2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5b6aad49-a01c-4070-aba8-4b32950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T13:52:50.000Z" ,
"modified" : "2018-08-09T13:52:50.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5b6aad49-a01c-4070-aba8-4b32950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T13:52:50.000Z" ,
"modified" : "2018-08-09T13:52:50.000Z" ,
"name" : "OSINT - CYBER THREATSCAPE REPORT 2018 - MIDYEAR CYBERSECURITY RISK REVIEW" ,
"published" : "2018-08-09T13:52:52Z" ,
"object_refs" : [
"observed-data--5b6ab10e-bda4-486f-a00c-4ec0950d210f" ,
"url--5b6ab10e-bda4-486f-a00c-4ec0950d210f" ,
"observed-data--5b6ab10e-330c-492d-9732-45c0950d210f" ,
"url--5b6ab10e-330c-492d-9732-45c0950d210f" ,
"indicator--5b6ab336-38a0-4764-8abc-40d3950d210f" ,
"indicator--5b6ab337-1068-49a3-afdb-4a69950d210f" ,
"indicator--5b6ab338-78e0-4d4a-a787-41b1950d210f" ,
"indicator--5b6ab33a-6ae8-47db-bfd4-4381950d210f" ,
"indicator--5b6ab33b-c090-4fec-a7d7-41e3950d210f" ,
"indicator--5b6ab33c-a594-4ad0-a38a-4de4950d210f" ,
"indicator--5b6ace27-a8d8-486a-8661-3b5a950d210f" ,
"indicator--5b6be7a2-91c8-4105-8c34-401c950d210f" ,
"indicator--5b6be7a3-9aec-42d9-a80f-4915950d210f" ,
"observed-data--5b6bee08-cfac-4cda-becc-41ff950d210f" ,
"file--5b6bee08-cfac-4cda-becc-41ff950d210f" ,
"artifact--5b6bee08-cfac-4cda-becc-41ff950d210f" ,
"indicator--5b6bf451-38c0-4d13-8875-4ea5950d210f" ,
"indicator--5b6bf451-eca4-41be-8a8f-4c08950d210f" ,
"observed-data--5b6c0839-50e0-4a66-b03b-3d3b950d210f" ,
"file--5b6c0839-50e0-4a66-b03b-3d3b950d210f" ,
"artifact--5b6c0839-50e0-4a66-b03b-3d3b950d210f" ,
"observed-data--5b6c0849-8d98-4751-9ec4-1a6a950d210f" ,
"file--5b6c0849-8d98-4751-9ec4-1a6a950d210f" ,
"artifact--5b6c0849-8d98-4751-9ec4-1a6a950d210f" ,
"observed-data--5b6c34a8-61f0-491d-87f5-7840950d210f" ,
"file--5b6c34a8-61f0-491d-87f5-7840950d210f" ,
"artifact--5b6c34a8-61f0-491d-87f5-7840950d210f" ,
"x-misp-object--5b6ab236-9b58-4bfa-af84-4320950d210f" ,
"indicator--5b6ab3aa-1558-4434-8acb-406b950d210f" ,
"indicator--5b6ab3b8-08e0-490d-be87-4168950d210f" ,
"indicator--5b6ab3c7-1344-45eb-aca4-4743950d210f" ,
"indicator--5b6ab3d3-bb34-4fd0-b76e-4ae5950d210f" ,
"indicator--5b6ab3e1-09cc-4bdc-9a16-494a950d210f" ,
"indicator--5b6ab3ee-613c-40e8-88d1-4a64950d210f" ,
"indicator--5b6ab3fd-5094-455e-b3b4-4cea950d210f" ,
"indicator--5b6ab40c-9a94-4194-8720-4dd4950d210f" ,
"indicator--5b6ab417-4004-4d04-9548-41c2950d210f" ,
"indicator--ae2ca65e-a566-40e9-988c-afd94662b78a" ,
"x-misp-object--0aaae123-be6c-48b9-a529-8423c78edcc5" ,
"indicator--3d2bdce2-0a74-4132-9e62-ff7f6bb49d67" ,
"x-misp-object--bee356cc-192c-41d8-a4cc-78db7e2abb46" ,
"indicator--b73de252-a2b1-4e50-b191-29e4730ad2cc" ,
"x-misp-object--0d7c23b3-5109-4ec7-a30a-bfde82cdf32e" ,
"indicator--75bde069-c661-4ecc-bb80-59a5e42b7df0" ,
"x-misp-object--28c3b8a6-fa30-4897-ba47-71b6e5cee2ad" ,
"indicator--a2c4ac86-5ae3-46e9-8595-e2578538cde3" ,
"x-misp-object--758f58b1-4646-4969-a6bf-c413006a6b0b" ,
"indicator--00487172-a3a6-417e-80b6-0c9ae860ec04" ,
"x-misp-object--1bf1591f-a504-43e1-93e7-8af6576660c2" ,
"indicator--5b6be6de-7464-4d89-b7fc-400b950d210f" ,
"indicator--5b6be6fc-67ac-4106-b483-451d950d210f" ,
"indicator--5b6be73f-c354-4007-a8c1-46d9950d210f" ,
"indicator--5b6be75f-a370-422e-8da5-42a6950d210f" ,
"indicator--5b6be777-e130-4d61-a2e9-4890950d210f" ,
2024-04-05 12:15:17 +00:00
"relationship--d5cdedbd-c433-4023-b29e-aae441ce5603" ,
"relationship--0402d821-a25f-46de-9785-726d4c4051cf" ,
"relationship--86533ff8-789e-4b08-9544-21b20f330406" ,
"relationship--59c4b9c9-8788-4374-9d83-da3d2434b195" ,
"relationship--aea80c16-ef4e-45a2-bab7-c8208195f532" ,
"relationship--b72d7da2-df61-4b7c-825f-4081704a2c78" ,
"relationship--97318206-95c3-4078-bcb7-29b72e08d17e"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:threat-actor=\"Cobalt\"" ,
"misp-galaxy:mitre-intrusion-set=\"FIN7\"" ,
"misp-galaxy:threat-actor=\"Anunak\"" ,
"osint:source-type=\"microblog-post\"" ,
"malware_classification:malware-category=\"Ransomware\"" ,
"circl:incident-classification=\"malware\"" ,
"circl:topic=\"finance\"" ,
"misp-galaxy:ransomware=\"WannaSmile\"" ,
"misp-galaxy:ransomware=\"Black Ruby\"" ,
"misp-galaxy:ransomware=\"RASTAKHIZ\"" ,
"misp-galaxy:ransomware=\"TYRANT\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b6ab10e-bda4-486f-a00c-4ec0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T08:59:58.000Z" ,
"modified" : "2018-08-08T08:59:58.000Z" ,
"first_observed" : "2018-08-08T08:59:58Z" ,
"last_observed" : "2018-08-08T08:59:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5b6ab10e-bda4-486f-a00c-4ec0950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5b6ab10e-bda4-486f-a00c-4ec0950d210f" ,
"value" : "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b6ab10e-330c-492d-9732-45c0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T08:59:58.000Z" ,
"modified" : "2018-08-08T08:59:58.000Z" ,
"first_observed" : "2018-08-08T08:59:58Z" ,
"last_observed" : "2018-08-08T08:59:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5b6ab10e-330c-492d-9732-45c0950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5b6ab10e-330c-492d-9732-45c0950d210f" ,
"value" : "https://otx.alienvault.com/pulse/5b69d37292f5ac2b98346cf3/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab336-38a0-4764-8abc-40d3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T09:09:10.000Z" ,
"modified" : "2018-08-08T09:09:10.000Z" ,
"pattern" : "[url:value = 'http://toshiba.org.kz/robots.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T09:09:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab337-1068-49a3-afdb-4a69950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T09:09:11.000Z" ,
"modified" : "2018-08-08T09:09:11.000Z" ,
"pattern" : "[url:value = 'https://swift-fraud.com/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T09:09:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab338-78e0-4d4a-a787-41b1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T09:09:12.000Z" ,
"modified" : "2018-08-08T09:09:12.000Z" ,
"pattern" : "[email-message:from_ref.value = 'info@apple-istores.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T09:09:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab33a-6ae8-47db-bfd4-4381950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T09:09:14.000Z" ,
"modified" : "2018-08-08T09:09:14.000Z" ,
"pattern" : "[domain-name:value = 'safe.my-documents.biz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T09:09:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab33b-c090-4fec-a7d7-41e3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T09:09:15.000Z" ,
"modified" : "2018-08-08T09:09:15.000Z" ,
"pattern" : "[domain-name:value = 'swift-fraud.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T09:09:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab33c-a594-4ad0-a38a-4de4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T09:09:16.000Z" ,
"modified" : "2018-08-08T09:09:16.000Z" ,
"pattern" : "[domain-name:value = 'toshiba.org.kz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T09:09:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ace27-a8d8-486a-8661-3b5a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T11:04:07.000Z" ,
"modified" : "2018-08-08T11:04:07.000Z" ,
"pattern" : "[url:value = 'https://swift-fraud.com/documents/53763987.doc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T11:04:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6be7a2-91c8-4105-8c34-401c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:05:06.000Z" ,
"modified" : "2018-08-09T07:05:06.000Z" ,
"pattern" : "[url:value = 'https://api.toshiba.org.kz/robots.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:05:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6be7a3-9aec-42d9-a80f-4915950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:05:07.000Z" ,
"modified" : "2018-08-09T07:05:07.000Z" ,
"pattern" : "[domain-name:value = 'api.toshiba.org.kz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:05:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b6bee08-cfac-4cda-becc-41ff950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:32:24.000Z" ,
"modified" : "2018-08-09T07:32:24.000Z" ,
"first_observed" : "2018-08-09T07:32:24Z" ,
"last_observed" : "2018-08-09T07:32:24Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5b6bee08-cfac-4cda-becc-41ff950d210f" ,
"artifact--5b6bee08-cfac-4cda-becc-41ff950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5b6bee08-cfac-4cda-becc-41ff950d210f" ,
"name" : "RASTAKHIZ.png" ,
"content_ref" : "artifact--5b6bee08-cfac-4cda-becc-41ff950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5b6bee08-cfac-4cda-becc-41ff950d210f" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B Z Q A A A M 4 C A Y A A A B b X W e e A A A A B H N C S V Q I C A g I f A h k i A A A A B l 0 R V h 0 U 29 m d H d h c m U A Z 25 v b W U t c 2 N y Z W V u c 2 h v d O 8 D v z 4 A A C A A S U R B V H i c 7 L 3 Z c x x H m u 35 + 9 w j c s O + c A N J c Z F U i 7 p v 11 R 1 t 83 L 2 M y / P T N 2 x / r t P l X 37 S u 1 q l Q l U Z S 4 E w C x I 5 e I c P / m w S M i I x O J l S C Y B O P Q k o m M 1 b f w 5 f i J 46 K q u r u 7 i / c e V S 2 / q 58 C 3 n u 89 z j n c M 6 N H A 8 c + T b G H L l G A R E 5 s u 1 T x 3 g 8 p y G O k 9 I e L h 624653 G d e + C M 4 S n k m Y h r y 57 r h I 3 t T 5 U q N G j R o 1 a p y O u v 9 z f p y U Z p 9 z u n w u q P u l 0 4 m 6 L q t R 43 y 4 b s / M S V z h W e M 6 H r d P h X + s h v O s 4 T s P v 1 c c W 90 n I h h j y t 8 F n y s i W G s R E U S k 3 G a M w V q L t X b k P A h 8 b 1 R c Z J x Q H i e W i + M K M r k 4 p 0 o o V w N e B K D 6 + 6 S E O G + h m V Z c p F B 8 C j h P / l y X v K x R o 0 a N G j V q 1 K h x f f C p D D J r 1 K h R o 0 a N z w G n i T L P Q q C e d E 6 V l 5 x G X G b 4 q t c 5 j p c s S O K C H K 5 y t 6 q K M a b 8 u z j e O T d C K l d J 55 J Q V t U j R H H 1 I y I l o V w l m 4 v f k x K m G s D q M e N K 5 k n n f U h c V o Z d d l g / p G r 4 f X G R s N W E 8 u e N a S 0 z V 9 W g f O 7 l f 1 r z v 8 b V o H 7 O P j y m u c 8 w r b h O 9 V K d / x 8 W t T j i + u E 6 P f / X C X V d 9 n n j u u X / V d Q z 1 y 3 N x n E R Q v k k X G W 8 r 4 K 8 f t / 8 L x T H V U K 5 I J l V l S i K y r + r 4 m F j D F E U l Z / i / B G F c k E O V 7 + z L C v t L c b J Z G C E h C 4 i W F U 0 T 7 L O + F Q K c 40 a N W r U q F G j R o 0 a N W r U q F G j R o 0 a N T 4 M T u M I p 1 l l D N P v V F A l h s c V y g X J 3 G g 0 U F W s t e W + g n A u + O E C x T E R M E I g j 3 / S N C X L s v I z b n E x 7 q l c n d E / j l C e h G l M 9 B q T U X v Q 1 a h R o 0 a N G j V q f F x c l a r p u u A k f 8 E a N W r U q F G j x t W j K k g d / y 7 a 7 e r 3 W V w O r n N / 56 x x P Y / l R a E + L o T C U R S V t h Z V K 4 y C U C 64 X u / 9 U U K 5 I I 2 L v 9 M 0 J U 1 T k i Q h T d M R l X L 13 O K 8 K o 7 z W B 5 H E d D r i P P E 6 y o 7 t e 8 b r t q D r k a N G t O A D 13 v 1 G R D D Z j e t r x G j a v A d S r / Z 32 V 9 l P A e d u / a Y 7 r V Y w h P q V x 1 m X f 433 u U 6 P G e T G N 5 f + 8 q J + X g K v I y / P Y R B T H n t W W 6 i r 5 q Q / B j 71 P O T y N U C 5 s L 4 q / C w F x v 9 / H W k s c x y P 2 F u M + y w X P W x L K x a e q R i 6 I 5 M F g w G A w I E m S I 8 R y c a G q e r k I c N U K 4 z Q m f Z r J y K s s q N P i y 3 w a p o V Q n t Z G q M b 0 Y l r L z L S G 66 p w k f h f l 7 j X q H E R T C s 5 c l W Y 1 j p z W s N V 43 h M 0 4 D 0 Q 6 N u a 2 v U m C 7 U b U a N 64 T 3 L c + n q W 0 v S i h / b h M E k 7 j X a t o W i u Q 4 j m k 0 G k R R N E I w G 2 N o t V o 0 G g 0 a j U a 5 I F + V j B 6 x v D h O k T w Y D O j 3 + / T 7 / Z G / u 90 u g 8 G A L M v K A F f J 5 S q h f J z d x a f 0 2 t l V d T Q / R P y v e 2 N T N 8 I 1 z o t p L T P T G q 6 r w u c e / x o 1 z o u a U J 7 O O m P a 1 Y b T m J c f G 58 L o V y X m R o 1 p g / 1 c 1 n j u u C y y O T j e M J J i t u a U J 6 M S Y R y Y X F R k M t x H N N u t + l 0 O i W p b I w p j 63 a G l c J 5 S i K R o j 9 q L h h Y V t R q J H 7 / T 69 X o 9 u t 0 u 32 + X g 4 I D D w 0 M O D g 7 Y 29 v j 8 P C Q N E 3 L Q F W 9 k q t + H J N 8 U I 6 r A K e 5 Y v w U C + F Z / F Q + x v 0 v E 9 M 8 c J v W 8 n x V c Z n W N L t O 4 Y L r U 5 a n u Y 69 T u W / x v k x r X k 5 v W 356 e t m T L j L 1 B K q 0 5 r O 0 x z / a a 3 L P v e 4 X A R X F f 9 p 7 Q N M a / t f 5 //0PpvnRZ2Xdfk/L6Z5LH9+6MjfqqMc4tDHF6Aahw+fN8L54q/l/+cMmwpHonfqfc5wXCX/CmK4IIxFhEajQafTYXZ2lpmZGTqdDq1Wq1QmJ0mCtZYoisrrFGRzwR+XhHKhUC6UyVUieW9vj52dHbZ3djg8PCQZDEizFO+19NWwUURZRhXECIIc8U8+jkwe9/Q4Pyo3P+1IEY57NvQs5086TzXfXt178tWKaI6HRcbuoJX/J1+osm/8WtV0rVw35Mnw4LH5i8kXm4Ai7Ecf8KP3/5A4b2U3rZ3Dq0Ax+XMVuIp8uSimM2x6bN10HC4arg8R//efAb7oeecnuz78Pa7yPp8PrrL+quJi9T9cRX5eRXqcPy56pJ9x+j0EEXvu+FQHHB8KV5PG01OXv+89Lnqfq8HVtbNXgWkum+fF50goj176KvoyF8HV9H/L6Jz5dtP7XJ4fR+ulyyh301x3weW13x+y7pjeNLyatuzCE9ecp4ZSRHKBq3OkScLB/gG9Xo+5uVnarSaNuEFB1IqAImW1oVIhnUOgw75q2GUCwyaMhXKUuxNAREEVKaqovD+sKF7DNQxgEDS3+fUVvtN7H65jTM7FSRG8ygUl/xd+ajUAx6Vi9TgEURnuKJMgF/vmm7e3tkj6fRrNJo1mExvHpFnGzu4u+/v7tNtt5mZnWVxaZG5uDtUZQDEiwdpC87QoPJeNweXxLD2UqzYXh4eHHB4e0uv1ePfuHa9fv+bN+lucc8x0Oqzdvcva2hq3b99mdnaWVrOJySXQRVQUUDdqg1FdTfA4nL+wFysPFoleIUrHKqqisPn8sPEsUhTPcGHBIm9EQcb8Wsbz+AihrIofp2orJ00kX1QQRtNHiwCUvwrFd/7bDAt7cani21SuFf7O74kbIaKrBTIU9OIeJ1cFo68lFJ8aJ+E8pNv4s3DaOZNeA5n090UH7DXOg/ORKQHT+wyd1Okbfz1pSCRNjv9J5eki9f/508yffsh73+f8+X/WgcDZB6qnh/fsz3ahDPiQOD2NT6q/Jr0NdXm4SJk5L6b1+b9IXXYRCMbYI680lnuPef3xpP2n4bTz67Zv2nF1ZXM6n80a0wlFNbQZp9VL7zsRP71k1zkxZFfGWfbjTxmyO/lp5xszfThcTv//wxDKV9GXgbPWme/bhk+6zueDKR1nFo8xldBJdefkMBf5n/T77G5v8fe//MCr5y/4w3/7R+6urbEwP4/PskDaSiB0FchQ1BokMlgxWAVSB05Rn1cnIqgRTM4hezyIR8UHBbLkVyu+dRgJK2BUEedxCCqCtYbUORLvUKPECG0MPk3xKBrHkCt40yRFEKI4xpoYweAdOAfOByGFkUDOIqAS+EMVLX8jgXBHFQlUOiqCz4nk8LGgJicvw2J5Tj3Oe9QAxvDd//wPNjbWWVxdZfnmDVqzs/z67AUvnr/g1YsXqHtHp9Miy9ZwWYZzGVnaRr1ixEA7EPrWKt5YnHFllpYK5TRN6fV6HBwc0O/32d/f5+3bt6yvr7O7u8v83DxLS4vcvHmL+/fvcefOGqurq8zMdGg0mqWCpZSk66iHcpVQrg78xiuQ8w+Cq6rno2Ty+DUL8nnSfIQynJkYLe5hZsJMeCWzSizLyBnVqxX3Pi0+eYEYOUknPojlOaI5oVwJc/mHKU+VshKRI4TyKMyxA7pJGJLsdYf7KnGah9BJtjKfZ8N71bjoQPfkCbePgePK1Xj9fZRQvgpcpM7Rc52l73Gf64GrzMv3b0Mua4BSuSJXlwbT9/xfJWknYqaufboKBXSNi6ImlGtMH0KdcTZCeRRXUcamtW82Km0a3XLSPabxubyIoABKadolEauTrzOt+V/j/JhWQrlCSBVlsLxlRbQ5UTgAg16PzTdv2N14R293j9s3bnD/zhrLi4tkaYJ3joKXQ5UMxeeEqRETSOPMIx7wYZwaOFYB9Tk3FwjlkkMrPpOYQBPYNOuC8tjnSufMezJ1qIUIoY3gsyxYCGvwGI6iKNhMeEURrIkwEoFaskzJnBJFDRDBS353CYS3SiCVC6I7cKt+mINKEKIWH29ADaIGsOX1vIBYg4ljNp49wyUDVldX+OLxY27cucPyyio3b9zg9s2b7Gy9Y39/j/W36/T7fZJ0laXFRay1NOJGEAUruVo5nzSwIZ1KhXJhdbG/v0+v12Nvb4/Xr1+zu7uLiPDwwQMeP37MvXv3uHHjBktLS8zOzpYGzt4PC8kkD+WCUK4
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6bf451-38c0-4d13-8875-4ea5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:59:13.000Z" ,
"modified" : "2018-08-09T07:59:13.000Z" ,
"pattern" : "[domain-name:value = 'exchange.ir']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:59:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6bf451-eca4-41be-8a8f-4c08950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:59:13.000Z" ,
"modified" : "2018-08-09T07:59:13.000Z" ,
"pattern" : "[domain-name:value = 'webmoney.ir']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:59:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b6c0839-50e0-4a66-b03b-3d3b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T09:24:09.000Z" ,
"modified" : "2018-08-09T09:24:09.000Z" ,
"first_observed" : "2018-08-09T09:24:09Z" ,
"last_observed" : "2018-08-09T09:24:09Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5b6c0839-50e0-4a66-b03b-3d3b950d210f" ,
"artifact--5b6c0839-50e0-4a66-b03b-3d3b950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5b6c0839-50e0-4a66-b03b-3d3b950d210f" ,
"name" : "tyrant.png" ,
"content_ref" : "artifact--5b6c0839-50e0-4a66-b03b-3d3b950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5b6c0839-50e0-4a66-b03b-3d3b950d210f" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B Z w A A A O q C A Y A A A A Y J J A i A A A A B H N C S V Q I C A g I f A h k i A A A A B l 0 R V h 0 U 29 m d H d h c m U A Z 25 v b W U t c 2 N y Z W V u c 2 h v d O 8 D v z 4 A A C A A S U R B V H i c 7 L 3 p l y M 5 k u D 3 M 7 g 7 y W C c G X n W 1 V V 9 T + 92 z 460 K z 0 9 v f 3 / v + l J M 6 s Z 7 R w 1 X X d l V e W d G R f p D t M H A O 7 w i y S 8 I t j 5 + o 3 l i w y G 0 w H D Y b A L B o P Y q t L K K t e s + e e v f u K f v / y J 67 J C K z C a k R U F W Z a D Z G i l 2 M o C g i A A I A I C i m J t h b U W E c D / W L U o I C Z D B F Q B V Q x C b g x W F V Q R / H c o W A U F V a U o c o w x l F V F Z S 1 W F Z M Z F K F S M F h f 3 m I E j B i M M V g M l Q p W M 6 w Y V D I M k G m F a o U R S y 4 V u X F 1 l O U a E Y O Y D K t S / 6 x N T i m C W n X d B U Q V I 4 I R E 7 p Z t x f A i K D q + o 4 I Y g Q R o V L f f m O w Q K U W A S x K S Q X W Y h Q W J i d H M J U b J z G C G M P a V p S 2 w q K o c e N e C a j / E R S x F l N Z j A W D Y L I c M Q Y V A X X t H A M d + E 4 Q w l T v D t 0 C 2 v o 41 A R J x j E B N v T 9 V k F S E U 3 t / B 7 w T B g z n T T Q d 0 8 A 0 z B o W k E F T c a U P l 5 S M 9 m f C w 3 u o f U / B a a t 5 U T k O r H v e 1 u b q d B u V 5 g L 2 d i E x L Z N n e C 9 D E F a 25 y q s A e e M W E p T 6 K w S Y t m X w I t B a b K m A m j N k E v i Y v o L u s h m V / s C 9 L H e a f + d r H c v S h j 2 l z u C / 6 K d L l J s A / 63 x M t T 8 E z W T d L w D G C o l 3 N L n V u a + v 7 S m P w / s q y c V t 2 e N 6 m 0 O U A m t 1 K / U z Y w S 6 f U u 17 y 8 u n g J B i I 0 2 Z y y l q + T S / z B R 4 X 3 n G n u T S J F f G P s b s / d R L g o w N 8 l l E U J T / + t t H / P G z c 3 L v A U Z E M I B B M Q J i D I X k q I C t S q p q j a 0 s t n L V G m P I s s y 1 R 0 A y U F u h 1 n o n s Y A I Z a V U q q A W A I M T p E a E L B P E q v v K O 3 F d Z Y q q o l g 8 Q n J j E J T S q q s b Q V R 9 B x 23 N I h r O 4 r x q o I Y h 6 s C j P q + e c + 3 V i V V Z S l t y e r m G h G D y X J M N k N x b d e 5 Q U w B x r V P E L C 2 H l 71 g 5 o Z w V p L V d n a C S 8 I G B P R r X M 8 m y w H l K p U E M G I Y i j d + F h F t U K 9 o 9 k Y g z F u 0 l C L i k W M Q Z x 3 H a u K F c W G s T U G t a D h m f j / R B C 7 W e U a U q 5 u w 7 H V Y q g j f D J V S Z v U j j 0 o j w F T O k y x 7 K a 0 L b H M F P + B 2 u 0 v 3 Q a i V A w T 5 j K 5 L 2 H d p x a a I E B u Y 83 E a / O 2 l m B 6 u y b Q 8 i Q t f c q a 2 d d O m H S e b K e H 5 H H e y 67 e F E j c 1 A F 0 D 85 m m D L G k z E l v p 9 O y 9 M c j v u Q M e / r u t y P X j I N p j r P E g 2 I 95 b + 9 w X v p y 43 y U k x Q S 7 v B w 8 k 938 S L Z u k 96 f 1 P 10 v u z 1 Z v + 2 d 9 z M Q Z L o t s w / o 6 G V b 9 e V 0 X X 4 v M h Y Y C 2 o I 1 d 3 W D L y / M n M a p N h I k 2 z M P a 3 L v d h l D l M a l r 3 p p W n l d F L 396 f L p g z B F D k + d V 5 E p F U 2 C k 8 m j z 3 R Y o Q s M 8 x E y C V n k c 95 + f o N L 1695 s W L l 9 h K M Z J j 8 p z D o 2 P u 3 b v H w W J B n m X O I W 0 t V B W S C Z n J f G R v R q b W B S O p X 1 w K R h S w i N r g t q 2 d w Y J B D I g U L k o Y R Y w h z w t m Q h 3 p L O q c y S I Z o s 4 B r Y B a d Y 4 i M R h x g V D W W r A W x Z L l h t X V D W 9 f P e P i 7 S t u r i 89 j g x j c s T / I D n 5 y S n z o 2 O O D o / 8 B F t M 5 g f Q O 8 o F d W X U O 3 j x T n H J U I L z 3 D 0 H p b I l C G Q G s t x F f h u t M C L k I m Q W T G W h s q i W r E u L t R Z r D H m e k c 9 m q B 8 H f I S 3 q m J M 5 p z u R p H K I p U 6 j 3 t N D J u d Y c O L c Y q T r k 2 o 3 X r / U g L p / R a E + 3 F S 7 g P S F X t 4 f x V O Q 9 o 4 T 3 U E p z P 324 h I j t t 6 W + s j V V D t T + F + X 9 d M v 11 h T M b G 8 v 3 m Z Y k w o S s u w u P 9 H I N p 9 L 8 P / p 8 O 6 X T 2 f q / L l i K 8 k 17 y P k b e w T S D c 1 q 5 u 4 f 3 s U 1 T Y V / 0 P w H L p L W c t u G + L 1 k + j Z b T 35 d J J x z S 8 A y N 2 T Y Z s h / 5 //N57E5Y3lM5Dn0de7vM2JfzfIpdDjGfuSu7/K9r/vVObKQYpgVC7QPP+2ov7Uf1ny5j3r8I5yl9qTNSJJUZ8X/4Zzm+HSLOSZr56GFUqdZrnj/7ia+//ZYffviJcl2BTztx7949PvrwYx4/esTJyQl5ZjDkVJmQG8ElvQjR09ROVyU4PvGpKdwD8RFLAhjjUlWgikvV4Zy0lbXOySqCyTOyIndRvaiPdnZ1qQGj4lQlI64l4lJxuCjliqvLdzz9/jt+ePoNb16/AixVpVgV8mLOfLHkYHnM+Ucfcz/POTk6xBiwlfXtE/BjJgJohRFFMqn7LEaoKuudweJSbfjUGihkPmobQkoQn6ZDmzQhIq7NlRjUWspVyc3qGpPn5LOinmBpbRwYjAqivq3i+i9sYzoj52qSCHVc4Dao318BcyswmX8kjvMUrruXyMApDPf9pAmZFH1HYpm/bOTJ7a7L9PGafIgilZanzGXyupwCcQhF/EFrudiDZAVCe6h2gvfVSRVSRN05nvq/HWHDnG1Eklomlf9PaRfT5v+9XJeBWPplxvnfnpzNU9dY8jino9gL7IXHToE96VgT6H96ppe71TGDDZYE763uO1Uv+/m07Oy08QjrSc6QSd2fUmhP+l8SjNm222CTLTvkWJmCYwJMoGWnMg3Iv9aHn9kB3RPP2Af4vrRaduv68DS9fLrj+/3js4HXpRVKe33a+k9nTDKB/2mNK61EGkxjsumHaKVBF9FB+JQ3bVCMKLkRVC3las3F1Zofvv+Or778kmfPnrNel1h10cKv791HK8tiPmO5XLA8OMDMctRabLl2i9Wn60DV5Wr2HTD1Im6ctwbBWvduZgyqLl+0AKoVN9c3vL14x9X1NQcHBxweHVLMjp2jWRVs5dJPiIAxqAqVOgeveg93ZgyZEcqbNVdXFzx79hPffvsNz378gfXqmovLa25Wa46OTjm994DzB48ojo+49+Dcpb0QUCwuRFwRUYq8AGC9XrsIZWPw6Z4xolgsgiWTnCwzIMLN2qUJyYygWCpbgZag4qJDK4tYxSjkeY4Rlzrj3dUll+/e8erdGw4OD7n34AFSFBgfUaoaxL3x4+zTgJhABFtSagytlUk7aaPfDH43LVJz2qJLY9Q/w+BMQDOp/zJBFmhqoQlRt8kluJ1Q3Z1gmP62lUmey04kwa5okmCSLjBeYCy6rxsVsROWKX6t5NOuafPSIErBscf4xqhdzVzcpmLrjzlNmZs7twXSlaGpfZkCaf1Pb1TDM9LQ3HW7JsGk/TlJ9qC5TEdTjvwN4x/USyZFq0yDvcny99Sun6wE3TFMyMJw93IJko36KSoJTJTlqf7mffC/SXtaE9b/tHPYI3bRtgjrbW3r8LV9zMsUHVv0znWMSdMyqmO7h6Pf7SPvfypZhgCGke9vL7p5Ivt7T+VSrYnfWQOn6uVpiRvffx/DlMWZ8v4Ux3l6kSmY7KS5SeSzUzf1pwxbHfzrqDTmvbmLkHWRxG6nUVnfXPPi2Ut+/OYpr1++5ORwyaeffMLiYEmWF9ysSlQhyzKsrbi6vOBg7i4XNHmGyQzWX3BXaYisBRcd7ReKgrWK8TmWxYp3yHp+rSAzl75jtV5xdXHBV19+wZdffsknv/gFH338EYvlAbMiI5OsztVsxCCZu/hPLFQIFpd+Q317ELh/fs6f/vaP/PY3n/L82Y98/q//xjfffsvF5RV/97/+Nz7+5DNOzs4pDg+ZHy0xUpFJRl4EDVTBKkKFiDDLgjMdDKa+NDArMiBDAZOJJxQXWG6MYV2WhOjoIsuYZblL+2wVY5VZUaCqXN2sePHsJ778+mu++e47Hn/0IcvlkuXxCfk8R/IcrXybHHK0cvOc+YZt0uvHQuFv956pYSYhtWNnAtNJhP2kO0jdFZuwYT1JsUvFEWD3/kv9/1173KfANMGe9LbbIUtFkm7Z3vaYjXRT9jU3yVupcNfrcn/+pt03wral2til7F8DvM99ST9SyjSD430cgsnrMrEzZpqXKl0v2c8g7ydX8vtIMODG/455+SSYqmPtoS+J4yUadMwUXLdzT8SOqJJentAVkjfOAZdSbXeYGjwzeAp5Q1275X3
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b6c0849-8d98-4751-9ec4-1a6a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T09:24:25.000Z" ,
"modified" : "2018-08-09T09:24:25.000Z" ,
"first_observed" : "2018-08-09T09:24:25Z" ,
"last_observed" : "2018-08-09T09:24:25Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5b6c0849-8d98-4751-9ec4-1a6a950d210f" ,
"artifact--5b6c0849-8d98-4751-9ec4-1a6a950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5b6c0849-8d98-4751-9ec4-1a6a950d210f" ,
"name" : "wannasmile.png" ,
"content_ref" : "artifact--5b6c0849-8d98-4751-9ec4-1a6a950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5b6c0849-8d98-4751-9ec4-1a6a950d210f" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B a A A A A K 6 C A Y A A A D P S v u 7 A A A A B H N C S V Q I C A g I f A h k i A A A A B l 0 R V h 0 U 29 m d H d h c m U A Z 25 v b W U t c 2 N y Z W V u c 2 h v d O 8 D v z 4 A A C A A S U R B V H i c 7 L 3 Z l h z J l W W 5 z x V R G 3 y A Y 0 b M S T I r W Z m 1 + q V f u j + D + d v 9 A b 0 6 u 3 I q M h k M B g K B y S c z U 5 V 7 + 0 F E z c w d C G Z 2 d 5 G B q i U 7 l g f g b p O q q N p a h q 3 H z 1 V E B J 1 O p 9 P p d D q d T q f T 6 X Q 6 n U 6 n 0 + n 8 d 8 Z + 7 g 3 o d D q d T q f T 6 X Q 6 n U 6 n 0 + l 0 O p 3 O / 5 x 0 A d 3 p d D q d T q f T 6 X Q 6 n U 6 n 0 + l 0 O p 0 / C / l j P 1 y v 12 w 2 G w A k A X D c 1 C G J 3 t z R 6 X Q 6 n U 6 n 8 + f B d P x d + y x W b 0 H S / u s u T k Q Q 7 Z 602 / f 386 j P F B 9 + v o s I 4 u h h H 3 / + + X 5 x 5 / s 7 W 3 r v c V F f j D h 6 q v 1 r 7 l 8 s 6 n f z c w W Y q / 6 I o / s e 7 c v x P p o Z S S I d f 1 a N e V s M m a G 2 h g Q o A o + g E E z 68 P N s R B A e R P g H + 2 e W 6 / N J b X n b l k T g 7 v t t E y A T J t X v A v D A E K m t 0 b y W B Q i j H v R 5 / 8 a y X 4 + 6 / e 3 z 99 F r H R 8 L S f X x U W 8 P 5 r P m c E z S 0 b F x d 0 o 4 B Q c d 1 l W H l T q s x d G 5 Y e 0e8 / Y A x N G 5 d P / f C w h i P r 7 M h 7 k + X 3 z k 9 Y j 5 v P j g s H z 0 O H W O E f + h h d t z d F w 6 n U 6 n 0 + l 0 / n 9 w / P l / u V z y m 9 / 8 h t / 85 j f 8 / d //Pcvlkoj4uIA+5mMf7voHvk6n0+l0Op0/IzpSSQExi7r2ww8F8UESzndSUIVmtJ9Id6QkTZTWz3WBdNCWH1NZosrGuBdE+KnPhbMMr8+l/TPP2ktH4rPey4m2rUlW5WU4HvGnNVkTnbr/M5r8jJgXoy3HvL9gsg/2RUfr+OErB2pHY96vWfmb1LZf8yZB6I70P97Ged+NwH9y16rEno93zGsx/137EwJhTfQHhO9f72MXLGY5f9ir4yPPfs+E8LbPdVvVjs3hfKxu/bBSce9ZFfNKzbfNFxw+XIu7C/TxNen/DvkpulDudDqdTqfz8/BTn8/mgIakf19AdzqdTqfT6XT+suwTrx/5LPexZDIcpYTvPc/9Zz5++EEHz6nZaHLxrsxSjcm27jbh9+RsRHyQfI59qlk1ObsXxUcSmiafY1bV9/ZxH50+JLX56P7PSerj9ZilZlWo0pHoVRxp5CNZfteL7gXz0Y5CVFmv2XrHQSwffPD9bbx3IHX4i2bpHQdBe18czxL6joxXfSxz0lu2f/x8H9O8F/eXa5bTqa7pB+llqGn7KsjnbTIJk7XbdWd775ysOlw02a+yZgkdePiHa7Jft3/ngkOn0+l0Op1O55Pm/m9b/qSAPk5ZfOw2M9v/6l+n0+l0Op1O578fP+GX/yT7T2R2lH7+6JMf3bfJzDv1GE0S+t2HVL9rQiSEYQEeTqHc2/ZjYVyfP8lISpjpKPVchefddHPab0ttkjjcNqdn7ySmdUgVS4AZs8WNo53yex0P+xRuBPgsyvc78MHn4EMNRbT1C1qo95AgP/pwfZDnd/K+bT9qVUZNH8/Z6SqS693v1m7MJ4PPx6vVb/jx65lhMkxp/7oRtn/2+XX8WDADmEjJKKXc2de9NG4VIsdpeLW10p3z6Hh12Z8wVYoLo12caGt6/A+SORXz/4ZeBdjpdDqdTqfz6SOJlNL+s99HBfT9DrfjB/+p2zudTqfT6fzPycdmQnT+fOw7eTUnhH/6vnOFxvFj50TqncNVbeleBM4PiYM13KeTj/5XpXRL2NYss7VqCyE3aD3C+0jzwRZDtN7jqq33KWhaClZz+rZtwpxArsK0/vBusvte3UYIQkclERxJ9kM9xV7Expxortsmv5vynkXpLDmrtPXDytQY8H4/P0wcz2vVwtLuB4MfVVzPzwiH+o4Pj7H2jzs6FHi0EpCIO9vKUS1GSBDeXPx8kO/littj6y4d6k6keR1mqX2/E7oQ+D79He15j6tB6h+2T24f62sdSej9n0enThxv5V5kc5fjlPq/8++VTqfT6XQ6nc7Pw32H/JMC+qceCPx/Sit0Op1Op9PpdP4DNHmr+e/AB35yvuvxQD+OHrevhjiqyfAmQI9rLOL4ie+avrsVCtZE5fyMYq5oCAHhLRXcdGIzsJLqQMD2iEMSthxSzsefO+MgaGehGa3G43hQ3gfr5TXpfOe2vcA9bPOx4FTcTYqbNYlrdriDO9DSyhJmUV2vzet/lCBv+2amw2Ps2D/Pqe9DH3L4h+s+79KdaPp8/33YutWz6NBIfSzhY1/fMl9E4Oj7WkcSTcjPx3dOv2tfs3GQ1MQhRV0LTQ5rvL+WsV//Q4r8uGd6/5D7SehDJv3usTvutz6udzmuLNkvygcv0+l0Op1Op9P5GZk/488NGj/ZAf2x6ejHt/VUQafT6XQ6nc6fgTlgqypMNdvnfSL0/gDCSrSEs98TvneH7HHwnXsBeAiSzgP05u/2ElhGyJhN+HHq9VjqHqdg5/1wh4lAeJPRas44KHOqmFlOz883q+95uF8chLaqDp8fZ/NfPI5e97BmQi0VHM1V1vubgtRaO/bC886aHKo39uvQ5LPP99o/7rD/HhxE/NFz7WszOAx/PPRkc5C9R8xdy/Ozz2I+9rfNSfEgzZL7eNv366uDbVcQZvuNVXuh/bDD+Rzbv+osq6t8DkWTwu1522khpwrto+eZc83HxHyBQoYiMMU+5R37bug5Sf3xAYpzGOZwMeVDCd3/vdLpdDqdTqfzl+dOfR015PEnBXSn0+l0Op3OTBc5nx53QgKzCA1nrpiYKxRolQ1+LGhTTemGz3UNsU/UHuRiu3urd0BG1A4IYk7Qzn7xWGpbE4d7PS3K7BznzUSEzSq2SUY7CNh52KGalHSvaeRZPlvrSJ6FuY4FK8cVDbQUNdyv6kiCwQ5DBsMO8rkwy2paKrolo+VVwM67C3W75ygwVNEcc36c1nMde2lc+6t1OF7OcbS5Pm9LYR9E872LB/Naz1+mO3c86O/5gM+r6tzxwk3gzhcr9oMVuVvfEvdfTwatI9q9Pa18n+jWvnpD++1pz7r/f11Xavp6/lnEfDp+kAs/Dsd0udzpdDqdTqfzPw5/cgjhn/pQ1z/wdTqdTqfT6fz52H/WiuNU6/7We6nmauvU/GINvdaqiJSsSdxgmjWfhKXazByW2q/FVcn7U4nT/WA+eUupqrVsHFcp0Oop5vsDChw71EnsZSkQqd3fsPY1i3DN9jfAixCFebBgVeeHxK7tv1rtRdR09SF9cah5mKVoANnEoJrICNUKjxoKDuTlkKQ2oZRIOeE+4T4dHSmBWU1h7+XpUR5cc9q73ftoX+u2GVGcKKWK6qhKPpnd+Tx+X7ruk+D750sYqSWt/SgN3k4M0bbCqqi/V2lxzNzDfedn8zlhCTfV12s1HXJqvYvXiw+xb+qbLyjoTlp+fvb9eWV2JyUeOFH8J2s17qdq7oj7j/xmQKfT6XQ6nU7nL8fx59TjAMF/uAO60+l0Op1Op/PnZU7zWhwqDMq+7iJagjZasrkJt6hON0F1fq0iIgHJW2WBDNLc82vkIkoKplzIYx0mGCbU+nUN4RKF+vdQMJmj4uAFb0laU31MtHoIC8OidkOXCIoHEYUUYqEE4XgRYwoSsNiL24lSvM3SE4lUSzsEUbsdSH5I6gaON/FcsLqdUTjUXsxd2NaC0dFGCbZ1bn8GMNr8OiI5pL30hYJXee5BTLUuIonaOR3Co8r0kAMTpaWsE4lkQbLC1BLg4XWtzAvz5QCfDx5gbticMC8OClLUygtJJNXUuCPKXM/i3sLTc01KfX1PgBfkBYsEtIsHOcAglZpQdxUcQSSS10GTdXuCMMcVWKnR67AM5shKTW63PhJFFfAKMbnXnuj5Vy5p556BWr1GEOCGvMrrZIFsvsgiHGOa8/NBGxQZuKjb1pLyRj0uvq+KqV93agT7P2k6nU6n0+l0fhbuVzn3Co5Op9PpdDqdT4YmI2cBLVHmegbNlQxN7s3VECESwdBqH1xiVGCINCdQZXUQndXkswoQI26lylJSvc0dRZAQU4hQ3RaPoETBcBROiamFa40U2su
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b6c34a8-61f0-491d-87f5-7840950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T12:33:44.000Z" ,
"modified" : "2018-08-09T12:33:44.000Z" ,
"first_observed" : "2018-08-09T12:33:44Z" ,
"last_observed" : "2018-08-09T12:33:44Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5b6c34a8-61f0-491d-87f5-7840950d210f" ,
"artifact--5b6c34a8-61f0-491d-87f5-7840950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5b6c34a8-61f0-491d-87f5-7840950d210f" ,
"name" : "blackruby.png" ,
"content_ref" : "artifact--5b6c34a8-61f0-491d-87f5-7840950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5b6c34a8-61f0-491d-87f5-7840950d210f" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B H w A A A N 6 C A Y A A A D 8 d l 68 A A A A B H N C S V Q I C A g I f A h k i A A A A B l 0 R V h 0 U 29 m d H d h c m U A Z 25 v b W U t c 2 N y Z W V u c 2 h v d O 8 D v z 4 A A C A A S U R B V H i c 7 L 35 k 2 T H k e f 38 Y h 4 R 95 Z d x / o B r p B E O A 1 H N L W t N o Z S W a S z O Y v 1 p p p z W Z M 0 s y s N L I x L s k B D 4 D g B a B x 9 V l d d + Z 7 E a 4 f I l 5 m 1 t m V i e 4 m h H l f s g p d m e / F 6 X H 4 N 9 w 9 R F W V F i 1 a t G j R o k W L F i 1 a t G j R o k W L F t 8 a m L 90 A V q 0 a N G i R Y s W L V q 0 a N G i R Y s W L V q 8 X L S E T 4 s W L V q 0 a N G i R Y s W L V q 0 a N G i x b c M L e H T o k W L F i 1 a t G j R o k W L F i 1 a t G j x L U N L + L R o 0 a J F i x Y t W r R o 0 a J F i x Y t W n z L 0 B I + L V q 0 a N G i R Y s W L V q 0 a N G i R Y s W 3 z K 0 h E + L F i 1 a t G j R o k W L F i 1 a t G j R o s W 3 D C 3 h 0 6 J F i x Y t W r R o 0 a J F i x Y t W r R o 8 S 1 D S / i 0 a N G i R Y s W L V q 0 a N G i R Y s W L V p 8 y 9 A S P i 1 a t G j R o k W L F i 1 a t G j R o k W L F t 8 y t I R P i x Y t W r R o 0 a J F i x Y t W r R o 0 a L F t w w t 4 d O i R Y s W L V q 0 a N G i R Y s W L V q 0 a P E t Q 0 v 4 t G j R o k W L F i 1 a t G j R o k W L F i 1 a f M v g z n 6 g K I d H h / z s F 7 / g q 8 d P q d U y G N 8 g K 0 e c V I I L B q d C p T X B B D R T 6 l y Y O s s h G Z 88 P e T j x / s 8 D z A x E D I o D k 4 o p z W l M X S A r o H 1 X s n G o M v G s E e O J 8 e T B c 8 X n 3 z M H 373 O / 7 t V x + Q d 7 p 8 / 0 c / R I C D 5 / t 8 / N E f G Y 3 G j N b X + O z R V 6 x t b f D j n / 6 E n a 1 t u p 0 u R / t H / P 4 P v + P B 55 / w 5 r 0 7 n E y O + O O f / 0 C e 5 + R 5 g b M Z G g x V F T g 8 O M K 6 n O F 4 n e F g x M n x h N / + + j c M B w P u 3 L n D u + + + S 7 f b 4 e T 4 k F / 84 u c c H x / y k x //FWWny+HRMb/97W/p9/v85Cc/Ic9zvPc8ffqUL774gidPnrC+vs7u7i6/+93v2N7ZZGNjjX6/z+eff87u7i5/93d/R7fb5cGDB3z44Yfs7u6ysbHBkydP2Nvb4/vvvcetm7cYjUa8//777O/v8/bbb3P//n1u3rzJdDrFew/AP/zDP/DbX/8aP61AhX5vwH/87/+Wt9/+Dpub2/zmN7/mN7/5Fe//6pd8//vf5af/4a/JMuH9X/2G/+0//xc217YYDdbpZF1++IMf8KMf/ZDN7TU+//IB//Kv/8JJVbG+ucl//E9/w+H+Pp/88U/8+v330dpz+8ZNtm7sUAXP+7/9NUW3w/b2Drdu3kSrmsdfPSTrlgQjHB4e0ut0WV9b4+7duxRFwXQ65Z/+6Z948OAB29vbbG5usr21xd3bb+Brz1dffcWHH37IkydP6PV6vPfee7zzzjsAfPTRR/zzP/8zW1tb7Ny4wa27d/nD73/Phx98yKA3YGN9g52dHf7tl+8TFP7n/+V/ZWNziyzPAXjw4GPef/+/8dc/+AHDXocPPvg1H33yMQ8ePkRsxq2bb/DDd7/PGzs7HOw953//L/+Zx892qRWybod33v0u/+lv/5bf/+YD/vjhR3zyxz+xc+smb92/R3c4oOx2KIoCNPDkyWN++ctf8uMf/5i/+Zu/oShLPv30U372s5/R7XbZ2dnhxz/+MQCPHz3i//1//oUwrRj2B/z5T3/CWMt33v0uHmUaPEHAWoMzlno6hRpyHBtbW2TdkgdffUmn12V7e5u93V12nzzl8aPH/OSnP+Xd771H5Ws+/eRTPvzgAx4+fEieZdx/6x5337jN9sYGzjo++O1v+dnP/pXheEzZKQE4Ojnh8PCQvb09+v0e6+trfPb5A/r9Hj/96U/Ze77P/v4BeV5wfHzMwcExd964i3OWh4++4ue/+Ff+/PEfGA66DIdD+v0RvjZkWclgMODdd99mbW3IR7/5iK3NLd555x1+8d9+zocffsgnn3zCm3fvcvfOHbplh04n/mRZxmePHvPPv/gV/8P/9D/ygx/9iK8ePeTB55/z6PEjfvRXf83t27fplCWqGic+5wiqBFUEkNOTICAIkv49/170zLNXQCS+b86m/wIoil/ieVL6MZ/r59S0xTIIAsgStVFdqs0gNrkunc/y7RxQwhLPQ+z/q05JZJkyX4JV+n+1+qd2XgKG2AZLFCu28ZICsPyYWT6fF/XlXxrLyNJKY5nl+39ZCMvNmaviddQForyYVzzHrjRmXhNWHTOLsvyiNvk21n8ZrDSXAfYlNdgqMvsivIx18Sq8ijL/pbCq/DdtPG8LZbaBvSif9JyYuNVa7CMR4dGjR+zv7zPo9THGEEKgDh4NAVTJnMHXE7784jOsKKNhn9s3thn0O6Ah7kklgNQcn0zZ35/w+NkRKhnj9W1q9dShBsCIYDSu+icnxzx7/oTRaI1up8v+/j5FXtDvDZicnABKUeRYI6Ceo6Mjjk8O8PWEH737LpOjA/7r//2P7B/uUfspmXHc/847fPcHP+DffvcRB8cTdjZv0O0OyVyHugpMQkVFzbA/xgWl3ntKQY0e7vPVBx9RHD5ijT2mTz5Hjg4oVbBe0GA4Ecdxd8Bhb8TndY3d3OL+D/+Kd77/PW7duQ1B+ePP/o1f/f0/Un/+OfnxLsNiQsZzct2nUI94g4YcU46pyyGH3SFfuTHTzTu8/Z/+hnK0iVdHJcI0s0y7OccHRxw/fcrx53/iP3z3Tf7ub/87xBjEXC445wgfaOSsEZYQBcIKxgsBqFEUA1bBxe2pEaFXZHSdIQs1cnSCEHCFxU2myKSmDoFahOAsFQGfO6z0IUTBy2yGFYuoodcfsrG9zXfe+S5WDLtPn3G8d0hRFHS7XdbW1nFZzqOHj+n3BogaHj96zO6zXaYnUzp5F1Spp57nzx7T7XR5773vowF2d/d5fPiYwSDj1s5NBv0Bde0xqmQuYzwakWcZVoTM2rjAB0VVscZSFgWZc/iq5tmTpwyHQ7z3PPrqIYf7+2TWsjYaMxoMKbKc0WhAnjuOj4/RWsErfuo50WOePnqC1oFO3qFXdpl0TpAg3L3zJjdu3MBay/r6BnXtefr0GWtru4zH63hfU9ce72um04osL7i1c5M8L8izgslkwvO9PTa2tik6HTq9HjbLyMsOnW6P6fQYYx2j8Zg7d9/ijVt32RhvcvPGDt1+j6BKVXu8BlRARfAKRVmyubXJ97//fQjKeDhEjGHv8IDBYMjWjR3efOstxsMBz58+48vPv6A0FmcdE5mQ2Yw8KyBA8EqoA844Rv0hb915k83NLYbDAWicdNbX19ne3qaqKnZ3d3ny5Ambm5t0Oh2899R1jYhQFAWjwYAiz1FVXOawmUUFgkTFPhDAgNg4eYk1ZHlOUM+0rsAI/X6fm9aytrlN7gq++OILSmvRUDHo9xmN1xmO1+mM+pT9Ho8fPaKeThn2+3zn7bfp9/sULsMoOGPod7sAnBwdk7scg4EQZb3fG7C5vsn+wQH7ewfUlSeEwPHRCXvP9+hkBYP+kG6nh8syttY38QKH0xP2DvYJXkGVwpUUZU4377K3t8/+w4d4A+ubm6ytrTM5muBcTll2MWKoq5qAMhgMuXfvPuPRGBHYWN+g1+uTZQWqgdr7KFtZxvr6BuPxmN//4Q988fkX7O/tUeQ5mcuoJhW+DPR7A0INdRUQEZzJyLMaawRVJXhPr9PjjVu3+e5377O5tUW30+fPf/6Cw4MTyqJDr9un3xvgsozDoyO++PJLAsrm1ha9fp9Bv09eFNjMUXRK+sMB1lrKvX1yhJO9Ax5//gWffvwxYgzv3H2L7dGIrrUwrchdhrWGUPs0w80pksU9yXwObP4TPxFV5JJFVJDTi3RaUJfdighgFjYw59I9lfxC6iJL5SaiVz59EXlkAAnXz2Oh6ZaCwKz9lsprCVguWQCvyuOqulzcTUQKh2sX8Gz/XxeXle0yEvAUqaKzUl78/kISalgYGno6/eafC9/bU/tOuZjHO5v/CgqCVb2wjS8dP3J5nf/SiG26zFhePg8DS4+xF5bjgrZ+He3srtZtXh5k9ut6j69QdwNnxsyrwjXH4tmvL3hHFn5f/OXCena
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5b6ab236-9b58-4bfa-af84-4320950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T09:04:54.000Z" ,
"modified" : "2018-08-08T09:04:54.000Z" ,
"labels" : [
"misp:name=\"microblog\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "post" ,
"value" : "Cobalt Group and FIN7 Recent Malware Campaigns https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf \u00e2\u20ac\u00a6 All IOC here: https://otx.alienvault.com/pulse/5b69d37292f5ac2b98346cf3 \u00e2\u20ac\u00a6 #Fin7 #Carbanak #CyberSecurity #Malware #cobalt" ,
"category" : "Other" ,
"uuid" : "5b6ab236-fe24-4203-beb0-4bb8950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Twitter" ,
"category" : "Other" ,
"uuid" : "5b6ab237-ab54-4d39-9253-4fb9950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "url" ,
"value" : "https://twitter.com/Bank_Security/status/1027076295803453441" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5b6ab237-d198-4622-8944-49d7950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "link" ,
"value" : "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5b6ab238-fad0-4688-bdf0-4a6e950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "link" ,
"value" : "https://otx.alienvault.com/pulse/5b69d37292f5ac2b98346cf3" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5b6ab239-f07c-45d4-abd7-4650950d210f"
} ,
{
"type" : "datetime" ,
"object_relation" : "creation-date" ,
"value" : "2018-08-07T23:17:00" ,
"category" : "Other" ,
"uuid" : "5b6ab23b-8bc0-4ec6-99b7-468f950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "username" ,
"value" : "@Bank_Security" ,
"category" : "Other" ,
"uuid" : "5b6ab23c-3940-4bbd-adfc-407d950d210f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "microblog"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab3aa-1558-4434-8acb-406b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T09:11:06.000Z" ,
"modified" : "2018-08-08T09:11:06.000Z" ,
"pattern" : "[file:hashes.MD5 = '03c6601a7fef76fce7fb63c116ef5fb9' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T09:11:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab3b8-08e0-490d-be87-4168950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T11:05:19.000Z" ,
"modified" : "2018-08-08T11:05:19.000Z" ,
"pattern" : "[file:hashes.MD5 = '298774c49ee2a1e823f8049a34c09609' AND file:name = 'Details Acess.doc' AND file:size = '47560' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T11:05:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab3c7-1344-45eb-aca4-4743950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T11:30:33.000Z" ,
"modified" : "2018-08-08T11:30:33.000Z" ,
"description" : " Bash script to delete Registry keys related to \r\nMicrosoft\u00e2\u20ac\u2122s Word Resilience, set Zones to null, and execute the script \r\nnamed tCrrDqBQoCcEkbnK.txt using the Microsoft Connection \r\nManager Profile Installer (cmstp.exe); the bash script also deletes \r\nKbhpQIcahFCuZwq.sct and wipes content from MGsCOxPSNK.txt" ,
"pattern" : "[file:hashes.MD5 = '9c289f5db447ac00069b76ff5f8009d1' AND file:name = 'RaRaoVewkM.txt' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T11:30:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab3d3-bb34-4fd0-b76e-4ae5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T09:11:47.000Z" ,
"modified" : "2018-08-08T09:11:47.000Z" ,
"pattern" : "[file:hashes.MD5 = '1a2e7a9bc8b6e6f359b80173c1f3f42d' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T09:11:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab3e1-09cc-4bdc-9a16-494a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T11:31:23.000Z" ,
"modified" : "2018-08-08T11:31:23.000Z" ,
"description" : "Clean decoy file shown to the victim user" ,
"pattern" : "[file:hashes.MD5 = 'aab98b81b9f899183fd090c5f0fe402b' AND file:name = 'MyFHPeibBN.doc' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T11:31:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab3ee-613c-40e8-88d1-4a64950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T09:12:14.000Z" ,
"modified" : "2018-08-08T09:12:14.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b36782a9a2b34e8385702ec00cb85065' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T09:12:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab3fd-5094-455e-b3b4-4cea950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T11:17:13.000Z" ,
"modified" : "2018-08-08T11:17:13.000Z" ,
"description" : " Scriptlet that contains JavaScript to execute \r\nMGsCOxPSNK.txt" ,
"pattern" : "[file:hashes.MD5 = '05aa48a9c536ad644a2e91eddf2c0511' AND file:name = 'icWwJarxcTwcABh.sct' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T11:17:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab40c-9a94-4194-8720-4dd4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T11:42:04.000Z" ,
"modified" : "2018-08-08T11:42:04.000Z" ,
"description" : " Configuration file executed by Microsoft\u00e2\u20ac\u2122s Connection \r\nManager Profile Installer (cmstp.exe) that will contact the given \r\nremote location, safe.my-documents[.]biz, to download an additional \r\nfile named robot.txt, which is a dropper script that would then drop a \r\nmalicious DLL onto the victim system." ,
"pattern" : "[file:hashes.MD5 = 'e5614d2eec5d2b75c5eb26e059932f25' AND file:name = 'daQMTVvsBig.txt' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T11:42:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6ab417-4004-4d04-9548-41c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-08T12:52:59.000Z" ,
"modified" : "2018-08-08T12:52:59.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e7702f9585616283b6b412b06b274dbf' AND file:name = '10206.txt' AND file:name = 'tt.dll' AND file:size = '92160' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-08T12:52:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ae2ca65e-a566-40e9-988c-afd94662b78a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:00:27.000Z" ,
"modified" : "2018-08-09T07:00:27.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e7702f9585616283b6b412b06b274dbf' AND file:hashes.SHA1 = 'd69ad2135f06d13e17f12c7e18c738aa4d3e59c3' AND file:hashes.SHA256 = 'e23288695e01dfc34da6642e72f242dc4033d01bff9e5a78f36061f55093eeea']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:00:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0aaae123-be6c-48b9-a529-8423c78edcc5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:00:26.000Z" ,
"modified" : "2018-08-09T07:00:26.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-06-22T12:19:27" ,
"category" : "Other" ,
"uuid" : "76b19d50-ae82-4b15-890d-33b8798026df"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e23288695e01dfc34da6642e72f242dc4033d01bff9e5a78f36061f55093eeea/analysis/1529669967/" ,
"category" : "External analysis" ,
"uuid" : "bd44e693-7d9e-4b6e-9f53-2a95e038780a"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "37/68" ,
"category" : "Other" ,
"uuid" : "3da4c98b-e7ac-482c-befa-1e386c12473f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3d2bdce2-0a74-4132-9e62-ff7f6bb49d67" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:00:30.000Z" ,
"modified" : "2018-08-09T07:00:30.000Z" ,
"pattern" : "[file:hashes.MD5 = '298774c49ee2a1e823f8049a34c09609' AND file:hashes.SHA1 = 'e4c6120b824db8ba43abc1356dcf6963786206cf' AND file:hashes.SHA256 = '4e78b0218d8bd445fe7f53a3d7134b21ed02396e876663e7d3a9e16975a3dcc2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:00:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bee356cc-192c-41d8-a4cc-78db7e2abb46" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:00:29.000Z" ,
"modified" : "2018-08-09T07:00:29.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-06-28T00:11:29" ,
"category" : "Other" ,
"uuid" : "825e3f3e-c0fe-469f-8096-89309cdb52ee"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/4e78b0218d8bd445fe7f53a3d7134b21ed02396e876663e7d3a9e16975a3dcc2/analysis/1530144689/" ,
"category" : "External analysis" ,
"uuid" : "523deae8-2ada-449d-b4e5-7372edf3adcf"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "17/60" ,
"category" : "Other" ,
"uuid" : "86483ff6-cfd1-4d8f-8baf-1130cf8aa16e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b73de252-a2b1-4e50-b191-29e4730ad2cc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:00:33.000Z" ,
"modified" : "2018-08-09T07:00:33.000Z" ,
"pattern" : "[file:hashes.MD5 = 'aab98b81b9f899183fd090c5f0fe402b' AND file:hashes.SHA1 = '1db3baab58157e6a2b521525843facbc4d9183c4' AND file:hashes.SHA256 = 'ce6821adbd912da5a18313a98009cf37febe68064cc0b7a8a97f14afe35bd54d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:00:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0d7c23b3-5109-4ec7-a30a-bfde82cdf32e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:00:32.000Z" ,
"modified" : "2018-08-09T07:00:32.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-06-08T09:42:51" ,
"category" : "Other" ,
"uuid" : "cff583ab-81cf-4931-9e02-efee6e425688"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ce6821adbd912da5a18313a98009cf37febe68064cc0b7a8a97f14afe35bd54d/analysis/1528450971/" ,
"category" : "External analysis" ,
"uuid" : "afdf98cf-250a-4bf1-88f6-f32f02c67212"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/58" ,
"category" : "Other" ,
"uuid" : "d5961cd5-68c6-41ca-afbc-a28d59ebf020"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--75bde069-c661-4ecc-bb80-59a5e42b7df0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:00:36.000Z" ,
"modified" : "2018-08-09T07:00:36.000Z" ,
"pattern" : "[file:hashes.MD5 = '05aa48a9c536ad644a2e91eddf2c0511' AND file:hashes.SHA1 = '13b95e33a71c6c97ece9c31d4c4d965a8d6eef3e' AND file:hashes.SHA256 = '43ccb893ceb626f1ac76e2021b80bd33ba88fa7afec0b1422ce5a298245c1f14']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:00:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--28c3b8a6-fa30-4897-ba47-71b6e5cee2ad" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:00:35.000Z" ,
"modified" : "2018-08-09T07:00:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-29T11:07:55" ,
"category" : "Other" ,
"uuid" : "cc657ac0-6074-4d5f-bcb6-c36863415c58"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/43ccb893ceb626f1ac76e2021b80bd33ba88fa7afec0b1422ce5a298245c1f14/analysis/1527592075/" ,
"category" : "External analysis" ,
"uuid" : "364afdfd-98e7-423c-964d-4f13c2da48d6"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/59" ,
"category" : "Other" ,
"uuid" : "fd92c14f-d65a-4e22-bdb2-2245531803e0"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a2c4ac86-5ae3-46e9-8595-e2578538cde3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:00:40.000Z" ,
"modified" : "2018-08-09T07:00:40.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e5614d2eec5d2b75c5eb26e059932f25' AND file:hashes.SHA1 = '4c1dde9ca1ef4d2178c83608ced07a48fba11aad' AND file:hashes.SHA256 = 'eb612537d1c04226ceec5ee2a10800b3d6275b4c641e6b9a2e3671f1c6f2db46']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:00:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--758f58b1-4646-4969-a6bf-c413006a6b0b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:00:38.000Z" ,
"modified" : "2018-08-09T07:00:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-29T11:09:02" ,
"category" : "Other" ,
"uuid" : "ca6646a6-3c1d-4003-b04f-d1c5a63baabb"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/eb612537d1c04226ceec5ee2a10800b3d6275b4c641e6b9a2e3671f1c6f2db46/analysis/1527592142/" ,
"category" : "External analysis" ,
"uuid" : "5e2eadca-ed49-4233-8bf4-b891a8175a54"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/59" ,
"category" : "Other" ,
"uuid" : "3caddc2b-8ecd-4d17-8141-26f9ba1599da"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--00487172-a3a6-417e-80b6-0c9ae860ec04" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:00:43.000Z" ,
"modified" : "2018-08-09T07:00:43.000Z" ,
"pattern" : "[file:hashes.MD5 = '9c289f5db447ac00069b76ff5f8009d1' AND file:hashes.SHA1 = 'bf13df7c3b3bc09260616fa3f5a8597ece4f8f8a' AND file:hashes.SHA256 = 'd57ac96d0d8f2495d3d3dbfc14f258af1e768b577cae8e42038fd34b5877a04f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:00:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1bf1591f-a504-43e1-93e7-8af6576660c2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:00:43.000Z" ,
"modified" : "2018-08-09T07:00:43.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-29T11:07:05" ,
"category" : "Other" ,
"uuid" : "29b0df80-aa8a-459d-acb5-ccd35ba65ec0"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d57ac96d0d8f2495d3d3dbfc14f258af1e768b577cae8e42038fd34b5877a04f/analysis/1527592025/" ,
"category" : "External analysis" ,
"uuid" : "721fce41-86db-422e-a081-188ac8beccee"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "8/59" ,
"category" : "Other" ,
"uuid" : "6727994d-f7ac-4dc0-a235-7d00f34d7d4e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6be6de-7464-4d89-b7fc-400b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:01:50.000Z" ,
"modified" : "2018-08-09T07:01:50.000Z" ,
"pattern" : "[file:name = 'MGsCOxPSNK.txt' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:01:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6be6fc-67ac-4106-b483-451d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:02:20.000Z" ,
"modified" : "2018-08-09T07:02:20.000Z" ,
"pattern" : "[file:name = 'tCrrDqBQoCcEkbnK.txt' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:02:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6be73f-c354-4007-a8c1-46d9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:03:27.000Z" ,
"modified" : "2018-08-09T07:03:27.000Z" ,
"pattern" : "[file:name = 'cmstp.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:03:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6be75f-a370-422e-8da5-42a6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:03:59.000Z" ,
"modified" : "2018-08-09T07:03:59.000Z" ,
"pattern" : "[file:name = 'robot.txt' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:03:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6be777-e130-4d61-a2e9-4890950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-09T07:04:23.000Z" ,
"modified" : "2018-08-09T07:04:23.000Z" ,
"pattern" : "[file:name = 'KbhpQIcahFCuZwq.sct' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-09T07:04:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--d5cdedbd-c433-4023-b29e-aae441ce5603" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-08T11:05:16.000Z" ,
"modified" : "2018-08-08T11:05:16.000Z" ,
"relationship_type" : "dropped-by" ,
"source_ref" : "indicator--5b6ab3b8-08e0-490d-be87-4168950d210f" ,
"target_ref" : "indicator--5b6ace27-a8d8-486a-8661-3b5a950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--0402d821-a25f-46de-9785-726d4c4051cf" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-09T07:00:45.000Z" ,
"modified" : "2018-08-09T07:00:45.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--ae2ca65e-a566-40e9-988c-afd94662b78a" ,
"target_ref" : "x-misp-object--0aaae123-be6c-48b9-a529-8423c78edcc5"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--86533ff8-789e-4b08-9544-21b20f330406" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-09T07:00:45.000Z" ,
"modified" : "2018-08-09T07:00:45.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--3d2bdce2-0a74-4132-9e62-ff7f6bb49d67" ,
"target_ref" : "x-misp-object--bee356cc-192c-41d8-a4cc-78db7e2abb46"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--59c4b9c9-8788-4374-9d83-da3d2434b195" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-09T07:00:45.000Z" ,
"modified" : "2018-08-09T07:00:45.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b73de252-a2b1-4e50-b191-29e4730ad2cc" ,
"target_ref" : "x-misp-object--0d7c23b3-5109-4ec7-a30a-bfde82cdf32e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--aea80c16-ef4e-45a2-bab7-c8208195f532" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-09T07:00:46.000Z" ,
"modified" : "2018-08-09T07:00:46.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--75bde069-c661-4ecc-bb80-59a5e42b7df0" ,
"target_ref" : "x-misp-object--28c3b8a6-fa30-4897-ba47-71b6e5cee2ad"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--b72d7da2-df61-4b7c-825f-4081704a2c78" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-09T07:00:46.000Z" ,
"modified" : "2018-08-09T07:00:46.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--a2c4ac86-5ae3-46e9-8595-e2578538cde3" ,
"target_ref" : "x-misp-object--758f58b1-4646-4969-a6bf-c413006a6b0b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--97318206-95c3-4078-bcb7-29b72e08d17e" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-09T07:00:46.000Z" ,
"modified" : "2018-08-09T07:00:46.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--00487172-a3a6-417e-80b6-0c9ae860ec04" ,
"target_ref" : "x-misp-object--1bf1591f-a504-43e1-93e7-8af6576660c2"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}