896 lines
140 KiB
JSON
896 lines
140 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5721cf79-61d8-4af9-8314-4756950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:58:42.000Z",
|
||
|
"modified": "2016-04-28T08:58:42.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5721cf79-61d8-4af9-8314-4756950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:58:42.000Z",
|
||
|
"modified": "2016-04-28T08:58:42.000Z",
|
||
|
"name": "Malspam (2016-04-28) - #3 (unknown payload, not accessible)",
|
||
|
"published": "2016-04-28T09:00:22Z",
|
||
|
"object_refs": [
|
||
|
"indicator--5721cf91-151c-4d7b-9165-4bee950d210f",
|
||
|
"indicator--5721cf91-6678-4d8b-8d94-46b1950d210f",
|
||
|
"indicator--5721cf92-1248-4c7f-b08d-4a05950d210f",
|
||
|
"indicator--5721cf93-c27c-4d22-9f8c-41ef950d210f",
|
||
|
"indicator--5721cf94-4b04-46c8-b688-4321950d210f",
|
||
|
"indicator--5721cf95-dd54-4efa-9f57-402d950d210f",
|
||
|
"indicator--5721cf95-b444-46c0-bb46-437e950d210f",
|
||
|
"indicator--5721cf96-2dfc-4507-8b8b-41b9950d210f",
|
||
|
"indicator--5721cf97-8a40-46c7-83b7-4108950d210f",
|
||
|
"indicator--5721cf98-6788-4be6-8af3-4c9c950d210f",
|
||
|
"indicator--5721cf99-d48c-40a5-a61a-410e950d210f",
|
||
|
"indicator--5721cf9a-0660-44ae-a78b-4666950d210f",
|
||
|
"indicator--5721cf9a-b324-46e7-9057-4dd5950d210f",
|
||
|
"indicator--5721cf9b-99a8-433d-928e-4716950d210f",
|
||
|
"indicator--5721cf9c-4cd8-4be3-9a6e-4bc2950d210f",
|
||
|
"indicator--5721cf9d-d278-454b-b2cb-47e4950d210f",
|
||
|
"indicator--5721cf9e-e480-4d49-a47d-401a950d210f",
|
||
|
"indicator--5721cf9e-dd70-4a07-9f40-4e3b950d210f",
|
||
|
"indicator--5721cf9f-db4c-4370-a81d-4d87950d210f",
|
||
|
"indicator--5721cfa0-8890-44c8-80be-485c950d210f",
|
||
|
"indicator--5721cfa1-1074-430e-a9ef-4aae950d210f",
|
||
|
"indicator--5721cfa2-0020-4b2f-9f7f-4042950d210f",
|
||
|
"indicator--5721cfa2-7b20-4348-8d84-4ef1950d210f",
|
||
|
"indicator--5721cfa3-e67c-43f9-9818-4a7d950d210f",
|
||
|
"indicator--5721cfa4-326c-431d-860c-430c950d210f",
|
||
|
"indicator--5721cfa4-9070-4c34-9433-4cba950d210f",
|
||
|
"indicator--5721cfa5-3b14-460c-87c0-4052950d210f",
|
||
|
"indicator--5721cfa6-77b4-467b-97c6-4dcf950d210f",
|
||
|
"indicator--5721cfa7-a78c-4b3c-b4d0-421f950d210f",
|
||
|
"indicator--5721cfa7-98b0-4ecb-afb9-415e950d210f",
|
||
|
"indicator--5721d038-1858-4031-a8d9-4526950d210f",
|
||
|
"indicator--5721d039-3ca0-463d-8fde-4f93950d210f",
|
||
|
"indicator--5721d039-bc0c-4174-8d45-4cb5950d210f",
|
||
|
"indicator--5721d03a-cd94-4b64-a94d-4a8e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"circl:incident-classification=\"malware\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf91-151c-4d7b-9165-4bee950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:37.000Z",
|
||
|
"modified": "2016-04-28T08:53:37.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALNGnEgNB76fSR0AAPVhAAAgABwANzVkNWQxODUzY2RhOTZmNDhmYjMxM2U3ZmZkMGMzNzVVVAkAA5HPIVeRzyFXdXgLAAEEIQAAAAQhAAAA48J0vIZ6rJnYC0sdqpi41RI8laWxXXsomGyles6BqUZxwoUW8qzMIbWAT1/x00ShxBUgp3GUE/Cwk9aNSCvEh7oq4QmoKw69+iPbw6vVVpRJO+olQY+U9ArYQjklxrvQTBWtcJKMZcjbfCKRznEnhkG/WHEEX3DuL8TDS+BSKD1QxzzsC4+fbta5QQqEJSF7iXqoZeuZkuPUMYG3cTXw5d3+bPMke4Ekc2+4/mdgRzoZr9/Di/c+4SQmEu7s42dxudNX6bGODQsI7HRq5OcSyGIY08jCN5zlbhOM+nlbcGRucYCQPlS1mtq6hslwrfI4ag7abOBgn3pFqiorCHp58VU/2jrWUwqHCRUNInAyj6QYxkoGEydhSxWSVTP5zHBOr6kV8Ntnpw/jstAi5CUN1lQeioCg4f/yMak/35C65evzIayJo6Qu9cfg0Y3MzxCp8f/ul75zEBUp1HHbRGrzwyQZsmOm+GRpgW4ShRUrb2iDaNMuqkcBByFDBJsIJIndQmBL+0Mcak4FOo+RFKVlIh/KdEcXWRE8VSHtlRndTA3FDTuktTe2bvsQKXoHOPkduYA/OB86u9o4JzfFbYRj2N0+7STEBp8LOfg+ge3GIcilghTrSRN63fWGxDHjTwFNA00Tf5D6O2USxrF5CKOraDyk/np8tRz2Z0rfwkKa3DvLU+e7L0ACWkLsR/xf+eBQIH42RWLo+OdBR9PO1n7DjMl3lSJ8JlqkAOP0QeKPegulOoxDIDDsGzq8umXBmPObFF+q+lxH8ab5xGDiQ2sfOC4Hm6q5Dl+wpsjNIaYbhwp+rCA3N1vb2gqYE1Dk6nW33lJS6yqK3GZgkt71crrJGh6arXAE8ymnBsZsnbHhqzBeuTKk6lCCZpeXKgNZ5KTnd6nXJrZWWLhhq1S/3NiNWv/i41zdduiZaGvYT+HOijSV6lsWlvFZhz9yH77cWNtOqHHhEcC68I00anoRJBdozU3DkxW0ztzOVrB1k0uONeKpl+cbtG9l5CCzhvtlW1Tjs/t62qV+rB4JPG3Q62x1h8pNj12I7xRT8zPlbvaT3ujpeRiKkHM7oyQRdfkdxcQLSwMs2u2O3l3L9m4mhVJHRt275tnX7zbeM1UdmPPzwBcDWgKQESLHV85bUnmZNe4HqQfnx1d+WY+r+nwHXVIuF3T8LhQ3q1CV2FQvb5cRKaYYTV3IudSxKyWGsfK6r3wBAkAZIdB6flBzIT7aTYIw/wjnpJb83cHsZxVLi1P6eKrL/gxgBS+QN50PY84BS/+lqAy5gulPr2f164FgVL/xGiUefXqCndvo7ZwIjVAATCVb3BsElnzQpaPV4UHLnekx2yOh1pHGAHywnrVB6SOks1kGAG27g0wzPbIT1PAxIaLLNHhwhPUaLYFkQIop3gyh3iFLOBcCHoF2u0AMUR0CaQwDU6mln+c8WTEonBdFQnzJXaBlzwDHVZaB9CbpuNmq2S/nItUtRwHd+ARWuC9zlvmrVFg/+3u4ufrFMhTQqY6E1rKN+92jhr5t3HXYD0ez/nXQ7v5EjrSmub2Q8eJEZh5KW0oN8blIs4Z8QmCISXiUoUUkZD1zrOV5+No2VzpEx8OVI/a4Kf1YftodJfuIDO9yHIKmIb4uRQFAJaikDMIqao54v7/+nNfmIblMerU3lnH9ogu0rMNtYitY+peuCwWRWNbXpHbYiP5eTVFbGXfgQAnsuhZK1nXsknyrUePDyRHfBBrPOyjUEQwdT56BnAGop/2vtyFBd+eDPUSipEqd0lWUVtwx2uAlgF67guJ667BOGhBuQWNBWhnUWiHQzHeX1s+ZpVdIIILtUSNbzxsd0qIR1KKPg2j1UePTkt1fivAIT+rLqACmqGbY233yaQEfKslbuYDko3c0HJuDPHvR8OkWOV0K1drazit/dxi4mYroPq0qeLkjfEF4YBOzObgKxotEbw96H2iFv1I846SLIsr0BjgPehoas1M2lca9YDtdW/ldQ41qYJSCEMkrL4wYSfxBXaQxSIXX2/qug7vAwj4myokmiOYXP8/UKzkB0xlOVx6Fy7KFI7ptdkyO4mUHBpBaa/HddmYo01VoooMPGTHFiFam/oUmZ0maEpN2y1bw4xuY996t3rxBm43b9rDRns9MxkJDQcdoJWlnRaSbNER9zIuPVUFltzUiEyd8/Osoi+Lf1KIKNRWtNjlWTBkqXEx0ot6xRqZiZPluLUKm9RM9yubLfMiFODeNieJ6UFWE+FkGdJT75s7zL2vHDppIWDOWTXE1xE9TTtjbrO/IB6h5HqPa7e0Eu1uWU2AUx9xTg7c3F6xACznTA9oodjeibCKbnrK4rP4QpV3p/ZDXvzVIpEjFnzC04jdfyTnQIJT88c2LiJWlYSs5wrOkysW5vhugo0uQ5ZsAadZEKAuRyPQaFwAxtgAhzJxdjrnKiHIl723N8XNSKaDy6vQFd5kQDwW9gmSptG5wyBZMHbOjmcOQW/U3RmMmDumyEP+4LEVpovHpecWP9DF5DpbPkXCCWODPUTb3pSVbPnvLSMtOPCCw6v7X6bhfrOil4fN1f/rFF7sR/W8URyTiBTv8RS6L2RGMqquA3RF6h8mfy1uilYBk5uBN3bRLC5/2am+aafTOViUcC9JlKH/VyzMQhAqdD0F/Gxd4Z/7CWr0Rn9Ap5WxFV4V5r3ZrkKQdMzH6+cuSI6g/XM/JC5+itpx4NlVe6+yG//WFcBamea6oORBWFjaTUadVw1o/NnYzNJBlMzf1KNOnAEHKps9lvYIAzBmldqB8oUti8c94nkKVrHpGJxQnHFkX4jss6CH8QySasqPHxUV8TXJGEN2mmdXH3gdL5fxQt/c4oSsZyqwQqXraxSyoli0bTuXEFxH52o9klMTx8s3HIXz8Aw8C4B6gi3aPegQMHgubAhPmeXE4NVROUbDINawMlQi+ndMPN5ji/kmv2BvunitN8aioZkUJTHfSL5T9z38v050WBLAxd713PRYdgvpPlgr7qW1/XIc8yEAsog9EWUhPAJE0zYdPP121CGCrypzZba6mJsnvZSYrsOlgYSe1EVhxL8pndrUlPqvY9H/2ZzLzZgtKldU+LaRa5rOTFXtt8pOPUDS55FPDMXcf13alqWbyKkyRNdQA3TeWz9dSxcnl5YEP/FUm6ORTNAa2Xc7GSWLfK1/QFgvhAnascsrXLClkpu+xFUw8CJGuJ6vav48BiT1XKYEEy2FrsBJ44iY1BdXnoNtxcKzBS/Wgunw3Oil65ciW2d1CHjb3S547McybZ/LpY7uzxtR+BKtKVqubhXRV4qAfee2f59q6NuDGhkfC2P0XGLrEhB8JbJHNj//ghzooCCh/yPb43q2hX8wqT2JYIobKBO1ZqRByQdOOjXeuUABytCxSxsJ+KFGxEGI0jwM4jfHJanECkX/IsUkp6ItujXoCSAJ6FRHxHmp3s7DM5Rl4RvIlA/jI53mwcBoZGJC+BQtjzqwOgDLlXGWWijBCMoDGvxyZVDrme9Q32akBORekfhP5mnBgtjAib1F4mPwXjHyl8u0+ErZNZ8YQoFLV09gqb2aI9cJTiCsrFNqcv8jx8zIeimgiBmzTYYf1kPdU+c+mL5Ht+WZ3bBivqoiY/sRuMM9cpfqOR6t723XsBmb6XSf0jkMRImoiqXzLf907k4qZUFa2fH0TRuWx9TBcUVAGHUZ9ShyqRDcwp9PstsUHpQlmYgK9AHTuHhCvWxk4TbfCitJPZoRH+hGwWj4PEXE+3i/LVlpMKJqj/QDRlotIb4zb9O3lsjTvh6bF9+7SaV1xXzLaZ4/BwFp0BcCHDDqMtkQFo4QYUshTbc+lACyJsBa+WdWp6SAXCVYSxRACZBZFvzCQ+ChgG0qGi9K7PJmAiuQ4wgOGL5pQABaM+QEPPlrvyAFKM9QrlnVkS5
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf91-6678-4d8b-8d94-46b1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:37.000Z",
|
||
|
"modified": "2016-04-28T08:53:37.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 300422016.pdf.js' AND file:hashes.SHA1 = '071aeef4d6a0321826e0c65e5c49bcea5c7aabe4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf92-1248-4c7f-b08d-4a05950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:38.000Z",
|
||
|
"modified": "2016-04-28T08:53:38.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 300422016.pdf.js' AND file:hashes.SHA256 = '8ffa28fc819fa1e2d0bafb84ed2756ac8c1d81af4cdd6bb69b2072cabecd33d0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf93-c27c-4d22-9f8c-41ef950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:39.000Z",
|
||
|
"modified": "2016-04-28T08:53:39.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALRGnEiF9kJJMBcAAGM+AAAgABwANzVlZjRjYjViZjlkNzhjNWFjYjg4NWViZDFjZGFhNTNVVAkAA5PPIVeTzyFXdXgLAAEEIQAAAAQhAAAAcjFD7QULYSBc5ef0061pHsTuPlip/9oEb3WHkG5Osq5MEik3SE6h1T10ByYJPuKAtUpOMTEag6XpiW2KT5KZoEwL1d174pU4MaD9X5hYk0s0KGR1HlFCKXjRJ8Jt6/rb/r984v+Db0GD6M0yDHd7lfok14e3f/4870B36A9Oh937slUANiw8rFSWXV5nksyCjXXWCHmw2Ihpa6xYQSNO3Kym+TZyaMehLOZ/pTf45Avn+TYKeJEMXSZK6aqUqkKFxi4sQ8c9hWW3VZcHUIBRhjXlJ+DLPx9yXfMDrfht/wC7Mg+hFK4q1G0oRRUz+jW1MAtvu+sMG+FFU+JuScICp3bCVf1nbpXaFcBQWdjfrMY1kD6jMbjy3dcmWByFC35zr2efE9j+G9c30vIPFEINShqbLdYVoV1PdEUZiJYlkjqhO8cFoT04iPMO35tjTIZav55oCLEh25QLeSWFO0qsqbCnpSbWCMS/dZhVNIg1gZAU2FhVukoDOEsASZPmusbYXOKzd1ncUsKgUN2BYVkTlV9TyzLYV9vUpQKjPNgh8810o21GhVpZrFjC0aRqRXiG1EoRl03BEyi0HgrYGWL+CrfLDDWXjp7FfXDpljaT6e/eCM+F2PpLimJgOIL+UYD7eyJMY7LtqTxNVgUGHmmd1KbYyCm/Bu0DcqX+KZeiJzenRpJf5iRUy96z4+1KaNOaFrDA4KSb1rNxkXQ7uQ+lM5p6YgRt8NeuM8dS6XSHAsvTFoDACKz7FXOu4W8O06aAKoSzaJ6fCJU879wKfgKdPrgQzI9Ydu+dHgGrXYjNc4IbJQoNAHtFc6SvN+spGnnsI2uv9uSjWncqql+bRilTBFZIJH2nbwDdfHAnWb0Qz+H9KGclr1z+C0ausH+/MhXG7shk4HA9/XxhEfwH9ZQDIgbJmlIDCHwca2NFteLKnhzH0CQeRH/VJeLoN6slJ0Cz5DWjcbpfN6MZgMxHdJibarHEJ4msbVJGwVYzxmm21MyOmrS+TfM+oucc77+3J9P6Ju+FJayEU0tkdpQIKowGyB869U5kZQxE46q8T2zTp4qL8+hx9iYZd3JZNezJnk29zLoEAyIGDjCztN4tAQJCvoIAx6S0mtG2JqMS3fpEUo868d1gQ//Dblx+YEYRXJyrzOziJRugWrvTAKtv3WG19Av8Hmvaj9pTnGvpmmWBqcE9xjuK86ZyOsqkHBxhEJyRihrcLcPV/Uy3hUo01E0l+QQ2bnkO2KlR3PslrpKr/yNFKHuXOOQMvnnjZmISomjYOP4B6S81QofTaEGFUJoGjjvVXqNAoIRPVXwsTcPGt8kaPriKeCXXQuRljwYtRbXzMon6C9mPcaCuLprLNDFgij6x3XQTCdrRzS3EQ3dS2dA5y0rLLwjH4yrJOd6FazLmiizNahNo9G1oThvlEQ6o5DneP3i1wZJLLIlL7tyHU4yj6uvx7ucPtHFfLdSqwiZMwccAh0c8BMbgYi4GFOy0a9kl51hKH2KrhJW93gEDgQc1UDJKK3dp02VjEIRUjLwogibyoUhQtMawkruT/lzVosLpqW5/k5OMA607gzEnWgGfZO3elx5fIiNGJeg3Dp79HySvipbaqgV1/U8OEPKfplfxb/tpXcoRGkOMSK/kw4DFsZ6xwZ/6sXoLj8+Q8UsJO3qc0fYMO304ZTkIfGzT/8Erm7MG5asblGf3kKsXoDcckX2Z2Cg4ouAzXPLGm5e8/2+Gl1c5EkWPIRJpKLQ8K1im4ee+TGNA6NY8bU+3msqKFDNz7ygaHr8CxdVGANGidU4l6DUC9G4eozSwIk+XSWNU71tQXXBM5HHqA3oLpNrAkwKg4uJdE/kpyVyewzy/tHnjTXXBBWeW+TuchgDum1JEITQQ2W2nqRnYnrYuzJrgeek2amjUqYpWgARwhb5mDDjQMbe+FOG8RaAAr+j3nWYzc58eGETws/PWKvCp+tIfoJVuXMTanY7pUhMX3VLIAzcmxHTi4Jt8cc5lmVuUZbomEIOwUAsg0gHquL0NW/5I8wnHveN+vPB03NG3YKFNLYl5AYiLnSNIJ9DEc9ULHJg3U/+5QKcdOf5OPYrG1B/hci9L6OaOxHpRm+Jg8ZnKmizwmjVWOIySkvdjL1vbzcDYE/F0igONNfvlY0ho1FMFFGWFuczliWhHGBkXdvakqsIv4mgoFHt9WlekSCof+brelcQ18C88ss/U0L+8OewYoEPOt/jeMy6ic998gk2pJ5HgOIMNC6sOSIIY59B3dfs8wq7HGTIpEiPEVWLhKe2qOtCOfOF2IuOtDfKaDAA5cFAYpQePZrtHmvC4MDxO92EKpJPNIFWHLUvB/M6T+wKArIiHHNWBMXtNmhiJD5Ax2e0faiKxfKSGPYa5oBU/Eybjptgd6oyXB/Y8dtsYic0Aah7qJTjyT6hYHcPiI6bqA1YWUurgRDZ8+1AbqYbAsJHbrsrTYb/P5pJm0GDXE832rkiixYyXuTrwUJhUw/3rJabPKceTnrfkaGtyKAKW5yMMM15fDRo6GrKq4eF6V0bH9+IgJBfMrWQYhyWPrjfH9TW7L5sUy/dB9e1Oi/G2kr8QDxnYpFi2ogmipo77I1SI+rpydRJHr3i0/NjkY4P5kYzy0m/5qo5Dk7qZwX70no9lfiVAE+/u00/yTPVvAQUxEgh+eaq/TcS95A/DuYCa8CAuZJhYO/5RnudqmBP21Da9a9G8wNC0qTBgqc4hsGDJH4wCykOf9GXEL8vSnZb399e+p04O/HtidWTCZsko0alEOujZUgu8mN7Io487kkD96s78tRCx2cwoUTdQVMDV1oDziyTIeeZb+PMADHUtcUh0b5dFEbBYF96v7jSfia6bBO0Bte2sKEPCbWa3bMetDYqAcwqQYeRm7ThDdTFF5kie1oSP7IwM6PTpGvRtDnNyaQ92FaSTLmwHfUCYpLIyGBdnk0NkQkdsAn68yN8AkeKVMZHOkcmyeEP2EINY8nNdKNvQv6X5IdyXO9asSba+WJvaQ2SUQgqjXvFJU0iSkm2XsXdvrSrH8mKctL4vgTyRgYXP4HJLw+6Py8k8BZImu+ZZ+ECs3w+M39kk5aGVanmziudSqkx0peTGY5LyJ6GQBeYg3XnXAHM5iJ+RTTv4rarxkqVVRynwHeA991UUsyY0/u9M5X6WSvDfa9DFISQjE0sROP2xcTjcNekbRrDncF9nWxYSC6vopxkP0+1vqaeh3kRWFLBa/yr6DnD04Sh5WTbKIV2fbfl6D47H0DlSXMkCpPWJTOmD3hJq6oZtjpbR5bMh/EgISus8taH7NGqlJ1eUDZBOUwApQdN5gnq5S09jNQdm1+QrMhoombJRoTc9nzRPkKLPLr0qYASqTraRX0ngBm8rNZ3wYHuh8yhcJ9Z1HZKn/GFWtdp+44t34QwuCgP3N0H4S91HbgERIAdN3Sm4OPrVeH5N3AKzIhStP/K7RFOaZ1eRWrzF9Xjxt/PnkkKUYlPQX0vZlsQKn0bzSgXV0LiQz8fsCmd6TvqmcPzsEwbyUhmw//iWzC2BW4CdFPSLfbU46KxrJQiZGyf/vz3mesXnE7x3oTnHZvyLVFEpmuj+sXrng1WRdXlOXwS34Mxd7vLcxaVf39sueK9RkY72jDbKW9gJtUTcaL6y5tnnlUgQ/BlJHwWQoIK5ODT79HznoeJE704fCo9rY2VFRIXHOptFBim22NiIUDo7sM805797QzB6jx+0danl5V2EPZw4+jzOkhMNAqsb8hMWypA50gzOHmVfp8TAK0hfrT1dLaTejF/Set4rLlvxNMtMXUYlb+rxu0DfsSsJ7W/O1lyWmFhyEMNzmwR0gwWh99W9QPhCKIR4MullP8fUn+7jKU6rLP6XJ7pf0/N6Q4IxWZgy25EeMkvUuL6hVTcjEtDnyl2mO7caJZ
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf94-4b04-46c8-b688-4321950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:40.000Z",
|
||
|
"modified": "2016-04-28T08:53:40.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 700422016.pdf.js' AND file:hashes.SHA1 = 'c0c80115df52ed02ca7fdfc01db6e3815f2f9bd0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf95-dd54-4efa-9f57-402d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:41.000Z",
|
||
|
"modified": "2016-04-28T08:53:41.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 700422016.pdf.js' AND file:hashes.SHA256 = '451a5087f2db3cb3faa758ed204f43efd6e126617303b8675288686e124fc38c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf95-b444-46c0-bb46-437e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:41.000Z",
|
||
|
"modified": "2016-04-28T08:53:41.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALVGnEiW9quEZxkAAK5UAAAgABwAMTNkYWVhZThmMDE2YjY5OTg5ZWI4YzNhZGEzZTZjOGZVVAkAA5XPIVeVzyFXdXgLAAEEIQAAAAQhAAAAIan1C5lOE7/9Yv3shaT83JfWBUIWJblLe+izsFC2OIhW7vkYgteNMoCEI7lrBWLbeBXLJjzaKyDdVGvdQ6tm6393O12yxcstKm5XD1ACHtj7gSSkrAMeWH9coU4KTFkEXIZVMgNP8h9Xl7sSIsyzGN0711WCQKbZSALNS6pSxFDZ3n6pBRi/dB6Mf0TZVORHYg+tsUhlOm+0uIMRw3ysz3miUeRTIPzvgdwNPVHnAACDu2gWhHiAU3KMl69HmpywsTs8SMoKXSuSxOtUepJvyuFiGhiDMmWc6TnM1dRge87Kp7y8RjJKl4lQ4CLnDwA8MOoUSibG3e2g6F1HLuADXDr8F8PIfYthlYCkcNaOZlmhCKJOmgHQe/ymfhgIsyDGjgpJt3BbMoz27lhPKeiaMbxVs59BvBMef8b9sJfnqXqQ1n4WAWq02G1h4cvbeEPsDHeXn8iK/qmwT7o7d9i6JJmkVbw1gZeKrkK6eEjUM3hsxn+tFn2Jf3kd/DNk7piAbTKkTogUGsKUS6BIKyAr1F1P8qL6/TppBS8ATVYW48uSM1Y571P3VqygYsRae2hLUGycJQ58uE1Qzl+gh/oMRRL4/d5zgEXrmJOzE8ytATnISqbGvPnLJjZT6O+mQ/7PR6g3ldPvowoPYpES2hxm1tWLnn3AJK7JFLMGjLlkFy8Fl2+mV9jsrKuDz/u8yQmjSESD1c9z5/1yFmhmDOJxoMuGtnUVJJLGnOy4WY3tSP5aawEyGcO2RA28hVRN9oTELH2HVhacsIhaSwd5oqb6zaP7GmertcGSEDm1V1JAbElW8ko1j3roBcHYB0URGvf6xEZquL31NUhAO4+7wKVl/ZHwgASMV7zKDF1otW/wpKyhVxYdShE8hhGXWEEb44UcTXUIgJJf6yqpi0oHd+M8K8KXYTD021rVZqGhyio06Saci7+q1wjbfjkfr9Xh79ljQSIt+2udsTtc0l9xItpEiPLzytSk/7g+j93OR09uLn1PRAB2yRrLKuky00G95AlE95tld/1BiO97QrgYdNDYkVeot+hQgbtvBU4vG7uPk8iCpyaxYCBbrhY6ImaI3McH36JPR06a9hkSYQfPLp+ouDOOed/UjAT/BknMUV//Sel7V5v4GjkmWS7Ft/Dpdi6QydGeB/ralTnRhl0XeCyCUizTkB6zzSPTaZc2sC1dtfFJYoVgu3FM/FDehMoy5kM9Z6bdxVine0gAbOfhimrasK5p2nUeDvc4Ge2H2tEpieZHeGA1by05JE6Hssya9dYZQTyxz63aJwkxkJR4OHJaViDAq3QCUzmoaga+Un4eFApCYLWrVhSqByzlH29ODinCH/gqtwz/a9oP8Hv2h4/Mx3aasRJtYojCYfv0mUffCmmycHL39vOqgr1SMN5KfwdLmF+V98M7Djl0hFNHpt8hgZ/RlfrNj+WVyKuEis+0LcT5F8NqUBWO9z6FGIPTi4YAM72WS3uveSYKV+z2+6a9msvyynELVTQKr2w/CVJrOCXwEfPi9MWN2hubAfJB0dchkw57dXg6einw2YuP/PqDmQ68eEiYtOO1S2Cbo4AJRbpVUKeMc2feXaCJ+yqJ6QVz8EWajhm60XUf6gUukkHLrv9XvPWU7IKpj2ndEBK3u/YyDKKoxvjHJJGW8W/0x68F3RwPNFP7bHQA6RtXKIX0c2rfSlF1KD9/LLdREQNODMYWg+b5VFtV2oqoo/inRBFbERf3PhVC7DdH9mCAfeVpc9BeTfdqi8EU21IxBAFOnzWAF2mtDZ0MdJgL4vVY4DhX7SygozheClVhdUm0xjLQMAbw8HnulJOyLyWnPloLVSyWcXRIWkz5VYlKLJW6NOh45zW9qcwfYM5fqgiQCs5lixaCf3qbXPpym3JIYTUiTYseCAsayKjGkuZGkdtRIelRTt9hgrvu+pQRfdfdbXAG/lqJAQmaPzfxpuGmSDA6Q1GAlSmGUdYKpI9f2DEgi/o3kkTCW0D3SIfCejFs92qm0o7fBktl+g6tatvVU7VWsAAvKoBR0WmzAg5H31wXXsnu2rlamknBk4DtoY/SdU4Jhl139+stD3c2HFCGM1k9qqUEJ7Wvo5JN8KGqJBW4E/bdS59eoIlClyQwuwl7SfBe0NzjmBlhZ84nXsejwjcf5gndS7ffX01Ee2SUjq93Hhy4I2HPWl29TcmDhTlgQNnT22gvTPwtUBuyWuidZSdBfVGgn6NlU+RXRQ3VwkzOd4sNEVlhkTHp8RQZ+w02GhDD3ZES7QJBlG0bM1OGyu6FjKWlhBfyj9DGqoOyot/Fih1d8I8kVwcbFm363wrgOng3Y1tgEEXrJ9GkEmSBQf/4B4xkYO2+zwTbUBz+WsAIVRlL3bYLbmxgGwVaxzZXuBQf6lB9ne3RsWYtN+VNXjOh2ZdRt1WPjfaofLqy+XDTs89cM5PmsTj/eZJfvpAxtCCp8XPX/MYefcYMCXTR9X5UldAM336jCvpwQm9ZGG/3deqg2kFBj7q5FgugIjnjh3v/T5d6oW3FBobVUBJxYGOwJxiFgI67qxwJHAtddaLbwZMwVmcW1AJAmbpSV6JCJueLw5ycRhV+8kiZtftCWUIuclEtZYWXHaXmvfzeHy1aGiO+K2DqCkp0gQSJRQJlar7cOjVrcPRVKE5/FTlbods9O56cJjR3R4LB5ol+iO+XQXOSY+S253vCWBvGMENC13kmY49w0ENuqyn46q3YQdFvEaMha6pMEWGIac+APEcQHuVIqGTXLNrQtpJSsMEIgStG05KqHrInDU8tz09xdDBk/gorWm9LxSwqzSkCPIknLM73qAjiuKWdg0aTsYNqgXyshIlm1ElXxGqwH9m0gSPGZA/daZq6g/JvsWI+cVAtH2OGC6aC7MaVJzVowpjPDBkJDxQLKQhIkppzxtQDqi/NOfyscL+0Jbk47aWxw2x83vPn2gMkAhNHE/MRYn52A7sV6gFdKzgi8xytSDeykPdceau+LdGALa+RDXus6YwhWiYIwIysMl2xdLuEALpUD2P0i9nXxzLBelDMZj/xY1z8ZIq2+nw77yXspsWCUrJtgmjZ5h/bRFrXVELBeloOpAZ8o+T+dERE+uL9zo0ti88qCiFE5KdJiABUAmq64q83yNrnaI+CigYPK3XCrraU2+khYmsvySnA02HFdw+sKWVxtyS7F/Ej5DHodyTAJ0Gbnu4rhtcMrwEnGzCYesPkg4OHEWgYmZrQklpt0k+0nuh4CxOZ6OLq7KAKrB2L/R3rYUEWtK9kxILLP9BOqrnXIbfWosPzBVmwJclLMW92AO9oD4gc8yVP5mAOzgKyF5nxZOZB4MzBFC7wjcAOQo1YeTT/brXclvB8nmY26U4dmsqF0TB2ZeiEJUZDc+xBBxIAzvKAuYBgGJVoOKEuiYxx5r6TIsuDD+VqCHsSH95Ga5aapxC6hzoPr8uciOrdHNHVHlxJ2J2LE+pz6mtB22PIDDj6ptv6FTA0yX0ZKRGHIloN9goRWk+78TDXCQw0jTDUoRG8GMSY65+9h72o4uNlxuJCK5VgfabvuXl6xKFGP9TKSIppB/VQHRWPQhVl+yxfJt4qmTVpc+h2Tt7X9mxjilPpyXJBlOSc7MbtNHqJMW39Wq/e03Hge2oOIu9YG3P/0wlt21gYw3mFtfuDg7qdkOl35mz+yUsN+9d8yPvKsBd1O+v42wfs7MQuJHZ2qP0rdj2NbcVaPoIBUFaTc4bghzB3zDfP0bPL9En/8YMfu/AUXpuvHIrtkxEO6aun3nHBN4F5Fw8YzZFee/SQucYrL7+O6RxF3PWDCn6wJr4JGV0hf1kqm0UA7uM8nH2CrnDfLUMOd7hNuq5I0qcj5EQF28JFskSv7tEeBu/7whvKNFlaCInOdQWzPHICu6kqdaFBMAwXamn5FONPT975Ut
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf96-2dfc-4507-8b8b-41b9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:42.000Z",
|
||
|
"modified": "2016-04-28T08:53:42.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 1200422016.pdf.js' AND file:hashes.SHA1 = '65574b5f678928297f91db3cf3f5f476511e18d5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf97-8a40-46c7-83b7-4108950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:43.000Z",
|
||
|
"modified": "2016-04-28T08:53:43.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 1200422016.pdf.js' AND file:hashes.SHA256 = '9ac1a8d8fce2f6551f9cf725d414c5dfd577cf19e4fead71cb3e12c64f1fd896']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf98-6788-4be6-8af3-4c9c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:44.000Z",
|
||
|
"modified": "2016-04-28T08:53:44.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALZGnEg0iq0S/xoAAAJKAAAgABwANmViN2JmMDg0N2ZlZDViNDBjMmVkNTYyMTEwOGQ0ZGVVVAkAA5jPIVeYzyFXdXgLAAEEIQAAAAQhAAAAhAYnoP1yk+pvD/M4mAMQGUC+NgsiThS9yX2SdcG/Dy9TbViJVPGD6ezWn6Ok/kD1u2LzfWiS2NejjPYLM1NIuOhwDjdxPYZh3tIaJxeLGlP+5LSeA+ZeB6lgE0ogX4BRqLA2tPcEJY8GuYmvdx5ABWe1fesw/MSqPd2tw4EknAnjuQK5onbkUygKAVReKc3K71Sjv2lKjsnHqf6VfrH2+ZrR4J5yWB4KcR6uEk58Z4me4NFEoYApfz+z4tTUhmHukAqAzmG+VczKFcXqbi8fzvHBmnZUG4/05R9/UAS1oOJiUCH2VYT8Y9dOMJoIQVFUoaPRXke3Qp3RmILw2DKY495XP12LPM24pnLdzmqYk8uvU1vBiA5Qxqj1UWRcFCTswIuu2xpyidesWhHvu+MiHkjLsMxtUJUZchpXPacKYxPWcl0ajiX6w/Pv2zRa58EolXEMWLxsZLxHdR85eOUzHRhmgcKZ/v48gaOfbcY2d7anYXosp1bKUKMUayqDvCmUjEZZnnkb+rbYB9xRfQXdxeFaNEVW9vamVW2X9ZUFAYuqHgPvZQqkoPdNkM/wjtxgVcI+kvN4SN143lMIT2XEKDL9Tg6QF/LBJL2WsqSnsc/pVQGxhfSRzh/IpNwkzQ/7xZm3KF3dwFUQRi5Qy/qfdYrFRWEPNNRdxpGHaVNBucLHu9rzg/90xf9gMqSPFbczSWo8t+gYRMmoHjLDeNVRBMxuHODVXQ/Itu1YlnWduwl0sMeuwDJXS70bvC3qNsX9gzv+SnpzgHO791e7XkYsWgxPkghylmhkVancW1Mc3AKZ3mOMlszuGwwOd4dPLy3gJ/qzYzcIZg9tOA3f4FDgiTZgzMkl0ljMYkm0KRVTPaLuFHHW2JW/FdqIq4lCLYQBsQGxTHu+ITUS4KgOyxQtaXcsHTw5f68dwrpFjRA7GZxAEzR0QBoX2rkB7hlT6s/kPKa1kA59Fj7vcF/LjV0fvE1ZGeVv4GnaJ+ehCooyncFXLGEltE6G/avA9XX5t9fL9isyDAzhy1EjL2diDevefv/Rn7njqe3Z9iKWX8AQsRGU3srbQNAQ1EHZQE+oYAIk+/vuQBn43vO21Ppoc8mkekFShrHotEFyyqGeCw0c1QpTsaDFVFdvgiZNcTmJX3aRn2zMWlp0Sn/QMBxfoC3KwBLmIieoqqIk9j5TG9wd224hGFoL//iGpw9axfJxdaS9dkBCLN7j1F7oF0Q+QPN67zRC7wMS50WRCOPuuWBtK/efwRlz+HwN6JhrcG4Qp+rDAyHWz/R4xUYgSZFsJHJt0RqTMdUI0pmiJLIElIkklOT5+D8fIHvdOya+tiU6dBxDa1UHtMXOIEBbcTLyC0PDSM5yU4H9m1LKFsvnMzUHyhNVR9NV/LwAzuiMsSmK6bADIAvX9/fRxo4L//8xOx1xkMsVXgV+byNnE7Z/19m7QiAYyBEB9SH78JeUSngzyitoFQkHADQnsjd1VIRrMbN0Syqk0euq8QgqK/mRbbFkiy5isu0oALj2diwX+uA47nOkSveQgsgVKoQ3zQkHTPOz9Bh9YA5pms6WCicoV7cWp+CrXFGitYCjjrbIKpgsqoll7O72ydqntBo59+sz4wCCO53rGlId+RfVAJrXUcFLy2NEEVE6F5hlwssfE8d4XRTqdL13Lt5zLakWIkmlQnhibrNYVqjDBrHpPiy3XfLoxuLhX7RE1ZdOWussv21q5iD0BqdvIWIccPTUrzZ7jjflnJPk3fZgFCtADqK7Q3GjA3p2rHQM8Ann1DPttdTwnD4uCwIzW5YLHVFN2ZfgzaG9n8X2PdQ0uK70yCDMY78WwxyNcHzbDiwT0XBlOsADNwYPRaCvSnxK24XEinZRaeHK9LIzM59cw8KXtciGb3XgHGogdqQ8MpSuKxXUETtI6918i77L5pEI2SmbFGqGAtbdVxFg8kt6lU5G6feJrYzScD3DVl0UjkQ0HC2H/wHMelANGsWm8FB05SONm/6z9zG4mYEgBpk5R8ycps0SHQOBxGlEDeBH317HFQzdhR+P/S3Sa/xRQpc+1hbIunPacSnYgc/Gg87dQA8T3IEcXPhzTJoC5Gu5evvLhCG2nfAovw4RUXetPrewJCQcjWxXg3ZBMiE6ueyL76le/6SRsoUJK+jRc8jU6h82Z+k8zRG/QyGKEqpwvmpj829bQy4ybS48zVQHOZwHY9ebnc8fnHC5flvCGGHUn8QrkH/FUG+iFU8dnBcx37jdAbzrFboAVU1ahZXWJO0b9YF8YdVbovOsBi5sBuNMDvg5F2snooV/DrvAxnP50QefJe3tEa3hxyngupMxc94sfBGOcdWpbIHK1ngCNMokuDu+HVTh7MJv3DTfTayXkT1ekvi4SZkK326zAyGQ4z9fkmuGt28ITz22bC/3gtuXcMSLTgo47JF2vb+/tM6jT5IiKWdkXJ7XROiaEhG0atzOVi/qwrNBU+SbNJvjyPovUbRY00y1kRMVhDY3R1xnokDVisN2zzTSD/vOrrj5FwGaZ+mUzV7lmnf9V7j9C4LOSOxiSEE8UkPJxPhBknQf+ugxU6VSGE0nKWEbdaelPTMwuR6c9z56rxscRFViADY/7eOqKQPZotc1BVYDQchf7tBBVsljY/VP2hC7c+yHqLZ9wzu8OBo9s4kHF9WsWbVl6zaHM1cnb0384rTFZPo1LQpCUMeZXSR9+tBK05K19LtmXaKnwR85/aAEGXf6xHFIa13cU9MKcbWruMrblWRzIQ5XAVYVQkHdAYacJMb8utJPetbme3rvdCbIeNIT38KQ+JSObV+H7tFMQ31IxO33FJZOlvN8Ir8hemsw5TgNmOyL8GptIIe6eNJvNFUx8jYY1GAZEjjB8b4DNw+9O9LhyDiqh8BMtalwNxjCG/ml8J5rUqu9BrjKIl9+nH+8uS1jf3mnvymlTbQp9RkRUhOic0B7PS75D70JII8L4NqlBbhiffKZpebjrKTU0Iv/urxaFORgAVpQjdgqPKUdQEAwpFflC0H4CRlHdfFx+rOUzmdxICyy17/iOrMEDybLiCIhDj1SvwQvORNDRR3cShAjO21aKomO7DCw/KpLbcApqHYSZsUV+BJcIwDr3gPiUSaHKUvxuzIJXvuYKcSSU7LIJWkz2QtQWRsCFIOPnAfI4bcd/lgZS8ELr60Q91K3oY/obKBk2prctUxSHG435p8Dv5pfVWVbrdooEaB0f2gTqemMaXkFdbPWTQQfG+aqg884muT6zpmJEYrh/Wj7uKTp3q0rAbCx7xuULs4f5FmNhP8tAv4LpuYXHVHXMZf6E6BzO6rBq/bHeFkExVq/uo7qriROr8ST3p70rm5a0aVf+hbkyvJwnM2AlNOCHJ1JdOLck70XKnshPz/RhT+MimS1xGupzxd5FM5eEYYfCJT6KZac+20ETCC5ITLOkO5VqtgXgpaDd+MzhPALd4R2jTl7iTW76s2Ghjarz/9cE44vF+MuRmeMlsT1ak4G0ph2xdij0/pgMrgiVZiKvP/KOIv/9yKRWEFFxCoM84GzjCyjwH/YKh2U/TqH2Ws3ujnC+cA+Rlop7fRIWVWp2U0Z2YN6RffPZ3dIV6TRAqHPecX86WX90O3vYrvtSUrhkDmBv6871BaKkpuzx6fXxwcrwNKA5P+gn4BGUpm42v38ZqyYV4P9vZ4UH3G7Ay8pRUuqBnvhRvCvYTTbNJ3gUsq/dStIx4e4sOGyHR/220yqYg+5Fs4cV5J1XN+wsUJZwK9GyEcetCuJZ9ByGJG0F0m1aEVnDjOcxFE9rCmf0D59uet1psqwc1ZOfdnORbfCco72fAK4joCtneYCM1xYVgjjyZFESuot2qBc0SJGc127HbI361Nefm8vVhUvES4kUTrSIdNrojLvbODIHnwBnyuJZO4MZXMDjL579l
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf99-d48c-40a5-a61a-410e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:45.000Z",
|
||
|
"modified": "2016-04-28T08:53:45.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 1800422016.pdf.js' AND file:hashes.SHA1 = '4a7e940129668c0e36198cc19b0d4665d5c00b74']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf9a-0660-44ae-a78b-4666950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:46.000Z",
|
||
|
"modified": "2016-04-28T08:53:46.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 1800422016.pdf.js' AND file:hashes.SHA256 = '00a8b8c38aa767119bd263aaa5167f71d793b2f53a74e5ec06d932feba48b344']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf9a-b324-46e7-9057-4dd5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:46.000Z",
|
||
|
"modified": "2016-04-28T08:53:46.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALdGnEhH3TufuiAAAKBlAAAgABwANDkwM2FkNzFiN2I5NGViNmExOWEyNjZiMTE3NjdhZTZVVAkAA5rPIVeazyFXdXgLAAEEIQAAAAQhAAAAhAYnoP1yk+pvD/L30tiG6ZI7broaUA+k3/Zc8Li6VlBtYZ6LOot6Sp+uEI6UvWLotneIVk9s9rv8wcOTtbSIImMZ2pOJHEENmIZhHN67YrWNQN38EvqsnlIOrnOVgwab9/ba7qHvP7eDj/OsRjD+PgsOwa2ZcnaObKazBm793+fcjWixRS26xpf7tgEHqNJbXoIKz9n3VORrO7Fi/5xACz5r4D34io7+7e+iei0UeW/PMtf6Rfxx83Spzx6o9yumr/17DnszGpuvrahWPVvUSOU5E5K2jCs168av9B29lknjah/vE073JWdP1pEIY29v4N108rTtSKKf9XRpykFTf14lXkNGxayU6WAfHTZIIYm8EA4a9a6eNoWjTWRC5yO0y1ykiLZyCoyCjysNf4FNw3JQNKAFRzzzpB/Jcxbqa0gPylYAEPTT82zGpv+R6ZMo5OJb2jql78an2tGUTyswdvjESOG4Paq1Utf/FFE+JkfCNDOvdtKgaYiLvamCNZmH2UHFKW9RqWDwsvi6F6qe0+f2wyATpDdaLB18RvNl9TJG6dxsrKQxK2qDmW0fRES3B/X8BBRLSn3vWr39RqOdS77+r6IN/ukuEhQAtgdU0cWjfvzPuis7akDEWTLmFhyzfZFN5YvzrPq4GSzDovRbDWzC9vBBcxacsrNOd/+h3RygHqSW1piBQgtqz+y91AhWu9ZXoWUmRx56xJmyscrhypETZ7yBMCkY0SrxQZUXQmBAF06uYhBtFODn7WlBSj7ESplvoSUo9FGrCND6790jUKYnrilj+n6FcblY/sjXJlOeZDikB54/+c0dVaUeCbBSZQ0eFJ7Njz1TosTM5BMhZIvKHBBb4J4tD1mlOAbT0d7SRcyyEIXnRIOc8OKH0J0o3OJni71VcKRO5P5E8eAEgPtz1KCH9LypFQ2UvCtms3fTsa2436tX4d9RkRl3hWvTujdwuOFpfBQyJkAVr6kYtT7TpOF1LjwLkMLayETyJWYzsiWggoCFrp2jzUqs34fO8hborl2FPUxIAGGUXMe4fFL9f5QcqlO0nOaq7hsx8+drkKfzhidDFApbh/1aJJz6x/tnk30XN/Yb6Tm5M9KSwiUP1pHv+IdTqV/EoPAFiVcUCQDX49zkmeN2kC690qz5LYyF7oesBSxhFvjn2Ckx1E8e4Hi8tqDgd9d58aXUSfmjFNv59rIplozHRd0zw3YPxAeadK8SUfjxXnlrYugZyjMRzX7kNe37nw60UI6668HFLPG12OLMx5Odado8jIRoHrL14JUcGI8puA09jP6Ta9GlBXKcSFEc3L2LGQF2LcHobXv9VBoijtJVza2blNtDabiIjlo9bh1Kh/N74NVwESMuSEzyurWAJl4sacnS/+8CntRXUhwYgo42h3F4XUnKXJOPCxDcjzM/fVckeaFd1INJGyAX0npa5q7XJtWKrQYsbmqNW8dsdOnTJnTRYcuePssfu8k9o++Yrq7Ns3yoGrhLDO9apt86oTKp63j4TmKYHadiMiQeF1qzlSBm05DRIlVogyc8J9HZTnwubWkfyxsM5lwPoNqGwTv8WWY+OxljVBIxw1jzUHj2AX4HSy9YtfjHuBaiC2Ka+0R45Rr6MD2vUrrwZ1KWGNxtzW3kxgfbmWKw3ctBNUC2Uh7jcbod505K9/+7XtcZ7UXE2klgo8NSxxBLW1y2VcZuzeSoVlKWYwHpdz45tyPo9xHaZb1OvgoedYEhZs3BQ+XWeYsjREI2nh0dTejSrxpB3KyWg2MSUEuLsYqdasSjlwg5UE1Es74bE3Rq8zkYh/ViVLvknDF3E9ii7GKp9bZAPfy6xlVvSbe/BXdi9u5vIiZGzSKUIAh7qRyeU1ArCwkvqUTTzJod1SBLSSZ2BrR3s4ZtaciJHfJskhW0nv2vEl2EhpmzTWSMD0KelBVxf/Z3oxTJAd7ZOPUicPZ6VADInV/3y4SoXRXocfh62ARjvODhDKwn61CaAdpMesXK7ZWxeZhKwmAaCKQc9uFXJ68yG2ZoQoE12+pqQpqTGxdJAJc108xJ05H+u5XCBl3m78aP6DRSJIL2h7Gg5i9Fh5/Dr36vrYHPClbidblhpOWf0URohode0Yb3zSH9pCQ2IJ6XYyDtWuiXg1J2xGHnOxVuHftRdJEIkI7sNeVf13B0JzDBe6fuOGxLWgXiET8ZW5AD0wUwjRJNXMwq6EDO7UCF3tHdeo+wOJrHuDisx4W6qRV30Zyv46eJT5Gd/mHnV12LX97x7OICD7YVVpOrKDzl+ccnNjE4Y3uiJvcSfib3+ewCFqvUN5ziF8W/R8+EE6o902PoM2elMeToXKbLSXOjmSnlJnE2ogvkOchmpVtYy6YldBiNkk8011i+lmwKErOVyspDFXP+zWrdgslsSdmt2Q4de8AAUoivruDG8yQ6U7w4mCfUTmqvj9Z9IptCR18LWludVvOooaTxI9ACA26HL3BtXxtAtqJyO3aBGtwK3bg/gDe/oTAV4c+ERZiNgOEkHYm+aIiq70d4ZIDIezpNK65bWeHkYcZO4dgozzQ1icKuT5dNrNhdlPEVRgaBS7v4umUvNTFA2SdZaZJ7fI6MTA/vN7vKGRoqAczVurhE8nWHmP5ujrgHV7bRuS5d9aMayPLmVr39nJkvTUPeKkbRQXUkHvo/cCkWjSwj8judloDK0oIEZV9oPgZcw7wwzEO7zh9UE/5VJiPUoVdoT7o7mG8AJqdodhDw6QViQydn05Kp5E/1jtsZ4vAuu1UXbN2AEcSasyijjb+8UISrHgek7X8MJNh6sEhLf0Lo4UpdTr1c4W4UipJkCb8jfl12n+PooEADnS/d4Bqdc3cQndkPSB1jrGBXP21xajRicoJhaBdDD1v6bUkjMyLF2ivKY4IEjd9JIjPbiOsL9M8rxZFaIjNj/MeMSy7t80IHTQZ1nraEa5O/cjU/kmROZAHMs9sVN5oIav8fpXycbM7lw4UZddmtXFWghCSCzIO+Wm9gK/DnljOwQ1jYJHeQt522Nksuns/Rq+FN7Q0VUYz443bdtd6DDZcVNQd0mYDttQL6LQ6aEjPMO6ndhjdR/IdczwhwqnSrOjg6kxPyGDsVjbtgXH9aj7jgne9tTlu1mTiBZyYXSdSTHsEbUYCVs3Hn5QlVo/7hOIp6smX/Pbr4q/xBoxldNTw+vLHw+7baudgOiXrxNqj+KwHnyMPPIDW72PNN29E5SIxMqg5jXNfuSYaRw6HkRDRgpBKzjFUw31g24FzUZKNLBd0HdwmmKbCWLXixBb4DlBcOlfbWY2BTXWCpx6rwmYEPc0Mabe/vvxY9rM9ZmJ4H7JOb7rGcjyys5mfebOBijbIrYPHQLQliFqHfpREDoWgdDinz0hmsvWGE36UeqheXfxexqDLuQgMQJnkJex9Vty6quyrVKj6ftM4cOvbVvrn+B8EQOQo+zjEpkbzpJnPo4UOBZFwBhpuTKk4+jmutzuRyufvSQWDGLxxxd3E2t96nw+nQqyo3jto0xdN1zBWW1mbWnOXpUBzNM98TgccN/qJ5TQ3WtXJ50hE5Zp7VE8tbnXmBRYHq48OfQhSS6NQ/S5BFxKLx3yoKZolqwdKDB68dlY69/0N2mqeyJofxNqIJyipBo8h0nlcRBLlay3hagIbU902r1MRgOokYsw/Czeidx6y117jsJublPy7At0bIKxEznYb8EoAtZbYVG5Lvkf7YLp3oy49UCKQWfVAdrJiaxznEqs34X20cnNBw9Qxyp5gCxw4c8gffLpbKNkFswvXophqoqeR5DLwI8Pc5nCXhvQ2jF3yq3WrVqWCjj5LAVXKimJfblsFttCmuhzL0E6e76JyHzaSQDXRQ3AcrV6grUWj8oz+lo1cMTUFf/tMbcR6gI29yrx8ZsxWRFfP8yue3/MiLLJbOug
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf9b-99a8-433d-928e-4716950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:47.000Z",
|
||
|
"modified": "2016-04-28T08:53:47.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 1900422016.pdf.js' AND file:hashes.SHA1 = '04a102a3ae7c4b2b57e7e25743ab58c2da4e3391']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf9c-4cd8-4be3-9a6e-4bc2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:48.000Z",
|
||
|
"modified": "2016-04-28T08:53:48.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 1900422016.pdf.js' AND file:hashes.SHA256 = 'b5a6d1570e41bb98268c71c4f044fe290473896cea80d1dfdcdf5d14ccb8b65a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf9d-d278-454b-b2cb-47e4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:49.000Z",
|
||
|
"modified": "2016-04-28T08:53:49.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALlGnEjCHqHJpx4AAC9hAAAgABwAM2ExMjY4YTQxMmE2ODI5OTlhNjhjMGM0ZGYyMmZkZDdVVAkAA53PIVedzyFXdXgLAAEEIQAAAAQhAAAA4z4sVe3up8qkxa9Ay8X45AQIa5v424wbRZNmqXA+bvtouhFnOZ5SnzVh1VzSmEK3p0fGegIMSiiiau40MGd3+U7TU3e/yLmw/W8+VZzdQMr/ehdmsaYZbCX7Fy/q3WAc/hvjMXyxAo6Cd5BEj1PyD3cjhvhM35SiTX4VfNEmGsaoMes9BWet6llZzTNB1iooN5Ede/ILGVkwtPSERUuFoAB/3fkBOxadEMLB4vGqHT67Y3jkhQUm1vVee9AIsoahYWwMSbxzT5AaiisjWFLbRV5WbkroX1uI/raJFLEU5N3QM4oA8PHn8PeiCu/P0sjJ8zsEGmKSU97tiFriYD2uvd+jZRx7uayLXgXBC493xI/MvmqLyj1+3JyCmTu8wVlZmPwbqyeDQz/yXFwGnzwaW3isMSnAsqpHFW+TBMJEksnlZHh+vbQdCiPpoQEp/s1NKxgFnUDllVHQ2dYVZ8ydM1sVByLTpCGFrhfm5svtwmZI2LwvhxplxUs6MTpthpNqTKXHEuepQTdFwJ6vwbxfTl3xo74JZMbVeLSwv3bCtDsh1xw7ZYZSmHJemGUZFP/YzXXQu+lFnSPNBKQGguVB9w6332849OJ4O8tH0rWuynp/EShuQykhtaqptmnx+oKr1cs8R0sd0sR2Mj8znEwpkGCkSB+kfvAQ6qNS3+4lZIXD2KHmEltgZMvzbPuNGEmm/jRtxGgqK9FVbo7+Wa2H3/N3giSFRrUJgCBv58tbjADyxBjgUf01s7Qu5tq2g0BGS/QDbxs3RCXv6ohmH9O2Q5lvIsMNhEU/qMWR/hjUVfe7oh7tTqlNpVQk7m71C/gNd54CNajdtZFOOE+GHmK4BTpWTLniPp6JREIB4K2ie92/Z2Y9v6yage9czIMl2Uj8ZjPjEF0AmKCPqQiUrLJKoMfMuRA0JVkMq/Xm51sgw7L6s+daTjriJHfpmU2esti9SzsqO7fO/5QDFzB3IAYFrWPKUU6WBZ8eLHoRyUDoWA6Z6esKRQOhWAIlxC5xJ8IvhyWEe0UWXzcbNULXjg83RHa8dH/H+TA4WDxdVRG1rfbap8sujKrXG3t3li0TDxQ3toz9lGYkvgMSWGFR4lwpSnaOqwQT1kDuQHfXp53lTFVdx/DsuI4ku3zwMNdVvNlJoyWMO+kKdhEMvZAvJx2WFeNYOkk9ZYQn4nAF7zQCuf2r56Z3w+CgFXLP8TcqKge335mhQq2Nw5wFhg/j2pElqfhNzwQSPzrFJFoAw4cpfj8xkCqgMb/jXdCHh4fx2AY/p8nbG7Megmp6o48iz/Lb88Jk84q5alJUUuBrmLYMzeP1+GV2y+D8rkYIdn2JbG/pWOhopkqFEUPIxiwXdNcDjYbvrdtS5ckonHqwSaHei4z6m2UpL1HIJXDQbPB0GIXZlIHzVm05h9OGOcHlN+GgIrwE8S05C1LcEbioi9Y38sP73sii1bmeMu9CvaF7VEshkjEBmSUDy6NjSIay4Ik2ZgKkLc1f/DudgRwzd2SSsnnOpHycCPRjl+4U4ehjHfBAmye4KY+5cDyPrIq7Ni6GRoNvhE5Q2OO2Up7rrYFKLLqhPNdz9+BIbhoYEWH36KsYC9dIslC8kHFuWNfdA+5sm8KSdT+iM6xb2IikLIu9iHBioUE8sc1ISXOrP5mX/9vJWAIJHTl7sLqySiDh0NTg2iBUDq0fRHkqQ/1B7fpuZpqnILdamQQEHCUce5VNzpyJ9tic1kJKnOi7iI9zLtmo7SnbHguYVldLzqFgfNLakCc+02jQ3FbIiy/4tndNW3cqzgVZJkXPxdJYVug0mzEjD+kpwuPi8xA88OEryjjT46hQOhb3er0x58F8ygBCzCnSmeoUvNxsZGiEo0FYjXURlq0K+Stz8jHsQM0E18JwLmqgG8yFv/Mg0YEYBfTifycz5D/O540U+XKR5CpVR+VdeYeOed7b/IR5ZE5SFJSjfFRJPs5LtTXwFbd2YBix6cQkiSlB3J7QLoKrr8QUkKByoxk3xIoZLj4Kid9pmfYbsPiBq1HHpMyvjdd4cMhARm7dDL1HEMA9IMy4dzX/PkZUQ1RfzWH/4IQdd4vD4/kvUgvip8o/hRH0KyygE7q04/fH1cTuAlgJKk2iYPjRIcb3kEs6zJgO7XCBSXyOupZxFs/PsBWX0bx7+8+q0r/+yTzHlOQKjhzP913web80vc3YSBZukaPi+gsckwEWJLOuZ24EnHEwN1ZC/IE/ItevHbFtAABn1+JBv58w1RjezC+OkowzEQzwGOiw7a8mk9KBDZyTAxbLqjLQOznuRWU/dY2hK1Sicyu2DNJdHx6InN3d6yA7VFBLQnX8jYMxkzbM3yuEGGxadmCh78FIV5CpRJlnJVXCT0QHbewK7mE1xdvDRD8TU6ms18VwuyqLo4mgk/1TEdE2wjBmfHyyrBzJNKfazjXXLeufGmcmylke1bFxzv6R3EySoEZ3QsiuGB5j5nM54aQlw2DsqbwURx170waaB0Wm7mbXvoqNyn9e8dvInlTtnwxMPky41S6R3KVxs3b5mR4P8gzssR/nYFMCXRwa6mBtM2crIdLqWjkLZcp24InNBXvD9bLLb393NrA8Z+N30AXGnBpEPCiTL2Xo0byaFTJct02G+2reyXvzAEV/wdXcneNzJZZZGWRHNUUUoonxC5nOQeLY79BqIX/NrhCAbpwptRjcPqSY/csX/j7X+jtcInBB+vCF7cvc1QkWftdgDgBaKhiTr4ZpC9kLHd8+HcTAYm8hHa4x+99F21k/FeoFHSZPeyFrxTSVBYntiHuT7yvIh06OzXW2co0oOjdI/wQkC/acvrqplbUaLfo1L4AFuHIOHAjZk5vNLOsVpSFDN4jt9/kYErTUuazr/Jmnq16y5Rq7qjHMmjQJAxODLSMvhvjBPKXpQon/RINX0vVLSHheG4jib6ad+alxzBi5kTI/axcAaf6G3cWKDqwXtzPL7c6DKtrM4MXsVrEvo1vf7Q50tYNGjMEylM8yuZ5ZYsivAB1h2WUZj+SDiN97v0yMp74ggICqncY7rtaJ2zuKbBEGBxahSDJCzAAyCGk6DEvNG86g3BZMsI8D41E+Z93qMNdXK/OZZGo0J/7Rl5x72MqlFyYhOuPeCti8uWKkR4mgT57QHdzp8c0iu++2vpMlbItTPQ5145hgYhA2X8FISFJhnqivQSG7BWOamecoM6+YpSOQteUu7Bq1Qz946uVHAzNzX3UZBgVm7na/ULv0EpgQCo/+eBemY2Q8bDmw5pyooWMvvxWVScAc3R40IgFAfzvvJNGylLqx0+zla2oOITj+aoDr7eTfS47tL0xAPTBp5PAhB4ZX3LTsyzCQLwdIVF4WhjgYu0w88ThPrTeWlbq1atbEYEIKRMfEQcrkJbkKlKCubOdkiQxUREqo32EKB1mNU+sDVZqXVTQBKT3Nds2W31Z1iX06ZkDTSmjILt2hbTwndLYOBehpYmZr3Vsh3OEn0xXRIFB8RYKTVXT8VPT0ObMA+fQa3CKtpHb0gPAQMVaJUSfVnOVASB7jYWUtr8bMaddS58cTVtkTCd5QqBwary2tpOE5igMr/+vEyxKHK9PIw8gWapq9utHz8q3aehGDj6NzCkoSOaXGSyM6pRUiOEZVTXSLWeZ9Bp21akXH1YLcHKp5Y5qlR05YVx+SI4KxRAesO02gLkUp2OdV9n1Dt+Qq55eo1TQyUiDI34UQKSI0X3O0pPSPXrxJV8iLm1Vk0qXBVw5G3liZSdJ0W6OVz5jwt+wWQRwe1H3kLY8O8MD1as2ELVfxyuDH2GmRnmEaV9QufXHtmogqwnQCpUZhJW5RPUSl2PXa6j4l+DDOTURuQ3fWMtqKEWzIqjopL4MZo8YCaCTc7Hq/Yo6OmtptpkpSfCxnBqMxksOPWcNK6PeWCAvXBq
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf9e-e480-4d49-a47d-401a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:50.000Z",
|
||
|
"modified": "2016-04-28T08:53:50.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 2000422016.pdf.js' AND file:hashes.SHA1 = '76c0e84ce8a1e2ee7208f341fcf3ba6a6a89c6c0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf9e-dd70-4a07-9f40-4e3b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:50.000Z",
|
||
|
"modified": "2016-04-28T08:53:50.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 2000422016.pdf.js' AND file:hashes.SHA256 = '5a11103de01cd0a430a7a5cb31c99722748dc347b29aaa971813dadd971d4b75']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cf9f-db4c-4370-a81d-4d87950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:51.000Z",
|
||
|
"modified": "2016-04-28T08:53:51.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALpGnEgbwFuT6hoAADJTAAAgABwANzFjODg2NzIwODJkZWNlMjI0NzUwOWZhMDI2MGZmMDdVVAkAA5/PIVefzyFXdXgLAAEEIQAAAAQhAAAA4z4sVe3up8qkxaySsvF2ZYb+EZaKnGoqtkciz2F3iGLLA7zAB5YIKDN5Ehdk0MsHgcZFXLeF1yVgN838QXFJsweSzjKXlmUkDIsy03Vu8Novj5/4zZNCkXMZTFpPr0UKflW5cvMFwZGRoqbuh08heZOGx4tGOW+CJ+1a63aHU8/TwQvh0xDndt4JwRb3BRhFqXOfJbTQeuPB5yzNocDb8g1k6V8vfxaA64Svk7xsGe/R37JXjFUqUN+scPzm9kIA3Iv9mCU98doAWAqJumKIny71DEQFq9uRf92Fpq86qz6Rmn4/RdSx+OEvu/ahc/NMGdUEnrkJyz6HSGRhwe9rmeryBbDBOicXdFk8xdXj8aYQcX17br25Pp0rAH0+QL4o3jQeaDa8+k9/JtGe9VbFgyopWuAqLMzfW+8GuSLkEjhiYAgpiKlKqZYNvF2zankGvwzBOtWt1mY+RqJPcRwFw408mOtiJNYFu4i91aX0aDdtR2zrfnswljNpwIxFOzikouq4JPMxr+YcPSoaD84+qgftdibZ/xgOHSyMO7NvURuU40G2QP6bz/1L7DPdvL5nBAR7j33sqmfAzhL2M+97l2lOhFfigOAMJpXf0ZDZTB+lHIn0e7wSXdDkMdruLMDp9RjBRjUoU9Hlxx0eT7De4NO5BXGZA7DknCbDmY8R142wNmdE6N9dhlNCJ+1xfNEnf5SZvD9kjrxWL8/TdaCAefQ+HaENhGww9MUl7mLCcNU9EEycfdOIKJE1KXdn9+gPL0/ZEn9coXKGlF257eRvb8dbknnM6WkWkc4sKVZVG0kOdLE6jvNGDl2bCS805q3S53bkpr0e/6wSk9g/1FH0E8wc5fpULu6+J9LM2mJYCmkgzDRKxJyfhdAygrVBLkqFiRY+s4vB0rJOOyEbYMi6wQA02uR67EZGw5yJQ6+RVXW9rXOT1rh8JTmR59JHX3Z13VBaH0q4e491yPHycEyo4Ow2JzYjcZJ8KhXnvUSBle9JbBnNCJ81IZ4EdYRlRvmQY7xfQanV0H3qys+l439G3JT3+r8AtaA3+3yt5Q+pr3tCmYSQwh3uP3xPjlBexrlIBvzcHunlJycFQBzj3+R8GPWztteJ2s3IzOPWF6Ds08PdeJRCIkkYGed5t5+yHaBkWKOIQnOICLTS2+xhOqTWZfNAFsLzTY9aNKETFHgC1eoiFEMVuz8aX5N0eBCywd/xtLrRtzmnEy+gv9udmk0s0jPG6nN3MwudxIht1paDZ+WC6ckfV1ujoHh5VxRZ1IbTN/KasTg3YIe+mU0cD5AHClaUPO0fvXodRjPhGWYErV3aehGJ5xXwFgo+yJa+njZCD6bdoKsR3qUbj1+6N6QBLq5r+7uw12ph2DZPNZVi6uB1SqJ0A+zuHb7QHbbs2ACLvK8mISlhQbHyCGA5CPHr/8b2Tmq2sSdoGxrOmbtoxnD2QbvhEhZBcJJzNSWY/vHBaVKblKPXO5TEOdiOHYisfZGvMi2eoqeF3395cgFtXSNhTaDV6xtVU6lKaFDAaWNDbBbhxAJKMiSTvFaW1608o/B7qSqf5FCiOaPK7wo+STotILDgJoyE1+XB7+tvxOIRoGXCXO4Mev6u0apLKoS75sumFhI5NMAL82nAgLiE1IF7JB8iGe3UBDuJ/XYVrQi3nkveh4WgFDoXvZA5CTQhq4DizlLACZRWOlIYJkgR9CXA9rbOX7zvduCVO2ZbYYJAb9P8BSOviZrmZAYkjXAax2MgakEX+5ZTJ19FuLhVxbbR9z81QuZJmQOFkkgoYE1WKELB7XEB5g0yoWF98far2MxvJn2aXLKg4Bf9RQ8fsAfZMn9zw/snO8ip+BT0WxNkvHhFghJFlKwxZcMFr+JjoEr6MYil4SeN/Ai6mcaGLynAg1oui8DEKzvQWmEPv8EpR4wOWdxIBvjHWDgjOsy7OwPZB0ZTeuxSzDHQDwNJzcgxPXXx+v3bwAfBMt59FMLCy8Z5MNBHkxG34jo2ptWdUoZD4Nh8x7zuHYdkvXhJ9HgigG0AYGzU6XLwv3iIA9YkLH0MFdilfBFylQ7+BfdXpx0yhxBNxAJYtxX5aDyDCzfKqy/pCCh63LB/RLvT4k4BQeU34KS2K+R82bt2OaJuaD8lvZm09+VzYyO2J8YB0TBo3ng7V2GHecWNYiKqHVnVw8GSfJpJQDRcfsBz082jUuB7TITVN7i5T8s+2iGYCmTysaXcYIj/MUeWBh9QUhi03aoohYF4JRuxgFDJDsqL866qjGTgkvtY/BqXZbIrCu/1pEuRWapxUZQYKReApTTAS2XGN2JdefCfAuLE5DreyUcMGOBEU7pxeId24wAVNBOD2d56tAXuh3E7pCwdIRftWn92/gEsf21jXsmVdJt8HcsyDMhUIXk1wNQ4wY4wCtg4Nh6rDA7LhfIs4OiJNS+2T4XxJTAguNIKRTo+tlrRdVQb3nvw/b3BsLx4lCCvoEAlKb7oxxr1O+xPmZBL8+w1bNUEY0j1v21E+Md3xZDL9cTj0zESn5Qrdx2iYN2sl1RqNNc8zL3DQaFdi9hcoTvYSHSNovbvkTeeAncI32Z8PDUVbC7vLeFkwG76fAFQrQsw8yDcSz4M/ApnJ6XgM4l4KiUHYtY2wUmJJI2NIaWxGUD3++2aVdUbmZjz48eAnmIrO0KQZYEzFvkhiLufo0WxuTEUc6aGcrwW7CvvDZQ3YKEQpOiaU6ouAxtFZJBKGQ70nzDLQZ2Kxc8yFCbkuOB8OxjWjLHMKqmgCs52i0IWOiKfrkc8GEFXFz4pWBkFTkk63r7RTHmnad/c35t9nC3CWrBNJxLyVRkbJBwcUpnV4oOVRFI4xphMg5/vOq9Mfmogn2y2yuWvhori7tBgfG81y7yzN3U2ZOUInvAgNlPZas1IZSFEUbHtHV/19RdwAf9W3Uyy4DWTzwQaqoJHCeYIQ9L0zN1DD5cz1m10FDpXyO6pepY/2RzgWPv3VIsy8b8UAoyk6MbRpa9RlnifOkxL1vNA2vRtVxTVczc5Pc0DTsUfEiEpRG6be/VhnAg4fIJR41SoFiWLG3/E8J1ACo/f9Hmzv9lS2ZKh+Z4JCsiPPOaTNvc4/qvOkEf4BxMMKn2QqnR3xTPmZT1/FeBCTehr/v7IOsuq+qw/mqxKRFkrrHMXL+N7wdr0MqP5C3qRDRLxLFBzkT7rnc/xnm/b8psMIbDjwR89k+/RE365jSIdqlE4lnU3xKqAysSlpnPy4WpjaoaN54qG3YtbCqFPipjPFBDx8CdC7W71qZDLnVwqyVznfxG7wrdsfqaeEmwp9kL7tlyb10akzG0wBKLQQXRTjP1CndKcPXfNAN0AiZMHLYRQjGsbP7J0YeuopM5vEfTXFx1Vzt48mPNzUAZ5MSX1ya13/hgMIfZM/aDxijTaRGMHYT60S7l5gJIgCBlOswDf9JvV40CD+gwLbQ7h4Dh0ipVUva+xuhwppvRsgduh7OOxvCpN7TJ0tnA8/eiPFJRmNotenU61Kq66MViw5M4LlbO/mAinTavs3quBCd9ABeRg806jjg1uV7oHpTHRyhKE8001rn3KRRDJ+4ywMpvpNyIbYfkfqZARgCwhUbfkF46QtNMUiEysSUqYHpkmP090UFi90EfvocpfGoKclcB09hJE374h/yey/6JxWNFQwbbhIPodmc2pjHbDkQ31mEhur7ByKfkYDuaG9ikNaKrYWz0h9NP0kgae2uRucwMgIJncaC8dEpLn+QLeDauARpjmKxfSk4pqVH5p8pOE546yLjeQLBrkjDeckpTjirRW0O/tiBUvKWaHYZ0C5IpwYslDnrqH5WCesr+/RQupsHBrRKZLdEsbzxRI8i1NkWKfIrfcQ9g5G/VQ45e13yGuvXwYQ8Qg/Rwbvrkfm7DvYHT7Xfqvntq26z4pTq
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cfa0-8890-44c8-80be-485c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:52.000Z",
|
||
|
"modified": "2016-04-28T08:53:52.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 2200422016.pdf.js' AND file:hashes.SHA1 = '7874c2cbc200e41e91d802c4b8dbc0fef408d4f2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cfa1-1074-430e-a9ef-4aae950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:53.000Z",
|
||
|
"modified": "2016-04-28T08:53:53.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 2200422016.pdf.js' AND file:hashes.SHA256 = '2e93df94bcc6b1278920b235ef429f3bde4740f64fcfbd8e3e56352f34452cb2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cfa2-0020-4b2f-9f7f-4042950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:54.000Z",
|
||
|
"modified": "2016-04-28T08:53:54.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALtGnEjFIRqfjhsAAN5SAAAgABwANzMwOGE3ZWY2OWRhNmRlMTEzNDRmYjU5MDJmMDlmN2ZVVAkAA6HPIVehzyFXdXgLAAEEIQAAAAQhAAAArHIuynup+UJ3ci6F6jggvGhoRBWbgMZQMvD53B4COceYdbnXymDgtI0nrGUz2XYXOrcIxBxOe6d3njgara8L3iYdoUnixVmyiWgsllCmF4xx8tWsNKVOzmgGShVjeM53PfmquhzKU1wvI3zQh9lIqWiRbCIdbO56itNw/9GW1TCU5VNjJfFFrU9eFG+Y7enLESg9w642pdrpCsdfxC49eYrH5FUEl8/1YWS0bv6DwQTwmTS+2RipaGtjVGFS+mjnsyYRQmBLQByi3DxQ+qeiQnlfYIZC12NC2pvDe+7Ix2QwfB458XseUI72JgHU/wd8h2QjTnAm3jnhBEgm3x/3O7MzK6U5tbdDfOhtofjXVY/dSalgpegEIMsWKxf3FUqToBdfrcrWJo+CrrTytUkQlp0JT35976YtNgH4Dccs3j+O892nrP3y/vxkEVdVur4Vd44Mre5bcN7cm6epY+AVwf38sccwFsu5YTNCl6C2A9MLfdicU0Ij2+gic5Y3nhTZ9kiMNoNQTMZbTaK3PWobGY7Fic8k4ISsTV7GTBFDLgRuWTrGcv7RnpZXNK1cw3uvLIVpD67lXHOCDLxI1EB40W5vyi5WxstFkcDVi5ChchRfQvuhwC2iqosZpvDIgZ39CvSiWSH9Hkyyre7o/UPlEaAHxeEHs1h0vRJNyvjwlVVE5IelzJ6IArK3W/4sBYd71S0dZFTU/F6tEWroxUAcNxc5/1ySLI960k1uUS3/HRmLneAXnqey6NL+TOSMVMRUKkyHe8b2JcWV9jGj+q/1JCwZI7E1vwVsI7BIROTOl1dtls0S1kIngdL2BZNCyTy41tailPWjK0v1dMQ0QwjEI7pDw2t0XNicQ/ln6UuD6FJkgvrawZVVn6qswC1SF23T6v8bxXZI4VXmnYCoU8PT98Fa8Aj2F/kdgkxlD5HDgdttrXWoTmnI/UjC365ILY4sbuRQUMlGmwnOCGTZ2rVoWoOorQg6Jqt8SAn8Mbw9ca7h/1ZVbXHZDyPdk1nB8R1mVsrVzthuZY8ycWfDWvPYen/8kjZYGW/4sUX4xD4PGOVnX0+QUNqeo4WhtUDnED9JSZcOL/vbRZyhragV2+c1UcJtlujKWYOK4ygU7SbKUXVo4ms9wr21wO1J/Ms+O8ES7ezcs5CbOWJnTXYSjvz/smuUSS4/7VtjWyn189GewYt5EcCGYVd+bUSqVswphcTYWHFHFV0tBoIXwVxplyPAcdgEoj5k4iZJPhK9w+KgRksMqWtdmRK9PpEQxwGkTO2l+uQumG6XfgDsy8V0ytLzlvap/bp5pJ3et+kZj133IV22VPUW+TV9ucpkwDyrUe/1EV/iQatMHcEyFDBLbk+f7UYPS+Ja/yZyJoT+grOpKBay/JXaOOUHCX7098YSrb2ysgQgNci5DLgKDVhmMGiCt7gPCfS49KX8s4JJgLL6o4K39sBeXtTfTQJ9S0dyn83yBn+rHZf6BwkADobuIjZIxRocN0aq3uL5DSegJMQL0T9BQ+P9IwePD9abjLZT2+47d5k345T3xcvXuRsfxdNY/tUaXWbI0IwfN7dTTjBjO/jPXsGn0z0+oPN/WxC/7KShWLSNz5213hrCx3A7oxsX96pOHzy9ypRUA7l2SLdlJF7gmxR4gfqZiz52yp1/DUPLZWb48GnB26NxN/91q+gcYg/ypYiyW4mZ1+cyFELQWZRHOrsYazg6VLBNRq+oDxCqdB/EnzW2xiC6Lg2y7D2z7gEjSNvSQvSqTUirLFmxVIAXg9kWwiLLpjPlsZlEZy4Nxlh+IdkSHG9POurVInVOf3wLZWwbuvwgTD6q20dRMzDFAtn1GNPw8xznIArDkJ0DFIF2LomDei9KqivAa3dwy6vACvsqjqRg11UuLNv4BzBVhQzQGsifAtVTgssmnJzCfn3lkVidVQD3FAdFQ8ze7JGDiNefmgJi/HTm4yM1oZvgjCCfvywlh6ku6NWNtQLdUMUBOTTdR4zvEPkrY473VZcCy1bmfR293ACoTxn5U5hOjXl5icjr7NqSJiOWLe23EnDMbFOQQ+A3ppXGVjFtqelRinQ9hnNbpW9MhNwfw76wrNWpMeOxK2FHDiWlALDmOogD6mJxtf9OdvUKdzbMOdNPP6iVVJ2U9AzzcKgCf8+DU8OLlk5G6B+66eIdrc00Gr+/A4VewdWKZbcoU8SlgDOndZHwOiO1z3zLJv0AXPGriGw/FloUJ8RyqAlUiW7MQkb9ELu+WOnGtvZhxeF3YkPDeQvQtUeuZpFTyNUFt8UF+K27TgDTf4pVIAFRR0fpGVlEVe3yfu69Ee4JCWyVaFjpqvvgiqPq3Wzb9Mr6aYB2SAPYqzBRc+CzEd74Qlfsk23oem7VhOSU8899O4x5TTsyojTIUj2dw9Mnbw2dCggArGbNuNuI6RKTdkdXd3qLO6KUQbVxfqoMMAvdAm07P/WRPgiRvyeA3xYhfdap3tJnS1qp/VOhnXjeUc7fELXn1bZ0hDch6iAxpQZQR7YGPOSMTZfF3cFRadmMibfpPtXyrSs5Wie3x2yQroxaZ7x2FPsFSMrT+3moJhl5QiynHXS2ZGfm7xgTbxViPjeLtdKtwctpdEzX8P+x+LUxBmbL01h1vzhivIxAvWpYwPyOwXLOX2QJhc59qe0JvZl4zr7qAVQ5BmiLEMrBSqgo5KohNbXekKRy81PIHb0Mkb7DZ+qM8CsLOJEIBCr0kKBcfmZz+OrBeeQqfKUM0wuXDxg+MYDvIidZRbxHbMkHBSpEZ7g3i2sDxgdZDzREcIvm1f+kviqi+35V4I4Unfj0pJQj9ejYZzizWnbg9TQ58OjSgFDkYg39cgAKGWVIMkS09Ml2Ubkr4xpju7WpUiccD46hzUn2D87AAn5h2FXAjta+a210XVsgoFCw1meevA6ucVb46TRCwM309vgjhSMMeG7hO05Qwh4uRMQ+/Zod96aBuLcu6WxA5W2o4JcQjblyrcdoQF6nKiuTrI5c/aMbEEyKMOP9Pbrt9RtOuVPlGdu0vneOvmpPbzVLxsH2vfAGiEv1lDcJpcD/NhXVQqCHU5UI3veVhgA/3Er4FjpgOZSUa5NXfxyXhSrezwUy/My94tsJUvPRNlwfYtQOV4J0QCPR5vNxYPZiLxa81LWGiG9ImKwSGL+SzywwtOHPnUGM6S1A5395GdtJGgiff2hrnzP0Id3WGgFGJEfDZ+Ol1dtlG7yOiq4utF1RbfTBJYGcbVREvpdFT+JNBLUbg8DmQvjUSkJn+fiRDCzIMRZfEojwPLS2Y2WduJyyEUmKXAXyNJvkeevbuz8SIX8Wdo5arEMAOqdiDtm8OJj2Hog0acU2hngIVqmPQ/vhPYIkoCqLfCxqUtHHGL/UitS/ci6mSrGmWs1ik5fPSrtgzv/8iMxSx+dzPFqX3lhRqKrNaBDSRFiKdwKGkBTFZ3lpqp+EmbCKKCAm2JSCMI31gAYYhcS0bRrlZ8s8c6gGvuZEVj3ujxvZobMpSVNOcpIVrQkp+QAFFrNnYPjZ4hhmyv7uhUSAyOxrYpaB1JbepHXfyRGOQVM+/TgqhSq2X//HJ3WvcRPDmaC/5RIiGZsYDxMrJ0zJLfy1D0cVegcSx1ouTHxaoGthOUdmI+JsswyhoDyAo/kM+FYPC3w2665kxAEr3pba1zW8m6by0+q6ie6yEjbqaP9InnyqWn3dLgDYBmrTbW4jY15KQVNb50QQmcH9AHw5ZkQkiAB+kQetrqNI24gGvf72OlDSNKH4TELPpweKaIm9KnCiDAp20DcRZZUZYzlYi7wQ5L20UJUu2qbHmQpP9tV1FBRXT5tsA4mvaLMKeYASL8ypHV2XoB3fIzlyKYpqWrcWyHgqJrDv7rQz5p8hnWf40tVS2CFsSJE0SZN22dnnl2HXYCp7xLE+c1
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cfa2-7b20-4348-8d84-4ef1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:54.000Z",
|
||
|
"modified": "2016-04-28T08:53:54.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 2300422016.pdf.js' AND file:hashes.SHA1 = 'c87a16ca9588c1e60e784ed3e62b72033820ee3d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cfa3-e67c-43f9-9818-4a7d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:55.000Z",
|
||
|
"modified": "2016-04-28T08:53:55.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016 Sales Invoice 2300422016.pdf.js' AND file:hashes.SHA256 = '459f5c1cf455923a4a68332b306a9d81362438c05cae3b88735c22840ff14e00']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cfa4-326c-431d-860c-430c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:56.000Z",
|
||
|
"modified": "2016-04-28T08:53:56.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALxGnEgUaxQMzxsAADlRAAAgABwAYTY2NGE2YjEyNGY0YzVkMzVkY2I1Yjg5NGM1MzBlMGNVVAkAA6TPIVekzyFXdXgLAAEEIQAAAAQhAAAAluzq9nXUlHfpfhdZNnEHqMdWLCNqstnihZMqWqZ7cn4NNVdqb5EvbvvlqK0DRvkoozrlnyraFovo7aVitI1fI2TUIunPmdWLHvAQwVq4jQ17+rz4XzWH3TM0qrAEezBqabA68La52F+h0KHssyxDP/l8g2RLOb/6oxzPb7vQ3TcWqbvAn74WZYCg78UiZPlLD9SoZXUJ9tQilnudLxGbzRv6dfeEmsvETigfLyxGiuwkIJcDPXgrCheguVF+4vskSP7pV17szz9+e5MZ6bHOmk2aUhdiedSNCT6P0ZGLyZHci8JQMAgam4W3sh9kxrH5jmBHHWJfbPrqKavJswku4aBLFovT5cpdMv9rqoOK/3142U8uvRhejtcgZgzhNxkVsk/zOHch3ec0zyIjD0bDLrSMx/1A+zDXR5qBHau2PbL3CWY6ndEttAWqRs7PO7EmPQ/w9Daw9AXaCQujEk+SWfJvzikHUy4A0jn+EFHKMnPlZaplLPZkqhrQ7aggL8AOPfVe2WOYff2OfO+87QyBXeG7hojXmO7/HiXWbptyQppwcWxvVq/gOFX+a3uann71qF/NoaIcTTvpT9eMECSj6ffG0icY/4nFfDZx0qeecVsptPvSn2apXQmAtdEXN138pQxAhtggRTlvvfRyhdU57ALteIWJicW/PpqGhfemDjkoOYk4mAWnxXX/DJXMn2GM+EYLYE/cjpdpEL/y7YsipASNZc6d+FLozAclHavN6xYw70B2+gK2WGu/Eee90U4ST7XKZUvYsO/4AQbZQI4xDuO/hUroSCD4J7Gpuj7xmP/4fEqWL/gBOkBgB5kzG6aD1yPViBZtujV2i+DWIC6CJ3+EwlFXtWbgBWspQTjOWyLA7nPENc7ki6M6qJuZgPa/MOHofE8SyFogWbS6wriB9q4QvUbGGotaCkV8xLzW2/DnWNF6h5Kjys5E0iD0Zh43CfIUyxcpHfp3ZH7j2OhGJ0O5yxU+Ar64EZ1kuwuFwvOEH7T3P4oY79HELDiunPJVb17z4dEQ0TU4gUWt1ibt4p2EE9eza5HixNUc30BfGxiVcfRjFKFk7R9Afu/X7iI1yG9EnBZoqfr9xPgIvMdkdfHKscvUC+yUbKQQSp7MKyudQhxSN5pR3cpoR25qExTs/QVyqRlUkvIPPFaXeGbeP8EXAKgWqyh9IwkdTf5V+iRfc1B9tKhReyVMuyrBfMaS8VxjNMfMFX8nBbh8oAP2RX5CkVzhjFUf9hBqgAE70Um1aIkbz2NGYQjiwwy9o8SaE1POR4zuKDXY+jkpx2iawxfcHvPzjVB+JJcAIELPvkt/ukPVPDPqpd+G5a+WIKbsLKTwcTcRMleqymxz2XbzjonFJPnMazpQEIvd/aB4g6w1rS9YN3nhGd9BYYqJkGijkXDr647eNR0uSC7pAFm7/S0qP67jwlrJZhKWyEHi99uSgwfN9McMs+/zEquMt9dwz+jV64ObeaTVTLbdbJCnjVZZ73OQW5wT/p6AmcfthJnki9DrZaFlPL+DgDTsVNv/cJAB/JCJEAi0sYY3ldf7A08l4rYR3OgHDUlrLKoIjmvHgGQiXy2Qzmb3tgNxzVrTTAbywVss4wTc29bnU9t5H3hHqX1CaDB1zW0t4Q2a/ElBXIT4QKaFkl83rGK9/Mb6/Tc/VPVOGg7rJfpeekuO0WaURaaMO5Gto76+Gwey0XBvUoeqUjAR3bp7jAuuoTRxFTXotTIM0BlyM+zhDZkfF/8ord7UXAbeEFfJMAe+LHMCZH0NojzWGD0aDpIlapXCq20b0+BPFmjOZBToHUgapHJNX83SSAF/LcTP1XR3P1k5mR/BGowmOEYEES595/Se1X4RmuoH6BXeHf6wKOlgm7ljxRXIQknJb30AdZrmOZgkxQQzQguELDI5jmjaf75JSKS1OHd3TAjTN+YZv7XkJ9Nb4rezShmNnwnEksRATASZY590L2ZJvHZdfBiBiKQqAkyjHUvtuKUK5eRTGXOjMuPeePCj2SQBG92sYS4yn7NRGbEcbaR9BO0xjkEszI1wnyJKhMvPbxLtIlNQR0jUDQN8HkOnaHfeCdVodNolYoubP6g9KaG2CJmHYA1ctvPfNxXDXTQwC7+92XGCuWlPkpHU2eyQq+B26ORpo9dPgerFsH7aJrdmmfnfblaYEXjvcQBUggzHKmgBQsQQY70lz118M2oQfpJdOuYHu7BkGVtV0jmJMfr/mX5ovudsK5mfHgFIdK9/zE8ejzM5MCMnwUIzJMqhtt3AzZgS6zpJSivW/ZUqx7itlaWHHlWkkCFcrcS/s/4mhdbQYUFrwNl/a044eg23CHqGUzMBOFBbQ8WcVubMFgiZxHZBmVTliXZS1marWzOoCo2D5cPHOoF5EtzoQc/l3o0tUs6vAJodyIonhpRHkzs/HIcd1+Vq7fTtEUe+VqRPtxoq5A9l2JWPUJ4JNj4bn7Ri2sn+QWolD/vcu+Bqpzn0IlmRXbkv2bTY8X/pivcIfLaem8nlx276oIwxYbK66RbprRcSSWmcLQtVL4J/T6hH1+yLjL7ooXnoe173txnZdY/BVZshgrRYUjASMXgzP0jk3wupIW3uERkbI9s75El2lBD5ThoXazpzaMCR2yXz+qC46acpIqSbXH3Th+nnR4ggDWMl4Qxks6lMlnWQJu2oAp6UA2gS6whOdp4fHtOuO4VUnHHm0O0iTpqaVTZp+Uc18+y0tfXZFiyUh0d48cBP9SEpyTuUZX0MA5BRbKmMxHYnTchRmjX4lrbu89gjAKojbfHcWBX5NYcLqa6mctWYYnYkMRJ0hLFYiN6rp21qx14pCXdSGELF9/xcJQYyPEwEX0jC/VBSLD5qcl3P7tO1xXcKeu2GZ5W63coi7V3Vi/4oHql3NYUVlhN/XSbJWQ9SZR/E7xlU+YxO0mkFR/DYeIZZvmpkZALYsbbkeK4bkEIlnFT7EWOz1SkaNn1P+Q4wk2Iof9hpbSI5rozqMz+2+785agWmBFIpgp7vACOZvZ4gio0Yg97kkYz9QNo0COC4ZGWUWObGBBJgNuuSvpzbjtz/HVNZUVGqpf9KEIRCccAxTMRzLjTQrUmqxIMQzdTeZyVjgpme0vvjsf0oKDP0YtGqcl7iNmrUCA6NFAvcjz0Yt5q3DekG3H+kRx5Cuk3VneY8wZJ6PLTzAfgZ+8F1XszGR4Mz7ArCkQ9kzO7lqWTX3NAKHCaLC1h/DbNXI5wr+dyyYJPaNOJFEvFigCfzlRUa47tPoJpMVyPyxegdDcUkFQJtkB1n6JCMpDwoXIfVI4EUxLqKyuHuIXj2NyAZAMUkleFJ44cgV07iEmf53xeuRHOaBlEFpxwql49Cx2/oBYjEokKiGKcvWvjxC+x4EEyzmfGoEqqyU+vFE6uZlkCGHfNKJZfYLocwLOeZdbw9kM6GcCK8lvhq4x1R8zuYSwCGcYTEUW6SqASCzknmhrSsrDZgDgivTSZDcQf2i3dePQGu/vkhyXhKxJ/eAaJj0ACi35xFmamjJEVdu2MB5dfw0uRUy5OWUST+/hmOUpPsfzmICUFBkSRJvtfexHUOtNFEeikNYlmEsidbnfZSGOn/vRoKeIWOwNmGsQWurbJJ8nVA5cm+Bem7ikqexIvf/1s0HJceW5QeeF0W0ihjVvAatJJy3Ldw930cGU8si0M1xaTLaA4vsyvP9WAwjBWwIzzr34CSlQ0NC0oBGrDiKpNyDGIWwyGSUy687kiIrF3Aw5FKISkYLrXsHB95u2JdAReyNKK80ue19XIRpTAA5jV836w+1cH4cOM8yvuEg91LMMuMxxizZNugnfz1uK9SaShu8OWGLxxwYlC5huiwYzZKgCZlB7KGVWd2+4UmRSPGi+hPxH1X9jvPpaIq0z1WtJH2DCPVzwNtZgM71bbP6iDrCQ
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cfa4-9070-4c34-9433-4cba950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:56.000Z",
|
||
|
"modified": "2016-04-28T08:53:56.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016-APR Sales Invoice 2100162016.pdf.js' AND file:hashes.SHA1 = 'c156048837cbb1139457d2ec5173aeb9de4b073d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cfa5-3b14-460c-87c0-4052950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:57.000Z",
|
||
|
"modified": "2016-04-28T08:53:57.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016-APR Sales Invoice 2100162016.pdf.js' AND file:hashes.SHA256 = 'd29f722f9da0613b65d4b832d2366962be65cc685f1c2e0fbb1671c4db52b637']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cfa6-77b4-467b-97c6-4dcf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:58.000Z",
|
||
|
"modified": "2016-04-28T08:53:58.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAL1GnEjGQTr3XR4AAC1ZAAAgABwAZDFiNzA1NjIzZDZlMDkwMjhlNTFiMmRmYmFkNWUwMjhVVAkAA6bPIVemzyFXdXgLAAEEIQAAAAQhAAAAHsanqJVX2coiNsYb1fH2Thx4PU2xfocAcBSkKf3BJGAQpA+b7zrovep1rypB1wd9xUjw8wEChq3Q9TRSBLL9Gz2ncD2RNJgzaJG+LauH5wXHkC850ls4xq2OLiTJuKjlEm+lrl6cQPpE6C394Wmg7A2iCqY0qv5jzZj2YmgDOKouFF7jVdTZfArFn8ZKVGGWQE1eBL/d0P9MlOE1GE5QoPX07Z8iPwIdp7baUKmFVdQbxzvLrCpepvxdumwPWJoAzkgKXP3pDVagxTGjF4dxozbetP3CNOS+dr6fcvWdchs5rUcxHwAun6OmNkCe2BnpMyM6aM3WM9Mf09BjTOcj/hKESOSS4wHv29+fD6ueEi78K9ztG7GiRfZtfsHXTfdaliKFNm5bjiWKrztMgp1oYXXE20mFhUblYI2SwUJFT4gMfMCRY1chnoo6xFc0uOezGBFi4nuooA/qTXXjDOjEi4VB6bd97F2HWzrje6idRrA5TAwlbCaEmxoeYlmPf2AZv19gW5PxYoheBkoECffOcE+V+Ox7/51D2WIwthIgyLHjwjrBfCRn8jxU5K0TDUvGnzHf8H5kSTySa2k0NRY4YWDvcwQtXvnvbOmtgzCocMp/Jf0KCF3B4SLpnt731Efb2i+mQ/88sy2gpzrX598EZ01WxhJaK7TGP57PkRBASul9jjMkDjCcMPQ+sZEmGw85CFqKpzvXiDv9/v2JNLPw27SQO6DNT97s9YFgs0K2qFLCwlOn2NDvUXlGL+FNA08qPY83E/iEJp8L2plFBfDmF+PHUer/ZykZZOOFVQHVDrSyu944xFyYcvrg9we2rBWBe4Rc7Hsa4CzkFAZjm0YvUZsYhswRYs+dOuD2nvDCVyquXh6AOGVYRsMa343Nv1MvJ0uYBk0j2DdxPwSDDEtMDoNVPHa77vJMmq0fW1Ku4/C3Aoz1KdJjUIEuA/WqTrUTtQiJFivtQ8E31CVaf/MfxopZDH9Lo/SY1ZEHlw+jSc5vLHaiiSAVVE6gDT8rcITPXi9hMgncW2J2O0YO12ayBYc2WA81B97iw3r9i8iCTuYHZVuC3sSGU6oqU7tcbO9WqgwR9DV80p5JmGhbmjr1ckwS4XC3a518tqaizVE+1cR9Wd3uI76Shs6RLjfaEhSNNvfD2Cj5qotCl7/BZOiLSMHe3Y3CRzYOMd3Z41lYHd/b6X4yc4Ddv6RuL8T9DqxVCmb0YFNGAXyJYiQZG7wxLpAj+wEYt1l7FIyQNjByHDmyM59qaVlEGZ5Ek+7R9Bhh49OFKi3US4BdbTPJryPHX2wVDGRrIyZhijST9DK+b772vx9kikxyTss6lJ6+hrhP4hi6lA6ERKPvHU9/RaqNkJtZWK/u4O8qPmoSdgg7dQI75T8733nvImZCfG2Yxe/T4KBIOQkqXGMGBpqRstLSMxX5ukgG3XkUKBJhcj953S8VFrefPoVBUIi8+cRUDE9IHufnDonPTNC7RlYeTBLVNdMuduuM+VyVWGjK1w+XssuhLsG8De9LpUrrN5Aw9+TdFMzdZN7GS9YjWOT4QsJYbyS6hwNGjKJGqCSHH4lAhNKUqN4TYeqI4aRPgWHRpoi5zB8i0+OABJseZ/1aEt8EC9JfrrEd4XfvOMe+NzQVOXlpfguxDLpcA5H/m4IC5lDuJ/bHXh2/z4XIbPz5CmL/HS767M6MEawdCGeTs6OU4aENGyL/9k9RHBwsYnAKdnMLO919PM9nc2jdUkjcQD8jsKhjv6tyDrRxZEGyEPJk+vO/I78IxhezOfmeyK4Nx7XpEsEEqGR6t8DaDjs90n/HKkuVE3UzfpCFvPuWvVZ6Ikjliyb+XPEaWNUNNRQEIXM03Pc8Xqv1bw5jzKG0wC2AsKG0SUSrDStFo3MozzL+cuWp86nCtjSf17S9Q1UmqgRcK5vMJAnCqqxUOZn4EzShGAG2B3IeZxQHezLrqhVfRq/Gd5TEwlNaisMAL/5W3D6Q4X4NE41TscJuUr8cu2UxX49BPy0d9NfVFYG92NESELD9znd9uYfqg/GVsy1aFRuiBfgv0WUUUQyUTIybS35BOReirzSXHfoBXDcXSJhYwJm2oSpk5iebJw15hhU7cqyNe8+X8mvn/YTKWfnjHgv7ABHGjEuAqht/8W98o7dKuz3j57yWrdUoY57A7TGMkKyhynPxEWPAM0rNynnBO66T9YUDMOHzBLso7mLat+YRdGXzViR+yD+n3XNPI5xD0uQgeHUZR/yTNYnbBLUi22zm599OC5Q+yXx0aTGTwfSDhWbbH/PWxu7esDeLRxDl9P7FHgPOLx5Y5YlPXyF3vVKBygDZv12htWk+3k3zElZuQFU9YpfeRs7wXOSv1/hh/5VAFkCP28yCl+KA98B6tbjyOk6+BA4BdcfMQmxlCUm1OfSxY1TsZsClZP4fffB6auJv8EDw+53FnY8i8oBL0d6QecJkEHp9HPvKDHqeeYgegwVpTkF2k0XvD3V2RJ4dnHyS2NCw8Q5PQbaQ17aupYEOLGN5I/Rr7m7gfZjCa8u9liln87KNeY+sN2K1Zx6DR/FDWl/RXRVRguPrZHOZ0JivPXk5LyBsRGM9DL8b1MPjcNnMrCKoBC/NEEU9QBoWLPNhdrtnRwc/9LRZ+jIOZyJXj8i4pNrN62zVXT/qXHNUpfinxRLykC5ldAGuHfyWR9IQpkX/ut1jo0H0BeQjOlQLsWD/iROuQ7W38J4XA7hXGShKzMV9A12rIJofb3AjS5x3F5eCJggJwLjL/38lPB0fhyntXCKMCB7suF6bu98AeVJpxrFV9I9Qi7fTMkMsVpbcYJ7ertKs1CMm2X7FwL9MIVwX8aO+VBmN1lHnkdaOBSCzvu3FF0wyFbsjvHbcT8Di3gIAzn+wLQ5DsSNufZfAcnXPHbN2t9BWQps4ZPFMXqwFDD19cBfwq89qZ/WaFdxsR1EYo4JR7eyFNEvCRYwwxFGojZWHJ6pxVTcYLqTt3R9yj4NRL/qsqhYAaW4w+N23UFiRPjLmRjRXRy5XHyBYrfYgxVA4/kP0G+5yZrEdB5NsKcFxodw/VepD+Udg4WvO+ofcsHX3Z9NHAcAqtqKitfeOl7eCXWxoGIAp6xcIFq21BxCm85+KfBBoAiyDQrGa/nqvaHklMCo3kP5G2PGDnZi3JyhcFOhBda6PCDcWVp5ocpcV+CNkgorVrZlry2DPdXeUsIzza9YBUY9MpmUdQrUgkmmM9PoJfLzKk+7wclgRWWbIU4ohiDRiM1Vp1gMsHz8SvygV8Si248i95eLEggz9tEbw5+iT7ldfJpxgPZlKdVtOFAT3YzpioCDPpZ8kWMUUM4j4rRRJs/ZCJ3jOhQYf9Lh7SMp3nrHx02djldKV/a2qmzT+6LPyxvFLGfse9Ku1PH5YcbwP2aQ1ztXlsQdu8Y0kFwEMs4W8LDLHE2JVbaMfmEOoTAAaEUoR/NvGR3mNC6J+ZdNn4116TFdMRLNStPQxCtTvbXIUeuXinTMaz3xyyY56Ds8VKdC6JYbOgyhFw+yuDHrgQFJzZ4lI37LQQu6yH4BnfLEa7vCwXIViaBjQ2buq5ctQigcsHs5u7BTRxGJ8RzZ5hc1y7SR38Vf1zb49XlVSy50EmbakUmJ6cgjYUvht0CuRYEq7guAJvHx5fiVN9FYIF8IO4Sja/rVeYeZ+M1zA2nAGHMI6YQKcU5FFXfDw3kP8fcq6ZkuPpOdOGKY3u1IwQ/Dd2NpfiJfF3D5DW0Tm2I+3AW9q3AxHnAwt6pVZ29QrmASAK153VEzSpjXULfdsXKLN/NPsEDJ8tBDit83Ot3L2tmmwNOzHhRRYRA5ygZ0q6HwIdpsMw4Pl4+Dqme2ONLOuJ1fe0HpXj+7r8cmmPbZJHLu/6X+NVC0R5wD7ymzQwXFySnorX+Kec3Bx6n2Syn
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cfa7-a78c-4b3c-b4d0-421f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:59.000Z",
|
||
|
"modified": "2016-04-28T08:53:59.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016-APR Sales Invoice 2300162016.pdf.js' AND file:hashes.SHA1 = '832e31ce6174da6374486837097d17c6396b1877']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721cfa7-98b0-4ecb-afb9-415e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:53:59.000Z",
|
||
|
"modified": "2016-04-28T08:53:59.000Z",
|
||
|
"description": "unique .js file",
|
||
|
"pattern": "[file:name = '2016-APR Sales Invoice 2300162016.pdf.js' AND file:hashes.SHA256 = '818e9e4c8be2b2b90c4811230a6f41a934eb85546f5c8a5f7caaaffddbb4d267']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:53:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721d038-1858-4031-a8d9-4526950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:56:24.000Z",
|
||
|
"modified": "2016-04-28T08:56:24.000Z",
|
||
|
"description": "Download location (not available)",
|
||
|
"pattern": "[url:value = 'http://api.spartanburg-community-college.net/follow-us/on/twitter.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:56:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721d039-3ca0-463d-8fde-4f93950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:56:25.000Z",
|
||
|
"modified": "2016-04-28T08:56:25.000Z",
|
||
|
"description": "Download location (not available)",
|
||
|
"pattern": "[url:value = 'http://api.spartanburg-community-college.org/follow-us/on/twitter.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:56:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721d039-bc0c-4174-8d45-4cb5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:56:25.000Z",
|
||
|
"modified": "2016-04-28T08:56:25.000Z",
|
||
|
"description": "Download location (not available)",
|
||
|
"pattern": "[domain-name:value = 'api.spartanburg-community-college.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:56:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5721d03a-cd94-4b64-a94d-4a8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-04-28T08:56:26.000Z",
|
||
|
"modified": "2016-04-28T08:56:26.000Z",
|
||
|
"description": "Download location (not available)",
|
||
|
"pattern": "[domain-name:value = 'api.spartanburg-community-college.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-04-28T08:56:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|