5545 lines
No EOL
235 KiB
JSON
5545 lines
No EOL
235 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--55f2c05f-fdb4-4ae6-ab17-47f9950d210b",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:40.000Z",
|
|
"modified": "2015-09-11T12:39:40.000Z",
|
|
"name": "CthulhuSPRL.be",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--55f2c05f-fdb4-4ae6-ab17-47f9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:40.000Z",
|
|
"modified": "2015-09-11T12:39:40.000Z",
|
|
"name": "OSINT Musical Chairs: Multi-Year Campaign Involving New Variant of Gh0st Malware by Palo Alto Networks Unit 42",
|
|
"published": "2016-03-01T22:03:15Z",
|
|
"object_refs": [
|
|
"observed-data--55f2c0dc-933c-4dd6-9eed-4d5b950d210b",
|
|
"url--55f2c0dc-933c-4dd6-9eed-4d5b950d210b",
|
|
"indicator--55f2c1d6-e280-495c-829b-469d950d210b",
|
|
"indicator--55f2c1d7-9c60-404d-b029-482a950d210b",
|
|
"indicator--55f2c1d7-57c0-483a-b88d-4b88950d210b",
|
|
"indicator--55f2c1d7-35e4-4fa5-97c5-4c42950d210b",
|
|
"indicator--55f2c1d8-21a0-4455-ae91-4ca5950d210b",
|
|
"indicator--55f2c1d8-45e8-4f35-97ab-4638950d210b",
|
|
"indicator--55f2c1d8-d66c-48bd-9335-446a950d210b",
|
|
"indicator--55f2c1d9-b794-442b-b62c-42b7950d210b",
|
|
"indicator--55f2c1d9-3f5c-494d-9024-4ddd950d210b",
|
|
"indicator--55f2c1d9-f798-4de2-9a69-443e950d210b",
|
|
"indicator--55f2c1da-0e20-46d8-b950-41ff950d210b",
|
|
"indicator--55f2c1da-3938-4bd7-8f29-403e950d210b",
|
|
"indicator--55f2c1da-e7e8-419c-aab8-4ab4950d210b",
|
|
"indicator--55f2c1db-3cd4-4ff0-8780-4c8a950d210b",
|
|
"indicator--55f2c1db-046c-4158-83c8-4e3a950d210b",
|
|
"indicator--55f2c1db-0250-4f2d-b6c9-4834950d210b",
|
|
"indicator--55f2c1dc-c200-4daa-a25e-4475950d210b",
|
|
"indicator--55f2c1dc-34ac-403f-8578-4948950d210b",
|
|
"indicator--55f2c1dd-996c-49fd-bc51-41ef950d210b",
|
|
"indicator--55f2c1dd-4748-4bc5-9041-4592950d210b",
|
|
"indicator--55f2c1dd-cf90-429b-9c91-4b47950d210b",
|
|
"indicator--55f2c1de-01b0-4435-a5ea-42d3950d210b",
|
|
"indicator--55f2c1de-55c4-4a80-8c46-4bcd950d210b",
|
|
"indicator--55f2c1de-2560-4cd6-b6d0-46ae950d210b",
|
|
"indicator--55f2c1df-6894-44d0-8885-4df8950d210b",
|
|
"indicator--55f2c1df-1a1c-449b-af81-4c5f950d210b",
|
|
"indicator--55f2c1df-dc90-4822-b786-4879950d210b",
|
|
"indicator--55f2c1e0-7938-4e27-b24c-4b1e950d210b",
|
|
"indicator--55f2c1e0-a684-4ded-8bd0-4a73950d210b",
|
|
"indicator--55f2c1e0-f984-49ec-a392-463c950d210b",
|
|
"indicator--55f2c1e1-0dd0-4c9a-a703-44e5950d210b",
|
|
"indicator--55f2c1e1-f484-4b36-8fcb-4490950d210b",
|
|
"indicator--55f2c1e1-8914-41ae-9037-4c62950d210b",
|
|
"indicator--55f2c1e2-7354-4dfb-b18b-40f1950d210b",
|
|
"indicator--55f2c1e2-6148-43ae-a654-4b26950d210b",
|
|
"indicator--55f2c1e2-7794-4399-b0d4-42d2950d210b",
|
|
"indicator--55f2c1e3-e9c0-4cf1-bfed-4a5b950d210b",
|
|
"indicator--55f2c1e3-3e80-4d41-acfe-40e2950d210b",
|
|
"indicator--55f2c1e3-04c8-47ee-81c1-42d3950d210b",
|
|
"indicator--55f2c1e4-5d9c-43d5-bf25-4517950d210b",
|
|
"indicator--55f2c1e4-fc64-4449-8296-435c950d210b",
|
|
"indicator--55f2c1e4-9298-44ed-8ee2-4e39950d210b",
|
|
"indicator--55f2c1e5-763c-4aef-95bc-413a950d210b",
|
|
"indicator--55f2c1e5-7f10-47f7-9a1c-4af2950d210b",
|
|
"indicator--55f2c1e5-8630-42db-a803-4f49950d210b",
|
|
"indicator--55f2c1e6-532c-4c17-bc3b-42fa950d210b",
|
|
"indicator--55f2c1e6-0c98-41bc-9c4d-4e28950d210b",
|
|
"indicator--55f2c1e6-1a6c-4873-9b8a-4ec9950d210b",
|
|
"indicator--55f2c1e7-8ac0-4be1-be05-4740950d210b",
|
|
"indicator--55f2c1e7-3ff4-489a-ae7a-45e5950d210b",
|
|
"indicator--55f2c1e7-40dc-47a9-a53a-4297950d210b",
|
|
"indicator--55f2c1e8-a0bc-46ca-b96f-49ad950d210b",
|
|
"indicator--55f2c1e8-a10c-4060-9feb-449b950d210b",
|
|
"indicator--55f2c1e8-e930-4e46-bde5-4dd1950d210b",
|
|
"indicator--55f2c1e9-1720-471c-a651-49d4950d210b",
|
|
"indicator--55f2c1e9-00f4-4da4-b8f0-427f950d210b",
|
|
"indicator--55f2c1e9-32d8-4676-af96-4d02950d210b",
|
|
"indicator--55f2c1ea-47bc-4a73-9b59-4a6a950d210b",
|
|
"indicator--55f2c1ea-c9e0-4e2c-9e56-4657950d210b",
|
|
"indicator--55f2c1ea-f5f0-458e-b2a7-4781950d210b",
|
|
"indicator--55f2c1eb-ee8c-44ff-8a65-447d950d210b",
|
|
"indicator--55f2c1eb-d7fc-42cf-b627-4d5f950d210b",
|
|
"indicator--55f2c1eb-4bd0-4326-9d70-4ac6950d210b",
|
|
"indicator--55f2c1ec-54f4-49e4-bed9-40bf950d210b",
|
|
"indicator--55f2c1ec-d720-4c35-a064-4939950d210b",
|
|
"indicator--55f2c1ec-f3ac-4baa-9ebc-4635950d210b",
|
|
"indicator--55f2c1ed-2a64-498f-afe4-4a50950d210b",
|
|
"x-misp-attribute--55f2c304-3a54-4d01-9599-42a7950d210b",
|
|
"indicator--55f2cb8c-6458-4f32-9bf8-4806950d210b",
|
|
"indicator--55f2cb8c-1534-460d-8206-4d64950d210b",
|
|
"observed-data--55f2cb8d-5188-421e-9617-4765950d210b",
|
|
"url--55f2cb8d-5188-421e-9617-4765950d210b",
|
|
"indicator--55f2cb8d-c72c-4e11-bd43-4515950d210b",
|
|
"indicator--55f2cb8d-2874-46de-8ef9-4497950d210b",
|
|
"observed-data--55f2cb8e-5040-4417-9454-4a4d950d210b",
|
|
"url--55f2cb8e-5040-4417-9454-4a4d950d210b",
|
|
"indicator--55f2cb8e-66c0-4eb5-9de8-456c950d210b",
|
|
"indicator--55f2cb8e-226c-46ba-8cb5-4996950d210b",
|
|
"observed-data--55f2cb8f-ff8c-411c-bca2-4b64950d210b",
|
|
"url--55f2cb8f-ff8c-411c-bca2-4b64950d210b",
|
|
"indicator--55f2cb8f-e11c-46b5-9a63-4c8b950d210b",
|
|
"indicator--55f2cb8f-d6e4-48c0-b7a1-4760950d210b",
|
|
"observed-data--55f2cb90-defc-4e49-b5a6-491f950d210b",
|
|
"url--55f2cb90-defc-4e49-b5a6-491f950d210b",
|
|
"indicator--55f2cb90-8444-41cf-a3f5-4a47950d210b",
|
|
"indicator--55f2cb90-35dc-44e5-b6c7-4f75950d210b",
|
|
"observed-data--55f2cb91-9e18-4a11-b9e1-42ce950d210b",
|
|
"url--55f2cb91-9e18-4a11-b9e1-42ce950d210b",
|
|
"indicator--55f2cb91-8fe0-4bec-a0db-489d950d210b",
|
|
"indicator--55f2cb91-b5d0-48a0-b118-4ab5950d210b",
|
|
"observed-data--55f2cb92-0350-4e8a-80b6-4193950d210b",
|
|
"url--55f2cb92-0350-4e8a-80b6-4193950d210b",
|
|
"indicator--55f2cb92-6678-4cfe-badb-4b6e950d210b",
|
|
"indicator--55f2cb92-9008-44d2-a353-49d8950d210b",
|
|
"observed-data--55f2cb93-81cc-4b20-bd9a-4694950d210b",
|
|
"url--55f2cb93-81cc-4b20-bd9a-4694950d210b",
|
|
"indicator--55f2cb93-b448-421a-b92f-4f9e950d210b",
|
|
"indicator--55f2cb93-2538-40c5-b282-4247950d210b",
|
|
"observed-data--55f2cb94-926c-45e1-ae7a-4f05950d210b",
|
|
"url--55f2cb94-926c-45e1-ae7a-4f05950d210b",
|
|
"indicator--55f2cb94-0bec-4f95-ae68-43f0950d210b",
|
|
"indicator--55f2cb94-b9d4-4941-8961-46e9950d210b",
|
|
"observed-data--55f2cb95-b8d4-4d4f-8aac-4889950d210b",
|
|
"url--55f2cb95-b8d4-4d4f-8aac-4889950d210b",
|
|
"indicator--55f2cb95-73b0-4e73-870e-4b09950d210b",
|
|
"indicator--55f2cb95-91b4-47b3-a954-4871950d210b",
|
|
"observed-data--55f2cb96-db10-4643-a4b7-4be6950d210b",
|
|
"url--55f2cb96-db10-4643-a4b7-4be6950d210b",
|
|
"indicator--55f2cb96-6a30-4990-9151-47b1950d210b",
|
|
"indicator--55f2cb96-ec64-4d9b-ab06-42bc950d210b",
|
|
"observed-data--55f2cb97-c880-4978-95a2-4a33950d210b",
|
|
"url--55f2cb97-c880-4978-95a2-4a33950d210b",
|
|
"indicator--55f2cb97-e464-4b1d-964b-44b3950d210b",
|
|
"indicator--55f2cb97-bb44-4b8d-8df4-446e950d210b",
|
|
"observed-data--55f2cb98-5bec-4f23-84d0-4dfa950d210b",
|
|
"url--55f2cb98-5bec-4f23-84d0-4dfa950d210b",
|
|
"indicator--55f2cb98-ddf8-4688-b944-4588950d210b",
|
|
"indicator--55f2cb98-95f0-4765-b9ad-4520950d210b",
|
|
"observed-data--55f2cb99-b624-48b8-9c94-4002950d210b",
|
|
"url--55f2cb99-b624-48b8-9c94-4002950d210b",
|
|
"indicator--55f2cb99-d560-4fe7-b73c-4d7e950d210b",
|
|
"indicator--55f2cb99-bdf4-4f12-ae4d-4d64950d210b",
|
|
"observed-data--55f2cb9a-0680-41b6-b5b6-4fb6950d210b",
|
|
"url--55f2cb9a-0680-41b6-b5b6-4fb6950d210b",
|
|
"indicator--55f2cb9a-4adc-4a00-9799-4eb4950d210b",
|
|
"indicator--55f2cb9a-588c-4288-bc9f-4ba7950d210b",
|
|
"observed-data--55f2cb9b-23f0-4b6c-b1c4-4edb950d210b",
|
|
"url--55f2cb9b-23f0-4b6c-b1c4-4edb950d210b",
|
|
"indicator--55f2cb9b-7ad8-4998-aa88-45f2950d210b",
|
|
"indicator--55f2cb9b-2fe4-47a3-a360-47c5950d210b",
|
|
"observed-data--55f2cb9c-62a4-4acb-8ecf-4011950d210b",
|
|
"url--55f2cb9c-62a4-4acb-8ecf-4011950d210b",
|
|
"indicator--55f2cb9c-5a88-4930-9d2f-46a3950d210b",
|
|
"indicator--55f2cb9c-f8c4-461f-bce6-4f27950d210b",
|
|
"observed-data--55f2cb9d-05ac-40e6-94ab-4b9b950d210b",
|
|
"url--55f2cb9d-05ac-40e6-94ab-4b9b950d210b",
|
|
"indicator--55f2cb9d-1fd4-400b-8712-4a20950d210b",
|
|
"indicator--55f2cb9d-fdd0-4c51-95f8-4f3d950d210b",
|
|
"observed-data--55f2cb9e-3a3c-486b-9add-4141950d210b",
|
|
"url--55f2cb9e-3a3c-486b-9add-4141950d210b",
|
|
"indicator--55f2cb9e-f3fc-4e2a-925f-4130950d210b",
|
|
"indicator--55f2cb9e-dad0-4172-bcf5-4d8b950d210b",
|
|
"observed-data--55f2cb9f-0f04-45c6-ac19-409a950d210b",
|
|
"url--55f2cb9f-0f04-45c6-ac19-409a950d210b",
|
|
"indicator--55f2cb9f-d594-40d3-b738-4824950d210b",
|
|
"indicator--55f2cb9f-00c0-4146-ba27-42e0950d210b",
|
|
"observed-data--55f2cba0-cd58-42d0-9f41-4dc5950d210b",
|
|
"url--55f2cba0-cd58-42d0-9f41-4dc5950d210b",
|
|
"indicator--55f2cba0-5470-48a3-b46b-44c9950d210b",
|
|
"indicator--55f2cba0-73b0-4f7c-a0f6-4314950d210b",
|
|
"observed-data--55f2cba1-b538-4b0c-a519-48e3950d210b",
|
|
"url--55f2cba1-b538-4b0c-a519-48e3950d210b",
|
|
"indicator--55f2cba1-827c-4a41-abcf-4225950d210b",
|
|
"indicator--55f2cba1-ced4-48d0-9c82-4e13950d210b",
|
|
"observed-data--55f2cba2-ee24-4016-904b-460c950d210b",
|
|
"url--55f2cba2-ee24-4016-904b-460c950d210b",
|
|
"indicator--55f2cba2-9ad4-412c-8220-4287950d210b",
|
|
"indicator--55f2cba2-4784-4664-8dc3-42f0950d210b",
|
|
"observed-data--55f2cba3-2460-4139-94cf-470c950d210b",
|
|
"url--55f2cba3-2460-4139-94cf-470c950d210b",
|
|
"indicator--55f2cba3-cac8-4f1d-ade7-4cfc950d210b",
|
|
"indicator--55f2cba3-48e4-40cc-a205-44b0950d210b",
|
|
"observed-data--55f2cba4-59c8-4490-9f42-41a9950d210b",
|
|
"url--55f2cba4-59c8-4490-9f42-41a9950d210b",
|
|
"indicator--55f2cba4-a7ec-481e-93f6-4a9b950d210b",
|
|
"indicator--55f2cba4-3a44-4b3f-bd52-4378950d210b",
|
|
"observed-data--55f2cba5-ebc4-45f6-8d4b-4ee2950d210b",
|
|
"url--55f2cba5-ebc4-45f6-8d4b-4ee2950d210b",
|
|
"indicator--55f2cba5-6c0c-4c9a-889f-4772950d210b",
|
|
"indicator--55f2cba5-c5b8-4197-8b6c-4869950d210b",
|
|
"observed-data--55f2cba6-cb98-4c68-a9ea-474c950d210b",
|
|
"url--55f2cba6-cb98-4c68-a9ea-474c950d210b",
|
|
"indicator--55f2cba6-594c-430a-86e8-4eba950d210b",
|
|
"indicator--55f2cba6-6988-4aec-9509-4b3d950d210b",
|
|
"observed-data--55f2cba7-6ff8-4a55-a717-4d3d950d210b",
|
|
"url--55f2cba7-6ff8-4a55-a717-4d3d950d210b",
|
|
"indicator--55f2cba7-a108-4c45-81cd-4e8c950d210b",
|
|
"indicator--55f2cba7-af94-4a7c-b00b-49ac950d210b",
|
|
"observed-data--55f2cba8-6a18-4a77-be5b-47ac950d210b",
|
|
"url--55f2cba8-6a18-4a77-be5b-47ac950d210b",
|
|
"indicator--55f2cba8-fa58-4856-a190-4393950d210b",
|
|
"indicator--55f2cba8-3350-4108-bcae-44bf950d210b",
|
|
"observed-data--55f2cba9-a4b8-4236-9d03-45df950d210b",
|
|
"url--55f2cba9-a4b8-4236-9d03-45df950d210b",
|
|
"indicator--55f2cba9-7eec-40d3-8b84-47ab950d210b",
|
|
"indicator--55f2cba9-dad0-481f-8de5-47de950d210b",
|
|
"observed-data--55f2cbaa-49cc-4da7-bbde-4687950d210b",
|
|
"url--55f2cbaa-49cc-4da7-bbde-4687950d210b",
|
|
"indicator--55f2cbaa-d970-4e20-a3ae-4f84950d210b",
|
|
"indicator--55f2cbaa-0f4c-44d6-b539-468d950d210b",
|
|
"observed-data--55f2cbab-6350-4a01-8bd7-41c2950d210b",
|
|
"url--55f2cbab-6350-4a01-8bd7-41c2950d210b",
|
|
"indicator--55f2cbab-aa64-46d5-b80e-4aed950d210b",
|
|
"indicator--55f2cbab-d89c-4f0b-a26c-4a70950d210b",
|
|
"observed-data--55f2cbac-e890-466e-8694-4f62950d210b",
|
|
"url--55f2cbac-e890-466e-8694-4f62950d210b",
|
|
"indicator--55f2cbac-6e78-4033-be44-41de950d210b",
|
|
"indicator--55f2cbac-3200-49ec-b784-4876950d210b",
|
|
"observed-data--55f2cbad-5858-45ab-8e9a-410f950d210b",
|
|
"url--55f2cbad-5858-45ab-8e9a-410f950d210b",
|
|
"indicator--55f2cbad-4e10-47fc-bfbd-49d4950d210b",
|
|
"indicator--55f2cbad-85a4-4aa6-93d2-43a2950d210b",
|
|
"observed-data--55f2cbae-bef8-413c-94b0-4212950d210b",
|
|
"url--55f2cbae-bef8-413c-94b0-4212950d210b",
|
|
"indicator--55f2cbae-48d8-40e5-9609-414d950d210b",
|
|
"indicator--55f2cbae-b800-4acf-8fd8-4ab2950d210b",
|
|
"observed-data--55f2cbaf-aedc-4204-a861-4b58950d210b",
|
|
"url--55f2cbaf-aedc-4204-a861-4b58950d210b",
|
|
"indicator--55f2cbaf-00b8-4cc4-ba5c-433c950d210b",
|
|
"indicator--55f2cbaf-dd40-475b-a023-42be950d210b",
|
|
"observed-data--55f2cbb0-3e64-43a8-b10c-4a6d950d210b",
|
|
"url--55f2cbb0-3e64-43a8-b10c-4a6d950d210b",
|
|
"indicator--55f2cbb0-5fac-4fca-bde1-4908950d210b",
|
|
"indicator--55f2cbb0-1304-4834-839b-4c88950d210b",
|
|
"observed-data--55f2cbb1-0a9c-4bfb-9f9f-471d950d210b",
|
|
"url--55f2cbb1-0a9c-4bfb-9f9f-471d950d210b",
|
|
"indicator--55f2cbb1-b8e0-4729-8c75-4d68950d210b",
|
|
"indicator--55f2cbb1-6f94-4acd-8364-44c6950d210b",
|
|
"observed-data--55f2cbb2-a6d8-4137-a138-4728950d210b",
|
|
"url--55f2cbb2-a6d8-4137-a138-4728950d210b",
|
|
"indicator--55f2cbb2-a418-431a-8dfd-42c4950d210b",
|
|
"indicator--55f2cbb2-9934-40d6-ab8f-4dfb950d210b",
|
|
"observed-data--55f2cbb3-cef0-4016-91d8-4018950d210b",
|
|
"url--55f2cbb3-cef0-4016-91d8-4018950d210b",
|
|
"indicator--55f2cbb3-d640-4bf1-a88c-46fb950d210b",
|
|
"indicator--55f2cbb3-8160-4967-90a1-46ad950d210b",
|
|
"observed-data--55f2cbb4-96b0-4a3e-abe1-4288950d210b",
|
|
"url--55f2cbb4-96b0-4a3e-abe1-4288950d210b",
|
|
"indicator--55f2cbb4-1670-4ba8-84a4-4467950d210b",
|
|
"indicator--55f2cbb4-a030-4b6c-af81-4fed950d210b",
|
|
"observed-data--55f2cbb5-5214-46ec-a447-46be950d210b",
|
|
"url--55f2cbb5-5214-46ec-a447-46be950d210b",
|
|
"indicator--55f2cbb5-8670-4e21-a6fd-4d63950d210b",
|
|
"indicator--55f2cbb5-3e88-4960-8c41-4117950d210b",
|
|
"observed-data--55f2cbb6-5b44-45ba-ac02-4b3e950d210b",
|
|
"url--55f2cbb6-5b44-45ba-ac02-4b3e950d210b",
|
|
"indicator--55f2cbb6-f6d0-4601-896b-4ad1950d210b",
|
|
"indicator--55f2cbb6-4868-47e4-833f-479c950d210b",
|
|
"observed-data--55f2cbb7-f284-4744-8278-4609950d210b",
|
|
"url--55f2cbb7-f284-4744-8278-4609950d210b",
|
|
"indicator--55f2cbb7-0784-4365-ab32-4645950d210b",
|
|
"indicator--55f2cbb7-254c-4ee3-b749-48e0950d210b",
|
|
"observed-data--55f2cbb8-ca24-4b40-accd-4ace950d210b",
|
|
"url--55f2cbb8-ca24-4b40-accd-4ace950d210b",
|
|
"indicator--55f2cbb8-1b88-4d04-aec7-4895950d210b",
|
|
"indicator--55f2cbb8-b2b4-4c6f-b8e2-41e5950d210b",
|
|
"observed-data--55f2cbb9-e0dc-4b5e-a03b-4f9b950d210b",
|
|
"url--55f2cbb9-e0dc-4b5e-a03b-4f9b950d210b",
|
|
"indicator--55f2cbb9-a464-4a2a-b675-46a7950d210b",
|
|
"indicator--55f2cbb9-17ec-4241-91c1-434e950d210b",
|
|
"observed-data--55f2cbba-2c08-43fc-980a-4899950d210b",
|
|
"url--55f2cbba-2c08-43fc-980a-4899950d210b",
|
|
"indicator--55f2cbba-76b8-4f39-bd0f-4f31950d210b",
|
|
"indicator--55f2cbba-fab0-484a-9b38-43d1950d210b",
|
|
"observed-data--55f2cbbb-5f68-440e-b4bd-4172950d210b",
|
|
"url--55f2cbbb-5f68-440e-b4bd-4172950d210b",
|
|
"indicator--55f2cbbb-1004-4e06-bbf5-400c950d210b",
|
|
"indicator--55f2cbbb-b9b0-44ae-b060-4c02950d210b",
|
|
"observed-data--55f2cbbc-8da4-4b81-9346-4f8c950d210b",
|
|
"url--55f2cbbc-8da4-4b81-9346-4f8c950d210b",
|
|
"indicator--56c6aabb-9eb4-44bd-8edd-599c950d210f",
|
|
"indicator--56c6aabf-fed8-4784-8980-599f950d210f",
|
|
"indicator--56c6aac2-4184-4c77-9d59-499b950d210f",
|
|
"indicator--56c6aac6-8c70-462f-80eb-c652950d210f",
|
|
"indicator--56c6aabc-7c00-4efb-a9ee-5f51950d210f",
|
|
"indicator--56c6aac0-d3d8-4f4a-bdab-c651950d210f",
|
|
"indicator--56c6aac3-a30c-4544-ae00-422e950d210f",
|
|
"indicator--56c6aac7-3034-4b2d-ba1f-599f950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2c0dc-933c-4dd6-9eed-4d5b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:54:04.000Z",
|
|
"modified": "2015-09-11T11:54:04.000Z",
|
|
"first_observed": "2015-09-11T11:54:04Z",
|
|
"last_observed": "2015-09-11T11:54:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2c0dc-933c-4dd6-9eed-4d5b950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2c0dc-933c-4dd6-9eed-4d5b950d210b",
|
|
"value": "http://researchcenter.paloaltonetworks.com/2015/09/musical-chairs-multi-year-campaign-involving-new-variant-of-gh0st-malware/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1d6-e280-495c-829b-469d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:14.000Z",
|
|
"modified": "2015-09-11T11:58:14.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '50f08f0b23fe1123b298cb5158c1ad5a8244ce272ea463a1e4858d12719b337f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1d7-9c60-404d-b029-482a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:15.000Z",
|
|
"modified": "2015-09-11T11:58:15.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '8dac9fa1ea29a90893a77f4d49c1393fa99a967e8af6a507037789041911de95']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1d7-57c0-483a-b88d-4b88950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:15.000Z",
|
|
"modified": "2015-09-11T11:58:15.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'f08f26a7026ba249d021ca21f097405a536771f38d94081731c0f7960177408b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1d7-35e4-4fa5-97c5-4c42950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:15.000Z",
|
|
"modified": "2015-09-11T11:58:15.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'f5c868d9ac4d18c9c88e181af9370769bf52928d04874d8c3142badf83f664e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1d8-21a0-4455-ae91-4ca5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:16.000Z",
|
|
"modified": "2015-09-11T11:58:16.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'e60c25ee1404433e3f78e50f5edea11f186211148ce8e5abb22c1f01b76d96f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1d8-45e8-4f35-97ab-4638950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:16.000Z",
|
|
"modified": "2015-09-11T11:58:16.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '4babcaf4694fb8207ea3774f6c2339a28c0ce5913fb9ac396a8e50efa75e10cd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1d8-d66c-48bd-9335-446a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:16.000Z",
|
|
"modified": "2015-09-11T11:58:16.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'd36d80c5b9da830fd027cd219d9dabcedd73f5d2da5009b2661c4f0438773c3e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1d9-b794-442b-b62c-42b7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:17.000Z",
|
|
"modified": "2015-09-11T11:58:17.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '29726da0ebd8960cab09f91bb8fa37db27b1ca2a3897235c645d1896df10303b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1d9-3f5c-494d-9024-4ddd950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:17.000Z",
|
|
"modified": "2015-09-11T11:58:17.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '61b77cada9c2a16daeb465e439cb3e38c857f1559455187469821893bf542666']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1d9-f798-4de2-9a69-443e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:17.000Z",
|
|
"modified": "2015-09-11T11:58:17.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'a0fdb977b712e669aae28723f1a4b90735a5af9e92937558c9da8f62614a1a17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1da-0e20-46d8-b950-41ff950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:18.000Z",
|
|
"modified": "2015-09-11T11:58:18.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '73ae929dde6826306046d8db744da6e5150f5c508298726b634d39c279192ad0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1da-3938-4bd7-8f29-403e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:18.000Z",
|
|
"modified": "2015-09-11T11:58:18.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'e297929c583c6f84727c312b937c43550d71fe2bca4f4138d53441c7e269cfa4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1da-e7e8-419c-aab8-4ab4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:18.000Z",
|
|
"modified": "2015-09-11T11:58:18.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '55090a930b6c37f9ff215793e950a4ffb67f516fd0a14409b027f995d27da082']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1db-3cd4-4ff0-8780-4c8a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:19.000Z",
|
|
"modified": "2015-09-11T11:58:19.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'a7afee2227ff3ee64695235c7eed214ee1d18c2b6e287616118b5f38fd6720dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1db-046c-4158-83c8-4e3a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:19.000Z",
|
|
"modified": "2015-09-11T11:58:19.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '4306af9aa2b585dd07c4b114bc7e292f7f9ab06732ae7a9e7f4831b88127c85a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1db-0250-4f2d-b6c9-4834950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:19.000Z",
|
|
"modified": "2015-09-11T11:58:19.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '66b1260565e2243bba1436f43e986ff741bd391305114d7bef891273e03abd72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1dc-c200-4daa-a25e-4475950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:20.000Z",
|
|
"modified": "2015-09-11T11:58:20.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '022ca8187bfb1f347a0e547417a8088a5cc0e38fd9aa51b464154fbcf4aa149c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1dc-34ac-403f-8578-4948950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:20.000Z",
|
|
"modified": "2015-09-11T11:58:20.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '9b823f0d60e348707fbbc1da8b37b3c9cd5ea1f43277ba8069e302ff05fee531']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1dd-996c-49fd-bc51-41ef950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:21.000Z",
|
|
"modified": "2015-09-11T11:58:21.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c256ca3514d23818cab28b61d1df52a513d1f2beda8c5e81c3336de762f9f3f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1dd-4748-4bc5-9041-4592950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:21.000Z",
|
|
"modified": "2015-09-11T11:58:21.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7eeba4a511cdeb6b48ca3d09b751be047aa553ea5f6c416494200d1aee520fe4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1dd-cf90-429b-9c91-4b47950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:21.000Z",
|
|
"modified": "2015-09-11T11:58:21.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '552ff44540e944b3263fc8c32c7dba927f6e7f3f4489bb13b8ecc52c3fd40bf1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1de-01b0-4435-a5ea-42d3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:22.000Z",
|
|
"modified": "2015-09-11T11:58:22.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'e1290e92c5caff9631f4ebe53df27293b71df19b6b5435323332658ebaa9c6b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1de-55c4-4a80-8c46-4bcd950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:22.000Z",
|
|
"modified": "2015-09-11T11:58:22.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'fb8b4bc012d45ba78e721a6f73df77ac7838998109c388ced95c995a7e7303f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1de-2560-4cd6-b6d0-46ae950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:22.000Z",
|
|
"modified": "2015-09-11T11:58:22.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '20236c7a6c0c29664976ab943118477583545ed8461b14933b2d49cee10dd051']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1df-6894-44d0-8885-4df8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:23.000Z",
|
|
"modified": "2015-09-11T11:58:23.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'da297e8bf799032e0a52c4535997abf30202f33ce9d4162139129463c386efcc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1df-1a1c-449b-af81-4c5f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:23.000Z",
|
|
"modified": "2015-09-11T11:58:23.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '4b7133e45f368cc0b6728830bc9e1219ff318eb384caf5ecbb54e12e6e6c1925']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1df-dc90-4822-b786-4879950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:23.000Z",
|
|
"modified": "2015-09-11T11:58:23.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'e737e2253f016ab65b521d4f4e7b2a06741fa2541c52f0994edfc1763a053910']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e0-7938-4e27-b24c-4b1e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:24.000Z",
|
|
"modified": "2015-09-11T11:58:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '07cf20da1ef235ee98c25495bf9b845754f21ed105d5211001885fd2eea3210f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e0-a684-4ded-8bd0-4a73950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:24.000Z",
|
|
"modified": "2015-09-11T11:58:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'd467504e8b8608b4fae334c426e8ac02f762993064bf1db20bb6090b42648648']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e0-f984-49ec-a392-463c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:24.000Z",
|
|
"modified": "2015-09-11T11:58:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '8a2a5f155707109bc0a6f179f1a749b216504b373c765c8193a7dd958b17be7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e1-0dd0-4c9a-a703-44e5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:25.000Z",
|
|
"modified": "2015-09-11T11:58:25.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'a95933553fca054e08bd213b7f364b084ef19936a425d7260e08a8e7fdfd2ce6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e1-f484-4b36-8fcb-4490950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:25.000Z",
|
|
"modified": "2015-09-11T11:58:25.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '6adced734d5498bbcc9fc111ce43bd7fd8db098106eaa3cfc025de7ba6dc02a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e1-8914-41ae-9037-4c62950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:25.000Z",
|
|
"modified": "2015-09-11T11:58:25.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c608bb6f3723aad1608963e661c8fb80ace93f02f7d52f61a1355e9512676d62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e2-7354-4dfb-b18b-40f1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:26.000Z",
|
|
"modified": "2015-09-11T11:58:26.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'e58085656708d9759856325afb6cd67ec0ff7a126e27907efa2e91ef9a0ff474']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e2-6148-43ae-a654-4b26950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:26.000Z",
|
|
"modified": "2015-09-11T11:58:26.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'bba343d4043ea3d170f4027546fad7f991b7ebce9e923dc42e16d88b570ff167']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e2-7794-4399-b0d4-42d2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:26.000Z",
|
|
"modified": "2015-09-11T11:58:26.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '96c301bfa09338740575c4758d558b12e338654b16fc4b9d2badb9610358bf63']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e3-e9c0-4cf1-bfed-4a5b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:27.000Z",
|
|
"modified": "2015-09-11T11:58:27.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'd3c8161f76d4187f32039b5557e22e5fb684c06aa3e145e813ee7a4e166cbf47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e3-3e80-4d41-acfe-40e2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:27.000Z",
|
|
"modified": "2015-09-11T11:58:27.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '34dabb10ea595c773ae4f8c13b7d7fdb41927bc7052ef76204735bbffeda1c47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e3-04c8-47ee-81c1-42d3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:27.000Z",
|
|
"modified": "2015-09-11T11:58:27.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '9c547a7c523e367948d2c645407d0919053ef48292173efe263f3ccfdcdc8e92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e4-5d9c-43d5-bf25-4517950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:28.000Z",
|
|
"modified": "2015-09-11T11:58:28.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'f31b23dee1e047e5b472bca54c06594c2cca5adcebd2290f35b60cb2ebb3ee26']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e4-fc64-4449-8296-435c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:28.000Z",
|
|
"modified": "2015-09-11T11:58:28.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'a764f76276e41ec49b388e8c7c53b602edcc29ff3ac8f8ab4b52913eb91934e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e4-9298-44ed-8ee2-4e39950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:28.000Z",
|
|
"modified": "2015-09-11T11:58:28.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'e58eb692d3933dfda630f659d447d7c8026eaf32d35478bd7056515706eb1481']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e5-763c-4aef-95bc-413a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:29.000Z",
|
|
"modified": "2015-09-11T11:58:29.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'b50544ad3341fbee60338f45bd4043450238a301e022c1010115a2003a970a23']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e5-7f10-47f7-9a1c-4af2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:29.000Z",
|
|
"modified": "2015-09-11T11:58:29.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '09f24435e47be74f90d032c78a84fa37f06ce9452a6d3a75c263ae012a7ae626']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e5-8630-42db-a803-4f49950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:29.000Z",
|
|
"modified": "2015-09-11T11:58:29.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '83e7aaf52e5f567349eee880b0626e61e97dc12b8db9966faf55a9921bac61da']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e6-532c-4c17-bc3b-42fa950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:30.000Z",
|
|
"modified": "2015-09-11T11:58:30.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'acc340d986e720441ec5112746d3f94b248b44fe5d4c1da0fb866a3013384ad2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e6-0c98-41bc-9c4d-4e28950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:30.000Z",
|
|
"modified": "2015-09-11T11:58:30.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '1181e9bb8fbcf1ebad8b6a7f157b6cc71e9c996c3601baecc3a2f25ba27032ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e6-1a6c-4873-9b8a-4ec9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:30.000Z",
|
|
"modified": "2015-09-11T11:58:30.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '89968a9c846aad54cd78d7bfe704f0ab71f75d54b982540f594afdaa9100f4fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e7-8ac0-4be1-be05-4740950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:31.000Z",
|
|
"modified": "2015-09-11T11:58:31.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '88feda3120381216bc96a09e4b6e43e89d5776b5ca3b2d820710be0678f19867']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e7-3ff4-489a-ae7a-45e5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:31.000Z",
|
|
"modified": "2015-09-11T11:58:31.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'f37dc918d8064671edcb28c12397c576d3b66b6da21e1670a1a9428f03fb8478']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e7-40dc-47a9-a53a-4297950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:31.000Z",
|
|
"modified": "2015-09-11T11:58:31.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '3a8ddb7b456332301d02222df48070f62e1e39a48e74f39ca8633028599ae250']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e8-a0bc-46ca-b96f-49ad950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:32.000Z",
|
|
"modified": "2015-09-11T11:58:32.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7b8a3efef6c4847697331badcdb0b306ceaa013233ce1c7ee8de8ae933c2d89d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e8-a10c-4060-9feb-449b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:32.000Z",
|
|
"modified": "2015-09-11T11:58:32.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'ca63a159d58cb7b9bff57646b0e5bc9a61c51f4e08304d9d73c87c876f77b7f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e8-e930-4e46-bde5-4dd1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:32.000Z",
|
|
"modified": "2015-09-11T11:58:32.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '76d97074410251347a9398a90e42e02866c30ba71303fe9cccf236ea229172a4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e9-1720-471c-a651-49d4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:33.000Z",
|
|
"modified": "2015-09-11T11:58:33.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c76a817bcae00ec0ca86624b2e62458fec07a5682d92eb59568639fa0586bb1e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e9-00f4-4da4-b8f0-427f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:33.000Z",
|
|
"modified": "2015-09-11T11:58:33.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'bdb89defb03055e962c6627e8baa0ffd83dda81a1b239bc48e751c2ea5aa2b29']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1e9-32d8-4676-af96-4d02950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:33.000Z",
|
|
"modified": "2015-09-11T11:58:33.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '81c8ef33d1e6ebfaad55e20b1e715007aa310b6aa55903e427225648efbbb779']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1ea-47bc-4a73-9b59-4a6a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:34.000Z",
|
|
"modified": "2015-09-11T11:58:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '85894b6181535efe15ec5ff7575cee8975aa86ec611d94fb7709b54e5ccfc9f2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1ea-c9e0-4e2c-9e56-4657950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:34.000Z",
|
|
"modified": "2015-09-11T11:58:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'ed25e3d5c13f409242ded579c45f9c4bb4416c204e1ee16cf63f744cf2ccd62c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1ea-f5f0-458e-b2a7-4781950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:34.000Z",
|
|
"modified": "2015-09-11T11:58:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'a34f37c19785b029bf690d53b89f910586660fb94abd8587bfe110c3db6856bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1eb-ee8c-44ff-8a65-447d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:35.000Z",
|
|
"modified": "2015-09-11T11:58:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '20299a5fc850ec4cd1aceb7cf1987609c05fa08d59dd5ae79e15bc048c46685e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1eb-d7fc-42cf-b627-4d5f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:35.000Z",
|
|
"modified": "2015-09-11T11:58:35.000Z",
|
|
"pattern": "[domain-name:value = 'meitanjiaoyiwang.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1eb-4bd0-4326-9d70-4ac6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:35.000Z",
|
|
"modified": "2015-09-11T11:58:35.000Z",
|
|
"pattern": "[domain-name:value = 'yourbroiler.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1ec-54f4-49e4-bed9-40bf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:36.000Z",
|
|
"modified": "2015-09-11T11:58:36.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.126.67.114']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1ec-d720-4c35-a064-4939950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:36.000Z",
|
|
"modified": "2015-09-11T11:58:36.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.68.105.174']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1ec-f3ac-4baa-9ebc-4635950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:36.000Z",
|
|
"modified": "2015-09-11T11:58:36.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.126.121.202']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2c1ed-2a64-498f-afe4-4a50950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T11:58:37.000Z",
|
|
"modified": "2015-09-11T11:58:37.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.254.223.24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T11:58:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55f2c304-3a54-4d01-9599-42a7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:03:16.000Z",
|
|
"modified": "2015-09-11T12:03:16.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Attribution\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_comment": "Registrant",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "596552@qq.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb8c-6458-4f32-9bf8-4806950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:40.000Z",
|
|
"modified": "2015-09-11T12:39:40.000Z",
|
|
"description": "- Xchecked via VT: 20299a5fc850ec4cd1aceb7cf1987609c05fa08d59dd5ae79e15bc048c46685e",
|
|
"pattern": "[file:hashes.SHA1 = 'c33f96b2eac368da305b6af4ddd63c9c0ab9689d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb8c-1534-460d-8206-4d64950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:40.000Z",
|
|
"modified": "2015-09-11T12:39:40.000Z",
|
|
"description": "- Xchecked via VT: 20299a5fc850ec4cd1aceb7cf1987609c05fa08d59dd5ae79e15bc048c46685e",
|
|
"pattern": "[file:hashes.MD5 = '3e388d7ef040caa24472c5de07b3683c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb8d-5188-421e-9617-4765950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:41.000Z",
|
|
"modified": "2015-09-11T12:39:41.000Z",
|
|
"first_observed": "2015-09-11T12:39:41Z",
|
|
"last_observed": "2015-09-11T12:39:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb8d-5188-421e-9617-4765950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb8d-5188-421e-9617-4765950d210b",
|
|
"value": "https://www.virustotal.com/file/20299a5fc850ec4cd1aceb7cf1987609c05fa08d59dd5ae79e15bc048c46685e/analysis/1441745767/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb8d-c72c-4e11-bd43-4515950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:41.000Z",
|
|
"modified": "2015-09-11T12:39:41.000Z",
|
|
"description": "- Xchecked via VT: a34f37c19785b029bf690d53b89f910586660fb94abd8587bfe110c3db6856bc",
|
|
"pattern": "[file:hashes.SHA1 = '49efe8e5535c14e579403da7a822d6f195c97512']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb8d-2874-46de-8ef9-4497950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:41.000Z",
|
|
"modified": "2015-09-11T12:39:41.000Z",
|
|
"description": "- Xchecked via VT: a34f37c19785b029bf690d53b89f910586660fb94abd8587bfe110c3db6856bc",
|
|
"pattern": "[file:hashes.MD5 = '98a19013c3a81f23a471622707b4ee34']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb8e-5040-4417-9454-4a4d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:42.000Z",
|
|
"modified": "2015-09-11T12:39:42.000Z",
|
|
"first_observed": "2015-09-11T12:39:42Z",
|
|
"last_observed": "2015-09-11T12:39:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb8e-5040-4417-9454-4a4d950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb8e-5040-4417-9454-4a4d950d210b",
|
|
"value": "https://www.virustotal.com/file/a34f37c19785b029bf690d53b89f910586660fb94abd8587bfe110c3db6856bc/analysis/1441745766/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb8e-66c0-4eb5-9de8-456c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:42.000Z",
|
|
"modified": "2015-09-11T12:39:42.000Z",
|
|
"description": "- Xchecked via VT: ed25e3d5c13f409242ded579c45f9c4bb4416c204e1ee16cf63f744cf2ccd62c",
|
|
"pattern": "[file:hashes.SHA1 = 'd0487864788b3166dd888d84a1323506fd7ae215']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb8e-226c-46ba-8cb5-4996950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:42.000Z",
|
|
"modified": "2015-09-11T12:39:42.000Z",
|
|
"description": "- Xchecked via VT: ed25e3d5c13f409242ded579c45f9c4bb4416c204e1ee16cf63f744cf2ccd62c",
|
|
"pattern": "[file:hashes.MD5 = '70cd00b4cd62b04617b2d432148915f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb8f-ff8c-411c-bca2-4b64950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:43.000Z",
|
|
"modified": "2015-09-11T12:39:43.000Z",
|
|
"first_observed": "2015-09-11T12:39:43Z",
|
|
"last_observed": "2015-09-11T12:39:43Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb8f-ff8c-411c-bca2-4b64950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb8f-ff8c-411c-bca2-4b64950d210b",
|
|
"value": "https://www.virustotal.com/file/ed25e3d5c13f409242ded579c45f9c4bb4416c204e1ee16cf63f744cf2ccd62c/analysis/1441745766/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb8f-e11c-46b5-9a63-4c8b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:43.000Z",
|
|
"modified": "2015-09-11T12:39:43.000Z",
|
|
"description": "- Xchecked via VT: 85894b6181535efe15ec5ff7575cee8975aa86ec611d94fb7709b54e5ccfc9f2",
|
|
"pattern": "[file:hashes.SHA1 = '793831ba3b1523e49719469fa53abb3bb8dc23be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb8f-d6e4-48c0-b7a1-4760950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:43.000Z",
|
|
"modified": "2015-09-11T12:39:43.000Z",
|
|
"description": "- Xchecked via VT: 85894b6181535efe15ec5ff7575cee8975aa86ec611d94fb7709b54e5ccfc9f2",
|
|
"pattern": "[file:hashes.MD5 = 'f7d1494f186298d3ccc1f095b1860c0c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb90-defc-4e49-b5a6-491f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:44.000Z",
|
|
"modified": "2015-09-11T12:39:44.000Z",
|
|
"first_observed": "2015-09-11T12:39:44Z",
|
|
"last_observed": "2015-09-11T12:39:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb90-defc-4e49-b5a6-491f950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb90-defc-4e49-b5a6-491f950d210b",
|
|
"value": "https://www.virustotal.com/file/85894b6181535efe15ec5ff7575cee8975aa86ec611d94fb7709b54e5ccfc9f2/analysis/1441745766/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb90-8444-41cf-a3f5-4a47950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:44.000Z",
|
|
"modified": "2015-09-11T12:39:44.000Z",
|
|
"description": "- Xchecked via VT: 81c8ef33d1e6ebfaad55e20b1e715007aa310b6aa55903e427225648efbbb779",
|
|
"pattern": "[file:hashes.SHA1 = '4ab280faeb513aa5d9a6d5922189e40f1cc871be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb90-35dc-44e5-b6c7-4f75950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:44.000Z",
|
|
"modified": "2015-09-11T12:39:44.000Z",
|
|
"description": "- Xchecked via VT: 81c8ef33d1e6ebfaad55e20b1e715007aa310b6aa55903e427225648efbbb779",
|
|
"pattern": "[file:hashes.MD5 = '79749a61623fd4064b7a6c50853a6b2d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb91-9e18-4a11-b9e1-42ce950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:45.000Z",
|
|
"modified": "2015-09-11T12:39:45.000Z",
|
|
"first_observed": "2015-09-11T12:39:45Z",
|
|
"last_observed": "2015-09-11T12:39:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb91-9e18-4a11-b9e1-42ce950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb91-9e18-4a11-b9e1-42ce950d210b",
|
|
"value": "https://www.virustotal.com/file/81c8ef33d1e6ebfaad55e20b1e715007aa310b6aa55903e427225648efbbb779/analysis/1441745766/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb91-8fe0-4bec-a0db-489d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:45.000Z",
|
|
"modified": "2015-09-11T12:39:45.000Z",
|
|
"description": "- Xchecked via VT: c76a817bcae00ec0ca86624b2e62458fec07a5682d92eb59568639fa0586bb1e",
|
|
"pattern": "[file:hashes.SHA1 = '0e5d9b937676f9984252dc5d6d0931fe95f78822']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb91-b5d0-48a0-b118-4ab5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:45.000Z",
|
|
"modified": "2015-09-11T12:39:45.000Z",
|
|
"description": "- Xchecked via VT: c76a817bcae00ec0ca86624b2e62458fec07a5682d92eb59568639fa0586bb1e",
|
|
"pattern": "[file:hashes.MD5 = '34b9454ae640abf2cdb8363ddf4a59a9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb92-0350-4e8a-80b6-4193950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:46.000Z",
|
|
"modified": "2015-09-11T12:39:46.000Z",
|
|
"first_observed": "2015-09-11T12:39:46Z",
|
|
"last_observed": "2015-09-11T12:39:46Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb92-0350-4e8a-80b6-4193950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb92-0350-4e8a-80b6-4193950d210b",
|
|
"value": "https://www.virustotal.com/file/c76a817bcae00ec0ca86624b2e62458fec07a5682d92eb59568639fa0586bb1e/analysis/1399011533/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb92-6678-4cfe-badb-4b6e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:46.000Z",
|
|
"modified": "2015-09-11T12:39:46.000Z",
|
|
"description": "- Xchecked via VT: ca63a159d58cb7b9bff57646b0e5bc9a61c51f4e08304d9d73c87c876f77b7f5",
|
|
"pattern": "[file:hashes.SHA1 = '829fadfd0ab02a8e9500940d6d0c537b8f0d0b68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb92-9008-44d2-a353-49d8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:46.000Z",
|
|
"modified": "2015-09-11T12:39:46.000Z",
|
|
"description": "- Xchecked via VT: ca63a159d58cb7b9bff57646b0e5bc9a61c51f4e08304d9d73c87c876f77b7f5",
|
|
"pattern": "[file:hashes.MD5 = '53ba03ff7c4a2f9ec6e0d2c561ca1d13']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb93-81cc-4b20-bd9a-4694950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:47.000Z",
|
|
"modified": "2015-09-11T12:39:47.000Z",
|
|
"first_observed": "2015-09-11T12:39:47Z",
|
|
"last_observed": "2015-09-11T12:39:47Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb93-81cc-4b20-bd9a-4694950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb93-81cc-4b20-bd9a-4694950d210b",
|
|
"value": "https://www.virustotal.com/file/ca63a159d58cb7b9bff57646b0e5bc9a61c51f4e08304d9d73c87c876f77b7f5/analysis/1404080170/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb93-b448-421a-b92f-4f9e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:47.000Z",
|
|
"modified": "2015-09-11T12:39:47.000Z",
|
|
"description": "- Xchecked via VT: 7b8a3efef6c4847697331badcdb0b306ceaa013233ce1c7ee8de8ae933c2d89d",
|
|
"pattern": "[file:hashes.SHA1 = '68c34f874a076bdfb1bfe36f13800ee6dd7c63d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb93-2538-40c5-b282-4247950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:47.000Z",
|
|
"modified": "2015-09-11T12:39:47.000Z",
|
|
"description": "- Xchecked via VT: 7b8a3efef6c4847697331badcdb0b306ceaa013233ce1c7ee8de8ae933c2d89d",
|
|
"pattern": "[file:hashes.MD5 = 'a31f8bf5e5d7595bf22efe472566d046']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb94-926c-45e1-ae7a-4f05950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:48.000Z",
|
|
"modified": "2015-09-11T12:39:48.000Z",
|
|
"first_observed": "2015-09-11T12:39:48Z",
|
|
"last_observed": "2015-09-11T12:39:48Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb94-926c-45e1-ae7a-4f05950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb94-926c-45e1-ae7a-4f05950d210b",
|
|
"value": "https://www.virustotal.com/file/7b8a3efef6c4847697331badcdb0b306ceaa013233ce1c7ee8de8ae933c2d89d/analysis/1403050295/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb94-0bec-4f95-ae68-43f0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:48.000Z",
|
|
"modified": "2015-09-11T12:39:48.000Z",
|
|
"description": "- Xchecked via VT: 3a8ddb7b456332301d02222df48070f62e1e39a48e74f39ca8633028599ae250",
|
|
"pattern": "[file:hashes.SHA1 = 'fb811a0037f7f88425eabd6a7c5a19af7cc3f97d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb94-b9d4-4941-8961-46e9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:48.000Z",
|
|
"modified": "2015-09-11T12:39:48.000Z",
|
|
"description": "- Xchecked via VT: 3a8ddb7b456332301d02222df48070f62e1e39a48e74f39ca8633028599ae250",
|
|
"pattern": "[file:hashes.MD5 = '646197cfcffcd50cfb9c5088d1e0ee1f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb95-b8d4-4d4f-8aac-4889950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:49.000Z",
|
|
"modified": "2015-09-11T12:39:49.000Z",
|
|
"first_observed": "2015-09-11T12:39:49Z",
|
|
"last_observed": "2015-09-11T12:39:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb95-b8d4-4d4f-8aac-4889950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb95-b8d4-4d4f-8aac-4889950d210b",
|
|
"value": "https://www.virustotal.com/file/3a8ddb7b456332301d02222df48070f62e1e39a48e74f39ca8633028599ae250/analysis/1441745765/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb95-73b0-4e73-870e-4b09950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:49.000Z",
|
|
"modified": "2015-09-11T12:39:49.000Z",
|
|
"description": "- Xchecked via VT: f37dc918d8064671edcb28c12397c576d3b66b6da21e1670a1a9428f03fb8478",
|
|
"pattern": "[file:hashes.SHA1 = 'a6cbaff158ee756fee82de482f50546ff6c640e5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb95-91b4-47b3-a954-4871950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:49.000Z",
|
|
"modified": "2015-09-11T12:39:49.000Z",
|
|
"description": "- Xchecked via VT: f37dc918d8064671edcb28c12397c576d3b66b6da21e1670a1a9428f03fb8478",
|
|
"pattern": "[file:hashes.MD5 = '1b31084a2768e900e11a911aa5d15c94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb96-db10-4643-a4b7-4be6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:50.000Z",
|
|
"modified": "2015-09-11T12:39:50.000Z",
|
|
"first_observed": "2015-09-11T12:39:50Z",
|
|
"last_observed": "2015-09-11T12:39:50Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb96-db10-4643-a4b7-4be6950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb96-db10-4643-a4b7-4be6950d210b",
|
|
"value": "https://www.virustotal.com/file/f37dc918d8064671edcb28c12397c576d3b66b6da21e1670a1a9428f03fb8478/analysis/1441745764/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb96-6a30-4990-9151-47b1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:50.000Z",
|
|
"modified": "2015-09-11T12:39:50.000Z",
|
|
"description": "- Xchecked via VT: 88feda3120381216bc96a09e4b6e43e89d5776b5ca3b2d820710be0678f19867",
|
|
"pattern": "[file:hashes.SHA1 = '5d0d751d247a52057ed33fd3fe10827daa4a1ffc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb96-ec64-4d9b-ab06-42bc950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:50.000Z",
|
|
"modified": "2015-09-11T12:39:50.000Z",
|
|
"description": "- Xchecked via VT: 88feda3120381216bc96a09e4b6e43e89d5776b5ca3b2d820710be0678f19867",
|
|
"pattern": "[file:hashes.MD5 = 'df1281bd69655ce102e7b54082784d27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb97-c880-4978-95a2-4a33950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:51.000Z",
|
|
"modified": "2015-09-11T12:39:51.000Z",
|
|
"first_observed": "2015-09-11T12:39:51Z",
|
|
"last_observed": "2015-09-11T12:39:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb97-c880-4978-95a2-4a33950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb97-c880-4978-95a2-4a33950d210b",
|
|
"value": "https://www.virustotal.com/file/88feda3120381216bc96a09e4b6e43e89d5776b5ca3b2d820710be0678f19867/analysis/1441745764/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb97-e464-4b1d-964b-44b3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:51.000Z",
|
|
"modified": "2015-09-11T12:39:51.000Z",
|
|
"description": "- Xchecked via VT: 1181e9bb8fbcf1ebad8b6a7f157b6cc71e9c996c3601baecc3a2f25ba27032ee",
|
|
"pattern": "[file:hashes.SHA1 = 'c1f639b1f8a674f4ec198a849608b16ba3215cff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb97-bb44-4b8d-8df4-446e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:51.000Z",
|
|
"modified": "2015-09-11T12:39:51.000Z",
|
|
"description": "- Xchecked via VT: 1181e9bb8fbcf1ebad8b6a7f157b6cc71e9c996c3601baecc3a2f25ba27032ee",
|
|
"pattern": "[file:hashes.MD5 = '0d432936f02d91a8f6af1916684e14c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb98-5bec-4f23-84d0-4dfa950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:52.000Z",
|
|
"modified": "2015-09-11T12:39:52.000Z",
|
|
"first_observed": "2015-09-11T12:39:52Z",
|
|
"last_observed": "2015-09-11T12:39:52Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb98-5bec-4f23-84d0-4dfa950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb98-5bec-4f23-84d0-4dfa950d210b",
|
|
"value": "https://www.virustotal.com/file/1181e9bb8fbcf1ebad8b6a7f157b6cc71e9c996c3601baecc3a2f25ba27032ee/analysis/1403793015/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb98-ddf8-4688-b944-4588950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:52.000Z",
|
|
"modified": "2015-09-11T12:39:52.000Z",
|
|
"description": "- Xchecked via VT: 83e7aaf52e5f567349eee880b0626e61e97dc12b8db9966faf55a9921bac61da",
|
|
"pattern": "[file:hashes.SHA1 = 'b5215bb06c0507224d160e8baf70835ede8cdfd0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb98-95f0-4765-b9ad-4520950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:52.000Z",
|
|
"modified": "2015-09-11T12:39:52.000Z",
|
|
"description": "- Xchecked via VT: 83e7aaf52e5f567349eee880b0626e61e97dc12b8db9966faf55a9921bac61da",
|
|
"pattern": "[file:hashes.MD5 = 'fb130740b15fe0b438a7d76841518ea6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb99-b624-48b8-9c94-4002950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:53.000Z",
|
|
"modified": "2015-09-11T12:39:53.000Z",
|
|
"first_observed": "2015-09-11T12:39:53Z",
|
|
"last_observed": "2015-09-11T12:39:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb99-b624-48b8-9c94-4002950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb99-b624-48b8-9c94-4002950d210b",
|
|
"value": "https://www.virustotal.com/file/83e7aaf52e5f567349eee880b0626e61e97dc12b8db9966faf55a9921bac61da/analysis/1441745763/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb99-d560-4fe7-b73c-4d7e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:53.000Z",
|
|
"modified": "2015-09-11T12:39:53.000Z",
|
|
"description": "- Xchecked via VT: 09f24435e47be74f90d032c78a84fa37f06ce9452a6d3a75c263ae012a7ae626",
|
|
"pattern": "[file:hashes.SHA1 = 'd8bf2cd05e8ef65e3eb0efc5ad3b306716f367e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb99-bdf4-4f12-ae4d-4d64950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:53.000Z",
|
|
"modified": "2015-09-11T12:39:53.000Z",
|
|
"description": "- Xchecked via VT: 09f24435e47be74f90d032c78a84fa37f06ce9452a6d3a75c263ae012a7ae626",
|
|
"pattern": "[file:hashes.MD5 = '8ce7a0e80258304cee788def095d1f25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb9a-0680-41b6-b5b6-4fb6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:54.000Z",
|
|
"modified": "2015-09-11T12:39:54.000Z",
|
|
"first_observed": "2015-09-11T12:39:54Z",
|
|
"last_observed": "2015-09-11T12:39:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb9a-0680-41b6-b5b6-4fb6950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb9a-0680-41b6-b5b6-4fb6950d210b",
|
|
"value": "https://www.virustotal.com/file/09f24435e47be74f90d032c78a84fa37f06ce9452a6d3a75c263ae012a7ae626/analysis/1441745763/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb9a-4adc-4a00-9799-4eb4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:54.000Z",
|
|
"modified": "2015-09-11T12:39:54.000Z",
|
|
"description": "- Xchecked via VT: b50544ad3341fbee60338f45bd4043450238a301e022c1010115a2003a970a23",
|
|
"pattern": "[file:hashes.SHA1 = '8312ac7bf9bb244d59e4ef855e8e03dc1bbba41c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb9a-588c-4288-bc9f-4ba7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:54.000Z",
|
|
"modified": "2015-09-11T12:39:54.000Z",
|
|
"description": "- Xchecked via VT: b50544ad3341fbee60338f45bd4043450238a301e022c1010115a2003a970a23",
|
|
"pattern": "[file:hashes.MD5 = '14fbb9a8e453d3b9a4f650124d0c46d9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb9b-23f0-4b6c-b1c4-4edb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:55.000Z",
|
|
"modified": "2015-09-11T12:39:55.000Z",
|
|
"first_observed": "2015-09-11T12:39:55Z",
|
|
"last_observed": "2015-09-11T12:39:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb9b-23f0-4b6c-b1c4-4edb950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb9b-23f0-4b6c-b1c4-4edb950d210b",
|
|
"value": "https://www.virustotal.com/file/b50544ad3341fbee60338f45bd4043450238a301e022c1010115a2003a970a23/analysis/1441745763/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb9b-7ad8-4998-aa88-45f2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:55.000Z",
|
|
"modified": "2015-09-11T12:39:55.000Z",
|
|
"description": "- Xchecked via VT: e58eb692d3933dfda630f659d447d7c8026eaf32d35478bd7056515706eb1481",
|
|
"pattern": "[file:hashes.SHA1 = '1359d1de9f444fd789d54de54f2592761ff56d7d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb9b-2fe4-47a3-a360-47c5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:55.000Z",
|
|
"modified": "2015-09-11T12:39:55.000Z",
|
|
"description": "- Xchecked via VT: e58eb692d3933dfda630f659d447d7c8026eaf32d35478bd7056515706eb1481",
|
|
"pattern": "[file:hashes.MD5 = '13937e6855feef48712fdfbebf5a311d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb9c-62a4-4acb-8ecf-4011950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:56.000Z",
|
|
"modified": "2015-09-11T12:39:56.000Z",
|
|
"first_observed": "2015-09-11T12:39:56Z",
|
|
"last_observed": "2015-09-11T12:39:56Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb9c-62a4-4acb-8ecf-4011950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb9c-62a4-4acb-8ecf-4011950d210b",
|
|
"value": "https://www.virustotal.com/file/e58eb692d3933dfda630f659d447d7c8026eaf32d35478bd7056515706eb1481/analysis/1431932390/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb9c-5a88-4930-9d2f-46a3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:56.000Z",
|
|
"modified": "2015-09-11T12:39:56.000Z",
|
|
"description": "- Xchecked via VT: a764f76276e41ec49b388e8c7c53b602edcc29ff3ac8f8ab4b52913eb91934e3",
|
|
"pattern": "[file:hashes.SHA1 = '2a856aa453ba5aa9b162952320e66aa22bdd6842']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb9c-f8c4-461f-bce6-4f27950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:56.000Z",
|
|
"modified": "2015-09-11T12:39:56.000Z",
|
|
"description": "- Xchecked via VT: a764f76276e41ec49b388e8c7c53b602edcc29ff3ac8f8ab4b52913eb91934e3",
|
|
"pattern": "[file:hashes.MD5 = '374043aa9c41b526af3e96cf2e5cd584']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb9d-05ac-40e6-94ab-4b9b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:57.000Z",
|
|
"modified": "2015-09-11T12:39:57.000Z",
|
|
"first_observed": "2015-09-11T12:39:57Z",
|
|
"last_observed": "2015-09-11T12:39:57Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb9d-05ac-40e6-94ab-4b9b950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb9d-05ac-40e6-94ab-4b9b950d210b",
|
|
"value": "https://www.virustotal.com/file/a764f76276e41ec49b388e8c7c53b602edcc29ff3ac8f8ab4b52913eb91934e3/analysis/1409017159/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb9d-1fd4-400b-8712-4a20950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:57.000Z",
|
|
"modified": "2015-09-11T12:39:57.000Z",
|
|
"description": "- Xchecked via VT: f31b23dee1e047e5b472bca54c06594c2cca5adcebd2290f35b60cb2ebb3ee26",
|
|
"pattern": "[file:hashes.SHA1 = '3e661061a1e8f5c451b8434c287d01128edde065']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb9d-fdd0-4c51-95f8-4f3d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:57.000Z",
|
|
"modified": "2015-09-11T12:39:57.000Z",
|
|
"description": "- Xchecked via VT: f31b23dee1e047e5b472bca54c06594c2cca5adcebd2290f35b60cb2ebb3ee26",
|
|
"pattern": "[file:hashes.MD5 = '9495a794888d586a7e61e5ae91fe3e72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb9e-3a3c-486b-9add-4141950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:58.000Z",
|
|
"modified": "2015-09-11T12:39:58.000Z",
|
|
"first_observed": "2015-09-11T12:39:58Z",
|
|
"last_observed": "2015-09-11T12:39:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb9e-3a3c-486b-9add-4141950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb9e-3a3c-486b-9add-4141950d210b",
|
|
"value": "https://www.virustotal.com/file/f31b23dee1e047e5b472bca54c06594c2cca5adcebd2290f35b60cb2ebb3ee26/analysis/1441745762/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb9e-f3fc-4e2a-925f-4130950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:58.000Z",
|
|
"modified": "2015-09-11T12:39:58.000Z",
|
|
"description": "- Xchecked via VT: 34dabb10ea595c773ae4f8c13b7d7fdb41927bc7052ef76204735bbffeda1c47",
|
|
"pattern": "[file:hashes.SHA1 = '55e15a306736114c25816526d9c372a7041eadee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb9e-dad0-4172-bcf5-4d8b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:58.000Z",
|
|
"modified": "2015-09-11T12:39:58.000Z",
|
|
"description": "- Xchecked via VT: 34dabb10ea595c773ae4f8c13b7d7fdb41927bc7052ef76204735bbffeda1c47",
|
|
"pattern": "[file:hashes.MD5 = 'bbf30659a020f6e63f6b82946794996f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cb9f-0f04-45c6-ac19-409a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:59.000Z",
|
|
"modified": "2015-09-11T12:39:59.000Z",
|
|
"first_observed": "2015-09-11T12:39:59Z",
|
|
"last_observed": "2015-09-11T12:39:59Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cb9f-0f04-45c6-ac19-409a950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cb9f-0f04-45c6-ac19-409a950d210b",
|
|
"value": "https://www.virustotal.com/file/34dabb10ea595c773ae4f8c13b7d7fdb41927bc7052ef76204735bbffeda1c47/analysis/1441745762/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb9f-d594-40d3-b738-4824950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:59.000Z",
|
|
"modified": "2015-09-11T12:39:59.000Z",
|
|
"description": "- Xchecked via VT: 96c301bfa09338740575c4758d558b12e338654b16fc4b9d2badb9610358bf63",
|
|
"pattern": "[file:hashes.SHA1 = 'e08ad2511bfbf39a114f93c6c9feae48b772cb7d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cb9f-00c0-4146-ba27-42e0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:39:59.000Z",
|
|
"modified": "2015-09-11T12:39:59.000Z",
|
|
"description": "- Xchecked via VT: 96c301bfa09338740575c4758d558b12e338654b16fc4b9d2badb9610358bf63",
|
|
"pattern": "[file:hashes.MD5 = '9cf90837519b9d1cbb593ea059e3e470']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:39:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cba0-cd58-42d0-9f41-4dc5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:00.000Z",
|
|
"modified": "2015-09-11T12:40:00.000Z",
|
|
"first_observed": "2015-09-11T12:40:00Z",
|
|
"last_observed": "2015-09-11T12:40:00Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cba0-cd58-42d0-9f41-4dc5950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cba0-cd58-42d0-9f41-4dc5950d210b",
|
|
"value": "https://www.virustotal.com/file/96c301bfa09338740575c4758d558b12e338654b16fc4b9d2badb9610358bf63/analysis/1428599998/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba0-5470-48a3-b46b-44c9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:00.000Z",
|
|
"modified": "2015-09-11T12:40:00.000Z",
|
|
"description": "- Xchecked via VT: bba343d4043ea3d170f4027546fad7f991b7ebce9e923dc42e16d88b570ff167",
|
|
"pattern": "[file:hashes.SHA1 = '37fda5cc6db7752599ecab1e2d478702d064fb65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba0-73b0-4f7c-a0f6-4314950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:00.000Z",
|
|
"modified": "2015-09-11T12:40:00.000Z",
|
|
"description": "- Xchecked via VT: bba343d4043ea3d170f4027546fad7f991b7ebce9e923dc42e16d88b570ff167",
|
|
"pattern": "[file:hashes.MD5 = '1cf3ccb8ab7ccb82fa81dbd72eded359']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cba1-b538-4b0c-a519-48e3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:01.000Z",
|
|
"modified": "2015-09-11T12:40:01.000Z",
|
|
"first_observed": "2015-09-11T12:40:01Z",
|
|
"last_observed": "2015-09-11T12:40:01Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cba1-b538-4b0c-a519-48e3950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cba1-b538-4b0c-a519-48e3950d210b",
|
|
"value": "https://www.virustotal.com/file/bba343d4043ea3d170f4027546fad7f991b7ebce9e923dc42e16d88b570ff167/analysis/1424375993/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba1-827c-4a41-abcf-4225950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:01.000Z",
|
|
"modified": "2015-09-11T12:40:01.000Z",
|
|
"description": "- Xchecked via VT: c608bb6f3723aad1608963e661c8fb80ace93f02f7d52f61a1355e9512676d62",
|
|
"pattern": "[file:hashes.SHA1 = '02ee23c6136d30ccd481673ee9e06b0eddbaec70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba1-ced4-48d0-9c82-4e13950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:01.000Z",
|
|
"modified": "2015-09-11T12:40:01.000Z",
|
|
"description": "- Xchecked via VT: c608bb6f3723aad1608963e661c8fb80ace93f02f7d52f61a1355e9512676d62",
|
|
"pattern": "[file:hashes.MD5 = '65f8065f6bf43335b1badac40bf48cb5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cba2-ee24-4016-904b-460c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:02.000Z",
|
|
"modified": "2015-09-11T12:40:02.000Z",
|
|
"first_observed": "2015-09-11T12:40:02Z",
|
|
"last_observed": "2015-09-11T12:40:02Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cba2-ee24-4016-904b-460c950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cba2-ee24-4016-904b-460c950d210b",
|
|
"value": "https://www.virustotal.com/file/c608bb6f3723aad1608963e661c8fb80ace93f02f7d52f61a1355e9512676d62/analysis/1418412483/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba2-9ad4-412c-8220-4287950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:02.000Z",
|
|
"modified": "2015-09-11T12:40:02.000Z",
|
|
"description": "- Xchecked via VT: 6adced734d5498bbcc9fc111ce43bd7fd8db098106eaa3cfc025de7ba6dc02a7",
|
|
"pattern": "[file:hashes.SHA1 = '1e408c5a87f73171b1be29e1315be03548034d89']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba2-4784-4664-8dc3-42f0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:02.000Z",
|
|
"modified": "2015-09-11T12:40:02.000Z",
|
|
"description": "- Xchecked via VT: 6adced734d5498bbcc9fc111ce43bd7fd8db098106eaa3cfc025de7ba6dc02a7",
|
|
"pattern": "[file:hashes.MD5 = 'b757cfd1ceb6c6710d410e9813be5b12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cba3-2460-4139-94cf-470c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:03.000Z",
|
|
"modified": "2015-09-11T12:40:03.000Z",
|
|
"first_observed": "2015-09-11T12:40:03Z",
|
|
"last_observed": "2015-09-11T12:40:03Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cba3-2460-4139-94cf-470c950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cba3-2460-4139-94cf-470c950d210b",
|
|
"value": "https://www.virustotal.com/file/6adced734d5498bbcc9fc111ce43bd7fd8db098106eaa3cfc025de7ba6dc02a7/analysis/1441745761/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba3-cac8-4f1d-ade7-4cfc950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:03.000Z",
|
|
"modified": "2015-09-11T12:40:03.000Z",
|
|
"description": "- Xchecked via VT: a95933553fca054e08bd213b7f364b084ef19936a425d7260e08a8e7fdfd2ce6",
|
|
"pattern": "[file:hashes.SHA1 = 'e06a4332f02ea242767bd2e315a1505efdcc5f34']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba3-48e4-40cc-a205-44b0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:03.000Z",
|
|
"modified": "2015-09-11T12:40:03.000Z",
|
|
"description": "- Xchecked via VT: a95933553fca054e08bd213b7f364b084ef19936a425d7260e08a8e7fdfd2ce6",
|
|
"pattern": "[file:hashes.MD5 = '457c69159e9d9bb2379f26099285a248']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cba4-59c8-4490-9f42-41a9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:04.000Z",
|
|
"modified": "2015-09-11T12:40:04.000Z",
|
|
"first_observed": "2015-09-11T12:40:04Z",
|
|
"last_observed": "2015-09-11T12:40:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cba4-59c8-4490-9f42-41a9950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cba4-59c8-4490-9f42-41a9950d210b",
|
|
"value": "https://www.virustotal.com/file/a95933553fca054e08bd213b7f364b084ef19936a425d7260e08a8e7fdfd2ce6/analysis/1441745761/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba4-a7ec-481e-93f6-4a9b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:04.000Z",
|
|
"modified": "2015-09-11T12:40:04.000Z",
|
|
"description": "- Xchecked via VT: 8a2a5f155707109bc0a6f179f1a749b216504b373c765c8193a7dd958b17be7c",
|
|
"pattern": "[file:hashes.SHA1 = '9fbf2d0a10fdf88400d2c1b54db9116edf89e90e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba4-3a44-4b3f-bd52-4378950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:04.000Z",
|
|
"modified": "2015-09-11T12:40:04.000Z",
|
|
"description": "- Xchecked via VT: 8a2a5f155707109bc0a6f179f1a749b216504b373c765c8193a7dd958b17be7c",
|
|
"pattern": "[file:hashes.MD5 = '57f7d23020b5c368ccb14272a542d64c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cba5-ebc4-45f6-8d4b-4ee2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:05.000Z",
|
|
"modified": "2015-09-11T12:40:05.000Z",
|
|
"first_observed": "2015-09-11T12:40:05Z",
|
|
"last_observed": "2015-09-11T12:40:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cba5-ebc4-45f6-8d4b-4ee2950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cba5-ebc4-45f6-8d4b-4ee2950d210b",
|
|
"value": "https://www.virustotal.com/file/8a2a5f155707109bc0a6f179f1a749b216504b373c765c8193a7dd958b17be7c/analysis/1422517829/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba5-6c0c-4c9a-889f-4772950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:05.000Z",
|
|
"modified": "2015-09-11T12:40:05.000Z",
|
|
"description": "- Xchecked via VT: 07cf20da1ef235ee98c25495bf9b845754f21ed105d5211001885fd2eea3210f",
|
|
"pattern": "[file:hashes.SHA1 = '667e37c287856ddbf82dea8cbe622d99cc1471a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba5-c5b8-4197-8b6c-4869950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:05.000Z",
|
|
"modified": "2015-09-11T12:40:05.000Z",
|
|
"description": "- Xchecked via VT: 07cf20da1ef235ee98c25495bf9b845754f21ed105d5211001885fd2eea3210f",
|
|
"pattern": "[file:hashes.MD5 = '152c519cc4523a0f0755e142272e009f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cba6-cb98-4c68-a9ea-474c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:06.000Z",
|
|
"modified": "2015-09-11T12:40:06.000Z",
|
|
"first_observed": "2015-09-11T12:40:06Z",
|
|
"last_observed": "2015-09-11T12:40:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cba6-cb98-4c68-a9ea-474c950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cba6-cb98-4c68-a9ea-474c950d210b",
|
|
"value": "https://www.virustotal.com/file/07cf20da1ef235ee98c25495bf9b845754f21ed105d5211001885fd2eea3210f/analysis/1421315493/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba6-594c-430a-86e8-4eba950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:06.000Z",
|
|
"modified": "2015-09-11T12:40:06.000Z",
|
|
"description": "- Xchecked via VT: e737e2253f016ab65b521d4f4e7b2a06741fa2541c52f0994edfc1763a053910",
|
|
"pattern": "[file:hashes.SHA1 = '12197400e6444acd0ba59066afeb8334930de551']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba6-6988-4aec-9509-4b3d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:06.000Z",
|
|
"modified": "2015-09-11T12:40:06.000Z",
|
|
"description": "- Xchecked via VT: e737e2253f016ab65b521d4f4e7b2a06741fa2541c52f0994edfc1763a053910",
|
|
"pattern": "[file:hashes.MD5 = 'b026d51fce1eaf6d82cf4fde2b1ab0b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cba7-6ff8-4a55-a717-4d3d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:07.000Z",
|
|
"modified": "2015-09-11T12:40:07.000Z",
|
|
"first_observed": "2015-09-11T12:40:07Z",
|
|
"last_observed": "2015-09-11T12:40:07Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cba7-6ff8-4a55-a717-4d3d950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cba7-6ff8-4a55-a717-4d3d950d210b",
|
|
"value": "https://www.virustotal.com/file/e737e2253f016ab65b521d4f4e7b2a06741fa2541c52f0994edfc1763a053910/analysis/1441745760/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba7-a108-4c45-81cd-4e8c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:07.000Z",
|
|
"modified": "2015-09-11T12:40:07.000Z",
|
|
"description": "- Xchecked via VT: 4b7133e45f368cc0b6728830bc9e1219ff318eb384caf5ecbb54e12e6e6c1925",
|
|
"pattern": "[file:hashes.SHA1 = '770e6d19c321fca6a50703a2e299509741a9c931']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba7-af94-4a7c-b00b-49ac950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:07.000Z",
|
|
"modified": "2015-09-11T12:40:07.000Z",
|
|
"description": "- Xchecked via VT: 4b7133e45f368cc0b6728830bc9e1219ff318eb384caf5ecbb54e12e6e6c1925",
|
|
"pattern": "[file:hashes.MD5 = '87430593a2653a28196df1d5c76e5ee1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cba8-6a18-4a77-be5b-47ac950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:08.000Z",
|
|
"modified": "2015-09-11T12:40:08.000Z",
|
|
"first_observed": "2015-09-11T12:40:08Z",
|
|
"last_observed": "2015-09-11T12:40:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cba8-6a18-4a77-be5b-47ac950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cba8-6a18-4a77-be5b-47ac950d210b",
|
|
"value": "https://www.virustotal.com/file/4b7133e45f368cc0b6728830bc9e1219ff318eb384caf5ecbb54e12e6e6c1925/analysis/1441745760/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba8-fa58-4856-a190-4393950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:08.000Z",
|
|
"modified": "2015-09-11T12:40:08.000Z",
|
|
"description": "- Xchecked via VT: da297e8bf799032e0a52c4535997abf30202f33ce9d4162139129463c386efcc",
|
|
"pattern": "[file:hashes.SHA1 = '763460238e1c6e1b6a2d67b1007a8d0220633768']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba8-3350-4108-bcae-44bf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:08.000Z",
|
|
"modified": "2015-09-11T12:40:08.000Z",
|
|
"description": "- Xchecked via VT: da297e8bf799032e0a52c4535997abf30202f33ce9d4162139129463c386efcc",
|
|
"pattern": "[file:hashes.MD5 = '808a075dc8fe276399eb882cf8f7939c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cba9-a4b8-4236-9d03-45df950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:09.000Z",
|
|
"modified": "2015-09-11T12:40:09.000Z",
|
|
"first_observed": "2015-09-11T12:40:09Z",
|
|
"last_observed": "2015-09-11T12:40:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cba9-a4b8-4236-9d03-45df950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cba9-a4b8-4236-9d03-45df950d210b",
|
|
"value": "https://www.virustotal.com/file/da297e8bf799032e0a52c4535997abf30202f33ce9d4162139129463c386efcc/analysis/1430390486/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba9-7eec-40d3-8b84-47ab950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:09.000Z",
|
|
"modified": "2015-09-11T12:40:09.000Z",
|
|
"description": "- Xchecked via VT: 20236c7a6c0c29664976ab943118477583545ed8461b14933b2d49cee10dd051",
|
|
"pattern": "[file:hashes.SHA1 = '14d439f366ee33ca371f70d6800b5984acd447ec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cba9-dad0-481f-8de5-47de950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:09.000Z",
|
|
"modified": "2015-09-11T12:40:09.000Z",
|
|
"description": "- Xchecked via VT: 20236c7a6c0c29664976ab943118477583545ed8461b14933b2d49cee10dd051",
|
|
"pattern": "[file:hashes.MD5 = '08e1d43ef2e12a2ccb24a030a18c65df']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbaa-49cc-4da7-bbde-4687950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:10.000Z",
|
|
"modified": "2015-09-11T12:40:10.000Z",
|
|
"first_observed": "2015-09-11T12:40:10Z",
|
|
"last_observed": "2015-09-11T12:40:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbaa-49cc-4da7-bbde-4687950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbaa-49cc-4da7-bbde-4687950d210b",
|
|
"value": "https://www.virustotal.com/file/20236c7a6c0c29664976ab943118477583545ed8461b14933b2d49cee10dd051/analysis/1433967526/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbaa-d970-4e20-a3ae-4f84950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:10.000Z",
|
|
"modified": "2015-09-11T12:40:10.000Z",
|
|
"description": "- Xchecked via VT: e1290e92c5caff9631f4ebe53df27293b71df19b6b5435323332658ebaa9c6b6",
|
|
"pattern": "[file:hashes.SHA1 = 'fd060ccfb2924c97cefbae65153c12e9c60342fb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbaa-0f4c-44d6-b539-468d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:10.000Z",
|
|
"modified": "2015-09-11T12:40:10.000Z",
|
|
"description": "- Xchecked via VT: e1290e92c5caff9631f4ebe53df27293b71df19b6b5435323332658ebaa9c6b6",
|
|
"pattern": "[file:hashes.MD5 = '8d97ae70499a45789028c9b262dd59f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbab-6350-4a01-8bd7-41c2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:11.000Z",
|
|
"modified": "2015-09-11T12:40:11.000Z",
|
|
"first_observed": "2015-09-11T12:40:11Z",
|
|
"last_observed": "2015-09-11T12:40:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbab-6350-4a01-8bd7-41c2950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbab-6350-4a01-8bd7-41c2950d210b",
|
|
"value": "https://www.virustotal.com/file/e1290e92c5caff9631f4ebe53df27293b71df19b6b5435323332658ebaa9c6b6/analysis/1429931667/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbab-aa64-46d5-b80e-4aed950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:11.000Z",
|
|
"modified": "2015-09-11T12:40:11.000Z",
|
|
"description": "- Xchecked via VT: c256ca3514d23818cab28b61d1df52a513d1f2beda8c5e81c3336de762f9f3f4",
|
|
"pattern": "[file:hashes.SHA1 = 'e25c68cf7645f4c58634bbde54ca115bc64383a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbab-d89c-4f0b-a26c-4a70950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:11.000Z",
|
|
"modified": "2015-09-11T12:40:11.000Z",
|
|
"description": "- Xchecked via VT: c256ca3514d23818cab28b61d1df52a513d1f2beda8c5e81c3336de762f9f3f4",
|
|
"pattern": "[file:hashes.MD5 = '2249e50933b44fd10bacece68c3cccf5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbac-e890-466e-8694-4f62950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:12.000Z",
|
|
"modified": "2015-09-11T12:40:12.000Z",
|
|
"first_observed": "2015-09-11T12:40:12Z",
|
|
"last_observed": "2015-09-11T12:40:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbac-e890-466e-8694-4f62950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbac-e890-466e-8694-4f62950d210b",
|
|
"value": "https://www.virustotal.com/file/c256ca3514d23818cab28b61d1df52a513d1f2beda8c5e81c3336de762f9f3f4/analysis/1434479806/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbac-6e78-4033-be44-41de950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:12.000Z",
|
|
"modified": "2015-09-11T12:40:12.000Z",
|
|
"description": "- Xchecked via VT: 022ca8187bfb1f347a0e547417a8088a5cc0e38fd9aa51b464154fbcf4aa149c",
|
|
"pattern": "[file:hashes.SHA1 = 'ffafddb8bcd5d2f9a30f346ab8e7a37455f95a3c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbac-3200-49ec-b784-4876950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:12.000Z",
|
|
"modified": "2015-09-11T12:40:12.000Z",
|
|
"description": "- Xchecked via VT: 022ca8187bfb1f347a0e547417a8088a5cc0e38fd9aa51b464154fbcf4aa149c",
|
|
"pattern": "[file:hashes.MD5 = '0e742ea755a582e06c091dde1fecb164']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbad-5858-45ab-8e9a-410f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:13.000Z",
|
|
"modified": "2015-09-11T12:40:13.000Z",
|
|
"first_observed": "2015-09-11T12:40:13Z",
|
|
"last_observed": "2015-09-11T12:40:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbad-5858-45ab-8e9a-410f950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbad-5858-45ab-8e9a-410f950d210b",
|
|
"value": "https://www.virustotal.com/file/022ca8187bfb1f347a0e547417a8088a5cc0e38fd9aa51b464154fbcf4aa149c/analysis/1433400666/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbad-4e10-47fc-bfbd-49d4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:13.000Z",
|
|
"modified": "2015-09-11T12:40:13.000Z",
|
|
"description": "- Xchecked via VT: 66b1260565e2243bba1436f43e986ff741bd391305114d7bef891273e03abd72",
|
|
"pattern": "[file:hashes.SHA1 = '8280151da1e789194754350b59a5128e6b5fd543']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbad-85a4-4aa6-93d2-43a2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:13.000Z",
|
|
"modified": "2015-09-11T12:40:13.000Z",
|
|
"description": "- Xchecked via VT: 66b1260565e2243bba1436f43e986ff741bd391305114d7bef891273e03abd72",
|
|
"pattern": "[file:hashes.MD5 = '8d2f5456d0f64a2c58b29649084dfc02']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbae-bef8-413c-94b0-4212950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:14.000Z",
|
|
"modified": "2015-09-11T12:40:14.000Z",
|
|
"first_observed": "2015-09-11T12:40:14Z",
|
|
"last_observed": "2015-09-11T12:40:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbae-bef8-413c-94b0-4212950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbae-bef8-413c-94b0-4212950d210b",
|
|
"value": "https://www.virustotal.com/file/66b1260565e2243bba1436f43e986ff741bd391305114d7bef891273e03abd72/analysis/1441745759/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbae-48d8-40e5-9609-414d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:14.000Z",
|
|
"modified": "2015-09-11T12:40:14.000Z",
|
|
"description": "- Xchecked via VT: 4306af9aa2b585dd07c4b114bc7e292f7f9ab06732ae7a9e7f4831b88127c85a",
|
|
"pattern": "[file:hashes.SHA1 = 'f4009050e0988ec2b984e19023118d74a71bcbb1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbae-b800-4acf-8fd8-4ab2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:14.000Z",
|
|
"modified": "2015-09-11T12:40:14.000Z",
|
|
"description": "- Xchecked via VT: 4306af9aa2b585dd07c4b114bc7e292f7f9ab06732ae7a9e7f4831b88127c85a",
|
|
"pattern": "[file:hashes.MD5 = 'e3ffee36e5f1bf06d9798c6464892f76']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbaf-aedc-4204-a861-4b58950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:15.000Z",
|
|
"modified": "2015-09-11T12:40:15.000Z",
|
|
"first_observed": "2015-09-11T12:40:15Z",
|
|
"last_observed": "2015-09-11T12:40:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbaf-aedc-4204-a861-4b58950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbaf-aedc-4204-a861-4b58950d210b",
|
|
"value": "https://www.virustotal.com/file/4306af9aa2b585dd07c4b114bc7e292f7f9ab06732ae7a9e7f4831b88127c85a/analysis/1438179033/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbaf-00b8-4cc4-ba5c-433c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:15.000Z",
|
|
"modified": "2015-09-11T12:40:15.000Z",
|
|
"description": "- Xchecked via VT: a7afee2227ff3ee64695235c7eed214ee1d18c2b6e287616118b5f38fd6720dc",
|
|
"pattern": "[file:hashes.SHA1 = '8291ec4631a5d05a3b5dfc84c7b84b959ac3cfa1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbaf-dd40-475b-a023-42be950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:15.000Z",
|
|
"modified": "2015-09-11T12:40:15.000Z",
|
|
"description": "- Xchecked via VT: a7afee2227ff3ee64695235c7eed214ee1d18c2b6e287616118b5f38fd6720dc",
|
|
"pattern": "[file:hashes.MD5 = '069345a3631c8920c5ebb3afeecd0561']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbb0-3e64-43a8-b10c-4a6d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:16.000Z",
|
|
"modified": "2015-09-11T12:40:16.000Z",
|
|
"first_observed": "2015-09-11T12:40:16Z",
|
|
"last_observed": "2015-09-11T12:40:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbb0-3e64-43a8-b10c-4a6d950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbb0-3e64-43a8-b10c-4a6d950d210b",
|
|
"value": "https://www.virustotal.com/file/a7afee2227ff3ee64695235c7eed214ee1d18c2b6e287616118b5f38fd6720dc/analysis/1440045370/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb0-5fac-4fca-bde1-4908950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:16.000Z",
|
|
"modified": "2015-09-11T12:40:16.000Z",
|
|
"description": "- Xchecked via VT: 55090a930b6c37f9ff215793e950a4ffb67f516fd0a14409b027f995d27da082",
|
|
"pattern": "[file:hashes.SHA1 = '8b96cc0a78ed99f962c96cc98d1ad488a140217a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb0-1304-4834-839b-4c88950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:16.000Z",
|
|
"modified": "2015-09-11T12:40:16.000Z",
|
|
"description": "- Xchecked via VT: 55090a930b6c37f9ff215793e950a4ffb67f516fd0a14409b027f995d27da082",
|
|
"pattern": "[file:hashes.MD5 = '3a528a57ef64074039ae35b4bf531225']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbb1-0a9c-4bfb-9f9f-471d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:17.000Z",
|
|
"modified": "2015-09-11T12:40:17.000Z",
|
|
"first_observed": "2015-09-11T12:40:17Z",
|
|
"last_observed": "2015-09-11T12:40:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbb1-0a9c-4bfb-9f9f-471d950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbb1-0a9c-4bfb-9f9f-471d950d210b",
|
|
"value": "https://www.virustotal.com/file/55090a930b6c37f9ff215793e950a4ffb67f516fd0a14409b027f995d27da082/analysis/1434380613/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb1-b8e0-4729-8c75-4d68950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:17.000Z",
|
|
"modified": "2015-09-11T12:40:17.000Z",
|
|
"description": "- Xchecked via VT: e297929c583c6f84727c312b937c43550d71fe2bca4f4138d53441c7e269cfa4",
|
|
"pattern": "[file:hashes.SHA1 = '832a7930cf08f1ffcf10a11b0fc6c4f06f99d0e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb1-6f94-4acd-8364-44c6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:17.000Z",
|
|
"modified": "2015-09-11T12:40:17.000Z",
|
|
"description": "- Xchecked via VT: e297929c583c6f84727c312b937c43550d71fe2bca4f4138d53441c7e269cfa4",
|
|
"pattern": "[file:hashes.MD5 = '164ae3e11fd5405f90b8f560f356bc95']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbb2-a6d8-4137-a138-4728950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:18.000Z",
|
|
"modified": "2015-09-11T12:40:18.000Z",
|
|
"first_observed": "2015-09-11T12:40:18Z",
|
|
"last_observed": "2015-09-11T12:40:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbb2-a6d8-4137-a138-4728950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbb2-a6d8-4137-a138-4728950d210b",
|
|
"value": "https://www.virustotal.com/file/e297929c583c6f84727c312b937c43550d71fe2bca4f4138d53441c7e269cfa4/analysis/1441745759/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb2-a418-431a-8dfd-42c4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:18.000Z",
|
|
"modified": "2015-09-11T12:40:18.000Z",
|
|
"description": "- Xchecked via VT: 73ae929dde6826306046d8db744da6e5150f5c508298726b634d39c279192ad0",
|
|
"pattern": "[file:hashes.SHA1 = 'ba90abeff03d6186526e75a5204627688c4b37af']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb2-9934-40d6-ab8f-4dfb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:18.000Z",
|
|
"modified": "2015-09-11T12:40:18.000Z",
|
|
"description": "- Xchecked via VT: 73ae929dde6826306046d8db744da6e5150f5c508298726b634d39c279192ad0",
|
|
"pattern": "[file:hashes.MD5 = '2da0819c180214753481fee026a23cc1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbb3-cef0-4016-91d8-4018950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:19.000Z",
|
|
"modified": "2015-09-11T12:40:19.000Z",
|
|
"first_observed": "2015-09-11T12:40:19Z",
|
|
"last_observed": "2015-09-11T12:40:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbb3-cef0-4016-91d8-4018950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbb3-cef0-4016-91d8-4018950d210b",
|
|
"value": "https://www.virustotal.com/file/73ae929dde6826306046d8db744da6e5150f5c508298726b634d39c279192ad0/analysis/1434380825/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb3-d640-4bf1-a88c-46fb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:19.000Z",
|
|
"modified": "2015-09-11T12:40:19.000Z",
|
|
"description": "- Xchecked via VT: a0fdb977b712e669aae28723f1a4b90735a5af9e92937558c9da8f62614a1a17",
|
|
"pattern": "[file:hashes.SHA1 = '4858239b3b71396675d69a031eeb7e0caa349fd1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb3-8160-4967-90a1-46ad950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:19.000Z",
|
|
"modified": "2015-09-11T12:40:19.000Z",
|
|
"description": "- Xchecked via VT: a0fdb977b712e669aae28723f1a4b90735a5af9e92937558c9da8f62614a1a17",
|
|
"pattern": "[file:hashes.MD5 = 'e3e803ad7cafd622109546e9aea28647']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbb4-96b0-4a3e-abe1-4288950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:20.000Z",
|
|
"modified": "2015-09-11T12:40:20.000Z",
|
|
"first_observed": "2015-09-11T12:40:20Z",
|
|
"last_observed": "2015-09-11T12:40:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbb4-96b0-4a3e-abe1-4288950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbb4-96b0-4a3e-abe1-4288950d210b",
|
|
"value": "https://www.virustotal.com/file/a0fdb977b712e669aae28723f1a4b90735a5af9e92937558c9da8f62614a1a17/analysis/1434305490/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb4-1670-4ba8-84a4-4467950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:20.000Z",
|
|
"modified": "2015-09-11T12:40:20.000Z",
|
|
"description": "- Xchecked via VT: 61b77cada9c2a16daeb465e439cb3e38c857f1559455187469821893bf542666",
|
|
"pattern": "[file:hashes.SHA1 = '3688d3b4e2ce47ac6599e1b2723d042f20d22afd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb4-a030-4b6c-af81-4fed950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:20.000Z",
|
|
"modified": "2015-09-11T12:40:20.000Z",
|
|
"description": "- Xchecked via VT: 61b77cada9c2a16daeb465e439cb3e38c857f1559455187469821893bf542666",
|
|
"pattern": "[file:hashes.MD5 = 'df043bbc7a14316dbed4adabec83d1bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbb5-5214-46ec-a447-46be950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:21.000Z",
|
|
"modified": "2015-09-11T12:40:21.000Z",
|
|
"first_observed": "2015-09-11T12:40:21Z",
|
|
"last_observed": "2015-09-11T12:40:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbb5-5214-46ec-a447-46be950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbb5-5214-46ec-a447-46be950d210b",
|
|
"value": "https://www.virustotal.com/file/61b77cada9c2a16daeb465e439cb3e38c857f1559455187469821893bf542666/analysis/1434307057/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb5-8670-4e21-a6fd-4d63950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:21.000Z",
|
|
"modified": "2015-09-11T12:40:21.000Z",
|
|
"description": "- Xchecked via VT: 29726da0ebd8960cab09f91bb8fa37db27b1ca2a3897235c645d1896df10303b",
|
|
"pattern": "[file:hashes.SHA1 = 'bb4c5d00469a3a3a4e4d571fb2d425aa98ffcb71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb5-3e88-4960-8c41-4117950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:21.000Z",
|
|
"modified": "2015-09-11T12:40:21.000Z",
|
|
"description": "- Xchecked via VT: 29726da0ebd8960cab09f91bb8fa37db27b1ca2a3897235c645d1896df10303b",
|
|
"pattern": "[file:hashes.MD5 = 'b0c2a5a3cfef4e759979b7d0869b7612']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbb6-5b44-45ba-ac02-4b3e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:22.000Z",
|
|
"modified": "2015-09-11T12:40:22.000Z",
|
|
"first_observed": "2015-09-11T12:40:22Z",
|
|
"last_observed": "2015-09-11T12:40:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbb6-5b44-45ba-ac02-4b3e950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbb6-5b44-45ba-ac02-4b3e950d210b",
|
|
"value": "https://www.virustotal.com/file/29726da0ebd8960cab09f91bb8fa37db27b1ca2a3897235c645d1896df10303b/analysis/1440554886/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb6-f6d0-4601-896b-4ad1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:22.000Z",
|
|
"modified": "2015-09-11T12:40:22.000Z",
|
|
"description": "- Xchecked via VT: d36d80c5b9da830fd027cd219d9dabcedd73f5d2da5009b2661c4f0438773c3e",
|
|
"pattern": "[file:hashes.SHA1 = '3b88dd1a851ee9fbb7298692c1f32212af64afd5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb6-4868-47e4-833f-479c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:22.000Z",
|
|
"modified": "2015-09-11T12:40:22.000Z",
|
|
"description": "- Xchecked via VT: d36d80c5b9da830fd027cd219d9dabcedd73f5d2da5009b2661c4f0438773c3e",
|
|
"pattern": "[file:hashes.MD5 = '6ed086d8c4b7ec18c19939705906b39b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbb7-f284-4744-8278-4609950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:23.000Z",
|
|
"modified": "2015-09-11T12:40:23.000Z",
|
|
"first_observed": "2015-09-11T12:40:23Z",
|
|
"last_observed": "2015-09-11T12:40:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbb7-f284-4744-8278-4609950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbb7-f284-4744-8278-4609950d210b",
|
|
"value": "https://www.virustotal.com/file/d36d80c5b9da830fd027cd219d9dabcedd73f5d2da5009b2661c4f0438773c3e/analysis/1441745758/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb7-0784-4365-ab32-4645950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:23.000Z",
|
|
"modified": "2015-09-11T12:40:23.000Z",
|
|
"description": "- Xchecked via VT: 4babcaf4694fb8207ea3774f6c2339a28c0ce5913fb9ac396a8e50efa75e10cd",
|
|
"pattern": "[file:hashes.SHA1 = 'e8996a7a739671e2e61bfde8641713cf652910a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb7-254c-4ee3-b749-48e0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:23.000Z",
|
|
"modified": "2015-09-11T12:40:23.000Z",
|
|
"description": "- Xchecked via VT: 4babcaf4694fb8207ea3774f6c2339a28c0ce5913fb9ac396a8e50efa75e10cd",
|
|
"pattern": "[file:hashes.MD5 = 'e5f7642e90b3f8393c44be418b2bff0a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbb8-ca24-4b40-accd-4ace950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:24.000Z",
|
|
"modified": "2015-09-11T12:40:24.000Z",
|
|
"first_observed": "2015-09-11T12:40:24Z",
|
|
"last_observed": "2015-09-11T12:40:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbb8-ca24-4b40-accd-4ace950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbb8-ca24-4b40-accd-4ace950d210b",
|
|
"value": "https://www.virustotal.com/file/4babcaf4694fb8207ea3774f6c2339a28c0ce5913fb9ac396a8e50efa75e10cd/analysis/1441886584/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb8-1b88-4d04-aec7-4895950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:24.000Z",
|
|
"modified": "2015-09-11T12:40:24.000Z",
|
|
"description": "- Xchecked via VT: e60c25ee1404433e3f78e50f5edea11f186211148ce8e5abb22c1f01b76d96f3",
|
|
"pattern": "[file:hashes.SHA1 = '9e518f8562a78606aa134eef9b47db34f32d2d38']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb8-b2b4-4c6f-b8e2-41e5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:24.000Z",
|
|
"modified": "2015-09-11T12:40:24.000Z",
|
|
"description": "- Xchecked via VT: e60c25ee1404433e3f78e50f5edea11f186211148ce8e5abb22c1f01b76d96f3",
|
|
"pattern": "[file:hashes.MD5 = 'e7cc4492f5bc3f5f4adab0a5dc89c56d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbb9-e0dc-4b5e-a03b-4f9b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:25.000Z",
|
|
"modified": "2015-09-11T12:40:25.000Z",
|
|
"first_observed": "2015-09-11T12:40:25Z",
|
|
"last_observed": "2015-09-11T12:40:25Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbb9-e0dc-4b5e-a03b-4f9b950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbb9-e0dc-4b5e-a03b-4f9b950d210b",
|
|
"value": "https://www.virustotal.com/file/e60c25ee1404433e3f78e50f5edea11f186211148ce8e5abb22c1f01b76d96f3/analysis/1441745757/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb9-a464-4a2a-b675-46a7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:25.000Z",
|
|
"modified": "2015-09-11T12:40:25.000Z",
|
|
"description": "- Xchecked via VT: f5c868d9ac4d18c9c88e181af9370769bf52928d04874d8c3142badf83f664e3",
|
|
"pattern": "[file:hashes.SHA1 = 'e8f560397b6f08fe172b6de0af1291a6a8922e8a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbb9-17ec-4241-91c1-434e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:25.000Z",
|
|
"modified": "2015-09-11T12:40:25.000Z",
|
|
"description": "- Xchecked via VT: f5c868d9ac4d18c9c88e181af9370769bf52928d04874d8c3142badf83f664e3",
|
|
"pattern": "[file:hashes.MD5 = '7226cc2fb137467fa585dad286acd32f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbba-2c08-43fc-980a-4899950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:26.000Z",
|
|
"modified": "2015-09-11T12:40:26.000Z",
|
|
"first_observed": "2015-09-11T12:40:26Z",
|
|
"last_observed": "2015-09-11T12:40:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbba-2c08-43fc-980a-4899950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbba-2c08-43fc-980a-4899950d210b",
|
|
"value": "https://www.virustotal.com/file/f5c868d9ac4d18c9c88e181af9370769bf52928d04874d8c3142badf83f664e3/analysis/1441745757/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbba-76b8-4f39-bd0f-4f31950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:26.000Z",
|
|
"modified": "2015-09-11T12:40:26.000Z",
|
|
"description": "- Xchecked via VT: f08f26a7026ba249d021ca21f097405a536771f38d94081731c0f7960177408b",
|
|
"pattern": "[file:hashes.SHA1 = '056e2e738753f199acfe4bce0d0fb434af70146a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbba-fab0-484a-9b38-43d1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:26.000Z",
|
|
"modified": "2015-09-11T12:40:26.000Z",
|
|
"description": "- Xchecked via VT: f08f26a7026ba249d021ca21f097405a536771f38d94081731c0f7960177408b",
|
|
"pattern": "[file:hashes.MD5 = 'cbf59aefef20148fae6ffbb3ff3c97e4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbbb-5f68-440e-b4bd-4172950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:27.000Z",
|
|
"modified": "2015-09-11T12:40:27.000Z",
|
|
"first_observed": "2015-09-11T12:40:27Z",
|
|
"last_observed": "2015-09-11T12:40:27Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbbb-5f68-440e-b4bd-4172950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbbb-5f68-440e-b4bd-4172950d210b",
|
|
"value": "https://www.virustotal.com/file/f08f26a7026ba249d021ca21f097405a536771f38d94081731c0f7960177408b/analysis/1441745757/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbbb-1004-4e06-bbf5-400c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:27.000Z",
|
|
"modified": "2015-09-11T12:40:27.000Z",
|
|
"description": "- Xchecked via VT: 50f08f0b23fe1123b298cb5158c1ad5a8244ce272ea463a1e4858d12719b337f",
|
|
"pattern": "[file:hashes.SHA1 = 'db33168804367921e032c5e042735e9addbdb3cd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55f2cbbb-b9b0-44ae-b060-4c02950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:27.000Z",
|
|
"modified": "2015-09-11T12:40:27.000Z",
|
|
"description": "- Xchecked via VT: 50f08f0b23fe1123b298cb5158c1ad5a8244ce272ea463a1e4858d12719b337f",
|
|
"pattern": "[file:hashes.MD5 = '2c0cfc673fb905988ecd285079d0c04e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-11T12:40:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55f2cbbc-8da4-4b81-9346-4f8c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-11T12:40:28.000Z",
|
|
"modified": "2015-09-11T12:40:28.000Z",
|
|
"first_observed": "2015-09-11T12:40:28Z",
|
|
"last_observed": "2015-09-11T12:40:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55f2cbbc-8da4-4b81-9346-4f8c950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55f2cbbc-8da4-4b81-9346-4f8c950d210b",
|
|
"value": "https://www.virustotal.com/file/50f08f0b23fe1123b298cb5158c1ad5a8244ce272ea463a1e4858d12719b337f/analysis/1441745757/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c6aabb-9eb4-44bd-8edd-599c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T05:40:11.000Z",
|
|
"modified": "2016-02-19T05:40:11.000Z",
|
|
"description": "Automatically added (via 9b823f0d60e348707fbbc1da8b37b3c9cd5ea1f43277ba8069e302ff05fee531)",
|
|
"pattern": "[file:hashes.MD5 = '5a5b8b5f973ece3d4491f9f7c27068bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T05:40:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c6aabf-fed8-4784-8980-599f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T05:40:15.000Z",
|
|
"modified": "2016-02-19T05:40:15.000Z",
|
|
"description": "Automatically added (via d467504e8b8608b4fae334c426e8ac02f762993064bf1db20bb6090b42648648)",
|
|
"pattern": "[file:hashes.MD5 = 'c37c66da4c35937a07ea12652fcc75cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T05:40:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c6aac2-4184-4c77-9d59-499b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T05:40:18.000Z",
|
|
"modified": "2016-02-19T05:40:18.000Z",
|
|
"description": "Automatically added (via e58085656708d9759856325afb6cd67ec0ff7a126e27907efa2e91ef9a0ff474)",
|
|
"pattern": "[file:hashes.MD5 = '9bfa1de1c5b90f800501b8776fe444e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T05:40:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c6aac6-8c70-462f-80eb-c652950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T05:40:22.000Z",
|
|
"modified": "2016-02-19T05:40:22.000Z",
|
|
"description": "Automatically added (via 89968a9c846aad54cd78d7bfe704f0ab71f75d54b982540f594afdaa9100f4fc)",
|
|
"pattern": "[file:hashes.MD5 = '4e02d790d46ce8d1b724eae8907e7e12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T05:40:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c6aabc-7c00-4efb-a9ee-5f51950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T05:40:12.000Z",
|
|
"modified": "2016-02-19T05:40:12.000Z",
|
|
"description": "Automatically added (via 9b823f0d60e348707fbbc1da8b37b3c9cd5ea1f43277ba8069e302ff05fee531)",
|
|
"pattern": "[file:hashes.SHA1 = '2aeafec375db6c294f77556cde13063db178484f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T05:40:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c6aac0-d3d8-4f4a-bdab-c651950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T05:40:16.000Z",
|
|
"modified": "2016-02-19T05:40:16.000Z",
|
|
"description": "Automatically added (via d467504e8b8608b4fae334c426e8ac02f762993064bf1db20bb6090b42648648)",
|
|
"pattern": "[file:hashes.SHA1 = '7a35f5a330b669d0ac38ae7f571b4f2fa012b651']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T05:40:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c6aac3-a30c-4544-ae00-422e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T05:40:19.000Z",
|
|
"modified": "2016-02-19T05:40:19.000Z",
|
|
"description": "Automatically added (via e58085656708d9759856325afb6cd67ec0ff7a126e27907efa2e91ef9a0ff474)",
|
|
"pattern": "[file:hashes.SHA1 = '73d5e38cbf86c74f1d4bfe066f39f0d8daf2f932']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T05:40:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c6aac7-3034-4b2d-ba1f-599f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T05:40:23.000Z",
|
|
"modified": "2016-02-19T05:40:23.000Z",
|
|
"description": "Automatically added (via 89968a9c846aad54cd78d7bfe704f0ab71f75d54b982540f594afdaa9100f4fc)",
|
|
"pattern": "[file:hashes.SHA1 = '0e3b7fac73d40700b1b98e1233d56739a9326f18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T05:40:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |