misp-circl-feed/feeds/circl/stix-2.1/5b6aad49-a01c-4070-aba8-4b32950d210f.json

1370 lines
3.8 MiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5b6aad49-a01c-4070-aba8-4b32950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T13:52:50.000Z",
"modified": "2018-08-09T13:52:50.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b6aad49-a01c-4070-aba8-4b32950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T13:52:50.000Z",
"modified": "2018-08-09T13:52:50.000Z",
"name": "OSINT - CYBER THREATSCAPE REPORT 2018 - MIDYEAR CYBERSECURITY RISK REVIEW",
"published": "2018-08-09T13:52:52Z",
"object_refs": [
"observed-data--5b6ab10e-bda4-486f-a00c-4ec0950d210f",
"url--5b6ab10e-bda4-486f-a00c-4ec0950d210f",
"observed-data--5b6ab10e-330c-492d-9732-45c0950d210f",
"url--5b6ab10e-330c-492d-9732-45c0950d210f",
"indicator--5b6ab336-38a0-4764-8abc-40d3950d210f",
"indicator--5b6ab337-1068-49a3-afdb-4a69950d210f",
"indicator--5b6ab338-78e0-4d4a-a787-41b1950d210f",
"indicator--5b6ab33a-6ae8-47db-bfd4-4381950d210f",
"indicator--5b6ab33b-c090-4fec-a7d7-41e3950d210f",
"indicator--5b6ab33c-a594-4ad0-a38a-4de4950d210f",
"indicator--5b6ace27-a8d8-486a-8661-3b5a950d210f",
"indicator--5b6be7a2-91c8-4105-8c34-401c950d210f",
"indicator--5b6be7a3-9aec-42d9-a80f-4915950d210f",
"observed-data--5b6bee08-cfac-4cda-becc-41ff950d210f",
"file--5b6bee08-cfac-4cda-becc-41ff950d210f",
"artifact--5b6bee08-cfac-4cda-becc-41ff950d210f",
"indicator--5b6bf451-38c0-4d13-8875-4ea5950d210f",
"indicator--5b6bf451-eca4-41be-8a8f-4c08950d210f",
"observed-data--5b6c0839-50e0-4a66-b03b-3d3b950d210f",
"file--5b6c0839-50e0-4a66-b03b-3d3b950d210f",
"artifact--5b6c0839-50e0-4a66-b03b-3d3b950d210f",
"observed-data--5b6c0849-8d98-4751-9ec4-1a6a950d210f",
"file--5b6c0849-8d98-4751-9ec4-1a6a950d210f",
"artifact--5b6c0849-8d98-4751-9ec4-1a6a950d210f",
"observed-data--5b6c34a8-61f0-491d-87f5-7840950d210f",
"file--5b6c34a8-61f0-491d-87f5-7840950d210f",
"artifact--5b6c34a8-61f0-491d-87f5-7840950d210f",
"x-misp-object--5b6ab236-9b58-4bfa-af84-4320950d210f",
"indicator--5b6ab3aa-1558-4434-8acb-406b950d210f",
"indicator--5b6ab3b8-08e0-490d-be87-4168950d210f",
"indicator--5b6ab3c7-1344-45eb-aca4-4743950d210f",
"indicator--5b6ab3d3-bb34-4fd0-b76e-4ae5950d210f",
"indicator--5b6ab3e1-09cc-4bdc-9a16-494a950d210f",
"indicator--5b6ab3ee-613c-40e8-88d1-4a64950d210f",
"indicator--5b6ab3fd-5094-455e-b3b4-4cea950d210f",
"indicator--5b6ab40c-9a94-4194-8720-4dd4950d210f",
"indicator--5b6ab417-4004-4d04-9548-41c2950d210f",
"indicator--ae2ca65e-a566-40e9-988c-afd94662b78a",
"x-misp-object--0aaae123-be6c-48b9-a529-8423c78edcc5",
"indicator--3d2bdce2-0a74-4132-9e62-ff7f6bb49d67",
"x-misp-object--bee356cc-192c-41d8-a4cc-78db7e2abb46",
"indicator--b73de252-a2b1-4e50-b191-29e4730ad2cc",
"x-misp-object--0d7c23b3-5109-4ec7-a30a-bfde82cdf32e",
"indicator--75bde069-c661-4ecc-bb80-59a5e42b7df0",
"x-misp-object--28c3b8a6-fa30-4897-ba47-71b6e5cee2ad",
"indicator--a2c4ac86-5ae3-46e9-8595-e2578538cde3",
"x-misp-object--758f58b1-4646-4969-a6bf-c413006a6b0b",
"indicator--00487172-a3a6-417e-80b6-0c9ae860ec04",
"x-misp-object--1bf1591f-a504-43e1-93e7-8af6576660c2",
"indicator--5b6be6de-7464-4d89-b7fc-400b950d210f",
"indicator--5b6be6fc-67ac-4106-b483-451d950d210f",
"indicator--5b6be73f-c354-4007-a8c1-46d9950d210f",
"indicator--5b6be75f-a370-422e-8da5-42a6950d210f",
"indicator--5b6be777-e130-4d61-a2e9-4890950d210f",
2024-04-05 12:15:17 +00:00
"relationship--d5cdedbd-c433-4023-b29e-aae441ce5603",
"relationship--0402d821-a25f-46de-9785-726d4c4051cf",
"relationship--86533ff8-789e-4b08-9544-21b20f330406",
"relationship--59c4b9c9-8788-4374-9d83-da3d2434b195",
"relationship--aea80c16-ef4e-45a2-bab7-c8208195f532",
"relationship--b72d7da2-df61-4b7c-825f-4081704a2c78",
"relationship--97318206-95c3-4078-bcb7-29b72e08d17e"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"Cobalt\"",
"misp-galaxy:mitre-intrusion-set=\"FIN7\"",
"misp-galaxy:threat-actor=\"Anunak\"",
"osint:source-type=\"microblog-post\"",
"malware_classification:malware-category=\"Ransomware\"",
"circl:incident-classification=\"malware\"",
"circl:topic=\"finance\"",
"misp-galaxy:ransomware=\"WannaSmile\"",
"misp-galaxy:ransomware=\"Black Ruby\"",
"misp-galaxy:ransomware=\"RASTAKHIZ\"",
"misp-galaxy:ransomware=\"TYRANT\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b6ab10e-bda4-486f-a00c-4ec0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T08:59:58.000Z",
"modified": "2018-08-08T08:59:58.000Z",
"first_observed": "2018-08-08T08:59:58Z",
"last_observed": "2018-08-08T08:59:58Z",
"number_observed": 1,
"object_refs": [
"url--5b6ab10e-bda4-486f-a00c-4ec0950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b6ab10e-bda4-486f-a00c-4ec0950d210f",
"value": "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b6ab10e-330c-492d-9732-45c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T08:59:58.000Z",
"modified": "2018-08-08T08:59:58.000Z",
"first_observed": "2018-08-08T08:59:58Z",
"last_observed": "2018-08-08T08:59:58Z",
"number_observed": 1,
"object_refs": [
"url--5b6ab10e-330c-492d-9732-45c0950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b6ab10e-330c-492d-9732-45c0950d210f",
"value": "https://otx.alienvault.com/pulse/5b69d37292f5ac2b98346cf3/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab336-38a0-4764-8abc-40d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T09:09:10.000Z",
"modified": "2018-08-08T09:09:10.000Z",
"pattern": "[url:value = 'http://toshiba.org.kz/robots.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T09:09:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab337-1068-49a3-afdb-4a69950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T09:09:11.000Z",
"modified": "2018-08-08T09:09:11.000Z",
"pattern": "[url:value = 'https://swift-fraud.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T09:09:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab338-78e0-4d4a-a787-41b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T09:09:12.000Z",
"modified": "2018-08-08T09:09:12.000Z",
"pattern": "[email-message:from_ref.value = 'info@apple-istores.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T09:09:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab33a-6ae8-47db-bfd4-4381950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T09:09:14.000Z",
"modified": "2018-08-08T09:09:14.000Z",
"pattern": "[domain-name:value = 'safe.my-documents.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T09:09:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab33b-c090-4fec-a7d7-41e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T09:09:15.000Z",
"modified": "2018-08-08T09:09:15.000Z",
"pattern": "[domain-name:value = 'swift-fraud.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T09:09:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab33c-a594-4ad0-a38a-4de4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T09:09:16.000Z",
"modified": "2018-08-08T09:09:16.000Z",
"pattern": "[domain-name:value = 'toshiba.org.kz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T09:09:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ace27-a8d8-486a-8661-3b5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T11:04:07.000Z",
"modified": "2018-08-08T11:04:07.000Z",
"pattern": "[url:value = 'https://swift-fraud.com/documents/53763987.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T11:04:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6be7a2-91c8-4105-8c34-401c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:05:06.000Z",
"modified": "2018-08-09T07:05:06.000Z",
"pattern": "[url:value = 'https://api.toshiba.org.kz/robots.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:05:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6be7a3-9aec-42d9-a80f-4915950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:05:07.000Z",
"modified": "2018-08-09T07:05:07.000Z",
"pattern": "[domain-name:value = 'api.toshiba.org.kz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:05:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b6bee08-cfac-4cda-becc-41ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:32:24.000Z",
"modified": "2018-08-09T07:32:24.000Z",
"first_observed": "2018-08-09T07:32:24Z",
"last_observed": "2018-08-09T07:32:24Z",
"number_observed": 1,
"object_refs": [
"file--5b6bee08-cfac-4cda-becc-41ff950d210f",
"artifact--5b6bee08-cfac-4cda-becc-41ff950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b6bee08-cfac-4cda-becc-41ff950d210f",
"name": "RASTAKHIZ.png",
"content_ref": "artifact--5b6bee08-cfac-4cda-becc-41ff950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5b6bee08-cfac-4cda-becc-41ff950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABZQAAAM4CAYAAABbXWeeAAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AACAASURBVHic7L3ZcxxHmu35+9wjcsO+cANJcZFUi7pv11R1t83L2My/PTN2x/rtPlX37Su1qlQlUZS4EwCxI5eIcP/mwSMiIxOJlSCYBOPQkomM1bfw5fiJ46Kquru7i/ceVS2/q58C3nu89zjncM6NHA8c+TbGHLlGARE5su1Tx3g8pyGOk9IeLh624653Gde+CM4SnkmYhry57rhI3tT5UqNGjRo1apyOuv9zfpyUZp9zunwuqPul04m6LqtR43y4bs/MSVzhWeM6HrdPhX+shvOs4TsPv1ccW90nIhhjyt8FnysiWGsREUSk3GaMwVqLtXbkPAh8b1RcZJxQHieWi+MKMrk4p0ooVwNeBKD6+6SEOG+hmVZcpFB8CjhP/lyXvKxRo0aNGjVq1KhxffCpDDJr1KhRo0aNzwGniTLPQqCedE6Vl5xGXGb4qtc5jpcsSOKCHK5yt6qKMab8uzjeOTdCKldJ55JQVtUjRHH1IyIloVwlm4vfkxKmGsDqMeNK5knnfUhcVoZddlg/pGr4fXGRsNWE8ueNaS0zV9WgfO7lf1rzv8bVoH7OPjymuc8wrbhO9VKd/x8WtTji+uE6Pf/XCXVd9nnjuuX/VdQz1y3NxnERQvkkXGW8r4K8ft/8LxTHVUK5IJlVlSiKyr+r4mFjDFEUlZ/i/BGFckEOV7+zLCvtLcbJZGCEhC4iWFU0T7LO+FQKc40aNWrUqFGjRo0aNWrUqFGjRo0aNT4MTuMIp1llDNPvVFAlhscVygXJ3Gg0UFWsteW+gnAu+OECxTERMEIgj3/SNCXLsvIzbnEx7qlcndE/jlCehGlM9BqTUXvQ1ahRo0aNGjVqfFxclarpuuAkf8EaNWrUqFGjxtWjKkgd/y7a7er3WVwOrnN/56xxPY/lRaE+LoTCURSVthZVK4yCUC64Xu/9UUK5II2Lv9M0JU1TkiQhTdMRlXL13OK8Ko7zWB5HEdDriPPE6yo7te8brtqDrkaNGtOAD13v1GRDDZjetrxGjavAdSr/Z32V9lPAedu/aY7rVYwhPqVx1mXf433uU6PGeTGN5f+8qJ+XgKvIy/PYRBTHntWW6ir5qQ/Bj71POTyNUC5sL4q/CwFxv9/HWkscxyP2FuM+ywXPWxLKxaeqRi6I5MFgwGAwIEmSI8RycaGqerkIcNUK4zQmfZrJyKssqNPiy3wapoVQntZGqMb0YlrLzLSG66pwkfhfl7jXqHERTCs5clWY1jpzWsNV43hM04D0Q6Nua2vUmC7UbUaN64T3Lc+nqW0vSih/bhMEk7jXatoWiuQ4jmk0GkRRNEIwG2NotVo0Gg0ajUa5IF+VjB6xvDhOkTwYDOj3+/T7/ZG/u90ug8GALMvKAFfJ5SqhfJzdxaf02tlVdTQ/RPyve2NTN8I1zotpLTPTGq6rwuce/xo1zouaUJ7OOmPa1YbTmJcfG58LoVyXmRo1pg/1c1njuuCyyOTjeMJJituaUJ6MSYRyYXFRkMtxHNNut+l0OiWpbIwpj63aGlcJ5SiKRoj9qLhhYVtRqJH7/T69Xo9ut0u32+Xg4IDDw0MODg7Y29vj8PCQNE3LQFW9kqt+HJN8UI6rAKe5YvwUC+FZ/FQ+xv0vE9M8cJvW8nxVcZnWNLtO4YLrU5anuY69TuW/xvkxrXk5vW356etmTLjL1BKq05rO0xz/aa3LPve4XARXFf9p7QNMa/tf5//0PpvnRZ2Xdfk/L6Z5LH9+6MjfqqMc4tDHF6Aahw+fN8L54q/l/+cMmwpHonfqfc5wXCX/CmK4IIxFhEajQafTYXZ2lpmZGTqdDq1Wq1QmJ0mCtZYoisrrFGRzwR+XhHKhUC6UyVUieW9vj52dHbZ3djg8PCQZDEizFO+19NWwUURZRhXECIIc8U8+jkwe9/Q4Pyo3P+1IEY57NvQs5086TzXfXt178tWKaI6HRcbuoJX/J1+osm/8WtV0rVw35Mnw4LH5i8kXm4Ai7Ecf8KP3/5A4b2U3rZ3Dq0Ax+XMVuIp8uSimM2x6bN10HC4arg8R//efAb7oeecnuz78Pa7yPp8PrrL+quJi9T9cRX5eRXqcPy56pJ9x+j0EEXvu+FQHHB8KV5PG01OXv+89Lnqfq8HVtbNXgWkum+fF50goj176KvoyF8HV9H/L6Jz5dtP7XJ4fR+ulyyh301x3weW13x+y7pjeNLyatuzCE9ecp4ZSRHKBq3OkScLB/gG9Xo+5uVnarSaNuEFB1IqAImW1oVIhnUOgw75q2GUCwyaMhXKUuxNAREEVKaqovD+sKF7DNQxgEDS3+fUVvtN7H65jTM7FSRG8ygUl/xd+ajUAx6Vi9TgEURnuKJMgF/vmm7e3tkj6fRrNJo1mExvHpFnGzu4u+/v7tNtt5mZnWVxaZG5uDtUZQDEiwdpC87QoPJeNweXxLD2UqzYXh4eHHB4e0uv1ePfuHa9fv+bN+lucc8x0Oqzdvcva2hq3b99mdnaWVrOJySXQRVQUUDdqg1FdTfA4nL+wFysPFoleIUrHKqqisPn8sPEsUhTPcGHBIm9EQcb8Wsbz+AihrIofp2orJ00kX1QQRtNHiwCUvwrFd/7bDAt7cani21SuFf7O74kbIaKrBTIU9OIeJ1cFo68lFJ8aJ+E8pNv4s3DaOZNeA5n090UH7DXOg/ORKQHT+wyd1Okbfz1pSCRNjv9J5eki9f/508yffsh73+f8+X/WgcDZB6qnh/fsz3ahDPiQOD2NT6q/Jr0NdXm4SJk5L6b1+b9IXXYRCMbYI680lnuPef3xpP2n4bTz67Zv2nF1ZXM6n80a0wlFNbQZp9VL7zsRP71k1zkxZFfGWfbjTxmyO/lp5xszfThcTv//wxDKV9GXgbPWme/bhk+6zueDKR1nFo8xldBJdefkMBf5n/T77G5v8fe//MCr5y/4w3/7R+6urbEwP4/PskDaSiB0FchQ1BokMlgxWAVSB05Rn1cnIqgRTM4hezyIR8UHBbLkVyu+dRgJK2BUEedxCCqCtYbUORLvUKPECG0MPk3xKBrHkCt40yRFEKI4xpoYweAdOAfOByGFkUDOIqAS+EMVLX8jgXBHFQlUOiqCz4nk8LGgJicvw2J5Tj3Oe9QAxvDd//wPNjbWWVxdZfnmDVqzs/z67AUvnr/g1YsXqHtHp9Miy9ZwWYZzGVnaRr1ixEA7EPrWKt5YnHFllpYK5TRN6fV6HBwc0O/32d/f5+3bt6yvr7O7u8v83DxLS4vcvHmL+/fvcefOGqurq8zMdGg0mqWCpZSk66iHcpVQrg78xiuQ8w+Cq6rno2Ty+DUL8nnSfIQynJkYLe5hZsJMeCWzSizLyBnVqxX3Pi0+eYEYOUknPojlOaI5oVwJc/mHKU+VshKRI4TyKMyxA7pJGJLsdYf7KnGah9BJtjKfZ8N71bjoQPfkCbePgePK1Xj9fZRQvgpcpM7Rc52l73Gf64GrzMv3b0Mua4BSuSJXlwbT9/xfJWknYqaufboKBXSNi6ImlGtMH0KdcTZCeRRXUcamtW82Km0a3XLSPabxubyIoABKadolEauTrzOt+V/j/JhWQrlCSBVlsLxlRbQ5UTgAg16PzTdv2N14R293j9s3bnD/zhrLi4tkaYJ3joKXQ5UMxeeEqRETSOPMIx7wYZwaOFYB9Tk3FwjlkkMrPpOYQBPYNOuC8tjnSufMezJ1qIUIoY3gsyxYCGvwGI6iKNhMeEURrIkwEoFaskzJnBJFDRDBS353CYS3SiCVC6I7cKt+mINKEKIWH29ADaIGsOX1vIBYg4ljNp49wyUDVldX+OLxY27cucPyyio3b9zg9s2b7Gy9Y39/j/W36/T7fZJ0laXFRay1NOJGEAUruVo5nzSwIZ1KhXJhdbG/v0+v12Nvb4/Xr1+zu7uLiPDwwQMeP37MvXv3uHHjBktLS8zOzpYGzt4PC8kkD+WCUK4
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6bf451-38c0-4d13-8875-4ea5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:59:13.000Z",
"modified": "2018-08-09T07:59:13.000Z",
"pattern": "[domain-name:value = 'exchange.ir']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:59:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6bf451-eca4-41be-8a8f-4c08950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:59:13.000Z",
"modified": "2018-08-09T07:59:13.000Z",
"pattern": "[domain-name:value = 'webmoney.ir']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:59:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b6c0839-50e0-4a66-b03b-3d3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T09:24:09.000Z",
"modified": "2018-08-09T09:24:09.000Z",
"first_observed": "2018-08-09T09:24:09Z",
"last_observed": "2018-08-09T09:24:09Z",
"number_observed": 1,
"object_refs": [
"file--5b6c0839-50e0-4a66-b03b-3d3b950d210f",
"artifact--5b6c0839-50e0-4a66-b03b-3d3b950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b6c0839-50e0-4a66-b03b-3d3b950d210f",
"name": "tyrant.png",
"content_ref": "artifact--5b6c0839-50e0-4a66-b03b-3d3b950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5b6c0839-50e0-4a66-b03b-3d3b950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABZwAAAOqCAYAAAAYJJAiAAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AACAASURBVHic7L3plyM5kuD3M7g7yWCcGXnW1VV9T+92z460Kz09vf3/v+lJM6sZ7Rw1XXdlVeWdGRfpDtMHAO7wiyS8Itj5+o3liwyG0wHDYbALBoPYqtLKKtes+eevfuKfv/yJ67JCKzCakRUFWZaDZGil2MoCgiAAIAICimJthbUWEcD/WLUoICZDBFQBVQxCbgxWFVQR/HcoWAUFVaUocowxlFVFZS1WFZMZFKFSMFhf3mIEjBiMMVgMlQpWM6wYVDIMkGmFaoURSy4VuXF1lOUaEYOYDKtS/6xNTimCWnXdBUQVI4IRE7pZtxfAiKDq+o4IYgQRoVLffmOwQKUWASxKSQXWYhQWJidHMJUbJzGCGMPaVpS2wqKoceNeCaj/ERSxFlNZjAWDYLIcMQYVAXXtHAMd+E4QwlTvDt0C2vo41ARJxjEBNvT9VkFSEU3t/B7wTBgznTTQd08A0zBoWkEFTcaUPl5SM9mfCw3uofU/Baat5UTkOrHve1ubqdBuV5gL2diExLZNneC9DEFa25yqsAeeMWEpT6KwSYtmXwItBabKmAmjNkEviYvoLushmV/sC9LHeaf+drHcvShj2lzuC/6KdLlJsA/63xMtT8EzWTdLwDGCol3NLnVua+v7SmPw/sqycVt2eN6m0OUAmt1K/UzYwS6fUu17y8ungJBiI02Zyylq+TS/zBR4X3nGnuTSJFfGPsbs/dRLgowN8llEUJT/+ttH/PGzc3LvAUZEMIBBMQJiDIXkqICtSqpqja0stnLVGmPIssy1R0AyUFuh1nonsYAIZaVUqqAWAIMTpEaELBPEqvvKO3FdZYqqolg8QnJjEJTSqqsbQVR9Bx23NIhrO4rxqoIYh6sCjPq+ec+3ViVVZSltyermGhGDyXJMNkNxbde5QUwBxrVPELC2Hl71g5oZwVpLVdnaCS8IGBPRrXM8mywHlKpUEMGIYijd+FhFtUK9o9kYgzFu0lCLikWMQZx3HauKFcWGsTUGtaDhmfj/RBC7WeUaUq5uw7HVYqgjfDJVSZvUjj0ojwFTOkyx7Ka0LbHMFP+B2u0v3QaiVAwT5jK5L2HdpxaaIEBuY83Ea/O2lmB6uybQ8iQtfcqa2ddOmHSebKeH5HHey67eFEjc1AF0D85mmDLGkzElvp9Oy9McjvuQMe/rutyPXjINpjrPEg2I95b+9wXvpy43yUkxQS7vBw8k938SLZuk96f1P10vuz1Zv+2d9zMQZLotsw/o6GVb9eV0XX4vMhYYC2oI1d3WDLy/MnMapNhIk2zMPa3LvdhlDlMalr3ppWnldFL396fLpgzBFDk+dV5EpFU2Ck8mjz3RYoQsM8xEyCVnkc95+foNL1695sWLl9hKMZJj8pzDo2Pu3bvHwWJBnmXOIW0tVBWSCZnJfGRvRqbWBSOpX1wKRhSwiNrgtq2dwYJBDIgULkoYRYwhzwtmQh3pLOqcySIZos4BrYBadY4iMRhxgVDWWrAWxZLlhtXVDW9fPePi7Sturi89jgxjcsT/IDn5ySnzo2OODo/8BFtM5gfQO8oFdWXUO3jxTnHJUILz3D0HpbIlCGQGstxFfhutMCLkImQWTGWhsqiWrEuLtRZrDHmekc9mqB8HfIS3qmJM5pzuRpHKIpU6j3tNDJudYcOLcYqTrk2o3Xr/UgLp/RaE+3FS7gPSFXt4fxVOQ9o4T3UEpzP324hIjtt6W+sjVVDtT+F+X9dMv11hTMbG8v3mZYkwoSsuwuP9HINp9L8P/p8O6XT2fq/LliK8k17yPkbewTSDc1q5u4f3sU1TYV/0PwHLpLWctuG+L1k+jZbT35dJJxzS8AyN2TYZsh/5//N57E5Y3lM5Dn0de7vM2JfzfIpdDjGfuSu7/K9r/vVObKQYpgVC7QPP+2ov7Uf1ny5j3r8I5yl9qTNSJJUZ8X/4Zzm+HSLOSZr56GFUqdZrnj/7ia+//ZYffviJcl2BTztx7949PvrwYx4/esTJyQl5ZjDkVJmQG8ElvQjR09ROVyU4PvGpKdwD8RFLAhjjUlWgikvV4Zy0lbXOySqCyTOyIndRvaiPdnZ1qQGj4lQlI64l4lJxuCjliqvLdzz9/jt+ePoNb16/AixVpVgV8mLOfLHkYHnM+Ucfcz/POTk6xBiwlfXtE/BjJgJohRFFMqn7LEaoKuudweJSbfjUGihkPmobQkoQn6ZDmzQhIq7NlRjUWspVyc3qGpPn5LOinmBpbRwYjAqivq3i+i9sYzoj52qSCHVc4Dao318BcyswmX8kjvMUrruXyMApDPf9pAmZFH1HYpm/bOTJ7a7L9PGafIgilZanzGXyupwCcQhF/EFrudiDZAVCe6h2gvfVSRVSRN05nvq/HWHDnG1Eklomlf9PaRfT5v+9XJeBWPplxvnfnpzNU9dY8jino9gL7IXHToE96VgT6H96ppe71TGDDZYE763uO1Uv+/m07Oy08QjrSc6QSd2fUmhP+l8SjNm222CTLTvkWJmCYwJMoGWnMg3Iv9aHn9kB3RPP2Af4vrRaduv68DS9fLrj+/3js4HXpRVKe33a+k9nTDKB/2mNK61EGkxjsumHaKVBF9FB+JQ3bVCMKLkRVC3las3F1Zofvv+Or778kmfPnrNel1h10cKv791HK8tiPmO5XLA8OMDMctRabLl2i9Wn60DV5Wr2HTD1Im6ctwbBWvduZgyqLl+0AKoVN9c3vL14x9X1NQcHBxweHVLMjp2jWRVs5dJPiIAxqAqVOgeveg93ZgyZEcqbNVdXFzx79hPffvsNz378gfXqmovLa25Wa46OTjm994DzB48ojo+49+Dcpb0QUCwuRFwRUYq8AGC9XrsIZWPw6Z4xolgsgiWTnCwzIMLN2qUJyYygWCpbgZag4qJDK4tYxSjkeY4Rlzrj3dUll+/e8erdGw4OD7n34AFSFBgfUaoaxL3x4+zTgJhABFtSagytlUk7aaPfDH43LVJz2qJLY9Q/w+BMQDOp/zJBFmhqoQlRt8kluJ1Q3Z1gmP62lUmey04kwa5okmCSLjBeYCy6rxsVsROWKX6t5NOuafPSIErBscf4xqhdzVzcpmLrjzlNmZs7twXSlaGpfZkCaf1Pb1TDM9LQ3HW7JsGk/TlJ9qC5TEdTjvwN4x/USyZFq0yDvcny99Sun6wE3TFMyMJw93IJko36KSoJTJTlqf7mffC/SXtaE9b/tHPYI3bRtgjrbW3r8LV9zMsUHVv0znWMSdMyqmO7h6Pf7SPvfypZhgCGke9vL7p5Ivt7T+VSrYnfWQOn6uVpiRvffx/DlMWZ8v4Ux3l6kSmY7KS5SeSzUzf1pwxbHfzrqDTmvbmLkHWRxG6nUVnfXPPi2Ut+/OYpr1++5ORwyaeffMLiYEmWF9ysSlQhyzKsrbi6vOBg7i4XNHmGyQzWX3BXaYisBRcd7ReKgrWK8TmWxYp3yHp+rSAzl75jtV5xdXHBV19+wZdffsknv/gFH338EYvlAbMiI5OsztVsxCCZu/hPLFQIFpd+Q317ELh/fs6f/vaP/PY3n/L82Y98/q//xjfffsvF5RV/97/+Nz7+5DNOzs4pDg+ZHy0xUpFJRl4EDVTBKkKFiDDLgjMdDKa+NDArMiBDAZOJJxQXWG6MYV2WhOjoIsuYZblL+2wVY5VZUaCqXN2sePHsJ778+mu++e47Hn/0IcvlkuXxCfk8R/IcrXybHHK0cvOc+YZt0uvHQuFv956pYSYhtWNnAtNJhP2kO0jdFZuwYT1JsUvFEWD3/kv9/1173KfANMGe9LbbIUtFkm7Z3vaYjXRT9jU3yVupcNfrcn/+pt03wral2til7F8DvM99ST9SyjSD430cgsnrMrEzZpqXKl0v2c8g7ydX8vtIMODG/455+SSYqmPtoS+J4yUadMwUXLdzT8SOqJJentAVkjfOAZdSbXeYGjwzeAp5Q1275X3
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b6c0849-8d98-4751-9ec4-1a6a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T09:24:25.000Z",
"modified": "2018-08-09T09:24:25.000Z",
"first_observed": "2018-08-09T09:24:25Z",
"last_observed": "2018-08-09T09:24:25Z",
"number_observed": 1,
"object_refs": [
"file--5b6c0849-8d98-4751-9ec4-1a6a950d210f",
"artifact--5b6c0849-8d98-4751-9ec4-1a6a950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b6c0849-8d98-4751-9ec4-1a6a950d210f",
"name": "wannasmile.png",
"content_ref": "artifact--5b6c0849-8d98-4751-9ec4-1a6a950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5b6c0849-8d98-4751-9ec4-1a6a950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABaAAAAK6CAYAAADPSvu7AAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AACAASURBVHic7L3ZlhzJlWW5zxVRG3yAY0bMSTIrWZm1+qVfuj+D+dv9Ab06u3IqMhkMBgKBySczU5V7+0FEzcwdCGZ2d5GBqiU7lgfgbpOqqNpahq3Hz1VEBJ1Op9PpdDqdTqfT6XQ6nU6n0+n8d8Z+7g3odDqdTqfT6XQ6nU6n0+l0Op3O/5x0Ad3pdDqdTqfT6XQ6nU6n0+l0Op0/C/ljP1yv12w2GwAkAXDc1CGJ3tzR6XQ6nU6n8+fBdPxd+yxWb0HS/usuTkQQ7Z602/f386jPFB9+vosI4uhhH3/++X5x5/s7W3rvcVFfjDh6qv1r7l8s6nfzcwWYq/6Io/se7cvxPpoZSSIdf1aNeVsMmaG2hgQoAo+gEEz68PNsRBAeRPgH+2eW6/NJbXnblkTg7vttEyATJtXvAvDAEKmt0byWBQijHvR5/8ayX4+6/e3z99FrHR8LSfXxUW8P5rPmcEzS0bFxd0o4BQcd1lWHlTqsxdG5Ye0e8/YAxNG5dP/fCwhiPr7Mh7k+X3zk9Yj5vPjgsHz0OHWOEf+hhdtzdFw6nU6n0+l0/n9w/Pl/uVzym9/8ht/85jf8/d//Pcvlkoj4uIA+5mMf7voHvk6n0+l0Op0/IzpSSQExi7r2ww8F8UESzndSUIVmtJ9Id6QkTZTWz3WBdNCWH1NZosrGuBdE+KnPhbMMr8+l/TPP2ktH4rPey4m2rUlW5WU4HvGnNVkTnbr/M5r8jJgXoy3HvL9gsg/2RUfr+OErB2pHY96vWfmb1LZf8yZB6I70P97Ged+NwH9y16rEno93zGsx/137EwJhTfQHhO9f72MXLGY5f9ir4yPPfs+E8LbPdVvVjs3hfKxu/bBSce9ZFfNKzbfNFxw+XIu7C/TxNen/DvkpulDudDqdTqfz8/BTn8/mgIakf19AdzqdTqfT6XT+suwTrx/5LPexZDIcpYTvPc/9Zz5++EEHz6nZaHLxrsxSjcm27jbh9+RsRHyQfI59qlk1ObsXxUcSmiafY1bV9/ZxH50+JLX56P7PSerj9ZilZlWo0pHoVRxp5CNZfteL7gXz0Y5CVFmv2XrHQSwffPD9bbx3IHX4i2bpHQdBe18czxL6joxXfSxz0lu2f/x8H9O8F/eXa5bTqa7pB+llqGn7KsjnbTIJk7XbdWd775ysOlw02a+yZgkdePiHa7Jft3/ngkOn0+l0Op1O55Pm/m9b/qSAPk5ZfOw2M9v/6l+n0+l0Op1O578fP+GX/yT7T2R2lH7+6JMf3bfJzDv1GE0S+t2HVL9rQiSEYQEeTqHc2/ZjYVyfP8lISpjpKPVchefddHPab0ttkjjcNqdn7ySmdUgVS4AZs8WNo53yex0P+xRuBPgsyvc78MHn4EMNRbT1C1qo95AgP/pwfZDnd/K+bT9qVUZNH8/Z6SqS693v1m7MJ4PPx6vVb/jx65lhMkxp/7oRtn/2+XX8WDADmEjJKKXc2de9NG4VIsdpeLW10p3z6Hh12Z8wVYoLo12caGt6/A+SORXz/4ZeBdjpdDqdTqfz6SOJlNL+s99HBfT9DrfjB/+p2zudTqfT6fzPycdmQnT+fOw7eTUnhH/6vnOFxvFj50TqncNVbeleBM4PiYM13KeTj/5XpXRL2NYss7VqCyE3aD3C+0jzwRZDtN7jqq33KWhaClZz+rZtwpxArsK0/vBusvte3UYIQkclERxJ9kM9xV7Expxortsmv5vynkXpLDmrtPXDytQY8H4/P0wcz2vVwtLuB4MfVVzPzwiH+o4Pj7H2jzs6FHi0EpCIO9vKUS1GSBDeXPx8kO/littj6y4d6k6keR1mqX2/E7oQ+D79He15j6tB6h+2T24f62sdSej9n0enThxv5V5kc5fjlPq/8++VTqfT6XQ6nc7Pw32H/JMC+qceCPx/Sit0Op1Op9PpdP4DNHmr+e/AB35yvuvxQD+OHrevhjiqyfAmQI9rLOL4ie+avrsVCtZE5fyMYq5oCAHhLRXcdGIzsJLqQMD2iEMSthxSzsefO+MgaGehGa3G43hQ3gfr5TXpfOe2vcA9bPOx4FTcTYqbNYlrdriDO9DSyhJmUV2vzet/lCBv+2amw2Ps2D/Pqe9DH3L4h+s+79KdaPp8/33YutWz6NBIfSzhY1/fMl9E4Oj7WkcSTcjPx3dOv2tfs3GQ1MQhRV0LTQ5rvL+WsV//Q4r8uGd6/5D7SehDJv3usTvutz6udzmuLNkvygcv0+l0Op1Op9P5GZk/488NGj/ZAf2x6ejHt/VUQafT6XQ6nc6fgTlgqypMNdvnfSL0/gDCSrSEs98TvneH7HHwnXsBeAiSzgP05u/2ElhGyJhN+HHq9VjqHqdg5/1wh4lAeJPRas44KHOqmFlOz883q+95uF8chLaqDp8fZ/NfPI5e97BmQi0VHM1V1vubgtRaO/bC886aHKo39uvQ5LPP99o/7rD/HhxE/NFz7WszOAx/PPRkc5C9R8xdy/Ozz2I+9rfNSfEgzZL7eNv366uDbVcQZvuNVXuh/bDD+Rzbv+osq6t8DkWTwu1522khpwrto+eZc83HxHyBQoYiMMU+5R37bug5Sf3xAYpzGOZwMeVDCd3/vdLpdDqdTqfzl+dOfR015PEnBXSn0+l0Op3OTBc5nx53QgKzCA1nrpiYKxRolQ1+LGhTTemGz3UNsU/UHuRiu3urd0BG1A4IYk7Qzn7xWGpbE4d7PS3K7BznzUSEzSq2SUY7CNh52KGalHSvaeRZPlvrSJ6FuY4FK8cVDbQUNdyv6kiCwQ5DBsMO8rkwy2paKrolo+VVwM67C3W75ygwVNEcc36c1nMde2lc+6t1OF7OcbS5Pm9LYR9E872LB/Naz1+mO3c86O/5gM+r6tzxwk3gzhcr9oMVuVvfEvdfTwatI9q9Pa18n+jWvnpD++1pz7r/f11Xavp6/lnEfDp+kAs/Dsd0udzpdDqdTqfzPw5/cgjhn/pQ1z/wdTqdTqfT6fz52H/WiuNU6/7We6nmauvU/GINvdaqiJSsSdxgmjWfhKXazByW2q/FVcn7U4nT/WA+eUupqrVsHFcp0Oop5vsDChw71EnsZSkQqd3fsPY1i3DN9jfAixCFebBgVeeHxK7tv1rtRdR09SF9cah5mKVoANnEoJrICNUKjxoKDuTlkKQ2oZRIOeE+4T4dHSmBWU1h7+XpUR5cc9q73ftoX+u2GVGcKKWK6qhKPpnd+Tx+X7ruk+D750sYqSWt/SgN3k4M0bbCqqi/V2lxzNzDfedn8zlhCTfV12s1HXJqvYvXiw+xb+qbLyjoTlp+fvb9eWV2JyUeOFH8J2s17qdq7oj7j/xmQKfT6XQ6nU7nL8fx59TjAMF/uAO60+l0Op1Op/PnZU7zWhwqDMq+7iJagjZasrkJt6hON0F1fq0iIgHJW2WBDNLc82vkIkoKplzIYx0mGCbU+nUN4RKF+vdQMJmj4uAFb0laU31MtHoIC8OidkOXCIoHEYUUYqEE4XgRYwoSsNiL24lSvM3SE4lUSzsEUbsdSH5I6gaON/FcsLqdUTjUXsxd2NaC0dFGCbZ1bn8GMNr8OiI5pL30hYJXee5BTLUuIonaOR3Co8r0kAMTpaWsE4lkQbLC1BLg4XWtzAvz5QCfDx5gbticMC8OClLUygtJJNXUuCPKXM/i3sLTc01KfX1PgBfkBYsEtIsHOcAglZpQdxUcQSSS10GTdXuCMMcVWKnR67AM5shKTW63PhJFFfAKMbnXnuj5Vy5p556BWr1GEOCGvMrrZIFsvsgiHGOa8/NBGxQZuKjb1pLyRj0uvq+KqV93agT7P2k6nU6n0+l0fhbuVzn3Co5Op9PpdDqdT4YmI2cBLVHmegbNlQxN7s3VECESwdBqH1xiVGCINCdQZXUQndXkswoQI26lylJSvc0dRZAQU4hQ3RaPoETBcBROiamFa40U2su
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b6c34a8-61f0-491d-87f5-7840950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T12:33:44.000Z",
"modified": "2018-08-09T12:33:44.000Z",
"first_observed": "2018-08-09T12:33:44Z",
"last_observed": "2018-08-09T12:33:44Z",
"number_observed": 1,
"object_refs": [
"file--5b6c34a8-61f0-491d-87f5-7840950d210f",
"artifact--5b6c34a8-61f0-491d-87f5-7840950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b6c34a8-61f0-491d-87f5-7840950d210f",
"name": "blackruby.png",
"content_ref": "artifact--5b6c34a8-61f0-491d-87f5-7840950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5b6c34a8-61f0-491d-87f5-7840950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABHwAAAN6CAYAAAD8dl68AAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AACAASURBVHic7L35k2THkef38Yh4R95Zdx/oBrpBEOA1HNLWtNoZSWaSzOYv1pppzWZM0sysNLIxLskBD4DgBaBx9Vldd+Z7Ea4fIl5m1tmVie4mhHlfsgpdme/F6XH4N9w9RFWVFi1atGjRokWLFi1atGjRokWLFt8amL90AVq0aNGiRYsWLVq0aNGiRYsWLVq8XLSET4sWLVq0aNGiRYsWLVq0aNGixbcMLeHTokWLFi1atGjRokWLFi1atGjxLUNL+LRo0aJFixYtWrRo0aJFixYtWnzL0BI+LVq0aNGiRYsWLVq0aNGiRYsW3zK0hE+LFi1atGjRokWLFi1atGjRosW3DC3h06JFixYtWrRo0aJFixYtWrRo8S1DS/i0aNGiRYsWLVq0aNGiRYsWLVp8y9ASPi1atGjRokWLFi1atGjRokWLFt8ytIRPixYtWrRo0aJFixYtWrRo0aLFtwwt4dOiRYsWLVq0aNGiRYsWLVq0aPEtQ0v4tGjRokWLFi1atGjRokWLFi1afMvgzn6gKIdHh/zsF7/gq8dPqdUyGN8gK0ecVIILBqdCpTXBBDRT6lyYOsshGZ88PeTjx/s8DzAxEDIoDk4opzWlMXSAroH1XsnGoMvGsEeOJ8eTBc8Xn3zMH373O/7tVx+Qd7p8/0c/RICD5/t8/NEfGY3GjNbX+OzRV6xtbfDjn/6Ena1tup0uR/tH/P4Pv+PB55/w5r07nEyO+OOf/0Ce5+R5gbMZGgxVFTg8OMK6nOF4neFgxMnxhN/++jcMBwPu3LnDu+++S7fb4eT4kF/84uccHx/ykx//FWWny+HRMb/97W/p9/v85Cc/Ic9zvPc8ffqUL774gidPnrC+vs7u7i6/+93v2N7ZZGNjjX6/z+eff87u7i5/93d/R7fb5cGDB3z44Yfs7u6ysbHBkydP2Nvb4/vvvcetm7cYjUa8//777O/v8/bbb3P//n1u3rzJdDrFew/AP/zDP/DbX/8aP61AhX5vwH/87/+Wt9/+Dpub2/zmN7/mN7/5Fe//6pd8//vf5af/4a/JMuH9X/2G/+0//xc217YYDdbpZF1++IMf8KMf/ZDN7TU+//IB//Kv/8JJVbG+ucl//E9/w+H+Pp/88U/8+v330dpz+8ZNtm7sUAXP+7/9NUW3w/b2Drdu3kSrmsdfPSTrlgQjHB4e0ut0WV9b4+7duxRFwXQ65Z/+6Z948OAB29vbbG5usr21xd3bb+Brz1dffcWHH37IkydP6PV6vPfee7zzzjsAfPTRR/zzP/8zW1tb7Ny4wa27d/nD73/Phx98yKA3YGN9g52dHf7tl+8TFP7n/+V/ZWNziyzPAXjw4GPef/+/8dc/+AHDXocPPvg1H33yMQ8ePkRsxq2bb/DDd7/PGzs7HOw953//L/+Zx892qRWybod33v0u/+lv/5bf/+YD/vjhR3zyxz+xc+smb92/R3c4oOx2KIoCNPDkyWN++ctf8uMf/5i/+Zu/oShLPv30U372s5/R7XbZ2dnhxz/+MQCPHz3i//1//oUwrRj2B/z5T3/CWMt33v0uHmUaPEHAWoMzlno6hRpyHBtbW2TdkgdffUmn12V7e5u93V12nzzl8aPH/OSnP+Xd771H5Ws+/eRTPvzgAx4+fEieZdx/6x5337jN9sYGzjo++O1v+dnP/pXheEzZKQE4Ojnh8PCQvb09+v0e6+trfPb5A/r9Hj/96U/Ze77P/v4BeV5wfHzMwcExd964i3OWh4++4ue/+Ff+/PEfGA66DIdD+v0RvjZkWclgMODdd99mbW3IR7/5iK3NLd555x1+8d9+zocffsgnn3zCm3fvcvfOHbplh04n/mRZxmePHvPPv/gV/8P/9D/ygx/9iK8ePeTB55/z6PEjfvRXf83t27fplCWqGic+5wiqBFUEkNOTICAIkv49/170zLNXQCS+b86m/wIoil/ieVL6MZ/r59S0xTIIAsgStVFdqs0gNrkunc/y7RxQwhLPQ+z/q05JZJkyX4JV+n+1+qd2XgKG2AZLFCu28ZICsPyYWT6fF/XlXxrLyNJKY5nl+39ZCMvNmaviddQForyYVzzHrjRmXhNWHTOLsvyiNvk21n8ZrDSXAfYlNdgqMvsivIx18Sq8ijL/pbCq/DdtPG8LZbaBvSif9JyYuNVa7CMR4dGjR+zv7zPo9THGEEKgDh4NAVTJnMHXE7784jOsKKNhn9s3thn0O6Ah7kklgNQcn0zZ35/w+NkRKhnj9W1q9dShBsCIYDSu+icnxzx7/oTRaI1up8v+/j5FXtDvDZicnABKUeRYI6Ceo6Mjjk8O8PWEH737LpOjA/7r//2P7B/uUfspmXHc/847fPcHP+DffvcRB8cTdjZv0O0OyVyHugpMQkVFzbA/xgWl3ntKQY0e7vPVBx9RHD5ijT2mTz5Hjg4oVbBe0GA4Ecdxd8Bhb8TndY3d3OL+D/+Kd77/PW7duQ1B+ePP/o1f/f0/Un/+OfnxLsNiQsZzct2nUI94g4YcU46pyyGH3SFfuTHTzTu8/Z/+hnK0iVdHJcI0s0y7OccHRxw/fcrx53/iP3z3Tf7ub/87xBjEXC445wgfaOSsEZYQBcIKxgsBqFEUA1bBxe2pEaFXZHSdIQs1cnSCEHCFxU2myKSmDoFahOAsFQGfO6z0IUTBy2yGFYuoodcfsrG9zXfe+S5WDLtPn3G8d0hRFHS7XdbW1nFZzqOHj+n3BogaHj96zO6zXaYnUzp5F1Spp57nzx7T7XR5773vowF2d/d5fPiYwSDj1s5NBv0Bde0xqmQuYzwakWcZVoTM2rjAB0VVscZSFgWZc/iq5tmTpwyHQ7z3PPrqIYf7+2TWsjYaMxoMKbKc0WhAnjuOj4/RWsErfuo50WOePnqC1oFO3qFXdpl0TpAg3L3zJjdu3MBay/r6BnXtefr0GWtru4zH63hfU9ce72um04osL7i1c5M8L8izgslkwvO9PTa2tik6HTq9HjbLyMsOnW6P6fQYYx2j8Zg7d9/ijVt32RhvcvPGDt1+j6BKVXu8BlRARfAKRVmyubXJ97//fQjKeDhEjGHv8IDBYMjWjR3efOstxsMBz58+48vPv6A0FmcdE5mQ2Yw8KyBA8EqoA844Rv0hb915k83NLYbDAWicdNbX19ne3qaqKnZ3d3ny5Ambm5t0Oh2899R1jYhQFAWjwYAiz1FVXOawmUUFgkTFPhDAgNg4eYk1ZHlOUM+0rsAI/X6fm9aytrlN7gq++OILSmvRUDHo9xmN1xmO1+mM+pT9Ho8fPaKeThn2+3zn7bfp9/sULsMoOGPod7sAnBwdk7scg4EQZb3fG7C5vsn+wQH7ewfUlSeEwPHRCXvP9+hkBYP+kG6nh8syttY38QKH0xP2DvYJXkGVwpUUZU4377K3t8/+w4d4A+ubm6ytrTM5muBcTll2MWKoq5qAMhgMuXfvPuPRGBHYWN+g1+uTZQWqgdr7KFtZxvr6BuPxmN//4Q988fkX7O/tUeQ5mcuoJhW+DPR7A0INdRUQEZzJyLMaawRVJXhPr9PjjVu3+e5377O5tUW30+fPf/6Cw4MTyqJDr9un3xvgsozDoyO++PJLAsrm1ha9fp9Bv09eFNjMUXRK+sMB1lrKvX1yhJO9Ax5//gWffvwxYgzv3H2L7dGIrrUwrchdhrWGUPs0w80pksU9yXwObP4TPxFV5JJFVJDTi3RaUJfdighgFjYw59I9lfxC6iJL5SaiVz59EXlkAAnXz2Oh6ZaCwKz9lsprCVguWQCvyuOqulzcTUQKh2sX8Gz/XxeXle0yEvAUqaKzUl78/kISalgYGno6/eafC9/bU/tOuZjHO5v/CgqCVb2wjS8dP3J5nf/SiG26zFhePg8DS4+xF5bjgrZ+He3srtZtXh5k9ut6j69QdwNnxsyrwjXH4tmvL3hHFn5f/OXCena
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5b6ab236-9b58-4bfa-af84-4320950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T09:04:54.000Z",
"modified": "2018-08-08T09:04:54.000Z",
"labels": [
"misp:name=\"microblog\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "post",
"value": "Cobalt Group and FIN7 Recent Malware Campaigns https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf \u00e2\u20ac\u00a6 All IOC here: https://otx.alienvault.com/pulse/5b69d37292f5ac2b98346cf3 \u00e2\u20ac\u00a6 #Fin7 #Carbanak #CyberSecurity #Malware #cobalt",
"category": "Other",
"uuid": "5b6ab236-fe24-4203-beb0-4bb8950d210f"
},
{
"type": "text",
"object_relation": "type",
"value": "Twitter",
"category": "Other",
"uuid": "5b6ab237-ab54-4d39-9253-4fb9950d210f"
},
{
"type": "url",
"object_relation": "url",
"value": "https://twitter.com/Bank_Security/status/1027076295803453441",
"category": "Network activity",
"to_ids": true,
"uuid": "5b6ab237-d198-4622-8944-49d7950d210f"
},
{
"type": "url",
"object_relation": "link",
"value": "https://www.accenture.com/t20180803T064557Z__w__/us-en/_acnmedia/PDF-83/Accenture-Cyber-Threatscape-Report-2018.pdf",
"category": "Network activity",
"to_ids": true,
"uuid": "5b6ab238-fad0-4688-bdf0-4a6e950d210f"
},
{
"type": "url",
"object_relation": "link",
"value": "https://otx.alienvault.com/pulse/5b69d37292f5ac2b98346cf3",
"category": "Network activity",
"to_ids": true,
"uuid": "5b6ab239-f07c-45d4-abd7-4650950d210f"
},
{
"type": "datetime",
"object_relation": "creation-date",
"value": "2018-08-07T23:17:00",
"category": "Other",
"uuid": "5b6ab23b-8bc0-4ec6-99b7-468f950d210f"
},
{
"type": "text",
"object_relation": "username",
"value": "@Bank_Security",
"category": "Other",
"uuid": "5b6ab23c-3940-4bbd-adfc-407d950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "microblog"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab3aa-1558-4434-8acb-406b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T09:11:06.000Z",
"modified": "2018-08-08T09:11:06.000Z",
"pattern": "[file:hashes.MD5 = '03c6601a7fef76fce7fb63c116ef5fb9' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T09:11:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab3b8-08e0-490d-be87-4168950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T11:05:19.000Z",
"modified": "2018-08-08T11:05:19.000Z",
"pattern": "[file:hashes.MD5 = '298774c49ee2a1e823f8049a34c09609' AND file:name = 'Details Acess.doc' AND file:size = '47560' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T11:05:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab3c7-1344-45eb-aca4-4743950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T11:30:33.000Z",
"modified": "2018-08-08T11:30:33.000Z",
"description": " Bash script to delete Registry keys related to \r\nMicrosoft\u00e2\u20ac\u2122s Word Resilience, set Zones to null, and execute the script \r\nnamed tCrrDqBQoCcEkbnK.txt using the Microsoft Connection \r\nManager Profile Installer (cmstp.exe); the bash script also deletes \r\nKbhpQIcahFCuZwq.sct and wipes content from MGsCOxPSNK.txt",
"pattern": "[file:hashes.MD5 = '9c289f5db447ac00069b76ff5f8009d1' AND file:name = 'RaRaoVewkM.txt' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T11:30:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab3d3-bb34-4fd0-b76e-4ae5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T09:11:47.000Z",
"modified": "2018-08-08T09:11:47.000Z",
"pattern": "[file:hashes.MD5 = '1a2e7a9bc8b6e6f359b80173c1f3f42d' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T09:11:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab3e1-09cc-4bdc-9a16-494a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T11:31:23.000Z",
"modified": "2018-08-08T11:31:23.000Z",
"description": "Clean decoy file shown to the victim user",
"pattern": "[file:hashes.MD5 = 'aab98b81b9f899183fd090c5f0fe402b' AND file:name = 'MyFHPeibBN.doc' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T11:31:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab3ee-613c-40e8-88d1-4a64950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T09:12:14.000Z",
"modified": "2018-08-08T09:12:14.000Z",
"pattern": "[file:hashes.MD5 = 'b36782a9a2b34e8385702ec00cb85065' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T09:12:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab3fd-5094-455e-b3b4-4cea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T11:17:13.000Z",
"modified": "2018-08-08T11:17:13.000Z",
"description": " Scriptlet that contains JavaScript to execute \r\nMGsCOxPSNK.txt",
"pattern": "[file:hashes.MD5 = '05aa48a9c536ad644a2e91eddf2c0511' AND file:name = 'icWwJarxcTwcABh.sct' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T11:17:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab40c-9a94-4194-8720-4dd4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T11:42:04.000Z",
"modified": "2018-08-08T11:42:04.000Z",
"description": " Configuration file executed by Microsoft\u00e2\u20ac\u2122s Connection \r\nManager Profile Installer (cmstp.exe) that will contact the given \r\nremote location, safe.my-documents[.]biz, to download an additional \r\nfile named robot.txt, which is a dropper script that would then drop a \r\nmalicious DLL onto the victim system.",
"pattern": "[file:hashes.MD5 = 'e5614d2eec5d2b75c5eb26e059932f25' AND file:name = 'daQMTVvsBig.txt' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T11:42:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6ab417-4004-4d04-9548-41c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-08T12:52:59.000Z",
"modified": "2018-08-08T12:52:59.000Z",
"pattern": "[file:hashes.MD5 = 'e7702f9585616283b6b412b06b274dbf' AND file:name = '10206.txt' AND file:name = 'tt.dll' AND file:size = '92160' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-08T12:52:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ae2ca65e-a566-40e9-988c-afd94662b78a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:00:27.000Z",
"modified": "2018-08-09T07:00:27.000Z",
"pattern": "[file:hashes.MD5 = 'e7702f9585616283b6b412b06b274dbf' AND file:hashes.SHA1 = 'd69ad2135f06d13e17f12c7e18c738aa4d3e59c3' AND file:hashes.SHA256 = 'e23288695e01dfc34da6642e72f242dc4033d01bff9e5a78f36061f55093eeea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:00:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0aaae123-be6c-48b9-a529-8423c78edcc5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:00:26.000Z",
"modified": "2018-08-09T07:00:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-06-22T12:19:27",
"category": "Other",
"uuid": "76b19d50-ae82-4b15-890d-33b8798026df"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e23288695e01dfc34da6642e72f242dc4033d01bff9e5a78f36061f55093eeea/analysis/1529669967/",
"category": "External analysis",
"uuid": "bd44e693-7d9e-4b6e-9f53-2a95e038780a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/68",
"category": "Other",
"uuid": "3da4c98b-e7ac-482c-befa-1e386c12473f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3d2bdce2-0a74-4132-9e62-ff7f6bb49d67",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:00:30.000Z",
"modified": "2018-08-09T07:00:30.000Z",
"pattern": "[file:hashes.MD5 = '298774c49ee2a1e823f8049a34c09609' AND file:hashes.SHA1 = 'e4c6120b824db8ba43abc1356dcf6963786206cf' AND file:hashes.SHA256 = '4e78b0218d8bd445fe7f53a3d7134b21ed02396e876663e7d3a9e16975a3dcc2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:00:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bee356cc-192c-41d8-a4cc-78db7e2abb46",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:00:29.000Z",
"modified": "2018-08-09T07:00:29.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-06-28T00:11:29",
"category": "Other",
"uuid": "825e3f3e-c0fe-469f-8096-89309cdb52ee"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4e78b0218d8bd445fe7f53a3d7134b21ed02396e876663e7d3a9e16975a3dcc2/analysis/1530144689/",
"category": "External analysis",
"uuid": "523deae8-2ada-449d-b4e5-7372edf3adcf"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "17/60",
"category": "Other",
"uuid": "86483ff6-cfd1-4d8f-8baf-1130cf8aa16e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b73de252-a2b1-4e50-b191-29e4730ad2cc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:00:33.000Z",
"modified": "2018-08-09T07:00:33.000Z",
"pattern": "[file:hashes.MD5 = 'aab98b81b9f899183fd090c5f0fe402b' AND file:hashes.SHA1 = '1db3baab58157e6a2b521525843facbc4d9183c4' AND file:hashes.SHA256 = 'ce6821adbd912da5a18313a98009cf37febe68064cc0b7a8a97f14afe35bd54d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:00:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0d7c23b3-5109-4ec7-a30a-bfde82cdf32e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:00:32.000Z",
"modified": "2018-08-09T07:00:32.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-06-08T09:42:51",
"category": "Other",
"uuid": "cff583ab-81cf-4931-9e02-efee6e425688"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ce6821adbd912da5a18313a98009cf37febe68064cc0b7a8a97f14afe35bd54d/analysis/1528450971/",
"category": "External analysis",
"uuid": "afdf98cf-250a-4bf1-88f6-f32f02c67212"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/58",
"category": "Other",
"uuid": "d5961cd5-68c6-41ca-afbc-a28d59ebf020"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--75bde069-c661-4ecc-bb80-59a5e42b7df0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:00:36.000Z",
"modified": "2018-08-09T07:00:36.000Z",
"pattern": "[file:hashes.MD5 = '05aa48a9c536ad644a2e91eddf2c0511' AND file:hashes.SHA1 = '13b95e33a71c6c97ece9c31d4c4d965a8d6eef3e' AND file:hashes.SHA256 = '43ccb893ceb626f1ac76e2021b80bd33ba88fa7afec0b1422ce5a298245c1f14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:00:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--28c3b8a6-fa30-4897-ba47-71b6e5cee2ad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:00:35.000Z",
"modified": "2018-08-09T07:00:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-29T11:07:55",
"category": "Other",
"uuid": "cc657ac0-6074-4d5f-bcb6-c36863415c58"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/43ccb893ceb626f1ac76e2021b80bd33ba88fa7afec0b1422ce5a298245c1f14/analysis/1527592075/",
"category": "External analysis",
"uuid": "364afdfd-98e7-423c-964d-4f13c2da48d6"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/59",
"category": "Other",
"uuid": "fd92c14f-d65a-4e22-bdb2-2245531803e0"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a2c4ac86-5ae3-46e9-8595-e2578538cde3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:00:40.000Z",
"modified": "2018-08-09T07:00:40.000Z",
"pattern": "[file:hashes.MD5 = 'e5614d2eec5d2b75c5eb26e059932f25' AND file:hashes.SHA1 = '4c1dde9ca1ef4d2178c83608ced07a48fba11aad' AND file:hashes.SHA256 = 'eb612537d1c04226ceec5ee2a10800b3d6275b4c641e6b9a2e3671f1c6f2db46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:00:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--758f58b1-4646-4969-a6bf-c413006a6b0b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:00:38.000Z",
"modified": "2018-08-09T07:00:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-29T11:09:02",
"category": "Other",
"uuid": "ca6646a6-3c1d-4003-b04f-d1c5a63baabb"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/eb612537d1c04226ceec5ee2a10800b3d6275b4c641e6b9a2e3671f1c6f2db46/analysis/1527592142/",
"category": "External analysis",
"uuid": "5e2eadca-ed49-4233-8bf4-b891a8175a54"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/59",
"category": "Other",
"uuid": "3caddc2b-8ecd-4d17-8141-26f9ba1599da"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--00487172-a3a6-417e-80b6-0c9ae860ec04",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:00:43.000Z",
"modified": "2018-08-09T07:00:43.000Z",
"pattern": "[file:hashes.MD5 = '9c289f5db447ac00069b76ff5f8009d1' AND file:hashes.SHA1 = 'bf13df7c3b3bc09260616fa3f5a8597ece4f8f8a' AND file:hashes.SHA256 = 'd57ac96d0d8f2495d3d3dbfc14f258af1e768b577cae8e42038fd34b5877a04f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:00:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1bf1591f-a504-43e1-93e7-8af6576660c2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:00:43.000Z",
"modified": "2018-08-09T07:00:43.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-29T11:07:05",
"category": "Other",
"uuid": "29b0df80-aa8a-459d-acb5-ccd35ba65ec0"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d57ac96d0d8f2495d3d3dbfc14f258af1e768b577cae8e42038fd34b5877a04f/analysis/1527592025/",
"category": "External analysis",
"uuid": "721fce41-86db-422e-a081-188ac8beccee"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "8/59",
"category": "Other",
"uuid": "6727994d-f7ac-4dc0-a235-7d00f34d7d4e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6be6de-7464-4d89-b7fc-400b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:01:50.000Z",
"modified": "2018-08-09T07:01:50.000Z",
"pattern": "[file:name = 'MGsCOxPSNK.txt' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:01:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6be6fc-67ac-4106-b483-451d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:02:20.000Z",
"modified": "2018-08-09T07:02:20.000Z",
"pattern": "[file:name = 'tCrrDqBQoCcEkbnK.txt' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:02:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6be73f-c354-4007-a8c1-46d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:03:27.000Z",
"modified": "2018-08-09T07:03:27.000Z",
"pattern": "[file:name = 'cmstp.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:03:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6be75f-a370-422e-8da5-42a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:03:59.000Z",
"modified": "2018-08-09T07:03:59.000Z",
"pattern": "[file:name = 'robot.txt' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:03:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b6be777-e130-4d61-a2e9-4890950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-08-09T07:04:23.000Z",
"modified": "2018-08-09T07:04:23.000Z",
"pattern": "[file:name = 'KbhpQIcahFCuZwq.sct' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-09T07:04:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--d5cdedbd-c433-4023-b29e-aae441ce5603",
2023-04-21 14:44:17 +00:00
"created": "2018-08-08T11:05:16.000Z",
"modified": "2018-08-08T11:05:16.000Z",
"relationship_type": "dropped-by",
"source_ref": "indicator--5b6ab3b8-08e0-490d-be87-4168950d210f",
"target_ref": "indicator--5b6ace27-a8d8-486a-8661-3b5a950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--0402d821-a25f-46de-9785-726d4c4051cf",
2023-04-21 14:44:17 +00:00
"created": "2018-08-09T07:00:45.000Z",
"modified": "2018-08-09T07:00:45.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ae2ca65e-a566-40e9-988c-afd94662b78a",
"target_ref": "x-misp-object--0aaae123-be6c-48b9-a529-8423c78edcc5"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--86533ff8-789e-4b08-9544-21b20f330406",
2023-04-21 14:44:17 +00:00
"created": "2018-08-09T07:00:45.000Z",
"modified": "2018-08-09T07:00:45.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--3d2bdce2-0a74-4132-9e62-ff7f6bb49d67",
"target_ref": "x-misp-object--bee356cc-192c-41d8-a4cc-78db7e2abb46"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--59c4b9c9-8788-4374-9d83-da3d2434b195",
2023-04-21 14:44:17 +00:00
"created": "2018-08-09T07:00:45.000Z",
"modified": "2018-08-09T07:00:45.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b73de252-a2b1-4e50-b191-29e4730ad2cc",
"target_ref": "x-misp-object--0d7c23b3-5109-4ec7-a30a-bfde82cdf32e"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--aea80c16-ef4e-45a2-bab7-c8208195f532",
2023-04-21 14:44:17 +00:00
"created": "2018-08-09T07:00:46.000Z",
"modified": "2018-08-09T07:00:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--75bde069-c661-4ecc-bb80-59a5e42b7df0",
"target_ref": "x-misp-object--28c3b8a6-fa30-4897-ba47-71b6e5cee2ad"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--b72d7da2-df61-4b7c-825f-4081704a2c78",
2023-04-21 14:44:17 +00:00
"created": "2018-08-09T07:00:46.000Z",
"modified": "2018-08-09T07:00:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a2c4ac86-5ae3-46e9-8595-e2578538cde3",
"target_ref": "x-misp-object--758f58b1-4646-4969-a6bf-c413006a6b0b"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--97318206-95c3-4078-bcb7-29b72e08d17e",
2023-04-21 14:44:17 +00:00
"created": "2018-08-09T07:00:46.000Z",
"modified": "2018-08-09T07:00:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--00487172-a3a6-417e-80b6-0c9ae860ec04",
"target_ref": "x-misp-object--1bf1591f-a504-43e1-93e7-8af6576660c2"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}