10380 lines
No EOL
442 KiB
JSON
10380 lines
No EOL
442 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--58904f8a-8a40-4894-8487-4a58950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:44:36.000Z",
|
|
"modified": "2017-01-31T09:44:36.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--58904f8a-8a40-4894-8487-4a58950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:44:36.000Z",
|
|
"modified": "2017-01-31T09:44:36.000Z",
|
|
"name": "OSINT - Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments",
|
|
"published": "2017-01-31T09:45:40Z",
|
|
"object_refs": [
|
|
"observed-data--58904fc1-5690-45a6-8ee2-e58f950d210f",
|
|
"url--58904fc1-5690-45a6-8ee2-e58f950d210f",
|
|
"x-misp-attribute--58904fdc-ccb8-44cc-a678-e58e950d210f",
|
|
"indicator--5890501a-ed68-4f6a-8d82-e595950d210f",
|
|
"indicator--5890501a-eb84-4b0d-8030-e595950d210f",
|
|
"indicator--5890501b-8cac-4b3e-bb8b-e595950d210f",
|
|
"indicator--5890501c-5670-4bf7-8da3-e595950d210f",
|
|
"indicator--5890501c-4798-4765-b0ef-e595950d210f",
|
|
"indicator--5890501d-0cdc-44fb-803f-e595950d210f",
|
|
"indicator--5890501e-7c58-46e4-97ab-e595950d210f",
|
|
"indicator--5890501e-7318-492d-892e-e595950d210f",
|
|
"indicator--5890501f-23ac-4ba5-a47b-e595950d210f",
|
|
"indicator--58905020-6044-44a5-91ec-e595950d210f",
|
|
"indicator--58905021-0830-46d3-ae6e-e595950d210f",
|
|
"indicator--58905021-a96c-46b4-8326-e595950d210f",
|
|
"indicator--58905022-605c-47e3-93a6-e595950d210f",
|
|
"indicator--58905023-cea4-4cdb-bd77-e595950d210f",
|
|
"indicator--58905023-0748-4d97-8178-e595950d210f",
|
|
"indicator--58905024-17f4-4a31-8ac6-e595950d210f",
|
|
"indicator--58905025-caf8-473b-960c-e595950d210f",
|
|
"indicator--58905026-aa90-47fd-bd09-e595950d210f",
|
|
"indicator--58905026-aa14-430a-bb59-e595950d210f",
|
|
"indicator--58905027-d29c-4fb6-b807-e595950d210f",
|
|
"indicator--58905028-bdb8-485b-b6c4-e595950d210f",
|
|
"indicator--58905028-5454-4383-bb4d-e595950d210f",
|
|
"indicator--58905029-1038-4148-aa0c-e595950d210f",
|
|
"indicator--5890502a-adf4-45b7-ae83-e595950d210f",
|
|
"indicator--5890502a-ace4-46f4-bb79-e595950d210f",
|
|
"indicator--5890502b-38dc-470a-a84a-e595950d210f",
|
|
"indicator--5890502c-6554-43aa-b93c-e595950d210f",
|
|
"indicator--5890502d-a17c-4a5e-9fc6-e595950d210f",
|
|
"indicator--5890502d-5114-4db5-b364-e595950d210f",
|
|
"indicator--5890502e-103c-453a-b53e-e595950d210f",
|
|
"indicator--5890502f-6cfc-434b-b565-e595950d210f",
|
|
"indicator--58905030-bfe8-41fa-a27a-e595950d210f",
|
|
"indicator--58905031-0a74-4cea-bc13-e595950d210f",
|
|
"indicator--58905032-05fc-439b-81c2-e595950d210f",
|
|
"indicator--589052a3-1840-4ad8-affe-467c950d210f",
|
|
"indicator--589052a4-fb28-483a-8163-42c1950d210f",
|
|
"indicator--589052a4-dca0-48e6-ac04-40a2950d210f",
|
|
"indicator--589052a5-bad0-41b6-86ed-47b1950d210f",
|
|
"indicator--589052a6-59cc-45a0-868c-4c31950d210f",
|
|
"indicator--589052a7-c444-4537-ab0c-4edc950d210f",
|
|
"indicator--589052a8-7e94-4638-bbbc-4ca5950d210f",
|
|
"indicator--589052a9-520c-49e6-920d-4264950d210f",
|
|
"indicator--589052aa-5130-4158-9757-47c6950d210f",
|
|
"indicator--589052aa-9b94-405b-9b81-4bb7950d210f",
|
|
"indicator--589052ab-8dc4-43a3-a266-40c2950d210f",
|
|
"indicator--589052ac-4328-49b1-941b-4ec8950d210f",
|
|
"indicator--589052ad-0bb0-4ea3-962f-441c950d210f",
|
|
"indicator--589052ae-0afc-463c-a00f-48a2950d210f",
|
|
"indicator--589052af-0338-42f8-9fb9-41ca950d210f",
|
|
"indicator--589052af-7fac-4547-bf7f-4a27950d210f",
|
|
"indicator--589052b0-e288-4e4c-8771-4a7b950d210f",
|
|
"indicator--589052b1-525c-4563-9b8c-49fb950d210f",
|
|
"indicator--589052b2-f4c0-49f6-8437-47a1950d210f",
|
|
"indicator--589052b3-d2d0-4b6d-b365-4d2c950d210f",
|
|
"indicator--589052b4-40e8-4f97-abd1-435e950d210f",
|
|
"indicator--589052b4-bb80-4a53-9077-4bff950d210f",
|
|
"indicator--589052b5-ca80-4b97-a9be-46c1950d210f",
|
|
"indicator--589052b6-7c44-4c57-8947-4708950d210f",
|
|
"indicator--589052b7-c758-40fc-be17-4736950d210f",
|
|
"indicator--589052b8-50a4-4714-8aff-4737950d210f",
|
|
"indicator--589052b8-29ec-4fb9-b84b-4f8f950d210f",
|
|
"indicator--589052b9-9a94-43de-b4a3-4f7c950d210f",
|
|
"indicator--589052ba-d060-425c-9768-49e8950d210f",
|
|
"indicator--589052bb-f8b8-4af0-b621-4be5950d210f",
|
|
"indicator--589052bc-d230-4c7d-b35e-47c9950d210f",
|
|
"indicator--589053f0-0b0c-4e48-baf4-42ff950d210f",
|
|
"indicator--589053f1-2ac0-4c50-83c0-4c4b950d210f",
|
|
"indicator--589053f2-ddd4-4c07-82e6-4fab950d210f",
|
|
"indicator--589053f3-c924-4856-b6b7-48dc950d210f",
|
|
"indicator--589053f4-5f18-40da-9120-4f36950d210f",
|
|
"indicator--589053f4-c890-488e-ba53-4899950d210f",
|
|
"indicator--589053f5-2b2c-41fb-96e4-4fa4950d210f",
|
|
"indicator--589053f6-c4d4-43b0-a8a5-47ca950d210f",
|
|
"indicator--589053f7-f728-490d-ac0e-4663950d210f",
|
|
"indicator--589053f8-ad70-4a33-8ccf-496a950d210f",
|
|
"indicator--589053f9-ef90-4672-84b8-48d7950d210f",
|
|
"indicator--589053f9-de64-461d-b791-4013950d210f",
|
|
"indicator--589053fa-7a7c-46c8-b135-42a0950d210f",
|
|
"indicator--589053fb-76dc-4022-bd30-407b950d210f",
|
|
"indicator--589053fc-04ac-491d-8fa3-4c2c950d210f",
|
|
"indicator--589053fd-b44c-47b9-a212-4cdb950d210f",
|
|
"indicator--589053fe-68b0-45f3-b74d-40ee950d210f",
|
|
"indicator--589053ff-955c-4bed-8581-4a2b950d210f",
|
|
"indicator--58905400-afbc-483c-9f60-4473950d210f",
|
|
"indicator--58905400-98dc-4ac0-9244-40d7950d210f",
|
|
"indicator--58905401-78e4-40bc-96f1-4ec0950d210f",
|
|
"indicator--58905402-6f4c-40e5-b85d-47ca950d210f",
|
|
"indicator--58905403-83c8-4322-b258-4622950d210f",
|
|
"indicator--58905404-b7e8-4a38-9156-426f950d210f",
|
|
"indicator--58905405-b6b8-425a-a210-4e06950d210f",
|
|
"indicator--58905405-2a9c-4ea9-ab8b-4caf950d210f",
|
|
"indicator--58905406-04d4-44c3-9558-43c1950d210f",
|
|
"indicator--58905407-83a8-431d-973e-4346950d210f",
|
|
"indicator--58905408-f65c-4dd8-ade7-4884950d210f",
|
|
"indicator--58905409-417c-42d4-af49-4e9c950d210f",
|
|
"indicator--58905409-1e9c-421f-9908-461e950d210f",
|
|
"indicator--5890540a-7fa0-4160-bf04-476a950d210f",
|
|
"indicator--5890540b-3cf8-4207-a571-46d6950d210f",
|
|
"indicator--5890540c-3cac-4fc9-9911-4b5f950d210f",
|
|
"indicator--5890540d-5854-457d-bd17-4675950d210f",
|
|
"indicator--5890540d-9b94-4794-bd54-47c0950d210f",
|
|
"indicator--5890540e-8574-4246-b38a-48a4950d210f",
|
|
"indicator--5890540f-9bb8-4463-ab8c-4fe5950d210f",
|
|
"indicator--58905410-5008-4050-a39d-4607950d210f",
|
|
"indicator--58905411-b074-44ce-bd6d-4b65950d210f",
|
|
"indicator--58905412-b6b4-48ee-882a-4022950d210f",
|
|
"indicator--58905412-0f24-49ea-8c09-448b950d210f",
|
|
"indicator--58905413-dc2c-4db7-916c-4ca2950d210f",
|
|
"indicator--58905414-ba04-4536-8c8a-4d7d950d210f",
|
|
"indicator--58905415-0c20-4034-8749-4866950d210f",
|
|
"indicator--58905416-1a50-48f5-b662-4720950d210f",
|
|
"indicator--58905526-1470-4047-9137-4d31950d210f",
|
|
"indicator--58905527-8c8c-4648-b8e6-4fe4950d210f",
|
|
"indicator--58905528-938c-4535-bc31-4c5a950d210f",
|
|
"indicator--58905529-eed4-4972-a26e-4264950d210f",
|
|
"indicator--58905529-e4b8-41d0-9719-467f950d210f",
|
|
"indicator--5890552a-dfc0-4206-8998-4361950d210f",
|
|
"indicator--5890552b-1720-4629-b92f-41b1950d210f",
|
|
"indicator--5890552c-2ca0-4c2f-8eb6-4fbe950d210f",
|
|
"indicator--5890552d-a14c-4185-a482-4b4b950d210f",
|
|
"indicator--5890552e-70ac-4eb8-ac56-4635950d210f",
|
|
"indicator--5890552e-6c34-4211-83a4-4d94950d210f",
|
|
"indicator--5890552f-355c-4598-a4c5-4745950d210f",
|
|
"indicator--58905530-972c-438a-8474-4082950d210f",
|
|
"indicator--58905531-aed4-481f-bec6-4c10950d210f",
|
|
"indicator--58905531-cfe8-4f6e-b18f-4d25950d210f",
|
|
"indicator--58905532-6d6c-4b21-8968-4dfb950d210f",
|
|
"indicator--58905533-2504-45c6-862b-483f950d210f",
|
|
"indicator--58905534-3f28-4e45-909f-48e8950d210f",
|
|
"indicator--58905535-c3a8-4545-9628-4a6a950d210f",
|
|
"indicator--58905535-d234-4ed2-8745-4a4b950d210f",
|
|
"indicator--58905536-6228-4ac8-b20f-42d7950d210f",
|
|
"indicator--58905537-4c84-4e2d-ab88-4b76950d210f",
|
|
"indicator--58905538-1350-4bc7-8b9b-4c58950d210f",
|
|
"indicator--58905539-ce54-4e54-be27-4861950d210f",
|
|
"indicator--589058d7-9b58-4543-84f6-e59502de0b81",
|
|
"indicator--589058d8-cb34-4e1c-b29a-e59502de0b81",
|
|
"observed-data--589058d8-173c-4143-bc94-e59502de0b81",
|
|
"url--589058d8-173c-4143-bc94-e59502de0b81",
|
|
"indicator--589058d9-d334-4977-bd70-e59502de0b81",
|
|
"indicator--589058da-3938-4048-b45c-e59502de0b81",
|
|
"observed-data--589058db-b22c-41f7-89f7-e59502de0b81",
|
|
"url--589058db-b22c-41f7-89f7-e59502de0b81",
|
|
"indicator--589058db-e078-4a2f-bed0-e59502de0b81",
|
|
"indicator--589058dc-3ab8-48d4-9be5-e59502de0b81",
|
|
"observed-data--589058dd-ddd0-4e48-b5d8-e59502de0b81",
|
|
"url--589058dd-ddd0-4e48-b5d8-e59502de0b81",
|
|
"indicator--589058de-1fcc-4a47-8c86-e59502de0b81",
|
|
"indicator--589058de-ad88-40da-896a-e59502de0b81",
|
|
"observed-data--589058df-28c4-4bc8-9178-e59502de0b81",
|
|
"url--589058df-28c4-4bc8-9178-e59502de0b81",
|
|
"indicator--589058e0-dbac-42f5-b9d6-e59502de0b81",
|
|
"indicator--589058e1-9714-404a-b180-e59502de0b81",
|
|
"observed-data--589058e2-fdc4-482d-a47d-e59502de0b81",
|
|
"url--589058e2-fdc4-482d-a47d-e59502de0b81",
|
|
"indicator--589058e2-c540-4992-aeca-e59502de0b81",
|
|
"indicator--589058e3-0058-44c0-87ae-e59502de0b81",
|
|
"observed-data--589058e4-1bb0-4881-884a-e59502de0b81",
|
|
"url--589058e4-1bb0-4881-884a-e59502de0b81",
|
|
"indicator--589058e5-3f24-45d5-9701-e59502de0b81",
|
|
"indicator--589058e5-1544-4474-87e2-e59502de0b81",
|
|
"observed-data--589058e6-8590-4933-97e2-e59502de0b81",
|
|
"url--589058e6-8590-4933-97e2-e59502de0b81",
|
|
"indicator--589058e7-54d0-4cb9-bed2-e59502de0b81",
|
|
"indicator--589058e8-9eb4-4faa-93ea-e59502de0b81",
|
|
"observed-data--589058e9-cda0-4481-8570-e59502de0b81",
|
|
"url--589058e9-cda0-4481-8570-e59502de0b81",
|
|
"indicator--589058ea-d680-4a02-bae1-e59502de0b81",
|
|
"indicator--589058ea-b738-4d40-b235-e59502de0b81",
|
|
"observed-data--589058eb-2960-4503-88e4-e59502de0b81",
|
|
"url--589058eb-2960-4503-88e4-e59502de0b81",
|
|
"indicator--589058ec-9d10-4662-b630-e59502de0b81",
|
|
"indicator--589058ed-7a7c-4786-bde3-e59502de0b81",
|
|
"observed-data--589058ed-6f58-4b5e-bad0-e59502de0b81",
|
|
"url--589058ed-6f58-4b5e-bad0-e59502de0b81",
|
|
"indicator--589058ee-c1c4-4ac0-b182-e59502de0b81",
|
|
"indicator--589058ef-8a34-407d-a3ef-e59502de0b81",
|
|
"observed-data--589058f0-7b8c-417e-af71-e59502de0b81",
|
|
"url--589058f0-7b8c-417e-af71-e59502de0b81",
|
|
"indicator--589058f0-557c-420a-b5ca-e59502de0b81",
|
|
"indicator--589058f1-ae40-4696-ac0e-e59502de0b81",
|
|
"observed-data--589058f2-f81c-48b6-a493-e59502de0b81",
|
|
"url--589058f2-f81c-48b6-a493-e59502de0b81",
|
|
"indicator--589058f3-25ec-43eb-a550-e59502de0b81",
|
|
"indicator--589058f3-d7b0-4de4-b732-e59502de0b81",
|
|
"observed-data--589058f4-d5a4-45c0-848a-e59502de0b81",
|
|
"url--589058f4-d5a4-45c0-848a-e59502de0b81",
|
|
"indicator--589058f5-8cd8-45ed-97aa-e59502de0b81",
|
|
"indicator--589058f6-033c-486c-9a00-e59502de0b81",
|
|
"observed-data--589058f6-a3c0-4b9a-a94c-e59502de0b81",
|
|
"url--589058f6-a3c0-4b9a-a94c-e59502de0b81",
|
|
"indicator--589058f7-6e30-43ba-9ed4-e59502de0b81",
|
|
"indicator--589058f8-8658-4cd9-87d1-e59502de0b81",
|
|
"observed-data--589058f9-1cec-45ce-b745-e59502de0b81",
|
|
"url--589058f9-1cec-45ce-b745-e59502de0b81",
|
|
"indicator--589058fa-d704-4d95-9192-e59502de0b81",
|
|
"indicator--589058fa-3d10-4ce7-a2a5-e59502de0b81",
|
|
"observed-data--589058fb-5384-46eb-b97c-e59502de0b81",
|
|
"url--589058fb-5384-46eb-b97c-e59502de0b81",
|
|
"indicator--589058fc-a3e8-47e1-8c62-e59502de0b81",
|
|
"indicator--589058fd-700c-4437-aaa7-e59502de0b81",
|
|
"observed-data--589058fd-2774-4fc6-9719-e59502de0b81",
|
|
"url--589058fd-2774-4fc6-9719-e59502de0b81",
|
|
"indicator--589058fe-d450-47b6-b000-e59502de0b81",
|
|
"indicator--589058ff-6fc8-42ce-9df5-e59502de0b81",
|
|
"observed-data--58905900-5484-4ac9-ab61-e59502de0b81",
|
|
"url--58905900-5484-4ac9-ab61-e59502de0b81",
|
|
"indicator--58905900-ab8c-4070-9581-e59502de0b81",
|
|
"indicator--58905901-5818-4bbc-9f4b-e59502de0b81",
|
|
"observed-data--58905902-3d14-48ad-921e-e59502de0b81",
|
|
"url--58905902-3d14-48ad-921e-e59502de0b81",
|
|
"indicator--58905903-1cf0-49ab-a5fb-e59502de0b81",
|
|
"indicator--58905903-9ccc-498c-8d3a-e59502de0b81",
|
|
"observed-data--58905904-edd8-4987-880a-e59502de0b81",
|
|
"url--58905904-edd8-4987-880a-e59502de0b81",
|
|
"indicator--58905905-6eb4-4261-9fbf-e59502de0b81",
|
|
"indicator--58905906-2e3c-43ac-8d1a-e59502de0b81",
|
|
"observed-data--58905907-3ec0-4a46-b650-e59502de0b81",
|
|
"url--58905907-3ec0-4a46-b650-e59502de0b81",
|
|
"indicator--58905907-422c-4198-95fb-e59502de0b81",
|
|
"indicator--58905908-ca7c-4975-8929-e59502de0b81",
|
|
"observed-data--58905909-2c00-4373-86b2-e59502de0b81",
|
|
"url--58905909-2c00-4373-86b2-e59502de0b81",
|
|
"indicator--5890590a-2f14-424d-afac-e59502de0b81",
|
|
"indicator--5890590a-a57c-4e8e-9e61-e59502de0b81",
|
|
"observed-data--5890590b-b60c-4dc3-a5d3-e59502de0b81",
|
|
"url--5890590b-b60c-4dc3-a5d3-e59502de0b81",
|
|
"indicator--5890590c-1c74-40e2-8858-e59502de0b81",
|
|
"indicator--5890590d-bf28-4c4b-87ed-e59502de0b81",
|
|
"observed-data--5890590d-ffa4-4dea-8268-e59502de0b81",
|
|
"url--5890590d-ffa4-4dea-8268-e59502de0b81",
|
|
"indicator--5890590e-cc30-4609-bebd-e59502de0b81",
|
|
"indicator--5890590f-c50c-4312-a6f9-e59502de0b81",
|
|
"observed-data--58905910-9058-471b-a295-e59502de0b81",
|
|
"url--58905910-9058-471b-a295-e59502de0b81",
|
|
"indicator--58905910-4794-47a0-9ee7-e59502de0b81",
|
|
"indicator--58905911-85e8-435b-add6-e59502de0b81",
|
|
"observed-data--58905912-0904-4946-9753-e59502de0b81",
|
|
"url--58905912-0904-4946-9753-e59502de0b81",
|
|
"indicator--58905913-f440-4177-a691-e59502de0b81",
|
|
"indicator--58905914-7cec-4f3c-a66b-e59502de0b81",
|
|
"observed-data--58905914-a098-4a34-9055-e59502de0b81",
|
|
"url--58905914-a098-4a34-9055-e59502de0b81",
|
|
"indicator--58905915-bf78-4d07-a108-e59502de0b81",
|
|
"indicator--58905916-4500-4724-a938-e59502de0b81",
|
|
"observed-data--58905917-86f4-43a7-b9c4-e59502de0b81",
|
|
"url--58905917-86f4-43a7-b9c4-e59502de0b81",
|
|
"indicator--58905918-a8f0-4635-b648-e59502de0b81",
|
|
"indicator--58905919-da98-44d0-b77b-e59502de0b81",
|
|
"observed-data--58905919-aaf0-4c31-8efe-e59502de0b81",
|
|
"url--58905919-aaf0-4c31-8efe-e59502de0b81",
|
|
"indicator--5890591a-3f24-46c0-9540-e59502de0b81",
|
|
"indicator--5890591b-04fc-4126-aece-e59502de0b81",
|
|
"observed-data--5890591c-f7dc-475a-90ed-e59502de0b81",
|
|
"url--5890591c-f7dc-475a-90ed-e59502de0b81",
|
|
"indicator--5890591c-6a48-404b-8c67-e59502de0b81",
|
|
"indicator--5890591d-d348-4f2d-842e-e59502de0b81",
|
|
"observed-data--5890591e-3930-44a8-8620-e59502de0b81",
|
|
"url--5890591e-3930-44a8-8620-e59502de0b81",
|
|
"indicator--5890591f-d56c-4281-9ae9-e59502de0b81",
|
|
"indicator--5890591f-4290-4218-9365-e59502de0b81",
|
|
"observed-data--58905920-21a0-40b0-9fec-e59502de0b81",
|
|
"url--58905920-21a0-40b0-9fec-e59502de0b81",
|
|
"indicator--58905921-8d74-4e92-85c4-e59502de0b81",
|
|
"indicator--58905922-0cc0-4442-8618-e59502de0b81",
|
|
"observed-data--58905922-f42c-49f3-95f0-e59502de0b81",
|
|
"url--58905922-f42c-49f3-95f0-e59502de0b81",
|
|
"indicator--58905923-eb10-4235-9266-e59502de0b81",
|
|
"indicator--58905924-78f0-4265-84a1-e59502de0b81",
|
|
"observed-data--58905925-4858-4ef6-b84e-e59502de0b81",
|
|
"url--58905925-4858-4ef6-b84e-e59502de0b81",
|
|
"indicator--58905926-7f34-47c2-ad20-e59502de0b81",
|
|
"indicator--58905926-6854-497b-81f1-e59502de0b81",
|
|
"observed-data--58905927-29dc-4492-aae6-e59502de0b81",
|
|
"url--58905927-29dc-4492-aae6-e59502de0b81",
|
|
"indicator--58905928-1618-49c1-9d7e-e59502de0b81",
|
|
"indicator--58905929-4960-42fb-ab7a-e59502de0b81",
|
|
"observed-data--5890592a-648c-44b2-8f5f-e59502de0b81",
|
|
"url--5890592a-648c-44b2-8f5f-e59502de0b81",
|
|
"indicator--5890592a-5f6c-41d0-8e97-e59502de0b81",
|
|
"indicator--5890592b-0dcc-4089-be52-e59502de0b81",
|
|
"observed-data--5890592c-0cd4-49fc-84ab-e59502de0b81",
|
|
"url--5890592c-0cd4-49fc-84ab-e59502de0b81",
|
|
"indicator--5890592d-ed54-428e-93ea-e59502de0b81",
|
|
"indicator--5890592d-fdcc-40b7-9d6a-e59502de0b81",
|
|
"observed-data--5890592e-6c60-4df4-9f99-e59502de0b81",
|
|
"url--5890592e-6c60-4df4-9f99-e59502de0b81",
|
|
"indicator--5890592f-d614-457d-b088-e59502de0b81",
|
|
"indicator--58905930-fd64-4d4b-ab9e-e59502de0b81",
|
|
"observed-data--58905930-9404-48ab-bfb4-e59502de0b81",
|
|
"url--58905930-9404-48ab-bfb4-e59502de0b81",
|
|
"indicator--58905931-1ffc-494a-9c1e-e59502de0b81",
|
|
"indicator--58905932-67e4-4fe2-b74c-e59502de0b81",
|
|
"observed-data--58905933-e068-44d2-a9e4-e59502de0b81",
|
|
"url--58905933-e068-44d2-a9e4-e59502de0b81",
|
|
"indicator--58905934-0dec-4c5a-9aed-e59502de0b81",
|
|
"indicator--58905934-9248-484e-8427-e59502de0b81",
|
|
"observed-data--58905935-81d4-4f51-983f-e59502de0b81",
|
|
"url--58905935-81d4-4f51-983f-e59502de0b81",
|
|
"indicator--58905936-df5c-4164-a94f-e59502de0b81",
|
|
"indicator--58905937-8d64-419b-9193-e59502de0b81",
|
|
"observed-data--58905937-0c14-4332-be60-e59502de0b81",
|
|
"url--58905937-0c14-4332-be60-e59502de0b81",
|
|
"indicator--58905938-2098-407a-902f-e59502de0b81",
|
|
"indicator--58905939-65e8-441c-b90e-e59502de0b81",
|
|
"observed-data--5890593a-fd80-41c5-a335-e59502de0b81",
|
|
"url--5890593a-fd80-41c5-a335-e59502de0b81",
|
|
"indicator--5890593b-f5a8-4e4d-bb87-e59502de0b81",
|
|
"indicator--5890593b-c7d0-4ded-bed0-e59502de0b81",
|
|
"observed-data--5890593c-b1c0-437d-bd85-e59502de0b81",
|
|
"url--5890593c-b1c0-437d-bd85-e59502de0b81",
|
|
"indicator--5890593d-c81c-4b31-b751-e59502de0b81",
|
|
"indicator--5890593e-4aa8-4c61-a638-e59502de0b81",
|
|
"observed-data--5890593e-bd00-4001-92c4-e59502de0b81",
|
|
"url--5890593e-bd00-4001-92c4-e59502de0b81",
|
|
"indicator--5890593f-9570-4d1a-ad4f-e59502de0b81",
|
|
"indicator--58905940-0690-4348-9ebb-e59502de0b81",
|
|
"observed-data--58905941-37a4-4452-8603-e59502de0b81",
|
|
"url--58905941-37a4-4452-8603-e59502de0b81",
|
|
"indicator--58905941-6414-49c5-9561-e59502de0b81",
|
|
"indicator--58905942-7d84-4505-9494-e59502de0b81",
|
|
"observed-data--58905943-3168-48ec-88df-e59502de0b81",
|
|
"url--58905943-3168-48ec-88df-e59502de0b81",
|
|
"indicator--58905944-58fc-4e84-a189-e59502de0b81",
|
|
"indicator--58905944-5018-443f-ab36-e59502de0b81",
|
|
"observed-data--58905945-9c94-4dad-be73-e59502de0b81",
|
|
"url--58905945-9c94-4dad-be73-e59502de0b81",
|
|
"indicator--58905946-780c-4c6d-91d5-e59502de0b81",
|
|
"indicator--58905947-1568-4847-8f46-e59502de0b81",
|
|
"observed-data--58905947-c62c-496a-8018-e59502de0b81",
|
|
"url--58905947-c62c-496a-8018-e59502de0b81",
|
|
"indicator--58905948-35b8-4f5d-8fb5-e59502de0b81",
|
|
"indicator--58905949-6d18-4f19-a5c1-e59502de0b81",
|
|
"observed-data--5890594a-b6d4-494b-9973-e59502de0b81",
|
|
"url--5890594a-b6d4-494b-9973-e59502de0b81",
|
|
"indicator--5890594a-2ccc-49f1-b075-e59502de0b81",
|
|
"indicator--5890594b-e4c8-4e65-a3be-e59502de0b81",
|
|
"observed-data--5890594c-5f54-414b-86bb-e59502de0b81",
|
|
"url--5890594c-5f54-414b-86bb-e59502de0b81",
|
|
"indicator--5890594d-31f0-4462-ad02-e59502de0b81",
|
|
"indicator--5890594d-2f30-4208-85a2-e59502de0b81",
|
|
"observed-data--5890594e-5310-40a3-ac72-e59502de0b81",
|
|
"url--5890594e-5310-40a3-ac72-e59502de0b81",
|
|
"indicator--5890594f-5160-4baf-b298-e59502de0b81",
|
|
"indicator--58905950-f090-41b2-ab28-e59502de0b81",
|
|
"observed-data--58905951-d028-4b8b-8031-e59502de0b81",
|
|
"url--58905951-d028-4b8b-8031-e59502de0b81",
|
|
"indicator--58905952-42b0-4960-b756-e59502de0b81",
|
|
"indicator--58905952-619c-421e-a8a1-e59502de0b81",
|
|
"observed-data--58905953-1880-4833-9fa0-e59502de0b81",
|
|
"url--58905953-1880-4833-9fa0-e59502de0b81",
|
|
"indicator--58905954-4b68-4149-8f89-e59502de0b81",
|
|
"indicator--58905955-fdd8-4873-ba7e-e59502de0b81",
|
|
"observed-data--58905956-81c8-4766-bf55-e59502de0b81",
|
|
"url--58905956-81c8-4766-bf55-e59502de0b81",
|
|
"indicator--58905956-e9e4-4d0a-8d49-e59502de0b81",
|
|
"indicator--58905958-eda8-4f9f-941b-e59502de0b81",
|
|
"observed-data--58905959-fb38-40f4-830c-e59502de0b81",
|
|
"url--58905959-fb38-40f4-830c-e59502de0b81",
|
|
"indicator--58905959-c358-48ec-851c-e59502de0b81",
|
|
"indicator--5890595a-5924-4437-a6c5-e59502de0b81",
|
|
"observed-data--5890595b-00fc-41b8-8589-e59502de0b81",
|
|
"url--5890595b-00fc-41b8-8589-e59502de0b81",
|
|
"indicator--5890595c-2c50-41ed-a8f3-e59502de0b81",
|
|
"indicator--5890595d-37f8-4416-bfde-e59502de0b81",
|
|
"observed-data--5890595d-973c-41a9-a48e-e59502de0b81",
|
|
"url--5890595d-973c-41a9-a48e-e59502de0b81",
|
|
"indicator--5890595e-9cf0-4e07-85e1-e59502de0b81",
|
|
"indicator--5890595f-d7c4-4536-84bb-e59502de0b81",
|
|
"observed-data--58905960-78e8-4598-a63f-e59502de0b81",
|
|
"url--58905960-78e8-4598-a63f-e59502de0b81",
|
|
"indicator--58905960-5e94-4f9e-b476-e59502de0b81",
|
|
"indicator--58905961-2030-4b92-9fde-e59502de0b81",
|
|
"observed-data--58905962-00d8-4dea-b05a-e59502de0b81",
|
|
"url--58905962-00d8-4dea-b05a-e59502de0b81",
|
|
"indicator--58905963-6df8-425e-8c13-e59502de0b81",
|
|
"indicator--58905963-6248-4163-b58b-e59502de0b81",
|
|
"observed-data--58905964-a748-4a9b-93de-e59502de0b81",
|
|
"url--58905964-a748-4a9b-93de-e59502de0b81",
|
|
"indicator--58905965-d840-4f82-af7e-e59502de0b81",
|
|
"indicator--58905965-295c-47c3-9aae-e59502de0b81",
|
|
"observed-data--58905966-33dc-4537-bf48-e59502de0b81",
|
|
"url--58905966-33dc-4537-bf48-e59502de0b81",
|
|
"indicator--58905967-c78c-4f86-94ac-e59502de0b81",
|
|
"indicator--58905968-4734-4d46-ae2e-e59502de0b81",
|
|
"observed-data--58905969-c8ec-4649-a33a-e59502de0b81",
|
|
"url--58905969-c8ec-4649-a33a-e59502de0b81",
|
|
"indicator--58905969-314c-47c2-ab2a-e59502de0b81",
|
|
"indicator--5890596a-fa0c-49df-b347-e59502de0b81",
|
|
"observed-data--5890596b-54e4-4746-9c0e-e59502de0b81",
|
|
"url--5890596b-54e4-4746-9c0e-e59502de0b81",
|
|
"indicator--5890596c-86e4-4a2e-9bac-e59502de0b81",
|
|
"indicator--5890596c-b890-41b5-9604-e59502de0b81",
|
|
"observed-data--5890596d-90fc-482c-97e1-e59502de0b81",
|
|
"url--5890596d-90fc-482c-97e1-e59502de0b81",
|
|
"indicator--5890596e-8430-45de-92c5-e59502de0b81",
|
|
"indicator--5890596f-2a60-47a7-a4d1-e59502de0b81",
|
|
"observed-data--5890596f-6b80-4ff5-b114-e59502de0b81",
|
|
"url--5890596f-6b80-4ff5-b114-e59502de0b81",
|
|
"indicator--58905970-cfcc-453f-927c-e59502de0b81",
|
|
"indicator--58905971-4af4-47b8-b3bb-e59502de0b81",
|
|
"observed-data--58905972-5ac8-4fda-aeb2-e59502de0b81",
|
|
"url--58905972-5ac8-4fda-aeb2-e59502de0b81",
|
|
"indicator--58905972-9cec-4c93-8366-e59502de0b81",
|
|
"indicator--58905973-06b0-47a5-a8ea-e59502de0b81",
|
|
"observed-data--58905974-9624-41d1-87e3-e59502de0b81",
|
|
"url--58905974-9624-41d1-87e3-e59502de0b81",
|
|
"indicator--58905975-6638-469f-8886-e59502de0b81",
|
|
"indicator--58905976-abd8-4473-b0fe-e59502de0b81",
|
|
"observed-data--58905976-b5bc-44c3-9fd1-e59502de0b81",
|
|
"url--58905976-b5bc-44c3-9fd1-e59502de0b81",
|
|
"indicator--58905977-cc1c-452e-b7c5-e59502de0b81",
|
|
"indicator--58905978-b0d8-4cfd-9355-e59502de0b81",
|
|
"observed-data--58905979-c8c8-4b86-b73f-e59502de0b81",
|
|
"url--58905979-c8c8-4b86-b73f-e59502de0b81",
|
|
"indicator--5890597a-d574-4e54-9945-e59502de0b81",
|
|
"indicator--5890597a-bbcc-4753-a694-e59502de0b81",
|
|
"observed-data--5890597b-c900-4297-9c13-e59502de0b81",
|
|
"url--5890597b-c900-4297-9c13-e59502de0b81",
|
|
"indicator--5890597c-58e0-44c9-b6a1-e59502de0b81",
|
|
"indicator--5890597d-347c-47ad-8298-e59502de0b81",
|
|
"observed-data--5890597d-b31c-4ec9-b2dc-e59502de0b81",
|
|
"url--5890597d-b31c-4ec9-b2dc-e59502de0b81",
|
|
"indicator--5890597e-e6b0-41cc-9fe2-e59502de0b81",
|
|
"indicator--5890597f-eb60-46be-b838-e59502de0b81",
|
|
"observed-data--58905980-f584-4e9b-b9f8-e59502de0b81",
|
|
"url--58905980-f584-4e9b-b9f8-e59502de0b81",
|
|
"indicator--58905981-6d84-48eb-8145-e59502de0b81",
|
|
"indicator--58905982-54e4-4908-97b8-e59502de0b81",
|
|
"observed-data--58905982-fd80-4920-97bf-e59502de0b81",
|
|
"url--58905982-fd80-4920-97bf-e59502de0b81",
|
|
"indicator--58905983-3424-4b95-8c32-e59502de0b81",
|
|
"indicator--58905984-c4f8-47dc-be0b-e59502de0b81",
|
|
"observed-data--58905985-7fdc-47f0-9e15-e59502de0b81",
|
|
"url--58905985-7fdc-47f0-9e15-e59502de0b81",
|
|
"indicator--58905985-ba08-4f1e-9713-e59502de0b81",
|
|
"indicator--58905986-8b0c-43f5-bc56-e59502de0b81",
|
|
"observed-data--58905987-c354-4b28-bb19-e59502de0b81",
|
|
"url--58905987-c354-4b28-bb19-e59502de0b81",
|
|
"indicator--58905988-f2c0-466b-90f9-e59502de0b81",
|
|
"indicator--58905989-07c4-43a7-8486-e59502de0b81",
|
|
"observed-data--5890598a-a1fc-47b4-88b0-e59502de0b81",
|
|
"url--5890598a-a1fc-47b4-88b0-e59502de0b81",
|
|
"indicator--5890598a-6934-4f3a-8337-e59502de0b81",
|
|
"indicator--5890598b-538c-4870-9c65-e59502de0b81",
|
|
"observed-data--5890598c-b048-4e9c-bdca-e59502de0b81",
|
|
"url--5890598c-b048-4e9c-bdca-e59502de0b81",
|
|
"indicator--5890598d-556c-46e9-93b7-e59502de0b81",
|
|
"indicator--5890598d-6ecc-4751-aa7c-e59502de0b81",
|
|
"observed-data--5890598e-c640-4282-a68d-e59502de0b81",
|
|
"url--5890598e-c640-4282-a68d-e59502de0b81",
|
|
"indicator--5890598f-7574-4842-8d63-e59502de0b81",
|
|
"indicator--58905990-5fb8-41e8-9ab8-e59502de0b81",
|
|
"observed-data--58905991-77d8-4408-927d-e59502de0b81",
|
|
"url--58905991-77d8-4408-927d-e59502de0b81",
|
|
"indicator--58905991-9a88-44dd-bb36-e59502de0b81",
|
|
"indicator--58905992-eb24-43de-b792-e59502de0b81",
|
|
"observed-data--58905993-e9c0-44f8-8715-e59502de0b81",
|
|
"url--58905993-e9c0-44f8-8715-e59502de0b81",
|
|
"indicator--58905994-4a58-4648-9e70-e59502de0b81",
|
|
"indicator--58905995-3c50-49dc-a165-e59502de0b81",
|
|
"observed-data--58905995-db6c-4eff-98c3-e59502de0b81",
|
|
"url--58905995-db6c-4eff-98c3-e59502de0b81",
|
|
"indicator--58905996-b0a8-42dc-bca4-e59502de0b81",
|
|
"indicator--58905997-52c4-4b8b-a09a-e59502de0b81",
|
|
"observed-data--58905998-d31c-4623-b4bb-e59502de0b81",
|
|
"url--58905998-d31c-4623-b4bb-e59502de0b81",
|
|
"indicator--58905998-50e4-4051-9268-e59502de0b81",
|
|
"indicator--58905999-6298-49cc-89e3-e59502de0b81",
|
|
"observed-data--5890599a-00bc-49d1-acd4-e59502de0b81",
|
|
"url--5890599a-00bc-49d1-acd4-e59502de0b81",
|
|
"indicator--5890599b-7dcc-423e-8d02-e59502de0b81",
|
|
"indicator--5890599c-ecf8-4c1f-aa83-e59502de0b81",
|
|
"observed-data--5890599d-eee0-4351-8e68-e59502de0b81",
|
|
"url--5890599d-eee0-4351-8e68-e59502de0b81",
|
|
"indicator--5890599d-1544-4414-b1bc-e59502de0b81",
|
|
"indicator--5890599e-c930-4287-be17-e59502de0b81",
|
|
"observed-data--5890599f-e550-4cbf-bd84-e59502de0b81",
|
|
"url--5890599f-e550-4cbf-bd84-e59502de0b81",
|
|
"indicator--589059a0-9bc4-4eee-a745-e59502de0b81",
|
|
"indicator--589059a0-2654-4ce9-b231-e59502de0b81",
|
|
"observed-data--589059a1-ba58-49e8-92b7-e59502de0b81",
|
|
"url--589059a1-ba58-49e8-92b7-e59502de0b81",
|
|
"indicator--589059a2-5f64-4b80-841b-e59502de0b81",
|
|
"indicator--589059a3-83b8-4a86-813f-e59502de0b81",
|
|
"observed-data--589059a4-53c0-4602-9c23-e59502de0b81",
|
|
"url--589059a4-53c0-4602-9c23-e59502de0b81",
|
|
"indicator--589059a4-bc10-435a-ba4f-e59502de0b81",
|
|
"indicator--589059a5-1e8c-4182-9f80-e59502de0b81",
|
|
"observed-data--589059a6-4200-460c-a327-e59502de0b81",
|
|
"url--589059a6-4200-460c-a327-e59502de0b81",
|
|
"indicator--589059a7-1b7c-4b65-8d48-e59502de0b81",
|
|
"indicator--589059a8-6b94-4bc9-ac63-e59502de0b81",
|
|
"observed-data--589059a8-f948-4c88-ad13-e59502de0b81",
|
|
"url--589059a8-f948-4c88-ad13-e59502de0b81",
|
|
"indicator--589059a9-65b4-4400-a351-e59502de0b81",
|
|
"indicator--589059aa-9bf4-496d-a95d-e59502de0b81",
|
|
"observed-data--589059ab-140c-4b50-8c90-e59502de0b81",
|
|
"url--589059ab-140c-4b50-8c90-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58904fc1-5690-45a6-8ee2-e58f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:00:55.000Z",
|
|
"modified": "2017-01-31T09:00:55.000Z",
|
|
"first_observed": "2017-01-31T09:00:55Z",
|
|
"last_observed": "2017-01-31T09:00:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58904fc1-5690-45a6-8ee2-e58f950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"admiralty-scale:source-reliability=\"b\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58904fc1-5690-45a6-8ee2-e58f950d210f",
|
|
"value": "http://researchcenter.paloaltonetworks.com/2017/01/unit42-downeks-and-quasar-rat-used-in-recent-targeted-attacks-against-governments/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58904fdc-ccb8-44cc-a678-e58e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:50:36.000Z",
|
|
"modified": "2017-01-31T08:50:36.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Palo Alto Networks Traps Advanced Endpoint Protection recently prevented recent attacks that we believe are part of a campaign linked to DustySky. DustySky is a campaign which others have attributed to the Gaza Cybergang group, a group that targets government interests in the region.\r\n\r\nThis report shares our researchers\u00e2\u20ac\u2122 analysis of the attack and Remote Access Tool (RAT). We also discovered during our research that the RAT Server used by this attacker is itself vulnerable to remote attack, a double-edged sword for these attackers.\r\n\r\nAttack\r\nThe initial infection vector in this attack is not clear, but it results in installing the \u00e2\u20ac\u0153Downeks\u00e2\u20ac\u009d downloader, which in turn infects the victim computer with the \u00e2\u20ac\u0153Quasar\u00e2\u20ac\u009d RAT.\r\n\r\nDowneks uses third party websites to determine the external IP of the victim machine, possibly to determine victim location with GeoIP. It also drops decoy documents in an attempt to camouflage the attack.\r\n\r\nQuasar is a .NET Framework-based open-source RAT. The attackers invested significant effort in attempting to hide the tool by changing the source code of the RAT and the RAT server, and by using an obfuscator and packer."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890501a-ed68-4f6a-8d82-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:38.000Z",
|
|
"modified": "2017-01-31T08:51:38.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'downloadtesting.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890501a-eb84-4b0d-8030-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:38.000Z",
|
|
"modified": "2017-01-31T08:51:38.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'gameoolines.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890501b-8cac-4b3e-bb8b-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:39.000Z",
|
|
"modified": "2017-01-31T08:51:39.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'onlinesoft.space']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890501c-5670-4bf7-8da3-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:40.000Z",
|
|
"modified": "2017-01-31T08:51:40.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'newphoneapp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890501c-4798-4765-b0ef-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:40.000Z",
|
|
"modified": "2017-01-31T08:51:40.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'gamestoplay.bid']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890501d-0cdc-44fb-803f-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:41.000Z",
|
|
"modified": "2017-01-31T08:51:41.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'smartsftp.pw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890501e-7c58-46e4-97ab-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:42.000Z",
|
|
"modified": "2017-01-31T08:51:42.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'galaxysupdates.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890501e-7318-492d-892e-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:42.000Z",
|
|
"modified": "2017-01-31T08:51:42.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'galaxy-s.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890501f-23ac-4ba5-a47b-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:43.000Z",
|
|
"modified": "2017-01-31T08:51:43.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'datasamsung.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905020-6044-44a5-91ec-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:44.000Z",
|
|
"modified": "2017-01-31T08:51:44.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'progsupdate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905021-0830-46d3-ae6e-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:45.000Z",
|
|
"modified": "2017-01-31T08:51:45.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'topgamse.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905021-a96c-46b4-8326-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:45.000Z",
|
|
"modified": "2017-01-31T08:51:45.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'bandtester.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905022-605c-47e3-93a6-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:46.000Z",
|
|
"modified": "2017-01-31T08:51:46.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'speedbind.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905023-cea4-4cdb-bd77-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:47.000Z",
|
|
"modified": "2017-01-31T08:51:47.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'ukgames.tech']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905023-0748-4d97-8178-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:47.000Z",
|
|
"modified": "2017-01-31T08:51:47.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'wallanews.publicvm.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905024-17f4-4a31-8ac6-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:48.000Z",
|
|
"modified": "2017-01-31T08:51:48.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'wallanews.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905025-caf8-473b-960c-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:49.000Z",
|
|
"modified": "2017-01-31T08:51:49.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'noredirecto.redirectme.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905026-aa90-47fd-bd09-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:49.000Z",
|
|
"modified": "2017-01-31T08:51:49.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'dynamicipaddress.linkpc.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905026-aa14-430a-bb59-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:50.000Z",
|
|
"modified": "2017-01-31T08:51:50.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'downloadlog.linkpc.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905027-d29c-4fb6-b807-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:51.000Z",
|
|
"modified": "2017-01-31T08:51:51.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'havan.qhigh.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905028-bdb8-485b-b6c4-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:52.000Z",
|
|
"modified": "2017-01-31T08:51:52.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'kolabdown.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905028-5454-4383-bb4d-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:52.000Z",
|
|
"modified": "2017-01-31T08:51:52.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'rotter2.publicvm.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905029-1038-4148-aa0c-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:53.000Z",
|
|
"modified": "2017-01-31T08:51:53.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'ftpserverit.otzo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890502a-adf4-45b7-ae83-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:54.000Z",
|
|
"modified": "2017-01-31T08:51:54.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'webfile.myq-see.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890502a-ace4-46f4-bb79-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:54.000Z",
|
|
"modified": "2017-01-31T08:51:54.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'downloadmyhost.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890502b-38dc-470a-a84a-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:55.000Z",
|
|
"modified": "2017-01-31T08:51:55.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'help2014.linkpc.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890502c-6554-43aa-b93c-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:56.000Z",
|
|
"modified": "2017-01-31T08:51:56.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'safara.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890502d-a17c-4a5e-9fc6-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:57.000Z",
|
|
"modified": "2017-01-31T08:51:57.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'exportball.servegame.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890502d-5114-4db5-b364-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:57.000Z",
|
|
"modified": "2017-01-31T08:51:57.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'viewnet.better-than.tv']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890502e-103c-453a-b53e-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:58.000Z",
|
|
"modified": "2017-01-31T08:51:58.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'down.downloadoneyoutube.co.vu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890502f-6cfc-434b-b565-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:51:59.000Z",
|
|
"modified": "2017-01-31T08:51:59.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'netstreamag.publicvm.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:51:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905030-bfe8-41fa-a27a-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:52:00.000Z",
|
|
"modified": "2017-01-31T08:52:00.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'hostgatero.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:52:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905031-0a74-4cea-bc13-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:52:01.000Z",
|
|
"modified": "2017-01-31T08:52:01.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'subsidiaryohio.linkpc.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:52:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905032-05fc-439b-81c2-e595950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T08:52:02.000Z",
|
|
"modified": "2017-01-31T08:52:02.000Z",
|
|
"description": "C2 Domains",
|
|
"pattern": "[domain-name:value = 'helpyoume.linkpc.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T08:52:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052a3-1840-4ad8-affe-467c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:27.000Z",
|
|
"modified": "2017-01-31T09:02:27.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '3053e1e8df7e525ef98a77190cefce258aea365e2998425ecc8e139230680156']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052a4-fb28-483a-8163-42c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:28.000Z",
|
|
"modified": "2017-01-31T09:02:28.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'f19bc664558177b7269f52edcec74ecdb38ed2ab9e706b68d9cbb3a53c243dec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052a4-dca0-48e6-ac04-40a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:28.000Z",
|
|
"modified": "2017-01-31T09:02:28.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '0d235478ae9cc87b7b907181ccd151b618d74955716ba2dbc40a74dc1cdfc4aa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052a5-bad0-41b6-86ed-47b1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:29.000Z",
|
|
"modified": "2017-01-31T09:02:29.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '96c1346351a53c865afef5e087a8cbcf8e28d652fbc083a93399a8b94328d456']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052a6-59cc-45a0-868c-4c31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:30.000Z",
|
|
"modified": "2017-01-31T09:02:30.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '15abd32342e87455b73f1e2ecf9ab10331600eb4eae54e1dfc25ba2f9d8c2e8a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052a7-c444-4537-ab0c-4edc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:31.000Z",
|
|
"modified": "2017-01-31T09:02:31.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'b66e5af52fd4d802f64788692b3eafe6b5ff61cea09c06a237a96b6cdb90b41a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052a8-7e94-4638-bbbc-4ca5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:32.000Z",
|
|
"modified": "2017-01-31T09:02:32.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '55a7ca1e5ed2d74c7eb6ab6a985c1d369157a91275f575967aefb7ddb3388e0c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052a9-520c-49e6-920d-4264950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:33.000Z",
|
|
"modified": "2017-01-31T09:02:33.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '9a8d73cb7069832b9523c55224ae4153ea529ecc50392fef59da5b5d1db1c740']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052aa-5130-4158-9757-47c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:34.000Z",
|
|
"modified": "2017-01-31T09:02:34.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '39bdeaded0f919caa6697ae1ae4953de1c7afa79905939dbbd8c647a84f6cd07']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052aa-9b94-405b-9b81-4bb7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:34.000Z",
|
|
"modified": "2017-01-31T09:02:34.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '0e41c3611da6e3a2b0dd0d43b9ce0b3f3405472efa5760767719cc82692afb7b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052ab-8dc4-43a3-a266-40c2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:35.000Z",
|
|
"modified": "2017-01-31T09:02:35.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'bc7c3f687d0589a4db53475bc65056a628b52aa27f84c1d76b9fe686d495df27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052ac-4328-49b1-941b-4ec8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:36.000Z",
|
|
"modified": "2017-01-31T09:02:36.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '0d1aa670df8ae1379d6997c9dc8b40c893ee395c3d45b84c2ad1732e86973143']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052ad-0bb0-4ea3-962f-441c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:37.000Z",
|
|
"modified": "2017-01-31T09:02:37.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '8ac7138215b2500d0737b483b9194419c0e0248014147e84f43b1e2b409184cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052ae-0afc-463c-a00f-48a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:38.000Z",
|
|
"modified": "2017-01-31T09:02:38.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '8ca99455d244fab2701beb5127f94745154e03ac1231a58f8bd2cd01732a341b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052af-0338-42f8-9fb9-41ca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:39.000Z",
|
|
"modified": "2017-01-31T09:02:39.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'a149340f920888256902e28e4c5d8587fed3037682e875ed1fdf6a3213c50e92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052af-7fac-4547-bf7f-4a27950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:39.000Z",
|
|
"modified": "2017-01-31T09:02:39.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '78aaed20914d3895708985aee089a464b31e11eb3b3e90b530dcebbe10e915ec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052b0-e288-4e4c-8771-4a7b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:40.000Z",
|
|
"modified": "2017-01-31T09:02:40.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '704b19e0460a0fa7d952ba6feb5eadb9054895d1d753df72faf6f470446a0519']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052b1-525c-4563-9b8c-49fb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:41.000Z",
|
|
"modified": "2017-01-31T09:02:41.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '118d0bd8ec35b925167c67217d2fe06ac021ce253f72d17f1093423b8f9b4a2b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052b2-f4c0-49f6-8437-47a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:42.000Z",
|
|
"modified": "2017-01-31T09:02:42.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '68ec3588735341566e9736b897aac06affb4a4808b05ceffb72384e77ea04b2c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052b3-d2d0-4b6d-b365-4d2c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:43.000Z",
|
|
"modified": "2017-01-31T09:02:43.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'd3c710eaaf849598fa486823da42bdce03ea3c9421c3936e3330e98b34e4ef47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052b4-40e8-4f97-abd1-435e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:44.000Z",
|
|
"modified": "2017-01-31T09:02:44.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'e6e9f7b0449976537d9276192e5767c9909cd34df028a8bf1cac3dbe490f0e73']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052b4-bb80-4a53-9077-4bff950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:44.000Z",
|
|
"modified": "2017-01-31T09:02:44.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '75336b05443b94474434982fc53778d5e6e9e7fabaddae596af42a15fceb04e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052b5-ca80-4b97-a9be-46c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:45.000Z",
|
|
"modified": "2017-01-31T09:02:45.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '4dcf5bd2c7a5822831d9f22f46bd2369c4c9df17cc99eb29975b5e8ae7e88606']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052b6-7c44-4c57-8947-4708950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:46.000Z",
|
|
"modified": "2017-01-31T09:02:46.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'b8a3096a396c28462c0d168d97e28573e0e6d272bbc1dd2432e7effe098bd979']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052b7-c758-40fc-be17-4736950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:47.000Z",
|
|
"modified": "2017-01-31T09:02:47.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '905f6a62749ca6f0fd33345d6a8b1831d87e9fd1f81a59cd3add82643b367693']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052b8-50a4-4714-8aff-4737950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:48.000Z",
|
|
"modified": "2017-01-31T09:02:48.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'c885f09b10feb88d7d176fe1a01ed8b480deb42324d2bb825e96fe1408e2a35f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052b8-29ec-4fb9-b84b-4f8f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:48.000Z",
|
|
"modified": "2017-01-31T09:02:48.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '0c4aa50c95c990d5c5c55345626155b87625986881a2c066ce032af6871c426a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052b9-9a94-43de-b4a3-4f7c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:49.000Z",
|
|
"modified": "2017-01-31T09:02:49.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '1ac624aaf6bbc2e3b966182888411f92797bd30b6fcce9f8a97648e64f13506f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052ba-d060-425c-9768-49e8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:50.000Z",
|
|
"modified": "2017-01-31T09:02:50.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '1acffe68fcdc301b8ab7640eda75ff82788b2f93d869e421e28bacbba93b76d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052bb-f8b8-4af0-b621-4be5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:51.000Z",
|
|
"modified": "2017-01-31T09:02:51.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '723108103ccb4c166ad9cdff350de6a898489f1dac7eeab23c52cd48b9256a42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589052bc-d230-4c7d-b35e-47c9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:02:52.000Z",
|
|
"modified": "2017-01-31T09:02:52.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '99a7cb43fb2898810956b6137d803c8f97651e23f9f13e91887f188749bd5e8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:02:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053f0-0b0c-4e48-baf4-42ff950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:00.000Z",
|
|
"modified": "2017-01-31T09:08:00.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '86bd78b4c8c94c046d927fb29ae0b944bf2a8513a378b51b3977b77e59a52806']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053f1-2ac0-4c50-83c0-4c4b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:01.000Z",
|
|
"modified": "2017-01-31T09:08:01.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '3243292e46a198bd83e0dce58258312852c99217187e6d5399066189feb2677b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053f2-ddd4-4c07-82e6-4fab950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:02.000Z",
|
|
"modified": "2017-01-31T09:08:02.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '9b8d8780454708b950459d43161097ac72f62ff349bc8f379b5b2216bc9ae935']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053f3-c924-4856-b6b7-48dc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:03.000Z",
|
|
"modified": "2017-01-31T09:08:03.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '3619b12b11cda6e87644d3316355d99ee5fa5407aa8a8f107aa1058e33b19bf6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053f4-5f18-40da-9120-4f36950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:04.000Z",
|
|
"modified": "2017-01-31T09:08:04.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '0f8378603e269db16eb7eaca933b587c7de3e914c1d9afaaae688c410befb895']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053f4-c890-488e-ba53-4899950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:04.000Z",
|
|
"modified": "2017-01-31T09:08:04.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'd3066fa4a7a1ef38c753796479768b765c6903ef50c35352e29e79dcd49e4348']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053f5-2b2c-41fb-96e4-4fa4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:05.000Z",
|
|
"modified": "2017-01-31T09:08:05.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '39b991838653739eef482af6336fcf03922d7e9d88d17946b688a513dd2bfc34']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053f6-c4d4-43b0-a8a5-47ca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:06.000Z",
|
|
"modified": "2017-01-31T09:08:06.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '4393ff391396cdfd229517dd98aa7faecad04da479fe8ca322f035ceee363273']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053f7-f728-490d-ac0e-4663950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:07.000Z",
|
|
"modified": "2017-01-31T09:08:07.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '759ae70b035c3bbb6699520db3a55f3947e6ba1b5ce639ec036e3096ee10b26d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053f8-ad70-4a33-8ccf-496a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:08.000Z",
|
|
"modified": "2017-01-31T09:08:08.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '17942d9d76dafb64aa0d3ab53c9ee56e5d8bd4477440f06780b70dd4c02af8b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053f9-ef90-4672-84b8-48d7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:09.000Z",
|
|
"modified": "2017-01-31T09:08:09.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'fea74bf9eed7363f97a09756b4652409cfcd7bbe023383805aec5da7de6310bd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053f9-de64-461d-b791-4013950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:09.000Z",
|
|
"modified": "2017-01-31T09:08:09.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'f5413c785770400215c3191ea887517b4380ec81be4e5bdc5aea12bf82f9105d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053fa-7a7c-46c8-b135-42a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:10.000Z",
|
|
"modified": "2017-01-31T09:08:10.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '8cdbea2aea51f73c68adc517eed533802e1f3b2a9ec0b0560b6bb8fc03ac3e4f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053fb-76dc-4022-bd30-407b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:11.000Z",
|
|
"modified": "2017-01-31T09:08:11.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'dbdc72a7cfbf03599b95d8f1c47e157da34ea5d2f951cf5f49715e8caab58cd4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053fc-04ac-491d-8fa3-4c2c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:12.000Z",
|
|
"modified": "2017-01-31T09:08:12.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '65986f6f919e9152176a10ae3964fac130ae6195e189453d17306a225022774d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053fd-b44c-47b9-a212-4cdb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:13.000Z",
|
|
"modified": "2017-01-31T09:08:13.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '91a4e395d57a52a85a2bda653a0ed796865e8af01c1345dff63469759448daf0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053fe-68b0-45f3-b74d-40ee950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:14.000Z",
|
|
"modified": "2017-01-31T09:08:14.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '53e82d01dd2502416ad49329e1224a7c4519182186e60f690ecd0cf266f5af5e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589053ff-955c-4bed-8581-4a2b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:15.000Z",
|
|
"modified": "2017-01-31T09:08:15.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '575708d3eb23f8111b7174408f05caf6574c5d6782c750562bfb9abe48cb219e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905400-afbc-483c-9f60-4473950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:16.000Z",
|
|
"modified": "2017-01-31T09:08:16.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'fefa0781e88fa215419b2a1294c8b952b192f8360aeab2f97bbd9cea15fc7338']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905400-98dc-4ac0-9244-40d7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:16.000Z",
|
|
"modified": "2017-01-31T09:08:16.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'ea16f0d55918752ad432d0da03a7e39ab9a8442b74ae0bbe724900605a9ba71f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905401-78e4-40bc-96f1-4ec0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:17.000Z",
|
|
"modified": "2017-01-31T09:08:17.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '6f6414c8f8a800c769da1f6994cad25757a2928375803a498171db3395183b98']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905402-6f4c-40e5-b85d-47ca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:18.000Z",
|
|
"modified": "2017-01-31T09:08:18.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'dbeb3c262cc6eefea93846f817e8333ee541ec23d19ffef56a94585e519e6ff1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905403-83c8-4322-b258-4622950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:19.000Z",
|
|
"modified": "2017-01-31T09:08:19.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '2ddce8b010f011a04cf24dc8e5932ae13b463dd6a3cb9bf02ae835b04a70d042']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905404-b7e8-4a38-9156-426f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:20.000Z",
|
|
"modified": "2017-01-31T09:08:20.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '182c82100069834ad4a8dadee6874cfb612f0b9babc7cd3ee5d69f16440ad6d7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905405-b6b8-425a-a210-4e06950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:21.000Z",
|
|
"modified": "2017-01-31T09:08:21.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'f772463bafef5f45f675658eee43b6f56911a4f449afb0cc68ac068002a2f875']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905405-2a9c-4ea9-ab8b-4caf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:21.000Z",
|
|
"modified": "2017-01-31T09:08:21.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'b30e3dc47848666e71c1f13050a6502b2c2a7a542ee867d152ffb2dd186d7114']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905406-04d4-44c3-9558-43c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:22.000Z",
|
|
"modified": "2017-01-31T09:08:22.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'e5e4895d2195e14a3a105f3ed73fd49493e9dbdd7dfc6f6616023473fa8f86c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905407-83a8-431d-973e-4346950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:23.000Z",
|
|
"modified": "2017-01-31T09:08:23.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'f4eda40b3f1c77f8f9e02674d93214dd31c13080b034e37b26cc66d744500b1e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905408-f65c-4dd8-ade7-4884950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:24.000Z",
|
|
"modified": "2017-01-31T09:08:24.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '95d9a2b664e3e5c1206d94241ded115643aa0452dd3fe3338363ff826260f40c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905409-417c-42d4-af49-4e9c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:25.000Z",
|
|
"modified": "2017-01-31T09:08:25.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '575b84c2d3bceebfabb2deb289a230f52aca2c504aa854251c1e9057f3f0cf5a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905409-1e9c-421f-9908-461e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:25.000Z",
|
|
"modified": "2017-01-31T09:08:25.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '21f09c93325c03940c24d8bd6f33a1a4876bfd5feb8c8bac05b0a359255c0b42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890540a-7fa0-4160-bf04-476a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:26.000Z",
|
|
"modified": "2017-01-31T09:08:26.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '695821451be582d85cd8e42ce4446f131bd474e6c715bdf13fe8bac6de34b2e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890540b-3cf8-4207-a571-46d6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:27.000Z",
|
|
"modified": "2017-01-31T09:08:27.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'e874deabb7953c2b9b5e67fc08297019bb0171c2fbdbe136b822cee4d43b72e5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890540c-3cac-4fc9-9911-4b5f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:28.000Z",
|
|
"modified": "2017-01-31T09:08:28.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '6a700aea23f7cb6907e464981a136b0fbfb5a48b910af2f9a44baf98d25f1722']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890540d-5854-457d-bd17-4675950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:29.000Z",
|
|
"modified": "2017-01-31T09:08:29.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'b6adae77a975058720e525a7f6d2451a01fedd3c6cab1515570d8490a8eb4f67']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890540d-9b94-4794-bd54-47c0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:29.000Z",
|
|
"modified": "2017-01-31T09:08:29.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'd735c19fc9223e1bc4e625c1f47801d758426fbae89e5086bc56a8d6b1df2011']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890540e-8574-4246-b38a-48a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:30.000Z",
|
|
"modified": "2017-01-31T09:08:30.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'a66a27d801891e39d3819355366399fabbf2f05327ddb7c7b5d304fabeac7118']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890540f-9bb8-4463-ab8c-4fe5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:31.000Z",
|
|
"modified": "2017-01-31T09:08:31.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'cdf4ec8beb3f15d04b54165b53475aa03949a67f9cb1847a749b2fb44a3fe0a4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905410-5008-4050-a39d-4607950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:32.000Z",
|
|
"modified": "2017-01-31T09:08:32.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '0045c28ed2a9d98efb798ec59f34b6a3058838f933af7c0dae6482a0e86e37bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905411-b074-44ce-bd6d-4b65950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:33.000Z",
|
|
"modified": "2017-01-31T09:08:33.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '8814fec28ccac77456be73305b32ad5a266a4929203b2acf431759c90fe579bd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905412-b6b4-48ee-882a-4022950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:34.000Z",
|
|
"modified": "2017-01-31T09:08:34.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'f1b682808f1819f0e3d030fce1fd6b1ca95ad052b069e028cd9ed4afd81cd4d6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905412-0f24-49ea-8c09-448b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:34.000Z",
|
|
"modified": "2017-01-31T09:08:34.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'f361974e6fd6a6d7cfbfafb28159c4f8e514fe6f399788be4daa2449767d5904']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905413-dc2c-4db7-916c-4ca2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:35.000Z",
|
|
"modified": "2017-01-31T09:08:35.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '11b1088ad962984f6df89ccc6bbc98bf220af952dec0b4622f8453a0a164cb65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905414-ba04-4536-8c8a-4d7d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:36.000Z",
|
|
"modified": "2017-01-31T09:08:36.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'aacf24e288388431b30f8da765b4696975adc9cc0303d285abb05077eda21da2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905415-0c20-4034-8749-4866950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:37.000Z",
|
|
"modified": "2017-01-31T09:08:37.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '02bd710d3055076f86116d28427322c9cb623291c6c5a66c1932181fc6558586']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905416-1a50-48f5-b662-4720950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:08:38.000Z",
|
|
"modified": "2017-01-31T09:08:38.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '5e7d68c53212f6d467533f105d4a067682e28da47304a53c17b056d2b4404f0a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:08:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905526-1470-4047-9137-4d31950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:10.000Z",
|
|
"modified": "2017-01-31T09:13:10.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '3ff059a53e38f9fcd24e8d6bf008b4e14733db317857764cfcef736119ff26c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905527-8c8c-4648-b8e6-4fe4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:11.000Z",
|
|
"modified": "2017-01-31T09:13:11.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'dcc04adf96045e7227a0e1f1d092919276b21035bcb3c5ed462650ef8d2e7aa3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905528-938c-4535-bc31-4c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:12.000Z",
|
|
"modified": "2017-01-31T09:13:12.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '20e3d4c9223955495d00e72e2fedfe825e9fcda57696a255215895cfba490876']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905529-eed4-4972-a26e-4264950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:13.000Z",
|
|
"modified": "2017-01-31T09:13:13.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '6050d4c1efcf8242382293842313f3a93309f1e449197d98c60cec29090c6bff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905529-e4b8-41d0-9719-467f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:13.000Z",
|
|
"modified": "2017-01-31T09:13:13.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '1d533ddaefc7859a3f6c6751114e895b7aa5935eb0ed68b01ec61aa8560ae3d9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890552a-dfc0-4206-8998-4361950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:14.000Z",
|
|
"modified": "2017-01-31T09:13:14.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '488ba22d6cb8c9b0310c58fa4c4739692cdf45676c3164b357314322542f9dff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890552b-1720-4629-b92f-41b1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:15.000Z",
|
|
"modified": "2017-01-31T09:13:15.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '7eeeae1f2fc62653593c7ce254e9cf855905035c2e8f8c0588887cb8e99dd770']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890552c-2ca0-4c2f-8eb6-4fbe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:16.000Z",
|
|
"modified": "2017-01-31T09:13:16.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'd2d08bb2707b635617e5bab0fcd033b6f68a753dd2b3897adca1c627758e686b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890552d-a14c-4185-a482-4b4b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:17.000Z",
|
|
"modified": "2017-01-31T09:13:17.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'd30dbf17078a11c32dd23acea42335860e739c9f18bf0ed611132eef4d5cfcb6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890552e-70ac-4eb8-ac56-4635950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:18.000Z",
|
|
"modified": "2017-01-31T09:13:18.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '7c578dcdcefe78fb1dd51ac611f6450d9eb5be6c5f1e3363f460321a46be4a39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890552e-6c34-4211-83a4-4d94950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:18.000Z",
|
|
"modified": "2017-01-31T09:13:18.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'a40627acae6917787e92f9efa85739136c1670dcc5fe66695e105ddd72d7b80a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890552f-355c-4598-a4c5-4745950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:19.000Z",
|
|
"modified": "2017-01-31T09:13:19.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '5668470c92408f4b9f3a659005c2acca9da8df750cc491bffc88ef640474fa4a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905530-972c-438a-8474-4082950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:20.000Z",
|
|
"modified": "2017-01-31T09:13:20.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '25e6bf67410dffb95c527c19dcff5223dbc3bf4c987650e45fbea1267072e8ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905531-aed4-481f-bec6-4c10950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:21.000Z",
|
|
"modified": "2017-01-31T09:13:21.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'f53fd5389b09c6ad289736720e72392dd5f30a1f7822dbc8c7c2e2b655b4dad9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905531-cfe8-4f6e-b18f-4d25950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:21.000Z",
|
|
"modified": "2017-01-31T09:13:21.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '2c2ae3f482d9db2541de0d855b5b12cd18028a94887f0c28acf1e2d6a4f3d4ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905532-6d6c-4b21-8968-4dfb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:22.000Z",
|
|
"modified": "2017-01-31T09:13:22.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'a35e2b21f7f770debcffc79eb4834ec8881465df06cee41af705b6ea5d899978']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905533-2504-45c6-862b-483f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:23.000Z",
|
|
"modified": "2017-01-31T09:13:23.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'a7aeeead233fcdfe1c7475db982497a82d8ae745ec1c58bd87215e8869c3f9e4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905534-3f28-4e45-909f-48e8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:24.000Z",
|
|
"modified": "2017-01-31T09:13:24.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'f0e3562d0438695c7f3af0c280968cfc7134b484010d9ba2aceab944b441b127']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905535-c3a8-4545-9628-4a6a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:25.000Z",
|
|
"modified": "2017-01-31T09:13:25.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '29049e2c7671a7c4fc953cb76e539150cc7c80e1b83c19d0894dfa446ce5276e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905535-d234-4ed2-8745-4a4b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:25.000Z",
|
|
"modified": "2017-01-31T09:13:25.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '2eb7aa306551d693691d14558c5dc4f6d80ef8f69cf466149fbba23953c08f7f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905536-6228-4ac8-b20f-42d7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:26.000Z",
|
|
"modified": "2017-01-31T09:13:26.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'de3e25a69ba43b9f236e544ece7f2da82a4fafb4489ad2e263754d9b9d88bc5c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905537-4c84-4e2d-ab88-4b76950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:27.000Z",
|
|
"modified": "2017-01-31T09:13:27.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'bc846caa05939b085837057bc4b9303357602ece83dc1380191bddd1402d4a2b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905538-1350-4bc7-8b9b-4c58950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:28.000Z",
|
|
"modified": "2017-01-31T09:13:28.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = '44b99603dde822b6b86577e64622e9a2f5b76b6d8bd23a3fe1b4d91b73d0230a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905539-ce54-4e54-be27-4861950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:13:29.000Z",
|
|
"modified": "2017-01-31T09:13:29.000Z",
|
|
"description": "Quasar & Downeks",
|
|
"pattern": "[file:hashes.SHA256 = 'bb24105295588d14c4509ec7374fbe6f7a4821cf4e9d9282754dd666ad7a7ea1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:13:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058d7-9b58-4543-84f6-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:28:55.000Z",
|
|
"modified": "2017-01-31T09:28:55.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: bb24105295588d14c4509ec7374fbe6f7a4821cf4e9d9282754dd666ad7a7ea1",
|
|
"pattern": "[file:hashes.SHA1 = '9112d33d4432d4c184fd0c77e45a5f3cf3468c14']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:28:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058d8-cb34-4e1c-b29a-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:28:56.000Z",
|
|
"modified": "2017-01-31T09:28:56.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: bb24105295588d14c4509ec7374fbe6f7a4821cf4e9d9282754dd666ad7a7ea1",
|
|
"pattern": "[file:hashes.MD5 = 'd7549d73fe59eaa2d90f32e50387bed5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:28:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058d8-173c-4143-bc94-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:28:56.000Z",
|
|
"modified": "2017-01-31T09:28:56.000Z",
|
|
"first_observed": "2017-01-31T09:28:56Z",
|
|
"last_observed": "2017-01-31T09:28:56Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058d8-173c-4143-bc94-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058d8-173c-4143-bc94-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/bb24105295588d14c4509ec7374fbe6f7a4821cf4e9d9282754dd666ad7a7ea1/analysis/1485768177/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058d9-d334-4977-bd70-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:28:57.000Z",
|
|
"modified": "2017-01-31T09:28:57.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 44b99603dde822b6b86577e64622e9a2f5b76b6d8bd23a3fe1b4d91b73d0230a",
|
|
"pattern": "[file:hashes.SHA1 = 'a1054d03947632d6c806992a29fe505809dbf9f7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:28:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058da-3938-4048-b45c-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:28:58.000Z",
|
|
"modified": "2017-01-31T09:28:58.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 44b99603dde822b6b86577e64622e9a2f5b76b6d8bd23a3fe1b4d91b73d0230a",
|
|
"pattern": "[file:hashes.MD5 = 'fa51335e7aa19bc6b70a500794f2d9f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:28:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058db-b22c-41f7-89f7-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:28:59.000Z",
|
|
"modified": "2017-01-31T09:28:59.000Z",
|
|
"first_observed": "2017-01-31T09:28:59Z",
|
|
"last_observed": "2017-01-31T09:28:59Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058db-b22c-41f7-89f7-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058db-b22c-41f7-89f7-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/44b99603dde822b6b86577e64622e9a2f5b76b6d8bd23a3fe1b4d91b73d0230a/analysis/1485226285/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058db-e078-4a2f-bed0-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:28:59.000Z",
|
|
"modified": "2017-01-31T09:28:59.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: bc846caa05939b085837057bc4b9303357602ece83dc1380191bddd1402d4a2b",
|
|
"pattern": "[file:hashes.SHA1 = '1088706ce7d3c623896c6fed3090eacdca832263']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:28:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058dc-3ab8-48d4-9be5-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:00.000Z",
|
|
"modified": "2017-01-31T09:29:00.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: bc846caa05939b085837057bc4b9303357602ece83dc1380191bddd1402d4a2b",
|
|
"pattern": "[file:hashes.MD5 = '7f684863780310a718254ff0f7f28ed2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058dd-ddd0-4e48-b5d8-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:01.000Z",
|
|
"modified": "2017-01-31T09:29:01.000Z",
|
|
"first_observed": "2017-01-31T09:29:01Z",
|
|
"last_observed": "2017-01-31T09:29:01Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058dd-ddd0-4e48-b5d8-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058dd-ddd0-4e48-b5d8-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/bc846caa05939b085837057bc4b9303357602ece83dc1380191bddd1402d4a2b/analysis/1445904866/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058de-1fcc-4a47-8c86-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:02.000Z",
|
|
"modified": "2017-01-31T09:29:02.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: de3e25a69ba43b9f236e544ece7f2da82a4fafb4489ad2e263754d9b9d88bc5c",
|
|
"pattern": "[file:hashes.SHA1 = '830be8a5fefd30f2b2697f2c0dded59d9646d017']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058de-ad88-40da-896a-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:02.000Z",
|
|
"modified": "2017-01-31T09:29:02.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: de3e25a69ba43b9f236e544ece7f2da82a4fafb4489ad2e263754d9b9d88bc5c",
|
|
"pattern": "[file:hashes.MD5 = '53754fc20891b33d600f57a6e5975a41']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058df-28c4-4bc8-9178-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:03.000Z",
|
|
"modified": "2017-01-31T09:29:03.000Z",
|
|
"first_observed": "2017-01-31T09:29:03Z",
|
|
"last_observed": "2017-01-31T09:29:03Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058df-28c4-4bc8-9178-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058df-28c4-4bc8-9178-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/de3e25a69ba43b9f236e544ece7f2da82a4fafb4489ad2e263754d9b9d88bc5c/analysis/1445904519/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058e0-dbac-42f5-b9d6-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:04.000Z",
|
|
"modified": "2017-01-31T09:29:04.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 2eb7aa306551d693691d14558c5dc4f6d80ef8f69cf466149fbba23953c08f7f",
|
|
"pattern": "[file:hashes.SHA1 = '278ab45a4c27ec3ba63dff735feccf0ef91132ed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058e1-9714-404a-b180-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:05.000Z",
|
|
"modified": "2017-01-31T09:29:05.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 2eb7aa306551d693691d14558c5dc4f6d80ef8f69cf466149fbba23953c08f7f",
|
|
"pattern": "[file:hashes.MD5 = '23108c347282ff101a2104bcf54204a8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058e2-fdc4-482d-a47d-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:06.000Z",
|
|
"modified": "2017-01-31T09:29:06.000Z",
|
|
"first_observed": "2017-01-31T09:29:06Z",
|
|
"last_observed": "2017-01-31T09:29:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058e2-fdc4-482d-a47d-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058e2-fdc4-482d-a47d-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/2eb7aa306551d693691d14558c5dc4f6d80ef8f69cf466149fbba23953c08f7f/analysis/1444029356/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058e2-c540-4992-aeca-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:06.000Z",
|
|
"modified": "2017-01-31T09:29:06.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 29049e2c7671a7c4fc953cb76e539150cc7c80e1b83c19d0894dfa446ce5276e",
|
|
"pattern": "[file:hashes.SHA1 = '32162e4f97b6310ef3034ff2a8dc2d2ca96f0179']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058e3-0058-44c0-87ae-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:07.000Z",
|
|
"modified": "2017-01-31T09:29:07.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 29049e2c7671a7c4fc953cb76e539150cc7c80e1b83c19d0894dfa446ce5276e",
|
|
"pattern": "[file:hashes.MD5 = 'e9d5e27f6d64f95c5f5bada6247f3e02']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058e4-1bb0-4881-884a-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:08.000Z",
|
|
"modified": "2017-01-31T09:29:08.000Z",
|
|
"first_observed": "2017-01-31T09:29:08Z",
|
|
"last_observed": "2017-01-31T09:29:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058e4-1bb0-4881-884a-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058e4-1bb0-4881-884a-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/29049e2c7671a7c4fc953cb76e539150cc7c80e1b83c19d0894dfa446ce5276e/analysis/1464983188/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058e5-3f24-45d5-9701-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:09.000Z",
|
|
"modified": "2017-01-31T09:29:09.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f0e3562d0438695c7f3af0c280968cfc7134b484010d9ba2aceab944b441b127",
|
|
"pattern": "[file:hashes.SHA1 = 'bcacfc015b80105a72c1df26dfd2efb6d998c0c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058e5-1544-4474-87e2-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:09.000Z",
|
|
"modified": "2017-01-31T09:29:09.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f0e3562d0438695c7f3af0c280968cfc7134b484010d9ba2aceab944b441b127",
|
|
"pattern": "[file:hashes.MD5 = 'aefb8a07ee41e57198d7bc90d9a88d41']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058e6-8590-4933-97e2-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:10.000Z",
|
|
"modified": "2017-01-31T09:29:10.000Z",
|
|
"first_observed": "2017-01-31T09:29:10Z",
|
|
"last_observed": "2017-01-31T09:29:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058e6-8590-4933-97e2-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058e6-8590-4933-97e2-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/f0e3562d0438695c7f3af0c280968cfc7134b484010d9ba2aceab944b441b127/analysis/1483012787/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058e7-54d0-4cb9-bed2-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:11.000Z",
|
|
"modified": "2017-01-31T09:29:11.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: a7aeeead233fcdfe1c7475db982497a82d8ae745ec1c58bd87215e8869c3f9e4",
|
|
"pattern": "[file:hashes.SHA1 = 'a0d914ee2a550f50f4d550863a23f724aab0f3ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058e8-9eb4-4faa-93ea-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:12.000Z",
|
|
"modified": "2017-01-31T09:29:12.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: a7aeeead233fcdfe1c7475db982497a82d8ae745ec1c58bd87215e8869c3f9e4",
|
|
"pattern": "[file:hashes.MD5 = 'bc42a09888de8b311f2e9ab0fc966c8c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058e9-cda0-4481-8570-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:13.000Z",
|
|
"modified": "2017-01-31T09:29:13.000Z",
|
|
"first_observed": "2017-01-31T09:29:13Z",
|
|
"last_observed": "2017-01-31T09:29:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058e9-cda0-4481-8570-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058e9-cda0-4481-8570-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/a7aeeead233fcdfe1c7475db982497a82d8ae745ec1c58bd87215e8869c3f9e4/analysis/1445902885/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058ea-d680-4a02-bae1-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:14.000Z",
|
|
"modified": "2017-01-31T09:29:14.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: a35e2b21f7f770debcffc79eb4834ec8881465df06cee41af705b6ea5d899978",
|
|
"pattern": "[file:hashes.SHA1 = '6eb6767e515019404a281fb66a3405bc70b3950c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058ea-b738-4d40-b235-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:14.000Z",
|
|
"modified": "2017-01-31T09:29:14.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: a35e2b21f7f770debcffc79eb4834ec8881465df06cee41af705b6ea5d899978",
|
|
"pattern": "[file:hashes.MD5 = '2b21004f94e6e1bdcab29fc37123ecfa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058eb-2960-4503-88e4-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:15.000Z",
|
|
"modified": "2017-01-31T09:29:15.000Z",
|
|
"first_observed": "2017-01-31T09:29:15Z",
|
|
"last_observed": "2017-01-31T09:29:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058eb-2960-4503-88e4-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058eb-2960-4503-88e4-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/a35e2b21f7f770debcffc79eb4834ec8881465df06cee41af705b6ea5d899978/analysis/1485511810/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058ec-9d10-4662-b630-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:16.000Z",
|
|
"modified": "2017-01-31T09:29:16.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 2c2ae3f482d9db2541de0d855b5b12cd18028a94887f0c28acf1e2d6a4f3d4ac",
|
|
"pattern": "[file:hashes.SHA1 = 'a852310f9398e8bc6aa971010564639621e23b66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058ed-7a7c-4786-bde3-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:17.000Z",
|
|
"modified": "2017-01-31T09:29:17.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 2c2ae3f482d9db2541de0d855b5b12cd18028a94887f0c28acf1e2d6a4f3d4ac",
|
|
"pattern": "[file:hashes.MD5 = '3cdf00f4972e9fc82c361ad933171578']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058ed-6f58-4b5e-bad0-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:17.000Z",
|
|
"modified": "2017-01-31T09:29:17.000Z",
|
|
"first_observed": "2017-01-31T09:29:17Z",
|
|
"last_observed": "2017-01-31T09:29:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058ed-6f58-4b5e-bad0-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058ed-6f58-4b5e-bad0-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/2c2ae3f482d9db2541de0d855b5b12cd18028a94887f0c28acf1e2d6a4f3d4ac/analysis/1429536372/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058ee-c1c4-4ac0-b182-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:18.000Z",
|
|
"modified": "2017-01-31T09:29:18.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f53fd5389b09c6ad289736720e72392dd5f30a1f7822dbc8c7c2e2b655b4dad9",
|
|
"pattern": "[file:hashes.SHA1 = '3547039172bbbb64fa80268079e16320aead1cd3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058ef-8a34-407d-a3ef-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:19.000Z",
|
|
"modified": "2017-01-31T09:29:19.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f53fd5389b09c6ad289736720e72392dd5f30a1f7822dbc8c7c2e2b655b4dad9",
|
|
"pattern": "[file:hashes.MD5 = 'd5b63862b8328fb45c3dabdcdf070d0d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058f0-7b8c-417e-af71-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:20.000Z",
|
|
"modified": "2017-01-31T09:29:20.000Z",
|
|
"first_observed": "2017-01-31T09:29:20Z",
|
|
"last_observed": "2017-01-31T09:29:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058f0-7b8c-417e-af71-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058f0-7b8c-417e-af71-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/f53fd5389b09c6ad289736720e72392dd5f30a1f7822dbc8c7c2e2b655b4dad9/analysis/1445901101/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058f0-557c-420a-b5ca-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:20.000Z",
|
|
"modified": "2017-01-31T09:29:20.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 25e6bf67410dffb95c527c19dcff5223dbc3bf4c987650e45fbea1267072e8ff",
|
|
"pattern": "[file:hashes.SHA1 = '5f0adbe4946e65ca32356e9dc68b6ccc5ef8b01a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058f1-ae40-4696-ac0e-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:21.000Z",
|
|
"modified": "2017-01-31T09:29:21.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 25e6bf67410dffb95c527c19dcff5223dbc3bf4c987650e45fbea1267072e8ff",
|
|
"pattern": "[file:hashes.MD5 = '27d3105273529cfca93f73865ee43a40']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058f2-f81c-48b6-a493-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:22.000Z",
|
|
"modified": "2017-01-31T09:29:22.000Z",
|
|
"first_observed": "2017-01-31T09:29:22Z",
|
|
"last_observed": "2017-01-31T09:29:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058f2-f81c-48b6-a493-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058f2-f81c-48b6-a493-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/25e6bf67410dffb95c527c19dcff5223dbc3bf4c987650e45fbea1267072e8ff/analysis/1442485310/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058f3-25ec-43eb-a550-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:23.000Z",
|
|
"modified": "2017-01-31T09:29:23.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 5668470c92408f4b9f3a659005c2acca9da8df750cc491bffc88ef640474fa4a",
|
|
"pattern": "[file:hashes.SHA1 = '51fca7a2429fa438b948df40bc20dad9953a4237']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058f3-d7b0-4de4-b732-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:23.000Z",
|
|
"modified": "2017-01-31T09:29:23.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 5668470c92408f4b9f3a659005c2acca9da8df750cc491bffc88ef640474fa4a",
|
|
"pattern": "[file:hashes.MD5 = '43167d4bb3c9b2592a6fa684e0c2e89b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058f4-d5a4-45c0-848a-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:24.000Z",
|
|
"modified": "2017-01-31T09:29:24.000Z",
|
|
"first_observed": "2017-01-31T09:29:24Z",
|
|
"last_observed": "2017-01-31T09:29:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058f4-d5a4-45c0-848a-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058f4-d5a4-45c0-848a-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/5668470c92408f4b9f3a659005c2acca9da8df750cc491bffc88ef640474fa4a/analysis/1422393878/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058f5-8cd8-45ed-97aa-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:25.000Z",
|
|
"modified": "2017-01-31T09:29:25.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: a40627acae6917787e92f9efa85739136c1670dcc5fe66695e105ddd72d7b80a",
|
|
"pattern": "[file:hashes.SHA1 = '6cd4c3ba25406b5fb4987dc8eaf01d798dddad71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058f6-033c-486c-9a00-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:26.000Z",
|
|
"modified": "2017-01-31T09:29:26.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: a40627acae6917787e92f9efa85739136c1670dcc5fe66695e105ddd72d7b80a",
|
|
"pattern": "[file:hashes.MD5 = '7503f289909b2c0ce685f7dbed5d8ba6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058f6-a3c0-4b9a-a94c-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:26.000Z",
|
|
"modified": "2017-01-31T09:29:26.000Z",
|
|
"first_observed": "2017-01-31T09:29:26Z",
|
|
"last_observed": "2017-01-31T09:29:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058f6-a3c0-4b9a-a94c-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058f6-a3c0-4b9a-a94c-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/a40627acae6917787e92f9efa85739136c1670dcc5fe66695e105ddd72d7b80a/analysis/1430387602/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058f7-6e30-43ba-9ed4-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:27.000Z",
|
|
"modified": "2017-01-31T09:29:27.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 7c578dcdcefe78fb1dd51ac611f6450d9eb5be6c5f1e3363f460321a46be4a39",
|
|
"pattern": "[file:hashes.SHA1 = '0be09d4feaa50f3946d20caabda070981e9d9472']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058f8-8658-4cd9-87d1-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:28.000Z",
|
|
"modified": "2017-01-31T09:29:28.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 7c578dcdcefe78fb1dd51ac611f6450d9eb5be6c5f1e3363f460321a46be4a39",
|
|
"pattern": "[file:hashes.MD5 = 'adf1bb23d6eb47a0688d0f510b061cad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058f9-1cec-45ce-b745-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:29.000Z",
|
|
"modified": "2017-01-31T09:29:29.000Z",
|
|
"first_observed": "2017-01-31T09:29:29Z",
|
|
"last_observed": "2017-01-31T09:29:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058f9-1cec-45ce-b745-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058f9-1cec-45ce-b745-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/7c578dcdcefe78fb1dd51ac611f6450d9eb5be6c5f1e3363f460321a46be4a39/analysis/1445890891/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058fa-d704-4d95-9192-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:30.000Z",
|
|
"modified": "2017-01-31T09:29:30.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: d30dbf17078a11c32dd23acea42335860e739c9f18bf0ed611132eef4d5cfcb6",
|
|
"pattern": "[file:hashes.SHA1 = '280e599972ec18dce56485978be72142725c4f0e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058fa-3d10-4ce7-a2a5-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:30.000Z",
|
|
"modified": "2017-01-31T09:29:30.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: d30dbf17078a11c32dd23acea42335860e739c9f18bf0ed611132eef4d5cfcb6",
|
|
"pattern": "[file:hashes.MD5 = '44d2ce4d450bced2e7b1f9572cbd17ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058fb-5384-46eb-b97c-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:31.000Z",
|
|
"modified": "2017-01-31T09:29:31.000Z",
|
|
"first_observed": "2017-01-31T09:29:31Z",
|
|
"last_observed": "2017-01-31T09:29:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058fb-5384-46eb-b97c-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058fb-5384-46eb-b97c-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/d30dbf17078a11c32dd23acea42335860e739c9f18bf0ed611132eef4d5cfcb6/analysis/1431591102/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058fc-a3e8-47e1-8c62-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:32.000Z",
|
|
"modified": "2017-01-31T09:29:32.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: d2d08bb2707b635617e5bab0fcd033b6f68a753dd2b3897adca1c627758e686b",
|
|
"pattern": "[file:hashes.SHA1 = '1db0b5cdaa6d7be08192286adc400a75fca0c5b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058fd-700c-4437-aaa7-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:33.000Z",
|
|
"modified": "2017-01-31T09:29:33.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: d2d08bb2707b635617e5bab0fcd033b6f68a753dd2b3897adca1c627758e686b",
|
|
"pattern": "[file:hashes.MD5 = '4dd319a230ee3a0735a656231b4c9063']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589058fd-2774-4fc6-9719-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:33.000Z",
|
|
"modified": "2017-01-31T09:29:33.000Z",
|
|
"first_observed": "2017-01-31T09:29:33Z",
|
|
"last_observed": "2017-01-31T09:29:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589058fd-2774-4fc6-9719-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589058fd-2774-4fc6-9719-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/d2d08bb2707b635617e5bab0fcd033b6f68a753dd2b3897adca1c627758e686b/analysis/1442485340/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058fe-d450-47b6-b000-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:34.000Z",
|
|
"modified": "2017-01-31T09:29:34.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 7eeeae1f2fc62653593c7ce254e9cf855905035c2e8f8c0588887cb8e99dd770",
|
|
"pattern": "[file:hashes.SHA1 = '0014a53bcc87f9a1b192a4f89a2bbdc2fb359e0e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589058ff-6fc8-42ce-9df5-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:35.000Z",
|
|
"modified": "2017-01-31T09:29:35.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 7eeeae1f2fc62653593c7ce254e9cf855905035c2e8f8c0588887cb8e99dd770",
|
|
"pattern": "[file:hashes.MD5 = 'a9af0758bbd54ea89aed241d5aaed307']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905900-5484-4ac9-ab61-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:36.000Z",
|
|
"modified": "2017-01-31T09:29:36.000Z",
|
|
"first_observed": "2017-01-31T09:29:36Z",
|
|
"last_observed": "2017-01-31T09:29:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905900-5484-4ac9-ab61-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905900-5484-4ac9-ab61-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/7eeeae1f2fc62653593c7ce254e9cf855905035c2e8f8c0588887cb8e99dd770/analysis/1437648367/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905900-ab8c-4070-9581-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:36.000Z",
|
|
"modified": "2017-01-31T09:29:36.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 488ba22d6cb8c9b0310c58fa4c4739692cdf45676c3164b357314322542f9dff",
|
|
"pattern": "[file:hashes.SHA1 = '498edcff006dbf86b36cea721c0541ac86e06d66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905901-5818-4bbc-9f4b-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:37.000Z",
|
|
"modified": "2017-01-31T09:29:37.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 488ba22d6cb8c9b0310c58fa4c4739692cdf45676c3164b357314322542f9dff",
|
|
"pattern": "[file:hashes.MD5 = 'b0f49c2c29d3966125dd322a504799c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905902-3d14-48ad-921e-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:38.000Z",
|
|
"modified": "2017-01-31T09:29:38.000Z",
|
|
"first_observed": "2017-01-31T09:29:38Z",
|
|
"last_observed": "2017-01-31T09:29:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905902-3d14-48ad-921e-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905902-3d14-48ad-921e-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/488ba22d6cb8c9b0310c58fa4c4739692cdf45676c3164b357314322542f9dff/analysis/1445906229/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905903-1cf0-49ab-a5fb-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:39.000Z",
|
|
"modified": "2017-01-31T09:29:39.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 1d533ddaefc7859a3f6c6751114e895b7aa5935eb0ed68b01ec61aa8560ae3d9",
|
|
"pattern": "[file:hashes.SHA1 = 'b5ec494f4f82bffbe6d8ddcaa927aabebe2fbd9d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905903-9ccc-498c-8d3a-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:39.000Z",
|
|
"modified": "2017-01-31T09:29:39.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 1d533ddaefc7859a3f6c6751114e895b7aa5935eb0ed68b01ec61aa8560ae3d9",
|
|
"pattern": "[file:hashes.MD5 = 'ec05a45ebd201a83974229a79979a672']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905904-edd8-4987-880a-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:40.000Z",
|
|
"modified": "2017-01-31T09:29:40.000Z",
|
|
"first_observed": "2017-01-31T09:29:40Z",
|
|
"last_observed": "2017-01-31T09:29:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905904-edd8-4987-880a-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905904-edd8-4987-880a-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/1d533ddaefc7859a3f6c6751114e895b7aa5935eb0ed68b01ec61aa8560ae3d9/analysis/1442485293/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905905-6eb4-4261-9fbf-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:41.000Z",
|
|
"modified": "2017-01-31T09:29:41.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 6050d4c1efcf8242382293842313f3a93309f1e449197d98c60cec29090c6bff",
|
|
"pattern": "[file:hashes.SHA1 = 'b737af6fe7c03d780510c8c18f5835e099094296']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905906-2e3c-43ac-8d1a-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:42.000Z",
|
|
"modified": "2017-01-31T09:29:42.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 6050d4c1efcf8242382293842313f3a93309f1e449197d98c60cec29090c6bff",
|
|
"pattern": "[file:hashes.MD5 = 'fdbe707910870ba2467596164e8e5222']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905907-3ec0-4a46-b650-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:43.000Z",
|
|
"modified": "2017-01-31T09:29:43.000Z",
|
|
"first_observed": "2017-01-31T09:29:43Z",
|
|
"last_observed": "2017-01-31T09:29:43Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905907-3ec0-4a46-b650-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905907-3ec0-4a46-b650-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/6050d4c1efcf8242382293842313f3a93309f1e449197d98c60cec29090c6bff/analysis/1457281801/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905907-422c-4198-95fb-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:43.000Z",
|
|
"modified": "2017-01-31T09:29:43.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 20e3d4c9223955495d00e72e2fedfe825e9fcda57696a255215895cfba490876",
|
|
"pattern": "[file:hashes.SHA1 = '3e7c4c5f686c5caadf44ebc7d4dd7ad772f532b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905908-ca7c-4975-8929-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:44.000Z",
|
|
"modified": "2017-01-31T09:29:44.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 20e3d4c9223955495d00e72e2fedfe825e9fcda57696a255215895cfba490876",
|
|
"pattern": "[file:hashes.MD5 = 'c9c0317cd07f6314ad2261ceca0fb9df']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905909-2c00-4373-86b2-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:45.000Z",
|
|
"modified": "2017-01-31T09:29:45.000Z",
|
|
"first_observed": "2017-01-31T09:29:45Z",
|
|
"last_observed": "2017-01-31T09:29:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905909-2c00-4373-86b2-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905909-2c00-4373-86b2-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/20e3d4c9223955495d00e72e2fedfe825e9fcda57696a255215895cfba490876/analysis/1437979774/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890590a-2f14-424d-afac-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:46.000Z",
|
|
"modified": "2017-01-31T09:29:46.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: dcc04adf96045e7227a0e1f1d092919276b21035bcb3c5ed462650ef8d2e7aa3",
|
|
"pattern": "[file:hashes.SHA1 = '4f521f90ae10c562e686128f67416d0f27d52cdf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890590a-a57c-4e8e-9e61-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:46.000Z",
|
|
"modified": "2017-01-31T09:29:46.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: dcc04adf96045e7227a0e1f1d092919276b21035bcb3c5ed462650ef8d2e7aa3",
|
|
"pattern": "[file:hashes.MD5 = '7f745e3674de1687c852203fe2608bc9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890590b-b60c-4dc3-a5d3-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:47.000Z",
|
|
"modified": "2017-01-31T09:29:47.000Z",
|
|
"first_observed": "2017-01-31T09:29:47Z",
|
|
"last_observed": "2017-01-31T09:29:47Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890590b-b60c-4dc3-a5d3-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890590b-b60c-4dc3-a5d3-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/dcc04adf96045e7227a0e1f1d092919276b21035bcb3c5ed462650ef8d2e7aa3/analysis/1451903213/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890590c-1c74-40e2-8858-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:48.000Z",
|
|
"modified": "2017-01-31T09:29:48.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 3ff059a53e38f9fcd24e8d6bf008b4e14733db317857764cfcef736119ff26c9",
|
|
"pattern": "[file:hashes.SHA1 = '7d1de5bb7c1d2b44f6db2b95fd0bc3ca2e13970d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890590d-bf28-4c4b-87ed-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:49.000Z",
|
|
"modified": "2017-01-31T09:29:49.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 3ff059a53e38f9fcd24e8d6bf008b4e14733db317857764cfcef736119ff26c9",
|
|
"pattern": "[file:hashes.MD5 = '8385193fd14e5fd02108428005f59bf5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890590d-ffa4-4dea-8268-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:49.000Z",
|
|
"modified": "2017-01-31T09:29:49.000Z",
|
|
"first_observed": "2017-01-31T09:29:49Z",
|
|
"last_observed": "2017-01-31T09:29:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890590d-ffa4-4dea-8268-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890590d-ffa4-4dea-8268-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/3ff059a53e38f9fcd24e8d6bf008b4e14733db317857764cfcef736119ff26c9/analysis/1457068862/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890590e-cc30-4609-bebd-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:50.000Z",
|
|
"modified": "2017-01-31T09:29:50.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 5e7d68c53212f6d467533f105d4a067682e28da47304a53c17b056d2b4404f0a",
|
|
"pattern": "[file:hashes.SHA1 = 'c99844893445d099638487fb5deb77c89b94fe55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890590f-c50c-4312-a6f9-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:51.000Z",
|
|
"modified": "2017-01-31T09:29:51.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 5e7d68c53212f6d467533f105d4a067682e28da47304a53c17b056d2b4404f0a",
|
|
"pattern": "[file:hashes.MD5 = '095e6452a6ce756a1428de607b4dcce1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905910-9058-471b-a295-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:52.000Z",
|
|
"modified": "2017-01-31T09:29:52.000Z",
|
|
"first_observed": "2017-01-31T09:29:52Z",
|
|
"last_observed": "2017-01-31T09:29:52Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905910-9058-471b-a295-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905910-9058-471b-a295-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/5e7d68c53212f6d467533f105d4a067682e28da47304a53c17b056d2b4404f0a/analysis/1468853841/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905910-4794-47a0-9ee7-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:52.000Z",
|
|
"modified": "2017-01-31T09:29:52.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 02bd710d3055076f86116d28427322c9cb623291c6c5a66c1932181fc6558586",
|
|
"pattern": "[file:hashes.SHA1 = 'b86f4fb6848f42c392c22ee2da96a6c1c0ef2a5e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905911-85e8-435b-add6-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:53.000Z",
|
|
"modified": "2017-01-31T09:29:53.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 02bd710d3055076f86116d28427322c9cb623291c6c5a66c1932181fc6558586",
|
|
"pattern": "[file:hashes.MD5 = '2cd8c27bdc88ebba3e36114a1b55cef6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905912-0904-4946-9753-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:54.000Z",
|
|
"modified": "2017-01-31T09:29:54.000Z",
|
|
"first_observed": "2017-01-31T09:29:54Z",
|
|
"last_observed": "2017-01-31T09:29:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905912-0904-4946-9753-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905912-0904-4946-9753-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/02bd710d3055076f86116d28427322c9cb623291c6c5a66c1932181fc6558586/analysis/1465426845/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905913-f440-4177-a691-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:55.000Z",
|
|
"modified": "2017-01-31T09:29:55.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: aacf24e288388431b30f8da765b4696975adc9cc0303d285abb05077eda21da2",
|
|
"pattern": "[file:hashes.SHA1 = '586fae3e668f2f9e53ec279be090e647ceca8b27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905914-7cec-4f3c-a66b-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:56.000Z",
|
|
"modified": "2017-01-31T09:29:56.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: aacf24e288388431b30f8da765b4696975adc9cc0303d285abb05077eda21da2",
|
|
"pattern": "[file:hashes.MD5 = '8c45031895f84971239d2d5b428bb05e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905914-a098-4a34-9055-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:56.000Z",
|
|
"modified": "2017-01-31T09:29:56.000Z",
|
|
"first_observed": "2017-01-31T09:29:56Z",
|
|
"last_observed": "2017-01-31T09:29:56Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905914-a098-4a34-9055-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905914-a098-4a34-9055-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/aacf24e288388431b30f8da765b4696975adc9cc0303d285abb05077eda21da2/analysis/1482685511/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905915-bf78-4d07-a108-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:57.000Z",
|
|
"modified": "2017-01-31T09:29:57.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 11b1088ad962984f6df89ccc6bbc98bf220af952dec0b4622f8453a0a164cb65",
|
|
"pattern": "[file:hashes.SHA1 = 'd2dac6063366d0cf09a4f1e8492e7c10a980abd7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905916-4500-4724-a938-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:58.000Z",
|
|
"modified": "2017-01-31T09:29:58.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 11b1088ad962984f6df89ccc6bbc98bf220af952dec0b4622f8453a0a164cb65",
|
|
"pattern": "[file:hashes.MD5 = '73f31e8ecb05ffef90c0031bb107bc64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:29:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905917-86f4-43a7-b9c4-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:29:59.000Z",
|
|
"modified": "2017-01-31T09:29:59.000Z",
|
|
"first_observed": "2017-01-31T09:29:59Z",
|
|
"last_observed": "2017-01-31T09:29:59Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905917-86f4-43a7-b9c4-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905917-86f4-43a7-b9c4-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/11b1088ad962984f6df89ccc6bbc98bf220af952dec0b4622f8453a0a164cb65/analysis/1475618056/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905918-a8f0-4635-b648-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:00.000Z",
|
|
"modified": "2017-01-31T09:30:00.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f361974e6fd6a6d7cfbfafb28159c4f8e514fe6f399788be4daa2449767d5904",
|
|
"pattern": "[file:hashes.SHA1 = '7c8bd3c445e1a17ab5a188f7a241b5630b8a687e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905919-da98-44d0-b77b-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:01.000Z",
|
|
"modified": "2017-01-31T09:30:01.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f361974e6fd6a6d7cfbfafb28159c4f8e514fe6f399788be4daa2449767d5904",
|
|
"pattern": "[file:hashes.MD5 = 'c4d8dc0806e68fb59122b0d40a3e73e5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905919-aaf0-4c31-8efe-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:01.000Z",
|
|
"modified": "2017-01-31T09:30:01.000Z",
|
|
"first_observed": "2017-01-31T09:30:01Z",
|
|
"last_observed": "2017-01-31T09:30:01Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905919-aaf0-4c31-8efe-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905919-aaf0-4c31-8efe-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/f361974e6fd6a6d7cfbfafb28159c4f8e514fe6f399788be4daa2449767d5904/analysis/1456465946/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890591a-3f24-46c0-9540-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:02.000Z",
|
|
"modified": "2017-01-31T09:30:02.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f1b682808f1819f0e3d030fce1fd6b1ca95ad052b069e028cd9ed4afd81cd4d6",
|
|
"pattern": "[file:hashes.SHA1 = '2cac6bdd7a6ecaef71a9e35b76c6aa33134eb055']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890591b-04fc-4126-aece-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:03.000Z",
|
|
"modified": "2017-01-31T09:30:03.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f1b682808f1819f0e3d030fce1fd6b1ca95ad052b069e028cd9ed4afd81cd4d6",
|
|
"pattern": "[file:hashes.MD5 = 'e671db8167d54120c113d01b83f28211']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890591c-f7dc-475a-90ed-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:04.000Z",
|
|
"modified": "2017-01-31T09:30:04.000Z",
|
|
"first_observed": "2017-01-31T09:30:04Z",
|
|
"last_observed": "2017-01-31T09:30:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890591c-f7dc-475a-90ed-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890591c-f7dc-475a-90ed-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/f1b682808f1819f0e3d030fce1fd6b1ca95ad052b069e028cd9ed4afd81cd4d6/analysis/1456914630/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890591c-6a48-404b-8c67-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:04.000Z",
|
|
"modified": "2017-01-31T09:30:04.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 8814fec28ccac77456be73305b32ad5a266a4929203b2acf431759c90fe579bd",
|
|
"pattern": "[file:hashes.SHA1 = 'a1e96b28f84fb1b810f9e080ea0aac648e15f55c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890591d-d348-4f2d-842e-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:05.000Z",
|
|
"modified": "2017-01-31T09:30:05.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 8814fec28ccac77456be73305b32ad5a266a4929203b2acf431759c90fe579bd",
|
|
"pattern": "[file:hashes.MD5 = '0c76d12b0acd8224714c2d3df782d478']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890591e-3930-44a8-8620-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:06.000Z",
|
|
"modified": "2017-01-31T09:30:06.000Z",
|
|
"first_observed": "2017-01-31T09:30:06Z",
|
|
"last_observed": "2017-01-31T09:30:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890591e-3930-44a8-8620-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890591e-3930-44a8-8620-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/8814fec28ccac77456be73305b32ad5a266a4929203b2acf431759c90fe579bd/analysis/1465718473/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890591f-d56c-4281-9ae9-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:07.000Z",
|
|
"modified": "2017-01-31T09:30:07.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 0045c28ed2a9d98efb798ec59f34b6a3058838f933af7c0dae6482a0e86e37bf",
|
|
"pattern": "[file:hashes.SHA1 = '821cdb91cba6435895032fb0951b6de2f2285e51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890591f-4290-4218-9365-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:07.000Z",
|
|
"modified": "2017-01-31T09:30:07.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 0045c28ed2a9d98efb798ec59f34b6a3058838f933af7c0dae6482a0e86e37bf",
|
|
"pattern": "[file:hashes.MD5 = '950d1a7563d985e3f7a70d7d57aaba1b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905920-21a0-40b0-9fec-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:08.000Z",
|
|
"modified": "2017-01-31T09:30:08.000Z",
|
|
"first_observed": "2017-01-31T09:30:08Z",
|
|
"last_observed": "2017-01-31T09:30:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905920-21a0-40b0-9fec-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905920-21a0-40b0-9fec-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/0045c28ed2a9d98efb798ec59f34b6a3058838f933af7c0dae6482a0e86e37bf/analysis/1469702981/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905921-8d74-4e92-85c4-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:09.000Z",
|
|
"modified": "2017-01-31T09:30:09.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: cdf4ec8beb3f15d04b54165b53475aa03949a67f9cb1847a749b2fb44a3fe0a4",
|
|
"pattern": "[file:hashes.SHA1 = '28d5f4625d3aa894eed22cc80635c5b6a2a40f7a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905922-0cc0-4442-8618-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:10.000Z",
|
|
"modified": "2017-01-31T09:30:10.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: cdf4ec8beb3f15d04b54165b53475aa03949a67f9cb1847a749b2fb44a3fe0a4",
|
|
"pattern": "[file:hashes.MD5 = '40dd4a30ee60349390ef37c87a037ec9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905922-f42c-49f3-95f0-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:10.000Z",
|
|
"modified": "2017-01-31T09:30:10.000Z",
|
|
"first_observed": "2017-01-31T09:30:10Z",
|
|
"last_observed": "2017-01-31T09:30:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905922-f42c-49f3-95f0-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905922-f42c-49f3-95f0-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/cdf4ec8beb3f15d04b54165b53475aa03949a67f9cb1847a749b2fb44a3fe0a4/analysis/1469703129/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905923-eb10-4235-9266-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:11.000Z",
|
|
"modified": "2017-01-31T09:30:11.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: a66a27d801891e39d3819355366399fabbf2f05327ddb7c7b5d304fabeac7118",
|
|
"pattern": "[file:hashes.SHA1 = 'd323a6273b1c2a337fe24095a7788c5f3dd6b11e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905924-78f0-4265-84a1-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:12.000Z",
|
|
"modified": "2017-01-31T09:30:12.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: a66a27d801891e39d3819355366399fabbf2f05327ddb7c7b5d304fabeac7118",
|
|
"pattern": "[file:hashes.MD5 = '9a7a9e477e8780b60f5fb7400da68a54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905925-4858-4ef6-b84e-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:13.000Z",
|
|
"modified": "2017-01-31T09:30:13.000Z",
|
|
"first_observed": "2017-01-31T09:30:13Z",
|
|
"last_observed": "2017-01-31T09:30:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905925-4858-4ef6-b84e-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905925-4858-4ef6-b84e-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/a66a27d801891e39d3819355366399fabbf2f05327ddb7c7b5d304fabeac7118/analysis/1480972813/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905926-7f34-47c2-ad20-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:14.000Z",
|
|
"modified": "2017-01-31T09:30:14.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: d735c19fc9223e1bc4e625c1f47801d758426fbae89e5086bc56a8d6b1df2011",
|
|
"pattern": "[file:hashes.SHA1 = '5f5a561a78445526f3d7d722cb019d5b549572a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905926-6854-497b-81f1-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:14.000Z",
|
|
"modified": "2017-01-31T09:30:14.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: d735c19fc9223e1bc4e625c1f47801d758426fbae89e5086bc56a8d6b1df2011",
|
|
"pattern": "[file:hashes.MD5 = 'a4d9b160377813bfa56bc62db176f099']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905927-29dc-4492-aae6-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:15.000Z",
|
|
"modified": "2017-01-31T09:30:15.000Z",
|
|
"first_observed": "2017-01-31T09:30:15Z",
|
|
"last_observed": "2017-01-31T09:30:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905927-29dc-4492-aae6-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905927-29dc-4492-aae6-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/d735c19fc9223e1bc4e625c1f47801d758426fbae89e5086bc56a8d6b1df2011/analysis/1480155071/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905928-1618-49c1-9d7e-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:16.000Z",
|
|
"modified": "2017-01-31T09:30:16.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: b6adae77a975058720e525a7f6d2451a01fedd3c6cab1515570d8490a8eb4f67",
|
|
"pattern": "[file:hashes.SHA1 = '7c37c9a954cbfe4675e9c711bd9e4b283d70acf2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905929-4960-42fb-ab7a-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:17.000Z",
|
|
"modified": "2017-01-31T09:30:17.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: b6adae77a975058720e525a7f6d2451a01fedd3c6cab1515570d8490a8eb4f67",
|
|
"pattern": "[file:hashes.MD5 = '85edbc9d56c6b19a0e918fd688423232']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890592a-648c-44b2-8f5f-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:18.000Z",
|
|
"modified": "2017-01-31T09:30:18.000Z",
|
|
"first_observed": "2017-01-31T09:30:18Z",
|
|
"last_observed": "2017-01-31T09:30:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890592a-648c-44b2-8f5f-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890592a-648c-44b2-8f5f-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/b6adae77a975058720e525a7f6d2451a01fedd3c6cab1515570d8490a8eb4f67/analysis/1480959333/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890592a-5f6c-41d0-8e97-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:18.000Z",
|
|
"modified": "2017-01-31T09:30:18.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 6a700aea23f7cb6907e464981a136b0fbfb5a48b910af2f9a44baf98d25f1722",
|
|
"pattern": "[file:hashes.SHA1 = 'b9033ff9039b45cd83e3746a0d504d925322ab6c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890592b-0dcc-4089-be52-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:19.000Z",
|
|
"modified": "2017-01-31T09:30:19.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 6a700aea23f7cb6907e464981a136b0fbfb5a48b910af2f9a44baf98d25f1722",
|
|
"pattern": "[file:hashes.MD5 = 'ccde7567c2804c2d702d7d20ea720f05']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890592c-0cd4-49fc-84ab-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:20.000Z",
|
|
"modified": "2017-01-31T09:30:20.000Z",
|
|
"first_observed": "2017-01-31T09:30:20Z",
|
|
"last_observed": "2017-01-31T09:30:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890592c-0cd4-49fc-84ab-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890592c-0cd4-49fc-84ab-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/6a700aea23f7cb6907e464981a136b0fbfb5a48b910af2f9a44baf98d25f1722/analysis/1482068491/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890592d-ed54-428e-93ea-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:21.000Z",
|
|
"modified": "2017-01-31T09:30:21.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: e874deabb7953c2b9b5e67fc08297019bb0171c2fbdbe136b822cee4d43b72e5",
|
|
"pattern": "[file:hashes.SHA1 = 'b395840f5c47f36564a9fe31aa11225fcf65c4eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890592d-fdcc-40b7-9d6a-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:21.000Z",
|
|
"modified": "2017-01-31T09:30:21.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: e874deabb7953c2b9b5e67fc08297019bb0171c2fbdbe136b822cee4d43b72e5",
|
|
"pattern": "[file:hashes.MD5 = 'ce50c67226bb1b3750527eba993d1d21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890592e-6c60-4df4-9f99-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:22.000Z",
|
|
"modified": "2017-01-31T09:30:22.000Z",
|
|
"first_observed": "2017-01-31T09:30:22Z",
|
|
"last_observed": "2017-01-31T09:30:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890592e-6c60-4df4-9f99-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890592e-6c60-4df4-9f99-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/e874deabb7953c2b9b5e67fc08297019bb0171c2fbdbe136b822cee4d43b72e5/analysis/1437207602/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890592f-d614-457d-b088-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:23.000Z",
|
|
"modified": "2017-01-31T09:30:23.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 695821451be582d85cd8e42ce4446f131bd474e6c715bdf13fe8bac6de34b2e3",
|
|
"pattern": "[file:hashes.SHA1 = '0f3dec78921465dc40dc59ea338fc8a00b9af526']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905930-fd64-4d4b-ab9e-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:24.000Z",
|
|
"modified": "2017-01-31T09:30:24.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 695821451be582d85cd8e42ce4446f131bd474e6c715bdf13fe8bac6de34b2e3",
|
|
"pattern": "[file:hashes.MD5 = '3ad900a739485cf53d7fdba02c769360']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905930-9404-48ab-bfb4-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:24.000Z",
|
|
"modified": "2017-01-31T09:30:24.000Z",
|
|
"first_observed": "2017-01-31T09:30:24Z",
|
|
"last_observed": "2017-01-31T09:30:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905930-9404-48ab-bfb4-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905930-9404-48ab-bfb4-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/695821451be582d85cd8e42ce4446f131bd474e6c715bdf13fe8bac6de34b2e3/analysis/1441888417/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905931-1ffc-494a-9c1e-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:25.000Z",
|
|
"modified": "2017-01-31T09:30:25.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 575b84c2d3bceebfabb2deb289a230f52aca2c504aa854251c1e9057f3f0cf5a",
|
|
"pattern": "[file:hashes.SHA1 = '81936f73329e9ca2d0c178d8692c3633677c56f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905932-67e4-4fe2-b74c-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:26.000Z",
|
|
"modified": "2017-01-31T09:30:26.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 575b84c2d3bceebfabb2deb289a230f52aca2c504aa854251c1e9057f3f0cf5a",
|
|
"pattern": "[file:hashes.MD5 = '92108158f850c391059b997f21499e8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905933-e068-44d2-a9e4-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:27.000Z",
|
|
"modified": "2017-01-31T09:30:27.000Z",
|
|
"first_observed": "2017-01-31T09:30:27Z",
|
|
"last_observed": "2017-01-31T09:30:27Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905933-e068-44d2-a9e4-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905933-e068-44d2-a9e4-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/575b84c2d3bceebfabb2deb289a230f52aca2c504aa854251c1e9057f3f0cf5a/analysis/1454061202/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905934-0dec-4c5a-9aed-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:28.000Z",
|
|
"modified": "2017-01-31T09:30:28.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 95d9a2b664e3e5c1206d94241ded115643aa0452dd3fe3338363ff826260f40c",
|
|
"pattern": "[file:hashes.SHA1 = '9a206a0cb889a4660c5fdb200a1dae2b057a0d6b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905934-9248-484e-8427-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:28.000Z",
|
|
"modified": "2017-01-31T09:30:28.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 95d9a2b664e3e5c1206d94241ded115643aa0452dd3fe3338363ff826260f40c",
|
|
"pattern": "[file:hashes.MD5 = '9bc78db519d9b9b3191774ddd5393506']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905935-81d4-4f51-983f-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:29.000Z",
|
|
"modified": "2017-01-31T09:30:29.000Z",
|
|
"first_observed": "2017-01-31T09:30:29Z",
|
|
"last_observed": "2017-01-31T09:30:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905935-81d4-4f51-983f-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905935-81d4-4f51-983f-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/95d9a2b664e3e5c1206d94241ded115643aa0452dd3fe3338363ff826260f40c/analysis/1481059132/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905936-df5c-4164-a94f-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:30.000Z",
|
|
"modified": "2017-01-31T09:30:30.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f4eda40b3f1c77f8f9e02674d93214dd31c13080b034e37b26cc66d744500b1e",
|
|
"pattern": "[file:hashes.SHA1 = 'c9893483527f0db951048ced4a47f52508106bdb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905937-8d64-419b-9193-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:31.000Z",
|
|
"modified": "2017-01-31T09:30:31.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f4eda40b3f1c77f8f9e02674d93214dd31c13080b034e37b26cc66d744500b1e",
|
|
"pattern": "[file:hashes.MD5 = 'cfa6b84c58f137bb7127e7a602c6b5b2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905937-0c14-4332-be60-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:31.000Z",
|
|
"modified": "2017-01-31T09:30:31.000Z",
|
|
"first_observed": "2017-01-31T09:30:31Z",
|
|
"last_observed": "2017-01-31T09:30:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905937-0c14-4332-be60-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905937-0c14-4332-be60-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/f4eda40b3f1c77f8f9e02674d93214dd31c13080b034e37b26cc66d744500b1e/analysis/1433668337/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905938-2098-407a-902f-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:32.000Z",
|
|
"modified": "2017-01-31T09:30:32.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: e5e4895d2195e14a3a105f3ed73fd49493e9dbdd7dfc6f6616023473fa8f86c6",
|
|
"pattern": "[file:hashes.SHA1 = 'b18990fbf7eb1edf9ae68f3be0be8a42797c60bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905939-65e8-441c-b90e-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:33.000Z",
|
|
"modified": "2017-01-31T09:30:33.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: e5e4895d2195e14a3a105f3ed73fd49493e9dbdd7dfc6f6616023473fa8f86c6",
|
|
"pattern": "[file:hashes.MD5 = '362aa4ed0b0af7fdc024f62e1032fece']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890593a-fd80-41c5-a335-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:34.000Z",
|
|
"modified": "2017-01-31T09:30:34.000Z",
|
|
"first_observed": "2017-01-31T09:30:34Z",
|
|
"last_observed": "2017-01-31T09:30:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890593a-fd80-41c5-a335-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890593a-fd80-41c5-a335-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/e5e4895d2195e14a3a105f3ed73fd49493e9dbdd7dfc6f6616023473fa8f86c6/analysis/1444621028/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890593b-f5a8-4e4d-bb87-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:35.000Z",
|
|
"modified": "2017-01-31T09:30:35.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: b30e3dc47848666e71c1f13050a6502b2c2a7a542ee867d152ffb2dd186d7114",
|
|
"pattern": "[file:hashes.SHA1 = '0c2e252bfddd801fe067b3a9ca0112ff300bef3f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890593b-c7d0-4ded-bed0-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:35.000Z",
|
|
"modified": "2017-01-31T09:30:35.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: b30e3dc47848666e71c1f13050a6502b2c2a7a542ee867d152ffb2dd186d7114",
|
|
"pattern": "[file:hashes.MD5 = '14e025f3f6e59935082c2a382f660998']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890593c-b1c0-437d-bd85-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:36.000Z",
|
|
"modified": "2017-01-31T09:30:36.000Z",
|
|
"first_observed": "2017-01-31T09:30:36Z",
|
|
"last_observed": "2017-01-31T09:30:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890593c-b1c0-437d-bd85-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890593c-b1c0-437d-bd85-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/b30e3dc47848666e71c1f13050a6502b2c2a7a542ee867d152ffb2dd186d7114/analysis/1439102020/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890593d-c81c-4b31-b751-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:37.000Z",
|
|
"modified": "2017-01-31T09:30:37.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f772463bafef5f45f675658eee43b6f56911a4f449afb0cc68ac068002a2f875",
|
|
"pattern": "[file:hashes.SHA1 = 'c886dac73bfc64a7d08fee8cd1e333bfa7e1b90e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890593e-4aa8-4c61-a638-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:38.000Z",
|
|
"modified": "2017-01-31T09:30:38.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f772463bafef5f45f675658eee43b6f56911a4f449afb0cc68ac068002a2f875",
|
|
"pattern": "[file:hashes.MD5 = '220a539e2d24850bfff7b4a3c85cbbf9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890593e-bd00-4001-92c4-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:38.000Z",
|
|
"modified": "2017-01-31T09:30:38.000Z",
|
|
"first_observed": "2017-01-31T09:30:38Z",
|
|
"last_observed": "2017-01-31T09:30:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890593e-bd00-4001-92c4-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890593e-bd00-4001-92c4-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/f772463bafef5f45f675658eee43b6f56911a4f449afb0cc68ac068002a2f875/analysis/1450801268/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890593f-9570-4d1a-ad4f-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:39.000Z",
|
|
"modified": "2017-01-31T09:30:39.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 182c82100069834ad4a8dadee6874cfb612f0b9babc7cd3ee5d69f16440ad6d7",
|
|
"pattern": "[file:hashes.SHA1 = '7b340aef853cb95f46023a74f808318a086c3336']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905940-0690-4348-9ebb-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:40.000Z",
|
|
"modified": "2017-01-31T09:30:40.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 182c82100069834ad4a8dadee6874cfb612f0b9babc7cd3ee5d69f16440ad6d7",
|
|
"pattern": "[file:hashes.MD5 = '20236c284cbc83ef951ab3fc3ead1c24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905941-37a4-4452-8603-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:41.000Z",
|
|
"modified": "2017-01-31T09:30:41.000Z",
|
|
"first_observed": "2017-01-31T09:30:41Z",
|
|
"last_observed": "2017-01-31T09:30:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905941-37a4-4452-8603-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905941-37a4-4452-8603-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/182c82100069834ad4a8dadee6874cfb612f0b9babc7cd3ee5d69f16440ad6d7/analysis/1455056645/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905941-6414-49c5-9561-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:41.000Z",
|
|
"modified": "2017-01-31T09:30:41.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 2ddce8b010f011a04cf24dc8e5932ae13b463dd6a3cb9bf02ae835b04a70d042",
|
|
"pattern": "[file:hashes.SHA1 = '7768c72749bd56d850d55de20e3f0e42bc021acb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905942-7d84-4505-9494-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:42.000Z",
|
|
"modified": "2017-01-31T09:30:42.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 2ddce8b010f011a04cf24dc8e5932ae13b463dd6a3cb9bf02ae835b04a70d042",
|
|
"pattern": "[file:hashes.MD5 = '6f70ac719565e3e0d65d2e41b5690280']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905943-3168-48ec-88df-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:43.000Z",
|
|
"modified": "2017-01-31T09:30:43.000Z",
|
|
"first_observed": "2017-01-31T09:30:43Z",
|
|
"last_observed": "2017-01-31T09:30:43Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905943-3168-48ec-88df-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905943-3168-48ec-88df-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/2ddce8b010f011a04cf24dc8e5932ae13b463dd6a3cb9bf02ae835b04a70d042/analysis/1480287576/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905944-58fc-4e84-a189-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:44.000Z",
|
|
"modified": "2017-01-31T09:30:44.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: dbeb3c262cc6eefea93846f817e8333ee541ec23d19ffef56a94585e519e6ff1",
|
|
"pattern": "[file:hashes.SHA1 = 'b0f67ff0b0cdffd70ced66335b0f55cc7e3104e5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905944-5018-443f-ab36-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:44.000Z",
|
|
"modified": "2017-01-31T09:30:44.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: dbeb3c262cc6eefea93846f817e8333ee541ec23d19ffef56a94585e519e6ff1",
|
|
"pattern": "[file:hashes.MD5 = '8df34a72ffcfbf7fe4e19ea1d9a5d2bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905945-9c94-4dad-be73-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:45.000Z",
|
|
"modified": "2017-01-31T09:30:45.000Z",
|
|
"first_observed": "2017-01-31T09:30:45Z",
|
|
"last_observed": "2017-01-31T09:30:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905945-9c94-4dad-be73-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905945-9c94-4dad-be73-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/dbeb3c262cc6eefea93846f817e8333ee541ec23d19ffef56a94585e519e6ff1/analysis/1467283606/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905946-780c-4c6d-91d5-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:46.000Z",
|
|
"modified": "2017-01-31T09:30:46.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 6f6414c8f8a800c769da1f6994cad25757a2928375803a498171db3395183b98",
|
|
"pattern": "[file:hashes.SHA1 = 'f9d399f0a721f0354b5e5aa201c025a82509ee3d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905947-1568-4847-8f46-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:47.000Z",
|
|
"modified": "2017-01-31T09:30:47.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 6f6414c8f8a800c769da1f6994cad25757a2928375803a498171db3395183b98",
|
|
"pattern": "[file:hashes.MD5 = 'f5649265e04d410caad70c4e240779b7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905947-c62c-496a-8018-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:47.000Z",
|
|
"modified": "2017-01-31T09:30:47.000Z",
|
|
"first_observed": "2017-01-31T09:30:47Z",
|
|
"last_observed": "2017-01-31T09:30:47Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905947-c62c-496a-8018-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905947-c62c-496a-8018-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/6f6414c8f8a800c769da1f6994cad25757a2928375803a498171db3395183b98/analysis/1461500873/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905948-35b8-4f5d-8fb5-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:48.000Z",
|
|
"modified": "2017-01-31T09:30:48.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: ea16f0d55918752ad432d0da03a7e39ab9a8442b74ae0bbe724900605a9ba71f",
|
|
"pattern": "[file:hashes.SHA1 = 'd01e310274e7eea3948d91c204e7a8725a8b5d5c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905949-6d18-4f19-a5c1-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:49.000Z",
|
|
"modified": "2017-01-31T09:30:49.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: ea16f0d55918752ad432d0da03a7e39ab9a8442b74ae0bbe724900605a9ba71f",
|
|
"pattern": "[file:hashes.MD5 = 'df3f3ad279ca98f947214ffb3c91c514']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890594a-b6d4-494b-9973-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:50.000Z",
|
|
"modified": "2017-01-31T09:30:50.000Z",
|
|
"first_observed": "2017-01-31T09:30:50Z",
|
|
"last_observed": "2017-01-31T09:30:50Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890594a-b6d4-494b-9973-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890594a-b6d4-494b-9973-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/ea16f0d55918752ad432d0da03a7e39ab9a8442b74ae0bbe724900605a9ba71f/analysis/1460881198/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890594a-2ccc-49f1-b075-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:50.000Z",
|
|
"modified": "2017-01-31T09:30:50.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: fefa0781e88fa215419b2a1294c8b952b192f8360aeab2f97bbd9cea15fc7338",
|
|
"pattern": "[file:hashes.SHA1 = 'ed6af6230e874739b44028a288d4e86e306b39b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890594b-e4c8-4e65-a3be-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:51.000Z",
|
|
"modified": "2017-01-31T09:30:51.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: fefa0781e88fa215419b2a1294c8b952b192f8360aeab2f97bbd9cea15fc7338",
|
|
"pattern": "[file:hashes.MD5 = '22aaae7e129df6681492ff0b1d0c1a14']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890594c-5f54-414b-86bb-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:52.000Z",
|
|
"modified": "2017-01-31T09:30:52.000Z",
|
|
"first_observed": "2017-01-31T09:30:52Z",
|
|
"last_observed": "2017-01-31T09:30:52Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890594c-5f54-414b-86bb-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890594c-5f54-414b-86bb-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/fefa0781e88fa215419b2a1294c8b952b192f8360aeab2f97bbd9cea15fc7338/analysis/1472236061/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890594d-31f0-4462-ad02-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:53.000Z",
|
|
"modified": "2017-01-31T09:30:53.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 575708d3eb23f8111b7174408f05caf6574c5d6782c750562bfb9abe48cb219e",
|
|
"pattern": "[file:hashes.SHA1 = 'e13d84dcdb9c80b5783f32ba45a336d448c6e4ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890594d-2f30-4208-85a2-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:53.000Z",
|
|
"modified": "2017-01-31T09:30:53.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 575708d3eb23f8111b7174408f05caf6574c5d6782c750562bfb9abe48cb219e",
|
|
"pattern": "[file:hashes.MD5 = 'a2a6b387c7b0e0bac64a262ed8e84880']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890594e-5310-40a3-ac72-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:54.000Z",
|
|
"modified": "2017-01-31T09:30:54.000Z",
|
|
"first_observed": "2017-01-31T09:30:54Z",
|
|
"last_observed": "2017-01-31T09:30:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890594e-5310-40a3-ac72-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890594e-5310-40a3-ac72-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/575708d3eb23f8111b7174408f05caf6574c5d6782c750562bfb9abe48cb219e/analysis/1485813756/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890594f-5160-4baf-b298-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:55.000Z",
|
|
"modified": "2017-01-31T09:30:55.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 53e82d01dd2502416ad49329e1224a7c4519182186e60f690ecd0cf266f5af5e",
|
|
"pattern": "[file:hashes.SHA1 = '3148f61bd858accdbf2e54d92caad2613ad07ffc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905950-f090-41b2-ab28-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:56.000Z",
|
|
"modified": "2017-01-31T09:30:56.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 53e82d01dd2502416ad49329e1224a7c4519182186e60f690ecd0cf266f5af5e",
|
|
"pattern": "[file:hashes.MD5 = 'f1f2b6f6e72129fadd11e260dcc1839c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905951-d028-4b8b-8031-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:57.000Z",
|
|
"modified": "2017-01-31T09:30:57.000Z",
|
|
"first_observed": "2017-01-31T09:30:57Z",
|
|
"last_observed": "2017-01-31T09:30:57Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905951-d028-4b8b-8031-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905951-d028-4b8b-8031-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/53e82d01dd2502416ad49329e1224a7c4519182186e60f690ecd0cf266f5af5e/analysis/1463178607/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905952-42b0-4960-b756-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:58.000Z",
|
|
"modified": "2017-01-31T09:30:58.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 91a4e395d57a52a85a2bda653a0ed796865e8af01c1345dff63469759448daf0",
|
|
"pattern": "[file:hashes.SHA1 = 'a15410706e3ef8f4644fba2e142d15ed10bd6302']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905952-619c-421e-a8a1-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:58.000Z",
|
|
"modified": "2017-01-31T09:30:58.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 91a4e395d57a52a85a2bda653a0ed796865e8af01c1345dff63469759448daf0",
|
|
"pattern": "[file:hashes.MD5 = '1dca1973c0fbe3b6870b78920c348d13']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:30:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905953-1880-4833-9fa0-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:30:59.000Z",
|
|
"modified": "2017-01-31T09:30:59.000Z",
|
|
"first_observed": "2017-01-31T09:30:59Z",
|
|
"last_observed": "2017-01-31T09:30:59Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905953-1880-4833-9fa0-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905953-1880-4833-9fa0-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/91a4e395d57a52a85a2bda653a0ed796865e8af01c1345dff63469759448daf0/analysis/1454585685/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905954-4b68-4149-8f89-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:00.000Z",
|
|
"modified": "2017-01-31T09:31:00.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 65986f6f919e9152176a10ae3964fac130ae6195e189453d17306a225022774d",
|
|
"pattern": "[file:hashes.SHA1 = 'b4afecb6365290548833b4f70c9df72ef8e523d7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905955-fdd8-4873-ba7e-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:01.000Z",
|
|
"modified": "2017-01-31T09:31:01.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 65986f6f919e9152176a10ae3964fac130ae6195e189453d17306a225022774d",
|
|
"pattern": "[file:hashes.MD5 = '07d96f421b0466448dac1ba66b9e62d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905956-81c8-4766-bf55-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:02.000Z",
|
|
"modified": "2017-01-31T09:31:02.000Z",
|
|
"first_observed": "2017-01-31T09:31:02Z",
|
|
"last_observed": "2017-01-31T09:31:02Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905956-81c8-4766-bf55-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905956-81c8-4766-bf55-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/65986f6f919e9152176a10ae3964fac130ae6195e189453d17306a225022774d/analysis/1462429730/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905956-e9e4-4d0a-8d49-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:02.000Z",
|
|
"modified": "2017-01-31T09:31:02.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: dbdc72a7cfbf03599b95d8f1c47e157da34ea5d2f951cf5f49715e8caab58cd4",
|
|
"pattern": "[file:hashes.SHA1 = '90e1411078597d5ef5ceaabf48a48b28a78c83e5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905958-eda8-4f9f-941b-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:04.000Z",
|
|
"modified": "2017-01-31T09:31:04.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: dbdc72a7cfbf03599b95d8f1c47e157da34ea5d2f951cf5f49715e8caab58cd4",
|
|
"pattern": "[file:hashes.MD5 = 'dfc4eff520c38f7a3f93ff9cecbf0e5c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905959-fb38-40f4-830c-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:05.000Z",
|
|
"modified": "2017-01-31T09:31:05.000Z",
|
|
"first_observed": "2017-01-31T09:31:05Z",
|
|
"last_observed": "2017-01-31T09:31:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905959-fb38-40f4-830c-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905959-fb38-40f4-830c-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/dbdc72a7cfbf03599b95d8f1c47e157da34ea5d2f951cf5f49715e8caab58cd4/analysis/1462525381/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905959-c358-48ec-851c-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:05.000Z",
|
|
"modified": "2017-01-31T09:31:05.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 8cdbea2aea51f73c68adc517eed533802e1f3b2a9ec0b0560b6bb8fc03ac3e4f",
|
|
"pattern": "[file:hashes.SHA1 = '5155370a58ced4569b7310fb521a5102e9228fe0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890595a-5924-4437-a6c5-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:06.000Z",
|
|
"modified": "2017-01-31T09:31:06.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 8cdbea2aea51f73c68adc517eed533802e1f3b2a9ec0b0560b6bb8fc03ac3e4f",
|
|
"pattern": "[file:hashes.MD5 = '8b638074becf295a00dca58fa3e758fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890595b-00fc-41b8-8589-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:07.000Z",
|
|
"modified": "2017-01-31T09:31:07.000Z",
|
|
"first_observed": "2017-01-31T09:31:07Z",
|
|
"last_observed": "2017-01-31T09:31:07Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890595b-00fc-41b8-8589-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890595b-00fc-41b8-8589-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/8cdbea2aea51f73c68adc517eed533802e1f3b2a9ec0b0560b6bb8fc03ac3e4f/analysis/1482097360/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890595c-2c50-41ed-a8f3-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:08.000Z",
|
|
"modified": "2017-01-31T09:31:08.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f5413c785770400215c3191ea887517b4380ec81be4e5bdc5aea12bf82f9105d",
|
|
"pattern": "[file:hashes.SHA1 = 'd4b1e3287d85223cd622390d2fc508f0dbad84dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890595d-37f8-4416-bfde-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:09.000Z",
|
|
"modified": "2017-01-31T09:31:09.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f5413c785770400215c3191ea887517b4380ec81be4e5bdc5aea12bf82f9105d",
|
|
"pattern": "[file:hashes.MD5 = '1dae5535d05a6919c779553e778ecd47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890595d-973c-41a9-a48e-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:09.000Z",
|
|
"modified": "2017-01-31T09:31:09.000Z",
|
|
"first_observed": "2017-01-31T09:31:09Z",
|
|
"last_observed": "2017-01-31T09:31:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890595d-973c-41a9-a48e-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890595d-973c-41a9-a48e-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/f5413c785770400215c3191ea887517b4380ec81be4e5bdc5aea12bf82f9105d/analysis/1482118889/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890595e-9cf0-4e07-85e1-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:10.000Z",
|
|
"modified": "2017-01-31T09:31:10.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: fea74bf9eed7363f97a09756b4652409cfcd7bbe023383805aec5da7de6310bd",
|
|
"pattern": "[file:hashes.SHA1 = '3095e6b8c75ccc21eba02364c6dc85c94eeea187']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890595f-d7c4-4536-84bb-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:11.000Z",
|
|
"modified": "2017-01-31T09:31:11.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: fea74bf9eed7363f97a09756b4652409cfcd7bbe023383805aec5da7de6310bd",
|
|
"pattern": "[file:hashes.MD5 = '07cd6b0ef48eb0e6653a3866659cc808']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905960-78e8-4598-a63f-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:12.000Z",
|
|
"modified": "2017-01-31T09:31:12.000Z",
|
|
"first_observed": "2017-01-31T09:31:12Z",
|
|
"last_observed": "2017-01-31T09:31:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905960-78e8-4598-a63f-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905960-78e8-4598-a63f-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/fea74bf9eed7363f97a09756b4652409cfcd7bbe023383805aec5da7de6310bd/analysis/1481192317/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905960-5e94-4f9e-b476-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:12.000Z",
|
|
"modified": "2017-01-31T09:31:12.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 17942d9d76dafb64aa0d3ab53c9ee56e5d8bd4477440f06780b70dd4c02af8b8",
|
|
"pattern": "[file:hashes.SHA1 = '59180b93f4550ad49c562e06590c506b019075bd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905961-2030-4b92-9fde-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:13.000Z",
|
|
"modified": "2017-01-31T09:31:13.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 17942d9d76dafb64aa0d3ab53c9ee56e5d8bd4477440f06780b70dd4c02af8b8",
|
|
"pattern": "[file:hashes.MD5 = 'c6aa09ad3756f94d0b4b77a3468bb390']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905962-00d8-4dea-b05a-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:14.000Z",
|
|
"modified": "2017-01-31T09:31:14.000Z",
|
|
"first_observed": "2017-01-31T09:31:14Z",
|
|
"last_observed": "2017-01-31T09:31:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905962-00d8-4dea-b05a-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905962-00d8-4dea-b05a-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/17942d9d76dafb64aa0d3ab53c9ee56e5d8bd4477440f06780b70dd4c02af8b8/analysis/1476466291/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905963-6df8-425e-8c13-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:15.000Z",
|
|
"modified": "2017-01-31T09:31:15.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 759ae70b035c3bbb6699520db3a55f3947e6ba1b5ce639ec036e3096ee10b26d",
|
|
"pattern": "[file:hashes.SHA1 = '1ab6a62518aa72d1c1617ce2a19d4d6b844f6084']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905963-6248-4163-b58b-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:15.000Z",
|
|
"modified": "2017-01-31T09:31:15.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 759ae70b035c3bbb6699520db3a55f3947e6ba1b5ce639ec036e3096ee10b26d",
|
|
"pattern": "[file:hashes.MD5 = '2051ce8eaceb1e079d157fa252f23bab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905964-a748-4a9b-93de-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:16.000Z",
|
|
"modified": "2017-01-31T09:31:16.000Z",
|
|
"first_observed": "2017-01-31T09:31:16Z",
|
|
"last_observed": "2017-01-31T09:31:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905964-a748-4a9b-93de-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905964-a748-4a9b-93de-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/759ae70b035c3bbb6699520db3a55f3947e6ba1b5ce639ec036e3096ee10b26d/analysis/1481706579/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905965-d840-4f82-af7e-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:17.000Z",
|
|
"modified": "2017-01-31T09:31:17.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 4393ff391396cdfd229517dd98aa7faecad04da479fe8ca322f035ceee363273",
|
|
"pattern": "[file:hashes.SHA1 = 'e0ba60bcbc6b569e3e47c2efa48705d249647034']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905965-295c-47c3-9aae-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:17.000Z",
|
|
"modified": "2017-01-31T09:31:17.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 4393ff391396cdfd229517dd98aa7faecad04da479fe8ca322f035ceee363273",
|
|
"pattern": "[file:hashes.MD5 = '4cd8d7f790d82576a240c12ad5bae27b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905966-33dc-4537-bf48-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:18.000Z",
|
|
"modified": "2017-01-31T09:31:18.000Z",
|
|
"first_observed": "2017-01-31T09:31:18Z",
|
|
"last_observed": "2017-01-31T09:31:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905966-33dc-4537-bf48-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905966-33dc-4537-bf48-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/4393ff391396cdfd229517dd98aa7faecad04da479fe8ca322f035ceee363273/analysis/1483891039/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905967-c78c-4f86-94ac-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:19.000Z",
|
|
"modified": "2017-01-31T09:31:19.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 39b991838653739eef482af6336fcf03922d7e9d88d17946b688a513dd2bfc34",
|
|
"pattern": "[file:hashes.SHA1 = 'dff125104711e84bb3ebf3ace8ecd2b877514dc4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905968-4734-4d46-ae2e-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:20.000Z",
|
|
"modified": "2017-01-31T09:31:20.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 39b991838653739eef482af6336fcf03922d7e9d88d17946b688a513dd2bfc34",
|
|
"pattern": "[file:hashes.MD5 = '0c5ab7aa9d1103ed24496a192d3f2366']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905969-c8ec-4649-a33a-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:21.000Z",
|
|
"modified": "2017-01-31T09:31:21.000Z",
|
|
"first_observed": "2017-01-31T09:31:21Z",
|
|
"last_observed": "2017-01-31T09:31:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905969-c8ec-4649-a33a-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905969-c8ec-4649-a33a-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/39b991838653739eef482af6336fcf03922d7e9d88d17946b688a513dd2bfc34/analysis/1480907521/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905969-314c-47c2-ab2a-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:21.000Z",
|
|
"modified": "2017-01-31T09:31:21.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: d3066fa4a7a1ef38c753796479768b765c6903ef50c35352e29e79dcd49e4348",
|
|
"pattern": "[file:hashes.SHA1 = '59ea0d981b828c445c27027f832762958b5b7797']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890596a-fa0c-49df-b347-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:22.000Z",
|
|
"modified": "2017-01-31T09:31:22.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: d3066fa4a7a1ef38c753796479768b765c6903ef50c35352e29e79dcd49e4348",
|
|
"pattern": "[file:hashes.MD5 = '0c5912a439a786412c096740101c0c92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890596b-54e4-4746-9c0e-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:23.000Z",
|
|
"modified": "2017-01-31T09:31:23.000Z",
|
|
"first_observed": "2017-01-31T09:31:23Z",
|
|
"last_observed": "2017-01-31T09:31:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890596b-54e4-4746-9c0e-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890596b-54e4-4746-9c0e-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/d3066fa4a7a1ef38c753796479768b765c6903ef50c35352e29e79dcd49e4348/analysis/1474974050/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890596c-86e4-4a2e-9bac-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:24.000Z",
|
|
"modified": "2017-01-31T09:31:24.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 3619b12b11cda6e87644d3316355d99ee5fa5407aa8a8f107aa1058e33b19bf6",
|
|
"pattern": "[file:hashes.SHA1 = '47812b666966421f9672ba35050e405e228335a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890596c-b890-41b5-9604-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:24.000Z",
|
|
"modified": "2017-01-31T09:31:24.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 3619b12b11cda6e87644d3316355d99ee5fa5407aa8a8f107aa1058e33b19bf6",
|
|
"pattern": "[file:hashes.MD5 = '9129e57c729a5aaa00a75343376a5959']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890596d-90fc-482c-97e1-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:25.000Z",
|
|
"modified": "2017-01-31T09:31:25.000Z",
|
|
"first_observed": "2017-01-31T09:31:25Z",
|
|
"last_observed": "2017-01-31T09:31:25Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890596d-90fc-482c-97e1-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890596d-90fc-482c-97e1-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/3619b12b11cda6e87644d3316355d99ee5fa5407aa8a8f107aa1058e33b19bf6/analysis/1476902985/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890596e-8430-45de-92c5-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:26.000Z",
|
|
"modified": "2017-01-31T09:31:26.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 9b8d8780454708b950459d43161097ac72f62ff349bc8f379b5b2216bc9ae935",
|
|
"pattern": "[file:hashes.SHA1 = '5baef3c026f02bf0e0c4ac377fb4d46adab604f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890596f-2a60-47a7-a4d1-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:27.000Z",
|
|
"modified": "2017-01-31T09:31:27.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 9b8d8780454708b950459d43161097ac72f62ff349bc8f379b5b2216bc9ae935",
|
|
"pattern": "[file:hashes.MD5 = '0244187ca2c3bdbfaa84384389fad113']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890596f-6b80-4ff5-b114-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:27.000Z",
|
|
"modified": "2017-01-31T09:31:27.000Z",
|
|
"first_observed": "2017-01-31T09:31:27Z",
|
|
"last_observed": "2017-01-31T09:31:27Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890596f-6b80-4ff5-b114-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890596f-6b80-4ff5-b114-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/9b8d8780454708b950459d43161097ac72f62ff349bc8f379b5b2216bc9ae935/analysis/1468557310/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905970-cfcc-453f-927c-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:28.000Z",
|
|
"modified": "2017-01-31T09:31:28.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 3243292e46a198bd83e0dce58258312852c99217187e6d5399066189feb2677b",
|
|
"pattern": "[file:hashes.SHA1 = '6a668691c3a1014b29df7246d60c2813a13ac198']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905971-4af4-47b8-b3bb-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:29.000Z",
|
|
"modified": "2017-01-31T09:31:29.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 3243292e46a198bd83e0dce58258312852c99217187e6d5399066189feb2677b",
|
|
"pattern": "[file:hashes.MD5 = '8777e22d0d1c26dcd3ad99567cb92ec2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905972-5ac8-4fda-aeb2-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:30.000Z",
|
|
"modified": "2017-01-31T09:31:30.000Z",
|
|
"first_observed": "2017-01-31T09:31:30Z",
|
|
"last_observed": "2017-01-31T09:31:30Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905972-5ac8-4fda-aeb2-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905972-5ac8-4fda-aeb2-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/3243292e46a198bd83e0dce58258312852c99217187e6d5399066189feb2677b/analysis/1481019356/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905972-9cec-4c93-8366-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:30.000Z",
|
|
"modified": "2017-01-31T09:31:30.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 1ac624aaf6bbc2e3b966182888411f92797bd30b6fcce9f8a97648e64f13506f",
|
|
"pattern": "[file:hashes.SHA1 = 'bbf62325880e7f642183c91739d027a8db5c6daa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905973-06b0-47a5-a8ea-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:31.000Z",
|
|
"modified": "2017-01-31T09:31:31.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 1ac624aaf6bbc2e3b966182888411f92797bd30b6fcce9f8a97648e64f13506f",
|
|
"pattern": "[file:hashes.MD5 = 'a19d4ff89a3f699a6f8237a7905e80e1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905974-9624-41d1-87e3-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:32.000Z",
|
|
"modified": "2017-01-31T09:31:32.000Z",
|
|
"first_observed": "2017-01-31T09:31:32Z",
|
|
"last_observed": "2017-01-31T09:31:32Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905974-9624-41d1-87e3-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905974-9624-41d1-87e3-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/1ac624aaf6bbc2e3b966182888411f92797bd30b6fcce9f8a97648e64f13506f/analysis/1485838592/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905975-6638-469f-8886-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:33.000Z",
|
|
"modified": "2017-01-31T09:31:33.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: c885f09b10feb88d7d176fe1a01ed8b480deb42324d2bb825e96fe1408e2a35f",
|
|
"pattern": "[file:hashes.SHA1 = 'd43ed3d0bc9e1bdbefc5890edf5249c910eb893c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905976-abd8-4473-b0fe-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:34.000Z",
|
|
"modified": "2017-01-31T09:31:34.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: c885f09b10feb88d7d176fe1a01ed8b480deb42324d2bb825e96fe1408e2a35f",
|
|
"pattern": "[file:hashes.MD5 = '31cf042e91de7492c86e1ad02dc9eaec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905976-b5bc-44c3-9fd1-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:34.000Z",
|
|
"modified": "2017-01-31T09:31:34.000Z",
|
|
"first_observed": "2017-01-31T09:31:34Z",
|
|
"last_observed": "2017-01-31T09:31:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905976-b5bc-44c3-9fd1-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905976-b5bc-44c3-9fd1-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/c885f09b10feb88d7d176fe1a01ed8b480deb42324d2bb825e96fe1408e2a35f/analysis/1480614799/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905977-cc1c-452e-b7c5-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:35.000Z",
|
|
"modified": "2017-01-31T09:31:35.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 905f6a62749ca6f0fd33345d6a8b1831d87e9fd1f81a59cd3add82643b367693",
|
|
"pattern": "[file:hashes.SHA1 = '95754b66bb3fffdd02af0435a576c5136b6cb960']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905978-b0d8-4cfd-9355-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:36.000Z",
|
|
"modified": "2017-01-31T09:31:36.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 905f6a62749ca6f0fd33345d6a8b1831d87e9fd1f81a59cd3add82643b367693",
|
|
"pattern": "[file:hashes.MD5 = 'f06069365f1b15e7c21dd1a2fd360348']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905979-c8c8-4b86-b73f-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:37.000Z",
|
|
"modified": "2017-01-31T09:31:37.000Z",
|
|
"first_observed": "2017-01-31T09:31:37Z",
|
|
"last_observed": "2017-01-31T09:31:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905979-c8c8-4b86-b73f-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905979-c8c8-4b86-b73f-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/905f6a62749ca6f0fd33345d6a8b1831d87e9fd1f81a59cd3add82643b367693/analysis/1483401556/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890597a-d574-4e54-9945-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:38.000Z",
|
|
"modified": "2017-01-31T09:31:38.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: b8a3096a396c28462c0d168d97e28573e0e6d272bbc1dd2432e7effe098bd979",
|
|
"pattern": "[file:hashes.SHA1 = '858849757d2b0d28d6630d91aa0e4e05bd807c0d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890597a-bbcc-4753-a694-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:38.000Z",
|
|
"modified": "2017-01-31T09:31:38.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: b8a3096a396c28462c0d168d97e28573e0e6d272bbc1dd2432e7effe098bd979",
|
|
"pattern": "[file:hashes.MD5 = '0f91607ae7f795f037962d1c9eed7628']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890597b-c900-4297-9c13-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:39.000Z",
|
|
"modified": "2017-01-31T09:31:39.000Z",
|
|
"first_observed": "2017-01-31T09:31:39Z",
|
|
"last_observed": "2017-01-31T09:31:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890597b-c900-4297-9c13-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890597b-c900-4297-9c13-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/b8a3096a396c28462c0d168d97e28573e0e6d272bbc1dd2432e7effe098bd979/analysis/1475824403/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890597c-58e0-44c9-b6a1-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:40.000Z",
|
|
"modified": "2017-01-31T09:31:40.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 4dcf5bd2c7a5822831d9f22f46bd2369c4c9df17cc99eb29975b5e8ae7e88606",
|
|
"pattern": "[file:hashes.SHA1 = '861e85c3acb1ac13ffc80cb1c6dd9980095f31b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890597d-347c-47ad-8298-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:41.000Z",
|
|
"modified": "2017-01-31T09:31:41.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 4dcf5bd2c7a5822831d9f22f46bd2369c4c9df17cc99eb29975b5e8ae7e88606",
|
|
"pattern": "[file:hashes.MD5 = '83a2d91ac18193cc1745060612c5d8e7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890597d-b31c-4ec9-b2dc-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:41.000Z",
|
|
"modified": "2017-01-31T09:31:41.000Z",
|
|
"first_observed": "2017-01-31T09:31:41Z",
|
|
"last_observed": "2017-01-31T09:31:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890597d-b31c-4ec9-b2dc-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890597d-b31c-4ec9-b2dc-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/4dcf5bd2c7a5822831d9f22f46bd2369c4c9df17cc99eb29975b5e8ae7e88606/analysis/1475838278/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890597e-e6b0-41cc-9fe2-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:42.000Z",
|
|
"modified": "2017-01-31T09:31:42.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 75336b05443b94474434982fc53778d5e6e9e7fabaddae596af42a15fceb04e9",
|
|
"pattern": "[file:hashes.SHA1 = 'f2d6d83caa654bd7f2c75ca986182adecd5b8d0d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890597f-eb60-46be-b838-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:43.000Z",
|
|
"modified": "2017-01-31T09:31:43.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 75336b05443b94474434982fc53778d5e6e9e7fabaddae596af42a15fceb04e9",
|
|
"pattern": "[file:hashes.MD5 = '8c80d850100753f82d21f0a1d2abff93']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905980-f584-4e9b-b9f8-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:44.000Z",
|
|
"modified": "2017-01-31T09:31:44.000Z",
|
|
"first_observed": "2017-01-31T09:31:44Z",
|
|
"last_observed": "2017-01-31T09:31:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905980-f584-4e9b-b9f8-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905980-f584-4e9b-b9f8-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/75336b05443b94474434982fc53778d5e6e9e7fabaddae596af42a15fceb04e9/analysis/1449749710/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905981-6d84-48eb-8145-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:45.000Z",
|
|
"modified": "2017-01-31T09:31:45.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: e6e9f7b0449976537d9276192e5767c9909cd34df028a8bf1cac3dbe490f0e73",
|
|
"pattern": "[file:hashes.SHA1 = '060bd6535fe329d2943725aed23b82186e368501']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905982-54e4-4908-97b8-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:46.000Z",
|
|
"modified": "2017-01-31T09:31:46.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: e6e9f7b0449976537d9276192e5767c9909cd34df028a8bf1cac3dbe490f0e73",
|
|
"pattern": "[file:hashes.MD5 = '01dc06e8c987825776a43f1f7ef5e41a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905982-fd80-4920-97bf-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:46.000Z",
|
|
"modified": "2017-01-31T09:31:46.000Z",
|
|
"first_observed": "2017-01-31T09:31:46Z",
|
|
"last_observed": "2017-01-31T09:31:46Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905982-fd80-4920-97bf-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905982-fd80-4920-97bf-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/e6e9f7b0449976537d9276192e5767c9909cd34df028a8bf1cac3dbe490f0e73/analysis/1456835337/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905983-3424-4b95-8c32-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:47.000Z",
|
|
"modified": "2017-01-31T09:31:47.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: d3c710eaaf849598fa486823da42bdce03ea3c9421c3936e3330e98b34e4ef47",
|
|
"pattern": "[file:hashes.SHA1 = '7144e349e60edf5dc513dcaa9a89fd3e66cf2a71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905984-c4f8-47dc-be0b-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:48.000Z",
|
|
"modified": "2017-01-31T09:31:48.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: d3c710eaaf849598fa486823da42bdce03ea3c9421c3936e3330e98b34e4ef47",
|
|
"pattern": "[file:hashes.MD5 = 'e8be9843c372d280a506ac260567bf91']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905985-7fdc-47f0-9e15-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:49.000Z",
|
|
"modified": "2017-01-31T09:31:49.000Z",
|
|
"first_observed": "2017-01-31T09:31:49Z",
|
|
"last_observed": "2017-01-31T09:31:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905985-7fdc-47f0-9e15-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905985-7fdc-47f0-9e15-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/d3c710eaaf849598fa486823da42bdce03ea3c9421c3936e3330e98b34e4ef47/analysis/1469970796/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905985-ba08-4f1e-9713-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:49.000Z",
|
|
"modified": "2017-01-31T09:31:49.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 68ec3588735341566e9736b897aac06affb4a4808b05ceffb72384e77ea04b2c",
|
|
"pattern": "[file:hashes.SHA1 = '0c7d8b889b61d207506f851d5d63e3d40c99ddf2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905986-8b0c-43f5-bc56-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:50.000Z",
|
|
"modified": "2017-01-31T09:31:50.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 68ec3588735341566e9736b897aac06affb4a4808b05ceffb72384e77ea04b2c",
|
|
"pattern": "[file:hashes.MD5 = 'b3a472f81f800b32fe6595f44c9bf63b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905987-c354-4b28-bb19-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:51.000Z",
|
|
"modified": "2017-01-31T09:31:51.000Z",
|
|
"first_observed": "2017-01-31T09:31:51Z",
|
|
"last_observed": "2017-01-31T09:31:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905987-c354-4b28-bb19-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905987-c354-4b28-bb19-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/68ec3588735341566e9736b897aac06affb4a4808b05ceffb72384e77ea04b2c/analysis/1469749276/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905988-f2c0-466b-90f9-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:52.000Z",
|
|
"modified": "2017-01-31T09:31:52.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 118d0bd8ec35b925167c67217d2fe06ac021ce253f72d17f1093423b8f9b4a2b",
|
|
"pattern": "[file:hashes.SHA1 = '37ed7ca7ce895faf2ce2f1e41c6000b848ebc35a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905989-07c4-43a7-8486-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:53.000Z",
|
|
"modified": "2017-01-31T09:31:53.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 118d0bd8ec35b925167c67217d2fe06ac021ce253f72d17f1093423b8f9b4a2b",
|
|
"pattern": "[file:hashes.MD5 = '78845962f3006e3dbbc113afa8fff078']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890598a-a1fc-47b4-88b0-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:54.000Z",
|
|
"modified": "2017-01-31T09:31:54.000Z",
|
|
"first_observed": "2017-01-31T09:31:54Z",
|
|
"last_observed": "2017-01-31T09:31:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890598a-a1fc-47b4-88b0-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890598a-a1fc-47b4-88b0-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/118d0bd8ec35b925167c67217d2fe06ac021ce253f72d17f1093423b8f9b4a2b/analysis/1476199245/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890598a-6934-4f3a-8337-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:54.000Z",
|
|
"modified": "2017-01-31T09:31:54.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 704b19e0460a0fa7d952ba6feb5eadb9054895d1d753df72faf6f470446a0519",
|
|
"pattern": "[file:hashes.SHA1 = 'aa2ff0933766f738a3fe7ea63047b22bddfc4878']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890598b-538c-4870-9c65-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:55.000Z",
|
|
"modified": "2017-01-31T09:31:55.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 704b19e0460a0fa7d952ba6feb5eadb9054895d1d753df72faf6f470446a0519",
|
|
"pattern": "[file:hashes.MD5 = '763c02e8386d7b53bdf8531e70c88b89']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890598c-b048-4e9c-bdca-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:56.000Z",
|
|
"modified": "2017-01-31T09:31:56.000Z",
|
|
"first_observed": "2017-01-31T09:31:56Z",
|
|
"last_observed": "2017-01-31T09:31:56Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890598c-b048-4e9c-bdca-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890598c-b048-4e9c-bdca-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/704b19e0460a0fa7d952ba6feb5eadb9054895d1d753df72faf6f470446a0519/analysis/1465378490/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890598d-556c-46e9-93b7-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:57.000Z",
|
|
"modified": "2017-01-31T09:31:57.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 78aaed20914d3895708985aee089a464b31e11eb3b3e90b530dcebbe10e915ec",
|
|
"pattern": "[file:hashes.SHA1 = '7aaa35b77a859e5b00e6be73afcb1d54273b4cba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890598d-6ecc-4751-aa7c-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:57.000Z",
|
|
"modified": "2017-01-31T09:31:57.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 78aaed20914d3895708985aee089a464b31e11eb3b3e90b530dcebbe10e915ec",
|
|
"pattern": "[file:hashes.MD5 = 'cd7b2c95a70265cbb3356edeb4dd95cd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890598e-c640-4282-a68d-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:58.000Z",
|
|
"modified": "2017-01-31T09:31:58.000Z",
|
|
"first_observed": "2017-01-31T09:31:58Z",
|
|
"last_observed": "2017-01-31T09:31:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890598e-c640-4282-a68d-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890598e-c640-4282-a68d-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/78aaed20914d3895708985aee089a464b31e11eb3b3e90b530dcebbe10e915ec/analysis/1468898749/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890598f-7574-4842-8d63-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:31:59.000Z",
|
|
"modified": "2017-01-31T09:31:59.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: a149340f920888256902e28e4c5d8587fed3037682e875ed1fdf6a3213c50e92",
|
|
"pattern": "[file:hashes.SHA1 = '38f12bbc181d5321e8fc7ab70657348da9f0d4f1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:31:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905990-5fb8-41e8-9ab8-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:00.000Z",
|
|
"modified": "2017-01-31T09:32:00.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: a149340f920888256902e28e4c5d8587fed3037682e875ed1fdf6a3213c50e92",
|
|
"pattern": "[file:hashes.MD5 = '620bdbc1abb52ec6732af0a233d1550a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905991-77d8-4408-927d-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:01.000Z",
|
|
"modified": "2017-01-31T09:32:01.000Z",
|
|
"first_observed": "2017-01-31T09:32:01Z",
|
|
"last_observed": "2017-01-31T09:32:01Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905991-77d8-4408-927d-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905991-77d8-4408-927d-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/a149340f920888256902e28e4c5d8587fed3037682e875ed1fdf6a3213c50e92/analysis/1468558136/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905991-9a88-44dd-bb36-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:01.000Z",
|
|
"modified": "2017-01-31T09:32:01.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 8ca99455d244fab2701beb5127f94745154e03ac1231a58f8bd2cd01732a341b",
|
|
"pattern": "[file:hashes.SHA1 = '63034cecb432f84535939dbed39abcea63ab223b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905992-eb24-43de-b792-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:02.000Z",
|
|
"modified": "2017-01-31T09:32:02.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 8ca99455d244fab2701beb5127f94745154e03ac1231a58f8bd2cd01732a341b",
|
|
"pattern": "[file:hashes.MD5 = '5e90df83e3b0d893ed806d857d53b4b4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905993-e9c0-44f8-8715-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:03.000Z",
|
|
"modified": "2017-01-31T09:32:03.000Z",
|
|
"first_observed": "2017-01-31T09:32:03Z",
|
|
"last_observed": "2017-01-31T09:32:03Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905993-e9c0-44f8-8715-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905993-e9c0-44f8-8715-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/8ca99455d244fab2701beb5127f94745154e03ac1231a58f8bd2cd01732a341b/analysis/1476349000/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905994-4a58-4648-9e70-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:04.000Z",
|
|
"modified": "2017-01-31T09:32:04.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 8ac7138215b2500d0737b483b9194419c0e0248014147e84f43b1e2b409184cf",
|
|
"pattern": "[file:hashes.SHA1 = '10d92798cb42f55dbb72bc3baf4726fb4503bd1e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905995-3c50-49dc-a165-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:05.000Z",
|
|
"modified": "2017-01-31T09:32:05.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 8ac7138215b2500d0737b483b9194419c0e0248014147e84f43b1e2b409184cf",
|
|
"pattern": "[file:hashes.MD5 = '838696872f924d28b08aaaa67388202e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905995-db6c-4eff-98c3-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:05.000Z",
|
|
"modified": "2017-01-31T09:32:05.000Z",
|
|
"first_observed": "2017-01-31T09:32:05Z",
|
|
"last_observed": "2017-01-31T09:32:05Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905995-db6c-4eff-98c3-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905995-db6c-4eff-98c3-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/8ac7138215b2500d0737b483b9194419c0e0248014147e84f43b1e2b409184cf/analysis/1469971028/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905996-b0a8-42dc-bca4-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:06.000Z",
|
|
"modified": "2017-01-31T09:32:06.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 0d1aa670df8ae1379d6997c9dc8b40c893ee395c3d45b84c2ad1732e86973143",
|
|
"pattern": "[file:hashes.SHA1 = 'dc8b3efda3f4ce9baf9170f75f949a3731ba1fff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905997-52c4-4b8b-a09a-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:07.000Z",
|
|
"modified": "2017-01-31T09:32:07.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 0d1aa670df8ae1379d6997c9dc8b40c893ee395c3d45b84c2ad1732e86973143",
|
|
"pattern": "[file:hashes.MD5 = '62df4bc3738be5ad4892200a1dc6b59a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58905998-d31c-4623-b4bb-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:08.000Z",
|
|
"modified": "2017-01-31T09:32:08.000Z",
|
|
"first_observed": "2017-01-31T09:32:08Z",
|
|
"last_observed": "2017-01-31T09:32:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58905998-d31c-4623-b4bb-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58905998-d31c-4623-b4bb-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/0d1aa670df8ae1379d6997c9dc8b40c893ee395c3d45b84c2ad1732e86973143/analysis/1469970870/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905998-50e4-4051-9268-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:08.000Z",
|
|
"modified": "2017-01-31T09:32:08.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 0e41c3611da6e3a2b0dd0d43b9ce0b3f3405472efa5760767719cc82692afb7b",
|
|
"pattern": "[file:hashes.SHA1 = '0b0e72d469c3fabca49e68993cf151cf3a3229db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58905999-6298-49cc-89e3-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:09.000Z",
|
|
"modified": "2017-01-31T09:32:09.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 0e41c3611da6e3a2b0dd0d43b9ce0b3f3405472efa5760767719cc82692afb7b",
|
|
"pattern": "[file:hashes.MD5 = 'c7b8701ba93a7d92c4519ea6fc5b4468']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890599a-00bc-49d1-acd4-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:10.000Z",
|
|
"modified": "2017-01-31T09:32:10.000Z",
|
|
"first_observed": "2017-01-31T09:32:10Z",
|
|
"last_observed": "2017-01-31T09:32:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890599a-00bc-49d1-acd4-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890599a-00bc-49d1-acd4-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/0e41c3611da6e3a2b0dd0d43b9ce0b3f3405472efa5760767719cc82692afb7b/analysis/1483546809/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890599b-7dcc-423e-8d02-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:11.000Z",
|
|
"modified": "2017-01-31T09:32:11.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 39bdeaded0f919caa6697ae1ae4953de1c7afa79905939dbbd8c647a84f6cd07",
|
|
"pattern": "[file:hashes.SHA1 = 'd3eaff2d3b3e7f93ede7b4c1a784e9baabe24184']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890599c-ecf8-4c1f-aa83-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:12.000Z",
|
|
"modified": "2017-01-31T09:32:12.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 39bdeaded0f919caa6697ae1ae4953de1c7afa79905939dbbd8c647a84f6cd07",
|
|
"pattern": "[file:hashes.MD5 = '420b6b04e23c8f1cfd45acd2ec020ebf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890599d-eee0-4351-8e68-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:13.000Z",
|
|
"modified": "2017-01-31T09:32:13.000Z",
|
|
"first_observed": "2017-01-31T09:32:13Z",
|
|
"last_observed": "2017-01-31T09:32:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890599d-eee0-4351-8e68-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890599d-eee0-4351-8e68-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/39bdeaded0f919caa6697ae1ae4953de1c7afa79905939dbbd8c647a84f6cd07/analysis/1469970967/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890599d-1544-4414-b1bc-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:13.000Z",
|
|
"modified": "2017-01-31T09:32:13.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 9a8d73cb7069832b9523c55224ae4153ea529ecc50392fef59da5b5d1db1c740",
|
|
"pattern": "[file:hashes.SHA1 = '203fbc7ab159fe13ea247724e287a18ed5da4b90']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5890599e-c930-4287-be17-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:14.000Z",
|
|
"modified": "2017-01-31T09:32:14.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 9a8d73cb7069832b9523c55224ae4153ea529ecc50392fef59da5b5d1db1c740",
|
|
"pattern": "[file:hashes.MD5 = '7313bd35cd5d12f8bf9acf18dfb50717']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5890599f-e550-4cbf-bd84-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:15.000Z",
|
|
"modified": "2017-01-31T09:32:15.000Z",
|
|
"first_observed": "2017-01-31T09:32:15Z",
|
|
"last_observed": "2017-01-31T09:32:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5890599f-e550-4cbf-bd84-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5890599f-e550-4cbf-bd84-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/9a8d73cb7069832b9523c55224ae4153ea529ecc50392fef59da5b5d1db1c740/analysis/1484042845/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589059a0-9bc4-4eee-a745-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:16.000Z",
|
|
"modified": "2017-01-31T09:32:16.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 55a7ca1e5ed2d74c7eb6ab6a985c1d369157a91275f575967aefb7ddb3388e0c",
|
|
"pattern": "[file:hashes.SHA1 = '500db08edd1b32c92e64bf37b93d371d845c6076']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589059a0-2654-4ce9-b231-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:16.000Z",
|
|
"modified": "2017-01-31T09:32:16.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 55a7ca1e5ed2d74c7eb6ab6a985c1d369157a91275f575967aefb7ddb3388e0c",
|
|
"pattern": "[file:hashes.MD5 = 'd42a9cba531c2655cbf588d1b7b618f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589059a1-ba58-49e8-92b7-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:17.000Z",
|
|
"modified": "2017-01-31T09:32:17.000Z",
|
|
"first_observed": "2017-01-31T09:32:17Z",
|
|
"last_observed": "2017-01-31T09:32:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589059a1-ba58-49e8-92b7-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589059a1-ba58-49e8-92b7-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/55a7ca1e5ed2d74c7eb6ab6a985c1d369157a91275f575967aefb7ddb3388e0c/analysis/1469176311/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589059a2-5f64-4b80-841b-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:18.000Z",
|
|
"modified": "2017-01-31T09:32:18.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: b66e5af52fd4d802f64788692b3eafe6b5ff61cea09c06a237a96b6cdb90b41a",
|
|
"pattern": "[file:hashes.SHA1 = '15e7277c15d0fb06903266d12133bcebacdfeca3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589059a3-83b8-4a86-813f-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:19.000Z",
|
|
"modified": "2017-01-31T09:32:19.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: b66e5af52fd4d802f64788692b3eafe6b5ff61cea09c06a237a96b6cdb90b41a",
|
|
"pattern": "[file:hashes.MD5 = '2a1c8afe4021a535a2ebf47c2c5eb66d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589059a4-53c0-4602-9c23-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:20.000Z",
|
|
"modified": "2017-01-31T09:32:20.000Z",
|
|
"first_observed": "2017-01-31T09:32:20Z",
|
|
"last_observed": "2017-01-31T09:32:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589059a4-53c0-4602-9c23-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589059a4-53c0-4602-9c23-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/b66e5af52fd4d802f64788692b3eafe6b5ff61cea09c06a237a96b6cdb90b41a/analysis/1462525730/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589059a4-bc10-435a-ba4f-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:20.000Z",
|
|
"modified": "2017-01-31T09:32:20.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 15abd32342e87455b73f1e2ecf9ab10331600eb4eae54e1dfc25ba2f9d8c2e8a",
|
|
"pattern": "[file:hashes.SHA1 = '058cc0d640de7dccfcca71b0cdbd4fa6ddb31543']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589059a5-1e8c-4182-9f80-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:21.000Z",
|
|
"modified": "2017-01-31T09:32:21.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 15abd32342e87455b73f1e2ecf9ab10331600eb4eae54e1dfc25ba2f9d8c2e8a",
|
|
"pattern": "[file:hashes.MD5 = '55d33d9da371fdfe7871f2479621444a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589059a6-4200-460c-a327-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:22.000Z",
|
|
"modified": "2017-01-31T09:32:22.000Z",
|
|
"first_observed": "2017-01-31T09:32:22Z",
|
|
"last_observed": "2017-01-31T09:32:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589059a6-4200-460c-a327-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589059a6-4200-460c-a327-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/15abd32342e87455b73f1e2ecf9ab10331600eb4eae54e1dfc25ba2f9d8c2e8a/analysis/1466462153/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589059a7-1b7c-4b65-8d48-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:23.000Z",
|
|
"modified": "2017-01-31T09:32:23.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 0d235478ae9cc87b7b907181ccd151b618d74955716ba2dbc40a74dc1cdfc4aa",
|
|
"pattern": "[file:hashes.SHA1 = 'b07bc4bbaafe79c48af896f31118bf335b1eabaa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589059a8-6b94-4bc9-ac63-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:24.000Z",
|
|
"modified": "2017-01-31T09:32:24.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: 0d235478ae9cc87b7b907181ccd151b618d74955716ba2dbc40a74dc1cdfc4aa",
|
|
"pattern": "[file:hashes.MD5 = '5472d0554a0188c0ecebd065eddb9485']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589059a8-f948-4c88-ad13-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:24.000Z",
|
|
"modified": "2017-01-31T09:32:24.000Z",
|
|
"first_observed": "2017-01-31T09:32:24Z",
|
|
"last_observed": "2017-01-31T09:32:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589059a8-f948-4c88-ad13-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589059a8-f948-4c88-ad13-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/0d235478ae9cc87b7b907181ccd151b618d74955716ba2dbc40a74dc1cdfc4aa/analysis/1477369911/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589059a9-65b4-4400-a351-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:25.000Z",
|
|
"modified": "2017-01-31T09:32:25.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f19bc664558177b7269f52edcec74ecdb38ed2ab9e706b68d9cbb3a53c243dec",
|
|
"pattern": "[file:hashes.SHA1 = 'a1e5f4762b9ddf7bc91ba543cc571a92771f0078']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--589059aa-9bf4-496d-a95d-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:26.000Z",
|
|
"modified": "2017-01-31T09:32:26.000Z",
|
|
"description": "Quasar & Downeks - Xchecked via VT: f19bc664558177b7269f52edcec74ecdb38ed2ab9e706b68d9cbb3a53c243dec",
|
|
"pattern": "[file:hashes.MD5 = '74bf0958143fe6bdfe599f25fca4578c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-31T09:32:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--589059ab-140c-4b50-8c90-e59502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-31T09:32:27.000Z",
|
|
"modified": "2017-01-31T09:32:27.000Z",
|
|
"first_observed": "2017-01-31T09:32:27Z",
|
|
"last_observed": "2017-01-31T09:32:27Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--589059ab-140c-4b50-8c90-e59502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--589059ab-140c-4b50-8c90-e59502de0b81",
|
|
"value": "https://www.virustotal.com/file/f19bc664558177b7269f52edcec74ecdb38ed2ab9e706b68d9cbb3a53c243dec/analysis/1477440717/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |