misp-circl-feed/feeds/circl/stix-2.1/5952b89d-104c-436d-a8bd-476202de0b81.json

{
    "type": "bundle",
    "id": "bundle--5952b89d-104c-436d-a8bd-476202de0b81",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-27T20:03:01.000Z",
            "modified": "2017-06-27T20:03:01.000Z",
            "name": "CIRCL",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--5952b89d-104c-436d-a8bd-476202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-27T20:03:01.000Z",
            "modified": "2017-06-27T20:03:01.000Z",
            "name": "OSINT - D\u00c3\u00a9j\u00c3\u00a0 vu: Petya ransomware appears with SMB propagation capabilities",
            "published": "2017-06-27T20:05:09Z",
            "object_refs": [
                "x-misp-attribute--5952b8a9-0554-49ea-b10b-481602de0b81",
                "observed-data--5952b951-4e0c-43af-96a9-4d8b02de0b81",
                "url--5952b951-4e0c-43af-96a9-4d8b02de0b81",
                "indicator--5952b96c-d99c-4a1c-bbd7-4bf802de0b81",
                "observed-data--5952b995-7028-4073-bd6b-10ed02de0b81",
                "url--5952b995-7028-4073-bd6b-10ed02de0b81",
                "observed-data--5952b995-7fd8-4b6e-8c34-10ed02de0b81",
                "url--5952b995-7fd8-4b6e-8c34-10ed02de0b81",
                "observed-data--5952b995-7480-46b3-b11a-10ed02de0b81",
                "url--5952b995-7480-46b3-b11a-10ed02de0b81",
                "observed-data--5952b995-2c9c-4ad0-a55b-10ed02de0b81",
                "url--5952b995-2c9c-4ad0-a55b-10ed02de0b81",
                "x-misp-attribute--5952b9a4-f444-4b57-a179-10e402de0b81",
                "indicator--5952b9cc-63e4-4af1-899f-49b502de0b81",
                "indicator--5952b9cc-d418-44c1-a185-462502de0b81",
                "observed-data--5952b9cc-0848-4d44-bfac-495302de0b81",
                "url--5952b9cc-0848-4d44-bfac-495302de0b81"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "osint:source-type=\"blog-post\"",
                "malware_classification:malware-category=\"Ransomware\"",
                "misp-galaxy:ransomware=\"Petya\""
            ]
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--5952b8a9-0554-49ea-b10b-481602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-27T20:02:20.000Z",
            "modified": "2017-06-27T20:02:20.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "The Petya outbreak recorded on 27 June 2017 has had a significant impact on a number of global organisations, with media outlets reporting impacts as significant as the cessation of activity at the Port of Rotterdam in the Netherlands [1].\r\n\r\nWhile many may be loath to think back six weeks to the trauma of May\u00e2\u20ac\u2122s WannaCry outbreak (https://blogs.forcepoint.com/security-labs/wannacry-post-outbreak-analysis), there are a number of parallels between the two incidents ranging from the global reach of the outbreak to the techniques by which the malware is spread."
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--5952b951-4e0c-43af-96a9-4d8b02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-27T20:02:20.000Z",
            "modified": "2017-06-27T20:02:20.000Z",
            "first_observed": "2017-06-27T20:02:20Z",
            "last_observed": "2017-06-27T20:02:20Z",
            "number_observed": 1,
            "object_refs": [
                "url--5952b951-4e0c-43af-96a9-4d8b02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--5952b951-4e0c-43af-96a9-4d8b02de0b81",
            "value": "https://blogs.forcepoint.com/security-labs/deja-vu-petya-ransomware-appears-smb-propagation-capabilities"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5952b96c-d99c-4a1c-bbd7-4bf802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-27T20:02:20.000Z",
            "modified": "2017-06-27T20:02:20.000Z",
            "description": "orcepoint Security Labs has analysed one sample associated with the outbreak",
            "pattern": "[file:hashes.SHA256 = '027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-06-27T20:02:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--5952b995-7028-4073-bd6b-10ed02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-27T20:02:20.000Z",
            "modified": "2017-06-27T20:02:20.000Z",
            "first_observed": "2017-06-27T20:02:20Z",
            "last_observed": "2017-06-27T20:02:20Z",
            "number_observed": 1,
            "object_refs": [
                "url--5952b995-7028-4073-bd6b-10ed02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--5952b995-7028-4073-bd6b-10ed02de0b81",
            "value": "http://www.ad.nl/rotterdam/grote-hack-bij-maersk-legt-rotterdamse-containerterminal-plat~a60dd307/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--5952b995-7fd8-4b6e-8c34-10ed02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-27T20:02:20.000Z",
            "modified": "2017-06-27T20:02:20.000Z",
            "first_observed": "2017-06-27T20:02:20Z",
            "last_observed": "2017-06-27T20:02:20Z",
            "number_observed": 1,
            "object_refs": [
                "url--5952b995-7fd8-4b6e-8c34-10ed02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--5952b995-7fd8-4b6e-8c34-10ed02de0b81",
            "value": "https://blockchain.info/address/1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--5952b995-7480-46b3-b11a-10ed02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-27T20:02:20.000Z",
            "modified": "2017-06-27T20:02:20.000Z",
            "first_observed": "2017-06-27T20:02:20Z",
            "last_observed": "2017-06-27T20:02:20Z",
            "number_observed": 1,
            "object_refs": [
                "url--5952b995-7480-46b3-b11a-10ed02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--5952b995-7480-46b3-b11a-10ed02de0b81",
            "value": "https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--5952b995-2c9c-4ad0-a55b-10ed02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-27T20:02:20.000Z",
            "modified": "2017-06-27T20:02:20.000Z",
            "first_observed": "2017-06-27T20:02:20Z",
            "last_observed": "2017-06-27T20:02:20Z",
            "number_observed": 1,
            "object_refs": [
                "url--5952b995-2c9c-4ad0-a55b-10ed02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--5952b995-2c9c-4ad0-a55b-10ed02de0b81",
            "value": "https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--5952b9a4-f444-4b57-a179-10e402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-27T20:02:20.000Z",
            "modified": "2017-06-27T20:02:20.000Z",
            "labels": [
                "misp:type=\"btc\"",
                "misp:category=\"Financial fraud\"",
                "misp:to_ids=\"True\""
            ],
            "x_misp_category": "Financial fraud",
            "x_misp_type": "btc",
            "x_misp_value": "1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5952b9cc-63e4-4af1-899f-49b502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-27T20:02:20.000Z",
            "modified": "2017-06-27T20:02:20.000Z",
            "description": "orcepoint Security Labs has analysed one sample associated with the outbreak - Xchecked via VT: 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745",
            "pattern": "[file:hashes.SHA1 = '34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-06-27T20:02:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5952b9cc-d418-44c1-a185-462502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-27T20:02:20.000Z",
            "modified": "2017-06-27T20:02:20.000Z",
            "description": "orcepoint Security Labs has analysed one sample associated with the outbreak - Xchecked via VT: 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745",
            "pattern": "[file:hashes.MD5 = '71b6a493388e7d0b40c83ce903bc6b04']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-06-27T20:02:20Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--5952b9cc-0848-4d44-bfac-495302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-06-27T20:02:20.000Z",
            "modified": "2017-06-27T20:02:20.000Z",
            "first_observed": "2017-06-27T20:02:20Z",
            "last_observed": "2017-06-27T20:02:20Z",
            "number_observed": 1,
            "object_refs": [
                "url--5952b9cc-0848-4d44-bfac-495302de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--5952b9cc-0848-4d44-bfac-495302de0b81",
            "value": "https://www.virustotal.com/file/027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745/analysis/1498592986/"
        }
    ]
}
chg: [misp-stix] STIX 2.1 export added 2023-04-21 14:44:17 +00:00			`{`
			`"type": "bundle",`
			`"id": "bundle--5952b89d-104c-436d-a8bd-476202de0b81",`
			`"objects": [`
			`{`
			`"type": "identity",`
			`"spec_version": "2.1",`
			`"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-27T20:03:01.000Z",`
			`"modified": "2017-06-27T20:03:01.000Z",`
			`"name": "CIRCL",`
			`"identity_class": "organization"`
			`},`
			`{`
			`"type": "report",`
			`"spec_version": "2.1",`
			`"id": "report--5952b89d-104c-436d-a8bd-476202de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-27T20:03:01.000Z",`
			`"modified": "2017-06-27T20:03:01.000Z",`
			`"name": "OSINT - D\u00c3\u00a9j\u00c3\u00a0 vu: Petya ransomware appears with SMB propagation capabilities",`
			`"published": "2017-06-27T20:05:09Z",`
			`"object_refs": [`
			`"x-misp-attribute--5952b8a9-0554-49ea-b10b-481602de0b81",`
			`"observed-data--5952b951-4e0c-43af-96a9-4d8b02de0b81",`
			`"url--5952b951-4e0c-43af-96a9-4d8b02de0b81",`
			`"indicator--5952b96c-d99c-4a1c-bbd7-4bf802de0b81",`
			`"observed-data--5952b995-7028-4073-bd6b-10ed02de0b81",`
			`"url--5952b995-7028-4073-bd6b-10ed02de0b81",`
			`"observed-data--5952b995-7fd8-4b6e-8c34-10ed02de0b81",`
			`"url--5952b995-7fd8-4b6e-8c34-10ed02de0b81",`
			`"observed-data--5952b995-7480-46b3-b11a-10ed02de0b81",`
			`"url--5952b995-7480-46b3-b11a-10ed02de0b81",`
			`"observed-data--5952b995-2c9c-4ad0-a55b-10ed02de0b81",`
			`"url--5952b995-2c9c-4ad0-a55b-10ed02de0b81",`
			`"x-misp-attribute--5952b9a4-f444-4b57-a179-10e402de0b81",`
			`"indicator--5952b9cc-63e4-4af1-899f-49b502de0b81",`
			`"indicator--5952b9cc-d418-44c1-a185-462502de0b81",`
			`"observed-data--5952b9cc-0848-4d44-bfac-495302de0b81",`
			`"url--5952b9cc-0848-4d44-bfac-495302de0b81"`
			`],`
			`"labels": [`
			`"Threat-Report",`
			`"misp:tool=\"MISP-STIX-Converter\"",`
			`"osint:source-type=\"blog-post\"",`
			`"malware_classification:malware-category=\"Ransomware\"",`
			`"misp-galaxy:ransomware=\"Petya\""`
			`]`
			`},`
			`{`
			`"type": "x-misp-attribute",`
			`"spec_version": "2.1",`
			`"id": "x-misp-attribute--5952b8a9-0554-49ea-b10b-481602de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-27T20:02:20.000Z",`
			`"modified": "2017-06-27T20:02:20.000Z",`
			`"labels": [`
			`"misp:type=\"text\"",`
			`"misp:category=\"External analysis\""`
			`],`
			`"x_misp_category": "External analysis",`
			`"x_misp_type": "text",`
			"x_misp_value": "The Petya outbreak recorded on 27 June 2017 has had a significant impact on a number of global organisations, with media outlets reporting impacts as significant as the cessation of activity at the Port of Rotterdam in the Netherlands [1].\r\n\r\nWhile many may be loath to think back six weeks to the trauma of May\u00e2\u20ac\u2122s WannaCry outbreak (https://blogs.forcepoint.com/security-labs/wannacry-post-outbreak-analysis), there are a number of parallels between the two incidents ranging from the global reach of the outbreak to the techniques by which the malware is spread."
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--5952b951-4e0c-43af-96a9-4d8b02de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-27T20:02:20.000Z",`
			`"modified": "2017-06-27T20:02:20.000Z",`
			`"first_observed": "2017-06-27T20:02:20Z",`
			`"last_observed": "2017-06-27T20:02:20Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--5952b951-4e0c-43af-96a9-4d8b02de0b81"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--5952b951-4e0c-43af-96a9-4d8b02de0b81",`
			`"value": "https://blogs.forcepoint.com/security-labs/deja-vu-petya-ransomware-appears-smb-propagation-capabilities"`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--5952b96c-d99c-4a1c-bbd7-4bf802de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-27T20:02:20.000Z",`
			`"modified": "2017-06-27T20:02:20.000Z",`
			`"description": "orcepoint Security Labs has analysed one sample associated with the outbreak",`
			`"pattern": "[file:hashes.SHA256 = '027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-06-27T20:02:20Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"sha256\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--5952b995-7028-4073-bd6b-10ed02de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-27T20:02:20.000Z",`
			`"modified": "2017-06-27T20:02:20.000Z",`
			`"first_observed": "2017-06-27T20:02:20Z",`
			`"last_observed": "2017-06-27T20:02:20Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--5952b995-7028-4073-bd6b-10ed02de0b81"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--5952b995-7028-4073-bd6b-10ed02de0b81",`
			`"value": "http://www.ad.nl/rotterdam/grote-hack-bij-maersk-legt-rotterdamse-containerterminal-plat~a60dd307/"`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--5952b995-7fd8-4b6e-8c34-10ed02de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-27T20:02:20.000Z",`
			`"modified": "2017-06-27T20:02:20.000Z",`
			`"first_observed": "2017-06-27T20:02:20Z",`
			`"last_observed": "2017-06-27T20:02:20Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--5952b995-7fd8-4b6e-8c34-10ed02de0b81"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--5952b995-7fd8-4b6e-8c34-10ed02de0b81",`
			`"value": "https://blockchain.info/address/1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX"`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--5952b995-7480-46b3-b11a-10ed02de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-27T20:02:20.000Z",`
			`"modified": "2017-06-27T20:02:20.000Z",`
			`"first_observed": "2017-06-27T20:02:20Z",`
			`"last_observed": "2017-06-27T20:02:20Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--5952b995-7480-46b3-b11a-10ed02de0b81"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--5952b995-7480-46b3-b11a-10ed02de0b81",`
			`"value": "https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/"`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--5952b995-2c9c-4ad0-a55b-10ed02de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-27T20:02:20.000Z",`
			`"modified": "2017-06-27T20:02:20.000Z",`
			`"first_observed": "2017-06-27T20:02:20Z",`
			`"last_observed": "2017-06-27T20:02:20Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--5952b995-2c9c-4ad0-a55b-10ed02de0b81"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--5952b995-2c9c-4ad0-a55b-10ed02de0b81",`
			`"value": "https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012"`
			`},`
			`{`
			`"type": "x-misp-attribute",`
			`"spec_version": "2.1",`
			`"id": "x-misp-attribute--5952b9a4-f444-4b57-a179-10e402de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-27T20:02:20.000Z",`
			`"modified": "2017-06-27T20:02:20.000Z",`
			`"labels": [`
			`"misp:type=\"btc\"",`
			`"misp:category=\"Financial fraud\"",`
			`"misp:to_ids=\"True\""`
			`],`
			`"x_misp_category": "Financial fraud",`
			`"x_misp_type": "btc",`
			`"x_misp_value": "1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX"`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--5952b9cc-63e4-4af1-899f-49b502de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-27T20:02:20.000Z",`
			`"modified": "2017-06-27T20:02:20.000Z",`
			`"description": "orcepoint Security Labs has analysed one sample associated with the outbreak - Xchecked via VT: 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745",`
			`"pattern": "[file:hashes.SHA1 = '34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-06-27T20:02:20Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"sha1\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--5952b9cc-d418-44c1-a185-462502de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-27T20:02:20.000Z",`
			`"modified": "2017-06-27T20:02:20.000Z",`
			`"description": "orcepoint Security Labs has analysed one sample associated with the outbreak - Xchecked via VT: 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745",`
			`"pattern": "[file:hashes.MD5 = '71b6a493388e7d0b40c83ce903bc6b04']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-06-27T20:02:20Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"md5\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--5952b9cc-0848-4d44-bfac-495302de0b81",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-06-27T20:02:20.000Z",`
			`"modified": "2017-06-27T20:02:20.000Z",`
			`"first_observed": "2017-06-27T20:02:20Z",`
			`"last_observed": "2017-06-27T20:02:20Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--5952b9cc-0848-4d44-bfac-495302de0b81"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--5952b9cc-0848-4d44-bfac-495302de0b81",`
			`"value": "https://www.virustotal.com/file/027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745/analysis/1498592986/"`
			`}`
			`]`
			`}`