modified": "2015-08-25T13:36:31.000Z",
"description": "Sakula malware - Xchecked via VT: bf35690e72a3fbd66ff721bd14a6599e",
"pattern": "[file:hashes.SHA1 = '593452f51af494137acf75c3eb6e5c6f103e7c61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f5f-7d58-4243-8e12-468d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:31.000Z",
"modified": "2015-08-25T13:36:31.000Z",
"first_observed": "2015-08-25T13:36:31Z",
"last_observed": "2015-08-25T13:36:31Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f5f-7d58-4243-8e12-468d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f5f-7d58-4243-8e12-468d950d210b",
"value": "https://www.virustotal.com/file/1b073f476d1e04f9b1a29198cbe060e244e0c42c8c1f7f1344acc2dc7eeb5059/analysis/1435000201/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f5f-4744-43f7-b355-4780950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:31.000Z",
"modified": "2015-08-25T13:36:31.000Z",
"description": "Sakula malware - Xchecked via VT: bdb6a8a95e5af85d8b36d73ba33ec691",
"pattern": "[file:hashes.SHA256 = 'f51c3cc5b4eb2e0b4df6667e94b312d6c92f4466669f2a7950db5ccaa96d2a64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f60-a128-49c5-b76d-408b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:32.000Z",
"modified": "2015-08-25T13:36:32.000Z",
"description": "Sakula malware - Xchecked via VT: bdb6a8a95e5af85d8b36d73ba33ec691",
"pattern": "[file:hashes.SHA1 = '93b73cab9d4581ee8954cb7b2adea7e5c1a9ac0d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f60-6fc8-4a57-a242-44b6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:32.000Z",
"modified": "2015-08-25T13:36:32.000Z",
"first_observed": "2015-08-25T13:36:32Z",
"last_observed": "2015-08-25T13:36:32Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f60-6fc8-4a57-a242-44b6950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f60-6fc8-4a57-a242-44b6950d210b",
"value": "https://www.virustotal.com/file/f51c3cc5b4eb2e0b4df6667e94b312d6c92f4466669f2a7950db5ccaa96d2a64/analysis/1435000221/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f60-78e0-4dbd-a5d2-49b3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:32.000Z",
"modified": "2015-08-25T13:36:32.000Z",
"description": "Sakula malware - Xchecked via VT: bd48ca50da3b76aa497f28d842954c12",
"pattern": "[file:hashes.SHA256 = '993fa11e67cae4e8f53491e6132bc4cd63fc75ce415eadc1630c9c6aa4a229af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f60-088c-4073-8fa7-4d95950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:32.000Z",
"modified": "2015-08-25T13:36:32.000Z",
"description": "Sakula malware - Xchecked via VT: bd48ca50da3b76aa497f28d842954c12",
"pattern": "[file:hashes.SHA1 = '8635acdc1d7693e092a4a4f7789cdbc5589e53d8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f60-b4cc-4d16-a24e-4550950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:32.000Z",
"modified": "2015-08-25T13:36:32.000Z",
"first_observed": "2015-08-25T13:36:32Z",
"last_observed": "2015-08-25T13:36:32Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f60-b4cc-4d16-a24e-4550950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f60-b4cc-4d16-a24e-4550950d210b",
"value": "https://www.virustotal.com/file/993fa11e67cae4e8f53491e6132bc4cd63fc75ce415eadc1630c9c6aa4a229af/analysis/1436840959/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f60-f0dc-4af8-85d3-4b08950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:32.000Z",
"modified": "2015-08-25T13:36:32.000Z",
"description": "Sakula malware - Xchecked via VT: bb57362757182b928d66d4963104ffe8",
"pattern": "[file:hashes.SHA256 = '7196802e1634b56f2dda7f5c63bd4698f9084e832630ec4c2cefa8884fe023a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f61-a318-4ae4-a5f3-4ef3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:33.000Z",
"modified": "2015-08-25T13:36:33.000Z",
"description": "Sakula malware - Xchecked via VT: bb57362757182b928d66d4963104ffe8",
"pattern": "[file:hashes.SHA1 = '1973a05e8f4cdc69fcfd4cbadf80587ea701d0e4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f61-0e08-402b-9705-4797950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:33.000Z",
"modified": "2015-08-25T13:36:33.000Z",
"first_observed": "2015-08-25T13:36:33Z",
"last_observed": "2015-08-25T13:36:33Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f61-0e08-402b-9705-4797950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f61-0e08-402b-9705-4797950d210b",
"value": "https://www.virustotal.com/file/7196802e1634b56f2dda7f5c63bd4698f9084e832630ec4c2cefa8884fe023a8/analysis/1434993780/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f61-7858-4cfe-88d1-4e37950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:33.000Z",
"modified": "2015-08-25T13:36:33.000Z",
"description": "Sakula malware - Xchecked via VT: ba5415f34927a356d4aaffb4bd7fe907",
"pattern": "[file:hashes.SHA256 = '8da1fb681608468360c61483427558d718a4e189742d8e8c817daa0ca1664ba8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f61-6920-4025-bed6-45e0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:33.000Z",
"modified": "2015-08-25T13:36:33.000Z",
"description": "Sakula malware - Xchecked via VT: ba5415f34927a356d4aaffb4bd7fe907",
"pattern": "[file:hashes.SHA1 = '840ec51e0f32c85dbc7107d4fc644277faaf052f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f61-0d28-4396-a722-4e74950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:33.000Z",
"modified": "2015-08-25T13:36:33.000Z",
"first_observed": "2015-08-25T13:36:33Z",
"last_observed": "2015-08-25T13:36:33Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f61-0d28-4396-a722-4e74950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f61-0d28-4396-a722-4e74950d210b",
"value": "https://www.virustotal.com/file/8da1fb681608468360c61483427558d718a4e189742d8e8c817daa0ca1664ba8/analysis/1435000345/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f61-85e8-4d5f-b274-4bd3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:33.000Z",
"modified": "2015-08-25T13:36:33.000Z",
"description": "Sakula malware - Xchecked via VT: b8346b4a5f8b4a6d79814f9824940504",
"pattern": "[file:hashes.SHA256 = '391c407f5d091ee3e521ecfe9abfdc0771d01dc086090b99e9b0d2fc19f04ee1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f62-1084-4d1a-9511-4163950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:34.000Z",
"modified": "2015-08-25T13:36:34.000Z",
"description": "Sakula malware - Xchecked via VT: b8346b4a5f8b4a6d79814f9824940504",
"pattern": "[file:hashes.SHA1 = 'f957d93e9ac2eabb3f77c38266e549db2dc34df8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f62-5bc4-44f0-a363-4422950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:34.000Z",
"modified": "2015-08-25T13:36:34.000Z",
"first_observed": "2015-08-25T13:36:34Z",
"last_observed": "2015-08-25T13:36:34Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f62-5bc4-44f0-a363-4422950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f62-5bc4-44f0-a363-4422950d210b",
"value": "https://www.virustotal.com/file/391c407f5d091ee3e521ecfe9abfdc0771d01dc086090b99e9b0d2fc19f04ee1/analysis/1435000398/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f62-f140-46bb-b40a-474a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:34.000Z",
"modified": "2015-08-25T13:36:34.000Z",
"description": "Sakula malware - Xchecked via VT: b6b3e7b18384bb632602662a7f559bcd",
"pattern": "[file:hashes.SHA256 = '757b9ce02f954e646c803bf402bbdc697c642049e1730e4822db5e7864a1cce6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f62-16ac-4f9e-8e53-4629950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:34.000Z",
"modified": "2015-08-25T13:36:34.000Z",
"description": "Sakula malware - Xchecked via VT: b6b3e7b18384bb632602662a7f559bcd",
"pattern": "[file:hashes.SHA1 = 'e791e376afa6b555727ed534a69f85bfc0a744b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f62-28a8-497d-a89c-4ab1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:34.000Z",
"modified": "2015-08-25T13:36:34.000Z",
"first_observed": "2015-08-25T13:36:34Z",
"last_observed": "2015-08-25T13:36:34Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f62-28a8-497d-a89c-4ab1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f62-28a8-497d-a89c-4ab1950d210b",
"value": "https://www.virustotal.com/file/757b9ce02f954e646c803bf402bbdc697c642049e1730e4822db5e7864a1cce6/analysis/1434999002/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f62-9384-4680-8a50-4fae950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:34.000Z",
"modified": "2015-08-25T13:36:34.000Z",
"description": "Sakula malware - Xchecked via VT: b38c4766ec0c5fb9b9e70af0b7414e78",
"pattern": "[file:hashes.SHA256 = '518707434ba01c53a40928e45f1ce8ddef92b4b6c910fd46bac8528020100b5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f63-e490-4f89-99ae-45ee950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:35.000Z",
"modified": "2015-08-25T13:36:35.000Z",
"description": "Sakula malware - Xchecked via VT: b38c4766ec0c5fb9b9e70af0b7414e78",
"pattern": "[file:hashes.SHA1 = 'dd28c979bfa39a9aae496930f3604852fabf1505']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f63-ff38-4de8-a945-4268950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:35.000Z",
"modified": "2015-08-25T13:36:35.000Z",
"first_observed": "2015-08-25T13:36:35Z",
"last_observed": "2015-08-25T13:36:35Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f63-ff38-4de8-a945-4268950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f63-ff38-4de8-a945-4268950d210b",
"value": "https://www.virustotal.com/file/518707434ba01c53a40928e45f1ce8ddef92b4b6c910fd46bac8528020100b5c/analysis/1434999242/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f63-ade0-4695-9f48-4e36950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:35.000Z",
"modified": "2015-08-25T13:36:35.000Z",
"description": "Sakula malware - Xchecked via VT: b31e97c9740d8e95e56a5957777830d7",
"pattern": "[file:hashes.SHA256 = '8ad94e962e98625d4f731bfe8bad354f9d656b5872cd2cfe1722cfffa9b85aca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f63-da04-4be4-bd6b-49c4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:35.000Z",
"modified": "2015-08-25T13:36:35.000Z",
"description": "Sakula malware - Xchecked via VT: b31e97c9740d8e95e56a5957777830d7",
"pattern": "[file:hashes.SHA1 = '2c738b7c6b4b0bb76a62b2af5d599a75bfad7f3d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f63-1ccc-45c6-8e59-4c65950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:35.000Z",
"modified": "2015-08-25T13:36:35.000Z",
"first_observed": "2015-08-25T13:36:35Z",
"last_observed": "2015-08-25T13:36:35Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f63-1ccc-45c6-8e59-4c65950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f63-1ccc-45c6-8e59-4c65950d210b",
"value": "https://www.virustotal.com/file/8ad94e962e98625d4f731bfe8bad354f9d656b5872cd2cfe1722cfffa9b85aca/analysis/1434999303/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f63-2f08-45cb-afe6-47ad950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:35.000Z",
"modified": "2015-08-25T13:36:35.000Z",
"description": "Sakula malware - Xchecked via VT: af661cb478510d1d00dfdf1f2de4e817",
"pattern": "[file:hashes.SHA256 = 'd38b123e7e026a9fc9af5b871a0fb3aab04df129bf41612c1f021127b77b347a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f64-af8c-4594-ac65-4075950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:36.000Z",
"modified": "2015-08-25T13:36:36.000Z",
"description": "Sakula malware - Xchecked via VT: af661cb478510d1d00dfdf1f2de4e817",
"pattern": "[file:hashes.SHA1 = 'a1262b8b6bef47c81042ebe70f57deb1fef4f4e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f64-a128-47a4-88c1-4f3a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:36.000Z",
"modified": "2015-08-25T13:36:36.000Z",
"first_observed": "2015-08-25T13:36:36Z",
"last_observed": "2015-08-25T13:36:36Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f64-a128-47a4-88c1-4f3a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f64-a128-47a4-88c1-4f3a950d210b",
"value": "https://www.virustotal.com/file/d38b123e7e026a9fc9af5b871a0fb3aab04df129bf41612c1f021127b77b347a/analysis/1434008554/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f64-3184-4c9b-94fd-465b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:36.000Z",
"modified": "2015-08-25T13:36:36.000Z",
"description": "Sakula malware - Xchecked via VT: af114e711259964b1db0235e9b39a476",
"pattern": "[file:hashes.SHA256 = '28c046ba3402d9f16b4fe2be5ead55e9f9afd72868671450f7cd3bc3c9bc9edc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f64-8da0-4220-ae44-48ff950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:36.000Z",
"modified": "2015-08-25T13:36:36.000Z",
"description": "Sakula malware - Xchecked via VT: af114e711259964b1db0235e9b39a476",
"pattern": "[file:hashes.SHA1 = '93cebdcc49ed254a1d4f16e4e8201832828e440e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f64-a74c-4c5a-95ae-480e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:36.000Z",
"modified": "2015-08-25T13:36:36.000Z",
"first_observed": "2015-08-25T13:36:36Z",
"last_observed": "2015-08-25T13:36:36Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f64-a74c-4c5a-95ae-480e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f64-a74c-4c5a-95ae-480e950d210b",
"value": "https://www.virustotal.com/file/28c046ba3402d9f16b4fe2be5ead55e9f9afd72868671450f7cd3bc3c9bc9edc/analysis/1434008534/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f64-d140-465a-8e22-43dc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:36.000Z",
"modified": "2015-08-25T13:36:36.000Z",
"description": "Sakula malware - Xchecked via VT: aeed29398ceb645213cf639a9f80367c",
"pattern": "[file:hashes.SHA256 = '690d93dc31bd580bac73371ac8ed27286b5684a5d8f62ffdcdba81bb47891463']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f65-f2c0-4230-80a4-41c5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:37.000Z",
"modified": "2015-08-25T13:36:37.000Z",
"description": "Sakula malware - Xchecked via VT: aeed29398ceb645213cf639a9f80367c",
"pattern": "[file:hashes.SHA1 = '39951d5594d314aace6191e491c8dbaa2c2d69b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f65-2b94-4171-b3fe-4506950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:37.000Z",
"modified": "2015-08-25T13:36:37.000Z",
"first_observed": "2015-08-25T13:36:37Z",
"last_observed": "2015-08-25T13:36:37Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f65-2b94-4171-b3fe-4506950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f65-2b94-4171-b3fe-4506950d210b",
"value": "https://www.virustotal.com/file/690d93dc31bd580bac73371ac8ed27286b5684a5d8f62ffdcdba81bb47891463/analysis/1428588094/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f65-5840-4390-a15d-4547950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:37.000Z",
"modified": "2015-08-25T13:36:37.000Z",
"description": "Sakula malware - Xchecked via VT: ae55d7b5c3d3bc7ed338d40ada25902f",
"pattern": "[file:hashes.SHA256 = 'a767ee10d044d2663292a649aaddbf7e373f9fb319e5766121b49939a981d4c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f65-b9c0-4317-8b60-4a38950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:37.000Z",
"modified": "2015-08-25T13:36:37.000Z",
"description": "Sakula malware - Xchecked via VT: ae55d7b5c3d3bc7ed338d40ada25902f",
"pattern": "[file:hashes.SHA1 = '97c8d511d32e2ab7ff7d78f90bedbf2f31c14bb1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f65-8f58-46cf-96c2-42d0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:37.000Z",
"modified": "2015-08-25T13:36:37.000Z",
"first_observed": "2015-08-25T13:36:37Z",
"last_observed": "2015-08-25T13:36:37Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f65-8f58-46cf-96c2-42d0950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f65-8f58-46cf-96c2-42d0950d210b",
"value": "https://www.virustotal.com/file/a767ee10d044d2663292a649aaddbf7e373f9fb319e5766121b49939a981d4c5/analysis/1436840978/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f66-8fe0-47f3-9eeb-4ce8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:38.000Z",
"modified": "2015-08-25T13:36:38.000Z",
"description": "Sakula malware - Xchecked via VT: ab91b9e35d2b1e56285c042eef95d324",
"pattern": "[file:hashes.SHA256 = '70cd54eeea1415c1c4d6e4bc2e073366c65282cf898768c3babeb700974eebaa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f66-58f0-47c6-8787-4250950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:38.000Z",
"modified": "2015-08-25T13:36:38.000Z",
"description": "Sakula malware - Xchecked via VT: ab91b9e35d2b1e56285c042eef95d324",
"pattern": "[file:hashes.SHA1 = '800fac81c9c58d3d9c824dc95cabb7a8d61cf1a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f66-d994-4e3e-912f-41f3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:38.000Z",
"modified": "2015-08-25T13:36:38.000Z",
"first_observed": "2015-08-25T13:36:38Z",
"last_observed": "2015-08-25T13:36:38Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f66-d994-4e3e-912f-41f3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f66-d994-4e3e-912f-41f3950d210b",
"value": "https://www.virustotal.com/file/70cd54eeea1415c1c4d6e4bc2e073366c65282cf898768c3babeb700974eebaa/analysis/1428587847/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f66-62e0-4230-bb94-4daf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:38.000Z",
"modified": "2015-08-25T13:36:38.000Z",
"description": "Sakula malware - Xchecked via VT: ab8badbf16a0cd7013197977f8b667e9",
"pattern": "[file:hashes.SHA256 = 'ff2dd62c03d7440ced16d23eeacc60bd93515ba61b5488910107fcf9a9ea51c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f66-e9e0-4614-afbf-43a7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:38.000Z",
"modified": "2015-08-25T13:36:38.000Z",
"description": "Sakula malware - Xchecked via VT: ab8badbf16a0cd7013197977f8b667e9",
"pattern": "[file:hashes.SHA1 = 'd54579c3b1f822e6f4a6eccaf01d63a5dd3cd051']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f66-ba20-40a4-b2aa-4442950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:38.000Z",
"modified": "2015-08-25T13:36:38.000Z",
"first_observed": "2015-08-25T13:36:38Z",
"last_observed": "2015-08-25T13:36:38Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f66-ba20-40a4-b2aa-4442950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f66-ba20-40a4-b2aa-4442950d210b",
"value": "https://www.virustotal.com/file/ff2dd62c03d7440ced16d23eeacc60bd93515ba61b5488910107fcf9a9ea51c9/analysis/1434008393/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f67-f3ec-4870-a833-42c8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:39.000Z",
"modified": "2015-08-25T13:36:39.000Z",
"description": "Sakula malware - Xchecked via VT: ab357c26a2ed7379b62dd1cc869690b7",
"pattern": "[file:hashes.SHA256 = '9dbf7cf0334918129fdf04642ddef4fd8974e53186cb86fbc7df636e28854c14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f67-125c-425a-aeff-41ea950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:39.000Z",
"modified": "2015-08-25T13:36:39.000Z",
"description": "Sakula malware - Xchecked via VT: ab357c26a2ed7379b62dd1cc869690b7",
"pattern": "[file:hashes.SHA1 = 'b6c8c28eaeb5a7c591ed3a1bb168b4aa4ff423dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f67-98b4-4c8f-8d73-406a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:39.000Z",
"modified": "2015-08-25T13:36:39.000Z",
"first_observed": "2015-08-25T13:36:39Z",
"last_observed": "2015-08-25T13:36:39Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f67-98b4-4c8f-8d73-406a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f67-98b4-4c8f-8d73-406a950d210b",
"value": "https://www.virustotal.com/file/9dbf7cf0334918129fdf04642ddef4fd8974e53186cb86fbc7df636e28854c14/analysis/1434008371/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f67-0098-4853-bfa7-4a65950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:39.000Z",
"modified": "2015-08-25T13:36:39.000Z",
"description": "Sakula malware - Xchecked via VT: a91ba2ab82553f43440ed24a9afeef82",
"pattern": "[file:hashes.SHA256 = '0730ccc12d2f40420c7f3738e05480a06c479be6e98467c17afc278ef1e19990']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f67-f934-4900-b671-4d1b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:39.000Z",
"modified": "2015-08-25T13:36:39.000Z",
"description": "Sakula malware - Xchecked via VT: a91ba2ab82553f43440ed24a9afeef82",
"pattern": "[file:hashes.SHA1 = '3da57be4444713273649e4b0b3da756af1e72efc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f67-a064-424e-9a9c-40e3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:39.000Z",
"modified": "2015-08-25T13:36:39.000Z",
"first_observed": "2015-08-25T13:36:39Z",
"last_observed": "2015-08-25T13:36:39Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f67-a064-424e-9a9c-40e3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f67-a064-424e-9a9c-40e3950d210b",
"value": "https://www.virustotal.com/file/0730ccc12d2f40420c7f3738e05480a06c479be6e98467c17afc278ef1e19990/analysis/1434008297/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f68-f8f4-4928-9848-42d2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:40.000Z",
"modified": "2015-08-25T13:36:40.000Z",
"description": "Sakula malware - Xchecked via VT: a90e38c3214eeba99aa46ad5e3ec34ff",
"pattern": "[file:hashes.SHA256 = '7d3cda834445491f9b6189c912d2ab651dc3f99e8fe608b7017be99970293225']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f68-bc68-4e41-84fd-4bb9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:40.000Z",
"modified": "2015-08-25T13:36:40.000Z",
"description": "Sakula malware - Xchecked via VT: a90e38c3214eeba99aa46ad5e3ec34ff",
"pattern": "[file:hashes.SHA1 = '8a7d4dff925aab64beb5ddd906014e6cd8675f66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f68-8ec8-49d7-a154-41e9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:40.000Z",
"modified": "2015-08-25T13:36:40.000Z",
"first_observed": "2015-08-25T13:36:40Z",
"last_observed": "2015-08-25T13:36:40Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f68-8ec8-49d7-a154-41e9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f68-8ec8-49d7-a154-41e9950d210b",
"value": "https://www.virustotal.com/file/7d3cda834445491f9b6189c912d2ab651dc3f99e8fe608b7017be99970293225/analysis/1434008296/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f68-9b80-49af-bd75-4887950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:40.000Z",
"modified": "2015-08-25T13:36:40.000Z",
"description": "Sakula malware - Xchecked via VT: a81569d86c4a7bce2c446f169816a7ff",
"pattern": "[file:hashes.SHA256 = '55ff6ddc52d33f0ff3dd715a2977f89ffce685dcfe854231fa64775fe7376151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f68-8ca8-49e2-a307-4feb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:40.000Z",
"modified": "2015-08-25T13:36:40.000Z",
"description": "Sakula malware - Xchecked via VT: a81569d86c4a7bce2c446f169816a7ff",
"pattern": "[file:hashes.SHA1 = '6e75a5d9faabdd9aea6c285c814e03975526c8c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f68-01d8-469a-9548-42b0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:40.000Z",
"modified": "2015-08-25T13:36:40.000Z",
"first_observed": "2015-08-25T13:36:40Z",
"last_observed": "2015-08-25T13:36:40Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f68-01d8-469a-9548-42b0950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f68-01d8-469a-9548-42b0950d210b",
"value": "https://www.virustotal.com/file/55ff6ddc52d33f0ff3dd715a2977f89ffce685dcfe854231fa64775fe7376151/analysis/1434008252/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f69-53d0-4935-a8ae-440a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:41.000Z",
"modified": "2015-08-25T13:36:41.000Z",
"description": "Sakula malware - Xchecked via VT: a554e8867a076768e57e923a249f7a09",
"pattern": "[file:hashes.SHA256 = '86614ccd6e83443a8dc891fead52a16ec8b038302ec8c0fc5ffe10c7c96ccb0d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f69-c948-461f-9f06-4080950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:41.000Z",
"modified": "2015-08-25T13:36:41.000Z",
"description": "Sakula malware - Xchecked via VT: a554e8867a076768e57e923a249f7a09",
"pattern": "[file:hashes.SHA1 = '060f7036db4e1483e6fb3ca51658ce9d5690c69f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f69-f8b0-4780-b07c-4964950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:41.000Z",
"modified": "2015-08-25T13:36:41.000Z",
"first_observed": "2015-08-25T13:36:41Z",
"last_observed": "2015-08-25T13:36:41Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f69-f8b0-4780-b07c-4964950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f69-f8b0-4780-b07c-4964950d210b",
"value": "https://www.virustotal.com/file/86614ccd6e83443a8dc891fead52a16ec8b038302ec8c0fc5ffe10c7c96ccb0d/analysis/1434008140/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f69-3484-413d-8024-4e8f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:41.000Z",
"modified": "2015-08-25T13:36:41.000Z",
"description": "Sakula malware - Xchecked via VT: a4856f40fd013b6144db8fe19625434b",
"pattern": "[file:hashes.SHA256 = 'f9781d40d509a7e53c8cee4891c7995595a872716561a1dc71068e024247bce3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f69-5ee8-409e-9e0d-486d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:41.000Z",
"modified": "2015-08-25T13:36:41.000Z",
"description": "Sakula malware - Xchecked via VT: a4856f40fd013b6144db8fe19625434b",
"pattern": "[file:hashes.SHA1 = 'e75e240db6591c60baed2d9b96cb9197f740053f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f69-1644-41bf-bf7e-40a0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:41.000Z",
"modified": "2015-08-25T13:36:41.000Z",
"first_observed": "2015-08-25T13:36:41Z",
"last_observed": "2015-08-25T13:36:41Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f69-1644-41bf-bf7e-40a0950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f69-1644-41bf-bf7e-40a0950d210b",
"value": "https://www.virustotal.com/file/f9781d40d509a7e53c8cee4891c7995595a872716561a1dc71068e024247bce3/analysis/1434008106/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6a-9df4-4752-98fe-4768950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:42.000Z",
"modified": "2015-08-25T13:36:42.000Z",
"description": "Sakula malware - Xchecked via VT: a39c424e6df5d10b74aa72fb3a120c0c",
"pattern": "[file:hashes.SHA256 = '92bd8f049ae9334a95c2f5b05866f916e62844457cb80fed0be5f5a20d9050c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6a-31d8-4e4f-ab0a-4537950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:42.000Z",
"modified": "2015-08-25T13:36:42.000Z",
"description": "Sakula malware - Xchecked via VT: a39c424e6df5d10b74aa72fb3a120c0c",
"pattern": "[file:hashes.SHA1 = '9d05972c6613e477d0a7c7a8690634ca49c09382']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f6a-ce30-4ad7-8fb7-455a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:42.000Z",
"modified": "2015-08-25T13:36:42.000Z",
"first_observed": "2015-08-25T13:36:42Z",
"last_observed": "2015-08-25T13:36:42Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f6a-ce30-4ad7-8fb7-455a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f6a-ce30-4ad7-8fb7-455a950d210b",
"value": "https://www.virustotal.com/file/92bd8f049ae9334a95c2f5b05866f916e62844457cb80fed0be5f5a20d9050c2/analysis/1434008071/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6a-7870-4638-be41-4022950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:42.000Z",
"modified": "2015-08-25T13:36:42.000Z",
"description": "Sakula malware - Xchecked via VT: a1a15a9e82880e8fc881668c70126315",
"pattern": "[file:hashes.SHA256 = 'c24136e437626a4bbff24961348b7357d41566ff9e1c0eb0f17ab768fdc09c27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6a-14fc-46bb-be09-40ff950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:42.000Z",
"modified": "2015-08-25T13:36:42.000Z",
"description": "Sakula malware - Xchecked via VT: a1a15a9e82880e8fc881668c70126315",
"pattern": "[file:hashes.SHA1 = 'c14565c7845a709e7c19b0176b656a19d21e2229']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f6a-5468-42c3-a014-4a32950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:42.000Z",
"modified": "2015-08-25T13:36:42.000Z",
"first_observed": "2015-08-25T13:36:42Z",
"last_observed": "2015-08-25T13:36:42Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f6a-5468-42c3-a014-4a32950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f6a-5468-42c3-a014-4a32950d210b",
"value": "https://www.virustotal.com/file/c24136e437626a4bbff24961348b7357d41566ff9e1c0eb0f17ab768fdc09c27/analysis/1434007985/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6b-6700-4ced-9826-4e81950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:43.000Z",
"modified": "2015-08-25T13:36:43.000Z",
"description": "Sakula malware - Xchecked via VT: a05bc6c5f63880b565941ac5c5933bfe",
"pattern": "[file:hashes.SHA256 = '8d673674e7bf4b94719e38bc89647b4ce9b025612155b647e35b492056bd0a78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6b-fb90-4c1e-8b9c-4f6c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:43.000Z",
"modified": "2015-08-25T13:36:43.000Z",
"description": "Sakula malware - Xchecked via VT: a05bc6c5f63880b565941ac5c5933bfe",
"pattern": "[file:hashes.SHA1 = '8b3ea99e735994e249cc026fbdaf2cd9a7f053ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f6b-2698-4686-9a29-4661950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:43.000Z",
"modified": "2015-08-25T13:36:43.000Z",
"first_observed": "2015-08-25T13:36:43Z",
"last_observed": "2015-08-25T13:36:43Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f6b-2698-4686-9a29-4661950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f6b-2698-4686-9a29-4661950d210b",
"value": "https://www.virustotal.com/file/8d673674e7bf4b94719e38bc89647b4ce9b025612155b647e35b492056bd0a78/analysis/1434007924/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6b-88b8-4b13-abae-4c2c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:43.000Z",
"modified": "2015-08-25T13:36:43.000Z",
"description": "Sakula malware - Xchecked via VT: a006d31515bb2a54b5c3ddda8d66f24b",
"pattern": "[file:hashes.SHA256 = 'c6bae4a400149d6e7caaf42a33f1493e93fd96b2b2dce7f0490b5fb7f428ff60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6b-2c60-4d54-997f-46bf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:43.000Z",
"modified": "2015-08-25T13:36:43.000Z",
"description": "Sakula malware - Xchecked via VT: a006d31515bb2a54b5c3ddda8d66f24b",
"pattern": "[file:hashes.SHA1 = 'cc72caa798dc7f12444cb36134e914a7985a9f38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f6b-6c74-4595-bb2d-45a5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:43.000Z",
"modified": "2015-08-25T13:36:43.000Z",
"first_observed": "2015-08-25T13:36:43Z",
"last_observed": "2015-08-25T13:36:43Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f6b-6c74-4595-bb2d-45a5950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f6b-6c74-4595-bb2d-45a5950d210b",
"value": "https://www.virustotal.com/file/c6bae4a400149d6e7caaf42a33f1493e93fd96b2b2dce7f0490b5fb7f428ff60/analysis/1434007904/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6c-2458-43dc-baf3-4a1e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:44.000Z",
"modified": "2015-08-25T13:36:44.000Z",
"description": "Sakula malware - Xchecked via VT: 9cee5c49dcaad59ea0eea6e7b67c304c",
"pattern": "[file:hashes.SHA256 = 'bd477f65cd82cff6926d732257f77169c854db46d1173c50d745600cae053388']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6c-0bd0-478a-9e10-4112950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:44.000Z",
"modified": "2015-08-25T13:36:44.000Z",
"description": "Sakula malware - Xchecked via VT: 9cee5c49dcaad59ea0eea6e7b67c304c",
"pattern": "[file:hashes.SHA1 = '0f049d44b87caf7b1715cd0175a04c13ba423c53']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f6c-09b0-4960-8bb8-4ccf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:44.000Z",
"modified": "2015-08-25T13:36:44.000Z",
"first_observed": "2015-08-25T13:36:44Z",
"last_observed": "2015-08-25T13:36:44Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f6c-09b0-4960-8bb8-4ccf950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f6c-09b0-4960-8bb8-4ccf950d210b",
"value": "https://www.virustotal.com/file/bd477f65cd82cff6926d732257f77169c854db46d1173c50d745600cae053388/analysis/1437622674/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6c-2dd8-496d-9585-4a62950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:44.000Z",
"modified": "2015-08-25T13:36:44.000Z",
"description": "Sakula malware - Xchecked via VT: 9c4db94cc3bdb9b5864bde553bff1224",
"pattern": "[file:hashes.SHA256 = '4053d11cae4617f637ca9689658a6114f4e4be5a277792881b200d7ff18e4e60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6c-03d4-48f0-81b9-4e03950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:44.000Z",
"modified": "2015-08-25T13:36:44.000Z",
"description": "Sakula malware - Xchecked via VT: 9c4db94cc3bdb9b5864bde553bff1224",
"pattern": "[file:hashes.SHA1 = 'dbc91cdb918e1595438b52a8543f2cd0675cbac1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f6c-b280-472c-8258-474b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:44.000Z",
"modified": "2015-08-25T13:36:44.000Z",
"first_observed": "2015-08-25T13:36:44Z",
"last_observed": "2015-08-25T13:36:44Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f6c-b280-472c-8258-474b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f6c-b280-472c-8258-474b950d210b",
"value": "https://www.virustotal.com/file/4053d11cae4617f637ca9689658a6114f4e4be5a277792881b200d7ff18e4e60/analysis/1434996000/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6d-52e4-462d-91bc-4e6e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:45.000Z",
"modified": "2015-08-25T13:36:45.000Z",
"description": "Sakula malware - Xchecked via VT: 985e819294cdc3b5561c5befa4bcbc5b",
"pattern": "[file:hashes.SHA256 = '00a8ca14cdfc97e0140c090c8d832c88db1dc9ee728e409eba5489f0dc29037c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6d-7bac-431d-a64b-4f7f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:45.000Z",
"modified": "2015-08-25T13:36:45.000Z",
"description": "Sakula malware - Xchecked via VT: 985e819294cdc3b5561c5befa4bcbc5b",
"pattern": "[file:hashes.SHA1 = '7dd8c325b377a9dbcccc0d9c39ebb553a7fd2b93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f6d-4f9c-483f-960f-4aa9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:45.000Z",
"modified": "2015-08-25T13:36:45.000Z",
"first_observed": "2015-08-25T13:36:45Z",
"last_observed": "2015-08-25T13:36:45Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f6d-4f9c-483f-960f-4aa9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f6d-4f9c-483f-960f-4aa9950d210b",
"value": "https://www.virustotal.com/file/00a8ca14cdfc97e0140c090c8d832c88db1dc9ee728e409eba5489f0dc29037c/analysis/1438103253/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6d-7390-45fa-baa8-4422950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:45.000Z",
"modified": "2015-08-25T13:36:45.000Z",
"description": "Sakula malware - Xchecked via VT: 97fc2d9b514f3183ae7c800408e5c453",
"pattern": "[file:hashes.SHA256 = '4a2e4dd751d7afb1f7d748808bb77749a3848c698cb56c7b455cbc22552bac51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6d-9cd0-4c10-a747-4707950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:45.000Z",
"modified": "2015-08-25T13:36:45.000Z",
"description": "Sakula malware - Xchecked via VT: 97fc2d9b514f3183ae7c800408e5c453",
"pattern": "[file:hashes.SHA1 = '8fada7af78fcb9652175cce2e326a706af466f47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f6e-2dec-471a-9942-435a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:45.000Z",
"modified": "2015-08-25T13:36:45.000Z",
"first_observed": "2015-08-25T13:36:45Z",
"last_observed": "2015-08-25T13:36:45Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f6e-2dec-471a-9942-435a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f6e-2dec-471a-9942-435a950d210b",
"value": "https://www.virustotal.com/file/4a2e4dd751d7afb1f7d748808bb77749a3848c698cb56c7b455cbc22552bac51/analysis/1434007543/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6e-2710-4809-a1ec-4d15950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:46.000Z",
"modified": "2015-08-25T13:36:46.000Z",
"description": "Sakula malware - Xchecked via VT: 97a6e9e93bc591baf588bada61559d6a",
"pattern": "[file:hashes.SHA256 = '3926f6c04f2e3108a552f0c22c67a718f246a069b3207d6e4e1f64557de45746']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6e-3a18-4d91-8a75-4dd5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:46.000Z",
"modified": "2015-08-25T13:36:46.000Z",
"description": "Sakula malware - Xchecked via VT: 97a6e9e93bc591baf588bada61559d6a",
"pattern": "[file:hashes.SHA1 = '4f7236e2160cd9a8e9d3b326874b32a3cdf4273a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f6e-f174-409a-9db2-4e30950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:46.000Z",
"modified": "2015-08-25T13:36:46.000Z",
"first_observed": "2015-08-25T13:36:46Z",
"last_observed": "2015-08-25T13:36:46Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f6e-f174-409a-9db2-4e30950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f6e-f174-409a-9db2-4e30950d210b",
"value": "https://www.virustotal.com/file/3926f6c04f2e3108a552f0c22c67a718f246a069b3207d6e4e1f64557de45746/analysis/1436840993/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6e-a2f4-415d-abb9-4420950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:46.000Z",
"modified": "2015-08-25T13:36:46.000Z",
"description": "Sakula malware - Xchecked via VT: 97479fa13d9b96da33cdb49749fc2baf",
"pattern": "[file:hashes.SHA256 = 'b48dff9eb8b13b208541e454f04ad30dd0fbef9b9982e7194e80dadbc682c8fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6e-f0b4-430c-97b1-4677950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:46.000Z",
"modified": "2015-08-25T13:36:46.000Z",
"description": "Sakula malware - Xchecked via VT: 97479fa13d9b96da33cdb49749fc2baf",
"pattern": "[file:hashes.SHA1 = '8a89a1cc1d9f7a1891e9523b80c21ac530554e66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f6f-fe24-42c2-9a1b-41a5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:47.000Z",
"modified": "2015-08-25T13:36:47.000Z",
"first_observed": "2015-08-25T13:36:47Z",
"last_observed": "2015-08-25T13:36:47Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f6f-fe24-42c2-9a1b-41a5950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f6f-fe24-42c2-9a1b-41a5950d210b",
"value": "https://www.virustotal.com/file/b48dff9eb8b13b208541e454f04ad30dd0fbef9b9982e7194e80dadbc682c8fe/analysis/1433908622/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6f-cb18-4d59-b7b8-4b57950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:47.000Z",
"modified": "2015-08-25T13:36:47.000Z",
"description": "Sakula malware - Xchecked via VT: 9526e4abcacc4e4a55fa1b2fc2313123",
"pattern": "[file:hashes.SHA256 = '55c76d8bdfe72a271273aa3f6dcf71633406672a779e2a6fcf6dc693d474c471']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6f-1b50-4a94-9216-4c9a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:47.000Z",
"modified": "2015-08-25T13:36:47.000Z",
"description": "Sakula malware - Xchecked via VT: 9526e4abcacc4e4a55fa1b2fc2313123",
"pattern": "[file:hashes.SHA1 = 'bc1f4b637f422895caf626e5f4fa8c9757acca86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f6f-c00c-42be-a997-47de950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:47.000Z",
"modified": "2015-08-25T13:36:47.000Z",
"first_observed": "2015-08-25T13:36:47Z",
"last_observed": "2015-08-25T13:36:47Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f6f-c00c-42be-a997-47de950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f6f-c00c-42be-a997-47de950d210b",
"value": "https://www.virustotal.com/file/55c76d8bdfe72a271273aa3f6dcf71633406672a779e2a6fcf6dc693d474c471/analysis/1433916495/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6f-f54c-4d3b-8cf5-44de950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:47.000Z",
"modified": "2015-08-25T13:36:47.000Z",
"description": "Sakula malware - Xchecked via VT: 930af711a1579f3e1326cdb6d0005398",
"pattern": "[file:hashes.SHA256 = '6ee35867d8719c2ca9b6cb93bb9a9203ba2a0dd61ca9660dbc5ec178ad3d17c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f6f-863c-4998-be40-4ee2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:47.000Z",
"modified": "2015-08-25T13:36:47.000Z",
"description": "Sakula malware - Xchecked via VT: 930af711a1579f3e1326cdb6d0005398",
"pattern": "[file:hashes.SHA1 = 'f4ca06d124dc264b194afc8e6fc269397934de37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f70-f0fc-4a75-af9e-4288950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:48.000Z",
"modified": "2015-08-25T13:36:48.000Z",
"first_observed": "2015-08-25T13:36:48Z",
"last_observed": "2015-08-25T13:36:48Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f70-f0fc-4a75-af9e-4288950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f70-f0fc-4a75-af9e-4288950d210b",
"value": "https://www.virustotal.com/file/6ee35867d8719c2ca9b6cb93bb9a9203ba2a0dd61ca9660dbc5ec178ad3d17c0/analysis/1434007333/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f70-1f18-42b4-9858-408c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:48.000Z",
"modified": "2015-08-25T13:36:48.000Z",
"description": "Sakula malware - Xchecked via VT: 90bc832fbaa6bbd7e4251c39473e5a4b",
"pattern": "[file:hashes.SHA256 = '5a09a685afb1a11f63423ec988eef3ff36f0901e08597ba1bcb12767c108b574']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f70-b128-451f-9c1f-4927950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:48.000Z",
"modified": "2015-08-25T13:36:48.000Z",
"description": "Sakula malware - Xchecked via VT: 90bc832fbaa6bbd7e4251c39473e5a4b",
"pattern": "[file:hashes.SHA1 = '436559ddc0bea5f20d282bb0d1148ae88893c9b0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f70-5b50-4fb0-800b-47eb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:48.000Z",
"modified": "2015-08-25T13:36:48.000Z",
"first_observed": "2015-08-25T13:36:48Z",
"last_observed": "2015-08-25T13:36:48Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f70-5b50-4fb0-800b-47eb950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f70-5b50-4fb0-800b-47eb950d210b",
"value": "https://www.virustotal.com/file/5a09a685afb1a11f63423ec988eef3ff36f0901e08597ba1bcb12767c108b574/analysis/1434007218/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f70-15c8-4c8c-bb1f-4f82950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:48.000Z",
"modified": "2015-08-25T13:36:48.000Z",
"description": "Sakula malware - Xchecked via VT: 8feb7d6eae0ab9c1900fb6d0b236201b",
"pattern": "[file:hashes.SHA256 = '00269fb781bd519e15279bed541fd5f53fb6f2ea1cdd710c439ffcd4a71b49cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f70-a2b4-4507-88da-4dba950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:48.000Z",
"modified": "2015-08-25T13:36:48.000Z",
"description": "Sakula malware - Xchecked via VT: 8feb7d6eae0ab9c1900fb6d0b236201b",
"pattern": "[file:hashes.SHA1 = 'c43ab46a09311af551d8748533f936564d0789f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f71-ddd4-493c-a923-44c4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:49.000Z",
"modified": "2015-08-25T13:36:49.000Z",
"first_observed": "2015-08-25T13:36:49Z",
"last_observed": "2015-08-25T13:36:49Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f71-ddd4-493c-a923-44c4950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f71-ddd4-493c-a923-44c4950d210b",
"value": "https://www.virustotal.com/file/00269fb781bd519e15279bed541fd5f53fb6f2ea1cdd710c439ffcd4a71b49cd/analysis/1434007190/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f71-0f38-4027-9a20-4f18950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:49.000Z",
"modified": "2015-08-25T13:36:49.000Z",
"description": "Sakula malware - Xchecked via VT: 8b52cd1df70ef315bce38223ac7f4ec3",
"pattern": "[file:hashes.SHA256 = 'fd77f52378bc09a2b93c2a78af45925c8b9db53c5c6a5a378c3f4a54008d0802']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f71-c69c-4bfb-9ad4-49dc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:49.000Z",
"modified": "2015-08-25T13:36:49.000Z",
"description": "Sakula malware - Xchecked via VT: 8b52cd1df70ef315bce38223ac7f4ec3",
"pattern": "[file:hashes.SHA1 = 'd687cb101346c2f1f480dc4932fe8b6fe94c0e5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f71-5e68-4c4a-a41e-4d11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:49.000Z",
"modified": "2015-08-25T13:36:49.000Z",
"first_observed": "2015-08-25T13:36:49Z",
"last_observed": "2015-08-25T13:36:49Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f71-5e68-4c4a-a41e-4d11950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f71-5e68-4c4a-a41e-4d11950d210b",
"value": "https://www.virustotal.com/file/fd77f52378bc09a2b93c2a78af45925c8b9db53c5c6a5a378c3f4a54008d0802/analysis/1433908439/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f71-6f54-4f3c-9f29-4197950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:49.000Z",
"modified": "2015-08-25T13:36:49.000Z",
"description": "Sakula malware - Xchecked via VT: 8b3de46ecb113cd1ee2d9ec46527358f",
"pattern": "[file:hashes.SHA256 = 'f022fd6c5c647b58cc4e31d6e19b210eeb689d84b6c5a1eacfede18952b7f264']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f72-8c94-4ae9-96c4-49d3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:50.000Z",
"modified": "2015-08-25T13:36:50.000Z",
"description": "Sakula malware - Xchecked via VT: 8b3de46ecb113cd1ee2d9ec46527358f",
"pattern": "[file:hashes.SHA1 = '7727b339e73930ab8ffa90e19f6cf7a9d8981e41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f72-6244-4d5c-b3be-4376950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:50.000Z",
"modified": "2015-08-25T13:36:50.000Z",
"first_observed": "2015-08-25T13:36:50Z",
"last_observed": "2015-08-25T13:36:50Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f72-6244-4d5c-b3be-4376950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f72-6244-4d5c-b3be-4376950d210b",
"value": "https://www.virustotal.com/file/f022fd6c5c647b58cc4e31d6e19b210eeb689d84b6c5a1eacfede18952b7f264/analysis/1434006972/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f72-d59c-4eb7-9b48-4da8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:50.000Z",
"modified": "2015-08-25T13:36:50.000Z",
"description": "Sakula malware - Xchecked via VT: 895dc0a3adfafce2a74d733ff2a8754e",
"pattern": "[file:hashes.SHA256 = '8a2a035a3dc4999e0227f7a9ade8cbda3b81f739766a1fa03dd8441698236801']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f72-1c34-4837-b7b2-4c5f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:50.000Z",
"modified": "2015-08-25T13:36:50.000Z",
"description": "Sakula malware - Xchecked via VT: 895dc0a3adfafce2a74d733ff2a8754e",
"pattern": "[file:hashes.SHA1 = '073644294ef317aed16b435abb132afc09a3935d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f72-b498-4def-b6cd-4c75950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:50.000Z",
"modified": "2015-08-25T13:36:50.000Z",
"first_observed": "2015-08-25T13:36:50Z",
"last_observed": "2015-08-25T13:36:50Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f72-b498-4def-b6cd-4c75950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f72-b498-4def-b6cd-4c75950d210b",
"value": "https://www.virustotal.com/file/8a2a035a3dc4999e0227f7a9ade8cbda3b81f739766a1fa03dd8441698236801/analysis/1434006878/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f72-9060-4943-94cf-4fb5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:50.000Z",
"modified": "2015-08-25T13:36:50.000Z",
"description": "Sakula malware - Xchecked via VT: 836a618341c6149e7c83e99755a7fd5f",
"pattern": "[file:hashes.SHA256 = 'bd70e303b41292babbb3d3ce33500443e3b476e0424087d0831c1c9f0d83d8ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f73-1cb0-4b4a-9461-4bf1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:51.000Z",
"modified": "2015-08-25T13:36:51.000Z",
"description": "Sakula malware - Xchecked via VT: 836a618341c6149e7c83e99755a7fd5f",
"pattern": "[file:hashes.SHA1 = 'dba5e9748d25603b6c1f2de8cef12c9ea03c302c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f73-3358-4346-8d95-4a0c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:51.000Z",
"modified": "2015-08-25T13:36:51.000Z",
"first_observed": "2015-08-25T13:36:51Z",
"last_observed": "2015-08-25T13:36:51Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f73-3358-4346-8d95-4a0c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f73-3358-4346-8d95-4a0c950d210b",
"value": "https://www.virustotal.com/file/bd70e303b41292babbb3d3ce33500443e3b476e0424087d0831c1c9f0d83d8ed/analysis/1428584952/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f73-a564-427a-bed4-4126950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:51.000Z",
"modified": "2015-08-25T13:36:51.000Z",
"description": "Sakula malware - Xchecked via VT: 80eb86542ce7ad99acc53a9f85b01885",
"pattern": "[file:hashes.SHA256 = '7f83769b44c52df97a30633b8b7fca359b6fdb5c1fc8c74ae1da7d5040cb5f7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f73-83b0-450f-ba47-4345950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:51.000Z",
"modified": "2015-08-25T13:36:51.000Z",
"description": "Sakula malware - Xchecked via VT: 80eb86542ce7ad99acc53a9f85b01885",
"pattern": "[file:hashes.SHA1 = 'bd89cd830863d02164c0d1d42f76b7a8d4c523fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f73-20d4-4beb-93ee-47e9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:51.000Z",
"modified": "2015-08-25T13:36:51.000Z",
"first_observed": "2015-08-25T13:36:51Z",
"last_observed": "2015-08-25T13:36:51Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f73-20d4-4beb-93ee-47e9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f73-20d4-4beb-93ee-47e9950d210b",
"value": "https://www.virustotal.com/file/7f83769b44c52df97a30633b8b7fca359b6fdb5c1fc8c74ae1da7d5040cb5f7e/analysis/1433908360/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f73-5e88-427b-8ea0-46e8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:51.000Z",
"modified": "2015-08-25T13:36:51.000Z",
"description": "Sakula malware - Xchecked via VT: 7ee7a9446d7cf886223274d809d375d6",
"pattern": "[file:hashes.SHA256 = '121c223861d712f506d88d5a54a3588c65bec5e4b82b4d3435bb73008a287074']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f74-276c-46c8-88bb-4b73950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:52.000Z",
"modified": "2015-08-25T13:36:52.000Z",
"description": "Sakula malware - Xchecked via VT: 7ee7a9446d7cf886223274d809d375d6",
"pattern": "[file:hashes.SHA1 = '17dc2bae830c49cf8ab2c24dedc38f78c7b8a430']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f74-fe50-4092-97d2-49ae950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:52.000Z",
"modified": "2015-08-25T13:36:52.000Z",
"first_observed": "2015-08-25T13:36:52Z",
"last_observed": "2015-08-25T13:36:52Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f74-fe50-4092-97d2-49ae950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f74-fe50-4092-97d2-49ae950d210b",
"value": "https://www.virustotal.com/file/121c223861d712f506d88d5a54a3588c65bec5e4b82b4d3435bb73008a287074/analysis/1434006431/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f74-a7e4-40c8-9990-4fd0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:52.000Z",
"modified": "2015-08-25T13:36:52.000Z",
"description": "Sakula malware - Xchecked via VT: 7d2c9936bff1e716b8758376cd09505d",
"pattern": "[file:hashes.SHA256 = 'ee80950f47bb89d573cc3fca7402bdbcf157b89cd82691dafa3f033ed15266ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f74-f3f4-4cb9-aa51-4aeb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:52.000Z",
"modified": "2015-08-25T13:36:52.000Z",
"description": "Sakula malware - Xchecked via VT: 7d2c9936bff1e716b8758376cd09505d",
"pattern": "[file:hashes.SHA1 = 'b978f8121314aa8801dd5c03213a603124547d1f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f74-87e4-4d8e-859c-49d8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:52.000Z",
"modified": "2015-08-25T13:36:52.000Z",
"first_observed": "2015-08-25T13:36:52Z",
"last_observed": "2015-08-25T13:36:52Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f74-87e4-4d8e-859c-49d8950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f74-87e4-4d8e-859c-49d8950d210b",
"value": "https://www.virustotal.com/file/ee80950f47bb89d573cc3fca7402bdbcf157b89cd82691dafa3f033ed15266ef/analysis/1434006349/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f74-f604-4366-95e3-409c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:52.000Z",
"modified": "2015-08-25T13:36:52.000Z",
"description": "Sakula malware - Xchecked via VT: 77a25486d425825986d2c6306a61f637",
"pattern": "[file:hashes.SHA256 = 'dcd0cd6c316c5963180a7d6d61a271560591a92257c481397af3563853732e03']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f75-cd00-4812-a148-4e57950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:53.000Z",
"modified": "2015-08-25T13:36:53.000Z",
"description": "Sakula malware - Xchecked via VT: 77a25486d425825986d2c6306a61f637",
"pattern": "[file:hashes.SHA1 = 'b01caf62c20ef1f2dae0257dee8bae8c4b01bde0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f75-ca38-422a-b122-4246950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:53.000Z",
"modified": "2015-08-25T13:36:53.000Z",
"first_observed": "2015-08-25T13:36:53Z",
"last_observed": "2015-08-25T13:36:53Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f75-ca38-422a-b122-4246950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f75-ca38-422a-b122-4246950d210b",
"value": "https://www.virustotal.com/file/dcd0cd6c316c5963180a7d6d61a271560591a92257c481397af3563853732e03/analysis/1436840997/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f75-e684-440c-aa8d-43e8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:53.000Z",
"modified": "2015-08-25T13:36:53.000Z",
"description": "Sakula malware - Xchecked via VT: 7248d4b73d68cfc023d8d156c63f6b74",
"pattern": "[file:hashes.SHA256 = '7aa27098a1f4ac60b5037c018f0092dc9f70e7efcbfc0dc3def4f8e80a40a459']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f75-46d8-4b4a-8d78-4786950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:53.000Z",
"modified": "2015-08-25T13:36:53.000Z",
"description": "Sakula malware - Xchecked via VT: 7248d4b73d68cfc023d8d156c63f6b74",
"pattern": "[file:hashes.SHA1 = '30b8700e5ec31630967fbcc8a3b8fb3fa8b1df7f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f75-47f0-48d8-bce0-4af9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:53.000Z",
"modified": "2015-08-25T13:36:53.000Z",
"first_observed": "2015-08-25T13:36:53Z",
"last_observed": "2015-08-25T13:36:53Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f75-47f0-48d8-bce0-4af9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f75-47f0-48d8-bce0-4af9950d210b",
"value": "https://www.virustotal.com/file/7aa27098a1f4ac60b5037c018f0092dc9f70e7efcbfc0dc3def4f8e80a40a459/analysis/1434005833/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f76-5310-446d-a966-44b4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:54.000Z",
"modified": "2015-08-25T13:36:54.000Z",
"description": "Sakula malware - Xchecked via VT: 71bbd661a61e0fee1f248f303af06f3f",
"pattern": "[file:hashes.SHA256 = '681c792dfc004c217b8727465fd92aa1f5661e5d4dc7b0ab9bc4bbfebd93730f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f76-58a4-4fc2-a7fd-4115950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:54.000Z",
"modified": "2015-08-25T13:36:54.000Z",
"description": "Sakula malware - Xchecked via VT: 71bbd661a61e0fee1f248f303af06f3f",
"pattern": "[file:hashes.SHA1 = '2202b0f53e60ad356226541af56ad87f04d16ed6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f76-3148-41e8-b76f-4459950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:54.000Z",
"modified": "2015-08-25T13:36:54.000Z",
"first_observed": "2015-08-25T13:36:54Z",
"last_observed": "2015-08-25T13:36:54Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f76-3148-41e8-b76f-4459950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f76-3148-41e8-b76f-4459950d210b",
"value": "https://www.virustotal.com/file/681c792dfc004c217b8727465fd92aa1f5661e5d4dc7b0ab9bc4bbfebd93730f/analysis/1426774391/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f76-08ac-41c0-ac62-42af950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:54.000Z",
"modified": "2015-08-25T13:36:54.000Z",
"description": "Sakula malware - Xchecked via VT: 6d308fc42618812073481df1cd0452a7",
"pattern": "[file:hashes.SHA256 = 'd928c51ca6985f9d0c599d60f9f7f3361721c82c8af64bcbd0676ae572691f01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f76-688c-428f-80cb-4df7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:54.000Z",
"modified": "2015-08-25T13:36:54.000Z",
"description": "Sakula malware - Xchecked via VT: 6d308fc42618812073481df1cd0452a7",
"pattern": "[file:hashes.SHA1 = '1be3725af4eb10309d8c93cb8e6503435ac82e34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f76-97ec-4183-a71c-4874950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:54.000Z",
"modified": "2015-08-25T13:36:54.000Z",
"first_observed": "2015-08-25T13:36:54Z",
"last_observed": "2015-08-25T13:36:54Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f76-97ec-4183-a71c-4874950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f76-97ec-4183-a71c-4874950d210b",
"value": "https://www.virustotal.com/file/d928c51ca6985f9d0c599d60f9f7f3361721c82c8af64bcbd0676ae572691f01/analysis/1437364325/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f77-8c74-430e-9f92-4124950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:55.000Z",
"modified": "2015-08-25T13:36:55.000Z",
"description": "Sakula malware - Xchecked via VT: 6c4d61fedd83970cf48ef7fdd2a9871b",
"pattern": "[file:hashes.SHA256 = '4818013e444d17aa9f9986dbb43aa41cd0ded6f6919f2583cf041d1a222cc89c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f77-e344-498a-9ca8-47dc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:55.000Z",
"modified": "2015-08-25T13:36:55.000Z",
"description": "Sakula malware - Xchecked via VT: 6c4d61fedd83970cf48ef7fdd2a9871b",
"pattern": "[file:hashes.SHA1 = '59c5f8a16d78805b6e0b9cb543f0ff977fea014f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f77-a8cc-415e-9b19-4fb0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:55.000Z",
"modified": "2015-08-25T13:36:55.000Z",
"first_observed": "2015-08-25T13:36:55Z",
"last_observed": "2015-08-25T13:36:55Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f77-a8cc-415e-9b19-4fb0950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f77-a8cc-415e-9b19-4fb0950d210b",
"value": "https://www.virustotal.com/file/4818013e444d17aa9f9986dbb43aa41cd0ded6f6919f2583cf041d1a222cc89c/analysis/1428583358/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f77-a6f0-4183-8a20-4bcf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:55.000Z",
"modified": "2015-08-25T13:36:55.000Z",
"description": "Sakula malware - Xchecked via VT: 6c3523020a2ba0b7045060707d8833ea",
"pattern": "[file:hashes.SHA256 = '135945912fc0869cedea5f6e7df95304ec2fa786cfa89dd30eab49aebda1fb40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f77-e60c-480f-9261-4bf3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:55.000Z",
"modified": "2015-08-25T13:36:55.000Z",
"description": "Sakula malware - Xchecked via VT: 6c3523020a2ba0b7045060707d8833ea",
"pattern": "[file:hashes.SHA1 = '0826d635a8e5cba27009a7c27735efd1337bbaf8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f77-e998-47c8-b091-420f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:55.000Z",
"modified": "2015-08-25T13:36:55.000Z",
"first_observed": "2015-08-25T13:36:55Z",
"last_observed": "2015-08-25T13:36:55Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f77-e998-47c8-b091-420f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f77-e998-47c8-b091-420f950d210b",
"value": "https://www.virustotal.com/file/135945912fc0869cedea5f6e7df95304ec2fa786cfa89dd30eab49aebda1fb40/analysis/1433908355/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f78-253c-4169-8435-40ca950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:56.000Z",
"modified": "2015-08-25T13:36:56.000Z",
"description": "Sakula malware - Xchecked via VT: 6bdf4e5b35b4cc5d3d519edc67086d7f",
"pattern": "[file:hashes.SHA256 = '8488070e530e8c3b187920318f13bdf8de0e58199aecd69057ff7e87d3fd25bb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f78-e6e4-44d3-aefa-4978950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:56.000Z",
"modified": "2015-08-25T13:36:56.000Z",
"description": "Sakula malware - Xchecked via VT: 6bdf4e5b35b4cc5d3d519edc67086d7f",
"pattern": "[file:hashes.SHA1 = '38d25754e13a219d0d8b3d6d0eefed18ff81af99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f78-a620-454f-8016-4f5c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:56.000Z",
"modified": "2015-08-25T13:36:56.000Z",
"first_observed": "2015-08-25T13:36:56Z",
"last_observed": "2015-08-25T13:36:56Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f78-a620-454f-8016-4f5c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f78-a620-454f-8016-4f5c950d210b",
"value": "https://www.virustotal.com/file/8488070e530e8c3b187920318f13bdf8de0e58199aecd69057ff7e87d3fd25bb/analysis/1433908349/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f78-e824-4a4d-83c1-4e9d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:56.000Z",
"modified": "2015-08-25T13:36:56.000Z",
"description": "Sakula malware - Xchecked via VT: 6a7b2feed82d8d1746ac78df5a429bce",
"pattern": "[file:hashes.SHA256 = '45f5f8ce9bb7103e382d9c1158703b9b655d37a6ff31227132477e3600af9a8b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f78-2cd4-4f5b-9130-4753950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:56.000Z",
"modified": "2015-08-25T13:36:56.000Z",
"description": "Sakula malware - Xchecked via VT: 6a7b2feed82d8d1746ac78df5a429bce",
"pattern": "[file:hashes.SHA1 = 'da3cf059828c3b3304fe0713ae2460f22c966f40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f78-84d4-4247-907c-4794950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:56.000Z",
"modified": "2015-08-25T13:36:56.000Z",
"first_observed": "2015-08-25T13:36:56Z",
"last_observed": "2015-08-25T13:36:56Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f78-84d4-4247-907c-4794950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f78-84d4-4247-907c-4794950d210b",
"value": "https://www.virustotal.com/file/45f5f8ce9bb7103e382d9c1158703b9b655d37a6ff31227132477e3600af9a8b/analysis/1433908199/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f79-21f8-4676-905f-48da950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:57.000Z",
"modified": "2015-08-25T13:36:57.000Z",
"description": "Sakula malware - Xchecked via VT: 6a273afa0f22d83f97d9fd2dc7dce367",
"pattern": "[file:hashes.SHA256 = 'f3f1bdf89265527f8c9cd9c4ac62d7c7154ce83a254014177b00446435fcca5b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f79-7a80-4a2b-94c4-4796950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:57.000Z",
"modified": "2015-08-25T13:36:57.000Z",
"description": "Sakula malware - Xchecked via VT: 6a273afa0f22d83f97d9fd2dc7dce367",
"pattern": "[file:hashes.SHA1 = '7b35522bd55aaeafc744a5fa6511c559d5ac80cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f79-57bc-44eb-881e-465c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:57.000Z",
"modified": "2015-08-25T13:36:57.000Z",
"first_observed": "2015-08-25T13:36:57Z",
"last_observed": "2015-08-25T13:36:57Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f79-57bc-44eb-881e-465c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f79-57bc-44eb-881e-465c950d210b",
"value": "https://www.virustotal.com/file/f3f1bdf89265527f8c9cd9c4ac62d7c7154ce83a254014177b00446435fcca5b/analysis/1434005508/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f79-e468-4842-83d7-4f77950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:57.000Z",
"modified": "2015-08-25T13:36:57.000Z",
"description": "Sakula malware - Xchecked via VT: 69374e5bcb38a82ef60c97ec0569ded3",
"pattern": "[file:hashes.SHA256 = 'c4172c6ac1e00bb82cce8ce000b3a199e5f65b0936bc5fb67f28e0d8fc34ded6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f79-e828-4102-95d3-4227950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:57.000Z",
"modified": "2015-08-25T13:36:57.000Z",
"description": "Sakula malware - Xchecked via VT: 69374e5bcb38a82ef60c97ec0569ded3",
"pattern": "[file:hashes.SHA1 = '2baffb0df06fea13ea97658e200fcecd1ee346eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f7a-83d4-403d-85ce-4be9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:58.000Z",
"modified": "2015-08-25T13:36:58.000Z",
"first_observed": "2015-08-25T13:36:58Z",
"last_observed": "2015-08-25T13:36:58Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f7a-83d4-403d-85ce-4be9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f7a-83d4-403d-85ce-4be9950d210b",
"value": "https://www.virustotal.com/file/c4172c6ac1e00bb82cce8ce000b3a199e5f65b0936bc5fb67f28e0d8fc34ded6/analysis/1436840990/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7a-7cc8-4413-adf3-4bd2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:58.000Z",
"modified": "2015-08-25T13:36:58.000Z",
"description": "Sakula malware - Xchecked via VT: 63f171705b28a05c84b67750b7e0ebf7",
"pattern": "[file:hashes.SHA256 = '1aac7739fb7413804e9d29d16497365d805ba00daf162461dcf043a970d23f4a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7a-badc-4c10-a333-41ea950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:58.000Z",
"modified": "2015-08-25T13:36:58.000Z",
"description": "Sakula malware - Xchecked via VT: 63f171705b28a05c84b67750b7e0ebf7",
"pattern": "[file:hashes.SHA1 = '5c0a8f5abe59267e890e7ddf475a10a5598cfce3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f7a-1788-4f9e-9c88-4508950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:58.000Z",
"modified": "2015-08-25T13:36:58.000Z",
"first_observed": "2015-08-25T13:36:58Z",
"last_observed": "2015-08-25T13:36:58Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f7a-1788-4f9e-9c88-4508950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f7a-1788-4f9e-9c88-4508950d210b",
"value": "https://www.virustotal.com/file/1aac7739fb7413804e9d29d16497365d805ba00daf162461dcf043a970d23f4a/analysis/1433908186/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7a-5030-489b-9387-4ab4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:58.000Z",
"modified": "2015-08-25T13:36:58.000Z",
"description": "Sakula malware - Xchecked via VT: 638304bf859e7be2f0fa39a655fdaffc",
"pattern": "[file:hashes.SHA256 = '81f2a6dc518fb6d785e4a64d29ae5fd9b7a9140b98bded7c010f47f223f2d106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7a-bdac-45f0-8f58-427e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:58.000Z",
"modified": "2015-08-25T13:36:58.000Z",
"description": "Sakula malware - Xchecked via VT: 638304bf859e7be2f0fa39a655fdaffc",
"pattern": "[file:hashes.SHA1 = '646d54222f020f92fe2e0533c676bb104004686c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f7b-823c-4214-aeb1-4762950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:59.000Z",
"modified": "2015-08-25T13:36:59.000Z",
"first_observed": "2015-08-25T13:36:59Z",
"last_observed": "2015-08-25T13:36:59Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f7b-823c-4214-aeb1-4762950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f7b-823c-4214-aeb1-4762950d210b",
"value": "https://www.virustotal.com/file/81f2a6dc518fb6d785e4a64d29ae5fd9b7a9140b98bded7c010f47f223f2d106/analysis/1428582782/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7b-4da8-4b8c-9782-4f8e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:59.000Z",
"modified": "2015-08-25T13:36:59.000Z",
"description": "Sakula malware - Xchecked via VT: 62e82c46647d2d2fe946791b61b72a4d",
"pattern": "[file:hashes.SHA256 = '1624ccabb05ba1e9739746cd5b3fbd96d29e6e29a446e80693865c5313ad44b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7b-adf0-4857-8763-4be6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:59.000Z",
"modified": "2015-08-25T13:36:59.000Z",
"description": "Sakula malware - Xchecked via VT: 62e82c46647d2d2fe946791b61b72a4d",
"pattern": "[file:hashes.SHA1 = '2c5d73cbfdae42429819f7c396cc173477f29cd7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f7b-6038-4c4d-88e3-41da950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:59.000Z",
"modified": "2015-08-25T13:36:59.000Z",
"first_observed": "2015-08-25T13:36:59Z",
"last_observed": "2015-08-25T13:36:59Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f7b-6038-4c4d-88e3-41da950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f7b-6038-4c4d-88e3-41da950d210b",
"value": "https://www.virustotal.com/file/1624ccabb05ba1e9739746cd5b3fbd96d29e6e29a446e80693865c5313ad44b6/analysis/1434005194/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7b-6f98-4849-89e5-4bbe950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:36:59.000Z",
"modified": "2015-08-25T13:36:59.000Z",
"description": "Sakula malware - Xchecked via VT: 62d4777dd8953743d26510f00b74f444",
"pattern": "[file:hashes.SHA256 = '898b9cc780196111ebf157de1fbb8362abf21da678147f1198d237017c896cb9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:36:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7c-47e4-4a85-855a-4491950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:00.000Z",
"modified": "2015-08-25T13:37:00.000Z",
"description": "Sakula malware - Xchecked via VT: 62d4777dd8953743d26510f00b74f444",
"pattern": "[file:hashes.SHA1 = '8e23f62d8701f9e050c241680c15c3220bf78228']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f7c-9e40-4ca4-812d-456d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:00.000Z",
"modified": "2015-08-25T13:37:00.000Z",
"first_observed": "2015-08-25T13:37:00Z",
"last_observed": "2015-08-25T13:37:00Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f7c-9e40-4ca4-812d-456d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f7c-9e40-4ca4-812d-456d950d210b",
"value": "https://www.virustotal.com/file/898b9cc780196111ebf157de1fbb8362abf21da678147f1198d237017c896cb9/analysis/1436841005/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7c-fafc-4e7a-b55f-4b30950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:00.000Z",
"modified": "2015-08-25T13:37:00.000Z",
"description": "Sakula malware - Xchecked via VT: 617eda7bcba4e3d5acc17663bbc964b3",
"pattern": "[file:hashes.SHA256 = 'e0e8d7e5264aff159f453ae124c983a6630e3c3922a300e31769ba3461ffe388']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7c-18b8-43f3-8cad-425b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:00.000Z",
"modified": "2015-08-25T13:37:00.000Z",
"description": "Sakula malware - Xchecked via VT: 617eda7bcba4e3d5acc17663bbc964b3",
"pattern": "[file:hashes.SHA1 = '7dc147ab2b98fdb9db47fa53365b00a6e4b7b183']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f7c-6fe8-44f6-8b5e-452f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:00.000Z",
"modified": "2015-08-25T13:37:00.000Z",
"first_observed": "2015-08-25T13:37:00Z",
"last_observed": "2015-08-25T13:37:00Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f7c-6fe8-44f6-8b5e-452f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f7c-6fe8-44f6-8b5e-452f950d210b",
"value": "https://www.virustotal.com/file/e0e8d7e5264aff159f453ae124c983a6630e3c3922a300e31769ba3461ffe388/analysis/1435326259/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7c-43cc-44aa-952b-4122950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:00.000Z",
"modified": "2015-08-25T13:37:00.000Z",
"description": "Sakula malware - Xchecked via VT: 5ff5916c9f7c593d1d589c97c571b45a",
"pattern": "[file:hashes.SHA256 = 'ad382c5acb55890cb0f62880897b5b25455d8f0d30bf2985bdc2ac04f6f85ce6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7d-d24c-40c2-b1bf-4b46950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:01.000Z",
"modified": "2015-08-25T13:37:01.000Z",
"description": "Sakula malware - Xchecked via VT: 5ff5916c9f7c593d1d589c97c571b45a",
"pattern": "[file:hashes.SHA1 = '9d65a6cd35f8aacdf0965a3c4c1e609fefd97157']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f7d-0fac-4758-b928-4b4e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:01.000Z",
"modified": "2015-08-25T13:37:01.000Z",
"first_observed": "2015-08-25T13:37:01Z",
"last_observed": "2015-08-25T13:37:01Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f7d-0fac-4758-b928-4b4e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f7d-0fac-4758-b928-4b4e950d210b",
"value": "https://www.virustotal.com/file/ad382c5acb55890cb0f62880897b5b25455d8f0d30bf2985bdc2ac04f6f85ce6/analysis/1434993600/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7d-f558-459c-9964-4204950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:01.000Z",
"modified": "2015-08-25T13:37:01.000Z",
"description": "Sakula malware - Xchecked via VT: 5eea7686abeba0affa7efce4da31f277",
"pattern": "[file:hashes.SHA256 = '0596e3f67a43d3481fa7fadf17ccc073d377b72a7fe753d64a648f153d53fa14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7d-31b4-496e-9181-45e4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:01.000Z",
"modified": "2015-08-25T13:37:01.000Z",
"description": "Sakula malware - Xchecked via VT: 5eea7686abeba0affa7efce4da31f277",
"pattern": "[file:hashes.SHA1 = '0270bab0ec46b92c430542631304110b5d6bdbbc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f7d-2fc4-45c1-91d0-45d2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:01.000Z",
"modified": "2015-08-25T13:37:01.000Z",
"first_observed": "2015-08-25T13:37:01Z",
"last_observed": "2015-08-25T13:37:01Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f7d-2fc4-45c1-91d0-45d2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f7d-2fc4-45c1-91d0-45d2950d210b",
"value": "https://www.virustotal.com/file/0596e3f67a43d3481fa7fadf17ccc073d377b72a7fe753d64a648f153d53fa14/analysis/1434993541/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7d-60c4-473d-a9a8-4d83950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:01.000Z",
"modified": "2015-08-25T13:37:01.000Z",
"description": "Sakula malware - Xchecked via VT: 5bb780344a601f4eff9ce0c55daf4361",
"pattern": "[file:hashes.SHA256 = '66ea6ef60609d429ce73786ea4b3d468792fa039da34190d8b315500b4ebb845']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7e-4270-4ee2-bcec-4b3a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:02.000Z",
"modified": "2015-08-25T13:37:02.000Z",
"description": "Sakula malware - Xchecked via VT: 5bb780344a601f4eff9ce0c55daf4361",
"pattern": "[file:hashes.SHA1 = '0f9cc14064eb24ddef5fc68766c24664fab0ce1b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f7e-c85c-41fc-9cb0-4034950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:02.000Z",
"modified": "2015-08-25T13:37:02.000Z",
"first_observed": "2015-08-25T13:37:02Z",
"last_observed": "2015-08-25T13:37:02Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f7e-c85c-41fc-9cb0-4034950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f7e-c85c-41fc-9cb0-4034950d210b",
"value": "https://www.virustotal.com/file/66ea6ef60609d429ce73786ea4b3d468792fa039da34190d8b315500b4ebb845/analysis/1434004919/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7e-5fb8-4ae9-97f5-46e9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:02.000Z",
"modified": "2015-08-25T13:37:02.000Z",
"description": "Sakula malware - Xchecked via VT: 5b76c68f9ca61bfd8a5bcbf2817a1437",
"pattern": "[file:hashes.SHA256 = '7777996703326ba738bf90d4b0b2fc302cb395f1f03e628c47cdec113bdfcf85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7e-7e74-4577-a571-4102950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:02.000Z",
"modified": "2015-08-25T13:37:02.000Z",
"description": "Sakula malware - Xchecked via VT: 5b76c68f9ca61bfd8a5bcbf2817a1437",
"pattern": "[file:hashes.SHA1 = '1f523f98e28063463ff402ac39bcea28da8661b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f7e-4878-4edb-980a-4a34950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:02.000Z",
"modified": "2015-08-25T13:37:02.000Z",
"first_observed": "2015-08-25T13:37:02Z",
"last_observed": "2015-08-25T13:37:02Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f7e-4878-4edb-980a-4a34950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f7e-4878-4edb-980a-4a34950d210b",
"value": "https://www.virustotal.com/file/7777996703326ba738bf90d4b0b2fc302cb395f1f03e628c47cdec113bdfcf85/analysis/1433907768/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7f-fb78-43e0-a90c-49b3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:03.000Z",
"modified": "2015-08-25T13:37:03.000Z",
"description": "Sakula malware - Xchecked via VT: 5a894c18c5cc153f80699145edd1c206",
"pattern": "[file:hashes.SHA256 = '10aebf94f56d966caf79274e031152746e342e3cc55fa7abd793cd2ca8902e05']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7f-2990-4973-8c6b-4ece950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:03.000Z",
"modified": "2015-08-25T13:37:03.000Z",
"description": "Sakula malware - Xchecked via VT: 5a894c18c5cc153f80699145edd1c206",
"pattern": "[file:hashes.SHA1 = '84f81e1cc9f030133f3b686f1cf7cf3cea09a193']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f7f-67d4-4bd8-9cb8-4cd1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:03.000Z",
"modified": "2015-08-25T13:37:03.000Z",
"first_observed": "2015-08-25T13:37:03Z",
"last_observed": "2015-08-25T13:37:03Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f7f-67d4-4bd8-9cb8-4cd1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f7f-67d4-4bd8-9cb8-4cd1950d210b",
"value": "https://www.virustotal.com/file/10aebf94f56d966caf79274e031152746e342e3cc55fa7abd793cd2ca8902e05/analysis/1434004869/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7f-cb78-47d7-9c4d-46cd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:03.000Z",
"modified": "2015-08-25T13:37:03.000Z",
"description": "Sakula malware - Xchecked via VT: 5a843bc0b9f4525b1ee512e1eba95641",
"pattern": "[file:hashes.SHA256 = '834b4e2cb213740f4bde30273c12c4e6e1aeeb6d9f61f100bac0a68731d25681']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f7f-21b4-4140-9b5e-4b13950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:03.000Z",
"modified": "2015-08-25T13:37:03.000Z",
"description": "Sakula malware - Xchecked via VT: 5a843bc0b9f4525b1ee512e1eba95641",
"pattern": "[file:hashes.SHA1 = 'b74c828dc6f726c42e92e660294f9c549a244b7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f7f-92a4-4be6-88a6-4ec3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:03.000Z",
"modified": "2015-08-25T13:37:03.000Z",
"first_observed": "2015-08-25T13:37:03Z",
"last_observed": "2015-08-25T13:37:03Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f7f-92a4-4be6-88a6-4ec3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f7f-92a4-4be6-88a6-4ec3950d210b",
"value": "https://www.virustotal.com/file/834b4e2cb213740f4bde30273c12c4e6e1aeeb6d9f61f100bac0a68731d25681/analysis/1434004868/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f80-d088-462d-96b1-44e2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:04.000Z",
"modified": "2015-08-25T13:37:04.000Z",
"description": "Sakula malware - Xchecked via VT: 567a33e09af45123678042e620f31769",
"pattern": "[file:hashes.SHA256 = '7db237e3a169dd27b3dfb17387f680d84f34a273b6cb3607d23847ca3fe76755']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f80-4e94-47f7-8976-4782950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:04.000Z",
"modified": "2015-08-25T13:37:04.000Z",
"description": "Sakula malware - Xchecked via VT: 567a33e09af45123678042e620f31769",
"pattern": "[file:hashes.SHA1 = '8b18f58434111d96fd9139bdb05530b5f70239c1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f80-ab58-4e15-892e-40fb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:04.000Z",
"modified": "2015-08-25T13:37:04.000Z",
"first_observed": "2015-08-25T13:37:04Z",
"last_observed": "2015-08-25T13:37:04Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f80-ab58-4e15-892e-40fb950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f80-ab58-4e15-892e-40fb950d210b",
"value": "https://www.virustotal.com/file/7db237e3a169dd27b3dfb17387f680d84f34a273b6cb3607d23847ca3fe76755/analysis/1434004720/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f80-2650-4fbc-97ed-4533950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:04.000Z",
"modified": "2015-08-25T13:37:04.000Z",
"description": "Sakula malware - Xchecked via VT: 55daa4271973bb71ad4548225675e389",
"pattern": "[file:hashes.SHA256 = '0dca2c41d2e4c869660673f2097a1e66cace2cd9f7dad1c3fc6f75bbce5c564c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f80-a3e8-470d-bff2-4f96950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:04.000Z",
"modified": "2015-08-25T13:37:04.000Z",
"description": "Sakula malware - Xchecked via VT: 55daa4271973bb71ad4548225675e389",
"pattern": "[file:hashes.SHA1 = '3d564bb416742c3f02d2196af2acbe830ce3a2c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f80-020c-4248-96aa-4e2f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:04.000Z",
"modified": "2015-08-25T13:37:04.000Z",
"first_observed": "2015-08-25T13:37:04Z",
"last_observed": "2015-08-25T13:37:04Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f80-020c-4248-96aa-4e2f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f80-020c-4248-96aa-4e2f950d210b",
"value": "https://www.virustotal.com/file/0dca2c41d2e4c869660673f2097a1e66cace2cd9f7dad1c3fc6f75bbce5c564c/analysis/1434004692/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f81-5fc0-4a53-9569-4d53950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:05.000Z",
"modified": "2015-08-25T13:37:05.000Z",
"description": "Sakula malware - Xchecked via VT: 5496cff5e3bf46448c74fbe728763325",
"pattern": "[file:hashes.SHA256 = 'ca65b0067e1410b3f759d4168a4d4cfcff7dfdb720ab2c3ffa5cbb0a7eb78bab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f81-5fd0-42b9-b6eb-4eba950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:05.000Z",
"modified": "2015-08-25T13:37:05.000Z",
"description": "Sakula malware - Xchecked via VT: 5496cff5e3bf46448c74fbe728763325",
"pattern": "[file:hashes.SHA1 = 'fcc620a4af57353816369f839de335baf53da02b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f81-51a0-4544-9cd3-45c0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:05.000Z",
"modified": "2015-08-25T13:37:05.000Z",
"first_observed": "2015-08-25T13:37:05Z",
"last_observed": "2015-08-25T13:37:05Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f81-51a0-4544-9cd3-45c0950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f81-51a0-4544-9cd3-45c0950d210b",
"value": "https://www.virustotal.com/file/ca65b0067e1410b3f759d4168a4d4cfcff7dfdb720ab2c3ffa5cbb0a7eb78bab/analysis/1434004652/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f81-f294-45cc-aa9d-435c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:05.000Z",
"modified": "2015-08-25T13:37:05.000Z",
"description": "Sakula malware - Xchecked via VT: 501db97a6b60512612909cfe959fbcd0",
"pattern": "[file:hashes.SHA256 = 'bfad2431123316aa06d0ced071edbe3dd9f3ebe7051e8f8274ae500d83a5adf3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f81-fcd0-470b-8bbb-455f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:05.000Z",
"modified": "2015-08-25T13:37:05.000Z",
"description": "Sakula malware - Xchecked via VT: 501db97a6b60512612909cfe959fbcd0",
"pattern": "[file:hashes.SHA1 = '778c319b91b7d4cbc45da8baa4af2f9127423ba0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f81-e178-4ea6-8378-4eaa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:05.000Z",
"modified": "2015-08-25T13:37:05.000Z",
"first_observed": "2015-08-25T13:37:05Z",
"last_observed": "2015-08-25T13:37:05Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f81-e178-4ea6-8378-4eaa950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f81-e178-4ea6-8378-4eaa950d210b",
"value": "https://www.virustotal.com/file/bfad2431123316aa06d0ced071edbe3dd9f3ebe7051e8f8274ae500d83a5adf3/analysis/1433738251/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f82-3b78-4efb-aa42-4f3f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:06.000Z",
"modified": "2015-08-25T13:37:06.000Z",
"description": "Sakula malware - Xchecked via VT: 4d8482da8730a886e4d21c5bfb7cd30e",
"pattern": "[file:hashes.SHA256 = 'b1ebae4eaf805b2303fde0f4da963254c4649aeb0f7de7b0580a3eff1512d2b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f82-da34-486c-a8e1-42c3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:06.000Z",
"modified": "2015-08-25T13:37:06.000Z",
"description": "Sakula malware - Xchecked via VT: 4d8482da8730a886e4d21c5bfb7cd30e",
"pattern": "[file:hashes.SHA1 = '517e06b992e14529f712e7f48dd447422535b3a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f82-449c-40b7-bc3a-42d4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:06.000Z",
"modified": "2015-08-25T13:37:06.000Z",
"first_observed": "2015-08-25T13:37:06Z",
"last_observed": "2015-08-25T13:37:06Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f82-449c-40b7-bc3a-42d4950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f82-449c-40b7-bc3a-42d4950d210b",
"value": "https://www.virustotal.com/file/b1ebae4eaf805b2303fde0f4da963254c4649aeb0f7de7b0580a3eff1512d2b6/analysis/1428581431/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f82-77d0-4e5a-9caf-4a5c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:06.000Z",
"modified": "2015-08-25T13:37:06.000Z",
"description": "Sakula malware - Xchecked via VT: 492c59bddbcbe7cbd2f932655181fb08",
"pattern": "[file:hashes.SHA256 = '8a955b35c86e3bfc05ca6654723179d766ad6960ecb8e768abd1f56c24102d78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f82-2b58-465f-82e3-4772950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:06.000Z",
"modified": "2015-08-25T13:37:06.000Z",
"description": "Sakula malware - Xchecked via VT: 492c59bddbcbe7cbd2f932655181fb08",
"pattern": "[file:hashes.SHA1 = '93229172020b93a506549d505148b5c9e80d643b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f83-c004-4f7f-b189-49db950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:07.000Z",
"modified": "2015-08-25T13:37:07.000Z",
"first_observed": "2015-08-25T13:37:07Z",
"last_observed": "2015-08-25T13:37:07Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f83-c004-4f7f-b189-49db950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f83-c004-4f7f-b189-49db950d210b",
"value": "https://www.virustotal.com/file/8a955b35c86e3bfc05ca6654723179d766ad6960ecb8e768abd1f56c24102d78/analysis/1434004175/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f83-c46c-47ac-aac8-4b5c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:07.000Z",
"modified": "2015-08-25T13:37:07.000Z",
"description": "Sakula malware - Xchecked via VT: 488c55d9a13c7fa8ee1aa0c15a43ab1e",
"pattern": "[file:hashes.SHA256 = '5f7c219c4951381d4c5f198e3360824e989070346319263c7b72493d6be04393']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f83-4574-41aa-a51d-446f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:07.000Z",
"modified": "2015-08-25T13:37:07.000Z",
"description": "Sakula malware - Xchecked via VT: 488c55d9a13c7fa8ee1aa0c15a43ab1e",
"pattern": "[file:hashes.SHA1 = 'f1b04a10c070cfdf29669f019072148286f25c2b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f83-8f90-4e76-a29c-42f3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:07.000Z",
"modified": "2015-08-25T13:37:07.000Z",
"first_observed": "2015-08-25T13:37:07Z",
"last_observed": "2015-08-25T13:37:07Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f83-8f90-4e76-a29c-42f3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f83-8f90-4e76-a29c-42f3950d210b",
"value": "https://www.virustotal.com/file/5f7c219c4951381d4c5f198e3360824e989070346319263c7b72493d6be04393/analysis/1434004150/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f83-ec3c-468e-b5b6-4af9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:07.000Z",
"modified": "2015-08-25T13:37:07.000Z",
"description": "Sakula malware - Xchecked via VT: 470e8dd406407b50483ce40de46660af",
"pattern": "[file:hashes.SHA256 = 'f38854bf5b682606ca04e03bc0fafc04554d74b926c234a5521e9e90f2809c74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f83-76d0-4377-afb0-4df3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:07.000Z",
"modified": "2015-08-25T13:37:07.000Z",
"description": "Sakula malware - Xchecked via VT: 470e8dd406407b50483ce40de46660af",
"pattern": "[file:hashes.SHA1 = '36031722ac4914339508105bc92a7b3c947f72f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f84-70d4-41b5-9b55-4fb8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:08.000Z",
"modified": "2015-08-25T13:37:08.000Z",
"first_observed": "2015-08-25T13:37:08Z",
"last_observed": "2015-08-25T13:37:08Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f84-70d4-41b5-9b55-4fb8950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f84-70d4-41b5-9b55-4fb8950d210b",
"value": "https://www.virustotal.com/file/f38854bf5b682606ca04e03bc0fafc04554d74b926c234a5521e9e90f2809c74/analysis/1434004088/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f84-809c-44d0-b879-495d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:08.000Z",
"modified": "2015-08-25T13:37:08.000Z",
"description": "Sakula malware - Xchecked via VT: 43e6a46d8789e1563e94ff17eff486d7",
"pattern": "[file:hashes.SHA256 = 'd1165f7914c25f767162481faa500e256eef178486d039a5ddd1e8edd9c4f5f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f84-ab9c-4e40-803f-4c29950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:08.000Z",
"modified": "2015-08-25T13:37:08.000Z",
"description": "Sakula malware - Xchecked via VT: 43e6a46d8789e1563e94ff17eff486d7",
"pattern": "[file:hashes.SHA1 = '1dff74e9845b6eb444f9cae907a582a0e1929125']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f84-6374-4e61-85aa-42e4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:08.000Z",
"modified": "2015-08-25T13:37:08.000Z",
"first_observed": "2015-08-25T13:37:08Z",
"last_observed": "2015-08-25T13:37:08Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f84-6374-4e61-85aa-42e4950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f84-6374-4e61-85aa-42e4950d210b",
"value": "https://www.virustotal.com/file/d1165f7914c25f767162481faa500e256eef178486d039a5ddd1e8edd9c4f5f8/analysis/1434003942/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f84-b8fc-4b89-97f7-4e04950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:08.000Z",
"modified": "2015-08-25T13:37:08.000Z",
"description": "Sakula malware - Xchecked via VT: 421bff8f5dd218727283a2914424eccc",
"pattern": "[file:hashes.SHA256 = 'e82d2260eb5621df67eb68f134bec2e0647cb01ac1284b01a8f79ade27777039']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f84-0a8c-443d-9e0d-41ca950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:08.000Z",
"modified": "2015-08-25T13:37:08.000Z",
"description": "Sakula malware - Xchecked via VT: 421bff8f5dd218727283a2914424eccc",
"pattern": "[file:hashes.SHA1 = '7d639cea8bd8ff7fe3f1406f3590ea6ec1f6e810']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f85-67b8-48ed-b54e-4505950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:09.000Z",
"modified": "2015-08-25T13:37:09.000Z",
"first_observed": "2015-08-25T13:37:09Z",
"last_observed": "2015-08-25T13:37:09Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f85-67b8-48ed-b54e-4505950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f85-67b8-48ed-b54e-4505950d210b",
"value": "https://www.virustotal.com/file/e82d2260eb5621df67eb68f134bec2e0647cb01ac1284b01a8f79ade27777039/analysis/1433906329/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f85-5ef0-43e4-b464-4906950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:09.000Z",
"modified": "2015-08-25T13:37:09.000Z",
"description": "Sakula malware - Xchecked via VT: 416e831d583665352fe16fe9232d36cf",
"pattern": "[file:hashes.SHA256 = 'b719bca6ade9b83bbadd435e49f5a7c43e586b112ac3f342ca37daaa01ace9bb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f85-b500-4825-b4e4-4197950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:09.000Z",
"modified": "2015-08-25T13:37:09.000Z",
"description": "Sakula malware - Xchecked via VT: 416e831d583665352fe16fe9232d36cf",
"pattern": "[file:hashes.SHA1 = '50e7b4d4f3ab5fa9c77c0286213e7980ed52f6f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f85-838c-43c4-88f0-488a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:09.000Z",
"modified": "2015-08-25T13:37:09.000Z",
"first_observed": "2015-08-25T13:37:09Z",
"last_observed": "2015-08-25T13:37:09Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f85-838c-43c4-88f0-488a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f85-838c-43c4-88f0-488a950d210b",
"value": "https://www.virustotal.com/file/b719bca6ade9b83bbadd435e49f5a7c43e586b112ac3f342ca37daaa01ace9bb/analysis/1428580669/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f85-0964-4ffb-b99c-4620950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:09.000Z",
"modified": "2015-08-25T13:37:09.000Z",
"description": "Sakula malware - Xchecked via VT: 416e598fb1ed9a7b6ce815a224015cb8",
"pattern": "[file:hashes.SHA256 = 'aad06e06f3ad39e3f68b410774c8525106c8d852d7edc55f4cf1fff7d65244f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f86-f328-4f3d-91b3-495e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:10.000Z",
"modified": "2015-08-25T13:37:10.000Z",
"description": "Sakula malware - Xchecked via VT: 416e598fb1ed9a7b6ce815a224015cb8",
"pattern": "[file:hashes.SHA1 = 'f1184712df04d1859810b9ef0123485b8c563ac8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f86-5e34-417f-a6bd-4005950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:10.000Z",
"modified": "2015-08-25T13:37:10.000Z",
"first_observed": "2015-08-25T13:37:10Z",
"last_observed": "2015-08-25T13:37:10Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f86-5e34-417f-a6bd-4005950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f86-5e34-417f-a6bd-4005950d210b",
"value": "https://www.virustotal.com/file/aad06e06f3ad39e3f68b410774c8525106c8d852d7edc55f4cf1fff7d65244f8/analysis/1428580668/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f86-f580-4798-86bb-44dc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:10.000Z",
"modified": "2015-08-25T13:37:10.000Z",
"description": "Sakula malware - Xchecked via VT: 3ff30fce107a01d3d17a9768abe6e086",
"pattern": "[file:hashes.SHA256 = '0b8cf83905c8c66c190a51012c5c9c76e6d140aa009ff3c20438dc58146a4da9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f86-4188-4159-821b-4bcc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:10.000Z",
"modified": "2015-08-25T13:37:10.000Z",
"description": "Sakula malware - Xchecked via VT: 3ff30fce107a01d3d17a9768abe6e086",
"pattern": "[file:hashes.SHA1 = 'e8138ecb18f7fcda837d5526e50580cc3247c07e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f86-3ab4-41a4-b183-4be2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:10.000Z",
"modified": "2015-08-25T13:37:10.000Z",
"first_observed": "2015-08-25T13:37:10Z",
"last_observed": "2015-08-25T13:37:10Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f86-3ab4-41a4-b183-4be2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f86-3ab4-41a4-b183-4be2950d210b",
"value": "https://www.virustotal.com/file/0b8cf83905c8c66c190a51012c5c9c76e6d140aa009ff3c20438dc58146a4da9/analysis/1434003782/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f86-c648-41c0-9074-4dea950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:10.000Z",
"modified": "2015-08-25T13:37:10.000Z",
"description": "Sakula malware - Xchecked via VT: 3edbc66089be594233391d4f34ec1f94",
"pattern": "[file:hashes.SHA256 = '6ff1f843fb779d35a6e9f883dbc4214faa39dedfae27666714bce477b87134ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f87-c17c-40cb-bb67-4474950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:11.000Z",
"modified": "2015-08-25T13:37:11.000Z",
"description": "Sakula malware - Xchecked via VT: 3edbc66089be594233391d4f34ec1f94",
"pattern": "[file:hashes.SHA1 = '01750d60025b3956e6fcecea5fa3743089c58e2b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f87-1cb4-440f-a33e-44c1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:11.000Z",
"modified": "2015-08-25T13:37:11.000Z",
"first_observed": "2015-08-25T13:37:11Z",
"last_observed": "2015-08-25T13:37:11Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f87-1cb4-440f-a33e-44c1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f87-1cb4-440f-a33e-44c1950d210b",
"value": "https://www.virustotal.com/file/6ff1f843fb779d35a6e9f883dbc4214faa39dedfae27666714bce477b87134ac/analysis/1433906305/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f87-6a4c-4b7c-9a35-46e8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:11.000Z",
"modified": "2015-08-25T13:37:11.000Z",
"description": "Sakula malware - Xchecked via VT: 3a1df1ec3ef499bb59f07845e7621155",
"pattern": "[file:hashes.SHA256 = '8014fc78a954141852ee11229a254681c7860c1adf52bd2f1327c3176ed1d68b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f87-108c-4f7d-b937-4b46950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:11.000Z",
"modified": "2015-08-25T13:37:11.000Z",
"description": "Sakula malware - Xchecked via VT: 3a1df1ec3ef499bb59f07845e7621155",
"pattern": "[file:hashes.SHA1 = '61916fec02fd047c324af5d51c2490313e70d0e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f87-9194-476a-8f09-4d74950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:11.000Z",
"modified": "2015-08-25T13:37:11.000Z",
"first_observed": "2015-08-25T13:37:11Z",
"last_observed": "2015-08-25T13:37:11Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f87-9194-476a-8f09-4d74950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f87-9194-476a-8f09-4d74950d210b",
"value": "https://www.virustotal.com/file/8014fc78a954141852ee11229a254681c7860c1adf52bd2f1327c3176ed1d68b/analysis/1434003546/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f87-3e14-4213-8f9a-4232950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:11.000Z",
"modified": "2015-08-25T13:37:11.000Z",
"description": "Sakula malware - Xchecked via VT: 3859b0ea4596d8f47677497d09bcc894",
"pattern": "[file:hashes.SHA256 = 'de8f6ef7026669e4e31bce66b7477a16e9e3d804d3618a5716e0bac2472b2a70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f88-43e4-4ac7-b0a4-492e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:12.000Z",
"modified": "2015-08-25T13:37:12.000Z",
"description": "Sakula malware - Xchecked via VT: 3859b0ea4596d8f47677497d09bcc894",
"pattern": "[file:hashes.SHA1 = 'e71caf1ac227478f4a95dc89170ca0f0dd755c72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f88-63f8-4452-8275-4acb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:12.000Z",
"modified": "2015-08-25T13:37:12.000Z",
"first_observed": "2015-08-25T13:37:12Z",
"last_observed": "2015-08-25T13:37:12Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f88-63f8-4452-8275-4acb950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f88-63f8-4452-8275-4acb950d210b",
"value": "https://www.virustotal.com/file/de8f6ef7026669e4e31bce66b7477a16e9e3d804d3618a5716e0bac2472b2a70/analysis/1434003488/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f88-1e0c-4ed0-be3c-4110950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:12.000Z",
"modified": "2015-08-25T13:37:12.000Z",
"description": "Sakula malware - Xchecked via VT: 34b7aa103deefbe906df59106683cc97",
"pattern": "[file:hashes.SHA256 = '192bcaa184fe1237d57b2f1bf03ff4c75f1cbe4bce8d6a7646909b1a524172b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f88-6b1c-49e4-982c-4cc0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:12.000Z",
"modified": "2015-08-25T13:37:12.000Z",
"description": "Sakula malware - Xchecked via VT: 34b7aa103deefbe906df59106683cc97",
"pattern": "[file:hashes.SHA1 = '465fcec41bfa587e053d9634ed94c9bb5fbb5fdb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f88-6104-46ab-946f-4233950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:12.000Z",
"modified": "2015-08-25T13:37:12.000Z",
"first_observed": "2015-08-25T13:37:12Z",
"last_observed": "2015-08-25T13:37:12Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f88-6104-46ab-946f-4233950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f88-6104-46ab-946f-4233950d210b",
"value": "https://www.virustotal.com/file/192bcaa184fe1237d57b2f1bf03ff4c75f1cbe4bce8d6a7646909b1a524172b8/analysis/1405086577/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f89-b9f0-4655-b59a-402f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:13.000Z",
"modified": "2015-08-25T13:37:13.000Z",
"description": "Sakula malware - Xchecked via VT: 33be8e41a8c3a9203829615ae26a5b6e",
"pattern": "[file:hashes.SHA256 = '2204934ac2d69b5ebb2b95937a7935ae19e3c8da127c7a16d6b42831ca9c5b28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f89-4328-420a-b656-4539950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:13.000Z",
"modified": "2015-08-25T13:37:13.000Z",
"description": "Sakula malware - Xchecked via VT: 33be8e41a8c3a9203829615ae26a5b6e",
"pattern": "[file:hashes.SHA1 = 'e450ee93b4e41b25d3c3a341a21a58531de94616']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f89-73a8-4328-8d5b-41ac950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:13.000Z",
"modified": "2015-08-25T13:37:13.000Z",
"first_observed": "2015-08-25T13:37:13Z",
"last_observed": "2015-08-25T13:37:13Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f89-73a8-4328-8d5b-41ac950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f89-73a8-4328-8d5b-41ac950d210b",
"value": "https://www.virustotal.com/file/2204934ac2d69b5ebb2b95937a7935ae19e3c8da127c7a16d6b42831ca9c5b28/analysis/1433906276/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f89-4c78-4e67-8b4b-4758950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:13.000Z",
"modified": "2015-08-25T13:37:13.000Z",
"description": "Sakula malware - Xchecked via VT: 2ff61b170821191c99d8b75bd01726f2",
"pattern": "[file:hashes.SHA256 = 'ada21030c1ba9014e72f08de9974b947091bec01855411743042f75c81d4f2b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f89-ce78-405b-8bcb-4cf6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:13.000Z",
"modified": "2015-08-25T13:37:13.000Z",
"description": "Sakula malware - Xchecked via VT: 2ff61b170821191c99d8b75bd01726f2",
"pattern": "[file:hashes.SHA1 = '320cf1c0efad979d0028f504f7274bbc7790fdde']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f89-e928-4588-ae90-41db950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:13.000Z",
"modified": "2015-08-25T13:37:13.000Z",
"first_observed": "2015-08-25T13:37:13Z",
"last_observed": "2015-08-25T13:37:13Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f89-e928-4588-ae90-41db950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f89-e928-4588-ae90-41db950d210b",
"value": "https://www.virustotal.com/file/ada21030c1ba9014e72f08de9974b947091bec01855411743042f75c81d4f2b3/analysis/1433906081/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8a-ef94-46eb-90d7-4289950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:14.000Z",
"modified": "2015-08-25T13:37:14.000Z",
"description": "Sakula malware - Xchecked via VT: 2f23af251b8535e24614c11d706197c3",
"pattern": "[file:hashes.SHA256 = 'af6d9de3a710432fa43cfbd99a24de2ce4716aaa9763edd3e773e4c969f6fe4e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8a-7894-4d98-9231-406b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:14.000Z",
"modified": "2015-08-25T13:37:14.000Z",
"description": "Sakula malware - Xchecked via VT: 2f23af251b8535e24614c11d706197c3",
"pattern": "[file:hashes.SHA1 = '5cf70dd003cb478ce983abb4d6662894048c0164']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f8a-120c-4f29-af97-444b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:14.000Z",
"modified": "2015-08-25T13:37:14.000Z",
"first_observed": "2015-08-25T13:37:14Z",
"last_observed": "2015-08-25T13:37:14Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f8a-120c-4f29-af97-444b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f8a-120c-4f29-af97-444b950d210b",
"value": "https://www.virustotal.com/file/af6d9de3a710432fa43cfbd99a24de2ce4716aaa9763edd3e773e4c969f6fe4e/analysis/1405083571/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8a-91dc-4b1e-8747-457b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:14.000Z",
"modified": "2015-08-25T13:37:14.000Z",
"description": "Sakula malware - Xchecked via VT: 2ca3f59590a5aeab648f292bf19f4a5e",
"pattern": "[file:hashes.SHA256 = 'c6088899bcb77e5d642999ebb0f440e28b795007735023b38d4965c0ae02a05e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8a-40c8-4a7e-8f54-4a6c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:14.000Z",
"modified": "2015-08-25T13:37:14.000Z",
"description": "Sakula malware - Xchecked via VT: 2ca3f59590a5aeab648f292bf19f4a5e",
"pattern": "[file:hashes.SHA1 = 'bf3cb57d73c580f710388c9d574de074bbca5d7a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f8a-b12c-42c9-9b25-4c9a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:14.000Z",
"modified": "2015-08-25T13:37:14.000Z",
"first_observed": "2015-08-25T13:37:14Z",
"last_observed": "2015-08-25T13:37:14Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f8a-b12c-42c9-9b25-4c9a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f8a-b12c-42c9-9b25-4c9a950d210b",
"value": "https://www.virustotal.com/file/c6088899bcb77e5d642999ebb0f440e28b795007735023b38d4965c0ae02a05e/analysis/1434993481/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8b-3a7c-4734-8165-43cb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:15.000Z",
"modified": "2015-08-25T13:37:15.000Z",
"description": "Sakula malware - Xchecked via VT: 2adc305f890f51bd97edbece913abc33",
"pattern": "[file:hashes.SHA256 = 'e7a3e3b6c1505bc81f1844632429dfb9111fb6da3b50bec2eea8a9c5b10c0788']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8b-4814-4140-ba7a-4d45950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:15.000Z",
"modified": "2015-08-25T13:37:15.000Z",
"description": "Sakula malware - Xchecked via VT: 2adc305f890f51bd97edbece913abc33",
"pattern": "[file:hashes.SHA1 = '07b911db2b0718e2b0afcf6b8b2fd47d28934b85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f8b-74d8-45d9-b8e9-4ac1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:15.000Z",
"modified": "2015-08-25T13:37:15.000Z",
"first_observed": "2015-08-25T13:37:15Z",
"last_observed": "2015-08-25T13:37:15Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f8b-74d8-45d9-b8e9-4ac1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f8b-74d8-45d9-b8e9-4ac1950d210b",
"value": "https://www.virustotal.com/file/e7a3e3b6c1505bc81f1844632429dfb9111fb6da3b50bec2eea8a9c5b10c0788/analysis/1434996301/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8b-1b48-48a5-b600-4ffe950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:15.000Z",
"modified": "2015-08-25T13:37:15.000Z",
"description": "Sakula malware - Xchecked via VT: 29bd6cfc21250dfa348597a21a4a012b",
"pattern": "[file:hashes.SHA256 = '7f562e82dbbf72cec6fca529950f85bed7b373621d2833644343768e85cf6217']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8b-0680-4a2c-bdf5-457c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:15.000Z",
"modified": "2015-08-25T13:37:15.000Z",
"description": "Sakula malware - Xchecked via VT: 29bd6cfc21250dfa348597a21a4a012b",
"pattern": "[file:hashes.SHA1 = '6c5bab7edf1630d8b8b36d631ea3d18e3aad946c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f8c-648c-4cc0-a1c2-4c43950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:16.000Z",
"modified": "2015-08-25T13:37:16.000Z",
"first_observed": "2015-08-25T13:37:16Z",
"last_observed": "2015-08-25T13:37:16Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f8c-648c-4cc0-a1c2-4c43950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f8c-648c-4cc0-a1c2-4c43950d210b",
"value": "https://www.virustotal.com/file/7f562e82dbbf72cec6fca529950f85bed7b373621d2833644343768e85cf6217/analysis/1407323459/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8c-9140-49fa-b91c-4665950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:16.000Z",
"modified": "2015-08-25T13:37:16.000Z",
"description": "Sakula malware - Xchecked via VT: 276f06196001dcfa97a035509f0cd0aa",
"pattern": "[file:hashes.SHA256 = 'aced49103765fb3545e63b3bc31570e75bacd90991850268d1d68b0bf8c838a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8c-c7dc-48a7-bdee-4ce8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:16.000Z",
"modified": "2015-08-25T13:37:16.000Z",
"description": "Sakula malware - Xchecked via VT: 276f06196001dcfa97a035509f0cd0aa",
"pattern": "[file:hashes.SHA1 = '122c44e187a746c19b14db6da96db9aa79007f64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f8c-5b00-408b-8412-4f7c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:16.000Z",
"modified": "2015-08-25T13:37:16.000Z",
"first_observed": "2015-08-25T13:37:16Z",
"last_observed": "2015-08-25T13:37:16Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f8c-5b00-408b-8412-4f7c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f8c-5b00-408b-8412-4f7c950d210b",
"value": "https://www.virustotal.com/file/aced49103765fb3545e63b3bc31570e75bacd90991850268d1d68b0bf8c838a1/analysis/1434002680/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8c-f40c-4739-952f-4fe8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:16.000Z",
"modified": "2015-08-25T13:37:16.000Z",
"description": "Sakula malware - Xchecked via VT: 260349f5343244c439b211d9f9ff53cf",
"pattern": "[file:hashes.SHA256 = 'b8bc59f0a3c34720a5f47b2cf769548f9c057605a94fe5e06361bbeb9801641b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8c-26b8-49f6-89c5-4786950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:16.000Z",
"modified": "2015-08-25T13:37:16.000Z",
"description": "Sakula malware - Xchecked via VT: 260349f5343244c439b211d9f9ff53cf",
"pattern": "[file:hashes.SHA1 = '5fbf3ca23f97deb97647ace003308129eeeac1ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f8d-b7e8-49df-82c5-4050950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:17.000Z",
"modified": "2015-08-25T13:37:17.000Z",
"first_observed": "2015-08-25T13:37:17Z",
"last_observed": "2015-08-25T13:37:17Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f8d-b7e8-49df-82c5-4050950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f8d-b7e8-49df-82c5-4050950d210b",
"value": "https://www.virustotal.com/file/b8bc59f0a3c34720a5f47b2cf769548f9c057605a94fe5e06361bbeb9801641b/analysis/1434995883/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8d-4f54-44f2-8d11-4074950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:17.000Z",
"modified": "2015-08-25T13:37:17.000Z",
"description": "Sakula malware - Xchecked via VT: 2414d83e97cb4c442b5594c6fbafe045",
"pattern": "[file:hashes.SHA256 = '2a8b4c22b7a6f0bcd3e11490ce76860ee84b64e7900b90fb7ee1c1cd63432311']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8d-fe24-4097-a9ce-497d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:17.000Z",
"modified": "2015-08-25T13:37:17.000Z",
"description": "Sakula malware - Xchecked via VT: 2414d83e97cb4c442b5594c6fbafe045",
"pattern": "[file:hashes.SHA1 = 'de8d37c0a87c4fa536e9728cd2b0976c9bb7a328']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f8d-4e18-44f1-a6cd-4559950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:17.000Z",
"modified": "2015-08-25T13:37:17.000Z",
"first_observed": "2015-08-25T13:37:17Z",
"last_observed": "2015-08-25T13:37:17Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f8d-4e18-44f1-a6cd-4559950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f8d-4e18-44f1-a6cd-4559950d210b",
"value": "https://www.virustotal.com/file/2a8b4c22b7a6f0bcd3e11490ce76860ee84b64e7900b90fb7ee1c1cd63432311/analysis/1428578972/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8d-6f20-4fc2-bf87-44e1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:17.000Z",
"modified": "2015-08-25T13:37:17.000Z",
"description": "Sakula malware - Xchecked via VT: 231d0bfe48388082f5769f3deef5bcab",
"pattern": "[file:hashes.SHA256 = 'ca0be5e647c22ccb4a7961650a9af062e80a445d5d4024d525b362eab312484f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8d-faa4-4e9c-a3b5-48d2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:17.000Z",
"modified": "2015-08-25T13:37:17.000Z",
"description": "Sakula malware - Xchecked via VT: 231d0bfe48388082f5769f3deef5bcab",
"pattern": "[file:hashes.SHA1 = '340327e187f97485e16b2242a01fe3fdabd3fedb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f8e-e490-4951-9525-41ea950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:18.000Z",
"modified": "2015-08-25T13:37:18.000Z",
"first_observed": "2015-08-25T13:37:18Z",
"last_observed": "2015-08-25T13:37:18Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f8e-e490-4951-9525-41ea950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f8e-e490-4951-9525-41ea950d210b",
"value": "https://www.virustotal.com/file/ca0be5e647c22ccb4a7961650a9af062e80a445d5d4024d525b362eab312484f/analysis/1434994025/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8e-463c-4b52-aef9-41d4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:18.000Z",
"modified": "2015-08-25T13:37:18.000Z",
"description": "Sakula malware - Xchecked via VT: 23169a0a2eee3d12fde0f3efd2cd55f1",
"pattern": "[file:hashes.SHA256 = '0f4e7fac307de174c4b276a894bdfb2292bffdc29f8cf9d91daa5ca86ba7d7da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8e-55f4-49d9-910e-40bb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:18.000Z",
"modified": "2015-08-25T13:37:18.000Z",
"description": "Sakula malware - Xchecked via VT: 23169a0a2eee3d12fde0f3efd2cd55f1",
"pattern": "[file:hashes.SHA1 = 'e86d76d944f1213f0c7c016b5eadb0e50b3d969e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f8e-a124-4c89-a432-472c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:18.000Z",
"modified": "2015-08-25T13:37:18.000Z",
"first_observed": "2015-08-25T13:37:18Z",
"last_observed": "2015-08-25T13:37:18Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f8e-a124-4c89-a432-472c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f8e-a124-4c89-a432-472c950d210b",
"value": "https://www.virustotal.com/file/0f4e7fac307de174c4b276a894bdfb2292bffdc29f8cf9d91daa5ca86ba7d7da/analysis/1435326259/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8e-70f0-47ed-ada4-45fa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:18.000Z",
"modified": "2015-08-25T13:37:18.000Z",
"description": "Sakula malware - Xchecked via VT: 21ee6c85f431c2aa085b91ac0c86d27f",
"pattern": "[file:hashes.SHA256 = '57375c715fe06101d88029f3f54ad8e1059d55e1e886aa151ff38a5cbfa868fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8e-e500-4f97-b523-41ae950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:18.000Z",
"modified": "2015-08-25T13:37:18.000Z",
"description": "Sakula malware - Xchecked via VT: 21ee6c85f431c2aa085b91ac0c86d27f",
"pattern": "[file:hashes.SHA1 = 'c2b9b78952575e8b6d4a66e9f31b611f10adc5e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f8f-52b4-494d-946c-45c4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:19.000Z",
"modified": "2015-08-25T13:37:19.000Z",
"first_observed": "2015-08-25T13:37:19Z",
"last_observed": "2015-08-25T13:37:19Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f8f-52b4-494d-946c-45c4950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f8f-52b4-494d-946c-45c4950d210b",
"value": "https://www.virustotal.com/file/57375c715fe06101d88029f3f54ad8e1059d55e1e886aa151ff38a5cbfa868fc/analysis/1434002465/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8f-e638-49b3-bab1-4c32950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:19.000Z",
"modified": "2015-08-25T13:37:19.000Z",
"description": "Sakula malware - Xchecked via VT: 21131bce815f2cb1bc0eb1fbf00b3c25",
"pattern": "[file:hashes.SHA256 = '245cc59a43cf1d114270d99d9a6a216fefe17c04fda4ba614f32b2332ca78be0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8f-664c-4264-b9a4-4ff5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:19.000Z",
"modified": "2015-08-25T13:37:19.000Z",
"description": "Sakula malware - Xchecked via VT: 21131bce815f2cb1bc0eb1fbf00b3c25",
"pattern": "[file:hashes.SHA1 = '279aa3b5b8adc901663c03fc0228848e8cd15782']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f8f-9a50-4f88-85e0-4a35950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:19.000Z",
"modified": "2015-08-25T13:37:19.000Z",
"first_observed": "2015-08-25T13:37:19Z",
"last_observed": "2015-08-25T13:37:19Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f8f-9a50-4f88-85e0-4a35950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f8f-9a50-4f88-85e0-4a35950d210b",
"value": "https://www.virustotal.com/file/245cc59a43cf1d114270d99d9a6a216fefe17c04fda4ba614f32b2332ca78be0/analysis/1434002438/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f8f-26c0-42cf-9332-4901950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:19.000Z",
"modified": "2015-08-25T13:37:19.000Z",
"description": "Sakula malware - Xchecked via VT: 1ff57a7aa2aa92698356f6c157290a28",
"pattern": "[file:hashes.SHA256 = '5ff6bc2627d8eb6085e5a082ebd451677a39d5dfc32ed917d1880cb5d61adedc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f90-dcfc-4160-a7bc-456f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:20.000Z",
"modified": "2015-08-25T13:37:20.000Z",
"description": "Sakula malware - Xchecked via VT: 1ff57a7aa2aa92698356f6c157290a28",
"pattern": "[file:hashes.SHA1 = '056c64180454cb1a144208cfa80fd4e61aa9238f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f90-7e5c-4c59-9c4a-4584950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:20.000Z",
"modified": "2015-08-25T13:37:20.000Z",
"first_observed": "2015-08-25T13:37:20Z",
"last_observed": "2015-08-25T13:37:20Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f90-7e5c-4c59-9c4a-4584950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f90-7e5c-4c59-9c4a-4584950d210b",
"value": "https://www.virustotal.com/file/5ff6bc2627d8eb6085e5a082ebd451677a39d5dfc32ed917d1880cb5d61adedc/analysis/1436840986/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f90-c56c-4afb-b56e-42b1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:20.000Z",
"modified": "2015-08-25T13:37:20.000Z",
"description": "Sakula malware - Xchecked via VT: 1bb0fb051cf5ba8772ad8a21616f1edb",
"pattern": "[file:hashes.SHA256 = '9ceb6bf4e0d1df1928c1e8fc5968ec2d69d64b30023dd86ebaa7b850f4e6548b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f90-450c-4bd1-ad42-4da0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:20.000Z",
"modified": "2015-08-25T13:37:20.000Z",
"description": "Sakula malware - Xchecked via VT: 1bb0fb051cf5ba8772ad8a21616f1edb",
"pattern": "[file:hashes.SHA1 = '4701d5208b8b4c139fce824c547c84c75fe049c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f90-3e04-4c62-b2b7-4a62950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:20.000Z",
"modified": "2015-08-25T13:37:20.000Z",
"first_observed": "2015-08-25T13:37:20Z",
"last_observed": "2015-08-25T13:37:20Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f90-3e04-4c62-b2b7-4a62950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f90-3e04-4c62-b2b7-4a62950d210b",
"value": "https://www.virustotal.com/file/9ceb6bf4e0d1df1928c1e8fc5968ec2d69d64b30023dd86ebaa7b850f4e6548b/analysis/1438340138/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f90-891c-4795-8030-47be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:20.000Z",
"modified": "2015-08-25T13:37:20.000Z",
"description": "Sakula malware - Xchecked via VT: 1b826fa3fd70a529623ed1267944cee5",
"pattern": "[file:hashes.SHA256 = '72af72976c78e6002122e416832729f59c0ba9dbc45956bce08ee1dd4ee81ce2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f91-4e78-48d5-8f7a-4c20950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:21.000Z",
"modified": "2015-08-25T13:37:21.000Z",
"description": "Sakula malware - Xchecked via VT: 1b826fa3fd70a529623ed1267944cee5",
"pattern": "[file:hashes.SHA1 = '7dd2c7bff7a1ed10824fdaa77236427ef4a4a26f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f91-9c34-433b-bcf2-4101950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:21.000Z",
"modified": "2015-08-25T13:37:21.000Z",
"first_observed": "2015-08-25T13:37:21Z",
"last_observed": "2015-08-25T13:37:21Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f91-9c34-433b-bcf2-4101950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f91-9c34-433b-bcf2-4101950d210b",
"value": "https://www.virustotal.com/file/72af72976c78e6002122e416832729f59c0ba9dbc45956bce08ee1dd4ee81ce2/analysis/1434002177/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f91-bf7c-4c25-b0ab-4343950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:21.000Z",
"modified": "2015-08-25T13:37:21.000Z",
"description": "Sakula malware - Xchecked via VT: 1856a6a28621f241698e4e4287cba7c9",
"pattern": "[file:hashes.SHA256 = '45baa71f4743df6033b0d168ba7fbb6a98b4fbf726db6f2e324be356ec4e0e8d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f91-4e4c-478b-bf8e-475b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:21.000Z",
"modified": "2015-08-25T13:37:21.000Z",
"description": "Sakula malware - Xchecked via VT: 1856a6a28621f241698e4e4287cba7c9",
"pattern": "[file:hashes.SHA1 = '18ff92ea12c8b1967e248791241b4e3d41b2ce6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f91-622c-432d-bb36-4c5d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:21.000Z",
"modified": "2015-08-25T13:37:21.000Z",
"first_observed": "2015-08-25T13:37:21Z",
"last_observed": "2015-08-25T13:37:21Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f91-622c-432d-bb36-4c5d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f91-622c-432d-bb36-4c5d950d210b",
"value": "https://www.virustotal.com/file/45baa71f4743df6033b0d168ba7fbb6a98b4fbf726db6f2e324be356ec4e0e8d/analysis/1428578356/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f91-5510-4f13-8eb4-45cc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:21.000Z",
"modified": "2015-08-25T13:37:21.000Z",
"description": "Sakula malware - Xchecked via VT: 1472fffe307ad13669420021f9a2c722",
"pattern": "[file:hashes.SHA256 = '88dd93965cdb2eed912fe59d6d014309b8b1de08bd0471f6f60b275a5077a962']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f92-5398-4891-99bf-4cf3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:22.000Z",
"modified": "2015-08-25T13:37:22.000Z",
"description": "Sakula malware - Xchecked via VT: 1472fffe307ad13669420021f9a2c722",
"pattern": "[file:hashes.SHA1 = '6fa088f9d4723693533fce1e0034726fd554753a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f92-d398-439c-af9e-4305950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:22.000Z",
"modified": "2015-08-25T13:37:22.000Z",
"first_observed": "2015-08-25T13:37:22Z",
"last_observed": "2015-08-25T13:37:22Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f92-d398-439c-af9e-4305950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f92-d398-439c-af9e-4305950d210b",
"value": "https://www.virustotal.com/file/88dd93965cdb2eed912fe59d6d014309b8b1de08bd0471f6f60b275a5077a962/analysis/1438103229/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f92-edf8-49d0-ba60-4fd7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:22.000Z",
"modified": "2015-08-25T13:37:22.000Z",
"description": "Sakula malware - Xchecked via VT: 1371181a6e6852f52374b4515aaa026a",
"pattern": "[file:hashes.SHA256 = '401c6e97f6427160cfbdf3cfdcd2f6ec3ceeb8969d08fa057d6fae2b52d875c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f92-8018-4195-8a2f-4d18950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:22.000Z",
"modified": "2015-08-25T13:37:22.000Z",
"description": "Sakula malware - Xchecked via VT: 1371181a6e6852f52374b4515aaa026a",
"pattern": "[file:hashes.SHA1 = '6526f7e4321f3acca071dc9b2af6c51a8ab26d15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f92-681c-4410-ace0-42ec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:22.000Z",
"modified": "2015-08-25T13:37:22.000Z",
"first_observed": "2015-08-25T13:37:22Z",
"last_observed": "2015-08-25T13:37:22Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f92-681c-4410-ace0-42ec950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f92-681c-4410-ace0-42ec950d210b",
"value": "https://www.virustotal.com/file/401c6e97f6427160cfbdf3cfdcd2f6ec3ceeb8969d08fa057d6fae2b52d875c3/analysis/1428578074/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f93-fb60-4124-972f-4cbf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:23.000Z",
"modified": "2015-08-25T13:37:23.000Z",
"description": "Sakula malware - Xchecked via VT: 121320414d091508ac397044495d0d9c",
"pattern": "[file:hashes.SHA256 = '8e15bcd714a51add0a5e90c014698e6b0cffc95ab53d3f3f1273a6247e6afb1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f93-44d0-4ca8-b854-4efe950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:23.000Z",
"modified": "2015-08-25T13:37:23.000Z",
"description": "Sakula malware - Xchecked via VT: 121320414d091508ac397044495d0d9c",
"pattern": "[file:hashes.SHA1 = '6ae8f1653ca4d5643d81ef5e64a333f47603da20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f93-2a50-4a85-b839-4930950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:23.000Z",
"modified": "2015-08-25T13:37:23.000Z",
"first_observed": "2015-08-25T13:37:23Z",
"last_observed": "2015-08-25T13:37:23Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f93-2a50-4a85-b839-4930950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f93-2a50-4a85-b839-4930950d210b",
"value": "https://www.virustotal.com/file/8e15bcd714a51add0a5e90c014698e6b0cffc95ab53d3f3f1273a6247e6afb1a/analysis/1428577989/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f93-5484-4b6e-b187-4701950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:23.000Z",
"modified": "2015-08-25T13:37:23.000Z",
"description": "Sakula malware - Xchecked via VT: 116dbfd8f5b6c5a5522d3b83a3821268",
"pattern": "[file:hashes.SHA256 = '51fe6e36cc11720e5d5d2b11993175fd7b95de6a28ecb58deb783e1a4ef0f758']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f93-0ac8-4b77-ae24-42af950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:23.000Z",
"modified": "2015-08-25T13:37:23.000Z",
"description": "Sakula malware - Xchecked via VT: 116dbfd8f5b6c5a5522d3b83a3821268",
"pattern": "[file:hashes.SHA1 = 'a87e52e413a3407dc5284e090a636680979592cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f93-75b0-42fb-9196-4056950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:23.000Z",
"modified": "2015-08-25T13:37:23.000Z",
"first_observed": "2015-08-25T13:37:23Z",
"last_observed": "2015-08-25T13:37:23Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f93-75b0-42fb-9196-4056950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f93-75b0-42fb-9196-4056950d210b",
"value": "https://www.virustotal.com/file/51fe6e36cc11720e5d5d2b11993175fd7b95de6a28ecb58deb783e1a4ef0f758/analysis/1434001773/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f94-9304-49c0-b693-47e3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:24.000Z",
"modified": "2015-08-25T13:37:24.000Z",
"description": "Sakula malware - Xchecked via VT: 1077a39788e88dbf07c0b6ef3f143fd4",
"pattern": "[file:hashes.SHA256 = 'e6a9c9c5d3786c4fea54121ee5b6bd5fe0da555e8aaaf7f327870fbd7279c742']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f94-659c-4089-ac37-4af3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:24.000Z",
"modified": "2015-08-25T13:37:24.000Z",
"description": "Sakula malware - Xchecked via VT: 1077a39788e88dbf07c0b6ef3f143fd4",
"pattern": "[file:hashes.SHA1 = '3c334b391a955e6c59c66a991475c96807233b9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f94-5c70-4368-be37-4783950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:24.000Z",
"modified": "2015-08-25T13:37:24.000Z",
"first_observed": "2015-08-25T13:37:24Z",
"last_observed": "2015-08-25T13:37:24Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f94-5c70-4368-be37-4783950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f94-5c70-4368-be37-4783950d210b",
"value": "https://www.virustotal.com/file/e6a9c9c5d3786c4fea54121ee5b6bd5fe0da555e8aaaf7f327870fbd7279c742/analysis/1438103227/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f94-c738-4817-8440-4869950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:24.000Z",
"modified": "2015-08-25T13:37:24.000Z",
"description": "Sakula malware - Xchecked via VT: 0d0f5c0416247bb1dd6e0e2be1114b67",
"pattern": "[file:hashes.SHA256 = 'e0b1c8f113d5c4c5359a81dd7e7555b5a30aef21cf655c7cd8309668ab438115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f94-23b4-4b1e-86bc-44ad950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:24.000Z",
"modified": "2015-08-25T13:37:24.000Z",
"description": "Sakula malware - Xchecked via VT: 0d0f5c0416247bb1dd6e0e2be1114b67",
"pattern": "[file:hashes.SHA1 = '8f0aec8daa26f40af01f22375e6245a06791c02d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f94-d32c-4d15-85dd-4780950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:24.000Z",
"modified": "2015-08-25T13:37:24.000Z",
"first_observed": "2015-08-25T13:37:24Z",
"last_observed": "2015-08-25T13:37:24Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f94-d32c-4d15-85dd-4780950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f94-d32c-4d15-85dd-4780950d210b",
"value": "https://www.virustotal.com/file/e0b1c8f113d5c4c5359a81dd7e7555b5a30aef21cf655c7cd8309668ab438115/analysis/1428577619/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f95-8ac4-49a1-86b7-4671950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:25.000Z",
"modified": "2015-08-25T13:37:25.000Z",
"description": "Sakula malware - Xchecked via VT: 0a2c6265a65a25e9bef80f55cdd62229",
"pattern": "[file:hashes.SHA256 = '731ef5fc57a5669b09af844c8c401efe9aac51f88dea756d851e9908c63995b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f95-c334-4489-b284-4fd9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:25.000Z",
"modified": "2015-08-25T13:37:25.000Z",
"description": "Sakula malware - Xchecked via VT: 0a2c6265a65a25e9bef80f55cdd62229",
"pattern": "[file:hashes.SHA1 = 'fbead56bcbc0a8a63b744ca37a98a6523945295e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f95-38dc-4c5e-ac96-4b50950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:25.000Z",
"modified": "2015-08-25T13:37:25.000Z",
"first_observed": "2015-08-25T13:37:25Z",
"last_observed": "2015-08-25T13:37:25Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f95-38dc-4c5e-ac96-4b50950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f95-38dc-4c5e-ac96-4b50950d210b",
"value": "https://www.virustotal.com/file/731ef5fc57a5669b09af844c8c401efe9aac51f88dea756d851e9908c63995b4/analysis/1438103225/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f95-0de8-465a-83d6-4b19950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:25.000Z",
"modified": "2015-08-25T13:37:25.000Z",
"description": "Sakula malware - Xchecked via VT: 07b678ed364b23688b02a13727166a45",
"pattern": "[file:hashes.SHA256 = '43078f436a9a7b278edf2fedc64a159d85d79e92a53d89b7da0e5ccd64f807a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f95-18f4-40fa-9605-42e9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:25.000Z",
"modified": "2015-08-25T13:37:25.000Z",
"description": "Sakula malware - Xchecked via VT: 07b678ed364b23688b02a13727166a45",
"pattern": "[file:hashes.SHA1 = '929ec8f907ddf381479fc81e9d4f5da4ffca6c79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f95-f698-493a-aebe-4115950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:25.000Z",
"modified": "2015-08-25T13:37:25.000Z",
"first_observed": "2015-08-25T13:37:25Z",
"last_observed": "2015-08-25T13:37:25Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f95-f698-493a-aebe-4115950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f95-f698-493a-aebe-4115950d210b",
"value": "https://www.virustotal.com/file/43078f436a9a7b278edf2fedc64a159d85d79e92a53d89b7da0e5ccd64f807a6/analysis/1433900942/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f96-8d4c-4100-81fb-4e22950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:26.000Z",
"modified": "2015-08-25T13:37:26.000Z",
"description": "Sakula malware - Xchecked via VT: 06ec79f67ad8ede9a3bd0810d88e3539",
"pattern": "[file:hashes.SHA256 = '47d544b11616e95f281b09cbb2df92b1baac7a1400b5c50505763ffe62dd7efb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f96-f7b4-41bc-9d0f-49af950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:26.000Z",
"modified": "2015-08-25T13:37:26.000Z",
"description": "Sakula malware - Xchecked via VT: 06ec79f67ad8ede9a3bd0810d88e3539",
"pattern": "[file:hashes.SHA1 = '6b93386ba19c23fc031308da9c245e4e745bbb3e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f96-b494-4618-9fd8-42b3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:26.000Z",
"modified": "2015-08-25T13:37:26.000Z",
"first_observed": "2015-08-25T13:37:26Z",
"last_observed": "2015-08-25T13:37:26Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f96-b494-4618-9fd8-42b3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f96-b494-4618-9fd8-42b3950d210b",
"value": "https://www.virustotal.com/file/47d544b11616e95f281b09cbb2df92b1baac7a1400b5c50505763ffe62dd7efb/analysis/1434001324/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f96-2db4-40ea-bc23-498e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:26.000Z",
"modified": "2015-08-25T13:37:26.000Z",
"description": "Sakula malware - Xchecked via VT: 05cd4bfeac3ad6144b5f5023277afa45",
"pattern": "[file:hashes.SHA256 = '8c5de270f88fb59258ac10534597be7f59c38a0df133d241d30f655b0895724a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f96-f040-4c0a-b4ad-4a9e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:26.000Z",
"modified": "2015-08-25T13:37:26.000Z",
"description": "Sakula malware - Xchecked via VT: 05cd4bfeac3ad6144b5f5023277afa45",
"pattern": "[file:hashes.SHA1 = 'ae9e3e8a4d21a61679e9d93720a21aaee55fc5d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f97-4290-4620-b216-4327950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:27.000Z",
"modified": "2015-08-25T13:37:27.000Z",
"first_observed": "2015-08-25T13:37:27Z",
"last_observed": "2015-08-25T13:37:27Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f97-4290-4620-b216-4327950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f97-4290-4620-b216-4327950d210b",
"value": "https://www.virustotal.com/file/8c5de270f88fb59258ac10534597be7f59c38a0df133d241d30f655b0895724a/analysis/1428577121/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f97-26b0-442e-adda-402c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:27.000Z",
"modified": "2015-08-25T13:37:27.000Z",
"description": "Sakula malware - Xchecked via VT: 04e8510007eea6bb009ab3b053f039db",
"pattern": "[file:hashes.SHA256 = '69a71e8d87e3f9c694dfb532f99cfdf186d2c6d7ca109e6890b5f2272d2d6425']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f97-9288-47f4-8035-4b0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:27.000Z",
"modified": "2015-08-25T13:37:27.000Z",
"description": "Sakula malware - Xchecked via VT: 04e8510007eea6bb009ab3b053f039db",
"pattern": "[file:hashes.SHA1 = 'b9e93e1a71d901e67764c48a6dc4818b8ec63a50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f97-e070-4425-ba87-40b2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:27.000Z",
"modified": "2015-08-25T13:37:27.000Z",
"first_observed": "2015-08-25T13:37:27Z",
"last_observed": "2015-08-25T13:37:27Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f97-e070-4425-ba87-40b2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f97-e070-4425-ba87-40b2950d210b",
"value": "https://www.virustotal.com/file/69a71e8d87e3f9c694dfb532f99cfdf186d2c6d7ca109e6890b5f2272d2d6425/analysis/1428577078/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f97-5e54-4667-8b9a-45c2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:27.000Z",
"modified": "2015-08-25T13:37:27.000Z",
"description": "Sakula malware - Xchecked via VT: 0334b1043c62d48525a29aeb95afcb09",
"pattern": "[file:hashes.SHA256 = 'b6f8b8e822b6ec9b94a32c47fef924618bb392b3bbba37b28b5352ce98080c79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f97-ec24-402e-9cd3-405b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:27.000Z",
"modified": "2015-08-25T13:37:27.000Z",
"description": "Sakula malware - Xchecked via VT: 0334b1043c62d48525a29aeb95afcb09",
"pattern": "[file:hashes.SHA1 = 'b934a7fd3d449934423f5bd7b2e5496e0377ede2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f98-8d8c-4ab3-a0f6-4886950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:28.000Z",
"modified": "2015-08-25T13:37:28.000Z",
"first_observed": "2015-08-25T13:37:28Z",
"last_observed": "2015-08-25T13:37:28Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f98-8d8c-4ab3-a0f6-4886950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f98-8d8c-4ab3-a0f6-4886950d210b",
"value": "https://www.virustotal.com/file/b6f8b8e822b6ec9b94a32c47fef924618bb392b3bbba37b28b5352ce98080c79/analysis/1433916104/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f98-ddd0-4ab8-8c92-4466950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:28.000Z",
"modified": "2015-08-25T13:37:28.000Z",
"description": "Sakula malware - Xchecked via VT: 023ef99bc3c84b8df3f837454c0e1629",
"pattern": "[file:hashes.SHA256 = '98b2fa93b884c2708f8a3eafeb3c203711e64e718d0a91fe456146612db3b987']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f98-da78-4b8d-96a3-4a8f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:28.000Z",
"modified": "2015-08-25T13:37:28.000Z",
"description": "Sakula malware - Xchecked via VT: 023ef99bc3c84b8df3f837454c0e1629",
"pattern": "[file:hashes.SHA1 = 'a6c4a242ef5f5657d4c39ed7de075f0d6bcbaadf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f98-d564-4e66-be8e-4841950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:28.000Z",
"modified": "2015-08-25T13:37:28.000Z",
"first_observed": "2015-08-25T13:37:28Z",
"last_observed": "2015-08-25T13:37:28Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f98-d564-4e66-be8e-4841950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f98-d564-4e66-be8e-4841950d210b",
"value": "https://www.virustotal.com/file/98b2fa93b884c2708f8a3eafeb3c203711e64e718d0a91fe456146612db3b987/analysis/1434001112/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f98-df70-48bb-a65d-486a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:28.000Z",
"modified": "2015-08-25T13:37:28.000Z",
"description": "Sakula malware - Xchecked via VT: 01c45a203526978a7d8d0457594fafbf",
"pattern": "[file:hashes.SHA256 = '4dfe7e9ea948cb5da64b29afff2b56b416552c4c36bd5a04ee39939ae51b961e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f98-5f18-4338-a553-4834950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:28.000Z",
"modified": "2015-08-25T13:37:28.000Z",
"description": "Sakula malware - Xchecked via VT: 01c45a203526978a7d8d0457594fafbf",
"pattern": "[file:hashes.SHA1 = '5c8f735dd82262516adb6f393b56062b7f87b66b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f99-e9cc-492b-ad7f-43d6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:29.000Z",
"modified": "2015-08-25T13:37:29.000Z",
"first_observed": "2015-08-25T13:37:29Z",
"last_observed": "2015-08-25T13:37:29Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f99-e9cc-492b-ad7f-43d6950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f99-e9cc-492b-ad7f-43d6950d210b",
"value": "https://www.virustotal.com/file/4dfe7e9ea948cb5da64b29afff2b56b416552c4c36bd5a04ee39939ae51b961e/analysis/1434001092/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f99-7134-4a19-be14-4a81950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:29.000Z",
"modified": "2015-08-25T13:37:29.000Z",
"description": "Sakula malware - Xchecked via VT: 019a5f531f324d5528ccc09faa617f42",
"pattern": "[file:hashes.SHA256 = 'e345c7232badd34dcd327c6442bb72aa40211bfd6e5f84adc0f06f19a2c53fc2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f99-2a6c-4a55-bb42-43cb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:29.000Z",
"modified": "2015-08-25T13:37:29.000Z",
"description": "Sakula malware - Xchecked via VT: 019a5f531f324d5528ccc09faa617f42",
"pattern": "[file:hashes.SHA1 = 'c3be3a8a181f5b26fe816effe8c90453e3fd6278']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f99-8700-4a99-990a-4f54950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:29.000Z",
"modified": "2015-08-25T13:37:29.000Z",
"first_observed": "2015-08-25T13:37:29Z",
"last_observed": "2015-08-25T13:37:29Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f99-8700-4a99-990a-4f54950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f99-8700-4a99-990a-4f54950d210b",
"value": "https://www.virustotal.com/file/e345c7232badd34dcd327c6442bb72aa40211bfd6e5f84adc0f06f19a2c53fc2/analysis/1433738232/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f99-51f4-4351-9820-4ba7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:29.000Z",
"modified": "2015-08-25T13:37:29.000Z",
"description": "Sakula malware - Xchecked via VT: fedf54586ebd00684e20712ad7eb9189",
"pattern": "[file:hashes.SHA256 = '091516a7bc6ff5114ec212a8a33519886f4b3b6889125119bacd5f4bbf7f8362']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9a-7094-449b-abce-45f2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:30.000Z",
"modified": "2015-08-25T13:37:30.000Z",
"description": "Sakula malware - Xchecked via VT: fedf54586ebd00684e20712ad7eb9189",
"pattern": "[file:hashes.SHA1 = 'da33226bd6f3bb61c7e2b37a731b70ab99367ae2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f9a-1de8-4028-94d9-422d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:30.000Z",
"modified": "2015-08-25T13:37:30.000Z",
"first_observed": "2015-08-25T13:37:30Z",
"last_observed": "2015-08-25T13:37:30Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f9a-1de8-4028-94d9-422d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f9a-1de8-4028-94d9-422d950d210b",
"value": "https://www.virustotal.com/file/091516a7bc6ff5114ec212a8a33519886f4b3b6889125119bacd5f4bbf7f8362/analysis/1434997321/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9a-0554-4cb5-901e-404c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:30.000Z",
"modified": "2015-08-25T13:37:30.000Z",
"description": "Sakula malware - Xchecked via VT: fe74dc43af839146f64ec7bea752c4f0",
"pattern": "[file:hashes.SHA256 = 'fc404ae4e968d35421598be460be1ca7e87128cc247be1905c29c560fb015915']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9a-c208-4787-8167-4ac8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:30.000Z",
"modified": "2015-08-25T13:37:30.000Z",
"description": "Sakula malware - Xchecked via VT: fe74dc43af839146f64ec7bea752c4f0",
"pattern": "[file:hashes.SHA1 = '570e72586b5451afef9a05fede4a9cd8f51cfc9a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f9a-ba80-4e13-b031-4daa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:30.000Z",
"modified": "2015-08-25T13:37:30.000Z",
"first_observed": "2015-08-25T13:37:30Z",
"last_observed": "2015-08-25T13:37:30Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f9a-ba80-4e13-b031-4daa950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f9a-ba80-4e13-b031-4daa950d210b",
"value": "https://www.virustotal.com/file/fc404ae4e968d35421598be460be1ca7e87128cc247be1905c29c560fb015915/analysis/1438240949/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9a-458c-437c-ac70-483e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:30.000Z",
"modified": "2015-08-25T13:37:30.000Z",
"description": "Sakula malware - Xchecked via VT: fc52814e8eb48aca6b87fa43656cbf42",
"pattern": "[file:hashes.SHA256 = 'ce5587c122f99e5233fdc577236a74d43d06e2023624bbf993cea12e51cff835']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9b-0eb4-4fc1-bff7-42e8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:31.000Z",
"modified": "2015-08-25T13:37:31.000Z",
"description": "Sakula malware - Xchecked via VT: fc52814e8eb48aca6b87fa43656cbf42",
"pattern": "[file:hashes.SHA1 = 'fec471871ee0684460d23428bea5b266224311e5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f9b-53c8-4b01-8a5d-4fbd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:31.000Z",
"modified": "2015-08-25T13:37:31.000Z",
"first_observed": "2015-08-25T13:37:31Z",
"last_observed": "2015-08-25T13:37:31Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f9b-53c8-4b01-8a5d-4fbd950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f9b-53c8-4b01-8a5d-4fbd950d210b",
"value": "https://www.virustotal.com/file/ce5587c122f99e5233fdc577236a74d43d06e2023624bbf993cea12e51cff835/analysis/1434997500/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9b-2620-430b-b1f4-42c5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:31.000Z",
"modified": "2015-08-25T13:37:31.000Z",
"description": "Sakula malware - Xchecked via VT: fbd85dad36fe13d46eaca7d7f2d50b0b",
"pattern": "[file:hashes.SHA256 = 'e49c193214ddac4e3754a1818d322ad648614f7258504357335148857d0fdcb0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9b-bc4c-4ab0-98af-4c9f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:31.000Z",
"modified": "2015-08-25T13:37:31.000Z",
"description": "Sakula malware - Xchecked via VT: fbd85dad36fe13d46eaca7d7f2d50b0b",
"pattern": "[file:hashes.SHA1 = 'ebcd3b4728151786661eab9640b6cb83665cf10b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f9b-06f0-454b-a60b-4f44950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:31.000Z",
"modified": "2015-08-25T13:37:31.000Z",
"first_observed": "2015-08-25T13:37:31Z",
"last_observed": "2015-08-25T13:37:31Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f9b-06f0-454b-a60b-4f44950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f9b-06f0-454b-a60b-4f44950d210b",
"value": "https://www.virustotal.com/file/e49c193214ddac4e3754a1818d322ad648614f7258504357335148857d0fdcb0/analysis/1434996487/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9b-3f08-41f3-8fce-4c47950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:31.000Z",
"modified": "2015-08-25T13:37:31.000Z",
"description": "Sakula malware - Xchecked via VT: f60f94d257ad5d781595b6c909844422",
"pattern": "[file:hashes.SHA256 = 'be3fc737d8f4a4dc5d6ddc2b9517c7bf6188c2538fc4e04745f6832e6e34a534']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9c-8e5c-43d4-a7c0-4922950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:32.000Z",
"modified": "2015-08-25T13:37:32.000Z",
"description": "Sakula malware - Xchecked via VT: f60f94d257ad5d781595b6c909844422",
"pattern": "[file:hashes.SHA1 = '1ebaa56967e72aba01f1d96ee28b218f776abbb9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f9c-73b8-4d26-b4f6-4590950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:32.000Z",
"modified": "2015-08-25T13:37:32.000Z",
"first_observed": "2015-08-25T13:37:32Z",
"last_observed": "2015-08-25T13:37:32Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f9c-73b8-4d26-b4f6-4590950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f9c-73b8-4d26-b4f6-4590950d210b",
"value": "https://www.virustotal.com/file/be3fc737d8f4a4dc5d6ddc2b9517c7bf6188c2538fc4e04745f6832e6e34a534/analysis/1434997860/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9c-3bbc-4403-b5ce-424d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:32.000Z",
"modified": "2015-08-25T13:37:32.000Z",
"description": "Sakula malware - Xchecked via VT: f583a1fdb3c8be409e2118795ad916ba",
"pattern": "[file:hashes.SHA256 = 'edd02d9c1ea5a797e884ca249364a133a88921753a8c01ab201b0ab3cc2093d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9c-ded8-4a30-8fca-449c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:32.000Z",
"modified": "2015-08-25T13:37:32.000Z",
"description": "Sakula malware - Xchecked via VT: f583a1fdb3c8be409e2118795ad916ba",
"pattern": "[file:hashes.SHA1 = 'f92214ff9b2970dc79272199051acf89980bdd4f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f9c-cb88-46f7-8e65-4fe8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:32.000Z",
"modified": "2015-08-25T13:37:32.000Z",
"first_observed": "2015-08-25T13:37:32Z",
"last_observed": "2015-08-25T13:37:32Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f9c-cb88-46f7-8e65-4fe8950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f9c-cb88-46f7-8e65-4fe8950d210b",
"value": "https://www.virustotal.com/file/edd02d9c1ea5a797e884ca249364a133a88921753a8c01ab201b0ab3cc2093d0/analysis/1434997986/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9d-1688-4d40-b6f2-4235950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:33.000Z",
"modified": "2015-08-25T13:37:33.000Z",
"description": "Sakula malware - Xchecked via VT: f47afcbc291cbc108112c110de77dbb1",
"pattern": "[file:hashes.SHA256 = '6cb477426d6c59753e07dc1b55d37dc1f033489a61c95a7838ed58a983e4fd87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9d-130c-472e-b85e-4ba3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:33.000Z",
"modified": "2015-08-25T13:37:33.000Z",
"description": "Sakula malware - Xchecked via VT: f47afcbc291cbc108112c110de77dbb1",
"pattern": "[file:hashes.SHA1 = '9baee0aeeac15dd6064cadbb02ef8ac9d342de2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f9d-af88-4fe2-be52-42d9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:33.000Z",
"modified": "2015-08-25T13:37:33.000Z",
"first_observed": "2015-08-25T13:37:33Z",
"last_observed": "2015-08-25T13:37:33Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f9d-af88-4fe2-be52-42d9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f9d-af88-4fe2-be52-42d9950d210b",
"value": "https://www.virustotal.com/file/6cb477426d6c59753e07dc1b55d37dc1f033489a61c95a7838ed58a983e4fd87/analysis/1438874537/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9d-6580-43a9-b1af-4e01950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:33.000Z",
"modified": "2015-08-25T13:37:33.000Z",
"description": "Sakula malware - Xchecked via VT: f2d59757a9795531796df91097d5fa2b",
"pattern": "[file:hashes.SHA256 = '5237b0fdd9522d8e5ea6de336d4cc24daeb5823454f9b5d42d16a4656ef8f114']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9d-278c-433f-b8d8-40e9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:33.000Z",
"modified": "2015-08-25T13:37:33.000Z",
"description": "Sakula malware - Xchecked via VT: f2d59757a9795531796df91097d5fa2b",
"pattern": "[file:hashes.SHA1 = '42c647d83abe1e5438b8176b9e90db08282a8bbb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f9d-0338-4925-b34a-4e09950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:33.000Z",
"modified": "2015-08-25T13:37:33.000Z",
"first_observed": "2015-08-25T13:37:33Z",
"last_observed": "2015-08-25T13:37:33Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f9d-0338-4925-b34a-4e09950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f9d-0338-4925-b34a-4e09950d210b",
"value": "https://www.virustotal.com/file/5237b0fdd9522d8e5ea6de336d4cc24daeb5823454f9b5d42d16a4656ef8f114/analysis/1434998163/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9e-8ce4-4a82-a099-4f4b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:34.000Z",
"modified": "2015-08-25T13:37:34.000Z",
"description": "Sakula malware - Xchecked via VT: f06b0ee07daa7f914dec27f98a6d8850",
"pattern": "[file:hashes.SHA256 = '0077d0dd944fa58b096712a8736906ce84f1bd11c368dcceb51333de51ba7ab4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9e-9c64-461c-b5c0-42a7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:34.000Z",
"modified": "2015-08-25T13:37:34.000Z",
"description": "Sakula malware - Xchecked via VT: f06b0ee07daa7f914dec27f98a6d8850",
"pattern": "[file:hashes.SHA1 = 'abd40af6745f6cfa51210f88beafa6e0d4340b99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f9e-7018-43d0-89d4-408d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:34.000Z",
"modified": "2015-08-25T13:37:34.000Z",
"first_observed": "2015-08-25T13:37:34Z",
"last_observed": "2015-08-25T13:37:34Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f9e-7018-43d0-89d4-408d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f9e-7018-43d0-89d4-408d950d210b",
"value": "https://www.virustotal.com/file/0077d0dd944fa58b096712a8736906ce84f1bd11c368dcceb51333de51ba7ab4/analysis/1434998282/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9e-e988-4cc5-a0b9-47e7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:34.000Z",
"modified": "2015-08-25T13:37:34.000Z",
"description": "Sakula malware - Xchecked via VT: f0082c886bc04fafe4a2615d75c2eaeb",
"pattern": "[file:hashes.SHA256 = '18231b939744a4b2c173e65f35f995e8743190c081b5c42cd11aabe5a12cb011']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9e-3f0c-4b7a-ba45-408e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:34.000Z",
"modified": "2015-08-25T13:37:34.000Z",
"description": "Sakula malware - Xchecked via VT: f0082c886bc04fafe4a2615d75c2eaeb",
"pattern": "[file:hashes.SHA1 = '69bd3bbb03b6e6fd4372fb1ed7d156278f1a58d6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f9e-0450-47fc-8dd7-4306950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:34.000Z",
"modified": "2015-08-25T13:37:34.000Z",
"first_observed": "2015-08-25T13:37:34Z",
"last_observed": "2015-08-25T13:37:34Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f9e-0450-47fc-8dd7-4306950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f9e-0450-47fc-8dd7-4306950d210b",
"value": "https://www.virustotal.com/file/18231b939744a4b2c173e65f35f995e8743190c081b5c42cd11aabe5a12cb011/analysis/1434998344/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9f-bff4-4ea9-b018-47ac950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:35.000Z",
"modified": "2015-08-25T13:37:35.000Z",
"description": "Sakula malware - Xchecked via VT: e9181ef132fec9e560822551a093bb5c",
"pattern": "[file:hashes.SHA256 = '2f290f5f4dd2fb5c2f5cc0642e408a829034d3d5e87381c5f8337fc741cbe5c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9f-b038-4057-8f40-4a6a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:35.000Z",
"modified": "2015-08-25T13:37:35.000Z",
"description": "Sakula malware - Xchecked via VT: e9181ef132fec9e560822551a093bb5c",
"pattern": "[file:hashes.SHA1 = '08878f4244e38a2170ed7f9c11be9aeaf98e6b5a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6f9f-08c0-4a15-85de-45c6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:35.000Z",
"modified": "2015-08-25T13:37:35.000Z",
"first_observed": "2015-08-25T13:37:35Z",
"last_observed": "2015-08-25T13:37:35Z",
"number_observed": 1,
"object_refs": [
"url--55dc6f9f-08c0-4a15-85de-45c6950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6f9f-08c0-4a15-85de-45c6950d210b",
"value": "https://www.virustotal.com/file/2f290f5f4dd2fb5c2f5cc0642e408a829034d3d5e87381c5f8337fc741cbe5c9/analysis/1438874330/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9f-52d4-4d5e-b9a7-4b29950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:35.000Z",
"modified": "2015-08-25T13:37:35.000Z",
"description": "Sakula malware - Xchecked via VT: e9115f553ac156542dcd38042f45ec68",
"pattern": "[file:hashes.SHA256 = '4e9d663bfecd6a9f5172c11bcc54d632615f9b8a24aa2985faade63e4be286f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6f9f-87a4-46ca-b8d6-4989950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:35.000Z",
"modified": "2015-08-25T13:37:35.000Z",
"description": "Sakula malware - Xchecked via VT: e9115f553ac156542dcd38042f45ec68",
"pattern": "[file:hashes.SHA1 = 'a36c2d74acc93140fc028fbba56e47a7bc5aeff4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa0-8624-4c9d-967a-4c28950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:36.000Z",
"modified": "2015-08-25T13:37:36.000Z",
"first_observed": "2015-08-25T13:37:36Z",
"last_observed": "2015-08-25T13:37:36Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa0-8624-4c9d-967a-4c28950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa0-8624-4c9d-967a-4c28950d210b",
"value": "https://www.virustotal.com/file/4e9d663bfecd6a9f5172c11bcc54d632615f9b8a24aa2985faade63e4be286f3/analysis/1434998523/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa0-a9f0-480d-b4fb-474f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:36.000Z",
"modified": "2015-08-25T13:37:36.000Z",
"description": "Sakula malware - Xchecked via VT: e7113c872386edd441e7030d185238ca",
"pattern": "[file:hashes.SHA256 = '003aba4b52954935ad38252a433c343b7037164c5a8bf5a48fe3125f6f3a7f98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa0-cf50-401e-b018-40c1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:36.000Z",
"modified": "2015-08-25T13:37:36.000Z",
"description": "Sakula malware - Xchecked via VT: e7113c872386edd441e7030d185238ca",
"pattern": "[file:hashes.SHA1 = '0c7ea1c90924beed04ba0281a11d7350f79c26f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa0-2c20-4fe6-8487-49fe950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:36.000Z",
"modified": "2015-08-25T13:37:36.000Z",
"first_observed": "2015-08-25T13:37:36Z",
"last_observed": "2015-08-25T13:37:36Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa0-2c20-4fe6-8487-49fe950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa0-2c20-4fe6-8487-49fe950d210b",
"value": "https://www.virustotal.com/file/003aba4b52954935ad38252a433c343b7037164c5a8bf5a48fe3125f6f3a7f98/analysis/1434998584/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa0-e604-4fca-8f9a-4d78950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:36.000Z",
"modified": "2015-08-25T13:37:36.000Z",
"description": "Sakula malware - Xchecked via VT: e66164b4967cf7b3cdb3c1c510abe957",
"pattern": "[file:hashes.SHA256 = 'd9938508cfb01bb61d4b70f0cabd805413bec128a4b198c9ef8ba47e06670790']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa1-53e0-48e2-9ab5-419c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:37.000Z",
"modified": "2015-08-25T13:37:37.000Z",
"description": "Sakula malware - Xchecked via VT: e66164b4967cf7b3cdb3c1c510abe957",
"pattern": "[file:hashes.SHA1 = '25fc4471bed1cfcfd6189bac6acb961a8d72ced5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa1-1858-4943-993d-4c75950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:37.000Z",
"modified": "2015-08-25T13:37:37.000Z",
"first_observed": "2015-08-25T13:37:37Z",
"last_observed": "2015-08-25T13:37:37Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa1-1858-4943-993d-4c75950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa1-1858-4943-993d-4c75950d210b",
"value": "https://www.virustotal.com/file/d9938508cfb01bb61d4b70f0cabd805413bec128a4b198c9ef8ba47e06670790/analysis/1434998642/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa1-be88-4622-a1e8-4ab9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:37.000Z",
"modified": "2015-08-25T13:37:37.000Z",
"description": "Sakula malware - Xchecked via VT: e604176c2638fdf015d6a346803ed6f3",
"pattern": "[file:hashes.SHA256 = '58dd100ce755e3ad38cc3e3bebc6fd39d5815f721e7270baeb4a9543f91bab2e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa1-4bac-4f01-aec4-47be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:37.000Z",
"modified": "2015-08-25T13:37:37.000Z",
"description": "Sakula malware - Xchecked via VT: e604176c2638fdf015d6a346803ed6f3",
"pattern": "[file:hashes.SHA1 = '19bc605787e8e9bb261800ba3f398d0811ce507f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa1-fff8-411d-9ee8-40f8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:37.000Z",
"modified": "2015-08-25T13:37:37.000Z",
"first_observed": "2015-08-25T13:37:37Z",
"last_observed": "2015-08-25T13:37:37Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa1-fff8-411d-9ee8-40f8950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa1-fff8-411d-9ee8-40f8950d210b",
"value": "https://www.virustotal.com/file/58dd100ce755e3ad38cc3e3bebc6fd39d5815f721e7270baeb4a9543f91bab2e/analysis/1434998703/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa1-ed40-4f85-a1b2-4f30950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:37.000Z",
"modified": "2015-08-25T13:37:37.000Z",
"description": "Sakula malware - Xchecked via VT: e595292b1cdaea69ef365097a36195ad",
"pattern": "[file:hashes.SHA256 = '131aa09fadcaae1558b37ef309f0932ea79d57492fc4fcfb84b63da76a8dd765']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa2-af98-47a6-93ba-49bf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:38.000Z",
"modified": "2015-08-25T13:37:38.000Z",
"description": "Sakula malware - Xchecked via VT: e595292b1cdaea69ef365097a36195ad",
"pattern": "[file:hashes.SHA1 = '096354e09aae70ffb278971d030a1733bb5f7ec3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa2-ab70-48e6-992a-4df2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:38.000Z",
"modified": "2015-08-25T13:37:38.000Z",
"first_observed": "2015-08-25T13:37:38Z",
"last_observed": "2015-08-25T13:37:38Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa2-ab70-48e6-992a-4df2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa2-ab70-48e6-992a-4df2950d210b",
"value": "https://www.virustotal.com/file/131aa09fadcaae1558b37ef309f0932ea79d57492fc4fcfb84b63da76a8dd765/analysis/1434998762/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa2-e110-419c-8a06-40ba950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:38.000Z",
"modified": "2015-08-25T13:37:38.000Z",
"description": "Sakula malware - Xchecked via VT: e2c32ed6b9cd40cb87569b769db669b7",
"pattern": "[file:hashes.SHA256 = '39ac166727b319b4ada8fb58c8aeee92816c76f1376824988fbae724b9688719']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa2-5814-48b3-a96e-4a19950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:38.000Z",
"modified": "2015-08-25T13:37:38.000Z",
"description": "Sakula malware - Xchecked via VT: e2c32ed6b9cd40cb87569b769db669b7",
"pattern": "[file:hashes.SHA1 = 'bd6d4ebd768f6e28d8806eb78cdda5996fa3bb9e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa2-5438-4305-93bb-4c2c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:38.000Z",
"modified": "2015-08-25T13:37:38.000Z",
"first_observed": "2015-08-25T13:37:38Z",
"last_observed": "2015-08-25T13:37:38Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa2-5438-4305-93bb-4c2c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa2-5438-4305-93bb-4c2c950d210b",
"value": "https://www.virustotal.com/file/39ac166727b319b4ada8fb58c8aeee92816c76f1376824988fbae724b9688719/analysis/1434994444/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa3-3480-4a8f-afa0-4dda950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:39.000Z",
"modified": "2015-08-25T13:37:39.000Z",
"description": "Sakula malware - Xchecked via VT: df689186b50384026382d5179841abec",
"pattern": "[file:hashes.SHA256 = 'cf474ccbc9d96a8d58684cc9a83677447e1a7d19fb27e6dffe584410c2e152e5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa3-7f14-46f2-8c6a-4fa2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:39.000Z",
"modified": "2015-08-25T13:37:39.000Z",
"description": "Sakula malware - Xchecked via VT: df689186b50384026382d5179841abec",
"pattern": "[file:hashes.SHA1 = 'd1df0fdb296ffd4c4e40ad2220fd8bce9801bb94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa3-ddbc-42a2-a801-4034950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:39.000Z",
"modified": "2015-08-25T13:37:39.000Z",
"first_observed": "2015-08-25T13:37:39Z",
"last_observed": "2015-08-25T13:37:39Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa3-ddbc-42a2-a801-4034950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa3-ddbc-42a2-a801-4034950d210b",
"value": "https://www.virustotal.com/file/cf474ccbc9d96a8d58684cc9a83677447e1a7d19fb27e6dffe584410c2e152e5/analysis/1434999127/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa3-84d4-49bd-a5f4-4943950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:39.000Z",
"modified": "2015-08-25T13:37:39.000Z",
"description": "Sakula malware - Xchecked via VT: dda9f3b2d5e70e70be1be7e4195b7016",
"pattern": "[file:hashes.SHA256 = '4e25e991c3b1668b3136e70487f17b5a2e0493c1267034e57c112f9a984c2ff1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa3-35b0-4a9c-a48b-4d4a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:39.000Z",
"modified": "2015-08-25T13:37:39.000Z",
"description": "Sakula malware - Xchecked via VT: dda9f3b2d5e70e70be1be7e4195b7016",
"pattern": "[file:hashes.SHA1 = '46baf9e1a44ce3980b4dc46b86baf35f07f9863a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa3-c54c-4d18-aba0-4ccc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:39.000Z",
"modified": "2015-08-25T13:37:39.000Z",
"first_observed": "2015-08-25T13:37:39Z",
"last_observed": "2015-08-25T13:37:39Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa3-c54c-4d18-aba0-4ccc950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa3-c54c-4d18-aba0-4ccc950d210b",
"value": "https://www.virustotal.com/file/4e25e991c3b1668b3136e70487f17b5a2e0493c1267034e57c112f9a984c2ff1/analysis/1434999247/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa4-7ba8-4653-b209-429c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:40.000Z",
"modified": "2015-08-25T13:37:40.000Z",
"description": "Sakula malware - Xchecked via VT: d8b496c4837b80952c52e1375c31648c",
"pattern": "[file:hashes.SHA256 = '0fca531b973d003206576bb2f2d8feaf5fc3c5222ace982349ae5750090a86d6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa4-7a08-4f15-ad84-494f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:40.000Z",
"modified": "2015-08-25T13:37:40.000Z",
"description": "Sakula malware - Xchecked via VT: d8b496c4837b80952c52e1375c31648c",
"pattern": "[file:hashes.SHA1 = '47d70b403249914e752a3e88a188f50da34b3991']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa4-b9b4-4031-9113-4e92950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:40.000Z",
"modified": "2015-08-25T13:37:40.000Z",
"first_observed": "2015-08-25T13:37:40Z",
"last_observed": "2015-08-25T13:37:40Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa4-b9b4-4031-9113-4e92950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa4-b9b4-4031-9113-4e92950d210b",
"value": "https://www.virustotal.com/file/0fca531b973d003206576bb2f2d8feaf5fc3c5222ace982349ae5750090a86d6/analysis/1434999363/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa4-749c-4934-a7dd-4d58950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:40.000Z",
"modified": "2015-08-25T13:37:40.000Z",
"description": "Sakula malware - Xchecked via VT: d87ce47e24ee426d8ac271873b041d50",
"pattern": "[file:hashes.SHA256 = 'e29b499d21b778984850bcb88952a17ad5865631b27016bb5799cfba93db0840']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa4-2cf8-48df-91a5-4998950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:40.000Z",
"modified": "2015-08-25T13:37:40.000Z",
"description": "Sakula malware - Xchecked via VT: d87ce47e24ee426d8ac271873b041d50",
"pattern": "[file:hashes.SHA1 = '39d88a9326a64b8e4393ed3015a38c4f09cf2850']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa4-fbb0-4881-a45e-4838950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:40.000Z",
"modified": "2015-08-25T13:37:40.000Z",
"first_observed": "2015-08-25T13:37:40Z",
"last_observed": "2015-08-25T13:37:40Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa4-fbb0-4881-a45e-4838950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa4-fbb0-4881-a45e-4838950d210b",
"value": "https://www.virustotal.com/file/e29b499d21b778984850bcb88952a17ad5865631b27016bb5799cfba93db0840/analysis/1434999382/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa5-6094-43b1-8fcb-436a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:41.000Z",
"modified": "2015-08-25T13:37:41.000Z",
"description": "Sakula malware - Xchecked via VT: d86a4148bd34d78b808fdee7f936f1af",
"pattern": "[file:hashes.SHA256 = '88d61c3ab916f51a079fd2ce264b020ca86add16be080cc751923781f40a9590']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa5-0198-4252-8a40-4aab950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:41.000Z",
"modified": "2015-08-25T13:37:41.000Z",
"description": "Sakula malware - Xchecked via VT: d86a4148bd34d78b808fdee7f936f1af",
"pattern": "[file:hashes.SHA1 = '3beddd1729f6975e100fe6f462f56026bd549f81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa5-c1a0-4011-9c70-49f5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:41.000Z",
"modified": "2015-08-25T13:37:41.000Z",
"first_observed": "2015-08-25T13:37:41Z",
"last_observed": "2015-08-25T13:37:41Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa5-c1a0-4011-9c70-49f5950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa5-c1a0-4011-9c70-49f5950d210b",
"value": "https://www.virustotal.com/file/88d61c3ab916f51a079fd2ce264b020ca86add16be080cc751923781f40a9590/analysis/1438874015/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa5-c6b0-4ead-ad49-4d5a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:41.000Z",
"modified": "2015-08-25T13:37:41.000Z",
"description": "Sakula malware - Xchecked via VT: d690ba5dbb873c469cfdaf44fe2bd67f",
"pattern": "[file:hashes.SHA256 = '9aa9d6a91f0d1f08cec0ded7b94c3edc5ad2cec1455190759c804876a6831872']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa5-f29c-46c0-82e4-4c4f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:41.000Z",
"modified": "2015-08-25T13:37:41.000Z",
"description": "Sakula malware - Xchecked via VT: d690ba5dbb873c469cfdaf44fe2bd67f",
"pattern": "[file:hashes.SHA1 = '06873436a691b1b26d283f6b80e917b4ec25579c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa5-bea8-4a7a-beb0-4981950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:41.000Z",
"modified": "2015-08-25T13:37:41.000Z",
"first_observed": "2015-08-25T13:37:41Z",
"last_observed": "2015-08-25T13:37:41Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa5-bea8-4a7a-beb0-4981950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa5-bea8-4a7a-beb0-4981950d210b",
"value": "https://www.virustotal.com/file/9aa9d6a91f0d1f08cec0ded7b94c3edc5ad2cec1455190759c804876a6831872/analysis/1438873983/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa6-3b70-4ca1-bf78-4b63950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:42.000Z",
"modified": "2015-08-25T13:37:42.000Z",
"description": "Sakula malware - Xchecked via VT: d00b3169f45e74bb22a1cd684341b14a",
"pattern": "[file:hashes.SHA256 = '83f40e70ea3ba0e614d08f1070dafe75092660003b8a1f8b563d4f5b012f4bae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa6-2014-421f-b332-478b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:42.000Z",
"modified": "2015-08-25T13:37:42.000Z",
"description": "Sakula malware - Xchecked via VT: d00b3169f45e74bb22a1cd684341b14a",
"pattern": "[file:hashes.SHA1 = '2d8e43f9f8ef6cdf0cafb170a65cb27d37fb166d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa6-e044-4163-9b45-4339950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:42.000Z",
"modified": "2015-08-25T13:37:42.000Z",
"first_observed": "2015-08-25T13:37:42Z",
"last_observed": "2015-08-25T13:37:42Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa6-e044-4163-9b45-4339950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa6-e044-4163-9b45-4339950d210b",
"value": "https://www.virustotal.com/file/83f40e70ea3ba0e614d08f1070dafe75092660003b8a1f8b563d4f5b012f4bae/analysis/1440077282/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa6-dfb0-454b-acae-4380950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:42.000Z",
"modified": "2015-08-25T13:37:42.000Z",
"description": "Sakula malware - Xchecked via VT: ce09e671c124f1111fe5f2bde1267a63",
"pattern": "[file:hashes.SHA256 = '3de5b841c54bc5faba9f2860a5f00bf3097e1e436eb9c373b2917f7922069194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa6-1004-46c5-b701-485c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:42.000Z",
"modified": "2015-08-25T13:37:42.000Z",
"description": "Sakula malware - Xchecked via VT: ce09e671c124f1111fe5f2bde1267a63",
"pattern": "[file:hashes.SHA1 = '7f86ce91cc8db6b39a9b030da5a2a0ecea23d461']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa7-dddc-4d84-85f4-4983950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:43.000Z",
"modified": "2015-08-25T13:37:43.000Z",
"first_observed": "2015-08-25T13:37:43Z",
"last_observed": "2015-08-25T13:37:43Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa7-dddc-4d84-85f4-4983950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa7-dddc-4d84-85f4-4983950d210b",
"value": "https://www.virustotal.com/file/3de5b841c54bc5faba9f2860a5f00bf3097e1e436eb9c373b2917f7922069194/analysis/1438873813/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa7-02d4-42cb-888b-4db7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:43.000Z",
"modified": "2015-08-25T13:37:43.000Z",
"description": "Sakula malware - Xchecked via VT: cc15a9109b41297f65a7349920f42c09",
"pattern": "[file:hashes.SHA256 = '1ccf1003e38360c6ff733f7c032840554c96361b0739d33faa2041d58fc24f5d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa7-671c-4be0-a83d-41e5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:43.000Z",
"modified": "2015-08-25T13:37:43.000Z",
"description": "Sakula malware - Xchecked via VT: cc15a9109b41297f65a7349920f42c09",
"pattern": "[file:hashes.SHA1 = '068e3310cb7c2864047de7a8fc273b6363f15133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa7-29ec-4aec-9d49-444f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:43.000Z",
"modified": "2015-08-25T13:37:43.000Z",
"first_observed": "2015-08-25T13:37:43Z",
"last_observed": "2015-08-25T13:37:43Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa7-29ec-4aec-9d49-444f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa7-29ec-4aec-9d49-444f950d210b",
"value": "https://www.virustotal.com/file/1ccf1003e38360c6ff733f7c032840554c96361b0739d33faa2041d58fc24f5d/analysis/1434999746/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa7-c0c0-43d2-936e-4fca950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:43.000Z",
"modified": "2015-08-25T13:37:43.000Z",
"description": "Sakula malware - Xchecked via VT: cb56b1fc08451d1f56481a29bd1047e9",
"pattern": "[file:hashes.SHA256 = '3e2805c14a8ec785a36022218a37a235abe4548baf1bde50aa05dc5692f01ed1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa7-3374-4e1d-a209-4ed3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:43.000Z",
"modified": "2015-08-25T13:37:43.000Z",
"description": "Sakula malware - Xchecked via VT: cb56b1fc08451d1f56481a29bd1047e9",
"pattern": "[file:hashes.SHA1 = 'c01fbb52a7a188c4f7441a808b153a34ec753a2d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa8-d214-4932-afe2-4543950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:44.000Z",
"modified": "2015-08-25T13:37:44.000Z",
"first_observed": "2015-08-25T13:37:44Z",
"last_observed": "2015-08-25T13:37:44Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa8-d214-4932-afe2-4543950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa8-d214-4932-afe2-4543950d210b",
"value": "https://www.virustotal.com/file/3e2805c14a8ec785a36022218a37a235abe4548baf1bde50aa05dc5692f01ed1/analysis/1437124514/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa8-c210-477e-97ff-4926950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:44.000Z",
"modified": "2015-08-25T13:37:44.000Z",
"description": "Sakula malware - Xchecked via VT: ca9e06c0679586d2ff3ff7e3416c8b87",
"pattern": "[file:hashes.SHA256 = 'f414bcb7159a22279f893a257b52e387e4b14250dd9d0ecd871d9fa686cd26cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa8-7354-4e6b-988d-4e1b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:44.000Z",
"modified": "2015-08-25T13:37:44.000Z",
"description": "Sakula malware - Xchecked via VT: ca9e06c0679586d2ff3ff7e3416c8b87",
"pattern": "[file:hashes.SHA1 = '23d450989ce21cb94c0f9e552edd5eeb50b20fb3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa8-3528-459b-9ac9-4df0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:44.000Z",
"modified": "2015-08-25T13:37:44.000Z",
"first_observed": "2015-08-25T13:37:44Z",
"last_observed": "2015-08-25T13:37:44Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa8-3528-459b-9ac9-4df0950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa8-3528-459b-9ac9-4df0950d210b",
"value": "https://www.virustotal.com/file/f414bcb7159a22279f893a257b52e387e4b14250dd9d0ecd871d9fa686cd26cd/analysis/1438178837/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa8-5cc0-47d3-ad6f-498d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:44.000Z",
"modified": "2015-08-25T13:37:44.000Z",
"description": "Sakula malware - Xchecked via VT: c8fa5701a43cd817b30327e44dc70369",
"pattern": "[file:hashes.SHA256 = '21fa67726b0631768ead94c5b74f454f9c88cea706c761cab5e3a90426e76ca4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa9-5268-4d85-86b8-4425950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:45.000Z",
"modified": "2015-08-25T13:37:45.000Z",
"description": "Sakula malware - Xchecked via VT: c8fa5701a43cd817b30327e44dc70369",
"pattern": "[file:hashes.SHA1 = '3338c52d5b3ff37bf7af89c5d3132572aef79257']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa9-49ec-4c18-8bef-478b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:45.000Z",
"modified": "2015-08-25T13:37:45.000Z",
"first_observed": "2015-08-25T13:37:45Z",
"last_observed": "2015-08-25T13:37:45Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa9-49ec-4c18-8bef-478b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa9-49ec-4c18-8bef-478b950d210b",
"value": "https://www.virustotal.com/file/21fa67726b0631768ead94c5b74f454f9c88cea706c761cab5e3a90426e76ca4/analysis/1434999782/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa9-ce74-4b2f-83d8-4f3f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:45.000Z",
"modified": "2015-08-25T13:37:45.000Z",
"description": "Sakula malware - Xchecked via VT: c83500ea6e0c9844ad2e21badb64bb23",
"pattern": "[file:hashes.SHA256 = 'b50a097635485f45af58fd01c6ca6787207dcf52dd37d78369313c42db82c5e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa9-fd28-4a42-af2a-4d90950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:45.000Z",
"modified": "2015-08-25T13:37:45.000Z",
"description": "Sakula malware - Xchecked via VT: c83500ea6e0c9844ad2e21badb64bb23",
"pattern": "[file:hashes.SHA1 = '67ebfd7e4e1ba3c6bb4663ba7321aba68d2a8341']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fa9-0608-43a9-a28d-4bc5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:45.000Z",
"modified": "2015-08-25T13:37:45.000Z",
"first_observed": "2015-08-25T13:37:45Z",
"last_observed": "2015-08-25T13:37:45Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fa9-0608-43a9-a28d-4bc5950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fa9-0608-43a9-a28d-4bc5950d210b",
"value": "https://www.virustotal.com/file/b50a097635485f45af58fd01c6ca6787207dcf52dd37d78369313c42db82c5e0/analysis/1434999800/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fa9-5608-444d-b8d1-4a94950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:45.000Z",
"modified": "2015-08-25T13:37:45.000Z",
"description": "Sakula malware - Xchecked via VT: c823946a7490b8fc5ee29be583f39d23",
"pattern": "[file:hashes.SHA256 = '9959765a0f7c30e686285a925d50d761343d4ac2b83222b1e879400c5e02d231']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6faa-db4c-4780-af96-4e4c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:46.000Z",
"modified": "2015-08-25T13:37:46.000Z",
"description": "Sakula malware - Xchecked via VT: c823946a7490b8fc5ee29be583f39d23",
"pattern": "[file:hashes.SHA1 = '68ec86bddb3114779b0162e84495cba7ec0a4568']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6faa-d058-42ee-a92c-491b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:46.000Z",
"modified": "2015-08-25T13:37:46.000Z",
"first_observed": "2015-08-25T13:37:46Z",
"last_observed": "2015-08-25T13:37:46Z",
"number_observed": 1,
"object_refs": [
"url--55dc6faa-d058-42ee-a92c-491b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6faa-d058-42ee-a92c-491b950d210b",
"value": "https://www.virustotal.com/file/9959765a0f7c30e686285a925d50d761343d4ac2b83222b1e879400c5e02d231/analysis/1434999845/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6faa-152c-4f7a-8754-40b8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:46.000Z",
"modified": "2015-08-25T13:37:46.000Z",
"description": "Sakula malware - Xchecked via VT: c72fb5b8de6ee95ff509b161fe9828f3",
"pattern": "[file:hashes.SHA256 = '0e6f03757cf7b1666c0990e4d1eb283d2d01b6c29bea0cd2c1a2ab023bcc1ec7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6faa-a900-449e-94e8-416a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:46.000Z",
"modified": "2015-08-25T13:37:46.000Z",
"description": "Sakula malware - Xchecked via VT: c72fb5b8de6ee95ff509b161fe9828f3",
"pattern": "[file:hashes.SHA1 = '6d9221e8cdd0e7e2d1453ffe49cfa8ae5de0636e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6faa-f2a0-4a7d-9f47-480c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:46.000Z",
"modified": "2015-08-25T13:37:46.000Z",
"first_observed": "2015-08-25T13:37:46Z",
"last_observed": "2015-08-25T13:37:46Z",
"number_observed": 1,
"object_refs": [
"url--55dc6faa-f2a0-4a7d-9f47-480c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6faa-f2a0-4a7d-9f47-480c950d210b",
"value": "https://www.virustotal.com/file/0e6f03757cf7b1666c0990e4d1eb283d2d01b6c29bea0cd2c1a2ab023bcc1ec7/analysis/1434999864/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6faa-bcb0-4ae5-9818-4425950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:46.000Z",
"modified": "2015-08-25T13:37:46.000Z",
"description": "Sakula malware - Xchecked via VT: c5e90ead14dc49449fa37a2869a45842",
"pattern": "[file:hashes.SHA256 = '9f63ea53a1700def90ec8c2688b9bc59e25020242d3650906d43d3d48de5e4a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fab-df7c-4c4c-9b59-4a0d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:47.000Z",
"modified": "2015-08-25T13:37:47.000Z",
"description": "Sakula malware - Xchecked via VT: c5e90ead14dc49449fa37a2869a45842",
"pattern": "[file:hashes.SHA1 = 'f7a322cc17b28322b0d21bb6f5c43ab172401d0f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fab-409c-4a2e-9400-4e3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:47.000Z",
"modified": "2015-08-25T13:37:47.000Z",
"first_observed": "2015-08-25T13:37:47Z",
"last_observed": "2015-08-25T13:37:47Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fab-409c-4a2e-9400-4e3d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fab-409c-4a2e-9400-4e3d950d210b",
"value": "https://www.virustotal.com/file/9f63ea53a1700def90ec8c2688b9bc59e25020242d3650906d43d3d48de5e4a8/analysis/1434995522/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fab-69e8-4bb7-8531-4a6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:47.000Z",
"modified": "2015-08-25T13:37:47.000Z",
"description": "Sakula malware - Xchecked via VT: c4f541ab592c8fca4d66235eb2b8eeb2",
"pattern": "[file:hashes.SHA256 = '6107a0a130081604da67dd86bd2ceff57fb5508c2dfba60a5cf2bc2cbba05407']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fab-3870-48af-bc38-4c5c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:47.000Z",
"modified": "2015-08-25T13:37:47.000Z",
"description": "Sakula malware - Xchecked via VT: c4f541ab592c8fca4d66235eb2b8eeb2",
"pattern": "[file:hashes.SHA1 = 'dcb638c4bf948cd37e938e7140052405b8f44bc7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fab-ef2c-4e90-88b8-4c05950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:47.000Z",
"modified": "2015-08-25T13:37:47.000Z",
"first_observed": "2015-08-25T13:37:47Z",
"last_observed": "2015-08-25T13:37:47Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fab-ef2c-4e90-88b8-4c05950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fab-ef2c-4e90-88b8-4c05950d210b",
"value": "https://www.virustotal.com/file/6107a0a130081604da67dd86bd2ceff57fb5508c2dfba60a5cf2bc2cbba05407/analysis/1435000028/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fac-557c-4cad-8a97-4f24950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:48.000Z",
"modified": "2015-08-25T13:37:48.000Z",
"description": "Sakula malware - Xchecked via VT: c43d74b85001f622aad61e9da5744b52",
"pattern": "[file:hashes.SHA256 = '6b21caf48a74352f3076fa33cd8c6933ef4e4c06dd8af8fb93b961b25c809622']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fac-5ea8-4e94-b2a7-4a48950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:48.000Z",
"modified": "2015-08-25T13:37:48.000Z",
"description": "Sakula malware - Xchecked via VT: c43d74b85001f622aad61e9da5744b52",
"pattern": "[file:hashes.SHA1 = 'd157c34e1fd683daa29045b4e53be9c87fae0a22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fac-18a8-4ce9-ab56-4da7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:48.000Z",
"modified": "2015-08-25T13:37:48.000Z",
"first_observed": "2015-08-25T13:37:48Z",
"last_observed": "2015-08-25T13:37:48Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fac-18a8-4ce9-ab56-4da7950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fac-18a8-4ce9-ab56-4da7950d210b",
"value": "https://www.virustotal.com/file/6b21caf48a74352f3076fa33cd8c6933ef4e4c06dd8af8fb93b961b25c809622/analysis/1435000047/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fac-21d0-4972-b8bc-4a81950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:48.000Z",
"modified": "2015-08-25T13:37:48.000Z",
"description": "Sakula malware - Xchecked via VT: c35300af4a2b23c1a7d6435c6d4cb987",
"pattern": "[file:hashes.SHA256 = 'f3cd032e59f7ac6eb2fce303121ffdd98b50b6460a3b005030584a61dbb73b75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fac-3a18-43d5-bd5c-49b1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:48.000Z",
"modified": "2015-08-25T13:37:48.000Z",
"description": "Sakula malware - Xchecked via VT: c35300af4a2b23c1a7d6435c6d4cb987",
"pattern": "[file:hashes.SHA1 = 'cd6ad67d8e04945beb8c7bbf734158495c54ee29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fac-66a0-48a9-b56f-4878950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:48.000Z",
"modified": "2015-08-25T13:37:48.000Z",
"first_observed": "2015-08-25T13:37:48Z",
"last_observed": "2015-08-25T13:37:48Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fac-66a0-48a9-b56f-4878950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fac-66a0-48a9-b56f-4878950d210b",
"value": "https://www.virustotal.com/file/f3cd032e59f7ac6eb2fce303121ffdd98b50b6460a3b005030584a61dbb73b75/analysis/1435000082/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fad-112c-4e1b-9ec3-4411950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:49.000Z",
"modified": "2015-08-25T13:37:49.000Z",
"description": "Sakula malware - Xchecked via VT: c2b7bf8a30ac6672d9eb81582bd32a4a",
"pattern": "[file:hashes.SHA256 = 'b1f9bb89b6b79a0c90e1bc27bd6b7efde3f7c3b5f306ed2f2a3f2a5d21742044']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fad-d5c4-4de4-8dc4-4d2a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:49.000Z",
"modified": "2015-08-25T13:37:49.000Z",
"description": "Sakula malware - Xchecked via VT: c2b7bf8a30ac6672d9eb81582bd32a4a",
"pattern": "[file:hashes.SHA1 = '46fc6d28b974375c46eb2029797219590a30e9a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fad-e1c4-4dd8-8ac4-4821950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:49.000Z",
"modified": "2015-08-25T13:37:49.000Z",
"first_observed": "2015-08-25T13:37:49Z",
"last_observed": "2015-08-25T13:37:49Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fad-e1c4-4dd8-8ac4-4821950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fad-e1c4-4dd8-8ac4-4821950d210b",
"value": "https://www.virustotal.com/file/b1f9bb89b6b79a0c90e1bc27bd6b7efde3f7c3b5f306ed2f2a3f2a5d21742044/analysis/1434994386/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fad-1258-416d-9186-4694950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:49.000Z",
"modified": "2015-08-25T13:37:49.000Z",
"description": "Sakula malware - Xchecked via VT: c1f09f902a24b5132be481d477b92e5e",
"pattern": "[file:hashes.SHA256 = '6d8fbcc7dff6cfbb48b6b6dda03b59089f58ac89b7702b78c51dc98c6f7918b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fad-241c-430f-af82-4908950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:49.000Z",
"modified": "2015-08-25T13:37:49.000Z",
"description": "Sakula malware - Xchecked via VT: c1f09f902a24b5132be481d477b92e5e",
"pattern": "[file:hashes.SHA1 = 'b477b001cebecfb015593f13f1c310266b4e408b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fae-8024-438c-ad41-47d0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:50.000Z",
"modified": "2015-08-25T13:37:50.000Z",
"first_observed": "2015-08-25T13:37:50Z",
"last_observed": "2015-08-25T13:37:50Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fae-8024-438c-ad41-47d0950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fae-8024-438c-ad41-47d0950d210b",
"value": "https://www.virustotal.com/file/6d8fbcc7dff6cfbb48b6b6dda03b59089f58ac89b7702b78c51dc98c6f7918b9/analysis/1435000140/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fae-79f8-4fdf-991a-4839950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:50.000Z",
"modified": "2015-08-25T13:37:50.000Z",
"description": "Sakula malware - Xchecked via VT: c0e37ffac09a426c5a74167d0e714177",
"pattern": "[file:hashes.SHA256 = '6fe016d1e2e5ca4e63dfb56b1813e3684783ec96887403704f825cd3cfd82661']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fae-b53c-4170-b328-400e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:50.000Z",
"modified": "2015-08-25T13:37:50.000Z",
"description": "Sakula malware - Xchecked via VT: c0e37ffac09a426c5a74167d0e714177",
"pattern": "[file:hashes.SHA1 = 'b22503526b133fc797d064802532c70915387605']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fae-770c-4445-bbd4-4721950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:50.000Z",
"modified": "2015-08-25T13:37:50.000Z",
"first_observed": "2015-08-25T13:37:50Z",
"last_observed": "2015-08-25T13:37:50Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fae-770c-4445-bbd4-4721950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fae-770c-4445-bbd4-4721950d210b",
"value": "https://www.virustotal.com/file/6fe016d1e2e5ca4e63dfb56b1813e3684783ec96887403704f825cd3cfd82661/analysis/1435000159/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fae-c7c0-493e-a018-4ecf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:50.000Z",
"modified": "2015-08-25T13:37:50.000Z",
"description": "Sakula malware - Xchecked via VT: beb174ca92c75c8ef4dc4ee24afeabeb",
"pattern": "[file:hashes.SHA256 = '5727afcc25b8f7eb90073c583f60ef71589e7d0ba3cbe76b27c6e4539c2b3f68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fae-d708-4d4f-8b68-4fed950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:50.000Z",
"modified": "2015-08-25T13:37:50.000Z",
"description": "Sakula malware - Xchecked via VT: beb174ca92c75c8ef4dc4ee24afeabeb",
"pattern": "[file:hashes.SHA1 = '68d6cc7459d04539e49d3d2735434430982813ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6faf-1f50-4596-9d63-4d42950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:51.000Z",
"modified": "2015-08-25T13:37:51.000Z",
"first_observed": "2015-08-25T13:37:51Z",
"last_observed": "2015-08-25T13:37:51Z",
"number_observed": 1,
"object_refs": [
"url--55dc6faf-1f50-4596-9d63-4d42950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6faf-1f50-4596-9d63-4d42950d210b",
"value": "https://www.virustotal.com/file/5727afcc25b8f7eb90073c583f60ef71589e7d0ba3cbe76b27c6e4539c2b3f68/analysis/1434996543/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6faf-45c4-4197-8ef4-41d5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:51.000Z",
"modified": "2015-08-25T13:37:51.000Z",
"description": "Sakula malware - Xchecked via VT: bccaa2ea0cf2c8ef597c84726c5417d0",
"pattern": "[file:hashes.SHA256 = 'b6b6ce2d06e152f2ec2aae261172ee5f88c934d0fd2bdd34cfea0b9ab49263c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6faf-2484-48db-ae9a-4751950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:51.000Z",
"modified": "2015-08-25T13:37:51.000Z",
"description": "Sakula malware - Xchecked via VT: bccaa2ea0cf2c8ef597c84726c5417d0",
"pattern": "[file:hashes.SHA1 = 'cb9cfd03dfb43e2859a4aa7e9a44533601a6d2df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6faf-9748-48e6-b0d3-45f7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:51.000Z",
"modified": "2015-08-25T13:37:51.000Z",
"first_observed": "2015-08-25T13:37:51Z",
"last_observed": "2015-08-25T13:37:51Z",
"number_observed": 1,
"object_refs": [
"url--55dc6faf-9748-48e6-b0d3-45f7950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6faf-9748-48e6-b0d3-45f7950d210b",
"value": "https://www.virustotal.com/file/b6b6ce2d06e152f2ec2aae261172ee5f88c934d0fd2bdd34cfea0b9ab49263c2/analysis/1435000281/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6faf-bab0-4506-87c4-4e36950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:51.000Z",
"modified": "2015-08-25T13:37:51.000Z",
"description": "Sakula malware - Xchecked via VT: bc74a557e91597d8b37ed357c367643e",
"pattern": "[file:hashes.SHA256 = '29fce7d6b08acaf601c149c254fa3184556ff544bb20c90b9664ebdf85cc3a6d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6faf-ae50-4c4d-840f-452c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:51.000Z",
"modified": "2015-08-25T13:37:51.000Z",
"description": "Sakula malware - Xchecked via VT: bc74a557e91597d8b37ed357c367643e",
"pattern": "[file:hashes.SHA1 = '0f7ccd39a0c4c5846da1dc5330c918316c917da8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb0-b0dc-485d-80f6-4742950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:52.000Z",
"modified": "2015-08-25T13:37:52.000Z",
"first_observed": "2015-08-25T13:37:52Z",
"last_observed": "2015-08-25T13:37:52Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb0-b0dc-485d-80f6-4742950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb0-b0dc-485d-80f6-4742950d210b",
"value": "https://www.virustotal.com/file/29fce7d6b08acaf601c149c254fa3184556ff544bb20c90b9664ebdf85cc3a6d/analysis/1434993845/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb0-2760-4a35-bc8f-452f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:52.000Z",
"modified": "2015-08-25T13:37:52.000Z",
"description": "Sakula malware - Xchecked via VT: bb4bb0d7a794f31129cdb55025ea847b",
"pattern": "[file:hashes.SHA256 = '702144919d6f5cc223e5b0f8ae6266c8424d1b4440d46250b081f9430e4bbdf7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb0-8d9c-48ea-8e1c-4005950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:52.000Z",
"modified": "2015-08-25T13:37:52.000Z",
"description": "Sakula malware - Xchecked via VT: bb4bb0d7a794f31129cdb55025ea847b",
"pattern": "[file:hashes.SHA1 = 'ad07710fa41dd37ea3b1031e1b08fe6f1c5e02cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb0-9ed4-4d0e-8175-4d05950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:52.000Z",
"modified": "2015-08-25T13:37:52.000Z",
"first_observed": "2015-08-25T13:37:52Z",
"last_observed": "2015-08-25T13:37:52Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb0-9ed4-4d0e-8175-4d05950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb0-9ed4-4d0e-8175-4d05950d210b",
"value": "https://www.virustotal.com/file/702144919d6f5cc223e5b0f8ae6266c8424d1b4440d46250b081f9430e4bbdf7/analysis/1435000326/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb0-ff8c-4c58-bab3-47bd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:52.000Z",
"modified": "2015-08-25T13:37:52.000Z",
"description": "Sakula malware - Xchecked via VT: b83fed01e49300d45afadc61a5e5cf50",
"pattern": "[file:hashes.SHA256 = '83734ff8433488862cf28d88afdae695a660738232b5f838ed6c45ca003f3b69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb1-f128-4c23-8936-4e7d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:53.000Z",
"modified": "2015-08-25T13:37:53.000Z",
"description": "Sakula malware - Xchecked via VT: b83fed01e49300d45afadc61a5e5cf50",
"pattern": "[file:hashes.SHA1 = '36904a4c7aac6369542d205afc61566786f2e7e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb1-f364-4502-b00c-43a8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:53.000Z",
"modified": "2015-08-25T13:37:53.000Z",
"first_observed": "2015-08-25T13:37:53Z",
"last_observed": "2015-08-25T13:37:53Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb1-f364-4502-b00c-43a8950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb1-f364-4502-b00c-43a8950d210b",
"value": "https://www.virustotal.com/file/83734ff8433488862cf28d88afdae695a660738232b5f838ed6c45ca003f3b69/analysis/1435000380/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb1-0134-4c1a-914a-43ac950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:53.000Z",
"modified": "2015-08-25T13:37:53.000Z",
"description": "Sakula malware - Xchecked via VT: b8006fde97a095b2c86f8b0a06b7d24f",
"pattern": "[file:hashes.SHA256 = '7da03822a5fcac6f182cc9485a1811e0c91276b44045b065d02e96833e7b7527']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb1-5a7c-41a0-93c1-4951950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:53.000Z",
"modified": "2015-08-25T13:37:53.000Z",
"description": "Sakula malware - Xchecked via VT: b8006fde97a095b2c86f8b0a06b7d24f",
"pattern": "[file:hashes.SHA1 = '15ad7632407efec5f67c078e2d283d6a68af96e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb1-6ea8-4a7f-8ed5-495e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:53.000Z",
"modified": "2015-08-25T13:37:53.000Z",
"first_observed": "2015-08-25T13:37:53Z",
"last_observed": "2015-08-25T13:37:53Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb1-6ea8-4a7f-8ed5-495e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb1-6ea8-4a7f-8ed5-495e950d210b",
"value": "https://www.virustotal.com/file/7da03822a5fcac6f182cc9485a1811e0c91276b44045b065d02e96833e7b7527/analysis/1435000441/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb1-a534-47f1-af00-425f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:53.000Z",
"modified": "2015-08-25T13:37:53.000Z",
"description": "Sakula malware - Xchecked via VT: b7e3f853e98ea9db74bf3429803f7a4b",
"pattern": "[file:hashes.SHA256 = 'aae00d6fbdae1f415927ca95f3451032b3cab7384a5aab5b087ebd8601942d80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb2-0040-49b8-8940-4b67950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:54.000Z",
"modified": "2015-08-25T13:37:54.000Z",
"description": "Sakula malware - Xchecked via VT: b7e3f853e98ea9db74bf3429803f7a4b",
"pattern": "[file:hashes.SHA1 = '9076608ecf15dbd0fdff609c51842e38479dc55e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb2-e8d4-405f-8b3c-4689950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:54.000Z",
"modified": "2015-08-25T13:37:54.000Z",
"first_observed": "2015-08-25T13:37:54Z",
"last_observed": "2015-08-25T13:37:54Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb2-e8d4-405f-8b3c-4689950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb2-e8d4-405f-8b3c-4689950d210b",
"value": "https://www.virustotal.com/file/aae00d6fbdae1f415927ca95f3451032b3cab7384a5aab5b087ebd8601942d80/analysis/1435000461/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb2-2cc0-43dc-9fc4-4ecc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:54.000Z",
"modified": "2015-08-25T13:37:54.000Z",
"description": "Sakula malware - Xchecked via VT: b7bd80dd344af7649b4fd6e9b7b5fd5c",
"pattern": "[file:hashes.SHA256 = '5ef197b347cbbc5e1710c61b6ed10da623d8e01766a2671886320d506e2f38d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb2-a8ec-424d-937a-4815950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:54.000Z",
"modified": "2015-08-25T13:37:54.000Z",
"description": "Sakula malware - Xchecked via VT: b7bd80dd344af7649b4fd6e9b7b5fd5c",
"pattern": "[file:hashes.SHA1 = '7af79b82d78bdc60350fcd863a2c3de4a372f74a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb2-ac78-4fd8-8fa6-4427950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:54.000Z",
"modified": "2015-08-25T13:37:54.000Z",
"first_observed": "2015-08-25T13:37:54Z",
"last_observed": "2015-08-25T13:37:54Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb2-ac78-4fd8-8fa6-4427950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb2-ac78-4fd8-8fa6-4427950d210b",
"value": "https://www.virustotal.com/file/5ef197b347cbbc5e1710c61b6ed10da623d8e01766a2671886320d506e2f38d3/analysis/1435000501/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb2-f714-4d02-8fae-495a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:54.000Z",
"modified": "2015-08-25T13:37:54.000Z",
"description": "Sakula malware - Xchecked via VT: b79be0503606ee3e2ce243e497265dbb",
"pattern": "[file:hashes.SHA256 = '58031dbed1df18e7ea461cece0a52216e0e243a632b920328156ba54e9329c6a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb3-5970-47ef-ba65-495f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:55.000Z",
"modified": "2015-08-25T13:37:55.000Z",
"description": "Sakula malware - Xchecked via VT: b79be0503606ee3e2ce243e497265dbb",
"pattern": "[file:hashes.SHA1 = '28479323bf3028c37dbfe671f1f15389957e9bfb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb3-587c-4d86-b483-4944950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:55.000Z",
"modified": "2015-08-25T13:37:55.000Z",
"first_observed": "2015-08-25T13:37:55Z",
"last_observed": "2015-08-25T13:37:55Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb3-587c-4d86-b483-4944950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb3-587c-4d86-b483-4944950d210b",
"value": "https://www.virustotal.com/file/58031dbed1df18e7ea461cece0a52216e0e243a632b920328156ba54e9329c6a/analysis/1434998882/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb3-7494-4ac5-ab45-4860950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:55.000Z",
"modified": "2015-08-25T13:37:55.000Z",
"description": "Sakula malware - Xchecked via VT: b6d9a58bacb8a92e428f7d70532cb33e",
"pattern": "[file:hashes.SHA256 = '0bc49fea4defa019ac0cdb57f3d457847438ce69ac285e57278d1843ba761719']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb3-d4f4-4908-b5f8-481a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:55.000Z",
"modified": "2015-08-25T13:37:55.000Z",
"description": "Sakula malware - Xchecked via VT: b6d9a58bacb8a92e428f7d70532cb33e",
"pattern": "[file:hashes.SHA1 = '85b0b839c2f2c14ef3058629d0526679987bff95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb3-50ac-4c22-94fa-4ec3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:55.000Z",
"modified": "2015-08-25T13:37:55.000Z",
"first_observed": "2015-08-25T13:37:55Z",
"last_observed": "2015-08-25T13:37:55Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb3-50ac-4c22-94fa-4ec3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb3-50ac-4c22-94fa-4ec3950d210b",
"value": "https://www.virustotal.com/file/0bc49fea4defa019ac0cdb57f3d457847438ce69ac285e57278d1843ba761719/analysis/1434998943/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb4-cd84-4c3e-ae36-458d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:56.000Z",
"modified": "2015-08-25T13:37:56.000Z",
"description": "Sakula malware - Xchecked via VT: b4e24a4edba2d2644877cfc933973228",
"pattern": "[file:hashes.SHA256 = 'ccf1dd2cd1f266006b2e70ab613bdd007fc03018c661f575d028443055d743b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb4-52bc-42e4-bd7f-4f77950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:56.000Z",
"modified": "2015-08-25T13:37:56.000Z",
"description": "Sakula malware - Xchecked via VT: b4e24a4edba2d2644877cfc933973228",
"pattern": "[file:hashes.SHA1 = '2abab34395c5754383dea6cf00fa7ab4c410a6ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb4-7a5c-4fa5-815f-49aa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:56.000Z",
"modified": "2015-08-25T13:37:56.000Z",
"first_observed": "2015-08-25T13:37:56Z",
"last_observed": "2015-08-25T13:37:56Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb4-7a5c-4fa5-815f-49aa950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb4-7a5c-4fa5-815f-49aa950d210b",
"value": "https://www.virustotal.com/file/ccf1dd2cd1f266006b2e70ab613bdd007fc03018c661f575d028443055d743b6/analysis/1434999063/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb4-12dc-4967-87c7-4697950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:56.000Z",
"modified": "2015-08-25T13:37:56.000Z",
"description": "Sakula malware - Xchecked via VT: b4958424c5db8b0eca61ce836b81d192",
"pattern": "[file:hashes.SHA256 = '8e26bd2a3f142ee7042483930f5ab49ed67dbde2f2a74b97a3bd1a03cf718eb6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb4-c078-45eb-a586-4b6a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:56.000Z",
"modified": "2015-08-25T13:37:56.000Z",
"description": "Sakula malware - Xchecked via VT: b4958424c5db8b0eca61ce836b81d192",
"pattern": "[file:hashes.SHA1 = '11964209ef14ff3e54f15bc00a2cf87563b02226']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb4-14a0-4cbf-80e8-4e70950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:56.000Z",
"modified": "2015-08-25T13:37:56.000Z",
"first_observed": "2015-08-25T13:37:56Z",
"last_observed": "2015-08-25T13:37:56Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb4-14a0-4cbf-80e8-4e70950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb4-14a0-4cbf-80e8-4e70950d210b",
"value": "https://www.virustotal.com/file/8e26bd2a3f142ee7042483930f5ab49ed67dbde2f2a74b97a3bd1a03cf718eb6/analysis/1434999125/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb5-b990-4ff0-acc4-4ee3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:57.000Z",
"modified": "2015-08-25T13:37:57.000Z",
"description": "Sakula malware - Xchecked via VT: b42417f49dd3aa2d31449fdf06769ca0",
"pattern": "[file:hashes.SHA256 = 'be60276c78b2de6c47b814eb096feef195c5d3f18d80eb4fc87e423f9e99c181']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb5-e0f4-41e3-8922-4849950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:57.000Z",
"modified": "2015-08-25T13:37:57.000Z",
"description": "Sakula malware - Xchecked via VT: b42417f49dd3aa2d31449fdf06769ca0",
"pattern": "[file:hashes.SHA1 = '745508b66496a73e59fa5f51132d349fa3055c26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb5-60f0-46d6-b94c-4d25950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:57.000Z",
"modified": "2015-08-25T13:37:57.000Z",
"first_observed": "2015-08-25T13:37:57Z",
"last_observed": "2015-08-25T13:37:57Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb5-60f0-46d6-b94c-4d25950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb5-60f0-46d6-b94c-4d25950d210b",
"value": "https://www.virustotal.com/file/be60276c78b2de6c47b814eb096feef195c5d3f18d80eb4fc87e423f9e99c181/analysis/1434999183/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb5-c788-4d6a-af43-44c4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:57.000Z",
"modified": "2015-08-25T13:37:57.000Z",
"description": "Sakula malware - Xchecked via VT: b2d900e2803dd0bcd5e85b64e24c7910",
"pattern": "[file:hashes.SHA256 = '3a1fdfd0db2c0311a31998706635cf8fe27d8852b0dcf2a5f94147f519c7ab95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb5-3c04-4260-8823-4120950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:57.000Z",
"modified": "2015-08-25T13:37:57.000Z",
"description": "Sakula malware - Xchecked via VT: b2d900e2803dd0bcd5e85b64e24c7910",
"pattern": "[file:hashes.SHA1 = 'e7e25a541d1562f7d3ebaf43ee144e400ff84824']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb6-18b8-44c8-a8eb-4d44950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:58.000Z",
"modified": "2015-08-25T13:37:58.000Z",
"first_observed": "2015-08-25T13:37:58Z",
"last_observed": "2015-08-25T13:37:58Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb6-18b8-44c8-a8eb-4d44950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb6-18b8-44c8-a8eb-4d44950d210b",
"value": "https://www.virustotal.com/file/3a1fdfd0db2c0311a31998706635cf8fe27d8852b0dcf2a5f94147f519c7ab95/analysis/1436476562/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb6-f6a0-4882-aed3-48fe950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:58.000Z",
"modified": "2015-08-25T13:37:58.000Z",
"description": "Sakula malware - Xchecked via VT: b297c84e2cdeacdbae86cbf707fc7540",
"pattern": "[file:hashes.SHA256 = 'c81e589a78d15d0312f4fc043034c75a849de3d5b233e8036a52a2de298b6d07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb6-d4d0-4ec6-8998-4429950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:58.000Z",
"modified": "2015-08-25T13:37:58.000Z",
"description": "Sakula malware - Xchecked via VT: b297c84e2cdeacdbae86cbf707fc7540",
"pattern": "[file:hashes.SHA1 = 'ff4c94a9324da5ce038e75b474c9913d0d95f06f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb6-3778-4272-a276-4999950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:58.000Z",
"modified": "2015-08-25T13:37:58.000Z",
"first_observed": "2015-08-25T13:37:58Z",
"last_observed": "2015-08-25T13:37:58Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb6-3778-4272-a276-4999950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb6-3778-4272-a276-4999950d210b",
"value": "https://www.virustotal.com/file/c81e589a78d15d0312f4fc043034c75a849de3d5b233e8036a52a2de298b6d07/analysis/1399806844/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb6-6990-4706-b552-4670950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:58.000Z",
"modified": "2015-08-25T13:37:58.000Z",
"description": "Sakula malware - Xchecked via VT: b011a616da408875bd0d39cebf11dd1d",
"pattern": "[file:hashes.SHA256 = '1233c27146153eaaf1e69cb7cb6b151ea799c4142e07c19c56d7930da60acf63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb6-b7a0-4f22-9ef7-4071950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:58.000Z",
"modified": "2015-08-25T13:37:58.000Z",
"description": "Sakula malware - Xchecked via VT: b011a616da408875bd0d39cebf11dd1d",
"pattern": "[file:hashes.SHA1 = '534a6f0290d8ed5a83550877c540db212f947800']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb7-94e4-4a76-9e51-4ae4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:59.000Z",
"modified": "2015-08-25T13:37:59.000Z",
"first_observed": "2015-08-25T13:37:59Z",
"last_observed": "2015-08-25T13:37:59Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb7-94e4-4a76-9e51-4ae4950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb7-94e4-4a76-9e51-4ae4950d210b",
"value": "https://www.virustotal.com/file/1233c27146153eaaf1e69cb7cb6b151ea799c4142e07c19c56d7930da60acf63/analysis/1434008598/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb7-bb20-408b-8e8e-4767950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:59.000Z",
"modified": "2015-08-25T13:37:59.000Z",
"description": "Sakula malware - Xchecked via VT: aec367555524a71efcc60f45e476c678",
"pattern": "[file:hashes.SHA256 = '191c0cc380b1eb9bc72f134fe85ccb168bca7934448c68c0ee5a50fd13b60413']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb7-911c-4176-94d0-4b4c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:59.000Z",
"modified": "2015-08-25T13:37:59.000Z",
"description": "Sakula malware - Xchecked via VT: aec367555524a71efcc60f45e476c678",
"pattern": "[file:hashes.SHA1 = '8cd23ec0aeba7b80b2b50b1cf820c3bcc02e03c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb7-3a8c-485f-85b6-4be5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:59.000Z",
"modified": "2015-08-25T13:37:59.000Z",
"first_observed": "2015-08-25T13:37:59Z",
"last_observed": "2015-08-25T13:37:59Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb7-3a8c-485f-85b6-4be5950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb7-3a8c-485f-85b6-4be5950d210b",
"value": "https://www.virustotal.com/file/191c0cc380b1eb9bc72f134fe85ccb168bca7934448c68c0ee5a50fd13b60413/analysis/1434008530/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb7-9b94-4607-8659-4c4f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:59.000Z",
"modified": "2015-08-25T13:37:59.000Z",
"description": "Sakula malware - Xchecked via VT: ae6f33f6cdc25dc4bda24b2bccff79fe",
"pattern": "[file:hashes.SHA256 = '31e4b63d63946c0d782b495c742060be1f47f49cfb76496ab823ffe02bd8a4c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb7-0c24-4e6b-8e29-4d73950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:37:59.000Z",
"modified": "2015-08-25T13:37:59.000Z",
"description": "Sakula malware - Xchecked via VT: ae6f33f6cdc25dc4bda24b2bccff79fe",
"pattern": "[file:hashes.SHA1 = '4460b5c0bb4ae8380969d8934e8b4aaa484b8776']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:37:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb8-caf0-440a-87bc-4ec9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:00.000Z",
"modified": "2015-08-25T13:38:00.000Z",
"first_observed": "2015-08-25T13:38:00Z",
"last_observed": "2015-08-25T13:38:00Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb8-caf0-440a-87bc-4ec9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb8-caf0-440a-87bc-4ec9950d210b",
"value": "https://www.virustotal.com/file/31e4b63d63946c0d782b495c742060be1f47f49cfb76496ab823ffe02bd8a4c3/analysis/1431112256/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb8-eb48-4d0e-b7ae-4de9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:00.000Z",
"modified": "2015-08-25T13:38:00.000Z",
"description": "Sakula malware - Xchecked via VT: aca2756917024c859d1f13ca1cdcb843",
"pattern": "[file:hashes.SHA256 = 'd2a627abb4e73e3e0b479e4da45c10751992f5c438aa10b18a7a94e2481e1828']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb8-dc48-41c5-8ab1-4174950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:00.000Z",
"modified": "2015-08-25T13:38:00.000Z",
"description": "Sakula malware - Xchecked via VT: aca2756917024c859d1f13ca1cdcb843",
"pattern": "[file:hashes.SHA1 = 'eb95ecbf4e382aba4fd02862dfcb69a2a839324d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb8-2818-4cb3-a6dd-42cc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:00.000Z",
"modified": "2015-08-25T13:38:00.000Z",
"first_observed": "2015-08-25T13:38:00Z",
"last_observed": "2015-08-25T13:38:00Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb8-2818-4cb3-a6dd-42cc950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb8-2818-4cb3-a6dd-42cc950d210b",
"value": "https://www.virustotal.com/file/d2a627abb4e73e3e0b479e4da45c10751992f5c438aa10b18a7a94e2481e1828/analysis/1433738276/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb8-fca4-46f5-9d8b-42ba950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:00.000Z",
"modified": "2015-08-25T13:38:00.000Z",
"description": "Sakula malware - Xchecked via VT: ab557f2197647aa3fb7be3de8770a109",
"pattern": "[file:hashes.SHA256 = '9f26d5664f77b4bfc297f64b374a44e08d34927f014978ca24e7707f7436a71d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb9-3a48-4d62-a7c9-4b5c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:01.000Z",
"modified": "2015-08-25T13:38:01.000Z",
"description": "Sakula malware - Xchecked via VT: ab557f2197647aa3fb7be3de8770a109",
"pattern": "[file:hashes.SHA1 = '6ab179329707b60a305c5f348d9762349e87927b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb9-db1c-4c05-96f2-404b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:01.000Z",
"modified": "2015-08-25T13:38:01.000Z",
"first_observed": "2015-08-25T13:38:01Z",
"last_observed": "2015-08-25T13:38:01Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb9-db1c-4c05-96f2-404b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb9-db1c-4c05-96f2-404b950d210b",
"value": "https://www.virustotal.com/file/9f26d5664f77b4bfc297f64b374a44e08d34927f014978ca24e7707f7436a71d/analysis/1434008375/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb9-cd04-4ac1-adad-4039950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:01.000Z",
"modified": "2015-08-25T13:38:01.000Z",
"description": "Sakula malware - Xchecked via VT: a7e467e16834e80a5713e0d6bb73def5",
"pattern": "[file:hashes.SHA256 = '71c8661eaf535495c90371aa2f4bb6fd17f3f72f1fb8a5a66630f51658312a37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb9-e670-420c-a51b-4839950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:01.000Z",
"modified": "2015-08-25T13:38:01.000Z",
"description": "Sakula malware - Xchecked via VT: a7e467e16834e80a5713e0d6bb73def5",
"pattern": "[file:hashes.SHA1 = 'ab4c95a246821f70f9d518c048229c5a998c9380']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fb9-d6f8-4244-ab10-42d3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:01.000Z",
"modified": "2015-08-25T13:38:01.000Z",
"first_observed": "2015-08-25T13:38:01Z",
"last_observed": "2015-08-25T13:38:01Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fb9-d6f8-4244-ab10-42d3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fb9-d6f8-4244-ab10-42d3950d210b",
"value": "https://www.virustotal.com/file/71c8661eaf535495c90371aa2f4bb6fd17f3f72f1fb8a5a66630f51658312a37/analysis/1434008250/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fb9-51f8-472e-9a31-4f57950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:01.000Z",
"modified": "2015-08-25T13:38:01.000Z",
"description": "Sakula malware - Xchecked via VT: a759b73716bdc406b9a20ebef394bc6d",
"pattern": "[file:hashes.SHA256 = '53106c8fe2fa4553991a255d767d61e7292cfe7481f055d3c5f39bbe21b486a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fba-d3e4-4184-a125-4d79950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:02.000Z",
"modified": "2015-08-25T13:38:02.000Z",
"description": "Sakula malware - Xchecked via VT: a759b73716bdc406b9a20ebef394bc6d",
"pattern": "[file:hashes.SHA1 = '43df703fc83be1b4546a53f4e377d32c60cb379d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fba-e8d8-4f61-bf61-4d42950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:02.000Z",
"modified": "2015-08-25T13:38:02.000Z",
"first_observed": "2015-08-25T13:38:02Z",
"last_observed": "2015-08-25T13:38:02Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fba-e8d8-4f61-bf61-4d42950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fba-e8d8-4f61-bf61-4d42950d210b",
"value": "https://www.virustotal.com/file/53106c8fe2fa4553991a255d767d61e7292cfe7481f055d3c5f39bbe21b486a1/analysis/1434008226/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fba-39f4-4c43-a334-4882950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:02.000Z",
"modified": "2015-08-25T13:38:02.000Z",
"description": "Sakula malware - Xchecked via VT: a700db7a97eceea15d5f43d1376a6f09",
"pattern": "[file:hashes.SHA256 = '3b5a62ecdcf6dda4f20a6896ee9f3d6fed79b27b0a07eb604586b1515d6621f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fba-4fd0-43d5-80f3-4dcf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:02.000Z",
"modified": "2015-08-25T13:38:02.000Z",
"description": "Sakula malware - Xchecked via VT: a700db7a97eceea15d5f43d1376a6f09",
"pattern": "[file:hashes.SHA1 = '124fb9139b15f74a73dd966d87b795c820faff79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fba-f81c-4680-96c7-44f1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:02.000Z",
"modified": "2015-08-25T13:38:02.000Z",
"first_observed": "2015-08-25T13:38:02Z",
"last_observed": "2015-08-25T13:38:02Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fba-f81c-4680-96c7-44f1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fba-f81c-4680-96c7-44f1950d210b",
"value": "https://www.virustotal.com/file/3b5a62ecdcf6dda4f20a6896ee9f3d6fed79b27b0a07eb604586b1515d6621f8/analysis/1431116960/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbb-e740-4105-bd0c-47c6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:02.000Z",
"modified": "2015-08-25T13:38:02.000Z",
"description": "Sakula malware - Xchecked via VT: a548d3dedd85683930d9732ed0316ec0",
"pattern": "[file:hashes.SHA256 = '02826b3be726af9ecbe50825c00a77b45fe4a768e9c658d6e4cf2aa19a022af3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbb-3a58-4278-b277-41ec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:03.000Z",
"modified": "2015-08-25T13:38:03.000Z",
"description": "Sakula malware - Xchecked via VT: a548d3dedd85683930d9732ed0316ec0",
"pattern": "[file:hashes.SHA1 = 'acc13efb8f387cc5f7db9fcec971050cdd6186e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fbb-9634-4939-a71c-48a4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:03.000Z",
"modified": "2015-08-25T13:38:03.000Z",
"first_observed": "2015-08-25T13:38:03Z",
"last_observed": "2015-08-25T13:38:03Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fbb-9634-4939-a71c-48a4950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fbb-9634-4939-a71c-48a4950d210b",
"value": "https://www.virustotal.com/file/02826b3be726af9ecbe50825c00a77b45fe4a768e9c658d6e4cf2aa19a022af3/analysis/1434008135/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbb-9c04-4e1e-9854-4f16950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:03.000Z",
"modified": "2015-08-25T13:38:03.000Z",
"description": "Sakula malware - Xchecked via VT: a53782f0790258d7ae1c9330b4106976",
"pattern": "[file:hashes.SHA256 = '3b54c08eeabc7f26bb5a4932144a33e39574ca5f45cf90d2768a8170ac3776f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbb-7674-416e-81e1-4db6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:03.000Z",
"modified": "2015-08-25T13:38:03.000Z",
"description": "Sakula malware - Xchecked via VT: a53782f0790258d7ae1c9330b4106976",
"pattern": "[file:hashes.SHA1 = '4b72656eceda858f9182ebc3464d4c1d6c6ed43c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fbb-7f34-453d-ae88-428d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:03.000Z",
"modified": "2015-08-25T13:38:03.000Z",
"first_observed": "2015-08-25T13:38:03Z",
"last_observed": "2015-08-25T13:38:03Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fbb-7f34-453d-ae88-428d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fbb-7f34-453d-ae88-428d950d210b",
"value": "https://www.virustotal.com/file/3b54c08eeabc7f26bb5a4932144a33e39574ca5f45cf90d2768a8170ac3776f4/analysis/1434008134/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbc-4450-4e95-a933-4aed950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:04.000Z",
"modified": "2015-08-25T13:38:04.000Z",
"description": "Sakula malware - Xchecked via VT: a39729153ceaeaf9b3aded9a28d0e4dc",
"pattern": "[file:hashes.SHA256 = '2bcff388ad12a48cdb14fff8793b8581d357dcf5a6d44d6bd735fda2274a056b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbc-a4e0-498d-8a90-4955950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:04.000Z",
"modified": "2015-08-25T13:38:04.000Z",
"description": "Sakula malware - Xchecked via VT: a39729153ceaeaf9b3aded9a28d0e4dc",
"pattern": "[file:hashes.SHA1 = '4a893e20379d454c94b637caf15a9eb8a20491fa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fbc-0964-4341-88d8-4775950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:04.000Z",
"modified": "2015-08-25T13:38:04.000Z",
"first_observed": "2015-08-25T13:38:04Z",
"last_observed": "2015-08-25T13:38:04Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fbc-0964-4341-88d8-4775950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fbc-0964-4341-88d8-4775950d210b",
"value": "https://www.virustotal.com/file/2bcff388ad12a48cdb14fff8793b8581d357dcf5a6d44d6bd735fda2274a056b/analysis/1436840974/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbc-a760-4b50-9c62-48c9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:04.000Z",
"modified": "2015-08-25T13:38:04.000Z",
"description": "Sakula malware - Xchecked via VT: a33c6daba951f7c9a30d69b5e1e58af9",
"pattern": "[file:hashes.SHA256 = '72cf8d30db4d3625c158fa8d9c57187cd50fdbe31c41592fde5126f3170bd277']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbc-2088-4f2d-b712-4228950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:04.000Z",
"modified": "2015-08-25T13:38:04.000Z",
"description": "Sakula malware - Xchecked via VT: a33c6daba951f7c9a30d69b5e1e58af9",
"pattern": "[file:hashes.SHA1 = '1513023202ef672c565f14b98c48ea79bb57e881']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fbc-8a0c-4cae-b1a0-4542950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:04.000Z",
"modified": "2015-08-25T13:38:04.000Z",
"first_observed": "2015-08-25T13:38:04Z",
"last_observed": "2015-08-25T13:38:04Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fbc-8a0c-4cae-b1a0-4542950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fbc-8a0c-4cae-b1a0-4542950d210b",
"value": "https://www.virustotal.com/file/72cf8d30db4d3625c158fa8d9c57187cd50fdbe31c41592fde5126f3170bd277/analysis/1433908627/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbd-ffc8-413f-8465-4b45950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:05.000Z",
"modified": "2015-08-25T13:38:05.000Z",
"description": "Sakula malware - Xchecked via VT: a2bdb2aaf4d8eacbbb634476f553455b",
"pattern": "[file:hashes.SHA256 = 'dd6b20b6b0cab78a6ac411b21666d572f9a8719be201dff8fdb1a05b1d1905d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbd-6d84-465e-97fb-4748950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:05.000Z",
"modified": "2015-08-25T13:38:05.000Z",
"description": "Sakula malware - Xchecked via VT: a2bdb2aaf4d8eacbbb634476f553455b",
"pattern": "[file:hashes.SHA1 = '17f309c0f617bffca67e21d29eb9b252af5b76e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fbd-3ae8-4b0e-ab6e-4277950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:05.000Z",
"modified": "2015-08-25T13:38:05.000Z",
"first_observed": "2015-08-25T13:38:05Z",
"last_observed": "2015-08-25T13:38:05Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fbd-3ae8-4b0e-ab6e-4277950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fbd-3ae8-4b0e-ab6e-4277950d210b",
"value": "https://www.virustotal.com/file/dd6b20b6b0cab78a6ac411b21666d572f9a8719be201dff8fdb1a05b1d1905d3/analysis/1434008018/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbd-0804-4337-95fe-4997950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:05.000Z",
"modified": "2015-08-25T13:38:05.000Z",
"description": "Sakula malware - Xchecked via VT: a225ee8669c52540b5056fd848f1e267",
"pattern": "[file:hashes.SHA256 = 'cffa1b9e7485ebf1591e1e77be42a22e26958a4456ccbc92d62889377cc4267c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbd-0684-49e5-906e-44b1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:05.000Z",
"modified": "2015-08-25T13:38:05.000Z",
"description": "Sakula malware - Xchecked via VT: a225ee8669c52540b5056fd848f1e267",
"pattern": "[file:hashes.SHA1 = 'c2f6bb26d68d25b58d314c918b5253ae83d6df64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fbe-e858-49d5-a323-48f1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:06.000Z",
"modified": "2015-08-25T13:38:06.000Z",
"first_observed": "2015-08-25T13:38:06Z",
"last_observed": "2015-08-25T13:38:06Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fbe-e858-49d5-a323-48f1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fbe-e858-49d5-a323-48f1950d210b",
"value": "https://www.virustotal.com/file/cffa1b9e7485ebf1591e1e77be42a22e26958a4456ccbc92d62889377cc4267c/analysis/1433738270/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbe-5314-4d55-9240-43a0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:06.000Z",
"modified": "2015-08-25T13:38:06.000Z",
"description": "Sakula malware - Xchecked via VT: a2030658767635894abdb3742db5e279",
"pattern": "[file:hashes.SHA256 = 'bd81148e7204aec96d243b47e9049a75abff7403a6510403c58f6933bbe9ad7a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbe-ebcc-45e5-9aab-4a7d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:06.000Z",
"modified": "2015-08-25T13:38:06.000Z",
"description": "Sakula malware - Xchecked via VT: a2030658767635894abdb3742db5e279",
"pattern": "[file:hashes.SHA1 = '0e42e72ffcddcebb9868e29c02ffe55646384bf9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fbe-0478-457c-834b-4776950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:06.000Z",
"modified": "2015-08-25T13:38:06.000Z",
"first_observed": "2015-08-25T13:38:06Z",
"last_observed": "2015-08-25T13:38:06Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fbe-0478-457c-834b-4776950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fbe-0478-457c-834b-4776950d210b",
"value": "https://www.virustotal.com/file/bd81148e7204aec96d243b47e9049a75abff7403a6510403c58f6933bbe9ad7a/analysis/1434007993/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbe-087c-4036-baa6-487c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:06.000Z",
"modified": "2015-08-25T13:38:06.000Z",
"description": "Sakula malware - Xchecked via VT: a104ab14c9a1d425a0e959f046c97f29",
"pattern": "[file:hashes.SHA256 = 'fcc2d889e561236de7035ae2a6e3cae82859ef7d3509a386b3860fcbf2179d30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbe-0c80-493a-ab14-4d04950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:06.000Z",
"modified": "2015-08-25T13:38:06.000Z",
"description": "Sakula malware - Xchecked via VT: a104ab14c9a1d425a0e959f046c97f29",
"pattern": "[file:hashes.SHA1 = '170a66400a57c37a0f193f5987e9050ab0a686d8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fbf-6a1c-46cf-af96-443d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:07.000Z",
"modified": "2015-08-25T13:38:07.000Z",
"first_observed": "2015-08-25T13:38:07Z",
"last_observed": "2015-08-25T13:38:07Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fbf-6a1c-46cf-af96-443d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fbf-6a1c-46cf-af96-443d950d210b",
"value": "https://www.virustotal.com/file/fcc2d889e561236de7035ae2a6e3cae82859ef7d3509a386b3860fcbf2179d30/analysis/1434007957/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbf-f7b0-4549-9a33-4065950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:07.000Z",
"modified": "2015-08-25T13:38:07.000Z",
"description": "Sakula malware - Xchecked via VT: a068bf4b31738a08ed06924c7bf37223",
"pattern": "[file:hashes.SHA256 = '713e0fc8cb445d0a094c33347385b76d6a7d540fda15bec3ce66299d8c0e8cbc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbf-ed80-4df4-b688-4396950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:07.000Z",
"modified": "2015-08-25T13:38:07.000Z",
"description": "Sakula malware - Xchecked via VT: a068bf4b31738a08ed06924c7bf37223",
"pattern": "[file:hashes.SHA1 = 'e45b046dddea65f987e4a8e4b0fe47711fbb346c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fbf-1b5c-4063-ad83-4dda950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:07.000Z",
"modified": "2015-08-25T13:38:07.000Z",
"first_observed": "2015-08-25T13:38:07Z",
"last_observed": "2015-08-25T13:38:07Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fbf-1b5c-4063-ad83-4dda950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fbf-1b5c-4063-ad83-4dda950d210b",
"value": "https://www.virustotal.com/file/713e0fc8cb445d0a094c33347385b76d6a7d540fda15bec3ce66299d8c0e8cbc/analysis/1434995102/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbf-8a54-431a-8142-4e33950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:07.000Z",
"modified": "2015-08-25T13:38:07.000Z",
"description": "Sakula malware - Xchecked via VT: a034a674b439d9b3d3ad1718bc0c6bb0",
"pattern": "[file:hashes.SHA256 = 'ac14f51aa1a54bbaea38a66c57bb7be10b6596beef1adbf04836229c9f16ba2e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fbf-f710-49ad-bb5d-46f7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:07.000Z",
"modified": "2015-08-25T13:38:07.000Z",
"description": "Sakula malware - Xchecked via VT: a034a674b439d9b3d3ad1718bc0c6bb0",
"pattern": "[file:hashes.SHA1 = '959a914f4f474f080ed277a83291a8888a36d426']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc0-8468-44f0-a08a-4555950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:08.000Z",
"modified": "2015-08-25T13:38:08.000Z",
"first_observed": "2015-08-25T13:38:08Z",
"last_observed": "2015-08-25T13:38:08Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc0-8468-44f0-a08a-4555950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc0-8468-44f0-a08a-4555950d210b",
"value": "https://www.virustotal.com/file/ac14f51aa1a54bbaea38a66c57bb7be10b6596beef1adbf04836229c9f16ba2e/analysis/1438341229/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc0-a790-4558-8934-456e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:08.000Z",
"modified": "2015-08-25T13:38:08.000Z",
"description": "Sakula malware - Xchecked via VT: a00e275feb97b55776c186579d17a218",
"pattern": "[file:hashes.SHA256 = '2c3c1195e6138ca8fa312af09cdf28b3093d7eaefbffa03607fdc5864e39645f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc0-ef08-46c6-8711-4e30950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:08.000Z",
"modified": "2015-08-25T13:38:08.000Z",
"description": "Sakula malware - Xchecked via VT: a00e275feb97b55776c186579d17a218",
"pattern": "[file:hashes.SHA1 = '579922a30d95b4db218cae06a26ae0bc994fcc5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc0-6c78-4671-a1df-4d5a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:08.000Z",
"modified": "2015-08-25T13:38:08.000Z",
"first_observed": "2015-08-25T13:38:08Z",
"last_observed": "2015-08-25T13:38:08Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc0-6c78-4671-a1df-4d5a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc0-6c78-4671-a1df-4d5a950d210b",
"value": "https://www.virustotal.com/file/2c3c1195e6138ca8fa312af09cdf28b3093d7eaefbffa03607fdc5864e39645f/analysis/1434993664/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc0-c4b8-4a2f-ae16-41b9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:08.000Z",
"modified": "2015-08-25T13:38:08.000Z",
"description": "Sakula malware - Xchecked via VT: a00a19c85c42cb49ad48c0be349daec0",
"pattern": "[file:hashes.SHA256 = 'c3d030a3de2d6306d6fae210a9dd034775b6edc2541bc1b83a7b7a00ea5c2534']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc1-61a4-4b26-9528-4d3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:09.000Z",
"modified": "2015-08-25T13:38:09.000Z",
"description": "Sakula malware - Xchecked via VT: a00a19c85c42cb49ad48c0be349daec0",
"pattern": "[file:hashes.SHA1 = '1c72d33f8a44650078f5c125e03511c383798136']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc1-1e98-4785-a8e1-4cdc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:09.000Z",
"modified": "2015-08-25T13:38:09.000Z",
"first_observed": "2015-08-25T13:38:09Z",
"last_observed": "2015-08-25T13:38:09Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc1-1e98-4785-a8e1-4cdc950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc1-1e98-4785-a8e1-4cdc950d210b",
"value": "https://www.virustotal.com/file/c3d030a3de2d6306d6fae210a9dd034775b6edc2541bc1b83a7b7a00ea5c2534/analysis/1434007904/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc1-450c-4535-8cef-4fb7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:09.000Z",
"modified": "2015-08-25T13:38:09.000Z",
"description": "Sakula malware - Xchecked via VT: 96fab28f1539f3909a255436bc269062",
"pattern": "[file:hashes.SHA256 = 'e0d72e192f2548724d1f700184d2a6704422596b343d1e142655f99cb09ab7f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc1-b8ac-4c4c-813c-4e86950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:09.000Z",
"modified": "2015-08-25T13:38:09.000Z",
"description": "Sakula malware - Xchecked via VT: 96fab28f1539f3909a255436bc269062",
"pattern": "[file:hashes.SHA1 = '318b7e2141b31faaa946610723b5fbed76f75114']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc1-a9ec-4aae-a25f-4836950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:09.000Z",
"modified": "2015-08-25T13:38:09.000Z",
"first_observed": "2015-08-25T13:38:09Z",
"last_observed": "2015-08-25T13:38:09Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc1-a9ec-4aae-a25f-4836950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc1-a9ec-4aae-a25f-4836950d210b",
"value": "https://www.virustotal.com/file/e0d72e192f2548724d1f700184d2a6704422596b343d1e142655f99cb09ab7f9/analysis/1434007507/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc1-4878-45f9-aa75-4e1a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:09.000Z",
"modified": "2015-08-25T13:38:09.000Z",
"description": "Sakula malware - Xchecked via VT: 928579b6fd1162c3831075a7a78e3f47",
"pattern": "[file:hashes.SHA256 = 'da04d0b1cc7080a8d5645faf93cf8360a3fa2356bcdf9d15c5515a968b0d147a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc2-8ea4-440e-a00f-435b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:10.000Z",
"modified": "2015-08-25T13:38:10.000Z",
"description": "Sakula malware - Xchecked via VT: 928579b6fd1162c3831075a7a78e3f47",
"pattern": "[file:hashes.SHA1 = 'e53d3d75734a50b40e78adf67e7a4192443fb151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc2-7954-4a63-b373-4ca8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:10.000Z",
"modified": "2015-08-25T13:38:10.000Z",
"first_observed": "2015-08-25T13:38:10Z",
"last_observed": "2015-08-25T13:38:10Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc2-7954-4a63-b373-4ca8950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc2-7954-4a63-b373-4ca8950d210b",
"value": "https://www.virustotal.com/file/da04d0b1cc7080a8d5645faf93cf8360a3fa2356bcdf9d15c5515a968b0d147a/analysis/1438241090/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc2-a554-4915-bb39-415c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:10.000Z",
"modified": "2015-08-25T13:38:10.000Z",
"description": "Sakula malware - Xchecked via VT: 91569c57fc342161c479603f3b527c1d",
"pattern": "[file:hashes.SHA256 = 'ebe46601e7afaa00a58df26f01d668a07145b0c5a3c642f728db125c8be632fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc2-c398-4ed0-9aa4-4180950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:10.000Z",
"modified": "2015-08-25T13:38:10.000Z",
"description": "Sakula malware - Xchecked via VT: 91569c57fc342161c479603f3b527c1d",
"pattern": "[file:hashes.SHA1 = '14c7a1661620f46c2943fa1ad522631638569b37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc2-f0cc-4de6-8ef3-4897950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:10.000Z",
"modified": "2015-08-25T13:38:10.000Z",
"first_observed": "2015-08-25T13:38:10Z",
"last_observed": "2015-08-25T13:38:10Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc2-f0cc-4de6-8ef3-4897950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc2-f0cc-4de6-8ef3-4897950d210b",
"value": "https://www.virustotal.com/file/ebe46601e7afaa00a58df26f01d668a07145b0c5a3c642f728db125c8be632fd/analysis/1433908444/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc3-177c-4e5e-855d-4edb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:11.000Z",
"modified": "2015-08-25T13:38:11.000Z",
"description": "Sakula malware - Xchecked via VT: 8f523f7fc73e52d54bb4e94dc44768b0",
"pattern": "[file:hashes.SHA256 = 'c9a22e8c8683de57190b21c85d7adc156a960a898dbe448d6fe3269700d50294']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc3-63a4-47e2-84ce-41e4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:11.000Z",
"modified": "2015-08-25T13:38:11.000Z",
"description": "Sakula malware - Xchecked via VT: 8f523f7fc73e52d54bb4e94dc44768b0",
"pattern": "[file:hashes.SHA1 = '0b491bc29d8cab94b7a0b7876faf3a81c482561d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc3-e454-4a3e-a133-43f7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:11.000Z",
"modified": "2015-08-25T13:38:11.000Z",
"first_observed": "2015-08-25T13:38:11Z",
"last_observed": "2015-08-25T13:38:11Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc3-e454-4a3e-a133-43f7950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc3-e454-4a3e-a133-43f7950d210b",
"value": "https://www.virustotal.com/file/c9a22e8c8683de57190b21c85d7adc156a960a898dbe448d6fe3269700d50294/analysis/1403796724/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc3-9fc8-4ebf-8edd-42f5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:11.000Z",
"modified": "2015-08-25T13:38:11.000Z",
"description": "Sakula malware - Xchecked via VT: 8ee244ad6b6f2b814d34d26dae880f12",
"pattern": "[file:hashes.SHA256 = 'c8e432a8271910e909e3b6dce20ad368fa02a8c76d7abc9e9452c0d9227f6129']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc3-8764-44b7-ae2a-4085950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:11.000Z",
"modified": "2015-08-25T13:38:11.000Z",
"description": "Sakula malware - Xchecked via VT: 8ee244ad6b6f2b814d34d26dae880f12",
"pattern": "[file:hashes.SHA1 = '5988431f4a18ae89ce22d540b2872c3b349a3eba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc3-2d48-4548-bd6f-4e71950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:11.000Z",
"modified": "2015-08-25T13:38:11.000Z",
"first_observed": "2015-08-25T13:38:11Z",
"last_observed": "2015-08-25T13:38:11Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc3-2d48-4548-bd6f-4e71950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc3-2d48-4548-bd6f-4e71950d210b",
"value": "https://www.virustotal.com/file/c8e432a8271910e909e3b6dce20ad368fa02a8c76d7abc9e9452c0d9227f6129/analysis/1438241149/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc4-cce4-4d25-8bca-4037950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:12.000Z",
"modified": "2015-08-25T13:38:12.000Z",
"description": "Sakula malware - Xchecked via VT: 8a45ea989807636cc685b81effc60d96",
"pattern": "[file:hashes.SHA256 = '7deca02dd922559872ee5d0e26a4ad82990d857ace1f70fe5a3587fdffde5092']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc4-058c-4308-9555-4d97950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:12.000Z",
"modified": "2015-08-25T13:38:12.000Z",
"description": "Sakula malware - Xchecked via VT: 8a45ea989807636cc685b81effc60d96",
"pattern": "[file:hashes.SHA1 = 'f1f67d595dfa0a38fc5d16d137af7017411b4a22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc4-86a8-442f-bbd2-4c17950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:12.000Z",
"modified": "2015-08-25T13:38:12.000Z",
"first_observed": "2015-08-25T13:38:12Z",
"last_observed": "2015-08-25T13:38:12Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc4-86a8-442f-bbd2-4c17950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc4-86a8-442f-bbd2-4c17950d210b",
"value": "https://www.virustotal.com/file/7deca02dd922559872ee5d0e26a4ad82990d857ace1f70fe5a3587fdffde5092/analysis/1439469647/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc4-b5a4-4d34-85b3-434c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:12.000Z",
"modified": "2015-08-25T13:38:12.000Z",
"description": "Sakula malware - Xchecked via VT: 8542cf0d32b7c711d92089a7d442333e",
"pattern": "[file:hashes.SHA256 = '621cabafa0320c01dc1eb106071b1cc5d0fd0a181bf0fab6e0ab2e4bd7d14751']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc4-5284-42d5-a960-4069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:12.000Z",
"modified": "2015-08-25T13:38:12.000Z",
"description": "Sakula malware - Xchecked via VT: 8542cf0d32b7c711d92089a7d442333e",
"pattern": "[file:hashes.SHA1 = 'e9ff8095d747309492c97a9c18e323a30fe358e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc4-0318-4b77-97ec-4838950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:12.000Z",
"modified": "2015-08-25T13:38:12.000Z",
"first_observed": "2015-08-25T13:38:12Z",
"last_observed": "2015-08-25T13:38:12Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc4-0318-4b77-97ec-4838950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc4-0318-4b77-97ec-4838950d210b",
"value": "https://www.virustotal.com/file/621cabafa0320c01dc1eb106071b1cc5d0fd0a181bf0fab6e0ab2e4bd7d14751/analysis/1439469610/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc5-9b74-4f12-bfe6-4fc8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:13.000Z",
"modified": "2015-08-25T13:38:13.000Z",
"description": "Sakula malware - Xchecked via VT: 8506064925a774a8d11d9fac374eb86a",
"pattern": "[file:hashes.SHA256 = '7dabe3f84f10aa47bcf245031f2a85b91dc37a13998f41e63228e21029493c07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc5-bed8-4743-a2ce-417a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:13.000Z",
"modified": "2015-08-25T13:38:13.000Z",
"description": "Sakula malware - Xchecked via VT: 8506064925a774a8d11d9fac374eb86a",
"pattern": "[file:hashes.SHA1 = '1b28e9816a0a2f5b8f6f8a0bbd12eef49751f29c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc5-1e24-4b6f-9cbb-4d2c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:13.000Z",
"modified": "2015-08-25T13:38:13.000Z",
"first_observed": "2015-08-25T13:38:13Z",
"last_observed": "2015-08-25T13:38:13Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc5-1e24-4b6f-9cbb-4d2c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc5-1e24-4b6f-9cbb-4d2c950d210b",
"value": "https://www.virustotal.com/file/7dabe3f84f10aa47bcf245031f2a85b91dc37a13998f41e63228e21029493c07/analysis/1439469610/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc5-4154-4aca-8c49-43dc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:13.000Z",
"modified": "2015-08-25T13:38:13.000Z",
"description": "Sakula malware - Xchecked via VT: 848fcb062218ae3162d07665874429a7",
"pattern": "[file:hashes.SHA256 = '77858691518597786590a3c020c001cc4b0806a95edb8161ec7b4323e7c964d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc5-ee48-4483-8ac8-49d5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:13.000Z",
"modified": "2015-08-25T13:38:13.000Z",
"description": "Sakula malware - Xchecked via VT: 848fcb062218ae3162d07665874429a7",
"pattern": "[file:hashes.SHA1 = 'c03240f59a68120c921a8f226981e374e3dcceef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc5-0da0-4375-bd6e-4ba1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:13.000Z",
"modified": "2015-08-25T13:38:13.000Z",
"first_observed": "2015-08-25T13:38:13Z",
"last_observed": "2015-08-25T13:38:13Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc5-0da0-4375-bd6e-4ba1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc5-0da0-4375-bd6e-4ba1950d210b",
"value": "https://www.virustotal.com/file/77858691518597786590a3c020c001cc4b0806a95edb8161ec7b4323e7c964d1/analysis/1439469606/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc6-4cd4-4820-826a-4b2a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:14.000Z",
"modified": "2015-08-25T13:38:14.000Z",
"description": "Sakula malware - Xchecked via VT: 81d74b0e9560f2bf780f12893d885f41",
"pattern": "[file:hashes.SHA256 = '5abbe60a5f7ea156af45abea048a95bf18961a814b6806164572df14bc52d060']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc6-d3c0-4fe2-9eb1-4d54950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:14.000Z",
"modified": "2015-08-25T13:38:14.000Z",
"description": "Sakula malware - Xchecked via VT: 81d74b0e9560f2bf780f12893d885f41",
"pattern": "[file:hashes.SHA1 = '85b76ba0984d5ccd1c94a22ff25624bdd0fc2ca8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc6-658c-4879-887f-4944950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:14.000Z",
"modified": "2015-08-25T13:38:14.000Z",
"first_observed": "2015-08-25T13:38:14Z",
"last_observed": "2015-08-25T13:38:14Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc6-658c-4879-887f-4944950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc6-658c-4879-887f-4944950d210b",
"value": "https://www.virustotal.com/file/5abbe60a5f7ea156af45abea048a95bf18961a814b6806164572df14bc52d060/analysis/1439469591/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc6-df94-49cc-a43f-4c16950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:14.000Z",
"modified": "2015-08-25T13:38:14.000Z",
"description": "Sakula malware - Xchecked via VT: 74eb66027ac6fa5a59632383e09915e2",
"pattern": "[file:hashes.SHA256 = '792e4f6d5daa746f6cbfc516df7cb4624cabf51440c2ee97d841c7b0640e406b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc6-d490-4cd1-820a-481f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:14.000Z",
"modified": "2015-08-25T13:38:14.000Z",
"description": "Sakula malware - Xchecked via VT: 74eb66027ac6fa5a59632383e09915e2",
"pattern": "[file:hashes.SHA1 = '7e96f8b4da91c92ed80be2cda7eaf2182acbe300']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc7-542c-45a2-b31a-4e37950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:15.000Z",
"modified": "2015-08-25T13:38:15.000Z",
"first_observed": "2015-08-25T13:38:15Z",
"last_observed": "2015-08-25T13:38:15Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc7-542c-45a2-b31a-4e37950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc7-542c-45a2-b31a-4e37950d210b",
"value": "https://www.virustotal.com/file/792e4f6d5daa746f6cbfc516df7cb4624cabf51440c2ee97d841c7b0640e406b/analysis/1439469494/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc7-26ac-4662-9871-468e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:15.000Z",
"modified": "2015-08-25T13:38:15.000Z",
"description": "Sakula malware - Xchecked via VT: 6ccb6d1b964f115f8c7215c6ab67b1cc",
"pattern": "[file:hashes.SHA256 = '907395ac5efc83017e5cabda72240e93a874745f5bb50a0a09d19c81b2cb5d9f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc7-3e20-49d1-bf10-44b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:15.000Z",
"modified": "2015-08-25T13:38:15.000Z",
"description": "Sakula malware - Xchecked via VT: 6ccb6d1b964f115f8c7215c6ab67b1cc",
"pattern": "[file:hashes.SHA1 = '3d8a93b2eef2baa208a77bf38c6b7085bcf0755e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc7-2cb4-4b7b-bfef-4043950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:15.000Z",
"modified": "2015-08-25T13:38:15.000Z",
"first_observed": "2015-08-25T13:38:15Z",
"last_observed": "2015-08-25T13:38:15Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc7-2cb4-4b7b-bfef-4043950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc7-2cb4-4b7b-bfef-4043950d210b",
"value": "https://www.virustotal.com/file/907395ac5efc83017e5cabda72240e93a874745f5bb50a0a09d19c81b2cb5d9f/analysis/1439469443/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc7-35b4-4db0-9d0d-42e4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:15.000Z",
"modified": "2015-08-25T13:38:15.000Z",
"description": "Sakula malware - Xchecked via VT: 6bd7fb8f4565866ff032f236f0a29ee2",
"pattern": "[file:hashes.SHA256 = 'd4ce440f0b9ecda397f84b175e18d307a0e1ed34b0a93d58c746fe5ea0b48581']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc7-439c-4575-9e7e-425e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:15.000Z",
"modified": "2015-08-25T13:38:15.000Z",
"description": "Sakula malware - Xchecked via VT: 6bd7fb8f4565866ff032f236f0a29ee2",
"pattern": "[file:hashes.SHA1 = '69777d107bac9451477599f2c001321c4680cbab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc8-bb6c-402d-a80a-4fb2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:16.000Z",
"modified": "2015-08-25T13:38:16.000Z",
"first_observed": "2015-08-25T13:38:16Z",
"last_observed": "2015-08-25T13:38:16Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc8-bb6c-402d-a80a-4fb2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc8-bb6c-402d-a80a-4fb2950d210b",
"value": "https://www.virustotal.com/file/d4ce440f0b9ecda397f84b175e18d307a0e1ed34b0a93d58c746fe5ea0b48581/analysis/1439469440/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc8-9ed0-4f1e-80fe-43f0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:16.000Z",
"modified": "2015-08-25T13:38:16.000Z",
"description": "Sakula malware - Xchecked via VT: 6a2ea24ed959ef96d270af5cdc2f70a7",
"pattern": "[file:hashes.SHA256 = 'd269f3af57167a25a289bc6fd3375c3f03d79044d9569e1de63a90c70fb7be33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc8-8f60-4da9-91a2-4842950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:16.000Z",
"modified": "2015-08-25T13:38:16.000Z",
"description": "Sakula malware - Xchecked via VT: 6a2ea24ed959ef96d270af5cdc2f70a7",
"pattern": "[file:hashes.SHA1 = 'f6b55b981d6e35710681b568c690d13aea1ac0fa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc8-8758-4f95-9314-4f92950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:16.000Z",
"modified": "2015-08-25T13:38:16.000Z",
"first_observed": "2015-08-25T13:38:16Z",
"last_observed": "2015-08-25T13:38:16Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc8-8758-4f95-9314-4f92950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc8-8758-4f95-9314-4f92950d210b",
"value": "https://www.virustotal.com/file/d269f3af57167a25a289bc6fd3375c3f03d79044d9569e1de63a90c70fb7be33/analysis/1439469433/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc8-e028-4c4f-b661-4b5e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:16.000Z",
"modified": "2015-08-25T13:38:16.000Z",
"description": "Sakula malware - Xchecked via VT: 68e13422b9a5d280f4a19235d8bf7da5",
"pattern": "[file:hashes.SHA256 = 'edceab0fa7ffd682f6037cf29bb1b05415dc0b01413c6968da4251641d152eb5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc8-5928-44ae-b3c9-4ac5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:16.000Z",
"modified": "2015-08-25T13:38:16.000Z",
"description": "Sakula malware - Xchecked via VT: 68e13422b9a5d280f4a19235d8bf7da5",
"pattern": "[file:hashes.SHA1 = '0539d2180b8b82bc88721f0a251d006768a36b2b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc9-3628-427f-82b1-4e27950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:17.000Z",
"modified": "2015-08-25T13:38:17.000Z",
"first_observed": "2015-08-25T13:38:17Z",
"last_observed": "2015-08-25T13:38:17Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc9-3628-427f-82b1-4e27950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc9-3628-427f-82b1-4e27950d210b",
"value": "https://www.virustotal.com/file/edceab0fa7ffd682f6037cf29bb1b05415dc0b01413c6968da4251641d152eb5/analysis/1439821529/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc9-4e94-490f-9f00-454f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:17.000Z",
"modified": "2015-08-25T13:38:17.000Z",
"description": "Sakula malware - Xchecked via VT: 67fceab90a142e1e286bca0922dbffd3",
"pattern": "[file:hashes.SHA256 = '20f25b29416e2df84ca30a749e1d3382f0df84d24a6e72029f065f79445158a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc9-cea8-49b7-bb85-421e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:17.000Z",
"modified": "2015-08-25T13:38:17.000Z",
"description": "Sakula malware - Xchecked via VT: 67fceab90a142e1e286bca0922dbffd3",
"pattern": "[file:hashes.SHA1 = '4da530701e92158c497b4e8ef61de4479689763e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fc9-ac94-4c09-83a1-4be3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:17.000Z",
"modified": "2015-08-25T13:38:17.000Z",
"first_observed": "2015-08-25T13:38:17Z",
"last_observed": "2015-08-25T13:38:17Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fc9-ac94-4c09-83a1-4be3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fc9-ac94-4c09-83a1-4be3950d210b",
"value": "https://www.virustotal.com/file/20f25b29416e2df84ca30a749e1d3382f0df84d24a6e72029f065f79445158a1/analysis/1439469424/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc9-12b4-4b4c-98ac-4616950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:17.000Z",
"modified": "2015-08-25T13:38:17.000Z",
"description": "Sakula malware - Xchecked via VT: 67112866e800b9dce2892cf827444d60",
"pattern": "[file:hashes.SHA256 = '96daa5e74f5c9e2ce501ea14341f7da17ab6111b24187d1bc00f2565952bcfa1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fc9-d2d0-44ac-8c77-43a8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:17.000Z",
"modified": "2015-08-25T13:38:17.000Z",
"description": "Sakula malware - Xchecked via VT: 67112866e800b9dce2892cf827444d60",
"pattern": "[file:hashes.SHA1 = '0f8cda402017d87a94c6f87a7fa872dfc1aa1bea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fca-7a4c-4110-8cc9-4577950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:18.000Z",
"modified": "2015-08-25T13:38:18.000Z",
"first_observed": "2015-08-25T13:38:18Z",
"last_observed": "2015-08-25T13:38:18Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fca-7a4c-4110-8cc9-4577950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fca-7a4c-4110-8cc9-4577950d210b",
"value": "https://www.virustotal.com/file/96daa5e74f5c9e2ce501ea14341f7da17ab6111b24187d1bc00f2565952bcfa1/analysis/1439469419/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fca-1bdc-4dcf-a874-4e6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:18.000Z",
"modified": "2015-08-25T13:38:18.000Z",
"description": "Sakula malware - Xchecked via VT: 64201ec97467910e74f40140c4aaa5ce",
"pattern": "[file:hashes.SHA256 = '25620250231753f08e62b21d998095572c5ab8dafe99a4a0016ebaab64593bb8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fca-bda4-4c70-a698-45ff950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:18.000Z",
"modified": "2015-08-25T13:38:18.000Z",
"description": "Sakula malware - Xchecked via VT: 64201ec97467910e74f40140c4aaa5ce",
"pattern": "[file:hashes.SHA1 = '98ebfabfae701dc7e6e7400356a5bb5a5c373ec8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fca-a0a4-470b-a267-4afa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:18.000Z",
"modified": "2015-08-25T13:38:18.000Z",
"first_observed": "2015-08-25T13:38:18Z",
"last_observed": "2015-08-25T13:38:18Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fca-a0a4-470b-a267-4afa950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fca-a0a4-470b-a267-4afa950d210b",
"value": "https://www.virustotal.com/file/25620250231753f08e62b21d998095572c5ab8dafe99a4a0016ebaab64593bb8/analysis/1439469398/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fca-f8a0-46f1-ad89-42c1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:18.000Z",
"modified": "2015-08-25T13:38:18.000Z",
"description": "Sakula malware - Xchecked via VT: 63c0978e2fa715a3cad6fb3068f70961",
"pattern": "[file:hashes.SHA256 = '2c9aea3d2be2ca9ecdec74e5e783df43458b6b0c23d4ccda631fbe8aa160c6c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcb-ac54-4d5d-8a12-45c3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:19.000Z",
"modified": "2015-08-25T13:38:19.000Z",
"description": "Sakula malware - Xchecked via VT: 63c0978e2fa715a3cad6fb3068f70961",
"pattern": "[file:hashes.SHA1 = '9e119104c2597f0ab4542c512a1eb9fa2729852f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fcb-374c-4590-895d-4d01950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:19.000Z",
"modified": "2015-08-25T13:38:19.000Z",
"first_observed": "2015-08-25T13:38:19Z",
"last_observed": "2015-08-25T13:38:19Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fcb-374c-4590-895d-4d01950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fcb-374c-4590-895d-4d01950d210b",
"value": "https://www.virustotal.com/file/2c9aea3d2be2ca9ecdec74e5e783df43458b6b0c23d4ccda631fbe8aa160c6c7/analysis/1439469394/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcb-8918-4640-9986-40a9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:19.000Z",
"modified": "2015-08-25T13:38:19.000Z",
"description": "Sakula malware - Xchecked via VT: 63ae83244a8d7ca1eef4e834eb0eb07f",
"pattern": "[file:hashes.SHA256 = '14bab3a5cf879883e3c61b31ba722519360eac9ba68016ecacc9ae611e898d38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcb-7ce4-4527-a3f7-4b61950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:19.000Z",
"modified": "2015-08-25T13:38:19.000Z",
"description": "Sakula malware - Xchecked via VT: 63ae83244a8d7ca1eef4e834eb0eb07f",
"pattern": "[file:hashes.SHA1 = '36f79f828ce802cc2ed8dd37cae5247362fb11ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fcb-8190-4483-b117-4f78950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:19.000Z",
"modified": "2015-08-25T13:38:19.000Z",
"first_observed": "2015-08-25T13:38:19Z",
"last_observed": "2015-08-25T13:38:19Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fcb-8190-4483-b117-4f78950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fcb-8190-4483-b117-4f78950d210b",
"value": "https://www.virustotal.com/file/14bab3a5cf879883e3c61b31ba722519360eac9ba68016ecacc9ae611e898d38/analysis/1439469392/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcb-750c-4f5e-9717-443b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:19.000Z",
"modified": "2015-08-25T13:38:19.000Z",
"description": "Sakula malware - Xchecked via VT: 61fe6f4cb2c54511f0804b1417ab3bd2",
"pattern": "[file:hashes.SHA256 = 'f66205374c8e7f466f594436ed5a558b0a62f9bd82f35ea54791a88f9c863f64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcc-4c28-4c4c-82ee-4693950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:20.000Z",
"modified": "2015-08-25T13:38:20.000Z",
"description": "Sakula malware - Xchecked via VT: 61fe6f4cb2c54511f0804b1417ab3bd2",
"pattern": "[file:hashes.SHA1 = 'fd4790ea74ceb027bc623ba9c60d528c9fb863a5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fcc-5f00-4772-8031-4425950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:20.000Z",
"modified": "2015-08-25T13:38:20.000Z",
"first_observed": "2015-08-25T13:38:20Z",
"last_observed": "2015-08-25T13:38:20Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fcc-5f00-4772-8031-4425950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fcc-5f00-4772-8031-4425950d210b",
"value": "https://www.virustotal.com/file/f66205374c8e7f466f594436ed5a558b0a62f9bd82f35ea54791a88f9c863f64/analysis/1439469381/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcc-4d04-40b2-81af-4b1a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:20.000Z",
"modified": "2015-08-25T13:38:20.000Z",
"description": "Sakula malware - Xchecked via VT: 606b9759de1aa61a76cf4afa4ccf8601",
"pattern": "[file:hashes.SHA256 = '2e8480368b93aa31c4e4249eea51518458ab8b0af17be3ab01f58549a78a2a83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcc-775c-4b3b-8594-45fe950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:20.000Z",
"modified": "2015-08-25T13:38:20.000Z",
"description": "Sakula malware - Xchecked via VT: 606b9759de1aa61a76cf4afa4ccf8601",
"pattern": "[file:hashes.SHA1 = 'fecd88c785b645316ebba49b72a998522bfe8cc2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fcc-b85c-4750-831c-41b7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:20.000Z",
"modified": "2015-08-25T13:38:20.000Z",
"first_observed": "2015-08-25T13:38:20Z",
"last_observed": "2015-08-25T13:38:20Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fcc-b85c-4750-831c-41b7950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fcc-b85c-4750-831c-41b7950d210b",
"value": "https://www.virustotal.com/file/2e8480368b93aa31c4e4249eea51518458ab8b0af17be3ab01f58549a78a2a83/analysis/1439469371/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcc-7138-4b9e-9dd0-478c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:20.000Z",
"modified": "2015-08-25T13:38:20.000Z",
"description": "Sakula malware - Xchecked via VT: 5dbdc2839e3f5c2dd35f3def42002663",
"pattern": "[file:hashes.SHA256 = '55501269219f0951444debd9952d8e44d77a8db63184e625064692a66165ac8a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcd-970c-4963-8ed3-4437950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:21.000Z",
"modified": "2015-08-25T13:38:21.000Z",
"description": "Sakula malware - Xchecked via VT: 5dbdc2839e3f5c2dd35f3def42002663",
"pattern": "[file:hashes.SHA1 = '41b91f1eae355c6baab90b7951bd310f7265cf0f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fcd-fc8c-41d9-b995-4c4c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:21.000Z",
"modified": "2015-08-25T13:38:21.000Z",
"first_observed": "2015-08-25T13:38:21Z",
"last_observed": "2015-08-25T13:38:21Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fcd-fc8c-41d9-b995-4c4c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fcd-fc8c-41d9-b995-4c4c950d210b",
"value": "https://www.virustotal.com/file/55501269219f0951444debd9952d8e44d77a8db63184e625064692a66165ac8a/analysis/1439469349/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcd-6544-460f-8191-476b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:21.000Z",
"modified": "2015-08-25T13:38:21.000Z",
"description": "Sakula malware - Xchecked via VT: 5d04457e3d4026a82ac3ec9b1c0819ec",
"pattern": "[file:hashes.SHA256 = '4778938b911bec8ad1a9059b79ac0cc6bafddee2389c4c2b9297d47ecb8c2215']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcd-c0b8-4259-b1a1-44f5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:21.000Z",
"modified": "2015-08-25T13:38:21.000Z",
"description": "Sakula malware - Xchecked via VT: 5d04457e3d4026a82ac3ec9b1c0819ec",
"pattern": "[file:hashes.SHA1 = 'f7d9a0e3f08239ca5113c5e109f5b602b4c97db3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fcd-1348-4611-b100-4d91950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:21.000Z",
"modified": "2015-08-25T13:38:21.000Z",
"first_observed": "2015-08-25T13:38:21Z",
"last_observed": "2015-08-25T13:38:21Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fcd-1348-4611-b100-4d91950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fcd-1348-4611-b100-4d91950d210b",
"value": "https://www.virustotal.com/file/4778938b911bec8ad1a9059b79ac0cc6bafddee2389c4c2b9297d47ecb8c2215/analysis/1439469343/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcd-f2ac-4d51-9715-4033950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:21.000Z",
"modified": "2015-08-25T13:38:21.000Z",
"description": "Sakula malware - Xchecked via VT: 5b27234b7f28316303351ea8bcfaa740",
"pattern": "[file:hashes.SHA256 = '942e69a2eff2b922c28ff36c4f02d08b5eb35123ab5de83a9d23fcfa806ccdc5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fce-f228-453c-8c7a-4f6a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:22.000Z",
"modified": "2015-08-25T13:38:22.000Z",
"description": "Sakula malware - Xchecked via VT: 5b27234b7f28316303351ea8bcfaa740",
"pattern": "[file:hashes.SHA1 = '7dcf0c208a5521ed0b68b8216e5f3238b48ba7be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fce-bfac-429e-bfc1-4a87950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:22.000Z",
"modified": "2015-08-25T13:38:22.000Z",
"first_observed": "2015-08-25T13:38:22Z",
"last_observed": "2015-08-25T13:38:22Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fce-bfac-429e-bfc1-4a87950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fce-bfac-429e-bfc1-4a87950d210b",
"value": "https://www.virustotal.com/file/942e69a2eff2b922c28ff36c4f02d08b5eb35123ab5de83a9d23fcfa806ccdc5/analysis/1439469338/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fce-b85c-47a2-8d2a-4677950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:22.000Z",
"modified": "2015-08-25T13:38:22.000Z",
"description": "Sakula malware - Xchecked via VT: 586c418bf947a0ef73afd2a7009c4439",
"pattern": "[file:hashes.SHA256 = '1b28e40bc436cd16bc33eb458329cb9cea2e68aa1153fb8e995e365cbff1e996']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fce-2b78-44d8-9da3-4be5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:22.000Z",
"modified": "2015-08-25T13:38:22.000Z",
"description": "Sakula malware - Xchecked via VT: 586c418bf947a0ef73afd2a7009c4439",
"pattern": "[file:hashes.SHA1 = 'a2fd7d2da71ca7df47bc89e850210ebf459aca0e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fce-eb70-4d8b-a015-4eae950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:22.000Z",
"modified": "2015-08-25T13:38:22.000Z",
"first_observed": "2015-08-25T13:38:22Z",
"last_observed": "2015-08-25T13:38:22Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fce-eb70-4d8b-a015-4eae950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fce-eb70-4d8b-a015-4eae950d210b",
"value": "https://www.virustotal.com/file/1b28e40bc436cd16bc33eb458329cb9cea2e68aa1153fb8e995e365cbff1e996/analysis/1439469318/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcf-d908-456b-8519-4780950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:23.000Z",
"modified": "2015-08-25T13:38:23.000Z",
"description": "Sakula malware - Xchecked via VT: 5482deee917c374bab43dd83a4a6c722",
"pattern": "[file:hashes.SHA256 = '099baab8695d559acbd74dd1645e97cbefe47ed04244aa57cf66410b031de7dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcf-3534-4588-b4cf-477c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:23.000Z",
"modified": "2015-08-25T13:38:23.000Z",
"description": "Sakula malware - Xchecked via VT: 5482deee917c374bab43dd83a4a6c722",
"pattern": "[file:hashes.SHA1 = '92a984f289e24abae44c4237d09c9ff3a198783a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fcf-5440-4c8e-938d-473e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:23.000Z",
"modified": "2015-08-25T13:38:23.000Z",
"first_observed": "2015-08-25T13:38:23Z",
"last_observed": "2015-08-25T13:38:23Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fcf-5440-4c8e-938d-473e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fcf-5440-4c8e-938d-473e950d210b",
"value": "https://www.virustotal.com/file/099baab8695d559acbd74dd1645e97cbefe47ed04244aa57cf66410b031de7dc/analysis/1439469300/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcf-9520-4da9-adb5-4c3f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:23.000Z",
"modified": "2015-08-25T13:38:23.000Z",
"description": "Sakula malware - Xchecked via VT: 5382efbecccf8227c7adc443e229542f",
"pattern": "[file:hashes.SHA256 = '761922fa7c45e52dea46db38047636a75e31139830b2805093d6e062a33da282']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fcf-0748-41e4-8fd3-409b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:23.000Z",
"modified": "2015-08-25T13:38:23.000Z",
"description": "Sakula malware - Xchecked via VT: 5382efbecccf8227c7adc443e229542f",
"pattern": "[file:hashes.SHA1 = '87537eecb764bcc4b367eec03f929f3fb88b7f51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fcf-8a18-4ef5-89f3-4263950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:23.000Z",
"modified": "2015-08-25T13:38:23.000Z",
"first_observed": "2015-08-25T13:38:23Z",
"last_observed": "2015-08-25T13:38:23Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fcf-8a18-4ef5-89f3-4263950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fcf-8a18-4ef5-89f3-4263950d210b",
"value": "https://www.virustotal.com/file/761922fa7c45e52dea46db38047636a75e31139830b2805093d6e062a33da282/analysis/1439469292/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd0-9bf0-4219-ba0e-4346950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:24.000Z",
"modified": "2015-08-25T13:38:24.000Z",
"description": "Sakula malware - Xchecked via VT: 4e239b731a0f1dbf26b503d5e2a81514",
"pattern": "[file:hashes.SHA256 = '11deda004de4cb1a69215da8728adad5d3db60840340e98448bd1a60f3362d25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd0-1740-4f06-b2c1-458e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:24.000Z",
"modified": "2015-08-25T13:38:24.000Z",
"description": "Sakula malware - Xchecked via VT: 4e239b731a0f1dbf26b503d5e2a81514",
"pattern": "[file:hashes.SHA1 = '014e7adb9db94633b92b21f8ef60edcb25eaa2ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd0-a4ac-42c7-b39e-41d0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:24.000Z",
"modified": "2015-08-25T13:38:24.000Z",
"first_observed": "2015-08-25T13:38:24Z",
"last_observed": "2015-08-25T13:38:24Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd0-a4ac-42c7-b39e-41d0950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd0-a4ac-42c7-b39e-41d0950d210b",
"value": "https://www.virustotal.com/file/11deda004de4cb1a69215da8728adad5d3db60840340e98448bd1a60f3362d25/analysis/1439469260/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd0-2720-4c59-b381-43d3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:24.000Z",
"modified": "2015-08-25T13:38:24.000Z",
"description": "Sakula malware - Xchecked via VT: 4dc526eb9d04f022df9fa2518854bbb4",
"pattern": "[file:hashes.SHA256 = '6c861195cd2735686cc74abade4712e9469f9c933066d17b1658c51e82efeb78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd0-c97c-46c2-9b1b-47f9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:24.000Z",
"modified": "2015-08-25T13:38:24.000Z",
"description": "Sakula malware - Xchecked via VT: 4dc526eb9d04f022df9fa2518854bbb4",
"pattern": "[file:hashes.SHA1 = '95e29fd832199a38d4ce8311d51776b420938fb8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd0-1120-4ad2-a190-4050950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:24.000Z",
"modified": "2015-08-25T13:38:24.000Z",
"first_observed": "2015-08-25T13:38:24Z",
"last_observed": "2015-08-25T13:38:24Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd0-1120-4ad2-a190-4050950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd0-1120-4ad2-a190-4050950d210b",
"value": "https://www.virustotal.com/file/6c861195cd2735686cc74abade4712e9469f9c933066d17b1658c51e82efeb78/analysis/1439469254/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd1-bc7c-4ef3-a01d-4095950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:25.000Z",
"modified": "2015-08-25T13:38:25.000Z",
"description": "Sakula malware - Xchecked via VT: 4c15781cb47d4a7604788e188fc722de",
"pattern": "[file:hashes.SHA256 = '94363a03da9f533e3914eb9b6c57cce0b146874cd036b591118b1e3bcc0175bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd1-ac38-4c87-abe2-4cd2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:25.000Z",
"modified": "2015-08-25T13:38:25.000Z",
"description": "Sakula malware - Xchecked via VT: 4c15781cb47d4a7604788e188fc722de",
"pattern": "[file:hashes.SHA1 = 'abe32ab0dd9e46a39fa95612cd50fc4742ce52fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd1-2eb4-463a-8421-4e98950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:25.000Z",
"modified": "2015-08-25T13:38:25.000Z",
"first_observed": "2015-08-25T13:38:25Z",
"last_observed": "2015-08-25T13:38:25Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd1-2eb4-463a-8421-4e98950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd1-2eb4-463a-8421-4e98950d210b",
"value": "https://www.virustotal.com/file/94363a03da9f533e3914eb9b6c57cce0b146874cd036b591118b1e3bcc0175bc/analysis/1439469232/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd1-02fc-4fe7-99cd-4712950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:25.000Z",
"modified": "2015-08-25T13:38:25.000Z",
"description": "Sakula malware - Xchecked via VT: 4a6f45ff62e9ab9fe48f1b91b31d110e",
"pattern": "[file:hashes.SHA256 = '20ad3bcec78ae574c5553401b1ee16835ee9119abdd687516b5925bcfc96adca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd1-e314-42b0-b0ff-43c4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:25.000Z",
"modified": "2015-08-25T13:38:25.000Z",
"description": "Sakula malware - Xchecked via VT: 4a6f45ff62e9ab9fe48f1b91b31d110e",
"pattern": "[file:hashes.SHA1 = '0a18f1a8222ff25a755526548ef40e0ed278a495']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd1-fa64-4ce5-a79b-413b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:25.000Z",
"modified": "2015-08-25T13:38:25.000Z",
"first_observed": "2015-08-25T13:38:25Z",
"last_observed": "2015-08-25T13:38:25Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd1-fa64-4ce5-a79b-413b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd1-fa64-4ce5-a79b-413b950d210b",
"value": "https://www.virustotal.com/file/20ad3bcec78ae574c5553401b1ee16835ee9119abdd687516b5925bcfc96adca/analysis/1439469221/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd2-3e24-4536-aeba-4b47950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:26.000Z",
"modified": "2015-08-25T13:38:26.000Z",
"description": "Sakula malware - Xchecked via VT: 45468c2450e6451cf63d2b9b2b70c632",
"pattern": "[file:hashes.SHA256 = 'd5370825ec6c1246d420b437b67d4453aa99272e7b190d27b9536c3ab5352ad1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd2-ecb4-46d1-8d51-46db950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:26.000Z",
"modified": "2015-08-25T13:38:26.000Z",
"description": "Sakula malware - Xchecked via VT: 45468c2450e6451cf63d2b9b2b70c632",
"pattern": "[file:hashes.SHA1 = '663a95fae1903d4615896e07d72ad15ac080abb6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd2-9130-4f07-a761-41d6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:26.000Z",
"modified": "2015-08-25T13:38:26.000Z",
"first_observed": "2015-08-25T13:38:26Z",
"last_observed": "2015-08-25T13:38:26Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd2-9130-4f07-a761-41d6950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd2-9130-4f07-a761-41d6950d210b",
"value": "https://www.virustotal.com/file/d5370825ec6c1246d420b437b67d4453aa99272e7b190d27b9536c3ab5352ad1/analysis/1438180021/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd2-406c-4325-b9b1-4df0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:26.000Z",
"modified": "2015-08-25T13:38:26.000Z",
"description": "Sakula malware - Xchecked via VT: 442f10bfc2a02831b6a733d6c01b0c59",
"pattern": "[file:hashes.SHA256 = 'fca598c7b18dd16a56e382a4262df4c1879109acd2d897bc72e7513550ac7db1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd2-21f4-43a4-9568-4cf2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:26.000Z",
"modified": "2015-08-25T13:38:26.000Z",
"description": "Sakula malware - Xchecked via VT: 442f10bfc2a02831b6a733d6c01b0c59",
"pattern": "[file:hashes.SHA1 = '7b641e2df61f6794bd4b21ce2bf24776438e0b2b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd3-2cb0-46e6-9484-4695950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:27.000Z",
"modified": "2015-08-25T13:38:27.000Z",
"first_observed": "2015-08-25T13:38:27Z",
"last_observed": "2015-08-25T13:38:27Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd3-2cb0-46e6-9484-4695950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd3-2cb0-46e6-9484-4695950d210b",
"value": "https://www.virustotal.com/file/fca598c7b18dd16a56e382a4262df4c1879109acd2d897bc72e7513550ac7db1/analysis/1439469181/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd3-4dbc-4c8c-afdf-4799950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:27.000Z",
"modified": "2015-08-25T13:38:27.000Z",
"description": "Sakula malware - Xchecked via VT: 4315274a5eda74cd81a5ec44980876e8",
"pattern": "[file:hashes.SHA256 = '7831cef81e160ffdc6ca14155433f8044b29f235f2c5a2123d6389f6471c7e77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd3-dc08-4e1a-ba68-4b0a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:27.000Z",
"modified": "2015-08-25T13:38:27.000Z",
"description": "Sakula malware - Xchecked via VT: 4315274a5eda74cd81a5ec44980876e8",
"pattern": "[file:hashes.SHA1 = '4ea844bfa9d486cbeb065e83e0f835a06ab3cc6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd3-07d8-495e-a65a-453f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:27.000Z",
"modified": "2015-08-25T13:38:27.000Z",
"first_observed": "2015-08-25T13:38:27Z",
"last_observed": "2015-08-25T13:38:27Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd3-07d8-495e-a65a-453f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd3-07d8-495e-a65a-453f950d210b",
"value": "https://www.virustotal.com/file/7831cef81e160ffdc6ca14155433f8044b29f235f2c5a2123d6389f6471c7e77/analysis/1439469173/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd3-b018-4a30-916a-4b06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:27.000Z",
"modified": "2015-08-25T13:38:27.000Z",
"description": "Sakula malware - Xchecked via VT: 42d3e38db9f1d26f82ef47f0a0ec0499",
"pattern": "[file:hashes.SHA256 = '1dbda372f4da9f5b8cfaba99e690b731795ca461c278a7cc38ebf56751052dbf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd3-3104-41eb-ad34-4f01950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:27.000Z",
"modified": "2015-08-25T13:38:27.000Z",
"description": "Sakula malware - Xchecked via VT: 42d3e38db9f1d26f82ef47f0a0ec0499",
"pattern": "[file:hashes.SHA1 = 'f327e89a2a25415b1f2edd7b53443ae7ab9ba3a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd4-3864-4cfb-aa26-4f84950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:28.000Z",
"modified": "2015-08-25T13:38:28.000Z",
"first_observed": "2015-08-25T13:38:28Z",
"last_observed": "2015-08-25T13:38:28Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd4-3864-4cfb-aa26-4f84950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd4-3864-4cfb-aa26-4f84950d210b",
"value": "https://www.virustotal.com/file/1dbda372f4da9f5b8cfaba99e690b731795ca461c278a7cc38ebf56751052dbf/analysis/1439469172/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd4-d388-4e19-b560-4444950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:28.000Z",
"modified": "2015-08-25T13:38:28.000Z",
"description": "Sakula malware - Xchecked via VT: 4297e98e6d7ea326dee3d13e53aa8d70",
"pattern": "[file:hashes.SHA256 = '34539aa85fcdbd8169a9648c63b7cbc74f4bc0ca7881fd2e03ef7fe1281d0c1c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd4-796c-4b73-b477-49a6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:28.000Z",
"modified": "2015-08-25T13:38:28.000Z",
"description": "Sakula malware - Xchecked via VT: 4297e98e6d7ea326dee3d13e53aa8d70",
"pattern": "[file:hashes.SHA1 = '58048d8322e3648d6a3ece2ec9038d438c687710']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd4-3344-4be8-ab5c-4cd5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:28.000Z",
"modified": "2015-08-25T13:38:28.000Z",
"first_observed": "2015-08-25T13:38:28Z",
"last_observed": "2015-08-25T13:38:28Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd4-3344-4be8-ab5c-4cd5950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd4-3344-4be8-ab5c-4cd5950d210b",
"value": "https://www.virustotal.com/file/34539aa85fcdbd8169a9648c63b7cbc74f4bc0ca7881fd2e03ef7fe1281d0c1c/analysis/1439469157/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd4-e094-4747-98ed-463e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:28.000Z",
"modified": "2015-08-25T13:38:28.000Z",
"description": "Sakula malware - Xchecked via VT: 419ce8f53d5585abd144e9e76113639d",
"pattern": "[file:hashes.SHA256 = '7bdb34eb7d7506e813e26277937e9b838a96612789392381fa34d6be0dcf1f8b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd4-bbfc-41bd-9281-44fa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:28.000Z",
"modified": "2015-08-25T13:38:28.000Z",
"description": "Sakula malware - Xchecked via VT: 419ce8f53d5585abd144e9e76113639d",
"pattern": "[file:hashes.SHA1 = '511695343ef1f8e8e902a85b7dab640bed9acfdc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd5-5504-4028-86ad-49cb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:29.000Z",
"modified": "2015-08-25T13:38:29.000Z",
"first_observed": "2015-08-25T13:38:29Z",
"last_observed": "2015-08-25T13:38:29Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd5-5504-4028-86ad-49cb950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd5-5504-4028-86ad-49cb950d210b",
"value": "https://www.virustotal.com/file/7bdb34eb7d7506e813e26277937e9b838a96612789392381fa34d6be0dcf1f8b/analysis/1439469154/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd5-f5a0-42c8-9015-4a4c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:29.000Z",
"modified": "2015-08-25T13:38:29.000Z",
"description": "Sakula malware - Xchecked via VT: 41093a982526c6dc7dbcf4f63814d428",
"pattern": "[file:hashes.SHA256 = '4918a76579bcd24304713ea5568f93a8a978a079c0d8d1d2bb1f9933046a0da8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd5-a860-4050-a3dc-4a3f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:29.000Z",
"modified": "2015-08-25T13:38:29.000Z",
"description": "Sakula malware - Xchecked via VT: 41093a982526c6dc7dbcf4f63814d428",
"pattern": "[file:hashes.SHA1 = '85fc68bbb79854bcd59fff566328a9856897d0d9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd5-ae1c-42d5-9d30-4c5e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:29.000Z",
"modified": "2015-08-25T13:38:29.000Z",
"first_observed": "2015-08-25T13:38:29Z",
"last_observed": "2015-08-25T13:38:29Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd5-ae1c-42d5-9d30-4c5e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd5-ae1c-42d5-9d30-4c5e950d210b",
"value": "https://www.virustotal.com/file/4918a76579bcd24304713ea5568f93a8a978a079c0d8d1d2bb1f9933046a0da8/analysis/1439469151/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd5-2070-48a8-b2d1-42c4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:29.000Z",
"modified": "2015-08-25T13:38:29.000Z",
"description": "Sakula malware - Xchecked via VT: 3fc6405499c25964dfe5d37ee0613a59",
"pattern": "[file:hashes.SHA256 = '99646a749077f13a6314ea798aedc06f266951e0db7be337882f962e0a39a7b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd6-6a58-4f3a-a037-4ecd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:30.000Z",
"modified": "2015-08-25T13:38:30.000Z",
"description": "Sakula malware - Xchecked via VT: 3fc6405499c25964dfe5d37ee0613a59",
"pattern": "[file:hashes.SHA1 = 'abe571368e3ff58edf3a5d404a36cfaf6feec6b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd6-5e20-4a09-b1d6-40de950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:30.000Z",
"modified": "2015-08-25T13:38:30.000Z",
"first_observed": "2015-08-25T13:38:30Z",
"last_observed": "2015-08-25T13:38:30Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd6-5e20-4a09-b1d6-40de950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd6-5e20-4a09-b1d6-40de950d210b",
"value": "https://www.virustotal.com/file/99646a749077f13a6314ea798aedc06f266951e0db7be337882f962e0a39a7b7/analysis/1439469141/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd6-6258-4c66-8443-4904950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:30.000Z",
"modified": "2015-08-25T13:38:30.000Z",
"description": "Sakula malware - Xchecked via VT: 3e0016d728b979b7f8fd77a2738047eb",
"pattern": "[file:hashes.SHA256 = '57bd5d72bdf493f4642129724499af47a6b9898398127472272dfba4cf007cb3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd6-558c-4880-b1f4-4f3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:30.000Z",
"modified": "2015-08-25T13:38:30.000Z",
"description": "Sakula malware - Xchecked via VT: 3e0016d728b979b7f8fd77a2738047eb",
"pattern": "[file:hashes.SHA1 = 'fa8fc8996a1684502f159429fe6f164c3633314a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd6-9b04-4516-9af9-4c71950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:30.000Z",
"modified": "2015-08-25T13:38:30.000Z",
"first_observed": "2015-08-25T13:38:30Z",
"last_observed": "2015-08-25T13:38:30Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd6-9b04-4516-9af9-4c71950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd6-9b04-4516-9af9-4c71950d210b",
"value": "https://www.virustotal.com/file/57bd5d72bdf493f4642129724499af47a6b9898398127472272dfba4cf007cb3/analysis/1439469125/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd6-ee20-459c-9b02-4196950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:30.000Z",
"modified": "2015-08-25T13:38:30.000Z",
"description": "Sakula malware - Xchecked via VT: 3ce08f804c5986856a85e16a4e211334",
"pattern": "[file:hashes.SHA256 = '21c059c04fd1b8c63cc11c40ed6b788c869826413b0804bf052dea1e875a73ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd7-781c-46f2-9b40-4e3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:31.000Z",
"modified": "2015-08-25T13:38:31.000Z",
"description": "Sakula malware - Xchecked via VT: 3ce08f804c5986856a85e16a4e211334",
"pattern": "[file:hashes.SHA1 = '377e67693759a42371fee5bb5631a6f1e6167118']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd7-4820-45a4-9501-4084950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:31.000Z",
"modified": "2015-08-25T13:38:31.000Z",
"first_observed": "2015-08-25T13:38:31Z",
"last_observed": "2015-08-25T13:38:31Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd7-4820-45a4-9501-4084950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd7-4820-45a4-9501-4084950d210b",
"value": "https://www.virustotal.com/file/21c059c04fd1b8c63cc11c40ed6b788c869826413b0804bf052dea1e875a73ff/analysis/1439469115/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd7-1180-4b1f-a008-4494950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:31.000Z",
"modified": "2015-08-25T13:38:31.000Z",
"description": "Sakula malware - Xchecked via VT: 3cd598e8e2fd033134d8784251eff59e",
"pattern": "[file:hashes.SHA256 = '48b3098caee97b0a177905a8832de8a259c1f9edd89c80c3e1461d22e4d72696']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd7-ac10-4d21-9fa1-4de2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:31.000Z",
"modified": "2015-08-25T13:38:31.000Z",
"description": "Sakula malware - Xchecked via VT: 3cd598e8e2fd033134d8784251eff59e",
"pattern": "[file:hashes.SHA1 = 'b5bb1cb428aed1a64de8c96db05756bb6013a790']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd7-d2b8-42f8-9904-43ae950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:31.000Z",
"modified": "2015-08-25T13:38:31.000Z",
"first_observed": "2015-08-25T13:38:31Z",
"last_observed": "2015-08-25T13:38:31Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd7-d2b8-42f8-9904-43ae950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd7-d2b8-42f8-9904-43ae950d210b",
"value": "https://www.virustotal.com/file/48b3098caee97b0a177905a8832de8a259c1f9edd89c80c3e1461d22e4d72696/analysis/1439469114/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd7-c660-42b8-8219-4689950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:31.000Z",
"modified": "2015-08-25T13:38:31.000Z",
"description": "Sakula malware - Xchecked via VT: 3b70ab484857b6e96e62e239c937dea6",
"pattern": "[file:hashes.SHA256 = '19c96e06c7e5f7c19611b44ff28293a1a73b32c1a7f57149c51974ee017d3daa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd8-5b30-4a58-8cf8-4907950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:32.000Z",
"modified": "2015-08-25T13:38:32.000Z",
"description": "Sakula malware - Xchecked via VT: 3b70ab484857b6e96e62e239c937dea6",
"pattern": "[file:hashes.SHA1 = 'fae910f1d2d2797beea25d0ec4f5ce9a3fad93d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd8-8074-427c-84ab-4b64950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:32.000Z",
"modified": "2015-08-25T13:38:32.000Z",
"first_observed": "2015-08-25T13:38:32Z",
"last_observed": "2015-08-25T13:38:32Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd8-8074-427c-84ab-4b64950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd8-8074-427c-84ab-4b64950d210b",
"value": "https://www.virustotal.com/file/19c96e06c7e5f7c19611b44ff28293a1a73b32c1a7f57149c51974ee017d3daa/analysis/1439469106/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd8-0cac-4afd-a237-4c88950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:32.000Z",
"modified": "2015-08-25T13:38:32.000Z",
"description": "Sakula malware - Xchecked via VT: 391c01bdbeb5975c85cee0099adb132c",
"pattern": "[file:hashes.SHA256 = 'bb67752e257791dff26c0229dcb9a28a93ed2b12713b2f53902bff9ab1c17131']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd8-bc20-429b-a1ff-4616950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:32.000Z",
"modified": "2015-08-25T13:38:32.000Z",
"description": "Sakula malware - Xchecked via VT: 391c01bdbeb5975c85cee0099adb132c",
"pattern": "[file:hashes.SHA1 = '1e3bb25b24dc69d5a88aceeecee0d8a9af39927e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd8-cd0c-4f0c-b6e0-4da2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:32.000Z",
"modified": "2015-08-25T13:38:32.000Z",
"first_observed": "2015-08-25T13:38:32Z",
"last_observed": "2015-08-25T13:38:32Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd8-cd0c-4f0c-b6e0-4da2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd8-cd0c-4f0c-b6e0-4da2950d210b",
"value": "https://www.virustotal.com/file/bb67752e257791dff26c0229dcb9a28a93ed2b12713b2f53902bff9ab1c17131/analysis/1439469085/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd9-6264-4ace-ba34-4149950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:33.000Z",
"modified": "2015-08-25T13:38:33.000Z",
"description": "Sakula malware - Xchecked via VT: 388a7ae6963fd4da3ec0a4371738f4e0",
"pattern": "[file:hashes.SHA256 = '344222f5b16aa3d6dba53d46fd9264ed9fd1f3cc5800ae3a33fea675e41ea093']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd9-f4c4-4bba-85d2-4601950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:33.000Z",
"modified": "2015-08-25T13:38:33.000Z",
"description": "Sakula malware - Xchecked via VT: 388a7ae6963fd4da3ec0a4371738f4e0",
"pattern": "[file:hashes.SHA1 = 'f1a0ff10024d817339030c40e7762b501f4edda8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd9-b154-4260-af37-4fd9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:33.000Z",
"modified": "2015-08-25T13:38:33.000Z",
"first_observed": "2015-08-25T13:38:33Z",
"last_observed": "2015-08-25T13:38:33Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd9-b154-4260-af37-4fd9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd9-b154-4260-af37-4fd9950d210b",
"value": "https://www.virustotal.com/file/344222f5b16aa3d6dba53d46fd9264ed9fd1f3cc5800ae3a33fea675e41ea093/analysis/1439469080/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd9-a77c-49e0-a640-4cdf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:33.000Z",
"modified": "2015-08-25T13:38:33.000Z",
"description": "Sakula malware - Xchecked via VT: 379d4a0f24bb56569d6139946b7ccf88",
"pattern": "[file:hashes.SHA256 = '9b5bde2629060682ff46566eb651024d438b7cb6110aa870f0e42bb77a14cc1d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fd9-6a0c-498d-b375-4d52950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:33.000Z",
"modified": "2015-08-25T13:38:33.000Z",
"description": "Sakula malware - Xchecked via VT: 379d4a0f24bb56569d6139946b7ccf88",
"pattern": "[file:hashes.SHA1 = '78446a956e20ecaca21f0d9df59fd19f4087588c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fd9-1958-4c4e-b6b0-4c84950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:33.000Z",
"modified": "2015-08-25T13:38:33.000Z",
"first_observed": "2015-08-25T13:38:33Z",
"last_observed": "2015-08-25T13:38:33Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fd9-1958-4c4e-b6b0-4c84950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fd9-1958-4c4e-b6b0-4c84950d210b",
"value": "https://www.virustotal.com/file/9b5bde2629060682ff46566eb651024d438b7cb6110aa870f0e42bb77a14cc1d/analysis/1439469071/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fda-4138-4f21-a13f-495e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:34.000Z",
"modified": "2015-08-25T13:38:34.000Z",
"description": "Sakula malware - Xchecked via VT: 3759833848a8cd424bf973d66e983e91",
"pattern": "[file:hashes.SHA256 = 'c9456c1ae1804f9e6319ad4b7074113d4bfd0ded93843be691713fbb31f89beb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fda-9d5c-447e-8d44-43de950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:34.000Z",
"modified": "2015-08-25T13:38:34.000Z",
"description": "Sakula malware - Xchecked via VT: 3759833848a8cd424bf973d66e983e91",
"pattern": "[file:hashes.SHA1 = 'd7974cbdae58b3fd72db335d53793713ec921c07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fda-e018-4b84-83e9-4d3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:34.000Z",
"modified": "2015-08-25T13:38:34.000Z",
"first_observed": "2015-08-25T13:38:34Z",
"last_observed": "2015-08-25T13:38:34Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fda-e018-4b84-83e9-4d3c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fda-e018-4b84-83e9-4d3c950d210b",
"value": "https://www.virustotal.com/file/c9456c1ae1804f9e6319ad4b7074113d4bfd0ded93843be691713fbb31f89beb/analysis/1439796376/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fda-e6a8-4555-911f-4cfd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:34.000Z",
"modified": "2015-08-25T13:38:34.000Z",
"description": "Sakula malware - Xchecked via VT: 360273db9ac67e1531257323324d9f62",
"pattern": "[file:hashes.SHA256 = '64651d5717083f6f5201e9fdd772ef1398a84ae9fec76d86bddf74dee3b55379']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fda-a60c-4b78-b97b-43d1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:34.000Z",
"modified": "2015-08-25T13:38:34.000Z",
"description": "Sakula malware - Xchecked via VT: 360273db9ac67e1531257323324d9f62",
"pattern": "[file:hashes.SHA1 = '725988a974d9df7284eb54a87b8b649056e6e947']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fda-7f10-4e85-bf1b-4b96950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:34.000Z",
"modified": "2015-08-25T13:38:34.000Z",
"first_observed": "2015-08-25T13:38:34Z",
"last_observed": "2015-08-25T13:38:34Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fda-7f10-4e85-bf1b-4b96950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fda-7f10-4e85-bf1b-4b96950d210b",
"value": "https://www.virustotal.com/file/64651d5717083f6f5201e9fdd772ef1398a84ae9fec76d86bddf74dee3b55379/analysis/1439469051/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdb-b2fc-4678-a284-465f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:35.000Z",
"modified": "2015-08-25T13:38:35.000Z",
"description": "Sakula malware - Xchecked via VT: 352411e5288b2c6ea5571a2838c8f7f3",
"pattern": "[file:hashes.SHA256 = '3bb1f250896522705d1a0edc1e9f9990485c360255b2eb3a1d902854637607d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdb-02a8-4aaa-8fa8-43aa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:35.000Z",
"modified": "2015-08-25T13:38:35.000Z",
"description": "Sakula malware - Xchecked via VT: 352411e5288b2c6ea5571a2838c8f7f3",
"pattern": "[file:hashes.SHA1 = '460d939d4616e74e4ee1a83d1bf53bea04164ec7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fdb-d374-4737-a802-4fd4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:35.000Z",
"modified": "2015-08-25T13:38:35.000Z",
"first_observed": "2015-08-25T13:38:35Z",
"last_observed": "2015-08-25T13:38:35Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fdb-d374-4737-a802-4fd4950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fdb-d374-4737-a802-4fd4950d210b",
"value": "https://www.virustotal.com/file/3bb1f250896522705d1a0edc1e9f9990485c360255b2eb3a1d902854637607d3/analysis/1439469041/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdb-944c-4c55-a3f5-4824950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:35.000Z",
"modified": "2015-08-25T13:38:35.000Z",
"description": "Sakula malware - Xchecked via VT: 34db8fb5635c7f0f76a07808b35c8e55",
"pattern": "[file:hashes.SHA256 = '93e20205467f09995a6cb5188cc8c622699d55e43a13962e658986b271091da5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdb-cd7c-416d-b8e2-4eaa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:35.000Z",
"modified": "2015-08-25T13:38:35.000Z",
"description": "Sakula malware - Xchecked via VT: 34db8fb5635c7f0f76a07808b35c8e55",
"pattern": "[file:hashes.SHA1 = 'a08fbc3e537a94c1662be80d3970fd137a772c62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fdc-6340-4ee2-8375-4f11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:36.000Z",
"modified": "2015-08-25T13:38:36.000Z",
"first_observed": "2015-08-25T13:38:36Z",
"last_observed": "2015-08-25T13:38:36Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fdc-6340-4ee2-8375-4f11950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fdc-6340-4ee2-8375-4f11950d210b",
"value": "https://www.virustotal.com/file/93e20205467f09995a6cb5188cc8c622699d55e43a13962e658986b271091da5/analysis/1439469040/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdc-bbcc-455b-8317-4418950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:36.000Z",
"modified": "2015-08-25T13:38:36.000Z",
"description": "Sakula malware - Xchecked via VT: 2ffea14b33b78f2e2c92aead708a487a",
"pattern": "[file:hashes.SHA256 = '995658ff14b3ac76419d75942d182a8bd26e8b485fb2d7c584d37192e6b7ca6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdc-68d4-4dda-9030-4d50950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:36.000Z",
"modified": "2015-08-25T13:38:36.000Z",
"description": "Sakula malware - Xchecked via VT: 2ffea14b33b78f2e2c92aead708a487a",
"pattern": "[file:hashes.SHA1 = '043069bd51cb022722d0670c111e716a6e59142a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fdc-2c28-4848-97fe-4d83950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:36.000Z",
"modified": "2015-08-25T13:38:36.000Z",
"first_observed": "2015-08-25T13:38:36Z",
"last_observed": "2015-08-25T13:38:36Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fdc-2c28-4848-97fe-4d83950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fdc-2c28-4848-97fe-4d83950d210b",
"value": "https://www.virustotal.com/file/995658ff14b3ac76419d75942d182a8bd26e8b485fb2d7c584d37192e6b7ca6e/analysis/1439793607/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdc-6da8-483d-b3be-400e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:36.000Z",
"modified": "2015-08-25T13:38:36.000Z",
"description": "Sakula malware - Xchecked via VT: 2d619b2c648d095fa2fb2e0864dbc7c9",
"pattern": "[file:hashes.SHA256 = 'b40fb5417110a5fa845ca8a18c789da9ae76e4ca3a7a1006fccaf61549affb04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdc-6d6c-4a42-9bc9-4399950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:36.000Z",
"modified": "2015-08-25T13:38:36.000Z",
"description": "Sakula malware - Xchecked via VT: 2d619b2c648d095fa2fb2e0864dbc7c9",
"pattern": "[file:hashes.SHA1 = 'dbbc8391cc55b1af3f6d8c83a900b9902e44de3e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fdd-9868-4577-a361-46ac950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:37.000Z",
"modified": "2015-08-25T13:38:37.000Z",
"first_observed": "2015-08-25T13:38:37Z",
"last_observed": "2015-08-25T13:38:37Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fdd-9868-4577-a361-46ac950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fdd-9868-4577-a361-46ac950d210b",
"value": "https://www.virustotal.com/file/b40fb5417110a5fa845ca8a18c789da9ae76e4ca3a7a1006fccaf61549affb04/analysis/1439468989/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdd-dbf4-4337-a62e-4aa5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:37.000Z",
"modified": "2015-08-25T13:38:37.000Z",
"description": "Sakula malware - Xchecked via VT: 28771cb939b989e2ab898408ccaf5504",
"pattern": "[file:hashes.SHA256 = '9c320f1de18921854ad375f5b949f8e825f6d6c4b2805b8b7a09e0d7d73c5ed5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdd-0010-4986-806e-471a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:37.000Z",
"modified": "2015-08-25T13:38:37.000Z",
"description": "Sakula malware - Xchecked via VT: 28771cb939b989e2ab898408ccaf5504",
"pattern": "[file:hashes.SHA1 = '266eac16a3fd721ac7b99c238437e59f0e0ccb14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fdd-aaf4-469b-9b38-4794950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:37.000Z",
"modified": "2015-08-25T13:38:37.000Z",
"first_observed": "2015-08-25T13:38:37Z",
"last_observed": "2015-08-25T13:38:37Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fdd-aaf4-469b-9b38-4794950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fdd-aaf4-469b-9b38-4794950d210b",
"value": "https://www.virustotal.com/file/9c320f1de18921854ad375f5b949f8e825f6d6c4b2805b8b7a09e0d7d73c5ed5/analysis/1439468950/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdd-a450-4465-ac31-4ce8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:37.000Z",
"modified": "2015-08-25T13:38:37.000Z",
"description": "Sakula malware - Xchecked via VT: 259ea5f6f3f1209de99d6eb27a301cb7",
"pattern": "[file:hashes.SHA256 = '8239d115f3453c5ff7cdafc7878c9842e14e768a38c00de2f8f45e18659ca951']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdd-05e0-4203-b600-4155950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:37.000Z",
"modified": "2015-08-25T13:38:37.000Z",
"description": "Sakula malware - Xchecked via VT: 259ea5f6f3f1209de99d6eb27a301cb7",
"pattern": "[file:hashes.SHA1 = 'ceb0574487e52ddf6a7963e7647f9ad74a42e339']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fde-06d8-4844-b701-478a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:38.000Z",
"modified": "2015-08-25T13:38:38.000Z",
"first_observed": "2015-08-25T13:38:38Z",
"last_observed": "2015-08-25T13:38:38Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fde-06d8-4844-b701-478a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fde-06d8-4844-b701-478a950d210b",
"value": "https://www.virustotal.com/file/8239d115f3453c5ff7cdafc7878c9842e14e768a38c00de2f8f45e18659ca951/analysis/1439468934/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fde-2f7c-44a6-8f53-404b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:38.000Z",
"modified": "2015-08-25T13:38:38.000Z",
"description": "Sakula malware - Xchecked via VT: 2567d2bbcce5c8e7dcabcd2c1db2a98a",
"pattern": "[file:hashes.SHA256 = 'a3d0b12dffc0dff5c17a5857e8c880e3d2d1912e0cf17038ddb52c1ab8a8739e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fde-8df8-4d20-9caa-4f07950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:38.000Z",
"modified": "2015-08-25T13:38:38.000Z",
"description": "Sakula malware - Xchecked via VT: 2567d2bbcce5c8e7dcabcd2c1db2a98a",
"pattern": "[file:hashes.SHA1 = '27883b17c8b2e70a602036f21ac72b2045277a5f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fde-90a8-4bdc-b521-49a1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:38.000Z",
"modified": "2015-08-25T13:38:38.000Z",
"first_observed": "2015-08-25T13:38:38Z",
"last_observed": "2015-08-25T13:38:38Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fde-90a8-4bdc-b521-49a1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fde-90a8-4bdc-b521-49a1950d210b",
"value": "https://www.virustotal.com/file/a3d0b12dffc0dff5c17a5857e8c880e3d2d1912e0cf17038ddb52c1ab8a8739e/analysis/1439468933/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fde-3a9c-4693-b680-4e76950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:38.000Z",
"modified": "2015-08-25T13:38:38.000Z",
"description": "Sakula malware - Xchecked via VT: 230d4212692c867219aba739c57f0792",
"pattern": "[file:hashes.SHA256 = '6b2713b21081d76e57726b94151bc204eff18cb29d893556f83156d02591f348']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fde-1228-4a4f-8587-4d3b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:38.000Z",
"modified": "2015-08-25T13:38:38.000Z",
"description": "Sakula malware - Xchecked via VT: 230d4212692c867219aba739c57f0792",
"pattern": "[file:hashes.SHA1 = '8ec8588cecb9be291c6cad5663a4a0b6f3a8bbf5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fdf-36a4-46de-8aa6-4cd8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:39.000Z",
"modified": "2015-08-25T13:38:39.000Z",
"first_observed": "2015-08-25T13:38:39Z",
"last_observed": "2015-08-25T13:38:39Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fdf-36a4-46de-8aa6-4cd8950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fdf-36a4-46de-8aa6-4cd8950d210b",
"value": "https://www.virustotal.com/file/6b2713b21081d76e57726b94151bc204eff18cb29d893556f83156d02591f348/analysis/1439468914/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdf-d73c-41ba-9c10-4e2b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:39.000Z",
"modified": "2015-08-25T13:38:39.000Z",
"description": "Sakula malware - Xchecked via VT: 205c9b07c449a9c270aabe923123c0c1",
"pattern": "[file:hashes.SHA256 = '9539f130985f3a52d10873038b92ec7b65116562e931c734bda68ec1cd7af677']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdf-6f18-406a-ad8f-487e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:39.000Z",
"modified": "2015-08-25T13:38:39.000Z",
"description": "Sakula malware - Xchecked via VT: 205c9b07c449a9c270aabe923123c0c1",
"pattern": "[file:hashes.SHA1 = '7d9b9c1c6bf6184650923baa05821ab9199e67c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fdf-d900-4494-8964-4628950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:39.000Z",
"modified": "2015-08-25T13:38:39.000Z",
"first_observed": "2015-08-25T13:38:39Z",
"last_observed": "2015-08-25T13:38:39Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fdf-d900-4494-8964-4628950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fdf-d900-4494-8964-4628950d210b",
"value": "https://www.virustotal.com/file/9539f130985f3a52d10873038b92ec7b65116562e931c734bda68ec1cd7af677/analysis/1439468888/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fdf-1010-4ede-96e0-48fb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:39.000Z",
"modified": "2015-08-25T13:38:39.000Z",
"description": "Sakula malware - Xchecked via VT: 1de5db7cef81645f3f0e7aabdb7551a8",
"pattern": "[file:hashes.SHA256 = '347d0fa1eb1871a42d2a23c30ed871b001d1e8eacdb098a4ff5b561a29a7c368']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe0-f308-4ad4-bf5d-4b2f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:40.000Z",
"modified": "2015-08-25T13:38:40.000Z",
"description": "Sakula malware - Xchecked via VT: 1de5db7cef81645f3f0e7aabdb7551a8",
"pattern": "[file:hashes.SHA1 = '03f005cc40cb121f39af052ba3019c469b69b1fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe0-c488-48fc-9d5e-4cad950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:40.000Z",
"modified": "2015-08-25T13:38:40.000Z",
"first_observed": "2015-08-25T13:38:40Z",
"last_observed": "2015-08-25T13:38:40Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe0-c488-48fc-9d5e-4cad950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe0-c488-48fc-9d5e-4cad950d210b",
"value": "https://www.virustotal.com/file/347d0fa1eb1871a42d2a23c30ed871b001d1e8eacdb098a4ff5b561a29a7c368/analysis/1439468874/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe0-7fc8-46e9-972f-45f2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:40.000Z",
"modified": "2015-08-25T13:38:40.000Z",
"description": "Sakula malware - Xchecked via VT: 1affacbe9e5889d2e1b7045a828c7252",
"pattern": "[file:hashes.SHA256 = '4574b78cc8b6ca375265971bcfadc7d0f9f5d075e7be9988a990955f8227d7b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe0-baf8-43b4-bbed-477f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:40.000Z",
"modified": "2015-08-25T13:38:40.000Z",
"description": "Sakula malware - Xchecked via VT: 1affacbe9e5889d2e1b7045a828c7252",
"pattern": "[file:hashes.SHA1 = '8dd9eea19fcf0d16a91f828fdbf125be48c925e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe0-2ff4-4249-8bbc-4c60950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:40.000Z",
"modified": "2015-08-25T13:38:40.000Z",
"first_observed": "2015-08-25T13:38:40Z",
"last_observed": "2015-08-25T13:38:40Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe0-2ff4-4249-8bbc-4c60950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe0-2ff4-4249-8bbc-4c60950d210b",
"value": "https://www.virustotal.com/file/4574b78cc8b6ca375265971bcfadc7d0f9f5d075e7be9988a990955f8227d7b3/analysis/1439204448/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe0-63f0-40c1-9724-4b72950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:40.000Z",
"modified": "2015-08-25T13:38:40.000Z",
"description": "Sakula malware - Xchecked via VT: 1ab782431ed9948bf68196e1aa27cbc9",
"pattern": "[file:hashes.SHA256 = 'e5e01b88fd739c38dc8c4c46440a43634fd0ab14dc839d95d01921a44e49d5f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe1-90c8-4aba-a17a-4f50950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:41.000Z",
"modified": "2015-08-25T13:38:41.000Z",
"description": "Sakula malware - Xchecked via VT: 1ab782431ed9948bf68196e1aa27cbc9",
"pattern": "[file:hashes.SHA1 = 'e8ce2f5a15f881ad8f62d9c04ca0c4d169ce49e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe1-9b64-472b-97ef-496b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:41.000Z",
"modified": "2015-08-25T13:38:41.000Z",
"first_observed": "2015-08-25T13:38:41Z",
"last_observed": "2015-08-25T13:38:41Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe1-9b64-472b-97ef-496b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe1-9b64-472b-97ef-496b950d210b",
"value": "https://www.virustotal.com/file/e5e01b88fd739c38dc8c4c46440a43634fd0ab14dc839d95d01921a44e49d5f5/analysis/1439468835/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe1-476c-452c-990f-4d69950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:41.000Z",
"modified": "2015-08-25T13:38:41.000Z",
"description": "Sakula malware - Xchecked via VT: 1a6c43b693bb49dad5fe1637b02da2c6",
"pattern": "[file:hashes.SHA256 = '5e3e8801c64b43a2c7838bc7d8f76f113be5c2efd8fe1e0e4c8d984a7d247597']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe1-a998-4a78-9672-4c15950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:41.000Z",
"modified": "2015-08-25T13:38:41.000Z",
"description": "Sakula malware - Xchecked via VT: 1a6c43b693bb49dad5fe1637b02da2c6",
"pattern": "[file:hashes.SHA1 = '17b541c9f9a33464d6272276f7c398d58303b8f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe1-16c0-4ebb-af1f-44af950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:41.000Z",
"modified": "2015-08-25T13:38:41.000Z",
"first_observed": "2015-08-25T13:38:41Z",
"last_observed": "2015-08-25T13:38:41Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe1-16c0-4ebb-af1f-44af950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe1-16c0-4ebb-af1f-44af950d210b",
"value": "https://www.virustotal.com/file/5e3e8801c64b43a2c7838bc7d8f76f113be5c2efd8fe1e0e4c8d984a7d247597/analysis/1439468828/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe1-0418-44ee-a123-4275950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:41.000Z",
"modified": "2015-08-25T13:38:41.000Z",
"description": "Sakula malware - Xchecked via VT: 194f79e5f043efecb5707ebc4f9d0573",
"pattern": "[file:hashes.SHA256 = 'faf90517f8f64c5e98a701e702fb974327971e37d9e877ef85ea3e4c4d2d3e1f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe2-08a8-4c66-952c-47ff950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:42.000Z",
"modified": "2015-08-25T13:38:42.000Z",
"description": "Sakula malware - Xchecked via VT: 194f79e5f043efecb5707ebc4f9d0573",
"pattern": "[file:hashes.SHA1 = 'cf0785978869838f9af9a6d01d6bf3d2db9884f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe2-0718-4015-ae86-4457950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:42.000Z",
"modified": "2015-08-25T13:38:42.000Z",
"first_observed": "2015-08-25T13:38:42Z",
"last_observed": "2015-08-25T13:38:42Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe2-0718-4015-ae86-4457950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe2-0718-4015-ae86-4457950d210b",
"value": "https://www.virustotal.com/file/faf90517f8f64c5e98a701e702fb974327971e37d9e877ef85ea3e4c4d2d3e1f/analysis/1439468819/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe2-4764-444c-a26b-4109950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:42.000Z",
"modified": "2015-08-25T13:38:42.000Z",
"description": "Sakula malware - Xchecked via VT: 191696982f3f21a6ac31bf3549c94108",
"pattern": "[file:hashes.SHA256 = '22f5fa60c2286e22bee79bcde6e9c7ee80b42ef308c6bb7aed6d6163e5da0214']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe2-f31c-49d5-a151-4b41950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:42.000Z",
"modified": "2015-08-25T13:38:42.000Z",
"description": "Sakula malware - Xchecked via VT: 191696982f3f21a6ac31bf3549c94108",
"pattern": "[file:hashes.SHA1 = 'b28806efad1136d03a4e6f34ed9d826fd828b535']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe2-d030-4ae8-906a-4904950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:42.000Z",
"modified": "2015-08-25T13:38:42.000Z",
"first_observed": "2015-08-25T13:38:42Z",
"last_observed": "2015-08-25T13:38:42Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe2-d030-4ae8-906a-4904950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe2-d030-4ae8-906a-4904950d210b",
"value": "https://www.virustotal.com/file/22f5fa60c2286e22bee79bcde6e9c7ee80b42ef308c6bb7aed6d6163e5da0214/analysis/1439468816/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe2-ec4c-439d-b360-4bb5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:42.000Z",
"modified": "2015-08-25T13:38:42.000Z",
"description": "Sakula malware - Xchecked via VT: 1893cf1d00980926f87c294c786892d2",
"pattern": "[file:hashes.SHA256 = '5a9b46d308311c4f987f17b9815b907cc824ca0ee035ff040773250ff9721b4d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe3-0dc4-4b51-8fea-4192950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:43.000Z",
"modified": "2015-08-25T13:38:43.000Z",
"description": "Sakula malware - Xchecked via VT: 1893cf1d00980926f87c294c786892d2",
"pattern": "[file:hashes.SHA1 = '6789af0831f8e391b4008bee549dd7639d0e7ddc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe3-90c8-4c43-8c2f-4705950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:43.000Z",
"modified": "2015-08-25T13:38:43.000Z",
"first_observed": "2015-08-25T13:38:43Z",
"last_observed": "2015-08-25T13:38:43Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe3-90c8-4c43-8c2f-4705950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe3-90c8-4c43-8c2f-4705950d210b",
"value": "https://www.virustotal.com/file/5a9b46d308311c4f987f17b9815b907cc824ca0ee035ff040773250ff9721b4d/analysis/1439468815/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe3-f6d4-4b5e-b02d-42f4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:43.000Z",
"modified": "2015-08-25T13:38:43.000Z",
"description": "Sakula malware - Xchecked via VT: 15ccb0918411b859bab268195957c731",
"pattern": "[file:hashes.SHA256 = 'c2858578b2b25da088a05698c2e07bd3b85f00a2cb60478da989685e759c1bfa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe3-03fc-44cf-8496-461b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:43.000Z",
"modified": "2015-08-25T13:38:43.000Z",
"description": "Sakula malware - Xchecked via VT: 15ccb0918411b859bab268195957c731",
"pattern": "[file:hashes.SHA1 = 'ac69f1b76954d1068377e6f4b5ac59fa037ba019']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe3-a9ac-4661-9a86-476e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:43.000Z",
"modified": "2015-08-25T13:38:43.000Z",
"first_observed": "2015-08-25T13:38:43Z",
"last_observed": "2015-08-25T13:38:43Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe3-a9ac-4661-9a86-476e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe3-a9ac-4661-9a86-476e950d210b",
"value": "https://www.virustotal.com/file/c2858578b2b25da088a05698c2e07bd3b85f00a2cb60478da989685e759c1bfa/analysis/1439468789/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe4-e76c-4f65-95bd-47ff950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:44.000Z",
"modified": "2015-08-25T13:38:44.000Z",
"description": "Sakula malware - Xchecked via VT: 13e99782f29efa20a2753ac00d1c05a0",
"pattern": "[file:hashes.SHA256 = '6ae0953c9e844e7a626f3efcd95d86fab67b8045d63b9c2235bbee6cee57b934']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe4-3f94-4745-8e1d-4807950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:44.000Z",
"modified": "2015-08-25T13:38:44.000Z",
"description": "Sakula malware - Xchecked via VT: 13e99782f29efa20a2753ac00d1c05a0",
"pattern": "[file:hashes.SHA1 = '73a9f2357ccde49b8f9b1377ac48144783a7f57f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe4-3f6c-4031-bd6b-4c42950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:44.000Z",
"modified": "2015-08-25T13:38:44.000Z",
"first_observed": "2015-08-25T13:38:44Z",
"last_observed": "2015-08-25T13:38:44Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe4-3f6c-4031-bd6b-4c42950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe4-3f6c-4031-bd6b-4c42950d210b",
"value": "https://www.virustotal.com/file/6ae0953c9e844e7a626f3efcd95d86fab67b8045d63b9c2235bbee6cee57b934/analysis/1439468780/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe4-35a4-4b4a-8ab8-49d8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:44.000Z",
"modified": "2015-08-25T13:38:44.000Z",
"description": "Sakula malware - Xchecked via VT: 1377e513f872a062c6377d1e240225a8",
"pattern": "[file:hashes.SHA256 = '943fcbfb77fe8c33ea32530308bc43b1508b48483a1d2f5bf0b1921d86514374']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe4-5e4c-414c-88b4-4e30950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:44.000Z",
"modified": "2015-08-25T13:38:44.000Z",
"description": "Sakula malware - Xchecked via VT: 1377e513f872a062c6377d1e240225a8",
"pattern": "[file:hashes.SHA1 = '5d06bdd888279075acddc904e04545e7b4b7b3ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe4-f390-41fd-80fb-4b11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:44.000Z",
"modified": "2015-08-25T13:38:44.000Z",
"first_observed": "2015-08-25T13:38:44Z",
"last_observed": "2015-08-25T13:38:44Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe4-f390-41fd-80fb-4b11950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe4-f390-41fd-80fb-4b11950d210b",
"value": "https://www.virustotal.com/file/943fcbfb77fe8c33ea32530308bc43b1508b48483a1d2f5bf0b1921d86514374/analysis/1438173913/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe5-6934-46b9-a415-4913950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:45.000Z",
"modified": "2015-08-25T13:38:45.000Z",
"description": "Sakula malware - Xchecked via VT: 127cd711193603b4725094dac1bd26f6",
"pattern": "[file:hashes.SHA256 = '8f06f8a601b7cae793c0ce06739742e2a1fdbba3e956e95739faeb7a87ef7dce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe5-8510-4f51-8d3a-4878950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:45.000Z",
"modified": "2015-08-25T13:38:45.000Z",
"description": "Sakula malware - Xchecked via VT: 127cd711193603b4725094dac1bd26f6",
"pattern": "[file:hashes.SHA1 = '255ebd7c7276d9b9e9e7cc3119afe66696a8a0ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe5-1ddc-4d79-9951-4773950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:45.000Z",
"modified": "2015-08-25T13:38:45.000Z",
"first_observed": "2015-08-25T13:38:45Z",
"last_observed": "2015-08-25T13:38:45Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe5-1ddc-4d79-9951-4773950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe5-1ddc-4d79-9951-4773950d210b",
"value": "https://www.virustotal.com/file/8f06f8a601b7cae793c0ce06739742e2a1fdbba3e956e95739faeb7a87ef7dce/analysis/1439468771/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe5-9178-43e0-90bf-4a4f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:45.000Z",
"modified": "2015-08-25T13:38:45.000Z",
"description": "Sakula malware - Xchecked via VT: 1240fbbabd76110a8fc29803e0c3ccfb",
"pattern": "[file:hashes.SHA256 = '65b11eb5595bc0fe4e7f3dd6201335539045b6485a1cfa9243e0d115bb53eecf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe5-3bc4-4404-a8f3-4b73950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:45.000Z",
"modified": "2015-08-25T13:38:45.000Z",
"description": "Sakula malware - Xchecked via VT: 1240fbbabd76110a8fc29803e0c3ccfb",
"pattern": "[file:hashes.SHA1 = '25ffce14e327180221b6f127aa3022cb95b73768']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe5-23d0-4877-a122-41ef950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:45.000Z",
"modified": "2015-08-25T13:38:45.000Z",
"first_observed": "2015-08-25T13:38:45Z",
"last_observed": "2015-08-25T13:38:45Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe5-23d0-4877-a122-41ef950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe5-23d0-4877-a122-41ef950d210b",
"value": "https://www.virustotal.com/file/65b11eb5595bc0fe4e7f3dd6201335539045b6485a1cfa9243e0d115bb53eecf/analysis/1439468769/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe6-4f4c-4bb3-8a48-43f2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:46.000Z",
"modified": "2015-08-25T13:38:46.000Z",
"description": "Sakula malware - Xchecked via VT: 124089995494be38d866de08c12f99ef",
"pattern": "[file:hashes.SHA256 = '0df2c40c53e601e9128c2644c10c8d7a9e4dd9d8fffc5d27b6f28df7b7ff8930']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe6-adf4-4861-ba4c-4eb3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:46.000Z",
"modified": "2015-08-25T13:38:46.000Z",
"description": "Sakula malware - Xchecked via VT: 124089995494be38d866de08c12f99ef",
"pattern": "[file:hashes.SHA1 = '8f9d32b0c754b53ee78d8ab538c27f980c5d523d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe6-a240-4bd8-be1c-49c2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:46.000Z",
"modified": "2015-08-25T13:38:46.000Z",
"first_observed": "2015-08-25T13:38:46Z",
"last_observed": "2015-08-25T13:38:46Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe6-a240-4bd8-be1c-49c2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe6-a240-4bd8-be1c-49c2950d210b",
"value": "https://www.virustotal.com/file/0df2c40c53e601e9128c2644c10c8d7a9e4dd9d8fffc5d27b6f28df7b7ff8930/analysis/1439468769/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe6-2ea4-4109-964f-4cd5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:46.000Z",
"modified": "2015-08-25T13:38:46.000Z",
"description": "Sakula malware - Xchecked via VT: 1098e66986134d71d4a8dd07301640b1",
"pattern": "[file:hashes.SHA256 = '6a578d0a4c6ba0cae2f627b058a2167214e91545c2502d0750853d72f88af69a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe6-7220-4dd3-83fc-4412950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:46.000Z",
"modified": "2015-08-25T13:38:46.000Z",
"description": "Sakula malware - Xchecked via VT: 1098e66986134d71d4a8dd07301640b1",
"pattern": "[file:hashes.SHA1 = 'fd78201a8b50582430a34aed22ee9fc4ff9c9c3b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe6-54ec-49c7-990d-4a61950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:46.000Z",
"modified": "2015-08-25T13:38:46.000Z",
"first_observed": "2015-08-25T13:38:46Z",
"last_observed": "2015-08-25T13:38:46Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe6-54ec-49c7-990d-4a61950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe6-54ec-49c7-990d-4a61950d210b",
"value": "https://www.virustotal.com/file/6a578d0a4c6ba0cae2f627b058a2167214e91545c2502d0750853d72f88af69a/analysis/1439468756/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe7-7a40-4aa1-900d-4dc3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:47.000Z",
"modified": "2015-08-25T13:38:47.000Z",
"description": "Sakula malware - Xchecked via VT: 0ff96f4dbfe8aa9c49b489218d862cd7",
"pattern": "[file:hashes.SHA256 = '5096ed81ec028361943f459672fbe36adb08d41fc51243596df1133588ab9f76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe7-67e0-46f6-a00c-497c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:47.000Z",
"modified": "2015-08-25T13:38:47.000Z",
"description": "Sakula malware - Xchecked via VT: 0ff96f4dbfe8aa9c49b489218d862cd7",
"pattern": "[file:hashes.SHA1 = 'b87ae231c0a79f865f6fe838b17b9263e114b1a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe7-74dc-4fa6-87c8-4d06950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:47.000Z",
"modified": "2015-08-25T13:38:47.000Z",
"first_observed": "2015-08-25T13:38:47Z",
"last_observed": "2015-08-25T13:38:47Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe7-74dc-4fa6-87c8-4d06950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe7-74dc-4fa6-87c8-4d06950d210b",
"value": "https://www.virustotal.com/file/5096ed81ec028361943f459672fbe36adb08d41fc51243596df1133588ab9f76/analysis/1439468753/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe7-eb94-4cf9-a641-4231950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:47.000Z",
"modified": "2015-08-25T13:38:47.000Z",
"description": "Sakula malware - Xchecked via VT: 0f218e73da96af2939e75ebea7c958dc",
"pattern": "[file:hashes.SHA256 = '9723119a19a2fa3daa93d23ad98bb4c34e0747222a868648b2bfa392b3ad93f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe7-4614-453f-a7d9-4298950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:47.000Z",
"modified": "2015-08-25T13:38:47.000Z",
"description": "Sakula malware - Xchecked via VT: 0f218e73da96af2939e75ebea7c958dc",
"pattern": "[file:hashes.SHA1 = 'a20645513c85b2f8381b45245e58963698baf39b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe8-c580-43fb-ace7-4cfc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:48.000Z",
"modified": "2015-08-25T13:38:48.000Z",
"first_observed": "2015-08-25T13:38:48Z",
"last_observed": "2015-08-25T13:38:48Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe8-c580-43fb-ace7-4cfc950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe8-c580-43fb-ace7-4cfc950d210b",
"value": "https://www.virustotal.com/file/9723119a19a2fa3daa93d23ad98bb4c34e0747222a868648b2bfa392b3ad93f3/analysis/1439468745/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe8-0518-4ddd-be5a-425f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:48.000Z",
"modified": "2015-08-25T13:38:48.000Z",
"description": "Sakula malware - Xchecked via VT: 0e5d1b941dcb597eb9b7dc1f0694c65f",
"pattern": "[file:hashes.SHA256 = '3d3cdf96a12285e82cb76c8f2a9b8bb728d4a7ee28926ceea8f9c48076e14675']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe8-dda8-4d85-a608-45a0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:48.000Z",
"modified": "2015-08-25T13:38:48.000Z",
"description": "Sakula malware - Xchecked via VT: 0e5d1b941dcb597eb9b7dc1f0694c65f",
"pattern": "[file:hashes.SHA1 = 'af6b54fa78118310d028dac1874f190080d178da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe8-f4fc-4da5-8525-4536950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:48.000Z",
"modified": "2015-08-25T13:38:48.000Z",
"first_observed": "2015-08-25T13:38:48Z",
"last_observed": "2015-08-25T13:38:48Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe8-f4fc-4da5-8525-4536950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe8-f4fc-4da5-8525-4536950d210b",
"value": "https://www.virustotal.com/file/3d3cdf96a12285e82cb76c8f2a9b8bb728d4a7ee28926ceea8f9c48076e14675/analysis/1439468731/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe8-cce0-4f5d-8ac5-4acb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:48.000Z",
"modified": "2015-08-25T13:38:48.000Z",
"description": "Sakula malware - Xchecked via VT: 0db52e612d904f4d4212beee4bd5c35c",
"pattern": "[file:hashes.SHA256 = 'e720936f1d76ff353de563508df0fc1e38fe14ef6e8ec2ff7918220d8e56b3fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe8-193c-490c-8cd0-48e6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:48.000Z",
"modified": "2015-08-25T13:38:48.000Z",
"description": "Sakula malware - Xchecked via VT: 0db52e612d904f4d4212beee4bd5c35c",
"pattern": "[file:hashes.SHA1 = '3d51a8e8d9a6c0597085817d2c9526949c9975a5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe9-7174-4c49-b163-4236950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:49.000Z",
"modified": "2015-08-25T13:38:49.000Z",
"first_observed": "2015-08-25T13:38:49Z",
"last_observed": "2015-08-25T13:38:49Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe9-7174-4c49-b163-4236950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe9-7174-4c49-b163-4236950d210b",
"value": "https://www.virustotal.com/file/e720936f1d76ff353de563508df0fc1e38fe14ef6e8ec2ff7918220d8e56b3fe/analysis/1439468725/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe9-d3e0-4e01-b454-472f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:49.000Z",
"modified": "2015-08-25T13:38:49.000Z",
"description": "Sakula malware - Xchecked via VT: 0c693b4ee77c1ebb646334ce28331d5c",
"pattern": "[file:hashes.SHA256 = 'a2c7271b93b19dfe15f4d27530a6f4ce11a00fc0b7f8383f4a93c126d9d8bf22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe9-7be4-4679-9802-4e1e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:49.000Z",
"modified": "2015-08-25T13:38:49.000Z",
"description": "Sakula malware - Xchecked via VT: 0c693b4ee77c1ebb646334ce28331d5c",
"pattern": "[file:hashes.SHA1 = 'e3161de4fdf51eced7d756fb8d67f4c327fa6898']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fe9-75a0-47e2-861d-4b00950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:49.000Z",
"modified": "2015-08-25T13:38:49.000Z",
"first_observed": "2015-08-25T13:38:49Z",
"last_observed": "2015-08-25T13:38:49Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fe9-75a0-47e2-861d-4b00950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fe9-75a0-47e2-861d-4b00950d210b",
"value": "https://www.virustotal.com/file/a2c7271b93b19dfe15f4d27530a6f4ce11a00fc0b7f8383f4a93c126d9d8bf22/analysis/1439468715/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe9-9af8-4bf7-8f97-46f3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:49.000Z",
"modified": "2015-08-25T13:38:49.000Z",
"description": "Sakula malware - Xchecked via VT: 0b6a0ca44e47609910d978ffb1ee49c6",
"pattern": "[file:hashes.SHA256 = '415dc126af775a928a51c872a6513d6ac9f5dcd84e00734b409d58a5922de96e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fe9-c330-4e07-8c38-42e2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:49.000Z",
"modified": "2015-08-25T13:38:49.000Z",
"description": "Sakula malware - Xchecked via VT: 0b6a0ca44e47609910d978ffb1ee49c6",
"pattern": "[file:hashes.SHA1 = 'e0fee9ccd0368f6f3acf0e9f2885dccd8f8b5359']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fea-d044-4976-b807-4b0b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:50.000Z",
"modified": "2015-08-25T13:38:50.000Z",
"first_observed": "2015-08-25T13:38:50Z",
"last_observed": "2015-08-25T13:38:50Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fea-d044-4976-b807-4b0b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fea-d044-4976-b807-4b0b950d210b",
"value": "https://www.virustotal.com/file/415dc126af775a928a51c872a6513d6ac9f5dcd84e00734b409d58a5922de96e/analysis/1439468710/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fea-54ec-4a88-bd42-4d96950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:50.000Z",
"modified": "2015-08-25T13:38:50.000Z",
"description": "Sakula malware - Xchecked via VT: 0ae8ace203031f32e9b1ac5696c0c070",
"pattern": "[file:hashes.SHA256 = '412923a77ce64d851568c6e38fe78efb804ad38fe3ed11eb174338724117ee05']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fea-bb90-45d8-b84f-46c7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:50.000Z",
"modified": "2015-08-25T13:38:50.000Z",
"description": "Sakula malware - Xchecked via VT: 0ae8ace203031f32e9b1ac5696c0c070",
"pattern": "[file:hashes.SHA1 = '11f2f2efff557e645d4dd23c5750d3104f6cc851']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fea-90c0-488c-b7e2-49ea950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:50.000Z",
"modified": "2015-08-25T13:38:50.000Z",
"first_observed": "2015-08-25T13:38:50Z",
"last_observed": "2015-08-25T13:38:50Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fea-90c0-488c-b7e2-49ea950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fea-90c0-488c-b7e2-49ea950d210b",
"value": "https://www.virustotal.com/file/412923a77ce64d851568c6e38fe78efb804ad38fe3ed11eb174338724117ee05/analysis/1439468708/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fea-cc78-474f-93ca-4e3e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:50.000Z",
"modified": "2015-08-25T13:38:50.000Z",
"description": "Sakula malware - Xchecked via VT: 0a8a4cfa745b6350bea1b47f5754595e",
"pattern": "[file:hashes.SHA256 = '9650dc9d47757e58d86b82da745f70f1b3cf47d71ef903f8229608128e665aab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fea-1354-488a-b448-44f4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:50.000Z",
"modified": "2015-08-25T13:38:50.000Z",
"description": "Sakula malware - Xchecked via VT: 0a8a4cfa745b6350bea1b47f5754595e",
"pattern": "[file:hashes.SHA1 = '2356f82fcc1b7fd0505711b0a320c57b14f2cc0d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6feb-9734-4d2c-a5b1-4765950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:51.000Z",
"modified": "2015-08-25T13:38:51.000Z",
"first_observed": "2015-08-25T13:38:51Z",
"last_observed": "2015-08-25T13:38:51Z",
"number_observed": 1,
"object_refs": [
"url--55dc6feb-9734-4d2c-a5b1-4765950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6feb-9734-4d2c-a5b1-4765950d210b",
"value": "https://www.virustotal.com/file/9650dc9d47757e58d86b82da745f70f1b3cf47d71ef903f8229608128e665aab/analysis/1439468702/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6feb-c7e8-4002-9f94-4e26950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:51.000Z",
"modified": "2015-08-25T13:38:51.000Z",
"description": "Sakula malware - Xchecked via VT: 07af666d2117296a7814c86839ee2ae0",
"pattern": "[file:hashes.SHA256 = '27710f7919163a48325bf9859c53b6e2d9b08a85438053cfdbf336cfd2e50271']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6feb-2a8c-49d2-9976-468c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:51.000Z",
"modified": "2015-08-25T13:38:51.000Z",
"description": "Sakula malware - Xchecked via VT: 07af666d2117296a7814c86839ee2ae0",
"pattern": "[file:hashes.SHA1 = '45355b93874d7a3dda423bb5b48ca74a9abc9561']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6feb-a1dc-499a-a633-4892950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:51.000Z",
"modified": "2015-08-25T13:38:51.000Z",
"first_observed": "2015-08-25T13:38:51Z",
"last_observed": "2015-08-25T13:38:51Z",
"number_observed": 1,
"object_refs": [
"url--55dc6feb-a1dc-499a-a633-4892950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6feb-a1dc-499a-a633-4892950d210b",
"value": "https://www.virustotal.com/file/27710f7919163a48325bf9859c53b6e2d9b08a85438053cfdbf336cfd2e50271/analysis/1439468682/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6feb-4c64-49ad-8442-4259950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:51.000Z",
"modified": "2015-08-25T13:38:51.000Z",
"description": "Sakula malware - Xchecked via VT: 065aa01311ca8f3e0016d8ae546d30a4",
"pattern": "[file:hashes.SHA256 = 'd5d024a63dbc694980ec512dae9694334acc3de16b0c29b22faf707eb70ad159']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fec-ff7c-411e-829c-4d42950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:52.000Z",
"modified": "2015-08-25T13:38:52.000Z",
"description": "Sakula malware - Xchecked via VT: 065aa01311ca8f3e0016d8ae546d30a4",
"pattern": "[file:hashes.SHA1 = 'fd4fc9439e932952dfb9ef5ce25312aeb70358b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fec-0008-41f0-916c-497a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:52.000Z",
"modified": "2015-08-25T13:38:52.000Z",
"first_observed": "2015-08-25T13:38:52Z",
"last_observed": "2015-08-25T13:38:52Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fec-0008-41f0-916c-497a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fec-0008-41f0-916c-497a950d210b",
"value": "https://www.virustotal.com/file/d5d024a63dbc694980ec512dae9694334acc3de16b0c29b22faf707eb70ad159/analysis/1439468662/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fec-e858-4a05-ba1b-4705950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:52.000Z",
"modified": "2015-08-25T13:38:52.000Z",
"description": "Sakula malware - Xchecked via VT: 04f17c37259533e301b01a8c64e476e6",
"pattern": "[file:hashes.SHA256 = '8ad122388d4e0984b9319f04473010547b60e17b8406ba9eb541a97aca616de7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fec-aa88-46f5-a1b5-4b11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:52.000Z",
"modified": "2015-08-25T13:38:52.000Z",
"description": "Sakula malware - Xchecked via VT: 04f17c37259533e301b01a8c64e476e6",
"pattern": "[file:hashes.SHA1 = 'ed04cba2871e1c0a83beb00a4acb265fba24d1c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fec-f0b8-4bc1-b546-4ffa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:52.000Z",
"modified": "2015-08-25T13:38:52.000Z",
"first_observed": "2015-08-25T13:38:52Z",
"last_observed": "2015-08-25T13:38:52Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fec-f0b8-4bc1-b546-4ffa950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fec-f0b8-4bc1-b546-4ffa950d210b",
"value": "https://www.virustotal.com/file/8ad122388d4e0984b9319f04473010547b60e17b8406ba9eb541a97aca616de7/analysis/1439468650/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fec-deec-4702-b26f-48ca950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:52.000Z",
"modified": "2015-08-25T13:38:52.000Z",
"description": "Sakula malware - Xchecked via VT: 034b2d2c7b1b6812d242771fbc382183",
"pattern": "[file:hashes.SHA256 = 'ad1bace3ea5bf702bba8a8a496b4e9636cfd415aa336709b27074e68d67cef19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fed-cc58-4b6f-b2ca-4603950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:53.000Z",
"modified": "2015-08-25T13:38:53.000Z",
"description": "Sakula malware - Xchecked via VT: 034b2d2c7b1b6812d242771fbc382183",
"pattern": "[file:hashes.SHA1 = '9aad269a39f1e8dbac32b11e5111d190a334ab57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fed-a1a4-46d1-b658-4f0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:53.000Z",
"modified": "2015-08-25T13:38:53.000Z",
"first_observed": "2015-08-25T13:38:53Z",
"last_observed": "2015-08-25T13:38:53Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fed-a1a4-46d1-b658-4f0f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fed-a1a4-46d1-b658-4f0f950d210b",
"value": "https://www.virustotal.com/file/ad1bace3ea5bf702bba8a8a496b4e9636cfd415aa336709b27074e68d67cef19/analysis/1439468630/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fed-1878-4b4e-9e79-4fb0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:53.000Z",
"modified": "2015-08-25T13:38:53.000Z",
"description": "Sakula malware - Xchecked via VT: 031832adb059c8a30bf06e3036813a05",
"pattern": "[file:hashes.SHA256 = 'bd3bc133a7cdb9bfc84b79c36702025ab4e823e88d7957548354c02b6326f875']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55dc6fed-e6d0-426b-bef1-4959950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:53.000Z",
"modified": "2015-08-25T13:38:53.000Z",
"description": "Sakula malware - Xchecked via VT: 031832adb059c8a30bf06e3036813a05",
"pattern": "[file:hashes.SHA1 = 'fb7aca20598088ae233593b781bdcaed2c6fd5f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-25T13:38:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55dc6fed-d55c-4fa8-8561-4e13950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-08-25T13:38:53.000Z",
"modified": "2015-08-25T13:38:53.000Z",
"first_observed": "2015-08-25T13:38:53Z",
"last_observed": "2015-08-25T13:38:53Z",
"number_observed": 1,
"object_refs": [
"url--55dc6fed-d55c-4fa8-8561-4e13950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55dc6fed-d55c-4fa8-8561-4e13950d210b",
"value": "https://www.virustotal.com/file/bd3bc133a7cdb9bfc84b79c36702025ab4e823e88d7957548354c02b6326f875/analysis/1439468629/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink