adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/57557d45-1590-4513-925d-4516950d210f.json

2139 lines
No EOL
92 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--57557d45-1590-4513-925d-4516950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:37.000Z",
"modified": "2016-06-06T13:44:37.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57557d45-1590-4513-925d-4516950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:37.000Z",
"modified": "2016-06-06T13:44:37.000Z",
"name": "OSINT - Lame proxychanger, apparently related to a clickfraud botnet.",
"published": "2016-06-06T13:46:42Z",
"object_refs": [
"observed-data--57557d5b-5784-4f5b-8c19-4000950d210f",
"url--57557d5b-5784-4f5b-8c19-4000950d210f",
"indicator--57557d83-b6f0-4d6f-acdc-4ac1950d210f",
"indicator--57557d83-6ac4-4586-9595-45e1950d210f",
"indicator--57557d83-7330-4161-a166-4e15950d210f",
"indicator--57557d84-da20-4d16-be87-420d950d210f",
"indicator--57557d84-49fc-4a1e-a3fc-4260950d210f",
"indicator--57557d85-a524-461e-9183-4f70950d210f",
"indicator--57557da8-e0d4-40f4-bdda-4b2a950d210f",
"indicator--57557de4-c03c-494d-9996-4b24950d210f",
"indicator--57557de5-6174-46b1-8432-4cea950d210f",
"indicator--57557de5-9268-48ac-9a8d-4d75950d210f",
"indicator--57557de6-f95c-450a-b4ce-4448950d210f",
"indicator--57557de6-77b8-427c-879b-4b31950d210f",
"indicator--57557de7-7b30-4b87-bc0c-42d9950d210f",
"indicator--57557de7-b080-45b6-b19d-45bf950d210f",
"indicator--57557de7-fc28-4d74-9984-4c53950d210f",
"indicator--57557de8-ff44-43f3-bc28-456c950d210f",
"indicator--57557de8-2034-484b-89fb-428f950d210f",
"indicator--57557de9-7180-4b8b-b71f-4143950d210f",
"indicator--57557de9-0154-4175-94a2-485a950d210f",
"indicator--57557dea-7ac0-401e-a58c-4135950d210f",
"indicator--57557dea-9fbc-44cd-ba5a-4a9f950d210f",
"indicator--57557deb-3480-400a-a5ff-4954950d210f",
"indicator--57557deb-749c-4eed-a3c0-4174950d210f",
"indicator--57557dec-11e4-4c4d-a530-49d9950d210f",
"indicator--57557dec-6314-4b72-a898-4491950d210f",
"indicator--57557ded-70e0-4270-9e61-494b950d210f",
"indicator--57557ded-e7f4-44ba-ad15-4c83950d210f",
"indicator--57557dee-a7b4-4a24-9d01-48f6950d210f",
"indicator--57557dee-dd1c-4ca4-b0c9-4bb2950d210f",
"indicator--57557dee-24a4-448a-9a92-4666950d210f",
"indicator--57557def-815c-45fe-9e75-49c9950d210f",
"indicator--57557def-3c94-455a-938e-4936950d210f",
"indicator--57557df0-6c78-435a-93f1-4705950d210f",
"indicator--57557df0-3f84-45b4-936d-4dbd950d210f",
"indicator--57557df0-f434-442b-b210-40ad950d210f",
"indicator--57557df1-9120-4600-b632-44ea950d210f",
"indicator--57557df1-bca8-4943-bf53-4e77950d210f",
"indicator--57557e00-80d8-4133-827d-4a8f950d210f",
"indicator--57557e00-d764-4292-848d-4af8950d210f",
"indicator--57557e01-4c50-43c6-b236-40f4950d210f",
"observed-data--57557e45-0d9c-4474-ad8d-432d02de0b81",
"url--57557e45-0d9c-4474-ad8d-432d02de0b81",
"indicator--57557e46-59b8-41ad-908d-42ed02de0b81",
"indicator--57557e46-3c14-4f93-8e79-424c02de0b81",
"observed-data--57557e47-f230-4459-815d-4ad202de0b81",
"url--57557e47-f230-4459-815d-4ad202de0b81",
"indicator--57557e47-f344-4498-8b44-4fd802de0b81",
"indicator--57557e48-d0d8-41e9-a957-4a9102de0b81",
"observed-data--57557e48-6190-45db-b5d5-4bbf02de0b81",
"url--57557e48-6190-45db-b5d5-4bbf02de0b81",
"observed-data--57557e48-9418-4765-81d4-4ac702de0b81",
"url--57557e48-9418-4765-81d4-4ac702de0b81",
"observed-data--57557e49-bc8c-49eb-a5f9-4a5702de0b81",
"url--57557e49-bc8c-49eb-a5f9-4a5702de0b81",
"indicator--57557e49-2ecc-447f-987d-4f7702de0b81",
"indicator--57557e4a-f784-4932-a95b-44bd02de0b81",
"observed-data--57557e4a-d290-4a02-acff-4a2102de0b81",
"url--57557e4a-d290-4a02-acff-4a2102de0b81",
"indicator--57557e4b-e634-475b-9683-473802de0b81",
"indicator--57557e4b-41cc-434c-92aa-402d02de0b81",
"observed-data--57557e4c-c58c-41f5-b275-493502de0b81",
"url--57557e4c-c58c-41f5-b275-493502de0b81",
"indicator--57557e4c-7b9c-4a0e-a450-4c5602de0b81",
"indicator--57557e4c-20b4-46a8-9431-427202de0b81",
"observed-data--57557e4d-2440-4ca8-87b7-4e1d02de0b81",
"url--57557e4d-2440-4ca8-87b7-4e1d02de0b81",
"indicator--57557e4d-e8ec-47ce-bcc7-4c3a02de0b81",
"indicator--57557e4e-95fc-4d0d-95a7-4c3802de0b81",
"observed-data--57557e4e-0ddc-477d-9c32-489202de0b81",
"url--57557e4e-0ddc-477d-9c32-489202de0b81",
"indicator--57557e4f-bf88-4b9d-8744-467202de0b81",
"indicator--57557e4f-e8dc-485f-8074-400302de0b81",
"observed-data--57557e50-a1d8-4e21-afeb-401a02de0b81",
"url--57557e50-a1d8-4e21-afeb-401a02de0b81",
"observed-data--57557e50-7f40-4da9-910d-41a602de0b81",
"url--57557e50-7f40-4da9-910d-41a602de0b81",
"indicator--57557e50-3edc-48dd-bb44-4e5b02de0b81",
"indicator--57557e51-b434-4720-904d-474202de0b81",
"observed-data--57557e51-e968-4f64-87a1-44ff02de0b81",
"url--57557e51-e968-4f64-87a1-44ff02de0b81",
"observed-data--57557e52-73c4-4a52-8662-4aac02de0b81",
"url--57557e52-73c4-4a52-8662-4aac02de0b81",
"indicator--57557e52-0e6c-4910-8519-47cb02de0b81",
"indicator--57557e53-1688-4253-bd64-412002de0b81",
"observed-data--57557e53-3bc0-4883-bddd-4ee802de0b81",
"url--57557e53-3bc0-4883-bddd-4ee802de0b81",
"indicator--57557e54-9970-4a97-ae94-48b302de0b81",
"indicator--57557e54-6134-4200-8443-4c0502de0b81",
"observed-data--57557e54-7104-43a9-b5c3-49bc02de0b81",
"url--57557e54-7104-43a9-b5c3-49bc02de0b81",
"indicator--57557e55-fda0-4638-9d59-48e302de0b81",
"indicator--57557e55-20b0-47e1-a925-4d1c02de0b81",
"observed-data--57557e56-b2d0-4e57-9029-4e5102de0b81",
"url--57557e56-b2d0-4e57-9029-4e5102de0b81",
"observed-data--57557e56-38c4-4e0d-aa31-44dd02de0b81",
"url--57557e56-38c4-4e0d-aa31-44dd02de0b81",
"indicator--57557e57-b064-4bdb-923c-461702de0b81",
"indicator--57557e57-b29c-4921-8c06-454b02de0b81",
"observed-data--57557e57-80f8-4e2a-a7ec-459902de0b81",
"url--57557e57-80f8-4e2a-a7ec-459902de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557d5b-5784-4f5b-8c19-4000950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:40:43.000Z",
"modified": "2016-06-06T13:40:43.000Z",
"first_observed": "2016-06-06T13:40:43Z",
"last_observed": "2016-06-06T13:40:43Z",
"number_observed": 1,
"object_refs": [
"url--57557d5b-5784-4f5b-8c19-4000950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557d5b-5784-4f5b-8c19-4000950d210f",
"value": "https://labs.bitdefender.com/2016/05/inside-the-million-machine-clickfraud-botnet/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557d83-b6f0-4d6f-acdc-4ac1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:41:23.000Z",
"modified": "2016-06-06T13:41:23.000Z",
"description": "PAC file",
"pattern": "[url:value = 'http://xn--51haaa.ml/server.pac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:41:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557d83-6ac4-4586-9595-45e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:41:23.000Z",
"modified": "2016-06-06T13:41:23.000Z",
"description": "PAC file",
"pattern": "[url:value = 'http://xn--51haaa.ml/proxy.pac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:41:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557d83-7330-4161-a166-4e15950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:41:23.000Z",
"modified": "2016-06-06T13:41:23.000Z",
"description": "PAC file",
"pattern": "[url:value = 'http://xn--koa.net/proxy.pac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:41:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557d84-da20-4d16-be87-420d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:41:24.000Z",
"modified": "2016-06-06T13:41:24.000Z",
"description": "PAC file",
"pattern": "[url:value = 'http://wpad.com.gr/server.pac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:41:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557d84-49fc-4a1e-a3fc-4260950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:41:24.000Z",
"modified": "2016-06-06T13:41:24.000Z",
"description": "On port 8484",
"pattern": "[url:value = 'http://93.190.137.240']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:41:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557d85-a524-461e-9183-4f70950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:41:25.000Z",
"modified": "2016-06-06T13:41:25.000Z",
"description": "PAC file",
"pattern": "[url:value = 'http://xn--koa.net/server.pac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:41:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557da8-e0d4-40f4-bdda-4b2a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:42:00.000Z",
"modified": "2016-06-06T13:42:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.190.137.240']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:42:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557de4-c03c-494d-9996-4b24950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:00.000Z",
"modified": "2016-06-06T13:43:00.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.MD5 = '754df4b9e0a954f13ef0f4a01a7cc587']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557de5-6174-46b1-8432-4cea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:01.000Z",
"modified": "2016-06-06T13:43:01.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.MD5 = '9dfebeacb2fcd8bf558caab4226e73e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557de5-9268-48ac-9a8d-4d75950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:01.000Z",
"modified": "2016-06-06T13:43:01.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.MD5 = '8da287ad9cee5376d5822012c1fdc1d8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557de6-f95c-450a-b4ce-4448950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:02.000Z",
"modified": "2016-06-06T13:43:02.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.MD5 = 'fb6e1bfb2083daaf0bf40b9ad5226d3d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557de6-77b8-427c-879b-4b31950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:02.000Z",
"modified": "2016-06-06T13:43:02.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.MD5 = 'd62b97f57093cc5cb4d1fd3cff89f63b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557de7-7b30-4b87-bc0c-42d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:03.000Z",
"modified": "2016-06-06T13:43:03.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.MD5 = 'f2afeeb6a6a205f6561bce5395d67730']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557de7-b080-45b6-b19d-45bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:03.000Z",
"modified": "2016-06-06T13:43:03.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA1 = '374c760361a2e9d7aea99b784893ce2d50cd7c41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557de7-fc28-4d74-9984-4c53950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:03.000Z",
"modified": "2016-06-06T13:43:03.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA1 = '78543cc1a1441e730bc4b1f9570cb00285f7de79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557de8-ff44-43f3-bc28-456c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:04.000Z",
"modified": "2016-06-06T13:43:04.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA1 = '641d10b10264d0d2fb7f94dfca819ad5bbca49a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557de8-2034-484b-89fb-428f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:04.000Z",
"modified": "2016-06-06T13:43:04.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA1 = '2d8e2a0eaa261402a58a20b8862d93e1096f6ce2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557de9-7180-4b8b-b71f-4143950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:05.000Z",
"modified": "2016-06-06T13:43:05.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA1 = 'b505a0f13bf9439dcf621899b26bb32fdc2b5d44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557de9-0154-4175-94a2-485a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:05.000Z",
"modified": "2016-06-06T13:43:05.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA1 = '83d15bc3d8cb28321602bc3ca4f47fd2a254b8ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557dea-7ac0-401e-a58c-4135950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:06.000Z",
"modified": "2016-06-06T13:43:06.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = '98a59f042da32b5972dadf17331f2f1e714097dc2d9d9d678edafc10dc5d7d9a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557dea-9fbc-44cd-ba5a-4a9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:06.000Z",
"modified": "2016-06-06T13:43:06.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = 'e7aecb0135099e15b71cc357f9c2529d1e6e494cab402017b2555096e09c9f31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557deb-3480-400a-a5ff-4954950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:07.000Z",
"modified": "2016-06-06T13:43:07.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = 'b8f9a1f7f3d096b040e0f2e6e6af47d3ffcfadc2a3234728949b1d6916a571a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557deb-749c-4eed-a3c0-4174950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:07.000Z",
"modified": "2016-06-06T13:43:07.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = 'c704caed0fe22efb9e94f0ae8c91c01a935c077526131b489f4bec893c3433dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557dec-11e4-4c4d-a530-49d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:08.000Z",
"modified": "2016-06-06T13:43:08.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = '993b06ee1d6b8384fc35cc94a3ad2a6ea6d04ebbd2413653eb635b33a57b1151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557dec-6314-4b72-a898-4491950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:08.000Z",
"modified": "2016-06-06T13:43:08.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = '1f111c1f9b4dd8596efbd5f0ceeb2e7a30b25ba296a2035e3652a81f340e0f26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557ded-70e0-4270-9e61-494b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:09.000Z",
"modified": "2016-06-06T13:43:09.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = '86763ec412336d2b7524b44c3c60cf7938ff4d36927015c84503dd70acac30d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557ded-e7f4-44ba-ad15-4c83950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:09.000Z",
"modified": "2016-06-06T13:43:09.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = 'ca4d238b324dd35b2a1706d92b728b69efeca28c5934fd69b8816943c9de2ec5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557dee-a7b4-4a24-9d01-48f6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:10.000Z",
"modified": "2016-06-06T13:43:10.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = 'eca52b0c880141cf36fbb0a704860dc8eeb9fd38528021c25f79a68293004563']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557dee-dd1c-4ca4-b0c9-4bb2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:10.000Z",
"modified": "2016-06-06T13:43:10.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = '2bed7c4b1c7a9a1aac6996a2edb8b6987b71ffaa55ac2c574dc43f1feee8e1ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557dee-24a4-448a-9a92-4666950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:10.000Z",
"modified": "2016-06-06T13:43:10.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = 'eccfd7065d436d5a4da903c6a29bc926e630c9e47795bfc416f8a3cd25090167']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557def-815c-45fe-9e75-49c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:11.000Z",
"modified": "2016-06-06T13:43:11.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = 'e879531b7fc218213af9c6c9f48107cd14b5733f9f9b68b64d07a1adb61b2ed0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557def-3c94-455a-938e-4936950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:11.000Z",
"modified": "2016-06-06T13:43:11.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = '426ee3c2df00f5ecad0dd6394f9ab331b0d759545f709479f062764673af5120']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557df0-6c78-435a-93f1-4705950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:12.000Z",
"modified": "2016-06-06T13:43:12.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = 'b7ddd15fa8e5b41ae06890cb860e71c9baf308813adc1f61eec853a6b366b206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557df0-3f84-45b4-936d-4dbd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:12.000Z",
"modified": "2016-06-06T13:43:12.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = 'ead9ec37ff78a036083ea8f39e3e4f4e356efa7b1da16fc741a29e201aa3cc1f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557df0-f434-442b-b210-40ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:12.000Z",
"modified": "2016-06-06T13:43:12.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = 'e16c8d3522b51648e7bb369e8f013ea97bc34e0da1cde467676015b5c2b38e93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557df1-9120-4600-b632-44ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:13.000Z",
"modified": "2016-06-06T13:43:13.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = 'b673103ca06c97adf43fcd6a9c80906c45a2d168750774c9cd18308ead8cc426']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557df1-bca8-4943-bf53-4e77950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:13.000Z",
"modified": "2016-06-06T13:43:13.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet.",
"pattern": "[file:hashes.SHA256 = '9f63a748ce6f4e4b53eff31e20c67a528e220190e834eac2da57dd426b93a234']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e00-80d8-4133-827d-4a8f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:28.000Z",
"modified": "2016-06-06T13:43:28.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'xn--51haaa.ml']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e00-d764-4292-848d-4af8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:28.000Z",
"modified": "2016-06-06T13:43:28.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'xn--koa.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e01-4c50-43c6-b236-40f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:43:29.000Z",
"modified": "2016-06-06T13:43:29.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'wpad.com.gr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:43:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e45-0d9c-4474-ad8d-432d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:37.000Z",
"modified": "2016-06-06T13:44:37.000Z",
"first_observed": "2016-06-06T13:44:37Z",
"last_observed": "2016-06-06T13:44:37Z",
"number_observed": 1,
"object_refs": [
"url--57557e45-0d9c-4474-ad8d-432d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e45-0d9c-4474-ad8d-432d02de0b81",
"value": "https://www.virustotal.com/file/9f63a748ce6f4e4b53eff31e20c67a528e220190e834eac2da57dd426b93a234/analysis/1450058531/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e46-59b8-41ad-908d-42ed02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:38.000Z",
"modified": "2016-06-06T13:44:38.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b673103ca06c97adf43fcd6a9c80906c45a2d168750774c9cd18308ead8cc426",
"pattern": "[file:hashes.SHA1 = 'fe1cfeab9080ce9c0436813fc96ca89f1c9e3d07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e46-3c14-4f93-8e79-424c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:38.000Z",
"modified": "2016-06-06T13:44:38.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b673103ca06c97adf43fcd6a9c80906c45a2d168750774c9cd18308ead8cc426",
"pattern": "[file:hashes.MD5 = '713dc2ca729aad773380c6fca70af8b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e47-f230-4459-815d-4ad202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:39.000Z",
"modified": "2016-06-06T13:44:39.000Z",
"first_observed": "2016-06-06T13:44:39Z",
"last_observed": "2016-06-06T13:44:39Z",
"number_observed": 1,
"object_refs": [
"url--57557e47-f230-4459-815d-4ad202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e47-f230-4459-815d-4ad202de0b81",
"value": "https://www.virustotal.com/file/b673103ca06c97adf43fcd6a9c80906c45a2d168750774c9cd18308ead8cc426/analysis/1463490982/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e47-f344-4498-8b44-4fd802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:39.000Z",
"modified": "2016-06-06T13:44:39.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e16c8d3522b51648e7bb369e8f013ea97bc34e0da1cde467676015b5c2b38e93",
"pattern": "[file:hashes.SHA1 = '73f0977a41ff0a32e9039d2e6f760de3c3083a3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e48-d0d8-41e9-a957-4a9102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:40.000Z",
"modified": "2016-06-06T13:44:40.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e16c8d3522b51648e7bb369e8f013ea97bc34e0da1cde467676015b5c2b38e93",
"pattern": "[file:hashes.MD5 = '521ac14c9aae6cac9b988dd4dd6a2f6b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e48-6190-45db-b5d5-4bbf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:40.000Z",
"modified": "2016-06-06T13:44:40.000Z",
"first_observed": "2016-06-06T13:44:40Z",
"last_observed": "2016-06-06T13:44:40Z",
"number_observed": 1,
"object_refs": [
"url--57557e48-6190-45db-b5d5-4bbf02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e48-6190-45db-b5d5-4bbf02de0b81",
"value": "https://www.virustotal.com/file/e16c8d3522b51648e7bb369e8f013ea97bc34e0da1cde467676015b5c2b38e93/analysis/1463490981/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e48-9418-4765-81d4-4ac702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:40.000Z",
"modified": "2016-06-06T13:44:40.000Z",
"first_observed": "2016-06-06T13:44:40Z",
"last_observed": "2016-06-06T13:44:40Z",
"number_observed": 1,
"object_refs": [
"url--57557e48-9418-4765-81d4-4ac702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e48-9418-4765-81d4-4ac702de0b81",
"value": "https://www.virustotal.com/file/ead9ec37ff78a036083ea8f39e3e4f4e356efa7b1da16fc741a29e201aa3cc1f/analysis/1446478125/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e49-bc8c-49eb-a5f9-4a5702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:41.000Z",
"modified": "2016-06-06T13:44:41.000Z",
"first_observed": "2016-06-06T13:44:41Z",
"last_observed": "2016-06-06T13:44:41Z",
"number_observed": 1,
"object_refs": [
"url--57557e49-bc8c-49eb-a5f9-4a5702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e49-bc8c-49eb-a5f9-4a5702de0b81",
"value": "https://www.virustotal.com/file/b7ddd15fa8e5b41ae06890cb860e71c9baf308813adc1f61eec853a6b366b206/analysis/1464421408/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e49-2ecc-447f-987d-4f7702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:41.000Z",
"modified": "2016-06-06T13:44:41.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 426ee3c2df00f5ecad0dd6394f9ab331b0d759545f709479f062764673af5120",
"pattern": "[file:hashes.SHA1 = '0e816e715c631c28ad8a82202b7fcfea00a72a30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e4a-f784-4932-a95b-44bd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:42.000Z",
"modified": "2016-06-06T13:44:42.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 426ee3c2df00f5ecad0dd6394f9ab331b0d759545f709479f062764673af5120",
"pattern": "[file:hashes.MD5 = '99a0df95986f975a4e5229550d710f23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e4a-d290-4a02-acff-4a2102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:42.000Z",
"modified": "2016-06-06T13:44:42.000Z",
"first_observed": "2016-06-06T13:44:42Z",
"last_observed": "2016-06-06T13:44:42Z",
"number_observed": 1,
"object_refs": [
"url--57557e4a-d290-4a02-acff-4a2102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e4a-d290-4a02-acff-4a2102de0b81",
"value": "https://www.virustotal.com/file/426ee3c2df00f5ecad0dd6394f9ab331b0d759545f709479f062764673af5120/analysis/1463490983/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e4b-e634-475b-9683-473802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:43.000Z",
"modified": "2016-06-06T13:44:43.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e879531b7fc218213af9c6c9f48107cd14b5733f9f9b68b64d07a1adb61b2ed0",
"pattern": "[file:hashes.SHA1 = '468c249e2be922e524ca73f01b4ad662b6e5d411']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e4b-41cc-434c-92aa-402d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:43.000Z",
"modified": "2016-06-06T13:44:43.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: e879531b7fc218213af9c6c9f48107cd14b5733f9f9b68b64d07a1adb61b2ed0",
"pattern": "[file:hashes.MD5 = '57212490b784ecbdb9ce965acd228539']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e4c-c58c-41f5-b275-493502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:44.000Z",
"modified": "2016-06-06T13:44:44.000Z",
"first_observed": "2016-06-06T13:44:44Z",
"last_observed": "2016-06-06T13:44:44Z",
"number_observed": 1,
"object_refs": [
"url--57557e4c-c58c-41f5-b275-493502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e4c-c58c-41f5-b275-493502de0b81",
"value": "https://www.virustotal.com/file/e879531b7fc218213af9c6c9f48107cd14b5733f9f9b68b64d07a1adb61b2ed0/analysis/1451634274/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e4c-7b9c-4a0e-a450-4c5602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:44.000Z",
"modified": "2016-06-06T13:44:44.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eccfd7065d436d5a4da903c6a29bc926e630c9e47795bfc416f8a3cd25090167",
"pattern": "[file:hashes.SHA1 = 'e1d791b60f69a08f81d0acb88f068ad2e8735585']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e4c-20b4-46a8-9431-427202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:44.000Z",
"modified": "2016-06-06T13:44:44.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eccfd7065d436d5a4da903c6a29bc926e630c9e47795bfc416f8a3cd25090167",
"pattern": "[file:hashes.MD5 = '8f93e41c30911fd2321973c01277c752']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e4d-2440-4ca8-87b7-4e1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:45.000Z",
"modified": "2016-06-06T13:44:45.000Z",
"first_observed": "2016-06-06T13:44:45Z",
"last_observed": "2016-06-06T13:44:45Z",
"number_observed": 1,
"object_refs": [
"url--57557e4d-2440-4ca8-87b7-4e1d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e4d-2440-4ca8-87b7-4e1d02de0b81",
"value": "https://www.virustotal.com/file/eccfd7065d436d5a4da903c6a29bc926e630c9e47795bfc416f8a3cd25090167/analysis/1463490983/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e4d-e8ec-47ce-bcc7-4c3a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:45.000Z",
"modified": "2016-06-06T13:44:45.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 2bed7c4b1c7a9a1aac6996a2edb8b6987b71ffaa55ac2c574dc43f1feee8e1ce",
"pattern": "[file:hashes.SHA1 = '1be920cb406d8fea6a554faa4f1457b2fed47df4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e4e-95fc-4d0d-95a7-4c3802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:46.000Z",
"modified": "2016-06-06T13:44:46.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 2bed7c4b1c7a9a1aac6996a2edb8b6987b71ffaa55ac2c574dc43f1feee8e1ce",
"pattern": "[file:hashes.MD5 = 'c6b90576c2f6aae51fc932c98b17daf0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e4e-0ddc-477d-9c32-489202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:46.000Z",
"modified": "2016-06-06T13:44:46.000Z",
"first_observed": "2016-06-06T13:44:46Z",
"last_observed": "2016-06-06T13:44:46Z",
"number_observed": 1,
"object_refs": [
"url--57557e4e-0ddc-477d-9c32-489202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e4e-0ddc-477d-9c32-489202de0b81",
"value": "https://www.virustotal.com/file/2bed7c4b1c7a9a1aac6996a2edb8b6987b71ffaa55ac2c574dc43f1feee8e1ce/analysis/1464248617/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e4f-bf88-4b9d-8744-467202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:47.000Z",
"modified": "2016-06-06T13:44:47.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eca52b0c880141cf36fbb0a704860dc8eeb9fd38528021c25f79a68293004563",
"pattern": "[file:hashes.SHA1 = 'b67b22aafda1a77758014071bb12e6ba2e0b8a0f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e4f-e8dc-485f-8074-400302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:47.000Z",
"modified": "2016-06-06T13:44:47.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: eca52b0c880141cf36fbb0a704860dc8eeb9fd38528021c25f79a68293004563",
"pattern": "[file:hashes.MD5 = 'eed81f2283c05191c77ceec6ecf989bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e50-a1d8-4e21-afeb-401a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:48.000Z",
"modified": "2016-06-06T13:44:48.000Z",
"first_observed": "2016-06-06T13:44:48Z",
"last_observed": "2016-06-06T13:44:48Z",
"number_observed": 1,
"object_refs": [
"url--57557e50-a1d8-4e21-afeb-401a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e50-a1d8-4e21-afeb-401a02de0b81",
"value": "https://www.virustotal.com/file/eca52b0c880141cf36fbb0a704860dc8eeb9fd38528021c25f79a68293004563/analysis/1463490985/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e50-7f40-4da9-910d-41a602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:48.000Z",
"modified": "2016-06-06T13:44:48.000Z",
"first_observed": "2016-06-06T13:44:48Z",
"last_observed": "2016-06-06T13:44:48Z",
"number_observed": 1,
"object_refs": [
"url--57557e50-7f40-4da9-910d-41a602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e50-7f40-4da9-910d-41a602de0b81",
"value": "https://www.virustotal.com/file/ca4d238b324dd35b2a1706d92b728b69efeca28c5934fd69b8816943c9de2ec5/analysis/1463640490/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e50-3edc-48dd-bb44-4e5b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:48.000Z",
"modified": "2016-06-06T13:44:48.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 86763ec412336d2b7524b44c3c60cf7938ff4d36927015c84503dd70acac30d0",
"pattern": "[file:hashes.SHA1 = '3c551bf3b31cf7b2aaa8a6beb5c9114315cf71ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e51-b434-4720-904d-474202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:49.000Z",
"modified": "2016-06-06T13:44:49.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 86763ec412336d2b7524b44c3c60cf7938ff4d36927015c84503dd70acac30d0",
"pattern": "[file:hashes.MD5 = '4f19bb0b2f343c2bcc25fe36bccbbab7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e51-e968-4f64-87a1-44ff02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:49.000Z",
"modified": "2016-06-06T13:44:49.000Z",
"first_observed": "2016-06-06T13:44:49Z",
"last_observed": "2016-06-06T13:44:49Z",
"number_observed": 1,
"object_refs": [
"url--57557e51-e968-4f64-87a1-44ff02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e51-e968-4f64-87a1-44ff02de0b81",
"value": "https://www.virustotal.com/file/86763ec412336d2b7524b44c3c60cf7938ff4d36927015c84503dd70acac30d0/analysis/1463490981/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e52-73c4-4a52-8662-4aac02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:50.000Z",
"modified": "2016-06-06T13:44:50.000Z",
"first_observed": "2016-06-06T13:44:50Z",
"last_observed": "2016-06-06T13:44:50Z",
"number_observed": 1,
"object_refs": [
"url--57557e52-73c4-4a52-8662-4aac02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e52-73c4-4a52-8662-4aac02de0b81",
"value": "https://www.virustotal.com/file/1f111c1f9b4dd8596efbd5f0ceeb2e7a30b25ba296a2035e3652a81f340e0f26/analysis/1453461325/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e52-0e6c-4910-8519-47cb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:50.000Z",
"modified": "2016-06-06T13:44:50.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 993b06ee1d6b8384fc35cc94a3ad2a6ea6d04ebbd2413653eb635b33a57b1151",
"pattern": "[file:hashes.SHA1 = 'ac15fb527baa0058c059f20f1ef20b5c2bd16abc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e53-1688-4253-bd64-412002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:51.000Z",
"modified": "2016-06-06T13:44:51.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 993b06ee1d6b8384fc35cc94a3ad2a6ea6d04ebbd2413653eb635b33a57b1151",
"pattern": "[file:hashes.MD5 = '0681d610f382f5aa59e69d976ed7acdb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e53-3bc0-4883-bddd-4ee802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:51.000Z",
"modified": "2016-06-06T13:44:51.000Z",
"first_observed": "2016-06-06T13:44:51Z",
"last_observed": "2016-06-06T13:44:51Z",
"number_observed": 1,
"object_refs": [
"url--57557e53-3bc0-4883-bddd-4ee802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e53-3bc0-4883-bddd-4ee802de0b81",
"value": "https://www.virustotal.com/file/993b06ee1d6b8384fc35cc94a3ad2a6ea6d04ebbd2413653eb635b33a57b1151/analysis/1464094559/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e54-9970-4a97-ae94-48b302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:52.000Z",
"modified": "2016-06-06T13:44:52.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: c704caed0fe22efb9e94f0ae8c91c01a935c077526131b489f4bec893c3433dd",
"pattern": "[file:hashes.SHA1 = '678046b7c48ab176fc0053ab22d4490f72e9e132']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e54-6134-4200-8443-4c0502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:52.000Z",
"modified": "2016-06-06T13:44:52.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: c704caed0fe22efb9e94f0ae8c91c01a935c077526131b489f4bec893c3433dd",
"pattern": "[file:hashes.MD5 = '6a2ac9046e8632e00d52bfb804ddeb5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e54-7104-43a9-b5c3-49bc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:52.000Z",
"modified": "2016-06-06T13:44:52.000Z",
"first_observed": "2016-06-06T13:44:52Z",
"last_observed": "2016-06-06T13:44:52Z",
"number_observed": 1,
"object_refs": [
"url--57557e54-7104-43a9-b5c3-49bc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e54-7104-43a9-b5c3-49bc02de0b81",
"value": "https://www.virustotal.com/file/c704caed0fe22efb9e94f0ae8c91c01a935c077526131b489f4bec893c3433dd/analysis/1463490982/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e55-fda0-4638-9d59-48e302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:53.000Z",
"modified": "2016-06-06T13:44:53.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b8f9a1f7f3d096b040e0f2e6e6af47d3ffcfadc2a3234728949b1d6916a571a1",
"pattern": "[file:hashes.SHA1 = '9297023d51c5361dcfe26c17b5ec0d712e477260']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e55-20b0-47e1-a925-4d1c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:53.000Z",
"modified": "2016-06-06T13:44:53.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: b8f9a1f7f3d096b040e0f2e6e6af47d3ffcfadc2a3234728949b1d6916a571a1",
"pattern": "[file:hashes.MD5 = 'ef7fc17f694d2ce26d97247ba9b25c36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e56-b2d0-4e57-9029-4e5102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:54.000Z",
"modified": "2016-06-06T13:44:54.000Z",
"first_observed": "2016-06-06T13:44:54Z",
"last_observed": "2016-06-06T13:44:54Z",
"number_observed": 1,
"object_refs": [
"url--57557e56-b2d0-4e57-9029-4e5102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e56-b2d0-4e57-9029-4e5102de0b81",
"value": "https://www.virustotal.com/file/b8f9a1f7f3d096b040e0f2e6e6af47d3ffcfadc2a3234728949b1d6916a571a1/analysis/1451634587/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e56-38c4-4e0d-aa31-44dd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:54.000Z",
"modified": "2016-06-06T13:44:54.000Z",
"first_observed": "2016-06-06T13:44:54Z",
"last_observed": "2016-06-06T13:44:54Z",
"number_observed": 1,
"object_refs": [
"url--57557e56-38c4-4e0d-aa31-44dd02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e56-38c4-4e0d-aa31-44dd02de0b81",
"value": "https://www.virustotal.com/file/e7aecb0135099e15b71cc357f9c2529d1e6e494cab402017b2555096e09c9f31/analysis/1444238521/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e57-b064-4bdb-923c-461702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:55.000Z",
"modified": "2016-06-06T13:44:55.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 98a59f042da32b5972dadf17331f2f1e714097dc2d9d9d678edafc10dc5d7d9a",
"pattern": "[file:hashes.SHA1 = 'b44d0686e918c6708d091870aa91c2db63e84b41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57557e57-b29c-4921-8c06-454b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:55.000Z",
"modified": "2016-06-06T13:44:55.000Z",
"description": "Lame proxychanger, apparently related to a clickfraud botnet. - Xchecked via VT: 98a59f042da32b5972dadf17331f2f1e714097dc2d9d9d678edafc10dc5d7d9a",
"pattern": "[file:hashes.MD5 = 'b29816a16f6ac75432d52848236c04db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-06T13:44:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57557e57-80f8-4e2a-a7ec-459902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-06T13:44:55.000Z",
"modified": "2016-06-06T13:44:55.000Z",
"first_observed": "2016-06-06T13:44:55Z",
"last_observed": "2016-06-06T13:44:55Z",
"number_observed": 1,
"object_refs": [
"url--57557e57-80f8-4e2a-a7ec-459902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57557e57-80f8-4e2a-a7ec-459902de0b81",
"value": "https://www.virustotal.com/file/98a59f042da32b5972dadf17331f2f1e714097dc2d9d9d678edafc10dc5d7d9a/analysis/1463490983/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink