misp-circl-feed/feeds/circl/misp/555dcba2-bdd0-49d6-8c72-4e87950d210b.json

2787 lines
No EOL
114 KiB
JSON

{
"type": "bundle",
"id": "bundle--555dcba2-bdd0-49d6-8c72-4e87950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:12.000Z",
"modified": "2015-05-21T13:01:12.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--555dcba2-bdd0-49d6-8c72-4e87950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:12.000Z",
"modified": "2015-05-21T13:01:12.000Z",
"name": "OSINT Trend Micro Exposes LURID APT",
"published": "2016-02-22T14:19:45Z",
"object_refs": [
"x-misp-attribute--555dcbb3-0224-40da-9cdb-a479950d210b",
"observed-data--555dcc05-2e34-4284-a25f-ab11950d210b",
"url--555dcc05-2e34-4284-a25f-ab11950d210b",
"observed-data--555dcc05-3994-4079-82eb-ab11950d210b",
"url--555dcc05-3994-4079-82eb-ab11950d210b",
"observed-data--555dcc05-bc10-4c10-9f2a-ab11950d210b",
"url--555dcc05-bc10-4c10-9f2a-ab11950d210b",
"indicator--555dd1f9-0f38-43ca-b4e1-ab11950d210b",
"indicator--555dd1f9-e440-413c-bac2-ab11950d210b",
"indicator--555dd1f9-4b5c-4fac-8e2f-ab11950d210b",
"indicator--555dd1f9-51d8-4990-9010-ab11950d210b",
"indicator--555dd28a-32e8-4e2c-ad00-a62e950d210b",
"indicator--555dd28a-27e4-4bc5-aed8-a62e950d210b",
"indicator--555dd28a-0cb8-4232-a102-a62e950d210b",
"indicator--555dd28a-0e44-4d00-a47a-a62e950d210b",
"indicator--555dd28a-735c-41e5-bdab-a62e950d210b",
"x-misp-attribute--555dd29e-c8cc-4e13-a28c-177c950d210b",
"x-misp-attribute--555dd29e-22c4-4e2f-8b16-177c950d210b",
"indicator--555dd2bb-8740-4435-b004-4168950d210b",
"indicator--555dd2bb-4238-4fba-9ee4-41e4950d210b",
"indicator--555dd2bb-70a0-4429-a67f-4f96950d210b",
"indicator--555dd2bb-a270-4e97-b0bf-4553950d210b",
"indicator--555dd2bc-2650-4771-9ef5-4f0a950d210b",
"indicator--555dd2bc-f750-458c-a708-4f00950d210b",
"indicator--555dd2bc-abec-4dde-af7c-4b83950d210b",
"indicator--555dd2d6-2f7c-4038-9e77-d8a4950d210b",
"indicator--555dd2d6-015c-4300-9f4e-d8a4950d210b",
"indicator--555dd2d6-ee5c-4be9-b4fa-d8a4950d210b",
"indicator--555dd2d6-a128-47ab-a7e0-d8a4950d210b",
"indicator--555dd2d6-1e4c-4f07-8ec4-d8a4950d210b",
"x-misp-attribute--555dd318-a14c-441c-b42d-ab11950d210b",
"x-misp-attribute--555dd318-7b4c-4d64-9dd7-ab11950d210b",
"indicator--555dd6c4-4014-47b4-b537-ab11950d210b",
"indicator--555dd6c4-d774-45ec-a986-ab11950d210b",
"indicator--555dd6c4-bfd4-49c4-bcb0-ab11950d210b",
"indicator--555dd6c4-974c-4348-ba70-ab11950d210b",
"indicator--555dd6c4-694c-4efa-a8af-ab11950d210b",
"indicator--555dd6c4-def8-4079-90df-ab11950d210b",
"indicator--555dd6c5-2eb8-4f42-b3a9-ab11950d210b",
"indicator--555dd6c5-ec60-4014-8f07-ab11950d210b",
"indicator--555dd6c5-987c-4730-81ae-ab11950d210b",
"indicator--555dd6c5-28d4-4e3d-95a4-ab11950d210b",
"indicator--555dd6c5-5360-4214-98ae-ab11950d210b",
"indicator--555dd6c5-3860-4b5a-81da-ab11950d210b",
"indicator--555dd6c5-9868-4258-9dd7-ab11950d210b",
"indicator--555dd6d0-9194-4dfd-bd45-177c950d210b",
"indicator--555dd6d0-4b10-4a34-9809-177c950d210b",
"indicator--555dd6d0-d380-48c3-a8ac-177c950d210b",
"indicator--555dd6d0-513c-476b-a081-177c950d210b",
"indicator--555dd6d1-043c-473b-9a7f-177c950d210b",
"indicator--555dd6d1-3738-400b-833b-177c950d210b",
"indicator--555dd6d1-b294-4f68-9b83-177c950d210b",
"indicator--555dd6d1-18b0-4d9a-be47-177c950d210b",
"indicator--555dd6d1-bb94-41da-98ff-177c950d210b",
"indicator--555dd6d1-85e4-44e6-a48d-177c950d210b",
"indicator--555dd6d1-3a68-47fe-b3ce-177c950d210b",
"indicator--555dd6d1-904c-41ef-bc6c-177c950d210b",
"indicator--555dd6d2-3420-4cad-8c78-177c950d210b",
"indicator--555dd6d2-835c-4f88-972e-177c950d210b",
"indicator--555dd6d2-f538-43c1-bb04-177c950d210b",
"indicator--555dd6d2-cf60-4cf7-ac81-177c950d210b",
"indicator--555dd6d2-9844-4c65-8c19-177c950d210b",
"indicator--555dd6d2-0f38-4dc9-b9b9-177c950d210b",
"indicator--555dd6d2-c714-4fc7-8423-177c950d210b",
"indicator--555dd6d3-c934-46e2-8a4f-177c950d210b",
"indicator--555dd718-e7d8-44c5-91e8-44c0950d210b",
"indicator--555dd719-b590-4909-aedc-48bd950d210b",
"indicator--555dd719-72c0-4a55-b0bf-4267950d210b",
"indicator--555dd719-d5ec-4c48-9c05-48f6950d210b",
"indicator--555dd719-2bec-4425-ae02-4f57950d210b",
"indicator--555dd719-4714-49bf-9195-4101950d210b",
"indicator--555dd719-3020-4c29-9ca8-49f7950d210b",
"indicator--555dd719-3940-4a94-ab1e-4a82950d210b",
"indicator--555dd71a-3df0-49f9-a612-45e2950d210b",
"indicator--555dd71a-51ac-4fc6-86c2-44f0950d210b",
"indicator--555dd71a-752c-4b41-856b-44e2950d210b",
"indicator--555dd71a-89b0-492c-a4ee-4c17950d210b",
"indicator--555dd71a-01d4-4845-891a-4dea950d210b",
"indicator--555dd71a-f7d4-48ee-875b-41a1950d210b",
"indicator--555dd71a-0074-40ee-bfd0-4092950d210b",
"indicator--555dd71a-32f0-44ad-ab21-4385950d210b",
"indicator--56c65c84-e3a8-4a5a-88bd-5ca1950d210f",
"indicator--56c65c86-eb0c-4251-80e7-59a2950d210f",
"indicator--56c65c87-fcb0-4c26-a98a-c654950d210f",
"indicator--56c65c89-e070-4cb1-abea-c652950d210f",
"indicator--56c65c8b-b748-4009-9890-4a80950d210f",
"indicator--56c65c8d-8e64-4d21-9905-599d950d210f",
"indicator--56c65c8f-3bd0-473b-831c-c653950d210f",
"indicator--56c65c90-fea8-4225-baa7-437a950d210f",
"indicator--56c65c92-8bfc-4bd0-bd66-c650950d210f",
"indicator--56c65c93-d020-4149-b6f3-4ff2950d210f",
"indicator--56c65c95-8464-4425-be57-c652950d210f",
"indicator--56c65c97-4d80-43aa-afe1-c651950d210f",
"indicator--56c65c99-3d90-4d6f-8e46-409a950d210f",
"indicator--56c65c9a-eeb4-49b9-bc33-c650950d210f",
"indicator--56c65c9c-1248-4b3c-8820-599c950d210f",
"indicator--56c65c9e-b2d0-47c0-9eee-599d950d210f",
"indicator--56c65ca0-e1e8-4711-8c90-c654950d210f",
"indicator--56c65ca1-8770-4eef-a43e-5f51950d210f",
"indicator--56c65c85-bcbc-4754-870d-599c950d210f",
"indicator--56c65c87-9664-4e94-b4e1-599f950d210f",
"indicator--56c65c88-f968-4453-96e7-59a4950d210f",
"indicator--56c65c8a-0370-4ad5-b609-c651950d210f",
"indicator--56c65c8c-1ed0-4e66-9634-599c950d210f",
"indicator--56c65c8d-eec8-4fdc-b5a8-43ca950d210f",
"indicator--56c65c8f-d114-4d58-94e5-5f51950d210f",
"indicator--56c65c91-be0c-410b-a491-599f950d210f",
"indicator--56c65c93-24cc-4061-8dc5-454e950d210f",
"indicator--56c65c94-4ae4-4e69-8222-59a2950d210f",
"indicator--56c65c96-3524-4693-a14e-4475950d210f",
"indicator--56c65c98-8b58-4fec-9206-5f51950d210f",
"indicator--56c65c99-71e8-48da-b934-599e950d210f",
"indicator--56c65c9b-1064-4c8d-9adc-59a1950d210f",
"indicator--56c65c9d-4190-4d62-af1c-59a0950d210f",
"indicator--56c65c9f-98ec-4445-b2d4-c650950d210f",
"indicator--56c65ca0-8fb8-44b3-bafa-599e950d210f",
"indicator--56c65ca2-3780-44dc-8b03-c651950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"APT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--555dcbb3-0224-40da-9cdb-a479950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:12:35.000Z",
"modified": "2015-05-21T12:12:35.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Lurid"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--555dcc05-2e34-4284-a25f-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:13:57.000Z",
"modified": "2015-05-21T12:13:57.000Z",
"first_observed": "2015-05-21T12:13:57Z",
"last_observed": "2015-05-21T12:13:57Z",
"number_observed": 1,
"object_refs": [
"url--555dcc05-2e34-4284-a25f-ab11950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--555dcc05-2e34-4284-a25f-ab11950d210b",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-exposes-lurid-apt/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--555dcc05-3994-4079-82eb-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:13:57.000Z",
"modified": "2015-05-21T12:13:57.000Z",
"first_observed": "2015-05-21T12:13:57Z",
"last_observed": "2015-05-21T12:13:57Z",
"number_observed": 1,
"object_refs": [
"url--555dcc05-3994-4079-82eb-ab11950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--555dcc05-3994-4079-82eb-ab11950d210b",
"value": "http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_dissecting-lurid-apt.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--555dcc05-bc10-4c10-9f2a-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:13:57.000Z",
"modified": "2015-05-21T12:13:57.000Z",
"first_observed": "2015-05-21T12:13:57Z",
"last_observed": "2015-05-21T12:13:57Z",
"number_observed": 1,
"object_refs": [
"url--555dcc05-bc10-4c10-9f2a-ab11950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--555dcc05-bc10-4c10-9f2a-ab11950d210b",
"value": "http://la.trendmicro.com/media/misc/lurid-downloader-enfal-report-en.pdf"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd1f9-0f38-43ca-b4e1-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:39:21.000Z",
"modified": "2015-05-21T12:39:21.000Z",
"pattern": "[file:hashes.MD5 = '322fcf1b134fef1bae52fbd80a373ede']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd1f9-e440-413c-bac2-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:39:21.000Z",
"modified": "2015-05-21T12:39:21.000Z",
"pattern": "[file:hashes.MD5 = '84d24967cb5cbacf4052a3001692dd54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd1f9-4b5c-4fac-8e2f-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:39:21.000Z",
"modified": "2015-05-21T12:39:21.000Z",
"pattern": "[file:hashes.MD5 = '3447416fbbc65906bd0384d4c2ba479e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd1f9-51d8-4990-9010-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:39:21.000Z",
"modified": "2015-05-21T12:39:21.000Z",
"pattern": "[file:hashes.MD5 = '856de08a947a40e00ea7ed66b8e02c53']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd28a-32e8-4e2c-ad00-a62e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:41:46.000Z",
"modified": "2015-05-21T12:41:46.000Z",
"pattern": "[url:value = '/Owpq4.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:41:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd28a-27e4-4bc5-aed8-a62e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:41:46.000Z",
"modified": "2015-05-21T12:41:46.000Z",
"pattern": "[url:value = '/trandocs/mm/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:41:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd28a-0cb8-4232-a102-a62e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:41:46.000Z",
"modified": "2015-05-21T12:41:46.000Z",
"pattern": "[url:value = '/Clnpp5.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:41:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd28a-0e44-4d00-a47a-a62e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:41:46.000Z",
"modified": "2015-05-21T12:41:46.000Z",
"pattern": "[url:value = '/Rwpq1.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:41:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd28a-735c-41e5-bdab-a62e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:41:46.000Z",
"modified": "2015-05-21T12:41:46.000Z",
"pattern": "[url:value = '/cgl-bin/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:41:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--555dd29e-c8cc-4e13-a28c-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:42:06.000Z",
"modified": "2015-05-21T12:42:06.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "text",
"x_misp_value": "e:\\programs\\LuridDownLoader\\LuridDownloader for Falcon\\DllServiceTrojan\\Release\\DllServiceTrojan.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--555dd29e-22c4-4e2f-8b16-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:42:06.000Z",
"modified": "2015-05-21T12:42:06.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "text",
"x_misp_value": "e:\\programs\\LuridDownLoader\\LuridDownloader for Falcon\\ServiceDll\\Release\\ServiceDll.pdb"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd2bb-8740-4435-b004-4168950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:42:35.000Z",
"modified": "2015-05-21T12:42:35.000Z",
"pattern": "[domain-name:value = 'mailru-vip.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:42:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd2bb-4238-4fba-9ee4-41e4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:42:35.000Z",
"modified": "2015-05-21T12:42:35.000Z",
"pattern": "[domain-name:value = 'yandex-vip.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:42:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd2bb-70a0-4429-a67f-4f96950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:42:35.000Z",
"modified": "2015-05-21T12:42:35.000Z",
"pattern": "[domain-name:value = 'foxit-pro.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:42:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd2bb-a270-4e97-b0bf-4553950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:42:35.000Z",
"modified": "2015-05-21T12:42:35.000Z",
"pattern": "[domain-name:value = 'ymail-vip.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:42:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd2bc-2650-4771-9ef5-4f0a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:42:36.000Z",
"modified": "2015-05-21T12:42:36.000Z",
"pattern": "[domain-name:value = 'ymail-pro.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:42:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd2bc-f750-458c-a708-4f00950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:42:36.000Z",
"modified": "2015-05-21T12:42:36.000Z",
"pattern": "[domain-name:value = 'yandex-pro.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:42:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd2bc-abec-4dde-af7c-4b83950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:42:36.000Z",
"modified": "2015-05-21T12:42:36.000Z",
"pattern": "[domain-name:value = 'mailru-pro.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:42:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd2d6-2f7c-4038-9e77-d8a4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:43:02.000Z",
"modified": "2015-05-21T12:43:02.000Z",
"pattern": "[domain-name:value = 'hoticq.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:43:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd2d6-015c-4300-9f4e-d8a4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:43:02.000Z",
"modified": "2015-05-21T12:43:02.000Z",
"pattern": "[domain-name:value = 'redhag.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:43:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd2d6-ee5c-4be9-b4fa-d8a4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:43:02.000Z",
"modified": "2015-05-21T12:43:02.000Z",
"pattern": "[domain-name:value = 'zadhc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:43:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd2d6-a128-47ab-a7e0-d8a4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:43:02.000Z",
"modified": "2015-05-21T12:43:02.000Z",
"pattern": "[domain-name:value = 'lasmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:43:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd2d6-1e4c-4f07-8ec4-d8a4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:43:02.000Z",
"modified": "2015-05-21T12:43:02.000Z",
"pattern": "[domain-name:value = 'hotoicq.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:43:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--555dd318-a14c-441c-b42d-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:44:08.000Z",
"modified": "2015-05-21T12:44:08.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Registrants",
"x_misp_type": "text",
"x_misp_value": "bruce_tuner@yahoo.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--555dd318-7b4c-4d64-9dd7-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:44:08.000Z",
"modified": "2015-05-21T12:44:08.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Registrants",
"x_misp_type": "text",
"x_misp_value": "icqmaster@163.com"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6c4-4014-47b4-b537-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:59:48.000Z",
"modified": "2015-05-21T12:59:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.22.240.174']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:59:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6c4-d774-45ec-a986-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:59:48.000Z",
"modified": "2015-05-21T12:59:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.22.251.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:59:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6c4-bfd4-49c4-bcb0-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:59:48.000Z",
"modified": "2015-05-21T12:59:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.95.36.75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:59:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6c4-974c-4348-ba70-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:59:48.000Z",
"modified": "2015-05-21T12:59:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.12.197.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:59:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6c4-694c-4efa-a8af-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:59:48.000Z",
"modified": "2015-05-21T12:59:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.64.149.29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:59:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6c4-def8-4079-90df-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:59:48.000Z",
"modified": "2015-05-21T12:59:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '106.123.126.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:59:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6c5-2eb8-4f42-b3a9-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:59:49.000Z",
"modified": "2015-05-21T12:59:49.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.123.126.143']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:59:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6c5-ec60-4014-8f07-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:59:49.000Z",
"modified": "2015-05-21T12:59:49.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.123.126.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:59:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6c5-987c-4730-81ae-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:59:49.000Z",
"modified": "2015-05-21T12:59:49.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.123.126.156']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:59:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6c5-28d4-4e3d-95a4-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:59:49.000Z",
"modified": "2015-05-21T12:59:49.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.123.126.157']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:59:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6c5-5360-4214-98ae-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:59:49.000Z",
"modified": "2015-05-21T12:59:49.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.212.195.216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:59:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6c5-3860-4b5a-81da-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:59:49.000Z",
"modified": "2015-05-21T12:59:49.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.139.13.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:59:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6c5-9868-4258-9dd7-ab11950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T12:59:49.000Z",
"modified": "2015-05-21T12:59:49.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.23.67.226']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T12:59:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d0-9194-4dfd-bd45-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:00.000Z",
"modified": "2015-05-21T13:00:00.000Z",
"pattern": "[file:hashes.MD5 = '140c69ea9a963100e75497b33820f1da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d0-4b10-4a34-9809-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:00.000Z",
"modified": "2015-05-21T13:00:00.000Z",
"pattern": "[file:hashes.MD5 = '166d6cd28c9df20c30fed220a3132345']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d0-d380-48c3-a8ac-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:00.000Z",
"modified": "2015-05-21T13:00:00.000Z",
"pattern": "[file:hashes.MD5 = '22caf76a780c54ddce7fa139100fa54e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d0-513c-476b-a081-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:00.000Z",
"modified": "2015-05-21T13:00:00.000Z",
"pattern": "[file:hashes.MD5 = '2a21eb36cc2a0a24149a4821aa328b7b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d1-043c-473b-9a7f-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:00.000Z",
"modified": "2015-05-21T13:00:00.000Z",
"pattern": "[file:hashes.MD5 = '2d93cbe969d3b5f02d4f9f1a3eb39b85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d1-3738-400b-833b-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:01.000Z",
"modified": "2015-05-21T13:00:01.000Z",
"pattern": "[file:hashes.MD5 = '465ca2eef82b412949eeaa9fa3cc5c75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d1-b294-4f68-9b83-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:01.000Z",
"modified": "2015-05-21T13:00:01.000Z",
"pattern": "[file:hashes.MD5 = '5403e0bda1db72e5e862e9169db4e1d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d1-18b0-4d9a-be47-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:01.000Z",
"modified": "2015-05-21T13:00:01.000Z",
"pattern": "[file:hashes.MD5 = '57d99d67c3e8987e812c9332d6774794']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d1-bb94-41da-98ff-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:01.000Z",
"modified": "2015-05-21T13:00:01.000Z",
"pattern": "[file:hashes.MD5 = '744670ca4531f7ceb72a75ae456e8215']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d1-85e4-44e6-a48d-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:01.000Z",
"modified": "2015-05-21T13:00:01.000Z",
"pattern": "[file:hashes.MD5 = '74bdabd1077d640f7d21c6cfb14a0348']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d1-3a68-47fe-b3ce-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:01.000Z",
"modified": "2015-05-21T13:00:01.000Z",
"pattern": "[file:hashes.MD5 = '89b98f66650cb29d0926713fda3b5bbc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d1-904c-41ef-bc6c-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:01.000Z",
"modified": "2015-05-21T13:00:01.000Z",
"pattern": "[file:hashes.MD5 = '8f65204d8440b7be2b52908e35d19124']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d2-3420-4cad-8c78-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:02.000Z",
"modified": "2015-05-21T13:00:02.000Z",
"pattern": "[file:hashes.MD5 = '963e39d8675b5bb3d2f4e6da45c51bb0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d2-835c-4f88-972e-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:02.000Z",
"modified": "2015-05-21T13:00:02.000Z",
"pattern": "[file:hashes.MD5 = 'd66948e4e90baff08d24c77c93788597']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d2-f538-43c1-bb04-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:02.000Z",
"modified": "2015-05-21T13:00:02.000Z",
"pattern": "[file:hashes.MD5 = 'd8815fe64eb5321add412554908da28a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d2-cf60-4cf7-ac81-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:02.000Z",
"modified": "2015-05-21T13:00:02.000Z",
"pattern": "[file:hashes.MD5 = 'e1833932053171da15c60e6c2fca708a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d2-9844-4c65-8c19-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:02.000Z",
"modified": "2015-05-21T13:00:02.000Z",
"pattern": "[file:hashes.MD5 = 'e38ccff8e7fb922fe48b54b4032fec50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d2-0f38-4dc9-b9b9-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:02.000Z",
"modified": "2015-05-21T13:00:02.000Z",
"pattern": "[file:hashes.MD5 = 'ed69041fbe470fe0f2c1fd837efcb6e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d2-c714-4fc7-8423-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:02.000Z",
"modified": "2015-05-21T13:00:02.000Z",
"pattern": "[file:hashes.MD5 = 'f0f31112af491f56af7cc0802ba96c0f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd6d3-c934-46e2-8a4f-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:00:03.000Z",
"modified": "2015-05-21T13:00:03.000Z",
"pattern": "[file:hashes.MD5 = 'f993d4cabe5021c96d6a80192f142dca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:00:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd718-e7d8-44c5-91e8-44c0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:12.000Z",
"modified": "2015-05-21T13:01:12.000Z",
"pattern": "[domain-name:value = 'ace.mailru-vip.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd719-b590-4909-aedc-48bd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:13.000Z",
"modified": "2015-05-21T13:01:13.000Z",
"pattern": "[domain-name:value = 'led.office-helppane.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd719-72c0-4a55-b0bf-4267950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:13.000Z",
"modified": "2015-05-21T13:01:13.000Z",
"pattern": "[domain-name:value = 'help.lasmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd719-d5ec-4c48-9c05-48f6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:13.000Z",
"modified": "2015-05-21T13:01:13.000Z",
"pattern": "[domain-name:value = 'home.mailru-pro.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd719-2bec-4425-ae02-4f57950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:13.000Z",
"modified": "2015-05-21T13:01:13.000Z",
"pattern": "[domain-name:value = 'mail.lasmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd719-4714-49bf-9195-4101950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:13.000Z",
"modified": "2015-05-21T13:01:13.000Z",
"pattern": "[domain-name:value = 'microsoft.office-helppane.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd719-3020-4c29-9ca8-49f7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:13.000Z",
"modified": "2015-05-21T13:01:13.000Z",
"pattern": "[domain-name:value = 'press.foxit-pro.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd719-3940-4a94-ab1e-4a82950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:13.000Z",
"modified": "2015-05-21T13:01:13.000Z",
"pattern": "[domain-name:value = 'press.mailru-pro.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd71a-3df0-49f9-a612-45e2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:13.000Z",
"modified": "2015-05-21T13:01:13.000Z",
"pattern": "[domain-name:value = 'press.ymail-pro.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd71a-51ac-4fc6-86c2-44f0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:14.000Z",
"modified": "2015-05-21T13:01:14.000Z",
"pattern": "[domain-name:value = 'setup.mailru-vip.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd71a-752c-4b41-856b-44e2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:14.000Z",
"modified": "2015-05-21T13:01:14.000Z",
"pattern": "[domain-name:value = 'sexinsex.ymail-vip.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd71a-89b0-492c-a4ee-4c17950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:14.000Z",
"modified": "2015-05-21T13:01:14.000Z",
"pattern": "[domain-name:value = 'superkiller.mailru-vip.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd71a-01d4-4845-891a-4dea950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:14.000Z",
"modified": "2015-05-21T13:01:14.000Z",
"pattern": "[domain-name:value = 'support.hotoicq.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd71a-f7d4-48ee-875b-41a1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:14.000Z",
"modified": "2015-05-21T13:01:14.000Z",
"pattern": "[domain-name:value = 'update.ymail-vip.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd71a-0074-40ee-bfd0-4092950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:14.000Z",
"modified": "2015-05-21T13:01:14.000Z",
"pattern": "[domain-name:value = 'win.foxit-pro.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dd71a-32f0-44ad-ab21-4385950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T13:01:14.000Z",
"modified": "2015-05-21T13:01:14.000Z",
"pattern": "[domain-name:value = 'xphlp.ymail-vip.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T13:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c84-e3a8-4a5a-88bd-5ca1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:28.000Z",
"modified": "2016-02-19T00:06:28.000Z",
"description": "Automatically added (via 140c69ea9a963100e75497b33820f1da)",
"pattern": "[file:hashes.SHA1 = '1124f1815fd9ac486af884910f1057f74c77de1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c86-eb0c-4251-80e7-59a2950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:30.000Z",
"modified": "2016-02-19T00:06:30.000Z",
"description": "Automatically added (via 166d6cd28c9df20c30fed220a3132345)",
"pattern": "[file:hashes.SHA1 = '45250d5dbbb4dbca60bee6487bd7354cd9459758']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c87-fcb0-4c26-a98a-c654950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:31.000Z",
"modified": "2016-02-19T00:06:31.000Z",
"description": "Automatically added (via 22caf76a780c54ddce7fa139100fa54e)",
"pattern": "[file:hashes.SHA1 = '3253b063de345004da077df7d30040a7d7b31534']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c89-e070-4cb1-abea-c652950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:33.000Z",
"modified": "2016-02-19T00:06:33.000Z",
"description": "Automatically added (via 2a21eb36cc2a0a24149a4821aa328b7b)",
"pattern": "[file:hashes.SHA1 = '944d5735b6fc361d33c1e82e1453d12bd4168390']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c8b-b748-4009-9890-4a80950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:35.000Z",
"modified": "2016-02-19T00:06:35.000Z",
"description": "Automatically added (via 57d99d67c3e8987e812c9332d6774794)",
"pattern": "[file:hashes.SHA1 = '503ae4b437c8a96f4a40f4440ce6d6d8c1831466']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c8d-8e64-4d21-9905-599d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:37.000Z",
"modified": "2016-02-19T00:06:37.000Z",
"description": "Automatically added (via 744670ca4531f7ceb72a75ae456e8215)",
"pattern": "[file:hashes.SHA1 = '4ce4cc713ffe71f371a90d07fff85cf10083ebaa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c8f-3bd0-473b-831c-c653950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:39.000Z",
"modified": "2016-02-19T00:06:39.000Z",
"description": "Automatically added (via 74bdabd1077d640f7d21c6cfb14a0348)",
"pattern": "[file:hashes.SHA1 = 'f65627a4d3f132da78f3c72f83b3b0ad9e4bcfc2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c90-fea8-4225-baa7-437a950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:40.000Z",
"modified": "2016-02-19T00:06:40.000Z",
"description": "Automatically added (via 89b98f66650cb29d0926713fda3b5bbc)",
"pattern": "[file:hashes.SHA1 = '98ab7ec2b7356850da43d1e3368f9b7a3dfb6272']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c92-8bfc-4bd0-bd66-c650950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:42.000Z",
"modified": "2016-02-19T00:06:42.000Z",
"description": "Automatically added (via 8f65204d8440b7be2b52908e35d19124)",
"pattern": "[file:hashes.SHA1 = '7f2d2897367cb7eae84b67421ff1bd1d7cffadb2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c93-d020-4149-b6f3-4ff2950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:43.000Z",
"modified": "2016-02-19T00:06:43.000Z",
"description": "Automatically added (via 963e39d8675b5bb3d2f4e6da45c51bb0)",
"pattern": "[file:hashes.SHA1 = '2874c20bfd341885694f80cf5327e03ef32c0b73']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c95-8464-4425-be57-c652950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:45.000Z",
"modified": "2016-02-19T00:06:45.000Z",
"description": "Automatically added (via d8815fe64eb5321add412554908da28a)",
"pattern": "[file:hashes.SHA1 = '4c35b7f11d59cd661f5ebeeba3e20f1320bee6a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c97-4d80-43aa-afe1-c651950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:47.000Z",
"modified": "2016-02-19T00:06:47.000Z",
"description": "Automatically added (via e1833932053171da15c60e6c2fca708a)",
"pattern": "[file:hashes.SHA1 = 'ca9435e710c590fca8e96085e51aadb104b725e4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c99-3d90-4d6f-8e46-409a950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:49.000Z",
"modified": "2016-02-19T00:06:49.000Z",
"description": "Automatically added (via e38ccff8e7fb922fe48b54b4032fec50)",
"pattern": "[file:hashes.SHA1 = '32f6536be3b68b30d49afe5e898a7620173b6632']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c9a-eeb4-49b9-bc33-c650950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:50.000Z",
"modified": "2016-02-19T00:06:50.000Z",
"description": "Automatically added (via f0f31112af491f56af7cc0802ba96c0f)",
"pattern": "[file:hashes.SHA1 = '6517caa62fbfdf767879625be9e0ba999b9482d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c9c-1248-4b3c-8820-599c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:52.000Z",
"modified": "2016-02-19T00:06:52.000Z",
"description": "Automatically added (via f993d4cabe5021c96d6a80192f142dca)",
"pattern": "[file:hashes.SHA1 = '306851d9b9aa77a56129b9ec0afacd3f781cc1fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c9e-b2d0-47c0-9eee-599d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:54.000Z",
"modified": "2016-02-19T00:06:54.000Z",
"description": "Automatically added (via 84d24967cb5cbacf4052a3001692dd54)",
"pattern": "[file:hashes.SHA1 = '06b2e6240c2072a3219268d15e427a2060adbe8b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65ca0-e1e8-4711-8c90-c654950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:56.000Z",
"modified": "2016-02-19T00:06:56.000Z",
"description": "Automatically added (via 3447416fbbc65906bd0384d4c2ba479e)",
"pattern": "[file:hashes.SHA1 = '6ad16e7b6470d18d488d39ac0b9b3d33fec998cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65ca1-8770-4eef-a43e-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:57.000Z",
"modified": "2016-02-19T00:06:57.000Z",
"description": "Automatically added (via 856de08a947a40e00ea7ed66b8e02c53)",
"pattern": "[file:hashes.SHA1 = '88f186e705c7ed1e22a9d3765c54b5e46344d9db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c85-bcbc-4754-870d-599c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:29.000Z",
"modified": "2016-02-19T00:06:29.000Z",
"description": "Automatically added (via 140c69ea9a963100e75497b33820f1da)",
"pattern": "[file:hashes.SHA256 = 'c2135ccc8a46d4bda7b6052df92035a134b83b8f78b8ba078621d537db021bc7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c87-9664-4e94-b4e1-599f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:31.000Z",
"modified": "2016-02-19T00:06:31.000Z",
"description": "Automatically added (via 166d6cd28c9df20c30fed220a3132345)",
"pattern": "[file:hashes.SHA256 = '618af8da35dee6ae64a27c3fe74309803e844fa7dbba0b6f95ee9c533e30cb5f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c88-f968-4453-96e7-59a4950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:32.000Z",
"modified": "2016-02-19T00:06:32.000Z",
"description": "Automatically added (via 22caf76a780c54ddce7fa139100fa54e)",
"pattern": "[file:hashes.SHA256 = '101b0b8aa0952818f81f701d2074090a269574aa0e2fb3a65ea6bfa76a3670a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c8a-0370-4ad5-b609-c651950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:34.000Z",
"modified": "2016-02-19T00:06:34.000Z",
"description": "Automatically added (via 2a21eb36cc2a0a24149a4821aa328b7b)",
"pattern": "[file:hashes.SHA256 = '683e8e008f37a839de173eabc180dba0cf3dfe3ad4d4ec96aa0100ecc29ba5f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c8c-1ed0-4e66-9634-599c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:36.000Z",
"modified": "2016-02-19T00:06:36.000Z",
"description": "Automatically added (via 57d99d67c3e8987e812c9332d6774794)",
"pattern": "[file:hashes.SHA256 = 'bb7c0873affe2759ee83cd7b7f55f8468ebf577f066c401dd11bd094e0e6a9f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c8d-eec8-4fdc-b5a8-43ca950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:37.000Z",
"modified": "2016-02-19T00:06:37.000Z",
"description": "Automatically added (via 744670ca4531f7ceb72a75ae456e8215)",
"pattern": "[file:hashes.SHA256 = '21a4c280a91c06e5f6546802af1dff5f5e4daf69599f7b44d68a8b8c7bc45f3f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c8f-d114-4d58-94e5-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:39.000Z",
"modified": "2016-02-19T00:06:39.000Z",
"description": "Automatically added (via 74bdabd1077d640f7d21c6cfb14a0348)",
"pattern": "[file:hashes.SHA256 = '3b0f1f4dc3309a68e3837f03aa3457727e1dbbf00df9c3fe102d5151a273c97f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c91-be0c-410b-a491-599f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:41.000Z",
"modified": "2016-02-19T00:06:41.000Z",
"description": "Automatically added (via 89b98f66650cb29d0926713fda3b5bbc)",
"pattern": "[file:hashes.SHA256 = '53704d0afd299b6ab846ed54bd1d6709713d1d84d482c092d9b2c221a86f6ca3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c93-24cc-4061-8dc5-454e950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:43.000Z",
"modified": "2016-02-19T00:06:43.000Z",
"description": "Automatically added (via 8f65204d8440b7be2b52908e35d19124)",
"pattern": "[file:hashes.SHA256 = 'af781cfc811c8c847be5c972e7482c29193a2222e686c7b682b2d0b0c13e70c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c94-4ae4-4e69-8222-59a2950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:44.000Z",
"modified": "2016-02-19T00:06:44.000Z",
"description": "Automatically added (via 963e39d8675b5bb3d2f4e6da45c51bb0)",
"pattern": "[file:hashes.SHA256 = '33f055ef7d55427e3be295e1d1f940d548d0d336bdd56aff34baf401d7c39412']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c96-3524-4693-a14e-4475950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:46.000Z",
"modified": "2016-02-19T00:06:46.000Z",
"description": "Automatically added (via d8815fe64eb5321add412554908da28a)",
"pattern": "[file:hashes.SHA256 = '5f5fcb7582b9e1ab03a98dc1670e690b40c1d7f4fcaeb8fdd4d85efebdf07074']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c98-8b58-4fec-9206-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:48.000Z",
"modified": "2016-02-19T00:06:48.000Z",
"description": "Automatically added (via e1833932053171da15c60e6c2fca708a)",
"pattern": "[file:hashes.SHA256 = '45d245c6b464972667080b5e4115b071f5960bb510aa23a75646d50d9e591baa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c99-71e8-48da-b934-599e950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:49.000Z",
"modified": "2016-02-19T00:06:49.000Z",
"description": "Automatically added (via e38ccff8e7fb922fe48b54b4032fec50)",
"pattern": "[file:hashes.SHA256 = '6c555854d014c3ba559a55621d2f996d405497a793c472cccbc8ad6657f07ad3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c9b-1064-4c8d-9adc-59a1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:51.000Z",
"modified": "2016-02-19T00:06:51.000Z",
"description": "Automatically added (via f0f31112af491f56af7cc0802ba96c0f)",
"pattern": "[file:hashes.SHA256 = 'e2c6dee089bd8c3d23ab7d422e25c5f21553bda2c805f9e63765371ba71feaa9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c9d-4190-4d62-af1c-59a0950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:53.000Z",
"modified": "2016-02-19T00:06:53.000Z",
"description": "Automatically added (via f993d4cabe5021c96d6a80192f142dca)",
"pattern": "[file:hashes.SHA256 = '2686335f2be7ef06ddb826177d26377129b6c448abd70a02ef6363a175421661']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c9f-98ec-4445-b2d4-c650950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:55.000Z",
"modified": "2016-02-19T00:06:55.000Z",
"description": "Automatically added (via 84d24967cb5cbacf4052a3001692dd54)",
"pattern": "[file:hashes.SHA256 = '4dda14e0eb9a21583bf5276ff2caa9d4c45b4b3dfbc0fef71182b5672d00eb73']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65ca0-8fb8-44b3-bafa-599e950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:56.000Z",
"modified": "2016-02-19T00:06:56.000Z",
"description": "Automatically added (via 3447416fbbc65906bd0384d4c2ba479e)",
"pattern": "[file:hashes.SHA256 = '3e1a3929457a3d347be51ebaa1410d9f238865e92ff0058cfe1e7a2cc6643b85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65ca2-3780-44dc-8b03-c651950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:06:58.000Z",
"modified": "2016-02-19T00:06:58.000Z",
"description": "Automatically added (via 856de08a947a40e00ea7ed66b8e02c53)",
"pattern": "[file:hashes.SHA256 = 'e236a76e2be259fd6c12590c6a1904247c170e9b20261520d4321eb40b971f11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:06:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}