adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/574ed4d9-83c0-4422-a492-423e950d210f.json

7435 lines
No EOL
314 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--574ed4d9-83c0-4422-a492-423e950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:24.000Z",
"modified": "2016-06-01T12:37:24.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--574ed4d9-83c0-4422-a492-423e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:24.000Z",
"modified": "2016-06-01T12:37:24.000Z",
"name": "OSINT - DRIDEX\u00e2\u20ac\u2122s New Tricks Lead to Global Spam Outbreak",
"published": "2016-06-01T12:39:16Z",
"object_refs": [
"observed-data--574ed4ee-70e8-4fe7-bebd-4e72950d210f",
"url--574ed4ee-70e8-4fe7-bebd-4e72950d210f",
"observed-data--574ed4fc-6f68-4c18-bb78-4310950d210f",
"url--574ed4fc-6f68-4c18-bb78-4310950d210f",
"x-misp-attribute--574ed511-bd28-4c6f-a32f-46bd950d210f",
"indicator--574ed533-1e64-4b94-a9dd-3834950d210f",
"indicator--574ed534-9eb0-4144-b0ac-3834950d210f",
"indicator--574ed534-ce38-4de0-8284-3834950d210f",
"indicator--574ed534-0bbc-475a-8b94-3834950d210f",
"indicator--574ed535-cc84-4eb5-beab-3834950d210f",
"indicator--574ed535-c3b4-46c2-8fc1-3834950d210f",
"indicator--574ed536-3608-4ddd-89cb-3834950d210f",
"indicator--574ed536-7e50-464a-b537-3834950d210f",
"indicator--574ed536-7e2c-408e-ab57-3834950d210f",
"indicator--574ed537-715c-4870-be31-3834950d210f",
"indicator--574ed537-15dc-43fe-94c4-3834950d210f",
"indicator--574ed537-cca0-48ee-b31e-3834950d210f",
"indicator--574ed538-eb30-4ec6-992e-3834950d210f",
"indicator--574ed538-fee0-4fd3-9dae-3834950d210f",
"indicator--574ed539-a0b4-48e4-9fb8-3834950d210f",
"indicator--574ed539-02fc-42f0-8c57-3834950d210f",
"indicator--574ed539-2848-4f22-b279-3834950d210f",
"indicator--574ed566-3ff4-4341-83a7-9bee950d210f",
"indicator--574ed567-2708-4f36-8476-9bee950d210f",
"indicator--574ed567-92b8-4fd1-aee4-9bee950d210f",
"indicator--574ed567-8be4-43e5-a15f-9bee950d210f",
"indicator--574ed568-ef6c-4bbf-8e3c-9bee950d210f",
"indicator--574ed568-c23c-4f7f-8f10-9bee950d210f",
"indicator--574ed569-83ec-40b7-b1f2-9bee950d210f",
"indicator--574ed569-390c-4911-b668-9bee950d210f",
"indicator--574ed569-6514-4b5a-ade9-9bee950d210f",
"indicator--574ed56a-16b8-476c-95b9-9bee950d210f",
"indicator--574ed56a-04bc-4a84-97d4-9bee950d210f",
"indicator--574ed56b-004c-4f8c-860e-9bee950d210f",
"indicator--574ed56b-4cf0-4f0d-b8e2-9bee950d210f",
"indicator--574ed56b-8c8c-4fc3-b5bc-9bee950d210f",
"indicator--574ed56c-e8dc-486d-a0c6-9bee950d210f",
"indicator--574ed56c-252c-4273-aa1f-9bee950d210f",
"indicator--574ed56d-5a74-4570-a8bc-9bee950d210f",
"indicator--574ed56d-0de8-4919-bdb6-9bee950d210f",
"indicator--574ed56e-e208-4eda-b006-9bee950d210f",
"indicator--574ed56e-9330-4d6c-899b-9bee950d210f",
"indicator--574ed56e-5460-440a-9850-9bee950d210f",
"indicator--574ed5bd-ecb8-4757-a379-46c4950d210f",
"indicator--574ed5be-cec0-41a4-ad9b-4734950d210f",
"indicator--574ed5be-5358-4711-aaa5-4974950d210f",
"indicator--574ed5be-8528-4ec1-b768-41a9950d210f",
"indicator--574ed5bf-9d00-4178-9199-46b4950d210f",
"indicator--574ed5bf-621c-4eb6-be42-426f950d210f",
"indicator--574ed5c0-da54-41d1-a3c7-418b950d210f",
"indicator--574ed5c0-6174-48e7-97de-4579950d210f",
"indicator--574ed5c0-9f6c-4f74-9f82-44eb950d210f",
"indicator--574ed5c1-91bc-4272-8e48-417f950d210f",
"indicator--574ed5c1-87e0-40f3-87f8-4a5b950d210f",
"indicator--574ed5c2-5434-4320-a56d-42d8950d210f",
"indicator--574ed5c2-a24c-46a6-b405-4637950d210f",
"indicator--574ed5c3-11fc-4786-add5-4d5d950d210f",
"indicator--574ed5c3-5ac4-49ea-97aa-4ee0950d210f",
"indicator--574ed5c3-1cc4-45f2-aba5-4ec6950d210f",
"indicator--574ed5c4-0cb8-4b6b-bd7a-41b5950d210f",
"indicator--574ed5c4-9624-4b46-94f3-4f47950d210f",
"indicator--574ed5c5-7c00-4e1e-adc0-4a27950d210f",
"indicator--574ed5c5-6eb4-40ed-82fc-4cd4950d210f",
"indicator--574ed5c5-e72c-4f92-b916-41ce950d210f",
"indicator--574ed5c6-eb40-41f0-80f3-4223950d210f",
"indicator--574ed5de-3ea8-403f-9133-4c72950d210f",
"indicator--574ed5de-c5a4-416f-af1b-46bd950d210f",
"indicator--574ed5f0-fec4-4326-9431-4ec9950d210f",
"indicator--574ed602-3f18-467f-9654-4f00950d210f",
"indicator--574ed602-8a54-4fc7-8f51-4f17950d210f",
"indicator--574ed602-0ef0-4a7f-b750-406b950d210f",
"indicator--574ed603-eb94-4ab0-8676-4224950d210f",
"indicator--574ed603-3aec-48c4-a423-40b5950d210f",
"indicator--574ed603-abb8-4f45-8421-459d950d210f",
"indicator--574ed604-041c-46d2-920a-411b950d210f",
"indicator--574ed604-0564-4dc2-b336-4ec4950d210f",
"indicator--574ed604-656c-4f34-8761-4038950d210f",
"indicator--574ed605-d734-400e-8b54-449d950d210f",
"indicator--574ed617-1ffc-4758-95e5-4a3b950d210f",
"indicator--574ed618-c908-4d7a-a1c1-4634950d210f",
"indicator--574ed618-8758-4c8d-9eed-4d3b950d210f",
"indicator--574ed619-881c-49e3-b19b-48b4950d210f",
"indicator--574ed619-e088-4d5b-88f2-4d38950d210f",
"indicator--574ed619-7b70-4c82-a108-4453950d210f",
"indicator--574ed61a-12e8-42c3-87e3-4b1d950d210f",
"indicator--574ed61a-a2ac-4061-b5e2-4b05950d210f",
"indicator--574ed636-01a8-45e0-9eb2-420f950d210f",
"indicator--574ed636-d81c-4386-ac68-426c950d210f",
"indicator--574ed637-963c-48f7-bd18-4a13950d210f",
"indicator--574ed637-df08-4cb8-a90c-4499950d210f",
"indicator--574ed667-8cd4-4097-aec7-4c0e950d210f",
"indicator--574ed667-132c-4421-8b3a-4a46950d210f",
"indicator--574ed667-f3d8-479e-9a21-412d950d210f",
"indicator--574ed668-82ac-41c5-8fa6-44b9950d210f",
"indicator--574ed668-5290-4c5f-9aa1-4a46950d210f",
"indicator--574ed669-d254-4d39-89e9-4369950d210f",
"indicator--574ed669-5e70-48f4-be59-4038950d210f",
"indicator--574ed669-fc88-4936-a528-49c9950d210f",
"indicator--574ed669-20f4-4fbc-97a4-4f19950d210f",
"indicator--574ed669-a45c-452e-995c-4a2b950d210f",
"indicator--574ed669-a114-4a1a-97b5-4855950d210f",
"indicator--574ed66a-7898-4a6a-a568-438f950d210f",
"indicator--574ed66a-6390-4023-8c0d-47ed950d210f",
"indicator--574ed66a-f1e8-430e-967a-48a2950d210f",
"indicator--574ed66a-8cbc-400b-b433-436b950d210f",
"indicator--574ed66a-2884-4c9d-a612-4d41950d210f",
"indicator--574ed66a-6cb0-4411-8a60-4133950d210f",
"indicator--574ed66b-0ebc-47a0-8463-43c0950d210f",
"indicator--574ed66b-2fb0-4b3f-a30e-4842950d210f",
"indicator--574ed66b-e010-48d7-8901-4754950d210f",
"indicator--574ed66b-9864-433e-bd03-4ddf950d210f",
"indicator--574ed66b-8614-4de4-9d60-4fae950d210f",
"indicator--574ed66c-c504-45cc-9197-4e9d950d210f",
"indicator--574ed691-e938-4066-9a76-4a18950d210f",
"indicator--574ed691-a5e8-41fa-909e-4f74950d210f",
"indicator--574ed691-b768-4eae-9e84-42a3950d210f",
"indicator--574ed691-ca04-4bca-9816-4c56950d210f",
"indicator--574ed692-2c98-4b23-b11e-42e7950d210f",
"indicator--574ed692-aed8-46bd-9276-4f64950d210f",
"indicator--574ed692-54f0-47fa-9e07-405a950d210f",
"indicator--574ed692-f98c-42c3-be84-46ef950d210f",
"indicator--574ed692-daf8-4804-ab83-40f1950d210f",
"indicator--574ed692-dd38-488c-8184-45bf950d210f",
"indicator--574ed693-1068-4af9-a944-480f950d210f",
"indicator--574ed693-b61c-431c-9b12-4778950d210f",
"indicator--574ed693-9bb8-40a5-8d66-4a19950d210f",
"indicator--574ed693-d8f8-4e6e-850c-4838950d210f",
"indicator--574ed693-ede8-4fd7-b5d9-4d4b950d210f",
"indicator--574ed693-1154-4d3d-bea8-4faf950d210f",
"indicator--574ed694-1f18-4075-b15b-4211950d210f",
"indicator--574ed694-5498-4ea0-b123-4adb950d210f",
"indicator--574ed694-794c-4a8e-a139-4df0950d210f",
"indicator--574ed694-70f0-4000-a9ce-4b38950d210f",
"indicator--574ed694-35a0-4093-98c7-41f4950d210f",
"indicator--574ed694-3b74-4f02-8b48-45e4950d210f",
"indicator--574ed695-85cc-4f11-9c21-46a5950d210f",
"indicator--574ed6c1-e328-4853-a284-42af950d210f",
"indicator--574ed6c1-5de8-4f25-b38e-4fcd950d210f",
"indicator--574ed6c2-d118-4c33-a360-4168950d210f",
"indicator--574ed6c2-5880-4abb-a4df-4a28950d210f",
"indicator--574ed6c2-8c40-4ab0-9eb2-444a950d210f",
"indicator--574ed6c3-aee4-47cc-b778-4146950d210f",
"indicator--574ed6c3-d0bc-4646-b7db-4def950d210f",
"indicator--574ed6c3-14e0-4ca3-bb66-4253950d210f",
"indicator--574ed6c3-e2b4-43e7-bb01-410d950d210f",
"indicator--574ed6c3-b1fc-4e34-8a24-4edf950d210f",
"indicator--574ed6c4-387c-4574-b5d7-40fc950d210f",
"indicator--574ed6c4-18c4-4209-b252-488c950d210f",
"indicator--574ed6c4-fe2c-402d-a900-4755950d210f",
"indicator--574ed6c4-78c0-449c-97e3-4285950d210f",
"indicator--574ed6c4-dac0-48fc-a8f3-4e4c950d210f",
"indicator--574ed6c5-b09c-4c1c-a246-448b950d210f",
"indicator--574ed6c5-23f8-4376-bf35-4b30950d210f",
"indicator--574ed6c5-f104-41a5-ba11-43ad950d210f",
"indicator--574ed6c5-cc88-4230-9f7b-4c93950d210f",
"indicator--574ed6c5-1af4-4193-a86e-4919950d210f",
"indicator--574ed6c6-9c50-4575-b623-4635950d210f",
"indicator--574ed6c6-bcac-4289-bff8-4ceb950d210f",
"indicator--574ed704-3d8c-4c86-99b8-42ed02de0b81",
"indicator--574ed704-f154-4163-868a-469f02de0b81",
"observed-data--574ed705-4484-48f9-97cd-4ebd02de0b81",
"url--574ed705-4484-48f9-97cd-4ebd02de0b81",
"indicator--574ed705-0b6c-4af6-8696-47b702de0b81",
"indicator--574ed705-115c-4aa0-9074-4da902de0b81",
"observed-data--574ed706-d5ec-405d-a9b2-41aa02de0b81",
"url--574ed706-d5ec-405d-a9b2-41aa02de0b81",
"indicator--574ed706-0910-494f-b42c-4b7102de0b81",
"indicator--574ed707-0100-46ba-bc57-480302de0b81",
"observed-data--574ed707-d860-45fd-b811-48d502de0b81",
"url--574ed707-d860-45fd-b811-48d502de0b81",
"indicator--574ed707-a2d0-4938-8dda-41c202de0b81",
"indicator--574ed708-5bcc-4a14-8c6a-4c9502de0b81",
"observed-data--574ed708-391c-4353-9c18-440602de0b81",
"url--574ed708-391c-4353-9c18-440602de0b81",
"indicator--574ed708-9e34-4f9e-a55f-4d2902de0b81",
"indicator--574ed709-d55c-4675-8236-467602de0b81",
"observed-data--574ed709-b7a8-442f-8c45-41bc02de0b81",
"url--574ed709-b7a8-442f-8c45-41bc02de0b81",
"indicator--574ed709-bfa0-4d25-96b9-4dad02de0b81",
"indicator--574ed70a-03e4-4770-b329-400002de0b81",
"observed-data--574ed70a-84ec-4b7b-bf22-40e802de0b81",
"url--574ed70a-84ec-4b7b-bf22-40e802de0b81",
"indicator--574ed70b-39c0-45d6-8bbd-419f02de0b81",
"indicator--574ed70b-0738-4742-a911-4da602de0b81",
"observed-data--574ed70b-9a04-4cb4-914b-414f02de0b81",
"url--574ed70b-9a04-4cb4-914b-414f02de0b81",
"indicator--574ed70c-8444-4f0a-a9bb-468802de0b81",
"indicator--574ed70c-6f98-4634-b600-463d02de0b81",
"observed-data--574ed70d-7c98-4944-bb1d-460702de0b81",
"url--574ed70d-7c98-4944-bb1d-460702de0b81",
"indicator--574ed70d-d298-40c9-bd98-499f02de0b81",
"indicator--574ed70d-dabc-43d8-9a68-4f2602de0b81",
"observed-data--574ed70e-fb20-411c-93b1-488d02de0b81",
"url--574ed70e-fb20-411c-93b1-488d02de0b81",
"indicator--574ed70e-23b8-42a4-b417-4c6b02de0b81",
"indicator--574ed70e-f5f0-47cf-a2e4-44d202de0b81",
"observed-data--574ed70f-8b0c-4932-a627-4eaa02de0b81",
"url--574ed70f-8b0c-4932-a627-4eaa02de0b81",
"indicator--574ed70f-6f58-491d-8609-4d6a02de0b81",
"indicator--574ed710-1e2c-4bf7-a8a1-4e7e02de0b81",
"observed-data--574ed710-636c-46f2-aacd-419202de0b81",
"url--574ed710-636c-46f2-aacd-419202de0b81",
"indicator--574ed710-bc30-45d7-aab9-427002de0b81",
"indicator--574ed711-79e0-4dc6-9503-4ef902de0b81",
"observed-data--574ed711-beb0-43b8-953a-4e6202de0b81",
"url--574ed711-beb0-43b8-953a-4e6202de0b81",
"indicator--574ed711-dae0-480a-85ae-4e1402de0b81",
"indicator--574ed712-ca6c-4b4e-b6b3-4d0102de0b81",
"observed-data--574ed712-b44c-4f9a-ae9a-463602de0b81",
"url--574ed712-b44c-4f9a-ae9a-463602de0b81",
"indicator--574ed713-9878-4b07-aab3-4bc902de0b81",
"indicator--574ed713-6890-4b88-9cd9-429f02de0b81",
"observed-data--574ed713-2ad8-4dad-b4fc-498702de0b81",
"url--574ed713-2ad8-4dad-b4fc-498702de0b81",
"indicator--574ed714-d3b8-42c9-a33a-46a402de0b81",
"indicator--574ed714-7464-45e6-965a-42e902de0b81",
"observed-data--574ed714-b380-4d57-976d-4d7702de0b81",
"url--574ed714-b380-4d57-976d-4d7702de0b81",
"indicator--574ed715-883c-47a3-b056-478702de0b81",
"indicator--574ed715-dae8-43cb-97bb-457e02de0b81",
"observed-data--574ed716-a3b8-4739-9cc5-469d02de0b81",
"url--574ed716-a3b8-4739-9cc5-469d02de0b81",
"indicator--574ed716-46b8-4926-a667-405f02de0b81",
"indicator--574ed716-7120-422e-b689-49ee02de0b81",
"observed-data--574ed717-4138-41ca-b237-4d6302de0b81",
"url--574ed717-4138-41ca-b237-4d6302de0b81",
"indicator--574ed717-1b74-4075-a4ad-47ba02de0b81",
"indicator--574ed718-8ea8-47b3-bf14-476002de0b81",
"observed-data--574ed718-0478-4878-83ae-4aa102de0b81",
"url--574ed718-0478-4878-83ae-4aa102de0b81",
"indicator--574ed718-3d6c-4034-b842-4d3502de0b81",
"indicator--574ed719-fc1c-4964-9bbc-41c502de0b81",
"observed-data--574ed719-683c-4fde-963e-4b5c02de0b81",
"url--574ed719-683c-4fde-963e-4b5c02de0b81",
"indicator--574ed719-bc10-4e19-a33d-4e3402de0b81",
"indicator--574ed71a-e484-4ded-9391-41e202de0b81",
"observed-data--574ed71a-de0c-4a7e-9e34-44f902de0b81",
"url--574ed71a-de0c-4a7e-9e34-44f902de0b81",
"indicator--574ed71b-a28c-46be-a965-4f9d02de0b81",
"indicator--574ed71b-4678-4049-a426-444802de0b81",
"observed-data--574ed71b-246c-4efc-93ba-4d3202de0b81",
"url--574ed71b-246c-4efc-93ba-4d3202de0b81",
"indicator--574ed71c-c46c-4f1b-a2c9-42f602de0b81",
"indicator--574ed71c-7cec-4f0f-bda3-4c0002de0b81",
"observed-data--574ed71c-8974-43c1-b9cf-481402de0b81",
"url--574ed71c-8974-43c1-b9cf-481402de0b81",
"indicator--574ed71d-10c4-4461-b448-491c02de0b81",
"indicator--574ed71d-7e88-4f51-9078-472002de0b81",
"observed-data--574ed71d-c10c-4e74-9572-4b3d02de0b81",
"url--574ed71d-c10c-4e74-9572-4b3d02de0b81",
"indicator--574ed71e-fe00-443d-ba58-4fbe02de0b81",
"indicator--574ed71e-5db4-4180-9928-4a8902de0b81",
"observed-data--574ed71f-9774-4660-86cc-410302de0b81",
"url--574ed71f-9774-4660-86cc-410302de0b81",
"indicator--574ed71f-3f20-471b-9e13-475d02de0b81",
"indicator--574ed71f-d078-4eb6-be22-40d002de0b81",
"observed-data--574ed720-76f4-4599-afc8-4bef02de0b81",
"url--574ed720-76f4-4599-afc8-4bef02de0b81",
"indicator--574ed720-3dd0-47df-ad07-487102de0b81",
"indicator--574ed720-62a4-4741-ba52-4cea02de0b81",
"observed-data--574ed721-0dbc-46ba-bacf-4fd602de0b81",
"url--574ed721-0dbc-46ba-bacf-4fd602de0b81",
"indicator--574ed721-3e30-4b23-9b98-45ee02de0b81",
"indicator--574ed722-c12c-4e7a-869a-4dc202de0b81",
"observed-data--574ed722-7fdc-4092-b4ed-470b02de0b81",
"url--574ed722-7fdc-4092-b4ed-470b02de0b81",
"indicator--574ed722-26e4-4a98-b8f2-4c5c02de0b81",
"indicator--574ed723-bdd0-4b2f-9efe-46e402de0b81",
"observed-data--574ed723-eca4-4f99-9bbd-4fa302de0b81",
"url--574ed723-eca4-4f99-9bbd-4fa302de0b81",
"indicator--574ed724-4c64-45fb-81b2-421802de0b81",
"indicator--574ed724-6e98-485d-9e4a-4ee402de0b81",
"observed-data--574ed724-2c4c-4634-ba06-4df702de0b81",
"url--574ed724-2c4c-4634-ba06-4df702de0b81",
"indicator--574ed725-3600-4f8a-9a96-47dc02de0b81",
"indicator--574ed725-8594-47cb-bea3-47f702de0b81",
"observed-data--574ed725-d964-4b42-86a8-4ce902de0b81",
"url--574ed725-d964-4b42-86a8-4ce902de0b81",
"indicator--574ed726-5d88-4b3e-b983-420602de0b81",
"indicator--574ed726-bb10-4e4b-ab8a-4dc102de0b81",
"observed-data--574ed726-503c-45ec-8788-4edc02de0b81",
"url--574ed726-503c-45ec-8788-4edc02de0b81",
"indicator--574ed727-aff8-462b-9d3e-469102de0b81",
"indicator--574ed727-b1f4-4fd5-8432-464f02de0b81",
"observed-data--574ed727-1d30-42d4-b8f2-472902de0b81",
"url--574ed727-1d30-42d4-b8f2-472902de0b81",
"indicator--574ed728-4d98-42f5-88e8-432a02de0b81",
"indicator--574ed728-de30-4088-98ac-4edc02de0b81",
"observed-data--574ed728-61e4-4bab-a9fc-4cf902de0b81",
"url--574ed728-61e4-4bab-a9fc-4cf902de0b81",
"indicator--574ed729-d3b8-48bb-8be2-4e6102de0b81",
"indicator--574ed729-578c-48d8-a291-403102de0b81",
"observed-data--574ed729-ee88-48dd-af27-4d3502de0b81",
"url--574ed729-ee88-48dd-af27-4d3502de0b81",
"indicator--574ed72a-d528-4991-9ece-4c6f02de0b81",
"indicator--574ed72a-b8e4-489a-b5d9-41a202de0b81",
"observed-data--574ed72b-3fd4-493e-9863-486202de0b81",
"url--574ed72b-3fd4-493e-9863-486202de0b81",
"indicator--574ed72b-b7d8-49ee-87fd-474602de0b81",
"indicator--574ed72b-6d04-42a3-8d38-430002de0b81",
"observed-data--574ed72c-453c-4cce-90b5-4a8802de0b81",
"url--574ed72c-453c-4cce-90b5-4a8802de0b81",
"indicator--574ed72c-227c-41b7-aaac-4ccf02de0b81",
"indicator--574ed72c-5778-4616-b69d-407502de0b81",
"observed-data--574ed72d-f3f4-40cf-8249-44d302de0b81",
"url--574ed72d-f3f4-40cf-8249-44d302de0b81",
"indicator--574ed72d-de4c-4dbe-8897-471702de0b81",
"indicator--574ed72d-aa20-44ce-86ac-409e02de0b81",
"observed-data--574ed72e-6058-489f-8ebe-407a02de0b81",
"url--574ed72e-6058-489f-8ebe-407a02de0b81",
"indicator--574ed72e-2600-41a1-b7a7-4fed02de0b81",
"indicator--574ed72e-d878-4358-a442-452d02de0b81",
"observed-data--574ed72f-5c2c-45ff-82de-4dfa02de0b81",
"url--574ed72f-5c2c-45ff-82de-4dfa02de0b81",
"indicator--574ed72f-dbf4-49f0-96cf-400e02de0b81",
"indicator--574ed72f-a528-412e-862f-497202de0b81",
"observed-data--574ed730-9738-4530-9d13-4be602de0b81",
"url--574ed730-9738-4530-9d13-4be602de0b81",
"indicator--574ed730-e15c-4768-927d-41a602de0b81",
"indicator--574ed730-4e4c-4a4e-857f-4eff02de0b81",
"observed-data--574ed731-5508-4e5b-806f-4d2f02de0b81",
"url--574ed731-5508-4e5b-806f-4d2f02de0b81",
"indicator--574ed731-91ac-475d-a2d5-4f9702de0b81",
"indicator--574ed731-d044-4692-8183-495d02de0b81",
"observed-data--574ed732-916c-46d9-809e-445202de0b81",
"url--574ed732-916c-46d9-809e-445202de0b81",
"indicator--574ed732-c63c-4896-ad24-4e5902de0b81",
"indicator--574ed732-ae40-442c-bb6e-486d02de0b81",
"observed-data--574ed733-454c-4125-add0-443302de0b81",
"url--574ed733-454c-4125-add0-443302de0b81",
"indicator--574ed733-7cd0-4e2c-b591-48dc02de0b81",
"indicator--574ed733-bc0c-43bb-958d-407902de0b81",
"observed-data--574ed734-bdfc-4aa2-975f-442302de0b81",
"url--574ed734-bdfc-4aa2-975f-442302de0b81",
"indicator--574ed734-9b8c-4afa-986d-4b1b02de0b81",
"indicator--574ed734-aa4c-459c-824e-4e1602de0b81",
"observed-data--574ed735-d344-4b80-bc4b-477402de0b81",
"url--574ed735-d344-4b80-bc4b-477402de0b81",
"indicator--574ed735-8700-40b4-b7b7-435f02de0b81",
"indicator--574ed735-7374-4eda-a1c5-4f5a02de0b81",
"observed-data--574ed736-b6e8-403a-811a-46f802de0b81",
"url--574ed736-b6e8-403a-811a-46f802de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed4ee-70e8-4fe7-bebd-4e72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:28:30.000Z",
"modified": "2016-06-01T12:28:30.000Z",
"first_observed": "2016-06-01T12:28:30Z",
"last_observed": "2016-06-01T12:28:30Z",
"number_observed": 1,
"object_refs": [
"url--574ed4ee-70e8-4fe7-bebd-4e72950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed4ee-70e8-4fe7-bebd-4e72950d210f",
"value": "http://documents.trendmicro.com/assets/appendix-dridex-new-tricks-lead-to-global-spam-outbreak.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed4fc-6f68-4c18-bb78-4310950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:28:44.000Z",
"modified": "2016-06-01T12:28:44.000Z",
"first_observed": "2016-06-01T12:28:44Z",
"last_observed": "2016-06-01T12:28:44Z",
"number_observed": 1,
"object_refs": [
"url--574ed4fc-6f68-4c18-bb78-4310950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed4fc-6f68-4c18-bb78-4310950d210f",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/dridex-poses-as-fake-certificate/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--574ed511-bd28-4c6f-a32f-46bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:05.000Z",
"modified": "2016-06-01T12:29:05.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "At a glance, it seems that DRIDEX has dwindled its activities or operation, appearing only for a few days this May. This is quite unusual given that in the past five months or so, this prevalent online banking threat has always been active in the computing landscape. Last May 25, 2016, we observed a sudden spike in DRIDEX\u00e2\u20ac\u201crelated spam emails after its seeming \u00e2\u20ac\u02dchiatus.\u00e2\u20ac\u2122 This spam campaign mostly affected users in the United States, Brazil, China, Germany, and Japan."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed533-1e64-4b94-a9dd-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:39.000Z",
"modified": "2016-06-01T12:29:39.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.187.28.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed534-9eb0-4144-b0ac-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:40.000Z",
"modified": "2016-06-01T12:29:40.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '12.109.210.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed534-ce38-4de0-8284-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:40.000Z",
"modified": "2016-06-01T12:29:40.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '12.227.176.187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed534-0bbc-475a-8b94-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:40.000Z",
"modified": "2016-06-01T12:29:40.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '135.26.29.213']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed535-cc84-4eb5-beab-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:41.000Z",
"modified": "2016-06-01T12:29:41.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '14.97.18.93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed535-c3b4-46c2-8fc1-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:41.000Z",
"modified": "2016-06-01T12:29:41.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '14.99.8.219']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed536-3608-4ddd-89cb-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:42.000Z",
"modified": "2016-06-01T12:29:42.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '165.255.60.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed536-7e50-464a-b537-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:42.000Z",
"modified": "2016-06-01T12:29:42.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.96.139.253']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed536-7e2c-408e-ab57-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:42.000Z",
"modified": "2016-06-01T12:29:42.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.45.13.29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed537-715c-4870-be31-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:43.000Z",
"modified": "2016-06-01T12:29:43.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.223.199.159']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed537-15dc-43fe-94c4-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:43.000Z",
"modified": "2016-06-01T12:29:43.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.255.121.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed537-cca0-48ee-b31e-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:43.000Z",
"modified": "2016-06-01T12:29:43.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '24.8.213.200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed538-eb30-4ec6-992e-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:44.000Z",
"modified": "2016-06-01T12:29:44.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.2.145.23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed538-fee0-4fd3-9dae-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:44.000Z",
"modified": "2016-06-01T12:29:44.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.203.222.43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed539-a0b4-48e4-9fb8-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:45.000Z",
"modified": "2016-06-01T12:29:45.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.22.207.161']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed539-02fc-42f0-8c57-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:45.000Z",
"modified": "2016-06-01T12:29:45.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.200.154.229']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed539-2848-4f22-b279-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:29:45.000Z",
"modified": "2016-06-01T12:29:45.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '70.164.35.105']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:29:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed566-3ff4-4341-83a7-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:30.000Z",
"modified": "2016-06-01T12:30:30.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '1a5179c9b72fdb4b606cb63037c91de413a49db1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed567-2708-4f36-8476-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:31.000Z",
"modified": "2016-06-01T12:30:31.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '7ea297d29023a7ea7a3d01df618c0166c559bdf5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed567-92b8-4fd1-aee4-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:31.000Z",
"modified": "2016-06-01T12:30:31.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '19cc50c25f6135f73852f06c9a0722deff76a3a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed567-8be4-43e5-a15f-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:31.000Z",
"modified": "2016-06-01T12:30:31.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '22a7d69955fbafd0d5e090295e367a409731ba90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed568-ef6c-4bbf-8e3c-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:32.000Z",
"modified": "2016-06-01T12:30:32.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '93ec6482f36639578784a61f6bc1ed4b0fa14912']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed568-c23c-4f7f-8f10-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:32.000Z",
"modified": "2016-06-01T12:30:32.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '133a1fffc46903061d8ea2d12b80deb89636dbb4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed569-83ec-40b7-b1f2-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:33.000Z",
"modified": "2016-06-01T12:30:33.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '268f374b0fcc7fab399c64311dfac2e9f97a4da1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed569-390c-4911-b668-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:33.000Z",
"modified": "2016-06-01T12:30:33.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '707ad2ab4f9735b51e5da503178d7763198cc4d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed569-6514-4b5a-ade9-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:33.000Z",
"modified": "2016-06-01T12:30:33.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '885b48c5a644caf92ce62e70b90197c6f30b225c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed56a-16b8-476c-95b9-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:34.000Z",
"modified": "2016-06-01T12:30:34.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '4611e4824587231d7dc6fbe271d18b14bb3aed3f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed56a-04bc-4a84-97d4-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:34.000Z",
"modified": "2016-06-01T12:30:34.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '84342db658af50c34dd75c792bf4ff726d6e02d9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed56b-004c-4f8c-860e-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:35.000Z",
"modified": "2016-06-01T12:30:35.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '94046ddd538b5831e9e3ba7548e84da645ad4bb8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed56b-4cf0-4f0d-b8e2-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:35.000Z",
"modified": "2016-06-01T12:30:35.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '96197dc35306c827f3891c1fdf807624b071972d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed56b-8c8c-4fc3-b5bc-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:35.000Z",
"modified": "2016-06-01T12:30:35.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '406059fe3ddf8ef42bfcc99441871efd2fa8fb07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed56c-e8dc-486d-a0c6-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:36.000Z",
"modified": "2016-06-01T12:30:36.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '603135d21d691797969fd1e330e285c173815ab4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed56c-252c-4273-aa1f-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:36.000Z",
"modified": "2016-06-01T12:30:36.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'a1a5c7a55e14481a93b1e2a836a4ffaf1242b301']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed56d-5a74-4570-a8bc-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:37.000Z",
"modified": "2016-06-01T12:30:37.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'a14b2b9626549b34737ffb55a5caff71cdb3d714']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed56d-0de8-4919-bdb6-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:37.000Z",
"modified": "2016-06-01T12:30:37.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'a3606a848a40c554ee60add2eb53ba44778aca46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed56e-e208-4eda-b006-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:38.000Z",
"modified": "2016-06-01T12:30:38.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'aea29b594274eeabf954415a347fbca802d057e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed56e-9330-4d6c-899b-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:38.000Z",
"modified": "2016-06-01T12:30:38.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'b9afbd6054d4c512b0e4e048e2eec518acc95b0a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed56e-5460-440a-9850-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:30:38.000Z",
"modified": "2016-06-01T12:30:38.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'b99d8c6e0ad54728cb93eb22a1ae9115a2cfc750']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:30:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5bd-ecb8-4757-a379-46c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:31:57.000Z",
"modified": "2016-06-01T12:31:57.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'befa9acb077f8c8c75e3892a811c5bfd08e3e7fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:31:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5be-cec0-41a4-ad9b-4734950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:31:58.000Z",
"modified": "2016-06-01T12:31:58.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'd775706af618112ad7e8defe3a77ec9724b97a8a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:31:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5be-5358-4711-aaa5-4974950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:31:58.000Z",
"modified": "2016-06-01T12:31:58.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'de238864f60e34b6fc6d4d26590692141ad9ca32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:31:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5be-8528-4ec1-b768-41a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:31:58.000Z",
"modified": "2016-06-01T12:31:58.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'ea83c4f39ce54f09359f09f14ae8e05e055ab6c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:31:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5bf-9d00-4178-9199-46b4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:31:59.000Z",
"modified": "2016-06-01T12:31:59.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'f9d17572fdf3e891f03e23ea0b1bfef276405b49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:31:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5bf-621c-4eb6-be42-426f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:31:59.000Z",
"modified": "2016-06-01T12:31:59.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'f778982a989c54f800aac913e0e9afa7d6c6a8f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:31:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c0-da54-41d1-a3c7-418b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:00.000Z",
"modified": "2016-06-01T12:32:00.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '0699fb11acea5906e4f5d6c97164812c51b579d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c0-6174-48e7-97de-4579950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:00.000Z",
"modified": "2016-06-01T12:32:00.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '0b70c4376e74700bb4df6882c28a71ace417d2c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c0-9f6c-4f74-9f82-44eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:00.000Z",
"modified": "2016-06-01T12:32:00.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '2859eaf08f5da8752b2da399cc583d5030ac7e9f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c1-91bc-4272-8e48-417f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:01.000Z",
"modified": "2016-06-01T12:32:01.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '350d537414ddc7db6c545e1d2a25406161615693']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c1-87e0-40f3-87f8-4a5b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:01.000Z",
"modified": "2016-06-01T12:32:01.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '4d3f50def97ab7eab86771d1bf2f2710c8af48d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c2-5434-4320-a56d-42d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:02.000Z",
"modified": "2016-06-01T12:32:02.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '594d87c767f776ca610636b601a9cc9faf0fd1e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c2-a24c-46a6-b405-4637950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:02.000Z",
"modified": "2016-06-01T12:32:02.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '5ae28c8f5ff3e35c708ef76e40c9672651ec6fc9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c3-11fc-4786-add5-4d5d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:03.000Z",
"modified": "2016-06-01T12:32:03.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '845b1d71ffec59322f688a21221e5817475d2da9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c3-5ac4-49ea-97aa-4ee0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:03.000Z",
"modified": "2016-06-01T12:32:03.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '89fe9b77ea0e9ec6dc5ded8d9812b4dfab612512']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c3-1cc4-45f2-aba5-4ec6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:03.000Z",
"modified": "2016-06-01T12:32:03.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = '9f227611e68ef2128bdd7a9f03483f7f8e275920']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c4-0cb8-4b6b-bd7a-41b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:04.000Z",
"modified": "2016-06-01T12:32:04.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'a136f9ff047767fe4d603c96c6c57d759a211c2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c4-9624-4b46-94f3-4f47950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:04.000Z",
"modified": "2016-06-01T12:32:04.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'b0c100374dd7142edf97a9d233b3c68bcf77a07e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c5-7c00-4e1e-adc0-4a27950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:05.000Z",
"modified": "2016-06-01T12:32:05.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'b3b07b038834a8b3eb8527f2990a1b8d89e82602']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c5-6eb4-40ed-82fc-4cd4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:05.000Z",
"modified": "2016-06-01T12:32:05.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'bb9bed40b9b8eef3132e6c0844a88744c61fe219']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c5-e72c-4f92-b916-41ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:05.000Z",
"modified": "2016-06-01T12:32:05.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'dce40b0833f241b6027633ff4481a3ea910766c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5c6-eb40-41f0-80f3-4223950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:06.000Z",
"modified": "2016-06-01T12:32:06.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'def75ed1591517947f094b02cb3627a2e852e637']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5de-3ea8-403f-9133-4c72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:30.000Z",
"modified": "2016-06-01T12:32:30.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'e34f5dd4d8b8d40c49afef563055baeee9d0c755']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5de-c5a4-416f-af1b-46bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:30.000Z",
"modified": "2016-06-01T12:32:30.000Z",
"description": "W2KM_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'faccbbc8160e27d7c625d0be6b974825c68dc58c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed5f0-fec4-4326-9431-4ec9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:32:48.000Z",
"modified": "2016-06-01T12:32:48.000Z",
"description": "TSPY_DRIDEX.YVD",
"pattern": "[file:hashes.SHA1 = 'b94f0b460cf620a77120bbe76dd378146116ed25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:32:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed602-3f18-467f-9654-4f00950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:06.000Z",
"modified": "2016-06-01T12:33:06.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.27.189.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed602-8a54-4fc7-8f51-4f17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:06.000Z",
"modified": "2016-06-01T12:33:06.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.35.204.239']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed602-0ef0-4a7f-b750-406b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:06.000Z",
"modified": "2016-06-01T12:33:06.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.207.137.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed603-eb94-4ab0-8676-4224950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:07.000Z",
"modified": "2016-06-01T12:33:07.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '75.67.214.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed603-3aec-48c4-a423-40b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:07.000Z",
"modified": "2016-06-01T12:33:07.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.146.221.200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed603-abb8-4f45-8421-459d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:07.000Z",
"modified": "2016-06-01T12:33:07.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.140.160.54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed604-041c-46d2-920a-411b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:08.000Z",
"modified": "2016-06-01T12:33:08.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.152.47.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed604-0564-4dc2-b336-4ec4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:08.000Z",
"modified": "2016-06-01T12:33:08.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.175.137.132']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed604-656c-4f34-8761-4038950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:08.000Z",
"modified": "2016-06-01T12:33:08.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.230.226.187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed605-d734-400e-8b54-449d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:09.000Z",
"modified": "2016-06-01T12:33:09.000Z",
"description": "On port 8443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.93.247.161']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed617-1ffc-4758-95e5-4a3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:27.000Z",
"modified": "2016-06-01T12:33:27.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = '174.34.164.106:11443/2/natwest_62y7rKX8yF819Lg3/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed618-c908-4d7a-a1c1-4634950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:28.000Z",
"modified": "2016-06-01T12:33:28.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = '174.34.164.106:11443/2/halifaxpers_62y7rKX8yF819Lg3/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed618-8758-4c8d-9eed-4d3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:28.000Z",
"modified": "2016-06-01T12:33:28.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = '174.34.164.106:11443/2/lloydspers_62y7rKX8yF819Lg3/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed619-881c-49e3-b19b-48b4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:29.000Z",
"modified": "2016-06-01T12:33:29.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = '174.34.164.106:11443/2/tsbpers_62y7rKX8yF819Lg3/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed619-e088-4d5b-88f2-4d38950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:29.000Z",
"modified": "2016-06-01T12:33:29.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = '174.34.164.106:11443/2/ulster_ie_62y7rKX8yF819Lg3/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed619-7b70-4c82-a108-4453950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:29.000Z",
"modified": "2016-06-01T12:33:29.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = '174.34.164.106:11443/2/ulster_uk_62y7rKX8yF819Lg3/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed61a-12e8-42c3-87e3-4b1d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:30.000Z",
"modified": "2016-06-01T12:33:30.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = '174.34.164.106:11443/2/bospers_62y7rKX8yF819Lg3/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed61a-a2ac-4061-b5e2-4b05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:30.000Z",
"modified": "2016-06-01T12:33:30.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[url:value = '174.34.164.106:11443/2/rbs_62y7rKX8yF819Lg3/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed636-01a8-45e0-9eb2-420f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:58.000Z",
"modified": "2016-06-01T12:33:58.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.126.113.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed636-d81c-4386-ac68-426c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:58.000Z",
"modified": "2016-06-01T12:33:58.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.135.163.170']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed637-963c-48f7-bd18-4a13950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:59.000Z",
"modified": "2016-06-01T12:33:59.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.53.8.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed637-df08-4cb8-a90c-4499950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:33:59.000Z",
"modified": "2016-06-01T12:33:59.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.161.7.29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:33:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed667-8cd4-4097-aec7-4c0e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:47.000Z",
"modified": "2016-06-01T12:34:47.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '189.201.241.39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed667-132c-4421-8b3a-4a46950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:47.000Z",
"modified": "2016-06-01T12:34:47.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '191.6.166.125']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed667-f3d8-479e-9a21-412d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:47.000Z",
"modified": "2016-06-01T12:34:47.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.218.244.205']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed668-82ac-41c5-8fa6-44b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:48.000Z",
"modified": "2016-06-01T12:34:48.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '179.105.223.6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed668-5290-4c5f-9aa1-4a46950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:48.000Z",
"modified": "2016-06-01T12:34:48.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.114.80.90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed669-d254-4d39-89e9-4369950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:49.000Z",
"modified": "2016-06-01T12:34:49.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.158.6.57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed669-5e70-48f4-be59-4038950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:49.000Z",
"modified": "2016-06-01T12:34:49.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '187.210.229.13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed669-fc88-4936-a528-49c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:49.000Z",
"modified": "2016-06-01T12:34:49.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.111.75.30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed669-20f4-4fbc-97a4-4f19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:49.000Z",
"modified": "2016-06-01T12:34:49.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.64.166.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed669-a45c-452e-995c-4a2b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:49.000Z",
"modified": "2016-06-01T12:34:49.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.44.165.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed669-a114-4a1a-97b5-4855950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:49.000Z",
"modified": "2016-06-01T12:34:49.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.96.114.66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed66a-7898-4a6a-a568-438f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:50.000Z",
"modified": "2016-06-01T12:34:50.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '179.38.90.245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed66a-6390-4023-8c0d-47ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:50.000Z",
"modified": "2016-06-01T12:34:50.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '201.6.240.190']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed66a-f1e8-430e-967a-48a2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:50.000Z",
"modified": "2016-06-01T12:34:50.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.11.93.53']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed66a-8cbc-400b-b433-436b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:50.000Z",
"modified": "2016-06-01T12:34:50.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '191.242.27.96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed66a-2884-4c9d-a612-4d41950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:50.000Z",
"modified": "2016-06-01T12:34:50.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.241.121.168']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed66a-6cb0-4411-8a60-4133950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:50.000Z",
"modified": "2016-06-01T12:34:50.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '60.243.207.59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed66b-0ebc-47a0-8463-43c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:51.000Z",
"modified": "2016-06-01T12:34:51.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '223.31.109.82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed66b-2fb0-4b3f-a30e-4842950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:51.000Z",
"modified": "2016-06-01T12:34:51.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.179.25.170']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed66b-e010-48d7-8901-4754950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:51.000Z",
"modified": "2016-06-01T12:34:51.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.149.90.113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed66b-9864-433e-bd03-4ddf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:51.000Z",
"modified": "2016-06-01T12:34:51.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '114.110.23.217']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed66b-8614-4de4-9d60-4fae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:51.000Z",
"modified": "2016-06-01T12:34:51.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '129.208.209.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed66c-c504-45cc-9197-4e9d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:34:52.000Z",
"modified": "2016-06-01T12:34:52.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '191.241.229.22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:34:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed691-e938-4066-9a76-4a18950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:29.000Z",
"modified": "2016-06-01T12:35:29.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.233.23.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed691-a5e8-41fa-909e-4f74950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:29.000Z",
"modified": "2016-06-01T12:35:29.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.136.220.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed691-b768-4eae-9e84-42a3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:29.000Z",
"modified": "2016-06-01T12:35:29.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.23.143.113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed691-ca04-4bca-9816-4c56950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:29.000Z",
"modified": "2016-06-01T12:35:29.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.108.99.144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed692-2c98-4b23-b11e-42e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:30.000Z",
"modified": "2016-06-01T12:35:30.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.177.147.168']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed692-aed8-46bd-9276-4f64950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:30.000Z",
"modified": "2016-06-01T12:35:30.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.188.199.5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed692-54f0-47fa-9e07-405a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:30.000Z",
"modified": "2016-06-01T12:35:30.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.89.245.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed692-f98c-42c3-be84-46ef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:30.000Z",
"modified": "2016-06-01T12:35:30.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.160.89.195']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed692-daf8-4804-ab83-40f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:30.000Z",
"modified": "2016-06-01T12:35:30.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '186.170.23.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed692-dd38-488c-8184-45bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:30.000Z",
"modified": "2016-06-01T12:35:30.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '150.107.239.145']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed693-1068-4af9-a944-480f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:31.000Z",
"modified": "2016-06-01T12:35:31.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.112.149.50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed693-b61c-431c-9b12-4778950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:31.000Z",
"modified": "2016-06-01T12:35:31.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.104.215.16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed693-9bb8-40a5-8d66-4a19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:31.000Z",
"modified": "2016-06-01T12:35:31.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.215.244.83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed693-d8f8-4e6e-850c-4838950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:31.000Z",
"modified": "2016-06-01T12:35:31.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '36.73.200.237']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed693-ede8-4fd7-b5d9-4d4b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:31.000Z",
"modified": "2016-06-01T12:35:31.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '125.99.72.50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed693-1154-4d3d-bea8-4faf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:31.000Z",
"modified": "2016-06-01T12:35:31.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '175.214.99.120']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed694-1f18-4075-b15b-4211950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:32.000Z",
"modified": "2016-06-01T12:35:32.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.97.118.216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed694-5498-4ea0-b123-4adb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:32.000Z",
"modified": "2016-06-01T12:35:32.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.39.254.233']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed694-794c-4a8e-a139-4df0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:32.000Z",
"modified": "2016-06-01T12:35:32.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.180.4.210']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed694-70f0-4000-a9ce-4b38950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:32.000Z",
"modified": "2016-06-01T12:35:32.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.243.4.132']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed694-35a0-4093-98c7-41f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:32.000Z",
"modified": "2016-06-01T12:35:32.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.231.159.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed694-3b74-4f02-8b48-45e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:32.000Z",
"modified": "2016-06-01T12:35:32.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.159.214.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed695-85cc-4f11-9c21-46a5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:35:33.000Z",
"modified": "2016-06-01T12:35:33.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.117.48.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:35:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c1-e328-4853-a284-42af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:17.000Z",
"modified": "2016-06-01T12:36:17.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.192.147.54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c1-5de8-4f25-b38e-4fcd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:17.000Z",
"modified": "2016-06-01T12:36:17.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.120.67.90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c2-d118-4c33-a360-4168950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:18.000Z",
"modified": "2016-06-01T12:36:18.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.248.222.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c2-5880-4abb-a4df-4a28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:18.000Z",
"modified": "2016-06-01T12:36:18.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.218.102.82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c2-8c40-4ab0-9eb2-444a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:18.000Z",
"modified": "2016-06-01T12:36:18.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.76.248.253']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c3-aee4-47cc-b778-4146950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:19.000Z",
"modified": "2016-06-01T12:36:19.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.59.202.131']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c3-d0bc-4646-b7db-4def950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:19.000Z",
"modified": "2016-06-01T12:36:19.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.76.8.51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c3-14e0-4ca3-bb66-4253950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:19.000Z",
"modified": "2016-06-01T12:36:19.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.207.56.230']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c3-e2b4-43e7-bb01-410d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:19.000Z",
"modified": "2016-06-01T12:36:19.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '43.239.144.71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c3-b1fc-4e34-8a24-4edf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:19.000Z",
"modified": "2016-06-01T12:36:19.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.225.221.162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c4-387c-4574-b5d7-40fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:20.000Z",
"modified": "2016-06-01T12:36:20.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '117.247.232.133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c4-18c4-4209-b252-488c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:20.000Z",
"modified": "2016-06-01T12:36:20.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.124.70.250']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c4-fe2c-402d-a900-4755950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:20.000Z",
"modified": "2016-06-01T12:36:20.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.93.100.4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c4-78c0-449c-97e3-4285950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:20.000Z",
"modified": "2016-06-01T12:36:20.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '49.143.187.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c4-dac0-48fc-a8f3-4e4c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:20.000Z",
"modified": "2016-06-01T12:36:20.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '201.130.1.118']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c5-b09c-4c1c-a246-448b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:21.000Z",
"modified": "2016-06-01T12:36:21.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.177.100.208']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c5-23f8-4376-bf35-4b30950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:21.000Z",
"modified": "2016-06-01T12:36:21.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.210.186.133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c5-f104-41a5-ba11-43ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:21.000Z",
"modified": "2016-06-01T12:36:21.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '177.36.184.144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c5-cc88-4230-9f7b-4c93950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:21.000Z",
"modified": "2016-06-01T12:36:21.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.58.155.253']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c5-1af4-4193-a86e-4919950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:21.000Z",
"modified": "2016-06-01T12:36:21.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.108.145.100']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c6-9c50-4575-b623-4635950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:22.000Z",
"modified": "2016-06-01T12:36:22.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.18.180.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed6c6-bcac-4289-bff8-4ceb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:36:22.000Z",
"modified": "2016-06-01T12:36:22.000Z",
"description": "Spam-sending IP address",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '177.39.155.115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:36:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed704-3d8c-4c86-99b8-42ed02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:24.000Z",
"modified": "2016-06-01T12:37:24.000Z",
"description": "TSPY_DRIDEX.YVD - Xchecked via VT: b94f0b460cf620a77120bbe76dd378146116ed25",
"pattern": "[file:hashes.SHA256 = 'ea17b486de6584313623ec0db9cafac96cb454b91894bb9a4cc1754135d0bd35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed704-f154-4163-868a-469f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:24.000Z",
"modified": "2016-06-01T12:37:24.000Z",
"description": "TSPY_DRIDEX.YVD - Xchecked via VT: b94f0b460cf620a77120bbe76dd378146116ed25",
"pattern": "[file:hashes.MD5 = '5c752edd310dc7eba126073bcd42496f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed705-4484-48f9-97cd-4ebd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:25.000Z",
"modified": "2016-06-01T12:37:25.000Z",
"first_observed": "2016-06-01T12:37:25Z",
"last_observed": "2016-06-01T12:37:25Z",
"number_observed": 1,
"object_refs": [
"url--574ed705-4484-48f9-97cd-4ebd02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed705-4484-48f9-97cd-4ebd02de0b81",
"value": "https://www.virustotal.com/file/ea17b486de6584313623ec0db9cafac96cb454b91894bb9a4cc1754135d0bd35/analysis/1464188709/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed705-0b6c-4af6-8696-47b702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:25.000Z",
"modified": "2016-06-01T12:37:25.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: faccbbc8160e27d7c625d0be6b974825c68dc58c",
"pattern": "[file:hashes.SHA256 = '043643002c18d2a0b533b3ae26f5c18e24c37140121af68a43884f100c3d6efb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed705-115c-4aa0-9074-4da902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:25.000Z",
"modified": "2016-06-01T12:37:25.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: faccbbc8160e27d7c625d0be6b974825c68dc58c",
"pattern": "[file:hashes.MD5 = '4213752f723b67033b34dc256b1fdeb9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed706-d5ec-405d-a9b2-41aa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:26.000Z",
"modified": "2016-06-01T12:37:26.000Z",
"first_observed": "2016-06-01T12:37:26Z",
"last_observed": "2016-06-01T12:37:26Z",
"number_observed": 1,
"object_refs": [
"url--574ed706-d5ec-405d-a9b2-41aa02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed706-d5ec-405d-a9b2-41aa02de0b81",
"value": "https://www.virustotal.com/file/043643002c18d2a0b533b3ae26f5c18e24c37140121af68a43884f100c3d6efb/analysis/1464187130/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed706-0910-494f-b42c-4b7102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:26.000Z",
"modified": "2016-06-01T12:37:26.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: e34f5dd4d8b8d40c49afef563055baeee9d0c755",
"pattern": "[file:hashes.SHA256 = 'ef80990a71475aba186a248ce43fc5a3e25fed3bb8dececcac3a894c5c788a52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed707-0100-46ba-bc57-480302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:26.000Z",
"modified": "2016-06-01T12:37:26.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: e34f5dd4d8b8d40c49afef563055baeee9d0c755",
"pattern": "[file:hashes.MD5 = '0b3cfdf6acf83b61b898f1095c96a4fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed707-d860-45fd-b811-48d502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:27.000Z",
"modified": "2016-06-01T12:37:27.000Z",
"first_observed": "2016-06-01T12:37:27Z",
"last_observed": "2016-06-01T12:37:27Z",
"number_observed": 1,
"object_refs": [
"url--574ed707-d860-45fd-b811-48d502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed707-d860-45fd-b811-48d502de0b81",
"value": "https://www.virustotal.com/file/ef80990a71475aba186a248ce43fc5a3e25fed3bb8dececcac3a894c5c788a52/analysis/1464274811/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed707-a2d0-4938-8dda-41c202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:27.000Z",
"modified": "2016-06-01T12:37:27.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: def75ed1591517947f094b02cb3627a2e852e637",
"pattern": "[file:hashes.SHA256 = '2becbdae70ae1cd71f6d9ed88344883f3fe4484b284e1527fa637b8e02aa4599']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed708-5bcc-4a14-8c6a-4c9502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:28.000Z",
"modified": "2016-06-01T12:37:28.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: def75ed1591517947f094b02cb3627a2e852e637",
"pattern": "[file:hashes.MD5 = '873333a6c2d66447e1144288b5fe7e30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed708-391c-4353-9c18-440602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:28.000Z",
"modified": "2016-06-01T12:37:28.000Z",
"first_observed": "2016-06-01T12:37:28Z",
"last_observed": "2016-06-01T12:37:28Z",
"number_observed": 1,
"object_refs": [
"url--574ed708-391c-4353-9c18-440602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed708-391c-4353-9c18-440602de0b81",
"value": "https://www.virustotal.com/file/2becbdae70ae1cd71f6d9ed88344883f3fe4484b284e1527fa637b8e02aa4599/analysis/1464274509/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed708-9e34-4f9e-a55f-4d2902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:28.000Z",
"modified": "2016-06-01T12:37:28.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: dce40b0833f241b6027633ff4481a3ea910766c3",
"pattern": "[file:hashes.SHA256 = 'b9befc85c45bcec49ee487d3fece40a84a4341d2afc8726fd3f48316b79c3212']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed709-d55c-4675-8236-467602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:29.000Z",
"modified": "2016-06-01T12:37:29.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: dce40b0833f241b6027633ff4481a3ea910766c3",
"pattern": "[file:hashes.MD5 = 'b6d59fae3c4e8f53a9b7b4d5713f4245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed709-b7a8-442f-8c45-41bc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:29.000Z",
"modified": "2016-06-01T12:37:29.000Z",
"first_observed": "2016-06-01T12:37:29Z",
"last_observed": "2016-06-01T12:37:29Z",
"number_observed": 1,
"object_refs": [
"url--574ed709-b7a8-442f-8c45-41bc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed709-b7a8-442f-8c45-41bc02de0b81",
"value": "https://www.virustotal.com/file/b9befc85c45bcec49ee487d3fece40a84a4341d2afc8726fd3f48316b79c3212/analysis/1464274515/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed709-bfa0-4d25-96b9-4dad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:29.000Z",
"modified": "2016-06-01T12:37:29.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: bb9bed40b9b8eef3132e6c0844a88744c61fe219",
"pattern": "[file:hashes.SHA256 = '1b1f3fda172f175739b5283d9ca2aa258ebb2d65a1e7e1b0eec2bc41bba48f9e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed70a-03e4-4770-b329-400002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:30.000Z",
"modified": "2016-06-01T12:37:30.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: bb9bed40b9b8eef3132e6c0844a88744c61fe219",
"pattern": "[file:hashes.MD5 = '645598660fe6e184bc1d59816796f54d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed70a-84ec-4b7b-bf22-40e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:30.000Z",
"modified": "2016-06-01T12:37:30.000Z",
"first_observed": "2016-06-01T12:37:30Z",
"last_observed": "2016-06-01T12:37:30Z",
"number_observed": 1,
"object_refs": [
"url--574ed70a-84ec-4b7b-bf22-40e802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed70a-84ec-4b7b-bf22-40e802de0b81",
"value": "https://www.virustotal.com/file/1b1f3fda172f175739b5283d9ca2aa258ebb2d65a1e7e1b0eec2bc41bba48f9e/analysis/1464154807/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed70b-39c0-45d6-8bbd-419f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:31.000Z",
"modified": "2016-06-01T12:37:31.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: b3b07b038834a8b3eb8527f2990a1b8d89e82602",
"pattern": "[file:hashes.SHA256 = 'd3e7693c2c26d8c915766d048ebe01131972881fa9ec57bfe7e182cbe8b8e5ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed70b-0738-4742-a911-4da602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:31.000Z",
"modified": "2016-06-01T12:37:31.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: b3b07b038834a8b3eb8527f2990a1b8d89e82602",
"pattern": "[file:hashes.MD5 = 'a791732bda4dd212ea961e5c4accc9eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed70b-9a04-4cb4-914b-414f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:31.000Z",
"modified": "2016-06-01T12:37:31.000Z",
"first_observed": "2016-06-01T12:37:31Z",
"last_observed": "2016-06-01T12:37:31Z",
"number_observed": 1,
"object_refs": [
"url--574ed70b-9a04-4cb4-914b-414f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed70b-9a04-4cb4-914b-414f02de0b81",
"value": "https://www.virustotal.com/file/d3e7693c2c26d8c915766d048ebe01131972881fa9ec57bfe7e182cbe8b8e5ea/analysis/1464154207/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed70c-8444-4f0a-a9bb-468802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:32.000Z",
"modified": "2016-06-01T12:37:32.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: b0c100374dd7142edf97a9d233b3c68bcf77a07e",
"pattern": "[file:hashes.SHA256 = '62a5d3ec0dcda0aa72d13b2deac30307935b41b3e5a0e132fc4cf70cb2688543']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed70c-6f98-4634-b600-463d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:32.000Z",
"modified": "2016-06-01T12:37:32.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: b0c100374dd7142edf97a9d233b3c68bcf77a07e",
"pattern": "[file:hashes.MD5 = '16eb1828b27feb9dd470eb018be39d0a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed70d-7c98-4944-bb1d-460702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:33.000Z",
"modified": "2016-06-01T12:37:33.000Z",
"first_observed": "2016-06-01T12:37:33Z",
"last_observed": "2016-06-01T12:37:33Z",
"number_observed": 1,
"object_refs": [
"url--574ed70d-7c98-4944-bb1d-460702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed70d-7c98-4944-bb1d-460702de0b81",
"value": "https://www.virustotal.com/file/62a5d3ec0dcda0aa72d13b2deac30307935b41b3e5a0e132fc4cf70cb2688543/analysis/1464332226/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed70d-d298-40c9-bd98-499f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:33.000Z",
"modified": "2016-06-01T12:37:33.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: a136f9ff047767fe4d603c96c6c57d759a211c2c",
"pattern": "[file:hashes.SHA256 = '4936f72d9bd07214d6ce00ca574183e321a9971aa190c1faba8c5c0c4061c378']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed70d-dabc-43d8-9a68-4f2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:33.000Z",
"modified": "2016-06-01T12:37:33.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: a136f9ff047767fe4d603c96c6c57d759a211c2c",
"pattern": "[file:hashes.MD5 = '6e50f2d582e7fab6465ba1ce1f1c9188']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed70e-fb20-411c-93b1-488d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:34.000Z",
"modified": "2016-06-01T12:37:34.000Z",
"first_observed": "2016-06-01T12:37:34Z",
"last_observed": "2016-06-01T12:37:34Z",
"number_observed": 1,
"object_refs": [
"url--574ed70e-fb20-411c-93b1-488d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed70e-fb20-411c-93b1-488d02de0b81",
"value": "https://www.virustotal.com/file/4936f72d9bd07214d6ce00ca574183e321a9971aa190c1faba8c5c0c4061c378/analysis/1464330836/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed70e-23b8-42a4-b417-4c6b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:34.000Z",
"modified": "2016-06-01T12:37:34.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 9f227611e68ef2128bdd7a9f03483f7f8e275920",
"pattern": "[file:hashes.SHA256 = 'd62a247ac628eab408c641938efac031f824aab678ce567476553edf9f7abbf4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed70e-f5f0-47cf-a2e4-44d202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:34.000Z",
"modified": "2016-06-01T12:37:34.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 9f227611e68ef2128bdd7a9f03483f7f8e275920",
"pattern": "[file:hashes.MD5 = '409a27ae35ee674aaa4298e097fc8611']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed70f-8b0c-4932-a627-4eaa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:35.000Z",
"modified": "2016-06-01T12:37:35.000Z",
"first_observed": "2016-06-01T12:37:35Z",
"last_observed": "2016-06-01T12:37:35Z",
"number_observed": 1,
"object_refs": [
"url--574ed70f-8b0c-4932-a627-4eaa02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed70f-8b0c-4932-a627-4eaa02de0b81",
"value": "https://www.virustotal.com/file/d62a247ac628eab408c641938efac031f824aab678ce567476553edf9f7abbf4/analysis/1464280807/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed70f-6f58-491d-8609-4d6a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:35.000Z",
"modified": "2016-06-01T12:37:35.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 89fe9b77ea0e9ec6dc5ded8d9812b4dfab612512",
"pattern": "[file:hashes.SHA256 = '1820e5f7eb34d9ce693f5a075415ae6a1c6cb56856ef96392517eaf40e36fc37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed710-1e2c-4bf7-a8a1-4e7e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:36.000Z",
"modified": "2016-06-01T12:37:36.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 89fe9b77ea0e9ec6dc5ded8d9812b4dfab612512",
"pattern": "[file:hashes.MD5 = 'a9c351e6b50320213e017885c85bc1a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed710-636c-46f2-aacd-419202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:36.000Z",
"modified": "2016-06-01T12:37:36.000Z",
"first_observed": "2016-06-01T12:37:36Z",
"last_observed": "2016-06-01T12:37:36Z",
"number_observed": 1,
"object_refs": [
"url--574ed710-636c-46f2-aacd-419202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed710-636c-46f2-aacd-419202de0b81",
"value": "https://www.virustotal.com/file/1820e5f7eb34d9ce693f5a075415ae6a1c6cb56856ef96392517eaf40e36fc37/analysis/1464671185/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed710-bc30-45d7-aab9-427002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:36.000Z",
"modified": "2016-06-01T12:37:36.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 845b1d71ffec59322f688a21221e5817475d2da9",
"pattern": "[file:hashes.SHA256 = 'c37c07c4bdfe5b5ef66b42051f62fc1091c4e34b09ce83a12856fecda9e25b1d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed711-79e0-4dc6-9503-4ef902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:37.000Z",
"modified": "2016-06-01T12:37:37.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 845b1d71ffec59322f688a21221e5817475d2da9",
"pattern": "[file:hashes.MD5 = '5d917ed2ab5b87f9a72ae34db5e9143d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed711-beb0-43b8-953a-4e6202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:37.000Z",
"modified": "2016-06-01T12:37:37.000Z",
"first_observed": "2016-06-01T12:37:37Z",
"last_observed": "2016-06-01T12:37:37Z",
"number_observed": 1,
"object_refs": [
"url--574ed711-beb0-43b8-953a-4e6202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed711-beb0-43b8-953a-4e6202de0b81",
"value": "https://www.virustotal.com/file/c37c07c4bdfe5b5ef66b42051f62fc1091c4e34b09ce83a12856fecda9e25b1d/analysis/1464274518/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed711-dae0-480a-85ae-4e1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:37.000Z",
"modified": "2016-06-01T12:37:37.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 5ae28c8f5ff3e35c708ef76e40c9672651ec6fc9",
"pattern": "[file:hashes.SHA256 = 'c18cfb614c133aea643b85f27a0787df09a42a2a2b24d5fac5c411af35287a70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed712-ca6c-4b4e-b6b3-4d0102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:38.000Z",
"modified": "2016-06-01T12:37:38.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 5ae28c8f5ff3e35c708ef76e40c9672651ec6fc9",
"pattern": "[file:hashes.MD5 = '21078e101eacde6ebb36cbc7667bba46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed712-b44c-4f9a-ae9a-463602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:38.000Z",
"modified": "2016-06-01T12:37:38.000Z",
"first_observed": "2016-06-01T12:37:38Z",
"last_observed": "2016-06-01T12:37:38Z",
"number_observed": 1,
"object_refs": [
"url--574ed712-b44c-4f9a-ae9a-463602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed712-b44c-4f9a-ae9a-463602de0b81",
"value": "https://www.virustotal.com/file/c18cfb614c133aea643b85f27a0787df09a42a2a2b24d5fac5c411af35287a70/analysis/1464283210/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed713-9878-4b07-aab3-4bc902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:39.000Z",
"modified": "2016-06-01T12:37:39.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 594d87c767f776ca610636b601a9cc9faf0fd1e0",
"pattern": "[file:hashes.SHA256 = 'b3fa5fb185ebf75d76af10374c57c8194746f555e72e1d64c4d58436b7de6895']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed713-6890-4b88-9cd9-429f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:39.000Z",
"modified": "2016-06-01T12:37:39.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 594d87c767f776ca610636b601a9cc9faf0fd1e0",
"pattern": "[file:hashes.MD5 = '296615b212b15f904d80f258fb802d60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed713-2ad8-4dad-b4fc-498702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:39.000Z",
"modified": "2016-06-01T12:37:39.000Z",
"first_observed": "2016-06-01T12:37:39Z",
"last_observed": "2016-06-01T12:37:39Z",
"number_observed": 1,
"object_refs": [
"url--574ed713-2ad8-4dad-b4fc-498702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed713-2ad8-4dad-b4fc-498702de0b81",
"value": "https://www.virustotal.com/file/b3fa5fb185ebf75d76af10374c57c8194746f555e72e1d64c4d58436b7de6895/analysis/1464279906/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed714-d3b8-42c9-a33a-46a402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:40.000Z",
"modified": "2016-06-01T12:37:40.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 4d3f50def97ab7eab86771d1bf2f2710c8af48d0",
"pattern": "[file:hashes.SHA256 = '7067dfb09619a5bafa9156fe6ee339e45fcf6afc59a6a755e36944178f86d1e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed714-7464-45e6-965a-42e902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:40.000Z",
"modified": "2016-06-01T12:37:40.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 4d3f50def97ab7eab86771d1bf2f2710c8af48d0",
"pattern": "[file:hashes.MD5 = '2798b6f9723d4a78800be3d9bd2bb00a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed714-b380-4d57-976d-4d7702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:40.000Z",
"modified": "2016-06-01T12:37:40.000Z",
"first_observed": "2016-06-01T12:37:40Z",
"last_observed": "2016-06-01T12:37:40Z",
"number_observed": 1,
"object_refs": [
"url--574ed714-b380-4d57-976d-4d7702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed714-b380-4d57-976d-4d7702de0b81",
"value": "https://www.virustotal.com/file/7067dfb09619a5bafa9156fe6ee339e45fcf6afc59a6a755e36944178f86d1e2/analysis/1464280807/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed715-883c-47a3-b056-478702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:41.000Z",
"modified": "2016-06-01T12:37:41.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 350d537414ddc7db6c545e1d2a25406161615693",
"pattern": "[file:hashes.SHA256 = 'da90bc5e927db21ee4788c2818fc26dbe08bb0c02b931cc3cf298145760d6f07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed715-dae8-43cb-97bb-457e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:41.000Z",
"modified": "2016-06-01T12:37:41.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 350d537414ddc7db6c545e1d2a25406161615693",
"pattern": "[file:hashes.MD5 = '398b7b5ae9bab18c002a801bfc0ae1af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed716-a3b8-4739-9cc5-469d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:42.000Z",
"modified": "2016-06-01T12:37:42.000Z",
"first_observed": "2016-06-01T12:37:42Z",
"last_observed": "2016-06-01T12:37:42Z",
"number_observed": 1,
"object_refs": [
"url--574ed716-a3b8-4739-9cc5-469d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed716-a3b8-4739-9cc5-469d02de0b81",
"value": "https://www.virustotal.com/file/da90bc5e927db21ee4788c2818fc26dbe08bb0c02b931cc3cf298145760d6f07/analysis/1464274808/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed716-46b8-4926-a667-405f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:42.000Z",
"modified": "2016-06-01T12:37:42.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 2859eaf08f5da8752b2da399cc583d5030ac7e9f",
"pattern": "[file:hashes.SHA256 = '7e5862b8f96535cb3139e5508949fbb7d33c5dbdf0850d5464e3b9f999e8178e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed716-7120-422e-b689-49ee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:42.000Z",
"modified": "2016-06-01T12:37:42.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 2859eaf08f5da8752b2da399cc583d5030ac7e9f",
"pattern": "[file:hashes.MD5 = '4ebfb103d9a738e9015dcb40fbc6e116']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed717-4138-41ca-b237-4d6302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:43.000Z",
"modified": "2016-06-01T12:37:43.000Z",
"first_observed": "2016-06-01T12:37:43Z",
"last_observed": "2016-06-01T12:37:43Z",
"number_observed": 1,
"object_refs": [
"url--574ed717-4138-41ca-b237-4d6302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed717-4138-41ca-b237-4d6302de0b81",
"value": "https://www.virustotal.com/file/7e5862b8f96535cb3139e5508949fbb7d33c5dbdf0850d5464e3b9f999e8178e/analysis/1464274512/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed717-1b74-4075-a4ad-47ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:43.000Z",
"modified": "2016-06-01T12:37:43.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 0b70c4376e74700bb4df6882c28a71ace417d2c9",
"pattern": "[file:hashes.SHA256 = '821b3e36646266a31fe06cad2103e42a6f747985023e6f598206500433b8a2bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed718-8ea8-47b3-bf14-476002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:44.000Z",
"modified": "2016-06-01T12:37:44.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 0b70c4376e74700bb4df6882c28a71ace417d2c9",
"pattern": "[file:hashes.MD5 = '2d72390dc6ee07efa3e5ac76e533292c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed718-0478-4878-83ae-4aa102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:44.000Z",
"modified": "2016-06-01T12:37:44.000Z",
"first_observed": "2016-06-01T12:37:44Z",
"last_observed": "2016-06-01T12:37:44Z",
"number_observed": 1,
"object_refs": [
"url--574ed718-0478-4878-83ae-4aa102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed718-0478-4878-83ae-4aa102de0b81",
"value": "https://www.virustotal.com/file/821b3e36646266a31fe06cad2103e42a6f747985023e6f598206500433b8a2bc/analysis/1464154206/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed718-3d6c-4034-b842-4d3502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:44.000Z",
"modified": "2016-06-01T12:37:44.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 0699fb11acea5906e4f5d6c97164812c51b579d2",
"pattern": "[file:hashes.SHA256 = '9ee70f3e41e9ed63dfa9f13d767447e91adeb09305db6fff7f420ba18a8a86a5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed719-fc1c-4964-9bbc-41c502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:45.000Z",
"modified": "2016-06-01T12:37:45.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 0699fb11acea5906e4f5d6c97164812c51b579d2",
"pattern": "[file:hashes.MD5 = '8a2a8e3dfb654bb9bf3eb77d7495476a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed719-683c-4fde-963e-4b5c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:45.000Z",
"modified": "2016-06-01T12:37:45.000Z",
"first_observed": "2016-06-01T12:37:45Z",
"last_observed": "2016-06-01T12:37:45Z",
"number_observed": 1,
"object_refs": [
"url--574ed719-683c-4fde-963e-4b5c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed719-683c-4fde-963e-4b5c02de0b81",
"value": "https://www.virustotal.com/file/9ee70f3e41e9ed63dfa9f13d767447e91adeb09305db6fff7f420ba18a8a86a5/analysis/1464274510/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed719-bc10-4e19-a33d-4e3402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:45.000Z",
"modified": "2016-06-01T12:37:45.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: f778982a989c54f800aac913e0e9afa7d6c6a8f2",
"pattern": "[file:hashes.SHA256 = 'b23e7549da1df710501490bf267ac049b7b65fb11a5b765cc36445dd8cddb68d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed71a-e484-4ded-9391-41e202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:46.000Z",
"modified": "2016-06-01T12:37:46.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: f778982a989c54f800aac913e0e9afa7d6c6a8f2",
"pattern": "[file:hashes.MD5 = '3cb78ca08348504682964e7d9a627e1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed71a-de0c-4a7e-9e34-44f902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:46.000Z",
"modified": "2016-06-01T12:37:46.000Z",
"first_observed": "2016-06-01T12:37:46Z",
"last_observed": "2016-06-01T12:37:46Z",
"number_observed": 1,
"object_refs": [
"url--574ed71a-de0c-4a7e-9e34-44f902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed71a-de0c-4a7e-9e34-44f902de0b81",
"value": "https://www.virustotal.com/file/b23e7549da1df710501490bf267ac049b7b65fb11a5b765cc36445dd8cddb68d/analysis/1464276308/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed71b-a28c-46be-a965-4f9d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:47.000Z",
"modified": "2016-06-01T12:37:47.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: f9d17572fdf3e891f03e23ea0b1bfef276405b49",
"pattern": "[file:hashes.SHA256 = 'bc56b4211c3d305064b4c94ef66a1e35159e61a8ff49e7fb92e863591b4c9e3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed71b-4678-4049-a426-444802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:47.000Z",
"modified": "2016-06-01T12:37:47.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: f9d17572fdf3e891f03e23ea0b1bfef276405b49",
"pattern": "[file:hashes.MD5 = 'cf6ebf48497b91ddcad30e2f316ade2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed71b-246c-4efc-93ba-4d3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:47.000Z",
"modified": "2016-06-01T12:37:47.000Z",
"first_observed": "2016-06-01T12:37:47Z",
"last_observed": "2016-06-01T12:37:47Z",
"number_observed": 1,
"object_refs": [
"url--574ed71b-246c-4efc-93ba-4d3202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed71b-246c-4efc-93ba-4d3202de0b81",
"value": "https://www.virustotal.com/file/bc56b4211c3d305064b4c94ef66a1e35159e61a8ff49e7fb92e863591b4c9e3c/analysis/1464659554/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed71c-c46c-4f1b-a2c9-42f602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:48.000Z",
"modified": "2016-06-01T12:37:48.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: ea83c4f39ce54f09359f09f14ae8e05e055ab6c5",
"pattern": "[file:hashes.SHA256 = '8c40417b2f5927ed0c74a066c530fc8aac676e9405e3feee57de2f11322bbb46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed71c-7cec-4f0f-bda3-4c0002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:48.000Z",
"modified": "2016-06-01T12:37:48.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: ea83c4f39ce54f09359f09f14ae8e05e055ab6c5",
"pattern": "[file:hashes.MD5 = 'bc8d8284f8127188a41e3d2cebbc18f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed71c-8974-43c1-b9cf-481402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:48.000Z",
"modified": "2016-06-01T12:37:48.000Z",
"first_observed": "2016-06-01T12:37:48Z",
"last_observed": "2016-06-01T12:37:48Z",
"number_observed": 1,
"object_refs": [
"url--574ed71c-8974-43c1-b9cf-481402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed71c-8974-43c1-b9cf-481402de0b81",
"value": "https://www.virustotal.com/file/8c40417b2f5927ed0c74a066c530fc8aac676e9405e3feee57de2f11322bbb46/analysis/1464281411/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed71d-10c4-4461-b448-491c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:49.000Z",
"modified": "2016-06-01T12:37:49.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: de238864f60e34b6fc6d4d26590692141ad9ca32",
"pattern": "[file:hashes.SHA256 = 'ef5370e9e3b3d6d48469ee6c43ba6487ad37fc3eae3c0816d0426f76642b12c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed71d-7e88-4f51-9078-472002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:49.000Z",
"modified": "2016-06-01T12:37:49.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: de238864f60e34b6fc6d4d26590692141ad9ca32",
"pattern": "[file:hashes.MD5 = '1414746553b755f09e5caae544a8bf04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed71d-c10c-4e74-9572-4b3d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:49.000Z",
"modified": "2016-06-01T12:37:49.000Z",
"first_observed": "2016-06-01T12:37:49Z",
"last_observed": "2016-06-01T12:37:49Z",
"number_observed": 1,
"object_refs": [
"url--574ed71d-c10c-4e74-9572-4b3d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed71d-c10c-4e74-9572-4b3d02de0b81",
"value": "https://www.virustotal.com/file/ef5370e9e3b3d6d48469ee6c43ba6487ad37fc3eae3c0816d0426f76642b12c9/analysis/1464088723/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed71e-fe00-443d-ba58-4fbe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:50.000Z",
"modified": "2016-06-01T12:37:50.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: d775706af618112ad7e8defe3a77ec9724b97a8a",
"pattern": "[file:hashes.SHA256 = 'd835b6594bab079a43f18bd5e88a8bc5ed5e576631ed2e66167959a1642c970e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed71e-5db4-4180-9928-4a8902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:50.000Z",
"modified": "2016-06-01T12:37:50.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: d775706af618112ad7e8defe3a77ec9724b97a8a",
"pattern": "[file:hashes.MD5 = '3d4a41941efeb13932b18f34781c3664']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed71f-9774-4660-86cc-410302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:51.000Z",
"modified": "2016-06-01T12:37:51.000Z",
"first_observed": "2016-06-01T12:37:51Z",
"last_observed": "2016-06-01T12:37:51Z",
"number_observed": 1,
"object_refs": [
"url--574ed71f-9774-4660-86cc-410302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed71f-9774-4660-86cc-410302de0b81",
"value": "https://www.virustotal.com/file/d835b6594bab079a43f18bd5e88a8bc5ed5e576631ed2e66167959a1642c970e/analysis/1464282306/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed71f-3f20-471b-9e13-475d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:51.000Z",
"modified": "2016-06-01T12:37:51.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: befa9acb077f8c8c75e3892a811c5bfd08e3e7fe",
"pattern": "[file:hashes.SHA256 = 'c325f91bc0b66729e252f985a6833e8f74b3ef13c1060cb3c53108889c995766']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed71f-d078-4eb6-be22-40d002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:51.000Z",
"modified": "2016-06-01T12:37:51.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: befa9acb077f8c8c75e3892a811c5bfd08e3e7fe",
"pattern": "[file:hashes.MD5 = 'de33d6a0adf1d2b25a93dcac6e0e721c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed720-76f4-4599-afc8-4bef02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:52.000Z",
"modified": "2016-06-01T12:37:52.000Z",
"first_observed": "2016-06-01T12:37:52Z",
"last_observed": "2016-06-01T12:37:52Z",
"number_observed": 1,
"object_refs": [
"url--574ed720-76f4-4599-afc8-4bef02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed720-76f4-4599-afc8-4bef02de0b81",
"value": "https://www.virustotal.com/file/c325f91bc0b66729e252f985a6833e8f74b3ef13c1060cb3c53108889c995766/analysis/1464279907/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed720-3dd0-47df-ad07-487102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:52.000Z",
"modified": "2016-06-01T12:37:52.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: b99d8c6e0ad54728cb93eb22a1ae9115a2cfc750",
"pattern": "[file:hashes.SHA256 = '85e2fa225eeb3bb50b38bb47bf256230b50a04d77ef10368e80a882fcc4c8ea1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed720-62a4-4741-ba52-4cea02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:52.000Z",
"modified": "2016-06-01T12:37:52.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: b99d8c6e0ad54728cb93eb22a1ae9115a2cfc750",
"pattern": "[file:hashes.MD5 = 'cac113ea6e5355e8f9ffdbdd13d00477']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed721-0dbc-46ba-bacf-4fd602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:53.000Z",
"modified": "2016-06-01T12:37:53.000Z",
"first_observed": "2016-06-01T12:37:53Z",
"last_observed": "2016-06-01T12:37:53Z",
"number_observed": 1,
"object_refs": [
"url--574ed721-0dbc-46ba-bacf-4fd602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed721-0dbc-46ba-bacf-4fd602de0b81",
"value": "https://www.virustotal.com/file/85e2fa225eeb3bb50b38bb47bf256230b50a04d77ef10368e80a882fcc4c8ea1/analysis/1464174821/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed721-3e30-4b23-9b98-45ee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:53.000Z",
"modified": "2016-06-01T12:37:53.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: b9afbd6054d4c512b0e4e048e2eec518acc95b0a",
"pattern": "[file:hashes.SHA256 = '6bee86eeab18533aa3fd2ccaa773d15a68bbfbd92f3a52cc4a8877dc1dbe0f48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed722-c12c-4e7a-869a-4dc202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:54.000Z",
"modified": "2016-06-01T12:37:54.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: b9afbd6054d4c512b0e4e048e2eec518acc95b0a",
"pattern": "[file:hashes.MD5 = '8e2916624c4718ab2fa554f3a696d162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed722-7fdc-4092-b4ed-470b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:54.000Z",
"modified": "2016-06-01T12:37:54.000Z",
"first_observed": "2016-06-01T12:37:54Z",
"last_observed": "2016-06-01T12:37:54Z",
"number_observed": 1,
"object_refs": [
"url--574ed722-7fdc-4092-b4ed-470b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed722-7fdc-4092-b4ed-470b02de0b81",
"value": "https://www.virustotal.com/file/6bee86eeab18533aa3fd2ccaa773d15a68bbfbd92f3a52cc4a8877dc1dbe0f48/analysis/1464282608/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed722-26e4-4a98-b8f2-4c5c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:54.000Z",
"modified": "2016-06-01T12:37:54.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: aea29b594274eeabf954415a347fbca802d057e3",
"pattern": "[file:hashes.SHA256 = '4d6333f9d2f1aa7e52150c304a718d245d3e5feac364dbe07eb4641d36891982']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed723-bdd0-4b2f-9efe-46e402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:55.000Z",
"modified": "2016-06-01T12:37:55.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: aea29b594274eeabf954415a347fbca802d057e3",
"pattern": "[file:hashes.MD5 = '5678143f61315cc6e3797f0610383b61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed723-eca4-4f99-9bbd-4fa302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:55.000Z",
"modified": "2016-06-01T12:37:55.000Z",
"first_observed": "2016-06-01T12:37:55Z",
"last_observed": "2016-06-01T12:37:55Z",
"number_observed": 1,
"object_refs": [
"url--574ed723-eca4-4f99-9bbd-4fa302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed723-eca4-4f99-9bbd-4fa302de0b81",
"value": "https://www.virustotal.com/file/4d6333f9d2f1aa7e52150c304a718d245d3e5feac364dbe07eb4641d36891982/analysis/1464190639/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed724-4c64-45fb-81b2-421802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:55.000Z",
"modified": "2016-06-01T12:37:55.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: a3606a848a40c554ee60add2eb53ba44778aca46",
"pattern": "[file:hashes.SHA256 = '120cd62b6d6125dce5cd1166af2911da19c442dba615aa3b225de455de375725']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed724-6e98-485d-9e4a-4ee402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:56.000Z",
"modified": "2016-06-01T12:37:56.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: a3606a848a40c554ee60add2eb53ba44778aca46",
"pattern": "[file:hashes.MD5 = '916b2e1b00de50fe6febc13f9320b52a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed724-2c4c-4634-ba06-4df702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:56.000Z",
"modified": "2016-06-01T12:37:56.000Z",
"first_observed": "2016-06-01T12:37:56Z",
"last_observed": "2016-06-01T12:37:56Z",
"number_observed": 1,
"object_refs": [
"url--574ed724-2c4c-4634-ba06-4df702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed724-2c4c-4634-ba06-4df702de0b81",
"value": "https://www.virustotal.com/file/120cd62b6d6125dce5cd1166af2911da19c442dba615aa3b225de455de375725/analysis/1464279906/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed725-3600-4f8a-9a96-47dc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:57.000Z",
"modified": "2016-06-01T12:37:57.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: a14b2b9626549b34737ffb55a5caff71cdb3d714",
"pattern": "[file:hashes.SHA256 = 'abd4f9bbf5f28c3867dcfe26e6f85dd0db574881c04d03ec50a2d0a86899b081']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed725-8594-47cb-bea3-47f702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:57.000Z",
"modified": "2016-06-01T12:37:57.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: a14b2b9626549b34737ffb55a5caff71cdb3d714",
"pattern": "[file:hashes.MD5 = '3865b020786854c99e23e24156216dbd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed725-d964-4b42-86a8-4ce902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:57.000Z",
"modified": "2016-06-01T12:37:57.000Z",
"first_observed": "2016-06-01T12:37:57Z",
"last_observed": "2016-06-01T12:37:57Z",
"number_observed": 1,
"object_refs": [
"url--574ed725-d964-4b42-86a8-4ce902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed725-d964-4b42-86a8-4ce902de0b81",
"value": "https://www.virustotal.com/file/abd4f9bbf5f28c3867dcfe26e6f85dd0db574881c04d03ec50a2d0a86899b081/analysis/1464279907/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed726-5d88-4b3e-b983-420602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:58.000Z",
"modified": "2016-06-01T12:37:58.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: a1a5c7a55e14481a93b1e2a836a4ffaf1242b301",
"pattern": "[file:hashes.SHA256 = 'a629a15c09782e3869d20ea91c6925c03988058943c1b0cb53f6bb02bee38e1b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed726-bb10-4e4b-ab8a-4dc102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:58.000Z",
"modified": "2016-06-01T12:37:58.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: a1a5c7a55e14481a93b1e2a836a4ffaf1242b301",
"pattern": "[file:hashes.MD5 = 'ff75a1f58320f8ccc8f2e1c9e7341392']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed726-503c-45ec-8788-4edc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:58.000Z",
"modified": "2016-06-01T12:37:58.000Z",
"first_observed": "2016-06-01T12:37:58Z",
"last_observed": "2016-06-01T12:37:58Z",
"number_observed": 1,
"object_refs": [
"url--574ed726-503c-45ec-8788-4edc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed726-503c-45ec-8788-4edc02de0b81",
"value": "https://www.virustotal.com/file/a629a15c09782e3869d20ea91c6925c03988058943c1b0cb53f6bb02bee38e1b/analysis/1464355548/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed727-aff8-462b-9d3e-469102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:59.000Z",
"modified": "2016-06-01T12:37:59.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 603135d21d691797969fd1e330e285c173815ab4",
"pattern": "[file:hashes.SHA256 = 'c93922366f480c56127991714719ee084b1ae205c9fbd8ead645b3cfc82f9044']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed727-b1f4-4fd5-8432-464f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:59.000Z",
"modified": "2016-06-01T12:37:59.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 603135d21d691797969fd1e330e285c173815ab4",
"pattern": "[file:hashes.MD5 = 'da4ab4f4ec6c058f0bd7832b733d5f22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:37:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed727-1d30-42d4-b8f2-472902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:37:59.000Z",
"modified": "2016-06-01T12:37:59.000Z",
"first_observed": "2016-06-01T12:37:59Z",
"last_observed": "2016-06-01T12:37:59Z",
"number_observed": 1,
"object_refs": [
"url--574ed727-1d30-42d4-b8f2-472902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed727-1d30-42d4-b8f2-472902de0b81",
"value": "https://www.virustotal.com/file/c93922366f480c56127991714719ee084b1ae205c9fbd8ead645b3cfc82f9044/analysis/1464283210/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed728-4d98-42f5-88e8-432a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:00.000Z",
"modified": "2016-06-01T12:38:00.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 406059fe3ddf8ef42bfcc99441871efd2fa8fb07",
"pattern": "[file:hashes.SHA256 = '4dacd3523a4d21e3c808d5cf72c71a8142b89fc2a087ec452384c6c4005ed7f7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed728-de30-4088-98ac-4edc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:00.000Z",
"modified": "2016-06-01T12:38:00.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 406059fe3ddf8ef42bfcc99441871efd2fa8fb07",
"pattern": "[file:hashes.MD5 = 'aaad1cae653255823b842787732fb75a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed728-61e4-4bab-a9fc-4cf902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:00.000Z",
"modified": "2016-06-01T12:38:00.000Z",
"first_observed": "2016-06-01T12:38:00Z",
"last_observed": "2016-06-01T12:38:00Z",
"number_observed": 1,
"object_refs": [
"url--574ed728-61e4-4bab-a9fc-4cf902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed728-61e4-4bab-a9fc-4cf902de0b81",
"value": "https://www.virustotal.com/file/4dacd3523a4d21e3c808d5cf72c71a8142b89fc2a087ec452384c6c4005ed7f7/analysis/1464304785/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed729-d3b8-48bb-8be2-4e6102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:01.000Z",
"modified": "2016-06-01T12:38:01.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 96197dc35306c827f3891c1fdf807624b071972d",
"pattern": "[file:hashes.SHA256 = '4cb4c619b415b5ddf18610336955612f3e01e5a420a7cd85ec598f4316d20965']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed729-578c-48d8-a291-403102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:01.000Z",
"modified": "2016-06-01T12:38:01.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 96197dc35306c827f3891c1fdf807624b071972d",
"pattern": "[file:hashes.MD5 = '94f4dbb31c80f3897d7d0fa3d8274796']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed729-ee88-48dd-af27-4d3502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:01.000Z",
"modified": "2016-06-01T12:38:01.000Z",
"first_observed": "2016-06-01T12:38:01Z",
"last_observed": "2016-06-01T12:38:01Z",
"number_observed": 1,
"object_refs": [
"url--574ed729-ee88-48dd-af27-4d3502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed729-ee88-48dd-af27-4d3502de0b81",
"value": "https://www.virustotal.com/file/4cb4c619b415b5ddf18610336955612f3e01e5a420a7cd85ec598f4316d20965/analysis/1464282307/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed72a-d528-4991-9ece-4c6f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:02.000Z",
"modified": "2016-06-01T12:38:02.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 94046ddd538b5831e9e3ba7548e84da645ad4bb8",
"pattern": "[file:hashes.SHA256 = '94eb03a028993c56a995e3058d59a588e0f689cd2d65a6284e837999ec370d98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed72a-b8e4-489a-b5d9-41a202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:02.000Z",
"modified": "2016-06-01T12:38:02.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 94046ddd538b5831e9e3ba7548e84da645ad4bb8",
"pattern": "[file:hashes.MD5 = 'd7edb525cab98df68c4d0fdad33f57e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed72b-3fd4-493e-9863-486202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:03.000Z",
"modified": "2016-06-01T12:38:03.000Z",
"first_observed": "2016-06-01T12:38:03Z",
"last_observed": "2016-06-01T12:38:03Z",
"number_observed": 1,
"object_refs": [
"url--574ed72b-3fd4-493e-9863-486202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed72b-3fd4-493e-9863-486202de0b81",
"value": "https://www.virustotal.com/file/94eb03a028993c56a995e3058d59a588e0f689cd2d65a6284e837999ec370d98/analysis/1464163864/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed72b-b7d8-49ee-87fd-474602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:03.000Z",
"modified": "2016-06-01T12:38:03.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 84342db658af50c34dd75c792bf4ff726d6e02d9",
"pattern": "[file:hashes.SHA256 = '91da672792a159eed04b4b1f0360d90603ffe0167de76380fb85fe1f01035d5d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed72b-6d04-42a3-8d38-430002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:03.000Z",
"modified": "2016-06-01T12:38:03.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 84342db658af50c34dd75c792bf4ff726d6e02d9",
"pattern": "[file:hashes.MD5 = '382a0ab8c0d03aa043adc789df9d241d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed72c-453c-4cce-90b5-4a8802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:04.000Z",
"modified": "2016-06-01T12:38:04.000Z",
"first_observed": "2016-06-01T12:38:04Z",
"last_observed": "2016-06-01T12:38:04Z",
"number_observed": 1,
"object_refs": [
"url--574ed72c-453c-4cce-90b5-4a8802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed72c-453c-4cce-90b5-4a8802de0b81",
"value": "https://www.virustotal.com/file/91da672792a159eed04b4b1f0360d90603ffe0167de76380fb85fe1f01035d5d/analysis/1464274509/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed72c-227c-41b7-aaac-4ccf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:04.000Z",
"modified": "2016-06-01T12:38:04.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 4611e4824587231d7dc6fbe271d18b14bb3aed3f",
"pattern": "[file:hashes.SHA256 = 'f860b441d19333148b1b5734fd956af014f50b8a658fc6f91d80ff24b8087eb8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed72c-5778-4616-b69d-407502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:04.000Z",
"modified": "2016-06-01T12:38:04.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 4611e4824587231d7dc6fbe271d18b14bb3aed3f",
"pattern": "[file:hashes.MD5 = 'b8696a786c66cbf97939bd80c1bbf8f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed72d-f3f4-40cf-8249-44d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:05.000Z",
"modified": "2016-06-01T12:38:05.000Z",
"first_observed": "2016-06-01T12:38:05Z",
"last_observed": "2016-06-01T12:38:05Z",
"number_observed": 1,
"object_refs": [
"url--574ed72d-f3f4-40cf-8249-44d302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed72d-f3f4-40cf-8249-44d302de0b81",
"value": "https://www.virustotal.com/file/f860b441d19333148b1b5734fd956af014f50b8a658fc6f91d80ff24b8087eb8/analysis/1464690531/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed72d-de4c-4dbe-8897-471702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:05.000Z",
"modified": "2016-06-01T12:38:05.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 885b48c5a644caf92ce62e70b90197c6f30b225c",
"pattern": "[file:hashes.SHA256 = '563e1f9d156d35be3838ddd4bfbe2024a549efdc0aafd4c748bb110a2040a46f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed72d-aa20-44ce-86ac-409e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:05.000Z",
"modified": "2016-06-01T12:38:05.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 885b48c5a644caf92ce62e70b90197c6f30b225c",
"pattern": "[file:hashes.MD5 = '9a842ae947b3c5dd2054411d22d0100e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed72e-6058-489f-8ebe-407a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:06.000Z",
"modified": "2016-06-01T12:38:06.000Z",
"first_observed": "2016-06-01T12:38:06Z",
"last_observed": "2016-06-01T12:38:06Z",
"number_observed": 1,
"object_refs": [
"url--574ed72e-6058-489f-8ebe-407a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed72e-6058-489f-8ebe-407a02de0b81",
"value": "https://www.virustotal.com/file/563e1f9d156d35be3838ddd4bfbe2024a549efdc0aafd4c748bb110a2040a46f/analysis/1464187131/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed72e-2600-41a1-b7a7-4fed02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:06.000Z",
"modified": "2016-06-01T12:38:06.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 707ad2ab4f9735b51e5da503178d7763198cc4d7",
"pattern": "[file:hashes.SHA256 = 'cb7a0f3f7b4fa67db4b4082fcb978ffe667f8fc3bf61a1df1c06491d2d4aadb4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed72e-d878-4358-a442-452d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:06.000Z",
"modified": "2016-06-01T12:38:06.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 707ad2ab4f9735b51e5da503178d7763198cc4d7",
"pattern": "[file:hashes.MD5 = 'af30b20e1dfd700a5794c570d82cdb14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed72f-5c2c-45ff-82de-4dfa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:07.000Z",
"modified": "2016-06-01T12:38:07.000Z",
"first_observed": "2016-06-01T12:38:07Z",
"last_observed": "2016-06-01T12:38:07Z",
"number_observed": 1,
"object_refs": [
"url--574ed72f-5c2c-45ff-82de-4dfa02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed72f-5c2c-45ff-82de-4dfa02de0b81",
"value": "https://www.virustotal.com/file/cb7a0f3f7b4fa67db4b4082fcb978ffe667f8fc3bf61a1df1c06491d2d4aadb4/analysis/1464279905/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed72f-dbf4-49f0-96cf-400e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:07.000Z",
"modified": "2016-06-01T12:38:07.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 268f374b0fcc7fab399c64311dfac2e9f97a4da1",
"pattern": "[file:hashes.SHA256 = '82f05df86a2782b96d08f0ecc151665a3f77bdf19fb108fadbaf021fbda7269b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed72f-a528-412e-862f-497202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:07.000Z",
"modified": "2016-06-01T12:38:07.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 268f374b0fcc7fab399c64311dfac2e9f97a4da1",
"pattern": "[file:hashes.MD5 = '7a1d2d519e46a3e7e262c4c90d3cd51b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed730-9738-4530-9d13-4be602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:08.000Z",
"modified": "2016-06-01T12:38:08.000Z",
"first_observed": "2016-06-01T12:38:08Z",
"last_observed": "2016-06-01T12:38:08Z",
"number_observed": 1,
"object_refs": [
"url--574ed730-9738-4530-9d13-4be602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed730-9738-4530-9d13-4be602de0b81",
"value": "https://www.virustotal.com/file/82f05df86a2782b96d08f0ecc151665a3f77bdf19fb108fadbaf021fbda7269b/analysis/1464281412/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed730-e15c-4768-927d-41a602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:08.000Z",
"modified": "2016-06-01T12:38:08.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 133a1fffc46903061d8ea2d12b80deb89636dbb4",
"pattern": "[file:hashes.SHA256 = '5bb72587afad04ddadac20c6d4ee583a8b8acd6dbaa2ce14f004bb9e397922d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed730-4e4c-4a4e-857f-4eff02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:08.000Z",
"modified": "2016-06-01T12:38:08.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 133a1fffc46903061d8ea2d12b80deb89636dbb4",
"pattern": "[file:hashes.MD5 = 'd063c867ad3e035269272a48301bd70e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed731-5508-4e5b-806f-4d2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:09.000Z",
"modified": "2016-06-01T12:38:09.000Z",
"first_observed": "2016-06-01T12:38:09Z",
"last_observed": "2016-06-01T12:38:09Z",
"number_observed": 1,
"object_refs": [
"url--574ed731-5508-4e5b-806f-4d2f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed731-5508-4e5b-806f-4d2f02de0b81",
"value": "https://www.virustotal.com/file/5bb72587afad04ddadac20c6d4ee583a8b8acd6dbaa2ce14f004bb9e397922d1/analysis/1464274518/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed731-91ac-475d-a2d5-4f9702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:09.000Z",
"modified": "2016-06-01T12:38:09.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 93ec6482f36639578784a61f6bc1ed4b0fa14912",
"pattern": "[file:hashes.SHA256 = '6523e6a50a9386259f9fee8ece1932a79c2bc5bfdde13be1e3c81933eb73b2f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed731-d044-4692-8183-495d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:09.000Z",
"modified": "2016-06-01T12:38:09.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 93ec6482f36639578784a61f6bc1ed4b0fa14912",
"pattern": "[file:hashes.MD5 = '78665830ca1f639319341f20d691538a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed732-916c-46d9-809e-445202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:10.000Z",
"modified": "2016-06-01T12:38:10.000Z",
"first_observed": "2016-06-01T12:38:10Z",
"last_observed": "2016-06-01T12:38:10Z",
"number_observed": 1,
"object_refs": [
"url--574ed732-916c-46d9-809e-445202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed732-916c-46d9-809e-445202de0b81",
"value": "https://www.virustotal.com/file/6523e6a50a9386259f9fee8ece1932a79c2bc5bfdde13be1e3c81933eb73b2f2/analysis/1464279907/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed732-c63c-4896-ad24-4e5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:10.000Z",
"modified": "2016-06-01T12:38:10.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 22a7d69955fbafd0d5e090295e367a409731ba90",
"pattern": "[file:hashes.SHA256 = '4a35cd7624b1f8708d0411532283bae36fa5eb8edf91ac0b76bb34881c854a48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed732-ae40-442c-bb6e-486d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:10.000Z",
"modified": "2016-06-01T12:38:10.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 22a7d69955fbafd0d5e090295e367a409731ba90",
"pattern": "[file:hashes.MD5 = '8ef20ed3bfaa0e4a81132adc311d90c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed733-454c-4125-add0-443302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:11.000Z",
"modified": "2016-06-01T12:38:11.000Z",
"first_observed": "2016-06-01T12:38:11Z",
"last_observed": "2016-06-01T12:38:11Z",
"number_observed": 1,
"object_refs": [
"url--574ed733-454c-4125-add0-443302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed733-454c-4125-add0-443302de0b81",
"value": "https://www.virustotal.com/file/4a35cd7624b1f8708d0411532283bae36fa5eb8edf91ac0b76bb34881c854a48/analysis/1464279907/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed733-7cd0-4e2c-b591-48dc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:11.000Z",
"modified": "2016-06-01T12:38:11.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 19cc50c25f6135f73852f06c9a0722deff76a3a3",
"pattern": "[file:hashes.SHA256 = '7b1cc6b4f72ac942bde69964b6e21e468d17066493453660cd1fcc83d7753497']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed733-bc0c-43bb-958d-407902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:11.000Z",
"modified": "2016-06-01T12:38:11.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 19cc50c25f6135f73852f06c9a0722deff76a3a3",
"pattern": "[file:hashes.MD5 = '46fa0453db511db7496b20489bbd59e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed734-bdfc-4aa2-975f-442302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:12.000Z",
"modified": "2016-06-01T12:38:12.000Z",
"first_observed": "2016-06-01T12:38:12Z",
"last_observed": "2016-06-01T12:38:12Z",
"number_observed": 1,
"object_refs": [
"url--574ed734-bdfc-4aa2-975f-442302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed734-bdfc-4aa2-975f-442302de0b81",
"value": "https://www.virustotal.com/file/7b1cc6b4f72ac942bde69964b6e21e468d17066493453660cd1fcc83d7753497/analysis/1464187126/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed734-9b8c-4afa-986d-4b1b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:12.000Z",
"modified": "2016-06-01T12:38:12.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 7ea297d29023a7ea7a3d01df618c0166c559bdf5",
"pattern": "[file:hashes.SHA256 = '1ecac955498e7abe339192d757581d9014aef961c5a669e867120924e371d44a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed734-aa4c-459c-824e-4e1602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:12.000Z",
"modified": "2016-06-01T12:38:12.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 7ea297d29023a7ea7a3d01df618c0166c559bdf5",
"pattern": "[file:hashes.MD5 = 'f7c72d40bfbaf4a8b57cef0164d65bf1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed735-d344-4b80-bc4b-477402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:13.000Z",
"modified": "2016-06-01T12:38:13.000Z",
"first_observed": "2016-06-01T12:38:13Z",
"last_observed": "2016-06-01T12:38:13Z",
"number_observed": 1,
"object_refs": [
"url--574ed735-d344-4b80-bc4b-477402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed735-d344-4b80-bc4b-477402de0b81",
"value": "https://www.virustotal.com/file/1ecac955498e7abe339192d757581d9014aef961c5a669e867120924e371d44a/analysis/1464167534/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed735-8700-40b4-b7b7-435f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:13.000Z",
"modified": "2016-06-01T12:38:13.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 1a5179c9b72fdb4b606cb63037c91de413a49db1",
"pattern": "[file:hashes.SHA256 = '6d06c3d4317ae5fc39f1f698f7f0901cfd21da905ad03c018a01cda539edf32f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574ed735-7374-4eda-a1c5-4f5a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:13.000Z",
"modified": "2016-06-01T12:38:13.000Z",
"description": "W2KM_DRIDEX.YVD - Xchecked via VT: 1a5179c9b72fdb4b606cb63037c91de413a49db1",
"pattern": "[file:hashes.MD5 = 'f2f71ae36203b4109292e6795efde0e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T12:38:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574ed736-b6e8-403a-811a-46f802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T12:38:14.000Z",
"modified": "2016-06-01T12:38:14.000Z",
"first_observed": "2016-06-01T12:38:14Z",
"last_observed": "2016-06-01T12:38:14Z",
"number_observed": 1,
"object_refs": [
"url--574ed736-b6e8-403a-811a-46f802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574ed736-b6e8-403a-811a-46f802de0b81",
"value": "https://www.virustotal.com/file/6d06c3d4317ae5fc39f1f698f7f0901cfd21da905ad03c018a01cda539edf32f/analysis/1464690620/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink