3884 lines
1.3 MiB
JSON
3884 lines
1.3 MiB
JSON
|
{
|
||
|
|
"type": "bundle",
|
||
|
|
"id": "bundle--54743eaf-e1c0-47a0-b838-49d7950d210b",
|
||
|
|
"objects": [
|
||
|
|
{
|
||
|
|
"type": "identity",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:07.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:07.000Z",
|
||
|
|
"name": "CthulhuSPRL.be",
|
||
|
|
"identity_class": "organization"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "report",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "report--54743eaf-e1c0-47a0-b838-49d7950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:07.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:07.000Z",
|
||
|
|
"name": "Secret Malware in European Union Attack Linked to U.S. and British Intelligence article by the Intercept",
|
||
|
|
"published": "2016-02-22T14:04:29Z",
|
||
|
|
"object_refs": [
|
||
|
|
"x-misp-attribute--54743ef3-fcc8-4187-97ed-dce3950d210b",
|
||
|
|
"observed-data--54743efe-2360-41b0-9bb7-478c950d210b",
|
||
|
|
"url--54743efe-2360-41b0-9bb7-478c950d210b",
|
||
|
|
"indicator--54743f3b-c608-4aa3-9a1f-496e950d210b",
|
||
|
|
"indicator--54743f3b-e7bc-490c-9244-4bdf950d210b",
|
||
|
|
"indicator--54743f3b-618c-4520-b813-4c18950d210b",
|
||
|
|
"indicator--54743f3b-8cb4-4163-afac-4a63950d210b",
|
||
|
|
"indicator--54743f3b-6da4-46a0-80d1-4a5f950d210b",
|
||
|
|
"indicator--54743f3b-85cc-4ad7-b9fc-48a9950d210b",
|
||
|
|
"indicator--54743f3b-b734-4191-a9f9-4113950d210b",
|
||
|
|
"indicator--54743f3c-e220-4825-baa4-4a0e950d210b",
|
||
|
|
"indicator--54743f3c-b2d0-4d95-b7ae-4449950d210b",
|
||
|
|
"indicator--54743f3c-0868-4c22-b20a-47f8950d210b",
|
||
|
|
"indicator--54743f3c-10ac-4a6b-b07c-4134950d210b",
|
||
|
|
"indicator--54743f3c-02c4-4cf8-a710-4fd4950d210b",
|
||
|
|
"indicator--54743f3c-0064-4aaf-9890-4875950d210b",
|
||
|
|
"indicator--54743f3c-7d34-4407-a463-4c8c950d210b",
|
||
|
|
"indicator--54743f3c-9670-4200-8f8b-4819950d210b",
|
||
|
|
"indicator--54743f3c-ab2c-41e8-b3b3-4aae950d210b",
|
||
|
|
"indicator--54743f3c-f614-4c0a-b36d-4e84950d210b",
|
||
|
|
"indicator--54743f3c-9444-4f23-9a4a-4aee950d210b",
|
||
|
|
"indicator--54743f3c-b5f4-4a31-ad9e-4520950d210b",
|
||
|
|
"indicator--54743f3c-dd7c-480a-a542-406c950d210b",
|
||
|
|
"indicator--54743f3c-3830-4cf3-bad1-4d46950d210b",
|
||
|
|
"indicator--54743f3d-b65c-4643-9456-4be8950d210b",
|
||
|
|
"indicator--54743f3d-bff4-4e98-95c0-4331950d210b",
|
||
|
|
"indicator--54743f3d-e984-487b-9d22-4057950d210b",
|
||
|
|
"indicator--54743f3d-5afc-433f-afcb-4590950d210b",
|
||
|
|
"indicator--54743f3d-5f9c-4506-b38b-480f950d210b",
|
||
|
|
"indicator--54743f3d-18b4-41a1-a5e4-471d950d210b",
|
||
|
|
"indicator--54743f3d-1de4-4f9f-a518-420f950d210b",
|
||
|
|
"indicator--54743f3d-c864-437a-b070-4aac950d210b",
|
||
|
|
"indicator--54743f3d-3118-462d-a071-4243950d210b",
|
||
|
|
"indicator--54743f3d-5444-4a90-b02a-45b2950d210b",
|
||
|
|
"indicator--54743f3d-c798-49b9-81c0-40ff950d210b",
|
||
|
|
"indicator--54743f3d-bacc-4bf6-a559-4348950d210b",
|
||
|
|
"indicator--54743fb3-c9d0-4039-8142-476e950d210b",
|
||
|
|
"indicator--54743fb3-9048-4d37-83f0-476e950d210b",
|
||
|
|
"indicator--54743fb3-7e44-4b3d-9d87-476e950d210b",
|
||
|
|
"indicator--54744068-7f60-4b3d-bc7e-4123950d210b",
|
||
|
|
"indicator--54744068-3dd0-4468-a995-42ea950d210b",
|
||
|
|
"indicator--54744068-07d4-4750-8a89-4246950d210b",
|
||
|
|
"indicator--547440da-ad48-413c-ad4e-4f9c950d210b",
|
||
|
|
"indicator--547440da-dc88-40f6-8d0b-41d4950d210b",
|
||
|
|
"indicator--547440da-03dc-4f42-931c-48e1950d210b",
|
||
|
|
"indicator--547440e2-2530-4974-990e-47de950d210b",
|
||
|
|
"indicator--547440e2-4a84-41eb-a467-442d950d210b",
|
||
|
|
"indicator--547440e3-fdc4-4ae1-8797-43ab950d210b",
|
||
|
|
"indicator--547440f4-1b80-44eb-8cac-c9ab950d210b",
|
||
|
|
"indicator--547440f4-80b4-4bc4-bd41-c9ab950d210b",
|
||
|
|
"indicator--547440f5-0e34-43fe-a9e1-c9ab950d210b",
|
||
|
|
"indicator--54744107-fec0-43d5-9a27-4b00950d210b",
|
||
|
|
"indicator--54744108-d3b8-416a-b2d5-4e30950d210b",
|
||
|
|
"indicator--54744108-9d04-4af9-9dcd-4896950d210b",
|
||
|
|
"indicator--5474410f-12e8-4bcd-97fe-4b3b950d210b",
|
||
|
|
"indicator--54744110-13d8-4c98-8ad1-47f4950d210b",
|
||
|
|
"indicator--54744110-b32c-4337-9311-4596950d210b",
|
||
|
|
"indicator--5474411b-ad7c-4177-b4ca-dce3950d210b",
|
||
|
|
"indicator--5474411c-f05c-47c3-948f-dce3950d210b",
|
||
|
|
"indicator--5474411c-4798-4a01-b76d-dce3950d210b",
|
||
|
|
"indicator--54744126-41c0-4749-9047-4923950d210b",
|
||
|
|
"indicator--54744126-3700-4f21-a5ef-48fd950d210b",
|
||
|
|
"indicator--54744126-cc48-4a8d-9668-4e01950d210b",
|
||
|
|
"indicator--54744135-7bd8-45d3-8754-9e39950d210b",
|
||
|
|
"indicator--54744135-0e80-4d82-84f3-9e39950d210b",
|
||
|
|
"indicator--54744135-4820-4f5f-99b9-9e39950d210b",
|
||
|
|
"indicator--54744143-edd4-4caa-b623-4d57950d210b",
|
||
|
|
"indicator--54744143-fc88-4508-bf10-458d950d210b",
|
||
|
|
"indicator--54744143-1988-470b-855a-4a72950d210b",
|
||
|
|
"indicator--54744155-c384-4ed7-8e28-415c950d210b",
|
||
|
|
"indicator--54744155-ba50-43f6-94e5-42da950d210b",
|
||
|
|
"indicator--54744155-d7b4-469e-80fa-429f950d210b",
|
||
|
|
"indicator--54744162-ca38-467b-a598-4655950d210b",
|
||
|
|
"indicator--54744162-b20c-48df-92a5-4fd1950d210b",
|
||
|
|
"indicator--54744162-87dc-4aea-9969-478f950d210b",
|
||
|
|
"indicator--54744189-9804-4e96-8ac3-4887950d210b",
|
||
|
|
"indicator--54744189-79e4-4214-8530-4185950d210b",
|
||
|
|
"indicator--54744189-f480-40f7-9e33-4eb8950d210b",
|
||
|
|
"indicator--54744195-44c4-4dde-8640-4fc1950d210b",
|
||
|
|
"indicator--54744195-b1bc-4493-a918-4727950d210b",
|
||
|
|
"indicator--54744195-72a4-4b0f-ad3d-496c950d210b",
|
||
|
|
"indicator--5474419f-aa54-4a68-8054-dce3950d210b",
|
||
|
|
"indicator--5474419f-9d50-4d7e-86af-dce3950d210b",
|
||
|
|
"indicator--5474419f-e034-40ba-9208-dce3950d210b",
|
||
|
|
"indicator--547441aa-635c-4f2e-ae54-4403950d210b",
|
||
|
|
"indicator--547441aa-4bd0-4a88-bcf7-4154950d210b",
|
||
|
|
"indicator--547441aa-eff8-4946-af0f-4a0c950d210b",
|
||
|
|
"indicator--547441b8-2dac-4053-9670-9e39950d210b",
|
||
|
|
"indicator--547441b8-b5c8-4a48-9b00-9e39950d210b",
|
||
|
|
"indicator--547441b8-b8b8-4659-a240-9e39950d210b",
|
||
|
|
"indicator--547441c2-f7a4-4562-8fa0-4460950d210b",
|
||
|
|
"indicator--547441c2-6ce4-4cb5-857d-4c95950d210b",
|
||
|
|
"indicator--547441c2-1168-4886-b5d1-42d4950d210b",
|
||
|
|
"indicator--547441e1-8424-473d-a6e8-c9ab950d210b",
|
||
|
|
"indicator--547441e1-70b4-48a7-a278-c9ab950d210b",
|
||
|
|
"indicator--547441e1-a1f8-44ec-ba48-c9ab950d210b",
|
||
|
|
"indicator--547441eb-ac4c-465f-988a-476e950d210b",
|
||
|
|
"indicator--547441eb-df30-46ff-af69-476e950d210b",
|
||
|
|
"indicator--547441eb-c7c8-400c-9724-476e950d210b",
|
||
|
|
"indicator--547441f6-8ab0-4379-9def-4ff2950d210b",
|
||
|
|
"indicator--547441f6-8f94-4f20-b81a-4476950d210b",
|
||
|
|
"indicator--547441f6-d084-41ee-ad04-4f20950d210b",
|
||
|
|
"indicator--54744205-51b8-4dae-993d-407e950d210b",
|
||
|
|
"indicator--54744205-a6d8-4089-a734-4bf4950d210b",
|
||
|
|
"indicator--54744206-64a4-43aa-8242-4ef5950d210b",
|
||
|
|
"indicator--54744210-8b40-43a1-a974-dce3950d210b",
|
||
|
|
"indicator--54744210-a6f0-43ed-9102-dce3950d210b",
|
||
|
|
"indicator--54744210-1ee0-4c40-9041-dce3950d210b",
|
||
|
|
"indicator--547442b5-ce18-484f-90dc-4b1e950d210b",
|
||
|
|
"indicator--547442b5-2db0-4c43-a620-4bea950d210b",
|
||
|
|
"indicator--547442b6-3b24-4ce6-962a-4ad2950d210b",
|
||
|
|
"indicator--547442c4-1f88-4f1f-9506-4080950d210b",
|
||
|
|
"indicator--547442c4-a290-44ee-a5df-4367950d210b",
|
||
|
|
"indicator--547442c4-4878-4bfc-894e-4c24950d210b",
|
||
|
|
"indicator--547442cf-b518-472c-a992-476e950d210b",
|
||
|
|
"indicator--547442cf-c388-4244-af7a-476e950d210b",
|
||
|
|
"indicator--547442cf-fb90-4d35-9a1c-476e950d210b",
|
||
|
|
"indicator--547442f0-3e94-4e4f-9782-4a3e950d210b",
|
||
|
|
"indicator--547442f0-c668-420d-9fad-4a2f950d210b",
|
||
|
|
"indicator--547442f1-43ac-44d4-9e4d-4a55950d210b",
|
||
|
|
"indicator--5474430c-56e0-4885-bdaf-4056950d210b",
|
||
|
|
"indicator--5474430c-7ef4-4454-adf4-4c2c950d210b",
|
||
|
|
"indicator--5474430c-ebf8-4795-b603-4f4f950d210b",
|
||
|
|
"indicator--54744315-0c14-4f9d-bc51-dce3950d210b",
|
||
|
|
"indicator--54744315-1dac-4dd7-85c9-dce3950d210b",
|
||
|
|
"indicator--54744316-5bac-463b-b312-dce3950d210b",
|
||
|
|
"indicator--5474431e-7130-4628-b29e-4374950d210b",
|
||
|
|
"indicator--5474431e-4d4c-4408-b080-4a21950d210b",
|
||
|
|
"indicator--5474431f-ead8-4858-a770-4581950d210b",
|
||
|
|
"indicator--54744327-9684-4b54-9da1-9e39950d210b",
|
||
|
|
"indicator--54744327-5434-4699-8eaa-9e39950d210b",
|
||
|
|
"indicator--54744327-5ae0-4bc0-9895-9e39950d210b",
|
||
|
|
"indicator--56c647c8-be68-46d9-ac16-599d950d210f",
|
||
|
|
"indicator--56c647c9-25d8-481a-a44c-59a0950d210f",
|
||
|
|
"indicator--56c647cb-0e40-40ad-935f-599f950d210f",
|
||
|
|
"indicator--56c647cc-d820-4529-aff7-59a2950d210f",
|
||
|
|
"indicator--56c647cd-4590-43cc-b40a-c652950d210f",
|
||
|
|
"indicator--56c647cf-2ef0-4e80-b253-599c950d210f",
|
||
|
|
"indicator--56c647d0-15f0-4a77-8a0a-c654950d210f",
|
||
|
|
"indicator--56c647d1-6be4-4a21-bb14-492c950d210f",
|
||
|
|
"indicator--56c647d3-a1f4-46d3-8e71-c653950d210f",
|
||
|
|
"indicator--56c647d4-4a38-49a2-b7d9-59a4950d210f",
|
||
|
|
"indicator--56c647d5-ca18-4c96-9970-599f950d210f",
|
||
|
|
"indicator--56c647d7-a580-4cca-8010-439d950d210f",
|
||
|
|
"indicator--56c647d8-2714-402d-a803-c653950d210f",
|
||
|
|
"indicator--56c647d9-e710-421b-961b-c654950d210f",
|
||
|
|
"indicator--56c647db-a0a0-4816-b3b1-c652950d210f",
|
||
|
|
"indicator--56c647dc-9694-486c-95f4-4126950d210f",
|
||
|
|
"indicator--56c647de-3dd4-4ddb-a5b8-43e4950d210f",
|
||
|
|
"indicator--56c647df-95e8-407f-8d12-599d950d210f",
|
||
|
|
"indicator--56c647e0-ada4-4e2d-b091-4e19950d210f",
|
||
|
|
"indicator--56c647e2-8970-4b49-8850-c654950d210f",
|
||
|
|
"indicator--56c647e3-02a8-4ce7-aa4d-59a1950d210f",
|
||
|
|
"indicator--56c647e4-4da8-4a1e-b288-59a2950d210f",
|
||
|
|
"indicator--56c647e6-5ad4-44d9-946a-c652950d210f",
|
||
|
|
"indicator--56c647e7-d9c4-4a93-9e4e-c653950d210f",
|
||
|
|
"indicator--56c647e9-f94c-4f70-b416-59a0950d210f",
|
||
|
|
"indicator--56c647ea-95e0-425c-867b-59a2950d210f",
|
||
|
|
"indicator--56c647ec-6ac4-422f-a0bb-59a1950d210f",
|
||
|
|
"indicator--56c647ed-856c-43f1-90a5-c652950d210f"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"Threat-Report",
|
||
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
|
"type:OSINT"
|
||
|
|
],
|
||
|
|
"object_marking_refs": [
|
||
|
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-attribute",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-attribute--54743ef3-fcc8-4187-97ed-dce3950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:33:55.000Z",
|
||
|
|
"modified": "2014-11-25T08:33:55.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"text\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
],
|
||
|
|
"x_misp_category": "External analysis",
|
||
|
|
"x_misp_type": "text",
|
||
|
|
"x_misp_value": "Regin"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--54743efe-2360-41b0-9bb7-478c950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:34:06.000Z",
|
||
|
|
"modified": "2014-11-25T08:34:06.000Z",
|
||
|
|
"first_observed": "2014-11-25T08:34:06Z",
|
||
|
|
"last_observed": "2014-11-25T08:34:06Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--54743efe-2360-41b0-9bb7-478c950d210b"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--54743efe-2360-41b0-9bb7-478c950d210b",
|
||
|
|
"value": "https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3b-c608-4aa3-9a1f-496e950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:07.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:07.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '20831e820af5f41353b5afab659f2ad42ec6df5d9692448872f3ed8bbb40ab92']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3b-e7bc-490c-9244-4bdf950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:07.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:07.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '7553d4a5914af58b23a9e0ce6a262cd230ed8bb2c30da3d42d26b295f9144ab7']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3b-618c-4520-b813-4c18950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:07.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:07.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'f89549fc84a8d0f8617841c6aa4bb1678ea2b6081c1f7f74ab1aebd4db4176e4']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3b-8cb4-4163-afac-4a63950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:07.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:07.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'fd92fd7d0f925ccc0b4cbb6b402e8b99b64fa6a4636d985d78e5507bd4cfecef']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3b-6da4-46a0-80d1-4a5f950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:07.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:07.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '225e9596de85ca7b1025d6e444f6a01aa6507feef213f4d2e20da9e7d5d8e430']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3b-85cc-4ad7-b9fc-48a9950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:07.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:07.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '9cd5127ef31da0e8a4e36292f2af5a9ec1de3b294da367d7c05786fe2d5de44f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3b-b734-4191-a9f9-4113950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:07.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:07.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3c-e220-4825-baa4-4a0e950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:08.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3c-b2d0-4d95-b7ae-4449950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:08.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '4e39bc95e35323ab586d740725a1c8cbcde01fe453f7c4cac7cced9a26e42cc9']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3c-0868-4c22-b20a-47f8950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:08.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'a0d82c3730bc41e267711480c8009883d1412b68977ab175421eabc34e4ef355']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3c-10ac-4a6b-b07c-4134950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:08.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'a7493fac96345a989b1a03772444075754a2ef11daa22a7600466adc1f69a669']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3c-02c4-4cf8-a710-4fd4950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:08.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '5001793790939009355ba841610412e0f8d60ef5461f2ea272ccf4fd4c83b823']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3c-0064-4aaf-9890-4875950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:08.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'a6603f27c42648a857b8a1cbf301ed4f0877be75627f6bbe99c0bfd9dc4adb35']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3c-7d34-4407-a463-4c8c950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:08.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '8d7be9ed64811ea7986d788a75cbc4ca166702c6ff68c33873270d7c6597f5db']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3c-9670-4200-8f8b-4819950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:08.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '40c46bcab9acc0d6d235491c01a66d4c6f35d884c19c6f410901af6d1e33513b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3c-ab2c-41e8-b3b3-4aae950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:08.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'df77132b5c192bd8d2d26b1ebb19853cf03b01d38afd5d382ce77e0d7219c18c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3c-f614-4c0a-b36d-4e84950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:08.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '7d38eb24cf5644e090e45d5efa923aff0e69a600fb0ab627e8929bb485243926']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3c-9444-4f23-9a4a-4aee950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:08.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'a7e3ad8ea7edf1ca10b0e5b0d976675c3016e5933219f97e94900dea0d470abe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3c-b5f4-4a31-ad9e-4520950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:08.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'a0e3c52a2c99c39b70155a9115a6c74ea79f8a68111190faa45a8fd1e50f8880']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3c-dd7c-480a-a542-406c950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:08.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'd42300fea6eddcb2f65ffec9e179e46d87d91affad55510279ecbb0250d7fdff']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3c-3830-4cf3-bad1-4d46950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:08.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '5c81cf8262f9a8b0e100d2a220f7119e54edfc10c4fb906ab7848a015cd12d90']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3d-b65c-4643-9456-4be8950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:09.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'b755ed82c908d92043d4ec3723611c6c5a7c162e78ac8065eb77993447368fce']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3d-bff4-4e98-95c0-4331950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:09.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'c0cf8e008fbfa0cb2c61d968057b4a077d62f64d7320769982d28107db370513']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3d-e984-487b-9d22-4057950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:09.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'cca1850725f278587845cd19cbdf3dceb6f65790d11df950f17c5ff6beb18601']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3d-5afc-433f-afcb-4590950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:09.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'ecd7de3387b64b7dab9a7fb52e8aa65cb7ec9193f8eac6a7d79407a6a932ef69']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3d-5f9c-4506-b38b-480f950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:09.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'e1ba03a10a40aab909b2ba58dcdfd378b4d264f1f4a554b669797bbb8c8ac902']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3d-18b4-41a1-a5e4-471d950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:09.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '392f32241cd3448c7a435935f2ff0d2cdc609dda81dd4946b1c977d25134e96e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3d-1de4-4f9f-a518-420f950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:09.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '9ddbe7e77cb5616025b92814d68adfc9c3e076dddbe29de6eb73701a172c3379']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3d-c864-437a-b070-4aac950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:09.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '8389b0d3fb28a5f525742ca2bf80a81cf264c806f99ef684052439d6856bc7e7']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3d-3118-462d-a071-4243950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:09.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'fe1419e9dde6d479bd7cda27edd39fafdab2668d498931931a2769b370727129']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3d-5444-4a90-b02a-45b2950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:09.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = 'e420d0cf7a7983f78f5a15e6cb460e93c7603683ae6c41b27bf7f2fa34b2d935']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3d-c798-49b9-81c0-40ff950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:09.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '4139149552b0322f2c5c993abccc0f0d1b38db4476189a9f9901ac0d57a656be']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743f3d-bacc-4bf6-a559-4348950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:35:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:35:09.000Z",
|
||
|
|
"pattern": "[file:hashes.SHA256 = '4d6cebe37861ace885aa00046e2769b500084cc79750d2bf8c1e290a1c42aaff']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:35:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743fb3-c9d0-4039-8142-476e950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:37:07.000Z",
|
||
|
|
"modified": "2014-11-25T08:37:07.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAKREeUXebAjJdWcAAFh8AABAABwANGQ2Y2ViZTM3ODYxYWNlODg1YWEwMDA0NmUyNzY5YjUwMDA4NGNjNzk3NTBkMmJmOGMxZTI5MGExYzQyYWFmZlVUCQADsz90VLM/dFR1eAsAAQQhAAAABCEAAABX7GXCgDqZSyKxqkkwLcP6ficqeAckXybaEaMfuHNGDpLSCCk4CwbX7HzDF76PN+6dNLiyMNSU9s8MGSHaMs74xQk6neadLgSeWbalkIcAHXsfMs6dnkcq668Iykd+PwfQZIgNfipiEmBKgg/T6DAYwSaF43qKj5IkSZN/HT0H+R1+PFSs3/WR7wL4TWXSGMiEb6V2uxDqwqmLrlIzKR9sfPKiugT51QZDPJYCLFvEMnM16XhZQ75DNC1AcWLq4yCtapj4+AGPfLWJVOmFFyQZI74k7tlzo4A3lNRUuuH15mxy0QYLzygLjYiOI462eCY+NePzwSLrFI16pX8NFG4mrW2eNFttQXo1X5s6Zqxuwl3sD3TtRJI24AMhmffrWAiksvphZvXVR0wAQbDAhAApkla8IInVygQI82NfhCPRlPKGwSoA9T5hqYfD5XSVpW/0u3AvdPUaSp2IIYe3eDRbt+ARJC7ZKa3i39AO7OQkR2sl2oZ7bW86zwIL/tpy4MTeCTF9ivUJERYQCjfwMIZzaTGV1Qqztk+rHh5AVpzIuRXIs4ANVZluO4tnngXcSWnyo4/3SA2p/2ONEwPvFcaKyCyfu2BoVr+lF9g+uWNgeDSNmd60bNs5pgzYw864Nlo5BPx9cAFmSHwauvsoOWiDow9vgphW4zTohl6zFLRHkqk39M1jAeHfhOj9oElwL69L8V5lS5Wi19xy0aNoqFD6ds3rIN9LxYysA69NtimmSkRjeRdLofxcYhWD5eimkjYP1LXYPwWIXniwOCrFG5ZuczfANoB+VEFjQ0cXoDn9CsXc48Jb5uOVuc2yRC/tm4Btg+fT4n3H3/Vr6vzKYwqziMfhczrsJFsH0XjoXYEe3FhuvOhzUT4oEwp3yGlBoRd7ykMMCIhZbJgdV7F/fqNJNwMTRJdvWBA9DEzDIecAXcmitzvSugKdRd8AUfm24jPfZEl+TYdLKE9TFdP9Tr9tXGO99w7BFEEgKrOlH0taWFj3QBRWA8hlViS56kruWE8t15yYrNkjpZuOjPJHLjC82ioibbieTOdMz/2kuYkGtrqxV5TV+1K+2Kp6PC31dfa52006+63od2s8z68KY6LTw2WvRXW/nmCSqmlqmbM/YSFHEFxXhHNiz66N8Bn3JSZGi0oNNx2gVFcaGpUkjJlcHKl2mRfY8aFx5pe32UaGwUQdomG3bzZDu8FlUA0PEgeoMy0mkTeC9kUSIl1y4vMkEK3XLRbN5Z1zZdEllEDGvAvq7iFzcOybOkdNM3NsAxXiR3qgMQuBoANa9NuvzkM+zkTMgHQjmmA9ToC2P5FTcGS2Gugfiv7bqPDDnjcxWHKiLYEprHBkm16lgq89+Jg5gqNC702RxjID1V7daq0Cb66ZNHepM4HXII6Iq0bTXFpHtRzmZJ6tYi6Jnidl5qwTFa8gpXWiHH+/28tuPAd06H+9FVs0630dwkRS1Fg4NQkCcCWyUAQwKRPPW927XNiW/8ZscT/EaxwhrWzeQxgbqcZRv7Ikorqt4xiVNDqJJDU8sVgslS07YnacjG3ahOCFhYwA8VSBHMA3yLatmvHdVVJBLayBgyq7n01kiYlx4Fect6yX2G2TnhJtNZLCKAmNqTiE62dXdRacFc/wHtIXimZR7kF/UpInCRnRhtg0SzrxLc9KUhL7gOiDmLp++izmsov4+QOGvXU1Ozhi2AG7VvUUnkSWZBeSmVuEiOehCIGE0Z1IMw+PCq5ZIDV1yWpNAfTwxu9o9VFH09954/RAdqV2/h0ZPIT66U+iWymUW5/EixcbkDZdWSRtu2owfp8aVT1/CU2MNRabfEGA3MHLL03o5gx9cI4srvc6zcQ0AdvAF9VIeleVExORze6ijQLOXdcnnCFSSUY/yn+ZU+tMb4BSBSAF8M7d/1rtZgT2e7ki+tlOB/tL1/TDz1fMLlzXIlgngfAdOyVBNQy91uorby1JDPkNNFkndHgLElOByTpT7pFD+h8E85R3vZbBMS3AYi3aZcGCUE13bfUM60e+08ujJkVqaUpZyYskzwz42KJN87Kvwl0LIrMcFiThRdWn/7mi8HSpyhMCirC0QLLaFhgBicTKee/pJ+lMr8B424FxKqPDL9utyA+AuH7BZA7B0UQU0zyBEK1HpOkk7rzxAnW+iv+xd2yblMxnH93mijRf1Syi3qHLlB/D6s7livmUGw9fqMM1SJrrDVKgjM5P4ksEibovMan70GsoSfjkR7C3ZX1RKEyrWrJ1amYKs+snWwftStYXGcPDZJEYvbJlH3RquoGyDp0szyJfjyrZ6PETQwZIxsm4JJxl9ZAts/S92ZoMEUBRhpHozL+4vWynyDVExg0HZdj9mlnniglUoXg0x013jv+6LlJdesfxHPG9jLqJLYW3/IklTDmKcTVaiMR6I2/7i3Uplg97l0kQBLLdooQJDG//2Hr0tD9lJgT1vB5NJN07O1fN9I4s90tyhvOtW5SXSgZdju4GMEYPuNM3a3nDYNL2/Iy8FOJXWM6JatQtsDYyfBFdhlSAvOuF5sF2x7M6ukHPCnSJqfg7W7tYp4+4nl/fQ7/hug4QQVXJsDNwIc+n2mXnLjOYojHf548P5nlPLS7/A1VHsMLvOLstYgOKtDi4Yjx0pcwU82jgqeHeBPdfT1leKZSnO+6GNeSp0UFTCOviZrIO/KJWE2gogcLqtwRFBvnF21SZWTQpVR0ys6XWXA2ZxDdmCdcBSbAEY4FB8hB1zBuHT4hdrZPKFYNjqn1zvujwKHIC2n1swpX8iG0FmsDXqBXuBcqPB34EKfTzUUn0StEiql/fmO8t1P0AiotB8Yd9GfWMXqiBAjTOEa2AP0jcLgI2zWCE5vHG0rbFYOzi/IKiDKPTMq9a9IHDXTodXpB8VfcmNPsUlGJnGCO3iQ7dFPXYexJvKAEWl+GTqVg3zSOseGQwWOVZ4tT3/lbHy+NaG4UOjGKnvxSQlf7HqUNW6Wu693rgLLXaeSnXzOondWK28TxEiUGAp5VxvO1veFj4R/3AGvZfokX0CBlH2teg/tPqocrtwyBe5Axjos7KOZPbUWII9AIiPT7lYkqPKxYOd2D1c8cG+Ub23GTP5xj4iqNm5VpGFozpmOktZXHZxOsCtxoQ+hqqGzSy+DxZ86oQ7TiGCmiCyozeeQMRoDhb1z/rAKS29bndbJwTWUa8QaH/rw821MHA1arWN+M7oRzj1o3NPQ+DKD/mWxjXPPxJ3dP3Suh76T6hErtcOA9BYBsF9ZAzZMLUvycT4l9V38qPHtt9z4dLTHUnWj9hQHBHMH76CkjVzEExMXwxvTiklWUmqjiw30rGWz9WMsyULVmHD5rPoO1H7GtlhQoki94/DDZZtHrnKK2ITJx1A0b5F0e/ApC9bgIjUq8K+2H0zZh4ocEqxRepG+Iej4wJV/VlmxgTAhECln3SzxqsYOM+I0qabML4znW2qqsf9tBb7oSPaYAh5G4424XldWY5Zwm2NTuRWBI7zOQ1LX4E48UO9zzqNwlak0g/DKlBilEu8C+VQxkP2RlUwPw4C6u2ibuSq6Uz7EEcHw2Fu+hpxzN9j81/AKwfLL5V58ytZeFgWWUFHtfP0XbN+W+JwRbP/eUXySutKu6WLmxKxCBJ6BwTVjijLMIoHJR5Uj0jWANUhCQtM8ZefCEQ0I2hG6zaD3HY210z4ojbrG+1BxNAolG5EgAwjFKzACRGv2LJnHpoy9HE1jER6gnJR+32Ys/O3PSQmqpR+s+fIQoYA8O3salVnPKOCGca2qVIOqpKKpJasVqqlbeSpRST67HyL7OD7YxbGHYY7OkG3RYvqIiq/UIw/UrljmKngtqZxxsZnGjF916TnQUCOHZmNB9DN4/z+HMOXI
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:37:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743fb3-9048-4d37-83f0-476e950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:37:07.000Z",
|
||
|
|
"modified": "2014-11-25T08:37:07.000Z",
|
||
|
|
"pattern": "[file:name = '4d6cebe37861ace885aa00046e2769b500084cc79750d2bf8c1e290a1c42aaff' AND file:hashes.SHA256 = '4d6cebe37861ace885aa00046e2769b500084cc79750d2bf8c1e290a1c42aaff']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:37:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54743fb3-7e44-4b3d-9d87-476e950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:37:07.000Z",
|
||
|
|
"modified": "2014-11-25T08:37:07.000Z",
|
||
|
|
"pattern": "[file:name = '4d6cebe37861ace885aa00046e2769b500084cc79750d2bf8c1e290a1c42aaff' AND file:hashes.SHA1 = 'd50dc73cb99b349a441ce374b29850ea1dc2b56b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:37:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744068-7f60-4b3d-bc7e-4123950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:40:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:40:08.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAARFeUXi+r9JiB0AAAA2AABAABwANGUzOWJjOTVlMzUzMjNhYjU4NmQ3NDA3MjVhMWM4Y2JjZGUwMWZlNDUzZjdjNGNhYzdjY2VkOWEyNmU0MmNjOVVUCQADaEB0VGhAdFR1eAsAAQQhAAAABCEAAABe5FIL/5W5kG0aJcUEXlePmV4XVnfPdkghve0qdiVrFdD0mXh8z5wYIbhHBqBjry40fV26a+528apOUAsiFSoBAxZEy4adtFIriz38sj51L2muG3XZaalNqXgxPVS0yFKClVzxde3K8n1SojRsZ9oUf+UjEWaxp7vCLFUIsQuJOwFctoue4lOl65hOcI/qioS/yi6Hj/eyJr8v/U4z4Y6Jdtl9u9NxIb2sEi+f/bsnnjT+dwUUCnCCdx1X36M3B5aItT0mb02NHhzS5jwjADVlAkVZBrAIWgaP8Mbasvks70ix1J5jWojr+e5aT1guTvP5mQPYVK28v1wFhAO95vZz6aCb2XhdqNQ0pfDk97/tbcsSZq7Qq86zQqqo8CdRiQI9KDgsBPtvBAcFBzCIsz61Jb9Pxf9WXbFBJlY2iuwQISzkEeVue6UjdGtpNYRx1F6nsREncTVrXbkOaNiEERMdI22nXvzeosSGEve5og6PMw6wFX9pZsaZpT5Z3zb67KdF64Dh6EWSdjffNdBtg+gc5xqoFhhpOLYmN6qdVgE2lbiRHZsuFHiouwECie8PTmoDaYOw8t+wpxUK274dZZnJ+uryNzdRzbEHXT4Vw2jRtDFSXhaOw9I+JNT9N1TOx50kYJZx1tfBv0NloIGsuM2YoSx8GZXjbK/Z9HFZvt1u3SzCaqxOqhKqP/pZaPx7yxqinUTafacXHtIAAwl766f7LYsgBlPoLb1Ks04MbnU0DhITJho2TMTQWaVLpZ6KlneAhkv9QT/Odhv6tyZilZtzER4AYlG1ZwGhG7oMfWhAwQ11Cre9biSc5hPK17ula6Y8TnK4Zmy4XS/RIlNmEuQR0YnQ04mB2YH0kzglwkJsAi283ps0O2zhQhUy+3eUSnMOjzqa2/kySEPgk5vZFOPf8tJjmy8QhLQd9byfcifFg8qqIDAJ0oQH8NdRrOcLWGgf8b6iG76VV7nKVEoECU/Ro/lGadcvdfkWN0YtyL7xXfT1Q7syfBURtMdK8IBHFLMDJfRe5P654SRv0WeK9zc0q2989/PGUG/Y+Bz/d7pOwnjwMhAQrMO+SbsleYSybybs0geWGRuuWz2gynrlykpYcYCvZSS5LuwuWYT5hmi59NTiopvNJswvzEbUK4aEA+yGyFOeqy7NA7AOGo/8Okd+T8mov4MgZ7bJeOiQGl9bH7RkJbJ4JweLvNkwgde6vbpDQFvxung5Zero74wK6lS6iZtawNJvxZGQuujYyatfHurvWIa3wi4WfjLP6rmgEy+3KU6dg18LaxQt6KVlkoENJij6T6+m+O3R4ZY9UTQt8KHPEBcvqHdqVHr1kjk33oobQTylbuJms+8T9fVU1Bkb6mbd1YiVnd1/Et5dsGy+q8cSMIw31TdXtzNI08tQSwKHCxcJLPAE86+bgE+PlbcwsnZNhiof++RYAakCk0w58oBR+1W11fH+ej8bZn3V8Rdxqj4UmP49z1LnK9b/OlCQSqlBhw6ZTX6ZTuIaN/EMs5hZFfnytffHDvjHn8rqzTH6xBMyfsF5cFOuXn1c5r4/M7RwdhAG4/ZrKLBOKz3PDoO6x0y7zl/leudRNm9fAoNn6kv3Tx7p6MdMALxSc00x5W0HGEtunZE+fZ4hknenWHE+LzEjdjuyDsttL7z/KELdR2R2Fp2CtdmhZ0PP5j9NlBJsiQoke32hIgc+oJOi7IOhcgcA1Mo8w8I7+poZslR3cqp/QcP19Cq0j5Lv8/okPtsYv2WV+itwMO0iIvzez9YUAMt9oBO8a9T05PjeJgSm5NaX2A+2PVZeoHf5DdaPgGBuvpkd2V5GIAUOKh3vROCcHj1SB///GhoNXS6+0xD61iT4u0UPxjCk2Ruibw6SZlWpVDfAmDdjYKllUKjAWIjSPwxSRUZScioN3ucCaE0CulUj1Q7hGebe48RMhYcbYQoUC739ufE3f5TJJtVdiRyxjyKR3bju6+qdJtaH719IiO+IJe+J2MI5BeGubBBrkRfhuFnXQa50FMbUUZDzdyD0vey7zj6TIR9B0//ZSC9zPSRHXWUWL1YNQOgd4ZhZKX8OAhfh2O2yICd6ubPJN/1tEHiq8lU8FZHlLpWgtvKqOx4F+qtoGqk9PzXoIdYpUWT2+tTw0HBtVxuSqFITYj3AfNtxcNtxYEMX1j/pqLnBePyDwS2LCEIL5mm9B2KLwTnbfIFSMwKGHIUWBkhYC06uWD/YKNYAXGsqmPAa/lrOk1+UX3dhR/txHJRJSjwb22nKEA15ryH8HBsT/Avl1r0FTmXZngHViL3lDVQjK0AHZy3NTnvZgybR2NeNN9BFloFzS7aulRPluoy7/Ig9qoRT37UhVBj6nhjCFWcFKGPv3YvRh4iNjznyZprvXEIjAL9S0qPVo75pIodaW+2MgHnnmR1YHKqs1shGxNwA5NyrJoX3PKWdZvVhYTJ4OVzvmNDU3oAMZXeMyCYMM/8dlyNcly0Um9AuKe5cQ+c4mKRwE4bU0oE6vSYtz4Ml4azJUdB8J8SWuQ3spyrZgJM0NcPzbJtBR2FtUyJNy7BFu4c0PqiTLBntmHrTLNmI9nOZS7EltJO6a/WH2StF2NWfAXo4zFJ7EcVYp4OBzVKI/rHNJkpXrwvxcXKpbV2rNIHOzNpv/7ZoDyERKnLBH7j6VLhKIlE1fVHFLK6UA+qVmTZ4P+7do9BB+oS8BM45KqRlwxt82tN/XdEkVJmxl222u9abY524pKCSZNw0JuZhr+y/0eV0peKjr/I5OMTPh58kGNgf34UKRtkDNVLnZLLXAu7kZz5oMKrP45ZGz7cow/dVqOtvhnARj4dYmCgptrrOuEuNAz2LPgeNODV1XiVQEMwwY0+2C/fQFV5oM/4Z9iE09O35Ox0nwgwqh3i8Ph9TEn/SoxbgXNBR9N3atUbyv7JAYRlsvp+iE0y2ZghjrZWdxKmcF6emtlY/WW0er+YGXvH+I3qa1/TkNHSdr9KSKffarnWemGtEzmbFEvi2LRshWLMuqMTHvAKShrIiEr68F5fr9iuQsYrw9dWT3XxybIydzx7hvTmafgfLbYyWvK9O1lgd3IE1o7Vj6PtsA4JCAThZk4QLMl9JcQzGpXMB3nQw3ekvANeY+NqqLjEAyhU10+2nqbjvLQoJ1uYALkD9AOtEbTSNAOhuCGAtd7mwG8Bu1c8Z4/owxYVcdNVMZh3w67TrBdyX05nbp7BY64jsN87PFX+0soD5ta8FH6MK9aCht68exHUhFalhtfLzR5posGrPncVxZsKfGlDMUVqidjMnLx/r3gcg1uEy/wb6fE4EazQ7c3o/9Xo81k6jLeiF/Z6KrjsD/wbbnRNWei2QEJnFhMxMfJn/Mg4OTUqZEQvQm6wEgw8Gu1ysT7FTi9oAMQ/THKdFKoay47Sw9Y962TxRPkldnHBhztVsDm+CKEo9svIviJGzZJx0yDCAp6oubqJJ4xeDDHXN4YgMmzXy3E/f+LE37Qt13wY93muHmrZ13IBK0N6CxQJKmi43eFjBLbI/UVyYeYjPOpmedOBZLCaYu6qiEafxzdYLllHjVqV0css7Oe9/uB4Rhbxrc/+5ArI1/EVlj+EjEKywSWAVhqkiWS3Q2fdu/y5pL9pT6Buo6Kg5eAesz1dZZl9c38pDhGxTzSgUBKwD4MSqR+NdfoeW0nMMMvtJnVEqNKmhuAtqL6abfl4+QzT2imMELpYck0IP0yb/pYYDpbtRqNmk7tqj+r+5ahmbgAJDbGzc/kOHs/Kt3Fu14LlTKMOg4nThN+HW6z4Hjlakw+PGzyBcbVhXUrJr46aEPxipAp3Th7uJHAna15UFAMNOQC2RkDZoe4j3QqdYisjZNTM3AAgFCz9HI67hhn07DZ
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:40:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744068-3dd0-4468-a995-42ea950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:40:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:40:08.000Z",
|
||
|
|
"pattern": "[file:name = '4e39bc95e35323ab586d740725a1c8cbcde01fe453f7c4cac7cced9a26e42cc9' AND file:hashes.SHA256 = '4e39bc95e35323ab586d740725a1c8cbcde01fe453f7c4cac7cced9a26e42cc9']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:40:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744068-07d4-4750-8a89-4246950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:40:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:40:08.000Z",
|
||
|
|
"pattern": "[file:name = '4e39bc95e35323ab586d740725a1c8cbcde01fe453f7c4cac7cced9a26e42cc9' AND file:hashes.SHA1 = 'fea8a97304a74e965bbd1149c6c23171b61ff1da']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:40:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547440da-ad48-413c-ad4e-4f9c950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:02.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:02.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEFFeUU7VQDWuRsAAAAyAABAABwANWM4MWNmODI2MmY5YThiMGUxMDBkMmEyMjBmNzExOWU1NGVkZmMxMGM0ZmI5MDZhYjc4NDhhMDE1Y2QxMmQ5MFVUCQAD2kB0VNpAdFR1eAsAAQQhAAAABCEAAAD+YFPs00cOPW0hg7XVKbMoqOyTqpW8NStx8+2MAgz9cKs1ZYMUrTmRRPUh4QjYgxxdjX9gBN02dXbpQLu6iv5gzJKTVugG2oXaTniLkgQl+DGV0FneVVgpBESsP3/b3lGPWD8/e25ETevOXNq+CXMcanvprnXHqGQwYeHK9p+u7icjziXokY/OKpz7EozLhQSmVFMj3y2Qi1z0/4ve1bGA3Tt1yTbxUco3gTGTZrgpQFBQT8dFYwCLYD2EtY456uUJf34gumy6X1Z937yKZqDBJrRoEyUJhRxxZzftcm6Ga5Zzhclfdykm4jycKNxEzZLbsDmoVFzYS93SHwzZSAAawGnbIHmV2g2kJeVbTYtbWSvN/96782TsHbynAaZxSIcmw2WxLNYHjQtG27Gm6JdSfWbISrirSsJ3sptEoPlde4nzNJw5QGrvYQX0ieu54HNJQXMZgEgNkFlPWaW++KCbW1VvSM3vdhjx0SEPMs42JyqKkOM9sEWcqg7Sy/+9uCCcdEsZC7dEgNIEtiFwqkWDLbW37SgA8S97w9jI6e4+330+yz43RoJOQpnaJ0sieDb3NkpQE5ryVJY1UjiKCXE5lkjeqazCoFH9nmNU7oqqDwfjq3GaywE3OwND+yKObya8bpxnXfbcir77GhdwQu8tKRVzB4HlWYsntqYrIoB8hd75p8Nks/Z8RspTY3Q2N1iyeTq5sRUuMWByzvHTjGdGYr8qCxv871J+HHGwmfXcmH2wrFLGCbhJxrTwGf9upobOj5YsHDClfHqz7DF7Qjc+FPjjHYdT0la8+bxQ+IhMHAk/v9ci1SoXkynt/YPDacO2Vu33Su90jbIBAyqWzTc2sAqZ5xtW3cndkfLEX3RWptLf9bxYGTXiAgEyU9dHgryokJWGyrfV4L8h8PwZYK9jW5mrRbbytnik+m4lKD4UMGrMqI1UFJAado3s46vFZgIWbP+Er+5nK8nQ9Na60lELoT57WUHgXgYMEB/P2Ldz7QCkdiihYy8dGIi2OikXPmbbiVzByx05xtKQxCgqhdgBwrkt+UPkNgTT1hNmEIU57dewQUTzhoq6BTV5W9yGbgYihGXtWIOTJjovv5Yq7YKc+/YTkSlCt3khjX07mOsS+mtjFjKEZVWpmE0FuDsT/CeZsXsuophLfh8p/TCyQLbxliAntvMMKUWgCEoVW9pX3F90hLwtZ4OGk8WPCmGb4yxN7Cb5EOKiL6R0YWf8VtKMKm5S8Ejixl+VbMmOIbkfJXwU54JPmrBARHY50MnQrA2p0AzUH6HeAh9rQ74S+SDzxonnSvXU+9C90vEZmvLXKz/n4Z9ghXP53NVt+2XWq/q21ajgfPyo6fFgxV20F0NZ5WitJ6qq/4iwp9BwCOfbJFX+3dvMREzO0jCvxQ5t5bZuF3hPh1bywPHtxTeXA9eEf+JWZU4ELPCkVh23eHu6n6bKRudVti/AhDRkVYTk24YcVlLW/15e2NQ4MuqBF1BHZ+19OrbKkTncy30vq88G9VBH3ONuYFtodHEkLNOrp5+cljwzAccD0HWmMBHK/p7oaLxR2h7XuogFP6CuZmFg27/cwQS3RPq7saBwBg4vr1n2jSTDnxHBNvd0Q+AqB4Z26OOtb/lyYMNol4NwGZGctuMAREhhyx7d8ky6KNdo1pE+cQViWZUByK7IAaPhTe2Axd+LS1n/L4T0aGAAaHydqfuykW56WFXoDwXX0NoI245WxQBYRPB61meffCVojP+x4sxu/Nijj//My4nwZxJ3raYuqeUemczAGx3up3+CrmDsIAik+X2Qx+JdV4CGFlvFkasyFeiUcRFzF59BvKF6koDKmD7YJFHe60L90w2QaviuogRwE7kEnbrtPaDyCzM/VggyqpeIr1BPnzo54IjTpWcFDSEBrNUdJmZ7Y4qTJ4DlmRHzMdgfQh/p38CaYA0AsEQYQbNN1iKOkjrFA8q2XIXjQyi+oDDjKACGkvuqnRAYrin8KLzvtHN6PKcRsL7cAkHMBaaqDBr8VWaW/7AqBWM/N/sDbnTUzYWCwRktcX845brI29j44FzixpO5LESsKxSXFz0I6CJ1Bu5vuaolTKx2z6f6SwrG+z+olN5YZuKB8tB5JIZYUO+JgfLD0r0cyho/13HXZzhmlJOOcaEwQVjASmz8HJa8DLTD2iCnHLaClGpbTB+khnAXG8c9r0Dar5+n+f30Y2+dLCmE2xtetdrwRCx5H17vuew5NgzgOLO6LW7yvzEYcbOQPE25N36pKxTUFuE6c1iTB0xWYAAWaCGwAttBSe5TNbUpW/jFW0fu2BVdQ7xSpGK100TpQYMcOTgxW2P6RB5BnasnXBzKuj1eTwD0HKo7wxbzv8t2avrSj2VykeCu/ZKYTzUremKXduwFuxwBNKUH6odlDSWOB1rUJj5Lup+vLMOHWRMCGZpVCDsOVSvaX1xXZPyOh3iWkid1wqfSPOh3owGUzgcr2dPKSGof/LnEIgUl4qYNLi307IJ3S0xvUMOn7EyqA8x9XJtrPTXYjvpFF+fT9n3PHYybgET1Wr/qpUQmmVk8MUdbfYYe4HBn9/Ro/ETxspaPCFGyA0W/MDp1SVFerUVjIwdf7xqBv6rTzb4ChrZgPtIc+JiRHmTwgMsDM0rfIAycIHBfCknDMYz6P67HHGaYnjPGkLUMYQiVlcRuP20UWoF8wGKGh/qhYCbu8sAhHgA25tC5gyBJggQVVKEFnz3qO3/Yqz/CPKYF+yGepSz6vRMH3aSd3ZR53K4h6lsApT207ipNMKMDg0xnkamuOKsaRzYA72Ath7j/e1IWxojOXl5wogVZM6Bl6VhwR+B+pVHLTGyRiCzJ56N35GCuv3H4d1MyHBX+CVwJYE2sCrHLKpKqRGWEqAGRur8k3HBLYKz50WEe6bom5SyOg203SuEFTSs60XrfB/fWUdOBNjAPswH7yelG7gnb8+T8xlH66r5z5TsakeGYK2jnc89k47mtn0GGlnU1FapXPeF1WsM1YegDdEw2Fhbd25DTrkEiX0gbZMcx3OI0p1zP5nEnmZCcHmR3ByyEZITiZesgMBj1Zv/6Mval267BUaL3jhvp2bR8X46/0/dZTi3j7VkojFXbphRCUM2JnPHAWvWOQN2xoeJdsRDfaxTL5/QppejH6NM23K97cO4xgW0v0SKm/B5fd1Ruzh1nPsDP+v/syq1yRGU9IAt7KO2UqYfyRPQAbEWP/ovpdlAvFEdt4eoXJZTQ77NrHkfbrirEnfjL+vjneWgsXnV/jnGrXYUs7OPqzGV0holquPdYyU0cWWLICJ/0jzNc64uwnUFE01IsAuYCmYKwtK8po+ZwmDL+0VhVOp/4i1G+btpM7qts2poL9pY3iEtSTGJ4JNhjQQQqkH4yxBWifVysB9a3xn+sFz8SlwEOgG1xgKNOOOxHYvKwVMOzAfpOaJAARHhnZ1mIryxqTcdxR445SiR8ezITG8g3/qP7HdDqwMEEfjtG1cU2lLTj5pVBsUunvVsCxJot0EtNKrMoUaj/IIaHYqg7EEVTae/3PMov2MG9t6pkmNzaEVDbY1/r+s18wO3IkM+J+HpJ2HJqp31wbviwHtuj7+85VjMVsx949GlW8GNI/F4uHRST/+e/uFHVlaunzhCAPR3Sqz5mAhzLQaP4rnb/3IJzOTVLN/oM6ryBIjCfbui9tz04F5XWJE92edr4SM/sJiGdrBb1EwYJKP7Ypce9jVLLMSd9E+yB1tsTfE4b3hFRw5MhRC76OmLm/e7yxN9npfmi5N5y8lrTq7mW24AvgUsUdchj+yVnZXZiCL73nJ05vFd4gA06UryKSXXXamWWeW+RxWoXL6k5Q40lPzMtYWK19YBg2Quu/QgsjjwzaA
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:02Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547440da-dc88-40f6-8d0b-41d4950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:02.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:02.000Z",
|
||
|
|
"pattern": "[file:name = '5c81cf8262f9a8b0e100d2a220f7119e54edfc10c4fb906ab7848a015cd12d90' AND file:hashes.SHA256 = '5c81cf8262f9a8b0e100d2a220f7119e54edfc10c4fb906ab7848a015cd12d90']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:02Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547440da-03dc-4f42-931c-48e1950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:02.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:02.000Z",
|
||
|
|
"pattern": "[file:name = '5c81cf8262f9a8b0e100d2a220f7119e54edfc10c4fb906ab7848a015cd12d90' AND file:hashes.SHA1 = '6331b41759174ae72f2e2ce3e0850d42f4e7c97d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:02Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547440e2-2530-4974-990e-47de950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:10.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:10.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEVFeUU9fB9lUCIAAABCAABAABwAN2QzOGViMjRjZjU2NDRlMDkwZTQ1ZDVlZmE5MjNhZmYwZTY5YTYwMGZiMGFiNjI3ZTg5MjliYjQ4NTI0MzkyNlVUCQAD4kB0VOJAdFR1eAsAAQQhAAAABCEAAADkizw3MyYYG9ECm0HFmUwttQNqy2L7V13OQ3sTQML2PTgQIe8uQW7luW5P60TvQRu7UcmbCdA9M4XXpo12ia02+jcu3ITdKKrtddj+cdo5MQTHwlny9+j6BFEbKQKI4VYd48QOeAWhq+0HF1M12I4AR4immDYicaSejoACzjIVKqg4lxjpZ7Y3WVZddu/PAsv2NO21+8PdUhsDKyWD740LDvfaOXv5L281I9JhN7oWYgTZWnhQsI6an0zyVI2xQsvjFE94GR3EH+k15eKzfRFhaWCvOF0Z0LpBFVqWqNKYnyiwk8ZdV/KsuD8w8ot7A0ssyXLt81n14Z/c2iHbxcx8VhpCeCgCGBkV7Zpzy8UTWOB6rqAMTINK+oWgCkiJlPPyUI/4KyTFPXVScwDv84nutAXRyspkrhk8L3vMeiCb0J/5AE7La3p8eHDxnrjwyCnt1wcM3bIcJBiUxd67+4KwL/47Icy8jB58C5DECe2nd2qPrB450XX1+FCl8QwIRjanzuZH9EULXKoDbEY541qWgm23bMwWGipuOhLJybTb/UZUsWdueQ/UR3kWrViJDxrYk29L+XkSNBHBAReeAPiAOfu5r8COrURfeutsAm8SK2Yr10ojUuqE+cnTzInoOzsta+N6ZRu2t123K8PDbuSe8/IHkd9MWkDqkr9MhlL+BzAuCBDe0nT9vPIPlR+O7dOval4bHDAcBRsqgDde+rrL6rZH5QQQW7mFIlIDMJBPDPX1C0guR7Qwrg7KRQvt6rWEQLM4KKt+1m5vz22zKdtwrVKM6Yk19Rf4LdEkuoYiEuQJVlxfK+knjzkFGAPMNcl2jQv2t/4TLwCE6ufITy0M74y6QjQInwp999OYOmKhZrI1b7H5r6eypjt3Ek6ce/dyUS9ecjfIcDdTgg8mZB9W9cDH+JmamEYEAQkFOxzIst2Rwclb8SYPCsTjsYplhFOWNwPOJsQXD8+LcvYoD3xs2Urq1JZ58wlXQQ39y0bfMMqWShWBxIDqWq8SxoB4KCXsJIbzc4nUXeRleCDHDuwwtg8kvqa1H5p1DHnIzUMhj1Pt8vNaH40tiQV27ejbcW1Np/xHPGOy6EGR/zjKtrGahZvRnvR60oBs12eosAQ6163MzKzTnk71glLzSe8sa3oQ93aZ19Ar3x7pywnZLAkLHb4ztBkCbQg7eXz+PWU1du5DvGFpIuT1q8dIbaPS0OR6J3RYn12fXWryrn4AQn6g0J61L+y4nsJ2O/I09GgS+VCBwwqd9jj8AsP2COMeloKW2efFF7rgOuxyvV4kcgcOZRuxWY97tGX+izPZKDUJl+55xjr8So/dVZSnhO8dD9RMc2Qd80qALma9nWBUHmVhO1NhqFNbnd32ojn58n6daudg+n1goBjnC3AAzCE/zfyiZfAUinqhca4Mef6E9ExgNtpGnRMZj+QX++uMq87qetXQ+3crNG/0/PXrOVZOoPpzTTmmdoFhMTwnKB2WwSCengJMeVP3+W8IDuG4NDjJg7R0dXXVx/h0d56ky+85FPSsftfQvQbrvZiXtWyD3EGkw+iEtilae0xCsr2mM7zeVgs17b4y4+L4XJ1T8kpEaHGy9udroFlqSn5/Dr99hMweAUU/MEfuZiv/YaoikG1gqV07OMPBZsSsH2c9jiByilsJy4jUqaaKoJ595BsUQtyYnz9K6E6BEHRXibfjzhUg3o3fNXTQzQU7jRLcYSsGiDwc8A6xrnpp+rhZHQeKCBNI2WOPq1Y/JvslJGH/I23IwxxA0lIuuuuyuNXIkQ0iDPGh5Hq1r/wJMTKqBV7xHSSNwrxWBDisrgTlK5+sGzuw97YUmXh5tOpMXQ1ZbTJpLz6g/DhJWGjBDNFpc7uN/vczyyRBJQLm++xw6d/uYoFaUNXGUD878VnAG1ZlnWInrGm5TqTGqmGGXBgyTSDNFR4wtJW3pnsohrYdOTXZfgfQRMMiXSLSzVJimbZFL0rDHc4gmFR1XIeygt2UAtpO7HIUyiMCGIrnmzDt4xSkBSkVRcrXDsd2UhmidHAKlrK7QrSUUyulFiyZXJpP5VtgjkrDTpdhXeuVkOwCi1zVPKU+k6NEaAZJYFr/8AxFyr+nuKd8sqKrKeMGkVL2qwYLe+LceLOuRP0+moErUTwl2VbWQbwcD+BqDqVPMAu+UOul0vjPRVT8njgi6K9cF+XwWTW2wCZLZx7C8Yz3rhMYHZ4n4M0cOXHrRbBjMVEjciQTSyIakGF2+gsM8x0TGoDB+KBLKSc4ZWFrg+pKnjykLDClxNinUO+MsnNwZx/qsqKWS28++qaEb2L4c7WH80Z5uE/A5iZSDMefdWTYWH/uVixTGQyky0QLNS9bbpetYER0Kv2uIVR6VxhOvWKO8Uw9jBF5OXsiKaMhLuLkY6i7gwSHhmofKi3QOnoQJj0nqrsqga8qn3taUA209evmuqiGvnXlXYtA8RfdIIZ8zFssAotfdA9Nz7AHW3jDG4yQY6zEpkYpYSVYAyS7jY2d1DdS3fBUAXv/28UIJK8rMRK+stM4UbbQIEmCwgT+Tv+H8f+LMnDu5v0o2UaqoK1Oq9pJLn61kUPc+32ryy0lxVvoTdFNNx0YmqfeIuCPeo4h9C1JCIDQsjwtGt/Qil2OhzQCCgsPYUdUfTPPd/3sPWoKXAQPtvJbBizCfv2KQL9JgOS78AxVoArwqF3nqt1XyCJxvD9Km27FtXzJRu6E9KMMVXeYyO5qdxnt/kO33MvxhMOnnbV+BiSlc2WPpFzzrU4nrUQa6R8C34SwE3P+KrU4f21B+fcEpbNR2umOoMp8GT/bv3iz4CL7hY+BRkBv4Hi3ZT3MnixEBSvItDEoL080HVhJiNwZQcIWlGgo2RmcYMJ3+t3gSxyLUNlqYg/tn5IVdh7lyyv7JbHT4q8I1IeDrYbmHzI82c5a/NbEhXzc036yeH38JTzRf9cNhf4AkJppyBBTup2HvYvzEDPL+c/sXCvPpWhPgjAy5CZgiRy5TUB9aFZo+BJkTlUZmS8zztfJRcNM0R/DqjMJlNTgm3Ha8Z1NhNfu0gkMM91brZm3YLpZvSCsFZaoLQpPv5+SvYxOpZMNs0EsGfaMiQwvRY4+2eEm6Dwu23m6xTPBjToljGms3NGgMHlE1IPfqMb9n91HeQ2YobjKk3PKfdRSTFiLRbjeXswR3pXshYUrZFPbiiLGa3j50tTe/TmTXGxE/smbbYHKXwufeSe3MO85ESRHu5+DMtTl94udSZvBulDbFsKADeGSOuH1U1xMMBW48WYlOTrubouXbA/kzM8L3l6w+b+YM5s1Ys+a51kU3FjAVc518XXm1981P+LrNOLt6mtaKCjmvvooMKi8Sq3egjLPnELE5Qcv1eqRYT+dArDg8n7YQc823ryFvYdLBpjv9UsF9+WyHDtaULUEPWiAfdV5acr52bbxIdByWapVX9jBXHkuVTxG4sVu3qB1eh/JzQbSyfGaG4q8jN0lYynWrJPP56y9jAzF8T9WOMXxTQUUlpZRe66hT3vLVMlDIviZHqL7gn3UB9lGe9useoX8dn/d3/9AYhDEOLiMXSJ8yMsYdCQEZHQhy+vTvYOW5HBrh8PtpmpocBrWhSXK+SvdKz+WBMRblvSrkKeLZw4BSukKqiLAGED7KTLvUf4DI3BtRWQ1/CFxbG7eyQTLSgJKiqxblCwAJDtRkwx1Mv1gE9nBSLLAz1io9MQJDUQkPEE4dqT65HK5Wp5cobp8n6srHmkIfd65Cy7g3UhO5ZS9JGqNJ/XerrDFx2p5vK64RGKnB03JEWHRPpg2F/xZs4cSlDXV181tK7JFkKED4buXlvgx4d8g3YNKcFTpNBobPrg+Y+lM37FkktEST2MEvTbmpN
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:10Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547440e2-4a84-41eb-a467-442d950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:10.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:10.000Z",
|
||
|
|
"pattern": "[file:name = '7d38eb24cf5644e090e45d5efa923aff0e69a600fb0ab627e8929bb485243926' AND file:hashes.SHA256 = '7d38eb24cf5644e090e45d5efa923aff0e69a600fb0ab627e8929bb485243926']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:10Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547440e3-fdc4-4ae1-8797-43ab950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:11.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:11.000Z",
|
||
|
|
"pattern": "[file:name = '7d38eb24cf5644e090e45d5efa923aff0e69a600fb0ab627e8929bb485243926' AND file:hashes.SHA1 = 'e0895336617e0b45b312383814ec6783556d7635']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:11Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547440f4-1b80-44eb-8cac-c9ab950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:28.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:28.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAE5FeUXZAvLK1h8AAAA4AABAABwAOGQ3YmU5ZWQ2NDgxMWVhNzk4NmQ3ODhhNzVjYmM0Y2ExNjY3MDJjNmZmNjhjMzM4NzMyNzBkN2M2NTk3ZjVkYlVUCQAD9EB0VPRAdFR1eAsAAQQhAAAABCEAAABFKVhzcpWpKR91siazLXRLkxNlubqEi/jSzG23khPazm49nXLYroWGTtQ9WbMyqrIPPertnLcwD4lQlFoSPFLF7pobePivM8efaH9rxJYD1+7pEyZ1AMh5ZxOESUZ6kOv0mlyiSiaWCDc/2zoA8wefKepis6wZLPrzsmhcdG593jKIhOFrnfP32Xna3Qv0puJWIQ0TJkct+8x2LjypVk2586LFiqOXKICkmpplZmdq9Zjprx807QgEcZtMExlMP2LZVEh6+5rdrYr80wook6UBesl2TmxZRbZ4c5FPpiH0/B8eUXUYxsNWqIOu/wPaeModS9dXA7DwAB32uHNuz0egexCAoYbLhy4MT20WXdN+iqrqh8N3rx6G45JlVEW3dJhr00ZvntOBwqNO9HagPmQNaCjTmeFJE5oGJg4RHk8fXp23VS9ODeMdiKVRxpKqcaPxsR/XwWrcYHr/DSLzSqREspO54FDVl6Bhr2hLTkpTGW91nYiolEqPwrruhU7V5Z8ttN0r6BSdnzp4gchYwEvCh43b0XU3mkKH6o7+KkWcL7PCRgfcDjfHDSgEDsKBth59+HLraseLsQv97tJoQE3wxGeGX0OS8PUhYBVZKJkyt3hjnLOA1EHZ5eyJsnwmJ302G1rDtwCAfcZas2MoalCAuAtcRpMzrFfUw6ET0rzFjikLxxtR85J8eY5ptVL9NUGpx0qCKWgRWZ23SAmL1fYTzf40PhKYiiXQWPxYpw5SaW04oip0cYMo93KIFAQLqln5ES4nUGizlHnLLl8b19+gTuqhfouxCwHHwJ+lQqEMyOyBlVGzk3oA/FM4hVCRZmC9JvhOvR4gd9zxQI7j0wBMuOs6BT32hPbjNXOXGTTxVF5tGzuZRmPdqgPLzKSfofiamnQ6nyG4hZFA5Vp/renHLFgi8Pdh8wt615E0A+T+td75GBOFvSqeKlCTgFrsSyjq2TW26kdgFSMtpBiwUYQDUgGCFF9BfkhQxNm+P0Qlc7k1JlLNd9kw0Q2HX/zmItmXDifA5L9aD18bKvshy2z0DjEP+nzFiWyE+/ZTAmlQpwQtpsgba9C6iZgWECa+TUrSKibzSatJ59a+fazJMlF1GGkXNkl3rpIo3AzaAZicZ9g8kXtvqIMk1xXUspIU/13NyMveuGvBql1fVgfyIRK42SrSU7YNEWFRBNzUbUK1ggQ+csElbgeHEW+Kb5wu5BLnzh4rVQxrwrCxScACJkNogjI0cn0HGv61w8i66aL/1Ul4XTP9EPARLEhow2FiPu76yo7YuqxsvsFBgDcYP/bYbKp6WMWzGslfeR+VG4gvxP8rz+844+esckUSHfu3yxdm/da4drQG67eEM6S4599pYVgUYeIZiLleS52Dx0SZbiJEl/RPUB7TVnOoSke/ljvQrQKDLmwMZgaZohhe5LpLUHdnO/3aaY8hajyyrnbTvCGXaKKejNIAQLgfqrhBq6WAr0ES0tv0elZf0dV38Gfo5FiQttcIkD734k9n2mQAFHC8y5owrGRaV6ucN23ask3ZOQYrwEahYuCn25SuIpfYkR3Y2hgHOIRLOzd6R78/duuKWdOfEz1UkZZzKPggKUdNeOHG8ySryf10zt8UWoxbhdEwSO1efeMF/9RXhK79PmCnhsjqKusvJFa7FLsYnu3USnXvvYP3NeZMo7GXhychkQc58SQkoQoTx3pBJS77OH58VVJFar6qfz9B+0Bb1wDiOZL8BYhC/l/z7ThaXDst+RGLajjIZtNxSUQ8mXCibo7NWBvoK0Z0CuxxfLxBidRDg87PUZjjAv2PSvtwumkg8rze+1jci3O1nGEx0nlV0EQbIEYXWPZP93K2CPXoBZyOkvnGQ0jO1YV6T+wWZECoU1MBeC65ZoO4bOJQtJyQ4reEKKwG2Sr3qqGkiQxWqQkkkAPtaPlgSmmIN7e6shHIUsy8InVkjtaKWR0SZQpo1HA4BG1BZztGYWZ8gZEik6bNkScAQVd4CL6qi3bp5184ocY9Sf/kh7sy0xtF6qJjFIuoRAxVdYnO6VhjgKPdy8rsDI37ZBvWvDHvFGTR7rto+cmubRn8wJnI+GFKsaO0akVGpv8dvUwPn5RSA9KEVibnmfWwBVvfchnKI5F7EwxAR0vlP0mGszlncJ8zTzmvFeboGWEdirjZI5Xj3g174aFMnMJub/1pMLkTYwp0xrPisFPBEKFWW1T7tdVT5Y/+R8eYJqX8oIHkdZqg82Rdv0wfPwlqrQwYKGNlMBDZaeFarDQzOnWTGGoZZYAnZbNWfAOK0N4PNUX1uK9CleDO5mWV7Rcw1rYC3cJ/3pn6qcazHBKuFLZjr1/B3Iz+N+5bn8PASa+1+kGstFoCtulKy9CgFi7wfhHcY5VNsoY+Hli5RHo2LdQkPpskl+kp/WwxZv6ycnA99XfsCcl52r+c+NP5LDnzYaUg5ZcUBq0i6hhb5h6st+h27EpCKVGeVztG3/0WSuePC1ETEaldVjMbZ43jf3gVFlu/oGSBQhOu+U8YVeggHosZz8eE3CnCIRV8rOuhZgj1VjxlCh6YTxOv9XydyxlYUhGbnWnz8r3xsLaGr5x/pFkEMw0jHelfYcAodd8pFIWWg9wiNAp926BfUC0ykFk5Bk3aoXmo+7S+g/IgH+5ZjcPH/jGi5jETAnV/2DEP68mTU387JbGwziwNKzybrmIomirA/r7FvTB0bW4D43iLhhi9GPQ+e0mOSDra99nnikB2+qsyWb59UV9Jx4G45uulYGbfRscs/7KUuBtTyoi4p05L3KyX3lWSYdlPjp357/SzMnqXR3bZ7GecyszmnN/3wt/PGR0oeHGdkjNJzrrPjvG+k8aeppVXrEvmmRAEncsE6kfwLuXuLlskAJ3rmoFx9rdT+oh2RMIhUR4MO8UG8BUSCPYyvhfTakNLwiMvrhni+zGlHu0Xf889tUs7nt0n1bbossFC+9O8K8dbA1K6bUnDVxGmoDIiwq2Fs2I++K9aDPBbirJfzxes56FLozPRQtgTNh1rKFzWW65YyBeljV63g2/Rb/CtLPf10nVjAK/sM7khXlHxMobfs1DCNcF4mLKRQa2uZOjDuNg283HPSg1oNFajnRhYODVFPjZ1j43BdyhkxlBiaJdMTv6kOfCe2KMKUOojy1jGOLiHk1JoucY6ZyTNrZu+hXz0egCJYR98VSnQVywoLOWbDSF+y2wwiQOPheiCOfPNXh751XZIeYS0yJiv3G2KSkwwanEZzxmmlkFBeur1pWsv3kYuVEIsL516A0RRTOXPH18xPuq0fdjCpcxHcSQo77wkozuGQdSHkVIhFX54zVtkJogP8Yj1YTVOqdeUjrDsmO7kkAeD5Qi3bHfQg8zWv/1O2DJI0PYs+r2v1Fxn+BCIhNM/y8AeRyN+41ZZenGgd/sRPlk8qVuX7EmJJky2Elp+NbpD4ng2M+dKftkLm29kidwU7emnE3ywm80HJuZkEL179QvuNJ3uAgDXZCd9VIbNPgP7n9ukRrxCdE+YrnMQT2RvsXySr3g0a3+4qopmiekpH0jXShPgZXfEjYa/1d826i4Hp6LfhEwrUc+1hS2y1goBqRnsh4tDO5i24NT8HI7ElmA14sgavlpgu0ONHwoBPxYqwwqHiI2jpHmX1nHIp+g21HT7ITyr6QaNQtq+cnbbZf+WTKEH3ikSEjk887qpU9R2fvQr3YQsVzG5p+2bP/O0GilPWJnuJ1GNvIgBNMiVm1wu76aMwNHWgVY0t1+XNy6kUtSfdouHPgJtTmSScCmoFYePk0GYTsVKQG9WNw4Q8jhk9/QjbI18u2eV+EfxKFNNcSda96GDU9qGfNm9k0KENirD1odndbxStB8IwlIcecswBM9LlviIwG
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:28Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547440f4-80b4-4bc4-bd41-c9ab950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:28.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:28.000Z",
|
||
|
|
"pattern": "[file:name = '8d7be9ed64811ea7986d788a75cbc4ca166702c6ff68c33873270d7c6597f5db' AND file:hashes.SHA256 = '8d7be9ed64811ea7986d788a75cbc4ca166702c6ff68c33873270d7c6597f5db']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:28Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547440f5-0e34-43fe-a9e1-c9ab950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:29.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:29.000Z",
|
||
|
|
"pattern": "[file:name = '8d7be9ed64811ea7986d788a75cbc4ca166702c6ff68c33873270d7c6597f5db' AND file:hashes.SHA1 = 'b9d34609371481c5bc0147f46ff393e9c60805a3']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:29Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744107-fec0-43d5-9a27-4b00950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:47.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:47.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFhFeUWAgEbmbR0AAIAuAABAABwAOWNkNTEyN2VmMzFkYTBlOGE0ZTM2MjkyZjJhZjVhOWVjMWRlM2IyOTRkYTM2N2Q3YzA1Nzg2ZmUyZDVkZTQ0ZlVUCQADB0F0VAdBdFR1eAsAAQQhAAAABCEAAAAH3HY5VmbKoZv3V7KLGXDWKorn2JWBCZxMN0JXElNd4wwP+//lhb2+8gURubjT6HuqaG1vzQ8FNpMuMz/cXAjeQ2Ic/K1fOzaX1uV6G0Ogxeu3lzCeqXLIJ8N/s4cujLW6xA8L7ung42BCxzeNnMmXPQbXBPGy8nUvUGtVD3KupfyJLv0V4n+8W6sdE/pfolpiIUpT2qyh3rdRKtB9utdW1yEmsktajjnNCCTFBPHnRtxTjGnxbOPA2X4a0jN4e5XLNc0kZC4QQvZXn4skTMCuoajeluAk9zua3JRM/+uj3ZzrXdPLzDHUtbnY9+Q+CRxQlFk1OQEOjrT40tgCaz7LgeljTajws0vxGJoMxCz3Vn7GwOtVLZoh/h1/c77+L8WpeVLqcIirYVFf/U9NTP5GOORnNH8TaUAhE0xGeszxyDvNftIS72xGOj2HiPB9/1ppjXkz+2dA1+3xSPIqOJNVHRKI6pnBkMxDKxzfkQCUk5AEBjQNkiQ7B6uM0UNTJ6NnDaD5AzBHtQFf1WOWKaUE9furIgdcDGOyqP0aA1l6nJM9+Q7slO4v6Y0PYk4kxxL7eZzMKEglEJ+3de+YDauXEoZCqh1njOyhtdXS2WQvvfrn67dv6I5PxSUmkFrlME7rqSg+SobU1FYJqvNtIssPN8ZSwxmn6sLeUkzTbgutsNxJ5hCPB8FtIYr0T/C+Qh9I1jka12eQuAprm67rizFPZMjObHr3C5TwM5T8Mf4Ya+DxTesWU6VwtfemXUwp7j1G9YvNxpO2EL0vQEACX7WYvxlnYnswkrnJLQZHCMyliKhtBctH2afYiXjcjVrqIg6Vt/U6XQX6phD29XuRa9g1/r/3B+3PQ2YaHQp44/6y8njKcqIMARBUVZL30SjeTFCTenVtoN8saWYkAUqww3MMDaGIOfAECu9a0IjyENl9P3jwbEYlhfGdqhOZt4GtbZe9sB/lap3owjzxX4jo2SLH4HKMwBUD18CyoQhcFUJ74UWj4K00Vn9ggXNikESujUDg7mMay+VTiBEg4cX1z+rtSQyE03sdnrGZpuivdDPCNWR0tKvZZd98n/L/mFF2mbuhwoVZ4YlIeAAu+ZNknBHV8dm7qKrK8O1ThJ6/mie7jsv6OoZkTwdM0fZxI5Da/Ye//LCzkjD1KQINGRafNYL+Qy6ah0R/PXBM1gyQysEH1NYLxtqcSZwXg2K7NBgKhYkvmAqHw3CdzozgVkf8W7Nb58hlJn6dJrEmWTV79FNnbko0mWXFG9K9CQLKLsDSQzHhzDJjkOzEAqDSJ1Lqr7dnx9/el7KoFCzICYj6PNHaAgGxrwATEKHfaU0mvL6fQpJFiHpbUU9F1WcbxEAajHIM7HJM9li4BMZv3EuJ1dymq28O5s8d0LzLSNyQWNZP4aHB2MH4trdcAUhwEYGFOfAIjwMYXaj7kMD6+7bg2FrY/XmqhHVrEFbrPjmt40cmRomQyekuRiTnaQbPDuta1LD+34YbxfsvhpN+c5zcoMPd9PvHJww7ViOOZxDA67vm9XarC1VSPWugzLZZEhz+slg+JWtDNpLVV3CiCC6b233uqmLkAuziEmULx2vCSyE9WAJmNwcU/s+aqdMdXzroEXUqRS0zknVmpeBvNU2IYJ75FEPbxIxqevpwZEAr32Zm+DHeBxOFABcnHiOIxQvlFwrnkccc8jwQGpeZwZtsCYc/KAIZBLsGZBHdPbFP4CtplueHmuYp28juy8EjAYCJVrCJBWrj6qQyqRJqlom9vuNlJC2qrfJWYYacTUgrN1SDCcQvg6sYeAgQxtbJl/xEbNwhOMCgcf3PUHcrgmmQypb2iC/inPcGDSv0vVvNqsir0+Q3aU77biRD59fE8BZlKTblJC/b7XmtZjeODWYVn6M3CIErBUHy2E6TneHiAZVH3xb1L2OMfHwmBYkT1Ps7QSt/s3bo1iqSt4aaz1jVrZcj5YwrDE/Cn4anVotuF0WtMjTNkMtYfgOZkk9u2SAQZe/fyalNPXTvrbhw5tKApJXCmdiTdkLn+qPGm8ib00nIPiGrFcq1n+GuOExsApB7DPDiiHNxTWn3jr1fhScYZoVd2jfvzP7IVsBJH4KPEPAlJuS3yvjn9ldVgW5AiL0sxcDsv3P/DKwDyzQCzW9aWFsqtNNULe5eWX5R7FE9X+bgHR/RdbZcgsAK7yEXmmRapRzhDkGtFbXt8wC60aa61vUCaHSsTJVHNJtidr2CpMCBPT7CfCbpXgoVzbBbGWbcOS61AWkuugSdcwNifD63PELwTOeR90lPX1Y6FfS10ZcvC7z78T/46Wueo9+4+TCRnScUjoqWxFtz29mijfAIIo39OTupEP5uET0z2l+3zcPVv5xTylF22VbQB7eoJW4vUbZGTo7foWlBdRmaLwqB1nS10tRGx/Fpqo+JCmr86+P70/iktVFnU8RKf4+PKXKU2S0MzuMDzsUsCUnD5s2KQQoaNbEqVXCLAyDQIL4MqsHHsubCpaWxBrz986e4mpUWEp6cpXqJ0AzyqZDDv1DgvckDmGNC4hu0VvsEO7vbNAFrS9VZ9y7QGrBtIdH/XwaO/3RUVefArRugi+64VIpEnvpIEgTMwPvg6RLsNik0dvDEaStlRMDQ4YkM1Fxvibu/msi2dZoRY5PIJXQc0MtwpqooZIS4/umhIMB+tg+T5zQ8MQ2Kt5tzvezDyeSPFPgmfk2nA58g49G05twxS6otcEPuRs4HJbnUQUNMZMfPzCzpzCtgViWNVy7rH9fCuMvkQVxIztUOI5XDJ4vPBUtk8KFjITJ0FrOE73TQXErVp9yCHUskyDT0QxlVHT98T1ldHQRE+CVBRlGe3efZYt/ej2iCaDHcrG4Dmb01YWTyF0hO4cOnUFtbFKkZt2+WB78dJwOFBslA2CRdgEsW5VDNMtbTWI9YCGS5Mh9RxMcI//jEQ87t+/YDLMf2ZPvMK9dqJ60IJzZ0HLqO7qEiIugOBpxzAFosDzm4q/ykilLe14F2WtPdkg2ILGTAwUYaR40Y1BhqzRNDZWlauSn3rB5iEiWfvAKLKX12xfp9W1HAP6rXFNxRrO/Gg9eGZw+V8Mf74ik5SYho3pB/DkMxiGDCOR7Wfd4jDQuBwC+Qdp5LAefL6MJpPPSXw4S7Tn0+EfIlBFWgg4SXUtm8p0u93WN9MhNP8U+ruDJxEZM+vd56bUsM/Mbs4TUitwTeKgwG8t9VRrwu+YYkHhBb/Qt9r1uL5r2APBW19iH4EtfLsEUoizCDbRfUYAZlSXbtBOcV/Mriad2bAj2JAjKnSvQaqkVpVFM3ZwoHTJ0V1Puug5o4Fd4FWNjXp4C0mX0Iijswfhf8TT/Yw9mRoG9R5yifrOqUEgpmpyDYWvZcmN2ovVe+l5uzI2yWqoWkVnBb4JrUuXezUxnb3z4rcMR7DT+pEVH8+yOiqajR1e9W3QBGKNPu2+aDZPLLMWkO2kz9lzQ2oRa2EPVe443B8miqGYlzEVUQ1eC+RsOJLEEKQVHbhjttjtK+rr+yM51QFIW49rI5fzrDZ3J2Equ5fIzjk4AU0iZ1QHvxjkt7RjFZ9xHyxpd+py1/WSJDNrKVo8P7sbhyDL4n3oHSyAdm0iOtAx8A3mlEmH2wAfa6WcQRr/uGJ3BcJl3ZyHi0vOXaXpgf6xftIKiKY1m9MlVb4BiAzgSC5Nv8hCsydyvxcUv7d1dZOpQploDFFevHOle3W1gMjTDL3iqjInztelYs9VVkWzACM7mlLIowjbdqic7UMzPlLBhhynnr6eVv1/5CSm0yiX/rsoh6+M/U+PGJxx23pEAwNsMCTGNErepr60EUO7cHgK/gHNC+eqJMmaJ2v9AP7zwkCZRkcTbuDBcwfvwWdh8x7C
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:47Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744108-d3b8-416a-b2d5-4e30950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:48.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:48.000Z",
|
||
|
|
"pattern": "[file:name = '9cd5127ef31da0e8a4e36292f2af5a9ec1de3b294da367d7c05786fe2d5de44f' AND file:hashes.SHA256 = '9cd5127ef31da0e8a4e36292f2af5a9ec1de3b294da367d7c05786fe2d5de44f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:48Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744108-9d04-4af9-9dcd-4896950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:48.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:48.000Z",
|
||
|
|
"pattern": "[file:name = '9cd5127ef31da0e8a4e36292f2af5a9ec1de3b294da367d7c05786fe2d5de44f' AND file:hashes.SHA1 = '40ff545ced31bc32b65be19ed2739355c054ee52']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:48Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5474410f-12e8-4bcd-97fe-4b3b950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:55.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:55.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFxFeUWmmA8CLEoAAACGAABAABwAOWRkYmU3ZTc3Y2I1NjE2MDI1YjkyODE0ZDY4YWRmYzljM2UwNzZkZGRiZTI5ZGU2ZWI3MzcwMWExNzJjMzM3OVVUCQADD0F0VA9BdFR1eAsAAQQhAAAABCEAAAAG6BzPKZUIUNBiYVgNHCbOTYLlOpagKhfxjpTb6qv+ySJfzsRVycu6Hwuna+mRX8ziTtd6H0czWSmo4vPAbz/hgTmXV8GGz9BZr5KUc0fABE98/SeEaITcig9cphJHoGWnhdD8BT1Akigm1GeYzlYJW+Lytu+tmNiudsghCuisSrAyzi3aCD8lw8k55xfn7oRLpqE1p/dUF6si73iqjNn+8QCRMkW6XzEVSyUYDawKLZmBolvvsD+swXWn/Q7VRAtu2dtmHnSf6sHkMf7qQHVgaJ+nOwzMabcTvRl/Ipp/vGzle7/UhT/WzGZWn5INisxRdl3vVAuGO126lorAUZd+E2s5DQUUGJM66zLoUgcg2MYIH40jZWKr0eUlM8It2TA4f/JEVKJTl7RTrit0SfvEkXyQSlDo4fxHVc87fEPh24qAXwhaXSVK+qNmgk57/2iEgWTegn1CwNF/Pq7uJSs+sgWaq/gmIOX3c58BMGfPnkKgNDiY8jFR79HuOdULoVVbUbQ1Wy1qcuJjb5xfCMh1qbpw3GNJQn8jJbsXXw8B/ZUh8CLlRTamF+AasAj0EfpPE0bTxb40lLNeQ9twu54xlg/2Cm+495+C5HacMX9H713+X4m5778Aw9duzsQPKWOGiha3SYJ3NfVzJRHZGrlNlsii7Xj/WoKqc60I5yxIXN/2pZm8KTMwjliV6rpG25uWJSdOpF36uLj0R9xoCfbRwbn70MFXc6YFViWemwO9wlJC/6cw48Z99doLzuAboD1LsvYVYI50GYW8F2KWuaBFrzc3pvPBOBhoUPO2r9sB5CQEDBCjRu2cZANZarjdmnqDVR+e5tUZohE7ZFVMQgUPcsW+F5wTTLMsHnSuuqFyLsaD+Pwvz/NTfjYQZLMmTGiZCN6FgMzYJ/HfKx0MEy3Cg5YI2I9JvEIM3tNACluEPxrPDju35hW1VJp03ZzpkRAjRPKm6nqFrTli09U7ImT1BA4g3nps8Cnm9Y9cmApxB0grBXafLwTFLBDnSXRnNney9QWPhrHmY7AQ2UzJV/GzXhuzcMqf/9SmjYVhJTLAONYcLCGWSHsaNYQVmCzVoDyl+kQ9nTPxQWYHSG25H3V6pTV2RpRIaC8cOy+Dzx6lkwBaH6VcpfZJy//b9MIJB/nl7NcRLOW+AdHm4O54bpCC3UA+/7974LsJXGL5bvOqKfKBuaHCfyKKM7h3LHDp4FfUfN+R6CgHNnpEAeeSHmcOuK/6VPwdYGNM4mtwWwAn4qwk+n8S70sddKdSz93Od2Q/DFZw0Y3+LnfD5o/rNQX4CHOEnbewqwsiMZUcNwmRkDR59kGXyAyej/2xcqb7PfdaPUeJt/TxoDxPfC2XY3Xt2kGC2ZshCpWFCkgJBkPHA3Z90o0b/AefHSU+52ISGl+pry02QD1w0N/774bMl84JdrdPOF2SWbIeqKsud61DBzcvdkP7cvhPER4jueJf3hSthYwUeNEvJ04rZ/QINbbNGB8i80W73+ac1En4DAoVgvuD7xElYCh6TrCPJ3pvpiduKxB5A0ARBaw95SJC41jL/8NScRwvv71cghIj6NwBRZgp85YE0VSyW8J6hOSFL2BagX3dOAorAuS6J9rQfYvZfsFaCsl37+sRQrCvi7Z7dvdWZKqYF84eYlxfUKBIe2VLUX/YFFZyuASF4W6yR1Z8Sv0cGaBF9upO5ZoWNFzRr0GnfbNsn9HmSREp3MNZNeu8wSXW0wSxqOrBSB8JBKHbRSAvAtbVY9EYgR2RZYkQ+MgtV0E8WaoLP+phUCb7xNHOkfLh6PoCRMbRY6bsIBN6AMf02Fm3zman9y2pkcmEcail8rpd35rLA819afLnQYufsanu3ZSZ30eC1p02T3rxw3x0Qd+COmPedvv7q03vwVmu2wXEDZc32DLE8dosB4DiP1aAeUXLDB1LEodXQqeD/WT6U0IsbnT0+P3+SpiLQPlBF5XQaPufK7JDx5pXuuTDpepRb00HOksFnyV06fASWRwiOLL1z1K3I0bxhMMYtc36m7Jhauoz12JpB0N19u9nUTAe6hjrWj4LMGwSYEdjqVbXuk36MpjmdYhj/Don8COWEm7eYdJHbdeEYrdeQmN23ecS0FXvO2O/VL6DL2HgFseE5uSwbk9emm+7Bv8LgZnQmY+4Kr/+EBC55tfu4NKFDMiV2pCgWqBF4mrcu3a6Lbw2zbp+4efh4YWm3ZvPguyaEPBmSaMgI66gospAjfSyKs51OEMr49v18ffPpvWGQLNfU7T8cU9xRidFzyNn8hTqhw5iBTtqf2HtNVyoSvJNE1qjcNn5SOYhoI8fiZ2VqfMGlqPZshonnKUYA3TMEog3YPTxbYt6s4jdRFYiLmU0zKwZvXg1OtLFbj/SybKhNfkZCc5D4NzTHp34I4OQ5X+SoKw93MoEDnvTW9G5UOG172bnunl/tT3B0mCqBHr3pJARRevAd/WOUYI3h1dQTu/rQk8i/c7wI29lkv9XKMWt0hu6dq8w2oodITkmEn8sFLSXVUhxrdcupqvGK72aaUFYJ8fwB93UrcsHUiitlELNHEbiynU3wnKhU9GEUcekbHBvqF4CEZlZM1bFUGzg0ZamOsnSxD+LdFsj6uVo4N8iWDFhW83GMms1VY+ja6xETkJE1R7fL+1fjN1mwqU5C6Qvhv1ZfJH1xIUI68VdOoBoVy5G0btWb0tY9OaS7LCbzKzCEcGs4jNbM3Sa85NOg3FTQMCh+rznI0lLA/x0SCbXuoBXc7vrIWP50n8J/8PDnb2nXBq99EKC+9Cdpb9R80SFXXFKn6d7sqGkYmbxmTcgTtEnwmKpcJd3OmaaZZsSuW8wLNr4JXVKsj+5eH8JWmr6ROcoP8MgUzk1GuiZOi9TK2KCsc/03oJ2gxHsteYPJSG/7GB+SEh8ryNZEAwrEVOPZwmVN8Fx1QnGE5tZQ1s8Z1gudAKy4vGv7nOURxej+B5krtXllDYe8SSRztBb0nzuiJYcjOxj8VSole0ieWU0jcedSle4/t0MSKd4mjdFQkCtHK61Zom67apwVVBC0L5Ne5onmfusfjRfGWuX5ZhCm+mNJLsene8hBHMGUuxnT2zbSj9PBqXVHiVh7NAZYs4Mw/Kb/d3rn/gu7UoHQEuvk6c3Q1yfb+hLp1BLROXvKvSHOtiMJXttTeeLi3jCft1DKq+kCuCZl5SJrefhxuaTdjwHf/VtEAiZxKyZgUXJMm7gyItVSw5S5kveo5+JIGxSemM/qX+lKLM1s2ovRad5RNm4pcZWBS3i0RDUYo6mMP2Ygi3FGxU21U+/OGAHNnflz5fThcoqLr2agZ7zDeja6B7GL5Xy3ib/lccp5tpA1drLznEqPLtERSF22W3aA6g21Q3BWT4GCdER5gz9fzyAqqF+W0byWn3E+UfbsKMQkz/J6UaAd9ZddEGA3j8sCay8FaBMIwfe6RUARaCuipxX+9YuScsK+/ECYlO5o07DhjpFBtMcjyFNQjE7E5IWM6YV/nkrpiwFmiMWuUSXRa8/BKo4gTPylUni3m0IpsIf6odttIKY+M40FcgB+cepN6Q68We4ekI9ONo8VPVvCP8mG3Qeh9P4K4s05TVlS+BORDq7lBEsQsk4GZKPnMCnRJ1ZnRb7pzUyZBaQf9u23wB6t5ui34Tx6I93UsxH8poL2q6DI2rkhkwM/nv+Fq+Hxfr0ldNWptX2j+x3hF8YIzDL5xBBl+KYdY6EfyIXH5cpjxVCuNDCxpEMqfJ60hQc06MUvCE9O85NGoVHC3UXYgtq8QIf4So7mp67FyNpcNuFR7CiCz25D2GHaBSJ1+Mv34fXTbSrI9WoYAgM+4dIIw597YNTpTWq2myMCE110UwoJzpLBc5k4MMjv9
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:55Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744110-13d8-4c98-8ad1-47f4950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:56.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:56.000Z",
|
||
|
|
"pattern": "[file:name = '9ddbe7e77cb5616025b92814d68adfc9c3e076dddbe29de6eb73701a172c3379' AND file:hashes.SHA256 = '9ddbe7e77cb5616025b92814d68adfc9c3e076dddbe29de6eb73701a172c3379']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:56Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744110-b32c-4337-9311-4596950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:42:56.000Z",
|
||
|
|
"modified": "2014-11-25T08:42:56.000Z",
|
||
|
|
"pattern": "[file:name = '9ddbe7e77cb5616025b92814d68adfc9c3e076dddbe29de6eb73701a172c3379' AND file:hashes.SHA1 = '5f39dc77ce189dbee5758fe4ca07739c5bd454f9']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:42:56Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5474411b-ad7c-4177-b4ca-dce3950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:43:07.000Z",
|
||
|
|
"modified": "2014-11-25T08:43:07.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAGRFeUXw2RI3OSIAAABCAABAABwANDBjNDZiY2FiOWFjYzBkNmQyMzU0OTFjMDFhNjZkNGM2ZjM1ZDg4NGMxOWM2ZjQxMDkwMWFmNmQxZTMzNTEzYlVUCQADG0F0VBtBdFR1eAsAAQQhAAAABCEAAAAH3HY5VmbKoZv3a/JHVfYRZLJq9OGkbhGeIJNzQlHdiEIkYeKKfg6OfPJOTs1C59jwj7F4wRtsWlt/DMLw/IxS6NhOfBkcndz7n/DIEul5x2sxiciyro0rzsNKMkYFInzjS0DeuWo7KCaN4fFmNCRUjNn47yJtWPxBz4TC/ZYa7rgqNB80hBDSBv79rr264aIloVL9qjPnLRMHpNuI0CIX1P2DfxijeNLRL/f0P/ttvy7eVrPjXbc6vzSmwAY1BpWlRmcCtyRZjdpQbGzEyChuop4INI0oySdaMz6o2eNcW5ohr+jgD7KI77T+YnukGYOiPwBxhyvOGU6zmIHGGIFLIua5H8h1u4FfjF7sKWfE5rz85LbIsLbWuqpcg9nj0QmKU8ThrSTHDjrgrRti4/FiJXzVwek06SfyFbBJuCQ0gLsBuxwq76kogOE6QhwqkNcT2Cx/lWk/gfKK4mwX5PAtIPtKkM59deXwhiF61tlcFklm5H9DIAzeejTgpWB0i5pDIwjx4nIbVx4xWEBFlNkHqM7m8fR4B7wOS98O4r926QrDSGPx+r3g95KdwO6B4PRmYeIseF+S0plsNC0gQtiEvLDeHCuD6FnXpEYvt55e5lPc3xM2eOoqtAk27GJEDEurdUN+Adkzd9PwoAe16P/Q/07vIzhWZHPcqKYjlojuLI5kZKfzHkZu7bq/m/M4FQqF7GI2SZobi6rhsNkIuqrHT9413nGjNcP13Lw8HaP+PjQfU+iV1GBZmlNoV93dT6iwqPDUqGPErrTyosck2GyLDY9z+dsp+w4OSQb4LhYNqeMaflJUluxHO7MXKsTVP7tPeYzd7XyRiC44jVBqoHM5wYtWq6f7f6PfmvjJzfZlGEBNimbpOYr45tHFQfYDsHtayo+ft2JRLL+O8h0wxLQkubetbNdhBdr/SfUyZbex6Si4OtV5wmMVufLR3sQj+ocj3KX03f78KepJaZXZO/Sy2dQZ8b9V5ruA7X0QCeGNwl1WtCHq19IYOIU35poCdUPh0k2QnhSoMeoIDANc+kyJ/qUlXltL2aW6ouR1v+wtO9jToeFk2NIVN1IQ4D5syqUWckWI89WO8JXDqT+omoqJ923ZM6/uiXtA/jLXaTK6vhJE1ZO/N9wnCvuhYPJU8Bp8le6wuftn7OuH6uT4FRqxCdvU1PfAnJKufzHt1DiWIhPDZGWyR95CHNWs6C4MYogCpKPR0YeOgKOkzycKtAQy3ZCqj31CReGp/26AORJln6qLgrUtSEv2ocj5WVA6861uJgEhSrNLrutXCslzcD0cROrAw+mUhEgGe5br8ByvKm7QtVW52vGZLSGE5QtXKOScV/zeZdAC1xuJ9DzsChh1QpOItZ6PfwhKH4HhLxp0wSyj6DbE2T34YKhvNmhLA15a2YGiM7xfQ/HmyyBhdaLV2g09pmuLVCpkFwLTvAHWVo6VQYg0E4XE3RrNv8zbCOAdIY5Jk9Wmb4ZB6Jl40bjnkccJ4wbvEXpv1Bdzn+I/jiinXT0OYbExKxdJluYXxd42PrwwGuBycL5XP6brkDjjxexqNHW7jTMcbhtdnOpOsTf5RByAlA0TDojs2fLtc6UIJV7iNiNw4criZU1zDdARJSZoxVHWDpdUsSNyiavCMmGx/sL7kV3rBqQ+OrgrX9Mn2/hIJ9kPLGg7K1zl2p8rGcmsNWUtinGsvHXjgFH5iJ/Kl0ZYsGfxrwEHH5xjJkrLDFOYx5vjEvGKz6few8C58TBPIW/cr/BWSTljoeq9LL+5WiaVidERnkZOvpy7ZcJ6jEZVYp7dkeyEAbouj3McQSSC+zAP9aDiDm3C3qxfs9UJJQYrYjj+1HRmZZOWie/2LXBinCwFe5YxR50pooRqRP8famcos/S+LRSYqXCoI6aoJ9h5mcyuoo1Da438pP1Rp0T1f4cAx4fLpbOtHbrO8teCfOkW38TwDuVQmpVMi+n/Bvhjb1+ppVQ6k5ruvehYGQExNAtjDrk3oNkpRfECijql6oNEOxP3GuwFqLdDZnnYO8wLsRKFJiNAe5NVuD4HalF17va+OIFIiEHjD/Ju5GyOHWenNbluxJKeLmzxKnLD7bOpnMsynFi4P/rdEew4+uQTIUIJDTGuFfoRi4Bx1nrwdGNYyYkIW6o723BTg2++EaX8JvE0FzECQK2x60QWTu0y46fMzxUowdd0e978ae3K8tRj8GhFxLWESuSzih+xcA2m7RcM4JO581Js45pk7yTXEjL6NMEvv40tUSXBGA498hte4XNKhNfEemLRQl1RaOT/8vLROfCBHIygJx4yFR1MU8+GZmsGolu8kKuMVM1zb5X5kaqci4LnuCCeCLdAxX+ir6C5X4qx26nhBflIgxhA2NSflSxk8BLDVzK5aZKQp0LvfjezKACjpTg4Ebcf4zvEEVdaNyW6kd2x/bT3+sbh8CSEItKHsQLmPtuIpYu9P3sBYEvjr8BbS5bnIudzSqnVqeMjae39FEsUaLoxEqtxtX+tpT/ynOnUFJfsZEYnNR3o4JRfPbOAFD0Hw0RMki48YIHu5OAk2PZXPKr/9KOb5TccULAqMkwEuGAqpVAJruxzBsvYnNNpwWRPYNDgDNBE6/baK34YVDzrMDGiKPUnlNnpFRFHKnxKVNvqSmgQxZwrITv0vCk9SFbfh3FKuFgDDkHFABOBvfgAhYikmE42gDjpoU/tRo5tBDDgxpodr2u0niR3v7erxH2QHR1iBsjaSlIPNj0+SWt++gWgV7+dpye7C4y7R2+Ug+xNz4IZUwUxFZyiY5M4A7Kft+tlYxbILrfBdDTnmsm/jCZj+6yl7/CXzHbNVIaGTHMMYSmjYNiB5+eCMmTqrckAeuKOEsvZI8Pw59MKBftYQr9hJZYz+jVXx4dXVqXT6Ks3e9TF0uCMQSxGglIoOQK7f6SGVU2us5d4zJuuOSj7xzOK+k89PIhBfSHGK1NVuhdPD9UbhcM4HGpdS4XX3Xl/qKnyCPUW/jj6/TwyVN52q3KG3rN6bB08YUnYcukMCFUl57J/ZRhNcRg+nZEyiuay06WcVWKVEl8/fSWJf89iT5Oic9soxnoW60ej5CEG+iLXR/G0jtyxCQ+qPzd93Qwh8eao9MhOLu6/Lc+Dw+Sbg+DpQ6wVjTvlwBhRhJrMzEqI9Bg6Wn43/7w/+MKnRhvzO3TXI2VPwU8d9lMAdDqZyQBRf/6pHJ8eChJi2UcqZ4fzxgFBpEp9WqG0STaTKjnTX4J69xtgS2aCuc3jiewECG/pfSc+4Gcq3bC3tIOxrchyGa9e81sqx+rKnsYBtsSxZYwhTu87pAi5acMOe9BgFO0x38zb9Vuz4z+Isk6hyRg0rW0Lnsd2AMGT4BktVtRvRpFLdSoUdemoMrC4pjdL0uHan2Tw0Ai8r7WoeRH9vxe40Z0z86vWWoqpM4lemV4mhIEE13ncN4z2hnu8o+zwgQAHg3DjKD/5tLFBdByWYGZQsQSktVFNcZ5yEWozqiCqp8/YcTnJzwCJ+mn9c/Rh8/H7wveMjnWUtR49ZkQSe4oMRDYpabTg51rjQ5pqMjR0yfzdvuA4BanT7LCKVWTgg91s6ElH3WFzpVsCNvR9FaZ4Pq2MEtgKaW7dr7HnJ5KtIj1y/CcWy7vIVmhi4q1cT1Ob1rVhAjptoEgqkeAuA4oO7JJx/+yoimS68pmOvz8CNy0m/vZ5Nc3pyWHgvk165d1gjlkwIuheWKLi9DpS6XVUvIChLphw7AUhKqXen3h7unzQ8DvkkxexYr9GuJ1KRwFcMf9dZuiAktSKd8jFNWlukUphQu+lWIRgFJp2MNdX8qZ0UXOOwW+q4BVPBuWGzHPairya6yCyUo9BU+K+wLfWF5M6vtiio2DM5m
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:43:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5474411c-f05c-47c3-948f-dce3950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:43:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:43:08.000Z",
|
||
|
|
"pattern": "[file:name = '40c46bcab9acc0d6d235491c01a66d4c6f35d884c19c6f410901af6d1e33513b' AND file:hashes.SHA256 = '40c46bcab9acc0d6d235491c01a66d4c6f35d884c19c6f410901af6d1e33513b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:43:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5474411c-4798-4a01-b76d-dce3950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:43:08.000Z",
|
||
|
|
"modified": "2014-11-25T08:43:08.000Z",
|
||
|
|
"pattern": "[file:name = '40c46bcab9acc0d6d235491c01a66d4c6f35d884c19c6f410901af6d1e33513b' AND file:hashes.SHA1 = '732298fa025ed48179a3a2555b45be96f7079712']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:43:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744126-41c0-4749-9047-4923950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:43:18.000Z",
|
||
|
|
"modified": "2014-11-25T08:43:18.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAGlFeUVnxRHlSDwAAABqAABAABwAMjI1ZTk1OTZkZTg1Y2E3YjEwMjVkNmU0NDRmNmEwMWFhNjUwN2ZlZWYyMTNmNGQyZTIwZGE5ZTdkNWQ4ZTQzMFVUCQADJkF0VCZBdFR1eAsAAQQhAAAABCEAAAAH3HY5VmbKoZv3ZlUn6XZRcS1318WeCiXlsptskkZ0q0xgVrFaPv42GJDb7aP6e3y7vH0tnCdlfYiX0Ai6fIPTS5rEr/4Fcx6FG3jq4aT7H6Elyhfe93VT7dzCt1o5RCEOnjBVMdK59wfedMWOiq1fK1Air/E9OJLO3KBePvQJw3Wi4Tf8kLzK8mZSkOxmgFxxadZG9jN16mLHrTsbs+1+jKnDJEqjZtBg3OG/d7l8WCg1HqJWSID2R7bX8ULmrdXNR3eGPyHLcet8wXri4WKM/FHCHDJ4rLXibj3lpXMHxFkaUdHUmWLWuTF8od8wyiot9WO7CM6Eby6lVMbDpMiQhwBwG/yk+sWINCZBvcKE/dBs8Z5MZmb5q2jBmyfjXan4qj6Jj82ut2M1FylqFeM6/VvdocL5jReJqgEIjwNp5YHi1cLivQ2VqwIfdUqnOWSYojRFZB8cNgO6LQNAY+CApknCYJ41Vj9Oh2fCBFwHYglpohZ/DMvCi2a6XKQpDmn/U0nBkb/ZgYcoWLrw+NfGCZOgw0lvjkwYIjKEZNenaZRiPDU25RMcrMhvgDp/VP1GgqCvrWVZCVfXc57HP4JJVhZZ2v5W8swCBB9JkvGb32WfUjPR6cRlqnIpqMTcOvs5CTt199JEWhYuHh2RdP8Zso3w7ofhzvDtRbT9g6otMNRGN0IZholEXke5uuqz24Fn4Z4KZXNXZ7hlqNJ2IiIYCidPQIkRH86vLXz6a3iv45yzrzCnloOS/anamEsI+azZG+51/0sKSn3ca/IwvBShVfz87uuENTDflub3VeE93oo/FGKFSwNj9sAWY7hlrFy19VV5IoNmbpjM+LWKUoFtu+6kwpspALNQC0LybS7257ibiy4cFQbUq+3+oymkD9Hl7lOq2QM3yhbKTPtQz/v0JDCD9vlVZur2Kj2N5ccssj6TBqxH1YWqlnenUSwvA65zjYoS6GhuK1+9SA2H/QLZ510XLgB2WwLXpQjLfdno7jpPXBAMDc3rxVVAySZZIgRrzNSknY3qLmtvf4a1FeonGYIj12NGsuraeNmIo6xsLzc8U48Rf2MV4q1ciFeLiBqcUbUwaU6lx5VQ3KtZ73TBT6FRzB0lqLbEIBYXWajXT9Xhl/pUCeQ8a2T5ecz3FukDuNT1ye23MA4j3Nm5EyeFFhSmYg+famhNVSFWfuClYqr8lYdlG3XVjqb53R+fdlmYNEA08ngrl4xGWnrNSc1I1kvTDd5gKkHWh36H6Tw5ziD5EB8eUP6ciTzUIWWbdmL1A8y/ojico+ZuOisbxstwCbTpXVd93PbFoQubsMl1WTHZLQgHu+KdfyJsFG3R5DqCPlQv0Cmq8b02IOCvI86DaKAQgeeLs1mE7JMAL6hGgopfQEvumN2vPRujWoH+YiFKGakR87K4sXGOR3t40Fib5IxCt5tS7P3UkLMZ5rbPQuehjnZY1Ou6hrfwxpwPrJb4TDZl/fDp5ocuapftefjsx9M9xf/+OqkCexuPqSow2x35B9gRWtUMA8DrsD9SmMBf63ASM2JMjdMbnLxUUQEqxx/197ybTs6+w1Q7DAmzFxjGl/KtyGj5AsaPnR7W7OneYbCxiQ+4xS8BqPiDd5SGG1FLhqpyyRi7jMZ+OmstDu88A4zcggvyjJJRrTYGU9SaUii9qgQ0KDQ3gOgUZGbaNoTcZzWuvXH0mcfv7N7iIilZN37DCT+i1sB15Tl5iBsEsZailCdazqVxriFDVAWgkJFr7Lb31tBODHwstgHlyc211iGgOt5lDGxb5gxKuXvuedjie4Z6eSQFmrbea8jGI/zIEkjnT5aETZ0UEKUIbLtL8qnzJCWg3I1kEezXNGI+AUmY5yL9xgzFpS1k3UJ1vgb9ZoFaqVrSPyiEo8bdVrD547Y9QoAJkW+WbrdRioZIx8jJcoD/bONPQ5aNnKAcBzBqGMejr7hHNgmHqNLUovfVhnGZa2r9LXcCNpWZQ1GheG0acR6fgGGB9lRj8xd+WzsFzCyQkydJirIiu+Z8yQgwa6kjWjLg3lWBKZMMu/UfneIa57LGQUMX6Aar0XCUhgdpK6/+lxt2zzXRwNeFoqp7gw6djaBlK/sSIzZeq9NiRuKYJCV/YxjyrkGlK41IAKgxXLiRlfCzEdm8fJwqmL5HO1/q/Ryl2ennpUYrsTiKNmsvt2UOTzAWrtdjwGixGkfoq6ssxYypNFB6CZMABRN/eHND4sCPqKTYdxPyIQGTYAXWAFSc+f0ZMrSHZ5rdHR1rQKUJXEXJMGQx/NYgnZjXMvJRwpknU0drOGDfqJOglBEMmISlr3ddAg6G/SdbtJ+J8qUfZsS9FNgrhX9RlaSLClWSM4Quaf9gEFRj6S1TOeoR7E0KUzl3TXYiRXJAqB76okcrLMRlO6xdI/hTuZR+d/6hEf1JAd3RX5xELlJiMaeUfCnmp0czMicn/GLAk+V3/YtM87nijcOyUJ1VKNJjIfqAghs8LiXHmL/ck2vZT1dAbhzTddFh+MQME3jFi681+kvOgYqxmVE/GRi+hWTd4PdxZH7NOAqMe2EeFFo6Q2If0t/b9tgWjBrki8/FXP1kugfXRtcwE3TPIJXDMQKINys1mo+7SoMJgT1ir5Nv8/BP90whcJLuaoXykAeC29rr9h3MoEeIRq1XEx2rBjGSPjWjHcQDjizbwMICAApCiMbArEVNHZnZaRqC1/X716b5X3k2R0KsYk93oUf97ZU0LMyrGUrXNrlMiZhc5lij9pM+2q9uRPKxuxu+HR2v3+wYuEdtfOo6KXhdXPZOxbkFLtsr4GxFr5E7W3wSl/eS21D4YppvmGkFmtLsqVtOQeEmwq7bc91pNj+k+9siTXr6FAcCoMg7Mauv3rgXtbW6whpY0Da9InjHdZmUukn9EAmcvx5PWV/pVNXkXDvFJxQ/8yJMeMA8AtSC1MpgPjL84cyKyss9xlToIQjqxlKGDxdyaXA5WdtNT+2fm4eJk8agHwADisITve7h4V5h3IKwBVZyuDCjMOEaPYvkLh7Nex16cHlJpJibSbC2eDkMIA+2+MMNPBVZC7DkSYynAhaiR/5JXrnJwOdA3gW0dtHiz5rVp9COQES6o+DnfEAfMGolCiloz+M+YQPtI3InTC0tQPZVuEeQbQI2aw8TNN+H6MM+ymr7lyNwHSd/Ws5Mqlxj4DC0vqKWWVaWtqZE3s++c0RmMd8AzSVKtP2t6vw45jqNYyFFkhz3cSt8jXJTT6jp+PeIJ0PlvyLWbsQySdm1HY8TsFooLpNurR4Bu8F9vDJ/1HNEMInG95n7O+EPYjl5P9ycx2b+B4ztso3uupxCtJAq9XQFz2+vKWD6EA27J3dKM/NBbreLRE4lgM5GrSy7x3IYPf67foOKHYvBrLdFYsvjcl6Yaqr4+a25DzzESdCeWszWyfZw0v0BmCVX+sHDSAsYar8SfFpJkELULQY5nGxfxXezU3Co7H4fNav4gpblDI4DnNnDie+W72Wjd9iSVxnXFsLUjv/Ws5D5l+Y+Tq/feo6KGDsh28QoHdZZ437QjHHaHnZDgtwMrqDqn3CVheqWIIlXKSsyd1SgJ6e2hxlLNGU2hKTy47w/3wKGlgMHI7kxCPRVCd1apEsWE2NcqBx7e+bKtvbo0uU9u7ySIB0NR6xd+8zcKuLIO62MhDf34VmKZBK/wkH0TKbd4PnmLai8rmjJLIaUW+f9xvMANT5OoVXVCJOF4gVSF/4MZ1UTlxND8spexPvcWDOntQwWCuN3vOHYnF2E4mwB2webAhAb29dlwyARIdk2nRI7k7xeSQW0lJykhR6y6Toe4r2FID0Aam47mnHEWmixdWVa32PLHUxlI2aOgh6dj+xdJ+/nCTxVx7LAGg
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:43:18Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744126-3700-4f21-a5ef-48fd950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:43:18.000Z",
|
||
|
|
"modified": "2014-11-25T08:43:18.000Z",
|
||
|
|
"pattern": "[file:name = '225e9596de85ca7b1025d6e444f6a01aa6507feef213f4d2e20da9e7d5d8e430' AND file:hashes.SHA256 = '225e9596de85ca7b1025d6e444f6a01aa6507feef213f4d2e20da9e7d5d8e430']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:43:18Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744126-cc48-4a8d-9668-4e01950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:43:18.000Z",
|
||
|
|
"modified": "2014-11-25T08:43:18.000Z",
|
||
|
|
"pattern": "[file:name = '225e9596de85ca7b1025d6e444f6a01aa6507feef213f4d2e20da9e7d5d8e430' AND file:hashes.SHA1 = '16c126de5e55fda930e8b01a2714cb62849eba11']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:43:18Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744135-7bd8-45d3-8754-9e39950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:43:33.000Z",
|
||
|
|
"modified": "2014-11-25T08:43:33.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHFFeUWjmj/4xZEAAAAaAQBAABwAMzkyZjMyMjQxY2QzNDQ4YzdhNDM1OTM1ZjJmZjBkMmNkYzYwOWRkYTgxZGQ0OTQ2YjFjOTc3ZDI1MTM0ZTk2ZVVUCQADNUF0VDVBdFR1eAsAAQQhAAAABCEAAAAct6sK/Kyfumn19YjIgvO2o/kZlxhHsJhNeg8K73JZr6OHJ6NAtusa0gyi845OPFy/bh2DK2nwPY4WkTA/bX5jsRr8F84hLBoIeazB+zEBgl0ZpntACG3fu0YmfwYxH6BhgOjldTcBVGDJU5M9DLEX7WmnypZIkxTCJcPmYL7RkHoY9w7ixe3Jh+qAtpFA5biYO9UQ6zocuHH4eZTEr49ihCTcTt2feqiV1vUmLb1/9lon90fC8+6V4w5ruXiPrKmOb34/DNGjmY6BZrR/PhwiHFM9+oZZXQb1iDlSbtB+qfk3pInW8fGc2itK1FqivxZkUKLyF2kaRj7mlz9h92YTF99ncbFNynF287z6biFNa4jDLx+ZbNV4xj/8/DObAT2+4PRB/2/wcGjWidmOEweSE5T9x4YZeo+3vDRn64PgYePf0YItkTF0t5yyiQXYotdoJiBUmIQTJRWNo+Q82ox50ABpJwgfbOSfQlC4iLcoGWPheVKmk09+25HeWKx9YMh1CbnHf6BLpjHQdA0dISZe4UnwaRt724kO8KzRTpvoOug1logTztetoGyllCPdREHkVcLko3hV5gpK5wSmeYsCMJZqZmwQCraPvcgpAmApRjTErRt/A7y4SWe/xuymLeUg4lUoMCj50Rs//jEVj55446DJko0oJc+Ody2/v5SjEuE4jmQf4FXw2/sW777iSBLgKeQ3BpeJjKkWag3GjL6IN40r1AXHQdn2J5gnUxcP7DyBMpAoEawsFuifhUKWKhDyzaJJQgI2YF1ohAZv+HKQcRB8cpgz7b/Z1f3K9BVw1y356Pv4Ag4CVNUgDM+Rl/Wi2ZrGxxcIWVqHkqiDM2ZDRS0wDlJprsmO73cDHXrSVF19IrkcrYIABy7PXu+vjMtpeyMJuaH6kQOCCthuDYd1RuIbFVH1c9cEfCF496sHKs7RmuSqHmeV80n5K0YSLeTlk6F2gOuNCQ6/uILJM4azswK4FhnSqpfkA0v21NiU3QbmJOXW9lXDWX/rSpot79tug28mVBa9mLBscq0OZa4nuu7P45Nc0dcAla3Sv/xf6bTOBwg+ebxn0VoqCkqCiWxNulmBCaVVEz/dNov4H0DKEsMyWRABVwvkR6MVefavy/pg+ol7zK/AHcF1HXvTACX0jjDHeaQc4sgCiLzsg13iwjDkx8GcfjYSVwVzbm8IUlgz1pVIB0RDHRymrSYnaaIXGEohhEfq0no9IRld/gCMMPk7kOvi/3CCMwOU4ErxHLnjnh05T51Y1zF2ZactIL/pQDOEZG8xPs7kAPXSYglG227ti0H04DbjEzC1UE7ZJMnsVlZhGdNeWXTWXNb8/EC6acD/mrwzKz8AQR3gUDPu4XuPh5fALpKBcmyZDifR3nf7UapJ/aEJ6T38spqFsoV3jjrNNIhTEBrKuEmfs+aSZnoZD5nP74phRNJu61FfQNVY2l64/VubRnmzA9JZ6x1g2fNngyQt5jos3F20NBQYT04nnFmfXKwJ1qNhFaZj2JJG7q/ezVQZ9A7DNyag18kKAfjTmqvg6LkcPAEL102bphDzZQg6tT/Qe0GxRVNOrUBo9psoHtpvwS9qUPJ+/5CzCBIhYMfS1Lf4l4Q1QRYOpEwkitzw44OqSxuU3ohpeXEpiSn8ts7K2+QNNkS2QlkAgC5OC4vKxzTnBEaP0R0H6ozmkz8FAcuuAlsLaY4Wrjq1HTHh26yBfBxV1iHSmRkvjt73gtHGr+TogTZ9WJ/BtR5l8std4fHPpQrs11UuV/RGN5Sdgfu6bssQfrSQCUo6w9pwm7uSr5mqpRt0L1kKcWzeGeGkhkv6HnQkcmrjgv59fEwfZxxLobeG2iZjlyQqJjwzvOoK9TJVyfq1FQwszMNdDlHawNx1nlpn7z36/brf4oL90SGqX1TOEUDAfNhWXENwrWRozpypObQoIdWbfBXiF2z2BB5fF69TVIODBw9CvUxaB5cbkc8RGehKjGy3ga1y6jEP+4LJcUJavOgDqYzpQ8reKrrhsPza3sd68QsmEaKyj+/vNq9tWWkWxQ7WQp2SJ7P2u2NCjiSrpdl6uXf9yfVF0RIoxrAokZo3NCkukQy+eFiLRaBg9rTGTgHHgC6SZ7/3EF6O3eOMCdPs6Nwhanf/64Yr2/66nKAcFTtJIR9LD/WkpAWsLVCGkVYDggkxcfAD7+050NxXeCLeRVLrrFydOOlYSKFyKLzineLJjGFxL9DiuHZJit0SZCuZQq2OYsGTfvQ6F4zljCVB3pap5fk3gFB+jISB7UABRFHdfCit0SD/e2YgFXaEuek4iKpsWreZE7MG2woiTWX1IQz4ks1mVKQwobmcy3AHq3GePMrKFwf+jrLxINABGcy0PXojvPiHKKdd5ihBvgJ7lMp2dxp1s2ieqTu74AK1co1T2hrav7Gw4+1VwakYFYEKJpKRkUZEDwlQ4WOinAm80O9yvaI1JsM1rhp0CfED6chrnh6ShM4SGShTwS3NKAxkKyxS1AHbWXSvILBL2OzuEP08xIK3MFxqT3iQYMOpjF/a+iyGgfvHqDMqTv49DXYoy8WoC0NYJrhfcdQx3kMknR83iawFoXDFA3fFR8RZ/qz42g9B3BnT0iAomm2ejKEk9PWK1DH6aLnt8meE0/2UrOq5fB9mrRjbq6oUc7lccMAjOIyem//ClJ7qI8HqW6XbZzi1se9DMmHAfecEmO7cDF6Ldddi5fy61KRo6ISsB+myDbq2GDj+MhAuY3JwtWeq/DHwukR15J/nOnKxbNFrB15Zxu1X7wqxDtgIqgcb+sbrllyq4fo4ZbWUlFub1HV7W5IQc5bUlWn5Z5MtQInuqq1hviL28VRWGU0YAm0HiKqZY4vfDknNmWG08kzaJIqrQKCCjANchcKraxnoFhewB084VpbAIBDr2BtjU2vXO+c6ZKv3doTDLCYIS2swidwxDKHaIx2tTyqCWAVyHN2rmG/9rsOZoA25HLlBgJlOfe1VBRvCP9T2aAU2GtDS+l5hmWbb5hPBTRiYHaqgTnSgo0fr777dkonihRKrcRW3cWhmeL8et6FjdtSss1zgoWmjskoQMEA95lvvAx0Vuq0Lt36V7Ye8dTPR2poM/zcdMrLFiwFo1QqmTcvW8PiKbCSn/+Vz7kQi8L6aUlqUcImPfiWA2UosnWnd6KhtoaCOVHTRfCsHAOrBRlID1yeCTbWrGGCC7VhOwGE9s3n/zzlsoqXWlwwYN+Z9vCDHLVtw+xaGAJNho2ZghmpS7ZCBAxTYFKO82sMfkhFWHDI3CHM8cj/+JRdN7iZ7ddrFkbD/1lwHKzRSssEw4xBweiqXHg6JKyqlghwEkdjFni5L/Jax2gb1R5qoWcFNFdT/LIzPAgTU/jKxtRQ54vvoEXPMWUsc2uOMqEYZKxtR9hcb8nJAAhR5mOQxnVHlK48ozNGIJNcfTmp+6L1cAdGZ8s2vt+K5cgBThrmvueZmhskz7wzD2yQzZuKoyPypSVGmMHNLTHfPz5bMSqH/JNus/OeRxlmJTE08XGr6Yp0L0hAVjuonXItmWIGX12TYqsQxiRa0mFAcqkwREkvyeYP4yl91cBc9izdHSSBc7BoxpCcQ8Hz/r+cTj78CR/7y/1OH///p1T/12ArITtyzhmpiW4b4pNBjpwa7dnM3hZZdUiaHjYWQpp9h8rBJjFrqwCQ+nKuqY1ruPhUP4d3poBQyOXyE4Z5OSbvKsjCpJzFgJ5pClJe58mhgesi3rqdDr1b0xVb37ikcF0CHWybm0VqJoLO/kRz6PI6XrjkgzYrvMIQKApMAEjrCRQli7Km0ZVLaCwJJXeMdrmIZ9FtCRtZwWs2h9J2/5eSxnwWRRRdjVv3InLymMNC94XmEmT/pMq
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:43:33Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744135-0e80-4d82-84f3-9e39950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:43:33.000Z",
|
||
|
|
"modified": "2014-11-25T08:43:33.000Z",
|
||
|
|
"pattern": "[file:name = '392f32241cd3448c7a435935f2ff0d2cdc609dda81dd4946b1c977d25134e96e' AND file:hashes.SHA256 = '392f32241cd3448c7a435935f2ff0d2cdc609dda81dd4946b1c977d25134e96e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:43:33Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744135-4820-4f5f-99b9-9e39950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:43:33.000Z",
|
||
|
|
"modified": "2014-11-25T08:43:33.000Z",
|
||
|
|
"pattern": "[file:name = '392f32241cd3448c7a435935f2ff0d2cdc609dda81dd4946b1c977d25134e96e' AND file:hashes.SHA1 = '5031f07749c2639e57a6628a4361fe363d77c34e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:43:33Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744143-edd4-4caa-b623-4d57950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:43:47.000Z",
|
||
|
|
"modified": "2014-11-25T08:43:47.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHhFeUW3CmUct1wAAACMAABAABwANzU1M2Q0YTU5MTRhZjU4YjIzYTllMGNlNmEyNjJjZDIzMGVkOGJiMmMzMGRhM2Q0MmQyNmIyOTVmOTE0NGFiN1VUCQADQ0F0VENBdFR1eAsAAQQhAAAABCEAAACyDD+vQDvHZ43jYcnZcDOersawlW6rkxNyNqJzKg8Keqozgkj2fcC7TwGTzqFPwy+33sPU8Nj6+Yz1lm0/TqmkspCB04A/81guuWyL5IVJJXZxXxCpb+uHZxrvARPMTi37BYaWJ3rKsyzoPEtFq6jv6uAkdXZW3Xke2tBISjOCRnZ7K1HW9k7dbwPwE+C6KKyHRFKK0hfZROGoJ6VQ6wAP/Nu0jjMgejCmU79mZ2OT95wo6Rl/eFjCAS5VgngIVcOaJMjN3i3kuW8F5lMmLkl31lBlZuN0zoYZjCsQeIaSLCSEzm/Fq9OHAojluQx1XDo6lyQoQFs2qm6a/5sxroS//ZqrwYKG/MVqBZPBZo3SNDPczJ5xnGf847hhYQ7b31TgDQAw4JRGojl7MVLmEhqoMECIn2UYdCwnv0tHNfLFUGZytw1epktA/xQ4aAhKBHXbuLumhKoZURz+sbiIaykuUW/SD9n/UyPjGsHnnqLCCpFCL7+bJEOIZlV7fxZzij/xRJbv4kMWxHebSTwbBGiEh3O+lZDAGsDxTn0r2/FgpTpxoxuJR6mLwBh+jLNr4uJmpYAfdlQXAgmu8UAC3cD4GThJL4N5C4BpRz0szIeLNd16VSzs/im/13JMF502p60Ng+oAi7cLYXbBJcGL7Mn7aXpHChvkzFqQEGzGYqILVax8rbG2AAe9xYa54GPCBX5Ezp/RqERBiy0LyeFZIAIX3PboCsAJoA8QNkuFsHTLisUyACXucIBrDtliNG8b0Db5ID3DTfsGwfBVWMLpk+fF0F42rZeVwCFibAdQemm8MEIhtLR+B20RuE8HBtE4POP8c6AynIUS3O4Q1HLoo+kq+PPjMXBxpYhSUww8JOsRXsqDowo8PGiITP5i4t2go2erunjkGh4pOpctek/fjmMeQ4dPX2krPRTDMbBv0wEfY1yEVPrLsrsm9wYYXU9h1zTQRDhG8WmO4epRw185isjUCTHk3WzMzIY6dJfkdEF+T9b8XCrkz5VQtzjM1oP5lrVY4l3XLBsLtGkj8SoCkRe8hPw1cDZ8cOYKHVHCDQO2lMRaT1IlVax1If3w7fdeYTJIo89VB76O1S+GrjkDkAqeRWx00QyTT/7KiEsIfdCJz7mB3lGABTNYmbmL7jDT23S/sECLMxtH3nHS+F1ljEDhsu8xDraAJMjdUi9eFfwAijzD5nafo/r8FRS6Dh01JxLNS8si1nCtlTYWj07GRjn/EV7VZD+6GpGdUEUudJVleq3h54MYC8cbOyrucHCYpbLjr8G/AdkrpdIzxIkzHNbbPNUTgo307g3E9A2CGQ0lsKtQ3zEzmUTeNFLdATU4ooyv6p2s8QJwgcthjHCGuxHlRBuccCBcUiW0F00I6TWqTs2ngT85GHm8j/+Z6/dAbRU/bMCB17QTffWPUcjK8CveA0InPicgHUXX/A32yWHntfcrxjqgin73CJwAnq+wlCPWoS0U7rH4KLt99SI5GyV3poA1xaOUgtpQkDCEB+y7yFURS8SWDIgdIQgyFPDZB33277ZZFI/jxF3ZMRW19SiP0pVG6yibHlVci63KX0TiFv0QdhBAzqXNkgoVSSy5D1o+bfiB2oDu5TkvdGxDM8KBdOYB63degMphQm5S5zN9pwmyUWzqlX5XjgI4UMyndULMxR3W5bwVPUFyRaMufEw5gRJXcB1L9wmZlRSnKqdhYlC/CUBg/kdInZX6xFdEpt2EgHMqW6Jof46J75tNxfWe6j6YoW97Lk1vzBej5wKMdI+kfdzo3xfi8c9mQ5JdiE8NfU9nV1XO8hXUBvL5/dtkxoX6BeDMl/ESUtQGV8xWx0HjfUnyRB7w3C94z4TYqzD2AzUMU5U/WBKONQAkElnI1bX66+izFRc98DAETC01OIzgShMwqIubA80kZB8Fpw2JZvsjVsW9nDhOM5gABdSkDh8zkKQIaetzOr2v06b0Kvg8p8dQ+J8aVREfCtkNQW7/GgH3To0Q6LYpNTMsuwAMNO4N80WrF5dFpnA5rTih9p8pbnsyZb19Mi7DkF9EUS7GBtKCNxY/Da2MOCAYH+oN4UHXH52wdM+5S/z0vIwZHGUto1DichbEjceTYpXcltowTdxyV5K/4S1VlOaD9akUeeQ697fz4Dt7FzGyKwOZxGPrY/mB3YQaSftrZxy2nGRn4BDJWrXAycUkcDnps3xjf48ae+kpwxPjK8259O3BbPgohA9u4lFbME269y7u7RfDh/v4YjVr/DEhiFGH9IsfJbZrQr26aSW/aXGX1+2+C+3ugDsO9mnUvBufiAA5OggN7I+l6Xw+oCEDwvNmALeRzCN0cfg6H6huHb8Vb2HNjRGJZThpaGKPTY0vV9sR3sSHK16PnOVtkcsYcC0fwS2d3NVHjktX9glRrG+TP5oCP3vB7q7Nv6z+3g8M964Cp8cNdppQETf/UcjFfFy4J8qJJtKwTa1hESK7MtCaCb4/55BYFGgh0RebhSFMel+q4WIxxgYJcXid2eVmkPrjSf752st+V5Xg+SFAyYp0Kv1s7xIjL/w6gpPVKsvCYgc96v6/93/322JK14N0i/VAdu3xsjrrUd8WeyJMWE4Ixmgpn6hcvWGSB30pwtpZNXKHeoLf+vyecOduSvM2JUlIaecdYCKlJMcLJ4l+s7Q0PkoEVUM8oni5HPMSCgaEUAOIAfvZPIl9TB9priBQPaIkl0xFPkPC4CtDvfwjUgyCgm+K6QfywLfCQEUC9gBV15vrdw2+z/ex+YzH7+GlXe1eSPpQo6Tt2Oc7+AaOQ3VahJhhVMdlU0MUq5C19V0zYdJZNr1Q0hbmFELvl47hbYE7sTszSgrGY2Pcvr27jWewDpFmEBENvHZZDWS6TFfEtJvRKvStX3K/n4OB8ZwjRDgah8VsERm6NJxdw7xySHHQgQPO+sovcD+B0JdG61xUQoXuFaQj4mRNiHqE0Q8Ym6i9MNs1t3W91IkXcjnHIWGbFVEcM+gzlX1ILgamfpCWrQb3ItA/JPiBBuC3ohkdnGAdRHv5BNgE9lBIA4vLX6ilPx3D7/MhSDuQ4FenBPKEXKk5YRsW2tIey1z/TxPjR2tSV1QChqoCFy6L1OvnhFckg86OttbJrGmaMA4kZosJzqx+yvk8HiMbSi7J7hLB4/rrHm7Pps3Sqr0gCnr5SvpiFisNl+FG+bbJImxrYGf2qmFVrHoqeB9MvqDm+1nyKD4w/LSY2+f0u1CoCC+m+UJ8Ki31Hij635Kq+n+Swq9Zh+qfmf3vsbZ1M1GIvCl019EoJYsf++nbZ2Z7nDOcCtE4WZi8FhxpNeeIHSyOv+AE+oiRBFrWeI91c6fXFEp6EyYBWW7X5iCudsB7wmZCiNppfMDF3rAe4RDp9vX2fYqkTgt+2LY/9hqpvNAZZ86zit7CO8ZQRFJPWIvwmtBO4mPWQSOawrDaQy4ojqkmtBfivA7ZPSZmQ6DfhkxcXlhpm2tO7btRjVras3BUOfy2bE04gToXiPN7dnL5Rx/PiKzTPQ8N+Rohmn/51Gru7nJ58qmBP7wWxy0Zqa28TWBBNHjKqUGHaUe/7J7/80g3v2CwgRGJ4pOzI+9uazYUSZOu0f4ApWpqhaA7svbGtWWo7h2YSoADJlzdolDtzy5YmnPyrGXsBkiTlarWoSXRwi0lHy2zlJug3moZ6Wg/8KTz1GvuZpPhtIjE8cDN70nNuf63f6RQm3e80p1h5uT/PN+sMIdvnArdMH0+31cNbZwn+bUBawmJQH54Z6fIblUbS88cl3zEuqZekkIaxtCUeGYN64h83WOMbQAYsA3huVgvaA93oXmGY464xaD4AGRB12r86tvD1aRI7ZDHXNKUsk18vMP334XwOEKysCrIHSVYSG
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:43:47Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744143-fc88-4508-bf10-458d950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:43:47.000Z",
|
||
|
|
"modified": "2014-11-25T08:43:47.000Z",
|
||
|
|
"pattern": "[file:name = '7553d4a5914af58b23a9e0ce6a262cd230ed8bb2c30da3d42d26b295f9144ab7' AND file:hashes.SHA256 = '7553d4a5914af58b23a9e0ce6a262cd230ed8bb2c30da3d42d26b295f9144ab7']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:43:47Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744143-1988-470b-855a-4a72950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:43:47.000Z",
|
||
|
|
"modified": "2014-11-25T08:43:47.000Z",
|
||
|
|
"pattern": "[file:name = '7553d4a5914af58b23a9e0ce6a262cd230ed8bb2c30da3d42d26b295f9144ab7' AND file:hashes.SHA1 = 'bcf3461d67b39a427c83f9e39b9833cfec977c61']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:43:47Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744155-c384-4ed7-8e28-415c950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:44:05.000Z",
|
||
|
|
"modified": "2014-11-25T08:44:05.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAINFeUXN7VFYsFwAAACMAABAABwAMjA4MzFlODIwYWY1ZjQxMzUzYjVhZmFiNjU5ZjJhZDQyZWM2ZGY1ZDk2OTI0NDg4NzJmM2VkOGJiYjQwYWI5MlVUCQADVUF0VFVBdFR1eAsAAQQhAAAABCEAAACIlcf5H6RkS9wVCZqcMotTtEGFkJwldb3jtpsmJ/7PWauX9apvfA5Rj3Q7laTcHclUThusdm9M3VhzgYTZUTIbmNlx4trfkYK9PyBGMFLGp4HYwOekqyrptTdnnZN6Cd0PA/tlALwO1AGmbV5/Y9k6IapMEu4U7ZjaSS/32Fjxl2vM2hyLxhqtEWm9aw4Yi6cAC8elgYHYIp22BiAMBdI7QW4HYAioH1plLHIuDuE6j8ItfTQfSp07JzgQ/UIOpxiKMDrJXascyDtA1uB1UNd/RR1UuesJqH7s5IQ1CLm1Y3A34IDW0AonX1KbNrv1L4DBzBu35xxxrqbcAMQNHRAq0fZsaaafsNFHyLEa3VGR1JzqCB6IZNNZJgKKgqu0i8QH4hdL5QmqDnx3lG7kdsuq3+ezKMLkY5qQr9PAXfj2Q29YU6ygSF0Z85UEQmjW1ffKI0v69MG6s73s0TsIh84UhX7iYnbJx1VjELLc80nOW1qbnuz8Y3QohV2qBf+PYdS7Oz/019u8mB86HtY1h4cclWZ/0xYbKUrOD2fZca8XMI5vl3cjjISk5vvdnAvGbkO3mxzmt9ixKSe6H+RQ1MtiEbsYSiWMmAcvpYsEyVcWlo+xM6p/Tqtdk2gELqdMP0oy4kYTx1LjR/Hj92PzhtJmsDjQ5qEDX26mCpaATLCMiw+IUCk+uREsRjMU/gj3yNkTD3+AQagFOK/RjJZlrbMWwgkl59fCDDkMlBOPCrhTIuQHKMu4xRdLT+R19fhyO6mXKEio3oGVVGKKrolwvGFc2j5+HXrdnSRctYFrdDvwwVnTKc/7YDwLD9HUo/B6E6bQErezQzXDcpJwyRPLYz8koTn8aBhglYV5wQVFqTI4deU2/u04W1/V5g60dPZpewZkwTMGHKBJkeXXg8UIwCSUIUABiefInWqXxCI1P6LpsXGk8spyDsSsjJIi0G+VAVJ2451I7pNEeGXbPOIb6annDfFmz4Iy2GvtYhsNBIjMkrlBw9myldkLs7NHASF+g5zdYbgqu4jVThgFS2Anbnq0gE+QobAXn9w4fiKy1BvWPNbDqIgckC0wALVDJsvm/ebmq5YJtMtxLstrM6UwrE8d72mMd40C8h2DudLjm3wDZMwoZtWSR7W0Z5QzRLkIu7bJLzrV/S4geaaWqrgHo/iImSaqwZUqD39T+PxCYbLxd39c3FRK2EQOKd/EPiIDxByJrhhRAT+hDMNFS3uos9QHZkJ7j4GQ+t4OXDteDWEysOFqofK1CFfbUaRb7/0NjULTUgQ+VVCSMzQxztR/i/VpJ2KID2BVGJD7kV72zXqWPPdaj5Jt5AqHgJdeGx9O+mWfFhGku8ahgYNbQ179pX8nIOdhJtSgGL6WgrV7BDOmnUksEzhh7U1gHicGR1cAHZaUzZNC+LoTocfx4Hw5m4oUiSkJGB/xyVrl6sHsoSVoVCSAWZ+Zur5KqxFmj4bSOUbKw5Jsr9cRO4s/q82fQIEiMxoDL+YDMZ0TxTuH826T6/INquilpDHPHVdGCepH5TTKV5H2rDqG1w6i3nBcuOnMpOG6fkhgGcjHFgWuJTEtI2sLSD0oj9OlEog1pkIlxtycFIafyQi8iGgywAZicNSaqQ0QLblrpIEiowgnwVJijoIkQYUXGIckQc1R7ELkZ6prHH3l9x04eOU1tK0U8EpmRwq7FK1dRMYAGwbnajs/naCNm/biF28lv6SzEhRk0xBDWh6i4jz4CoAvNUB7St78ntfvCDh9lsJ8VHPTSM+GB/RovAJiET82q2JOY5StcKauyc/u0Ipg9Xsh1jq2BrXKDHFaX82jZsFDuitpUTY/lhtSyxcWIxYrpcZpwtgic1BnVmCkr0o50zc6bEu67SBKcoVmwsNfdq6ZmCgb+TIQYlgSEUhcofyIre3A0Hha35CUE6AMapdSp0nsbBnSyVSp0Yhku1hETRaLovUW1K9odHG9YbFfKwq2v2ZWdUrCsdOG8DD+RSNc/j9FDP6BxHG13xzYWcoLomqlzVWe4GGLKOEwRYOfllTj69wYuvTVc3GqIQOJkvIMTdO/m+sN1J7I0HAugBv1hiNMOJSuqgwZCNRRSdJinon5GMpKfxS2MuyzK/Y7nvMtyvF0iwpt6zcZDYMX2mfe7w2CuXIhMwS4h8E7Q4BSYGDLVQlAINFJ05pPmN+hmPFbBwo7jIGJIyYHsVVtJ9Aho+0/vePlrfwl0x9rczW6jM37MQH1zI7wUqBApB5bHrU2unyD9rj5w+3p1h/kcDCX3mE+6+aa2ZmgQfi6+LJMh+r8QAJ8Y/JR2eUoamkddizqCywMkb3zzwqMfpFV7uD6Sbni6K5dISKxiVNk230xWLf3ywLZWdPFflsyq4F/54urmnCajhKsLTJIduHF/KWwVW9pYIgERakzDuIDRNFWkG1KAiF7Ongz7AUhjRfxK8EUES79zzN3jpSVRre61NGOzXetcMreGubiwFBRlCMeLEz9KPGF93hIl0E4qd6kSx0xWtciz/rzjxJhYnxpvZ969MFgkAiW9bTKFQRMKdPNfsBwUIpYIDQiylaQGMMfSmVllIggQBLy0d8MiB/8RnqhR207/lO0cADNG1kPKbuxVTXBkHPgE8IwLmH/2vgU/rRk8meWDAq1p7Wk5gnEMZ/F2mi1y1b/Wp/uXKVLcJkJTkvNpG9Wb98lAO0xATYFdk6ij6H/6X2sME56hPMpgEAx/HC7xg+8pPY8eyo/YTgr0ubllsIp2Y0XuaxUNbdvhzsqw7CG443IDM/efVzNA8Jk4U0YyH3M5IWHJ0kd7IZMhBpsb9HlcGhGHQ7RJvDLD+zYVN8XsZ8L+WMtqhZ5Rz8AwHzMWzXMf/NvYL1/RacWQla++kmOtdg9jJlw0dVgFg+0waS3+rQyFOrCAx6K9Z8zrEYhQaJfh7IsY2YeEkZ39afhZONJ8CJFmvc46oIR9PfEFrvjxKjP/SET/o51xlLOaVxF6cIyyedh2/sM298vDYA3Bi9pw8Nwit/Ct5y66qwfNBeds8boI4OhVK19AzwMYuG0oZN5rS8qTg+AyXM+LgmY1yiGsVRVQoqEo2duSy5Z+VbHD06Lx+nkKANh6nH3geI4XFYTYcg0qbalX83KPSnbJBHpSLcr+8PR046aS7UnKPYrwBey7cuRiPon98fLBPOEnOi4H2p/Wt0KxCUbJfSDOli5PvOehFEFe8OwaAmZHFH087AE3IFzz1jd9x5ldxsZqWr6Qtdu+qOT8hViQa3595dVpi2eg5Gv3NjuCFCgouS7DjiMu1BAPhnlKjgt95uAUt+bVMRoeiNCDOlwaf2cCpXTsKwrA0vk7e8V0hwii3rp5kXGhMzBHjxNHY+MZSlYR61SUAdIKW0F2n7NYpbpuCBV9HS7HgPcTlzOmXUzPmNq5d6z4ceNPVbVDl5R+YNAuCr6eNtMeLUZUlW40Hu0Vfz5ppMi6tDYXkwduADBZTrgx5e4ht4/6CzTaR4auX1IUvabdBNghdsEsJa8suguVqnvTXjwXBsIMEoEhaTzZKtcW78OEhnlTftFQid9gN/mustA6arjpmRBjPOQVHqC64Lg2dG9LDpNT6zcQ0dkzyw16hBlPVTNXZZtbMR0vOmm6DGbATMT8w+t2A+ngSZ5F5mpAb0EoyDiM1aOwrcTOSTCCsXhlyuuHY9Cz7MdIwAmNvKZQiVgvOkbjKyRpyeP/JfuynmutgLgYIl9SfNBA3JgbcLIKTmS2NxfprfpsJVJaD0sWKrqzDlxbwo+u1A0Jvus5lAcc5zvwG6euaftltfnjMKPPn2M48H3bk4aDnV6M6XsR5Og19VMkNGTgnGQKfP0YHPdcS0lwxA0FJfsFqwXEREHNP9V/cq7lLjmKkfHbV
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:44:05Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744155-ba50-43f6-94e5-42da950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:44:05.000Z",
|
||
|
|
"modified": "2014-11-25T08:44:05.000Z",
|
||
|
|
"pattern": "[file:name = '20831e820af5f41353b5afab659f2ad42ec6df5d9692448872f3ed8bbb40ab92' AND file:hashes.SHA256 = '20831e820af5f41353b5afab659f2ad42ec6df5d9692448872f3ed8bbb40ab92']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:44:05Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744155-d7b4-469e-80fa-429f950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:44:05.000Z",
|
||
|
|
"modified": "2014-11-25T08:44:05.000Z",
|
||
|
|
"pattern": "[file:name = '20831e820af5f41353b5afab659f2ad42ec6df5d9692448872f3ed8bbb40ab92' AND file:hashes.SHA1 = '8487a961c8244004c9276979bb4b0c14392fc3b8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:44:05Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744162-ca38-467b-a598-4655950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:44:18.000Z",
|
||
|
|
"modified": "2014-11-25T08:44:18.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAIlFeUVRMSXoClMAAACaAABAABwAODM4OWIwZDNmYjI4YTVmNTI1NzQyY2EyYmY4MGE4MWNmMjY0YzgwNmY5OWVmNjg0MDUyNDM5ZDY4NTZiYzdlN1VUCQADYkF0VGJBdFR1eAsAAQQhAAAABCEAAACA3MjWjrhcq9Gr+dwCQ4kVfASiXNzRMVtFbnD5HaWqK4JT4mfqLuj64gci0SJXkqdirIki5uAM1NKfamLm4CvvF/Z4dzsIuKGr4vQ+6MSSjpsUri8R44YPTUF8FTTndRjhOqwgMPLtk0xeM3/7TB1QUmDEgp2MNs2FU2s+Bz3lh9PFhoHXRs4ABuPYGaiNmkcbzi2WTj0kPTBKSjM3QT7nK0vxmjvHu8crhJm3AFkAVggGgAPodHnOtM4bmfuuIXnnfjbmVccM/pVYLL+wyGRkuvEeOhItdg+uKc3XCtavhEbdsqzPgP5rElJwkN/hUCJbQYpV+zCf+zRyL+r07SHu9naC8wiqr29U5eNRzkjqGZ+cvbkMxb4SF0JKxRd0X0fZIO8xnFKk/h1ACgiEKv8RQ5se26ro7PrsbRfQV/KzTgpO6gJJR/r/gYZxZa2C13ZZysTyMR6fzZvrgL2xegDpaSJ7sZWa11Wa/Wiw6JSXxLMfLbSX7KjTTnfWmTjBGrx8SjznkB8U4mZY+M+JX9P/S734n1XA4FGtwIsr2N3dCTiBqtopTAmul3tuh/cWNFG+b3ABBtBRddQHk2XIbqK8a60jaxEt3IhqclZ+d2w/WFZQZglkwVYflyzGtdJnJWZrzG4vbA+lwcecoOYeMtLy1LfXfAAfOvM0oXbnTZ2Nr0XOmgsWpqp7BsPIBaYXJXcX/Y2lWCjlr8l5KTnzWlKZXytj0xOwSoJmHM06CrtPQz9xwnImpFlzl5mnveKcXuXR+yUp0kcjvoABD86IIcEY3RXiTI+Nx44TgbWnvLE7ESpGA9WxNuREJfYd5mUf8eHeICgfuzYE2LHFZjSbceBJF2d8d+/yK4Hx2xFMvZ1dd+WNVzGvNJIXqxzsKssx9C+D+IdcYfCuspsKNqYG2Q4wAqncY2V9LW7CTDChn7lvZB++hPsDSg4kido3V4IEfZFaQkEx2+HRZMZ16elaMjvkJLSEY1yzuqE1ZXN1QKS4ROWUxDfSfBDrt7NzDaa+yQ7+KNrOI59tFZ5Ynk56SzX5Ah9YrDfUijj0I0nghejF/TkYlYdmTwl6DA2WhoKIBWbJvoA6SaJPNYJIZ4ptBSPYJ57dtBoc56bkrLNacw7TZ+DRYcWrKa3yjafhpp206hr8Nf+xXuihntAl38lxCYLoz3NFCV+YvM5u4lnZqEmFKpHbX6aJheHDJxCWXOnsfm/0bDo1rKdYN3974Bp6+5c2omiHkPVjhBBJbMwuhG2wrXALZwWd0SyXg3qQD+0u4suEDjWeHFSGRtpEYBtO7mByh7FGB+DDPmNsaoC7sB5aaL3JPI5z4L50/zzHO/GgRWxNY5m0aBEa6XSZPCEOLUfvL9sIGDQX4oR3hnarUgjjF5Nk14G7m+HFJWE/wr04rB0tmt3RVQWBDQMU8QftHB16lTlGlK9sKEiKpYuz5fYxuOngszJjmketyuBzhENFJB+uUXprGD+Hrf9nI2xVzo0PhIbbuzumEsD8o8jwrdjRMtLviHhPaq4et/1TYEzgI2I788OvbvdV0JbeaX552lRKv1cEL7WmdfMaT277Vpa0UGRRSX5PgfvrWRS0pbZb/lGgayvM8UxuMSngku0pwX4IDbokPnRPLwuN0gECx4+FVPo00ZMWTd2z5p3MWhAd0yV0Px7seUcjhgEvXzx2hUbF5x4Y2BzDtnQN30yyURyF8YZNUb37MyK6iAq60OUHelyeNsmYhPbDu/oDcC4ndqdye+vmMytIxS1G370y4OqdJfzTVkkrohQfmKh9Gi0o9KZb2RQ+0QylBdPKRX7G6YB5KvgqbEr0gZnCV+p85SMwtfzHTnaNq8S7CFe60G16RGCQHl5Z+jcmQmbqaK5/hgtFgqmLl88buhEs9B0miSDTeSM/NNrnk7JSwnswrkmH9SygUm48hJYdiZ51zTBeir66Ly+U/TGhnuKSgUyxY8yXSVRfTarA6gLWb8WCUsiJc4Bcd3nMyEmvolWAVVHXcZ+2MALVNZYlwfI1WyqojBbDJlrXVxwEOWurB3YXmVTLrA/3ORL0kPBfRllQSFOjVKWtjVme4ATaJogYr5u+n7UZUfd/0nFJuL9Yz+LDt3O/YnfSAjqZpIHKhdcfpALBTwKaM5DYFfJB9Cnj6FPxX2QNDYfGXy5Py586H3sv1Zko3Ix6ZV4JqfBvcJdnWdNccs9n+48D9ZfI/U6VWApm5rDgJ3eDYJywMN+P+31S1yBBOdn3tT6AWT2Q4cduHKkoRjmSEHfvqzrwQolV++Gi3MLQYEhseH+j0B2b5dVz7I0Bbd9Rv8sL/LRY9H5qhUg7Rkp0MagN0xuF4aNcLOvB+jVNyZuy8v/tQ74GTlqpSNYox9YVjBkDteQi4QYfQwaKpWPcsZ5OpI2egwCa25zDfBKxlQljiSrmk5f97tT6FUbQNZcwHrxI68apdknueKnTMSEftEsGQgPK0wvjkyiQtFIiv7iNvzmuSm6kvYjb60B2S+Sm/lOUHAxClN5qKRl3O4pHzBGa3SInuT152TiskZlv/Ckiz2Qgkzxnyfhm99rWONE8ATt5Jh/bQLnMfuZATi6LnxBXiKUVDkinaUZzZmVIlTYtvu2XBf4pO4DfdmmHBXGoi/tmOYLkRYLU73VLU/4ZKdRssZNZCv45cc8+5TGRYHY3HU5h1Bcff4iots8FxBENHHfhEyrXoMl9dpFyQYiNrd1CN60HHx/PDz5EEp1y1CHwrYc000lWXDlvxiK7VA8YwLTmnGUPA9/yErql9llxDx5WZ41SyDKOZDzeyAmVYgwNkns36h4XV2MPTiXtSkmT22DQnjN3X5FAvZA9gldvb/N/mZnV0Jwd29ypSo9KiGopmdLKSvCf4EJ7UZXGmAtTCy2YhrM32InWa/a+pNEIfiC4FtoILyApJB7OsX8jKqbg6H3u/oeixw9u5+OTP7lLSse3d9cYtRCm3dP+V/0H/hw8+YDPzHNlC/eHIiPD1ACPttELReOZk2txDNDpPhJMJXhrsfofXM41ei5S974qDOq8Pz0U27Xz3aMpkXgd55k8/n0zpOui1OQ88cC54MQeUN8BpYEc7vVn36yFfweLl8jqVPWhVi1u6SKpvGsnRWfLrOXnO6q0RcoxwFbPuCYeAcxntoxD6g0SwIUJMVXMAYwmwS0zkpTcL4g7NIqvGTfSizBm5AXUJC7pKmBvX4RGe+2UKxd+S8dzaoc6ppo8In8xOr88wR21sWIrZQ/Aipg1HaFQYIurnI5f5cYkBMFbjdcMd7mBzmsahEnJjBKWxF1LUx8H2SqTDpW/q8thQfzMoBvp62i9RBvpZZRycGpA7WjdlEMV6o0QSAVtwle3a/2lhLPZIB7+2dzI6ST5j6zctzcS3bWQK42408yJRFySE2UMhXxIOr4dmXuOtU98g5B1NZSTAV3g7RXev8kzkc1gDrhO13o7qQrugf8zcH46KJsk4TP1k/SBnjyV/jfRqG09J1l7+E5Xyb7MwLmzsGxno1jcAPqb57c2IaCXEJDWK8NN49jSv4rs1rHrqbQ99biLtCod/0WaxJbuxQaCHNhCGBgNT+D2uvr4bwiT2cw51iQ3yJr4UwlaQWPQs7wyrMuvGKkjGiuaCHz4C9hjiwUWz3LhqO7vJYL2CyFEUYNy1ckQRlAMOwXTOhF3blLGq/T+asxvjElPvkrgoW0wfDyc7tlof+V2fqjfN39QX8Gbd30T/neX5LOPVGR4ubPQbvZYKVw41F0Ll2sJMqwBmvGtvs45eVN/HxiUIAaoef3Paw1mP/LP6K9rzh6mO9rY5YevzGoRtKXiGN3R9EjeGwBddq1CtM/8jmZImJPvattmc+R+lo5TitBYGn9Um+exvcsTafeJ1k75N7
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:44:18Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744162-b20c-48df-92a5-4fd1950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:44:18.000Z",
|
||
|
|
"modified": "2014-11-25T08:44:18.000Z",
|
||
|
|
"pattern": "[file:name = '8389b0d3fb28a5f525742ca2bf80a81cf264c806f99ef684052439d6856bc7e7' AND file:hashes.SHA256 = '8389b0d3fb28a5f525742ca2bf80a81cf264c806f99ef684052439d6856bc7e7']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:44:18Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744162-87dc-4aea-9969-478f950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:44:18.000Z",
|
||
|
|
"modified": "2014-11-25T08:44:18.000Z",
|
||
|
|
"pattern": "[file:name = '8389b0d3fb28a5f525742ca2bf80a81cf264c806f99ef684052439d6856bc7e7' AND file:hashes.SHA1 = 'bdd2872798659ea9fc6f9e6c3300a5e949a54e41']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:44:18Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744189-9804-4e96-8ac3-4887950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:44:57.000Z",
|
||
|
|
"modified": "2014-11-25T08:44:57.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJ1FeUWD1/QAgswCAACABgBAABwANDEzOTE0OTU1MmIwMzIyZjJjNWM5OTNhYmNjYzBmMGQxYjM4ZGI0NDc2MTg5YTlmOTkwMWFjMGQ1N2E2NTZiZVVUCQADiUF0VIlBdFR1eAsAAQQhAAAABCEAAAAsVlElLbHy/6qYmL47pOso5iwqBf4YaiTHyIezNYlMdYTw9jPsYRKLO2tZzQMcItjlu/u0sB4ecZW3b/y0Rv5+52PHXkJFlqgm5f2Y5GKYNLex6oPj8dvqXWTWg91TcJIyqkZ0NFz242RQq4xAyZ8NiGoR8iE84FHifkhKjGYj6IkGsjSW8jjTgUSDAbjA2oVQfFdtJIRdiBzpH7LcaeTlLKaLVHuM1VMkx1Vxl5fwjfbwQ5E4pB5OCFn+wStFLkff2neYSzwT4QHH513YlKus+km4T+OqS5Cskc/H0hA3QgeKX9kEiaBfLcYuyWH65WGosjpdBFVdBe9cVuIVK4kSP0vJH2YGJVcfpvITuuF2ApPeqei10X952HJuacwWj0CAhmK3P7yNCVx4rJXiLJ9byJOfHgU7q1ho/ODxq4A+0BptYMx0C1ScmE6dfOoaEduebI44f53LOBpgxPDg7DGgLcLGjMJ4uRx0dVQixzR6eiAa6BZrblB5FGShftDCLftKb43i8dDOCzVRP7eNX/71tLC7WGxCfq6hWYDpwxBAhUeYvAhHGn7uz52HcXzbzUP47wDCPDaZq9TssPIoDRe2zYgTMs4dvlhSZSc9UzaYa9wURzaZsmh/63Rtjw0bpUXdC0+WBJFH6/TU33UmbWJ0XppdZkWe5OnySGXdwNn230P1Nt3UWSUz2nP8BRAw+h9BOiybQ9CN2nC+NjEcsvRuqTVF8QA6SIlOR7LKPGo8x2kaB08tpbydUJdilATORjFfZEYnqTbZ8g/HLNKB9bgDlWL2HNC5i6FZ56FQ5xxxim9a3OSXYS5yxVBGZ5crHG49smRbmCvH/nGfvhdleDEYcjV57OHQa24d1Clv3HMMRu5wkCmb+Xw785H0EMXuheLeoQMPrOm/gJyBJhfTWm4e/MZczPmv4EoaB9CzN3br15rX1iOx85qUeIDAE0JzTRO82doSFGUaqFTftDHjipbnmdxU4ZEv2sDlJFQQWTvE3QxRIBuIAOtP6U9hJ7KHmANjfVhHAux62wgEeR0X0WQR7CiJ4LDK4axc2Uy7z8sqdxnq79cXN+ZW9zo7ElraIRbcM5Q80oIx/kFcAKc8oGtmisRMDknwar1FBDndIJhUfBAT1Uylkth6JB0QceGTAN0MoBZl96hAnJV3hOq6zjuPAAF2f1d42HIOa+81gA+rOV9W+Gl3kYwtOJqnuYI/6ZxPa7zs7aJnCpx7KEF1ZVTcqScZcil/tWc9AsCQ8gIZYGgKR08RySCjJbij7HfpsuAfqc55WJ6thMLR1Io6eyhkq+V+ElSgHaqJOcb0jwAMyPa/UkqoxgFeA52eR1/Z6Tz1ow3ciD80yITfJwOCYX31OnGGIqi+IrFWGmTOrZvBSZ/jWh25vlkl1cC5+ogtd90V6Mz23bjMgNIcVRJpnUvwBa5mrCykyV3vCO6JQeORMrX0XVJ8SiWxiC1iILfCIzvnCboWxfq/thDVnG0WmZ4z943Un8w7zEOqRAtDkYX4G2Cx1lNwJLaT2ZGNIN/qWFZqGwS9JMD26R3PcreKMkiKiZiT725/rUzlrTrVMKekwj7NnkUg6kl0UQVGyK3GgCN5r5/yjwRKToTpQV8cWA/+6/Z6wGoqLgAVuefu+nk3hE4UwcFav5qAMZAsOM3QWerh0tFGfjGLwf9nJZVrzJSiUuEqmFIe7el2VQ7hWYhsgXu6CQJErWdWrLWnaNWzRm2hQDz9YdVO7a9Fe8UHmuG9i6hCXCWmZJDYLBv1NloAsiMdDkoHhOXixSQ8cwDacFbVDJlWs2NxeY5yOV9l5zDmzk31rFV3mhybuGYI7qp25EYdDjSRNmFRj03fZtvjICQYoeZL0QN55kn1Rte1FW5eo9bA5UIa3KQv9gjS6jzKHo57MgvL3++Twu7J3OBue9M17gNK9SDR8RltayDWVgapqFgZI/0a/hm6+3gkB04M3FKOCAIn3bnWUGLvPTNShJEuRNgCkfFGkJP9XPg+XKTNQdlmFq+kWi5o/6ki5DpDUbZ0QbhpMnGgwZw5lEl0Q/3hrIiMiuUsrf3eQoCcWtR/WvBbJSLBx6jxFlPC/Cof0Jr3+8BJx/VtvHz8Oevy6/aMdM8Gf27Xo1ADyg4iePLl6S/K+IOZgSG5ou6nJ4unfF2zWLKfsR8rRvxTh85CkP1fa0xGDtbBodwkOZZzvEXGQy/9Ic5xaEQXglSUc/gHcx2qnYtmqAO73GfTeybN3JJBHXdjMWex39rAPLGdkLuFVIRYdIa89kJm800DwkHp4E1eb+vEf7JlUXHbQM7YUrF5YAhrajMi81K/2gNEe1mM4FYK/sYTu/Z64R0utzoPelYQyTgxUZXSAX4Q3Rns2bwmYKISUYT0f5N05U+FpxnAoGTPHLqFuIrBEEnEhWwzGjGXKPsn8kGwcZ6fPQL+UYr4mJfdVPKsMyLJ8sdJeQ6e7fdk9aXGIMCoddcwqhxuFTEKefHVxswBcaUDEzhW5t21nDbqp7w4XooeuGUwyH1g9ytEx7/nKN4Nmu3/Pv/urnof71OIIRZfd7OK7t2B43H76iDN0UU2+BACBPnehVHLBiO/LxtFSXoZ95UY71LBibhWlm+87JyHewGketZxwZTdocNV6Wlp07zcd4qHvE9/pNOfzL5aG/gLH8Q7pPqsmtHSKQW/CbfaS5Ydx4Ti6l8GzzQkzfOxKB8EcKK9DNf0bqOnYmskhRXWFt/ASbABqgfnQxV4+DuHFSSM65bO80HU5gC+kcz1wYdK66gRfP02MnPRjquFR2vIcJUPp9BypGsxo54b8OH/YEEsM52DU+RkUZuXzfWoV8TXCCD/Kjb0HGka4H169nO/09dJr04/i+rVB1EyoXRPKYwJnj3XMgQf+MYMS5SZWnavslRHOLXAcT2qhX8rcdfKIKm9q0K85BWIr/0udpCW1NgrIXPBjvWSUX1nd6pPUydpA3vSWLPcAdw4pQsYiK8Ct1NlQ+j4hFLwNv2+uNSCEjQNgpm19J30kMT1+IzKd/03H+4s6eay9kwssLN/IEUhHigojH25riZnJw7ojJsyBHNaN2+QjRTg7r176Wn87AW/b/ClJRFdPfelVCUdKnYICxcOLr7xTRXlsTVzTuK8njBW5eaeounntzUkRsYN+WrNDRcSnlqSfMT5HPpAQ4C9jrKRm8hLkqkW9GOFYWLxdS3A5rQ77NGQVoa1MktdgeZZIfmnMa/1V2RWOe4nsN+hOI+Nsv8xNsYyjJ7WTjek9MQveVhraZ/wdyvNKgsN5o3Z2hPdanISXvYa0UlgR9j4F7rlNBWprAvFeggY/ruczdY6GuoTGfzoEe6g0MeIZPLYyYOTPVKbP7B0OPPwpOIflToqLHU4HgM0f/uexcDUBDn3iADsHcRl6lvY4lLifu/d+1H+WtEOZaCQ+7D39ICyqLfaid4aQECmHzO1ylmRVLI/t0kDT9kuKVKmQzsGwg8rnjISEEtTh1sIL5Xbyjfs9wJcpi8jjUnSA9zbk9Vv9KGKovnitZSdOCSqRhYK1Sf1VM/iaEHExRTyM2peDQ7mbe6hl7cF6cvIDK5yHn9C3s8ggTZfMAcloLYLmZl+6YsWBF11muq4onMsqvmOJsVTbTx0gcF4qnTlUP2y2GB99mpF5jI5MeiOa2pAwjNUTFt8YHaBhozVl058148QMKQr0jX/N9a6hgQj6HSMGLYOVmt6/+Z3lLuyv7ErSHXARBkodRZ588+jX38rNFqMFnnfL7Y0IuSl/DyHdSy2y+vE2D5BjmOB2AvWUGDw1TmBdEH2o15X2UHIngWCvN3j0mBOxvcWR5SFHHCMiVsq4Vy6+C7rCIv7ZFfpuXnizHCMa5iYoYEyvXjq8DRIT+REPtEIId
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:44:57Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744189-79e4-4214-8530-4185950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:44:57.000Z",
|
||
|
|
"modified": "2014-11-25T08:44:57.000Z",
|
||
|
|
"pattern": "[file:name = '4139149552b0322f2c5c993abccc0f0d1b38db4476189a9f9901ac0d57a656be' AND file:hashes.SHA256 = '4139149552b0322f2c5c993abccc0f0d1b38db4476189a9f9901ac0d57a656be']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:44:57Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744189-f480-40f7-9e33-4eb8950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:44:57.000Z",
|
||
|
|
"modified": "2014-11-25T08:44:57.000Z",
|
||
|
|
"pattern": "[file:name = '4139149552b0322f2c5c993abccc0f0d1b38db4476189a9f9901ac0d57a656be' AND file:hashes.SHA1 = '76c355bfeb859a347e38da89e3d30a6ff1f94229']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:44:57Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744195-44c4-4dde-8640-4fc1950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:09.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAKVFeUUpuOedrBsAAAAyAABAABwANTAwMTc5Mzc5MDkzOTAwOTM1NWJhODQxNjEwNDEyZTBmOGQ2MGVmNTQ2MWYyZWEyNzJjY2Y0ZmQ0YzgzYjgyM1VUCQADlUF0VJVBdFR1eAsAAQQhAAAABCEAAADbv/xvdE/L52c6X5xue9v6lIRdGumRviDoXe/APgx7+TlUhhFttJJzHpgdvVmV1oQo5VnCMp+L2D+nIJqXJxH+lu5aWp/yrBjtEDgwh2g5fU/q76d8ff8++6Ff+BEH3Lvhe4XxPsHDytdVdEpLJh2+S6S65rZEIA1WcHi8/IvC+BnpxUFrchGjbTLu5d1UAHxIiBmZhy5eQdvP+jo4C+ZRVI+LgS9TkaMbPlVxM+nOGUugLs3jBwY2Z/hVACWjLJXu/Gde+YfTk5a0ysEGA2V9uZVKsMEVEuDDUt6s/ExdmXs+Wk7yfYbu7sniFK+MjKQT7qeKbC0CnGzKL5GuiJ6vqftvfsivnk/Yb25INwQl1sefmKyTds0p1OYToBKSxZjLXECx8MMraXk2XVxqJqEWAd5A9wV270aA/JBxA43dkTO65BUkQzQFl06TnC+YnxvXLSdxkjuQE/NOJC/bT7I7UDazo6wyemVilkRyFUHrdDn7xNFaoW+Y+hmcLU1TQJwmxqkEvikKrjeKsAlPaUQvEH+X173yKo57Vxe+2MOcpGLrN3Cy3I7XqC3W8q2fJ5gFe0ViAhUDhVvU4NLiT6emykCm77M0kBzUFFPrqFGKrzUZ1PefapPHXfPexL+jDLLNaGAbuPESd4M5p8M9bbc5e1KrzL1hf66FMAry4qYr8E6GPg6nClxnnfULefE31YJjkndotveVIcfOOv6RZa1pc2GqJzhcIqMXwG4knoGEs9KdGfCvPdbwkCehZqdJDKXZitpBR3CN0MJtvJutPFL2esKyjg+s5UzCk6do9xmGXdvuWnSCh2LpoCOr/GrKO2T7hWX2ITt7r5ycP1LbH1h83YlDHRe8kBSRjJANS3MbaxYIRhS6mO5NcCnWSBMjVdMsOehbtABsh9rUDbMn+Y5xIzm7Sjyb9ammi764Z++4HcxgGkpzVEjVTvXM1q6bjW18KuRtE3CZu68X24iA9mo6UtRsN8HeqECmmCS2U3Ushcbib5zGu09T6b/ERP/73TxjYRYVSaH7MgcCSb1jM6pPTwfiba/MYsOWBNZTqrSTEjnEcienY+mKYACAjOmco9+kAg2aWQsPP0uipSM194/qrHjiVO21+U9LWJ4DziyPUuS13JDMC4bP+afPsEwJPmlO/AThqNwh1P493JBWJFtE8wVv9NNln/Syo8RFbN7AnkV1gy6KGWHPxD2Xkve/K5i2au1fV0fl2VoFjt6XK0n7CSJK25U1dFapRtqRBGSgOL+D2mjp3rKYt9lypK4NzfHs7ggrJKYPldubGkr0cbhtT9/VrdN4wBWyPYSmzdCYqBNh2mrsRdyv8ttLFQb5E0YI4sw7wsalIqVcfzhuUgmkvFzYpRR2N8FN8OuumNUXWpW7CkeftQurNzs/7X6W507CcwMgjetatPdvTMBxadg1hsUXjwTVLCSMU8s1JtPYaicMPgB48jZnmuULUiSthKYxdtVgW7hWCygHOhQUOpGrcZ0qWyGVy52AJjqzyAOYECBspRMTAPzpMiQdMBAiuGidj1hSeirYwkvlEpwk+SSZsfK37P3R4YKLRN/AZqYpi4688nbYZ56VkZ02/ksscARiEpNRMZYV/KJQf8QGk1VwOQLZGohHxTrEQ3zXOYYnOdMIPUWdz/guQAXVp265v1gUlahsS9/tdPbsj7lXkM8N8FYAOJvkYqGAOvCyLhc+QeklWbahCIrhOLUkhTGfhvmDK9Kq1OpQLnfd9D9fLL8uuwxQYdGRgmE5ODUoRpj75a0HDO4hXnlVJECX0znsDDDZAIEZX0PgnZTJDbVmdFgfZn6GxEeqOjC1jE4CtcVriGZgIbcQL92zH/mrXgyKWHiOxBQBL0oeLxaDw0fSBqCe8yOw4YK+tCjYV+M3ZGpzOSBZ3Rdac3gfczJAkIhtZWg1Z9xzqObrV17henknYAGDefAZg0B5C2NjzLkrxiGPfUDao0QCAsNYCRnAdjkJdGWP+riFvZHxlwutbzT4+XfXSiOTXuo1btJWuIocVdCbCYkrIeuXDJLrwAKyUkHECMC6T0mwMxvgHC06qnn1230sqN+zAkatLA68ohKd91kBKaa6OGrHeZJGQHjOx2WBsp3f8dZRycQd9iP5mwevF3TFfwVYFwCg3wG7yh6qqIh4A+rtwJxIa+fOxLrBtczUFUqkXzI1+4/1BUvUX6tY14+LP7oHvmHVH2DQuxd6kaxgMHP2bTR+HFcyD5Vcpz2dcMR5pbVDPzyOCQIApLetDa/iEkMiuc2EtWDFqDvTuDaFlTAohT/Nj2Du6CpbqP4igCCo+kFN/AaJzf3kUCgdA5HzZ0c8kYGAODkbNDsJABGjue6QCwj2lTkqiFprkw+O4309XR11b/xVLnMYWrvyVkxJ0pM+cAyrwKNps8eho9Pv9dzl0d7U4ihpalg/G70ZbZIJz7ak8cALAsNoZmY1BmEqFQY9DTFTT/naK4Wtkx9SWGRU0m/8UNyBOnPwwPkREYKrtWvlQiyOWFo9/sBlUSn45YctJXFGuOFpsgG4Ag00U+W2zPa5usUiZklfnUSANgCpmGyHI8lOU2SVqce/AAMAc3GiGz73lVYWo98J8OJGyipKBJTo+8hLeZhMyocZ2TgZffGWICmzsjN1OP26olWUtjN9REqREDU1AbQM7envHXLsvGfKmCX7hQ0m6qmifZyBnvH9f550tlRm7XO5o6E8tF3dMjhNzKfqdmcYF+8x72BDEljnO30L1Dvt5UCsS8zMvcHrAUZHwOJqH4VOsh18ZicX6yZciyNosX2Cd0vtuyy3Wqo5Wlr3TUaWJtpszCTxUUQgBCxVOEH/Rk9BLGWEOeVh9tKcALYNSyvB/Lq2stA2c06nHyTSr11HSxD0Ho8SmErOLEC4Aow3wvne3iV31YeatcivbqwAal6wd4xthhZ9G0vzpEsM58sLvVGcXRGkaH99SyneJR8Qt6lL+EmconBGWZOSITB+5fLDAnQbYB40a1EG+X8zJFogA2+AwbsUm1wDM5eVu+Mdk3vJVf48kYVVZEFwV2VmM05xiCCkpa3crpChNp7LFDkyKO+mtfFFW/FoECWTbtY31KzIpozUvm7DLiEOXXMPqxqmKra8GdYc79cxuA1AJ/yYhqBd2HTNe5r+CZq7AKAqBoATmv6iNsMd4VoLr4cSDpqvK8SNYS5VsnzCoi05Vlab4c8/ntLsxPvmM/1GaAiIySwgmWt2UDnRd3Q5XorSr/BjSfA5bYefryK3bLjQvypjmjlCyOwbMFsBGswzX+D9gwwjDtm0uoE3NsToQ7lib6EFNvmoADrFPfwH2S8AM3g59XkFhiXwMDa/XZ+UHi1QIxu+LzLegCLuzLf6WL2i4IV21ZnuorSDkOPWE+Xk1vPw1Kl77tsKQd+LSKzLM0yk58bELGC8E2B2oFVF62NL1PuNvjLT+NGuA+FIwXRkpCZ58EdpnFv/dj1W66NNpz/0fYLTicGiBQWAQ7wObxtOibSbeCpaqt0fEtnu9pIG7DhMXkP50smg2TCgzoEZllU1W74B/6a611CH29WR3USPkv97ff9Bb9AeKbFDTHFB/n/fYbcTht+wbHv/eOWnEX3RLJ1ZgfaWbU9LYyf2WgnD3ztOEK+qMz+jvIwOboST7JVTTb8KlBnNf03muQQURPCibM226U/rbmVgYoWzlO7tEj+Rw4KQPUfcPtIt8nir5WRigfKfSz+l/zqBF5EbnVSgqpFIHd554CBdzdx1LOZSrrM2WGKPyNXN7WgoZhNtR2iRqi4SnWENnGBekdf5khObJy/zg+aOmtpFM+uZRb/MgjJsiDrzvhZyLROzj6ZK6e6cxRdVIa27/5cpnGACumTgTW/L9Qzt6Mwmb84VO5QZ0j
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744195-b1bc-4493-a918-4727950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:09.000Z",
|
||
|
|
"pattern": "[file:name = '5001793790939009355ba841610412e0f8d60ef5461f2ea272ccf4fd4c83b823' AND file:hashes.SHA256 = '5001793790939009355ba841610412e0f8d60ef5461f2ea272ccf4fd4c83b823']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744195-72a4-4b0f-ad3d-496c950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:09.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:09.000Z",
|
||
|
|
"pattern": "[file:name = '5001793790939009355ba841610412e0f8d60ef5461f2ea272ccf4fd4c83b823' AND file:hashes.SHA1 = 'bc79d07eb4ec7041dce91596a56cbe07b5e107e1']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5474419f-aa54-4a68-8054-dce3950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:19.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:19.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAKlFeUU0yZORYh4AACAwAABAABwAYTBkODJjMzczMGJjNDFlMjY3NzExNDgwYzgwMDk4ODNkMTQxMmI2ODk3N2FiMTc1NDIxZWFiYzM0ZTRlZjM1NVVUCQADnkF0VJ9BdFR1eAsAAQQhAAAABCEAAABEpvoW6RJ4lRfbUb2FhNuw0E2zMeYvFB9yX3wn/Yg81fde+NFOpNsAUX+go6LbFtDfDCpNx2DSh+X+7TckEB14Ey64q+hY6Txcnr97+4BIvwwMPECgd7OkycC1QZTS93m05xV1J6w8ymjobQcaSNZaitGaQ0n9Q6DDD6K7o5/il2U6BkmoM9unI/LVrbDCefW/cudj5fJe0Dak+6blD34t7JWd96k2b5SeFMcOSlQDDX1nZV4a9vWY6Szb0U56XJvnzmmBAgVujXMkk3RY4H7PzCkKlWR98IVw+t+aR1Ppkm4aOVelQFAdMZjgVW07KEBDHhah0LuF/Xges/MxpQoAs0DQaTJFk73dOziBg6HJ4G+/OZMswPgdiQQ7lXTgJo9zKi7PyGhioouFSsQgaIilgc+mdZf13ABXDHHL9Cg6nlNxM0q9KNap0bQEzG8PTHtBMWwduwezgsc3iiHfc0DomdM+G8fRl97w5Pl4N1sf+IEVkZ6H4wU/A6h5l04hwlaw1/jYE4qWqjuo+TBzc4LI+fIgqqP1NEMAl2kNxPIU+zKHHTrkfwh8dYrmB7bwikwt9/MvyalSKj+7eh9HDrjesdOWbaENy3I1cubYynibvScgpV1TQKngkO1lNyze5Vwcv2hRQg1ImNcFyd737YL61Ss9l5nlyJtRrX1aNckpdbeP3myYT+iQSNiQDj515C4ln9aKvdkvo+LSJ+Eh3/b+zJPBKqpP8C9tYME+QsSS5nntJsi4TXDgemfIRDRLusw6hvfMpOdfD/0aMs4GwGrFfVDFpwQ8oQzxrK8H6skwGVib3Q5v0AOnOHIP1xJgVw/3LBp9r3J95X/FMNz8MAHTad5ensvrMTMaWyTf347X9J7WzsCMcRZXhqSai6tZNTBMhi32OJP5X1HToSl+Bl94p5r43E3M5USK25NFpHLIcmBa9+3NUyzvhzDAtB5GEaUMSkt9DJJyXn9Ygy7hkK8DxkWDmXaDJr0Chj+CiwqmVuyDhpxQRbHycZBxIWg/CeKdAB/9I9W3wFfjg1T0r3b9ah2pOg1jgVX2zS6YoJtjBFubmMzQMTBCtjNrhUFPCd4ak25Js5VjNNad+9T0EnqUh8LdRlIUooXb3MvxTYZEWv2jk7HpTShNF4T0wcBuX+w+Cz0SNw3PVct5YWUWJV44DBV9TSQoIM+kU+XOJkGPV9ZifYx5gGCvZHEm2dfPkIK9onw6f9KsbYAoFoyn03i0qCEO+ePTUltAPvBSEwjBEprjfZNk0VZz+ELe/uPC3cP0Ot0X4tGAV68szdJnw2wD3uJzQmtdY0uTJz0FGY0RCK/JPQgvS/plJXP6D9VUQ1aVwH+h/5Dw9MHaA/NQgPcseqxlK4+7KZzbg0FsmURepIhR44XN+OYHaLvO5+FdN9mWpNyLlahimVvSX/xR5Di+Pwtq6Bz4eSIzXs11u+UYLs4pHrlQpOQQ1uaHcD7h/oNKfRfATrB24DG8bBKJMU/xni3BAmCBX5fQUoYGNMeHq5KRNZoykRkii9N8FlWhOTIsPEyjt1MXhv5RNrX7MubjtYmoXk+ixbvyPu036J4ylhX0v3L8izQX4ZbJilqZIDZw2OVg7UpiK4A9W4HydO0br5N+nXUEtBvc2WZVLBdB+DW6NkGJHX5dG/O8Oiwv0i7gBWH4N51Ewkt3W7YmgozRfHyFOVDPTVatjvNL7Ymyvj6wGqMNN3nz0lv9Flu9ms6mVXh0bZBjH0BJJ0hkdXybIpy7rVgy7B8xt/zkv2X9hCzidO0eLrgSrd+a/A2YaWVxLz5or0kTbZ0y7ZGT9zTvBEV5LWci4sirDfFd9Xi4x4dKGVj50VFJoKrbtlGLFLD2JjsGz0ncCMmoEo6Gu+2dLKoWFWUQP5OBReJ8sHFfatKNtE5P9Wu8oX0Zizbk+O49a32U10JpYXd7xE5DIPfhvURj7jgEMetunF0Z1VtYOUlIPMLYTfmDtWDPRckr6eFBqSlI/8Kwhaw2VFG8S0Euy7aQSL1pLR8Rx/vtA13Qax6ZmKjGTmZxNf4IbABNJCn7/C6pG+tG50NyUjWIKxkwiTxT9Th8VgdOwA71yhoKLaK4xPretA/6F8kqrFk/Za9jPKDaU92/EFQqPuqJ4uo8C8jzY4K29juPcFebmHg+xPR69QHkfhdKmjCY9lZiobbxbeNMdzumqw5TYJV5CqbrkioAu7Znxk6V+Fy+ynGgROOWWl1EngQgl6weHAkAo+Kpsg3gXlZdZkAuZiuF5O4sUzYDvB+rmhSVKRFr711NHglipahmWe8HzeB92AXzn5LUf2oJe+HBtn7UmoPy01bg5x38726KBJt/X0EPMCXXX+3eYAf4Cg72H2YFh9J5FLVBeT+pFfwHEiLPgaEqTTYAbwcQ5vgaPYq6E7zyGf2zQQRcYaX25kQKJUrp4H6Yp70gXNY6AKojtRrYXHZBrNVFF6sBN+0H0MIYZEHjW6g7CJdldrdTCXkeXkP/UZYSzqfTNnPZowuxY4VWkKecEVFD+Pjg/tsJysH2lpB7YNJAbh/5KD7EFtIvYH7OqTItMrUbkzELhm7/NBa39jziOjuZvWGCSpKlfOyYbwk+BMZ7iR987pRtJ4DVHLYBDNgKoCa8hHyDFXtD7Qv/Wo1H4oapvIrDHA9x59b4PaZHH+5MvYR55WUsHHP8H0Hu4/mik60EhSpifyQTAor6Sm/zt/tQr40uXuT0Tci0PNQjKtJRa5vo+Ocjd2lkef4I0kn41fjsNFzbgP2q5viiiK0tzFb/EcWpnD+lddc9DeNC0zjWiB4dGBZEjAxZJDU7LUmc4LNEEUTCmyxrX7u+j3xUDqPBRXgEYw+Gg/uhmrvNL9Dnz+PeBbveMj1PKp7C31EXv4eL6BRwCFoxUwKp7Ux4HSJnFHV5VIllvHABKSCS59nYm/J8I4qW6WWBXex3wI+WXm2IUHi+BoJnfG1PIfLSa72hShaAwYNRz1mYyoQ9FYGQ+C66KkWGTKkjhha+6RfTIpwlAg7d0KZQbuuU7Qupo96OHFQ6jct6XMwVkfrjUyIh02EXtxyogDTAfrGkhuB4j4IfjRZ8b2m5XnxLJFV9tsW5QakVCcYHb4KvdkjlkDoF/3lnXRko8EouioS13MGfEnacLRnq4zyAwYyQN2mOdrXxpK3ED5sUUIqumAlovNoT4Lq9py+F7pd1iaOHpS1dPc0MZUR13cJpKQrFlxX56yZofqkF5yfAuBxis8tdgYqtxfvNprmZSdt14/OcoxeONM0VlzbfJ7YY7e3JNBFcnXBfmWrTDaryWJC/twL+h/YhoF5xUmhapotSTm/HfMCBAVMTTnUvnJtbamd4YNCaBCv/8y/tV4Ew8xLFbuv5PsnzlgziomsrDALwZEWVWfALABFTCmMcIqU3LypP5F7INKj5GF3Pljh7H/uJQ2m7poT4r6FfVAc/cYIEmfFVlObvu8d+eyRROIT97otNhczVNwECJVa93iHgoSm0iEvCu3F6ZqYrgiQk37shNxXVMGBdUygMwtkhpVtALHfZngWAeUb6hwxwGFW2ri2tnFzZHgSjAU1nEHkcBGmKR3o+6cvRG09weIMOzAOxFXUE4LlV3EDfEJWIKwr90I8VLr8eVzN4Y0M2M4QQs3H7vtzC2MgwjrX9Oi/VKu9KfHDHnnkhd3ESH3p0tcNSm69OdNWOhgzZtQ/px++sXmjuVGXyyDl2Ac1Y1mJVyIZDBJjRAT61876z4g09aIFV6+oFmnsgoypuyfs57UTB7HF+L20PBGJ6znS73gWelIqmk6B4TS9hqhE8iTEz52nLsDHa9W46StFfyFQvc2SSB1TpeUgOVJ+1ysnqcLrjOzI+n0awQumcoUW623/ke9ktvtNAPR
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:19Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5474419f-9d50-4d7e-86af-dce3950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:19.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:19.000Z",
|
||
|
|
"pattern": "[file:name = 'a0d82c3730bc41e267711480c8009883d1412b68977ab175421eabc34e4ef355' AND file:hashes.SHA256 = 'a0d82c3730bc41e267711480c8009883d1412b68977ab175421eabc34e4ef355']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:19Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5474419f-e034-40ba-9208-dce3950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:19.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:19.000Z",
|
||
|
|
"pattern": "[file:name = 'a0d82c3730bc41e267711480c8009883d1412b68977ab175421eabc34e4ef355' AND file:hashes.SHA1 = 'b1b874f0d4457033babb4f28f55c8a6e0590e9df']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:19Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441aa-635c-4f2e-ae54-4403950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:30.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:30.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAK9FeUWbVRrUSh0AAAA0AABAABwAYTBlM2M1MmEyYzk5YzM5YjcwMTU1YTkxMTVhNmM3NGVhNzlmOGE2ODExMTE5MGZhYTQ1YThmZDFlNTBmODg4MFVUCQADqkF0VKpBdFR1eAsAAQQhAAAABCEAAADyl9N5tKM3hGh5hiuLUNQnsKy7wruZg6aY4aolZ29WSNfzHSTjPnCp5FcwSFLKwL4+wYON9zMWq+us1i1631kch18vxj9rOP4IL1U1gIXL6Qp2SziUX0ouB3wbbrJ1a/kTZn/9dNoVFQaNlBAT/YkGz6gSZ9ncnHmU6+vlMhjbG3xngSHUZT3LS7tE7THXLpQ6xRzo2MCo51CAQKZm0wP+QTr+28hMgTHNkrbXuE4kvlWI41vK3Zk59xUwYi4w7scmGIt+1l8KjV7AB1U59e/cKH/uVu0HJXcliiIbOWp2/JZunEwQfsQfIvxNqUwW1r6Jv20qetl+Gexri/N4H+JS/Jk2blBZBkOSqWddbwAiWEhjPQ2tQiD3TgeLiMcXX7AaD+Hhd+HBdvC9PRqAM0cfaktRLUFQnLNUykiULq9owwFxi49kNa178oQBV2BlRYaKXUypjgEqWUr4dv2CQOwMoJTjr2Yt81DsS87Lqd5jh/pIWjQinqm0uTXwCEqyuLUfNrJM2eZkSCfa2Rz65+/KUDGWU8FR0d260iDLQwYRBMEHlL9N4PLgwTtu8zPiWaebZA/a/JybwzGbRAkQPtDJA/QnEVXx3OomqTRQwqy/6Ns6l/dK66qvyZX03ltGGYdz66xPhLRxPRiEQ9rZVw4qWE2321LUNAdMenIi2dBlynhGYfTzrb4gntOHdfYtYsAeLVytjxdWbBzHPWRIl1rDShjKewc/OWtsDWmWog8QX4fClcs9bN6Xc/GFM/0DF3Zkwjebk7+/FVeNkD/GG1cTVLIzh1vio0q3mYEPG5M+D0R3LY9FYi4FUeDo+ZPuHzF3Erm8lq4E2vr/XbIEa12P9cptPSX6K34VI/rloIoW1B32ouUNxDEPT+rTWY829aFMMneuzv/6QT02YdimWOSHllM9Q78vhv++0jodIDXloYDZcUE84AC5EKHaiA2qVJevTmjgAchvqKgvSYfgBL1onNPnp5xAa1fj7pEZcz0x9BpQkyZ1Jke/gKT6tINj0fYyoWHSfC9LcIOzP4IjNnJc6xZIG+3Ux2YeqcSthQ5S5nRmud/Ccy3yC67JTsVilbZGIw3D8PR6A/PHu0U9+2yvwMXnDfhdlIJMKXeM7HuzXcU5WMFL9PezKDzbDoEEeB6rfYkvwDrNXk/nea+uk/CJ60IGQSTO7qPOzYlsweGxz3L4XISYBfwIAJqFp7DfhyCubs/5ozRa8GsROnJp9aEnBMntcOVkhfLWyCx85qCKKd8gaJ1zx1LAKw9qblZ2bKaoL1F2fRhCuyJw5LRQhCE2ghKsRmV0pqPkJHzEpkJmYYnUXjpMHPClnMqpboWl8xEJzwJCgAR78LmaMc0ygGIuMiCMmZForsGp3w3tdk/MbXPl5tYDIaJ7RVwEUoXDaJzI7LGqTPACwJM6VXeSpqNpdMXEE5Vrq3KVvqbU4YrsvEaUl4phQsSa/IyVjtgffgvdXyp3bfxbbKG8VjoQm1Ed8/OqmlQTTPVoM6slBE1GlBodGof8T+DULfcaiaJQz+Zm2+UzfM2hHI9fAHSbdOwV7eCy6WjzPAevLMhEOmXp5WyswSl9aerV90iRuwDzPox5V59xpqo8a0r/dOR+W8KeXSKSEELN26H5uw1pP4eWRTDilBo//x+JnsGMNKqfgUejmcB2Uef15qrJTnUA7Ir00I9ncv5WWlcxOeRoWBYruV4LV3xpOOTrSl5/C5qDba5sPdTuOXas6TqhlfbqTdSxWz6RLWAfflx5+n6+h1uMOVc6DayHpqL+sWoY+WXZ3OIGlxWBf/P+20tYIyIuXvWfpIdc+qICz6LP5w5uP7clNRIrDEmCae19hKVYN1Ujpz5pA9BqDv9v5fVPiAfW7oXx/jJOQrTw0tM7hGxf+ePq9ZU4EXKHHlkcbJqTDqwSLIPMCUUEG5RDY9vxwOnvY82aZ6JTeFwUd0Cx12/qlgAQCJQwRBjCSqS1sP4Cu38uePvj1Lum3Msk7NBc8qWAjZ5nfM/BXvPG3+noCjK5H6rECK9eZyTHac+Z0MnxTxcMXdVjhAYNW/vt1Dx3oC+2O7SiN13riKKHUBuPKNGSSv0LfJqly7KDgyyjbNiW2YoviAg+YpdsNa6IzC5YOikeIf6aHmDC+qBd6WPUQcXByHXFk/9sr5f1/jnMruuOzH54Xit0cL+AfB54fxBwnf+7t2JhJKWtPlDPUQiYIdA2jg2oS/NG76y3PsdJ3Vne21KRFN2mImNgVFSSxuuOc0J5bxMKwE/lSG84wEzj1yayNpIPpwyu6rD0rbFtvDDDNyRE0j662c9N+RdtRWS7rVPMoXZ8e/a5RmuUPtm/zol+wr64IAo+lQsreun2rP+lU0rwWB5RBz0KDenlOD3pstY4xsIwYjQQhDO4Onp0v+HlE1T40rF4VBSQ3JJ9yb7OVCpIWURHku8wkRlXpo3dOg2/2AyPGGJgYhPZQGLq3qMt0Qg9c/iuy0ShRiHriIh80lX9zHaG3vICUNTpJUIdV2OihQwlT+C5LBWGVik4ulEMpX/63SfJBEfGkTJMEt/l3G1PFIY2N7vhyuFiUBns8Nhsmm8104nRQK/GZVCXTvy71P3KMWC9PJjpsYn9srT4QggIWXJCX9I2d20yNtVE4F4wkqC5rN+AzikrunsOYjPNF0jf6qyfnAN8B9Oi8hqlcgWJ3V+2bVvKTKSTaOhpqsiuhMpBHdRfHm0S3f3IUHnEEc8BW1iQqHfFzVD97hVGhw1qIAdjgPklWKS5N+3eef2o04A6GJI4C6u16hm6liTOa2A+b2aHQqpjxDd0zzXFUqjv8/6+KWkQzZJTQx+UwMOLGPEcASSnHDQrWE5sz9yZJyeEs8I3n2zm7VKreqlMomUk1tbmu9e/sY4uTVlKZ/ldCkxbwZkPLPGbuO6hTe+rvO8M9nQrUfNSD082bmGjq6qMwKU7HgCQMxUSZxftwNkhyLwYpxbX8RQCrpuxq3b+BOmyaRTG79QWysiQXxom3bQ9+Npgk8ITg30A9nyv/sitjQQtsndrUsvHNsvAX+1uJwMPx+lZcTePyWbe4cTAqAaE/d9gWgnHbc6zBXPL75OvCiQ1pRh5zd2mhiOVilReLjLnvKgXgJc7CkjRzB7ky3dZEoAPB/WwHT0pMDwPPbjZEowKyop3eTvbZWDrxerlzmRZA2eEXuD1r6kUhnSGYQVheq6EEOnht/Zjr3UQUiZ3apXL3FsujX+JyZCbSnej7U1oSGF0Lwghj4gtQFeohF/yuhpDWXoxH9V8aGTMOkOf+9MN0EJrRw5iPY3DQsaL+8RCwyQF6SzYX3MXERSE2kL/ASIg0sVzlwumfLJWTk+ht3PR2ZdzPQ2K2BpPYtRzqjzNQ6XHektJRoFVVvw1AAoOEU3EV6G9cNkpUnkZ+E9bFxRHKBcX5OyKqyCHuLo32h5mxwKAOudDee6FsAv4U+YIrPdBuuloLYPFgdBnzAZdcb1ZaWj7vLXCR/9HvIVmx1/sOrLTIH0X4o+chNbJroQeI2E6N2X40qMAuPvSj2blVOcmqbzHDps6sqtwfXye7Yb02ZrLy77MxlkQFRq2EB6zBdZLSSlyw/5WqPNzVzwxqS+3b6cAX5aOIgMvAtkQmHHsOoJvfSOsAb9SSNrnPzvSO3szZC2MzGBpsQperyTCfuc0424P9S868/14fQnlFElUqQxqMZLAn7339efcCSnFGudWVPQ0SVvw6Lw9dc9foXMKpMpxWaFm4O+Ew0/YvGixs8uude6E9U1t2LKpj69JaDNL7PH0EGghn9D/KVVLVxyK5skjMSfUGTTYMcuhlwtoX9KsGZ4N/PcGkJgLdoCEaHFFZ6su1TiXmwRvPsoRTAHWGQ2dmMqG/14rxk
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:30Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441aa-4bd0-4a88-bcf7-4154950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:30.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:30.000Z",
|
||
|
|
"pattern": "[file:name = 'a0e3c52a2c99c39b70155a9115a6c74ea79f8a68111190faa45a8fd1e50f8880' AND file:hashes.SHA256 = 'a0e3c52a2c99c39b70155a9115a6c74ea79f8a68111190faa45a8fd1e50f8880']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:30Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441aa-eff8-4946-af0f-4a0c950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:30.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:30.000Z",
|
||
|
|
"pattern": "[file:name = 'a0e3c52a2c99c39b70155a9115a6c74ea79f8a68111190faa45a8fd1e50f8880' AND file:hashes.SHA1 = '89a366a728171e101bdf2693b44b280c543d9ee5']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:30Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441b8-2dac-4053-9670-9e39950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:44.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:44.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALZFeUVVOWiEmxwAAGAtAABAABwAYTdlM2FkOGVhN2VkZjFjYTEwYjBlNWIwZDk3NjY3NWMzMDE2ZTU5MzMyMTlmOTdlOTQ5MDBkZWEwZDQ3MGFiZVVUCQADuEF0VLhBdFR1eAsAAQQhAAAABCEAAABl2CnD+wdy6yWuSJIzM/nG8b3H5GN9haIJIyWaXfFOilRYJpBNb4Ri04zbZTKywTC3+7R0GsYhblY25Z+cNRQDVJdcMpGDV9U7DkYOFF9hnTKCno5ZBbcJN9j5aiiDewvmPSB08lOmMiDeYTLobw4EwTgZ36sbwDmccsivvYzfA+a0Ug6/oknWMMJziCgpdFWgvFUk2JYTBohxsWMMzaVCZew9xOExR1gHt8ds2Hgt7EDredR79oDba9Lf7t5b7EwHqOGCl72uFmWugM+g8Jjes8qGbepcyct8KbVQ1zsY1DqjuA6SOGz7iIgHav5huJ1UHkk40f1HhIUwVBcPm9uIVcvC3natNLJzraIHKM1jxUr+z1gA68nz48gATnMoQhotxu+yZMgpr9zHBH7qQkBcihfHUipBqUHFuCzh19Oy6lAvq8XtCudy4X2wXlgmwGY/IWGFqVtz1iU83K4SKb37hf0Jjlw1r20iGXXZmnRFMuhrHs9D0IE8KoWZBdxPifWrxi4K18pFioT14e0WS64nCFA/MrLo/ou0Kri8mcfVck/suuqP2+2NLAlyMotrn8xvn1JKDo4O4ATQhjfnPkz2dxeBqnhRtmh/wJblO5GEQiXvr/45G+Oc/gzHKto01TFz+VunEQ/54SU5QaIdqW9/SBF8xdGeN9Tdy+AFeIj9BeV5PfON6L5jqZ9Bnqta0q0hJtWoQKl08mmIdSYv5Rl6iNlH2fT72BWRBf022EPK2UxgOJhvQseDbPqDhe/nuz54mN7C4rpiIKoWF3XRChyPNZ8g++dwBMbtOF4+cc4rUy3E7hHTidhonShd3xFsvLo04PnmBa4nka67P3k44+/0roof5XMjK+e0BNeJjahScn78S454ZcOKLpyjiKfJDb7XRgSoXaa/bNiXuegKM1w4Z9jghW39HHNVl0Bu6jn0jNLGeN1UqaIQtmE6qal2mDDg6zBdvQHH+SbMQlJM3/bSic7qWqJPuXS09yDf4Zb8JapZTi7Pm8YHE230XO5H3jHIHhgepUboQ44hRgEzGQ5buOb2Ot/DAZlDDT8A8h4VJV0UmYYSJ5w6YfhBmoBYukCCH0RaayUEZ0A6tGKo2ssVFiZ8mZLAF7B5lTvjMcxYuSBldjBomdksSIizGIS1ekkzcJHiGG+kITyuK9fY3eANaSPDJOwZXFc8uOdaNlFhHJnJ4iqXk127vvVJ7c1X0/E+vKo0zUQlBd+u+M/+hLFnOKfUgo70rgrN3oS7oiIMec+zTzFGc+99KTYma8QxzHtyOKCy20O5sv3kMN8ghscGdzrArWgvr/HOrNNbOZZbA8r7Y9IsVJed2FOmQ69RboxEGssq0zyXVRTYnrZyzRLrGFcpui1AXeh6yBb5NNjn+wvxOLFdQRM9lXBfwIix2XJF+QHBFu+af6oKMSC+Wn3N/74jZsBnVlIsHnYp7FpaQzMxK1uwsHFQPDprKjwYHzPAOnr8RcjPTrr2KYxjQXZzSlrYvWHer7lzG2bT7yOBR7z01I0XpmJWMhesZVVGQao907y5UOPihZYgd5Re9c+37PKClhvv4Iy0zP7q8cAJPpdiRY5Gxe70FFhoAur5eOegcT9eB17kZAiLWKj4CNsg6SRB+RLNBvy6P/Dm1esQyabuLiRWViilMGTpncBHmHoro5OP2oT+i2psNd7dmb0iQnOD+GGrW3+6xv0E32ceilqSs4TM6vXie4g480JBb6e7+arrgFM+3z/G3txmak4ajhsur71RbjVF6jJF593opedsV+c9aLJPNuB8/49aBcyZ2NqUJxuRBXHXrIAT8hBYQaG8638HOVspAV1cCEFxHGsln5Sc8eu7eMAcoJAXE4t+5AfqN9s+Ths5yCpxM7HtrEM1O9cZ1jkoOaeuDqAKarvrr3zmG5AGtOKRHAwe9n6JzSk/8mT62XpwGnbzWA6DTRNFGXWUEWdgFWtUeam9JKo3eXdWU/GwlyoeantYA0qDQVBtHDHV0lPoVs/u2AfG4H51PWmGdFD1agTtXBlRezuIDeI3hKfNatFtwmj10/48UX5UneKumWrXBsqRKFTNP+oFkKnas+nfajYM+OaTXG2vgAKGdQI3BOHFmXspANVYLdhYb4dc65NCHuSIYyfmWEJMgQX5aYYh8EUQCE809FItVm4vTowVNMcpSZFgzpuZkNhgcn7vxyNqE4OtuLEQ5TxJJV2JsKVqNfZIWie24QKt2p0p3HcoI3Y/38B9fX7nMGAEMBukTIOUK8PBAasRTg4QIxNYUsuvF36AzRZVOFG6sO5e9bJzMTPqlxgwKBNgIdfwR4irMcKJ6SFY3FdxgsEOPdO5mmA3RXjCYLI4bY4nNIKQVCBgqVKXtTK/GvdAJsViEMNqHn1aJw1tA2ZmWGdP+gZDFQKsyJKmwvOdF5kVyr7LxZOpkIQ2K7J0EcOEonwioJEQdUG8pvEECM0Aek3M09WtZQf2FVeYFhKJ0Iagqf1bN8Jk4rEkgQegG3NuVSUM3W/+WkV7e/wzDOQrRZDykwjW27UJvp+rrSKhypF99/fQEpmiKHcTsmw2kSo8tDYGEl8dqTFwyeRm5KBmTah6CLMmbTvAa/ywsHh5GE1lvdVl9WJsJaOD3p2vwjeewpIIeVoyQcCYhkNarxfRVToNlFdxPu8dfFqavniKNnWgMnpGvsPPeqoubCt8EixRs8ozkpgnHViQA2Bk5JLTy0luYsF8KqVB6f3dmHUakyOLHQsOaE1GfRCrHmK4Orx0+A1+rAHUY+QpMId6j5ms6+Wsd+mzYi2cvDf8DEad5J+MCibTqiMf47lyE0yM8B0C+bOifP2Mh/lbtfMCHnNdYUo2fKOwmIGQk0fgpTjPfwMHbVvPcDhob/wNEbCLK/dzKs8fWYho/uFMxFKDeMUO+5J2ApS6V15OHwTKYAlGDrlf5txL9JFai0jEEgjIL1C3vNNWGh8ESXP3j4LW70JWbPj4Xk2XTYzQZpmcmY9Rw4pD5NoZ2Myf896xgF810OYf1mwNYlX5dFoMlRKIsQzgHccFBE3MZgxcDOFgvonoD+YhXBzUNVoSE4AGf2XHLEZQgKJ+l8LYZul+cjwQfm/aouR4Zu/UJ/BjKRWyUh31GcHbU9whOPHVTd0bNLGZQvDaARF4myOVNv6vVvSthcv4GnV1HAn+e8hTrW53Ex99gCzJ0HYju6XuBgaeLATREcBdZmAG0IteuetebCkfcdoHeGAe+eWD1ki6GMnn0XNTMnk7dFHu52wMxMSYU4/5UFUxJar8VG/zLlDzKmCgapusatUscCfZ4To1wWQ+TbZ/NaSrq2yM+zt+2V2TVq5HZ8NJatkAPRHEFETlE74AvOydBTRyTWVSf0KUK3jVAR1j9Lgg8cjayQL4ZpBKyar+B6Fj02KaOEtkU1WKWXcvn0abYd5V67tePR0HbFM6+iw4FzNLCdaOzQ6xMgeRh+/FwGGI+7+yPD3hJAxYJ2oX5VH03N64bQv9NpvfZEHyh1rLJ0aF1cWDdQnBfaUKfpJF8FyN4CqMTSFSzKdE5mghHNkesJlpOorBIT3v78QEWNXEtFy04b32ge67pDCLafWEuFm3f5ffiSC3pajKp32T3+iIeV6pkr6Cn/dk8Otr9c4puxypMLv9ZESdrx+bfKlXuHIHqojFIdkpaMHcjPXiVoob7kkH3dVAIuq3YFuseEsdX7h2ldbm0Fot5qK42LxhbJsaFaHxzDAjbeI4LZY+XeUd/SPgMJ/7B2T/AUzCoD3SFjf5UAj95bJXF6V7l+dsAgrPh268jen7qU/KQmDGB7zH531vvV6V03bgZOASoamJgCH8tQJnNL3NjIsOAvLRYGUe0UoojKIYNxDP+2yDn724oXrA/YYCj+nTDc
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441b8-b5c8-4a48-9b00-9e39950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:44.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:44.000Z",
|
||
|
|
"pattern": "[file:name = 'a7e3ad8ea7edf1ca10b0e5b0d976675c3016e5933219f97e94900dea0d470abe' AND file:hashes.SHA256 = 'a7e3ad8ea7edf1ca10b0e5b0d976675c3016e5933219f97e94900dea0d470abe']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441b8-b8b8-4659-a240-9e39950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:44.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:44.000Z",
|
||
|
|
"pattern": "[file:name = 'a7e3ad8ea7edf1ca10b0e5b0d976675c3016e5933219f97e94900dea0d470abe' AND file:hashes.SHA1 = 'b6adfcba6797b5377154a811f70a335767a511b0']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441c2-f7a4-4562-8fa0-4460950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:54.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:54.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALtFeUWpXbWeSB4AACAwAABAABwAYTY2MDNmMjdjNDI2NDhhODU3YjhhMWNiZjMwMWVkNGYwODc3YmU3NTYyN2Y2YmJlOTljMGJmZDlkYzRhZGIzNVVUCQADwkF0VMJBdFR1eAsAAQQhAAAABCEAAACd0GrNnZjSdn2aJVv7L9hXDNvOXdJGJaE+ZlxkNiioWPyr21KFUEDg5dJetBM7kUxCq/+UR2LALMKOnD39sXqs+198I3cfc/FJ62ELy3UPJxuXZLjc7ETcfEtgw4ShHd8Lkyf7zRVyKTUGPfobsiGC6uk/oY5htkGhsP/2IDB4WJW5QOaVh7r7Jg7HCNkyUEN+m0rKphaDFXY9RDB7h3HVbjAzTUWrNgF7+2PTObVLbZOZI6ngGkh+TPVuRevblp9hiCtij7OmQsXa9ugdQb8pm5iN1G3Yqb0euICcyWTCApcSmFDHVoVtkwLV7xOTC3JMLkHBVj0lNHC7Wrr6ctA0pyM9AnyvSg+KoBDUVtkn0Vqe6Vc6Bc4ELFd/mZxQEhvQbzKFLzaesQ6omqerFKzweYVYlqBUiLgglydbwybeY4BtsMBliRYzkms7m5P+5+8yRqB/VK9mCYjDS6JxfBgoq9BlLX7pWxRdUJfSb2I8bi1V1lWRk6KMHzltjAZ5dbGZzuUrDyDRvE62ODmNU4rM/wSH0K3icgnt3uI+jHAHPNYFTP3PBB7e/y3muS0RHvWGYHrvxPfdpLHHhmqpQZ5TbFFpo/bV+cssnoltglcpdHF8rsmTHmvLYYnT3hXTEMSPq3/gW6O3ZSzprh6mUdxowcm/oK1+Y0wGvwkdeW4JoU/3+2ILqMZBEtpVaqWSDbhoECAuOvhc8KDTIXYbp4AZTbhiWxGB4hF018O1PjvmoRECQfy4vudWHIM6RPOQWuKPY+ozICKl3iOykYQIUwrcdUzpbMeZ9Jf5O34I8mcq1k9GEd5g2QR9GZFTTtCAbSrdrFanlUIbWpW4Na6kOHhgh8w3CSV4RScEkYAF4f4hAi+pqdktEGgj1gEtIm5JR1nkYnkGxq/kmESddE5DpZpln5qN1ksuRu0fSenetouxFaWFhcD8oOtCcxgcrqscWOF3d+KENukrNRv4AuHwianWCxYhPXsLvT56rg4qfgmTm+/SPWgIkkHyi13D90z5ox8yioJ4Vhif5XUFJ971QuPoJBOa3DKNijucjfHFo9EdjU9eBUGAJXpMfcWJ9icPXKsezT4aEi0mmfVRmBWKKOEaejlh3M6c1G3sQ7HqRpRnfnSFarfAfRzAhW6TecP4pJ03EI+QDAr2uKHDuyx+3MzhFSyFwT0O6R/WwqleMc49KWSV5xoYLlNqKLZhctcjz88yQIp67Qu6xGJwQmFeFzQWpEeiUeedJfpBmpSqokG2AtxIR1ehRmjZGkFGzI2FtkuUGDdvQFJ0TL7Bpbn2aS7flLhDTiPUXRt6kXT64wpZMqO5xPonItzxXVLerdG6Iv66xlgg976oIqsJo9MEn/XrwUreokCJBTyYiKm6GBtYNyJq7jj8zF4VeF71KN39clrcyqzYZrxUgH0BbExb5rF5mmLu2gfwJsYej2h7PwaEp+HoUzh3BSHE9OKiVQ/6V6/0LQBYeaA9IQF9z3x+vdjgam3+f0WMmoy41CL17rjEP634x5vD5Izz6/g5g9PedIoFCE91135jPbt7L+0Mkj1ZPMODN01xvnb2nZkLY5UEN7CpxGjbUyPoZ2GTJOPLifWusVsMSXiC5o8EvSUi4+TFjBdCMVLfuPSXl6KvrdRzT4yFbCyITbI/KYqVyE+7+Wl/BW2KFgEYzgt0OPgeIz9iukHyFBiHOsKX4wZAKVT/TCpkfWHXgo7o8xq5g8RDxPrMRZz3v2qg0XuxKa5FDkTvZ4jsFAFHgKfF906pvDGbi/rhomTdW9rMfC7wf3vj9VcMlQHDxGhaBBTikCErKnbSuz9w7GegH/i1DsWmQUb0Qnb5GqkwRukPGxnvQy4ny6j/8ot+OVP85AOV2MJH/OSVteOEgTi6JbK2oJC438d9wY/N6P9NUjUhm7Hx3uZgk+TKSEzXEq7ByyZryPAMRwzoJ+h1g3TONn+Gi6Y4gJ61i7/TrKOaL9Wl4Wjq6K+eM2GHu6afhm2trvQBwIXfys8rLEflh4D6ftUuMAd2T+L2io6tZXulmTi86GNjJApw92owgGvMpQHbZxHT256GyTqFxN+swE8QrhmXJynchTKh1Nmv/ioP9CW1pKvQmgNU91TcnZOF86wHIXaCiMa124ZMT/kBkWSx9MAgcCjrNAVEZkvPhBDwyXeLTZ9WxHbs0aDr5ohOPAMAQRBgMnbiDK32DFoTwIt+QEmi6itB1KCslPaVQVqqenV+/O/zGilZsNL9GDB+qNg6G7MiITP+p8h/gB7c6uNJvo/gn4Hf789dbo08gvfJl5BQs1RRDzR7FPqPMeFQSfl8sxQJnKe1zsNwxsGB/R3RwQAJWu+MgLDldjU84vMn6j7lvV42bOk9UVNyUfGvwz4YRbltm1lxieSkYLDUM0ZiT++jaYfb4jGei2/FbbM3njnD28+0WVewhyJFzNq5Ax+BWT+8kDhJQYPfd7sdV7ICmNcpqoBgVAbPFjpkDJbwd+H8xZobvoAYHGlk1CflsSw4+3P2GEdKvLtx/KshTy2s8cHnQMIF/BnmRtopCo3OQ1Ri7/J7AAvdTSLeBohzRR/Aj5RiESiyvYQInDySTohcN6QYyOUmXv64c7EfplAVxta0bAZki6+GH84WIpu4LENGWa6PDb9hsENHWiFVq4CpmSwTUdZfmk3J8rS2ha/WeBhiBiIN4RynTW4DqSgquECxHAsJmuG0mfIEavvswPpuO/W2leme+1al3EPbwCNOFTUhlAfRxUbpRy+P2O7gySLKazCQ1bcsi17FT7wEu098BTDjMftvdGyJNjwp0oK+jDtwOv9/oi9vX6s/y1NHSRcDKMlz1dKP5efWD+A/CGHesF+JL077ZW6qMQXHu0MQpM1SMR5e5HC0xAPhOEOU/vpnkxVOdfBLvVFxDIKlJhrUbefHvvu0G0LQG8UxFvB+v+Eowb73D3l2ku38RFpu+5BTU0hy3rUBPt5zFI1flcYzbf1TXm/kpt3mBnvWpmsIIjvxWn9BIz8+ygBUwvzUUlZ893JPS+gZhq6P7dD3AuFmVm2n5ENCcUOPGx2WIIZsgCB7i8i8c+NKuHR9UhfaqjZGwVRBy/U2B7pcRhZ1Uu4RA3qE1HjnWhhrz/1gNDN2s6IAGoUJ64G6udUwjK5h3ro0/lgsgrDxPAj+Z1965ISajVRUjBSCOpsymmZKQx0/hyc+EY4iRadBjRVxIlhadte+SurHfTfCHRQAev+wxV93lkAhhqFG+zPnmqmnQIuXcMXfOOe02/IXuii4jdoVUriYekf4GcLB7S0geXV9qZfd7eVpbSCCMlsSGpK/S8zfWDEe9kGGACLH8cNlmUt9OEwsXd2dw2HonN5QwtCZoVsiH7bwRGCHBlVnUyMLdTqC6rfRS6v+fzufjVMK4KYdjqH1uk8wEIzQ9EnnMVHjdFKqGQvxM46xh9vlY7xNzNKVXjsAJOIzJgxfexM5MSOvgbfG85dC5LZwsY1V1XkjJ1dl1Qw741TJk+pdp1CCz8O6FgYZYo4Xxjk7yvVis3d4vvOh0RHxAzRQR1NkL5aPFBqtgEV3bYZPkXPGyxZmcicZexDkCXdqG8Lx080ZYuwenP/btAXcA0/cxhL4ANK1tTEK9A/p01KU27chlNYkABSGxq5b2Xk+rJyp5o7Yg9j6hoRpBWjbBj2Nn/duUSfGHHdl4WoVCHkXTL8YClTG/zJ5VujK+CZFsXGV9mNUjMGVZdbzZrryp0nR2kMxjyyuidW+TFCpgLD+K9pKDOr8+J1uxkqH8qvHey6FMQnvI4c3bG3mj8Me0bcBL7vbP109J9qjf66AEDaCp6u+FIUowuoVhi0nsDGCeIGa/Dxj9qZTqofI6Tao1K/YXjSd6zvjyM/MNYPLoA
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:54Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441c2-6ce4-4cb5-857d-4c95950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:54.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:54.000Z",
|
||
|
|
"pattern": "[file:name = 'a6603f27c42648a857b8a1cbf301ed4f0877be75627f6bbe99c0bfd9dc4adb35' AND file:hashes.SHA256 = 'a6603f27c42648a857b8a1cbf301ed4f0877be75627f6bbe99c0bfd9dc4adb35']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:54Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441c2-1168-4886-b5d1-42d4950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:45:54.000Z",
|
||
|
|
"modified": "2014-11-25T08:45:54.000Z",
|
||
|
|
"pattern": "[file:name = 'a6603f27c42648a857b8a1cbf301ed4f0877be75627f6bbe99c0bfd9dc4adb35' AND file:hashes.SHA1 = '3672fd5ae126e920217d1b90a25b691e467f3ff5']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:45:54Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441e1-8424-473d-a6e8-c9ab950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:46:25.000Z",
|
||
|
|
"modified": "2014-11-25T08:46:25.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAM1FeUXnCPMViB0AAAA2AABAABwAYTc0OTNmYWM5NjM0NWE5ODliMWEwMzc3MjQ0NDA3NTc1NGEyZWYxMWRhYTIyYTc2MDA0NjZhZGMxZjY5YTY2OVVUCQAD4UF0VOFBdFR1eAsAAQQhAAAABCEAAACCrIY99NRfBphcoYMFgZj/mG8Spheu6hV+yTWKxGt5IFNllDzvqjTFqb1qRqejCN7Nm5Bs6iwtvSlOdghkSdqIxsr13rumf/JPFpwGHjg7sLfkt9CVwOQLzxrk/UQtyGx4/ITLNd3dQZ/V6dXiFPAsFw2kRRDcF1mzpsYVaqjN3bEfbSJch1K7+tULwY+9qZpzEG5KiqXJrOPKttNtW1+REm/kUV2jf0gGEJLJO+pZWuYcqFLg0x4knAezl82qkFZj8Aq/y7iBaglah2LCs025/K0C0mr83OhOpK6sCPY7tB4A0E74la/zgs2vwHVhuwayrx32bCLysro+20VDD7TrP7ZHE9AbQTMNDXSAiaQoIKc/38HZU+en3vf51UbtOgu4dZUXLkSNNZpNwC1x+0L62IvwSVuxkpkmYmDR6i9mLr0gACFF/ebNZ+LKCgQX5CRbFj2v2ZfS08IkSEXoH+vl5zO9eqCLmzV1mr0TqBls7DJmkZxf5aJJ2oByECeUNydblYFbO/FyuY7/BqN5lF9z47fxGayQQbb2m5g+l3YPbSfT9B9MRUipaxVGhUkfyX/dnKTldpeMJV01E5NOtb7evrm8B4REHY3Ttcj+2UHmXkzR7cgw5BRUFucsMj1bLwMEFq8OUxy+Lx14igihXPseNM3PvUlaF55yhSn/tySbN//Ikwge0uBBHoo5yiCJYlZnBx/20m82cvRD7Asw8npsxrGPzI6ZuAsx7E/Ts0oga3seono9MNPGRPnTGKZ2WcZ6d11sFPdOb6Lu2hMsdspMrgFjKgxDcdzgvvUyD5stUvX0GID1ZY4Qr0soraj31RukKX/qqrUQERv7OxzsyS1Ge6tyXscoVGFCoRIZ9fHi/fgGHFzPMnN37GU4MVBnLLg7QXicopwxb1ZnGGxWo1QNqOQ68/F3ce+Om6Qg7XFJJj4kvj1ObMBmbuIWZisQcE5OILATTHSBBr0cX73qwzYMTWokdQW1omZLFXqRuWAmtNtbgnxcrgTMDuTeFVLO95MbsKc0VjStrcoWj7pbNmJpe+FxRCwoeeo+0xNalYkOaIw4ra/v4vkEWoNWOvlMQgQG0/nZfGhehqS//uxLcXOjJbVymOxsZrpeDGjdtMKxPbVDI9d+DOytilnq6sCQZpeaC95Ou4LpzyaNtliBeH6F6Xfkx8RPViYlz52BGjqn82wXk3+wjSN7CWvCji1Ri3BMDvrQn9SHv5V6+u5iAQqivKPS2EeBIGs/Ppez6r4XluKv+uHZNMvQLWgGT0Ry+mGHY/xIzTBEQ/j6CEEAoid8C7ErMimh+p76DPE5nhg2qaDLOWS+U0TUI7Z5NLJOlWnGno7zV7Q0q5goAPsktpoirkGO+ctZZYBIqe3HtaOO1S1R74Q97Cc9StvC1637l9Y/uUOxalxurtMPPgL8yLeTm6MLt0l8s6Fcb1Jz/mk6GE8hpwsN2A+kifRi26WjrbIwr/jLwK0wQDdXqfskgv1F/Tc+eoROAD4ce2sDdyRvd7at8dJXFW1jKBI1mOb2kUwNPwTY4w532lJ8+bMik7gBCmM3zETN0g13hu8Vq1E91DE+mSWhglaAcbBJDUyYtqtMs83THwoGd7igWjOYcbGWw18hZjwynIZpwxdSeHTPtEJSWRokoQVM/j+Q9a6Nv/69+jNEVbS6+EauM6Z/U0OVsEocCmpLIr+8lsRwt8mmu939bVGT7YsEOzPNb0vqzq+hI3zuNKnAIijdyENwAAHScMlhLy3H44juASJqEBFavUG8WbstHhAS9CCw7pdIcrlOYZ+YTEjn/lJ3CY9hOxXgUTTqNndrvQ4LDitAyidULfuyUQFihuye8K9ZxECwjIU40CmZTg7uNCixZjX8zWYathza7tWS8Pw2A52mrA7idNKfUAukw3KHOWXSobblqm/qDtmykOPdgyX/XUngaKhBNzunnh6cI+WBrNEyivUVeHpya+Ola4gwsY25Y+V1O+JWOYObpUUb0Xe0qb7IFXQmyj4x3IRihyebdtxeufgV5D9oApypCNu7UAQ8hBmUdEJxXcby5JlZQFOfZe54AkjwrajU2jdjngqk/AfaD+LEJ/oIhyGVnkGTBTQu82l45t5VsrKksbiJbdroIJAIXchUPdI33ZTPEpk954+ibi3YvwJBkrxrLC+UxN5FIpP6vupOGYzzaj7g3i5ylVAFeBBtCz409Z/wIXhjzAUwUO/JZX5V77mHc7FJ9Z0Q4EeYM7K7Le9QIh3I8D8IGIM4TansEF7gPbUCsFntThM8m+vwbulNHF9Ku+VuVSKXOO4KDR3vgf2w1g8qjwJ2IhPTjLG6QJichR5Y8EBE0KyiMhr7TBRecstYzwU+5mYLoBEF/8nzy7vc/k7Bd+joWMKLb78tZs9aQeW5l0OK+WwAwseyRTJM26CovPXZtIAnMc8tmI8AjDK2X8IecOl6PP9epkw4NNCtSGXEgizpAeVH6rvri0g+NwYMhAeI3knwgIeeYwKTGMsr4H9Y3qBjdFh4fqRAfLRkFo/xTXiE2QCHgcu/zJqGJ44GE5jegYOyDwCfekBEK4A6dMMvGDU2bvjmQCnixMbaIfUXf+aqiM/hfMFLpS+Dd+0opu49mBKXNCbU3U2i7QgsSdrisJazoSC+r1fbPOP/7ojCgCoky6mpRbBHH0u0r2y845s+LoT4v9BuvQYL3pnrZCFMtX1VuQmpZXlFXICWMJ+RJJkKugnObf6E2qzWAW+uD58i27kXEGNYYLvdRwloEjXTxmZ+4D6DDQXQaqDc/pkdZAJGuMftGEuN7U3/qw3+78uVYMuG+oyWTuMJWIdYW0+0F2czz2D76lLg4RbmDqt49b6PY8sH484MHx+cRMjhuYaupNTiAiuf2B5yasH28oCalXoFFK6Huze+N7RSn0SravvAUAocGk5uoZNUod8Na5ZKPjbqjCkPemVqx9sCnLDPfBuaQAEV9fTFGxTu194BZa60cc1YnzsIyTAPwl0P1c31rPDBhf2llKg3CqH7zo3IqX7zot2YtKgmGOwzRhBFeMm889CXoQBEkvgCbXx/vjScZPz8HVPht/OQEt6vq91GMkPdymMTvU7+Cr5Ik2BeeRRFsqyAYHzqGvB3+OqI/wF5ancHnW9LY5Mi/5g4/tGgKz8aPXzP0Y1cLTjBK/dZbPa3Fyf+NaKVVQCCxCdW3VsPjBiZt+z+EZkkUMLjp4HJMq9SRdRd6pEpIk8sVOkf/WCHjifur7017ryr1T/vhuJkqgZcQaCVpyuq1/hKLqPWpA7mG+k95i+QM1Y54F51E2XRyZf+M4pZOtxbsh9GyvpB3QxmeV/5ZCxmPQfhXq9Ue1ytSxhgrFPI9GuvJi3b7t9tCnGDagMhecUgMj4HNyJe6zwAfaBtD/L7UnGM/n8zSJtc0w2YGRd20hrVJ7KeX63LisuVpz/v5MYnAM6POVBz8DCp7wVGuh3D3BNxhGc8H/TN2Q7XJ5STbzR9gJ6yH9BAyzS3VQ1fd6jDel2axaE3iaC/dbJ25Z8zO0/XbQVkxgiIoHJF50SvqkcZbzBKfmxJko+V5zgGmoow8rYFz6AeMXvqQLAsCejZZ5a5nPJHnYAfFOLBzavQdjLxUcpBhZrLl3eCadVsYGW5zPYotr54/xuGUfc7d/q9PVIZOpL2K8rci2ILQKl8BFKrxqPD4MPQoKcrjyqYB4CdEMTO5CuQInTj9cKgQ9nxBB+rhr8APWb0jiOGid5dSJ1fnMTWzskI4mhPspuiIAXSDyZH5hy3AnfkX+ddB6kIbNRl9cBw+rxWqxkaX4J6SMREkutsuhLXL4ny/AYHRenvZ2ZrNi9v+MYyvVhh/NI880z+fndqleMUVh9SpXx1/jlE3GYfwwZPOI
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:46:25Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441e1-70b4-48a7-a278-c9ab950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:46:25.000Z",
|
||
|
|
"modified": "2014-11-25T08:46:25.000Z",
|
||
|
|
"pattern": "[file:name = 'a7493fac96345a989b1a03772444075754a2ef11daa22a7600466adc1f69a669' AND file:hashes.SHA256 = 'a7493fac96345a989b1a03772444075754a2ef11daa22a7600466adc1f69a669']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:46:25Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441e1-a1f8-44ec-ba48-c9ab950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:46:25.000Z",
|
||
|
|
"modified": "2014-11-25T08:46:25.000Z",
|
||
|
|
"pattern": "[file:name = 'a7493fac96345a989b1a03772444075754a2ef11daa22a7600466adc1f69a669' AND file:hashes.SHA1 = '3c8d90b7bdf097811a460a0835206d4bfd56c4a2']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:46:25Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441eb-ac4c-465f-988a-476e950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:46:35.000Z",
|
||
|
|
"modified": "2014-11-25T08:46:35.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANFFeUXIsfyidx8AAEAxAABAABwAYjEyYzdkNTc1MDcyODZiYmJlMzZkN2FjZjliMzRjMjJjOTY2MDZmZmQ5MDRlM2MyMzAwODM5OWE0YTUwYzA0N1VUCQAD6kF0VOtBdFR1eAsAAQQhAAAABCEAAABqn1HTCgkQyFNCXFMfLOYaLUCcSz2qXyRwTDjeqsqHLgOBZ3cDq8haM7y0gtKKhLMxmFEu593VHl0Fil/B7ukakSs7CvLJWqFc1Fm5U0giAn0LLq9PnbWilKunGWiDVzairDTI8gGBBx/Y7xIsPUj8pkwM4hZQjN1ohSk+bPoTlL93Jw/r3L4rjXDrNGxAGiSalZQtiDUStdP35P0I5d5Ra27xrM0vH+SabV3tmwSb9HcYG3WFdzGh3fOUj33kjbijw3n5p7uAqHDpHcSSFvDre88uz8cXymzkhXNNqBndz9EpEYNOZ2KOJuRHXXAWVYAmRNub6UGrlRp67mAx9a8LpVPGiU/IXXv3ikGUEryZBQhcdYp+QWRhXjPCzB0u+pa4VBfAc3XSuuYOvBbLzvZtjIZK56eVATF987pyzLov3Z1gHOiSkw2hdZOfJFP0rKmiroX4psB1Hqr+elZCsCjrnA1jgiWORgAUM03lNiASKzs69OYjSv+JDdbjX1wR45tBcgNIRExLxFJeA1qWYcV1AzJLj45IWJfSzZNPMJhPXCx/nuFUvNZIYYugrMxz/W8woawTnR/BP0jrbRR4SZ3eQHUI3xGWptmAKR68wLW6mr3KCdTQQM+m6COKNgQVpTlVk3m3aB1nYWYAMXZmy48RvsVPtxW+NbckRHWWhAmETSwPFqsjI4ZT8axWWulyHabpB4z+aUSV3WjmLu1TX0poLEnpu5/6BIVweriltQJJxv4l4zFPeLQa6pLH8mxYDEOSS/enl/3vfqZlUUtVnACpxNtrzOxPg29eDckV0X1v5Qf1co3goOefG0tW44Gpt4+8ntvZ6YH6tZPZw9kOvI4f/Hhdd6UoHqpzptF9Pyn0tCDo1GXm0Qf2Uql0cBgcn4ac91JsYjRQ26TzgL6G/O2o1TvNYXIj3rzTPqRMEHw9P2oHrqXqfxNnqAoB5yc7WyS4ZXJLaAll/VIVdZ+Crt1oDoBWsmV1aAG9aKOQwxy9QKMRRtsmqK1qZFh+VuL8owTXSH7Sw0PIYV4ZLZOXiRnkZ6fc/7W54i9BS4Cn2qwT8HhWVY9rvs8zcG6f5UuJGYASnUYcakbP8tgyhBVRXMAng1gnXLUxC7DCPQ2IVqvQxm84azwXg77npId4HvhSPyapTlxnGHvuhc/PnPtHTIp0uA2TrX67G4gtvwf0br39aJnNtqpUnOQqTVQYeFcYDOQf1dqK8PIgdHIjJD5mkMiEG/BqZLX/gx4syB56Yjrj6xxUtGGQ4H9GnfRVE7g5D/2Ot1Jv+ySRTscEuRwDEEusSkhFn94Y6EUHHevfSYEjhaXsnOQWZM2q/gRwA6JChFo4H+smm3/YvFlGdnLgBJY6Sv/PVFZ1XEWIXyk1ocniPN9EhiYVnXx+p0z++biq04vYziijpwZs7cdVPn8Z/aiLhsZ6f1cf5jqYPW41iRkVREzPT52tQgp+hGhfqNi4qat8Zb1kI5rGewPklG0c04947uUFMUR3otRDmjq87wyDaIzbBpXX8U2aA17qZZq4Yh5FLmUlJcKfI4RxEWzxCqsJgkcB3/Xj/F2trwsiGTLpk7yamQd8Zpg4YMeAqwhGostkVV3vzq/HP2MCPzDIV1p6tqHhY5JWDPJ+8vL1eA3KRKbtMyY3QRcCsXAMYya0zxLiihSbC/Y28IjUBo3qFMILiFstC+ugtFiBU5g6pe/tj71V0L4arjwG+ZhW0Di3JEET0X68cMbh2eHcqXwxLfMCyJ6re2t9J91+SEjZCEjr5PjxXPwCIZ4k/BAqUZJbWoEJ0tRBM7ZpdGN/POAzcjy2bibMGjDDPC6U+qQ8r3rY7OxqHSSeaFz1+W4HuwHNPdNz+JIP6oQtJ/7I4Yhg5w1UveUDG4SmOuOkNZtxANawU9y1ndwfs3BPm5V7+hGuJUPUknRkF++/gfoLX93kQkL2lDspIiyuYleckGmtVBrpjVl7uGYT35JKlOnrsQXSpX+hAuSvqF/+dPP460FWlZrrgielbtA0FqbeQ99Qqf4wNnzdR8tNL++JuiRGV8qe4uZDPLUdhrAQ0G5Mg6ksjVGZbT2o8WV3e9lbB8/zFiQ5GIkJXjMefifsajbdjSHTeYMRSpYAa+8F02NaKkdsaTIGNZwWYxLdANh+ntWcBx8eFpWSjemqCsamLwiTmqJW0SFNsavW0eLW9lS/bl6iOCu3NlX1MLEBi59DPcyrCgejGyQooe78+PsAh53G1FMKv5ybhpAId+wTXiqZiNdyiTZvHu/3Zs/CF5ZLg0EBJ8FfiXZuyQJA4oC7bLiOMCwj8PTmt4b8agNzCnFSSrIoTRvyBSy1U3lMsCbwySjo3mGcqRwQcx2SwlwTbcUpMVl6OsU9w622ll2QfGZnAol5gDQgvaitpmkSLfSedTLH9OGegADgOYU8aWxS1nh6aH8HK2DjzXFfuQrfSoFIErRLXD2lqu6cftTvsE0Nj+QPt6HSEGjdj7sW0BmkOgpqLaTRcjxiLK/5Vf796dwwkpG/qUMo1ArUw9wh/fPyaIUL8+vXm3hMRyKSUEqYn0D82jk98i/XTQdwm9f6a1q76grwBRGC0h/RcyjRqZsQrvL7XEhzsXZD4d9BaoLV1KmtJxDrUpj5vQS3WYc4kN2+kQzeMrTjHW+q8DSWAHoFIPHj7EDFJ8givHV/d+/vK/0Z+IFVA4dUbNt34lLYLk6g6Cg738CySYNOc3c5foubd9bgSPyniCdV1Eri686ikDhGAJKTnC50iZBIeMknITAaRB8vRF2QHYz8UuB2Sm2f9S0bYOBVkPih6OVgGA1ZLGNSKKoILE1lwKO03NrpEfyk0iMcEq9CzePYQ4WuBMIDQCNu1VP9jxjTmHKEjQHaXfXfqZtG0cGjrXik6DE1aousKACBZ0k0/NRErR237v9bsUMtyvWSxSEc9XqEAn5VLZVCN7ObUQlNzbl1zvUBtYH8Q4BdEnrK8w3zut7F8zs2ZOZOuUXivzo07d4rf4GSKJZwGsQyzPKV2ovtksTzWBXI/zI9VeiKwS5Xw2h70KF/Z3R7fFHKisX9GdL9D3p9E79YoC70aopxGcBeS8PKv+MtEzEbWFRnwR2Pcv2Vcp1J5S5tHyvh3NTyE3zn52RBnQzjQakj70Q6UWMvswOZBlBzqCPUR8HF/9PfoIDrqmQ6pG0sJ/wyKh8T4lSUCAzlDXCtgNE/AdLaJtWU2wbgS7c6MB+8q5g6tq4zgcAqdyVo0EG8THHBO61RPrp9cbtsKv+uT3ILadaMcnsRzIqCOin0grwp48f5iTnbcdHBtTrI09kEsqunjUQAxfREuazEVbYq3kyL92olr7bgvOVDLG0rTOORZK3bF0n2KnXVbTll8E/+nLda0Wn5Av8al+dB22EaYqk5KQGDRWrXsHMCQv09NsTGJ6joh9G4d/niHSPqaguSYNet5XflVHMF79pvugQmdyTpGEel2gQdLwC/s5JojiVh/Jo9d394Ax23ufyrlN1xBhBFNxguAUQh3fxbdDtPX+98w6TlYBtFM5A/BacPibaM6iPVDEIVM/NaHRqqMdaygjWywt4wCCipS5m0i8b2cSGGwUrMdpaz+DszdgJQza34IpZvo0I08NqEJpgbSxOD0X6H71nd03w37JWhI+foRgCHM3UPar4SHpleHP2jePQudrn7j3+pJ1OTMlVymThEZxRvsI38CSewjbxwKXYIBk5lEd+MpECnbtFn2kuDY6ZFRNYwpBbNPSejngletepehNKcXj7lWc373YI23zdQXDtR4NCWW6afUf6rXRYE5GqP544YPQnRzyWlUg314TVB1dnPq/LjvsK0/ImeAYZgxJKWHvE0ZsPC/eBIiFY3dqbwsPStR/MT4dAZwQZ8iM
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:46:35Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441eb-df30-46ff-af69-476e950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:46:35.000Z",
|
||
|
|
"modified": "2014-11-25T08:46:35.000Z",
|
||
|
|
"pattern": "[file:name = 'b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047' AND file:hashes.SHA256 = 'b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:46:35Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441eb-c7c8-400c-9724-476e950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:46:35.000Z",
|
||
|
|
"modified": "2014-11-25T08:46:35.000Z",
|
||
|
|
"pattern": "[file:name = 'b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047' AND file:hashes.SHA1 = '75a9af1e34dc0bb2f7fcde9d56b2503072ac35dd']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:46:35Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441f6-8ab0-4379-9def-4ff2950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:46:46.000Z",
|
||
|
|
"modified": "2014-11-25T08:46:46.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANdFeUUpi4ny1h8AAAA4AABAABwAYjc1NWVkODJjOTA4ZDkyMDQzZDRlYzM3MjM2MTFjNmM1YTdjMTYyZTc4YWM4MDY1ZWI3Nzk5MzQ0NzM2OGZjZVVUCQAD9kF0VPZBdFR1eAsAAQQhAAAABCEAAAAL6KqHEfRJcu69oDxYE4NhJTt6Gmz7LX79Um8jSjk0QZVsj4mgrj4bR8mTwKuo9a9KQZHXWz0vFFL5z7Gl7nwvvlAMlCbb07dpFsbebrzhqQ932IpIGLtq2TAoQ8lUzxG8QG2Zn4VBb06Do2e+EOAOSwSoXWDCgZ832mq2P0AZQGLhOreHw1nx6IrgILgptPFTI8pYR7oKfGStpnnNgC6Plm6McTAkB5YGOEriLb5LwAbOUz1Uhk0NmWaPkgBTNcp4n32trRG+cwK2aVYkw0/65D8busKGj7E6idjuVi4/gujDtBZjZyyTje5IbL2IBREY/pp24asCYppVmei/Gl1wCoBE00nxzf+cGZTTJRxt3fqjHyAslT5uCYSrvPzZJiF1fmrjoWSWvJT/OP6Ngt7i30ysIBRDY6dCjrxJPLwVDOcv3lrTV/BQmQQeKg77GVY4Ffi4SuRVE5cGyZdtSn22RYy7jEURvW5CFq9gPFGIVtAf9nmeveHq3xFWB4r2uiVi5JqhMfEoq9SCXRfwFzr6mmZiWbkhG5bUww2SJiASHcVNfckhO5kl5RVvAOjJm0h+QOVVNFFT0mbSl1GrO/xwTXs0YUkit5wW1TCya2W32oLa/g552Nas2/i4dQ2E/+AyV1YBgp1sJR/Y5mPRVs7L637Sq2Zz3zupOk9aJxXXX8jVYPend7MyqdALpueu9oFymIicZPmCNcKpeaksIrx4+CrRQKfkyCi7JounihzDYQLGgtNiY1b75M9yC6ydensG6+Om2X6uXlELRgRaEpvjSvVkbS1+bTTKznrrj9EIYz7Skd1S6BUZ84503bRsgKQzB5Qz5UtYgO3I9zyw0HnNw7qnaqGh0b1icr50PJ9K+UfM0ze/RDZKOo+AlPb+Gq4Q+EXruMd54mWKCEz2e0a7ycLAiUhEcB3v72FpRbKJ0Ft+HUXfOrqtOGLxjVI7Fy1Uzg/OoFzZ5kIhlM8U5uteMowZIA9pcqAObPB1Zy97NgDbyqV3FnQJw/L2F3gquwVEjU1Lyjiqy91tc9FvDXgLHjApvymoUR/IB+G68Z5faHn7a8fH7hmn9sNYlPRvdvz2YTSrxVK7OYdYk4aTdhhQq3ltgKfQ3ax5dexHH5z0JCO+cBhTsZgVawQ6iIPeIieTulmbDlGHWxfN5eWl9HI/n+q38lJ/43cGpVVat44AJ72kZ/+rwKWcnsqJ9xbzRytYryx9orSRRAncr6VZecVtwVqa6Qg+NgN56xUgx2zRmdhOCxm011XyC1eVg3wsaUpuPCIX4f2onOvW1HLphFQDSXdq7Nw+b3cXF3S++lxOAo/RlaR0HRN6eEP4QqZ9HOMLrQHJ1RfXIL5yc0BePQMj8HZM9Qyvx5W7gmDhD3LZ8ih4SXZhGr41REkcEkpJlUWjA8KpEppuh9/Yxqmmrmmok8di63mhAJJoFP829O1FwAfBOpPAnvqe1EcrY0I6Ee1cINrrtVm8rZtuADbOdSHJp2aSaMT8g9YWiCq3Okq6IWtuBB+AjMR6TwpaOChVQZnMkrogVA75Vq/HnrDkgRYIMg6ci3tKTUISKieLseczTSNkl0LtkUwyhhk1JLr/1oUenG47yi9m8vO6UuZcH6mR5NR6Z/WRosUeVirVwcm27tzh18y/SILAKktkpfiIKUgu2aQj0oIbmIJxWVeVbWt4xmXF+/opwdsGu4ZO9q5KeKctGSXz+mR+QpNDR/Eamw2e2PzP2ISYgi8Hm5yH+9n47CLbRG5Qa4p7X3m/QohYXbdPxMvQ6xh9VnkA0J7tK3jS1Z5ELRvnp73jid1Ctr95BhJ+KZluwULQFDIYweoz9IPkk9b2C0kSSWRPf0GM5w6nFFtL8wDi44z4Ekx8Jf+SNvOw5pyjZZRXcSnD3YDg5197xqenzan8mO/z21Dx2N6FxVgw0EdhRFNkzplxhMqW8WQ6bQHDrkHGLEeD/UoQelBGSGqSQrohAk1vzWRHh2rQJtfJMS8Qc5gggyHwpXf0vRQFC0oAVcHfBUfxIsiiBndm3CCFp2UplscmiqHzMiqF4e4EjdkgUxKnb5rXfwXoLUdrP+WgwuORHK7Kv83T9qrwUNMfX6p2joWnXEWaj8OKhls7wyrqs4G42N/a/vND8EFGnrAVOmC02lepCoydU4LHa0S3NAtZwSk+Bz4nITOc+KZFbetMtPmW/irKzgiVKDiInvZoD4d7qf8tLFEM4JHA3Qpy5siUh8FQDUD/0AcG/jPlgbdkXG5DYxzLZr9ntjxb4tm6PFMXyrWWXedomzbIEEkuSJ8dX0lx4Nfsabg0WK9zQiqFL57ti4wi+3HhO/t4UOxr2cvF/LWIhxmZQqAWCHY8pxdCoPLZX5NWNuLA1tD5XDnNKDAfi5TkO3D1/+oFblAnh2Wl71U/x6oSaToF3plHTVJu5y5WvKKi5hcisQ/ew2qVV5syUK2TJXBKXlPVMvp7ZgjYKGj3w873sp9fCFWRLsl5hSfgdYLO358hYmwSgS4/EGs3okW5zKBzP9J0gayF1H5eXEeEEEKWrS++37WpOtToI7OYTUQQzuwKkfVG1xfrUhS6zNwPR8F/obnJrSBYFE0cBUhMKdxXwLqkeOW39jQ2W0Hpn1CA90j54X8QYyt6cGIoPti0a0sspHPmaOXKrEr8gpzxH7WkwD/4JrmCaWOX4X576Y8H8gFqAI2hp5IMhGSLbTXUES82tuCWLEOqwropz6HaTLLAPH4WIyERucu5lIQSWppz8NecxR24Bzmgtv+7817zPQ8824ef98qtz53uB35BrJ7SBa1kPg8Py15dEBvulKyhU9DIkT8d+xFJuMbLObY6f6mn/jKe4QEsGzLt8EafNFRSey1wHizoVpbQvHkC84t2Bb9XPMrXyXgSrOajt3v939pnhLK1tEy/8R7LwFqlFYKCgyTqkCRrKeTjitbti4REdOsYtzTT6u0Z8XYfqGNajzD9ozKdeOSCNJsIK6lRnHco0qvC6Rye2l+tLj2GgtJaB5DGeqxkbclVHMe3wBgIq5AvXivYUffxQrP2+j6pxJ+h0SA524bkzQStX2e8zZyHfPdH0G/iRchAjeWPReR7W59WaH0UacGWBu1y3KykcoWRFsVy2bYNewnf/cRluQpoOrAbzye1s4IgC3bTRavfQq/w8JCX4txYHmPAg4tU17bOMaQRSY9VKE++O7Q8F24Ju1j3gbkeLzrT3yTWey2i5NDewNdlqNH+7ctLjNbpC1Ce/Zng9Ap8Gb3oa2XXyN5dNz0q4XSOgnUPAQOVEbL9gI+A4flflRxHftfMOaBVQj7IThPNbXpAIzmHqE3bIjFxTAsutybKnNMi9fgtlHY4aSi9bqRMgMaFlPE8SpRVMg7DsFK5mzVSeZFIO9qSynWEVR4GA3lsfFr5EeXozxOkaNrZBeNiuB1l83ibLBNbdZ/qz8kp7BBmR/pOtvyY/4sOiZIJIZqVroa+o+KiXycvNFfA0dEpButpMIAnltThKs8YUAXUElgQkSXStgC/ELMtFOCpSDVJiI6hlSRgCVkX1cZpE66tBfLfKvniNGPVKxAEQOCGrF3cLlRkvOcQtDpvYn5Zjzb4quQk7Hedn6ISMZVNYO7Qlgsq/kju7zc2lFhuWlS3Vez337AGpWX10ypRjg8ePFYAMcjrZvkHHjF+nKp18RrICbC91XgpRB+pGyK80kLw1Hbhxh2FUifcIPcw0GtArBBltcX+oMkQ45vAnqNkeNTuEI4S3z3NsvCiHtrXQYfEukYV2ONrFM+czYJlKEWGahhg4geuf5Kpq9oKOMW+i2uy7mVGKF4za6mb00JG+Ol/mfCGAIU39EvqZAwt2kWECwAOyuOkjjximFvT1tSoCOie4Qi17kdxn6
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:46:46Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441f6-8f94-4f20-b81a-4476950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:46:46.000Z",
|
||
|
|
"modified": "2014-11-25T08:46:46.000Z",
|
||
|
|
"pattern": "[file:name = 'b755ed82c908d92043d4ec3723611c6c5a7c162e78ac8065eb77993447368fce' AND file:hashes.SHA256 = 'b755ed82c908d92043d4ec3723611c6c5a7c162e78ac8065eb77993447368fce']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:46:46Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547441f6-d084-41ee-ad04-4f20950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:46:46.000Z",
|
||
|
|
"modified": "2014-11-25T08:46:46.000Z",
|
||
|
|
"pattern": "[file:name = 'b755ed82c908d92043d4ec3723611c6c5a7c162e78ac8065eb77993447368fce' AND file:hashes.SHA1 = 'b5e28342e2d6d587be1f92770e9517f44a0f279e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:46:46Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744205-51b8-4dae-993d-407e950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:47:01.000Z",
|
||
|
|
"modified": "2014-11-25T08:47:01.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOFFeUVzwjVDqxsAAAAyAABAABwAYzBjZjhlMDA4ZmJmYTBjYjJjNjFkOTY4MDU3YjRhMDc3ZDYyZjY0ZDczMjA3Njk5ODJkMjgxMDdkYjM3MDUxM1VUCQADBUJ0VAVCdFR1eAsAAQQhAAAABCEAAABdBwe286U+AyWIBys7MSgpURqnyfrV2UhU+EFdyck8kZrZewiReSSFKMMv7sDI346/PXfajNKU3nSZsvBWY17i5d28m+EahRUte2OzVCsJWcVK/eVbIp3IeGu3tQ5V0MX8RqkBT33DrCSuTclYXaiQC+2Ny8YKI31DKXRESCc/zPTTzKm2KFzcRiihJ0E5BKoJnDOzibVV5W8tuEs8RZrCCNj+cwAgD4jDIgjsxYW6EUnw0cNFBrlLC/XfDU3zO9VBuzRtTCOaWHdcuG2VmIds+U4e3HvyILwIyA0LydC2F5H3H0ytCojG56m44xbMc4t45QOsuKOSf087yxdVKKlzh1orR9ug/Uq9cFUrNGsdIh+v11HgdOHXPhi3Yfiw8cBQj2TT0h5hN5G6M+DUG8HNy9JWaRBCktmQEzc9kHvZsPwsWs0RM/fp/6on71FzI99C8EFiL4EAmKNIGxaiwXZIdXPmWmwosYWaBamb/1lSHKAbFNrraJraGzND42sRNzHi9SYMWbuU+1mjYodtOwWfi5SKX5mwwAcOvxND+D823LtyyjLcCOR9GmWBOYfCXYNhMq9XnlxsEdxe8oL58dh8UOFmrFerCDchJjI3Oio+IYnZRzJchNI1+q3JW7bOnfcAwr1WLVkWTzgQgFwMfEzNav9a+uB20l5uYUtaP6G0DD7ABj2mlPVSFjVdor8JSVknlSbJKX1YFHkmPM5/0F5Sdki/wjIu3EW8BCGypEzYaTiptyFRTSefWBzAEsA4QsQhgj4S9xkxoG8YwKYXVC2juWolBZsgbwiRfG40Lo8+MfrbyHvzsWHRx2G9gU1SBN242c+EqmUXxKPp+9H3gO2IlBKS9DqDLgaQYah2JnrENOFz4vduuQtEC6At2u2FmXG/nGfzLRY1LZCdK/DmtNWLI4chczPYx8ZRIB+/CJrAr7Sps/QZYy8ByhH4hqmyx+VtloG8Lz+biNNXvl6kXTWp2douPY4Ki/e/0HhGsAD7z/6EjC1LxriSo1YVK7bn0TZZJVpTOBrNp/j5Fn+grLQIKDx2kESJ3Epe9nqXi+92mNN8NfyV+VjQosY2tBGdMs24/ie9fhnI4f52Kcam8PD3nIYZdbBXxksdntl6qWDOI3/v4NMMfUMJgaNI7sw4X6sV0ASKGFKpn8eTHHAwc3NpsZJP2s5Ir/gdHQYpqbVl6SWskiX7yZtttjKeStnCdxst5p6T6Iv+9b6igI+X+jrS3PciwK3/ruqnQ9x5+GDq16YjVEKoyMPO4DqSkx+joSXMY86VukJGldyE6G9tIw9L0UGWcpouB3aKLluT2t6B8GlBFW7CHiyiDhDa2uOjtWaKHoph29mxJ/6K+zsBfdoSQrH7vFn9muVYUO5d0EAFujurIfAoM5nyEhHiYAuPGLkEuLAGmI3uN9F2bGe+NDd2Q4DhFIGI9l+z25S0Ikkft8oCPnFvr752c/60isdf+cdTDtWZlwGSq55OJbg5i+pG3aoYmZvE478b3qVk3/mxSWT5Hyox0ZAEF5G/BOx1A9qGEBDNZAca6lpWUrmdIIr15M49FrtFxruXatnwlVbigdP4G+kyL5yEJBHMWoUwsB6LMwNy8rKa9Bjt9ZjrCJKfY438v3n+K5H/i0u6kkVViq/vVe7UszYGlTebu2mgMDxWD03XnQOvgugVs5Kk2vo2R53+mzsZxxDDWGCI/oXj6TwGoXbi+Xkop9z3wK3Y7McJZj2QBx9RHdEwcg3OrsQMDZJUC+qwLEOgeqr5kNX6BTjkDLFvDMQlbRsJnBo4O0LAjWmjv25gJjeusU3YI1TkRZZa/yzdMChFaUHIO+VfemIhd0XGNhpv1akjdf6yYlNud6gRFE6tDswVeOypcyT1FFVDxictakS5DCtZP+U3ZQ5XTa1gg6O69rB5i1LOaGi2c9FqokdfS67S9FgiRwgTQJe6cLr1mlDuv7DIPCMQ+9xeTOcdlTCqg6TplGVmomcka8HqObTZHkr+Tq1mIU0UHJ8l2rWFiVylXDp65BUnafhc+AjjyFGStXrHEqRE+EUNlqt/j+l9iFe9jTTr5Rju4quB+hh7Hu+R79p+2yXHJRTUjv66gK9Iq/rcl6Xp/expehRONDamHcgELZLLY1gGwKLUaCG4NnF0lOfFE96aW+OYbG8cZ1JImvtmh6S9NuS54wtT6ZS5ROq1a8ESIyLXUoYD+B+StTba/VucaufjrvPZag5unw5/8lBQQB5OQV940v2Kkrmx51BloQGTJs9VfiuWaFberYIr/EHUGjGPdehgN2779z3hTIqAz4oLub3r1qj8Rp0HlfRnHmXoEUoqZXCf37Tj0iJ+bqDvdy1i7CpOHvLEvg4I30eYPIjSYXv/r+tiqWQir//SEh45KbSd3AbsYeT+afOKutALYSs7Mdfk7niZWs/sh6jI4wcmQRyHf6IaG9KMrW3P7fXb0HbcFOgNV88sp5lFnFCyg3oqlZJyXYEZFUGKKe1WTZkmAflsB3IbcXcETLwamOc3UwxZ4Pj+bKL1icuXHspVOczblwmXJP5VieT7pZIx8Dle5IB92BdXGo4k1sJVkeZ7AvL3mzq8SXEJAQ8WPi0KI+TMLCHkpHTZ3HsW5AJ7fI06JPqvYOyaVBbHCMFw2SFBPg7DfH9cS/IVVs+BDh0IKcrvDUv8Z8g4GjhQgPSoQ3BCoGtLeTgESd3POohgYr2D/bgQEez6E1w12sULZH8occEmrFQ3c+p2ISmdcwC3vzofVRC2cb2kbLECpn3fgZHGzz0AKKqf9FAeqwAod2RpDCd3pffBKSz6M292p0SwPuZL2PO0mSmGbdijKEXFYyCS5aPgnmaL4a3n7Iepav3dzK2v/NqVQ7B6FecltJYSdfr1YajwuBKMGdv6WkhRbPT7sF6oOdHnel9Kh+eAzWANXkpWRH7xhBah9MLcfU5EG9Dnk9yCpx5zDtQ8oozMBgtDnGg8I0HZSw/B/Y2xUkUzVx3ga/lgFBPQEX9XFJ8bVcUY1okECoeSwf9ICl4HZ0sSPS92R088/Ii3phYPWcjAXQzB7FrnVWcIN0iDRGih+fOXvDnZAUNBFHycc8laV+3sX2gQVVPacQaGQtWFtYuiG3vuJgJDT9VwB7h7ZXk8Hpu9Z2u9DXA5f0zkCTzvHkiseAFkcCG8vBdGOLhLVunsAjPHtX8zS6Nsfy4XyuWfpM9CnSvSYoFuXcFbK0Pa3eOlgt6S7K+ze+EsQ1g/QrQ28elyf3wXzXbumPxe5LBFXdnHohpSSRor8tJeTS/oXME+672h97lnGkTQF8pBn3iFztNUNOJ+Zt7yZuW9ZKx2VgW+1hBIFjWNkNrl2wiJX7ZY8ncX+zCR4AncA4m7ZvC1UEh/2oQPXcJ+mKG06RlCt2FxHnEvmHxvVu6reJR/cAjcECiUvfLDv1vXRSIpzjLKeMas2kZWGNfKL4prx2KCn8YC6i4MKgC7qG7OfaCmwSnvGUZYU7RqBckm9YpyyoBCGG9v5Y037lJzzwLSzkO8bmVTkk5ncq8Vtipiu5ksr0mtE51MHY6r4VyCy2ljFwQ/7cazc4QKbBulG5JVKgElP8SCGRO1i1Ychre3RSa4rFlHWst5MQMEh9TZW9PooQU+IDwyfiDeGtks8UW35bf2rfscri9l0qqpmyNXeC8wkY96psN2CVHG5WTAPFY7lYAOTm8OJF5wD/XDZ92dbwW01eH//lyoHptqcHikPtytTVA4eWhcTZ7LB7fVD5k/5Lh5zm/cUKUcaQSMYR4CdB5AxlCf7SXka8re4CPnN7fFiiZQ28jo7Vi+5+pvYT9vTpvTiPu73kx4pk+QK3ferjxBqP9L7IwleKq2VG+EarAGdVQNQ9CEN6uZsoReUYIRbl
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:47:01Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744205-a6d8-4089-a734-4bf4950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:47:01.000Z",
|
||
|
|
"modified": "2014-11-25T08:47:01.000Z",
|
||
|
|
"pattern": "[file:name = 'c0cf8e008fbfa0cb2c61d968057b4a077d62f64d7320769982d28107db370513' AND file:hashes.SHA256 = 'c0cf8e008fbfa0cb2c61d968057b4a077d62f64d7320769982d28107db370513']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:47:01Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744206-64a4-43aa-8242-4ef5950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:47:02.000Z",
|
||
|
|
"modified": "2014-11-25T08:47:02.000Z",
|
||
|
|
"pattern": "[file:name = 'c0cf8e008fbfa0cb2c61d968057b4a077d62f64d7320769982d28107db370513' AND file:hashes.SHA1 = 'f8645b71b2cb515278d3802924642124f5ba9b7d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:47:02Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744210-8b40-43a1-a974-dce3950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:47:12.000Z",
|
||
|
|
"modified": "2014-11-25T08:47:12.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOZFeUXpX+pkQR0AAAA0AABAABwAY2NhMTg1MDcyNWYyNzg1ODc4NDVjZDE5Y2JkZjNkY2ViNmY2NTc5MGQxMWRmOTUwZjE3YzVmZjZiZWIxODYwMVVUCQADEEJ0VBBCdFR1eAsAAQQhAAAABCEAAABp591cA+3DxqGUfV/3yChhtdpJR/m56WuG14qfTZrSXdjGv5J05tZYQ4C3vGw3ppa0F7ki+0ZkSc6t7Y7IfH94KrkBk6U3H/A7uHNKJWB9y2SIYturwmoa1GrJCGgjK9I3pid4GUjz4BlNaCqJJttog5MUPKST8m5AH7CJnptHeuROwytlXO1FVw9LwkKw1t7P2exs4AEVyXK7j3qFUyINOCSCnwFokxpZbK9AfSbOF8Rtpvt9xXiXK/7QYXkOiBNiw7ttNi74Di16Xr5LR0aScv7l58rslx98R3Pp1ZAmXmjNxEuESEF0nLfmTjeAj8RoQqLGw6m1MVfxoS5z7yonSToBSwQDpUKSYknRKHy9WijKOsoTVgcNWYSILhWz0CSkU3BUklfHPPLd8oxqKX+VpZ/KfpVlFC4mA4yGPBqPxNfs+zoH3Yd7BOrgblDe6xwAi+ZrY/AWmAXdCHuMUcq5FBbFSCRoi2zmif4uwi7WmU/MsE4FeLXmeSCQn1+Y6dVwjHbvj0DwiolAsgfIgyDdjmXAPnMsttM9mSGd18l9WWlsIUncHCJytRJGYU/Yue4ijGiAXlPYXJkEVJW85+2lV613HWfYrzk33jg8YKGVj7I1Ks+rGFpYpRJFiGMYDZXwVJN9bvq7sAJ822xhVNO8wNsTm2ax0BWGyxqWJnkBJIq95ULYuXuVCqMCxxZHHuuf5mk5N3ztPLWrpqIn1D5Wdhkip8ZCTkc7yOhnJTHIeNSXH2U7wx+OMdO4a2L2lJhpLhROoiwCwAECFzhlSoYAG4Ez1WuQDFw7XlgYs6METJHRbZGlJBfwCo2tdNi2DeOtDaX2eQmmKdMpuJQYmN5aen5SKwF9ND49ZZGqqsl80JLuzpX5UD0a8o8Yj6BtIEB3uloBCU2wtA8jZru/dvozU4dnWTpgVud8SDg0wauzbLdE3xLe0fGCrF98sTiKtS8J6G2v56rhXuyZqYkXuVx/qBd3kseNi2NY/0t2xLtU4I9JPcHVCU4YLpeYPkkli0EPaVSHTMaio9qZo+bsYbeNRRmT3qQjI/jLV9ovrhwSq4VvM9eBL9qjxrDB1PjCkL+Andyw3mbfdjV5CWhGlmfBNq1ZhNsLMEZyXL6/gJpSX4sbX/kOWbN0JZ/aHDBFm5/KgDom+p5wzrPSysevIwwtH+SX6QbYAqxa7GB30JF4h5cWsvZfLfqNTlEklS+B9wPJt5xfVH2RJo1hHkbFB9H/Ab/zeIGpWZ6l5UqUAKUN2f4aLO8azyMCXACPT+ig/l7G/6OlELeVmBD6vgLxQwSsHRnKffPwiMTuOqu+/E/c3zPoEVbSwCgtMgq2qlyEaQFDIZPAw3ocNSHAbx4FpysD9BxpBTYlW0wQedEvQa76om0fSdfYWQNGFv/86NxfUneioS0N074/8S8NmEmNaid0K7kHG+ba2pGjFrPocV3TcqjyD68RXMuMCFOrf627xiGKJur9BLEt9THJW5ICuNuqZ8asOTI61mt0hIqsR/jmH+pQGG0Rc53Ne4YHZg2Do156dAetfEJxrwkWJ/wYq5XnzvSosWTmn6NIttnb074zdtmjxVy/sqdGz5+XRaDf8Llekd4Rl6H1gArc4zw5vidmQf9OVATgNXDNVxnqV4UPbL1fPnZa6ZvELzmWMo5rt272uQsFoO4NFsgw0LEwX4YZUddmWHqGp9A6lF99tpDoIrRsNNybOE3R4VQQyd2VkcnqM2p0umvlOYY0DjUVQSCIWmCptMCkcJy/9as50rIF8Ty5OpovDIjyNexxF/t66NK4T7ZcukejNhI4YGYzmlcExLFOiXns0RcVhruebtq/JfhFebMoFjPDUX1IC0bjSNe/DcgBVBOPhjP4TUF8qdv273HXQQOMDNROfJVxK5cr46uK9yIgPcMo1TUkTJx8nQsHQv09qfp1xkf97BCYwZ3NqGE9JornlTQiCJkCat7NG90SH+LnxDnXrMJuz/jNFhlT882d7Pho9gxr+qvZ4gvfROCxgWQGvs0p2XosymU7yHj3Ub+OMJUkveA5v86qDPoUCJsNrn51PC22PugNNfutdCcXrEYa9BNkKxi+YQxSXWfFZjbZ5vGB7LiZ5muqVOHWXiMeI3gMgRgTLPeAqI+yP+McUDVyBK6TxLT5vzqEZ4+gOVsgFWdaBQu7K6RtbDOYaOPTXFAngkaOEKkrPdCfK+dpYSgGfWMiQh4VkEkfVzsP1XN5M6UJLCQa7mcH+8tr81wumJk3KTc8aLs6AZaaWXNoSSs1GXMduMwhWbU+d4H/pUO0wxDyw8sN707ORMcgPuYx9ATcWIWrTaW5oW9Qn8SzX4l/PleMKzOkmcqqj51DWaw/H9gCWzv7jTpOt/nglMr6rF1PX9bLd+RrzH4R6KaL6pdXkZQJ8aYyHXv/t4jDJkHPLKTHHH87VbUrMWVj6W1XaJugIyC9ETbEEY7re5W4ol4fL7q8/sRmjaDwBU4PPTWok22LYVJSriaGpycX/gNH4Ojw8HLgAOO3pY9o84v5G4JZc+pWPqglY2Sn1U8LEbA2vrP/QKyHr+/fL+STKU35S7CwyH0ORdSB6zUHbIzlf4Q/RWmj8qQMmlZGJyyyotuBVApA2ikguVdz4z5ptdZCNI9dyat8E//X7fmAU/lE5de9CK//fl8BhppPZJbDcKn3YOXHYuaHgGNxKy2nqxsGxrR1gPrO6HBPERieqTJxesTeE3U+r2kQ0qKZ69wwxsbE62miMMMHC+j++5+JMC0gJdzSLgjqDtTPhI8YiYsJrKqklyrIsBQpW3qJdUHSolwaT9v/MdmZSEUNquXsgrQEjrLzuCUsbZLCf4szVTRbfCGJEu3YKuaHrwh+qUmgdBuSNYMKZ2sLd6NE4pObcyO/fZ2xonfNlmEOftprfn+CSW9eJs3XiTXcbheus7ds0y4wZUXTpIK85YYFDEojPdQbDwcp7qFtuIrqFDnncWXl3G3aU+XoXUKYBtUX0zMK+zzacxmRooiNIcVDQs3qpgDyQiWBUKSuI0BRVD44WLnK54CC30FjemhdBSJ9MyYY14Jt2MTtNdS1NfkaJ9uJqmvySrU5kmfiWt+Hnc/LtH0i1IcvaeQ9NHFH4Nc6ayCXPP5Dv0dMNTLzUm6c9WbcD0br5Fq6gVRBzTy6Pp1efpJGFm0Ez1PRLMVjS9/nTEybmG+KkZtqEyVi/FDgtnzi5OTz+r9tAyU6jvxHY2hbxQKcOmE39uHHZ2F2xQpRnUkJMAJJ1dE0jYdFjqUP9XS5q9pUAfy62cUxdEJT3j0cv/iRHi57ilgE1YxsfHqfJtNTbbgxs5qgdoIHpY4GrwVf4IfPjQOf4TKdMgBzEedTRsZa2uHzWUp1m6hkAD8C4oBLmTqm4gh/z+oIEmqbcVfXQOWGqHZIQF1BY9gsNQpd179jCyJf1O2TKhv3Rr+wS1ptvkPJaHJJaM4yK/UUDLux4wqKZpMxspR+q+TG1kSBLsSRlp3jmkdUs2DrBsXrM+dRJvNdm6j1kQDB6a50xU++Hk/MuoXqXxAuRbjk3uHGrpkM8Dfs0dot5zDb7Ugz6tEm7bIixYk98U1NOVsrtUCDxMMwKJJM6yMDGyn1qFqhLNqf3fOhrlBOA5/hpGw6+lDgcKkDlmmmEM4yvSonlRmvQrrGK9us0q/HsZjQFemrg29tFlsOu3ZfuM8uUrriE832Z7E/Qr3OCNFRcshM8cWDowHfZSdg7pBd4Mc1SCrRIJC4TMYZ9OVl8q4jPqn9oYAPQ1oTo/7PPhimdzLtbNRmxUlMQhZGIyUuIbvekEVqZfj0oZoy13nmDTsxUEEOvzv/5uB2ofe1EQXD0oJW9GhNlxYUt/03kPLmIaliJPz0VK3l4nGtQop4Z2
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:47:12Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744210-a6f0-43ed-9102-dce3950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:47:12.000Z",
|
||
|
|
"modified": "2014-11-25T08:47:12.000Z",
|
||
|
|
"pattern": "[file:name = 'cca1850725f278587845cd19cbdf3dceb6f65790d11df950f17c5ff6beb18601' AND file:hashes.SHA256 = 'cca1850725f278587845cd19cbdf3dceb6f65790d11df950f17c5ff6beb18601']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:47:12Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744210-1ee0-4c40-9041-dce3950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:47:12.000Z",
|
||
|
|
"modified": "2014-11-25T08:47:12.000Z",
|
||
|
|
"pattern": "[file:name = 'cca1850725f278587845cd19cbdf3dceb6f65790d11df950f17c5ff6beb18601' AND file:hashes.SHA1 = '601e1e0539ca6f44f32e86f2ef801a0e9402b60e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:47:12Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547442b5-ce18-484f-90dc-4b1e950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:49:57.000Z",
|
||
|
|
"modified": "2014-11-25T08:49:57.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAD1GeUVqrkz4XSgAAABCAABAABwAZDQyMzAwZmVhNmVkZGNiMmY2NWZmZWM5ZTE3OWU0NmQ4N2Q5MWFmZmFkNTU1MTAyNzllY2JiMDI1MGQ3ZmRmZlVUCQADtUJ0VLVCdFR1eAsAAQQhAAAABCEAAADEe+3bFz9x53eY2pomha4qWdl0C2VMUXpwnoO2bF2fYWL1AqcLNfiIqz4jo6eURJdm1kKcodHAs+XBrwYVyod0G7ksZjEyra4ZRFfOZKuImQgWbHPCE6sHWCH20JU9yaLYX1I+Ylk2ahhyF8vdxJFdl8R5YkrNfk4LRnhQlpR5esYlhjBgMz8Cb8QbmKGnFibhup/k6VnljkWOdQ6SXNdqWpr25LBV9IvfddlqVhX+9k/9AZW04H8ZBhGOP9bG6sXNbfgBqHtdrjZvHMRsEE/F3aHEZ9DOL7rp7p7tVcWmp6nGnlEFBxWVRl3erPDLhvQb9bTT3JVkNiGO7vqJaJFzVVpoVUXzMKyto5PPPhdv7vuTyi0PFGq+n7piC2gMeyqhaknvJpSXB6FdNTxevtXSZE5cBVQ4s2Az1QJR0V8sIVpwNA8NCGNaBK2WYjTiXTGLxR0QZu5Dz6Ap/0O+DoxBS5ZcDhbmasEmtUhqoPb7xxD3jHWK6T1jB2A1o2FH/jx5yzcak1aYk+GnBiOnCRdEnn1XtFjd0MgHeZyz2gv41cCMmuYT9hU1G3WY1IB0+gXRoiqttnUXSWK+Q7rkmuOLtOoSWQOptp6XRJnwddOIkQLBwXUB1wH+KyqdfU6KNJg5i2Pj1Sg9I8NuAlVA757CotUe6s7WJR9c4He0tUyyLuW9fwWG5M/i28J4OA++QYSPSCay29qUKjFafS3eH34oC3b9UBOLwI3vKTrCNELnRhIwsEamxoYUxIlcxHoll0sRscRQCCa0GIuQVAz+lNhIhiGvSmt1ddyLU0zIcO15uk92vbZBccvkpmSrjU0EKZKkqzgqIr+CB7mgx8mUP0auj30XWCe1Q4+OqZMooBu2vQI8JWsOpwAvpTLD5jZWfBzFxaQPN9/H4dME07gZi+FmAfffyr76O+lOjWRm0/TV57okCfkoD/WBPBFNq5M22VnIJrl3sBub2gJw+SNpZj5vjdXV4225BKIhD3xgL2vE3tt0q5W98raGUnkcp4R3agvOfky2H7XZM6X9L4M7v4AKVS7FW2aiS/RFe3GijnWLzPPqbnf12ntYDDAf0dsbpK96DddCSWTZuZnw38gvm1VHMQnxS5h4AXnkx/3892AuvN3myIzR86kIGmBrJO+lmt9nVKWA0uS1me2PZGQdlVKdAjEhSOmpr/xPpfaai3qML7e7wQX3wE4DdYi0ryxV64/T3jiovFMbFQ7iz55R0nQciTlpuGu0WlWnjrSourboR78sYhfxhjPpAbBCJF1BdR0J8mHy2TD7UmurDkW+1vHS5QGa1MIVqqVeDOuGFp+oAUZZH8+YRq4cmtFiy5JrybBsddA3cAFebyzoDlyWDpCX++9v00D2uJGaz44kMtg688F4zeDyCVfnxTpB/g82Itt1ohbrFTgFRYx0ZvoOKy7QLOOxPWIgDOi3pN3jLei+2ywVrvaX5VwYIPfGJRGT5cyg9M+R8G+1AjK8hG3OGlpMu6Ep4a63o3Su4mfg+6q6BqGd7EsUMsXm5j8Qc6GFqhBGDiJeVTaqht5ml5okXOiygEPfE3zFpUb++DXUzwQP0iErhawwCM3G7qd74sIL7FoP2Mjlz4+mphY62kuWkC9aKmlbFpRw1T+5PpgVT+kJEuQqJ9CyedO487KJYUrDVPWdyeJ0IAxEy+yxPm78X2lH7ay061uPEp7ZVZBSzHinhyD7K9yRg4VIK0GryrCCVKCZi+ENlNBmTMEVFpBCE99vB3s3iCMzyYaV+GP9aR9WdDOEtohYTiK0a2LmvUYw746prGKVIpvTZutV+UR5L+e5QFIiwJYTTBE2jb+mnms28OgW0bbK0EM0vk18Ce/LXMzjWsR15MEwyc7OmoK5E6Ecpsvaqv7PjlTj3E7j2+ab5tVX8PxWKF4WCNqaMcH1tvkFepBnrFj7ziVdiqV11DB4sr5amYOnxX3w2hLNx46rN1S7804ydlS5BmTabj0FOlEo8wdyMMDc9IaOWE+RiTXIiqVAW/nsHddMpXdDfFOuQ7eE2WXZV3yJTLAxy0ttkwUn/Z0JC6kU4RD4bfzjqvsbCGMF+XDsx1JtyLxMFc3mNdwbsRczeV1kW/bs5uPBBOmUrEiFF0W9de2rVNJx5gpPybLwKyjwxnqAhaIHI6/EpTMbpUb0Yx2COj7JgT5Oy+Mco/LbdJmTJCVg8MXG/o6PMWkUuFnb4UWz6YcicPF15t5RnL8MnvTnWmskRaAHglUTwrqHHuVnhOE/eYmlkmGXXE6p96FCJ8KLVXipkw+8wM5mhhE4NCguPLXT4YAtpl9LJsvHwVnv57Km36sU664Ye21nU5EfvBZbZ6bz6veoGJFuxqIXIzXBoSnLdLTlMr1KNi/AttNiUJG530aeADOBZQmuFzDwmpDcOLvB5KGNHjCrqm+xMfXWuXsIwEmffbOhNu8vDE/MSwGpuYpZqVKR0ArZHA+UFTP8d9MI2+mEv3P9TSFxwwSzGGWehqBLib+fuV+hCPaJpk7m7up4IqN9z2PJdo6FNCpVOhfVQT4cQM7XnaA/pscmc/iFm6VcIWGjaYmZZmmfAYgtzMlL3w15xJ27ewBlWev04uY3C42D+shmntpFvQ/FbuLAcDwtj9h8sJWSSPenjaEkuJ17XjlVZXjh4t5LsEC61bShnv2gtd92ikV2PWFvPxRs/61KJxuYxcOGv1fAgNohLbsVD5bw2NwHk/F6xGEVzmNjgqvUU9YBr3kHxY63q+TUy7VeIKYbr2fYTkfWRqYYn8pLtIayrVj1tIopR+nPuQLctQPX6sMgH+PSJzB6wEZyM2kClyIhq4RrO86VXP3+tXA7CnPPPbc6j7Rsi5SYlnOi/wW2o3qRnSievDyFGwFegr1vUJ2OfL/wNQAxkJfpD+xwdbpimea0PkXwn/NSvCTPAzPbQEW6N60wsUAVkJIPGQzWfexHXB6S+aotaKzJ0W6SgcxEtLaVXattjtpTV23qEZ0miDRGWqWtL1zxyX4yze/WoEUaARNU34GUKyKQSE17oRuAdQYBLhx8LoyRo5GgDW5hNrJqCx+PKxO2Mdwzn6XWgvLx4Q5IBvgm/tNEQDpHOwbaw7oGdwFzlziZbAlR9c9MTN4aSmoZjtuYhesxJCqaD0fs+g+zDVSQaeZI9ZtBLGgxh0T+ABocPEM6+NKuBKpTCv0uan4/ClyrZ/3N3bbVtjH5VEPaCp7QmzioskEM7qFR97BNTeRL4G6smpDdPDQSB72PMQTlIOmp2J+SLiMDIXXXCfoMMZqIE6uqV39/558RruU0cNiK7BGAe02mWQ+G5+yzLQgdofwBA1IxXT1Ml+ZOQw1hNAx5XRearbRWQtDfh7OdJni1czhjDCHX7emuRBlYh20AIUELSPOf5a051d2nHwmFPagdoptJ8UBSKHvTyGtOnKN4vzhKu+HEbzki+2/Aw3/fu7Zs3CnG/JkEHIfFpRuXkAyNsxg0lEic7oL/cokk1EZmujKWX6mPcejP+Be81fsQwadglnzZGGPSTtSHEj6AlabP/Z8re785JZEN3KBKSBx8G9m9iEdu0fnTEbJHMAZ6iAa9iGhy9Ud2MTqfTnKHBauKYs7z4ua//N2sqtks+g0d0fZgjTxnuVXdhA2ceIWR64kPN+nHgEgX8GdjN159jm9Nw7io0i7pIIVbe3FxYN86gw++fbCBwK/4+kecsasBQUF3IdMTBB7yAj3Fvyf+x1lKUvueLonRUBQ6WYaYxlmBT7ZmXgX3p1dkg3Npdq192o+h1RrN1GXg1B8DxzsfqSKqGH9NkWDLigJtzOPTCwZ6ybh2aSgIa4D+AZtWheDlfAg5saHQ+Gg1jHeih0/SOq0EUItd3N/zrTXaqDqw5mxuY/bxRa
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:49:57Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547442b5-2db0-4c43-a620-4bea950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:49:57.000Z",
|
||
|
|
"modified": "2014-11-25T08:49:57.000Z",
|
||
|
|
"pattern": "[file:name = 'd42300fea6eddcb2f65ffec9e179e46d87d91affad55510279ecbb0250d7fdff' AND file:hashes.SHA256 = 'd42300fea6eddcb2f65ffec9e179e46d87d91affad55510279ecbb0250d7fdff']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:49:57Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547442b6-3b24-4ce6-962a-4ad2950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:49:58.000Z",
|
||
|
|
"modified": "2014-11-25T08:49:58.000Z",
|
||
|
|
"pattern": "[file:name = 'd42300fea6eddcb2f65ffec9e179e46d87d91affad55510279ecbb0250d7fdff' AND file:hashes.SHA1 = 'd905d4981164640f7e28c34f82e4954da6d9fac4']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:49:58Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547442c4-1f88-4f1f-9506-4080950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:50:12.000Z",
|
||
|
|
"modified": "2014-11-25T08:50:12.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEZGeUUgiSQIXh4AACAwAABAABwAZTFiYTAzYTEwYTQwYWFiOTA5YjJiYTU4ZGNkZmQzNzhiNGQyNjRmMWY0YTU1NGI2Njk3OTdiYmI4YzhhYzkwMlVUCQADxEJ0VMRCdFR1eAsAAQQhAAAABCEAAABl/+zmN92rxBiWirCWxN2EqfZMLh2YVH1IONsiPtdG4ELVT1GoFtgzhcM023wclUqeVbsMSyHXmztdKdoVhAmCxFWWEpVvRPiqLqoYQE3mxiytwLd+c2CvjyorUv6aRxP2i9ekdjjot/CSsq32+tEmtYDXRR0ZVqTBstOHXswaWLld9xyN7tVYiPBu2P4ZiTD+lixx2vJ80FFcg0rf3kpD3VqGzd3c0cvMHQ8aDByMq4OXKSOSpfVj0qsme3x1byoJpuLju2rKx7+vuOtL/f1IA8Jx0ytnJzEdp9j0bxxbJsvwbH3iW9lYilNtDpaLnFoN0dQlE5iVcp8aNsAfiO8nWGtFuBb3vSFaU0t7vi5WsVRVn0lrQSJ7mOmW9YVOaIECnoXT7uaQ6jHbPjKX+D4vliq5o2FyIQ02EXH0ZNgcVapmoLICy7yWvDdpKZB8bAjyIHCuvNszoaQgpH8zCHE2LpKJ7t2isCjhdIoISRzMlGC5fhmHgURs7kW301+F6MBzLm85jZfkah6DaqGUrMAnBDGfQqjhDGpd7qc/UC9IvN2s4d69JK3Z2QABo2L6Eg+BCgqZWgnTM8agkr98tGlvR7slNpfxs4VomOSbb8UJDfQbLjJz35FWJaee4hBaJ/n4j7WzrYiai6AMcofqu5ONgs/BL2jO/Y3/BusGjFn1E9pmqCc68U1p/aj8g5O8r/kQIF3uXpJ3tUWORnnlvgX+CPWyFuFTU9wRwjbVibnVH/5JXgEc8KkeqzymWxtDFWFSdSD6WXwdk3iLvfY51JnXZCixELtQseO1jOXgAXziO444NeacmqtQrRgKuBVPyIaVxqq14uJKu2rg31F8M5BJtT4/aYq4ho8USV+sBr7O3lkGROUavVJZDjeABGVGUV69TGtv2+KG7u/yQwEkLft4sHG9JIE5+Tl2PIy3grsows96c6u+3oDzQmTyDi21kfj171UZMD9CleibR4FzAjxyFWcxlUalyTUy4RNXWFH5mwZqwcviXfkcnOMt2XOkcYAGg2o33totSI5BcrlZqboMlorik86yFHkizE5AYiwhGMa6C8+ByO0+19GPAv0UDv8UcQzNR9as+naRddcnFzAP8gD/1wIAKBzvli4cIdqjyaUo0jqukNLCD59shhbI6gV03bYmdV3J3HNgKwPJ4uTZHOQzNWdcDtRVl0QFxjHvduwNW+cdWEV2HJ+bJfBeFXCz7sOa+pQ6Vuo7TtdSuivfAMpTOGuRMXGy6Owr3cWOindrJtFUF06eNeM1ual6InEp4ICn+od5WDmRkc1e1mb1+X0do3iPABCYRVbpBhMVje6WxGJlGsX3b4HUsyVsYvIrz6KXwcDIuJss9C0lD/J+4e1ADCFVTzfJjYK9ZzMMxBwKTHTgkMeyUIrgkIYsOC3qgzm38KDkqExh4HMSIed7aGzr6fTR5Bt96RespC8ObD80R2T3P/AHv/S96Rvk0t9TbFbGdaYN/a+3QtxZfRl5aZ4yn/HkzM3fN2shO48jJvWD9WfvcwxldeFUa+LyliwPzSywB+xAdgnH9tWkFi/B4SKc7k9jqwvt4zxSukfGzoY3WLTf9yEWrVuObTc07qjli7CburfvYhSfVkxQb9ivvPkocRnle+o4neI0DLQ4oWJiP/HZ0ZMlgcxvfolZCfLLSAJeRzqQ0AYiJuyumEbm2TcefIXALP3lZI87gMgh4lk6vfh8aqoRKDODdD+C+iTXi1iDrWKAaEfBEDJx3ySxolDpgwvbT7OFYPdLeTmQXOnOGLafErS+El3jdNDwmIDzlVTtjMviKERAsUptiiv/CL6/rouiIrmN3ylBhC4xQx4acj1k9uwlV7agBB1d+n13Q6rEh01jTQF6LVq1+LW3a4zlX0hDdMCEtK4GKpZ+qgzUO6IEyEvSTn7FG2eGBujoxG7cXwalfYJ80ywYNejW92TKUq2Kt3S+lgqrfKiijRxZjEqNUTPdrwEPWUjm3xAPmB5LDi9tVznxeuZjjAPKVNtbovCopqKhCeUvthocv+9QY+EqQ/skGGIrV2Q6s6qovvbeSSMoraxhZubOlLUtmT5MfV4g9Xsq0fYjbcn0iuAjLX9JsxPbhbd/sYOF3U/Y9ZmmerGTTRL3oUrcN2W//m4uI15BofbwL7681ji+lGsmE1Y3OxuB/d82MPsy19qU+Fj2PZDzLifWeD77aNy52TtkOfASeXRDJAF5PZK/PBUUc3TvLPBAbiCj/Kqvedi3VKG5slqoTojEx/O9NbES0Si1fkBiMgwXvvo7exCZ6drruhffqC6tUjmmd8msKcK1ZfRrxJHI/1HVAZqN/Q0+iNMREyNGV8V+lgPxbKS1ueY2HmxwlqLUXDFCqdOfVWmTQnVRqHACyAaQ3tUQBEr53vpbPY42euLKQ5woJnm4WPWYeShK+2bJ3OxPzZ3DFZWn2M3lVJGTLcBcte2zMqOWBXDx92vgRBMpua9P5B8xbgWdCK47FDiostpoqWQctUWjJlqa41hEZyTcb5M40PSINtdypoP56oGN5EIWJ2spbsHqOf5PhL1RFJMln80vBX3AZowMNDsP4wDjB7eRQKbgaSvuMzc2Jz3LveHZDohnQCTvYSmiTaDYqdQ2YGQNnuu5sw9oJwh09o4Vmv4yj75Jzc0zdA8F4NgC8970IrH0FEhYw6x5KuEqbGk/LgjmVJCPCwjWSFhyNr0oskvJaC38F+QEFXCEh0QAVxoI2HO7D36QzWrU8p/p5dDrwwLXXFx6+FPXMZW0iBCAG8oAXY5XPLCX8TxJEw1SoySVIijsBhQjviOdErgWDbkpDY5nSX9mNCgJCyD7dZ3iacLvrp2vP7bmVwftoCJ2rOtrFxYjzIjYC+zzMrY0QboiOq1XDJAwtOULPr4J4bqk20L5UgBOgVGg6rKApSmtHMm6mlRNvtHNdB0+rnayHPovTP3JdiGcaApBDLeO/lSuIiZUeqV+lnqvBs8KqgePqjtLaf/bWRuDoryVcCDCYD1xrwGmeiu+Ekf5OkV8VvO8vz1Qg6DwWpRqEsid1OKIcA66y+QS6X5/Re5dHFHo/I5V1atNP8uv1vC9EJMVp9PQ1059g2hvG+A3P3NuFC3kTOZ7zbfMb4BBjVE0e+/Jfz08cvLz1eoUdM7rQg10F7zCKSyDvs6aLqXgHeAFhAITON2Y4vHHWaItgexZmZpKQw7jnMEDiErcQdbeqeQl6DY2U8jwCzdcW/LKpumbYKgGjJxfTcoJHEvPbUqnCc4BLsrYNoC2GZMsZgD4y2U2ZbqMfBnaEWdBBTfiqa28q8/sT292WYwepCYyzPO/KRJQrG8kjqYB0oRnanhzWZrrZzQpei2qLV6vVOJ5xVJtJiJy8E6Dgqj/Chls5HTxc/GzHpvoiCLRXltINOR7ynbKWMRDthghBmlE88CPuMnZBgju65IuIXp+HoQ1nh42Bk34qZK2tjW79oHkzyD14/GUaUiCD4znjIGYRvkhd32og48AHucFAMZQBC/ExL8dLKcaAZesJb0NMMEU3DJF2RbspkxIJBbzVFPssVyy0gB64Z/RK21I+lHfvDGaLdU6AtpAE/fxACCfXoasINZ7fDSykzMOKnMPoul4ymksgqXdT8ERAN2L3X+uzqxpaIPuPV6KeEIxLIwvZ/vbOGslqlEgjAWeVLnVj0OBETDx1wVv+yJQUM1L2DDyBM1npGvKQQJxGjBXdiGqF6Lxhj1edT7J/jbbYKDYTK79w5Rjllm30bbAn/cnyWCPbfyK6syRxIHoMh1FHyxg2aRyDwYpZ6ZNYnfqGC/RxNG5HxBJAnUX++NybpbNSj8sLKg1hzZ1DQIuxRmFGTsNYkjxJFKk2vsjsy0IoUaz6F4SXT6km05lF22V7/
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:50:12Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547442c4-a290-44ee-a5df-4367950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:50:12.000Z",
|
||
|
|
"modified": "2014-11-25T08:50:12.000Z",
|
||
|
|
"pattern": "[file:name = 'e1ba03a10a40aab909b2ba58dcdfd378b4d264f1f4a554b669797bbb8c8ac902' AND file:hashes.SHA256 = 'e1ba03a10a40aab909b2ba58dcdfd378b4d264f1f4a554b669797bbb8c8ac902']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:50:12Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547442c4-4878-4bfc-894e-4c24950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:50:12.000Z",
|
||
|
|
"modified": "2014-11-25T08:50:12.000Z",
|
||
|
|
"pattern": "[file:name = 'e1ba03a10a40aab909b2ba58dcdfd378b4d264f1f4a554b669797bbb8c8ac902' AND file:hashes.SHA1 = '0a151553ef4c7d22ffb94a1fbc01f5b4f1900964']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:50:12Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547442cf-b518-472c-a992-476e950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:50:23.000Z",
|
||
|
|
"modified": "2014-11-25T08:50:23.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAExGeUWDZ20jTBcDAAAABgBAABwAZTQyMGQwY2Y3YTc5ODNmNzhmNWExNWU2Y2I0NjBlOTNjNzYwMzY4M2FlNmM0MWIyN2JmN2YyZmEzNGIyZDkzNVVUCQADz0J0VM9CdFR1eAsAAQQhAAAABCEAAAB1l0KMCJlJ1oB3RixLECd4P2V4swVTcrEZok6YAEdNhmOCrfh6x6JYawZqgg0+dgisDeeGCgrZqx0cDIlyAWmL7i2daYkev3t4EBHNUZc3IYxmYTCzXFeSHQQAzpfjhD1dMuSMfiVrDbw2ljrbHyC7QuwMWEKJJYsh1LQHAm8xa9pNYusPuJpVG0byZdvRF7k1r1m2nzyE/NFFcCnpvLj/W4ptZIEHfrd27UU1lk/aEwwWo6yEckzkIf86sqjjs2DvjGBls97h+XO36gyuNktQser7u5OrzmlzToeY90QaMZRVlNmNypXDG2/Nug8eM8eXlKsk/wd9pm76AG4YgKA/YYeKaEB1DNQ47YXCqxFf+i83ffqmYQwndfIKAkcdXIVsWaIx/R6UmgH3KExc5AlXIcApDw8PC6av79sPXh19dqtONqvPbreohIq4X+ngiJcq2GQjMUYmmUTVBtNhkLgQDGMo1UDrOCjjLN1n6czFAX3RSR8TR2raqzF17Hq5TDtT5vyQ/yzvn8b2OcWKX0wm0phoEgg1kvBlHjRRGmgV5ahugFJ9Hthm6yGZ+TzfkPwhAgOufrRgx5C+3XoaTgnG8UcAq856Zf0Do2gHWTfzIFXwiA1NL57kNrdSNFSSkcmgBntR0M2sHG/+7z6yHe8XedtTILstUcwS2HHI524QU14076nFie948DJUuEwB7lQU1MmuC7DxwpKwk5LxWPBawhJpIyEIsFIudacg2df0RAVw3ZVj2dwZzvDpFPvZ5GlXgS8/j0u3q1jUtJkp+e/7rxBSfdipPKsZ4sQMaoGehl7se4aqIOhJReNoeygX3e056M8YZIyMGq+Nkd3y7oeGPiAmWZ2V5Lg8Zv+Fvf8pwvZuskcxlf1zWYnMoh0ASdaVXP7o0hEk0TNvOgtvPu/AGg68ByjyLYAIeE/4ayhKvem68e3JSFQ9AZY2PnOozRE0J2PTGZG4WMagc1Xp7VLHuGcmamrQhnxTSfXZOtVNIcilj92t6Fk51TDGGhVXIxIG6lu6D6XDTGej8Z5W43AtX/kTqzYlVQluCqB2ioYxhfA6D0dxKwRAak8ih1uFQc+jN8mhAnZx7aUEXCnvjydz4mKHHgBoX9TEP1ZVSjx369r4c2uj4AwES41Gah8au3OmrASWPaOOA4ME9TQHLWgyPkBriH5spI/owvms9x9FJ2qK5snRInEuzOZAQdw7Wsn+cJ7RGQxtFwxk3bNxEJ837is8nFmIvBb0xJWVbEOwwxdXL4FRh4Z7LEVI1eyzKeMEg9Rvb3YTbgbROCOUAzojn1IWI9w7uZOgZmV7BHx27pOExcByYoC72+2iyhryjfi29yKDRfQl8cf3MPc31++407xum2DNlG9x6hUMQIKejFZWZgAoOfzxUberngPv0x1aGj1N3wtZy8GajU5HfBz2nQDa6k0eSQxdwvJk5Ff/GLACNSk+FEVcEsOao+61NApv+TWfOxnwd7wTV2Z+Bpiv8zfNWF96QjG7ESJqXt+34jy72ei42JFIp/76jCDKRwhjsrla+/DQZkgFz7s9rdOT0It7SvjV+qHH+zypbIHb2AwiZ7HpMpAuI6+5HOSG/BHuoXUvrEo2BBuaovdugVgyC7UdHJtkf6M8icoBT3TTvYJ1bOLoB3MgNBSJfQkmWm6apDWjd4T4PDs/Bi3v6m+tCVh3rSBmpw/L8yzqFNNRnhR3/hIo8q5EgoQ1LcnOlv0fvwxOiEa9sRmwHK4JjRFuL9S8UgaCgkl5kbmNkdNML9+A6/JbX3FQXCYoE7ko4Ka/7AtdfXTMlptfPUEkskT3FEV04JZ/RwarATM/AVTLD+vX9de6AjvM2LbdpxKTTLJAnOxe5LigdzjiuLL4zzF4qsz1qhlDnAZVriEqArgPLsDs5RQdYa+J72t1C+F4DGC1ctXHIQJqYcq8a3g5GD+KgxyskFqLHaGyZhxR9Ja/Z7lVT7fvJZzGwNsMBy4vwf+YH4Y4YCay6JIyIBvdpxQjMrd7GQ3rycHQb45BPr60Hvi1U4jhpxjlYyPsHV6c2xY/gF7PZTidHSmEk77QiiELuDt58MrEEbVoGQYmJ/uxVf/aCgf4pEkEIm6GjUrDmu8ZDcy3QVyyXNKJAQ1wdhsvx0HAvu/XBvd6lLlkksy0u0uoirsEHt/WMvY3G8PZXa0tXNLbcvih7G5OdS7/DZ0h+zsP9GeL33KJjJFubMgSZpZ/F38tv1E6rO+c7HGJTJfZXA7Aoyrn6Tfb72jjxY2CMzNBn40D5JO85tcH91JDMeU39a++YabkMFtnw0P1ZeJsPKPrnWS4mopayyk7eiQfCW2HwAup4a8noqd/Vu06EATZCb/qgyhXJARJsaoxMcg/7fou8vAi7cZ7MDk1XmAKGw938wH5Yw0lthQOdV3tLa5eOta9Up+21NzS71XElRU9CFcfE6vwsUHAlP2bmGdSQFRmZiS6t4Ff3XFzuKtYT7syV5FXgT5bU3ldr6KypJC7hrWbRkNGdtBRspvsI9VPFEuIwhRU71o97bbRq8N3dsXN+bOsP3NCxAUr72KOo91PK+UxBEMDqZLEKBRUprb7Ha2FZv7Vm9DfpfIfcp37ZLix8PPDrQLVOCC4W8PvrIHyhMBrYJDFrzrIZfDmBwmUleT9u8cdNY1rEBXa/CfV03//YRZbpVVTpnWK4hw5QxwDTtutnEUWtpVnlCsVdZ94lqoQs85MhMe/WgiUBmiP3OVyUIyJWswBqFXVnRqwe6QGtzDsncCSTsK7x0NEkJ36lNbSmrbex29/riaEiW5ykfMOYykXM2W5jZfwKs7kzghoeN2efwoKshqD7jaqANVe41cknZzkG3/KyKsFR11L4MNhe0SkleV9+3X+iXmMzcBTtf0vCM3PMZH19mrfxddTaYCFzche6NLk7sLrjGWzcP+0xPnWOw852O04KMcFsJPbfJxdcWo6Gvxw68g+9KKMCZJBV5NqRlvNIMFDH5y3qmOkF+O9sA/BqKp/woqulCnQNG50fNHluNc6blpCDXBFO0nO29yUpqcGWU2mDB1IAXOgupw/7uS3QEPwdttKZyygTOW+FS1B/fUIJonuhKk8LIrQM+ZTUqeaDfHH9/ob3sBNnfeGuZ/LgHjKzALETvX1MvZUjoWWv06AnGSGwpzHq0JykXmnZorzf7Yo0wnaYSAc4oaIf69uxus+QQxnGxOU02m3cg7pnI1wsHDcO+9FdEiKOCePivEVfcg04gC/f7++1V9x6HpAb2yrRBIU1+ZrguoTEQENs37MA0Id2TpkBtHylt4rn5TR7h5p6UZDLqWDFZjvLYoouPKFIhb+4xPXowIVMbF5EfjG8ulZ2ITdrJsgS3S1oxCI+GNLCQUwM1oOXS4QCEnAWNerMRJR30NKmWhqISPsTBjbERYlUOMtA+iQPSBYFgYKHZD7MtPMgt2bV8Ow+f6K4iEQCCRi/X1Rd8RERl5kUOOS/NSm8LnRHPy4nR60QiFNBErJ4RPdHLY6P3Xq2vhDwSbmYfsLI/mBwJ135rhq+SHf4dAA7le20mNw2vNzglyMwpVeU681JMpctrzM55mlg4m0XiT/Ll/xV0oH254VuSvH5uErFmRvg45x98PWVbzYnwtUvgtj1G4ujErvRhOC8DKpexaCIYrK2dpHJTOP40HKJX7RS8kcuRQ8QoFUs3TobaJ0ta4C1kFQurMdYdvL8cVg9scRhUa6HFUdH40gc0btSbkTzRo3keSAV6zU/epphQVwaUnE5YN2BjjmH9Ob91g7u1cr+hIc5cV6w8juczPcvp12+J1zgzdF4qpCvzh4+0n/sD2mmzYrl06XEXk7asql2/xgbFHHHC+Ez5PV1nigrJOTc+vMYetXsWPpEFf2iG
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:50:23Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547442cf-c388-4244-af7a-476e950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:50:23.000Z",
|
||
|
|
"modified": "2014-11-25T08:50:23.000Z",
|
||
|
|
"pattern": "[file:name = 'e420d0cf7a7983f78f5a15e6cb460e93c7603683ae6c41b27bf7f2fa34b2d935' AND file:hashes.SHA256 = 'e420d0cf7a7983f78f5a15e6cb460e93c7603683ae6c41b27bf7f2fa34b2d935']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:50:23Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547442cf-fb90-4d35-9a1c-476e950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:50:23.000Z",
|
||
|
|
"modified": "2014-11-25T08:50:23.000Z",
|
||
|
|
"pattern": "[file:name = 'e420d0cf7a7983f78f5a15e6cb460e93c7603683ae6c41b27bf7f2fa34b2d935' AND file:hashes.SHA1 = 'c4579ce0be83b4f38667e5fa3909b24b8d18a25e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:50:23Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547442f0-3e94-4e4f-9782-4a3e950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:50:56.000Z",
|
||
|
|
"modified": "2014-11-25T08:50:56.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFxGeUUWn/3ciR0AAAA2AABAABwAZWNkN2RlMzM4N2I2NGI3ZGFiOWE3ZmI1MmU4YWE2NWNiN2VjOTE5M2Y4ZWFjNmE3ZDc5NDA3YTZhOTMyZWY2OVVUCQAD8EJ0VPBCdFR1eAsAAQQhAAAABCEAAADI62YlWcp6itQoooQLUqDUOKkYXsRPoc0nh5+lT7Vngp5iFAZG6Pv2n6jT2x7uuC1foDzM4ed0GclenK/9AXKI43iMP+fTBEddS66I4Q9f4wruKMripOhtjjiSyJqCY/neZucL7nUarJgA41gx2heIF5IGKmRF5kMlj1713vu+6nxCf83jtly29VgqP96MbvpIcd2sFw0bUm8jXsVbKSNhk0CIc7vvSG4NpaEw2Kvi0usIo7mutuRryo24FRgr0LuotkouGALOut0oVwy3qx2V0e/nFvlNI+WN2cxliZ8U3XD7WGjVpdPhfSkJggWr0Cqr8J7g6lSKMYGm71XAXghBpko8mAOrSWsoS8omrxeZt2DwC4+CCecBeSLWdKmYoBNsJepfQ9hUPZccbNti1j+c7dy+48KzPYbiyoJdjd76uffHbkyq+Lge5z+srQf3Tp9+/1tLhEJp3iNm2UCOvkaOx/mn2naoINwBHeiA4VVu6DtHKize1jNwQdv9NJaGCojMYwX6kl9NRLZpOSGGGUt1VNPQa2OX8yA9gQBRePDnPRrN5PQQJaYdEntngajOe8oa87WHoYEHp/L3ZwpOD+i0UWkRYGsrp6MAuLwxQuwljjAnEx5HTPyPtcqOoZye6Q5PQVSTTkG5Cc4divG8PuIG22nwWtUvTcqqQzbagcE5cXUMzWZZl4Ay74HYeLrn6qclyH0n6oQm2xQJWUqaDVzKhPxruxeJGQUuNEjPp1bP6vQUeDZRzheFn7AA/zqphdaWqpsruq3YVrHu7kSk4WPutb/rmrK7rCLEHgYZ5+K9qK+tnfUWdNhw1GFpJBfqOGblvXAaX0z0rUcPoguF2ZK+90xOclrrkAsU65T9VXKj8FTCMz+l/3hsLs4lVjgZ6ewqFzRNugsRrTDV/jiXMP9/SfqZjSR2uJ9YfUg1LLF2thDvvDoK+QS2O4dom1dKKv8tlyNcWmewdS6l/iaPM8CeJIEnSj1RUI/aAthFiem7i8iW980P1SZuiaUKn1Nnt22dAIWPxstKf4ZjHQ6jnUrVEF+Vv9G4wih/9EyqkkahocdTZoX8pq58TfPWse8XJqbh5I2twVjrvrgtLaMAjluZ0I7pRyywhlWYFkdud3A/XpdZ5wnXR+VDbr4LUh7cvviDOr09CBBAfq8SLF6IY8X2wZyMfIYDxcBRWqWrkY3Erw+ZzkHrR8OdV7qfqwZgPMwXrEVhVEkGv+HFQ2FxwcjhCEkGfGW98kU6mG5VucpEtTMewC52IVn9tRoCVUU8f/YJhOHH9z2yz6itMWv8eLrQyRV3y2e3LQqH0TljgnUnItx7+fZr5sR7R+kNeXxrjNPFTw2LuC2cVk6L8SEgHIOYOpO8dFbRgANoJ3BUhsLx6TME7I1owS1kxlyVlSn042bJEn4of3j5qYnhkgdaR+5wxdLch+Z4A01TtDV95Xoxt/EgKPcW/aUYRkvxM3ZzsB2XJ3h2dweOz473aB2R4g8t984vRFshuyxPi70LywPYtNPsSaerxGN4WvviuatquKAZxWhlFvBFAPm19Ie4KkgKiiYSEUd6o6P1PdVJjRmr4H8vTYrs5yZjyYSVckvE4A0Wmyqh6+hJGoaqxF4ZTKjPMaUiN/6BlyIRCjTenGu2qSLqpJSuyDNFIqQdg85KP5DkUCT6TeZEuOwjwq+lPj5+nEJLJNHtl1TRegOUTiAkLfDSa174HZataASAcn3hjoiblGi9PTzzPffz3t4561JoJb/35abkC3/1ZMRRup+Q7nduozbo7kSRxzQnR+NxcTwA3XkK2ZfZzn4396RtFUaYYWpigveupd7n6cnXVyivZjkQ2a9s29y7KzPxWNohTxvcG4fTNcrZjv9k4MPzgDS2eB03L227PYAI+RPFaDuCDs8CtWvwcp8q1x9aM6EGFywbImzzyFhDzHxqQpRCFJwTMrsNDHyNfRhb3f6qa3kIZu1Bwo0I/eSsJhUNQ8qyMCPiG7cmNdlbtqyrRvdc1CtBm4bw5zEWUan7TGtbwNY/+xgcozMmxAEpiqlbhXr5AqydOHAKkfY8OH8ICwoLIO+MV+RMPMIZogrI0jSPVc3+kVBFzu6ePCBUOffsHDn70OGtrGuPDugnn3jO5Pb3Ndkvim2taRge842VUCo6Ecxou+kGygSZZ/Rz4j0E1SD4xkQXBHWgFq01YfLyqt+W9/qCybsh5x4DrXMCAY58pVzHz8jmcBurC2a8/sHpR8DJdfcZD9x23F5RRmaI+GGpKYXHBJSH3PSzZeq8cHuMzyE8X2cUr70T66NAVogbZviH8YrNrf9nsMDnajAVVX/pOpjYWXODIG4caJrq9vvmjUnbZdmrC7U30c/g9tAaToyuEV/m5pG/uZnSXsmNpOYrqQHqXHOdJz974Eor3pYCb8eOtfceEZ0k6WKp6UFP18vjMbZDIPaEGEHcMDeBrFnhVlnL1z+qr9J7mQlCIV+0yALrtQBG45NRD1Zp9Ly7XGnv3nPpWv1JvgYBvnMKDvQCaULybwzkcrwSAmGrSBTxIjEH813HRFmB4MjracPwFt1cJgicjAsq5mnswU9YGtANxmr/TMido5wxzTKzRMASRddpYq3DvOhmnvhmFcVlvSKzCyMIdDuM3gfJ01/e2Uzl9oVZ2GEth7FNezMi1fmQJOHPN+YMwoq7+qX6SAOITrXUNxPEjv2TQFBF1hIxBRGSRYn3uxqU6HJdzhjZeGnZCKzLLQv6ls4q12VE29va8+9sshNVxFDHTpNQ/vvCY3sR+uuO5FE8GeF7pb4RoUyY3IkYtVfUXZE6OYd/n46Kw57M9MhBcz5DeHXTzjqjn7Nmf0MnHidSzKc9P+m0EYg4p/mIoEwd8vrOch8fK6way78NaY1yGP3qKajEcPYGv/LSckbPmwEXLceEMp5S/xYsOWOISPbXW+UaqSO6YmlW1v+tlnvtJQuLjzgX7mte2Bcy9K97tKGkkthgWiPhZM3TyHdGL/G4NBkfPETNjxz6HIDBFT0Tf976xHwu3osEYNrl9GvMZ8NNx71meXgpJghB9oGEEyqd97no38tKd/k/laBIdsJgdba1OnOlvQk0+tVLcLc++t+qW2iGkdkV2CEjWYq6NfMrBd/fMgBwciwGb1Q4Tcb37VWQrB93mzreqq4Vj4CCuDGxq5BT/BcK4tPW5GavBSJ9AnjW7jnUadGYq/MN3bPipAAAy8qDwQO6jzpqWiDbFFKQZZLGGTowo+yEUpbHul19RcvK6NPwMh7BLDFeSupGBUOMqTC/JCukeTNhiBmCmHw4LRM+cKNcf0b+GKY/0+abHRipcgc9CeUanYq1YI8PaKZiWmTIcuUUGxmfnboMCNx7b+bCqtSezHvRMjiSukUjlQBnxgVh0z9G0+h4sgrRKEyRsDmpPkJgDV30XY2h5O0f8e24dG6/4RwYoNRR2PKvZFpnClV4q+ij2xIw+dggw4IsYyL4oWeB6OhrKJcu+BPXaU4YK28E+lNpyTlSExEoEtAcnzZw/PfoCIXz3UUjs/lPxIJQ0yx65U6CqYx8oAUoNVCxlm1YjcL1WV5oGtmRXX2RCFRkGGI0Iy/FzYCu/kPYBOiJer6pugH2sZh0gp/r2wKQRhfG3uSwUDKorQmu8Y6BlamvOtNv4ZYB+ykCvrqoaC1w2extnJ/EHbBvgp0uvzlwlQcTzucWrLr4z+atjct4M8jZJoJF/rg6k5TniZhxJGM+7vGUGrFZfvDwvOLXbk8l1D4bkpuDueHiMAb2esrOSPkxWbiRyf8ez4m/HHnrM+q6w18OIr1dJ50McUNzqZjl0eBLYdxgGg/eugzh+AusvbPMQCimfP1f/EyOjL2Tpo9/nqZIYUft438debdnMkmZW8f+2L
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:50:56Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547442f0-c668-420d-9fad-4a2f950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:50:56.000Z",
|
||
|
|
"modified": "2014-11-25T08:50:56.000Z",
|
||
|
|
"pattern": "[file:name = 'ecd7de3387b64b7dab9a7fb52e8aa65cb7ec9193f8eac6a7d79407a6a932ef69' AND file:hashes.SHA256 = 'ecd7de3387b64b7dab9a7fb52e8aa65cb7ec9193f8eac6a7d79407a6a932ef69']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:50:56Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--547442f1-43ac-44d4-9e4d-4a55950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:50:57.000Z",
|
||
|
|
"modified": "2014-11-25T08:50:57.000Z",
|
||
|
|
"pattern": "[file:name = 'ecd7de3387b64b7dab9a7fb52e8aa65cb7ec9193f8eac6a7d79407a6a932ef69' AND file:hashes.SHA1 = '3c4d91abd0507a6b77602f0c580fe5ef943b0f68']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:50:57Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5474430c-56e0-4885-bdaf-4056950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:51:24.000Z",
|
||
|
|
"modified": "2014-11-25T08:51:24.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAGxGeUV6FvGhnBwAAKAtAABAABwAZjFkOTAzMjUxZGI0NjZkMzU1MzNjMjhlM2MwMzJiNzIxMmFhNDNjOGQ2NGRkZjhjNTUyMWI0MzAzMWU2OWUxZVVUCQADC0N0VAxDdFR1eAsAAQQhAAAABCEAAACJ0WSRszyQEBPdWsKQWPjK6V94dYfYv00EGc/WFYFrqn6jJJDu19Cb9U6h9rPE/qPq4GwBA4gIReh3zr0do4J10GWaAiEB0L+jiDSbCCp07zDG/AVXjXRO5cLUoNFev0GEhJFko7x4+kaSSlRxkpuPaOqTBna9drGjYOwA+AXrK4J51a1Hjuc9t2PcPJSA0lZAosSkEjopQNwfqTLGRJ5wUFQcvlqw0kxWOqEOKXvQbFAznVjzcPMt54bGwxWkx/R+gweQZEzkHvQDOYVNYmEGR6GB49X7ccnvxHoVoGGJhh8NtAll520ylMflHueaDgL6D5Lg9ozjkMGFr3P9+z4/AhtN8MV5eJcdz2x4I7aFUBrOulLoin2q1zhfdxKgMaeGSJLOL+Ja88HSYm1oZkX0iwB5hD3Nl1cD+7MvJqDyOqwO49Ti9R3ER9Uy+AuXVae2jVvqWWO7Pq9/KH/XrJ/H6ohkzeSfcx3ttT1iajqkg9rJICW0HeoYMc4NhOGMBumEE8VVfD83Fz5bK8mPQ7CYa8mBrMP7y5WZ0ejuWxPNpRYg6jlmhigGlo3cMJfYtBF9XnTTm+2s6Do4wsV5d7+Y/bm0y+C2UGGmhgG+mgQuezr4zAc3di6ELM880QzTifpbTsbZgL7TdEw1Nyqrh6OlL6a4xPsmbJtztDssEWZUroZ9hJT/gv2w6tLVZtWYLXerYXm9v47hF2ZmqJ2pOZmhoPB893Kk3GghoXNzhn4vRSkYU5Jp8s+H8QpRKOB5OOKI+UjIJBUUDLa18+9iDzrwQOanddGQVdA8aG1NBAOZZ6OS/f+eSi3YnXiOrozNkf7vQKnGxX3jBIJAyZ5urntfq+f/va1Z+Sc7X8l6xPK7Kv+yxeF7L24JRumzU89O94OUr4HuIbtzOedPItVVujRpUhog3e0B5jWTNa8becLVKb2QjxfZ8dt1xASkTcitRthpKXwnNK3YCp711LqgqhETCPUibabg07T2o2cQbqvXBA9nHAjIbwxgTopz3GcIAEswyCY0uLTo/XtZx2L1TlIdy/FvZTKsJaBL9OdaZiKRIVyZcydd7glHkLl6f7xe1tbWyEIiD5mUQDB/N2z3j+3MG++6OiZ5LM3bXEZ/H34pvEKh2uNZOS1N5u9X1OFTA7pdrWLwScaRBKeExeyD5Z/0DT7pv6C+A4ItCa+0PDLEVKZY+TilJC2OOifUmQ4f2kPQ9OkMKdu1lsj15L2naemhtmyEe5QiFW1tfFODQkgSbYEGDrSetFyOWX9OIK0eXKu9CovaXSb4o2P5vb8JvYX7hZkHCvlasQcc/Nry08M7ugxmSdfzR1MnvatpWxX9soGBAXnd9mDE3m6PLYi90Y+QaKSSSFqYYXRklCnicUxdxmalYQFHLUYDmztn9MtfKKacsr2+Z9+uW8RFW2tOmnsVl9WV9a3/DI8wltO3qeTQRGKrBq2A4UhdtFANiiNPITOr9UONHkX6241gvEXZxF658BBGo45MpgLis20nCp7on2CkP+zPcZR1mVv3n0QmJO5+MVAfAWqDzCupkA0EHXkjuBJjYAMt1SHeCGEKE18FRJIi0RXf4mnV/5OM4yNDxuS8abH7wu6IKCKm0kanQSQu+4BBj0lrj5biFYFEqsuUrfyPdbnJCAzF9SCYqkUt9h4ghrvL4zOsABhVz/jC+ofo3p8VXOFWxVc6ctq6Yp9p6u1DoWFW4OPMLVC47WewQ/bHOF7slvT0/unWmKg2hxfk7HkNtkifWj6Ey2WChMVNtrakqIKJxcGPFMm2ec7GXBqFomARpqhW39uUiDe9JpeRqInEm0/LjrxfSnIPhB2kkh/w/Op1jWprsegMABA1s5nP5Ix77n78ZmuuYhkv593HzpqpFQ1XXOSBOSlyCY5wAsCX8BfPPFfQ7ftmyGwia1v9VjE/pl1wwP90BwjCfwQUxCZO7EQROyRTKea9nususSo8SdiAme4soANs8JJ7IyJwn2PBg+Jqdlok/IEvttIRw5EEJuNBBN7kU1d+sgmdRRXmMCkWngyjVV9/5JdqWmu2q5v3PCCoOaP6hGrbQskmqETSlpE+QIj9bciiyO9TIhURF4GwUPBPzUgG27WKH2ZLhXp5SIT6gr7uwYJSLGdh7IL+92iYrF5dcH5PR2X53uFCI/fV/4CfOaud4TCEncvBlogNCrXreF4v/9eguqi9ZJ4BH2ODctYdDv+ZKKbq3jynU2QB4HTXg+4eWMfL5nfvWEp6PCHoE01WfcqB6n7U97tLPPNiHL3LgTHVtGO2Bu6n/lwft8EcgXBbgUe51Cj6wpmuvib1GFfBxNEDgLcOaGt/YtMB7it+Xtyj61ugZjLyCCNSyo7WKCEdaat9kdFgefpq73IZyXKRHNxsLs6sPUpTs/krDJj3x+UzbcrgUK+OT5hGT6UFPPFYmXA3aZH0cfrVhOJ3Jg/hUJspnVcZOtKsjoAhnyB7kolIu9r0D2xqLvmcKa9BLJ/cYYt4dQoFN0ejhmciV9F447wFsjAy0u4xdF2PbyFXdKmG8f9WyVXSoMcVnb7TG/q3ztgVbjqh3q1HidldgVPZyY/w+awOBeJa+1z/XcwLqlNy+WG/FZlINjFKAaCXSw6WVMpPBvsP9vIRrqWiPLqHOsGCXv/gF6fjCgNFUAaEtrfCcqlfxcif2sf9s3I4HasR8Jypi8EtMZTxdMHG6/pWFTxapF/rFn7ZiIEdtpCAG5rS8FYsvGeWA8CyE8TSiF7IeEII1+wQBuU+ouhppsBU8hxOqQGfmPEQ7zzuQr8THKihC+UAQlLAVaXBCQJaq0ECQ7FwqabDHzwpNgM2olZGkGbzf/jllt/U6wkArCqJbNJyjHYL7b1IytWnkO/O5TU0gCaeBg++PK5SAB0xTT3Hyuq83mdOBqoViukhSXdg/csUYbyN1rDnL5zoTUqxoBz0L9II3+OhhSfD61QgP+WyCcGmtXCZMapzq9FXRm25WugB6BE4pnoG3VJkzMXqLl74TxdCFbLaYfFpLGF4RVpsb5NGhzD1R5ouiCoL+6eLgLK1De+wkxF4Ffc44rQdC2Ow8OOFotRajwUOOghytnRwfs1U8PnJY0dtOVnHKMmpDTfMbW4qsNRSZp7gUp5n5k0vTrw9368oBC6ccI+kaUYpMEFWcLoP+hgoDhFUsokj5pcUIhD02nJQ2QlGPaWVYHrpEO5t/PNsPuQLPu2whkvGp/V+lZnOh2Xl0FEP7W3OLvxBTM5v8YoUFzVmVOy6zMQRiuLkm4CYevGF0Gxo/AnuqlhNNfeDfiaJ5zP8V4Y/DoXhuwjKvl+jc7iW1/Omu0LW0WudbYKUq8QRzF+bAi7BIsWvfNeuMHB9w7gvvWcpQgvRqa/y3XucY/c0kFIIcpQDNlHQfQBMwhj9cUv9o5sgmWvhZr5ZsnQw+Y3Jixqa74u/dOKot2TSQk3KelrjZCe/T123GujB3kFCovhDVx0EOMji0MenxIOSdlSnnO0w66mXtsLtlBYQPz4npbZf2xgFFzdWbqg0XRo8oVIAJL0GlNQ7A+SKsOCgDYI9DwqLOW/cu4lXoJ6SRdA8B4bbWCpBpz+wDrfPOtwQPUJAI86aIT703k0XctI3z4/+tMWoVh8uonhDHU/I8oH77OZDS9zO4DuULomIveFKzdSIgzptEPL9mIwdsLpu5fUgNYFmMoY18F4mkqw0/cUpdDL8z0IH+U8A/+cTYePbunzG0mPMohbvlvhRTdFO7qHwJxMiBraWsqJeYAat1IFHawKYg+PJxbsQo5mgaxnwv5FXjlP+wJ+42C0IPY9Mtjbg/fcogeN2F8ZFzUMIp/nRR/qXkJKtX2pb/IiROwOEbyKpKi7uj7YW2ujNtqZ9PcsCkOH+rT
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:51:24Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5474430c-7ef4-4454-adf4-4c2c950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:51:24.000Z",
|
||
|
|
"modified": "2014-11-25T08:51:24.000Z",
|
||
|
|
"pattern": "[file:name = 'f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e' AND file:hashes.SHA256 = 'f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:51:24Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5474430c-ebf8-4795-b603-4f4f950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:51:24.000Z",
|
||
|
|
"modified": "2014-11-25T08:51:24.000Z",
|
||
|
|
"pattern": "[file:name = 'f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e' AND file:hashes.SHA1 = '9f0dc086875e6b06efe6bb3aadf049ce00f9e486']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:51:24Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744315-0c14-4f9d-bc51-dce3950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:51:33.000Z",
|
||
|
|
"modified": "2014-11-25T08:51:33.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHFGeUVn23JI9d8AAACEAQBAABwAZjg5NTQ5ZmM4NGE4ZDBmODYxNzg0MWM2YWE0YmIxNjc4ZWEyYjYwODFjMWY3Zjc0YWIxYWViZDRkYjQxNzZlNFVUCQADFUN0VBVDdFR1eAsAAQQhAAAABCEAAACpfDBxHPqafdl0lyLp9SzEqcTIH2wSownH2reM9BrUKiWhsUMLEjP7HW5hfGK7PTYX4aAOHYI+80v/UO3ByYyxbtLYIUvwohU+sYG75OEWfQTnp5yMeJi0H/qPvGW8bwkgp806iyQtMxsKKqK0jRaMTZ2LkonCFYg+SKrguWiiN9k7sobgGZIgo6BZAHyRjweoV2IH6JIsW/nyY5tl4d2J4NFzfVfVY1JzlRdVZ6iT7ZOXaLMF29TxmmPrOCskUM3G9ujq4h4HnNpU11T7wC65IT8Qvns+BkSeHrJvhU1WzeqrkZlKfoCknzM6NprSMHejhhP6kKXN/VsswlcBs9J1RgEHZ/RQiUSOE9eu1m/q475hNuNlvZdy9W3CLzURQToeqZeQpsad1TTWyue7yZ4X0fVyxEASJEgnyLGGIpw3LMEKZnFU4pIVwuDptav2S2ZkdJxH5dSa68KvE6Qv8B/klUsDYQnTAYUt0/007wUC3u5bLClB4upIE5OWUWRcYHfJD7UObk+5reFQW7GX4CGZs3mR4qla2qjOURJIWMMEs2x+xRCqvgWt1OKIn1OlyhNO2BdRhc5tcHgVKAMjujTo0I/cSZ1YEpkvNggXfhil7zTwACoZJmyjAtOkQVjXeaomSVpGd//0gGibX48ggYKQMjhRP8P6bJKJrA3b4mzSOK1Xs6FDUH+aHoPmcyJMXjZe4/nECtZGqgOE7VCKkvH1vPiotowGVk4VTvWOktV11/iqntT7NPT7vZu6pJQ+wUKig4HExk/tBQFNaX0kuT1Uye1dsWhaSEK7KpTmPQPEF8dE7D2vNi1StgltA5+KroPvIMyPmaZy2asEZ76Q8fBUvcdOoxzbcAdJKzY42DQFwCK4V7Eb9rFqynLcBvNsgLNAiZk7hArCHJ/A4hF/YwtUlZAbKFToTJiVXffmcvv8x1OpJtmMPkv1+Xdo4iZRJPw54PzlOZuAt2PiIu/wgTFpgtlNb6Amr1g2dAPh+r4dIQ6XjAGFjG4fmiz9TG5jE/eofLxtX9UuKyDkrCg3hPVFVKKdNxx+7YGJliOgC0dR6lQMjMR2atp0JkYP4qAGSu41BqEgXSC0eu1181IA5yDEBF/+jYxvmu4Xkvl58AHproVmr2/8QaW04bGJrUZ1WxI74MBMp0RPuvikoqpjtSqzeHvV7zp3PyqK0QvEROWD1Fi8YuueH5dtwetFBtAF+6pGs3Ca5Dk8t6yBTrB6wkwimChrB6CZoGpPZFZvNEChKL1J+R1uUfTKVAWB6KG+7+1xWXliEbKyH4BVUj4S1tqC3Bpqo/3h3MCB9+3elZB9I0xKUm4HZOPXfNFZd8toBLERtsQS4o6mh2u7plgaA+30CwI53s2kEJhbWlgSbwIdJvif3eCzQ9rq1NHxj2DPDaYg2Zl24efFR6wcerEIGvxAq1kBq7dhq30CyHFUHNfCl6G5qhXNEvz6NqyvVl3nAYvnVnNwq98S8ARKX6YeYzGC7PxPDm/sBl58jEqMFekIh42tCFDxTLec68PXs9oBJ/J4IaYLdrqcVydVA17tsMavGJ9RIq9CD4qYbMYXEI0a3O8LtiWqdfYRpKts4lxCxt+Hn7PI10jLBwLnNtz1n6+KWFc8AAzL7H0M0jJeuS2ioGXerLbjl3Os321/WmtSSep4wGYbd1FLzJ2aa6njg/jyYV8IuP/yjYYax1+ZH/2HaudQvOFCj6ba16t/tfwkBcClAj2sm3uww4yJ/vZAiAN/iagCPoTNDeiQ7dQ92oJeuArljuTic24Ibz5J4yxjK7g4vDpfi/NpqTFV5YtC9NrlOFLOqRUB9dUEEdC0HV5ca2pa+y8vvVUJBJYe0UuPZgqLbCxiMF9pd5BgXi1VjPCOvvKTHbmWX9h62MpwoX/kvAbL8HzQtH3o207/C0NgxoXVcjVxHazxoYiwxH5Mbs0lbBSnbwQlr9L44iTd/KdnGyOEBNi/t6eg+Pl9pjIZypN4vUttnKH1nSBZQeaM/cyqEWBqrUbL2ravLidSKzcVLHixzub/tR6ulet/pm+3b4gJKvod5pfSznCXnKJ92x+aEbU8Wfxya4ElXUnq4zMR5TjkVcsFUH5EhHn0q093IbcH5bnzn+oJO8EmrK/lTr0p/NgGMseHMzGNrAUVBGhJK/3m/Lyzg1R/qBcT6DgyWje9QXUa+rhI+QkPMAbK2KDFiZNLlOH1VCGGmiRVvhACrv8yIO7PgoEsChEtYXoxz9GrDfyRrtTyRjpaZAcwd8QG5Hk1SfH2QMiewWeqtxA96Ci4zfN1py1J7gUd+QkOySdns8btL51Z9WHytJWimZcLOfWrsTwrfcEosz9fVrNyy7MUUaQFWDo51HzQjsH4/quUSHya7VTqTxmpGK8uTQtdsAKAsszjgPFS0su26slKjP3gAItAISUTk7CS6rmH0Fn5sOSvNNsbupG7mwgcPYnYhMp/RcqVlIvEwkXy9Y3DDfILVKaDFoXa+HZfa6e4+DB6CGAP9jKIfzIcWVJfy2/e6YgMNYQ01701tSsCEMysG9hq17XxylwfvLI4qe7F6swe/IlRaJaJadLqdzQFb503fz+fb2SqU/hfylBspeleKAzrVNy/f/T7AFei3tV42q9lKRq/c0Ek3v+6qgmmhzYZrjFpVAsMBlPfTrjRd40hDjOBXBnNPwgqvZU2FN4RE32qDGQ4ZEofEQMz93FnZoA3ZIGjT+uZgln5sbWDZkXkoQwrybAAqYNc51sDnGILezHj9WqV5GQKfreglWr750GImmgICpo9dpW2vf1EQTauIn8m8t7AH1z2sX8sW2tGCiij3doAnunF2T9ULdGUFssFXDcRL1YYUuWjsgWHoIwpZXJpR0ZZxgcrc5YY1xsZJiXIFFObdnfOlDMxrgZfZY8NwXqPnKYKqXsmxF8glkCmcjh+tKgoCQ75W894+RgyAc8rrdyqYC2vX+3J1Fy40lIoyZHgsYNAB4sz2bgS75tCxEGHLPuVwAzphFLF43BkxHuMG6h6XMs37GKGFj47ScSDEGN7dDwFpn7xf2lty3uVoGw7vYypNizKnT+4/Qy+AFtvCYU8w06Hpaf4i+EVbPYMafUgTEZwR7sRKjSORyz4CsvEujasinSnDEb4hWw3WQj0nz1QS50d4h6R03RitIM1GoSLpOYUb9SBXxb6KL/DtBWxFllZLbW32LFRtTmCAknO+hrcEtPFdRmTeN4ve1GXUxZTlQ+Ym5ynVcEFR8ILiZk85EcmiOrwaJJuIr09YaKVe8PytmdWtFCummy5Zkwi73WP113u3uZCOdlRR5myMrK/pk7YgKG+10LSv+bkZCDdPmN2YnqzkWACHnSYTs4mIvWmkabPJcMsAMSTw2iTP4p0nYtaCkAFpgdeknySpllsFY3LA2hBon/eClOM5q9w+rNl3sZwoFXtM/R0RGi/gZi0J5/PP0eqZVVjuXtFw6+Un6U5YhTVhqopS+2ZV5uj7E4WfABKX5fe090ejKm7ALO9YtCwTeCsXFLzADgMRsP8UV6Rj/+mU3Zhej0LmZxvo6TkRXRTpDDprUnn0mUuPXtQM3PyTs1IzRIHLTdmdMrZbuSV/dRBZk3OW3NUKKFXqypOVLH1yyWzSCzF1WcaJeW5H05UUHSyMQcDHfycvNy+TUTvZ3YY+FWGHJihmMeOxpJ6mLWv1dNieSci1hjy/4UdrCzPf9M5PNkIi8O06YMuVoTE0u8DRrmEMXeNJlw3WItH6CwEJ6aXXgubInCjp9UWsWzJ0p0z1TGuQtMubkIdHWE+kSG6KJOL0tR+1mgkHULQMk95ZQ6lR/PQUkkRO1IAEUBRd+7AnBRFj52Xis2Pwj88o78sHahWcE4jbMo3xf6mwh3iPy6xPw
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:51:33Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744315-1dac-4dd7-85c9-dce3950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:51:33.000Z",
|
||
|
|
"modified": "2014-11-25T08:51:33.000Z",
|
||
|
|
"pattern": "[file:name = 'f89549fc84a8d0f8617841c6aa4bb1678ea2b6081c1f7f74ab1aebd4db4176e4' AND file:hashes.SHA256 = 'f89549fc84a8d0f8617841c6aa4bb1678ea2b6081c1f7f74ab1aebd4db4176e4']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:51:33Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744316-5bac-463b-b312-dce3950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:51:34.000Z",
|
||
|
|
"modified": "2014-11-25T08:51:34.000Z",
|
||
|
|
"pattern": "[file:name = 'f89549fc84a8d0f8617841c6aa4bb1678ea2b6081c1f7f74ab1aebd4db4176e4' AND file:hashes.SHA1 = '773d7fab06807b5b1bc2d74fa80343e83593caf2']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:51:34Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5474431e-7130-4628-b29e-4374950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:51:42.000Z",
|
||
|
|
"modified": "2014-11-25T08:51:42.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHVGeUWIvKerPSIAAABEAABAABwAZmQ5MmZkN2QwZjkyNWNjYzBiNGNiYjZiNDAyZThiOTliNjRmYTZhNDYzNmQ5ODVkNzhlNTUwN2JkNGNmZWNlZlVUCQADHkN0VB5DdFR1eAsAAQQhAAAABCEAAAArdx/AWDIyLCzv04pNJUHqjvRj6ksO4aiRGoiDGu+a3cf89Nj6CT9IG712Fj7Twiyy98Mm2mtSD44Q0cJ8zC9s9geNw6n4vg2QPeV1nuD/TzX8cmMZI0vzW/JqwUh3ZEGcneJnivaRUCAv4reZx5D6f206r4trQPlFuT5uAkltBRtUJwR9QAaw4dyK3VDJkBKRO6Z7vMOzp31eh3wEmRfPKKe54tqigg9pROEXnV1RlrPSk3Mo5uWIUFd7ZmYogtW8jkD9KbngogzWNa18q3k5H2S9R/+cCul8w6ET9mPIbxAJzx46XCz7sNHX7qwGWkNzUosRuaN7kmWgXhpGT2utiI9OZNf5gkI/LDqK5ZHes1qI1vii31oqucXDtCqiDwXbQeA95KuG8FAlQ59UYZU6MCAXHEpJIHkd+F1XcS87H72EWl/pwdSXFx7WO2Fl/5QZ6pM1XL1VokPLHOnWRUrrB0BtlRApU58njmJa9vqdNg3Ayb4gJ7F2pTIBqGGwa6lawLLt4WTK1peE4WnAgvMAHApFKeKGjKXUlfPfIaVzs6ccN+Nk/1fr2Z6piCfa5Gh22H2D5HFA4gtYVl3dV7u3SYc/vGxopCr1HQNXA77e0bYqlmiT0Va2JZs4MG6GM+8gNu/2etLNScD5FjBGzOYwSDh7rG1ySGcOC8zSE+RgcQxkRN28tLvb60gMQXwYi6F6L/n/naOpY4Dyrezdz8LBS+EvQ/piXkYRWM6tuebgD7qCkodF6qQxw6jQRKesWKp6ubwy4xyE6krbnrWb/OfSomLtN4iiJP2E2OjCwKcOUD00uCO4MuPHCv6nDd7heYnBJOXrJj/SeemjJTYmnzpM1b/o01sUhKQiszOBMu2clAH3imJwjqj9Mf3DGsmBgOYtdCWaT6YRaqI4PxE7qYAbR+DrPRahKJWS8NqqCCpJmLEaBqV2wK1VQJfBPQOLmTVOGwdyrCQJQB3OKUIzC6n/slsKLLL93pNsm5WUeUlnGzIKOEcqKfzHamaI/upginfVpj0Ma1UP1EvyeuxtbeaU2oY+gSs1eH5+u7HXs2nLpZ4JlF0E0iZjsrGkKROPrqRWo0smYuYAIMXp27ydHu58GFNDBqQcdRddp/ZlE6TETk6oL3aPqXJDotUl4zuqjiyVQe014QNx9Hz+EuXp47ThUNyqlhyG1iP+oCoUOYXiyE4hza354NcpDaN8fWXJov/J7IZtFBUuZIEd7neq07EhdzjRXOV+xEvcXiCk5a5zxghvWqCsufLeIOqG5qRQoz7tQW3tSF+lSV9WEUNX14FBg0jXUN/1mqJkaeYAMSxfnWDA4LJFQbveJEINbwHOwZJRM7dRJQ9pS3K90L/HqHNcW/INebsSBN/RGZtJM0LPb3hbIeik6Q/EMzs31rR5nAyU3DOrHWuGTedKHUh2NOnPFAGfO1FJmMzNo2MVMVXt4h6wRh6KlD7+93OKBu+uajMZAB1/nuDHQmrlT2dJTq32kcV0UtJlv0Ow1WhHdlTc7g7hgR9YOCpVKTHZ6UI2W3AdTmP4NNaVj9MizIU8jsIuaH0q3dbnbmR0DgfjnJNQpNlob+pOHPmyYuMqU7DIJgP8Qs8kyMeoNQnv7Hzub7LeDAimH2uUcs47CivdL9r1qSniqQ4mYQ4ykiGnx2o/nfQgyJqinQld/ViGM0GIXKiRqvSnHJurUvOp3+SXR3ykTjsAKkMMoEAeDdpAuomAZ1zRu+e8IWpNyK3cjvMH+F2eUjUTNoE7x8DLLcw1NT9KbvgQHqCraLGwUN3TZM4/1o20ANHB6YeoQ+T5MNZE+CuA96SSmx/R18W19K7zOzGKspNDimloIMWZ9MyFgx4PUhL/FN8uX/flg/UiQUibOwxLUwsuwAhmtbF4yjwsUBhF0tsF3GaGz6pcI8SzAay7hP7qdriRWNG3GvkB+d8ivFPVNJhWb5WxKvJBhI2U7vcoPX0WqNd4xkLIvsxsELeaUuV4uoFiBPWTNmcDZaXs9PzQo4BMTI7OLsfip7+FKwZb/NjypuQD+h7fPGoh7uzTV1MCl2RbOhHVwvNSgvksU+YkExU3BkMnwEsoXjLaj5TxfvLE4tZUoUm7gPljxmKkhc/tgoqX7xuKpsCwIRmEHXiCD1F5qitCHwUfLg6WjRwA9JZDNu9/UMz66QucsLAXgZqgUdRck5MzJwuY+G3pFE7nBcVlt3RecRwk1Vgc5RSRV5Oj7ArgucX3mtdabZBbkO+Ol9QzJn6fG5moobQ9SFuNMEwug7MWzt3xgPn9hjJ7LOqdKAZvMTRmkQctRRNzejZbfhXRL2f6HnlDKOOHNm1bm1uzKNJ8XvkrRLxvlV5MSgNmukatFoFgbAcBAQip+KmqxP3ef78oEXnJmOlNfYfY/LwrvwhLi08lEZg+Wt5G8EEAWkqzu5vhFqmFQp1D/xHRvRb6da+u+yXrM2JS6Ax8f7LnEPn7z6mdLodAXO0piGOJiHZfEy8Z+O+bff18GSBEp+pavQc/RAXdQbIbZfGEhslKHDde1Kel8PjyEa2yNQntdrrMwmuV/XBTnXwm5k8auKDt3A4seVJNd8LpoKvdhG0R8asC7TpgJQiNbMUxAVmSjhqJjTHkNUiwmjgjXi1VgPKNpnYbEPupaPyLfFnxIn5g1wyDu68b0MyVqykcuN93oYJ28bSYqYT3f6u4Hm82XM1tnWQr6+DIJVU5doT64PT4XmXLdruXAvE/dPynfbqBr92VMdFLGjb3aNWckqwh78tT0oHGGaW51TezKPeuzLNdS3gTpNCdYKMSyE595Rnzfud41ckq+QTI8ocZSJZqMaFdIbI2wrrB/pMzRBjcWjxhOs0fGg4kGdOzDoRGwKyYWuyvljgxM4Eyx7gezsqrv+TqPsaCl/9VraWNi1hEqbucC18bgLq+k3LGKXAtzrAnNP3dAY0c3z/0YXTOAU4ohV4Kk4DIblK5FFLsjmB1HeHuxmoEatDFvBL1+bj4ZCp9D16iL2+IXQGgPsAXJnz+7iLLR7+1RaLn90iuu/2l/v5t5V9y4j49JiZwOF5sAM6zROxygGFPYaE07hyNo96xiczG577dmKC6/wvFl5+ctCNP0sB4AL8zGYsUtz8wFtLdyejUK6fgU63VAA3y1L5a794C8MqIAuNEeF72Q5h88C2O36FwoK6KCNXNTLYHXC6XZuAZoL50IG4/4aM70GFjx8oJwRkemddfBX8CJlENK1jXDy5vjVyXRZIr2SDTTzk1W2U6jMURLI1Alpk5hdDC8wPRgsOk4tGAYjYSKKFmvJMgL81vAIITAS2Z/SMZDFXJVLR5hnVgvSHYmNrfE885Op6W9xGCSNhNojFxTCtSILiBUVRgzhqfRz/mu0tacCBP7DfK2QG5xv7KW6BME6Vm4rbJsP7FDQ7ZCQgAW3eimlZL+cy0cNQgyOICO4friYaKbeywAipiwA61fMoGXj8YJf4hnRTiNIcvfQh+dl7i6KCKRfMMRS6ApLOHIgwjB4MHsC3cbNeIkLZUuahuAvhPT/mBus4FATnUkk7HxjBJrugak9VOfSOW9x3gKLcm/sLazJ0KpQe6eErN6u2OrYHGIaRuQ12Y62pN2bc774diFPRC6bR7G2vUf1ofsv+Aa63yr27ALi+zAnlgtNo6MRbTTXqi8HI7jzdcFcSN2snvkGfQVoowgoqqHr7UA+TLA5gr2p+A4z8hHlRLpJ0L+Q4fbFLs9iFPVMttiBnQOWWOdsQQu9eC0dSm5c4Annyr5kZP+v+s63EU8r9HOukkw3rlHC9yPY+dt0cCGUxxIBcmkQxpcH5E+rV4qdL6APKx4XYCFhxq1ZWkKGUkAXcgsBf0lt1/uSOMMNcj5YpLzBniVaSMxE6KYa9+xR
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:51:42Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5474431e-4d4c-4408-b080-4a21950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:51:42.000Z",
|
||
|
|
"modified": "2014-11-25T08:51:42.000Z",
|
||
|
|
"pattern": "[file:name = 'fd92fd7d0f925ccc0b4cbb6b402e8b99b64fa6a4636d985d78e5507bd4cfecef' AND file:hashes.SHA256 = 'fd92fd7d0f925ccc0b4cbb6b402e8b99b64fa6a4636d985d78e5507bd4cfecef']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:51:42Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5474431f-ead8-4858-a770-4581950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:51:43.000Z",
|
||
|
|
"modified": "2014-11-25T08:51:43.000Z",
|
||
|
|
"pattern": "[file:name = 'fd92fd7d0f925ccc0b4cbb6b402e8b99b64fa6a4636d985d78e5507bd4cfecef' AND file:hashes.SHA1 = 'ba25f786a6e07696e4c9353a44b8d0457f2f3ef3']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:51:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744327-9684-4b54-9da1-9e39950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:51:51.000Z",
|
||
|
|
"modified": "2014-11-25T08:51:51.000Z",
|
||
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHpGeUU2GMr3pmMBAADAAgBAABwAZmUxNDE5ZTlkZGU2ZDQ3OWJkN2NkYTI3ZWRkMzlmYWZkYWIyNjY4ZDQ5ODkzMTkzMWEyNzY5YjM3MDcyNzEyOVVUCQADJ0N0VCdDdFR1eAsAAQQhAAAABCEAAACeM7QHOuX7w5KEqLTmXsQWIx7h/OueIFR8OUK2Twh+oi8a4Zsh15PDaW0Ai9zf0kN+foDLRUr+ML6mgv4cUwTHbUVOVjTPsGbp8da68fA8wN7O6UaasqcN3ddknCcnphELYf0yS+oTuh6xf9ZTWhZeEnmdisSBMi/2yP8rIR9vK3WNfQvHXeo8f8n1mxDIi3wgmpY2TKgXHs/Is6QjtZB3rhToThbbMkQ7XZkYqMHbVGR038B/Gcn/jpe7nzhaz83XHwXkUjQdWL35XjW2BpS2GUZcrSVCvXOgXDr1YEcBwFnMVUDsTi+ZyrR30+l+jAhDn/FsKL9x5Iq7myc9WAFEZYkHL60V2lw6XwPVeK5oCEonIyeK2V/9dkJyxO1anKlm6MHVLC83qs5ES1jOqs71xvsXMQKPeLThAmnxRrvvnnzHRGY2IVStYVjPfI96cv5yTxpuj+wVo1WgFqjx+5+Aag/iVUIZVFbtNj4CzFSAu0xXQ2+PC5aSsX2/v+bIsGwQMmR27svLkM2vKb9xV1KHioX6Ife2EMmee9NWcDQwKjAq2y9qtf0/OzJTqOpwzNDsOIBwTvy/34IhJvT+S5n5gqDwA2Bh9BubONm2O9SQDnfADlYlIYS7tZlM0EhlwDXP9lvLbj2djpQvtf/jtdFEQ+oSziEIgt+zF02Tlfeeo5fWJyYmLm9Xyz9Jg338N/NLrt7/iEntzQ/2X5MxhSyMKHu+CPes2yAgbMYsIswK1EGLqo/q3XWLZdDqQ0usU/J+E83pfxZ+9bW0eRn4JI2azqP6b/m3lbLm+o5llWXcGR/v4itkTJwp9ooSYaDwzyrWkyo7eMyrRgpf0AxljUFksW0tIBnwUn8f1YcRz2qYOReEeGI157k1EOCoiRz1vqk17bsi2oWDApekghpPTdnLVdIc6s2v2nYli2iTBXbdjbrTlkAIa6i5FOOHGNVwlc7+KPbMop3QGuc01+ebooTP2MH/OukT6J6rIszTZF5vcTzR9KTD/JAltqfBIxXm6iXhzqlMYfAeOC4bQ8rSzHPQns9Le3BUmnjDhS/c5/jJisQVZSHFsuy1zpvR0vI9Kbl3zc2EnlyY1lasZdiS5lyLzMwxJhBCmaBmotowNb8RCrG8cAY0p6S2zzysJBO7y1dcuZ18mFcs4tGRzIY8KwZ+Fg+rXsUX/PpzDvg55A5g3jyxOfp3/4yPZCMlRc+yOwiiwoCuPwYXV3PMyZgrRA9InyFvN36WBNfNK0TkCO9BXtNvajJbWCV6sTF+bhKoCif1m7FFqA/xNETb/5l6p/TREdkoFI9Mv8RmFf2rElcZRdSZtav8Cxeyy6uxxYD5qeffn3qNLeBQ60kp1JwrcxuZ4SD+8uzQoaTz142A1jBl4tWX2MvBmrTf8pIVLydUPAoPJql7TOacM158WbjM+f8d0ctSMRS8Clv/b1RaYqolF6dkMBY8rXL6tmzJ9iUYcvJTtIU1IFzT/IKQk7yOqhtYP5z9CymhRGSiKFfnBQ3+9JRiYoYhAdXXLxE8rG1eQQQBCmSirfTGE3J0A7eaYyQ91h53sMpPHQT83+bl6LqfPhuIMOIsfX4lmrI9kA1hchwyin+UBUgTzf1g2Rxk2OqaWwwAqd/Xw4BFjZ5kJ8aRRYutDm+y/y2qnTqZlCkKzvnoTUvJ7KLyadnusTuJm3dP6ZikipKrNmnlyH27RnB7fZOBF9y18/LnTw9u51dTzdMoedqG0o9UvLpkohMQJPGWBPZ2SfOZLA5ePg7O5MkHat/pawEAxAeqhofbx+Nkz++aXObux14m+K8InTS2ZCDGTFJQUAm62ZB85qjqHJMBkwPeigtCXpK7JDql7phVAz984d8cjLAfYmg+K8WE4azniyhZSYEFtLl68XA9tgILtRkiSx5yO16JyQK6aykylkJ/tKyKdRB4FLijrJLeYmH13Ov8gvbCdMXh4gsUiXeKMfqwmpJ14JT98k9AVnbCsG4liamuziMtMcmh1Fyg7z/LU2naTRsGPQg8zuLdehHKeFTX9+30dKv3u7cwYVrudpWx0JSJuLj2ReL1IrfpsONzIAtPJCjUgpsiRBPMfK5cGcLtUbc/aW1bIo9IeSVDEa6teYSE37lJfGZhBnuXMugWeA5BMwiPCH/64oXD1iRyn7paNrEFCZ2hhj4suAL49MyV9J7CamdEIA4oUq1IfYDK/ccWdE7URFaZHLb558jfIvhhNub74Z2En/VjCoR9Wh2s7KcTVto40JxamROSlmrlVUMH/QgmVPUKiApruD3hBDSbaT4kb6RMb1duvybI7/CMwEbvKP8v1r7TJRkMUgoiWYMoCuZk9KyU0ZvNM9qylU7b+fXB54cnzbQh8Xa9P8nWJMNOYoJVSCG5B5WyTSc7rkV3ZjbIY68VzRSiqpLw7DsHZImVHkCLgW43CNHbAVE6M2syh3mBukwhGUWLAcHuBrJBCURGIoWGNiwuEtFul7uaQ5LaiBNkkxSnNesY+FgYRRiLUxjDEVcrHm+o9MRU9yWwkwDdTmEfO6pM9w9w9vMrwqj8asheeL6Pb4vn+eIMZp29lsN7iB2Yck/mG6cJlRg5nFCxdAfl6Pvj7t/NeoIc61ELX1SHHoMDAlqbYo39C2kXSRlcTC2p5fsdxRnMeTul63K2p/6kSWggc3ZC35QGJ+FIYLqfUZnsqeeEWEHO2THIJC2hnez+lLnX0difMWKg4rKJEg/nZ8ENQCBLtHsjtqe4TwGNUQbxLNxEBiAHI96tSa0ceCheLgT6ilMiNNJwdHLtIloMvV0VzE3DC0VDKY5IcGhU82EEebk6ZCk9QEJcWjh7ZajBCHTzMoSPKcNCsuADIbyo5Cz256vRXSFDWHN0zDUghccSzXmqyye4UXppDf3x1RWXvkEv4/tLQ+AGyEhC8iYvbzTSX8hADf3vKAL2sUXgzWm3O/lwsfa89q16ibGpSLYbEu17/LmCo6dvLetxjSjgqh3iiecjEkG+S2znCK9DRl3kGbmqnVeJOW6h3f+i0bfMjsb/zOi81THmcCz+42ffE5l9KeZN6tKOCrPpOgqZXcPdXpmp89wzxCdVZsYiC0MPw4YrhfP6WpvWkSOSyqo+TwM6bZ7FkChMjmaWHmbr26pBxG9talti0iz6sSjNfu4mNJl/cbQn4KX9TpVOhWbEW8LlUQhtMbsO81TS4Hx6H/FT0ZlxFxhRSX7eOdx+iymv8rW1swCIkxMgZ4rm2Eyg9L9ZWMQ4XwYhzQEQN4wpQhFkOfqMGUxX5iMi0TCcnon0/KQ2J8I0Thi7g4jmyiKvjUPkbaUC/CMKxfoelz6hcJIuhzzwlq0cCTRHkT9psmM6GQoThjah025kz+01PY9qY+9UN9FJwxZH1SUAVPyo7XonfgblsclxcNRBZlXnpiZ202LcIJb5gap1rewc3VIUgluaTdK0gtn9EU3+5Oh5bWf7kmJOmVuVZVS9Jz8hv6qWJpqkgslWl79/5dvtpqf0KA9Ip8GvvBb5MHFK11RskqUbQO73Ln+KwXOMWCHZGbPbjGi+S79HlLzdi6ix8GSTbKKu4KBWF3QcJGttCa+PcElznVAG1meGYk6sQ4GhVjS0DiDrnCRaOZUCaDJkrezOmWZE/J4OZSl5IutS3YY4e0X/ZC9jTfZQa93DEook1JjUdrd8PbOaxertk3Kl/N1lvE5ZFjHDi37/8mT8xRit2gK9lQxqw2A2RqOM7TTn5bBaKs8wIAwP7D3vEkB3j25u0racsKbUhz58cVjBITKf/Wj5HeaYigHi2nkFG1KBGRW+R1CYa+9AjqQ8+Bvtzx5Jg7r8xaU/zpAZUuEIInzKKWjlbvMTFqcgEFnrCnGm+WM1LVf8C+un+xm8n46XWf525U
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:51:51Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"malware-sample\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744327-5434-4699-8eaa-9e39950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:51:51.000Z",
|
||
|
|
"modified": "2014-11-25T08:51:51.000Z",
|
||
|
|
"pattern": "[file:name = 'fe1419e9dde6d479bd7cda27edd39fafdab2668d498931931a2769b370727129' AND file:hashes.SHA256 = 'fe1419e9dde6d479bd7cda27edd39fafdab2668d498931931a2769b370727129']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:51:51Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha256\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--54744327-5ae0-4bc0-9895-9e39950d210b",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2014-11-25T08:51:51.000Z",
|
||
|
|
"modified": "2014-11-25T08:51:51.000Z",
|
||
|
|
"pattern": "[file:name = 'fe1419e9dde6d479bd7cda27edd39fafdab2668d498931931a2769b370727129' AND file:hashes.SHA1 = 'a7d84e7f091d919f4cda645db152b3a6284b578f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2014-11-25T08:51:51Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|sha1\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647c8-be68-46d9-ac16-599d950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:00.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:00.000Z",
|
||
|
|
"description": "Automatically added (via fd92fd7d0f925ccc0b4cbb6b402e8b99b64fa6a4636d985d78e5507bd4cfecef|ba25f786a6e07696e4c9353a44b8d0457f2f3ef3)",
|
||
|
|
"pattern": "[file:name = 'fd92fd7d0f925ccc0b4cbb6b402e8b99b64fa6a4636d985d78e5507bd4cfecef' AND file:hashes.MD5 = 'e97f6268c7b5f2f8844e2c1bfaae72c8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:00Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647c9-25d8-481a-a44c-59a0950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:01.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:01.000Z",
|
||
|
|
"description": "Automatically added (via f89549fc84a8d0f8617841c6aa4bb1678ea2b6081c1f7f74ab1aebd4db4176e4|773d7fab06807b5b1bc2d74fa80343e83593caf2)",
|
||
|
|
"pattern": "[file:name = 'f89549fc84a8d0f8617841c6aa4bb1678ea2b6081c1f7f74ab1aebd4db4176e4' AND file:hashes.MD5 = 'b0a35d8ed2d852230265bff39e57d9e5']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:01Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647cb-0e40-40ad-935f-599f950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:03.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:03.000Z",
|
||
|
|
"description": "Automatically added (via f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e|9f0dc086875e6b06efe6bb3aadf049ce00f9e486)",
|
||
|
|
"pattern": "[file:name = 'f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e' AND file:hashes.MD5 = '06665b96e293b23acc80451abb413e50']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:03Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647cc-d820-4529-aff7-59a2950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:04.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:04.000Z",
|
||
|
|
"description": "Automatically added (via ecd7de3387b64b7dab9a7fb52e8aa65cb7ec9193f8eac6a7d79407a6a932ef69|3c4d91abd0507a6b77602f0c580fe5ef943b0f68)",
|
||
|
|
"pattern": "[file:name = 'ecd7de3387b64b7dab9a7fb52e8aa65cb7ec9193f8eac6a7d79407a6a932ef69' AND file:hashes.MD5 = '049436bb90f71cf38549817d9b90e2da']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:04Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647cd-4590-43cc-b40a-c652950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:05.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:05.000Z",
|
||
|
|
"description": "Automatically added (via e1ba03a10a40aab909b2ba58dcdfd378b4d264f1f4a554b669797bbb8c8ac902|0a151553ef4c7d22ffb94a1fbc01f5b4f1900964)",
|
||
|
|
"pattern": "[file:name = 'e1ba03a10a40aab909b2ba58dcdfd378b4d264f1f4a554b669797bbb8c8ac902' AND file:hashes.MD5 = '6662c390b2bbbd291ec7987388fc75d7']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:05Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647cf-2ef0-4e80-b253-599c950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:07.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:07.000Z",
|
||
|
|
"description": "Automatically added (via d42300fea6eddcb2f65ffec9e179e46d87d91affad55510279ecbb0250d7fdff|d905d4981164640f7e28c34f82e4954da6d9fac4)",
|
||
|
|
"pattern": "[file:name = 'd42300fea6eddcb2f65ffec9e179e46d87d91affad55510279ecbb0250d7fdff' AND file:hashes.MD5 = '52897d02af0f7658e64e0db6af537dc2']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:07Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647d0-15f0-4a77-8a0a-c654950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:08.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:08.000Z",
|
||
|
|
"description": "Automatically added (via cca1850725f278587845cd19cbdf3dceb6f65790d11df950f17c5ff6beb18601|601e1e0539ca6f44f32e86f2ef801a0e9402b60e)",
|
||
|
|
"pattern": "[file:name = 'cca1850725f278587845cd19cbdf3dceb6f65790d11df950f17c5ff6beb18601' AND file:hashes.MD5 = '148c1bb9d405d717252c77593aff4bd8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:08Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647d1-6be4-4a21-bb14-492c950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:09.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:09.000Z",
|
||
|
|
"description": "Automatically added (via c0cf8e008fbfa0cb2c61d968057b4a077d62f64d7320769982d28107db370513|f8645b71b2cb515278d3802924642124f5ba9b7d)",
|
||
|
|
"pattern": "[file:name = 'c0cf8e008fbfa0cb2c61d968057b4a077d62f64d7320769982d28107db370513' AND file:hashes.MD5 = '1c024e599ac055312a4ab75b3950040a']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:09Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647d3-a1f4-46d3-8e71-c653950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:11.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:11.000Z",
|
||
|
|
"description": "Automatically added (via b755ed82c908d92043d4ec3723611c6c5a7c162e78ac8065eb77993447368fce|b5e28342e2d6d587be1f92770e9517f44a0f279e)",
|
||
|
|
"pattern": "[file:name = 'b755ed82c908d92043d4ec3723611c6c5a7c162e78ac8065eb77993447368fce' AND file:hashes.MD5 = '26297dc3cd0b688de3b846983c5385e5']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:11Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647d4-4a38-49a2-b7d9-59a4950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:12.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:12.000Z",
|
||
|
|
"description": "Automatically added (via b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047|75a9af1e34dc0bb2f7fcde9d56b2503072ac35dd)",
|
||
|
|
"pattern": "[file:name = 'b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047' AND file:hashes.MD5 = 'ffb0b9b5b610191051a7bdf0806e1e47']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:12Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647d5-ca18-4c96-9970-599f950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:13.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:13.000Z",
|
||
|
|
"description": "Automatically added (via a7493fac96345a989b1a03772444075754a2ef11daa22a7600466adc1f69a669|3c8d90b7bdf097811a460a0835206d4bfd56c4a2)",
|
||
|
|
"pattern": "[file:name = 'a7493fac96345a989b1a03772444075754a2ef11daa22a7600466adc1f69a669' AND file:hashes.MD5 = 'b269894f434657db2b15949641a67532']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:13Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647d7-a580-4cca-8010-439d950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:15.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:15.000Z",
|
||
|
|
"description": "Automatically added (via a6603f27c42648a857b8a1cbf301ed4f0877be75627f6bbe99c0bfd9dc4adb35|3672fd5ae126e920217d1b90a25b691e467f3ff5)",
|
||
|
|
"pattern": "[file:name = 'a6603f27c42648a857b8a1cbf301ed4f0877be75627f6bbe99c0bfd9dc4adb35' AND file:hashes.MD5 = '7137720651a55fb8978138c8bf36f00f']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:15Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647d8-2714-402d-a803-c653950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:16.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:16.000Z",
|
||
|
|
"description": "Automatically added (via a7e3ad8ea7edf1ca10b0e5b0d976675c3016e5933219f97e94900dea0d470abe|b6adfcba6797b5377154a811f70a335767a511b0)",
|
||
|
|
"pattern": "[file:name = 'a7e3ad8ea7edf1ca10b0e5b0d976675c3016e5933219f97e94900dea0d470abe' AND file:hashes.MD5 = '187044596bc1328efa0ed636d8aa4a5c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:16Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647d9-e710-421b-961b-c654950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:17.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:17.000Z",
|
||
|
|
"description": "Automatically added (via a0e3c52a2c99c39b70155a9115a6c74ea79f8a68111190faa45a8fd1e50f8880|89a366a728171e101bdf2693b44b280c543d9ee5)",
|
||
|
|
"pattern": "[file:name = 'a0e3c52a2c99c39b70155a9115a6c74ea79f8a68111190faa45a8fd1e50f8880' AND file:hashes.MD5 = '1352a9210c8d9120f55f98f90fa5fc5c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:17Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647db-a0a0-4816-b3b1-c652950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:19.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:19.000Z",
|
||
|
|
"description": "Automatically added (via a0d82c3730bc41e267711480c8009883d1412b68977ab175421eabc34e4ef355|b1b874f0d4457033babb4f28f55c8a6e0590e9df)",
|
||
|
|
"pattern": "[file:name = 'a0d82c3730bc41e267711480c8009883d1412b68977ab175421eabc34e4ef355' AND file:hashes.MD5 = 'b29ca4f22ae7b7b25f79c1d4a421139d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:19Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647dc-9694-486c-95f4-4126950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:20.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:20.000Z",
|
||
|
|
"description": "Automatically added (via 5001793790939009355ba841610412e0f8d60ef5461f2ea272ccf4fd4c83b823|bc79d07eb4ec7041dce91596a56cbe07b5e107e1)",
|
||
|
|
"pattern": "[file:name = '5001793790939009355ba841610412e0f8d60ef5461f2ea272ccf4fd4c83b823' AND file:hashes.MD5 = 'ba7bb65634ce1e30c1e5415be3d1db1d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:20Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647de-3dd4-4ddb-a5b8-43e4950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:22.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:22.000Z",
|
||
|
|
"description": "Automatically added (via 8389b0d3fb28a5f525742ca2bf80a81cf264c806f99ef684052439d6856bc7e7|bdd2872798659ea9fc6f9e6c3300a5e949a54e41)",
|
||
|
|
"pattern": "[file:name = '8389b0d3fb28a5f525742ca2bf80a81cf264c806f99ef684052439d6856bc7e7' AND file:hashes.MD5 = '47d0e8f9d7a6429920329207a32ecc2e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:22Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647df-95e8-407f-8d12-599d950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:23.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:23.000Z",
|
||
|
|
"description": "Automatically added (via 20831e820af5f41353b5afab659f2ad42ec6df5d9692448872f3ed8bbb40ab92|8487a961c8244004c9276979bb4b0c14392fc3b8)",
|
||
|
|
"pattern": "[file:name = '20831e820af5f41353b5afab659f2ad42ec6df5d9692448872f3ed8bbb40ab92' AND file:hashes.MD5 = '85bd9de0382a13c09705c26a8306e22e']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:23Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647e0-ada4-4e2d-b091-4e19950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:24.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:24.000Z",
|
||
|
|
"description": "Automatically added (via 7553d4a5914af58b23a9e0ce6a262cd230ed8bb2c30da3d42d26b295f9144ab7|bcf3461d67b39a427c83f9e39b9833cfec977c61)",
|
||
|
|
"pattern": "[file:name = '7553d4a5914af58b23a9e0ce6a262cd230ed8bb2c30da3d42d26b295f9144ab7' AND file:hashes.MD5 = '02c5c3983983d15405875894cab47bac']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:24Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647e2-8970-4b49-8850-c654950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:26.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:26.000Z",
|
||
|
|
"description": "Automatically added (via 392f32241cd3448c7a435935f2ff0d2cdc609dda81dd4946b1c977d25134e96e|5031f07749c2639e57a6628a4361fe363d77c34e)",
|
||
|
|
"pattern": "[file:name = '392f32241cd3448c7a435935f2ff0d2cdc609dda81dd4946b1c977d25134e96e' AND file:hashes.MD5 = '01c2f321b6bfdb9473c079b0797567ba']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:26Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647e3-02a8-4ce7-aa4d-59a1950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:27.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:27.000Z",
|
||
|
|
"description": "Automatically added (via 225e9596de85ca7b1025d6e444f6a01aa6507feef213f4d2e20da9e7d5d8e430|16c126de5e55fda930e8b01a2714cb62849eba11)",
|
||
|
|
"pattern": "[file:name = '225e9596de85ca7b1025d6e444f6a01aa6507feef213f4d2e20da9e7d5d8e430' AND file:hashes.MD5 = 'db405ad775ac887a337b02ea8b07fddc']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:27Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647e4-4da8-4a1e-b288-59a2950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:28.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:28.000Z",
|
||
|
|
"description": "Automatically added (via 40c46bcab9acc0d6d235491c01a66d4c6f35d884c19c6f410901af6d1e33513b|732298fa025ed48179a3a2555b45be96f7079712)",
|
||
|
|
"pattern": "[file:name = '40c46bcab9acc0d6d235491c01a66d4c6f35d884c19c6f410901af6d1e33513b' AND file:hashes.MD5 = '4b6b86c7fec1c574706cecedf44abded']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:28Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647e6-5ad4-44d9-946a-c652950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:30.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:30.000Z",
|
||
|
|
"description": "Automatically added (via 9ddbe7e77cb5616025b92814d68adfc9c3e076dddbe29de6eb73701a172c3379|5f39dc77ce189dbee5758fe4ca07739c5bd454f9)",
|
||
|
|
"pattern": "[file:name = '9ddbe7e77cb5616025b92814d68adfc9c3e076dddbe29de6eb73701a172c3379' AND file:hashes.MD5 = '744c07e886497f7b68f6f7fe57b7ab54']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:30Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647e7-d9c4-4a93-9e4e-c653950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:31.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:31.000Z",
|
||
|
|
"description": "Automatically added (via 9cd5127ef31da0e8a4e36292f2af5a9ec1de3b294da367d7c05786fe2d5de44f|40ff545ced31bc32b65be19ed2739355c054ee52)",
|
||
|
|
"pattern": "[file:name = '9cd5127ef31da0e8a4e36292f2af5a9ec1de3b294da367d7c05786fe2d5de44f' AND file:hashes.MD5 = 'd240f06e98c8d3e647cbf4d442d79475']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:31Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647e9-f94c-4f70-b416-59a0950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:33.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:33.000Z",
|
||
|
|
"description": "Automatically added (via 8d7be9ed64811ea7986d788a75cbc4ca166702c6ff68c33873270d7c6597f5db|b9d34609371481c5bc0147f46ff393e9c60805a3)",
|
||
|
|
"pattern": "[file:name = '8d7be9ed64811ea7986d788a75cbc4ca166702c6ff68c33873270d7c6597f5db' AND file:hashes.MD5 = 'bfbe8c3ee78750c3a520480700e440f8']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:33Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647ea-95e0-425c-867b-59a2950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:34.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:34.000Z",
|
||
|
|
"description": "Automatically added (via 7d38eb24cf5644e090e45d5efa923aff0e69a600fb0ab627e8929bb485243926|e0895336617e0b45b312383814ec6783556d7635)",
|
||
|
|
"pattern": "[file:name = '7d38eb24cf5644e090e45d5efa923aff0e69a600fb0ab627e8929bb485243926' AND file:hashes.MD5 = '2c8b9d2885543d7ade3cae98225e263b']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:34Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647ec-6ac4-422f-a0bb-59a1950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:36.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:36.000Z",
|
||
|
|
"description": "Automatically added (via 5c81cf8262f9a8b0e100d2a220f7119e54edfc10c4fb906ab7848a015cd12d90|6331b41759174ae72f2e2ce3e0850d42f4e7c97d)",
|
||
|
|
"pattern": "[file:name = '5c81cf8262f9a8b0e100d2a220f7119e54edfc10c4fb906ab7848a015cd12d90' AND file:hashes.MD5 = '22bfc970f707fd775d49e875b63c2f0c']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:36Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--56c647ed-856c-43f1-90a5-c652950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
|
"created": "2016-02-18T22:38:37.000Z",
|
||
|
|
"modified": "2016-02-18T22:38:37.000Z",
|
||
|
|
"description": "Automatically added (via 4e39bc95e35323ab586d740725a1c8cbcde01fe453f7c4cac7cced9a26e42cc9|fea8a97304a74e965bbd1149c6c23171b61ff1da)",
|
||
|
|
"pattern": "[file:name = '4e39bc95e35323ab586d740725a1c8cbcde01fe453f7c4cac7cced9a26e42cc9' AND file:hashes.MD5 = 'b505d65721bb2453d5039a389113b566']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2016-02-18T22:38:37Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Artifacts dropped"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"filename|md5\"",
|
||
|
|
"misp:category=\"Artifacts dropped\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "marking-definition",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
||
|
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
|
"definition_type": "tlp",
|
||
|
|
"name": "TLP:GREEN",
|
||
|
|
"definition": {
|
||
|
|
"tlp": "green"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|