misp-circl-feed/feeds/circl/misp/593a99c5-79cc-411c-ac6d-3089950d210f.json

1471 lines
No EOL
61 KiB
JSON

{
"type": "bundle",
"id": "bundle--593a99c5-79cc-411c-ac6d-3089950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:08:32.000Z",
"modified": "2017-06-09T13:08:32.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--593a99c5-79cc-411c-ac6d-3089950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:08:32.000Z",
"modified": "2017-06-09T13:08:32.000Z",
"name": "OSINT - FIREBALL \u00e2\u20ac\u201c The Chinese Malware of 250 Million Computers Infected",
"published": "2017-06-09T13:08:53Z",
"object_refs": [
"x-misp-attribute--593a99e3-6910-4bbb-b74f-4f14950d210f",
"observed-data--593a99f0-a2f0-4152-877d-597e950d210f",
"url--593a99f0-a2f0-4152-877d-597e950d210f",
"indicator--593a9a1b-c56c-467d-9f20-4f14950d210f",
"indicator--593a9a1c-e410-4d58-a926-4f14950d210f",
"indicator--593a9a1c-4020-40a5-b086-4f14950d210f",
"indicator--593a9a1d-4244-41c5-a610-4f14950d210f",
"indicator--593a9a1d-a358-44e3-a4ff-4f14950d210f",
"indicator--593a9a1e-091c-4f20-8bf9-4f14950d210f",
"indicator--593a9a1e-b6e4-4c2a-b979-4f14950d210f",
"indicator--593a9a1e-c744-4cb2-9fb2-4f14950d210f",
"indicator--593a9a1f-cd2c-4825-a604-4f14950d210f",
"indicator--593a9a1f-da50-4eca-ba8e-4f14950d210f",
"indicator--593a9a20-2264-4e78-a381-4f14950d210f",
"indicator--593a9a20-16d8-4e7f-94aa-4f14950d210f",
"indicator--593a9a21-6900-4070-8ff7-4f14950d210f",
"indicator--593a9a21-8810-45d8-9832-4f14950d210f",
"indicator--593a9a22-e894-483c-95fb-4f14950d210f",
"indicator--593a9a22-6c10-4227-9615-4f14950d210f",
"indicator--593a9a22-6a64-4342-9a5a-4f14950d210f",
"indicator--593a9a23-a6c4-4709-990e-4f14950d210f",
"indicator--593a9a23-a970-463a-8278-4f14950d210f",
"indicator--593a9a24-a83c-4f0d-b380-4f14950d210f",
"indicator--593a9a24-9ac4-4c5d-adcf-4f14950d210f",
"indicator--593a9a25-891c-4b6e-829c-4f14950d210f",
"indicator--593a9a25-2518-43ba-8caa-4f14950d210f",
"indicator--593a9a25-bdd8-4c5b-bd83-4f14950d210f",
"indicator--593a9a26-2cc4-412c-bd55-4f14950d210f",
"indicator--593a9a26-d1b4-46b7-af14-4f14950d210f",
"indicator--593a9a27-69b4-4894-9d5c-4f14950d210f",
"indicator--593a9a27-63f0-40be-ae57-4f14950d210f",
"indicator--593a9a28-2494-400b-86f4-4f14950d210f",
"indicator--593a9a28-2fcc-4aa1-8c8c-4f14950d210f",
"indicator--593a9a50-78b8-4c74-85f6-0359950d210f",
"indicator--593a9d11-4cdc-494f-9114-9624950d210f",
"indicator--593a9d12-8e24-4c6f-9def-9624950d210f",
"indicator--593a9d12-7d80-4ec9-9400-9624950d210f",
"indicator--593a9d12-d488-4ca7-8c2c-9624950d210f",
"indicator--593a9d13-8924-427b-827a-9624950d210f",
"indicator--593a9d13-1e48-4d4c-b4c5-9624950d210f",
"indicator--593a9da9-1880-4599-bdbd-4ebd02de0b81",
"indicator--593a9da9-9870-477c-adf7-4b6a02de0b81",
"observed-data--593a9daa-c17c-4188-ae4f-48e702de0b81",
"url--593a9daa-c17c-4188-ae4f-48e702de0b81",
"indicator--593a9daa-7ae8-4ab8-bf77-4c2502de0b81",
"indicator--593a9dab-eff4-4522-8ec8-4ee902de0b81",
"observed-data--593a9dab-389c-47e3-895e-41a002de0b81",
"url--593a9dab-389c-47e3-895e-41a002de0b81",
"indicator--593a9dab-a0dc-416e-a4f0-4b7402de0b81",
"indicator--593a9dac-6998-4642-bbd1-468702de0b81",
"observed-data--593a9dac-72d0-4754-aa32-480002de0b81",
"url--593a9dac-72d0-4754-aa32-480002de0b81",
"indicator--593a9dac-102c-43c3-8b27-4e2e02de0b81",
"indicator--593a9dad-78dc-4c7f-8feb-46d102de0b81",
"observed-data--593a9dad-2538-4934-823d-4c4602de0b81",
"url--593a9dad-2538-4934-823d-4c4602de0b81",
"indicator--593a9dad-3fa0-4af2-b973-443f02de0b81",
"indicator--593a9dae-268c-415b-9f65-4aed02de0b81",
"observed-data--593a9dae-b794-4840-b539-4e0302de0b81",
"url--593a9dae-b794-4840-b539-4e0302de0b81",
"indicator--593a9daf-307c-4d9d-826d-44d502de0b81",
"indicator--593a9daf-69f8-4635-8694-488602de0b81",
"observed-data--593a9daf-1c44-42ce-8440-483b02de0b81",
"url--593a9daf-1c44-42ce-8440-483b02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--593a99e3-6910-4bbb-b74f-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:08:32.000Z",
"modified": "2017-06-09T13:08:32.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"admiralty-scale:source-reliability=\"b\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Check Point Threat Intelligence and research teams recently discovered a high volume Chinese threat operation which has infected over 250 million computers worldwide. The installed malware, Fireball, takes over target browsers and turns them into zombies. Fireball has two main functionalities: the ability of running any code on victim computers\u00e2\u20ac\u201cdownloading any file or malware, and hijacking and manipulating infected users\u00e2\u20ac\u2122 web-traffic to generate ad-revenue. Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware.\r\n\r\nThis operation is run by Rafotech, a large digital marketing agency based in Beijing. Rafotech uses Fireball to manipulate the victims\u00e2\u20ac\u2122 browsers and turn their default search engines and home-pages into fake search engines. This redirects the queries to either yahoo.com or Google.com. The fake search engines include tracking pixels used to collect the users\u00e2\u20ac\u2122 private information. Fireball has the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks.\r\n\r\n \r\n\r\nKEY FINDINGS\r\n\r\n Check Point analysts uncovered a high volume Chinese threat operation which has infected over 250 million computers worldwide, and 20% of corporate networks.\r\n The malware, called Fireball, acts as a browser-hijacker but and can be turned into a full-functioning malware downloader. Fireball is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.\r\n Fireball is spread mostly via bundling i.e. installed on victim machines alongside a wanted program, often without the user\u00e2\u20ac\u2122s consent.\r\n The operation is run by Chinese digital marketing agency.\r\n Top infected countries are India (10.1%) and Brazil (9.6%)"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593a99f0-a2f0-4152-877d-597e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:08:31.000Z",
"modified": "2017-06-09T13:08:31.000Z",
"first_observed": "2017-06-09T13:08:31Z",
"last_observed": "2017-06-09T13:08:31Z",
"number_observed": 1,
"object_refs": [
"url--593a99f0-a2f0-4152-877d-597e950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"admiralty-scale:source-reliability=\"b\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--593a99f0-a2f0-4152-877d-597e950d210f",
"value": "http://blog.checkpoint.com/2017/06/01/fireball-chinese-malware-250-million-infection/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a1b-c56c-467d-9f20-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'attirerpage.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a1c-e410-4d58-a926-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 's2s.rafotech.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a1c-4020-40a5-b086-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'trotux.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a1d-4244-41c5-a610-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'startpageing123.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a1d-a358-44e3-a4ff-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'funcionapage.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a1e-091c-4f20-8bf9-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'universalsearches.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a1e-b6e4-4c2a-b979-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'thewebanswers.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a1e-c744-4cb2-9fb2-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'nicesearches.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a1f-cd2c-4825-a604-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'youndoo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a1f-da50-4eca-ba8e-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'giqepofa.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a20-2264-4e78-a381-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'mustang-browser.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a20-16d8-4e7f-94aa-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'forestbrowser.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a21-6900-4070-8ff7-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'luckysearch123.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a21-8810-45d8-9832-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'ooxxsearch.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a22-e894-483c-95fb-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'search2000s.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a22-6c10-4227-9615-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'walasearch.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a22-6a64-4342-9a5a-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'hohosearch.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a23-a6c4-4709-990e-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'yessearches.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a23-a970-463a-8278-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'd3l4qa0kmel7is.cloudfront.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a24-a83c-4f0d-b380-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'd5ou3dytze6uf.cloudfront.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a24-9ac4-4c5d-adcf-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'd1vh0xkmncek4z.cloudfront.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a25-891c-4b6e-829c-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'd26r15y2ken1t9.cloudfront.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a25-2518-43ba-8caa-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'd11eq81k50lwgi.cloudfront.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a25-bdd8-4c5b-bd83-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'ddyv8sl7ewq1w.cloudfront.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a26-2cc4-412c-bd55-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'd3i1asoswufp5k.cloudfront.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a26-d1b4-46b7-af14-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'dc44qjwal3p07.cloudfront.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a27-69b4-4894-9d5c-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'dv2m1uumnsgtu.cloudfront.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a27-63f0-40be-ae57-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'd1mxvenloqrqmu.cloudfront.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a28-2494-400b-86f4-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'dfrs12kz9qye2.cloudfront.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a28-2fcc-4aa1-8c8c-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'dgkytklfjrqkb.cloudfront.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9a50-78b8-4c74-85f6-0359950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"pattern": "[url:value = 'dgkytklfjrqkb.cloudfront.net/main/trmz.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9d11-4cdc-494f-9114-9624950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "Sample",
"pattern": "[file:hashes.MD5 = 'fab40a7bde5250a6bc8644f4d6b9c28f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9d12-8e24-4c6f-9def-9624950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "Sample",
"pattern": "[file:hashes.MD5 = '69ffdf99149d19be7dc1c52f33aaa651']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9d12-7d80-4ec9-9400-9624950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "Sample",
"pattern": "[file:hashes.MD5 = 'b56d1d35d46630335e03af9add84b488']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9d12-d488-4ca7-8c2c-9624950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "Sample",
"pattern": "[file:hashes.MD5 = '8c61a6937963507dc87d8bf00385c0bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9d13-8924-427b-827a-9624950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "Sample",
"pattern": "[file:hashes.MD5 = '7adb7f56e81456f3b421c01ab19b1900']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9d13-1e48-4d4c-b4c5-9624950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:38.000Z",
"modified": "2017-06-09T13:07:38.000Z",
"description": "Sample",
"pattern": "[file:hashes.MD5 = '2b307e28ce531157611825eb0854c15f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9da9-1880-4599-bdbd-4ebd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:53.000Z",
"modified": "2017-06-09T13:07:53.000Z",
"description": "Sample - Xchecked via VT: fab40a7bde5250a6bc8644f4d6b9c28f",
"pattern": "[file:hashes.SHA256 = '9b4971349ae85aa09c0a69852ed3e626c954954a3927b3d1b6646f139b930022']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9da9-9870-477c-adf7-4b6a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:53.000Z",
"modified": "2017-06-09T13:07:53.000Z",
"description": "Sample - Xchecked via VT: fab40a7bde5250a6bc8644f4d6b9c28f",
"pattern": "[file:hashes.SHA1 = '8b6388810047db449d3699333eca9091568a094c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593a9daa-c17c-4188-ae4f-48e702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:54.000Z",
"modified": "2017-06-09T13:07:54.000Z",
"first_observed": "2017-06-09T13:07:54Z",
"last_observed": "2017-06-09T13:07:54Z",
"number_observed": 1,
"object_refs": [
"url--593a9daa-c17c-4188-ae4f-48e702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--593a9daa-c17c-4188-ae4f-48e702de0b81",
"value": "https://www.virustotal.com/file/9b4971349ae85aa09c0a69852ed3e626c954954a3927b3d1b6646f139b930022/analysis/1497008302/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9daa-7ae8-4ab8-bf77-4c2502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:54.000Z",
"modified": "2017-06-09T13:07:54.000Z",
"description": "Sample - Xchecked via VT: 69ffdf99149d19be7dc1c52f33aaa651",
"pattern": "[file:hashes.SHA256 = 'e3f69a1fb6fcaf9fd93386b6ba1d86731cd9e5648f7cff5242763188129cd158']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9dab-eff4-4522-8ec8-4ee902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:55.000Z",
"modified": "2017-06-09T13:07:55.000Z",
"description": "Sample - Xchecked via VT: 69ffdf99149d19be7dc1c52f33aaa651",
"pattern": "[file:hashes.SHA1 = 'b6bbe04238834126043610115c253788f0cb8a39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593a9dab-389c-47e3-895e-41a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:55.000Z",
"modified": "2017-06-09T13:07:55.000Z",
"first_observed": "2017-06-09T13:07:55Z",
"last_observed": "2017-06-09T13:07:55Z",
"number_observed": 1,
"object_refs": [
"url--593a9dab-389c-47e3-895e-41a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--593a9dab-389c-47e3-895e-41a002de0b81",
"value": "https://www.virustotal.com/file/e3f69a1fb6fcaf9fd93386b6ba1d86731cd9e5648f7cff5242763188129cd158/analysis/1497008303/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9dab-a0dc-416e-a4f0-4b7402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:55.000Z",
"modified": "2017-06-09T13:07:55.000Z",
"description": "Sample - Xchecked via VT: b56d1d35d46630335e03af9add84b488",
"pattern": "[file:hashes.SHA256 = 'c7244d139ef9ea431a5b9cc6a2176a6a9908710892c74e215431b99cd5228359']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9dac-6998-4642-bbd1-468702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:56.000Z",
"modified": "2017-06-09T13:07:56.000Z",
"description": "Sample - Xchecked via VT: b56d1d35d46630335e03af9add84b488",
"pattern": "[file:hashes.SHA1 = 'cc725869679e5c8c4b7fcdffe98bcd4d612a909a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593a9dac-72d0-4754-aa32-480002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:56.000Z",
"modified": "2017-06-09T13:07:56.000Z",
"first_observed": "2017-06-09T13:07:56Z",
"last_observed": "2017-06-09T13:07:56Z",
"number_observed": 1,
"object_refs": [
"url--593a9dac-72d0-4754-aa32-480002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--593a9dac-72d0-4754-aa32-480002de0b81",
"value": "https://www.virustotal.com/file/c7244d139ef9ea431a5b9cc6a2176a6a9908710892c74e215431b99cd5228359/analysis/1497008303/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9dac-102c-43c3-8b27-4e2e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:56.000Z",
"modified": "2017-06-09T13:07:56.000Z",
"description": "Sample - Xchecked via VT: 8c61a6937963507dc87d8bf00385c0bc",
"pattern": "[file:hashes.SHA256 = '14093ce6d0fe8ab60963771f48937c669103842a0400b8d97f829b33c420f7e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9dad-78dc-4c7f-8feb-46d102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:57.000Z",
"modified": "2017-06-09T13:07:57.000Z",
"description": "Sample - Xchecked via VT: 8c61a6937963507dc87d8bf00385c0bc",
"pattern": "[file:hashes.SHA1 = '0312325d31072afaac87f3aafff58261b549db5d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593a9dad-2538-4934-823d-4c4602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:57.000Z",
"modified": "2017-06-09T13:07:57.000Z",
"first_observed": "2017-06-09T13:07:57Z",
"last_observed": "2017-06-09T13:07:57Z",
"number_observed": 1,
"object_refs": [
"url--593a9dad-2538-4934-823d-4c4602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--593a9dad-2538-4934-823d-4c4602de0b81",
"value": "https://www.virustotal.com/file/14093ce6d0fe8ab60963771f48937c669103842a0400b8d97f829b33c420f7e3/analysis/1497008304/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9dad-3fa0-4af2-b973-443f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:57.000Z",
"modified": "2017-06-09T13:07:57.000Z",
"description": "Sample - Xchecked via VT: 7adb7f56e81456f3b421c01ab19b1900",
"pattern": "[file:hashes.SHA256 = 'fff2818caa9040486a634896f329b8aebaec9121bdf9982841f0646763a1686b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9dae-268c-415b-9f65-4aed02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:58.000Z",
"modified": "2017-06-09T13:07:58.000Z",
"description": "Sample - Xchecked via VT: 7adb7f56e81456f3b421c01ab19b1900",
"pattern": "[file:hashes.SHA1 = '30a176dde7aff87ee73c967d4f70d1b834a62dd4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593a9dae-b794-4840-b539-4e0302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:58.000Z",
"modified": "2017-06-09T13:07:58.000Z",
"first_observed": "2017-06-09T13:07:58Z",
"last_observed": "2017-06-09T13:07:58Z",
"number_observed": 1,
"object_refs": [
"url--593a9dae-b794-4840-b539-4e0302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--593a9dae-b794-4840-b539-4e0302de0b81",
"value": "https://www.virustotal.com/file/fff2818caa9040486a634896f329b8aebaec9121bdf9982841f0646763a1686b/analysis/1497008304/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9daf-307c-4d9d-826d-44d502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:59.000Z",
"modified": "2017-06-09T13:07:59.000Z",
"description": "Sample - Xchecked via VT: 2b307e28ce531157611825eb0854c15f",
"pattern": "[file:hashes.SHA256 = '7d68386554e514f38f98f24e8056c11c0a227602ed179d54ed08f2251dc9ea93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593a9daf-69f8-4635-8694-488602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:59.000Z",
"modified": "2017-06-09T13:07:59.000Z",
"description": "Sample - Xchecked via VT: 2b307e28ce531157611825eb0854c15f",
"pattern": "[file:hashes.SHA1 = 'f7df2b019b5640c66e40b1cecbb327d1c9192560']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-09T13:07:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593a9daf-1c44-42ce-8440-483b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-09T13:07:59.000Z",
"modified": "2017-06-09T13:07:59.000Z",
"first_observed": "2017-06-09T13:07:59Z",
"last_observed": "2017-06-09T13:07:59Z",
"number_observed": 1,
"object_refs": [
"url--593a9daf-1c44-42ce-8440-483b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--593a9daf-1c44-42ce-8440-483b02de0b81",
"value": "https://www.virustotal.com/file/7d68386554e514f38f98f24e8056c11c0a227602ed179d54ed08f2251dc9ea93/analysis/1497008376/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}