2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5d159a21-59d4-4881-a9e6-41ca02de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-28T08:42:04.000Z" ,
"modified" : "2019-06-28T08:42:04.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5d159a21-59d4-4881-a9e6-41ca02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-28T08:42:04.000Z" ,
"modified" : "2019-06-28T08:42:04.000Z" ,
"name" : "OSINT - OSX/Linker: New Mac malware attempts zero-day Gatekeeper bypass" ,
"published" : "2019-06-28T08:50:58Z" ,
"object_refs" : [
"observed-data--5d159a36-2c3c-49c1-8f94-40a102de0b81" ,
"url--5d159a36-2c3c-49c1-8f94-40a102de0b81" ,
"x-misp-attribute--5d159ac3-a82c-4763-bf23-458102de0b81" ,
"observed-data--5d159ae8-17fc-4746-a7de-eac102de0b81" ,
"url--5d159ae8-17fc-4746-a7de-eac102de0b81" ,
"indicator--5d159b0b-d57c-453b-989a-eac102de0b81" ,
"indicator--5d159b9d-39c0-44b3-8927-4a4802de0b81" ,
"indicator--5d159b9e-b564-4227-bfdd-464602de0b81" ,
"indicator--5d159be0-51a8-406b-858b-48b602de0b81" ,
"indicator--5d159be2-63dc-4773-94bc-498502de0b81" ,
"x-misp-object--4b8b54b1-b3a1-4ed4-a324-468df8df0874" ,
"x-misp-object--acffc28c-bf93-447e-b63c-68c2dd2b85eb" ,
"x-misp-object--818eadb9-e542-4def-b9e9-a8ecee1b9737" ,
"x-misp-object--a2ed7979-f68c-402d-a8fa-701ea3ef90d4" ,
2024-04-05 12:15:17 +00:00
"relationship--7945c2ac-1564-4cc3-b115-762ba8e55f7d" ,
"relationship--268d82b3-a37f-455d-86c7-8212ca7f9a52" ,
"relationship--003c6845-8d36-43c1-a7f2-3960a1899bd0" ,
"relationship--19eb704b-a526-4ede-bb43-fcca4e16c142"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\"" ,
"ms-caro-malware-full:malware-platform=\"MacOS_X\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d159a36-2c3c-49c1-8f94-40a102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-28T04:40:22.000Z" ,
"modified" : "2019-06-28T04:40:22.000Z" ,
"first_observed" : "2019-06-28T04:40:22Z" ,
"last_observed" : "2019-06-28T04:40:22Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5d159a36-2c3c-49c1-8f94-40a102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5d159a36-2c3c-49c1-8f94-40a102de0b81" ,
"value" : "https://www.intego.com/mac-security-blog/osx-linker-new-mac-malware-attempts-zero-day-gatekeeper-bypass/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d159ac3-a82c-4763-bf23-458102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-28T04:42:43.000Z" ,
"modified" : "2019-06-28T04:42:43.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Last week, Intego researchers discovered new Mac malware, OSX/Linker, that attempts to leverage a recently disclosed zero-day flaw in macOS' Gatekeeper protection.\r\n\r\nLet's examine what we know about this latest Mac malware campaign.\r\nWhat is the back story?\r\n\r\nBefore digging into the OSX/Linker malware, it would be helpful, for context, to discuss the \"MacOS X GateKeeper Bypass\" vulnerability that was publicly disclosed by Filippo Cavallarin on May 24. Gatekeeper is a technology included in macOS that is supposed to check apps downloaded from the Internet for either a revoked developer signature, or for certain specific malware that Apple chooses to detect, before allowing an app to run."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d159ae8-17fc-4746-a7de-eac102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-28T04:43:20.000Z" ,
"modified" : "2019-06-28T04:43:20.000Z" ,
"first_observed" : "2019-06-28T04:43:20Z" ,
"last_observed" : "2019-06-28T04:43:20Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5d159ae8-17fc-4746-a7de-eac102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5d159ae8-17fc-4746-a7de-eac102de0b81" ,
"value" : "https://www.virustotal.com/gui/ip-address/108.168.175.167/relations"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d159b0b-d57c-453b-989a-eac102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-28T04:43:55.000Z" ,
"modified" : "2019-06-28T04:43:55.000Z" ,
"description" : "you can check whether any Macs connected to the following IP address over NFS ports (e.g. TCP or UDP ports 111 or 875, or TCP port 2049) between May 24 and June 18" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.168.175.167']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-28T04:43:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d159b9d-39c0-44b3-8927-4a4802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-28T08:41:19.000Z" ,
"modified" : "2019-06-28T08:41:19.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 6 d c 1854 a b 497 d 70 d f c 4 a 0 7 d 0 5 e e 59 a d 4 ' A N D f i l e : h a s h e s . S H A 1 = ' e f 628 d c 0 b 4e861827 d 4 a c c e 584 f 5740 d e 16e86 e 3 ' A N D f i l e : h a s h e s . S H A 256 = ' f 6 b f 5 b 8 b b 2400 a a d 4 a c 844 f 2 b 94 a 4e556907 f 35 b 44 c 5 f f 462 f b 4e70 c 0 208 c 9 d e ' A N D f i l e : n a m e = ' f 6 b f 5 b 8 b b 2400 a a d 4 a c 844 f 2 b 94 a 4e556907 f 35 b 44 c 5 f f 462 f b 4e70 c 0 208 c 9 d e ' A N D f i l e : s i z e = ' 48822 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M s l 3E7 q Q X W Q P q E A A L a + A A A g A B w A N m R j M T g 1 N G F i N D k 3 Z D c w Z G Z j N G E w N 2 Q w N W V l N T l h Z D R V V A k A A 52 b F V 2 d m x V d d X g L A A E E I Q A A A A Q h A A A A 1 V 7 o s / H / 2 I p 5 z 1 g 8 K Q g g 2 N Z N / P W 9 / W n E Y p A u F y 7 M Y x M s z U l V R G p e T C I r 2 M u c x 38 z a 3 m g y S F x X b 0 V h l Q F P m N D m o Z s E v T E E t B y w W F G i I 7 e z J W H S 1 t W P Q X h 6 P U A y G m U 3 d Y D P 6 h m m / d H B / G 7 P 7 j h 8 k l 1 F h N a f + 0 79 x a r m C N F W G W f n R P z 5 W W X 6 m s 6 B 9 q e h n 3 w l C D w p b u m Y i W B 1 r 8 E v 0 K R K q t / M 9 t 4 f i J Q U o d j P 44 F g R U f 6 d f T e U 0 u 9 p U c x O Y c Q U i U d P C P F B 5 a 3 l d C 8 Y n x E d X D 4 C d M O w E D I v 9 y E 5 S H / m v M H o f B 4 D A v W N D t K c z Q Z Y 4 n 5 y 59 m s + 7 A 5 f N q M A Q U Z 8 m N z q j / c o 1 R a k h S c q p 8 p e B C M M G v c Z g t o 9 v R Z f V v k a M 51 a / h F 1 k e w u q Q Y l X s y R w U G / 5 m c 2 c Q Q I N W l i C 2 o S i 2 n x + E s 0 k X f y Q 5 o 0 j K H n u S W 9 P R v O 8 j R y O h L m 5 V r T F e G R r L r u a P H V s e 69 i M R S x q v V 6 j W 4 g e 1 u g + e w j T r R d w j f 0 d G U T Z X 95544 g K 4 n N 1 i y w o n I h 37 / e 49 t o e l s Q e l M N O 7 x Z S N 7 z s v 1 p e P o 6 b x z D b G D x w T t f h g 5 Q F C P L b n + d R 0 o O b J w C c b R h 44874 I B 6 A A N Y n N O n V t J 8 k j n + g z 7 L M 5 h 8 N R 9 G e 1 / 8 Y n E i Z r c l T I 5 j G N U P B O T 26 Q l T R B R R m s 8 P H R J Q 4 I A n V D 1 R x F Z W d e N x 6 D B u x f f n l 9 c O 2 t I / B N M Y / k M M d 10 l c N a z j / i N V b z 1 y x 3 x Z n m / h l F w Q S + G o s Z w 7 t a i k u n 3 f X j j z L 7 k e P a d F d U 5 L 4 H 83 g L u z c h P I + d Q 6 I u j q D o f h g w G g 1 T d 3 g j w x k G 660 t T e I / + 0 p g T F E G Y f 0 3 + h F q C Z D g w d B 6 b J 8 N o f j W 8 F l b 7 N k O p K m / n 0 g N J D Y y O U U o U k e G Z 9 L t t 8 N u U x 8 I b 2 Y d F O O K g w 4 b X t s n r i w S 9 B W / g q 706 w x W i V 8 G B 0 x T g g 2 F j 2 X k k / p f u t 3 k o I 5 / n m V N g B C S J w + 9 B s W R 3 F B j d e X G m Y 0 Y e 3 B z w r 9 H p r W Q B 71 j a 4 U + Y A O z n b J U B x w + z g J O / C X 28 a F G e 5 B t Z I 8 q q / B y B b R R i M b v i e U b K n Z d 7 p 1 X 3 E X L + Z P z T s 0 / q w R m 2 R f p n b P f a N s X H a 6 i b T a b i s E r 1 m c Q o F 3 B M s 4 T A H n X P K O 6 n s y 1 q c a b T i f r e a g u r o H + h J E h K Z b n V v u P p G v 3 D g W n I 4 N K 9 T m y k U A T r x n O Y F a / 6 + m f I a 9 J P P X 8 n A v r E r D S l R 0 v 50 t W M e + B U m Q a E Q 2 c K G X z b g k 40 D 5 r 6 o P H u H p W / 47 F W a l p h 2 S w y N s + K l E E 4 c n 7 h m x 0 n k 5 G 2 b Q C i L a l u s Q h X a 8 L 7 S e 3 H e h 3 y v E C 38 E B e U I C q d w x j u F q + D l X I C Y T + v y R T X 11 p 3 s y 7 p 5 / C g s S K A 2 b I q b U n t w 0 F N l f K 1 z V d Q / S Z a e I i p 7 D V k z t q i Q G K 0 4 U L e Q 9 X N K 2 Z G q z S d i 2 Y X X P Q b B y n f J Q 96 N 79 c n 1 n l z H O l T q 5 l I b T Y P o 6 L + q I + 8 d 1 s 3 J I R P 52 v m a u x 9 e z x S v T t D I c x U A 5 q u 2 l U 0 Q g r + / U K c I 7 I e u 0 p b S y 5 x i a S c W N K 9 q M 7 M A B V g h Z X q R / E Z l S / B m G A 3 h b T U 8 f v v X 89 Z i d x G 8 W 0 s l Q 1 T v V i c e I g S U R G a k x T 7 x J 4 W H L / R t 9 a U P o T l L u 2 I p O j r D o 9 n Y W p N W Y H p p s i 7 s O w t b 8 O Z i 9 b 6 u J V 4 y B G N 3 O t Z / s u u f a 61 t L I 8 S 3 Y s z g H f p K x m X x s t 3 K R 2 H e E R 9 y x Q / S s P a 8 k p e + 0 3 Q Z 0 m j i U n K u O Z r y 7 F m c r Z i y C H o R e 2 f T b h X k Z 0 o L C m 0 T h 5 v I A 21 T a J / k v 2 X p K F 6 f 3 N 5 h c n a F / d 0 Y I n J n p u O 4 r I L I O d m F S W m p F W K h I W b H G x C W H x c 40 V B E J f 76 m 82 q f Q s 9 H w x b P + r 1 z u M o R J H l i A T C 2 X r N R 4 p f E n + u F W V + w C F e n G S J t D J Z M p q J F i L Q q h w B N t f 1 B A D Z V Y h V 3 J I 9 f T M T m 3 / e 8 d / f 2 b Z m c Q C I X s 1 x v s G T b g E o T 7 u X o 90 W M b U e S p g 4 h n U w T s T z q r I m a D 4 R 5 v J Q g V e p 2 o s e T 5 u 6 T P 4 f j D a 1 o A r y a e E 2 J r M O H 5 l e Z J S F v R e 4 f j K v m T U / r 5 O E g C w q a J L 3 j a M v E 0 h 2 u / E g J J 6 t p g I C B / + 3 G 2 o B b k a 19 w 7 r a V v r R f + 4 g d 14 w L V I w + j U m z K Q 2 T P G A 3 Y 9 J 1 U Q 0 Q u 6 T k x N k D e 8 m I g v / W 5 U d v t U W + 97 i X G Y 9 H Y E R w x L I + + b d 93 N N + M n u t C I S V A G S z Q O Q h N P h j M 2 W N u f N k s 4 O 55 o Y r o K f + 6 E Z v R Z / A i + 5 T A h a v 4 M Z H b 7 R e F p L 7 / U n X g m 6 p O J z p J k 1 S 1 e A + u s 0 L x e M J t / J H O M 1 z g 3 e z s P s 4 I m b w 9 C 9 b l x v G w u 25 I V N 19 M r p 91 D C X e Z N Q d x V Y z x 3 f t V w y j X U + 6 b N H 7693 v n m z D k E v d L Z R L i C Q S v 2 d b D l c / 9 l Q / 4 p E J 2 v v B 3 a k J + G N Z V c 0 E P X 54 y h r o j c 8 g q 0 9 R L m 7 A / H h t P F K v g c L 9 e + G J g X g G D C O Q S 6 J n 4 H 5 N 9 B p k a 4 k O C d a F W X o U i F g 30 u Z h 6 u N b B i z m U V 6 e I D L 6 S t x J h m z Y Q j j 8 D 0 h o J T O e I R 5 L w b 3 m c M D w y M D k O X 5 J 0 Q H Q r 9 o / S S J K Y H Y X r o 2 J / v W 0 6 i r 5 E Z d S C u N Y K G X V y M Y + l m / k l y 0 Y p y 82 D J n W m n l R c w X w K E Q j x v Y x 7 j K R R M U y e j u z F M g P b 4 S p 4 R r S c l x 2 W a H P H i r 2 o n + 71 c S 2 c 4 F 3 Z m W h t R w 35 X 9 n P 9 u L / s f / b I / g k r 0 5 L z P L R z K V F z x m X y U O D l S C k 1 c L J 8 B F M 0 / Y H F 7 g r h Y R P E X / Z x O 3 a + e H 3 r 7 d q I N n H 9 A U S l I + a U M Y G U D P k S y T q L H v P H F j a b 444 M W j S F N a 7487 C p v z c P 6 c P U y L y L N h 6 j a K c w E 7 c Z 8 M F U + d H g u x a 9 A t p z M T F l Q G F V F A S n p 5 H A c f I Q J + Q n U i 4 / w g S 7 K l D h k w o 7 D + k T p p L c + H A O L 9 w g T 4 N F 3 k B N p p 42 L b n v 9 Q m 8 p t P M l c d K D U t g R E X C R T e / V S v P Z D b R h 0 t p g p o U x y 0 0 o 8 Y g k R a b n G v w K C N Q x h J 3 l V J b I N / N O U s f J 9 + K r u T g V 0 x b V L 4 y 44 i G n 0 g 1 h B r L i 7 r 1 s F 5 w o e X 3 r g J C o M 4 j K Y / m 1 K O l U g 5 t m p z d M y 429 E X 9 + z 0 3 Q T L W i Z L s 8 + 97 c v n H 0 S l G R t a j i V K F R T I g m I D r e V m Q Q S H L k G y E W x a Q L w n k M G f e l n I 0 u o t K 9 f 9 x T G l Z E 5 m T R e C / d X F T Y 44 B T D + E R l s 6 V t i T L l w V R N N I 9 L Y N H R x S 28 H Y k v x N / 6 d E x 2 z 5 o 9 f x f g c y V I h 924 l t 3 w 3 E s 1 X j 3 a p U W / P 55 F 5 k c v x 9 s u D b v W + 81 f e G E v E c 1 + 2 t a J g 6 y a F C v z s J T E m O / l Y Z K / 2 z W 37 R J c + d Y q n f t g e P O H E o 7 J n l Q i o + c v K R F V T m e M d F y 5 I O r s v H / x q O Q J j N Y t q B X r n G A A x I C 7 M N R 0 Q 1 Y U Y R 1 A Z C H E P Q 4 D M i G 6 h / v r B L 46 Y F C 53 f T I i l r c c U a 21 u C K j Q / O B 82 h W Z 7 t H + x a 2 L J s H s J 0 M n K C 8 R D P B r W I c o 0 A m + A u D C N T 38 k j z U w z O 5 U q c 1 Q t h O F P 4 U v T U C t q + v k N U n k a g I u x Q x X o s h A U Z D C h V c 1 j o N a R h z u z G B 6 M a n Z E u i e w 2 k X 1 Z N 5 d 6 X E t b u V K c b i 5 U k e D O O E y T B n m 6 z K I O K 2 o J B v f u a + L w f F 3 m O E f / j + G a i 3 A n n E 0 H x s e 5 O Y Z T o f Q 38 t H 6 e b 35 / z b 0 Q w 2 f i u y u r A G v G E Q L p E U C 9 + n 5 T C c 4 C p
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-28T08:41:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d159b9e-b564-4227-bfdd-464602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-28T08:41:19.000Z" ,
"modified" : "2019-06-28T08:41:19.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 0 3 b c 7 b 51 c 1 e c b e 3 f b 833 c e 3464 d 5e36 f ' A N D f i l e : h a s h e s . S H A 1 = ' 22 c 26271 e c 6 c 901 d 74936520e14 e e 0 330 f 0 97 a b 6 ' A N D f i l e : h a s h e s . S H A 256 = ' d 53 e b f 9 f e 70 b c e 0 5 a 0 0 f b 6 d d e d 971 f 49 b 0 70 e d 8e10 b e b 0e40 d 48e3495 b 274 a 23 ' A N D f i l e : n a m e = ' d 53 e b f 9 f e 70 b c e 0 5 a 0 0 f b 6 d d e d 971 f 49 b 0 70 e d 8e10 b e b 0e40 d 48e3495 b 274 a 23 ' A N D f i l e : s i z e = ' 58305 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M s l 3E5 Y O 88 / B L U A A M H j A A A g A B w A M D N i Y z d i N T F j M W V j Y m U z Z m I 4 M z N j Z T M 0 N j R k N W U z N m Z V V A k A A 56 b F V 2 e m x V d d X g L A A E E I Q A A A A Q h A A A A a M / A 5 e q K v T A b x d P L e m 5 J k S 7 r b I g 7 z M 0 z B K R 1 j s H J 9 d T u Q L 1 f S W O 6 v y F l 9 H C J 6 h A R M 3 a V q i G C 45 Z I d r s 7 y u z P 8 a a 8 F x t k G V + P o 4 M m 2 s G z O R G 10 b o W c P 3 h A N O C g B T 5 t L h m T 5 r D 0 W a Y X m H / + U g I Q + 4 w L 2 W D m c q v L N j R 2 U k S h y k V a g A x M d / Z Y K / F x G 7 p m 0 s t Z r t S X + B 0 J o w h q 2 X 9 P 9 R 6 W L n J T b k L k c O t D d 7 z F R j N C D 0 O a m j H L / 1 a w k / 9 J d Z 9 e z 7 o 6 a H v x l / I f 5 / b E u o m W 1 d O z f D F M G O N r e X l v b G H 8 j V B T t W 8 t G m s j O f e i I X 5 b U E c 8 M g V z 56 V N a T j //267FljH5DrBhSfloUvbKVPtmRuuwoGoPamg+jTety6VgAsrt/qeWaBOzkw8IFqv/hO5UJemJ37BwARV+9GUEB3q0qHeEnrRvGT4qNTTw3/GhZkw05vZQpGhR3gKJTCH44nqmcyp0Znt/XBuXbQ6u62DAOGc6sYv0sxoysJNQzXQ4K+o1ZS8U+CB1z+oV+Brj4i2i/72gFAKr6cX4f89JIpA2oPMoN2TZDyy0IDvKTQFHkQ2AWUkVNkX5ansG1Fp+pQ6HwNWnmk+XfBQTRRX/wofppqcJfbyWp32XZTnAmOQ0ezQWSQDNN/I/4y1XBvgoOE81sumOFNyGpeLPrEW84pPIQOtX0lCXkCWO26OpgeifzoIFFaVKKjdZ8FzJOf3BzZKcVLq8rAO6V2pJ28OdFJHG3g4O5diju36E0Wkgpeu5JPZ3frtW6amyiVBQ4VrtKvYnmyjD7lFUAlBZWLDw5BMHO+3YRkA9QtdkdfKbpe1WN7RXKqLKlXOHgiHj0Nw42wSzjlsoVmP/5kj2j4clBIqJa8QsOJvULeXe6MiDap1hbgp1nGCSvQXjAf1DOunuwyFAilLA9RzQR1gJfSo0jECo3Dyhy+mI2Gh+rEVgIm1aqw2ywWyk7VQ3riy1sIVfcRcDTb09esfkGacW17IxxPyMsVuqrxrXdO3MfxR1FYVoh7Xf5wrhPzTk26b1OJtNZUPoc2c/kFWY+hEhnaSWo0BB+1Y+O3t/FvKCkm/wAPdjb+rpNlO1qMVyG7LyjYsksyCStjPMTBAUm2bS6Az5cy6EwB8UAHTjYD6c3S0hwxs2WMcy2B61Y//vXCxoeReApvpaF2bkMlo5Wvu76fT+ykiLFzsCNBAWkzJCws973B4Ijc8JE2/JzWJAji81d+mErHgxC5HsLmKnpzBDuKqDMxSzjxTXKW/GXRRtpHhChukVIh5Yg6bRLdNAr3A+MH5Eot84CyQyHxJv93J8Etq1iTy235SVYV5ljSTeBPL7ZGBpbZflwAowcdNASEoaAF4cexi7qFXqyo+/kwGv/VuoYfcFJXVXVTqfelbuODeCw4mpA1mN74GEa5LO9entu0Q+gYVcrFYNsCHfTsQKX37oKdPdZUgUtRIvBlukEjB8Fcno4trVOI4EfC/enYmsMA6fUwAOzdTDR571UTs598MjHh+S2CvcEF7oVkvvt8vIhA0S6Z/ISf/FrJiA6lWxAXgZzBedU6800rzA7Fv0/gLRETf8OG/57YLOqBHOD48KIfgFmokzsVGKq0g+U7hK0q9s1b2VKYFjz1/V9hJyBz+vh7a8qqxFrMt2kmc2TnTC1uHwCkTC2SsFfbCwrYKtJ7+1HqNBgT7rAXXH6kGl60urgTQJzGfYiCr4NNMu/qDBFfi7pYoOVP5j0bgCCTHtVf8BClRbqRRxqNdHYXoxMlRomd8as27Ba/oDGYgTdwlP13RDo460CYG1Wj5P4rEAnGRvfpy3SxdZTbkoIF2ZeSLRyM/zGpie0F4lFzYKIp/9BGw/sht6xR12g9fl4gvcdEZxaYh/B3OLFsJUyeDqvX2ble0UbIn25r9akJvmdUIaLH5LJ51tItvYWrUlSzU+v+V/C17ymlrBRq7Ks0bTcPW14Cj5nHVVAM6imyQQbn6saGizrhLvqJICz2EIjSJAll27WthkRwayonvq/Uy2D3w/qVdi8WOlBLtsJ//Urbj3Ak4Ll+dlmjM47yfpB+JZe7JV4vtRdzKQEsbcwJm+gefeHbDzTvOa/lrMeBGIGxJGuhJ+xaSFuXSjAQoB7y/Vj4yhpvkrnW+FtvUMyNB5TbQWWOkN3Sytgltv7z9U94b2WDk+CTQ2mga2H9/+QMns4fUYFQ/u6jnU1BWvY9eowYQ948tbNANS5kiFmVibMBT9D8NWIz/ijpat+6l8iLg/wjilTHil90x9Q9DmcqaCLgwIWQGxAMlucYJ/RLDfqTRxNF/o4TIeNW4VXISV0KxNepgsV4LZCf+CclGc2cDYcXCnsgbdqqZAS9cKbMbXwPbOs01C5NfaU0CXxnYcZMAdBmboUcThj23zdcTlRRTC/U2lxaWohK0Y4a5BvNS0bWK67rukM3tH2Ka4UoX3EDwxxowLqVB6oiKDJE1nIy4pe479gfWxOCklhq2pqeVonjiudnrw8C2WIMo6exqygBoZnefsrX/3okgCj7MBkQOBStjRqKnlINS5sM3PVjg5uqjV+ien0F0SX9P1sYeQoJA3Kx4IsXQaJ4AVzuqrObsmBFk56D7AahBruPpEzub6OPlB/V2IpKxzVjxkjg2oQk5aj+GVK5ai/idt3i8cv3yiHG3glivYad8d31cn15Ly8QbKmh85OqEs/15xtXQ8cbVziVlSeelmbJAEU3HjJX/w4wDt1WvuZ2qnqRrM44Qza9vkj8WCn5kjKb2do6k7LfGBsRR5XxdKZyU8J+FhWN1XaGbjqoMneZ/3yXCYCxSzMacWMH1gdnWymyOyIaQGxpku7M4K1boE/5PqvOskfE+z5r4E8gCz8amxA0LoHrDMpc1yIPbXQmwbOy74SQuD8/hQ07GhvbcVeNMoxQkZL5tGd7X1Hg5Ohm/dEAXaZFOWoYJ5nrpw5sxn9faQ+2IITN1AIg7C4Ky5Zg9+i7LSE/srEm7/lwQ/qQGEJoK33bGi3nOpFfJ//HUXI53NuFPZLDKfIeuaMWioBPKNHfgruUzYK7b8qSU/rIC1TNzSxSZhCaNWm4LwLfkuyaWz4U2e7P7XrVlZ7GzV7a3TFsIOCSsQlC3Vf5E94JVugmg5vdPZZDsZxUQzWMk9OXMhCEps0QD7jSeH9f0AWlcb0j6PYTiO3BMJY6QZFwwaSNDKzs5+l4fJtKsjxYQ6YH3qYA31n5JnAKqGhu/pCwO7dxcbJtckLsG70hQJQxZK6+f2msjo9bmohAGMfaqNa2N3PyWhdiPwbCRfmzQMZ33qui6Nep1PzrygwCC3hzs9IXrsX9JtJ4NbnCpZAi34cQvAxlJt8zrXXfLcIONCtMJ5iBDSNZIJ8txceD9PxTwPllurvdYgxl3GyaoEUPsb67699XpaN9uSvgiB+reErPjT3v5wd/E1HpabF0urwlUAcrQBdgpKyoelAbJ9ywiozNJkc3z/MADH5Ew0h5MQPrNmktmUcsnlRJAsmdGrxlP7C3Aq/eAY5GEl0WnsEYZ7IpWK9t61IWElbiG+zHCSQtoPQkQnRURxlubvQfC9LKWt03pPvqK94wNmfAeBSO0Fqduv91t6FXsHTKCNnsM4B
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-28T08:41:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d159be0-51a8-406b-858b-48b602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-28T08:41:19.000Z" ,
"modified" : "2019-06-28T08:41:19.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' b 928172 c 67689 b 98 c 94 d 1 d b 283 a 8 c f 15 ' A N D f i l e : h a s h e s . S H A 1 = ' 826 b 1 a b f 68 c 39 a 6 a b 56 a 5 e b 6 d a 16 a 5e4084 a 0 a 75 ' A N D f i l e : h a s h e s . S H A 256 = ' 9356 e f 24e81 a e 6 c 4 c 38839383156 a 2 a 0 0 c 3 f 183 a 31860 b 7 b c 566 f 92 f 1 f 1 a 3 f 9 c ' A N D f i l e : n a m e = ' 9356 e f 24e81 a e 6 c 4 c 38839383156 a 2 a 0 0 c 3 f 183 a 31860 b 7 b c 566 f 92 f 1 f 1 a 3 f 9 c ' A N D f i l e : s i z e = ' 921600 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A O 4 l 3E4 i b n M m 6 p U A A A A Q D g A g A B w A Y j k y O D E 3 M m M 2 N z Y 4 O W I 5 O G M 5 N G Q x Z G I y O D N h O G N m M T V V V A k A A + C b F V 3 g m x V d d X g L A A E E I Q A A A A Q h A A A A O 42 h A y C M 7 f P o 1 E v H M X k Z x X o K k M 18 d x z f G L d B E Q 0 0 s j H 5 p I N O F z J X s Z s m K x 1 w O 8 p d T T d 4 g W h J X a q + Z V i e 5 z l q X j G H 9 O B 7 r d 82 w Y l r o e X e l C t c / 5 d 2 u 6 J p n e r K h a q 3 h z 9 / H o G 0 0 m C f n M 61 Y a K C R H o h B y q E c o H g b K f x o Q p g h Y X n k f 0 A B o D X q 5 S M u f x m c v f 3 i P m c I E i v s D Q Q t x 1 m 27 y / I n a U 2 M e d B t Q u f G n t 7 V t X W b 88 a D c v T 6 z I C w 9 T + / C P 9 d L k h 6 / Z b k T g 98 F y H 7 P b o 86 Z H d D a E U c 7 K M B C A K l h E A v C v p a l D H I s s Q y 9 s 1 B h f K c f X O T f / t l J H K k o i u l H G / l 0 B A H x z 4 P g L v 1 / X A p I S x o X D l t 0 s a z o 3 y x t o 8 d M c E i 1 r C O R G w T 3 F x o D e 73 c g K 3 a / n 5 Y 0 p x m P 7 N q u 3 c d o 9 E R U Q //ulQd86k5daZSAY/x5y/7MtH0LVSfq+curdcoSEpvzaH96gHzy453mKOOfKT5Yyr6YTJccTA9VfY1mE3dL0Tym54SeWudK6ZrGI6ZYNT5J1t36kSUKl519OdJFQDwZp4mbb5JJCgmSLCV12i+TnbUXzOBDjs6od50pZ81S1M83p6zx/zJX9n0eP+4IIDqyJu4hTR6Tu2+rw+7JvV/uDQDcVosPfgiqMR+6CegEIcye1A/Oi9TJ5kfqYQQgHOZDQ9VZFz0qglWqKUeCx6yMCOnixX1warRhg55RnB4S90SJF9sq9YYxkHL61EyuoZotV49PkOQI66+n4BwqW6nZ5bwQO231WivjFPsmLLgkctUShHwZBVGNFx8dv0mfzf5EGOSti3o6yRdXQwrAW/gASFcHEmI+bg3AIWd3kcoQJ9/M6TKqinJQT090aFhWrcofXKYWd8mZ2vEwEya58m/Z9S6h83QjuqgV3m7mt4wODiY+/7V5GDGpA4OLLMIc9xV0vuyCJjoCAxZp5fVNKtc3dtQo/ip5X1zoGFvyy+tOvxzXVSZmiLrF4etaYIvJiujcvF+3rhXdqpDCu3bWg3kYU1leIKDL2wQEJRA/CPt4G0Rv70H/RY2A7rJVIvXn32uo7kQlWt84XskLL9uzQtAaEr0cmsWqE9FMMvNPDeYAwbArS2nOlb/FdOSvCT+W5wZJPuP56OhcGnttO61WHAVLw+BQ8ozAiwA7HFuT5EhwCT+7IHFVVJCgTBPtrkT59sjJeUnUBp3hkXLrXBJ4Tr+jTAgKwd+0kiVBDx/QYN2fsaqHm9ON9By4SDEyB1kQtsDIJj3JTrorBpB/BQj1hitRcbLmLSQe/DcLtkG2aWZVmtukAD0bag0wjjWyJes6kadQ7Y1pSnbtPBi4041RMWkiXHgh9DTQcQJBCFpFTHFyxGrD/v+no1180ObTbtS6/cys7eBI0hp9yV2WCJxGDiMcjsicO+uSlpXx6hVGPS8YHu390FAyyNtjTG6tIiMUpO5w9Wjq3cj67tlLJLIkd6Ey8UPBKyttgzWFNaxYUFIJ4scbhoB69J9R8vwhmU06l7GZ4OeXW08/hqAUr4IEPGjMZnKZV0jm5CdFqFA4CLRyju+EIFzmjtQyFnurvaIJB9UQJVRpe74gXHj56Txc8fpwstfwZspZIds2yqFMkV+kpV7T0c4GBaPU3VfQR692ZDl/EuS0692WfKlocFRdQ2yGAOKJI8upnh8Urm8kLESMACjkzi9RDMsadjacLhbu9uCnC4jGzcL3sM5BAyL6KEYgCsx6RZkaUF92Q30zYFbLScfnq7sW32rpD6NDI5eZ0yZFUOhHA0DGqH+BK/tq6cQjgI+YJVXFlu3jTI0XDKX2i9c9u4eFffTcd2nLriY1+O7wAoh2NVr0VBhTZbzUWD2kFa/NEwEYl1NgUBOtFuMO29+BIDOEnMyWLXWCl66HBbcePX0u+9RCMI4j1uXTX+HoHATFjDzxSHZInUMzbv8OuigWfl7Z/kSsQIZP1pUs/x9vOGModb3yqfjy6fiRYefgg71t1jwX251gPWgL4qXngfONDflMmWCkqcGT//WnkKogHdXsB5f0O6FshZghLsfIa7t57AQUJuDCe9xDpzvR4x60kKw7DlMZKSecE83rfBjsEopsys6XJC0/cg+DJd/sIH1CxAKBwpVkuPRjWrIfnArgA0FHTFCMAzTJZEgFdS4p9IajQKk2D+zGWLxpkBSgKubk41FauioDhgvk71nHI548DKk9PXFi13pawc4tFmQqOchRQCXyydf/wyQ0s1KGniUfWq5scdEHw+wnLx9dCrZZHSrocb4UGEbz4ivNOXIlXob6jyn2hHQwUDdzDoAsRfUB0qOMkj/MEKtX3e01zzoipZuu2QkmJZUyaEx4UOzU5mDXbGtyl+i4CVQ7gTlOLxFSPyOyDmH4Cwz0HmAISCfbAjX9G6yCHj3mNHCZRLfaYIgbFZDD7rP8HXByYOlBwDGf5MMTPNVOzr9kN9SiL2Rz1vvEBgCmWP7cmwuF0ubhiTaHd7Comr+lYOcPFjE5lkOSPBsOEZDNUp4pNfEJwpCQSMGaAyWbQnc1w1WzypgsY8Ds5GFZBvkYRo255tPARmhGNAwMTkCMj1dojE7682n16YF4xQpqfMUzq9Sy5WUhVOm9Sq3weFwp7ojy9FTM9StdjS+og1swMKAcTnkMrbA30q9wGLl1emOZPweT+D953JktXnV7FaXbVzC7Al6Gs0Nq/UWtpz0qxKfXfNtoPPB+1kV7Bgz9zOjSZZDS/2zdR967gYvQnUlAl0top80CKukdcxoMZokAsrjh3f0P/drcrDPnMoOjp90Eua8lPwo7p8+g5Tkin1SLdrCiokXJs9mw2BVj2VrpWGmVvynXswqi7YNgN34riSYHzDvaWpSowR9Vp48U0AXfl2qHsnENViWPLb537mN50dHIVDNgFpmzFYSp+h9GmmVZenLg8u0pJnNRTPWK7YeciDmyb9GzRYhZhVKIBmOnNohxQhFLD6IoSn3P49BO9W/lPdtFT4NRr4r2FnkQw9X66escU/4xPLe0vGYL27PaxkzhT3tUcfUls+jC8zHSbdZFmtuW3BEGGnSteNL++IEeL32zTjdPJupt0QdJ+Ls3RWxI8QHQgPnglIyoBODPr0OXfngP7fwVdXVvI+DxeloFddIVlAVbR3NUrRBFkUta7RXAjJIlcH8CUPyjNWgKFq+JwwwaFF5BGSD7+vY7TTq/rpxElg0Ln2qiSHbH8GWq7IF9FxfCFMl8hPqlGe/h4rwN2Fe5T58mPAcsy/fO7NG74UDLKKPvyTjmBcZvr9aW0Kmvej5ShntYR0UsxwqLBkDubQs9leO93Sohc2a0Ed2y27hplvkpgjU6wFPamYhMhUZvUNBaIWuSk7W7aVy+A1FOPdEawKneAcZISHMuY0lpy5xoEbexIU0iSkukJUYZSEb9HG60BpCTeB+kOqCOJui1sJ/qYsC7NjPkJNb1IUDEJaQDsaVNVVX1NrIdKsDDlGJ8mGAUto0OVWnKtMGOo9ylXwcNv9un8fYoJL3uNx5j4bU1deJprOmiCpnxTiAUPLdVksfYi9fcQzXyDiPrqdfu/bDHcDoGVbvpI5PWupf0FxVsPmpfmgnxuZ+ibyweX7h32knoQ+X/R
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-28T08:41:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d159be2-63dc-4773-94bc-498502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-28T08:41:19.000Z" ,
"modified" : "2019-06-28T08:41:19.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 89357 a 1 b 2e32 f 2 b 9 b d d f f 94 b 8136810 b ' A N D f i l e : h a s h e s . S H A 1 = ' 56 f 2779 d 7 b a 90 a a 83 a 463 b e 40 f 6 e f 9 d 9 d 0 30355 e ' A N D f i l e : h a s h e s . S H A 256 = ' c d f 9137 b 9 d d 78 d 79532 a 8 f 8 c 2 f 65917601 b 87 f 8 f 25 b 68027 b 139 d b 88 c 6529145 ' A N D f i l e : n a m e = ' c d f 9137 b 9 d d 78 d 79532 a 8 f 8 c 2 f 65917601 b 87 f 8 f 25 b 68027 b 139 d b 88 c 6529145 ' A N D f i l e : s i z e = ' 10485760 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A O 8 l 3E7 J y O j x W s 4 A A A A A o A A g A B w A O D k z N T d h M W I y Z T M y Z j J i O W J k Z G Z m O T R i O D E z N j g x M G J V V A k A A + K b F V 3 i m x V d d X g L A A E E I Q A A A A Q h A A A A 20 N y T y D N y l X h O G K R O l W R D M X a E K D k 2 B e W Q / t 4 s 8 o H G I L e i n q P J X d l 7 h F O 30 k w l m p O f K b x 0 S 1 H w q T p 3 l Y w d S 0 O E T V 2 / u + L 7 k J u W Y t U Z 3 Q W r B O 7 Q o K U L 5 b A L V j t B R q B a W N d x A W z W Z e C j / Y e F I t 2 c y X 3 k / o C w S m 1 B m f P Y 3 C M S q Q s W N C B y L N / Y v n A M z x y 2 q A n n N D w 19 E m 23 K Q 6 Z R m m U 68 c X p D / 2 k 8 J + D U 2 o u V A 2 e c 1 p P e / L O h q H E j 3 g r Z 4 o B 9 m Z k s + q 9 o s T C 4 J 4 y I m 7 u o 58 f x i X F 91 S s n q t S w X i i 9 S g d u P 4 d u G H o B a f L M K J P c u v U G y V p 95 F E 4 h x / 4 H B g r m a f V i W W w 39 w w u m P P t f 5 E E x Q 0 I a n G w L d w a r 4 p 3 v C 2 Y R 8 f f t a F Y D 9 Q S M i 5 X 3 o J x w e V p 4 A s 9 I k W y G W N X h S X k B 1 Q F I 0 g 5 S O T L a T m P y V W h g r 7 t 1 V j 0 w 7 b 9 s 7 U t h L m 3 E S b o O j q O g L 6 L k 6 b l T n d s O K u e p 0 B Q P 8 D + S N z m F N h W w / l H o h Q I a H z E U 9 l I w B T d 21 B n m S 47 O l Q l P L a n Y 1 r U X h B v o L l d n b W p 3 S 4 p 4 S J 41 C t d 45 k M 42 w a z + c 0 F r K R n 8 d E q D i A s 4 T I L N X M k + P X B 0 m A E V 6 s K U 6 R U k j A m f C u K W 2 V E s 9 s r K L r J B M L D X P d 3 S 5 T i 9 A K p R A 6 i a V f 5 H P 0 j 9 n n E k x U I V M 7 w y F 1 Z Z 94 J e J i 7 v X O l 0 m w w C d E U I B D f 9 B 67 o A U 3 A V 0 t I 2 c F x h Z K m G N n m F M Q f D 5 a X P A R C B p R i c q / C a 1 q p V B A 2 K A S h B g 8 p i C m u O 7 D j M F A 9 J c u L 8 C 2 H W I m d z w 1 d X i 1 x 7 l N v d Y y H y g 2 M B F 25 y D x V T B w s Y C Y 71 F I v U F d z K t b W O 0 a N v G M h l e 2 f L l 7 + A Y H v h I i J Y U H h R g 3 J 2 f b 7 l c 4 g b L v t P g u R 2 F q 3 m h F a E j D E m X r E 2 p u B I m C X 8 T H 7 t P s y N K y 3 t w a R F k V 8 c j 40 w T I s b 4 N / 4 S 5 p E D h U N 3 Z Y 4 o / T 6 n U E J T l a R 5 P 17 G k n 0 2 X f V b Z n / Y K g i F F d n 7 u L 6 u T L X m K 9 w + 4 Y S p C A 2 p C d s y 0 q + i //X/NQlZdKBkiwfIVDwdt9tJolPKCuT+ARNabh1abQsIJOYX0k2ORNgfRa/lYmantfa+yHpYG+OAbu2OiWmMT4CdKEFO1TEYvhEdizddQQExEu1eY6Gha9bHmY0fWnOx5ioBPsiS5RXvTSdahaJ4fLuyF9ZvDVur3FfciLJZ13kZ/GsXJJ4fb1A1lTaBHwWlYBIjq6TsoNP3aL42vdy3CzAkCuINZkWewsHSYJAw5oYUL1hhQQsNfLYbrXbIBj8YvwmJC5VKw58xsjEAIgCi1RmHCNBf+eWTtY8D/KM/TM2r3fkqabBdQfvfoy2cpLuOTFtw3uBqwh+tkRryssmNFZi/sBbTcWt5mY5ZWZNREqR+jHC94B/TD5QY9OK3hM63rZDfoFGTcpUcjNnYAz5Qt8pKHcf6bvTPnf4esrrPt6QhBjk8VMcb4qlAqD42WvGY4MdDM61Uro/osRZleYFAY40dRrluyuKhYAfUdDgs7lnVTMCEUbshYLqCdJ0cPP9HWxAIE/OORi3YW2PdpL1H77Z+rx4PwZowiNbxaSIg6c7jjdS7RiZwzH5pUpcmPLcn+W17DjgnQT3+esn+sC+ik/ry12N4aC6V5eBlIqriIfLYIYbFSLRh+DXYuWrT+C3iMtphjkUIdUqZl2VBUfIKxN3QpfLX76inu1AhY6DbWyCsypIsydmM3PI+bFs70cDjP0gWC3lE3QQjh3170Af9IuW48YXpIacFj7EqDiw3J64aTXbTkirgFtmsdx+/iPifBUYaXmhwA5FYflvzKfM9766xDMtN4juPrSgYo4WMJ2q7/AjLq4+AA2BCduIkUv3XrGAGGr+GAYieruOvDTPHh0qawiJXHOU0sLiYkx4Fmbf/Trj2rZJmIcYjhUfj+QVLtkALj21duk7cGCuJ7WuRCsEdeOT8jKtGD8imdWL36T6neiNu/wrMUBbcApw0rvxPecML8d5jQpl5IOIbE7rpttSYhH570+ndJOmmswzDWElK2un/eYEzKVRBE9w7yh8CXZSoeLZkb4hrJHKT+gsX4EVhNRb2CYXphIWvxPa11KRU/r+8CzmGHuXcz69QZnfCV2RUeFhmxvii0ku1FFDqI80hp7ROvu+nfBZYa8/KNVNRZ+XmJ8jllpjFREQNtZIwhAG7FUzOt5aSeW5kFUt/lJKhb9aRaPpwA9e6vnSxCqXApYhDFlWCFot68GGpu/HISV9HXPHqx707qenF7tokptVW3oxtJz/ie49sTNfVbw3OJrpo5hwWw2T53w6nbT6sfwUI4iyLZdB3WzfuAN3i8E3NRR6W6tCExOoBKx1O5oeXVILiUs2xqF2i+xmgJQxwNFuY4jstJZk4dCIFaq5og1QK+BkmBfi/maiaVZg1Bdk6cCNQtL5vbgbkr9CTAhTZ24IDXhFJGexLZbz2fKZe14EuhQIha7O0cbN1793bSTq7TlqfsHJ7JEglyXwHOq4wv9J+wt1qOuhXmL51AqAk1Wvgkr3MKqdlRqiLz1J36xDGOaaYlAEdCa12ec7ISxr1pDYWtyXTobWrYiDFoPaPRa54+AqhnKlvoIIJnIgYoydxMY0YuFRTVLyXgZeMW2OuyY7QIVt3PX3lL34/AHNO5cEtLvUPm4NZ1+CKZ454cbdfedxcIDKOcTJpEHnO4jxkCU+GLlvZIPuSPKxzFOK615QbK8uc9jHDYli7ZtnS4uox7BR2/qElUkimQHkahQkQt6JM23dqM7FOAqcYBYIsG0rKgauD8QLE9g3C+Qbx162etnj0cBpktqBltpWJxV5BLhkOft+BmfUBpqAn+d+I1m3HTOd1RhAK8NsDFp32dTq6H722N5PePvPomARNhGvJz0PRMl0Ek06n6+U5PG6V5SJoSEKj+vxkJkP7M+qZ0D1kISmgz89WNKlrPnlEAebokNj301OFKVL+DPlt7fON3Ip3luy78gk8lDhQOpL+E+GIWl2tf/nXvRhmvTUkkIz4ZgrFKQ4mwWM1/KOAUobSz2Oha0+u9whZpFqpVyO6n/oNiJ27LpnZoBJYL8sgzPz0lZ3Mf7Xm1ePuxZG439v6Pn1FTsMUCoNM+0twOnXJYCS1CG1clC6VqNa6qvgcRpe95Z1vd0yAj4jKTcIv3lEcL7LyOYaQZdR5Gq48crNjb6YZqLzf8PL9603eMZJzyOYuOFvc6Wl1wqU51y1XqZRTU33uPLyPJbnKQtMv7pv8px0l8PCquu5YEOvvDSXu9T8px9DKMonV8X3eowhmWxyqlw30cXuoqcnpLrJexQMXUA7M395IBrZwlsaDfLfdit0T7/PtH6LdGyS1zIrXUnlbh7JHbFdQ40bTAnu+DnCmQmHfjSxNyz/8x3uKn8491K0Hhq6UmHEoD3hgcd4Mw9844Zb18FpeQ+C1Tg+bxKcCutcuGMbLXue/my+FcelJQKCHJH5wyG1ZgDE428HXLs7HzAiBn2nUB4WMjanjG+CFgxqor68tlpdhrCSiv29geJzVA6uCsK6x0JWTpQbztQWx7xrrP80mttPmOZgEhb3mrKid9R28Ywk2KPaaDYeBNue4htG9x3ltdRKMJ7oRpW3Sfnjn1Yi
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-28T08:41:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4b8b54b1-b3a1-4ed4-a324-468df8df0874" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-28T08:41:19.000Z" ,
"modified" : "2019-06-28T08:41:19.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-06-28T03:10:00" ,
"category" : "Other" ,
"uuid" : "eccd6e7a-052f-432b-88b2-790c76d89f47"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d53ebf9fe70bce05a00fb6dded971f49b070ed8e10beb0e40d48e3495b274a23/analysis/1561691400/" ,
"category" : "Payload delivery" ,
"uuid" : "029edbb5-a154-4db0-a3e1-632521a58ce8"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "12/55" ,
"category" : "Payload delivery" ,
"uuid" : "002fe056-a0a5-4311-8807-0c91c3f87678"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--acffc28c-bf93-447e-b63c-68c2dd2b85eb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-28T08:41:19.000Z" ,
"modified" : "2019-06-28T08:41:19.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-06-28T03:29:24" ,
"category" : "Other" ,
"uuid" : "7f85ac63-9dc1-48ab-a228-2f9b70fef7e6"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/9356ef24e81ae6c4c38839383156a2a00c3f183a31860b7bc566f92f1f1a3f9c/analysis/1561692564/" ,
"category" : "Payload delivery" ,
"uuid" : "bef88d9e-1dc1-4f97-ad3b-468f6a2a19c3"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "9/54" ,
"category" : "Payload delivery" ,
"uuid" : "2379bbf3-23d5-4ebf-96d3-0a1a77f4e1f8"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--818eadb9-e542-4def-b9e9-a8ecee1b9737" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-28T08:41:20.000Z" ,
"modified" : "2019-06-28T08:41:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-06-28T03:10:12" ,
"category" : "Other" ,
"uuid" : "5bd40a85-9bc4-4c28-adda-8fa3821d47b5"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f6bf5b8bb2400aad4ac844f2b94a4e556907f35b44c5ff462fb4e70c0208c9de/analysis/1561691412/" ,
"category" : "Payload delivery" ,
"uuid" : "aac8c9f0-111b-46c0-b7ab-e287effa62b5"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "11/58" ,
"category" : "Payload delivery" ,
"uuid" : "8ed97b32-2310-4c7e-a2b7-b1a2f10ea6bb"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a2ed7979-f68c-402d-a8fa-701ea3ef90d4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-28T08:41:20.000Z" ,
"modified" : "2019-06-28T08:41:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-06-28T03:09:09" ,
"category" : "Other" ,
"uuid" : "219e65be-3ab2-4fe3-8a96-fb4f81d7ab7a"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/cdf9137b9dd78d79532a8f8c2f65917601b87f8f25b68027b139db88c6529145/analysis/1561691349/" ,
"category" : "Payload delivery" ,
"uuid" : "6630b0d4-6947-423d-a0a5-517579836259"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "3/54" ,
"category" : "Payload delivery" ,
"uuid" : "be04d14c-b55e-459f-a5de-a6bc9febb98f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--7945c2ac-1564-4cc3-b115-762ba8e55f7d" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-06-28T08:41:20.000Z" ,
"modified" : "2019-06-28T08:41:20.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5d159b9d-39c0-44b3-8927-4a4802de0b81" ,
"target_ref" : "x-misp-object--818eadb9-e542-4def-b9e9-a8ecee1b9737"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--268d82b3-a37f-455d-86c7-8212ca7f9a52" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-06-28T08:41:20.000Z" ,
"modified" : "2019-06-28T08:41:20.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5d159b9e-b564-4227-bfdd-464602de0b81" ,
"target_ref" : "x-misp-object--4b8b54b1-b3a1-4ed4-a324-468df8df0874"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--003c6845-8d36-43c1-a7f2-3960a1899bd0" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-06-28T08:41:20.000Z" ,
"modified" : "2019-06-28T08:41:20.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5d159be0-51a8-406b-858b-48b602de0b81" ,
"target_ref" : "x-misp-object--acffc28c-bf93-447e-b63c-68c2dd2b85eb"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-04-05 12:15:17 +00:00
"id" : "relationship--19eb704b-a526-4ede-bb43-fcca4e16c142" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-06-28T08:41:20.000Z" ,
"modified" : "2019-06-28T08:41:20.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5d159be2-63dc-4773-94bc-498502de0b81" ,
"target_ref" : "x-misp-object--a2ed7979-f68c-402d-a8fa-701ea3ef90d4"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}