misp-circl-feed/feeds/circl/misp/553ead98-1fb4-4ee6-a8ea-ad6d950d210b.json

2486 lines
No EOL
113 KiB
JSON

{
"type": "bundle",
"id": "bundle--553ead98-1fb4-4ee6-a8ea-ad6d950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:39.000Z",
"modified": "2015-11-13T21:19:39.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--553ead98-1fb4-4ee6-a8ea-ad6d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:39.000Z",
"modified": "2015-11-13T21:19:39.000Z",
"name": "OSINT Enterprises Hit by BARTALEX Macro Malware in Recent Spam Outbreak by Trend Micro",
"published": "2015-11-13T21:24:19Z",
"object_refs": [
"observed-data--553eade5-793c-4a21-bc6e-069f950d210b",
"url--553eade5-793c-4a21-bc6e-069f950d210b",
"x-misp-attribute--553eaded-4b28-4e7d-9de9-7df5950d210b",
"x-misp-attribute--553eae0e-b2a0-4f0c-a87f-ad6d950d210b",
"indicator--553eae22-047c-47ae-ad12-7df5950d210b",
"indicator--553eae23-93d4-4d15-bac4-7df5950d210b",
"indicator--553eae23-dd90-4b93-9027-7df5950d210b",
"indicator--553eae4f-f320-4b97-a4c7-7df5950d210b",
"indicator--553eae67-20b8-4592-b5ef-7dfa950d210b",
"indicator--553eae67-e224-4269-89c7-7dfa950d210b",
"indicator--553eae67-580c-405e-92ed-7dfa950d210b",
"indicator--553eae67-bdac-494c-9833-7dfa950d210b",
"indicator--553eae67-45d4-45e3-8497-7dfa950d210b",
"indicator--553eae68-74cc-4173-986d-7dfa950d210b",
"indicator--553eae68-5274-4783-afb2-7dfa950d210b",
"indicator--553eae68-51b8-4346-afba-7dfa950d210b",
"indicator--553eae68-ce6c-4cf8-892d-7dfa950d210b",
"indicator--553eae68-1e20-4ee6-a27e-7dfa950d210b",
"indicator--55466137-aa1c-41b4-817d-4ad5950d210b",
"indicator--55466138-42d4-49fe-a270-4d53950d210b",
"indicator--55466138-d72c-41d7-9b87-4d42950d210b",
"indicator--55466138-f89c-43a3-99d6-43dd950d210b",
"indicator--55466138-b32c-4fae-a112-456f950d210b",
"indicator--55466138-3b68-4f43-a2a1-4e8c950d210b",
"indicator--55466138-a018-49e4-8ccb-40f4950d210b",
"indicator--55466138-a6e4-413b-afc3-4a75950d210b",
"indicator--55466138-7fe0-48a2-8eeb-4f55950d210b",
"indicator--55466139-e940-4f03-9311-4904950d210b",
"indicator--55466139-e27c-4680-b590-43b4950d210b",
"indicator--55466139-7880-481e-9460-4dcf950d210b",
"indicator--55466139-7de4-41b6-b690-4259950d210b",
"indicator--55466139-bde4-4863-82cf-49f4950d210b",
"indicator--55466139-6eac-4bf2-b24a-4bba950d210b",
"indicator--55466139-5148-4b4e-a64b-4815950d210b",
"indicator--55466139-8ae4-4702-adcc-468a950d210b",
"indicator--5546613a-65b8-4b22-bbb4-4f58950d210b",
"indicator--5546613a-f670-4fac-91f6-4a21950d210b",
"indicator--5546613a-2780-4cca-a850-48d2950d210b",
"indicator--5546615c-f99c-4629-b4cd-4483950d210b",
"indicator--5546615d-96e0-45d6-9dcd-4ada950d210b",
"indicator--5546615d-3608-4a5a-8cea-47b8950d210b",
"x-misp-attribute--5546619a-8b20-4c44-819b-4b94950d210b",
"indicator--564653eb-6c0c-46ae-bd9e-48b6950d210b",
"indicator--564653eb-a23c-472c-ba92-4cfe950d210b",
"observed-data--564653ec-e944-4759-9825-41a5950d210b",
"url--564653ec-e944-4759-9825-41a5950d210b",
"indicator--564653ec-e414-4f2b-af71-49ac950d210b",
"indicator--564653ed-3afc-4fc5-8a56-416a950d210b",
"observed-data--564653ed-1c88-4a60-a1f3-4918950d210b",
"url--564653ed-1c88-4a60-a1f3-4918950d210b",
"indicator--564653ee-aa3c-49b2-96d7-4df5950d210b",
"indicator--564653ee-d81c-49f4-9f33-4a2e950d210b",
"observed-data--564653ef-fc04-407f-bcf9-4343950d210b",
"url--564653ef-fc04-407f-bcf9-4343950d210b",
"indicator--564653ef-3464-497e-a5b6-4828950d210b",
"indicator--564653ef-24b0-465e-aa3c-41e7950d210b",
"observed-data--564653f0-d6ac-4dd8-b0f5-42c2950d210b",
"url--564653f0-d6ac-4dd8-b0f5-42c2950d210b",
"indicator--564653f0-6b44-455e-85a3-4cd0950d210b",
"indicator--564653f1-a040-41ce-8946-49e5950d210b",
"observed-data--564653f1-e77c-439d-9622-410f950d210b",
"url--564653f1-e77c-439d-9622-410f950d210b",
"indicator--564653f1-7694-4f52-aff0-4dba950d210b",
"indicator--564653f2-ab38-4009-a63d-4c07950d210b",
"observed-data--564653f2-d5c8-4922-bc41-4c1e950d210b",
"url--564653f2-d5c8-4922-bc41-4c1e950d210b",
"indicator--564653f2-2c58-4ef4-98f6-4a39950d210b",
"indicator--564653f3-d0e0-4bd0-958e-4233950d210b",
"observed-data--564653f3-8650-4f8c-b4d1-477b950d210b",
"url--564653f3-8650-4f8c-b4d1-477b950d210b",
"indicator--564653f4-29dc-43b0-9334-4839950d210b",
"indicator--564653f4-d934-482c-a980-4a6e950d210b",
"observed-data--564653f4-a240-4e68-adb5-4221950d210b",
"url--564653f4-a240-4e68-adb5-4221950d210b",
"indicator--564653f5-4fd8-4e0e-9fbd-4607950d210b",
"indicator--564653f5-db4c-4003-a928-488b950d210b",
"observed-data--564653f6-f07c-46d1-a618-4248950d210b",
"url--564653f6-f07c-46d1-a618-4248950d210b",
"indicator--564653f6-4b1c-403a-a2d9-4610950d210b",
"indicator--564653f6-a338-4490-92bc-47e7950d210b",
"observed-data--564653f7-298c-4c97-806b-4d9b950d210b",
"url--564653f7-298c-4c97-806b-4d9b950d210b",
"indicator--564653f7-1ea8-4c79-af8f-4331950d210b",
"indicator--564653f8-e2bc-440c-a599-45db950d210b",
"observed-data--564653f8-ef50-488d-bc19-4be1950d210b",
"url--564653f8-ef50-488d-bc19-4be1950d210b",
"indicator--564653f8-5f9c-453e-a967-4dba950d210b",
"indicator--564653f9-ba60-4773-a625-48e7950d210b",
"observed-data--564653f9-66c0-4633-b4b5-4bec950d210b",
"url--564653f9-66c0-4633-b4b5-4bec950d210b",
"indicator--564653fa-3c30-4d50-bdfd-449b950d210b",
"indicator--564653fa-dbbc-4c0f-bf03-4c8e950d210b",
"observed-data--564653fa-56d8-4689-a5d3-465d950d210b",
"url--564653fa-56d8-4689-a5d3-465d950d210b",
"indicator--564653fb-7dd8-451e-a86f-49e3950d210b",
"indicator--564653fb-e2f8-4fc2-9393-4435950d210b",
"observed-data--564653fc-f88c-474c-8131-47e8950d210b",
"url--564653fc-f88c-474c-8131-47e8950d210b",
"indicator--564653fc-b6ac-4956-adf3-4087950d210b",
"indicator--564653fc-6b28-4e08-a03d-4df4950d210b",
"observed-data--564653fd-4b88-427b-a592-4a9d950d210b",
"url--564653fd-4b88-427b-a592-4a9d950d210b",
"indicator--564653fd-d208-4dc4-bbb5-4c0f950d210b",
"indicator--564653fe-1c5c-43a8-812d-41ae950d210b",
"observed-data--564653fe-1cb4-4208-abe1-4e7d950d210b",
"url--564653fe-1cb4-4208-abe1-4e7d950d210b",
"indicator--564653fe-1a18-48c1-a0e2-45de950d210b",
"indicator--564653ff-5ebc-4304-b1db-4ba3950d210b",
"observed-data--564653ff-8738-42bd-9f6a-4763950d210b",
"url--564653ff-8738-42bd-9f6a-4763950d210b",
"indicator--56465400-6bf8-4ad5-9239-4ea3950d210b",
"indicator--56465400-44d0-4f4c-a739-4fc7950d210b",
"observed-data--56465400-6c14-4580-9f6a-4445950d210b",
"url--56465400-6c14-4580-9f6a-4445950d210b",
"indicator--56465401-6a40-413e-b65e-4df0950d210b",
"indicator--56465401-cc6c-4e48-833a-44b0950d210b",
"observed-data--56465402-e55c-4de8-b766-47da950d210b",
"url--56465402-e55c-4de8-b766-47da950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--553eade5-793c-4a21-bc6e-069f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:45:09.000Z",
"modified": "2015-04-27T21:45:09.000Z",
"first_observed": "2015-04-27T21:45:09Z",
"last_observed": "2015-04-27T21:45:09Z",
"number_observed": 1,
"object_refs": [
"url--553eade5-793c-4a21-bc6e-069f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--553eade5-793c-4a21-bc6e-069f950d210b",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/enterprises-hit-by-bartalex-macro-malware-in-recent-spam-outbreak/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--553eaded-4b28-4e7d-9de9-7df5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:45:17.000Z",
"modified": "2015-04-27T21:45:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Bartalex"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--553eae0e-b2a0-4f0c-a87f-ad6d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:45:50.000Z",
"modified": "2015-04-27T21:45:50.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "W2KM_BARTALEX.SMA"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--553eae22-047c-47ae-ad12-7df5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:46:36.000Z",
"modified": "2015-04-27T21:46:36.000Z",
"description": "W2KM_BARTALEX.SMA",
"pattern": "[file:hashes.SHA1 = '61a7cc6ed45657fa1330e922aea33254b189ef61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-27T21:46:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--553eae23-93d4-4d15-bac4-7df5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:46:36.000Z",
"modified": "2015-04-27T21:46:36.000Z",
"description": "W2KM_BARTALEX.SMA",
"pattern": "[file:hashes.SHA1 = '6f252485dee0b854f72cc8b64601f6f19d01c02c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-27T21:46:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--553eae23-dd90-4b93-9027-7df5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:46:36.000Z",
"modified": "2015-04-27T21:46:36.000Z",
"description": "W2KM_BARTALEX.SMA",
"pattern": "[file:hashes.SHA1 = '85e10382b06801770a4477505ed5d8c75fb37135']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-27T21:46:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--553eae4f-f320-4b97-a4c7-7df5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:46:55.000Z",
"modified": "2015-04-27T21:46:55.000Z",
"description": "TSPY_DYRE.YUYCC",
"pattern": "[file:hashes.SHA1 = '5e392950fa295a98219e1fc9cce7a7048792845e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-27T21:46:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--553eae67-20b8-4592-b5ef-7dfa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:47:19.000Z",
"modified": "2015-04-27T21:47:19.000Z",
"description": "Malicious .doc file",
"pattern": "[file:hashes.SHA1 = '0163fbb29c18e3d358ec5d5a5e4eb3c93f19a961']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-27T21:47:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--553eae67-e224-4269-89c7-7dfa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:47:19.000Z",
"modified": "2015-04-27T21:47:19.000Z",
"description": "Malicious .doc file",
"pattern": "[file:hashes.SHA1 = '02358bcc501793454a6613f96e8f8210b2a27b88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-27T21:47:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--553eae67-580c-405e-92ed-7dfa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:47:19.000Z",
"modified": "2015-04-27T21:47:19.000Z",
"description": "Malicious .doc file",
"pattern": "[file:hashes.SHA1 = '05fe7c71ae5d902bb9ef4d4e43e3ddd1e45f6d0c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-27T21:47:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--553eae67-bdac-494c-9833-7dfa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:47:19.000Z",
"modified": "2015-04-27T21:47:19.000Z",
"description": "Malicious .doc file",
"pattern": "[file:hashes.SHA1 = '11d6e9bf38553900939ea100be70be95d094248b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-27T21:47:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--553eae67-45d4-45e3-8497-7dfa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:47:19.000Z",
"modified": "2015-04-27T21:47:19.000Z",
"description": "Malicious .doc file",
"pattern": "[file:hashes.SHA1 = '19aed57e1d211764618adc2399296d8b01d04d19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-27T21:47:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--553eae68-74cc-4173-986d-7dfa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:47:20.000Z",
"modified": "2015-04-27T21:47:20.000Z",
"description": "Malicious .doc file",
"pattern": "[file:hashes.SHA1 = '559a03a549acc497b8ec57790969bd980d7190f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-27T21:47:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--553eae68-5274-4783-afb2-7dfa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:47:20.000Z",
"modified": "2015-04-27T21:47:20.000Z",
"description": "Malicious .doc file",
"pattern": "[file:hashes.SHA1 = 'c0ca5686219e336171016a8c73b81be856e47bbc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-27T21:47:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--553eae68-51b8-4346-afba-7dfa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:47:20.000Z",
"modified": "2015-04-27T21:47:20.000Z",
"description": "Malicious .doc file",
"pattern": "[file:hashes.SHA1 = 'd047decf0179a79fd4de03f0d154f4a2f9d18da4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-27T21:47:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--553eae68-ce6c-4cf8-892d-7dfa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:47:20.000Z",
"modified": "2015-04-27T21:47:20.000Z",
"description": "Malicious .doc file",
"pattern": "[file:hashes.SHA1 = 'd3bf440f3c4e63b9c7165c1295c11f71f60b5f8c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-27T21:47:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--553eae68-1e20-4ee6-a27e-7dfa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-04-27T21:47:20.000Z",
"modified": "2015-04-27T21:47:20.000Z",
"description": "Malicious .doc file",
"pattern": "[file:hashes.SHA1 = 'ec7a2e7c1dce4a37da99a8f20a5d4674f5c80a1f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-04-27T21:47:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466137-aa1c-41b4-817d-4ad5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:07.000Z",
"modified": "2015-05-03T17:56:07.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '037cebf49a412bcabd7d3b896382af53eaecabed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466138-42d4-49fe-a270-4d53950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:08.000Z",
"modified": "2015-05-03T17:56:08.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '0b4100e124507a174f147c3bf0121769ab209104']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466138-d72c-41d7-9b87-4d42950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:08.000Z",
"modified": "2015-05-03T17:56:08.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '0fad05ba34d91de15047052c4a6166d92aa5e3ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466138-f89c-43a3-99d6-43dd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:08.000Z",
"modified": "2015-05-03T17:56:08.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '1363b79fc25467ea01842c5cbfa90c90bd7e7790']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466138-b32c-4fae-a112-456f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:08.000Z",
"modified": "2015-05-03T17:56:08.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '164929155ab6f78a3ff46753b0a321e8dbd13e8a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466138-3b68-4f43-a2a1-4e8c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:08.000Z",
"modified": "2015-05-03T17:56:08.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '18df8417fce6f9e24c8369a2897eaf29b1ec11c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466138-a018-49e4-8ccb-40f4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:08.000Z",
"modified": "2015-05-03T17:56:08.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '21bc3485810e258b425e4b38e46d944f7be81c50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466138-a6e4-413b-afc3-4a75950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:08.000Z",
"modified": "2015-05-03T17:56:08.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '23f9777f17f86c9c8cbf25672e2e783ab0acc58c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466138-7fe0-48a2-8eeb-4f55950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:08.000Z",
"modified": "2015-05-03T17:56:08.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '25cbbcc94782b2f1efd46179f28c517af44637fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466139-e940-4f03-9311-4904950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:09.000Z",
"modified": "2015-05-03T17:56:09.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '29e4f4013c07dfcb0aae20c806b157ed7f023e9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466139-e27c-4680-b590-43b4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:09.000Z",
"modified": "2015-05-03T17:56:09.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '2b01eb798d31d91cc03221b82c3f3fe04f4eb40a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466139-7880-481e-9460-4dcf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:09.000Z",
"modified": "2015-05-03T17:56:09.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '2b8c9af6d0c372f3343ae76e26d48f8c9eed37c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466139-7de4-41b6-b690-4259950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:09.000Z",
"modified": "2015-05-03T17:56:09.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '31dcc204661eee13920fda7ec582aaa1ec48f821']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466139-bde4-4863-82cf-49f4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:09.000Z",
"modified": "2015-05-03T17:56:09.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '31e2a2152a974f69e98c235c0dd3cddc1984b8da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466139-6eac-4bf2-b24a-4bba950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:09.000Z",
"modified": "2015-05-03T17:56:09.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '3338db3553bc2ef8b7587f5b331c2a3ecbbbcd6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466139-5148-4b4e-a64b-4815950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:09.000Z",
"modified": "2015-05-03T17:56:09.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '339543194c2e64c27d746572d235dba37a332eeb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55466139-8ae4-4702-adcc-468a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:09.000Z",
"modified": "2015-05-03T17:56:09.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '33c73dfd66f9fb0e8bc30b53b150e202e7fc3055']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5546613a-65b8-4b22-bbb4-4f58950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:10.000Z",
"modified": "2015-05-03T17:56:10.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '350a922a008078c6fdbee9f566363f553ea55394']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5546613a-f670-4fac-91f6-4a21950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:10.000Z",
"modified": "2015-05-03T17:56:10.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '3916a8150fa10d4b4999f6bd97b7e7464bea13d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5546613a-2780-4cca-a850-48d2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:10.000Z",
"modified": "2015-05-03T17:56:10.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed.",
"pattern": "[file:hashes.SHA1 = '3cdde0489afab5c5fd9098c408c7419b44d2bc46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5546615c-f99c-4629-b4cd-4483950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:44.000Z",
"modified": "2015-05-03T17:56:44.000Z",
"pattern": "[file:hashes.SHA1 = '61a7cc6ed45657fa1330e922aea33254b189ef61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5546615d-96e0-45d6-9dcd-4ada950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:45.000Z",
"modified": "2015-05-03T17:56:45.000Z",
"pattern": "[file:hashes.SHA1 = '6f252485dee0b854f72cc8b64601f6f19d01c02c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5546615d-3608-4a5a-8cea-47b8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:56:45.000Z",
"modified": "2015-05-03T17:56:45.000Z",
"pattern": "[file:hashes.SHA1 = '85e10382b06801770a4477505ed5d8c75fb37135']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-03T17:56:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5546619a-8b20-4c44-819b-4b94950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-03T17:57:46.000Z",
"modified": "2015-05-03T17:57:46.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_type": "comment",
"x_misp_value": "Update as of May 1, 2015, 11:00 PM (GMT+8) \r\nThe list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653eb-6c0c-46ae-bd9e-48b6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:39.000Z",
"modified": "2015-11-13T21:19:39.000Z",
"description": "- Xchecked via VT: 85e10382b06801770a4477505ed5d8c75fb37135",
"pattern": "[file:hashes.SHA256 = '4962bd87d1a7ef48a1eb67d1793f0f7cccbbf7aaffd58ab37e578476f80ec4d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653eb-a23c-472c-ba92-4cfe950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:39.000Z",
"modified": "2015-11-13T21:19:39.000Z",
"description": "- Xchecked via VT: 85e10382b06801770a4477505ed5d8c75fb37135",
"pattern": "[file:hashes.MD5 = 'a5cfe37d8ecfc22a60954f8462273e3f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653ec-e944-4759-9825-41a5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:40.000Z",
"modified": "2015-11-13T21:19:40.000Z",
"first_observed": "2015-11-13T21:19:40Z",
"last_observed": "2015-11-13T21:19:40Z",
"number_observed": 1,
"object_refs": [
"url--564653ec-e944-4759-9825-41a5950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653ec-e944-4759-9825-41a5950d210b",
"value": "https://www.virustotal.com/file/4962bd87d1a7ef48a1eb67d1793f0f7cccbbf7aaffd58ab37e578476f80ec4d2/analysis/1430810167/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653ec-e414-4f2b-af71-49ac950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:40.000Z",
"modified": "2015-11-13T21:19:40.000Z",
"description": "- Xchecked via VT: 6f252485dee0b854f72cc8b64601f6f19d01c02c",
"pattern": "[file:hashes.SHA256 = '5c85a8f0ce0e1a31fe07fd964e5c87e2394d542b8113f5d9dcfc47391dfbab95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653ed-3afc-4fc5-8a56-416a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:41.000Z",
"modified": "2015-11-13T21:19:41.000Z",
"description": "- Xchecked via VT: 6f252485dee0b854f72cc8b64601f6f19d01c02c",
"pattern": "[file:hashes.MD5 = '91207439790ffe5f0d177c27cf4d68ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653ed-1c88-4a60-a1f3-4918950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:41.000Z",
"modified": "2015-11-13T21:19:41.000Z",
"first_observed": "2015-11-13T21:19:41Z",
"last_observed": "2015-11-13T21:19:41Z",
"number_observed": 1,
"object_refs": [
"url--564653ed-1c88-4a60-a1f3-4918950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653ed-1c88-4a60-a1f3-4918950d210b",
"value": "https://www.virustotal.com/file/5c85a8f0ce0e1a31fe07fd964e5c87e2394d542b8113f5d9dcfc47391dfbab95/analysis/1430418843/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653ee-aa3c-49b2-96d7-4df5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:42.000Z",
"modified": "2015-11-13T21:19:42.000Z",
"description": "- Xchecked via VT: 61a7cc6ed45657fa1330e922aea33254b189ef61",
"pattern": "[file:hashes.SHA256 = '7b3a6e7708fc7795a437fe62c954f780132fe0a41d9b679039011bc1a6cb4593']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653ee-d81c-49f4-9f33-4a2e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:42.000Z",
"modified": "2015-11-13T21:19:42.000Z",
"description": "- Xchecked via VT: 61a7cc6ed45657fa1330e922aea33254b189ef61",
"pattern": "[file:hashes.MD5 = '05be09f648bf2b62ebf9cd79ccfd0087']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653ef-fc04-407f-bcf9-4343950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:43.000Z",
"modified": "2015-11-13T21:19:43.000Z",
"first_observed": "2015-11-13T21:19:43Z",
"last_observed": "2015-11-13T21:19:43Z",
"number_observed": 1,
"object_refs": [
"url--564653ef-fc04-407f-bcf9-4343950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653ef-fc04-407f-bcf9-4343950d210b",
"value": "https://www.virustotal.com/file/7b3a6e7708fc7795a437fe62c954f780132fe0a41d9b679039011bc1a6cb4593/analysis/1430810886/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653ef-3464-497e-a5b6-4828950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:43.000Z",
"modified": "2015-11-13T21:19:43.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 3cdde0489afab5c5fd9098c408c7419b44d2bc46",
"pattern": "[file:hashes.SHA256 = '1fa6eabce6d6f3290bd57ed7e52d49079d1a2340f2901130e084da4a75de29ec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653ef-24b0-465e-aa3c-41e7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:43.000Z",
"modified": "2015-11-13T21:19:43.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 3cdde0489afab5c5fd9098c408c7419b44d2bc46",
"pattern": "[file:hashes.MD5 = 'abc718998731a961f9110e5b6cc07f3b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653f0-d6ac-4dd8-b0f5-42c2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:44.000Z",
"modified": "2015-11-13T21:19:44.000Z",
"first_observed": "2015-11-13T21:19:44Z",
"last_observed": "2015-11-13T21:19:44Z",
"number_observed": 1,
"object_refs": [
"url--564653f0-d6ac-4dd8-b0f5-42c2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653f0-d6ac-4dd8-b0f5-42c2950d210b",
"value": "https://www.virustotal.com/file/1fa6eabce6d6f3290bd57ed7e52d49079d1a2340f2901130e084da4a75de29ec/analysis/1430809411/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f0-6b44-455e-85a3-4cd0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:44.000Z",
"modified": "2015-11-13T21:19:44.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 350a922a008078c6fdbee9f566363f553ea55394",
"pattern": "[file:hashes.SHA256 = '6b048ac41c1e58773c00858e9644cb88bf2fae37af5b4b02d090f6bd310c03b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f1-a040-41ce-8946-49e5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:45.000Z",
"modified": "2015-11-13T21:19:45.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 350a922a008078c6fdbee9f566363f553ea55394",
"pattern": "[file:hashes.MD5 = 'cf6ac741c96d163c9f0fbf8538facd19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653f1-e77c-439d-9622-410f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:45.000Z",
"modified": "2015-11-13T21:19:45.000Z",
"first_observed": "2015-11-13T21:19:45Z",
"last_observed": "2015-11-13T21:19:45Z",
"number_observed": 1,
"object_refs": [
"url--564653f1-e77c-439d-9622-410f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653f1-e77c-439d-9622-410f950d210b",
"value": "https://www.virustotal.com/file/6b048ac41c1e58773c00858e9644cb88bf2fae37af5b4b02d090f6bd310c03b4/analysis/1429800798/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f1-7694-4f52-aff0-4dba950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:45.000Z",
"modified": "2015-11-13T21:19:45.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 33c73dfd66f9fb0e8bc30b53b150e202e7fc3055",
"pattern": "[file:hashes.SHA256 = 'f0cefa8f94e2d5fe0ac01a4f012a92c111946f8d1be9fd3708d3b642ca7ad16f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f2-ab38-4009-a63d-4c07950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:46.000Z",
"modified": "2015-11-13T21:19:46.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 33c73dfd66f9fb0e8bc30b53b150e202e7fc3055",
"pattern": "[file:hashes.MD5 = 'b49643e6a02b73b97f3c7896194f662d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653f2-d5c8-4922-bc41-4c1e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:46.000Z",
"modified": "2015-11-13T21:19:46.000Z",
"first_observed": "2015-11-13T21:19:46Z",
"last_observed": "2015-11-13T21:19:46Z",
"number_observed": 1,
"object_refs": [
"url--564653f2-d5c8-4922-bc41-4c1e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653f2-d5c8-4922-bc41-4c1e950d210b",
"value": "https://www.virustotal.com/file/f0cefa8f94e2d5fe0ac01a4f012a92c111946f8d1be9fd3708d3b642ca7ad16f/analysis/1430490974/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f2-2c58-4ef4-98f6-4a39950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:46.000Z",
"modified": "2015-11-13T21:19:46.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 339543194c2e64c27d746572d235dba37a332eeb",
"pattern": "[file:hashes.SHA256 = '8e1ab2fd5b7fbd74ba61dae69719a5eb11f9396030bd8f6dfe82704bf0f5ff00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f3-d0e0-4bd0-958e-4233950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:47.000Z",
"modified": "2015-11-13T21:19:47.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 339543194c2e64c27d746572d235dba37a332eeb",
"pattern": "[file:hashes.MD5 = '28aaa2613173586b8b31eef7dc4fcdce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653f3-8650-4f8c-b4d1-477b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:47.000Z",
"modified": "2015-11-13T21:19:47.000Z",
"first_observed": "2015-11-13T21:19:47Z",
"last_observed": "2015-11-13T21:19:47Z",
"number_observed": 1,
"object_refs": [
"url--564653f3-8650-4f8c-b4d1-477b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653f3-8650-4f8c-b4d1-477b950d210b",
"value": "https://www.virustotal.com/file/8e1ab2fd5b7fbd74ba61dae69719a5eb11f9396030bd8f6dfe82704bf0f5ff00/analysis/1430896749/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f4-29dc-43b0-9334-4839950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:48.000Z",
"modified": "2015-11-13T21:19:48.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 31e2a2152a974f69e98c235c0dd3cddc1984b8da",
"pattern": "[file:hashes.SHA256 = '9290501fd626add6de2a10733e2a9ebf19ca9a71bb068a2cb8717d8d6d59a0cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f4-d934-482c-a980-4a6e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:48.000Z",
"modified": "2015-11-13T21:19:48.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 31e2a2152a974f69e98c235c0dd3cddc1984b8da",
"pattern": "[file:hashes.MD5 = '386d736cdffa5812850e53494a66793a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653f4-a240-4e68-adb5-4221950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:48.000Z",
"modified": "2015-11-13T21:19:48.000Z",
"first_observed": "2015-11-13T21:19:48Z",
"last_observed": "2015-11-13T21:19:48Z",
"number_observed": 1,
"object_refs": [
"url--564653f4-a240-4e68-adb5-4221950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653f4-a240-4e68-adb5-4221950d210b",
"value": "https://www.virustotal.com/file/9290501fd626add6de2a10733e2a9ebf19ca9a71bb068a2cb8717d8d6d59a0cd/analysis/1430753558/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f5-4fd8-4e0e-9fbd-4607950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:49.000Z",
"modified": "2015-11-13T21:19:49.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 31dcc204661eee13920fda7ec582aaa1ec48f821",
"pattern": "[file:hashes.SHA256 = '441e48ed561cc3322bf02f14723bc6549d08e59c00b4c443b5efbf9d374a5303']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f5-db4c-4003-a928-488b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:49.000Z",
"modified": "2015-11-13T21:19:49.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 31dcc204661eee13920fda7ec582aaa1ec48f821",
"pattern": "[file:hashes.MD5 = '2813ae3302a4c2892c947144ab289872']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653f6-f07c-46d1-a618-4248950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:50.000Z",
"modified": "2015-11-13T21:19:50.000Z",
"first_observed": "2015-11-13T21:19:50Z",
"last_observed": "2015-11-13T21:19:50Z",
"number_observed": 1,
"object_refs": [
"url--564653f6-f07c-46d1-a618-4248950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653f6-f07c-46d1-a618-4248950d210b",
"value": "https://www.virustotal.com/file/441e48ed561cc3322bf02f14723bc6549d08e59c00b4c443b5efbf9d374a5303/analysis/1429789168/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f6-4b1c-403a-a2d9-4610950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:50.000Z",
"modified": "2015-11-13T21:19:50.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 2b01eb798d31d91cc03221b82c3f3fe04f4eb40a",
"pattern": "[file:hashes.SHA256 = 'a393243694bc7b536240da7605cb812d23879e41495efc89f032259c65dbb220']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f6-a338-4490-92bc-47e7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:50.000Z",
"modified": "2015-11-13T21:19:50.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 2b01eb798d31d91cc03221b82c3f3fe04f4eb40a",
"pattern": "[file:hashes.MD5 = '593c5fea01fb19a14dbe161fe754108a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653f7-298c-4c97-806b-4d9b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:51.000Z",
"modified": "2015-11-13T21:19:51.000Z",
"first_observed": "2015-11-13T21:19:51Z",
"last_observed": "2015-11-13T21:19:51Z",
"number_observed": 1,
"object_refs": [
"url--564653f7-298c-4c97-806b-4d9b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653f7-298c-4c97-806b-4d9b950d210b",
"value": "https://www.virustotal.com/file/a393243694bc7b536240da7605cb812d23879e41495efc89f032259c65dbb220/analysis/1430753559/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f7-1ea8-4c79-af8f-4331950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:51.000Z",
"modified": "2015-11-13T21:19:51.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 29e4f4013c07dfcb0aae20c806b157ed7f023e9c",
"pattern": "[file:hashes.SHA256 = 'a1c02381fa46138aaa84c2cf19b6a2d26b815cc31f73b84a207fa419474a0bbb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f8-e2bc-440c-a599-45db950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:52.000Z",
"modified": "2015-11-13T21:19:52.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 29e4f4013c07dfcb0aae20c806b157ed7f023e9c",
"pattern": "[file:hashes.MD5 = '86e58db678dc48aa869c8f8fd5592055']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653f8-ef50-488d-bc19-4be1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:52.000Z",
"modified": "2015-11-13T21:19:52.000Z",
"first_observed": "2015-11-13T21:19:52Z",
"last_observed": "2015-11-13T21:19:52Z",
"number_observed": 1,
"object_refs": [
"url--564653f8-ef50-488d-bc19-4be1950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653f8-ef50-488d-bc19-4be1950d210b",
"value": "https://www.virustotal.com/file/a1c02381fa46138aaa84c2cf19b6a2d26b815cc31f73b84a207fa419474a0bbb/analysis/1430809349/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f8-5f9c-453e-a967-4dba950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:52.000Z",
"modified": "2015-11-13T21:19:52.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 25cbbcc94782b2f1efd46179f28c517af44637fb",
"pattern": "[file:hashes.SHA256 = 'ff352e51858dcab7ef9a69f15a8dd3b7d262d174d819c649f774ab0705703585']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653f9-ba60-4773-a625-48e7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:53.000Z",
"modified": "2015-11-13T21:19:53.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 25cbbcc94782b2f1efd46179f28c517af44637fb",
"pattern": "[file:hashes.MD5 = 'e132ac28cc6163c1004ae0c84b908849']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653f9-66c0-4633-b4b5-4bec950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:53.000Z",
"modified": "2015-11-13T21:19:53.000Z",
"first_observed": "2015-11-13T21:19:53Z",
"last_observed": "2015-11-13T21:19:53Z",
"number_observed": 1,
"object_refs": [
"url--564653f9-66c0-4633-b4b5-4bec950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653f9-66c0-4633-b4b5-4bec950d210b",
"value": "https://www.virustotal.com/file/ff352e51858dcab7ef9a69f15a8dd3b7d262d174d819c649f774ab0705703585/analysis/1429801974/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653fa-3c30-4d50-bdfd-449b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:54.000Z",
"modified": "2015-11-13T21:19:54.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 23f9777f17f86c9c8cbf25672e2e783ab0acc58c",
"pattern": "[file:hashes.SHA256 = '7c63e1d82468998677b314a071264b0f6ca67c6b4a22f6fa6c22c468a594bd2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653fa-dbbc-4c0f-bf03-4c8e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:54.000Z",
"modified": "2015-11-13T21:19:54.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 23f9777f17f86c9c8cbf25672e2e783ab0acc58c",
"pattern": "[file:hashes.MD5 = '47a2eabeed5e3edd8382f9a52d99a3cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653fa-56d8-4689-a5d3-465d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:54.000Z",
"modified": "2015-11-13T21:19:54.000Z",
"first_observed": "2015-11-13T21:19:54Z",
"last_observed": "2015-11-13T21:19:54Z",
"number_observed": 1,
"object_refs": [
"url--564653fa-56d8-4689-a5d3-465d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653fa-56d8-4689-a5d3-465d950d210b",
"value": "https://www.virustotal.com/file/7c63e1d82468998677b314a071264b0f6ca67c6b4a22f6fa6c22c468a594bd2a/analysis/1430809477/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653fb-7dd8-451e-a86f-49e3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:55.000Z",
"modified": "2015-11-13T21:19:55.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 18df8417fce6f9e24c8369a2897eaf29b1ec11c4",
"pattern": "[file:hashes.SHA256 = '8a7534b23f0133de3027f0bb0aa04b3b8ea61af275f2128a9dead90f3264ab5d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653fb-e2f8-4fc2-9393-4435950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:55.000Z",
"modified": "2015-11-13T21:19:55.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 18df8417fce6f9e24c8369a2897eaf29b1ec11c4",
"pattern": "[file:hashes.MD5 = 'b504965c00c94aa93d093fb72035d200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653fc-f88c-474c-8131-47e8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:56.000Z",
"modified": "2015-11-13T21:19:56.000Z",
"first_observed": "2015-11-13T21:19:56Z",
"last_observed": "2015-11-13T21:19:56Z",
"number_observed": 1,
"object_refs": [
"url--564653fc-f88c-474c-8131-47e8950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653fc-f88c-474c-8131-47e8950d210b",
"value": "https://www.virustotal.com/file/8a7534b23f0133de3027f0bb0aa04b3b8ea61af275f2128a9dead90f3264ab5d/analysis/1430810981/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653fc-b6ac-4956-adf3-4087950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:56.000Z",
"modified": "2015-11-13T21:19:56.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 1363b79fc25467ea01842c5cbfa90c90bd7e7790",
"pattern": "[file:hashes.SHA256 = 'e024d802b7fc976ed43a863f697658cb4aeacdcb905c1a7df951355b086d41e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653fc-6b28-4e08-a03d-4df4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:56.000Z",
"modified": "2015-11-13T21:19:56.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 1363b79fc25467ea01842c5cbfa90c90bd7e7790",
"pattern": "[file:hashes.MD5 = '78eb5aaf0b7b133af9666dc8e99909fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653fd-4b88-427b-a592-4a9d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:57.000Z",
"modified": "2015-11-13T21:19:57.000Z",
"first_observed": "2015-11-13T21:19:57Z",
"last_observed": "2015-11-13T21:19:57Z",
"number_observed": 1,
"object_refs": [
"url--564653fd-4b88-427b-a592-4a9d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653fd-4b88-427b-a592-4a9d950d210b",
"value": "https://www.virustotal.com/file/e024d802b7fc976ed43a863f697658cb4aeacdcb905c1a7df951355b086d41e2/analysis/1430753556/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653fd-d208-4dc4-bbb5-4c0f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:57.000Z",
"modified": "2015-11-13T21:19:57.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 0fad05ba34d91de15047052c4a6166d92aa5e3ac",
"pattern": "[file:hashes.SHA256 = 'f695413819c0e10de4d016bda25741759b997269784cbc37ceb45de1c84c39d6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653fe-1c5c-43a8-812d-41ae950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:58.000Z",
"modified": "2015-11-13T21:19:58.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 0fad05ba34d91de15047052c4a6166d92aa5e3ac",
"pattern": "[file:hashes.MD5 = 'b8d31cfd80a4c0b4db7eba82710f30ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653fe-1cb4-4208-abe1-4e7d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:58.000Z",
"modified": "2015-11-13T21:19:58.000Z",
"first_observed": "2015-11-13T21:19:58Z",
"last_observed": "2015-11-13T21:19:58Z",
"number_observed": 1,
"object_refs": [
"url--564653fe-1cb4-4208-abe1-4e7d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653fe-1cb4-4208-abe1-4e7d950d210b",
"value": "https://www.virustotal.com/file/f695413819c0e10de4d016bda25741759b997269784cbc37ceb45de1c84c39d6/analysis/1430753555/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653fe-1a18-48c1-a0e2-45de950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:58.000Z",
"modified": "2015-11-13T21:19:58.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 0b4100e124507a174f147c3bf0121769ab209104",
"pattern": "[file:hashes.SHA256 = 'c34c76f2f74dfa2fb1b588fd9940ace900da6e1aa411b1a4af51e151a809d8c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--564653ff-5ebc-4304-b1db-4ba3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:59.000Z",
"modified": "2015-11-13T21:19:59.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 0b4100e124507a174f147c3bf0121769ab209104",
"pattern": "[file:hashes.MD5 = '694ef544a592a13ba701b73b7613cda6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:19:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--564653ff-8738-42bd-9f6a-4763950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:19:59.000Z",
"modified": "2015-11-13T21:19:59.000Z",
"first_observed": "2015-11-13T21:19:59Z",
"last_observed": "2015-11-13T21:19:59Z",
"number_observed": 1,
"object_refs": [
"url--564653ff-8738-42bd-9f6a-4763950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--564653ff-8738-42bd-9f6a-4763950d210b",
"value": "https://www.virustotal.com/file/c34c76f2f74dfa2fb1b588fd9940ace900da6e1aa411b1a4af51e151a809d8c7/analysis/1430810856/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56465400-6bf8-4ad5-9239-4ea3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:20:00.000Z",
"modified": "2015-11-13T21:20:00.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 037cebf49a412bcabd7d3b896382af53eaecabed",
"pattern": "[file:hashes.SHA256 = 'ef9643c0986331477b6eff730b299b9a4b844b38a52ee36d2b672b03e31f3c4a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:20:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56465400-44d0-4f4c-a739-4fc7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:20:00.000Z",
"modified": "2015-11-13T21:20:00.000Z",
"description": "Update as of May 1, 2015, 11:00 PM (GMT+8) The list above has been modified to indicate the hashes of the malicious Microsoft Office documents instead of HTML files as previously listed. - Xchecked via VT: 037cebf49a412bcabd7d3b896382af53eaecabed",
"pattern": "[file:hashes.MD5 = 'c5ad2537409683eaa71c36c66ab2f05e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:20:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56465400-6c14-4580-9f6a-4445950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:20:00.000Z",
"modified": "2015-11-13T21:20:00.000Z",
"first_observed": "2015-11-13T21:20:00Z",
"last_observed": "2015-11-13T21:20:00Z",
"number_observed": 1,
"object_refs": [
"url--56465400-6c14-4580-9f6a-4445950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56465400-6c14-4580-9f6a-4445950d210b",
"value": "https://www.virustotal.com/file/ef9643c0986331477b6eff730b299b9a4b844b38a52ee36d2b672b03e31f3c4a/analysis/1439140579/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56465401-6a40-413e-b65e-4df0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:20:01.000Z",
"modified": "2015-11-13T21:20:01.000Z",
"description": "TSPY_DYRE.YUYCC - Xchecked via VT: 5e392950fa295a98219e1fc9cce7a7048792845e",
"pattern": "[file:hashes.SHA256 = 'ec05df2a8f7a7bc2ae5b3c153c9ec450e3611b2343572d0aa8d84a8b1d23ee8d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:20:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56465401-cc6c-4e48-833a-44b0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:20:01.000Z",
"modified": "2015-11-13T21:20:01.000Z",
"description": "TSPY_DYRE.YUYCC - Xchecked via VT: 5e392950fa295a98219e1fc9cce7a7048792845e",
"pattern": "[file:hashes.MD5 = '22a7aafe5190a5cdcc92bfd304a21f7d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-13T21:20:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56465402-e55c-4de8-b766-47da950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-13T21:20:02.000Z",
"modified": "2015-11-13T21:20:02.000Z",
"first_observed": "2015-11-13T21:20:02Z",
"last_observed": "2015-11-13T21:20:02Z",
"number_observed": 1,
"object_refs": [
"url--56465402-e55c-4de8-b766-47da950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56465402-e55c-4de8-b766-47da950d210b",
"value": "https://www.virustotal.com/file/ec05df2a8f7a7bc2ae5b3c153c9ec450e3611b2343572d0aa8d84a8b1d23ee8d/analysis/1446494503/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}