2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--56d68f5a-adc8-4d6b-a688-5e5d950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:11.000Z" ,
"modified" : "2016-03-02T14:15:11.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--56d68f5a-adc8-4d6b-a688-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:11.000Z" ,
"modified" : "2016-03-02T14:15:11.000Z" ,
"name" : "Malspam collection (2016-03-02) - Locky, TeslaCrypt" ,
"published" : "2016-03-02T14:18:35Z" ,
"object_refs" : [
"indicator--56d68fa9-67bc-4e3f-9d37-4df3950d210f" ,
"observed-data--56d68faa-ab68-409e-acc6-4df3950d210f" ,
"url--56d68faa-ab68-409e-acc6-4df3950d210f" ,
"indicator--56d68faa-4b44-4bce-9887-4df3950d210f" ,
"indicator--56d68faa-2284-4e80-9d56-4df3950d210f" ,
"indicator--56d68fab-3090-4d0b-867a-4df3950d210f" ,
"indicator--56d68fab-ff04-473f-a8c3-4df3950d210f" ,
"indicator--56d68fab-c684-4c89-8890-4df3950d210f" ,
"indicator--56d68fac-b164-4815-80ff-4df3950d210f" ,
"indicator--56d68fac-e368-4932-babb-4df3950d210f" ,
"indicator--56d68fac-9264-4a71-9150-4df3950d210f" ,
"indicator--56d68fad-6bbc-436a-b43a-4df3950d210f" ,
"indicator--56d68fad-1638-4f79-93cd-4df3950d210f" ,
"indicator--56d68fad-2c0c-4dec-8273-4df3950d210f" ,
"indicator--56d68fae-ab18-4d06-81ff-4df3950d210f" ,
"indicator--56d68fae-6e20-48af-b6bd-4df3950d210f" ,
"indicator--56d68fae-319c-4c84-a168-4df3950d210f" ,
"indicator--56d68faf-e818-4eb3-9677-4df3950d210f" ,
"indicator--56d68faf-53bc-44db-a32e-4df3950d210f" ,
"indicator--56d68faf-fe94-43b8-8c65-4df3950d210f" ,
"indicator--56d68ff7-326c-41b2-81b3-5e5f950d210f" ,
"indicator--56d69020-93d4-4925-bf67-4df2950d210f" ,
"indicator--56d69021-f46c-4774-b64c-4df2950d210f" ,
"indicator--56d69021-2e78-4ef4-94e6-4df2950d210f" ,
"indicator--56d69022-46fc-429c-99b1-4df2950d210f" ,
"indicator--56d69023-3170-423d-8c07-4df2950d210f" ,
"indicator--56d69023-e538-479f-b141-4df2950d210f" ,
"indicator--56d69024-551c-4e49-ac5b-4df2950d210f" ,
"indicator--56d69024-32b4-4d54-8497-4df2950d210f" ,
"indicator--56d69025-8b9c-4e4d-abea-4df2950d210f" ,
"indicator--56d69025-62d8-4ba1-b4f2-4df2950d210f" ,
"indicator--56d69026-9a28-4ca6-a6b6-4df2950d210f" ,
"indicator--56d69026-5e94-4ad3-a5ac-4df2950d210f" ,
"indicator--56d69027-68ac-459d-9e6b-4df2950d210f" ,
"indicator--56d69028-7f00-4382-851c-4df2950d210f" ,
"indicator--56d69028-c3e4-425d-a5e8-4df2950d210f" ,
"indicator--56d69029-c3b0-4359-be10-4df2950d210f" ,
"indicator--56d6902a-3d88-4961-8c86-4df2950d210f" ,
"indicator--56d6902a-1768-4b20-852d-4df2950d210f" ,
"indicator--56d6902b-a6ac-455a-a500-4df2950d210f" ,
"indicator--56d6902c-2548-43a4-9a7f-4df2950d210f" ,
"indicator--56d6902c-4c70-4c6d-8225-4df2950d210f" ,
"indicator--56d6902d-0b78-41fd-925a-4df2950d210f" ,
"indicator--56d6902d-8634-4d97-a8bb-4df2950d210f" ,
"indicator--56d6902e-0de4-4ce9-95a3-4df2950d210f" ,
"indicator--56d69190-d6ec-4808-9d03-5e5d950d210f" ,
"indicator--56d69191-3fd4-4639-aa22-5e5d950d210f" ,
"indicator--56d69192-fd70-4313-a3bc-5e5d950d210f" ,
"indicator--56d69193-ea54-490c-b3b9-5e5d950d210f" ,
"indicator--56d69193-e088-42fd-80f8-5e5d950d210f" ,
"indicator--56d69194-5dbc-418a-a4b8-5e5d950d210f" ,
"indicator--56d69194-a4e4-4423-a58c-5e5d950d210f" ,
"indicator--56d69195-bf60-434e-a17e-5e5d950d210f" ,
"indicator--56d69196-64c8-4e4d-a2f7-5e5d950d210f" ,
"indicator--56d69196-02a0-40fd-be86-5e5d950d210f" ,
"indicator--56d69197-00ec-4012-b79e-5e5d950d210f" ,
"indicator--56d69197-0de0-49f3-9f7e-5e5d950d210f" ,
"indicator--56d69198-9400-4b0f-9aa3-5e5d950d210f" ,
"indicator--56d69199-7230-4194-aa65-5e5d950d210f" ,
"indicator--56d6919a-73ec-4726-87a5-5e5d950d210f" ,
"indicator--56d693d7-4ee4-45fa-b1c4-5e5e950d210f" ,
"indicator--56d693d8-8cdc-4662-a83e-5e5e950d210f" ,
"indicator--56d693d8-c608-4aca-ac7b-5e5e950d210f" ,
"indicator--56d693d8-bc64-47e5-a04e-5e5e950d210f" ,
"indicator--56d693d9-9e20-48b4-b7a8-5e5e950d210f" ,
"indicator--56d6944a-c0ac-433b-8f54-4dec950d210f" ,
"indicator--56d6944a-80e8-4b67-847c-4dec950d210f" ,
"indicator--56d6944b-ef38-43c6-a224-4dec950d210f" ,
"indicator--56d6944b-b630-4032-82f5-4dec950d210f" ,
"indicator--56d6944b-4e8c-46a5-b97a-4dec950d210f" ,
"indicator--56d6944b-7410-4a5d-9808-4dec950d210f" ,
"indicator--56d6944c-7108-4c8d-9a09-4dec950d210f" ,
"indicator--56d6944c-94d0-47ad-823c-4dec950d210f" ,
"indicator--56d6944c-df4c-496a-a43d-4dec950d210f" ,
"indicator--56d6944d-d2cc-46d0-b91c-4dec950d210f" ,
"indicator--56d6944d-30c4-437e-a1b6-4dec950d210f" ,
"indicator--56d6944d-6364-4d21-8276-4dec950d210f" ,
"indicator--56d6944e-4468-41f9-8c47-4dec950d210f" ,
"observed-data--56d69b9d-3d98-4fc3-a2d8-4df202de0b81" ,
"url--56d69b9d-3d98-4fc3-a2d8-4df202de0b81" ,
"observed-data--56d69b9d-dbb0-4316-8e79-4df202de0b81" ,
"url--56d69b9d-dbb0-4316-8e79-4df202de0b81" ,
"observed-data--56d69b9e-ada0-46fa-b861-4df202de0b81" ,
"url--56d69b9e-ada0-46fa-b861-4df202de0b81" ,
"observed-data--56d69b9e-2b98-4e12-a684-4df202de0b81" ,
"url--56d69b9e-2b98-4e12-a684-4df202de0b81" ,
"observed-data--56d69b9e-6874-4950-b15a-4df202de0b81" ,
"url--56d69b9e-6874-4950-b15a-4df202de0b81" ,
"observed-data--56d69b9f-385c-437c-81d7-4df202de0b81" ,
"url--56d69b9f-385c-437c-81d7-4df202de0b81" ,
"observed-data--56d69b9f-6144-41cc-920e-4df202de0b81" ,
"url--56d69b9f-6144-41cc-920e-4df202de0b81" ,
"indicator--56d69ee8-c900-4ade-928c-4df2950d210f" ,
"indicator--56d69ee8-ecc4-453c-96bf-4df2950d210f" ,
"indicator--56d69ee9-c588-402d-8746-4df2950d210f" ,
"indicator--56d69ee9-a44c-488b-8cd4-4df2950d210f" ,
"indicator--56d69ee9-cae4-4f0f-9fae-4df2950d210f" ,
"indicator--56d69ee9-cdb4-457a-802f-4df2950d210f" ,
"indicator--56d6a1a5-cef4-465d-a1fa-4ded950d210f" ,
"indicator--56d6a1a6-aad0-43bf-a29d-4ded950d210f" ,
"indicator--56d6a1a6-0a2c-4927-9a97-4ded950d210f" ,
"indicator--56d6a1a6-c094-43ab-8d93-4ded950d210f" ,
"indicator--56d6a1a7-0374-47ae-bf20-4ded950d210f" ,
"indicator--56d6a1a7-5f70-4618-8c63-4ded950d210f" ,
"indicator--56d6a1a8-c038-412a-951b-4ded950d210f" ,
"indicator--56d6a1a8-4218-47b5-9e10-4ded950d210f" ,
"indicator--56d6a1a8-1be0-4af3-80dd-4ded950d210f" ,
"indicator--56d6a1a8-9dc8-466a-8496-4ded950d210f" ,
"indicator--56d6a1a9-1564-47dd-90f2-4ded950d210f" ,
"indicator--56d6a1a9-ebb0-4eb1-8dc7-4ded950d210f" ,
"indicator--56d6a1a9-0318-4269-8b15-4ded950d210f" ,
"indicator--56d6a1a9-6b38-46b1-b94c-4ded950d210f" ,
"indicator--56d6a1aa-a4c0-4d72-998e-4ded950d210f" ,
"indicator--56d69d1b-43c4-4335-beea-5e5e950d210f" ,
"indicator--56d6ee40-8bd0-4a40-ae34-4dee950d210f" ,
"indicator--56d6ee40-df24-47b6-a357-4dee950d210f" ,
"indicator--56d6ee41-e954-4e5a-a3ae-4dee950d210f" ,
"indicator--56d6ee41-c514-4e66-8e80-4dee950d210f" ,
"indicator--56d6ee41-1500-4be2-b933-4dee950d210f" ,
"indicator--56d6ee41-02e0-49a4-90a8-4dee950d210f" ,
"indicator--56d6ee42-fe38-4120-a37f-4dee950d210f" ,
"indicator--56d6ee42-7308-4fa8-b12f-4dee950d210f" ,
"indicator--56d6ee42-b33c-4f72-8f48-4dee950d210f" ,
"indicator--56d6ee42-67bc-43b5-9c2f-4dee950d210f" ,
"indicator--56d6ee43-ac58-4fc5-9cd2-4dee950d210f" ,
"indicator--56d6ee43-68c0-47b7-acae-4dee950d210f" ,
"indicator--56d6ee43-ce98-4b83-b918-4dee950d210f" ,
"indicator--56d6ee71-24d4-49c2-a626-b2dd950d210f" ,
"indicator--56d6ee71-d3e4-4469-902e-b2dd950d210f" ,
"indicator--56d6ee71-6284-4580-8e87-b2dd950d210f" ,
"indicator--56d6ee71-0104-477c-9a4a-b2dd950d210f" ,
"indicator--56d6ee72-cf98-4e5b-96d7-b2dd950d210f" ,
"indicator--56d6ee72-54c4-4ae3-b278-b2dd950d210f" ,
"indicator--56d6ee72-1fac-4c8c-98f0-b2dd950d210f" ,
"indicator--56d6ee73-8dc0-4892-89ac-b2dd950d210f" ,
"indicator--56d6ee73-4d08-4926-8217-b2dd950d210f" ,
"indicator--56d6ee73-685c-4a14-b77b-b2dd950d210f" ,
"indicator--56d6ee74-b424-4fb0-be29-b2dd950d210f" ,
"indicator--56d6ee74-a064-4369-ae2a-b2dd950d210f" ,
"indicator--56d6ee74-97b8-4b70-9764-b2dd950d210f" ,
"indicator--56d6ee75-6f58-45e9-ae74-b2dd950d210f" ,
"indicator--56d6eec4-a29c-4577-b019-b2dd950d210f" ,
"indicator--56d6eec4-2028-45e0-bbec-b2dd950d210f" ,
"indicator--56d6eec5-3558-44fd-a22e-b2dd950d210f" ,
"indicator--56d6eec6-d510-41bb-8b0c-b2dd950d210f" ,
"indicator--56d6eec6-0df8-45cb-9231-b2dd950d210f" ,
"indicator--56d6eec7-cc64-489b-9079-b2dd950d210f" ,
"indicator--56d6eec8-8a74-446a-980f-b2dd950d210f" ,
"indicator--56d6eec8-ee0c-4e85-bd3b-b2dd950d210f" ,
"indicator--56d6eec9-72bc-4a52-a2a5-b2dd950d210f" ,
"indicator--56d6eeca-b7ac-457b-980f-b2dd950d210f" ,
"indicator--56d6eeca-7744-4c5c-b98c-b2dd950d210f" ,
"indicator--56d6eecb-d6e4-4039-89b7-b2dd950d210f" ,
"indicator--56d6eecb-c108-4fd1-a07c-b2dd950d210f" ,
"indicator--56d6eecc-d210-49e8-80ea-b2dd950d210f" ,
"indicator--56d6eecd-9564-456c-aa1d-b2dd950d210f" ,
"indicator--56d6eecd-2e5c-44a5-9376-b2dd950d210f" ,
"indicator--56d6eece-ecc0-4e34-9203-b2dd950d210f" ,
"indicator--56d6eece-603c-44e6-987f-b2dd950d210f" ,
"indicator--56d6eecf-941c-4d76-a2ea-b2dd950d210f" ,
"indicator--56d6eed0-cb88-4fbb-be14-b2dd950d210f" ,
"indicator--56d6eed0-9b1c-42f3-9617-b2dd950d210f" ,
"indicator--56d6eed1-7d78-48e8-ba6e-b2dd950d210f" ,
"indicator--56d6eed2-2880-4e5e-9775-b2dd950d210f" ,
"indicator--56d6eed2-5b3c-4480-a3f0-b2dd950d210f" ,
"indicator--56d6eed3-9be4-41b1-8a84-b2dd950d210f" ,
"indicator--56d6eed4-1a38-4d13-a407-b2dd950d210f" ,
"indicator--56d6eed4-b9cc-4ab5-ba8a-b2dd950d210f" ,
"indicator--56d6f56d-3cc8-4ae6-bd56-4e74950d210f" ,
"indicator--56d6f56d-5dec-4576-bb19-4914950d210f" ,
"indicator--56d6f56e-1974-44d2-b247-4131950d210f" ,
"indicator--56d6f56e-a190-4f2f-904e-4fb4950d210f" ,
"indicator--56d6f56e-fb84-4a48-a1be-40b9950d210f" ,
"indicator--56d6f56f-6594-4eb2-8ec2-4969950d210f" ,
"indicator--56d6f595-111c-4c2a-8dae-5e5c950d210f" ,
"indicator--56d6f595-7a38-40bc-a90b-5e5c950d210f" ,
"indicator--56d6f596-2ff0-4f0d-9dc9-5e5c950d210f" ,
"indicator--56d6f597-14e8-4d56-a732-5e5c950d210f" ,
"indicator--56d6f597-46a8-4a5f-9663-5e5c950d210f" ,
"indicator--56d6f598-cfd4-43d6-b85a-5e5c950d210f" ,
"indicator--56d6f599-b51c-4cfb-970c-5e5c950d210f" ,
"indicator--56d6f599-a888-4b95-96ac-5e5c950d210f" ,
"indicator--56d6f59a-9050-48f5-a6c5-5e5c950d210f" ,
"indicator--56d6f59a-0530-490a-ab7f-5e5c950d210f" ,
"indicator--56d6f59b-8994-40ca-8c1d-5e5c950d210f" ,
"indicator--56d6f59c-c0e8-43ff-8d26-5e5c950d210f"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"circl:incident-classification=\"malware\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68fa9-67bc-4e3f-9d37-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:00:57.000Z" ,
"modified" : "2016-03-02T07:00:57.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[domain-name:value = 'soclosebutyetqq.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:00:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56d68faa-ab68-409e-acc6-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:00:58.000Z" ,
"modified" : "2016-03-02T07:00:58.000Z" ,
"first_observed" : "2016-03-02T07:00:58Z" ,
"last_observed" : "2016-03-02T07:00:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56d68faa-ab68-409e-acc6-4df3950d210f"
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56d68faa-ab68-409e-acc6-4df3950d210f" ,
"value" : "ohellowruff.com1"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68faa-4b44-4bce-9887-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:00:58.000Z" ,
"modified" : "2016-03-02T07:00:58.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[domain-name:value = 'emotos.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:00:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68faa-2284-4e80-9d56-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:00:58.000Z" ,
"modified" : "2016-03-02T07:00:58.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[domain-name:value = 'thisisitsqq.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:00:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68fab-3090-4d0b-867a-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:00:59.000Z" ,
"modified" : "2016-03-02T07:00:59.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[domain-name:value = 'ohellowruff.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:00:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68fab-ff04-473f-a8c3-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:00:59.000Z" ,
"modified" : "2016-03-02T07:00:59.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[domain-name:value = 'rmdszms.ro']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:00:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68fab-c684-4c89-8890-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:00:59.000Z" ,
"modified" : "2016-03-02T07:00:59.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[domain-name:value = 'zarabotoknasayte.zz.mu']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:00:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68fac-b164-4815-80ff-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:01:00.000Z" ,
"modified" : "2016-03-02T07:01:00.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.101.152.80']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:01:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68fac-e368-4932-babb-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:01:00.000Z" ,
"modified" : "2016-03-02T07:01:00.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.232.35.31']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:01:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68fac-9264-4a71-9150-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:01:00.000Z" ,
"modified" : "2016-03-02T07:01:00.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.3.16.250']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:01:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68fad-6bbc-436a-b43a-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:01:01.000Z" ,
"modified" : "2016-03-02T07:01:01.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.34.72.228']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:01:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68fad-1638-4f79-93cd-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:01:01.000Z" ,
"modified" : "2016-03-02T07:01:01.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.82.74.197']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:01:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68fad-2c0c-4dec-8273-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:01:01.000Z" ,
"modified" : "2016-03-02T07:01:01.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.196.50.241']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:01:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68fae-ab18-4d06-81ff-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:01:02.000Z" ,
"modified" : "2016-03-02T07:01:02.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[url:value = 'http://soclosebutyetqq.com/69.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:01:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68fae-6e20-48af-b6bd-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:01:02.000Z" ,
"modified" : "2016-03-02T07:01:02.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[url:value = 'http://thisisitsqq.com/80.exe?1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:01:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68fae-319c-4c84-a168-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:01:02.000Z" ,
"modified" : "2016-03-02T07:01:02.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[url:value = 'http://thisisitsqq.com/69.exe?1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:01:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68faf-e818-4eb3-9677-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:06:04.000Z" ,
"modified" : "2016-03-02T07:06:04.000Z" ,
"description" : "(down 2016-03-02 08:05)" ,
"pattern" : "[url:value = 'http://emotos.ru/admin/model/87yhb54cdfy.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:06:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68faf-53bc-44db-a32e-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:01:03.000Z" ,
"modified" : "2016-03-02T07:01:03.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[url:value = 'http://rmdszms.ro/2/87yv5cds']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:01:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68faf-fe94-43b8-8c65-4df3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:07:05.000Z" ,
"modified" : "2016-03-02T07:07:05.000Z" ,
"description" : "(down 2016-03-02 08:05)" ,
"pattern" : "[url:value = 'http://zarabotoknasayte.zz.mu/7/sh87hg5v4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:07:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d68ff7-326c-41b2-81b3-5e5f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:02:15.000Z" ,
"modified" : "2016-03-02T07:02:15.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[url:value = 'http://ohellowruff.com/69.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:02:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69020-93d4-4925-bf67-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:02:56.000Z" ,
"modified" : "2016-03-02T07:02:56.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAFw4YkhGQwjPBwQAAH4IAAAgABwAYjU3NDI0Njg0NDE5NTYwZjE2NjM1YzQwM2Q0ZjkyNDBVVAkAAyCQ1lYgkNZWdXgLAAEEIQAAAAQhAAAAW70Tx/gfStewGpkfXyh/fAQzzK3EVsMNgEOABlCQ/oxjTDSnhT1A90R+SqPy4qLIlnHYJtREPevA3zGwD/+f1uOa31h0AZ8cVcTra9SvBAe6SGM9rr3Bx3LVSSU3gLZCOw0E62TaXa/epLYypPahtfuIAkbx0a5UtVMg0lDDSH8uLdLhwQSn8dFweFsNhi7+z3vXhFNhviMlN1zEyXEWaVbs4WE6EQVXJapzSRbLRnN9Ih519hnT8UDkVXy34v32uZhKW888wWmq+avx6lJAqd+RsiLUNaW6v7QyzUoofW/3jUx4sL3NYedXDGS1xTBfIvcWt13/GxUP+BsdH/xLds2uZrZpdyI4b0nDJlKTkWt4cyQ8ydyt/mEGWymSHtnI1q066KGY8qanQIlwnvQ5wxwbEcDR9TDnZrIzIVFYewXDiQOwBnwHcvHVQTPFPT0SJ9Va1WXYQnH2zvDt6MsBG7hwcUaOyygJRJvFHJVZ+U6+73D0Ed/LT+jSr+jq9l/CMRTV21TXWuPgORxjMSwZ7BOy7MtDQoJf779O7HrcO+x3O5w7AZuyLSR6ZyDrEBVMSFEoSFgD/i1IJCUnmbJwY7Wggcp3aA1vLU/HvilvmccGSTmoCQavGZrZS6oYuiLDYt1ZoyA3g2skgs0awNTCHswVHuwDNYo6G2sihQG/dOSU1NgQkI6QpPhAyvqWBgxi1sp7GCVm4zvG10Ya3Te7Untch4Skz2wGBpzya/qz3JHB5Qm+5A5JjHXtozMYi+I+Dwt1LczIR0PW1kniEZoVSvMvGZaWEnuzJ0X1A7WOFMqFrHA7Xrb2CFHSM9myYKox98vcm9prkcfzuNqGAWsgJ4CK9v3FN9abRpyliYDfe5tu16+HM5TSCrQSL0zHX+RVZ9iFLS68sa649ip7fWThB1CdIE1B8ar+dZjMM7Yh7kFSdUqoX+95R/d7kvYI+QOJNoyf43TnNmrarOH7VCClPVqFZJDKqsrBqLgioje2PCgXgHic8G7LCasdSYuTh2RaizUD8p5Kq0Z6D+kuvftb6VbPS40tr8ZTLOHKnnqgFF/ObOqqz+cZCCme7TcQpP7IUpvNi/TUndvE0JmK3Egz0VybJS8WBOl+xXBSXVQPuDoVBym/o9M+UZBEKihMsgp+jEF0uOAqpAKl+093hsooFNG3P0R0HWX7R5EIrQYlbuPXRerMt9OZjgJAopnUpU95H1kBpNK0wwGfJt39YhZpRZv/aEAMOQH9ZSncWNtKYgsveeDqLKfVZXnvtofAAoSjNoSA9/jEEjTb9ZmJdPjt3abywc1uWlqf1yn8q2cDdIRQQaukXWkQkgCV95O4ZVXhbilGxk3L/DsxvJered8ia20yrlYPL2dQSwcIRkMIzwcEAAB+CAAAUEsDBAoACQAAAFw4YkiJ8juaHAAAABAAAAAtABwAYjU3NDI0Njg0NDE5NTYwZjE2NjM1YzQwM2Q0ZjkyNDAuZmlsZW5hbWUudHh0VVQJAAMgkNZWIJDWVnV4CwABBCEAAAAEIQAAAGhKQh1tp0bWfTg+YshK5S5vODq17Pgld7M02llQSwcIifI7mhwAAAAQAAAAUEsBAh4DFAAJAAgAXDhiSEZDCM8HBAAAfggAACAAGAAAAAAAAQAAAKSBAAAAAGI1NzQyNDY4NDQxOTU2MGYxNjYzNWM0MDNkNGY5MjQwVVQFAAMgkNZWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAXDhiSInyO5ocAAAAEAAAAC0AGAAAAAAAAQAAAKSBcQQAAGI1NzQyNDY4NDQxOTU2MGYxNjYzNWM0MDNkNGY5MjQwLmZpbGVuYW1lLnR4dFVUBQADIJDWVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAAEBQAAAAA=' AND file:name = 'msg.476085627.js' AND file:hashes.MD5 = 'b57424684419560f16635c403d4f9240' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:02:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69021-f46c-4774-b64c-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:02:57.000Z" ,
"modified" : "2016-03-02T07:02:57.000Z" ,
"pattern" : "[file:name = 'msg.476085627.js' AND file:hashes.SHA1 = 'aaf4cc77baf04b2eb528dc78a3da63315bca2e83']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:02:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69021-2e78-4ef4-94e6-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:02:57.000Z" ,
"modified" : "2016-03-02T07:02:57.000Z" ,
"pattern" : "[file:name = 'msg.476085627.js' AND file:hashes.SHA256 = '84cc775d34761e2f653b883abbd6af770001888258baa01cc18bcdc5c0079b85']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:02:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69022-46fc-429c-99b1-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:02:58.000Z" ,
"modified" : "2016-03-02T07:02:58.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAF04Ykh+IgwlIwQAAFQJAAAgABwAZmI1ZGI0N2IzYTZkZWI1NWQ0NzY0ZTY5N2JkZjUwYTFVVAkAAyKQ1lYikNZWdXgLAAEEIQAAAAQhAAAAW70Tx/gfStewGpiOeZRYhU3lOalJ/H5tKq4cx0+T2c+9vP1kWxPYgdWwK6YS6uLaf1Biqwn7eL28Fbz7ETZfQcVFZfjWtF3l1IjJXCVfnoHz07ziT9Qu8n7pQuPgvcQZib0q+qlx/hzzMkPSXRS7sP9X0fT6XR/6rtdczcHJ6ypbp81PS9neyHnBO5eBogGw9HM7+cH2be75vNXkpYIKqfMM7uTrIV5BRfMmszOBvCS2Plv75xe+Zm+mwvok3drXjkZrWrjknfkDAgPMk4uLhYRTU0vmGZT62vBHLfg9VP2Rnps30uV3Vwn5CH5Mx691UQGSMA06ipSfPWPAjIvKWi8zn3dIEQpeBxfDaijkjlhKuD8CCGfPpgozzTLLv5IRDEX3JCRiZnz6XF4I7PGwBDLdtHYnBrXupJPKVqnZEXls4M+FRM6AdjV4tRJhjEQxTZOe8qHYKM4al/fmtOK+1k+ZChDTW3CwbKif4l93J4bUsDUhuYytVlYzKrgcp7Zf10WezgQ9OhHXbNNNoR4joZ0r5zfqdfXhReD9VJG2+m9rpscperrXFLTIE8H/7plf86thtsSrIR1teVhb9xFwpQ+cpPCQT0av9/6TnBRC8AbCDXh/otjuu7iezoo5NYBts0x9gynaEGOFC0/mpQS2b8UTaXO8F82xYHp26zQvrOafaiGeRuVDOpAbIQuKpMDf+gUYEpuBIxkYfVSBIsCrPkAV2vNaMaM1Kv39xXf2jFfGLXRfwDxsmZq6L3j9GJXs2SGJbD0U4MpjPkHVl1zdY68BAE6FjOx9JnDH8J1OTZ/Uio1gaf1kWNPprOCsrkf8s6Qswe5jHlePhU6TpLGV0SLN+ggeoiTkQyorQCtlEpAH9lh/u0xtqcGK8qoX8KfFxNANrGcKEe9Uo1ui3DG8nP4/zz0/l1J5yxSoKQ4ajIFXJrVvb7egw60T4Em3jrXm2mAaeE89MZES6o3CP+Px40uR0Uub45kV+0KC3WQ4mjkwDg9tJvCIhp8TN2lZJrS31Tp3EmnwhuTbYP4cIUdhcEAFzJ2/Od12Z+5kVlH2S1zNUyXutb/OUbEECMjTnYch99hUtYHS10NdZgb9xhrfXjnJh0WJFk96uMbdXRxIk1wpCVY7DZYl2ISwfhwM0V7N9H+SErtSZ3Rr0BIbEg7pITpFCEM80Cy4aslZb80x//q7/3VTAQjSJC7FPO6oHK6NDJrPEAy9zWsJZvQ+GEknX1ekuPVdiFt3vPoGNxQbYrvaSVW9pt4YZPNd6a9aoeQxWcohQqXxilPDkDaTYXkQhn+TbjazgqQGaKTIJ7YpO8GjDMQy2XX7RxXkr1pCbfrWUbbnCGmTFJYkvGI0qM/wjAWFLh8qK+Ii4tY7L3pMoFOvDG6kkWS9+ZntFAdngR8Z1EYIUEsHCH4iDCUjBAAAVAkAAFBLAwQKAAkAAABdOGJIkHwN+BwAAAAQAAAALQAcAGZiNWRiNDdiM2E2ZGViNTVkNDc2NGU2OTdiZGY1MGExLmZpbGVuYW1lLnR4dFVUCQADIpDWViKQ1lZ1eAsAAQQhAAAABCEAAABoSkIdbadG1n04PwLnvoZC049oCnTz5n/ek4keUEsHCJB8DfgcAAAAEAAAAFBLAQIeAxQACQAIAF04Ykh+IgwlIwQAAFQJAAAgABgAAAAAAAEAAACkgQAAAABmYjVkYjQ3YjNhNmRlYjU1ZDQ3NjRlNjk3YmRmNTBhMVVUBQADIpDWVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAF04YkiQfA34HAAAABAAAAAtABgAAAAAAAEAAACkgY0EAABmYjVkYjQ3YjNhNmRlYjU1ZDQ3NjRlNjk3YmRmNTBhMS5maWxlbmFtZS50eHRVVAUAAyKQ1lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAIAUAAAAA' AND file:name = 'msg.057080059.js' AND file:hashes.MD5 = 'fb5db47b3a6deb55d4764e697bdf50a1' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:02:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69023-3170-423d-8c07-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:02:59.000Z" ,
"modified" : "2016-03-02T07:02:59.000Z" ,
"pattern" : "[file:name = 'msg.057080059.js' AND file:hashes.SHA1 = '6221cd2a493a3c052e7374aaaebe8d7e84730b1f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:02:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69023-e538-479f-b141-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:02:59.000Z" ,
"modified" : "2016-03-02T07:02:59.000Z" ,
"pattern" : "[file:name = 'msg.057080059.js' AND file:hashes.SHA256 = '2c5759d570f298b373c19bbb94b4ff0f12de337efb44bf671e07b37aefe778fb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:02:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69024-551c-4e49-ac5b-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:00.000Z" ,
"modified" : "2016-03-02T07:03:00.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAGA4YkjrFOUsHAUAAMUMAAAgABwAMTExN2ZjNzBkN2ZiN2U2YzVlMDBiZGQ0ZmQ0MjE0NjZVVAkAAySQ1lYkkNZWdXgLAAEEIQAAAAQhAAAAW70Tx/gfStewGqWiSrC/M2JU5GxpZGUG29JwssHcG75J67zRANYSJlTrjyFFePH/jewAMlUomLFBGnYpV1FdfjkaarHWU5/mH6hLdTfM6Wy3+IWhljZpWEYjvC5dSQbslN8QV7w92EJcu1A6j7L+Pulf2soJO6OGAviuBfmoKgHRZocHMmZ+WU9dejqvHGFA4LtTWyByrw7nYAp3SxE511tFPwFWzr+xjADo9/nJjrF/MU06+atjls+J0x40RhYQ6fOaU43w7sG8iYUArP8kt4hAJ4Aa9eG1SYukHVdnhIp1SraqKx60dns3MMdiPSfc0onzRnqRtr9kJh2atti6NCB0emWl8A6L6FbubFksJDbjI+Re56htlJ0U1bwvcujS2mettf5neFGfcCsAGYu73A6pbDp/IPZCvuSmYt3ev/6tVlVGIHYaCwI8uBHTPkaBvKsfD7qwnRkjCrwSrqC4jBcO5tAtwBCOTk5/EE1gRZsmgQ1ayHBzZJY2MKRVwEwJ0fZ1OcasXl6NGqWLS4TP43QatN0kDR3ZAoH/1s7Cja9Fo6/UoHVLKdu+ZFrsNdHRqYwmuzS4U0+a2MkJ1CoOx6ruKCwjj0BMThx0M/JjWs7AXhq46K8tGhnYIiCLnDsS6JL1kckT87QOUyxBAy40N7LPLesIsZjZ7qLaflrLFc5/93Mdi6HyC+YjlnTFDpKTxuJnAVUKN7odPkQuyUFPR1N1uvciQsosnbBqJE3hfMU1QScakby/mdJafhsJSJEVn7t7ZVW0Jy1BsZtPXEi3SHZl7/fe4dCUXA+g18qDhDpDdAu60iBhkdtiDogB/WOtvtvq6FOmA/bVG3V30gM3CKdEiG+hcNtXtFSMaC06NhUzHcOK1q7giAbGMT/2UNWGMNXQzqAksaqJUaMaYl1KW+A4qV203rsOD0Z9HQ5qh9jzFkOu+3xllAk0pDgsKkqwwkWygtEXc4NBITC3gutBEGy5SZPnK35C1C3THNjIgeIa0sBuTp5+ztRMLN3al8Mfh/jW3qYyiLBUjfDk1rJF+jIlO7wO/GPyexk68Mu6oLT6/avdCCJ1TmUYjATUM98YNN/8ALlC64BM/HX70WmwTJSATZZupEq/jiLILVmH+I9OwFNehbyApvK6iPvwCQ0kIit2RsUkhtDVXzQ1MkZEbzJig652Qd4gGOPJz3NyE3bDX7FCqX0KqSsv7XR7Q9elvXVAxTE16UCGNwFricPseMwvUUtCP3xlIWBc5sPNBoJzin1hRwTwj77mpU1D0hh1gQOcSJPr5Sj4fnbJ3kgDcxUUUHTvjqFElIVyNq71kd+9whq4P9A/D0QO1/Q1vSYjWlXrgdhozTledxb6IlZqx3A9nlRjGsgjN1TCjd+KBkR/du6chYgZd1FpFOIR1DZ0j2ZI7K1m5hFB80vi228ABYe1Ox7JFObvGs2rCBOBJW9OJExqblPahh9EagnWf0cG8rKSmTAAfvZPdZMyfPg4C+iDC2XflQEQm+FXrpQBMoQdw1MTSQ2dtZ/xIOz8g6we2YQK1Ob3lUiMxu069fJ8G413IGG1kFbxq8H5hizagkFyPeBdShxy6NuoAoQcoN13Qsi0rNr6Rt2tT60LNohqSAH24toUewjtqJGU/Et4SXmVuJsE0CKOQdTVySF3JfOHMNbOR/As5xVwl+du1mdpGp7B1eekADVQfgnS6YPYN37+cZhH8YldqRvg+LwB1NRGqLx3ufRDjrhrqTqUUEsHCOsU5SwcBQAAxQwAAFBLAwQKAAkAAABgOGJIIqDOriAAAAAUAAAALQAcADExMTdmYzcwZDdmYjdlNmM1ZTAwYmRkNGZkNDIxNDY2LmZpbGVuYW1lLnR4dFVUCQADJJDWViSQ1lZ1eAsAAQQhAAAABCEAAABoSkIdbadG1n04AttP6TeZbmKsKDZhUBZUo+mUCYdaUVBLBwgioM6uIAAAABQAAABQSwECHgMUAAkACABgOGJI6xTlLBwFAADFDAAAIAAYAAAAAAABAAAApIEAAAAAMTExN2ZjNzBkN2ZiN2U2YzVlMDBiZGQ0ZmQ0MjE0NjZVVAUAAySQ1lZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABgOGJIIqDOriAAAAAUAAAALQAYAAAAAAABAAAApIGGBQAAMTExN2ZjNzBkN2ZiN2U2YzVlMDBiZGQ0ZmQ0MjE0NjYuZmlsZW5hbWUudHh0VVQFAAMkkNZWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAB0GAAAAAA==' AND file:name = 'message.597341230.js' AND file:hashes.MD5 = '1117fc70d7fb7e6c5e00bdd4fd421466' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69024-32b4-4d54-8497-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:00.000Z" ,
"modified" : "2016-03-02T07:03:00.000Z" ,
"pattern" : "[file:name = 'message.597341230.js' AND file:hashes.SHA1 = '46ab9ef7a911eb59650f74ad5dc292c2b63f1d9e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69025-8b9c-4e4d-abea-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:01.000Z" ,
"modified" : "2016-03-02T07:03:01.000Z" ,
"pattern" : "[file:name = 'message.597341230.js' AND file:hashes.SHA256 = '79a6f2ceb0f095b57fb59fd38a8c040cbc48542498641aceeae599c78da587f1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69025-62d8-4ba1-b4f2-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:01.000Z" ,
"modified" : "2016-03-02T07:03:01.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAGE4Ykiba2k3iAcAANkPAAAgABwANjNlYjQwZTFiMTE5NTg1OGJkMGIwMGE2ZWQyZjA1NzFVVAkAAyWQ1lYlkNZWdXgLAAEEIQAAAAQhAAAAcyBLD9K9F+bBPu/k29lvYT0BBVOe+rAZ5QdqFVBLvTGc3urckfMirQTmPJ/tKo5083B3Qx9IPF+F2m97Dm1w0h7oCBLFplNRWRWq2xK6xh7pa8mrSiF8IDxau/vwkqnSLIJF3WyW5BgXLvKWmX04IVz/YnGNJKqzz+25aHNaYViGRFcOF+q2gBhKgdED4D8uly+aoboIvsdRRpvqE7BoWQYy5WeNSVOrGs6h15KsQXUCDWHRXPfQAPsU0+JDiAmCuoIFST5d1GQCcyX/BDbkoflxkZ9hbNrQAOhCsNHIDvtnVbI4uLg2SMrQoknYz8dqLChDpnnEEaGXpOzsjsPoAdSRfZ/QX6vKOLfSyhqpMw9SCc30HfOpKns/9CZU5Gmvw2YuaU5WHALoq7E1GgT9gcFKC6BoQ05uQZ876UrDTleLMR6A+3n/wXYawJm+MZJJmMZA68y501KQD81QGQJEf2EXWDo2hCRDXuM1enwPlJAxsDfENqeGvTe5BO/ItsNGgljq/Uqr77XUvTfIzBUxyXA1ZM6qjEhIV0Y5oKA8BfQYWmOhpueQU+BjcKHbZtmsMZx/PkkKfquwKBJdzWS9GC5s68Buub7YjnI6Xq/vt9E+ppi2seMpgeuF/iF4PCl4Hu4g/Giu4UvSQxC8L89U0l4UH63y5w/Y6cnNwfQySNNDFTNntTqrSmRQvgsLCBeA7fKFbApP+KhVjdTCLgVT84xX1V0MZ0sXIp/Dk3epPOUL5jB/b1uQyhK9VnDnpFjY7+gd9HhjWw7As8f494EHSQhSXVYEvcc0kSbJEFOQqU69mW1hFT8AzxnWL91eMVxHYg2hNyB3P6GcxST4CLNd1nJ5aL2ydVFPvaawiZWf3Oc0JuNoKAt/GI6gExbsWB0Bhq/qgPU2bSMEXfpuNRkRg8RkG/loJcyHOyB/Xbx1wnWF3by7uupzTuWRGYFQQCU4HwfqYPFytM2OWASf0svR6VXJWv/hJgBwx8g1vpOIuw1R8I+DddnMpCrhI+Sw/HxIk+Ggk73aom8pOXlmCtnL2jXJKBLxJ2Ku0UxHXwJaM6PojXmLenj62IQ0gYvRVfEAJ2WwT/KNiTCna+Kqha1ZZRydDNYcNgUdgMYX+xHw7t+Ga5uJGiQMk58ry757NsTwSReKZrIpo7Qyuwa5f6XVHGOQ1UIU4CnqR8Xuq1gcst5cvT+pE2Qzm13xW9qVCcf4JfAheJWruSAmF1Fm3Vv+y3ohmy+tZdGv89/gS8FKazmMk7Ba0SN6WFzZ1KIv1/4T+BhfhsoMxEdqgJvNMBDBYTmU8ihiPbXsHZp1/j2RkdcXSlwHOYb3etv/UR4VksgTgf5X0kNNt1buEVPH57Ovpue0gYkEVwM+zEBs7jAZDn5zilraHqBMRn6PWizbq19piGVB5FGRnR+j0cZ91OXXTR/rs1C4tPDBJc/bzFONa6oUa8EKLc0WKywVykztV2wXGPPnhrlCHmHOsqdSS1nNkLEY3h/MzbYIkdGirSw8ruWFH6HwmJ4x+8GMQR6OFBx18Gm/QYfyRsR9ljhDlXxk/yiEIQOIzrJknOZJCbqDF32/1y//VPGYXT5HDsaGILgcRkr194IRrBtk5K1ZkezxrJn40hOUp/Ztg05wYtDk2PkWbwcO1wHc2wmbZFa/Oye7OGc0DKt+5UVs4Jm3YVPo4lH8rybMKH8nLIRu/YBqMGMQSaxfDH+2m3iwIQVThDO0iYH9sfVUwIZJ9L7vms3FsHYiRtYLdHhNho03Fg0G48YxXEinXr66b/xZnWmPm1Fi8L3u4VECh3kEQNfMEfgtV4lc/bnAiLsi+XDssnduoK6raNTQg7ZIyqmrQheQEg6y6HZ66GHMy5dzV0CvY2I4Tqv3yEGx8PvYr1/dap+0x9LGeLsxdh8lrfL+hn56oIPAD6lyP4MkLvVh1SsTUSG5yGeHifNGISMFdY594Be6AMp9akO412NvVGzC60LSbgDiza3F0mouMTM10BlBeTJhDv4sFf5OgpLL/vDKiEA4B89kA9MWIGqhP3FX6SwWLojZAr9OyiStrtIVdnUxKWMZNII7SaVfAKevA81oiXpG271M+eFxZxCTAkIuX5jOkZyS6+4yIOnXw3F/XJZ4egJSTux2pSZyu1FTH0H7uP9bgqzjkePB0atBp1JLBZn12S7sAC4frb7Xt5nZkiV+btMZ4/a9UOc7i15m29L3EfYOJ1FvUTjkQFqQRyAdS9wjWY86oYpiYqMitjVq45ihIiG5yKDhtV3Dv61zFo7iZ2/5+Haui1926sTW/DRbrP6PHexPfZbYbTlGKEkuC8zwdzJiMjAJFmNrWkOI9YZN2ZjIk8zSQ31XVm5qPEk4N1TjOYl4ZhpnfLN4AWL+26ugILCnyK/J0ma53BIVwMOxX4pv6efdC6ln90OCLKDzsvqnKumgdE3dbf6o1frmp3hY99597F6JPwj9PG45Iexp/TOkOYeYOInx8oimabLhLK52iNEKOZQlOief2DuHEypJ7wtX8KPxx75lL79hvptLue70edk/tNhKpyi+K9/nO9UlBCx7R5o7RMdKDKxQSwcIm2tpN4gHAADZDwAAUEsDBAoACQAAAGE4YkhL8aNOGwAAAA8AAAAtABwANjNlYjQwZTFiMTE5NTg1OGJkMGIwMGE2ZWQyZjA1NzEuZmlsZW5hbWUudHh0VVQJAAMlkNZWJZDWVnV4CwABBCEAAAAEIQAAABPAs5vzWkgCH205s+j0K78ra4+MSkj6N/vaclBLBwhL8aNOGwAAAA8AAABQSwECHgMUAAkACABhOGJIm2tpN4gHAADZDwAAIAAYAAAAAAABAAAApIEAAAAANjNlYjQwZTFiMTE5NTg1OGJkMGIwMGE2ZWQyZjA1NzFVVAUAAyWQ1lZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABhOGJIS/GjThsAAAAPAAAALQAYAAAAAAABAAAApIHyBwAANjNlYjQwZTFiMTE5NTg1OGJkMGIwMGE2ZWQyZjA1NzEuZmlsZW5hbWUudHh0VVQFAAMlkNZWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAIQIAAAAAA==' AND file:name = 'KC5559709096.js' AND file:hashes.MD5 = '63eb40e1b1195858bd0b00a6ed2f0571' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69026-9a28-4ca6-a6b6-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:02.000Z" ,
"modified" : "2016-03-02T07:03:02.000Z" ,
"pattern" : "[file:name = 'KC5559709096.js' AND file:hashes.SHA1 = '3a14d7b8e743df7d62493bdf44ecc45a6f82ee48']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69026-5e94-4ad3-a5ac-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:02.000Z" ,
"modified" : "2016-03-02T07:03:02.000Z" ,
"pattern" : "[file:name = 'KC5559709096.js' AND file:hashes.SHA256 = '2fc2428db623b07280953034a11d92fa45b990c11cf945bb6853e4aee094ffcb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69027-68ac-459d-9e6b-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:03.000Z" ,
"modified" : "2016-03-02T07:03:03.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAGI4Ykjx1SLKmQUAAFAKAAAgABwAMWY3ZTdlNzA0MTM4MjA5MmI2OTkzNjI1NDhiYWI3ODlVVAkAAyeQ1lYnkNZWdXgLAAEEIQAAAAQhAAAAiz4CR4H0+AMwlUQMy2PI+KmTW+Beqy89Q///M9iQclLEUHwCary9mnsII02jIuTZOENkXwrgq2SzOOUiwC9NxcPZVyr6AfvLgugbQpdlH23GNrOLR2ZETlyKLypqwZWREUUCt8PqqnQt3aMx8YKmQnxtyhl9jlfCY0vk06klKofwRdqI7/W9iowiV8wOpSm9wkZQr1Nk7zxA6jMbts9jy3gWDQmROVFWQfClcR5L1YhbtM5Y8un3SdDNHB2z3N2YH04kHGP3kFZzCUFRMufJjS6mVPE1BkKDR5BG4Mtx8UZ/P3X8BeYOIOaXdH7jO0NA7Ggev6XkABQGw28aWC2eEnVcn1XqLfYBehvklQznZFJVKNoR5ROgFpxStrP3c8d6ha9opKaR5yBIenp7fONsNrZjEeEOIusBDK6jcxGVj0457BjRCSPOwidKTfJpqJw+m87SnFKWMX/YMGrCtyzMhaQQ8GkbJjWnsH+lE8KPBIOsbO0fTlEXOvHtQOjt/6YLYTLjyrn7wMt7ffcGYtHFJm0ifuIbnrleenvBFa931Kw2sW2PYjTfTcqUYsWhyvPQLHDkHL5Kdx4c0tVVuWU5qTcJEZeaja83Z09gGyGRoQjef7m038eafgSBmae2f0VlxrZLrdq6l4xUhUsar+5U0Q+eKwONrFGeN1vxpC6jcTNL2z08YqlZrjbtEPIL7WxObSbFyxHQibHnlXm41J5OrFMLUrPe1+cOMtbH+Y78rU9+pzqB/bjfUtMIlqRFqDUmsCjOtUCSwCTiskJrt7hkW2tpxy3aiksEbPKDRD+txTMY2tYf1fVmITLYgwVna/FAtxBOjhd52nMwP01fZXZezIE4JoNUfG9izMfSnrgIr6IkLaxK2d1t6XD/+hiB3rQ/PwUnxVcrQWQCallMYlMimc0cBy81QEBlTpTgcXuNTBs6Ev9i1IkN/XvPkD+/GfGMLVaURMrkKbGL5WMD4lZlVkgOHLxuO7gYmocME8GHlUrXQ9iF0ZsOOnKp7JRY9r/m/+TxelMH42OEdBOI0nu1r+bGT3krRcWyzuk+BgAPE77aI/DC6V9gh51eoTfI0inKGRh862/d4zT8cnVVNLKnmGe7kLNvlu7SJKJqI6xcM97TrOTqo1y2+gK1h7QZwjAAUXFfi6poKvuMC+nsuqAvH2m8W7a9tR2bigUAVouQHXuuulSpBc0mYx+MlN8sTBxJUpS9+GTzBCaQrBsAvpLZKc1wqKSjKSgNVIaFYIaJ1f8NIpqlR1/FQCpSIQnYf4YQpbmctIUgkcuWBswMhk6Snz6eW2orgALww3YqelP4C06TyHAmkHOi+Si+rEZw5N83QfN7BKKLDBbXtruv5U5PxYNJggFdhsvro3TCRjbGY7MbJ4Hp/p7ti0w8pcrwpkmda9LiVvpi+R2VVRnEDk7q7Zagp8wY7K+t0zAbFGqUjBcm8TmfEasVw4Up+MoXE8mxOgabFWkZP7Yfd1WGUvcRd9bvZMiwMaVfNdZrZK8JLoXLcQ2hzO0dkbJngcKTYJl6yWhb9geBIZDVBpcyH5hQEj7LcTQk2paR2ResBCOrpiy4ESpaPtjVICG3YwXfi3rUixMAFv4VZn+ASGXIhVjo/JLlvSbS2qhXx6K7aGRdEDlkBDDuKLHK250skFJXbX4CpvdU8lNkRfhKvIcnnx6BOVLiK/qQAnGC0je3faxdxv2tsP5Ww0aS6ljNBISOBgpfOWqoQWPEt61erkDCbXh3mlVbD0VCa5rRsVxwRn4roixy64ZPzRIFKPhvo3CspKyDw2Ueo1u08vgAfIO7kjkwHT1sMDP3Epn//sMDGcCzTaDLFMcumgZwAJ5FSmA9sho6DC7Ai48JxG6gIa7raToOwPkwPK5Ze0ndZVCc3Kn2NnyH018vpCLwoOxQSwcI8dUiypkFAABQCgAAUEsDBAoACQAAAGI4YkiGwwcMHQAAABEAAAAtABwAMWY3ZTdlNzA0MTM4MjA5MmI2OTkzNjI1NDhiYWI3ODkuZmlsZW5hbWUudHh0VVQJAAMnkNZWJ5DWVnV4CwABBCEAAAAEIQAAAOODX384NzhiYEv772KrgG0Q7y8vA/HXuaUuMeKhUEsHCIbDBwwdAAAAEQAAAFBLAQIeAxQACQAIAGI4Ykjx1SLKmQUAAFAKAAAgABgAAAAAAAEAAACkgQAAAAAxZjdlN2U3MDQxMzgyMDkyYjY5OTM2MjU0OGJhYjc4OVVUBQADJ5DWVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAGI4YkiGwwcMHQAAABEAAAAtABgAAAAAAAEAAACkgQMGAAAxZjdlN2U3MDQxMzgyMDkyYjY5OTM2MjU0OGJhYjc4OS5maWxlbmFtZS50eHRVVAUAAyeQ1lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAlwYAAAAA' AND file:name = 'invoice_ymUgem.js' AND file:hashes.MD5 = '1f7e7e7041382092b699362548bab789' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69028-7f00-4382-851c-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:04.000Z" ,
"modified" : "2016-03-02T07:03:04.000Z" ,
"pattern" : "[file:name = 'invoice_ymUgem.js' AND file:hashes.SHA1 = 'c0211950b4b137f74df845e64544ab7200c88b17']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69028-c3e4-425d-a5e8-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:04.000Z" ,
"modified" : "2016-03-02T07:03:04.000Z" ,
"pattern" : "[file:name = 'invoice_ymUgem.js' AND file:hashes.SHA256 = '3dab5300dc33468dc19d3834d7d80d8fe2128b042bcf11da2641cc30cd0bcd6f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69029-c3b0-4359-be10-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:05.000Z" ,
"modified" : "2016-03-02T07:03:05.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAGM4YkhB6c+GkgUAAE4KAAAgABwAZTEwNmQyMTI5Y2U1ZWYzOGNhYjFlYjlmNGQyOWVlMTNVVAkAAymQ1lYpkNZWdXgLAAEEIQAAAAQhAAAAcyBLD9K9F+bBPu2+zRANiP4kcazOYxA8Ee3QKETFh1DzBDEwzlI/gRkXyIxaquN2aYNv1I/NFpvK5kYs7MWdevRjHMDCi4GQG4J8PlMfdLZyc6klUwHu3eCM2R87KCAAhO3XsPlaCFioF6+sdAjRpcOXrq6zi2XeQKJEc0CQKt+dTPrgaGuSYB/7aSvq97Xgd+4BLxOXKj9kGTidPDxvyV0yg9/vJDDMmujFxMr59VeLjFrTYa2/ll0nq0985hzvwLk6MIED5T+H3VqdE4sKutPHDxSCNO+HBy1z8LiuDbsupkUfd3ZxuOpcpxCOhO55mG321q91h5Zqt9foghaZRXpN6hMpvFEjMceY6muvNSgZmycy5cYdLQmEJpCcvdVDvhbX5DTMbssUoj0n+5bvsPvIqonhR1ccjD5X3ofSE+DixeEXuoe11vT8TqsQEPj6M98tmNkegfA9OAGENW8PSWytaLbminW+0d3gpedHRDD+tgKRgY6aosS+bD1bqmxkNhD6DsXaIR1BS/+HW6bx9LebPWsPJM0AX5+t2AHnAfG1gILRpXzrM7W5yx/hh1fo67ADMWUrvOzRts0wfC0lPpaTo6zra/mlbFD5mGRV+FeTMV01lWwohiSwEduZ7iwwLU+KuyXUYvseC9hjIVpj9oABxl0nSdbehQFqKWfBEI9cSLvJo0YITQzAPNWqZLdIPB5/LJt/8CTxG7AM6vkS320/bLEKcAf1aQDjDjAuo5s+nA4xuo6djt3WXh4+syg+vyerNLgOj/GzWAl3JXvWMYMMq4z8zR4Ntcjh5NRhwkLHHp4QVrgaHAkkzGOu4dsrE8QuyR7avkrQjx0HGy+RdVblbO6jx6QTpHG+Bbxyu8gB9tSTlcrNdWhJOXr888gvR9rp778nqdWkdY9ztjERCclkABcfYdIMxsZVzOZ/8QxvL9kkDIwXOepqE3n35sIpbKuFHFBs1QuyCFefMHxPxUqKdo0V2zkbNANt6YHSfCKiwJLmOBet3tFyXzuJFz0jas5RESzooLqBfqYH9iWAoBmQlIlDDy1W7xpG6H0OCMnenAmKTvIioad1DErxnsDNGzJ7k4p5Yk2diHtiE3+fLtSBENUdQJIPf2cHmzltAn/4HJv8A5BT+HKb3OvaIkLe05K1ZvEUW9HSGkGl3zClWLgIfdSZpCGLoq+TJ2YvNNpkcgyoG7Rtjlqcsu4EbkaSf8TjHIwrzEjb2NuDDy9/KiCge2zyDBOa8MTE5V6i0RG59wisx+yGaX1WVR6z317gTQP0BYT/wKsqovsgDJ8Wg2yhe+ooJO2HQo3O/c/QuBK4YN97ayXO+oW9nWNxU/CramXqTqDD8TiRGWI1O+fpTDa/JTadwIDiZyylqm8L8sDK3SXaguLCVI7onjyo5Fc5tDPrfj92vFw2K0tGKsWLJyiLJ0iYfosu19aCBGk/hB7Vzk7bMP/Stcw9WqpioOZzw0XTKX4YabwPaxESUAqZAZnXreqRjF/1OIlL5FW73fZ1JZfDcmHS+Zy0dvc1SAD4/aglTUjwrl3bGzCM5GhBbgIrua1oAZOZB9LL50/6L7YT5GMQSrXsk9eEGZUGpP9CVXCIqOckb1Lh64aEBOXpV6TP5QPDeBET3A+k4HfGAy2SkhGOzgoJvR7hDhegEf+3Y7q9dMKichiFJE9nV7PuFawumUPIH4V/cKMeDZsreERbI4+SWygNG6T3wlziPM5cbpFsy1Jn4/qw8bWmtEWFO+QyXOdvpfCgmPCOdTXnffu5WbsKibkGAINM+L2OHLK8L8AU8ZfqAJwckX020EfVj3TrrN12wqyTHw9LxO8pYPepjNikKuUxJbSXxNU+DXyvq/su1A0B5RsuMsYDOKYK94GlpLGueIztYKScucnjTkNumlBLBwhB6c+GkgUAAE4KAABQSwMECgAJAAAAYzhiSIpMyggiAAAAFgAAAC0AHABlMTA2ZDIxMjljZTVlZjM4Y2FiMWViOWY0ZDI5ZWUxMy5maWxlbmFtZS50eHRVVAkAAymQ1lYpkNZWdXgLAAEEIQAAAAQhAAAAE8Czm/NaSAIfbTtjiT/+VM1DWB1rDGxhnGmCxG3C3VvH+lBLBwiKTMoIIgAAABYAAABQSwECHgMUAAkACABjOGJIQenPhpIFAABOCgAAIAAYAAAAAAABAAAApIEAAAAAZTEwNmQyMTI5Y2U1ZWYzOGNhYjFlYjlmNGQyOWVlMTNVVAUAAymQ1lZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABjOGJIikzKCCIAAAAWAAAALQAYAAAAAAABAAAApIH8BQAAZTEwNmQyMTI5Y2U1ZWYzOGNhYjFlYjlmNGQyOWVlMTMuZmlsZW5hbWUudHh0VVQFAAMpkNZWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAJUGAAAAAA==' AND file:name = 'invoice_SCAN_wCMVzf.js' AND file:hashes.MD5 = 'e106d2129ce5ef38cab1eb9f4d29ee13' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6902a-3d88-4961-8c86-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:06.000Z" ,
"modified" : "2016-03-02T07:03:06.000Z" ,
"pattern" : "[file:name = 'invoice_SCAN_wCMVzf.js' AND file:hashes.SHA1 = '36929687ee709071209ec36ff2189f31712fcf55']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6902a-1768-4b20-852d-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:06.000Z" ,
"modified" : "2016-03-02T07:03:06.000Z" ,
"pattern" : "[file:name = 'invoice_SCAN_wCMVzf.js' AND file:hashes.SHA256 = '033a171fa482b0729e05e605aceeeb9164519d20c832a912da7908b8370606f6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6902b-a6ac-455a-a500-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:07.000Z" ,
"modified" : "2016-03-02T07:03:07.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A G Q 4 Y k g m l F 2 X y w k A A D M e A A A g A B w A M D F i O G E 3 N m M 2 N T V k N T Y 2 N G E w O D V k M W Q y Z W E 1 M T h l M T h V V A k A A y u Q 1 l Y r k N Z W d X g L A A E E I Q A A A A Q h A A A A 5 f b W N V T i E N B 6 h 9 Z 4 O 7 j G d Y V g D 4 Z n d g 7 / a i A e E j U o o P d R e 9 R U 5 i F K U D j 6 Z T 9 O 0 d h E C l c 8 Q f r 3 q 9 L f t W O 1 q s T C T + q 2 P m 5 r x J f t i c O F 9 F q R 4 Y U Q c 8 b A B t v 8 f y 3 u w n //kCb/YaV9UNeV87sNogOuHJOC+AWRn98MwDa6dqNYqC1KWNw6blLyj9YPns91NjscPRQf9yvSDsSLj4IeGlOA6scnBRHLeTPqjRlKIsc9u94O9mHushoJ6VOr1ktpEVVt67i3/bPDeuDzto8Mvuu2a6U7yIRLnDNC4WQtp9r9gsT4HtV2ZYuqq+2Le2+SRsx1L3pcCnYaj5DS5TPIycwiXXbQS/0FGjwZpJayw9xeEuz3i1KdGc38IDOC2UJgJ8G8SMqnVSDr3E96ccIJmepeJtbuqsnx2HtzuM3wvqCDQ0lJX9HtqEYcALi4DHOFwFDFAVj2ZR/a301eveAVjgga4oYa4b2eMfrtGSGuTn2Vlt1kuHZAkqv35uyVM/LixENUamtscGKuhGybVNUj6mVavZxOdKlB0P2iYc7SDSrgG0XkYZl8+sY///ze1jTVl/jQb3NpE2Fc2fSyhXmEf/hgNtMq+eSb+JH8k5e5QI3r3PWwVPYucVBzfuGACY42f8VHCvHzx0pCJ/BeNNlM2tstoPYsvW1g5KP9ImohspBIVqkNAUw4I3f6oH9h2n3XMQvZcbODRYY3Ndj/aQfFYLvMIZ2OdPhQ6xaCLkkVMNuMZBaZAFkQ9br1xIJu4I1MJhEUWHmil52VlUlB2/KtCKseku5Q0Km5EWh/AlRlURqoFD1r0LGoTYF0wqKlleG1njKBkUUgPPRh2bvKeS1HzDLDYXRM2FmnsLNp68uj5LTdJ2J8r/OGmKGhbyhueQDAgxpA5UMbAjO4H/7AjM/t7DTbW/5nyGhBGEKbN8q/b6rSvNenY8JR2Gp2FJUVK0Cj4wHeTllzherT3/6Wz6jOlUSltd92pfcZdeGWWDlMQt+3Q2iirZHTCLNnWg91DtIGBKwT8ON4zi1kaLqRT6ifi1JF9+bsL3+Fw2M98oA5PypD/4gAkHPaabvUDcn2iVh+Vl33htpyYFrX0nTR8UZqa5+IGEmTtF/UPJNb04J9nA/If5KJRi38KCZGphpqgrFQcYM5tZ8ArtPA8pcLtbDNnWPRJh2uEv/0ae/bEs1/2+H/as8/FiYLDnKsrcS95Y2jLZBBWTw3joV1CmCWJ/2Im8gP7GjZZm+EWFpLTRKeKH6t9nidasY/sn5Pk832c75AZqXsjWbRqZYkNU9RvqexHuiNPYP1I4+u4XA1Pw1tU5IU8rnvHrxe9aERr1we7jKHrVdGFztLO2f7BZB2eag/FaMSMA60axSV8G5aBD5IHVAne1Zw4gPEo7IzGe2Fpjaark/nzyq4uSRDVwjUZCDgmHwz7MdGbQkccWNEaz/crnjq1tfJV3EVpDrBLtIeDWJ5QMepUYGAAbbEvFh2A/Rol9DIHI/oZXI72jVBMyzmJ58PrSPlNzMunsdAASaRBn8Ki1WCEaJvIrjLwTG/XO42q20yPezdDQO42yS3Qyfivr5aVNXYkHG4rC99AY6gUbcB+La9rmi4zhrZJxIQHtdLNW9HVSMzfApajpjSfpcARzeEWfYFEwXVCcc27g952in92a+4JTePkA59S3CtsDGDFRmtUdTGFH8kmu5wig/YMiHehknAt2VxPz+faqWpmR0mJ56kok3rAJPf7iZKqDCV1JYPKliKOqWa3m/hDWo4Af+uHhsI2W3ikCXK4TJESdNCaA7ecxruhwV1wzvg2LcxWbx++SK5CUNamvu1qC/nD8s3zaSKq6k1TRVMM7ZYqdKzU9lkMGW07wP6Ii/MsROuwEa070W4UgOnnhktKZRk3v09XV1R0GnKe3/XWAGTsdpRQZluDxzx3geqDQIwX/bWAvUfpKiLEx66FJRJxNSdjKSqrTV+qisPqGrXRvDJ5QzjnX8lOF3G20xxmtsPshboZZLfmahuasXp1whROcRzmvEKETTZfdl6xCnvPmh6DKVFpbs9M69jaLVKU4FqKly6i5YkfiNHYvxXfZJwwGs8AR6qMB5DL1WHoKOcp5GoMTZr4nRmFDiPzfb0HdP7d3ITVdP1UufxiXUegXUgDtiEMVzbZe3E1GGkOJ2EMWXJeFuCdvmhCwsSJoTcZ5vNWyLfNEd73OHXD6wPldKoFWkvfSdIHlgmM8V0u2w98o81SmVkR1PzypvBnkZCfP+T/94Dt4aHH2XobHJMK5lOuGTYx6QhqXA/rEoQf4umYii1xzPLhjM9MPoCIwCJHVWOXpiu6saD42r/izNOuua4kQfTYicL1Agp2sNH1BVltq/nk45+fSf4Pwv3pZm5pmQcygMtXcVthjGilBlxJ3boRimaS35tNObA3PYdYLkEG/V7ZaabdRsTSfoYvwWnuj33bvCeXYZZYPLFuh1XxOMr6dhEN56blmwIkISxrQ8DI3Wsi741R/LFF7RWQN9ehZGVIb8e4ygbMCVmdl/qfN1VKjpCGzDlGR2nt/BlWpElLgfzMe6aGPhHuW64OdfZfYuv0UyInN2Ec3881aSTru4WNk3eFxjGe/F4TVKnigzFXWNPyCKecYvhL5nRW7dek6QQgWcUa+BfMs/qb7kPkdq+WutpPJHWXZTVA3HUB9D+ENwM+iN8WqCcAcxxyVf15Zv4dniARYD6/8gMq1YauVuQ3TzYAlTzroBVdWuWsf5lmFghRejUHSwXAeFA///pN8LzRtgj5DtIAWBjvD97rRgXBBVLNwm987nmA8rSQV/Km2NsGsXc/gT0vf1rTmU4iALnIUldfjB3sco91PndSPnrthno+Xu+XKC8CurVEcLH8DvLUApF5pSHqBmMUziaMvFhA4WlvnMWHWkitlpuGOEYdx/WK0O1eUwPWcV5U6XUq/NMYaHfTRT7PTHYWmQj4FvUk/YcvP73Nkzp0oJvUstxCEWUghK1djPTjMNA04xK72ZBYOJmrGme7AqTtLBXNpK5wwDDOhgmYAERWx0PgTnZvW9534TZiTt/ngW6wgOfm9n71KRs1ORuVfod9T2snAYRQce54ajf6tR4zD7sfJsXdm8DLLQsTLdoJxUstlLDkMuS6zEVClCTewLQBZ0BGnQG2u9sp1Ocso5H+vo10QjCc1Kz/y0Vk5r77xB763zSUMUGHTOZeS/OrKFWNsvss/+OwGY0xia/V0FLORQrf9672DFIIasLGcoezQiCNH6WfxI3pQ0ChI10vPwQugvhVyR07xQzqdGY+oaxiQzwuH1g95Lp1lvwfcpxfZ8VRnrXDz69F4nMvfOiujyDWpVfOAgLQtPfVadQSwcIJpRdl8sJAAAzHgAAUEsDBAoACQAAAGQ4YkgJVIEEIgAAABYAAAAtABwAMDFiOGE3NmM2NTVkNTY2NGEwODVkMWQyZWE1MThlMTguZmlsZW5hbWUudHh0VVQJAAMrkNZWK5DWVnV4CwABBCEAAAAEIQAAAG2oGR/RRzlN4XIL2FjUAJc8hqEqGJ04TbNDQ7W27rJeVhVQSwcICVSBBCIAAAAWAAAAUEsBAh4DFAAJAAgAZDhiSCaUXZfLCQAAMx4AACAAGAAAAAAAAQAAAKSBAAAAADAxYjhhNzZjNjU1ZDU2NjRhMDg1ZDFkMmVhNTE4ZTE4VVQFAAMrkNZWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAZDhiSAlUgQQiAAAAFgAAAC0AGAAAAAAAAQAAAKSBNQoAADAxYjhhNzZjNjU1ZDU2NjRhMDg1ZDFkMmVhNTE4ZTE4LmZpbGVuYW1lLnR4dFVUBQADK5DWVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAADOCgAAAAA=' AND file:name = 'invoice_sca
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6902c-2548-43a4-9a7f-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:08.000Z" ,
"modified" : "2016-03-02T07:03:08.000Z" ,
"pattern" : "[file:name = 'invoice_scan_vS4vLm.js' AND file:hashes.SHA1 = '3f958e7462e270a20e5cc12f1e6f328f6b5071f3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6902c-4c70-4c6d-8225-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:08.000Z" ,
"modified" : "2016-03-02T07:03:08.000Z" ,
"pattern" : "[file:name = 'invoice_scan_vS4vLm.js' AND file:hashes.SHA256 = '8594666eef9df6025293b81778d56867abdb7949ddb0ae05481a5d7079093bf5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6902d-0b78-41fd-925a-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:09.000Z" ,
"modified" : "2016-03-02T07:03:09.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAGU4YkjSI5kRjQUAAE8KAAAgABwANGE3ZmE2NmU0ZjJhZjE5ZDBhYjgyNTgzYTEzNzZiM2FVVAkAAy2Q1lYtkNZWdXgLAAEEIQAAAAQhAAAAcyBLD9K9F+bBPuvDlJNlgTpRLd5x5Jfadzv2vSS9RmtQyhyfL7ZY80P3B41WhxmMcf1448/0P6SoZX5GO4UA6d+WOM6kLSPmKeKhJjdYQyLfeot31+HJQ/PvWSvuuV3czxJZTEGtbJtb9smWiWpXGlHItYHTH3WdyjiDybrtB4pLKHqSCB7oHeWv8XxhflXCassmwZ+eJqZESDGWHiiLhDpvP8uAqTOY3hIeoXk6U5ShET+LCxuF3/p9uS6SPCL0tQQjZqV/sNWNn+BK//t/ye+h4T+W9vPe30S2PGaZ7g0A3/pZ6HsF//3c4upAvvse0EOVcwRuMbBTKjjuy7xgE70H8YHYgtYSDJNf24EJZtXfgVIyiU8nJIdqjv1WBGlSKRcNAng7jghnPiCTWR+XEeOgsrP86l4+PxqlBBdaw31DZ/+va7GwVICMj9jJJjZhCt6EjrZ6rgeU2fUOD6NhlFuf/Cv6EYLMG/aNUGiMBiPFqEGDlbSK7vyIFZKl7FaPF5sD3DzQIbuUo90GUYYz2ql8WfI0F0O0bvR65cA0AFG7HiWTFPNPAyLL+VTs/BFc4JvEnF1G2Zg3RfWDpw/DDw92paY3kKvSQ8iPGVblFBjp5A0EQYSLk1b59O9BM9flqr13YQycP5zEauk9iWxPFv23oO0OT9aDPkF7anb1THWYMN0SKctXy76IRXUnirZEld3WsufklqqgUrh+3v+kwaySnXh8COpWCIsTV9ZX6RRpXVQMvNrVJlhEv4ByuMpolHhAguIYVuFwWRTrMBvoCQbJ8MHEtOWf6Hy8anq3dtczI3H7mRrCZ8EGhTMZ9cy8Liikoa6tuAY6XQSrYgYlAE0cfT1ZOgogMVL5bsx+xK/NnPb9Z5ZKlOHq5g9ZS31ulk3xh10tOxc9OEXw1kXh/JkMImWxMCZ3vydOMMG/k/qXoB7idvmUhbs6DgU7bbKW4F6tb/P4W5bz1Sv7CAwJxOnfEzt231Ve5jnAtCVMqgj738kN5xbIMDtQCUyg3Aj+bxafTbX09yXbMxw5n1Jur9tcgjgEeF+guO4me7rz3wuuocwrzdCc6a4pTvjdGmiXpYS40HlOu+Blsb3X/eIqWpyZ72bLFps+MKYsbkQLpVLNTLw9Iefb5pIE3Thfs1E3Vwto8I0qIJ1q2TI3vVhe/KtqQpN97EmZzyG4BOjjcmwcgI5VB2IAOGtQhhenKszPvvmVa1ko2GhUZExBqJ3abwvGlcMMuPIGpUssYEEKR6El7OWkcsQ5WjinOpt6+Ctv8S+ybzewy6q+0sU7yHyzAUnnhBxbielUyFkKpXJ4q/Lthiw8SFpYeRMkMKIGeWFnDs1ab/+TcNAWZ/QuDC9tcyfIX4NAOGTw1AJ7gyGyJtBCHKhb01q7Oie4+iF5FYYA6+mvaKxdG24RFH05uutkIbhdUTK3amfXdp6gzv44MVPtpbv1cdRgA48LDFnxuflfVSnuxaTxO5RkIjD6dbS1n0bxZWJNPoXUofqI8p/+1RygGBmIiWSKJ7wuGWEI6TIgV4StSEbv9oZP6Drt/bmiHmfJ8aEx9xF+PHoEbcFxy7n668a6SfaZ+or9Kd+8NgblrIyCEQfo+8d4rQjjZckmTgRDNyOYHQ81le1ho4GDecPlWyrWigEsyD/PDBe8GrG3Z7ltRuSIrDGh4nCaBSBt1mBWxpDne9Dt2nuj8ZxePXrQExxumjs+MZflXRt/el0n7bNWlvK/ZWFhd2dyWgWqjdQY+O1kuNmVLlbyrltZyt3EE8ysIUxczmcug01UxULcm9RjxNUxciRfNVIYN25QJua0nSWZeSUMjMaEhFsg8n3bGElVer9/yKbD7HBkjnEOiJDw0hWO9R6oIyg7YUcEZLFOHFYK9L0fbEMdfSBQSwcI0iOZEY0FAABPCgAAUEsDBAoACQAAAGU4Ykic49Y4IgAAABYAAAAtABwANGE3ZmE2NmU0ZjJhZjE5ZDBhYjgyNTgzYTEzNzZiM2EuZmlsZW5hbWUudHh0VVQJAAMtkNZWLZDWVnV4CwABBCEAAAAEIQAAABPAs5vzWkgCH209nQ3NoGUjbo/oOku+JZ7rx4tWzIbo6h9QSwcInOPWOCIAAAAWAAAAUEsBAh4DFAAJAAgAZThiSNIjmRGNBQAATwoAACAAGAAAAAAAAQAAAKSBAAAAADRhN2ZhNjZlNGYyYWYxOWQwYWI4MjU4M2ExMzc2YjNhVVQFAAMtkNZWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAZThiSJzj1jgiAAAAFgAAAC0AGAAAAAAAAQAAAKSB9wUAADRhN2ZhNjZlNGYyYWYxOWQwYWI4MjU4M2ExMzc2YjNhLmZpbGVuYW1lLnR4dFVUBQADLZDWVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAACQBgAAAAA=' AND file:name = 'invoice_copy_aYDIQr.js' AND file:hashes.MD5 = '4a7fa66e4f2af19d0ab82583a1376b3a' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6902d-8634-4d97-a8bb-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:09.000Z" ,
"modified" : "2016-03-02T07:03:09.000Z" ,
"pattern" : "[file:name = 'invoice_copy_aYDIQr.js' AND file:hashes.SHA1 = '80c82ba29490ade575e7e06ce80f299c3d38ffc0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6902e-0de4-4ce9-95a3-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:03:10.000Z" ,
"modified" : "2016-03-02T07:03:10.000Z" ,
"pattern" : "[file:name = 'invoice_copy_aYDIQr.js' AND file:hashes.SHA256 = '94b8e25230239bc32a04aac47d5f176edf4b0ec11017f0c3589f34d1162e4dac']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:03:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69190-d6ec-4808-9d03-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:09:04.000Z" ,
"modified" : "2016-03-02T07:09:04.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A C I 5 Y k j h Q 93 T 5 O 4 B A A D y A g A g A B w A M T I y N G J m N 2 Q 0 Z T J k M j g 5 Y z U y Z D Q 3 N z g 0 Z j d m M j g w Y T d V V A k A A 5 C R 1 l a Q k d Z W d X g L A A E E I Q A A A A Q h A A A A V Q I F q w h z 8 N m b d Q i l + 38 K z u v d J T 0 k M / F O R s I l l s 26 r 6 b i n 6 Z L j H O + b 0 D 1 f V O Q w C e e I K H x U A j Z B c C F 2 I W + B Z 2 X e v 4 a 79 i I I A s B h S R Z 5 k T i / r w K W r //Yc/kYlN3EmdsAQ4u5CDr8u2TnFt9Z6YHH4bk2SC/L8sMAokwlp2znIriL5bJnFKZrTU3a1dhGzDmBhkhw9vsq45XWywQqWfH9jBnx8Uv2HjxewAF10gqeB71D6KnDyS0Xa3dRkwgHRLBOnwmy00wmeWNJsRNHnfLmqpNQFSe5t8kzFWLrRZ5r7J93t3riDnmTdsoephw1/5jn3g62YrkUzBbwiAlYUCWOXgeyOBSvbZ1UbF5xO+JWs5LoSKGsQzeeBImeIlCwD3aaRtyfLwkXA/a/kZOWNLqLMYSDrWN6ofqsjxDlwukyntxeSJhpNP78R1hlhSg5F9CAX9pIV4RZ9aW0P2IkYXdjmIiEiCSXEUGsIGdeQOGxgdoQLzior90fTjPVsodK3G2qyRXJYq6WPvBeMmr3aiyk77Vd7MFFi+JcvJySVrCnugn99PPS+ORv+KyS/Qcod312htaXLP5xAq7+BHIe5ZWFqxlmcmqEGA9Rm9PUAKB+/gBRdp+lnCkGmsRIJX89Tj9qqauTnSYQWjxcRKYJFkterPKWCVtMreJNBUhm2lf7Ab96SUJPlubLyNYDUZfEh+1x6k8QkrsnQSJXrtH5IVAW0UTWRtYsXtcRZ4332u3gqIpcs9KOWCYhQO7jDMEJ1mnYfZYiqnNz+sWrWwD8SNV3Rlh+e1/x+I2gfkFZ9yDwylW0CeqTDbbur7cIaxcy2XpBMvi8Xq3MBrEi8agtptuQ/NtfGY4tZIvwhPOW89Nnsc7sOVxH73lF3DrpbvgwAS6IMvfrH3rA0h6qA6vuT27UFGLfzk1dkBGCzE3dx1mJtWNgV/QBt5voyEbAIQUitmccelsrrE2zhniSIBUqXMkBhVSes5XYNcTpC2wilcdtNoc8L8NhosKMi/AC05xUupvxWtp2MRBw3N3tVRwMJDd/HcXa92+J7llyCFy7vu10liaqrAdulvB1ckTzDS+4gOlsvyvp6KjkR6PPIx82QoBNxWJBqpPm28233gOpZqWZXvU6KFWxHKB0SzPY16KKTjX+6M2ByCPQ+QpB3wgD/H9uAAgZiPhVW4YRCCBtuQmA4RQCl9IVGjbpFLiFfLPjunGxDcSVvEhl5wi7eSlfp+vlbL2mOlV/p+hYlTptF2mwrthQxqN/erAkYrEHoYy3mD4bXKZosErmVqYMmKmW5ostiSx0ioAvZBY7oiD1uNfgM/356dNvpuPCHDVm4K7ZJe9WnfWcQyg+1BGAFS/goWKQ8TofrnhVYmLiG4fdrNlCOB9zixNJbs2qyCAeQECgMP/G5+vo0AuaVtjoPXHrvyJnCPokQIOLdO48zYrUKWRuKzarEJvX9QqdbfAQdXCU9ANkoNtL0GvJ5xqg8w4L+2Rs2CuZ90+XI2HrbthD2cpwecoF9blda4Ju2K86+AuWfQI/GHbvCBakee7aFQ3N/JSHQVdtD4anVncFYW9Xt6toOvmUP5d8nVx4YRa0/sCV71lMuA7vZgEkt+hXfV9bX8gMaVbBH+g6VzN1f0HMfHg5QfhomysaOzhxQR9LqQJd+84GryzD+A71kXf1YUZuqsW2sPlQh9G34rCsbmRLvtoI3jRE3Vaa0zcoIGUd9aBbCQ0JW2Va9ZI0SQYOBWIKeja9uY2C08iOhMqjPXIgl7eGO1iaYYlJMlRlIQUc2etMkE5rE2l72WAYbv9nSrl4rHZzXCusffazwQYsAh594UTdc1fh1mvyNgBgelvD8WF7Qa183cUH3k3RDvXH3mnE+UmI0lGSPNmQYOOgIRt5Dmpm7I1NgFiBCmz2bt+UGtflqsKZ7UMiRvKCzwBAKRw8fUaC1AVtPNbYkcK3dxgn13FqRMIhpHhaS5H3XPgGEGqEMvJwIH0zt4R/5eRY6KjN4umN8d4XcsJNlwTKovmxvAARqjtEQgVG1DZkZdGJXYESVO60TmjL5wwItuHf0637fatkpukWxzqEhMNdZWMOC5ftspd+AOhH/C8svvdhapx2vqbG8Wk6jfc7c9lTpCabqDeWdSij5b+1LHTTLMxI+L7mIAEDuFg2L2zMx0t/0LdDQXyfx++Mk9NihbhUH7OlUoUE7GMrqipR3o+mrZ5TABrGF7KNuvbwr9IF5CTFq8/MhbJ2fjQMRdpkYK8oryR7ATQ0jIA4vOWOwa0t/vTowMw+SeNDOhQbZRheD6hrgEZOW2IlZW5PHXiRa2CcCSST0fhwaRjzVN2U6XMnCL/jJ7std54at8NnKtIR1uNZxUpgUF1/ylPxaWlbyvhoM/Pin0zh/ZNDbUFxyoWU+m0HbarCCy1zOk+0wRbuNODylKwX/QMTUMVKWNWZ5aNSxl9iRYLhDCSP5ipTa1KjB6u0aKzt7+lLuKixFNveOCxL2AfHHt/NfcFHSdl6+H8im1yyJjHLUoOBAmGNaI0a4yCv5f6YA/3dfRHu8GdCq55eAWtl/uFhJju/u957X6V87NzrCpbXTqHklIsEUJ880FKGDE7MlrbCEVz6fBxJ7wvgTFAGzug2n6oH2dHlQZ9NLxy9uPNO7mvraT0S55ud5ZBWKi+iyGl2XE+Fk3qkkc9wnRvlMU3+gEsatJx+p0kOSGlhMYa+qB5nxeK/dE2jEu456RtOc2b5SD3y9TD5oWpT6HuQ4Gs1OiG/mVjeTROlNu4925oKv+PN9uFpZj1SEVo2swrB9EmyNMP/AP156Qo3RYVFTlBfBP4hUDK2F71flXEUxvqsO1M8ASmgxjX9RG7MskN3HLt7RLZvwQtdIsPAj1zLUrqPQGkvxSqIhVAjSSppwTrkzJ/dsH7AEfGSZMEKOK7FJlG7R/fGggrrfPMslemeFbDD/wkLeUt6W99a2+utUycy3fE9EAlJ47Vl5pL0HN4fbwijY2eaCruOuV7uNEgSWhewN5uIZA4ECPKBS+Xq6vOCpcx+84f17hRT4DyZixZZA3Rw7HsHh9AVjE4jbL/GYrOc6Fm7E08gLSQ+wzs3dlbcA/5qoYACddpuvvpRhV8k4fX7TpYm3OjyID8k8Rf9wOr/0vwHkaSAybiQ8S7hNBy5fbTkUn/W2r5/KMtnBRhl8sbzOV9I++WhwU34X39W9ZAI0y85R6xIU4F9m221m8hzAEGP30VxvGQ9UoK3D8XqgEwCRKV0TPsQiIOjVI5CqWfVy8v3gZD3aI3lrC5SUVVaH+2ePltSObb8H9Mpz3GhrxQcMe4xPG2WKUkNZcNezdUKtp7bTrVxZ5M0SYmbiYUr/yWp8euwWvxbtyVsZdiwB7yRASeqiblZlpcPrcLOgxoG+muvjHmU4NT1kJ3urjogXcDq9cw59X5t+LY0PvJWKAzPH5nYc54NE42x+ZBw06X+OIxBFLhJLPxV1Rzw+dgOUyIIB7EnuqONsvoO62cFShkH6Tam+E/05RwMFRlWO7oX1glIteM96Nwb3pegqTok4rhuw7wAoEs3nCy1zq2TwUGAlfESTSi8JR8Z3AMINKRmiEwszyAEftttdvBLeLzGypOTHHFzF9bpdTDIl2OkwhAyeILljN/weKUDhRHuTHGD296vVwME2VzhQxS5kaCtECxrwSMIyVFNeEEiAFT6u+FlI9CaeW4DnVawgnggAJ7BZz7h0mz/L3mI0Q0K2IJO2vlVoHsRDFR12wYvfTNwRu05o99rimxqWqthppF5/p8Y/6Zoa+KHZ7XpSyGKSFFCjALCYmi3BwqJUQ/8pwoB6emlT5JORuCHDBZ7Lc9ueHKjw9W/uayLloolDRWDdLSLWomZI2ohsbeRwZaljlUdf7xFIJnOSiJrPRORoHKmTNtGkq9AFfIiMOcZZgFVh
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:09:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69191-3fd4-4639-aa22-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:09:05.000Z" ,
"modified" : "2016-03-02T07:09:05.000Z" ,
"pattern" : "[file:name = '87yv5cds' AND file:hashes.SHA1 = '00f49ef0c6ec348788e6b47eed8a79f0ca0184ec']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:09:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69192-fd70-4313-a3bc-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:09:06.000Z" ,
"modified" : "2016-03-02T07:09:06.000Z" ,
"pattern" : "[file:name = '87yv5cds' AND file:hashes.SHA256 = '776b90d3fbd639ca8e8d5f198669c2e9c5f81bb2d2471e320c2ec77e6a455248']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:09:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69193-ea54-490c-b3b9-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:09:07.000Z" ,
"modified" : "2016-03-02T07:09:07.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A C Q 5 Y k j 7 h K L Y V 2 I D A J Z j A w A g A B w A O T Y 0 N D g z M j R l Z D F k N D J l N W E 1 M j d j M 2 Q y Y m U 5 Z W Z j Y j Z V V A k A A 5 O R 1 l a T k d Z W d X g L A A E E I Q A A A A Q h A A A A p T o 4 v 5 I O s 4 n T u N s / E m / D J q S a b t s p x H t 41 J N y i r W b / E R B e q d B U e Z Q D M 1 e s U C Y N A H P W L l / 8 Z T O 8 U 1 Y m n d 0 p Y f W t j i E + 9 e c s t 0 D n I E L O f B A / u Z K x K x K E 3 B z m S C Z E i 4 N M M 5 y g s I h P e e i M s F r b A J p j c X X Z u l B d g q t H z F 7 P F S M k f z f b z M T B 6 M Y x G V B k m T 34 A k V 1 Q U M F Y v K 0 C p i G g 4 R r i 6 a w U c r 8 t 6 r I c / k 4 q X f 3 I p V J t w S h j A h 8 m k 0 O i B i E X a i e U v o t z t T P 0 H a b d + D + D K d h 1 g n + 1 w V k o d / I J 7 I I H H T 9 R 2 G u S A 5 e d e M A w M 3 Q 0 8 T j / E e M b Z g x t j f v s f S E p P C + / u W s / o b C 1 f 6e5 r + 5 M u W B 7 b O x 1 + b S N K S x R I h A B G b E o Q 6 j O l + K b x T 4 P 0 F 18 m 3 X 1 q H F J m 5 G e i S J x P G l h I l X W M J f i u h q s 4 N U 3 X W r H o F Z q c g D 1 X v 9 R X M n G V 5 C a r z U / s d E D t T B S d k i J r I I e 7 j T O J W C P K d L 1 H T Q x n 0 p W R o 5 W X m t s b i T o z O A G f F 7 z P d L D T V i 8 n F H h Y 9 T f 0 J P 1 E k s w p 8 m d 0 u u 4 z J Z D R 1 Z P w 6 V x a j g 8 G j g z Q 8 m w z d o Q W p n M d K c K A R M p s / 5 v 41 V 8 C R 8 O j t r v q V a L Q p t u p E H H k u q E N A K C s r X Y p F 6 V O P F f n 22 n l X t T 5 C 1 / v e U n W E r Q m K j + 4 Y P x y v c 9 P w z o 9 n Y B r B j 5 T m g w g I 9 S a q g n C V R h y S N G q r B 7 H h / k W D Y y a k u j 4 E d 9 B q 0 B m l E J / 3 s 8 G 2 u S H g V g 0 c T t I 5 O Z x t L R V G 7 b p l 6 p 4 A H K w i T 5 I I 5 H B Z W d g n k K A C G c k Q a B F P 6 c C x 4 K 0 p v R 4 h G U e 0 Q F b J 6 C X x i C H C Q y j 0 4 q M c V Z Y M z 1 f o f q j L G r X p E X W E k r x A c a J M s i y 7 / e 8 H z a a 2 v O G y Z j z h M 2 M n G D P q / B D X t d D c l D i N l 3 h L b C E R g r b + s z 104 j u 3 b x 3 D 2 r s W 9 i N K G d 9 M Y m g X m h x L r 6 P / w v A y T r X y i H C X S 7 B g U d q 2 B L K L j V F e t / V X U D 4 l A q J s V F I X + S a D w W U 80 f o 6 M 6 r 2 k b N x q P P 0 S I C G C g m c x U J 6 p 9 F G X r t 9 j A 61 V / 9 X 6 g A 7 L h m o i s R z s f 9 p p O 4 a b h W + h y 2 D E G d 4 P w 8 o / 13 G f L 7 / o N a + 4 W 6 f y + U g + x i k p Y x N k d V V e c T R Z p d 2 + m N N 2 / o H d e M N u w l Q n o X W 92 a s E Y u h 4 E z 4 i T R X 9 V J / 726 e c g Z 1 q W l + 3 g A P 0 B F q E W l q h L Y 55 y w D Y 2 U p 1 s h / 5 Q K H i J F R v 8 m M n N g s W V M N L m K U x Q Y r s U p a r 0 3 N R v j G l A 4 q Y t 7 F R m J 0 B V R r b j z N J R A v p m H l f 80 j S R s a t 96 A j o E L R 3 M 9 j 9 q j k E b o U z G p / t r + n M p f x P m c P x B c E W W W D X 8 U U L 3 e k S P X F R k 72 M 0 X W b F 8 A C a n m 6 N 0 i z c 0 D P Y a 7 d p b I I 59 Z i I 6 U T g 7 g R z 0 42 u V C A r c z 3 m E H r 6 T F H D L g p G p D C p V z S D g x R k I A Y 4 J W N Z M d k u Z e v Q o E c 5 H q 0 9 f H p z D J w 79 z f Z q N p u 8 e a c m l p A v w y s k Z D 7 u C z p I z 9 v y v U S r 17 a B f q P V o F z 6 L v G Y N s L L A G p l V y a Y B Q y m j 66 B r w i E 0 C V b q P C b 8 w N Z 5 b 8 V / q 3 g f b D B L + + y D / f N X O 1 m 6 d p E + I 7 c t 7 i p g I a H 4 V c x Q F / W E o S 780 Y U C U U p k L V W j C i Q V D 7 B c n r 157 u x 8 X F H h m x z P K X A i z l G v C i 6 X e 4 L I g k g Z r h e X v f H E Y K 0 m B / U 8 n 2 j i P R u j a V n C H 5 W N J r b 0 b t N L Y d O R t f C L I 7 J j K e z o B k t l B U O 2 P I M P D d v t I X h J P u L 2 U A 8 X q p 3 a S P V h e z v T / i V 16 r k F q l P N q a J 0 c i m T L 3 w 84 B V j r L s X 13 P 50 u I L 8 d A M F G u E P S O a 9 A E X v r A 0 x P a W 178 u v U J m M 2 x 0 z + H R W Y Y n I G k 8 t c 2 M S Y v D p p 5 O 5 l p 8 K i X B O p C e M c g 8 f T 80 h S r C 7 B O Q S c h 5 K Y Z e j b e K t A S Y f + S x 0 w W x t Z k F 6 m P N w J I x T D J Y 8 F E w l S b f q J A l 9 o O E d B J l 0 9 K M c n m H / X b q v u T + e I g 7 Z + + 0 y D r c G 8 x + a I U q A / b F 6 I 86 r F 0 f W Y H X z P C 45 I o E a g r V Y e L W Z E H L 6 f S 3 R A P 0 Z 46 u g I 95 G R D l w D U c r f 2 R Y b / d g n E 7 d b p z m O c s d g m R z j e 38 O C Q Y y m m I 6 w M 3 Z h B Z j h A e G 6 b j H s j r A 90 z h T j j D j 6 P s C v S W z g / O C V O 6 z X U l W m t z 5 O Z C k h S i t 61 x / Y 9 F s A 4 O B h c j W g T o I + 2 Q v 6 q T J O 6 w B S i 1 p f T P Z I k J U b 7 H V e S b u u f D A o 5 f O / 89 G c t v U P 8 U i 16 u Z J h 8 t n V A u B h d e l c / N m d r a i e v w S S f l I x 6 c l S n L u 3 H u A A l z Z 8e6 T y p Z v g F l 3 p e F K Q r x + g E s / T y T R g W n u 6 b 5 S M a q s L 4 B F g B C N + S D E a v n q 6 A z B A L 1 G y Y Z O s A E F 0 9 T h 3 X v T c 9 G f p 0 k N 2 o g i s Q v g U F a S d u p z s i w 4 B C 6 X f p 3 t u + f P 9 n T i i y + + i J f X c 8 V M 1 R J I d m q 5 n 9 L I d v 7 Z 2 h E l 7 b j Y Y 32 Z j z 3 A l d 93 N K F y B / B 227 / K B O A F k I k M w n y u J s 7 Q W A 46 + C X X c m h h 0 + g a c V H y T d b w n N y b 65 k d v 0 i G d J B y D i 3 A H H 1 c W W + v U i W n h H I i F Y S 1 M x i i z E U Q t G P 7 n v S O 3 Z i X k D + y d d l 8 v I Z 0 D K R M j f i B W 3 n g e 4 Y 890 K 8 b G N F J d v W 6 e O 9 C h g b k u a / U X 0 k x u Z V M r u b i 2 f 75 a 8 W n x X S w 6 N M x C 4 B j I R n 9 E J H c R l n 0 R d S T X e j z g N Y e i P R B 5 g x l v t w E Q 5 R y + v j N k 0 V g 95 P a h W i 1 g i T D I 0 c y O u b h 2 b a Q 0 L p z / K l z h u n G b 0 B Q A F 1 S Y 1061 t K H M h 6 e t p 85 s 0 P F 4 Y Q M Y O Y O / z T 1 o + E q a d a H 3 Y d e k j o 1 o f 1 e v N i h Y H F o D z q 22 j 5 i d K R t d 0 X w w A / P g 3 x k y d z h t M e M 6 C D Q x D w 5E9 g A e j e q V D 1 w W b e d p 2 q b 7 I z k c N r m r 9 N Y T x v / Z b 44 T Z s 4 R G g D u w g U F A Y L U 6 M c S W J 3 L B x g B p 4 z q i 1 s h l 1 I u C + D o H M 4 y t M l U d Y w d y x J J R R 2 y I q P t 5 S v J A J k b V c u d M M W s e p s 5 G B G n V d h A l V D c 8 + a H y j Z m A U r M y f v S T 5 t b S 75 W v 8 h + u A m b 3 L V G / s Q Y 7 w M v X u 4 X u N V D w 73 i F G d c O q y 5 X A N 5 D O b a u p 2 / j + / L G 0 K I b g n D C L 3 C Z + p n N b g 5 X r g 9 t l C K G c l A U o v 6 d A z 6 c 3 D T 65 H t v W X S s A / G T V e M H S c Z b F q 0 a b 5 T j I w H Y U q 2 B M c t 8 x V 5 q Q Q d m k O m U 1 S 7 / 7 X G Y / 8 w q 6 o P + w I x + 1 h O D M R k C q M w G V E 0 U P 0 h w n d Q X P u T 5 Y B M G U L Y F I x w m b m a r Q 3 S x h z r c r F T l I i W 7 k 5 h r q 1 Z g P 5 u 7 T Y 2 m b O I J w 3 / b M k 9 L y j D m S u q d / C g C / O d D V c 9 e D s t f C Z F L W N f i h a G s p K a L m a 9890 F U c c L W 2 X n 0 K 6 J q + h o K u M e A k Y d w 9 b B h s / w m D E 0 b / 1 R T T 9 V I k W D o X U G j G Z z w + 51 J f g B O R i M D Z Z Y Y s 2 D t 3 e W C P k P p b s s M B R O w 86 R q 2 R A R e t 6 o g B Q z R x + 0 B M 4 e p O N 6 H 2 D Q H e n P X u a + 3 A g p z 4 g 2 O b 3 j i Y L i s t d L 6 n 4 h s q 1 y o S Q 5 A v O z N N L H 9 R x d + y f k g a 78 y Q a A 2 M g 7 Y g k S //61Wz/pq41dql10uBVNuUGd5O/QnRAApUiOxWZEttajpSQPygV4oG7mFqwNI+sAm1NsV2rpGkClLMrq7S3ZhvDuuDJXIw9dLNLb+39HzCXiHPoFGhbaTeJ0xvB1u/ouIyVN05jIQUOKi2Ia94frNeqMsVFO6Tqn3n3srL7gwFRVnbJfpR/L/zKoy4Q3/L67jWAlqVVjTSxe26eWTWlyQctMeAcvpnUsO68NieW+mHMAs/rcfGsQB4N03qrBF/1qrSbfzVGUJW3yqbnjvW4tcXXCopomjAX+fDUMnACCjB+2wW1pSwY4QNb9wSETH2uDzG+8XFnz3GjtctIYWXpXgHjq+Q6/n+E7X3Q+KnGPqgQCJjVpfc7cKbJP8o0Td5nHIvGqWmF+cnOh2xrKa0tiAeD4BBjk2UHzvQf0p10RXdIN7OJ5rqduoFj8DIODP/6VgMT/p8lVda
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:09:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69193-e088-42fd-80f8-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:09:07.000Z" ,
"modified" : "2016-03-02T07:09:07.000Z" ,
"pattern" : "[file:name = '80.exe.gz' AND file:hashes.SHA1 = '4ca4ca2d037d7f97aeb2f0f1d65e77a8406efa55']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:09:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69194-5dbc-418a-a4b8-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:09:08.000Z" ,
"modified" : "2016-03-02T07:09:08.000Z" ,
"pattern" : "[file:name = '80.exe.gz' AND file:hashes.SHA256 = '947705e0a69234c16bc2f5dbb01a91917f4264b6ef7a5710655cb255f87c100b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:09:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69194-a4e4-4423-a58c-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:09:43.000Z" ,
"modified" : "2016-03-02T07:09:43.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A C Q 5 Y k g g J T 0 a E 14 D A O N e A w A g A B w A N 2 V i N z g 0 O D B k N D F m Z G Q w M T V m Y W Q 2 M D N i Z D U z Z j k 3 N m N V V A k A A 5 S R 1 l a U k d Z W d X g L A A E E I Q A A A A Q h A A A A V Q I F q w h z 8 N m b d Q 5 V 8 / c q L e Z Y N g e n q b Y i O e V L q j s I y 3 t o n I r L v m L q F V H k q d T r S k d m r F a K 5 J z w W z p v H C l o 1 L Y w d 8 Q 0 Y q G F o b j T 0 D n k + r s w p h K s 0 q r Y X c 0 8 K n 44 k / S Z t n 8 W x B v K Q m C 8 X B U G e M R o l l 8 i C d n j j 7 z v F X v E H 8 L 5 N K a v 34 X U c V i g i R t f Q o t c z F d q h c 6 g 66 L T m N j I z 5 A B 2 N G m T n V I j d z d U f L h a Y B r G l M w e X E q + 0 6 m h M 9 h L W C I 3 z o a E h M o U K c e c q u S Q f 3 f e n B 1 a H v O O K A k d J t k M A 0 1 l h W M 1 c 9 S 7 c d b E o i S z a N 39 + x f m V 9 K X r R a W W P b I 4 F w 1 C H N h m 4 V + Y R V T 8 S j A K / p V e G W 90 N 1 v y K k F f 4 I v m r M d / O T S 2 H p q Z w C 0 0 T 74 s 1 e Q K m Q c T p S / H q i C V / 41 Q b 0 n Z s X w I o n q U L z R x c c / 0 8 z w i 3 M L k 9 R A Z a y R 2 q G F F 56 I L Z G Q O e j 9 S N Z / E 3 h s m G p 7 K 7 O S z n L m x n 5 I M d H i 6 Y 6 f j i b h A M 8 o 7 a Q j c j C r c 7 e n f A T 6 f l W t 6 x r 69 D 8 Z g a L L W K C o T i M //qgocQNFHv7fDywiCwguNEMstsSwLqLlxESqBkECwpJlqZG4OtBcHJilnX8HqoDwPTTfVV4ByeQO5zZcaQNO7Vj3jQw8v7V5Rl2Sy5BQ3DD8U9tKG8IhziL9Y4vCeuScWBOOcZypK4ik4KKe38bqSs1RaqOxBm8U9pPvRght4tXMoUMt06SIRdIuRPF5XuuXfU8x2IaXBwpuislLvBsUlOjkgxgmQJyzmlcA8ICfAMTpHzPOQDag/0c1W7eDOzIPEmqa3pnQQQ+kdDrG+sVlnpjcgrfzrtEHSJ5wFDZMmSpS7MmsVLvyjcBllLyuDvrB7Tl4/MW4rhKuhfjUjk869IfLGUbiaG0FqLGNXGBuAtrOs50m8qE9wTo6w1xCq1cu0kFhCQlCjMOHux/BgtruqmodSOHa2cS81rfhocKSnNsyN6jy589/J3FhZi25Ag2c4JFW7sWSca4LMMgGcBbuqI7oL8GJ0lPQGWVr6EMCKWBkFgfLFbYERX0x9yUbLqMMRFJec+GgdctMKXzeQ9g7SAhxbqL4wEq5ZmvHh1zDHoncK7Jv/J/JYYkbW7cjsOc5LHuGeEohpAbhLxNgXUeZ5Xs3r2tBDlcfDC4av8/z6Smx/sK5g3ekVs4rUjifJIWRULIhHP5dvziF2TQzDAtosAuY8No15PZ/smFqrdFvG4JaBnG2JgWXf+TOXpYcCa4JYLJu9Ut3IyI1RY83gHacSqAChRxqWaE5fXLfj+2XJglZun077PpGT2frkmXWQ9pWc1YAUqWYFv8QtEqbUEWM5M/oqeSAWUzt/+hOZlcJ47ivyOYNu4sjKx6us3k7nC1OD95pUhb6TfJe7KdyGpWtwlKprp39qBiynakm8l86xv82kO3wjH+qakY3PuiJFa4xnwkQoCfmJpEXjvs7qyR5wcWm3C8CHsf1OUx6eJSoHqMCW7phQUcG+moGIAq7Z/tD5uxnpS4/fIkNskU1vdiICj5jNlldV82HmyxmBMMIMJ72WVHi2JIiX5WHvxONj1TpH2bO+14NralCVY77yeWAj8CaRuYDZ9JdrriKGThTJYB2Sspl1w/sn/m1/X/d/Dk48Tsbk0LFl9zHJUcAvZtSJNXUydRBMzUcOz47Dx47wJUR6HoNEq4GVbNLsna+k0fKvJubtut6kqVD+ptovLyOruuPaRnVxnJfSOh5PobNijd4xcQTeK4DqS1ltlOcsYdhN6ggo4d8/4wTnLpeKXnpk9iP5V6SatT2RQB9jPGy39nKQ2l86dM4Ht4NwjOi/OqeIPZBweL6b/cdq8J2+kMFEXv+lFDv1vEjhhmiQjoMwcqo7dlLRCzqE/uE5K/IkSPeP06o18e98ed8tPQh9+fGoi1NAKzIR1aEjianQm3azMC8NEgKHWV3z9hbPrCXgeOTkZ2CO0NFcsIFOuNhVQRdfjyS7TOQ37SFqfbGVsvxp4FIx+UVY5x+C7PDWayRaNt9vVFydlLiH51fmHuKSs36grj5P36l4bqNirxQAKuvMbyD6uUU5UdnIGUeD47n09Bia8gm+FGbx6S0Q7MoYbNQe459NHfXNsMszEbjwR0g8c/j+VYt/rO/nxfyCMJNJQgZaH/nIIqjkqKwcU0kksyE0a4GholLCSiTD5vRjOif7IZYXyxQjaof8miX00JV7KQfpM8NHpOImn0VmyLsHkyyUEunLhpJK4wuz2I8qz92bx5z8ysfUBp7cCOWDk5ovET2F221jraOhDxenfesNyhbvMC7P//LV8mJFGdlcaeieHJAW9LeC1YBb0sqAYC6YEg0G5E4HTaPSq+VmL4c4aqWHkCyjxv480RaYTYjLTWnlrmXBhp9lddNmZynVIuNr/B+skYmp37TnH3fDaUrnY91d0XEnq/Y9au9So0ewpFD/ocb3xCXRAHFHmKMzQeC50Eu2zc8a7UYSetFrT7NIH+GPjPKstIPwibPYJXfwZ33T5Gz9eacZCnp6+cJfCnXvwKysTSA255gINsYI4SrbZlscYK41CdAihqP9Q+1NYRtKarvXs1VN2pyFjHu4hBY3eAC1H1f8ctBwBUgDLz/wJKprskUXsqgPLag9sHipqMrT56oIyx6ELV/yklhy4tlXoCqh5D8F6obhQ7b8WpFPT2bp5/OF2CaNyTUzxTCgr5l6bZaCSXreeG7akfTo30lDrrKJ4x6ayjOSUrNVlet380UuBgu6lfln+KC6Le68U3gdKE6b+CWvrcB+DXYfbo1rdCfbiXBRIRQt7jnV0j9dWIT75icJlxD15WOny3QVI3cfPoAIlrGAdMAaqiCuI4Y/zmBNu5BH7TxEdTR/mcKbTIKESNVh1NrOQfk/50qpJOA2oNf2DkaT+r8H3EKWN78ZcqwonH0RFgSQTbcKe4m16vQfemIHY2ohBM2Y/rJhZ+288qAl9AINg4KUSV6LFOdb5ceTHEKXzQm45leu853tmIH0IwaIaDcxPPWd9uPYpc71o11qTYVtDVCsFg5V1Q4Tlk0EriVJ2S54D830xRk3zTiRoWJmkaVsDu0jPxMaXmlAGeD+b51AXD2enMQRJAfUybLFs09CkZmSKnRBmi1keeBqUHwm0Rt0dk3+MoJSJbH2ew+EA2TVcGDhgKjmThogLIPNw3I55IiqLwnSV3ThzctgLFuQDnDAeewMBHtsWUOXXB1PjhFmpctHsBwnSmsSn3BJfK2VAJDSPhhFbvRitVOVp8l8O8I/dMhbPWzS6e9vzguYvDMbtcGrZeN9+5mYLBpw+x1AxwY/lFs3Wto/e8VKNLdVkFUvc5N5IQ0uStYpI7erv5q710GGeZTl5ZNlyYnvAc1IPSYoUvLSaMaZJLFNFwnjBiT7Yl8OCieQglmo2okw97krEmb6Mn69gJRfonTr5/oepwqaJROjvDB34R0wJte+O3DPCG0MuQorU5Ml0dar+6/woOx7MumydjRD9SpB5gvAmcK0QsjIFrwlwxiSUY9g9WkQD+et4Mk37cWrLDxQJpcgPS0M+2qlS4Jb/9f27ylPN7v3sply3f6hTR8DzK+vMUOozwKs/hKuQSsIQl+DKF7NcFn0FFHVkAlEASJjVxU9xbe79AG7qUr73YpskyPcHvABFsUUQeTmKycP50GSkttaMBGDyizb/vJO+fRJp/RKc45ahgEaL8nImzxh/G+JmO5VvKrWl5ISwoWvSSAhC58TiRXl6mTmN67qZfQv9xQWKf8CAHZUnfN3Ue6RO8SJ/NsyfQQlAJIgFudyBGe8o0OmMTSYYGZSCen/wSo40VtnJ31fXci1AJ2MvA4jE7j/SNQW6NKmQ4eRfkxlxc6X37oQowmsQbS6J+ZjaPeTc9/wH1SAsu0coPeE1ucmzJlsVzgnVcCsfNO1LgRM+XctFiW9PdXUlo5P
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:09:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69195-bf60-434e-a17e-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:09:09.000Z" ,
"modified" : "2016-03-02T07:09:09.000Z" ,
"pattern" : "[file:name = '69.exe.gz.1' AND file:hashes.SHA1 = 'a7d64cac94c32206546554f5dfe97c0ce271e19f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:09:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69196-64c8-4e4d-a2f7-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:09:10.000Z" ,
"modified" : "2016-03-02T07:09:10.000Z" ,
"pattern" : "[file:name = '69.exe.gz.1' AND file:hashes.SHA256 = 'bb50041414408e2fe1f29fd8316c77790e85f5db00a1a0dd52326ce00e2112d6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:09:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69196-02a0-40fd-be86-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:10:05.000Z" ,
"modified" : "2016-03-02T07:10:05.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A C U 5 Y k i V v j L O a W M D A G x k A w A g A B w A M j F h O D Y 1 Z m Z h N G U 2 Y j M 5 M D A 4 N z E 0 Z m R i Y m E 1 Z m E 2 N T B V V A k A A 5 a R 1 l a W k d Z W d X g L A A E E I Q A A A A Q h A A A A 9 o T O K l 1 Z j g + e x / j e / t B d l p m 0 N V C w N 1 v 6744 I D 586 n f n o c J / Y L 2 j 9 P 9 k z e 6 L 2 V I z X G G / I h L q e q 1 j Q + W D Z 1 s Q 0 h d x x c y Q o I M 8 O K f t 3 A 4 q s 1 n C w j C c l B 1 Q R 4 T C r z m w D n / P 7 V y B X r E d r 9 d c M 3 j / E Q u Q g y P y h x N Y l 4 E H r t G m 1 N E P 9 W 0 x a 8 X G r I b h N B 8 J 5 s 8 x I U z I Q 1 S P H O U T 0 q D B 3 P / P x P X d L g k c 6 u M x N N 3 s E t b v p I 3 m + y G 2 u L H f L R 42 x W + + v a E V o 4 a Z n y T 6 G q x 59 I S x p u E O g x w H j y w 300 K 4 D 29 p y O M R q 60 v K a L e 8 C Z B 9 h 7 a D D / W K A r h E s 0 1 w B d s v / y + d e g h w P J L q U b f b o 2 P E 67 S 7 F S O o J 72 o A k f w e 8 l 0 9 T U L G V L Q s 5 S a u j 1 u 3 u o 4 N P 4 p 2 C / G 2 U j O 0 p g x V b s 0 D x r n U V z S R 7 t 56 t w 7 n 3 b d z R D 4 N i X O Q u y 6 j p 1 z n w N 4 + + b g C G 3 I P c M k 0 f Z x u j O U n B 0e3 M x v 0 Q F j 5 j C O A u 5 K d / D u i y R M G s 5 I E e z H r 67 o / Z m D p p r + g 2 T v m y n B R I F v C Q 8 Z 3 J 2 d q 3 P Y Y n n Z i 5 W e H 34 x C z G F b n i r d 9 T H y / o z f y 3 o 0 e h a c n 2 T m m v H 8 r J s l K R z m D b k l R m B N Z h j k s G z l l F d f / A n K A C 2 T z G l G M b n I E F G h h 1 v y X L o t Y 9E766 N D f D a v a a n r v V 7 E n N n p l z U 89 C y z y m 5 M 7 v k b G Y 8 K m K o Q 93 a y k n U Z h Y I S 6 S 1 o c g T G H 76 Z n y 7 k 64 h C X G r g X 25 G T p e t n q M J H B 5 S L v g l V 1 A G q 1 z R k X 6 q h 8 v O 8 t a m + a A v / B f J e x h g Q h V I B P b R b u 6 k + T L L E r G 2 C 0 g G D Q t r z i c J u f a d f U c o J A M d F u e g Z 9 B M 3 r v j i C q D H c d o U k R 69 Z 1 h D u G 1 O I K p w J Q m h P P + B 2 Q W 6 e Q m g e K 61 H u f I N B T d 5 H T i 8 r O F K 7 A 948 R j C d c 3 b y x E + V m R 8 w W V m + z q + T N x C k F 2 B Q M + f B t M z s P Q f C n 6 a O r l K I m C K T Y 6 Y R D S D s s w 1 I 4 M w F 65 x S m M n F E N N W B Q H I Y v 3 f v J h h c s Z U F l 1 X 2 G s K T s q 1 l H y D l c y u r z t V R S 0 w f Q t i A G j w a G i 9 W Q b t m m h E n + s / s o H X w w L j n v g n A S W n S c j n W X r a Q L z Q 8 h y q N 9 B W h c A N a c U 0 n 0 b x M o A p D D 7 d c w c I j o X + O 8 Z O n 2 a d 296 D 7 i + H X r r m f S t m 6 g O 0 y i A 19 o B z 0 X x C Z 1 Q T G J v k E m I g M i u l h V t P L M u X 7 k + L Y j c F v j J y l k l 7 C U M f i m b P n I i z Z e / P Z n g s O / m 7 t e 9 l n r E i b / b O c R 8 U o / r X t V Y I W / 0 F i M R R N f V A v h k 3 b u D I 7 z Q d X M e c B z w X h O 0 R P B U a q s x n v a 3 e T u e M V i 2 Q t F s K N w w 0 M s r 2 p y 5 + U + 7 H 0 T j N J u x f 0 D + E F B c W h x I I g T O u F m r g f H s D Z h E J A V w N q C A i v 3 b w w P n l H G p 6 F m 4 v e A m q 11 M m K X a r V a + + Q s s d A N I / k t r s B q K 94 Y v 7 w + o H g M z f l x q 7 d h H M g b Q l f g X S Z K f v E f B 7 D + i n e n g f n 4 y B V a D 9 q y w r d I C j p e i j P C 9 n i K n F H d A M 5 O 6 z I + u 9 D l p U 6 C x P 7 s W F a h n D y 3 p 0 z r x l t F l J 2 I v X z n 7 c j 8 E B d w 8 G 8 I Q 0 e K I w r l I a w v 62 B W 1 t i i l I 0 I u l r 2 Q 75 D 9 v r i O g D J + X k r D C S z / + f L 106 o T W Z o z l G I d j 8 q E H 5 q k h o c M o i a x x C x y h h J 69 b q f i H Q g k R d r 7 V W C k d 18 j v e r B W 0 x 0 b 26 S n W X J s a B Z g F Y G o o b m 2 W E P f L u z / w F o Q H W x 0 n v d K c G p 1 u c r A U b l U n 8 o 3 D K v 5 A n U K n N q 3 u R 9 E r G 0 N X H 2 H f W z J C g r V e i f y P a c 53 + L M 3 / i 202 f r F X w U E G v W p G q k l N Z 5 y s O v 2 A M q 7 x i g O k e B 3 U F t j v E F U F x C P k P v s 5 c f E v B F h i i h I z B a r c K 7 K J d C C 9 W Y N z C 8 p o r Y v F h 3 B y G c Y 5 K 9 H 6 w n 2 / K G / D 4 n 4 m 9 p 67 r o q o L q G + 61 J 5 c v F V Y u M K 4 y 7 u p u a G e p w + + 3 F Q 8 G d t 9 U s a S C s P o Q 91 g P G E f T Z + 0 U F G Y y 8 s d G T v g B S h B w W k t C s F S 6 u 4 W Z u o 2 a e a C 7 k k S t s 3 b X j P p Y k r M 2 n S Y Y g j V Y c r S 13 z a k T q R j d Q r 5 i T W X n o E k k H W A + b e R K I I 64 / Y 7 q a j y o q H C r i k i 5 V S y c r F I 1 o b E n d d 1 a v 3 Z X T n e 5 A d l 483 R d T 1 t c V e H W w I M A 3 S d I d Q Y 2 + D O L Q 7 //f0ouyIxGeh6IRVWtq4jJfxn9Fr46SYxmbhs8BLO7US4I+lx/HLwAtbOD/LrnhTV6TSx9W2dBJme9R1bC2mmI84dW/wITHBbY+Sa4/YT8xxI1lki7j023ZWlAob12RSfOGfSbu3fudsE9nwDotWXz+HL/8nkSYrnGZEjxoQOfy260YRYiffKa1KbWPi1BXtHSxWq86zcI4fYKjyI1WSOo4OalOzPP4ayf5vpJ7+Eu8QAvEpkOkyIoCOHr7NLT+7LXUuhGMdeUYj0TRBbbDFIIbMiS9UEA86ZHRW/eGNaL2IIxLyvpW6saALGhdqrAWTaBO0dqucYb+Gsj/6uc/n1/MJrdRNzQ+k65sax4zqEgleoDq7dVTZR+lMaBjhR1pBruEqulGO4sgBI+FpDmXDxsjihhk/95ZQDczKixZ5pFSOZ5ioFjEfdkZ33BZU5em3oHZgHGyttl3gosAcnJxlugZy9iwiIM664vFQZuJX12OfvbE7CzwnYQrX63nPdMbHBhwdK2qFhP/er0bOnqsRQgg/7r5ddxCIN6Z5j9UG/BueDNpR8riVRlWZVZzw59s2/rjT5ROnJCuIA33Lni6QoMv31CcHfFeyUgLjx31jBeig7sRnxGgRhOwMB2m3b8aVPKyxsmZAXA6er5Nr5VFLzVhFJUma7XODdDij1sK0pfzl+SYTSTL4+Zb434z9gXC1XkKd5m31rxIqXOqEX4vt8ohdWfJruUNWh4yxJEO18DNylDBelqG7ywGx6FWIXHMCrJ00qg1aDMyIKzdTtLHyVqV7MujFlw2eiM0KMfDLwwee4z9cP3flN4efFp74KKZ/LdoSvj5LbwKXuhjYapkA39etAvYBO4k2P9sGvEZs5Q8e1M9GvgIvxMoJTHaAKbg5QVwXx7CAEZq/6g++z8pYX/Cx4YK+6B8iJ534F3ztRmMEYa236V+Y9iT/KIAPzGsO/V81vGGVJGiRUYBjJN9WVPQjw+JcYWVKtMhi2bW7RCK8Xwlj3ADi74U9ao8byqM9Q06bQw2rzTxGMJjoQF119Sj4OBB33DlKmgjYMJ8TJxRO1nn4uc3dWLr/umgseAerSRfCS3yoW+/PqUYq3eCtQAj/HYV102u7yRD+0PW0u5p7OYldW1sbixJ9ua9gMEJzxse0/TJy14rCLfBiY4zlm1dS5UsB/BiXOl3a4XFxkqaKrm5Y4Y8Knhm3PMTEqEd8ImcfiLwRkVnup5a/s3jCgBl0+SaCacRk4/sPQnJ0cEjpoohXtymGuRk3uCJrcU+tiuGsXy1KyUzscliv7o2VfIXxc3noykJ/akNVue0gun3HFejXnXm89Mf2FtKAcKedObZ1c7VUsfeATNkiweIWXqliJUfGhp/oQ+SIKoGWuVRQG1zxbaeXW4RU/SB13IIKeO2PlmWYwJ64QOyDmJgCVcFhVaH0B2Z0gm5GwSqTf70RJV0/y0yovNn8vrRtYz7yuGwu7Hs8M+Oa0vA6TcionPlxt+sR4JaBok/LxojQx2/YjGkKMkQB1G7W99+Lgty/KAyleVwqKxYQLfodep2Jr6o0RdB3V9hIVxNTElx/7V7PCr+060xcLxYLK7/Cqo5nnNJRVk4pHzb+2BxlZbmP1mbhebvferFC6x1xyWqnlUjvu9P0WI84//vlXceBAaa9prHFTe+T8JEpOf8TYMCw2Vg2HZ9IXDTfq1GpQ2KluhbQLd3O+WZm4gIy/gWrY35gvtIKOOwwOTlsRYEsSaGdDFceBEwpj8cNqZJFf19rcsYBF5SaukqU3nZevQK+0N3KYl9MeBh5eyRjWR
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:10:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69197-00ec-4012-b79e-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:09:11.000Z" ,
"modified" : "2016-03-02T07:09:11.000Z" ,
"pattern" : "[file:name = '69.exe.gz-2' AND file:hashes.SHA1 = '6b10df6b80dc8d6155d68951938d1ed8a4e6d993']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:09:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69197-0de0-49f3-9f7e-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:09:11.000Z" ,
"modified" : "2016-03-02T07:09:11.000Z" ,
"pattern" : "[file:name = '69.exe.gz-2' AND file:hashes.SHA256 = '16954bbf5bf49c6e3687bf6b2f4556dd4ede018a52b7b5f62ea304a1f691a905']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:09:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69198-9400-4b0f-9aa3-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:09:12.000Z" ,
"modified" : "2016-03-02T07:09:12.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A C Y 5 Y k i S p 0 j Z X F 4 D A O F e A w A g A B w A M j k x Z j d m Y T A 3 N 2 I 3 M 2 N j Y 2 M 2 Z j g 4 O D l l O D l h Y T I 3 O W R V V A k A A 5 i R 1 l a Y k d Z W d X g L A A E E I Q A A A A Q h A A A A O o 9 m Z 2 g 0 3 M w e I V 5 G o B m U h n N 1 D / 89 H H J k C x J B E x T e p i P 6 + K i 6 r b b p I q g c 93 o l o L 4 B 9 W T O 0 C z 4 k X t 2 N i 3 L r F 2 j U r R / y z J q X i 0 m k k S a C T R Z J L B k A z 1 f h 3 r O g T h + O X s x C a o F 9 a J R c V y o 4 J c 7 + J 1 l r l c 4 J Q X P M H s Y N q G s a x E j k t 4 V B 2 / z s G 2 p R V P / + L F i a S w O Q 8 O u l o 9 B 8 U b q D S D G H E H R G T A G m w x b Q S C 8 + o w B 0 R d B C m c 1 c Y + C 6 t o S I h G y w S 6 B 9 j X o R R c 8 n N 62 q 0 L 0 Y m G i Q P A M A L 2 c Q J T n o F + q u F + + P C q u G f f D G n a 7 r c h f 1 I L g 9 i O H J F j B I H h j Z L k V Z 21 p u r 3 t 5 S T R n r O i D 25 i 2 a + 11 N 3 c T 5 Z R 47 W 6 S s z L D i + 4 m s 9 D L s Q s 5 A M A x 0 u 0 o E 5 S O d e 5 R M h c z G f o O W 5 N B 0 r y P a / O 3 + v c 8 r N k R b i Z O F F K M 5 D f C T K L T 8 T o i K Q R c x S E r O W g S z s M B 6 Y g W Y I Q 1 T H X D L 42 + M J W f o M l p o j h D 3 F s X x Y u / s + U 2 + G / 8 P x I J 7 a u C u + r s p q l E 9 T g 9 N e K 1 Z J C b W r f 3 R B 9 V 0 1 A w M X U P o Q U n 8 G + p + l / O b Q 7 f 50 b m 6 d / w d I B M Y C + O D m N B g o f S Q i 9 X h g I n f s g + 6 H 9 z C j c j h M r + O l p 1 B 9 B t C y G D 2 x l J 9 u 6 m v 3 G O f L o g f M q i V 2 g 4 I s O K u R F Z F j E 4681 J f q x U r o 4 h L D P u w T 2 w K W H e P b 30 G H o k 0 f + S 7 O c T 9 v V Y N Z X 5 d k J t l I 3 a P q 6 B 3 p / O W 6 s b / N z O Z B 1 E z K Y r s s g L H z K T 38 g A L y 3 J A k s f 1 F a t m 5 G g l P T y Y 3 t s m P + f l W g z B X N 3 T l M W Y R D s z h W N W b a + f r U z J g x N 5 l 1 f 9 u w S B V E u G 2 g / W n t v 6 B 0 n u r l 2 K E x l x + P O M Y j c A R + N + J N i 9 r q Q c T a 88 j P 4 Z F a j x O N S 7 g n W Q l K 2 Y p h 7 k K v c 9 v L d k B V 0 K c c Z i J q y f Y 4 N i e 1 U C J H e o i E M C t L w k a f H J P P W j i 86 P s I G l U E 0 S p s G e y A A y Q d K 5 p G k f K V H 0 q A T s H n S U d V q H z 3 W + t X z q h a d 8 k a Q k D V b C P F D t i 4 i r W B I D y + 3 k d 5 p p l W C L u 29 e m O 4637 e i h 1 i n 6 p P a f T t g W 9 a d + t / l n J 6 j c c s s o h Z y a t 97 H i 7 v Z U H 8 + A 7 Z X 0 X v p a i J 3 P q v h r X a B F P g Y u P t 39 f r t 9 t 2 a O t P 9 G C X c f V r j z D a d 3 s b 2 K 3 e Z 2 M e 9 k d y D j e N J T h l 2 l m k H 8 x D + D F A Q i f C y W E L h m b u Y g A R T / 5 j C 6 p A 8 F Y j 5 A z e R G T Y L 8 F E o i 30 Q S J L n w U l j W i 6 x l 1 E z v F 2 a m l r L 4 w / f 0 i h z 7 B 9 o o w S O M b 5 F w s r n q w B v p 1 C j K n 38 y i u i P + r i H t L v 5 F H A I h L t D X g a v N y 9 Q O e A v M 8 D C W g j V 34 H R d b w v H 9 m g p P N 526 b H V N V R a c a w J 8 d P / S e d C 2 u I l / U s E i 8 Q r 1 a t C 2 R C k c 2 N t Z z w T w v N B e H w V Q v V M l e l S U c H d h e S C T 0 1 o g x 4 C 3 q 9 U E B E D 4 F O V 65 e H o 5 O 24 j / A a n Q Z c Q b 4 B Y l D c B D V 2 E g Y s L k o q 51 v T Z O c i I 5 h Z a Z C x T Z E v y n 3 W Y U c s m q e 5 R U 4 y e G w c d q U I L F A 0 Z + K j p R Y y K u K O r U s K G 14 t x W F e e m f o C 9 X W p C c 0 c F q I i r Q q N c k I M X y a S m d r r O U U 2 x d z Z 0 f W T T + E 3 x i l 6 y j G R S 6 K t l p e 4 x q G K 0 58 q Y 16 k B i D Y 0 j Q 8 B c L 9 S T G x w K H q u 5 d s m u V 16 A v + L 7 G u 4 D 8 I E O O p m X C C U Z D Z 1 A 0 D W O g U R m N k U J r a U d D / 8 J B D e 0 w 85 / R f k X H 0 P u t y F u h l s J L G a T C u C c 5 e z 60 v D 7 O A c V K N b 2 x c B 75 N A t Y d d 0 O T R K w m e 5 P D Z T B 8 N x n 0 a r Z 1 J h 1 d K w 8 O 9 h / d H F L y u T S M N x 7 I T t D 9 g 6 K C + V p h m 8 p 16 S m p R p X 6 h y 6 g g L W z U M W E k M C / 0 n d + z t q a a f Q F n Y b e r b n u 7 B M 4 G t H v Q 0 62 y I + F O + + w f y J C U h v W W Q C T e d o 7 q B u + c p y J 4 c 7 w Q R I j P 6 V 5 N e R T / Y g / h E 28 N U 9 s u Q A n e y C 4 f L G 6 p P o m E 4 f g w 9 n e y t l M 98 z R q C 2 t g E B 0 N X 0 7 q Q g S W c d 7 Y s g o T s T X h //Ix8mC6Lb19d76dY0jvPXt4fQ8yh33OXHhuXkN5BRactJkax9ZMk6zNBt0viuMd57cf6W9oCdwXZraN174/8Buzs4MhzbqIcz7ebt/4hbmNmjwmovy7Pz6rWCzaD1SH3+HX9NbbCeTZvDrxmgqEKXHoZGjXMyKENfj8NHr7yqdar/6vHj1NNKVQ5OaxW510/vkC3MXDsUy3k29ahTHvr8d1nzKoamcNx1qiCyBWWwg5xd8LaYgE8OnJT25AoBNGOqzw+Owes4mLiOyvPqm47I5EW/drVx22ZmeodbWCMbExryGY6YVFGTnh8bH9X14m0U7b4JXz99LLRJiIY4Yyk8SmTUjbIP14l8IhzQumaNhXtWR8GIFiy9Nd/OIgLlMEE6kf5tPTU7eoyhqD3XZHp9ckIMyffvqwBnpGmzNoxjWWtMBR8FiO4iJYv8gn2MXwDKQe34qaI/LxTpSUMEEiG5ORKE4gaTg9fnJCnpACTYoihgvWT5N3+8ifysVlJv/RkXKbebhrxWJFdsAiY0yPd8whVJkfyZHg4Q/7GMGnhayiM36iUXcxVpnNVUoRjwt0ogs+V8GjKTs3gAHCP4Ltv4m8Mg5CkZvyKdQpvL3pyCLwwPIZ74Fy4srcQcEFd2Hg86lyUHNtZ6MA7p1U81PYPm2UvOlnrR5N6xHTPuBlBMYNgSFWyjS2kBx4hZtArZ4WIDn1nSnaHNgZYvwysp9/jBD6/6/9n+YdsmAC0X7Za40OGUdrQ5B2Imm+Uvch2JQNjDcy0O+XEJUguCUPAkuKh8tTDVDjwGkWI7WFxamVR0A0jynwrTPPv7L6x7865iZGNOXkC+5tMNlKAzYtq6e8jTamPFu3I15vcNHqYTPu6Lo92PoAQEpQXfbpuxYB5d/BFMMnTmSFn8Pn1j0jhr+8qOD5+u0ZTKvLbQtGIoiyyVKa3S8yM7MU7YcuEY6FAcGz8bi8+VIUE4x6aDDoCPWN7b666z0frvORXML8l10rISEe1CKpMAXea3L6VMS0KVslHCNcaJMWIaHYiVlHXOiPPCGFbCaV+EgSEvMlKdyIDLM+zLK0nNkK4MOxW8+Ct0GbpDZTVYmQH45IkZtUdjcMCM99spPZEJq4LPP4MbFJzacwPkKmZQXUKSBU6TDus+HKh8olaofSOLWMj+uVFPnNjfkugw2DuOfqQzaiIIA1iZKy5rZCPkXE9TcfIOiWwyVY4Vel2BdA/Q1TWxKN7v0AqIzL0gBBjfAGxopKqQWui+EXxy+4jQFi0PIOhNaAVnOyt6f3HxlKAZ5r7Qzg98nUof/H6ydXgxlQLx5V0EQHfaRBUQWRfZddgMpZaxvXKtQQkTfZXvMjFvFHGK4BX5uKjC7SIJ/0IP5+drUm8WYJvFguDc1x5kst140R2U/2DAiQoCRbEpNUDbih46WnxrUVklKJ+PUFM3LHiqJ17PM1gccBMJqySmU7hh0/ELvFehQrmGZKDP8vbQRxrtq7dRDsl4SZfUSVNl7OMIn//o0U4vxrN6DRy+8pGzCXdzKHOgWS4A+yJWyGQsZ2F6153FPUdrHmKT9WaXIBo+kpnhYQqgyEkJa/SnEXozOSOl/O9XOF9CSDEzpmGzr3Tua4b7sSJQmrsab5yHza8MvDNnqDibOk9gZvbyQNEfQwHJ+T+OFrAH1jLEZPS9xSPE3JdXfQ6v1OPJuw+woA1VkrKTYqZ2Xc8VOLvGr3JEyCr52/AZi9QMxq999SZ+K/KU/aBf+ETAMLQDdAgQ55s0oAb0r5LgB92xyGOgyNLMAt3lNMzSwUdPuJ3aHtlbebRlnr0rPrX78dbnTC4Blti6u/f8Kxmyu+fYsfg/L3XSJGBpdAhyRSUMhtgm+wWPSQO7g/8WxG+B43e2uneDyGabSHxNczt4vtHwCxBPmPE8Xx9DJ5wrudOVRA5waDJ4penG
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:09:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69199-7230-4194-aa65-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:09:13.000Z" ,
"modified" : "2016-03-02T07:09:13.000Z" ,
"pattern" : "[file:name = '69.exe.gz' AND file:hashes.SHA1 = 'ae4320b458826bd4b472381df11a7b2b9c49450c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:09:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6919a-73ec-4726-87a5-5e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:09:14.000Z" ,
"modified" : "2016-03-02T07:09:14.000Z" ,
"pattern" : "[file:name = '69.exe.gz' AND file:hashes.SHA256 = '75f89ad70b2dec5ceed26aa362d93b170ff2f3d9c8078ecb517ff255d753a58d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:09:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d693d7-4ee4-45fa-b1c4-5e5e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:18:47.000Z" ,
"modified" : "2016-03-02T07:18:47.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.184.197.119']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:18:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d693d8-8cdc-4662-a83e-5e5e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:18:48.000Z" ,
"modified" : "2016-03-02T07:18:48.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.254.19.227']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:18:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d693d8-c608-4aca-ac7b-5e5e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:18:48.000Z" ,
"modified" : "2016-03-02T07:18:48.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.219.29.55']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:18:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d693d8-bc64-47e5-a04e-5e5e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:18:48.000Z" ,
"modified" : "2016-03-02T07:18:48.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.34.183.195']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:18:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d693d9-9e20-48b4-b7a8-5e5e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:18:49.000Z" ,
"modified" : "2016-03-02T07:18:49.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.14.29.188']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:18:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6944a-c0ac-433b-8f54-4dec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:20:42.000Z" ,
"modified" : "2016-03-02T07:20:42.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'eukpecrm.pm']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:20:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6944a-80e8-4b67-847c-4dec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:20:42.000Z" ,
"modified" : "2016-03-02T07:20:42.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'yehad.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:20:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6944b-ef38-43c6-a224-4dec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:20:43.000Z" ,
"modified" : "2016-03-02T07:20:43.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'bfpwefyrchlqlk.nl']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:20:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6944b-b630-4032-82f5-4dec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:20:43.000Z" ,
"modified" : "2016-03-02T07:20:43.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'kdogpbkcwuxi.eu']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:20:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6944b-4e8c-46a5-b97a-4dec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:20:43.000Z" ,
"modified" : "2016-03-02T07:20:43.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'fmlpyiywk.fr']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:20:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6944b-7410-4a5d-9808-4dec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:20:43.000Z" ,
"modified" : "2016-03-02T07:20:43.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'hnumsnd.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:20:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6944c-7108-4c8d-9a09-4dec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:20:44.000Z" ,
"modified" : "2016-03-02T07:20:44.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.108.39.224']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:20:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6944c-94d0-47ad-823c-4dec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:20:44.000Z" ,
"modified" : "2016-03-02T07:20:44.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.22.28.199']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:20:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6944c-df4c-496a-a43d-4dec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:20:44.000Z" ,
"modified" : "2016-03-02T07:20:44.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.22.28.196']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:20:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6944d-d2cc-46d0-b91c-4dec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:20:45.000Z" ,
"modified" : "2016-03-02T07:20:45.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.22.28.197']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:20:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6944d-30c4-437e-a1b6-4dec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:20:45.000Z" ,
"modified" : "2016-03-02T07:20:45.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.22.28.198']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:20:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6944d-6364-4d21-8276-4dec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:20:45.000Z" ,
"modified" : "2016-03-02T07:20:45.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'cwycwubgpemsmmb.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:20:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6944e-4468-41f9-8c47-4dec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:20:46.000Z" ,
"modified" : "2016-03-02T07:20:46.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'eqgasctlppecp.in']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:20:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56d69b9d-3d98-4fc3-a2d8-4df202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:51:57.000Z" ,
"modified" : "2016-03-02T07:51:57.000Z" ,
"first_observed" : "2016-03-02T07:51:57Z" ,
"last_observed" : "2016-03-02T07:51:57Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56d69b9d-3d98-4fc3-a2d8-4df202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56d69b9d-3d98-4fc3-a2d8-4df202de0b81" ,
"value" : "https://www.virustotal.com/file/776b90d3fbd639ca8e8d5f198669c2e9c5f81bb2d2471e320c2ec77e6a455248/analysis/1456900883/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56d69b9d-dbb0-4316-8e79-4df202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:51:57.000Z" ,
"modified" : "2016-03-02T07:51:57.000Z" ,
"first_observed" : "2016-03-02T07:51:57Z" ,
"last_observed" : "2016-03-02T07:51:57Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56d69b9d-dbb0-4316-8e79-4df202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56d69b9d-dbb0-4316-8e79-4df202de0b81" ,
"value" : "https://www.virustotal.com/file/94b8e25230239bc32a04aac47d5f176edf4b0ec11017f0c3589f34d1162e4dac/analysis/1456885205/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56d69b9e-ada0-46fa-b861-4df202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:51:58.000Z" ,
"modified" : "2016-03-02T07:51:58.000Z" ,
"first_observed" : "2016-03-02T07:51:58Z" ,
"last_observed" : "2016-03-02T07:51:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56d69b9e-ada0-46fa-b861-4df202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56d69b9e-ada0-46fa-b861-4df202de0b81" ,
"value" : "https://www.virustotal.com/file/3dab5300dc33468dc19d3834d7d80d8fe2128b042bcf11da2641cc30cd0bcd6f/analysis/1456879972/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56d69b9e-2b98-4e12-a684-4df202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:51:58.000Z" ,
"modified" : "2016-03-02T07:51:58.000Z" ,
"first_observed" : "2016-03-02T07:51:58Z" ,
"last_observed" : "2016-03-02T07:51:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56d69b9e-2b98-4e12-a684-4df202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56d69b9e-2b98-4e12-a684-4df202de0b81" ,
"value" : "https://www.virustotal.com/file/2fc2428db623b07280953034a11d92fa45b990c11cf945bb6853e4aee094ffcb/analysis/1456897529/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56d69b9e-6874-4950-b15a-4df202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:51:58.000Z" ,
"modified" : "2016-03-02T07:51:58.000Z" ,
"first_observed" : "2016-03-02T07:51:58Z" ,
"last_observed" : "2016-03-02T07:51:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56d69b9e-6874-4950-b15a-4df202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56d69b9e-6874-4950-b15a-4df202de0b81" ,
"value" : "https://www.virustotal.com/file/79a6f2ceb0f095b57fb59fd38a8c040cbc48542498641aceeae599c78da587f1/analysis/1456863204/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56d69b9f-385c-437c-81d7-4df202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:51:59.000Z" ,
"modified" : "2016-03-02T07:51:59.000Z" ,
"first_observed" : "2016-03-02T07:51:59Z" ,
"last_observed" : "2016-03-02T07:51:59Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56d69b9f-385c-437c-81d7-4df202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56d69b9f-385c-437c-81d7-4df202de0b81" ,
"value" : "https://www.virustotal.com/file/2c5759d570f298b373c19bbb94b4ff0f12de337efb44bf671e07b37aefe778fb/analysis/1456858449/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56d69b9f-6144-41cc-920e-4df202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:51:59.000Z" ,
"modified" : "2016-03-02T07:51:59.000Z" ,
"first_observed" : "2016-03-02T07:51:59Z" ,
"last_observed" : "2016-03-02T07:51:59Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56d69b9f-6144-41cc-920e-4df202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56d69b9f-6144-41cc-920e-4df202de0b81" ,
"value" : "https://www.virustotal.com/file/84cc775d34761e2f653b883abbd6af770001888258baa01cc18bcdc5c0079b85/analysis/1456861529/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69ee8-c900-4ade-928c-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:06:00.000Z" ,
"modified" : "2016-03-02T08:06:00.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[url:value = 'http://opravnatramvaji.cz/modules/mod_search/wstr.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:06:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69ee8-ecc4-453c-96bf-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:06:00.000Z" ,
"modified" : "2016-03-02T08:06:00.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[domain-name:value = 'opravnatramvaji.cz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:06:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69ee9-c588-402d-8746-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:06:01.000Z" ,
"modified" : "2016-03-02T08:06:01.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.228.3.204']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:06:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69ee9-a44c-488b-8cd4-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:06:01.000Z" ,
"modified" : "2016-03-02T08:06:01.000Z" ,
"description" : "TeslaCrypt payment URL" ,
"pattern" : "[url:value = 'http://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:06:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69ee9-cae4-4f0f-9fae-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:06:01.000Z" ,
"modified" : "2016-03-02T08:06:01.000Z" ,
"description" : "TeslaCrypt payment URL" ,
"pattern" : "[url:value = 'http://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:06:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69ee9-cdb4-457a-802f-4df2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:06:01.000Z" ,
"modified" : "2016-03-02T08:06:01.000Z" ,
"description" : "TeslaCrypt payment URL" ,
"pattern" : "[url:value = 'http://yyre45dbvn2nhbefbmh.begumvelic.at/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:06:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1a5-cef4-465d-a1fa-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:41.000Z" ,
"modified" : "2016-03-02T08:17:41.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[url:value = 'http://suratjualan.com/copywriting.my/image/wstr.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1a6-aad0-43bf-a29d-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:42.000Z" ,
"modified" : "2016-03-02T08:17:42.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[domain-name:value = 'suratjualan.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1a6-0a2c-4927-9a97-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:42.000Z" ,
"modified" : "2016-03-02T08:17:42.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.185.166.27']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1a6-c094-43ab-8d93-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:42.000Z" ,
"modified" : "2016-03-02T08:17:42.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[url:value = 'http://imagescroll.com/cgi-bin/Templates/bstr.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1a7-0374-47ae-bf20-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:43.000Z" ,
"modified" : "2016-03-02T08:17:43.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[domain-name:value = 'imagescroll.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1a7-5f70-4618-8c63-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:43.000Z" ,
"modified" : "2016-03-02T08:17:43.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.210.141.228']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1a8-c038-412a-951b-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:44.000Z" ,
"modified" : "2016-03-02T08:17:44.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[url:value = 'http://music.mbsaeger.com/music/Glee/bstr.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1a8-4218-47b5-9e10-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:44.000Z" ,
"modified" : "2016-03-02T08:17:44.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[domain-name:value = 'music.mbsaeger.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1a8-1be0-4af3-80dd-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:44.000Z" ,
"modified" : "2016-03-02T08:17:44.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '76.125.213.205']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1a8-9dc8-466a-8496-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:44.000Z" ,
"modified" : "2016-03-02T08:17:44.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[url:value = 'http://surrogacyandadoption.com/bstr.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1a9-1564-47dd-90f2-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:45.000Z" ,
"modified" : "2016-03-02T08:17:45.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[domain-name:value = 'surrogacyandadoption.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1a9-ebb0-4eb1-8dc7-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:45.000Z" ,
"modified" : "2016-03-02T08:17:45.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.26.122.59']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1a9-0318-4269-8b15-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:45.000Z" ,
"modified" : "2016-03-02T08:17:45.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[url:value = 'http://ptlchemicaltrading.com/images/gallery/wstr.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1a9-6b38-46b1-b94c-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:45.000Z" ,
"modified" : "2016-03-02T08:17:45.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[domain-name:value = 'ptlchemicaltrading.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6a1aa-a4c0-4d72-998e-4ded950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T08:17:46.000Z" ,
"modified" : "2016-03-02T08:17:46.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.59.120.21']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T08:17:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d69d1b-43c4-4335-beea-5e5e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T07:58:19.000Z" ,
"modified" : "2016-03-02T07:58:19.000Z" ,
"description" : "Automatically added (via 87yv5cds|00f49ef0c6ec348788e6b47eed8a79f0ca0184ec)" ,
"pattern" : "[file:name = '87yv5cds' AND file:hashes.MD5 = '1224bf7d4e2d289c52d47784f7f280a7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T07:58:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee40-8bd0-4a40-ae34-4dee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:44:32.000Z" ,
"modified" : "2016-03-02T13:44:32.000Z" ,
"description" : "download location" ,
"pattern" : "[url:value = 'http://ohelloweuqq.com/69.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:44:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee40-df24-47b6-a357-4dee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:44:32.000Z" ,
"modified" : "2016-03-02T13:44:32.000Z" ,
"description" : "download location" ,
"pattern" : "[domain-name:value = 'ohelloweuqq.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:44:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee41-e954-4e5a-a3ae-4dee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:44:33.000Z" ,
"modified" : "2016-03-02T13:44:33.000Z" ,
"description" : "download location" ,
"pattern" : "[url:value = 'http://ohelloweuqq.com/80.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:44:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee41-c514-4e66-8e80-4dee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:44:33.000Z" ,
"modified" : "2016-03-02T13:44:33.000Z" ,
"description" : "download location" ,
"pattern" : "[url:value = 'http://soclosebutyetqq.com/80.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:44:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee41-1500-4be2-b933-4dee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:44:33.000Z" ,
"modified" : "2016-03-02T13:44:33.000Z" ,
"description" : "download location" ,
"pattern" : "[url:value = 'http://www.countrysaloonriki.sk/num/9987tg6v54']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:44:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee41-02e0-49a4-90a8-4dee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:44:33.000Z" ,
"modified" : "2016-03-02T13:44:33.000Z" ,
"description" : "download location" ,
"pattern" : "[domain-name:value = 'www.countrysaloonriki.sk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:44:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee42-fe38-4120-a37f-4dee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:44:34.000Z" ,
"modified" : "2016-03-02T13:44:34.000Z" ,
"description" : "download location" ,
"pattern" : "[domain-name:value = 'sumiden-e.co.jp']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee42-7308-4fa8-b12f-4dee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:44:34.000Z" ,
"modified" : "2016-03-02T13:44:34.000Z" ,
"description" : "download location" ,
"pattern" : "[domain-name:value = 'e-monalisa.ro']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee42-b33c-4f72-8f48-4dee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:44:34.000Z" ,
"modified" : "2016-03-02T13:44:34.000Z" ,
"description" : "download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '147.213.4.6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee42-67bc-43b5-9c2f-4dee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:44:34.000Z" ,
"modified" : "2016-03-02T13:44:34.000Z" ,
"description" : "download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.129.90.38']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:44:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee43-ac58-4fc5-9cd2-4dee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:44:35.000Z" ,
"modified" : "2016-03-02T13:44:35.000Z" ,
"description" : "download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.251.140.222']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:44:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee43-68c0-47b7-acae-4dee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:44:35.000Z" ,
"modified" : "2016-03-02T13:44:35.000Z" ,
"description" : "download location" ,
"pattern" : "[url:value = 'http://sumiden-e.co.jp/num/87hn8bv6r']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:44:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee43-ce98-4b83-b918-4dee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:44:35.000Z" ,
"modified" : "2016-03-02T13:44:35.000Z" ,
"description" : "download location" ,
"pattern" : "[url:value = 'http://e-monalisa.ro/num/7yh5c44duyy']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:44:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee71-24d4-49c2-a626-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:45:20.000Z" ,
"modified" : "2016-03-02T13:45:20.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[url:value = 'http://95.213.184.10/main.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:45:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee71-d3e4-4469-902e-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:45:21.000Z" ,
"modified" : "2016-03-02T13:45:21.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[url:value = 'http://192.71.213.69/main.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:45:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee71-6284-4580-8e87-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:45:21.000Z" ,
"modified" : "2016-03-02T13:45:21.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[url:value = 'http://217.172.182.99/main.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:45:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee71-0104-477c-9a4a-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:45:21.000Z" ,
"modified" : "2016-03-02T13:45:21.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'yxeaibmydkliia.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:45:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee72-cf98-4e5b-96d7-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:45:22.000Z" ,
"modified" : "2016-03-02T13:45:22.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'byfomaukpakv.eu']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:45:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee72-54c4-4ae3-b278-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:45:22.000Z" ,
"modified" : "2016-03-02T13:45:22.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'kwaljxqbuh.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:45:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee72-1fac-4c8c-98f0-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:45:22.000Z" ,
"modified" : "2016-03-02T13:45:22.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'xjrubdm.fr']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:45:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee73-8dc0-4892-89ac-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:45:23.000Z" ,
"modified" : "2016-03-02T13:45:23.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'hhmmw.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:45:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee73-4d08-4926-8217-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:45:23.000Z" ,
"modified" : "2016-03-02T13:45:23.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'cqjbkxsdpgepb.yt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:45:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee73-685c-4a14-b77b-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:45:23.000Z" ,
"modified" : "2016-03-02T13:45:23.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'ekqxlkjudmr.it']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:45:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee74-b424-4fb0-be29-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:45:24.000Z" ,
"modified" : "2016-03-02T13:45:24.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[domain-name:value = 'npqdiicmq.pm']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:45:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee74-a064-4369-ae2a-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:45:24.000Z" ,
"modified" : "2016-03-02T13:45:24.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.213.184.10']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:45:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee74-97b8-4b70-9764-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:45:24.000Z" ,
"modified" : "2016-03-02T13:45:24.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.172.182.99']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:45:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6ee75-6f58-45e9-ae74-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:45:25.000Z" ,
"modified" : "2016-03-02T13:45:25.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.71.213.69']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:45:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eec4-a29c-4577-b019-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:44.000Z" ,
"modified" : "2016-03-02T13:46:44.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A N Z t Y k h 57 N / Y V l 8 A A M L H A A A g A B w A Z j U w M j Z i Z j R j Z D J l Y W N k Y j Q y M j U w Z m Q x O T M 3 O D R k O D Z V V A k A A 8 T u 1 l b E 7 t Z W d X g L A A E E I Q A A A A Q h A A A A M O i n 0 T C R d d 56 P s k x 3 H d d P K x / D 9 i 4 e C Z h / U C L e J a 2 l y 2 w k / h x 4 B T M x t G j a J V U / R i b 3 r H 2 f Z Y o i p a z / 4 q g y i S S E F 6 J 6 o z u 2 j T 6 M J B 4 Z Q i 7 G 9 B x m x x 56 m p 2 U w 75 L w k S A B T 56 x 6 l U u Y 3 c Q 8 u 9 m P I w O 43 M S 8 Y C z W 0 E H x D H 9 j c Y K 0 n 0 X W P l e d Q L t I + g b M X S 8 f 2 / F g P Y z v T z n f U l Q y K s P L a 6 j x j r j i Q t Z J H u 6 r K C v s a B l z O k T O p s T T D 94 s p 7 R y Y c a R R m d 4 p N j h Z j 87 q K s B A B 7 K h f X G a 9 I j r i E i O y 4 P A A E C m Q X J 88 W X 0 1 z M O z K T 7 k h 0 t 1 b E c Q f B k Y o 0 J F j 1 e g m E V t 7 r U 1 R w h Z C y 51 j H L r 5 w b Z E P y n K c i P G i q H / R + f 6 + i U U f X 0 j E I q C + l m h L r L z W 1 K c i E M X 2 b i v P E 6 T o z 6 n D m b r 2 H I X K E B s K 6 x M l G x g 9 M 5 X g r Z c j T m U Y 7 e Z L b 3 U Q c r L 80 X Y C 6 t 2 x h 8 w L c Q y 52 z V l C x d o f z 1 Y f d H J Z x M G B S A T s q / + e f I Q G R 6 n z k I b R Y E q q 2 t N / v 5 x h O W F P 3 z o u J 8 V Y z 2 a i A k + K 4 x 5 + d P X b y i p 3 p 1 h J V W r X D 8 J g H 8 / T Z U Y B u o k X d E n p S T i P I 9 s x m d 1 H t o U Q O c A e 2 J S w 3 //2N7COPfxxi7+Z/nOasbK4JZFQ9RkYer33tmF5tx+Bp6nDhNkW3s6I9pS0MSNkER+d0cI2YgOxtFrmNq46sRgNacaIxCphzRWYCLMDwcxhL1jEr/7TupJtuX5TCYGatos3bi0HnOnNA07ZElJI6WcfL54HnYGvElIyyMSZ15Ft4Y42TB2/hcR1fyDCUc6ddzEZgALJcKvqU3ROa+OXqoXi+zZQV867ahO6Kwv0bN6VaO9MZWXB7mjW0mxmM4aTXL+hH/2J6ax4YfkJGlbl4Pqk/4mTb17zZdTFG+0n53nZOA8YWQAl1nbWDuNgjwpQNyIXRbdirUqZD7E28jAYWWQ3GXDDGMBDSI0QZIXBqt9Udc3tZy/twhDUta6KZbxEUtBmlk82uiN43wDnIJB+CYHX3fprYzyF6E2c3wZQVrXaTcXzi+cLkuxSFjc27rldBHVs8IcDq3FRHoFF0sckU3st7G5OcjxhZafZ7w1sPUH6HSuwnD7ovRhoRez76pDTWRDdC+vRR3VizTyACqiLKRNBcg2Ot5X//+KnJ1RGCzRHkBgo57vpKap/o2pOO80vkpovHFGywwbereef8G/xPAG1E1wtyBzngWjI48KqvEK6Nt/c6pqrpcFfL9+jCDU7fK9EpQIrvHKSk3v0FATGMP1Cumh0p+Wd2m9+QEJlPK5E75baIyFQiwIObAO5Uxb1b44nSv3mLzzYQBdzGTYVuoU6PPEwgf/qPwHixYeFGsTqjHNCXtn0JpWVUeAvM5DYD1x+89ZISxTuY/z5gl/4cQSLGc3oXIjDdM+fZA/s9B9Hvr9IkOUIi8ys69Homb55/gr/6JA5++IMeRmeR7fHMZPW56p175f8o8AWNsPRJhOyBw/sS5dkTSpra9FyjdilkVYs/KeeOPj1lJoniOFV9bEU/jAZqHLolM8FJ/2bBZ6GzRXgsZm1pelOBXVWoBdoAItv8U0M2bqjeCLT/1yeeXxf/XrFlJ/320TPRmxI/+Xf/I907mQdOAZbbVgdcnskCO9sR9YL3AASH7G0NKven80d5O+HlYZyDfpZzOWm5rsu2Q1y2IZwCXuFcPEt1CLX4pnEdRj1SmoCi7dgoWAv8aBe2Sh3ldMj1TMz6gRZJqTx8PEMtBmaYeBTYvJLZ47j5D7XlYWAerIZCJTlwlyHV5Ninne6m/YXoRgwABw7g1KNfqOvWMfDOebcRUxrAvK1Efc93gCVXLiWagSb1YHjjynVRp/UTVcL0Eec3b/E8mNDAR06LvOF/agV9uCKcj/H0fNCr5fETgAoiNi18L8cwuuoWKxDnLPGZ5J6sw4ldK5W/EGYd5WCENgzuS80NVabnvhzdRAm9HJUWhqZCJ6goMrBtINZbLkOg60PofJR93lZERotM+BqjRxKbTPRSNe9fIWaaHT4igH7ztjFH/G4yHRe7wQRPEPaJETpIqtlUJ4V3iUi48HWX/+rZwn4yDrNem+xwu7fUIEHyk4Q0Vl4dIwkHgA0dYe0fOzFEiHfkF0NCIKQnqNCo57jLOlun/GZroabvGnpCwm81d0Pb3gPFZvHoRkrHPbscDkGDzGSvTJy6FG296hR8xak21+G/a7SBkTDBUYyvHWAxX3cy7sHJA9yGGhcaCGoy57dARoiysCDl9eiWX5aD0kg6+gIUj6Qckw5APStofyn9lUvlaiibPcbn3k5K28sB5Jq4hxZFHIN1BVJLhc/t6CFvkxPXwo4mWty0wZxin3y4dec/1Z/F2tYhVrJ78qpbDF713CnzaCQjTyT+bncdxqWG/9L99l8ftzzLuvlut11vQ5olRLercLW0sCw36J5CmbmdrtFn8MNMpStue67i7MNUgPGA39fPGeVOu/UvxMSKgkSXXfbMYI4NsntjQSef1YfpvE5s3MpwZXeL+q6KTce9hkPp1Y5GqSNspG3+hNVUHoOjEzM+ntpjsTHfRX96Fl2DqbofYwev81tDRPRRFPfb1iHqs4xTiVdcCFO7ewuzX6WJOkWWwQl+tl6cGqCs08a+4tyjD81HxevCM4tbiWbR/p6L4clfI/koHpK94AgpyoSsjBZKPnSlHv4W1Vl5lQwWBpN8ajVHqCLVFb03YtbWClhfGBhR8wm3tvqWA8WQL5yNzyfU1nEQtsxXOJtVXWgymanmN/6974xV0ZUaec13N4vK3RfAl8uAQUENlgUEmwHoitan5DJk4qz6BZlFuQ2bbYcIXCQIrWghZglRm/xxh9oZXJBMFoYcLykY2KTes2UXVNhpIfY3iGkYwmP136GJHciYRPdaVLTSh+EITrSGzKzj/BGg/cdixUtOG0g9Q452U/IN7Lh7gzYaCHi83T/GwJkaKrW6mcwlg2bwRmPabzN21x8XnaToeKawc/3XGJIULOxl9af1sEz6bajP+1vSqjWj91/IbOfWneRj7cOP+AsOC3dJNSFsf5l7iC3Dx08YfaCrDLGfHQYg0DBccsj2j8qtVI9cfDmLJNWf9dTJwVTCoRfb06QUnyZxmwH9ASqmjtS5ymQAem4PQV7RQEwhb6Vn5YciLRcbaFueoTG2oRQZumYqO6WKXE/BM3VBFKS8Kqbp0fcRX8gPG0EESyHeIs+BjIojiy/EYhtRbDNxtkgykh7b96YqWV+QLYlRlw6YDlSQ0oQ53J/LRKLVzXfKkUEi/ByNVKeNXP/f2GRydpivi7pj6F4eOqKKmH01dxqe/fcmLdbQzjLeCtjeMxMck7/xCYHfc6cqRirrFEbREe0NY0jlHRTF14afSwIpJJdPRHD3uvlZtxTRK9Nf6rtqXgm1OVcwb7ph5AYft6dT4YZ76cFFxr7sNHmvOMHIKV9etThRkRDJDLCyf2YWYcSmrgb9BTxo5HbMj9WhF7eSQxCKAYvTwpLKxmAE7OuRFk7vANEJwvPo2zC142tvS+11pn3myzu3DHP2EgQeS6SnvjHFPcfDOw/tV//ZSlfYXT6HHk8mSEBcihW5FwQJta7+6wkJU7AW20OAz/DitNBQaCJWXHmDXa0SaX3UBrr2Hn54gWuodHpipv8tOkJLULm6AFkmZEGmgnZuijwyBx/x8cfuumyWM5B/8c7hswES2ESugs7ctgOvnHoDlOG5lMC71veuWOboTzmAZc2x2EdSRcnDpqJnrYc5kOMqDPZ0cCuMG1mQlfCRYN1iCaOVXtKzuVIDyIsHl8xyEaBimkOqGH02RCEUEf3TL3Jf0EqNXu//j8P13K+svvnXY1dOKzvS7Vwc9wf0+5lGCr0SeyYoN/gLa2B/qEFubk1qW5wUCFtKgP4qt+9yIV2esUCImgpQTdbCDr7pj
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eec4-2028-45e0-bbec-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:44.000Z" ,
"modified" : "2016-03-02T13:46:44.000Z" ,
"pattern" : "[file:name = 'scan_614074.doc' AND file:hashes.SHA1 = '4a9180b4ab7376c5ebfe35c3cb28bd0cb8ec1b71']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eec5-3558-44fd-a22e-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:45.000Z" ,
"modified" : "2016-03-02T13:46:45.000Z" ,
"pattern" : "[file:name = 'scan_614074.doc' AND file:hashes.SHA256 = '87e7a4539ee55671113e0c75009005517aa0ee4438fb64b3d4c4ab13dbfe68f8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eec6-d510-41bb-8b0c-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:46.000Z" ,
"modified" : "2016-03-02T13:46:46.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A N d t Y k g A 75 l F U l 8 A A M f H A A A g A B w A Y j k 2 N D h j O T Y w Y z Q 0 M D Y x N j R m M G F h M D Y 3 M j M 2 N D M x Z G J V V A k A A 8 b u 1 l b G 7 t Z W d X g L A A E E I Q A A A A Q h A A A A U M 1 d 8 W q A s p q r i W L m y q N h 54 D j u v N f Q M L b K g J A l r j + B q P f N G i w N x i q e j 58 f 1 K u F u 6 R C H q l w s F 5 x K C M C k I g 93 Q T O d a + x H R 0 48 j 6 M + I H 5 h P 39 s / o p Y B v T Q h b V v l 4 m Q w 3 V d a Y u i v v + Z i u y d 0 S O y E q 6 T i J P T W t o Q k x T A z W c x n d i b q Z / 2 p E O I W b r s V n P 5 W v b t w l O Q b t T O q N L i w u K A e o X D 6 I m + + f q p 4 W S D E W B K J R G f z H D j O p 5 k i a h S 8 V s j W 3 p 11 m N H H d / + d z t f u V o B Y u N 1 Y W 9 Y u e b t X G s o W o q i + m W z b A P m Y I W t b g K x u U 768 f 2 p L S i C f i 328 q j T U c e P x s 6 v + p h v 81 O 0 D P Z k 8 L p T S 4 l D T m 9 h Q t M b / D v Z 0 R 0 I o S u 6 f u F A K T s 2 a 7 Y i r Q l S K A y O p k + F 3 p Q o d H x j n p 9 L z F u k K D y O l P 3 N u B c z 2 Q h S Y V d n I X I a R P z H f g O J F k k J 0 10 Y z q / l 8 z T g 5 n C n U + s J 7 / T u Y r h E 8 R U S 96 I Y G 99 / Q X l R 2 i 1 Z V J e Q 4 g B R c g P l v K o b z Y y c b m C s u / U z r c x 4 Z W u z r h K k s j 3 S 4 m k 4 W p s v k t L 2 t I r 96 O O Y R T a F M W S i H T F H 4 O 7 a o Z T I x L H n q 4 I 4 R m S l 0 W t 6 / R e 3 I 8 U 1 V L Y v h J S p x v C k q 1 g 8 s Y S 7 m 4 Y I g A + D d q 93 q Q m f t A R 4 c m T 1 q w k 0 U Q I r V H x N j M v R 2 z 5 A R F l U 6 a a c X A L W w 8 L u W J d 7 S H m U I e E f t m z K Z d O l J / 4 O B T k v x 7 h 9 g r 7 W a f T j D t R 0 n 584 L e o C z T 9 K u K l P g O p n H V C g A A w B p z c p L m G e f w H O u c B D o h G U i 0 R V Y w t 0 r k E F v 0 3 c m 1 a A 3 g C p N k g n 8 C Q g 2 N i G f U l n v S H N e x y + k 0 i 4 d A m J s C 2 b R y 4 Z / 7 X a H B e c V L k o b c k e 0 6 k a f s 7 h 1 b 6 z T 7 x A Q i V g d y 0 u T S K v x 7 x o + 3 Z k u v Q Z X H S 4 a C U M m H M 79 w R f 3 / s 2 l b e H u E 94 S N z d z r A k 2 j L p 824 v 3 a e s j f d P w t 8 y A h 82 E S J P 6 h 1 Z 5 d U I g M g q D 5 r a q F l 9 y m x 3 k A 2 c J k z L F I W L V w 6 I w W M s 7 v r t U Q 3 p X w N Y P j 7 c T 5 Q q M X j v N 26 p J 3 r 1 E t x h j S P h 6 S j I / s 8 H S 6 / 82 R G b C P J U C 5 m 9 E r r D + H u K G G J J x v o S 35 c x Y A O 1 U v Y l 3 I R P n 3 + E s U S P b A G n N 1 k a d T A Q e U 37 g 5 z U X C 64 d a C c i 20 q x L 2 O D J M L R 0 o G E A f W N O 8 X N 4 z h X B 0 P C a U 0 t P H 4 I 2 l L C w 7 s g i o g k b C k Q A J c o D 7 o j U H x 1 K Q v 0 m v 0 Z s z d J U v 42 E H Z w V K h t J Y Z + n C a X s S Z 18 N o o w + + k / S X E 8 f a X d r z 0 S d b o l d 6 y 3 b a d / R R 6 d K n I D A n w r n s U K U / 5 + l f W 2 + H g O N p N K D G 3 w p + l c k K X p o e C 0 X Z g m Y 3 l O R I D e x 0 Y o c 5 b W z j g P q N f K p Z H t U S N t l f w D G U v 35 x H h f c B x 70 b m N R 8 z I I + C s U T o g D E C W R H J w A y h l t w n V e 4 g s u I G D y h P 2 i 29 X A b 9 P w Z s E 6 q h S Q d F a b + Z 9 i 8 I c G i i T Y 9 y n M 2 G y m j q f + 1 f 9 r y Z t w //QpDg0XuZhmhwTtxq9+kameL1H1lVv3S5HOvWqv8DoN19MVKvYQmdQApKXrzgzx6Y7urK5XBo09+HcR0ZEj4ip0z4pFndWuA7SirKyqX+lPcz6GZXoDfC7H5M/UvidFSkSuq+uWW0FUYHMquj8P5PpgOVsLECdbHja6WSVg+8C1yJUKyxn9z2XdxWyyhdm6gqRCUIHTo1ECXnkXxzPqJ4MOXfsJrOVtXcEfnP4OaDOqIZjQ2yoeHPtN++i14NJdXE63Tf51knA40TxPQS6oDhMHR/4X/3bNH9FtNn+o1u8z/wfuY2axn6T107AyeGQp5oDy7PtjUt+j11c/SeoQPT58Sp+wUD6Xe/nB/DyX1BMbayD0JPxuDAiwxEqRhWl/cqcYV8PHpRbEM94kROD+5Bj86Vsm5YFPl5dnSqo7+QDjHlQ8yeV+xcYjOYNCfdDv9VwFk1lxVBmjLmRnY1QgDEcrsIAwNIjasZuw9727PSKmNLVIAHrOxRNcyBwZxqNISarNKd4KcNX0SkxZ+uR6Zh++SWAB6S85LiFihmLMU9Uy0U4TqCVkzkxER6X1vjGu6N1K7kWh2EyeJAi9shyrHzFcPxOuwCikVBWuwzs04SQeo8Q+liqeU11szX9W/JQs7iihaJPT9ZG9G5X22HFuOMe75q3h4vHvsegCCu/lVlPIosTbooj301BMIzSkUFI0szA4Tc3iBqFxS4jZwXGiNcsaMh8+3T5HmmQIL3xjorTx6wun6TMA+CTIqavd5fjODcQE5dV3A6HG7dYnumgcY4YTcN6Lm9wIZGB2eK+3wAJ2omDM2P6NHgXClouxyLkY3tfo0cleKIkXr9vXcvRWdLiLi5jYo0L+rwhAAyVXOxk/Po7ULK+QcUwXQggA1dwo4m9EqqXLsoaQyDUDFq8szknwlX/iWvndtQ9wENTNSHAX2B73ZoJijBcT83seecVIrzO9mKUrv2LrpQvqmgLmk2vK24G+P3ihQkB+NwJavh9L/qUT20/98+Rd3DYwuO7KB1tpcX9Xq+kF6t+8q8xsTmDSuS0CBWnJhr4YERux7pitKERfM4AeU/f9G27KHCZ7oZ2+BGbBXHNrYVDJG8r5G0f3nMhdDHJUd1AKA715KTPnWMBTa8mM2fJWKU+PQejKWZZtzd8fz1FpS+X+wEaElMoOWCJHRClt1hIpDqMyIjpidOEmCn19WrCu5k420+hyzd/gfCgO+tC0mkZctURvEaFK/HZbC6ZEHohj3bgK4enRPKRNfirGAIDRmGz3SAJwI73asWaXndloQZ0+6VcHLoao/s2D52xHWps7lZxi8GsoY6tZEDg1mRAi4OCMtpYzEDYboSwyzeR6hBAz8sDrReXgopaO/st556Jv4QMoZQ5zH7ItUq8Lk39ekyRH7kfd52oZOCXX11R0j2Hif27S3Ru1qR/vWQ3vweaBZvVdGgesCVF8qWRko3h0fIfIjSAuFL/BDJtd8Qw4bTTD6haLJvjVW8fYOzR+joE1oHvmmKe2qbFDsACe7K07Kg5hnyK/ipmAqwdn8fDiLpg97fELz6DLPXFcN0lXgPbnX6pz0buy2a788jIOu9b3arJ7GEgMXhLly4F4kPNe0xjUiYbhwGLWwFrme2KfSjyQ/fFPWLx2p49ch8quzh9VMk0alseMWv71OIVoxlk+pYMe5tteWW+jxRvKJBweEi6LB7xkmKKXMJ+0dJMJNfwQB6JLOIDplT1ttVKQxvzr2ASa/zPDwMYbPSdOwfMyCyq+RhQaootCTB6AyVdnsE/Fc64vHlVJyM6bXmTgrS7RbuD9s/LdVG8ZwW2jITZSH078FvNSkOm98FPjbwwBA0O8atEE7RtazIsZCZ3umlU9iD16p0/oQTv6YOd/D8R95hWUfKm3BPyXpOrmQa+SduUihMRSjkrLFBKac0RcrRTdogyng7e/SUWe1ebZjUXwIflIIdtFmd+opOLAICc0XOenPNMU33eBz6AqDRKeVhnEHJ5bqCQHrl853BKrmQXY66wyNw/F/8wISQv9z1yVmHZA4CVyZPO18eLZwBGAoe4Qd4h4sWdaJxzYk7FYDeZlix5r0jLDVYCUHAGSEPPx0Kzp2D5jKQNcNR/x0nWac7Dk0f6rP/QN323ewnELJ6gdmIT8hkyZ7FdE4d+YkqwJN1g1/U3FfXS+xd3zns7i0mUbqjGBuUIw2RWrgoK7w9KF/1HxqdQP8EAfqLkM0NXirRnAkskEUBpJgPOp2K/d2rvmBtcQ6LJeW0HLpHrU9iWSEu5Cy7uzk66p2/LfR8lIJ0bIR/rbMyMrnbgbO4GSEcQu3B5iRD2tMACM/P8AXsSbY1Pyj4osTo6rXTGAwfxjE2phk6QofQOrMVOQkuEQh1gvLpNHXgyqicZIAv3Hk2s630ZmD4Yiub6CI9kvUd5PIk2vBUlaDf+wyVrBhkyHYkUAjW7kzUXM
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eec6-0df8-45cb-9231-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:46.000Z" ,
"modified" : "2016-03-02T13:46:46.000Z" ,
"pattern" : "[file:name = 'scan_484492.doc' AND file:hashes.SHA1 = 'a701439cf154dca916c9638464f7d23615a3e51f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eec7-cc64-489b-9079-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:47.000Z" ,
"modified" : "2016-03-02T13:46:47.000Z" ,
"pattern" : "[file:name = 'scan_484492.doc' AND file:hashes.SHA256 = '90ba881b1eefac353ff9b080ecb83cd360b2815ba47de9d9c07fa19af6461575']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eec8-8a74-446a-980f-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:48.000Z" ,
"modified" : "2016-03-02T13:46:48.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A N h t Y k g M I c / 6 U 18 A A L 7 H A A A g A B w A N m F l Z j h l M j U 4 N j h h O D d k Z T J j Y j E 0 Z W Q 0 O D l m N j g 5 Z D Z V V A k A A 8 j u 1 l b I 7 t Z W d X g L A A E E I Q A A A A Q h A A A A A m p s 3 U r m T G E v E 4 C b Z m j w h 17 X G 28 l q E t s f v K f 99 V 7 i l C L b j j Y t + Q 0 84 K 4 c G c r z O H V 0 Z I x j B g 6 F p Z V Z L H k y 9 w x O D B A 9 Z 0 N E x t y S t W Y a U d w 97 w y x H T D u z Z f U 2 w L 5 b s m C b i e m N z l 6 u 4 G l e + i b + V W t T a S P / B k 6 j k 0 e D x 5 g P M P q H X a S E T Y a j z i j c D + 0 z 1 V Z o u G 3 l n 5 c 1 a U G v l r + w x Z C s B T w G 902 i t w c s g e Y l 8 z O G g H 8 g 66 U C d + l 1 B T 9 s M f 8 C + y m O M c L H n V 2 r p t D r P s L m x Q K X e b P l Q H x a z 5 + X e G V o M M 1 s O C J J v O C l x L n Q D A W j 1E8 y N r u T o u o o 8 D 5 v H Y 5 v n S 1 F o d L F p 8 G W 10 m l V 44 X u x X S 3 N u I p y 3 P / 2 i G m q A p C y 3 k V q Q q K z 2 o d a I q x 9 S b Z x T u h 5 S A W c g W H q i 9 L u n N O X 5 z m t a Q q o P j O O y E Q h y h x k Z b A l y R N 0 Q 8 H / A w F L A Y O j c R e g Q M j 1 L 0 N a D v A u q 0 Q A K e w c r J X e C F c / I B 4 s 0 q E f x h z 6 q T n f k V e t o i B Y a j e S a 26 q S g z H K Z O i 8 H y 0 x e K h y f I H H R 6 b K G L S Z P M n R h A 5 P 0 u D a V E p L 1 I b m X Y p K Q r E b G z E z / u B q m F K i X O 9 g H w S r U o K 9 M A y Y j o P B a Y U p D B J M q Y r O U C q V L C L t D F U V R V 341 O S i v W K f M E r N c O t f a r Z 39 x V 7 y / L j O C / z f 5 A 5 K + p z U T I I Q I I A + s + 2 x k l A Q q 6 N h D b 6 b 6 U z f 8 l 3 w m v P b w y g s G 1 T J G h f j A m h Z r F s X 4 M s r R y i h E / t c j g + T w F R I q g X q q k 0 1 B w c X p 5 e W D Z A F w V 4 t E + y h W N v H y n o U k f i y e D k d C + 5 f L E x r y v e 42 C Z o v B V f C c u 9 z Z h w P p G c L x z D M y V W e F 2 M L n q T v t P Y x 533 a + T K l v j 7 H c Y P q P 1 Q H D c D R V U i i 2 W 4 t U u + c a W V I J Q I U a V R O s K d C / h G D h 8 M r j E r Q H G 5 y 8 V q H l h D C N u 2 B 8 t b n / t 64 f 0 H C D J d Q f c o 0 L f N G E K R w G u M v s j b Y m z / Q j c B v K D c 2 v r n m o I n V X h v r H V c 0 0 M k H K k E I m X r f g X R B P b 9 P I F J 51 D J o s p 5 o 3 W w j 6 + U b Y + H H Z T f r N B / F j A t B i A 6 l W o 4 r r D I v + v 6 q M 2 Q N L B i N D C U k b W T G m e d G i C f f E 5 g M b Z B r u R K a N 1 W l b K / G i a O I k g a J E i Q M L T + o m g v g / u E V 77 n l 9 x i L H I 3 w U + g C / O w F P L 7 O N h a t v m S 4 Z 0 p 751 k H l J G Q 2 u u + g I K z 7 Y t 5 n h N C B c 9 B O w c x p c H P L / 5 Y x n T c 1 Z 4 / i O n a w h v T 9 b 33 n T L q + 66 s x n J N g c A O f n d V 60 j I E y c L g 7 B U q H z n O K X X h V g 2 X A G 9 K + 4 G k B y Z b l g F y H x u N O l j W 4 H U W E z B k Q v q m i j o K A R e y m 9 q F O u G K Z 9 e K s m L 41 i 1 k v 5 A l 1 C H 14 I b V S 6 i 3 R D 0 v O i N Q Q 8 Z + R 2 y z j 5 d B j C n F A V g K 8 z I t 4 K 3 w 7 U S 8 l S A k x k I + Z Q L C b B 2 H w 6 Z t c 1 / p J Y o R K t s Q 5 c p s S W a D C q M n C i S f 0 E k c r B Y 4 S Z q p c z k 2 u P C T 8 t c l S f 8 z v E e X e s + f 4 f T I T v N n h e 3 L + G B k z Y T w M N a b z M O 2 v T S 0 b 8 V z w 2 d F L D x W b L l z k o l c t g Y A t i n 5 s O G R k p v U a + / 6 z l l F j / h Y Y F d p C + / S p e 8 T 6 l 0 h H P N d 9 U x r Q g Z R F C O Q 88 Y 6 O O X J o 4 i 7 r 7 e p F v 7 U z U u 0 I r u i Q V H e x u F y 7 d v d f M 9 m g N O z m G m D I O v r s 1 e Z 9 e f D C S J p W U h X 9 U h b T D W S I A c O n N 0 R v w d 656 i D 88 V r n p J h i q / f v r x + Z y T 6 K Q q Q r M G 0 J C d I l S D c W Y I u I D e X 5 y N N 3 O 9 q u 1 F 2 L E O 47 p Y w d I G n + D z c Y Z j J L G m E 59 o q Y Q l J I G L N W 9 J z y 17 H 66 X s s k D b Y Q I f 2 w q Q D q Z 3 P d 7 p F U b i r N C 1 W r 4 C c E s 8 K 3 f r Q N E n a 7 F b F k J K m O Q I q T s A n t T E w d 31 B 2 S G 2 f H V U J T F j v W I g Z M 29 A Q I 6 Z u M 3 d L b a e F D 28 L r V 8 M J 5 p R 1 I B d a i S d f s D F A U y i C T k T n v C 9 S t q W j w + / U 8 e U 5 v M D n v O J R o a R m + p A O H u Y Z E F M o R S a 4 H b / r n 8 U G O N T Z M W n A 48 R y 8 R E y e G l D f I G x a y H v t / o 1 u h W T M O b 3 J m Z + 5 / e q Q E Z 80 o L G c z 5 v o D X E i y t h j A C V A O G l s D M 0 X M m v z V T + W E k e u 3 m p B a 86 W I Q B C n w U k w r T B T v C 9 / y T A 56 / r 9e0 K R o 25 H W P K O w D W Q J T F b k D B b d Z w R c a 8 h e f I 1 P t 0 q U 5796 g m E k / u + a a a C c G F g R I B y m P c 5 d P p F k a n 4 X C j h x r X n W a 1 I a t S + E L L u d 0 H H o g p g D m u G G C G I N v D P R V 84 Q 8 S E 8 J D j K 8 V H A c I q 8 W V n e j + 50 d c J p 2 A 6 J t f j T F g H Q y q j e R 7 u F W q H N a Q c B 5 / b r i U X T r Y p / x j S C 97 d a c / p g 1 v N 7 x Y w T 5 j X v i 2 s O D 52 w m / Q 2 a h u n r 6 D Z Q 9 v O e y b 6 t 60 Y X p E V i v z z H M Z 7 X f j a / K U e C 9 L + J y 4 w 7 O w J 3 + W C w V f W a F B Z l K w e g 2 p H b 8 G l m s v X M U G f o r X 10 X i k W 0 H w G W U W d X Y s Z + b E 1 m Y 8 O n Y f N m H H w Y N f 4 i + d Q h k Y V r 8 i N z q V b s T C x 8 f U B A W 8 C 7 U 5 o G D z 5 z F m V M H h b L q y 8 z A l m 8 A h / Y 2 Q g 0 / s + q z 3365 f / W / 3 x x y O U 4 Z 4 Q f 1 t s S D / u X 1 r c D w o w 51 U / + Y B O 2 K Q 2 l N r Q G u y / i w U s 146 n j d K b c v + S 3 p w e 1 c B C y Y u u / C n H Q L t Q 3 T 3 n J c S L V k h v i K f 8 m D o u p 0 7 A 7 P d w O A C O D U U 99 J c o u B m t c V b / o R r v q M r j v G H V K j 0 r F v w x 8 e N 6 d p 222 u q 5 u 0 N U U d w + p N J n i V w l 9 / 4 M Y y E r x Z 76 w h k d Z g I 31 K N K G / j E k 5 Y N q d 8 t B k Q u F T m n e J S F p U 0 u 6 a E 0 T 9 V j x 7 x u C D n m y m K c Y a c + + n / 9 t E H z I 7 / d R / q p e B S 4 R h / 3 X u O Q T 6 B h 3 l G 7 f L e I R 21 O n N Z Y k u 9 z o H + z 7 Y d K y 1 s M 226 G k J r y K 4 f U 0 O k c n C 4 A M O m O m d 9 e R T A 4 P m Y H v L 5 C T t B f G q e A k 9 m P 3 p 3e87 J e R M E n 9e7 s 1 i m X i u j l m p 6 y 3 B r U V 8 V P Y Y d 1 q w 1 T h G q Y 9 / h W J K v T C z + J l Z w o 1 / j D S A v D U w p T 3 K J 5 K S N K //cI4hfEX16H8G2I0ZFmzL5705Ca9FnHKQ1APTrJ2eAdbCNdyezFsEcsrFTDPcdQ+XcYjzcDAUwL6m6+bwie7MiLCkz9Cv0vXlzQFqCAULEdbjVUVjjxRXi4f1FJ7JYyubtWSyr6mW4O5XXtjXPmmz8MsQOdCEs4zG56lUFo9W67kQU3X/GMLIgkDFfjcTdCU8TFxwqIeVCJUTzElAyXo2Ln8s6PvLi6SOe+N73CTKagkoPwtFCjtLg6UVQEG2My9rrA51K3TKQTCWp1o8dKAybLDKujma7BWuIkMC0p+Bbhb1Zh/9Oz1cA1EhkP3UBgX/rzxZge5h6rNYjQ0PNQDadviikCMd0JPSkDRnL6PESgpxPU7OLshs3J69ZXMYHHkU/zK4JIxTAxFVc99sS80Scuj6wQdx9diQZPI26P4PKa/AI8z1TXyx4BtdYj9fOM6aNO7BMxzagIRfxSBjIH4Q4inrAvovxgxeVH6UGyE/vcYUx/usxLQXwSiVu3N9vtHc+gASrX85YgnLIOabk32sTEJrDHg3Bvn+mM9tSAXNH90rgWiIK5jTAAuCZlth36aQZZZuR5bS2MzguNSiOhLk9jVuZdpzNWvKPYAcB5k6QrdVOaMh/bt0CVCBDoE+9MGgWWyXsCpUrYZQMhlB3b7cKCUiDwMXdt1Ru0eHbi72D95GgaqEOBd7Yvz8CZWHRrl3crgi4ESM3EcMZUuUI9POzIJ7d7XuCoBzVWO3aVnpY8+SxyiWU3bxAOdoV361BqzQdoNSNngj8fQwgYxLsAoB5Y62OA++OuLc55vs8ksCItYpniyLYBNqO+qtBru5yHLFM+zJUERLXPxWR+Y4NvAysis121TafD8Epuv3dbg5VnSk+L1Ai7tjmgiPb0JrJNyRVecBKHTv1xdSO+r0dBrrqoSaZ41lrMgcEscOYgJzQ5Vw
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eec8-ee0c-4e85-bd3b-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:48.000Z" ,
"modified" : "2016-03-02T13:46:48.000Z" ,
"pattern" : "[file:name = 'scan_480931.doc' AND file:hashes.SHA1 = '1a193d9ed78e782a6df8202d6377d847cd64a2a0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eec9-72bc-4a52-a2a5-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:49.000Z" ,
"modified" : "2016-03-02T13:46:49.000Z" ,
"pattern" : "[file:name = 'scan_480931.doc' AND file:hashes.SHA256 = '6b96d6b7bbfeae9aca79b65ab5abb604a3800207596354e3edd15736a79984af']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eeca-b7ac-457b-980f-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:50.000Z" ,
"modified" : "2016-03-02T13:46:50.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A N l t Y k g u C Z R / U 18 A A L 7 H A A A g A B w A O T Z h N 2 U z Z j Q 5 O T M w Y T Q 5 Y T c 3 M 2 Y 5 Y m U y Z W I w N W Z h N G N V V A k A A 8 r u 1 l b K 7 t Z W d X g L A A E E I Q A A A A Q h A A A A P N 6 f Z V 8 j B B Q z V / m n / X 3 O L f 1 j n c Y U S 49 R D G / R m e e c b e p o j 38 w J / H Q 385 w c X B x A G c E s U 2 W x i f h W E i H R K W n Q 7 m k 5 / j g X 7 y 96 I o X b C 6 R w y Z Y W p X h h 88 x x + + v G n e c a Z Q b t T t R V d 81 o Z E h 3 G R S j 3 S G 9 l O K 1 s H V 3 Y N W F y / D 46 S z R v s M B Z B f R 2 //LKuPyrUsGy094Er5Ee9ZAWR1YNPJl83RFo4em/CUBdmpjqPuzDdLfTriAKdFoUQUPRV6i5dtI8evaWMnt84of2wQdOQzYdbMxQNTYn2WvWl9qA8jSFtix+tZjrnV5hxs90WAw4AzfbV9CpLYHFm757GViRIZIUoIHzrVzHj2s6nBUncucQHWzQKr52Ag64+rTmtkk1JfrLgrUxM9kG1itiya6KHHkRLANce0Swxngh3hOzjNskGQGi/Cf0UtI/EYFn4fUxFlnsocGvcC/oCJDp+zk9Knrf9acIHUVlzoc1qhhlc8KJ27bPtAxDF1Q6ZRvjzshCtgQFpRATq/Kiq1U93nX+C91MeXn+G+mUvKuK1X9SNZF7vUvjWScj0YdMUh7Xm0D+CyMoupRbzbLjdlgsc0RDeRt8q2jMVFuIHTIhh4MQ9p3SXb1/opO6yW7jC9opvz9s0kqBGg0EYuTKHBZsqtb05rTxtbZZUIUZSWXwN2cD6vQczNzBOWec9oWOrlmnDTqoJrLP0Ne5BmG/V2XeTUBT/yWHbb3BsGR6JNSnBDYxEeJFAQLnA5GV0JPm4H0GctcJH+HXKhVeTdRW+jtA7EqGZA+L3iBKiZbrDqPBfmxfoLz0RujsbcsgN71h/9Xid3w/Ep17VOZ+XXsXZ9TCkDPaIqT+tNSi8mTRg5aYI90nStAr7cV1ei+OVRzG11OlPzFxhnQfgXxVofXjWeSNWrP/SO3oqDFjMzLdX4qv4TbUckpMisPAHgzHHU6Ca9nnGwejBn37Xi3n5KnjD+j5HD0UAc/qlL3l3uI256DCRsTXcxbkxJQTnBZ/yfBoO9EJQ2a9H8hcbaywlxir8iu0bglo22iI3RJHN1oH+xgsxc3NDyF+kevgrvwd4o2FLrsv963NDubPKsr2VGHgWBmLctap7LXJAx75OKGLoI+zAvXZVqyBlfk07OwVHTzKVVbvNjnsYHOXoxiXr54mRJAoDAQ9L/Z/otO0hEUU4Cu6X0q4qjVVL8GEKNR6ncHTVyuu9Wm2tvQWhNBLsChhok2xdPgLl9IooSxL9VPEmDGqLbYoCJSGrleXsOGsyMHRaZf/zyAj2LDc3LrPUJK06VFoMCx5WVO9eW8znruMd7M71IiHPBvgeHwzW14q5OJkn5y1CxdOMICnX5E6dRZJu5RgytkmqQl43/RQna++kwID1f567wUvFUj4/dJoE3us/tYxuZw+x3fBByhxfq6V1vwj4wBV8kONveonTFiGXXUU/J92gr0c7vOJVeOeKoB4ILNtGlgVFlWv6469s7NnxP7R/7G9uPgU3WKsudXyQumb/YwRily7ETee48uvUTbeLDEqb3aS6dhi2HeSnHeX0hvu00QhAXzraI6aY7X08W498+eS55S+acQGrst9OkDQqC3aCsoCzxtlG4n5u2TrrQcfvfUvNdHHzITZyyfQCcvGVXGTER1ZrWhQDjPa+D3eW55Pp0FyhDogUAmjwUfjOncYLy4igqS+oPo6maIJEF8JzpL0djYEsN2xrJ5dzgNsuatvVM808UF9JvQmC5BJlc9xfNKCwbK8HutlRKW+W7rtCK/tPKtLNMsup21t4+GFWIGZ9nL5Be6gwYpcXO/+OqM4pA9ZeTimFL0R3MMuNuAaXk+k+YoIspZMZpGy10I2q92jadTufColA4np/3f9+8IrXXo25kYudUD2/524yabHHx8nhGyLUeZDiVH8dG3EsHptCD6AezrPhrgwybKDht+PIyUzhCnAMmApuDinVTePO3OZL3uiHlzeb4dT14TE0JWmA41d9SIGoOcTW6+syGqU+uceV1XwTufJpqBQVSK0oXQo13z6GxoaeXxGqFre/SLNWzY4thBFRCKCO0i1tUh8g6CRV0vJkmAImA5rtEH7i6RlgC1L2lP3w70TT9gjzFYym1nqBa74LQNAYuIs/xPavb5PGOg3zP9qJnR79CQCbbDs68uq3MMdoi4eLIp2/+tRKDODaiPj+mUa3cgyxs39V2BEPWGBRlXFsbZsZzyUaso+MqzYuItuPUMElGzHKkI972ohj9DYFlq9gQ53+vKMEOEq1edinbbfYpt0B79hJ3aZ7Ka09hHwgopy8yjKvWU4DGc7FIJw5zaHJdsxv6SI6YVfeakY19gOeBQ1YXQuxpWMQBUk0yv4NKY486gBVx1+rIrYiP3yNaJfqE75Y2C3YeRqa2kmG0XKZDPTG63WjXrb50fjnwTCnUizT8HN94pd/Uuyq1bsGHPYUOUGB8piHeZcacUFNGjemgNdBQvdaUHiZcCwMZT5HzaPdXm9aKVCUwIr4CajkpA1Ll2wIl/Fyoce7BoK2KnQyjK26y8BT8rSDSt6g5H8QjPXvJYB2PA9EJdLoNilj3+TpmSnRY7Y5UpUcPACzmOaKfm4vNdkp6rHsjpBbvWV8GKFmvGA/92CXKSgSGc29AmpZuNBQtGQxtVuhCgzGU4roBzE+5IQ5XiyEdXxlkXA+p9087qv5UP2NDBwL9afHuXTnPGX9DsBgIQN1vAnxOKhlQyIV/70sr1o7ylez8RVRCI1JSaJLeXUWYfC3Dx0tUQLuBHldnJ4RRQPF7MajFQwhRk5+Dq005uL7JRki1lFADQqlCu+wqzbM7gOpAA2iAnPThK3fiSmv2u6m1A6dWpsMRv94/zn8bk3BULLPjME359HLV60ptRsFGWuFRFPdM1P0Jrv8c5+047oaHdDD3+YJGef+jv4HNgqoiIANYa461QDA+ihRJKLm2acSpLVkZrbTirR/CqcMWjJbKaai79QBNzzipw4gN+K3XeOkprulOeVAqk+aFxBaPduvmndnBP/VC3SIlE6nXAZO8xCB2ieBpzfLxuSRxyxxSne6//AM2g8M1Z4s6I+cwB/cujQXMMwQufPsITIXRO75hQnyyvDxPTahWnnDh+VYM91nbCBTJauIuxTt5Vb0S4j27uGOEarFVkXCM92QNx8Z2ktzwhVf2nOPj6RGEImaXABlIs0KQKLCorwWW1Y8l13kw+2p0isgiYwCkL1HjaxovXbaaLjDdOy0ACSjCZannnoD0IWglXPHRxvoOs+ZNkUG8wsTGlrsibA537+M6YE5g3ajNUsS1UuxlNEM8Z3znL7socSDlrAttxNuI31n+yAujSJLcI7ArqfeXPWkrumFc50bhzl3Pusb695YBdUoh9smVqcspqMxOxVrnAeYshMpt/AYSoxyurUanxEP3ks2qGtWiebqc+Vep2sz8KG29XKqrpayYxivJrNIIbgYQ27YlYvuwXpU8PtfKZlsFhfuIXiTpjoUewtETxuOEAvUPJULk1IRrsJZgbotL2K2D6emITH9bUz5ZFsozvUsU6YlWydMLrHAE6WsNmlUvS0Xs8I4XaSr8zpnWG78Jn7cRzAiihxyoXu+fofg4cWQXnecjQ+fNnvee7kv/SrWFg7qS+jp2L9wbcNNi0W2Yd8Kz7mXWBxlxCyWLcGk/MGYrFBgfJoTmUUx3Jgvhmh+IhT/1UNvfcFlnuzfqct3ie746CIgchuzSVTS2Uon0NPa+nbsnKN4qzhvehiH4IIZ0jXijLJZOqaFMLPAwMKAjo+P8t5B5jD23lyJdyR7zjBdkdxKAvg9+oBvFZL6YlEwcjAP+MAltkiTgfW4is1ui414id/wonO1+wOdy8xSAJi98qiQogVrD2xWtHYDSTgkF2RTt3hj38dfuqBxVGvNVOaw1U91UpyJr+KVBQOpkwrMYZgPYUK
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eeca-7744-4c5c-b98c-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:50.000Z" ,
"modified" : "2016-03-02T13:46:50.000Z" ,
"pattern" : "[file:name = 'scan_297724.doc' AND file:hashes.SHA1 = '3ee68896dcca97d8c67d757111f9fb6284cc3caa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eecb-d6e4-4039-89b7-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:51.000Z" ,
"modified" : "2016-03-02T13:46:51.000Z" ,
"pattern" : "[file:name = 'scan_297724.doc' AND file:hashes.SHA256 = '1190569d24ef5c3bc38e9b7e1e1385c123bca8813ba4d178614559c292b50669']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eecb-c108-4fd1-a07c-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:51.000Z" ,
"modified" : "2016-03-02T13:46:51.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A N p t Y k h + x X v r a 18 A A N P H A A A g A B w A Y 2 R j Y z V m Z W Z i N W Y z M D N l Y z Q z O T M z O D I w N z F i Y T Y w Y W F V V A k A A 8 v u 1 l b L 7 t Z W d X g L A A E E I Q A A A A Q h A A A A m O d 92 q C w 1 k 9 a K I W F j G h 5 L h G d h g W O S R z / Q d t K / q b V c 67 j B k B A S 67 c D H L n 1 Q + F 3 a F 7 b 3 H 4 W P i d 1 T w 4 n I p j n A m I G P j H f V Y N p X t C D c j m U g T + e 3 e j C B c t O g y W n U V P O E 6 I 9 M D Z a q t S B l a f T E Z r U j x m 3 P s 3 K c 171 f 1 q U u 5 M + / q z t 4 j G p 67 S 87 v 2 C K l b g A j w W D i g m R d K D i c l S A j S N u w 4 n / h e 5 t L P r 2 f d e N v h G g D b q 3 / L o Q v S x / j e m 8 u h w e F L L v 1 w M / 7 j b F E 82 F E j 9 q 7 D V M A u p z u Z 3 + L n r u f O f L b c 0 i Z Y 6 a m A A 21 j e o y J h r T d k V 3 F P t Y 4 X L e R h y r s r x R R S + i I U I B x Q b C 8 k V 5 f I Q w q M g Q u n 3 t W X D q m g P 3 + u 4 M r i b M d c h n c F t f u L r l C 9 I 7 F E d m 0 P Y p u S z 97 P H a b y q g z 7 I T a c e l 514 c 9 d D f X Z q j F q T L e X 2 Z i c a V v 7 q B I R 6 r A R F X X 8 F 3 z P l O Y J R x A 1 a 0 22 m V 9 d Q D E + d 7 U o m r i e w l v s W l k 5 S s D A H i M X s V v p q y l / C v p X V D T F u H m Z e U D o D / W b 0 k s a + 7 f q + Q b q X 207 I f f H e E N t l K R R n a k C 5 e W x C 9 c 6 + f X s b k W I U o F U b x W n t a W B N c Y 3 w D Z O 18 m m Y A j w H 8 Z k p x Q m P L G T D j x 2 b G D + 7 m W c H k 5 P 3 B + t D E f W Q S n O U E R 5 G t t Y O N 9 D I p n A H K r A w o z e M O x n j S N n h x V E J r U d Y 7 X m H r k 0 g w c Z s H G 6 G M 0 N v I K W G d d U y R Z R j Y / A H / Y f x 9E3 + t y L z 3 u L K q U u X 2 A 1 p F Y d R Q W E C 0 k W k a Z m L a 9 n c y a M o 1 j L X Q T e k 0 j J r w 4 b L m n c I G M U v v E U 2 y F 9 w L m l c 2 A i F K b r C N 1 m P l 3 j g E R 4 z E O + z e g e I a u i 4 V E N V y N p 2 z o g e q o U n P t L V z 6 J 9 f w V o r Z V / R u e N Q I Z p O A W 3 r C 6 h 2 I A B 0 k g n q r J m o u W u o M k + 3 s Q D s y 8 O M C 6 c Q U J H M P N k Z V U P O C u w B 7 S U Y Z 8 r k 1 C z 857 e c X K / X R t t j t / + s S u K m Q G / f G A S q L B j J y / p m q j J L 3 Y z R M k u c x O j u r s p L W Z x R f k u 3 N o P c 47e0 f X 2 f u g 2 i K D 4 A p C a N A x 7 s F J o D X p 5 q r I d 1 O r G p G m g I Z X b 0 Y q y x r / p l u 8 W o / i l Q n 7 M t 7 v 62 F D 99 x R 9 z 54 G 415 R U S / R F 3 r r E 655 W s Z f m 6 C O q / 1 b 9 p 3 H F 7 Z t E Y q m 1 H J G o s u G 3 f 6 e G c c B s B u T z D / V D B 79 G k f E m i o r / A l G U T 8 q k l / 1 Q t 8 T 8 F o O r a H N X k 7 a D s e J q l 8 R d g Z w E u o E G 93 y d b s 1 O 1 Y 0 V 0 6 X Z t q q J N y K J s l R 1 S O + W v A O D G Q U 2 A S t V b P T M N / n q l C V D 7 Q 5 Q v e 5 y C B 0 d 4 h k z q n 0 l t b Y V q p i K h h s / b R W 3 p p w d l s e D y d 5 r C c E 2 i b G m u G 7 E c H 15e9 h j E T Z t a t l d m h M j 78 z y H n 6 C v + E H t H o k i c x B k T l E a p F G l O H K x 4 / s r x 1 S I e 6 P r y 0 H c c C h H 0 w 0 u o t T Y K 3 j 9 j 9 B Y C l j G + u U U l G O Y 29 b B P E Q i z v S M z t a j i E W p t 8 y h w T E N t O k 8 M o C F y 5 M L A 2 j G z o N I m R X 7 B 7 J a g L n B c A e x C x I O r 3 M h N x B K p X Y D h 7 D i j E e 4 G o F x Q D 4 c H 3 L h 34 P E + / u s y A 2 q p c x O 4 L h K l v 2e4 l v R M a h w S 9 y 21 F G p h I m j t a z U s w Z y y 9 C 84 j E C o B W f h A G X Y y f H 9 T 28 h s i b 2 H c I V a F / u G 4 D i 7 Y 97 j 0 + 3 O u A f j A o c 0 5 W M J h h g u R e u C y 4 i S C b C l M r 2 K J V B F q 8 O e n y H P t J Y 19 X L w T f Z 0 L i M G G U M S k R D f X 8 u Z G u 2 F A Z q M 927 w v w W r l G T X M x X Q 9 E e f X v v r q g n R N f a 8 Q 19 b U R b f z k l b 6 h D + g 6 j E S s Q j a 3 G G 5 + u W v p y O 8 u L X / j Y Q i I O Z 9 S H q U W W c V k a o M I g d 0 4 u I U y A v B L K t G C W j D f N m Q t r 4 Q N d g U g R / j 0 F p z E G 17 r t W Z C 0 A / 4 R b G F q I c L 51 a u f k Q E w 7 V D f f s q M 8 P U 0 + A V E K k m g 8 F / D m Q b h O p L C v f q d X U G Y z R G q + o 5 n e b s S H Q H 44 v b 8 g z L 1 l a T y e I v 9 L D x 6 C 0 f d O a 1 J L 6 f x N O 5 o M y q / K 0 t a B m l j z o N C V W O / s u r t 9 a / 7 a 7 A t 1 x B h S n O V K P u 9 a V B m I q 74 W t u C e z 9 s S D r C v + o c I f Z 6 t 2 o T L X A c n K e Y + H B s 9 Q 5 A z n q 5 w q 5 / N A o V 4 M J W 2 m X r Y d 2 z B R h b l c J G e r 0 a f m v 5 n J S b s m F 1 T m a T a S N Z 5 A f m h D 60 L P e c n S 0 B D M q r I h E x D 55 T b a l 9 T J h 48 Q n T / 6 A b s f U 66 s f z 3011 E e 2 q c W t N f X Q 2 o y w C W D X Z B f P f + b / J p o I z d o D f O x P 93 O C 8 m C / l I + F s a m L A Z r 0 J w L k 9 s K E g f 3 R R N V A 1 c R 8 s c I N + 1 X D F v 80 v w J 6 L F U z Z 9 V o 3 K J D k u M J k T P Z p j e r A I / M m 93 J D D W / 56 D J S x 6 P V + X d F I + k p H t 7 D z U t k D U X K P 51 P X j K e C Q r R G W l M x v G X U w 1 M y p u a E p m b R Y o p 0 W R F h f f m v y h 7 N R / c D c d k o y 2 y 7 l A f T H 0 a 0 H / 5 T / f U E p Y y d s 5 s N y w 6 l w d 1 K u u y F G m 6 k M / y L w 6 v Q z I k 5 + Y L R k 8 z P a Q 5 Z q M t g 6 w J r C n B Q V G V H Q T / 1 e / Q c 3 n X A h I b A s k m H l e J Y x 3 P 9 + y D 6 b g S L z f D X L 1 L O c O J T 5 x p 17 I y c K v 8 / b O m 5 s i u + 17 K C 9 d g U P Y T z X U L v n R z T + Y o x X w L M p U d / b I L B k M a 3 / v t C M X i n g x z 5 e x 2 k R O / q K J M 9 O p L U 4 Q k U k P g 0 X Z J N h f Q W L x n z 4 h I J B k u F a 6 w 7 j v 0 r K T a Y 597 b y M s L M A U 1 P A / X 1 q T D C / r v n X 83 d l u D 1 m b u R Y 8 A F j d 3 k u o k J 3 s L I U 8 M 9 A l 4 M C A 8 M Q t I 1 o F Y d 68 S R E 9 D a q D C R o j d L B Q d O Q 9 G z v c D 8 k b D t i u l B 7 T b 6 R i G D j j f f n y f N 2 K s D / E f 1 U J f m y 0 a L 6645 U m a I 0 u d Y k E G L 4 f O 6 / X x Q A h k K 3 M M g 3 G V g 8 B s I t Z x y z j i T A F j x r j + F u H 4 D / p T K v n c 5 o E A C n U R Q e O z 3 m / h P 5 X D f 2 Y 2 d j g N B 8 n p r i v V s 7 F B 7 R s y b r x N h b O 2 Y I I 59 b k M X p H T A t 5 r T H 7 + i Y e y h Y U u D C 25 D g K I u n 8 e U w x z d V e S B 0 N S n 9 i J 0 s h h W O X 6 l + S i V L p i i + H i K E V M 8 Q T G y a Y b I k 2 Y x 0 h Q j o / 5 y 8 U z W d / k K J q w O T a z g v W V D u J 9 O r E B L f A Y s s z X T l N A 8 L E i q B f P n R b I 5 v 518 d C 5 t s U G x t f a H O 19 n k f b e q f 2 P s v 9 c x h s c f 72 L 40 m y E N u H q A B 3 W f d J a Z e U 5 i i J l G T Y W 731 H a W J r 0 B S T J s T Q V L Y w U x t d 5 + X z s z t j G 4 / b a L E t x W l H i n m A O d + E y 8 i 5 p j B M 9 B H m V 0 C 2 G U W 3 S g Y 8 K z 6 s r + t b N V H k + t m M k N o 8 Q c Q 9 u 8 C z 45 S 3 I 3 o S R C J Q f z z J C o Q Z n S r 4 R 9 z E B 46 r 5 A 0 s N b 9 Q p R H X k t S H Q K C f K k I G r s M j k Q / F A S K n T u / a u 3 H 0 I y M h 5 r G C U M q 6 A a 5 b R i a Z 6 x v Y 2 L 6 y 2 j A d 6 O T z 29 / O m U 5 Q m H j 4 T 2 J P Y F T Q r + 5 u i 4 + F t G W 4043 / l Y r T Y W E E 1 E k c A K P k f M s m 0 l g j 0 e m s r t v P r H 17 K 57 i J w b T p V W S R y b k 2 o D R 8 q S J C 9 j p A v B S Z 223 s G G 5 I / S Z R w / Q D I I L / o p d H f / P M o q m f g F / u X l S 68 W y W 67 + 81 l m Q k N n 0 h k i z X J p x 9 p t p U h c D v P o v D n 2 t l o f B s k m 7 h X 17 j L c w Z 3 J f 556 P z s N z V 1 I X g t c t z F W y d i R 8 P J k b p w 1 Q T w 92 J 4 R D Q p z v 5 P V K p R O d Z Q w 9 C 7 u 1 F G S u + p w J D 8 M I W g h 6 l 6 e A I r 7 N g A 5 U C 4 q a L j m N g o 8 S d h O f n C B r 0 c D c + G 7 U P Y J r R u b Z 5 G 6 d a 51 E X 0 j 0 y q 1 H + T X N i k j m o 9 G q M 7 N M A K w P t n p U n u I C w b s R C f J E A 0 F D L x Y u X P x 0 V R z 2 o y A s 5 t C i j M 4 B T M T 5 A R X O Q T j u G 74 L y 6 t K h w M W o Q B w u D 3 u l F 0 q 9 a r 13 E l / P h J a + y o K O 4 w j c 8 C 3 r q j 6 U y R L N r 5 R V K H X i z 2 x g B r j l O Y F R / r I y 6 p 9 W 2 c P n f M k G D r t J 8 Z w F j d w / M 3 i v R 8 q C P t P p g B Y n t + j j g B k t 1 V B / B 4 w X N K l 8 d X c r K h y c
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eecc-d210-49e8-80ea-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:52.000Z" ,
"modified" : "2016-03-02T13:46:52.000Z" ,
"pattern" : "[file:name = 'scan_253848.doc' AND file:hashes.SHA1 = '8d12cb55052226f78b20d065694b2b250b7f8681']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eecd-9564-456c-aa1d-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:53.000Z" ,
"modified" : "2016-03-02T13:46:53.000Z" ,
"pattern" : "[file:name = 'scan_253848.doc' AND file:hashes.SHA256 = 'caf91bca2e0822ca1f35578231d43290357d3e48abcb6a032a5d19c00df504e8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eecd-2e5c-44a5-9376-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:53.000Z" ,
"modified" : "2016-03-02T13:46:53.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A N t t Y k i f D T 2 c z g k A A G 8 e A A A g A B w A N j F j N G I 5 Z D N m Z W E 4 N z Q y Y z c w M G J m Y m E 3 Z D d h M T A z Y j N V V A k A A 83 u 1 l b N 7 t Z W d X g L A A E E I Q A A A A Q h A A A A m O d 92 q C w 1 k 9 a K I R 6 W U 8 D X s V 0 k j T 60 e w a 1 O I T C z y 2 E g z j O X H q O W V T b p u B x x K n m W 0 J y x t X f h d w 6 V h o I M 8 d Y r r A T X E c q g O L d r Q 38 s C b / k R w R p / C Q Y F / k g W s N 88 c b a 5 b O q k z 54 r 8 c F e f 3 k M x p P T l q G 0 W 5 M p s C Z r Q C J k k E K 0 I s M 5 b 0 r g U B X E D l U 0 g x + A m z v 4 k j U p j P E X H 7 p L w Z m I C x b l b X P N L r H 6 d T m d M m t s k s M K l 9 D t H U a 9 v K 9 h e A z B K 6 O X 4 l g 5 / T C t H l g m b l V 3 X i 0 t j 0 e C a 9 V Q Y E S P V H I z V 7 U B u l E W c x k j L J a I H V r E F B n s + S Z j 5 k w l W B L i W R 2 r C j g B a F U U f y x n E + H S p G f g m c S d J z p 6 m L y 5 a 0 x 5 w 1 m R A H 8 O m V W J R s O V i 4 V I v Y l H s u / y u o 8 c E V k V D Z V M w 2 W 8 Z p f D U F u B T c r 96 e / y q n 0 w T / R e D r y Z q p P f p D x W a T i W v h u S p k V g y D Y H d M P q D t o p O h k g I 0 t 5 P j R 8 Q + y x p W A e u E H / A d 4 S 46 A x 9 v G s 7 p X O 8 n 6 b i 0 14 c A E W 8 H v F c C S A 1 Z M D Z Q n t H i O w f Y T X B Z + f G 0 S w Z V u V y g a k 5 q i + o 9 w 9 Q c 7 w 5 h O L z / X K B 56 R 1 C Q m T P 5 u / l Q q K B Y / 7 / K 9 V U G Y h l e t 2 t Y 6 B / c G q 4 / 3 G I K x q h 1 j i g 2 u g P n n W l d j Q V y / 9 s v T s F x 8 h 7 M 3 Q q l R x 2 d m Y L Z t H K + Q k z n 93 Q Z g V C 3 S W 2 I q h X 8 w z i s R M H g L q 5 H Z C B C u 9 r U 8 s z a k z Q 6 r H G w o V D 9 S i P T O B Q A D T e Q L N o E M p 8 i J g b u z 4 Z l / m m r x R a O E H p 28 r G q h S / N Z m k + J F v L 1 V O + c B x S T / E g 4 T N V r B j q q f A 9 D L 6 C L f S h k 9 I K 0 T Y 4 e D u 4 P r p G H P T 7 k R U p w s f s E k I m x 6 p x X y Y T c H p U H f y o 16 K J Y q z 9 w + O 9 Y M N J x C C 52 y q c H J 449 g w P Z p y w x S 7 b + i n C j c C c w o P 6 X F U 2 s d N K N m V P D U j 20 R x u W o W + 4 r 1 t p n h Y P 3 V 9 Y z z C g A B o W K 32 s b 2 t B A e f u 48 E + B Y 4 I c a C V A q p J y + z g c L B H O R G x m w r I z B V W / 7 Y / M W Z g N L S U R T X 12 x T o z c M P 5 v Y x 8 + z t o X U E / P K v 0 22 K h x C C D P Y n P L P / f u y h 9 K r Y B R K y A G b l 5 C v D 9 C G z 5 S C M u + 5 P Y t 6 z / 2 y J P l y 0 j 6 b v 7 k P B O 8 + Z v W o A d D J J M W j t U T O 7 b q C m + 315 d n Z K i M M K Q u m m g i Y l w i O V 3 V a 0 O E //iHJZiaP4LscqRxuQfCA+PE8ueK2de+zMzU32N94VBUdlpClymETz8jCwR8kx4Xc8meXi0HRKJE/sJDndaBx3MO7WWjjzoPu+j2a3xjzmHXV+lrwG9TwSOIHpLtUmAc7CwPYL6/EKu+ZbBZhuqIvIeMGYaAlEsTremho1VP2QRgFPuODAtJsQ6t3Tvza+L/T/VJUpVemrZyqaENWuII/bBIuQ3ZlZMozLncHrO7X06RJsQJBBLjNNDiv86KiToaz9K6GpdACUdZAYwApo3Pw5cvMpvSTmB8fpE8HcVjnSUN4NjXpiNU3Uc0n5hRprK2G933hqb+Ymj/mfFJ8b6hTu0bPjlg4tmxJSV9RUHcQkRIdPBjAVwo2oww3y60wmrVkJ+fN31BX+WMdkfxvzQeq1SOo1+AHxHRihwODJ8pAV7xDgLzSCJ+id9VH/PLm4b3rJ9eQ/tSDFO6jXW3Is1eTMctWDoFFj+Ew30a6iLWF1kg76dZAWgmDel+b4PXNIAhRTDuZG7e/UfP13BKo9JevzZ7pKHfIVvsiVWvMgkZ0x3VNSOOY+jw4bBBZwE8uLd3SN3IZkmU38d/FyUubHqL54rIsShJ3FRqitZZYBj20ykfoNMgyQ7MB6d5p+dUxeVUUtVTZxPISis4HkjakKObCYDd4ccBNFQiWcMv5yHLpXVfthwmYdgPz2z6hJ8OHQViIofjswA/rh0EzrWxDMQkbS/oyXzhE9BrxrXXi9zgCQD37tGzQoVxwsIT/T6qfbNafQV6Uz8EP5GP1NGKOlSpuv0fFIOUhNmo8zWPkN1sx/V0MF96v6K+YgEnmubCc6z5ppxTH99JnZru3/tx4oLsep4DhV96NboW5yX9VNbo1dRpC53nyTTsbhSPPEcHryiIinXXQZFVXQOJmrwMjraQ9ZuVmC7xSd0bY/B3KTz7++7lGhMOPrv+Ccif5a49RrKmbOGrgn9+3C3yJ+nt0bBenfa9XpojxGSTA5md55bQl0izEMsHon0cgRTZe9GpM4HxByKSsA4peMJJqzj88UaNLtlWdCxJQ6pI+A1ww5UQKoWUVfFV1Yx3Gn7ymNflfh9xkE3DE1/nhwSt4+rcHSpEkYPav2TG4spNJ1xQz8gCFd4T1m9b0pc7gf8vHEkwVLrjaTosATkjcZ17dYBYano0ygAsOEwtFxkZHMaoa984JJG/n3DU9OTcJoi1bEc0ENF8miL19UimmUVE6r/qZaKG08uE40oZVdO8g7+PfSFMC1qXMmrBIExcte307K5BuK0/fuGLjP6U/Sl9DJK6SXv6ERTIPG9LkIBTAsPdSqlg/s0JZ+VtQCl0KfPZuFittoq9fCxSCrRqHr9qOnxzPa6kZDE3FzW8dMpif3ZmtybudndWsPqsqzhF4O0nuuEsP9ZkRMFYFLjUNBVdXXpubyBxuRH+20qOr+0c6lIJH0ulp1XY1nGy3nxAIa0sRtTB+T8JufYYoq/maFWe4KXQkAm8Jw8Hki4y96gn6yZfcA4Q+YAFvsOEGvwCLZlwHEjyPYBv1J+KkYeHuPSILHO4swKF7rzz/PTb9um2aaWo5mLQj/n6W4WOwuJvBrcmOMLP4hpNN871ihW3hckDrGl+Kjdx0Ypaji93qtkmk6fB+Swr4gM2YO4teK/4Eq4ch4Ziwa+mb7+WqrWVRYlkfFh0zg/QQ56nTd8qDGllYTN2yO2faLHrN6HsOboLVlmzw2nHOoDi8FtFqAz5BlIoE7ufSLO5sz4ZdcrlXJbxiWofG51bgzNpxDAmNxioM+foc9/q399V74E2dKTt1HQ6Zruh74MsWa3WJgilCcJfL4LRZPnhSar1vtgFS7PTuYq1UJs45jB0pVgYrOI4xTmSrJ+SDQCdUhXtlUFCW3LNayNS/07/+VmouYBBzBvIDw0dtR4KV5GwFwDIgZN78/DBZN06BApieK7PQ1KA3jWWkGTkt78NbMCFhuOkp74XzomZlnpzUbhLj5F6C6sH5siHYiFtw1Udpkx6SBfchY/gyBJ2ISaef4TzI7py26hLiBSYMEKT/NEIx0dn2E1hlkbKX8Ma8m5LE1LqfqwquGmfs7Rlfb4mAj1zMeq6GsMfA1jS0bTUGn0BVZqazGyri56jBp6vEnsmmsnV0NmPhyp+FpKSrOsQV+MrPfNCST+fC8sJyiM1AxGochQSwcInw09nM4JAABvHgAAUEsDBAoACQAAANttYkhpNVf+IgAAABYAAAAtABwANjFjNGI5ZDNmZWE4NzQyYzcwMGJmYmE3ZDdhMTAzYjMuZmlsZW5hbWUudHh0VVQJAAPN7tZWze7WVnV4CwABBCEAAAAEIQAAAMfpYo3V99p48O8jLo+Z/wn8SW9NT8uwWc50VFe/T2NchU9QSwcIaTVX/iIAAAAWAAAAUEsBAh4DFAAJAAgA221iSJ8NPZzOCQAAbx4AACAAGAAAAAAAAQAAAKSBAAAAADYxYzRiOWQzZmVhODc0MmM3MDBiZmJhN2Q3YTEwM2IzVVQFAAPN7tZWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA221iSGk1V/4iAAAAFgAAAC0AGAAAAAAAAQAAAKSBOAoAADYxYzRiOWQzZmVhODc0MmM3MDBiZmJhN2Q3YTEwM2IzLmZpbGVuYW1lLnR4dFVUBQADze7WVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAADRCgAAAAA=' AND file:name = 'invoice
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eece-ecc0-4e34-9203-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:54.000Z" ,
"modified" : "2016-03-02T13:46:54.000Z" ,
"pattern" : "[file:name = 'invoice_scan_xfjgad.js' AND file:hashes.SHA1 = 'e3c27ae2d3b0e409e08948f175601502e45f9045']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eece-603c-44e6-987f-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:54.000Z" ,
"modified" : "2016-03-02T13:46:54.000Z" ,
"pattern" : "[file:name = 'invoice_scan_xfjgad.js' AND file:hashes.SHA256 = '0f72f3035ff7cd4278854ab0a5e4deffa7bf41b5276558916d1bd9c48101dd27']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eecf-941c-4d76-a2ea-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:55.000Z" ,
"modified" : "2016-03-02T13:46:55.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A N x t Y k j A U V p 3 g w k A A C Y e A A A g A B w A N 2 M y Y j N h Y j g 1 Y m V h Z j Q 2 Y 2 M 1 N j l h O D h j N m U 4 Y j U 5 M 2 V V V A k A A 8 / u 1 l b P 7 t Z W d X g L A A E E I Q A A A A Q h A A A A m O d 92 q C w 1 k 9 a K I P a I j L 88 k g t C 7 r Z 2 j b X X a J Z G y 0 s A v E W 4 f B l e B F j H W / n x e z 7 e Z B 0 h f w w D m c n z O g o X q u h b 2 w i 3 y z W l o a B y E m T K B F i T u P 9 v r p x Q Z u U j T 9 f G Z P q e 5 C k B P / M D S e M + G 52 I h t S t R t 6 I 4 B u c W + V t O N B 9 C 45 j T B A c y E t e x Q d 0 R S l E E E r a N Y n 8 v R X x D 7 x c u Z 2 Y + S Q m M V X t 5 f K d T L v E A K J G U B D E J F X 6 / z g 774 E Y Q c 4 i A g Q z 0 n Y w g 3 b / m 4 n W h u 4 + N j Q n 458 K F k d 9 Y h g G + + 6 G 4 T d W k 6 a w T Y Q S D H i 58 e M + s j R m m a z Q J q c d e I h L J h m / B c x q x y a S n 0 i i A g 1 d S h Y 0 R 1 + Y G + l d j w T n M 1 p S m V H z 9 V W 5 V D L E j / 1 O Z I x 3 / i B c x C y G Q e v T J 5 k l v R j n C L c F h a w H 68 z r u Z F w L P p + o K e X d d v + P Q I Y O d H s 6 I k y M A 8 R N P 7 W U 4 I Y q g 9 K H S Z H Q m L m R e u C m C I F E D d b D x 5 t h c O 0 A F D / O / L X F t K M C v K 47 t Y o p Z q d 7 C Y o e 9 w E l G S B z o c p y x 9 t l I H I w 8 W o 6 h Y 7 z 0 c m y M v n 1 f 8 A R X t c 4 M s Y P v Y 0 k e 4 u v y p Q j x 6 z X X K i T n + F K 0 W o G 1 K c l R i d d O T A a D r h x q 8 y J R b 6 T n i z H Y 4 P R R F Z l V Z o Y x 3 n B Q 73 p m O E p + K E Y 2 r w Q q Z 9 I b 5E5 D x n i B Q k 9 o z Z 5 G j V 9 n C 0 R t b m O s G 4e2 O I Y 47 G l V n 9 / A o R r o F l 6 c f Y r E I / h A o v M w u B Q A S D L b j I h f g E L t W P P h j Q 7 O 4 g q X w z B b C 4 m x y 9 Q g I u K N P 7 c Z 2 m y f z 7 a J H a Y + v m m + S u 0 K T q I 5 t Z + j r 26 W X W S s o a f P w C 88 a J B 7 x 6 K L N y m G c k 1 l P K g 3 F a h x 9 / N z 5 + B S S R v / p h S S d g M i q J R X F 8 q + R J 9 l 2 E n c T N U D 5 Q W A Q w m 16 X V 5 q Q P n m G P b 7 W 2 x E 7 n T M Z X t u 0 F E w J j z T H 3 y y p n h W b n A c N W 6 P 3 R B / p 3 T N 8 f j i V e S J Q a g F H R L d M Y j a 4 q b p 2 S L S N C 5 G G o G B n n J 8 I N D + 4 L 9 p 59 X m 57 W S r k j S r V K i Y D 5 I Y C q m 2 s y N d S R 1 o y + B v L W w W G 6 v R / f + f Y P H 6 x Q P w J W 5 G a u w B l A 0 k N + T L R j W P 4 F l 4 / d 0 m n X 45 l B p 8 x v q f / g r N E b K C Y q 1 Z Q + X A P + W 0 K F J 3 G p 5 h D G / 8 F I i E y j A b 1 r o p D V D h t t k p S Q f U d H f Q B U O r q J r p K 6 h U s T M 9 o S b D 6 b 8 n S z W h K O t 8 P i Q 6 G n w 7 h 0 e + z t L u M Z d l c P 19 M R w Z C e A 8 T 4 v U k p / U A p O w F p + F 9 f Q 5E1 m M d 0 3 p k / y r W d F n y x s F D O c J d W K a 8 N 6 u o t R T p r M O X o d K D L L q t P m E L t x c H U g h V p 0 z p Y o 677 V u U 41 T k k y m x I Y 7 / 9 w j h o 1 Y S T 1 J Z O y 26 V b y Y n B d h P v U m W U f D p 8 m q Q M z 9 d 1 q / o 2 x I n d j Y + A M L a J Z X g i t F A 30 W P x o I N h R k r v 75 M f n h 8 b b 9 r o / x z P A Q k y I E t v S b v 12 I Y R y r c x H y 9 T f J 5 y Z E W a I G 7 e V i h d H I n N e e x Y z y h v S Q 3 W C 7 O A 0 F y T a l x c y 7 q r H r M x R 8 s c t q k n 6 r 1 H 7 S a w K Z Y 1 v s N q 5 C M 7 A g r v W 0 J 8 S R y s m 5 x Z Z P 351 r 7 G S 9 P O l b k l h K h 77 z 3 Z 0 4 m R i u M F r 6 t W I I F w / E n B l h Q 2 N Z N N H u 6 Z a b n b f T A p 55 j h f o W r C I r B N 7 E Z P V f j o v D 3 a + c y o / B A S J E d 2 m M 3 P v E z C z g R i E 0 g r g a b Z z V A Z S N q k e F 1 l k p u j B m Y Z b k s U 3 N 2 D j O u C t N V q J z W y f 6 Z a 9 y s E R n 5 m z M l H J Z / b X E / p C o V k t n r Z s b 28 G O v p b e C u 3 n 4 k X 4 R C s / B w q L Y j 5 Q X / 1 K P E Q A c + 4 P 8 W 90 c 5 s 0 F f K Z S N t k r G t p l Y I + / 0 s 6 V C 5 F n I z b B D 0 x v x s a J b U / x m n Q A v r X W M 2 L W b f C z J d M R D f + y d k 8 L H 8 h / A / F N x + / v v v 18 s h O i E m 2 R t l 1 I / w 33 J l A s R t e o q E g t 5 E C U l 8 f Z j R X A g j T U h C P u C / 7 N Q O + A R t a O 6 L 8 w C O S i m c v q C l C 75 E / s W z b F j H r i K D W 7 M D / r S C z R l 8 z h f X N A N + Y x p O 256 g p a 5 T q d c C E 22 Q n I L t b U n G E 0 l e j v D i F X w d Y U 8 V V 1 Z + 6 g s 5 n 2 H 0 G H V j e J 12 S R D 5 b X P + m t W Q w C O s o Q 2 G d 9 C D V 69 k V Q e K j z v r a e t S U P W o N w n 2 e O e P l P c 6 v n R u u d X z N 68 c 34 I g 0 j w h M j I r B Y C O G n P w 4 j V 0 z 5 C x i P F q n v M E r p U B c N t Q M R l M P Q m U j L 6 h B r V F t 9 u v b V O h c t A r s T k G 52 y b J G G s l 8 l 8 r l V u j i P / X q u 88 O I y S S n d A V U R 8 K 0 M 2 E w n 1 d R f w G o Q i e J g 0 0 8 c Q 6 p R W T h 14 P v O Y r N w A B 8 V g 3 B p n A j P O 4 s + o T a B 7 f S t e z e 19 s c m C K e Q E y I j e K p k h r I T y t f 4 Q 3 X 58 u Z q k d X T k B v k p 8 f 39 p 78 P J K j b K K / 46 B t e B p D I u b V u L K m O x g q x Q V v i H H 3 v Q v 4 + 0 m j r Y t Y H V Q y 9 z d / f U s E r 7 W Z N / p j M q H P V e 2 E P O S m m T W c S 6e76 h Z y S I k h z c L A R D K i F p + 4 Z s A S 80 K l I C 0 J Z v n P C X m h 6 u Y o r j 3 T f s J d O 6 A q X L l y 1 F 7 L O A r f N W d x T 5 J S o A L T h G h v k H B S U a F y w 8 Z Y A L 8 L 12 / S Y J l r A W I L k U 8 Z b o T m X c R g u L D N D 1 Y f V 42 z F t o d n o j L g V 6 T Y Y 68 k 1 k 1 U Y j C w H o w j p 8 p 6 h e l 44 B A x 7 C n Y l w M q 6 s Q w a H w L m u + 8 G O l X i x T P 29 x u 4 a P i r n C I G f W 2 L A m B A q Y a F R O Z Y A R t 4 h z T d z J F B 5 D d p H 3 e T Y 32 h L E / s D m b N m 2 j S m 5 k i N Y R S N N q I F B 3 j Q y Q H Y a s 5 a k Q k u D + M n U x P M a O Z s s 1 S t I O w i O p I Y r g E E u o 6 F X 9 A 9 x o 7 n T W q B a Q j q 6 Z 7 g 2 S 4 l C p d 1 n t e l y G 6 a v D o W O d A U p O L N 6 V U J m e l L r u V V g W 8 P Y / c a k 4 d J o T Y D C H f A 8 p S N I s 0 q h W q L j / z R 0 t Z y b F E y D S k 0 + i D + b n D 5 E j / + L U 2 z k N + q l x v H w A B o E e y 6 N q 66 B J 2 E j D x l g W 2 s r n u x F a B A E f 8 T n l p j B 6 e U R c D g I b L 3 V l M A R l o C x d F f J h 99 C Z e G E 0 c F w r s w Y U P Z i b 7 N l H r n C J n Y g G S F F m r n 9 Y A E l 5 W L S 3 V i N n x 7 S y 1 i + P t o O H H a b D J g A C 1 W p t n V h n G B c E K I s W / d 2 Y h 0 D s Y l 5 A m h b n 8 D p U o g t 1 r 95 w u p B Q c S D E h 3 x Y 469 l V D W k M o t G o P + k O 2 r + K I H Q e p P 316 K j X E V Y w s 9 T / V l u 3 q / M t e U a / M z A u N G b 3 / g j 756 p G 4 L s Q c h 0 W I t 7 w T Y J M + 5 C 4 K B 6 w M W G R I 5 B t l B Q U 2 C v 50 F R 2 N c k a N D x j r s c 73 M O a o p 7 A T n F j Q M t s 1 s K Y V l i g n N b K p c 8 F M 0 7 I n I a x l 4 w w v 3 N K 5 / m U M u u Q y g F Q S w c I w F F a d 4 M J A A A m H g A A U E s D B A o A C Q A A A N x t Y k j y F N 0 w I g A A A B Y A A A A t A B w A N 2 M y Y j N h Y j g 1 Y m V h Z j Q 2 Y 2 M 1 N j l h O D h j N m U 4 Y j U 5 M 2 U u Z m l s Z W 5 h b W U u d H h 0 V V Q J A A P P 7 t Z W z + 7 W V n V 4 C w A B B C E A A A A E I Q A A A M f p Y o 3 V 99 p 48 O 8 k D R U X 4 J r D G F q R + l X j C q l 83 j 7 b a 4 q h Z k d Q S w c I 8 h T d M C I A A A A W A A A A U E s B A h 4 D F A A J A A g A 3 G 1 i S M B R W n e D C Q A A J h 4 A A C A A G A A A A A A A A Q A A A K S B A A A A A D d j M m I z Y W I 4 N W J l Y W Y 0 N m N j N T Y 5 Y T g 4 Y z Z l O G I 1 O T N l V V Q F A A P P 7 t Z W d X g L A A E E I Q A A A A Q h A A A A U E s B A h 4 D C g A J A A A A 3 G 1 i S P I U 3 T A i A A A A F g A A A C 0 A G A A A A A A A A Q A A A K S B 7 Q k A A D d j M m I z Y W I 4 N W J l Y W Y 0 N m N j N T Y 5 Y T g 4 Y z Z l O G I 1 O T N l L m Z p b G V u Y W 1 l L n R 4 d F V U B Q A D z + 7 W V n V 4 C w A B B C E A A A A E I Q A A A F B L B Q Y A A A A A A g A C A N k A A A C G C g A A A A A = ' A N D f i l e : n a m e = ' i n v o i c e _ s c a n _ I 4 P v W F . j s ' A N D f i l e : h a s h e s . M D 5 = ' 7 c 2 b 3 a b 85 b e a f 46 c c 569 a 88 c 6e8 b 593 e ' A N D f i l e : c o n t e n t _ r e f . m i m e _
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eed0-cb88-4fbb-be14-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:56.000Z" ,
"modified" : "2016-03-02T13:46:56.000Z" ,
"pattern" : "[file:name = 'invoice_scan_I4PvWF.js' AND file:hashes.SHA1 = '935012f691d8f77e906da81a4543a28140b25759']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eed0-9b1c-42f3-9617-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:56.000Z" ,
"modified" : "2016-03-02T13:46:56.000Z" ,
"pattern" : "[file:name = 'invoice_scan_I4PvWF.js' AND file:hashes.SHA256 = 'aff055a7bfa22f87152c40a31a1dffa541854f4a21bd5f7d9f4fae4df5c40f16']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eed1-7d78-48e8-ba6e-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:57.000Z" ,
"modified" : "2016-03-02T13:46:57.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B A o A C Q A A A N 1 t Y k g x p G C l x A s A A L g L A A A g A B w A Y 2 Q 1 Y j k 5 M z V h Y T c 2 Y j U 0 Z m M 0 N m Z k M G E w M z d h Y W Y w Y z R V V A k A A 9 H u 1 l b R 7 t Z W d X g L A A E E I Q A A A A Q h A A A A n W J H o F L g u D I l p f g H J 8 h n h d q A Y Z W J m G 2 S X m A p / Q e u R 2 K c a g n + a I K 9 Q c D g A I h I A + b 4 Z / K 5 S 7 U a V E n q r n T Z e R j z K p d G Z D i l k y x s e k 22 G x R 9 / u P a 5 e T N n T k L a 79 t W k l G n R i E a S a U M 1 H M h N I H H J C C c r E s x 63 d D e D C d V q K f F Y / a K q n f u 6 W m S S g 0 U 5 S f x K R k 54 p Y a H + P d u M R A Z A t Y L w 29 y I 4 v L j o 0 E E y y N O c P o O U b 73 g 61 u C T 7 b 9 X F 1 B 5 + / H q q e 0 F 6 t Z 0 u 9 o W C T U G 9 f M X q d 2 y M L n l K m S t l w S y M S k W D E c R n K 5 s m o 1 g + z F D i 2 j r 4 h 9 r t N q s v h p L S R X y n G y l 7 K 2 y x T a b t 3 E V q P a w N R 9 d Q Q M p Q r b a l x v N f 47 m p 83 F 7 P i r 9 m u K m V K m B F g O C / n d i v 97 I i a E 7 v 9 e z 7 H o d a m P J N F j G O f 9 x E G S t l A p L 8 N w E 4 b g 5 y l E A W T 1 n l d n 36 h a X m E 7 H M C H Z S A Y e u 61 q w F X 5 y e 3 s R 2 t t c H y z F 2 / M d t D H c D g 5 n S 0 D d U f e z b a 0 v r G 4 K R / a R H w N 7 o m G f b W I H g q D K C j X J u r J c g 5 g e v G f Y d G 4 J 6 a m H W u p 26 R m 9 b A / G C + a G b H 7 b i b n z L 6 g X 6 d Q j C k S / 4 k G 94 G q x g W l w 7 g 0 L F t 54 r a V W 8 l c d J 1 u W 6 s D 1 O 5 F t U M w p F 5 W R A x g t Q d Q D l A l s O 6 L R O u O q 6 C 6 a V S C C C w v V K D V U U O 5 H Z T 7 t e v B c Q e t 2 S u S s a 9 d 0 0 n s X o y Q F H i W s Y t R X 2 Y + G e 2 A O C P P d U x s Y L T o R k 9 W 2 l u O 4 B I Z a q z j g + 9 K 9 / q d + y O a h 3 j b 2 y 41 c Z 0 n t X v s O o x q 5 d 6 Q l C Q p q K b q 5 h U l / I 5 s b 6 E U E e 72 Z F j A 3 e h o e S E h h L U K + 15 V k M z Y r K M 9 a F d f f d U 5E1 a E P s B / 63 V v K s M e Z o 4 t C R B v X Q S l 3 v N o M N M v u u s K Y A f n E 4 z x G O q x W s y N 5 o 5 j w r s T A / p U 3 G e N e B 6 J O o I n L H g C k u 41 Y I v E z z Y q b g O c U 8 u j Q 1 P Z 8 Q u l z h z J i + Y R N 79 R S 3 + Q M n r H f L 1 J i D V + Z 4 u 32 W h o U m P P V N o 5 o X e U p I E i + b y x E 24 c N Q b h o i A c F 6 F V m K f g Y b S V 5 Z v g O c k U h F z W f W i 6 P g S B G c 4 U E T B X 2 R D 9 l 5 R E J A T m t G u / Z Y k + r F C I 1 g S d C W c H j n K i S 8 R u s d P O 8 z h A 1 V l Q 47 v h r r 7 F 9 b 34 L H J d 9 z D a y H 9 c + 3 a S n W x D W I W s b Y r K F 8 c k n m 33 K 9 s t o q U 8 l J W K d E D V 4 K S q y J I f + m 5 B C r E q o A D O K l W t T L d M q g B U Y g l 4 X 8 d R 7 E U i G h o Z D 0 12 q V N S s q J y J t Z X j z q l M F s H 2 g K k H e v 75 S i 58 y / f U 2 Y 5 Z e Z 8 w L J u Y 6 x 8 S j J I D A e o D 1 z z S 35 x S s U j n 7 T O h y Q E o j S P N 8 j j 7 B M t t U z 12 F X L P f N Y H d m e d D 1 D n S 1 R P D m s O t o P 0 n W 8 + i A Y C E j I i m P k O k O b L v 93 P Q J Z Q 0 m 9 d K + t d F 4 K Z m 3 n A s m d k J s h 6 m T + n n 7 + o C p c 55 z e n I 5 Z 7 K 5 H y 2 V X 4 P B Y 4 u D q B f 1 H + v x d + Q 0 g 6 o J D A c A i s y d r O J + P 0 8 g c T T D e z 7 L + i H c O n v E t x A o F / N U G v / k k 97 b d g w H 0 R z c x H + U v I u t Y m F + q i m P 6 b Y m s M c G c T v 0 s u e I 6 E I 1 O K J + P R Z 5 L s m 4 q Z 8 B B d A t z s r b J N F k q l U 5 g N 5 i x F P g 3 p z 7 Q / a A F U o 6 G T 6 k r + z S I S j v B 1 m k 5 U P d Q p x 4 H Q + 3 M z / U 0 s j W D 9 z u H y 4 X X z J o d Q d X 2 a r I U b p Q D 2 P 249 A a q e t d S Z b 9 w n S 6 Q 48 c 958 / G W p T V m D 104 u W Z / l F X X m 1 E T K 30 i u R R y a g H z r P a 5 S k j D t 2 K D A P m K E Q X o u 424 P k a 8 w M I M n j K r L H H l 2 D I r J p V i C s s W W Q i b 6 t 8 p O 98 O b 3 m x i y 215 c m r l 2E9 l T X 0 O 4 W U 45 S O b N D B Y + x J h I + 0 2 y p J w z u V + S k W A 8 v r n G k + / c 6 y 686 Y 4 n J I i 9 V F i u V l Q u f g h g 9 I i g G a G Y r l 9 c 8 o o W E s j u Q 2 W K B m E z W x e 3 E k p f T x L / V 4 T 66 o R 8 P S C P H 9 x s h N 4 Z i r g X N O 1 Z b / W 4 D N u h 3 L A p c n t j X V l d g j 7 R x W j n c c C v B p 90 u m M d H J U L D a 6 u u m 3 u Z R Z K D L 3 g r v L I z 28 y I 7 o h / e G + I L X 1 i 0 p Y O j l N J 82 h t e z B b b 4 / f v P I m v j s h R Q + D P M O o 9 L U C g n 6 s T w B v g L J / M 0 D B D 5 z Y u f v P B 6 K T w A o 3 A 7 c g I F z P D s k d 1 g / i Z L v w k 2 h I R K H K 5 a u U i + s B J v T w l F a e b Z X C b I W g V m y F z j 33 / O u P 9 j f v S l v 889 d Q g z B T 0 q Z b X Y m / e W 29 L N 6 i D r c p T V T m N Q a 3 w W 3 E n e A S R A S y y d X Q I C Z U J J u J 5 l j t D R J M v b Q d v B 1 l + L K y R d H S 3 o r s + K T V Q O T f o 9 g B x d t u Q L 6 z Y / h m z q u Q 4 d s h O i u q M m t K s L P g h f a 8 M t V k l 803 I g 3 Z w T W k x G 2 c z 8 Z N Z 9 S C S X / C f g g O Y b 9 h u H f Y y w p v s 7 i s Q D e o f I f G C v d T u C w 18 J s G p B U e 40 + 5 C x P V h 4 W + M d m Z c z t Z 24 q V F N u 3 P F A 2 Y S N / z t 2 Y m L q n Y 0 l V d Y S E E 1 d / j i 42 m f z 5 N E V e N u e V t m h S v c p n U Y c b 8 I q K O b s A f r O T k G 9 p 7 c v f d l c z z C N P X 0 S X S w g W K d q s I D m G / W Y u 1 d G h J k C k V y e W q L Q I o K R R V f U g r W y B 1 Q v O q 3 n h G S / g / r c H t 0 c A F w e g c P U b p j q b J + u I r f H s C O m b J Y x 9 k z R 32 w J O A I Q D 2 k 8 i x k Z M Z 3 J 3 v J I g i G f S H 3 e k M 2 q h b A C C M t F B J k / v k H e l t 0 D j C l o o 1 p x a U q s k s L g 181 m j A l v o z p v Z 44 y E b s 0 O p P z R V S Y I 54 K R R / w o 4 D E z N Z w k v 6 j 3 U 3 Q i T 8 + J H 1 X 9 P S D V V 3 K v l C N x i U 48 + U J f V k q K / 0 W b / k R c f M H h L f N 1 S 4 T P z V V G W w 9 a h u 85 D O 4 H G Y G W q S 4 g x X u 70 f j N v j Z o b y p L w W s B 0 h N p 0 z J 76 Q c A N b e i h z z n A k V j s / M A A 6 h A w 5 r R h 4 i Y Q z E t u 2 e W I n q I 4 T k N A s u X F f V Q M b N 6 C T 7 X f 3 n e P z 5 X a R M 3 j h 17 B t n s G i O H 9 d C J J 7 J 6 P p G 1 s D w F r + s X v l V X n 5 s O B 57 K 67 Q A 0 w b s M u 0 n r C f Z 7 g Z g C U B 2 + l I J 4 D j e K G r 5 r E b x M d l G U u 5 R R z F F S r U 48 v 0 A V y I T N Q l 2 u v e p h K W l M X q S r Y i 4 + 9 Z u p z D I k y V 1 / 65 n 9 e E h c M c g p t B R c W H r y F i i l i B K X A M 5 Z D Z b k g r m c E c j T W w q S a A r H 9 m 94 l t 5 W G 8 C 8 l q R o 8 d s w i 1 g q G V m H r f o V P d H J I P x z b 4 q 4 V 4 C A C 3 x h u G l 5 / 6 O 9 d U + 6 U l A c X c O p M a 1 a 5 N c f J p c j o y p f A Y Z 9 M Z r A W L I L L Z E S 1 z D 4 n x L p c S i u G G 4 S n h / E i Z c n i 2 q M T 2 i 0 q Q J Y c h Q H G j 6 d 1 H f O 70 l h g Y 3 A F + 0 T S 0 Q v J / 5 F J X e g S p n Q M 9 / P v 3 A K m 7 X Z 8 O X E / n G J Y 7 h J J G + K w E u m a d i K L J y / C i B C B 4 d S O L D z d Z h c L 4 a q S a D U 0 q n L L j M n K K 7 z t x f G x q Z 75 L t 3 c l P Y k q R e X Z t c B W Q K Y w t h U c m 4 U F C P / S 1 N 2 D O O S 2 e T P I w K n J a y a N b Y 3 P 7 b W c n 8 b R 9 P T l x + / B z L Q r H b M u P n K S O L Q a s p e H s F / X Q 4 + l r A U w 9 + L t O + D R S y X 2 a A v e L t B L A N W V E O W f 6 h A t f K f 6 z p u r q M 7 j U F x q M E 72 + k x r R n 5 r 3 L f 7 v C Z 4 e E o 2 f R C B I c M M g m 8 N F l G 1 i G S e b l u v k 9 r s h M i Z A + 3 t c A 5 B n y L + r h b G 5 D 9 / L 0 o w e I f V S I O D F D 3 f 53 s W c K l p S J h K 4 Y A x u s K l u g 6 U 68 I s h U y m 0 F J 5 V E n N / D 3 W + 8 C t c u l G y F T Q K N R j 4 H B J F w w v K 8 Z b 6 S V G c W e 4 X 8 E I 73 F S U u t v s H G B R K L 5 g c + U D y j + 2 c o y t d 70 t s p d F E q S + O / g + S + 4 f e 6 r D w B c Q + b k R 7 E x V n E q w q v A G C H y S 4 c j b c A m H j 747 V g p M 0 q 98 D q t B 9 B X z o O H L a 4 g h M z d 9 L f 0 + F L u j T B r O V v L K R D d U u b 0 i I / K G Y V W R n D A H a H n R D M 0 J k q B G S v Y B t + s x 2 B f R X A T J n l g U l I P A 5 a h / s u f 6 L y 2 o Z k i t M z K o v q w x R Q k C N 9 v 2 g F m 7 X 0 J Y o n L t H P w
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eed2-2880-4e5e-9775-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:58.000Z" ,
"modified" : "2016-03-02T13:46:58.000Z" ,
"pattern" : "[file:name = 'Invoice_ref-96115411.zip' AND file:hashes.SHA1 = 'ff6f2b2fcf92e2b66e5de1874470c80fd54ca43f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eed2-5b3c-4480-a3f0-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:58.000Z" ,
"modified" : "2016-03-02T13:46:58.000Z" ,
"pattern" : "[file:name = 'Invoice_ref-96115411.zip' AND file:hashes.SHA256 = '2659b92943cd12a1a7c2fd6263de227bcd67c7d3469bfeb26f1c3d2ea99b43a3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eed3-9be4-41b1-8a84-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:46:59.000Z" ,
"modified" : "2016-03-02T13:46:59.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A O B t Y k i 2 k o A k Y A s A A F g L A A A g A B w A Z T c w M G M 1 N T V h M 2 U 2 N m U y Z D F h Z G V k Z D g 3 Z W I 0 Y z g z Y j l V V A k A A 9 P u 1 l b T 7 t Z W d X g L A A E E I Q A A A A Q h A A A A n W J H o F L g u D I l p c V n T 3 N K u E M S P n 6 G j / 8 h W 1 A 0 f K 9 + E v O Y N w G X t O Q / s p U N I 2 P + p q V O h D q N w c 8 q J k 9 Q u G M J + b 1 Y m 6 t Q L Y 8 V M 7 I 7 z K w H G s W f g 2 B r 2 h 2 h V v z j r l i w 9 u Y + j 7 A 3 d Z z k J x s K n r R 0 P s Z P 1 M C t A F N l p O 2 q w n u f 6 w s F Z c g J S S x C 4 B D 1 U K A y q h E x 4 / L 69 Y U 5 e T W a b T x M A u W I n s a k i h x B Z F q y i q p 6 A P c t Y p U C o 9 A B s h K p 2 l e h D M O P Q J U 3 A N B 1251 W A k H h V B L Z Y 0 9 a U c e A F O f 5 m G r y 3 N X o y q / j 1 L y V z D u C Z 7 Q 0 b 8 O N R A 0 K T y M p L 2 x i 1 y O V r 0 1 G 7 T G N 5 B 73 q q F T V c 3 R 7 c w f M K z B F Y w n q v + z y W p Y E 3 G b 0 8 v O w V v L V L 2 i E q 8 X u C w f k h T + D W O b E 4 u f W 0 v j Y w 4 E p V e H H + v D l C e g N 8 y + l 4 A k V 4 G R E k z b t F Q R a V i d p h W N + U + t y K j R 6 l 7 H h V + X o 4 b H U / O 0 u y b u i b 17 m z c x v / b V C F F h y j 72 / g k T Y 0 4 g c w / 7 Z f f O r A L I + 0 S 39 z M G r s 2 + t k m L U m q U r f C F H L Z M V 7 Y 4 o T / m 3 y N / 7 / 9 m c n G G 9 J 6 A W i C n s Q b v N V Z 4 Z Y O Q 6 q O Y f z F K J U Z y D p Z 2 + I V C 6 N l y O G m l 8 H 4 H 5 j E 1 X l D V w J X d P 9 P f Y y 8 B g O 7 w Q f s Q Q 4765 A a m O S r r o e B q e n X 16 h c d M u i X r t l A l a S z J / 7 d s x h S 4 x h 5 C q 7 z J y r Q + 3 G f n / n M D j P x t Q a 6 y s / S 2 L 7 B R 0 O Y V d z A M Y J t k 9 x U I n W 3 / K 4 P W + 2 h G f h m E B q 6 f 69 t + x k e B E b p s G b P u a 5 g w Q W L 5 J w D D c D 3 l a x P s p c a Z W X i n i y s z 1 Y 1 + e Q x T i V x r 4 G Q Q H y q h V f L w E 607 N P Q u i 7 Q U D F b Q T 1 a P u b r 4 P 1 q 0 g m L c I R N w l c E R x w I V f R x k D j K G 3 q M 6E84 x 89 o J X o x 0 E W z u l C X y s N 2 l 2 Z m H c x k R Z G 8 X X x I o 4 a b c x Q 9 b q 2 w P 9 l f I q V 1 g R k S J e h B Q l M B e 5 Y K 0 C d 17 V j a 7 z e B y v N m j K 75 h u c D D q W T L 7 x I R i k P s X o f v g d Q t i 2 f 5 y E P P D X y H X F H P k L d t t 7 W I b x 9 c i k w m 4 Z //OIg5OM7gSADzQ6stuwonzJ6sf0rH2cy9TrZ0I39SXD4QrwNhcnUVQn0fHmL2QtTo8LidxKwAXFlMFiR/vd13MiKjT8DKSTRoBPyjukUlH2r2BkFdEQLHghObyuuofdgt9isNM2y9XsIVv/D3qUXVjbbOfox5QO2MafiRDokGOnfyDWv77DbrjtjpApkF4qOrTyFgzoLGrb0nyBBUulZgmQEvFHKspxoY1/wJLHM6QP+16p+5gfgsNoHUPe1bDpogxT8qjJY7xutX14tvv5xiVzWG+I5Jz6TkaX7VfL0+2GKLv7S+87l+9kbaPx1jA3qkqOPLy1LbykdarIehjgE9VuzXgLgYWraW20kbf7sDEwKkQ7HwVLeFyG6Eh8PeXiQ1g/ToRNioLtgBdzqwOoGXSDKF+vqtxCRq1RU+/MtD0uwSK9/dmwarGBa75m4232atg2o59g1E8aYvqOpBUQmXhRYOZ3qtc1p2BGjOyzxd1rLMQGweyAJ8ZxMbUUnkfrg6DvS9/9HLe1Qc6ZwIp5itqROlb6Usr7Oejgap7pVCVHNkHdtxxNX/wZIQxezOv9AQYdC2zSSLsYP2eZIOn+fEgZctdkjrANUzwRmyFph/0WQB8hY595F/kfZHjXK7/iX8ZCkjheiavKw2tW9s6/ZCE88N05fBengEP751M5ChLYPpXuNQkXRpvCrmkhHTX0NhlLsLF1jdTGBv1S37T0u/8VPiDvWSruvozszvUugvCpCUprcRfIhQPyEuUDhyeRYM/DIIKQ7HT8UP2WlnEsXA+hMZ4yLwC4uD09/t4pt/QIfyYGdanX17qCsp2oDqjL2ICERr5LzICX0v8Bke9fWR3IhO/bWDuJQAw4drxcxEZSnTpDtcri4lvT8Mz5IFPwcNK+ezGwmGCOHgV+uydCSrpp/1WWHRJKgq0AbVOao1a6lW4/j/awnWa2hBYhCJifT5yJ/RApl/PsoVjtbzNTOW3lOYcBDnIbr1vkHY4x3z9M3XosOSEdhm2BhTkFcdQv9dvnPzGR5A7QbMVQ1u/+HUdzv5335OreLEqYqQAPQaG7UtarKqyYpIXzF873JFcbbfJa4FeYI+W9ElDgZ1Gsr8k9Ok3HcYArR8IOqO0zk4AFptQntclv2r9Vhb76T/ab5YtIRpXYl0/suztCJ6vA7eyciobUAuUB9cAVkPPX6LK3WrX5P9b3DKgfyXIFxljDwiUuEH7RurUoMymd/87ZlRtyaMP+rC/TV2p7KmNUBhojebp5fRz/1QFeq/zO6JXh6YE301Pl/idYXpCl4IlSQFJn9pGMINOZfUNxpYwCjZboM0zpT0DiebVZ9qp3VQS+NZxuXq7Lu74Gs2oxDCJhm2an3UyIoJECsMWIsLR+ZjHC8heCgRVVYbcvoCHRjEVm+j4uVpsbTyPvMxJ/+1juVl3bZO3F4ZawVWNwdvpzTbqw/SXmcqoyCilU1WogyfClhTpIDJgqytUDuhTM8hwVxWZAx17lgyPCma2Nuhip9NptpYOU0+OuXvo8bYkbCVVRVHjChNWadZDG5nHbNdljZ2XsrPFY6nZryhvjuoNgQqdmBiJ6aY9I0/TKLybsMSPp/dPF08rc9bkdB9NsZt7NaIXW61oBCCPg/DWzjN2MJvPlHL5/g8xEi/Tmu+UxK7QYrdNBJTskhKAlaQBYyQxovIrDsShKK9VyOK9CxBJpaTR7y7nx6xCVw8ji7nEcctxLQsF+ejMp8KyZvnVHTMQhO4ret2+nacBGxuTOAYOXaYZa8YX59n9tzsP7V70EcKYnEUnbl2uKDHOFWmlIWdDQsnoUD87bpxjfPO0zUYvATFhziNHKn6ydvihCkl6ASVH8F0OtQTPzixfBjwY4LxSwyW5binE2ISMOsJUu3QbNFuXeT3Us38NSZKyECYhPumvflJrvuJOEjGd7P4hZKxEwewZCEQ5fbwmwSry72ujdKAUquJUmXBGlpoQXb3RaHi+VML0q7PyBgWesRGJaHlVskwGTl7hZtaqkEbue3J35dFq6GrC+DdlZnLR43/Mp4kdG0m9sJ2SvXTBAb61YU0gmaKh72ata8GIGr8ZzMZJrcUckvMeGhQltEAwLaNNxeKNnwJT3QFGjommKnYjk96+OaiVOhlTCkj43KfLWJO/pytxx1OHHKMReZXMY9eMCNnycxqcm9sZ9AYK7fv7y09jpoxVdRxpfKKklPgop9YpzW6UOy7eUnZDkFjiq5svyc9XYKdopE1f4wty0U59CjpCFt2QVeODFz+pMwwmjczSMwhS6HwHEA6G/cewuSQffrPjTOavmwfycgC+nLsfPKLFYVH6Ir+CskQV02mu/7DX4UgWLlTPm+ey3F61MyYN/zWyp1MqFwRRlKU2stSYyxfPQ77CpgNq6l4TuYu5Bug3asS2EeUQ5Q8pX1LSjs58FWThzz764twS1Kp3+2e7O0R0nM/MthDIo2lxp4/txwDHVPhlt6N8mA5jRrYHD8Bq/9RD3V+V9hxBSn4BqCs+hYvnnRfT/CjOqJksKB9D05p4Z/R+ZptJbWv7cz2eHbD/Mj4yyKGRX9T0I7ISNnT//Cph+L9f022jCXRGdMw/UNjvP8kpDWSHVDD7Wgm44NCeLDrw1z51LZjunoLi5haq+yzJuYYkX+sSYHBPrvWf2N2B+90EcbbXrjfKVBG81r0jZKdRtC7iLJ4xNYQGBUSVTK21mB6VdTHZ8u6hl4BSqGa+jOKyxKL1DMFhRt+d+lSvZWDslxZlVj0/8wI8tkSgGrHs1O3Ffh52S1AppTzm4ZPa6eSInA85yTHxiL9Z463HMoBrmLyCzchq4j1V79n3YYeMCp/tvnFHxQSwcItpKAJGALAABYCwAAUEsDBAoACQAAAO
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:46:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eed4-1a38-4d13-a407-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:47:00.000Z" ,
"modified" : "2016-03-02T13:47:00.000Z" ,
"pattern" : "[file:name = 'Invoice_ref-10746155.zip' AND file:hashes.SHA1 = '41d59d8b935424e687a2c2f99df600ef43ca3fc8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:47:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6eed4-b9cc-4ab5-ba8a-b2dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T13:47:00.000Z" ,
"modified" : "2016-03-02T13:47:00.000Z" ,
"pattern" : "[file:name = 'Invoice_ref-10746155.zip' AND file:hashes.SHA256 = '99b5ceada762ba22e0ddf29c57eae2e2ffd8706fb319ae3a0ae7cfd1046d0814']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T13:47:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f56d-3cc8-4ae6-bd56-4e74950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:09.000Z" ,
"modified" : "2016-03-02T14:15:09.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://leksvik.historielag.org/num/887hb56f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f56d-5dec-4576-bb19-4914950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:09.000Z" ,
"modified" : "2016-03-02T14:15:09.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://cabanasestina.ro/num/5buybbtyu8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f56e-1974-44d2-b247-4131950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:10.000Z" ,
"modified" : "2016-03-02T14:15:10.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'cabanasestina.ro']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f56e-a190-4f2f-904e-4fb4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:10.000Z" ,
"modified" : "2016-03-02T14:15:10.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'leksvik.historielag.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f56e-fb84-4a48-a1be-40b9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:10.000Z" ,
"modified" : "2016-03-02T14:15:10.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.21.75.87']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f56f-6594-4eb2-8ec2-4969950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:11.000Z" ,
"modified" : "2016-03-02T14:15:11.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.213.205.89']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f595-111c-4c2a-8dae-5e5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:49.000Z" ,
"modified" : "2016-03-02T14:15:49.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P h x Y k j I O a E b X l 8 A A M f H A A A g A B w A Z D B l N j N m M 2 I 1 M j A 4 Z W M 4 M G V l N 2 U 5 N j R m Z D E 1 M G M y N m Z V V A k A A 5 T 11 l a V 9 d Z W d X g L A A E E I Q A A A A Q h A A A A 3 a I 3 P O w 90 m x H A 27 P D 6 w Y w T o Q f w R R n 5 y U 2 y m x 6 Y P q F + N h F N b I 3 d U S U C 6 g B r P V 7 L 9 n h + K h Y j p y t r V B s e d P h L n e E R l h 2 Z C 6 n U 93 Q K K Y P r T O A 4 Q l + j h E E B R t I s j S h K e J K y + T M k N 6 c Y 7 J Q U j j 7 K 0 V A / L 6 E a U o C b 6 c 1 S Y x 84 H 38 P 7 z F u Z 8 J p T r 3 n F m a z 1 b d F q f G A z s G 6 M r w u C m 3 q s u F G s p h A X g v w n b J / x 8 n 6 e f E m r s Q 1 M x C t d 5 X z / T n q b 7 V l z W y / f y g g X I G T + T 29 c z 1 F 9 W V / V q P t e 6 Y w v 56 Z e m Y M z a j E C M y S E 3 + Z 1 d W d v r k / 3 o W y Z M l z k M G B s l P i k 2 F 2 p l b Y f p 0 G 4 w v 8 E K o d h k 5 W l f p 7 / c e v w J S g W d v G N W X l E L e 0 r x m v S I t U //Co2RxeMtR2gJZVSbK3OuH/Py2MQAnbPDFrGJu6Ya8Xl5VFl5tJbynwq1NIkzGr8LcGF2ZSTXq6rsRYQmHdvt5b0L0PUj0sibqZU02Ka4b+il1yuXydUhiqhK/NFYQbPUJ1pIY9nmgbdNPdHLsFAmN+nznDxjEyQCzG+wJ1kCBihxKO20onA853QL4lwqBLvs6KV+OsowTHUE+Zmx3up1bwM1PkZqRUrF2pVil8pQ79Laq077fmfPY2g7FvMKo5So0perMUK3dL11XlOIgk/xl1qv84ZQv3tm4sRzhwDP2/u9BXn2OsEmfZzW84TGT/dtPUfAo/ayjfSAUyU51PAUX+JS02dTcTSnsDgbxoOWQLrJlHv2m6cbU76gfcHX3kuhWooSfWRqX3XJ13vH6uE5zqII7AiUnQM48oMTtpcsggt0dwAl6cVPh95SU+U9RtDPHXGmf28HhkefIT8gEc2IkU0HfRXIqKMofHo3VJG5v7bkzA9ZynkJKx/njo6qVae/SrZzgB0XnebI5rfiTea3FraG17I9sYZkOFOzaamV+XslurASqTtfTQfmIcQ3PPiPB4VafDpnr2BChhHZK2RH28MOQ+VAcRkv3e9j+cXYsh1cPJCMeKyuj2yFl4TV8VDvJmw4C3x0AwOXMHMxcTA4AHBgdagFLUjzdRoQ6y9E7UzWIHyGr3AKhPuJ2eHPhA+lbd1T8E9LchFE6gSYho5duhwvHn9L3oP0pWNDR8sHpk6kxhyqhsZ3aZu8T5ffUXtfg+tZYbXJXO7KIDR+cicLprBbiRgGOGp7rmSUWNOkAcd1ZYdAiQZfIn9wOVHb0tHJAiEmzRamlWjcytVJ0hdb1cuyHrjcxL0YCUnU33SmEsewNM6hjJjw/+SeqBpcLNpl8K0Fytc3Sdshmf1kErYTPRvxTu2WLXUm6x/mmehqyrat9B/qwStRuCslsxHob/UynBMx7Ksi+6p1cF5P9rG+ea5QcNRHGNhC3hifcQI1WpESdE89pz9QrcYtiTc7Y4UfxzkXraH83O5X3q3h7fEsue+VxBzi/szqPC2NUcMhkd1Q01RPkwS5D1g32Rrc4UlNVOpot67H02XSaTLf5UMcx13lq/bK0+kNxNkP7PRgJXJ8T543BN9zpjXCgodt2yslQzqK9/clLCYK8Ver+NkL8VsZi922mjL0K8UWZoqlrbnsdtYs8kKOuTSLTKiZfjhZNBuV6cT8NnmUc0r07hzUwcx4RZ8G8Dviyh8Dv6lDyu5bIVinYyWV9H/57xkakUpXDgsMuD/J6CvfrFFuNN1upoi9JNS9gkXLQMr1YuK/P5Iy1nI2E0BV4QoMQ8tmOB1MNihQDn39SRW0jwgKjqc9VVVpGV5CHtBxHkHkSqow4PVzA6N7SQAU1317vP1z4iTrJQuh7PJCu5qFD9HllbQqB8qwKnkkcY295w200ljaIHZOwp1AQ6EpKq9wdavdUxnut5WRqFXlieP6DL7+8KPZIe8SN6LYY5xSNJ7iffA837WfTApxxQkJ56U/eVMnvWG423FJWQ3mqxKcJGOZTcFLDPGL90It4ystfFXQFScgxfIAqjPAQrLv8mw0SzqRXz3NMbVZj2NBxxiT7xu3Zo+N0VwoTSWbnwXjE6GMV0Pfx9gLoHQFDhd5hU53Za4OG2z4zyJ5TchxqfKMQJtdG78GaFABOOgN5QkegESFBDMx/UWlk4dZ8vjQWrvdwiXApia3fctxCQidztHQSon/zYKcdO47Odvuqy2DNW5wC2Trwn2yPuAxmR93PS7VEnjdU7EXXvzopMdkFafwOHDaMp4tpbhK1rKP24YsvqiV//StYHjZPq8Ppd7jXMg21bqWynpnHhnV/0R+wM6AGg3bPNZpz7K0wOUiz4AqjzAgXkMTLY8rApkkWsYiEAtyBPk60QSG+ow+hiX+yqki1hcdmx5TyXI8XiSHT6KZ+caG10+wNvj6n+vATjaiKHncDrPeXrRCpAn8A7Myjh+qV8Q2+dvZfy+90i+6g/aBHwq4Qai6JwL7J8Myq6Uf7TbmjiLY2UtVe4KyqrOLfV+KhLBbUrtlTxNQ1CVJmdARUOuo6kpeDHlYJa2Qww4bt1kimecadxZ5NN/fdOE6tghwXByweshSqti5pcMwxHh9hzN3elsW3KU1i8E74LuVFzxaKibWCpb+NLUtnHmKMolIg0cXHiLo77uvxoVJk3BA2RaNTXW8100pHWAze0gGD4qu0LiCjo73C21t8LLPuDUUoHbWNvG7WVrjElWP8ZeSgSVbcm0uTgCgAd1nJdWRXNn99QCLJmczLHML5CljHpD3ABKUF/wZDb/9QCgnXcXIOmQWmJZncQM0OpXMpaR2sgQ8u0Ay7Hzz/EQ6B03PdP4ZK/TBxugivzuZOpfL+CKLfXUeLOWgM8zRMWGc8DSND5nB2vRxThMTL3DaFnyiRydmnweFC5K/QMEz/dX01O15gHr6V2YJr+uoict1BEWTzwACL/vaZ9eLax3EF6Fz5evdanulSOVWJsO7N6PI8ZdUx+yQdg8ifrBsT3jF8wrvCxPmmmMIwHG8gG5iGWs6Px+9LYMoAaQjXiXDcAnm6A0hvKabyY0xJbdv8jqux9Soj1UMAMVoTf1757sjjteRYkVwp+D9N2r9R6dhcwHiYlrk7ywsrWvywObB/fBZzofyZFnIUgy13Gd78RMh9LOBL6w1IIDehtMElErXGf5IGIZ/PoV5V35VDp+SYUoaIb5skZvRyniM7nvWQnQBlCKdXxY0ZAbRLdOhf/dxEXotTg2f023WV+2IrC318qnTXS0Kdr1nGakAcCeBI/M5BMsTl4cj9WC5JNghDOIdr5RSzS+V7rTZgYt0LTPZ584N5iwVaRTS2GWY8TX+Det3nvp188xYA2vldm+RMb72Uw/aeJVNDVakvry87PftlQdqAg6rhoCnUBjqOTdsWUOr+XEAXNUcPpu9Hy4jR6wEnvnVQp2TMBivqhIS1noaX8Zb5Y9HKWmLk1n5WZ/t/vHU56AfbmQL5Vn6qpkxtdTixKodP518nk5SntkkE0+ByxeDEWl8tirlH9Y2q0aNcpROqWSo8Iy3xvfRqzgpQuaocBokrethbUq99AGIy32eWFmGfxnxckr30RmensASyPbDO+a1CI80hhdhbPSd86dKRSerwVBeVFDHHAn7M0FLbcq2HxWLazgb7SN0szyxSvVyoBwTpGjE/XsnpEZsrRSaFtN2BEX3Zk6mUJNM1yRuEOL9zPj4Rp1uFUFQR0zG3CjCLNCD8e5HAfmRLCjFsltjUFiFoQidF/3JkGm0PdiLxi104KD1/PuGkGlxZ7HSz+J2mVr1fPpQfLTXiQYiABcm1twYbzf28jBib/UWldSY0XLWScbAzQhKZNTlBlDSO/jGcT5I6nfWxVXcTc7EcbV5WcTP1Gw1O8RyKDhS1HmrGN9VZHVwhUtZ7JwzHSa/2KHUcNo7LFbYomca48zxuMkWe8HrbCTVfUItVAuSSUegF9tRbnvsdDh5HZO8Hx73/QmJnvi0AbQ6KvNh/+
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f595-7a38-40bc-a90b-5e5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:49.000Z" ,
"modified" : "2016-03-02T14:15:49.000Z" ,
"pattern" : "[file:name = 'scan_876316.doc' AND file:hashes.SHA1 = '5ffb344282a328de23d11a425b9d150157ca61a0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f596-2ff0-4f0d-9dc9-5e5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:50.000Z" ,
"modified" : "2016-03-02T14:15:50.000Z" ,
"pattern" : "[file:name = 'scan_876316.doc' AND file:hashes.SHA256 = '1ac3c0605930c6b104fe7a6868b0643d6a20aa7ddde417189a3f13aacc184bf9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f597-14e8-4d56-a732-5e5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:51.000Z" ,
"modified" : "2016-03-02T14:15:51.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P p x Y k i 4 u f R 9 W 18 A A M P H A A A g A B w A N G V j O T I 3 Y z h j Z j g 1 O D Y 1 O W M 1 M T d j Y z E 1 Y T F k M j c y N j l V V A k A A 5 f 11 l a X 9 d Z W d X g L A A E E I Q A A A A Q h A A A A 3 a I 3 P O w 90 m x H A 2 w K j 7 C M Z P U + n h 1 + z c E C H e r o n J 33 N e W O 9 P F T T / v G w d n W / O d Z 0 H A W R K O u c s 5 K D w B H 7 k o L k d U A B g Z g F m u M A 4 i P O n F b + 8 f n y C 1 Y G l / W e g l C / x T B q k o p 2 H F W Z z z u X n / 7 K c I t w B C x X n c T 5 j v 5 h K t j D T b Z T K z R P 4 v e E 3 G Z j D Z p 5 p I s R R Q x O V 6 e l l X 39 / 1 f b o Y + n S n s P 89 i c c j x w / q U N + m b X W H R E z y L h l N C W Z f e E g 8 T d 67 n F M + 5 X v g c u B V Z q N w + Q + U 4 o s 5 p Y s 7 R S A x g Z Y C E 4 I F k O Y f h L u 96 b I 2 B O y / R I l w 3 j h U d 7 e k k k q x M m w A a A J q o k 5 R i F z g K M 39 e V c I w + 6 c 2 P 48 L 4 P i r O y e j n q / k j z R m K w y O G D P E 9 B 4 w O v y 22 j Y O d 5 Z c 3 c c y 18 e + f H k v O J u N r 7 Q J v A x k s 5 v R i 2 e U e D 38 n H Y S i y 3 / F L a Y 8 F 5 D U 5 n g z f j l w K m I T g P o x 8 r V D y N D w O c o V 8 U e 5 b B K I S X K A t r T b J I b Z s p d / w I j s C z R 0 N G r g U t H N N v 2 t M h b u 1 N Y 8 S 8 m o P s H 9 k 2 Z D + 2 f P t s l O L J A L 3 H p H U G n L e G 7 k x C m T V V 7 J o L 1 W A V x 3 x j N Y D u N o 9 J Z 1 / Z R D P U I c o X Y 86 C o U j T Y L z y r Q 2e15 a 56 b Y N J + v y 5 N L e M k 5 s z 1 X s d a 1 C W I y q + I v D y l f U l M f n L C / T A X N L i V s A L U e u v 1 a H 3 y G G Y H u q 0 M u S U V K L P u N O 4 c I o q U v D E M h c j y x E v R s k E j C c K g T F + 9 K n / u k 1 b F + 59 w F 61 Y M / q a H 6 p 9 Q / S c k D Q 9 D b m T t i i Z s n r e / K U D l U Z Q d Y N u k x E m + h F d x 1 a g M 2 U p B V D t C o u h 6 c u c / i p D o + E b O d Z h 7 N b 154 a D u p L K o M N M F Q q s B q 0 g G M J q l m N i x p D U E M 7 K V / t 4 x r t D w X t e a r D 2 c n a Y O f S o R + x k D W p r K v 812 v 1 Q D z s f C 2 M I z i b 3 s k Y B V G K u K X f 4 r W F y J H A 1 m I p 4 c C m C 6 G Q V M q w 2 m H 3 y t 2 / 0 X T h K S h R w s B / 140 E a C 3 x T g c 5 E m r Y J V 8 E o o c y k P t R 8 j v G N o z r f n R S o u H t N M W m 7 y d J F l 6 n A q F d r n N + F G V b c k W 3 v A p 5 R 1 T 7 S U d u 66 P l B I N + S U q 4 N S b R 7 s Z v N o c r j 68 I T W B v / w K i / w l i r 6 G k H a h b w e C X S C b G 6 Y H j y d h 1 + m U f d 0 22 n M R i 7 m + D q R u r B h k a w v V d E h F 8 s o x X c 5 h Y H K Q e h 0 Q z s k + t 8137 K w E M L J f U f e v Q j Y B 4 I v I e b N X M a D C 9 v c r S 7 i p J L C G w I / 18 m P U 5 j 7 t 2 V z R b b A A c 8 w 5 v 6 p R T K g H s i / 6 b y u v t e e L 8 W b e t 0 2 S t B O 6 + W V k 7 / h + 2 x b 9 S R h N H 7 y F D A / o 5 X j E v g u M m l S Y G l h q p h s T x 6 M a 4 L o t b b s b 3 q Y N a E T Q P F P J 7 x W q V z 8 l G M H b l Z E N z t e a Q / T r Z I J O J H 7 Q e R k m b 4 h 9 c S 3 L I y R D J L 4 G j t i O 4 K e t 2 / S s 0 e i L B M n i L H L h 1 Y 0 j K 8 S 8 R u l u r j Q D o x v b a + 8 Q R E k M M e i G M x / N V O E G Z 2 D H W D v H f z m 6 F r y + m N c x G H 0 73 s g T y k d e T 0 F G p + X S R B 0 f A M / V f r 4 I Q H A o I f 9 V + I / 4e4 o l p r 5 P N n P a U D y + a m M 8 c H z 3 D K K Y M f T z o 2 Z K C 8 K Y J c T q o G 8 u d X a I E g N 90 X d z i 1 B y O Z G 2 F p 0 O T M L E q l a M U z k B s M Y J q b j H 67 B B V U a U 3 y z F Z d B T L Q 4 v 9 X i u + L h I p 5 r l I p 30 q I 4 b v I z u s w r M W 3 f S a T n p P o o b q N z J O j 91 S q G + c k c e 6 H f g p E M / F 4 S s q + l A + 6 V h D M y O c e E g w F 0 b s K V l 7 K E 0 r s r V U 5 C c 1 k 0 8 E q f l 1 L R L N A t r i s H q B i l o c o x O c V 19 G n t J r c U W V P J S h N 2 P 9 z 0 E G q 65 W g n j 3 g I S k + Q P s z d N T 7 i i 8 g u h l 0 k E b 6 u x P N O U a h R X 4 s n T D x O d M D F T X N S t m / + r o u 3 R T v y e / R S N i o X / Y T U 9 i p B Z X U T h T m / G L J Z L i 5 H A 3 r F / D 3 A O t + h / e J H m / 6 P m a T 2 K N j O c G Z z j E c F 8 C G I j K O A k z 5 i v 8 R 83 h m h 2 k f V R 9 A m b Z V V + p l P / N K 4 Y S s A a L g A z A M Q h 4 C x t w a l N k a R C Z O + Q s 842 G k w Q z p m 4 M Z O W 2 z K N p K 1 x F U c 2 Y w Q C n 8 U b 5 o G h K 5 W a i f y b e f w 27 a u / 8 u V J v Z o z 1 b K N + L r D f 9 r E V 5 N P Z S 6 Z f G e 20 i U 7 O G x N t 5 k l e 6 u v D z 9 h n a + m 4 d Q J 2 a 8 k Y n k Z n m c l u v k I P c 75 G z 5 c x Q V g z z + k 6 s / S z u L y B T w h 787 j d J Y R c c o X E B R 9 Y g 50 u P k y g r / A h q n C x O u 7 I i Z r l O + / t J 0 W t L I r F X V p i C j S w d B y m m d g L v A r 6 w d t g G a b J 3 l d 6 v i v Y / M 1 D U G G 0 i 5 u g 0 r T 18 L 9 H p K c P 7 x K S Q k N C z u G v 6 / O p f j V r M Z 6 z c T 8 I x Q H e z 6 j i q k s P v h 78 T I t + O 6 H D F A U j W 8 k R w v F m i 6 L G I I i B I U j 5 O 1 U R j 7 G 2 i j B z n 2 c H 2 Z f O 34 s p S R P C q v c y J H T s X 9 X y d s 0 w z d 9 l H + 4 l U b C 0 G D x K Z p P e H r i j R G U i R a M c c v W S d c C n F P B 2 + h w j O o F Z C F U d K r Z 26 a 10 x m d E m v s a N H C S Y w q T E X 10 z L P T 0 W a 1 S J q T O v G e B B s y + d l W B Q O v Y I 4 / v Q G 38 r c E C X L j Y M c y v B U 0 Z W z 7 q s X q Z s O F n q G 5 I h o i U w P X F u Y S m 21 N p f C j 0 Q M b n R B I D e R o x I j u j / o n D 4 P c f A M 74 e n p w F o D k v s G a 2 m 5 G f e z S 5 H O K D g H 0 1 Q l D E S N a T k g Y 6 A O l j 3 U + i 9 Q g e a f s K z H L A W j n V s g r r a u p a H S Y w p T S 3 N L P p v + e y 4 s m 6 S h z O 2 s p / x 7 k y H B 2 I l k H F V Z 8 b W T m c w j 2 D k N / t i 5 n P h V h 48 A 4 t 5 L X I s / D M o m n E I O F B P p F b M 4 Y B W q N E n e r j D A 2 b + t D O q b l h U t Y 2 d y 250 O 23 w q B i K n U L e Y X L B Z J B W W V N 2 B Q f M v t 19 M R D i s 2 R 93 t E p F x k A i 4 T B C 99 T i 7 E o t q n j Y g G u m Q m C v n x N Y + j Q d O / c b f s E S g D K t l X l 7 q G P O k e s J P k o f 11 N 6 q u m B s 4 K n y n A p r 7 X Y Y Y l w O F Y W U 4 e x i u P 5 A c O Q V 0 m 77 H H 5 A 8 p P h I a X + P K p K N a K 56 R n H b B Q k O u z p E k U t H A a 3 x r r P m H 7 t s Z K u y / b u C l n s k 0 V c A K W P H N V 3 D e 5 G G 5 H N p 1 Y 3 N d m f 28 o 3 n 7 B s F K Y T x 6 h I E G D t 5 Q k N S 4 X Q T 7 Y 0 1 z B o + J b a Y n + N B 2 w m i I V O F M g m + b K 55 S h 5 w j j I D B 7 B f 1 p V c M f E U / E f 10 p y s W j 5 u W k q g M 48 T t m 8 a z / E b o v d s L L x D p z M k J w H v s x 6 S Q a i v 9 B L W A x d 43 v O j w I 67 S W b P F g x E e + A p f W Z U R x 7 U c 8 t P E j C O f G s t y c Z k L F e O 9 P o 5 u 36 k W M 7 R e t p Y V M U 7 D V w v a K 2 o s s u x C 4 o Q R W Q K 8 E c i 9 B 2 J O N 7 D O Q L S F L 6 h z 5 p a t E S y h t p Q u 2 R z 6 w W I K u P T 8 U 7 w 4 w o G T P X U P w 2 V P r R y N p W w q 7 q C b g 1 R U E Y Q D h R x r k 4 r c 4 t 2 I D V 5 d p y b d Y D q 4 G 7 A Z r R r 4 X h Q d e 0 V N w a U x v k W N R o T 9 z q O J s j q S e v / w u t c e 4 S a F y c K K J 6 R z f d f p e L f W Q W x h S y H B v w 0 G X x r y G h p 6 J g q b x B V V 4 F a 43 f i G n + L d E F + 2 q / p F Y S 0 + 9 A 40 f 8 t h J U J 86 j 8 P / C 8 w x w o h i A w F 0 o a 0 547 c R z L 9 U / d + h g N q I R F W 3 U 0 k A g 2 + r l 8 + U 4 A m X A w l W W T L C x f E W l j i f z 8 I M f e j X 40 o G 9 N r / n j N K i Q g 1 h c f I w 0 t 2 o A K J V l + 2 p J 2 O V J K V 4 n u T G k d h C r q K + M + X S k J c 3 I q E H i A 9 f V b 5 A z s 3 y J D b P K i y H 6 r 7 + I / y u 2 O f 76 T q b 19 Q g 0 Z b c J A U c u I p g 8 a H u d T 8 C c 7 k c o o r R N V X h f w 4 Q q 8 P t 1 S y E 3 X r H P f r C L k p j r O E p O D I z + S P v q m K F U 6 O V S k P C a g c 1 V M 4 x 7 f 6 I / d J g 3 s e f a m 0 M C h L m t j 4 D y h W b / 5 T r n M j 4 j G B k k D I N b 18 Y C f s F 4 I a W y a H k k b C 47 l E e H Y z O 3 a K p 3 f D o L J 8 x W L d 93 x S m z W H 0 f e H 6 y h A h 8 t i 9 t U J Z B W g 9 T E p v 98 X v N H 5 e N O b I 1 d w 6 D y + S o 3 m k U b Z K 5 j 0 V x x 0 a r 0 S T g
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f597-46a8-4a5f-9663-5e5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:51.000Z" ,
"modified" : "2016-03-02T14:15:51.000Z" ,
"pattern" : "[file:name = 'scan_382380.doc' AND file:hashes.SHA1 = '494fbae0a9dbb80b1c080ed274ac732f54f79ffd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f598-cfd4-43d6-b85a-5e5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:52.000Z" ,
"modified" : "2016-03-02T14:15:52.000Z" ,
"pattern" : "[file:name = 'scan_382380.doc' AND file:hashes.SHA256 = 'fa25f0ec6c04e54b87f361f1668b32c03163a90b65c3c128965f224e0ec8c30f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f599-b51c-4cfb-970c-5e5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:52.000Z" ,
"modified" : "2016-03-02T14:15:52.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P p x Y k j k o q D m V F 8 A A M H H A A A g A B w A Y m V k O W Q 4 M z M w Y z E x Z W U 0 Z D d m N T R l O G V i Y 2 V i M z Y 4 Y z F V V A k A A 5 j 11 l a Y 9 d Z W d X g L A A E E I Q A A A A Q h A A A A P K y a Q Y 5 L Z g N n 5 N X W F y F 7 m g B n o j n U F R + p 1 F / T x F 6 z z P e t 8 Y K T 5 l 5 s P 1 I m G F S k 2 a W U b z V Z 59 k h Z V c y U O w y w c y X V y h s e k T y 0 b + e 5 S x 1 T 33 T + v 0 Z j w b 8 G E C Z 8 O I p f T i T y Z 8 h T / G 4 i 2 J S s s N / m g B j l e v D p O + D 1 B 0 z 0 Y d a d t K u f + Q i A a f 8 Z f U 2 d / 8 y t p K G w A 1 r 68 Z Q K V / P n D q k F C + g z u K z y u J C P 1 U 3 S Y z S X X F Y C f g g / 23 C P g B 2 s F M j E c H V 1 p J x s G q + 5 E o d 1 s x C t H f R 0 Z k P X m D X n 7 r G 2 P R M k 2 W y E T b D b 9 W g x 1 q E t 6 i H r 0 p W g d j y x B m K s h 6 y s y s i i X w V q N s i i 0 a C A d M l 4 h 3 x G 3 N T I z h 4 T T r 9 l Z j + s 6 d I a a 3 t / 4 I h e L N M 6 b 5 f A M V V j K w j l b c e Z B x O J + a T t R h R r 5 D 2 i i p w D 8 i y D 4 O c Q v V n 6 H F m s L g m u O K R V t v w N y U D n b y S h b f s T f L h O m a g Q S Q f Q m C w I E 6 T K j d b t x c 4 B I P 3 Y W b t M S x s u B V B Q V L J Y V s n + h a O R 3 N y G D 9 m i 0 v c C X 5 Z P j o 2 L L G J O H Z m R m G n K w M D 8 o p X V 40 v K j / c H M h 3 S v R 66 w s F Z M S 1 E c 9 G / P Z S r F 5 e M T 1 O u j 4 r B 4 j + b M I U n T R P W Y K V q w 1 X i V u o 3 h 3 / O V D e U 9 K M B Y 1 i Q 0 W U 9 m O Q j i q K U K 5 e + s 9 o Z 6 W / 3 F K C e / t u W n G h 6 l N D y 182 L E 4 x h u I b L f n C L L q t G u S 5 V N U w a J s 6 a r 4 M 8 P N H d V V l x N 2 t Y t 1 N n 833 r 1 O N K a 7 j 81e8 V J 0 k y f k w Q n u d A c L B E x B 4 M J m / 7 s 8 V 2 H u r A j 1 c S 10 g V j 9 + O n E F K 30 K Y 2 + S Y 1 i W a p h T / E w 9 K h c Q A + H U B w R O 5 c q C b Z H b v I / z P k P / 0 j X P s n H 3 r c b C I N S g 28e9 z 2 r T n 4 j 2 z X F O S 8 o + b V k v p T h X C 5 J u J / k 9 V 83 U 8 h T p + 3 I F c C Z g z T Y H F O K m 4 W M E 723 h p V M F m b w g / A N G 5 I u k C z j 5 X T V + p I h n p K p O h F 6 B y 5 N X l A 1 v n T u / y T p 0 2 J 5 M c h z o 8 l W q j 9 D v A F d g Z P 5 + / z 74 N Z t O t z B X v H J o b j Q V G U C N W y g 5 H b E e l Q E / 8 T 82 V u k j q L X 7 s Q D / a z q T w i P C I m c 0 3 S D g E 5 F + 0 v e Z + W / 7 E G U Y d + B G G h j X M N T V v v d d 1 I s r 9 D 2 Z w X F A L F g B D 7 X U R I k A m w w U 3 + q j y 4 I m h l C P f F v A m w U D X P D p V D 4 u D r O F x D m G S F 6 w U 2 x 0 m E B f k + l m c h 4 E V x L E 6 m a 3 k 1 o n T 1 V L I J U m K s u j j g M r x f H 58 X o q 3 q K D V V m w P x U O R z Z E D j + V 4 P 0 F l 3 E a y P 2 o y x h 1 m D y V J C / L 4 r 0 T W k C B P H Y 3 M B / q L l l 5 p V z X y 1 A 6 d A G y d i b l P W f J x I X z C A j U 5 W s S V D 0 Y Z o 2 L 4 W W I 9 w e B z P 2 k u U d w / W h i l c Q I 6 m k r D n j K 3 o c E 0 5 g E a 0 b W Z P y u s J R m W O 7 r H T n q l q w 3 F e W 36 Y v o x 31 K C + 1 b M o J V O k k n q 1 G G R E K j p W 9 V S E x p S 2 K F A v W R 96 s c f T I 8 S Z y y g g L m o h k H K G J J S e L E j 7 F d U m M 6 C d T T 3 B T C r F 8 F m 7 u T U s E 2 w C F R b Y y I / i m f o J j N h 8 U 5 Z 7 E a 47 E F V Q 5 u E Q 33 z Y v 44 q v T 5 R Q Z H x Q U m l B 3 q + X N O H H n m / e W V 3 y q 2 P 4 I p r o N h z c w N G I z b c 3 k 9 m O h m O Z b e Q / 24 j s C M C Q T d n r D s s W y e h 6 n P 8 q o l J P 7 + L s N t T J u V c q R Z x L I U 4 l h n N P v u I 7 r x K / p T Q q L e I D T 0 Y w u u g l j z m o G f E L j u R P E 7 G z K G 8 j k w z 1 I y s B X F K n 7 + L v + y 7E3 S h u U 9 a x X V l / k S r c o H n v r o P v 1 y O 3 b q w 8 T u g 9 / Y O z K m d O b / r p U s u G A d 674 l u i j 7 m u T Z 6 K n d W K 5 G 0 g E j g D U C V 2 i L i 99 J 6 l 8 + O c H O v P P 4 A Q o 8 m J 8 i j k l S l Z k 78 B N 7 W Z f L k R E k F B S j J j U 6 U w t X i W h G x B Z t s E C G E U Y x O x o 5 w 8 m m 6 p c p 8 y T + a 2 l 9 p / 6 / g O N a T H c f q U u a l o 1 Z I 0 w J U 20 R S D Z u d q x Z w J z 4 U q R N u t 5 V Q V J O C V q C / 6 A 0 E H y a X k l 4 p k a q Z 4 R X I D u e v m h U 9 Y d T e I E r j L j x A 99 e K V e w R k A T l g o R E 4 q i a 2 l U b H c 8 + R b I g 8 n 9 f T 4 p Y Y u B 27 g z E g z N F 5 P k f r o H q y Z J 8 y N a V K v h e u U n w v l Q F p H 921 W 58 S Q B g o 4 H K W 9 Y C / T 271 / U t 6 Y C h l p 6 + i G 0 x F a u y E A 7 S F j x x u m A Z k m J p h r D g Y H z u w D K T D Z F M Z g 7 g R G p U 5 r e h N 3 b X + E S 1 J g z e / n n Y 4 K 4 g n O h q h S w v D p m E E l G / 0 Y j W Q v Q z A i 30 F e L p l c 1 Q u I F J v I A W 0 a V 9 s r t e b J U B D t V Z 5 Y F K 99 X r H C u Z B z W m T K u S e B c c R z 0 C 6 l f Y v S m G w a 4 T c a n 9 B x T l p f Z C d 2 z n z s R z O X W d j c 1 t B s h e R t J H U E 5 N Q 6 U V u q L h e c W 44 + r Z U S F 1 G b i i t e k t 29 G M 7 J 5 c P T I 8 g E U D A k + 2 U 7 / V d L b 1 a L H I 5 P l 3 a X 8 t H u o b s 54 q X j b J 7 n 4 i f r b z V n O 1 d k j V 1 c F H P j C I Q r p 7 P u V 4 A G d C p e Q M B h V G a 0 5 p l n F k a n Q u y Z S E 6 Y i I Y J f N t s n u n u d j B g p 4 V a u S t P 1 I y G 871 D y o Y e V M G p W C G x u O h A g Y S g E B Z w v i g K 98 m t O z 15 V S f X I N e 1 n + Z 6 K B J m w L h F J C k z F 0 x Q 9 t x + G R Z q k g P o C Y l j r 9 d + 0 y f K U C m O U 9 h 2 w 1 Y v m 55 / E h w P N O 180 f r + U j b O s 4 S U E m C 15 K H / K V c 6 F A 1 m b H f u T w S p p b d U c h + 0 N Z e S r Q 195 t H O P M p H T B l V 7 v 1 S O A 1 i 103 N D H L / Z 8 N N h F V S V t w O m w G e l 2 n V h C M p F Q o T 9 g i v 5 R 8 A t P S C U h + I / G T e u C / f 0 O K C V w y m r l R b R K M 8 h S 3 s / h u H M x q V Z p S 4 z X v B 0 H 5 Q 3 x 7 N m M O 94 e J O k f S H L J N U 1 / h g J u e V L G E p c g W V i l e 82 D 4 S u 95 C z Q u Y H y L M e x + 46 c 7857 y X a z X 7 X N b r Y w F E Q I e z a x 9 Z H 0 3 s + v h P D H F T X A c 64 x l y l L C v 0 r r I t Q B C 6 L 4 D S A 3 g 5 V 1 V c 6 / l Q W d W e m g + + m o D P q a B h j o 2 q W b K e G w 1 g a K x / I E L 3 d 9 l 7 o U 8 c I n M A V A + H u q A O F A h 8 A l / p k L C H W A g A E T D P O Q i N Y 2 e i E d G C T 99 K t b d z z x o / i U Y G y x x t I L j g B f i Q E 1 U 0 R C W R f Z P w H e n N J e O L O a 9 c 7 d 0 u Y 5 r 0 D o U o c Y V U v m b F c 4 z f g 0 h B y W c V N 3 n 5 W H r H 3 p G b K K g w 4 y 9 s w u U j h m u e Z T p / z D g j s h 2 a T w t c F L S h C S f E u Z O j 5 M 18 h D q w e Y d T S V 5 x o v 2 f F k i y P 6 N m R B y f q I D p R y h 5 A t A H C X k P 0 z W z p 1 a R T + q 3 c L 9 m Z h x o i v o M h b H i i R b j E q q o z 6 + 2 L w p M 1 T + S 8 j j 4 T 3 F s t z i N d j r x V q 85 u 5 E C Q G 29 n b Y W u U Y X 2 I G L 0 Z 7 i x z 7 i 7 v 5 g 6 f A T d D m 5 h n G m r N s 8 p P x 0 8 A 2 H 0 6 o O u L 7 T e X z 6 g / R D y O h 7 K B S 1 n W 1 F 9 S + d 3 F Z J k Q J Q I 1 E x Z p K d V c J z I 4 x 5 s q y D b G / 6 C X Z D b 9 m I d w v r p G 3 P t G J G i U v N O 4 o r T U 7 N i R s l v h Q g 192 H r C A m I U 0 X c F Q M j z a O c m 5 F 1 V e t / 3 m W P c / a D V t y 2 i A + F r z X K J m 9 G d 99 C A m K I C T 2 I 0 r r P b e K c q 3 U f n 8 f k 5 v 8 q w r W H d 4 g g Z i r / e o v H A u K w 6 / P l l x U S R z T K u Y Y W 7 g m Q z K I w e c 2 Z T B D Z b g 0 J / 9 D o 33 R 0 f A n v h 6 R J S 0 N M O X 2 O p 4 g J + s 3 p Y q 0 4 / e K d v H K B D n L P t M + S + b T g 8 p K w c F M d D u 6 G c C 8 H / p 2 n F v O 6 Y w 5 O w E g q B r 4 B d J d V 26 y e z G K 753 t a z C I u / R T c Z W s S X w N J 2 I S 8 F p l Y 612 H g S N K m V v j u 2 t N H K H A b j s R s B l / W N R D L O 4 h h T P O C E w b F 9 H 61 b D u 8 Z X 9 + U g o F P S Z N K j k x r v J h U G l 2 p F 8e9 F l k a C R o 7 B T h m T p D j s 1 m 1 t o y K l 0 M K n N F 8 p u / j s a 50 m I 4 X C V 10 U 21 I o D p 95 t t X j H B f Y 0 N i i R d T t n 0 Z x u z s x I P z l m C l Q l w H 2 L R 1 b N W j 9 h J y 67 P a Q U //UeTWxyuem9C1o2KAo/Ytd1JSjCf74qHXx4+9/Ek3GaUP1z
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f599-a888-4b95-96ac-5e5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:53.000Z" ,
"modified" : "2016-03-02T14:15:53.000Z" ,
"pattern" : "[file:name = 'scan_187429.doc' AND file:hashes.SHA1 = '3c37da065c6329a2f021e990a8e85db97fd626b4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f59a-9050-48f5-a6c5-5e5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:54.000Z" ,
"modified" : "2016-03-02T14:15:54.000Z" ,
"pattern" : "[file:name = 'scan_187429.doc' AND file:hashes.SHA256 = '5c0093a77bbb366ee4e80abd38b966497fe71419d5c46cb68f05757078551ca9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f59a-0530-490a-ab7f-5e5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:54.000Z" ,
"modified" : "2016-03-02T14:15:54.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P t x Y k j w O H N T X 18 A A N P H A A A g A B w A N T d k M j g x Z T B i N D R j N T N i N D M 2 N T k 4 M 2 I x N G Q 5 N z A 2 N m Z V V A k A A 5 r 11 l a a 9 d Z W d X g L A A E E I Q A A A A Q h A A A A P K y a Q Y 5 L Z g N n 5 N S H + H W 2 j G A 1 U v o E o c X c 0 L z 3 J i R k D g e y 21 x h z p e A O a c f j v J X x R a + / l 7 M C s y k Y p 6 / H u 4 J f m O X s F o I x F Y O c 35 g + t i Y w C 7 k W 137 t A O m u r 6 A M H 9 H O t S Z t t H l J G 7 t v n 3 g R 2 q 5 l c J p G Q 12 j 7 r T i R R S F u Z q S / F 0 5 P 6 y M 1 r P B 55 r 0 F Q A G 6 B x f D 0 H U R r 8 u Q r v b n 71 f 0 t I v J e J I K R 1 r V K O S Y b q F 1 F 0 8 S d g S 14 P b R I m Q i l D 2 o 2 P p g o b v r c u q V N t 9 t + j 0 c 9 G 42 + 2 j W j / 1 z D c t B Z 9 M n 2 G p Y G F W k f Y F H f U o c p p O 9 x i h X Z h + O f Q T v S p J u W Z T e J / C o C Q i + S q w K 9 M P H 0 n j Y U / t e / 9 e n h p y e q G F H q g J L u 52 h 5 M w t X N a 5 u j O g U s c F V v O e N H 5 O X C p + 6 s D w 9 k n g 8 G h 9 l H c + d O E F C F 27 Z 4 t B u j T 9 e + C A B W u Z C s 18 n D l v D 4 L a e e 6 E b n A R i h E + C z f C / Q D y B M 5 B f Q U Q J N p O z O g I W z g P g D 9 M B q b F S G U y M t V Z C g w S N 4 g r 8 l G C r p U H a Q v d U f j 9 e O Z E B g K l z Z Z H Q R 8 e p 2 m 7 a v c K O A 9 X i m q T I 5 f Z 8 j g b N k e p 2 + s A n G l F o z i I 1 z x K Y r + u M u X S H o P W a 93 V X 91 S F C N a n k 3 X E i 4 J Y h k L q X 8 R l r I S B p x d J L h g e 8 r f 1 E Q D d E g l w z b K b S q M A s X B p Q Z E 9 W J f I A t 7 h x E y i U k y U S p U k w j m j 3 d 5 j o 1 Y 3 N 5 u I q v e e G z F I Z j G u V c x A 5 + 2 M B E v C T G 2 S g M D 0 k d M y 0 T j I a m g 5 R / t f P o l 3 U D D A r 7 m P 0 A l q 2 B b t J 8070 R o z h N 5 f X 9 g W a g U 6 k m b d H K E T V s o 8 S l q B d B B L D y 1 h 1 M 5 l p K U o g t c r j V 9 t + X X / i m C c p m o 2 o K a I S 2 m S z F o m t c 3 X M l u s l M g 2 H H b r r C v e p e w e I E 3 A K 9 U V B r T G l b N 4 l g g w E / w j E m 3 U j g X h 3 r W p M g i 1 j u f a 0 L l L R T 3 n v Y b I B 4 t s g a z w w D i q f J P u l X S Y 0 r P c S w s k U P r S G w K N F 74 l W 1 b y z D a 4 A 94 S X 1 x l y v w E 9 M i 9 s S T T o V R l J 2 S d k z 3 H w 0 R I D p O e a y 254 P O 6 K v T N W z z O I T Y r K r w k J n N G S Q S F G N v k d k 4 T b c F o D W H x a k 8 a E A f A b X 1 E w e D o z o R l Q O J A r b R L c Y B S l i 4 G B R Q 2 L Y + m U D C y Y J 7 T 0 v 0 T q P I 9 y I u O 5 Q c A X R e K 6 j H 5 I 0 f u Z D w y J d y 8 v B N G Z r c S l I o E / e C h h r L m i 7 r d e O O / x / n H U P + L E K w 5 F G U i W Z Z 9 I L C k N X Y T T Y t 1 H u w i 7 d J M e 1 e f 265 g / 0 O T Z S Z a M I z 1 F e v w x a P 9 E I 6 I b 8 G j z i 2 T a 0 F 7 + v T 4 / Q 6 p H m M 2 G 3 F o 9 v D v v 95 M L F P i H N m 5 y b W j n e F t g V Q e 45 A I Q x 6 X 214 f z r m n a Q F x u X M M w N D j + / N I i P S a Z + F T a H E x n c p A v q z y t m l q 1 A j / c 6 S s p Y M K o 3 n Z 1 H 7 x j 1 B 74 V o R w 5 q q 57 X R 6 x I S w 4 t u O k J x l J / 7 E H Q v G A V z T l K w f q u c r u 6 n o Q 5 O 49 X r p / K T S D b X V v n U 3 P 6 G X 6 n x J P X 4 H Z z 4 o J P / U O r 7 J 14 F O n l p F S s 42 P Q T P r u + a 3 R L T 8 A o 4 M 1 U s M 60 D k F / r M c W a 9 X W W X l F 8 q C R c h L w M q u 5 Z F / 26 a X f J V Q Q T Y C 7 O n X E P x V 6 s Z T P 1 h O u G Z p t n V S 8 F I 3 f W C 52 s o P 7 x m q 36 f j 1 + 3 r 40 h V N + 9 e r N l i w Q i O G 0 w C 0 T N n J M n 4 v H m E y 75 A E Q R f G t 6 g 6 s + J C n u f T 5 I U U G H y Y z q C 4 d F 1 J g J l J q 90 R l y v w 8 f s G S X 1 Y C w N z A e R b O / g M d w 6 R 1 U p F J 1 p W z U Q 8 R H Z G s g k / S Y f Q m B 8 O j V x Q r l g e L Q G e r y 8 Z e A m y r X b d X E / k 94 X c D x M 3 q n j r J Q l Q B S 4 U 30 v p 1 W o B e I O b C i H w + y g L g a e E K t m v I C 99 X h f t O N V F w B R A 52 C Z a p v K j 88 o z 12 Y z + h 4 t r e M Y I 3 a e k I K e m v 0 z / h 9 T K 52 P + E Y + v N S 8 h v P 267 Y C p Q w o 1 y Z W W r 2 F 190 G N Y p D D p 1 Q K V h X W V p G K 8 D P f 2 z L M 5 v 8 d 60 Q j w + g d N k 2 Z P A Q W H 4 B j w h d p 9 s w / i 6 w X K 3 A Y B R 5 D + g 4 N h u L H 1 R w r I X d 1 H d + C i D L g m p X M k c S 6 h t X 2 / 9 x E O + Z D J A E 8 u W C d p W k R L 8 X j k v 2 z 4 m 8 e u W G i v R 5 z Z Z B 2 Q + z 5 M Z V 4 U u s 0 7 q 3 z E I s v O S V w g a q O 6 j P C / m I 2 E X N k F 5 V d f X D B t 540 m Q 5 P L s k I f g g Z J m I B x C 2 s c v M I F F p p g y q u n y K l O b h A W W X d w 5 U / 0 S b x o Y 0 1 f p v 75 K F n b 1 B w H R v 5 O l 0 S 7 I a v x 8 U W J o l 8 i B 0 W F 2 e W 7 + r H o U Z Z / 9 T 6 y 1 J P 1 Z / d U l Y 9 b e H W z 1 y G E N O V h D r T Y h 8 g K q C S O Z 5 I x 1 i G d H i q A X l z m v J A J T / p 6 g b w 8 G i K e 5 o Q H i M a 3 q f m L 4 P T a R q 5 X Q y E R c J C k J G 8 P z q n L t 3 W w z H P E 7 g t i v 5 X o Z 5 d a + t R t //XZxRU0wrwiaXBAph9bF8aHtHnmldsAtGkibUgrB9KFgpXJn8RKZFVRMrOWKtCGOV8HLyePwP7M3KyqFsa+1L/Epy99W0J6TQg/nxEESMjTh9B2a8KoxNh4859MFIv5wjYPX68dHdbeeVyiCjTvA4U8LzjCLWsNRn72b3l8GZhOJZBPBKrkx8faEp/YE4zZJKgeXPwU/5I+BBjLChy8DIQ0/BgsmcmEvzb/ATL3a5N0M6iMnRrH0Gh3cneEj3RolGl7Q+5LNYiRTexPSyokRQwBlDt73Mh9JVOuZUwOVA3NKuq6wMsXkMH72vHUmy8i0kKUhLRtIxUMUK0qS2Bqxcb0He7zM2m2jw7uFQm6TN0YE6bGpmSfmqSibiLlVTPOYy2O3dcHVK3Nk/cvtAl9d99KHr3vi5LsvPj0T5QcatNeUxEqHhde5rq4x5MdZMtovPd9MXG/Xzz4GYXQNihm42KuhbJL3CSgunARAhAClOcyb5D8FG9qVDueg3zyFjN/P5x2XPQ2q1gvJgFUVu2bZsE/3an3itmoYeVIFupGmL79wnWJvhzH6jrvSJGtU7y8ycgBm4XgNXPGfY/1+pQolszzJmY8CXI0zvq6B35DvfbE6JSl84H2N3t2ceobleaCoate7PIIDjzs4wnm193T7sgkDmCrDd265aQmnZSWJJVWa/LkVPO0vjiMRcFPJZI8TOjkFiBS3sjNtSV8jQVbAIPpVvi+J4+2x7uh18V0C5cpvzooV3dZtVX1JVJ2//jYFmkQQijorraYm/D1hnFr4cJGAGm5zzDGgDstCg8qJFUjEuv3xm9qWmscrADZPOZyxl7D888rgT/joontx3FJ3wO0sZ0T/9PgUD7onj0oTkcWaQIKmYp5L+5bWKjg7aBVaR5fgy/Zo0vAaeUv8PEhdt4N/8hGyJNYjnJjtcjmnVWwYLocslVBeog2y1zFlMsaji5X1PtBOlzztFui08gLnBZDhy9wLOje8yPuBehQLNAhnjLbn1YAM8+GPk8gBis7dl5gJ3Q/Qp8P0zy769X14ubqeRAbPwfiTFvnBUL+eqavK/nfb2fQTQnesMTLQqrDV8k6Sbx/9GfnbKq+ffHXQLeTDxalt/tLGA9xWTzS7yjQ7NJxiHU4WqKU23VXEmzfXsJUtiE/6HxJOOth3tfeiGxLOyumt5k0u7nXPjtrM895jbDXk5FXIfjRbZn2l2Qx9xYam/bmzuhIbBMdSzyCMsQGdcF5D5ZFvMmvrqx0guUPGx4twpGdNMUFuwmeDa2rxYy6pnSdr9uE2KTik+l2hBFLMRCxQoP4DtbFC1Gb++zlI22mUEJ2+nt22msNkPO1MkD5/iBvnjrEdYCmMO2KpEXTv//j9OeOpLO37Mvui40fB5R5wn9R2MubrrQfpQYkXJehy6dWvkmz2HyWSIktXyYi3sZbKBwAsGw/hr2yb/ZL22eq94VNgmL9R0qSvg4jBSMdcdsiWuTaaHYyRIO+sq3tbFrWxjSIsak2170jBj/6YuHI9hlJDKe7/cdBOtlYv9DEX+cz+VLFYke+pAz//A0+PYZr
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f59b-8994-40ca-8c1d-5e5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:55.000Z" ,
"modified" : "2016-03-02T14:15:55.000Z" ,
"pattern" : "[file:name = 'scan_135309.doc' AND file:hashes.SHA1 = 'c01dc691c071c42ce2ed382f2106f3f0a4449413']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56d6f59c-c0e8-43ff-8d26-5e5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-02T14:15:56.000Z" ,
"modified" : "2016-03-02T14:15:56.000Z" ,
"pattern" : "[file:name = 'scan_135309.doc' AND file:hashes.SHA256 = '29a7266f5bf6a7d1426ddc4e6d3fcd3f0452086a501b06bbfa9709bcfbdf0b9e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-02T14:15:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
