adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5730965a-fa18-43d4-8692-4296950d210f.json

3626 lines
No EOL
151 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5730965a-fa18-43d4-8692-4296950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-17T16:29:45.000Z",
"modified": "2016-05-17T16:29:45.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5730965a-fa18-43d4-8692-4296950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-17T16:29:45.000Z",
"modified": "2016-05-17T16:29:45.000Z",
"name": "OSINT - Exploring CVE-2015-2545 and its users",
"published": "2016-05-17T16:29:56Z",
"object_refs": [
"observed-data--57309679-c764-42e3-884f-4d43950d210f",
"url--57309679-c764-42e3-884f-4d43950d210f",
"x-misp-attribute--5730968f-3884-40ed-af95-4b69950d210f",
"indicator--573096bd-7f90-4910-a666-4618950d210f",
"indicator--573096be-75c4-449c-88d6-489a950d210f",
"indicator--573096be-f488-4c6d-b475-4b8e950d210f",
"indicator--573096bf-d334-4dd4-9413-47f5950d210f",
"indicator--573096bf-3654-46f6-a8ff-4fcf950d210f",
"indicator--573096bf-685c-4432-8041-4bb4950d210f",
"indicator--573096c0-e75c-4ddf-94cd-43b9950d210f",
"indicator--573096c0-00cc-47e7-b21e-4594950d210f",
"indicator--573096c0-bb7c-464c-8c2f-4c68950d210f",
"indicator--573096c1-a634-4b37-8589-4315950d210f",
"indicator--573096c1-2c24-4cf2-b662-4505950d210f",
"indicator--573096c2-c7c4-4925-81c4-409a950d210f",
"indicator--573096c2-4f38-4b21-835f-45e7950d210f",
"indicator--573096c2-3000-440c-b9a0-4306950d210f",
"indicator--573096c3-23d4-4feb-9669-4939950d210f",
"indicator--573096c3-5370-4be5-9d3a-48d2950d210f",
"indicator--573096c3-d954-4076-be16-43f3950d210f",
"indicator--573096c4-01ec-41ec-9526-460b950d210f",
"indicator--573096c4-c424-449f-93b2-43d8950d210f",
"indicator--573096c4-8b60-4273-af8a-469e950d210f",
"indicator--573096c5-0e24-4c4d-8c17-4f41950d210f",
"indicator--573096c5-6ac8-49e4-9e03-4265950d210f",
"indicator--573096c6-a3ac-49e0-ac99-4709950d210f",
"indicator--573096c6-d008-4da9-9e79-4f5f950d210f",
"indicator--573096c6-a2dc-4e4d-9a40-4054950d210f",
"indicator--573096c6-75d0-456e-8694-4799950d210f",
"indicator--573096c7-a3f0-4000-81f6-4342950d210f",
"indicator--573096c7-0f6c-44e1-a170-48c7950d210f",
"indicator--573096c8-4c2c-4762-9928-4f74950d210f",
"indicator--573096c8-f6fc-4b24-9510-4c83950d210f",
"indicator--573096c8-5f54-450b-a850-460b950d210f",
"indicator--57309701-f72c-462d-ab5f-4f6c950d210f",
"indicator--57309702-be28-4650-bfb6-4eeb950d210f",
"indicator--57309702-642c-403f-8147-48e6950d210f",
"indicator--57309702-ca04-4367-937a-4b59950d210f",
"indicator--57309703-c820-4be8-b22f-4917950d210f",
"indicator--57309703-d590-46de-a4a5-4120950d210f",
"indicator--57309704-0f68-490f-8050-48dc950d210f",
"indicator--57309704-414c-4c57-97f9-4c5d950d210f",
"indicator--57309704-9144-421c-9d00-4818950d210f",
"indicator--57309705-c9f0-484f-a1ed-4498950d210f",
"indicator--57309705-39c8-4d2a-80e3-47f1950d210f",
"observed-data--57309705-32c0-4bcd-9144-486f950d210f",
"network-traffic--57309705-32c0-4bcd-9144-486f950d210f",
"ipv4-addr--57309705-32c0-4bcd-9144-486f950d210f",
"indicator--57309706-c984-49d0-9ecb-471f950d210f",
"indicator--57309706-6d88-45cd-9fe3-49d1950d210f",
"indicator--57309707-363c-447a-afdb-4648950d210f",
"indicator--5730976b-293c-4e74-b9c6-48ab02de0b81",
"indicator--5730976b-aefc-414d-9070-4f4702de0b81",
"observed-data--5730976c-bac8-46c6-85c3-449d02de0b81",
"url--5730976c-bac8-46c6-85c3-449d02de0b81",
"indicator--5730976c-b97c-4e14-87d0-445d02de0b81",
"indicator--5730976c-35fc-40e0-b4a4-4fb802de0b81",
"observed-data--5730976d-0a48-43e5-99d9-412602de0b81",
"url--5730976d-0a48-43e5-99d9-412602de0b81",
"indicator--5730976d-8dd4-4ace-90b2-480f02de0b81",
"indicator--5730976d-05a0-4305-8bab-474c02de0b81",
"observed-data--5730976e-ec4c-454f-bd2a-494002de0b81",
"url--5730976e-ec4c-454f-bd2a-494002de0b81",
"indicator--5730976e-a23c-46d8-bc2b-423402de0b81",
"indicator--5730976e-1e8c-4f24-a450-44f402de0b81",
"observed-data--5730976f-4df8-4a94-b44e-44f002de0b81",
"url--5730976f-4df8-4a94-b44e-44f002de0b81",
"indicator--5730976f-38a0-4820-ac19-488702de0b81",
"indicator--5730976f-c2f8-4c19-b901-4b2f02de0b81",
"observed-data--57309770-c528-4aab-9970-41b502de0b81",
"url--57309770-c528-4aab-9970-41b502de0b81",
"indicator--57309770-8114-4121-b83f-423902de0b81",
"indicator--57309770-96e0-450a-81ae-458502de0b81",
"observed-data--57309771-1a3c-4890-8205-4dda02de0b81",
"url--57309771-1a3c-4890-8205-4dda02de0b81",
"indicator--57309771-b89c-4cf5-b9ba-4cdc02de0b81",
"indicator--57309772-49d8-4dc5-a56e-41da02de0b81",
"observed-data--57309772-c6b4-42df-a565-4ed802de0b81",
"url--57309772-c6b4-42df-a565-4ed802de0b81",
"indicator--57309772-4fd0-4559-bb39-4cc902de0b81",
"indicator--57309772-026c-4ca2-9719-436302de0b81",
"observed-data--57309773-fce8-44ce-a5e1-46bb02de0b81",
"url--57309773-fce8-44ce-a5e1-46bb02de0b81",
"indicator--57309773-f94c-4524-b946-453c02de0b81",
"indicator--57309773-d4dc-42d4-b9e4-41c002de0b81",
"observed-data--57309774-9964-4d06-98a2-4def02de0b81",
"url--57309774-9964-4d06-98a2-4def02de0b81",
"indicator--57309774-2884-4313-afa0-4c4002de0b81",
"indicator--57309774-c228-46ac-8534-4d1102de0b81",
"observed-data--57309775-8ff8-4c15-8a5e-439602de0b81",
"url--57309775-8ff8-4c15-8a5e-439602de0b81",
"indicator--57309775-96e0-4600-b6e1-476f02de0b81",
"indicator--57309775-b538-4a8e-b4a1-45f502de0b81",
"observed-data--57309776-0f30-46e6-b385-4f8402de0b81",
"url--57309776-0f30-46e6-b385-4f8402de0b81",
"indicator--57309776-fa34-4772-8ae8-429202de0b81",
"indicator--57309776-38f4-4945-8e20-4be502de0b81",
"observed-data--57309777-34d8-40de-8d0e-43d602de0b81",
"url--57309777-34d8-40de-8d0e-43d602de0b81",
"indicator--57309777-eff0-49be-92ae-439f02de0b81",
"indicator--57309777-8758-4203-ada3-431d02de0b81",
"observed-data--57309778-9e68-4225-aede-497302de0b81",
"url--57309778-9e68-4225-aede-497302de0b81",
"indicator--57309778-8ddc-4e0e-85b5-463b02de0b81",
"indicator--57309778-0c8c-46c5-a473-4f7102de0b81",
"observed-data--57309779-4bb4-40c8-8a54-491e02de0b81",
"url--57309779-4bb4-40c8-8a54-491e02de0b81",
"indicator--57309779-0a18-47f8-bea6-419702de0b81",
"indicator--57309779-9d14-4ea4-aab9-44fa02de0b81",
"observed-data--5730977a-aab0-40c2-b187-469d02de0b81",
"url--5730977a-aab0-40c2-b187-469d02de0b81",
"indicator--5730977a-2a08-4b57-99ce-49fb02de0b81",
"indicator--5730977a-eca8-4862-9306-40f202de0b81",
"observed-data--5730977b-61dc-4c45-a6d2-4de702de0b81",
"url--5730977b-61dc-4c45-a6d2-4de702de0b81",
"indicator--5730977b-4f64-44c9-b8c0-406302de0b81",
"indicator--5730977b-4b08-4167-a54d-435702de0b81",
"observed-data--5730977c-c0ac-43c2-8064-4f3102de0b81",
"url--5730977c-c0ac-43c2-8064-4f3102de0b81",
"indicator--5730977c-fce8-4de3-8115-444a02de0b81",
"indicator--5730977c-59b8-4cd8-b9b6-4e8e02de0b81",
"observed-data--5730977d-dc34-4edd-a695-452602de0b81",
"url--5730977d-dc34-4edd-a695-452602de0b81",
"indicator--5730977d-04ec-4521-b9b3-419a02de0b81",
"indicator--5730977d-88f4-44d6-be62-44f202de0b81",
"observed-data--5730977e-f7dc-4fb5-ae9b-434302de0b81",
"url--5730977e-f7dc-4fb5-ae9b-434302de0b81",
"indicator--5730977e-5234-4c5e-940a-486902de0b81",
"indicator--5730977e-de50-4099-81e7-492b02de0b81",
"observed-data--5730977f-5b04-4397-9f11-4ef402de0b81",
"url--5730977f-5b04-4397-9f11-4ef402de0b81",
"indicator--5730977f-c860-435a-9ccf-498302de0b81",
"indicator--5730977f-2af4-41d3-b2ec-41d702de0b81",
"observed-data--57309780-b1d4-4395-bd91-48f102de0b81",
"url--57309780-b1d4-4395-bd91-48f102de0b81",
"indicator--57309780-2780-4b19-b7b8-416402de0b81",
"indicator--57309780-d854-44d8-9a00-490902de0b81",
"observed-data--57309781-bd38-4e6c-9f41-438802de0b81",
"url--57309781-bd38-4e6c-9f41-438802de0b81",
"indicator--57309781-be10-4a8b-9efb-469e02de0b81",
"indicator--57309781-2a34-4d16-9a2a-42e402de0b81",
"observed-data--57309782-0ebc-4115-ba61-408e02de0b81",
"url--57309782-0ebc-4115-ba61-408e02de0b81",
"indicator--57309782-cb60-40d2-9a30-45d602de0b81",
"indicator--57309782-f2cc-4ec4-b507-42ea02de0b81",
"observed-data--57309783-ef94-4cb5-9586-415902de0b81",
"url--57309783-ef94-4cb5-9586-415902de0b81",
"indicator--57309783-c5ac-4d1f-8cef-42d602de0b81",
"indicator--57309783-262c-434f-9e6f-417c02de0b81",
"observed-data--57309784-fc34-4a94-b3e2-4d8502de0b81",
"url--57309784-fc34-4a94-b3e2-4d8502de0b81",
"indicator--57309784-d780-48c1-b3bb-49a102de0b81",
"indicator--57309784-b680-44f8-a731-428402de0b81",
"observed-data--57309785-0488-4ff9-ac64-4f6402de0b81",
"url--57309785-0488-4ff9-ac64-4f6402de0b81",
"indicator--57309785-80c4-4018-9051-49a402de0b81",
"indicator--57309785-65e4-4891-9094-448c02de0b81",
"observed-data--57309786-d8c8-494f-9734-47bb02de0b81",
"url--57309786-d8c8-494f-9734-47bb02de0b81",
"indicator--57309786-b92c-4cc2-a847-48c902de0b81",
"indicator--57309786-944c-46a8-930f-438402de0b81",
"observed-data--57309786-ef68-4a7a-a586-4ca302de0b81",
"url--57309786-ef68-4a7a-a586-4ca302de0b81",
"indicator--57309787-32e0-40f4-b5ec-472802de0b81",
"indicator--57309787-5154-454f-b255-462102de0b81",
"observed-data--57309787-8b08-4087-81b3-4e9502de0b81",
"url--57309787-8b08-4087-81b3-4e9502de0b81",
"indicator--57309788-5864-4012-8b2f-47e002de0b81",
"indicator--57309788-433c-4fb6-9ef8-4d6c02de0b81",
"observed-data--57309788-8428-4c7c-9a3a-4b4e02de0b81",
"url--57309788-8428-4c7c-9a3a-4b4e02de0b81",
"indicator--57309789-6d6c-4440-8303-409502de0b81",
"indicator--57309789-cdcc-4f20-b6b8-45a502de0b81",
"observed-data--57309789-5b4c-4d7e-9637-402502de0b81",
"url--57309789-5b4c-4d7e-9637-402502de0b81",
"vulnerability--5730979d-28ac-4b7c-83d4-14d9950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309679-c764-42e3-884f-4d43950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:54:01.000Z",
"modified": "2016-05-09T13:54:01.000Z",
"first_observed": "2016-05-09T13:54:01Z",
"last_observed": "2016-05-09T13:54:01Z",
"number_observed": 1,
"object_refs": [
"url--57309679-c764-42e3-884f-4d43950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309679-c764-42e3-884f-4d43950d210f",
"value": "http://pwc.blogs.com/cyber_security_updates/2016/05/exploring-cve-2015-2545-and-its-users.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5730968f-3884-40ed-af95-4b69950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:54:23.000Z",
"modified": "2016-05-09T13:54:23.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "This report, available at TLP:GREEN to researchers and network defenders, gives an overview of different attacks using CVE-2015-2545. Specifically we look at the different ways attackers are triggering the vulnerability, and the possibility that the exploit is shared amongst various groups. Based on overlaps in the samples analysed, our findings show that there are several clusters of documents, with the majority of the document-based builders sharing similar constructs in terms of how the final payload is discovered and executed. We also found that more recently some attackers are triggering the vulnerability through the use of MHTML files with .doc extensions."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096bd-7f90-4910-a666-4618950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:09.000Z",
"modified": "2016-05-09T13:55:09.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '3fe0cbedec6969803a72b8c76a4a0a03']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096be-75c4-449c-88d6-489a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:10.000Z",
"modified": "2016-05-09T13:55:10.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '50064d33625970a8145add7e3e242fe3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096be-f488-4c6d-b475-4b8e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:10.000Z",
"modified": "2016-05-09T13:55:10.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '6a6a8cb2e59439891e53b04024573d37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096bf-d334-4dd4-9413-47f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:11.000Z",
"modified": "2016-05-09T13:55:11.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'e1b4a5a565fdfcec52346d3b6063c587']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096bf-3654-46f6-a8ff-4fcf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:11.000Z",
"modified": "2016-05-09T13:55:11.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '9b6af5f8878a3fde32a3e8ff3cf98906']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096bf-685c-4432-8041-4bb4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:11.000Z",
"modified": "2016-05-09T13:55:11.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '6d55eb3ced35c7479f67167d84bf15f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c0-e75c-4ddf-94cd-43b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:12.000Z",
"modified": "2016-05-09T13:55:12.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '21bb2d447247fd81c42d4262de36adb6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c0-00cc-47e7-b21e-4594950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:12.000Z",
"modified": "2016-05-09T13:55:12.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '375e51a989525cfec8296faaffdefa35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c0-bb7c-464c-8c2f-4c68950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:12.000Z",
"modified": "2016-05-09T13:55:12.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '445886e6187cb36ee33ef7e27b7d5dbe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c1-a634-4b37-8589-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:13.000Z",
"modified": "2016-05-09T13:55:13.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'f4c1e96717c82b14ca76384cb005fbe5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c1-2c24-4cf2-b662-4505950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:13.000Z",
"modified": "2016-05-09T13:55:13.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'aae962611da956a26a76d185455f1d44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c2-c7c4-4925-81c4-409a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:14.000Z",
"modified": "2016-05-09T13:55:14.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'c591263d56b57dfadd06a68dd9657343']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c2-4f38-4b21-835f-45e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:14.000Z",
"modified": "2016-05-09T13:55:14.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '03a537ff04deaf2c30b23122d795fee2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c2-3000-440c-b9a0-4306950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:14.000Z",
"modified": "2016-05-09T13:55:14.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'a4144b9bc99ab39d16c8125a19382316']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c3-23d4-4feb-9669-4939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:15.000Z",
"modified": "2016-05-09T13:55:15.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'bfc4133a64a8a8a53c02f9d471c79c16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c3-5370-4be5-9d3a-48d2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:15.000Z",
"modified": "2016-05-09T13:55:15.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '07614906c9b0ed9cfae07306c32555b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c3-d954-4076-be16-43f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:15.000Z",
"modified": "2016-05-09T13:55:15.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'e63896f2dfcc2ee2173944ef16ddc131']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c4-01ec-41ec-9526-460b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:16.000Z",
"modified": "2016-05-09T13:55:16.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '805a522481056441e881c46c69b808f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c4-c424-449f-93b2-43d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:16.000Z",
"modified": "2016-05-09T13:55:16.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'c48521d427f40148ee6e5a953ea23622']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c4-8b60-4273-af8a-469e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:16.000Z",
"modified": "2016-05-09T13:55:16.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'ebc3f26c0bfc473c840c9e4f3393671d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c5-0e24-4c4d-8c17-4f41950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:17.000Z",
"modified": "2016-05-09T13:55:17.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '238ca1ab29f191b767837748fb655c8e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c5-6ac8-49e4-9e03-4265950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:17.000Z",
"modified": "2016-05-09T13:55:17.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '2689515f0bbdf4f3fd4448d0fdc9f2a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c6-a3ac-49e0-ac99-4709950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:17.000Z",
"modified": "2016-05-09T13:55:17.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'f89c4fb64edc993604d53e5fad6585d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c6-d008-4da9-9e79-4f5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:18.000Z",
"modified": "2016-05-09T13:55:18.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'e95f65bfe3e54d58dcbef3275d0c3f49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c6-a2dc-4e4d-9a40-4054950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:18.000Z",
"modified": "2016-05-09T13:55:18.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'e61211931319ece42ec4755a6f6fc815']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c6-75d0-456e-8694-4799950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:18.000Z",
"modified": "2016-05-09T13:55:18.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'b49de68758f2c1c2f7dfe60fe67d1516']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c7-a3f0-4000-81f6-4342950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:19.000Z",
"modified": "2016-05-09T13:55:19.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'd0533874d7255b881187e842e747c268']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c7-0f6c-44e1-a170-48c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:19.000Z",
"modified": "2016-05-09T13:55:19.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'e560dfba68e5bd9a84aeb7b79c9b11ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c8-4c2c-4762-9928-4f74950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:20.000Z",
"modified": "2016-05-09T13:55:20.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = 'edde511d4872c4b2551e7ad22e746fb6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c8-f6fc-4b24-9510-4c83950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:20.000Z",
"modified": "2016-05-09T13:55:20.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '40fdca3c932b12b6740cea1266021c6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--573096c8-5f54-450b-a850-460b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:55:20.000Z",
"modified": "2016-05-09T13:55:20.000Z",
"description": "Samples",
"pattern": "[file:hashes.MD5 = '03726d30ebffaf5455a932dee69ce6e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:55:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309701-f72c-462d-ab5f-4f6c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:56:17.000Z",
"modified": "2016-05-09T13:56:17.000Z",
"description": "C2s",
"pattern": "[domain-name:value = 'sent.leeh0m.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:56:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309702-be28-4650-bfb6-4eeb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:56:18.000Z",
"modified": "2016-05-09T13:56:18.000Z",
"description": "C2s",
"pattern": "[domain-name:value = 'found.leeh0m.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309702-642c-403f-8147-48e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:56:18.000Z",
"modified": "2016-05-09T13:56:18.000Z",
"description": "C2s",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.62.238.73']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309702-ca04-4367-937a-4b59950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:56:18.000Z",
"modified": "2016-05-09T13:56:18.000Z",
"description": "C2s",
"pattern": "[domain-name:value = 'newsupdate.dynssl.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309703-c820-4be8-b22f-4917950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:56:19.000Z",
"modified": "2016-05-09T13:56:19.000Z",
"description": "C2s",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.127.249.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:56:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309703-d590-46de-a4a5-4120950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:56:19.000Z",
"modified": "2016-05-09T13:56:19.000Z",
"description": "C2s",
"pattern": "[domain-name:value = 'carwiseplot.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:56:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309704-0f68-490f-8050-48dc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:56:20.000Z",
"modified": "2016-05-09T13:56:20.000Z",
"description": "C2s",
"pattern": "[domain-name:value = 'goback.strangled.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:56:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309704-414c-4c57-97f9-4c5d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:56:20.000Z",
"modified": "2016-05-09T13:56:20.000Z",
"description": "C2s",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.10.71.35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:56:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309704-9144-421c-9d00-4818950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:56:20.000Z",
"modified": "2016-05-09T13:56:20.000Z",
"description": "C2s",
"pattern": "[domain-name:value = 'www.kashiwa-js.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:56:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309705-c9f0-484f-a1ed-4498950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:56:21.000Z",
"modified": "2016-05-09T13:56:21.000Z",
"description": "C2s",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.128.92.49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:56:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309705-39c8-4d2a-80e3-47f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:56:21.000Z",
"modified": "2016-05-09T13:56:21.000Z",
"description": "C2s",
"pattern": "[domain-name:value = 'news.rinpocheinfo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:56:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309705-32c0-4bcd-9144-486f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-17T16:29:45.000Z",
"modified": "2016-05-17T16:29:45.000Z",
"first_observed": "2016-05-17T16:29:45Z",
"last_observed": "2016-05-17T16:29:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--57309705-32c0-4bcd-9144-486f950d210f",
"ipv4-addr--57309705-32c0-4bcd-9144-486f950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--57309705-32c0-4bcd-9144-486f950d210f",
"dst_ref": "ipv4-addr--57309705-32c0-4bcd-9144-486f950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--57309705-32c0-4bcd-9144-486f950d210f",
"value": "192.168.1.114"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309706-c984-49d0-9ecb-471f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:56:22.000Z",
"modified": "2016-05-09T13:56:22.000Z",
"description": "C2s",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.188.13.204']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:56:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309706-6d88-45cd-9fe3-49d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:56:22.000Z",
"modified": "2016-05-09T13:56:22.000Z",
"description": "C2s",
"pattern": "[domain-name:value = 'coffeol.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:56:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309707-363c-447a-afdb-4648950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:56:23.000Z",
"modified": "2016-05-09T13:56:23.000Z",
"description": "C2s",
"pattern": "[domain-name:value = 'updo.nl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:56:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730976b-293c-4e74-b9c6-48ab02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:03.000Z",
"modified": "2016-05-09T13:58:03.000Z",
"description": "Samples - Xchecked via VT: 03726d30ebffaf5455a932dee69ce6e7",
"pattern": "[file:hashes.SHA256 = 'aaa533a2d2b9380d20ed55e4a345c5d4b5b41c7e2e6e21690898a804b1ae01f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730976b-aefc-414d-9070-4f4702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:03.000Z",
"modified": "2016-05-09T13:58:03.000Z",
"description": "Samples - Xchecked via VT: 03726d30ebffaf5455a932dee69ce6e7",
"pattern": "[file:hashes.SHA1 = '53df943e6849646dded98fbf82e9e01b8a9c27f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5730976c-bac8-46c6-85c3-449d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:04.000Z",
"modified": "2016-05-09T13:58:04.000Z",
"first_observed": "2016-05-09T13:58:04Z",
"last_observed": "2016-05-09T13:58:04Z",
"number_observed": 1,
"object_refs": [
"url--5730976c-bac8-46c6-85c3-449d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5730976c-bac8-46c6-85c3-449d02de0b81",
"value": "https://www.virustotal.com/file/aaa533a2d2b9380d20ed55e4a345c5d4b5b41c7e2e6e21690898a804b1ae01f1/analysis/1460607735/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730976c-b97c-4e14-87d0-445d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:04.000Z",
"modified": "2016-05-09T13:58:04.000Z",
"description": "Samples - Xchecked via VT: 40fdca3c932b12b6740cea1266021c6e",
"pattern": "[file:hashes.SHA256 = '56b64cfa571fc156fd59f1d91daed765e92f2283cfcec34121103d5a8f2ba40e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730976c-35fc-40e0-b4a4-4fb802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:04.000Z",
"modified": "2016-05-09T13:58:04.000Z",
"description": "Samples - Xchecked via VT: 40fdca3c932b12b6740cea1266021c6e",
"pattern": "[file:hashes.SHA1 = '1beab7b2cad893820a8fc11c45d12959695c4a0a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5730976d-0a48-43e5-99d9-412602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:05.000Z",
"modified": "2016-05-09T13:58:05.000Z",
"first_observed": "2016-05-09T13:58:05Z",
"last_observed": "2016-05-09T13:58:05Z",
"number_observed": 1,
"object_refs": [
"url--5730976d-0a48-43e5-99d9-412602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5730976d-0a48-43e5-99d9-412602de0b81",
"value": "https://www.virustotal.com/file/56b64cfa571fc156fd59f1d91daed765e92f2283cfcec34121103d5a8f2ba40e/analysis/1461070877/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730976d-8dd4-4ace-90b2-480f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:05.000Z",
"modified": "2016-05-09T13:58:05.000Z",
"description": "Samples - Xchecked via VT: edde511d4872c4b2551e7ad22e746fb6",
"pattern": "[file:hashes.SHA256 = '80bcee618f35a2bdbfbd2d1281a3a49e6a347856b98789fca0aca8a236e377c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730976d-05a0-4305-8bab-474c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:05.000Z",
"modified": "2016-05-09T13:58:05.000Z",
"description": "Samples - Xchecked via VT: edde511d4872c4b2551e7ad22e746fb6",
"pattern": "[file:hashes.SHA1 = '1013008b69c2ecda1246878e9d2e58d804328502']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5730976e-ec4c-454f-bd2a-494002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:06.000Z",
"modified": "2016-05-09T13:58:06.000Z",
"first_observed": "2016-05-09T13:58:06Z",
"last_observed": "2016-05-09T13:58:06Z",
"number_observed": 1,
"object_refs": [
"url--5730976e-ec4c-454f-bd2a-494002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5730976e-ec4c-454f-bd2a-494002de0b81",
"value": "https://www.virustotal.com/file/80bcee618f35a2bdbfbd2d1281a3a49e6a347856b98789fca0aca8a236e377c9/analysis/1455499591/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730976e-a23c-46d8-bc2b-423402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:06.000Z",
"modified": "2016-05-09T13:58:06.000Z",
"description": "Samples - Xchecked via VT: e560dfba68e5bd9a84aeb7b79c9b11ea",
"pattern": "[file:hashes.SHA256 = '0ac545923dba566c3bba265a872518ccd66874dd4688d41c59bf0d89eac2f3f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730976e-1e8c-4f24-a450-44f402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:06.000Z",
"modified": "2016-05-09T13:58:06.000Z",
"description": "Samples - Xchecked via VT: e560dfba68e5bd9a84aeb7b79c9b11ea",
"pattern": "[file:hashes.SHA1 = '4a75cf32d5ca795e4d04e3022d333b0d4a3cdcd8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5730976f-4df8-4a94-b44e-44f002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:07.000Z",
"modified": "2016-05-09T13:58:07.000Z",
"first_observed": "2016-05-09T13:58:07Z",
"last_observed": "2016-05-09T13:58:07Z",
"number_observed": 1,
"object_refs": [
"url--5730976f-4df8-4a94-b44e-44f002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5730976f-4df8-4a94-b44e-44f002de0b81",
"value": "https://www.virustotal.com/file/0ac545923dba566c3bba265a872518ccd66874dd4688d41c59bf0d89eac2f3f4/analysis/1454062432/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730976f-38a0-4820-ac19-488702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:07.000Z",
"modified": "2016-05-09T13:58:07.000Z",
"description": "Samples - Xchecked via VT: d0533874d7255b881187e842e747c268",
"pattern": "[file:hashes.SHA256 = 'd903ecebede658ff6d7c930f22378bb7471a940632cd59d196f0e8a44ecdb7e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730976f-c2f8-4c19-b901-4b2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:07.000Z",
"modified": "2016-05-09T13:58:07.000Z",
"description": "Samples - Xchecked via VT: d0533874d7255b881187e842e747c268",
"pattern": "[file:hashes.SHA1 = '8cca13ea2381b50be9880047d504d9bc423c1102']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309770-c528-4aab-9970-41b502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:08.000Z",
"modified": "2016-05-09T13:58:08.000Z",
"first_observed": "2016-05-09T13:58:08Z",
"last_observed": "2016-05-09T13:58:08Z",
"number_observed": 1,
"object_refs": [
"url--57309770-c528-4aab-9970-41b502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309770-c528-4aab-9970-41b502de0b81",
"value": "https://www.virustotal.com/file/d903ecebede658ff6d7c930f22378bb7471a940632cd59d196f0e8a44ecdb7e2/analysis/1456452590/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309770-8114-4121-b83f-423902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:08.000Z",
"modified": "2016-05-09T13:58:08.000Z",
"description": "Samples - Xchecked via VT: b49de68758f2c1c2f7dfe60fe67d1516",
"pattern": "[file:hashes.SHA256 = 'e2f3afeddb897ebdafc20e5824e26584a2ba276acaf8616f64ead8c235af2165']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309770-96e0-450a-81ae-458502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:08.000Z",
"modified": "2016-05-09T13:58:08.000Z",
"description": "Samples - Xchecked via VT: b49de68758f2c1c2f7dfe60fe67d1516",
"pattern": "[file:hashes.SHA1 = '24bd3e2240ac578712cb10ab031dfc5e964257af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309771-1a3c-4890-8205-4dda02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:09.000Z",
"modified": "2016-05-09T13:58:09.000Z",
"first_observed": "2016-05-09T13:58:09Z",
"last_observed": "2016-05-09T13:58:09Z",
"number_observed": 1,
"object_refs": [
"url--57309771-1a3c-4890-8205-4dda02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309771-1a3c-4890-8205-4dda02de0b81",
"value": "https://www.virustotal.com/file/e2f3afeddb897ebdafc20e5824e26584a2ba276acaf8616f64ead8c235af2165/analysis/1459934437/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309771-b89c-4cf5-b9ba-4cdc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:09.000Z",
"modified": "2016-05-09T13:58:09.000Z",
"description": "Samples - Xchecked via VT: e61211931319ece42ec4755a6f6fc815",
"pattern": "[file:hashes.SHA256 = '85dd599d9837aaaeb3adc4cd4c7f14dffdc0528bb654de34761fb51653dcd156']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309772-49d8-4dc5-a56e-41da02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:10.000Z",
"modified": "2016-05-09T13:58:10.000Z",
"description": "Samples - Xchecked via VT: e61211931319ece42ec4755a6f6fc815",
"pattern": "[file:hashes.SHA1 = '4868b9fe57d61d14fd3827fe63ae65f7f360075e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309772-c6b4-42df-a565-4ed802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:10.000Z",
"modified": "2016-05-09T13:58:10.000Z",
"first_observed": "2016-05-09T13:58:10Z",
"last_observed": "2016-05-09T13:58:10Z",
"number_observed": 1,
"object_refs": [
"url--57309772-c6b4-42df-a565-4ed802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309772-c6b4-42df-a565-4ed802de0b81",
"value": "https://www.virustotal.com/file/85dd599d9837aaaeb3adc4cd4c7f14dffdc0528bb654de34761fb51653dcd156/analysis/1456215931/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309772-4fd0-4559-bb39-4cc902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:10.000Z",
"modified": "2016-05-09T13:58:10.000Z",
"description": "Samples - Xchecked via VT: e95f65bfe3e54d58dcbef3275d0c3f49",
"pattern": "[file:hashes.SHA256 = 'e5201b276159cca63b1b47b6521b12e7bf2ccec63e2b37d432cfb9555a060aa4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309772-026c-4ca2-9719-436302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:10.000Z",
"modified": "2016-05-09T13:58:10.000Z",
"description": "Samples - Xchecked via VT: e95f65bfe3e54d58dcbef3275d0c3f49",
"pattern": "[file:hashes.SHA1 = 'c0fc95025340b5ed4673b60e88fce3c6c0def638']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309773-fce8-44ce-a5e1-46bb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:11.000Z",
"modified": "2016-05-09T13:58:11.000Z",
"first_observed": "2016-05-09T13:58:11Z",
"last_observed": "2016-05-09T13:58:11Z",
"number_observed": 1,
"object_refs": [
"url--57309773-fce8-44ce-a5e1-46bb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309773-fce8-44ce-a5e1-46bb02de0b81",
"value": "https://www.virustotal.com/file/e5201b276159cca63b1b47b6521b12e7bf2ccec63e2b37d432cfb9555a060aa4/analysis/1456975485/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309773-f94c-4524-b946-453c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:11.000Z",
"modified": "2016-05-09T13:58:11.000Z",
"description": "Samples - Xchecked via VT: f89c4fb64edc993604d53e5fad6585d4",
"pattern": "[file:hashes.SHA256 = 'ac63520803ce7f1343d4fa31588c1fef6abb0783980ad0ba613be749815c5900']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309773-d4dc-42d4-b9e4-41c002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:11.000Z",
"modified": "2016-05-09T13:58:11.000Z",
"description": "Samples - Xchecked via VT: f89c4fb64edc993604d53e5fad6585d4",
"pattern": "[file:hashes.SHA1 = '5bac4be57cdaabe0dd2fa3e54e4d3833fd32df43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309774-9964-4d06-98a2-4def02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:12.000Z",
"modified": "2016-05-09T13:58:12.000Z",
"first_observed": "2016-05-09T13:58:12Z",
"last_observed": "2016-05-09T13:58:12Z",
"number_observed": 1,
"object_refs": [
"url--57309774-9964-4d06-98a2-4def02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309774-9964-4d06-98a2-4def02de0b81",
"value": "https://www.virustotal.com/file/ac63520803ce7f1343d4fa31588c1fef6abb0783980ad0ba613be749815c5900/analysis/1461728936/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309774-2884-4313-afa0-4c4002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:12.000Z",
"modified": "2016-05-09T13:58:12.000Z",
"description": "Samples - Xchecked via VT: 2689515f0bbdf4f3fd4448d0fdc9f2a7",
"pattern": "[file:hashes.SHA256 = '23368088b183a8b7dc59f33413a760daa06fa0e027a1996677c97db2aeec22b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309774-c228-46ac-8534-4d1102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:12.000Z",
"modified": "2016-05-09T13:58:12.000Z",
"description": "Samples - Xchecked via VT: 2689515f0bbdf4f3fd4448d0fdc9f2a7",
"pattern": "[file:hashes.SHA1 = '60e87d5c6b4af85fbcb8645a6f841c368266de16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309775-8ff8-4c15-8a5e-439602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:13.000Z",
"modified": "2016-05-09T13:58:13.000Z",
"first_observed": "2016-05-09T13:58:13Z",
"last_observed": "2016-05-09T13:58:13Z",
"number_observed": 1,
"object_refs": [
"url--57309775-8ff8-4c15-8a5e-439602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309775-8ff8-4c15-8a5e-439602de0b81",
"value": "https://www.virustotal.com/file/23368088b183a8b7dc59f33413a760daa06fa0e027a1996677c97db2aeec22b8/analysis/1454681156/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309775-96e0-4600-b6e1-476f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:13.000Z",
"modified": "2016-05-09T13:58:13.000Z",
"description": "Samples - Xchecked via VT: 238ca1ab29f191b767837748fb655c8e",
"pattern": "[file:hashes.SHA256 = '743ccc54a4ef9d9b836ea3643443d142428d8743edab076074c786e2e759e205']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309775-b538-4a8e-b4a1-45f502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:13.000Z",
"modified": "2016-05-09T13:58:13.000Z",
"description": "Samples - Xchecked via VT: 238ca1ab29f191b767837748fb655c8e",
"pattern": "[file:hashes.SHA1 = '35ac46d3df72ca3646363e5babe3d4594826a48d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309776-0f30-46e6-b385-4f8402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:14.000Z",
"modified": "2016-05-09T13:58:14.000Z",
"first_observed": "2016-05-09T13:58:14Z",
"last_observed": "2016-05-09T13:58:14Z",
"number_observed": 1,
"object_refs": [
"url--57309776-0f30-46e6-b385-4f8402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309776-0f30-46e6-b385-4f8402de0b81",
"value": "https://www.virustotal.com/file/743ccc54a4ef9d9b836ea3643443d142428d8743edab076074c786e2e759e205/analysis/1461733460/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309776-fa34-4772-8ae8-429202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:14.000Z",
"modified": "2016-05-09T13:58:14.000Z",
"description": "Samples - Xchecked via VT: ebc3f26c0bfc473c840c9e4f3393671d",
"pattern": "[file:hashes.SHA256 = 'c5dc63ee97547c2d55fca3701d018bc440e4800e23d5ec05dc30493f3d42b283']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309776-38f4-4945-8e20-4be502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:14.000Z",
"modified": "2016-05-09T13:58:14.000Z",
"description": "Samples - Xchecked via VT: ebc3f26c0bfc473c840c9e4f3393671d",
"pattern": "[file:hashes.SHA1 = 'd0ffaf60d5ecf90abeb33abafbabf92710edca6f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309777-34d8-40de-8d0e-43d602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:15.000Z",
"modified": "2016-05-09T13:58:15.000Z",
"first_observed": "2016-05-09T13:58:15Z",
"last_observed": "2016-05-09T13:58:15Z",
"number_observed": 1,
"object_refs": [
"url--57309777-34d8-40de-8d0e-43d602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309777-34d8-40de-8d0e-43d602de0b81",
"value": "https://www.virustotal.com/file/c5dc63ee97547c2d55fca3701d018bc440e4800e23d5ec05dc30493f3d42b283/analysis/1462602034/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309777-eff0-49be-92ae-439f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:15.000Z",
"modified": "2016-05-09T13:58:15.000Z",
"description": "Samples - Xchecked via VT: c48521d427f40148ee6e5a953ea23622",
"pattern": "[file:hashes.SHA256 = '7a83fd03502bd7100af4ad86e0967e31f7d83be4aa87e3b86881d69ce836da39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309777-8758-4203-ada3-431d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:15.000Z",
"modified": "2016-05-09T13:58:15.000Z",
"description": "Samples - Xchecked via VT: c48521d427f40148ee6e5a953ea23622",
"pattern": "[file:hashes.SHA1 = '9435c15bc317ba840a7d3c9583f1bebb3f475156']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309778-9e68-4225-aede-497302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:16.000Z",
"modified": "2016-05-09T13:58:16.000Z",
"first_observed": "2016-05-09T13:58:16Z",
"last_observed": "2016-05-09T13:58:16Z",
"number_observed": 1,
"object_refs": [
"url--57309778-9e68-4225-aede-497302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309778-9e68-4225-aede-497302de0b81",
"value": "https://www.virustotal.com/file/7a83fd03502bd7100af4ad86e0967e31f7d83be4aa87e3b86881d69ce836da39/analysis/1461387439/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309778-8ddc-4e0e-85b5-463b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:16.000Z",
"modified": "2016-05-09T13:58:16.000Z",
"description": "Samples - Xchecked via VT: 805a522481056441e881c46c69b808f6",
"pattern": "[file:hashes.SHA256 = 'eac735b85c8c2eac47ca94a8e0eb821d0c7c2e7d18c35c95b54c34dfccf0612d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309778-0c8c-46c5-a473-4f7102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:16.000Z",
"modified": "2016-05-09T13:58:16.000Z",
"description": "Samples - Xchecked via VT: 805a522481056441e881c46c69b808f6",
"pattern": "[file:hashes.SHA1 = 'cc14506801e9fc34d6029824b145522b72c9168a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309779-4bb4-40c8-8a54-491e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:17.000Z",
"modified": "2016-05-09T13:58:17.000Z",
"first_observed": "2016-05-09T13:58:17Z",
"last_observed": "2016-05-09T13:58:17Z",
"number_observed": 1,
"object_refs": [
"url--57309779-4bb4-40c8-8a54-491e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309779-4bb4-40c8-8a54-491e02de0b81",
"value": "https://www.virustotal.com/file/eac735b85c8c2eac47ca94a8e0eb821d0c7c2e7d18c35c95b54c34dfccf0612d/analysis/1459150575/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309779-0a18-47f8-bea6-419702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:17.000Z",
"modified": "2016-05-09T13:58:17.000Z",
"description": "Samples - Xchecked via VT: e63896f2dfcc2ee2173944ef16ddc131",
"pattern": "[file:hashes.SHA256 = '9d01edd648ff54ea32b35284e87df50f780a56e418476b90a27c03c0657514b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309779-9d14-4ea4-aab9-44fa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:17.000Z",
"modified": "2016-05-09T13:58:17.000Z",
"description": "Samples - Xchecked via VT: e63896f2dfcc2ee2173944ef16ddc131",
"pattern": "[file:hashes.SHA1 = '2546cdd0c25a8b9e232801f5d43cb034940dfc19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5730977a-aab0-40c2-b187-469d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:18.000Z",
"modified": "2016-05-09T13:58:18.000Z",
"first_observed": "2016-05-09T13:58:18Z",
"last_observed": "2016-05-09T13:58:18Z",
"number_observed": 1,
"object_refs": [
"url--5730977a-aab0-40c2-b187-469d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5730977a-aab0-40c2-b187-469d02de0b81",
"value": "https://www.virustotal.com/file/9d01edd648ff54ea32b35284e87df50f780a56e418476b90a27c03c0657514b8/analysis/1458029251/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730977a-2a08-4b57-99ce-49fb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:18.000Z",
"modified": "2016-05-09T13:58:18.000Z",
"description": "Samples - Xchecked via VT: 07614906c9b0ed9cfae07306c32555b9",
"pattern": "[file:hashes.SHA256 = 'b60811048dfeb1e91d53f22a1f7039838e4b07771b8c4ce89e5a34a28cb654ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730977a-eca8-4862-9306-40f202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:18.000Z",
"modified": "2016-05-09T13:58:18.000Z",
"description": "Samples - Xchecked via VT: 07614906c9b0ed9cfae07306c32555b9",
"pattern": "[file:hashes.SHA1 = '41622884178754e75b2624999c82c8b75bf5b239']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5730977b-61dc-4c45-a6d2-4de702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:19.000Z",
"modified": "2016-05-09T13:58:19.000Z",
"first_observed": "2016-05-09T13:58:19Z",
"last_observed": "2016-05-09T13:58:19Z",
"number_observed": 1,
"object_refs": [
"url--5730977b-61dc-4c45-a6d2-4de702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5730977b-61dc-4c45-a6d2-4de702de0b81",
"value": "https://www.virustotal.com/file/b60811048dfeb1e91d53f22a1f7039838e4b07771b8c4ce89e5a34a28cb654ce/analysis/1462614475/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730977b-4f64-44c9-b8c0-406302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:19.000Z",
"modified": "2016-05-09T13:58:19.000Z",
"description": "Samples - Xchecked via VT: bfc4133a64a8a8a53c02f9d471c79c16",
"pattern": "[file:hashes.SHA256 = '6653e699576c27622aac6a497b2988fcdc8f8d0a2aedc5d98a2b6eb046626ed9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730977b-4b08-4167-a54d-435702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:19.000Z",
"modified": "2016-05-09T13:58:19.000Z",
"description": "Samples - Xchecked via VT: bfc4133a64a8a8a53c02f9d471c79c16",
"pattern": "[file:hashes.SHA1 = 'f375da91fc83a0b18098b1468cb239848cb8990f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5730977c-c0ac-43c2-8064-4f3102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:20.000Z",
"modified": "2016-05-09T13:58:20.000Z",
"first_observed": "2016-05-09T13:58:20Z",
"last_observed": "2016-05-09T13:58:20Z",
"number_observed": 1,
"object_refs": [
"url--5730977c-c0ac-43c2-8064-4f3102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5730977c-c0ac-43c2-8064-4f3102de0b81",
"value": "https://www.virustotal.com/file/6653e699576c27622aac6a497b2988fcdc8f8d0a2aedc5d98a2b6eb046626ed9/analysis/1461735365/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730977c-fce8-4de3-8115-444a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:20.000Z",
"modified": "2016-05-09T13:58:20.000Z",
"description": "Samples - Xchecked via VT: a4144b9bc99ab39d16c8125a19382316",
"pattern": "[file:hashes.SHA256 = '2eeacd8527fb9031d6d1c2be2e1cb17ae5209f799044adbdde16a67a10aed1e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730977c-59b8-4cd8-b9b6-4e8e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:20.000Z",
"modified": "2016-05-09T13:58:20.000Z",
"description": "Samples - Xchecked via VT: a4144b9bc99ab39d16c8125a19382316",
"pattern": "[file:hashes.SHA1 = '1dd15ff218619f5a2b9795f028bd4081f852d743']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5730977d-dc34-4edd-a695-452602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:21.000Z",
"modified": "2016-05-09T13:58:21.000Z",
"first_observed": "2016-05-09T13:58:21Z",
"last_observed": "2016-05-09T13:58:21Z",
"number_observed": 1,
"object_refs": [
"url--5730977d-dc34-4edd-a695-452602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5730977d-dc34-4edd-a695-452602de0b81",
"value": "https://www.virustotal.com/file/2eeacd8527fb9031d6d1c2be2e1cb17ae5209f799044adbdde16a67a10aed1e2/analysis/1461381011/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730977d-04ec-4521-b9b3-419a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:21.000Z",
"modified": "2016-05-09T13:58:21.000Z",
"description": "Samples - Xchecked via VT: 03a537ff04deaf2c30b23122d795fee2",
"pattern": "[file:hashes.SHA256 = '29b72c37dc3a947dc43381cf1f7e1c17b2e14abdef30074bcbcbba4d3a20cae1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730977d-88f4-44d6-be62-44f202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:21.000Z",
"modified": "2016-05-09T13:58:21.000Z",
"description": "Samples - Xchecked via VT: 03a537ff04deaf2c30b23122d795fee2",
"pattern": "[file:hashes.SHA1 = 'f72ef5db65184a85e6e25f0678a42efc60b6c5ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5730977e-f7dc-4fb5-ae9b-434302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:22.000Z",
"modified": "2016-05-09T13:58:22.000Z",
"first_observed": "2016-05-09T13:58:22Z",
"last_observed": "2016-05-09T13:58:22Z",
"number_observed": 1,
"object_refs": [
"url--5730977e-f7dc-4fb5-ae9b-434302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5730977e-f7dc-4fb5-ae9b-434302de0b81",
"value": "https://www.virustotal.com/file/29b72c37dc3a947dc43381cf1f7e1c17b2e14abdef30074bcbcbba4d3a20cae1/analysis/1459674663/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730977e-5234-4c5e-940a-486902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:22.000Z",
"modified": "2016-05-09T13:58:22.000Z",
"description": "Samples - Xchecked via VT: c591263d56b57dfadd06a68dd9657343",
"pattern": "[file:hashes.SHA256 = 'eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730977e-de50-4099-81e7-492b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:22.000Z",
"modified": "2016-05-09T13:58:22.000Z",
"description": "Samples - Xchecked via VT: c591263d56b57dfadd06a68dd9657343",
"pattern": "[file:hashes.SHA1 = '8c248daec675cb873a9ee850336e871dd4642c5b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5730977f-5b04-4397-9f11-4ef402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:23.000Z",
"modified": "2016-05-09T13:58:23.000Z",
"first_observed": "2016-05-09T13:58:23Z",
"last_observed": "2016-05-09T13:58:23Z",
"number_observed": 1,
"object_refs": [
"url--5730977f-5b04-4397-9f11-4ef402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5730977f-5b04-4397-9f11-4ef402de0b81",
"value": "https://www.virustotal.com/file/eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc/analysis/1460020341/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730977f-c860-435a-9ccf-498302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:23.000Z",
"modified": "2016-05-09T13:58:23.000Z",
"description": "Samples - Xchecked via VT: aae962611da956a26a76d185455f1d44",
"pattern": "[file:hashes.SHA256 = '4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5730977f-2af4-41d3-b2ec-41d702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:23.000Z",
"modified": "2016-05-09T13:58:23.000Z",
"description": "Samples - Xchecked via VT: aae962611da956a26a76d185455f1d44",
"pattern": "[file:hashes.SHA1 = '8bed9000c2f6347e683beadb1a5d4dedaccbd21f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309780-b1d4-4395-bd91-48f102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:24.000Z",
"modified": "2016-05-09T13:58:24.000Z",
"first_observed": "2016-05-09T13:58:24Z",
"last_observed": "2016-05-09T13:58:24Z",
"number_observed": 1,
"object_refs": [
"url--57309780-b1d4-4395-bd91-48f102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309780-b1d4-4395-bd91-48f102de0b81",
"value": "https://www.virustotal.com/file/4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5/analysis/1457340727/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309780-2780-4b19-b7b8-416402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:24.000Z",
"modified": "2016-05-09T13:58:24.000Z",
"description": "Samples - Xchecked via VT: f4c1e96717c82b14ca76384cb005fbe5",
"pattern": "[file:hashes.SHA256 = '5c28d82f10711adef0b6e04533c0e9170fa4ebe47c9530181239b21126b9c20b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309780-d854-44d8-9a00-490902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:24.000Z",
"modified": "2016-05-09T13:58:24.000Z",
"description": "Samples - Xchecked via VT: f4c1e96717c82b14ca76384cb005fbe5",
"pattern": "[file:hashes.SHA1 = 'c4830ed7558cff7abebc15e13fb0a9ad8d1edb71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309781-bd38-4e6c-9f41-438802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:25.000Z",
"modified": "2016-05-09T13:58:25.000Z",
"first_observed": "2016-05-09T13:58:25Z",
"last_observed": "2016-05-09T13:58:25Z",
"number_observed": 1,
"object_refs": [
"url--57309781-bd38-4e6c-9f41-438802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309781-bd38-4e6c-9f41-438802de0b81",
"value": "https://www.virustotal.com/file/5c28d82f10711adef0b6e04533c0e9170fa4ebe47c9530181239b21126b9c20b/analysis/1462540391/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309781-be10-4a8b-9efb-469e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:25.000Z",
"modified": "2016-05-09T13:58:25.000Z",
"description": "Samples - Xchecked via VT: 445886e6187cb36ee33ef7e27b7d5dbe",
"pattern": "[file:hashes.SHA256 = 'e1f1315a6bd13d5d7a7fa94f504f83e476015d09eaf465d2443825ee9e6816ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309781-2a34-4d16-9a2a-42e402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:25.000Z",
"modified": "2016-05-09T13:58:25.000Z",
"description": "Samples - Xchecked via VT: 445886e6187cb36ee33ef7e27b7d5dbe",
"pattern": "[file:hashes.SHA1 = '51badda607d683c2c1e5df4864628efb49d0e583']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309782-0ebc-4115-ba61-408e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:26.000Z",
"modified": "2016-05-09T13:58:26.000Z",
"first_observed": "2016-05-09T13:58:26Z",
"last_observed": "2016-05-09T13:58:26Z",
"number_observed": 1,
"object_refs": [
"url--57309782-0ebc-4115-ba61-408e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309782-0ebc-4115-ba61-408e02de0b81",
"value": "https://www.virustotal.com/file/e1f1315a6bd13d5d7a7fa94f504f83e476015d09eaf465d2443825ee9e6816ff/analysis/1459263191/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309782-cb60-40d2-9a30-45d602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:26.000Z",
"modified": "2016-05-09T13:58:26.000Z",
"description": "Samples - Xchecked via VT: 375e51a989525cfec8296faaffdefa35",
"pattern": "[file:hashes.SHA256 = '1f9b7d8e692a1c9fadbdd05b794e8c49502323b073b44becaae5eee5e2186fc4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309782-f2cc-4ec4-b507-42ea02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:26.000Z",
"modified": "2016-05-09T13:58:26.000Z",
"description": "Samples - Xchecked via VT: 375e51a989525cfec8296faaffdefa35",
"pattern": "[file:hashes.SHA1 = 'ca5dc32d6ebfb897e2320af1aa459002dff49ba8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309783-ef94-4cb5-9586-415902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:27.000Z",
"modified": "2016-05-09T13:58:27.000Z",
"first_observed": "2016-05-09T13:58:27Z",
"last_observed": "2016-05-09T13:58:27Z",
"number_observed": 1,
"object_refs": [
"url--57309783-ef94-4cb5-9586-415902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309783-ef94-4cb5-9586-415902de0b81",
"value": "https://www.virustotal.com/file/1f9b7d8e692a1c9fadbdd05b794e8c49502323b073b44becaae5eee5e2186fc4/analysis/1462376467/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309783-c5ac-4d1f-8cef-42d602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:27.000Z",
"modified": "2016-05-09T13:58:27.000Z",
"description": "Samples - Xchecked via VT: 21bb2d447247fd81c42d4262de36adb6",
"pattern": "[file:hashes.SHA256 = '0257d713e8c3890e9a3ff961ca56fbb7e0fff8a5632ebcd8efcc2a543d47ac74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309783-262c-434f-9e6f-417c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:27.000Z",
"modified": "2016-05-09T13:58:27.000Z",
"description": "Samples - Xchecked via VT: 21bb2d447247fd81c42d4262de36adb6",
"pattern": "[file:hashes.SHA1 = '7698e9d0fdbdd1ade128bd945f15fe3d1f2411cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309784-fc34-4a94-b3e2-4d8502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:28.000Z",
"modified": "2016-05-09T13:58:28.000Z",
"first_observed": "2016-05-09T13:58:28Z",
"last_observed": "2016-05-09T13:58:28Z",
"number_observed": 1,
"object_refs": [
"url--57309784-fc34-4a94-b3e2-4d8502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309784-fc34-4a94-b3e2-4d8502de0b81",
"value": "https://www.virustotal.com/file/0257d713e8c3890e9a3ff961ca56fbb7e0fff8a5632ebcd8efcc2a543d47ac74/analysis/1454681156/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309784-d780-48c1-b3bb-49a102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:28.000Z",
"modified": "2016-05-09T13:58:28.000Z",
"description": "Samples - Xchecked via VT: 6d55eb3ced35c7479f67167d84bf15f0",
"pattern": "[file:hashes.SHA256 = '7f9495399da2782e0fef913fed25fa0e5a80f2f31b1d24018ca1f198132f396a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309784-b680-44f8-a731-428402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:28.000Z",
"modified": "2016-05-09T13:58:28.000Z",
"description": "Samples - Xchecked via VT: 6d55eb3ced35c7479f67167d84bf15f0",
"pattern": "[file:hashes.SHA1 = 'd12324a522b404b7949a971fbe767ae06b03c576']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309785-0488-4ff9-ac64-4f6402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:29.000Z",
"modified": "2016-05-09T13:58:29.000Z",
"first_observed": "2016-05-09T13:58:29Z",
"last_observed": "2016-05-09T13:58:29Z",
"number_observed": 1,
"object_refs": [
"url--57309785-0488-4ff9-ac64-4f6402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309785-0488-4ff9-ac64-4f6402de0b81",
"value": "https://www.virustotal.com/file/7f9495399da2782e0fef913fed25fa0e5a80f2f31b1d24018ca1f198132f396a/analysis/1459222882/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309785-80c4-4018-9051-49a402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:29.000Z",
"modified": "2016-05-09T13:58:29.000Z",
"description": "Samples - Xchecked via VT: 9b6af5f8878a3fde32a3e8ff3cf98906",
"pattern": "[file:hashes.SHA256 = '93c9ad08ee30554d9244c0184ee99ace88e800247e7f54b864ffb2f44954eade']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309785-65e4-4891-9094-448c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:29.000Z",
"modified": "2016-05-09T13:58:29.000Z",
"description": "Samples - Xchecked via VT: 9b6af5f8878a3fde32a3e8ff3cf98906",
"pattern": "[file:hashes.SHA1 = '4c152c09b81a54377da3b1a63199a343744d8807']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309786-d8c8-494f-9734-47bb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:30.000Z",
"modified": "2016-05-09T13:58:30.000Z",
"first_observed": "2016-05-09T13:58:30Z",
"last_observed": "2016-05-09T13:58:30Z",
"number_observed": 1,
"object_refs": [
"url--57309786-d8c8-494f-9734-47bb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309786-d8c8-494f-9734-47bb02de0b81",
"value": "https://www.virustotal.com/file/93c9ad08ee30554d9244c0184ee99ace88e800247e7f54b864ffb2f44954eade/analysis/1456992898/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309786-b92c-4cc2-a847-48c902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:30.000Z",
"modified": "2016-05-09T13:58:30.000Z",
"description": "Samples - Xchecked via VT: e1b4a5a565fdfcec52346d3b6063c587",
"pattern": "[file:hashes.SHA256 = '4d38d4ee5b625e09b61a253a52eb29fcf9c506ee9329b3a90a0b3911e59174f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309786-944c-46a8-930f-438402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:30.000Z",
"modified": "2016-05-09T13:58:30.000Z",
"description": "Samples - Xchecked via VT: e1b4a5a565fdfcec52346d3b6063c587",
"pattern": "[file:hashes.SHA1 = 'c3ed7bd750192bd43e7fb30d515a109850fb6342']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309786-ef68-4a7a-a586-4ca302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:30.000Z",
"modified": "2016-05-09T13:58:30.000Z",
"first_observed": "2016-05-09T13:58:30Z",
"last_observed": "2016-05-09T13:58:30Z",
"number_observed": 1,
"object_refs": [
"url--57309786-ef68-4a7a-a586-4ca302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309786-ef68-4a7a-a586-4ca302de0b81",
"value": "https://www.virustotal.com/file/4d38d4ee5b625e09b61a253a52eb29fcf9c506ee9329b3a90a0b3911e59174f2/analysis/1462362985/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309787-32e0-40f4-b5ec-472802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:31.000Z",
"modified": "2016-05-09T13:58:31.000Z",
"description": "Samples - Xchecked via VT: 6a6a8cb2e59439891e53b04024573d37",
"pattern": "[file:hashes.SHA256 = '72036a5ab16f6d50ea870c402c394fbee08f10cce694e6b6d324d54334286917']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309787-5154-454f-b255-462102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:31.000Z",
"modified": "2016-05-09T13:58:31.000Z",
"description": "Samples - Xchecked via VT: 6a6a8cb2e59439891e53b04024573d37",
"pattern": "[file:hashes.SHA1 = '74d6fc611521f65174150d0f5af2aed72943619e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309787-8b08-4087-81b3-4e9502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:31.000Z",
"modified": "2016-05-09T13:58:31.000Z",
"first_observed": "2016-05-09T13:58:31Z",
"last_observed": "2016-05-09T13:58:31Z",
"number_observed": 1,
"object_refs": [
"url--57309787-8b08-4087-81b3-4e9502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309787-8b08-4087-81b3-4e9502de0b81",
"value": "https://www.virustotal.com/file/72036a5ab16f6d50ea870c402c394fbee08f10cce694e6b6d324d54334286917/analysis/1459434792/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309788-5864-4012-8b2f-47e002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:32.000Z",
"modified": "2016-05-09T13:58:32.000Z",
"description": "Samples - Xchecked via VT: 50064d33625970a8145add7e3e242fe3",
"pattern": "[file:hashes.SHA256 = '9c6dc1c2ea5b2370b58b0ac11fde8287cd49aee3e089dbdf589cc8d51c1f7a9e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309788-433c-4fb6-9ef8-4d6c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:32.000Z",
"modified": "2016-05-09T13:58:32.000Z",
"description": "Samples - Xchecked via VT: 50064d33625970a8145add7e3e242fe3",
"pattern": "[file:hashes.SHA1 = '0e06e99c8f1c8882fd1f35793c50213f1905494f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309788-8428-4c7c-9a3a-4b4e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:32.000Z",
"modified": "2016-05-09T13:58:32.000Z",
"first_observed": "2016-05-09T13:58:32Z",
"last_observed": "2016-05-09T13:58:32Z",
"number_observed": 1,
"object_refs": [
"url--57309788-8428-4c7c-9a3a-4b4e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309788-8428-4c7c-9a3a-4b4e02de0b81",
"value": "https://www.virustotal.com/file/9c6dc1c2ea5b2370b58b0ac11fde8287cd49aee3e089dbdf589cc8d51c1f7a9e/analysis/1462480505/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309789-6d6c-4440-8303-409502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:33.000Z",
"modified": "2016-05-09T13:58:33.000Z",
"description": "Samples - Xchecked via VT: 3fe0cbedec6969803a72b8c76a4a0a03",
"pattern": "[file:hashes.SHA256 = '13bdc52c2066e4b02bae5cc42bc9ec7dfcc1f19fbf35007aea93e9d62e3e3fd0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57309789-cdcc-4f20-b6b8-45a502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:33.000Z",
"modified": "2016-05-09T13:58:33.000Z",
"description": "Samples - Xchecked via VT: 3fe0cbedec6969803a72b8c76a4a0a03",
"pattern": "[file:hashes.SHA1 = '12627ba5fea1f00d6ac0704d053c519db93f9122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-05-09T13:58:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57309789-5b4c-4d7e-9637-402502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:33.000Z",
"modified": "2016-05-09T13:58:33.000Z",
"first_observed": "2016-05-09T13:58:33Z",
"last_observed": "2016-05-09T13:58:33Z",
"number_observed": 1,
"object_refs": [
"url--57309789-5b4c-4d7e-9637-402502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57309789-5b4c-4d7e-9637-402502de0b81",
"value": "https://www.virustotal.com/file/13bdc52c2066e4b02bae5cc42bc9ec7dfcc1f19fbf35007aea93e9d62e3e3fd0/analysis/1461331255/"
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--5730979d-28ac-4b7c-83d4-14d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-05-09T13:58:53.000Z",
"modified": "2016-05-09T13:58:53.000Z",
"name": "CVE-2015-2545",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2015-2545"
}
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink