misp-circl-feed/feeds/circl/misp/58fdc3f2-69b4-4aba-a5ec-4a2f950d210f.json

4116 lines
No EOL
175 KiB
JSON

{
"type": "bundle",
"id": "bundle--58fdc3f2-69b4-4aba-a5ec-4a2f950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:39.000Z",
"modified": "2017-04-24T10:17:39.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--58fdc3f2-69b4-4aba-a5ec-4a2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:39.000Z",
"modified": "2017-04-24T10:17:39.000Z",
"name": "OSINT - Cardinal RAT Active for Over Two Years",
"published": "2017-04-24T10:18:10Z",
"object_refs": [
"indicator--58fdc7ea-ad84-4e32-9d3b-4a96950d210f",
"indicator--58fdc7eb-c650-458e-bea9-455a950d210f",
"indicator--58fdc7ed-5588-4e51-aa4b-43ed950d210f",
"indicator--58fdc7ee-b690-4ba3-84bf-4cc4950d210f",
"indicator--58fdc7ef-5114-4f90-9e84-43f1950d210f",
"indicator--58fdc7f0-5dc0-4dc4-bec6-4c80950d210f",
"indicator--58fdc7f1-11e0-4889-997e-41d1950d210f",
"indicator--58fdc7f2-f53c-4e3e-a999-4d88950d210f",
"indicator--58fdc7f2-884c-4dee-8b39-4335950d210f",
"indicator--58fdc7f3-cb90-4060-9407-4d0d950d210f",
"indicator--58fdc7f4-0b84-4962-b0cb-4409950d210f",
"indicator--58fdc8a7-f4d8-432c-b88f-4be1950d210f",
"indicator--58fdc8a8-3f54-4062-9150-4b5c950d210f",
"indicator--58fdc8a9-7c2c-407a-b756-4bdd950d210f",
"indicator--58fdc8aa-8c40-48d8-be13-4943950d210f",
"indicator--58fdc8ab-c1e0-4948-89fc-408e950d210f",
"indicator--58fdc8ad-ac08-496c-9973-493c950d210f",
"indicator--58fdc8ae-b7e4-4128-9344-44e3950d210f",
"indicator--58fdc8af-1a98-4e1d-8027-419e950d210f",
"indicator--58fdc8b0-4fc0-47af-be94-47c8950d210f",
"indicator--58fdc8b1-a530-46ca-af5a-4a35950d210f",
"indicator--58fdc8b2-72a8-4110-9c99-4d8b950d210f",
"indicator--58fdc8b2-a40c-47d5-8048-44b0950d210f",
"indicator--58fdc8b3-ce20-4858-83c7-4108950d210f",
"indicator--58fdc8b4-28c4-4c1d-a764-473b950d210f",
"indicator--58fdc8b5-91bc-4dd9-9f7a-403d950d210f",
"indicator--58fdc8b6-257c-4bf8-934c-419a950d210f",
"indicator--58fdc8b7-f064-4a44-99da-4764950d210f",
"indicator--58fdc8b8-a4dc-43ca-a46c-4fc1950d210f",
"indicator--58fdc8b9-2180-4d60-a795-4059950d210f",
"indicator--58fdc8ba-35ac-4fb4-8399-41d5950d210f",
"indicator--58fdc8bb-82a0-4ec9-901c-453d950d210f",
"indicator--58fdc8bc-c7c4-468e-bc8d-4cd4950d210f",
"indicator--58fdc8bc-f430-4f6e-96c6-448d950d210f",
"indicator--58fdc8bd-c448-4638-8e85-4ec9950d210f",
"indicator--58fdc8be-eef8-43c8-999f-4712950d210f",
"indicator--58fdc8bf-fa3c-4f52-b373-4f5d950d210f",
"indicator--58fdc8c1-6f10-46e5-b165-455b950d210f",
"indicator--58fdc913-2874-42a7-aeba-49e2950d210f",
"indicator--58fdc914-ef64-45ee-9b26-464d950d210f",
"indicator--58fdc915-ceb0-4634-821e-4644950d210f",
"indicator--58fdc916-3d20-47f8-98d4-49e5950d210f",
"indicator--58fdc917-6dac-4b46-a99f-4075950d210f",
"indicator--58fdc919-f94c-48b9-9137-486b950d210f",
"indicator--58fdc91a-3f54-4f55-a2c6-46be950d210f",
"indicator--58fdc91b-7574-4c11-ac24-4199950d210f",
"indicator--58fdc91c-54c8-472d-a926-4399950d210f",
"indicator--58fdc91d-8170-4043-b49c-438e950d210f",
"indicator--58fdc91e-5994-45a6-8e26-47bc950d210f",
"indicator--58fdc91f-1858-4551-9778-4952950d210f",
"indicator--58fdc920-a388-41e2-8098-4add950d210f",
"indicator--58fdc921-d444-4d1f-892c-4bc7950d210f",
"indicator--58fdc922-fc18-49c7-a2d5-4bdf950d210f",
"indicator--58fdc923-beb0-4fb6-9239-4ba5950d210f",
"indicator--58fdc923-76fc-4d9d-aea4-4f8b950d210f",
"indicator--58fdc924-d610-4be7-98c1-43ac950d210f",
"indicator--58fdc925-d9f4-4dde-a8f5-41bc950d210f",
"indicator--58fdc926-043c-4849-9f53-4ac9950d210f",
"indicator--58fdc927-2a98-47a5-8cf9-44b7950d210f",
"indicator--58fdc928-4ba8-4d27-bb59-4d44950d210f",
"indicator--58fdc929-4698-49ac-aa28-45f5950d210f",
"indicator--58fdc92a-ba04-42e1-a1e5-4d5d950d210f",
"indicator--58fdc92b-7644-472d-81df-4ca4950d210f",
"indicator--58fdc92c-bac8-44e5-b27b-4bf7950d210f",
"indicator--58fdc92d-0498-4174-93b6-4f30950d210f",
"indicator--58fdc92e-cf9c-4c7a-a03a-4e89950d210f",
"indicator--58fdc92f-1458-43aa-a57e-4a7f950d210f",
"indicator--58fdc930-05d0-4b36-ae92-4070950d210f",
"observed-data--58fdcb91-bce0-4c0b-9a88-4175950d210f",
"url--58fdcb91-bce0-4c0b-9a88-4175950d210f",
"x-misp-attribute--58fdcba5-89bc-45f9-bf57-4ad4950d210f",
"indicator--58fdd058-2310-4557-a69a-4e3e02de0b81",
"indicator--58fdd058-510c-4b14-a683-4d4202de0b81",
"observed-data--58fdd059-2358-4657-a1cc-457c02de0b81",
"url--58fdd059-2358-4657-a1cc-457c02de0b81",
"indicator--58fdd05a-ec2c-4208-9cc6-4e2a02de0b81",
"indicator--58fdd05b-3e08-4547-a530-49a702de0b81",
"observed-data--58fdd05c-db44-4b60-a899-411402de0b81",
"url--58fdd05c-db44-4b60-a899-411402de0b81",
"indicator--58fdd05d-e68c-46a8-8c41-45a102de0b81",
"indicator--58fdd05e-182c-4bec-88ae-4e4702de0b81",
"observed-data--58fdd05f-1bac-4fc7-b3d8-4b0302de0b81",
"url--58fdd05f-1bac-4fc7-b3d8-4b0302de0b81",
"indicator--58fdd060-59d0-484e-92ff-470302de0b81",
"indicator--58fdd061-0ffc-4317-b922-4a6602de0b81",
"observed-data--58fdd062-dff4-4b08-bf3b-4a1102de0b81",
"url--58fdd062-dff4-4b08-bf3b-4a1102de0b81",
"indicator--58fdd063-d5dc-4428-850f-4d5702de0b81",
"indicator--58fdd064-e688-439d-83f6-435302de0b81",
"observed-data--58fdd065-a9a8-4e3c-9d6e-472e02de0b81",
"url--58fdd065-a9a8-4e3c-9d6e-472e02de0b81",
"indicator--58fdd066-f094-4569-a560-4e2102de0b81",
"indicator--58fdd067-3c1c-4fc4-a41f-471d02de0b81",
"observed-data--58fdd068-52f8-444a-bb9f-4a5802de0b81",
"url--58fdd068-52f8-444a-bb9f-4a5802de0b81",
"indicator--58fdd069-a714-4f96-8744-484602de0b81",
"indicator--58fdd06a-e194-4729-baf1-4c3802de0b81",
"observed-data--58fdd06b-b1b8-49fe-a08e-48b802de0b81",
"url--58fdd06b-b1b8-49fe-a08e-48b802de0b81",
"indicator--58fdd06d-9694-4e26-80fc-454802de0b81",
"indicator--58fdd06e-5b6c-4dff-b8a5-425a02de0b81",
"observed-data--58fdd06f-59fc-4269-9229-4eb502de0b81",
"url--58fdd06f-59fc-4269-9229-4eb502de0b81",
"indicator--58fdd070-b75c-44a3-b21e-4c9702de0b81",
"indicator--58fdd071-045c-4af9-9915-44eb02de0b81",
"observed-data--58fdd072-d718-40e1-8d27-4f3802de0b81",
"url--58fdd072-d718-40e1-8d27-4f3802de0b81",
"indicator--58fdd073-e664-4fa2-a1d6-445902de0b81",
"indicator--58fdd074-536c-4d6b-80ad-454402de0b81",
"observed-data--58fdd075-8e9c-4209-99b6-406f02de0b81",
"url--58fdd075-8e9c-4209-99b6-406f02de0b81",
"indicator--58fdd076-a808-42a4-8fe3-44a902de0b81",
"indicator--58fdd077-128c-4f57-8075-44e702de0b81",
"observed-data--58fdd078-9f78-4ff1-b2cb-446f02de0b81",
"url--58fdd078-9f78-4ff1-b2cb-446f02de0b81",
"indicator--58fdd079-8a40-4333-bcdb-46e002de0b81",
"indicator--58fdd07a-d130-4085-8d8a-423202de0b81",
"observed-data--58fdd07b-5a08-4738-97b4-48ac02de0b81",
"url--58fdd07b-5a08-4738-97b4-48ac02de0b81",
"indicator--58fdd07c-46e0-4002-9dc9-458802de0b81",
"indicator--58fdd07d-a538-458f-8508-4e2102de0b81",
"observed-data--58fdd07e-cbc0-4a61-bc00-423602de0b81",
"url--58fdd07e-cbc0-4a61-bc00-423602de0b81",
"indicator--58fdd07f-4b48-45e7-98f1-498302de0b81",
"indicator--58fdd080-4094-45fb-9dc6-4c2802de0b81",
"observed-data--58fdd081-2aac-4773-bc9c-49a902de0b81",
"url--58fdd081-2aac-4773-bc9c-49a902de0b81",
"indicator--58fdd082-bbe0-4750-b3e5-4edb02de0b81",
"indicator--58fdd083-d6e0-4914-b2d8-456902de0b81",
"observed-data--58fdd084-f528-4660-87f5-4d1802de0b81",
"url--58fdd084-f528-4660-87f5-4d1802de0b81",
"indicator--58fdd085-d69c-4f4a-aafd-446902de0b81",
"indicator--58fdd086-ba6c-4fee-b65e-43bc02de0b81",
"observed-data--58fdd087-f680-4163-85e6-4e7e02de0b81",
"url--58fdd087-f680-4163-85e6-4e7e02de0b81",
"indicator--58fdd088-2ad8-46d7-a6af-4af702de0b81",
"indicator--58fdd089-a9e8-4730-b4f0-46eb02de0b81",
"observed-data--58fdd08a-427c-478c-a26d-4fa202de0b81",
"url--58fdd08a-427c-478c-a26d-4fa202de0b81",
"indicator--58fdd08b-9b20-4d8e-861e-489302de0b81",
"indicator--58fdd08c-54ac-49b7-b732-403702de0b81",
"observed-data--58fdd08d-07d8-442e-abee-438102de0b81",
"url--58fdd08d-07d8-442e-abee-438102de0b81",
"indicator--58fdd08e-6aac-403d-8774-42e902de0b81",
"indicator--58fdd08f-a9bc-4e25-8d8a-460a02de0b81",
"observed-data--58fdd090-00c0-42da-8c76-41ba02de0b81",
"url--58fdd090-00c0-42da-8c76-41ba02de0b81",
"indicator--58fdd091-da98-4e17-a3d9-4bc202de0b81",
"indicator--58fdd092-6e64-4149-a649-45a802de0b81",
"observed-data--58fdd093-1b80-474d-b1ce-439b02de0b81",
"url--58fdd093-1b80-474d-b1ce-439b02de0b81",
"indicator--58fdd095-7988-4255-a2db-439802de0b81",
"indicator--58fdd096-a380-4b3c-a73a-4ff002de0b81",
"observed-data--58fdd096-049c-4884-9984-4c8f02de0b81",
"url--58fdd096-049c-4884-9984-4c8f02de0b81",
"indicator--58fdd097-a91c-4647-8a4f-4e2902de0b81",
"indicator--58fdd098-ef98-4e5e-83db-47d802de0b81",
"observed-data--58fdd099-61d0-42ef-b014-4bf202de0b81",
"url--58fdd099-61d0-42ef-b014-4bf202de0b81",
"indicator--58fdd09a-f758-47db-9ce1-478902de0b81",
"indicator--58fdd09b-6edc-4d29-a076-45ae02de0b81",
"observed-data--58fdd09c-d924-48e0-ba0e-44c102de0b81",
"url--58fdd09c-d924-48e0-ba0e-44c102de0b81",
"indicator--58fdd09d-d004-47a8-8152-463a02de0b81",
"indicator--58fdd09e-6218-4e64-862d-4d3002de0b81",
"observed-data--58fdd09f-5f44-4fd5-8833-483702de0b81",
"url--58fdd09f-5f44-4fd5-8833-483702de0b81",
"indicator--58fdd0a0-e414-4d44-896b-40bd02de0b81",
"indicator--58fdd0a1-dfa8-4e0c-a203-462502de0b81",
"observed-data--58fdd0a2-859c-4429-b9ec-4ddb02de0b81",
"url--58fdd0a2-859c-4429-b9ec-4ddb02de0b81",
"indicator--58fdd0a3-2b24-4159-b613-4f9a02de0b81",
"indicator--58fdd0a4-2be0-446a-9c23-414202de0b81",
"observed-data--58fdd0a5-3b8c-47d1-856f-4fb102de0b81",
"url--58fdd0a5-3b8c-47d1-856f-4fb102de0b81",
"indicator--58fdd0a6-c5c8-490c-a4a8-4f6502de0b81",
"indicator--58fdd0a7-b8b8-403d-8daa-404002de0b81",
"observed-data--58fdd0a8-1528-4faa-9fca-497702de0b81",
"url--58fdd0a8-1528-4faa-9fca-497702de0b81",
"indicator--58fdd0a9-acc8-4816-a817-417802de0b81",
"indicator--58fdd0aa-33b0-470b-a492-4e0702de0b81",
"observed-data--58fdd0ab-8b48-46c2-a143-43ee02de0b81",
"url--58fdd0ab-8b48-46c2-a143-43ee02de0b81",
"indicator--58fdd0ac-939c-48b6-8a32-4af502de0b81",
"indicator--58fdd0ad-65d4-4bbe-af99-4ccb02de0b81",
"observed-data--58fdd0ae-a8b0-49f1-8df9-4c3002de0b81",
"url--58fdd0ae-a8b0-49f1-8df9-4c3002de0b81",
"indicator--58fdd0af-ad98-41d7-ad66-412a02de0b81",
"indicator--58fdd0b0-b564-41f8-85bf-40d102de0b81",
"observed-data--58fdd0b1-9780-4046-9732-4cb402de0b81",
"url--58fdd0b1-9780-4046-9732-4cb402de0b81",
"indicator--58fdd0b2-fafc-42f3-892a-426d02de0b81",
"indicator--58fdd0b3-720c-441e-af79-4cc802de0b81",
"observed-data--58fdd0b4-7044-45b0-b182-46c502de0b81",
"url--58fdd0b4-7044-45b0-b182-46c502de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"enisa:nefarious-activity-abuse=\"remote-access-tool\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc7ea-ad84-4e32-9d3b-4a96950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Carp Downloader SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = 'a52ba498d304906d6c060e8c56ad7db50e1af0a781616c0aa35447c50c28bae9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc7eb-c650-458e-bea9-455a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Carp Downloader SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '5025aa0fc6d4ac6daa2d9a6452263dcc20d6906149fc0995d458ed38e7e57b61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc7ed-5588-4e51-aa4b-43ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Carp Downloader SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '1181f97071d8f96f9cdfb0f39b697204413cc0a715aa4935fe8964209289b331']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc7ee-b690-4ba3-84bf-4cc4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Carp Downloader SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '84e705341a48c8c6552a7d3dd97b7cd968d2a9bc281a70c287df70813f5dca52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc7ef-5114-4f90-9e84-43f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Carp Downloader SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = 'ae1a6c4f917772100e3a5dc1fab7de4a277876a6e626da114baf8179b13b0031']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc7f0-5dc0-4dc4-bec6-4c80950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Carp Downloader SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = 'e49e61da52430011f1a22084a601cc08005865fe9a76abf503a4a9d2e11a5450']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc7f1-11e0-4889-997e-41d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Carp Downloader SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '192b204dbc702d3762c953544975b61db8347a7739c6d8884bb4594bd816bf91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc7f2-f53c-4e3e-a999-4d88950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Carp Downloader SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '571b58ba655463705f45d2541f0fde049c83389a69552f98e41ece734a59f8d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc7f2-884c-4dee-8b39-4335950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Carp Downloader SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '10f53502922bf837900935892fb1da28fc712848471bf4afcdd08440d3bd037f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc7f3-cb90-4060-9407-4d0d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Carp Downloader SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '8bea55d2e35a2281ed71a59f1feb4c1cf6af1c053a94781c033a94d8e4c853e5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc7f4-0b84-4962-b0cb-4409950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Carp Downloader SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '057965e8b6638f0264d89872e80366b23255f1a0a30fd4efb7884c71b4104235']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8a7-f4d8-432c-b88f-4be1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = 'e017651dd9e9419a7f1714f8f2cdc3d8e75aebbe6d3cfbb2de3f042f39aec3bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8a8-3f54-4062-9150-4b5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '778090182a10fde1b4c1571d1e853e123f6ab1682e17dabe2e83468b518c01df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8a9-7c2c-407a-b756-4bdd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '8fababb509ad8230e4d6fa1e6403602a97e60dc8ef517016f86195143cf50f4e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8aa-8c40-48d8-be13-4943950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '1977cedcfb8726dea5e915b47e1479256674551bc0fe0b55ddd3fa3b15eb82b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8ab-c1e0-4948-89fc-408e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '16aab89d74c1eaaf1e94028c8ccceef442eb2cd5b052cba3562d2b1b1a3a4ba6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8ad-ac08-496c-9973-493c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '9c47b2af8b8c5f3c25f237dcc375b41835904f7cd99221c7489fb3563c34c9ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8ae-b7e4-4128-9344-44e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '211b7b7a4c4a07b9c65fae361570dbb94666e26f0cc0fa0b32df4b09fcee6de2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8af-1a98-4e1d-8027-419e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = 'fd61a5cd1a83f68b75d47c8b6041f8640e47510925caee8176d5d81afac29134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8b0-4fc0-47af-be94-47c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '84f822d9cf575aeea867e9b73f88ad4d9244293e52208644e12ff2cf13b6b537']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8b1-a530-46ca-af5a-4a35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '855cf3a6422b0bf680d505720fd07c396508f67518670b493dba902c3c2e5dfa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8b2-72a8-4110-9c99-4d8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '4b4c6b36938c3de0623feb92c0e1cb399d2dc338d2095b8ba84e862ef6d11772']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8b2-a40c-47d5-8048-44b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '5dd162ab66f0c819ee73868c26ecd82408422e2b6366805631eab95ae32516f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8b3-ce20-4858-83c7-4108950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '6e2991e02d3cf17d77173d50cdaa766661a89721c3cc4050fba98bea0dbdb1a9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8b4-28c4-4c1d-a764-473b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '1e8ed6e8d0b6fc47d8176c874ed40fb09644c058042f34d987878fa644f493cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8b5-91bc-4dd9-9f7a-403d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '647e379517fed71682423b0192da453ec1d61a633c154fdd55bab762bcc404f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8b6-257c-4bf8-934c-419a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = 'ebd4f45cbb272bcc4954cf1bd0a5b8802a6e501688f2a1abdb6143ba616aea82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8b7-f064-4a44-99da-4764950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = 'edc49bf7ec508becb088d5082c78d360f1a7cad520f6de6d8b93759b67aac305']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8b8-a4dc-43ca-a46c-4fc1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '7482f8c86b63ce53edcb62fc2ff2dd8e584e2164451ae0c6f2b1f4d6d0cb6d9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8b9-2180-4d60-a795-4059950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '2fbd3d2362acd1c8f0963b48d01f94c7a07aeac52d23415d0498c8c9e23554db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8ba-35ac-4fb4-8399-41d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '154e3a12404202fd25e29e754ff78703d4edd7da73cb4c283c9910fd526d47db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8bb-82a0-4ec9-901c-453d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = 'fc5f7a21d953c394968647df6a37e1f61db04968ad1aca65ad8f261b363fa842']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8bc-c7c4-468e-bc8d-4cd4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = 'a1d5b7d69d85b1be31d9e1cb0686094cc7b1213079b2a66ace01be4bfe3fb7c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8bc-f430-4f6e-96c6-448d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '4b0203492a95257707a86992e84b5085ce9e11810a26920dbb085005081e32d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8bd-c448-4638-8e85-4ec9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = 'a05805bcec72fb76b997c456e0fd6c4b219fdc51cad70d4a58c16b0b0e2d9ba1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8be-eef8-43c8-999f-4712950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '4e953ea82b0406a5b95e31554628ad6821b1d91e9ada0d26179977f227cf01ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8bf-fa3c-4f52-b373-4f5d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '6272ed2a9b69509ac16162158729762d30f9ca06146a1828ae17afedd5c243ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc8c1-6f10-46e5-b165-455b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"description": "Cardinal RAT SHA256 Hashes",
"pattern": "[file:hashes.SHA256 = '440504899b7af6f352cfaad6cdef1642c66927ecce0cf2f7e65d563a78be1b29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc913-2874-42a7-aeba-49e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns1.squidmilk.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc914-ef64-45ee-9b26-464d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns2.squidmilk.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc915-ceb0-4634-821e-4644950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'z.realnigger.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc916-3d20-47f8-98d4-49e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns1.tconvulsit.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc917-6dac-4b46-a99f-4075950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns1.fresweepy.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc919-f94c-48b9-9137-486b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns2.iexogyrarax.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc91a-3f54-4f55-a2c6-46be950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns1.xraisermz.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc91b-7574-4c11-ac24-4199950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'secure.affiliatetoday.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc91c-54c8-472d-a926-4399950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'secure.gayporndownload.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc91d-8170-4043-b49c-438e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'secure.gameofthrone.club']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc91e-5994-45a6-8e26-47bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'secure.dropinbox.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc91f-1858-4551-9778-4952950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'secure.mailserver02.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc920-a388-41e2-8098-4add950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'we.niggerporn.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc921-d444-4d1f-892c-4bc7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'z.noplacelikehome.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc922-fc18-49c7-a2d5-4bdf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns1.stackreports.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc923-beb0-4fb6-9239-4ba5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns2.stackreports.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc923-76fc-4d9d-aea4-4f8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns.liveupdate1.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc924-d610-4be7-98c1-43ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns.nortonsecurity.in']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc925-d9f4-4dde-a8f5-41bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'we.letsdosomefun.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc926-043c-4849-9f53-4ac9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'we.be-smart.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc927-2a98-47a5-8cf9-44b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'z.newblood.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc928-4ba8-4d27-bb59-4d44950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns2.ibandagerk.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc929-4698-49ac-aa28-45f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns1.rmacutecompw.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc92a-ba04-42e1-a1e5-4d5d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns1.pholothud.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc92b-7644-472d-81df-4ca4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns1.athermoforw.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc92c-bac8-44e5-b27b-4bf7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns1.lclownerymor.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc92d-0498-4174-93b6-4f30950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns2.xunderfeatuv.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc92e-cf9c-4c7a-a03a-4e89950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns3.ssaddlegirv.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc92f-1458-43aa-a57e-4a7f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns1.qcytasicspc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdc930-05d0-4b36-ae92-4070950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"pattern": "[domain-name:value = 'ns.7ni7.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:14:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdcb91-bce0-4c0b-9a88-4175950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"first_observed": "2017-04-24T10:14:45Z",
"last_observed": "2017-04-24T10:14:45Z",
"number_observed": 1,
"object_refs": [
"url--58fdcb91-bce0-4c0b-9a88-4175950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdcb91-bce0-4c0b-9a88-4175950d210f",
"value": "http://researchcenter.paloaltonetworks.com/2017/04/unit42-cardinal-rat-active-two-years/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58fdcba5-89bc-45f9-bf57-4ad4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:14:45.000Z",
"modified": "2017-04-24T10:14:45.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Palo Alto Networks has discovered a previously unknown remote access Trojan (RAT) that has been active for over two years. It has a very low volume in this two-year period, totaling roughly 27 total samples. The malware is delivered via an innovative and unique technique: a downloader we are calling Carp uses malicious macros in Microsoft Excel documents to compile embedded C# (C Sharp) Programming Language source code into an executable that in turn is run to deploy the Cardinal RAT malware family. These malicious Excel files use a number of different lures, providing evidence of what attackers are using to entice victims into executing them."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd058-2310-4557-a69a-4e3e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:15:52.000Z",
"modified": "2017-04-24T10:15:52.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: a52ba498d304906d6c060e8c56ad7db50e1af0a781616c0aa35447c50c28bae9",
"pattern": "[file:hashes.SHA1 = 'd245e02922513612d9babad8f50115b94588781b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:15:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd058-510c-4b14-a683-4d4202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:15:52.000Z",
"modified": "2017-04-24T10:15:52.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: a52ba498d304906d6c060e8c56ad7db50e1af0a781616c0aa35447c50c28bae9",
"pattern": "[file:hashes.MD5 = '180fe86db301b9ad3f2ad6b6a12b3411']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:15:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd059-2358-4657-a1cc-457c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:15:53.000Z",
"modified": "2017-04-24T10:15:53.000Z",
"first_observed": "2017-04-24T10:15:53Z",
"last_observed": "2017-04-24T10:15:53Z",
"number_observed": 1,
"object_refs": [
"url--58fdd059-2358-4657-a1cc-457c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd059-2358-4657-a1cc-457c02de0b81",
"value": "https://www.virustotal.com/file/a52ba498d304906d6c060e8c56ad7db50e1af0a781616c0aa35447c50c28bae9/analysis/1492716225/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd05a-ec2c-4208-9cc6-4e2a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:15:54.000Z",
"modified": "2017-04-24T10:15:54.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: 5025aa0fc6d4ac6daa2d9a6452263dcc20d6906149fc0995d458ed38e7e57b61",
"pattern": "[file:hashes.SHA1 = '31ad570cb2003b6cf4fe4ecd464e6385585c9b94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:15:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd05b-3e08-4547-a530-49a702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:15:55.000Z",
"modified": "2017-04-24T10:15:55.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: 5025aa0fc6d4ac6daa2d9a6452263dcc20d6906149fc0995d458ed38e7e57b61",
"pattern": "[file:hashes.MD5 = 'b3e93233bfc939f853257f4f24981dc7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:15:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd05c-db44-4b60-a899-411402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:15:56.000Z",
"modified": "2017-04-24T10:15:56.000Z",
"first_observed": "2017-04-24T10:15:56Z",
"last_observed": "2017-04-24T10:15:56Z",
"number_observed": 1,
"object_refs": [
"url--58fdd05c-db44-4b60-a899-411402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd05c-db44-4b60-a899-411402de0b81",
"value": "https://www.virustotal.com/file/5025aa0fc6d4ac6daa2d9a6452263dcc20d6906149fc0995d458ed38e7e57b61/analysis/1489336266/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd05d-e68c-46a8-8c41-45a102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:15:57.000Z",
"modified": "2017-04-24T10:15:57.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: 84e705341a48c8c6552a7d3dd97b7cd968d2a9bc281a70c287df70813f5dca52",
"pattern": "[file:hashes.SHA1 = '8a1bf0838d9f088ffaf188b681ef33419b68c6e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:15:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd05e-182c-4bec-88ae-4e4702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:15:58.000Z",
"modified": "2017-04-24T10:15:58.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: 84e705341a48c8c6552a7d3dd97b7cd968d2a9bc281a70c287df70813f5dca52",
"pattern": "[file:hashes.MD5 = '2793a3eee38fc7f058072c9e08fd9082']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:15:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd05f-1bac-4fc7-b3d8-4b0302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:15:59.000Z",
"modified": "2017-04-24T10:15:59.000Z",
"first_observed": "2017-04-24T10:15:59Z",
"last_observed": "2017-04-24T10:15:59Z",
"number_observed": 1,
"object_refs": [
"url--58fdd05f-1bac-4fc7-b3d8-4b0302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd05f-1bac-4fc7-b3d8-4b0302de0b81",
"value": "https://www.virustotal.com/file/84e705341a48c8c6552a7d3dd97b7cd968d2a9bc281a70c287df70813f5dca52/analysis/1475054366/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd060-59d0-484e-92ff-470302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:00.000Z",
"modified": "2017-04-24T10:16:00.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: ae1a6c4f917772100e3a5dc1fab7de4a277876a6e626da114baf8179b13b0031",
"pattern": "[file:hashes.SHA1 = '7a44fab38a5cb408f4a5ed59f6a49d54d03345d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd061-0ffc-4317-b922-4a6602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:01.000Z",
"modified": "2017-04-24T10:16:01.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: ae1a6c4f917772100e3a5dc1fab7de4a277876a6e626da114baf8179b13b0031",
"pattern": "[file:hashes.MD5 = '23245b49aa528d7538afb30402e6c1b0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd062-dff4-4b08-bf3b-4a1102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:02.000Z",
"modified": "2017-04-24T10:16:02.000Z",
"first_observed": "2017-04-24T10:16:02Z",
"last_observed": "2017-04-24T10:16:02Z",
"number_observed": 1,
"object_refs": [
"url--58fdd062-dff4-4b08-bf3b-4a1102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd062-dff4-4b08-bf3b-4a1102de0b81",
"value": "https://www.virustotal.com/file/ae1a6c4f917772100e3a5dc1fab7de4a277876a6e626da114baf8179b13b0031/analysis/1467106688/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd063-d5dc-4428-850f-4d5702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:03.000Z",
"modified": "2017-04-24T10:16:03.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: e49e61da52430011f1a22084a601cc08005865fe9a76abf503a4a9d2e11a5450",
"pattern": "[file:hashes.SHA1 = 'daec9e0a13b9dc714c3d1da83da0888cdf2b3052']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd064-e688-439d-83f6-435302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:04.000Z",
"modified": "2017-04-24T10:16:04.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: e49e61da52430011f1a22084a601cc08005865fe9a76abf503a4a9d2e11a5450",
"pattern": "[file:hashes.MD5 = 'a08d4825688bd31ca99150e500d06cfe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd065-a9a8-4e3c-9d6e-472e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:05.000Z",
"modified": "2017-04-24T10:16:05.000Z",
"first_observed": "2017-04-24T10:16:05Z",
"last_observed": "2017-04-24T10:16:05Z",
"number_observed": 1,
"object_refs": [
"url--58fdd065-a9a8-4e3c-9d6e-472e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd065-a9a8-4e3c-9d6e-472e02de0b81",
"value": "https://www.virustotal.com/file/e49e61da52430011f1a22084a601cc08005865fe9a76abf503a4a9d2e11a5450/analysis/1465808568/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd066-f094-4569-a560-4e2102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:06.000Z",
"modified": "2017-04-24T10:16:06.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: 192b204dbc702d3762c953544975b61db8347a7739c6d8884bb4594bd816bf91",
"pattern": "[file:hashes.SHA1 = '51d74d894f1e58d5f58e9ec339dd9e9f41e01042']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd067-3c1c-4fc4-a41f-471d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:07.000Z",
"modified": "2017-04-24T10:16:07.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: 192b204dbc702d3762c953544975b61db8347a7739c6d8884bb4594bd816bf91",
"pattern": "[file:hashes.MD5 = '68c64333264171274d154cb328bcdef4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd068-52f8-444a-bb9f-4a5802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:08.000Z",
"modified": "2017-04-24T10:16:08.000Z",
"first_observed": "2017-04-24T10:16:08Z",
"last_observed": "2017-04-24T10:16:08Z",
"number_observed": 1,
"object_refs": [
"url--58fdd068-52f8-444a-bb9f-4a5802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd068-52f8-444a-bb9f-4a5802de0b81",
"value": "https://www.virustotal.com/file/192b204dbc702d3762c953544975b61db8347a7739c6d8884bb4594bd816bf91/analysis/1462362941/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd069-a714-4f96-8744-484602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:09.000Z",
"modified": "2017-04-24T10:16:09.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: 571b58ba655463705f45d2541f0fde049c83389a69552f98e41ece734a59f8d4",
"pattern": "[file:hashes.SHA1 = '957d33cdbe82715259d1329d5d048c9cbf4d8b43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd06a-e194-4729-baf1-4c3802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:10.000Z",
"modified": "2017-04-24T10:16:10.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: 571b58ba655463705f45d2541f0fde049c83389a69552f98e41ece734a59f8d4",
"pattern": "[file:hashes.MD5 = '9d14aac9c78d3be9182d000a4915f0a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd06b-b1b8-49fe-a08e-48b802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:11.000Z",
"modified": "2017-04-24T10:16:11.000Z",
"first_observed": "2017-04-24T10:16:11Z",
"last_observed": "2017-04-24T10:16:11Z",
"number_observed": 1,
"object_refs": [
"url--58fdd06b-b1b8-49fe-a08e-48b802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd06b-b1b8-49fe-a08e-48b802de0b81",
"value": "https://www.virustotal.com/file/571b58ba655463705f45d2541f0fde049c83389a69552f98e41ece734a59f8d4/analysis/1463562345/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd06d-9694-4e26-80fc-454802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:13.000Z",
"modified": "2017-04-24T10:16:13.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: 10f53502922bf837900935892fb1da28fc712848471bf4afcdd08440d3bd037f",
"pattern": "[file:hashes.SHA1 = '06234a8c38c15cd88bf2bc89bf6b350bb926c207']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd06e-5b6c-4dff-b8a5-425a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:14.000Z",
"modified": "2017-04-24T10:16:14.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: 10f53502922bf837900935892fb1da28fc712848471bf4afcdd08440d3bd037f",
"pattern": "[file:hashes.MD5 = '76844d8d1c1ec4b1373d071df1f291ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd06f-59fc-4269-9229-4eb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:15.000Z",
"modified": "2017-04-24T10:16:15.000Z",
"first_observed": "2017-04-24T10:16:15Z",
"last_observed": "2017-04-24T10:16:15Z",
"number_observed": 1,
"object_refs": [
"url--58fdd06f-59fc-4269-9229-4eb502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd06f-59fc-4269-9229-4eb502de0b81",
"value": "https://www.virustotal.com/file/10f53502922bf837900935892fb1da28fc712848471bf4afcdd08440d3bd037f/analysis/1458983487/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd070-b75c-44a3-b21e-4c9702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:16.000Z",
"modified": "2017-04-24T10:16:16.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: 8bea55d2e35a2281ed71a59f1feb4c1cf6af1c053a94781c033a94d8e4c853e5",
"pattern": "[file:hashes.SHA1 = '8b2aac813674c5354e08e52b2ead38d92ad13983']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd071-045c-4af9-9915-44eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:17.000Z",
"modified": "2017-04-24T10:16:17.000Z",
"description": "Carp Downloader SHA256 Hashes - Xchecked via VT: 8bea55d2e35a2281ed71a59f1feb4c1cf6af1c053a94781c033a94d8e4c853e5",
"pattern": "[file:hashes.MD5 = '872af30afc6665a73c4eb4229565d7df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd072-d718-40e1-8d27-4f3802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:18.000Z",
"modified": "2017-04-24T10:16:18.000Z",
"first_observed": "2017-04-24T10:16:18Z",
"last_observed": "2017-04-24T10:16:18Z",
"number_observed": 1,
"object_refs": [
"url--58fdd072-d718-40e1-8d27-4f3802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd072-d718-40e1-8d27-4f3802de0b81",
"value": "https://www.virustotal.com/file/8bea55d2e35a2281ed71a59f1feb4c1cf6af1c053a94781c033a94d8e4c853e5/analysis/1456071252/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd073-e664-4fa2-a1d6-445902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:19.000Z",
"modified": "2017-04-24T10:16:19.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: e017651dd9e9419a7f1714f8f2cdc3d8e75aebbe6d3cfbb2de3f042f39aec3bd",
"pattern": "[file:hashes.SHA1 = 'fef6fe25416637f507b8787ed8fca9ec718a1adf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd074-536c-4d6b-80ad-454402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:20.000Z",
"modified": "2017-04-24T10:16:20.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: e017651dd9e9419a7f1714f8f2cdc3d8e75aebbe6d3cfbb2de3f042f39aec3bd",
"pattern": "[file:hashes.MD5 = 'c2a1a284ccef4486976d6d7b24c462c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd075-8e9c-4209-99b6-406f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:21.000Z",
"modified": "2017-04-24T10:16:21.000Z",
"first_observed": "2017-04-24T10:16:21Z",
"last_observed": "2017-04-24T10:16:21Z",
"number_observed": 1,
"object_refs": [
"url--58fdd075-8e9c-4209-99b6-406f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd075-8e9c-4209-99b6-406f02de0b81",
"value": "https://www.virustotal.com/file/e017651dd9e9419a7f1714f8f2cdc3d8e75aebbe6d3cfbb2de3f042f39aec3bd/analysis/1492716220/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd076-a808-42a4-8fe3-44a902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:22.000Z",
"modified": "2017-04-24T10:16:22.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 778090182a10fde1b4c1571d1e853e123f6ab1682e17dabe2e83468b518c01df",
"pattern": "[file:hashes.SHA1 = '3f18ce547cab90069e37bb7a8aa05e9a1fd8b1ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd077-128c-4f57-8075-44e702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:23.000Z",
"modified": "2017-04-24T10:16:23.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 778090182a10fde1b4c1571d1e853e123f6ab1682e17dabe2e83468b518c01df",
"pattern": "[file:hashes.MD5 = 'cafd44c104f5c263bf44389c7f4e4d76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd078-9f78-4ff1-b2cb-446f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:24.000Z",
"modified": "2017-04-24T10:16:24.000Z",
"first_observed": "2017-04-24T10:16:24Z",
"last_observed": "2017-04-24T10:16:24Z",
"number_observed": 1,
"object_refs": [
"url--58fdd078-9f78-4ff1-b2cb-446f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd078-9f78-4ff1-b2cb-446f02de0b81",
"value": "https://www.virustotal.com/file/778090182a10fde1b4c1571d1e853e123f6ab1682e17dabe2e83468b518c01df/analysis/1492716221/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd079-8a40-4333-bcdb-46e002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:25.000Z",
"modified": "2017-04-24T10:16:25.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 8fababb509ad8230e4d6fa1e6403602a97e60dc8ef517016f86195143cf50f4e",
"pattern": "[file:hashes.SHA1 = 'd777d7f401c58ce1a44a219f834affca6d251eea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd07a-d130-4085-8d8a-423202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:26.000Z",
"modified": "2017-04-24T10:16:26.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 8fababb509ad8230e4d6fa1e6403602a97e60dc8ef517016f86195143cf50f4e",
"pattern": "[file:hashes.MD5 = 'd7bf5000a2f8ef85532a983edc827ad5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd07b-5a08-4738-97b4-48ac02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:27.000Z",
"modified": "2017-04-24T10:16:27.000Z",
"first_observed": "2017-04-24T10:16:27Z",
"last_observed": "2017-04-24T10:16:27Z",
"number_observed": 1,
"object_refs": [
"url--58fdd07b-5a08-4738-97b4-48ac02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd07b-5a08-4738-97b4-48ac02de0b81",
"value": "https://www.virustotal.com/file/8fababb509ad8230e4d6fa1e6403602a97e60dc8ef517016f86195143cf50f4e/analysis/1492716221/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd07c-46e0-4002-9dc9-458802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:28.000Z",
"modified": "2017-04-24T10:16:28.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 1977cedcfb8726dea5e915b47e1479256674551bc0fe0b55ddd3fa3b15eb82b2",
"pattern": "[file:hashes.SHA1 = 'bcf4bf278bc98e87ac21a8cd09a63b07d9dc8871']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd07d-a538-458f-8508-4e2102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:29.000Z",
"modified": "2017-04-24T10:16:29.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 1977cedcfb8726dea5e915b47e1479256674551bc0fe0b55ddd3fa3b15eb82b2",
"pattern": "[file:hashes.MD5 = 'cf40adde3b2fe5c792c19b55aa7db6aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd07e-cbc0-4a61-bc00-423602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:30.000Z",
"modified": "2017-04-24T10:16:30.000Z",
"first_observed": "2017-04-24T10:16:30Z",
"last_observed": "2017-04-24T10:16:30Z",
"number_observed": 1,
"object_refs": [
"url--58fdd07e-cbc0-4a61-bc00-423602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd07e-cbc0-4a61-bc00-423602de0b81",
"value": "https://www.virustotal.com/file/1977cedcfb8726dea5e915b47e1479256674551bc0fe0b55ddd3fa3b15eb82b2/analysis/1492716220/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd07f-4b48-45e7-98f1-498302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:31.000Z",
"modified": "2017-04-24T10:16:31.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 16aab89d74c1eaaf1e94028c8ccceef442eb2cd5b052cba3562d2b1b1a3a4ba6",
"pattern": "[file:hashes.SHA1 = '680a74c46221dc2c1c06968471339b01cff366c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd080-4094-45fb-9dc6-4c2802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:32.000Z",
"modified": "2017-04-24T10:16:32.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 16aab89d74c1eaaf1e94028c8ccceef442eb2cd5b052cba3562d2b1b1a3a4ba6",
"pattern": "[file:hashes.MD5 = 'b156c25d54b4b42c412f3ef6830f2d02']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd081-2aac-4773-bc9c-49a902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:33.000Z",
"modified": "2017-04-24T10:16:33.000Z",
"first_observed": "2017-04-24T10:16:33Z",
"last_observed": "2017-04-24T10:16:33Z",
"number_observed": 1,
"object_refs": [
"url--58fdd081-2aac-4773-bc9c-49a902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd081-2aac-4773-bc9c-49a902de0b81",
"value": "https://www.virustotal.com/file/16aab89d74c1eaaf1e94028c8ccceef442eb2cd5b052cba3562d2b1b1a3a4ba6/analysis/1492716220/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd082-bbe0-4750-b3e5-4edb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:34.000Z",
"modified": "2017-04-24T10:16:34.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 211b7b7a4c4a07b9c65fae361570dbb94666e26f0cc0fa0b32df4b09fcee6de2",
"pattern": "[file:hashes.SHA1 = '482ac6e037458babad69c30175e9c0a1d1d7c9c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd083-d6e0-4914-b2d8-456902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:35.000Z",
"modified": "2017-04-24T10:16:35.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 211b7b7a4c4a07b9c65fae361570dbb94666e26f0cc0fa0b32df4b09fcee6de2",
"pattern": "[file:hashes.MD5 = '867ceb45d536ee997efb302798140863']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd084-f528-4660-87f5-4d1802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:36.000Z",
"modified": "2017-04-24T10:16:36.000Z",
"first_observed": "2017-04-24T10:16:36Z",
"last_observed": "2017-04-24T10:16:36Z",
"number_observed": 1,
"object_refs": [
"url--58fdd084-f528-4660-87f5-4d1802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd084-f528-4660-87f5-4d1802de0b81",
"value": "https://www.virustotal.com/file/211b7b7a4c4a07b9c65fae361570dbb94666e26f0cc0fa0b32df4b09fcee6de2/analysis/1471808183/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd085-d69c-4f4a-aafd-446902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:37.000Z",
"modified": "2017-04-24T10:16:37.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 84f822d9cf575aeea867e9b73f88ad4d9244293e52208644e12ff2cf13b6b537",
"pattern": "[file:hashes.SHA1 = 'd28c37375dc8d2f057145f43abb00f2f5aff8323']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd086-ba6c-4fee-b65e-43bc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:38.000Z",
"modified": "2017-04-24T10:16:38.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 84f822d9cf575aeea867e9b73f88ad4d9244293e52208644e12ff2cf13b6b537",
"pattern": "[file:hashes.MD5 = 'f92c7ce71131d98d2a08618737b9b600']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd087-f680-4163-85e6-4e7e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:39.000Z",
"modified": "2017-04-24T10:16:39.000Z",
"first_observed": "2017-04-24T10:16:39Z",
"last_observed": "2017-04-24T10:16:39Z",
"number_observed": 1,
"object_refs": [
"url--58fdd087-f680-4163-85e6-4e7e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd087-f680-4163-85e6-4e7e02de0b81",
"value": "https://www.virustotal.com/file/84f822d9cf575aeea867e9b73f88ad4d9244293e52208644e12ff2cf13b6b537/analysis/1471199923/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd088-2ad8-46d7-a6af-4af702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:40.000Z",
"modified": "2017-04-24T10:16:40.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 855cf3a6422b0bf680d505720fd07c396508f67518670b493dba902c3c2e5dfa",
"pattern": "[file:hashes.SHA1 = 'd225660943ebc34beddfceb7c4141a5a5fa90a1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd089-a9e8-4730-b4f0-46eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:41.000Z",
"modified": "2017-04-24T10:16:41.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 855cf3a6422b0bf680d505720fd07c396508f67518670b493dba902c3c2e5dfa",
"pattern": "[file:hashes.MD5 = 'c18d73507bf272e079af6c27dfd4682a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd08a-427c-478c-a26d-4fa202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:42.000Z",
"modified": "2017-04-24T10:16:42.000Z",
"first_observed": "2017-04-24T10:16:42Z",
"last_observed": "2017-04-24T10:16:42Z",
"number_observed": 1,
"object_refs": [
"url--58fdd08a-427c-478c-a26d-4fa202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd08a-427c-478c-a26d-4fa202de0b81",
"value": "https://www.virustotal.com/file/855cf3a6422b0bf680d505720fd07c396508f67518670b493dba902c3c2e5dfa/analysis/1492716222/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd08b-9b20-4d8e-861e-489302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:43.000Z",
"modified": "2017-04-24T10:16:43.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 4b4c6b36938c3de0623feb92c0e1cb399d2dc338d2095b8ba84e862ef6d11772",
"pattern": "[file:hashes.SHA1 = '7af6968ea03f23ef3d02120922c0aa8b267b8585']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd08c-54ac-49b7-b732-403702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:44.000Z",
"modified": "2017-04-24T10:16:44.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 4b4c6b36938c3de0623feb92c0e1cb399d2dc338d2095b8ba84e862ef6d11772",
"pattern": "[file:hashes.MD5 = '29e3de04017af76502a730b134b1f2d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd08d-07d8-442e-abee-438102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:45.000Z",
"modified": "2017-04-24T10:16:45.000Z",
"first_observed": "2017-04-24T10:16:45Z",
"last_observed": "2017-04-24T10:16:45Z",
"number_observed": 1,
"object_refs": [
"url--58fdd08d-07d8-442e-abee-438102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd08d-07d8-442e-abee-438102de0b81",
"value": "https://www.virustotal.com/file/4b4c6b36938c3de0623feb92c0e1cb399d2dc338d2095b8ba84e862ef6d11772/analysis/1492716222/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd08e-6aac-403d-8774-42e902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:46.000Z",
"modified": "2017-04-24T10:16:46.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 5dd162ab66f0c819ee73868c26ecd82408422e2b6366805631eab95ae32516f3",
"pattern": "[file:hashes.SHA1 = '0e954284a439ed6dc62b9795e21ed86a9a1b1f64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd08f-a9bc-4e25-8d8a-460a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:47.000Z",
"modified": "2017-04-24T10:16:47.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 5dd162ab66f0c819ee73868c26ecd82408422e2b6366805631eab95ae32516f3",
"pattern": "[file:hashes.MD5 = '20f883527a5e80d231779a76cbf7b269']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd090-00c0-42da-8c76-41ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:48.000Z",
"modified": "2017-04-24T10:16:48.000Z",
"first_observed": "2017-04-24T10:16:48Z",
"last_observed": "2017-04-24T10:16:48Z",
"number_observed": 1,
"object_refs": [
"url--58fdd090-00c0-42da-8c76-41ba02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd090-00c0-42da-8c76-41ba02de0b81",
"value": "https://www.virustotal.com/file/5dd162ab66f0c819ee73868c26ecd82408422e2b6366805631eab95ae32516f3/analysis/1492716222/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd091-da98-4e17-a3d9-4bc202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:49.000Z",
"modified": "2017-04-24T10:16:49.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 6e2991e02d3cf17d77173d50cdaa766661a89721c3cc4050fba98bea0dbdb1a9",
"pattern": "[file:hashes.SHA1 = '70225738e42300d94b2eb48c4d9a85de5431b439']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd092-6e64-4149-a649-45a802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:50.000Z",
"modified": "2017-04-24T10:16:50.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 6e2991e02d3cf17d77173d50cdaa766661a89721c3cc4050fba98bea0dbdb1a9",
"pattern": "[file:hashes.MD5 = '3ff7da97b57d069f60ff29218a42e08f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd093-1b80-474d-b1ce-439b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:51.000Z",
"modified": "2017-04-24T10:16:51.000Z",
"first_observed": "2017-04-24T10:16:51Z",
"last_observed": "2017-04-24T10:16:51Z",
"number_observed": 1,
"object_refs": [
"url--58fdd093-1b80-474d-b1ce-439b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd093-1b80-474d-b1ce-439b02de0b81",
"value": "https://www.virustotal.com/file/6e2991e02d3cf17d77173d50cdaa766661a89721c3cc4050fba98bea0dbdb1a9/analysis/1470049606/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd095-7988-4255-a2db-439802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:53.000Z",
"modified": "2017-04-24T10:16:53.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 1e8ed6e8d0b6fc47d8176c874ed40fb09644c058042f34d987878fa644f493cc",
"pattern": "[file:hashes.SHA1 = 'a34251985aa263df27b11bacf2199f2fd640cf8d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd096-a380-4b3c-a73a-4ff002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:54.000Z",
"modified": "2017-04-24T10:16:54.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 1e8ed6e8d0b6fc47d8176c874ed40fb09644c058042f34d987878fa644f493cc",
"pattern": "[file:hashes.MD5 = '7cc5c68c26f9aca921d3422b570a43fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd096-049c-4884-9984-4c8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:54.000Z",
"modified": "2017-04-24T10:16:54.000Z",
"first_observed": "2017-04-24T10:16:54Z",
"last_observed": "2017-04-24T10:16:54Z",
"number_observed": 1,
"object_refs": [
"url--58fdd096-049c-4884-9984-4c8f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd096-049c-4884-9984-4c8f02de0b81",
"value": "https://www.virustotal.com/file/1e8ed6e8d0b6fc47d8176c874ed40fb09644c058042f34d987878fa644f493cc/analysis/1469141841/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd097-a91c-4647-8a4f-4e2902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:55.000Z",
"modified": "2017-04-24T10:16:55.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 647e379517fed71682423b0192da453ec1d61a633c154fdd55bab762bcc404f3",
"pattern": "[file:hashes.SHA1 = '88586a7605c8801c67a0ce61ed41a59ba09f3fc7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd098-ef98-4e5e-83db-47d802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:56.000Z",
"modified": "2017-04-24T10:16:56.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 647e379517fed71682423b0192da453ec1d61a633c154fdd55bab762bcc404f3",
"pattern": "[file:hashes.MD5 = 'df9254ca11f01657713a1a46b01caa30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd099-61d0-42ef-b014-4bf202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:57.000Z",
"modified": "2017-04-24T10:16:57.000Z",
"first_observed": "2017-04-24T10:16:57Z",
"last_observed": "2017-04-24T10:16:57Z",
"number_observed": 1,
"object_refs": [
"url--58fdd099-61d0-42ef-b014-4bf202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd099-61d0-42ef-b014-4bf202de0b81",
"value": "https://www.virustotal.com/file/647e379517fed71682423b0192da453ec1d61a633c154fdd55bab762bcc404f3/analysis/1469155780/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd09a-f758-47db-9ce1-478902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:58.000Z",
"modified": "2017-04-24T10:16:58.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: edc49bf7ec508becb088d5082c78d360f1a7cad520f6de6d8b93759b67aac305",
"pattern": "[file:hashes.SHA1 = 'a0ecc918c35750e5f02958d3c3e1be99520cafec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd09b-6edc-4d29-a076-45ae02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:16:59.000Z",
"modified": "2017-04-24T10:16:59.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: edc49bf7ec508becb088d5082c78d360f1a7cad520f6de6d8b93759b67aac305",
"pattern": "[file:hashes.MD5 = 'aa3834d70a29c688857aefbd8e9585ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:16:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd09c-d924-48e0-ba0e-44c102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:00.000Z",
"modified": "2017-04-24T10:17:00.000Z",
"first_observed": "2017-04-24T10:17:00Z",
"last_observed": "2017-04-24T10:17:00Z",
"number_observed": 1,
"object_refs": [
"url--58fdd09c-d924-48e0-ba0e-44c102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd09c-d924-48e0-ba0e-44c102de0b81",
"value": "https://www.virustotal.com/file/edc49bf7ec508becb088d5082c78d360f1a7cad520f6de6d8b93759b67aac305/analysis/1492716223/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd09d-d004-47a8-8152-463a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:01.000Z",
"modified": "2017-04-24T10:17:01.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 7482f8c86b63ce53edcb62fc2ff2dd8e584e2164451ae0c6f2b1f4d6d0cb6d9c",
"pattern": "[file:hashes.SHA1 = '49f152db1eca5094d981dd0ec3405148f71f2dc2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd09e-6218-4e64-862d-4d3002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:02.000Z",
"modified": "2017-04-24T10:17:02.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 7482f8c86b63ce53edcb62fc2ff2dd8e584e2164451ae0c6f2b1f4d6d0cb6d9c",
"pattern": "[file:hashes.MD5 = '86ca06048688b2a2f756a84a753628f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd09f-5f44-4fd5-8833-483702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:03.000Z",
"modified": "2017-04-24T10:17:03.000Z",
"first_observed": "2017-04-24T10:17:03Z",
"last_observed": "2017-04-24T10:17:03Z",
"number_observed": 1,
"object_refs": [
"url--58fdd09f-5f44-4fd5-8833-483702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd09f-5f44-4fd5-8833-483702de0b81",
"value": "https://www.virustotal.com/file/7482f8c86b63ce53edcb62fc2ff2dd8e584e2164451ae0c6f2b1f4d6d0cb6d9c/analysis/1492716223/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd0a0-e414-4d44-896b-40bd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:04.000Z",
"modified": "2017-04-24T10:17:04.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 2fbd3d2362acd1c8f0963b48d01f94c7a07aeac52d23415d0498c8c9e23554db",
"pattern": "[file:hashes.SHA1 = '4123755d673fe49522575471149634b6cbf29e5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd0a1-dfa8-4e0c-a203-462502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:05.000Z",
"modified": "2017-04-24T10:17:05.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 2fbd3d2362acd1c8f0963b48d01f94c7a07aeac52d23415d0498c8c9e23554db",
"pattern": "[file:hashes.MD5 = '0a2544097f7c55643be8892c3a383dc3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd0a2-859c-4429-b9ec-4ddb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:06.000Z",
"modified": "2017-04-24T10:17:06.000Z",
"first_observed": "2017-04-24T10:17:06Z",
"last_observed": "2017-04-24T10:17:06Z",
"number_observed": 1,
"object_refs": [
"url--58fdd0a2-859c-4429-b9ec-4ddb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd0a2-859c-4429-b9ec-4ddb02de0b81",
"value": "https://www.virustotal.com/file/2fbd3d2362acd1c8f0963b48d01f94c7a07aeac52d23415d0498c8c9e23554db/analysis/1492716223/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd0a3-2b24-4159-b613-4f9a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:07.000Z",
"modified": "2017-04-24T10:17:07.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 154e3a12404202fd25e29e754ff78703d4edd7da73cb4c283c9910fd526d47db",
"pattern": "[file:hashes.SHA1 = '42315fcd706dbad6eb90d54dadf66de91fd4f9af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd0a4-2be0-446a-9c23-414202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:08.000Z",
"modified": "2017-04-24T10:17:08.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 154e3a12404202fd25e29e754ff78703d4edd7da73cb4c283c9910fd526d47db",
"pattern": "[file:hashes.MD5 = 'a6d2bb2d68329d20ea6f40a064d9f684']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd0a5-3b8c-47d1-856f-4fb102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:09.000Z",
"modified": "2017-04-24T10:17:09.000Z",
"first_observed": "2017-04-24T10:17:09Z",
"last_observed": "2017-04-24T10:17:09Z",
"number_observed": 1,
"object_refs": [
"url--58fdd0a5-3b8c-47d1-856f-4fb102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd0a5-3b8c-47d1-856f-4fb102de0b81",
"value": "https://www.virustotal.com/file/154e3a12404202fd25e29e754ff78703d4edd7da73cb4c283c9910fd526d47db/analysis/1492716224/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd0a6-c5c8-490c-a4a8-4f6502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:10.000Z",
"modified": "2017-04-24T10:17:10.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: a1d5b7d69d85b1be31d9e1cb0686094cc7b1213079b2a66ace01be4bfe3fb7c3",
"pattern": "[file:hashes.SHA1 = '2beb72d9b2c735ffa70f777be07dbe78e3389ca4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd0a7-b8b8-403d-8daa-404002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:11.000Z",
"modified": "2017-04-24T10:17:11.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: a1d5b7d69d85b1be31d9e1cb0686094cc7b1213079b2a66ace01be4bfe3fb7c3",
"pattern": "[file:hashes.MD5 = '8ac4d1d278d638483da48604a8a4ec77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd0a8-1528-4faa-9fca-497702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:12.000Z",
"modified": "2017-04-24T10:17:12.000Z",
"first_observed": "2017-04-24T10:17:12Z",
"last_observed": "2017-04-24T10:17:12Z",
"number_observed": 1,
"object_refs": [
"url--58fdd0a8-1528-4faa-9fca-497702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd0a8-1528-4faa-9fca-497702de0b81",
"value": "https://www.virustotal.com/file/a1d5b7d69d85b1be31d9e1cb0686094cc7b1213079b2a66ace01be4bfe3fb7c3/analysis/1492716225/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd0a9-acc8-4816-a817-417802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:13.000Z",
"modified": "2017-04-24T10:17:13.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 4b0203492a95257707a86992e84b5085ce9e11810a26920dbb085005081e32d3",
"pattern": "[file:hashes.SHA1 = '86fc6492ef03ec0967bd2af941abaedf285b3e35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd0aa-33b0-470b-a492-4e0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:14.000Z",
"modified": "2017-04-24T10:17:14.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 4b0203492a95257707a86992e84b5085ce9e11810a26920dbb085005081e32d3",
"pattern": "[file:hashes.MD5 = 'e634d08bc2cb881f2c9b179436417fae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd0ab-8b48-46c2-a143-43ee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:15.000Z",
"modified": "2017-04-24T10:17:15.000Z",
"first_observed": "2017-04-24T10:17:15Z",
"last_observed": "2017-04-24T10:17:15Z",
"number_observed": 1,
"object_refs": [
"url--58fdd0ab-8b48-46c2-a143-43ee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd0ab-8b48-46c2-a143-43ee02de0b81",
"value": "https://www.virustotal.com/file/4b0203492a95257707a86992e84b5085ce9e11810a26920dbb085005081e32d3/analysis/1492716225/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd0ac-939c-48b6-8a32-4af502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:16.000Z",
"modified": "2017-04-24T10:17:16.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 4e953ea82b0406a5b95e31554628ad6821b1d91e9ada0d26179977f227cf01ad",
"pattern": "[file:hashes.SHA1 = 'cd6daf7745dfa300638775ec8478ffe31f931e16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd0ad-65d4-4bbe-af99-4ccb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:17.000Z",
"modified": "2017-04-24T10:17:17.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 4e953ea82b0406a5b95e31554628ad6821b1d91e9ada0d26179977f227cf01ad",
"pattern": "[file:hashes.MD5 = '2be1ec0c5c1abde12a6d089a10ee5724']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd0ae-a8b0-49f1-8df9-4c3002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:18.000Z",
"modified": "2017-04-24T10:17:18.000Z",
"first_observed": "2017-04-24T10:17:18Z",
"last_observed": "2017-04-24T10:17:18Z",
"number_observed": 1,
"object_refs": [
"url--58fdd0ae-a8b0-49f1-8df9-4c3002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd0ae-a8b0-49f1-8df9-4c3002de0b81",
"value": "https://www.virustotal.com/file/4e953ea82b0406a5b95e31554628ad6821b1d91e9ada0d26179977f227cf01ad/analysis/1492716224/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd0af-ad98-41d7-ad66-412a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:19.000Z",
"modified": "2017-04-24T10:17:19.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 6272ed2a9b69509ac16162158729762d30f9ca06146a1828ae17afedd5c243ef",
"pattern": "[file:hashes.SHA1 = '079481fabbcad026b1e1934c16ac5224a21c8d76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd0b0-b564-41f8-85bf-40d102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:20.000Z",
"modified": "2017-04-24T10:17:20.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 6272ed2a9b69509ac16162158729762d30f9ca06146a1828ae17afedd5c243ef",
"pattern": "[file:hashes.MD5 = 'c88ebec4346c2812f9629bf35f69d442']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd0b1-9780-4046-9732-4cb402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:21.000Z",
"modified": "2017-04-24T10:17:21.000Z",
"first_observed": "2017-04-24T10:17:21Z",
"last_observed": "2017-04-24T10:17:21Z",
"number_observed": 1,
"object_refs": [
"url--58fdd0b1-9780-4046-9732-4cb402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd0b1-9780-4046-9732-4cb402de0b81",
"value": "https://www.virustotal.com/file/6272ed2a9b69509ac16162158729762d30f9ca06146a1828ae17afedd5c243ef/analysis/1492632427/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd0b2-fafc-42f3-892a-426d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:22.000Z",
"modified": "2017-04-24T10:17:22.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 440504899b7af6f352cfaad6cdef1642c66927ecce0cf2f7e65d563a78be1b29",
"pattern": "[file:hashes.SHA1 = 'e2c622f95a0d120c7189e7063bdedf9ee420f204']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fdd0b3-720c-441e-af79-4cc802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:23.000Z",
"modified": "2017-04-24T10:17:23.000Z",
"description": "Cardinal RAT SHA256 Hashes - Xchecked via VT: 440504899b7af6f352cfaad6cdef1642c66927ecce0cf2f7e65d563a78be1b29",
"pattern": "[file:hashes.MD5 = '92e648e9aed72620c6caf580d23a4678']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-24T10:17:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fdd0b4-7044-45b0-b182-46c502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-24T10:17:24.000Z",
"modified": "2017-04-24T10:17:24.000Z",
"first_observed": "2017-04-24T10:17:24Z",
"last_observed": "2017-04-24T10:17:24Z",
"number_observed": 1,
"object_refs": [
"url--58fdd0b4-7044-45b0-b182-46c502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fdd0b4-7044-45b0-b182-46c502de0b81",
"value": "https://www.virustotal.com/file/440504899b7af6f352cfaad6cdef1642c66927ecce0cf2f7e65d563a78be1b29/analysis/1492855117/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}