misp-circl-feed/feeds/circl/misp/564264fe-1794-4894-878f-68b5950d210b.json

1168 lines
No EOL
49 KiB
JSON

{
"type": "bundle",
"id": "bundle--564264fe-1794-4894-878f-68b5950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:37:37.000Z",
"modified": "2015-11-11T06:37:37.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--564264fe-1794-4894-878f-68b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:37:37.000Z",
"modified": "2015-11-11T06:37:37.000Z",
"name": "OSINT CryptoWall v4 Emerges Days After Cyber Threat Alliance Report by Palo Alto Networks Unit 42",
"published": "2015-11-11T06:37:41Z",
"object_refs": [
"observed-data--56426512-800c-4695-b9a4-cf48950d210b",
"url--56426512-800c-4695-b9a4-cf48950d210b",
"indicator--56426538-dc54-419e-94e4-cf3d950d210b",
"indicator--56426538-1ed4-4fdb-95e1-cf3d950d210b",
"indicator--56426539-c1a0-47e5-b39a-cf3d950d210b",
"indicator--56426539-9bac-49fa-83ea-cf3d950d210b",
"indicator--5642653a-1060-4d38-bab5-cf3d950d210b",
"indicator--5642653a-c194-498d-b7a9-cf3d950d210b",
"indicator--5642653a-5f54-4f76-ac40-cf3d950d210b",
"indicator--5642653b-a50c-48d3-b84f-cf3d950d210b",
"indicator--5642653b-5a60-4a20-a1bd-cf3d950d210b",
"indicator--5642653c-92d8-4e82-a9d5-cf3d950d210b",
"indicator--5642653c-a478-4416-80f8-cf3d950d210b",
"indicator--5642653c-a510-45ad-981e-cf3d950d210b",
"indicator--5642653d-ca54-4c85-93d5-cf3d950d210b",
"indicator--5642653d-bddc-458a-b158-cf3d950d210b",
"indicator--5642e07f-d140-4b5d-817c-cf3c950d210b",
"indicator--5642e080-2aa0-43a3-87be-cf3c950d210b",
"observed-data--5642e080-1640-409d-baa9-cf3c950d210b",
"url--5642e080-1640-409d-baa9-cf3c950d210b",
"indicator--5642e080-97b4-49b5-bb62-cf3c950d210b",
"indicator--5642e081-887c-4d00-8111-cf3c950d210b",
"observed-data--5642e081-f188-42b3-a439-cf3c950d210b",
"url--5642e081-f188-42b3-a439-cf3c950d210b",
"indicator--5642e082-5b40-4a76-865f-cf3c950d210b",
"indicator--5642e082-e1ec-4a96-bc66-cf3c950d210b",
"observed-data--5642e082-dda4-488c-8517-cf3c950d210b",
"url--5642e082-dda4-488c-8517-cf3c950d210b",
"indicator--5642e083-4564-4a15-9580-cf3c950d210b",
"indicator--5642e083-1304-4ffd-9f37-cf3c950d210b",
"observed-data--5642e084-a1c0-43ae-a113-cf3c950d210b",
"url--5642e084-a1c0-43ae-a113-cf3c950d210b",
"indicator--5642e084-6028-47e0-8f86-cf3c950d210b",
"indicator--5642e084-ceb0-4472-8409-cf3c950d210b",
"observed-data--5642e085-b648-41f3-b451-cf3c950d210b",
"url--5642e085-b648-41f3-b451-cf3c950d210b",
"indicator--5642e085-d408-46d8-b71d-cf3c950d210b",
"indicator--5642e086-c704-477c-8411-cf3c950d210b",
"observed-data--5642e086-b5f0-4fac-ac55-cf3c950d210b",
"url--5642e086-b5f0-4fac-ac55-cf3c950d210b",
"indicator--5642e086-3e28-4961-b5af-cf3c950d210b",
"indicator--5642e087-24bc-4d1e-8b9d-cf3c950d210b",
"observed-data--5642e087-7b8c-4aeb-a133-cf3c950d210b",
"url--5642e087-7b8c-4aeb-a133-cf3c950d210b",
"indicator--5642e088-10f4-4ebf-a354-cf3c950d210b",
"indicator--5642e088-982c-479f-8ec2-cf3c950d210b",
"observed-data--5642e089-9bcc-47eb-ae4b-cf3c950d210b",
"url--5642e089-9bcc-47eb-ae4b-cf3c950d210b",
"indicator--5642e089-bd2c-4c30-8d3b-cf3c950d210b",
"indicator--5642e089-f7d4-4efa-b002-cf3c950d210b",
"observed-data--5642e08a-eeac-48f3-83c2-cf3c950d210b",
"url--5642e08a-eeac-48f3-83c2-cf3c950d210b",
"indicator--5642e08a-537c-4208-b5a1-cf3c950d210b",
"indicator--5642e08b-6234-4dd2-b803-cf3c950d210b",
"observed-data--5642e08b-a72c-421b-b5db-cf3c950d210b",
"url--5642e08b-a72c-421b-b5db-cf3c950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56426512-800c-4695-b9a4-cf48950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:43:46.000Z",
"modified": "2015-11-10T21:43:46.000Z",
"first_observed": "2015-11-10T21:43:46Z",
"last_observed": "2015-11-10T21:43:46Z",
"number_observed": 1,
"object_refs": [
"url--56426512-800c-4695-b9a4-cf48950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56426512-800c-4695-b9a4-cf48950d210b",
"value": "http://researchcenter.paloaltonetworks.com/2015/11/cryptowall-v4-emerges-days-after-cyber-threat-alliance-report/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56426538-dc54-419e-94e4-cf3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:44:24.000Z",
"modified": "2015-11-10T21:44:24.000Z",
"pattern": "[file:hashes.SHA256 = '4ae64579fa0efd0be978c6797efe05d31517985b28ebd95dcadfacf3bb551f56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T21:44:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56426538-1ed4-4fdb-95e1-cf3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:44:24.000Z",
"modified": "2015-11-10T21:44:24.000Z",
"pattern": "[url:value = 'http://46.30.43.183/syria.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T21:44:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56426539-c1a0-47e5-b39a-cf3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:44:25.000Z",
"modified": "2015-11-10T21:44:25.000Z",
"pattern": "[url:value = 'http://46.30.45.110/analitics.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T21:44:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56426539-9bac-49fa-83ea-cf3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:44:25.000Z",
"modified": "2015-11-10T21:44:25.000Z",
"pattern": "[file:hashes.SHA256 = '3509700469dfe290fa10f67490d763d14443ba7e571c974132bac0b385e69667']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T21:44:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642653a-1060-4d38-bab5-cf3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:44:26.000Z",
"modified": "2015-11-10T21:44:26.000Z",
"pattern": "[file:hashes.SHA256 = '299b298b433d1cc130f699e2b5c2d1cb3c7e5eb6dd8a5c494a8c5022eafa9223']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T21:44:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642653a-c194-498d-b7a9-cf3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:44:26.000Z",
"modified": "2015-11-10T21:44:26.000Z",
"pattern": "[file:hashes.SHA256 = '3a73bb154506d8a9a3f4f658bac9a8b38d7590d296496e843503323d5f9b7801']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T21:44:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642653a-5f54-4f76-ac40-cf3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:44:26.000Z",
"modified": "2015-11-10T21:44:26.000Z",
"pattern": "[file:hashes.SHA256 = '9bd0e36a9cc6a0754d695b27433fafba4f6c8ef82b71ccf20903d3d109e8e804']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T21:44:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642653b-a50c-48d3-b84f-cf3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:44:27.000Z",
"modified": "2015-11-10T21:44:27.000Z",
"pattern": "[file:hashes.SHA256 = '2d04d2a43e1d5a6920a806d8086da9c47f90e1cd25aa99b95af182ee9e1960b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T21:44:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642653b-5a60-4a20-a1bd-cf3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:44:27.000Z",
"modified": "2015-11-10T21:44:27.000Z",
"pattern": "[file:hashes.SHA256 = '41fa6b1f25ae106a1a1c1734e6018e7c10efb4e31e4851d8fdc1a028d0249d63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T21:44:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642653c-92d8-4e82-a9d5-cf3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:44:28.000Z",
"modified": "2015-11-10T21:44:28.000Z",
"pattern": "[file:hashes.SHA256 = 'bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T21:44:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642653c-a478-4416-80f8-cf3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:44:28.000Z",
"modified": "2015-11-10T21:44:28.000Z",
"pattern": "[file:hashes.SHA256 = 'dd64fb6df49a21bfc3f59ac25346beec05f1f9414de6584b4469a6085e7efdd2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T21:44:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642653c-a510-45ad-981e-cf3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:44:28.000Z",
"modified": "2015-11-10T21:44:28.000Z",
"pattern": "[file:hashes.SHA256 = '4c2d28a7ed5cf44b3641a9f6a5dfedd97b420e720376cb986062580cbda5ad3d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T21:44:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642653d-ca54-4c85-93d5-cf3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:44:29.000Z",
"modified": "2015-11-10T21:44:29.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.30.43.183']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T21:44:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642653d-bddc-458a-b158-cf3d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-10T21:44:29.000Z",
"modified": "2015-11-10T21:44:29.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.30.45.110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-10T21:44:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e07f-d140-4b5d-817c-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:23.000Z",
"modified": "2015-11-11T06:30:23.000Z",
"description": "- Xchecked via VT: 4c2d28a7ed5cf44b3641a9f6a5dfedd97b420e720376cb986062580cbda5ad3d",
"pattern": "[file:hashes.SHA1 = '2f687a620b12db374de7d1c3bb8905fc764b5c0a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e080-2aa0-43a3-87be-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:24.000Z",
"modified": "2015-11-11T06:30:24.000Z",
"description": "- Xchecked via VT: 4c2d28a7ed5cf44b3641a9f6a5dfedd97b420e720376cb986062580cbda5ad3d",
"pattern": "[file:hashes.MD5 = 'd6b64f2be383a9d26bd6f2e7dad3399f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e080-1640-409d-baa9-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:24.000Z",
"modified": "2015-11-11T06:30:24.000Z",
"first_observed": "2015-11-11T06:30:24Z",
"last_observed": "2015-11-11T06:30:24Z",
"number_observed": 1,
"object_refs": [
"url--5642e080-1640-409d-baa9-cf3c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e080-1640-409d-baa9-cf3c950d210b",
"value": "https://www.virustotal.com/file/4c2d28a7ed5cf44b3641a9f6a5dfedd97b420e720376cb986062580cbda5ad3d/analysis/1446585480/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e080-97b4-49b5-bb62-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:24.000Z",
"modified": "2015-11-11T06:30:24.000Z",
"description": "- Xchecked via VT: dd64fb6df49a21bfc3f59ac25346beec05f1f9414de6584b4469a6085e7efdd2",
"pattern": "[file:hashes.SHA1 = '17564218c2127ef7c88754333598d4549ead35ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e081-887c-4d00-8111-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:25.000Z",
"modified": "2015-11-11T06:30:25.000Z",
"description": "- Xchecked via VT: dd64fb6df49a21bfc3f59ac25346beec05f1f9414de6584b4469a6085e7efdd2",
"pattern": "[file:hashes.MD5 = 'd67af2c69617081f73b9c6df543c908f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e081-f188-42b3-a439-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:25.000Z",
"modified": "2015-11-11T06:30:25.000Z",
"first_observed": "2015-11-11T06:30:25Z",
"last_observed": "2015-11-11T06:30:25Z",
"number_observed": 1,
"object_refs": [
"url--5642e081-f188-42b3-a439-cf3c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e081-f188-42b3-a439-cf3c950d210b",
"value": "https://www.virustotal.com/file/dd64fb6df49a21bfc3f59ac25346beec05f1f9414de6584b4469a6085e7efdd2/analysis/1446822342/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e082-5b40-4a76-865f-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:26.000Z",
"modified": "2015-11-11T06:30:26.000Z",
"description": "- Xchecked via VT: bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2",
"pattern": "[file:hashes.SHA1 = '949f1903642e72575e107ee492faba670c8e0006']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e082-e1ec-4a96-bc66-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:26.000Z",
"modified": "2015-11-11T06:30:26.000Z",
"description": "- Xchecked via VT: bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2",
"pattern": "[file:hashes.MD5 = '5384f752e3a2b59fad9d0f143ce0215a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e082-dda4-488c-8517-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:26.000Z",
"modified": "2015-11-11T06:30:26.000Z",
"first_observed": "2015-11-11T06:30:26Z",
"last_observed": "2015-11-11T06:30:26Z",
"number_observed": 1,
"object_refs": [
"url--5642e082-dda4-488c-8517-cf3c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e082-dda4-488c-8517-cf3c950d210b",
"value": "https://www.virustotal.com/file/bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2/analysis/1447214288/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e083-4564-4a15-9580-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:27.000Z",
"modified": "2015-11-11T06:30:27.000Z",
"description": "- Xchecked via VT: 41fa6b1f25ae106a1a1c1734e6018e7c10efb4e31e4851d8fdc1a028d0249d63",
"pattern": "[file:hashes.SHA1 = '71cdc9064c25ac7fb469c018255e0f04aa9add7a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e083-1304-4ffd-9f37-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:27.000Z",
"modified": "2015-11-11T06:30:27.000Z",
"description": "- Xchecked via VT: 41fa6b1f25ae106a1a1c1734e6018e7c10efb4e31e4851d8fdc1a028d0249d63",
"pattern": "[file:hashes.MD5 = '999b597cdfc10a8e960e3c24e1c51e26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e084-a1c0-43ae-a113-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:28.000Z",
"modified": "2015-11-11T06:30:28.000Z",
"first_observed": "2015-11-11T06:30:28Z",
"last_observed": "2015-11-11T06:30:28Z",
"number_observed": 1,
"object_refs": [
"url--5642e084-a1c0-43ae-a113-cf3c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e084-a1c0-43ae-a113-cf3c950d210b",
"value": "https://www.virustotal.com/file/41fa6b1f25ae106a1a1c1734e6018e7c10efb4e31e4851d8fdc1a028d0249d63/analysis/1446579385/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e084-6028-47e0-8f86-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:28.000Z",
"modified": "2015-11-11T06:30:28.000Z",
"description": "- Xchecked via VT: 2d04d2a43e1d5a6920a806d8086da9c47f90e1cd25aa99b95af182ee9e1960b3",
"pattern": "[file:hashes.SHA1 = 'b38fb01ffe6fbaead77c80dbd21bb6077464b8a5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e084-ceb0-4472-8409-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:28.000Z",
"modified": "2015-11-11T06:30:28.000Z",
"description": "- Xchecked via VT: 2d04d2a43e1d5a6920a806d8086da9c47f90e1cd25aa99b95af182ee9e1960b3",
"pattern": "[file:hashes.MD5 = 'e28a0ed74e78e75710b0d46742e407e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e085-b648-41f3-b451-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:29.000Z",
"modified": "2015-11-11T06:30:29.000Z",
"first_observed": "2015-11-11T06:30:29Z",
"last_observed": "2015-11-11T06:30:29Z",
"number_observed": 1,
"object_refs": [
"url--5642e085-b648-41f3-b451-cf3c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e085-b648-41f3-b451-cf3c950d210b",
"value": "https://www.virustotal.com/file/2d04d2a43e1d5a6920a806d8086da9c47f90e1cd25aa99b95af182ee9e1960b3/analysis/1446996756/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e085-d408-46d8-b71d-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:29.000Z",
"modified": "2015-11-11T06:30:29.000Z",
"description": "- Xchecked via VT: 9bd0e36a9cc6a0754d695b27433fafba4f6c8ef82b71ccf20903d3d109e8e804",
"pattern": "[file:hashes.SHA1 = '4e1423e1404ce1d5d6536da0443074636257d0bb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e086-c704-477c-8411-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:30.000Z",
"modified": "2015-11-11T06:30:30.000Z",
"description": "- Xchecked via VT: 9bd0e36a9cc6a0754d695b27433fafba4f6c8ef82b71ccf20903d3d109e8e804",
"pattern": "[file:hashes.MD5 = 'faa1d566f5bd28e908a40189d83edd42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e086-b5f0-4fac-ac55-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:30.000Z",
"modified": "2015-11-11T06:30:30.000Z",
"first_observed": "2015-11-11T06:30:30Z",
"last_observed": "2015-11-11T06:30:30Z",
"number_observed": 1,
"object_refs": [
"url--5642e086-b5f0-4fac-ac55-cf3c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e086-b5f0-4fac-ac55-cf3c950d210b",
"value": "https://www.virustotal.com/file/9bd0e36a9cc6a0754d695b27433fafba4f6c8ef82b71ccf20903d3d109e8e804/analysis/1446293167/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e086-3e28-4961-b5af-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:30.000Z",
"modified": "2015-11-11T06:30:30.000Z",
"description": "- Xchecked via VT: 3a73bb154506d8a9a3f4f658bac9a8b38d7590d296496e843503323d5f9b7801",
"pattern": "[file:hashes.SHA1 = 'e5216e3f23ba1dfb33c45412dd96a2f87ca45dca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e087-24bc-4d1e-8b9d-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:31.000Z",
"modified": "2015-11-11T06:30:31.000Z",
"description": "- Xchecked via VT: 3a73bb154506d8a9a3f4f658bac9a8b38d7590d296496e843503323d5f9b7801",
"pattern": "[file:hashes.MD5 = 'e73806e3f41f61e7c7a364625cd58f65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e087-7b8c-4aeb-a133-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:31.000Z",
"modified": "2015-11-11T06:30:31.000Z",
"first_observed": "2015-11-11T06:30:31Z",
"last_observed": "2015-11-11T06:30:31Z",
"number_observed": 1,
"object_refs": [
"url--5642e087-7b8c-4aeb-a133-cf3c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e087-7b8c-4aeb-a133-cf3c950d210b",
"value": "https://www.virustotal.com/file/3a73bb154506d8a9a3f4f658bac9a8b38d7590d296496e843503323d5f9b7801/analysis/1447151428/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e088-10f4-4ebf-a354-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:32.000Z",
"modified": "2015-11-11T06:30:32.000Z",
"description": "- Xchecked via VT: 299b298b433d1cc130f699e2b5c2d1cb3c7e5eb6dd8a5c494a8c5022eafa9223",
"pattern": "[file:hashes.SHA1 = '4dc7d878dcbbae9b37453b6874937a2bb426ddb4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e088-982c-479f-8ec2-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:32.000Z",
"modified": "2015-11-11T06:30:32.000Z",
"description": "- Xchecked via VT: 299b298b433d1cc130f699e2b5c2d1cb3c7e5eb6dd8a5c494a8c5022eafa9223",
"pattern": "[file:hashes.MD5 = '48e4daf494e4fa2577d8fa94b7b89e35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e089-9bcc-47eb-ae4b-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:33.000Z",
"modified": "2015-11-11T06:30:33.000Z",
"first_observed": "2015-11-11T06:30:33Z",
"last_observed": "2015-11-11T06:30:33Z",
"number_observed": 1,
"object_refs": [
"url--5642e089-9bcc-47eb-ae4b-cf3c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e089-9bcc-47eb-ae4b-cf3c950d210b",
"value": "https://www.virustotal.com/file/299b298b433d1cc130f699e2b5c2d1cb3c7e5eb6dd8a5c494a8c5022eafa9223/analysis/1446822341/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e089-bd2c-4c30-8d3b-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:33.000Z",
"modified": "2015-11-11T06:30:33.000Z",
"description": "- Xchecked via VT: 3509700469dfe290fa10f67490d763d14443ba7e571c974132bac0b385e69667",
"pattern": "[file:hashes.SHA1 = 'cb5c885266840321245098aa0b9574950ab95c60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e089-f7d4-4efa-b002-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:33.000Z",
"modified": "2015-11-11T06:30:33.000Z",
"description": "- Xchecked via VT: 3509700469dfe290fa10f67490d763d14443ba7e571c974132bac0b385e69667",
"pattern": "[file:hashes.MD5 = '274b166a39093fc87faa42a7608841d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e08a-eeac-48f3-83c2-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:34.000Z",
"modified": "2015-11-11T06:30:34.000Z",
"first_observed": "2015-11-11T06:30:34Z",
"last_observed": "2015-11-11T06:30:34Z",
"number_observed": 1,
"object_refs": [
"url--5642e08a-eeac-48f3-83c2-cf3c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e08a-eeac-48f3-83c2-cf3c950d210b",
"value": "https://www.virustotal.com/file/3509700469dfe290fa10f67490d763d14443ba7e571c974132bac0b385e69667/analysis/1446293477/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e08a-537c-4208-b5a1-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:34.000Z",
"modified": "2015-11-11T06:30:34.000Z",
"description": "- Xchecked via VT: 4ae64579fa0efd0be978c6797efe05d31517985b28ebd95dcadfacf3bb551f56",
"pattern": "[file:hashes.SHA1 = '65ddba4a3ffbb84875573e7442560fcfcd42c947']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5642e08b-6234-4dd2-b803-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:35.000Z",
"modified": "2015-11-11T06:30:35.000Z",
"description": "- Xchecked via VT: 4ae64579fa0efd0be978c6797efe05d31517985b28ebd95dcadfacf3bb551f56",
"pattern": "[file:hashes.MD5 = '50b965686ad2cbdc0066e870a928177e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-11T06:30:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5642e08b-a72c-421b-b5db-cf3c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-11-11T06:30:35.000Z",
"modified": "2015-11-11T06:30:35.000Z",
"first_observed": "2015-11-11T06:30:35Z",
"last_observed": "2015-11-11T06:30:35Z",
"number_observed": 1,
"object_refs": [
"url--5642e08b-a72c-421b-b5db-cf3c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5642e08b-a72c-421b-b5db-cf3c950d210b",
"value": "https://www.virustotal.com/file/4ae64579fa0efd0be978c6797efe05d31517985b28ebd95dcadfacf3bb551f56/analysis/1447182903/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}