misp-circl-feed/feeds/circl/stix-2.1/599bfa79-e7e0-44a9-a0fb-5bfb950d210f.json

812 lines
124 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--599bfa79-e7e0-44a9-a0fb-5bfb950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T10:10:57.000Z",
"modified": "2017-08-22T10:10:57.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--599bfa79-e7e0-44a9-a0fb-5bfb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T10:10:57.000Z",
"modified": "2017-08-22T10:10:57.000Z",
"name": "OSINT - Emotet, New high-volume spam campaign has links pointing to malicious documents that download banking Trojan",
"published": "2017-08-22T13:09:35Z",
"object_refs": [
"indicator--599bfaa7-bf20-4d7f-8932-5c26950d210f",
"observed-data--599bfacc-1738-4ffa-bedc-5c26950d210f",
"file--599bfacc-1738-4ffa-bedc-5c26950d210f",
"observed-data--599bfacc-2744-48ad-bbb7-5c26950d210f",
"file--599bfacc-2744-48ad-bbb7-5c26950d210f",
"observed-data--599bfacc-a2cc-4611-9b0d-5c26950d210f",
"file--599bfacc-a2cc-4611-9b0d-5c26950d210f",
"observed-data--599bfc13-3cfc-4e81-9d45-497e950d210f",
"file--599bfc13-3cfc-4e81-9d45-497e950d210f",
"artifact--599bfc13-3cfc-4e81-9d45-497e950d210f",
"observed-data--599bfc36-7904-44ca-9832-4593950d210f",
"file--599bfc36-7904-44ca-9832-4593950d210f",
"artifact--599bfc36-7904-44ca-9832-4593950d210f",
"observed-data--599bfc59-4834-4db1-b44b-35ad950d210f",
"url--599bfc59-4834-4db1-b44b-35ad950d210f",
"indicator--599bfe83-4e3c-4402-b758-404002de0b81",
"indicator--599bfe83-23f8-439a-85de-44be02de0b81",
"observed-data--599bfe83-679c-4ca5-9eae-401202de0b81",
"url--599bfe83-679c-4ca5-9eae-401202de0b81",
"indicator--599bff95-71d0-4755-9891-48b1950d210f",
"indicator--599bff95-3ebc-4e26-8618-4b6a950d210f",
"indicator--599bff95-e6b4-4eee-9b89-4597950d210f",
"indicator--599bff95-8134-4684-b0a2-47a1950d210f",
"indicator--599bff95-4c64-409c-b2df-4509950d210f",
"indicator--599bff95-fbd8-441b-b590-41ec950d210f",
"indicator--599bff95-749c-4457-a2bb-44ff950d210f",
"indicator--599bff95-9924-4ecc-8af6-422b950d210f",
"indicator--599bff96-3c7c-450a-8929-454f950d210f",
"indicator--599c0331-fb60-4c94-900f-486a950d210f",
"indicator--599c0331-ce20-4804-82d0-43c0950d210f",
"indicator--599c0331-d120-443e-b15f-43a8950d210f",
"indicator--599c0331-f640-4dc1-a85d-4291950d210f",
"indicator--599c0331-e0c8-4b20-8230-4752950d210f",
"indicator--599c0331-be6c-4d20-b449-4f0e950d210f",
"indicator--599c0331-ff48-4b30-b42b-4ca3950d210f",
"indicator--599c0331-c46c-4a19-adbf-4429950d210f",
"indicator--599c0331-7a70-480e-a966-46b4950d210f",
"indicator--599c0331-5760-4630-a02a-4271950d210f",
"indicator--599c0331-d6f4-4a91-938d-47cf950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"circl:incident-classification=\"spam\"",
"misp-galaxy:tool=\"Emotet\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599bfaa7-bf20-4d7f-8932-5c26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:50:59.000Z",
"modified": "2017-08-22T09:50:59.000Z",
"description": "Emotet variant",
"pattern": "[file:hashes.SHA1 = '9214359938285f26785f7eaf25a74dddea678065']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T09:50:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599bfacc-1738-4ffa-bedc-5c26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:50:59.000Z",
"modified": "2017-08-22T09:50:59.000Z",
"first_observed": "2017-08-22T09:50:59Z",
"last_observed": "2017-08-22T09:50:59Z",
"number_observed": 1,
"object_refs": [
"file--599bfacc-1738-4ffa-bedc-5c26950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--599bfacc-1738-4ffa-bedc-5c26950d210f",
"name": "Invoice number <random digits>.doc"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599bfacc-2744-48ad-bbb7-5c26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:50:59.000Z",
"modified": "2017-08-22T09:50:59.000Z",
"first_observed": "2017-08-22T09:50:59Z",
"last_observed": "2017-08-22T09:50:59Z",
"number_observed": 1,
"object_refs": [
"file--599bfacc-2744-48ad-bbb7-5c26950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--599bfacc-2744-48ad-bbb7-5c26950d210f",
"name": "Invoice <random> reminder.doc"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599bfacc-a2cc-4611-9b0d-5c26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:50:59.000Z",
"modified": "2017-08-22T09:50:59.000Z",
"first_observed": "2017-08-22T09:50:59Z",
"last_observed": "2017-08-22T09:50:59Z",
"number_observed": 1,
"object_refs": [
"file--599bfacc-a2cc-4611-9b0d-5c26950d210f"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--599bfacc-a2cc-4611-9b0d-5c26950d210f",
"name": "Invoice <random> Message.doc"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599bfc13-3cfc-4e81-9d45-497e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:50:59.000Z",
"modified": "2017-08-22T09:50:59.000Z",
"first_observed": "2017-08-22T09:50:59Z",
"last_observed": "2017-08-22T09:50:59Z",
"number_observed": 1,
"object_refs": [
"file--599bfc13-3cfc-4e81-9d45-497e950d210f",
"artifact--599bfc13-3cfc-4e81-9d45-497e950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--599bfc13-3cfc-4e81-9d45-497e950d210f",
"name": "DHy6RZGUwAAW5Gb.jpg",
"content_ref": "artifact--599bfc13-3cfc-4e81-9d45-497e950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--599bfc13-3cfc-4e81-9d45-497e950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAJHA44DASIAAhEBAxEB/8QAGwABAAIDAQEAAAAAAAAAAAAAAAUGAQMEAgf/xAAaAQEAAwEBAQAAAAAAAAAAAAAAAQIDBAUG/9oADAMBAAIQAxAAAAH6N3tl8tbjmcdeJIVDprPoC3ke2VCcrW8yVLx7HBEyCQEe5+40pAR7VKkekOc50gI9ICPSAj0gI9ICPSAj0gI9ICPSAj3jYYa/ZlnQbkXsO7HLzEj54NZJ+uHB3a93aRiN6DqPRjPnaeHAO7Hkescu82buGcOTzJiKxKajgx3jmSIjkiI5IiOSIjkiI5IiOSIjsSQjcSWCN1dsESCUwRaFlzbv7dhHJER3mShj2jrCcOe6vErVLfWujmse2nddZnZKoM9LjS/bePdup0zS0xo3ubWOkSXJpkUSBo3gBFygODvAAAAAAAAAEXqmRB5mxA9cmIXMyITbKiD8TuCNzJ4OHb04IPls2CC57LgqMlL5IPtkNxAdExk4Ya0CClOkANO7UeTB728+8yAAAAAADGPWs88HZtMevOSH7O30PHvJCTbA4u3BF9rwe4yRyaa3bal08vy8fT/Lde7124bxnHPwF6Y+hfPfoXP0fQuPsjvm/p86YraSXuI8E7qjuctgAAAAAAAAAAAAAAAAHnI8s4Hl5M58YNuNWTZjwM+c5PO7zk2POT0A8eDc0ZNujdqDGTdnVqN/nTg3ubB2euDJ3uHYdTn2GzGMnhsHh78mcY8mPQZzgenke8ecnoHnzsGmqWqmfMd0zF9/B7nn03Z9TkPf8z44+xq2+OPsY+OXK4stA4u8AAAAAAAAAAAAAAAAAAAABjI849jXjaNTaNWdg142jVnYPHnaNPjpHM6RzZ6Bo9bRrbBrxtGnz0DndA58dI53QOd0Dmz0DRncNOdo1evY8Z9DznI8vQwyAAGjeq1VG507r5bD1cvXjvGqwpezqx6LKgeYs6sCzy9BvwKVE3VXvc1nlb2xM+g/Ep9U5clUXFloV7ohMql6lawAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdcad08th6+Trx3owpf3ca9axES4oLbqF+oN+GGDOfOTOMhjIAAAAxjwPfrVsMgAAAAAAAAAAAYwMsYPTyPWPOD3nXk2MDLAywMgAAYwM58+gAAAAAAAAAAAAAABTrjTunlsPXydeO9GFL9lypkmWDxxQ5F+ezjF+oN+NWr1zG9owdDlHXnk9nQ5x0OcdGNHk6XMN+NKG71z+TqcqXU5SOrPJ6Opzk9Oef0bmnBtc46M8+Te0DqayNmtoN7nJ3Y58HTnl9HQ0Eb2kndjVg3OYdOeUdTlydTmI6ffHtN7QTsaBv38PYbAAAAAAAAAAAAAAAKdcad08th6+Trx3o05B3Gl+3RvEPI7wr1h5CmX6g345+bv0nNjuEe7PZw++zByN/k1GDPnaNT16NbOuHvzs2y5neOB3kcHrtycbsJ5fXSObHUOJ2Dkz1ZOR1jU3EadHbg4nYTwY7xweu3JxO0jjdhPHjtEe7xwO8cGe4cTuI4dvTk5XUTxOwcfY9mQAAAAAAAAAAAAAAKdcad08th6+Tpx3pF4r1npcABq24KFfqxZxRL3wFezYvMKxK93qVelOuRh8+23fllCpzJAcVn9kBy2TYQvRKbykT0v5R2BIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnXGndPLYZCP4Md5/HPspfY1j1jm8HZni9HW5h0OPwd7gydzjI7M8ftPTnl9HUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTrjTunlsO7TIY768bcUvrbBx+O3Bx+urJzOkcXjvHBnuHG7COT30ZTzet+T0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTrjTunlsMhHyGO4UuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1xp3Ty2GQj5DHcKXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU6407p5bDIR8hjvCxkzzUvDbpr2Qfbt7iG19/WQ1rg+07wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdcad08thkI+Qx3ClwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFOuNO6eWwyEfIY7hS4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnXGndPLYZCPkMdwpcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTrjTunlsMhHyGO5E1Wl/oChSxZ1e5C2K/xFtVHyXBXcFjQ3GWVSZYsCubSeVbpLAq0gTKtbyeU7wXRTI8+hqpqLgiYIuaod5YFN7SyoHlLQpcsTyraS3qj7LWrnGW9Ew5blX9llVoWVT8lvRMUWtWNBblZkyTUvvLKp+wtiGjC2IDSWVVuYuSJr5dlB7i4IDgLcg40tys7iwKrIE0gdBZUDtJlC8xY1N0F5VzyWVVd5Y3JBlnV3yWRUdBdVU6Cxq12EyrXks6BngBTrjTunlsMhHyGO/HGbNtLpaEybW2QODnlxE80+I/jnBE80+IjlsIg/M8IbXOiJSwg/M8IHdMCv+p4aubuFXzZxF7e8RGqcEDA3wRHmZHJFWAROJcRnPNiO5poRGqcFbmesRnLOjmjJwQGZ4Qm6VEHI9YjOebEVqmhF884IHZNDki58Q8wEX5lhGapgRHR3iJSwr+ycED1Sgi9M0IjTOjgj58UKwzghuWxiK5p4Q+meERskxAdMsIPgtYr9gABTrjTunlsMhHyGO8JCXZS9Q7LGKRbukAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdcad08thkI+Qx3PHulwDSmNwiQDx7ADx4mNwiQADx7AAB4PYAAB4R7efSQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFOuNO6eWwyEfIY7wUZY+LfCHkc7b12Rfburbg0yO2YjcSekjerrwecs1tG+ZPZekft7PVbRniS8zEdL6OqtoHr6s3rr9Z3524NHfstEdyTni1eTds30vHapbTMRiX02iPxJ5RMvPri7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFOuNO6eWwyEfIY7hS4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnXGndPLYZCPkMd4TildVL7PFalDs7YPBbGvYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdcad08thkI+Qx3ClwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFOuNO6eWw9vF247cujfovGBNfOM4kzjJkHnGcTDOMmQnOzXsgEPIHvx7SET3+vPrHQEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdcad08th7eKQx24tEnhMYk0xFYlUorMoIxKIROJZMROZURaUJjNkghHpARqSEb77yeB3oPRS4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnXGndPLYZCPkMdwpcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTrjTunlsMhHyGO4UuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1xp3Ty2GQj5DHcKXAAAAAAA
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599bfc36-7904-44ca-9832-4593950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:50:59.000Z",
"modified": "2017-08-22T09:50:59.000Z",
"first_observed": "2017-08-22T09:50:59Z",
"last_observed": "2017-08-22T09:50:59Z",
"number_observed": 1,
"object_refs": [
"file--599bfc36-7904-44ca-9832-4593950d210f",
"artifact--599bfc36-7904-44ca-9832-4593950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--599bfc36-7904-44ca-9832-4593950d210f",
"name": "DHy6RZEVYAATaAD.jpg",
"content_ref": "artifact--599bfc36-7904-44ca-9832-4593950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--599bfc36-7904-44ca-9832-4593950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAJHA5EDASIAAhEBAxEB/8QAHAABAAIDAQEBAAAAAAAAAAAAAAQFAgMGAQcI/8QAGwEBAQEBAQEBAQAAAAAAAAAAAAYCAQMEBQf/2gAMAwEAAhADEAAAAfo09s35a0O58fWEsOQ+nN+oOvK9s5Dvl1bGyxuveQOdsFgK9HnGlYCvarUr1hHI6wFesBXrAV6wFesBXrAV6wFesBXrAV7bqDLQbWeRqV/hYY1ustcY2km5RsCbrmxTV7AnHpmYZat5iqbA2tW8wQZJs21/TFd5ZCq8ttJX+TxEynZlcsRXLEVyxFcsRXLEVyxFcsRWrHwrtVryRbrP0qmqsLjfO2EDyxFf5YxCGq7o1ZTq42ZQb0/Poro/7pt46XL1F7Zcg8/TseLze/M+u465xq40b3zetdYnUTTYudA0bwAq7QECeAAAAAAAAAI0K2FJjeim22gp1wOfzvfDnNl7iVce/Ff7O8KPT0XhQRuoHH29oKnG42lBbTPSi19EOf6AAGGeJp9eHu+NuMwAAAAAAePcTGtm7DzLz0gxrj09BWSZY8jyBXZStRlCl+kG015nwAWMYHEvdlN8Pesh39BvHn0L579C+f6PoUOZXTdP7pqtpZZ1GBe6q6OdYAAAAAAAAAAAAAAAAB574eeZeDFiPcPDZ7p9NjWMsXpjsxzM/cMjIBjgbWgb9OQ1++emW3Vgb8NA3I+JLygiwQNhLRthtYZGPmwa/c/Ax8McvPT33wZMRn5iMweYbBhzvS8p+P8ATh0/H9f8vp8DH9T/AJ/e7Pqdh+F+98cfY2dfHH2MfHOy7F5egfF94AAAAAAAAAAAAAAAAAAAADz0Y+ZjW2DU2jV7sGtsGr3YMPNg1YSBG8lCMkiPluGr3YNbYNWO8R0gR0gRvZAj+SRHSBobxp92jV7sGDMYshiyHj0PPQAwzcaNmY/PYsoz7pKiy5GwrXMMb6dzGR0qhjHTuYHT2/A98Diud7Vz2fc3zm9vO36jw6v3J25aqqAdI5mXxduSy66sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH57FjGfdJcSXI2HDDG8+x57qxUW44Ft1DvuB748Y6zc05mzz0PPXA8DS63e6N4AYjJj6egMfDPzHwzaxsa/TP3X6ZgAA8YDP3XkZMRkAeHrEZPPQAAAAAAAAAAAAAAAAAAAAAAAAD89ixjPukuJLkbDhhjczsuMszoMIVOVeMyGO+4HvjTpzjG73QJCMJWUTZxv80+HrQ637InpKRRJRhJ2wZJvax5jr1EnyOJCOJCO4kexhKRXUpFEpFEppcbmnEkI7qQiuJSL6SUZ1Mzi7nNmWnYbA6AAAAAAAAAAAAAAAAAAAAAAB+exYxn3SXElyNhw15R9jjc3RvFPY7w57oYhxnfcD3xHj2GBCWAr03MgZzPOInm/EiJnvULKR6Rkv0hJG4gyN2w0N4ha7EVyxFcsRXeWTitWQrli6rliK5YiCnOIONg6r1gK7yycVvti6r1gIe3ec0bMwDoAAAAAAAAAAAAAAAAAAAAAAH57FjGfdJcSTI2HEdxz3T42AA1bfDgu+5jpxwndwDnveix45i1nZdc9aS7Hjl/egjdcfn145jZ0ApYHYenO1nYyHOC+iaN7oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH57FjGfdLCvgSNhf8AkfdjeTWMvImBOQROQhN8g+E/2vyJ6GJiGJiH6TWA2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/PYsYz7pu02EjYa/c/Mb1tgg4T/CCnCEmiB5YeEDKb6REwQ0wQ/ZY8Zj0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH57FjGfdLCvsJGwDGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPz2LGM+6WFfYSNgGNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfnsWMZ90sK+wkbChpusgY3F36rY5+TI8K+xz2nLWHQwypkSNpRdVU7y6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+exYxn3Swr7CRsAxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD89ixjPulhX2EjYBjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH57FjGfdLCvsJGwDGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPz2LGM+6WFfYSNgVMXG+gcl4dc4+cdE5yUXLk8Dr3IXZaOZ8OnVvPnZKDeXDjLA6NzGk61RRjpnMwDtXL7jonOxDrVPmWrmN50DktB2jncy/cd4dk5+qO1cz6dKoYp1DjelJr57MO2c14dM5zUdQ5GcdA4yadM4royycfelm5EdcpYR07ndR07mdZ1ThL8vHOYnSuB6otHA2h1SqrTp3HzDpHJ4nXOZ3HQKGuOvcXbF8o9B0blop2bkpZ0Tmh0rntB1DlZ5duM2nXOPlHTKS7AAPz2LGM+6WFfYSNhE1z2N1HtsKCfYCjsJgqIPSilnyxzEy7FNpvxz3vQCo03oqdF6I9TfCi19COUu7AUXl8IemyFAvxSLsRI1oOB6uzECPbio1XgoaHvBUb7AQ4VyKDZdiByXeCp3zxQedAOes5wobGaKnReiqg9GKry2FRV9WKTV0Ap/bcUlhLFJ7dDRzXWChhdWKj22FRInirh9AKFfCrj3giQrgVC3FRssxSe3Q5+1ligk2wovbwVFpmAAPz2LGM+6WFfYSNgRs863NO7giNcllbxZNO7nQdEbvJI5006u5ltO7nRgZh0h4azPVuXeWCvnZ7kOaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/PYsYz7pYV9hI2FLTdTo9vHl51vnvMeBZbMaodHTN55v3o3VBvuGe8tuvd28wazoXnvn7eTgUmvoms0kbpBz91uY1z+PRN5osrtztP1NXZeXrkPH1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/PYsYz7pYV9hI2AY2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+exYxn3Swr58jYctrv6vG9sTZIKmyz2miBeQyTFl15lt81HSK+wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPz2LGM+6TYUyRsIuvKHjcpEE1G9JHmjWS0ITsoWZKnU9wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfnsWMZ90mwrCRsIca1Y3UrYVntkK3C1FSthV5WQrbIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPz2LGM+6WFfYSNgGNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfnsWMZ90sK+wkbAMbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/PYsYz7pYV9hI2AY2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+exYxn3Swr7CRsAxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD89ixjPulhX2EjYBjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599bfc59-4834-4db1-b44b-35ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:50:59.000Z",
"modified": "2017-08-22T09:50:59.000Z",
"first_observed": "2017-08-22T09:50:59Z",
"last_observed": "2017-08-22T09:50:59Z",
"number_observed": 1,
"object_refs": [
"url--599bfc59-4834-4db1-b44b-35ad950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599bfc59-4834-4db1-b44b-35ad950d210f",
"value": "https://twitter.com/msftmmpc/status/899798902559318016"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599bfe83-4e3c-4402-b758-404002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:50:59.000Z",
"modified": "2017-08-22T09:50:59.000Z",
"description": "Emotet variant - Xchecked via VT: 9214359938285f26785f7eaf25a74dddea678065",
"pattern": "[file:hashes.SHA256 = '59639027a7fd487295bad10db896528ea223684e6595cae4ce9a0bec8d809087']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T09:50:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599bfe83-23f8-439a-85de-44be02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:50:59.000Z",
"modified": "2017-08-22T09:50:59.000Z",
"description": "Emotet variant - Xchecked via VT: 9214359938285f26785f7eaf25a74dddea678065",
"pattern": "[file:hashes.MD5 = '5aa9fa89cee3ffc4c3009e34db830de0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T09:50:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599bfe83-679c-4ca5-9eae-401202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:50:59.000Z",
"modified": "2017-08-22T09:50:59.000Z",
"first_observed": "2017-08-22T09:50:59Z",
"last_observed": "2017-08-22T09:50:59Z",
"number_observed": 1,
"object_refs": [
"url--599bfe83-679c-4ca5-9eae-401202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599bfe83-679c-4ca5-9eae-401202de0b81",
"value": "https://www.virustotal.com/file/59639027a7fd487295bad10db896528ea223684e6595cae4ce9a0bec8d809087/analysis/1503373480/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599bff95-71d0-4755-9891-48b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:55:33.000Z",
"modified": "2017-08-22T09:55:33.000Z",
"description": "Emotet Links - 17th August 2017",
"pattern": "[url:value = 'http://elabora.org/WNYK418522']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T09:55:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599bff95-3ebc-4e26-8618-4b6a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:55:33.000Z",
"modified": "2017-08-22T09:55:33.000Z",
"description": "Emotet Links - 17th August 2017",
"pattern": "[url:value = 'http://magicians.co.nz/WQEL919279']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T09:55:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599bff95-e6b4-4eee-9b89-4597950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:55:33.000Z",
"modified": "2017-08-22T09:55:33.000Z",
"description": "Emotet Links - 17th August 2017",
"pattern": "[url:value = 'http://poshevents.net/VJFH311487']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T09:55:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599bff95-8134-4684-b0a2-47a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:55:33.000Z",
"modified": "2017-08-22T09:55:33.000Z",
"description": "Emotet Links - 17th August 2017",
"pattern": "[url:value = 'http://kntfilms.com.ar/Galeria/PXNH119520']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T09:55:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599bff95-4c64-409c-b2df-4509950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:55:33.000Z",
"modified": "2017-08-22T09:55:33.000Z",
"description": "Emotet Links - 17th August 2017",
"pattern": "[url:value = 'http://hercom.cl/GJBO609775']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T09:55:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599bff95-fbd8-441b-b590-41ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:55:33.000Z",
"modified": "2017-08-22T09:55:33.000Z",
"description": "Emotet Links - 17th August 2017",
"pattern": "[url:value = 'http://johnstonwells.com/joomla/STBD585747']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T09:55:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599bff95-749c-4457-a2bb-44ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:55:33.000Z",
"modified": "2017-08-22T09:55:33.000Z",
"description": "Emotet Links - 17th August 2017",
"pattern": "[url:value = 'http://yamtech.com.sa/WMZX43402']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T09:55:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599bff95-9924-4ecc-8af6-422b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:55:33.000Z",
"modified": "2017-08-22T09:55:33.000Z",
"description": "Emotet Links - 17th August 2017",
"pattern": "[url:value = 'http://dekormc.pl/css/MQGK305215']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T09:55:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599bff96-3c7c-450a-8929-454f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T09:55:34.000Z",
"modified": "2017-08-22T09:55:34.000Z",
"description": "Emotet Links - 17th August 2017",
"pattern": "[url:value = 'http://addidesign.com/LZIM941693']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T09:55:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599c0331-fb60-4c94-900f-486a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T10:10:57.000Z",
"modified": "2017-08-22T10:10:57.000Z",
"pattern": "[url:value = 'http://absoluteart.biz/Invoice-number-35490/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T10:10:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599c0331-ce20-4804-82d0-43c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T10:10:57.000Z",
"modified": "2017-08-22T10:10:57.000Z",
"pattern": "[url:value = 'http://dusk.be/Invoice-number-412790-Notification/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T10:10:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599c0331-d120-443e-b15f-43a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T10:10:57.000Z",
"modified": "2017-08-22T10:10:57.000Z",
"pattern": "[url:value = 'https://polishbikers.com/3303-Invoice-Notice/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T10:10:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599c0331-f640-4dc1-a85d-4291950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T10:10:57.000Z",
"modified": "2017-08-22T10:10:57.000Z",
"pattern": "[url:value = 'bryntel.com/JWYFPGLBMH8935758/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T10:10:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599c0331-e0c8-4b20-8230-4752950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T10:10:57.000Z",
"modified": "2017-08-22T10:10:57.000Z",
"pattern": "[url:value = 'http://glacierhills.org/Rechnungs-Details-61357123952/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T10:10:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599c0331-be6c-4d20-b449-4f0e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T10:10:57.000Z",
"modified": "2017-08-22T10:10:57.000Z",
"pattern": "[url:value = 'http://showreggaeton.com/Invoice-827715/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T10:10:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599c0331-ff48-4b30-b42b-4ca3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T10:10:57.000Z",
"modified": "2017-08-22T10:10:57.000Z",
"pattern": "[url:value = 'http://natech.com.br/wVZtWN/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T10:10:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599c0331-c46c-4a19-adbf-4429950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T10:10:57.000Z",
"modified": "2017-08-22T10:10:57.000Z",
"pattern": "[url:value = 'http://era.lt/wUGfcJn/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T10:10:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599c0331-7a70-480e-a966-46b4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T10:10:57.000Z",
"modified": "2017-08-22T10:10:57.000Z",
"pattern": "[url:value = 'http://omnisrecordings.com/HZKybTQwj/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T10:10:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599c0331-5760-4630-a02a-4271950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T10:10:57.000Z",
"modified": "2017-08-22T10:10:57.000Z",
"pattern": "[url:value = 'http://net5.com.au/WZwgR/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T10:10:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599c0331-d6f4-4a91-938d-47cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-22T10:10:57.000Z",
"modified": "2017-08-22T10:10:57.000Z",
"pattern": "[url:value = 'http://laguapafilms.com/BVgUGBfots/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-22T10:10:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}