6576 lines
No EOL
280 KiB
JSON
6576 lines
No EOL
280 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--58fefb2d-e400-463e-b0ae-4a6a950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-26T13:31:40.000Z",
|
|
"modified": "2017-04-26T13:31:40.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--58fefb2d-e400-463e-b0ae-4a6a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-26T13:31:40.000Z",
|
|
"modified": "2017-04-26T13:31:40.000Z",
|
|
"name": "OSINT - Threat Spotlight: Mighty Morphin Malware Purveyors: Locky Returns Via Necurs",
|
|
"published": "2017-04-26T16:01:25Z",
|
|
"object_refs": [
|
|
"x-misp-attribute--58fefb5d-8358-4eb4-bd8b-2ffa950d210f",
|
|
"observed-data--58fefb6e-585c-4581-9665-49b3950d210f",
|
|
"url--58fefb6e-585c-4581-9665-49b3950d210f",
|
|
"indicator--58fefc06-a394-40c4-985c-8da3950d210f",
|
|
"indicator--58fefc06-93f4-4587-8f64-8da3950d210f",
|
|
"indicator--58fefc07-a8e4-4bba-840f-8da3950d210f",
|
|
"indicator--58fefc07-273c-4f0c-a0fe-8da3950d210f",
|
|
"indicator--58fefc07-f290-464c-9181-8da3950d210f",
|
|
"indicator--58fefc08-ea90-456d-a531-8da3950d210f",
|
|
"indicator--58fefc08-470c-407c-a3ac-8da3950d210f",
|
|
"indicator--58fefc09-88e8-4927-aa9e-8da3950d210f",
|
|
"indicator--58fefc09-61a8-4a71-8e1b-8da3950d210f",
|
|
"indicator--58fefc09-f818-4ea2-bdb6-8da3950d210f",
|
|
"indicator--58fefc0a-478c-4ca7-b137-8da3950d210f",
|
|
"indicator--58fefc0a-14f8-44c2-bc0a-8da3950d210f",
|
|
"indicator--58fefc0b-d9b8-4a72-a12c-8da3950d210f",
|
|
"indicator--58fefc0b-ccfc-48cf-b0a9-8da3950d210f",
|
|
"indicator--58fefc0b-c538-4ffc-8275-8da3950d210f",
|
|
"indicator--58fefc0c-bae0-4154-a623-8da3950d210f",
|
|
"indicator--58fefc0c-01ac-4be3-9693-8da3950d210f",
|
|
"indicator--58fefc0d-8bd8-467e-9d47-8da3950d210f",
|
|
"indicator--58fefc0d-ef30-494c-8a90-8da3950d210f",
|
|
"indicator--58fefc0d-eb7c-4e3b-ae75-8da3950d210f",
|
|
"indicator--58fefc0e-b98c-4906-afbd-8da3950d210f",
|
|
"indicator--58fefc0e-c70c-4589-b5c9-8da3950d210f",
|
|
"indicator--58fefc0f-1340-4de5-abf6-8da3950d210f",
|
|
"indicator--58fefc0f-d544-47f7-bb4b-8da3950d210f",
|
|
"indicator--58fefc0f-b94c-4ebe-a9f4-8da3950d210f",
|
|
"indicator--58fefc10-fc68-42aa-b923-8da3950d210f",
|
|
"indicator--58fefc10-7f14-4231-9a94-8da3950d210f",
|
|
"indicator--58fefc10-5590-48c5-a3b9-8da3950d210f",
|
|
"indicator--58fefc11-0984-4af8-930f-8da3950d210f",
|
|
"indicator--58fefc11-f66c-47f8-b5cc-8da3950d210f",
|
|
"indicator--58fefc12-d9bc-4bd0-baf1-8da3950d210f",
|
|
"indicator--58fefc12-d574-41dc-9e37-8da3950d210f",
|
|
"indicator--58fefc13-5530-43c2-affb-8da3950d210f",
|
|
"indicator--58fefc47-f3c4-479b-bed1-459e950d210f",
|
|
"indicator--58fefc47-4440-4d53-8a12-485d950d210f",
|
|
"indicator--58fefc47-61b0-42b2-9ad2-4ffb950d210f",
|
|
"indicator--58fefc48-75f8-4203-a984-4a1c950d210f",
|
|
"indicator--58fefc48-0080-4d8d-820c-47f8950d210f",
|
|
"indicator--58fefc49-ce60-40bf-acfe-4a92950d210f",
|
|
"indicator--58fefc49-d768-4a57-9dd5-447d950d210f",
|
|
"indicator--58fefc49-7c24-4632-8492-4156950d210f",
|
|
"indicator--58fefc4a-86f4-4af1-9d61-45c9950d210f",
|
|
"indicator--58fefc4a-a7a8-43c0-aebb-48c0950d210f",
|
|
"indicator--58fefc4b-4f3c-44ef-b0c6-4bdc950d210f",
|
|
"indicator--58fefc4b-e010-472c-8d8a-4be1950d210f",
|
|
"indicator--58fefc4b-8148-4811-82d7-49e4950d210f",
|
|
"indicator--58fefc4c-5b60-4765-9610-422c950d210f",
|
|
"indicator--58fefc4c-7bb4-4b0d-a770-496f950d210f",
|
|
"indicator--58fefc4d-83a4-439b-9b45-45d8950d210f",
|
|
"indicator--58fefc4d-96c8-4651-9537-429a950d210f",
|
|
"indicator--58fefc4d-90b8-4caa-a5a9-4762950d210f",
|
|
"indicator--58fefc4e-f7f4-477c-b6dc-405c950d210f",
|
|
"indicator--58fefc4e-d0ec-470a-9ae0-4c1d950d210f",
|
|
"indicator--58fefc4f-a558-4400-80fc-4b62950d210f",
|
|
"indicator--58fefc4f-4764-4acf-8a00-4579950d210f",
|
|
"indicator--58fefc4f-f8e0-4de2-b74b-42eb950d210f",
|
|
"indicator--58fefc50-dcf4-47de-ba7d-46fa950d210f",
|
|
"indicator--58fefc50-23bc-4b8c-a0ce-47d8950d210f",
|
|
"indicator--58fefc51-3ca4-4c4a-ba89-4f16950d210f",
|
|
"indicator--58fefc51-6ab0-4aed-bd67-465f950d210f",
|
|
"indicator--58fefc51-52c0-4dff-a5b9-4e82950d210f",
|
|
"indicator--58fefc52-1d98-48be-92d2-442d950d210f",
|
|
"indicator--58fefc52-07f8-4550-bb8c-4dd3950d210f",
|
|
"indicator--58fefc53-f520-46c1-8398-4b48950d210f",
|
|
"indicator--58fefc53-9f8c-4839-ae8b-48df950d210f",
|
|
"indicator--58fefc53-8a24-485b-9b98-4ba5950d210f",
|
|
"indicator--58fefc54-7ad0-405b-bb86-4e25950d210f",
|
|
"indicator--58fefc54-2550-4d4e-bb50-432f950d210f",
|
|
"indicator--58fefc55-15b8-42c8-83a9-4a24950d210f",
|
|
"indicator--58fefc55-0300-4366-9323-46cb950d210f",
|
|
"indicator--58fefc55-8160-48c7-94cb-427a950d210f",
|
|
"indicator--58ff1fd2-5b10-4339-8b0b-42e502de0b81",
|
|
"indicator--58ff1fd3-daf0-4f7b-b452-4da502de0b81",
|
|
"observed-data--58ff1fd3-7848-4092-92a2-489a02de0b81",
|
|
"url--58ff1fd3-7848-4092-92a2-489a02de0b81",
|
|
"indicator--58ff1fd4-b778-407c-8455-4b6f02de0b81",
|
|
"indicator--58ff1fd4-ec8c-4d98-9800-41d702de0b81",
|
|
"observed-data--58ff1fd4-7688-4e40-a979-441602de0b81",
|
|
"url--58ff1fd4-7688-4e40-a979-441602de0b81",
|
|
"indicator--58ff1fd5-b3b8-4fc6-a3e7-458402de0b81",
|
|
"indicator--58ff1fd5-fe60-480c-8850-4cef02de0b81",
|
|
"observed-data--58ff1fd6-3de8-48ee-a74c-442202de0b81",
|
|
"url--58ff1fd6-3de8-48ee-a74c-442202de0b81",
|
|
"indicator--58ff1fd6-d634-4792-a44e-406202de0b81",
|
|
"indicator--58ff1fd7-1200-4f16-b2f8-453802de0b81",
|
|
"observed-data--58ff1fd7-cff4-48f9-a2b1-4dc902de0b81",
|
|
"url--58ff1fd7-cff4-48f9-a2b1-4dc902de0b81",
|
|
"indicator--58ff1fd8-a6c0-43d0-8d16-451602de0b81",
|
|
"indicator--58ff1fd8-f1d8-48d2-a856-4af202de0b81",
|
|
"observed-data--58ff1fd9-19dc-40a4-a45a-406302de0b81",
|
|
"url--58ff1fd9-19dc-40a4-a45a-406302de0b81",
|
|
"indicator--58ff1fd9-da2c-4bfe-baf2-460402de0b81",
|
|
"indicator--58ff1fda-228c-4a7d-9f14-44e802de0b81",
|
|
"observed-data--58ff1fda-c950-47b8-94c8-4b2902de0b81",
|
|
"url--58ff1fda-c950-47b8-94c8-4b2902de0b81",
|
|
"indicator--58ff1fdb-9a90-472a-9909-4a8602de0b81",
|
|
"indicator--58ff1fdb-c754-4829-a6b1-431902de0b81",
|
|
"observed-data--58ff1fdc-cf60-48fb-a240-4ddb02de0b81",
|
|
"url--58ff1fdc-cf60-48fb-a240-4ddb02de0b81",
|
|
"indicator--58ff1fdc-7aa4-45a8-bb15-48e202de0b81",
|
|
"indicator--58ff1fdd-4354-4230-927c-497c02de0b81",
|
|
"observed-data--58ff1fdd-5594-40fb-8817-416102de0b81",
|
|
"url--58ff1fdd-5594-40fb-8817-416102de0b81",
|
|
"indicator--58ff1fde-6e78-4011-82d0-473702de0b81",
|
|
"indicator--58ff1fde-9284-4dc8-bc22-46f802de0b81",
|
|
"observed-data--58ff1fdf-e97c-4c1d-80a6-4a3202de0b81",
|
|
"url--58ff1fdf-e97c-4c1d-80a6-4a3202de0b81",
|
|
"indicator--58ff1fe0-5530-442a-986a-43ea02de0b81",
|
|
"indicator--58ff1fe0-f890-46fd-8104-4b8b02de0b81",
|
|
"observed-data--58ff1fe1-7ee4-4534-bd7e-40c102de0b81",
|
|
"url--58ff1fe1-7ee4-4534-bd7e-40c102de0b81",
|
|
"indicator--58ff1fe1-c9b4-4355-9888-483302de0b81",
|
|
"indicator--58ff1fe2-58f4-4a4c-8d7e-458d02de0b81",
|
|
"observed-data--58ff1fe2-2f04-4776-b06b-465402de0b81",
|
|
"url--58ff1fe2-2f04-4776-b06b-465402de0b81",
|
|
"indicator--58ff1fe3-02bc-4103-a908-489202de0b81",
|
|
"indicator--58ff1fe3-1270-4ce4-8861-4dca02de0b81",
|
|
"observed-data--58ff1fe4-04f0-4be4-9824-499802de0b81",
|
|
"url--58ff1fe4-04f0-4be4-9824-499802de0b81",
|
|
"indicator--58ff1fe4-369c-4393-b8ab-459402de0b81",
|
|
"indicator--58ff1fe5-cbc4-4a7a-b24f-459002de0b81",
|
|
"observed-data--58ff1fe5-9398-4dea-8e53-481c02de0b81",
|
|
"url--58ff1fe5-9398-4dea-8e53-481c02de0b81",
|
|
"indicator--58ff1fe6-35fc-4c69-8cc6-4a8802de0b81",
|
|
"indicator--58ff1fe6-54d8-4682-b657-461302de0b81",
|
|
"observed-data--58ff1fe7-8b98-40f7-93dc-4f0e02de0b81",
|
|
"url--58ff1fe7-8b98-40f7-93dc-4f0e02de0b81",
|
|
"indicator--58ff1fe7-785c-4271-828a-43da02de0b81",
|
|
"indicator--58ff1fe8-2ef8-456b-b98a-4e3b02de0b81",
|
|
"observed-data--58ff1fe8-fe34-4629-ade3-456c02de0b81",
|
|
"url--58ff1fe8-fe34-4629-ade3-456c02de0b81",
|
|
"indicator--58ff1fe9-88fc-4072-9667-41c402de0b81",
|
|
"indicator--58ff1fe9-7c64-46d9-a499-4abd02de0b81",
|
|
"observed-data--58ff1fea-d6e4-442f-9a13-4cb702de0b81",
|
|
"url--58ff1fea-d6e4-442f-9a13-4cb702de0b81",
|
|
"indicator--58ff1fea-ea84-40ce-b340-4f9702de0b81",
|
|
"indicator--58ff1feb-3908-4077-8bcc-485c02de0b81",
|
|
"observed-data--58ff1feb-8514-4efa-b58f-496902de0b81",
|
|
"url--58ff1feb-8514-4efa-b58f-496902de0b81",
|
|
"indicator--58ff1fec-f734-48c8-8f0e-424302de0b81",
|
|
"indicator--58ff1fec-134c-46d7-8dd3-473a02de0b81",
|
|
"observed-data--58ff1fed-c230-466c-8701-476302de0b81",
|
|
"url--58ff1fed-c230-466c-8701-476302de0b81",
|
|
"indicator--58ff1fed-fec8-4bd3-bdec-424702de0b81",
|
|
"indicator--58ff1fee-bf00-43d2-9ac4-4d6802de0b81",
|
|
"observed-data--58ff1fee-02d4-452c-b149-480d02de0b81",
|
|
"url--58ff1fee-02d4-452c-b149-480d02de0b81",
|
|
"indicator--58ff1fef-e170-4de9-bcab-46ea02de0b81",
|
|
"indicator--58ff1fef-a324-40e9-be41-451202de0b81",
|
|
"observed-data--58ff1ff0-8618-4d4f-b892-4e2202de0b81",
|
|
"url--58ff1ff0-8618-4d4f-b892-4e2202de0b81",
|
|
"indicator--58ff1ff0-4270-47f9-a246-49ba02de0b81",
|
|
"indicator--58ff1ff1-286c-414d-8a5a-449802de0b81",
|
|
"observed-data--58ff1ff1-1a84-47d6-b75e-4b6402de0b81",
|
|
"url--58ff1ff1-1a84-47d6-b75e-4b6402de0b81",
|
|
"indicator--58ff1ff2-67d8-4aca-b962-42a702de0b81",
|
|
"indicator--58ff1ff2-bc5c-4c06-a7e5-400c02de0b81",
|
|
"observed-data--58ff1ff3-1ad8-4cf8-8e60-434d02de0b81",
|
|
"url--58ff1ff3-1ad8-4cf8-8e60-434d02de0b81",
|
|
"indicator--58ff1ff3-c0a0-4727-be1c-493802de0b81",
|
|
"indicator--58ff1ff4-177c-4c63-8707-4b3102de0b81",
|
|
"observed-data--58ff1ff4-caa0-453d-a1fe-494602de0b81",
|
|
"url--58ff1ff4-caa0-453d-a1fe-494602de0b81",
|
|
"indicator--58ff1ff5-c350-40d1-bd62-41db02de0b81",
|
|
"indicator--58ff1ff5-7288-4c65-9107-4e2002de0b81",
|
|
"observed-data--58ff1ff5-4634-4d00-a8a4-487502de0b81",
|
|
"url--58ff1ff5-4634-4d00-a8a4-487502de0b81",
|
|
"indicator--58ff1ff6-4060-4a48-bf48-4c5d02de0b81",
|
|
"indicator--58ff1ff6-e370-414b-bc85-4a6102de0b81",
|
|
"observed-data--58ff1ff7-c94c-4b61-8bf0-4c8e02de0b81",
|
|
"url--58ff1ff7-c94c-4b61-8bf0-4c8e02de0b81",
|
|
"indicator--58ff1ff7-a780-4cf8-8838-4f5502de0b81",
|
|
"indicator--58ff1ff8-294c-4c29-aff6-4cae02de0b81",
|
|
"observed-data--58ff1ff8-68ec-4af0-b56e-438102de0b81",
|
|
"url--58ff1ff8-68ec-4af0-b56e-438102de0b81",
|
|
"indicator--58ff1ff9-e818-4bdb-acc5-451302de0b81",
|
|
"indicator--58ff1ff9-44a0-4428-ad20-40fa02de0b81",
|
|
"observed-data--58ff1ffa-7ce4-492a-b89c-4b4f02de0b81",
|
|
"url--58ff1ffa-7ce4-492a-b89c-4b4f02de0b81",
|
|
"indicator--58ff1ffa-c148-4a75-919a-4b2d02de0b81",
|
|
"indicator--58ff1ffb-5364-4610-beff-490002de0b81",
|
|
"observed-data--58ff1ffb-678c-407b-9a83-432702de0b81",
|
|
"url--58ff1ffb-678c-407b-9a83-432702de0b81",
|
|
"indicator--58ff1ffc-2d08-4287-87c7-4b4602de0b81",
|
|
"indicator--58ff1ffc-2504-4b28-88a9-444e02de0b81",
|
|
"observed-data--58ff1ffd-4854-467a-80be-4da402de0b81",
|
|
"url--58ff1ffd-4854-467a-80be-4da402de0b81",
|
|
"indicator--58ff1ffd-a204-499f-bd02-4eb702de0b81",
|
|
"indicator--58ff1ffe-a7f0-49da-974b-437f02de0b81",
|
|
"observed-data--58ff1ffe-5f40-4934-a99f-45f502de0b81",
|
|
"url--58ff1ffe-5f40-4934-a99f-45f502de0b81",
|
|
"indicator--58ff1fff-1848-4f2f-a389-4b0d02de0b81",
|
|
"indicator--58ff1fff-12fc-4d3e-af6f-480902de0b81",
|
|
"observed-data--58ff2000-6988-4272-998e-42cc02de0b81",
|
|
"url--58ff2000-6988-4272-998e-42cc02de0b81",
|
|
"indicator--58ff2000-6a14-4740-a258-450702de0b81",
|
|
"indicator--58ff2001-4a08-4631-b4f2-45ed02de0b81",
|
|
"observed-data--58ff2001-ee0c-4514-a2a9-4f1402de0b81",
|
|
"url--58ff2001-ee0c-4514-a2a9-4f1402de0b81",
|
|
"indicator--58ff2002-70f4-4fb3-95d9-430702de0b81",
|
|
"indicator--58ff2002-8988-4ca4-b9a6-400a02de0b81",
|
|
"observed-data--58ff2003-7364-402e-9a78-468902de0b81",
|
|
"url--58ff2003-7364-402e-9a78-468902de0b81",
|
|
"indicator--58ff2003-ec04-4822-8349-468b02de0b81",
|
|
"indicator--58ff2004-1a80-43ab-8860-4fb502de0b81",
|
|
"observed-data--58ff2004-99b4-49e1-a6ba-479502de0b81",
|
|
"url--58ff2004-99b4-49e1-a6ba-479502de0b81",
|
|
"indicator--58ff2005-25e0-4413-be6b-4cc602de0b81",
|
|
"indicator--58ff2005-feb8-4341-b3c1-45d502de0b81",
|
|
"observed-data--58ff2006-d59c-43c3-acae-4e0f02de0b81",
|
|
"url--58ff2006-d59c-43c3-acae-4e0f02de0b81",
|
|
"indicator--58ff2006-299c-489e-b251-45d102de0b81",
|
|
"indicator--58ff2007-2244-435b-b7a9-4e6e02de0b81",
|
|
"observed-data--58ff2007-6e4c-4054-879a-457c02de0b81",
|
|
"url--58ff2007-6e4c-4054-879a-457c02de0b81",
|
|
"indicator--58ff2008-b870-43ea-ace8-4ab702de0b81",
|
|
"indicator--58ff2008-8de4-4f63-8ed2-480202de0b81",
|
|
"observed-data--58ff2009-bd3c-42fa-a8eb-4c5102de0b81",
|
|
"url--58ff2009-bd3c-42fa-a8eb-4c5102de0b81",
|
|
"indicator--58ff200a-2624-47ca-bd74-406302de0b81",
|
|
"indicator--58ff200a-ae28-423e-95d0-4f6202de0b81",
|
|
"observed-data--58ff200b-1f88-4f2c-85c4-45a602de0b81",
|
|
"url--58ff200b-1f88-4f2c-85c4-45a602de0b81",
|
|
"indicator--58ff200b-08a0-4c09-8744-410302de0b81",
|
|
"indicator--58ff200c-5934-4c74-aecb-4b5402de0b81",
|
|
"observed-data--58ff200c-e008-4695-b091-449202de0b81",
|
|
"url--58ff200c-e008-4695-b091-449202de0b81",
|
|
"indicator--58ff200d-8fa4-4024-b2e0-485702de0b81",
|
|
"indicator--58ff200d-a404-4231-9116-4c1802de0b81",
|
|
"observed-data--58ff200e-c174-44d1-b042-497e02de0b81",
|
|
"url--58ff200e-c174-44d1-b042-497e02de0b81",
|
|
"indicator--58ff200e-0bc8-4250-9757-445702de0b81",
|
|
"indicator--58ff200f-bf6c-4849-a1b9-4b6a02de0b81",
|
|
"observed-data--58ff200f-e4d4-4e01-a31f-410f02de0b81",
|
|
"url--58ff200f-e4d4-4e01-a31f-410f02de0b81",
|
|
"indicator--58ff2010-bd88-4a7a-8020-432702de0b81",
|
|
"indicator--58ff2010-e274-4e96-a476-4a6402de0b81",
|
|
"observed-data--58ff2011-ab44-40ed-8e43-4d8f02de0b81",
|
|
"url--58ff2011-ab44-40ed-8e43-4d8f02de0b81",
|
|
"indicator--58ff2011-6870-49f3-b722-4f8b02de0b81",
|
|
"indicator--58ff2012-9ddc-45f9-9a48-4ab502de0b81",
|
|
"observed-data--58ff2012-450c-47bc-8d83-4b1902de0b81",
|
|
"url--58ff2012-450c-47bc-8d83-4b1902de0b81",
|
|
"indicator--58ff2013-db1c-4ad3-86ff-4bb702de0b81",
|
|
"indicator--58ff2013-ce08-424e-a1e4-43cb02de0b81",
|
|
"observed-data--58ff2014-9ec8-4a89-82b0-4f1902de0b81",
|
|
"url--58ff2014-9ec8-4a89-82b0-4f1902de0b81",
|
|
"indicator--58ff2014-d0d0-4692-8011-46d102de0b81",
|
|
"indicator--58ff2015-6638-4069-adb6-448302de0b81",
|
|
"observed-data--58ff2015-2194-407d-9eea-450a02de0b81",
|
|
"url--58ff2015-2194-407d-9eea-450a02de0b81",
|
|
"indicator--58ff2016-8320-4d40-93ae-4ddb02de0b81",
|
|
"indicator--58ff2016-41b4-427d-b2d5-40f002de0b81",
|
|
"observed-data--58ff2017-ee18-44bf-9841-452d02de0b81",
|
|
"url--58ff2017-ee18-44bf-9841-452d02de0b81",
|
|
"indicator--58ff2017-b6e8-49c1-acc1-48eb02de0b81",
|
|
"indicator--58ff2018-ff44-4774-84ce-40b502de0b81",
|
|
"observed-data--58ff2018-f084-41a3-a797-466902de0b81",
|
|
"url--58ff2018-f084-41a3-a797-466902de0b81",
|
|
"indicator--58ff2019-6b84-4438-8383-432102de0b81",
|
|
"indicator--58ff2019-65b8-46b9-8866-43b602de0b81",
|
|
"observed-data--58ff201a-63d8-42fb-adf5-421102de0b81",
|
|
"url--58ff201a-63d8-42fb-adf5-421102de0b81",
|
|
"indicator--58ff201a-853c-4ea9-8a11-489b02de0b81",
|
|
"indicator--58ff201b-46e0-4b35-8b2f-40ff02de0b81",
|
|
"observed-data--58ff201b-b044-4442-8250-40d502de0b81",
|
|
"url--58ff201b-b044-4442-8250-40d502de0b81",
|
|
"indicator--58ff201c-4e4c-4416-aed5-49fb02de0b81",
|
|
"indicator--58ff201c-d2a0-4c86-a406-4af602de0b81",
|
|
"observed-data--58ff201d-4f5c-45bf-b016-4b2f02de0b81",
|
|
"url--58ff201d-4f5c-45bf-b016-4b2f02de0b81",
|
|
"indicator--58ff201d-8520-407f-ab15-4b6602de0b81",
|
|
"indicator--58ff201e-f66c-483e-a3a9-4e6802de0b81",
|
|
"observed-data--58ff201e-7b88-4f42-85d5-428d02de0b81",
|
|
"url--58ff201e-7b88-4f42-85d5-428d02de0b81",
|
|
"indicator--58ff201f-8aa4-436f-8b05-41e402de0b81",
|
|
"indicator--58ff201f-4784-4a95-b28e-4c1f02de0b81",
|
|
"observed-data--58ff2020-8754-479c-bf6c-4bfa02de0b81",
|
|
"url--58ff2020-8754-479c-bf6c-4bfa02de0b81",
|
|
"indicator--58ff2020-a684-4020-9f32-47b702de0b81",
|
|
"indicator--58ff2020-4390-4a6a-8907-4d3e02de0b81",
|
|
"observed-data--58ff2021-c7d0-464a-91d2-468102de0b81",
|
|
"url--58ff2021-c7d0-464a-91d2-468102de0b81",
|
|
"indicator--58ff2021-9468-42ff-bb3a-47c202de0b81",
|
|
"indicator--58ff2022-7e98-4604-9aff-486e02de0b81",
|
|
"observed-data--58ff2022-0a24-46f2-905d-474a02de0b81",
|
|
"url--58ff2022-0a24-46f2-905d-474a02de0b81",
|
|
"indicator--58ff2023-41b0-4bd1-80ef-4d5b02de0b81",
|
|
"indicator--58ff2023-32cc-4d66-9bdc-4eb002de0b81",
|
|
"observed-data--58ff2024-80d8-4b8e-9823-440802de0b81",
|
|
"url--58ff2024-80d8-4b8e-9823-440802de0b81",
|
|
"indicator--58ff2024-b5e0-4d58-b863-430302de0b81",
|
|
"indicator--58ff2025-6980-44ba-ba85-403702de0b81",
|
|
"observed-data--58ff2025-f170-4d3f-b813-42f102de0b81",
|
|
"url--58ff2025-f170-4d3f-b813-42f102de0b81",
|
|
"indicator--58ff2026-34a0-4280-bbc1-412902de0b81",
|
|
"indicator--58ff2026-04e0-4499-98dc-453902de0b81",
|
|
"observed-data--58ff2027-1ee4-454a-b6f0-4eda02de0b81",
|
|
"url--58ff2027-1ee4-454a-b6f0-4eda02de0b81",
|
|
"indicator--58ff2027-faac-4e07-9283-46e602de0b81",
|
|
"indicator--58ff2027-d780-4e3b-ab1b-444602de0b81",
|
|
"observed-data--58ff2028-dbc4-4f80-b52f-4a4f02de0b81",
|
|
"url--58ff2028-dbc4-4f80-b52f-4a4f02de0b81",
|
|
"indicator--58ff2028-96d0-434c-9d0f-496e02de0b81",
|
|
"indicator--58ff2029-ce80-420b-8db8-451002de0b81",
|
|
"observed-data--58ff2029-9904-4bf6-8932-4e4f02de0b81",
|
|
"url--58ff2029-9904-4bf6-8932-4e4f02de0b81",
|
|
"indicator--58ff202a-bc8c-49c5-a86f-441d02de0b81",
|
|
"indicator--58ff202a-3cec-4701-a773-46ba02de0b81",
|
|
"observed-data--58ff202b-8fd8-459a-a5f4-457902de0b81",
|
|
"url--58ff202b-8fd8-459a-a5f4-457902de0b81",
|
|
"indicator--58ff202b-1b60-4988-90ef-418202de0b81",
|
|
"indicator--58ff202b-6fac-487b-bdaa-400a02de0b81",
|
|
"observed-data--58ff202c-5f94-4888-8225-432002de0b81",
|
|
"url--58ff202c-5f94-4888-8225-432002de0b81",
|
|
"indicator--58ff202d-a2d4-46f9-8091-486302de0b81",
|
|
"indicator--58ff202d-4d20-4fcb-8d9c-4b8302de0b81",
|
|
"observed-data--58ff202d-8414-43b2-a574-4b2c02de0b81",
|
|
"url--58ff202d-8414-43b2-a574-4b2c02de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"malware_classification:malware-category=\"Ransomware\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58fefb5d-8358-4eb4-bd8b-2ffa950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "Throughout the majority of 2016, Locky was the dominant ransomware in the threat landscape. It was an early pioneer when it came to using scripting formats Windows hosts would natively handle, like .js, .wsf, and .hta. These scripting formats acted as a vehicle to deliver the payload via email campaigns. However, late in 2016 Locky distribution declined dramatically largely due to the slowdown of Necurs that occurred at the same time.\r\n\r\nOn April 21st, Talos observed the first large scale Locky campaign in months from Necurs. This campaign leveraged techniques associated with a recent Dridex campaign and is currently being distributed in very high volumes. Talos has seen in excess of 35K emails in the last several hours associated with this newest wave of Locky. This large wave of distribution has been attributed to the Necurs botnet which, until recently, had been focused on more traditional spam such as pump-and-dump spam, Russian dating spam, and work-from-home spam."
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58fefb6e-585c-4581-9665-49b3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"first_observed": "2017-04-25T10:06:35Z",
|
|
"last_observed": "2017-04-25T10:06:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58fefb6e-585c-4581-9665-49b3950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58fefb6e-585c-4581-9665-49b3950d210f",
|
|
"value": "http://blog.talosintelligence.com/2017/04/locky-returns-necurs.html"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc06-a394-40c4-985c-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = 'ffebb94676c767fb2cbd86453e3127f7abf459c428f2d80228f2cd7e1b55fff3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc06-93f4-4587-8f64-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = 'ca5c4d2bb3c6c035bb0137504b17ccec31deb366757440feb832b7e0d270b487']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc07-a8e4-4bba-840f-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '44687edc7169d919ef0891e41487ddefa30d93744d6a9e3ecabb5d6f8d88c039']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc07-273c-4f0c-a0fe-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = 'd6aa22aee572dd90161ba793b8afba27dbf50df4d23b2921d131626671e8d966']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc07-f290-464c-9181-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '8476cf9307933499771186dfe4c397905ea2a320c488b357ba0148f862b9532e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc08-ea90-456d-a531-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '1705d38d2ea80177963d67fd18e836326d70a239378d6b9c74d445c5e0b423d6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc08-470c-407c-a3ac-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '3ccef773a5527c7128987bb8d359726f0b3d4d84dd6526c1b3aa76fd98b68539']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc09-88e8-4927-aa9e-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '6eaeb3aa26dcce83342eb2ed055c623ae43c629eccd7f1d31c0380029ed9741d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc09-61a8-4a71-8e1b-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '65e5a0956b7e83e484b0fce962e08f1d75aefb0232d1521c97e186a746aabd2f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc09-f818-4ea2-bdb6-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '9008ee571b139496190f4e54d155300a1c875a8fb9096cfa27809e4e71955176']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0a-478c-4ca7-b137-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '1b15c90d67e4b7522ca61e21133b155eb7f1cf32328a030784dc2d95ee7d10ad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0a-14f8-44c2-bc0a-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '32324fe312aba53c25a512eb81f7fe6ab7b2a44417a0cd0983c6f19cd29d5b26']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0b-d9b8-4a72-a12c-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '1b025b5f24d42eed4eabaff15cee80fff3484d4205be2611f8dce5d4dce9020c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0b-ccfc-48cf-b0a9-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '7e69993bfe292a72f8377d47059741f2b9ef2df1c93b2a0457ed8c1acf986e70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0b-c538-4ffc-8275-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '69ac4202505b603b490e5f2ca4e310af57a16c6c3f9a2efa928ab0d0faf7ae6b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0c-bae0-4154-a623-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '1fc5a5831c2d880fc5e32db55adef8ad1e0f68b8e245ccaf1a3ee78f83a7da27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0c-01ac-4be3-9693-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = 'e4426738a8ed366f2773aa3ac9374dae6f3ad41759dd3227a8d025fac2af9b49']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0d-8bd8-467e-9d47-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = 'a0b01d5f3f41b49e07be198408910084912cc5db030aa4d0449a8bd2677596b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0d-ef30-494c-8a90-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '06d42acee69178a161b7317c87515e4bdab647976985a1d172411b799ffbac32']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0d-eb7c-4e3b-ae75-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = 'eb9c6616204c358aa06ebb181cfcf8220216a9531b05006e8ed5dd714f3574da']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0e-b98c-4906-afbd-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '7e73b086c5d0d693483a57847aa738e8c3b65b45f8603b5980721795af4534dd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0e-c70c-4589-b5c9-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '7a6052881573bb7d976a5bbf39e1a9221dea68193f27c142bb77534a5049e5b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0f-1340-4de5-abf6-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = 'f08ab6e0fc6dbff270b2d42f4412375cef3d543b311923960ab432d35754a56e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0f-d544-47f7-bb4b-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '63fc82ce40ea946749e7312517b103fad96e8da6a01c63e44be93cd196aae692']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc0f-b94c-4ebe-a9f4-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '2592d4bf18d83d1b9f98176ce389d6ad5dcaa399f3a549fab15cad520cd24470']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc10-fc68-42aa-b923-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '5e9f7cae76f9888c732a77345326e442f56d94e8ed253eabb812fc2ba95e01ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc10-7f14-4231-9a94-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = 'ff92433ae4ee90b3c6dd3cd5655302be345addd2a57bf143ee982e692ca7ca33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc10-5590-48c5-a3b9-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '2881600b108ece9a1df3e7659370e3ee79cf233e9723a9acd7985452c5915eb3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc11-0984-4af8-930f-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = 'f1326f8c348b6a4eb0fe0c3fcdc27e8375fd0ea7ecca54d392de790f31a9d037']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc11-f66c-47f8-b5cc-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = 'cd0a031a65a10e8c549c29c1b5db87ad730c84ef9ba48041b3c4a723e56ee71f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc12-d9bc-4bd0-baf1-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '8e2cb05dbf3375e66488f387aaebe31c51c95fea135eadace186362629988a4c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc12-d574-41dc-9e37-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '0559d32f6a20cdfa380eb1eb17fbc4aea9e39f3203f4b7818281e0fb117a6977']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc13-5530-43c2-affb-8da3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "pdf",
|
|
"pattern": "[file:hashes.SHA256 = '32325761402e0b55dd9fe8b2718bc213491eea6f57bc354e358a6edcbe584dd1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc47-f3c4-479b-bed1-459e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '026fa1191fcf895ce375ad8f8f2bda47aa8b1cb27e6be490399a1ad47d452b68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc47-4440-4d53-8a12-485d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'a20ebaf8b9c14a2738795f0c38b48a712f3e9fd293a51c5475b15c959856139d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc47-61b0-42b2-9ad2-4ffb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '04ea10db95049ec292e712803dc87c236cc3e3e7c2dd018e84d841f9060a15ef']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc48-75f8-4203-a984-4a1c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'aa09f65734b2b6972b47b8845aa8f59737ab5a6b5469d7a6e6fdbcf12629b287']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc48-0080-4d8d-820c-47f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '0af35bd7ffe0af328cff2cf39585b4b1b69d550c94f0b407e348085dda0b4284']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc49-ce60-40bf-acfe-4a92950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'ad022ea9c0bbc852806e87f8b1a2d4ffd683116876304613160e975f430bd992']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc49-d768-4a57-9dd5-447d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '10ce87f33381989373c519e2ff539f86c2a0a2a4cab0b791e82d4afece0367e6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc49-7c24-4632-8492-4156950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'b0ad3d8fade247b219d7a3c8fee781e26742c1733de8c00cc50254785cb71e09']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4a-86f4-4af1-9d61-45c9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '1d73ce6cbc40b02c59c928238f1d316b4340c4ac1e0231f608fa7b5d2fb24836']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4a-a7a8-43c0-aebb-48c0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'b27fb67c5a86f65c762a8af7537c8c5d5fc27e3e2f600495d22cd39fbe82018b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4b-4f3c-44ef-b0c6-4bdc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '24982da99435dd1a12c1a7bda53e7325b5081dff96b441287a99027a6b379309']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4b-e010-472c-8d8a-4be1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'b78dcbf395b7c934344e4f1bb3cb08628455e8d2a997dbad0bce7afdd573ff8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4b-8148-4811-82d7-49e4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '2665260758371f88ca4e49dd577e885fc138651a0e2b3564309b892eea36f7af']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4c-5b60-4765-9610-422c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '276fd3e1e484996c7f2cd8d9b9d0125dc0d9d6488a65417fb80662616b76adc2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4c-7bb4-4b0d-a770-496f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'c411f18d2d53f26dad5275a549d288447a492487b46379fe07087f42792a1be1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4d-83a4-439b-9b45-45d8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '2cc4ca03a31e970a020bc85bb797847abaae41af7c0734826213b4938e5040cb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4d-96c8-4651-9537-429a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'c7dc067b3e6ba29ffbfc45d9c32219f3e6898142dfc6da374c752b0bc0fb4c01']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4d-90b8-4caa-a5a9-4762950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '350e989a917614bc2f830dbe61cbad08b444d9cfe96706ed0bd2d86e3a586ec4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4e-f7f4-477c-b6dc-405c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'd38ba2dfc9e02a2c6997901aae2197402ce7cf3e79973b81dd06271dbac17328']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4e-d0ec-470a-9ae0-4c1d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '3a9cbdb511a5c3fad3f3d6eedaf0fe7aa61bd362d374aa8b0e7924ea1a07be48']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4f-a558-4400-80fc-4b62950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'dfb72c342d42655c6309a7496acdad721d7ab1b171e90eaef8b676ac99a06461']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4f-4764-4acf-8a00-4579950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '486a3f4053c1e44cb09a43d645227b4916a6475658f3e21ee02bae66df6a8667']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc4f-f8e0-4de2-b74b-42eb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'e0f9cca4d7acda468bf1e8f0fab70f4b95b37cc711dae3d972aaf0c4bb0dabc6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc50-dcf4-47de-ba7d-46fa950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '52db4cca867773fdce9cd8d6d4e9b8ea66c2c0c4067f33fd4aaf6bfa0c5e4d62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc50-23bc-4b8c-a0ce-47d8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'e4ec3cdf1bb578d2740c06a0e615f4b2f08ce1ff6f925670a92630fc3daedda1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc51-3ca4-4c4a-ba89-4f16950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '65184fbf32ef6a9e109115aaac401de7c0af797d485396091f284a262abf222c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc51-6ab0-4aed-bd67-465f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'e67599948a41876b59f09af447816391fd5d29fdebaa5b1fc344980c0b13574b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc51-52c0-4dff-a5b9-4e82950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '6f354a86af7f1885935f0214e663734479e560784c257fa006030fb64d9f38bb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc52-1d98-48be-92d2-442d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'eb822fb0d99a0b8aefcf70e484b997979a4a4c22325dfd52c4bec492e9937a03']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc52-07f8-4550-bb8c-4dd3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '750c0fdd43575e5110fe348f8fc46f5e5413b0e1aed1c3547bb2e216255e4f00']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc53-f520-46c1-8398-4b48950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'edb73979f8d857a35f0be95538db9bc33bc583021feca81c1a64f2da18a902d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc53-9f8c-4839-ae8b-48df950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '8424b5178273e0b5d17ae34a1bf3889b1e1d4a351246d342cad933e1e5ec7779']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc53-8a24-485b-9b98-4ba5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'ee4adfcfc84afbde6180495e132a5477c8d48739051db7d996e078b33c1a5e45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc54-7ad0-405b-bb86-4e25950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '8b178a3e113a14ebb0e288d610540b15df9a3c59f72667d7142782fd3ef9f370']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc54-2550-4d4e-bb50-432f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'f175ed80e667d31877ad75117f2e98a2fb83eeec8f5a523d9ed10ae6fc2dc453']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc55-15b8-42c8-83a9-4a24950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '8bb3c9df22203fadd942b4a4820219f88e20833f9f33ff9ae0361074dc3786f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc55-0300-4366-9323-46cb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = 'f3877a6e45463ebfa03b49087852572793e4233d084a64584e29f6b7c83af1e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58fefc55-8160-48c7-94cb-427a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:06:35.000Z",
|
|
"modified": "2017-04-25T10:06:35.000Z",
|
|
"description": "Word Doc",
|
|
"pattern": "[file:hashes.SHA256 = '8e508ea5009677860b67e34af22f6706e6aa1e94c84759a43b1c9f3e40dbe013']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:06:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fd2-5b10-4339-8b0b-42e502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:14.000Z",
|
|
"modified": "2017-04-25T10:07:14.000Z",
|
|
"description": "Word Doc - Xchecked via VT: f3877a6e45463ebfa03b49087852572793e4233d084a64584e29f6b7c83af1e8",
|
|
"pattern": "[file:hashes.SHA1 = '2b600176acc30db64969cc4c80fa7353a7e64b0f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fd3-daf0-4f7b-b452-4da502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:15.000Z",
|
|
"modified": "2017-04-25T10:07:15.000Z",
|
|
"description": "Word Doc - Xchecked via VT: f3877a6e45463ebfa03b49087852572793e4233d084a64584e29f6b7c83af1e8",
|
|
"pattern": "[file:hashes.MD5 = '43efb1302b9cc4335ac0cb86428c49e7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fd3-7848-4092-92a2-489a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:15.000Z",
|
|
"modified": "2017-04-25T10:07:15.000Z",
|
|
"first_observed": "2017-04-25T10:07:15Z",
|
|
"last_observed": "2017-04-25T10:07:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fd3-7848-4092-92a2-489a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fd3-7848-4092-92a2-489a02de0b81",
|
|
"value": "https://www.virustotal.com/file/f3877a6e45463ebfa03b49087852572793e4233d084a64584e29f6b7c83af1e8/analysis/1493004740/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fd4-b778-407c-8455-4b6f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:16.000Z",
|
|
"modified": "2017-04-25T10:07:16.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 8bb3c9df22203fadd942b4a4820219f88e20833f9f33ff9ae0361074dc3786f3",
|
|
"pattern": "[file:hashes.SHA1 = 'bbc89c216702e0259e79c770b51974055faa2138']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fd4-ec8c-4d98-9800-41d702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:16.000Z",
|
|
"modified": "2017-04-25T10:07:16.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 8bb3c9df22203fadd942b4a4820219f88e20833f9f33ff9ae0361074dc3786f3",
|
|
"pattern": "[file:hashes.MD5 = '0850bacc8c3868c946193f1ab743aa7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fd4-7688-4e40-a979-441602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:16.000Z",
|
|
"modified": "2017-04-25T10:07:16.000Z",
|
|
"first_observed": "2017-04-25T10:07:16Z",
|
|
"last_observed": "2017-04-25T10:07:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fd4-7688-4e40-a979-441602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fd4-7688-4e40-a979-441602de0b81",
|
|
"value": "https://www.virustotal.com/file/8bb3c9df22203fadd942b4a4820219f88e20833f9f33ff9ae0361074dc3786f3/analysis/1493004707/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fd5-b3b8-4fc6-a3e7-458402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:17.000Z",
|
|
"modified": "2017-04-25T10:07:17.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 8b178a3e113a14ebb0e288d610540b15df9a3c59f72667d7142782fd3ef9f370",
|
|
"pattern": "[file:hashes.SHA1 = 'c0c1ebda1e7b6026986888772fa305f1e3c1e16f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fd5-fe60-480c-8850-4cef02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:17.000Z",
|
|
"modified": "2017-04-25T10:07:17.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 8b178a3e113a14ebb0e288d610540b15df9a3c59f72667d7142782fd3ef9f370",
|
|
"pattern": "[file:hashes.MD5 = '1db5e4b6b73eab7d4f57e9c60480f04b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fd6-3de8-48ee-a74c-442202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:18.000Z",
|
|
"modified": "2017-04-25T10:07:18.000Z",
|
|
"first_observed": "2017-04-25T10:07:18Z",
|
|
"last_observed": "2017-04-25T10:07:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fd6-3de8-48ee-a74c-442202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fd6-3de8-48ee-a74c-442202de0b81",
|
|
"value": "https://www.virustotal.com/file/8b178a3e113a14ebb0e288d610540b15df9a3c59f72667d7142782fd3ef9f370/analysis/1493004639/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fd6-d634-4792-a44e-406202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:18.000Z",
|
|
"modified": "2017-04-25T10:07:18.000Z",
|
|
"description": "Word Doc - Xchecked via VT: ee4adfcfc84afbde6180495e132a5477c8d48739051db7d996e078b33c1a5e45",
|
|
"pattern": "[file:hashes.SHA1 = '86eef8590bc6eb431640a7eeec6c3a5b5a247361']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fd7-1200-4f16-b2f8-453802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:19.000Z",
|
|
"modified": "2017-04-25T10:07:19.000Z",
|
|
"description": "Word Doc - Xchecked via VT: ee4adfcfc84afbde6180495e132a5477c8d48739051db7d996e078b33c1a5e45",
|
|
"pattern": "[file:hashes.MD5 = '70d1a91acef2b596e54707618e3029a5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fd7-cff4-48f9-a2b1-4dc902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:19.000Z",
|
|
"modified": "2017-04-25T10:07:19.000Z",
|
|
"first_observed": "2017-04-25T10:07:19Z",
|
|
"last_observed": "2017-04-25T10:07:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fd7-cff4-48f9-a2b1-4dc902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fd7-cff4-48f9-a2b1-4dc902de0b81",
|
|
"value": "https://www.virustotal.com/file/ee4adfcfc84afbde6180495e132a5477c8d48739051db7d996e078b33c1a5e45/analysis/1493099777/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fd8-a6c0-43d0-8d16-451602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:20.000Z",
|
|
"modified": "2017-04-25T10:07:20.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 8424b5178273e0b5d17ae34a1bf3889b1e1d4a351246d342cad933e1e5ec7779",
|
|
"pattern": "[file:hashes.SHA1 = '183fc2cd6bc63ea407a2f102f7fae2de52bf37df']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fd8-f1d8-48d2-a856-4af202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:20.000Z",
|
|
"modified": "2017-04-25T10:07:20.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 8424b5178273e0b5d17ae34a1bf3889b1e1d4a351246d342cad933e1e5ec7779",
|
|
"pattern": "[file:hashes.MD5 = '080b8754f82c81f51107720e9b1178c0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fd9-19dc-40a4-a45a-406302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:21.000Z",
|
|
"modified": "2017-04-25T10:07:21.000Z",
|
|
"first_observed": "2017-04-25T10:07:21Z",
|
|
"last_observed": "2017-04-25T10:07:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fd9-19dc-40a4-a45a-406302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fd9-19dc-40a4-a45a-406302de0b81",
|
|
"value": "https://www.virustotal.com/file/8424b5178273e0b5d17ae34a1bf3889b1e1d4a351246d342cad933e1e5ec7779/analysis/1493004554/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fd9-da2c-4bfe-baf2-460402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:21.000Z",
|
|
"modified": "2017-04-25T10:07:21.000Z",
|
|
"description": "Word Doc - Xchecked via VT: eb822fb0d99a0b8aefcf70e484b997979a4a4c22325dfd52c4bec492e9937a03",
|
|
"pattern": "[file:hashes.SHA1 = 'bd91035775b260b1f48924bc8c0a2ebd71b71760']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fda-228c-4a7d-9f14-44e802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:22.000Z",
|
|
"modified": "2017-04-25T10:07:22.000Z",
|
|
"description": "Word Doc - Xchecked via VT: eb822fb0d99a0b8aefcf70e484b997979a4a4c22325dfd52c4bec492e9937a03",
|
|
"pattern": "[file:hashes.MD5 = '3209344017e6ebf524ad7cba9951dbed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fda-c950-47b8-94c8-4b2902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:22.000Z",
|
|
"modified": "2017-04-25T10:07:22.000Z",
|
|
"first_observed": "2017-04-25T10:07:22Z",
|
|
"last_observed": "2017-04-25T10:07:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fda-c950-47b8-94c8-4b2902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fda-c950-47b8-94c8-4b2902de0b81",
|
|
"value": "https://www.virustotal.com/file/eb822fb0d99a0b8aefcf70e484b997979a4a4c22325dfd52c4bec492e9937a03/analysis/1493004487/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fdb-9a90-472a-9909-4a8602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:23.000Z",
|
|
"modified": "2017-04-25T10:07:23.000Z",
|
|
"description": "Word Doc - Xchecked via VT: e67599948a41876b59f09af447816391fd5d29fdebaa5b1fc344980c0b13574b",
|
|
"pattern": "[file:hashes.SHA1 = 'be56d47d39d60c691b66b896643597596d0d264b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fdb-c754-4829-a6b1-431902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:23.000Z",
|
|
"modified": "2017-04-25T10:07:23.000Z",
|
|
"description": "Word Doc - Xchecked via VT: e67599948a41876b59f09af447816391fd5d29fdebaa5b1fc344980c0b13574b",
|
|
"pattern": "[file:hashes.MD5 = 'e5d575e8ede6327e25d6def88401901f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fdc-cf60-48fb-a240-4ddb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:24.000Z",
|
|
"modified": "2017-04-25T10:07:24.000Z",
|
|
"first_observed": "2017-04-25T10:07:24Z",
|
|
"last_observed": "2017-04-25T10:07:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fdc-cf60-48fb-a240-4ddb02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fdc-cf60-48fb-a240-4ddb02de0b81",
|
|
"value": "https://www.virustotal.com/file/e67599948a41876b59f09af447816391fd5d29fdebaa5b1fc344980c0b13574b/analysis/1492860123/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fdc-7aa4-45a8-bb15-48e202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:24.000Z",
|
|
"modified": "2017-04-25T10:07:24.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 52db4cca867773fdce9cd8d6d4e9b8ea66c2c0c4067f33fd4aaf6bfa0c5e4d62",
|
|
"pattern": "[file:hashes.SHA1 = 'e2caed21a8d7a96f3c56a0b33c2e6bf4695101be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fdd-4354-4230-927c-497c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:25.000Z",
|
|
"modified": "2017-04-25T10:07:25.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 52db4cca867773fdce9cd8d6d4e9b8ea66c2c0c4067f33fd4aaf6bfa0c5e4d62",
|
|
"pattern": "[file:hashes.MD5 = '385e0361652c51b07cf73d670536a9a3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fdd-5594-40fb-8817-416102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:25.000Z",
|
|
"modified": "2017-04-25T10:07:25.000Z",
|
|
"first_observed": "2017-04-25T10:07:25Z",
|
|
"last_observed": "2017-04-25T10:07:25Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fdd-5594-40fb-8817-416102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fdd-5594-40fb-8817-416102de0b81",
|
|
"value": "https://www.virustotal.com/file/52db4cca867773fdce9cd8d6d4e9b8ea66c2c0c4067f33fd4aaf6bfa0c5e4d62/analysis/1492998229/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fde-6e78-4011-82d0-473702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:26.000Z",
|
|
"modified": "2017-04-25T10:07:26.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 486a3f4053c1e44cb09a43d645227b4916a6475658f3e21ee02bae66df6a8667",
|
|
"pattern": "[file:hashes.SHA1 = '06e592a270d316666b4af5a795355e398b48be2d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fde-9284-4dc8-bc22-46f802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:26.000Z",
|
|
"modified": "2017-04-25T10:07:26.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 486a3f4053c1e44cb09a43d645227b4916a6475658f3e21ee02bae66df6a8667",
|
|
"pattern": "[file:hashes.MD5 = 'f9d721952ed0dca66ba5c9c6d18e96f7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fdf-e97c-4c1d-80a6-4a3202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:27.000Z",
|
|
"modified": "2017-04-25T10:07:27.000Z",
|
|
"first_observed": "2017-04-25T10:07:27Z",
|
|
"last_observed": "2017-04-25T10:07:27Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fdf-e97c-4c1d-80a6-4a3202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fdf-e97c-4c1d-80a6-4a3202de0b81",
|
|
"value": "https://www.virustotal.com/file/486a3f4053c1e44cb09a43d645227b4916a6475658f3e21ee02bae66df6a8667/analysis/1492872419/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fe0-5530-442a-986a-43ea02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:28.000Z",
|
|
"modified": "2017-04-25T10:07:28.000Z",
|
|
"description": "Word Doc - Xchecked via VT: dfb72c342d42655c6309a7496acdad721d7ab1b171e90eaef8b676ac99a06461",
|
|
"pattern": "[file:hashes.SHA1 = 'c3716eabc2cf8bcab09a224923dae7c90698dd69']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fe0-f890-46fd-8104-4b8b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:28.000Z",
|
|
"modified": "2017-04-25T10:07:28.000Z",
|
|
"description": "Word Doc - Xchecked via VT: dfb72c342d42655c6309a7496acdad721d7ab1b171e90eaef8b676ac99a06461",
|
|
"pattern": "[file:hashes.MD5 = '43730660aa0a39311430ee4890110e56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fe1-7ee4-4534-bd7e-40c102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:29.000Z",
|
|
"modified": "2017-04-25T10:07:29.000Z",
|
|
"first_observed": "2017-04-25T10:07:29Z",
|
|
"last_observed": "2017-04-25T10:07:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fe1-7ee4-4534-bd7e-40c102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fe1-7ee4-4534-bd7e-40c102de0b81",
|
|
"value": "https://www.virustotal.com/file/dfb72c342d42655c6309a7496acdad721d7ab1b171e90eaef8b676ac99a06461/analysis/1493004306/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fe1-c9b4-4355-9888-483302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:29.000Z",
|
|
"modified": "2017-04-25T10:07:29.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 3a9cbdb511a5c3fad3f3d6eedaf0fe7aa61bd362d374aa8b0e7924ea1a07be48",
|
|
"pattern": "[file:hashes.SHA1 = '6843be2a5aa17ee5bddea42d1f544c1234ca47f2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fe2-58f4-4a4c-8d7e-458d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:30.000Z",
|
|
"modified": "2017-04-25T10:07:30.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 3a9cbdb511a5c3fad3f3d6eedaf0fe7aa61bd362d374aa8b0e7924ea1a07be48",
|
|
"pattern": "[file:hashes.MD5 = '2b211807939a8c275937ab1328b895e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fe2-2f04-4776-b06b-465402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:30.000Z",
|
|
"modified": "2017-04-25T10:07:30.000Z",
|
|
"first_observed": "2017-04-25T10:07:30Z",
|
|
"last_observed": "2017-04-25T10:07:30Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fe2-2f04-4776-b06b-465402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fe2-2f04-4776-b06b-465402de0b81",
|
|
"value": "https://www.virustotal.com/file/3a9cbdb511a5c3fad3f3d6eedaf0fe7aa61bd362d374aa8b0e7924ea1a07be48/analysis/1493004260/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fe3-02bc-4103-a908-489202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:31.000Z",
|
|
"modified": "2017-04-25T10:07:31.000Z",
|
|
"description": "Word Doc - Xchecked via VT: d38ba2dfc9e02a2c6997901aae2197402ce7cf3e79973b81dd06271dbac17328",
|
|
"pattern": "[file:hashes.SHA1 = 'a804a284d66bf1e3e03efb0a6d09bfeeeb27e35b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fe3-1270-4ce4-8861-4dca02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:31.000Z",
|
|
"modified": "2017-04-25T10:07:31.000Z",
|
|
"description": "Word Doc - Xchecked via VT: d38ba2dfc9e02a2c6997901aae2197402ce7cf3e79973b81dd06271dbac17328",
|
|
"pattern": "[file:hashes.MD5 = 'ff532e378816c7e829714125ac6a73ce']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fe4-04f0-4be4-9824-499802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:32.000Z",
|
|
"modified": "2017-04-25T10:07:32.000Z",
|
|
"first_observed": "2017-04-25T10:07:32Z",
|
|
"last_observed": "2017-04-25T10:07:32Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fe4-04f0-4be4-9824-499802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fe4-04f0-4be4-9824-499802de0b81",
|
|
"value": "https://www.virustotal.com/file/d38ba2dfc9e02a2c6997901aae2197402ce7cf3e79973b81dd06271dbac17328/analysis/1493107917/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fe4-369c-4393-b8ab-459402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:32.000Z",
|
|
"modified": "2017-04-25T10:07:32.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 350e989a917614bc2f830dbe61cbad08b444d9cfe96706ed0bd2d86e3a586ec4",
|
|
"pattern": "[file:hashes.SHA1 = 'd75802c451bae2b6f1fc926d27cb2ec8ba6121c0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fe5-cbc4-4a7a-b24f-459002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:33.000Z",
|
|
"modified": "2017-04-25T10:07:33.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 350e989a917614bc2f830dbe61cbad08b444d9cfe96706ed0bd2d86e3a586ec4",
|
|
"pattern": "[file:hashes.MD5 = '01d8dad60cc4832505f4826e0bbcb362']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fe5-9398-4dea-8e53-481c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:33.000Z",
|
|
"modified": "2017-04-25T10:07:33.000Z",
|
|
"first_observed": "2017-04-25T10:07:33Z",
|
|
"last_observed": "2017-04-25T10:07:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fe5-9398-4dea-8e53-481c02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fe5-9398-4dea-8e53-481c02de0b81",
|
|
"value": "https://www.virustotal.com/file/350e989a917614bc2f830dbe61cbad08b444d9cfe96706ed0bd2d86e3a586ec4/analysis/1493004173/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fe6-35fc-4c69-8cc6-4a8802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:34.000Z",
|
|
"modified": "2017-04-25T10:07:34.000Z",
|
|
"description": "Word Doc - Xchecked via VT: c7dc067b3e6ba29ffbfc45d9c32219f3e6898142dfc6da374c752b0bc0fb4c01",
|
|
"pattern": "[file:hashes.SHA1 = '7bbd773a03f8e3a6a021e93cb0f7ef6eb61a771a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fe6-54d8-4682-b657-461302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:34.000Z",
|
|
"modified": "2017-04-25T10:07:34.000Z",
|
|
"description": "Word Doc - Xchecked via VT: c7dc067b3e6ba29ffbfc45d9c32219f3e6898142dfc6da374c752b0bc0fb4c01",
|
|
"pattern": "[file:hashes.MD5 = '7391b7c24c8b8443f0999487c9503eea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fe7-8b98-40f7-93dc-4f0e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:35.000Z",
|
|
"modified": "2017-04-25T10:07:35.000Z",
|
|
"first_observed": "2017-04-25T10:07:35Z",
|
|
"last_observed": "2017-04-25T10:07:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fe7-8b98-40f7-93dc-4f0e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fe7-8b98-40f7-93dc-4f0e02de0b81",
|
|
"value": "https://www.virustotal.com/file/c7dc067b3e6ba29ffbfc45d9c32219f3e6898142dfc6da374c752b0bc0fb4c01/analysis/1493004140/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fe7-785c-4271-828a-43da02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:35.000Z",
|
|
"modified": "2017-04-25T10:07:35.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 2cc4ca03a31e970a020bc85bb797847abaae41af7c0734826213b4938e5040cb",
|
|
"pattern": "[file:hashes.SHA1 = 'b85d39acb4eb19aea7c5c8544a67ff1aff928f39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fe8-2ef8-456b-b98a-4e3b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:36.000Z",
|
|
"modified": "2017-04-25T10:07:36.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 2cc4ca03a31e970a020bc85bb797847abaae41af7c0734826213b4938e5040cb",
|
|
"pattern": "[file:hashes.MD5 = '6c33b201ba50525aba7a1c53d49f5897']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fe8-fe34-4629-ade3-456c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:36.000Z",
|
|
"modified": "2017-04-25T10:07:36.000Z",
|
|
"first_observed": "2017-04-25T10:07:36Z",
|
|
"last_observed": "2017-04-25T10:07:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fe8-fe34-4629-ade3-456c02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fe8-fe34-4629-ade3-456c02de0b81",
|
|
"value": "https://www.virustotal.com/file/2cc4ca03a31e970a020bc85bb797847abaae41af7c0734826213b4938e5040cb/analysis/1493002644/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fe9-88fc-4072-9667-41c402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:37.000Z",
|
|
"modified": "2017-04-25T10:07:37.000Z",
|
|
"description": "Word Doc - Xchecked via VT: c411f18d2d53f26dad5275a549d288447a492487b46379fe07087f42792a1be1",
|
|
"pattern": "[file:hashes.SHA1 = '7325ab3010acd00b30754514a42527253290d80b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fe9-7c64-46d9-a499-4abd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:37.000Z",
|
|
"modified": "2017-04-25T10:07:37.000Z",
|
|
"description": "Word Doc - Xchecked via VT: c411f18d2d53f26dad5275a549d288447a492487b46379fe07087f42792a1be1",
|
|
"pattern": "[file:hashes.MD5 = '9e30ef558610457041663a7befac17a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fea-d6e4-442f-9a13-4cb702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:38.000Z",
|
|
"modified": "2017-04-25T10:07:38.000Z",
|
|
"first_observed": "2017-04-25T10:07:38Z",
|
|
"last_observed": "2017-04-25T10:07:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fea-d6e4-442f-9a13-4cb702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fea-d6e4-442f-9a13-4cb702de0b81",
|
|
"value": "https://www.virustotal.com/file/c411f18d2d53f26dad5275a549d288447a492487b46379fe07087f42792a1be1/analysis/1492999404/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fea-ea84-40ce-b340-4f9702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:38.000Z",
|
|
"modified": "2017-04-25T10:07:38.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 276fd3e1e484996c7f2cd8d9b9d0125dc0d9d6488a65417fb80662616b76adc2",
|
|
"pattern": "[file:hashes.SHA1 = '97ee023de8983c7ab5f3b71c26e06831922ce6df']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1feb-3908-4077-8bcc-485c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:39.000Z",
|
|
"modified": "2017-04-25T10:07:39.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 276fd3e1e484996c7f2cd8d9b9d0125dc0d9d6488a65417fb80662616b76adc2",
|
|
"pattern": "[file:hashes.MD5 = '8dbef431ddebfbbf19ae0a64eada6121']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1feb-8514-4efa-b58f-496902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:39.000Z",
|
|
"modified": "2017-04-25T10:07:39.000Z",
|
|
"first_observed": "2017-04-25T10:07:39Z",
|
|
"last_observed": "2017-04-25T10:07:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1feb-8514-4efa-b58f-496902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1feb-8514-4efa-b58f-496902de0b81",
|
|
"value": "https://www.virustotal.com/file/276fd3e1e484996c7f2cd8d9b9d0125dc0d9d6488a65417fb80662616b76adc2/analysis/1493004051/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fec-f734-48c8-8f0e-424302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:40.000Z",
|
|
"modified": "2017-04-25T10:07:40.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 2665260758371f88ca4e49dd577e885fc138651a0e2b3564309b892eea36f7af",
|
|
"pattern": "[file:hashes.SHA1 = 'f235463d86aac9a2dc0b6a8d9eb985dc4ad5e0bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fec-134c-46d7-8dd3-473a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:40.000Z",
|
|
"modified": "2017-04-25T10:07:40.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 2665260758371f88ca4e49dd577e885fc138651a0e2b3564309b892eea36f7af",
|
|
"pattern": "[file:hashes.MD5 = '34a811ae4390bc9529ec79844e2a7edd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fed-c230-466c-8701-476302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:41.000Z",
|
|
"modified": "2017-04-25T10:07:41.000Z",
|
|
"first_observed": "2017-04-25T10:07:41Z",
|
|
"last_observed": "2017-04-25T10:07:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fed-c230-466c-8701-476302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fed-c230-466c-8701-476302de0b81",
|
|
"value": "https://www.virustotal.com/file/2665260758371f88ca4e49dd577e885fc138651a0e2b3564309b892eea36f7af/analysis/1493004018/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fed-fec8-4bd3-bdec-424702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:41.000Z",
|
|
"modified": "2017-04-25T10:07:41.000Z",
|
|
"description": "Word Doc - Xchecked via VT: b78dcbf395b7c934344e4f1bb3cb08628455e8d2a997dbad0bce7afdd573ff8e",
|
|
"pattern": "[file:hashes.SHA1 = '8aea1d698464bf2d3bb585d6447a8f2bd5282dfd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fee-bf00-43d2-9ac4-4d6802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:42.000Z",
|
|
"modified": "2017-04-25T10:07:42.000Z",
|
|
"description": "Word Doc - Xchecked via VT: b78dcbf395b7c934344e4f1bb3cb08628455e8d2a997dbad0bce7afdd573ff8e",
|
|
"pattern": "[file:hashes.MD5 = '1b7c3feadecff11026d16a2284654c9a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1fee-02d4-452c-b149-480d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:42.000Z",
|
|
"modified": "2017-04-25T10:07:42.000Z",
|
|
"first_observed": "2017-04-25T10:07:42Z",
|
|
"last_observed": "2017-04-25T10:07:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1fee-02d4-452c-b149-480d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1fee-02d4-452c-b149-480d02de0b81",
|
|
"value": "https://www.virustotal.com/file/b78dcbf395b7c934344e4f1bb3cb08628455e8d2a997dbad0bce7afdd573ff8e/analysis/1493003981/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fef-e170-4de9-bcab-46ea02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:43.000Z",
|
|
"modified": "2017-04-25T10:07:43.000Z",
|
|
"description": "Word Doc - Xchecked via VT: b27fb67c5a86f65c762a8af7537c8c5d5fc27e3e2f600495d22cd39fbe82018b",
|
|
"pattern": "[file:hashes.SHA1 = '359e1ec4758ca71c8a12c02830f5f047326f6c62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fef-a324-40e9-be41-451202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:43.000Z",
|
|
"modified": "2017-04-25T10:07:43.000Z",
|
|
"description": "Word Doc - Xchecked via VT: b27fb67c5a86f65c762a8af7537c8c5d5fc27e3e2f600495d22cd39fbe82018b",
|
|
"pattern": "[file:hashes.MD5 = '0f7e5fc5a512e4fba099642ffe0399e4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1ff0-8618-4d4f-b892-4e2202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:44.000Z",
|
|
"modified": "2017-04-25T10:07:44.000Z",
|
|
"first_observed": "2017-04-25T10:07:44Z",
|
|
"last_observed": "2017-04-25T10:07:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1ff0-8618-4d4f-b892-4e2202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1ff0-8618-4d4f-b892-4e2202de0b81",
|
|
"value": "https://www.virustotal.com/file/b27fb67c5a86f65c762a8af7537c8c5d5fc27e3e2f600495d22cd39fbe82018b/analysis/1493003910/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ff0-4270-47f9-a246-49ba02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:44.000Z",
|
|
"modified": "2017-04-25T10:07:44.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 1d73ce6cbc40b02c59c928238f1d316b4340c4ac1e0231f608fa7b5d2fb24836",
|
|
"pattern": "[file:hashes.SHA1 = 'db28443b401f7244d99cf1959d63c6b77770f7c3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ff1-286c-414d-8a5a-449802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:45.000Z",
|
|
"modified": "2017-04-25T10:07:45.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 1d73ce6cbc40b02c59c928238f1d316b4340c4ac1e0231f608fa7b5d2fb24836",
|
|
"pattern": "[file:hashes.MD5 = '0767570c998ab7fb8af1230b43be5859']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1ff1-1a84-47d6-b75e-4b6402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:45.000Z",
|
|
"modified": "2017-04-25T10:07:45.000Z",
|
|
"first_observed": "2017-04-25T10:07:45Z",
|
|
"last_observed": "2017-04-25T10:07:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1ff1-1a84-47d6-b75e-4b6402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1ff1-1a84-47d6-b75e-4b6402de0b81",
|
|
"value": "https://www.virustotal.com/file/1d73ce6cbc40b02c59c928238f1d316b4340c4ac1e0231f608fa7b5d2fb24836/analysis/1493003747/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ff2-67d8-4aca-b962-42a702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:46.000Z",
|
|
"modified": "2017-04-25T10:07:46.000Z",
|
|
"description": "Word Doc - Xchecked via VT: b0ad3d8fade247b219d7a3c8fee781e26742c1733de8c00cc50254785cb71e09",
|
|
"pattern": "[file:hashes.SHA1 = '514784bb93457b9f29b412ebd52872d27e049e3d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ff2-bc5c-4c06-a7e5-400c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:46.000Z",
|
|
"modified": "2017-04-25T10:07:46.000Z",
|
|
"description": "Word Doc - Xchecked via VT: b0ad3d8fade247b219d7a3c8fee781e26742c1733de8c00cc50254785cb71e09",
|
|
"pattern": "[file:hashes.MD5 = '8b64f03637c377bb8b2fd778d3f5b64a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1ff3-1ad8-4cf8-8e60-434d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:47.000Z",
|
|
"modified": "2017-04-25T10:07:47.000Z",
|
|
"first_observed": "2017-04-25T10:07:47Z",
|
|
"last_observed": "2017-04-25T10:07:47Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1ff3-1ad8-4cf8-8e60-434d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1ff3-1ad8-4cf8-8e60-434d02de0b81",
|
|
"value": "https://www.virustotal.com/file/b0ad3d8fade247b219d7a3c8fee781e26742c1733de8c00cc50254785cb71e09/analysis/1493003708/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ff3-c0a0-4727-be1c-493802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:47.000Z",
|
|
"modified": "2017-04-25T10:07:47.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 10ce87f33381989373c519e2ff539f86c2a0a2a4cab0b791e82d4afece0367e6",
|
|
"pattern": "[file:hashes.SHA1 = '60584a00bcc2941376600d98d7d30f8c95e7224d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ff4-177c-4c63-8707-4b3102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:48.000Z",
|
|
"modified": "2017-04-25T10:07:48.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 10ce87f33381989373c519e2ff539f86c2a0a2a4cab0b791e82d4afece0367e6",
|
|
"pattern": "[file:hashes.MD5 = '7fe902d6f42089267ea7ae60d9a4df01']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1ff4-caa0-453d-a1fe-494602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:48.000Z",
|
|
"modified": "2017-04-25T10:07:48.000Z",
|
|
"first_observed": "2017-04-25T10:07:48Z",
|
|
"last_observed": "2017-04-25T10:07:48Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1ff4-caa0-453d-a1fe-494602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1ff4-caa0-453d-a1fe-494602de0b81",
|
|
"value": "https://www.virustotal.com/file/10ce87f33381989373c519e2ff539f86c2a0a2a4cab0b791e82d4afece0367e6/analysis/1493003653/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ff5-c350-40d1-bd62-41db02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:49.000Z",
|
|
"modified": "2017-04-25T10:07:49.000Z",
|
|
"description": "Word Doc - Xchecked via VT: ad022ea9c0bbc852806e87f8b1a2d4ffd683116876304613160e975f430bd992",
|
|
"pattern": "[file:hashes.SHA1 = 'f3bf8bd2310fa35e670a2406e950b4200a7c2f98']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ff5-7288-4c65-9107-4e2002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:49.000Z",
|
|
"modified": "2017-04-25T10:07:49.000Z",
|
|
"description": "Word Doc - Xchecked via VT: ad022ea9c0bbc852806e87f8b1a2d4ffd683116876304613160e975f430bd992",
|
|
"pattern": "[file:hashes.MD5 = 'e6a91808fb27dd0770ac0f9861786268']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1ff5-4634-4d00-a8a4-487502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:49.000Z",
|
|
"modified": "2017-04-25T10:07:49.000Z",
|
|
"first_observed": "2017-04-25T10:07:49Z",
|
|
"last_observed": "2017-04-25T10:07:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1ff5-4634-4d00-a8a4-487502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1ff5-4634-4d00-a8a4-487502de0b81",
|
|
"value": "https://www.virustotal.com/file/ad022ea9c0bbc852806e87f8b1a2d4ffd683116876304613160e975f430bd992/analysis/1493003410/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ff6-4060-4a48-bf48-4c5d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:50.000Z",
|
|
"modified": "2017-04-25T10:07:50.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 0af35bd7ffe0af328cff2cf39585b4b1b69d550c94f0b407e348085dda0b4284",
|
|
"pattern": "[file:hashes.SHA1 = '9308c46146d4a18cde13dba39a4cc97476113f55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ff6-e370-414b-bc85-4a6102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:50.000Z",
|
|
"modified": "2017-04-25T10:07:50.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 0af35bd7ffe0af328cff2cf39585b4b1b69d550c94f0b407e348085dda0b4284",
|
|
"pattern": "[file:hashes.MD5 = 'cb443f4ea2ee29508816419e6b5f2130']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1ff7-c94c-4b61-8bf0-4c8e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:51.000Z",
|
|
"modified": "2017-04-25T10:07:51.000Z",
|
|
"first_observed": "2017-04-25T10:07:51Z",
|
|
"last_observed": "2017-04-25T10:07:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1ff7-c94c-4b61-8bf0-4c8e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1ff7-c94c-4b61-8bf0-4c8e02de0b81",
|
|
"value": "https://www.virustotal.com/file/0af35bd7ffe0af328cff2cf39585b4b1b69d550c94f0b407e348085dda0b4284/analysis/1493003332/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ff7-a780-4cf8-8838-4f5502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:51.000Z",
|
|
"modified": "2017-04-25T10:07:51.000Z",
|
|
"description": "Word Doc - Xchecked via VT: aa09f65734b2b6972b47b8845aa8f59737ab5a6b5469d7a6e6fdbcf12629b287",
|
|
"pattern": "[file:hashes.SHA1 = '3d8f1005548cce106000651539433c8bd037ce36']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ff8-294c-4c29-aff6-4cae02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:52.000Z",
|
|
"modified": "2017-04-25T10:07:52.000Z",
|
|
"description": "Word Doc - Xchecked via VT: aa09f65734b2b6972b47b8845aa8f59737ab5a6b5469d7a6e6fdbcf12629b287",
|
|
"pattern": "[file:hashes.MD5 = '61b4baba41d5274dfc6bde6681930556']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1ff8-68ec-4af0-b56e-438102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:52.000Z",
|
|
"modified": "2017-04-25T10:07:52.000Z",
|
|
"first_observed": "2017-04-25T10:07:52Z",
|
|
"last_observed": "2017-04-25T10:07:52Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1ff8-68ec-4af0-b56e-438102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1ff8-68ec-4af0-b56e-438102de0b81",
|
|
"value": "https://www.virustotal.com/file/aa09f65734b2b6972b47b8845aa8f59737ab5a6b5469d7a6e6fdbcf12629b287/analysis/1493003298/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ff9-e818-4bdb-acc5-451302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:53.000Z",
|
|
"modified": "2017-04-25T10:07:53.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 04ea10db95049ec292e712803dc87c236cc3e3e7c2dd018e84d841f9060a15ef",
|
|
"pattern": "[file:hashes.SHA1 = '125e6f1bb8038535416bb6e91e7d37bc1e60a3a9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ff9-44a0-4428-ad20-40fa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:53.000Z",
|
|
"modified": "2017-04-25T10:07:53.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 04ea10db95049ec292e712803dc87c236cc3e3e7c2dd018e84d841f9060a15ef",
|
|
"pattern": "[file:hashes.MD5 = 'dbff8590fb5c07de14bc4f226183a720']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1ffa-7ce4-492a-b89c-4b4f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:54.000Z",
|
|
"modified": "2017-04-25T10:07:54.000Z",
|
|
"first_observed": "2017-04-25T10:07:54Z",
|
|
"last_observed": "2017-04-25T10:07:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1ffa-7ce4-492a-b89c-4b4f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1ffa-7ce4-492a-b89c-4b4f02de0b81",
|
|
"value": "https://www.virustotal.com/file/04ea10db95049ec292e712803dc87c236cc3e3e7c2dd018e84d841f9060a15ef/analysis/1493003266/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ffa-c148-4a75-919a-4b2d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:54.000Z",
|
|
"modified": "2017-04-25T10:07:54.000Z",
|
|
"description": "Word Doc - Xchecked via VT: a20ebaf8b9c14a2738795f0c38b48a712f3e9fd293a51c5475b15c959856139d",
|
|
"pattern": "[file:hashes.SHA1 = '10da3423485301c12a90b841e694e161170eb693']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ffb-5364-4610-beff-490002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:55.000Z",
|
|
"modified": "2017-04-25T10:07:55.000Z",
|
|
"description": "Word Doc - Xchecked via VT: a20ebaf8b9c14a2738795f0c38b48a712f3e9fd293a51c5475b15c959856139d",
|
|
"pattern": "[file:hashes.MD5 = 'a00b2f340b0ae064dc29ce0bad53a9f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1ffb-678c-407b-9a83-432702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:55.000Z",
|
|
"modified": "2017-04-25T10:07:55.000Z",
|
|
"first_observed": "2017-04-25T10:07:55Z",
|
|
"last_observed": "2017-04-25T10:07:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1ffb-678c-407b-9a83-432702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1ffb-678c-407b-9a83-432702de0b81",
|
|
"value": "https://www.virustotal.com/file/a20ebaf8b9c14a2738795f0c38b48a712f3e9fd293a51c5475b15c959856139d/analysis/1493003232/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ffc-2d08-4287-87c7-4b4602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:56.000Z",
|
|
"modified": "2017-04-25T10:07:56.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 026fa1191fcf895ce375ad8f8f2bda47aa8b1cb27e6be490399a1ad47d452b68",
|
|
"pattern": "[file:hashes.SHA1 = '12893670db1a209af2bd90e8acbee291120927f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ffc-2504-4b28-88a9-444e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:56.000Z",
|
|
"modified": "2017-04-25T10:07:56.000Z",
|
|
"description": "Word Doc - Xchecked via VT: 026fa1191fcf895ce375ad8f8f2bda47aa8b1cb27e6be490399a1ad47d452b68",
|
|
"pattern": "[file:hashes.MD5 = '5636bb8497a75a3fc676c9a0a0964c77']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1ffd-4854-467a-80be-4da402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:57.000Z",
|
|
"modified": "2017-04-25T10:07:57.000Z",
|
|
"first_observed": "2017-04-25T10:07:57Z",
|
|
"last_observed": "2017-04-25T10:07:57Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1ffd-4854-467a-80be-4da402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1ffd-4854-467a-80be-4da402de0b81",
|
|
"value": "https://www.virustotal.com/file/026fa1191fcf895ce375ad8f8f2bda47aa8b1cb27e6be490399a1ad47d452b68/analysis/1493003196/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ffd-a204-499f-bd02-4eb702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:57.000Z",
|
|
"modified": "2017-04-25T10:07:57.000Z",
|
|
"description": "pdf - Xchecked via VT: 32325761402e0b55dd9fe8b2718bc213491eea6f57bc354e358a6edcbe584dd1",
|
|
"pattern": "[file:hashes.SHA1 = 'b1efbc570c7933bf488ba88619a1baee14ee4189']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1ffe-a7f0-49da-974b-437f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:58.000Z",
|
|
"modified": "2017-04-25T10:07:58.000Z",
|
|
"description": "pdf - Xchecked via VT: 32325761402e0b55dd9fe8b2718bc213491eea6f57bc354e358a6edcbe584dd1",
|
|
"pattern": "[file:hashes.MD5 = '2d8a578171962f915cf884de26750dad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff1ffe-5f40-4934-a99f-45f502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:58.000Z",
|
|
"modified": "2017-04-25T10:07:58.000Z",
|
|
"first_observed": "2017-04-25T10:07:58Z",
|
|
"last_observed": "2017-04-25T10:07:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff1ffe-5f40-4934-a99f-45f502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff1ffe-5f40-4934-a99f-45f502de0b81",
|
|
"value": "https://www.virustotal.com/file/32325761402e0b55dd9fe8b2718bc213491eea6f57bc354e358a6edcbe584dd1/analysis/1493040740/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fff-1848-4f2f-a389-4b0d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:59.000Z",
|
|
"modified": "2017-04-25T10:07:59.000Z",
|
|
"description": "pdf - Xchecked via VT: 0559d32f6a20cdfa380eb1eb17fbc4aea9e39f3203f4b7818281e0fb117a6977",
|
|
"pattern": "[file:hashes.SHA1 = '64553e02274e20c163ee750032ac4d0bc64126c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff1fff-12fc-4d3e-af6f-480902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:07:59.000Z",
|
|
"modified": "2017-04-25T10:07:59.000Z",
|
|
"description": "pdf - Xchecked via VT: 0559d32f6a20cdfa380eb1eb17fbc4aea9e39f3203f4b7818281e0fb117a6977",
|
|
"pattern": "[file:hashes.MD5 = '762dc8692221a0dc4d58d204e119c13d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:07:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2000-6988-4272-998e-42cc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:00.000Z",
|
|
"modified": "2017-04-25T10:08:00.000Z",
|
|
"first_observed": "2017-04-25T10:08:00Z",
|
|
"last_observed": "2017-04-25T10:08:00Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2000-6988-4272-998e-42cc02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2000-6988-4272-998e-42cc02de0b81",
|
|
"value": "https://www.virustotal.com/file/0559d32f6a20cdfa380eb1eb17fbc4aea9e39f3203f4b7818281e0fb117a6977/analysis/1493036643/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2000-6a14-4740-a258-450702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:00.000Z",
|
|
"modified": "2017-04-25T10:08:00.000Z",
|
|
"description": "pdf - Xchecked via VT: 8e2cb05dbf3375e66488f387aaebe31c51c95fea135eadace186362629988a4c",
|
|
"pattern": "[file:hashes.SHA1 = '7283ae5c7eff58bd7efca8e495863f27d03b11a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2001-4a08-4631-b4f2-45ed02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:01.000Z",
|
|
"modified": "2017-04-25T10:08:01.000Z",
|
|
"description": "pdf - Xchecked via VT: 8e2cb05dbf3375e66488f387aaebe31c51c95fea135eadace186362629988a4c",
|
|
"pattern": "[file:hashes.MD5 = 'ce4c8cff777b001d85ddd2d7b03cb025']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2001-ee0c-4514-a2a9-4f1402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:01.000Z",
|
|
"modified": "2017-04-25T10:08:01.000Z",
|
|
"first_observed": "2017-04-25T10:08:01Z",
|
|
"last_observed": "2017-04-25T10:08:01Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2001-ee0c-4514-a2a9-4f1402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2001-ee0c-4514-a2a9-4f1402de0b81",
|
|
"value": "https://www.virustotal.com/file/8e2cb05dbf3375e66488f387aaebe31c51c95fea135eadace186362629988a4c/analysis/1493096703/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2002-70f4-4fb3-95d9-430702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:02.000Z",
|
|
"modified": "2017-04-25T10:08:02.000Z",
|
|
"description": "pdf - Xchecked via VT: cd0a031a65a10e8c549c29c1b5db87ad730c84ef9ba48041b3c4a723e56ee71f",
|
|
"pattern": "[file:hashes.SHA1 = '1a0ffddb956af7b2811a9dddcc3ee47dccfd5570']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2002-8988-4ca4-b9a6-400a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:02.000Z",
|
|
"modified": "2017-04-25T10:08:02.000Z",
|
|
"description": "pdf - Xchecked via VT: cd0a031a65a10e8c549c29c1b5db87ad730c84ef9ba48041b3c4a723e56ee71f",
|
|
"pattern": "[file:hashes.MD5 = 'fb50426fbf6e19ff5afe6ea249b107e7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2003-7364-402e-9a78-468902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:03.000Z",
|
|
"modified": "2017-04-25T10:08:03.000Z",
|
|
"first_observed": "2017-04-25T10:08:03Z",
|
|
"last_observed": "2017-04-25T10:08:03Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2003-7364-402e-9a78-468902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2003-7364-402e-9a78-468902de0b81",
|
|
"value": "https://www.virustotal.com/file/cd0a031a65a10e8c549c29c1b5db87ad730c84ef9ba48041b3c4a723e56ee71f/analysis/1492991481/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2003-ec04-4822-8349-468b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:03.000Z",
|
|
"modified": "2017-04-25T10:08:03.000Z",
|
|
"description": "pdf - Xchecked via VT: f1326f8c348b6a4eb0fe0c3fcdc27e8375fd0ea7ecca54d392de790f31a9d037",
|
|
"pattern": "[file:hashes.SHA1 = 'c6705bc46eefad714049d97660e0a892498a8acb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2004-1a80-43ab-8860-4fb502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:04.000Z",
|
|
"modified": "2017-04-25T10:08:04.000Z",
|
|
"description": "pdf - Xchecked via VT: f1326f8c348b6a4eb0fe0c3fcdc27e8375fd0ea7ecca54d392de790f31a9d037",
|
|
"pattern": "[file:hashes.MD5 = '460cf743495554437638729816725717']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2004-99b4-49e1-a6ba-479502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:04.000Z",
|
|
"modified": "2017-04-25T10:08:04.000Z",
|
|
"first_observed": "2017-04-25T10:08:04Z",
|
|
"last_observed": "2017-04-25T10:08:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2004-99b4-49e1-a6ba-479502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2004-99b4-49e1-a6ba-479502de0b81",
|
|
"value": "https://www.virustotal.com/file/f1326f8c348b6a4eb0fe0c3fcdc27e8375fd0ea7ecca54d392de790f31a9d037/analysis/1492998198/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2005-25e0-4413-be6b-4cc602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:05.000Z",
|
|
"modified": "2017-04-25T10:08:05.000Z",
|
|
"description": "pdf - Xchecked via VT: 2881600b108ece9a1df3e7659370e3ee79cf233e9723a9acd7985452c5915eb3",
|
|
"pattern": "[file:hashes.SHA1 = '5facf651d3adcce380e233f4db4ac5fd36972677']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2005-feb8-4341-b3c1-45d502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:05.000Z",
|
|
"modified": "2017-04-25T10:08:05.000Z",
|
|
"description": "pdf - Xchecked via VT: 2881600b108ece9a1df3e7659370e3ee79cf233e9723a9acd7985452c5915eb3",
|
|
"pattern": "[file:hashes.MD5 = '8a6a37c288cdfdd40efcbb8ad0595396']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2006-d59c-43c3-acae-4e0f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:06.000Z",
|
|
"modified": "2017-04-25T10:08:06.000Z",
|
|
"first_observed": "2017-04-25T10:08:06Z",
|
|
"last_observed": "2017-04-25T10:08:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2006-d59c-43c3-acae-4e0f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2006-d59c-43c3-acae-4e0f02de0b81",
|
|
"value": "https://www.virustotal.com/file/2881600b108ece9a1df3e7659370e3ee79cf233e9723a9acd7985452c5915eb3/analysis/1493028468/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2006-299c-489e-b251-45d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:06.000Z",
|
|
"modified": "2017-04-25T10:08:06.000Z",
|
|
"description": "pdf - Xchecked via VT: ff92433ae4ee90b3c6dd3cd5655302be345addd2a57bf143ee982e692ca7ca33",
|
|
"pattern": "[file:hashes.SHA1 = 'ab1b5df01eb60d2616fa3abc3128c269108d093d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2007-2244-435b-b7a9-4e6e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:07.000Z",
|
|
"modified": "2017-04-25T10:08:07.000Z",
|
|
"description": "pdf - Xchecked via VT: ff92433ae4ee90b3c6dd3cd5655302be345addd2a57bf143ee982e692ca7ca33",
|
|
"pattern": "[file:hashes.MD5 = 'cfcf635cb7494f6d9875809f1b9534a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2007-6e4c-4054-879a-457c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:07.000Z",
|
|
"modified": "2017-04-25T10:08:07.000Z",
|
|
"first_observed": "2017-04-25T10:08:07Z",
|
|
"last_observed": "2017-04-25T10:08:07Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2007-6e4c-4054-879a-457c02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2007-6e4c-4054-879a-457c02de0b81",
|
|
"value": "https://www.virustotal.com/file/ff92433ae4ee90b3c6dd3cd5655302be345addd2a57bf143ee982e692ca7ca33/analysis/1493096606/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2008-b870-43ea-ace8-4ab702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:08.000Z",
|
|
"modified": "2017-04-25T10:08:08.000Z",
|
|
"description": "pdf - Xchecked via VT: 5e9f7cae76f9888c732a77345326e442f56d94e8ed253eabb812fc2ba95e01ca",
|
|
"pattern": "[file:hashes.SHA1 = 'e1608f9be3c4cc38f41b88abc88304d674f6b644']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2008-8de4-4f63-8ed2-480202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:08.000Z",
|
|
"modified": "2017-04-25T10:08:08.000Z",
|
|
"description": "pdf - Xchecked via VT: 5e9f7cae76f9888c732a77345326e442f56d94e8ed253eabb812fc2ba95e01ca",
|
|
"pattern": "[file:hashes.MD5 = '8d1de7fa0a9288eb4d1524bf04e5b900']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2009-bd3c-42fa-a8eb-4c5102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:09.000Z",
|
|
"modified": "2017-04-25T10:08:09.000Z",
|
|
"first_observed": "2017-04-25T10:08:09Z",
|
|
"last_observed": "2017-04-25T10:08:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2009-bd3c-42fa-a8eb-4c5102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2009-bd3c-42fa-a8eb-4c5102de0b81",
|
|
"value": "https://www.virustotal.com/file/5e9f7cae76f9888c732a77345326e442f56d94e8ed253eabb812fc2ba95e01ca/analysis/1493019169/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff200a-2624-47ca-bd74-406302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:09.000Z",
|
|
"modified": "2017-04-25T10:08:09.000Z",
|
|
"description": "pdf - Xchecked via VT: 2592d4bf18d83d1b9f98176ce389d6ad5dcaa399f3a549fab15cad520cd24470",
|
|
"pattern": "[file:hashes.SHA1 = 'b839f43d0656b8403cd7aaffaa240f4bb98ac9cd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff200a-ae28-423e-95d0-4f6202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:10.000Z",
|
|
"modified": "2017-04-25T10:08:10.000Z",
|
|
"description": "pdf - Xchecked via VT: 2592d4bf18d83d1b9f98176ce389d6ad5dcaa399f3a549fab15cad520cd24470",
|
|
"pattern": "[file:hashes.MD5 = '118ca1cd12232701210b525539c4e326']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff200b-1f88-4f2c-85c4-45a602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:11.000Z",
|
|
"modified": "2017-04-25T10:08:11.000Z",
|
|
"first_observed": "2017-04-25T10:08:11Z",
|
|
"last_observed": "2017-04-25T10:08:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff200b-1f88-4f2c-85c4-45a602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff200b-1f88-4f2c-85c4-45a602de0b81",
|
|
"value": "https://www.virustotal.com/file/2592d4bf18d83d1b9f98176ce389d6ad5dcaa399f3a549fab15cad520cd24470/analysis/1493097083/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff200b-08a0-4c09-8744-410302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:11.000Z",
|
|
"modified": "2017-04-25T10:08:11.000Z",
|
|
"description": "pdf - Xchecked via VT: 63fc82ce40ea946749e7312517b103fad96e8da6a01c63e44be93cd196aae692",
|
|
"pattern": "[file:hashes.SHA1 = '73710d9536ef595a517f458a760fc01b37320441']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff200c-5934-4c74-aecb-4b5402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:12.000Z",
|
|
"modified": "2017-04-25T10:08:12.000Z",
|
|
"description": "pdf - Xchecked via VT: 63fc82ce40ea946749e7312517b103fad96e8da6a01c63e44be93cd196aae692",
|
|
"pattern": "[file:hashes.MD5 = 'a8a6816c2ec0b88b3db3506b3f0e5ba3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff200c-e008-4695-b091-449202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:12.000Z",
|
|
"modified": "2017-04-25T10:08:12.000Z",
|
|
"first_observed": "2017-04-25T10:08:12Z",
|
|
"last_observed": "2017-04-25T10:08:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff200c-e008-4695-b091-449202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff200c-e008-4695-b091-449202de0b81",
|
|
"value": "https://www.virustotal.com/file/63fc82ce40ea946749e7312517b103fad96e8da6a01c63e44be93cd196aae692/analysis/1493000591/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff200d-8fa4-4024-b2e0-485702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:13.000Z",
|
|
"modified": "2017-04-25T10:08:13.000Z",
|
|
"description": "pdf - Xchecked via VT: f08ab6e0fc6dbff270b2d42f4412375cef3d543b311923960ab432d35754a56e",
|
|
"pattern": "[file:hashes.SHA1 = '110f9bbebd9e412256a8e1119ea0eafd66e23d83']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff200d-a404-4231-9116-4c1802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:13.000Z",
|
|
"modified": "2017-04-25T10:08:13.000Z",
|
|
"description": "pdf - Xchecked via VT: f08ab6e0fc6dbff270b2d42f4412375cef3d543b311923960ab432d35754a56e",
|
|
"pattern": "[file:hashes.MD5 = 'e0fb7cae90302cfce57a1e0edd867bd9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff200e-c174-44d1-b042-497e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:14.000Z",
|
|
"modified": "2017-04-25T10:08:14.000Z",
|
|
"first_observed": "2017-04-25T10:08:14Z",
|
|
"last_observed": "2017-04-25T10:08:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff200e-c174-44d1-b042-497e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff200e-c174-44d1-b042-497e02de0b81",
|
|
"value": "https://www.virustotal.com/file/f08ab6e0fc6dbff270b2d42f4412375cef3d543b311923960ab432d35754a56e/analysis/1493089556/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff200e-0bc8-4250-9757-445702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:14.000Z",
|
|
"modified": "2017-04-25T10:08:14.000Z",
|
|
"description": "pdf - Xchecked via VT: 7a6052881573bb7d976a5bbf39e1a9221dea68193f27c142bb77534a5049e5b9",
|
|
"pattern": "[file:hashes.SHA1 = '4bec619bca46b468c8d0d442a721d02c4db89056']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff200f-bf6c-4849-a1b9-4b6a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:15.000Z",
|
|
"modified": "2017-04-25T10:08:15.000Z",
|
|
"description": "pdf - Xchecked via VT: 7a6052881573bb7d976a5bbf39e1a9221dea68193f27c142bb77534a5049e5b9",
|
|
"pattern": "[file:hashes.MD5 = 'f42269e90f646a4655face34bc059573']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff200f-e4d4-4e01-a31f-410f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:15.000Z",
|
|
"modified": "2017-04-25T10:08:15.000Z",
|
|
"first_observed": "2017-04-25T10:08:15Z",
|
|
"last_observed": "2017-04-25T10:08:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff200f-e4d4-4e01-a31f-410f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff200f-e4d4-4e01-a31f-410f02de0b81",
|
|
"value": "https://www.virustotal.com/file/7a6052881573bb7d976a5bbf39e1a9221dea68193f27c142bb77534a5049e5b9/analysis/1493023114/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2010-bd88-4a7a-8020-432702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:16.000Z",
|
|
"modified": "2017-04-25T10:08:16.000Z",
|
|
"description": "pdf - Xchecked via VT: 7e73b086c5d0d693483a57847aa738e8c3b65b45f8603b5980721795af4534dd",
|
|
"pattern": "[file:hashes.SHA1 = '8f0124147f5279e75edbc2d4439534c95db42580']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2010-e274-4e96-a476-4a6402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:16.000Z",
|
|
"modified": "2017-04-25T10:08:16.000Z",
|
|
"description": "pdf - Xchecked via VT: 7e73b086c5d0d693483a57847aa738e8c3b65b45f8603b5980721795af4534dd",
|
|
"pattern": "[file:hashes.MD5 = 'e8fcd132642e36c83633d3fff2692373']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2011-ab44-40ed-8e43-4d8f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:17.000Z",
|
|
"modified": "2017-04-25T10:08:17.000Z",
|
|
"first_observed": "2017-04-25T10:08:17Z",
|
|
"last_observed": "2017-04-25T10:08:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2011-ab44-40ed-8e43-4d8f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2011-ab44-40ed-8e43-4d8f02de0b81",
|
|
"value": "https://www.virustotal.com/file/7e73b086c5d0d693483a57847aa738e8c3b65b45f8603b5980721795af4534dd/analysis/1493066925/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2011-6870-49f3-b722-4f8b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:17.000Z",
|
|
"modified": "2017-04-25T10:08:17.000Z",
|
|
"description": "pdf - Xchecked via VT: eb9c6616204c358aa06ebb181cfcf8220216a9531b05006e8ed5dd714f3574da",
|
|
"pattern": "[file:hashes.SHA1 = '992978733532d41d103196eadf5086766bbee6be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2012-9ddc-45f9-9a48-4ab502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:18.000Z",
|
|
"modified": "2017-04-25T10:08:18.000Z",
|
|
"description": "pdf - Xchecked via VT: eb9c6616204c358aa06ebb181cfcf8220216a9531b05006e8ed5dd714f3574da",
|
|
"pattern": "[file:hashes.MD5 = '23bb812ec0007689489311c9ab2f9156']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2012-450c-47bc-8d83-4b1902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:18.000Z",
|
|
"modified": "2017-04-25T10:08:18.000Z",
|
|
"first_observed": "2017-04-25T10:08:18Z",
|
|
"last_observed": "2017-04-25T10:08:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2012-450c-47bc-8d83-4b1902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2012-450c-47bc-8d83-4b1902de0b81",
|
|
"value": "https://www.virustotal.com/file/eb9c6616204c358aa06ebb181cfcf8220216a9531b05006e8ed5dd714f3574da/analysis/1492998664/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2013-db1c-4ad3-86ff-4bb702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:19.000Z",
|
|
"modified": "2017-04-25T10:08:19.000Z",
|
|
"description": "pdf - Xchecked via VT: 06d42acee69178a161b7317c87515e4bdab647976985a1d172411b799ffbac32",
|
|
"pattern": "[file:hashes.SHA1 = 'ec3aef7af2cba10a561cc6cbb1c80367f71d0c74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2013-ce08-424e-a1e4-43cb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:19.000Z",
|
|
"modified": "2017-04-25T10:08:19.000Z",
|
|
"description": "pdf - Xchecked via VT: 06d42acee69178a161b7317c87515e4bdab647976985a1d172411b799ffbac32",
|
|
"pattern": "[file:hashes.MD5 = 'ca85400235c4b66613bbcd5558f60a22']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2014-9ec8-4a89-82b0-4f1902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:20.000Z",
|
|
"modified": "2017-04-25T10:08:20.000Z",
|
|
"first_observed": "2017-04-25T10:08:20Z",
|
|
"last_observed": "2017-04-25T10:08:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2014-9ec8-4a89-82b0-4f1902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2014-9ec8-4a89-82b0-4f1902de0b81",
|
|
"value": "https://www.virustotal.com/file/06d42acee69178a161b7317c87515e4bdab647976985a1d172411b799ffbac32/analysis/1493013487/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2014-d0d0-4692-8011-46d102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:20.000Z",
|
|
"modified": "2017-04-25T10:08:20.000Z",
|
|
"description": "pdf - Xchecked via VT: a0b01d5f3f41b49e07be198408910084912cc5db030aa4d0449a8bd2677596b3",
|
|
"pattern": "[file:hashes.SHA1 = '05c2c700e581daef85711ae5190aa8695c4db1c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2015-6638-4069-adb6-448302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:21.000Z",
|
|
"modified": "2017-04-25T10:08:21.000Z",
|
|
"description": "pdf - Xchecked via VT: a0b01d5f3f41b49e07be198408910084912cc5db030aa4d0449a8bd2677596b3",
|
|
"pattern": "[file:hashes.MD5 = 'dd75534814272ccf42a594e5b58d3e9d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2015-2194-407d-9eea-450a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:21.000Z",
|
|
"modified": "2017-04-25T10:08:21.000Z",
|
|
"first_observed": "2017-04-25T10:08:21Z",
|
|
"last_observed": "2017-04-25T10:08:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2015-2194-407d-9eea-450a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2015-2194-407d-9eea-450a02de0b81",
|
|
"value": "https://www.virustotal.com/file/a0b01d5f3f41b49e07be198408910084912cc5db030aa4d0449a8bd2677596b3/analysis/1493000592/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2016-8320-4d40-93ae-4ddb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:22.000Z",
|
|
"modified": "2017-04-25T10:08:22.000Z",
|
|
"description": "pdf - Xchecked via VT: e4426738a8ed366f2773aa3ac9374dae6f3ad41759dd3227a8d025fac2af9b49",
|
|
"pattern": "[file:hashes.SHA1 = 'edf9adaa11fbc9071f7cf6c3225e32bdb3d8e7e6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2016-41b4-427d-b2d5-40f002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:22.000Z",
|
|
"modified": "2017-04-25T10:08:22.000Z",
|
|
"description": "pdf - Xchecked via VT: e4426738a8ed366f2773aa3ac9374dae6f3ad41759dd3227a8d025fac2af9b49",
|
|
"pattern": "[file:hashes.MD5 = 'fe90a667c0c427c3dd8425357141a185']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2017-ee18-44bf-9841-452d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:23.000Z",
|
|
"modified": "2017-04-25T10:08:23.000Z",
|
|
"first_observed": "2017-04-25T10:08:23Z",
|
|
"last_observed": "2017-04-25T10:08:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2017-ee18-44bf-9841-452d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2017-ee18-44bf-9841-452d02de0b81",
|
|
"value": "https://www.virustotal.com/file/e4426738a8ed366f2773aa3ac9374dae6f3ad41759dd3227a8d025fac2af9b49/analysis/1493033658/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2017-b6e8-49c1-acc1-48eb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:23.000Z",
|
|
"modified": "2017-04-25T10:08:23.000Z",
|
|
"description": "pdf - Xchecked via VT: 1fc5a5831c2d880fc5e32db55adef8ad1e0f68b8e245ccaf1a3ee78f83a7da27",
|
|
"pattern": "[file:hashes.SHA1 = 'a01702767f610cf28dc64d623877579f8c4be29b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2018-ff44-4774-84ce-40b502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:24.000Z",
|
|
"modified": "2017-04-25T10:08:24.000Z",
|
|
"description": "pdf - Xchecked via VT: 1fc5a5831c2d880fc5e32db55adef8ad1e0f68b8e245ccaf1a3ee78f83a7da27",
|
|
"pattern": "[file:hashes.MD5 = 'b07b4af1d20c383573f0f9561263a6d2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2018-f084-41a3-a797-466902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:24.000Z",
|
|
"modified": "2017-04-25T10:08:24.000Z",
|
|
"first_observed": "2017-04-25T10:08:24Z",
|
|
"last_observed": "2017-04-25T10:08:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2018-f084-41a3-a797-466902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2018-f084-41a3-a797-466902de0b81",
|
|
"value": "https://www.virustotal.com/file/1fc5a5831c2d880fc5e32db55adef8ad1e0f68b8e245ccaf1a3ee78f83a7da27/analysis/1493032209/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2019-6b84-4438-8383-432102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:25.000Z",
|
|
"modified": "2017-04-25T10:08:25.000Z",
|
|
"description": "pdf - Xchecked via VT: 69ac4202505b603b490e5f2ca4e310af57a16c6c3f9a2efa928ab0d0faf7ae6b",
|
|
"pattern": "[file:hashes.SHA1 = 'b8d087bdd5bd5ec4d84872ac1b13e4aeea6fa76b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2019-65b8-46b9-8866-43b602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:25.000Z",
|
|
"modified": "2017-04-25T10:08:25.000Z",
|
|
"description": "pdf - Xchecked via VT: 69ac4202505b603b490e5f2ca4e310af57a16c6c3f9a2efa928ab0d0faf7ae6b",
|
|
"pattern": "[file:hashes.MD5 = '5170f30d05bfe860f88640792b507b6a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff201a-63d8-42fb-adf5-421102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:26.000Z",
|
|
"modified": "2017-04-25T10:08:26.000Z",
|
|
"first_observed": "2017-04-25T10:08:26Z",
|
|
"last_observed": "2017-04-25T10:08:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff201a-63d8-42fb-adf5-421102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff201a-63d8-42fb-adf5-421102de0b81",
|
|
"value": "https://www.virustotal.com/file/69ac4202505b603b490e5f2ca4e310af57a16c6c3f9a2efa928ab0d0faf7ae6b/analysis/1493056783/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff201a-853c-4ea9-8a11-489b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:26.000Z",
|
|
"modified": "2017-04-25T10:08:26.000Z",
|
|
"description": "pdf - Xchecked via VT: 7e69993bfe292a72f8377d47059741f2b9ef2df1c93b2a0457ed8c1acf986e70",
|
|
"pattern": "[file:hashes.SHA1 = 'a60351a9e71d29c6f83497789a2bdab14c920b59']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff201b-46e0-4b35-8b2f-40ff02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:27.000Z",
|
|
"modified": "2017-04-25T10:08:27.000Z",
|
|
"description": "pdf - Xchecked via VT: 7e69993bfe292a72f8377d47059741f2b9ef2df1c93b2a0457ed8c1acf986e70",
|
|
"pattern": "[file:hashes.MD5 = '481aa622ceecad71d266b46dbcda9691']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff201b-b044-4442-8250-40d502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:27.000Z",
|
|
"modified": "2017-04-25T10:08:27.000Z",
|
|
"first_observed": "2017-04-25T10:08:27Z",
|
|
"last_observed": "2017-04-25T10:08:27Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff201b-b044-4442-8250-40d502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff201b-b044-4442-8250-40d502de0b81",
|
|
"value": "https://www.virustotal.com/file/7e69993bfe292a72f8377d47059741f2b9ef2df1c93b2a0457ed8c1acf986e70/analysis/1492995276/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff201c-4e4c-4416-aed5-49fb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:28.000Z",
|
|
"modified": "2017-04-25T10:08:28.000Z",
|
|
"description": "pdf - Xchecked via VT: 1b025b5f24d42eed4eabaff15cee80fff3484d4205be2611f8dce5d4dce9020c",
|
|
"pattern": "[file:hashes.SHA1 = 'f9f2d6e6c96bc8cbabfc1d93c3f25eebf817d09a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff201c-d2a0-4c86-a406-4af602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:28.000Z",
|
|
"modified": "2017-04-25T10:08:28.000Z",
|
|
"description": "pdf - Xchecked via VT: 1b025b5f24d42eed4eabaff15cee80fff3484d4205be2611f8dce5d4dce9020c",
|
|
"pattern": "[file:hashes.MD5 = '92d98198b42370888a249594145fd931']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff201d-4f5c-45bf-b016-4b2f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:29.000Z",
|
|
"modified": "2017-04-25T10:08:29.000Z",
|
|
"first_observed": "2017-04-25T10:08:29Z",
|
|
"last_observed": "2017-04-25T10:08:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff201d-4f5c-45bf-b016-4b2f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff201d-4f5c-45bf-b016-4b2f02de0b81",
|
|
"value": "https://www.virustotal.com/file/1b025b5f24d42eed4eabaff15cee80fff3484d4205be2611f8dce5d4dce9020c/analysis/1493011850/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff201d-8520-407f-ab15-4b6602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:29.000Z",
|
|
"modified": "2017-04-25T10:08:29.000Z",
|
|
"description": "pdf - Xchecked via VT: 32324fe312aba53c25a512eb81f7fe6ab7b2a44417a0cd0983c6f19cd29d5b26",
|
|
"pattern": "[file:hashes.SHA1 = 'f0148c6557714a2f9b7e039bd31193f4a0ed5d6b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff201e-f66c-483e-a3a9-4e6802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:30.000Z",
|
|
"modified": "2017-04-25T10:08:30.000Z",
|
|
"description": "pdf - Xchecked via VT: 32324fe312aba53c25a512eb81f7fe6ab7b2a44417a0cd0983c6f19cd29d5b26",
|
|
"pattern": "[file:hashes.MD5 = '58efafeda770e4fa69ed77f75ff7cf16']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff201e-7b88-4f42-85d5-428d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:30.000Z",
|
|
"modified": "2017-04-25T10:08:30.000Z",
|
|
"first_observed": "2017-04-25T10:08:30Z",
|
|
"last_observed": "2017-04-25T10:08:30Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff201e-7b88-4f42-85d5-428d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff201e-7b88-4f42-85d5-428d02de0b81",
|
|
"value": "https://www.virustotal.com/file/32324fe312aba53c25a512eb81f7fe6ab7b2a44417a0cd0983c6f19cd29d5b26/analysis/1493100717/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff201f-8aa4-436f-8b05-41e402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:31.000Z",
|
|
"modified": "2017-04-25T10:08:31.000Z",
|
|
"description": "pdf - Xchecked via VT: 1b15c90d67e4b7522ca61e21133b155eb7f1cf32328a030784dc2d95ee7d10ad",
|
|
"pattern": "[file:hashes.SHA1 = 'c43f00e9ebe4caa50dfafae2717cf8dda8ffb333']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff201f-4784-4a95-b28e-4c1f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:31.000Z",
|
|
"modified": "2017-04-25T10:08:31.000Z",
|
|
"description": "pdf - Xchecked via VT: 1b15c90d67e4b7522ca61e21133b155eb7f1cf32328a030784dc2d95ee7d10ad",
|
|
"pattern": "[file:hashes.MD5 = '80b94d5bd8422e2a3c9edbcdbede7589']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2020-8754-479c-bf6c-4bfa02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:32.000Z",
|
|
"modified": "2017-04-25T10:08:32.000Z",
|
|
"first_observed": "2017-04-25T10:08:32Z",
|
|
"last_observed": "2017-04-25T10:08:32Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2020-8754-479c-bf6c-4bfa02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2020-8754-479c-bf6c-4bfa02de0b81",
|
|
"value": "https://www.virustotal.com/file/1b15c90d67e4b7522ca61e21133b155eb7f1cf32328a030784dc2d95ee7d10ad/analysis/1492996629/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2020-a684-4020-9f32-47b702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:32.000Z",
|
|
"modified": "2017-04-25T10:08:32.000Z",
|
|
"description": "pdf - Xchecked via VT: 9008ee571b139496190f4e54d155300a1c875a8fb9096cfa27809e4e71955176",
|
|
"pattern": "[file:hashes.SHA1 = '81c0f7b4bcc838537653e4a14095d24d678778be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2020-4390-4a6a-8907-4d3e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:32.000Z",
|
|
"modified": "2017-04-25T10:08:32.000Z",
|
|
"description": "pdf - Xchecked via VT: 9008ee571b139496190f4e54d155300a1c875a8fb9096cfa27809e4e71955176",
|
|
"pattern": "[file:hashes.MD5 = '6d5c4e187e24621f257841c7089519c3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2021-c7d0-464a-91d2-468102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:33.000Z",
|
|
"modified": "2017-04-25T10:08:33.000Z",
|
|
"first_observed": "2017-04-25T10:08:33Z",
|
|
"last_observed": "2017-04-25T10:08:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2021-c7d0-464a-91d2-468102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2021-c7d0-464a-91d2-468102de0b81",
|
|
"value": "https://www.virustotal.com/file/9008ee571b139496190f4e54d155300a1c875a8fb9096cfa27809e4e71955176/analysis/1493018011/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2021-9468-42ff-bb3a-47c202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:33.000Z",
|
|
"modified": "2017-04-25T10:08:33.000Z",
|
|
"description": "pdf - Xchecked via VT: 65e5a0956b7e83e484b0fce962e08f1d75aefb0232d1521c97e186a746aabd2f",
|
|
"pattern": "[file:hashes.SHA1 = '7953bc5df925681610e34deb5029b802b73a75d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2022-7e98-4604-9aff-486e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:34.000Z",
|
|
"modified": "2017-04-25T10:08:34.000Z",
|
|
"description": "pdf - Xchecked via VT: 65e5a0956b7e83e484b0fce962e08f1d75aefb0232d1521c97e186a746aabd2f",
|
|
"pattern": "[file:hashes.MD5 = 'c7b733ab8efbb92a9c23bc649b1a6d2f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2022-0a24-46f2-905d-474a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:34.000Z",
|
|
"modified": "2017-04-25T10:08:34.000Z",
|
|
"first_observed": "2017-04-25T10:08:34Z",
|
|
"last_observed": "2017-04-25T10:08:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2022-0a24-46f2-905d-474a02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2022-0a24-46f2-905d-474a02de0b81",
|
|
"value": "https://www.virustotal.com/file/65e5a0956b7e83e484b0fce962e08f1d75aefb0232d1521c97e186a746aabd2f/analysis/1493000584/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2023-41b0-4bd1-80ef-4d5b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:35.000Z",
|
|
"modified": "2017-04-25T10:08:35.000Z",
|
|
"description": "pdf - Xchecked via VT: 6eaeb3aa26dcce83342eb2ed055c623ae43c629eccd7f1d31c0380029ed9741d",
|
|
"pattern": "[file:hashes.SHA1 = '6698658e8232284db00fd01e1a93f325539c118c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2023-32cc-4d66-9bdc-4eb002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:35.000Z",
|
|
"modified": "2017-04-25T10:08:35.000Z",
|
|
"description": "pdf - Xchecked via VT: 6eaeb3aa26dcce83342eb2ed055c623ae43c629eccd7f1d31c0380029ed9741d",
|
|
"pattern": "[file:hashes.MD5 = '0a098a40ed25808f97be99c206c922f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2024-80d8-4b8e-9823-440802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:36.000Z",
|
|
"modified": "2017-04-25T10:08:36.000Z",
|
|
"first_observed": "2017-04-25T10:08:36Z",
|
|
"last_observed": "2017-04-25T10:08:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2024-80d8-4b8e-9823-440802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2024-80d8-4b8e-9823-440802de0b81",
|
|
"value": "https://www.virustotal.com/file/6eaeb3aa26dcce83342eb2ed055c623ae43c629eccd7f1d31c0380029ed9741d/analysis/1493048381/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2024-b5e0-4d58-b863-430302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:36.000Z",
|
|
"modified": "2017-04-25T10:08:36.000Z",
|
|
"description": "pdf - Xchecked via VT: 3ccef773a5527c7128987bb8d359726f0b3d4d84dd6526c1b3aa76fd98b68539",
|
|
"pattern": "[file:hashes.SHA1 = '45a1b5356f0e843fa8adb8b657d943387c49f619']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2025-6980-44ba-ba85-403702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:37.000Z",
|
|
"modified": "2017-04-25T10:08:37.000Z",
|
|
"description": "pdf - Xchecked via VT: 3ccef773a5527c7128987bb8d359726f0b3d4d84dd6526c1b3aa76fd98b68539",
|
|
"pattern": "[file:hashes.MD5 = 'e5a07c21229452a551d26cb48f14f740']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2025-f170-4d3f-b813-42f102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:37.000Z",
|
|
"modified": "2017-04-25T10:08:37.000Z",
|
|
"first_observed": "2017-04-25T10:08:37Z",
|
|
"last_observed": "2017-04-25T10:08:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2025-f170-4d3f-b813-42f102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2025-f170-4d3f-b813-42f102de0b81",
|
|
"value": "https://www.virustotal.com/file/3ccef773a5527c7128987bb8d359726f0b3d4d84dd6526c1b3aa76fd98b68539/analysis/1493022344/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2026-34a0-4280-bbc1-412902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:38.000Z",
|
|
"modified": "2017-04-25T10:08:38.000Z",
|
|
"description": "pdf - Xchecked via VT: 1705d38d2ea80177963d67fd18e836326d70a239378d6b9c74d445c5e0b423d6",
|
|
"pattern": "[file:hashes.SHA1 = '07e5d76c2824bc8d545a3c528d3c61f1423e331f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2026-04e0-4499-98dc-453902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:38.000Z",
|
|
"modified": "2017-04-25T10:08:38.000Z",
|
|
"description": "pdf - Xchecked via VT: 1705d38d2ea80177963d67fd18e836326d70a239378d6b9c74d445c5e0b423d6",
|
|
"pattern": "[file:hashes.MD5 = 'f866dba22b08cb697aa692d695aba70e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2027-1ee4-454a-b6f0-4eda02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:39.000Z",
|
|
"modified": "2017-04-25T10:08:39.000Z",
|
|
"first_observed": "2017-04-25T10:08:39Z",
|
|
"last_observed": "2017-04-25T10:08:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2027-1ee4-454a-b6f0-4eda02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2027-1ee4-454a-b6f0-4eda02de0b81",
|
|
"value": "https://www.virustotal.com/file/1705d38d2ea80177963d67fd18e836326d70a239378d6b9c74d445c5e0b423d6/analysis/1493028466/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2027-faac-4e07-9283-46e602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:39.000Z",
|
|
"modified": "2017-04-25T10:08:39.000Z",
|
|
"description": "pdf - Xchecked via VT: 8476cf9307933499771186dfe4c397905ea2a320c488b357ba0148f862b9532e",
|
|
"pattern": "[file:hashes.SHA1 = '2ec43716f9ce60a2f95e3d8883af2af15defd58d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2027-d780-4e3b-ab1b-444602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:39.000Z",
|
|
"modified": "2017-04-25T10:08:39.000Z",
|
|
"description": "pdf - Xchecked via VT: 8476cf9307933499771186dfe4c397905ea2a320c488b357ba0148f862b9532e",
|
|
"pattern": "[file:hashes.MD5 = 'e5a2d6bafa9f435aa6c912df53eef6b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2028-dbc4-4f80-b52f-4a4f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:40.000Z",
|
|
"modified": "2017-04-25T10:08:40.000Z",
|
|
"first_observed": "2017-04-25T10:08:40Z",
|
|
"last_observed": "2017-04-25T10:08:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2028-dbc4-4f80-b52f-4a4f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2028-dbc4-4f80-b52f-4a4f02de0b81",
|
|
"value": "https://www.virustotal.com/file/8476cf9307933499771186dfe4c397905ea2a320c488b357ba0148f862b9532e/analysis/1493001823/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2028-96d0-434c-9d0f-496e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:40.000Z",
|
|
"modified": "2017-04-25T10:08:40.000Z",
|
|
"description": "pdf - Xchecked via VT: d6aa22aee572dd90161ba793b8afba27dbf50df4d23b2921d131626671e8d966",
|
|
"pattern": "[file:hashes.SHA1 = 'c38c1fcbadc75e04f98c64153591369dac054e65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff2029-ce80-420b-8db8-451002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:41.000Z",
|
|
"modified": "2017-04-25T10:08:41.000Z",
|
|
"description": "pdf - Xchecked via VT: d6aa22aee572dd90161ba793b8afba27dbf50df4d23b2921d131626671e8d966",
|
|
"pattern": "[file:hashes.MD5 = 'd395b90ee6e44f4da4ea48affec55bdd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff2029-9904-4bf6-8932-4e4f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:41.000Z",
|
|
"modified": "2017-04-25T10:08:41.000Z",
|
|
"first_observed": "2017-04-25T10:08:41Z",
|
|
"last_observed": "2017-04-25T10:08:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff2029-9904-4bf6-8932-4e4f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff2029-9904-4bf6-8932-4e4f02de0b81",
|
|
"value": "https://www.virustotal.com/file/d6aa22aee572dd90161ba793b8afba27dbf50df4d23b2921d131626671e8d966/analysis/1493027135/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff202a-bc8c-49c5-a86f-441d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:42.000Z",
|
|
"modified": "2017-04-25T10:08:42.000Z",
|
|
"description": "pdf - Xchecked via VT: 44687edc7169d919ef0891e41487ddefa30d93744d6a9e3ecabb5d6f8d88c039",
|
|
"pattern": "[file:hashes.SHA1 = 'b8825c5879a42bfd839f59bb97e9d06e78fc91d2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff202a-3cec-4701-a773-46ba02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:42.000Z",
|
|
"modified": "2017-04-25T10:08:42.000Z",
|
|
"description": "pdf - Xchecked via VT: 44687edc7169d919ef0891e41487ddefa30d93744d6a9e3ecabb5d6f8d88c039",
|
|
"pattern": "[file:hashes.MD5 = 'f748c451d5d483af341e963ed576eebb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff202b-8fd8-459a-a5f4-457902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:43.000Z",
|
|
"modified": "2017-04-25T10:08:43.000Z",
|
|
"first_observed": "2017-04-25T10:08:43Z",
|
|
"last_observed": "2017-04-25T10:08:43Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff202b-8fd8-459a-a5f4-457902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff202b-8fd8-459a-a5f4-457902de0b81",
|
|
"value": "https://www.virustotal.com/file/44687edc7169d919ef0891e41487ddefa30d93744d6a9e3ecabb5d6f8d88c039/analysis/1493039222/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff202b-1b60-4988-90ef-418202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:43.000Z",
|
|
"modified": "2017-04-25T10:08:43.000Z",
|
|
"description": "pdf - Xchecked via VT: ca5c4d2bb3c6c035bb0137504b17ccec31deb366757440feb832b7e0d270b487",
|
|
"pattern": "[file:hashes.SHA1 = '6ee47fa147ccc5a40e0ba323496b6b936c6306e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff202b-6fac-487b-bdaa-400a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:43.000Z",
|
|
"modified": "2017-04-25T10:08:43.000Z",
|
|
"description": "pdf - Xchecked via VT: ca5c4d2bb3c6c035bb0137504b17ccec31deb366757440feb832b7e0d270b487",
|
|
"pattern": "[file:hashes.MD5 = 'd12d9fce2598e1cf86402ef57d7a4287']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff202c-5f94-4888-8225-432002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:44.000Z",
|
|
"modified": "2017-04-25T10:08:44.000Z",
|
|
"first_observed": "2017-04-25T10:08:44Z",
|
|
"last_observed": "2017-04-25T10:08:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff202c-5f94-4888-8225-432002de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff202c-5f94-4888-8225-432002de0b81",
|
|
"value": "https://www.virustotal.com/file/ca5c4d2bb3c6c035bb0137504b17ccec31deb366757440feb832b7e0d270b487/analysis/1493018584/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff202d-a2d4-46f9-8091-486302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:45.000Z",
|
|
"modified": "2017-04-25T10:08:45.000Z",
|
|
"description": "pdf - Xchecked via VT: ffebb94676c767fb2cbd86453e3127f7abf459c428f2d80228f2cd7e1b55fff3",
|
|
"pattern": "[file:hashes.SHA1 = 'd8c11d2590f2ae7fe95a1a94c6e8feeaa2d14984']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58ff202d-4d20-4fcb-8d9c-4b8302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:45.000Z",
|
|
"modified": "2017-04-25T10:08:45.000Z",
|
|
"description": "pdf - Xchecked via VT: ffebb94676c767fb2cbd86453e3127f7abf459c428f2d80228f2cd7e1b55fff3",
|
|
"pattern": "[file:hashes.MD5 = '842e9f5cd8e660f74019aefdf1e1b6d2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-04-25T10:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58ff202d-8414-43b2-a574-4b2c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-04-25T10:08:45.000Z",
|
|
"modified": "2017-04-25T10:08:45.000Z",
|
|
"first_observed": "2017-04-25T10:08:45Z",
|
|
"last_observed": "2017-04-25T10:08:45Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58ff202d-8414-43b2-a574-4b2c02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58ff202d-8414-43b2-a574-4b2c02de0b81",
|
|
"value": "https://www.virustotal.com/file/ffebb94676c767fb2cbd86453e3127f7abf459c428f2d80228f2cd7e1b55fff3/analysis/1493040232/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |