adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/56fb756e-0df4-40e4-9756-438e950d210f.json

1653 lines
No EOL
69 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--56fb756e-0df4-40e4-9756-438e950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:18:00.000Z",
"modified": "2016-03-30T12:18:00.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56fb756e-0df4-40e4-9756-438e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:18:00.000Z",
"modified": "2016-03-30T12:18:00.000Z",
"name": "OSINT - Taiwan targeted with new cyberespionage back door Trojan",
"published": "2016-03-30T12:29:56Z",
"object_refs": [
"observed-data--56fb7596-a590-4da9-a679-467b950d210f",
"url--56fb7596-a590-4da9-a679-467b950d210f",
"x-misp-attribute--56fb75ef-16b0-4b65-aea4-4809950d210f",
"indicator--56fb764d-a53c-4345-a754-43c7950d210f",
"indicator--56fb764e-23e0-4ee6-85f7-4218950d210f",
"indicator--56fb764e-643c-4ce9-83f1-4544950d210f",
"indicator--56fb764e-e028-49f1-94d6-4ac4950d210f",
"indicator--56fb764e-be28-4b04-9ff7-428f950d210f",
"indicator--56fb764f-9d64-471b-86cb-487c950d210f",
"indicator--56fb764f-be3c-4da9-9427-401e950d210f",
"indicator--56fb764f-7df8-4856-b8a9-4ec1950d210f",
"indicator--56fb7650-13d0-4c5c-bc1c-4bac950d210f",
"indicator--56fb76be-2608-41bf-b905-4800950d210f",
"indicator--56fb76bf-dd10-4dd2-b455-4f26950d210f",
"indicator--56fb76bf-a120-4d9e-bdac-41d6950d210f",
"indicator--56fb76c0-a9a4-47de-a0b7-476b950d210f",
"indicator--56fb76c0-7684-4f0b-913e-42e7950d210f",
"indicator--56fb76c0-726c-4489-a265-4cd3950d210f",
"indicator--56fb76c1-1128-4689-920f-47aa950d210f",
"indicator--56fb76c1-4610-4939-9e12-4995950d210f",
"indicator--56fb76c1-f63c-4948-9ec2-4e6d950d210f",
"indicator--56fb76c1-142c-448a-882b-410d950d210f",
"indicator--56fb76c2-5b1c-447c-8e11-4b5a950d210f",
"indicator--56fb76c2-a9c4-4c5f-aba7-43ce950d210f",
"indicator--56fb76c2-fc40-40b9-9ecc-4acb950d210f",
"indicator--56fb76c3-303c-4d10-9f1b-4ada950d210f",
"indicator--56fb76c3-be30-4591-a074-4c3c950d210f",
"indicator--56fb76c3-2c70-4e67-bde0-41db950d210f",
"indicator--56fb76c3-9dc4-42e9-9d03-4dc9950d210f",
"indicator--56fb76c4-8090-4b2e-9b9e-45c8950d210f",
"indicator--56fb76c4-42e0-4403-a4e0-4566950d210f",
"indicator--56fb76c5-5e84-40dd-a7db-4a7f950d210f",
"indicator--56fb76c5-abf4-4bab-99e1-47f2950d210f",
"indicator--56fb7812-cc00-4a88-b061-41d302de0b81",
"indicator--56fb7812-c9f0-4aa8-96c0-4cba02de0b81",
"observed-data--56fb7812-c270-4734-909a-4a0a02de0b81",
"url--56fb7812-c270-4734-909a-4a0a02de0b81",
"indicator--56fb7813-d03c-48a7-92dc-43ad02de0b81",
"indicator--56fb7813-5f54-482c-b9c8-4c8d02de0b81",
"observed-data--56fb7813-9714-4300-a683-4aa602de0b81",
"url--56fb7813-9714-4300-a683-4aa602de0b81",
"indicator--56fb7814-20fc-4425-ae0c-4c9d02de0b81",
"indicator--56fb7814-1cf0-48ea-a52f-45d802de0b81",
"observed-data--56fb7814-9d74-46a8-8955-4eb602de0b81",
"url--56fb7814-9d74-46a8-8955-4eb602de0b81",
"indicator--56fb7814-aa54-4383-b8af-429702de0b81",
"indicator--56fb7815-4b18-42e0-bef6-426202de0b81",
"observed-data--56fb7815-7ab4-440c-9ef9-43a202de0b81",
"url--56fb7815-7ab4-440c-9ef9-43a202de0b81",
"indicator--56fb7815-b3e4-4997-82aa-4bfa02de0b81",
"indicator--56fb7816-9604-4ddc-b48c-406002de0b81",
"observed-data--56fb7816-8464-4f18-8f1c-418902de0b81",
"url--56fb7816-8464-4f18-8f1c-418902de0b81",
"indicator--56fb7816-a5e0-4816-812e-425d02de0b81",
"indicator--56fb7817-1aa0-4a96-96c9-4bfc02de0b81",
"observed-data--56fb7817-c508-4707-9731-4bb602de0b81",
"url--56fb7817-c508-4707-9731-4bb602de0b81",
"indicator--56fb7817-9484-4c10-93dd-40a202de0b81",
"indicator--56fb7817-aec4-4197-aa0a-4bb202de0b81",
"observed-data--56fb7818-3734-4f5b-8e9a-4cae02de0b81",
"url--56fb7818-3734-4f5b-8e9a-4cae02de0b81",
"indicator--56fb7818-75d4-4a89-9b41-45c602de0b81",
"indicator--56fb7818-7c6c-4423-862d-436402de0b81",
"observed-data--56fb7819-a9a4-4011-a751-4a3a02de0b81",
"url--56fb7819-a9a4-4011-a751-4a3a02de0b81",
"indicator--56fb7819-1f58-4ea9-9bea-4c9502de0b81",
"indicator--56fb7819-83f0-49a8-b8dd-446202de0b81",
"observed-data--56fb781a-6670-4e54-a213-47d002de0b81",
"url--56fb781a-6670-4e54-a213-47d002de0b81",
"indicator--56fb781a-81a0-4ea3-95b1-4ea402de0b81",
"indicator--56fb781a-0a0c-40c3-80c5-4d2602de0b81",
"observed-data--56fb781b-54d4-473e-b222-486202de0b81",
"url--56fb781b-54d4-473e-b222-486202de0b81",
"indicator--56fb781b-80fc-4a69-9336-49bd02de0b81",
"indicator--56fb781b-aa24-462e-8602-4ea302de0b81",
"observed-data--56fb781c-a0a8-43fe-b5c1-4c6602de0b81",
"url--56fb781c-a0a8-43fe-b5c1-4c6602de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fb7596-a590-4da9-a679-467b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:43:34.000Z",
"modified": "2016-03-30T06:43:34.000Z",
"first_observed": "2016-03-30T06:43:34Z",
"last_observed": "2016-03-30T06:43:34Z",
"number_observed": 1,
"object_refs": [
"url--56fb7596-a590-4da9-a679-467b950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fb7596-a590-4da9-a679-467b950d210f",
"value": "http://www.symantec.com/connect/blogs/taiwan-targeted-new-cyberespionage-back-door-trojan"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56fb75ef-16b0-4b65-aea4-4809950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:45:03.000Z",
"modified": "2016-03-30T06:45:03.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "In late August 2015, Symantec identified a previously unknown back door Trojan (Backdoor.Dripion) infecting organizations primarily located in Taiwan, as well as Brazil and the United States. Dripion is custom-built, designed to steal information, and has been used sparingly in a limited number of targeted attacks. The attackers behind this campaign went to some lengths to disguise their activities, including using domains names disguised as antivirus (AV) company websites for their command and control (C&C) servers. These attacks have some links to earlier attacks by a group called Budminer involving the Taidoor Trojan (Trojan.Taidoor).\r\n\r\nThe threat posed by custom malware such as Dripion illustrates the value of multilayered security. Unknown threats may evade signature-based detection, but can be blocked by other detection tools which identify malicious behavior."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb764d-a53c-4345-a754-43c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:46:37.000Z",
"modified": "2016-03-30T06:46:37.000Z",
"description": "Infrastructure",
"pattern": "[domain-name:value = 'hyydn.nortonsoft.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:46:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb764e-23e0-4ee6-85f7-4218950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:46:38.000Z",
"modified": "2016-03-30T06:46:38.000Z",
"description": "Infrastructure",
"pattern": "[domain-name:value = 'mhysix.mcfeesoft.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:46:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb764e-643c-4ce9-83f1-4544950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:46:38.000Z",
"modified": "2016-03-30T06:46:38.000Z",
"description": "Infrastructure",
"pattern": "[domain-name:value = 'gspt.dns1.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:46:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb764e-e028-49f1-94d6-4ac4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:46:38.000Z",
"modified": "2016-03-30T06:46:38.000Z",
"description": "Infrastructure",
"pattern": "[domain-name:value = 'unpt.defultname.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:46:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb764e-be28-4b04-9ff7-428f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:46:38.000Z",
"modified": "2016-03-30T06:46:38.000Z",
"description": "Infrastructure",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.144.100.73']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:46:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb764f-9d64-471b-86cb-487c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:46:39.000Z",
"modified": "2016-03-30T06:46:39.000Z",
"description": "Infrastructure",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.61.229.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:46:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb764f-be3c-4da9-9427-401e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:46:39.000Z",
"modified": "2016-03-30T06:46:39.000Z",
"description": "Infrastructure",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.215.222.105']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:46:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb764f-7df8-4856-b8a9-4ec1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:46:39.000Z",
"modified": "2016-03-30T06:46:39.000Z",
"description": "Infrastructure",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.222.137.66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:46:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7650-13d0-4c5c-bc1c-4bac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:46:40.000Z",
"modified": "2016-03-30T06:46:40.000Z",
"description": "Infrastructure",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.240.182.99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:46:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76be-2608-41bf-b905-4800950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:30.000Z",
"modified": "2016-03-30T06:48:30.000Z",
"pattern": "[file:hashes.MD5 = '2dd931cf0950817d1bb567e12cf80ae7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76bf-dd10-4dd2-b455-4f26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:31.000Z",
"modified": "2016-03-30T06:48:31.000Z",
"pattern": "[file:hashes.MD5 = '3652075425b367d101a7d6b6ef558c6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76bf-a120-4d9e-bdac-41d6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:31.000Z",
"modified": "2016-03-30T06:48:31.000Z",
"pattern": "[file:hashes.MD5 = '59ff5624a02e98f60187add71bba3756']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c0-a9a4-47de-a0b7-476b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:32.000Z",
"modified": "2016-03-30T06:48:32.000Z",
"pattern": "[file:hashes.MD5 = '865d24324f1cac5aecc09bae6a9157f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c0-7684-4f0b-913e-42e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:32.000Z",
"modified": "2016-03-30T06:48:32.000Z",
"pattern": "[file:hashes.MD5 = 'eca0ef705d148ff105dbaf40ce9d1d5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c0-726c-4489-a265-4cd3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:32.000Z",
"modified": "2016-03-30T06:48:32.000Z",
"pattern": "[file:hashes.MD5 = 'f4260ecd0395076439d8c0725ee0125f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c1-1128-4689-920f-47aa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:32.000Z",
"modified": "2016-03-30T06:48:32.000Z",
"pattern": "[file:hashes.MD5 = '285de6e5d3ed8ca966430846888a56ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c1-4610-4939-9e12-4995950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:33.000Z",
"modified": "2016-03-30T06:48:33.000Z",
"pattern": "[file:hashes.MD5 = '31f83a1e09062e8c4773a03d5993d870']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c1-f63c-4948-9ec2-4e6d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:33.000Z",
"modified": "2016-03-30T06:48:33.000Z",
"pattern": "[file:hashes.MD5 = '4438921ea3d08d0c90f2f903556967e5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c1-142c-448a-882b-410d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:33.000Z",
"modified": "2016-03-30T06:48:33.000Z",
"pattern": "[file:hashes.MD5 = '7ad3b2b6eee18af6816b6f4f7f7f71a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c2-5b1c-447c-8e11-4b5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:34.000Z",
"modified": "2016-03-30T06:48:34.000Z",
"pattern": "[file:hashes.MD5 = 'b594d53a0d19eaac113988bf238654d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c2-a9c4-4c5f-aba7-43ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:34.000Z",
"modified": "2016-03-30T06:48:34.000Z",
"pattern": "[file:hashes.MD5 = 'c3e6ce287d12ac39ceb24e08dc63e3b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c2-fc40-40b9-9ecc-4acb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:34.000Z",
"modified": "2016-03-30T06:48:34.000Z",
"pattern": "[file:hashes.MD5 = 'e0c6b7d9bdae838139caa3acce5c890d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c3-303c-4d10-9f1b-4ada950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:35.000Z",
"modified": "2016-03-30T06:48:35.000Z",
"pattern": "[file:hashes.MD5 = 'e7205c0b80035b629d80b5e7aeff7b0e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c3-be30-4591-a074-4c3c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:35.000Z",
"modified": "2016-03-30T06:48:35.000Z",
"pattern": "[file:hashes.MD5 = 'c182e33cf7e85316e9dc0e13999db45e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c3-2c70-4e67-bde0-41db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:35.000Z",
"modified": "2016-03-30T06:48:35.000Z",
"pattern": "[file:hashes.MD5 = '272ff690f6d27d2953fbadf75791274c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c3-9dc4-42e9-9d03-4dc9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:35.000Z",
"modified": "2016-03-30T06:48:35.000Z",
"pattern": "[file:hashes.MD5 = 'ae80f056b8c38873ab1251c454ed1fe9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c4-8090-4b2e-9b9e-45c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:36.000Z",
"modified": "2016-03-30T06:48:36.000Z",
"pattern": "[file:hashes.MD5 = '260f19ef39d56373bb5590346d2c1811']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c4-42e0-4403-a4e0-4566950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:36.000Z",
"modified": "2016-03-30T06:48:36.000Z",
"pattern": "[file:hashes.MD5 = 'fe8d19e3435879e56f5189b37263ab06']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c5-5e84-40dd-a7db-4a7f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:37.000Z",
"modified": "2016-03-30T06:48:37.000Z",
"pattern": "[file:hashes.MD5 = '68bebcd9d2ad418332980a7dab71bf79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb76c5-abf4-4bab-99e1-47f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:48:37.000Z",
"modified": "2016-03-30T06:48:37.000Z",
"pattern": "[file:hashes.MD5 = 'cbde79b6ba782840db4aca46a5a63467']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:48:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7812-cc00-4a88-b061-41d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:10.000Z",
"modified": "2016-03-30T06:54:10.000Z",
"description": "- Xchecked via VT: cbde79b6ba782840db4aca46a5a63467",
"pattern": "[file:hashes.SHA256 = '39cd2290575c291b1da6ee7c1da52ab14441bd4647fe3eb21561579e08c9d93c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7812-c9f0-4aa8-96c0-4cba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:10.000Z",
"modified": "2016-03-30T06:54:10.000Z",
"description": "- Xchecked via VT: cbde79b6ba782840db4aca46a5a63467",
"pattern": "[file:hashes.SHA1 = '5b697da0efde1052c0f49d586744bc52e49626ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fb7812-c270-4734-909a-4a0a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:10.000Z",
"modified": "2016-03-30T06:54:10.000Z",
"first_observed": "2016-03-30T06:54:10Z",
"last_observed": "2016-03-30T06:54:10Z",
"number_observed": 1,
"object_refs": [
"url--56fb7812-c270-4734-909a-4a0a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fb7812-c270-4734-909a-4a0a02de0b81",
"value": "https://www.virustotal.com/file/39cd2290575c291b1da6ee7c1da52ab14441bd4647fe3eb21561579e08c9d93c/analysis/1456306454/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7813-d03c-48a7-92dc-43ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:11.000Z",
"modified": "2016-03-30T06:54:11.000Z",
"description": "- Xchecked via VT: 68bebcd9d2ad418332980a7dab71bf79",
"pattern": "[file:hashes.SHA256 = 'fe461e8d5f89a78d89522f0a69f1f78ae9cd41dc772a38d88eed677ccde2fd83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7813-5f54-482c-b9c8-4c8d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:11.000Z",
"modified": "2016-03-30T06:54:11.000Z",
"description": "- Xchecked via VT: 68bebcd9d2ad418332980a7dab71bf79",
"pattern": "[file:hashes.SHA1 = 'f9222b8048ec770c613be5692b1ed225564c90e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fb7813-9714-4300-a683-4aa602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:11.000Z",
"modified": "2016-03-30T06:54:11.000Z",
"first_observed": "2016-03-30T06:54:11Z",
"last_observed": "2016-03-30T06:54:11Z",
"number_observed": 1,
"object_refs": [
"url--56fb7813-9714-4300-a683-4aa602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fb7813-9714-4300-a683-4aa602de0b81",
"value": "https://www.virustotal.com/file/fe461e8d5f89a78d89522f0a69f1f78ae9cd41dc772a38d88eed677ccde2fd83/analysis/1441264811/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7814-20fc-4425-ae0c-4c9d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:12.000Z",
"modified": "2016-03-30T06:54:12.000Z",
"description": "- Xchecked via VT: ae80f056b8c38873ab1251c454ed1fe9",
"pattern": "[file:hashes.SHA256 = 'c84fc7bef4e77e1f913a4be1a7114d255459f9d808fcc09b0f441e3761e5e4a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7814-1cf0-48ea-a52f-45d802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:12.000Z",
"modified": "2016-03-30T06:54:12.000Z",
"description": "- Xchecked via VT: ae80f056b8c38873ab1251c454ed1fe9",
"pattern": "[file:hashes.SHA1 = '4a4f670f59073191c4b06e857151725208693c39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fb7814-9d74-46a8-8955-4eb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:12.000Z",
"modified": "2016-03-30T06:54:12.000Z",
"first_observed": "2016-03-30T06:54:12Z",
"last_observed": "2016-03-30T06:54:12Z",
"number_observed": 1,
"object_refs": [
"url--56fb7814-9d74-46a8-8955-4eb602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fb7814-9d74-46a8-8955-4eb602de0b81",
"value": "https://www.virustotal.com/file/c84fc7bef4e77e1f913a4be1a7114d255459f9d808fcc09b0f441e3761e5e4a4/analysis/1459263257/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7814-aa54-4383-b8af-429702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:12.000Z",
"modified": "2016-03-30T06:54:12.000Z",
"description": "- Xchecked via VT: 272ff690f6d27d2953fbadf75791274c",
"pattern": "[file:hashes.SHA256 = '580e638dcea5b47cf3fc1e1b486e78cf053565e3f862e923abc8f128bcaf54b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7815-4b18-42e0-bef6-426202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:13.000Z",
"modified": "2016-03-30T06:54:13.000Z",
"description": "- Xchecked via VT: 272ff690f6d27d2953fbadf75791274c",
"pattern": "[file:hashes.SHA1 = '8e74830b02b73c12b7eb7f273bb60ef18b658dbd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fb7815-7ab4-440c-9ef9-43a202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:13.000Z",
"modified": "2016-03-30T06:54:13.000Z",
"first_observed": "2016-03-30T06:54:13Z",
"last_observed": "2016-03-30T06:54:13Z",
"number_observed": 1,
"object_refs": [
"url--56fb7815-7ab4-440c-9ef9-43a202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fb7815-7ab4-440c-9ef9-43a202de0b81",
"value": "https://www.virustotal.com/file/580e638dcea5b47cf3fc1e1b486e78cf053565e3f862e923abc8f128bcaf54b8/analysis/1407397787/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7815-b3e4-4997-82aa-4bfa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:13.000Z",
"modified": "2016-03-30T06:54:13.000Z",
"description": "- Xchecked via VT: c182e33cf7e85316e9dc0e13999db45e",
"pattern": "[file:hashes.SHA256 = '52a2931cb88f50cfb6a5728797c6e5ea201e0ea8493e7eba1eac02e50273edbb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7816-9604-4ddc-b48c-406002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:14.000Z",
"modified": "2016-03-30T06:54:14.000Z",
"description": "- Xchecked via VT: c182e33cf7e85316e9dc0e13999db45e",
"pattern": "[file:hashes.SHA1 = 'b9ecda3a8695d0385d1764091b9bb751cfb92ff6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fb7816-8464-4f18-8f1c-418902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:14.000Z",
"modified": "2016-03-30T06:54:14.000Z",
"first_observed": "2016-03-30T06:54:14Z",
"last_observed": "2016-03-30T06:54:14Z",
"number_observed": 1,
"object_refs": [
"url--56fb7816-8464-4f18-8f1c-418902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fb7816-8464-4f18-8f1c-418902de0b81",
"value": "https://www.virustotal.com/file/52a2931cb88f50cfb6a5728797c6e5ea201e0ea8493e7eba1eac02e50273edbb/analysis/1442570891/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7816-a5e0-4816-812e-425d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:14.000Z",
"modified": "2016-03-30T06:54:14.000Z",
"description": "- Xchecked via VT: e7205c0b80035b629d80b5e7aeff7b0e",
"pattern": "[file:hashes.SHA256 = '9a9aa2c782b2747668ebe5ce3b509b970521e8a1aab1e89dcd87cb9e9a083982']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7817-1aa0-4a96-96c9-4bfc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:15.000Z",
"modified": "2016-03-30T06:54:15.000Z",
"description": "- Xchecked via VT: e7205c0b80035b629d80b5e7aeff7b0e",
"pattern": "[file:hashes.SHA1 = '63c1e2b477bfbc05a9f2806adfcdfe1bc03cef1c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fb7817-c508-4707-9731-4bb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:15.000Z",
"modified": "2016-03-30T06:54:15.000Z",
"first_observed": "2016-03-30T06:54:15Z",
"last_observed": "2016-03-30T06:54:15Z",
"number_observed": 1,
"object_refs": [
"url--56fb7817-c508-4707-9731-4bb602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fb7817-c508-4707-9731-4bb602de0b81",
"value": "https://www.virustotal.com/file/9a9aa2c782b2747668ebe5ce3b509b970521e8a1aab1e89dcd87cb9e9a083982/analysis/1458897537/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7817-9484-4c10-93dd-40a202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:15.000Z",
"modified": "2016-03-30T06:54:15.000Z",
"description": "- Xchecked via VT: c3e6ce287d12ac39ceb24e08dc63e3b5",
"pattern": "[file:hashes.SHA256 = '22923e9c1db6e9fb3ffc131adffa8607748e948b7e87e36679d8600cb8ff86a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7817-aec4-4197-aa0a-4bb202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:15.000Z",
"modified": "2016-03-30T06:54:15.000Z",
"description": "- Xchecked via VT: c3e6ce287d12ac39ceb24e08dc63e3b5",
"pattern": "[file:hashes.SHA1 = '76db73ab0b5393a6a871b6ac8b7c467af61ee729']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fb7818-3734-4f5b-8e9a-4cae02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:16.000Z",
"modified": "2016-03-30T06:54:16.000Z",
"first_observed": "2016-03-30T06:54:16Z",
"last_observed": "2016-03-30T06:54:16Z",
"number_observed": 1,
"object_refs": [
"url--56fb7818-3734-4f5b-8e9a-4cae02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fb7818-3734-4f5b-8e9a-4cae02de0b81",
"value": "https://www.virustotal.com/file/22923e9c1db6e9fb3ffc131adffa8607748e948b7e87e36679d8600cb8ff86a4/analysis/1397818663/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7818-75d4-4a89-9b41-45c602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:16.000Z",
"modified": "2016-03-30T06:54:16.000Z",
"description": "- Xchecked via VT: 7ad3b2b6eee18af6816b6f4f7f7f71a6",
"pattern": "[file:hashes.SHA256 = 'a1f8f780821d3c3c8d0e08e44854c09b6f44725ce782987882f6b8fd24a57145']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7818-7c6c-4423-862d-436402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:16.000Z",
"modified": "2016-03-30T06:54:16.000Z",
"description": "- Xchecked via VT: 7ad3b2b6eee18af6816b6f4f7f7f71a6",
"pattern": "[file:hashes.SHA1 = '52d455c5c8d4c8a852f8c3d9c477154e01604a8b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fb7819-a9a4-4011-a751-4a3a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:17.000Z",
"modified": "2016-03-30T06:54:17.000Z",
"first_observed": "2016-03-30T06:54:17Z",
"last_observed": "2016-03-30T06:54:17Z",
"number_observed": 1,
"object_refs": [
"url--56fb7819-a9a4-4011-a751-4a3a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fb7819-a9a4-4011-a751-4a3a02de0b81",
"value": "https://www.virustotal.com/file/a1f8f780821d3c3c8d0e08e44854c09b6f44725ce782987882f6b8fd24a57145/analysis/1459263245/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7819-1f58-4ea9-9bea-4c9502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:17.000Z",
"modified": "2016-03-30T06:54:17.000Z",
"description": "- Xchecked via VT: 4438921ea3d08d0c90f2f903556967e5",
"pattern": "[file:hashes.SHA256 = '31f8f6b30da868df88cfcbcaa7d3144ddf76ebd4c6852479a7a6643ce311ac01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb7819-83f0-49a8-b8dd-446202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:17.000Z",
"modified": "2016-03-30T06:54:17.000Z",
"description": "- Xchecked via VT: 4438921ea3d08d0c90f2f903556967e5",
"pattern": "[file:hashes.SHA1 = '2b798aa6018278ddd868253831439a8da3571edf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fb781a-6670-4e54-a213-47d002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:18.000Z",
"modified": "2016-03-30T06:54:18.000Z",
"first_observed": "2016-03-30T06:54:18Z",
"last_observed": "2016-03-30T06:54:18Z",
"number_observed": 1,
"object_refs": [
"url--56fb781a-6670-4e54-a213-47d002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fb781a-6670-4e54-a213-47d002de0b81",
"value": "https://www.virustotal.com/file/31f8f6b30da868df88cfcbcaa7d3144ddf76ebd4c6852479a7a6643ce311ac01/analysis/1457938903/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb781a-81a0-4ea3-95b1-4ea402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:18.000Z",
"modified": "2016-03-30T06:54:18.000Z",
"description": "- Xchecked via VT: 285de6e5d3ed8ca966430846888a56ff",
"pattern": "[file:hashes.SHA256 = 'f0ac7076b7295f39e76288b98adb8b2fb550a081d1a0f937e0db214bbb90996e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb781a-0a0c-40c3-80c5-4d2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:18.000Z",
"modified": "2016-03-30T06:54:18.000Z",
"description": "- Xchecked via VT: 285de6e5d3ed8ca966430846888a56ff",
"pattern": "[file:hashes.SHA1 = '9f5e1b4bd1be64869f98af484881c5df5859a312']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fb781b-54d4-473e-b222-486202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:19.000Z",
"modified": "2016-03-30T06:54:19.000Z",
"first_observed": "2016-03-30T06:54:19Z",
"last_observed": "2016-03-30T06:54:19Z",
"number_observed": 1,
"object_refs": [
"url--56fb781b-54d4-473e-b222-486202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fb781b-54d4-473e-b222-486202de0b81",
"value": "https://www.virustotal.com/file/f0ac7076b7295f39e76288b98adb8b2fb550a081d1a0f937e0db214bbb90996e/analysis/1415944613/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb781b-80fc-4a69-9336-49bd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:19.000Z",
"modified": "2016-03-30T06:54:19.000Z",
"description": "- Xchecked via VT: eca0ef705d148ff105dbaf40ce9d1d5e",
"pattern": "[file:hashes.SHA256 = '8f4c585a5310c415071c844f7df165c0d8f386eb9a8b35953a5b669f4abf9729']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fb781b-aa24-462e-8602-4ea302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:19.000Z",
"modified": "2016-03-30T06:54:19.000Z",
"description": "- Xchecked via VT: eca0ef705d148ff105dbaf40ce9d1d5e",
"pattern": "[file:hashes.SHA1 = 'cdcc2d4557ef9e27e4d41608076f92e4129617d6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T06:54:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fb781c-a0a8-43fe-b5c1-4c6602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T06:54:20.000Z",
"modified": "2016-03-30T06:54:20.000Z",
"first_observed": "2016-03-30T06:54:20Z",
"last_observed": "2016-03-30T06:54:20Z",
"number_observed": 1,
"object_refs": [
"url--56fb781c-a0a8-43fe-b5c1-4c6602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fb781c-a0a8-43fe-b5c1-4c6602de0b81",
"value": "https://www.virustotal.com/file/8f4c585a5310c415071c844f7df165c0d8f386eb9a8b35953a5b669f4abf9729/analysis/1459271737/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink