misp-circl-feed/feeds/circl/stix-2.1/5e4f0d23-1c64-49fb-8099-4f000a0a020f.json

259 lines
1.1 MiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5e4f0d23-1c64-49fb-8099-4f000a0a020f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2021-05-24T10:04:28.000Z",
"modified": "2021-05-24T10:04:28.000Z",
"name": "laskowski-tech.com",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5e4f0d23-1c64-49fb-8099-4f000a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2021-05-24T10:04:28.000Z",
"modified": "2021-05-24T10:04:28.000Z",
"name": "Ostap Maldoc Samples",
"published": "2020-07-02T00:55:00Z",
"object_refs": [
"indicator--5e4f0dc5-6ddc-4e69-9052-477f0a0a020f",
"x-misp-attribute--5e4f0e51-3978-4464-91d4-43bb0a0a020f",
"indicator--5e4f1c2d-72dc-4cd5-83c1-4c4a0a0a020f",
"indicator--5e5464ff-03dc-4d5f-8ed5-fca50a0a020f",
"observed-data--5e54765a-c320-47e5-b810-fca60a0a020f",
"url--5e54765a-c320-47e5-b810-fca60a0a020f",
"indicator--5e4f2d4e-0f98-4113-b717-426e0a0a020f",
"indicator--5e4f2d6c-8084-42d5-a119-48c40a0a020f",
"indicator--5e545e5e-0290-4155-bc77-fca70a0a020f",
"indicator--5e545e6c-2b30-443e-b95e-4a6b0a0a020f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"maldoc",
"ostap"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4f0dc5-6ddc-4e69-9052-477f0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-20T22:53:16.000Z",
"modified": "2020-02-20T22:53:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.130.104.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-20T22:53:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e4f0e51-3978-4464-91d4-43bb0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-20T22:55:13.000Z",
"modified": "2020-02-20T22:55:13.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "%APPDATA%\\Microsoft\\fromyesterday.isawyou.jse"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4f1c2d-72dc-4cd5-83c1-4c4a0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-20T23:54:21.000Z",
"modified": "2020-02-20T23:54:21.000Z",
"pattern": "[domain-name:value = 'customer.clientshostname.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-20T23:54:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e5464ff-03dc-4d5f-8ed5-fca50a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-25T00:08:24.000Z",
"modified": "2020-02-25T00:08:24.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.159.82.47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-25T00:08:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e54765a-c320-47e5-b810-fca60a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-25T01:20:26.000Z",
"modified": "2020-02-25T01:20:26.000Z",
"first_observed": "2020-02-25T01:20:26Z",
"last_observed": "2020-02-25T01:20:26Z",
"number_observed": 1,
"object_refs": [
"url--5e54765a-c320-47e5-b810-fca60a0a020f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5e54765a-c320-47e5-b810-fca60a0a020f",
"value": "https://laskowski-tech.com/2020/02/25/ostap-maldocs-with-a-sprinkle-of-jscript/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4f2d4e-0f98-4113-b717-426e0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-21T01:07:26.000Z",
"modified": "2020-02-21T01:07:26.000Z",
"pattern": "[file:hashes.MD5 = '64fa33acd63e9f93eb63ac8719f45fb5' AND file:hashes.SHA1 = '3782d79ae1b825f7b323b53a3b97f4244539b81a' AND file:hashes.SHA256 = '63b58ab3326e09ff9d4e2cd300c788a7f77cfc5ce6902641a94ab44dd351cd3d' AND file:name = 'contt-54_19946.doc' AND file:size = '690688' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAO0IVVDE8FVKCpkFAACKCgAgABwANjRmYTMzYWNkNjNlOWY5M2ViNjNhYzg3MTlmNDVmYjVVVAkAA04tT15OLU9edXgLAAEEIQAAAAQhAAAASXKirFQFgzSZW7h9YVknBOdlI8FpJmzX+A0Qm3qDug8zpmYeT2+eAPhYlMfhE9RRViGCYLupNKXHweqhu4OSRtp6MP/4ZSWh+LNVhP+FPd/wcmhReh8LfO7TNDHmvd7aYCNspPjZUaI0mWmWBY9XeRhDegcHxQofAF4kCoYX7JJs4H5h2DB9RtklBQId4PH9rveEj4OQxx9p3wuQJnw51jpjLM2ub9Hvw3MyrhbVUS3gITjMybsCThqGyznsBpIR/NzhbdTgvN3PZ6KAP7/jB/3/UvXOd4ryZhD89MSkCRCJdxbUCZN6vEKyNbhuUGYxdkn8Lad/j6l72ThgmdHKP3wJq1kT7BRrzYx3pkLZIbv3H2VwMqqQchOKI6PWi/TXksGaXuccUlaEuLoAw7MD4Zo91mSXriqPg/pP4EVvF6XyiS7IQlfbEEqy6LwcDwtOzvzuz8wF60n+qhZv3HnTddpvaHloUV2A+CdSdozGUms5Aym/FRhq0FhypW8kOoi4kM1mhbWRKLOK3aagPD3WTTm10wiOBsW5T6/CcvT2mv5ycqMG8qtxnJep7cNpRR0CP9vWDrp0FLI36Bq9sCmS6qG196H2qUY2hm6BLnTg0LfDcFQyDnyBHJsFe57M4XAZ9GMnHkwk/KoMTz64rqy8/c0aeOKHZ7Y8LVbLbesSR/vYiOt2XEnOMwp9fb9pS6LgsmS7c/QJ38Ky9cA4X/EUcNTF4aDZkDhk7CN3sWAINJjZMEhs0q9x681uGEGYNIi0h61OEboDknKhTVJcSvQA2z44CDPdHHGJwVyPTXijky8JUhbXEG5JiZ70kE6E7GAIImRl2MK/Q9UoTwToCNJxF4UlRCGHzXuhE0bi7UYKvirI0n6FTRbywnZFMVCf2g7tKsawgQFCllEKMa7xoneqr6h9IqwUaAVc5SJpKkXzB0ADnUMhLRio52elymGzAdivxxPZ75idagspbhnB4Sv4qTY7d4hOStoq70XLi6t7sWsImuIwtwkF0MsKHNwprkkwofzJ9Jup8DHIvDh9r4w2Y8ziL/3ctYu+CMG612MWz4aE0jnhxVmAi3obpYqD9ST5HDoq7h5/eJSimK2JjSBwXvX/kztZPz1udwa8rtw2SHbLBBPShPtwez2rADFyRn0a1VVWQT0lxMBpe0yd5309LmShPfjzPerpAFgJKBaaCjnono171RjFPOZiDJPzCzjyIarJ5HKhO8Qeq4y8P3pIzh3w3NexZQn4E2L/6q+KuRskDXpIoJAQcfTh2C5lpdzlw28rlg2FNPvPaclzr7c7x8JrJTjy9kx/U7bJbNgmdkb0QJHzolnoiKzhRf2D2SjjbMdXfJj3UymiFOSeUqVubT4Ss2S2FnE1ry2k6kcM6OgkPoakk3R82sFWwVFy+K+DtfiQCP9LFpO15lo3WIJqreH2xphgxdPkvSq+YOfl/+oFFgsK9oUecJbT+9h2iUyGfI5nqKs+aE7YkDFpUjZEKcBKpK+M9VSIoyJ2W612lW3MGiMk4QJbyQkDDv7IdkyqmR/iHi7aJoUxwUbkBpiApBMWNaXOEumsOmoai6V0ZF2eYE5t+WsrXeYeMk9u3PmmlyrRJ/BmPYy2pyY2HiHfjNY0hAc1KDlaSNcGR7oOeZK0ouuEzXah+Gej5yyKBoLjfwFkGHUOzeQYYOZ2gNOb5sP96LdhC7QCCjb/BAP36Ao6OZgjjZL3t3nmKiAzcjsfa23Z/p1V/+rH2HUBTdayrS+XtGSJ8e7KYtmQYGDs58s6krSDuNaSOC/ldS/65h21gZBtYms4LWJW/JeA0t/TMCpNJibVGq532GAxC0liBGcz6zG6PSgLR0il9ZS7r++da2vIA7ZHVBoDjUfjEPPHfvNptmyHBLDjD+8b5aybfBLZUP7KKUvcvsuL67qrDdiG9YRkSm/5bOMcH+CliXVLZbvit+0b4WXNip0hL4O4+fJ3CLfRSIVpeDQHuro4aodrUgJaD95kV4YY+ZHEz3uU5XtDoUgVTZZEaZ+iFNciIU8UXWhFqrJqLDUbZqnsbk9g4AdXpn5qNxpb4MjuUi5//agiaOjbwTAy52vg98ccyvsMKL4zCfUf5yrWIqtoW/e38ud3CKi/X13rLR+Kr2FAvd0mM9dO/gKo0kAOa5FzaEkJvftRFI/1fFCMwKoGrNOg03qnuk8BwNXyayU5BKoTEZny0fPglZ84H8lozp5mrkdZoTlBzHXN4rxL3A9UID20ozENVHC5e+ct1B3usTFi7oI2sv8N6g7Y/KlxXRjy4G/HUMIeaZ+op1oAaLZp5hamaoFGdyOpOaQ1ejz7oqVk9HwClfDjUtz6RZt3EoHhKGceDvcfI6VUOypFteUkh+NbURHU773nNgsq6Rko6ZWXQLWu30qJIl/OZo17yZDSqsBJ4Z2B8n4UHjRsld+L9CngZ3nr5o+Jwr6uSI0DpX8jhJgjOlOhrl5CBuEH+TmS04UMRQv1fiaBIXERl46GYj64qq351kkpmnbZpq4rSb24KkCUGwEL2wStXM6zKqJLh6KGLfHFaDIEv9hJjJmdN4D/JPyMnX6jLxVyTVSoZomDa7hpm6ZwlF/MrFZCAM39HxU0kM3Rpl5Ftv2gINIX8E/ULpck6LHsBb8dd8q3QbgVDlag+jO7m6GKF+dtCpcmK++T89o/ujLnbyU7jkqb1Odm9/m2XREERB5XNyAOV8RhmmZjOYkolK2Mr2rWn0xG9kKRPYBFSgr84wJDbnrycGzoj4GQ2wGZTskcSvZc3RMl0rjOKnrSQru4W0PFqvGgSDdWUZVrKKMnMewZmN4bFSFkQ8wi3CdYs6Lz5bvylPpy8JFy+2z7lBLVEYgdJVt2gF2ABH7CLXM5SlVIO1kQCNGay1DnUCc+slzi7Oljn+JoHtRep4numeVB3KjMH5aj4FXrSEGLApZkyBhUOGNSC/H3jR8SADE1fx+3GKucvdjh9fdzTzK/POelNWSMo37QwbCL5mpSOftO4OSWxQFmgDY/xZRJC/fxNFPT1F1m8SpbIjrJh5tfA6ieCYCo90F5BHef1MaMBbSckgqv1gcgKwxhCwEkbSnZNzDsNRzw66lbKObE8Vth7jPP7SBYY5WS9j9KE9oohhCktjtEvWkbGOLa3bcYomUbpz2FiLbP2F51EuOJmo+3C2AIZSqQbtUVAkBgD9LXn0uUdVjMkNVhX8wqBiJJ3R82A8CPiD9jG8WdCf9M7/Q8bOYLdtaJ+YkWfum9FdBTIPXHsTJi1G7Sd7iLd2frlBdgsxGtHxcMQ/rS+UPO8oDnxRhhmt+jAvYEFPWO+yqRhrnLkBWKzM7D+MvZM22nXBUqO7xu51cGW7TJn3pJfI+gZ4lyRcqJ9MTmmhvoKgBRPAaZyv+5PMIU5osTZXI+IvEv9PhjUYdawbOLWzYpvfHeF1ohBgIK26hl5yKjJDGxWFEo/fZyBJYAp0GaaNe/B5SRkd+mojdxOdcaGNlupRABFH/mQRckAJzSxk7Ml45DBHEpGxdCyY/falHx0SMR6/bVQxrLH5+huBHYs4Yd3TlD3zvRwze2XXB9Pv4kGgXtr8EbU+As5w64ny5ImGvMh6BI6SKm76vV3h6FUU0dE65L/l5x9SBix7Fbln4zS1g8WYVBayZH
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-21T01:07:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4f2d6c-8084-42d5-a119-48c40a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-21T01:07:56.000Z",
"modified": "2020-02-21T01:07:56.000Z",
"pattern": "[file:hashes.MD5 = '3e02caecff34cd94fdfff7001b657efc' AND file:hashes.SHA1 = '1cc3acba2e482bf0e2dd73ae1121328c4376a0c2' AND file:hashes.SHA256 = 'd1a19f51e945f757d21d83bf780041f3a381e168a5ba10d17dc871a510bb0166' AND file:name = 'fromyesterday.isawyou.jse' AND file:size = '349682' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAPwIVVDny1J/Xb0AAPJVBQAgABwAM2UwMmNhZWNmZjM0Y2Q5NGZkZmZmNzAwMWI2NTdlZmNVVAkAA2wtT15sLU9edXgLAAEEIQAAAAQhAAAA0Poc5CzjusgqB6sgPve+BALzIGYGAFfyI3yuiIuBg3S/wRPYjbavoR+A5bgGY+8ioHQhyFu2j31IAdHXKjjE7oe/3DO1Zr5BaNKYSGmRkyW1Avp6oyY+rtXqZ6pmowVCqCML7wfqBMGcFqH6dNkwprxvIPfBmDBoXaRjjym8yqrCPmu9p2NYWGI5EOd3E/GBWGeqSCnrQDL8qQzNxhQ2LOtVaS6YAlcXpsgz5vlqOEGEGtEsYDA6LjeNFkKLsvlXbhi1bMk8oOM1biXNeSk1HM9cLJ3G8tR0SgM+arwxjZElKsBjHC/IxgzRJ8WZ14G04dtfCIBwUiUq3QxSMK8FmI4qOSITS/Mr1veI3LExPA6ckYeOATT6t13Np97Bjb0vyk1dQi7Igf5kX17ywi0DrCH6AU9BK3YMAk7WkWkL+K8jek2DN0tyOaXvM68uF8ajbob6CmOBnZVHVE4eAtj355Z5KDwW1mn0lrnrr/WdGWA8O4EQ11iYXPk52xnlpnpvXCQI+ADJCOHT/hkZqHZIdLyWMqWCIUWDdYgC1hjWeMdf2FvQPmJxhOIy4WwJWp3778WDmJcxui3XUs/UNYITPawusGluH5zlS7Hbis59kVT32w2jTnLjVKE+jTcm4eUyvQbykjNt/PZSWr54Lzby8waOq0amB6xguxE8H52V5qZEy4ZmiUSJBo2QhPR6XPMhvlspPzAy2ohcVgjPKjJFZ8w9cqlaSKz5MzfJ7w/vWuxDFkRQCsby7OE8r29IlocS/AN9Doq//TaZv4Dh1HL7N3dFnvYEy3M+bQJSM82htgOfAvMDuD6L3hk/bDQZPQ+dS1k/1RGJ8GecAnXgUyt/TrQ71dYlAQJtOhkI8Cpm3KWhH+NxDi46n5fzsH/3CB3jF6U+TGr3rxbxTTh8rWNibItHPsm7zWPHIrIdST/t4+tKmmPw9+Tb61PxL7engG6WYUqp49mfOxYoLeRToJ4Oq4j1zmTjxJomZEqqUmsWmjD9nF1r3bfl/pjLicx4Kl+cR+BcqJFWg9YbBlUnrtp4K4GMGHSA1xyboYGiLkOHmStJaICzcZj0lstGFVoiBUdogMF6WYnYOrVi+U923rMjTDFDMuGnNX21ijFszORAjEu97hAaHJeB65IO7tMd5dCJ0EJ8x4HECfbhI1obRgfM2gCRgjH0MNEzJQ9Mj5doKnPyW/gbszf9k1dXOV6ydGBlSy5QC/KIORRXOhc4w6X8pm9JnD9STSpwAAMRt8+oTDt/myfmXR13GhOR0rOGl51DX0ECQ2ZC5axePcpj20aTauiOGGBIkrbCBg9usSttMaPEu/haRhWVTtK7kH9BQrPikm6P1ZasGdg3eid56W6kMMpETWjMrcNnTOCdle4i/MOQnx3U+6bDRJBXpDxDkXwtSkLKGm+MLlv04Kf7w6sVouth3nFhYhtQ1IavFiS5e64tCXu0Qq3SFmHIOzvAFaoZ7tzHwz49zeNaF/8wvnhbSRi3IywT9Bl57m53XohxpK8Z3O5Lt1d9hF0lDSKqog9g2aAYHebKOkzuHd74J8EdI5i6FZlhaRRXStsGYjAiSNv9qjqwPQ6o5wVRsOV7QLEWWKeYAnV5VKhtoaeaDJff/iUVRCEOXKnDmUuKkWvwFHqd76ymxOQJakswLCAxjJ/OCcD8ftaCBPFPyBz/TScPCQIMcyi6rMsbTpSYVT7RvVx+xpzvsSnssXnq6qdhAhZ/v69nQvGAr7qevrn+Nq8Hdzzpn5lxfrhptg9exybN1qg3x+940k1+JFHtL8yGWYHoCE4HeJkj5xBki4gNtw2KB3Rp0FDkVi1ORmhDjtFlGCTbWMAHz4BiEFv0ZhCTYRB0xOeIpHn9Oe6xom+UgjKMHz9O9h/QliYjuFfR/J8YiBgWWoafvnL/JxssOKA40B28ASeBBls8igwXbiUG0bSo4pY3JbDKrMPFGsfxZIm0qnWVuF6Qo+iHhgVbgWXp+9CISzOZTl32GY79k1hAz1Vrcpy/ENgLbRhHfcHpBQ8Ilch7LLVLKGxmcO3lL9J/Ija1dwhqXhS0SOaEVP2jGUO+qc+byY4j9gr7CEWVstG3GpT2jFNQTt68k7gCouOXm64bnzgcQUkaUP/yomXLqRDZ7zJyiLmFFSNql4nROSbywHzsketb2hwhlbNbKWH+MImaOURSWWnjEwgYtr3UilPv9QXcc0ZKp2mXEz/2BSWAB0FF7vm9CdgeFoifrIxpMoot89ir1aj82WzW018KrZD+PpxLyOpNWbqwniYjKdbClZAmrrqbWOnwm14Q3aHTyiKm5nKSZc8UI4N6GlTDKJgrY7RJ6lMfbkHIs0OCGhXCSGhT/ugkKCWVqQYfcnT9zDprbCes2YbjOq75s8l0r1HZ0gR6RMn76zp/s2yV6xJGhyqwaDNxBV0tnY2KX0dBJKO1FeGuacSSkfvr+Z1YL62z2Yi1JjNzVXnp1op/MX0NI+5R9YZ9QRueOVkOhceHUNGiLhIle66I8H/3JHPAYtAVfluYClHxOFCzPgvKpwph04dXjCocIcvUX86a9bfNpSMEtJUB17UzCTm93AuHmVAjzS/Gq2rbanxOuYDASb3oe9PA6da+3J9nfWeTRWny0rtLgtdSIeiBAgHsfKLnXeiyJjF73xwTmCQsyuEvU89iwahoBrX68ElaKnF2e2sdDUxPXZZ3uBw7vNdkxDvRLqH0Xs6lvNkLFWxPy2KvIvlUMEP/zpCyl84A58uYwY6ZhPIUURLu+5eO88+k3QIndm60BSC+PN14OYQWqkV/4kuGO5PqPLD1lwjsKwEabP1+FoQyTiYVMMrlvfyR8dClZAd26bE1CQMwYZhykF2/cBIC0Bu2ibrn2j/a/yeySFp1kLN8LAAt2MqTy0RbSr4ZMH8wDFdeRKTK4vkq2DBwiICV1UDlm0HWOLO0v2/XDmIHlClt9kfd5Z1MW4pviX7lGFEkWFmvhn/HbXL8FdT0AGD6fGZobeKOrlfntv/93wIPfJEMEaOwzCJzqxryCiKtkCo4qptXGxPfgBa7n/LU1rGs/JIux9QYwAAbI1RoiSHKPfoerd3Z1AzteW87vXbMONKhQoXgNLYUoKVNjcnOvdYW7pHTswXTD+Xrycnt+KoSlEwt2yxT/Z8ipvv5ldHhW4/8z7MiVYTOG8vBExNevx/RclhK8IewYUdtnJv4G3BVjFCopqK5zMAhKcCgb2s9ah0FwVB7ap2qfZAaBLOoQ0ReqpZ0SlgC5oMaHxxIRSNscD0bf5OyURB+/K8tTWzk/SUi0/l9AuljMXGYGk7QZBniXkiIALN00XUiXRqOPHlhMFqMMI+CHXv7NwJBcQWDdqslRW4k1RgS5EwFWqJfkiL9jjCB2GvbeoSSSjSLIHA0+uBwVmD6CEvK0xKjo+C5ndBsYdzt+oOzfsSTawQAbmnJmQUzQIA/MW0pV8ywZMxbDdLQKavRqqabZq7JwWvRCzDV9r50Urp1lhwxvKBIhhBjgJQKn+0fMug8VQ7J2zuhRJMvkVZzhiq1qamnfdaYrxeiPiEoJVIepXFA09Xr5Cfv12GHEd2AMQ4TipS5jBClKKhsh632xI6IHPpsZiInMWoYLeoUW3JgoMCMhoeT8FMaumVR3WM2h
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-21T01:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e545e5e-0290-4155-bc77-fca70a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-25T00:07:49.000Z",
"modified": "2020-02-25T00:07:49.000Z",
"pattern": "[file:hashes.MD5 = 'ddb4a1d10bee0557713c28dd3c13ccf9' AND file:hashes.SHA1 = '0dd3a3eddd2118c216c3c7c9eb25e94a151a8f9a' AND file:hashes.SHA256 = '4b1ed598f4612b637fbdf7c5f5318582a82f5c53a26638a1b0dbc228d519d721' AND file:name = 'inv_dec-YL_43366886.doc13131.bat' AND file:size = '346616' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAMO8WFDaulq/bb0AAPhJBQAgABwAZGRiNGExZDEwYmVlMDU1NzcxM2MyOGRkM2MxM2NjZjlVVAkAA15eVF5eXlRedXgLAAEEIQAAAAQhAAAA8XoZljea99+IjjIJjCieVNOM+GGcaxKl+FfXCa52S5Sej1zTITXvt/zlr5GHxcLKTtqQqX2dN8F5FpeNxqLR0cKx4XJJC+usW+VHV+gNV4B0/c01Ca/QuF90sN6mye7M9Wdi/88fljqwlwQI2aKuGRZ2ggIjebzSQbxS90j/hUALeZUhj2tH3APRhSdt8QbJFW6d1/9r0hL/gin2kKa7YFml5iWQuKQ4V+oATplSM0QDOu62uyWoYiZ5PVpT7+GejfERhnYDslKKHZ1NkfF6aivSXmr6PIsO1ANbFhupJlh2CmMcuAC6pVUDkIgPPmqPHrC6sqp5O4PG23l2pMJMzgzwU+cgB8eAFhMwpuIu4zizO77O4D19im8kky4jlQEMP9QbmtSJIZoCDuSLuGigF7Qodk08WrycN/HbQhhdYa1JGhYmIIACvR4FBD9tCtMCvQ2rax/2YdnLhTkGRK7iePG4tjQ00pZewQC7PxrGIwW92+JJLLs7s5h797o6f86hdOCrZ8obz7jhGoVSFPOSamySZ12oBx/eTxvS8xdvZCYrRBToavOFqdUBE+KptLMN8xvPuk8CbA/9Z/zF2lmxbo035C4O4rvOaG2AKRhj4lRikkuCY4EctX7BA1lLTKpBD5loSFZMk+SIhuZUNA9maVlP3lwDrqjrR/UNRxcd5mLoegDtC/tIsK1nQkpcGxrdHFdblO2uv7dLGtcd0Wbdhsetr7sf5ZtfkHuTeDM41VkBrwkCMHkkOEb0bUzu+OQy8tA7v/Lm83Dxx2255ii3u+xJ3sEof//FmvTEKCWu6pzwFh7j0zz465gsAn/fuXc1tYwf5fBbjeQO3+HLA1xjVyVTjG9hI0abHAZRApYkNl/J/msZ4xy0FCGc+LStcT/UdZDumQa2iWHOWJtWPob0/yoPoG/zNvrLUGPduDrYlR2h7EvwlDcnpB4yScyNTsO3MJqFlu2rMs5dpmEKY0yCXofYmUE3/D9tg8Q3A8klJ3wBgJRuPaFnxXLdtn9dMbZJXw1eoCHIBCNXaklzT/VSmyjIMuArc5wwOPk+4Xc9eB9s2J9s41iISmapg6vi1U7Y2EqLgCic8JaEmniOPr94K2maUBDPXRzISq5Li3xXvDd3A7PCG3AWgE7cc/8fmv1ImJ4ihfuKf/8dGC7b/OeBQnfyc4dpYrME4fZUTu+r/ALHk0GdB3ucOB5Xh2uXbHodbX3lTmB1p2G4mCTQOBz6uR1DyQ+4E8UjKtowIBS0y+4WTv8XepdGh2+zQ127xEJ37fVw9Yc0SwgJBpnUuO2BDq2zN0IbRozSK1uKig2IBZiw3T9BRHnYH1AA4yaPetmBa/Lfo7OCs7pLUOV4DhSVgaOIOGGshacCm5Heoius49KrwqOTbDwhZ7RraqPcOLP/NvheeIZh/iWl9J4eVTud8FjSRfNEFawYl8pEcsCrmsM44DhSl7BQIFCo1194UF/SwTnQLl8ZM3rAV7cyxky+eVoIc1YsV6b/OQBFSsJizNAJ+Be5AUvvOzQUzy4i1VUy9uENiU48WfqV0e39jTeXU6IKJ70Zor1j2J1stAJZaMl+C6f9sg8zNgvRZoKj6QWprwl5BjD0pBlgLiV9pityy3QNtYa0aU2WSG4QqqWIluImBKf9JtlWF1gW6ju1mXIxn7Ae2g33gmUTI+LUivkeqJCItmPJlb4+qkn6ruIwZwN/82te9wun7qp9dlZtXxQprvTnwQC0vb2ovJl+Gcfuxhm4tRQONxLnicxcY4CEbHuE+Xuk2E8J7h/0t8gZqt2Fy076N09zOCj/TpZPajsOjC+OMJdJmZb6WgwwNPtyHAdWhTPca+YpkctZLL+cy7KHiYLIzSKnQHOs/FIo5nsQ+Y/9A6VGANHaTjEMZm3aRGeDrQGxXlJHuE8yix3vJ6h2pOsPxPn7i1/sDZiR5vE3TmddIQjMHO/qBhZH1QzaWzGDktglXUuufprgN+UZ9wm/ArP2kuFXXPxm9KWvWXdRHBvSTf0jJJaotGlP7EAtPEZmAYXmnLcm1PTvoZ+DhKwXtmdh9wp+Fu3sslhCDAs6HJ+R+CAbiy061ScJgAI6alZMl5HlM6NDAVJ9k+4RhkillZPortNGLQPDsWPGb6GC3+g4lZmVUBK4i/3A6EEsczoMVP27oIjiv6QAUeMNXN/aW19xLj1cnQ9/UcNHKSgiW0MsFtu2QRFBDxTD+ITTWSCLGbJ09q3LmTGUOSz9DXJ0c8l/RKbkIQBR6al0BOlYQzPq1sEXYYjKb/HIv4ysHjuQbxiH22GldeZMoDR8Oq5BdfQ+qqtarZxKC53z0gdCHH+TCcLEygZYKoIfcg5X7MWpxPb+IJ/9VJrQ8KJJOkfnW8iJy0hzE2tP4ZEjY+57SijghiWRSt1b+1M4DIwnBfLrs7gFlFOaOy9LSm9amtBOZiHuZPRIlHolYMbuBNxcjE38dFwiZakTud4wnrzkgsIaXCOqJKFhLYVePYmzjut3yklPmKIER+FyfIR7E0AW9l4hluzhw2/0CsVnY7AmsyWmVQfZsDh8gjWnkRNta7QrKxIw0L1YoS189kOpnCSATaI70ERYy4Ecpw+7uHhgWhxo9r+bk1I0KNcX7Njj87ARRClqsEBZVvTj79UZxV7Y8LIxu3CyW43Clc8SOsnEu/1vHvAqh2L2Gjv1FJGbKFR59alEzynwn5OT32nPVgWHIEHfVwHr1WcUNr505tBs1xlHo+SnL/KkzYlxHupQwxKTsGgjkHNhCfSpLoR//GY18DWavkNaWESgqyaQ8edLHKXSuRa7JMy1fEDx593VCWPP8dZ3b4anQu0Eo3eZrXiXMrIPFzofUat/5ksp/OieE/+thIO3S7diqcMBpLm2EwMJUCH5O5rd86Kq0hdwTnBx/sHZ+EuXgex4ytiyeyX48jqkLU3xgFHNQw6IDqNukK03NRuROvos+Ro+9dNkYmB206+UpybgDwRrwHzie1yTKjsoFbxzBe0qRfVCmYEVXyalabvPnSTq89UQGZ1KkC5uO2+ilx+DI+x2+zLKFTehmLFjhm8qeCOXa2s9uAOfqYGksNUKEOJGe+vFkSfBfJNcUL+hDEL+VY0Da3LNknMJdmy/UOmplRc0n2ZtD+6z3xGLfzTev9UKAwLRUu3vJrVW8OZhFk1SO9pQoFiwPvwYOwaVxelNj69vFRpfIEA0F39UPHGS73dKdkAfaoHpq3wXwghfLbecPtfyPpja+ZdsQVUrXGFRFXaMzGbTCOTlRrth5cqKXmw559peKBxHrqxusmtySCXH2BIlX2rykreM7QGq/UBxojVdElcHCZjk0sSfuSAVDOnHme8SEBTUDIzby4+STHr3NQaXW6lGvT+dD+Jd3l2vGfmCf3fT+MDNKYEQBkBQLua+gWOslihGRzv4+L8WRLnFn7xKgsVqH0zFFZAY5+vjvDZnVtcFtr9kgieUJ+urXcSBKdiRqP9rTuHish8oVk9F0T0A66j5FGG+HhiXIOW2pZS13E2Zum6LvicBpE9s1QuxTLdbhtl3+oZJXmgegMiGwdziBlYhx+d5ZXpLck71qVPvep0D7gX4HXLseVxI1uISizzLDWVzXUBsNo0h8DBhkNzXRVTpfyb+aU
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-25T00:07:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e545e6c-2b30-443e-b95e-4a6b0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-24T23:38:20.000Z",
"modified": "2020-02-24T23:38:20.000Z",
"pattern": "[file:hashes.MD5 = '844796863b1bc1503b43b5072b22e79c' AND file:hashes.SHA1 = 'c23a7e5af8cdd4f0f3f84a24a438e4819c8902e6' AND file:hashes.SHA256 = 'c336f01ac4619ec6d85d5e1b0ef9ef77925d7fbd334bafb6568c5370c09fe3df' AND file:name = 'inv_dec-YL_43366886.doc' AND file:size = '706048' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAMq8WFD8R5EoNr0FAADGCgAgABwAODQ0Nzk2ODYzYjFiYzE1MDNiNDNiNTA3MmIyMmU3OWNVVAkAA2xeVF5sXlRedXgLAAEEIQAAAAQhAAAAZ+q1J01RI0vJf+Q3sqyGB8AwNXV5YH1N0YRVOieb8UNVhyZjOtk+XhE7RsM357moc4xJ1L9jRdZYHWlcVBs86d5EhVf8S0UgDsEp9xkZUsmDO1XepdI+82cROWP/30kpNuKa+qdONJSTw/A03UlZUT+oegoFrvufuKRP4ZCSZP4BDOD9Fd36FSgo4FM1Q9ycwJQ0mPOakVmaFlKZ1tw/fBaxHGfG6eHy4S2OCZUiJWtLlSzjtSqWMoD1vjgzUR668+z6cQz6DaPQ70oNhLz6759O4r4VtNFw/xB9TrKYti71XZy9+uOoLCYzswHIVTsbYpbE1XeVonQNapTJ3AZd3BOYVYwZP5PC/tgGXB+LJ73zrIggBxh5DaNscy60u4AcwXc6ZQepm/CRnLWSyng8eWAzFttZcALts18/q8NwE+2u9oxGhTpHelzphdUNuO0VyhAGhM6CPqFuzR130L9t48bCicp5gavjMj6hsf07UQjDjfc34EJVxQoy46S8q/5wXLVFVQGSrgcuSbTEnohye1Hj+NRkVENghYvtNtsx5OdQZuEi0lIMPy98wr/uFF8kAGsL3PHlsRNHE4B0oELxmH2JybyvaiUxQCwB4qs8QSW/rmfDUPWnNtv1+KkzSLE4bm6W9EksWs5sM4wKSjPFLXHCVHcTinB/+myxoBHldJ5CejoH5ZhNIgqD+ueV9CzRM1nDHeRZ6A3Ksp71Wogsgz2dlKtr789DeZFKtaO/+QYYErDWjV0GhzUelMOd7ZqY6DDI6SSI+RjjpDzMkVW1P5uXtDHXiHUdj/blhZE6JKwJ9fGpJL3YI7SdAof5YP1tpx73d13NCABUKWUqlC9EJvrVWLqASkUdzlISquyjswNcPOjCuMiqf4WYbt/L7LgnWm0+/55jwlReba+p02nQbUwiUIFLZFwx31wAp8Qi9mogxh/9/f6bSgP0BbFLbrbjnIuSESuIum/BRSmgvHFJvkK5P/wv9jRufYGfMUYYEGGSx0qBxTRuni3uCuJVDJoklR5HERYWWutENNUTDwXquBLzJfYSdM4CvioZ53HOvzI8KDRa01X0uzANWhislc0UR9EwCpKORdM9EVlc6qujlrgpshOscw35Sqyr3ayAu8fh/2GzXNcpGcVKwn/jTD4bMsdiZEqkwKpWAkufJ+2tSTye7dpse4oPvnT5WBAWLGEHS9Ouvn4oZP3QUrytx2DOYFndH2yj/dMreD0hwtkuQ7PtIDpftkZRfE0q/QvmdZX2SRqegaH1KnG9GI6RCAHN5yiajA1z3TDCdZ+AbtNGwq3WcnUXgcZLMYRFUu1xNN/8tHVdcDQGkkHpZUwBlUZ52AkKt8Zu9D9ZR1V6UR0nB1HeboQAe9uswEoQoxJHw5ur8eOfkKHieeahfKdlRwPAWm40r8X0KUrZA5KKulCzKaI3tOhf+GahjVPPtC9bsHr2eYyK9iLn0vQ0h+Fo7AwMZz2QKmQln3164gkvh1v8FgwTYdfyFUsodXBrJneoY+2jYrPcr3da1bXIx58SYldgLJYGrzPjRX+QZTpbHWMJ1/YbwUgxT6qsjoAVXvNbfnjK6haMJ7/tijaj3y9ZpSRNjg2z+/RlEnNlBVuoqQC8wpLiY13N5/26BgTUcyIz7+00TRngPapQPX0wsTtxRIilS+giBDYXVRj3ijr/Zk5EM0lK9GYbBjYMzLAu08anaXBxWNNEGxbQTyiTbvhyNkt3cJpxWWgQHwCZ+Fwc5Gw42hZKOm9ysq9GkbBk7vGR+eiHKivsztuoz8fq7WSdWzK6Lk+uSHlYmiag3HEe7uB4z9fO/E+i0as3SPqA2jY28wmTPmQHWqglRN6Bne94EG/eMzeWZ/O9vWyn0uKYdaHtdVQ7kDgdj7Gd2wDK1mv/23nDXaQaCNzrTkCn/+8EqDh/i4OfwRKkv98nhqpQy9Dfvg4xM8CJQLjxLn+Vzvw5SW9iDlbjOjL5FsuCaJ9aCh+Xd3k3rQ9LBWnHE21zoB+qrAtd6XbQOy1UWX7mWkT8zqufdlDb13tMyyy08BglO7re1q40HkQE2vZ+NZWBcGgJxmZDhntqvFgVyq6UlHSE+FvebhroD9li5zyPH0vH8T7Op2o8TH3sdk5pIdpGcQVAgTNP9+r2brL2RRlFrtnJExnEDbQ8S0HtNz8RGUkKgRLsN72z1Z01urRMsmFvQ11b14KAPZNwtgOop2DfhrFD+U+kJK+gFrGFFrmZR9rjdQunurgGq32NhcQWbuj1PM9cELq27PWoo138XF+LzifRZQ7wAcX+s57XEotyrTKeSZZ86g/1TKcmA65TKYq+hsoRUPjbuifST6NfqRqbxa8beemNmaNpefS5ZmNlituJ9j/RVDP2bFbwVUkNoPOdVDSd8Qsbv1ovaj61uEJ913+FKX/Dn3sfVgCGvFmDXX5PdafVCahyJVLaQ0Dn2gWtMV43ReWKI7M1hvVHb9IZ92RrBit5v4hwbMu+v/RUEw9HwxfqFRoLK7YwLq//WjSdXUEKZrrxRvPBxK71OvqKAnF89TG1mHgOMWDKccFhndXBkp8tC0n1op8FtqHiI/fedzVwXNuHIN//ABuoNY3eOSqma8e7nRHGfQBwop7xh1jrKMBs0FsUfFjM8+eNA0J8pIfrIF4Oujrl9WZnyqbySS+H0j9wo4AY0Q6p+QkMo/y0vmMiXwLelOaV3xgSoLweA3op7yhP0dU6ejcUz83xnjpVlFpwediEOdtyBoLP3FAHcKNIo5qcybS941jS0WX7Uvr6BNjqWFmWrUl1qOwZGI7mCHaONvsKnGFuH9Uvfrc69U28vONEmOEdhH8AF+1eCqSY7T1vp2W59+/CjHY8eao/ZHr/vkr226UPdAMhRE3Meqt5ChQoSdHcH1osUMCBydl79f5cs406h8ZxQI+6H4JOMsZ/cKfft7ncKUMTRyN7Ug7pwfaIwieVW1aeBDZBbBXa3XvzF3RDssI4/0Xb0PyY27LddULgaULLba232phe9zULJM37cHZI3P+J4sqvS5/yJzXsrhMhqk7WQBwVQcX4UVJYDb7RFNJ/EUatZLbmeLQj64Zzxwcx/KpZBokQgHJU52PaP5z88tj8ufF3SblA97SnFb7UVvCHhGabRUj3CHDVycI5nPIPnQNLVR0NeNzBDzPLDc3fJNqQlw0vIo2sHR9xHcvMgxeu6ItOZbJWlbkSvlHIBPEzYdb+S7stOE86OBEffWnsqGYmleYik8CsnEJqI+kmlESrJJTNOJR67LZEJjW/T1ytsSjoivv2IV+zI2bANTorSpqrfs8JZE7p9Oh4/GBw2DMXzWPXCPtgOFgUdP7C23jjs7o0bPJvjBV/vrBsJB1loXMgygitOSskpI2jvitHZcKqhbse7UascMEaTcvIRyHkZDZAxtD82nU9lPfrDKi2G/xASGlnYYfF/CROi8CEnfG4zRq0ihZa/Qb1t4E5+jUiAnZTnJvWmVVjJVsriEj4o4u2HfGBm+o+u2HTMfVyYmikzy5gJHo3B4N8IP4TRSTLQaDe8po0CyWJAflHwQtZiJuFLMMHP9eXtj0SX5r9JFBzQ/uBpc/CJJJ9EpXhuT/yTqzhURS/J/ACfNqnhR33xMT27ewMNdUDeerJrQAmigA
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-24T23:38:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}