adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/55fc725a-6828-4ffe-a197-4e6f950d210b.json

4299 lines
No EOL
186 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--55fc725a-6828-4ffe-a197-4e6f950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:47:35.000Z",
"modified": "2015-09-21T11:47:35.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--55fc725a-6828-4ffe-a197-4e6f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:47:35.000Z",
"modified": "2015-09-21T11:47:35.000Z",
"name": "OSINT In Pursuit of Optical Fibers and Troop Intel: Targeted Attack Distributes PlugX in Russia by ProofPoint",
"published": "2015-09-21T11:48:07Z",
"object_refs": [
"observed-data--55fc726e-9464-4fef-88b6-53e7950d210b",
"url--55fc726e-9464-4fef-88b6-53e7950d210b",
"indicator--55ffd4cb-fc90-4a9e-b5ef-d385950d210b",
"indicator--55ffd4cc-3f14-47c9-a918-d385950d210b",
"indicator--55ffd4cc-d6b0-4eb2-b4ef-d385950d210b",
"indicator--55ffd4cc-9988-4b94-a123-d385950d210b",
"indicator--55ffd4cd-1834-406c-af56-d385950d210b",
"indicator--55ffd4cd-94ec-4156-a850-d385950d210b",
"indicator--55ffd4cd-b4c0-433b-9638-d385950d210b",
"indicator--55ffd4f2-001c-4e90-ab45-d52c950d210b",
"indicator--55ffd511-4178-4679-ad74-d987950d210b",
"indicator--55ffd512-5484-47d5-a31c-d987950d210b",
"observed-data--55ffd512-8a6c-4d41-b629-d987950d210b",
"url--55ffd512-8a6c-4d41-b629-d987950d210b",
"x-misp-attribute--55ffd523-3214-4945-b6ad-d385950d210b",
"x-misp-attribute--55ffd539-1c08-4fd0-aaa5-d99a950d210b",
"indicator--55ffd55e-e4f4-4c5a-8759-da8a950d210b",
"indicator--55ffd566-cd84-42d3-b442-c40e950d210b",
"indicator--55ffd566-6844-4203-8b0e-c40e950d210b",
"observed-data--55ffd567-f040-4091-9220-c40e950d210b",
"url--55ffd567-f040-4091-9220-c40e950d210b",
"x-misp-attribute--55ffd579-a434-408b-bb08-d52d950d210b",
"vulnerability--55ffd5af-bc14-420a-8294-dbb7950d210b",
"indicator--55ffd5d9-12fc-4469-af47-d982950d210b",
"indicator--55ffd5d9-8cf0-4f8f-a1fb-d982950d210b",
"indicator--55ffd5da-2190-4520-a195-d982950d210b",
"indicator--55ffd5da-8d70-405a-a9c5-d982950d210b",
"indicator--55ffd5da-484c-423e-a786-d982950d210b",
"indicator--55ffd5db-8c38-42fe-a6a1-d982950d210b",
"indicator--55ffe9a5-85a0-47d1-b643-dda5950d210b",
"indicator--55ffe9d3-9438-4035-a88b-dd91950d210b",
"indicator--55ffe9d4-4da8-49a5-bc46-dd91950d210b",
"indicator--55ffe9d4-4290-4cd2-a95a-dd91950d210b",
"indicator--55ffe9d4-2d14-44ba-9237-dd91950d210b",
"indicator--55ffe9d5-d850-4285-aa0b-dd91950d210b",
"indicator--55ffe9d5-18f0-4742-9c0c-dd91950d210b",
"indicator--55ffe9f2-79a4-462b-b154-47a3950d210b",
"indicator--55ffea17-23e4-48b1-b2b2-dda5950d210b",
"indicator--55ffea29-2d70-400e-962c-4ab2950d210b",
"indicator--55ffea2a-160c-4b6c-b529-4559950d210b",
"observed-data--55ffea2a-36f8-45cf-92ab-41bf950d210b",
"url--55ffea2a-36f8-45cf-92ab-41bf950d210b",
"indicator--55ffea52-d6cc-4494-8f90-4306950d210b",
"indicator--55ffea58-6428-40a8-b685-4968950d210b",
"indicator--55ffea58-6bd4-4fbe-acd9-4c34950d210b",
"observed-data--55ffea59-c74c-4bf4-91b4-4b8d950d210b",
"url--55ffea59-c74c-4bf4-91b4-4b8d950d210b",
"indicator--55ffea8b-4958-4b46-be3a-4027950d210b",
"indicator--55ffeaa1-1a5c-41f9-bb8f-411b950d210b",
"indicator--55ffeaa1-7a14-4d73-b24d-44c2950d210b",
"observed-data--55ffeaa1-e924-49fd-b661-4dd3950d210b",
"url--55ffeaa1-e924-49fd-b661-4dd3950d210b",
"indicator--55ffeaf9-80c0-46f2-a983-4b9a950d210b",
"indicator--55ffeb01-c380-47f8-ac57-4fc2950d210b",
"indicator--55ffeb02-1510-475d-97de-44ef950d210b",
"observed-data--55ffeb02-6108-4e38-a2cb-4fcb950d210b",
"url--55ffeb02-6108-4e38-a2cb-4fcb950d210b",
"indicator--55ffeb32-5540-402c-b090-43fe950d210b",
"indicator--55ffeb33-ff04-4174-b2aa-4992950d210b",
"indicator--55ffeb33-8710-43d1-ac5e-409f950d210b",
"indicator--55ffeb34-aa34-4f44-85ee-461c950d210b",
"indicator--55ffebfc-214c-4652-b0d4-4eae950d210b",
"indicator--55ffebfc-673c-4c84-a87f-4c1f950d210b",
"indicator--55ffebfd-e950-4f6d-aa6b-4914950d210b",
"indicator--55ffebfd-5fc0-40fa-99cf-4461950d210b",
"indicator--55ffebfd-9ba4-48dc-9575-41d7950d210b",
"indicator--55ffebfe-cfb0-412a-8320-40a0950d210b",
"indicator--55ffebfe-a898-45bd-8417-48eb950d210b",
"indicator--55ffebfe-4934-445d-88cb-4075950d210b",
"indicator--55ffebff-8ee0-4bd4-9254-4bd3950d210b",
"indicator--55ffebff-210c-488c-b836-45e3950d210b",
"indicator--55ffec1a-d9ac-4ce4-a821-460b950d210b",
"indicator--55ffec1a-488c-4dcb-969c-4c79950d210b",
"indicator--55ffec1a-ce00-41fc-a36c-4720950d210b",
"indicator--55ffec1b-d354-47d8-b4b9-4a51950d210b",
"indicator--55ffec1b-b0ac-479d-a81d-4ef2950d210b",
"indicator--55ffec1b-4d18-4aae-a4c9-497d950d210b",
"indicator--55ffec1c-7750-4193-a8e5-44cd950d210b",
"indicator--55ffec1c-a2fc-4a85-bdca-46f6950d210b",
"indicator--55ffec1c-b18c-44e4-88b4-48bf950d210b",
"indicator--55ffec1d-d0cc-4810-ba82-46ef950d210b",
"indicator--55ffec1d-89c8-4201-bb2d-42f2950d210b",
"indicator--55ffec1e-2400-4e97-96d2-4bc5950d210b",
"indicator--55ffec1e-c7d8-41ea-ba5b-4d45950d210b",
"indicator--55ffec42-fe60-4b7f-b440-472b950d210b",
"indicator--55ffec42-bb34-42b7-aa17-4b69950d210b",
"observed-data--55ffec43-d5b4-4ec9-8060-432d950d210b",
"url--55ffec43-d5b4-4ec9-8060-432d950d210b",
"indicator--55ffec43-2094-4492-b9a6-4c23950d210b",
"indicator--55ffec43-97dc-43ff-885d-40c2950d210b",
"observed-data--55ffec44-5194-4117-9182-433d950d210b",
"url--55ffec44-5194-4117-9182-433d950d210b",
"indicator--55ffec44-5bb4-4cb3-b728-423b950d210b",
"indicator--55ffec44-3824-446d-a783-4d76950d210b",
"observed-data--55ffec45-4de4-4625-b3de-4f7d950d210b",
"url--55ffec45-4de4-4625-b3de-4f7d950d210b",
"indicator--55ffec45-761c-45c9-a8ca-4c6c950d210b",
"indicator--55ffec45-c7d4-45a7-a1cf-4597950d210b",
"observed-data--55ffec46-89f0-4b69-ba24-42ee950d210b",
"url--55ffec46-89f0-4b69-ba24-42ee950d210b",
"indicator--55ffec46-2d84-4b5c-9467-477f950d210b",
"indicator--55ffec46-4004-4b7f-a438-40bd950d210b",
"observed-data--55ffec47-4bc0-4aa3-8266-481c950d210b",
"url--55ffec47-4bc0-4aa3-8266-481c950d210b",
"indicator--55ffec47-1c10-4377-a944-4589950d210b",
"indicator--55ffec47-d0d8-4631-8960-41bd950d210b",
"observed-data--55ffec48-07b4-4c45-8bb1-49b3950d210b",
"url--55ffec48-07b4-4c45-8bb1-49b3950d210b",
"indicator--55ffec48-6b5c-441e-8c48-404e950d210b",
"indicator--55ffec48-2e74-4cdc-956d-4cdb950d210b",
"observed-data--55ffec49-50cc-47cd-af6c-4d7c950d210b",
"url--55ffec49-50cc-47cd-af6c-4d7c950d210b",
"indicator--55ffec49-f248-4310-85dc-4db1950d210b",
"indicator--55ffec49-08d0-4e34-8b2d-4bc8950d210b",
"observed-data--55ffec4a-53b0-4ea4-bf91-42e6950d210b",
"url--55ffec4a-53b0-4ea4-bf91-42e6950d210b",
"indicator--55ffec4a-b3c0-4e53-b5f6-4dad950d210b",
"indicator--55ffec4a-56ac-43ff-94f5-437d950d210b",
"observed-data--55ffec4b-1500-44e9-b7b7-45eb950d210b",
"url--55ffec4b-1500-44e9-b7b7-45eb950d210b",
"indicator--55ffec4b-d180-4f96-bedf-415d950d210b",
"indicator--55ffec4b-4738-4f2b-981b-4a43950d210b",
"observed-data--55ffec4c-ef90-442e-a61e-42b8950d210b",
"url--55ffec4c-ef90-442e-a61e-42b8950d210b",
"indicator--55ffec4c-ae00-496c-95b0-40c5950d210b",
"indicator--55ffec4d-bc58-4b44-99db-4a93950d210b",
"observed-data--55ffec4d-a5f8-40e1-a67f-4dac950d210b",
"url--55ffec4d-a5f8-40e1-a67f-4dac950d210b",
"indicator--55ffec4d-69a4-4e81-b1ad-4c17950d210b",
"indicator--55ffec4e-1180-4b32-9f6f-4649950d210b",
"observed-data--55ffec4e-9704-4410-9880-414f950d210b",
"url--55ffec4e-9704-4410-9880-414f950d210b",
"indicator--55ffec4e-517c-4809-81b1-4353950d210b",
"indicator--55ffec4f-8adc-42d9-a0d8-4178950d210b",
"observed-data--55ffec4f-7d4c-4222-a830-45c5950d210b",
"url--55ffec4f-7d4c-4222-a830-45c5950d210b",
"indicator--55ffec4f-932c-4ffb-bd4d-48db950d210b",
"indicator--55ffec50-89cc-4406-b2e6-4ecf950d210b",
"observed-data--55ffec50-7038-4ca8-bdcc-444d950d210b",
"url--55ffec50-7038-4ca8-bdcc-444d950d210b",
"indicator--55ffec50-b79c-4dec-a88c-44c3950d210b",
"indicator--55ffec51-084c-49be-a0f8-4ac4950d210b",
"observed-data--55ffec51-0928-4b60-bf72-4ba7950d210b",
"url--55ffec51-0928-4b60-bf72-4ba7950d210b",
"indicator--55ffec51-4630-4787-8aa8-420e950d210b",
"indicator--55ffec52-132c-4bed-9c64-449a950d210b",
"observed-data--55ffec52-6890-4de3-ab70-4209950d210b",
"url--55ffec52-6890-4de3-ab70-4209950d210b",
"indicator--55ffec52-0658-4d79-982f-4a2a950d210b",
"indicator--55ffec53-95e0-4aa2-b18e-41a7950d210b",
"observed-data--55ffec53-2e44-493c-9d7c-4ee9950d210b",
"url--55ffec53-2e44-493c-9d7c-4ee9950d210b",
"indicator--55ffec53-defc-4be2-9e49-4271950d210b",
"indicator--55ffec54-f9ec-48d9-a14d-4bfe950d210b",
"observed-data--55ffec54-ad20-4079-837d-4286950d210b",
"url--55ffec54-ad20-4079-837d-4286950d210b",
"indicator--55ffec55-b00c-49c0-9e6a-417a950d210b",
"indicator--55ffec55-e5fc-4e88-8611-4cd7950d210b",
"observed-data--55ffec55-1404-4850-a159-472f950d210b",
"url--55ffec55-1404-4850-a159-472f950d210b",
"indicator--55ffec56-7a40-4920-909c-4211950d210b",
"indicator--55ffec56-9830-4220-a466-4944950d210b",
"observed-data--55ffec56-37a4-4583-aacb-4e18950d210b",
"url--55ffec56-37a4-4583-aacb-4e18950d210b",
"indicator--55ffec57-b2bc-412a-bafa-480b950d210b",
"indicator--55ffec57-e96c-4663-8225-42e6950d210b",
"observed-data--55ffec57-0708-4850-8d45-4717950d210b",
"url--55ffec57-0708-4850-8d45-4717950d210b",
"indicator--55ffec58-42c4-4e97-9606-4423950d210b",
"indicator--55ffec58-eac4-40cf-8620-489a950d210b",
"observed-data--55ffec58-aaa0-4988-a292-47e6950d210b",
"url--55ffec58-aaa0-4988-a292-47e6950d210b",
"indicator--55ffec84-b814-4adb-bdd7-40d5950d210b",
"indicator--55ffec85-8d80-4ab6-a715-429e950d210b",
"indicator--55ffec85-a87c-4ae6-8059-4272950d210b",
"indicator--55ffec86-5cf8-44ca-b891-4c66950d210b",
"indicator--55ffecb9-ff50-4c89-97ed-40c4950d210b",
"indicator--55ffecb9-0c08-40b0-aa01-4bf6950d210b",
"indicator--55ffecd8-2c50-4ddb-a4ad-4473950d210b",
"indicator--55ffecd8-3054-416d-9a5e-4360950d210b",
"indicator--55ffecd9-71b4-4cce-9241-4d30950d210b",
"indicator--55ffecd9-1b18-49f9-8fb6-42f5950d210b",
"indicator--55ffecfc-1664-4f6d-8376-4731950d210b",
"indicator--55ffecfd-ac9c-4979-a892-4d12950d210b",
"observed-data--55ffecfd-8eac-42c0-b699-4835950d210b",
"url--55ffecfd-8eac-42c0-b699-4835950d210b",
"indicator--55ffecfd-e4c4-44db-a309-4c7d950d210b",
"indicator--55ffecfe-f804-47c0-aea7-4670950d210b",
"observed-data--55ffecfe-9e6c-421e-b081-4c93950d210b",
"url--55ffecfe-9e6c-421e-b081-4c93950d210b",
"indicator--55ffecfe-0254-433b-9e46-4b3c950d210b",
"indicator--55ffecff-f460-458e-a499-4cf9950d210b",
"observed-data--55ffecff-9234-4de1-aab0-4b75950d210b",
"url--55ffecff-9234-4de1-aab0-4b75950d210b",
"indicator--55ffecff-e6c0-45fe-ab49-4153950d210b",
"indicator--55ffed00-b400-4a65-82e8-43f5950d210b",
"observed-data--55ffed00-c1d4-4003-bd2a-40c3950d210b",
"url--55ffed00-c1d4-4003-bd2a-40c3950d210b",
"indicator--55ffed00-2998-4b78-859a-4b9e950d210b",
"indicator--55ffed01-9fe8-4bbd-9ce6-4e34950d210b",
"observed-data--55ffed01-803c-4b52-ba42-402a950d210b",
"url--55ffed01-803c-4b52-ba42-402a950d210b",
"indicator--55ffed01-2620-4559-8438-4e00950d210b",
"indicator--55ffed02-0690-426c-ad68-4b72950d210b",
"observed-data--55ffed02-0318-48e2-ac63-4500950d210b",
"url--55ffed02-0318-48e2-ac63-4500950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55fc726e-9464-4fef-88b6-53e7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-18T20:22:06.000Z",
"modified": "2015-09-18T20:22:06.000Z",
"first_observed": "2015-09-18T20:22:06Z",
"last_observed": "2015-09-18T20:22:06Z",
"number_observed": 1,
"object_refs": [
"url--55fc726e-9464-4fef-88b6-53e7950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55fc726e-9464-4fef-88b6-53e7950d210b",
"value": "https://www.proofpoint.com/us/threat-insight/post/PlugX-in-Russia"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd4cb-fc90-4a9e-b5ef-d385950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T09:58:35.000Z",
"modified": "2015-09-21T09:58:35.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = '\u00d0\u00a1\u00d0\u0153\u00d0\u02dc -\u00d1\u20ac\u00d0\u00b0\u00d1\u0081\u00d1\u2021\u00d0\u00b5\u00d1\u201a \u00d1\u20ac\u00d0\u00b0\u00d1\u0081\u00d1\u0081\u00d1\u2039\u00d0\u00bb\u00d0\u00ba\u00d0\u00b8 \u00d0\u00bd\u00d0\u00be\u00d0\u00b2\u00d1\u2039\u00d0\u00b9.scr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T09:58:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd4cc-3f14-47c9-a918-d385950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T09:58:36.000Z",
"modified": "2015-09-21T09:58:36.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = '\u00d0\u2019 \u00d0\u00a0\u00d0\u00be\u00d1\u0081\u00d1\u0081\u00d0\u00b8\u00d0\u00b8 \u00d1\u0081\u00d1\u201e\u00d0\u00be\u00d1\u20ac\u00d0\u00bc\u00d0\u00b8\u00d1\u20ac\u00d0\u00be\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b0 \u00d0\u00bb\u00d0\u00b5\u00d0\u00b3\u00d0\u00b5\u00d0\u00bd\u00d0\u00b4\u00d0\u00b0\u00d1\u20ac\u00d0\u00bd\u00d0\u00b0\u00d1\u008f 6-\u00d1\u008f \u00d0\u203a\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d0\u00bd\u00d0\u00b3\u00d1\u20ac\u00d0\u00b0\u00d0\u00b4\u00d1\u0081\u00d0\u00ba\u00d0\u00b0\u00d1\u008f \u00d0\u00b0\u00d1\u20ac\u00d0\u00bc\u00d0\u00b8\u00d1\u008f \u00d0\u2019\u00d0\u2019\u00d0\u00a1 \u00d0\u00b8 \u00d0\u0178\u00d0\u2019\u00d0\u017e.scr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T09:58:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd4cc-d6b0-4eb2-b4ef-d385950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T09:58:36.000Z",
"modified": "2015-09-21T09:58:36.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = '\u00d0\u00a1\u00d0\u00b0\u00d0\u00bc\u00d0\u00b0\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d1\u2030\u00d0\u00bd\u00d0\u00b0\u00d1\u008f \u00d1\u008f\u00d0\u00b4\u00d0\u00b5\u00d1\u20ac\u00d0\u00bd\u00d0\u00b0\u00d1\u008f \u00d0\u00b1\u00d0\u00be\u00d0\u00bc\u00d0\u00b1\u00d0\u00b0 \u00d0\u00b2 \u00d0\u00b8\u00d1\u0081\u00d1\u201a\u00d0\u00be\u00d1\u20ac\u00d0\u00b8\u00d0\u00b8.scr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T09:58:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd4cc-9988-4b94-a123-d385950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T09:58:36.000Z",
"modified": "2015-09-21T09:58:36.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = '\u00d0\u0178\u00d0\u00b0\u00d0\u00bc\u00d1\u008f\u00d1\u201a\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bc\u00d0\u00b5\u00d1\u20ac\u00d0\u00be\u00d0\u00bf\u00d1\u20ac\u00d0\u00b8\u00d1\u008f\u00d1\u201a\u00d0\u00b8\u00d1\u008f, \u00d0\u00b2 \u00d1\u0081\u00d0\u00b2\u00d1\u008f\u00d0\u00b7\u00d0\u00b8 \u00d1\u0081 15-\u00d0\u00bb\u00d0\u00b5\u00d1\u201a\u00d0\u00b8\u00d0\u00b5\u00d0\u00bc \u00d0\u00b3\u00d0\u00b8\u00d0\u00b1\u00d0\u00b5\u00d0\u00bb\u00d0\u00b8 \u00d0\u0090\u00d0\u0178\u00d0\u00a0\u00d0\u0161 \u00c2\u00ab\u00d0\u0161\u00d1\u0192\u00d1\u20ac\u00d1\u0081\u00d0\u00ba\u00c2\u00bb.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T09:58:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd4cd-1834-406c-af56-d385950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T09:58:37.000Z",
"modified": "2015-09-21T09:58:37.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = '\u00d0\u00a1\u00d0\u0153\u00d0\u02dc.scr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T09:58:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd4cd-94ec-4156-a850-d385950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T09:58:37.000Z",
"modified": "2015-09-21T09:58:37.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = '\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00b4\u00d1\u0192\u00d1\u02c6\u00d0\u00bd\u00d0\u00be-\u00d0\u00ba\u00d0\u00be\u00d1\u0081\u00d0\u00bc\u00d0\u00b8\u00d1\u2021\u00d0\u00b5\u00d1\u0081\u00d0\u00ba\u00d0\u00b8\u00d0\u00b5 \u00d1\u0081\u00d0\u00b8\u00d0\u00bb\u00d1\u2039 \u00d0\u00a0\u00d0\u00be\u00d1\u0081\u00d1\u0081\u00d0\u00b8\u00d0\u00b8 \u00d0\u00b7\u00d0\u00b0\u00d1\u0081\u00d1\u201a\u00d1\u0192\u00d0\u00bf\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8 \u00d0\u00bd\u00d0\u00b0 \u00d0\u00b1\u00d0\u00be\u00d0\u00b5\u00d0\u00b2\u00d0\u00be\u00d0\u00b5 \u00d0\u00b4\u00d0\u00b5\u00d0\u00b6\u00d1\u0192\u00d1\u20ac\u00d1\u0081\u00d1\u201a\u00d0\u00b2\u00d0\u00be.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T09:58:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd4cd-b4c0-433b-9638-d385950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T09:58:37.000Z",
"modified": "2015-09-21T09:58:37.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = '11.08.2015.scr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T09:58:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd4f2-001c-4e90-ab45-d52c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T09:59:14.000Z",
"modified": "2015-09-21T09:59:14.000Z",
"description": "rar",
"pattern": "[file:hashes.SHA256 = '71be8bb45dfe360ee6076ed34fde12a382fe9d7922bd11b179ca773be12fa54c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T09:59:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd511-4178-4679-ad74-d987950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T09:59:45.000Z",
"modified": "2015-09-21T09:59:45.000Z",
"description": "rar - Xchecked via VT: 71be8bb45dfe360ee6076ed34fde12a382fe9d7922bd11b179ca773be12fa54c",
"pattern": "[file:hashes.SHA1 = 'bcb8f0c695ee188ebc881d28295789911f3e636b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T09:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd512-5484-47d5-a31c-d987950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T09:59:46.000Z",
"modified": "2015-09-21T09:59:46.000Z",
"description": "rar - Xchecked via VT: 71be8bb45dfe360ee6076ed34fde12a382fe9d7922bd11b179ca773be12fa54c",
"pattern": "[file:hashes.MD5 = '2e0262bb45fa553cc3929b4cc32e7581']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T09:59:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffd512-8a6c-4d41-b629-d987950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T09:59:46.000Z",
"modified": "2015-09-21T09:59:46.000Z",
"first_observed": "2015-09-21T09:59:46Z",
"last_observed": "2015-09-21T09:59:46Z",
"number_observed": 1,
"object_refs": [
"url--55ffd512-8a6c-4d41-b629-d987950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffd512-8a6c-4d41-b629-d987950d210b",
"value": "https://www.virustotal.com/file/71be8bb45dfe360ee6076ed34fde12a382fe9d7922bd11b179ca773be12fa54c/analysis/1442670814/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55ffd523-3214-4945-b6ad-d385950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T10:00:03.000Z",
"modified": "2015-09-21T10:00:03.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_type": "text",
"x_misp_value": "PlugX"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55ffd539-1c08-4fd0-aaa5-d99a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T10:00:25.000Z",
"modified": "2015-09-21T10:00:25.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Proofpoint researchers recently observed a campaign targeting telecom and military in Russia. Beginning in July 2015 (and possibly earlier), the attack continued into August and is currently ongoing. As a part of this campaign, we also observed attacks on Russian-speaking financial analysts working at global financial firms and covering telecom corporations in Russia, likely a result of collateral damage caused by the attackers targeting tactics. \r\n\r\nThe attacks employed PlugX, a Remote Access Trojan (RAT) widely used in targeted attacks. Proofpoint is tracking this attacker, believed to operate out of China, as TA459 . This same attacker is also reported to have targeted various military installations in Central Asia in the past [1]. While the current campaign from this attacker has been active for a couple of months, there is evidence of activity by this attacker as far back as 2013, employing other backdoors such as Saker, Netbot and DarkStRat .\r\n\r\nThe attacks seen in the current campaign involved spear-phishing emails that employ both exploit-laden Microsoft Word document attachments, as well as links leading to RAR archives. The email contents, filenames and decoy are all usually in Russian."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd55e-e4f4-4c5a-8759-da8a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T10:01:02.000Z",
"modified": "2015-09-21T10:01:02.000Z",
"description": "LTE-2600.doc",
"pattern": "[file:hashes.SHA256 = '6ea86b944c8b5a9b02adc7aac80e0f33217b28103b70153710c1f6da76e36081']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T10:01:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd566-cd84-42d3-b442-c40e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T10:01:10.000Z",
"modified": "2015-09-21T10:01:10.000Z",
"description": "LTE-2600.doc - Xchecked via VT: 6ea86b944c8b5a9b02adc7aac80e0f33217b28103b70153710c1f6da76e36081",
"pattern": "[file:hashes.SHA1 = '08db4b8dc7c18133851774d687a9d2bcb993bffa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T10:01:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd566-6844-4203-8b0e-c40e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T10:01:10.000Z",
"modified": "2015-09-21T10:01:10.000Z",
"description": "LTE-2600.doc - Xchecked via VT: 6ea86b944c8b5a9b02adc7aac80e0f33217b28103b70153710c1f6da76e36081",
"pattern": "[file:hashes.MD5 = '7048add2873b08a9693a60135f978686']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T10:01:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffd567-f040-4091-9220-c40e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T10:01:11.000Z",
"modified": "2015-09-21T10:01:11.000Z",
"first_observed": "2015-09-21T10:01:11Z",
"last_observed": "2015-09-21T10:01:11Z",
"number_observed": 1,
"object_refs": [
"url--55ffd567-f040-4091-9220-c40e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffd567-f040-4091-9220-c40e950d210b",
"value": "https://www.virustotal.com/file/6ea86b944c8b5a9b02adc7aac80e0f33217b28103b70153710c1f6da76e36081/analysis/1442639599/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55ffd579-a434-408b-bb08-d52d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T10:01:29.000Z",
"modified": "2015-09-21T10:01:29.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_type": "text",
"x_misp_value": "TA459"
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--55ffd5af-bc14-420a-8294-dbb7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T10:02:23.000Z",
"modified": "2015-09-21T10:02:23.000Z",
"name": "CVE-2012-0158",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2012-0158"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd5d9-12fc-4469-af47-d982950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T10:03:05.000Z",
"modified": "2015-09-21T10:03:05.000Z",
"pattern": "[domain-name:value = 'arms-expo.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T10:03:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd5d9-8cf0-4f8f-a1fb-d982950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T10:03:05.000Z",
"modified": "2015-09-21T10:03:05.000Z",
"pattern": "[domain-name:value = 'forum-mil.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T10:03:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd5da-2190-4520-a195-d982950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T10:03:06.000Z",
"modified": "2015-09-21T10:03:06.000Z",
"pattern": "[domain-name:value = 'tvzvezda.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T10:03:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd5da-8d70-405a-a9c5-d982950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T10:03:06.000Z",
"modified": "2015-09-21T10:03:06.000Z",
"pattern": "[domain-name:value = 'rusarmy.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T10:03:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd5da-484c-423e-a786-d982950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T10:03:06.000Z",
"modified": "2015-09-21T10:03:06.000Z",
"pattern": "[domain-name:value = 'patriotp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T10:03:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffd5db-8c38-42fe-a6a1-d982950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T10:03:07.000Z",
"modified": "2015-09-21T10:03:07.000Z",
"pattern": "[domain-name:value = 'militarynewes.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T10:03:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffe9a5-85a0-47d1-b643-dda5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:27:33.000Z",
"modified": "2015-09-21T11:27:33.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '43.252.175.119']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:27:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffe9d3-9438-4035-a88b-dd91950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:28:19.000Z",
"modified": "2015-09-21T11:28:19.000Z",
"pattern": "[domain-name:value = 'business-isa.mynetav.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:28:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffe9d4-4da8-49a5-bc46-dd91950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:28:20.000Z",
"modified": "2015-09-21T11:28:20.000Z",
"pattern": "[domain-name:value = 'business-rsa.onmypc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:28:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffe9d4-4290-4cd2-a95a-dd91950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:28:20.000Z",
"modified": "2015-09-21T11:28:20.000Z",
"pattern": "[domain-name:value = 'blacktan.cn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:28:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffe9d4-2d14-44ba-9237-dd91950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:28:20.000Z",
"modified": "2015-09-21T11:28:20.000Z",
"pattern": "[domain-name:value = 'dicemention.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:28:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffe9d5-d850-4285-aa0b-dd91950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:28:21.000Z",
"modified": "2015-09-21T11:28:21.000Z",
"pattern": "[domain-name:value = 'leeghost.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:28:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffe9d5-18f0-4742-9c0c-dd91950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:28:21.000Z",
"modified": "2015-09-21T11:28:21.000Z",
"pattern": "[domain-name:value = 'notebookhk.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:28:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffe9f2-79a4-462b-b154-47a3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:28:50.000Z",
"modified": "2015-09-21T11:28:50.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '123.254.104.50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:28:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffea17-23e4-48b1-b2b2-dda5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:29:38.000Z",
"modified": "2015-09-21T11:29:38.000Z",
"description": "Related malware - Saker",
"pattern": "[file:hashes.SHA256 = '556e7e944939929ca4d9ca6c54d9059edf97642ece1d84363f2d46e2e8ca72ae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:29:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffea29-2d70-400e-962c-4ab2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:29:45.000Z",
"modified": "2015-09-21T11:29:45.000Z",
"description": "Related malware - Saker - Xchecked via VT: 556e7e944939929ca4d9ca6c54d9059edf97642ece1d84363f2d46e2e8ca72ae",
"pattern": "[file:hashes.SHA1 = 'a078b6de46feab5cca040f1e256c1b09e193ffeb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:29:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffea2a-160c-4b6c-b529-4559950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:29:46.000Z",
"modified": "2015-09-21T11:29:46.000Z",
"description": "Related malware - Saker - Xchecked via VT: 556e7e944939929ca4d9ca6c54d9059edf97642ece1d84363f2d46e2e8ca72ae",
"pattern": "[file:hashes.MD5 = '7160b0d2d5d1e565adc53f6731a202f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:29:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffea2a-36f8-45cf-92ab-41bf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:29:46.000Z",
"modified": "2015-09-21T11:29:46.000Z",
"first_observed": "2015-09-21T11:29:46Z",
"last_observed": "2015-09-21T11:29:46Z",
"number_observed": 1,
"object_refs": [
"url--55ffea2a-36f8-45cf-92ab-41bf950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffea2a-36f8-45cf-92ab-41bf950d210b",
"value": "https://www.virustotal.com/file/556e7e944939929ca4d9ca6c54d9059edf97642ece1d84363f2d46e2e8ca72ae/analysis/1439418346/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffea52-d6cc-4494-8f90-4306950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:30:26.000Z",
"modified": "2015-09-21T11:30:26.000Z",
"description": "Related malware - netbot",
"pattern": "[file:hashes.SHA256 = '277fe4dab731149f3d40630f2f8b25092b007c701f04b5304d3ba9570280d015']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:30:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffea58-6428-40a8-b685-4968950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:30:32.000Z",
"modified": "2015-09-21T11:30:32.000Z",
"description": "Related malware - netbot - Xchecked via VT: 277fe4dab731149f3d40630f2f8b25092b007c701f04b5304d3ba9570280d015",
"pattern": "[file:hashes.SHA1 = '522649916f3e958f0040c768d8ac3d797324fc65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffea58-6bd4-4fbe-acd9-4c34950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:30:32.000Z",
"modified": "2015-09-21T11:30:32.000Z",
"description": "Related malware - netbot - Xchecked via VT: 277fe4dab731149f3d40630f2f8b25092b007c701f04b5304d3ba9570280d015",
"pattern": "[file:hashes.MD5 = '38e35c5f140f802c70c974edadbbf63c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffea59-c74c-4bf4-91b4-4b8d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:30:33.000Z",
"modified": "2015-09-21T11:30:33.000Z",
"first_observed": "2015-09-21T11:30:33Z",
"last_observed": "2015-09-21T11:30:33Z",
"number_observed": 1,
"object_refs": [
"url--55ffea59-c74c-4bf4-91b4-4b8d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffea59-c74c-4bf4-91b4-4b8d950d210b",
"value": "https://www.virustotal.com/file/277fe4dab731149f3d40630f2f8b25092b007c701f04b5304d3ba9570280d015/analysis/1409919706/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffea8b-4958-4b46-be3a-4027950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:31:23.000Z",
"modified": "2015-09-21T11:31:23.000Z",
"description": "Related malware - netbot",
"pattern": "[file:hashes.SHA256 = 'dd9d31c3acb4299619c2251698024da1ac9ec42280aa6c16cd2369907f3be4e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:31:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffeaa1-1a5c-41f9-bb8f-411b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:31:45.000Z",
"modified": "2015-09-21T11:31:45.000Z",
"description": "Related malware - netbot - Xchecked via VT: dd9d31c3acb4299619c2251698024da1ac9ec42280aa6c16cd2369907f3be4e3",
"pattern": "[file:hashes.SHA1 = 'ef0c809714f2a618ba66ac9215fac97139240046']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:31:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffeaa1-7a14-4d73-b24d-44c2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:31:45.000Z",
"modified": "2015-09-21T11:31:45.000Z",
"description": "Related malware - netbot - Xchecked via VT: dd9d31c3acb4299619c2251698024da1ac9ec42280aa6c16cd2369907f3be4e3",
"pattern": "[file:hashes.MD5 = '3c7e67fe058d59624bcac401bd071fa1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:31:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffeaa1-e924-49fd-b661-4dd3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:31:45.000Z",
"modified": "2015-09-21T11:31:45.000Z",
"first_observed": "2015-09-21T11:31:45Z",
"last_observed": "2015-09-21T11:31:45Z",
"number_observed": 1,
"object_refs": [
"url--55ffeaa1-e924-49fd-b661-4dd3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffeaa1-e924-49fd-b661-4dd3950d210b",
"value": "https://www.virustotal.com/file/dd9d31c3acb4299619c2251698024da1ac9ec42280aa6c16cd2369907f3be4e3/analysis/1431227221/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffeaf9-80c0-46f2-a983-4b9a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:33:13.000Z",
"modified": "2015-09-21T11:33:13.000Z",
"description": "Related malware - Saker",
"pattern": "[file:hashes.SHA256 = '1a789568a53c18dab21c9c0386c746878cf8458e3369f0dc36a285fe296f3be3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:33:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffeb01-c380-47f8-ac57-4fc2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:33:21.000Z",
"modified": "2015-09-21T11:33:21.000Z",
"description": "Related malware - Saker - Xchecked via VT: 1a789568a53c18dab21c9c0386c746878cf8458e3369f0dc36a285fe296f3be3",
"pattern": "[file:hashes.SHA1 = 'ffd4369080537f39518ff53371b30731f5faa0f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:33:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffeb02-1510-475d-97de-44ef950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:33:22.000Z",
"modified": "2015-09-21T11:33:22.000Z",
"description": "Related malware - Saker - Xchecked via VT: 1a789568a53c18dab21c9c0386c746878cf8458e3369f0dc36a285fe296f3be3",
"pattern": "[file:hashes.MD5 = '74301837c857f1f38348da87dd2b18b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:33:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffeb02-6108-4e38-a2cb-4fcb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:33:22.000Z",
"modified": "2015-09-21T11:33:22.000Z",
"first_observed": "2015-09-21T11:33:22Z",
"last_observed": "2015-09-21T11:33:22Z",
"number_observed": 1,
"object_refs": [
"url--55ffeb02-6108-4e38-a2cb-4fcb950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffeb02-6108-4e38-a2cb-4fcb950d210b",
"value": "https://www.virustotal.com/file/1a789568a53c18dab21c9c0386c746878cf8458e3369f0dc36a285fe296f3be3/analysis/1393206966/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffeb32-5540-402c-b090-43fe950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:34:10.000Z",
"modified": "2015-09-21T11:34:10.000Z",
"description": "Whois record (registrant)",
"pattern": "[email-message:from_ref.value = 'gengd@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:34:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffeb33-ff04-4174-b2aa-4992950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:34:11.000Z",
"modified": "2015-09-21T11:34:11.000Z",
"description": "Whois record (registrant)",
"pattern": "[email-message:from_ref.value = 'hsdf@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:34:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffeb33-8710-43d1-ac5e-409f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:34:11.000Z",
"modified": "2015-09-21T11:34:11.000Z",
"description": "Whois record (registrant)",
"pattern": "[email-message:from_ref.value = 'dolphin@yahoo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:34:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffeb34-aa34-4f44-85ee-461c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:34:12.000Z",
"modified": "2015-09-21T11:34:12.000Z",
"description": "Whois record (registrant)",
"pattern": "[email-message:from_ref.value = 'gjklsdf@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:34:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffebfc-214c-4652-b0d4-4eae950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:37:32.000Z",
"modified": "2015-09-21T11:37:32.000Z",
"description": "PlugX hashes",
"pattern": "[file:hashes.SHA256 = '1aa6c5d0c9ad914fb5ed24741ac947d31cac6921ece7b3b807736febda7e2c4b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:37:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffebfc-673c-4c84-a87f-4c1f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:37:32.000Z",
"modified": "2015-09-21T11:37:32.000Z",
"description": "PlugX hashes",
"pattern": "[file:hashes.SHA256 = '1b32825f178afe76e290c458ddbf8a3596002c6f9a7763687311f7d211a54aab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:37:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffebfd-e950-4f6d-aa6b-4914950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:37:33.000Z",
"modified": "2015-09-21T11:37:33.000Z",
"description": "PlugX hashes",
"pattern": "[file:hashes.SHA256 = '3e824972397b322ea9f48fd1a9a02bd6c3eb68cc7de3a4f29e46a5c67b625ec1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:37:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffebfd-5fc0-40fa-99cf-4461950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:37:33.000Z",
"modified": "2015-09-21T11:37:33.000Z",
"description": "PlugX hashes",
"pattern": "[file:hashes.SHA256 = '49e1f953dc17073bf919972868576b93cc9f3b5b9600f98a0bd9e39e5d229d9e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:37:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffebfd-9ba4-48dc-9575-41d7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:37:33.000Z",
"modified": "2015-09-21T11:37:33.000Z",
"description": "PlugX hashes",
"pattern": "[file:hashes.SHA256 = '4cadbdb5a09781555cc5d637d3fecf89b9a66fac245d6a3a14989f39a9a48c6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:37:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffebfe-cfb0-412a-8320-40a0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:37:34.000Z",
"modified": "2015-09-21T11:37:34.000Z",
"description": "PlugX hashes",
"pattern": "[file:hashes.SHA256 = '67cccfa23a7fd1d9ca8160cd977d536c4a40bf9525a93aa4122a89527a96fa8f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:37:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffebfe-a898-45bd-8417-48eb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:37:34.000Z",
"modified": "2015-09-21T11:37:34.000Z",
"description": "PlugX hashes",
"pattern": "[file:hashes.SHA256 = '6ea86b944c8b5a9b02adc7aac80e0f33217b28103b70153710c1f6da76e36081']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:37:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffebfe-4934-445d-88cb-4075950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:37:34.000Z",
"modified": "2015-09-21T11:37:34.000Z",
"description": "PlugX hashes",
"pattern": "[file:hashes.SHA256 = '7efcf2211cd68ab459582594b5d75c64830acf25bcaab065bbd60377fb9eb22a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:37:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffebff-8ee0-4bd4-9254-4bd3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:37:35.000Z",
"modified": "2015-09-21T11:37:35.000Z",
"description": "PlugX hashes",
"pattern": "[file:hashes.SHA256 = '8702506e8e75834a8f011cfc268d02043af5522aeda20a8458880c8fbed7ecac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:37:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffebff-210c-488c-b836-45e3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:37:35.000Z",
"modified": "2015-09-21T11:37:35.000Z",
"description": "PlugX hashes",
"pattern": "[file:hashes.SHA256 = '8a5df5f31a3b4f893a0565967d64e57f41d91e3592bbd8d52f98f81b3fb8452b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:37:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec1a-d9ac-4ce4-a821-460b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:02.000Z",
"modified": "2015-09-21T11:38:02.000Z",
"description": "Saker hashes",
"pattern": "[file:hashes.SHA256 = '0d2600d978f5c1042e93b701654db080aac144dfa2877844334b1d4cd78f4a1d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec1a-488c-4dcb-969c-4c79950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:02.000Z",
"modified": "2015-09-21T11:38:02.000Z",
"description": "Saker hashes",
"pattern": "[file:hashes.SHA256 = '2a6dee57cb302a1350ade4a33f40a77c1952cf2e6b29d1be8400c13927e34670']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec1a-ce00-41fc-a36c-4720950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:02.000Z",
"modified": "2015-09-21T11:38:02.000Z",
"description": "Saker hashes",
"pattern": "[file:hashes.SHA256 = '383c5d22c1de3aae7684eb5a7d87d6b553f09f166ca402894c5deecabaa7d866']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec1b-d354-47d8-b4b9-4a51950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:03.000Z",
"modified": "2015-09-21T11:38:03.000Z",
"description": "Saker hashes",
"pattern": "[file:hashes.SHA256 = '53d29782b8c325c2ff62493cdb261a8e54e45ed04880527e75e8e211b4d8d861']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec1b-b0ac-479d-a81d-4ef2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:03.000Z",
"modified": "2015-09-21T11:38:03.000Z",
"description": "Saker hashes",
"pattern": "[file:hashes.SHA256 = '5d97ec30c481e00d4285246b528745f331be905f453e062bd9c2d506e9386f0e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec1b-4d18-4aae-a4c9-497d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:03.000Z",
"modified": "2015-09-21T11:38:03.000Z",
"description": "Saker hashes",
"pattern": "[file:hashes.SHA256 = '664f80b427bf0145e62f6f90cb4833c30cfb8dc4b2d68746aa01420da82bd8af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec1c-7750-4193-a8e5-44cd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:04.000Z",
"modified": "2015-09-21T11:38:04.000Z",
"description": "Saker hashes",
"pattern": "[file:hashes.SHA256 = '6dc560a3b20a6e95552254bdb04fba03f74223a83a58436a3decfab74abc5fb5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec1c-a2fc-4a85-bdca-46f6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:04.000Z",
"modified": "2015-09-21T11:38:04.000Z",
"description": "Saker hashes",
"pattern": "[file:hashes.SHA256 = 'a2f4aa2d25bff21e73b15065e2fc38d297ee14253044a66d00690b1bb23fc373']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec1c-b18c-44e4-88b4-48bf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:04.000Z",
"modified": "2015-09-21T11:38:04.000Z",
"description": "Saker hashes",
"pattern": "[file:hashes.SHA256 = 'c7d7211d1fea69ea6a9697a8f8d21ac40f6d7dc6863708b9a98930271a156c86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec1d-d0cc-4810-ba82-46ef950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:05.000Z",
"modified": "2015-09-21T11:38:05.000Z",
"description": "Saker hashes",
"pattern": "[file:hashes.SHA256 = 'd2a5cf434e8a0c63c23e6a3e5cf8a60f259099a706d2d243ffa5c7dbd46fd9d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec1d-89c8-4201-bb2d-42f2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:05.000Z",
"modified": "2015-09-21T11:38:05.000Z",
"description": "Saker hashes",
"pattern": "[file:hashes.SHA256 = 'd6ff406da6e9a20074c3e1228ab04d35a3839b1719d3cafbb21ad3e3b6d03ef4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec1e-2400-4e97-96d2-4bc5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:06.000Z",
"modified": "2015-09-21T11:38:06.000Z",
"description": "Saker hashes",
"pattern": "[file:hashes.SHA256 = 'df4571b7d3be63de8338e6905b2689309ed5cce88d57a8db0c7b9aebf713d81c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec1e-c7d8-41ea-ba5b-4d45950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:06.000Z",
"modified": "2015-09-21T11:38:06.000Z",
"description": "Saker hashes",
"pattern": "[file:hashes.SHA256 = 'ed7771339794c7908865f7816513b593369a93c98b39f58ebaaa98f3f0067e9d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec42-fe60-4b7f-b440-472b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:42.000Z",
"modified": "2015-09-21T11:38:42.000Z",
"description": "Saker hashes - Xchecked via VT: ed7771339794c7908865f7816513b593369a93c98b39f58ebaaa98f3f0067e9d",
"pattern": "[file:hashes.SHA1 = '6b6f0d172024b1c0bde5c3b0704658f0f0ebb05b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec42-bb34-42b7-aa17-4b69950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:42.000Z",
"modified": "2015-09-21T11:38:42.000Z",
"description": "Saker hashes - Xchecked via VT: ed7771339794c7908865f7816513b593369a93c98b39f58ebaaa98f3f0067e9d",
"pattern": "[file:hashes.MD5 = 'c824cb1c177c548c533879840bd8851c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec43-d5b4-4ec9-8060-432d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:43.000Z",
"modified": "2015-09-21T11:38:43.000Z",
"first_observed": "2015-09-21T11:38:43Z",
"last_observed": "2015-09-21T11:38:43Z",
"number_observed": 1,
"object_refs": [
"url--55ffec43-d5b4-4ec9-8060-432d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec43-d5b4-4ec9-8060-432d950d210b",
"value": "https://www.virustotal.com/file/ed7771339794c7908865f7816513b593369a93c98b39f58ebaaa98f3f0067e9d/analysis/1442539401/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec43-2094-4492-b9a6-4c23950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:43.000Z",
"modified": "2015-09-21T11:38:43.000Z",
"description": "Saker hashes - Xchecked via VT: df4571b7d3be63de8338e6905b2689309ed5cce88d57a8db0c7b9aebf713d81c",
"pattern": "[file:hashes.SHA1 = 'fd81f43dfcf0562572d4fecf994eacb8689ab64a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec43-97dc-43ff-885d-40c2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:43.000Z",
"modified": "2015-09-21T11:38:43.000Z",
"description": "Saker hashes - Xchecked via VT: df4571b7d3be63de8338e6905b2689309ed5cce88d57a8db0c7b9aebf713d81c",
"pattern": "[file:hashes.MD5 = '460b26fcc28f25e1ed00dc04680f6311']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec44-5194-4117-9182-433d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:44.000Z",
"modified": "2015-09-21T11:38:44.000Z",
"first_observed": "2015-09-21T11:38:44Z",
"last_observed": "2015-09-21T11:38:44Z",
"number_observed": 1,
"object_refs": [
"url--55ffec44-5194-4117-9182-433d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec44-5194-4117-9182-433d950d210b",
"value": "https://www.virustotal.com/file/df4571b7d3be63de8338e6905b2689309ed5cce88d57a8db0c7b9aebf713d81c/analysis/1440678758/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec44-5bb4-4cb3-b728-423b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:44.000Z",
"modified": "2015-09-21T11:38:44.000Z",
"description": "Saker hashes - Xchecked via VT: d6ff406da6e9a20074c3e1228ab04d35a3839b1719d3cafbb21ad3e3b6d03ef4",
"pattern": "[file:hashes.SHA1 = '90d4ede1a8ac3c8cf235e1606be897786a7a6cbb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec44-3824-446d-a783-4d76950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:44.000Z",
"modified": "2015-09-21T11:38:44.000Z",
"description": "Saker hashes - Xchecked via VT: d6ff406da6e9a20074c3e1228ab04d35a3839b1719d3cafbb21ad3e3b6d03ef4",
"pattern": "[file:hashes.MD5 = '1778bfb4bb39e09c2849499c1a7cfe0a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec45-4de4-4625-b3de-4f7d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:45.000Z",
"modified": "2015-09-21T11:38:45.000Z",
"first_observed": "2015-09-21T11:38:45Z",
"last_observed": "2015-09-21T11:38:45Z",
"number_observed": 1,
"object_refs": [
"url--55ffec45-4de4-4625-b3de-4f7d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec45-4de4-4625-b3de-4f7d950d210b",
"value": "https://www.virustotal.com/file/d6ff406da6e9a20074c3e1228ab04d35a3839b1719d3cafbb21ad3e3b6d03ef4/analysis/1406705327/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec45-761c-45c9-a8ca-4c6c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:45.000Z",
"modified": "2015-09-21T11:38:45.000Z",
"description": "Saker hashes - Xchecked via VT: d2a5cf434e8a0c63c23e6a3e5cf8a60f259099a706d2d243ffa5c7dbd46fd9d4",
"pattern": "[file:hashes.SHA1 = '2d3515d010c2c7c913088414465a76d81e484ba8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec45-c7d4-45a7-a1cf-4597950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:45.000Z",
"modified": "2015-09-21T11:38:45.000Z",
"description": "Saker hashes - Xchecked via VT: d2a5cf434e8a0c63c23e6a3e5cf8a60f259099a706d2d243ffa5c7dbd46fd9d4",
"pattern": "[file:hashes.MD5 = 'cb0f926b00981dbc2d1b92e91760e017']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec46-89f0-4b69-ba24-42ee950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:46.000Z",
"modified": "2015-09-21T11:38:46.000Z",
"first_observed": "2015-09-21T11:38:46Z",
"last_observed": "2015-09-21T11:38:46Z",
"number_observed": 1,
"object_refs": [
"url--55ffec46-89f0-4b69-ba24-42ee950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec46-89f0-4b69-ba24-42ee950d210b",
"value": "https://www.virustotal.com/file/d2a5cf434e8a0c63c23e6a3e5cf8a60f259099a706d2d243ffa5c7dbd46fd9d4/analysis/1442539424/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec46-2d84-4b5c-9467-477f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:46.000Z",
"modified": "2015-09-21T11:38:46.000Z",
"description": "Saker hashes - Xchecked via VT: c7d7211d1fea69ea6a9697a8f8d21ac40f6d7dc6863708b9a98930271a156c86",
"pattern": "[file:hashes.SHA1 = 'dfb928b2cc617c74d87b4d5c46ab850f990859dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec46-4004-4b7f-a438-40bd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:46.000Z",
"modified": "2015-09-21T11:38:46.000Z",
"description": "Saker hashes - Xchecked via VT: c7d7211d1fea69ea6a9697a8f8d21ac40f6d7dc6863708b9a98930271a156c86",
"pattern": "[file:hashes.MD5 = 'f4572c1ab751929fc2dd88b344fe8f7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec47-4bc0-4aa3-8266-481c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:47.000Z",
"modified": "2015-09-21T11:38:47.000Z",
"first_observed": "2015-09-21T11:38:47Z",
"last_observed": "2015-09-21T11:38:47Z",
"number_observed": 1,
"object_refs": [
"url--55ffec47-4bc0-4aa3-8266-481c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec47-4bc0-4aa3-8266-481c950d210b",
"value": "https://www.virustotal.com/file/c7d7211d1fea69ea6a9697a8f8d21ac40f6d7dc6863708b9a98930271a156c86/analysis/1442539413/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec47-1c10-4377-a944-4589950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:47.000Z",
"modified": "2015-09-21T11:38:47.000Z",
"description": "Saker hashes - Xchecked via VT: a2f4aa2d25bff21e73b15065e2fc38d297ee14253044a66d00690b1bb23fc373",
"pattern": "[file:hashes.SHA1 = 'bbaf8d3d1ccba73d26880a4247db04e980ccee81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec47-d0d8-4631-8960-41bd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:47.000Z",
"modified": "2015-09-21T11:38:47.000Z",
"description": "Saker hashes - Xchecked via VT: a2f4aa2d25bff21e73b15065e2fc38d297ee14253044a66d00690b1bb23fc373",
"pattern": "[file:hashes.MD5 = '142dd8beb167fbe9c20f4a0764e74477']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec48-07b4-4c45-8bb1-49b3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:48.000Z",
"modified": "2015-09-21T11:38:48.000Z",
"first_observed": "2015-09-21T11:38:48Z",
"last_observed": "2015-09-21T11:38:48Z",
"number_observed": 1,
"object_refs": [
"url--55ffec48-07b4-4c45-8bb1-49b3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec48-07b4-4c45-8bb1-49b3950d210b",
"value": "https://www.virustotal.com/file/a2f4aa2d25bff21e73b15065e2fc38d297ee14253044a66d00690b1bb23fc373/analysis/1442638928/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec48-6b5c-441e-8c48-404e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:48.000Z",
"modified": "2015-09-21T11:38:48.000Z",
"description": "Saker hashes - Xchecked via VT: 6dc560a3b20a6e95552254bdb04fba03f74223a83a58436a3decfab74abc5fb5",
"pattern": "[file:hashes.SHA1 = 'd1c1f8b9907077d04fd0d33670898877913ae865']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec48-2e74-4cdc-956d-4cdb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:48.000Z",
"modified": "2015-09-21T11:38:48.000Z",
"description": "Saker hashes - Xchecked via VT: 6dc560a3b20a6e95552254bdb04fba03f74223a83a58436a3decfab74abc5fb5",
"pattern": "[file:hashes.MD5 = '1686e7089dbd4c533744372f78b3928d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec49-50cc-47cd-af6c-4d7c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:49.000Z",
"modified": "2015-09-21T11:38:49.000Z",
"first_observed": "2015-09-21T11:38:49Z",
"last_observed": "2015-09-21T11:38:49Z",
"number_observed": 1,
"object_refs": [
"url--55ffec49-50cc-47cd-af6c-4d7c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec49-50cc-47cd-af6c-4d7c950d210b",
"value": "https://www.virustotal.com/file/6dc560a3b20a6e95552254bdb04fba03f74223a83a58436a3decfab74abc5fb5/analysis/1380750618/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec49-f248-4310-85dc-4db1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:49.000Z",
"modified": "2015-09-21T11:38:49.000Z",
"description": "Saker hashes - Xchecked via VT: 664f80b427bf0145e62f6f90cb4833c30cfb8dc4b2d68746aa01420da82bd8af",
"pattern": "[file:hashes.SHA1 = 'ae640cb9b2ac2b6b68ddd2b387f7303538fe7187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec49-08d0-4e34-8b2d-4bc8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:49.000Z",
"modified": "2015-09-21T11:38:49.000Z",
"description": "Saker hashes - Xchecked via VT: 664f80b427bf0145e62f6f90cb4833c30cfb8dc4b2d68746aa01420da82bd8af",
"pattern": "[file:hashes.MD5 = '83d92d7f69b054e8d2508d2f10a1a195']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec4a-53b0-4ea4-bf91-42e6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:50.000Z",
"modified": "2015-09-21T11:38:50.000Z",
"first_observed": "2015-09-21T11:38:50Z",
"last_observed": "2015-09-21T11:38:50Z",
"number_observed": 1,
"object_refs": [
"url--55ffec4a-53b0-4ea4-bf91-42e6950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec4a-53b0-4ea4-bf91-42e6950d210b",
"value": "https://www.virustotal.com/file/664f80b427bf0145e62f6f90cb4833c30cfb8dc4b2d68746aa01420da82bd8af/analysis/1442638686/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec4a-b3c0-4e53-b5f6-4dad950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:50.000Z",
"modified": "2015-09-21T11:38:50.000Z",
"description": "Saker hashes - Xchecked via VT: 5d97ec30c481e00d4285246b528745f331be905f453e062bd9c2d506e9386f0e",
"pattern": "[file:hashes.SHA1 = '60aa35a9c20e4adf93b0171a3ace75078ba3c469']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec4a-56ac-43ff-94f5-437d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:50.000Z",
"modified": "2015-09-21T11:38:50.000Z",
"description": "Saker hashes - Xchecked via VT: 5d97ec30c481e00d4285246b528745f331be905f453e062bd9c2d506e9386f0e",
"pattern": "[file:hashes.MD5 = 'b44d492a5d772ae964d2e791507cbd24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec4b-1500-44e9-b7b7-45eb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:51.000Z",
"modified": "2015-09-21T11:38:51.000Z",
"first_observed": "2015-09-21T11:38:51Z",
"last_observed": "2015-09-21T11:38:51Z",
"number_observed": 1,
"object_refs": [
"url--55ffec4b-1500-44e9-b7b7-45eb950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec4b-1500-44e9-b7b7-45eb950d210b",
"value": "https://www.virustotal.com/file/5d97ec30c481e00d4285246b528745f331be905f453e062bd9c2d506e9386f0e/analysis/1416230500/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec4b-d180-4f96-bedf-415d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:51.000Z",
"modified": "2015-09-21T11:38:51.000Z",
"description": "Saker hashes - Xchecked via VT: 53d29782b8c325c2ff62493cdb261a8e54e45ed04880527e75e8e211b4d8d861",
"pattern": "[file:hashes.SHA1 = '67b43c95ec1df39f7d0d523be15ddceb2064b086']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec4b-4738-4f2b-981b-4a43950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:51.000Z",
"modified": "2015-09-21T11:38:51.000Z",
"description": "Saker hashes - Xchecked via VT: 53d29782b8c325c2ff62493cdb261a8e54e45ed04880527e75e8e211b4d8d861",
"pattern": "[file:hashes.MD5 = '2df77d71a5cfaf228d57690772a8342b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec4c-ef90-442e-a61e-42b8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:52.000Z",
"modified": "2015-09-21T11:38:52.000Z",
"first_observed": "2015-09-21T11:38:52Z",
"last_observed": "2015-09-21T11:38:52Z",
"number_observed": 1,
"object_refs": [
"url--55ffec4c-ef90-442e-a61e-42b8950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec4c-ef90-442e-a61e-42b8950d210b",
"value": "https://www.virustotal.com/file/53d29782b8c325c2ff62493cdb261a8e54e45ed04880527e75e8e211b4d8d861/analysis/1377292757/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec4c-ae00-496c-95b0-40c5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:52.000Z",
"modified": "2015-09-21T11:38:52.000Z",
"description": "Saker hashes - Xchecked via VT: 383c5d22c1de3aae7684eb5a7d87d6b553f09f166ca402894c5deecabaa7d866",
"pattern": "[file:hashes.SHA1 = '3a98227a754ca57cac7bdad93c90fb696eac49dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec4d-bc58-4b44-99db-4a93950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:53.000Z",
"modified": "2015-09-21T11:38:53.000Z",
"description": "Saker hashes - Xchecked via VT: 383c5d22c1de3aae7684eb5a7d87d6b553f09f166ca402894c5deecabaa7d866",
"pattern": "[file:hashes.MD5 = '6b1b0d01279c4e976eb69cbb1d264a83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec4d-a5f8-40e1-a67f-4dac950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:53.000Z",
"modified": "2015-09-21T11:38:53.000Z",
"first_observed": "2015-09-21T11:38:53Z",
"last_observed": "2015-09-21T11:38:53Z",
"number_observed": 1,
"object_refs": [
"url--55ffec4d-a5f8-40e1-a67f-4dac950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec4d-a5f8-40e1-a67f-4dac950d210b",
"value": "https://www.virustotal.com/file/383c5d22c1de3aae7684eb5a7d87d6b553f09f166ca402894c5deecabaa7d866/analysis/1442539408/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec4d-69a4-4e81-b1ad-4c17950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:53.000Z",
"modified": "2015-09-21T11:38:53.000Z",
"description": "Saker hashes - Xchecked via VT: 2a6dee57cb302a1350ade4a33f40a77c1952cf2e6b29d1be8400c13927e34670",
"pattern": "[file:hashes.SHA1 = 'c95ee3f898e4db9240130af9b55bb2a83fafd7e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec4e-1180-4b32-9f6f-4649950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:54.000Z",
"modified": "2015-09-21T11:38:54.000Z",
"description": "Saker hashes - Xchecked via VT: 2a6dee57cb302a1350ade4a33f40a77c1952cf2e6b29d1be8400c13927e34670",
"pattern": "[file:hashes.MD5 = '6a09c8d0b5497e4fa9bb4f62c8c77ffd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec4e-9704-4410-9880-414f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:54.000Z",
"modified": "2015-09-21T11:38:54.000Z",
"first_observed": "2015-09-21T11:38:54Z",
"last_observed": "2015-09-21T11:38:54Z",
"number_observed": 1,
"object_refs": [
"url--55ffec4e-9704-4410-9880-414f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec4e-9704-4410-9880-414f950d210b",
"value": "https://www.virustotal.com/file/2a6dee57cb302a1350ade4a33f40a77c1952cf2e6b29d1be8400c13927e34670/analysis/1442539419/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec4e-517c-4809-81b1-4353950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:54.000Z",
"modified": "2015-09-21T11:38:54.000Z",
"description": "Saker hashes - Xchecked via VT: 0d2600d978f5c1042e93b701654db080aac144dfa2877844334b1d4cd78f4a1d",
"pattern": "[file:hashes.SHA1 = '774036cfd0d67904de894a019ea15fff03a8fb1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec4f-8adc-42d9-a0d8-4178950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:55.000Z",
"modified": "2015-09-21T11:38:55.000Z",
"description": "Saker hashes - Xchecked via VT: 0d2600d978f5c1042e93b701654db080aac144dfa2877844334b1d4cd78f4a1d",
"pattern": "[file:hashes.MD5 = 'efc847ac17603a4c83d4b4a816bf75c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec4f-7d4c-4222-a830-45c5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:55.000Z",
"modified": "2015-09-21T11:38:55.000Z",
"first_observed": "2015-09-21T11:38:55Z",
"last_observed": "2015-09-21T11:38:55Z",
"number_observed": 1,
"object_refs": [
"url--55ffec4f-7d4c-4222-a830-45c5950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec4f-7d4c-4222-a830-45c5950d210b",
"value": "https://www.virustotal.com/file/0d2600d978f5c1042e93b701654db080aac144dfa2877844334b1d4cd78f4a1d/analysis/1404864185/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec4f-932c-4ffb-bd4d-48db950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:55.000Z",
"modified": "2015-09-21T11:38:55.000Z",
"description": "PlugX hashes - Xchecked via VT: 8a5df5f31a3b4f893a0565967d64e57f41d91e3592bbd8d52f98f81b3fb8452b",
"pattern": "[file:hashes.SHA1 = '104040b1b4db0920684c0d5966a188f7a4e0f2aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec50-89cc-4406-b2e6-4ecf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:56.000Z",
"modified": "2015-09-21T11:38:56.000Z",
"description": "PlugX hashes - Xchecked via VT: 8a5df5f31a3b4f893a0565967d64e57f41d91e3592bbd8d52f98f81b3fb8452b",
"pattern": "[file:hashes.MD5 = 'e5a4c395d3de47fb4efc3c39b0e96bd6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec50-7038-4ca8-bdcc-444d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:56.000Z",
"modified": "2015-09-21T11:38:56.000Z",
"first_observed": "2015-09-21T11:38:56Z",
"last_observed": "2015-09-21T11:38:56Z",
"number_observed": 1,
"object_refs": [
"url--55ffec50-7038-4ca8-bdcc-444d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec50-7038-4ca8-bdcc-444d950d210b",
"value": "https://www.virustotal.com/file/8a5df5f31a3b4f893a0565967d64e57f41d91e3592bbd8d52f98f81b3fb8452b/analysis/1442512598/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec50-b79c-4dec-a88c-44c3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:56.000Z",
"modified": "2015-09-21T11:38:56.000Z",
"description": "PlugX hashes - Xchecked via VT: 8702506e8e75834a8f011cfc268d02043af5522aeda20a8458880c8fbed7ecac",
"pattern": "[file:hashes.SHA1 = 'be3d665893d165f9f25144a3be9eecc115610b49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec51-084c-49be-a0f8-4ac4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:57.000Z",
"modified": "2015-09-21T11:38:57.000Z",
"description": "PlugX hashes - Xchecked via VT: 8702506e8e75834a8f011cfc268d02043af5522aeda20a8458880c8fbed7ecac",
"pattern": "[file:hashes.MD5 = '52c1150cd63b124cac7f8fef5e569849']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec51-0928-4b60-bf72-4ba7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:57.000Z",
"modified": "2015-09-21T11:38:57.000Z",
"first_observed": "2015-09-21T11:38:57Z",
"last_observed": "2015-09-21T11:38:57Z",
"number_observed": 1,
"object_refs": [
"url--55ffec51-0928-4b60-bf72-4ba7950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec51-0928-4b60-bf72-4ba7950d210b",
"value": "https://www.virustotal.com/file/8702506e8e75834a8f011cfc268d02043af5522aeda20a8458880c8fbed7ecac/analysis/1442512598/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec51-4630-4787-8aa8-420e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:57.000Z",
"modified": "2015-09-21T11:38:57.000Z",
"description": "PlugX hashes - Xchecked via VT: 7efcf2211cd68ab459582594b5d75c64830acf25bcaab065bbd60377fb9eb22a",
"pattern": "[file:hashes.SHA1 = 'e41965f8064d2f230093d80029c911742ce02997']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec52-132c-4bed-9c64-449a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:58.000Z",
"modified": "2015-09-21T11:38:58.000Z",
"description": "PlugX hashes - Xchecked via VT: 7efcf2211cd68ab459582594b5d75c64830acf25bcaab065bbd60377fb9eb22a",
"pattern": "[file:hashes.MD5 = 'b2275c113143c6a3f2dbe92599642ad0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec52-6890-4de3-ab70-4209950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:58.000Z",
"modified": "2015-09-21T11:38:58.000Z",
"first_observed": "2015-09-21T11:38:58Z",
"last_observed": "2015-09-21T11:38:58Z",
"number_observed": 1,
"object_refs": [
"url--55ffec52-6890-4de3-ab70-4209950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec52-6890-4de3-ab70-4209950d210b",
"value": "https://www.virustotal.com/file/7efcf2211cd68ab459582594b5d75c64830acf25bcaab065bbd60377fb9eb22a/analysis/1442512597/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec52-0658-4d79-982f-4a2a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:58.000Z",
"modified": "2015-09-21T11:38:58.000Z",
"description": "PlugX hashes - Xchecked via VT: 67cccfa23a7fd1d9ca8160cd977d536c4a40bf9525a93aa4122a89527a96fa8f",
"pattern": "[file:hashes.SHA1 = '4a9d0d20d0b3e4706e8982b7fd7cd140f50bd56d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec53-95e0-4aa2-b18e-41a7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:59.000Z",
"modified": "2015-09-21T11:38:59.000Z",
"description": "PlugX hashes - Xchecked via VT: 67cccfa23a7fd1d9ca8160cd977d536c4a40bf9525a93aa4122a89527a96fa8f",
"pattern": "[file:hashes.MD5 = 'ecaafedebdfa5d8ea3fc302a39da52cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec53-2e44-493c-9d7c-4ee9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:59.000Z",
"modified": "2015-09-21T11:38:59.000Z",
"first_observed": "2015-09-21T11:38:59Z",
"last_observed": "2015-09-21T11:38:59Z",
"number_observed": 1,
"object_refs": [
"url--55ffec53-2e44-493c-9d7c-4ee9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec53-2e44-493c-9d7c-4ee9950d210b",
"value": "https://www.virustotal.com/file/67cccfa23a7fd1d9ca8160cd977d536c4a40bf9525a93aa4122a89527a96fa8f/analysis/1442639093/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec53-defc-4be2-9e49-4271950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:38:59.000Z",
"modified": "2015-09-21T11:38:59.000Z",
"description": "PlugX hashes - Xchecked via VT: 4cadbdb5a09781555cc5d637d3fecf89b9a66fac245d6a3a14989f39a9a48c6e",
"pattern": "[file:hashes.SHA1 = 'dc1c1ec824ea100d12723ef4b0670226c10b919b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:38:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec54-f9ec-48d9-a14d-4bfe950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:00.000Z",
"modified": "2015-09-21T11:39:00.000Z",
"description": "PlugX hashes - Xchecked via VT: 4cadbdb5a09781555cc5d637d3fecf89b9a66fac245d6a3a14989f39a9a48c6e",
"pattern": "[file:hashes.MD5 = 'bd7fa7161c471df73865b8bc20eb8439']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:39:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec54-ad20-4079-837d-4286950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:00.000Z",
"modified": "2015-09-21T11:39:00.000Z",
"first_observed": "2015-09-21T11:39:00Z",
"last_observed": "2015-09-21T11:39:00Z",
"number_observed": 1,
"object_refs": [
"url--55ffec54-ad20-4079-837d-4286950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec54-ad20-4079-837d-4286950d210b",
"value": "https://www.virustotal.com/file/4cadbdb5a09781555cc5d637d3fecf89b9a66fac245d6a3a14989f39a9a48c6e/analysis/1442639245/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec55-b00c-49c0-9e6a-417a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:01.000Z",
"modified": "2015-09-21T11:39:01.000Z",
"description": "PlugX hashes - Xchecked via VT: 49e1f953dc17073bf919972868576b93cc9f3b5b9600f98a0bd9e39e5d229d9e",
"pattern": "[file:hashes.SHA1 = '31c84b759218febe29b405beb6040758159c955f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:39:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec55-e5fc-4e88-8611-4cd7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:01.000Z",
"modified": "2015-09-21T11:39:01.000Z",
"description": "PlugX hashes - Xchecked via VT: 49e1f953dc17073bf919972868576b93cc9f3b5b9600f98a0bd9e39e5d229d9e",
"pattern": "[file:hashes.MD5 = '677c925ff35a226a2c9a562a69f0fd8f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:39:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec55-1404-4850-a159-472f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:01.000Z",
"modified": "2015-09-21T11:39:01.000Z",
"first_observed": "2015-09-21T11:39:01Z",
"last_observed": "2015-09-21T11:39:01Z",
"number_observed": 1,
"object_refs": [
"url--55ffec55-1404-4850-a159-472f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec55-1404-4850-a159-472f950d210b",
"value": "https://www.virustotal.com/file/49e1f953dc17073bf919972868576b93cc9f3b5b9600f98a0bd9e39e5d229d9e/analysis/1442512595/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec56-7a40-4920-909c-4211950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:02.000Z",
"modified": "2015-09-21T11:39:02.000Z",
"description": "PlugX hashes - Xchecked via VT: 3e824972397b322ea9f48fd1a9a02bd6c3eb68cc7de3a4f29e46a5c67b625ec1",
"pattern": "[file:hashes.SHA1 = 'e73207f7afb76c0b68025ad090d60394465ccb85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:39:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec56-9830-4220-a466-4944950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:02.000Z",
"modified": "2015-09-21T11:39:02.000Z",
"description": "PlugX hashes - Xchecked via VT: 3e824972397b322ea9f48fd1a9a02bd6c3eb68cc7de3a4f29e46a5c67b625ec1",
"pattern": "[file:hashes.MD5 = 'd8b17a6f71621259d8e8e84d590d1864']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:39:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec56-37a4-4583-aacb-4e18950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:02.000Z",
"modified": "2015-09-21T11:39:02.000Z",
"first_observed": "2015-09-21T11:39:02Z",
"last_observed": "2015-09-21T11:39:02Z",
"number_observed": 1,
"object_refs": [
"url--55ffec56-37a4-4583-aacb-4e18950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec56-37a4-4583-aacb-4e18950d210b",
"value": "https://www.virustotal.com/file/3e824972397b322ea9f48fd1a9a02bd6c3eb68cc7de3a4f29e46a5c67b625ec1/analysis/1442512595/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec57-b2bc-412a-bafa-480b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:03.000Z",
"modified": "2015-09-21T11:39:03.000Z",
"description": "PlugX hashes - Xchecked via VT: 1b32825f178afe76e290c458ddbf8a3596002c6f9a7763687311f7d211a54aab",
"pattern": "[file:hashes.SHA1 = 'aaf878464203ec8db53187058a595549a7d31f2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:39:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec57-e96c-4663-8225-42e6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:03.000Z",
"modified": "2015-09-21T11:39:03.000Z",
"description": "PlugX hashes - Xchecked via VT: 1b32825f178afe76e290c458ddbf8a3596002c6f9a7763687311f7d211a54aab",
"pattern": "[file:hashes.MD5 = '55075529bf97185ca7f72c719988ac11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:39:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec57-0708-4850-8d45-4717950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:03.000Z",
"modified": "2015-09-21T11:39:03.000Z",
"first_observed": "2015-09-21T11:39:03Z",
"last_observed": "2015-09-21T11:39:03Z",
"number_observed": 1,
"object_refs": [
"url--55ffec57-0708-4850-8d45-4717950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec57-0708-4850-8d45-4717950d210b",
"value": "https://www.virustotal.com/file/1b32825f178afe76e290c458ddbf8a3596002c6f9a7763687311f7d211a54aab/analysis/1442512596/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec58-42c4-4e97-9606-4423950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:04.000Z",
"modified": "2015-09-21T11:39:04.000Z",
"description": "PlugX hashes - Xchecked via VT: 1aa6c5d0c9ad914fb5ed24741ac947d31cac6921ece7b3b807736febda7e2c4b",
"pattern": "[file:hashes.SHA1 = '9124b744367e3f1a98d73311dc41702b713e6b32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:39:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec58-eac4-40cf-8620-489a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:04.000Z",
"modified": "2015-09-21T11:39:04.000Z",
"description": "PlugX hashes - Xchecked via VT: 1aa6c5d0c9ad914fb5ed24741ac947d31cac6921ece7b3b807736febda7e2c4b",
"pattern": "[file:hashes.MD5 = '8173ed653ad5d78027363185e354c5a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:39:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffec58-aaa0-4988-a292-47e6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:04.000Z",
"modified": "2015-09-21T11:39:04.000Z",
"first_observed": "2015-09-21T11:39:04Z",
"last_observed": "2015-09-21T11:39:04Z",
"number_observed": 1,
"object_refs": [
"url--55ffec58-aaa0-4988-a292-47e6950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffec58-aaa0-4988-a292-47e6950d210b",
"value": "https://www.virustotal.com/file/1aa6c5d0c9ad914fb5ed24741ac947d31cac6921ece7b3b807736febda7e2c4b/analysis/1442512596/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec84-b814-4adb-bdd7-40d5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:48.000Z",
"modified": "2015-09-21T11:39:48.000Z",
"description": "Netbot",
"pattern": "[file:hashes.SHA256 = '4524ede160d5476211e99329768b38abd88aacb6fa9334f2c2bbcaab9b0438f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:39:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec85-8d80-4ab6-a715-429e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:49.000Z",
"modified": "2015-09-21T11:39:49.000Z",
"description": "Netbot",
"pattern": "[file:hashes.SHA256 = '317e9deef23ff0e919083ac6c94b5ccd3bb0227f674078d66cdd4a2e5d1ebba9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:39:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec85-a87c-4ae6-8059-4272950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:49.000Z",
"modified": "2015-09-21T11:39:49.000Z",
"description": "Netbot",
"pattern": "[file:hashes.SHA256 = '68a98b8e174cb5af20e0ac97978bad6d245a1cb0970b82a4a269a92e7726d74b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:39:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffec86-5cf8-44ca-b891-4c66950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:39:50.000Z",
"modified": "2015-09-21T11:39:50.000Z",
"description": "Netbot",
"pattern": "[file:hashes.SHA256 = 'f95c6749f4d4fae18f9d384f495dc1c79e7484b309d0d35ea68966763ed325bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffecb9-ff50-4c89-97ed-40c4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:40:41.000Z",
"modified": "2015-09-21T11:40:41.000Z",
"description": "DarkStRat",
"pattern": "[file:hashes.SHA256 = 'b38aa09a2334e11a73ef9a926694f2054789934daa38afeb8d00bce6949b6c4c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:40:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffecb9-0c08-40b0-aa01-4bf6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:40:41.000Z",
"modified": "2015-09-21T11:40:41.000Z",
"description": "DarkStRat",
"pattern": "[file:hashes.SHA256 = '0d219aa54b1d417da61bd4aed5eeb53d6cba91b3287d53186b21fed450248215']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:40:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffecd8-2c50-4ddb-a4ad-4473950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:12.000Z",
"modified": "2015-09-21T11:41:12.000Z",
"pattern": "[domain-name:value = 'pressmil.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffecd8-3054-416d-9a5e-4360950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:12.000Z",
"modified": "2015-09-21T11:41:12.000Z",
"pattern": "[domain-name:value = 'notebookhk.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffecd9-71b4-4cce-9241-4d30950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:13.000Z",
"modified": "2015-09-21T11:41:13.000Z",
"pattern": "[domain-name:value = 'dicemention.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffecd9-1b18-49f9-8fb6-42f5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:13.000Z",
"modified": "2015-09-21T11:41:13.000Z",
"pattern": "[domain-name:value = 'leeghost.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffecfc-1664-4f6d-8376-4731950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:48.000Z",
"modified": "2015-09-21T11:41:48.000Z",
"description": "DarkStRat - Xchecked via VT: 0d219aa54b1d417da61bd4aed5eeb53d6cba91b3287d53186b21fed450248215",
"pattern": "[file:hashes.SHA1 = '01b4b92d5839ecf3130f5c69652295fe4f2da0c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffecfd-ac9c-4979-a892-4d12950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:49.000Z",
"modified": "2015-09-21T11:41:49.000Z",
"description": "DarkStRat - Xchecked via VT: 0d219aa54b1d417da61bd4aed5eeb53d6cba91b3287d53186b21fed450248215",
"pattern": "[file:hashes.MD5 = '4c184b9f897999b4daa4fbe2b023292e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffecfd-8eac-42c0-b699-4835950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:49.000Z",
"modified": "2015-09-21T11:41:49.000Z",
"first_observed": "2015-09-21T11:41:49Z",
"last_observed": "2015-09-21T11:41:49Z",
"number_observed": 1,
"object_refs": [
"url--55ffecfd-8eac-42c0-b699-4835950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffecfd-8eac-42c0-b699-4835950d210b",
"value": "https://www.virustotal.com/file/0d219aa54b1d417da61bd4aed5eeb53d6cba91b3287d53186b21fed450248215/analysis/1402992163/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffecfd-e4c4-44db-a309-4c7d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:49.000Z",
"modified": "2015-09-21T11:41:49.000Z",
"description": "DarkStRat - Xchecked via VT: b38aa09a2334e11a73ef9a926694f2054789934daa38afeb8d00bce6949b6c4c",
"pattern": "[file:hashes.SHA1 = '1e76b395905c77f395c050d6b52b7e71890efab6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffecfe-f804-47c0-aea7-4670950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:50.000Z",
"modified": "2015-09-21T11:41:50.000Z",
"description": "DarkStRat - Xchecked via VT: b38aa09a2334e11a73ef9a926694f2054789934daa38afeb8d00bce6949b6c4c",
"pattern": "[file:hashes.MD5 = '2395693481ea36feb66dac46da374eef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffecfe-9e6c-421e-b081-4c93950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:50.000Z",
"modified": "2015-09-21T11:41:50.000Z",
"first_observed": "2015-09-21T11:41:50Z",
"last_observed": "2015-09-21T11:41:50Z",
"number_observed": 1,
"object_refs": [
"url--55ffecfe-9e6c-421e-b081-4c93950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffecfe-9e6c-421e-b081-4c93950d210b",
"value": "https://www.virustotal.com/file/b38aa09a2334e11a73ef9a926694f2054789934daa38afeb8d00bce6949b6c4c/analysis/1442539514/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffecfe-0254-433b-9e46-4b3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:50.000Z",
"modified": "2015-09-21T11:41:50.000Z",
"description": "Netbot - Xchecked via VT: f95c6749f4d4fae18f9d384f495dc1c79e7484b309d0d35ea68966763ed325bd",
"pattern": "[file:hashes.SHA1 = '4a4a082adbaa881b6880d739bf45859de51ca045']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffecff-f460-458e-a499-4cf9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:51.000Z",
"modified": "2015-09-21T11:41:51.000Z",
"description": "Netbot - Xchecked via VT: f95c6749f4d4fae18f9d384f495dc1c79e7484b309d0d35ea68966763ed325bd",
"pattern": "[file:hashes.MD5 = '9056cf50f74bc4f695d178c80ad19275']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffecff-9234-4de1-aab0-4b75950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:51.000Z",
"modified": "2015-09-21T11:41:51.000Z",
"first_observed": "2015-09-21T11:41:51Z",
"last_observed": "2015-09-21T11:41:51Z",
"number_observed": 1,
"object_refs": [
"url--55ffecff-9234-4de1-aab0-4b75950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffecff-9234-4de1-aab0-4b75950d210b",
"value": "https://www.virustotal.com/file/f95c6749f4d4fae18f9d384f495dc1c79e7484b309d0d35ea68966763ed325bd/analysis/1442679428/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffecff-e6c0-45fe-ab49-4153950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:51.000Z",
"modified": "2015-09-21T11:41:51.000Z",
"description": "Netbot - Xchecked via VT: 68a98b8e174cb5af20e0ac97978bad6d245a1cb0970b82a4a269a92e7726d74b",
"pattern": "[file:hashes.SHA1 = '082926b9c55363fd5b6c4dee56d8fb3dd356d64a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffed00-b400-4a65-82e8-43f5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:52.000Z",
"modified": "2015-09-21T11:41:52.000Z",
"description": "Netbot - Xchecked via VT: 68a98b8e174cb5af20e0ac97978bad6d245a1cb0970b82a4a269a92e7726d74b",
"pattern": "[file:hashes.MD5 = '52d116f11dd9117ffd3f067a28acbfb2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffed00-c1d4-4003-bd2a-40c3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:52.000Z",
"modified": "2015-09-21T11:41:52.000Z",
"first_observed": "2015-09-21T11:41:52Z",
"last_observed": "2015-09-21T11:41:52Z",
"number_observed": 1,
"object_refs": [
"url--55ffed00-c1d4-4003-bd2a-40c3950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffed00-c1d4-4003-bd2a-40c3950d210b",
"value": "https://www.virustotal.com/file/68a98b8e174cb5af20e0ac97978bad6d245a1cb0970b82a4a269a92e7726d74b/analysis/1431227473/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffed00-2998-4b78-859a-4b9e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:52.000Z",
"modified": "2015-09-21T11:41:52.000Z",
"description": "Netbot - Xchecked via VT: 317e9deef23ff0e919083ac6c94b5ccd3bb0227f674078d66cdd4a2e5d1ebba9",
"pattern": "[file:hashes.SHA1 = '0f54ace0dcb2049bc80b715fc3011d537d33b2bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffed01-9fe8-4bbd-9ce6-4e34950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:53.000Z",
"modified": "2015-09-21T11:41:53.000Z",
"description": "Netbot - Xchecked via VT: 317e9deef23ff0e919083ac6c94b5ccd3bb0227f674078d66cdd4a2e5d1ebba9",
"pattern": "[file:hashes.MD5 = 'e11283c8b67e008cfb5abcaca355d2f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffed01-803c-4b52-ba42-402a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:53.000Z",
"modified": "2015-09-21T11:41:53.000Z",
"first_observed": "2015-09-21T11:41:53Z",
"last_observed": "2015-09-21T11:41:53Z",
"number_observed": 1,
"object_refs": [
"url--55ffed01-803c-4b52-ba42-402a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffed01-803c-4b52-ba42-402a950d210b",
"value": "https://www.virustotal.com/file/317e9deef23ff0e919083ac6c94b5ccd3bb0227f674078d66cdd4a2e5d1ebba9/analysis/1431226013/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffed01-2620-4559-8438-4e00950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:53.000Z",
"modified": "2015-09-21T11:41:53.000Z",
"description": "Netbot - Xchecked via VT: 4524ede160d5476211e99329768b38abd88aacb6fa9334f2c2bbcaab9b0438f5",
"pattern": "[file:hashes.SHA1 = 'd960db1fc0c6d72ecc26d65888398856bd5fdb85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ffed02-0690-426c-ad68-4b72950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:54.000Z",
"modified": "2015-09-21T11:41:54.000Z",
"description": "Netbot - Xchecked via VT: 4524ede160d5476211e99329768b38abd88aacb6fa9334f2c2bbcaab9b0438f5",
"pattern": "[file:hashes.MD5 = '2be7e7d330347976bfabc54cdda71a37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-21T11:41:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ffed02-0318-48e2-ac63-4500950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-21T11:41:54.000Z",
"modified": "2015-09-21T11:41:54.000Z",
"first_observed": "2015-09-21T11:41:54Z",
"last_observed": "2015-09-21T11:41:54Z",
"number_observed": 1,
"object_refs": [
"url--55ffed02-0318-48e2-ac63-4500950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ffed02-0318-48e2-ac63-4500950d210b",
"value": "https://www.virustotal.com/file/4524ede160d5476211e99329768b38abd88aacb6fa9334f2c2bbcaab9b0438f5/analysis/1380748636/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink