adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59b2af44-f68c-41ab-869e-7f0b950d210f.json

637 lines
1.4 MiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59b2af44-f68c-41ab-869e-7f0b950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T15:10:54.000Z",
"modified": "2017-09-08T15:10:54.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59b2af44-f68c-41ab-869e-7f0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T15:10:54.000Z",
"modified": "2017-09-08T15:10:54.000Z",
"name": "Malspam 2017-09-08 - 'Microsoft Store E-invoice for your order #'",
"published": "2017-09-08T15:11:17Z",
"object_refs": [
"indicator--59b2afe0-db84-4377-9d06-7920950d210f",
"indicator--59b2afe0-b0e8-4ed3-91d1-7920950d210f",
"indicator--59b2afe0-c518-4444-b4ee-7920950d210f",
"indicator--59b2afe0-3ca4-4f65-badc-7920950d210f",
"indicator--59b2afe0-4ab8-4279-8e4e-7920950d210f",
"indicator--59b2afe0-fb0c-43c6-ac5b-7920950d210f",
"indicator--59b2afe0-142c-4994-a68b-7920950d210f",
"indicator--59b2afe0-2604-4bc5-baf9-7920950d210f",
"indicator--59b2b00d-37f4-4833-b599-2ae1950d210f",
"indicator--59b2b00d-d730-4088-9ecf-2ae1950d210f",
"indicator--59b2b00d-3d10-4e21-bcb6-2ae1950d210f",
"indicator--59b2b00d-b368-447d-b9e3-2ae1950d210f",
"indicator--59b2b00d-7c04-4139-a539-2ae1950d210f",
"indicator--59b2b00d-ec20-44e3-9716-2ae1950d210f",
"indicator--59b2b00d-3188-4f87-a0b4-2ae1950d210f",
"indicator--59b2b00d-cfb4-42b5-bcec-2ae1950d210f",
"indicator--59b2b00d-a648-4e5e-8e91-2ae1950d210f",
"indicator--59b2b193-9c30-4e78-a348-795a950d210f",
"indicator--59b2b193-3c88-45d2-8cf9-795a950d210f",
"indicator--59b2b193-b108-4c24-87c3-795a950d210f",
"indicator--59b2b2bb-62c8-47e2-a278-7959950d210f",
"indicator--59b2b2bc-c30c-4215-b478-7959950d210f",
"indicator--59b2b2bc-aff0-43af-834f-7959950d210f",
"observed-data--59b2b2fe-fd44-4119-b602-2c9d950d210f",
"email-message--59b2b2fe-fd44-4119-b602-2c9d950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:ransomware=\"Locky\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2afe0-db84-4377-9d06-7920950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:57:36.000Z",
"modified": "2017-09-08T14:57:36.000Z",
"description": "initial download location",
"pattern": "[url:value = 'http://brandingforbuyout.com/3936jkgHGdcm']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:57:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2afe0-b0e8-4ed3-91d1-7920950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:57:36.000Z",
"modified": "2017-09-08T14:57:36.000Z",
"description": "initial download location",
"pattern": "[domain-name:value = 'brandingforbuyout.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:57:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2afe0-c518-4444-b4ee-7920950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:57:36.000Z",
"modified": "2017-09-08T14:57:36.000Z",
"description": "initial download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.208.163.59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:57:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2afe0-3ca4-4f65-badc-7920950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:57:36.000Z",
"modified": "2017-09-08T14:57:36.000Z",
"description": "initial download location",
"pattern": "[url:value = 'http://etforhartohat.info/af/3936jkgHGdcm']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:57:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2afe0-4ab8-4279-8e4e-7920950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:57:36.000Z",
"modified": "2017-09-08T14:57:36.000Z",
"description": "initial download location",
"pattern": "[domain-name:value = 'etforhartohat.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:57:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2afe0-fb0c-43c6-ac5b-7920950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:57:36.000Z",
"modified": "2017-09-08T14:57:36.000Z",
"description": "initial download location",
"pattern": "[url:value = 'http://lagrangeglassandmirrorco.com/3936jkgHGdcm']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:57:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2afe0-142c-4994-a68b-7920950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:57:36.000Z",
"modified": "2017-09-08T14:57:36.000Z",
"description": "initial download location",
"pattern": "[domain-name:value = 'lagrangeglassandmirrorco.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:57:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2afe0-2604-4bc5-baf9-7920950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:57:36.000Z",
"modified": "2017-09-08T14:57:36.000Z",
"description": "initial download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '65.182.175.15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:57:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b00d-37f4-4833-b599-2ae1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:58:21.000Z",
"modified": "2017-09-08T14:58:21.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEt3KEsdb0FgP3AIAABQCgAgABwANjNlZDE1NmY4ZDJlZmFkODNjYjJkODM1YzM1NzVkMTZVVAkAAw2wslkNsLJZdXgLAAEEIQAAAAQhAAAAzPwX7CnYXDuHYe8EaP6+ZEB093tJliJD4Fw6Sz9PAODGrXElPP3MSvVs8QS9r9OEFOdGW3wKUD+um6ybjsW7XJsy1DTxIsd8RQ7y76CFPNACPLgyz6xTT/VvfgC3u9rYccrcDwDgn1VmPTy+sDDvPDGnyk4ZuVaTNKtEo05xdHAsAGFlOYLrtlslCKbRvjgxEovfv7oiiHxQcuSxnzt+p71VXvkAx6RG+CK6Eczq1zpzzPSE/Ga8XW3o6lwNDihwB31mZDLZH5J/9JX/1k0g8o2tkiRryE1aQ/SShrEuSMx28bLTVPnSmqUOwsQJcbM5wp2FVCMjhZ08/BWVO/O5nC38q8tk31nV2dBZf0NeIWsjRJe7mjxXbz1xNxRT/x2QYNncPDcdCqxS33B/i20SwRZhTGOsgjTrQeSOfO4m9nPNZjtpnR+yKa5LcNoNrsiVWWk/RjArp5hRSsRscXdoyjwP67SUVq3xUJvF+Dv2OeonRXs0GJQhvn4lJXtZ1hxTAtg46lUlEiOtKvkDbNhuZvU944w/SCKfIsIBj7XM1WK6TWkQ6KaoWEH48Gg0Xm52xO+2tkQ1nzr2fnhC9cTcLmlYK6C4jTSj68rGKCvYfyf9RKEsJLRy5mua2ki+7/jjdoBKNkCz9z4Or4PGMP6o9h8LvWg61EZxN6+xOORiwv9iMU2r7SbYfXq+JXn1EsdtMRA5MIlnFjwaNpFZzOhe+lSe9kpsrvv77YgQWjFD/IpjSzEo2Qqdcl7neXNQ4jwue93f7PeUUnlWEseZ/u630JzaRbQk0ypAUqfQdt+VZR2lSTQLG4Cxo6n9D2kqnbq5J2w3FCxpTNHJjRaulRGe8dUUcfZoEGJqXmCY86LGdVG38PIIfOszOA0bqfs9DjgF5zmYMddYPzDxtb7iNkamToDTMyVhh2zBhYKudvWggJRWR/S+LnEvF3/YtrDLxztyUHQHZOezTysS0e2S5kWQjyXctItm4fb5MfokktInyMr5QM1qZtHMgbbqG5lY5T5AjUzVGdDPxY3BtsGxWKRwm6hKr5EMBmZEW6hAz8J5IvCmW1OZmKGXbLgKdHN5Gfz7eWwgFBT4cWQBMVlCQVAjwZah2FbQr+1iAb8HfZCI37Ao4mzSc/DriSVrroWU5z5Ujj3y+VLu6t0dK1sa5em8Ng2WtrSJUS2dzYoQI7G9WvHKXG4JiZzZYKTg3zS99hSeppUmknTydnGLDMwwvGvseQdNU/mcE3kDx8MQ11nICikhBpNmJVqJ5UXWt9Wgd4mLoUXWlr2Pa6Jpp1UmReypz+cbWV5wcQe9FMvON2CfWo0PrWrHG4PVvFV3phv38zU5D6e1Vslui3Hvw2Z/r3KiPsRcpG4owqpv5ny+fG+tht7ZmaopcNTSHNY1K20uENGNcpZjX3oa9iorxuGXVj4Hpbmify43JA7Gd2wQzSzdHbadDs2MgyZaj5QZckw0zv3CRWGAUjKrUcwR4czACS3AmbaHCJ+Y4tjWxIEFRcjPwTCZizkLGdy2uJmkIWxlSG9VIxQ6RxItnLk0nPpsTmSEKNFL6DGbgJOmZMiH53THAvgfmPAAmx7GaOyvSkpccyn6ro5pe8VReevGnW8YHwLeon7lLot/S4q2SzBKyQQcyu7eK66OgFRj2RTsLa9iOUu7XT6sVL+RRTu5PVtaUL/Z1H9ZAezGmmGZNfgadaKKGUh5b6kkdc+0sG+DEKmA/o9yu7Eko3ff2wPZza2EOk/h72vXQm2WgncM15EJgRu2Om0DY1VlgXcIlFW/ApOMYvoUo0s7vaDVj4+YyCukM93C+/pGLbrN+U6ETSX7YTipLPSPUoHhudCOObcEUjSU+Es/Yaq8HO/Tyw+nLfFybx2F1FebJhI8f1YXFSiXmVhn+ci3kQ8pe4HMaVbqDcTJUiM3c1umOGumbkLmxJ60rszHBccLo04TynBf3soo1PPsCIvUTHUHjEkukRbrwq9kjn8glTdxsjHuL/OChnfsV2hAMyq3iPok8pxce1w1dpPStrH/XX1G6LWO4I2VUvHDljBr4YKXbVNjNnH+e6WU+Ha6UUcQnZUfy/beUpEtMH6yu4WhYlE/rdtyVF6vf40Nqv4EzS+suDIkdCzhitOr+wHwbvK26saqczPNmw13o70F4dSbblhGxoHCD7dtC3xf7VY94iN3itcF9KhypNEo7wShgtLWx0H1hnXmubuO6TKNZtFlEQDtuLhrLLzTx+9mCAF1Fp8IQYVJpIf3+I5Q2FsrDc9KoYbqPVqROtGIOW+hNHQsd4sYHGx4HMGMYixTjFeRS2drAOt7Vvi6clB5x/gs7q9KiLfYnRlYj2JhQfZx0QTX+bf4lKpbosNXeteCMRSaZAN12IT3azgKAq15LhjTBqXoiQmWshjSaaKyw7raeDbwXVFGya6DHnjrCkLU7AQjijYtB2lq9mfknYdNegOD61XA6W5yHBOAEuFN6gtvZaS/OVHQt2YJw/cNMjzEPraLDa5D2oeddTattBzagelL3CNQ/TYMCa1S64DPB2sCzMW6mHbSmDJ7Dw+TH+qirBxAijdXoNXifXA/3weX+vn8QcjYL5ouS+7otVU5QsAJQQjPBOr1A/URSdkKhlHlNgTWuDK8jSn0lpQLilJe0Lw87LXa/H+YySJFlmIe5qEXSkxPjAs74yZaxEMyWn1KMmaQoReFaNFOb+qhhym1CRNzmtwJ/PWwhP+U7myDnsqFtfy5A2wr4WAnLwrgL48dOaOX0k2fpBNSEnt7yVjMPAm/bozy+YYOUjGmAy84Vo/8SPrKR4TTIJXqWdTQGQplemEBDOXkZEZV5NjyIyqoGyvst9vHTAlJKRcVq9wyDYJ0iSV8gVdAqE8JjNCFy/pwOo8Q6oUTX8ldM3f4GyQYnIEJN7F5o4sOBBwLWdajXRCywgbyIpI/7kQS6oqvcy/x1CQwFS+0H4Z/Flgfbbcqpa/GqkT7TRTwSloeWMu1Y1mhMJsfa5MGIJG5xvgcSyJ/E6dCjTG8enFc7YKtVQ0iXY79R7/HJVoJFNAcCCs2l+WF1g2sH0EVRGVZhjLYGdcQdStVYfEGvm698aLu6eGgSaUMPsGERS24Ro1BKU0h4q/c/qKsURy9wQ46tN3w+gvXcSB/DEASL0vNX+0/Gq/wdm4SF+0a5aLGnlvxiueOwvJZXPs8CpdGXHcVZ04Xuhdqd27XZOa4tCZmdQrHu+4yo2bo8Gb3vfcaXgd2+qLQd5/nwtA5SI/5G1ltNCym0hkZ7/Mjjb6fzGoii6Qnoz4xgIGI5cqWuhu8xrCnqcvuxlXSLPQdNJzA7uxw4wzLu+G70fkLWyVofmTraBtVMbySjpvQK148m98sgJIVu9YuQqznakBBuUCp19J8FiiG6/L4UjWOpTB4y3O/GU/Sl1WQlSonJT/ALHRgfdCVV7T7XDznQukGdKQyySUiGR93aljs9MDli+4u9fAlt9Aq/saSNgheJDgpVP8XQgCsZ8lLVu8NeYxZSsW3ziJ237vwM/UYe0o54Obs8EIrdlhgCeKiUuTnHYTwzJu5sJpLFd/yXM8dz4ByFB32yDT5FiZKi0bKfQvuWMFRGDF8SwWg3at5BpdnGMgBes4QVup2VdnJBUG3z686mtkb6xN4fvOgmRjKAGUw/S4vB+q6G8jjGpmOO8pgvhytpdofuCF8LzvnYrDQSJw2F8T7qhsI+xtnIak8o4LVq7O9oLSBBLFk28GMZ/ZZfEGGwhxjIP20BF0q3GDECoTpdXIZyRA0fEmTBotu6A271nDuRdKXyBALGp/ZNZMk2tRUbKAd1KGMMJlVgxzWPwXlJzc2bUoBQ2cyo4CvVIp2tyeJvmS1z2UhWF7GfPaKhASpTRDPSKJkmzNZa9zIXVD9TMxk0P3CO7uZOHKxrv/osZuxE+dVLaTrPy
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b00d-d730-4088-9ecf-2ae1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:58:21.000Z",
"modified": "2017-09-08T14:58:21.000Z",
"pattern": "[file:name = '3936jkgHGdcm' AND file:hashes.SHA1 = 'e599e64297c3525742611b18a8fb1a4a7ceb8c15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b00d-3d10-4e21-bcb6-2ae1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:58:21.000Z",
"modified": "2017-09-08T14:58:21.000Z",
"pattern": "[file:name = '3936jkgHGdcm' AND file:hashes.SHA256 = '3e1924867806778624d231df10928d4d4deef2b3f24de5505f624ddde7d33636']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b00d-b368-447d-b9e3-2ae1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:58:21.000Z",
"modified": "2017-09-08T14:58:21.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBAoACQAAAEt3KEtualWbew0AAG8NAAAgABwANzcyMjZiYTlkMWM0MTVhZWI4NWJhYmRiZWM2MjZjNjBVVAkAAw2wslkNsLJZdXgLAAEEIQAAAAQhAAAAFkiOmkzkxk3xvrttV+JKfruAKxL3YAk2GFVHiQquzlC0madMVWOcOO0TUgznXFaZwaYxEZ9LEoUNOw/Uw9cfkYueCoIkenQhTRKpJI7ysf6dcOPN1cDKnV6LwCHyTpZY9+H8GvK5cspTLqjeM5aGm6vq3FzSoUuFDQ3/d22TIJS7skyaixBgsoTnhpXo+Kjzq/A+yZmxZygu8b1NEgXLFjgR6JUInc09+qn32ikCMLD2+5Kqsh7vNGaUQzfyTa9clHd0Ff16UfSNbNnoS9QyVyjO01pyipB7GquqYwkVvjMz0xmZxAkY3I7yNpvuh4xiFjjs6IkUJTBG7j6iZouL0H3Yu3P1TC5hRgmr1ib3wk1PfDd3Ry1YYjnKOquq4CcaFAHU2tJ7WO2A8XV+TwLIG35GdRbpATNzmyqOGt8ZI5Ka+cre2ayFMukAXrTW2sATPelUSSad346Ai1mckBKFbm53yY2DSpHOdErP58GkFKt/RnarygtfwUU9RnzuuEo2ksAllTeN50+38CKd701X93W89dOqBQp4ApZyC2w+jKUVfJUuYCSfFREoFdELZcH1N8eVchDmix5503OgtsuyK4x6b1+5YNohDuXficUAt9ABhF4j2fVQZRTRVeJr23uXN7oys/K7cZCdkF7PB6hA/FlC0DY353uSbH8HETjkQwJehx+Tgri86HiTSAHtuvpA215OgnOXPQAXM1Dwzw8Y1IpiHPHLJrfl1ouNw5ZhFjliaoHChu4g18rqTrVKIXF/DqF2FIfa9uc5zk2YeLM6G9FGwcEKrmwYrE/xH54/AJmjKB2cb2S/YBeayYalOmU4JjXgBqi/apQFAjYHQelclreEKQOv2WDyWf9nDceRFb4KKznCuLpcGiRfSfbZrnxcYyfGOkc/HQYTZE8niX1ibube7SHzD94MdXHYY7zA3jI2kTahIBVSOklrtSfd7E3Z/6B6Ws0qYQHxeQV7PehPdNG+Q9IjQoRaUOLY9xkJUSWQOtAgmb4687YrSmsVc7R5coq3dkjNYV2DUTeuW4GlNqkVjBHuLymqeAN+tqbni10zoLfJ353nfYf9gRRIqEZYQIWlyCm6+rHDhWOv8QuKYy8ZwbyK5qT2HgstjZON8sTX3xaso4w/x4MCvBlVWQd1jzSE8tTnbhZZLhO/qD6civHVUCHbALZgpdCDOGkUHbYC/u+XzxEHj/Fp8dYqOO6KREG0qDufKhBUFIv2LlJLAHf7kgSSwtIG1AeqXGmKT6h89/aP8tBU10Ki1b21NXjYmzgtoSdBgcx9RNIqt0DTMInGfyBybywHCM/HqMKwNq7Nb1379e2Gh0EFSou8NRAhr+J35sKcStfnxhdhUCkei5JeB/sFzRXvloOo36xvRu41yTMekyaOCFO/7ebQ9ygYmS8iUWkykCYMQR9l9nTpnJxP+AkkkImnWu45tggJqw5dVnf1pqjwQkEnThCTtm65BtouSXOkB4ZLiDrsWyrEkZALUuNeA6z771B6OflH/uatb7kMsdfMUCBClo+H3O1U+j9IUp7MUZ8EO/xFKO1MP1oCejXjDoebh7FON9lVIK1tSzlGyo6SgBo/0t81QqHF7eMwJWOhnL7pHEiyTz37KZWXoup1xYxMPT/PgEEqCKlFxSuRYrR9rA6vLm8n+gwZgwqZpW24gn6mwCDysSuZfCzaClyVEYNzGAuBspDFqKSorPcn3XlRIg4z+2l3hQtQa5kTlYAnZa7J48JIuLZxCMsi1/bonFn0gBVuw1W74H7qmfsl7G8nfxJ7+DIczGBg93YTr4y4w+9TqqFlBGzxlkjfJLr/fr+ryZ3BGQpZZkdmLzi/KnkiogPWgxbbibYWADrGsBUGEm4MeniWpZauOZi7oE1V02xm4+eObhQ4TA6t5ZDlor9isqD/BciB9NG9g5KDD3HAMLJOqwdPh2Ih69k9outZumKg5HBC+IsAyX+5qBfviwAezvIgpGNjGtaBr/yiB9oD64c0jNTrlROPLPb7e1aIiRocdNTHOi7N9Dh8OOCBhSK6PcPpJbXQLg9joa02RS/8L1JGTmBbe8GU8ERlqi6zDZH+HEIhlFa/wm4d1ZwdQk7dh0GO0gJFePWJk/Bt06YjOwnb4RrzxLwnwbS9bJnhqTjoqNTFQO0Uz4beKI/21s+54eIyqiL5XuCm0G/LuQOKyiapQvNcMIsuBZ/zuz1CujSvUVxqXfRBnWbl62OY4rdufbIbv9IG34ahaGUPPfCgluCr4PutBdesXRFt8QoWlGnr4tDH387WDQ3BEVpq0QgXOAyPUQDZGfZTnQ2gJzrBjO+a6AEiZZSSJ4A/3ELJdldqdoIahGYFtUxAzTbbq0o/VwqPAycb5lVysVDOtfstI4DEy4eEB8PD0PSm/pghETRWS7g4UdWXd1uWfBHVAtdCQ+rXLYxgq4jyg6yXTmKs2kP4EfUzh1cVfQnxUUcnEWQ2xhDfAg3UIU8vTdb5nLwV8M9/ZLvAtawtZZTdkTiVJsZ1ZwNqDXnq1N/BNvboT+kk3k/5iJChw2RuFADsRLxvlc79FAr42JMQ6W6IJSJHtJk5FU+IKVeMM9vR3zatjpaSjPEktQUx6PdrTfFMvGDSWhkeXAWn8dc31V83WLeC/o79FsD4zVz9gkcwYmvejZPEgtFlBh03PcXY+B9xhD6MsBozNAQM7s0kzakEaiMw7L3CZJ70Kxx3I/VHhJUTpzPSgrGno+4Lq0m+oJNKj0UEnm7c4ABMT5VxrTfh5aw6NTer168VttkJbfbo3JCf22doLPCcmDUzE65il1JCb8jvJP9eQUB5v8xjj+7nGJxgredx+Fsbq/hnYhbN3AcQN3G8RDuaXLIMiYrM4Q4ioUnIIc5+HZz3pZobHJmFhb0La6Bc8OAMsh4gpYjtmaLxgCyCM7WVC8npGARQBIpSKuSOUfaqsnLlSDsHbeINZtdwZzrGrv6I0twX9AGH7oIMlIYCUwwHdG3ygEs8GFB0DdPNtAILGIaxnqzNhakOn5aeThS244H86M6brTHRx1yC4KcMAAraqJxaTMfDN4RPn977sX77kOlY/RxOjRke/nlGOzXrmgFPTf7Tdi8N+Bb/4lXgmU7GFvZyot1o6/BF/O8f8Wy2sQywjVbUGPASIp5+MnVHz7b43USl2Qm4c8ObekSXavDHhtnFcFnt49M0IsVtKQLSMoCmlNdeMdXc56iOvUuUcrcZ/MI5wphtBS033fgj0k9kPKLEh5ap494BO1y+IRGAN+KIqMT5yIJLDEA7EKfYIvuVrkHoxaKGxvnPHCPmGshc1N5SiDAZIaE/ilqxOgCefOi5lcxye6qfI+gAE4FrJSm0YSKSbUZJ/3H4oQo5/kTFu5TdmXctlJG1kCri1AkLnlhDWZerMtGnjls/lcSiyiZYrQ9jke2F2TbdFSZmaYRD/vsCjWx3dmjw0EJyiHVNfPWRlDYtbgLtW1V98j/yP5tNnKd79fe6/5O71sokl6v79shkrd6RWTmfnkl8AtbZHX571aTs3fM5H5m3yh/6xIeRRhrkTCrPH0pAcWSTi9MCG6C6pE0KDQIAwz29srSie5av10JmmDdHJ5Jek0xqXNwEdDmFEA48WG8NphLQXwc/6TVthMoqdqPrVim+46yOQ28l56gLaZd4yfutbaIzYrB7/fn8iMOQC4Lgo8uIOb314cVf1EThSB6XVRklqfRE+hxS492j7ZNn5Z1NV8Lllyb63RMlNPxB824GkpUc4ZJDKbeczvfqsp1pWylIwyxTPqCnbCiEnThPFMWIX4vyGEMdB7O7d6U1kyzFvXKcDPvGFo9QA8DxCEiETr0/kt11ni9wpAzAzPdFm4dSSOYFGN2liERdsg1joX+dxF7jK3OeRD8Vwhiyi+TgOuB4XAhXstagMrizzn464kvCVuqoUP
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b00d-7c04-4139-a539-2ae1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:58:21.000Z",
"modified": "2017-09-08T14:58:21.000Z",
"pattern": "[file:name = 'MS_INV_4391.7z' AND file:hashes.SHA1 = 'e58fbff82ac433af75512b506bb3617c319f5e0f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b00d-ec20-44e3-9716-2ae1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:58:21.000Z",
"modified": "2017-09-08T14:58:21.000Z",
"pattern": "[file:name = 'MS_INV_4391.7z' AND file:hashes.SHA256 = '114c0ca2d2581cfb70e84a0c0885c892d06fec233213e077a1b332138ebd557f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b00d-3188-4f87-a0b4-2ae1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:58:21.000Z",
"modified": "2017-09-08T14:58:21.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAEt3KEtX7ddZbw0AAGcrAAAgABwAMjIyYzMxODg4MDgxNWU3NmI5NDI2YzcwYjZjYjU0NTNVVAkAAw2wslkNsLJZdXgLAAEEIQAAAAQhAAAA+4cnchKD1UmXBFxjxoMjXkQWl8hcqxpGO6y9csvWKY10cRUBS+fUtW1WGB1BfS3EbVuXL4aNuqUVrpsSAU9iEz04S3NELTjwJyhb/3EInAUwTtstzrEcGh9sYjo2542aVRK40pymJNlWYvxdqqYvq6E4ClQWq9zvXhyEFS6i1t6Uh4hhZT2TODAsySHiUVYng0+izAA2n2v025KvnhJNM+Tn/MK7ZZxNPyxucNlG2xH36leHFFRxVsUJgw+TY4/QZKXJjmp0n3Gha8bp0Fsak0Gw4nA5rBCCk5rsCsXLeWK7V+QmvqHSueUmzquw9DuteplIfh+kFg9GTBol42DE9PHpA1dHNV0btj0lU7DvuAUGsiNEIuYssWSlP/6aluph6Ihh3A9oU+gorC0zU8xJqFdj8J2qPCA0Vd97AOnSleBHXn4e4WDOHrX95gyENF+ANrhjW4N0NlE6+kvGLI+k6FYB3iZwmWr+iz6zzKSUsTWNSMNYYC8E9hpG+iYBW9m1J/XRsXhGUVxFqPkrgJW3bpEfdxFJEuT9GWcV5xE3tUs56wOxQR2+azdA8JxELmHBA765HJ0d2pQi+tYgadxFgSxY5koWTGPKJzAujY4nkUKiNjr7C2AdR35qabsGZiRXiLbD7x/OQHYI4CYIpgew70wxTFFP1fMDYoOjpmvij83T+fvgeqAxLgGHNo4JpHwFnWk/WFC/kAF0N3NOftwWLHZkrKZ87ADgXszoJWqp1Z9MNi2w6oMZDTngiBOxlkFv3z80RJTr9nr0D5LUVRvyolVea0kP9df/EAC/cU1q/LuEkaDcJMpj93kS6igXrlN1T7Rj43M+VaP118hDSJuEsPVK1yoxUa+OKUdf6LjwjVDetjRMCETxmjNXXgD2OLhEdpUllYyaIjYxqmerjP8nzYyWuVoV0q97pzAHKNHsbyIUaJGn+l/4XnafFwbz/ussTOqF4OR7NVOLFK2VCcQYhgGR/2h0/X+4Iyt5cPTtXeHAL5mxT1ycUogxq61AbfdzXv0W/7Vt6ECYQLJ47Q4LjydXlixkpuxwUcCxW6MkfgdnnB0V/8TVkvrItbxsIfqIeUmLrecx4z49EjDbqNq1iTa8Lt8a5k/xt/b11gbmEfAxACWKSnXOsFBpgBhfKtREJnGagM2AUzW0/rkFN2l2LFa9i3cUBh+L1mlA7GkOGoafoSyGRoK/LpHBzhWdbfLoAxbIoyrYvhXAkkWKSLdy69FBpsR9o88Eja0XzExREn0Bs8HEvBxdjS7KKk1GYBRpxUD4riSedViR3gI3CHRxX9JhTs/wof7T3XdU8M5o/qq2fJgCEvOnL9UY5vAgQM+3Fp4wHQmdyf47JlfojiHe1K9/kCfG6Med6pMEayEoGUIIBZUzYdqW4ASK0Mh78oSqjkMI40761WWhjcBd/e5Wciwde9dAMRlj1Eelexjv4yvqG5spwYxIgE6tVdxRSe2AIvlDCC5q5Yfri1L66rF6uVgwkGFwZTKO17R5X5rCoRYJphCDqLkZKfFuD1zQ0UZVC/1+5h5D2a7ByaceiCkUmDs5lmHarzl4qey54pkTaAvOvd3v53161D2fsiWW672uEK+f5W4iTmXsyRaM7LugHEQhMSFbWPXNgrB0Yj4JBArWE+jUNqGKbWETsT+xcrHNQvnPE+q2hmlnLzXWSL9SkDPr8vlc8N2s3rtKwuQH2aXUdUHcHJfU2fLcfTz3Tc9b/ft/wJf0XyW0+tAabmt/X2Too+VXc1cWsLz2LAISH+G4O2gxoxScB0UdlqQb6VopAFUusFNMC/6xFJRqZUyRPzdDMPY9OjVszEVZ6qKXzyQNf1eimaJIT2a3u+yLGI9E/Vao2IU4Zlu0IjbW1yw3OtiQ6aX4NRfzvbvPQ1TsV5Sc5cYGdQ9zZGt9YDWnJ7y6s55gJxlfFjj0Z8ejTvvQ8L4UYHjzuAy8ITFRULkTzwFJFTxvRFkmJ1QckAilIOZQYyJADo9m7AQbHCs+yDGd/7jYQidFXCW8dKQqX30NxN3/D9jJxmbgKwPraIzdsfePKCC5bRy6RTIqCvlvCp3kLXEDrtSGguhXA3FOhzBV7LRNY5wJV2y7HP47L2c0SJJYysbMNRUdpfAjTbZvlFfC1khVXZUCiqCy3ZurZosPQahZCou6BUKg+Xb3dtBgZFPW1LXJ2WnkpLfGVa8xghb+s5Bw628pfkEKZP3ID7OtE6rLbwEvRTEOqZeRhyotpdEY2RvxgfTnKsceuufwnsADR0wH59t9mev3PKSqhvIb6Ab6HxEMHtIQtiVFpkdNH0EJf6ssKoTYbjRDlJrYwb2jABSQphKMhbanEJimfeYUycIaBtA+/lIXPBV8fKM7+v1fr7lBorGuOP/j/tajK6QrbXgzmIrGYB89xlxDDcbCD/wV/kXk+9fGK9m9IrTmXh8WNg+AWMlFfF46PuynuREsyaAL2ExTFF+tl3ILLuk9OkmO0wV1IM1Agd3rZaDjbCKEADqe19oVUe0kwei2pcz8FyWXpMqE9T2rY9cxL21OWOXe5EVAMdydEnBqHHtLPtsLJ/iHY7gt/ae7WltViu/JuZe51oPuQ2BYIO+9Uqgt0IeH/THRWKMRhmoLxksAvNv/jD/VBxuKLk75tmrEPQLHe70OQ/YC9eAaBvHSvhHmvORFS9A2f05jRYAgPE7IVC9h4aK1Qjw3EAMXzQ++zF5V4aH87GiB/HY5WQApfoTzmRnXF7shIzjOuZ4Myxnm9jSFh1Z297uyeCDE1EMw9PqUWRq9XQrqeQidDAQyNmLKM/7ggOMB5MomJQO7YtQzMYNi6v0FeXCWUngkk6IeCeazW2eFiNLo+gA41WcqN0/oOZ/LAurHJA5KPsPsHI+L0F9f6ppiCcnpQ4zmXBGiYCUDzhUyJ4Xg77T8TsoPgC5tS4raaf3tzfEs/y4uTGTHyqXorBB8d8VoVRIpd9GNZcDWYy905Coz6WuZPdvjt8G1T/0EB2Qm5jRJs6Fm461thQtfGhqemYkHEvKSuRev2Vx+rz2YeQHkAs7KqxydGJnUTIU7Leyzl+bX+z0J4FLB0/PPRmZ1SrjI4PkfqtTjS+OCs3joQFmzF2bua1FWHiozdyI6OlhNI8PW/VPLvPv5OEYs4Pf06Eli60dJ8lQ6AxBnWZywGEuZSJp6DN0QV3DuYVRt9U9n2J3nfZ156MFG4tG1nPS9dgyxdS+2FsARWNhxvvypUpCzvfJI6DEE95Xf0OxZhdsZfq3uygZ2Fyxxk4ayRZ0fTMLyHyzwxCANJkcZnja7htCZCfN1H5RONGndisrFXPAEPwA0FuQuLbfcJ45J2z6psJ8mK0jErTNUQcbjYNQNDdyFatZXDeGM0GLlzDh/XApY+GKQ4wYmrWIfoThLNWPsi8wIrPOLn+K/A/lLlkULIkFYiqb9daYbIPKa655eFMdS1hckJJ1/uGbVzu704pwtDUhbE06ACJOCTRrRYEd6IEppQUak/zCPXivlmrDdj7gXGw3QaZn4GVYcpbGNjPRXDhMu4+12pvzJ0B/mpcQnXUFHEBRT9N31D+H1muH/DWR5/NVr4jN1KK3xXdoqygDUGNIQ2dZhu/oFvcgmpgWgoueN1SRMH1nhcLG6kiSGD3ZSUoeQ6asDKmESVSNoeI0q5P2uPMAIY9idgnrXsQpfTbHzUPPD/5JaT7KFf/vjtN0nptsE2DmxFvLO2Pmj7WSYdzbWyk2kdkT8jhlBCcHps7a34aJpEisqK/hYcunQHTPTl/qPKd8kpNCF9DKhD9t+rk9GHLpatcGoKGh1xKgoy56QrrqDOLwDtU9l0eaqFo5jAIFt+4anGrOkM9Kq6uw+Kd24/e4A2lEf4TMUzxz3l7T5LIIglN/8CJk5q0DAbKvnSBpTpgTCwmJp7vvRGcnP3ZaFCwCjXm
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b00d-cfb4-42b5-bcec-2ae1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:58:21.000Z",
"modified": "2017-09-08T14:58:21.000Z",
"pattern": "[file:name = 'MS_INV_5783.vbs' AND file:hashes.SHA1 = '98e78ed75d7363977c0384bfd4be315734c0566f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b00d-a648-4e5e-8e91-2ae1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T14:58:21.000Z",
"modified": "2017-09-08T14:58:21.000Z",
"pattern": "[file:name = 'MS_INV_5783.vbs' AND file:hashes.SHA256 = '7316f1875c62f2a97282023d757e4333752c986e11bc3c521c9ee8adac0cf804']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T14:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b193-9c30-4e78-a348-795a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T15:04:51.000Z",
"modified": "2017-09-08T15:04:51.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJp4KEvFY1PjqT4IAAFQCgAgABwAMGIyYTU0ZDc0ZjVlNmIzODMzYzZmY2MyMTgwYWNiNjRVVAkAA5OxslmTsbJZdXgLAAEEIQAAAAQhAAAAh0TtD7E5cvOekewT/rOyCd79TSgR0sfscdgEsuKqXkj9GlgpNrqGh/NPV8vVmd2jtBolz03NPwpETUzFueKhMbfAtp8CgIg21w/toD+PtDa1MNir6eI/pPmZgSQ52GbnQvMglXdQNNay/r7OFHRXHcUeya8fyAJr0TOphC8qWLE2NQvSB1EhbgoiUfiH+DTbItY9tvTzp5RrPrExEk78K4+HC5wBnPFOIaenko6xDqY+KAcPcUIsmUUUQHx8Rqo2wBygRqQJGz2kiMc9cdplrML0E7wiM/HpXqZj5yr3OF1NYdTQAjsiXgE/cwpHlLNPabLAdRbQgIGP+CrCUccn9vH8KWqZk+1NorrUPwznNpGn9UOtfTsXyMNZHWil0ajkrsMRnri0iMk0lINVvYVZBVU0wSG7pKN9PLNQXaDFbhYeVIvn2lXC+upSGPjmFapWqC670Sgfar7MtwpZ4ORdlOwS4Abke19irzIe9jCrrKmIInAQipyxHE+clr5BI0EJ6QCNRevLwO1YN+4HKXxsWupc94iAdHxLLqLnuEYKTr4U7jeeMGlluB4B6UVPPk6ykQwg4HKZF7DOPQAPb6ypDyE1nvZPOc+kmBkYaol+ygfK3ibADSENbIROw7ZtduqXD41kNqFvhGITVYu3vs+xOuSO4yeZ01eBGKBELSt3PhEh9zK8CwrOITflnEPz5glopTCkjT+8KUw6cHxZRQIH/z7uVuwXHCYx94lvjoP0OoG/yIJ4dSQ1KrQLaM+yuTBRgmXOzFHvJYPiUMC1Z8hS2dpvzs/k1d/s98ZVmZ/8oZML5kyi6XIdYN+9y7NEa616+2tPusazePfSB84V5J7XIIis9OZ9IU8GDkSxY0GEel8LkIWdBB1Vm1ZC6S9BLcx1/sPVWmjqCqKOQSqdPcMgclHi236bh2WTazY9vWVE3BuXA5GHo1aH41jp8SPsldlnVyhZaBTaRFxiUIbS4JdO1LKZ5gYSU5wxYRQBUTw5a8xcRuOL7YkPJgnKL4qdRqXE0CvwEu9Vzm6fNDcyksfR+Ds6tqEi4XB8Vg2LSPpIKZvWnnvFdJQXWIyFEGFqgy5tKsUESM4EGCDHT6kYRI1YT0f1xRnzBgrnj8LggdctTg8AO0EjcVEibM/13uDqW9CjGUKPEK6MHeMSlZxf9cs+WxVcqap5A4VJzxmOHbd6GuTRaJvfwIXWH8o1J88sTxsXgInBFhRUgcc6vfVRDwKDa+qAH3zY4D433JklFNh9G1dzUu3dEfmDrGUevNn5KN2gNJT4m10Pejq6Dt8qcbg6xy0eR2DF2QAquMq9K6PsDGiac0Esoap7ZgoEamKSKJEch+ph4VisRf3uUgBLfzyHk/cYoT0GOtTLUk3F4pgGv7NnZL6wAQLuwudbzjud/dF9yEknXD0jj+4LopKCcQBwgR5rBvb/taxMheQ4xpUNK6mBsLFv3QeBYrOqiIfYQLULtE3CK+azfl/W3MR89Zswnm83PoRL7IKRSHyj009/8YocRzsjKSGnTAYhZw+NArVE4kX/tvyc1XOiv+pjm7esGz/Rn19hCXfLiuiaASA+n8I5xPNuvyHYx16DEXVGT6IYbB5N1AGcxXMO8HA0vmXI0v8xGa9giJ7QQ/j31DccyD5d8761fApCd4Z5OEAZrYwm8jwjJNAwU6Lq8LcXrhMLcV/rtUjPAvtGkcz1IFoOz26UiCrxm8OvqoExnxieZPs1L5e2tLlMHvbpyQ81HhspBPIYnM+bllksyZezW38tAgYGtTxSYgTQf9IT5899fEvQ1suBc9U397ECfN5m0JmJ8s+IDejOkuL518xM6IsEgFiSnMhnkhs/bo07LphPN9cMYtN84kECszhxE1NmcrK16ExGbKADXeLlRdyHjOcyF6DlXxq2QmzIFLZT/9WmW7TMqNa6mhak5B6Uw9H70o7kgHzLfGa2HhZ2GahVCWXvMb0EAZ1tk3TuYK1hCjVvOlfuvZBWmV526i1jQkRTCjCKs/4gy3L7M9sKWAO6h7LZCSs7cwfmMzLI7yyQJLiukTJ0hTtyF9TfU8qhUTUoEQWSfbtheOpHE9gHFQPAgA/4G2D1RuYKHGjr1ptNW69Tf52lq1kS98wWKkXxxu7IsVruc8e0cmksP7GMoNR0kssZyEeQTuee/87wdCi+b5fn1QZtjg0R/GBDmVzXzl5dvcskaK6M+6khS3C9L72mBzqJH75r1/3nLqwqDFcOdOjNbozJPI7DZ8xtjBXLK30srETyS9M1ZubFeZnigHnubPaAgVtMqRKw0HasHMMCOPKIdWT327wUpK8XeFMSmlBRbetOnfZ00+1KdZdFypuYhvlyynItrS7qT94CzWBdRvLBlbntYtN2z6QzjL8/z5t1tTkGQII8nBOBWxTICtj6qQ6Ot7nQxcklf+j82qIjMkap1dwy4c2ECyNt86TywtVi8+RWB6pXFwLLL1r5H/slXuEOEXvl+y6ulheemdxdNnbDXxngbJIqXZa8zfywBji0OeZ/8LbfbpNyJo0F6CmQWtJdTDsO5TxWmwj87AdvpO8Ygb5juPoVu9oVu4I/jQc7Cr+yW0tFGbUqVV1Rx09JswjKz+V8xOEVq/wNBrTK0EejV6ijHp7cV/rQIu+ye9JFU0rRybRFud1d0MYaaFivxmb0FuXondUpkkYXpaSYcL78x+ar5rWDrncr46vPrNTi7lRGLM6DGw19oF5wdlPFqHevwgBHjJYMYxj/lyoeqW2zBZgP80TDdxDTP3IrnNAr2FfWzm0KUSdDNq7zA87PtfCKNImWuv1ySfqYc+W09CcXVx8hIBS+vD8AtVsqSiyAcC9+Pr85nUFeQF/Ar9FeCeGKvPlV1LPf0LaQ3xKcUpxbnqRbdR5ENXV9FiIOPcIFL6ogNca+7WuZhnVwrPgk9Ar6TOofgiPmys/NoEGLxQsWfBrSdaKtHi2Xf+F0X2ecUur61/c9Q6JbprzBMPkk7dI85Nfxpzctx9p9B9vdFvgdoQEe5YiJcKSu0E7D48HZAVU7nszH+Q2FWDQuClsOM6xZplWQvlmqXlUxgVYBgq6qoazSX613s0u/ibV91Bd7CB/m6CCUKNxjJBvnbmRrJ1ncNqPDnKp56GDdLMr5qv0Xr01o4pcAcaCgZe9Jf9r7ljHMIYXGxf/VQxH0N++wdlFZl/MLUm3hIPTiSh/WaSJZUgw9ZRHg/19t4CJpLQFAX3f6GLDFIMXpymeapeCq3c+wp/16RmYWRZIAipSMuxTTVt/lqc4pKmRn0yi+YO+Uda3WPdp7QgVn4UnNS/AvG4u2vSMniBYxOmNRL88rHe99VEHgoTTlzVLAg9cS/ZWaNRq27begXq/Qcok6OwvpU0yiWEc1H6KH6L7+S0KAJbUGf0AO1iQvFKJ3uuUvDnK4U0FEpl41h6lIhom8z0bZjaC7pY4N20waiaeaNmPyCHEujJWvZXACrNCNx66gFEFgDUG/9TiMD4pUukuGGgMvWbYRAW+PevPud/7Zky08mUn6F1xx5m6g3TgQ08OGg5hMtXrmYROdGQNr8sfqK5F/RCFYPhHWzXz4j7prcX4ZH4ur/iUvdHhbilLdCRSc0ov+QP+Pu3w+p4k81plU6gGLMj7EDga7YQ93gIZsNMWHZYhso38ZWwe+2b2v3dVxVhiUno1RtjLV4Yor2OvTQgOHqFYmSAsrsqjyvNtZhp0ncsfrZu2dEhJ1y44KB/asW4F30fNd3Om7vYtOMncqkWEKVNc5Yt5Mzr8LRF8Ubzr3B2LxL1UYJdTLw49uYYjl+ngxiL4INFseiw9HA1x2TKYqv1sXI+XF13ELunP/ipznLqrOyOfq5otLsVBTZtr5pHwS8DrABdq3SSiJ+DlXbg2C7FavR3gPBCZa+gnzmG99P4T1UPrrDGDS/Dt8D3k9Lr
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T15:04:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b193-3c88-45d2-8cf9-795a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T15:04:51.000Z",
"modified": "2017-09-08T15:04:51.000Z",
"pattern": "[file:name = '3936jkgHGdcm.decoded' AND file:hashes.SHA1 = 'c62429c23718ec9c16361c4e711b2535aaf8b3b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T15:04:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b193-b108-4c24-87c3-795a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T15:04:51.000Z",
"modified": "2017-09-08T15:04:51.000Z",
"pattern": "[file:name = '3936jkgHGdcm.decoded' AND file:hashes.SHA256 = 'fcf6e02ef14cc219cd532b72d909062967dacf195ad4eb12fe131f3c20755293']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T15:04:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b2bb-62c8-47e2-a278-7959950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T15:09:47.000Z",
"modified": "2017-09-08T15:09:47.000Z",
"description": "secondary download location",
"pattern": "[url:value = 'http://anloandy.co.uk/MS_INV_1046.7z']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T15:09:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b2bc-c30c-4215-b478-7959950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T15:09:48.000Z",
"modified": "2017-09-08T15:09:48.000Z",
"description": "secondary download location",
"pattern": "[domain-name:value = 'anloandy.co.uk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T15:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b2b2bc-aff0-43af-834f-7959950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T15:09:48.000Z",
"modified": "2017-09-08T15:09:48.000Z",
"description": "secondary download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.246.110.104']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-08T15:09:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b2b2fe-fd44-4119-b602-2c9d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-08T15:10:54.000Z",
"modified": "2017-09-08T15:10:54.000Z",
"first_observed": "2017-09-08T15:10:54Z",
"last_observed": "2017-09-08T15:10:54Z",
"number_observed": 1,
"object_refs": [
"email-message--59b2b2fe-fd44-4119-b602-2c9d950d210f"
],
"labels": [
"misp:type=\"email-body\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--59b2b2fe-fd44-4119-b602-2c9d950d210f",
"is_multipart": false,
"body": "--Boundary_ID_66HcBTplKwBgWnOL\r\nContent-type: text/html; CHARSET=US-ASCII\r\nContent-transfer-encoding: 8BIT\r\nContent-disposition: inline\r\nContent-description: Microsoft Store E-invoice for your order #3355505101\r\n\r\nDear Customer,<br />\r\nThank you for shopping with Microsoft Store<br />\r\n<br />\r\nPlease find enclosed or <a href=http://anloandy.co.uk/MS_INV_1046.7z>download</a> your official Microsoft Store Invoice.<br />\r\nPlease retain a copy of this invoice for your records. Your Microsoft<br />\r\ninvoice may also be required to obtain warranty services.<br />\r\n<br />\r\nThank you<br />\r\n<br />\r\nMicrosoft Store 2017<br />\r\n\r\n\r\n\r\n--Boundary_ID_66HcBTplKwBgWnOL\r\nContent-type: application/octet-stream; name=MS_INV_4391.7z\r\nContent-transfer-encoding: base64\r\nContent-disposition: attachment; filename=MS_INV_4391.7z\r\nContent-description: MS_INV_4391.7z\r\n..."
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink