misp-circl-feed/feeds/circl/stix-2.1/5c0e7410-8460-486e-8f02-a11d950d210f.json

646 lines
2.1 MiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5c0e7410-8460-486e-8f02-a11d950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-12T08:45:03.000Z",
"modified": "2018-12-12T08:45:03.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5c0e7410-8460-486e-8f02-a11d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-12T08:45:03.000Z",
"modified": "2018-12-12T08:45:03.000Z",
"name": "OSINT - Sextortion with a side of ransomware",
"published": "2018-12-12T08:45:11Z",
"object_refs": [
"x-misp-attribute--5c0e7420-3358-49b3-bf6e-dde2950d210f",
"observed-data--5c0e742f-6080-4784-ad0d-4f32950d210f",
"url--5c0e742f-6080-4784-ad0d-4f32950d210f",
"indicator--5c0e74fd-de64-48c6-9da9-4a01950d210f",
"indicator--5c0e74fe-e748-4798-a431-40fe950d210f",
"indicator--5c0e74fe-1b04-49e3-afaa-4f47950d210f",
"indicator--5c0e74ff-7ba0-42d5-9f67-4c32950d210f",
"indicator--5c0e74ff-df2c-40c0-8b6a-486b950d210f",
"indicator--5c0e7500-3428-4e9e-9f15-4b67950d210f",
"indicator--5c0e7501-5038-422f-9fad-402a950d210f",
"indicator--5c0e7502-2650-4c72-8d04-4bf7950d210f",
"indicator--5c0e7502-bcb4-4fc0-b0b5-40ef950d210f",
"observed-data--5c0e7804-aa2c-4d3a-bedb-c755950d210f",
"file--5c0e7804-aa2c-4d3a-bedb-c755950d210f",
"artifact--5c0e7804-aa2c-4d3a-bedb-c755950d210f",
"observed-data--5c0e7805-cf04-46a7-bcad-c755950d210f",
"file--5c0e7805-cf04-46a7-bcad-c755950d210f",
"artifact--5c0e7805-cf04-46a7-bcad-c755950d210f",
"indicator--ac324cbb-6dc2-4b8d-9368-b109344e1ad0",
"x-misp-object--44cea817-b8a6-40c1-b5ee-209438d848a7",
"indicator--e5365732-2c9c-4a8c-9ab8-d0d6c467d8bb",
"x-misp-object--0e92217d-bcf9-416f-9214-141808c91626",
"indicator--0cb9aed0-98f1-4f61-8a98-19bd540d7a63",
"x-misp-object--8bf655d4-bf40-4db6-a318-eed93034e5e9",
"indicator--5c0e75ee-eae4-4d42-a452-c755950d210f",
"indicator--5c0e75f2-64b0-42f8-8a58-c755950d210f",
"indicator--5c0e75f5-d95c-4f46-9faa-c755950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:stealer=\"AZORult\"",
"misp-galaxy:malpedia=\"Azorult\"",
"ecsirt:malicious-code=\"ransomware\"",
"veris:action:social:variety=\"Extortion\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:malpedia=\"win.gandcrab\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5c0e7420-3358-49b3-bf6e-dde2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:11:44.000Z",
"modified": "2018-12-10T14:11:44.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "So-called \u00e2\u20ac\u0153sextortion\u00e2\u20ac\u009d scams, in which threat actors send blackmail emails claiming to have compromising information about the recipient and threaten to expose a range of observed illicit activities, are becoming increasingly common. In general, these emails simply demand payment to avoid publication of the purported evidence of compromising information. However, this week Proofpoint researchers observed a sextortion campaign that also included URLs linking to AZORult stealer that ultimately led to infection with GandCrab ransomware."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c0e742f-6080-4784-ad0d-4f32950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:11:59.000Z",
"modified": "2018-12-10T14:11:59.000Z",
"first_observed": "2018-12-10T14:11:59Z",
"last_observed": "2018-12-10T14:11:59Z",
"number_observed": 1,
"object_refs": [
"url--5c0e742f-6080-4784-ad0d-4f32950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5c0e742f-6080-4784-ad0d-4f32950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c0e74fd-de64-48c6-9da9-4a01950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:25.000Z",
"modified": "2018-12-10T14:15:25.000Z",
"description": "URL in email",
"pattern": "[url:value = 'http://jdhftu.tk/&4448']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:15:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c0e74fe-e748-4798-a431-40fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:26.000Z",
"modified": "2018-12-10T14:15:26.000Z",
"description": "Foto_Client89661_01.zip (Compressed AZORult)",
"pattern": "[file:hashes.SHA256 = 'a7ba2c9def86e54086f0624a73597865a90cb93aa72dec7fdf264f655cf1bb56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c0e74fe-1b04-49e3-afaa-4f47950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:26.000Z",
"modified": "2018-12-10T14:15:26.000Z",
"description": "a7ba2c9def86e54086f0624a73597865a90cb93aa72dec7fdf264f655cf1bb56",
"pattern": "[file:name = 'Foto_Client89661_01.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c0e74ff-7ba0-42d5-9f67-4c32950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:27.000Z",
"modified": "2018-12-10T14:15:27.000Z",
"description": "Foto_Client89661_01.scr (AZORult)",
"pattern": "[file:hashes.SHA256 = '29b42b0ecd874bcad5a5d9d03ed8f8dee320892305312b4898a0b64f9fbde93a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c0e74ff-df2c-40c0-8b6a-486b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:27.000Z",
"modified": "2018-12-10T14:15:27.000Z",
"description": "29b42b0ecd874bcad5a5d9d03ed8f8dee320892305312b4898a0b64f9fbde93a",
"pattern": "[file:name = 'Foto_Client89661_01.scr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c0e7500-3428-4e9e-9f15-4b67950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:28.000Z",
"modified": "2018-12-10T14:15:28.000Z",
"description": "AZORult C&C",
"pattern": "[url:value = 'http://egorgerov3.temp.swtest.ru/index.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:15:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c0e7501-5038-422f-9fad-402a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:29.000Z",
"modified": "2018-12-10T14:15:29.000Z",
"description": "AZORult payload (GandCrab)",
"pattern": "[url:value = 'http://supermainers.online/exp.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:15:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c0e7502-2650-4c72-8d04-4bf7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:30.000Z",
"modified": "2018-12-10T14:15:30.000Z",
"description": "GandCrab",
"pattern": "[file:hashes.SHA256 = 'ef07905923461ce13a3ca18ef6eb1833a8c8d327d47e9cc8641a2ca3d5ce97f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c0e7502-bcb4-4fc0-b0b5-40ef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:30.000Z",
"modified": "2018-12-10T14:15:30.000Z",
"description": "GandCrab Payment portal",
"pattern": "[domain-name:value = 'gandcrabmfe6mnef.onion']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c0e7804-aa2c-4d3a-bedb-c755950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:28:20.000Z",
"modified": "2018-12-10T14:28:20.000Z",
"first_observed": "2018-12-10T14:28:20Z",
"last_observed": "2018-12-10T14:28:20Z",
"number_observed": 1,
"object_refs": [
"file--5c0e7804-aa2c-4d3a-bedb-c755950d210f",
"artifact--5c0e7804-aa2c-4d3a-bedb-c755950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5c0e7804-aa2c-4d3a-bedb-c755950d210f",
"name": "ssf2.png",
"content_ref": "artifact--5c0e7804-aa2c-4d3a-bedb-c755950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5c0e7804-aa2c-4d3a-bedb-c755950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAA84AAAJ9CAYAAADkPCs3AAAAAXNSR0IArs4c6QAAAAlwSFlzAAAXEgAAFxIBZ5/SUgAAQABJREFUeAHsXQdglEX2/2Wz6SEJCSRAKAm9g4AUCyDYxe6dqIh61jv19P62K553lvM8u55dxN5FQc+uCDYUERCQ3gmk997/7zffzmZ38+1mN1kgCd/A5pt58+bNmzfflDdvZr6QmpraRljOkkAHlUBNbR1m3/0GQpP6Ao3+vMr+4JgIo5XJTCiZg0JcwUbABOSK1LH8LvJz8UoZ3EOewRYL6SakFrGDhHBQMg0S7+2fTNCkGzRC7V9m+51Dj2bqLT8/0SR5C5gtRHvLH251bgScIKfHa+qmiBbybyHaQccLlhdwU+YmPifvHmUiqjPOJN2hAjKRqQnIQxotY7gnsATtLo/ghsykG2gNufcr7hTdQy68e0SE+GhQIZ64HgBntHi0P8SB4xm2OQDqITg2siQBhp1pBM7kGmb4XWAK18A3cACbTsMnaYqzSWZ19Y2YNqwXPn3vFfxu7lyUVtUixGZz4tCj8Z35M7EGaq/CcwEKPDYqEiuXL8OoUSNQa4twzMUNnPq6Onzz1VKMGdgbI0YMJsUmJxUcn9AF7773CeJ7p6NPvz5ocMzjyYO9oghZXy7CwKEjUJObDVuoTcmJsqL8+AylX8YTBRM/cw2VtB9vz8amGjtqa6Wc9fU4smsYCqtrsa46VOFE2EMxKc6GKb27o7ahQY1I9ZKWFBrkr9tP+FTh+gaE9+gNu8Kz/lgSsCRgSeCgSIDdXODDo5NVJjX6ZyfI8nRsCQStSoNGqGPLMyjct7GZBoUHf4j4qnNfcf7QdsFpkzhak9jJu9Pjwo3lVWMARePiWiNml+QmXkv2JkLZr6C21aF7fbmHXNj2iGh0zEea1M4mXOp0opM5XaOLkkegk5R4GjWe4JCWihMY01ApbCAtppE/NoE1CCyE6QRGRVBl5KCvKTCeCiNxSJO8EEbqVByJp2KFqE0imA9xmBcVUvVP/NWiTJZX1YhCzVRGVurpoEwypG84IzcVr0CMIazJhQod0qwVQ1aFaJhOGYbYsPyrxegWG4mMfVnI2JvZlEh81dU1ilJi13jlr6yqRoMosUbBQhBZU4v66mrUV1aitqJcKfqhwkOTwmzIoklxNvhqEJy88irMuWQuRgwZgPzCYjz72DwkpKTg/j9cokr20edfY+/iz1GfFInaOqrFTQoz5UgIFekG7RfSDQ31CK2utBRnkYvlDikJsOW7N3q/iq86jNYl9Ys+WdJ5OBKYgPwi1S6RXMSui9lUCz4j22FxOlXNtEP5Gi1UvyftkkGLKVMJ6DpratumaAJ0afNmKP4Tap7ao3l6BJvjtxLSQgmEqg8MH1Fe2XEWhNNSQ0Dqrxa2AfKa3IrwlEBrKsGThhUOlgScr3ebCOpGoBuFfhpwHWIWGlNlZxKhlT8DtwnbocuqZCpOorQCrYDUVOlcaDZSuxVnKLlUO50qrvARohQ0QnUu9IVIRloxZoRKKwCVVsiFUDFW/1gWQ5VlGvGqn/IKjrZA14v2rJRnQakUhbVUFEtaoukcD6GpOSB9FSV/hLr4VdABY350jiDsoaGoEcWZv/Jasd5qIUletaL0XvGnSxV+sz+C98xzb1CAqBQlmcp8IxVnOlG6bUKvrqZalOYKVJeWgQp6vWjNoSIFKrW0NlNJpuJMP/mhUk0KU7sAbz72NM668jKMHTkYv7/uSkRFRiicd9//DJs/+xSn9UtAZUkJs1d05KHoUrJcbBAjfZPyTL9Yru1SHsviLIKynCWBdiEBtlrVEzk90h00A7ULVlvFBMvGApk6n5GmKZxAp5CcEMtjScCQgPVuBO9NaEMTNWci6AQ9srEq30Mgh1yw5TesZQx3oVnvlLs89n+INURHyfvn/MP0WpM6uc5YMjUUXReACyNUupqUTOqABgGthKp8HDRpXdaKr5rZkaQDn2GiKYuyC8zISmKYiQtc4Uq4UeBUHJUaregZlJg/0bkJmcqk5ouY9aKc1sm2Y5swRLJUQpk0RDLnk45wQZVnE0xHKojEKxTBqRdapK/yo58JJZZhItGKzN/WbbtQV1uDyMgo9O/fF+UVlQrOtA2iqdaLptrYaCjOzL+BfknX2FiPhvo64VdUZqEp1Iy8iSM/+a9ylId6MtuUKDtOTYnEwmfnI+SyizFm1FBlEf/4k6+w9bNPcFrfOESJYBpEGSa+8SMl0pefAIy8JCByapRfg5SN5bAUZ0rJcoeYBGSFT15+vRIXUOFdW2hACf1EZutVbdfpUQ3aA+QnsY6G5iJcF2/7LEVT/bRP/jo+V0GTcNAIdXyZtrkEfrZLP9GEHf8xA+LdWeeGxy1IQszWl9PxTOjDtcx9yxg+yPuI8igXMZ2F9JGsM0d5qbOWa6BljM4stvZUNl+vsP+1ZPYimFMmVDudSodVe2LAEWEog85YATelUAqiI0opnOLXiqoCO4FN6ZUVWhggFdIiffpp5dTKKqF0hrXZgWskUDAqza5WZuIpmKRh/szWgFG5pcVZFEL5sy+3CNuyipQFl/NglQdxRXHWZVHZEMZ/BooEQiQNIQ4nHuaTFBeLnIJS5BeXYUdBFYEqDWlViyW5rLQUlZVVuP+xFxHRrRdCy/Jw563XokIU59o6bvG2YV9ZIapCwhQ9zVAKylGfuQfFtlCUbN8slm077JInLc6hUjC7/Lh1m78wScQFAvE6XReJH1QdgZdfegvpt12PgsISvPf6O7ggvBDYtgelXMlwOEqaCjMXEdRPAPUSXycUuZO7nk85r91gD7MUZ4fMrMchIgE25JgIO644ZiA++iUD6/cVw+445+G3CNjW2Mos1yYJBFWMrI+mPrBNfFmJLQlYEmi7BILSvnWbblN/a3QObl2EW6BtZW11OVuTMIh8t63Uh3JqqxL2Z+0HT7qBNTCv+TKCTvdFRkimgMrG6wg1PTjHpHMqm+LXSrQ3KzQnlCG0auo8hIjBD88qO6abhAlRm6KvmdJTUaOsVBzpVKzgUmlmDBVwKoVUaMlfdmEZdmYVqC3WpE8Mm2y3rs/PQFKInH2Wi7MMqHo4/9DaWtIYhoge/aiBSxmpaDfKFu0GFJRWoKi8EntFKScDBkeNCKurl/gaUY5rECKKry2uK1BegBrZgl1TU6OsuDRk5RaVodIWrnhkho3CWJi9CpF5OSgVtbhkx3aEhYniLHGhIQ0IE0GESamUIi2Z1QncVXG2i5V6ly0Wv/adgHPPPx21kldsTCROP+8sfDl/PmYU70RsYx3qHRUlLCuFmXIirToqzUpxtqFWNGmlOMvW8YhuPS3FWeRjuUNMAuF2G6aP6IWM/HJs3FfS/krPFqw6MxPWfMWZoLc7kNGbOtnyCDrhHcPT0Suj/Us5aBIOGqH2L7P9zmEAjdY/VP+w9nu5zDIICms+iDCKju+nv875LhseZ9Df9BaeJQFLAqYS8NmWGEmn26x4DfWWIBegQnLqf14VaCc58Sg/tVzDo/JQvYYopcamZAEJgNZls0vEuDmaijeVPirJ5EfB6FPpuPXY4JZ/mQ0t27yUjCm41ZvWaFSU4i9/vQKJSYkOLIE5HGmWlZXhpjufFGVZiBKfWOrpQKLfASddwy95ifJM8OhBfURZLkKXwf3UeeE62Sat+JM48utMID6dlmTkv1oEILiZY6SHI2hfaCy+6zUWZ1x+CQb0TcWefdnqjPPkCaNRVnEBFr/xKo4p3Y6YhmrJyoSIK00yyTI78Frcqh0qGr5exZBT247bx1wp+udvFAHxBQiV68TpXOnyunJVaT5JNcre+HrYXPnxwA8Rc76dNnuHY551LRPW6NbzAEuAB+25WhUREaEakc4+VFa+quUmPT71Cp2OC9pT3gteaNBq+nzNVAcRNI7cCZE2O1Ll2BXqJiset4CB0aH++pSdS6SL16/yHRS5HJRM/RJHZ0GyJNwOazLQtnkwisAXh468OjrNVr1LfpTVDxQysR+cUSJnudzKvB+y6wgkTSrDBORRkpYx3BM4Je4OtkJBkYA36QZ
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5c0e7805-cf04-46a7-bcad-c755950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:28:21.000Z",
"modified": "2018-12-10T14:28:21.000Z",
"first_observed": "2018-12-10T14:28:21Z",
"last_observed": "2018-12-10T14:28:21Z",
"number_observed": 1,
"object_refs": [
"file--5c0e7805-cf04-46a7-bcad-c755950d210f",
"artifact--5c0e7805-cf04-46a7-bcad-c755950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5c0e7805-cf04-46a7-bcad-c755950d210f",
"name": "ssf1.png",
"content_ref": "artifact--5c0e7805-cf04-46a7-bcad-c755950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5c0e7805-cf04-46a7-bcad-c755950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAA84AAARMCAYAAABIysoFAAAAAXNSR0IArs4c6QAAAAlwSFlzAAAXEgAAFxIBZ5/SUgAAQABJREFUeAHsvfeTHdeV53meK++9gyl4gDAkQILegxRFtbyXRt3TPT0TE7O7sbEbsf/DRuxvu7HTOzvRvaM2UrfMtEipKTUleopGBEES3hWAKqC891XP7ud7biVRBAESlCiRkl4C9d7LzJvXnHv8OfdmLFMoFOJmNrKcs2fPztqhCws2MjVtXLZsLGX5WNJS+bTFLG8FU8nrOaJyBQrrz/x5/8FHIbbyy1uOrl77O0Zf1L7FCl5bIRbzvuhqnDq4zKGzguXjlFs5wpWoMaNs3uvxcpak1OV70TPv/laZqFxUd6hZZd8ei59E49ZJ8fhDhkDAgCQUkbeActBHPAe9xCwBmuRjCcuCDonCMvdL/HoBRA04mAM0whV/mnsBjxLCc/6KRxECRQgUIVCEQBECRQgUIVCEQBECRQh8dBCQRt7cUG+3rY3ZXZsbrLk0YbEcFvLJ4Rl77Fe9dnZi2XKWslg8GRR/lH+ZjEHZl2l6fUchdtmYvfwURq8MBIwFrwcDI56XIXs9h0rpT09G9cj81VX902XqwjAJRjTXvRGVVbnwF9ryG3riug497634Y5HhrEdD3WEElKHBRP6D1X1dHSgW+lhCIOAyRrIbusJp4QMGseOBWQ6Hk2NDLOuGtHBIuI+ZzU996glhURz6Eo1hbOtKQNKP5ZiLnSpCoAiBIgSKEChCoAiBIgSKEChC4I8FAlLLSzLTtqGpwv5k/zqLDS5mCv/t5yfsrXGM3ZIKK80vovvniTYnUf4TGAY5V/mD4v+bafWRsREBW8aCTIf3O9zYlgGropFlvOohj0Zz03uXT3iZuBs0mCJ+UWZKMFyi1mTCXE/bq5p5109FF1cfoc3VV4q//1AhoOixcCmJs0TRZccFGcRy4HADN0rAOa7hnqKczOIENJVaAYmizsKfGBkdeYzrvOXiMe6/E6dWChe/ihAoQqAIgSIEihAoQqAIgSIEihAoQuC3CIEYeriyrvUXj2M/6rfCXel529ZSYslnz87ZGSLNsZJGy5P2nHfFXimnijYHJR51HkuAh7j2/odM1BCZVUPBOAhPyaCIU5dMWB3ekZU2QolrfCqSxyGbYrVZEQtWMXcut5dXk2rBDRCVjtrS90o94ZIKvu8RGeUqKMNn9REi8cEkVzOCWfH4Y4GAnDEBn/Wtv5icNiIu/sUKgX50XU6ogoXlDsKngLeiNfCTAnkZ4eR3X4lfPFo8ihAoQqAIgSIEihAoQqAIgSIEihAoQuB3AIE8gSwdkQGt367Zl5Ta+bE5Sx48P4/iXmKlhUXLoewHY1ep1ijz0utJu5ZyHxm7qiA63GRE+Q+R49DQZaNVj+kpt2Td4JXh7AdROR3BuPWf7/kh81c1hedDfXogqi6vPvpBXyzrv4jheft6MqaonzwHK0+orqsZKTJk/J9XfEUfAUaIMKs31Po2TPixMh6/Ufz4o4JAHtySMZxwPFfkOdCOO5uAhBxFiUwpKIJhXMgSVQZ3EqR4ezkwEnSKcS/L8ggZ1Fejsz8qgBYHW4RAEQJFCBQhUIRAEQJFCBQhUITA7xgCMpavepB9ncDYzScqLDk2PYNhibIvC3vlAY+KybjEkJYhUGAjLSn47zxkkAY1X2uLsUsvHyosI0BfSvVW/dxVeUW1fQ00F5QSfj2Hng0WBs/zSNz7KUM6pGLL3MjLMKYdpcR6n1fapRU3cv1b1fifIoOrO8ypyrnxQ72MJ08KrvqtQ2PT3bBxk57TmY4V84iIorp0vePxR6/yEaUFRLd0Xjw+PhCIvE8Br4kUgyNpnyO5YUi1xjBOx8t93XNZgrnLZywFHq6vK9imtiarr0zZfKZgfSOTdpZ9Beat1OIJ6AFidPqiroBXH58x/657EsF4dbvRNdGDfhePP0wIRPO7er6VJhUd8gJ/mPMftbP6W21dyXej+1E/dL7aIx1dj56NUrtWXy/+/ughcOU8RvOs61fe++h7W+xBEQJFCHzcIbCah1zZ1/e6d2XZ4vnHBwLRvF3ZI8+4zud8CXMSE9ENWY/HKj17xRAIJnFIK9VaZ52/a8dft+uoAQM2Mma1P1ZMys6KgpuQUU0PQrX+wAdWfjQQ/4chbwkiyTK4V+x8qVWqVUauzA62YuJM7fun343GFMaocmzItBKZpsDlw9tRZJASrDdVO2qKEy8j81/w8gb9SqTI05gP8HJVv86vSHhn0mlLpVgLWzQSfh0w/tafUYw5mc/axrqU1VVVOD7IaaLdsbPxUughZgPj07a0uGS37ei2W7trrSzJ7vT0TLh187o6OzEyZ88e7bOhBZZFJEqokU35HCcDjfzWB/ExaiDCe6dz4KPz1YeuF48/bAhozlfjgUa7+jy6/5tCYXWdwqvV5/p9teNq+BeVjb6jMjr/sA38q/WpeO36IKC5iJwvq+dIT2uuomvR9/XVWixVhEARAn/sEIh4v+AQ8RLxkYjf/LHD5w9u/AqoenAV/T9HmnakliqOqsiX1meGzbPea+h6ikibKxsSQDk3NmVA61IOyzykpwblRIjlCOWPKZ1anZCRe3VlZXXL6ldMGyfROUWcZZjHeAeQx7FztCMDV32nvgJpsPG4jOsCSbIy/EFkT6cN/dX4VHYlxLeqGZnTlKGferZA/9141mC4LgGsqDY3vYzG4s4C7xB9WGl/VYUf+KdglGc8y8uLlkxSP+m7aq54fPQQWK1Y5XJ5a68us6/cvo55zzBHzJvjiaOGjS8s20/6e2331m67Y2uTVWbmLZ0r2DKZCXIkxXhmayvpHsl19virF2wmr4wFx0ph4B/dERkakcARrCNBtBoYulY8/jAhIBzQcbU5Fl5EOHI1vPggEInqUZ2rafr96o365bJhhSlHv3Uvuv9B+lIs+9uHQMRTVrf0Xri2ulzxdxECRQgUIXAtCIiPRLJJZSIZEMmV6Du6fq16itd/HyCAfYiNmw/hLxnOvIuWFFPtnq3D05yJ3ipqpiN69yxo4eerP4QQQh6yTVXSjcp8Nm2ZuWmbn5+3XGaZayvGKxHU0vJK/qqtrLKa9FQpQ6tre6/flKV7MQximccyhrPLC7YwP2npuRnL0aaQVP1JlpRYqrzKUpV1/q20cI+C6z7PcsanzJN3j0dXZTAnPNocxpNbmrcl2lhcmOdelpR2rvNoqrTMSmhHY0mVloctz1TBb3B4JF39W1HM+EFt7+7nb9BE8dFfEwJXMr8y3uWWKInZ//X9F22BhcuaM61b1oxlcOB0NZTbjRubfddtTWGSaHKWuxkcVS+92WNz01P20IE7bTPb278xyE72RKRB8DDlv2Yff18fi2ArGEZ0/DYN/L4OqtjvDwSBCAeu9tCHaehE7azGr8BlkWWeXkRSk4xqdSTiw/q56jx6NqpLt+RUjTh1hMO6Xjw+WghEc6G5iuYtcppE57q3+v5H2+Ni60UIFCHw+wCBiP9H3xGv+TDl1e8DHP44+ijpjl6ArFDQNZnKp33cblQqasxZHjU/2iE67Bwto1rKREhZ9gf4EKIo6uoGH98zM3O2MDVua1MztnNNi7U3tlhVKmHZbMYm55fszOCkXZyYstnFRqusb7dUkojzirIS1Xm1bxm6jpyUjRcyNjcxYrnZUWutTtimDfXWWldp5dSVzmRseGbRzg6O29DwlC1XN1tFXStdTzFWPSsjXqZoMJ2v1paizNKStH51nL6Wzg/Z+tqkrd3WbI01GMvcXiaVenByzk4PjdnoyJSlalqtorYJ6Fy3J+BqTbviJQUtIsSrFvqdXhSyuMr4O231495YhuhxNpO2RDZr+bJ6Wy6UWpIlBPms3uvMBmCsbV7b0WwNKczlhUWbA+8qKip9Xg+d6LODpwfsodt3GeskbNPaFntz6Bz4SXaBPEkYzx/2IXwKNsDHcy5D/0LflE2Sg/YEiwQeOWHgh34481Ot14aH98kbpoyciKs7wiWvYpVh9aH38aOsUINbOfTrHVDyk3dciYr+xt+R4iHYyz+
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ac324cbb-6dc2-4b8d-9368-b109344e1ad0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:45.000Z",
"modified": "2018-12-10T14:15:45.000Z",
"pattern": "[file:hashes.MD5 = '033414047da131ed4c23cf6ad8bf1d93' AND file:hashes.SHA1 = '7727d9bb9d9572f1c20c7f51b39507cd4107c87c' AND file:hashes.SHA256 = 'a7ba2c9def86e54086f0624a73597865a90cb93aa72dec7fdf264f655cf1bb56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--44cea817-b8a6-40c1-b5ee-209438d848a7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:48.000Z",
"modified": "2018-12-10T14:15:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-12-09T08:52:54",
"category": "Other",
"uuid": "95cca45c-7dcc-4422-b581-c233cad3b40e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a7ba2c9def86e54086f0624a73597865a90cb93aa72dec7fdf264f655cf1bb56/analysis/1544345574/",
"category": "External analysis",
"uuid": "f76af61c-4563-46d2-b59c-c73da713bc85"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/60",
"category": "Other",
"uuid": "54c7b44a-d5a6-43f4-a30c-03d7138c1c93"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e5365732-2c9c-4a8c-9ab8-d0d6c467d8bb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:49.000Z",
"modified": "2018-12-10T14:15:49.000Z",
"pattern": "[file:hashes.MD5 = '3071f670ad7ec4a5985498517a5bf48c' AND file:hashes.SHA1 = '080e71f56a9fc783181cdaf1fa88666c352ba314' AND file:hashes.SHA256 = '29b42b0ecd874bcad5a5d9d03ed8f8dee320892305312b4898a0b64f9fbde93a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0e92217d-bcf9-416f-9214-141808c91626",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:51.000Z",
"modified": "2018-12-10T14:15:51.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-12-10T00:00:04",
"category": "Other",
"uuid": "1609de83-aada-45f9-9152-e68b6083aff6"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/29b42b0ecd874bcad5a5d9d03ed8f8dee320892305312b4898a0b64f9fbde93a/analysis/1544400004/",
"category": "External analysis",
"uuid": "47a39420-c93c-459d-b6e5-fbdd262f3a84"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/68",
"category": "Other",
"uuid": "fda59bf9-60eb-407a-a582-2ad8bbf02ec6"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0cb9aed0-98f1-4f61-8a98-19bd540d7a63",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:52.000Z",
"modified": "2018-12-10T14:15:52.000Z",
"pattern": "[file:hashes.MD5 = 'db947d361f3e06b039a705a2728606fa' AND file:hashes.SHA1 = 'f3cdae48d7e9f53667a1a7c5332c151f63cf61d0' AND file:hashes.SHA256 = 'ef07905923461ce13a3ca18ef6eb1833a8c8d327d47e9cc8641a2ca3d5ce97f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:15:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8bf655d4-bf40-4db6-a318-eed93034e5e9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:15:54.000Z",
"modified": "2018-12-10T14:15:54.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-12-10T08:36:54",
"category": "Other",
"uuid": "384519c8-0906-4397-abea-52941d3ea601"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ef07905923461ce13a3ca18ef6eb1833a8c8d327d47e9cc8641a2ca3d5ce97f3/analysis/1544431014/",
"category": "External analysis",
"uuid": "4962260e-cb24-45c2-b0e2-07d52e3efe26"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "56/70",
"category": "Other",
"uuid": "fccf93ff-6017-46c7-be81-c81d48edcafd"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c0e75ee-eae4-4d42-a452-c755950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:19:26.000Z",
"modified": "2018-12-10T14:19:26.000Z",
"pattern": "[file:hashes.MD5 = 'db947d361f3e06b039a705a2728606fa' AND file:hashes.SHA1 = 'f3cdae48d7e9f53667a1a7c5332c151f63cf61d0' AND file:hashes.SHA256 = 'ef07905923461ce13a3ca18ef6eb1833a8c8d327d47e9cc8641a2ca3d5ce97f3' AND file:name = 'ef07905923461ce13a3ca18ef6eb1833a8c8d327d47e9cc8641a2ca3d5ce97f3' AND file:size = '142336' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAG1yik1NaNUJSA8BAAAsAgAgABwAZGI5NDdkMzYxZjNlMDZiMDM5YTcwNWEyNzI4NjA2ZmFVVAkAA+51DlzudQ5cdXgLAAEEIQAAAAQhAAAAaplbmn1PBSCGhCyhXo3/fDGShYtPeq55iI0ButPbWxRKWR+c57e/Jzdp4qRdZj0qfWK8RKKAiOBuEwdHikxrr9qE6FHFq90vJtG75MGW8MvP3ZDGYlh89tP7pqG9bT4ypm2XBOSduZ0dvea/wWcQPSMZMMJYc9jbzlkbbZSsUchsoRfJt70Ou3ZmSA5fJf2h2Zwa7cGZysZ8vtj1yrdL6keS/5x5fJD+wL3shWHrOWV/MVR2HLLQAZm1GxTNYn0ciatYaTx2Mhb2wJi5XXStfHJxdBl3LpB2Re8OBIKsct7Z+4le0hQeU5G3sd0QKWrmKvPN6xuCWXXDPTLWT4c6s2C3Z3jyeFup7oQjy6Z7jihG/8Xxcuq73twLaS21jnkS+Ns4feyV+pznpmNiZt10Zzbo2/2H1ZbN6cbozBJW7JgrCkAoTcf5qHcpQsPk0zqBtRdVwofxUE47chPpdQ/5GIn2SjIpNPsIOC0WA9cydkvuFJ4uJYwVhC8c83hL6FnFNl++ovcsbEshR8pO54h+inBOPU9jE/ghuqTaKc3vbDDrHy49YeyZ61XWYQFdMvrKdw9ImDzDKfJ+LuFk4DAPWtPmbltG4kCN5j8uv4AdiN1St/zcllvdR61lHxQHf28NmHQZVSRp1Blig6LTeBM16Xj++tL4lBYusK00LnQBGZBzMVHaTRHpyDJ6DEDSxMTi7m2pj8lJ/KvhAlmO81NBM8ru8qPAxY0Db+c9t8TXpvzVsPrpTBP/zhU8FtX0yJ/UqFj4zoS9S3+FJ2BkUDDPHCnFZ928wWDDe8L5J88O35af+k3muT9Ku+tW0v0vzKBQqzCD06bBiYopvn2GaJuu2GKA3R+DU7dKvGU/Hb/JRidRGTMwDUE8cawJK2LmM+i7NE+X3d3eYE1DfgZr0PlTYnQ1wOJSqhqPn8TCv3G+yAlsvrgAtqfr4pYbPPS9Euz92yv0p3MO/G+7FqoM+VNJSdX0ghUCfFpbUMXWXYscMYzWFA2ez06X5pPRv3HLonNDw3vSGGoN/v0hd/cBPMTARJGWMLuvmIaJuD7k7uAYuTqBJ5gg4eaALdHI6vl1hCUrQjwDpN/BinT+wfWv64bFf1lWc0Y0CzO4DFy+mKjJiLdXrr8S9UjhrN/1vNTYGyMc7k90Lyd5XRWAISXSwIXWWF54tJYke6lKUkBS/2B2EBB0Mx1HjeZioXNOFyXAh7a32pZod72hLF56aHHHTWRR7wJeWW8tepu02LJyGQ61HNBY0RCFcag2/D5GyLrmEOHqEzR1juZwu9AYedwC9yG735lryV90fIQvLrJ+f2o710iibVMyMBFuIXUPycaVngYYFwt31O0ANZ9J2MriVpqE/ZNEqPSij1AhiyqzY2S0dce5NO2UTjmaqw+417+Hq0kOWtHaR3UPKgxO8w6kSG/1cnqz/YISQdpeGJYJfo7xS5koGA3gsrAEUX762z/vTFFB2mt3JqnZSj0YrqLvPJpxTgC0g9R4xzdDO/Td4MKzpSjlelnoZKadOzL4ACr7ojCVjOzeE9/kd96AIFXx0S6PEyraExi/eHfYYGJ2oQo25FQ10c5CtEFI12Jglp4H+s2796Hr71+OwzKF8NfPKheizIsyx8UEj/ybJvAzyPvmH5EWx+jJhDssbhsqeQxZ3zWOX7InfqeQwZMYr9Y11Cg92abS2CZveP639cmqjr/CHWaTc1ZW0XNgyLktix6o3b8aI/xKTSxLAG7pXmVJNoIarfFdUBKJUcuxuwn/bNkA9p6//igTQa2+Yg57CtNZfQcQWstkCOT4J6DCPYhjgHjXBB5Ru4BxWAWxEUwVVwTOO7CyoYuAD3lTbPxtuZf0MaVFWnX2hjDO2eHCpWjh28JE4q9Y2xZXYXi6GZhBJOGY0DckCiceWzsPYUDI5jQ/CUih17Skk/eAlx7JGrnDP5E19TJN16iXWdZYuOoVBUvGY8vIfzVxNe3hQVuuiGqp2Tybe1janAEoHtwDfg7BdOUx522Pu0GH8yJag8BpgQFSJWBunEgG3QieVZrOKHts0zolVvDmH+mIBQcjfFyqUESP24hnRTqISXIbGSrwPNqNdylNMGx46lFJ9muQEFvBrwbYO5pP+znTsQNAmy0q6A0Wh40Ku+iP5N3G01fpE71lMg0lX9yOWJCxwijoiLbk/ev87GRiH70fMENw9Hp8zWAPkvvDmTIRajApLSaqfMNZmuTkYnuiwYX896sXF4AoJZhUOw3BEeRDiMGKQO+0g2VFlKnn1JXN3KYrKypKwQ8w/0yjSoAp+gnVOHwUQtB7wS+Iq0aF9AOWOh6/AzyGz9a8KCay0NIRJRelTdNGAHBXN6Ysk3lIutwBK3CYejGojFQ3dmwkdEk2hVA641iMA7OKIe1DOkqFb1UJmPMLO70n1affR60IcLIAa0vyhuGo3UVhVMjlcP0q/EemtRCYhLsQBbmchhoPQJLlu26KP01DZrXGBGUnkeOlGivN8NAUr/fCWXE954MmSr/3KGA9HzbY1/UqFea43NLU1x7rs641moIIJ+wvrJ7m8sWpSqNa5esyTVdLYCWWpFfpMuX4afnfbeuTyeupTDz2ObVjf1W82hWkRjxxhgTW0S0UxyLZKTbpGS2I9lwCH8lS52NbzttGAD9/9PDhUkS+peSamMzz/YaOXVTYQVO2D6PF2QZXZMkscQOw1pRUkjL/gsXe1/7pwH5l5bVErbeGGxnG+C0oGurbHjzW8xXE7cUkrLUX0eQxv2P47U6hrwEqPtaVePhBqClQXHRNBmcLzqOlq9+RJVrRkb5hYYSko6dRsdrzf/abFdZO/mJHLKEWUJq2RJNVsRUzMv7jkOsKIvX6sX88bXabsFvKegdEn20EcSuCTa5hYAMMq6EEHZm+8sg34gvr/6ubFa8f+Rnh0poTIEDFs4CKuyOcoL2WsECBLKvRT5BHhUoXX5S7+lBOyiKrZhsXpLxKE4q9O1WFVwbWRlnUvl6CdAwCSDR5HGG9rKUWI+ndAsi/Pzbj7b7nIHhixhT/5jApJjiGadP6u5cgRoXoS1dGAjxHACW8WqNknGBlwT31CRWazZWpLWcR0Xb2anJbIMiwAUe3D/SN+O2wllq2Ol0t9zK2KnyMW9nP+Jvw6RVSOwqMWhSW+weXWs/uejrxMN/OOsTOMceZBKWhnY3GtIXOFk6LF2X4/3o5OssrJGXOy8uOmU1fnp9iLP1quZW5HauWI5KdnouTPq61YHyXFbZ6vutsGFnOSNLbmmojgnoooC6VIMRKSjze24l1Qv3f9y0MTWTILrcqhIrCr6h3mXC0T89LJz+NeDcj96FLR17wt2qmE+/8lSRWzswcfdhQLq5sNNTPSTQdDuT6v4pb0UveZvw31Nfs9Px8ElmDx3ZZlH7ixapQxyANos9QQ2LLndN+rVQGCCDDdTF4vhLDHCyC5XaxUqg5LwQgP3hqB/oBUW91/nMAzn1/75DtOI/J93ZPtFfeqwhzvKg0qsmmxlgN1+hlUagleqbQRJ17eTHQkzoSRvAgjPVSv+tdyK8LuOYjoqTym8H6ccpnrmiFRmumj5qm4YKaKMl7uWPG6DeOvM5L40t1KU
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:19:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c0e75f2-64b0-42f8-8a58-c755950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:19:30.000Z",
"modified": "2018-12-10T14:19:30.000Z",
"pattern": "[file:hashes.MD5 = '3071f670ad7ec4a5985498517a5bf48c' AND file:hashes.SHA1 = '080e71f56a9fc783181cdaf1fa88666c352ba314' AND file:hashes.SHA256 = '29b42b0ecd874bcad5a5d9d03ed8f8dee320892305312b4898a0b64f9fbde93a' AND file:name = '29b42b0ecd874bcad5a5d9d03ed8f8dee320892305312b4898a0b64f9fbde93a' AND file:size = '642936' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAG9yik3yw+rxgBkEAHjPCQAgABwAMzA3MWY2NzBhZDdlYzRhNTk4NTQ5ODUxN2E1YmY0OGNVVAkAA/J1DlzydQ5cdXgLAAEEIQAAAAQhAAAAr8OxX+5yZ98UvuNdL7oWYe/keMhKAru65G/L27CmRZAUEXoM02H4wpZX5X2+LDyAlL3T5CyQxjGtrYMJrm9u/YsIxdgJ227vZCMpMFKv/oM4tM/Y6X3ynJJpYaV91Lscpmh/xmWzim0Y0eAIyEL34oWZEhSkc6g2tpsBp8NaTMe3NWjVLV+gbvTGcTize20ZEeKAh1IdkwOBhWzxHoHOZH95DA53Ur9Qm63n+b32GAaHJFDs3kvuYGnC/ARKe4gICl8/sP5dlBFrA3DOMT4TZ8tuMqBqJLkq8xgOay4ZE5/ECT0JASDHaWAQl1HhGh11JI68s9fGU2WgzS6Y3Z+3rZb1HwRsuzBYRDIr92ZhTY6hm5MHtgLcSSyvYAFo2mzGlS/iglgnrgV8SSPQMtHUxqJ0DWgNJvFDCkTAf1LBqkNEAhBJW5phCqGzztsb47dpQ0CmItwC1A6GjdW1R20NJ20xJ+mSPoizXBAVgTfP7TepYeTXXBfjKsYO+iMyuMkB9tIj8l8KMZ7oX8YYjecD4ByLv+woV3XkbBwslWDxcP4VVqN/HMAsibJZDjb8chdtg/7B7fNzJ+GeKgtjjkPxzM1RrGz/F/5x1GiI/Wf2YqPT7iSfFzgsrOvuUilfOb1uSX6IJpH5Yf75aNaDePcnKoo/GuVZ3XmYmLoE/c25UprcRXcczDbFuTiuwtDshm5n/fW9edmHaNoykNQjf1tMBv85u84cQF+H+bhxa3IdFMN5UOh29d87pjfCbJHT+hD/YclS1+c77sH15zbDNoiI9ewoLJd9oHlge7NE+3aBMqxx7i5q1GN8oUcu1x3TlDUOtYAE6XMUGO3c4eS7WaFXSkN6QBUxzDKTvu+YL2AHb1y6yOqWazZDt3mj9drHL+OanrVuRiHD63y9lqsE1tq+27v8EoP/iGkt7rFuAYLcRj4iANqFw3bhUMzkrDx8FLLkgFCRuvNaLuw5QkNh3atMlso6/zbiFRQ9uaC23VEVbNCioX3efgcK6AafijwsSBw6LlIGPQK0rBQ4+WZrtDI54zFROVw8e9D5P6fJaGXtBxtBw58gvu+yihXGP8cNwCXKdzyZCvfuaQscBwGlgjlBida5qvyRHCoUr2fiZKbpOr67kIP6N+Wo58+oyfgWY3qJLP2WhmAiEhkQNSEtwtAYbK9ohn3xd6EMJXqeeSEHUSiD/ys4BroH873XxNK1S0ATUJIeFdtbvCZJynQXMyhwDkqH3MnYsacC7SXpe7/KgzJMDkIKbzTcAOehopqIcf4mTcKubldL486PRkAikt4X7pTyFLE5Fb7chgRB3lkhGHshjn+4GV0Y4gKX7iCSkpaC1nkDzS32+H+Z9GVwn71eqedQN7OYDtqS/BByt0K9Hrw20Cl9k9nsxj9HGZ9qFOURs/EXqU8YV1mUPQ5rD+TPQhK/5hXJyOhzQuceSkr2JUo05zvLjtYdUFFXRIFSskocgQJm3QNG+/67tx/DAbXKBnOrMN9TOAlFWXWQ/Ck4VZzkzbBb93iYcS2ok6PdA3WweDp2UsSlLvbXOZimNNQH6bmRVjz+Kf8uLdK1PcNUJ0g5FPd96CGVpYlBtTQ6XhallcU/nw6CR57nBj2nITpEKDBhNwEsfT9BSJQd4jXrEQm/NJQa6QSPWCIrfmn+ZixbvQRFkBK/JIlN6YDf8ArB9/CkaIuziq4swXm2u1K39gp8Cx1TM76K5PqvxA8GwPg5airIgpN9eCAjz3mxgmSEvomNJMK0y1tk/Ky2bq01TFycttmcyptjwXFQY0jfLv4naaCVP4fS2PGFoYoj+bqWm8wu+uRsuxls4Y7xjOfM2SqsEx0HrAkdmUAn7KvH/qqpVp5om+8/RjkH8bm1yVR87H+75Qd0yxPe1Mxa7MjorZ3EBsAm0baD3i1hNR+8KpXPfh3D07kvuN54bBrFm7Q2YfXBsECpE5rYmOqzEE5C4nYoZAGOyXClzW3jqX4Xtac23uYRuTQicoZcHQWLcN/uZyRuJIxgkzTbigpnSv9eB/UcWEhGV1ULNqEbe1izKDeraD5UnFdRvuVrMb8IshDRDNT5YkfftX0ffSSh6whsWP6HOApiwruWLta+J5Vf6eSekXj90p2WNlfTs6302jZ0sOWz8eOaFPD5+isA0ozRE6vOLlSv31Qin6HpoP+MuF00beyHZy1PnPZ9E01ItkhzqMzvy99Gun/z7iHXTP8iaPQ41CS5PHsUDqGsRlBCsi1fZgV8XoD28lvqC3goQHn83G5DvEJaIRXcLG0QG3AOuP2A0gV7WEaizLrc7Hak8AthTbJoCSE1EhRj0Y7t7vXQbf4cyuNIKoRQLaGxJSWOYdXYeZFK4xlzrtcgflI6IlhGyFLKWw24qK5xkCSI9rrmLpf0jF1nNMp441ywyUAPFRECSyzxVsLcU54pH2Tawat8duviMefc9j0huHuH3CmCQjfkeOd15EarlWf/ITz8KFYgQeswQujwx+9V5H9zB3Hh2uDD8w+joQmxhZpLBXIQoHugDP3ujuewSyMr3cIv7t2al5g2Pnb/eWePZrw4N3ypnteL8szlPpgfLm/Q6X2A/TNsLQX1bsF0dJNDp+1s2akfLla5sG5ojG7S+UdPvHlo6aamgQzazWze5QnOmKvZ6wCn2CYwvYHj5GOm5tTOXHWIh/Dm1sQW/QrVPRGJ0nw8mcd2tfgEDi4VN6ZCdeaPbWecQkrc1bO40I9kHUMbIptjTMjR7YAbo2lm7iJPFuF3kr2AqBIXIXYfZVmIZUKHB4MqJ/7yi701IhDcS7hnrSbagN2RwWLTZnM5OAfH9QwM2UsMXuyCJsU/tW3ZcTPFS8ry/WvOn/+9Ln8UdSLW+RzjfRap0dnsyIsR0uwlwbFdkEXCfjYUCMgEUjrpNRVnt/nzUoQPPy/zkhD53w2fwKOrbbvENU3eW7dT0z73ER7RqyzTPYkT/hj/WkMBhr7HB6QikXBkaBXb2wrR6FUqS4nuHVZ8zeHm1hS1+tsIdXwsu1xwKxWzurYdDzuAI5FqutcOzl/SJWzPvT7BK5e5rx4LigBwbUsAIKc92F6gbOECcQfgMYkw5fI1U8643CCzWxhHew/ACbF9pYUzQFkwIuUPlijeK2aZyWSl6emyu644BAKEALZm9MKr4MBZcaXRMR+DaDdMJ/3V5CsW5FSqYpqPrwonoriKOA2h66HjdgNVSvLhU/RX1+vpsuMxmieCEQzTVG2jJ3oiCDfMRxx1w8fjyM1r05Rt60Rq1t4FqaqXd2Io21k5p9FDl2ylqwYmOtjqZY8qtMHXOpto6iF9IbPesL25n1O5MpRfaee5Ck2UlupEs+nWgkdpS3HGdkv/ZRxRhd3/vS2TAOM9jVv5UohuzhYu/gSoq2fxsAZc7GhyGQUp1znzyp09yTFWg5R27XrKby6zN4fKsLSHZawNaA9luf4r0Cw13UwXmV9H39pLcLCJAa382jwjHTUCQZ/aa2MQ5YCqvki0TQe+IYP4RNkLIJRrE2jU3ZQAMFp4J5TbzZppMsZRolN47GoYzzPbPxkLuD7wrVBjaRco8oq8/PlG94igANqRA6SbJVYqCtHSCmhEz6Oc54
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:19:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c0e75f5-d95c-4f46-9faa-c755950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-10T14:19:33.000Z",
"modified": "2018-12-10T14:19:33.000Z",
"pattern": "[file:hashes.MD5 = '033414047da131ed4c23cf6ad8bf1d93' AND file:hashes.SHA1 = '7727d9bb9d9572f1c20c7f51b39507cd4107c87c' AND file:hashes.SHA256 = 'a7ba2c9def86e54086f0624a73597865a90cb93aa72dec7fdf264f655cf1bb56' AND file:name = 'a7ba2c9def86e54086f0624a73597865a90cb93aa72dec7fdf264f655cf1bb56' AND file:size = '269715' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAHFyik1QdxGZJB0EAJMdBAAgABwAMDMzNDE0MDQ3ZGExMzFlZDRjMjNjZjZhZDhiZjFkOTNVVAkAA/V1Dlz1dQ5cdXgLAAEEIQAAAAQhAAAAehm7GqNxSGrOfgO0SZUvheh9tkgfG0vFWW4/lHBs17pnW7JkDLoLghBw1+ZZsbyWizSUCBgh+wbGyhYIkCisbwFjjM7+FdWu77E6o3YFPu3uRVjLbw6mJTML4M97zXERMZJ0SHPK4FjrsEaNXxgpNGU0xhesBpk3ykgU7CVKHdaspzUu6dReL5TKGqsDLXJg54sWnYm9x+n06zRhKQEtj6t+aUJuo8h4W4pGFZtNbWygnuuQiz8982D2PLiGQ7NMqs1bPc0tAbVvEbE9fKBNttmw0og6OHvkjt2wO+TDm+kVV6fPI87DHbwaRet3QdP2PntzqiN6CaxCDbFkrgAIrVpFZjK6Yx1gnb9YXwa7g/S9kHX7h8BL91cSeFsT8OhtSgZuK1ARvh/FAbgtvfR7fYmyGNV1P7zuD5nK0GPleJjowSBsHua7ozbgkEZmmS7vufuXgsFdkTNZXpCqvTsgCHvwPuDtnBNX8SFxY/2U98mbhFNoNBw0w6k9jg2QikIvuvsHGi2qHieeDnvmtfMA46xfmQqpPnHt5PpsMMq+C6vEKGWLhbBVDbSBuAloXot1G1utEle2O0PSXjMSRILSi2m8jeYWM/5cNazPMsesqxmrCLHsCvzb+U+OMZo4co/G/4iXrFby0/j/fzZxz4EKLTfDkxhWt1lfmJyre6jjuxrzotwlQp9ydUwQ1IDRR3j2wePfLwSAckZn0h0Ka4oR/plu1HWNB5DELvfHUI8hOLvgguEOx2/O+7EVEFv84O4iUa2XKPbwXuoWs3w9j4IXhKpRjETNizlmCYMJjgBBhSgicBGzMw0F9YgCIJCG9gRRsXntNXTJsPazfal5kPcxRyQnKELRJwg+/38z26DULK+hw/+pjqyD14L8Lo3S6F5MhbrpivzB2vYfopWcGg1c/BDNel8CgkPAHiYL1olQdu9X42r1dtHYsj6hy7LB5+ETwswIpvShZ3mNhB3AuKlogHJZnL7zuRdAkppSoQqrT56xROX/vHwO1jgtGG74KPmLBmcHiiNGcWQGYf//6MNzuedOIuxC5ayyxlevJYgGKceP8096u/OgQFfryZzKJ3N/MqKrRg39gqwz8GAH5R6oa1aqgBYDROrw2BUxcPc1qkEAjIinKu+Y0T2p9qvy51mTpCLD79urouJj3vTCJUzgZN9CT+ISFDK2o1yec/5SVqbh9ntztCohCmwMBw+IrIs7HOeJLXeBYiJkUWX9xFR4por5mSv7eVv7SaoQCk1B68LQdtLa55h9JYuJkQdKA0KDWL2xwX3aPdJtKJRLhdLUcG3PxkMaW0rgIaWjVsF/J1kILL1Y9QMDtgQbBSCDrHGWl1YCreB5Wor0A239VEuBithbCRCx+XUpGcU2Xa59DT/zwlE3KyjvSkFKIVzQLhwUfWBEyrc8mLeOMSduAGH76DFmaKvijdKwIxSgatA4GblU1mNG3VxGurkvL2RZbLUTlauCG4l4gZedWBeEXYjNVQmXMWtK27zvkKLvkmYV7xFJJTjxH+T9iYWEUz9wd+KSPTm+AZBZBW4bOujR3b3cRwLqqh/6+pXyu/+irpjoAW2f/i/gGy7lsgA39/msiFB5BLAtmD8w00jmq0r1JZk6oXgMSTPPgpl1brmMSWJ5rjEDBg1hT8XmbLsYiJ85kBK6js8N8FhA3uFPboLwSv9t1xZjDGl26yoZ0c0SQ6ApEMhtZCn0tQZbXh31s+hA98CbxSk81fLJkXxvbTKgh32KuQlfj1hYYYwvEzSzZouWZXePXR3532bgO2Ke22hrGDqwkzT8+/BfWlPQLUz0wGp8mUdDQn1407qOQTJkjhHSJDxP7VDmXdOm1lj8QB8wxcidyT/fSdxrdXbpvldCMmTQgDXG2FxolIeBxOrMnSr1NAyVXrdkG7rHSxZVeL88PptpbYZiau6TeAGbFW/Fno050UAzjUo2DJUZSvJANTQ5wL8MBPTIip3GOQJqbGNnel0uEt/UTLMBQQNnjmhMaXzPYAxjNC1VeFYh+fyjBne0n1ESdXso2+CuI7HyxRsWJ3ZlqrytGY4+9zbrqB3LpEBNBYihSq/jAsfaJhETAERz08T6xgktjRppqhTCvCbvcbpQD8WYmMwFhYbyw1PEFfwQ4QKMOFApdjm+WbhntdVdYk6HmRoyMI42iyU5AkZsRHtDWxf+C4QE66tEfM7TD2nlLLHpijVv57ABeyVx8L2CF2f1gz47A7niBvMtTuvgvMxag+wF+F1/HjpyXk+j3Bc0tixJzgHYkjpMm4DYpI8iU6ukLZw3CtpYfEmL+ayySk7oE8xwmAHy9v0uk7wp1cAvcJSAM0fT6oTdPf9LQRoWQAZgnLT7GxXgYuHWyUE2SLfErq2qIg43VJwxMG6RPtZ4y+OhJFXqoaqSdT7FQ5nnGaL27w5f1aSkOyf6IqWzKOHjEsREqblmpXkI6JfR7OgPnNVR3Tl05YXHflMoEkNrd+wR0QCRK3v4wjpSWA4KcbuOWPr334KYYB22VVItHy+MGgUxQEAtHjHoBQaVpCgfo0pkqvTjvfN2bCZxGTNe+XJDLRDjeFW3x0tiXmb494YtWgQ11nurlbccGhdYc+IeEDegXcSuFfNXxGrbG4pOcu9uE538O2yW6VODOi+t2jPsKT/7KB09JAbWugpgLV6GzXYq3UGXGx94l7xQHEOqVKAMJEHvBrqxfJpP4NFWTaQaT7mUypxPHI6BX9g68QOQfTZ2AX/B2tG1Qo26m9/rTiHd1GfULSG8WHIPjxD/1niN8hM11b/08zXqxwCWatypsTdaEJECQ0MtZ+by4uWkWkjkKWSU72kpQscMnGvII8AV3rkcSwpU51EXzq98fk4uucshM8EfvWPPFQtOuAOpEse5R0/AWXSFjmTPjnJ0lR4RmsolSyS9jBRTQV1/PCW/hezSn6enmNxNiQEmkbsvdYVwezbIkuSQFZkrpR+w8Upu6HpvDBpVc0zQfPTmIFfwhl/TFaTKbMqWMZZvPlei7JV1qnVu8XTIdJV+LdQjeOBdFwp+7c/8xLfOw5MgqRfoj2qpjKooZE7hBlis2KQnT//sgRFVLrFKOuPskd+7BYpIdut6L/98Sh3c3jTB9/6g/IFl/ErUWIJkUvz5wa3toU1LNXoj1v/JP+6+Xs8wiKZDodi5XxEFtXa6paNurUd7aOeegJTirHCzXF64aum+LHTZrZENdyOijelVL+Tepmv5AzGhXmnBpBEfALFXwZRALfLq6BZcSkHmyMcVso0fiYm5dpvzkq/ggBxdYvyH+HMbWBkjleBOZhydr11lW6De4u9rGGGdYwnUWdD8Wi8SbbC67UMzwqF0faW6bslhoDhxB6H/tmcRpeDmEiIDChrO0LwJtwfmbIo26Oxj9kQ4Z04lHu+DLkd/l1VhAGAixmdr36s2noW9FA+W+7eLuer475/2dx9L3CPCxlUJPtBkGiEu7olWmcTf6lQXbJP+cczfL2AT/R06s9NiIOKzLRrp98/Ryg3Omk9PDLAQAbGMAfuk4j/OYMOTclK6I/PBXK8jjsjJdyor21hNJHP/LHWrAWjhAaRgEQ86Fxt2oB7d/kZPB5eGYTn5BV
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-10T14:19:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}