misp-circl-feed/feeds/circl/stix-2.1/59ad30ab-de10-4514-ae4d-cf66950d210f.json

811 lines
1.5 MiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59ad30ab-de10-4514-ae4d-cf66950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T11:11:39.000Z",
"modified": "2017-09-04T11:11:39.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--59ad30ab-de10-4514-ae4d-cf66950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T11:11:39.000Z",
"modified": "2017-09-04T11:11:39.000Z",
"name": "Malspam 2017-09-04 'Invoice'",
"context": "suspicious-activity",
"object_refs": [
"indicator--59ad30e5-07e4-4160-a990-4fdd950d210f",
"indicator--59ad30e5-cfb0-4ad4-ae23-42c0950d210f",
"indicator--59ad30e5-e1e4-49f5-8ab9-4447950d210f",
"indicator--59ad30e5-c198-4370-b128-47bd950d210f",
"indicator--59ad30e5-4fcc-4fe6-a81f-4215950d210f",
"indicator--59ad30e5-c49c-40ab-bcb8-4796950d210f",
"indicator--59ad30e5-4480-4b84-87ff-4752950d210f",
"indicator--59ad30e5-cd60-4b91-b8b5-43a4950d210f",
"indicator--59ad30e5-2e04-4aca-a1ed-41f0950d210f",
"indicator--59ad30e5-7f6c-432c-b48e-45ae950d210f",
"indicator--59ad30e5-a834-4ece-ab12-45e1950d210f",
"indicator--59ad30e5-e9fc-4f94-8c39-4e6a950d210f",
"indicator--59ad30e5-426c-4367-b3e5-4a95950d210f",
"indicator--59ad30e5-f7d4-4577-9c46-45d5950d210f",
"indicator--59ad30e5-542c-4bb9-a9e9-44b5950d210f",
"indicator--59ad30e5-6388-469d-a295-431b950d210f",
"indicator--59ad30e5-db94-465e-a2ce-49a4950d210f",
"indicator--59ad30e5-1a7c-470e-9fc2-4f87950d210f",
"indicator--59ad3112-4968-47da-8dbb-160d950d210f",
"indicator--59ad3112-ff30-4c2d-870b-160d950d210f",
"indicator--59ad3112-53a4-4173-8ee4-160d950d210f",
"indicator--59ad3112-d598-41f5-b993-160d950d210f",
"indicator--59ad3112-4ba4-4155-9cb9-160d950d210f",
"indicator--59ad3113-4cf4-4458-8db3-160d950d210f",
"x-misp-attribute--59ad3198-1ed4-4230-bad3-4e53950d210f",
"indicator--59ad3259-86f8-4ecd-b266-4a0a950d210f",
"indicator--59ad3259-81a0-41c9-9de1-4177950d210f",
"indicator--59ad3259-6704-4dc4-9e4f-4fbf950d210f",
"indicator--59ad3259-91e0-40df-897e-405c950d210f",
"indicator--59ad3259-85c4-4249-9220-42b3950d210f",
"indicator--59ad3259-1708-47a6-8ecd-4d4a950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\"",
"misp-galaxy:ransomware=\"Locky\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-07e4-4160-a990-4fdd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "initial download location",
"pattern": "[url:value = 'http://hellonwheelsthemovie.com/JIKJHgft']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-cfb0-4ad4-ae23-42c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"pattern": "[domain-name:value = 'hellonwheelsthemovie.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-e1e4-49f5-8ab9-4447950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "hellonwheelsthemovie.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.36.165.149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-c198-4370-b128-47bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "initial download location",
"pattern": "[url:value = 'http://naturofind.org/p66/JIKJHgft']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-4fcc-4fe6-a81f-4215950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"pattern": "[domain-name:value = 'naturofind.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-c49c-40ab-bcb8-4796950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "naturofind.org",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.78.190.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-4480-4b84-87ff-4752950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "naturofind.org",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.133.66.15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-cd60-4b91-b8b5-43a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "naturofind.org",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.25.118.221']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-2e04-4aca-a1ed-41f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "naturofind.org",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '79.114.140.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-7f6c-432c-b48e-45ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "naturofind.org",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.27.56.240']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-a834-4ece-ab12-45e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "naturofind.org",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.135.107.60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-e9fc-4f94-8c39-4e6a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "naturofind.org",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.54.77.82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-426c-4367-b3e5-4a95950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "naturofind.org",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.92.225.115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-f7d4-4577-9c46-45d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "naturofind.org",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.122.247.39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-542c-4bb9-a9e9-44b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "naturofind.org",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.211.215.40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-6388-469d-a295-431b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "initial download location",
"pattern": "[url:value = 'http://prescottinternet.net/JIKJHgft']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-db94-465e-a2ce-49a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"pattern": "[domain-name:value = 'prescottinternet.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad30e5-1a7c-470e-9fc2-4f87950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:54:29.000Z",
"modified": "2017-09-04T10:54:29.000Z",
"description": "prescottinternet.net",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '166.62.123.214']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad3112-4968-47da-8dbb-160d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:55:14.000Z",
"modified": "2017-09-04T10:55:14.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOdWJEtun18elw0AAAUsAAAgABwANDI2M2VjNjFlYWNiN2M1MWE5NTZlMWM0M2IzMjE1ODJVVAkAAxIxrVkSMa1ZdXgLAAEEIQAAAAQhAAAAIBnXJYCP+RpwcCv+fGRd1zBppLMYeW8UFbB9gn/AimAWXcVx8mtQNAxXQZY27aXg9/0MBt+KxpBBGWPdwEG+KOUwyuqIExMweisFtQuei3y5HT5h9ciQpUXUUnjnG5+OfPWyysgP0n2ch2ODjbOQpM1Mgd7q4VgrjuudF04jrHLzOG3vKQj2d9KATcFC892IKQs6OyjQ1T8pGdT+nxIf1AA2Dpasi/Byyw5HIP4Z+Gty2MCVTXRSID3guqQ6ELnSnDYu4f3ejAgnSF+WGpwnnu+4jEwYTec4k2D/C39gWhDhXF+LjFY5yMndITh4o0t6SteuHCOjTnNQ0BkACkO10YBuyY2TT/ItUWr/bgkkYU9QDAjlHo5kCLBmUAM+zW+OymQgAQRIxGG1jc6tGDNls9v5mEMqx0zfJLcYU1P+5Mqd7h7QDYl9/n98XptI2HoZ2ind26iPzWe4EC9xQ0PkYzTmFezEQAuTrIphpSAsluJfzIZzbv0VTvtdLVw8drfUATS0qaSbxjvov4L3vO/lI6bZxPTIfw8W7nUUtLGgo8YRZZLCfN1v/RPiKQB2Efe7OVtAWnV83JNytge9E0YF9vtlTSl9HFzY52oHRRFTPNisDrMjXRSc33yVdEe0gYzZNsKTD4dNjyMkVK4MIY9BCpPEkZ1f53ulGKiOFfdfgB4NxtRhZ2vCQmwvKM65RNh2rlc1q1m38IJNFiZbJSpr1Xkf47rWv3lujvJoKmIfg2lm1Zzz/ZaVJXeQsINWMthAlYECvmT859PAktHbTfwCWGhqDfMUV6MrW8TN41qb9d7aOPCj0aEqG8oBfKbZRhZKNl4Q+wH+HXpCKI223DT2ykX+cRJZJ5IC9OlfI1FKztdJxZTJO0x1yzpT134Hlr/rsOtzXKgMxr5uPf6vBf9Gg1FHCMfFnaHWVlOIlezTOjiQgG9WC9x0YA/3gZnM2Y+bI6NcTh1Uln8O24ceRJKrgUa1L2uTDI+sgvEkty4RAD0yr8+i9WMkCt0JrwcK/CXQ1yYzWKjLNx5EgYD7t8j0JiQMqO+PAdp84FeC5BmnzIMaSgM4LFSN2GlGPkdTuT5xIZ90TohFndvmFoM1kilSAMGOMkDI+HlvF0I2z4HJEnIDmG9ReMhFwjUpR5drmBF2tDpkrZBfE/0sDsMZBRXldMnXF6/bgw76KKlU/Dy9XdGm1KtWZ4Ip0aSU2V/rh8aYectKwTeKy14gs4uSRCV0uuramAgPndHxzWXTY3UtbT3FVsNDIZ6ZkoUwhF5nYXgTqBZB7cLiNIUxw9hgCIDuGZzlo0XqaV12DOQmoA+8olA3WHV2Yg1NZ0N9WbBUiZl/lv8WTA24XyISxMdGL9jhud48oolm0/nXDmcBZiNSIhSAnfDDzIYMrjivxMYSIs3Xcf0rGcjfebPQBirt1np6I5iDguRZ1kTN1o1503k5oLYK3zQV5hoEzamv/qFWO74aYgBin0JnUmv87Act6Z328rhDFxMgwwbTSNw7Pf1xxJao+W3YIwTL4VSigPaq3B2Bc+5WrZfaVpKvMmExU1gBrySfp2LeY+lnvI37g78iwwBrgcNh9KvLpw2hItrBhjFZ5UJNcpiEdYgGnIA6MOe1ayAE5e+5XkdyCIyy4cl4b6uEL22LXdhRYeYNLHq6y/EepZB1/18pKpbyDAHlB6ujWUnZz02kvnwhhIpg1YRN+DPsV3JsCXPNOZdoog9L1LO5ScN363hINkP7tRZIPFbnILtEJQkx4BwflT5M1bznDMxwzyADh+kdGN8kXnmB0sN6ivZ0UvGXjyP2qzCiqkOGn3iCzxeysDQOIv+TZgKG4/K/VcSYxutnJ6b6FAAovNwtkQJAjrGsJFux17tkBDs4NeNfE4PLPkD3YsCi4OXM4GDCRCY7YvrI2abMCGaPjIkyUzZ1jFskLPqH2w7wjkUWonH5uaSDcJO/ZKqfmsC3lBDAMLLUXao5Gk4uS0hwVnIDYoSFu7fq1lKZ5snbf0YOtSo5Fxk30jyUIkDYCoQeo8RwGc50pN4oWixx5Mx1vjtv990atlNaVUVn21n9HY2pT9I6Gvzc3Djc6Sr75O9sLBliUXsr7DPqWBaAIyKEmwE2iR0CEkJ9pPasuMCLM49LpNAaKV1XupToPw9tCKpngR9ejdZtoil5FWYiEaBJT0Eg6YttscIkK/TSJsBtaeKCRz7cZNcc58aIWTGDhYz5vyVXhU2/cHfFR4Yl9WwME2mewIgnq/ZxFgsSYPdlFrTAQMuEA6vawh8DofUQV+S1aWS8bI2dPy3RPXGsxorPiftAILWVb7zKoUGF5x5BRYMfOiuTXTEpqwDarqA9KVX82OcVzCqyBExRjzYiJSN4Z1C2nucdoyqACygwiicrkEmCzp+k50xOgrbdqO43zJZ9Ym/7XppFVsi0i9JVG2wvPlrzZm2W3x+x4o5fI2+PDVD7mdSvpsPgGXb3EItV0wXaOMvcYDISGz+VLsJ9AoC+6csSJr+SI9WhjdfmO5/Stofiv9oaxI+S3ybLdKIU8CQKR2sfYC750uU3LkqeHtxHj4joMX+L4i1KsU3Mw+vNEPsVsj/afgQGmZDPZAROdy2OS7EowVJmQQtvJFWaONMzFMSRAo7tYPpPfjM/3Y+SOL1bSCnsQ4/GAz6+ebDhmIKQLMBuRuhuVVuJSgnjF2j4gYLEblo+xpzFi70fN7o6CLiBj664pg2S1QBpnrtnNdu1L622tSxGF26zLnk9NIkYPYCQ8ivbG6pu1H4W27TqAYXflgL5q3w7DPyrnjDoiHl5qsY+RFhQPYYBMtKisDPubXAXlnPRB+HMnjBJo5a/Fc3QchV+DVgJ3Vt4XrCsqYowDEbi3QjMQedLlu/oMmMdwxl8ZzNrbO5c6pxLNJewu0JznoRJ+0saeW10h4iUATXQgt4lPEPmcFuxfbr2NH/rx3zFrT76jGUv4kA+4HAJ4kBhruAsi8DwWvXpeTe5MBdKlJX1uucbUONDNXH+3jN/WQxCxsL0M21sAwbo7CHI3owrD6F7/1j4Z+jk7pC8r+2+/Oj2HoJ7yinFXaIAfQ3uA4wDy1J2tHywqCQ4u6P2FCvFwoZ+IHny9WYDRpc8iu2E94mBPm08ZlqIlT/zlGgvt2qHO/ajps4tNAfSk/LWezRxHNziT1u2o3IzuuLTwauTcgj5ckjFNXw1YsZhRa0ZzDtJp3tvk3017EYL4/vx0VRChrdou9Vlwa1sjKQRdUdvvgxXhLjI4YR7qN3dcPR+gxknC+q1cMYipuOFQHwZHYrpfCAqQeKAQro7WoU3jGO8+c9J9PrwX8/1v9eT4O8D2wlSfoLVkHYUe/54K9vclutnqAiYUAXpX/HB9ZOd3Ky5nJ1nmTHmmbq6smYrHm85DJnVp/h3hEojGStrqhcg/cKksva4gwhSZhEL85rwAhYySukcwVtf/NJZeLJ4PEIItgMZ2RxjuDPfqB/JcL75afemfDPwRLy80XaakkbTU0WWs3UCS6oLAy4v7BHu8XSpQZ9/W2P/qwqwjK7CkB52gBOpyib+i3g3YVsfTD6CSWo6y1m1d3cRyDhz7senG+/7xWVo7dqTSXw1Zm9jzqYOzH3FoWSVj/dcE+LMTmraOb/I/QFZWTKPag0aVnFOHNVmHxXYwLWqDVeiEkx0JvAf9ndnVjSmKRiMc1GI0lxA7DAdkuYv077AGF6BJ3iLFBXQyCYhabIMiahze51kLJLenqkDGQ5RkqceU80Tj0jkLEKz4sgAefziba4QPtLI2Gs3hpWlla3TVBpQ3xlC/G+MT1OMpWMPZYJstFGlry3kdaNym8k4wWIcr3DWha6LC4alnfXFynOIpyIC6AVezuYlrSozbo7KoO5POgyy6PxpX/y0/FwpinCqd3l6uyhK9DT9Wyg/cC9yPZi9ZpH9Gw
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:55:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad3112-ff30-4c2d-870b-160d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:55:14.000Z",
"modified": "2017-09-04T10:55:14.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:name = 'INV-000971.vbs' AND file:hashes.SHA1 = '75a9ac899fca0e6b06c3c72b565f09bda17b244e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:55:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad3112-53a4-4173-8ee4-160d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:55:14.000Z",
"modified": "2017-09-04T10:55:14.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:name = 'INV-000971.vbs' AND file:hashes.SHA256 = 'c302bc7035fcd6a946810df38fc81f1b7f16ec595bcb0d0070a37cf2c7f87c6f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:55:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad3112-d598-41f5-b993-160d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:55:14.000Z",
"modified": "2017-09-04T10:55:14.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:content_ref.payload_bin = 'UEsDBAoACQAAAOdWJEue+lXHrg0AAKINAAAgABwAYjlmMWY5MDc1YmEwNGM3OGU2Y2MzNzkwNWJjZjEwMzFVVAkAAxIxrVkSMa1ZdXgLAAEEIQAAAAQhAAAAZsbY+Hycsv51Efu0oAI5iST4SFlbXFG/W68H7xD6QpMhMvtudoQuff6h8B0tudvHUjtw8RaxH7oEmecAnU9FLbknCjyKMcggQ++nFbmRxJFuYKSq3s3VlzqXYThiMxz2G+qNXIvZO+I6K7M16GS+iiaR1HEX6oqlhfhP4XAx38mBNQj/XbAX+xINn5ZSVV0EUgYxhnL1OBDbeNX06mL6D8/sLNxqO2eaAqAxDdGg/Hv66ThPyEwW1YvYV5OcXJTkPJ8qUtFR9/MhdnvrrAMQ5KTdHrt55OHBR3/OWKJnmwmBLe3D48mEZb9IS87QZYfuEb3MQJezGRApC/4ld1uwiwHv4BK/f3Uq3KS/s8UrB5ZLTwVbBUHNwygPqW5R+mxmjii03XjkL4T17qkSRWqkN2FSzTVAhA9Q+Qo8YWy6GUHFU5XEfFvTmfR0hRWFi7xJ1kKcS/wQc2HgiC4gXoXdtg08x/5y8jjyKxnTM5UoshAf9StacLvPiyZlULfBMQR3nwKJyKp62mSrh9bnmD/73KqElm82aW+l9Ee0M1V1NKZpeFODKrWJpxsxUPhlh7G8n6CeBUe0wKgN13W/gCiPy9lOAeAjQXermeKvUPKsHtFln/O/lg1rWdqC5JdyR3tY+kPshLtcBlbpz9EJCLbK3a9p5ebNvsnEAMDMDr4+PW2lrVzVMIQHD/qgKuGVTXQ9OUvrPhn0Vg00pFMLrFRHT10FSlArp+XM/17gZUwg2aA4+LxW2UB1Az4DznncRrLZpqj7pwfN8G4u2FCtwbmPQP66PI8vnTEdD30+JQ2LS2mj7QYvyG9zXQoszPWYXtx8w2Z9fqyuABeoamSdzyS8N+wKq3pfHimSqV0pb1GSal/fRqWNIFvrbE+b2M7vn6ewLalx+W58GZIziz3oapOR+SqqXA3YhiI6Mle4mqFWzVTCAFZr9kfA6TqxkZ7vxmbr5DuKXZTsFyICOqvr8joodDckVdIDDfcvjG6kaFAWhQw4+jVBhZpBCpumlniBqSPECRe6JyiNAfM6GuewzuB11nwmhyB2XHnbWtUPllYLreUIkuT+tkYHa+b2YY+y8oD5iuKWPE3cudSluuyKG5//iSsQABxL39mQKjpLIXuuhTuzNjeJNq4efiesjXL6lSGum8G/GY1gcPboOPza70v2/oQHkC3G9vDQVZ5QCaOz3mBmZKDAJXy3gok5DmsSv4+YAE+RJepH8d+KTzgdhVfV5DFAOecz3IeidoKWECdnYGfCHN7hFSb4U4Dy68nt3u0LZlkJpS8zHAEtNvxVoOpdXgG/zKXoipiUBlgzMSZXz8XyVrh6Zr2kXAybUXu/BlTbnL2P1iPfp43qhtKJiDbSggiGcrU0YUWa8PMXFH/WAKbga0jV2gdVDtCIwOW25E3AzW/X+Rxx8E1Sfqtjt/TN4kXWq8yauxEtE5XQLW206R5SiIETmWrN9S5sK6WNjtBqrE5ewr6oPkFbByDmxIuzA8CAsc4A2iDRABjm4gt/L4sxwIQrTZ9z6oFG4GuDJHka2BpCZW7+XtDJUXht765N3JYW38oecaeMfYmmXbWmwxsmCTGnW1GuVIkzcMJSRosH45RRFp31GlKSGl+vT4Czh6owmZxR0c+o+vTk8pphpG9zdePSeeDoVuESvWz7qrdh8mtrKDg8erhzKD475Sgmjd7lJeEyav2zf/hvNu73Wf3394gl2gXpr0ik/xYJl9Bqe5lvsQblpD7XsPxVkSkecB5wGW1GJ9Ctvw96Gptl7E5jgVvxQ+cirT2Zfeyf6R0AXXzVl43Dj1do2F1tYH/xcuHVt9oZLd6/4zRnDQinzElasnNnL5Rf5Tj1Gmukio8gaHsTQMjDIIoYaYXa14viriIpb9AA6dYh5GdU0hwRG9NgkNw/Q1DrXk4D9Ss5v4+Xur/bHhvGdcXw76WBWUDyoPU6Ytgr3OrwOLjYACHiA+HX0yb9i/tcHVcmQBp6YvP44fnX+yT0kUUWlQO/2jCTdwmwW9vtlRqGng57wyXMm8kBweKxZcQWpjL1s0KOK5DewVGIj98TMHebGvW6Zy4h/aMB0c5IsqHoQPyNt7Po4jOPDOcFYZVKHmH48zZuxlJIj7abdYgVy3yxoj6AuJ7n6B3rcwiWeKCsP32RDyme/Pxsb7u7YuhTkUCPskwL4+/vezu+6T0YYQOo35NzhKH0W4ET3y26QQIXGb2Wmh4CRHfdrQT9vq/MY7J+FLUOtSgGZbT14p72vBvHwMfFpV3XtpUrtHuzn0gBaXcBnUY1kNZ0Rne986FIweuzAzEywYlSRHX3deWr0SbBb96uN7aHs8uEDO5pZjy+Z56aEunkNO2DZXeONbOPWIV/pC2wRpFH0ERI3FFuOdqWlslldBxMzBuanUB4ZQW3abFKFtMkvbbGwuN7DSuZMzxWkFe6lvpL/NqMt+MkvClpRN8U9dASM2Z4c+Oji9cdkkLRQvtYzpwJ7n1DK4YUMIJF0Tix57oNp4XsQftakrLake/682eBQb4+RF4t60hhQJ+KCbsnR0hV1+IPTLhMN+hp9lZw0UyOcThvMk9HJi3eS7ldF47yDBk7IHzMgcrHV/qGNYZMeIGJBHB5efDYtW8Q9Y38xKBJvnpGKYZfVOvFplVPALG8ueqDjl1Tuzsh/8dwxPtIOOun+2lxBFuVSm3kawlnvFMGkNOQhQa62VP42hRFKhzUR4WVHpWubvay16eP6NqBgvaGqw7tba4GVV744ABuQ0OQ5uTp8XL+XE5JKhgOSUwrTVf9sL6/zq9EnwY3SUoc3DBhWsqSTPetJMjT8CXADmXrOLZTe79KweTGIZj7ahVvAKojIfMb/vSSesEgBrqiHj9az2bHJJuZG4iecNLjygCwDGs1GeKLYTqCLyxvbUu14dNqwV406btaNJWkjNROXlb/tS/Rke4kh6UirUQPpmVI4vgY8E6F8cGDgUJ36JfzHfe4p23lEe9gqBDg7XHNBG5ShLjXOrq9XvA4Gf+uJaqSlrL8tnKYBPxaNd+HQgv4ph18scP9zXCmB4BV5iy7T+QQYWXdzcSF2019fOgNmBZc7OA1AlUOTekAH4ySPLCbb0XsK8nR9+N0G0nODhK6HZw+wDw5055aRUvEQD+GC8ECdBfdP1rugN2Ms0p45CCHKXbB96x2sy8jfnax9Ra5lH7NhPWq4g+jAHnZJpzscgOB1/VuJctQ0VjiYYFgDeTdKnomqh6U7JnJTcnnyRpd5e2z52WAzpXwtYtpt7fJyzRhYIAN8sASPuC4Xfw4NqT9yntSmWWxeObS6YhF10phiT8ZGwQnBlgQ4ql4+POMeWgC0ta7HhXcUwBJw0vaC23B7fB/thc+oiGtyK/7XdI8ZFMjt0fmxM1oiLw6rcOn623n9ocIgKPr1NtVxtUl6jrm5+KqZaGZg9USBgKoSfwn9b25R5dNPg4euMY0SXNKJ6fbxaQ2L6Dx8asHtPXCJB3b6+ynw/HDPl/oYLUPw7xbzhId2qS4R0XF9oZ5IZtSG1hAYszDbD60Eut6rZvxCZKUM5fEn1QbsREc08ugVVcRUiyZLjkjwwyeoTqzcK5yAm6R0yVOXp/he4h0Flyseb9z6LEqnyNuP8aVVJA6liEM7vuLrc/eF93bDZmAmX7x1CWjiUzGIDQqlnLpBpgiHceXmMZ/eAZPtw64Gnwz9PtavpIyLPGu6C2wrOUr/wdrkmivqEKOBPPlayeM40mmk/THMKmxXSiCp7bhvd64aUrrQRNW29uCLHAw58a+P8jAuzRX72+sa+iAv9sYcEnFWn7hlMVGqxYWTV8rqAvIBCSBxVcXOFK/yfi7kcnkX3dF25TPtMlCWrnB2m2+cPiCDKSXBmjH5yzPpnPws8esQ/zwizps9CrEwbQJkhvyQPtmK1fdhd+DoJrCI8yLw7
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:55:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad3112-4ba4-4155-9cb9-160d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:55:14.000Z",
"modified": "2017-09-04T10:55:14.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:name = 'Invoice INV-00047.7z' AND file:hashes.SHA1 = 'd8f2327db701995353ab6850cd5b5c06875a549a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:55:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad3113-4cf4-4458-8db3-160d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T10:55:14.000Z",
"modified": "2017-09-04T10:55:14.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:name = 'Invoice INV-00047.7z' AND file:hashes.SHA256 = 'e0e930da25cb8ed0927dc234208cf257d0a84a12525f2a897c638ee2366ef9c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T10:55:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59ad3198-1ed4-4230-bad3-4e53950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T11:11:39.000Z",
"modified": "2017-09-04T11:11:39.000Z",
"labels": [
"misp:type=\"hex\"",
"misp:category=\"Payload installation\""
],
"x_misp_category": "Payload installation",
"x_misp_comment": "key: XdSk4gxRmVKXKBlRXHLa29VxIpIIegBH",
"x_misp_type": "hex",
"x_misp_value": "5864536B346778526D564B584B426C5258484C61323956784970494965674248"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad3259-86f8-4ecd-b266-4a0a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T11:00:41.000Z",
"modified": "2017-09-04T11:00:41.000Z",
"description": "payload (probably Locky)",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABVYJEtHmq6MQIoIAAAwCgAgABwAMDBmNzVkZDk1ODNiZjI0OWUwNDczNTFjNzM2YTUwMTRVVAkAA1kyrVlZMq1ZdXgLAAEEIQAAAAQhAAAAhBIdvIJMdaYoVEK89tNTcD9bjM+pTCGJowG1EsaZCQkgpXKJEJbEW1l/uw7dMBb1BW6YcS0trwFE/os2vtRfXg3vmrZSb5a9CdX/tRuo5VsJuJPs9QoA52vLmcCfL4fTC3+78nOJ7RoJndkLBTl9xBy7l/4vR8IFZWsrZiSPvYyIwPPdjgDTkk/9ensia/GQnngQPvUrEY9ABTrkGPUmXw/w5TswmhjkYps1P7Ez8lszkGWrU7gjjRPu7Rj8LtbomlsdkNiF5cXiJAnjdM5F4uF7nkGR6CgZQqIW7S9z6EmoYj4TI8o0TXMEWscTNuODAGSmbUHuS+0D4NR6tmIGjSDkarqMK5cqbal5rNLKYTo5fvQJMLi5qcgZ3Av8JgL4biJBU2ItucXOZvV5284GgJEB6LYU4LM9/IGjsGzmGqO32asyz21dGxXpBgW4WyyXuhFCtalZYjZ0G8EmaVJWOgnii4zJmtpifOvQ0zqSv8DDhFo9qsJCcOpJKME3NnRYH9TuxmBFs6b5VcewgNorIVYTSoo2HZdkpFy7cNIqjdl9fQYG1aSf9dof6qbtrskKj9qHfAGF4l+0G5npAD3OEbbmj5+3NNoxfiwFazIMFi3EZWU4P+skKxjMThqJ/wMkgYT2tza6OqFkI0R5JKvSlGnxUF21SXBZCs8uEKjhxCMcntSCvecXYczt29M+Kx53Ri+qI0se4NBGgvxpYeLpIzHa+3doH+irB0+bcuQ9DnzTTCoii8/C6vE+tZvg9emxZtAt7nuiTzvUGFXhp2zCKBYFr6UBUzRUCmzx4HECuQFHvKgyWb/9PettqqhVXfZsieKV9ff2s7O7RR+lN9sKlYVkJv6hdaG0x7S4l5tvSPBHRY6IVN938bKVzqjRkUisYqzybwrAx7/uLgtFJkrkjN8N93jvB23mNlRmL2gCMZ/Y1Gyp5ASEdmOHqjqs8O+u+QL7qOKiE3At0o9UW8DiQrKNm2D9EZAdWTrDnbeZM0wZsnY2W/i0Mca90y8JXKTXjpaYBV3MEehO1/2jIGWmqfcmudt/dOz/Z6mFsveLPCTU+R0z8r+XoLyBqU6Elx8JgaQn9sSW8JK3ic7V54wLctgoG3ZvPO5HdoSfnqxMwvznL0ON9l5CBAaP1btkLU5NDHa83qNpjaFhkdje8BGAad0dTMu5y+/JXVIT7/gi0XSr85q+KUS+7wRthIkAo5CzsQCyCIV4WfEZPUfjMm5yQVY4AnfD+TuPbPHU++0Q/7DxQnH0z8HXEB9KyfdHmH54iJbv83jMgfKoAKt6PlYrO6oQEtUg/sM1utKmc6/fc2z9U85n2V52p/yV7m6PseuR9oyEg/HRavoaaxalzVCj5O+2xHUzZZqm7mrycuQjXJgy/YSxIOoRSPmDFghylD3N3u8zPeJ63BVt44c/5FMzf1acHB7g+lJVXAz0sX26pOpV2VUQJIAFmiDwc5Nq3038fkaIpiizsrWOFNVatyPmNINiPX4YQrlZG5O2eQ74IJZligWiv+KHOUxbvlYEXOEnrteZ4WXjjT6wDECKwR35zI6qylc44yS3dyuWcfFQwXeTlCZB/Lqwd721NfNmb6vHmPUHlmsI/KTeVCP4RZfO3/EJZX8cLORkUPo1LbZkG/XpovF/hVoT9TvAnpH3QznSJF2cNOftqVDm69pQG+vqV3l/ZxYmhhwWPz5i/aHbjhizWu5xcLuy6ke1SVRdDw/v8t6FVOtOh9373J60bKL4PfZaO5D4a7xqeItQGcG7yM6UIX6H1P1nOJ1NpIM4EAwmlp4xoUDMZ9EUyTGPcq1TLYQeYbtMEmWZKmqdpf+Yi5NmwBk57MJ5AMWryoTDWMhVPl8lsrdI6aiR1pg2JTDLsiKqkdJY2iXqHV0BtjjgHTxVGDxshv9cnZ/1CIzbNJObU1LaPomGt4Z1B+hd5FwIfC33EB/rf5ZqThRoQrQUET1/b6YeQiQYnqfffIz4V3PWkiX+7mRYEjvAGeqcvV4EgfhqrbUdESsWbuzfrrx2VvLljhR22Xwz1CKLayK2lQp416pW0xOl3IuNNACri9HDRRX/C4OIaJn0ZizRmnHKXC0LMr2Y1Bmc59jhDtx6FnO6zSDM6O735WJv/LA2K6c6Vo3IJ3oQSHrBw3drgIchahvrOTPZPqdFbEQ5lTSprEn/eUwE6rA/UrZtBbiXEj5VlOffvhFrN58x+zxHQHP7vYaBxVNdIinwGrTijmPHkbSMyhNvSGrSV69ljlGoDDKbAOCRyVXiwk9vwNX1jnuH34PHrJHKOAdU7NfDcF2qKLvfMfGHDw4I8ssXhw+HVqb2G/6lcUNqmshoEf9qnnzcSYvFwqg/mt+cBuiKyubby2e9o19rls41WrI1XM4g/qZ9lHR9/PRtAgShC6ZyWdJy1Qm0SFTXcqoc7AZayr4JNpqBqRMFJAQu5K4YaQmhSXZAtHrfW/ztnsp8TREaWFfqHYIQFk2yIx683UPPx/7IQG0Pp+319XyAR7UKhTxlsMFSThPmpjsAeMi8swoo3qlM62mSiK4TmpzJA7wAimALTbSghAMVp9gCjeXNucj9MU++XGCcktDwoZ0XgTE80pr6qWcYfnbgG254Wfo2rgWKNz7KoGMYhrW0LxsD8MUmR+0I+hlYI2h4amoAbVoBwdf/8iWxiWpro1ZFRWphc0I7531kHuCRICikggPdG8OOwkq1zkaqrMtORxBiTJMFfpyUjN7GyiAgbHkBe7tvko7Di0PtZV/ho5L2u6aEtVaD1c6vCNrZNY25EapLsrsTEdYdSZKDwsynsFsdtdOFaTKeL11qJ0GlJp6ZgLZ/ewhR1v8owUr06zeZFm5plCNW0Vb1MWtdaOqxBzKgbiYYQ9ras238PJ9MJaHjC1rU/4fDfCkSGVQduZekKKC1JBXMmFVWzlr9NWmmGdCGcTTM9sCxN3+xIQvJiIR8akL3DF5mBr/5tgxaTsr3V9PKVio0cQ1H/KoCZnXeEFsTAnZ6he4SM20zp9n54+gpV43hboB6hyf1kxBXDbEnR3mPY3Rgnh9dfpl2hLinnjTYJlFQdlcFxquWyFp/oJNEJTizCLxmmSLL7h6nbQ1uNdFQLt4IUmEop3CljSiyvacXVSBFmWiwQqkv926SYvbqNVqgRuygeopOmaj8GNBBTKhIThLxyxy6CyVxkb0PoPAM2oH0bIMFIq8gKBnq6OOjpjpXTMveOaUhLMC2De5wOvnBdnWr0LluC4Vz4GejfVJUfwE94mlBhIkkhjc/+atGqGfWPN0heJEFTUkSWX9TndRX/2dmv7XItFbdxLKJZjeyfc69EhagJl17iS8mwqN+cWoZ5l3PfRFB3eOJEvYGqXAwgs9C77V2mxXYcHq5VukmUtGgmsJFlpO3nqES4zVkuWg4Bo3dFza/Y+qjcTieQn98aNnFfn0mii4GU83KBmJdRQ+/Z20ZnKHh3EgaWdJV8o9Xxhxv2CgisfSkoKQrWO+4vFvV4QkTTALwdqYs4Dnxro50+kg3A0Lidy3BM3xVa3JWYZl2+/xQ3xoZyJOGumOMW21+F2sjvlH1JA2uO6znM2JCNTRcxDtZRcYCK5r/ORtp9yDoBl7KPFzFonCiA1bpP8QrgdzRQKfuLkfauG4036wog3D3IVe7RiD6XePHd+uCsawc2wgbXFVrmlqgAs1DLrXONDPPrSpvwBfJw/hxp6H8SqE0tLS7oRRUWxI/TdRaaSYXXULefisMw07Od2DLoIYILaUmlmiUqU7/MJBhFM+jE0eAGwmb4uNkgPvhEr7Ex7fBrtEW58bglFpCtahMYnjpXRZ9DpF86GEMKSxhgSxuwzoHFlN/GHpcES5zIPFlw5mDDvI+DBnl2qkP/c/02Lf3cyd+k2AxpaMPxov8n8ZQOGoxN7tS0fae+koRg+WYLJ
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T11:00:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad3259-81a0-41c9-9de1-4177950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T11:00:41.000Z",
"modified": "2017-09-04T11:00:41.000Z",
"description": "payload (probably Locky)",
"pattern": "[file:name = 'JIKJHgft' AND file:hashes.SHA1 = 'e9c0088f4aa37aeeb71fe9c7e404f4ddd508c7ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T11:00:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad3259-6704-4dc4-9e4f-4fbf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T11:00:41.000Z",
"modified": "2017-09-04T11:00:41.000Z",
"description": "payload (probably Locky)",
"pattern": "[file:name = 'JIKJHgft' AND file:hashes.SHA256 = 'b09aaa556542d51b24794962d86d370ad445739e73ca82b4b4da2db08cbf0df7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T11:00:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad3259-91e0-40df-897e-405c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T11:00:41.000Z",
"modified": "2017-09-04T11:00:41.000Z",
"description": "payload (probably Locky)",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABVYJEuPUnaUX2IIAAEwCgAgABwANjc1ZTE0MTMyYTRiYTQ3MDYzOTJlZDdiYWEzNjY3ODhVVAkAA1kyrVlZMq1ZdXgLAAEEIQAAAAQhAAAAVa8JUXFYWFlMZk9qBKnbU3Ju7YnTuKUEEM1XbL0p83pWAxMnxeouZVfTuSXQfPP5kcQQVo/mCXsj3IaBjKrfzgQPSG6eeIEDedhNt5C70VpATDNuuUVxTUBP2r5JtMStwtZ89zmFBurDqWC6nSRrhFv0Gd9YHlFMYxZ9UPm8gLJy7j/E+eBM8B7M9knU6jwVQ558xtx1QbjzHOB80A+vziQapVBFOWpnguoMgtVaNLGjJLfQjmYhcUz0ZwEP2ZP8qegVTjzBrvpSjGh182pfm5tlTk+WqNSnRp6gcw5cskre1yn9pL4+8F7U1PS81O9MAaBfXDdfeOQf+PJv/UL1bO7T3Ryu/NrTsRkx/HFsXMMGGBz0SgrndvtAzTs+4Z1ddE+mTygUX3PQPl/QowcnG/9SYIfyZtvo5v086HmJrI2xvSqOwAXvYDEmJW5jnfA0wSODqxC7DaCiVhrAglbdwjxGP7iK+vYeUgQsZ/EePV+Abg/yaWFxcl7dk4Z5i6pYf920U8P402glrLHRANRrA82Y2V5fqU9Z3kKAXMIdpKpB/l6rlTL2E/fruUlAPKHrNUPaIWkrSDX9CAy4OjLmKXGlsfUroxND6NLMCmAlPbfx276/mfd/LHF/LddhZmwLgdGGuPzf2n4142PXw4e5HOGylgT8jlS2XEbFhy0squX0LpBDiaSr67YPTJiRG7C5g46ZqCtTzmcvFUtkXQwSIbjOzR9U4I+3hjQ6nNQsoKrdT05q5XHKvjNtlvu/3w9Xrw+GFWUYJ73EXdKNxHbH9P9nQnGv6Huif/i3v8fO8B67QiVjQ/wUi1DpFUv1nWKKGvAF2ZevyJSOlSTq6KasvYISm2TCPA78rQ/RJdWf6zL4mN78SedMNERcB4b13NKibdq7q7WHNmWq6TZZwbPpNaglWCp98+AQ6jPcgVbbH88cuLwTyniS89ytld/FuKWuZy3maH81+ur0uvZsVg8YhcxBUGeXHLsXETZdDTWkt86pVv+k7uLqY+EdvvXwrPgbjN4/43+eg54YwhsNXSmioR9vPHOgTpiR2N1sBTNbzjLl34jqiqFkRaxcCIOt4MmCa0rEzsmMJvbb9I6hs4bzRMPFbzlb+zCDwU9T/bHSO7kPymMJyg1fXLwVFqYwjknANIBgcpxibhRge4ctHb9q7Gtu+Gq3rmf2ptbp5CTHJQTStaVA21KPoofrwCqklseXY0eB91yyjZ0wOLFFqZixRVagEkDRh4zgnaT4vsSh6ukPkEquxzRVk2oGKQF7l3+Qzh+q8NyyvvnSH1VABFbH9OjFJTgclZ8RkhR1jvDCv5/xLJ82369FdHb/Xo7WCNqZy1ZMflJAvTMd7pC80QZc/8aWUHowJSLu8P+C2mJAYuYqZjkP10ZFSELCQbTAypmOGrU2xi/pzb/eilpTRGvlvG7vK0tc0K8ZbY2M38d9tug6IvLOMt6Ac7Y6wpctvWK6RoO1axka4AkZ0ct/582FiK4G9QJvl3e2W0EqwqTpB11ETWJbJZxLEnnJftWeI20Pg1e5jlv2JLA/lRHFf85SJWPFG+apccxz/q55C2oPueBvzYSJPE2vbbSqiJ2+rFTAMTlwqRVpz+S++SlmH4+J1nRy9iZoebG7TfwbaGCNAdfklvMqUv7CJNQewE+RM0G5hlaTvOjXGGFJPhF7p4M9jUtP3D9Ix4eockbVv7TOBzh/PCqvF+AStHr7hd7dS5HgbUFYItv/GszPrNUpPdg9rDd7H7ISIGa+dGdQGeW86knD9xba4hgf7toEkGjJFK1RI65JEEW/iv19NUNexeD6puZM9yjLvBH6Uzbor01bfM0wfT1GEiZm/V1Tv5kvcz5scC0gxoizk52D63EUbqwiFeVLIn5yIM8qKEuBttIy0UBA/JdC2qH6/ucbtPIPxytNReRGQMhnC72EQl/I1i+gkd2MpF1beL0KeNH4hfq8Qzcf6LYGInsFA8jVsYpkmmwm+co7BStyotN+2D/hi4RwFump3edG/gVZ8qlWHN57joMZKyz8ZIkxO6lhphWzAdMzsTfLqsIko6CK2hhXlncn+w96/56g0zijXzFp/b8EPWfLMn6JKtM+GZOjYu47I5G5nQ4banozpz/QECnungfG+dsE7qEsWsonLQHmbIbByMmz4L75lhP9u8NecxKD0v6+0ZnhhUResEMp7oQw0ks6ZmEmHlBlHonHj25dna6z00JNee8m7rN6Ptzcq6J/jKCF2ZIccbRhuHSc8dYP//1BdBlcbaqlkR8CGwzadZLPVAizkwcuoRIDT5K+p2Wo1vDyCHHZPHIDDqwNeFRzmo0jBrHyA0S4gaIwGWVpGSLtpoudM3i0qehsU0NPM92h9miaUMTtxIUIhaUryhKbLmfxg9rgkFv1iaznT0wHWg8/m5xrBtCoyMFfboPQRlQ43tDGFiLhNJnJV0FRIMZyIlrivB9kk9PQL8TJvjVcHmHxjoEdn2rEmvxtGMWpPaK1OlrTz2plYEQ07fjU8gBatfgrEa7vi3nnzi/u8PQZKmXQJx/BTMOUeFP6oBv0ldudRH4CX9cDmY2bu0+TiD3IzK3CgMD2W/aOZW6TkzKSzoyPBd0RPQhSo7qU0+coDpvH3rpMniG37igZxtmXf51OfDFbDaPANrr5TkThBn2eyU16PX+Y9EJBHMN7ZaEp534OmvxXoVVo+t51B6gbwsowe8Hv4K/jBXm1joHzNhWB94ZYAcSfyugjtKV4KKX9mQxa43IgrQz/6eIJTy2PHyIKByLbWZoPw+hj6eFijlSF2dAPu7WL3MUwUtWQrHkK/IpunOUxC2AGNZNDfNHzEi4pK6blVpBTg62n+NsboembrXtaKH83f9271is9Ho2b/yfN7dJZg0DdIhlTq2KEiJqddvy2epQuNQwhbLXw4PLxsRYX6R7poE3ozgjTWLGTpYeCIqOAMyNhTZg0dzpR864B7mK4FNPONON85iK2HZHDHh8WmHARj866vc/vcz/2QddxqON4S3UFfOU1g27j+pYW5A2jEacNGuINdt0SBeEVZWSQHv0PcZo9cwlwbDQCR32AiqZy+OfNMvhBFZcNvnlTThkdbDiEYGSr2PX2vR1jZp2N74J2v7f+WKwssHN+5T0xNynzHljtBB6/TpiU960BrCeezM+ug+G5EQcc+2YtAyV/IGLBfoPPaGJsCaS57RBPYprt1KxGDCpkl7jxUNnZBrzMZWLpeDYTmJq+aAy/7Nhk3hFTGm5yTyNhf3qHERUN+nWR0OWdk4QSCQOsv1v/5DNilbslHkCsyOytvNp3dL8200F1VcHEu2EGQBs+P3Ilk1Vfc4wghzr5GphMl7ITQLE5T1N0n9FoNEoVKCOQb7xBnzGfmA2RNXc0r+HLX5GXwxeiuUeHQLo+n0JF1+o8p9SYjTrGYMcm38xs0utosSEf6WEi3WNmpX5pbNH06Z1t4bBZWXQOkQZjJ5Jpu5CX5bS/UzxhlbIqmf9PnkR/IxE3vfsaBFlk1XiQSD5Rjmxr5LVBdWIRMZfM8J3zo/8kPWNRByZoV1WYY3tTVT4qA9btig2IHjIF6LvR/9HPK+Bmn0XXKk8+/wdYBdCztk91x/UQi8HPiiToXN6jift4RbacbSpF4m5VC3Cyr+7iO2im/HqCTtS905AfevVLLG3DFeNjmopCZiJMAsvFkjPNyqgmw+c3IYwdqIfZG1GPc6AqroMkJnXNC3RUeZVuv5xKgtYUQNciOP4prmwPy78ojomy1qTAhg0x2OF2RUcPleKYtQ+1FH/4sghJ/DECHv1/vFjdR8p0O23y6T0LeTyCIubJVu5mp4JaLZ15bia3iy7/Hb3EYi+bvbt0DL55eKKvhK3DmAHXUyCzX1qcGnKd5NGz7Ef1NwLU+7E9dBNnKOFtHpRqueMgm5KJB/pC2N
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T11:00:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad3259-85c4-4249-9220-42b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T11:00:41.000Z",
"modified": "2017-09-04T11:00:41.000Z",
"description": "payload (probably Locky)",
"pattern": "[file:name = 'JIKJHgft.decrypted' AND file:hashes.SHA1 = '4800d8a51a0ddff0266c713f3e1d1bb89b63d24e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T11:00:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59ad3259-1708-47a6-8ecd-4d4a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-04T11:00:41.000Z",
"modified": "2017-09-04T11:00:41.000Z",
"description": "payload (probably Locky)",
"pattern": "[file:name = 'JIKJHgft.decrypted' AND file:hashes.SHA256 = 'ca80a724c73fc7bf5cc51ee9655a20f72938bcff7aa0a02b56688c76dada00c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-04T11:00:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}