adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/580fcef3-28fc-42e2-aec1-4978950d210f.json

2130 lines
No EOL
90 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--580fcef3-28fc-42e2-aec1-4978950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:25.000Z",
"modified": "2016-10-25T21:36:25.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--580fcef3-28fc-42e2-aec1-4978950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:25.000Z",
"modified": "2016-10-25T21:36:25.000Z",
"name": "OSINT - Houdini\u00e2\u20ac\u2122s Magic Reappearance",
"published": "2016-10-25T21:38:07Z",
"object_refs": [
"x-misp-attribute--580fcf05-6a3c-47d5-9e3f-4075950d210f",
"observed-data--580fcf1b-efa8-4f60-adc9-4012950d210f",
"url--580fcf1b-efa8-4f60-adc9-4012950d210f",
"indicator--580fcf46-abe4-4266-aff2-4b1e950d210f",
"indicator--580fcf46-7a18-4999-963e-4e67950d210f",
"indicator--580fcf46-6f48-4013-863c-4836950d210f",
"indicator--580fcf46-8d90-430a-aacd-452a950d210f",
"indicator--580fcf47-0cac-450a-ba51-4511950d210f",
"indicator--580fcf57-5f70-4cd6-ba09-4725950d210f",
"indicator--580fcf58-1c04-4f21-b67a-4031950d210f",
"indicator--580fcf58-0d94-4ea3-92ad-427c950d210f",
"indicator--580fcf58-01a8-4d61-b535-49fe950d210f",
"indicator--580fcf58-a3ec-4451-8a15-433e950d210f",
"indicator--580fcf59-ecfc-4272-917c-4995950d210f",
"indicator--580fcf59-fcfc-482e-a0f5-4384950d210f",
"indicator--580fcf66-4a24-4022-bf30-4f4a950d210f",
"indicator--580fcf67-2f30-4175-9f3a-4bcd950d210f",
"indicator--580fcf67-dbc8-41ee-8eda-435f950d210f",
"indicator--580fcf67-9ebc-400f-85a0-487d950d210f",
"indicator--580fcf67-d7e4-4e08-a2c2-4ff1950d210f",
"indicator--580fcf68-522c-4ace-ac50-4b4f950d210f",
"indicator--580fcf68-8e20-4162-8729-4cf0950d210f",
"indicator--580fcf79-e89c-4ec1-ab1c-44a0950d210f",
"indicator--580fcf7a-0b58-428a-aced-4a79950d210f",
"indicator--580fcf7a-8498-42e9-9078-4c91950d210f",
"indicator--580fcf7a-79c8-4dd2-a059-47fb950d210f",
"indicator--580fcf7a-ef8c-496e-9e3e-450d950d210f",
"indicator--580fcf7b-47c4-4480-bc2e-47f5950d210f",
"indicator--580fcf7b-d368-4f02-9a43-4a52950d210f",
"indicator--580fcf7b-2544-488e-9d9f-4745950d210f",
"indicator--580fcf7b-1924-4d9e-85a2-4489950d210f",
"indicator--580fcf7b-3054-43e7-8d7b-43cf950d210f",
"indicator--580fcf89-ee78-4265-a24b-4bf9950d210f",
"indicator--580fd059-0c48-48ab-b95c-429e02de0b81",
"indicator--580fd059-3948-487c-aa5a-461902de0b81",
"observed-data--580fd059-b548-4d48-9973-41c502de0b81",
"url--580fd059-b548-4d48-9973-41c502de0b81",
"indicator--580fd05a-6c4c-480d-b2b1-405b02de0b81",
"indicator--580fd05a-b468-4973-afd9-410902de0b81",
"observed-data--580fd05a-f7e0-48a8-b984-465e02de0b81",
"url--580fd05a-f7e0-48a8-b984-465e02de0b81",
"indicator--580fd05a-4788-4c31-b086-482202de0b81",
"indicator--580fd05b-1e3c-46c5-bdab-4f7702de0b81",
"observed-data--580fd05b-d59c-4dd1-9005-49c802de0b81",
"url--580fd05b-d59c-4dd1-9005-49c802de0b81",
"indicator--580fd05b-6ce4-4365-a69c-4e2f02de0b81",
"indicator--580fd05b-4474-49e4-854c-491002de0b81",
"observed-data--580fd05c-de6c-4a87-b6fe-434002de0b81",
"url--580fd05c-de6c-4a87-b6fe-434002de0b81",
"indicator--580fd05c-3ab4-42a4-a79d-439002de0b81",
"indicator--580fd05c-06a0-493b-ba64-466702de0b81",
"observed-data--580fd05c-953c-4b80-9acd-40f902de0b81",
"url--580fd05c-953c-4b80-9acd-40f902de0b81",
"indicator--580fd05c-9744-43ee-86ce-41c202de0b81",
"indicator--580fd05d-84e8-44cb-86d5-437602de0b81",
"observed-data--580fd05d-baac-46c1-8472-488502de0b81",
"url--580fd05d-baac-46c1-8472-488502de0b81",
"indicator--580fd05d-7c24-4163-82c4-4a7d02de0b81",
"indicator--580fd05d-ec10-4fdc-8899-44a702de0b81",
"observed-data--580fd05e-3c50-4d30-ba02-470e02de0b81",
"url--580fd05e-3c50-4d30-ba02-470e02de0b81",
"indicator--580fd05e-99a8-4717-9885-4a1802de0b81",
"indicator--580fd05e-c9a4-471b-b28e-46ec02de0b81",
"observed-data--580fd05e-898c-44a6-a5f3-46fb02de0b81",
"url--580fd05e-898c-44a6-a5f3-46fb02de0b81",
"indicator--580fd05f-29b4-43f1-860e-4ecd02de0b81",
"indicator--580fd05f-8dc8-4292-810e-46eb02de0b81",
"observed-data--580fd05f-12d0-4819-a240-4d8d02de0b81",
"url--580fd05f-12d0-4819-a240-4d8d02de0b81",
"indicator--580fd05f-e2c4-40d2-bb3e-487202de0b81",
"indicator--580fd060-f21c-4be4-b3c7-409602de0b81",
"observed-data--580fd060-f828-4002-a92b-422302de0b81",
"url--580fd060-f828-4002-a92b-422302de0b81",
"indicator--580fd060-6218-472c-b6fa-41ca02de0b81",
"indicator--580fd060-5524-47ea-8044-4d1b02de0b81",
"observed-data--580fd061-2fb8-4466-b163-478a02de0b81",
"url--580fd061-2fb8-4466-b163-478a02de0b81",
"indicator--580fd061-cc14-4bc7-91ff-4dfb02de0b81",
"indicator--580fd061-24c8-4fb1-a0fd-4e3802de0b81",
"observed-data--580fd061-f214-4b0f-89d1-4e0b02de0b81",
"url--580fd061-f214-4b0f-89d1-4e0b02de0b81",
"indicator--580fd062-9ed8-4b86-9eba-412902de0b81",
"indicator--580fd062-91c0-49a9-b529-4fd202de0b81",
"observed-data--580fd062-da58-4c1f-af33-42bc02de0b81",
"url--580fd062-da58-4c1f-af33-42bc02de0b81",
"indicator--580fd063-feec-4cbf-814a-4df302de0b81",
"indicator--580fd063-9234-415c-9418-400102de0b81",
"observed-data--580fd063-3bc4-4052-9a92-4acc02de0b81",
"url--580fd063-3bc4-4052-9a92-4acc02de0b81",
"indicator--580fd063-c0a4-444b-a4a5-436602de0b81",
"indicator--580fd063-5898-4936-822a-4e7b02de0b81",
"observed-data--580fd064-c26c-4020-a0af-466402de0b81",
"url--580fd064-c26c-4020-a0af-466402de0b81",
"indicator--580fd064-e488-41c1-9ac7-4cf102de0b81",
"indicator--580fd064-6f90-4e4b-86ec-41e602de0b81",
"observed-data--580fd064-f148-4e0b-81bf-4f8002de0b81",
"url--580fd064-f148-4e0b-81bf-4f8002de0b81",
"indicator--580fd065-04dc-4cca-a149-485702de0b81",
"indicator--580fd065-8580-4234-b48a-480602de0b81",
"observed-data--580fd065-5c34-4633-9941-458b02de0b81",
"url--580fd065-5c34-4633-9941-458b02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--580fcf05-6a3c-47d5-9e3f-4075950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:30:45.000Z",
"modified": "2016-10-25T21:30:45.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Unit 42 has observed a new version of Hworm (or Houdini) being used within multiple attacks. This blog outlines technical details of this new Hworm version and documents an attack campaign making use of the backdoor. Of the samples used in this attack, the first we observed were June 2016, while as-of publication we were still seeing attacks as recently as mid-October, suggesting that this is likely an active, ongoing campaign."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fcf1b-efa8-4f60-adc9-4012950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:31:07.000Z",
"modified": "2016-10-25T21:31:07.000Z",
"first_observed": "2016-10-25T21:31:07Z",
"last_observed": "2016-10-25T21:31:07Z",
"number_observed": 1,
"object_refs": [
"url--580fcf1b-efa8-4f60-adc9-4012950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fcf1b-efa8-4f60-adc9-4012950d210f",
"value": "http://researchcenter.paloaltonetworks.com/2016/10/unit42-houdinis-magic-reappearance/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf46-abe4-4266-aff2-4b1e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:31:50.000Z",
"modified": "2016-10-25T21:31:50.000Z",
"description": "Command and Control Network Locations",
"pattern": "[domain-name:value = 'start.loginto.me']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:31:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf46-7a18-4999-963e-4e67950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:31:50.000Z",
"modified": "2016-10-25T21:31:50.000Z",
"description": "Command and Control Network Locations",
"pattern": "[domain-name:value = 'samah.sytes.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:31:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf46-6f48-4013-863c-4836950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:31:50.000Z",
"modified": "2016-10-25T21:31:50.000Z",
"description": "Command and Control Network Locations",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.42.161.75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:31:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf46-8d90-430a-aacd-452a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:31:50.000Z",
"modified": "2016-10-25T21:31:50.000Z",
"description": "Command and Control Network Locations",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.47.96.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:31:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf47-0cac-450a-ba51-4511950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:31:51.000Z",
"modified": "2016-10-25T21:31:51.000Z",
"description": "Command and Control Network Locations",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '136.243.104.200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:31:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf57-5f70-4cd6-ba09-4725950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:07.000Z",
"modified": "2016-10-25T21:32:07.000Z",
"description": "Decoy files",
"pattern": "[file:hashes.SHA256 = '7916ca6ae6fdbfb45448f6dcff374d072d988d11aa15247a88167bf973ee2c0d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf58-1c04-4f21-b67a-4031950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:08.000Z",
"modified": "2016-10-25T21:32:08.000Z",
"description": "Decoy files",
"pattern": "[file:hashes.SHA256 = '947d264a413f3353c43dafa0fd918bec75e8752a953b50843bc8134286d6f93f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf58-0d94-4ea3-92ad-427c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:08.000Z",
"modified": "2016-10-25T21:32:08.000Z",
"description": "Decoy files",
"pattern": "[file:hashes.SHA256 = '9ddf2f2e6ac7da61c04c03f3f27af12cb85e096746f120235724a4ed93fac5aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf58-01a8-4d61-b535-49fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:08.000Z",
"modified": "2016-10-25T21:32:08.000Z",
"description": "Decoy files",
"pattern": "[file:hashes.SHA256 = '3d287cce7fe1caa5c033a4e6b94680c90a25cb3866837266130ba0fd8fab562c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf58-a3ec-4451-8a15-433e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:08.000Z",
"modified": "2016-10-25T21:32:08.000Z",
"description": "Decoy files",
"pattern": "[file:hashes.SHA256 = '444b82caf3c17ea74034c984aeca0f5b2e6547af88a0fb15953f2d5b80e3b448']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf59-ecfc-4272-917c-4995950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:09.000Z",
"modified": "2016-10-25T21:32:09.000Z",
"description": "Decoy files",
"pattern": "[file:hashes.SHA256 = '3d3db84b6ad760540f638713e3f6a8daf8a226bd045351bcc72c6d22a7df8b3a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf59-fcfc-482e-a0f5-4384950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:09.000Z",
"modified": "2016-10-25T21:32:09.000Z",
"description": "Decoy files",
"pattern": "[file:hashes.SHA256 = 'fffda1e2d794a5645f973900083a88ef38c3d20a89c5e59ca21412806db28197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf66-4a24-4022-bf30-4f4a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:22.000Z",
"modified": "2016-10-25T21:32:22.000Z",
"description": "Payloads",
"pattern": "[file:hashes.SHA256 = '386057a265619c43ef245857b66241a66822061ce9bd047556c4f3f1d262ef36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf67-2f30-4175-9f3a-4bcd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:23.000Z",
"modified": "2016-10-25T21:32:23.000Z",
"description": "Payloads",
"pattern": "[file:hashes.SHA256 = '44b52baf2ecef2f928a13b17ba3a5552c32ca4a640e6421b8bc35ef5a113801b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf67-dbc8-41ee-8eda-435f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:23.000Z",
"modified": "2016-10-25T21:32:23.000Z",
"description": "Payloads",
"pattern": "[file:hashes.SHA256 = '8428857b0c7dfe43cf2182dd585dfdfd845697a11c31e91d909dc400222b4f78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf67-9ebc-400f-85a0-487d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:23.000Z",
"modified": "2016-10-25T21:32:23.000Z",
"description": "Payloads",
"pattern": "[file:hashes.SHA256 = 'd69e0456ddb11b979bf303b8bb9f87322bd2a9542dd9d9f716100c40bd6decd1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf67-d7e4-4e08-a2c2-4ff1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:23.000Z",
"modified": "2016-10-25T21:32:23.000Z",
"description": "Payloads",
"pattern": "[file:hashes.SHA256 = 'bd5d64234e1ac87955f1d86ee1af34bd8fd11e8edf3a449181234bb62816acab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf68-522c-4ace-ac50-4b4f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:24.000Z",
"modified": "2016-10-25T21:32:24.000Z",
"description": "Payloads",
"pattern": "[file:hashes.SHA256 = '774501f3c88ebdd409ec318d08af2350ec37fdbc11f32681f855e215e75440d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf68-8e20-4162-8729-4cf0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:24.000Z",
"modified": "2016-10-25T21:32:24.000Z",
"description": "Payloads",
"pattern": "[file:hashes.SHA256 = 'c66b9e8aaa2ac4ce5b53b45ebb661ba7946f5b82e75865ae9e98510caff911a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf79-e89c-4ec1-ab1c-44a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:41.000Z",
"modified": "2016-10-25T21:32:41.000Z",
"description": "Delivery Files",
"pattern": "[file:hashes.SHA256 = '70c55fef53fd4bdeb135ed68a7eead45e8d4ba7d17e0fd907e9770b2793b60ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf7a-0b58-428a-aced-4a79950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:42.000Z",
"modified": "2016-10-25T21:32:42.000Z",
"description": "Delivery Files",
"pattern": "[file:hashes.SHA256 = '9af85e46344dadf1467c71d66865c7af98a23151025e7d8993bd9afc5150ad7d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf7a-8498-42e9-9078-4c91950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:42.000Z",
"modified": "2016-10-25T21:32:42.000Z",
"description": "Delivery Files",
"pattern": "[file:hashes.SHA256 = '773716bc2d313e17326471289a0b552f90086a2687fa958ef8cdb611cbc9a8c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf7a-79c8-4dd2-a059-47fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:42.000Z",
"modified": "2016-10-25T21:32:42.000Z",
"description": "Delivery Files",
"pattern": "[file:hashes.SHA256 = 'e0db0982c437c40ceb67970e0a776e9448f428e919200b5f7a0566c58680070c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf7a-ef8c-496e-9e3e-450d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:42.000Z",
"modified": "2016-10-25T21:32:42.000Z",
"description": "Delivery Files",
"pattern": "[file:hashes.SHA256 = '1f45e5eca8f8882481b13fd4a67ffa88a1aa4d6e875a9c2e1fbf0b80e92d9588']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf7b-47c4-4480-bc2e-47f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:43.000Z",
"modified": "2016-10-25T21:32:43.000Z",
"description": "Delivery Files",
"pattern": "[file:hashes.SHA256 = '5e42e61340942fc0c46a6668a7f54adbbb4792b01c819bcd3047e855116ae16f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf7b-d368-4f02-9a43-4a52950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:43.000Z",
"modified": "2016-10-25T21:32:43.000Z",
"description": "Delivery Files",
"pattern": "[file:hashes.SHA256 = 'fec925721b6563fec32d7a4cf8df777c647f0e24454fa783569f65cdadff9e03']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf7b-2544-488e-9d9f-4745950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:43.000Z",
"modified": "2016-10-25T21:32:43.000Z",
"description": "Delivery Files",
"pattern": "[file:hashes.SHA256 = '106934ff7f6f93a371a4561fff23d69e6783512c38126fbd427ed4a886ca6e65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf7b-1924-4d9e-85a2-4489950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:43.000Z",
"modified": "2016-10-25T21:32:43.000Z",
"description": "Delivery Files",
"pattern": "[file:hashes.SHA256 = 'ba739f3f415efe005fbed6fcfcb1e6d3b3ae64e9a8d2b0566ab913f73530887c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf7b-3054-43e7-8d7b-43cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:43.000Z",
"modified": "2016-10-25T21:32:43.000Z",
"description": "Delivery Files",
"pattern": "[file:hashes.SHA256 = '0672e47513aefcbc3f7a9bd50849acf507a5454bc8c36580304105479c58772a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fcf89-ee78-4265-a24b-4bf9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:32:57.000Z",
"modified": "2016-10-25T21:32:57.000Z",
"description": "Delphi Hworm Beta Builder",
"pattern": "[file:hashes.SHA256 = 'a4c71f862757e3535b305a14ff9f268e6cf196b2e54b426f25fa65bf658a9242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:32:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd059-0c48-48ab-b95c-429e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:25.000Z",
"modified": "2016-10-25T21:36:25.000Z",
"description": "Delphi Hworm Beta Builder - Xchecked via VT: a4c71f862757e3535b305a14ff9f268e6cf196b2e54b426f25fa65bf658a9242",
"pattern": "[file:hashes.SHA1 = '418fab5241665bb22d15e1d16ec723d61c26b9f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd059-3948-487c-aa5a-461902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:25.000Z",
"modified": "2016-10-25T21:36:25.000Z",
"description": "Delphi Hworm Beta Builder - Xchecked via VT: a4c71f862757e3535b305a14ff9f268e6cf196b2e54b426f25fa65bf658a9242",
"pattern": "[file:hashes.MD5 = '9e2de96dfe130df54e1493893208f5b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd059-b548-4d48-9973-41c502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:25.000Z",
"modified": "2016-10-25T21:36:25.000Z",
"first_observed": "2016-10-25T21:36:25Z",
"last_observed": "2016-10-25T21:36:25Z",
"number_observed": 1,
"object_refs": [
"url--580fd059-b548-4d48-9973-41c502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd059-b548-4d48-9973-41c502de0b81",
"value": "https://www.virustotal.com/file/a4c71f862757e3535b305a14ff9f268e6cf196b2e54b426f25fa65bf658a9242/analysis/1474674057/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05a-6c4c-480d-b2b1-405b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:26.000Z",
"modified": "2016-10-25T21:36:26.000Z",
"description": "Delivery Files - Xchecked via VT: 0672e47513aefcbc3f7a9bd50849acf507a5454bc8c36580304105479c58772a",
"pattern": "[file:hashes.SHA1 = 'fd5262678a0fee0350e2052336d0d7c09f9ca3bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05a-b468-4973-afd9-410902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:26.000Z",
"modified": "2016-10-25T21:36:26.000Z",
"description": "Delivery Files - Xchecked via VT: 0672e47513aefcbc3f7a9bd50849acf507a5454bc8c36580304105479c58772a",
"pattern": "[file:hashes.MD5 = '80bb1b89187f6004e400d7d819480118']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd05a-f7e0-48a8-b984-465e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:26.000Z",
"modified": "2016-10-25T21:36:26.000Z",
"first_observed": "2016-10-25T21:36:26Z",
"last_observed": "2016-10-25T21:36:26Z",
"number_observed": 1,
"object_refs": [
"url--580fd05a-f7e0-48a8-b984-465e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd05a-f7e0-48a8-b984-465e02de0b81",
"value": "https://www.virustotal.com/file/0672e47513aefcbc3f7a9bd50849acf507a5454bc8c36580304105479c58772a/analysis/1472033496/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05a-4788-4c31-b086-482202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:26.000Z",
"modified": "2016-10-25T21:36:26.000Z",
"description": "Delivery Files - Xchecked via VT: ba739f3f415efe005fbed6fcfcb1e6d3b3ae64e9a8d2b0566ab913f73530887c",
"pattern": "[file:hashes.SHA1 = '8ee7705fae1d65327c52128d8cd8d961149b0a3a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05b-1e3c-46c5-bdab-4f7702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:27.000Z",
"modified": "2016-10-25T21:36:27.000Z",
"description": "Delivery Files - Xchecked via VT: ba739f3f415efe005fbed6fcfcb1e6d3b3ae64e9a8d2b0566ab913f73530887c",
"pattern": "[file:hashes.MD5 = '25548be2223f7ce487c6b4d9db370875']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd05b-d59c-4dd1-9005-49c802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:27.000Z",
"modified": "2016-10-25T21:36:27.000Z",
"first_observed": "2016-10-25T21:36:27Z",
"last_observed": "2016-10-25T21:36:27Z",
"number_observed": 1,
"object_refs": [
"url--580fd05b-d59c-4dd1-9005-49c802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd05b-d59c-4dd1-9005-49c802de0b81",
"value": "https://www.virustotal.com/file/ba739f3f415efe005fbed6fcfcb1e6d3b3ae64e9a8d2b0566ab913f73530887c/analysis/1471428328/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05b-6ce4-4365-a69c-4e2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:27.000Z",
"modified": "2016-10-25T21:36:27.000Z",
"description": "Delivery Files - Xchecked via VT: 106934ff7f6f93a371a4561fff23d69e6783512c38126fbd427ed4a886ca6e65",
"pattern": "[file:hashes.SHA1 = '21938a5653ccd2c78219b8360d291141873634f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05b-4474-49e4-854c-491002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:27.000Z",
"modified": "2016-10-25T21:36:27.000Z",
"description": "Delivery Files - Xchecked via VT: 106934ff7f6f93a371a4561fff23d69e6783512c38126fbd427ed4a886ca6e65",
"pattern": "[file:hashes.MD5 = '07adbf4d0daa58933716e71baa9f501c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd05c-de6c-4a87-b6fe-434002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:28.000Z",
"modified": "2016-10-25T21:36:28.000Z",
"first_observed": "2016-10-25T21:36:28Z",
"last_observed": "2016-10-25T21:36:28Z",
"number_observed": 1,
"object_refs": [
"url--580fd05c-de6c-4a87-b6fe-434002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd05c-de6c-4a87-b6fe-434002de0b81",
"value": "https://www.virustotal.com/file/106934ff7f6f93a371a4561fff23d69e6783512c38126fbd427ed4a886ca6e65/analysis/1472089513/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05c-3ab4-42a4-a79d-439002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:28.000Z",
"modified": "2016-10-25T21:36:28.000Z",
"description": "Delivery Files - Xchecked via VT: fec925721b6563fec32d7a4cf8df777c647f0e24454fa783569f65cdadff9e03",
"pattern": "[file:hashes.SHA1 = '0db3bf38a778e2e833e217f715ef67eb9da8169a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05c-06a0-493b-ba64-466702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:28.000Z",
"modified": "2016-10-25T21:36:28.000Z",
"description": "Delivery Files - Xchecked via VT: fec925721b6563fec32d7a4cf8df777c647f0e24454fa783569f65cdadff9e03",
"pattern": "[file:hashes.MD5 = '62d2982a709e45b0542e1cfe210c4058']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd05c-953c-4b80-9acd-40f902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:28.000Z",
"modified": "2016-10-25T21:36:28.000Z",
"first_observed": "2016-10-25T21:36:28Z",
"last_observed": "2016-10-25T21:36:28Z",
"number_observed": 1,
"object_refs": [
"url--580fd05c-953c-4b80-9acd-40f902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd05c-953c-4b80-9acd-40f902de0b81",
"value": "https://www.virustotal.com/file/fec925721b6563fec32d7a4cf8df777c647f0e24454fa783569f65cdadff9e03/analysis/1471431559/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05c-9744-43ee-86ce-41c202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:28.000Z",
"modified": "2016-10-25T21:36:28.000Z",
"description": "Delivery Files - Xchecked via VT: 5e42e61340942fc0c46a6668a7f54adbbb4792b01c819bcd3047e855116ae16f",
"pattern": "[file:hashes.SHA1 = '665725908fc67c1810956e682f40bfe9e2ea8160']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05d-84e8-44cb-86d5-437602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:29.000Z",
"modified": "2016-10-25T21:36:29.000Z",
"description": "Delivery Files - Xchecked via VT: 5e42e61340942fc0c46a6668a7f54adbbb4792b01c819bcd3047e855116ae16f",
"pattern": "[file:hashes.MD5 = 'b9667b4b9d82c6eb254421831c881b45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd05d-baac-46c1-8472-488502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:29.000Z",
"modified": "2016-10-25T21:36:29.000Z",
"first_observed": "2016-10-25T21:36:29Z",
"last_observed": "2016-10-25T21:36:29Z",
"number_observed": 1,
"object_refs": [
"url--580fd05d-baac-46c1-8472-488502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd05d-baac-46c1-8472-488502de0b81",
"value": "https://www.virustotal.com/file/5e42e61340942fc0c46a6668a7f54adbbb4792b01c819bcd3047e855116ae16f/analysis/1466578036/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05d-7c24-4163-82c4-4a7d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:29.000Z",
"modified": "2016-10-25T21:36:29.000Z",
"description": "Delivery Files - Xchecked via VT: 1f45e5eca8f8882481b13fd4a67ffa88a1aa4d6e875a9c2e1fbf0b80e92d9588",
"pattern": "[file:hashes.SHA1 = 'c2a9af4f0168882d20ca34a15c8af91ea6652b2f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05d-ec10-4fdc-8899-44a702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:29.000Z",
"modified": "2016-10-25T21:36:29.000Z",
"description": "Delivery Files - Xchecked via VT: 1f45e5eca8f8882481b13fd4a67ffa88a1aa4d6e875a9c2e1fbf0b80e92d9588",
"pattern": "[file:hashes.MD5 = '7102e9bc802b90b3fc2d82cacbb34aaa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd05e-3c50-4d30-ba02-470e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:30.000Z",
"modified": "2016-10-25T21:36:30.000Z",
"first_observed": "2016-10-25T21:36:30Z",
"last_observed": "2016-10-25T21:36:30Z",
"number_observed": 1,
"object_refs": [
"url--580fd05e-3c50-4d30-ba02-470e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd05e-3c50-4d30-ba02-470e02de0b81",
"value": "https://www.virustotal.com/file/1f45e5eca8f8882481b13fd4a67ffa88a1aa4d6e875a9c2e1fbf0b80e92d9588/analysis/1466513172/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05e-99a8-4717-9885-4a1802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:30.000Z",
"modified": "2016-10-25T21:36:30.000Z",
"description": "Delivery Files - Xchecked via VT: e0db0982c437c40ceb67970e0a776e9448f428e919200b5f7a0566c58680070c",
"pattern": "[file:hashes.SHA1 = '74d40ba2c54a99bca91bdf6d88d2d86b748f9127']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05e-c9a4-471b-b28e-46ec02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:30.000Z",
"modified": "2016-10-25T21:36:30.000Z",
"description": "Delivery Files - Xchecked via VT: e0db0982c437c40ceb67970e0a776e9448f428e919200b5f7a0566c58680070c",
"pattern": "[file:hashes.MD5 = '84b87a84ea684e01d19808abacecf6e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd05e-898c-44a6-a5f3-46fb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:30.000Z",
"modified": "2016-10-25T21:36:30.000Z",
"first_observed": "2016-10-25T21:36:30Z",
"last_observed": "2016-10-25T21:36:30Z",
"number_observed": 1,
"object_refs": [
"url--580fd05e-898c-44a6-a5f3-46fb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd05e-898c-44a6-a5f3-46fb02de0b81",
"value": "https://www.virustotal.com/file/e0db0982c437c40ceb67970e0a776e9448f428e919200b5f7a0566c58680070c/analysis/1474537778/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05f-29b4-43f1-860e-4ecd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:31.000Z",
"modified": "2016-10-25T21:36:31.000Z",
"description": "Delivery Files - Xchecked via VT: 9af85e46344dadf1467c71d66865c7af98a23151025e7d8993bd9afc5150ad7d",
"pattern": "[file:hashes.SHA1 = 'fa73bffab7f2f2e38c70d7a78937e6e4eff242fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05f-8dc8-4292-810e-46eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:31.000Z",
"modified": "2016-10-25T21:36:31.000Z",
"description": "Delivery Files - Xchecked via VT: 9af85e46344dadf1467c71d66865c7af98a23151025e7d8993bd9afc5150ad7d",
"pattern": "[file:hashes.MD5 = '54444b71ba380c238f479a4deba20802']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd05f-12d0-4819-a240-4d8d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:31.000Z",
"modified": "2016-10-25T21:36:31.000Z",
"first_observed": "2016-10-25T21:36:31Z",
"last_observed": "2016-10-25T21:36:31Z",
"number_observed": 1,
"object_refs": [
"url--580fd05f-12d0-4819-a240-4d8d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd05f-12d0-4819-a240-4d8d02de0b81",
"value": "https://www.virustotal.com/file/9af85e46344dadf1467c71d66865c7af98a23151025e7d8993bd9afc5150ad7d/analysis/1476112359/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd05f-e2c4-40d2-bb3e-487202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:31.000Z",
"modified": "2016-10-25T21:36:31.000Z",
"description": "Delivery Files - Xchecked via VT: 70c55fef53fd4bdeb135ed68a7eead45e8d4ba7d17e0fd907e9770b2793b60ed",
"pattern": "[file:hashes.SHA1 = 'e540045b61ba3e5fa3610b4941664033b1f4d9b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd060-f21c-4be4-b3c7-409602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:32.000Z",
"modified": "2016-10-25T21:36:32.000Z",
"description": "Delivery Files - Xchecked via VT: 70c55fef53fd4bdeb135ed68a7eead45e8d4ba7d17e0fd907e9770b2793b60ed",
"pattern": "[file:hashes.MD5 = 'f73fed9140bc455617e2430693bc1caa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd060-f828-4002-a92b-422302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:32.000Z",
"modified": "2016-10-25T21:36:32.000Z",
"first_observed": "2016-10-25T21:36:32Z",
"last_observed": "2016-10-25T21:36:32Z",
"number_observed": 1,
"object_refs": [
"url--580fd060-f828-4002-a92b-422302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd060-f828-4002-a92b-422302de0b81",
"value": "https://www.virustotal.com/file/70c55fef53fd4bdeb135ed68a7eead45e8d4ba7d17e0fd907e9770b2793b60ed/analysis/1472454981/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd060-6218-472c-b6fa-41ca02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:32.000Z",
"modified": "2016-10-25T21:36:32.000Z",
"description": "Payloads - Xchecked via VT: c66b9e8aaa2ac4ce5b53b45ebb661ba7946f5b82e75865ae9e98510caff911a7",
"pattern": "[file:hashes.SHA1 = '624811e7d89f81979ceb56d17aca235b883078b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd060-5524-47ea-8044-4d1b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:32.000Z",
"modified": "2016-10-25T21:36:32.000Z",
"description": "Payloads - Xchecked via VT: c66b9e8aaa2ac4ce5b53b45ebb661ba7946f5b82e75865ae9e98510caff911a7",
"pattern": "[file:hashes.MD5 = 'dbb885f648c560a12beb0d1261ac80e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd061-2fb8-4466-b163-478a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:33.000Z",
"modified": "2016-10-25T21:36:33.000Z",
"first_observed": "2016-10-25T21:36:33Z",
"last_observed": "2016-10-25T21:36:33Z",
"number_observed": 1,
"object_refs": [
"url--580fd061-2fb8-4466-b163-478a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd061-2fb8-4466-b163-478a02de0b81",
"value": "https://www.virustotal.com/file/c66b9e8aaa2ac4ce5b53b45ebb661ba7946f5b82e75865ae9e98510caff911a7/analysis/1476385118/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd061-cc14-4bc7-91ff-4dfb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:33.000Z",
"modified": "2016-10-25T21:36:33.000Z",
"description": "Payloads - Xchecked via VT: 774501f3c88ebdd409ec318d08af2350ec37fdbc11f32681f855e215e75440d7",
"pattern": "[file:hashes.SHA1 = '76293d81aa1928c2b72e95dc243f77b9db218c25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd061-24c8-4fb1-a0fd-4e3802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:33.000Z",
"modified": "2016-10-25T21:36:33.000Z",
"description": "Payloads - Xchecked via VT: 774501f3c88ebdd409ec318d08af2350ec37fdbc11f32681f855e215e75440d7",
"pattern": "[file:hashes.MD5 = 'f9cd963dec6af1064f6ec31901d50337']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd061-f214-4b0f-89d1-4e0b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:33.000Z",
"modified": "2016-10-25T21:36:33.000Z",
"first_observed": "2016-10-25T21:36:33Z",
"last_observed": "2016-10-25T21:36:33Z",
"number_observed": 1,
"object_refs": [
"url--580fd061-f214-4b0f-89d1-4e0b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd061-f214-4b0f-89d1-4e0b02de0b81",
"value": "https://www.virustotal.com/file/774501f3c88ebdd409ec318d08af2350ec37fdbc11f32681f855e215e75440d7/analysis/1472458086/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd062-9ed8-4b86-9eba-412902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:34.000Z",
"modified": "2016-10-25T21:36:34.000Z",
"description": "Payloads - Xchecked via VT: bd5d64234e1ac87955f1d86ee1af34bd8fd11e8edf3a449181234bb62816acab",
"pattern": "[file:hashes.SHA1 = '09c5f3cd41fe427c9926c867931b5384dead6869']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd062-91c0-49a9-b529-4fd202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:34.000Z",
"modified": "2016-10-25T21:36:34.000Z",
"description": "Payloads - Xchecked via VT: bd5d64234e1ac87955f1d86ee1af34bd8fd11e8edf3a449181234bb62816acab",
"pattern": "[file:hashes.MD5 = 'e805010d4b68af620b7e97936a5e8f48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd062-da58-4c1f-af33-42bc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:34.000Z",
"modified": "2016-10-25T21:36:34.000Z",
"first_observed": "2016-10-25T21:36:34Z",
"last_observed": "2016-10-25T21:36:34Z",
"number_observed": 1,
"object_refs": [
"url--580fd062-da58-4c1f-af33-42bc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd062-da58-4c1f-af33-42bc02de0b81",
"value": "https://www.virustotal.com/file/bd5d64234e1ac87955f1d86ee1af34bd8fd11e8edf3a449181234bb62816acab/analysis/1472050065/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd063-feec-4cbf-814a-4df302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:35.000Z",
"modified": "2016-10-25T21:36:35.000Z",
"description": "Payloads - Xchecked via VT: d69e0456ddb11b979bf303b8bb9f87322bd2a9542dd9d9f716100c40bd6decd1",
"pattern": "[file:hashes.SHA1 = 'fbead272dfbf00bc6c3fdbe5a466477efd0afe6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd063-9234-415c-9418-400102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:35.000Z",
"modified": "2016-10-25T21:36:35.000Z",
"description": "Payloads - Xchecked via VT: d69e0456ddb11b979bf303b8bb9f87322bd2a9542dd9d9f716100c40bd6decd1",
"pattern": "[file:hashes.MD5 = 'da9d023c1d36f8b469aed08ecc996a21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd063-3bc4-4052-9a92-4acc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:35.000Z",
"modified": "2016-10-25T21:36:35.000Z",
"first_observed": "2016-10-25T21:36:35Z",
"last_observed": "2016-10-25T21:36:35Z",
"number_observed": 1,
"object_refs": [
"url--580fd063-3bc4-4052-9a92-4acc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd063-3bc4-4052-9a92-4acc02de0b81",
"value": "https://www.virustotal.com/file/d69e0456ddb11b979bf303b8bb9f87322bd2a9542dd9d9f716100c40bd6decd1/analysis/1467104275/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd063-c0a4-444b-a4a5-436602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:35.000Z",
"modified": "2016-10-25T21:36:35.000Z",
"description": "Payloads - Xchecked via VT: 8428857b0c7dfe43cf2182dd585dfdfd845697a11c31e91d909dc400222b4f78",
"pattern": "[file:hashes.SHA1 = '1ee3eea0f12c21249c50dd235974d1bf64f65154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd063-5898-4936-822a-4e7b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:35.000Z",
"modified": "2016-10-25T21:36:35.000Z",
"description": "Payloads - Xchecked via VT: 8428857b0c7dfe43cf2182dd585dfdfd845697a11c31e91d909dc400222b4f78",
"pattern": "[file:hashes.MD5 = '8fd6fc5f88e11d3df407aafa7ba4ade0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd064-c26c-4020-a0af-466402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:36.000Z",
"modified": "2016-10-25T21:36:36.000Z",
"first_observed": "2016-10-25T21:36:36Z",
"last_observed": "2016-10-25T21:36:36Z",
"number_observed": 1,
"object_refs": [
"url--580fd064-c26c-4020-a0af-466402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd064-c26c-4020-a0af-466402de0b81",
"value": "https://www.virustotal.com/file/8428857b0c7dfe43cf2182dd585dfdfd845697a11c31e91d909dc400222b4f78/analysis/1476385225/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd064-e488-41c1-9ac7-4cf102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:36.000Z",
"modified": "2016-10-25T21:36:36.000Z",
"description": "Payloads - Xchecked via VT: 44b52baf2ecef2f928a13b17ba3a5552c32ca4a640e6421b8bc35ef5a113801b",
"pattern": "[file:hashes.SHA1 = 'dd07143cbedce06fe46660f0867ce42597f20447']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd064-6f90-4e4b-86ec-41e602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:36.000Z",
"modified": "2016-10-25T21:36:36.000Z",
"description": "Payloads - Xchecked via VT: 44b52baf2ecef2f928a13b17ba3a5552c32ca4a640e6421b8bc35ef5a113801b",
"pattern": "[file:hashes.MD5 = '45009c70d362dcd253112c9cf1924f57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd064-f148-4e0b-81bf-4f8002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:36.000Z",
"modified": "2016-10-25T21:36:36.000Z",
"first_observed": "2016-10-25T21:36:36Z",
"last_observed": "2016-10-25T21:36:36Z",
"number_observed": 1,
"object_refs": [
"url--580fd064-f148-4e0b-81bf-4f8002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd064-f148-4e0b-81bf-4f8002de0b81",
"value": "https://www.virustotal.com/file/44b52baf2ecef2f928a13b17ba3a5552c32ca4a640e6421b8bc35ef5a113801b/analysis/1476125677/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd065-04dc-4cca-a149-485702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:37.000Z",
"modified": "2016-10-25T21:36:37.000Z",
"description": "Payloads - Xchecked via VT: 386057a265619c43ef245857b66241a66822061ce9bd047556c4f3f1d262ef36",
"pattern": "[file:hashes.SHA1 = 'cdb55fb4e89464d78af65a9aa42e38f2dba0c70e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580fd065-8580-4234-b48a-480602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:37.000Z",
"modified": "2016-10-25T21:36:37.000Z",
"description": "Payloads - Xchecked via VT: 386057a265619c43ef245857b66241a66822061ce9bd047556c4f3f1d262ef36",
"pattern": "[file:hashes.MD5 = 'd943834a0323105003194663248f6ff9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-25T21:36:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--580fd065-5c34-4633-9941-458b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-25T21:36:37.000Z",
"modified": "2016-10-25T21:36:37.000Z",
"first_observed": "2016-10-25T21:36:37Z",
"last_observed": "2016-10-25T21:36:37Z",
"number_observed": 1,
"object_refs": [
"url--580fd065-5c34-4633-9941-458b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--580fd065-5c34-4633-9941-458b02de0b81",
"value": "https://www.virustotal.com/file/386057a265619c43ef245857b66241a66822061ce9bd047556c4f3f1d262ef36/analysis/1473061516/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink