2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5bc60f40-929c-4fed-b93d-44e9950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-25T13:02:14.000Z" ,
"modified" : "2019-04-25T13:02:14.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5bc60f40-929c-4fed-b93d-44e9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-25T13:02:14.000Z" ,
"modified" : "2019-04-25T13:02:14.000Z" ,
"name" : "OSINT - 2018-10-09 - HANCITOR INFECTION WITH ZEUS PANDA BANKER" ,
"published" : "2019-05-15T14:18:19Z" ,
"object_refs" : [
"indicator--5bc60fa7-12a8-469b-92a8-457b950d210f" ,
"indicator--5bc60fa8-1390-4f6f-bdab-4822950d210f" ,
"indicator--5bc60faa-e614-4e33-a62f-4ea6950d210f" ,
"indicator--5bc60fab-3c7c-40e9-acfd-4d52950d210f" ,
"indicator--5bc60fac-8e38-4d50-ac7b-4958950d210f" ,
"indicator--5bc60fb1-a934-48e0-88b6-4981950d210f" ,
"indicator--5bc60fb6-bf34-46c6-96e2-434c950d210f" ,
"indicator--5bc60fba-c368-49d4-86eb-4608950d210f" ,
"indicator--5bc60fbd-e8cc-43a0-950b-44ac950d210f" ,
"indicator--5bc60fbd-7070-4451-ae1a-4afc950d210f" ,
"indicator--5bc60fbe-2424-40dc-bf04-4fa1950d210f" ,
"indicator--5bc60fbe-04ac-4394-897c-40a7950d210f" ,
"indicator--5bc60fbf-5028-4b35-8f83-4da8950d210f" ,
"indicator--5bc60fbf-0f3c-4918-9d94-48e3950d210f" ,
"indicator--5bc60fc0-f440-4074-af1d-480e950d210f" ,
"indicator--5bc60fc0-8c80-4f2e-b6ce-4063950d210f" ,
"indicator--5bc60fc1-d628-4a0b-90bd-4fd1950d210f" ,
"indicator--5bc60fc1-e268-4d7d-9d9d-4df0950d210f" ,
"indicator--5bc60fc2-b10c-4e72-8ee1-4e44950d210f" ,
"indicator--5bc60fc2-befc-4273-9340-4562950d210f" ,
"indicator--5bc60fc3-d3d4-469d-a86a-438e950d210f" ,
"indicator--5bc60fc3-ae50-4f4a-a216-4292950d210f" ,
"indicator--5bc60fc4-6030-4080-9f38-441d950d210f" ,
"indicator--5bc60fc4-4b38-4430-81d5-4f36950d210f" ,
"indicator--5bc60fc5-3300-4da2-aa86-4d2e950d210f" ,
"indicator--5bc60fc5-d628-4677-81dc-4820950d210f" ,
"indicator--5bc60fc6-74dc-49d3-b3fb-43aa950d210f" ,
"indicator--5bc60fc6-366c-470d-82e7-445b950d210f" ,
"indicator--5bc60fc7-7198-4c33-b9cc-4712950d210f" ,
"indicator--5bc60fc7-628c-46eb-8517-4eb3950d210f" ,
"indicator--5bc60fc8-55cc-44ae-97e7-4bb8950d210f" ,
"indicator--5bc60fc8-72b8-44c2-b570-4d83950d210f" ,
"indicator--5bc60fc9-fa08-4e0f-9a92-4f85950d210f" ,
"indicator--5bc60fcd-54b4-4308-88e7-44da950d210f" ,
"indicator--5bc60fd2-86d4-489e-9a70-4928950d210f" ,
"indicator--5bc60fd8-8904-4b47-b2fa-484b950d210f" ,
"indicator--5bc60fdb-0730-4aae-9728-4f1f950d210f" ,
"indicator--5bc60fdc-dad0-44a2-8c19-4851950d210f" ,
"observed-data--5bc6107e-aef8-45a7-b83b-495e950d210f" ,
"file--5bc6107e-aef8-45a7-b83b-495e950d210f" ,
"artifact--5bc6107e-aef8-45a7-b83b-495e950d210f" ,
"observed-data--5bc612b3-e6b8-4fb1-97a4-4961950d210f" ,
"url--5bc612b3-e6b8-4fb1-97a4-4961950d210f" ,
"indicator--5bc61150-4614-4135-93e5-49ca950d210f" ,
"indicator--5bc61173-f948-4a64-bf3a-48da950d210f" ,
"indicator--5bc611db-b1b4-44a2-8fc6-404d950d210f" ,
"indicator--5bc6126c-e1a8-4642-8f4a-41dd950d210f" ,
"x-misp-object--19ea9ed9-31ff-434e-9103-1ac956deda80" ,
"x-misp-object--dc86f544-9003-4c61-9a8e-077f138279ad" ,
"x-misp-object--109b564a-ee52-49b6-80a2-71b019a253a7" ,
2024-08-07 08:13:15 +00:00
"relationship--361a64fe-807c-4743-8657-30b1e1ed62dd" ,
"relationship--25c68755-26b6-4eca-96d8-35e8e921da4e" ,
"relationship--0a07ebe8-fcfe-462c-820d-94f68f6b32d6" ,
"relationship--9aa7e40a-ad30-48f3-a830-d944d999275f" ,
"relationship--1c4431cd-b84c-4f01-a4b0-ae608c8e21a7"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:banker=\"Panda Banker\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Input Capture - T1056\"" ,
"estimative-language:likelihood-probability=\"almost-certain\"" ,
"estimative-language:confidence-in-analytic-judgment=\"high\"" ,
"collaborative-intelligence:request=\"more-samples\"" ,
"osint:source-type=\"blog-post\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fa7-12a8-469b-92a8-457b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:19:51.000Z" ,
"modified" : "2018-10-16T16:19:51.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'carvanadenver.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:19:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fa8-1390-4f6f-bdab-4822950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:19:52.000Z" ,
"modified" : "2018-10-16T16:19:52.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'carvanamemphis.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:19:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60faa-e614-4e33-a62f-4ea6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:19:54.000Z" ,
"modified" : "2018-10-16T16:19:54.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'carvananashville.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:19:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fab-3c7c-40e9-acfd-4d52950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:19:55.000Z" ,
"modified" : "2018-10-16T16:19:55.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'genesisatoxmoor.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:19:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fac-8e38-4d50-ac7b-4958950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:19:56.000Z" ,
"modified" : "2018-10-16T16:19:56.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'genesiseastlouisville.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:19:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fb1-a934-48e0-88b6-4981950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:01.000Z" ,
"modified" : "2018-10-16T16:20:01.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'genesisofeaslouisville.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fb6-bf34-46c6-96e2-434c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:06.000Z" ,
"modified" : "2018-10-16T16:20:06.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'genesisofindiana.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fba-c368-49d4-86eb-4608950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:10.000Z" ,
"modified" : "2018-10-16T16:20:10.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'genesisofwestlouisville.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fbd-e8cc-43a0-950b-44ac950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:13.000Z" ,
"modified" : "2018-10-16T16:20:13.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'oxmoorusedcars.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fbd-7070-4451-ae1a-4afc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:13.000Z" ,
"modified" : "2018-10-16T16:20:13.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'sellittooxmoor.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fbe-2424-40dc-bf04-4fa1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:14.000Z" ,
"modified" : "2018-10-16T16:20:14.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'selltooxmoor.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fbe-04ac-4394-897c-40a7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:14.000Z" ,
"modified" : "2018-10-16T16:20:14.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://keywestresortsadvice.com/wp-content/plugins/google-privacy-policy/1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fbf-5028-4b35-8f83-4da8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:15.000Z" ,
"modified" : "2018-10-16T16:20:15.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://keywestresortsadvice.com/wp-content/plugins/google-privacy-policy/2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fbf-0f3c-4918-9d94-48e3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:15.000Z" ,
"modified" : "2018-10-16T16:20:15.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://keywestresortsadvice.com/wp-content/plugins/google-privacy-policy/3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc0-f440-4074-af1d-480e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:16.000Z" ,
"modified" : "2018-10-16T16:20:16.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://lonestarportablebuildings.com/wp-content/plugins/prevent-xmlrpc/1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc0-8c80-4f2e-b6ce-4063950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:16.000Z" ,
"modified" : "2018-10-16T16:20:16.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://lonestarportablebuildings.com/wp-content/plugins/prevent-xmlrpc/2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc1-d628-4a0b-90bd-4fd1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:17.000Z" ,
"modified" : "2018-10-16T16:20:17.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://lonestarportablebuildings.com/wp-content/plugins/prevent-xmlrpc/3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc1-e268-4d7d-9d9d-4df0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:17.000Z" ,
"modified" : "2018-10-16T16:20:17.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://merisela.ru/wp-content/plugins/flagallery-skins/music_default/1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc2-b10c-4e72-8ee1-4e44950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:18.000Z" ,
"modified" : "2018-10-16T16:20:18.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://merisela.ru/wp-content/plugins/flagallery-skins/music_default/2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc2-befc-4273-9340-4562950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:18.000Z" ,
"modified" : "2018-10-16T16:20:18.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://merisela.ru/wp-content/plugins/flagallery-skins/music_default/3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc3-d3d4-469d-a86a-438e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:19.000Z" ,
"modified" : "2018-10-16T16:20:19.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://muneersiddiqui.com/wp-content/plugins/bwp-minify/includes/1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc3-ae50-4f4a-a216-4292950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:19.000Z" ,
"modified" : "2018-10-16T16:20:19.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://muneersiddiqui.com/wp-content/plugins/bwp-minify/includes/2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc4-6030-4080-9f38-441d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:20.000Z" ,
"modified" : "2018-10-16T16:20:20.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://muneersiddiqui.com/wp-content/plugins/bwp-minify/includes/3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc4-4b38-4430-81d5-4f36950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:20.000Z" ,
"modified" : "2018-10-16T16:20:20.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://surfsongnorthwildwood.com/wp-content/plugins/wordpress-hit-counter/1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc5-3300-4da2-aa86-4d2e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:21.000Z" ,
"modified" : "2018-10-16T16:20:21.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://surfsongnorthwildwood.com/wp-content/plugins/wordpress-hit-counter/2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc5-d628-4677-81dc-4820950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:21.000Z" ,
"modified" : "2018-10-16T16:20:21.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://surfsongnorthwildwood.com/wp-content/plugins/wordpress-hit-counter/3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc6-74dc-49d3-b3fb-43aa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:22.000Z" ,
"modified" : "2018-10-16T16:20:22.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://www.socialmanagers.com/1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc6-366c-470d-82e7-445b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:22.000Z" ,
"modified" : "2018-10-16T16:20:22.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://www.socialmanagers.com/2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc7-7198-4c33-b9cc-4712950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:23.000Z" ,
"modified" : "2018-10-16T16:20:23.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[url:value = 'http://www.socialmanagers.com/3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc7-628c-46eb-8517-4eb3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:23.000Z" ,
"modified" : "2018-10-16T16:20:23.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'fornetodu.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc8-55cc-44ae-97e7-4bb8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:24.000Z" ,
"modified" : "2018-10-16T16:20:24.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'hehenforfi.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc8-72b8-44c2-b570-4d83950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:24.000Z" ,
"modified" : "2018-10-16T16:20:24.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'hersjustretleft.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fc9-fa08-4e0f-9a92-4f85950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:25.000Z" ,
"modified" : "2018-10-16T16:20:25.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'sincirewdo.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fcd-54b4-4308-88e7-44da950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:29.000Z" ,
"modified" : "2018-10-16T16:20:29.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = '275aacaa1610.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fd2-86d4-489e-9a70-4928950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:34.000Z" ,
"modified" : "2018-10-16T16:20:34.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = '275aacaa1698.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fd8-8904-4b47-b2fa-484b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:40.000Z" ,
"modified" : "2018-10-16T16:20:40.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'nobotanri.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fdb-0730-4aae-9728-4f1f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:43.000Z" ,
"modified" : "2018-10-16T16:20:43.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'veintitna.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc60fdc-dad0-44a2-8c19-4851950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:20:44.000Z" ,
"modified" : "2018-10-16T16:20:44.000Z" ,
"description" : "Hancitor - contacted urls - probably compromised hosts" ,
"pattern" : "[domain-name:value = 'lachistontfi.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:20:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bc6107e-aef8-45a7-b83b-495e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:23:26.000Z" ,
"modified" : "2018-10-16T16:23:26.000Z" ,
"first_observed" : "2018-10-16T16:23:26Z" ,
"last_observed" : "2018-10-16T16:23:26Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5bc6107e-aef8-45a7-b83b-495e950d210f" ,
"artifact--5bc6107e-aef8-45a7-b83b-495e950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\"" ,
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5bc6107e-aef8-45a7-b83b-495e950d210f" ,
"name" : "2018-10-09-Hancitor-image-02.jpg" ,
"content_ref" : "artifact--5bc6107e-aef8-45a7-b83b-495e950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5bc6107e-aef8-45a7-b83b-495e950d210f" ,
"payload_bin" : " / 9 j / 4 A A Q S k Z J R g A B A Q A A S A B I A A D / 4 Q B M R X h p Z g A A T U 0 A K g A A A A g A A Y d p A A Q A A A A B A A A A G g A A A A A A A 6 A B A A M A A A A B A A E A A K A C A A Q A A A A B A A A D x q A D A A Q A A A A B A A A D h A A A A A D / 7 Q A 4 U G h v d G 9 z a G 9 w I D M u M A A 4 Q k l N B A Q A A A A A A A A 4 Q k l N B C U A A A A A A B D U H Y z Z j w C y B O m A C Z j s + E J + / 8 A A E Q g D h A P G A w E R A A I R A Q M R A f / E A B 8 A A A E F A Q E B A Q E B A A A A A A A A A A A B A g M E B Q Y H C A k K C //EALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/bAEMAAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAf/bAEMBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAf/dAAQAef/aAAwDAQACEQMRAD8A/qU/Zv8A2dvCP7XXgjR/2kf2mNIk+I+j/EaWbxP8JvhJ4nn+1/Djwj8OrsSp4O1PUPB6SvpereMtZ0mVdb1HUNZGo3WkXeoS6fYTRQRAMAfTX/Dvn9h3/o0/4D/+G58Pf/IlAB/w75/Yd/6NP+A//hufD3/yJQAf8O+f2Hf+jT/gP/4bnw9/8iUAH/Dvn9h3/o0/4D/+G58Pf/IlAB/w75/Yd/6NP+A//hufD3/yJQAo/wCCfP7Dmef2T/gPj/snPh7/AORD/L86AJP+He37Dn/RqPwI/wDDc+HP/kGgA/4d7fsOf9Go/Aj/AMNz4c/+QaAD/h3t+w5/0aj8CP8Aw3Phz/5BoAP+He37Dn/RqPwI/wDDc+HP/kGgA/4d7fsOf9Go/Aj/AMNz4c/+QaAD/h3t+w5/0aj8CP8Aw3Phz/5BoAP+He37Dn/RqPwI/wDDc+HP/kGgA/4d7fsOf9Go/Aj/AMNz4c/+QaAD/h3t+w5/0aj8CP8Aw3Phz/5BoAP+He37Dn/RqPwI/wDDc+HP/kGgBjf8E+P2HVP/ACaf8ByO3/FufDv9LJf8+nO4Ab/w75/Yd/6NP+A//hufD3/yJQAf8O+f2Hf+jT/gP/4bnw9/8iUAH/Dvn9h3/o0/4D/+G58Pf/IlAB/w75/Yd/6NP+A//hufD3/yJQAf8O+f2Hf+jT/gP/4bnw9/8iUAH/Dvn9h3/o0/4D/+G58Pf/IlAB/w75/Yd/6NP+A//hufD3/yJQAf8O+f2Hf+jT/gP/4bnw9/8iUAKP8Agnz+w5nn9k/4Dgev/CufDv8A8hn+X5c0ASf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAf8O9v2HP8Ao1H4Ef8AhufDn/yDQAh/4J7fsOgcfsofAgn0/wCFc+HOf/JEfz9uMigCP/h3z+w7/wBGn/Af/wANz4e/+RKAD/h3z+w7/wBGn/Af/wANz4e/+RKAD/h3z+w7/wBGn/Af/wANz4e/+RKAD/h3z+w7/wBGn/Af/wANz4e/+RKAD/h3z+w7/wBGn/Af/wANz4e/+RKAD/h3z+w5/wBGn/Af/wANz4e/+RKAJR/wT2/YbIz/AMMo/Ajn/qnPhz/5BP8AP86AD/h3t+w5/wBGo/Aj/wANz4c/+QaAD/h3t+w5/wBGo/Aj/wANz4c/+QaAD/h3t+w5/wBGo/Aj/wANz4c/+QaAGN/wT3/YdH/Np/wHI/7Jz4d/LiyX/Ppg7gBv/Dvn9h3/AKNP+A//AIbnw9/8iUAH/Dvn9h3/AKNP+A//AIbnw9/8iUAH/Dvn9h3/AKNP+A//AIbnw9/8iUAH/Dvn9h3/AKNP+A//AIbnw9/8iUAH/Dvn9hz/AKNP+A//AIbnw9/8iUAS/wDDvb9hv/o1H4Ef+G58Of8AyDQAf8O9v2HP+jUfgR/4bnw5/wDINAB/w72/Yc/6NR+BH/hufDn/AMg0AH/Dvb9hz/o1H4Ef+G58Of8AyDQAf8O9v2HP+jUfgR/4bnw5/wDINAB/w72/Yc/6NR+BH/hufDn/AMg0AH/Dvb9hz/o1H4Ef+G58Of8AyDQAf8O9v2HP+jUfgR/4bnw5/wDINAB/w72/Yc/6NR+BH/hufDn/AMg0AH/Dvb9hz/o1H4Ef+G58Of8AyDQAf8O9v2HP+jUfgR/4bnw5/wDINAB/w72/Yc/6NR+BH/hufDn/AMg0AH/Dvb9hz/o1H4Ef+G58Of8AyDQAf8O9v2HP+jUfgR/4bnw5/wDINADG/wCCe/7Di4/4xQ+A5z/1Tnw7/SyX/PpzuAG/8O+f2Hf+jT/gP/4bnw9/8iUAH/Dvn9h3/o0/4D/+G58Pf/IlADl/4J8fsOHg/sofAgHt/wAW58O/1sm/z64+UAf/AMO9v2HP+jUfgR/4bnw5/wDINAB/w72/Yc/6NR+BH/hufDn/AMg0AebeMv2Cf2LLLxl8IrG0/Zc+CFvaaz4u8Q2mqQRfD7QI4r+1tvhz4z1KC3uo1swk8UV/Z2l4iSK4S4toZF2sgagD0n/h3t+w5/0aj8CP/Dc+HP8A5BoAP+He37Dn/RqPwI/8Nz4c/wDkGgA/4d7fsOf9Go/Aj/w3Phz/AOQaAD/h3t+w5/0aj8CP/Dc+HP8A5BoAq33
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bc612b3-e6b8-4fb1-97a4-4961950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:32:51.000Z" ,
"modified" : "2018-10-16T16:32:51.000Z" ,
"first_observed" : "2018-10-16T16:32:51Z" ,
"last_observed" : "2018-10-16T16:32:51Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5bc612b3-e6b8-4fb1-97a4-4961950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5bc612b3-e6b8-4fb1-97a4-4961950d210f" ,
"value" : "https://www.malware-traffic-analysis.net/2018/10/09/index.html"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc61150-4614-4135-93e5-49ca950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-26T11:54:29.000Z" ,
"modified" : "2018-10-26T11:54:29.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' d 260 a 3 f f 197 f 460 f 4e626614 d a 28 b 32 f ' A N D f i l e : h a s h e s . S H A 1 = ' 0 6 a 0 45 d 5 a a 2 c d 0 e c 5 d 1 b 6 f 10 d a 35 f d e c 9 d c 836 d e ' A N D f i l e : h a s h e s . S H A 256 = ' f 5 f a 0 a 0 f 444 d 33 c 8485450 b e b 0 1 d d 5 b 338 c 15996 f d 48670e2727 b f 3552e6 a 59 d ' A N D f i l e : n a m e = ' 2018 -10 -0 9 - H a n c i t o r - m a l w a r e - b i n a r y . e x e ' A N D f i l e : s i z e = ' 66560 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A F y D U E 3 q l d L g 57 I A A A A E A Q A g A B w A Z D I 2 M G E z Z m Y x O T d m N D Y w Z j R l N j I 2 N j E 0 Z G E y O G I z M m Z V V A k A A 1 A R x l t Q E c Z b d X g L A A E E I Q A A A A Q h A A A A 2 R 74 a U 0 j o A b x f b k A e f g c p f O 9 a E h 7 L K F k x I X K o f V E f d d u o U 9 U R X G R 6 Z f I 0 2 v a p M o K H H C 29 L d V 56 n e i D q G 1 R F a 9 + Y R 2 A t S k d 2 L C 40 p 2 + x K V v j R g D v n m s C F 57 q N 0 4 d A N o i S L n 4 B Z M Z q I D p s z K 18 b e I 8 j s b H g 3 l z V 2 J d 4 y v k g R X 7 r c B Z L g Y 6 Z n z Z I d G W b s S 0 1 p h I H X k s 8 / U 49 k v D U Z 2 / H 7 A T o h 0 t 18 b L b v e B c C P + M g V E S i P Q / J Z 1 D X o N e n 3 G e N D / 51 A g Z 701 A l Z 8 K u K k o y m C X 0 + 6 W E a i b c R t 9 Z n C G B h m Q d G F P 0 f g M X J O + p u 9 n L u 1 k d i N b g y l 3 Y q 7 D O / 8 R O l A h r I A Q i K q 3 u E E t G s O F S v K o l 3 E / Q L P 5 O N a z c X S f 6 l m k q C M Y d Y I 1 l 4 N b 0 + 1 Q l 5 L V 3 q S 0 2 j 6 U Y X Y l Y / k P w v / x M + I 2 k V v R H u 2 S x 247 x O 9 y s 6 y u H M p D o q 9 l T J o e X Y o N p j e H Z Y w e + D L e 47 / S v i 1 s U M y a G 9 w J 34 a 2 L a d J b V e Y Y k 1 F O C c 7 V m f O 5 A z C I m h K t 1 W f 2 e o 2 B r 6 Z e s P X f s q J 8 c f p r y 1 Z P E y U U e Y b n V n F 0 v t L N j z c y i 3 Y b 8 t X a V F R M S M b 0 i u I q W V 8 X F F v 1 + U J g v g x + 4 N i V h U m 85 w J w 9 r M / J l L g a b T k H 50 I n L m V r F i x k / Y 2 g h X k E N a p I H I 6 n i c F I l 7 C 92 y L 6 Z b L D P B W Z B q + W n D k b e 9 d R J m O P I d 2 g r 2 V z y E Z 7 N X W 76 V a F Y Z 1 N U o J e H i b B g 7 e i 9 N U B 91 N B T e j 7 X 0 i J f K j o i U 9 / O H Y a Q U E C u 3 U F G Q p v k 2 b n 131 O / v a v X l k / k D 6 g x + S T B t k 6 l x M c b O X / 2 h D x s X 2 Z 0 p 6 K 7 b O y i F 92 s o M S s B F f n 0 a i C U X Z w 9 k 2 B 5 s f O H m L X S I S S n P 5 K g r X L L n W 8 u I t 7 Y d S d m 43 J b M T V / d G R o Q q 4 Z o 0 3 f L D 0 H o L z a G z 1 S O C J t Z O d P q 8 q o e G y 7 e L s R / 97 B J 6 V m i 6105 x f 4 M j s 5 F q T F W F F V 1 U A T R c Q S k A p L 7 L + i A y g 1 M M I c M / N i m + 3 n U O o 7 c i F H e O M k 41 + k f k B C 0 G r 1 j Y 7 g J 1 L Z 8 v e x 0 a F e c 9 c a u R C m Z 0 S g 0 W i k X 0 6 X p m k z q 7 d e L i u Z p t o 63 V E a A 0 b l K 7 H s P 7 c b d s l r G 9 D 6 v N M 0 X O S x q 6 k A l Y 3 l e 3 T R 25 V / Z I l M 8 B / m 105 J k p r O y G 9 b + T K R b 6 f o U d 7 E W S I V y n K 3 I a e g H Y s j V t r Z O p u r o 0 0 d Z T E O V X f X C F u + w g B G v L i i B i i W Y H 65 r 6 P O o m n p 8 T V I 3 J g y U 7 o v B 66 f + y E a I i B H 24 D / I 8 w 0 h q k i 5 B E k C l 4 S 5 h U e x V A A v G A J O C c Z O I 7 T A c A 52 O s 7 v X t d c g o S B L R 6 z t r 3 U M M r b G v K C y g 344 r H I 2 M l N f c E t G 0 3 k d 6 C f u y N D 3 S 7 s u G U 2 j A x X p n P J M z c f u c M o s i T l F g h J V V h g j 1 Q E g O 7 M b d / 19 L d t 2 X O 1 Z 3 P I / Y J G J W K v S Q w k z a 61 H n 9 k 8 V Y / e 9 q S + p A 4 z l g / M g T 2 U g e 2 c 8 / g 9 x W x t M E V p N 8 m y j o c R n + L v 63 Q h L u H 6 h e / U p 6 h M i i 9 l i k N m P n b A 2 X U X Y B 8 g g U d J S l D K y X H b R 1 c z o a J / S Y R m h F T 55 V u 4 n p 8 A 9 z L A n W 6 R 0 c L z J F d 6 e g f l g I N x x S R Q 6 x D 7 r z / l j o t a v k r u 6 F j / 5 n B 0 k x W H T 1 b i T e s Z a J b l y z 5 c t a I B y 40 z 0 z d q k l Y n V 75 P M j o D d k x p i 8 A Y X O e z v 92 R 5 W e Z v j O 7 Z g u U i c 0 0 k 45 B R I D c 3 I d F e A x 7 z C 2 p 93 y K V h a p C I B B F B U b m J 8 I V K U E Y j y 5 C G Q r S u M t H X H 9 o b D D Y 6 J v O D K l c O p o z 9 u 3 w + T v q 8 X d M Z M c 3 M d s z P r 0 p 4 I 3 b a R v o P p q O j c p h c l / T F 2 n N 5 K U F r U x E j T O J g 1 L 0 m a x Z k b C B + C Q 3 i E R o q Q b x V d 2 d T Y E q V Z u / 0 y 7 D G u q 2 f l 9 i / R X F O 56 E B i P R I b z v w N L 9 B 4 J 2 j S + v 4 + f V 4 c h 4 J I R p / E u 5 r l u D t B N J h S J Z h 6 r k Y t 7 t 1 i 61 T Q b Y O b B E f W 79 r l h p x W o w K t + 4 M k A 7 h E B E D h Q s V X 0 w I Z c s 3 A I J z e g i h + 1 h X I o n L i 7 / w X e V i A W y o p N 5 d h 7 t C j A l B z E 9 i w y t S Q / Y m T Z v L / v t j z Q x g T h v f i z A M 79 M X z W q P 77 b s 2 y F p 31 Z N Z D p r F 34 c O G 0 6 Z w V O a e j u j h D T O d g g I x b o + r o 1 D H i 0 b B w + o L H g V k u u 4 h x y a G d m T L r b A Z H I k y Y j h b V Q l j u / s G V K 2 Z U 185 a 3 M Y y C Z 3 L b g 4 x 0 Q p 4 f 2 A L T R t 0 Y 437 K 3 s G V t a J t h 3 w 9 H R 2 y N I O W 0 F U a G G C q G Q 9 c 1 N a Q 1 V o B O s D N s 5 k Z P G N + v / m 40 p 9 + X P r m u b J k Q c N H 0 C Y 0 S f t c i T s z v 6 U q Y V 7 q 3 a K Z + X w 3 J O 0 L K j 704 j L V f t f Y G P n 5 W e U 0 4 c r a d r e 3 w e w 1 c / l Q E W y i L d u u 8 U y R I K 5 E O G Q 8 p v r D V K / 2 E b e 0 o y F a C C 2 E j c G s L 4 h S o H t L j G V c O M W Q R 759 A j J k e 0 R q d T T E N 2 F P V D d 7 i x p h k M H q Q 183 v r 7 s F 1 e e / s + 7 j L o w l / 8 K o I P v C U s r z R e 2 c i q O 7 c 9 s 1 Y A t n M w j 1 X n 7 i b B f j G L K x a e F B c U T I L J F G I 6 I u k h B p O q 6 g u B 49 y O J T Z 5 n y 2 O N x 8 o T s Y j U 775 E L e 46 S d F K g 8 H 75 L 0 x 8 M n i O F n S 8 T z E t K l z V U e w Z j f 8 n 73 T q o u z L 6 s i j J N s F V n e x h u a A q / q l U E E T d c e V P M 1 i 5 R d 4 p R 5 v U J z S f q b 6 O U k 2 K I T 7 f o x s v M O A K 0 s s K 6 f X o j Z F t c Q B 8 N h Y e L o Y z v L v 0 S k u R f C 5 U Y g t W x J + q 1 o D n u Q p r M 2 z s p k W X e p z e 8 X / Z N 6 u R o 6 d W c D A 26 f w M f c 6 I k Q a + b 0 F g R N R k f 7 a j A Q G 2 q w / y D T a R t t a W S Q + H 1 q F V a d 9 g H G o C S g h N 0 4 u 1 G z F d P 6 F s 1 p W r M i J O k c K z f i G K f i 8 a O R 1 b u i l t k n 14 D i S b U r E z R O N T G A c K s 56 q u M f z 8 Q T 226 e / E 1 z i 6 c K m 9 Y w m u r R r B N R n Z X 5 D G 6 p 17 D X w J w m P B E k g 83 J F i c H a Z C t 5 h w F u s x j h H A 0 P 4 h M n / A / I z p D k 7 B r i F o J B d A B 7 Y 9 G H t 7 W k 2 S s v k z 8 / 7 m + T O Q H 3 K L 2 f x 6 H I P 9 I q f L U k c C g H E g + T U G l Q 50 O L e p z v i g D A 4 K M E M B 2 L 1 j u 3 s 8 q O c H 2 Q o 6 G k A h J g o i A x A o I O + 0 5 f B E A j o v f p W P U Q / H v q T S s c s A m p K Z c q 92 K 1 w C 0 T v 2 Q 2 T b + K 7 c p 0 N 0e1 d 5 N b 1 X v l L X y E P B l m 7 N d P U e W n P u x x 0 P 4 X v p t e n T O z b O 5 Z E I v C 1 H o 60 Z 46 F E + I A U b y H 24 K T 4 Z t u 8 a 7 n r F f y N n y 2 o h p x 1 g D h k G V t a b 2 G V C t K u P P f J T E x d / M j X Z F D O c Q d g 1 e x 0 B x c H r g k W h x 0 5 n Y R W n h C p M g z U i 9 O m P C A g p I O y U 5 a V 4 B Y e / P L q q e B c 52 t B S i j O f K r C + a f e N c b P v n R J y g + 7 m i a m 6 R s h f H z g a j 4 s E / d U o x u c L A R 14 O U J J b 5 S 1 y Z C g G 4 X m f f W k 2 n C L y E R S R t d W Y A R P 2 s + 2 t h w K / J D 2 f 4 Q L z 9 A q 0 t e D K P k x K F Z f o J u D S Q l Y k J w e K E C z m n e e Y 8 S d C f s Q F U Q 4 G i s + J v G u y N p G d 1 s M a E l d X h H K n b 3 L H X c H K 9 P K M J X f M / B P q + O K s 2 m c x g B y W 1 H d j t N n / M S a v r J I t Y x j X 4 T u 61 X v H g z X S L R a g i S k 9 m p h p B c U G n 6 t X W l k D 0 n + Q E I w n e b g Y v E J 6 N k Z 5 K z l 5 z B e Z P c x s i g C c A i 0 E V X r S 333 b o A V J + a i P a W d q U 171 V m E Y x x T z B H I B o x
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-26T11:54:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc61173-f948-4a64-bf3a-48da950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-04-25T13:02:14.000Z" ,
"modified" : "2019-04-25T13:02:14.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 187 d 20 d 7 b b 1 b 84445587 a 7072202 d 8 d 0 ' A N D f i l e : h a s h e s . S H A 1 = ' 1 b b 46 c 2 a 0 4 c 7 e d 0 a 624 d 827 d e 84 c 69372 c 392 d f 5 ' A N D f i l e : h a s h e s . S H A 256 = ' 77 c 930 b f b f 405087 f 59 a 279927 f 32450362 a 47269237525318 d c 5 d 22094 a 331 b ' A N D f i l e : n a m e = ' 2018 -10 -0 9 - d o w n l o a d e d - W o r d - d o c - w i t h - m a c r o - f o r - H a n c i t o r . d o c ' A N D f i l e : s i z e = ' 205312 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A H C D U E 28 c c M F B d c B A A A i A w A g A B w A M T g 3 Z D I w Z D d i Y j F i O D Q 0 N D U 1 O D d h N z A 3 M j I w M m Q 4 Z D B V V A k A A 3 M R x l t z E c Z b d X g L A A E E I Q A A A A Q h A A A A q m o B S 4 C T k k L g a + U 0 D n o H + m 2 + 6 e g r l q O V W D O l z s G O v K h U 4 y R S 6 k e C j n 7 w S E K v l d S Y F D C S X n q C C 2 + C b P b W e v J i H e s 6 q 9 Y 6 f f R 4 A 6 Z 2 E I s K C A q T K b 6 R x q D s i p P c k O x t N + L S Q r A f u z n 7 T o y 10 q O l o f A I d U o s 7 j Q j C I H m + a B l W n E R e U n Z j k v + y e 1 v E P 9 F I V b Z Z s m B z o s l L h X 9 Z N 6 H 8 f k E L X Y V J T K i p / n w 9812 l z 6 i E Z n A 8 t Y j B P W r E w + B a W F f b d D T 5 j B n N + 9 u Q z 0 m J G U f z L u r G o 937 v t 4 h I r E 9 n p n u 5 d h G w i h F 9 Z a / L Z + W F 6 p F B + c 81 L 5 a L B E 8 H f R D L 2 v 7 G i 9 l l d 0 I c 8 q t t / k o B A U j Y p G b h l l 3 Q H S b b U R e k W 51 n 8 b i n 0 B f J n B 8 Y x + Y T A y v n U p 2 K g e B / w f m J / 7 Q C g Q 3 U n Z x C X b x c i x 53 p i P e o c s w b F v 5 I D O u y 572 F 4 o q N e G 5 Q 0 P A g 0 g / J 4 A s I d h 2 k f Z y o 4 j 6 Z Z O X q A S 9 J K C 75 c I b g D V E o L l d y 2 W J t N G K n G X s 2 Y S P 4 h s t q N w j G J L h D / J 8 B o u h A f q O + 6 f n 8 r P y C q 72 g s 0 j h 4 n K V C o w O / D 21 n v a g Y w a f K U 26 a c V V l O K m / c H X G X Y Q J J t d n Q I a E N N a K Q N m L M O V v 6 y e E f c i k q u 3 L 6 x c l 71 v l J 7 a Z F 136e22 p I f E K p x Y p 4 m c d K E C A i a o p / 4 P k I I W X g u U w 7 K u E f / a S 9 / y 8 + E S m u L a X j g U K 0 e S + 8 R C 9 + n F O h 7 A n f x f 2 K k f / J r k W L 5 V y c b D p 1 k 5 n H 7 Q j j 7 K n U U u D D / u Q H C w R v j 21 F W a O X q d d c v 9 W f g J L Q e g E F U o g m L W e y + c 8 a v O E F T 4 D X U r 3 A g X 8745 n W B Y e Q A D 8 t n W y 4 l Z 8 / N n h 9 A l M Q n M x s 40 U x P y k a F 4 I s 1 e r c K s B t k c E 6 K D G K E e l e t D 1 z X e y G q w 28 L k k F T o f n l o 9 L t j v g l 2 n R t W r e l Y l w H T k j + 0 D t T T e a Q n t S 6 o W d + 0 p m 34 o a x 5 W D A N f x I W Y n x k b 1 b r M R h C m l 1 R d B k v B 0 S 9 l Y 52 X j T G d 6 T t x i T k / T A P 4 J K H g m q + f 3 U y J d b m g 7 y S r v V 1 Q 39 j g N N j 2 D w 26 X t c z V H q M V n m E C p W l F j S a T U K 9 C q S 6 A Q I E 5 D R Q 0 c B z P f 41 c L y o K c w V R y q z 2 Q u d T n C p m v Z g E B E W j B 1 U F T g A V r 50 v C a a I x v W 5 h K v Q 9 e r 97 E M d 62 q W o e t r C L w r R e v + / E C 2 d f 7 s 4 l / A x U V g 3 Z 8 W v 1 U 4 w 5 o b o 1 b c e X A q H k e T 5 p A o X x T t 41 B e / N O t z w t 5 G b q w g h B o S N z t q u g p f m A 3 Y r Y h i U S j X T O l u l c E u q A a L H M T C F z A M q 0 0 o t Z g f X w + t 9 + k H j b x 2 m y d o O y B q P y m L F x e 16 J I T u 1876 G s P 1 b X Z 1 t b e d t T 7 b M Z f s G i r E G H i x 0 r l 0 J w I O 1 / W d w r 3 K e j f v D 6 O a J l l 9 Z 2 y f e T T Q r R w k v c L C R H K d / B 8 N + G R 2 z e P o R x m Z F 6 n H B 0 c 1 j g t p w U Y Q G o 7 H b 0 47 D p s a G f F a T O L + B U U 1 v c d b V 3 h g e G y z K v t p r c 3 c v d O A D X l l 2 Y L a Z 2 k E A 5 c E 9 t R W Q 91 Z D D J G Y I L T O i B P i 0 U b T t I A j K r w Z 9 h q j / j + d R E H y y d 9 Y 6 N o v 3 y S l 7 x c 4E30 C J C n 8 m d U O t z t 9 Z 7 e p e 9 Y D 9 q J j 0 G g h N 2 F X 6 y r f u K H p B q V W V o s O s 6 Y t I 3 O x 0 7 R d R s w F z 9 C U 7 q b R 0 C z G G E Q 0 Q g j + o K c C t V e p B G O p + W 1 J V i P 0 s o Y A r 3 f Y W S 8 Y A k G u p o w 926 s o a z q w o B K J L N U g c D a 96 c 2 M / e t F B x r G Z o / W v 3 S O s V r B M F C + A 7 i M R 4 l h i B f d N w p h o k 4 i B K w L + n e 7 m R o y z J A a 2 y y Z Y s A 27 u Y U p a P V e p G s t m K O X k j 78 s o K j N r M p k S M N X S G m N H 5 L h w T 5 C 1 J c m 3 z u M C n G o W X r H r l Y X V + g f E u q f R J a i N j 95 H 7 C b l V 28 y t l U 5 U Y m p u v U o 5 a M b a Q 5 p H A a z L o o Z Y W t j g j 3 I 8 m Z g x 27 f B G J x R t j b j 644 E y h d C C u f w 9 Z 8 o p N L Q y + m P O F 8 R R H r C D O u O 4 V Y u Y B H b g L D l + 0 Z 880 p N j B l 6 W a f P 501 C 7 A E 4 Y 6 E O B k N G g L J u x R r C 3 B F t f C t h d F q u F / 6 s / x a f N D g 5 y R / g 30 g B r Q 61 + 3 v 5 R k 5 M r t u a T I 1 m p Y + y U 5 V S Z 98 x 2 n y I N 53 E N u f S e 180 m r C x c C p S u L v b 27 G W k U 6 M Q z b / 3 k t D l 6 N g O L a X j / i L u g 5 b i u K a e l 8 + W M l h F o 8 n Z z R T q k 9 P N R z N v 8 w W t R S q g x a P 1 a r s r 7 X O z K 8 m R b g A p / w A W J 4 X A x R D f Z e K o A L o 6 x c S y / l B J 1 W J o t N Y 6 c g i 8 C o l R H B 0 3 Z / I I w b c / Y a l 0 O + z 4 V e m M q p x t a e H C 4 k O 9 b q s + N r W f 4 d P x g e i X E R b N V s n 3 P q H J v T D + T O F o 6 W v V N 2 b j g x z s 9 D R 36 j O A E 5 R e 9 r t p P z V C d I 6 S o Q 8 t / T G L G p Q l y c B I E T 28 X c t u 7 W h i W W 2 H B F d R e v w r h t B K L F o O g w 8 j G 5 U d O Y d t a q e K a 437 / T q O X P 2e3 j H k B A K y r q m 0 5 + 7 e s Z r i / 7 k d 7 v g 1 r N B X h K S w A Q P c r V M 44 O i i x s z + R G W 3 O L 5 C R D W f K i s J m L Y i e 5 v n D j G m J U e 9 + K Q P t 6 A Y n n 5 J Q Y t a z N y 3 X D J C A 0 P d e K x t 0 I K j Z S Z z W n W I + m 92 C q k 1 R + W O H U n Y t Q 34 h 45 N Q k k h V / t I V u U K 0 v q y 1 F V 477 v f E x 6 H 2 N V Z Q o D 0 o 6 u 2 i 2 T Q h r v r L d G v + o b t 24 Z j 4 y 1 F y o 2 B Z w H U C 8 k 3 M g F N M N e Y h 6 H f 6 X 8 Y O 7 v I Z V 5 r P X 5 Y v p B S V g A V T D A S Y U b p z u w v t m W X z e r q v R B c i E 9 Z Z g V N e 6 v r N p 9 D e + t I B 4 H r U B Q n U 25 s J s N W B j i s 88 o d p 3 G u + 0 k K H I J w 8 D A U Q A 1 A c o a 8 i 56 + 6 e g W j W c B E T 1 A E r e 0 y x Z p g c E m L y o s e x j W F Q J g I B O + 8e+2 / w S t P U l d M X b 3 E Z K X r D M r Z q v V x r Z S 3 W K 4 G A n b G K / q 7 K U Y C j P w e 6 s 7 c g h H w i q O T U b S X I s R m b L H s E 78E6 v A 8 p R N I a V Y j Q D B j b 1 s m i / D 2 C R 2 j Y 0 H 3 t d i 4 N G u v r 3 S X b e c H O k N v l m B j V R z C v A b q v 3 j T g 9 r Z j v F r R j X F o + q b x s 1 t o x K m 82 s Q U J + / r 6 O a q X x x 4 y l 1 l / n O v j N n 7 D r k h 6 z W c G i B g D c 8 T N R e i / H E G C w B C 1 R s X 2 X + 7 S r 1 H t l D Y B K w Y e N 2 Q J Y F D / g x 9 S l J 6 g F 6 y v e r z P O q v Q E P d y S J V p 5 I U i r A P w 1 E G 0 3 j 31 G 66 w h p k I p I N e b F 3 w q p 6 y c c Y W 9 r R J k 4 x Y J T J 6 Q / u O a 8 w S q z l S w n 1 a J 2 w + d 0 n q W 2 x + R s B Y 9 n 1 E J 3 l I s I T g C d y o 347 v i Y P n f b z s l M n z k Y C 6 r 1 q G o J H 346 r p g w r 5 s u G i 9 p N 0 q w D M J P B y Q + x x 2 p w J 7 P w C 8 l J O y J y 2 w 6 L D 9 x w I U c 21 G N a b 4 u R 6 A r X E R M M w I F K j q + E z W 2 H Y u z i 3 H e E u f e D w A b c t d v n C x Y 0 C L q k 4 t 8 v 7 A y s E H 6 c m f W E l w g r 6 v h C j 7E2 + w s U O I F s E i r 5 X o K 609 D y w g m 8 T 0 7 b F i H z x S R w 0 87 m L 6 + V w O F S 7 B M L 6 g L 27 n X j r k 3 o Y P Z 6 M 1 m u C K 62 t z 8 P 4 O q T P U l Z u + + a T W h 2 F d V c c u h 1 Q e N g c N g P b 691 L v o f R w E l R 3 c u f R 7 i 7 N 7 n P 6 t 51 x l m J 60 z 3 o J M t 2 K 8 O x a m D d h 8 e M U b 4 N k T K b W s d s y m n 8 q t z H D w Y O L 91 X K Z Z D f G p 5 O e + M U 0 C s 0 e a 35 r 92 C m 2 s E h w l / 9 l m W v I B Q l w
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-04-25T13:02:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc611db-b1b4-44a2-8fc6-404d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-26T11:54:29.000Z" ,
"modified" : "2018-10-26T11:54:29.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' d e 6 c 79 c 71980 f 769076 f 1361430216 f 8 ' A N D f i l e : h a s h e s . S H A 1 = ' e c 830e664494 b 58 f 7 d 124883 d 6321e4 a a 0 622 f d 3 ' A N D f i l e : h a s h e s . S H A 256 = ' b 8 c e 490 b c 146 c 0 58 a b a d 4 b 6593 d 9e08 a d c f 0 b 9 d 374616 b c a 25 d f 78e92 a e 7 d 753 ' A N D f i l e : n a m e = ' 2018 -10 -0 9 - Z e u s - P a n d a - B a n k e r - c a u s e d - b y - H a n c i t o r . e x e ' A N D f i l e : s i z e = ' 143360 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A K i D U E 31 q x r 8 f a 0 B A A A w A g A g A B w A Z G U 2 Y z c 5 Y z c x O T g w Z j c 2 O T A 3 N m Y x M z Y x N D M w M j E 2 Z j h V V A k A A 9 s R x l v b E c Z b d X g L A A E E I Q A A A A Q h A A A A a V 5 e x X g + Z G 8 O H 4 M / W G h I 3 + U q x r K 6 M B g o k F c 3 + u v V L 79 E P + e z O o X W 3 F M G d 0 g m a o F q 2 y x D J 77 J J J 2 b E c H V 6 d 3 o s p F o S / M 5 P I 4 o 7 j D 98 v I s H C N 7 S R x + 5 N T d M d Y M B O G p i G q e A 0 F R V 4 j D / h A K 1 s l C i G W + E R g 7 v u u R P J J 4 c f F h 2 n V P K I i 6 l z 3 V 1 N L h e Z d p i H c j f 2 Y d g U g f u Z s 6 H x Y q o y S w S 7 b G A F s t e b l H j v p S j 2 U p P 5 K R e O H W V l w H D c V 6 r k y e m G i y S P w h A n 9 x y 3 W Y f 4 F b n 1 G y K q V 3 + 51 V 9 L v 9 Y T a u I V K 89 l X p M o K Y n L V s J b t M Z f J 9 l t O 1 Z n L 3 S X 190 J J t q v Z b h 3 L H e F z 735 U l X p E J A D M a S r R P v Y B o I / f v Y k b f l V V O f l X i n W B U T B f z Y 7 z i X b J b 3 Y v a C 0 j 0 5 Y 9 j 8 i X C i B 4 G g d m A t E 7 q 0 Y k + G O V o N s d k q m s 3 Z N s B / g Q M Z + 2 X L Z e c 3 Q c N 3 z m d q A s u C B c d R I W m z r G Z 19 f A R e 2 f Q n / C V J S d G 3 N l X p 0 a r e L b e s A 48 c + a 9 P l J r d T J N G x W G n M b Y L u 7 U G u t u r h F E T u r 7 N H 7 S Y f Y 8 a x 2 j + 2 / J Y T M b 3 A 9 L P E w X Y J a l L s S J e 4 j V t G 0 32 I s 2 G + I p p 0 R m 4 k t R U F L H R N J 15 A c D L W i M X i / F G i q q Y h H h o T R / K 0 t D k M T Q x S m 50 U u l i p X 8 U E R 4 g 8 Q t f D b T k J z q G q J S Z R + X t 4 p d j E N V G F y k E Z o I K j A h 4 e g v / D z I k 4 H w F P S S y 1 h + g O Z R O w k w a j q 2 b 9 z g Z m 9 F r s O D H s Q K G Q r 2 k c A u 9 n Q B l j v U + L 4 f G r i 9 G a c I + W D Q 78 p 6 P z U c Q 5 Z m Z E b O A O A B A G S q O u t S S u f n V X 37 G A A 1 O A D 2 W h 3 H C k C N e q e I F 4 w p u t I s 6 O Y B 0 1 C E q e 9 A s u X b y A e M k B 3 l M I w k F z J M T j 9 N 4 e w C d y I 5 D D y m h t v a K q M G 6 U J v y 6 w x W E v 0 z X b N 3 + h t g r w E y 9 U f n n l G V e M g t a u K O F 6 K I M r N j 9 h v G l s / a U Y e 7 Q U B y s b H d L 5 A 1 v v t a h l 1 q d S N S L h k A + J h t U x q c W a e y x q Q Q T f Y l Y A I J I Y u P s F U s l h f a w y 8 M t 1 Z e R K M + F l l b Z L N Y P 9 S j d S Y + F L P m h 9 / o X 39 l 0 m c n 2 v E w j O 1 J H u 3 O Q w C A L D c 4 U x z R U 1 x 2 Y b Y B 1 L A t 8 B T g 1 N 7 W C D 3 C H a Z Q 8 M v j M B / T B p W 5 j G K p 0 Q R l t W J I k j s Z A 2 R B 5 r p a I / P Z q l H i v 3 C Q m X 5 S Z q W 0 Z T X S a p 2 M e p k k i 6 m x p o d y v g 9 s 8 y X c 0 G 2 e g 2 g z K p S k a I W g O a 9 B q b f 3 z I o H P d 8 l L z C r J b H H X Q N k y X T E A L u q I e k B S q X a t D b Y i t T N 5 Z N 942 n o p + s J T J l D I D e A H 51 a 6 F e X f F Q E u d e 5 N m q f e / w O 2 b J 2 d t T a J 9 / W 8 b 0 r 6 b 1 g q P k C T Q i d / P p q G e 0 C v h g d i B 1 c i a F t W K H e k y J O Q P Y O W M B s p V y 9 F / 0 l s K q W D j 683 v P p 4 I 1 N j + j c X + p x W 6 R F 3 + e 4 t l m a / t d 9 d O 6 d H k G x Y 5 P t f l I j A F D j d 8 y L 0 e V V B D i 0 s + a z I 5 R Z j U O b T F I o Y / C 1 N O k C D 8 m 7 p K g k B M g B c Y 9 I X b Y A G 4 m L R L v 9 B 6 f o B m + k c n K c i 46 e l 3 x D Y d w d N 6 D J v b 6 H 3 n J E z I x 1 P K z D f 35 G 3 n x U S g F 4 d U m w R A c W a u + a a A F c z 1 J u y O n I a 21 J f R o 0 T 3 + q O Q 6 T j K I o N e V 0 12 i t K u 7 j o b N o i k Q M y K B K z a Y B h K i A q V 2 v T J X Y Q 1 s U l 5 / Y O j Q M c K B l s u 3 R T q w S j p f h 1 y n U 0 / I O 4 h i 9 P z 8 g l N 5 Q 8 y B 0 V T b T q r 64 q f N l I J u h 5 E K 8 T V r o 7 A z s 0 V 5 X Y p + 1 Q q Y c R s t b 9 x H 8 U q 3 p 6 w s k K h F / 2 w F 7 k U I n 2 d W 4 s D h T O V Y F H 7 q c 2 v h K B f O S O J v h j F e U f v i r o M y r 2 v E M R j u G J 5 c W o A a x W C x A d h R 3 C R P V B k s t x P E + Z G m i r W Q 86 R P W r V q n S 5 t D / X j c I H p U 0 u Y I 1 / Y 456 B r x d s i H b 1 T 2 + 7 l a P X P l b B d 6 d S n G 7935 S J I / 4 V r I i P V Q i r o u 8 n F a 4 T H Q J 5 X R F x o I W 9 w v W N + s p T p r b k f + 8 / c L t n Y u 14 D e N + e a D T I h Q w O 3 M I n 83 F 2 m U J x k C u 3 d l w 9 P C g 7 z X b o 8 o + s U 8 H E M m x s Q p M 5 u H m H K Q S G y Z 0 u T / V 5 w z w W 4 w K c W N J z K b v c w V c p z A m 0 1 g 8 Z g g 6 H 4 U q z D G g 0 q R 64 A 4 S o s 1 m u q Q O t h Q y S Y h D e V P B p 0 j C a O K z A 8 / 69 M G Z B N Y u d 6 w x G M r 1 p 9 d X 5 o W o q 8 S k u Q W y Y x + 6 F + E x Q w X d Q r z O G 0 / v X V 6 p K V v V x B O u P h I h 1 Q x P X m c 4 N J 5 T E p I w e b h Y v J m + O Y v 9 H D P / X e X N X X L N Y 9 k j I r A v j O x K s R / F y U O G c B W L V m 0 F W + h t P 1 e y Q a + M d c s b m n U 9 V n y E y Q X 8 + o 1 Y E l f 25 k n G p 7 B V b Z k M 8 b q Z G E 3 E z T x D A d 5 V 9 y U V I f a u e m S O 1 k p i 8 / R C J A 8 Y C P o 74 J 4 Q x j x n 1 I J x Z 58 p u + X y 1 T C H 14 K c m g 7 k O + A q d 3 e + T v v z B h / r / 99 H K n O H c M S a h M a N 6 h + a i S k E S D q c 6 r i 9 k E v / m z t D K 1 U S V 6 L r u v a R O h L y H F J o 28 r O 34 A f Q / f 3 + G Z W i H e R j C U 8 u L 5 c z o n p V p Z D 5 W M l Q Y y k c 78 o L P i 9 H C Z o o / e Z T I 9 G u 3 G L x 8 S d G + A W S x a Y X h U H o + A P 0 4 E B H I N C O J E p f J Q k A z B l S Z O x x T r V 89 r g 58 i x k X X W A Q 8 s K C 1 Y N O p g s f 5 u e i Y q X i R h s E p a N Y V R + U R 3 W s Z Q b 4 n r m S g P Z J m Y o A I q r Y Y h Q K n r e f S G y T s H D t L k Q + C A W i L 3 G z P i i m g d H f u d M D B M Z U V i G 50 g I G P I A q 9 T M w 16 W I j w k H O D Z s o w E 0 4 r g b l g u Y G r 0 Q P C p G j v y 0 5 m k q S K Z 4 N C T w B X N 806 C A u 3 w s N B 6 r p L F X 8 C v j 3 R 7 a o q c Y 3 a e h r C b E v o t 8 Q u g O 0 / u t y s H y 1 S t q K s B a p M l u c O t S Z 2 Z B j u g m k z Y x N s r T K g C G + W l R d l K R s m + c K Z x b E k 1 K F s g a S R 9 V f S g w i C I 67 v n H / D c A P Y O s g 5 k X 36 Q b R P 1 j y P T I 9 d / 4 t P w w Y T u 0 u + n z E 3 Y n Y M f Q M H F 2 Z m D y 3 g k G O Y R I 316 S A 19 Q Q e W n w w Q A T c 9 E H e Y i 1 c S V A 5 y S 0 s j n j O D 0 n M y h 58 J 6 r B A l f g 2 I x y 2 j L p b S p t 83 k 0 Q V T q U S x S j O 28 Y x 1 m 5 w c M i z X D w l t C I L r H a E R Y h S t 0 Y z 9 i D / f T 6 Z C 2 S v P b 8 B g k N X j x v I B 0 l g 7 m 51 L 2 t j W w L v 8 J b D f q Z H Z l W + G 12 g l F / 1 H 1 v m r 35 N 746 w R z k N 7 M D i O Y V W H o b O g e V 177 Q X E k K t w B i c x P W l 6 z j S v m B R 1 n E v E j O E E 4 s u p p s U j b G k 7 t L d / 0 M i y 90 p u l F k 2 d i 7 C 2 U m X w / e U 1 S 65 P 94 e N I l D g I p l 3 Y z G y P 4 Z r d u x G 2 m o m z p b 9 o E h N b 1 D i d t w / y k O 8 V T S S + L G a Y v B C P / I r R a p 2 t / q i q 4 K C 58 E M d s a a 2 l + o r p 8 g l L a s i l Q r d m d a j u C 2 F / j M t E Q H 4 V j b o L V b N y X w y G + b 71 T h v Y j M 0 x e L c H d i q g c l P / k o X X I 3 V 5 / w 6 T o a X s 8 B 2 S v 7 Y P c u d L t B e H Q v P Q 9 C k m 5 d s C S 2 A 6 m G 3 z a s P S f 0 K j S z C Z E P R 8 m y D / m J X 2 J r b n p w E a 6 u n R b R W W S x B S T 4 u p a M f v C / o y 1 D j y z P A Y H j 82 Q F C d J J d x v k A j 1 m T r X L V o S + 9 r M N J T g q B m 2 V a O H 1 M 9 G z m s v R u V L G m F 9 l 3 / q A r v Z Y b G m r y f Y 3 p p c q h 10 S 0 X W q 6 n g 6 p 35 U y r x i r H
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-26T11:54:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc6126c-e1a8-4642-8f4a-41dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-16T16:31:40.000Z" ,
"modified" : "2018-10-16T16:31:40.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.36.220.116') AND (network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'sincirewdo.ru') AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-16T16:31:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"ip-port\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\"" ,
2024-04-05 12:15:17 +00:00
"misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"" ,
"misp-galaxy:mitre-attack-pattern=\"Data Encrypted - T1022\""
2023-04-21 14:44:17 +00:00
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--19ea9ed9-31ff-434e-9103-1ac956deda80" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-26T11:54:29.000Z" ,
"modified" : "2018-10-26T11:54:29.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-25T08:03:16" ,
"category" : "Other" ,
"uuid" : "e522f99e-fbff-4433-af0a-fb04c5972523"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/77c930bfbf405087f59a279927f32450362a47269237525318dc5d22094a331b/analysis/1540454596/" ,
"category" : "External analysis" ,
"uuid" : "5ece2f29-751a-4adf-8e2f-2519f39136ec"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "42/59" ,
"category" : "Other" ,
"uuid" : "718456eb-82a9-4311-910f-0a9bba32082b"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--dc86f544-9003-4c61-9a8e-077f138279ad" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-26T11:54:30.000Z" ,
"modified" : "2018-10-26T11:54:30.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-25T08:02:45" ,
"category" : "Other" ,
"uuid" : "a88b5eac-e718-4121-9a2b-5c24b8a47e79"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b8ce490bc146c058abad4b6593d9e08adcf0b9d374616bca25df78e92ae7d753/analysis/1540454565/" ,
"category" : "External analysis" ,
"uuid" : "b1d201bb-74a4-4a7b-909f-6ce3ac7db48a"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "41/67" ,
"category" : "Other" ,
"uuid" : "ed0681ca-8f33-42f6-bab6-d5cd74d5ca06"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--109b564a-ee52-49b6-80a2-71b019a253a7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-26T11:54:31.000Z" ,
"modified" : "2018-10-26T11:54:31.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-25T08:03:33" ,
"category" : "Other" ,
"uuid" : "ebc4448f-4b44-4fdc-addd-225a16d92414"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f5fa0a0f444d33c8485450beb01dd5b338c15996fd48670e2727bf3552e6a59d/analysis/1540454613/" ,
"category" : "External analysis" ,
"uuid" : "9fb7fb15-1025-436d-bac5-982ce981d6db"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "42/64" ,
"category" : "Other" ,
"uuid" : "4d17fe20-7297-492f-809d-f31b268bde7d"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--361a64fe-807c-4743-8657-30b1e1ed62dd" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-16T16:29:55.000Z" ,
"modified" : "2018-10-16T16:29:55.000Z" ,
"relationship_type" : "drops" ,
"source_ref" : "indicator--5bc61150-4614-4135-93e5-49ca950d210f" ,
"target_ref" : "indicator--5bc611db-b1b4-44a2-8fc6-404d950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--25c68755-26b6-4eca-96d8-35e8e921da4e" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-16T16:28:24.000Z" ,
"modified" : "2018-10-16T16:28:24.000Z" ,
"relationship_type" : "drops" ,
"source_ref" : "indicator--5bc61173-f948-4a64-bf3a-48da950d210f" ,
"target_ref" : "indicator--5bc61150-4614-4135-93e5-49ca950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--0a07ebe8-fcfe-462c-820d-94f68f6b32d6" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-04-25T13:02:14.000Z" ,
"modified" : "2019-04-25T13:02:14.000Z" ,
"relationship_type" : "references" ,
"source_ref" : "indicator--5bc61173-f948-4a64-bf3a-48da950d210f" ,
"target_ref" : "observed-data--5bc6107e-aef8-45a7-b83b-495e950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--9aa7e40a-ad30-48f3-a830-d944d999275f" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-16T16:32:21.000Z" ,
"modified" : "2018-10-16T16:32:21.000Z" ,
"relationship_type" : "connected-to" ,
"source_ref" : "indicator--5bc611db-b1b4-44a2-8fc6-404d950d210f" ,
"target_ref" : "indicator--5bc6126c-e1a8-4642-8f4a-41dd950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--1c4431cd-b84c-4f01-a4b0-ae608c8e21a7" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-17T06:53:05.000Z" ,
"modified" : "2018-10-17T06:53:05.000Z" ,
"relationship_type" : "related-to" ,
"source_ref" : "indicator--5bc611db-b1b4-44a2-8fc6-404d950d210f" ,
"target_ref" : "indicator--5bc60fc7-628c-46eb-8517-4eb3950d210f"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}
