adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59aefa78-008c-4e61-a035-4bfb02de0b81.json

1882 lines
No EOL
80 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--59aefa78-008c-4e61-a035-4bfb02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59aefa78-008c-4e61-a035-4bfb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"name": "OSINT - Jimmy Nukebot: from Neutrino with love",
"published": "2017-09-05T19:30:12Z",
"object_refs": [
"x-misp-attribute--59aefa8d-42cc-4b1c-925c-bc9b02de0b81",
"observed-data--59aefa9a-7fd8-4bfa-9b89-4f4202de0b81",
"url--59aefa9a-7fd8-4bfa-9b89-4f4202de0b81",
"indicator--59aefac1-0418-4cf1-ba15-bc1402de0b81",
"indicator--59aefac1-60d8-463c-8703-bc1402de0b81",
"indicator--59aefac1-d820-4dce-b2ec-bc1402de0b81",
"indicator--59aefac1-76e4-46fe-a4a9-bc1402de0b81",
"indicator--59aefac1-cb14-4f72-b2e3-bc1402de0b81",
"indicator--59aeface-5ad4-4fbb-ad9a-bc1402de0b81",
"indicator--59aeface-f0dc-4785-8983-bc1402de0b81",
"indicator--59aeface-6eac-4664-8f32-bc1402de0b81",
"indicator--59aefae2-95a4-46ec-88d6-0eb902de0b81",
"indicator--59aefae2-7e54-4fd7-9636-0eb902de0b81",
"indicator--59aefae2-fe10-437d-b10e-0eb902de0b81",
"indicator--59aefae2-b494-4300-a6e4-0eb902de0b81",
"indicator--59aefae2-d43c-47b2-a88d-0eb902de0b81",
"indicator--59aefae2-ee08-4615-b5e0-0eb902de0b81",
"indicator--59aefae2-fb68-4da9-ad03-0eb902de0b81",
"indicator--59aefae2-7740-49c4-aaf3-0eb902de0b81",
"indicator--59aefae2-ee68-4fb9-ba64-0eb902de0b81",
"indicator--59aefae2-5eec-4ff1-8252-0eb902de0b81",
"indicator--59aefae2-ccb4-4dc4-984c-0eb902de0b81",
"indicator--59aefae2-d99c-4ec2-a3fe-0eb902de0b81",
"indicator--59aefb35-f0d4-4a0a-8314-4de602de0b81",
"indicator--59aefb35-fb00-47a9-b316-4f3d02de0b81",
"observed-data--59aefb35-8cb8-43f2-89c6-40a302de0b81",
"url--59aefb35-8cb8-43f2-89c6-40a302de0b81",
"indicator--59aefb35-ee00-4a8b-9215-4d7902de0b81",
"indicator--59aefb35-f3bc-4103-b389-45e202de0b81",
"observed-data--59aefb35-a25c-416f-92e3-49be02de0b81",
"url--59aefb35-a25c-416f-92e3-49be02de0b81",
"indicator--59aefb35-9644-402a-a8e1-485b02de0b81",
"indicator--59aefb35-9d50-42d9-9efe-42d702de0b81",
"observed-data--59aefb35-e3e4-4e5c-9243-4acd02de0b81",
"url--59aefb35-e3e4-4e5c-9243-4acd02de0b81",
"indicator--59aefb35-2970-40be-8c32-4f4d02de0b81",
"indicator--59aefb35-866c-484a-9825-4f5102de0b81",
"observed-data--59aefb35-4e0c-493e-9988-46c602de0b81",
"url--59aefb35-4e0c-493e-9988-46c602de0b81",
"indicator--59aefb35-d6c8-4a6e-9059-45eb02de0b81",
"indicator--59aefb35-67dc-4417-99a3-4e4402de0b81",
"observed-data--59aefb35-f828-4e71-b3f8-4dd902de0b81",
"url--59aefb35-f828-4e71-b3f8-4dd902de0b81",
"indicator--59aefb35-d4a0-46f6-bf0e-4d8d02de0b81",
"indicator--59aefb35-b17c-4ed8-9f9c-4c3502de0b81",
"observed-data--59aefb35-d468-4d3e-9a07-401602de0b81",
"url--59aefb35-d468-4d3e-9a07-401602de0b81",
"indicator--59aefb35-1568-459f-86d0-4ab602de0b81",
"indicator--59aefb35-b9a0-424c-a9db-406902de0b81",
"observed-data--59aefb35-b770-4ded-8d14-489b02de0b81",
"url--59aefb35-b770-4ded-8d14-489b02de0b81",
"indicator--59aefb35-2e58-4c10-ad26-404302de0b81",
"indicator--59aefb35-633c-4b9b-a246-4d4102de0b81",
"observed-data--59aefb35-2098-4f71-81d3-408902de0b81",
"url--59aefb35-2098-4f71-81d3-408902de0b81",
"indicator--59aefb35-2b4c-4e36-9392-411502de0b81",
"indicator--59aefb35-e4c0-44df-baa3-479a02de0b81",
"observed-data--59aefb35-8f5c-4d62-a369-45a002de0b81",
"url--59aefb35-8f5c-4d62-a369-45a002de0b81",
"indicator--59aefb35-d318-43b2-b91a-483702de0b81",
"indicator--59aefb35-25ac-49de-b616-4f0902de0b81",
"observed-data--59aefb35-8524-4252-8631-419002de0b81",
"url--59aefb35-8524-4252-8631-419002de0b81",
"indicator--59aefb35-3064-49fc-978b-47e702de0b81",
"indicator--59aefb35-9554-42b7-b084-4ad102de0b81",
"observed-data--59aefb35-a38c-4351-afa1-476002de0b81",
"url--59aefb35-a38c-4351-afa1-476002de0b81",
"indicator--59aefb35-1f24-471d-ba7f-4d5f02de0b81",
"indicator--59aefb35-194c-42ac-8750-428a02de0b81",
"observed-data--59aefb35-b550-4d64-a3e3-4cf202de0b81",
"url--59aefb35-b550-4d64-a3e3-4cf202de0b81",
"indicator--59aefb35-9d80-4b44-8f1b-4bfc02de0b81",
"indicator--59aefb35-d7b8-4eac-b31f-425202de0b81",
"observed-data--59aefb35-be2c-41c2-9009-460202de0b81",
"url--59aefb35-be2c-41c2-9009-460202de0b81",
"indicator--59aefb35-41d4-436f-abe2-45b902de0b81",
"indicator--59aefb35-5240-4f5e-a3e8-4e6502de0b81",
"observed-data--59aefb35-9cd8-473d-8d44-4c5202de0b81",
"url--59aefb35-9cd8-473d-8d44-4c5202de0b81",
"indicator--59aefb35-54fc-4ac9-a599-4cb202de0b81",
"indicator--59aefb35-2194-4a15-8703-404b02de0b81",
"observed-data--59aefb35-9ee0-4375-bfb6-4f9402de0b81",
"url--59aefb35-9ee0-4375-bfb6-4f9402de0b81",
"indicator--59aefb35-7e9c-4fb7-b002-441702de0b81",
"indicator--59aefb35-8ec8-4dba-8952-4b3402de0b81",
"observed-data--59aefb35-0e6c-4abc-95be-451a02de0b81",
"url--59aefb35-0e6c-4abc-95be-451a02de0b81",
"indicator--59aefb35-c074-4f61-9f9a-428702de0b81",
"indicator--59aefb35-36b8-4391-8943-466c02de0b81",
"observed-data--59aefb35-d790-42c4-8efd-4b7402de0b81",
"url--59aefb35-d790-42c4-8efd-4b7402de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:exploit-kit=\"Neutrino\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59aefa8d-42cc-4b1c-925c-bc9b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family. A week after publication, this Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as Trojan-Banker.Win32.Jimmy.\r\n\r\nNeutrinoPOS vs Jimmy\r\n\r\nThe authors seriously rewrote the Trojan \u00e2\u20ac\u201c the main body was restructured, the functions were moved to the modules. One small difference that immediately stands out is in the calculation of checksums from the names of API functions/libraries and strings. In the first case, the checksums are used to find the necessary API calls; in the second case, for a comparison of strings (commands, process names). This approach makes static analysis much more complicated: for example, to identify which detected process halts the Trojan operation, it\u00e2\u20ac\u2122s necessary to calculate the checksums from a huge list of strings, or to bruteforce the symbols in a certain length range. NeutrinoPOS uses two different algorithms to calculate checksums for the names of API calls, libraries and for the strings."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefa9a-7fd8-4bfa-9b89-4f4202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"first_observed": "2017-09-05T19:29:56Z",
"last_observed": "2017-09-05T19:29:56Z",
"number_observed": 1,
"object_refs": [
"url--59aefa9a-7fd8-4bfa-9b89-4f4202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefa9a-7fd8-4bfa-9b89-4f4202de0b81",
"value": "https://securelist.com/jimmy-nukebot-from-neutrino-with-love/81667/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefac1-0418-4cf1-ba15-bc1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Droppers",
"pattern": "[file:hashes.MD5 = 'c989d501460a8e8e381b81b807ccbe90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefac1-60d8-463c-8703-bc1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Droppers",
"pattern": "[file:hashes.MD5 = 'e584c6e999a509ac21583d9543492ef4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefac1-d820-4dce-b2ec-bc1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Droppers",
"pattern": "[file:hashes.MD5 = '2e55bd0d409bf9658887e02a7c578019']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefac1-76e4-46fe-a4a9-bc1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Droppers",
"pattern": "[file:hashes.MD5 = 'bccd77cf0269da7dc914885cda626c6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefac1-cb14-4f72-b2e3-bc1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Droppers",
"pattern": "[file:hashes.MD5 = '86d7d3b50e4dc4181c28ccbaafb89ab3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeface-5ad4-4fbb-ad9a-bc1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Main body",
"pattern": "[file:hashes.MD5 = '174256b5f1ee80be1b847d428c5180e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeface-f0dc-4785-8983-bc1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Main body",
"pattern": "[file:hashes.MD5 = '336841d91c37b07134adba135828e66e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aeface-6eac-4664-8f32-bc1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Main body",
"pattern": "[file:hashes.MD5 = 'fe9a46cefdb41095f10d459bb9943682']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefae2-95a4-46ec-88d6-0eb902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Modules",
"pattern": "[file:hashes.MD5 = '380356b8297893b4fc9273d42f15e9db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefae2-7e54-4fd7-9636-0eb902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Modules",
"pattern": "[file:hashes.MD5 = '2fa18456e14bea53ec0d7c898d94043b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefae2-fe10-437d-b10e-0eb902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Modules",
"pattern": "[file:hashes.MD5 = '7040b5ac432064780a17024ab0a3792a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefae2-b494-4300-a6e4-0eb902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Modules",
"pattern": "[file:hashes.MD5 = '629a4d2b79abe48fb21afd625f674354']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefae2-d43c-47b2-a88d-0eb902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Modules",
"pattern": "[file:hashes.MD5 = '05846839daa851006b119a2b4f9687bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefae2-ee08-4615-b5e0-0eb902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Modules",
"pattern": "[file:hashes.MD5 = '2362e3bebad1089ddfe40c8996b0bf45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefae2-fb68-4da9-ad03-0eb902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Modules",
"pattern": "[file:hashes.MD5 = '4042c27f082f48e253be66528938640c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefae2-7740-49c4-aaf3-0eb902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Modules",
"pattern": "[file:hashes.MD5 = '443831a3057e9a62455d4bd3c7e04144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefae2-ee68-4fb9-ba64-0eb902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Modules",
"pattern": "[file:hashes.MD5 = '4762b90c0305a2681ce42b9d05b9e741']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefae2-5eec-4ff1-8252-0eb902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Modules",
"pattern": "[file:hashes.MD5 = 'cb01e3a0799d4c318f74e439cce0413f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefae2-ccb4-4dc4-984c-0eb902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Modules",
"pattern": "[file:hashes.MD5 = 'd9f58167a9a22bd1fa9aa0f991aeaf11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefae2-d99c-4ec2-a3fe-0eb902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:56.000Z",
"modified": "2017-09-05T19:29:56.000Z",
"description": "Modules",
"pattern": "[file:hashes.MD5 = 'e991936e09697de8495d05b484f3a3e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-f0d4-4a0a-8314-4de602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: e991936e09697de8495d05b484f3a3e2",
"pattern": "[file:hashes.SHA256 = '7a16129c5f35e9f4accaa1f37416a9447310139022b5eb2de4e5661baf236368']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-fb00-47a9-b316-4f3d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: e991936e09697de8495d05b484f3a3e2",
"pattern": "[file:hashes.SHA1 = 'acc4258962bc3a79fe323006e233b3d842d5a51c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-8cb8-43f2-89c6-40a302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-8cb8-43f2-89c6-40a302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-8cb8-43f2-89c6-40a302de0b81",
"value": "https://www.virustotal.com/file/7a16129c5f35e9f4accaa1f37416a9447310139022b5eb2de4e5661baf236368/analysis/1503475408/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-ee00-4a8b-9215-4d7902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: d9f58167a9a22bd1fa9aa0f991aeaf11",
"pattern": "[file:hashes.SHA256 = '0e7cdb0ecbe4003cf3ebc95ff442c3a54e9c40459d678d47a0da057f78b0d113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-f3bc-4103-b389-45e202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: d9f58167a9a22bd1fa9aa0f991aeaf11",
"pattern": "[file:hashes.SHA1 = '8ee7c3c754dc5780ae8203abd2658190819ba379']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-a25c-416f-92e3-49be02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-a25c-416f-92e3-49be02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-a25c-416f-92e3-49be02de0b81",
"value": "https://www.virustotal.com/file/0e7cdb0ecbe4003cf3ebc95ff442c3a54e9c40459d678d47a0da057f78b0d113/analysis/1504014536/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-9644-402a-a8e1-485b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: cb01e3a0799d4c318f74e439cce0413f",
"pattern": "[file:hashes.SHA256 = 'a7af1cf95f4578da0c29bfcacabaa7df3bc621021bfb2dee8a58a5d239a943c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-9d50-42d9-9efe-42d702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: cb01e3a0799d4c318f74e439cce0413f",
"pattern": "[file:hashes.SHA1 = '060dbc37943ddc01f542018d71a99a3a6da324fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-e3e4-4e5c-9243-4acd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-e3e4-4e5c-9243-4acd02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-e3e4-4e5c-9243-4acd02de0b81",
"value": "https://www.virustotal.com/file/a7af1cf95f4578da0c29bfcacabaa7df3bc621021bfb2dee8a58a5d239a943c6/analysis/1504014536/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-2970-40be-8c32-4f4d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 4762b90c0305a2681ce42b9d05b9e741",
"pattern": "[file:hashes.SHA256 = '8f4d621b6abfd26401615a46f8feb0d04ca9bdcc126eb5bdde943c1d968e39f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-866c-484a-9825-4f5102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 4762b90c0305a2681ce42b9d05b9e741",
"pattern": "[file:hashes.SHA1 = '868fe05d78ecfede53fdbbc9fb0a30bef84a30b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-4e0c-493e-9988-46c602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-4e0c-493e-9988-46c602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-4e0c-493e-9988-46c602de0b81",
"value": "https://www.virustotal.com/file/8f4d621b6abfd26401615a46f8feb0d04ca9bdcc126eb5bdde943c1d968e39f2/analysis/1504320295/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-d6c8-4a6e-9059-45eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 443831a3057e9a62455d4bd3c7e04144",
"pattern": "[file:hashes.SHA256 = 'b147e3debbe54d11c9ac2c642006dc9dafa0d0036728168b4e173e43aafeade7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-67dc-4417-99a3-4e4402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 443831a3057e9a62455d4bd3c7e04144",
"pattern": "[file:hashes.SHA1 = 'b2f6649f634714eb5fec05749b1769ab2867d3a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-f828-4e71-b3f8-4dd902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-f828-4e71-b3f8-4dd902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-f828-4e71-b3f8-4dd902de0b81",
"value": "https://www.virustotal.com/file/b147e3debbe54d11c9ac2c642006dc9dafa0d0036728168b4e173e43aafeade7/analysis/1504014536/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-d4a0-46f6-bf0e-4d8d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 4042c27f082f48e253be66528938640c",
"pattern": "[file:hashes.SHA256 = '8098926bf0da54a981e4e85f8b691bf2acb2dcc1edaab5d83d3efd92738fa80c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-b17c-4ed8-9f9c-4c3502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 4042c27f082f48e253be66528938640c",
"pattern": "[file:hashes.SHA1 = 'bca0ab998214e62b9d15bf75015de666b0d82c70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-d468-4d3e-9a07-401602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-d468-4d3e-9a07-401602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-d468-4d3e-9a07-401602de0b81",
"value": "https://www.virustotal.com/file/8098926bf0da54a981e4e85f8b691bf2acb2dcc1edaab5d83d3efd92738fa80c/analysis/1504014536/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-1568-459f-86d0-4ab602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 2362e3bebad1089ddfe40c8996b0bf45",
"pattern": "[file:hashes.SHA256 = 'f79093f65778e5d558a2a5291f93e623bfacfc00389b8a69b7ec8619380aa499']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-b9a0-424c-a9db-406902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 2362e3bebad1089ddfe40c8996b0bf45",
"pattern": "[file:hashes.SHA1 = '3c50550c5eaa030b61fcdca1c78b26b42bb47b09']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-b770-4ded-8d14-489b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-b770-4ded-8d14-489b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-b770-4ded-8d14-489b02de0b81",
"value": "https://www.virustotal.com/file/f79093f65778e5d558a2a5291f93e623bfacfc00389b8a69b7ec8619380aa499/analysis/1504014535/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-2e58-4c10-ad26-404302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 05846839daa851006b119a2b4f9687bf",
"pattern": "[file:hashes.SHA256 = '40c51de912ebe1f1ceccb3aeff18cb07d584a93228a47f006400c1b695e1eca1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-633c-4b9b-a246-4d4102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 05846839daa851006b119a2b4f9687bf",
"pattern": "[file:hashes.SHA1 = 'e3104fd17c31ac835e3b3d1216e208ed64d26d93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-2098-4f71-81d3-408902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-2098-4f71-81d3-408902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-2098-4f71-81d3-408902de0b81",
"value": "https://www.virustotal.com/file/40c51de912ebe1f1ceccb3aeff18cb07d584a93228a47f006400c1b695e1eca1/analysis/1504014535/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-2b4c-4e36-9392-411502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 629a4d2b79abe48fb21afd625f674354",
"pattern": "[file:hashes.SHA256 = '87f3441f1007279756478cbc5bbf4178df1d1bc455210f43180e5131735203f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-e4c0-44df-baa3-479a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 629a4d2b79abe48fb21afd625f674354",
"pattern": "[file:hashes.SHA1 = 'dc0d140b4a8e823176c4896c1168156356a41865']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-8f5c-4d62-a369-45a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-8f5c-4d62-a369-45a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-8f5c-4d62-a369-45a002de0b81",
"value": "https://www.virustotal.com/file/87f3441f1007279756478cbc5bbf4178df1d1bc455210f43180e5131735203f8/analysis/1504014535/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-d318-43b2-b91a-483702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 7040b5ac432064780a17024ab0a3792a",
"pattern": "[file:hashes.SHA256 = '377c3fe07774a907ad759062845b2848ce39395661e9931d6f838d4c6614d552']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-25ac-49de-b616-4f0902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 7040b5ac432064780a17024ab0a3792a",
"pattern": "[file:hashes.SHA1 = '714e45d0ed4cd5e9684b325fad49eb00b5757221']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-8524-4252-8631-419002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-8524-4252-8631-419002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-8524-4252-8631-419002de0b81",
"value": "https://www.virustotal.com/file/377c3fe07774a907ad759062845b2848ce39395661e9931d6f838d4c6614d552/analysis/1504014535/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-3064-49fc-978b-47e702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 2fa18456e14bea53ec0d7c898d94043b",
"pattern": "[file:hashes.SHA256 = '70221154c553623d38f701d42bf5d595db6e3a8784d9f32cf6bb28171df8bf3b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-9554-42b7-b084-4ad102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 2fa18456e14bea53ec0d7c898d94043b",
"pattern": "[file:hashes.SHA1 = 'a932be7bc82ad4f9b1e7d4274d028c807b50c92c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-a38c-4351-afa1-476002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-a38c-4351-afa1-476002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-a38c-4351-afa1-476002de0b81",
"value": "https://www.virustotal.com/file/70221154c553623d38f701d42bf5d595db6e3a8784d9f32cf6bb28171df8bf3b/analysis/1504014535/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-1f24-471d-ba7f-4d5f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 380356b8297893b4fc9273d42f15e9db",
"pattern": "[file:hashes.SHA256 = '5716fa21b2ab01d8d4ef8be1928e3c356926c04e00774158c04f75b30a1e1bfd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-194c-42ac-8750-428a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Modules - Xchecked via VT: 380356b8297893b4fc9273d42f15e9db",
"pattern": "[file:hashes.SHA1 = '1939c496b0e207e028e84f4e85b6db40dd27200c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-b550-4d64-a3e3-4cf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-b550-4d64-a3e3-4cf202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-b550-4d64-a3e3-4cf202de0b81",
"value": "https://www.virustotal.com/file/5716fa21b2ab01d8d4ef8be1928e3c356926c04e00774158c04f75b30a1e1bfd/analysis/1504014535/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-9d80-4b44-8f1b-4bfc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Main body - Xchecked via VT: fe9a46cefdb41095f10d459bb9943682",
"pattern": "[file:hashes.SHA256 = '19dbf37c77a28c86add5339ac4e8ed93e51651f338fe6fec4e90d5c0b161359c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-d7b8-4eac-b31f-425202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Main body - Xchecked via VT: fe9a46cefdb41095f10d459bb9943682",
"pattern": "[file:hashes.SHA1 = '1dd977c83f6e9e82690136be0f32c9a000c4330a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-be2c-41c2-9009-460202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-be2c-41c2-9009-460202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-be2c-41c2-9009-460202de0b81",
"value": "https://www.virustotal.com/file/19dbf37c77a28c86add5339ac4e8ed93e51651f338fe6fec4e90d5c0b161359c/analysis/1503388862/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-41d4-436f-abe2-45b902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Droppers - Xchecked via VT: 86d7d3b50e4dc4181c28ccbaafb89ab3",
"pattern": "[file:hashes.SHA256 = '29aae4417fc8cccaeb4617c6ac4e981a2c9f182e6b57f6dd23f05f665408de3f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-5240-4f5e-a3e8-4e6502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Droppers - Xchecked via VT: 86d7d3b50e4dc4181c28ccbaafb89ab3",
"pattern": "[file:hashes.SHA1 = 'c32a11cb28627eee2eba0c100d0e9c72fed90259']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-9cd8-473d-8d44-4c5202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-9cd8-473d-8d44-4c5202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-9cd8-473d-8d44-4c5202de0b81",
"value": "https://www.virustotal.com/file/29aae4417fc8cccaeb4617c6ac4e981a2c9f182e6b57f6dd23f05f665408de3f/analysis/1504523159/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-54fc-4ac9-a599-4cb202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Droppers - Xchecked via VT: bccd77cf0269da7dc914885cda626c6c",
"pattern": "[file:hashes.SHA256 = 'bdd7aa8f4e33c4b3c3c137ed782824f271a947bf60fc0dba8a2fb2c65da5e08e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-2194-4a15-8703-404b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Droppers - Xchecked via VT: bccd77cf0269da7dc914885cda626c6c",
"pattern": "[file:hashes.SHA1 = '5af94b0339ab19c928868bab4cadb37a1a31dee8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-9ee0-4375-bfb6-4f9402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-9ee0-4375-bfb6-4f9402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-9ee0-4375-bfb6-4f9402de0b81",
"value": "https://www.virustotal.com/file/bdd7aa8f4e33c4b3c3c137ed782824f271a947bf60fc0dba8a2fb2c65da5e08e/analysis/1504014534/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-7e9c-4fb7-b002-441702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Droppers - Xchecked via VT: e584c6e999a509ac21583d9543492ef4",
"pattern": "[file:hashes.SHA256 = 'af075c48c9f08ac213428391eb114bdff3728d6dbc80a4b7c716a7d07e307f36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-8ec8-4dba-8952-4b3402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Droppers - Xchecked via VT: e584c6e999a509ac21583d9543492ef4",
"pattern": "[file:hashes.SHA1 = 'a571d02432fb580424f19ed4ed908eb43e0b11ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-0e6c-4abc-95be-451a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-0e6c-4abc-95be-451a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-0e6c-4abc-95be-451a02de0b81",
"value": "https://www.virustotal.com/file/af075c48c9f08ac213428391eb114bdff3728d6dbc80a4b7c716a7d07e307f36/analysis/1499844684/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-c074-4f61-9f9a-428702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Droppers - Xchecked via VT: c989d501460a8e8e381b81b807ccbe90",
"pattern": "[file:hashes.SHA256 = 'a57c77e5484ad669c30b9b10bb2880fd6dfa7a6b13a51d40625df935648ab35d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59aefb35-36b8-4391-8943-466c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"description": "Droppers - Xchecked via VT: c989d501460a8e8e381b81b807ccbe90",
"pattern": "[file:hashes.SHA1 = '4db730976f7f1d28644214e6a2850be28110b1d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-05T19:29:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59aefb35-d790-42c4-8efd-4b7402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-05T19:29:57.000Z",
"modified": "2017-09-05T19:29:57.000Z",
"first_observed": "2017-09-05T19:29:57Z",
"last_observed": "2017-09-05T19:29:57Z",
"number_observed": 1,
"object_refs": [
"url--59aefb35-d790-42c4-8efd-4b7402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59aefb35-d790-42c4-8efd-4b7402de0b81",
"value": "https://www.virustotal.com/file/a57c77e5484ad669c30b9b10bb2880fd6dfa7a6b13a51d40625df935648ab35d/analysis/1500747149/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink