4594 lines
No EOL
193 KiB
JSON
4594 lines
No EOL
193 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--55cc400a-ee68-4aaa-b144-4d73950d210b",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-06-22T20:18:42.000Z",
|
|
"modified": "2017-06-22T20:18:42.000Z",
|
|
"name": "CthulhuSPRL.be",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--55cc400a-ee68-4aaa-b144-4d73950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-06-22T20:18:42.000Z",
|
|
"modified": "2017-06-22T20:18:42.000Z",
|
|
"name": "OSINT Potao Express samples from contagiodump",
|
|
"published": "2017-06-22T20:19:30Z",
|
|
"object_refs": [
|
|
"observed-data--55cc401b-9f9c-42d9-a155-4878950d210b",
|
|
"url--55cc401b-9f9c-42d9-a155-4878950d210b",
|
|
"x-misp-attribute--55cc4047-6cc0-4d42-96e1-34af950d210b",
|
|
"x-misp-attribute--55cc4048-b494-420a-b02b-34af950d210b",
|
|
"x-misp-attribute--55cc4048-5808-451d-afea-34af950d210b",
|
|
"indicator--55cc4380-ecf8-4902-a121-4e70950d210b",
|
|
"indicator--55cc4381-f09c-4e0c-853c-4dbb950d210b",
|
|
"indicator--55cc4381-9e48-479f-bb2f-4839950d210b",
|
|
"indicator--55cc4381-2ea0-4f9d-acf0-4630950d210b",
|
|
"indicator--55cc4381-10ec-4b85-9df2-4319950d210b",
|
|
"indicator--55cc4381-0b00-4892-a1a5-4c5f950d210b",
|
|
"indicator--55cc4382-ae8c-4990-9735-4a7b950d210b",
|
|
"indicator--55cc4382-a56c-4101-9456-49bb950d210b",
|
|
"indicator--55cc4382-e4ec-4fcf-8be6-4778950d210b",
|
|
"indicator--55cc4382-5e8c-4ef5-9ea9-43c0950d210b",
|
|
"indicator--55cc4382-ca24-4c60-9da7-4df6950d210b",
|
|
"indicator--55cc4383-9648-40fe-add0-4169950d210b",
|
|
"indicator--55cc4383-a6ec-4de4-8eb8-4e6a950d210b",
|
|
"indicator--55cc4383-7c94-4236-9b45-4387950d210b",
|
|
"indicator--55cc4383-0da8-421f-87d4-4a97950d210b",
|
|
"indicator--55cc4383-da48-43fa-b6c1-4838950d210b",
|
|
"indicator--55cc4383-4bbc-46ba-b3ee-4389950d210b",
|
|
"indicator--55cc4384-3004-4378-9b88-417c950d210b",
|
|
"indicator--55cc4384-c2ac-4b2e-b928-4f44950d210b",
|
|
"indicator--55cc4384-6af8-41f9-a7ef-4b57950d210b",
|
|
"indicator--55cc439a-beb4-4229-8fb7-4eb1950d210b",
|
|
"indicator--55cc439a-a728-44a5-95f5-4a08950d210b",
|
|
"indicator--55cc439a-5360-4ba5-a0c9-43ac950d210b",
|
|
"indicator--55cc439a-48b0-4e83-a687-4861950d210b",
|
|
"indicator--55cc439b-7588-4cfe-9cd4-4b2e950d210b",
|
|
"indicator--55cc439b-f48c-43ca-904c-4c17950d210b",
|
|
"indicator--55cc43ab-7174-47ab-9e9d-444e950d210b",
|
|
"indicator--55cc43ab-9804-47c4-91c2-40ab950d210b",
|
|
"indicator--55cc43ab-bb8c-4ea1-9165-415e950d210b",
|
|
"indicator--55cc43ab-a04c-4055-9562-4eeb950d210b",
|
|
"indicator--55cc43ab-6440-4db5-b619-41b0950d210b",
|
|
"indicator--55cc43ac-2624-4157-a4fe-45ff950d210b",
|
|
"indicator--55cc43ac-1fd4-4376-8a4d-427e950d210b",
|
|
"indicator--55cc43ac-13bc-42e8-b578-4284950d210b",
|
|
"indicator--55cc43ac-7e1c-4cd2-9322-41a5950d210b",
|
|
"indicator--55cc43ac-0c84-4ecd-ad39-4195950d210b",
|
|
"indicator--55cc43ac-d5d8-494d-8ccc-4a09950d210b",
|
|
"indicator--55cc43ad-2754-451e-9138-490a950d210b",
|
|
"indicator--55cc43b9-8fa0-4819-9847-43f9950d210b",
|
|
"indicator--55cc43b9-bb30-4e01-b7ed-4f46950d210b",
|
|
"indicator--55cc43b9-02b4-4b39-b592-4df7950d210b",
|
|
"indicator--55cc43ba-c268-4f57-8b30-4989950d210b",
|
|
"indicator--55cc43ba-3be0-49f8-a97f-4c3a950d210b",
|
|
"indicator--55cc43ba-9510-4e9e-8ffd-4350950d210b",
|
|
"indicator--55cc43ba-4dec-4821-afef-488b950d210b",
|
|
"indicator--55cc43ba-5118-49d2-b472-49fb950d210b",
|
|
"indicator--55cc43bb-b570-4cd4-85e5-4310950d210b",
|
|
"indicator--55cc43bb-f224-44a1-9e10-48b2950d210b",
|
|
"indicator--55cc43bb-9db4-40b3-b2cb-42c2950d210b",
|
|
"indicator--55cc43bb-932c-4bdc-8b64-4ddf950d210b",
|
|
"indicator--55cc43c7-33f0-4d8d-bd4e-4e8d950d210b",
|
|
"indicator--55cc43c7-aecc-4bfe-b3dc-47bf950d210b",
|
|
"indicator--55cc43c7-e810-41e2-a535-4475950d210b",
|
|
"indicator--55cc43c7-4824-40f8-9cd5-4226950d210b",
|
|
"indicator--55cc43c7-57f4-46fd-90f0-4622950d210b",
|
|
"indicator--55cc43c7-9920-4f2c-b1db-442b950d210b",
|
|
"indicator--55cc43c8-8138-4d1c-8c9b-4990950d210b",
|
|
"indicator--55cc43c8-85fc-4e29-a529-4b99950d210b",
|
|
"indicator--55cc443a-6fb8-48bc-bce3-4323950d210b",
|
|
"indicator--55cc443b-7ec4-4260-8f3a-4d4d950d210b",
|
|
"indicator--55cc443b-7f34-4021-bd73-4e75950d210b",
|
|
"indicator--55cc443b-20b0-4ced-9599-4119950d210b",
|
|
"indicator--55cc443b-5d94-4fbb-a65e-4422950d210b",
|
|
"indicator--55cc443b-c8a8-4b72-ab03-46b1950d210b",
|
|
"indicator--55cc443c-cc0c-4efa-844d-4424950d210b",
|
|
"indicator--55cc443c-c0b4-485c-83a1-49af950d210b",
|
|
"indicator--55cc4448-0d00-4f5c-93b7-4853950d210b",
|
|
"indicator--55cc4448-3910-421f-b657-44e0950d210b",
|
|
"indicator--55cc4448-d268-4a20-ac25-448f950d210b",
|
|
"indicator--55cc4448-4c9c-4693-82a6-4955950d210b",
|
|
"indicator--55cc4449-822c-4231-89e2-447c950d210b",
|
|
"indicator--55cc4449-1d04-463a-a7e9-438e950d210b",
|
|
"indicator--55cc4449-0084-4e73-ad0c-4315950d210b",
|
|
"indicator--55cc4449-b0c8-42b2-818a-43a8950d210b",
|
|
"indicator--55cc4449-acb8-4f3b-8f7e-48b1950d210b",
|
|
"indicator--55cc444a-ab1c-4133-9777-484e950d210b",
|
|
"indicator--55cc444a-1144-4208-a45a-4972950d210b",
|
|
"indicator--55cc444a-727c-4601-be66-4e67950d210b",
|
|
"indicator--55cc444a-cf04-4328-a0e7-42a8950d210b",
|
|
"indicator--55cc444a-d570-4e02-952d-4a80950d210b",
|
|
"indicator--55cc444b-6954-4fe0-88c1-4207950d210b",
|
|
"indicator--55cc444b-e9d4-47b5-8a95-4f10950d210b",
|
|
"indicator--55cc444b-abe4-498c-881a-4e43950d210b",
|
|
"indicator--55cc444b-6338-4ded-99a6-4f54950d210b",
|
|
"indicator--55cc445b-3d2c-4d88-bdb8-41ad950d210b",
|
|
"indicator--55cc445b-4798-45f7-82fc-4c7d950d210b",
|
|
"indicator--55cc445b-dc5c-4515-84a6-4a59950d210b",
|
|
"indicator--55cc445b-1548-4fe1-9997-49c0950d210b",
|
|
"indicator--55cc445c-c2dc-4bce-8dc3-46f5950d210b",
|
|
"indicator--55cc445c-e6f8-4f9e-813a-4587950d210b",
|
|
"indicator--55cc445c-9d00-4fa7-93c8-422d950d210b",
|
|
"indicator--55cc445c-0a7c-4ff7-85c9-4807950d210b",
|
|
"indicator--55cc445c-57b8-4f00-b278-4046950d210b",
|
|
"indicator--55cc445d-9608-47f5-aef9-47ed950d210b",
|
|
"indicator--55cc445d-85f4-4e02-b8d4-4777950d210b",
|
|
"indicator--55cc445d-d78c-449b-accb-4f0f950d210b",
|
|
"indicator--55cc445d-166c-439e-90af-4b19950d210b",
|
|
"indicator--55cc445d-e864-45cf-b346-4ad3950d210b",
|
|
"indicator--55cc445e-151c-4505-ae5f-4b85950d210b",
|
|
"indicator--55cc445e-900c-408f-b84f-426c950d210b",
|
|
"indicator--55cc445e-ac3c-49c6-a91b-4af9950d210b",
|
|
"indicator--55cc445e-96d8-4d60-b4d5-49c5950d210b",
|
|
"indicator--55cc445e-0e88-4c2e-bec9-468c950d210b",
|
|
"indicator--55cc445f-5158-49a0-b7c5-4e5c950d210b",
|
|
"indicator--55cc445f-dab0-4866-8658-4a32950d210b",
|
|
"indicator--55cc445f-dd48-44c8-9a6b-4512950d210b",
|
|
"indicator--55cc445f-facc-493c-8330-4b00950d210b",
|
|
"indicator--55cc445f-484c-4d3f-a776-4745950d210b",
|
|
"indicator--55cc445f-7bfc-450d-ab81-488d950d210b",
|
|
"indicator--55cc4460-2d84-45f2-9b79-4057950d210b",
|
|
"indicator--55cc4460-1c18-4cd8-9ca7-4984950d210b",
|
|
"indicator--55cc4460-2778-43fd-b47f-43d7950d210b",
|
|
"indicator--55cc4460-6cb0-4c1f-9d57-4c0b950d210b",
|
|
"indicator--55cc4460-4270-4f04-b3ab-434b950d210b",
|
|
"indicator--55cc4461-2e20-49c2-b5ac-4e44950d210b",
|
|
"indicator--55cc4461-a388-464c-926a-428e950d210b",
|
|
"indicator--55cc4461-1800-46f6-abf7-4a7d950d210b",
|
|
"indicator--55cc4461-9bf4-4aef-b26a-4026950d210b",
|
|
"indicator--55cc4461-694c-4061-bc26-47a9950d210b",
|
|
"indicator--55cc4462-9588-464d-ac91-49a3950d210b",
|
|
"indicator--55cc4462-7df0-4c13-8c81-424d950d210b",
|
|
"indicator--55cc4462-7100-49c1-8e23-416b950d210b",
|
|
"indicator--55cc4462-c640-4e8e-b471-4641950d210b",
|
|
"indicator--55cc4462-7794-4fdb-82b1-472e950d210b",
|
|
"indicator--55e200f3-9ea8-4758-a9b4-4f4a950d210b",
|
|
"indicator--56c69e90-fc44-4264-9e4e-45ab950d210f",
|
|
"indicator--56c69e92-852c-45eb-928d-4322950d210f",
|
|
"indicator--56c69e93-42b8-4267-9c06-c650950d210f",
|
|
"indicator--56c69e94-0ec4-454d-ba48-4c0d950d210f",
|
|
"indicator--56c69e95-1d38-4d6b-b371-5ca1950d210f",
|
|
"indicator--56c69e96-41d8-47da-b2fc-59a4950d210f",
|
|
"indicator--56c69e97-db3c-4443-a8a4-599e950d210f",
|
|
"indicator--56c69e98-9db8-4d50-ab6f-59a1950d210f",
|
|
"indicator--56c69e99-0660-470d-be5c-4372950d210f",
|
|
"indicator--56c69e9a-8834-4dc1-be46-59a0950d210f",
|
|
"indicator--56c69e9b-09f4-4de3-8a0c-599d950d210f",
|
|
"indicator--56c69e9c-0474-4ba3-880d-c653950d210f",
|
|
"indicator--56c69e9e-2a04-420a-b94d-59a3950d210f",
|
|
"indicator--56c69e9f-23a4-4342-9ac1-445c950d210f",
|
|
"indicator--56c69ea0-eb30-4319-8242-c654950d210f",
|
|
"indicator--56c69ea2-6bb8-461d-a4e4-599d950d210f",
|
|
"indicator--56c69ea3-5468-48a7-a99d-5ca1950d210f",
|
|
"indicator--56c69ea4-c028-4060-bf72-59a4950d210f",
|
|
"indicator--56c69ea5-58cc-47f2-918d-59a1950d210f",
|
|
"indicator--56c69ea6-85f0-47b6-ada2-5ca1950d210f",
|
|
"indicator--56c69ea8-2418-4718-9ec1-5f51950d210f",
|
|
"indicator--56c69ea9-ea30-48e3-aa1d-c654950d210f",
|
|
"indicator--56c69eaa-784c-4120-9335-4781950d210f",
|
|
"indicator--56c69eab-cbc4-4482-b2bb-4cfb950d210f",
|
|
"indicator--56c69eac-b2f8-4b51-9102-59a0950d210f",
|
|
"indicator--56c69eaf-3998-4378-a183-4a58950d210f",
|
|
"indicator--56c69eb0-ed34-4b9a-84cf-c652950d210f",
|
|
"indicator--56c69eb1-82ac-4194-a49b-599c950d210f",
|
|
"indicator--56c69eb2-1c80-42c7-a8a9-4dfa950d210f",
|
|
"indicator--56c69eb3-077c-425e-bf78-4705950d210f",
|
|
"indicator--56c69eb5-9820-46c4-a661-599d950d210f",
|
|
"indicator--56c69eb6-77ec-4a20-ad16-599e950d210f",
|
|
"indicator--56c69eb7-545c-40e5-a4e0-59a4950d210f",
|
|
"indicator--56c69eb8-4aa0-42d9-8f21-59a2950d210f",
|
|
"indicator--56c69eb9-7318-4f8e-98b5-c650950d210f",
|
|
"indicator--56c69eba-554c-40da-9557-5ca1950d210f",
|
|
"indicator--56c69ebc-2c7c-4a5a-8b59-c652950d210f",
|
|
"indicator--56c69ebd-a430-4383-8415-599e950d210f",
|
|
"indicator--56c69ebe-03bc-495c-9ad1-42e5950d210f",
|
|
"indicator--56c69ebf-43a0-44d4-b602-c650950d210f",
|
|
"indicator--56c69ec1-b4cc-4e8b-8f28-5ca1950d210f",
|
|
"indicator--56c69ec2-f910-4ddd-89c0-599d950d210f",
|
|
"indicator--56c69ec3-7914-4ed4-a57f-c653950d210f",
|
|
"indicator--56c69ec4-a450-4c2d-80fd-c652950d210f",
|
|
"indicator--56c69ec5-4490-4841-91bd-5f51950d210f",
|
|
"indicator--56c69ec6-7d6c-4de6-bf3e-59a1950d210f",
|
|
"indicator--56c69ec7-5b6c-48fe-bb28-59a4950d210f",
|
|
"indicator--56c69ec8-fd0c-4669-8f1e-491e950d210f",
|
|
"indicator--56c69ec9-a8ac-406a-ac42-c653950d210f",
|
|
"indicator--56c69eca-a14c-40f4-8fd9-59a3950d210f",
|
|
"indicator--56c69ecb-c15c-49ba-8a25-5ca1950d210f",
|
|
"indicator--56c69ecc-f068-4acb-854e-c654950d210f",
|
|
"indicator--56c69ece-cbac-43d8-9827-599c950d210f",
|
|
"indicator--56c69ecf-f6d0-416b-bdca-c650950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"misp-galaxy:ransomware=\"Potato Ransomware\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55cc401b-9f9c-42d9-a155-4878950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T06:58:35.000Z",
|
|
"modified": "2015-08-13T06:58:35.000Z",
|
|
"first_observed": "2015-08-13T06:58:35Z",
|
|
"last_observed": "2015-08-13T06:58:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55cc401b-9f9c-42d9-a155-4878950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55cc401b-9f9c-42d9-a155-4878950d210b",
|
|
"value": "http://contagiodump.blogspot.be/2015/08/potao-express-samples.html"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55cc4047-6cc0-4d42-96e1-34af950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T06:59:19.000Z",
|
|
"modified": "2015-08-13T06:59:19.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Operation Potao Express"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55cc4048-b494-420a-b02b-34af950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T06:59:20.000Z",
|
|
"modified": "2015-08-13T06:59:20.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Potao Express"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55cc4048-5808-451d-afea-34af950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T06:59:20.000Z",
|
|
"modified": "2015-08-13T06:59:20.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Potao"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4380-ecf8-4902-a121-4e70950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:04.000Z",
|
|
"modified": "2015-08-13T07:13:04.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.SHA256 = '1fe6af3d704d2fc0c7acd58b069a31eec866668ec6e25f52354e6e61266db8db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4381-f09c-4e0c-853c-4dbb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:05.000Z",
|
|
"modified": "2015-08-13T07:13:05.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.MD5 = '85b0e3264820008a30f17ca19332fa19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4381-9e48-479f-bb2f-4839950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:05.000Z",
|
|
"modified": "2015-08-13T07:13:05.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.SHA256 = '2ff0941fe3514abc12484ad2853d22fd7cb36469a313b5ecb6ef0c6391cf78ab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4381-2ea0-4f9d-acf0-4630950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:05.000Z",
|
|
"modified": "2015-08-13T07:13:05.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.MD5 = 'ac854a3c91d52bfc09605506e76975ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4381-10ec-4b85-9df2-4319950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:05.000Z",
|
|
"modified": "2015-08-13T07:13:05.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.SHA256 = '54a76f5cd5a32ed7d5fa78e5d8311bafc0de57a475bc2fddc23ee4b3510b9d44']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4381-0b00-4892-a1a5-4c5f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:05.000Z",
|
|
"modified": "2015-08-13T07:13:05.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.MD5 = '3b7d88a069631111d5585b1b10cccc86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4382-ae8c-4990-9735-4a7b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:06.000Z",
|
|
"modified": "2015-08-13T07:13:06.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.SHA256 = '76c7c67274cf5384615a120e69be3af64cc31d9c4f05ff2031120612443c8360']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4382-a56c-4101-9456-49bb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:06.000Z",
|
|
"modified": "2015-08-13T07:13:06.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.MD5 = 'd1658b792dd1569abc27966083f59d44']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4382-e4ec-4fcf-8be6-4778950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:06.000Z",
|
|
"modified": "2015-08-13T07:13:06.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.SHA256 = '244c181eb442fefcf1e1daf900896bee6569481c0e885e3c63efeef86cd64c55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4382-5e8c-4ef5-9ea9-43c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:06.000Z",
|
|
"modified": "2015-08-13T07:13:06.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.MD5 = '0c7183d761f15772b7e9c788be601d29']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4382-ca24-4c60-9da7-4df6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:06.000Z",
|
|
"modified": "2015-08-13T07:13:06.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.SHA256 = '887a721254486263f1f3f25f3c677da62ef5c062c3afa7ef70c895bc8b17b424']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4383-9648-40fe-add0-4169950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:07.000Z",
|
|
"modified": "2015-08-13T07:13:07.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.MD5 = 'a35e48909a49334a7ebb5448a78dcff9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4383-a6ec-4de4-8eb8-4e6a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:07.000Z",
|
|
"modified": "2015-08-13T07:13:07.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.SHA256 = '945c594aee1b5bd0f3a72abe8f5a3df74fc6ca686887db5e40fe859e3fc90bb1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4383-7c94-4236-9b45-4387950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:07.000Z",
|
|
"modified": "2015-08-13T07:13:07.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.MD5 = '502f35002b1a95f1ae135baff6cff836']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4383-0da8-421f-87d4-4a97950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:07.000Z",
|
|
"modified": "2015-08-13T07:13:07.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.SHA256 = 'ab8d308fd59a8db8a130fcfdb6db56c4f7717877c465be98f71284bdfccdfa25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4383-da48-43fa-b6c1-4838950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:07.000Z",
|
|
"modified": "2015-08-13T07:13:07.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.MD5 = 'a446ced5db1de877cf78f77741e2a804']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4383-4bbc-46ba-b3ee-4389950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:07.000Z",
|
|
"modified": "2015-08-13T07:13:07.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.SHA256 = 'b22a614a291111398657cf8d1fa64fa50ed9c66c66a0b09d08c53972c6536766']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4384-3004-4378-9b88-417c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:08.000Z",
|
|
"modified": "2015-08-13T07:13:08.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.MD5 = 'd939a05e1e3c9d7b6127d503c025dbc4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4384-c2ac-4b2e-b928-4f44950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:08.000Z",
|
|
"modified": "2015-08-13T07:13:08.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.SHA256 = 'fcfdcbdd60f105af1362cfeb3decbbbbe09d5fc82bde6ee8dfd846b2b844f972']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4384-6af8-41f9-a7ef-4b57950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:08.000Z",
|
|
"modified": "2015-08-13T07:13:08.000Z",
|
|
"description": "1stVersion",
|
|
"pattern": "[file:hashes.MD5 = '14634d446471b9e2f55158d9ac09d0b2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc439a-beb4-4229-8fb7-4eb1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:30.000Z",
|
|
"modified": "2015-08-13T07:13:30.000Z",
|
|
"description": "DebugVersion",
|
|
"pattern": "[file:hashes.SHA256 = '910f55e1c4e75696405e158e40b55238d767730c60119539b644ef3e6bc32a5d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc439a-a728-44a5-95f5-4a08950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:30.000Z",
|
|
"modified": "2015-08-13T07:13:30.000Z",
|
|
"description": "DebugVersion",
|
|
"pattern": "[file:hashes.MD5 = '7263a328f0d47c76b4e103546b648484']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc439a-5360-4ba5-a0c9-43ac950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:30.000Z",
|
|
"modified": "2015-08-13T07:13:30.000Z",
|
|
"description": "DebugVersion",
|
|
"pattern": "[file:hashes.SHA256 = 'c821cb34c86ec259af37c389a8f6cd635d98753576c675882c9896025a1abc53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc439a-48b0-4e83-a687-4861950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:30.000Z",
|
|
"modified": "2015-08-13T07:13:30.000Z",
|
|
"description": "DebugVersion",
|
|
"pattern": "[file:hashes.MD5 = 'bdc9255df5385f534fea83b497c371c8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc439b-7588-4cfe-9cd4-4b2e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:31.000Z",
|
|
"modified": "2015-08-13T07:13:31.000Z",
|
|
"description": "DebugVersion",
|
|
"pattern": "[file:hashes.SHA256 = 'f845778c3f2e3272145621776a90f662ee9344e3ae550c76f65fd954e7277d19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc439b-f48c-43ca-904c-4c17950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:31.000Z",
|
|
"modified": "2015-08-13T07:13:31.000Z",
|
|
"description": "DebugVersion",
|
|
"pattern": "[file:hashes.MD5 = '5199fcd031987834ed3121fb316f4970']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ab-7174-47ab-9e9d-444e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:47.000Z",
|
|
"modified": "2015-08-13T07:13:47.000Z",
|
|
"description": "Droppersfrompostalsites",
|
|
"pattern": "[file:hashes.SHA256 = '4dcf14c41b31f8accf9683917bfc9159b9178d6fe36227195fabc232909452af']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ab-9804-47c4-91c2-40ab950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:47.000Z",
|
|
"modified": "2015-08-13T07:13:47.000Z",
|
|
"description": "Droppersfrompostalsites",
|
|
"pattern": "[file:hashes.MD5 = '65f494580c95e10541d1f377c0a7bd49']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ab-bb8c-4ea1-9165-415e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:47.000Z",
|
|
"modified": "2015-08-13T07:13:47.000Z",
|
|
"description": "Droppersfrompostalsites",
|
|
"pattern": "[file:hashes.SHA256 = '8bc189dee0a71b3a8a1767e95cc726e13808ed7d2e9546a9d6b6843cea5eb3bd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ab-a04c-4055-9562-4eeb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:47.000Z",
|
|
"modified": "2015-08-13T07:13:47.000Z",
|
|
"description": "Droppersfrompostalsites",
|
|
"pattern": "[file:hashes.MD5 = 'a4b0615cb639607e6905437dd900c059']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ab-6440-4db5-b619-41b0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:47.000Z",
|
|
"modified": "2015-08-13T07:13:47.000Z",
|
|
"description": "Droppersfrompostalsites",
|
|
"pattern": "[file:hashes.SHA256 = '048621ecf8f25133b2b09d512bb0fe15fc274ec7cb2ccc966aeb44d7a88beb5b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ac-2624-4157-a4fe-45ff950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:48.000Z",
|
|
"modified": "2015-08-13T07:13:48.000Z",
|
|
"description": "Droppersfrompostalsites",
|
|
"pattern": "[file:hashes.MD5 = '07e99b2f572b84af5c4504c23f1653bb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ac-1fd4-4376-8a4d-427e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:48.000Z",
|
|
"modified": "2015-08-13T07:13:48.000Z",
|
|
"description": "Droppersfrompostalsites",
|
|
"pattern": "[file:hashes.SHA256 = 'aa23a93d2fed81daacb93ea7ad633426e04fcd063ff2ea6c0af5649c6cfa0385']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ac-13bc-42e8-b578-4284950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:48.000Z",
|
|
"modified": "2015-08-13T07:13:48.000Z",
|
|
"description": "Droppersfrompostalsites",
|
|
"pattern": "[file:hashes.MD5 = '1927a80cd45f0d27b1ae034c11ddedb0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ac-7e1c-4cd2-9322-41a5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:48.000Z",
|
|
"modified": "2015-08-13T07:13:48.000Z",
|
|
"description": "Droppersfrompostalsites",
|
|
"pattern": "[file:hashes.SHA256 = 'c66955f667e9045ea5591ebf9b59246ad86227f174ea817d1398815a292b8c88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ac-0c84-4ecd-ad39-4195950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:48.000Z",
|
|
"modified": "2015-08-13T07:13:48.000Z",
|
|
"description": "Droppersfrompostalsites",
|
|
"pattern": "[file:hashes.MD5 = '579ad4a596602a10b7cf4659b6b6909d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ac-d5d8-494d-8ccc-4a09950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:48.000Z",
|
|
"modified": "2015-08-13T07:13:48.000Z",
|
|
"description": "Droppersfrompostalsites",
|
|
"pattern": "[file:hashes.SHA256 = 'd6f126ab387f1d856672c730991573385c5746c7c84738ab97b13c897063ff4a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ad-2754-451e-9138-490a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:13:49.000Z",
|
|
"modified": "2015-08-13T07:13:49.000Z",
|
|
"description": "Droppersfrompostalsites",
|
|
"pattern": "[file:hashes.MD5 = 'e64eb8b571f655b744c9154d8032caef']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:13:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43b9-8fa0-4819-9847-43f9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:01.000Z",
|
|
"modified": "2015-08-13T07:14:01.000Z",
|
|
"description": "Dropperswdecoy",
|
|
"pattern": "[file:hashes.SHA256 = '61dd8b60ac35e91771d9ed4f337cd63e0aa6d0a0c5a17bb28cac59b3c21c24a9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43b9-bb30-4e01-b7ed-4f46950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:01.000Z",
|
|
"modified": "2015-08-13T07:14:01.000Z",
|
|
"description": "Dropperswdecoy",
|
|
"pattern": "[file:hashes.MD5 = 'd755e52ba5658a639c778c22d1a906a3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43b9-02b4-4b39-b592-4df7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:01.000Z",
|
|
"modified": "2015-08-13T07:14:01.000Z",
|
|
"description": "Dropperswdecoy",
|
|
"pattern": "[file:hashes.SHA256 = '4328b06093a4ad01f828dc837053cb058fe00f3a7fd5cfb9d1ff7feb7ebb8e32']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ba-c268-4f57-8b30-4989950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:02.000Z",
|
|
"modified": "2015-08-13T07:14:02.000Z",
|
|
"description": "Dropperswdecoy",
|
|
"pattern": "[file:hashes.MD5 = 'b4d909077aa25f31386722e716a5305c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ba-3be0-49f8-a97f-4c3a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:02.000Z",
|
|
"modified": "2015-08-13T07:14:02.000Z",
|
|
"description": "Dropperswdecoy",
|
|
"pattern": "[file:hashes.SHA256 = '15760f0979f2ba1b4d991f19e8b59fc1e61632fcc88755a4d147c0f5d47965c5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ba-9510-4e9e-8ffd-4350950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:02.000Z",
|
|
"modified": "2015-08-13T07:14:02.000Z",
|
|
"description": "Dropperswdecoy",
|
|
"pattern": "[file:hashes.MD5 = 'fc4b285088413127b6d827656b9d0481']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ba-4dec-4821-afef-488b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:02.000Z",
|
|
"modified": "2015-08-13T07:14:02.000Z",
|
|
"description": "Dropperswdecoy",
|
|
"pattern": "[file:hashes.SHA256 = 'b9c285f485421177e616a148410ddc5b02e43f0af375d3141b7e829f7d487bfd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43ba-5118-49d2-b472-49fb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:02.000Z",
|
|
"modified": "2015-08-13T07:14:02.000Z",
|
|
"description": "Dropperswdecoy",
|
|
"pattern": "[file:hashes.MD5 = '73e7ee83133a175b815059f1af79ab1b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43bb-b570-4cd4-85e5-4310950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:03.000Z",
|
|
"modified": "2015-08-13T07:14:03.000Z",
|
|
"description": "Dropperswdecoy",
|
|
"pattern": "[file:hashes.SHA256 = 'cf3b0d8e9a7d0ad32351ade0c52de583b5ca2f72e5af4adbf638c81f4ad8fbcb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43bb-f224-44a1-9e10-48b2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:03.000Z",
|
|
"modified": "2015-08-13T07:14:03.000Z",
|
|
"description": "Dropperswdecoy",
|
|
"pattern": "[file:hashes.MD5 = 'eebbcb1ed5f5606aec296168dee39166']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43bb-9db4-40b3-b2cb-42c2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:03.000Z",
|
|
"modified": "2015-08-13T07:14:03.000Z",
|
|
"description": "Dropperswdecoy",
|
|
"pattern": "[file:hashes.SHA256 = 'dbc1b98b1df1d9c2dc8a5635682ed44a91df6359264ed63370724afa9f19c7ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43bb-932c-4bdc-8b64-4ddf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:03.000Z",
|
|
"modified": "2015-08-13T07:14:03.000Z",
|
|
"description": "Dropperswdecoy",
|
|
"pattern": "[file:hashes.MD5 = '5a24a7370f35dbdbb81adf52e769a442']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43c7-33f0-4d8d-bd4e-4e8d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:15.000Z",
|
|
"modified": "2015-08-13T07:14:15.000Z",
|
|
"description": "FakeTrueCryptextractedexe",
|
|
"pattern": "[file:hashes.SHA256 = '4c01ffcc90e6271374b34b252fefb5d6fffda29f6ad645a879a159f78e095979']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43c7-aecc-4bfe-b3dc-47bf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:15.000Z",
|
|
"modified": "2015-08-13T07:14:15.000Z",
|
|
"description": "FakeTrueCryptextractedexe",
|
|
"pattern": "[file:hashes.MD5 = 'b64dbe5817b24d17a0404e9b2606ad96']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43c7-e810-41e2-a535-4475950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:15.000Z",
|
|
"modified": "2015-08-13T07:14:15.000Z",
|
|
"description": "FakeTrueCryptextractedexe",
|
|
"pattern": "[file:hashes.SHA256 = '5de8c04a77e37dc1860da490453085506f8aa378fbc7d811128694d8581b89ba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43c7-4824-40f8-9cd5-4226950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:15.000Z",
|
|
"modified": "2015-08-13T07:14:15.000Z",
|
|
"description": "FakeTrueCryptextractedexe",
|
|
"pattern": "[file:hashes.MD5 = '7ca6101c2ae4838fbbd7ceb0b2354e43']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43c7-57f4-46fd-90f0-4622950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:15.000Z",
|
|
"modified": "2015-08-13T07:14:15.000Z",
|
|
"description": "FakeTrueCryptextractedexe",
|
|
"pattern": "[file:hashes.SHA256 = '73aae05fab96290cabbe4b0ec561d2f6d79da71834509c4b1f4b9ae714159b42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43c7-9920-4f2c-b1db-442b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:15.000Z",
|
|
"modified": "2015-08-13T07:14:15.000Z",
|
|
"description": "FakeTrueCryptextractedexe",
|
|
"pattern": "[file:hashes.MD5 = 'f64704ed25f4c728af996eee3ee85411']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43c8-8138-4d1c-8c9b-4990950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:16.000Z",
|
|
"modified": "2015-08-13T07:14:16.000Z",
|
|
"description": "FakeTrueCryptextractedexe",
|
|
"pattern": "[file:hashes.SHA256 = 'c7212d249b5eb7e2cea948a173ce96e1d2b8c44dcc2bb1d101dce64bb3f5becc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc43c8-85fc-4e29-a529-4b99950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:14:16.000Z",
|
|
"modified": "2015-08-13T07:14:16.000Z",
|
|
"description": "FakeTrueCryptextractedexe",
|
|
"pattern": "[file:hashes.MD5 = 'c1f715ff0afc78af81d215d485cc235c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:14:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc443a-6fb8-48bc-bce3-4323950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:10.000Z",
|
|
"modified": "2015-08-13T07:16:10.000Z",
|
|
"description": "FakeTrueCryptSetup",
|
|
"pattern": "[file:hashes.SHA256 = '42028874fae37ad9dc89eb37149ecb1e6439869918309a07f056924c1b981def']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc443b-7ec4-4260-8f3a-4d4d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:11.000Z",
|
|
"modified": "2015-08-13T07:16:11.000Z",
|
|
"description": "FakeTrueCryptSetup",
|
|
"pattern": "[file:hashes.MD5 = 'f34b77f7b2233ee6f727d59fb28f438a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc443b-7f34-4021-bd73-4e75950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:11.000Z",
|
|
"modified": "2015-08-13T07:16:11.000Z",
|
|
"description": "FakeTrueCryptSetup",
|
|
"pattern": "[file:hashes.SHA256 = 'a3a43bbc69e24c0bc3ab06fbf3ccc35cf8687e2862f86fb0d269258b68c710c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc443b-20b0-4ced-9599-4119950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:11.000Z",
|
|
"modified": "2015-08-13T07:16:11.000Z",
|
|
"description": "FakeTrueCryptSetup",
|
|
"pattern": "[file:hashes.MD5 = 'babd17701cbe876149dc07e68ec7ca4f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc443b-5d94-4fbb-a65e-4422950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:11.000Z",
|
|
"modified": "2015-08-13T07:16:11.000Z",
|
|
"description": "FakeTrueCryptSetup",
|
|
"pattern": "[file:hashes.SHA256 = 'b8844e5b72971fe67d2905e77ddaa3366ae1c3bead92be6effd58691bc1ff8ec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc443b-c8a8-4b72-ab03-46b1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:11.000Z",
|
|
"modified": "2015-08-13T07:16:11.000Z",
|
|
"description": "FakeTrueCryptSetup",
|
|
"pattern": "[file:hashes.MD5 = 'cfc8901fe6a9a8299087bfc73ae8909e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc443c-cc0c-4efa-844d-4424950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:12.000Z",
|
|
"modified": "2015-08-13T07:16:12.000Z",
|
|
"description": "FakeTrueCryptSetup",
|
|
"pattern": "[file:hashes.SHA256 = 'fe3547f0e052c71f872bf09cdc1654137ee68f878fc6d5a78df16a13e6de1768']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc443c-c0b4-485c-83a1-49af950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:12.000Z",
|
|
"modified": "2015-08-13T07:16:12.000Z",
|
|
"description": "FakeTrueCryptSetup",
|
|
"pattern": "[file:hashes.MD5 = '83f3ec97a95595ebe40a75e94c98a7bd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4448-0d00-4f5c-93b7-4853950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:24.000Z",
|
|
"modified": "2015-08-13T07:16:24.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.SHA256 = '2de76a3c07344ce322151dbb42febdff97ade8176466a3af07e5280bd859a186']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4448-3910-421f-b657-44e0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:24.000Z",
|
|
"modified": "2015-08-13T07:16:24.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.MD5 = '38e708fea8016520cb25d3cb933f2244']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4448-d268-4a20-ac25-448f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:24.000Z",
|
|
"modified": "2015-08-13T07:16:24.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.SHA256 = '4e88b8b121d768c611fe16ae1f008502b2191edc6f2ee84fef7b12b4d86fe000']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4448-4c9c-4693-82a6-4955950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:24.000Z",
|
|
"modified": "2015-08-13T07:16:24.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.MD5 = '360df4c2f2b99052c07e08edbe15ab2c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4449-822c-4231-89e2-447c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:25.000Z",
|
|
"modified": "2015-08-13T07:16:25.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.SHA256 = '29dfc81b400a1400782623c618cb1d507f5d17bb13de44f123a333093648048f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4449-1d04-463a-a7e9-438e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:25.000Z",
|
|
"modified": "2015-08-13T07:16:25.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.MD5 = '89a3ea3967745e04199ebf222494452e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4449-0084-4e73-ad0c-4315950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:25.000Z",
|
|
"modified": "2015-08-13T07:16:25.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.SHA256 = '97afe4b12a9fed40ad20ab191ba0a577f5a46cbfb307e118a7ae69d04adc2e2d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4449-b0c8-42b2-818a-43a8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:25.000Z",
|
|
"modified": "2015-08-13T07:16:25.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.MD5 = '6ba88e8e74b12c914483c026ae92eb42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4449-acb8-4f3b-8f7e-48b1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:25.000Z",
|
|
"modified": "2015-08-13T07:16:25.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.SHA256 = '793a8ce811f423dfde47a5f44ae50e19e7e41ad055e56c7345927eac951e966b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc444a-ab1c-4133-9777-484e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:26.000Z",
|
|
"modified": "2015-08-13T07:16:26.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.MD5 = '043f99a875424ca0023a21739dba51ef']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc444a-1144-4208-a45a-4972950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:26.000Z",
|
|
"modified": "2015-08-13T07:16:26.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.SHA256 = '904bb2efe661f654425e691b7748556e558a636d4f25c43af9d2d4dfbe83262e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc444a-727c-4601-be66-4e67950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:26.000Z",
|
|
"modified": "2015-08-13T07:16:26.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.MD5 = '02d438df779affddaf02ca995c60cecb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc444a-cf04-4328-a0e7-42a8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:26.000Z",
|
|
"modified": "2015-08-13T07:16:26.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.SHA256 = 'b62589ee5ba94d15edcf8613e3d57255dd7a12fce6d2dbd660fd7281ce6234f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc444a-d570-4e02-952d-4a80950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:26.000Z",
|
|
"modified": "2015-08-13T07:16:26.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.MD5 = '11b4e7ea6bae19a29343ae3ff3fb00ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc444b-6954-4fe0-88c1-4207950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:27.000Z",
|
|
"modified": "2015-08-13T07:16:27.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.SHA256 = 'd2c11706736fda2b178ac388206472fd8d050e0f13568c84b37683423acd155d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc444b-e9d4-47b5-8a95-4f10950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:27.000Z",
|
|
"modified": "2015-08-13T07:16:27.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.MD5 = '27d74523b182ae630c4e5236897e11f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc444b-abe4-498c-881a-4e43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:27.000Z",
|
|
"modified": "2015-08-13T07:16:27.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.SHA256 = 'f1f61a0f9488be3925665f8063006f90fab1bf0bd0b6ff5f7799f8995ff8960e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc444b-6338-4ded-99a6-4f54950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:27.000Z",
|
|
"modified": "2015-08-13T07:16:27.000Z",
|
|
"description": "OtherDroppers",
|
|
"pattern": "[file:hashes.MD5 = '1ab8d45656e245aca4e59aa0519f6ba0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445b-3d2c-4d88-bdb8-41ad950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:43.000Z",
|
|
"modified": "2015-08-13T07:16:43.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '1acae7c11fb559b81df5fc6d0df0fe502e87f674ca9f4aefc2d7d8f828ba7f5c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445b-4798-45f7-82fc-4c7d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:43.000Z",
|
|
"modified": "2015-08-13T07:16:43.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = '76dda7ca15323fd658054e0550149b7b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445b-dc5c-4515-84a6-4a59950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:43.000Z",
|
|
"modified": "2015-08-13T07:16:43.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '3d78f52fa0c08d8bf3d42074bf76ee56aa233fb9a6bc76119998d085d94368ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445b-1548-4fe1-9997-49c0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:43.000Z",
|
|
"modified": "2015-08-13T07:16:43.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = 'ca1a3618088f91b8fb2a30c9a9aa4aca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445c-c2dc-4bce-8dc3-46f5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:44.000Z",
|
|
"modified": "2015-08-13T07:16:44.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '7d15bd854c1dfef847cdd3caabdf4ab81f2410ee5c7f91d377cc72eb81135ff4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445c-e6f8-4f9e-813a-4587950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:44.000Z",
|
|
"modified": "2015-08-13T07:16:44.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = 'a2bb01b764491dd61fa3a7ba5afc709c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445c-9d00-4fa7-93c8-422d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:44.000Z",
|
|
"modified": "2015-08-13T07:16:44.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '09c04206b57bb8582faffb37e4ebb6867a02492ffc08268bcbc717708d1a8919']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445c-0a7c-4ff7-85c9-4807950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:44.000Z",
|
|
"modified": "2015-08-13T07:16:44.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = 'a59053cc3f66e72540634eb7895824ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445c-57b8-4f00-b278-4046950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:44.000Z",
|
|
"modified": "2015-08-13T07:16:44.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '12bb18fa9a12cb89dea3733b342940b80cd453886390079cb4c2ffcd664baeda']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445d-9608-47f5-aef9-47ed950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:45.000Z",
|
|
"modified": "2015-08-13T07:16:45.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = '2bd0d2b5ee4e93717ea71445b102e38e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445d-85f4-4e02-b8d4-4777950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:45.000Z",
|
|
"modified": "2015-08-13T07:16:45.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '34e6fb074284e58ca80961feda4fe651d6d658077914a528a4a6efa91ecc749d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445d-d78c-449b-accb-4f0f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:45.000Z",
|
|
"modified": "2015-08-13T07:16:45.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = '057028e46ea797834da401e4db7c860a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445d-166c-439e-90af-4b19950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:45.000Z",
|
|
"modified": "2015-08-13T07:16:45.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '90b20b1687909c2f76f750ba3fd4b14731ce736c08c3a8608d28eae3f4cd68f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445d-e864-45cf-b346-4ad3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:45.000Z",
|
|
"modified": "2015-08-13T07:16:45.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = '514423670de210f13092d6cb8916748e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445e-151c-4505-ae5f-4b85950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:46.000Z",
|
|
"modified": "2015-08-13T07:16:46.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '93accb71bf4e776955756c76990298decfebe4b1dd9fbf9d368e81dc1cb9532d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445e-900c-408f-b84f-426c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:46.000Z",
|
|
"modified": "2015-08-13T07:16:46.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = 'abb9f4fab64dd7a03574abdd1076b5ea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445e-ac3c-49c6-a91b-4af9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:46.000Z",
|
|
"modified": "2015-08-13T07:16:46.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '99a09ad92cc1a2564f3051057383cb6268893bc4a62903eabf3538c6bfb3aa9c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445e-96d8-4d60-b4d5-49c5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:46.000Z",
|
|
"modified": "2015-08-13T07:16:46.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = '542b00f903f945ad3a9291cb0af73446']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445e-0e88-4c2e-bec9-468c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:46.000Z",
|
|
"modified": "2015-08-13T07:16:46.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '339a5199e6d0b5f781b08b2ca0ad0495e75e52b8e2fd69e1d970388fbca7a0d6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445f-5158-49a0-b7c5-4e5c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:47.000Z",
|
|
"modified": "2015-08-13T07:16:47.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = 'a427ff7abb17af6cf5fb70c49e9bf4e1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445f-dab0-4866-8658-4a32950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:47.000Z",
|
|
"modified": "2015-08-13T07:16:47.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '340b09d661a6ac45af53c348a5c1846ad6323d34311e66454e46c1d38d53af8b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445f-dd48-44c8-9a6b-4512950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:47.000Z",
|
|
"modified": "2015-08-13T07:16:47.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = '2646f7159e1723f089d63e08c8bfaffb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445f-facc-493c-8330-4b00950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:47.000Z",
|
|
"modified": "2015-08-13T07:16:47.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '461dd5a58ffcad9fffba9181e234f2e0149c8b8ba28c7ea53753c74fdfa0b0d5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445f-484c-4d3f-a776-4745950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:47.000Z",
|
|
"modified": "2015-08-13T07:16:47.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = '609abb2a86c324bbb9ba1e253595e573']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc445f-7bfc-450d-ab81-488d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:47.000Z",
|
|
"modified": "2015-08-13T07:16:47.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '4688afcc161603bfa1c997b6d71b9618be96f9ff980e5486c451b1cc2c5076cb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4460-2d84-45f2-9b79-4057950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:48.000Z",
|
|
"modified": "2015-08-13T07:16:48.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = 'ae552fc43f1ba8684655d8bf8c6af869']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4460-1c18-4cd8-9ca7-4984950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:48.000Z",
|
|
"modified": "2015-08-13T07:16:48.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '7492e84a30e890ebe3ca5140ad547965cc8c43f0a02f66be153b038a73ee5314']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4460-2778-43fd-b47f-43d7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:48.000Z",
|
|
"modified": "2015-08-13T07:16:48.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = '1234bf4f0f5debc800d85c1bd2255671']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4460-6cb0-4c1f-9d57-4c0b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:48.000Z",
|
|
"modified": "2015-08-13T07:16:48.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '61862a55dcf8212ce9dd4a8f0c92447a6c7093681c592eb937a247e38c8109d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4460-4270-4f04-b3ab-434b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:48.000Z",
|
|
"modified": "2015-08-13T07:16:48.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = 'e685ea8b37f707f3706d7281b8f6816a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4461-2e20-49c2-b5ac-4e44950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:49.000Z",
|
|
"modified": "2015-08-13T07:16:49.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = '95631685006ac92b7eb0755274e2a36a3c9058cf462dd46f9f4f66e8d67b9db2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4461-a388-464c-926a-428e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:49.000Z",
|
|
"modified": "2015-08-13T07:16:49.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = '9179f4683ece450c1ac7a819b32bdb6d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4461-1800-46f6-abf7-4a7d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:49.000Z",
|
|
"modified": "2015-08-13T07:16:49.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = 'b8b02cc57e45bcf500b433806e6a4f8af7f0ac0c5fc9adfd11820eebf4eb5d79']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4461-9bf4-4aef-b26a-4026950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:49.000Z",
|
|
"modified": "2015-08-13T07:16:49.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = 'cdc60eb93b594fb5e7e5895e2b441240']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4461-694c-4061-bc26-47a9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:49.000Z",
|
|
"modified": "2015-08-13T07:16:49.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = 'e57eb9f7fdf3f0e90b1755d947f1fe7bb65e67308f1f4a8c25bc2946512934b7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4462-9588-464d-ac91-49a3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:50.000Z",
|
|
"modified": "2015-08-13T07:16:50.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = '39b67cc6dae5214328022c44f28ced8b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4462-7df0-4c13-8c81-424d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:50.000Z",
|
|
"modified": "2015-08-13T07:16:50.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = 'e3892d2d9f87ea848477529458d025898b24a6802eb4df13e96b0314334635d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4462-7100-49c1-8e23-416b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:50.000Z",
|
|
"modified": "2015-08-13T07:16:50.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = '3813b848162261cc5982dd64c741b450']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4462-c640-4e8e-b471-4641950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:50.000Z",
|
|
"modified": "2015-08-13T07:16:50.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.SHA256 = 'f1d7e36af4c30bf3d680c87bbc4430de282d00323bf8ae9e17b04862af286736']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55cc4462-7794-4fdb-82b1-472e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-13T07:16:50.000Z",
|
|
"modified": "2015-08-13T07:16:50.000Z",
|
|
"description": "USBSpreaders",
|
|
"pattern": "[file:hashes.MD5 = '35724e234f6258e601257fb219db9079']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-13T07:16:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55e200f3-9ea8-4758-a9b4-4f4a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-29T18:58:59.000Z",
|
|
"modified": "2015-08-29T18:58:59.000Z",
|
|
"pattern": "[// Operation Potao yara rules\r\n// For feedback or questions contact us at: github@eset.com\r\n// https://github.com/eset/malware-ioc/\r\n//\r\n// These yara rules are provided to the community under the two-clause BSD\r\n// license as follows:\r\n//\r\n// Copyright (c) 2015, ESET\r\n// All rights reserved.\r\n//\r\n// Redistribution and use in source and binary forms, with or without\r\n// modification, are permitted provided that the following conditions are met:\r\n//\r\n// 1. Redistributions of source code must retain the above copyright notice, this\r\n// list of conditions and the following disclaimer.\r\n//\r\n// 2. Redistributions in binary form must reproduce the above copyright notice,\r\n// this list of conditions and the following disclaimer in the documentation\r\n// and/or other materials provided with the distribution.\r\n//\r\n// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\"\r\n// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\r\n// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\r\n// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\r\n// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\r\n// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\r\n// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\r\n// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\r\n// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\r\n// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r\n//\r\nprivate rule PotaoDecoy\r\n{\r\n strings:\r\n $mz = { 4d 5a }\r\n $str1 = \"eroqw11\"\r\n $str2 = \"2sfsdf\"\r\n $str3 = \"RtlDecompressBuffer\"\r\n $wiki_str = \"spanned more than 100 years and ruined three consecutive\" wide\r\n\r\n $old_ver1 = {53 68 65 6C 6C 33 32 2E 64 6C 6C 00 64 61 66 73 72 00 00 00 64 61 66 73 72 00 00 00 64 6F 63 (00 | 78)}\r\n $old_ver2 = {6F 70 65 6E 00 00 00 00 64 6F 63 00 64 61 66 73 72 00 00 00 53 68 65 6C 6C 33 32 2E 64 6C 6C 00} \r\n condition:\r\n ($mz at 0) and ( (all of ($str*)) or any of ($old_ver*) or $wiki_str )\r\n}\r\nprivate rule PotaoDll\r\n{\r\n strings:\r\n $mz = { 4d 5a }\r\n \r\n $dllstr1 = \"?AVCncBuffer@@\"\r\n $dllstr2 = \"?AVCncRequest@@\"\r\n $dllstr3 = \"Petrozavodskaya, 11, 9\"\r\n $dllstr4 = \"_Scan@0\"\r\n $dllstr5 = \"\\x00/sync/document/\"\r\n $dllstr6 = \"\\\\temp.temp\"\r\n \r\n $dllname1 = \"node69MainModule.dll\"\r\n $dllname2 = \"node69-main.dll\"\r\n $dllname3 = \"node69MainModuleD.dll\"\r\n $dllname4 = \"task-diskscanner.dll\"\r\n $dllname5 = \"\\x00Screen.dll\"\r\n $dllname6 = \"Poker2.dll\" \r\n $dllname7 = \"PasswordStealer.dll\"\r\n $dllname8 = \"KeyLog2Runner.dll\" \r\n $dllname9 = \"GetAllSystemInfo.dll\" \r\n $dllname10 = \"FilePathStealer.dll\" \r\n condition:\r\n ($mz at 0) and (any of ($dllstr*) and any of ($dllname*))\r\n}\r\nprivate rule PotaoUSB\r\n{\r\n strings:\r\n $mz = { 4d 5a }\r\n \r\n $binary1 = { 33 C0 8B C8 83 E1 03 BA ?? ?? ?? 00 2B D1 8A 0A 32 88 ?? ?? ?? 00 2A C8 FE C9 88 88 ?? ?? ?? 00 40 3D ?? ?? 00 00 7C DA C3 }\r\n $binary2 = { 55 8B EC 51 56 C7 45 FC 00 00 00 00 EB 09 8B 45 FC 83 C0 01 89 45 FC 81 7D FC ?? ?? 00 00 7D 3D 8B 4D FC 0F BE 89 ?? ?? ?? 00 8B 45 FC 33 D2 BE 04 00 00 00 F7 F6 B8 03 00 00 00 2B C2 0F BE 90 ?? ?? ?? 00 33 CA 2B 4D FC 83 E9 01 81 E1 FF 00 00 00 8B 45 FC 88 88 ?? ?? ?? 00 EB B1 5E 8B E5 5D C3}\r\n condition:\r\n ($mz at 0) and any of ($binary*)\r\n}\r\nprivate rule PotaoSecondStage\r\n{\r\n strings:\r\n $mz = { 4d 5a }\r\n // hash of CryptBinaryToStringA and CryptStringToBinaryA\r\n $binary1 = {51 7A BB 85 [10-180] E8 47 D2 A8}\r\n // old hash of CryptBinaryToStringA and CryptStringToBinaryA\r\n $binary2 = {5F 21 63 DD [10-30] EC FD 33 02}\r\n $binary3 = {CA 77 67 57 [10-30] BA 08 20 7A}\r\n \r\n $str1 = \"?AVCrypt32Import@@\"\r\n $str2 = \"%.5llx\"\r\n condition:\r\n ($mz at 0) and any of ($binary*) and any of ($str*)\r\n}\r\nrule Potao\r\n{\r\n meta:\r\n Author = \"Anton Cherepanov\"\r\n Date = \"2015/07/29\"\r\n Description = \"Operation Potao\"\r\n Reference = \"http://www.welivesecurity.com/wp-content/uploads/2015/07/Operation-Potao-Express_final_v2.pdf\"\r\n Source = \"https://github.com/eset/malware-ioc/\"\r\n Contact = \"threatintel@eset.com\"\r\n License = \"BSD 2-Clause\"\r\n condition:\r\n PotaoDecoy or PotaoDll or PotaoUSB or PotaoSecondStage\r\n}]",
|
|
"pattern_type": "yara",
|
|
"valid_from": "2015-08-29T18:58:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69e90-fc44-4264-9e4e-45ab950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:16.000Z",
|
|
"modified": "2016-02-19T04:48:16.000Z",
|
|
"description": "Automatically added (via 85b0e3264820008a30f17ca19332fa19)",
|
|
"pattern": "[file:hashes.SHA1 = 'ce7f96b400ed51f7fab465dea26147984f2627bd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69e92-852c-45eb-928d-4322950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:18.000Z",
|
|
"modified": "2016-02-19T04:48:18.000Z",
|
|
"description": "Automatically added (via ac854a3c91d52bfc09605506e76975ae)",
|
|
"pattern": "[file:hashes.SHA1 = '52e59cd4c864fbfc9902a144ed5e68c9ded45deb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69e93-42b8-4267-9c06-c650950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:19.000Z",
|
|
"modified": "2016-02-19T04:48:19.000Z",
|
|
"description": "Automatically added (via 3b7d88a069631111d5585b1b10cccc86)",
|
|
"pattern": "[file:hashes.SHA1 = '642be4b2a87b47e77814744d154094392e413ab1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69e94-0ec4-454d-ba48-4c0d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:20.000Z",
|
|
"modified": "2016-02-19T04:48:20.000Z",
|
|
"description": "Automatically added (via d1658b792dd1569abc27966083f59d44)",
|
|
"pattern": "[file:hashes.SHA1 = '18ddcd41dccfbbd904347ea75bc9413ff6dc8786']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69e95-1d38-4d6b-b371-5ca1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:21.000Z",
|
|
"modified": "2016-02-19T04:48:21.000Z",
|
|
"description": "Automatically added (via 0c7183d761f15772b7e9c788be601d29)",
|
|
"pattern": "[file:hashes.SHA1 = 'd88c7c1e465bea7bf7377c08fba3aaf77cbf485f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69e96-41d8-47da-b2fc-59a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:22.000Z",
|
|
"modified": "2016-02-19T04:48:22.000Z",
|
|
"description": "Automatically added (via a35e48909a49334a7ebb5448a78dcff9)",
|
|
"pattern": "[file:hashes.SHA1 = '81efb422ed2631c739cc690d0a9a5eaa07897531']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69e97-db3c-4443-a8a4-599e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:23.000Z",
|
|
"modified": "2016-02-19T04:48:23.000Z",
|
|
"description": "Automatically added (via 502f35002b1a95f1ae135baff6cff836)",
|
|
"pattern": "[file:hashes.SHA1 = '5c52996d9f68ba6fd0da4982f238ec1d279a7f9d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69e98-9db8-4d50-ab6f-59a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:24.000Z",
|
|
"modified": "2016-02-19T04:48:24.000Z",
|
|
"description": "Automatically added (via a446ced5db1de877cf78f77741e2a804)",
|
|
"pattern": "[file:hashes.SHA1 = '8839d3e213717b88a06ffc48827929891a10059e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69e99-0660-470d-be5c-4372950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:25.000Z",
|
|
"modified": "2016-02-19T04:48:25.000Z",
|
|
"description": "Automatically added (via d939a05e1e3c9d7b6127d503c025dbc4)",
|
|
"pattern": "[file:hashes.SHA1 = 'eb86615f539e35a8d3e4838949382d09743502bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69e9a-8834-4dc1-be46-59a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:26.000Z",
|
|
"modified": "2016-02-19T04:48:26.000Z",
|
|
"description": "Automatically added (via 14634d446471b9e2f55158d9ac09d0b2)",
|
|
"pattern": "[file:hashes.SHA1 = 'e400e1dd983fd94e29345aabc77fadeb3f43c219']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69e9b-09f4-4de3-8a0c-599d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:27.000Z",
|
|
"modified": "2016-02-19T04:48:27.000Z",
|
|
"description": "Automatically added (via 7263a328f0d47c76b4e103546b648484)",
|
|
"pattern": "[file:hashes.SHA1 = 'ba35edc3143ad021bb2490a3eb7b50c06f2ea40b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69e9c-0474-4ba3-880d-c653950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:28.000Z",
|
|
"modified": "2016-02-19T04:48:28.000Z",
|
|
"description": "Automatically added (via bdc9255df5385f534fea83b497c371c8)",
|
|
"pattern": "[file:hashes.SHA1 = '73a4a6864ef68c810c7c699ed51b759cf1c4adfb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69e9e-2a04-420a-b94d-59a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:30.000Z",
|
|
"modified": "2016-02-19T04:48:30.000Z",
|
|
"description": "Automatically added (via 5199fcd031987834ed3121fb316f4970)",
|
|
"pattern": "[file:hashes.SHA1 = '9d584de2cce6b654e62573938c2c824d7cc7d0eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69e9f-23a4-4342-9ac1-445c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:31.000Z",
|
|
"modified": "2016-02-19T04:48:31.000Z",
|
|
"description": "Automatically added (via 65f494580c95e10541d1f377c0a7bd49)",
|
|
"pattern": "[file:hashes.SHA1 = 'cc9bdbe37cbaf0cc634076950fd32d9a377de650']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ea0-eb30-4319-8242-c654950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:32.000Z",
|
|
"modified": "2016-02-19T04:48:32.000Z",
|
|
"description": "Automatically added (via a4b0615cb639607e6905437dd900c059)",
|
|
"pattern": "[file:hashes.SHA1 = 'a4d685fca8afe9885db75282516006f5bc56c098']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ea2-6bb8-461d-a4e4-599d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:34.000Z",
|
|
"modified": "2016-02-19T04:48:34.000Z",
|
|
"description": "Automatically added (via 07e99b2f572b84af5c4504c23f1653bb)",
|
|
"pattern": "[file:hashes.SHA1 = '0ae4e6e6fa1b1f8161a74525d4cb5a1808abfaf4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ea3-5468-48a7-a99d-5ca1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:35.000Z",
|
|
"modified": "2016-02-19T04:48:35.000Z",
|
|
"description": "Automatically added (via 1927a80cd45f0d27b1ae034c11ddedb0)",
|
|
"pattern": "[file:hashes.SHA1 = '94bbf39fff09b3a62a583c7d45a00b2492102dd7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ea4-c028-4060-bf72-59a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:36.000Z",
|
|
"modified": "2016-02-19T04:48:36.000Z",
|
|
"description": "Automatically added (via 579ad4a596602a10b7cf4659b6b6909d)",
|
|
"pattern": "[file:hashes.SHA1 = 'ec0563cde3ffaff424b97d7eb692847132344127']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ea5-58cc-47f2-918d-59a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:37.000Z",
|
|
"modified": "2016-02-19T04:48:37.000Z",
|
|
"description": "Automatically added (via e64eb8b571f655b744c9154d8032caef)",
|
|
"pattern": "[file:hashes.SHA1 = 'f347da9aad52b717641ad3dd96925ab634ceb572']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ea6-85f0-47b6-ada2-5ca1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:38.000Z",
|
|
"modified": "2016-02-19T04:48:38.000Z",
|
|
"description": "Automatically added (via d755e52ba5658a639c778c22d1a906a3)",
|
|
"pattern": "[file:hashes.SHA1 = '9be3800b49e84e0c014852977557f21bcde2a775']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ea8-2418-4718-9ec1-5f51950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:40.000Z",
|
|
"modified": "2016-02-19T04:48:40.000Z",
|
|
"description": "Automatically added (via b4d909077aa25f31386722e716a5305c)",
|
|
"pattern": "[file:hashes.SHA1 = 'f8bcdad02da2e0223f45f15da4fbab053e73cf6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ea9-ea30-48e3-aa1d-c654950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:41.000Z",
|
|
"modified": "2016-02-19T04:48:41.000Z",
|
|
"description": "Automatically added (via fc4b285088413127b6d827656b9d0481)",
|
|
"pattern": "[file:hashes.SHA1 = 'fbb399568e0a3b2e461a4eb3268abdf07f3d5764']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eaa-784c-4120-9335-4781950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:42.000Z",
|
|
"modified": "2016-02-19T04:48:42.000Z",
|
|
"description": "Automatically added (via 73e7ee83133a175b815059f1af79ab1b)",
|
|
"pattern": "[file:hashes.SHA1 = '2cdd6aabb71fdb244baa313ebba13f06bcad2612']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eab-cbc4-4482-b2bb-4cfb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:43.000Z",
|
|
"modified": "2016-02-19T04:48:43.000Z",
|
|
"description": "Automatically added (via eebbcb1ed5f5606aec296168dee39166)",
|
|
"pattern": "[file:hashes.SHA1 = 'bcc5a0ce0bcdfea2fd1d64b5529eac7309488273']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eac-b2f8-4b51-9102-59a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:44.000Z",
|
|
"modified": "2016-02-19T04:48:44.000Z",
|
|
"description": "Automatically added (via 5a24a7370f35dbdbb81adf52e769a442)",
|
|
"pattern": "[file:hashes.SHA1 = '4d5e0808a03a75bfe8202e3a6d2920eddbfc7774']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eaf-3998-4378-a183-4a58950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:47.000Z",
|
|
"modified": "2016-02-19T04:48:47.000Z",
|
|
"description": "Automatically added (via 38e708fea8016520cb25d3cb933f2244)",
|
|
"pattern": "[file:hashes.SHA1 = '1b278a1a5e109f32b526660087aea99fb8d89403']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eb0-ed34-4b9a-84cf-c652950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:48.000Z",
|
|
"modified": "2016-02-19T04:48:48.000Z",
|
|
"description": "Automatically added (via 360df4c2f2b99052c07e08edbe15ab2c)",
|
|
"pattern": "[file:hashes.SHA1 = '855ca024afba0dc09d336a0896318d5cc47f03a6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eb1-82ac-4194-a49b-599c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:49.000Z",
|
|
"modified": "2016-02-19T04:48:49.000Z",
|
|
"description": "Automatically added (via 89a3ea3967745e04199ebf222494452e)",
|
|
"pattern": "[file:hashes.SHA1 = 'd8837002a04f4c93cc3b857f6a42ced6c9f3b882']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eb2-1c80-42c7-a8a9-4dfa950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:50.000Z",
|
|
"modified": "2016-02-19T04:48:50.000Z",
|
|
"description": "Automatically added (via 6ba88e8e74b12c914483c026ae92eb42)",
|
|
"pattern": "[file:hashes.SHA1 = '4332a5ad314616d9319c248d41c7d1a709124db2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eb3-077c-425e-bf78-4705950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:51.000Z",
|
|
"modified": "2016-02-19T04:48:51.000Z",
|
|
"description": "Automatically added (via 043f99a875424ca0023a21739dba51ef)",
|
|
"pattern": "[file:hashes.SHA1 = 'ba5ad566a28d7712e0a64899d4675c06139f3ff0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eb5-9820-46c4-a661-599d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:53.000Z",
|
|
"modified": "2016-02-19T04:48:53.000Z",
|
|
"description": "Automatically added (via 02d438df779affddaf02ca995c60cecb)",
|
|
"pattern": "[file:hashes.SHA1 = 'ff6f6dcbedc24d22541013d2273c63b5f0f19fe9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eb6-77ec-4a20-ad16-599e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:54.000Z",
|
|
"modified": "2016-02-19T04:48:54.000Z",
|
|
"description": "Automatically added (via 11b4e7ea6bae19a29343ae3ff3fb00ca)",
|
|
"pattern": "[file:hashes.SHA1 = '12240271e928979ab2347c29b5599d6ac7cd6b8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eb7-545c-40e5-a4e0-59a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:55.000Z",
|
|
"modified": "2016-02-19T04:48:55.000Z",
|
|
"description": "Automatically added (via 27d74523b182ae630c4e5236897e11f3)",
|
|
"pattern": "[file:hashes.SHA1 = '76da7b4abc9b711ab1ef87b97c61dd895e508232']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eb8-4aa0-42d9-8f21-59a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:56.000Z",
|
|
"modified": "2016-02-19T04:48:56.000Z",
|
|
"description": "Automatically added (via 1ab8d45656e245aca4e59aa0519f6ba0)",
|
|
"pattern": "[file:hashes.SHA1 = '5bea9423db6d0500920578c12cb127cbafdd125e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eb9-7318-4f8e-98b5-c650950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:57.000Z",
|
|
"modified": "2016-02-19T04:48:57.000Z",
|
|
"description": "Automatically added (via 76dda7ca15323fd658054e0550149b7b)",
|
|
"pattern": "[file:hashes.SHA1 = 'bb0500a24853e404ad6ca708813f926b90b38468']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eba-554c-40da-9557-5ca1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:48:58.000Z",
|
|
"modified": "2016-02-19T04:48:58.000Z",
|
|
"description": "Automatically added (via ca1a3618088f91b8fb2a30c9a9aa4aca)",
|
|
"pattern": "[file:hashes.SHA1 = 'db966220463db87c2c51c19303b3a20f4577d632']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:48:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ebc-2c7c-4a5a-8b59-c652950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:00.000Z",
|
|
"modified": "2016-02-19T04:49:00.000Z",
|
|
"description": "Automatically added (via a2bb01b764491dd61fa3a7ba5afc709c)",
|
|
"pattern": "[file:hashes.SHA1 = '224a07f002e8dfb3f2b615b3fa71166cf1a61b6d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ebd-a430-4383-8415-599e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:01.000Z",
|
|
"modified": "2016-02-19T04:49:01.000Z",
|
|
"description": "Automatically added (via a59053cc3f66e72540634eb7895824ac)",
|
|
"pattern": "[file:hashes.SHA1 = '971a69547c5bc9b711a3bb6f6f2c5e3a46bf7b29']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ebe-03bc-495c-9ad1-42e5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:02.000Z",
|
|
"modified": "2016-02-19T04:49:02.000Z",
|
|
"description": "Automatically added (via 2bd0d2b5ee4e93717ea71445b102e38e)",
|
|
"pattern": "[file:hashes.SHA1 = '5be1ac1515da2397a7c52a8b1df384dd938fa714']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ebf-43a0-44d4-b602-c650950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:03.000Z",
|
|
"modified": "2016-02-19T04:49:03.000Z",
|
|
"description": "Automatically added (via 057028e46ea797834da401e4db7c860a)",
|
|
"pattern": "[file:hashes.SHA1 = 'bb7a089bae3a4af44fb9b053bb703239e03c036e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ec1-b4cc-4e8b-8f28-5ca1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:05.000Z",
|
|
"modified": "2016-02-19T04:49:05.000Z",
|
|
"description": "Automatically added (via 514423670de210f13092d6cb8916748e)",
|
|
"pattern": "[file:hashes.SHA1 = '5d4724fba02965916a15a50a6937cdb6ab609fdd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ec2-f910-4ddd-89c0-599d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:06.000Z",
|
|
"modified": "2016-02-19T04:49:06.000Z",
|
|
"description": "Automatically added (via abb9f4fab64dd7a03574abdd1076b5ea)",
|
|
"pattern": "[file:hashes.SHA1 = 'c1d8be765adcf76e5ccb2cf094191c0fec4bf085']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ec3-7914-4ed4-a57f-c653950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:07.000Z",
|
|
"modified": "2016-02-19T04:49:07.000Z",
|
|
"description": "Automatically added (via 542b00f903f945ad3a9291cb0af73446)",
|
|
"pattern": "[file:hashes.SHA1 = '7664c490160858ec8cfc8203f88d354aea1cfe43']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ec4-a450-4c2d-80fd-c652950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:08.000Z",
|
|
"modified": "2016-02-19T04:49:08.000Z",
|
|
"description": "Automatically added (via a427ff7abb17af6cf5fb70c49e9bf4e1)",
|
|
"pattern": "[file:hashes.SHA1 = '71a5da3ccb4347fe785c6bfff7b741af80b76091']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ec5-4490-4841-91bd-5f51950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:09.000Z",
|
|
"modified": "2016-02-19T04:49:09.000Z",
|
|
"description": "Automatically added (via 2646f7159e1723f089d63e08c8bfaffb)",
|
|
"pattern": "[file:hashes.SHA1 = '48904399f7726b9adf7f28c07b0599717f741b8b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ec6-7d6c-4de6-bf3e-59a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:10.000Z",
|
|
"modified": "2016-02-19T04:49:10.000Z",
|
|
"description": "Automatically added (via 609abb2a86c324bbb9ba1e253595e573)",
|
|
"pattern": "[file:hashes.SHA1 = '5b30ecfd47988a77556fe6c0c0b950510052c91e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ec7-5b6c-48fe-bb28-59a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:11.000Z",
|
|
"modified": "2016-02-19T04:49:11.000Z",
|
|
"description": "Automatically added (via ae552fc43f1ba8684655d8bf8c6af869)",
|
|
"pattern": "[file:hashes.SHA1 = 'b80a90b39fba705f86676c5cc3e0deca225d57ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ec8-fd0c-4669-8f1e-491e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:12.000Z",
|
|
"modified": "2016-02-19T04:49:12.000Z",
|
|
"description": "Automatically added (via 1234bf4f0f5debc800d85c1bd2255671)",
|
|
"pattern": "[file:hashes.SHA1 = '2531f40a1d9e50793d04d245fd6185aaebcc54f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ec9-a8ac-406a-ac42-c653950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:13.000Z",
|
|
"modified": "2016-02-19T04:49:13.000Z",
|
|
"description": "Automatically added (via e685ea8b37f707f3706d7281b8f6816a)",
|
|
"pattern": "[file:hashes.SHA1 = '56f6ac6197ce9cc774f72df948b414eed576b6c3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69eca-a14c-40f4-8fd9-59a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:14.000Z",
|
|
"modified": "2016-02-19T04:49:14.000Z",
|
|
"description": "Automatically added (via 9179f4683ece450c1ac7a819b32bdb6d)",
|
|
"pattern": "[file:hashes.SHA1 = '791ecf11c04470e9ea881549aebd1dded3e4a5ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ecb-c15c-49ba-8a25-5ca1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:15.000Z",
|
|
"modified": "2016-02-19T04:49:15.000Z",
|
|
"description": "Automatically added (via cdc60eb93b594fb5e7e5895e2b441240)",
|
|
"pattern": "[file:hashes.SHA1 = '181e9bca23484156cae005f421629da56b5cc6b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ecc-f068-4acb-854e-c654950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:16.000Z",
|
|
"modified": "2016-02-19T04:49:16.000Z",
|
|
"description": "Automatically added (via 39b67cc6dae5214328022c44f28ced8b)",
|
|
"pattern": "[file:hashes.SHA1 = 'f6f290a95d68373da813782ef4723e39524d048b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ece-cbac-43d8-9827-599c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:18.000Z",
|
|
"modified": "2016-02-19T04:49:18.000Z",
|
|
"description": "Automatically added (via 3813b848162261cc5982dd64c741b450)",
|
|
"pattern": "[file:hashes.SHA1 = '37a3e77bfa6ca1afbd0af7661655815fb1d3da83']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c69ecf-f6d0-416b-bdca-c650950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T04:49:19.000Z",
|
|
"modified": "2016-02-19T04:49:19.000Z",
|
|
"description": "Automatically added (via 35724e234f6258e601257fb219db9079)",
|
|
"pattern": "[file:hashes.SHA1 = '850c9f3b14f895aaa97a85ae147f07c9770fb4c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T04:49:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |