valitydev/APT_CyberCriminal_Campagin_Collections
14
0
Fork 0
mirror of https://github.com/valitydev/APT_CyberCriminal_Campagin_Collections.git synced 2024-11-06 08:45:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix readme

Browse Source
This commit is contained in:
CyberMonitor 2018-01-10 14:17:42 +08:00
parent 6c4f8b2d99
commit b98d47a6eb
92 changed files with 3643 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
2016/2016.03.08.OnionDog/APT-C-03-en.pdf Normal file
View File

Binary file not shown.

0
2016/2016.03.08.OnionDog/Operation_OnionDog.pdf → 2016/2016.03.08.OnionDog/[CN]Operation_OnionDog.pdf
View File

4
2016/2016.07.07.UNVEILING_PATCHWORK/Campaign/README.md Normal file
View File

@ -0,0 +1,4 @@
# Campaign files
cmpn files are Json formatted campaigns that can be imported into Cymmetria's MazeRunner.
In order for this campaign to function fully on your copy of MazerRunner please change the Decoys network configuration after importing the campaign.

1
2016/2016.07.07.UNVEILING_PATCHWORK/Campaign/patchwork.cmpn Executable file
View File

File diff suppressed because one or more lines are too long

0
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs.csv → 2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/IOCs.csv
View File

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/13_Five_Year_Plan_2016-20-1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-fe5f8294-d28e-48fd-b160-065a4499e1a5" version="1.2">
<stix:STIX_Header>
<stix:Description>13_Five_Year_Plan_2016-20-1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-cecd7030-6ed6-4e6b-987d-bb02052a4553" timestamp="2016-07-14T09:44:00.696649+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>13_Five_Year_Plan_2016-20-1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-3fb48b80-d726-4cdf-8123-d318bcc127a4">
<cybox:Object id="Cymmetria:File-8a61f508-f027-4668-baaf-0f39c6bd6ea8">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>d44793b9584c9ca8a982a05bb6cfc06599e081c411f35f163fbd7eacad5eb584</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.696839+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/7zip.exe.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-67fe2c62-5035-4d33-88c6-2394c83f18e6" version="1.2">
<stix:STIX_Header>
<stix:Description>7zip.exe hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-f415e197-d378-4f75-9893-ce89c05bc0cc" timestamp="2016-07-14T09:44:00.686062+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>7zip.exe hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-33d9558a-ed68-4afc-a92a-da0342802952">
<cybox:Object id="Cymmetria:File-97724d18-5886-41cc-8e8b-7e4a455bfb7a">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>9dae4a24095b9a3870579a63c94c73fe8de205c70d95dfdb0dc9c87709215953</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.686258+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/CHINA'S_PUZZLING_DEFENSE_AGREEMENT_WITH_AUSTRALIA_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-d30ec0a1-f212-4d4d-b526-854e4b3532dc" version="1.2">
<stix:STIX_Header>
<stix:Description>CHINA'S_PUZZLING_DEFENSE_AGREEMENT_WITH_AUSTRALIA_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-901518c5-1a9d-43fc-9c9d-e109dc7ce175" timestamp="2016-07-14T09:44:00.730631+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>CHINA'S_PUZZLING_DEFENSE_AGREEMENT_WITH_AUSTRALIA_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-603d7538-dca9-4ba1-80f3-6ffb332f6b69">
<cybox:Object id="Cymmetria:File-e5001ac1-6f42-420c-b664-60222b2132aa">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>8cb2f737dd535f76e420fdcd747e5c943868c10b8f895722a298b83f331d728e</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.730832+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/CHINA'S_PUZZLING_DEFENSE_AGREEMENT_WITH_AUSTRALIA_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-106ecac9-a3e0-4af5-baed-19e0d5fe0365" version="1.2">
<stix:STIX_Header>
<stix:Description>CHINA'S_PUZZLING_DEFENSE_AGREEMENT_WITH_AUSTRALIA_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-3a788682-eab3-4a5a-be60-b48680fdae0c" timestamp="2016-07-14T09:44:00.732831+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>CHINA'S_PUZZLING_DEFENSE_AGREEMENT_WITH_AUSTRALIA_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-50dd7356-f244-42db-a810-5ce52346d3d8">
<cybox:Object id="Cymmetria:File-8d4a21f5-d5ee-40d2-80c5-783d64b0a5b4">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>70d368e2a8bc7e5d0673dabe6d5897062dbc51103227a9e4efd38a09ee8a2042</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.733036+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/CHINA_FEAR_US_3.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-9935b907-6361-42db-9cb9-cf8fd9205718" version="1.2">
<stix:STIX_Header>
<stix:Description>CHINA_FEAR_US_3.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-46256a4d-eaec-4426-abd0-dc8e5327cdce" timestamp="2016-07-14T09:44:00.713730+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>CHINA_FEAR_US_3.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-91688da0-0b1f-4e74-b0ad-7ea0bb829dbb">
<cybox:Object id="Cymmetria:File-b079c6f9-f27d-4931-b823-7f103953b96f">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>905fe9820538943a4ad32499f9dad3eae6ff7677882ff2a39ef98a0147ae3dd1</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.713919+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/CHINA_FEAR_US_6.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-96bce85e-fab9-4b49-8f1d-e7b12584abe4" version="1.2">
<stix:STIX_Header>
<stix:Description>CHINA_FEAR_US_6.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-b6a415bd-8131-4384-998b-98fb66b91c76" timestamp="2016-07-14T09:44:00.715795+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>CHINA_FEAR_US_6.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-80fc9f52-e959-4ea0-9f62-e3c5fc381dab">
<cybox:Object id="Cymmetria:File-be7defe6-534f-4462-b8ab-8024f5ee5cbb">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>a335613dad36911f947fdfd3dda8897a71889513f9009385c84e48c2b7fe7236</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.716007+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/ChinaUS_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-e371595a-81b6-4313-bb64-c6c1ed2c4515" version="1.2">
<stix:STIX_Header>
<stix:Description>ChinaUS_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-182eb716-319e-43c1-8ae4-29f678933ee7" timestamp="2016-07-14T09:44:00.737193+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>ChinaUS_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-cb1480be-46fa-4ee2-9ff9-fc0a4540a944">
<cybox:Object id="Cymmetria:File-4b70f7c9-f9f5-47b1-ae4e-7177a30d8229">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>b9c24e26c90fd83ad8258a90b1c84022d180c0223f182f96c928333f2e9c5934</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.737390+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/ChinaUS_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-13fb652a-fca3-43d8-b4f9-78a366a9a268" version="1.2">
<stix:STIX_Header>
<stix:Description>ChinaUS_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-74969918-b9a1-4afc-9683-893777d209cc" timestamp="2016-07-14T09:44:00.739363+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>ChinaUS_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-365f2aba-26a2-4eb8-9048-9932c269d8cd">
<cybox:Object id="Cymmetria:File-0a92d24a-d1d6-4be3-b311-cac51faa3fa3">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>065321d0497565871bcfe5ee606636e9d0f2975558ee838122bbbe78ffd2d367</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.739563+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/China_Response_NKorea_Nuclear_Test1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-a654a26c-9d0f-4b59-9a25-6d665bdfd172" version="1.2">
<stix:STIX_Header>
<stix:Description>China_Response_NKorea_Nuclear_Test1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-ce9e8aa8-33f1-4c0c-b4e5-0570f346c83c" timestamp="2016-07-14T09:44:00.720036+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>China_Response_NKorea_Nuclear_Test1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-b1b8086c-a9df-4c30-9fff-f4a2d9bac031">
<cybox:Object id="Cymmetria:File-3a09db08-41df-4ee6-9127-4b118e2f46b5">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>c98caa28f5114e3c37efd59cb3c2471a4c64cca3ecd6188d5efe547f1cae0e9d</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.720232+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/China_Response_NKorea_Nuclear_Test2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-93a80229-f686-4dfa-80f0-3724634019d2" version="1.2">
<stix:STIX_Header>
<stix:Description>China_Response_NKorea_Nuclear_Test2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-3d0f660b-e8a9-4d9c-b30e-cb0672cf3583" timestamp="2016-07-14T09:44:00.722736+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>China_Response_NKorea_Nuclear_Test2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-076a06dd-81ae-4584-8c49-5a46423693a3">
<cybox:Object id="Cymmetria:File-6208857d-8ff0-4e5c-a157-31f6ee19b0f2">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>bbe27671b94d040342312431a24ebb4f9685ee950efeb526b1ffd765f3e7c7dd</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.722956+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/China_two_child_policy_will_underwhelm1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-4d67627d-4344-424d-a943-3a2f2fba6e29" version="1.2">
<stix:STIX_Header>
<stix:Description>China_two_child_policy_will_underwhelm1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-d7a6996f-b014-4c85-bf1e-d37a3f5fb3d1" timestamp="2016-07-14T09:44:00.735054+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>China_two_child_policy_will_underwhelm1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-7dfc394a-bab6-48df-a916-07af7dde7b89">
<cybox:Object id="Cymmetria:File-fc7a67cd-6be1-48a0-8615-917c384a34f3">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>23d69451b4f7d9e3df5b92523e4574246bdfc786d48b20e9f0c45a25d985e191</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.735263+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/Implication_China_mil_reforms_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-1d922428-f2f3-47fe-9f66-5de0a760e4bf" version="1.2">
<stix:STIX_Header>
<stix:Description>Implication_China_mil_reforms_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-729c9b55-0339-4ec6-8d1e-6fe3ccca996b" timestamp="2016-07-14T09:44:00.777796+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>Implication_China_mil_reforms_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-89c42f30-c2f1-4c51-9e72-d37e6513d09c">
<cybox:Object id="Cymmetria:File-a81fc907-b0dd-4202-9114-c20ab08a6b06">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>97503d2302fc3b51f666f6d4ea067b499d185f807fb5a61cee49851d0417ade8</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.778045+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/MilReforms_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-68270f4c-000b-45ba-85cd-4507fdd87783" version="1.2">
<stix:STIX_Header>
<stix:Description>MilReforms_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-a92ef49b-9d0d-4560-85a2-3eb06c6b2dd6" timestamp="2016-07-14T09:44:00.800425+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>MilReforms_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-aafb8ff3-2bc0-476b-aab4-fcedd2620e02">
<cybox:Object id="Cymmetria:File-15ec016b-ce00-4dbf-9dfc-ee9561cb10be">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>c126471d35f0fcff4ebafd8fb331e328b67e07312fbaa60c8a131e318b41a839</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.800658+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/MilReforms_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-6e684ad7-3815-4e23-a52c-2b1e2fcb41db" version="1.2">
<stix:STIX_Header>
<stix:Description>MilReforms_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-4a97de1c-fc71-4637-bae5-1f9ef0eb2d34" timestamp="2016-07-14T09:44:00.803308+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>MilReforms_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-a08b0fa6-26cc-40a1-a29d-3fe5897db4fb">
<cybox:Object id="Cymmetria:File-0d11d06a-6d09-458b-a37a-ed75db4b17b0">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>c2d39a5ed25caf84d5ce68375e420b6445aff0c63a7f820ae6a3d0e24eb5e161</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.803798+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/MilitaryReforms1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-6810a046-d843-4033-9f93-3e9151576069" version="1.2">
<stix:STIX_Header>
<stix:Description>MilitaryReforms1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-74b60ac4-937a-402c-88b0-997c6883fcd3" timestamp="2016-07-14T09:44:00.795532+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>MilitaryReforms1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-844442c7-876b-453d-b697-b3a049915871">
<cybox:Object id="Cymmetria:File-5c84c64f-dd5e-402d-8719-b222ae5455cf">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>ccbbf41f7e385f511ec25925cdc177bb23a3106974fa1c61fdfea4af70489b36</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.795745+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/MilitaryReforms2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-0788e5b3-a430-4c14-872f-50cbeec23298" version="1.2">
<stix:STIX_Header>
<stix:Description>MilitaryReforms2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-3f704580-432a-4cfd-af5f-b2c6da3d9028" timestamp="2016-07-14T09:44:00.797745+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>MilitaryReforms2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-e8bad549-4509-4b42-ade4-80e0d688fe57">
<cybox:Object id="Cymmetria:File-77033d44-9710-44cc-9fb9-3b17fff11125">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>09d7cd078a46a33750b002594eb7340af55a1cefe5f4451a8bdfcd6af97449bf</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.797957+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/Obama_Gift_China_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-95cebb13-ca68-402e-9588-c6758210826b" version="1.2">
<stix:STIX_Header>
<stix:Description>Obama_Gift_China_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-7b5209f0-7dea-449d-9cdd-228727448846" timestamp="2016-07-14T09:44:00.824663+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>Obama_Gift_China_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-8d201f60-2a90-46b8-a54d-f10a6cbeae5d">
<cybox:Object id="Cymmetria:File-2f49ea12-40ea-498d-a471-44a2a94400a8">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>77b1ea1a200a17f8e14a8b6471ee6c4921c8c6b59026ce799ecaf7edd54b15e8</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.824986+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/Obama_Gift_China_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-19ef48a1-6e90-4e02-9653-c5f76f90b444" version="1.2">
<stix:STIX_Header>
<stix:Description>Obama_Gift_China_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-770e2533-0d87-44cb-893c-754d88268257" timestamp="2016-07-14T09:44:00.828070+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>Obama_Gift_China_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-ef71e10e-19b1-4aab-b3d8-4d8e157888e3">
<cybox:Object id="Cymmetria:File-abda816e-7514-426f-a933-3d70f4d891cc">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>21b2f9c134a8fe2f021884852b41eed5739c791a19f0145a5a665015cede543b</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.828273+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/TaiwanDiplomaticAccess_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-2f2376c1-5a02-4f6c-89c8-6cdc75a100e4" version="1.2">
<stix:STIX_Header>
<stix:Description>TaiwanDiplomaticAccess_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-3c1ecab2-8ff9-4616-b228-5b0b5d1b72e0" timestamp="2016-07-14T09:44:00.840041+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>TaiwanDiplomaticAccess_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-cfbf8241-8cd9-4101-bf9f-c5175a31d6d2">
<cybox:Object id="Cymmetria:File-9d7b6cb0-0202-44bd-8dec-25e2c1ef9c93">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>da06b7ee42a7d2f0cf7dd5f225373806cd054b2a3b8fdbba7a0873479c98dfba</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.840254+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/TaiwanDiplomaticAccess_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-c72a9001-4966-4693-903d-4a2bd6d59bcc" version="1.2">
<stix:STIX_Header>
<stix:Description>TaiwanDiplomaticAccess_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-9dcde51a-98ab-4223-92c3-aec3ea5cb2d0" timestamp="2016-07-14T09:44:00.842216+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>TaiwanDiplomaticAccess_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-9540eb73-2538-4bff-a579-2c842e5b7c04">
<cybox:Object id="Cymmetria:File-e4442fe4-ca0a-477a-b5c4-de1211b49429">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>eb31ffe6666d8307fa59da3d41a5bf0d9f936d909a5f955e0329ab24d64bce90</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.842517+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/UAC Bypasser.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-f4c2ec9c-4646-4e1e-b141-ca03b56f0a4e" version="1.2">
<stix:STIX_Header>
<stix:Description>UAC Bypasser hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-e521aaee-d800-4b7e-b15a-226a1ef80bb1" timestamp="2016-07-14T09:44:00.694502+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>UAC Bypasser hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-54a5fc15-0422-416f-b0cf-c3c61e8ac79b">
<cybox:Object id="Cymmetria:File-170335c2-3883-4afb-bb3c-24117edafae4">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>607454369fa5d96fab6fec7a52a518eefed5136e4ebd4cfed238ccbb0f5b180f</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.694752+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/UruguayJan-Jun_1o.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-9e06661c-c529-41b8-86d2-7ea7ff14730a" version="1.2">
<stix:STIX_Header>
<stix:Description>UruguayJan-Jun_1o.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-7ad85ec7-f70a-4996-ba10-ddebb22d379c" timestamp="2016-07-14T09:44:00.852589+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>UruguayJan-Jun_1o.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-f3840ffd-8ddc-41d8-ba3c-b131d603918c">
<cybox:Object id="Cymmetria:File-409af62c-8c9a-4d1e-8a0d-e3b1b12e567a">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>637b305164ed634f4c20bcb89030417f9d41446e5c8517e671ef4c122195ccea</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.852768+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/UruguayJan-Jun_2o.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-f6ca8c39-9cdd-492e-aa60-053cc9b9e115" version="1.2">
<stix:STIX_Header>
<stix:Description>UruguayJan-Jun_2o.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-04f080ed-5c44-4411-8756-fa26b2e9903f" timestamp="2016-07-14T09:44:00.855926+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>UruguayJan-Jun_2o.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-9a2e6244-b179-441b-918e-2f270160a4d8">
<cybox:Object id="Cymmetria:File-befff268-542b-4ace-91f6-c7341d8120e6">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>5f203ea304b97727e6a607c54713da69925337ac1eff98c7761e184c33d37c4d</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.856084+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/UruguayJul-Dec_1o.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-5ec48426-59ae-43b3-8b8c-b42fe03c46eb" version="1.2">
<stix:STIX_Header>
<stix:Description>UruguayJul-Dec_1o.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-06fc8612-3eaf-41e7-9b00-8787f90cadd9" timestamp="2016-07-14T09:44:00.859181+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>UruguayJul-Dec_1o.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-cc08fcd9-2095-4d06-b170-ee8f102c89b9">
<cybox:Object id="Cymmetria:File-af30f4cd-8122-433e-b902-9061174cda8c">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>66c946d8915c367ec23fedecaa730493d9df292d8b13fbdd56ffcda49a065ac2</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.859320+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/UruguayJul-Dec_2o.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-be96663a-cd7b-4ba6-94ef-ef7ff5155943" version="1.2">
<stix:STIX_Header>
<stix:Description>UruguayJul-Dec_2o.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-e98bbd42-2204-430b-b035-ec3b8df6e8dd" timestamp="2016-07-14T09:44:00.862207+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>UruguayJul-Dec_2o.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-1bc1659c-0c89-49c8-a749-6c883cd7bc08">
<cybox:Object id="Cymmetria:File-fdf2f8d7-cd3a-4082-8795-9218473cfad5">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>0abd0d44d12993124ba3081990342ea7d5ab75d1e639b60a4d02960ed2f54b66</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.862346+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/WILL_ISIS_INFECT_BANGLADESH.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-04c1c453-82e1-4c9f-9066-8c0cf012be1a" version="1.2">
<stix:STIX_Header>
<stix:Description>WILL_ISIS_INFECT_BANGLADESH.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-4ae178fa-7f8b-42b7-aad3-67dcdd9af0f5" timestamp="2016-07-14T09:44:00.868102+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>WILL_ISIS_INFECT_BANGLADESH.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-9b4bd14f-1291-4601-ab21-9283c215ba1f">
<cybox:Object id="Cymmetria:File-c19ba8f1-f757-46a0-ac5f-7f9b86edb16a">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>75f8073fa5f842a6ca78e27a703a6b0a30ecba3f9f51e23fcf810b2489db5fb5</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.868268+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/aeropower.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-192fd747-0c19-418e-8f56-4776692a5423" version="1.2">
<stix:STIX_Header>
<stix:Description>aeropower.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-02fa106b-7a84-4b41-b571-b3635cc210b1" timestamp="2016-07-14T09:44:00.698764+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>aeropower.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-9a8a536e-6bbe-4482-85e2-10ab450fca46">
<cybox:Object id="Cymmetria:File-44ff47cb-f21b-47d6-90aa-ba2bb87bd155">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>7dd68cab710cd1e8f099f2d2d8b67d9c3f8cb113c9bb44ea4a08ee76d49ed19c</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.698975+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/australia_fonops_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-b7affe6e-985f-45f6-8314-dd5d0ace755f" version="1.2">
<stix:STIX_Header>
<stix:Description>australia_fonops_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-42e02943-4c44-4064-8920-66ac4f83fcdf" timestamp="2016-07-14T09:44:00.700938+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>australia_fonops_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-85983fd0-7ad6-4136-ba67-f0b86006e88b">
<cybox:Object id="Cymmetria:File-ad96d92d-c635-46eb-8cd4-7a56a260cc46">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>04c7f88f284c2466b4814bb02eefb4a02ac118a2d584ba9baec9c7af1fa1de7b</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.701143+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/australia_fonops_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-4bba9028-b5b4-43c0-94d6-e0ada10e4fa3" version="1.2">
<stix:STIX_Header>
<stix:Description>australia_fonops_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-0ccebd2f-1eb8-46bf-b532-76bcd3a84d26" timestamp="2016-07-14T09:44:00.703188+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>australia_fonops_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-d7c90a4a-8445-4891-a48d-7e5cf6ee6fcb">
<cybox:Object id="Cymmetria:File-c482a94c-3479-4b97-9fba-60ad383e6d46">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>99a24d92f650faadc46c65bad65013cf3f1587a01f62f31aac20eb8864c21bee</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.703389+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/aviation_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-966cf8d4-e4b8-426f-8ba4-a4cc6bfd96c7" version="1.2">
<stix:STIX_Header>
<stix:Description>aviation_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-0304e87d-0522-4a6b-a5c0-a5524de19727" timestamp="2016-07-14T09:44:00.705318+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>aviation_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-a6b24aaf-45fd-48bc-a0da-d87a358fbc68">
<cybox:Object id="Cymmetria:File-e8b80c86-d760-48d2-a559-fd2a983ad3c1">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>cdd540c01e25b3a7e122c9c01cfc1c7399ed65f3963ff20fa1685b4c504035ca</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.705517+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/aviation_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-9551689a-ff01-486e-86b5-e9dc3cdc5e99" version="1.2">
<stix:STIX_Header>
<stix:Description>aviation_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-ba31b923-848f-4c9e-ba61-c3d4485327c9" timestamp="2016-07-14T09:44:00.707423+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>aviation_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-41895663-bbd8-4ea1-8ee1-d839f9d09538">
<cybox:Object id="Cymmetria:File-05ef77b0-2c0a-4e40-a5e9-588b7cc633fa">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>4d041a1bfd8dda989faa6a5a37ba49f988478dadaa110cdf9a98002f12a4b931</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.707620+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/beauty3.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-1ac0a2d0-449f-47cd-ba74-20fb3ef8efb4" version="1.2">
<stix:STIX_Header>
<stix:Description>beauty3.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-b7632d2f-ef78-47c2-b21b-82005fd640dd" timestamp="2016-07-14T09:44:00.709497+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>beauty3.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-8f01b0cc-fb97-490a-95a9-094b1ac69265">
<cybox:Object id="Cymmetria:File-c99f4f11-53c1-4af1-b6e0-c317e518e551">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>660b2d4baa7965acd7182bdbeaa8cdf66290968ecddc77d53517fe24882c95f9</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.709693+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/beauty6.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-aaf2a295-e98d-457e-b23f-aef0f606d5c1" version="1.2">
<stix:STIX_Header>
<stix:Description>beauty6.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-0cedf16b-6c3a-4d1e-9121-f12c02300c9b" timestamp="2016-07-14T09:44:00.711671+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>beauty6.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-1f21d42b-fb84-44c6-8feb-de1087ba5d74">
<cybox:Object id="Cymmetria:File-a2005382-313e-4702-a0e0-bdd6e2e3c8d6">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>0819f50d7a0c045188c4068b88c915f3a652c073e3081cb30a20aaf6298840bd</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.711868+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/chinamilstrength.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-292aefe3-3291-4a0f-bb96-65750890ceda" version="1.2">
<stix:STIX_Header>
<stix:Description>chinamilstrength.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-076532fc-1fe1-4eba-9faa-26ed1b9042bc" timestamp="2016-07-14T09:44:00.717933+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>chinamilstrength.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-3f80585e-6a90-4560-8d03-88514d4d24d2">
<cybox:Object id="Cymmetria:File-580ca515-cfdd-4dfa-97f0-5aaa0f7aedad">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>1f6108718ac9a29fe0e1e2d7fc2a7793ad4e20033921945c2ac0b5603e591298</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.718128+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/chinascyberarmy2015_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-a1610455-1823-4730-afeb-371a21175a2f" version="1.2">
<stix:STIX_Header>
<stix:Description>chinascyberarmy2015_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-73736aaa-35b2-4926-bce2-5157df301833" timestamp="2016-07-14T09:44:00.724998+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>chinascyberarmy2015_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-8de41a77-cdb6-4757-90f8-66fc68a151aa">
<cybox:Object id="Cymmetria:File-2a0cee48-945e-4695-ac52-cbea009cb6c4">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>fdc6afccd5dc015c138c05ba7c325fc119dfd79e913ddab292575586f1657cae</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.725218+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/chinascyberarmy2015_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-2418b339-29b2-4395-8d15-82ae78929fb0" version="1.2">
<stix:STIX_Header>
<stix:Description>chinascyberarmy2015_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-4a558204-cd71-44dc-ac55-4b4ffde423e8" timestamp="2016-07-14T09:44:00.728068+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>chinascyberarmy2015_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-b59b1349-f7ee-47c6-8488-ee763a85ff5a">
<cybox:Object id="Cymmetria:File-6b086c06-9080-4061-9c4c-9273dd697e36">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>8770819471130b056822c334f8735453c3fd7d3495ae5ad98d372241872be7c5</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.728316+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/chinesemilstrat_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-ff00acbe-fcfc-473b-b49a-286defedd7bb" version="1.2">
<stix:STIX_Header>
<stix:Description>chinesemilstrat_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-34e13709-9af4-4457-b643-f15fd47fc398" timestamp="2016-07-14T09:44:00.741477+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>chinesemilstrat_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-47592e72-79c3-4254-ab6e-4002e3148466">
<cybox:Object id="Cymmetria:File-78c8d4cb-f40d-454d-a9ad-901e94c11cab">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>158919e9ca13db3747708b56397b63431ad864879abe1f5f3c4c178d8fae1149</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.741679+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/chinesemilstrat_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-bc108ce4-00bd-41a7-9721-b04f0a2e484d" version="1.2">
<stix:STIX_Header>
<stix:Description>chinesemilstrat_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-1e126202-44e3-4334-9bd0-06483d01f20b" timestamp="2016-07-14T09:44:00.743604+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>chinesemilstrat_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-f82f89d9-1b02-4d7f-99f6-4ec0b8a4dcb4">
<cybox:Object id="Cymmetria:File-ccdcc595-fbda-4fe9-889b-fe3eb005d8d2">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>6cb9b489f27517b21db61398cc103f863eb71e1034997e7f54b463be9c34568b</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.743796+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/cppcc_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-8452040a-6932-4b15-a509-2ec7519ca3b3" version="1.2">
<stix:STIX_Header>
<stix:Description>cppcc_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-604aa554-180b-4a03-9dbc-cb9e6ae68619" timestamp="2016-07-14T09:44:00.745682+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>cppcc_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-a822f77e-8b90-4be4-a899-ad761df87a5e">
<cybox:Object id="Cymmetria:File-6fb39831-62f8-4847-9e69-1a326fc6afaf">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>5e4dd3e3d21a25a2680320ad79ef773f133312210adcd45b09bfb183c5797004</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.745875+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/cppcc_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-8164b35a-f464-4746-9288-f46ceab2b857" version="1.2">
<stix:STIX_Header>
<stix:Description>cppcc_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-83acfcc0-cc25-4634-af73-67dda23fc4a5" timestamp="2016-07-14T09:44:00.747771+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>cppcc_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-7574ec78-8175-47f7-925c-57e469f7c121">
<cybox:Object id="Cymmetria:File-b0da86ec-a772-4642-b19b-1321e000bb5c">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>04317dd251b6eb22ce0941dda9821463fe53a51140d4ac639b9d0463dbf61372</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.747968+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/election.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-40151036-11fc-4b3c-bc2d-7775c07ed434" version="1.2">
<stix:STIX_Header>
<stix:Description>election.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-76ed1ba0-d310-4628-81b2-7389db97092e" timestamp="2016-07-14T09:44:00.749833+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>election.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-5b5e17a0-e77d-4907-a033-d33cc9823be8">
<cybox:Object id="Cymmetria:File-424ff79d-f68d-4c64-b1a9-af9e2b6c2e29">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>7ce893d1e08ef1ce62706eabe9aa0813e5e495d4f24955ca5020c3191968ec3a</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.750031+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/enggmarvels_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-90df75c5-a0fb-4360-9aca-d5f908b70834" version="1.2">
<stix:STIX_Header>
<stix:Description>enggmarvels_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-364f2358-51cf-43fd-9008-d8c42678a28c" timestamp="2016-07-14T09:44:00.752014+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>enggmarvels_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-847fd08a-1365-4608-b7d3-5ecb0c9a9eda">
<cybox:Object id="Cymmetria:File-4b604993-caaa-4482-b977-74d1bce7a952">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>79af494cfb231c267d3149d4922a16ea0086c4ba63b584e6ff8dc463235eb999</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.752218+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/enggmarvels_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-07d91005-8aae-4f03-9289-50a265d5165c" version="1.2">
<stix:STIX_Header>
<stix:Description>enggmarvels_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-44e6cd97-ba28-4785-a646-dd9883491707" timestamp="2016-07-14T09:44:00.754230+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>enggmarvels_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-8f6f058e-6b1c-43ca-a510-b902c9671774">
<cybox:Object id="Cymmetria:File-caeb2f29-6240-46fb-9763-8baedc87ff6a">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>0803956f7919f3ac71f345a59c3803b0ab5e32e8f9c408b0eff0716a013c020d</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.754433+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/fengnew33.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-f8b07572-9c31-4e14-9a19-f7c4efef817f" version="1.2">
<stix:STIX_Header>
<stix:Description>fengnew33.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-d8e22362-7c9c-4489-9cbb-818d6ca31e6f" timestamp="2016-07-14T09:44:00.756434+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>fengnew33.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-00646bd2-a81f-4f54-a197-52241b4bcf7c">
<cybox:Object id="Cymmetria:File-7c42ad9b-a49d-442e-a5ec-e052ffdf780a">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>caf046809672fa9b162ddb633f12f1c817c8aab42da994398135b0b2b5b2f01c</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.756637+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/fengnew36.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-a2ef3c85-9ca3-4df8-b5d5-f2a5f8b0e885" version="1.2">
<stix:STIX_Header>
<stix:Description>fengnew36.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-15f48037-be92-47a3-a299-bd3a01513886" timestamp="2016-07-14T09:44:00.758653+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>fengnew36.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-a3996216-2f23-4fdc-b297-492b0c8e5331">
<cybox:Object id="Cymmetria:File-cafe3f67-c60f-4868-9b5e-07cfed8cfcd3">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>e61a805907a44c61458baae92cb9a2bb901d76102fe94ae0a6ef287cf71fb4ae</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.758866+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/fengnew63.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-d2a88e49-c1f7-455a-8f90-2f18d7c02ada" version="1.2">
<stix:STIX_Header>
<stix:Description>fengnew63.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-b2f2f2af-295a-4ab6-81b0-f8b8753d2e2c" timestamp="2016-07-14T09:44:00.760876+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>fengnew63.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-e7fd74e3-4020-4a33-9cc1-f44033a4cfc8">
<cybox:Object id="Cymmetria:File-ca8d89d0-9f4a-4cb6-b2b6-c7571fe90663">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>3e282a1cdcc692415998633af2a15d79dcfb2ce90734bf90138e9bd3e3c32f7f</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.761074+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/fengnew66.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-2b18aa03-fe0a-49fd-95c1-ce2977217098" version="1.2">
<stix:STIX_Header>
<stix:Description>fengnew66.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-158c00c4-9f83-4acb-a425-666c1e7a6181" timestamp="2016-07-14T09:44:00.763035+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>fengnew66.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-c1a6745f-ea9d-456d-ba84-39ca43d93b8c">
<cybox:Object id="Cymmetria:File-1e718a6e-9264-4c1a-9411-20e280b6e8e6">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>0edb3efd98de5d135f3326129a4d7a5546484570d9949e6103179a0e5e6b97dd</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.763236+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/futuredrones_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-ba9fa5d4-4d7d-46d2-a718-9a58f829dc14" version="1.2">
<stix:STIX_Header>
<stix:Description>futuredrones_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-a6f99805-45ed-403d-8e0b-b996669af485" timestamp="2016-07-14T09:44:00.765923+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>futuredrones_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-15ce77e5-5be6-42da-bffe-65fefedf599b">
<cybox:Object id="Cymmetria:File-ea92ba2d-469e-48e5-b3cb-528d8b37a1e2">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>13f03f67d748ece55bcdd77373668e89d97c340f426aac5097817b6bb91c6844</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.766150+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/futuredrones_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-b533b8d1-0771-4c62-9a47-0c47d54f3cca" version="1.2">
<stix:STIX_Header>
<stix:Description>futuredrones_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-80d6946c-828c-46c0-ac74-6fff20581c78" timestamp="2016-07-14T09:44:00.768196+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>futuredrones_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-c3ae07b6-b85e-4737-b94a-ae0c7350244b">
<cybox:Object id="Cymmetria:File-3fe9a65c-2d80-44bd-98d8-5094f267009c">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>43c1bee83e6f814a4028192f9f52fb89fea986815da43654ce991f06bbd48b5e</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.768397+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/gaokaonewschedule_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-3314ca40-5027-4cc3-8626-f5ad11034d30" version="1.2">
<stix:STIX_Header>
<stix:Description>gaokaonewschedule_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-eb1fa937-0fae-4e67-a0c4-8f0ad08b7629" timestamp="2016-07-14T09:44:00.770319+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>gaokaonewschedule_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-391d54a9-24c3-4999-a313-343e013296ab">
<cybox:Object id="Cymmetria:File-7b0245d1-9181-4454-b15f-8edbb4f577d9">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>a725cf180706c6060f344ac8cecc1c23e90358a1170c61db7dd8a3be4d109e8b</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.770550+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/gaokaonewschedule_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-02c6f666-0a04-408e-a3c8-d33540a50a17" version="1.2">
<stix:STIX_Header>
<stix:Description>gaokaonewschedule_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-5c6ccaad-7ead-485d-b173-60d451fb1746" timestamp="2016-07-14T09:44:00.772605+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>gaokaonewschedule_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-3cc3e579-d1c8-40cc-a442-45b227b55fdf">
<cybox:Object id="Cymmetria:File-8b7d45ff-d922-4ec0-ada6-8909cf406422">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>12ffc8454be5a73a894eea89d1617d256f0e65fe403a2c19558b3f484c7cbe03</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.772808+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/harbin_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-fe821a6d-3906-44de-9d08-7d9cdb099850" version="1.2">
<stix:STIX_Header>
<stix:Description>harbin_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-2f8848db-ff5b-4b14-99d2-f8054c5f106b" timestamp="2016-07-14T09:44:00.774794+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>harbin_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-5714210d-ffa3-4848-8489-e610485b8fab">
<cybox:Object id="Cymmetria:File-90ebf608-3903-466a-acea-7d6878180e85">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>2c1a70bf43bd622201321e902982153f13414e2f42f0a17fad0e9d35ba8613f4</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.775005+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/japan_pivot_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-cbfa97fc-a012-44e6-8d13-faf460cb7171" version="1.2">
<stix:STIX_Header>
<stix:Description>japan_pivot_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-d96b505f-dd81-4576-90bb-c14bf595c3d2" timestamp="2016-07-14T09:44:00.780599+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>japan_pivot_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-93504a8e-f231-4f2e-abfe-b6849903c5a8">
<cybox:Object id="Cymmetria:File-9f5e45c1-8fed-437e-901b-a67536a59715">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>887cc8220cd9722d114cf575f1cb7758c2e10f3d8904121dc9fe0b749c6955bb</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.780887+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/japan_pivot_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-10ec34aa-d223-4b3e-a985-3391cbe3cdd6" version="1.2">
<stix:STIX_Header>
<stix:Description>japan_pivot_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-3970bdb4-bf1e-420f-ad79-221cbef6daaf" timestamp="2016-07-14T09:44:00.783375+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>japan_pivot_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-d521896a-7ce3-42c1-9e8a-3c5923e1c273">
<cybox:Object id="Cymmetria:File-e76faf39-46ac-4155-8600-b8ff41ce3b72">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>18af865435967f803a2b2cf8ef0ec1a859d6d9612a59c01a59c77d31fda9c91d</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.783582+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/jtopcentrecomn.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-9e44f306-6a7d-42b7-9c84-4bf09f02f5ba" version="1.2">
<stix:STIX_Header>
<stix:Description>jtopcentrecomn.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-8e5b9ba7-77f9-437c-a8b1-9819fa918ece" timestamp="2016-07-14T09:44:00.785580+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>jtopcentrecomn.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-0dfc347e-8945-4e94-bc88-23f14bccd02f">
<cybox:Object id="Cymmetria:File-2704ffec-b9f6-48d2-871e-c06dd6b6bb52">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>7169ee156199b86e7149cb9c49a146b5d20afe02d90d315e00b3980419c41d14</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.785783+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/korea1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-bdd495e2-8a6f-4447-aaa7-771725e70f72" version="1.2">
<stix:STIX_Header>
<stix:Description>korea1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-785077c2-d2c6-43d3-aa3b-17ab92b4f2f5" timestamp="2016-07-14T09:44:00.788016+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>korea1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-262117ab-6c5f-47a1-a798-c4e868e5f547">
<cybox:Object id="Cymmetria:File-7a84f2df-5d8f-4506-bfcd-92efd4855138">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>1ea09eb00f49a92505c22f2f4569e035894cb765a8be87adcbc94c01a8d9d5c0</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.788229+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/militarizationofsouthchinasea_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-8d95372c-ec12-4675-8003-49cf9e457aee" version="1.2">
<stix:STIX_Header>
<stix:Description>militarizationofsouthchinasea_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-4a0aad4a-9d17-4222-ba32-9a3f02d0d49d" timestamp="2016-07-14T09:44:00.790232+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>militarizationofsouthchinasea_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-022b7a6d-1154-435d-9283-73905888af73">
<cybox:Object id="Cymmetria:File-729c9ea5-b099-4623-b3b3-af6f5863ace7">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>53a30dfd90bd1208dcfe534ccd0b798d629aa989ccaeae952384cfe9ecb17369</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.790459+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/militarizationofsouthchinasea_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-40ea33de-e768-4b3b-89a6-8d02b0b5f7bb" version="1.2">
<stix:STIX_Header>
<stix:Description>militarizationofsouthchinasea_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-62c47b0c-cf6c-4baa-80fd-bb0a6e1134cf" timestamp="2016-07-14T09:44:00.792897+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>militarizationofsouthchinasea_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-7b78f066-1a69-4229-9d34-e59784c523b8">
<cybox:Object id="Cymmetria:File-5691b212-6a79-4856-87d1-c0a89e15b1d2">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>9d0d420c696083023300545754f0428549bb62f33c6e492eb4ace8ce95ce8af0</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.793209+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/my_lovely_pics_3.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-b38a101c-e4cf-4b49-b9b6-d7be0a9ee513" version="1.2">
<stix:STIX_Header>
<stix:Description>my_lovely_pics_3.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-c45bb1cd-de28-49db-bf65-80d5fe21225d" timestamp="2016-07-14T09:44:00.806387+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>my_lovely_pics_3.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-d8521abf-d9dc-422c-ba06-c120d07b9484">
<cybox:Object id="Cymmetria:File-703d79af-a806-49c5-9d3d-62e3b8e3f75c">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>39cf8b7bbceac5d150cc9fafbf2d7492d353771ec40919d1777fba8d6d2da2b4</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.806648+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/my_lovely_pics_6.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-6254f96c-1edf-4962-87c7-13812b5d9d4e" version="1.2">
<stix:STIX_Header>
<stix:Description>my_lovely_pics_6.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-688df155-133c-4388-9306-49af072e5e64" timestamp="2016-07-14T09:44:00.808623+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>my_lovely_pics_6.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-d9dd6e2c-dc55-44a7-b811-e018c031b882">
<cybox:Object id="Cymmetria:File-6635d8e4-5548-487c-bb8a-2719487a1d51">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>cc810280206c3ee96f88840d6e23bd2c849bfb48f4e97c2ea1c8ef47ce06ba9b</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.808824+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/my_photos_3.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-2d5370d8-e4b5-4413-b97e-0f0da9fadad5" version="1.2">
<stix:STIX_Header>
<stix:Description>my_photos_3.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-65b517b3-adbe-4036-9fac-ce1392bd1e97" timestamp="2016-07-14T09:44:00.812023+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>my_photos_3.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-75029444-3454-4349-96de-955478aca007">
<cybox:Object id="Cymmetria:File-7d17162f-5f22-4733-8d15-2a297b87fe9b">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>b4487148d05bc4acc932b47c0a01371c459eea12fc7fd4f21af127dee2f619f4</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.812257+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/my_photos_6.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-c940362e-fa0c-461c-b7e7-bad23f4da495" version="1.2">
<stix:STIX_Header>
<stix:Description>my_photos_6.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-14dff19c-f009-42d4-be64-9078b244ebfd" timestamp="2016-07-14T09:44:00.814378+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>my_photos_6.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-9724730f-69de-4c9c-a537-99425034f278">
<cybox:Object id="Cymmetria:File-8eca17fa-b3c9-4379-ad58-f4834e5f4b70">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>1c60523b5c2cfc176549d4a8c14c2759c504cce23da86cf3dcb99c21ddf30f5a</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.814627+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/nail_art_3.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-562951fa-8cdd-4c1f-8a01-53422623c367" version="1.2">
<stix:STIX_Header>
<stix:Description>nail_art_3.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-47d8f7b9-f1b3-4bc0-a985-a7e1c3a32b7d" timestamp="2016-07-14T09:44:00.816394+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>nail_art_3.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-fe851820-a6fe-44c9-b076-06d0b9eb0527">
<cybox:Object id="Cymmetria:File-4c0b3991-115e-4328-b713-c1d9212fd575">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>48219520a01ef9ec5f499cdb3f3ad8e9899b0c15800acb66cb0df5fe74f49cce</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.816578+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/nail_art_6.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-eda44e2a-d1f2-4aba-b252-bf00de7663c2" version="1.2">
<stix:STIX_Header>
<stix:Description>nail_art_6.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-7576dbe2-2f1f-4b9e-b300-3fe3d00a057e" timestamp="2016-07-14T09:44:00.818320+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>nail_art_6.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-58a3b1b0-a14b-41aa-8daf-4295cace0501">
<cybox:Object id="Cymmetria:File-e035db90-f232-4f72-8042-7740eb69e2bd">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>77a43ddd5b90b25b189f970ec76224085f7b7210922e611ed38905d4190d7cc3</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.818517+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/netflix1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-4b8256a1-c610-4ac9-89e0-4a238ac116a4" version="1.2">
<stix:STIX_Header>
<stix:Description>netflix1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-aa431d4c-51b5-4016-8bbe-0fe7b9ff6773" timestamp="2016-07-14T09:44:00.820477+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>netflix1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-fee9df1e-0e5e-4f71-8103-4b357c330f30">
<cybox:Object id="Cymmetria:File-6e02f347-cd9c-4c1d-9b69-866b208e9590">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>88e2e7df29450f673081161e105b561f67bba65ce00d12da90b26149c2960631</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.820676+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/netflix2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-287d8ef4-08e5-4f79-98b8-6854b18c0502" version="1.2">
<stix:STIX_Header>
<stix:Description>netflix2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-d26a6988-8a61-4954-bf86-b7476d447cf0" timestamp="2016-07-14T09:44:00.822688+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>netflix2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-cc8a1875-3bf0-4192-b40a-57f9f915327a">
<cybox:Object id="Cymmetria:File-5c59c76b-f335-4049-a512-b8ded4b8dc87">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>2f6ed134adf8d29dd9e25b8f8f863389742dd5ff6d9104329c2fecb66b9e1604</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.822876+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/pension_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-dde5b96a-2c61-4572-964e-5f6528faf3f4" version="1.2">
<stix:STIX_Header>
<stix:Description>pension_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-999944d3-257d-449f-b17f-596f346af4f1" timestamp="2016-07-14T09:44:00.830250+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>pension_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-3763a303-6c25-4da2-a29b-6747fe98cabe">
<cybox:Object id="Cymmetria:File-46749afb-ecaa-4e83-972f-7f219f4b6b6f">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>6b821ad306c9baa18b7d77a06bbbff032a55ba1bc4b7f93b747477facb8b8fa0</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.830469+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/stewardess1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-2c40b2b0-dc12-4f09-8b89-5861346cc0ba" version="1.2">
<stix:STIX_Header>
<stix:Description>stewardess1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-62396b52-fd9b-4fdb-bef6-f8c20618c4fc" timestamp="2016-07-14T09:44:00.832683+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>stewardess1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-1868b465-f575-4a87-902f-8cfe1f49bb68">
<cybox:Object id="Cymmetria:File-d396c980-ed9e-45a6-8f33-7f5e936293af">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>d4a9a07192ba6ddafe86ea8c72277650cc8996cd1ec487d3677d8a4e92e28983</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.832911+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/stewardess2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-6b7f9237-4b4a-4994-affa-b22183037a2e" version="1.2">
<stix:STIX_Header>
<stix:Description>stewardess2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-ebbe8a5b-2d8e-4198-a4a3-310b22b043c9" timestamp="2016-07-14T09:44:00.835075+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>stewardess2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-7fca7cad-798d-4711-ad06-5870f4573b5a">
<cybox:Object id="Cymmetria:File-35bf7d62-9249-4076-bf83-fdaf0012f7bb">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>8869567e461c5fe15e4a2d66e28a04445eebf76a0fdc3fc98e3edca6f032e423</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.835291+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/syria_china.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-02ded131-3098-446c-976e-8e3ff0207431" version="1.2">
<stix:STIX_Header>
<stix:Description>syria_china.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-9c7e37c7-21ff-4bce-91e7-05ea9b972b52" timestamp="2016-07-14T09:44:00.837317+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>syria_china.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-43fd31c9-547a-4f73-8bc0-7c658194cecf">
<cybox:Object id="Cymmetria:File-7951be76-996f-4df0-862b-3c13ad9ada44">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>53dc1535397fe9bdefd4d69bf8b22751668dfc1054713aab71b6048fbd23423a</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.837549+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/sysvolinfo.exe variant.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-13b85d20-522b-414d-830f-ae7ca025eaa5" version="1.2">
<stix:STIX_Header>
<stix:Description>sysvolinfo.exe variant hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-55cdc5d7-1cc7-4694-a381-6629f2aa352d" timestamp="2016-07-14T09:44:00.692395+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>sysvolinfo.exe variant hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-ad2679a5-8444-4d25-a197-3d44f3a28e39">
<cybox:Object id="Cymmetria:File-94092ed3-33a9-4b19-bb06-3eca05cbf9e8">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>13b0f3b63ce276f8d30ac4f95b03485a6fe532754494f9848e875c460b121b28</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.692596+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/sysvolinfo.exe.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-a5c8d8ad-f0ec-4f4a-a61f-39c3baf66262" version="1.2">
<stix:STIX_Header>
<stix:Description>sysvolinfo.exe hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-d2aab968-e099-411d-ba79-542d12b0b27d" timestamp="2016-07-14T09:44:00.688146+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>sysvolinfo.exe hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-b693980e-1808-41ef-922a-5ddbcff0d068">
<cybox:Object id="Cymmetria:File-75ea6f0e-9972-427d-b5e1-9b56ddd914c8">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>f5e4d5d5fde978968dce4db4120ecbb68898d5fdf55860e61058d91db29b7d91</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.688336+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/tibetculture_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-3dd34690-40f8-4425-8782-dfa70d9fc9b5" version="1.2">
<stix:STIX_Header>
<stix:Description>tibetculture_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-3b1791af-6db8-4802-91b2-df319a25489e" timestamp="2016-07-14T09:44:00.845162+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>tibetculture_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-0cc27044-8ac3-43d1-9242-d11a30c41ced">
<cybox:Object id="Cymmetria:File-e3a3ec3d-b2f5-49b8-9397-92f6a5caae96">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>eed9c5e8ec7d25a5c9f15d30d80413edf65ec4f495c3d244c9d55d134e0cccef</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.845360+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/tibetculture_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-19a4cd21-917e-4854-a6d6-1f4670035ae1" version="1.2">
<stix:STIX_Header>
<stix:Description>tibetculture_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-838ee15a-07a8-451c-a3a2-be1d158da061" timestamp="2016-07-14T09:44:00.847129+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>tibetculture_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-f4a194ce-5d75-4903-96ef-51d3eca70df9">
<cybox:Object id="Cymmetria:File-f111d841-6acf-40db-883f-5a57b0f50a1a">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>f9a9808927bccb8a08828b16cf288a89a1b0b67fe55055f5bbcd777fc312b4ce</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.847282+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/underestimatingUS_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-2750d716-1756-4bdb-9d31-d478c4c6fafd" version="1.2">
<stix:STIX_Header>
<stix:Description>underestimatingUS_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-5d9cc872-3dea-487c-a329-0e4d77481caa" timestamp="2016-07-14T09:44:00.849080+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>underestimatingUS_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-7833df1b-302c-4417-a3bc-e5468cf02854">
<cybox:Object id="Cymmetria:File-f1a5928e-5231-4eed-a6ed-b3eb5d0b857e">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>a358679e2474750c0ae064590e80085035cdec6028c9025cf4dc48dd610de88e</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.849232+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/underestimatingUS_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-77c5a585-5320-4fc0-893f-25bc483e5507" version="1.2">
<stix:STIX_Header>
<stix:Description>underestimatingUS_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-09594f42-ae92-4b20-871a-0b4810464ca9" timestamp="2016-07-14T09:44:00.850832+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>underestimatingUS_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-4393498c-4c4b-49dd-997c-49102550804d">
<cybox:Object id="Cymmetria:File-8d846d29-7a3b-4268-8a1f-b739d1eabc35">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>511111ebb818471c1402631494aade54f3d13b57eb9cc705392edb615153950d</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.851012+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/uplv1032.exe.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-00f36a06-90d7-4bbb-a042-49229f0a7458" version="1.2">
<stix:STIX_Header>
<stix:Description>uplv1032.exe hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-970f1765-2cdf-45a7-92df-1eca036e9c34" timestamp="2016-07-14T09:44:00.690147+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>uplv1032.exe hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-fba9170b-b696-4842-ba4b-8ceb1821a496">
<cybox:Object id="Cymmetria:File-0344ea7b-b05e-43af-9cea-61e6b42ba7c7">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>1da99f69735d203a3d52ff1bb2ede75fe69601259efa6c5a080024ddf9276297</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.690339+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/upsrv.exe.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-154fe685-d8e9-4394-b168-8b7b0b521d23" version="1.2">
<stix:STIX_Header>
<stix:Description>upsrv.exe hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-71558c1d-1eac-4805-93c1-0fb96c3e79ae" timestamp="2016-07-14T09:44:00.683417+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>upsrv.exe hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-30b438d4-f7f9-4796-b4d9-352723c8c953">
<cybox:Object id="Cymmetria:File-5f35e305-0fe0-4074-b4ea-90ce9f968542">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>076aa7f5f6a5bdd9acdee55c6e3de54e6e8d5fd6fe2a03c165a23861e315f3f5</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.683708+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/uruguayjan-jun_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-a24a3f2e-1d3e-4418-8948-5321cd7657c1" version="1.2">
<stix:STIX_Header>
<stix:Description>uruguayjan-jun_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-4a28cfc4-78f0-4b9c-a51a-f3eb877e87d8" timestamp="2016-07-14T09:44:00.854231+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>uruguayjan-jun_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-2bc0eec8-217d-4aca-8223-fdf65aab5f9f">
<cybox:Object id="Cymmetria:File-0e039d38-e874-445f-b867-1830ded1ce03">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>fe3f4bd9810389e68ead6d29270050275440281de0b78532ea9c71d9b3db41f6</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.854408+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/uruguayjan-jun_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-136f49b9-1797-4559-b594-34e341fa1184" version="1.2">
<stix:STIX_Header>
<stix:Description>uruguayjan-jun_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-46a6e1f3-4b85-4260-b39f-98134914cd70" timestamp="2016-07-14T09:44:00.857488+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>uruguayjan-jun_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-efa42990-5fc1-4e23-96c3-919f56b389be">
<cybox:Object id="Cymmetria:File-1e91cbe9-2506-4792-bffd-eca9819150b9">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>b9f0e2b6ca667cbabcec0c2cd311eefb831776c33ab679a109345507030b259d</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.857626+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/uruguayjul-dec_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-1a29bda5-ba72-4e7c-9dc8-3a60f959af17" version="1.2">
<stix:STIX_Header>
<stix:Description>uruguayjul-dec_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-c3a69825-2f20-409f-8f65-a5c0ec2cb9f7" timestamp="2016-07-14T09:44:00.860697+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>uruguayjul-dec_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-6cf4d440-b87e-4846-a898-2f72e93076c7">
<cybox:Object id="Cymmetria:File-baa7b97f-0d6e-4d32-a3f7-98d657c0f08a">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>a870b9b7d84bbb95da6dcb633f74731b316f4bc77bd71edc779928b71c1e5a4f</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.860835+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/uruguayjul-dec_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-3c8f7f98-8f65-4588-aa59-c08777447fef" version="1.2">
<stix:STIX_Header>
<stix:Description>uruguayjul-dec_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-5383a98d-cf90-4393-8830-8a20d4abe595" timestamp="2016-07-14T09:44:00.863745+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>uruguayjul-dec_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-7fb927e4-76bd-42b2-a2bf-b02d69db0f9d">
<cybox:Object id="Cymmetria:File-94cc5917-277e-4177-a737-75a10779ffb2">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>af826881bfead39e6319131359521502076a83d75f02ab2fd0754c5a82ab2f73</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.863881+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/us_srilanka_relations_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-fa1b019c-fd97-402a-98e0-15dba653bb0d" version="1.2">
<stix:STIX_Header>
<stix:Description>us_srilanka_relations_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-7caf4caa-ca77-4e75-9956-98c7282113d5" timestamp="2016-07-14T09:44:00.865206+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>us_srilanka_relations_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-85f9b5df-a139-42cf-b940-7a20232ea7ae">
<cybox:Object id="Cymmetria:File-b5d7a1e8-691e-4fb2-afeb-008d76e08a1a">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>665b6ffd8ada42e0a1e77a377970eec3b2b8a915d101c7888d1b28e86c80ebfa</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.865341+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/us_srilanka_relations_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-7abaa9ba-c309-4a19-9f07-51e30bed8230" version="1.2">
<stix:STIX_Header>
<stix:Description>us_srilanka_relations_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-1f73c659-bd07-4134-af93-2d5a79c98847" timestamp="2016-07-14T09:44:00.866660+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>us_srilanka_relations_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-b7f9c1c1-bf52-45c9-98e8-6cfa2c59ebbb">
<cybox:Object id="Cymmetria:File-65926446-679d-4954-a86e-60711eb8e6e4">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>e01b1267f5c12291dbcbaa04fcd558b8f7415f11dfe0f2a4cdabe8e69277e52a</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.866794+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/zodiac_1.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-5ed5bac6-249f-467e-8e80-d0ac9455697d" version="1.2">
<stix:STIX_Header>
<stix:Description>zodiac_1.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-b6144986-f852-4d4b-877b-43e01d9d1f2d" timestamp="2016-07-14T09:44:00.869905+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>zodiac_1.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-df7dedfa-ec8b-44c4-a2c3-8276dbfe5c41">
<cybox:Object id="Cymmetria:File-dfeebeae-6815-4330-b4cf-a80ba0f94769">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>53d6ae6e3f883f1e1ebc9e0b6bdbd8ec8dad344b0988fb4e28b17c19f7385e7e</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.870084+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

41
2016/2016.07.07.UNVEILING_PATCHWORK/IOCs/STIX/zodiac_2.pps.xml Normal file
View File

@ -0,0 +1,41 @@
<stix:STIX_Package
xmlns:Cymmetria="http://cymmetria.com"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="Cymmetria:Package-51eedaae-6036-4d4f-8910-b3f14a11690b" version="1.2">
<stix:STIX_Header>
<stix:Description>zodiac_2.pps hash indicator</stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="Cymmetria:indicator-11fd5c42-3a6f-41bf-ba4a-c5785cd31046" timestamp="2016-07-14T09:44:00.871953+00:00" xsi:type='indicator:IndicatorType'>
<indicator:Title>zodiac_2.pps hash indicator</indicator:Title>
<indicator:Description>An indicator containing a File observable with an associated hash</indicator:Description>
<indicator:Observable id="Cymmetria:Observable-58278ea8-7b7a-4b81-a71d-d062c2d11737">
<cybox:Object id="Cymmetria:File-8b6dfb8a-2239-4792-bafe-fb21e5ea6a11">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value>55a5d4f879250dbe57523c7caf7fd55b7324043780dd697e9a8b7061500c8c85</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Producer>
<stixCommon:Identity>
<stixCommon:Name>Cymmetria Inc.</stixCommon:Name>
</stixCommon:Identity>
<stixCommon:Time>
<cyboxCommon:Produced_Time>2016-07-14T09:44:00.872151+00:00</cyboxCommon:Produced_Time>
</stixCommon:Time>
</indicator:Producer>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>

224
README.md
View File

@ -81,7 +81,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
* Feb 22 - [[FireEye] Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government](https://www.fireeye.com/blog/threat-research/2017/02/spear_phishing_techn.html) | [Local](../../blob/master/2017/2017.02.22.Spear_Phishing_Mongolian_Government)
* Feb 21 - [[Arbor] Additional Insights on Shamoon2](https://www.arbornetworks.com/blog/asert/additional-insights-on-shamoon2/) | [Local](../../blob/master/2017/2017.02.21.Additional_Insights_on_Shamoon2)
* Feb 20 - [[BAE Systems] azarus' False Flag Malware](http://baesystemsai.blogspot.tw/2017/02/lazarus-false-flag-malware.html) | [Local](../../blob/master/2017/2017.02.20.Lazarus_False_Flag_Malware)
* Feb 17 - [[JPCERT] ChChes - Malware that Communicates with C&C Servers Using Cookie Headers](http://blog.jpcert.or.jp/2017/02/chches-malware--93d6.html) [Local](../../blob/master/2017/2017.02.17.chches-malware)
* Feb 17 - [[JPCERT] ChChes - Malware that Communicates with C&C Servers Using Cookie Headers](http://blog.jpcert.or.jp/2017/02/chches-malware--93d6.html) | [Local](../../blob/master/2017/2017.02.17.chches-malware)
* Feb 16 - [[BadCyber] Technical analysis of recent attacks against Polish banks](https://badcyber.com/technical-analysis-of-recent-attacks-against-polish-banks/) | [Local](../../blob/master/2017/2017.02.16.Technical_analysis_Polish_banks)
* Feb 15 - [[Morphick] Deep Dive On The DragonOK Rambo Backdoor](http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoor) | [Local](../../blob/master/2017/2017.02.15.deep-dive-dragonok-rambo-backdoor)
* Feb 15 - [[IBM] The Full Shamoon: How the Devastating Malware Was Inserted Into Networks](https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-was-inserted-into-networks/) | [Local](../../blob/master/2017/2017.02.15.the-full-shamoon)
@ -117,122 +117,122 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
* Oct 25 - [[ESET] En Route with Sednit Part 2: Lifting the lid on Sednit: A closer look at the software it uses](http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part-2.pdf) | [Local](../../blob/master/2016/2016.10.25.Lifting_the_lid_on_Sednit)
* Oct 20 - [[ESET] En Route with Sednit Part 1: Approaching the Target](http://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf) | [Local](../../blob/master/2016/2016.10.20.En_Route_with_Sednit)
* Oct 17 - [[ThreatConnect] ThreatConnect identifies Chinese targeting of two companies. Economic espionage or military intelligence? ](https://www.threatconnect.com/blog/threatconnect-discovers-chinese-apt-activity-in-europe/) | [Local](../../blob/master/2016/2016.10.16.A_Tale_of_Two_Targets)
* Oct 05 - [Wave your false flags](https://securelist.com/files/2016/10/Bartholomew-GuerreroSaade-VB2016.pdf) | [Local](../../blob/master/2016/2016.10.05_Wave_Your_False_flag)
* Oct 03 - [On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users](https://securelist.com/blog/research/76147/on-the-strongpity-waterhole-attacks-targeting-italian-and-belgian-encryption-users/) | [Local](../../blob/master/2016/2016.10.03.StrongPity)
* Sep 29 - [China and Cyber: Attitudes, Strategies, Organisation](https://ccdcoe.org/sites/default/files/multimedia/pdf/CS_organisation_CHINA_092016.pdf) | [Local](../../blob/master/2016/2016.09.29.China_and_Cyber_Attitudes_Strategies_Organisation)
* Sep 28 - [ThreatConnect: Belling the BEAR: russia-hacks-bellingcat-mh17-investigation](https://www.threatconnect.com/blog/russia-hacks-bellingcat-mh17-investigation/) | [Local](../../blob/master/2016/2016.09.28.russia-hacks-bellingcat-mh17-investigation)
* Sep 26 - [Sofacys Komplex OS X Trojan](http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/) | [Local](../../blob/master/2016/2016.09.26_Sofacy_Komplex_OSX_Trojan)
* Sep 18 - [Hunting Libyan Scorpions](https://cyberkov.com/wp-content/uploads/2016/09/Hunting-Libyan-Scorpions-EN.pdf) | [Local](../../blob/master/2016/2016.09.18.Hunting-Libyan-Scorpions)
* Sep 14 - [MILE TEA: Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies](http://researchcenter.paloaltonetworks.com/2016/09/mile-tea-cyber-espionage-campaign-targets-asia-pacific-businesses-and-government-agencies/) | [Local](../../blob/master/2016/2016.09.14.MILE_TEA)
* Sep 06 - [Buckeye cyberespionage group shifts gaze from US to Hong Kong](http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong) | [Local](../../blob/master/2016/2016.09.06.buckeye-cyberespionage-group-shifts-gaze-us-hong-kong)
* Sep 01 - [MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS, FOREIGN POLICY INSTITUTIONS AND MIDDLE EASTERN COUNTRIES](https://iranthreats.github.io/resources/human-rights-impersonation-malware/) | [Local](../../blob/master/2016/2016.09.01.human-rights-impersonation-malware)
* Aug 25 - [Technical Analysis of Pegasus Spyware](https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf) | [Local](../../blob/master/2016/2016.08.25.lookout-pegasus-technical-analysis)
* Aug 24 - [The Million Dollar Dissident: NSO Groups iPhone Zero-Days used against a UAE Human Rights Defender](https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/) | [Local](../../blob/master/2016/2016.08.24.million-dollar-dissident-iphone-zero-day-nso-group-uae)
* Oct 05 - [[Kaspersky] Wave your false flags](https://securelist.com/files/2016/10/Bartholomew-GuerreroSaade-VB2016.pdf) | [Local](../../blob/master/2016/2016.10.05_Wave_Your_False_flag)
* Oct 03 - [[Kaspersky] On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users](https://securelist.com/blog/research/76147/on-the-strongpity-waterhole-attacks-targeting-italian-and-belgian-encryption-users/) | [Local](../../blob/master/2016/2016.10.03.StrongPity)
* Sep 29 - [[NATO CCD COE] China and Cyber: Attitudes, Strategies, Organisation](https://ccdcoe.org/sites/default/files/multimedia/pdf/CS_organisation_CHINA_092016.pdf) | [Local](../../blob/master/2016/2016.09.29.China_and_Cyber_Attitudes_Strategies_Organisation)
* Sep 28 - [[ThreatConnect] Belling the BEAR: russia-hacks-bellingcat-mh17-investigation](https://www.threatconnect.com/blog/russia-hacks-bellingcat-mh17-investigation/) | [Local](../../blob/master/2016/2016.09.28.russia-hacks-bellingcat-mh17-investigation)
* Sep 26 - [[Palo Alto Networks] Sofacys Komplex OS X Trojan](http://researchcenter.paloaltonetworks.com/2016/09/unit42-sofacys-komplex-os-x-trojan/) | [Local](../../blob/master/2016/2016.09.26_Sofacy_Komplex_OSX_Trojan)
* Sep 18 - [[Cyberkov] Hunting Libyan Scorpions](https://cyberkov.com/wp-content/uploads/2016/09/Hunting-Libyan-Scorpions-EN.pdf) | [Local](../../blob/master/2016/2016.09.18.Hunting-Libyan-Scorpions)
* Sep 14 - [[Palo Alto Networks] MILE TEA: Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies](http://researchcenter.paloaltonetworks.com/2016/09/mile-tea-cyber-espionage-campaign-targets-asia-pacific-businesses-and-government-agencies/) | [Local](../../blob/master/2016/2016.09.14.MILE_TEA)
* Sep 06 - [[Symantec] Buckeye cyberespionage group shifts gaze from US to Hong Kong](http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong) | [Local](../../blob/master/2016/2016.09.06.buckeye-cyberespionage-group-shifts-gaze-us-hong-kong)
* Sep 01 - [[IRAN THREATS] MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS, FOREIGN POLICY INSTITUTIONS AND MIDDLE EASTERN COUNTRIES](https://iranthreats.github.io/resources/human-rights-impersonation-malware/) | [Local](../../blob/master/2016/2016.09.01.human-rights-impersonation-malware)
* Aug 25 - [[Lookout] Technical Analysis of Pegasus Spyware](https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf) | [Local](../../blob/master/2016/2016.08.25.lookout-pegasus-technical-analysis)
* Aug 24 - [[Citizen Lab] The Million Dollar Dissident: NSO Groups iPhone Zero-Days used against a UAE Human Rights Defender](https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/) | [Local](../../blob/master/2016/2016.08.24.million-dollar-dissident-iphone-zero-day-nso-group-uae)
* Aug 19 - [[ThreatConnect] Russian Cyber Operations on Steroids](https://www.threatconnect.com/blog/fancy-bear-anti-doping-agency-phishing/) | [Local](../../blob/master/2016/2016.08.19.fancy-bear-anti-doping-agency-phishing)
* Aug 17 - [Operation Ghoul: targeted attacks on industrial and engineering organizations](https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-industrial-and-engineering-organizations/) | [Local](../../blob/master/2016/2016.08.17_operation-ghoul)
* Aug 16 - [Aveo Malware Family Targets Japanese Speaking Users](http://researchcenter.paloaltonetworks.com/2016/08/unit42-aveo-malware-family-targets-japanese-speaking-users/) | [Local](../../blob/master/2016/2016.08.16.aveo-malware-family-targets-japanese)
* Aug 11 - [Iran and the Soft War for Internet Dominance](https://iranthreats.github.io/us-16-Guarnieri-Anderson-Iran-And-The-Soft-War-For-Internet-Dominance-paper.pdf) | [Local](../../blob/master/2016/2016.08.11.Iran-And-The-Soft-War-For-Internet-Dominance)
* Aug 17 - [[Kaspersky] Operation Ghoul: targeted attacks on industrial and engineering organizations](https://securelist.com/blog/research/75718/operation-ghoul-targeted-attacks-on-industrial-and-engineering-organizations/) | [Local](../../blob/master/2016/2016.08.17_operation-ghoul)
* Aug 16 - [[Palo Alto Networks] Aveo Malware Family Targets Japanese Speaking Users](http://researchcenter.paloaltonetworks.com/2016/08/unit42-aveo-malware-family-targets-japanese-speaking-users/) | [Local](../../blob/master/2016/2016.08.16.aveo-malware-family-targets-japanese)
* Aug 11 - [[IRAN THREATS] Iran and the Soft War for Internet Dominance](https://iranthreats.github.io/us-16-Guarnieri-Anderson-Iran-And-The-Soft-War-For-Internet-Dominance-paper.pdf) | [Local](../../blob/master/2016/2016.08.11.Iran-And-The-Soft-War-For-Internet-Dominance)
* Aug 08 - [[Forcepoint] MONSOON](https://blogs.forcepoint.com/security-labs/monsoon-analysis-apt-campaign) | [Local](../../blob/master/2016/2016.08.08.monsoon-analysis-apt-campaign)
* Aug 08 - [ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms](https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/) | [Local](../../blob/master/2016/2016.08.08.ProjectSauron)
* Aug 07 - [Strider: Cyberespionage group turns eye of Sauron on targets](http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets) | [Local](../../blob/master/2016/2016.08.07.Strider_Cyberespionage_group_turns_eye_of_Sauron_on_targets)
* Aug 04 - [Running for Office: Russian APT Toolkits Revealed](https://www.recordedfuture.com/russian-apt-toolkits/) | [Local](../../blob/master/2016/2016.08.04.russian-apt-toolkits)
* Aug 08 - [[Kaspersky] ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms](https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/) | [Local](../../blob/master/2016/2016.08.08.ProjectSauron)
* Aug 07 - [[Symantec] Strider: Cyberespionage group turns eye of Sauron on targets](http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets) | [Local](../../blob/master/2016/2016.08.07.Strider_Cyberespionage_group_turns_eye_of_Sauron_on_targets)
* Aug 04 - [[Recorded Future] Running for Office: Russian APT Toolkits Revealed](https://www.recordedfuture.com/russian-apt-toolkits/) | [Local](../../blob/master/2016/2016.08.04.russian-apt-toolkits)
* Aug 03 - [[EFF] Operation Manul: I Got a Letter From the Government the Other Day...Unveiling a Campaign of Intimidation, Kidnapping, and Malware in Kazakhstan](https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf) | [Local](../../blob/master/2016/2016.08.03.i-got-a-letter-from-the-government)
* Aug 02 - [Group5: Syria and the Iranian Connection](https://citizenlab.org/2016/08/group5-syria/) | [Local](../../blob/master/2016/2016.08.02.group5-syria)
* Jul 28 - [ICIT Briefing: Chinas Espionage Dynasty](http://icitech.org/wp-content/uploads/2016/07/ICIT-Brief-China-Espionage-Dynasty.pdf) | [Local](../../blob/master/2016/2016.07.28.China_Espionage_Dynasty)
* Jul 26 - [Attack Delivers 9002 Trojan Through Google Drive](http://researchcenter.paloaltonetworks.com/2016/07/unit-42-attack-delivers-9002-trojan-through-google-drive/) | [Local](../../blob/master/2016/2016.07.26.Attack_Delivers_9002_Trojan_Through_Google_Drive)
* Jul 21 - [Sphinx (APT-C-15) Targeted cyber-attack in the Middle East](https://ti.360.com/upload/report/file/rmsxden20160721.pdf) | [Local](../../blob/master/2016/2016.07.21.Sphinx_Targeted_cyber-attack_in_the_Middle_East)
* Jul 21 - [Hide and Seek: How Threat Actors Respond in the Face of Public Exposure](https://www.rsaconference.com/writable/presentations/file_upload/tta1-f04_hide-and-seek-how-threat-actors-respond-in-the-face-of-public-exposure.pdf) | [Local](../../blob/master/2016/2016.07.21.Hide_and_Seek)
* Jul 13 - [State-Sponsored SCADA Malware targeting European Energy Companies](https://sentinelone.com/blogs/sfg-furtims-parent/) | [Local](../../blob/master/2016/2016.07.13.State-Sponsored_SCADA_Malware_targeting_European_Energy_Companies)
* Jul 12 - [NanHaiShu: RATing the South China Sea](https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf) | [Local](../../blob/master/2016/2016.07.12.NanHaiShu_RATing_the_South_China_Sea)
* Jul 08 - [The Dropping Elephant aggressive cyber-espionage in the Asian region](https://securelist.com/blog/research/75328/the-dropping-elephant-actor/) | [Local](../../blob/master/2016/2016.07.08.The_Dropping_Elephant)
* Jul 07 - [NetTraveler APT Targets Russian, European Interests](https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russian-european-interests) | [Local](../../blob/master/2016/2016.07.07.nettraveler-apt-targets-russian-european-interests)
* Jul 07 - [UNVEILING PATCHWORK: THE COPY-PASTE APT](https://www.cymmetria.com/wp-content/uploads/2016/07/Unveiling-Patchwork.pdf) | [Local](../../blob/master/2016/2016.07.07.UNVEILING_PATCHWORK)
* Jul 03 - [From HummingBad to Worse ](http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf) | [Local](../../blob/master/2016/2016.07.03_From_HummingBad_to_Worse)
* Jul 01 - [Pacifier APT](http://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf) | [Local](../../blob/master/2016/2016.07.01.Bitdefender_Pacifier_APT)
* Jul 01 - [Espionage toolkit targeting Central and Eastern Europe uncovered](http://www.welivesecurity.com/2016/07/01/espionage-toolkit-targeting-central-eastern-europe-uncovered/) | [Local](../../blob/master/2016/2016.07.01.SBDH_toolkit_targeting_Central_and_Eastern_Europe)
* Jun 30 - [Asruex: Malware Infecting through Shortcut Files](http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-files.html) | [Local](../../blob/master/2016/2016.06.30.Asruex)
* Aug 02 - [[Citizen Lab] Group5: Syria and the Iranian Connection](https://citizenlab.org/2016/08/group5-syria/) | [Local](../../blob/master/2016/2016.08.02.group5-syria)
* Jul 28 - [[ICIT] Chinas Espionage Dynasty](http://icitech.org/wp-content/uploads/2016/07/ICIT-Brief-China-Espionage-Dynasty.pdf) | [Local](../../blob/master/2016/2016.07.28.China_Espionage_Dynasty)
* Jul 26 - [[Palo Alto Networks] Attack Delivers 9002 Trojan Through Google Drive](http://researchcenter.paloaltonetworks.com/2016/07/unit-42-attack-delivers-9002-trojan-through-google-drive/) | [Local](../../blob/master/2016/2016.07.26.Attack_Delivers_9002_Trojan_Through_Google_Drive)
* Jul 21 - [[360] Sphinx (APT-C-15) Targeted cyber-attack in the Middle East](https://ti.360.com/upload/report/file/rmsxden20160721.pdf) | [Local](../../blob/master/2016/2016.07.21.Sphinx_Targeted_cyber-attack_in_the_Middle_East)
* Jul 21 - [[RSA] Hide and Seek: How Threat Actors Respond in the Face of Public Exposure](https://www.rsaconference.com/writable/presentations/file_upload/tta1-f04_hide-and-seek-how-threat-actors-respond-in-the-face-of-public-exposure.pdf) | [Local](../../blob/master/2016/2016.07.21.Hide_and_Seek)
* Jul 13 - [[SentinelOne] State-Sponsored SCADA Malware targeting European Energy Companies](https://sentinelone.com/blogs/sfg-furtims-parent/) | [Local](../../blob/master/2016/2016.07.13.State-Sponsored_SCADA_Malware_targeting_European_Energy_Companies)
* Jul 12 - [[F-SECURE] NanHaiShu: RATing the South China Sea](https://www.f-secure.com/documents/996508/1030745/nanhaishu_whitepaper.pdf) | [Local](../../blob/master/2016/2016.07.12.NanHaiShu_RATing_the_South_China_Sea)
* Jul 08 - [[Kaspersky] The Dropping Elephant aggressive cyber-espionage in the Asian region](https://securelist.com/blog/research/75328/the-dropping-elephant-actor/) | [Local](../../blob/master/2016/2016.07.08.The_Dropping_Elephant)
* Jul 07 - [[Proofpoint] NetTraveler APT Targets Russian, European Interests](https://www.proofpoint.com/us/threat-insight/post/nettraveler-apt-targets-russian-european-interests) | [Local](../../blob/master/2016/2016.07.07.nettraveler-apt-targets-russian-european-interests)
* Jul 07 - [[Cymmetria] UNVEILING PATCHWORK: THE COPY-PASTE APT](https://www.cymmetria.com/wp-content/uploads/2016/07/Unveiling-Patchwork.pdf) | [Local](../../blob/master/2016/2016.07.07.UNVEILING_PATCHWORK)
* Jul 03 - [[Check Point] From HummingBad to Worse ](http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf) | [Local](../../blob/master/2016/2016.07.03_From_HummingBad_to_Worse)
* Jul 01 - [[Bitdefender] Pacifier APT](http://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf) | [Local](../../blob/master/2016/2016.07.01.Bitdefender_Pacifier_APT)
* Jul 01 - [[ESET] Espionage toolkit targeting Central and Eastern Europe uncovered](http://www.welivesecurity.com/2016/07/01/espionage-toolkit-targeting-central-eastern-europe-uncovered/) | [Local](../../blob/master/2016/2016.07.01.SBDH_toolkit_targeting_Central_and_Eastern_Europe)
* Jun 30 - [[JPCERT] Asruex: Malware Infecting through Shortcut Files](http://blog.jpcert.or.jp/2016/06/asruex-malware-infecting-through-shortcut-files.html) | [Local](../../blob/master/2016/2016.06.30.Asruex)
* Jun 29 - [MONSOON ANALYSIS OF AN APT CAMPAIGN](https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf) | [Local](../../blob/master/2016/2016.06.29.MonSoon)
* Jun 28 - [Prince of Persia Game Over](http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-of-persia-game-over/) | [Local](../../blob/master/2016/2016.06.28.prince-of-persia-game-over)
* Jun 28 - [(Japan)Attack Tool Investigation](https://www.jpcert.or.jp/research/20160628ac-ir_research.pdf) | [Local](../../blob/master/2016/2016.06.28.Attack_Tool_Investigation)
* Jun 26 - [The State of the ESILE/Lotus Blossom Campaign](http://blog.trendmicro.com/trendlabs-security-intelligence/the-state-of-the-esilelotus-blossom-campaign/) | [Local](../../blob/master/2016/2016.06.26.The_State_of_the_ESILE_Lotus_Blossom_Campaign)
* Jun 26 - [Nigerian Cybercriminals Target High-Impact Industries in India via Pony](https://blog.cylance.com/threat-update-nigerian-cybercriminals-target-high-impact-indian-industries-via-pony) | [Local](../../blob/master/2016/2016.06.26.Nigerian_Cybercriminals_Target_High_Impact_Industries_in_India)
* Jun 23 - [Tracking Elirks Variants in Japan: Similarities to Previous Attacks](http://researchcenter.paloaltonetworks.com/2016/06/unit42-tracking-elirks-variants-in-japan-similarities-to-previous-attacks/) | [Local](../../blob/master/2016/2016.06.23.Tracking_Elirks_Variants_in_Japan)
* Jun 21 - [The Curious Case of an Unknown Trojan Targeting German-Speaking Users](https://blog.fortinet.com/2016/06/21/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users) | [Local](../../blob/master/2016/2016.06.21.Unknown_Trojan_Targeting_German_Speaking_Users)
* Jun 21 - [Redline Drawn: China Recalculates Its Use of Cyber Espionage]( https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-china-espionage.pdf) | [Local](../../blob/master/2016/2016.06.21.Redline_Drawn_China_Recalculates_Its_Use_of_Cyber_Espionage)
* Jun 21 - [Visiting The Bear Den](http://www.welivesecurity.com/wp-content/uploads/2016/06/visiting_the_bear_den_recon_2016_calvet_campos_dupuy-1.pdf) | [Local](../../blob/master/2016/2016.06.21.visiting_the_bear_den_recon_2016_calvet_campos_dupuy)
* Jun 16 - [Threat Group-4127 Targets Hillary Clinton Presidential Campaign](https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign) | [Local](../../blob/master/2016/2016.06.16.DNC)
* Jun 15 - [Bears in the Midst: Intrusion into the Democratic National Committee](https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/) | [Local](../../blob/master/2016/2016.06.09.Operation_DustySky_II/)
* Jun 09 - [Operation DustySky Part 2](http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf) | [Local](../../blob/master/2016/2016.06.09.Operation_DustySky_II/)
* Jun 02 - [FastPOS: Quick and Easy Credit Card Theft](http://documents.trendmicro.com/assets/fastPOS-quick-and-easy-credit-card-theft.pdf) | [Local](../../blob/master/2016/2016.06.02.fastpos-quick-and-easy-credit-card-theft/)
* May 27 - [IXESHE Derivative IHEATE Targets Users in America](http://blog.trendmicro.com/trendlabs-security-intelligence/ixeshe-derivative-iheate-targets-users-america/) | [Local](../../blob/master/2016/2016.05.27.IXESHE_Derivative_IHEATE_Targets_Users_in_America/)
* May 26 - [The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor](http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/) | [Local](../../blob/master/2016/2016.05.26.OilRig_Campaign/)
* May 25 - [CVE-2015-2545: overview of current threats](https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/) | [Local](../../blob/master/2016/2016.05.25.CVE-2015-2545/)
* May 24 - [New Wekby Attacks Use DNS Requests As Command and Control Mechanism](http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/) | [Local](../../blob/master/2016/2016.05.24.New_Wekby_Attacks)
* May 23 - [APT Case RUAG Technical Report](https://www.melani.admin.ch/dam/melani/en/dokumente/2016/technical%20report%20ruag.pdf.download.pdf/Report_Ruag-Espionage-Case.pdf) | [Local](../../blob/master/2016/2016.05.23.APT_Case_RUAG)
* May 22 - [TARGETED ATTACKS AGAINST BANKS IN THE MIDDLE EAST](https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html) | [Local](../../blob/master/2016/2016.05.22.Targeted_Attacks_Against_Banks_in_Middle_East)
* May 22 - [Operation Ke3chang Resurfaces With New TidePool Malware](http://researchcenter.paloaltonetworks.com/2016/05/operation-ke3chang-resurfaces-with-new-tidepool-malware/) | [Local](../../blob/master/2016/2016.05.22.Operation_Ke3chang_Resurfaces_With_New_TidePool_Malware/)
* May 18 - [Operation Groundbait: Analysis of a surveillance toolkit](http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf) | [Local](../../blob/master/2016/2016.05.18.Operation_Groundbait/)
* May 17 - [Mofang: A politically motivated information stealing adversary](https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf) | [Local](../../blob/master/2016/2016.05.17.Mofang)
* May 17 - [Indian organizations targeted in Suckfly attacks](http://www.symantec.com/connect/ko/blogs/indian-organizations-targeted-suckfly-attacks) | [Local](../../blob/master/2016/2016.05.17.Indian_organizations_targeted_in_Suckfly_attacks/)
* May 10 - [Backdoor as a Software Suite: How TinyLoader Distributes and Upgrades PoS Threats](http://blog.trendmicro.com/trendlabs-security-intelligence/how-tinyloader-distributes-and-upgrades-pos-threats/) | [paper](http://documents.trendmicro.com/assets/tinypos-abaddonpos-ties-to-tinyloader.pdf) | [Local](../../blob/master/2016/2016.05.10.tinyPOS_tinyloader/)
* May 09 - [Using Honeynets and the Diamond Model for ICS Threat Analysis](http://resources.sei.cmu.edu/asset_files/TechnicalReport/2016_005_001_454247.pdf) | [Local](../../blob/master/2016/2016.05.09_ICS_Threat_Analysis/)
* May 06 - [Exploring CVE-2015-2545 and its users](http://pwc.blogs.com/cyber_security_updates/2016/05/exploring-cve-2015-2545-and-its-users.html) | [Local](../../blob/master/2016/2016.05.06_Exploring_CVE-2015-2545/)
* May 05 - [Jaku: an on-going botnet campaign](https://www.forcepoint.com/sites/default/files/resources/files/report_jaku_analysis_of_botnet_campaign_en_0.pdf) | [Local](../../blob/master/2016/2016.05.05_Jaku_botnet_campaign/)
* May 02 - [GOZNYM MALWARE target US, AT, DE ](https://blog.team-cymru.org/2016/05/goznym-malware/) | [Local](../../blob/master/2016/2016.05.02.GOZNYM_MALWARE)
* May 02 - [Prince of Persia: Infy Malware Active In Decade of Targeted Attacks](http://researchcenter.paloaltonetworks.com/2016/05/prince-of-persia-infy-malware-active-in-decade-of-targeted-attacks/) | [Local](../../blob/master/2016/2016.05.02.Prince_of_Persia_Infy_Malware/)
* Apr 27 - [Repackaging Open Source BeEF for Tracking and More](https://securelist.com/blog/software/74503/freezer-paper-around-free-meat/) | [Local](../../blob/master/2016/2016.04.27.Repackaging_Open_Source_BeEF)
* Apr 26 - [Cyber warfare: Iran opens a new front](http://www.ft.com/intl/cms/s/0/15e1acf0-0a47-11e6-b0f1-61f222853ff3.html#axzz478cZz3ao) | [Local](../../blob/master/2016/2016.04.26.Iran_Opens_a_New_Front/)
* Apr 26 - [New Poison Ivy Activity Targeting Myanmar, Asian Countries](https://www.arbornetworks.com/blog/asert/recent-poison-iv/) | [Local](../../blob/master/2016/2016.04.26.New_Poison_Ivy_Activity_Targeting_Myanmar_Asian_Countries/)
* Apr 22 - [The Ghost Dragon - Cylance](https://blog.cylance.com/the-ghost-dragon) | [Local](../../blob/master/2016/2016.04.22.the-ghost-dragon)
* Apr 21 - [Teaching an old RAT new tricks](https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/) | [Local](../../blob/master/2016/2016.04.21.Teaching_an_old_RAT_new_tricks/)
* Apr 21 - [New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists](http://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/) | [Local](../../blob/master/2016/2016.04.21.New_Poison_Ivy_RAT_Variant_Targets_Hong_Kong/)
* Apr 18 - [Between Hong Kong and Burma: Tracking UP007 and SLServer Espionage Campaigns](https://citizenlab.org/2016/04/between-hong-kong-and-burma/) | [Local](../../blob/master/2016/2016.04.18.UP007/)
* Apr 15 - [Detecting and Responding Pandas and Bears](http://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Detecting-and-Responding-to-Pandas-and-Bears-Christopher-Scott-CrowdStrike-and-Wendi-Whitmore-IBM.pdf) | [Local](../../blob/master/2016/2016.04.15.pandas_and_bears/)
* Apr 12 - [PLATINUM: Targeted attacks in South and Southeast Asia](http://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf) | [Local](../../blob/master/2016/2016.04.12.PLATINUM_Targeted_attacks_in_South_and_Southeast_Asia/)
* Mar 25 - [ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe](http://researchcenter.paloaltonetworks.com/2016/03/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/?utm_medium=email&utm_source=Adobe%20Campaign&utm_campaign=Unit%2042%20Blog%20Updates%2031Mar16) | [Local](../../blob/master/2016/2016.03.25.ProjectM/)
* Mar 23 - [Operation C-Major: Information Theft Campaign Targets Military Personnel in India](http://blog.trendmicro.com/trendlabs-security-intelligence/indian-military-personnel-targeted-by-information-theft-campaign/) | [Local](../../blob/master/2016/2016.03.23.Operation_C_Major/)
* Mar 18 - [Analysis of the Cyber Attack on the Ukrainian Power Grid: Defense Use Case](https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf) | [Local](../../blob/master/2016/2016.03.18.Analysis_of_the_Cyber_Attack_on_the_Ukrainian_Power_Grid/)
* Mar 17 - [Taiwan Presidential Election: A Case Study on Thematic Targeting](http://pwc.blogs.com/cyber_security_updates/2016/03/taiwant-election-targetting.html) | [Local](../../blob/master/2016/2016.03.17.Taiwan-election-targetting/)
* Mar 15 - [Suckfly: Revealing the secret life of your code signing certificates](http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates) | [Local](../../blob/master/2016/2016.03.15.Suckfly)
* Mar 14 - [Bank robbery in progress: New attacks from Carbanak group target banks in Middle East and US](https://www.proofpoint.com/us/threat-insight/post/carbanak-cybercrime-group-targets-executives-of-financial-organizations-in-middle-east) | [Local](../../blob/master/2016/2016.03.14.Carbanak_cybercrime_group)
* Mar 10 - [Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans](https://citizenlab.org/2016/03/shifting-tactics/) | [Local](../../blob/master/2016/2016.03.10.shifting-tactics)
* Mar 09 - [LESSONS FROM OPERATION RUSSIANDOLL](https://www.fireeye.com/blog/threat-research/2016/03/lessons-from-operation-russian-doll.html) | [Local](../../blob/master/2016/2016.03.09.Operation_RussianDoll)
* Mar 08 - [Onion Dog, A 3 Year Old APT Focused On the Energy and Transportation Industries in Korean-language Countries](http://www.prnewswire.com/news-releases/onion-dog-a-3-year-old-apt-focused-on-the-energy-and-transportation-industries-in-korean-language-countries-is-exposed-by-360-300232441.html) | [Local](../../blob/master/2016/2016.03.08.OnionDog)
* Mar 03 - [Shedding Light on BlackEnergy With Open Source Intelligence](https://www.recordedfuture.com/blackenergy-malware-analysis/) | [Local](../../blob/master/2016/2016.03.03.Shedding_Light_BlackEnergy)
* Mar 01 - [Operation Transparent Tribe - APT Targeting Indian Diplomatic and Military Interests](https://www.proofpoint.com/us/threat-insight/post/Operation-Transparent-Tribe) | [Local](../../blob/master/2016/2016.03.01.Operation_Transparent_Tribe/)
* Feb 29 - [The Turbo Campaign, Featuring Derusbi for 64-bit Linux](https://www.fidelissecurity.com/sites/default/files/TA_Fidelis_Turbo_1602_0.pdf) | [Local](../../blob/master/2016/2016.02.24.Operation_Blockbuster)
* Feb 24 - [Operation Blockbuster](https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf) | [Local](../../blob/master/2016/2016.02.24.Operation_Blockbuster)
* Feb 23 - [OPERATION DUST STORM](https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/Op_Dust_Storm_Report.pdf?t=1456355696065) | [Local](../../blob/master/2016/2016.02.23.Operation_Dust_Storm)
* Feb 12 - [A Look Into Fysbis: Sofacys Linux Backdoor](http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/) | [Local](../../blob/master/2016/2016.02.12.Fysbis_Sofacy_Linux_Backdoor)
* Feb 11 - [Hacktivism: India vs. Pakistan](https://www.recordedfuture.com/india-pakistan-cyber-rivalry/) | [Local](../../blob/master/2016/2016.02.11.Hacktivism_India_vs_Pakistan)
* Feb 09 - [Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage](https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/) | [Local](../../blob/master/2016/2016.02.09_Poseidon_APT_Boutique)
* Feb 08 - [Know Your Enemies 2.0: A Primer on Advanced Persistent Threat Groups](http://icitech.org/know-your-enemies-2-0/) | [Local](../../blob/master/2016/2016.02.08.Know_Your_Enemies_2.0)
* Feb 04 - [T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques](http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/) | [Local](../../blob/master/2016/2016.02.04_PaloAlto_T9000-Advanced-Modular-Backdoor)
* Feb 03 - [Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?](http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve/) | [Local](../../blob/master/2016.02.03.Emissary_Trojan_Changelog)
* Feb 01 - [Massive Admedia/Adverting iFrame Infection](https://blog.sucuri.net/2016/02/massive-admedia-iframe-javascript-infection.html) | [Local](../../blob/master/2016/2016.02.01.Massive_Admedia_Adverting_iFrame_Infection)
* Feb 01 - [Organized Cybercrime Big in Japan: URLZone Now on the Scene](https://securityintelligence.com/organized-cybercrime-big-in-japan-urlzone-now-on-the-scene/) | [Local](../../blob/master/2016/2016.02.01.URLzone_Team)
* Jan 29 - [Tinbapore: Millions of Dollars at Risk](https://devcentral.f5.com/d/tinbapore-millions-of-dollars-at-risk?download=true) | [Local](../../blob/master/2016/2016.01.29.Tinbapore_Attack)
* Jan 29 - [Malicious Office files dropping Kasidet and Dridex](http://research.zscaler.com/2016/01/malicious-office-files-dropping-kasidet.html) | [Local](../../blob/master/2016/2016.01.29.Malicious_Office_files_dropping_Kasidet_and_Dridex)
* Jan 28 - [BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents](https://securelist.com/blog/research/73440/blackenergy-apt-attacks-in-ukraine-employ-spearphishing-with-word-documents/) | [Local](../../blob/master/2016/2016.01.28.BlackEnergy_APT)
* Jan 27 - [Dissecting the Malware Involved in the INOCNATION Campaign](https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf) | [Local](../../blob/master/2016/2016.01.27.Hi-Zor.RAT)
* Jan 26 - [Analyzing a New Variant of BlackEnergy 3](https://www.sentinelone.com/wp-content/uploads/2016/01/BlackEnergy3_WP_012716_1c.pdf) | [Local](../../blob/master/2016/2016.01.26.BlackEnergy3)
* Jan 24 - [Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists](http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/) | [Local](../../blob/master/2016/2016.01.24_Scarlet_Minic)
* Jan 21 - [NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan](http://researchcenter.paloaltonetworks.com/2016/01/nettraveler-spear-phishing-email-targets-diplomat-of-uzbekistan/) | [Local](../../blob/master/2016/2016.01.21.NetTraveler_Uzbekistan)
* Jan 19 - [360 SkyEye 2015 APT Annual Report](https://ti.360.com/upload/report/file/2015.APT.Annual_Report.pdf) | [Local](../../blob/master/2016/2016.01.19.360_APT_Report)
* Jan 14 - [RESEARCH SPOTLIGHT: NEEDLES IN A HAYSTACK](http://blog.talosintel.com/2016/01/haystack.html#more) | [Local](../../blob/master/2016/2016.01.14_Cisco_Needles_in_a_Haystack)
* Jan 14 - [The Waterbug attack group](https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf) | [Local](../../blob/master/2016/2016.01.14.The.Waterbug.Attack.Group/)
* Jan 07 - [Operation DustySky](http://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf) | [Local](../../blob/master/2016/2016.01.07.Operation_DustySky)
* Jan 07 - [RIGGING COMPROMISE - RIG EXPLOIT KIT](http://blog.talosintel.com/2016/01/rigging-compromise.html) | [Local](../../blob/master/2016/2016.01.07.rigging-compromise)
* Jan 03 - [BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry](http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/) | [Local](../../blob/master/2016/2016.01.03.BlackEnergy_Ukrainian)
* Jun 28 - [[JPCERT] (Japan)Attack Tool Investigation](https://www.jpcert.or.jp/research/20160628ac-ir_research.pdf) | [Local](../../blob/master/2016/2016.06.28.Attack_Tool_Investigation)
* Jun 26 - [[Trend Micro] The State of the ESILE/Lotus Blossom Campaign](http://blog.trendmicro.com/trendlabs-security-intelligence/the-state-of-the-esilelotus-blossom-campaign/) | [Local](../../blob/master/2016/2016.06.26.The_State_of_the_ESILE_Lotus_Blossom_Campaign)
* Jun 26 - [[Cylance] Nigerian Cybercriminals Target High-Impact Industries in India via Pony](https://blog.cylance.com/threat-update-nigerian-cybercriminals-target-high-impact-indian-industries-via-pony) | [Local](../../blob/master/2016/2016.06.26.Nigerian_Cybercriminals_Target_High_Impact_Industries_in_India)
* Jun 23 - [[Palo Alto Networks] Tracking Elirks Variants in Japan: Similarities to Previous Attacks](http://researchcenter.paloaltonetworks.com/2016/06/unit42-tracking-elirks-variants-in-japan-similarities-to-previous-attacks/) | [Local](../../blob/master/2016/2016.06.23.Tracking_Elirks_Variants_in_Japan)
* Jun 21 - [[Fortinet] The Curious Case of an Unknown Trojan Targeting German-Speaking Users](https://blog.fortinet.com/2016/06/21/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users) | [Local](../../blob/master/2016/2016.06.21.Unknown_Trojan_Targeting_German_Speaking_Users)
* Jun 21 - [[FireEye] Redline Drawn: China Recalculates Its Use of Cyber Espionage]( https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/rpt-china-espionage.pdf) | [Local](../../blob/master/2016/2016.06.21.Redline_Drawn_China_Recalculates_Its_Use_of_Cyber_Espionage)
* Jun 21 - [[ESET] Visiting The Bear Den](http://www.welivesecurity.com/wp-content/uploads/2016/06/visiting_the_bear_den_recon_2016_calvet_campos_dupuy-1.pdf) | [Local](../../blob/master/2016/2016.06.21.visiting_the_bear_den_recon_2016_calvet_campos_dupuy)
* Jun 16 - [[Dell] Threat Group-4127 Targets Hillary Clinton Presidential Campaign](https://www.secureworks.com/research/threat-group-4127-targets-hillary-clinton-presidential-campaign) | [Local](../../blob/master/2016/2016.06.16.DNC)
* Jun 15 - [[CrowdStrike] Bears in the Midst: Intrusion into the Democratic National Committee](https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/) | [Local](../../blob/master/2016/2016.06.09.Operation_DustySky_II/)
* Jun 09 - [[Clearsky] Operation DustySky Part 2](http://www.clearskysec.com/wp-content/uploads/2016/06/Operation-DustySky2_-6.2016_TLP_White.pdf) | [Local](../../blob/master/2016/2016.06.09.Operation_DustySky_II/)
* Jun 02 - [[Trend Micro] FastPOS: Quick and Easy Credit Card Theft](http://documents.trendmicro.com/assets/fastPOS-quick-and-easy-credit-card-theft.pdf) | [Local](../../blob/master/2016/2016.06.02.fastpos-quick-and-easy-credit-card-theft/)
* May 27 - [[Trend Micro] IXESHE Derivative IHEATE Targets Users in America](http://blog.trendmicro.com/trendlabs-security-intelligence/ixeshe-derivative-iheate-targets-users-america/) | [Local](../../blob/master/2016/2016.05.27.IXESHE_Derivative_IHEATE_Targets_Users_in_America/)
* May 26 - [[Palo Alto Networks] The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor](http://researchcenter.paloaltonetworks.com/2016/05/the-oilrig-campaign-attacks-on-saudi-arabian-organizations-deliver-helminth-backdoor/) | [Local](../../blob/master/2016/2016.05.26.OilRig_Campaign/)
* May 25 - [[Kaspersky] CVE-2015-2545: overview of current threats](https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/) | [Local](../../blob/master/2016/2016.05.25.CVE-2015-2545/)
* May 24 - [[Palo Alto Networks] New Wekby Attacks Use DNS Requests As Command and Control Mechanism](http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/) | [Local](../../blob/master/2016/2016.05.24.New_Wekby_Attacks)
* May 23 - [[MELANI:GovCERT] APT Case RUAG Technical Report](https://www.melani.admin.ch/dam/melani/en/dokumente/2016/technical%20report%20ruag.pdf.download.pdf/Report_Ruag-Espionage-Case.pdf) | [Local](../../blob/master/2016/2016.05.23.APT_Case_RUAG)
* May 22 - [[FireEye] TARGETED ATTACKS AGAINST BANKS IN THE MIDDLE EAST](https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html) | [Local](../../blob/master/2016/2016.05.22.Targeted_Attacks_Against_Banks_in_Middle_East)
* May 22 - [[Palo Alto Networks] Operation Ke3chang Resurfaces With New TidePool Malware](http://researchcenter.paloaltonetworks.com/2016/05/operation-ke3chang-resurfaces-with-new-tidepool-malware/) | [Local](../../blob/master/2016/2016.05.22.Operation_Ke3chang_Resurfaces_With_New_TidePool_Malware/)
* May 18 - [[ESET] Operation Groundbait: Analysis of a surveillance toolkit](http://www.welivesecurity.com/wp-content/uploads/2016/05/Operation-Groundbait.pdf) | [Local](../../blob/master/2016/2016.05.18.Operation_Groundbait/)
* May 17 - [[FOX-IT] Mofang: A politically motivated information stealing adversary](https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf) | [Local](../../blob/master/2016/2016.05.17.Mofang)
* May 17 - [[Symantec] Indian organizations targeted in Suckfly attacks](http://www.symantec.com/connect/ko/blogs/indian-organizations-targeted-suckfly-attacks) | [Local](../../blob/master/2016/2016.05.17.Indian_organizations_targeted_in_Suckfly_attacks/)
* May 10 - [[Trend Micro] Backdoor as a Software Suite: How TinyLoader Distributes and Upgrades PoS Threats](http://blog.trendmicro.com/trendlabs-security-intelligence/how-tinyloader-distributes-and-upgrades-pos-threats/) | [paper](http://documents.trendmicro.com/assets/tinypos-abaddonpos-ties-to-tinyloader.pdf) | [Local](../../blob/master/2016/2016.05.10.tinyPOS_tinyloader/)
* May 09 - [[CMU SEI] Using Honeynets and the Diamond Model for ICS Threat Analysis](http://resources.sei.cmu.edu/asset_files/TechnicalReport/2016_005_001_454247.pdf) | [Local](../../blob/master/2016/2016.05.09_ICS_Threat_Analysis/)
* May 06 - [[PwC] Exploring CVE-2015-2545 and its users](http://pwc.blogs.com/cyber_security_updates/2016/05/exploring-cve-2015-2545-and-its-users.html) | [Local](../../blob/master/2016/2016.05.06_Exploring_CVE-2015-2545/)
* May 05 - [[Forcepoint] Jaku: an on-going botnet campaign](https://www.forcepoint.com/sites/default/files/resources/files/report_jaku_analysis_of_botnet_campaign_en_0.pdf) | [Local](../../blob/master/2016/2016.05.05_Jaku_botnet_campaign/)
* May 02 - [[Team Cymru] GOZNYM MALWARE target US, AT, DE ](https://blog.team-cymru.org/2016/05/goznym-malware/) | [Local](../../blob/master/2016/2016.05.02.GOZNYM_MALWARE)
* May 02 - [[Palo Alto Networks] Prince of Persia: Infy Malware Active In Decade of Targeted Attacks](http://researchcenter.paloaltonetworks.com/2016/05/prince-of-persia-infy-malware-active-in-decade-of-targeted-attacks/) | [Local](../../blob/master/2016/2016.05.02.Prince_of_Persia_Infy_Malware/)
* Apr 27 - [[Kaspersky] Repackaging Open Source BeEF for Tracking and More](https://securelist.com/blog/software/74503/freezer-paper-around-free-meat/) | [Local](../../blob/master/2016/2016.04.27.Repackaging_Open_Source_BeEF)
* Apr 26 - [[Financial Times] Cyber warfare: Iran opens a new front](http://www.ft.com/intl/cms/s/0/15e1acf0-0a47-11e6-b0f1-61f222853ff3.html#axzz478cZz3ao) | [Local](../../blob/master/2016/2016.04.26.Iran_Opens_a_New_Front/)
* Apr 26 - [[Arbor] New Poison Ivy Activity Targeting Myanmar, Asian Countries](https://www.arbornetworks.com/blog/asert/recent-poison-iv/) | [Local](../../blob/master/2016/2016.04.26.New_Poison_Ivy_Activity_Targeting_Myanmar_Asian_Countries/)
* Apr 22 - [[Cylance] The Ghost Dragon](https://blog.cylance.com/the-ghost-dragon) | [Local](../../blob/master/2016/2016.04.22.the-ghost-dragon)
* Apr 21 - [[SentinelOne] Teaching an old RAT new tricks](https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/) | [Local](../../blob/master/2016/2016.04.21.Teaching_an_old_RAT_new_tricks/)
* Apr 21 - [[Palo Alto Networks] New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists](http://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/) | [Local](../../blob/master/2016/2016.04.21.New_Poison_Ivy_RAT_Variant_Targets_Hong_Kong/)
* Apr 18 - [[Citizen Lab] Between Hong Kong and Burma: Tracking UP007 and SLServer Espionage Campaigns](https://citizenlab.org/2016/04/between-hong-kong-and-burma/) | [Local](../../blob/master/2016/2016.04.18.UP007/)
* Apr 15 - [[SANS] Detecting and Responding Pandas and Bears](http://files.sans.org/summit/Threat_Hunting_Incident_Response_Summit_2016/PDFs/Detecting-and-Responding-to-Pandas-and-Bears-Christopher-Scott-CrowdStrike-and-Wendi-Whitmore-IBM.pdf) | [Local](../../blob/master/2016/2016.04.15.pandas_and_bears/)
* Apr 12 - [[Microsoft] PLATINUM: Targeted attacks in South and Southeast Asia](http://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf) | [Local](../../blob/master/2016/2016.04.12.PLATINUM_Targeted_attacks_in_South_and_Southeast_Asia/)
* Mar 25 - [[Palo Alto Networks] ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe](http://researchcenter.paloaltonetworks.com/2016/03/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/?utm_medium=email&utm_source=Adobe%20Campaign&utm_campaign=Unit%2042%20Blog%20Updates%2031Mar16) | [Local](../../blob/master/2016/2016.03.25.ProjectM/)
* Mar 23 - [[Trend Micro] Operation C-Major: Information Theft Campaign Targets Military Personnel in India](http://blog.trendmicro.com/trendlabs-security-intelligence/indian-military-personnel-targeted-by-information-theft-campaign/) | [Local](../../blob/master/2016/2016.03.23.Operation_C_Major/)
* Mar 18 - [[SANS] Analysis of the Cyber Attack on the Ukrainian Power Grid: Defense Use Case](https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf) | [Local](../../blob/master/2016/2016.03.18.Analysis_of_the_Cyber_Attack_on_the_Ukrainian_Power_Grid/)
* Mar 17 - [[PwC] Taiwan Presidential Election: A Case Study on Thematic Targeting](http://pwc.blogs.com/cyber_security_updates/2016/03/taiwant-election-targetting.html) | [Local](../../blob/master/2016/2016.03.17.Taiwan-election-targetting/)
* Mar 15 - [[Symantec] Suckfly: Revealing the secret life of your code signing certificates](http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates) | [Local](../../blob/master/2016/2016.03.15.Suckfly)
* Mar 14 - [[Proofpoint] Bank robbery in progress: New attacks from Carbanak group target banks in Middle East and US](https://www.proofpoint.com/us/threat-insight/post/carbanak-cybercrime-group-targets-executives-of-financial-organizations-in-middle-east) | [Local](../../blob/master/2016/2016.03.14.Carbanak_cybercrime_group)
* Mar 10 - [[Citizen Lab] Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans](https://citizenlab.org/2016/03/shifting-tactics/) | [Local](../../blob/master/2016/2016.03.10.shifting-tactics)
* Mar 09 - [[FireEye] LESSONS FROM OPERATION RUSSIANDOLL](https://www.fireeye.com/blog/threat-research/2016/03/lessons-from-operation-russian-doll.html) | [Local](../../blob/master/2016/2016.03.09.Operation_RussianDoll)
* Mar 08 - [[360] Operation OnionDog: A 3 Year Old APT Focused On the Energy and Transportation Industries in Korean-language Countries](http://www.prnewswire.com/news-releases/onion-dog-a-3-year-old-apt-focused-on-the-energy-and-transportation-industries-in-korean-language-countries-is-exposed-by-360-300232441.html) | [Local](../../blob/master/2016/2016.03.08.OnionDog)
* Mar 03 - [[Recorded Future] Shedding Light on BlackEnergy With Open Source Intelligence](https://www.recordedfuture.com/blackenergy-malware-analysis/) | [Local](../../blob/master/2016/2016.03.03.Shedding_Light_BlackEnergy)
* Mar 01 - [[Proofpoint] Operation Transparent Tribe - APT Targeting Indian Diplomatic and Military Interests](https://www.proofpoint.com/us/threat-insight/post/Operation-Transparent-Tribe) | [Local](../../blob/master/2016/2016.03.01.Operation_Transparent_Tribe/)
* Feb 29 - [[Fidelis] The Turbo Campaign, Featuring Derusbi for 64-bit Linux](https://www.fidelissecurity.com/sites/default/files/TA_Fidelis_Turbo_1602_0.pdf) | [Local](../../blob/master/2016/2016.02.24.Operation_Blockbuster)
* Feb 24 - [[NOVETTA] Operation Blockbuster](https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf) | [Local](../../blob/master/2016/2016.02.24.Operation_Blockbuster)
* Feb 23 - [[Cylance] OPERATION DUST STORM](https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/Op_Dust_Storm_Report.pdf?t=1456355696065) | [Local](../../blob/master/2016/2016.02.23.Operation_Dust_Storm)
* Feb 12 - [[Palo Alto Networks] A Look Into Fysbis: Sofacys Linux Backdoor](http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/) | [Local](../../blob/master/2016/2016.02.12.Fysbis_Sofacy_Linux_Backdoor)
* Feb 11 - [[Recorded Future] Hacktivism: India vs. Pakistan](https://www.recordedfuture.com/india-pakistan-cyber-rivalry/) | [Local](../../blob/master/2016/2016.02.11.Hacktivism_India_vs_Pakistan)
* Feb 09 - [[Kaspersky] Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage](https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/) | [Local](../../blob/master/2016/2016.02.09_Poseidon_APT_Boutique)
* Feb 08 - [[ICIT] Know Your Enemies 2.0: A Primer on Advanced Persistent Threat Groups](http://icitech.org/know-your-enemies-2-0/) | [Local](../../blob/master/2016/2016.02.08.Know_Your_Enemies_2.0)
* Feb 04 - [[Palo Alto Networks] T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques](http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/) | [Local](../../blob/master/2016/2016.02.04_PaloAlto_T9000-Advanced-Modular-Backdoor)
* Feb 03 - [[Palo Alto Networks] Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?](http://researchcenter.paloaltonetworks.com/2016/02/emissary-trojan-changelog-did-operation-lotus-blossom-cause-it-to-evolve/) | [Local](../../blob/master/2016.02.03.Emissary_Trojan_Changelog)
* Feb 01 - [[Sucuri] Massive Admedia/Adverting iFrame Infection](https://blog.sucuri.net/2016/02/massive-admedia-iframe-javascript-infection.html) | [Local](../../blob/master/2016/2016.02.01.Massive_Admedia_Adverting_iFrame_Infection)
* Feb 01 - [[IBM] Organized Cybercrime Big in Japan: URLZone Now on the Scene](https://securityintelligence.com/organized-cybercrime-big-in-japan-urlzone-now-on-the-scene/) | [Local](../../blob/master/2016/2016.02.01.URLzone_Team)
* Jan 29 - [[F5] Tinbapore: Millions of Dollars at Risk](https://devcentral.f5.com/d/tinbapore-millions-of-dollars-at-risk?download=true) | [Local](../../blob/master/2016/2016.01.29.Tinbapore_Attack)
* Jan 29 - [[Zscaler] Malicious Office files dropping Kasidet and Dridex](http://research.zscaler.com/2016/01/malicious-office-files-dropping-kasidet.html) | [Local](../../blob/master/2016/2016.01.29.Malicious_Office_files_dropping_Kasidet_and_Dridex)
* Jan 28 - [[Kaspersky] BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents](https://securelist.com/blog/research/73440/blackenergy-apt-attacks-in-ukraine-employ-spearphishing-with-word-documents/) | [Local](../../blob/master/2016/2016.01.28.BlackEnergy_APT)
* Jan 27 - [[Fidelis] Dissecting the Malware Involved in the INOCNATION Campaign](https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf) | [Local](../../blob/master/2016/2016.01.27.Hi-Zor.RAT)
* Jan 26 - [[SentinelOne] Analyzing a New Variant of BlackEnergy 3](https://www.sentinelone.com/wp-content/uploads/2016/01/BlackEnergy3_WP_012716_1c.pdf) | [Local](../../blob/master/2016/2016.01.26.BlackEnergy3)
* Jan 24 - [[Palo Alto Networks] Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists](http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/) | [Local](../../blob/master/2016/2016.01.24_Scarlet_Minic)
* Jan 21 - [[Palo Alto Networks] NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan](http://researchcenter.paloaltonetworks.com/2016/01/nettraveler-spear-phishing-email-targets-diplomat-of-uzbekistan/) | [Local](../../blob/master/2016/2016.01.21.NetTraveler_Uzbekistan)
* Jan 19 - [[360] 2015 APT Annual Report](https://ti.360.com/upload/report/file/2015.APT.Annual_Report.pdf) | [Local](../../blob/master/2016/2016.01.19.360_APT_Report)
* Jan 14 - [[CISCO] RESEARCH SPOTLIGHT: NEEDLES IN A HAYSTACK](http://blog.talosintel.com/2016/01/haystack.html#more) | [Local](../../blob/master/2016/2016.01.14_Cisco_Needles_in_a_Haystack)
* Jan 14 - [[Symantec] The Waterbug attack group](https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/waterbug-attack-group.pdf) | [Local](../../blob/master/2016/2016.01.14.The.Waterbug.Attack.Group/)
* Jan 07 - [[Clearsky] Operation DustySky](http://www.clearskysec.com/wp-content/uploads/2016/01/Operation%20DustySky_TLP_WHITE.pdf) | [Local](../../blob/master/2016/2016.01.07.Operation_DustySky)
* Jan 07 - [[CISCO] RIGGING COMPROMISE - RIG EXPLOIT KIT](http://blog.talosintel.com/2016/01/rigging-compromise.html) | [Local](../../blob/master/2016/2016.01.07.rigging-compromise)
* Jan 03 - [[ESET] BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry](http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/) | [Local](../../blob/master/2016/2016.01.03.BlackEnergy_Ukrainian)
## 2015
* Dec 23 - [ELISE: Security Through Obesity](http://pwc.blogs.com/cyber_security_updates/2015/12/elise-security-through-obesity.html) | [Local](../../blob/master//2015/2015.12.13.ELISE)
* Dec 22 - [BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger](http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/) | [Local](../../blob/master//2015/2015.12.22.BBSRAT_Roaming_Tiger)
* Dec 20 - [The EPS Awakens - Part 2](https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html) | [Local](../../blob/master//2015/2015.12.20.EPS_Awakens_Part_II)
* Dec 18 - [Attack on French Diplomat Linked to Operation Lotus Blossom](http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linked-to-operation-lotus-blossom/) | [Local](../../blob/master//2015/2015.12.18.Attack_on_Frence_Diplomat_Linked_To_Operation_Lotus_Blossom)
* Dec 16 - [APT28 Under the Scope - A Journey into Exfiltrating Intelligence and Government Information](http://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_analysis_of_APT28%E2%80%93The_Political_Cyber-Espionage.pdf) | [Local](../../blob/master//2015/2015.12.17.APT28_Under_The_Scope) <a style="background-color: #fc2929; color: #fff;">APT</a>
* Dec 16 - [Operation Black Atlas, Part 2: Tools and Malware Used and How to Detect Them](http://documents.trendmicro.com/assets/Operation_Black%20Atlas_Technical_Brief.pdf) | [Local](../../blob/master//2015/2015.12.16.INOCNATION.Campaign) <a style="background-color: #207de5; color: #fff;">Financial</a>
* Dec 16 - [Dissecting the Malware Involved in the INOCNATION Campaign](https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf) | [Local](../../blob/master//2015/2015.12.16.INOCNATION.Campaign)
* Dec 23 - [[PwC] ELISE: Security Through Obesity](http://pwc.blogs.com/cyber_security_updates/2015/12/elise-security-through-obesity.html) | [Local](../../blob/master//2015/2015.12.13.ELISE)
* Dec 22 - [[Palo Alto Networks] BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger](http://researchcenter.paloaltonetworks.com/2015/12/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/) | [Local](../../blob/master//2015/2015.12.22.BBSRAT_Roaming_Tiger)
* Dec 20 - [[FireEye] The EPS Awakens - Part 2](https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html) | [Local](../../blob/master//2015/2015.12.20.EPS_Awakens_Part_II)
* Dec 18 - [[Palo Alto Networks] Attack on French Diplomat Linked to Operation Lotus Blossom](http://researchcenter.paloaltonetworks.com/2015/12/attack-on-french-diplomat-linked-to-operation-lotus-blossom/) | [Local](../../blob/master//2015/2015.12.18.Attack_on_Frence_Diplomat_Linked_To_Operation_Lotus_Blossom)
* Dec 16 - [[Bitdefender] APT28 Under the Scope - A Journey into Exfiltrating Intelligence and Government Information](http://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_analysis_of_APT28%E2%80%93The_Political_Cyber-Espionage.pdf) | [Local](../../blob/master//2015/2015.12.17.APT28_Under_The_Scope) <a style="background-color: #fc2929; color: #fff;">APT</a>
* Dec 16 - [[Trend Micro] Operation Black Atlas, Part 2: Tools and Malware Used and How to Detect Them](http://documents.trendmicro.com/assets/Operation_Black%20Atlas_Technical_Brief.pdf) | [Local](../../blob/master//2015/2015.12.16.INOCNATION.Campaign) <a style="background-color: #207de5; color: #fff;">Financial</a>
* Dec 16 - [[Fidelis] Dissecting the Malware Involved in the INOCNATION Campaign](https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf) | [Local](../../blob/master//2015/2015.12.16.INOCNATION.Campaign)
* Dec 15 - [Newcomers in the Derusbi family](http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family) | [Local](../../blob/master//2015/2015.12.15.Newcomers_in_the_Derusbi_family)
* Dec 08 - [Packrat: Seven Years of a South American Threat Actor](https://citizenlab.org/2015/12/packrat-report/) | [Local](../../blob/master//2015/2015.12.08.Packrat)
* Dec 07 - [Financial Threat Group Targets Volume Boot Record](https://www.fireeye.com/blog/threat-research/2015/12/fin1-targets-boot-record.html) | [Local](../../blob/master//2015/2015.12.07.Thriving_Beyond_The_Operating_System)
@ -245,7 +245,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
* Nov 23 - [PEERING INTO GLASSRAT](https://blogs.rsa.com/wp-content/uploads/2015/11/GlassRAT-final.pdf) | [Local](../../blob/master//2015/2015.11.23.PEERING_INTO_GLASSRAT)
* Nov 23 - [Prototype Nation: The Chinese Cybercriminal Underground in 2015](http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/prototype-nation-the-chinese-cybercriminal-underground-in-2015/?utm_source=siblog&utm_medium=referral&amp;utm_campaign=2015-cn-ug) | [Local](../../blob/master//2015/2015.11.23.Prototype_Nation_The_Chinese_Cybercriminal_Underground_in_2015)
* Nov 19 - [Russian financial cybercrime: how it works](https://securelist.com/analysis/publications/72782/russian-financial-cybercrime-how-it-works/) | [Local](../../blob/master//2015/2015.11.18.Russian_financial_cybercrime_how_it_works)
* Nov 19 - [Decrypting Strings in Emdivi](http://blog.jpcert.or.jp/2015/11/decrypting-strings-in-emdivi.html) | [Local](../../blob/master//2015/2015.11.19.decrypting-strings-in-emdivi)
* Nov 19 - [[JPCERT] Decrypting Strings in Emdivi](http://blog.jpcert.or.jp/2015/11/decrypting-strings-in-emdivi.html) | [Local](../../blob/master//2015/2015.11.19.decrypting-strings-in-emdivi)
* Nov 18 - [TDrop2 Attacks Suggest Dark Seoul Attackers Return](http://researchcenter.paloaltonetworks.com/2015/11/tdrop2-attacks-suggest-dark-seoul-attackers-return/) | [Local](../../blob/master//2015/2015.11.18.tdrop2)
* Nov 18 - [Sakula Reloaded](http://blog.crowdstrike.com/sakula-reloaded/) | [Local](../../blob/master//2015/2015.11.18.Sakula_Reloaded)
* Nov 18 - [[Damballa] Damballa discovers new toolset linked to Destover Attackers arsenal helps them to broaden attack surface](https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/2015.11.18.Destover/amballa-discovers-new-toolset-linked-to-destover-attackers-arsenal-helps-them-to-broaden-attack-surface.pdf) | [Local](../../blob/master/2015/2015.11.18.Destover)
@ -342,7 +342,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
* Feb 10 - [CrowdStrike Global Threat Intel Report for 2014](http://go.crowdstrike.com/rs/crowdstrike/images/GlobalThreatIntelReport.pdf)
* Feb 04 - [Pawn Storm Update: iOS Espionage App Found](http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/)
* Feb 02 - [Behind the Syrian Conflicts Digital Frontlines](https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-behind-the-syria-conflict.pdf)
* Jan 29 - [Analysis of PlugX Variant - P2P PlugX ](http://blog.jpcert.or.jp/.s/2015/01/analysis-of-a-r-ff05.html)
* Jan 29 - [[JPCERT] Analysis of PlugX Variant - P2P PlugX ](http://blog.jpcert.or.jp/.s/2015/01/analysis-of-a-r-ff05.html)
* Jan 29 - [Backdoor.Winnti attackers and Trojan.Skelky](http://www.symantec.com/connect/blogs/backdoorwinnti-attackers-have-skeleton-their-closet)
* Jan 27 - [Comparing the Regin module 50251 and the "Qwerty" keylogger](http://securelist.com/blog/research/68525/comparing-the-regin-module-50251-and-the-qwerty-keylogger/)
* Jan 22 - [Regin's Hopscotch and Legspin](http://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/)