2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--56e2a7d9-097c-4fae-9f76-4cac950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:30.000Z" ,
"modified" : "2016-03-11T15:45:30.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--56e2a7d9-097c-4fae-9f76-4cac950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:30.000Z" ,
"modified" : "2016-03-11T15:45:30.000Z" ,
"name" : "Malspam (2016-03-11) - Locky" ,
"published" : "2016-03-11T16:04:10Z" ,
"object_refs" : [
"indicator--56e2ac38-39a8-41d1-8be4-4416950d210f" ,
"indicator--56e2ac39-d3d0-4638-b112-4a8a950d210f" ,
"indicator--56e2ac3a-5894-466e-972d-404f950d210f" ,
"indicator--56e2ac3a-7b9c-4adc-b36a-4e25950d210f" ,
"indicator--56e2ac3b-9efc-4073-81f1-4636950d210f" ,
"indicator--56e2ac3c-f35c-43ed-8cfc-43e2950d210f" ,
"indicator--56e2ac3c-ef60-48e3-9ffe-4923950d210f" ,
"indicator--56e2ac3d-6358-4eb8-9df9-493b950d210f" ,
"indicator--56e2ac3d-82f0-42ce-ba4a-40c2950d210f" ,
"indicator--56e2ac3e-3b5c-4f79-8e8f-4184950d210f" ,
"indicator--56e2ac3e-ca78-49f5-903c-44b0950d210f" ,
"indicator--56e2ac3f-1488-4cd6-9b86-450c950d210f" ,
"indicator--56e2ac40-fea8-45df-8079-41ea950d210f" ,
"indicator--56e2ac40-dc0c-4157-9cdb-444f950d210f" ,
"indicator--56e2ac41-d3e0-4f62-9c2d-402b950d210f" ,
"indicator--56e2ac42-4590-4f1b-8b53-47e7950d210f" ,
"indicator--56e2ac42-24b0-4a9a-8c7d-4cfb950d210f" ,
"indicator--56e2ac43-d7d4-42fa-82d2-4b14950d210f" ,
"indicator--56e2ac44-3098-4b9a-9bf2-4102950d210f" ,
"indicator--56e2ac44-11ac-48f6-8043-4185950d210f" ,
"indicator--56e2ac45-4514-47bc-86f7-4f23950d210f" ,
"indicator--56e2ac45-25f0-40a0-9a4c-4617950d210f" ,
"indicator--56e2ac46-0644-43c3-b122-42c1950d210f" ,
"indicator--56e2ac47-ac04-48ad-a155-4f30950d210f" ,
"indicator--56e2ac47-d58c-4b58-80aa-416d950d210f" ,
"indicator--56e2ac48-75c0-48eb-8b06-4338950d210f" ,
"indicator--56e2ac49-88bc-4260-bcff-4a51950d210f" ,
"indicator--56e2ac49-c420-4803-8d06-40df950d210f" ,
"indicator--56e2ac4a-6a30-4e6d-b15b-4083950d210f" ,
"indicator--56e2ac4b-6d08-49bf-937d-4959950d210f" ,
"indicator--56e2ac4c-6a2c-408c-98ba-4cdf950d210f" ,
"indicator--56e2ac4c-4f40-4b67-9169-40dc950d210f" ,
"indicator--56e2ac4d-1778-45ec-af39-4505950d210f" ,
"indicator--56e2ac4e-dabc-4cd8-b85c-44fe950d210f" ,
"indicator--56e2ac4e-a798-4102-9e7c-432e950d210f" ,
"indicator--56e2ac4f-3d04-4d29-bfb4-40d7950d210f" ,
"indicator--56e2ac50-7168-4011-b461-497f950d210f" ,
"indicator--56e2ac50-fe54-4a2f-837b-4af2950d210f" ,
"indicator--56e2ac51-8020-45bd-b682-4f53950d210f" ,
"indicator--56e2ac52-0a58-4b48-a9d2-44b8950d210f" ,
"indicator--56e2ac53-4658-4e50-b0b8-4c9c950d210f" ,
"indicator--56e2ac53-8e84-49e1-a89d-4bb8950d210f" ,
"indicator--56e2ac54-51fc-4f4b-b1c3-4eaa950d210f" ,
"indicator--56e2ac55-5e24-4fd8-96c2-4ebd950d210f" ,
"indicator--56e2ac55-db88-41fd-977e-4446950d210f" ,
"indicator--56e2ac56-c4a0-4094-9b6c-4a7f950d210f" ,
"indicator--56e2ac57-ae74-48d1-bc97-4587950d210f" ,
"indicator--56e2ac58-ca98-44bc-95ef-49ed950d210f" ,
"indicator--56e2b14f-a034-4bc3-9c63-44c0950d210f" ,
"indicator--56e2b150-6e1c-45a3-b3ed-4b72950d210f" ,
"indicator--56e2b150-88dc-4239-a181-408d950d210f" ,
"indicator--56e2b150-e014-4d8c-93f9-48c5950d210f" ,
"indicator--56e2b151-f3a8-4873-8183-4923950d210f" ,
"indicator--56e2b151-0e84-4584-83fa-4b8f950d210f" ,
"indicator--56e2b151-0250-43cd-a7a9-4e47950d210f" ,
"indicator--56e2b152-9b18-44e3-904d-47db950d210f" ,
"indicator--56e2b152-53ec-4090-b45b-4de7950d210f" ,
"indicator--56e2b152-9fd0-4f47-b981-475a950d210f" ,
"indicator--56e2b153-b11c-4350-8b52-42ba950d210f" ,
"indicator--56e2b153-6520-45de-b98c-4003950d210f" ,
"indicator--56e2b153-0c98-49fb-8ddb-4ecf950d210f" ,
"indicator--56e2b154-25bc-4a8f-bd49-45de950d210f" ,
"indicator--56e2b154-cbe4-4334-967e-4776950d210f" ,
"indicator--56e2b154-4d78-4adf-8e3a-4df9950d210f" ,
"indicator--56e2b155-771c-4070-8f9a-4c67950d210f" ,
"indicator--56e2b155-6650-4c91-a620-4303950d210f" ,
"indicator--56e2b155-a4dc-482e-be29-45a5950d210f" ,
"indicator--56e2b156-2e98-484e-82b1-4a63950d210f" ,
"indicator--56e2b156-b1d0-415d-aef9-40b2950d210f" ,
"indicator--56e2b157-4a10-4863-aa46-40e3950d210f" ,
"indicator--56e2b157-6e24-4980-8e7b-49cc950d210f" ,
"indicator--56e2b157-8514-4d3f-ba36-4237950d210f" ,
"indicator--56e2b499-dfac-42df-97fa-475d950d210f" ,
"indicator--56e2b499-202c-4307-9822-4d46950d210f" ,
"indicator--56e2b49a-96c8-429f-b1a7-4c60950d210f" ,
"indicator--56e2b49a-eed4-4f01-a575-462a950d210f" ,
"indicator--56e2b49a-8af8-4f1c-ac7c-4a87950d210f" ,
"indicator--56e2b49b-2d40-467d-9651-40f9950d210f" ,
"indicator--56e2b49b-cedc-43a5-bc35-4e70950d210f" ,
"indicator--56e2b49b-dd28-4d28-9478-41cf950d210f" ,
"indicator--56e2b49c-f9a8-4c29-90f3-41d9950d210f" ,
"indicator--56e2b49c-385c-4042-9595-41ae950d210f" ,
"indicator--56e2b49c-1c68-4cce-ab60-482a950d210f" ,
"indicator--56e2b49d-a158-41e4-bb2a-4185950d210f" ,
"indicator--56e2b49d-22d0-4129-9579-4468950d210f" ,
"indicator--56e2b49d-1d98-45ed-8077-4ed7950d210f" ,
"indicator--56e2b532-03d8-421b-8041-46bc950d210f" ,
"indicator--56e2b533-43f8-4a6a-8ffa-417e950d210f" ,
"indicator--56e2b534-a7f0-4508-b006-4c87950d210f" ,
"observed-data--56e2b581-9200-49b9-994d-4cb8950d210f" ,
"email-message--56e2b581-9200-49b9-994d-4cb8950d210f" ,
"x-misp-attribute--56e2b630-c57c-4fd5-bbda-4cb0950d210f" ,
"observed-data--56e2c2aa-b95c-4d86-bb2a-482e02de0b81" ,
"url--56e2c2aa-b95c-4d86-bb2a-482e02de0b81" ,
"observed-data--56e2c2aa-e180-4caa-897d-463f02de0b81" ,
"url--56e2c2aa-e180-4caa-897d-463f02de0b81" ,
"observed-data--56e2c2aa-7f0c-4cc1-93d1-450402de0b81" ,
"url--56e2c2aa-7f0c-4cc1-93d1-450402de0b81" ,
"observed-data--56e2c2ab-2b30-4777-812c-4eda02de0b81" ,
"url--56e2c2ab-2b30-4777-812c-4eda02de0b81" ,
"observed-data--56e2c2ab-73d4-4f41-83f1-414a02de0b81" ,
"url--56e2c2ab-73d4-4f41-83f1-414a02de0b81" ,
"observed-data--56e2c2ab-d2d8-4511-be39-4cbb02de0b81" ,
"url--56e2c2ab-d2d8-4511-be39-4cbb02de0b81" ,
"observed-data--56e2c2ab-db08-4c8b-b084-46c702de0b81" ,
"url--56e2c2ab-db08-4c8b-b084-46c702de0b81" ,
"observed-data--56e2c2ac-7c10-4aad-81e7-474f02de0b81" ,
"url--56e2c2ac-7c10-4aad-81e7-474f02de0b81" ,
"observed-data--56e2c2ac-c8cc-4b5a-8e77-4e0d02de0b81" ,
"url--56e2c2ac-c8cc-4b5a-8e77-4e0d02de0b81" ,
"observed-data--56e2c2ac-e6e4-4852-a5dd-408f02de0b81" ,
"url--56e2c2ac-e6e4-4852-a5dd-408f02de0b81" ,
"observed-data--56e2c2ad-b018-4b87-b7f4-4c8f02de0b81" ,
"url--56e2c2ad-b018-4b87-b7f4-4c8f02de0b81" ,
"indicator--56e2c7e8-e5a8-4253-9e40-659a950d210f" ,
"indicator--56e2e28a-df44-4bb4-9639-4963950d210f" ,
"indicator--56e2e28a-c9c4-4a5c-8233-4e96950d210f" ,
"indicator--56e2e28b-fda0-4646-92b2-4949950d210f" ,
"indicator--56e2e28b-dbe0-4a9b-b945-4c48950d210f" ,
"indicator--56e2e28b-fb9c-4fc2-9e88-4b19950d210f" ,
"indicator--56e2e28c-7618-4c0f-b8b3-49eb950d210f" ,
"indicator--56e2e28c-65c4-4e05-be5b-4b1c950d210f" ,
"indicator--56e2e28c-05d4-4a82-bf81-4fc6950d210f" ,
"indicator--56e2e28d-3ffc-477f-8d56-45d6950d210f" ,
"indicator--56e2e28d-891c-496d-807f-44c6950d210f" ,
"indicator--56e2e28d-0600-4256-8ab0-43f3950d210f" ,
"indicator--56e2e28e-ae88-4e78-a71b-4e89950d210f" ,
"indicator--56e2e28e-a25c-45b1-86ae-49a2950d210f" ,
"indicator--56e2e28e-3c78-437a-8450-45e3950d210f" ,
"indicator--56e2e28f-3c24-4fde-aa11-42db950d210f" ,
"indicator--56e2e28f-51c8-42b5-bf77-44e6950d210f" ,
"indicator--56e2e28f-1768-4708-b90d-4c56950d210f" ,
"indicator--56e2e290-f488-4401-926a-435f950d210f" ,
"indicator--56e2e290-44c0-44b9-b7b4-41e3950d210f" ,
"indicator--56e2e290-a5b0-4a52-b16b-4f68950d210f" ,
"indicator--56e2e291-34ac-47bd-adec-452c950d210f" ,
"indicator--56e2e291-2040-4585-95fa-49f1950d210f" ,
"indicator--56e2e291-b680-4dc9-a834-4157950d210f" ,
"indicator--56e2e291-6570-4e8e-b78b-4c1f950d210f" ,
"indicator--56e2e292-a914-4098-8246-49c7950d210f" ,
"indicator--56e2e292-60d8-48db-a50e-4465950d210f" ,
"indicator--56e2e2d6-4038-45aa-b53e-4bbd950d210f" ,
"indicator--56e2e2d7-f160-4368-a077-4110950d210f" ,
"indicator--56e2e2d7-3384-49cb-a21e-468e950d210f" ,
"indicator--56e2e2d8-afec-413a-b785-4784950d210f" ,
"indicator--56e2e2d9-08ac-4a2c-9341-4079950d210f" ,
"indicator--56e2e2d9-4668-42b0-a2b7-4af5950d210f" ,
"indicator--56e2e2da-31b4-414d-9782-4452950d210f" ,
"indicator--56e2e2db-d840-45f8-86e7-4caf950d210f" ,
"indicator--56e2e2db-d55c-4a2d-953e-4127950d210f" ,
"indicator--56e2e2dc-cf78-4df3-8251-4363950d210f" ,
"indicator--56e2e2dc-3278-4e9d-965c-4021950d210f" ,
"indicator--56e2e2dd-f6e4-4427-8fd3-41c5950d210f" ,
"indicator--56e2e2de-34a0-42f5-8264-46fe950d210f" ,
"indicator--56e2e2de-dfd8-417a-9922-480c950d210f" ,
"indicator--56e2e2df-c8d0-4383-a2db-4410950d210f" ,
"indicator--56e2e2e0-a4ec-40ae-a40f-4f28950d210f" ,
"indicator--56e2e2e0-e8c8-4089-a3ad-4966950d210f" ,
"indicator--56e2e2e1-f398-4716-a679-4ca8950d210f" ,
"indicator--56e2e2e2-b448-48b5-999c-48f7950d210f" ,
"indicator--56e2e2e2-e8c4-46c4-9832-49c3950d210f" ,
"indicator--56e2e2e3-dc10-42dc-a566-46a1950d210f" ,
"indicator--56e2e2e4-e4bc-47c3-ac6f-4240950d210f" ,
"indicator--56e2e2e4-bc2c-4748-9dc5-482e950d210f" ,
"indicator--56e2e2e5-9074-42cc-a04d-4c4b950d210f" ,
"indicator--56e2e2e6-3c7c-4112-8d63-4844950d210f" ,
"indicator--56e2e2e6-6210-4141-b937-47b4950d210f" ,
"indicator--56e2e2e7-d8b8-4c6d-98e4-4ae1950d210f" ,
"indicator--56e2e2e8-d23c-4199-8dfd-462e950d210f" ,
"indicator--56e2e2e8-7d60-4215-bf9d-41a9950d210f" ,
"indicator--56e2e2e9-f314-4fac-b5a0-4e0d950d210f" ,
"indicator--56e2e2ea-74e4-42be-bf82-4e3d950d210f" ,
"indicator--56e2e2ea-fe64-4704-b7f6-40c4950d210f" ,
"indicator--56e2e2eb-e60c-4d85-85e6-40c2950d210f" ,
"indicator--56e2e2ec-a794-4820-b42c-4caa950d210f" ,
"indicator--56e2e2ed-b874-4cf2-8cb4-4f6d950d210f" ,
"indicator--56e2e2ed-c398-4414-aee0-40d8950d210f" ,
"indicator--56e2e2ee-0d40-4330-9104-4174950d210f" ,
"indicator--56e2e2ef-2ed8-49ab-8edf-4790950d210f" ,
"indicator--56e2e2ef-93f0-4b5c-a152-4468950d210f" ,
"indicator--56e2e2f0-bce4-461b-8ba4-4225950d210f" ,
"indicator--56e2e2f1-4c4c-4617-918f-462e950d210f" ,
"indicator--56e2e2f1-ef5c-4882-bbcd-4545950d210f" ,
"indicator--56e2e4de-52b0-43e6-bc64-4ed4950d210f" ,
"indicator--56e2e4df-20a8-4f3f-815e-44b9950d210f" ,
"indicator--56e2e4df-69f8-45a7-97b5-4908950d210f" ,
"indicator--56e2e4e0-3314-4509-8c2c-4926950d210f" ,
"indicator--56e2e4e1-f5e4-414b-9e0f-4757950d210f" ,
"indicator--56e2e4e1-a0f8-4714-a3d8-458a950d210f" ,
"indicator--56e2e4e2-0bd8-456b-94ed-48bc950d210f" ,
"indicator--56e2e4e3-b330-4ab1-b91a-4ab8950d210f" ,
"indicator--56e2e4e3-7934-49f6-b4f8-4f37950d210f" ,
"indicator--56e2e4e4-7940-47cd-af34-47cb950d210f" ,
"indicator--56e2e4e5-1d54-445c-b5af-41e5950d210f" ,
"indicator--56e2e4e6-f568-404b-937e-40ff950d210f" ,
"indicator--56e2e4e6-5dbc-49bc-a644-449a950d210f" ,
"indicator--56e2e4e7-3cfc-462a-8ac2-4153950d210f" ,
"indicator--56e2e4e8-70c4-4cf3-a85d-4029950d210f" ,
"indicator--56e2e4e8-cda4-43ff-b0d7-4202950d210f" ,
"indicator--56e2e4e9-8c68-4618-a45e-4be4950d210f" ,
"indicator--56e2e4ea-d720-48ef-b2a2-4f6f950d210f" ,
"indicator--56e2e4eb-9d58-469b-abc6-4446950d210f" ,
"indicator--56e2e4eb-c684-47f4-b3b3-4e8d950d210f" ,
"indicator--56e2e4ec-7d24-4e5d-9a92-429b950d210f" ,
"indicator--56e2e6d5-0d80-4eeb-972a-4b00950d210f" ,
"observed-data--56e2e81a-90a8-4300-b1ca-4f9402de0b81" ,
"url--56e2e81a-90a8-4300-b1ca-4f9402de0b81" ,
"observed-data--56e2e81b-aa00-4883-98ed-40b402de0b81" ,
"url--56e2e81b-aa00-4883-98ed-40b402de0b81" ,
"observed-data--56e2e81b-4200-4cdd-bc5f-4cc602de0b81" ,
"url--56e2e81b-4200-4cdd-bc5f-4cc602de0b81" ,
"observed-data--56e2e81b-2068-4856-b447-42ca02de0b81" ,
"url--56e2e81b-2068-4856-b447-42ca02de0b81" ,
"observed-data--56e2e81c-64c0-4eaf-914f-4fde02de0b81" ,
"url--56e2e81c-64c0-4eaf-914f-4fde02de0b81" ,
"observed-data--56e2e81c-fbd8-4201-b674-408602de0b81" ,
"url--56e2e81c-fbd8-4201-b674-408602de0b81" ,
"observed-data--56e2e81c-ecf8-4462-a8d1-4cd502de0b81" ,
"url--56e2e81c-ecf8-4462-a8d1-4cd502de0b81" ,
"observed-data--56e2e81c-dea8-4f73-bab3-402f02de0b81" ,
"url--56e2e81c-dea8-4f73-bab3-402f02de0b81" ,
"observed-data--56e2e81d-2fc4-4455-b59c-47ec02de0b81" ,
"url--56e2e81d-2fc4-4455-b59c-47ec02de0b81" ,
"observed-data--56e2e81d-80a8-4b36-8ed0-426a02de0b81" ,
"url--56e2e81d-80a8-4b36-8ed0-426a02de0b81" ,
"observed-data--56e2e81d-1500-465f-ad9c-480902de0b81" ,
"url--56e2e81d-1500-465f-ad9c-480902de0b81" ,
"observed-data--56e2e81e-acac-4460-9953-408702de0b81" ,
"url--56e2e81e-acac-4460-9953-408702de0b81" ,
"observed-data--56e2e81e-9090-4007-aa56-441802de0b81" ,
"url--56e2e81e-9090-4007-aa56-441802de0b81" ,
"observed-data--56e2e81e-c780-43b2-b23b-4f4002de0b81" ,
"url--56e2e81e-c780-43b2-b23b-4f4002de0b81" ,
"observed-data--56e2e81f-73f8-46f7-a777-422602de0b81" ,
"url--56e2e81f-73f8-46f7-a777-422602de0b81" ,
"observed-data--56e2e81f-6094-404e-84ab-411702de0b81" ,
"url--56e2e81f-6094-404e-84ab-411702de0b81" ,
"observed-data--56e2e81f-3584-4a61-be41-469a02de0b81" ,
"url--56e2e81f-3584-4a61-be41-469a02de0b81" ,
"observed-data--56e2e81f-7d6c-45fb-9b37-472902de0b81" ,
"url--56e2e81f-7d6c-45fb-9b37-472902de0b81" ,
"observed-data--56e2e820-1ba8-4942-a756-4be502de0b81" ,
"url--56e2e820-1ba8-4942-a756-4be502de0b81" ,
"observed-data--56e2e820-da2c-468b-b1bd-410902de0b81" ,
"url--56e2e820-da2c-468b-b1bd-410902de0b81" ,
"observed-data--56e2e820-09f0-4552-b12a-440902de0b81" ,
"url--56e2e820-09f0-4552-b12a-440902de0b81" ,
"observed-data--56e2e821-9d78-4838-b5e6-408f02de0b81" ,
"url--56e2e821-9d78-4838-b5e6-408f02de0b81" ,
"observed-data--56e2e821-095c-4a0b-b4ef-4f5a02de0b81" ,
"url--56e2e821-095c-4a0b-b4ef-4f5a02de0b81" ,
"observed-data--56e2e821-9934-4c65-89a8-470802de0b81" ,
"url--56e2e821-9934-4c65-89a8-470802de0b81" ,
"indicator--56e2eb45-a1e4-44ed-81e4-40c3950d210f" ,
"indicator--56e2eb48-5f18-4a0a-b81c-6599950d210f" ,
"indicator--56e2eb49-9c00-4b81-811e-4f32950d210f" ,
"indicator--56e2eb4b-3ee0-4eaa-9e3f-410c950d210f"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"circl:incident-classification=\"malware\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac38-39a8-41d1-8be4-4416950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M B b a 0 h Y Y N h 7 V A o A A L c V A A A g A B w A M G I 4 Z j R m M 2 Q 1 N T R h M T F h Z T R l M z M x Z T B l Z m I 3 Y T Z j N 2 N V V A k A A z i s 4 l Y 4 r O J W d X g L A A E E I Q A A A A Q h A A A A I j Y W n b 4 V x y J 0 J p W 1 m y z X t f L q d K E G K T y S w B K J d q k W K M u P v T g d Y + q 2 u d s 6 k G y 3 P I y r c A R g 8 o Y p D M i g 9 f O b X t i u D y W M y i Q 1 t n y t q 5 f q p + q o 2 Y Z 7 m O n L j P 6 E K + 4 D Y R H W P M O / 3 f L R q c + s 5 M D Y p + 8 n J p m h A S b g G h c v O X A z 7 z O o 4 e a R + u C e 2 q 7 Z 39 U C Z S V w j Q + 0 A H Z 8 S A z r m y V 1 r n V Z 3 P h s t j B H w U V H c B V f i N k z 7 b e p Y x l 8 m o f G e k f 0 N k W V V r Y Y 0 24 g v 8 f T v S d E 1 q E 9 k 6 Q I K 2 r 4 I l s F D 3 Y f U 36 + o n h N D r 3 E X K d w 7 e R r 1 z 4 B 6 u 44 t 3 P a S S B t I n X 4 P N v T 45 o 7 x 0 N v 9429 J Y l G W K z u 4 K + u c D K n G L P b U E S o g L N B 18 K 5 x H X I m 1 s H k A 6 w + R j r x 30 s L X S / S U s i x i F r C 0 2 i D e / o I A U K w Q v R l m W x / s C 5 m 7 S d h A S K J l I L V C H + e e W q K 6 g q P Y J u A n 0 v w n 5 B A K M 7 V j E A R O R 0 7 v v I V + C L y y 7 X p W X G D L y q Q Y u y O + + 4 p W T t X i y C h f B P y t 46 a O k j u M s f 0 K V 1 x F q J + h 1 e G i / c g t 7 a j 9 n p e n d + P i V L + M E E j H 4 a w B y E W c j M O o J y J v 1 T l i R X E Z Z J a r Y S 1 p 1 V n s G n t 9 O a d O l s U F 3 A j 3 + L J 6 a l c p O l i 7 Y p K w Y N y 5 e D t D a l N h 3 n d t 6 T k G 8 y 91 p T J j t R 67 / 2 n / L z 74 W b 1 T t 8 d Z U y 3 B c y 8 e t z s s e 0 F 2 F 2 A Q O M P W W 0 q F n a 5 R I m R n 7 F D 0 g C V 6 v O Q R o a T a O V k A H g q z f M y K 9 Q 4 q c + 1 I 1 M 8 P Y R s N 6 C r B e g w N k e U x / G a Y y u T S v 7 H M n 27 T T N w O A 6 I D o X E y z S v Z 73 n 827 C U 1 D l X 8 M C v i r 21 y 0 S Y y S o + T W o Z N L F L y A D 1 b n j q U 3 P D 0 Q v i 8 i R 3 Z N 4 Q r k I 89 Z L r i b a u Q s m b y x I s Y X X v Z / s V p q 1 X l f I T 1 F W 3 l p h 6 i Z H L 4 l k 36 E X E x U 3 K z L O j b Y K N Q V U U M v / D J o u l l U A r S e A f z H q V y l a E V u k a 5 a L F x V D Q 6 t n W f I E D / q J h d 0 p v k z J 0 X 87 D 6 S l 9 Z r E 0 L X R + O b N o 9 D v M e p + K L Q N p r g 52 B 5 O B d p w C J 8 e n I M i P w m p C 2 u G H W / l q g V M + g b h V a A g b P e / G e N z Q k s U q L y O O T Z C Q q C C K 5 R B e V N g c l G D a C 9 e y W 9 a v I B u i P G h + u z 10 / j m Q D p D I J K c / t K 7 o 2 H d c p 2 i r g R 4 q o 4 J N 5 j C b d w 6 / a F K v G X J g 9 j U T n h 6 g w O 9 z t Q 14 r 9 F 0 c 8 N 4 o m g V z X P I x 31 k f L v / D V J u / e i x P e W h b R I D 9 b J K 3 L 4 u e 1 v + N E 5 + m G k n F L 76 v k L g f M z 0 v / 2 A 1 g a U J P p a S 8 T A j 4 d C S r q p H B h m w g 28 n k N k d J 5 u x A 3 K n M r U a Y d O l n i J B y V / 9 P 3 c k 8 h e F H L g y H w l 5 v B z u K a y c K Q e 3 z r z F R j g D Z 4 n 7 c + 82 t 0 I r W 2 x m 5 d N f R o y z M D n E U z j N j d t 53 v 2 u 3 b K 7 i W y N 4 F Y z t g G V / J L e I y o 7 t k y H I 73 Z 2 x 7 T 5 r 0 x y A m q P k Y k S t 7 r 5 C M 9 i B e b u o K f u 945 d Z 13 X K 7 t q c Y v L Q 8 B 6 l E F 8 B y 3 D A f F 2 f C C y N W 9 c c o b S f H x 0 Y B y I 6 L 2 a W U O z d L l B N i V J E k S C O O U H e H V D E U I H E I + k h k 8 d L d f v 399 n D e u t H O p Z r k H 4 n 120 g O n D n X Z y X U 9 W V / 1 Q q u Q h R I W F N j Z f T o o t d N N 1 / 4 f C s 5 p m H 9 M E Y t 98 / G E D y P Y M a f k d P y a f H N R M i k 54 K s z j 89 w l G 5 s 3 b Z H D y K M 5 x s g z / z w 9 v 665 j c D r m U g 9 i D P 9 c v m V i c G V J p B d f N R O x f c a L / s c 4 n q X h y 9 v D P P U j c i n B b a G a X o g P 3 I h e E b r m m T C I W T 0 J N r B F M o k e W y M L S c u v x o 0 o X S 66 k p a 28 b p x m O z X D w G C P I S y w x f 1 Y r J u x c q C k H e q 2 M s 0 v + j 45 f e i 9 a Z p A V m 6 Q U p X i L B 5 A H / c P j E F 7 s i Z u y o s 455 C Y a T s s q g w y P N 88 I L n m g g / g W + 9 I H O J V k y u t r h g 5 J 2 O W K T 65 l U X K p o x z B l A O f Y 4 d Y 3 G 5 I L 4 / d z o 2 D q r b W / w e N L Z + 9 o D m P k a j 5 d v O s 7 a X y S 22 H Z F u P D J a L l r 7 o g e + s 5 L H v l U e 1 w K A b O w C l g / F l / I p d P Q + I b u C a i 0 t O E k R 0 C r l b l X Y q 9 y p a u x f N 6 B I N N k 5 q D R x J / B 0 Q g o p k a 8 s 6 Y g G e X L q k 2 J E S T a f 6 Y W 4 y M M G o T J G C 0 C z C h Q i M G K x 43 v Z V F c E D F v C o O L p i W 2 r 79 F P d p T F P 4 x z d I v f S 3 P m B K Z X d K E v R b a U b + t O v P F W m n C g E 7 d 2 D c j I O 4 C J N k G W g M u Y J T h s l E h F y 8 u c l S l A f h D q J F a U m 9 W k E W L H p 8 q J K p U H X K / Q 0 k 2e09 b V A v s e 0 I 0 p I n P I 4 N V r O Z N K 1 F j i N A P x 8 F Y J 8 T A 7 j X j M x s 5 N f T N 6 u B W E n Z z N a q F C O N T 2 L o D S v k j 3 q H C e b U f E b k b Q 8 w n n E Z b G d q I E e U t v C n K r U W f u H I 70 q U I O l N 7 Z V b 164 H C S B Q l 2 N 2 g N R l U p W O R 2 S 8 d b c p 0 y O S 2 K 9 w N H d W q q Q u Q K x L O u h 3 A d a J a N 3 I z D h L g l + N U S 4 h A k i Q C k L K w H 91 b x G G M J n j K u n + I + o w I B w x X n v H R P / D / a F B 4 q 7 k 8 I C 8 K m E z g t N U W X u l t l U e d 5 S s h d 6 o i 1 H 79 A O V G q z 3 V k L 6 Q 4 d / Q J 2 V I W 5 g I i f h x C U C s R D E 8 w J m y g m d K Z 8 F n c b t S K E m e O x s C g z g H X m b T U n y w Y A V e 4 e F w O W V 74 d y k q M e K z P O u 576 i 48 v A B L A c q G f l l b g M I 4 o m a n / R x e v p G X t z / s Q i B F X p i E p H 0 8 i O S x 1 S s A 4 J P 4 j + A L z C l U r f C f 2 T L y U 4 T z f i I I / 7 K s J i t r x X H q z 2 N G p g n V P l K n V N g F 8 r L W T Y G b U q k W H V v d t r 0 1 z F W W F Q / K R i 2 S m n w 95 R + m 1 V u v H N 0 p U B d f t x m a 6 v g 83 q Q K T R Z h f m P Z m 3 b o z + F 7 V M D w q N U S U w 6 o y O f 0 u 1 i N c A s W P W K b 0 d Z A X 8 k c f A E 13 g C B K S M 4 r T Q k / x l y E Y V 25 M i J P N L W H s 8 r g H h U K U I l X V g y v m U X F d y l E Y Y 1 P V z u Q i n y w 3 d H m o k 2 H C c y m j Q + v 34 p L 72 J d w k c x N P 7 C T P s W g f c q 0 0 4 V F + y r a l I J x P T s s W j C v i c 8 Y M w A U o T H / p m P X 5 n Q 9 p H p C T T I U b r C k q M Y 8 m 3 R z 5 R u y F + 9 g h k X Z v c O p 9 I x q J u 9 V k F / t b h 28 n x K 98 L E + + O h P C h S s A w K 4 J 1 + G L q E k 5 w v s + N J z Q P N n g N 1 b w l e v L z 7 o 0 m v P w u r T N p L + b V k z + v z 9 O p K 3 J m b o z o y 122 Q E L q N B m W C Q c z R 3 h G q 8 b d W r a j o A 0 y e c g X F 424 U 9 o m j Y d C 9 c Q t 2 u 7 b x 7 k 4 u e g F F o M + 17 i U s H V Y A 8 g K N a g 0 F W e K 6 r + 23 d g r G W m z d X G 53 b W B i r 5 H E g s K 32 N 4 g X 8 l q k v z u + W T s b b N B 7 B K u 4 B d y a G J x M B v p Q 0 v U s 71 G e Z 631 J l h G l n / n I r 9 H l G k r e 4 d T l T R L O V n e p a T X L H u p F n a 90 n q 3 r Q T 9 Q P t t T d w r W U P c u y M + 92 + A o n c 5 R P r t T q U A 9 L h i x Y b L O w j A B 5 F J R B 0 A Y M V D B S J 8 B w l 9 n L O N / R 8 o 1 B V g t 4 E h q x N T k v x r c E C b 0 y P u y e L a J E Q i m E 7 O Y p o 80 c w Y I z z q Z K h 6 Z t E U M p Q p A G / O 5 X y j A / s s Z U n l P Y p 9 V 4 U E G u S W B V + U L s 3 j 5 k Y 7 N A H b B A O 0 l B L B w h Y Y N h 7 V A o A A L c V A A B Q S w M E C g A J A A A A w F t r S D F z q x Y c A A A A E A A A A C 0 A H A A w Y j h m N G Y z Z D U 1 N G E x M W F l N G U z M z F l M G V m Y j d h N m M 3 Y y 5 m a W x l b m F t Z S 50 e H R V V A k A A z i s 4 l Y 4 r O J W d X g L A A E E I Q A A A A Q h A A A A l w C z j V 69 y U L I r 8 I u a T k V 257 m 7 L r V W t Y T X b T 60 V B L B w g x c 6 s W H A A A A B A A A A B Q S w E C H g M U A A k A C A D A W 2 t I W G D Y e 1 Q K A A C 3 F Q A A I A A Y A A A A A A A B A A A A p I E A A A A A M G I 4 Z j R m M 2 Q 1 N T R h M T F h Z T R l M z M x Z T B l Z m I 3 Y T Z j N 2 N V V A U A A z i s 4 l Z 1 e A s A A Q Q h A A A A B C E A A A B Q S w E C H g M K A A k A A A D A W 2 t I M X O r F h w A A A A Q A A A A L Q
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac39-d3d0-4638-b112-4a8a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'AJK4145208904.js' AND file:hashes.SHA1 = '6c3ad8b07c360517ecad8e12c53611de812587f0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac3a-5894-466e-972d-404f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'AJK4145208904.js' AND file:hashes.SHA256 = 'd3090efdb8b147c970f2628ee7d881676bab8b52e5dacf2a90b9218c1a0e0b5e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac3a-7b9c-4adc-b36a-4e25950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M F b a 0 i N N 7 k L F Q o A A H I V A A A g A B w A N G E x N T E 1 Y T Q 2 Z G E 2 N z l j Y m Q w M j l k N m I x M j E y Y z R k Y j d V V A k A A z q s 4 l Y 6 r O J W d X g L A A E E I Q A A A A Q h A A A A r 8 S b z 2 c u 0 H A P / Z i i a h 4 z Z K 2 L c p o i 1 X 1 J Z A 4 + x T 4 I K j W k 3 O n 5 F n G 2 o N k z 8 q 1 O 915 m Q l t U A F 0 6 + 1 m j g a J d L p I i K l W G x C w 42 f F B U Z r I k d e f J A P V O J G e w l s H 9 G m w 1 m + 39 s h 3 n 71 M d x 9 z 9 / Q S z W Y D f M s + 8 s T Z 5 U w k u T B 7 d 8 A M 7 O r a E f M 3 C J X u P m l G R L T X B V B T K l + f j h G U W l F N A p g 45 O L I + p w 0 r r g X W Q f g q P 9 T k t Z P T F 5 a x b P M 3 I R J h F f i x C l N D y h 45 J 1 K g 8 G 4 t G 23 R n / I 6 y Z w x T E L h R 6 / N j f 9 i j P P G R s a p M Y A J a g C l 1 V i k s g a L E Y c Y 0 d L j U S U X C 3 m 1 F B b A B 3 O A Q a / U L 0 E g 42 S l 3 t d Y C F 17 Z M g j 1 p 8 R y T t x u F R q Q F 2 Z h T L I p k m 5 v c b L d W + Q x E E 8 K 94 q A e S 0 u 0 M q 6 o A 1 G B w X e / m H S O s C 9 E D r K v d 4 V d t s 51 / q W g r P m U / c l f p L O X B N U 1 n p D 7 k 2 o c B g L d R o 7 T C I x U M h g K n Q v 2 r n Z g G h U O a u 4 w c e X q / e g 7 + N z x M f b Z U j w H s C W W U a 8 r M g 3 v 8 X s M O R h x + l H 7E6 c C 2 y 0 h + Q F Y / 1 w b X 2 x V W u w z e Y 0 W P R h f 0 7 a 8 t L 8 n x p K v V p w 2 o m j Y S U Y r Y S 8 Y Q y U 2 a Z S N r r l q c g A M 1 c y H L b d b F / 9 V v P P T C K u y E e N k H G 90 o 1 Z R + 6 m t M F K h 5 B H Y G e g T A A j Q t 9 c A r V C m Y s l O r Y Y O A Y k B S 96 i O G k l C b m 4 d B D e c D o 3 w z z O C t S F h Z u o y A e z l Q m v A j V s Z z h T 9 T w o x a W v m s S K y M c + C 0 x Z P F 8 B d Q K y N 6 Z G H X a y k q f v a X Y z f R o 9 M / Y p 9 L 34 n a 71 s N E h z 2 u g 795 B 2 o 5 F E S 9 z I M B 0 t E i f Z F V K 9 v C d 97 S p s L M D 2 S 2 Y m o + H u F s 3 D w V D W B w H p g l t G I d N j v X 2 z s Y W g + 8 m s Y Y s X R w O q c f w 2 N l R x I R 8 a + 8 V J j L m G A O 4 h d F T 9 v 2 q 9 n G S k b 97 K / S W w 919 O 6 w C 7 u D j O L A / s a N q A O J L 5 A I V + w 9 w I 0 v B U 0 p k Y o 1 f f C O e l 6 a Z 10 U a 4 r V O 9 k f Q I E q H S x q t 5 E f + A s 0 i o x Z 89 U N c Z q U w e 26 c c 5 H 6 k M n x n + 5 V V 9 t / a y Z c X 1 Y y n D Y o H p r C f C s n g 9 k d h 5 q 3 l D d Q 4e8 T z z + f S c t z m T o / 97 A v W p s x v c A D Q h q u g N p M m 2 C G 0 v T y Y O D q w F 0 U b c V k g r o m 6 Q 6 T s F m o l / f B r t z u l 0 R G i P C S Q Z 5 g B W + v Z e 7 w B L r N n x m 1 h 0 Y x Y 2 W X y F 44 O c x 41 C P f G r D f J X d v y z Y 9 S Y 3 B L F m J V K 8 u 3907 S D Y Y k m E t 5 G 2 o 2 d H D h t 2 g l g / R s S i L O x o 1 A z 970 N E Y j B 6 B + L x z 3 m X w H 0 l N z A y D q T b O h 0 K D p T b V S f + I Q d 6 S 3 I / e W s c + o B M l g N d C 72 z F C 8 h A u j 51 C T f L n Z 4 v r T E W B 8 i W 9 z c g 7 v R U c g H E e c h 8 M s H / B v b 94 N S H 9 q Q W C K v n G F 8 v 0 g O X B 7 d k G a x s i + 1 p a e l O s 0 d 4 M c U H h c 11 C q x n A L 78 p s F 9 S Q D f 7E9 H E 4 g K f g Z r 7 d s 0 d r P l U D A I c m t 4 D v O H k W f S 16 V s G S 1 Z 4 O l 0 L K 7 k f M 6 B R h W U R b N U s 0 j x Q b 1 M E Q Z 8 k / S n f G c 11 G 8 B r a f z B A A n Z T B V n g U I + g L 4 / 6 j x i e y G d C q M i + I M o b 7 N M G 70 i A B M z + 1 n I g p T k L r E M x P q 1 i Z J h h E 4 c z r E 7 K R N f q + C y w o y K x K 237 c I 9 E s r f O 56 b z y b c O 3 C h a X u E h Y V j E H i b 60 H 2 q O + O J V 90 + k i 3 M 3 M O R t h g O l h o Z 4 p x W t w d G G E s 4 p F x o S K r e U R r / X 5 D F T 4 + j 4 U C x u v D v R s 1 E A 95 R g 0 b 4 F 0 x v q S 9 u 919 B L 4 A T M 5 t 7 b F D F k m d a 8 W J L P B y p 1 x N B O j p m T m U V l j T 5 I C i 1 Q r 4 A B l R k 75 + F o E n 4 n r v J j x C b I + P C t + Q 9 B n E v P X + 9 k z K U p H 2 R O U 177 Q + 1 p M I E L R X i S 9 y v W 3 E w J d b f g T + I v L A e D Z z D i T l k 2 B k 2 R X Y C 3 k R 8 Z b + Z J E 9 z 6 w u h t w 52 k h B U l w o E R S r e f P x 2 a L q C t H 2 q s v m o n k 3 j y 5 T u A 35 x 5 V L l 5 K n l F X N c f g w P o D U j i e m o + z 8 d b g A e g U 83 c n z F f J J P g Y 0 O K R p 1 U J 9 P h m W F M B 7 S b D + j b G F c p x T W O e R 4 v A 9284 Z s 37 c l 5E7 g x e b o C e Y k W m 4 o / s H + + Q 2 A Z K J i o i o p j q x d s 6 t o C S w / O J k b 5 / 6 I Z U Z Y N B i r j e I C q H z g r Y Z k u 4 g 4 l 9 G 3 + n 2 F r y 0 1 F 70 L c 63 M r f 9 u 5 X u P N G n J b 7 u 4 o 3 o M 2 / N a 0 W B f G C q l 8 J q d R K D N S f 0 M s I e G D i V T z T z 16 U 3 m t M w h t r o K C U S J P x J p f T e D x 262 o 1 f D 2 a A 8 b R d O l e 5 U g y k R g L e w Z q L Q q g + b t t C N c l F P f n F 4 F L V d s s Y w M W z 0 p i x X k O a U F M d p c d N k V R x r v D F n w 0 A m 7 H k P W p O 11 h w i G C D i g 375 Z c s Y u N / I s O b f h h V 54 p V 5 P d Z a 8 n K 2 v I x t h 2 p S 8 G t I s 8 i c 3 H C H D 5 E a 3 W 5 O O B U W b K 0 r 8 z g Y g p 81 y 6 y 87 C y D o G y i E E T z l 7 h H y Q g c K D x d H K j E s p d e q z 9 t Y 60 u z d 3 M e X m 2 J U 45 L c A K y 7 x 6 c B E P 1 X + y 8 U z t 8 W d A M B R G O C V n v f H E h Y x Z m Z D v X 6 i E c y l Y 7 d g M E P k D l q H H o S 7 r i Y L 0 8 b Z t c C v A a 7 Q 1 j b C 8 b D a 7 f H K / 1 O D u a o N d 6 W W p H K / 1 w o s 6 G u 1 w F / 0 F C c B I P T U b Q / o j 8 m w g l h S c V U 5 h E c Y E G 0 m s Q 0 T 1 X U T d E o M P X x 8 T F e l X + p A C O 6 A n o k d h g X 4 Z N o m 8 C n N n J 7 Y 5 K m m o V C w O a K q + t n O / w / f f f u C K K b M 8 A I K h 73 Y y y f Q 5 U y n X 7 k e M I a f Z t M E 1 K S B a O l A 1 Z Y t q O Q o C f D S F c W U k 9 C u l / v S r x H h C w m x M M n I C 0 D w J j 3 E j h / R / i X b O W i 3 h 6 H L J 98 S v 2 H i q p 3 b 0 P F e U k k S F v y u b i d 6 f O q B N H T y 343 R / 28 Q i 3 e Q 74 z 1 g A p s w Z e G k 0 g J I P X h V X m Z 3 N u E h 1 e + v j k B 4 o q d r m K t C n D P d y W 1 s y S y g H k p 6 m L p m 9 A n M a K J c Z p 3 y e 2 + V z i X c Y Q o F u n / Y V w W 5 w v 2 k O m K q + n z J b w q N Z M m j 9 a g v 2 O z d W N w t l H d y p + V n c 9 A W / D H M O 0 L 3 r 8 j F N C 15 / o c K q C I b Z 0 F L j W e n t j L r P R M O f k D l 65 / y H W / v O O F H 2 K s h T W / l z J 4 g n Z h y T b M x / D P C L S X 0 p 9 U x / C 4 w / L I s L U b 11 r R 0 R M c a O p G A N F 8 R p y a E m P p E e p O A W b F 7 E / 0 / V 4 N E u L Q 8 k i p q 3 t B R 0 f l u r e B Y u V C q J t Y O 0 N 4 w Q s Z z 9 u g S / u I h j Q 60 y 5 t I 4 j Y b r j c W e j U H F v G 73 p 8 c Q Z E 3 N Q p 0 N 1 b l u w k K K o S S j s Z c O 8 Z c j 3 y d X E O X 5 m w T u h 1 I v M I H l E b 7 W a z e M D c X 3 f f + b m A J T c J h M g G O s C Q n / w m V 3 s T / Y J G 9 o m e v n 1 J o 5 o O 0 F F E n 7 D b 8 o j i 1 x K G i V y H b z O q u 0 c m K H P Z A 3 F w A e m G 81 n + b g 3 q e S + k Q b 5 B j z E h C p F H 0 H C 64 W m s k M X k S f m 67 W L S 6 z e 4 v 51 H R w f 7 k Y l I r a g m c / + / Y w Q M 9 P r G + K 11 r E 2 k v Y P t i R h n v p N b J G Q X Q I 9 / v t D 9 z i A g O V W o l 1 B L B w i N N 7 k L F Q o A A H I V A A B Q S w M E C g A J A A A A w V t r S N U I t N Y c A A A A E A A A A C 0 A H A A 0 Y T E 1 M T V h N D Z k Y T Y 3 O W N i Z D A y O W Q 2 Y j E y M T J j N G R i N y 5 m a W x l b m F t Z S 50 e H R V V A k A A z q s 4 l Y 6 r O J W d X g L A A E E I Q A A A A Q h A A A A H 7 I i Q L J 0 l I g w W 20 J y 43 X Z U I n M a k j u l A O q x B l G l B L B w j V C L T W H A A A A B A A A A B Q S w E C H g M U A A k A C A D B W 2 t I j T e 5 C x U K A A B y F Q A A I A A Y A A A A A A A B A A A A p I E A A A A A N G E x N T E 1 Y T Q 2 Z G E 2 N z l j Y m Q w M j l k N m I x M j E y Y z R k Y j d V V A U A A z q s 4 l Z 1 e A s A A Q Q h A A A A B C E A A A B Q S w E C H g M K A A k A A A D B W 2 t I 1 Q i 0 1 h w A A A A Q A A A A L Q A Y A A A A A A A B A A A A p I F / C g A A N G E x N T E 1 Y T Q 2 Z G E 2 N z l j Y m Q w M j l k N m I x M j E y Y z R k Y j c u Z m l s Z W 5 h b W U u d H h 0 V V
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac3b-9efc-4073-81f1-4636950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'BDI2937409608.js' AND file:hashes.SHA1 = 'f8036becd0cd8013f7a220c154b867aca00d484d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac3c-f35c-43ed-8cfc-43e2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'BDI2937409608.js' AND file:hashes.SHA256 = '167507382dbc428a0bbb59bf293f2fa21fc6f5ef6d9c2ff56382976f0b72659a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac3c-ef60-48e3-9ffe-4923950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M J b a 0 g N Y 3 k D G g o A A D Q V A A A g A B w A M T g 5 M j M 3 M D Q 2 Y j c z Y W N i O D V j Z m I 1 Z j Q 5 Z T d j N D k 4 M D Z V V A k A A z y s 4 l Y 8 r O J W d X g L A A E E I Q A A A A Q h A A A A 1 L r k Y A x w Z q d 6 H H X s H q H p j P d T u N 2 D 5 C w j m x k 2 + t C U O e 5 O 9 h j L m n 0 g U Q a v V t X Z z Z j f + / v R T h B f 9 j K t a + R Q v i N i v C 0 O 85 a 8 f H 1 x Y 5 o i B r W L I N S S V A I 5 F D j i + M O 9 B n H v Y E R 0 0 P K o 2 u M b 4 G H f 0 z W M W o 9 n + g 4 f H Q n y h w 35 Q P W Q G p N z d H c 9 M 9 g M u v q y p U 1 m A a 3 k N p k k o n g 1 q e A h u h X z 8 Q r u g p / q O I C f 0 4 r W n E 37 X + H p 1 M W J r r N I L 64 M M m 8 I P 4 c 4 s 2 B e R J D G k T B w d N q P s l Z n I E D c N / 0 J 8 C q s H 3 Q U n j T B 5 G q Y J g H e p s 9 W 5 p R P A A S w M 0 i c V i T 8 P + 5 q / z R 73 z j g 2 d z b k C s w a H I d W U 5 J m k f 3 F + N V 0 r S 3 / I D V + P 9 r l F c r n + q 4 X d Q W A z U j z p E n o p 9 l U 1 H 5 d e f T W h B i 1 L V S p j G T i G j L h S M Z C B M u Z 0 J P x v / i 39 t X 9 X M u Z m 4 N P Z F 5 T E 1 C j Q / v a e 70 p t 2 t O o Z A j v L 1 n K d J J x K n 2 O Z + 1 m m B N 7 k j r r g O C c g H O p b B X j D i e n s 1 s G 4 y D L X 1 B s 4 u g 5 M 3 d V l T Y J G 0 a u Y M w b b k q S w W C A G G g c u N k i + e v w y g 5 i k c 9 p h p 5 I I + u r 33 S D M K I S w W 1 o 9 J h / 0 y l O g U B i o b Q 1 X d M 8 i 3 M 9597 p H F Q s x C F 59 h t q h g Q r 3 M p R F M Q U e F C p v x t T P 9 M R P j y Y i I d B U 0 K 0 U r 9 p z N u D I i H a E k L g U f X Q u f V e l K h L W 3 P g h N i / w V a r 8 g O t e K T 5 d q r o K t d 5 d z 229 u 39 d r p r o X 6 N R x q / T X Z f c X 85 l 2 L G h A T 88 h Z o Q Q U W u 0 2 G X v W v r J 68 K I R Y X T Y 1 y S u v g 2 Z g l 32 B h g E 7 p x r K 2 f o R s 1 a g Q r g r 0 q p X C b 0 c S w F A C l + l S C e b l E M d c h K / P f 66 D d V X J d L j v W i S c o k M p r 6 m 5 V d K Z 8 j c g h j 4 S n R w c a p 4 G / 7 X a n W n / H K I O 9 v I Q 5 R + 7 r L f T W o r n L V d Y N C u T F j i o S k N 49 g c c K j Y s 7 L z D w G I V W 8 W G 29 G I 1 r v o a + T z H a P r D i D 3 c a x j W U O C N n k M y K U 0 K E P 9 m o p 1 g Q h Z V X u S F 8 w T 1 O T k g 9 G 4 p K 55 e T N 9 / 8 P n M I i Q l a h 2 h v z l 7 F E L + z 5 w b T d C Z k 6 n u 7 v b J s Q b K n u 7 O f q g i 1 W g E 7 d M Z 8 M F v m Q B G E p p 9 m N h C E 8 g 0 n o k M K o 5 D v X r y F S Y p G q l b w I B M 6 p d Z k 9 Z g + L C 228 j 4 u 7 b I k k K y P n + H g L s h n + 9 Y R 9 z J h g x r Y 6 b 7 H T C u k d D t m a F k a u F y 8 h Y i t O a 2 T x C b + 5 M I u n P W o L A w p l 2 W w S 0 S y x D E k C 52 S m i S Y K s m X K R h e 4 l u W i O b Q + W x 1 l N Y + W M h U h y 4 O m z g l g v d g q 9 B A h u 9 k j D 6 W j g v T o B C r 0 g M W N Y M X p k h z E Y 1 v s 8 C m 4 M K p S p I u i W W K k f H x 8 / p 8 O W W q X n Q y 17 i 3 T C H v h T U H Z e S q K 55e6 c H V b / h I c 1 V R S g S y k l 47 M y b s n A o t Z 3 T T 9 f 7 B z 60 s 9 O 7 V n p j 4 E u + N P r 4 / l q 3 K B G x X o p r 7 w L V 50 D m M Q i u A B I F Q t z 7 z p y I H y l V L P h Z 8 I a u I E U U t e F A X v Y 1 c d k / + F G V m x V H S 0 p + 5483 k V Q 0 u 68 S Z + T / F W q X O U i m r q I v 4 U k u L / 4 n F y 86E0 t 1 U 6 E U Q 1 U r n p K t h A y 1 t s 0 1 n Z B m j U 27 U T g r D Z / Y W z H U l z E s S o r e 1 j w P x Y d N O L 88 h a s 7 G v l G I 3 Z m y 9 d t R E K U K L k 4 y / w t j A y 6 p 6 e P X r 0 9 h 0 K S 1 c U p d Y 1 a W m E E g t X E Y c K h s b J W m j i / W 6 G z g d M T v E 3 c w J d p c h S s A U 1 d 42 T p Z n v k z z v f S l B k u Y 8 h 1 d y m A 0 C h g r o S o W x h b W B 9 Y E B H Y T q 8 p u V 9 j u Q 5 s A a 20 K W C B p Q R 7 o 0 6 G Y l L 7 t v e z c i K H B / c m + s F w M M g 1 d i 1 v 2 S i r W j v 2 o f Y 2 a H p E g 8 + W V 8 v 4 u E A b s t B S E 2 e h g H c T v T i W w L d T p e W b U c q s H 7 Y f E p Y S b O z 9 D A W S h O 5855 J Z G Q X c n 5 b g S / 5 k 3 b t h x 2 z D B J D g H F 9 R a L G N F y J L B O Y 1 J 4 + z a S I p R V 3 l W S h t z 6 y g r t P k e X d F 8 Q Z t 2 l M p r i U Q J j j g 5 X X u U 60 z q y / P + V E d 7 E F H x a T 1 l + B j 9 X T x O 3 v / r R Y e e V X Z R 91 K 0 1 x 4 Y g j A t U F X A y Q 0 h t 2 K A h D G k b V i q A Y w g K A b x R l a 7 X t B v K 5 k u n G 4 h K h k E h 4 o 72 E N n 74 i Y y / 3 p s 94 x L 8 Q Y u q S E R 9 N T 5 z d f 4 s 3 G e N t y f 8 D t 0 a d b O f c N / V u d P G a N F k k Z q T 7 A x a c g M w g C 5 R / g Q E 0 a o F B F + u t O b V M R 2 y 2 K 3 h R L z a w Y h 8 r F K 1 r X 3 o N B V g / q E v L S L 4 a A L t O j o I o R c v a s G W 4 B N K I / e l m t r E T z T V n h s c 9 J / u m v v m T N X b r Q j / C t 3 U u H b Z j j k b 7 p K c v J p o r 954 b f N j J 0 t r u w 2 R k b 8 K O k N G g 3 j T S e r C 3 t L Q k C G g V 6 T Z C s E i D q 5 u t 1 E A O v v h V Q t Z 3 F t L G N D U 68 Y O y A 7 b L g O W R A E H h x c N / s 74 V p B c Z H + j N U J 0 Z 1 d Z h Q i v T L b U p L d T n n / E x N v z r R u j E p y D 0 e H 9 C x f z l 7 d r X N N A C T Z 8 H 9 p r N Y X n c c R U w I f 0 x D N L J 0 I 3 B x / Z b P 31 M B x U 9 t X 837 / L I + b R O h J W 5 A v C M I c a k G q M H L U O u C Y B L f z q 1 f 3 o R p p G V L v o K I r M b H f h e i g x W n + b 9 X K 26 G V 3 S U a f q k H E 4 r j i k P R p q x W F 6 I K v D F 15 f i z / Z G V r g v d / h d 5 j 2 c q n + y 8 Q / Y G T O U M T 4 P T e / L b k q G s o i P U Q R H q 5 k m a o b 7 w f g q H w h Z T G n l r J l l f c G O + s 9 C 22 m G I / 5 L 64 h H n h L 7 A X P K u O z l R 3 r O n Q K H / E S U I / P z A t q V V z p 9 V g I + o V S a N J Y p E O / v q C 6 T a T I H e 3 w n 9 P V J V x V T S 1 m e F j z 8 U q s w R D N 9 n L Z X n Q n s b 5 B / r 8 P T P i 8 L E F / 7 / x K f t R Z t T 8 r E G e p A + A + S K a z I q z y e U F 57 T n V x 6 h i Z K J 6 n i U 0 w v K G w s y j O J V 1 d j m D y H o V w 6 g N I Y g c F 0 L c h 598 f c 2 q c F g u Y M 4 L B g 9 m p c 2 v t w k C A h p 5 j H N f W t Z V n 3 I I l G n p F H i c M t l / + a 1 Y j W L k e o A 4 h h I P 2 e b 6 F a e i o z w 0 E B e W 0 f x l C e 2 H I 6 E Y Q I 4 p 2 E l x 0 e G G 5 g h S Y Q 7 Q T 8 b D e U 1 I n f t F 9 G 2 R m O m c A R v s I v l r / T M k 3 X g / c S 5 F H 7 A m w m p r F R o R P o / D X T G T h c g Z J K R h f d M f m D u T F 5 r d 323 F 4 k K f 50 + L I 7 s 6 u 5 U b C N p z s N 2e1 L D z 8 A I o / W q E g A Q a c r T l z p d z D 2 K 8 u v D 9 U X K 19 M a 6 m K Y p r O K z F t O V 3 M H L k p / m B C u a N x P I Z d c x h e v I C G R y g H 7 K / U R 19 W i 3 C c y L e U a J 3 / K b d / 0 K v j E K t A P g i W p e 7 y l x C j j M Z N G 2 R J f p J U I Q 0 s K h i v t 1 k x / Z f B F T Y j v y v C a o i q w B X Z s 1 K D U d G f r L p m l g 8 c C l 4 t J P T w 3 K i h s N 85 s 7 P 5 x Q R h r 4 Q U 5 E A x + s r K n h c a m M z 3 L 2 v 5 R B / 1 n l T p X A N W 5 T 96 V k i R H A 2 L o K c V C q 3 i p 6 o N t x E 3 V 9 I 9 k y 9 N y q 5 e s c N E 0 w Y X l u x f Q 4 I v B M n c 9 + Y 6 o v k Z u o r s p Y R V W Q 2 n f 26 R 8 X / p G M V j p A d y n M D x v u n W Y c j l B 9 r H I R U g y t a u H U E s H C A 1 j e Q M a C g A A N B U A A F B L A w Q K A A k A A A D C W 2 t I t K i 6 O x w A A A A Q A A A A L Q A c A D E 4 O T I z N z A 0 N m I 3 M 2 F j Y j g 1 Y 2 Z i N W Y 0 O W U 3 Y z Q 5 O D A 2 L m Z p b G V u Y W 1 l L n R 4 d F V U C Q A D P K z i V j y s 4 l Z 1 e A s A A Q Q h A A A A B C E A A A A j e O r I 6 R w 93 U U P k e 5 t W m d l G + R I 3 + k C b t O n q H 3 k U E s H C L S o u j s c A A A A E A A A A F B L A Q I e A x Q A C Q A I A M J b a 0 g N Y 3 k D G g o A A D Q V A A A g A B g A A A A A A A E A A A C k g Q A A A A A x O D k y M z c w N D Z i N z N h Y 2 I 4 N W N m Y j V m N D l l N 2 M 0 O T g w N l V U B Q A D P K z i V n V 4 C w A B B C E A A A A E I Q A A A F B L A Q I e A w o A C Q A A A M J b a 0 i 0 q L o 7 H A A A A B A A A A A t A B g A A A A A A A E A A A C k g Y Q K A A A x O D k y M z c w N D Z i N z N h Y 2 I 4 N W N m Y j V m N D l l N 2 M 0 O T g w N i 5 m a W x l b m F t Z S
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac3d-6358-4eb8-9df9-493b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'EQB6117771701.js' AND file:hashes.SHA1 = '1e66d658ae501808a5737ad7573347aa90d1ed5a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac3d-82f0-42ce-ba4a-40c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'EQB6117771701.js' AND file:hashes.SHA256 = '3f789e86a91efa6409a60728a05dedf950443f5a75d2cb658f84ca4db0ba9a4a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac3e-3b5c-4f79-8e8f-4184950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M N b a 0 h f D E a / B w o A A O 4 U A A A g A B w A O T d k M W Z m Z T g 1 O T c 1 N W Y 4 N j c y M 2 J m O T g z Z m V i Y z I 0 Z m Z V V A k A A z 6 s 4 l Y + r O J W d X g L A A E E I Q A A A A Q h A A A A D Z k / R N u 7 J z r u + W + N 6 M M U b Q n G K z 3 P e f R G 2 V W y f j + 2684 V E n 9 u 9 d L h F w + V k t 1 Z E Z Y m n C a l a y c k c O i 2 L I t k i 7 b d X Z l v E R S q T 7 h d v z Y C R U 6 u t J U Z l x 0 k N q J i l o l i s H s h G t f u g M 5 f b u i W E t 9e9 a l Q m l t 2 f J k z J U Q 9 J 30 K 7 M N H p k A w h w B j 3 g L W g i 1 y h m N M e l d Z Y 2 Q N n o d / g s 2 T g k Q O V 1 Z 0 s d / T D n A 7 + t r E o f b J H l l j C n 4 l Q 9 W P 24 P E G k T t + W c c 8 A N G F D X 7 M z h N y t 66 m C S 8 Z h F V + G 1 n k P z u a B 7 h A r v N v Y B V z P T d t r x J r l 20 U 502 H s i v k J x M t b w x D + c O 2 o P T 3 U //1u/hIVovURrwQUfZeil6GwoEWeUzfgO0R2hEmQGFC0iLDt3vQbiAyYn4W733wdKfHLDec7PmR48DGtSUPson21LzswzviOuefIhwia6jx6i6Fcl8Lje9CAnigSTQvrnlSosyRMjCTARdK2DILSOrfnm0YKPOZ+ayGLp5wgE8VyLdFRR2kblxnAfGLEnoK3cdAcRU/4amKtN+12gyP8UKRS4uUjB4tRmh5LpLsTL9NlR8TzG2bnd5hh+90w1xbyWgbh/0grT9pcv/G61d44wGbp7pqoC4kuLsW8vqPJgqujMi2PoZv/Bc6YlRk+JX1bWnOuFWxAQSkeOxUcQ8FTceAJlGFNpHlFd5RZBRIfwsplG6QvNhVV7hBrItFQrbQG7vYPkuaxDYbfwG4P40pViN4s2I3bfsj2y2cZtNG9POcWCRop38Iz5UeBCqrL49ilfNFK5U30JXPH6LZSgXg0V3yUH3oApyhkITRs3D+3qdIDqJshZgkHmtThm+fKRTCk1V3dbRRmgHB3p1y0b4g8JigiV1Peq4VH2HWaYF4l0I2OkE/sH/y2Lb+PdHTm63KrMpTUOj6rN/jGfjlSuZVDhagpxMtAbgk1R75PKSuaI1PPgz3ryKSbymuJnX0+XJaT76bru+cjtjOSe9cUL6KdZpSjfI2NIhrg1/oa26C9O7kE2oFC5fVvwGdaZGL58WBFJi2MUBHOCXcC8X4uteY/62VqjRVQ9FRuRHkfMtasMKIVg6dRN7BTeyQ515gdNoOX0KfmXeWYA1szFl7GtawRnlbWsETa5zbD77wAE9NvS8lhf1/lWvNuiDx1tNIUF4exmyIJW48Qbwkm+3RcWggA6FvC0MzHEKm0BYlVqtoJP/jMSD0kmXZXa02omtYCjmIz9IjTebl6WjwPT+wnFlmAOYWuS56ScP2bi8FGRojEuWGs18Us9CJid5Pvz5mWF6jmjmUD9gGvgvu9H4XqiyP7ifU83wsfCQkB6hbo1W4Cfm/lLKcOxgfsJD8Y/lwoWYhEzhYmpiZOrFWotgou6ya35wfE6DlpM9/YuSleC+z8cnY8wp0xdtcbrz9K0p8Sp0iwFjHWcrbB771YKzj0L1blxSvvrvPvm6DzJn+q3eE8JRM8TM6m73kxcNCEHyVPegg15kToqW9cQDIHrnfHTZ2Oql6TGyDflbE89wZDO5GJ6wz2Pg3Esw8V2FZdh6kbX3dwXxAtbuj4EJJ/PacAycRWEu4Ix5jdX0rCgQBdrccirUKGJLfNF/mkiZD1Ffo0J5+WTKLKglLa0ynFAInbgqVgEzLI3m0PADk/GxhXv6HtQlca/KSYoyayEgUfopDfknvYhC+uvUwosxOIKMaqSBuiDQhabCKx++JGxEKW3NCyBUmvsLewDtgkrHNceNCAJLBA6c2V9vJGp9dNHogtu29rmfK5uz+E2gyK/q8CUYxPJ3IPub6LIORCsSZ76d/QQEFZIELYekbLVuTqEeVakxqSxkFLmsfqeJHd0C3Z+luJ/g89I5N1eY0t32V3b9mGs6rXQYOFiZ1r6hd/5baDmkiAeIGzGHLfvSc3Undh9Zrq6/AB7iwmrt7tOEjvv+SiRQ5H6K8KexT+za5sGGkGT9eYZhPSZAq5cwPkIh5mWzCjC6/isutss0JRyvT61N7u+OgNjbn7VCcUbXIfEW9KY2uOR+JdDI+VqWWtdROS+4y/JRJpGpp7OVkTrTTHF6XgoHHh0FGq3yjpL5sf4Vi5ipUGf2Ups141vGTl+ZL182r1v8sUZhmGEg3OnltZzq0AE2ObFzVMjmhh+s60dOGR2QIzbjOnGaCdrfwNk3eYMer95hOGjbFdYJPfIDBrY96/YLYrGcitI6a8tSjB7rHYCdQ47/R74+i6OKH+PibDHUMnf5TcAfxnXdSSnhF/7m2vaCjBXCS0uwjVRJP84qvt+RWaZX8+Ucv7p8170XDhBw5TkTTfW+3FpVLAhDHvhbVM+0RepONaoVyPs+skYzzuGYfAot5NL6CQ9zmwKMM+jNoLCTqhNWT9mCBVIRo7AkgjAdDoKKi5siSQlXVuKZObbeuJhD1Sroh4fuBjPB7MpD7qWPgsTgc73TohEIdJLpB1MbVOm6UKUd9v/kdPKCC8IzWFfhIMYlfv2QlZyrKOoZ+z53MPysqynQw6h2fJELAjv2u0HTbnU3szFlVNOyMQw1MU0OzUvFiQ7Rz+8DmA8gJjqon2eArNisEdDsO2UqOEdqotMtVIh2B+tiFVdupKU2SNwak5lN2dnYkPudPu9Si0MjsWU1SYCbqCdvuz5sUwJGNx9BxkQ0Qvpye47mriAytA5MwzffqoZA/46dXdpZxB7zJ4KXAG4iNvVlCwilrsI6LlpyqEBoN16or/p0teBhHxedH0ujZLbanBZ+Xfg0+ZTo4tBda2bNS8Mej7JZzJoIguGWJgLoebz96mg5bWpctnMe1vvFRtL7N6z1+NGNx/gvh945VXoJVG/dUlOAtsr1BwZ0unG9LEicuGLbGyrxGLyhunOcN+jlkCcvSQZdVJcto5aFYdjduT+XqQRrYqzeJobwwXUCj/f3RWosIU2cZLEvH1xg/XJIzt7fkWkUZEMU5zZu0J0uRPPAt/HEUeuPgrXI6Z1ABPLJ5ZODeEdx/L4jK6p+udLq9KpTOY43Smx8SoXbWI+rL3P/dlORoNuiFq6CfU8EZNlC8zVnaxLnpn+3+V2OBmAKFKw4T/OQ1te3YTIlzPhMwtazVU85VJijW5CRK5SfxEehWYAZps1h8c3NQzTgoPfX/IH0eik0X8ml/nXKeat7QrkYAWjeEqcroXKBgf2cdAmWGhYJPTqeOXmsOTPsllLT4JGuwqC5bp3huBKXq5pNUtQRGy4o8EF5kpEWsvavW+7B6va3g56qe/aSGCRqUAmau3aOazdJZFaxabEOavRDqTmGLq/fD1fG+1hP6KMHfvf+BtkDOTHdwcA21xRy7e6NDw05U9wsx7/661b+qbHExwMxJK96nIQHfqdbA416QP/962q8nvxn8XihEHeJKvVcEjlk1qFlgrSi3JGpltx6krWf0xjVsY/gtlCk0blONSItl1vuGYC9v/pQSwcIXwxGvwcKAADuFAAAUEsDBAoACQAAAMNba0i6C87iHAAAABAAAAAtABwAOTdkMWZmZTg1OTc1NWY4NjcyM2JmOTgzZmViYzI0ZmYuZmlsZW5hbWUudHh0VVQJAAM+rOJWPqziVnV4CwABBCEAAAAEIQAAALwsxZ/kBrvRHLjyejK+OJhtJIftoaxOVKrgbDlQSwcIugvO4hwAAAAQAAAAUEsBAh4DFAAJAAgAw1trSF8MRr8HCgAA7hQAACAAGAAAAAAAAQAAAKSBAAAAADk3ZDFmZmU4NTk3NTVmODY3MjNiZjk4M2ZlYmMyNGZmVVQFAAM+rOJWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAw1trSLoLzuIcAAAAEAAAAC0AGAAAAAAAAQAAAKSBcQoAADk3ZDFmZmU4NTk3NTVmODY3MjNiZjk4M2ZlYmMyNGZmLmZpbGVuYW1lLnR4dFVUBQADPqziVnV4CwABBC
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac3e-ca78-49f5-903c-44b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'FOQ2976283401.js' AND file:hashes.SHA1 = 'f54494053365a355ffb96bc3cc36183df92390a8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac3f-1488-4cd6-9b86-450c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'FOQ2976283401.js' AND file:hashes.SHA256 = '1a33338c6101ac66cdc79dbaed17267725d183fe37bd331c04b9580c69dde5f6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac40-fea8-45df-8079-41ea950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M R b a 0 g z X V i J h g o A A A o W A A A g A B w A O G E 5 N m M 3 Y z Z h O W Y 2 Z D Q 0 M T k 2 O W E 2 M m V l Z W I w O D E z M m F V V A k A A z + s 4 l Z A r O J W d X g L A A E E I Q A A A A Q h A A A A M Z U Q U i I 6 P / L G W M A / + k s c v X r 6 Q 55 o K 1 A w a k H Q h I l i v U W S U 3 O 3 P A i d T M X V P 9 D 7 M 1 z e r V V p / X F V p C M 4 a b 9 N z s S g A F g v D t Q U r h Y i P e e e N t 9 F B + 7 A m U X p x w Y t F n v v T R r q M T z a m c C C 7 y M 3 P F U + Z v n o q I F u t 8 y 2 u p l U L K O q Q y Z i r M 2 Z i d w G E Q T e + 9 D 9 P 9 / N E Q M X o Q U s m w w r 1 T L W W + l h b R H T M q C 94 c T V 7 E B 3 f Y U E m X L 5 P 7 L 18 B 5 i M u v j 4 o D p Z i 54 d n x n T L J c Z g L B d 7 F w y t n 3 G 0 + x y y j d 96 + i P I E R r t 3 F 0 a 3 w g s m 6 v g q 6 g p d s c D e 3 P k K h b l R t 7 U P q 8 k j B G T p t 9 i m P Y q l Y j x k A 2 / 9 G w i V o T z g X S 2 / 0 k H I c 8 H 8 N h o h t Z 6 C V x d Z Y M b m q U a 1 E s P 4 u T l Y T K L A f d T B Z 0 0 V Y X y C 5 X i + N i T 8 m f Q S a O j S t s p O 2 L K x K 7 C Y Z t R 1 E G F H H Z p M L c M 2 j h D z / p z f 61 H y P C M 57 F G k s p Q C T A / r W n w k u A J H k N s n P 10 o D 7 n 73 Z X 9 L r p 0 / b g I k x 34 E r M H 3 G p a z d 7 b 2 j V k L L B e 4 Y Z K V o D u f 3 W A i r Y 4 m M 6 R 51 f V N 2 c T 1 Q h 90 d 9 R m j D a 6 O y a 2 g I C V V G / 0 Z V 9 q h p + t o Q A t o m J M C q z Y j J Y d 6 Y A q Q R L 8 j Z t 7 a x B v q E L 1 y R W 0 w U a 6 p r c 14 o 2 H m s W C J r D k v F e N 2 v Y q K e k v j B G 6 v m W x 9 i B n x 5 Z W V i R C o X i 5 O 0 N j V V 4 j G w 8 x u G R n Q 5 y P m a c 6 m x 3 U 3 H T R Q G g a g J 5 K O h y + 85 v p A B 859 Z A r 536 x i l a J H 9 X M y Q O a s 6 g w i G Y 6 a N I V m p Z i k x H 0 a K c D 5 Q t 0 l + U V J h Y N H v z j V 2 a k G y c D a V p 9 M 0 / L X Q k Z D M 46 y T q W y W u T H L C o S 8 m + H w E K 95 / 73 U F j Q A k U V v 5 X o l o C p F C I Y j b k C z E 3 w h G x l p J Z P r G 7 X p E N 4 A y l j d 9 h S 4 y 9 Y B 26 W n b y X u t K T 0 r R W G z w C B l 0 47 e r 3 x G N Y k / 1 U G l e / B l c b 4 t h r u n D m o k J m v m I N Q + n P A h r S G 2 R b F y B W N C e d K D J k P L q 9 l g 2 z E U t i f G l 9 Z 6 q c w f m n F E / 4 t / q V K I q S X V g 69 e s b T N 98 n 7 F R V u R a Z Y U K E 3 p T N Y y H z b J e / U X M h m r M t E b n Y U 9 G K z C 4 a b y 3 g V Y M 5 M Q G R 72 g p P W P 6 y t R E K c m X m O A S E z 1 J l 0 J 29 q b + l G p q S x Y N U X B v 80 T M 6 Y Q d v z q B w a 2 M l F m f s p u / P 4 X i n m i Z L f d i u O 5 a n I g 9 F 3 I g m g 6 j 3 N S f H v g + V 4 x 13 V x s N I q B R a r k j w D M R 5 X U L B Q X L p q e T P 8 l T v w 7 s O W i 7 + g f B C E + y e X n d b L b 2 s 66 Z m M d I s l 3 p i L z w o 2 J Z 4 i P v t 7 D 7E56 / T C o 87 D P h u T o Q c u R 4 q q 53 v L V D B / 6 l E k x a x T E T F f E n M P 0 V c p T H T K d W X L o s 1 l 5 G 3 U N Y q C L i M s + V H + y r B n R L 5 B m e j e Q l A j e G L r I 7 V N P I A t I V I 6 R u / 0 C D 92 W 2 / u M f N E R x 4 y Y D O 45 + T / P P Z d k K 6 g l b o n 7 n S F i s m f 0 14 A q a D M p b s V l g o Z / p 61 y 0 w t h Q h V j x K 75 P k S i a F T i G Y 9 + 5 m e i D m m N O d Z w J f M L 4 U P 1 v 64 E x Q s 3 h u H p x J Z z c L m M + q c R D y G 0 7 O g e X 9 S i h V f n N b 48 C H p S e 8 x x e p g K b Y b A 9 a x o p d i z f E O A o D x z i Y O 0 X n y Y i c 7 f 4 g C I l w J m 8 u M z N F 1 h D 1 f 1 X n g E Y 7 W g H H K S K Z 8 n w z N c p e Y A 2 K S 8 f 8 x 4 g 9 W J 0 O B Q b r W y f y N m M d + N 1 x 5 n h x Z u s R 6 u 9 v f x P O b w T / a a 6 K G f w 2 N f Y 5 D I K 8 i V f w o q S 4 d q M J 5 v V E U 4 t / 1 s H U N v A Y v y R u D 5 R N 5 E L d 8 H T Z a x w V 8 l m 4 W p B / k S h p d w S l + z e p Q Z 6 H 4 T 9 X f q O s U o V / P k Y m W R 6 A P 9 D M Q z 0 / U g N c A M S u A / q j A c v V 28 W V 7 A w V C P I X L Q k T + n + p j o u i F t n p q U a d F r u U x F H n X I I b 8 J m a Q f f W g U G y 4 T v 2 u X o 4 M L k C 1 s 4 R O O r w l I L b g r a a 0 O x w n z l G I C I 4 z 1 + E W 86 i j 6 t D K B K h 0 C f y q + f u n x n I D d 7 r q y Q r 5 k l h 40 b g z D Y v K m M 3 q + D P Z X W 2 m k T Q w j a 0 Y l W O V 5 y m U h c E v / 0 h U I J j P z W G J z o T V t E 2e15 Z g e t 9 o O G 4 D t 7 d T D J 6 q e A M d 8 J r q c a k X g z y S Z Q v n + f N P o a m b U X v 9 b f g F 6 O i x j z P c 5 R d k K n l z R p q R G Z z C d 7 E F n T u + A V I I D 977 g q p u X O + A k e g L Z 5 e P z h b n h y 8 V 9 O S x 90 p J k a U + T X S V l F S G k i M i u 8 y d B X R W 6 c w 2 O 0 s J S e h m M k c i i H r e r A S f n A C C 7 O U C b b j m N K D 3 Q N G S g n G G S 5 L 0 J l z F 605 / T f G a y G + 7 g 6 f m p K C R 1 b J o 9 p r 1 W s J u 1 v 6 B a y D L U A 6 a I Y 4 C R 0e9 G Z v I m 9 z u o S e i Z g V B B b R K J q y g e i L 2 + P / G E 1 Y I 3 Z U 4 Q T q R e + P n d B V S i T u t e D o Q f 7 z M Y n 59 J U B L F n x t u i L j g t t H G p Y j 8 J o v k q 63 f E y I X K C u Q Z x x l 9 c T W h + a Y d 5 d M C v D e q 72 Q T H W u A A E A t 41 k S Y t U z W 5 f I C 3 A r t F l u m p g I O k m V Z j Z d t G f q s g 7 M E i O M D I d M z G H p 5 o a R I y W n O r D 3 r t N Z d A R 0 X t I X X R P a X 8 Z b H w I C D l 6 p Q Q g A u 66 w X 7 r c 7 f p 3 T N N S B i a 2 u i o 4 K X z U d w C g Y 1 Z U k 9 M I R 1 / l N v e L Y K L u R E D S 8 m e m r p G 9 u B M U N 1 l v F V k 56 n v J V T H 86 O B N S u + 7 P V 9 h F 5 C Z 6 M y L A E J N H L v C V 3 B t m L k c a U M X + 2 S P Y 6 b o 3 x V W f I X A F 16 / b a 2 R 2 c 36 f / 5 T / v I B s X e A i N 4 o I c E y m o 0 7 + n O G n W 1 y o f V i i k I D Q h K d t U w d 4 c Z 51 r h n 6 t e / m v l G t x 0 l N M t K 5 J I W c H W 6e0 t V 7 C S r N B 6 v m P 2 n A s R N k R L C 29 p + 68 o L i j q R N q t j + K w L i l Z u + z Z e 5 c L 804 a / R c 21 P U g s M Z 9 L I r X k Q q T 9 M b + C i c O H k E Y k a P 0 J N W M K q i y 1 v F D j i b q 7 E s s x M o d X 5 w c P d r H R A h X 2 / B i h H 1 i u t A H z h 9 t W C n w Z 7 Y D g 8 m i 8 u H 6 H d G W p p o K I w Z G 0 9 z w + c u Y k 9 E O 6 l y 6 K y 79 Z i 5 r x t V 7 l A A 3 F Q o z j u b R + E 8 c 6 S u c a Q T R U X 8 W H G n D V U E u 275 N H j Q D 0 D 6 V M 526 p k T 0 K F b j E T i 8 q F X u T O / N P R P F c H / q g d 30 y Z g a h u h f R L q v J s i m a r z B M A p / d n h 9 n T V v w W N a r v r / i k 3 X W i u H t l d N e 2 f p d p I / h r C 0 J K / J 8 H q E h 3 K R V x Y S F k 5 C g 0 W p 8 v i T T b s a I 1 W 0 a b m V 97 F p j 2 e l Q + k B k y C x p S R v + / J Q 0 / d k z r y D B Y x u 4 Y v D Z O F P M N W k 4 p j b S + s q q t x q L / r u 8 e O g M H S M e c 1 Y W l 4 P B b V i F a p T O F r f Z z R 2 d p d J r M o H 4 X T l o / y 0 D X i A Y d w + k x r + L J K 6 r x Y / y E 5 s x H 2 f M p F x H s 445 q j l M T V u 7 Y C m J y v 7 a h S r Q X e z Y 0 J c f b r J 5 L 5 a v 8 f j x v f C 8 r Z 2150 h V q x W q F / c p i 4 + O l u j W 9 P E t Z X w b I p M f i V 9 t L P W o l F n O v r u M G 19 P h 7 e K s h Q t v i x C 346 d L 2 A J / r G j w h 5 M b + U J Y d f V E N 9 w 16 / n F 2 S v z 4 + + M B w z v P d l y v A E m i b p y R i S z n n p X 1 T W L L h q 59 b D x H B U R j k T / V z q H N J H R v 8 k 2 u f 54 S z F b r S l z l N a K + O 9 h a d a 775 + m r 7 G Y L 7 U G J m 6 h 158 D B V O Q k B n v 0 F n k 7 p 2 s E q k L R b G C R L C t D B 6 T Q L q Y w x F 3 W h j Z 85 H s U E s H C D N d W I m G C g A A C h Y A A F B L A w Q K A A k A A A D E W 2 t I q A l I N B w A A A A Q A A A A L Q A c A D h h O T Z j N 2 M 2 Y T l m N m Q 0 N D E 5 N j l h N j J l Z W V i M D g x M z J h L m Z p b G V u Y W 1 l L n R 4 d F V U C Q A D Q K z i V k C s 4 l Z 1 e A s A A Q Q h A A A A B C E A A A C T l u y h b S q b n h o A X h s w L T n f d 8 Q S j p Z F c v b Q a U / M U E s H C K g J S D Q c A A A A E A A A A F B L A Q I e A x Q A C Q A I A M R b a 0 g z X V i J h g o A A A o W A A A g A B g A A A A A A A E A A A C k g Q A A A A A 4 Y T k 2 Y z d j N m E 5 Z j Z k N D Q x O T Y 5 Y T Y y Z W V l Y j A 4 M T M y Y V V U B Q
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac40-dc0c-4157-9cdb-444f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'HYO4635453513.js' AND file:hashes.SHA1 = 'f5183d28ae5faaee607e01260e82b7cbab74f188']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac41-d3e0-4f62-9c2d-402b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'HYO4635453513.js' AND file:hashes.SHA256 = 'f12631f1966fe823634f74f075bb79417a73f1db5a3a99091307b8abaefb4e62']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac42-4590-4f1b-8b53-47e7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M V b a 0 g r 9 G r H q A k A A E M U A A A g A B w A N z N k N D g x M j Z k M z U x N z N i Z j Y 3 N j J h M 2 E y Y j B k N z I 2 N z l V V A k A A 0 K s 4 l Z C r O J W d X g L A A E E I Q A A A A Q h A A A A 3 H z q d v A N Q s D O n W 31 M 8 p f 4 u p h F C L M K j y j s E 21 H U z 3 H V 8 I K O Z 49 m d I u w U K 1 R O x 3 h L W x O e f c I P T Y q H R G h F + 9 W s 7 I w i F L 5 R w P a 6 g u I T h A 90 K 0 2 z s g V 9 + Y M s n P O k D z a s Q K O n 10 g 9 W t 9 z b Y 2 G 4 q X N 1 //wZ0kNcVul93GYp0N8zfUZsnQmprICVIYCBMyYEQ7whvJOkJGiBHfF54lU3MMqUufg5ogeJfhAjwIWgBbbg5KbtBOXPlDKJ1/dYm2l1ZOmORli6FrZLPpFmSOMLxPxrZHp12rBR5QMZj2YnqfQ20vgpqCAfXeDJCjrwOGENKOxye0IDX8DlNx0BNnY9V3A9pj4K0RZB17bDDqEIwiM9sf0eLdH8ndDe5anAsnrY2H6wIyyKHmO5qqznOgGBIygxRAQzFqmZPtkGygtlJxoOdWRVtRZvUqewI6UZhscFC4drNt4VLs2jtyKoiQc84aL0Wfhg7RSpRJY0yExtG9ixMXuX/OU/hPZJfxwn7wU0IK4fJz3DA3vx2nuboJ4vqj/BR2VvEmB0kdUIk2tJwwCODdP7HQvoVWLHDssjAZpsFP8fvq02PwxjMA6uQ8v9Y9upyfVa+5mhttfhftQuMlySRNHrwbyMFOE1hzS5sx5PfBLvCfx9wdKMc6qrO8Rz4Kc9yGbxgZIWMvAfSTh67KVNY7LYla7ELG469HPbnTKgy/ga75RrnG6qkhPbMH4cziRdk1PeZZnV3ZIJ7aHHwVBg4vypMhZnHwuMJTxp+YY1JlpgL0GuBN/LLADIPoK4PSdoJdU6A7/1q8RmjeeZjjyTAlpNhBbb8C4Nx30prDGXBvG6ul0kW3REAnyT4JJvst9eOxuHU5NJjWDpfkUQrxctvkC8ZYluvTNYHOtSM9/j92KWIHZwsRPZ+O3SorfrB9CRckqq4UWc+UKDFr3HoDuweNIE+CzO5zyGQ47HNs//0EnzWlzr5ybN80yI3wQDvm5KyWFUb88cSuqPK9KGYYjdTERI0A5brrr8KRKWuJhPy3BGRwjuLjUypRNyno7MGTBLIAv7C0cLEwGfI9YF7dbYCkxbg3D+k4IDPs+TGPLaeadBnL/4Q0p7rEIaxKbDImeqGExcFqEsa/XQIg0o47xUw/zSDFpxyPzaehR5x4jjCvgrZzj4AYAm6BvL0ghSEySYvD9W9YLJsrLghBMHMBwg1HXZ7bJoIRhKt2OE8+OB13ZpEsk1P+X7+L0LPk/oulGkbGQlp7iwLxGoNhg3V6dv2grrp5lKAmzTtyYm4FBMLEYNoDfMekLazxeZzxfYunhj52Z9Y1M3GVTLc92yo4FiCW4g+E64bL5AAcemsnEqC9aVghiXxeZQIkhBRRQU4AXKzGKizT9gDFSkSbwRPhcXUQWSZxK72kREYBtUz1U899V14mu/LDfJwt43riMO1fm/KQfMl8XS9QuG2HCuAmDCACODjfPkUk5v0nNH9Kc2kCSUzzsI3aert+V1uTiN4F0pKOa/EOjV87qeKUbShlCPIhRFan10dxZvXS1HXsM3HZSts/lX7TECqdHPSwNcXg832I1Eqz0nqJG8n3J+G2IkIi4I+kVNDzxbNsJRD37HbyTiVFYDCdHvwE32EOne9PsSvUxNoxdM3U7uiz8X5LvQYzb8XdjYNPDWXmLcpwGcUQgdvmplxWlMKM6s/zoCtQsEbFO9X6GndZm3bLH9Nec/bck9zNK/oY/fmGEHyt92tvG/lZJa5fU5dLhTdWRgZ2ukqt8/hsjc3dWEV5HdTqLnDdHEEX1va67xvHErHtw4tsl9w9NKvWWIkLEbdZc3/aYwYlTEfEWBQHTU43QdnfO7I5SSSF8v9P8gElqqxq6mtjECnRMhiRotlO+cUFbzefTSC4fDsHnzTxxwlLTXbX8yjQSJJBAa7HTDqxUo9uWrSDxmwRjOAM8m6Dmborb+D3D0HfIgcC0LJ8VFQkmQz4FiQ7e4I8Z9iA0kLj2wM4OUf2dWkKC9VTcDgO0qiRF2RVaLiDLLdtY8eQd2PWwn+gox9HszTdO+lbkmeHc+HP5Z1IRpA09zBZXQ7PlmyCE1anijh7H3NE84aGGnUJS9vd7AzZCkjemft2qwaEBvxMcVH3cSkeiYCSZ7UCZJAVjFJb/Bucl8kq9wWy6IzQX/ldyYI9DltwIxo2VFwKoA3uPCj5RqKAPnI22SNLQjJR7t/TDyo6yxfGJBNd9xdNidCN/BF+pDDLdIHvzNBdRqkFxLpDhVg9J8NRTjidMhm7kWHKtw+b4zFph5VDD6H/9OwjE44KxGbKsBaaoOmX2+C4AO+YCAUc/cw1CikxycFVy01BfMUbVH3l7xs4eWKS908qrBWuMAFsbAzzu9awchbIDqLAzTpMghyMJJgO2vsZMOFC4MgEiArXfXkwuwnlNLodA6AicoVlMt3kme6FOJP2+kNi32/ezptmEVm3aWg5gmFXJ3kjIqBvMPB3NDWWHByfQtOK2yS4dvSweWu1mloQR2KggamRdIcLYV8JexYu4vmXBv0dzAToMvz0GkjjcfsNsifdcy5yDgmLB2GVh1PGQUk37khnR+ph0EFA7Dy3G7bld7YvaNsyRohdqcUzyfy2vHRuMKEWkM+6/TEkzKnMz5LwWXLou9rXrPOQPRw5n+s0xSjYKYTqNCydpdLCWMmVY0orsM3O0n36bzGydUK1u/96SgTUjnFuNzbcjkr401Cj0ysKBX+Bm5aYBNbgiWfYZrbU+oqarR8Hms7uh2yGEOoHYX9yOjt7A0XciToR57SsU2vlmPjBBxs4HgMl9doxMf+srBFzZhB4KduGArZj4FR8rsjaYPKxiVhCxU6dZXAHK/ay4OB5HInaMrBrPPlGfkah4GrWjAShrZGas7ZXIkunLMwPY9c+DfaurR1c+9llFV11cUJcwWQsUr2JoQVTqkIsoALnIfgQhc8kk50iDY4givNgaC2P0bm/CRjSTV+0z6GU1hGiDUZE8maSIJHdu6qAulSOBgSiyoIgR8IJAeWBdPpqvFx+w5wT8nG/YH3VlsrkvMxfG4p3e5nYnlACK8DYovJLppBFnoHqPQuXLk6RovcgwZBIn5TusEeILgInSuR+YegpdO1ecgZyC+eCfIfK4Nj49R1buXgozY/Y7f+xvXRmjfDAcpXD54J8WVkGZd6W+ivnS2tj+QvWT0eu0dmFlnW5+mZ2VNnaUua1/zOwCXzXOocFJoPuOL+RnKKeQYhLPmErxPhvVo8MBu1sDt3VRERJCPKBqN+Yco9ru/UUMJIvH960+/Zan8soh1j2b1zgDMk7q/lHeFm2lxUEsHCCv0aseoCQAAQxQAAFBLAwQKAAkAAADFW2tI9z8GSxwAAAAQAAAALQAcADczZDQ4MTI2ZDM1MTczYmY2NzYyYTNhMmIwZDcyNjc5LmZpbGVuYW1lLnR4dFVUCQADQqziVkKs4lZ1eAsAAQQhAAAABCEAAAABIfgpxSutDg+V5nNy8KlXT8yC2oK8ga9BXHEuUEsHCPc/BkscAAAAEAAAAFBLAQIeAxQACQAIAMVba0gr9GrHqAkAAEMUAAAgABgAAAAAAAEAAACkgQAAAAA3M2Q0ODEyNmQzNTE3M2JmNjc2MmEzYTJiMGQ3MjY3OVVUBQADQqziVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMVba0j3PwZLHAAAABAAAAAtABgAAAAAAAEAAACkgRIKAAA3M2Q0ODEyNmQzNTE3M2JmNjc2MmEzYTJiMGQ3MjY3OS5maWxlbmFtZS50eHRVVAUAA0Ks4lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAApQoAAAAA' AND file:name = 'IGL2479468312.js' AND file:hashes.MD5 = '73d48126d35173bf6762a3a2b0
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac42-24b0-4a9a-8c7d-4cfb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'IGL2479468312.js' AND file:hashes.SHA1 = '13c1fe7433a10222e1e676fe1d9182429e3906d5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac43-d7d4-42fa-82d2-4b14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'IGL2479468312.js' AND file:hashes.SHA256 = 'f365ae19431e7accfcd0d9977fb52cc288fc5f4b39c63f483105c8d5ee3cbea0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac44-3098-4b9a-9bf2-4102950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M Z b a 0 g u I h R Y 8 w k A A L A U A A A g A B w A Y z Y 5 M 2E4 Z T Q 1 Z D V i Y 2 Z h Y T c 1 O W R i M G Y w N D V m Y T E 0 N T R V V A k A A 0 S s 4 l Z E r O J W d X g L A A E E I Q A A A A Q h A A A A M Z U Q U i I 6 P / L G W M L e s / 2 F H n O f H L a k p z / 7 j V n z V n / r K 2 S 3 g x y y o d d f 1 s x F c x Q l k l 3 L Y 9 q + U V W 4 p W S Z k P i 6 m Q 8 c H i D f t B e c H D d w 2 r 9 H I v P T s a 98 d N E b f T l F u C F y y 4 B K U m y e 9 r V E v j c V 8 D U R 9 H O x l 6 H 8 X 2 Y T b x e 0e8 z M q 5 H h p D m 32 x / 2 R V 4 p O + B F U / 5 U 7 S a i Q T 3 S e t t L W 7 x F W G A J X 8 s N P j E + s 1 I J f V a D Z i / p h C i q J R o R z n D X v I 4 t n I m l 556 C u 9 Z n M y / s Z 6 L 2 d a F g V F 2 p w A a 6 i C P D p j F / T 5 z T b Y B Q Z j F t c s e g v l r b y 0 u d y V g J 4 t u 8 b g H E m / A g J Q B d I 1 Y X e L V K P s Z 25 K 4 T S b M f b o G D G F N T N j Y 4 / z H s w m y C F I w x z R v P S v y 7 n N r H H R j I 5 r u s H U 8 I z N r V t R S a X Z 7 S r x q F 7 q J x r s 1 E k 6 B 3 Z E M F 5 q E y U T C Z / s n v h h w 91 r 2 d 9 W x I X I U o H x H Q 3 D b 7 G X r 23 W 3 y f a Q N F k F G i R S o Z g x b m I Z 4 Y L X z 3 d 2 x + T h 1 G N k 9 I L H w P k 5 o C M x E 4 U + d C o N w W 84 I j L n p F L o k L O J z b f 6 E h C 4 b z r r m 9 S z i Q e f e v 15 U 1 t E I E Q I O R u R b P I 8 s U y K t A o f V E V T 1 k a m I 2 e P h y 39014 B N 1 o L Y y w P 8 s o Q H O P C x I b 9 A F C Q j J h C / Y K N r v Y v O l w B j d x d E y R M q H i m O b q S O C Z Z f W / G w n V v d N W L W 0 e b R S N a j c o 5 m a 47 U i B 8 L b 0 0 K 4 P I s K X 2936 k s o R k S r 8 N L K I G s p R w v w 3 n j / c z k Y n h e j U m 5 u F d D A a f r P g y u U d c a 8 h 2 g M t x L 5 b Q I I q s L j R l u T C k q 1 z x 5 y M Z 1 g L x 5 Y D 69 o / e S 0 p 6 T s u E 4 o J e p j U w B h f 9 G o S C q Y a J a K m H 31 J + m E V L I H Q e s 0 W F 3 l M Q m K V Q a d C s D d X 5 y X A L A 3 Z U W x E 4 W j S Q L N 6 a h t N W b k I D t N Z N r P W T h 4 C u B J t b O Z / m j U H 8 b 2 R j Y g O 7 + 2 N o h o x U N 4 f n b B o l i u E M J 56 c P W Z A K Y e Q e i 5 P D j e R p m M x f L y u w n l K X z P 2 D U P u H Y r f x S J O 29 P N o i R f i c 8 S 1 B U o z 8 Y + u q I Y / Q s e 4 S e H T V A 5 B T / v 3 f K S d n b h p r h t r J Q 0 i 8 + M S N k Z K + N O b Y n C t T f Z G e Z u t f U P G 6 z R v k 3 l 1 v P E b f u S m w + p e O 1 t 56 Y v D 8 X Q W + f T t r z Y 6 v t u v 4 t u T 1 x V P w i O g U h / K x t x O t Q j M W J b Y b J t D H e + b x 7 Z Z P B 0 4 x 4 V I T T r H 9 v N U X s o 8 t Y L / c / R Z W i u N / H W t N y u 4 Z K g J H E G m o V g D Y w 1 Z A W S C V a J / n J N 5 s X F r U w C M o c g 7 D o m a c t X b 3 O T V t P a g t I b 39 V b n O w Z d N k O L G 3 z w r i 36 J 0 n X L F v b I Q S Y R L F H m I P u Q N w l 0 u k c 2 y U c t 6 T f G 6 T c h f u h G w 0 / R c 3 N M d f K U e s W q m b H 6 n Y X p P T e i 1 V 1 o C T D 9 H m u t f C u p E d C S S D K m A h q v 7 u 5 D 0 8 d 8 X w G i O h T 9 N h 6 i 7 u c y G e J y U 4 Q N I b A S o C J x Q 4 l 4 b / b z w C 5 u d F G M o A 5 M J h O 26 X W X Y F d K s Q 6 x R J W z m Z k + 7 G E 0 x H q L T a X Q p k Q E e 8 g x R o y + T H 5 I n i 0 4 S / 0 L U W 7 T k p 9 N W q 2 Z 9 W J 0 m Z M m 0 Q f I s I f q b 5 O G C 971 M / d 7 l R r s D 7 l N Z 7 B D 1 Q 8 c b k u J D r S T G x G r + p A r A q 1 d c 6 D S B V S 5 H 7 / g m U / j g K C J B g B 4 J I p 9 v z R 9 f R O C T p u M G s p H j 1 x l z q k c w Q s d e j C Y m l k 3 x A 8 q m n I Q n G m c Y 0 w U o E 8 V F U G 830 p 9 H r O Z e 9 L L 711 g l F F D y K W h s x Z m N N s f I 7 n E P t R F D R + h m 1 a c v T t H C e W 7 D 1 r N F W e 3 O t x d L r M U 9 m 5 C S H X j n z l e T + v o n c 6 h m R / u 8 C M K x f a b X f o e + s m K H 46 Y H U 43 h a 3 q D y v T + l e o P J g l f c u v u P o G z S Q d N p 5 I s Q j L k s 0 e Z c o 0 g I R T C x U j d 3 H 8 F G 7 A k h s L U R 12 D / Z 6 j A 4 Y i x K f O y t I g / e P 1 o y a b N F M o x y s 4 i H A S D D n q s T + E 2 P K c A p 5 Q / j J T V n Q n O H P E y J Y u t 2 b f k G 9 L Q x 6 n S J / f W D k p E D F M 6 + M + D y 3 A 8 i 0 S F m S L U n A Y q O b 6 v E Q y 0 1 G 2 X w L j k 7 W f S O Y j j 76 e f j X S Y / I E p 4 r 9 x a 8 N 5 Y m 2 l b t F Y Q p i Y w z M q g H D b n e f L c x z Z g q v S 0 0 B a Y + B x s W O n t Q w a d d m R 8 S i R 85 K o 3 e Q W i p X S k Y e h c P D N o i l x i r 204 H L O 5 f S a n g P u I e N k N m A 5 Q 2 C Q 6 d 2 p s B t 5 g A X q + e O X w g X 1 N D g 5 d r Y t Z F v U h b s w k p V 75 b + R 0 7 d 0 H c F T 76 m u 3 g p B 1 A 23 n h G C c Y c K x z 95 H p a n d 5 M b t h + w z p X M o U h 5 H d Z j M l M C o v o T l b 6 Q i s y Z U f t 1 / e F 6 E Q h s H W N C 0 H f N t K c + X B B C u e c j t y 0 7 A j 6 W L K k a R 3 b B S C P Y k P z S 5 s + O T 0 x + A Q e i q D v M X l l + j S d T a S a H e C 3 D b i K E w 0 D h U B e P X b w r m O N 4 Y Z z G x S 3 n y f v l J Y A R 3 p C + p d q B 3 s O f Q t x R F s 9 Q O t r d A / R q X H J r 9 e u z G B 9 J H V i z H M F z v U X j K F D n K G o L Z 2 D x L j 2 s 5 E M i X 2 v a f 3 r D X z 4 f A j D Q O F n 7 X M 640 x E 9 R f F U H U T H A i a 8 m 1 D r T I N C 5 j //d/ka818tp49ZvCJ7XbjbJBBnmFyq/lyWAKfREkQKexBdC+zCiN/A7PDrNT8qGdfWqZZWQYYWGIj8+XnYVomCp48FLGdmFlvNmx9Cmgnry5uhPnfqm0hvVsoE7kEELVQc2YxI6E131vULdyJ3VVWE5dACJJgp6+qM38QPoeA0n4D4yZN/XjaCSiEUPWGlr7LafzvDMBkJUjCv+Wm3lhcfwM4CnPNuG0om6GWTl0f4g6UoSozPtUnE3qU6NS5nuhXz5IkaQYIEVkA2+5NYhhdzeQ0B+H8HzEIvv1PdEt3E8jqGevFDHAH9UvbBEP8rG2WeXerS0G9AuODV0u6yoLPqxwetDpdaAHSoaqX2AgDcsCCJ4+5edcFEHfarsb+OHKWZhYoqaRgpDT2p/ZEMJAUAb9fWfsCK8hoqAeu0qSpzGE1Z2dQAju7EUgixES4/Swo8Bbpyq6YLC6OWq30bo0aD14x61N5TZe06ynmN0Sihri57IGlMSDlK4RB2Ynhr2ciQvVxPzv8mZatcqm+l9Nvl0U9ufTGlhnBkfe33+b2jT1FFhtTjYkZCabMG7CtZlFPJvlzcglBX5gxpmWqWGoqdBZ8J6HET6bXztMeN5cmLPGXVhvyp87p/2Q0PpoJSc44cNIK1L7dFBJL4z0U6U2L6NB/f/ucWiqs8BjlBzCND1s7+9u7CH5ce7bNswwNbBtUbTOyjCYSfZEeEF+kgtXekOk6cYYZcINSUoK0Fx+EI60B2GGrBzmmWkYUj8FTl2otyREKydLH0dxg7RCQe8EQqQwU7lEH++KRk8OEEsnX6rHF6JKAB4njPgMxs1zljNyZzdqxirglufeppzJKokkx9TwJvYcSGn1IfppCWq17GjRpzSjIaYAoq5ogtEqTSY1m2zfAm6Y94ZUEsHCC4iFFjzCQAAsBQAAFBLAwQKAAkAAADGW2tIUjvKYRwAAAAQAAAALQAcAGM2OTNhOGU0NWQ1YmNmYWE3NTlkYjBmMDQ1ZmExNDU0LmZpbGVuYW1lLnR4dFVUCQADRKziVkSs4lZ1eAsAAQQhAAAABCEAAACTluyhbSqbnhoAXEGbAO3yejKir5x/c3Vu5hy+UEsHCFI7ymEcAAAAEAAAAFBLAQIeAxQACQAIAMZba0guIhRY8wkAALAUAAAgABgAAAAAAAEAAACkgQAAAABjNjkzYThlNDVkNWJjZmFhNzU5ZGIwZjA0NWZhMTQ1NFVUBQADRKziVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMZba0hSO8phHAAAABAAAAAtABgAAAAAAAEAAACkgV0KAABjNjkzYThlNDVkNWJjZmFhNzU5ZGIwZjA0NWZhMTQ1NC5maWxlbmFtZS50eHRVVAUAA0Ss4lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAg
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac44-11ac-48f6-8043-4185950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'INQ6225561909.js' AND file:hashes.SHA1 = '966af3138fe44b092bce87bb333884e583fb01d3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac45-4514-47bc-86f7-4f23950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'INQ6225561909.js' AND file:hashes.SHA256 = '0a884c6fbe5314727a24b65eb1196a8d59ceae4b57ca237f4c5c974673545696']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac45-25f0-40a0-9a4c-4617950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M d b a 0 i K C c f i 7 w k A A N c U A A A g A B w A O T g 2 M T Z m N D N m M D h h M D E 5 N 2 M 2 N G U 5 M j g z Z T c y N m M w N 2 N V V A k A A 0 W s 4 l Z F r O J W d X g L A A E E I Q A A A A Q h A A A A / y w w X a k l e 2 A Z O C t q r M 5 X s c i P k I v u h R k r S 8 S A / a U / B o b k q p p k e X p H 6 E b 6 W k N G f b a L b d 29 p A 0 C M 6 P 5 E b E e F Y 4 n r M S Q 4 c F m q z I 2 g O i f x 0 V Z y J n b 3 c i M m s G 8 k / C a z d c 5 k Q J y K X d n Q 9 r F H b F Y 6 D 3 W 1 k 2 W c K Y E 6 X 6 w j s v M E Q E 3 g Q P n L X f 1 E G h P 1 p d B m u j Z P s 8 R g U b S A X v E N E D s U 25 V l 7 h c + B W P u i s t 8 j 0 z d t X T W b R y K k R 2 u G M i s e 9 r U s P / Y d + g F J 9 F c b p 98 s k g R Q y M X 37 H L a R M 48 X O C M K 99 r H D f i I q 4 K 1 o D x 6 c X N s P p 1 R 1 Y u U E O c + A K w u w Y 6 I A k R J I y M C n x f C a g i T 48 C G w 2 V z l b c R v g Q i q o r m / 6 g W s P A 3 Q A i 7 b a u 3 y e 2 S u n G k 1 p h 8 a x B R / 0 3 G n B E 345 h 6 x e R 6 j n K 9 V / V w W L l E z 0 k x b b j 8 V M d 7 f l r p i E x x 1 R f j G e b V x Z G A X k K C w u i y g Q z r O Q K b / T 7 H o w s p 8 W a n + i W i E G t p I / 0 o y 7 P L e a 5 z 2 z X Q J A E + c T E 20 x s n V 9 Z b i A k H 5 T E i 1 T B s g k q 64 C j Z O x E J 2 c P S c m K z W O w X i X v Z 8 O R X B p z n P Y + o i 9 K k L a H 2 q 8 X W Q z W a O l q P j y q r 5 k y F S r f 636 C L N 2 T o J F 3 D V 6 K M P 8 i a s J 4 V b E k m Z A 0 v S o a G 6 G r U Y u X Q b W T t E 4 r h p o P j P q H 5 T R l 5 p W P 1 d F k Y 1 L S v L i O x k l s u z A 98 s m l 1 C f v j I 0 T I m S o z r P 3 / f + q 7 Y P s + y g K t O x h S A L 0 G T p 7 U P L H 9 J t B n d Q A m r d 36 H J w r 1 A O O 7 p t g 3 k j r c t A 5 y 48 y n 3 D w 8 m s 8 U s j r y + A k b t Y h l z T 90 V 8 D e r d 9 + 3 V z G b L s F k p t j w L 1 r U A h h 3 C 8 s R N 78 T m 7447 r 5 E w / 3 a + S k y k S H L S K X t f j M z 7 M m m Q a 25 L I r Y B I O I k k 3 S R s B F M W G 6 o i j a Q 38 T W a 5e4 f S e + M o n b p t l p r Z 687 T h j O H b a n j X E q t P + j 769 w H N + B x D 5 i L R s 48 O S f k z e d I R G E W 1 D D + z g E P l b a / M q + z J 7 E S K T T C x o U z i n 8 s z H l 0 Y 0 j f m U w v l s x v 8 K t S V E I q b z n L t g g p k k 8 d A Q 8 o 3 w 1 B s h J l f / u s n 9 d c t t o y D L N l T b T X Q J x V C t v / + W A F o d N z x u W n 7 l + S f o M m N p 8 j c u X n g t i K x A x S 7 q 2 d v M A I H S 1 J 2 s c 0 L G 5 E B i M a Z G v l V o q a X 4 J Y V t I X R k 2 F N 3 r G f S c r X d Z 61 c Y A 2 E Z c T G 8 g h 5 f 9 n + l 0 O z f 22 i C B Z o 9 c R C x l t d 4 N T + Z 8 E j o J S J G 7 O x 5 + y w b a / t i a D D F d 9 Y 4 G f Y y o 4 x q z G h C y y m a C m 3 P H L W 4 e + h f Q u + O d + O k E F x J 51 r L i 54 x 1 o z n K c n Z P d p B F S H m L d n 5 K z r 1 s A A 3 y Q s 0 3 K P d o + r h A x 4 J W A c M a T y j 4 Y P G 6 B C v o p W 3 n V + r 7 N z k i w o d Y R M 0 Q Y P 6 S x F y e 0 Z 3 O N u V P k X N T d 3 R L 50 N C U r W j w P D j v 58 C R N y y q i t Z X Z C p N h B / H I a J J R a 5 Z 3 p Y I j k H D i 7 p O 13 A z N h 9 i f V 6 f d 5 W L O n / 9 u y y W X a l G o s g R i g + D E Q 5 J D / k 7 O J j / 7 d k 7 y b d P B v N X c E x t X 0 H j 3 J W R t w b I D 4 j D 1 z m p S y q O E W f h O 1 R W T O a V k 5 n A n c a W i U 2 B 8 Z i E H J H j o G O s w W g Q 3 h I O X O n b l b v Z r Q e M 0 L N v Q 9 F H / y 3 P K i n A 9 u i t v X V m 0 k k + O u B 0 5 l R 875 a c V Z d b o x w F 95 t a 2 B U d i y 93 + D h 1 K a M + T f t I c C q C Z L B V / c J e g 89 L a O r / Q y d y S M w a z E b O o 4 G e 7 y j S K 3 / K 5 z d w a I o 3 S u J X C a 2 l E G 4 b A 9 H z b S q D 1 e E v 1 r x 9 T c y P P 1 / K 90 O F k X H K B F V n L c b H i P t D P + Q W c r 6 c y 0 u T H C U o v 0 l A 1 B N Z a T z + o j o c N K h f k L + e 3 Z n l o Z 7 z v 4 p W d h v j C 5 k u s 0 M D y / 1 b Y h 9 L f d 9 v T 19 N i J w 886 m w V d C 65 e V d C s a z S m b v I n q S u a P M v t P 1 u S M s M k 2 u Z X I o m y M S q J W L r z J u E / Y C u G y Z P N I o Q h Z 97 d 4 P S Y 6 W w q 6 T g l E M 58 f I F W B d M 9 S x v b 0 P a X z w j T f T H Y x B 8 h a f Y w i g G K E D O 2 c t Y j v 7 B W B 1 a w 7 E R E T E E O N F O t Z B v Q p O V u a G 1 L B 4 E m C 0 G q d u A y h 7 Q e 70 D q H r f + I c z c s 1 A r C N S 0 L 8 R p L + b F 23 L 2 h f t 4 V E s j R z k Z t N V g c z f d v z v Y g I 9 p y Q R r U O b K K q T g N E m 3 s c c z Q 2 M / W Y H 592 B s b U t g Y I 0 P K I P C L 0 t p D 0 l D t t s k Y M T A / V V Z O T I V h y b L u 1 X b G i 8 p i e i x o G d M e Y u Q F G e 68 z B P B h W I p / 2 / G e T F R v k s c A 2 H i 3 B I L I G m n H r f 8 P Y m d + B n X Y T X Q g 5 M O n h w N g x 7 R W I m w + o r E d F E //DzspqQoTvvBiFfqee387DTV9uOAWcJT5+EmttnsS8TdwZ7qSioDpXovjy7iSHf+23dqaa0JwG1VrpMKTXZUKCKq9ba9YWqLjs2ZtuYsvNDkXCfztGnGKRHOHZAEM9ZaacNXxOOPwIYY9uKi6YVEBBb8juXlP2Q5NdazQCoNWMo9KNOoRtw+aqu+4LP+VpWMw8x1cSBVtfHOXuwxMUE4SHNRVwFM94TfxMWmz2cud++rsu13lIzGgWRobX4Ma9Y4uvkgS1K5y8HFk3LusKHpoSM6SUO4Nc86B8d20Cgzp2TSl5ioLppNHO270MUSmBYymW8WWHW2oknZF32BTI5K4Eu6YRkmEBOUXfIDStMj9omI8qOmLMkTvnX45rAQ6nJUTrbertNYx6273itvOTUKWJhzD7A7mXKhZk4J7U3EMwKjH2XY0+xGZcCVV6EWgBrO4r6QKr/561DEGsNm0TZchU6ClXUnijW5gOUAbs3+Y7FnCxDvzNC/0e7hmShrqyKF+bh3CV4JUm70sPxXUBZl3ZK2M5EoQys38wVteSMVb6un4prlhBA79j2xXyKUvTAX0AKeDIYZK89Y1c02kv1OsklBr3vqSfhvRqk7H7sMBvyPSBW+zE30um/K1zb3micjyPoWQm6oj2ciH6VwyO8anQkkP9znS4JNd99g2Hz2L0plPCjYpRLxcc9Vdvz9hZHY7VFU9lKbmfD2Q9EtSr0zrr2x++O7nf3jy+PQ60+svnGWfzbIbqNOBKijE7PYhDqtT4BqZwZt+1MYYNbVAQSKYXaIHsLAOTSUMehkI6qwLTcu144Gtv+quXlsSGqrW+JcZKpQJYDJunzEBIR8m1ydx+WSoVWU+tWaSJ5JKy+CXCTXP+wXwHwNkCx49qv2YzEBrxi24Ry24Ar50spKWFtxvz/gGzubWRkfoW+NcEyW0qYGLhaaOKQDKEIn5eiwjx6CUu8tPF8cdT0YNxVka1h2MKE+redlRhjMWI23Qqi4U/ZYcckouQLq7XZfaXikRyd2v4o9t6ef1urq/hzS1tzDJvufjbEUHaZhqQFdjQV5oznuXH7C63Kxcs1YH+vox1OLFE5i5rgC5OMn/CezFw6men7tWqkeSSKvcw/t03Q6LDpQSwcIignH4u8JAADXFAAAUEsDBAoACQAAAMdba0gT5fw3HAAAABAAAAAtABwAOTg2MTZmNDNmMDhhMDE5N2M2NGU5MjgzZTcyNmMwN2MuZmlsZW5hbWUudHh0VVQJAANFrOJWRaziVnV4CwABBCEAAAAEIQAAAH902tAvXyhDAljQ0JuktRfWQ+UWLDvfsZmYfm5QSwcIE+X8NxwAAAAQAAAAUEsBAh4DFAAJAAgAx1trSIoJx+LvCQAA1xQAACAAGAAAAAAAAQAAAKSBAAAAADk4NjE2ZjQzZjA4YTAxOTdjNjRlOTI4M2U3MjZjMDdjVVQFAANFrOJWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAx1trSBPl/DccAAAAEAAAAC0AGAAAAAAAAQAAAKSBWQoAADk4NjE2ZjQzZjA4YTAxOTdjNjRlOTI4M2U3MjZjMDdjLmZpbGVuYW1lLnR4dFVUBQADRaziVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAA
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac46-0644-43c3-b122-42c1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'JCM2166401904.js' AND file:hashes.SHA1 = 'd83065d7552974bdf153c69eb52775addd6946ec']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac47-ac04-48ad-a155-4f30950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'JCM2166401904.js' AND file:hashes.SHA256 = '7cd16e8addcf6097c5e0429d7e5c2ea48ca674f5e6cf2c93a0e02932d4a44215']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac47-d58c-4b58-80aa-416d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M h b a 0 g M 8 v v v 2 A k A A I A U A A A g A B w A Z j U 5 Y z Q 1 N D h i N T E w N D Q x Z T A 4 Y 2E5 O G Y 5 N z Y x Z j U x N j Z V V A k A A 0 e s 4 l Z H r O J W d X g L A A E E I Q A A A A Q h A A A A / y w w X a k l e 2 A Z O C Q f 3 f M B 7 c i 58 m 3 f i m q N V s H f D R + a q O C 3 / b h 6 S 83 O y h + T 0 K V B d 5 Z O 2 B s c j t w q G m f R R M d f s g k N p g w V i U s H O t Z h h P 0 V U L 5 V I X E 1 b P m 9 n N 5 Z b r b q c H 8 m N Q M e q 6 S W f r + z Z k M x L O Y k b y S j M p k U Y 2 / V 5 p Q h R j u G 5 m E H S X 76 f V p W E u / 1 d o o P n x b o 66 y 9 j 1 l p s N Q / n O R M Z n x k g Y 88 Q O d 3 D H z l F 0 i n O 7 d S R h q 3 d 8 r w s 3 J T e S G C t K W 5 t 8 h + E q B G Z y 4 H s a A + W 6 k I s D r b p / w d S o B V v J b O F + c j 9 A p m x M K J Y A 8 d Q o P P i 0 m 3 c w V l p x 8 s 8 K 76 U o j D f a P M d H b n I 2 P P w b G r 6 J O f W l 2 w N d + q 1 F l N 8 q B N 2 d P Q L a N a h V h g 9 x L M j m 2 S Y W s t X j Z c U y B h X x M P K V 6 J 4 L 7 h w F y o Z 5 S x 7 z 10 K l b X X t R c O d Q j n 5 e R i R / H b z d j e C v D p e R 3 / s Q 53 o d D J X 1 k x T s 4 B m H x 9 v u A Y Y B B W N U N R k p 8 m U Z h D f q T V 3 + 9 y s e P 8 A + Z 3 p Y Q 4 K 1 H g w k d q u 5 P I A K d S E J 0 76 K l 6 r E q w h c H b A C q C c k B E J Y I h 4 Q X M f 8 G s W l p P g V N Y x 8 Y A E r B f / C v 7 z O j Y 0 m u 8 j A a F d u K Z i v w B R g F t D K E i / F J 4 D v G + K K h r R C T d u f l V l t W A R T c h d a g P 1 z p G u p X + a r z F f s s c V i + Z v h Y P V 4 j P 2 Y b J T w I V i q 8 N Z 1 h G 1 Y + y g H M d g B N h A Y Y h j r v m p b 7 e B 2 O L F T o g f 4 d X t 4 E L L Q 2 R P I 8 D m w Q 4 w H v 15 K T 5 Q c B L e c 9 H r q 936 o 12 M r / 4 r 3 E b k z E E L A E j P F S V 8 b C r A G r Z K R t h I X q U 2 g z C H q D R P e s + j S F s / f c v s B F g R j J M x U / H T H 5 D 4 b A c x I x u d J 2 B y Y u 3 l T o z l w z k 87 V B d 2 w p 6 g h j M w 4 I 5 a Q l R K E I l w w Y p Q W l B 5 v q n W v c a i M 6 O c l u 5 g G h a 4 H D y B 6 r 65 I 7 n 0 A L S E 8 S H p v I 8 + + 4 a F X L I j A u u 6 y x Y V 35 d O J U I 3 m n E B T A v 3 y I 3 l h C u a F l o 9 Q i Z j G Q t k W C r g W G 6 V N L 0 H p o / o y e T q O y i Y x r l w S c V T C 89 K 7 n 2 L r d B z s r v h 6 w n i o K 9 W M E 7 m 7 l k l L 7 B y Q p K O d I H u s g f L d o H B 2 l 9 d y p F w 459 D 0 v t R / U F i u O P t B Y 4 J n 0 s k g R B m a U T g I C r b T t A 9 S a T t u a N / a L B 8 K G L i 83 h e W 57 N 0 N 5 / z w c D / m X Q g o n R 5 Y 6 u l W d s T i e L d a 6 / n p b c 0 g H p y c V H P J S k 493 X + z a K t 6 R 8 m z J J s 3 t x o D I b T I F U m A T E E I x l G a E 9 x k s P 0 a L 2 c P 8 i X F N s Y g J D L X 7 o F h 8 q 1 h a a 77 g q r 0 J d 5 y j r 82 / G P n U P w 0 o 2 h B B A R N u D b C 2 v e i / J H y x L a V L a L F T p r 0 d H A o 2 D 2 w W 32 O O Z g F p L + C 9 w L N E 9 e H y F r O w O I f 6 i j d j h q l p P I 19 i U F / N a 1 p b 8 L y b l V O q A t F i c V r b L u q l O Y 2 t f p t s X m l Z H n E 8 h 0 X A m x n j 54 v n w m i a M U F S C / T O C m 8 Y p u P T 4 + Q 9 y S i D Z t T n j R L 0 a P E a 77 K Y l I y e A 6 q F K i D t A h p 8 e k P I h B 0 5 y u E T H O q D 5 c j H d D J M 8 L j u p y Y E H C d s 3 h f c r 8 p U t Z P C r j 1 q 6 D u i V b q w g N s Q q W 6 B S Z H 4 d e q 9 X i p S N W k W m l E e C t H H u o / 6 k Z n O K 2 o M B 3 a Z 9 H h v t d F i L 2 z F 7 n s A 1 o 9 Y A C l + N F j R d / P j C y O I + 9 k V i m 7 N 0 7 h 7 r f K g e 7 w p 9 H X u 9 O i l 0 i w U 6 g 7 R 6 A j B X 7 t l d J F K S D B E J a C T L n j O C M h Y v z P 6 M t a f j / u / K N K 95 d 3 / f p j b 8 r i I 2 h g f j Q U r / F Q 0 V Z v y L 6 G / T T + l g N w s 4 C L g C g 4 s F d 4 v n F 1 u 0 N H A G P L h R d q W C P 82 m C m e U P s D P 8 s j N b d 4 M 3 W H f 8 Y B + 5 S a t 1 C e P R 7 o P W c d k B + 8 I 2 t J t b O J 4 g y 8 o 8 + r i Q 3 U N F Q d W q U 5 k Y x a 3 + t W y q 9 A m O u 3 j y q 62 A 5 A h M v R z X q u T p f j j u w O D Y L 31 V / 3 + N w J 3 X P R p k A G d h Y 5 g B R R F 0 E t p Y G 0 H y S j Q Q 7 D y 2 q P 61 H G o E v U d m 3 Z l D i 85 N 7 k Z Y 4 H / A 5 m E j V 3 L O 9 e g Q W z H N 9 G o 6 F 6 F 4 x L T 8 y N z Q w 3 i f s n I b o X C U z b 4 c 4 j n 4 E V n + n y h 42 O 7 W 3 U l 4 i 296 k F o L n T 4 d O q u f 4 / Z N F 2 Q T 9 x W Q w N T F 5 t s h G B J P A + + e y W A k L f k E a R s r C g d Y l X F G V d j 8 x c K v k Z 3 Q w N a p X l S h / n M D h W 5 i 2 S c I P Z X k A V b s A G Y z i 6 k E Q d v u S F 55 i t 9 + P E F I a m v D L O J + 4 B b g 3 d P o P t t D K X M + t Q L E a y I t F X 9 t Y i 6 U n 9 H Z H V q 8 l 92 k L a f t p R 2 T / f g O 7 P 6 m E G k D H J 2 s A 4 L U z Q 6 + P l R u G y O Z s c r 2 I S o L 1 V 4 f e D 6 B T a S M T w V n w c M R H l r H e i t 5 z c v 8 E Z s W z k c d p B 4 d F M 3 V p V X B 6 w E N i A 14 L U K c o R X X 0 P 72 f Q D G j 9 r D 882 M d p p 5 r v K v l l F b w C l F i 8 G S j 853 E W a F Q b 7 D d k n B Z d l e 45 V G U V + T G J W Z 8 G q R R 71 G C x 6 k m O C b V 9 Y 1 C r Y P W x c F z A q Y 8 l 70 o u b P y b x s J y 9 t P N q Y j r 8 p 9 v X o 2 I e Y C 42 c Y D z W a g k k o S t d t S h g G k G + U e j m d p D 5 I 6 D H + d T o 1 + l L G 7 G R / K 8 s 9 c o A J / 3 Z 6 k A 7 Q K P L b 6 a h F i P a n x r n S 3 H t x O U k T 4 R s F w 2 I n + / L 4 f O z d X O 9 C a m 17 M h q 0 Z S B q v S N g a m v u v j 8 I 6 B S 1 M V H H Y 0 u V p j p W j L 967 V H v P j c l S p z 9 z X y A N G o m u 8 q L 6 H j 3 O x 9 b H o V B 73 T 5 L x a 3 j 5 p 1 / F H G v T E U c x h 3 C U P B U W p k k Z J D t t O d v u B 2 k k m l + o u y T H A 4 h E w m v K r U W z 1 O d L n 4 F k j j p o B k y w m U D R o H j u k 8 t F B T F j w 1 m h N z h d p Y V c R 0 G M w c K d a M z 23 M R u U 491 g v P j H P N 1 Z F 63 x 8 A m E J l s y f b T y m H 2 q t z x 8 N O Y q s m r s n a 1 f m Z r B 7 o o r p T C / k C i b P k 0 B D h H 9 G b v A l 5 R S x q j Q g j u 9 i U G 73 M w x e 5 m F 6 Z 3 l s y / Q s C F J k 0 b N 5 y R d j / j u O P N H C o Z S F n Z N G F F b 2 T H X m L L A G 9 K V i c w V I N G W 6 L E / n K R s p q W a k C N f C K + o P L m 6 M m o s T c 4 n a + n / n 0 R I 21 N Y 5 V Z X D 1 B K H x k 9 p p f I 1 Q P h o b B Y P s y q E k Z v K z B I r h L w V g k H r H H p X c T p h N b 76 T E A f W i q 3 t v m z R a p 7 x A L f 0 M n G d L L x M r 58 M 2 G t M E w k X T K / K Q d 7 + + H N e z r y r D b i O 3 W T v k h b N B 34 W 247 z T h 4 x C C 8 V r E M F y K J y E H 2 q P C 9 m F l / l Z 7 o V j F Z d o z j 4 w v S O u w q Z I W 4 g 1 x n G c A d b m q r Q m k y R l P z a + C R L 6 o H n Z c f P 3 V A w 0 9 Z / Z 9 A 8 Q q v J G 93 D 6 G J E s P j v N K y 1 z h 7 Q Y K 0 D W a Q 7 g n I 4 + o F 24 e p i + Q + y b D b O C 6 h z t W 1 O P 6 h G f n r x m Z S Y + a w x o g v l 9 s z 3 s 2 O c S g / u / X 23 S u + S o h g n 8 U d u M f Y C H a n g p b G U o g Q T / k e t G t E 8 x 9 M H n H R r b P / v Y h U O E U E s H C A z y + + / Y C Q A A g B Q A A F B L A w Q K A A k A A A D I W 2 t I 4 o J l 9 x w A A A A Q A A A A L Q A c A G Y 1 O W M 0 N T Q 4 Y j U x M D Q 0 M W U w O G N h O T h m O T c 2 M W Y 1 M T Y 2 L m Z p b G V u Y W 1 l L n R 4 d F V U C Q A D R 6 z i V k e s 4 l Z 1 e A s A A Q Q h A A A A B C E A A A B / d N r Q L 18 o Q w J Y 3 / W 8 J X A 42 W 1 s G A f m + b x n k h T J U E s H C O K C Z f c c A A A A E A A A A F B L A Q I e A x Q A C Q A I A M h b a 0 g M 8 v v v 2 A k A A I A U A A A g A B g A A A A A A A E A A A C k g Q A A A A B m N T l j N D U 0 O G I 1 M T A 0 N D F l M D h j Y T k 4 Z j k 3 N j F m N T E 2 N l V U B Q A D R 6 z i V n V 4 C w A B B C E A A A A E I Q A A A F B L A Q I e A w o A C Q A A A M h b a 0 j i g m X 3 H A A A A B A A A A A t A B g A A A A A A A E A A A C k g U I K A A B m N T l j N D U 0 O G I 1 M T A 0 N D F l M D h j Y T k 4 Z j k 3 N j F m N T E 2 N i 5 m a W x l b m F t Z S 50 e H R V V A U A A 0 e s 4 l Z 1 e A s A A Q Q h A A A A B C E A A A B Q S w U G A A A A A A I A A g D Z A A A A 1 Q o A A A A A ' A N D f i l e : n a m e = ' J D L
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac48-75c0-48eb-8b06-4338950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'JDL1731398612.js' AND file:hashes.SHA1 = 'afff445d38b90f9b53a7fdf1ccedcc781790ec26']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac49-88bc-4260-bcff-4a51950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'JDL1731398612.js' AND file:hashes.SHA256 = 'c33babaf1e100437a8eac1dc30be2176f3ff775ef195b7f8a16577725b6574a0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac49-c420-4803-8d06-40df950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M l b a 0 h X 86 y O D g o A A O U U A A A g A B w A Y T N h O D A 5 Y z d m Y j h h M T J h M W Q 5 N m E 3 N z g y Y z Q z M G J i M D F V V A k A A 0 m s 4 l Z J r O J W d X g L A A E E I Q A A A A Q h A A A A I c X E q 26 T F l g c P 65 S 9 F Y u R c o 8 T 6E8 M O 5 J Z I R g G T c v D c S 8 Z P a s b D 619 / h p R q T T W s R G f y e a G e Q f m F I d O C G 2 h O r g y r K e d O x m o P G f 0 4 g m O R k O 3 t c t G T r H v V 3 T + w d T a U + 5 u 5 u t R w 1 q K 0 h X V 3 p H C S V Z 9 K s X p G r k j w Q J y Q T 3 k 7 Z 3 Q t 1 z k L T Y 7 a v p m x Q C k 8 l g + 9 a q i b X r V N n L z q O m q z P F s h e 0 j T q F z e k T S B k L G b I q V j v V t n 2 j i L A D M W k P a s O U h t x a k n / F h V C 3 C V g k D i K I / p X / f 7 o 1 Z F E N 8 C s K s N n H 1 G e 5 k + U D q 12 E z s a c d y 5 Y O 5 q H F N T w 8 u Z G 97 D k Z j S T 6 G b F I L G d G / + / K S q H Z f p t 3 W o 1 O q 6 Z z k H V d r i v M W b + J s h y w d A u j 7 m 9 X t + n F R D T I N w K j z i 4 z Y 2 j / A w x v Y e 9 A 3 i 13 m / c 2 k 9 c H D W g Y h D l P x T n i A q 0 p D T h I 8 g f w P w p s R d X s u i s u F s W a B 3 u T k B I 4361 I S Y N I P y N D T i j 0 k x T X e U 4 / z Z 9 m i f x J W S z b Q G Q P m b l N A e B p U f R 3 d e q N L 6 D s s z d b e L F / W v 85 G t V C r h N k 3 / R w T 4 S N C U 0 g M K 6 M i d f w a t 5 S 7 K k r E E f U v b p y d c o t y r n O 1 e e k a b M i s / p F n H Q Z 16 u C t u W 7 a G 2 l F 9 k O 5 a V 3 m G 8 K j b e 3 m F Y T w 1 D Y K o e C l n 1 T I Z r r D 3 M X P B 0 s v J C L 6 K M / L j 25 d w 0 0 x O 3 y w m g 0 l s 0 j Z r S g h 8 q 38 M X t N / T j s K B 9 F l l V s 4 M 0 c o u i y I X K 95 a B 0 0 p 7 X 9 W h w V O o I H 0 C X M 9 z Y B a V A J c f i I q B P I g 5 B z H V R Z s z G H j Y q N q O v 8 I g x C K 1 v n 3 H M I M U n p o D Z E Z / B 4 j b K o r E F + R q 0 Q h + j 7 J E K A 8 A k s + H V L x d h n t Q Y V N 6 d p x l v k f B / D + W 1 S g H G n m y + Z u n D x l 53 H x r n L z B 3 l 6 i S M f K V Y D 8 I 3 Z i p u n N n 7 b / W a b n W 4 s K q p r p b D g 37 R B e G 3 z W M X f 9 S V V y 89 u P u k E + U H j H 2 H p J I U l D x e S f L Z r + l o R S G h y c y a J c x k W O 3 T m 2 b C t L 8 X Y S S w / f 67 m W v l c o 6 e q 7 Q S 3 d A k u Z l V G I B H D 7e1 b 9 A 2 w i j V b Z y x h 2 h v m g w W + I F x 5 L e T O t K 4 I 5 M 9 y + w u G U 30 a X R x B x 6 q u N g v K l f U v i U q e N X f z v H 2 H V k V J C 2 I G Y l f V / r q Y U J c v H 7 j Q b U d y C O h w n u 7 w A o F r i B a U 5 U P L H 1 u i h N 8 f j 7 h 4 K h 4 Y L X 1 Q N O X Q J T w m q C 9 j q y r U 2 b I R y t 5 V 6 d c 2 s 0 3 d L 2 e x e t c L j o I 1 n + 9 D T Z / E Y f J x r p Y a X S + P m t Y 8 O p N l P h M 9 j X h v A u U E L 6 Z 6 f C f h U C Z G I J U o j g + n 0 e V l o B v V 765 i k p G X 0 G r z Y F + E a 3 n e U D M n u O h E V f 1 y 26 T z 0 K H u f f X z 9 b o t 79 X 44 H o B J q s R N e a 1 K O D b Z 5 E b N m J F r O i B W x 60 i z a 0 5 Q Y F T q W g p a a h j r 5 V z k s z u B z g c z B F E j I l k c 4 I I C y v 2 u 8 b r A B I q w R 4 g 9 B w u 5 a P H m M J j p x s w B / X H x 6 A P 8 / L N 1 l s V P y y 43 C W r X y o P b 5 l S k V 2 O w S J A g J 0 c 9 T A F X 65 Q l X X z Y Q W x 2 B Q g J N 6 t p e l c T l X w c K U E I g j e T 4 m x U t G U 6 Q 1 E c 1 u y t K 3 C Q r f r Z m P E n 2 X g Q s f m Z 3 e b 5 W x h E Q 1 A 52 + d y A y + a f o g a N A z Y C m 0 //5Bt4finCn9/QNe6ebqTCnBY5myFGd2GDyvw8/mx6zrKJxnkisz46rvHlFSkztyT9GpM7NlWbKXvP+qTU9g8FNYVmGn4YtnMHFGMfZP+WESWpJ8dvznpZa7MXIkeLbBg39bcseWb3bDo0mLKuO/DcngzpNw6t81Cq9R9+y74dJKSdvRNSXaVyHCTYPEztzbnFKFD7fQpEGEeyDvYuixxhiwiqacgFA8BDcf3hvoGMxMHPvaGLbHp+3LInE6RK7YPVIDvH/amVIihbiwo0zZ8qQ6VPZVACDxm5AE1gY6wUo1/rtOXcgjmSfZadZXK6H+UCQ/0a7QJc7GXIRwXqu32f+jZcCURuiPuyFQZeFn9XgVkyXnPRrpUbgGiU1nB/Z3yYAG6lBKHFEdOhraTrLk+ncxpaBzeMKWh0pzUytQZEOxyh1xtD9tnscswq3mXGIWOSH8xD76GbFFZGGA/WoLT/K8gsueeJtH48F4HatJt+C7qv34x53EocBQd8wLier8PCJEenf3aezSJWnJHBDBewUkWLb3K3v171iZOuxRpw/H5wr9kBGIU75LyUDUb+6hGpuJ/BwEQMhfXhDfdV8FG6NdG2eqWRevaf0PYUa4ZL3RtDBMaJ1SXVaWnDrI6vxKx9u3eB5l+Hx3uTI6yn9N3UA4rAjJscvcdYEj6KhlrTJt9KuY7tEN1KLMhQiE9r4DP35dxKDI3N5AGsElB9Sprby/XLfgSZEmSaaT+yPnVlCwuD8PW9D8qoDY5ZBZZX6CvGhkQ/JXyi7MwzFP83Stw4kW9vLthxURiaBXLRU4fahwzXb/bGpUh6vhgEms23TCxPOvEq018uIMWJRYfBgzdZzfLOrQTK3jEwsQuiXAXy+Xc5h9jH1VZUPjVTDNqanpqm/gMuyfRG0YMHNQs+4s4SYfSIwv3x8MlVm50YS+50zXaSrhbiIKZlFuDBY5BgtWqdB5inGJ7+EnE12ubjq2FYr4BzymRjvPFC0mOHIlh4Z86NdcqVATerjTlg0TxvQETV81xSvI/9/Iw/tvEfockdPQJjE7csjQvH1/8dcAByNkIjG3RrpSsYFPm0rRl83U7N8Cqq0IBCR0pWU3gzY3OjgYHyVWbc/TGdkUjLo+w2/Sw/+TBFtO8yZxvWRJ0NPFhDYxVlgE8h29h1l56Fzjze09Hc0PYAtnH9qScxvT6w27B/NjKwEpO+1645NPauEERqBlVEoJGdeB6KcZj0Ch5zmCy/Wcpg6LEDqmz1tmWU5X+Fc6NtbVJrKUwL23srHpzLeIdusZMxyDg6giQoFZpyB6hrtQp6zhNsBq0SzGiaLgp04FOsBGv7oDGJA4ZEkqFREsW6xGZvuuAv/ZAvcKrrGLvGo6GFglCNOAHkLqzPdfPNHD//URv5AaX2W14OgksYyxYFrelpxI2iKUj3J/v0VUuqBQDzM3Pim2tl7rtHu/WPk1DmzXKli9/t5LDG66kwTuNTKNtJ6SkfBRlr11mJDSj9yTIJ9lLmSAiz4XMtaISNhaOBqCbiIaEYIqwWBHEGpIxLPo+OaIQbQK+Qfz2XJzi2GeFikL5r13LwJmiH1naQysGwhTQ/zE3Qm1q6G/IAGTiSbeSKGGSby9pndB42znVysj0TKPpQSmnmZAKBNqd5GmLPi9+tmzToSd9Fxn7m++1ZUrY4O94zIp3s55FBp9fxz1tRXkPEJGkaWsRip8olSIschlXgJcMPcgRCizB11UufshlEJVSJx5w2BwUwsh4jXpmXmXbQ+cwdv3k27iJHf7sh5b/vjhVYcGpmNzHoF5Q3aC0YtJQAUOUHdYBvngbntC6UDMkht/P4j7dHxBIakyeAtUEsHCFfzrI4OCgAA5RQAAFBLAwQKAAkAAADJW2tIl1tibxwAAAAQAAAALQAcAGEzYTgwOWM3ZmI4YTEyYTFkOTZhNzc4MmM0MzBiYjAxLmZpbGVuYW1lLnR4dFVUCQADSaziVkms4lZ1eAsAAQQhAAAABCEAAAAvy5iDp4DWO0Pi1vvIsImGpVGmS4N+Sn+CaKcrUEsHCJdbYm8cAAAAEAAAAFBLAQIeAxQACQAIAMlba0hX86yODgoAAOUUAAAgABgAAAAAAAEAAACkgQAAAABhM2E4MDljN2ZiOGExMmExZDk2YTc3ODJjNDMwYmIwMVVUBQADSaziVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMlba0iXW2JvHAAAABAAAAAtABgAAAAAAAEAAACkgXgKAABhM2E4MDljN2ZiOGExMmExZDk2YTc3ODJjNDMwYmIwMS5maWxlbmFtZS50eHRVVAUAA0ms4l
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac4a-6a30-4e6d-b15b-4083950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'MWH8989955508.js' AND file:hashes.SHA1 = 'f92a435a982d05ff3df983a3e5a3ce7d97c38454']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac4b-6d08-49bf-937d-4959950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'MWH8989955508.js' AND file:hashes.SHA256 = '5df6c456ca6136917a8dd1f98c5316d4bcc438639196afca58f61d31f8e6e6c7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac4c-6a2c-408c-98ba-4cdf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M p b a 0 j I K p w D 5 w k A A O o U A A A g A B w A Y z Q x M T Y 5 M T A y N W Y z O G U w O W M w O T Y 0 N W N h M T I z Y j c 3 Y z h V V A k A A 0 y s 4 l Z M r O J W d X g L A A E E I Q A A A A Q h A A A A M Z U Q U i I 6 P / L G W M 4 J O V a Z Y O U u b v i z J z W e l T X J 46 N s x n Q U + x + t r q / a R E c C F M R 4 y t i J G M U H H z w b a j M q / G L m 42 A M v U O N k c X f u U E 1 l L 2 G 7 i g F x e Z 8 n + c B 4 U 0 n v q z r 81 u C 9 N h 6 c r / g g / w O 7 Q F Q l U O 2 n m 6 d y k 0 p 1 T + 6 y A F O I y t C w M i 91 r 4 i S s b I 27 s Y L 2 K a 7 s L u D N G k b I M e Y T O q t y H i U g 5 v q + 5 T T K / c Q U 6 w N y S 9 L / n i d Z D i Q 0 t w 1 B O x N X Q a c m x E 525 / t G S t 8 Z G x v 7 F + X m d p W Q G J S a W n K h K 3 M E 5 G J 5 l m L / x x H J v X f g N 6 A f c h N z f Q g f V 81 d V 0 h q X g K r P l v J A L n D R q 0 k y y D w Z n D H b 5 S D V f s b q Z g D b s 7 x 9 a A r P r o q A Y b W d D R C U V P z Y B C Q Z 1 X 1 i t + I X + X J l 8 F 1 F n g 1 n a v 0 R b B 13 P M t E 14 A W y n C s d z o / w N b h m 9 g r u y O X w m J K 1 F e i 93 C j D a m C Z 8 M 6 s T T H u + R 7 B c n r X g h H e m 1 z O s Q a h + D K x V 2 q 6 + K 1 m E h m W / y H o n q s B p 7 b z e N F A + g I + p w n P 9 D A e g m z I b E / + w 0 e h j F 3 L 9 / 8746 p T z E n t 6 h U C h F Q 3 n H 503 / S y e 2 s 570 h c w T s X T s b F 14 E i N m y n 6 R Z c l y / h u 0 x s w z V c W F E + + a V B C N 1 S Q F j 0 P e X / c 7 H 1 q s s N t g 4 f S / Y j d A g T 3 C 2 m g h u B h e b w 6 A c 4 F X p H z c 0 O J k q Z 9 c Z S b 5 i A 4 / 1 J O C k K 9 P J V w g W u 2 j O n 74 d Y c E P u i t i U A 5 x R V W K t G p E 4 J I e n y j + h s F L N 3 y C c 8 H D Z w d o E I M V m e + B V n o x n S d 4 V c 0 f w K H j t t m a N 8 C C 9 T p A P S 0 7 Y G y 5 G T F K C r k + l 0 b J Z 3 B 6 C O e b S H z I h D R p 97 L k Y 6 K l J P i C i f p + s J G I p x O p R x G J p C 7 Z L 20 J 141 W n k 1 m H 0 0 G 2 p g p f n 0 F R q W f r 3 T k k g q Y k v y V s k 1 d Y B W t h O S f V 2 s B l P M P X x 8 n w Z e X W K 7 m 7 X x H r D Z + + 8 S D D Z i E e L H U D b K V N 4 w x T G U 0 Q V b f + H l L t 6 x 0 y w k R e n z d P I T k 5 V 7 i o X J z y r f U V r v M r Y e D + u K s 7 o W 64 R w r 4 t 3 r 2 z l H f V T E O G q s u X d N Z j m S U + V R 7 N m 8 y 0 h v B j I + t d k Q v v q c 9 C m z n + H 9 z y 8 y g x t z d M c 9 z c a P q O Z v i q 1 d 4 Z 4 U P Q Y //KhgBMNyeZC084m5TS7AiLueMQ5mBYoATyEjD9Cc3LjkQdh//WuUS+Esy1idqDObF2DHHC7GHm0SQCqBa2QspXJL0ImzGbh8GGyL12INsMMtrrG0Q0epSPgu7qz4EYuqWkVDnG1CcPVar68qbV89+Zr1vgCXEpWwfaYWXle8XhRA4J7a+rYKvj4CxiwTTZGlKtNGGFSwW/JdP8RwL7Q6o+RQEOiNKlxjBRnmQiM9Epi+AJVqA7v0FfXG9bNQTkxgGSLVJ1FGkaDP7MnDsFutCXpiubRwxMxfzWZwGXn2GQ4+zmDfVhZfwYG3T0tORkH5v74GGPZcKN6/TP8O5WyDGeNdEFXB0M0mOUbfleDad/k/2rH6/oi3UOAzLpgyARLp+/Xw+g2TTCq4ItUSPHFdQF5yFTj0k1dyczEzU/hJvkUnuLHOGnw1SFglOCvRGMNC1FQkvERuM5qgKHqe6znGJ/EJnGg1nEG1PPkj1Gv7m7ABcrwNfqnRhwLd83zKLt/e2rFSV3gFBdZwfmatEGA1iU9jqXqvWLdGj+HmIub8T1DqiWXKQI70qWY3Da+waPBTPTquZaa4FL6Oh7m+eqq8i1C0moMD5moM8pgNjqdlTAC9ZzrUddz5hLCcLQy72BHrk/HFwve0d3/ZgXkzMWrJxgzde3p/U6y5jOG4ma5Nr/hr4A+B1WJAm0kwKtqx8xtWeBso8mXHpjsEBCl11eYbHC8QznKoS6rLCvvbu+0zOj9EzvzK62W1OiCvbKUSePmkdzXUDpz1Uj5NI/JngFCbjOvpo4V+eM8uAt9AaaaG2dPpaYAyN+2te3T3q12WlBTIuUyFithyORU6PfbZrWKUGOZDDOTtDzfN9oD6nM1cK5bSi35Yw4hcDnlHRRGXLTP0P/cLq/ei42hiY8DnnMJKee4Jxu+uGruXrI5Nhe35uOWRDUFtezgjWQ3Z95XOg2KnRDDMh7E8zpuvwdNNJamFXEcwePR02eOmRzSg0XGWmPnc+1sX2tglXcEjN9MhE2r9zsWjvdOeh/ruyl8yQpmSUBAb7FNEyZDDg3NsHF7nUiXc2cJocR/dbWzhQCL5bvYqr1qY/zwki1u1+AkQz9jicMIJvcDCTJlReX3Ap3E35IaKZJmzq6UYdMuSaJMIUyYU1F6pt3dF1vSOr+XwxgVrc6zUrqcG0HaxCHZuxzZfMLsP2xwOLBQCc7og1pcdM1UL+MofutRXwB3t9guLi4OMWjSlkxihauRHKpOwp30PUMARQTCOFVOmWVoh7kZ6PxMg/1nD/zP0SiM2GRagp3X+7QdwDByHHxurHsYau6LbvROE+kM/B8WhkCYuOsTjgKqp3wD4vPs0VBBqJTiTjbXanBRUA7uE5bIfc2+R8q0+TpPBW9HLvEnQCW5+MrbDy6wWp+nDhBqzzrBw+97vRs2Ygw+TgI7qbo6Rr0pDLQy0eT8yRG3CxHFGtkT0urrlrtOjh/6cYW7mqtPDGknCsXPVQad1eKbUjYHxi6vnv9wv2dG1VZgwlTlYlt7jVFDy7ZMOM9/rBCPB6I5RreoQVxZWyxoKv5/sOKh6kXxTlMKbU31MLZDSNY/G4209Qs93gY8uFPNzb3Q5hKEdqLgmbma1kRpZV/kKMYRNTTp1XnsVytfx+CMhu693mYrlIlnUwI2VCO64az0BBTIicx5Borb864jpTrEz+X+lSVkws7XffMpkuUjP68MIl1eiohITZBvOnH0IySk50At9BaB7AhIHMonye4higzQRL8JIwjjIm9/9bWF/72zsZG3s6UrP81gbLg7xQyEH5dLz4irPB2XjEtx0Eb5JJgdDPeuYsTfP6zERsGJS8Ll2lQ6mHx9/BMP6pNbhx6ZVKrwHqNTLbTtdELSVQbrhIhaiUT2o6c6/uFY24OAqgFYqM8DqVBqn4VCIOJ8wg+2JEsSUraRVJApO6ZNIllhdmEx1u0ggqpV29DCp+GvYZsW7WQdDFSEnepcOHCd9miWQMTwHz/MFpBRjB9C2mADbptxrZ3YygD6ll6Eizan0vzfPQd136d277q0o7kbpB9V+3T3S9mBT1mhEMyazWa7EfugzNci6OhufRkFUCpX4ILXLUEw8xTo/Ly1jisMYqYzKKauIpyzaNuv9EhUOX1UHbERIJ+ZE3MFO6EOGQKKT3H8gAViHP92kFTCaGw+ApYnHuYybiStqCvgI/3ckSiN0nDg7sqk5VVWNi/KcCWNPyM1mOFmVOsRRCTW08fAI8RMp9dnvl3UgoK81FNKUCCOQZk72cUEsHCMgqnAPnCQAA6hQAAFBLAwQKAAkAAADKW2tI99ir3RwAAAAQAAAALQAcAGM0MTE2OTEwMjVmMzhlMDljMDk2NDVjYTEyM2I3N2M4LmZpbGVuYW1lLnR4dFVUCQADTKziVkys4lZ1eAsAAQQhAAAABCEAAACTluyhbSqbnhoAUNXuWU8ak4l6QSQqLfIeC0LbUEsHCPfYq90cAAAAEAAAAFBLAQIeAxQACQAIAMpba0jIKpwD5wkAAOoUAAAgABgAAAAAAAEAAACkgQAAAABjNDExNjkxMDI1ZjM4ZTA5YzA5NjQ1Y2ExMjNiNzdjOFVUBQADTKziVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMpba0j32KvdHAAAABAAAAAtABgAAAAAAAEAAACkgVEKAABjNDExNjkxMDI1ZjM4ZTA5YzA5NjQ1Y2ExMjNiNzdjOC5maWxlbmFtZS50eHRVVAUAA0ys4lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAA5AoAAAAA'
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac4c-4f40-4b67-9169-40dc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'OCX5024341206.js' AND file:hashes.SHA1 = 'ae4fc4458af409defde4d2be0a5fa07591325700']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac4d-1778-45ec-af39-4505950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'OCX5024341206.js' AND file:hashes.SHA256 = '0e1a591af36e431036ee8ccc2ca2b1c339f45e05fef95ad2be3d3ca4632ed457']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac4e-dabc-4cd8-b85c-44fe950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M t b a 0 g I V 81 e p w k A A D E U A A A g A B w A N G I w Z j M 0 N W V j Y m I z Y T k 3 Z G Q 5 O D Z m Y W U 4 Y 2 Q 3 Z W E 5 M 2 R V V A k A A 0 6 s 4 l Z O r O J W d X g L A A E E I Q A A A A Q h A A A A W K E R F v p 7 O i Z a b 3 s V y S q b a L l P 5 C w L m 5 a g s T R 8 z q 97 L H k K 5 h W k 22 t K l 57 d y + K F 2 f q f 9 p g P P b D B I Q O T 75 V Y U U n / f 6 S E 6 Y 9 C G z j V a z V k Y 24 B A d k Q p 5 V p 3 + U h q g R G k a N Z o d z 4 K l 61 M j h A 9 a l F w f H W R 7 U c g f b + O L N D x 9 d r 74 Z 6 B 0 K / R 6 / V E 9 R A i R v t m N t L X W B M O v i J 3 W W 4 + R 6 U Z n S J m v a P l 5 k z p 6 + W v j y m 53 s k u E M s 93 c L V 0 g e + 7 l R j C o 1 l x 7 Y 1 d Y 6 H 5 y s 6 t i Q w A X j x l P Y H v k o y Y 33 G g 620 H K C / p b J x O b h F z Y d T W c Y N p A 70 A z 0 O f W n d D X l k C C t L e g D Q B b e H a q m J S o 8 R 1 J O / 4 / J Z a Y n W O v s R 5 V g T 7 j J R W q 587 l J w V S y f s e G S A q x 0 V k m c P A T y v y a / L 1 H B h / r 4 + i z c q W 0 e V r f J 8 a s b p K Q q 7 L Q r 4 B 0 h U J X h E V m u G k 2 + T y I I G s w V a 98 + j u 1 n X f s b d 0 W m B W Z O 5 D V y q z V c a + p Z 9 J t u c t O i t 0 a B Y s F D U 23 z f F v t y 0 i Q / P J c q V N 2 F u z y L e D r M W 6 G 3 / h P N 34 j 7 I l a 4 i 6 j V W + L h T G b T p 6 F 0 q n h b 6 s I h T T 2e2 U Y C d r u I G v X H d R P s h t 6 U n l d t Y r p F L o g u I F y B B K J O X 1 I F i j 1 u q R m 4 G Z j G a e e 8 h B s x X E I M H 4 r o 74 F L h W K 2 w t 48 P m v 3 R q a x o 4 J k N 9 P m y + c X k N 94 X 9 e y p y / M m y I A y D H h e J P t 0 0 f b L C b o d y u o 5 J 20 b r j w l y F 3 t 7 m c o p p M 7 n H 1 u 4 a r + k w C Z N N 3 c G 7 x e 3 N 6 c B R a j G y A 4 E V I 1 X u Q 2 M r F e y Z f s q S r 0 o 2 C A i Y 0 F I h L + L z 85 j K L 56 S G U A 6 M S N r f x E W + m 42 Y B o 57 f B 0 j S + 6 f Q Q J N X k 0 E z c R a F J t k R 1 L D T l l I c K j B 6 u b A r j 0 B Z K 6 l x w S O N t x 4 s I H a v R A r 3 d D + u v z 2 p r x 8 B X g 2 R x L V J k H w L 3 l v 6 h V L p o 8 N 68 n o J l f G 5 r / w m Z m m Z 1 v y 5 B 2 + x q A / U O x j j f N F J C S W J J M D O 1 S b b 5E7 g v z 7 u Q d i U u E I P 9 D b 2 v d 5 g F p F E G A 8 O B O 7 q f 8 + H X u r C z O V o b W U D x r 5 E M x P y 4 T k I 8 P V J R B 5 j g N f v 8 k L X T D P t I E v d i O h d Q F A J t V F o a q t o D j r n x A H e 8 F b 0 2 E h v C V c j k C u D U 7 F J Q F w Z 8 y u 2 T U / 4 k w U M v w 9 M + G F K H h / V 9 Q F r e A L i 2 V O z 5312 A I U p v S 1 z k T u Z k r p h y d 0 Q r p X X l k i p I A o / N + I q e z o n J g E o y u 7 Y q 6 z N Q i N g o T u F r 2 n / p h M H f 3 A f z M h g Z b U 0 o r e i X W Y D A U S d F y Q b j Y O f 4 Z T E Q 2 H t A 6 T V O M g s Y s L T 2 H 29 b C X X / o 2 I G n 88 b s D 1 k 1 A O 8 / B O N I e P V i x p l F t / l N 1 R l a R t M L 8 d h 7 B X D T v h M O J o E q u + Y 2 J A A j m u W D r Q e K 4 T M 0 f k F E U m 7 k E c V g I l u d h 0 P c S d H 7 v F u i g l Z 7 m 0 h P 4 Z G r i 5 x W u v 1 A q k 4 H i J C V J v j 4 b n f n j A o 9 Z c e v Z F V 7 i b U g x F A 20 n a h d J 1 O h C c U g B M 4 K h 9 B W + N v k e r p 8 a y E l k M y 1 u A G j + Y H u n T a r 3 V 18 s 3 S Q 8 G H W h y x L t 1 H h a a r S e o o C R Q E f q F V d p 5 i G T v U 9 c E m V x x 0 s U t 2 c p X m V r N E w / 9 S 9 m 3 y e + O G 26 W 296 X X l c y s s 2 A 8 a V T r A f u D O H t l W J 2 i S 44 T b M D l X p X B P m D h u w 2 g 4 H I W x E j P u v m 0 Q P A i r 3 L O Y z B P q d v W I B Z Q v x Z S 8 f X m 2 y d 5 l C x 1 d G K 6 z R 6 G p O j 0 R g + 8 h 8 X l A l G s F S Z e G 17 i q 5 H 0 I G + s h 6 k q c M 3 N s l + O I q T k B S r / k U Z U 0 R G E w 8 + 4 V q D G z P c A T S B m 4 A 4 h a r X u i A O j R 2 S G a 8e8 z D o 3 r 1 t O V 80 E c n N Z Y K 8 r 83 I b Y 5 J j 5 E + n Q I K s K h L 3 D r W g w f v h T 9 X / O Q y q m R K w S / u g l Z I r p X V Q 420 w 84 + F U a a e 5 I 8 x N j s T x u Q v Y F 1 B m g d A 22 T M Y Z x 3 p 9 / 858 Y 4 O / N M P d I W b M 8 M s p 3 f v b h j 67 y 79 F w B M u l D x E J x L 7 M n B / 9 S s 1 F V Z H o 1 / + J 9 I B 7 + P / y K z 7 A h h b 7 h o 0 Q A R Z z F M y O g y K N t 9 j 4 h V 3 u q r D v N x A W z S D j Z m 2 r 0 I U L D L n l T q y m a 1 L F Q l 5 H S e K o X 7 d b K o 7 G M i v r b 9 l j P a B z X 7 P z q V T l B K s p o E r Q V i E 0 m I q b h V + M l / r 7 j A e C 0 + F o P 5 a V c p d / t t 9 J i u Q P + d + Q v 18 y 63 F 7 Z W W A 7 h t 0 A b 3 O 5 E M Q y c + X K B h w U R t K p w X Y y N v B 7 A g 5 X k M i R L z O 9 N D S / b y 2 m k d F U V K w 5 N K o d 8 m d 45 o y C d X O L a X K g J W Q z L 3 X x a G J 3 m z 7 B e U u E 5 U j H 9 j B + f a / x I T c i T / j O E B p i E J N h z M K X R G 8 G C m J R T F k 4 Q j 8 C G H k S t s y O X J N s V T u I K x S J K 0 u 3 d q t 7 q Z u O k y v g n X 9 Z J a N A w B U Z I Q U O d B D U A X g h 1 J k j i P K W k y m d W y 59 I s j e 8 E z / y k B A Q j U m q E 7 S i 7 s D / B 46 w + 27 X A Y j W l O D B 3 V S + U / I + R / u H n R a U J a 1 o t 1 Q P p w N 2 X 9 E f E D O D T 88 J A k t G c h 3 b 9 g t J p 7 h 96 y B H p D l X l y h C L U d m l F s L Z h I + g v U C W w g D R t v O G A V U t 7 g H R 5 n M 8 l x C o A A m d j C A k m 2 j S Y l 0 8 d Y 5 Y / T 4 Y J B p p G f Q N R x P 7 / z V E C 5 A P Z t V P d / T W h D L W l 9 C z z X Q u C S v i W u l R X o a y U z u P w w 92 M Y n w 66 a T X l S C r h t g r j W S S s P 0 Y 6 y Q H l I K G B F H S 4 U I R / X D w y L L C p z B o d p O W f h x E e X 9 s 37 b U 3 n 2 e n 4 e l d H o F K r m y s g 7 P j f K C Y i S b 2 N 3 K h B Z v 1 w t u O F W 4 P s P S v P 5 I t F e k 3 C 3 H 9 a G w 1 i N 378 N R v X n 0 a n A d H r i k 2 R c u 3 l d S / 7 c E 4 w u H r 0 E s 5 B 5 J + G n C r V g C m m 3 w 18 Q L 2 q N v M N f z L x r n B x E 4 Q v z o u 6 o s Y J 8 w F 7 u 6 x L X w K m N Q x e E S i g s X Q H I G q 6 i w L X I g P r 0 W / V / u z A Q V A C 5 W P / E Q r Q Z q d n U 0 o 5 t J T 763 x o 3 m W U x N V n G g 4 N U Y h Z w p e 6 j a L 5 n 2 Y U o z t g Y b U Q Q 2 i h m U p M T R w s N n v j F s r q a S u i E 70 d o E K + l k C o Q h S S 0 e J 9 K i Q m w N M y J I f 0 2 P a X O + 1 d r v Y 0 7 Z E c c z O L + R u M W h c c y 6 O o n B q v M v G F V G z A O n g 3 c o 6 K 0 H A o x o O W W R / a p D 2 H n Q 6 p Q G T 69 z c K w 9 x b k n G h 5 f G z o Z o r R E P T a m u b 2 y 3 q t Z P / 0 z S 0 / D P z 9 l Z 7 h I p M s r o S N l k C 6 a 3 H 4 Q 7 l q a X w y l 38 W 60 / J 2 i C Y / Z Z t w J g b T h Z H C s R M V W q u v / s r A x l l o f D o H k A 1 S R U O t M Z K f 8 I S a g B A b T d a h 7 c B B Z C C K x h R D c 2 C j z 2 + s W y o C n 7 P 8 v 3 X l V n s p u k J 9 Z / e H 4 s o g Q B V i H A R 5 / X E A m L V t i / 3 g t p x w 6 E U t Z 2 n 7 M U e L B m Y E C v X w v F + t z s r 2 o W t i G U N U S m w G z a H P X + l Q S w c I C F f N X q c J A A A x F A A A U E s D B A o A C Q A A A M t b a 0 i d D + h B H A A A A B A A A A A t A B w A N G I w Z j M 0 N W V j Y m I z Y T k 3 Z G Q 5 O D Z m Y W U 4 Y 2 Q 3 Z W E 5 M 2 Q u Z m l s Z W 5 h b W U u d H h 0 V V Q J A A N O r O J W T q z i V n V 4 C w A B B C E A A A A E I Q A A A H L N S f Z 2 k 6 g n n h a n n R d S O t 7 e Z N V X + 97 S s 0 + u + j 1 Q S w c I n Q / o Q R w A A A A Q A A A A U E s B A h 4 D F A A J A A g A y 1 t r S A h X z V 6 n C Q A A M R Q A A C A A G A A A A A A A A Q A A A K S B A A A A A D R i M G Y z N D V l Y 2 J i M 2E5 N 2 R k O T g 2 Z m F l O G N k N 2 V h O T N k V V Q F A A N O r O J W d X g L A A E E I Q A A A A Q h A A A A U E s B A h 4 D C g A J A A A A y 1 t r S J 0 P 6 E E c A A A A E A A A A C 0 A G A A A A A A A A Q A A A K S B E Q o A A D R i M G Y z N D V l Y 2 J i M 2E5 N 2 R k O T g 2 Z m F l O G N k N 2 V h O T N k L m Z p b G V u Y W 1 l L n R 4 d F V U B Q A D T q z i V n V 4 C w A B B C E A A A A E I Q A A A F B L B Q Y A A A A A A g A C A N k A A A C k C g A A A A A = ' A N D f i l e : n a m e = ' P E T 5580821306 . j s ' A N D f i l e : h a s h e s . M D 5 = ' 4 b 0 f 345 e c b b 3 a 97 d d 986 f a e 8 c d
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac4e-a798-4102-9e7c-432e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'PET5580821306.js' AND file:hashes.SHA1 = 'b132206de69e8b4bce0540e7d998ecc63e823371']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac4f-3d04-4d29-bfb4-40d7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'PET5580821306.js' AND file:hashes.SHA256 = 'e2689971c91e31f8216c3a66c59b429305839ddbc3732f36021b54039eca670d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac50-7168-4011-b461-497f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M x b a 0 j G T C 3 / y Q k A A O A U A A A g A B w A O G M 4 M W M 1 N m V h O G N j M 2 F i O T V j Y j Q 3 N z R l Y j N k Y z J i N T l V V A k A A 1 C s 4 l Z Q r O J W d X g L A A E E I Q A A A A Q h A A A A M Z U Q U i I 6 P / L G W M g M O z o J V J 2 C q F 0 f 5 m E 54 b z 5 h v + 3 X z M / x r x m 5 D v t I B B I l z 6 / t l 2 t O C w P 7 a 9 I s a X R 1 o n t 2 q m / e j Y l u k Y P W n u 8 k B X K R J + N o 1 k I s R / 6 E o 0 M D + u f V W w t L a / 5 t 2 S h J c v n 0 S l h I B T Z 5 a Y N W y 4 b A j z Y S V / D d 4 s 2 g D I 5 R Y L W 1 Q t E 89 s w T E q I p V D L I + Q p o U 2 y Y R W H L R J B k A + l N 2 E y o R O h A Q t W t Z Z Y E R I F U P V V e o B Q 6 Z S C + I a Q S r v S I i 70 i Q f s b U 7 H T 0 / K S H 7 F D 1 K z Y z R p Y Z F x A / V l e z P d c s e v U n 1 V w T y F A r U w K L p s 0 t Z n V 5 F L z M L 26 C M N p h A Q V q n i J 71 H i Z Y N 7 r w / e + F c C A v m J o a 8 / v Y A q I O 1 G F p p 3 Z 98 x V O R B m j 7 i 9 E Z q P v R n P Z / P 4 l 0 b K H P k q 0 m m + T n a x W P i u 7 j O B v 2 B T A N 0 G N h X d y O K w Q f M N 0 5 H 8 V y T F b p 9 C 3 T p k 5 o E n H f A K 6 r E 7 Y 7 V Q Z U q K 1 s F B B b e A b k x u a z r M A f o 61 j D 6 I z l 7 A K T B 7 l 0 E z z k M K M O h b B W C D 9 T s V U + 6 m 6 L I 5 B r R B H K Z + W F v G Y / d 4 l O q V 2 + s h 5 q e d 8 D 1 p s 2 W t 7 X P C g Q b 3 G u h 8 m A z w Z z t B 2 y 6 K W a f w k B K I y O f / G i o k 6 E G c A 5 g I P 8 U e b D + C m / 0 W u s z 0 d u X 4 U P M o 2 o o u 2 Z b / b 6 A G A w L X s b 6 b G T o b 576 e Q z f 8 i 9 Z o Z t J S L N U L 6 m u 3 A G y U x Y R V o e q x h H q R u U k O j u 8 z q q Y z s Z Z Y 9 F v L O a J c 6 S H //3Qj+gTJuPUSpyU4iUNVqvUCcFogYGSRuWBKWhIsjaXgiZq0TtArtqgEiOIJKp2oCBV2bPr6+f0MD2u8tjJbQO5jL7KS5aKtzQ74rtpHst4C7XTsAC19iZHTQ0jVH0dsMmvD/oC+qx7lb1mp0cP+QG+mdmG3sLvDoTYIbiBSuYoc1zB0fELFMVIMqfhaNrvCnT6RdLaEMfzmzA0eErd3bZI9yQwO5k36Kx8EJ0lIUfPQvg9pqBLAfra80OsF1EOtmzR9Zyl67nm49P0Ww1/B7MZvuymB2ym4hBKBjw5Ea8ZbMwYXb6IingVhPrvG4DeXx2ALm23CzPTTizHmYwVt7wd2dPuZq6rs73VlMZqfY7IxcG9BEIbbqKFZhTLlSN/EWiU/Si+olHRMNx7NP/B7ouzsSB4UUuK7S60MnpNdg2sgHYNKoKbY/rx+b/buOxCYBmKrpAV9sNkhGl4bVASL4GCd+DDKzlT56BQlrUg9rnPJytD/xLKm+IIaBgSehnziTgXS9rKr32m69qQQ7lz9srQj05rLhpbknADxslYhEkCNpjKqDNSJIzEYDrN+6WtrbTKdz11PrmSyqQHNeog5oUOwM2fPHQscXXoNI0FD7t8WUYsqGrpWmUGlVGf28ClUBNpX0hwXyOlW5QYSzoeFszkykLKyPTRek17QsnvGCUxgPL9PBv18Pef+VjbDViFCz46EHT3/S0p4lYi/vFqL8LRzYEcSC/jyoV+hHlqvA+nCa68pWtzOI0AqiLOSbHXY6xDjwYQQeGw0Sg2/K6KsulGUb3F4LkUqyXkt3aIUWAZRaKIukzHrsgI6IsSYrF7t/ON92pf2NNK1jJAcli6DSqajVc+nMr2GwxotLrYxUSr2noL6ePAVNlWiVF6epjn6uLndjGrNbm5sFJbMpu8fPH3u06dv6TP3a8RHI3uYd9KpdbWhTm5tRkyIclA+PyOJiONhvc0ZneVUsztODTq8o2w0PZlGOgecymG/b7JceeWOqEh348oMD2RcpRh5SK/pvLSrNrepsiahM2tQKS05PH78/sSKKezAGr+onKjDQXx8ySRGaDDsZk4YGT0vwCBzkI3yQ2f4QB1I78Dme8AcWEMPIR5jNpbOArzH9jjwxx7Zb6VXszCzdzOKDknglkDUideeOtxMH4j+4Ysmipn3pIMuDFbINPq1LRzOGeV2/jopMv7NkP/y6ukgtHgE8zhIQ8QoG+EWKqR7hgihyMgWHcgkehx0ohZH+mfVfkg7yuYlyYmaXnlx8JWM1vN/XLlcaA7y/8abKu8rcxu57l34yySqZtJNTXjy3lajPm0kz3BC1cCB+3CVbP4PamGjooOihh/1dmSZ0kgV9MVo/BhuiK9wJAnOv11wlH3k/W+QMJPr+UhADcFuFBKy1Qa9uU3A+S3vVqJ/ZzjXZhOhCN/vjNJXffwHJ9ilYdwi3Q/NIjxRYs1ty5WnLgoyAGG3rmzV6ok0t52t0JtTmj5oNZP9ML0z9S0UcB1ANJAsNxf396J5fLuOIgwyWu48HKkfpEsfq8uuxMnDwo3jq+/Y6yciT0LFTfJlYq06v4uVufbpUHfNK6C+r9dkmeL5MgrDd0/4DQC9SSnf8Gsx302Jb1rHGxVWeH9B/BZUqbiai2s1sn1122Y+fOknwOReXFKI/6ZZz1LQukdrMt1atFa9u0IEHhdNew7bM9iPeQbsS2L4Cn9K5x2BjGkA7uzvjP3Nl+NVZ6LEDT9c8OUD9PFnVkpks+twnaMyMsERrH5i7Ub+kytUgiMTrAjPmFh7mXCbwtzG4GezNxZdVDFSs1EfgYqp3HnMFVX0v8OaqYNW77mrfsm05tM1QVnnbgpxY4mFQ18H9zc0eYrepfFxVyylZlRm7a5mtpBDeCtMldV+Dtg0x3ajtUJGiN56W+928qdELXUgKcL/NuKVzZQjL1kglp3L/m+mkAg7Ic/SSia0mPAufdb3Z43X3/H1Irs0Idu8LoFmDXoPHzSvIxPg3ifo0bf0q8TIWoxEwNSHyJXDel3DMH7ju1me4zNcBPXWeh598quO5CD2mDylGSXsWuYlsU5TBQXlLAUAQ6kEXcW03KjG/H4Suye3ce5D/bPMz1kXFD3NHGBqr8Wc9SWVMviGkqLEoWKKvPm5+YHclj8U4BPzvXrvtPpWyryoae33cIOUpjhad7A49bQP0EZDPrf1k4IHkhHtAhLxlHzALsEon3G410Mk0daZeviEnKR1DoBclpRcXihMlZzUlf5zQm07hPWPXLo/seb3Jiw5lk00Ey0YnQOoQFD+moYAXCMfbZLwaNAo6QxMuXQ2r6N+o9CwlxxjgIV/rsxm61FKM3O0H1QFJSNIBsG524bZdKVgPUUC5pFKbrMG2y0+x3YQ1qlevBUxPhZ7GIR/7sCJUsXd8v7FWC4z9RhvjjsDm5i/FZTB5pU/VlebzBEdFNxJetgHNpPtAIK73jTRENVasSyI2n0m6Qf2F7YapOBhPMNsSmjYm4gz9j1+n/QQh9Gu9YfRxcv8Ch3o/gYzemigNA60hdGcogiSlgPRXZ+lXz+qRpHcRvyGp27HjwMzHVYIjlxz8cjU2HWm7j/TBLC83Q5jv1apNRyTKUEsHCMZMLf/JCQAA4BQAAFBLAwQKAAkAAADMW2tIe7MQAhwAAAAQAAAALQAcADhjODFjNTZlYThjYzNhYjk1Y2I0Nzc0ZWIzZGMyYjU5LmZpbGVuYW1lLnR4dFVUCQADUKziVlCs4lZ1eAsAAQQhAAAABCEAAACTluyhbSqbnhoAVs7sxEtD7LQpGabThqPUO38rUEsHCHuzEAIcAAAAEAAAAFBLAQIeAxQACQAIAMxba0jGTC3/yQkAAOAUAAAgABgAAAAAAAEAAACkgQAAAAA4YzgxYzU2ZWE4Y2MzYWI5NWNiNDc3NGViM2RjMmI1OVVUBQADUKziVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMxba0h7sxACHAAAABAAAAAtABgAAAAAAAEAAACkgTMKAAA4YzgxYzU2ZWE4Y2MzYWI5NWNiNDc3NGViM2RjMmI1OS5maWxlbmFtZS50eHRVVAUAA1Cs4lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAxgoAAAAA' AND file:name = 'PIW8665135806.js' AND f
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac50-fe54-4a2f-837b-4af2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'PIW8665135806.js' AND file:hashes.SHA1 = '36738c7d86c6be0a956c127dc4db98f9070d27df']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac51-8020-45bd-b682-4f53950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'PIW8665135806.js' AND file:hashes.SHA256 = 'f6d8eefc4f1bbb2577de5d7d3cfd9317ba92459883f6657319c8babd97c2d7d5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac52-0a58-4b48-a9d2-44b8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M 1 b a 0 g C 3 o f A X Q o A A J o V A A A g A B w A N 2 I 1 M j Z j M z A 0 M T Q z Z D Z i Y m M 2 Y j N l Z D d i M D M 1 Y T E 2 N T R V V A k A A 1 K s 4 l Z S r O J W d X g L A A E E I Q A A A A Q h A A A A 3 H z q d v A N Q s D O n W W m 0 78 B R f M g q Z i y I 8 M C A P g D e L R 3 s 4 P H W L T u V X x / J a W x n B 0 Q y m y E e 8 / T M y A r p e / R e 2 + M P L q w O M 9 N G a y K o X p 8 a C 0 p J 3 K 8 k g f c x Z d c Z v T N 2 J 1e180 q q A Y N L J r S S 7 o q 8 G O W t A 3 v j s w s A C N 4 U m b T M A H Q P x Z W 82 T j C 1 v j A Q a B f h 0 g e 4 u 4 r m U D p g b S g + s q A M V e x 8 E J Q B h / w H Q x v V T O b U H P W v F e A H i X f g m e Q m A o I h o x + 6 F j A A W q K b S n P 2 / V M w h V a K E W 0 l y y o W 2 C z 5 c X t P x F F e s 2 H r R i h r m 7 K H h S N J b 0 K I c 18 v e I X g M V c 9 R B A C a o f x s L E Z j s I n X i 1 q F p r E Q t 9 n n / H J s 5 O p b x q j N N s E U W y d E l l 11 o T C Q r J k M z F U x v O a d j g E J a p W x k V c Q Z X B w H 0 / G E J K 7 Q G F Z i H x F d C t T + F k D 0 T Z 4 P b e 4 W t l 4 R R / z o 2 b j / W v 34 T k 4 L L e r P q V S D + 444 F E x e 8 h B P s R J u R Q K k R c V L s J P e H L V b X V 36 D 9 Z + l n D d N b / H E s 102 c Q 62 t q V g t + d B 4 L e G D F 5 V p T w S 35 G o v A g z m Y n 0 t 7 D y U / O 9 a Q E 4 U p 9 x p n F y 8 d x T w 5 W B m M U Z C W 0 x B G k s j v G 3 C U X W 8 / V b T i 1 Z l O B V V V R 95 H E t q G k L K K 0 z E z n 6 z p M X q M x E M x s 4 d K M R g I s N Y m J n F i u 7 m Y 9 t j w G r O i 8 r J P U x / w l / g c Z E C 3 u r X F J o M I K 8 S y c B F 7 e J X Q D i A + U 2 W R u 7 s M w c X 2 C m l f r p O m 0 Z 949 u r S C q t o H / n 0 O D G R o T f 1 z m H p J Y J I 2 m 1 b Q 2 Q 9 R P i X c s S k 8 X 9 G s U R 2 F H P j g s v P S m P a f T t t t 4 H 1 d e O s l t L P c b O P e h U D a o u l G z 4 M 7 b 3 W i r O L Z l e F V 1 I w E Z N 6 I F G 3 e Q L N g J S m V L 9 w 7 n R M 7 X n 8 s W a c g w x t 1 J 77282 g C f d i T w 2 t + W K B s q K h + q t j b L 9 n H I E A K R V C b S d c 7 H A w K s Y s n H H j Q i 7 r 8 q N l u s L E j O K g V i X o 33 P P k 0 A I m o q X C r + m J O R v b 4 o 35 F M Y T t T J 4 m y 7 w 9 B M k b L b + E J o o v n a D 1 j / Q s u 99 j z 3 s D Q P B B H 3 X Q t K M u u 9 t 7 t + o 23 u S b b 3 J K u + 6 w z Z X p r x o t q p n J x 6 m E 0 a S v E r n Z y D m R X A N D 0 n X y j T j 7 W H H O 41 l 0 q l N + c h v O q 0 M e u + L A S 1 G a H I m B J A e G E 5 v e B J x W Q l + 3 T A q y 1 L x i R L I 1 f 0 h Q R x 9 g I 3 c j a 1 C 4 Q m q z Y V t W n N X O / y S g n c l g i t x r s l s h W x U H Y I R 4 G x y E U f O 6 g 3 y r O 8 F S e U 7 z d 0 b c 2 Q i z M 9 e l s m 2 D d Q C 721 l T 4 h v w A 1 G l j y 2 G Y B g 9 j 1 r 4 y y W o j h Z N F L o O k t h S T v q N z L w j S d O p O K 3 p 3 g Z X b + + c 3 E U g 0 u H 5 p 6 H 7 j x r H G N Z 5 + Y / G A D S x w p N U P / N h l D 1 g f e N / 2 K c U x R 9 H e k q w w t 4 + l e H c M R 4 I m g Q i 86 r l h q / u s Z c r g D 28 x + Q E p R s 8 F Q B D Y o L H j r 9 k f 1 Y / Z M 478 x V q K W Y B q N a g z 9 q w l S K 1 o R i b y l z 8 L j 0 i P H + O M p u T 9 Y d I 1 O X t J 44 x w S 331 r c q P g k I b 3 Y W U A W A I l n z j w s V 5 M 335 F a Q o S 0 P p 0 + 4 h S d z V u o p 97 l 3 U M E c T O p N 5 v k a W H D w p 9 m 7 z j r F x 69 Q H D T F P f t I 9 i w 4 k S c i B O O o x / S M Q d n k K t n G X B D 1 h F Y 7 n d + U Q E N S e O 0 u E x Y o C + / j f e 6 Z O D 4 v Z B A l Z M x z Z M W w y C 3 + 3 e t g N 3 e m / R t / B 4 U / X l x q g 2 O X M 5 L 1 j v R 47 B J P i C v t o k K O O a T N Z 2 q e v 2 a w Y Z J 3 B k g v O z Y D 9 g T O w k G D o q c M I L P A Z i u P A 7 N e e 5 y L c C H 85 s c z z K c d A / N R O r s t P 53 V L i K d j t e d c C h d x 4 S 51 m F Z w i h o b o D R f n a x 5485 / O k v M A G C j 5 D h K B M K 9 W P 81 h 4 i u 0 p 8 H Q U S 3 p + O B C P + d T z C 2 C I p k U n D 0 n 5 D F T S 0 s K t l K E I F m L J 7 p 4 K V i 2 d T V y V 4 w h I e z l E F 1 S B 1 w V J i q L 1 J 7 h y b P W W X i y w H D C B 0 Z e R C b / x c M r f y W I D h e n 2 O 29 q R C 7 w G U H X R l s n z K p 9 V n D B H i 3 z w C I N N F G Z 5 O W M s U A c I T 1 d X Q A Z J F Y C 8 N w Y h Q 30 i b c 3 X K 6 s I 2 y R r t i i n R a y R X 1 G W s V V 3e9 P G 56 a i i p s E O L a M b M b l s a j 1 k y N L z V N V S K T g w 2 w K + 81 w q U 8 n o 2 O R c O M l D X t J k i D H a z k u C i k L g 1 t W f v A d 6 p 5 r r d l l E b a S s w 2 J D K z r 24 f n 7 z F p q P 9 q S P j 9 f w 9 K H x H m 0 i D n b v 3 t s l M j O k 696 g i h m w q E x O k 66 g E Y / g y b Z E f 3 r V 87 C 7 F v L H G 33 a E F q 1 t B a Q J E I + b e b v 0 f T C a m / K K C X c X r S n G T T r M 4 p s j G j l J k 6 n O v I S l Q s D G f U x 4 y y X J 7 W N + 5 s 7 m 4 C 6 / u P x X o v / l V g 4 m 5 a d L G D S z P 3 G 1 T i O 3 L n O E K 1 Y G M k x 4 S m o 1 H C z V i 2 i R X c K o I I j M s H 1 g r M h R J E 3 g / u U t k 3 P K C I 1 N m w D 29 N i L l f A v C j K 7 O 2 q H i Q e N l g M 25 B S t 0 S M A 44 r 6 X j j B 1 g v d X H Q q P X / A E U N 8 l g / O V B S W p K w R N O Q g j 8 t J e Z C + d s P K K u z U h A c B L r k m b Y Q m 83 g I 4 D 0 S f 0 G R y I w X y Y Q d Y f v T y N Z e L o I c I 1 i 8 h e Z o g d e X E g P 6 w b b F V 8 g y v 4 b J y 134 l 7 + 1 A I 1 r B g 6 z B s u A 1 Z T l 9 d W l i E 0 J g z + M b 2 j y f x m l r 2 W T 6 G Q 90 b S U g 72 g Y G 7 Q 0 Q L o i G U X p 9 A W P 1 + G S W n k x J 9 l f o o w T h y Z v S o w V q w W / 6 n 2 p D 36 g O / t + a 1 T J h T r 7 t 7 O S m k T n N e j k V Y 2 C v 0 E h 9 w 4 X 81 q R D O F 5 D f h s 0 f Q x 9 Z j l v 5 + V C Q r S + o 3 C K 99 p g a A 4 a 5 / 9 O H h I g r t 1 b N 4 f v 46 N T v w k 9 j W c o B C a s M 8 T o W O 39 R x U m T 2 U 0 7 I C s f 0 G + m 5 / H C 5 F c P Q 7 a h 7 q H d 43 o U 924 V i 9 W T B I C a 8 K 2 i y m m b 7 z / l V G h + A f F o 7 D E I J z n a r s j o a 6 j C / L j c + R 9 N z 72 C d I N o j V Y V 325 i e m j y b y Y E / b e f C v 6 w R u i h t n 9 E O C 3 i H Z 0 y k j t H S g d 2 Q 3 u / O j q A Z 5 s n k 0 B D w m 5 v J 7 z 6 t b K U t s H + E L V p V W f S i d N j 38 U P 3 N S L N B v G + X c f / v I V 4 U f A g / i l z N 93 V s 5 f m m X C 6 C 5 f 1 C 4 c h k R C D S v 2 X + H e P m 1 / 0 I y 4 T S K 2 h n z f C E + C Q o 0 2 B 2 b 5 i G O L 0 q r i P v l g + 70 n w A b 1 K w q u w G t s q f 22 X U + v n v 1 b B t G b 3 v 85 / 68 Z R T V V Z d o 5 + x x c l Z 8 N g K 5 Z s f v N q 1 v w b Z i C d 9 m 30 O Y 1 d 0 j t K 4 K t 37 I m V c t s d / Y + v r v T 2 p j 8 Q m H L Z 1 A m s 3 N D z d A U x L Z J x T t A D 210 M 8 p f / l v c w c W S 7 P z N r J 3 T 4 F / 3 j 2 g f H 5 + h I b + s j r 0 x K z R + t v F f F X R u u a L U + X X E K l V A b C V s 3 n d 8 m n K t / D u i q T T q U P g H I 6 E u w v k J 6 / 0 H F 9 r k J C N d R y Y x J A y 7 s y Y Q y I R f N W M Z G w S y f E l I D 0 v 2 T n z C m C b c k 0 m 4 z q E N x b E H q j O I G n 5 g 1 P d O + 7 + x a p B u L z k 0 Q Y t B O 6 G W 5 k 32E9 I 2 a 91 n 83 H A Q G J 50 W r J G M j N n Z 1 r 8 o p U A h l T Z q e D Y J Y G g T f 7 G Y T H 5 q C 3 J W Z 4 Q 7 m Q d w Z c X 6 u O G i w Q V + b s 9 x I i q G L X w v G 6 Y 3 r 9 D i S A a X H 6 p 1 h w 1 w S 1 b O A N N h D f m M J s A G M S z S U Q P A 9 l 7 d G F m E D z s F 1 B L B w g C 3 o f A X Q o A A J o V A A B Q S w M E C g A J A A A A z V t r S M j 8 f E U c A A A A E A A A A C 0 A H A A 3 Y j U y N m M z M D Q x N D N k N m J i Y z Z i M 2 V k N 2 I w M z V h M T Y 1 N C 5 m a W x l b m F t Z S 50 e H R V V A k A A 1 K s 4 l Z S r O J W d X g L A A E E I Q A A A A Q h A A A A A S H 4 K c U r r Q 4 P l e 7 v C d Q / m 6 K j I M 6 j E l e W 9 L L E b l B L B w j I / H x F H A A A A B A A A A B Q S w E C H g M U A A k A C A D N W 2 t I A t 6 H w F 0 K A A C a F Q A A I A A Y A A A A A A A B A A A A p I E A A A A A N 2 I 1 M j Z j M z A 0 M T Q z Z D Z i Y m M 2 Y j N l Z D d i M D M 1 Y T E 2 N T R V V A U A A 1 K s 4 l Z 1 e A s A A Q Q h A A A A B C E A A A B Q S w E C H g M K A A k A A A D N W 2 t I y P x 8 R R
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac53-4658-4e50-b0b8-4c9c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'RWS5019517002.js' AND file:hashes.SHA1 = 'bcc6f840bbc51888f64a3b5a4857bd4b18764003']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac53-8e84-49e1-a89d-4bb8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'RWS5019517002.js' AND file:hashes.SHA256 = 'a2e54950817f09e61a655f90e16a20781e138a926bf7e0557a62741840b07317']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac54-51fc-4f4b-b1c3-4eaa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M 5 b a 0 j 28 q z 29 w k A A A c V A A A g A B w A N m R i N D V h Y W E 4 Z T U 0 O T E y O D g x M j h m Z T M 1 N j V k N 2 Y 0 Z W N V V A k A A 1 S s 4 l Z U r O J W d X g L A A E E I Q A A A A Q h A A A A M Z U Q U i I 6 P / L G W M p h f i Y S 4 E z 7 c z L D v X K x i a h n h A i C 7 Z b D V 2 T w s 86 Z r L + 0 w u s s Q N t b h m p b f c p J u b W 1 p Y r x D x h f j X E j A m r f 5 x j A 86 w F e r v 1 C 3 s r r r 8 H r y i M Y O e e w 8 n 4 w 3 z U t y F F U V p e h u h M j z b s x Q h z / s F Q / E p 4 + Y 95 t O P 1 h 263 m q D i l e L 59 S A 7 H I g b s F i e F B T K Q L R k e d A U E g P w U i Q 1 D H c x N R O j B D l E J X 9 V P H c d I H L c + G J k Y + s A B W u 1 B d / 30 j B g C w 3 F l j + e N H 9 u + i Z f h y a 6 Q x i s 5 G 4 w 0 Z U l S h j z + g L f + 9 g h Y z O J Z 3 T o 8 g m g O f w a h Z K b P g v I Q S g 9 i m w T P / 5 K f I 1 Z 2 L Z 1 Z 3 i T 1 c u g l m e Y m 12 F y j s t t D p y R E S e L W p V e y 72 h r W 0 b 6 m 1 h x f Q 3 e o v X u G f q j K D x j V m 1 q 1 Q N c S P x f Z C Y J 0 G n x v 9 m d I 4 h Z O l C s r E x n x U 9 O E z w n F d t / e W k 7 y J 7 Z X o p S C k U w R B / G A O O Z Y p F t S k p 1 C n f x b X l g h I y U G R a Z t y I q G I T s W f E w x c q o M G y / w m 5 g w y 0 p e u j d d A 7 L y S G e l L 2 T V H x t U o U n I I I E y I z i c z U / q B r k f / G + / + u x g J k f o l 43 g z 6 c 2 h j h 0 l R 1 N + P V 1 q 6 g n K h 3 U w B M n L n J f K w u B j e 1 + T N 7 n Y x 8 r 5 e W F 4 N X 1 a 4 C Q S q q 2 O Y f P e 6 C P S P d h u v f B r r b w / 0 k p Z C x q b c 0 t g j / P I Y 9 i S s C 0 1 d u m / j S 4 h O 15 K L v p c 4 J G p d 2 c 3 R D y V k S m E 6 Q 77 D 1 W Q T q C t 8 N Z s g I r X P I y K i O Q c 0 o j c 5 i v 5 r L D O t U r k / W Q P 7 a 6 s 8 W 0 T P 0 9 f m I q r Q r a s u J p F k / + 1 H z q A X V x 3 y C h i Q K i i + M Z y 4 A a T Q b 5 R d m Q x c w 8 O u j 9 y s I q R L D W H 8 I G V c h s 0 B k o 3 d M 7 h 1 a F 9 Y C 2 K o v + H R 8 O s P O 4 T v V X a B F t X m 38 g r m U p 4 H v b j S B R a I 1 H O K w e D o g f F q 2 T H G 4 a R 3 m S G 357 T r f K R D F l n n f E w y E w Y N 0 w 78 N u q X e V f r c d C r Z J P z z m O c 1 r v g d x O l S D W E q B 1 K M K 7 E J T f o A 6 o o 6 x + h Y H m 0 e r x 3 h O l K 2 g b Z F c h e l c Z P T n J e I H 6 H A i o C P p k Q X b C G p Q c v W b O J M / I O L l v g a h 8 I 7 L l j 0 V W M N k F k X + j O 7 d q f d p I X 6 l y / d 3 q t 0 R W Z s D n T N r l 6 J u r 0 B R z S u J d C s u m j o + j P 2 t I 3 p E b P 6 A l S q s G 1 R L r q 4 h x y Z O 7 g 1 L n g k N 8 a G e H D c y + V m p L t g S y q s + I S r y D E S p L c A i C R G c F z m k k U P h s V c M p A X k q J k L 9 I X K o F o I r q W N M p L R p w M v h v V 3 N i g I i X 3 z O P s 2 k h A M f a M F N J t I G I d x C / + r Y h 6 y R 8 a X N + P 2 C g 1 m I C G x u T o O y H z b b U 379 C c m U p O H g m u a A O x L L 7 p 43 W e w p i d 5E893 R m b C A 4 O b h E g + E 8 e X C f R Q Y p d J Y n P h Y k t N 7 v W z W g d 10 E y I U e 9 Y c 2 e j n I P H Z m b Y f p Q N d f F j U S S Q e 3 d f M K 2 S 2 i T l t Y M A V 9 E Z x o m U Z k B C P 9 G 0 + i I 9 Z m 6 h b 9 Z E 5 L 5 o X T P U m l p v g 0 c L b J S k l n Q y e X v 71 a L 3 G o W 2 q d g G T k f v j A 4 z D i U X n N D b G 7 Z f 35 n r N v 1 v d C W O Z i O u s k q o P r i e R 15 g C M S h g p M k 0 I i e y T 5 u 8 i F 9 t M / h 46 r Z w d e s 8 k H k 1 m X A f u I o O 1 / r p W 4 U H K m A k o H W 7 y s 6 L S U K G o N N W E 3 c 0 Z Z F o l A 3 Z 0 F Z 8 S u W R N f u 8 J f w d P 6 o O V N 5 w a p x z O d I G L E v Q z H A 8 x P E S M s 1 h 3 / d v J G k i k d M V E 2 l R Z Q D P g w 1 Y + E R h B G 2 U K 59 m 4 s o 2 q H 9 A e j o I l 81 + g w C w m 9 L 0 z H t P Y x U A s s z 8 b g K R 30 w K I y z 9 N z O p u 2 + Y V Z r h j T x v 5 i E 34 D + Y d 9 u v //59vKdT4qglHRk2k8L5C4QZo5EjTmzJRkFwmeuyy0pIo4Xfxsd61EryYXUecnR2yRo1P5gUTY5qTx20iPi4+kkNOQRkFXBLZrQXz+Sb3T2NC/MVUMYSgeGmK7d+QF5B6M+zQM+gZ2GF0b2Z/+GHrC5wqtT3wxLnqLxNx4YGqdO2he30JmsmMpVPoDF0SV3mswQee8vf15H1J3Mq9TkOab/JKqCuVWJug24CJtstnYA+sW3RBP6JS+mW6hhumNQCCx7DyVDrA6qy3qz4ToSB/ZWsqRsjw8BwXwZlD/xLVQ39vknWojSNfvW5/Ytrz1J/8yxdSPzwjykNw3c3NYSV+dhndQ75vlscRiKf4RV3FoQ5P0ecilJiVWMX7C0ei0rYPu1FVNvmve0+xRPLdUnSU1Qh63aRAl34s1TXRIynC+hN09Sx98bASf0nTo9R+Eu0uHl8Cw4+vbORwOm0BtmI1bi+0nHq8e1NEkk+ZtkPHbY6QkZGOCLwGgMsHxzppm7jska516RgBClHTJEGCwo+Rs3zIqCkcrUA/hcXaRhD3sc9toKCba+k7pzJEbO7cZ4RLItzWaeJwV9tjPewgcfdJN0rvRCr2DcMU17xdsBhgPVvSzcyqmPP7QKGF6mDOrG/nKL3q3z/fC4cB6S+cCG8t1BDa4RTu3eHnIJw4nCLx6H0jtmZSfAHum78Awd/Zsc5fYvjg+Z4giJ/EjWel5CpzSot+qDxLiYRuhbvLMdQrPs6G7N0gX5lqYhv6yHwbrBLZoBw9GicRcwYEjdqcfFWXB8ni10IpiLi72OZrqPSjBjSIf+BYOtVC0yaeEOG4yqGN1NhhcFT60mLae4ziGoDwAojBRQml8fTrkyIw02knyIrsCO3l8WjJ+Sj84K4RVrb246aPZs0XEXqX8aDL7J2fuWl9cl4way222VT64CNwBRY0gUAHzHyPxZZl8ON9ft5U9XcvLl+cvVCAPM7IqRpVlH0uMPoGyo9niSf0+tlZL/FvT6m1KUKaVTzuf6dWu424GgRT8kUkuVX6RYJv18SSk0iyu3VLxXF1AVhaiCah76FLf3HDeE4cO/WSi1ewhYjU7/Ld4lgQV7db6lhCy2jUJR5R5mjueNyW019eElNXt2jbt85O7W4ORywB3dowgb/79Xw9HJdP/SouZR0ZRt2rbGB4vmVYwgCMLvCTyF9rnhFnpFUY4GwZ6FG/2sGa4LEKIAMprffk67BK7h3kK6AgAlcfgUWvh/d9ODlI1YF3J/IjLqb41GDPxAnW1IZShEehvrWTrzUF4rHHLvV6Ey0SXEIBAGrVItYHKHHraPFgcrxYRIGfHVZTlYw0zx73wA7suG46hySAEh+ARlV8OiCMU3wwZQl9wE4MnrW9LRSumwCk4bcOs59eDUy6KunXEStk8puZ2yBCOQdmi/ZXN+yxM3i27JmyoI8FtYYYFf0QGtzsXow84IDCCxnZe/JTNPGsWNbkpkCMg/HRTdAvtZmbsbsYAVNBDxpcudo0gFk70OZO9FpFQkBU2/jG6aEdCDDp8jfiFme+UOefiPdTuMMw6/Qzeq8rfcK/7VH3jqFvlE8FSbi07ueJ9kuYaVGdyi/0pXOlBLBwj28qz29wkAAAcVAABQSwMECgAJAAAAzltrSDTlGv4cAAAAEAAAAC0AHAA2ZGI0NWFhYThlNTQ5MTI4ODEyOGZlMzU2NWQ3ZjRlYy5maWxlbmFtZS50eHRVVAkAA1Ss4lZUrOJWdXgLAAEEIQAAAAQhAAAAk5bsoW0qm54aAFRgoX1mIobvYMv5Jhrmyw7kLlBLBwg05Rr+HAAAABAAAABQSwECHgMUAAkACADOW2tI9vKs9vcJAAAHFQAAIAAYAAAAAAABAAAApIEAAAAANmRiNDVhYWE4ZTU0OTEyODgxMjhmZTM1NjVkN2Y0ZWNVVAUAA1Ss4lZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADOW2tINOUa/hwAAAAQAAAALQAYAAAAAAABAAAApIFhCgAANmRiNDVhYWE4ZTU0OTEyODgxMjhmZTM1NjVkN2Y0ZWMuZmlsZW5hbWUudHh0VVQFAANUrOJWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAA
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac55-5e24-4fd8-96c2-4ebd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'TFF3741597706.js' AND file:hashes.SHA1 = '0c4a4e8f341913e5c0bc7c7100ecbb5197a7f1b1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac55-db88-41fd-977e-4446950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'TFF3741597706.js' AND file:hashes.SHA256 = '1510b2e001378f1a1a7ed5582a35f89269d6d32bf8e23f13a06f3f9f131fc4a3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac56-c4a0-4094-9b6c-4a7f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M 9 b a 0 i E L f r N r w k A A F M U A A A g A B w A Y m Z k O T A x Z T k 1 M G M 1 Z j c 4 M D Y z Z m J j N G V m Z W E 1 Y j Z l Z m F V V A k A A 1 a s 4 l Z W r O J W d X g L A A E E I Q A A A A Q h A A A A / y w w X a k l e 2 A Z O C O P U 2 O x 0 x f 0 y c Z + b f C q f y u 7 N E E B 83 x 5 v H V w g L 7 u y B B Y B 6 G E 3 m Q 1 Z h G 7 S J Z T W a 1 c 2 q G i 5 H F D V Y h r s w x K D 2 a 59 v Q P O R / 2 i f K z / j 38 w F x U t s w 50 c o E N x O J 2 w m b l R q 3 v e 7 t k T b W G 7 b N f C Q l P + U J 38 O R 4 W O o 75 k V n k L J N T T s x N Y N g x I J n N n n y j v w D 1 N y o 6720 v X 7 l I u 54 m + w s i Q K T L 5 r 3 c n 9 A W T l I O 0 z F M r + M p V M L y Y a j b q w L g k Y f O V l P K G + G G e p f I G 3 w q w s 9 F Y l 3 q c q I S O 3 V y 9 M w o / e h W P m A E L R 9 k 2 y T Q B c 3 I F C j E e h T 3 B k p 4 b 3 o D k 9 n j c O D e c q R t Y x l 8 L o Y A Z q + f O R p t B O G Q t R k e Z y a W Q V M p q 85 N 0 Q 6 B N 2 J 9 j I Q N R o 9 S o P O G a J 3 L y e C P y E Y a O f n g 7 C L 3 X S Z X V 9 P m W 2 v G b l H o / 2 m a R c H g D 0 X I 2 k s x / w 8 J y y A 1 g W b q F V J 7 Z O m w q 3 d 8 R G e 8 X c t G j h R l + S K 7 F X P F T D X 3 + S 9 H M i N u k N M e O 5 q g T j 52 t o z P S Y 3 R C 8 h Z f G p P 5 P 1 G I 953 y V t I / i G s V Z Q / P v A S z 8 P R O R Y 97 j 6 L h W / h y m z N x Q V j 0 G z z v v B b y O N 2 Q 7 + V h G 5 r D E u i l B V + z v W c 4 V F S u + J G m e l n 3 m p 4 G V p z M 7 Z 9 x q x 9 C p 35 C g X g x f s 5 J + j B 8 j j 1 M C X B F F K 5 / Q S 8 S + G C l q n C / n i u E L J k l n o 2E9 W d F k V Y F e l c K T R 7 I b F z a Z w 62 U K 82 S g m M k c Q k W o g 4 e i X / 4 a l 7 O n F P l v / 8 a h x T u B x T 86 V b G c x J P T i g H T + U J O e 6 U J F v g C 0 + U a u 7 q D + 3 v f L V t A w d 1 c 0 Y f r 7 Z W 64 B N 0 g g W 49 q O b s N f 8 b b E f m M N d W z 0 U g g H X t o M l N B K n r i J 2 v 3 F s l f M 5 R 5 A Q h m f F L 9 x I w 7 c R Q 2 B 6 k 4 c 9 d X F 5 l r B g 2 i R p 5 S d j A A v b r s u y L P E e A r x C i S V u R g v 9 r r x e a / Q S s H a G Z / x Y d N b C B p s k j z u t W N 0 F i y 5 j 7 I p L n O 1 R n V F j h f K B u H O 4 n 9 A L w H y b I k b A B I q T 73 E + m j 0 s D R s 6 Y O p 182 N a C f n y r 3 u a Q A E c O z C T n c 56 q j f R P x W l g c Y L c w m a / 3 h w a 6 O a 3 p r M D H x K w E R g f a e f n p O t 4 P Z + W c d Q 65 m I w t I 8 l B P J V F I S t k y C 5 r 5 y + 8 A z B T j I / j E V h Y 0 A Z 7 i F 0 L Y Q 4 z s S i 67 h G o B Q D U p b 9 S X t 5 J e o N J C x C 9 + s Q Y 9 G / a G L 7 L n l e r u I h 1 D i H S q o I X 7 z F B 0 S I T R N u m M i Y v S I F E / 1 e d H P O J r c I X w q k i c 9 l R a 4 y J M l d X g k w V Q K 5 w Y B b r X x j 70 S a W 5 G A v 8 N M D 2 B 9 e B J P B 8 U P f t B s O d M Z w A y l k K C d P i 1 p m A i s E 8 i + J s 6 o w L X 4 b T G v x e i e m A H H f K l D D j q + I S w v 6 F j T Y z + Y 4 y I Z x L I f d 2 Q V P w y 9 R O x 3 Z X H r O i p n G J k o M 3 x 0 V e H 3 b i e X 9 y M B z q s F 0 4 i O t 8 X Q 0 6 S 36 C h c f u F 73 w d h u U k 0 6 d q O 0 I + v f H s B G / + M 2 c Y w j 9 d K 1 N u 7 w i 5 i / 7 W a 0 w h i y J o i b m R C V o W D i 7 Z p y c w u G M v f 9 G G L 8 a D x w G n + c 0 Y 3 h l r t Q d J g A 3 f A D i e X g x V 3 w W f O v Y n F R Z f G 9 a j f Y D H 9 w d M D I 66 u g m u Y 83 r A Z M H A P o h 9 B M X E a p u I 7 K 9 u D j 8 g B Q o Z g V c X r x V Z w o v Q t / k 13 v q E O R F p S p l 5 y x / v h p D J T z k W H E 7 C s y y 6 V x J t j r 2 T o d U D n G b 1 h S c i H y c O d B I 8 k K 0e8 E x / X N b 5 M d 8 e h z Y C 1 + e A h f B m F 8 y Y H X 2 m X C y q i k d i j H h N q v W P m G H 5 A E i h N m 7E4 / H O y C r 8 j B 49 X d P D F o x H M D Z + 1 F J s q 4 b G V o t K F 7 O m G o R 1 X R L k F A o y R D b / X n O W F 2 I k U x y i k h h I F 3 X j z U N j d r J i / u 8 Z Y y q a / 0 k 31 P z z V O t 69 l n W s 2 Q X u p u d U Z z b w 3 k f 2 H t v F Q 7 k M g m m i t W s h u D + T v 3 X D 7 z m d K M w R n e 9 G r O 83 f q P K O r t j d o y l 7 U i y L K F g n e L f s l a x q j X e f R s 9 m B B T Q Y 2 a v f y G z k R Z q x z Z Q F 435 R P s C U 3 u Y F 5 Q g 7 P B L U E W q b q S u D 2 D M e T w i 6 w Z X b M 2 p J Y 1 Y L Q h a I r V u P G W l Q 16 e B Q J z + u f N h N o / X A 6 / L 9 y L a 35 E y i h A n f Q a i r + + o 6 S 6 f C h 6 C 7 x H f W X w c m e f / X s F N Y P U W x N V q R 0 o s d T g y 4 h C Y x J x 3 u X y l w + f x h p Y f o v C / c P 5 B f j t 0 s 6 M e l 0 o M 3 g O f D 6 j 5 K d v a s S i v B U Z Y t b A V v P P x d u v L N d J Z a t C 33 h d f h j 9 l z 5 S 6 D 46 Z 30 q e d G w a r f H x h O e X f n n C s i B 14 s u q 9 j w D t F k y 4 b N Z V w r h c n w V V 6 V 8 E e 8 n X 8 X A j O T 0 d L 2 T v T Y 6 + o Q + y e W G C 91 U O V E A c P 7 L L u G U x P F W e p P Q s Y 8 A D + q h A a H b m Q 6 n k Z x n 9 A U n A r K N u e A O n k p d n 5 C s 0 k 2 H u C k r 0 8 O C G a z T z r N J 315 e D 33 j R L + q j f z V L 1 S g b b G V n 3 Q j X i C f F t 8 F 82 / p 0 z 3 H 9 r 5 v 9 g F i t 3 Y n N e j q E k r P 9 d Y w p C 3 q o u 4 m F + s m 7 K I B o p 8 i l s O / G l S w M Z Q V W z C E S p b 9 B t s w M f v 72 u / y Q v I w Z t 2 f 6 i b Y s U 74 K h K D 8 g S v 8 K x q U 0 v X 53 J w b U M k R c v o q 6 q t V 1 g t L i z s R c e C Z J U 9 k 5 N 2 u Q p T q a + g b M L O T 1 t 3 z y h x 7 T x x s p h h L V o K n 9 b Z F Z K o M 6 F R r B v q G Q u Q 53 o c S 86 K f y B W G P I 6 f a o w G t 1 d B S O v D W 0 24 J H G b v M M 8 Q j P w S + J v v H B N 0 V C n 4 M m m A W D 6 I L r B R B n a H N 0 X q o q g 7 A w t D c Q N y p P i M H 2 g V c P y u X l 2 M q Y P H p 72 O S N / c 2 L o b R V w F r S P X / 2 u b n N d 7 H Z L k 1 J D o Q Q / g D 8 S 97 X A x w W 3 P Y f K Y b S 0 5 Q z z A i 7 W A S W d O 7 E f c 8 g Q 64 l 31 m / U t 3 B t m c s 3 v D X u y w 9 n s g 3 D K E K g S O R u E I S d 61 u T e K w R n X x 8 Q l 9 C f V Q E 3 O 8 M H Y C K M 9 g Z E e Y Z u e m E a Z C 9 B V z W c l d v n g N c L 9 W V 8 f z + 8 D e g o d f f L b i M a M q G l K t c q 8 l l p V S w u V t b a s o D s L 1 H 8 x D / 4 I B Y 0 O F s L 3 n a l g O e 5 + z a t o C Q y J 5 t F E h j L C 7 E D d N / q F q 643 o X w 4 S H 5 c 1 J K 7 X U V k D 5 o Z G S d 4 r 9 O X 8 f X G t I a E q N n j u 2 d 1 V Q E e 8 m d R Q Y a J s o L o A 9 b x 1 F h 91 / m m / O U X H 4 g y l N F g F T J E p k / D P z 0 M x R 4 h r 4 + / B I g K n c O a D t l e n i 6 a o D 7 B O 3 D P G + X 4 k M v V k 7 G G h B p t 8 G k L K Z m L / s k 2 J U 4 E m B Y i T f s E A C c Q 5 k F + 9 k D p x 0 H y + m D a T Y W n N B x 49 v W y L K + a j N b u B 4 w O Y A V h U O i v e c X g z i D x M 3 X y k 0 p X + 2 I G V s B P p A L z Y y z 2 n + X U w 70 Q c p 9 X T e 8 k r K I W v W S n J f 9 m I k n Z 0 P j E v j 2 u X n m X C Z r S + z t y X S S Q D g S + K / I I 0 m N f O x Z n F F B L B w i E L f r N r w k A A F M U A A B Q S w M E C g A J A A A A z 1 t r S F k k x w c c A A A A E A A A A C 0 A H A B i Z m Q 5 M D F l O T U w Y z V m N z g w N j N m Y m M 0 Z W Z l Y T V i N m V m Y S 5 m a W x l b m F t Z S 50 e H R V V A k A A 1 a s 4 l Z W r O J W d X g L A A E E I Q A A A A Q h A A A A f 3 T a 0 C 9 f K E M C W N h i 7 K p V e v R O g 3 M N z J M G Z h i x n F B L B w h Z J M c H H A A A A B A A A A B Q S w E C H g M U A A k A C A D P W 2 t I h C 36 z a 8 J A A B T F A A A I A A Y A A A A A A A B A A A A p I E A A A A A Y m Z k O T A x Z T k 1 M G M 1 Z j c 4 M D Y z Z m J j N G V m Z W E 1 Y j Z l Z m F V V A U A A 1 a s 4 l Z 1 e A s A A Q Q h A A A A B C E A A A B Q S w E C H g M K A A k A A A D P W 2 t I W S T H B x w A A A A Q A A A A L Q A Y A A A A A A A B A A A A p I E Z C g A A Y m Z k O T A x Z T k 1 M G M 1 Z j c 4 M D Y z Z m J j N G V m Z W E 1 Y j Z l Z m E u Z m l s Z W 5 h b W U u d H h 0 V V Q F A A N W r O J W d X g L A A E E I Q A A A A Q h A A A A U E s F B g A A A A A C A A I A 2 Q A A A K w K A A A A A A = = ' A N D f i l e : n a m e = ' U N O 5784927613 . j s ' A N D f i l e : h a s h e s . M D 5 = ' b f d 901e950 c 5 f 7
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac57-ae74-48d1-bc97-4587950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'UNO5784927613.js' AND file:hashes.SHA1 = '7c26dd5cda76b8c32e6588f3271b37ac4b348b9b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2ac58-ca98-44bc-95ef-49ed950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:38:16.000Z" ,
"modified" : "2016-03-11T11:38:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'UNO5784927613.js' AND file:hashes.SHA256 = '40d5b469de8f79e87135432e23b6f94c185e890f8d0aa19c427b89641ffbc49a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b14f-a034-4bc3-9c63-44c0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:43.000Z" ,
"modified" : "2016-03-11T11:51:43.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://ghayatv.com/system/logs/uy78hn654e.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b150-6e1c-45a3-b3ed-4b72950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:44.000Z" ,
"modified" : "2016-03-11T11:51:44.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://yander.by/system/logs/uy78hn654e.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b150-88dc-4239-a181-408d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:44.000Z" ,
"modified" : "2016-03-11T11:51:44.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://solucionesdubai.com.ve/system/logs/uy78hn654e.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b150-e014-4d8c-93f9-48c5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:44.000Z" ,
"modified" : "2016-03-11T11:51:44.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://lapdatcamerachatluongcao.com/system/logs/uy78hn654e.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b151-f3a8-4873-8183-4923950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:45.000Z" ,
"modified" : "2016-03-11T11:51:45.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://nhinh.com/system/logs/uy78hn654e.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b151-0e84-4584-83fa-4b8f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:45.000Z" ,
"modified" : "2016-03-11T11:51:45.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://dolcevita-ykt.ru/system/logs/uy78hn654e.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b151-0250-43cd-a7a9-4e47950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:45.000Z" ,
"modified" : "2016-03-11T11:51:45.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://indianexporthouse.eu/system/logs/uy78hn654e.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b152-9b18-44e3-904d-47db950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:46.000Z" ,
"modified" : "2016-03-11T11:51:46.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://dropshipaanbod.nl/system/logs/uy78hn654e.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b152-53ec-4090-b45b-4de7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:46.000Z" ,
"modified" : "2016-03-11T11:51:46.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'dropshipaanbod.nl']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b152-9fd0-4f47-b981-475a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:46.000Z" ,
"modified" : "2016-03-11T11:51:46.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'indianexporthouse.eu']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b153-b11c-4350-8b52-42ba950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:47.000Z" ,
"modified" : "2016-03-11T11:51:47.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'dolcevita-ykt.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b153-6520-45de-b98c-4003950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:47.000Z" ,
"modified" : "2016-03-11T11:51:47.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'ghayatv.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b153-0c98-49fb-8ddb-4ecf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:47.000Z" ,
"modified" : "2016-03-11T11:51:47.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'nhinh.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b154-25bc-4a8f-bd49-45de950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:48.000Z" ,
"modified" : "2016-03-11T11:51:48.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'lapdatcamerachatluongcao.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b154-cbe4-4334-967e-4776950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:48.000Z" ,
"modified" : "2016-03-11T11:51:48.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'solucionesdubai.com.ve']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b154-4d78-4adf-8e3a-4df9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:48.000Z" ,
"modified" : "2016-03-11T11:51:48.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'yander.by']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b155-771c-4070-8f9a-4c67950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:49.000Z" ,
"modified" : "2016-03-11T11:51:49.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.137.145.89']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b155-6650-4c91-a620-4303950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:49.000Z" ,
"modified" : "2016-03-11T11:51:49.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '65.60.41.170']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b155-a4dc-482e-be29-45a5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:49.000Z" ,
"modified" : "2016-03-11T11:51:49.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.101.152.85']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b156-2e98-484e-82b1-4a63950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:50.000Z" ,
"modified" : "2016-03-11T11:51:50.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.56.40.120']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b156-b1d0-415d-aef9-40b2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:50.000Z" ,
"modified" : "2016-03-11T11:51:50.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.254.12.55']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b157-4a10-4863-aa46-40e3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:51.000Z" ,
"modified" : "2016-03-11T11:51:51.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '116.193.76.66']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b157-6e24-4980-8e7b-49cc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:51.000Z" ,
"modified" : "2016-03-11T11:51:51.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.250.117.68']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b157-8514-4d3f-ba36-4237950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T11:51:51.000Z" ,
"modified" : "2016-03-11T11:51:51.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.63.152.50']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T11:51:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b499-dfac-42df-97fa-475d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:05:45.000Z" ,
"modified" : "2016-03-11T12:05:45.000Z" ,
"description" : "C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.234.32.192']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:05:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b499-202c-4307-9822-4d46950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:05:45.000Z" ,
"modified" : "2016-03-11T12:05:45.000Z" ,
"description" : "C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.184.196.75']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:05:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b49a-96c8-429f-b1a7-4c60950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:05:46.000Z" ,
"modified" : "2016-03-11T12:05:46.000Z" ,
"description" : "C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.219.30.254']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:05:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b49a-eed4-4f01-a575-462a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:05:46.000Z" ,
"modified" : "2016-03-11T12:05:46.000Z" ,
"description" : "C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.184.196.78']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:05:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b49a-8af8-4f1c-ac7c-4a87950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:05:46.000Z" ,
"modified" : "2016-03-11T12:05:46.000Z" ,
"description" : "C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.40.108.39']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:05:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b49b-2d40-467d-9651-40f9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:05:47.000Z" ,
"modified" : "2016-03-11T12:05:47.000Z" ,
"description" : "C&C (DGA)" ,
"pattern" : "[domain-name:value = 'sfsopnegjlpc.uk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:05:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b49b-cedc-43a5-bc35-4e70950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:05:47.000Z" ,
"modified" : "2016-03-11T12:05:47.000Z" ,
"description" : "C&C (DGA)" ,
"pattern" : "[domain-name:value = 'cdnhxeqqnn.fr']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:05:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b49b-dd28-4d28-9478-41cf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:05:47.000Z" ,
"modified" : "2016-03-11T12:05:47.000Z" ,
"description" : "C&C (DGA)" ,
"pattern" : "[domain-name:value = 'wmodsor.it']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:05:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b49c-f9a8-4c29-90f3-41d9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:05:48.000Z" ,
"modified" : "2016-03-11T12:05:48.000Z" ,
"description" : "C&C (DGA)" ,
"pattern" : "[domain-name:value = 'ynwfx.yt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:05:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b49c-385c-4042-9595-41ae950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:05:48.000Z" ,
"modified" : "2016-03-11T12:05:48.000Z" ,
"description" : "C&C (DGA)" ,
"pattern" : "[domain-name:value = 'ilrxnlulyhyphq.fr']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:05:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b49c-1c68-4cce-ab60-482a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:05:48.000Z" ,
"modified" : "2016-03-11T12:05:48.000Z" ,
"description" : "C&C (DGA)" ,
"pattern" : "[domain-name:value = 'vqjxngkokrm.de']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:05:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b49d-a158-41e4-bb2a-4185950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:05:49.000Z" ,
"modified" : "2016-03-11T12:05:49.000Z" ,
"description" : "C&C (DGA)" ,
"pattern" : "[domain-name:value = 'fvxpecebn.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:05:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b49d-22d0-4129-9579-4468950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:05:49.000Z" ,
"modified" : "2016-03-11T12:05:49.000Z" ,
"description" : "C&C (DGA)" ,
"pattern" : "[domain-name:value = 'axbanu.uk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:05:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b49d-1d98-45ed-8077-4ed7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:05:49.000Z" ,
"modified" : "2016-03-11T12:05:49.000Z" ,
"description" : "C&C (via DGA: fvxpecebn.ru)" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.139.27.52']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:05:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b532-03d8-421b-8041-46bc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:08:18.000Z" ,
"modified" : "2016-03-11T12:08:18.000Z" ,
"description" : "Locky" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A A l h a 0 j j 9 A U Q 4 d I B A A D 0 B Q A g A B w A M T M x N z Q z M T d h O W F j Z D E w Z j I 0 N G E 2 Y j g 3 N D c 1 Y z Q 4 N j Z V V A k A A z K 14 l Y y t e J W d X g L A A E E I Q A A A A Q h A A A A z 1 v s 0 i U H N + V / z m r U 9 J h j S m j t O F e L i u 5 v M k c I L 1 y D / 30 L t a o u C G o 7 s A l y J U W p 1 d F B m z Z V 6 L r a M F 6 g Y o c 5 m u J b I u t o Z t I C k 2 r y r F 5 s I W / 3 y Z X B P C 4 N 6 C N N 2 T i K / W 0 R 7 s R G e x o 817 Y + v I Q U / S Q + p U E j i Z I H u A / K T I f X 9 P V + i Q 1 V y H / R N 8 P a N Q H 1 + J P n e n i U 7 d P n s R e u D 4 S y v Z v Z v 6 p k k w D U c B 73 m C N 6 J l 19 a t Q v 9 t 2 P F r Q j L T W E A y S H 7 c 8044 W j a 9 o I 8 P Q X J F U F L S G R x e N j H V / w D l 8 p n J 7 R 2 P t J R q i P W m L W E 3 K 6 V G f W h y G R 9 r H C r r i c R 4 r K J I 98 r N 2 U v P x K G m x K d d 7 n s n G + a I O X L n Q g I d Y 3 b G T 6 S b o i H d c w y z J I 4 + + + p 4 R p R N 9 L i 6 l W V x n F g a / F j m B Q O L 8 e y P / Z H 4 s x I v 4 x X + x W B 9 y q j U B M 85 q U I 9 Y 1 O U i P m R + n 1 b 4 L T B n D 1 d V L 5 J r I h f U G A r k z y j K 8 O 7 v y t 71 C F f n S 2 z w c 0 Z V O e H + r p P Q a V Z i Q W 8 A c y V u P f F Z r 3 Q A S J G + 6 s 0 C z a h e w 0 l b 9 T b f F A W q L H A q 0 s Z + 5 A 6 V t i 6 w t S 5 h a J d 6 r W E W I r T s C f c V / 59 H U S f t 2 t Z X u 0 X b Q H 8 f u C M f x E P p V Y h q E e g m A O m g g Y S K q U 1 F S Y A p v + R T m i y H q 93 f 1 V p Z + P w P W 1 x c 8 J z p i 2 A m M N X X 55 b + 5 G e 6 A W p 3 x P Z g 1 j j g V l 5 / G a Z p V b 4 e T 0 n 6 J Y + T e m + V L Q h 0e4 t + e V P f T h v U a a x A N 2 Y + 4 M 0 Q a b m U Y W Y a w Z / P A n Y Y r 3 l G 3 Y w + S L I 9 q x c R m k Y T b 4 q 1 b Y s 4 b M j T i U L 2 / + 6 / f R H o K E e S K 8 F K S B B g 8 i z p w v j d A Z 1 S l T k 3 u x / p x g W e J e B 93 Z x I z s w Y g m 4 P P D l j r / X 9 t 8 k t E b F X e 2 r Q Y Z d j P O S M d K L w k X g O P w j z 9 / S B E R 29 I I s d 14 r 1 m q 5 E a g v e 5 C v v s b Y M 1 q b 2 Z C E B N 3 L a e J L S l H o n v i 4 X o E P F I H A c H c e / 2 v 9 f s l z d d 3 M P m o 3 Z j 8 U v q Q L D d 9 T g h Y N r D f G t Y D P B O R j s 7 z u 4 H J M g z H I w M I R a 9 I Y v f 7 Y / s H M g N 6 F D 8 k Y K 1 + r Z r S i x t n 6 x l o 77 o T 3 i C I q 84 v Z S 0 i u E I w B 0 R 4 W y A K v 9 + b 2 V z u 3 r N F v D j Y v Z v B z H 898 P b 3 I V B t N 2 p B W 7 D Y S u 8 a w k A d A 0 X 9 i b R S G Z M a 0 V c p G R 6 U Z U q j z l 9 s R t Q G U D f / z c X M o V H y f t / V 8 v T P 8 w t V j 25 k n g o y I M 5 z x 7 O D / S j W b x X z v Q c V + F m D F 5 w G 17 E f F O / J c j h o J L G C + H N S 3 Q I S h A 5 H Z 2 K l a Q d Q f U P g 8 V e p G H I M t m V j N q J E e z Z Y M d g j 1 e t o / H C E V v r d 87 m 130 + a R t w s L V U m J H d u 2 j U T x J n 3 R R 9 + / 25 h w R D V x / p G + Y D G o b b I P i a k K / H I 6 I N B O h 6 O 2 q Y s Q K P u T i d C 0 / e p 4 j z P l p F 11 i A b T d Q 4 j / J b i 64 y B S a w + 27 T P R Q Q + 5 z l 3 k m e s 1 r x d x 56 U d X 9 K T 6 j N 4 v s c P O d o e p I Z m d l U 6 Z f p t a E n i E s q 3 R y V / 4 X q s Y 7 Q M Z 1 l w A I m W o 1 n x m + 4 X Z 3 l u Q n 8 G / H + m E 8 L F o W O 5 K C / 34 M 71 r S d 1 L t k F L B y S 7 k K U H k / i f 9 + h 9 J J Q H U H X r 2 r K 2 M R 5 U 8 m 9 A K v R g w b 22 e O C x r G 0 S I Z F O R C t / O / f e Q L s 0 X m b e R 7 Q z p C 3 w X + n A u X + T U 4 W c s S w 1 z 2 C J m m + P k 1 P w j K C l 5 w 6 m x 8 E s + 5 I / r b f I x j k e m Y e o 7 Z V W r q U n j 34 r x i r l 2 E B S 8 o 99 L i 8 O C m 2 s r x A c z 4 L w F f K 0 V W e B w J T 56 / J B A 8 s h P l m X C P / s M j M X + M 67 j 2 h y f P R n i D y k q P 5 a w C D D T k J 1 J D E 2 h 7 C Y 5 L 1 L s j J G 0 c 2 P e X y f 9 k T n i J Q 0 K p E M Y 9 S W g 5 w 9 N c D k e i Z V r J M 2 B l g i Q p 3 m 4 H + j C U A G Z H h c P t w F O g T Z 7 A F 6 O Z Q / y O R s A m E x f 2 v q V 1 v 2 M k c Y Y C P q I Z m k e h i j b f N c M m i o p y g / n o 3 S B g G a e 69 Y p k G s F w r E 3 H f E a N 83 y 0e5 D y M u Z J G P 6 B w I W l s c Y s M a 0 v v A a / g g 6 R g D J P 9 y 3 r M R 19 + N X z E B 91 n y h 0 M u p 5 B F J k y q J Q Y w Z a Y / 2 B h 36 O v Q 0 N I n u g j + V V H h v A a 1 f 80 P t c D b d f B u u B z 2 i K w m h H h t c V 7 U M 5 F T C o m y s d Q i m 3 f K n l Z S 9 B F 5 i b l + Z f w E O w g K B t 7 o H 7 o g p r Y 13 M v r 9 M I F Z a k X a A S V v / P p M 35 v L 0 7 Y r n M p l / U f 15 R 9 v j e I d h 1 z b H q I y 7 d a b x f h I e B 48 q z m 8 E u c S p 56 Q L U U U 6 i 9 J 9 P K P 1 / v e V G R e W 1 c X B I j h L W c 6e484 w l l L H k P 0 w T E b j 4 m U s F l Q M g K H f i J B I 1 z 6 h P 4 / k G t k 0 P J i 3 o P 9 E G Q l m u i u 8 o E 9 w D f u X Z 5 F W k 1 Q n / Q d d 65 Y c Q h O i Z 5 M f A T D r Q O m a Z 4E4 n 81 j T 7 f W 0 8 G M D f l w 3 d m m o q b M M p D y n R e 2 x 68 m x v m r U V a F Z E 8 V Q f / i w 7 L B K w n S i W Z Q V e M H 3 u D W i s 5 g W S 5 z 8 J k I G P m O F M 1 y 2 r D K s 8 q m B B h C z O 7 P x M S 5 k o Y A 4 C b 5 s h h X f e 2 z U V + F A R 8 G Z U j 0 A t M N X l b J H a 1 P S 99 F H r l n d 0 B 28 v p K Z 0 8 m M v 4 B 1 S i u X x V z m + B u K 2 a 7 u M j D b e H 27 W H V Q T y S s t 4 X X T 0 g z t B + t Q V M 1 + r K V u e 4 m v l R G q s g Z Q H Y v q 2 O i l R F I X 0 x F 6 g W 32 O 2 D l M R s 67 e x q S L G N 7 e s g B m u F L G e o d u y h 6 s p P Z x y O g e D A h 78 e L 7 d e / C P / a a M R 95 x E w u Y F w A V i k / F o R o I l 5 s U Z p G 4 W 8 M R d K P 5 U I h h p R M Z c F F T d 8 e y a M z t 2 H z Z 6 K H i 30 r J c 1 c D C U 8 + 4 N B u Q z M m N B 4 p 2 v p t R y F h w 6 S s 7 w R x f d T 9 R p B Z o k o w 1 F c C Z x V L t I 1 R y B 8 u c d L Y i 0 e o c W z d f o L 3 K O q I E h H q j 53 U h / 9 p O G / n / l j w 1 W a G h V f 1 t J n e l x t 4 A K k N + q B G 4 X I 8 D K u K a F Y Q 0 Y d 5 W E W z n r W x 4 d k k P r S 3 Q 9 p 2 w I 8 u U n v x K M a p m v e J + 4 v u / q z n 0 T e h s D T 1 k 8 k n 2 / n + r y l 6 s + I t I r A 0 I W 0 u P c N l + b N O 15 o x L F + 1 W p / 63 I M 2 l 6 O U y U J i f c q 0 s 0 w B 4 u 7 b J n s / z K s X 3 / Q 3 R a 0 g l A s l 6 g g C D g Y v / c 39 O 841 A + G Q C D o m o A U E A 3 V w C P 5 a n 2 v W G D 8 D c x P / D W q t H V M t p n E r Y U O B 8 E F c 5 M 6 P k O 2 t 4 Z s e J p o j j j 2 X V D O m y g k B X m q M a C q L w X s Q p Q O i W r D f n U P 428 o T X d 2 i I + N S X D R b b a j d V w d O D b a v M G 31 O I r I 8 I N s W P K V u T 9 F R 7e8 A R g w 5 B p w Q j 1 a Q T b J h g S h 601 Y z d 9 i C q i t g p Q g V Y J k c 7 J f G R L A j w D K c H H d a Q W f a 6 R y 0 Z 4 U w n D R i s u P r + T s 8 U P 9 A / 7 S N k O b B r M l F C 0 B H + 29 r W + V B z y T m F o P P 2 F q l e 7 J a M m N Q Q y + U V t 9 / 9 s z r J q W O S 3 J k Y W z w 6 D G 0 l g N + z M t K L N T 2 E i y g Q 3 l j S K 11 q J 2 Z E 0E0 / c B r L T V O B B N G + Q X d K S f Q n + E 6 z Y D V D O R B e + i q 8 g r Q l 9 E V M y p P e N y c s L x K u b T X 9 H l z 0 872 m C a S / f 636 w U E D 1 i v i K E 7 u i V F a o V S R o 5 V 1 e M J 5 M 5 e I f X 6 B a u O e k N M R M z a m K 2 b 3 P V h G W Q L B C T B T r E 8 z 2 h I B U Z C I M T d 63 f A y 26 P t i v a b I X m G / X U D o a S 4 E j 8 A 5 v 8 D e 8 G U L V S P g 9 M y 1 c H x S + q L 1 j Y 4 R u A c 321 V Z 30 R J w w 9 p j k a 0 3 w / Z f V H z o c D Z 2 r I M o 5 m F U T E 78 a k Y z S n L D C C L T h 3 J M T W b 6 g C 1 H i v u c P j 4 u / A R k 9 X 8 E Q 7 t s q 9 M 6 z G c s W K H b j 6 j 4 t q i c A r a a 4 s + M t A V Z 2 V Q 9 S D A 3 z i G A 6 V C 0 C t x p 1 + W n I u k V Q i i 3 F w + o W k f v N C 8 K H + R k f H c r H F Q 8 r N p P g Z c H g t C W u w v R + / 2 C O S E 4 a J U b 6 U g 2 i a y + F P 0 B b g F r i 4 Z R N o g 0 M j q 9 b P 9 n O / c Y H T G 2 W S 3 p / c 0 e t 0 k m g S Q v Z 78 Y u c 8 h C p C q 2 q 422 S N V c Q P l J w x T T o W 4 K + R 2 e y q V j j Q G m l g Q g F U 9 g g T L C V G E 3 v D j y W L 6 W m C f 4 n 2 K 2 U r 2 d n X
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:08:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b533-43f8-4a6a-8ffa-417e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:08:19.000Z" ,
"modified" : "2016-03-11T12:08:19.000Z" ,
"description" : "Locky" ,
"pattern" : "[file:name = 'uy78hn654e.exe' AND file:hashes.SHA1 = 'e25418fb175eeda2d30e8a8b981753bd8844f9b7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:08:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2b534-a7f0-4508-b006-4c87950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:08:20.000Z" ,
"modified" : "2016-03-11T12:08:20.000Z" ,
"description" : "Locky" ,
"pattern" : "[file:name = 'uy78hn654e.exe' AND file:hashes.SHA256 = '7bcd80f4ba829652fcd4514585d00052ce8c8bdb48b3f7b651846de264bcba32']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T12:08:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2b581-9200-49b9-994d-4cb8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:09:37.000Z" ,
"modified" : "2016-03-11T12:09:37.000Z" ,
"first_observed" : "2016-03-11T12:09:37Z" ,
"last_observed" : "2016-03-11T12:09:37Z" ,
"number_observed" : 1 ,
"object_refs" : [
"email-message--56e2b581-9200-49b9-994d-4cb8950d210f"
] ,
"labels" : [
"misp:type=\"email-subject\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "email-message" ,
"spec_version" : "2.1" ,
"id" : "email-message--56e2b581-9200-49b9-994d-4cb8950d210f" ,
"is_multipart" : false ,
"subject" : "Scanned image"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--56e2b630-c57c-4fd5-bbda-4cb0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T12:12:32.000Z" ,
"modified" : "2016-03-11T12:12:32.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Payload delivery\""
] ,
"x_misp_category" : "Payload delivery" ,
"x_misp_comment" : "Email body" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Image data in PDF format has been attached to this email."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2c2aa-b95c-4d86-bb2a-482e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T13:05:46.000Z" ,
"modified" : "2016-03-11T13:05:46.000Z" ,
"first_observed" : "2016-03-11T13:05:46Z" ,
"last_observed" : "2016-03-11T13:05:46Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2c2aa-b95c-4d86-bb2a-482e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2c2aa-b95c-4d86-bb2a-482e02de0b81" ,
"value" : "https://www.virustotal.com/file/7bcd80f4ba829652fcd4514585d00052ce8c8bdb48b3f7b651846de264bcba32/analysis/1457699823/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2c2aa-e180-4caa-897d-463f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T13:05:46.000Z" ,
"modified" : "2016-03-11T13:05:46.000Z" ,
"first_observed" : "2016-03-11T13:05:46Z" ,
"last_observed" : "2016-03-11T13:05:46Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2c2aa-e180-4caa-897d-463f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2c2aa-e180-4caa-897d-463f02de0b81" ,
"value" : "https://www.virustotal.com/file/40d5b469de8f79e87135432e23b6f94c185e890f8d0aa19c427b89641ffbc49a/analysis/1457696636/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2c2aa-7f0c-4cc1-93d1-450402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T13:05:46.000Z" ,
"modified" : "2016-03-11T13:05:46.000Z" ,
"first_observed" : "2016-03-11T13:05:46Z" ,
"last_observed" : "2016-03-11T13:05:46Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2c2aa-7f0c-4cc1-93d1-450402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2c2aa-7f0c-4cc1-93d1-450402de0b81" ,
"value" : "https://www.virustotal.com/file/1510b2e001378f1a1a7ed5582a35f89269d6d32bf8e23f13a06f3f9f131fc4a3/analysis/1457694578/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2c2ab-2b30-4777-812c-4eda02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T13:05:47.000Z" ,
"modified" : "2016-03-11T13:05:47.000Z" ,
"first_observed" : "2016-03-11T13:05:47Z" ,
"last_observed" : "2016-03-11T13:05:47Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2c2ab-2b30-4777-812c-4eda02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2c2ab-2b30-4777-812c-4eda02de0b81" ,
"value" : "https://www.virustotal.com/file/a2e54950817f09e61a655f90e16a20781e138a926bf7e0557a62741840b07317/analysis/1457694765/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2c2ab-73d4-4f41-83f1-414a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T13:05:47.000Z" ,
"modified" : "2016-03-11T13:05:47.000Z" ,
"first_observed" : "2016-03-11T13:05:47Z" ,
"last_observed" : "2016-03-11T13:05:47Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2c2ab-73d4-4f41-83f1-414a02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2c2ab-73d4-4f41-83f1-414a02de0b81" ,
"value" : "https://www.virustotal.com/file/e2689971c91e31f8216c3a66c59b429305839ddbc3732f36021b54039eca670d/analysis/1457690823/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2c2ab-d2d8-4511-be39-4cbb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T13:05:47.000Z" ,
"modified" : "2016-03-11T13:05:47.000Z" ,
"first_observed" : "2016-03-11T13:05:47Z" ,
"last_observed" : "2016-03-11T13:05:47Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2c2ab-d2d8-4511-be39-4cbb02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2c2ab-d2d8-4511-be39-4cbb02de0b81" ,
"value" : "https://www.virustotal.com/file/5df6c456ca6136917a8dd1f98c5316d4bcc438639196afca58f61d31f8e6e6c7/analysis/1457693068/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2c2ab-db08-4c8b-b084-46c702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T13:05:47.000Z" ,
"modified" : "2016-03-11T13:05:47.000Z" ,
"first_observed" : "2016-03-11T13:05:47Z" ,
"last_observed" : "2016-03-11T13:05:47Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2c2ab-db08-4c8b-b084-46c702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2c2ab-db08-4c8b-b084-46c702de0b81" ,
"value" : "https://www.virustotal.com/file/c33babaf1e100437a8eac1dc30be2176f3ff775ef195b7f8a16577725b6574a0/analysis/1457694711/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2c2ac-7c10-4aad-81e7-474f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T13:05:48.000Z" ,
"modified" : "2016-03-11T13:05:48.000Z" ,
"first_observed" : "2016-03-11T13:05:48Z" ,
"last_observed" : "2016-03-11T13:05:48Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2c2ac-7c10-4aad-81e7-474f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2c2ac-7c10-4aad-81e7-474f02de0b81" ,
"value" : "https://www.virustotal.com/file/0a884c6fbe5314727a24b65eb1196a8d59ceae4b57ca237f4c5c974673545696/analysis/1457694016/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2c2ac-c8cc-4b5a-8e77-4e0d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T13:05:48.000Z" ,
"modified" : "2016-03-11T13:05:48.000Z" ,
"first_observed" : "2016-03-11T13:05:48Z" ,
"last_observed" : "2016-03-11T13:05:48Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2c2ac-c8cc-4b5a-8e77-4e0d02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2c2ac-c8cc-4b5a-8e77-4e0d02de0b81" ,
"value" : "https://www.virustotal.com/file/f365ae19431e7accfcd0d9977fb52cc288fc5f4b39c63f483105c8d5ee3cbea0/analysis/1457694289/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2c2ac-e6e4-4852-a5dd-408f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T13:05:48.000Z" ,
"modified" : "2016-03-11T13:05:48.000Z" ,
"first_observed" : "2016-03-11T13:05:48Z" ,
"last_observed" : "2016-03-11T13:05:48Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2c2ac-e6e4-4852-a5dd-408f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2c2ac-e6e4-4852-a5dd-408f02de0b81" ,
"value" : "https://www.virustotal.com/file/1a33338c6101ac66cdc79dbaed17267725d183fe37bd331c04b9580c69dde5f6/analysis/1457689951/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2c2ad-b018-4b87-b7f4-4c8f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T13:05:49.000Z" ,
"modified" : "2016-03-11T13:05:49.000Z" ,
"first_observed" : "2016-03-11T13:05:49Z" ,
"last_observed" : "2016-03-11T13:05:49Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2c2ad-b018-4b87-b7f4-4c8f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2c2ad-b018-4b87-b7f4-4c8f02de0b81" ,
"value" : "https://www.virustotal.com/file/3f789e86a91efa6409a60728a05dedf950443f5a75d2cb658f84ca4db0ba9a4a/analysis/1457693541/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2c7e8-e5a8-4253-9e40-659a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T13:28:08.000Z" ,
"modified" : "2016-03-11T13:28:08.000Z" ,
"description" : "Automatically added (via uy78hn654e.exe|e25418fb175eeda2d30e8a8b981753bd8844f9b7)" ,
"pattern" : "[file:name = 'uy78hn654e.exe' AND file:hashes.MD5 = '13174317a9acd10f244a6b87475c4866']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T13:28:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28a-df44-4bb4-9639-4963950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:46.000Z" ,
"modified" : "2016-03-11T15:21:46.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://joecockerhereqq.com/80.exe?1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28a-c9c4-4a5c-8233-4e96950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:46.000Z" ,
"modified" : "2016-03-11T15:21:46.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://joecockerhereqq.com/69.exe?1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28b-fda0-4646-92b2-4949950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:47.000Z" ,
"modified" : "2016-03-11T15:21:47.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://cazasports.com/system/logs/uy78hn654e.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28b-dbe0-4a9b-b945-4c48950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:47.000Z" ,
"modified" : "2016-03-11T15:21:47.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://perfumy_alice.republika.pl/08h867g5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28b-fb9c-4fc2-9e88-4b19950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:47.000Z" ,
"modified" : "2016-03-11T15:21:47.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://galit-law.co.il/32tguynjk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28c-7618-4c0f-b8b3-49eb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:48.000Z" ,
"modified" : "2016-03-11T15:21:48.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://peterdickem.com/87745g']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28c-65c4-4e05-be5b-4b1c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:48.000Z" ,
"modified" : "2016-03-11T15:21:48.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://stepsaweb.com/system/logs/uy78hn654e.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28c-05d4-4a82-bf81-4fc6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:48.000Z" ,
"modified" : "2016-03-11T15:21:48.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://vaanifashion.com/system/logs/uy78hn654e.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28d-3ffc-477f-8d56-45d6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:49.000Z" ,
"modified" : "2016-03-11T15:21:49.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'vaanifashion.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28d-891c-496d-807f-44c6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:49.000Z" ,
"modified" : "2016-03-11T15:21:49.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'stepsaweb.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28d-0600-4256-8ab0-43f3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:49.000Z" ,
"modified" : "2016-03-11T15:21:49.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'peterdickem.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28e-ae88-4e78-a71b-4e89950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:50.000Z" ,
"modified" : "2016-03-11T15:21:50.000Z" ,
"description" : "Download location" ,
"pattern" : "[file:name = 'perfumy_alice.republika.pl']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28e-a25c-45b1-86ae-49a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:50.000Z" ,
"modified" : "2016-03-11T15:21:50.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'galit-law.co.il']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28e-3c78-437a-8450-45e3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:50.000Z" ,
"modified" : "2016-03-11T15:21:50.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'joecockerhereqq.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28f-3c24-4fde-aa11-42db950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:51.000Z" ,
"modified" : "2016-03-11T15:21:51.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'cazasports.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28f-51c8-42b5-bf77-44e6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:51.000Z" ,
"modified" : "2016-03-11T15:21:51.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.202.206.107']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e28f-1768-4708-b90d-4c56950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:51.000Z" ,
"modified" : "2016-03-11T15:21:51.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.57.149.3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e290-f488-4401-926a-435f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:52.000Z" ,
"modified" : "2016-03-11T15:21:52.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.206.187.130']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e290-44c0-44b9-b7b4-41e3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:52.000Z" ,
"modified" : "2016-03-11T15:21:52.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'republika.pl']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e290-a5b0-4a52-b16b-4f68950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:52.000Z" ,
"modified" : "2016-03-11T15:21:52.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.180.150.17']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e291-34ac-47bd-adec-452c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:53.000Z" ,
"modified" : "2016-03-11T15:21:53.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.202.169.123']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e291-2040-4585-95fa-49f1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:53.000Z" ,
"modified" : "2016-03-11T15:21:53.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.120.42.190']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e291-b680-4dc9-a834-4157950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:53.000Z" ,
"modified" : "2016-03-11T15:21:53.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.212.162.6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e291-6570-4e8e-b78b-4c1f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:53.000Z" ,
"modified" : "2016-03-11T15:21:53.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.135.108.94']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e292-a914-4098-8246-49c7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:54.000Z" ,
"modified" : "2016-03-11T15:21:54.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.150.77.21']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e292-60d8-48db-a50e-4465950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:21:54.000Z" ,
"modified" : "2016-03-11T15:21:54.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.130.48.2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:21:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2d6-4038-45aa-b53e-4bbd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:02.000Z" ,
"modified" : "2016-03-11T15:23:02.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOF6a0iea137ewcAACIPAAAgABwANGE5MjJhYzFlYTJiNDUyZmQxMTdlNTE1NTFiMmU2NzVVVAkAA9bi4lbW4uJWdXgLAAEEIQAAAAQhAAAAgd98FiR2l7VeTpZ3AnxfOZ/ndjLYNTzum5FbLRAlCPjnPFMsnEOKToIiQPz/tbqxPOWTCHt4/kJeE/9VJYy7sI8n18P4zX2rJ0kIhc7Y8rOHtKC8eymhglKe++ddWUd7+v7ZunU8WZKlhB7/eToY92tR2Vb7GBPlBH44cwdGsgYsYXow845pdJhvtEimeMi31eQJt832Sv6Y4OFZtqFMIA1c44K0/D8pVPtWIqhrnQbpOpvhm1s3L87rjuhHvDP/eI7hZYD1PGSJXHdSRqGEraO44NE9TuqdZeb2tlJVDkYf4qiW7k6/2FVGVZzUh34CyAa+Q8nd8OS+vm36xMA58KYMPdPfCDhfUO66FuiG7xKXwAHvPa2fcwBT3nZltPS5T4Iz6mmueC8ZD8c4v2SeLsVprSZRq0O0WhBXvpyHJcTo9RGlQMTsDUgtnug8gRafehW4IvzxHs8ZXDfpYIsvFVdcPwjgwe4rUSMp1QzB4Ts8dbdygG0F1UFguwL6UdMX1uAiCbi0U1l5V8x6sphs5JbjTDSkSQC7q0Q4Y41v7iiOvBYrQLjTDASA1roetCf78dDNbl2enGHMUochJIlKAXs023u1mLDzehXRvAFvVbedjFjwDwRZuynhcvJT/XSef26osb4tSGtxckNqjKdV3aezEbvbMS0iBcwfe1ME/ndu9Y7n1lKAsuckSTS8LCrKOq6D8rIeGum/nR3h/KCwavSCtmKMx3e4jxphJgZL5HLSa24InQE8X0qPUHh9kCJ/SyS3Zdl3J53rFpnl1EY3di8mg2ix6X50KbEyOQfdEY3s+/aqFS2xgJCIALn+Mqw8UOnKNCK8fT67TM3dmG6OH27BJUmrew1wm37BLz3ok6is1CqhCeA7iW6BHU1u1xwfnAp8d4S54ji8ewq11RmeCCOYDltsHotlRQNshAmnrTE5nqxzd7Bkz+PYxuAB9z0p2xzgO3AkjDyvydEtPmnIaytIs7gQXqqt9wvW0W+liGPTrtB5dWwKox2vrecv6Iz8jHD88sljds3CTOnKw0jeYqvGG3bBG0YheuLhmLmS+MC8680tIQmB/EtuRDavaS5pvJifjLp7gndp25IpPyb9+82SDzW4b0weesueRrTmhs4rm8m04izWhQd3UO+SBlbvzCLJmkZ6O0egUTM8s6HHcRX3rnKhcN2x+m/8lgeQ7PK2Jpge9c9xIW3MJergwNOS+VOq3iMNAVQk/Vs4g4kPX2kA6J6c4c8chGqLO1OidBtm1rblqz7U1gHwqU5fCTn+ZG5SGVKTVbROsqtf1Yr+6n1YLGtey7m3U5uxVDXaI1FpaypakmJwqUqLu2MMQbK2LFnR7En9C2IG8DwcSMJLwhkFalZeKqJqegmsgR8NJmI42LZmJ5N6icAYgiO/MD4VhqYcf3JfJ+FZk3sRkI1+Uclu4uTV/B2pa7EGR1/I0Gp/VO01jP74E45tD0YmPezgIcjP1Dp480C33OTlxkES8dBbkIGhrwgC2xoZ2hGuiJAHNShCXNCym1AluftuYkZAw1wYT5wuiMGs0GvwQILtFLLTArEhdRI2JJJMr24QKqCZSfvr2FhEUg2So4Vuh7I3DzzOa1HHmOjSuQDBVShgzWehVWSxCXnf8x85ygkQroyLqJynIDfMoChY1GTkkUIuhY0HnglagjeGAjncy9oRJNeHhQYsVv9sIU84FoPhJ1sVBM69aiW1y9Vg+XDQyHw9vQW1cRnuxZmOQVzi2wTcQh4mdNpuyKwiQ7e5v5xAi+T0u0vhrWmxq5JAljedn+E5Y25mnZ/p1ubHvrgHo/ZtEY1XdKv+KgbwakVTTmzPGos0NxJPo6ZxxFUael1/SmhKxa5Y2bCKmS8Bm+ZcrA4LJ/xmVor1JLF+lnzXpuWFht4xpadgjENd3/2piiH3lDEDtf8vkeHbnpeLHTSqSqWDpgfsmtqMBq1S5z6IKG+lyBDSHzXS5IT4YCk7ni4BL2xScyx0tRvMeqwBfSd3uIiDd7t4/cRbcwTsCIqvBm7A4kziHhKjY3/r5BmE79dNN2dRqKgkid2rePk8WVYVqWlrpi9eaHe5X43LiQYFCmgaSgDGOVlLXPQgK569i0lcWJwnUcmBFkgXMJEc5zENzZ2yvvAK2ENu4aXyydWsaTCeJr5ti0rNyBCIeRImk4CUPaKbwCpDJfthSzjabGoEqamiKRALa8/z+ka6rRBLk7Xs2ktPapApUk4uIaaICiGc8leew7gw/1nXtTvA1LVilfE066VX8BLYYGP/0E0hoDQJeROQl8BkPxQPdyII4BwDjZOUBAF+17VAkqkqoPLsk1+qJtOWsIn6vwe4Oc29Bt4dgFQqA8QUVkBM+tgZy3q1FPps9Zsufa02sEqqP5Bh0ZwL6PorRiCS1PXILEsk0hIFrjXpIlppm98SGalt+U9eH+NfbHTG8ZdLjqd4TFNqG+HmxtnWCSJ0kCis035efry0pjWK2P904gsEeqsidC9FIPWNVr0RQmMu9wTyENLoRdlFckaVYxC3r9VP3ELG4li2amT4pzj0eiUO91E871BLBwiea137ewcAACIPAABQSwMECgAJAAAA4XprSBRypVUdAAAAEQAAAC0AHAA0YTkyMmFjMWVhMmI0NTJmZDExN2U1MTU1MWIyZTY3NS5maWxlbmFtZS50eHRVVAkAA9bi4lbW4uJWdXgLAAEEIQAAAAQhAAAAECqFL2/kvr47PeTgj+hK8KUmDZ8o9FWMe5Wg9udQSwcIFHKlVR0AAAARAAAAUEsBAh4DFAAJAAgA4XprSJ5rXft7BwAAIg8AACAAGAAAAAAAAQAAAKSBAAAAADRhOTIyYWMxZWEyYjQ1MmZkMTE3ZTUxNTUxYjJlNjc1VVQFAAPW4uJWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA4XprSBRypVUdAAAAEQAAAC0AGAAAAAAAAQAAAKSB5QcAADRhOTIyYWMxZWEyYjQ1MmZkMTE3ZTUxNTUxYjJlNjc1LmZpbGVuYW1lLnR4dFVUBQAD1uLiVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAB5CAAAAAA=' AND file:name = 'details_AZXMWC.js' AND file:hashes.MD5 = '4a922ac1ea2b452fd117e51551b2e675' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2d7-f160-4368-a077-4110950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:03.000Z" ,
"modified" : "2016-03-11T15:23:03.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'details_AZXMWC.js' AND file:hashes.SHA1 = '0d1a7e487a1828cc7a75459116daea3e9ba10250']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2d7-3384-49cb-a21e-468e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:03.000Z" ,
"modified" : "2016-03-11T15:23:03.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'details_AZXMWC.js' AND file:hashes.SHA256 = 'e02251de5222e9894cbcd875114a1ca39b526a1e3e0030cc5d6fca3f28a844d7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2d8-afec-413a-b785-4784950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:04.000Z" ,
"modified" : "2016-03-11T15:23:04.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOJ6a0hTLfOmhAcAACIPAAAgABwANDdmZjFmYjJiN2MwNWE1ZGFjYThlNTM4YTlhOWMyMzhVVAkAA9ji4lbY4uJWdXgLAAEEIQAAAAQhAAAAUf9JXWvahWNfGdHH2ZMGzTeokgu0QTrCEQFoPlQhvqSRU0C2FBQZs04Z1/ervIp9UEA7jz+Wcllb3Ew/V0i5L9hUcFDwu/3Tmp/kFu1Klld9rb+xaNzcIE0Ljbgf7lh2qwo8qyUoBRLYtXWl0AJ6kpfc3FzCA/nkSOXQwNdcTuLgTQoAcKjn/GIuyQ8uIEbPXfW3QUGTYJCKG1xX6hG6/diW6V8puoXZ14TnDMFYY5+ITpPM2bxGAUJmL9wmnwYzlUsnY6tnMRoHBKRAPdGtXNdZOXzbx1uYPL+vPuzDh8/xrgZVHe4m7TJwfcYdAFVBq3qByDZqJDfNAWPTs2WOwK8adO3FBSGcrI3fJk/DisTUp5O6IZaJs40W21R4WyOKxpd+4t6IpPSEUDzXpxR/TEQM1P/y3Z4MAKsMu+tsB7cR2atlG0DLchLzvTHxdqQ1zuWu7+paSuD72HamD3h04xgPP4zdbDrbYpZWRj7B5YMYKcQwtH+JRXOkzJbT7oJopOUZjuydfPArhlsJMkVqX8cEUkohKkijFzgIEKRl5JMFZZuRLWuG9dHaSBPqiMzunUzI+tVtgwFp6G9xLn9ooz/OQ63Jk1SFOQm4YDf11XrvVsQa3kXuEfmtk6TDyFnPOQGhz/t6HxiABvecfUn+yIxikV3rV8SVoJB/vW2NRnz1Dnhkn4AWg4QqUTubOeApnP83Y1tR/mjNpTTqfZoGi29EubMDMBh6l0monkRBH2MoZZ5DLX8VEHqb16ZUvYoWMUwjIspOqmONyS87qbAWS4vo2KCztLhwQzYZrRtHGnKnU2FPYkU/u6QDX5I+4M1eJLySft0PHx9Lnizsh5uVTIlKVu/LTMxxP87URx5rgZWZ2Q/DGyWV/Yjj4PUiFLMvyg/02TdBT5KvNlG//5cU/HCho4FEYMnXccR0xNg9mzqM4p73sDoQ0p7SpyeK+8Dxlu52NecCm5iMUM2H4ITlY30bM7FnRJF5nGgBByvIgnj6CeMiOYtIlUmOcRSp6EG50pqrE8iLl+KEJqVkHJKm4dvvjfGzOxnfsZIwQ9FcG5hIWoxZiAwdOAi8OruBuk84yhoWyZGNc0A7d0LashrcIL5awamDMVXAnNXdDgb8ECz3mDrRoJt9QDgIRCp5w9+KcIHjlQK0kFvRbbuTVTU00xrEuV0SWv+6xfW4wOqvinlplnUnNqM1FFznBdfztsLCunBY832uFz+ey/ZLz+o1+pOAboDKFx5cYKqwG6T2nuw4PeaQYOZhQEp/MMz+qSBddSqsdJdzC6N3WIUnPcMzuEwLYzmoA1lTJh+KXqJzbfxSOr4CiST2By5WuQMZjKxpJmeN0Ha7KXG/kX6AByat8yzJImK60dzA8C9BCXZyqTfudD0oZb9DxgGYVO0rI7lcgcCjcyKvEH9wkkE6e/yV6dQ6hSgXXvZJKo+tnxBmMB5sD8oSRFR0S0vLxbeZBW7z8CiUtPo66yJpfNklmPijYTzBXITsEM9RQ6TRRsNJIkhidpbplPpKNEaKm9QWqW9LIlTnwUwdn5ft1knJ8Ti6RMcT1wmgVsZCraWgbj0njM8mjHt2gxHwDiqcVB5kGYf0luopTTavYr9rc+P6wNIi+vjtgikwtFWN8xbZaWonVXErOW3ANrvC3wxyFkfd7wqNPHvopRwz7TInvrwzSdmNC0VkEGpktVxqvaFpyP54PJ58cTUczJ+aAr0O/CGolc8b6bmulmnPmUc0ersoC4LSl2M8WFOa9Y+fgXSwTH1LCrJnbV0eiHaaIMxh49+FIC68HMwLWmb4QC7XwkVf8kSdxTm1GENtknIUa8q1szc8EeBik/BkqqEpr+P2smRNWKId9PhWA88qulu6tmfhI3YKhRWNFC2FYFF0nkbkFQ6+e4rGGSKUYtOusk5mUw/qhzpipoGWKAv9FoqmpaerxMitKPD5opVe47mADzBIUE1OFIJ5k2FbqrA7ESCtkOzLiIKFpgKJ9cH0lB8HYnIL+WQPCCqmXEto5iOrmqsgJcSs782a5f9f6qrO6KnEMk7HNYU81kG1P8wJ9LlQ5/ykBjvtvZI8njaqC3fbhE6lemMunp3UcrsO+azHWoDjwGkZPknTh5Fz7dn+doWXyGSpN5doM3dy1o5efTmjAH3HskrW1Yx0jiI2pe8OMbvl/A6JronAa7pvmFB0WTJgPPNbygFC3TgU3s9CCIXYHKT9uM/zXYgHWIM5zqvdvjLuogAAPeLqFyk7vGhF4WNKSDNRrdIPSv//Wge9zGk80NihwJdr7ZjI3gmXIgipSs35pZRuHCnQvzWodNla30vO0ieitX/YYL55VqC4Sa/OC/Ge2SciY+6oF0bF+s98BsiYAdoiNcd6gTqXeQ2wRBUzBqaquQg/khTS3aoG9T1B5g6WypMa7jrkSvfRkoywRdzU0+cAKE58MSDNB/d6Q7xqDXKYDt/ZrzloI0n56zLSVkTfoJOSYKrK6RXBJNt+bSXRotGqDbT6Z+bp9JrJhmUQtiAxqKirfX60mzbpkhjoaeVNYLJeoGSr1om33PVO+hkCLziKFeEWDUrfw1BLBwhTLfOmhAcAACIPAABQSwMECgAJAAAA4nprSFJQAYwdAAAAEQAAAC0AHAA0N2ZmMWZiMmI3YzA1YTVkYWNhOGU1MzhhOWE5YzIzOC5maWxlbmFtZS50eHRVVAkAA9ji4lbY4uJWdXgLAAEEIQAAAAQhAAAA7KCsEr9FK/DZGyQF4Coyx/B6N0p2noHivOm4p/dQSwcIUlABjB0AAAARAAAAUEsBAh4DFAAJAAgA4nprSFMt86aEBwAAIg8AACAAGAAAAAAAAQAAAKSBAAAAADQ3ZmYxZmIyYjdjMDVhNWRhY2E4ZTUzOGE5YTljMjM4VVQFAAPY4uJWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA4nprSFJQAYwdAAAAEQAAAC0AGAAAAAAAAQAAAKSB7gcAADQ3ZmYxZmIyYjdjMDVhNWRhY2E4ZTUzOGE5YTljMjM4LmZpbGVuYW1lLnR4dFVUBQAD2OLiVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAACCCAAAAAA=' AND file:name = 'details_RedcCH.js' AND file:hashes.MD5 = '47ff1fb2b7c05a5daca8e538a9a9c238' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2d9-08ac-4a2c-9341-4079950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:05.000Z" ,
"modified" : "2016-03-11T15:23:05.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'details_RedcCH.js' AND file:hashes.SHA1 = '7fcfbcd04b93f4dfb2996c17ec609fe1261cf417']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2d9-4668-42b0-a2b7-4af5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:05.000Z" ,
"modified" : "2016-03-11T15:23:05.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'details_RedcCH.js' AND file:hashes.SHA256 = 'b92aa998fe6fe5667bd5418ee1f7773bc4d9634d9fcff440ab78e66d6c58d036']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2da-31b4-414d-9782-4452950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:06.000Z" ,
"modified" : "2016-03-11T15:23:06.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAON6a0gt+6OmewcAACIPAAAgABwAOThkODZlNmU1OTQ3N2QxNjQ3NzcwOWY2YmU5OTYxMjdVVAkAA9ri4lba4uJWdXgLAAEEIQAAAAQhAAAACrOCV5VQZGhAQlOhHgsg9PuBIl8vS2yZTON3mfEBcHAbjkdZteU8GvQGLRysvu7+9zdYTjaZNHa3BcjBZQ2UyYOuYgOFydJq7lNHRMrNQl1Wn+tv3NQoBRfvg9S4jPJ1WgZT6zfRkLX6kS8625eq9PjnS70qVpBtgZZmLt2QlSncf2qbtPQ20R1sffSAHNu9r9Ivud7SOwZxtT9xfEieEFOPqmPsONeFRV8hkvCZ7hVPim/jKFLrJhJxMkV5pKBoRHmWJD6FBa3cjx6KQTtyB/0CObzJQfUt3l2uIHnQuU3BU8OCEwq+PRSm8m2p8svqYOC+6+z/8xAC2Z5oYmsGOewRfbjnCar5rhk6FXB1EbLVL5PnG9g/kQ6lB2CU4QNrONvhYyKQi5WVMssK7Kfx5A9+C0muDIqvLJnL0Eoeboo2Jxs7V23FEea4NxsHG4G692wkS14PQR8LXPR/oLjoLojDb6a0oNjL4iJzQmkTVkR4nM5L6qzcth/NH4z8dpJ2b86JpvS+Tr5fDu77OeWCzZfq/ysLdOt9eZxi96Zg63P+VUv6KeGp4DsRsN8OVEh99dr7DlswG8ForInBeZ6NNksfAi46Xe2rwPsNkgu/tOgpXUyh/gtUEgrS9nSnZIfFeHCWKU6GMbvno1rXu4VCDqCoW87hRSMRORZYSiEW1qy+36o9XZUFOR/+nkpNr97xrH8UYmFicvnvhhMl4/dsZVZR06eZ/r6DREkMW9eosSPUqFP62T3F2dQI0GWZLRmh9lcbsWAoZUM1EI9aBqftyU9Xxjz8jtEAuKYtNk6VvNh7RieAcbQJn1nnSMHi3Pa3wthJNEhMQzFQ7rt4h3lWm6eE0Bke4Tzm9SCRvY27mNz0qaPmETz3uoEQk4DlQooyDNmK6TLD+ERqLaagfPACnwciXqskj3pwZElm+k5AxMYRHT2045jY5SjXnp66OCK5fBS3BUVBlWROhYjmCO1vKDR3MP4qHHUMqoVCszPhUwpI8ko3ARLDQiXna12UIhAw3XJtl3zWNahLzf3wYZXSosYwo18AGvPpwUkFk8ZH8owitZMbbLZ/d2uemL6HQWU4JKZlSXu6Bdl6sfGOZogFQuTSNiWCXSLs+PPsom+csNRuVOQR3c+WOYHkUbs5iLGaRF9O7LuE+CsKgOiz99pi0YmIzo2iy1l6zi8fSWuB1g1bhEEl8b4xXcmFBF81ItW0Qh3MYrn9PRrkgaQA5qfXjm7XTRWgyjgQ1BaZ2Zjx50L/LnRQfi0cCuDGJcswFSmh4b4m4V9ALnI6eKieMIs1zdqKkIv/uWYlWAeeTMXn93DbRYXVcU/7zbLZ9Ixj9g48l7Zi3rO2u1pYaYArnosz5qFRHScVpyGo53m50yQvg+raNcTTpA/Okym4p8BDzgudfcstvCMwOysBeZ7SEVlLSCs1UfMpfWl/SMO8Er2qlnHTsARbxDW7EzDH73Pr7VKqYgO8iE1y+mRCpWh8HKK3MXpPR5b57XWjga6BB8sdQns22Al2aBQyrpnuchjhlmP/TBc3qNc2g/MsIyl/dYIis3RpuipbIWxYPALcx0QsEP4cUfePy7dsdpxn21pxisrp4b4zRNRaGbpiR2qOZzm1wcsaZvGdGzRB7hED6MvMfj2V3Cr8Bh2kp4ZMZhFZCNud8MDfclNswjUNAvUfBDGqp6JNgFLPcql24GAhalmOgePXUm/x2jGUjmwo1bh6furkZUPfPPk0qttr0LOoYsJ1idH2y/6/vG0W2zV77Aq0fbTdLzvdG6oVMA5j1XHWvcgvjUASAict0y8em1/80rg4GTNdjuPMW8gPdsSAcV2qLdrXaA66nMkZcKsrBqpILd9mvkM40v0/hM+UrQHnOTIDARCUwFUefEXoftaHF3D0aQadtoOclxWuL43QkhlfgeM/yWa3BUfLtj7LKPRY9csTWzSqFvH6kiyFW6rzakFAJNvpMFnh3bYsup+qai4npk+sGJHfbBnxUvGphpOTqzb24vBiZI6zUbi+Gha/oXq4LUs3x5gOOu3S6JmYpRUBBqR2Et+W9Alh2XOn4V9rLaVoWc3KZ+FyYZ+it7O1LTPZ7MF46bkBR+WEE0xtq16V+APgKDawUEqJFbZ+oo72fGKZmeY/38sBDf2KPlXV8Vc4Y6jrEimcBjd+rl8skpiXYfR2JS/5VVATxXomzfY6EOZ9SGCREpVBOftrrCi9MlCV0ODlnUOlwVxifmrdJnz4aNKr7qIZ4qMyIh9xvNiHhMl1lzowZKjKnZO7MfMDVxztmo+JR87tqU9oqem/+CW6hP4cy76VHSO2zDmJaN4NrbRiOe9jW7DuJCjxghciDftpZfiHSTzLXwKPs0g6EnVW4abbH/xfva8ClqK4mXdgTvDaINI0cjT8ByTbmadbUMJ/mZC5xgCd01OPG9Y+mdQcvkjbGEc9rMdLJFuc+2/8THml0tG3pTVf7jk2gUCvlbbIAzHveUI+sV0sYHmjRQIntwweyohgdDrYFIfKVaZBBYhsQu6i6QfG/I1t6gja3k9qu1zA5J5UDtvPCHPpnFBLBwgt+6OmewcAACIPAABQSwMECgAJAAAA43prSF57JjcdAAAAEQAAAC0AHAA5OGQ4NmU2ZTU5NDc3ZDE2NDc3NzA5ZjZiZTk5NjEyNy5maWxlbmFtZS50eHRVVAkAA9ri4lba4uJWdXgLAAEEIQAAAAQhAAAA0cZ39vxgAk60ideG867U1So8i/0Dkgluk+KWD1xQSwcIXnsmNx0AAAARAAAAUEsBAh4DFAAJAAgA43prSC37o6Z7BwAAIg8AACAAGAAAAAAAAQAAAKSBAAAAADk4ZDg2ZTZlNTk0NzdkMTY0Nzc3MDlmNmJlOTk2MTI3VVQFAAPa4uJWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA43prSF57JjcdAAAAEQAAAC0AGAAAAAAAAQAAAKSB5QcAADk4ZDg2ZTZlNTk0NzdkMTY0Nzc3MDlmNmJlOTk2MTI3LmZpbGVuYW1lLnR4dFVUBQAD2uLiVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAB5CAAAAAA=' AND file:name = 'details_WSgYuW.js' AND file:hashes.MD5 = '98d86e6e59477d16477709f6be996127' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2db-d840-45f8-86e7-4caf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:07.000Z" ,
"modified" : "2016-03-11T15:23:07.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'details_WSgYuW.js' AND file:hashes.SHA1 = '0ef7974b66135bfd95e03e93e128f3382e919046']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2db-d55c-4a2d-953e-4127950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:07.000Z" ,
"modified" : "2016-03-11T15:23:07.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'details_WSgYuW.js' AND file:hashes.SHA256 = '873fb560250755555e2530a4c9a58553b1aea9d52fc4282e5547edc20fbededa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2dc-cf78-4df3-8251-4363950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:08.000Z" ,
"modified" : "2016-03-11T15:23:08.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOR6a0jADdhrgAcAACEPAAAgABwAZjkxY2U4YTQwYTkyNmU1OTc5MjgzZGY2ZTJmYWQ3YWNVVAkAA9zi4lbc4uJWdXgLAAEEIQAAAAQhAAAAOZZk0ufCK7dWSCxUqEkDoEHKk6ceYjqAc4Hd9Qq8hMj9EqKAwU3dIfQjXKT+muw7PWpCD/owNRSYsI0nBELlCFPGYboaXJhP8E3YBFo97OBLhc+kqRMCWRG4ILlE9D35SJr9O/xC5s8uS7OQlIinntQaODIcmzenxpDw4Kd8oqBn9ahWkv3kxLPLyOb/h0HAuHJkgHizi56eCXW1u3KP3GnxDYpyXsLzHiP4rgFdP5fG0Ra7ivkmvPOw/1qjcZ/hAQC8uDQW0Tv8nCi1IyQGEoiSw6tJpZh4KJmTm/KTysQiGoxh4f1qRqpxQMVVJr4OY7wii3RocW/izLhicGOFpFFAh93nkWedvwI5yxslpiMuvuLICY7DKXeH1qeCL79ZTxhW8HRhRD9A7oPLTsuKcc0dKnJOW2hmE0kcOJnXcccYCF497a/F54kt0SfziuRIwPwIQLhZ3+tM+e3h2QpFaMQjEEER3tfDSAEbGaU1ENaK8Z5oJToUsTjnSDOCmSWsyFzIBVVL82WvhPiqBZEj7HdF/ONLhhuBM8Pe9lDtwmme8FoqzlgD5psSAH3QJR1Rm7TSEH834/0gHKaUJxptuxtC+qC1IPc0eF6DPgaqSroHgT6lj2SZ/jdCKYlckjxpAd522y/hO2zUwRC1xcw9Z8iAiuXmH99eBepZ2PiuH6Yt1B5cNVgSa347NxKqxPicXUr4hL7qywtaTACfQ0nmZbJ1PW2aIb/0baDII/kQYoDl497hlJ0QRDDoqHdWcgTo8DY2ZC2aE4KfbW3cZytjhaGMcywWIKhWLrub29SAhjVXSSFNVghzUEH3AryOgvNMLpQpJnST4aotx/vUC6HP7rqMx/kYO/jWO5E2GNgwjhquKYATi7qlcyaJrcWd95yo4H0zD/OJ5NLlA1V+zfFAb70K74kbmIyYyH9pMz5CfyT+dlRIc1r5SvPGkYhb5jXh96RkBENGnLtUJP+p2+WQec9X9Z81REhm2R3jCHsv39UAJxP/2Y7q/shcpPudC/bJ7Gf4v5QGD3XpY52fdk3xv5oMnodj3567U6EfACtm1wvvxygyBhYpiO2WYRGWMm5Ocz9GZLTn8v4NK+7uO72WjXZrJpfoR/WOf3b4RgWj2+Al18FNO5Elgqjtjzek4cAdQHq5VHfgPWsVzpmrlykUU8YAtCHaStoDx8wpExmAF1p82N53yTo3L9H2NIEeGGtBmMRiwkR0UBwFyR2VB4tTRHZf9pmtRS/WoHjrus9p9W9Df/t5KygpQaxFS+n2gUVHSPTmGBp/7DgL+1GTLXikQmTt8xyW7cCYO+yUTMTw7W6dSkFXujSO4gmt69VwoJePaFIZRcbedgJs7+EnR7h18ZL3DwpXYVWg7pHsw5l2j1aB3bWL2G2iO7sAi4511o/HJsyjc/xZ0a0gmPjkJ6I46u6eiKyV6aEwXtZnc6meSz2IsoMUXK2OfAoKeGmUPjDHl4KVGv5jHD0K3ndmldSRUjPt51321S2ymsWpgsMkNTq0cTAkM5rX8GMLP4gqqVHeT3k+EXOkaptHZ9adKyrzGc+B+TT8j4YF+gJr+lihDZmOMxVJFxsx6cWEPGn+VfzPEnlZN+fMSbxjr2meLUCAWNUHRujkNvOt889Kynlfd0GLJGNOZPtVcPkTyZVisZCxm1lHsqW1AWdsM+QPDBNaMTh8BdhaULZtZtpYwyDNEAH9mNF5Lom+sqjxA/yW/DRYeVb551NmpzFJyry/tCqx+4hKWe6Xp2Yt/FyyyXlSe55TeTAwvo0W69OQZXxcHd4sFG8s7CUrjPZF9FTN6x9CMUdqzaTCoyeoT/Yl2SympEkzTIxktAK4TyQ/SkFGox+on4oo4a8KnIzFyU4yJj4GW6FU/HfWXWeHPbC32LeiFeND/rig6tSJHm/0IvZFevlKmrdA0E8NbFGQpi0yfWyLIDYSGaYVlVqT4xSqIM6gGelGwWKlntpsV6juCc5tVGbjeuccE2HNK0iQIlyFCX4v3ShzlNYWknH3APvFHbNsIYJC8uBziK89UD6EmsLtDBat0VlKZVQnXbyRuPfV5hxql6oo6mCxpLhOjvmu4ak7i7TZRZh4ddqp3BXKGRgcRXO9kijy4KgfSTBKS8Tkl1M6fssst6XE03WKX6nKT5wrmy0CEHCD8h80odRCjGFCJGScJv1RWj4IuA84bjz7Zjk1+H6cTrTB7OZPLZWvFcVhDznIrVEfAe3ZzyWnfAhBcn9YCm/1a5sfJeF3G9KQZcvxBugAA4kM9IzH0X5bmCihAgE9S2KRc2AhRYvB0RTSgulSK435M0y3QB4SXb5mP86c456L8KD67KYmm2kYaCgbYdMkVNavfPXnRzbHbx18sgwqbQYHnHiSzvKlOnnMcyfkJ8P16logBRzMG0GW7/GkwAqclgPas+wb955iqy8ZLupUd8yHvD3okHEfJV70bAT1RRczb/Rm6X99kB/cugou+je/Gu5ITdNHMK5cNRV3pk2xeu+yaTRqiA0XO1gqsytjVB7nUNhpKuA2nykC9iUhIorFs6hgWUIMZnHJZVgjz+vmUEsHCMAN2GuABwAAIQ8AAFBLAwQKAAkAAADkemtI+RqCWB0AAAARAAAALQAcAGY5MWNlOGE0MGE5MjZlNTk3OTI4M2RmNmUyZmFkN2FjLmZpbGVuYW1lLnR4dFVUCQAD3OLiVtzi4lZ1eAsAAQQhAAAABCEAAADcY/vTn6G5LBQKQ3Q2ndQNcZknu5UdPIOqXo1bh1BLBwj5GoJYHQAAABEAAABQSwECHgMUAAkACADkemtIwA3Ya4AHAAAhDwAAIAAYAAAAAAABAAAApIEAAAAAZjkxY2U4YTQwYTkyNmU1OTc5MjgzZGY2ZTJmYWQ3YWNVVAUAA9zi4lZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADkemtI+RqCWB0AAAARAAAALQAYAAAAAAABAAAApIHqBwAAZjkxY2U4YTQwYTkyNmU1OTc5MjgzZGY2ZTJmYWQ3YWMuZmlsZW5hbWUudHh0VVQFAAPc4uJWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAH4IAAAAAA==' AND file:name = 'details_ZleWjn.js' AND file:hashes.MD5 = 'f91ce8a40a926e5979283df6e2fad7ac' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2dc-3278-4e9d-965c-4021950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:08.000Z" ,
"modified" : "2016-03-11T15:23:08.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'details_ZleWjn.js' AND file:hashes.SHA1 = '1e2a2ea134cf982b1ada7c80795d499b670749e9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2dd-f6e4-4427-8fd3-41c5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:09.000Z" ,
"modified" : "2016-03-11T15:23:09.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'details_ZleWjn.js' AND file:hashes.SHA256 = 'ae7ae85fa40082dd01903aab3b519dce955878c05fb5618d95aa3610de719fe8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2de-34a0-42f5-8264-46fe950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:10.000Z" ,
"modified" : "2016-03-11T15:23:10.000Z" ,
"description" : "unique .js file" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A O V 6 a 0 h / 5 B u 5 l g o A A P U V A A A g A B w A M W E 5 M z B i N m Q 5 Z j l i N W F m Z D A x O T l j Z G E 3 Y j E w Z j V i M T d V V A k A A 97 i 4 l b e 4 u J W d X g L A A E E I Q A A A A Q h A A A A F T o k x V X s d k G b j x X C w 1 t 83 a b z e Y S w q A H D 4 T B W G z n o J Z C B 6 B / w P r h a u X W B v + N K s V 0 u G n m M R 8 D H W g t t H F v s z 9 S w L W p i J W m I Q v C c O L D J N k m W 5 + U c 3 d 5 l W 1 C a 5 Q L V K I G e h k 7 K N I X z y G K r i y + W A L a t 7 U F T B Q 3 P 9 p z 5 q F O E v P A z 26 G M v 1 W 4 q 3 e g E x l N f 3 n h D o k E F L I c 68 C c j J d 6 v u z a O Z N r 1 O p C b / D k L F h E q T l z / L y k Z R E P R M K Q 3 M c J T X 2 l 24 a K T e P c L c i p 1 S K X b W w N a L W P Y 1 H 8 x 7 y F q n o S / U 7 J v V c b W e M R 9 m b j 9 E N P P E 5 i A h h d o v V D p n i g E S X k Y q + k J J Y s g q 9 o z 3 d S 8 J v e v r K 3 M 0 s n / H s f R n e b A N J c s m S I p g U Y M q u / z z w K C M 0 / f p L / B R 438 J 1 / a 9 b r 1 / U D U X n u f f k u o i 5 P B / Y y K K 2 D 39 K E q A 8 S p p C + n C D r I g o D J W m e f a D C z L c p W A 2 X b h h k h m u z 3 T E a E 4 c / l 9 N Z Z F I x L x 3 N z D l X M G 5 q 2 T S M k y u X f B 3 U s l a Y M n m P M N A 9 P 97 r J Z T l d w k 9 J r Y n O 7 B m 0 x C H h 5 h B K b 0 E r 58 F h H j e V l C 3 F w U Y I 7 S b P w A z z e r K 9 v 7 + E f C n X T 1 d Y 9 R v k j 75 F w X y J v 5 M D 9 y g o C c p v n b g i H 6 G x I p 34 V D z B e X J b N M b v O p s 2 C Z i P r x I c j t T b b u h + q T z A g t o e C i z s V x d u l t F x E D u + q i g W o 2 S P 733 Y U A 602e2 C 4394 C I E J A u b Y N 4 i D f x c w V / M 3 n x s u F h j k y o q A x X J 258 v a 2 U l 1 r m o G X F 8 z Q 3 y 0 Z x 5 c + M A / d s e q w f d q 9 W r r K U Q s N R w c A t Y L K l t F j K Z i V i s w n M J 9 F K / T V U S V Y c a b 9 S D 52 Q 4 M h e y S J k 3 d O 8 S s d J L Y r B f a l O 7 b R x f r D F n r 5 + F y m G y c y L v D q Q j H a Q u a v W + c K e I n + b 2 S q F r u t e v f + j G F n i O 8 K a + 77 N + l r x / a S R P g I V K 5 Q 7 s J b w W / O A 7 l P U K B t O 3 i C A f g Z C b K 0 j F Q e A 0 h z K x F r c 58 R k N S 0 W / y B m W f 9 Z S / o G Y / L o k p l B 71 U z U p Z 6 Z k 7 l M X 4 G j f u l l V v G B U 2 j 3 O F u p s D 0 Q k 217 e p L v 9 y T Q Q S s s E V X 7 X M I d W e H H s f k t o h J j 3 t i Q s 0 G H 9 Z 5 u I a K 3 p e 7 u d C I Q Z Q 4 y / i r Y G Q Q b Y 97 j 4 l A / A f 5 f R / x k 8 + 9 w G v x 55 H Y e u O E 1 k q m 7 h m U c H X / a X B a j 0 z Y F n 0 o K l M H K 9 L h N q G N 3 q a n F u n s 3 t r h 1 A V l L x Q m g f M D v u N U u L J 3 X J o p c J C c U W G V 966 c I u L w p / 2 + 1 q F 4 X d d F h h M Q 8 R u x L n t K 2 Q b 97 p s F F h p K g A F 8e3 u q W m X i v o V G W 7 J t S k j j P X u 9 F Z p W i H T V M 3 a 9 M s K x E 4 H l N l U J 7 n W V T E v x I L 4 g m P l L F W t f z Q e R D o B n l V a V u a H 6 c s L p E 2 n k T 32 r O C e 0 g T 4 b 6 g O X E K 8 f y 9 S K j r S X / G n b L n 5 g x / o C q j g I 3 W Y e 3 A + 2 K 8 N n 3 C K + w b D d 6 r X S H 79 Y G t l j L c Q o K 3 D z l T T 4 F i Z 6 / Q 6 O t j 9 O z 8 l s N Q A L s U b a F H M 9 w R u N / C q Q a d 1 S R F 8 I y t q O O + d 7 F S Z j N g e L / x 8 H 4 / u e S y E k / w f 2 b y h j I T i R N M A L T i G G h f I P v H i 0 e P q k a o D r h W r m k U I J 1 j w d e u F c W N c X 0 N e W s s v I w 0 B v d t V W 5 V T Y u g c 1 o E d 44 Y X f 6 J n S 11 + 8 G e 3 d i b h M Z q E E 1 l t R g 3 v w L p a 1 X + o S 9 / f I o B h d q o X 0 K i I a G w E O e B W u s t s R 8 f a u 8 W r 0 r K h r S F J C Y P 6 k h W g e b 1 c 1 C l C D q y R Y C m G / h F r r G j h 42 L v I P a V r 1 V j U m z w E Y O w h T B v 88 u y D M Z + C C P z p V d O R J U N j E q 4 y 70 l V H 9 a q E k s 5 a N S w j w p M l R 57 / O 5 b D R H F t F u n + l Y U x H W 2 R z A X K J 5 Z Z M O k / d m 8 p k 90 V 0 7 B R U Y h 2 d B M A 8 M w H I q 6 R 8 s 4 j b X 9 d 8 S N u L d g M 3 v q B J 0 5 L A j s T q H m 4 C 0 P p w X H Q q y G 8 P s J V T X I p 5 A Q + g i D Q b l w O t d O f 2 o k Z E e B D T 1 h G X v A F m t I Q 8 e d V h 59 s q H a f W 4 B 1 C i R N w 55 i C w r 9 P R B Y X c i 45 b Y h g z r z z Z b N a i j M c F 8 d j 8 F I z E e I 5 W F + / R J g X L R L z m z j u f h L y i 5 o k n V X 1 X 7 k R I j X / s b K 2 l S C B h r k 1 g Y 86 a V r J F I h a d d v i l y i V R 6 T z g L Q O 0 7 W w x r o g v / a r C Z 4 R I J a v w N y + q V e J n y q o / T w k f 5 g N f w w q V r 6 o J Z Z K i M b f Y t P F z F i 5 F W / A j l + K q i t z L J A i 4 / q n O u i S R d S p o h Y + M M D 7 D 7 Q F 8 s A 8 p 7 e X d T f 87 M D S 786 / e 55 s u v j h 25 s M e 4 T A 2 V u Z j S 65 Y M C M S e i B c / L o 93 N z 5 x 36 b c c d 9 R s 3 M M X Y H T r N 35 u S D 3 f 0 v w X n F R l y u B j y L U + s 3 h M T k d M w k 7 H z x d k P d w m M p U K w Q K 72 f a 8 W C z A 0 Q Y F N 5 l E U 5 v j u X 4 q x p t 8 T Z A 4 N l F 1 C C S F O x L 0 g d G n T P x / f Z G I m N z 2 O E / k n g O 1 + l k K k k P l Q a j + F v 2 u d q 5 j g P K w O J z u q B i z w / H n T f W u 6 l F R p H X e 8 y s C N v J U 0 z 28 e R S + u l G f e b p 5 p c K L z 1 R k I p 3 X w r n 8 J P R R E g Y a 0 n x e 5 n w w G N k P 7 K 9 Y e f L j 0 q V r U 2 f 2 C 38 A 0 F p Y C 6 z u a A e a w N C g h v Y Z 64 z D M 2 W J o 85 B q B l y X k c m W 1 O q J P U o y E U 3 V 4 F H p q l S X 72792 b V h f D L 8 T D 2 D 9 x o L o M m c i s f e h c B n Q g J 8 T D U n E G U 0 t e x s R Y S S u V P b O k T L 2 H r 57 I T M p I L D i o r J S F O m h J D L a Y A G P m v c u d e V k h X 976 s r 0 a / 2 o K d L f q O y v T f u I n O E V n J B 7 W V u v 71 N E H g f b S w b K A 72 J 7 c Y g V L 2 j 5 g f s T 4 Q n H 9 L 2 Z r 2 I E 77 B / Q 0 t I 9 T Y A + 7 t c 8 g a B s R Y X q p E T m 98 l R B c N K + r I T R A W O V C 4 H f L g o z u b + s d a R n 0E8 q I M 9 W s + k o T i g 23 S V q 8 X E s k f u R F c b f 5 P H t k y + 8 j s A 8 L E 1 + 315 r p 6 Y N 3 J f O e I c p E C v L C Z R r i 0e5 K H c I P m S Q I Z 7 u U V k l L S a 7 R C X L t z 7 b M b p Y W 8 K T m t x e u 1 z m p j u m 5 / I 5 w I Z x m 6 T E k I 3 o 8 p v N 1 y r S l S A K r b 0 A I b u V J 6 h u w F / o R L 0 h V f Z v a 3 i u Y P 2 j u x g Z e 585 W 2 y j / 72 o h P t T 6 f S y N 0 i f z N m 2 C y n v G V e q D g d q W 3 y S H C d K L A O I z n l T r G j F Y t t I G b Z 4 x 81 M 3 e u E b B 7 R z y G Z R o m I j w 6 U A I r 2 N 2 p K n O p 7 v k l e X T I 4 F 0 K Q 0 2 P C 1 s 6 T 1 + Q H L k M j / 6 q u p U U v 4 P 25 T E s d F 7 y h x c 9 a Y Y x b d E I M y I 4 j p 77 j G h 2 m S o F x w O I Q A 6 a I u y d s Z s 1 F k I Z K I 2 I f Z t S A i q A x R x / c C R m C j U S d 4 y s l 6 b V f N X U i p c Z p A U c T r O m Y H e J l t r r I 7 r F 2 s M 2 d B o T 8 x m i r G V m m X O y 5 r C / 7 C L n I k K N q u x V f O 3 / b P F V Q D b Y O A D L H 923 x U w v h 4 d S z r 1 V 8 g W / z m V a F C r C N + Y f D B F W 8 i J d I B 0 n W k K s x T c q V h w x S N S d S N R P L 1 k y M g + q Z a F W U V z Z G I j 3 Y Z K n 4 r o D / Q n g 81 Q o 1 I F G z 0 Q 311 a d u K c 3 A n 0 y k Y H o y N r J m J B I J g A z K i Y 7 K T F 4 F 5 T 0 w W q R j B g r K U b Z E J 3 l k H B 8 m D 16 x O 6 h k k W P v E S w y b h Y 4 r k u w c 9 E U B 8 y i D y i 4 F n K L I E A w c v j Y U l j C 0 h n o J j 7 G 0 6 u d i i n V p W V 1 h R g e f D L z P //DiTefguKrQKu68Z9fqP9bo8yYOPRgdlOT3mn6QLt4w5j56NS9sZkglBLBwh/5Bu5lgoAAPUVAABQSwMECgAJAAAA5XprSKF+NTQcAAAAEAAAAC0AHAAxYTkzMGI2ZDlmOWI1YWZkMDE5OWNkYTdiMTBmNWIxNy5maWxlbmFtZS50eHRVVAkAA97i4lbe4uJWdXgLAAEEIQAAAAQhAAAA7sFTXcSUrREPzKux9dMkj3X4Y+s0ssDN2kghYlBLBwihfjU0HAAAABAAAABQSwECHgMUAAkACADlemtIf+QbuZYKAAD1FQAAIAAYAAAAAAABAAAApIEAAAAAMWE5MzBiNmQ5ZjliNWFmZDAxOT
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2de-dfd8-417a-9922-480c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:10.000Z" ,
"modified" : "2016-03-11T15:23:10.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'KHD4983572607.js' AND file:hashes.SHA1 = '06e04084d8db797abed85f08d3446aa46c1d87e6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2df-c8d0-4383-a2db-4410950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:11.000Z" ,
"modified" : "2016-03-11T15:23:11.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'KHD4983572607.js' AND file:hashes.SHA256 = '3204df9176fc0cf9e2b0a255076b125c69841673b96e2d9deab63c203b6e2977']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e0-a4ec-40ae-a40f-4f28950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:12.000Z" ,
"modified" : "2016-03-11T15:23:12.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOZ6a0jiW61xhgcAACIPAAAgABwAMDIxMWU3YmM3ODliMWJjZjVjOGZiODA4OTJhNjM3ZTFVVAkAA+Di4lbg4uJWdXgLAAEEIQAAAAQhAAAAYdrTrT31ZLhNqu2nsLOfkdvJFgNkgj+8FaOQQgVpVs/CqJKxEvEzMW7+aNa3giWMY/tYib07bzCgzP5ACtM8YHbAdAQLzLuTLP2tyAe3Yy0qjtqqJtYATYU1QRAE7cezLCi5gBnO31yZrn+Z4CDPoThHBtNkhLTjQDV6PzZ4u5ThyYUckw46C7ZNDNAmkj7eDqE7fto4N5RogVQuqryCUuc5kWQeuJ2mfdSIgrfva0PKbfdotGN0JSFeZbHQOlb21uoawMPZUKePzgmwv56RL2WwCRwfp6oFNHB1P7ck8hhKupSlQUbO4WhRjXHkCJBX0QSPnZ54810lUqA+UpoT62fZhMdgLgvTvCi5A+fq8j34FFplS+j/5FKdCc2csyfpFa97BGtCiwwYdYn3x5qZEpv9dOlGNCCfrF787GuK0j1PuRBb8sl+2pJr12sKHpd9UakWryGnVH6GvursaZJXwqStpSR1bq5CSTGOoqNGTaOfZp+DwJQkDQZQky2X4CAqqgRCLGKwox/v9NIityU5bMn3iS5d3LpKWDYI/qOY8JZ3Cide7eAf6L+MvTCZlKsrPh2xxZeID9caZjwMP9pky3t5wA45302ZlXmr0dT9bNxcYgAEAeTK3QpBikpE/n3bgzyue6HUjlCxdKLVMXoXoo8f7YP1uhuLxiA00zy2yk5UhNB+ePfhwaA5ziejDy+HwOiEt+eqZ4Dl4ifxazXGV5TbQHZFdaCNyNuH3lAaTRRCwfglb7GMNKrxyHMBILx3VOCn2mZmgwVqgLmWJF+EGHOEMrac3B6L3WkuiV6A+N0nxLeCafTtNxZNjOG/D/3bl+/vrGFOWgtDbtg3/3lXT9n9b1faDU3FTR94ecYt/f43DHA86A+y5jB5c1JPJTMhDibKJgYfrpS4eAcAAbI8a9vGSXpbj1Eil6RfBpK6by8HZXMWMOQWeJ3IiAOmaMFNZ+4fS5xljSZrtvjQYj+FgPlN3kw8/nFB6C1RblfL0PbfdLHD1P/a2msCEwDrlpVTye+e8c0gctHyx4JzZ9ZuP6HHExbmkrleo4vPS3qkgQDCHFrJpIkHaYy5seRXosmEieau6t0+ubgk9sXKyxGUDPlGxDyUBdu9XFELydcTyT3wTTM0ttcgDPECkqNfjLEKQMOtQ2ON2LxVXA6jwRj1S5WaxqXdBjfw2XGCpRN1WzV4Z+UO9+AjAt7z+eP4V+7TfdnODcykIN2YyhDmx2ePWYhSglPdYmcCaGaHBHNxe7hSnajTNM1tKG2uhFyVHG6+gX8/01OCcdtMlSckgasHUBxWEGPf/d8SLvmogJlN44wtcOCEhucIJXece6Va791RgwlCNkF/h0Pye1e2ua3sgp7SoXML71kGWHCZxSIUTfKliJWZhJeOJH8DQEFdIltS/5Dpd9X5H9+azY4WtJswC6gDGiVqCGS3DQK5Piij4AHndteGlJm4zRZ6mi5wOLaaade8RgblVBeFTd1hC2JDPGuypYqJ3kOW5TB7KnnCD37eWIllSMy746kT6zTvFmhU/CmorP5XSWXZovY+HQfV6bba6YhJr7Gln1bshpaFnUk3tOFA9NE1zzP3X+Pv2kl6ZWA6eB1hfRBeoO+ctoM+dt8drPoP0TMJ3b/MeXJxODXzfil47QS6k5ts+LjTcwCxNzyjaBcA+t2/q8Hkhs5YFi88Tb0oQQoXgpVXKmWJzMCiUofuS/lo6nVikeLXz1BZQVjntJkpB1FhQZ5QryqHZMndkxTD1a4LMi5yCedaA9wuRjaoPx6kN5ELo8bvVv3HI5xGJdDOaE7HU/NCmZLal1dOmfCFbb/1PdjAe0jHS0Ezqof7wriT8Cm0qu9TZdhntQiRp4YcVqxb1BGyLGeGOdwncLBWwuSncD9iIaFtM38StVvpJQRd8Z506gjZIki/KKxsG096ecVldpQ13kzumwnRywULdlNvOkpBpIWVSjBHCX5Zdeh+OgRQD7DGZBWWlEdM+ZdFZJIB4J9JabjvDNCHNkeXT8TAvguJ6/Ub9BiitVgqgIFcjEMawNmEYz+sDW+duRjNZWji4VM4YGwzULAvCthYpLtgiSDdiS8vLfFF6l0/a21aEFZYN0S5imOlObqVXOZo15EiRZ8bXjnuspfw84pQRnT20bzzoGfJ1v36Z+2+RpWSRiMokU3k4qrtluWPEITnv8d7v187dWGZybeXzPysJz+VNAW/A24JTEZ8Im1ek51apUwUqaluo015xD5cyCntLWWrUce3vN87pcJ2WXDAq3KsyeMtZj2Vn5S68tQXtKkBLskZezS+J+hnZ1Y+DZP8MSzwVt3Q5MBF65jxpkdbbYD22AVLq2cryBUfEKqPAdx1uLeOyfSNWyrEZnSUtTLCNl8CR8H43saHpnab/SJlyGIQXygDxAGv6akpqTK3VKlU5Cg11ttUu0Zfm4/CaNWxTC8JSnf/K03wt1rqw/PxPaEY1p6lyuy+Gn8+2VcOdpWDqMi87xCHP2F8dJBWgQi1uYX05xEZ5Tz3M1slRT/etTI6SLHSGbgvr6T4kCqfxd+OoOrakNiyxWRCYJ6plQcRUEsHCOJbrXGGBwAAIg8AAFBLAwQKAAkAAADmemtIrHDnWBoAAAAOAAAALQAcADAyMTFlN2JjNzg5YjFiY2Y1YzhmYjgwODkyYTYzN2UxLmZpbGVuYW1lLnR4dFVUCQAD4OLiVuDi4lZ1eAsAAQQhAAAABCEAAACS4bRolT63+fDHxmIjscERAy3Z+XSmoTnCnlBLBwiscOdYGgAAAA4AAABQSwECHgMUAAkACADmemtI4lutcYYHAAAiDwAAIAAYAAAAAAABAAAApIEAAAAAMDIxMWU3YmM3ODliMWJjZjVjOGZiODA4OTJhNjM3ZTFVVAUAA+Di4lZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADmemtIrHDnWBoAAAAOAAAALQAYAAAAAAABAAAApIHwBwAAMDIxMWU3YmM3ODliMWJjZjVjOGZiODA4OTJhNjM3ZTEuZmlsZW5hbWUudHh0VVQFAAPg4uJWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAIEIAAAAAA==' AND file:name = 'mail_fBmRht.js' AND file:hashes.MD5 = '0211e7bc789b1bcf5c8fb80892a637e1' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e0-e8c8-4089-a3ad-4966950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:12.000Z" ,
"modified" : "2016-03-11T15:23:12.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'mail_fBmRht.js' AND file:hashes.SHA1 = '2798e72c275f322dabbcf232e48259ee0659f955']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e1-f398-4716-a679-4ca8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:13.000Z" ,
"modified" : "2016-03-11T15:23:13.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'mail_fBmRht.js' AND file:hashes.SHA256 = '6c5dd37064a785f6646921103c7dbbab4ba982ed1de922c50fa768a62188e36d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e2-b448-48b5-999c-48f7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:14.000Z" ,
"modified" : "2016-03-11T15:23:14.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOd6a0gy2hmahwcAACIPAAAgABwAZDFkMGRmYmQzNWRkMTMzOTZmYmFhYmExNDlmNjFkMzRVVAkAA+Li4lbi4uJWdXgLAAEEIQAAAAQhAAAAlkbbsqRG01VOMVBlRGoR3vG6Mg96Mqh5sS8DFFQMvCmmRKx8Dk+vE8Ks7hnGoZGLi4Sozn/F8mzdyajbyEa3cfOmA2Q7xyCxRdxanu4CT7fzvvicF7ogesBNxUfn9LPs8kCMpfAd26EW38Oo0VbNREIMmqP0nQ0mee4Y11oHBIg2ZfeemYx7doptSOR34JnW2VG20TSRCiwLc3z7BoWbAmSERtOwk2VvWfxP/PRGFcNBiznm/VQ+HOYikS3sRG8kqOkaBQFgZ+NTX0H1iiQru5hLbTdhwxy/do3V3oK5nI43SU3h85s8Oa2tJl5R548c1OgECL8Hv3c5LzvBDxifCNil33fPeRyQXr163YuUxra2aLqfFH+zwDb+GXExwVbWSVCqeDMClycL86dxceOSt9+V+OjgE9yzwpIrYwOsD1FONAy9UwRv7+cAujzrR7125bJlmF3jET9AycRu/GG3lHfqKFPCgCqSFl4K5oCgCPMxtAhl7UAL6ooyES34+NV9/zqZWIHVsI2jI7HjRyuVFj8D9oDjgVoSx+uzd1zwDvpGSdKZ1m39KoWRGfeiFmYDWElz7gy3GH1NlMl5Jou7H+S/xkbo85U8gsezv1kI4Xyop5apl7JzQjJZQbSZRUQo9hy2PPDZegRbM2EPbwwpj+f7+x4nCU3m3/ypsIfc8CWTlQk2ClG6X9ppIjuY8sA2hAjWuZNLYRZXs1I9f40Xmk5uH489HBvyjgAZd2w9HbD0bqS/CDydNNYw7jG2KQZXM4XXmyC/UFb6uBu78K6mYrpKnOFk4YTD54JrSfjDbC9LG8BcuBpYW6O9efsUVsJ2usSyPcprsAfB4/yQDLts58vt5LKlNtuPDv46XfkagdTXBK50+463sMeesyZZUDKdA6hmvsC97rkkJzZou/Dj9pk276SOMmizxz5nsy/ojwZ8rjtajaKDmXcIQ9Q/kcxmEaABnrSV6TaLmJ4V9K+uH+eadEBAnH1intk2BEZTbSFMrZfl2FHnnR9VWd0U1x1hBuCa/b0VilVtDYxmnmXDSzudc7JTDHf8fBf9XGy2UhLF9cYEGrzCTzqlEMYT2aTSVa3SkRjh3m7ye5PDw5Bwl4Q8Kz/rIRDDbWJK4X/2L05PtJT9ChTPBOxtULY8m2dcXLPMVlf4V9/xS6qbu4ZyGEzyY9SZZgHXGDlDDkSo/cvCPBMghZTSvHxofZr0L2Auuk39zwQegeDpYPt7iBUZrdd0OzAn9lmEJMaJ0QwP5Xfe/OdWZ3IjRLYZRUI1F4wnERfnQL9RHI9A6GiJhbXNN8bqXYyfPCxJ5k27DbfSvr4f+22UtSlt/qERPFqLHJyvZUgdRuTEBxfwex4RopMkshMj6M1CUmPQ3KVNlPCbdhdKOYn8eqFPf859F6iNs/NuKhdzUxMa97ntLWv6MWEX2ow3SuwiJaEw4k2Ma+TZ/0x7sFuZ8YeJahggp6Vfwbza6bTGmB3py5d4KtLgp3ilPxRQmyjdLrravD9UbLyeBtBSWPG6vGVtmzrhX3MoU6jBnd56vzGQdQMHcKb4SI29EN4Ou6u0zdidnTJMnp+EordOvpqi8b7HnoEVdCjcW3HDoq2Efc+B+OiRduHxrI6aNwwMs1N6RFL6DTa4WDyYs1ZRMQBBq7i7lL+gD4p34Gmh01MTS8rZYxdvd1LG0EDllhHsaoLgqC2T3nQE19XlVR4tH3ez794ZRBLfS5UnyQKOVeZFgefEoQiGx3NjbRardiOTFeJ9YqjIamGyvFWEuG5rqOJEyTO4XjwqWSzc6R03xY/Ul8oRdL3brQxAClACaqoQDyY3LcMFgMVYLdkVVlAycJrb6UNQXIbcgNdB+XcZV8ThMXTInSVb31WwQ+HDI3mBDkKKKBPvg4+4BW/Je4FOvYRJTyVHwEbb0DNcxazWw9VwOgoinyzEZNdOkGX5cFvVTDueP04Yzn+YNPECUQ27CW9PBqWvzKgKFjmwZJ7rZIirJzUra3fBW4moG6ozlwficfGCQj2PmrmQv4j67yhjupd9B38O7OrZONtvir/f5NmPTlSa59Od8GVep91MumXqkL51kNFp7hWHaCw9ShjhK5XxqdYC9QU2ViAhmgMiIh+gcs5Sh+/1KzwMurk+B+0HBg7uYpKQWgs4B+9n3TKUsVRYxE1TzqAXt30fn5qMmGXPdnJhqu3GhvptJcli+lKC/chQAmFi6BC+kNQMBwA+Lq88ekwGc2y+dxcMaM8iLuP7JkG04XpWLmU0N+EbNIftd6C61LrV6zyKs2yIEB8W+ht7ZBTvkfyHdx9T8Q0/UJiu0CiMA3FcAy+ymFW4raJLE1sIvjspGOi5MLE9OcdrFTdHopjOdJTyzPjHTxY/THf5fdtNFGDIgm/SduOrVGAJuGJRh98jTdapuXhck3G/eeRyIVSydFIq60JpLLkarllVTZPz35orO1uQqncJ705oijZKcxLdTAxPi6A4aDb4xgVVOObw0AgxCKK0HrWhyRMNiDJ6f7t1pM+F7oYR3PnTYt2qT1Idp+iLUWQpIVQCE9rm3vCjkYnPO9pncUIxxp5/U3rlQFBLBwgy2hmahwcAACIPAABQSwMECgAJAAAA53prSFxpCFUaAAAADgAAAC0AHABkMWQwZGZiZDM1ZGQxMzM5NmZiYWFiYTE0OWY2MWQzNC5maWxlbmFtZS50eHRVVAkAA+Li4lbi4uJWdXgLAAEEIQAAAAQhAAAAaWFHr8AoGiE3S+obDLbrwnxYH1MdweISQS5QSwcIXGkIVRoAAAAOAAAAUEsBAh4DFAAJAAgA53prSDLaGZqHBwAAIg8AACAAGAAAAAAAAQAAAKSBAAAAAGQxZDBkZmJkMzVkZDEzMzk2ZmJhYWJhMTQ5ZjYxZDM0VVQFAAPi4uJWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA53prSFxpCFUaAAAADgAAAC0AGAAAAAAAAQAAAKSB8QcAAGQxZDBkZmJkMzVkZDEzMzk2ZmJhYWJhMTQ5ZjYxZDM0LmZpbGVuYW1lLnR4dFVUBQAD4uLiVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAACCCAAAAAA=' AND file:name = 'post_NAAljP.js' AND file:hashes.MD5 = 'd1d0dfbd35dd13396fbaaba149f61d34' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e2-e8c4-46c4-9832-49c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:14.000Z" ,
"modified" : "2016-03-11T15:23:14.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'post_NAAljP.js' AND file:hashes.SHA1 = '0435a275bbfc149c331f4b7d9540973c633ffe25']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e3-dc10-42dc-a566-46a1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:15.000Z" ,
"modified" : "2016-03-11T15:23:15.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'post_NAAljP.js' AND file:hashes.SHA256 = '1a9d0655e2a4509fa89cbc842d5e0a8b472c2cf966cb619e36272fe12ea00546']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e4-e4bc-47c3-ac6f-4240950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:16.000Z" ,
"modified" : "2016-03-11T15:23:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOh6a0jg1rCpoQYAAMgPAAAgABwAMDczNGJmNDU4ZDdhNTQ3NmRjZTA3YzU3NTJlNGM2MjBVVAkAA+Ti4lbk4uJWdXgLAAEEIQAAAAQhAAAAlkbbsqRG01VOMV8sVYzKmEtvxUCB18w9cDOSbZ3oRep5eJQWsQkOTFqNTS4XebIA1RBf366e8yqyE+e73jT6sdCALbYus3A66al3hhc+xythnKb9l8XxFM4twOEJuXdb6CEteCvIzYySgFPwELJPDMvEdWclvGtmQATqq7WXWCeAhD47D+W/6G8ZLy3PtlGGLWGGPqpn5gS0Qjn5KoR9qEMY4LlEB9PB2ImDZR4kveiJaCgDmcBrn9BzlkDaaxwgc75zp9DwnkJNpRszh2O+02lKeaGnnxtNzTS3h/Jklx/9as3bmCB7rpJ9yotjLdC41uqcly2YcTn4mtY/QyMePG+O9DF7vS8wvclJHtg1LgWQ/e1a7n3dm3cwc1wdU7BgHkOS9pKuDEvsnaKGoUBCNehBLZUxWWPkr91u91pv7RQs2x4JvvU3uDS685YVpVkGOLP8Ga1iAkKJUXQX7W9t1M1vlr+TZvnQ24X82DGeRNLYes1y5DKbj81GgJlFkWtcLO0+lwTLxWR+rfFDzEqzNDQt7VSih8yftX2tvEKQ+W55UvT/JwFYKjZ2sTuLLccC9WRu8NXoIH7DhjAH1doJqir1/OLW0TiystbCz8sjjzDvdKVcvHP8tK54+Auj4LTNZHlvv7Bs3g9CW0Gn+kQXKLol73hPCDd0BLSETjjkkprZ2BkfgMtMotJZ14YIJzW0On3/0paDt9cAujzIuwTrK2ZEY+LVVoCUP73MkxlezrTwJYDW7mJaxskglWmkCHQhfUwppxETHoHKFP8j2W98S8rWYEm2ppReixEEvtyMpm3B1A9zSsgENUHKLUoL9S16w4WmdMPzmD6mEkNoSNXVgYinVHUVVYa/AWIfz26wGOlEfCcPzcWWijM3yZchyQpCqbNz6vCc7PE2HLLl1keK/oq7iZ4Eg4befACkRmgb7ySeDD1WLt6qtR1LW7LIvFKGqXTQOiJviTEogDLTfx8gv4vuUHppHHmy7VUt9ZWkGM1uUAyKeWxiUTEg9LNhA/6gaozWITj3kZHYWRsVR2fcfCQQYo4wI9MCNKdthIhxFstU2/3j74aGQQjFW3S8ylh0QCFbpHrpHM5yHALOLYFQpZlN0PQfPihnskjHZ4dxD6nSBvhNKs39u2+YaRLtycd8J3QXvwHWEShskHTCqABi5zj+mf/BH9EJ387uXQXqWE+SArDmV7q2kuX/gWVYEVS0yUI4SsrJsHAkb5fCkaw4EYikZh07Vi3A8th6j4KEoxJ71BnwsmTa7H00p+d9Xj6uwJJbbtg24BwkGGdV38+979Y54qITjCkzMvQjNNhRsONLaiwC2W/MbP27hCRxSQiSD3/U4ULs+UXOU6Yn3stT8ZkAWhGV+86g/snkS8NobYgRdLYO0jc8Js/KDYVk0RW+MHry1WX6BU2uyw5xjuBo4zFeJVq09LPlVq1tXaapf1sbT3cx0mrC2gKWLijF5Jb+n6QSOzIEpyY6ArboTD7tOnKUnyWOIpG8ZmEjLbRmaBVN8g6yUK26ae/b+gYHNVJ3BAP6qrzTYEGDszCxPGPWZwqnEUyYKeeLphThXbBuo92EFAdUGxL780WhHa8EwbArufeqq+NMbkNRz34+3vtlH8iYVvvIjTE1v/VxbxJIUGokhnxiWexTrQpdsPt8VQ/J/qhbWhe7DKeV9BU5A0IG0iIqrAiKn8NRLi0GyL6ivm0MU//KoT63FBP3pPk9+rMo8X9eqPaVIH/iV8GFhR9ZiAls7qiZYYmgsyH3nK2rwXjJwqQi+vWVB7hA6s9GOTQkXxmWzUaVy8chbwEu3PkxLQ5Cw4rS07M9/ljjDexD7u/uK6XyAdSg6M8XcjDIw6NZHufpCU5czLae/Rtpx6iKyhvts1/mGMLpExnoKBPaHii1HojPZevsgQ83kDp68xLfT9VsgJ7KSrP+Q4mDq0Gp58Stgy/aah/R4czu2+rZ3w4LhJEpktfrCF9eIQ0N2Wuu27Y1jLjVByFMRmcllHpEcnmz+r/dnt1g06iT7i5bKIWHlI00nZ4sHPfvgZwre+ZAeq5PPGDj1HlokEqkh2OrY3GFKOdJ5LuXdG4MCmqpxMsNHJWn8b9pY45G/oTk6Zm8w/pDi6Lz6znZv4hb/CgtcDVeCpbYrEOKsw0NC/VqauWUT/9MB4sX9q0raqhwUfI6bqOZiiAHXBA+DVf5RwDJjKv8XL6/thbuZwiwugi/cBQxtM8OxuqzRG8SICTpCpT83NWDyv5i94V42KnpECMmYkRQSwcI4NawqaEGAADIDwAAUEsDBAoACQAAAOh6a0i2qJp6MAAAACQAAAAtABwAMDczNGJmNDU4ZDdhNTQ3NmRjZTA3YzU3NTJlNGM2MjAuZmlsZW5hbWUudHh0VVQJAAPk4uJW5OLiVnV4CwABBCEAAAAEIQAAAGlhR6/AKBohN0vlNIEYCcQaSaTgCEQQYp7M3qjJmo9JL5tZO6iCbcrDnyYgfTNbd1BLBwi2qJp6MAAAACQAAABQSwECHgMUAAkACADoemtI4NawqaEGAADIDwAAIAAYAAAAAAABAAAApIEAAAAAMDczNGJmNDU4ZDdhNTQ3NmRjZTA3YzU3NTJlNGM2MjBVVAUAA+Ti4lZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADoemtItqiaejAAAAAkAAAALQAYAAAAAAABAAAApIELBwAAMDczNGJmNDU4ZDdhNTQ3NmRjZTA3YzU3NTJlNGM2MjAuZmlsZW5hbWUudHh0VVQFAAPk4uJWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAALIHAAAAAA==' AND file:name = 'Post_Parcel_Label_id00-335062003#.js' AND file:hashes.MD5 = '0734bf458d7a5476dce07c5752e4c620' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e4-bc2c-4748-9dc5-482e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:16.000Z" ,
"modified" : "2016-03-11T15:23:16.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'Post_Parcel_Label_id00-335062003#.js' AND file:hashes.SHA1 = '8f14eb5933f1451418654f8e79fe1ab933c8a34c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e5-9074-42cc-a04d-4c4b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:17.000Z" ,
"modified" : "2016-03-11T15:23:17.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'Post_Parcel_Label_id00-335062003#.js' AND file:hashes.SHA256 = '182a7d2e2744d6fee97a4aedba1bafbf1df9676f8d00af4841e89c665f933116']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e6-3c7c-4112-8d63-4844950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:18.000Z" ,
"modified" : "2016-03-11T15:23:18.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOl6a0jxrpAAiAcAACIPAAAgABwAODk5YWZjM2VhODQxMDRkNzllZDk5YmVjODY0YmMwY2ZVVAkAA+bi4lbm4uJWdXgLAAEEIQAAAAQhAAAAlkbbsqRG01VOMV68h2ANtLXNlAD6YhohDxmnTN0p8l1r2FGkktpz/T1UTLenrS67KLp3ss5MZuQTEFC5jtV4ILJP1Ubyikal1+XeUKL0IPDxwbNjKgzeR1QxXYPCVZHJ0UHVB3iNEsjolshrCsfoNCd9OKucKzHHNQIwtb9OD0bVilgyjUc+YfxtDz9EPwuU4ZvRHcNtnDY7P84tHvYMoK75GP8OmxEJl42f7y9KgQ/Or73QLOSevuzLdr2Zq4qbo257tpcBGRAh5WYAdr/DA/wnIgwloeXmdkwB3abM/wSstYg9sJWc1h3bfVpPuoN8GIdmB+dGKPE57Z57hSaSp48sh/Si1zLZCNPs1RlUxgiSytuw4tEXw2wcci3Dy7Pga8PTXTgY9fxDuvTGJbMk28mvdf5d9L6ExVUAK0jB6ATQ3JJgmCVw3KdHIgLLPUIq+rzjmO2PoMCESMoM0L5npzZSwddnK5JyZT6j4jOL+tuz3BM6DRZXgEf7U6cujfrcNs6odLjYh80nfXzr87G4/CnDDDHjBaUgV+lpKYCKmmWy4FB6+W+H8sdmKdT8EbCOF4megABI5XZCPyUFBqwgmKBiUnEv26JGZJ60cg3vI/b8Zty2q/snUiCxKUdSq8EF7jD4e74WNFtlBjQruMM6LF2nWQAyjpveTdP1hdnCcL/RYY3ABvvxb7aUvFrYLD4O/lt9+j5xS2Ot225OYOsmTRcC/vcZxrarWfTW3IIT0P9rpvCTW4G5cUCJtGJ3r4vYg9lWn33ZoS9DqHA1mNH7cMmwoIy+hT4yl10A0iUvd6h9c9XLeZYBR0Z5eCoYYZiyyknZeJc0mkoLXiGrJfmt81wJItcoOX/qD5mU7QQKwbfUasNDyLOQ0gsbJAetX9J6lEb1vK0KwPC7maeNsRL3j7bNyU+zDcMiJZkHSRhAplZz5y/nIXg136U4fZkykwoM5xD1WFs2r6hoBzR8UeNPYCgmjJcgPua5+4McGofbispVWLyex+yPwi/hQ40shlcluZPITO3Ku+K02LRjQhInMBMfbkVuFwYtMsf99nwV0tkrelSvOLL2aJfgodh0XOb5X0XJKKu2e2k66dn5GoWHRRPCk8wIw/VHVj+Sia1749BLetVvQFKKqesWeBO2WzBi/i8hMjiJGi6TUXE1A4ENFQ06FnJL5xmKNjqMOGv486bn5AXp59fuSkt8CUxVOx+etyThks9xBx3a6RIjNPVFFQwzex9955N9N7TSFjBGfIOnDva9gWrC2rOal6s7Z+hhUlbr7y/9034iQdcrJgYNV9Bn/4vmcFRfy0H83kPsGWFNEByZ55eVfUUZDzsPDQkDKRlsJersmG1pYmgcCYdduV53az2tonNhDDmCKz9DyWuibD1FtYnM+Uuna9YLI6ED75N+bBWlThPKYFR7ASMEuusHNnIDehVS396HYVLk0CDBgbuQI/w+x4qX2LUk/SsuKUSLs56FKuP6q74ROY5doYCmbjup+N+HQ/2QBUr7+EW8EyJ7bVfpwUO8No1XhCbdwxT38Mff1rFTGvH4SLqSSu8ERuZi8GylMtujJXXnA8ROuYUmKOn3NqnF8pT+wEq5Mxck1nTF6VkrxGXxLyA7k8LJ5+jXwlcdT823jb7isJihpDbMgbkwq7f6KkHgHWYLXBEVY9XNZpujYQytFKXe9wgwUAE0F2WuLRaTaP7iNZhGq/bkRqpwbk9OXS11rFbipSaPUptfxbfGR1m+YJTFe7FlCFVzYhU7WtyfQZJxTA6dsdNm3+xEqVILY0mAv3jVc8ALV3OPb/8YQW/WhkdYIdtbmEvRS0p/S2Yr0rSObU2LS29uRvYmKBER9ObN2uv7hO+q72DGz16D5bYC0YgHIFp2w7297WP976eWjU5wmTgiZEgKixwGwYd8/GnLKZzjU8gbJ7EoyOEtc6KI3XBHN7QIW/XQx4DBfNbaCnvogu3Rvjv/zzSn0wEa2CkwSsD4SlvO5YvK4flIunS2BdJjDzT1UtLlKMm4pyddgp4CjPN+yG7XP1bVQpaCWD8xp9HpftDPXfO5Zc/5ifnZkfsbbEPiWcNuGYzXdgigSGjONYx5qZM5xIHdx5ttuK0jdpwzBh/mBhzWdDrW1Tud9vJoXqKBpUlnKIQnx8DFokFnb7/cmw5U2hyGCog1oMJQQ1n96jUaVH2ePrp1eljKHMXqh3JH8CGQRQHhL+AZSHjlbGRr2S9+2P/mzS+Ax7WyV6KmJ99BOCrTw5/VqOzvefJlE46d8M9jV7neaLx7nlzPHjX1Nv6jtkDEGMvkLXr6gvoCCy+vfn+KbP9GzpGtRgk6gNdDNtUQFy9keGzD+lOJuAlDqccGV/GzRwN7yCws2AbTSJB3TOf6XMgeZ4Ev7ropJtCLwnBEt0PXORLhHHXfWnSdLtDa4X9Bk1wF0qgJEVeH03yAs0zp2qOS+zxZdDy/qwEnP03Bu43M5WXBxfyrCtdE3Shvuf/Rdsklg8BkdB2ZwRSRYPEvbC360UXAI5bBRUtLoJeXkrt20I9M8iIw0GzVgD6NaxmzsCqK167CRSKkdfJbY6n4xn1QSwcI8a6QAIgHAAAiDwAAUEsDBAoACQAAAOl6a0iv38eNGgAAAA4AAAAtABwAODk5YWZjM2VhODQxMDRkNzllZDk5YmVjODY0YmMwY2YuZmlsZW5hbWUudHh0VVQJAAPm4uJW5uLiVnV4CwABBCEAAAAEIQAAAGlhR6/AKBohN0vkoglVyCgQCfb7GMhX36NBUEsHCK/fx40aAAAADgAAAFBLAQIeAxQACQAIAOl6a0jxrpAAiAcAACIPAAAgABgAAAAAAAEAAACkgQAAAAA4OTlhZmMzZWE4NDEwNGQ3OWVkOTliZWM4NjRiYzBjZlVUBQAD5uLiVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAOl6a0iv38eNGgAAAA4AAAAtABgAAAAAAAEAAACkgfIHAAA4OTlhZmMzZWE4NDEwNGQ3OWVkOTliZWM4NjRiYzBjZi5maWxlbmFtZS50eHRVVAUAA+bi4lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAgwgAAAAA' AND file:name = 'post_sfcAwT.js' AND file:hashes.MD5 = '899afc3ea84104d79ed99bec864bc0cf' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e6-6210-4141-b937-47b4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:18.000Z" ,
"modified" : "2016-03-11T15:23:18.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'post_sfcAwT.js' AND file:hashes.SHA1 = 'cc29b9b2400e921149f39e7730b98b564762af79']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e7-d8b8-4c6d-98e4-4ae1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:19.000Z" ,
"modified" : "2016-03-11T15:23:19.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'post_sfcAwT.js' AND file:hashes.SHA256 = '7ad984e6c4f170c82de77d8e0cb3026ddfb86e3d51f1d7168085ddb8ca2aac66']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e8-d23c-4199-8dfd-462e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:20.000Z" ,
"modified" : "2016-03-11T15:23:20.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOp6a0g5ge/PqgYAAIYPAAAgABwAODlkZTNhNWM2NGYzYzQzMjg0NjMyMTc1YTk2YTlmYzZVVAkAA+ji4lbo4uJWdXgLAAEEIQAAAAQhAAAAlkbbsqRG01VOMV2uHUQ3/Gv35SNyIE4H96fn1RMAvg4AZ3C6KTQBHNh8hBxRKLYrwtqji+RYX5QeYFXZwReYRrtMyrMxTXXXp4rgHbmlrnPsDbpI0qZ+i1qHaPL9o9exYJ3S+5VqEIR9H9YBP7Lqf9ONcQcjzDcl7GmfFqBvUJwWMcQrRf5Q/uRcMjV82u/C1lmHM1a146PNxfZK3R0r5Xf9zISW8uaQm1998V9g4XqHvzFaeTORvcyWWhvuRXLnBPsOLa4+2zCWltF9zMe0aheWos3sKVSFYWpKqIHWGxo5BqZl+/isBLhwha0tErGiGhjdKkowwWNPLxxIMDKC9lLF4XFNvpI2yYyW4839W+hy80q7h51sIlRVF+jo64jPahpaq/nN09SAlb0NdbzLkdxXB1t/slbuUA8lfh1/PffVuaruBrT7foQSE/oFj2rOXNa/C5Q9U7LiTPJ7wUQ+pqqEq+WZ61hjF8/UTKIWw4S/kCjXQQbNeLyeEfn56FxZGvuTsohgisHNVo1dREiP3/rBnVLinWoZEU8zFr1LbOJwtYIpv/qMx8WNlQHMayzfF9vEiHuc8pTCnkd9zxbHgIQqdZgN3FGBg37w0VVsMXO7f6PsjN8ybkuwBxguZj32MPYFpcSGAHCso0eWOjtfa58GO1VtToVP4xTdvmLkLsqIL4fszM+Bx8WodB/GlDaNhBJum5VYs/0tH7P7c2RDcra2Le5vpNMJcUoCOOC0mZuJpcOXLpMzLhIAbNnq8BZ7Aqhbj2QF9rc9tx9ByLsd/m1pyzUzat22IDFkGUrguqM7BAK183+rs6/vBMQNOqeI5TTD7VIAK06B6Dlri03300PRBM+cZjZtvpMsehB6s9tnOnw2UnFTLYZ7ZSdqnAiw5VvlnmYfoXtHGGbruaeD8Lo3eHPMeuj9BB0s0Xy9/w13Oor8M3Px/hRBO3QrukzBCxxchTDzss4iyrW7BquceTR5FPPSM0esQINks6fd3XOOPxcSP+3zZoSgjgwEY5FcFv8xPnkGNKbU6K/NxYNK834IqX/TOhWRggjJWtOwTdtzIeoklxD+T5uxTm1afS4NjYvZH+Txwja6H8i1LzzlfQxeJYu4Djz5xbLgUkoOh6879fCT2YDDwayEO8RNi8tCAuCpXEFrBDKW7Xw1GHbgHxWLJcvySMo3EyeUmaN2rifD6/OXsIoMDVwom5+YIV1xaeFVI7GquzAtW/MEJJMT366/iBiTCm9RES9D3xFgeWFj2sT/lTFO5ssi+5zTS0NSPKFpIXWwK28U0e9CgUWw7DUwc48KpzxAL3JFEtcfVXULmLU5r7Y5MFAOF2VOdRl+JQ7iLIfF848UnbBOOhl683BlSQYgErjHaXllHDPWbRmkAKnKbZ/J50FEUuPnZ4pIhyZ8sqRuE4KXA/vet8cpe57QUJTdXGSfzjWDvrBAlrqeJqZztYseFdXFANv7kjGMVOZQyD5b94r9Xf8XUPDuusj5cEnX8ufu0ZfA5RDlgenFct4Hdd+CmTuE857YfYkDB9twRHgDRaD0GLvlpKeKPaJgQ2inE9895vQW3wNiTmPdfQa9MNaZaVS1NsL2LH5FiGrg0z65/6Qx7GQaMu5jzvdX7YyVDVrQFEembeX7/lzn7AjzaGQtllXGSicfwhO5QDn6mbPX3CI6XGRggud6ytX4yBMssSemw1//+zryGnJPrN9mN84OQkfSpP1jtyzy5t0Q+Cvg51nVp3S5JYxYI/X3FG6IDABaVCag3VyN9tAZxbkONUGGtV2CkyEQPvzRr7nn1rHxvFmgx8CiAcoP2kC9B2inbdzmfAdBrvoufWyJJnK3zVxqRDEOR1UfJHE6UY1WmOvJDkLpCsntQZXDSZ6z7tNEiZ9OeBh4Xf1TkmuwhEOVzMaUF5TfWxNBply0jdjEwTQx0dl2rg/URqxvDKPN8PThra7IDafP8xu46dL+0JIiqjNTAHpHwYgRDxkDoUMR/h7f/CZdR4ZAaG5UhAonJZVAbHmU22gN5rFxqe+49I7NVYR1Vn+eCgyYEIyNMxwmDEnvaPYyEJ0csOkMZucWGGRMFP1L7mccIeWfLwoyzp/44akNKP1VLCauu3RrIqlEkg1OpwUpls79/UlRfnCWTctSdr65sjpu2j98vR31TovyX1HCiT8CX+SwnCQo4TVexpBlfOaU1yNSrt2IlqFq5q//dvKfRDUl9tyfNeBS/TeInokcXQHj8IYlsCkZDFaYgDsIA1YuQc34WyqiF+zh9uc2mVOzk3pQSwcIOYHvz6oGAACGDwAAUEsDBAoACQAAAOp6a0iluUKmMQAAACUAAAAtABwAODlkZTNhNWM2NGYzYzQzMjg0NjMyMTc1YTk2YTlmYzYuZmlsZW5hbWUudHh0VVQJAAPo4uJW6OLiVnV4CwABBCEAAAAEIQAAAGlhR6/AKBohN0vn6t7wC3r1o6HLbeNN1g9sxlmD3Qzxd5yF3VVyUrSVBUYg/L6qQFtQSwcIpblCpjEAAAAlAAAAUEsBAh4DFAAJAAgA6nprSDmB78+qBgAAhg8AACAAGAAAAAAAAQAAAKSBAAAAADg5ZGUzYTVjNjRmM2M0MzI4NDYzMjE3NWE5NmE5ZmM2VVQFAAPo4uJWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA6nprSKW5QqYxAAAAJQAAAC0AGAAAAAAAAQAAAKSBFAcAADg5ZGUzYTVjNjRmM2M0MzI4NDYzMjE3NWE5NmE5ZmM2LmZpbGVuYW1lLnR4dFVUBQAD6OLiVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAC8BwAAAAA=' AND file:name = 'Post_Shipment_Case_id00-872879018#.js' AND file:hashes.MD5 = '89de3a5c64f3c43284632175a96a9fc6' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e8-7d60-4215-bf9d-41a9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:20.000Z" ,
"modified" : "2016-03-11T15:23:20.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'Post_Shipment_Case_id00-872879018#.js' AND file:hashes.SHA1 = '416f03b1c838248b42c6ca09905e2c70cf6dbe8c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2e9-f314-4fac-b5a0-4e0d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:21.000Z" ,
"modified" : "2016-03-11T15:23:21.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'Post_Shipment_Case_id00-872879018#.js' AND file:hashes.SHA256 = '8df68a892f75722da88f2634551d8adec138b7d34a1a4ad2b992c180ef1f6307']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2ea-74e4-42be-bf82-4e3d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:22.000Z" ,
"modified" : "2016-03-11T15:23:22.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOt6a0iPWctkvwYAAPAPAAAgABwAZWZlNzYyOTI5MzRmYmY3Y2Y1ZTVjOTVlMDgyZDM3NzJVVAkAA+ri4lbq4uJWdXgLAAEEIQAAAAQhAAAAlkbbsqRG01VOMVy/XDBTzsNEnW/Nh4P5mBBKsM6lfn+UmDqGxbtUZOule+vonNuM6S5DIFuUw2hGpZK4Fqs35MiIco3ngVFHnq6pA7vXNUQec77FP7AUHbpeRjMEDvB4dey5XTbCBN/6uPysqW84Yf/1vSI+1MwkJOLOmdsepDAGOlham2qKC/DVuo+CvDXiHba5Z3M21Jyvzsncyb9noM6EfwB3a4qDeM8oXgHHmN2F4K1uHq7JrqULlQpEspXr9zlLLpMud3BqTOrhhDLKqv+yvm1dX4Rcx13QvEcCxUssSPhZaQnmwBHTB4zjBvTmbQhL7KtK+eYumkP4n2JOUNd/SexInsVTwzCE1sKMT1Y78sioJcHqsvfs1vS2mKBRRNW5FLPCFAK4B21q6lXEA22px6+2MaZtRJtCRZVIF0V0+RwCzOuPhewZn05heRIakFljUAoX3D6PAdSHTlirXxL5U15D9v9krVXPQP6froFugK8UBP98alt+e/TjYSCUUSN2UzsZcTcAqPr7lUhfWjpiRSyXz9Yxs1AKajZB85M14jiJGBXUWp1k9GQjMNTlD6pQYF+DcomCEIsM8GPzb1wjCMW+pQoTI2TN0kK6s5qlcS8oJcyKRazopWJAE9ubKmUZl9LNe95RbuV6Zuh+w1NW3orfThlRegtlY0xtfxjF393KBSo8t6UikvPHyw3pkoP3uNEL8B6vc8WcUdRjl90Awg0smK9qchLwauNr6R8IKGsHfj1TNUHi+RJuP0KX1c0EuYRBTeiBGKQ6oDD45iDNQHJzOd8MXv/ZWWDtRx/Ov/beoqRcSzulc4+1wTK0VvMhbyoR4RGyIGPNEJdKqZSFRt/kTjAkLlFtUCfBzlp7kpwbiRdFK3MHXH5VL8E2h2eVRUREv1oJrk9KzWY0q3UU/IVSbfSIqlEeC4jWptoOwvLJsl2Upswvzu2uqF/w+FOZXfw6jjiCU23Li0/twUGI0vUXwOF2Df5+IJiynGzFeOS+1MjnIFNU+tdpKdXpQ2wAU8GXntac+EF6hrLb21AWguZXl1VoDFQuOIyYosTuAJT0oA0BpGoZFgcEBFVxIazdRMFJR0WYjONrfWCVIrXMk4weFcxkLt0KsmK1C/dxlQ2Ij8h4xPOtUBRCcVDkIHTciM2HZ/P3G7WhMZC5s6gvGyLL4GM5wZvIaw3yUyaNddsXYWXize9bpJ/M3gf9dEBmZoPlhtgRpdJuRQx97RvKIbk8O+w6WfvhZ+B1yv0feM+I4rZWiD37/I/tXCMVhlWRVVWOEq1bEGMjknOfne5lNCMZS9R2l+7BcUr/TjTzUMxilu7DYTjhaLIeJQN/4PyPmg75wmwXAajBFPET2lLPZweBt561mrEVnKPnKPeLX/i9b82B7ohy4f1x0TdiKFi2pxnCYADLmEK878CV4EDWv0ZM0G88FxBdqeiyyQhTfFdEo94bxo+pVmy8sKaxWLimFiBqVJpLu0pHPvW+2yG1+fA72IE3YT/j0WDADXXRkqwEMymQpHILklut93evIJ3Z1Ve8i4geit0tepCX7ZhatrSoq0eO6LVZk2OOm4bz6hyNEOAoNOvt3nhjLC9EIBkxeyvGPzpBKPRB+E/gqygMmR2uyoPxXhTv+wrXqjDZCPFbWneLDhRDJFD0w+P3bZziittc/BG0uA5uZuyw9AS29tOH2DK3Bbw1eRMejGsm7cEzbEBFewhjybDKHFcAn1Tzf7MmuhvT2XZ3oKuN47H9I03jVTe7lehTfyMFXucPCQAPa9lTz/g7DxrMr06epdOm1DKjS5DDCWOAvaDr1HfRHiFwKl5i945ExhdqGKMvWR4s+csV6FKIVK976sTbrZakdqZ8EFCH11lmsxZ2K1Z5HIlRZnngp6L53JxUeeYbqgelLAKfW3dG96p+q4NU/MDPbD8Ce5AOvhrlAP08URuZ37TmEb0jW7fGdyDeEATcWowaqoa24B8XyRmnP/U2B9UY6L4x7TX7yKc+cAn9v/rlYZ1PrzaYupW7slT2j6lyzCVRaPaypLMNoeKLOyeKEUHVjLpwEnAXlT72Ls2t9NLX4rTTxKh3H08vWPYJxjswCyXDOOifopdVqZ7TrrBHERX1NtJzX5eh6bau6NEzrT92IfX8U2ppnQKaJrPXeIEvjDT2Tj/A8QR6fjKajVRbP+V8GzcrimFYUvoiqx8MvGMaT048HSfm/J8ZC23S20BjfoZvG/AiuC2lMFizInGDH7J8N8DHfN1zwCoHm6Q3eyvNFYPdySCS+Jlh84dI21T1/Cxwgy3hCbQwhpVW3TpQSwcIj1nLZL8GAADwDwAAUEsDBAoACQAAAOt6a0j82IQrMQAAACUAAAAtABwAZWZlNzYyOTI5MzRmYmY3Y2Y1ZTVjOTVlMDgyZDM3NzIuZmlsZW5hbWUudHh0VVQJAAPq4uJW6uLiVnV4CwABBCEAAAAEIQAAAGlhR6/AKBohN0vmDWd/+YJgrsYo9b/cexJa2muom3/kJKz2fRMnZkSHcQAyiS5QNPtQSwcI/NiEKzEAAAAlAAAAUEsBAh4DFAAJAAgA63prSI9Zy2S/BgAA8A8AACAAGAAAAAAAAQAAAKSBAAAAAGVmZTc2MjkyOTM0ZmJmN2NmNWU1Yzk1ZTA4MmQzNzcyVVQFAAPq4uJWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA63prSPzYhCsxAAAAJQAAAC0AGAAAAAAAAQAAAKSBKQcAAGVmZTc2MjkyOTM0ZmJmN2NmNWU1Yzk1ZTA4MmQzNzcyLmZpbGVuYW1lLnR4dFVUBQAD6uLiVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAADRBwAAAAA=' AND file:name = 'Post_Tracking_Case_id00-669928694#.js' AND file:hashes.MD5 = 'efe76292934fbf7cf5e5c95e082d3772' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2ea-fe64-4704-b7f6-40c4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:22.000Z" ,
"modified" : "2016-03-11T15:23:22.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'Post_Tracking_Case_id00-669928694#.js' AND file:hashes.SHA1 = 'db717342051f4af5852b1fa289f40e4dbf724d1f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2eb-e60c-4d85-85e6-40c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:23.000Z" ,
"modified" : "2016-03-11T15:23:23.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'Post_Tracking_Case_id00-669928694#.js' AND file:hashes.SHA256 = 'abd224981a03fe7d254c7f0c4ac4411f0f23238a7c7d43fa22e650fdc09e6497']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2ec-a794-4820-b42c-4caa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:24.000Z" ,
"modified" : "2016-03-11T15:23:24.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOx6a0hEFzn/fQcAALoRAAAgABwANzIzNzkxZDQ4NjNiZWE0MTRlNDMwMzVmMTk5OGNjMzhVVAkAA+zi4lbs4uJWdXgLAAEEIQAAAAQhAAAAlkbbsqRG01VOMVv80tsxuzmszK+SKgOgd+meRoMZBAk4QKNsAn2RSnXQr2aiEquFr4tqJ+lC8g5Ei7KiZ7caqrKcMOTd9t6GA+XyveHZWHjOq44L3mucgiWx1MHOr/ajGTEHEKdB6CMHSK9pPVsPKanS2pgvfhIiJJAd2wsxuTOeu9PIIc3TS3sbVUwu1HCPPzlQowHLui/lEGtMa5ossf11gYSNWFU5KODjkj5FgyrWrXdxbSB5SlG9esQlqlaF3usWuFgBeqKk2ZJvGe9oieGA1znrXkeaiQ1lb83tEVxjP9An3wl/YEAfc0AFUp+POBFCEAvtrXcSnwATPDjucKNkWjVXYpMAfdkPpRNJgHRI0LnhGleWwas45iQnbo0YoC9BO8kOhGxmMLaMydX5SXs/+hr86EckRmeWnm9ATjOq2NSBm8FlQXYyy1kWKFERs65iMMTdFF5qBFpmTv00SIjqWSU6X0D0lpC24PsC/LpEuhIzFDQqrcqb27uEiN4u+BCNQ8983LLoTRivPDQWdyENQw9BxWpFRnmE56ss06RQgDjkKSoqOy6LLNZ7X/E9ffk/fuJHzSgvYjuRt4zkscMiZhNxf3+fzPl8dv+SterhMfe6OUF6G46qeoBcpoLvPeXbnE+UoaLL3xxnLLw0D47ukXl12HsdE+ae1Kyl8p9UigjnHXehilKTgaTYdwpfeZyTDXx7oS+UhzQQTWYVSmt3rg3QqP5qgr+EETapO33g/WZsan9zq5uuzRA838tQAuEc0UAY6jufB8fofgOmr/ZohOUWt5KBFC/LjEY6LgnvlcWjbBSq8XehmVBlkOtIV6jEdr7F55hetGC39kOXcTlYBCEJYW0Co+NOBNbH05JLjd746A22ptIp2Z0oFfL0XSBzv/ltA37oG9ZkomFzJ4799YlCmRtBettyH5ZNX1EggApOFy+TKLQseVW9RGTS5UBoa1spNsjxWZCcDUTECXr3qkjCTwkOrxuLUnwk1FmktiDJEOQrFY8Gxhr4mXJVz41qkuogc0wwZXTqFlHPHWhDdxIJz/QjuCM0UDmVqty/BrBE7f414iIE08M7aOmwansKVj6U/NDGaDhRkzBvkSzqMYClzXsXg8i8BI7gPgN8NN+jn0ZMjjo3nlXI8QQVwp0rLpGNstsRdot52dRRikpN6UuZ+dqp6Pj7zBvyWFwLGrIQO5RM82eDpYXlb+I+at7AX3gnQmZD66OjznEyzJ7c9Y/0oocJY9EVr0wJ/WNRe0NZ6B4tVaQJTFUrZjh3fE5bMha4VxMXiUfOXyPz5e8RFkgofBKcb6I2TzZ7BF7ikAK/RPUuinbhDKKvPM+HMb9F2QMo947L169QNqHAOJ/M2RJ/PokY+QecjzMQ4RJuYZmKKpJS1JHa47/q+dnCevPqT406LtaHuBS+V9oXg/aHJyn5MVuO7MZ/mKyKJgaYAy37az/ELRKXeXjFPbCWhw7cZVUenHWgjC7+/on245dkKtTgqcA1lniEUAj/d2QoTWla9weMZaVtvy/x5ptDvvM9a4CEvL7niSFschS5qCbFdbttRRgWRsdM1ItzLgoKZe89ZIwbguIuDryB6z/WXPkt3J1ND8pOK5GV4WHzy3cm22omTdL+KXV1hzV8VxYfS5AiK3RZ4I2aLuaNQ8a72mg/zUJjdfIBpDLVZNecJ/L+4yE/fm8n1sR5j/s8hixt3UAM6HY0B5NVINh0J/KIMUL9awWvy3eg7pR6rg1BnWFCQtVlbvmON9Ep7eiCgMDdk0mbhHJ/leTy/nA9aynAvge66AIXs+A/UdpUSl9b6vA2t2Ynuh3NTDPMi8m574WoHRJudRjGsZ+vgVIo3fhQYSIZT3fGp2JXtncJ61g1hZC4jOZx7geYDqdYcCUoXWZrKDfC78GX2QmdJNMAqATLZtj90wj60ctUEcfKGxazB101YPwG0IRRzJ4NXGGqsVYAjxcQjGtH5LKt3NTgdg3TsjjmUnyfXbequ/mXZKDVq1As0NmvBPA187IEibVHAbSkg8Cnu3QLg2KRxiG5hUNcvr9lf/Kumv60tKASVmTHf7EykT1LYUKdxV3Xj8LSQhbBAQPG2C/2hMUsq2tpXAt/yjjJ66w8bSd1aRwhJoXwq2McADkhGPQ9g42qSC+0Ctd1/Wbbh6xGx36A8yjhqXOJWE8Zjdl3WBc0S4ZT0Vs3xqw45rDTF1NdModwUbXb7XjQSP52u/x1U1Nk1QpYxm5Z2bXgdUlyi5LFnmaB5kl7lPYWa8FUPLlvKXaRr7nYf/ufEJ2SvwDr4VtOaqs7uHRlqp3TyodmQ3uGfRzJNF980txadPuQD29G5MkdMk5CsI0PtEXbvv9tFx6QX/wpzqMijGHI3spS+4/GyyfmKN8MwBOBs1yPohqo+msijb6mXlQZUIy6Rpz0XtSg2fAkLph/ndA4ApvU8THyRJB1g0Zc2sJf/TPDz5D7++6esOyJdXyyAX9PAx9J7cle+9XjwErXzsCOm22YDJFpncFZnvQfOJPaX99Z7BxlRzLx5cj5gL6bRxAPf0+ojxuakQUYUEsHCEQXOf99BwAAuhEAAFBLAwQKAAkAAADsemtI4xm3lzEAAAAlAAAALQAcADcyMzc5MWQ0ODYzYmVhNDE0ZTQzMDM1ZjE5OThjYzM4LmZpbGVuYW1lLnR4dFVUCQAD7OLiVuzi4lZ1eAsAAQQhAAAABCEAAABpYUevwCgaITdL4ff6SQXcWDghI4TNTDdWL4Gy/bQqcdKnhMPG5I65Fkxyf73BSprBUEsHCOMZt5cxAAAAJQAAAFBLAQIeAxQACQAIAOx6a0hEFzn/fQcAALoRAAAgABgAAAAAAAEAAACkgQAAAAA3MjM3OTFkNDg2M2JlYTQxNGU0MzAzNWYxOTk4Y2MzOFVUBQAD7OLiVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAOx6a0jjGbeXMQAAACUAAAAtABgAAAAAAAEAAACkgecHAAA3MjM3OTFkNDg2M2JlYTQxNGU0MzAzNWYxOTk4Y2MzOC5maWxlbmFtZS50eHRVVAUAA+zi4lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAjwgAAAAA' AND file:name = 'Post_Tracking_Case_id00-670423294#.js' AND file:hashes.MD5 = '723791d4863bea414e43035f1998cc38' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2ed-b874-4cf2-8cb4-4f6d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:25.000Z" ,
"modified" : "2016-03-11T15:23:25.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'Post_Tracking_Case_id00-670423294#.js' AND file:hashes.SHA1 = '0acb215872d8796c11c859c2f2cb6bfb3337bb0b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2ed-c398-4414-aee0-40d8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:25.000Z" ,
"modified" : "2016-03-11T15:23:25.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'Post_Tracking_Case_id00-670423294#.js' AND file:hashes.SHA256 = '11e8df42ed046221c90d81b93daeb46dd209abe35dee9048218f9f1ebd5275fd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2ee-0d40-4330-9104-4174950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:26.000Z" ,
"modified" : "2016-03-11T15:23:26.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAO16a0gM8oOUaAcAAAkRAAAgABwAMjJmZjUyMWI1YTg0NTFiZjE1MzBiZDBiZmQzZTdhOGJVVAkAA+7i4lbu4uJWdXgLAAEEIQAAAAQhAAAAlkbbsqRG01VOMVoO85LnJs5dk/9Fsl/2R1k+NHz4gy6XQFX9n11ZZinJNiaLUD791YX1yu2d6bd7MOn7m99k0InhsIRQvDEZGAfSA8HJrPPetJABkvXvLZkRKkz9gMhuJ+QJYfPqdQIgJO08xClGISSJOJe30JYewfKV9ZdD8E3XJ7zF2+L+5ntERRzGSBJYul0JRYo1GmOTKWiXgUZ1rexTx2YqHdWtuPgFZRkkopLQh6OAt94S0yulzoOOfk1GmuRZiBP0OUTNZ/kovlU9Fa8mnKMuTx9nemk+st0W0ppzmnljq4DW7mKtrx2VnU7bldWHDenNdkTWQRqCiavU8Qz0dMNww5UUqxWm/scLl9xCbERIN8S+6fKW7e9tdw4rpeZgJTF/2mBYAUV6KZgSRbkKE5LxvtIon0L8HEFsqvYsquuAk+85aoUuTj8vZdZY9iJ3IqM2vzJl59eihSCrTDbdj9BgzcYaHw3/ejuQ4dmJdwaOeGhXeVzC6KL74RrZofiy0z/XU48QBP4tltKw6xJSauNUD/noIOX92GWr5tfqaAa/OPgTB7jgYJVqArhbIt9nNvs7fIsDCYnTN7PK506E+ToR9MM5HheXOCriImcB0W8T8ajuvdwOk7z/0Z2/IrFei+a3DYt7HLkewXTFnhJ1zVcnuKgf0U6TrMhDH5Dw3EWEs8p1rRQ8lUZZ3iopxNUhmGPQCUHjqL8lHBzkHgsOZ6rGEOSi8tkw2qH9lSeNBuGNfwI7afbcbdXtUUF0dQFsDWkawWvlG8yi5o+IGKbUF4+GludTI63EwBhPaC+a5OJX2XN3CXBJcRpQHoAmypnn6/0Xm0aRTi6lP7aRiIdeS47cN2JMgq/SJXjAdLHgFgmETeFi47U7tlJ8eydvlmBX2KQbOZ96Spb8zJ+aalF0m/3/OypaOOC2Z47KGnetMAA51bt5nKqfIniHXlPTiSlzdexCzeKEDkcMKO5U5jUiUMnwursaQZUcOZg2Snlt8qpdCgGOeK8TYQTr3+K1AsKLKQ0BpamXn9Kd4IP9VlxNSBg4WQQYIqjvmiAsx8H/auBJNPNQGMCCcoICbJkKrUE0D5KxpUng42dawsONW+gmtNTdszBHf/prSzmIkjH0IpbQ2eklKVyuYn7f5jCo+nOgtAaLP7axAEupS0VTmMNZu7OC3QeEOAbJZE//qdexIukN1Civtma7bQoOWzYIxiOVMhDjvbmoVhjitkV3/h4Y3J3xcb3AwyKrAmOjDBaNd+NXaomLFnc1qsA7HiFcmB35XgOB5K99iy7bdfHTPyDhmTuW0ShAWJSHU2fAheE57tKii9CA44pzMCNp+dLsmjDSu4KSR1ICtnxj+DAIRok+PfWrR3ohhNaJBmwmb86JYpEgxXdPibh3F2kNiaIxgGwkOHkoeP5SAil+W48CLjKM9z9C+jvtUktYxm1/ogCUYdMuRk6D+9U+Z8lQYkoT4tNT1WvCpYvhaf3kioO19fiQw+0uB5JZh3wwzGjEsOmUHbg7QViAdcBWR/LdP7vbUCMmvok0+73wlAVc3aOIwTgpERG6jKwEPI+6XBZVsEH97TuOhJtNN4IvRfXhNLjDpPR8CMF4+qOJUx3z9T56hCv5QFrz89XbfCiXSgJjL/mErF5T0hUalPnI8BfyoPtrP3rE3V4Q0hAo/cqvPoOaHaCusvf5xRB/KpihVb77Z6lnf7w+LADFEQrE7/ESPbdQEW7rmz6t2AqDcNElV7S0cVQf7qsRfALsZNXAhyTF5aXNwHm4TCef5aROosVYXpPBRYw5lr0q0FTWcVdfHDoISYJakUcwv6q0KYp1zxDbGTNnAjvG5E8+aTTtVYYHiLjSrqwweV0bEJHlP4xMdGoLw3XJZzlUxUM6cCkQlh7MOaUgY6ji9WkrrwMZoMx647EGas0mYZYIJgE/45v858vRBfPJKPWivIMLiqvhYLrlPT3LPyMsuIcoph6rAwqTi3z4Ie3fVhtMoQXoOybpwlBJtVdq+Qzi01mPM/cwpBT9ScVVSfMmX/c4aabfbBVHm67tGNy1kjiFXlBektKbywcOVaGXGp8HgqpZnSRwSN/T6Msi4o8LE3BpAZ0YWm2DwoL885tANbiHm+kta0J97t02FMWjHePdWXXZXPGifncw+6XAmx3WWPGhY0zEe0MQ9ERDrUIx7Wjb445s8+eMLTrdA8FFkVGtx2N7ZN8+8dsPedgThUEHstAjR0JffJGX//n0fKNGUN96Rmr7dEpAV4Qi3+Oq4Mu87MAAWiCjyAqS1K4IAyB0L/7XVnZJiOPUSkbGR+pn7KnBhpf0suPCecqA2sVZuqdGPwKxN9uhWbPAnHnh/lAlnK++Xvrx0P/yN/RWH0jz4zMTAE994NZH91IDQdMhiWu9Gw/t32PBTlj1GZtid63R8wFJcLtAUFIBCK/0QYrjxhSMm2Wz/NqErRRtowufZQGB1ipnSmKrQFQLu5eOKdgLx1ca8MYMPUhWmOYqZAyeVeQI25JZNruTKz8aipq6Cx1Rue06UEsHCAzyg5RoBwAACREAAFBLAwQKAAkAAADtemtINftRExoAAAAOAAAALQAcADIyZmY1MjFiNWE4NDUxYmYxNTMwYmQwYmZkM2U3YThiLmZpbGVuYW1lLnR4dFVUCQAD7uLiVu7i4lZ1eAsAAQQhAAAABCEAAABpYUevwCgaITdL4E6hsjujfchleu1OAGCXf1BLBwg1+1ETGgAAAA4AAABQSwECHgMUAAkACADtemtIDPKDlGgHAAAJEQAAIAAYAAAAAAABAAAApIEAAAAAMjJmZjUyMWI1YTg0NTFiZjE1MzBiZDBiZmQzZTdhOGJVVAUAA+7i4lZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADtemtINftRExoAAAAOAAAALQAYAAAAAAABAAAApIHSBwAAMjJmZjUyMWI1YTg0NTFiZjE1MzBiZDBiZmQzZTdhOGIuZmlsZW5hbWUudHh0VVQFAAPu4uJWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGMIAAAAAA==' AND file:name = 'q.076022356.js' AND file:hashes.MD5 = '22ff521b5a8451bf1530bd0bfd3e7a8b' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2ef-2ed8-49ab-8edf-4790950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:27.000Z" ,
"modified" : "2016-03-11T15:23:27.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'q.076022356.js' AND file:hashes.SHA1 = '90af44af367c811f42755b7da1679167e5bced44']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2ef-93f0-4b5c-a152-4468950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:27.000Z" ,
"modified" : "2016-03-11T15:23:27.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'q.076022356.js' AND file:hashes.SHA256 = 'a52738b57d91f92f70f7a24a65673182ed250de11c964383bf0c8095ff0a588a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2f0-bce4-461b-8ba4-4225950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:28.000Z" ,
"modified" : "2016-03-11T15:23:28.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAO56a0gb3ub2KAcAAA0RAAAgABwAZjY5YTM2ZWNjYTRlYmZkNzdiMTk1ZGY1NTRjOTZmYjdVVAkAA/Di4lbw4uJWdXgLAAEEIQAAAAQhAAAAlkbbsqRG01VOMVmA7aq7SrNhDjRptHOfj+yif3i2p53o+Lcg4KXRVq5PnXXB8jymq6kbF1PMzWylcVQBzF4q3iA/W2GAcgkRlRJzyWy5sWBzEzk9E+XSescnoP6Fgw0pOIN50TKyDzzhjBt4l6hWzolnl2qIyTYQOqHOKHYoeIf27pzkgBH0su098yznkBFj/ZYYvYY9HRflR/BikU3kvDEQbPLeHphj1HxFYMWPauBMV37gcxfdKt6gioVLJd0wJJ2ioQzQEi3e+lQa/R0wkoA4qtQ05XRHWMp++5jDYthRAUUDlD8HaCfITZ3V/IfGqyqIs48Qr7j6R6cmGpF84IB0bY/P/MioIwAPS22foa5JtFVhEfGmSwf/ivCvgylQsPHMswL51bTsi392aRkEFOPSSjHy5tq0CkYJml4JRroi01jnIGXg8OkfF08+bekXyMurxpCuCbHEaTM4cu21WK7Nqonzkhssl/WcOon/bKtzti0rafr28vGXKV8KOWjq3+2dHQ1S3PWOVstWzItpg7TCF7b4qpB5Pa4hLz7kcU88LRmnodvaD/RsPf5YrfsQHIbHr6ZB1HeyOf0i/eSqvvMSsmmMCs1XsjaEAla43HG8IoZeH33XhxWnvybG5wJtFmz+W6kRzFwot/g5UcqbdK1d833A/h/iWWpOe+E7dw+opt5syauHiX36YcE++oLI8A2GvSqrxYgkH2Z6dYxUq9I49y/nU5OJowSxLb5wm12qQtELbOfp3dQq2peSYHMnb3GyHXxpHZIUgLMDperCRgLjFMLrmJC6KPFHlrebDUpBE8K1oRSo9hf4FE8zANrCnerOHn00tWHYV/9iFcop446BArCpu4/JcgdVTEEmftxplyyKX3mLH8v5tgIXc8c1cRZtwF7gz7LHYBpL4HvrIYdJyq3iQLcCyl7Nb2uRtffyUeGZpFy8PPMI78hqWYifh36zS0kGTTHZEa7nggutl7b/pzh8YZYT2brQ5uY6OHzETth+o8/7MSpVVoPdXKBDNL8orSzFRJlsw7OrqJTUMpo5FpJrb5BYxlNxueDi3UtPrUNaeSluLnDdj26jEahwwFMq2zyzkwMzAoON6LjqmNCp0kRDq9u5+58xuGuIQlr6AtgND7ZpIu9xEdk/PgwL3oktwot3uaSg5T3I/8eLJZgsqFe+BVEJ8REr3b9Fy4hA5UjmnV5c7aKiSx3AQOxEHU6Z/AP5z5s375N44rZmUxjBt8oTcCtSV7BliRKcLEgcSUngO6cnhKt3u5a0uvTV6hKpAkBISwJ4EOAxgoE4Zp9PKQPZqLJ6J6QSzJsuRQMRqBUbma0CGkKTpp9nK4xAAQcPMYAhB9WW2EeNixshhekKSVkBHwR1sHsQrvOAyktuBWAQFWw02CLnKWmPkq2okC3H9RnKaCxOGGXvJMRhhfB4EEVElH0pUoiMJ3chHqno5wnC0u9YLyR1Yf3RpquO+PpthrNoxJ6SndKjHaMs/UC3GUD6HOcxXoIBmpbrkjCSE65Dm55EF2EryAZTfO0tonZPIGj3MSrCBHX3TapGCS6ZHHo+ZASihrGnDRKtmy1Bah1Mat/LoyWFfFx30gtA9tL2//Ho4Qdf02vw0/mAha9FdHYTGaltlDKTW7Bak0ASlDByMVxUCWQSppjhRHtI1wSB/PZrNuWTrxuemObYiLITuSaypBxclLkXdsDrkUN6m+sKpp/dih5ceW/+OFTXb3WQ2sqFGdUhx1eBYL84P4loIFregU5p4ZC6vCf69N+DBVDc2lf+4vwNAvHJteXCccNS+PMnqGzwWWa40QaoGCr7YsC3rO+OgOA4T/YfRarYlHSCEFLJKaRywmJm+mdjb4L1TbvRVcBuW9mCl8bR4qhDTJdBqpIUTb6J6N9QD0u4gLF+vPJ/yNQhl43nR0nManwQodRnP2Skk/+77O82fM+zi+mjXGErGNBI4Zsu7VsL2+Ej1dci+K/jlj7XgIRp/tcpr7MXjK9ZwIMR/DS75c2GByDjEqGhCHqiekvS0WK9dAfkTLwzdsILw1C/3paTAEEYpX/Ta3aEw4YN549zVuap2XcgTM+ky7NEbAmHNKqDiEJApj9urJGbULM7zKkIhngPJdIoPCFbVkXUi6Tx4u4UeBfxOHJYGQfPiI15lRdejMEIqNuFVh2/pc0tmsx8dajLhCxbf9LUcoPJJEVaZ9wvkv/x1vnlxFiQiUSVwc1BIgl+JcN+yRQlCR1MLSJKeY0wLnrUMf85fLliBetbmDZhueS95vFqga4fN/lro8BHkc55OgxgFKn2mK8qVV3twmnJDNCEZpBW61Nc2470+Yc9lPwAXkU6mXkMA8B91HabnKcvkGo6ROBTQCoicNDqI7O0HheLlNn3fd0pJRTn2UD5tJwoBJBImotfBuEa+gT1sQdN0EF2VMdBbgfkakAi9cTKuObuDNJQSwcIG97m9igHAAANEQAAUEsDBAoACQAAAO56a0gBSdmaGgAAAA4AAAAtABwAZjY5YTM2ZWNjYTRlYmZkNzdiMTk1ZGY1NTRjOTZmYjcuZmlsZW5hbWUudHh0VVQJAAPw4uJW8OLiVnV4CwABBCEAAAAEIQAAAGlhR6/AKBohN0vjDMBqP8XhXckGDg5cQsZuUEsHCAFJ2ZoaAAAADgAAAFBLAQIeAxQACQAIAO56a0gb3ub2KAcAAA0RAAAgABgAAAAAAAEAAACkgQAAAABmNjlhMzZlY2NhNGViZmQ3N2IxOTVkZjU1NGM5NmZiN1VUBQAD8OLiVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAO56a0gBSdmaGgAAAA4AAAAtABgAAAAAAAEAAACkgZIHAABmNjlhMzZlY2NhNGViZmQ3N2IxOTVkZjU1NGM5NmZiNy5maWxlbmFtZS50eHRVVAUAA/Di4lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAIwgAAAAA' AND file:name = 'q.522501656.js' AND file:hashes.MD5 = 'f69a36ecca4ebfd77b195df554c96fb7' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2f1-4c4c-4617-918f-462e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:29.000Z" ,
"modified" : "2016-03-11T15:23:29.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'q.522501656.js' AND file:hashes.SHA1 = 'd532294db70ee1dabf923f1494085aac8212818c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e2f1-ef5c-4882-bbcd-4545950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:23:29.000Z" ,
"modified" : "2016-03-11T15:23:29.000Z" ,
"description" : "unique .js file" ,
"pattern" : "[file:name = 'q.522501656.js' AND file:hashes.SHA256 = 'ade66be0355a4ea01f4a84241726f337a86be41da8b86348d04e68a99da74529']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:23:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4de-52b0-43e6-bc64-4ed4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:42.000Z" ,
"modified" : "2016-03-11T15:31:42.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P V 7 a 0 h Y 4 c b r 9 N 0 B A A A 2 A w A g A B w A M z B j O G Y 3 Y m Z h Y j N m Z G N k Z G I 3 O D Y 1 Y m F l N D h j Z T A 4 Z T F V V A k A A 97 k 4 l b e 5 O J W d X g L A A E E I Q A A A A Q h A A A A 1 e q E m 4 w V y R j c W u l M W C k 0 a x l V L P C j x 5 h b L q Y + S e z x B H s h Z w Q S S c p a A o J 0 8 b v S Y M Q 1 N X b z k u P 9 y E b r W 3 w L P F 24 k d 7 + L r E p 6 s 8 y n 0 O q B H s J Q 1 w J z T 1 k J s J G y i 6 Z F Y n 80 J o C k o F S 0 2 l x b O z F H 2 N 5 P q Y j n s d q k F i F r 4 i 5 x 2 a x 8 P R O L a d R w B A d 9 E + p R b I h W h Y x d S i L i o + j V s E P L f r e O I F S B J i G F w 6 j q v W l o Y 3 e j Z m d h R I + l x a a k 5 j l 11 a g 4 C w b A V 6 M Y t D h U 7 k I k Z i C T r d r U Y p Z 9 r k 8 / 3 X L 9 B a / D P 0 F v D R k C V s 0 D b H C f d z h E e l 7 L e Y 11 V H F v k F f M A 1 R W r K F C h i J X J O y s d Z i m 9 T M d S 9 k N L e t p I r Q g V h l x B T b F d + R + C H d W C D J y A M E m j o U Z o E l r h 6 N P 5 n i r s P / 4 h X a s m 9 H O y 4 P u T T 3 c F b K G g + a j G r 8e7 V V t p X X a 2 R u V 8 Z c N z 0 M j I r W S Q F F c N f o Y 28 J O 5 P N 4 T 0 o 3 N 8 B n k D k 9 I U Y g 2 s w P 3 Y p t P Z V 1 g s 1 G q L t 9 R g h 3 y R A 3 g Y H x b 0 G d x 37 e f K x m 2 G 1 w / Y C b t E I E 7 M r l 3 p / n / y o s e k Z N L d 3 J B I 5 r J 3 C 75 T Y l 32 L 26 / w b z C L 2 w H k C 90 V 97 P Y J C y + U v 1 i l w l X M 3 h A j e 6 e R Q G 4 Q G k q L + U A r q 2 l G s K I M / i z N j 9e8 g z a v y B t r L P d 5 O y 0 E M C K g p K 3 O l 6 C p 0 p 6 b 0 T 99 d N 4 J Z p n G h S r L s O e N b 2 R f P 5 I E / O 7 r w a b m 5 L X 7 z J T i G j 1 N E T O b M 9 V 62 F k 7 q 6 v V q 644 Q k N p 2 N K j 1 u 8 T z + 47 X h 0 k N E C x i j H 0 8 O w v h K 2 T P l N 4 F t V e b G w a b K r x H Q e q 3 l S O T Q 8 u G M f N V q k l m t w a A + f R S L 2 f S y 8 z / r 0 49 o c c z i o w o 57 W t c + h L N o a U 5 y X A q 9 E c N C G o L b A V p P l b y L 17 N t A j 8 Z u c R q v 3 U P S n 7 e v t k d D f s e T X N I c M 5 G U I B 3 d K W D v f v s x P e f P e r R d w O s v 16 B w 2 w r + r h h x R 0 F h D b + j n 9 r k c T 6 j R n j o a t U V J / n t P I y u o Z o y u X w A J a 5 Y M 73 d C P O D L 21 k z 3 s / C o P i x c K V u D w 21 K a B h n m D s R o q e Q g C p y N 9 H k X a B 0 K T a V X p C E A Q 7 y B T e o q M G R e t j 6 m N B y n E c h 0 0 X D U Q A o n N v m g z R H O W i S u 6 v w J e 2 i M p e E 8 V O I e m Q i G X A m Q B R C 0 w R F h C p 4 s 493 T p R k i C q 1 g 1 k N W S P d J z c C Z J M i M J / X A Z w 5 X V v M C l X f y 2 n O F V 8 Q I j r e X d c a s y T r J M f k r O Q G T W u / u C c S k v z j r 3 w i 0 v 5 Z I 2 o G 1 U j T E S K g m V k m 8 m B i Q G y k Z H y n P l B d T M u k F l + n F p s 5 d 7 f F B 314 i f K N u D e h X w F U 7 O E R W 3 P h 4 i P r s E + c m 3 P D v a b O V a F n h p o T W h n q 9 D z p K Y E J l c 7 n 2 W h F h K Z v J a u M 6 l b 6 J P X K J e A u 9 a 5 f P t t K g W s h w J x 9 X U O G A I H J t l p 4 f y O N 92 C C U 5 P c o c o w k f k i + x s 4 c E j / j u A 5 Q V W r i X n h F + r S 1 y W T k U b D k 6 s f E g / 1 z Z e f p 5 b I f j 0 S C C a O / F u X h m d J M s m E a n c n P J p Q V w F u L i C j T 6 F G R 86 h 8 y x T R / k O W U B M I 83 a S J b M 0 N S n Y / 54 e d z J H U M C q y M M u p z M I S h 2 u X Z I U W q 1 i E b C 8 j c u P b p o / T L P P n Z V T 3 j F 4 H y K d 4 s 6 v Q v D t j r V q H 4 f R X j w g o 4 R h w s d f a v m c M / c o + s e k c r y + F E S t l G q L f Q R W s R E A 6 y b f f d A F V y y b T t K Q r c V I R L v 77 b C 8 f h o k G + T / e h 1 b C N L b j U P s s W O F l r n p r Y / p d 2 L E g z C O P l S I i z W V A C x L + K + h Q E A H w a O F y y 4 A a g 69 f 9 h v W r V l F 8 + x J R c V M b D e v c 9 Y i 0 7 N c M 1 s e b T 67 x / s e C J L J L f e L 1 D P J o C K f G F Q n B o t O m 90 f x 3 K C s Y 2 F q 2 C E X X M P K T Q X 9 i K V q i 6 n j c w C V q N l t C D U H w i b f w J z 66 x A / T U r i x n w K N 5 f / S 8 K g c a o V g d Q J q y t J p q + k r n S 3 A o / 7 Y q C / J r p l / 7 D S W l b 9 W e z d r 65 N w V F + l 3 q j w j Z 7 n 9 i K 357 k A d w W K 2 D K z 3 A S C N T k l n V 6 v y o R N R + M c g e 1 i G 4 B J S i F 17 U p f 9 O A 8 N V F g s E X J s 9 I M 7 k 1 G I L P G 7 y / v S 9 o j 3 y Q 7 W S 6 v F n J 9 N Y 3 u R i p s G T N h d 4 m k t i D o y k J 3 p L H 3 K p K J 7 j I e G g e Y 9 x u Y q V 9 a W 5 / z v O b 563 M 1 + 4 Y I z V c K 4 l R X F c M e h L i 7 j 9 X 2 a t 0 / T O m e R O l A / O H U l I J m n Q x N T P t d 7 d Z X z 4 v h J W D 8 s 0 Y b 2 u a + 0 r r N o m z P q J 8 f F I 59 k y D 7 h 57 + G n g 8 F 1 p 2 r A n a a P n 83 I H t S w T 6 E j u p z U B F g + d d n m 7 N L P 5 b 4 Y Z q u M N C q Q M e 6 F A r w y t R k u e Q 7 R L e X U E J P i I A i M w z p i 5 e Y k C 9 A M 7 A D 0 Y M R y b B s B I Q z n 4 S 5 c t J k I Y y b o X + G v a T 5 m 8 o y P 3 O C / C H m n n s 6 E x Y r / 6 S 8 C p m k N H x 6 e D K P k R l Z i a Z J W H U K W s 3 C 9 C t 6 + D X H y d 2 R 8 b w 81 V j g 2 y m 15 / 8 + H n B R 5 q B J F T 28 s P J + i 8 / X M e d d 0 Y G A 8 U T H q 3 o T + s L D k z z L n P Z C Z w B V 6 i T u g q 64 N Q I 0 S U B T c e b J W u s n S k T 0 M x G Z n Q E Y o N k / + S 7 E k 2 o 38 k i m / Y u A x G 3 b 6 c 13 / g / R r W u N I p b 9 k l 0 G X E 1 H i V U X Y y q Z N T E q P K / 9 E I f u K v f q s i 4 d e Y c 9 p F v n S k o R H + A F 83 x X N k z b g 2 T h 5 k h o S q i 4 E P J x + I o L E M F P m f D H h 8 F 8 D C Z c C 3 M L k q 52 / o J d e 0 d L r + J s E b T H h K d U q p S V r u C F W 5 I O L g 0 O 9 w K f s 6 C O K l 1 B p p p 5 G L 68 h 6 f K Z 5 C g O I e C S a z L I 0 n t z E u T d A 1 N 8 n e o r 1 / s e I S 0 f 1 u F 5 o X p M O y Q k j 9 c V p E x B z + u B P 7 A c Z V f J R J e A 6 l A G Q 67 h x i + Y 3 d v 1 W 0 7 V h 5 N 6 H T V Q x T Y W a d J K p T K 20 H j o T r z K F U A R w w X e t a s n 4 + I V c f 7 n U 1 b H 6 v q S V q v C b G 0 y I E P B R U y e w a t i A x H 5 G g h e Q 3 e X e p l p e 0 8 y o M C g k l O P a z 49 U y E C 8 I G x I r y 8 e D Z f / 8 t b f H Q D W I 7 I m 2 b 97 v M R p F 5 Y X e u Q 9 N Y D I X p 9 G 95 M Z I p e 9 D l e S j F h U J G g I i d R m n t f o K s M u 9 I q M b c n C 9 h 5 S + y K O r s X y 9 l Z 7 m z X d j 1 K V H W 4 Z y V S 9 Y Y x j W S q H p U Z 7 D r O h D B M s I F L l W D 7 w 7 f 5 C 7 l I O t q W X 7 u H Z x + 9 w h L S 3 A Z N F / M S C 2 A c c G E l 2 F D x + w Q P H q M c z D V J c Q F s 0 98 U 3 E K n P T C J n 9 e p m T x W q T + e + P l z f n g s B H 4 X q v 4 w 1 B D + z E J t r A J 3 y 0 F H M f T d l k t Y V 9 m 4 d Y D q w N q B B w U O 7 q 0 e D T j 8 t T m k C h J 6 V S X n T 75 j g C T D s C c + K a s m G g Q e V d Q e n q / 7 v g h B D a r 0 o 3 o M H s F u 6 e W T + 9 T O l F D 8 N 2 N t k f z t A / J g 5 i + 2 N c + x 5 F f 1 q d C 9 w e D 4 o T 92 s u r v D 1 + 1 R + h C j b A V 9 H 98 d 4 X b y X z b / 72 e P b U E o F q 7 i c C 1 h 3 v h s + j 1 R d s T g E Q p P y 68 C E 0 T 8 K G i L Q F q p H p K i i R 29 r d c 7 A y K / Z B G 1 e t v k p f J W + 5 X m A l c E B y S z o 2 H K 7 E X E f F P B J B t 5 V 86 D W V L h g e 9 G + 9 O M o V + A G b O i D 72 f U G H a K 8 c J O E k y + g G T E Y I C e Q l E n f 8 U + / v c 4 x P i + m z z r m q b 4 r 9 g u e t w P T J K h N X B n O G v E Y R C 7 C 3 v N H P 9 f n y m E W / 6 K J b j z z I 2 W 6 m E A 79 E f 9 Z d 9 r 9 n 2 N j J s 0 j + M v 9 q f J z l 60 P S H y / y U t 185 a Z 4 y K P / 6 V H N l W t x M g c 19 l f 9 Z S Y o N Q D 0 T z Z Z R I Q 5 F l N v M E q 0 a q M k g / C V G h 5 b S N I + + 3 s P u 15 q b Q T / p 6 I 4 C d E g l s r m 6 A R L g O i o I F B / Y l 3 y E d P k j c 0 o D Z n j 9 I l z p p 8 r k U j z z c J P x c B r V p a M p / I k X z m I a 50 A K d W f N 6 D W h X i 55 Y f n J x g a F 5 B H R 2 k h Q T v m j e g G x k 3 P A 46 q o U s 4 r u z G 8 z g j n s 9 Y C u R U b h r + a E 7 q I i X 5 R 2 s C Y 2 J x g 2 p S N y c W v C n u m T o i M R P s / 1 F 5 e u O v v w g k I f H g 8 X F n m O 0 t i a i P k g R l C f v n S n E C m T t x O f 8 d N b w L T n T a
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4df-20a8-4f3f-815e-44b9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:43.000Z" ,
"modified" : "2016-03-11T15:31:43.000Z" ,
"pattern" : "[file:name = '08h867g5' AND file:hashes.SHA1 = '7f55862138081352125e9b60a27a06c3b39d8523']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4df-69f8-45a7-97b5-4908950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:43.000Z" ,
"modified" : "2016-03-11T15:31:43.000Z" ,
"pattern" : "[file:name = '08h867g5' AND file:hashes.SHA256 = 'c8747c602ae5b03174a9b5c77385438bae0d8d6704726e6fb7d1a5c4e767daf3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4e0-3314-4509-8c2c-4926950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:44.000Z" ,
"modified" : "2016-03-11T15:31:44.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P Z 7 a 0 i L + e r X V d 4 B A A A 2 A w A g A B w A N T Y x O D U y N W Q w Y W F m M G V l N D c x Y T N i Z T U 4 N D I 2 M T c y M D Z V V A k A A + D k 4 l b g 5 O J W d X g L A A E E I Q A A A A Q h A A A A u 1 b q S 4 f N 2 p F a 87 G x Y 11 w f a L X A J Q r I F i r Z u O u p J x x 5 a U z / L c w l I z l l X 7 U e S 4 u m b k D o e l O D A y Z M V M B f r B m r p h j S 772 B R F U L v T O M 0 Z 6 B E V G W g O O U h i 8 z Q r b L n 5 a g l U p z 2 U J 2 A r m V t / 1 L k f f 34 f J X m y 4 a + 8 g t K 2 W 25 c 995 s d O P o n P / T K U N W 2 + N 2 d z X z c 9 f y J k 25 M s D J s r s P T + 6 S X T 96 W q W b Y C J R g 8 G n 66 x v l O H q 7 F u P b 5 M x f k A y z Y H 0 Z O b / i a x Y x K 6 K g W A Z 1 k 6 z F d P o 2 L O V k m P k p I 2 w 44 B E Q / s m I M U r 1 r S y B m z n B d / x 6 Z Z 6 B n I m 8 z 1 u e o Z L u T v V Q f T 35 A L Q 2 D N F 37 T / 6 a w J o a a 73 T j w c g h + W 4 Q f Z D E N R b v c F Q 8 e j u s B 8 C R C K X j G e e v 5 O 7 i o A J y 3 r 0 n T B n Y 44 u 6 O O u L n 27 h W Y u 6 i Q q i m V p 3 v Q q W V Z Q C 5 H p E 67 S b f X T J R C L l a 5 B r 56 K m I K 0 a Q S 2 R f 2 f K X n L R w J c 7 w f 1 n u a + V W t w x W g c q P C / R G X m K W Z Y / V 5 u X c a J r f F 9 y K / v n V v V W Q b D w O i H g / 84 n b l L K a i J s o k T X u b 8 B g z 3 q 2 V c p b L 8 s q 1 X E Q c L z c p p h d P j 3 y q b I X x u j Q a T 8 k 9 V I v F h F K G U U J j J Q R Q S C f f A H q 3 V f E c O w v r N L 2 M U X u N o x + p 6 i 8 l k 16 + k O Y r P I c G U 0 r z 1 + A p U 7 v j 9 N c k W y Y n Q B U K b I W H + P 0 c P 6 I K d O l i c 5 a B v d T 6 q / g / h 36 l p e Q n I m B e I l u V Q G G X s C p Y N H X g R 1 Y a P U V Y V 6 x S 6 U O J S I Q 69 k Y m N r A 40 Q C 1 K I O e 2 W 9 B o z X h G Z o B / m A b K V J l w o O H h J u s j G U E v a F J E Z K K k 3 Z 7 F o 3 F V F v T 0 n b u b G B z l i h r 4 F 5 N M / k C R j S k C r h N 8 x g 5 q x K I n R I q 9 X 5 U G 5 r q x G j + C O 1 O 1 U z F B p r Y C u W G + t y q Z c + 3 b q E M g / U V 4 q u o G 4 u G 2 R w V A Q S o W / E + Q 2 X e B 9 g b 5 B i h Q 1 / q i / L + H 4 Y e M e f C H G k U N j W a t g g q + b R S w 0 h Z H A N G I p P T x / I Z x K 2 e y 9 Z 2 L 5 W O m 5 h Q M o D m / T Z g y M H I 7 z l W D u h A + 85 i r f n + 0 i A H E x O L E s C g H 16 P d + 9 x 4 R Y i a 21 j e q V S Q a p P u U e Q 1 h 5 E E o 0 7 X k 6 W X 2 H k / 8 r 6 d j x x l O V u i U f K K k v s s h p 8 U V i K L T u x 8 j Y 5 N A E t N I r j N u o d S O g s w K a Z g P A C D p 7 I 5 l n 8 E T G f + 0 W q S 1 X I R / A r z 7 K d 76 Q 1 M f T Z C u A 1 O M 5 J t x K W V i T H w O k I 7 Q Q r s s K 7 / b 5 I u 0 h T X 7 a B N H 41 d g 8 s R 0 D G a s l A Z M f h F F R Z / 555 Q 45 / s v r d U m Q e z C f 7 X c w 3 a y G A P O L + G Y / R 6 i F P L I j L g R T c 9 O m G O 5 v j 7 h X / + 0 k m o W H X y k w S Z A X r C l A + M w I n Z Y i M F L d f n y B B v 9 y n r A T X / R L g Z H K m R C 6 U s 0 F 8 t e J x K P S 8 + 99 m h e 3 I L I q 5 l o A t r d h K G z F B 2 d F h s 7 R 3 m C Z i r i R + 6 w u 9 E F e / G X y F y b O 4 i w 0 T H H r 5 q + z 3 R f b 6 C 26 Q P B V s 4 F c z I N M g l 94 Y 8 E l C p 2 y f h L 1 U G 0 w 3 p q Z l q 9 P m 8 k 4 z q A Y l / N E 5 w 8 + R 2 p x K N r X D d d c Y k J E L k v 2 t / g P p v U K V j H u Y k 1 k 5 O a / q 7 d j m d c g I h X d b p Z c d F W c n S C P Z C C x J x 2 x x z T 3 S E W s B X l X c U l a 1 z W u F S m o O F 70 Y c G I N Q Z 1 g T m Q l b u k J L F c 0 a a v a p m n x j o 3 V p F l y b 3 s V k w l 2 z B T z c J o Q S E 6 k v F 8 c h 1 Q 5 X R l T U 52 p S s W 3 U 1 I l M m Z Y p 90 B a I w S 5 i 8 E s b t X p w 1 x a 9 p s T x w S M i Y m e l V X S 9 U 7 f 9 F Q e s j y a P F p b B E A K T y d p I v M B b D 4 c P v h x 8 o r 3 D 5 O l B o 0 N t W 3 J F k x j 6 T Y z f Q f F L e 8 Y t 7 n c G R Y h B I S D U R Y 9 + + V M S R 4 o u F A X y 4 T i f o V P D w 94 F U S X f 3 N D Y 6 F H w d Y m n 3 s + 0 v 9 z D S V 8 g c t 7 f v g g P W 791 Z D h R Y p S a G k o R W E 8 f D p H 4 U I B H r g B n s b E C g q z S 7 + u 6 p d 8 K e L w T 27 N q Y B D O 7 U N L 1 + A 4 J Y U U / p i V h S G a + / Y n i 183E7 R 55 L x + A u t s k R / R 4 m n e f N g q O H B F B h u P y c M I t 2 e J + 9 C Z 6 A r Z 0 U e L u v r l e / 4 B b n F / 8 M O g r x W x d R G W 4 e v u L a z S F Q a / m m u K X r S N 9 f 2 j 0 V B O T W D 5 D 58 B n 5 T 3 I o O w X t 80 h G N n M b R B n n D 1 F r S x I u 3 I + k m V R m g A A G 4 g x D h 8 Z K H h H 3 i 7 e h o S 3 z 7 k I D j d n u O B o h 7 y p w a Z o i Z 3 v v c 5 F p g E B d / B a 0 N 0 i 5 C + 3 o a S j e S d 8 p y E 4 j D i U e J 5 g p u 6 y x 9 b q W V W o P 1 y d M B Q j 6 R Y U P R Y X p a g I T P 4 U 3 t V U b r 89 u 3 O J x G v 8 Z 6 a z B U E Q d B K P I 8 R C R A L E J n V H X g U E f W Y / i q F o U R S / q F q K u e N Q X 1 h X Y m i v f A 66 U Q 9 y q 84 I G O 7 r t W / d R L 70 g / k 3 I o 8 S f N K v D 2 f k V n w l m 1 B p C P 1 R C z r u / 5 X M k r 0 N I U X v S o J x e I 4 A Q K 7 D p 521 Y V q e o n O E 5 i Q r 5 x x g 7 P 2 D L u z + 6 p m E E e e t z t 2 l r j 9 v 3 L x p B O y P C c T e N a Y m M 8 P X o a K 49 o g R 2 Y r H + b v H / O D 0 u P B w e p 0 z + 4 P v 9 p F y Z s j H B e T p P 9 f L s V a t / N l O f H 9 p x 8 T B D g B 8 b v 8 Z G x + u n C J H e a R W 5 V T C c Z a V 1 V J q F z N G Q G a 7 N U G Q //jtkOI/Q1VQt5R4B5+M7YgqgxjMlEAF3gaXxByn0RKAnkNoyQhP6MdBG/ddDR9ToBwGYp23Ss8eyhCNipJD9MSEBOPIglipU75zjjfvrKXWww//rUn8ODZ6IbePK49Z/YPvuL6YaPXYP5a2w3JdmV00obIgnkNIvrPiGd8ooTLLR2hXD6A75t9/pD/S2fJR8dRvns5cUI2zy1UxpMU35kKtuLNNO/+GEzMqh1RjkrKgyQvL/feXtpXqmjJ1eIQ72s/Q1quqgwnhUubsp58+Rk3K5gRwm/rQWy9CIUfR9C2hX8SzeLNavQnoO76wZriTcrao+GzRHQbSwuPIxkJTPKcSOIC6DvmesnM/PZOkFM3OpA7SO/07ZEwxBNfM/oSV4iHf33AybURnBWNumuP0NFybwacOnrb5dK0so7CftmhRdjD+uZyxH2d9KYJNPuQ5fcGk6pSScA18L5l2VCSXWfoVZwjS0QEoEAy8WIs4vVKIyDItNHHl/NYCk0s8LCuYiOeqCQHPC4JkjwpTE/e/hCE4F0op0BBUYjJRpOGfpvQ2FuBnRlu/kJQ2/YW6ByZ+hCQ/jpQJ1Ec8Rq2dbIBHEyolG46Uwt8xHEvvJygRZKJFeDRjavPDNCUyAki7Jnw4pQZrhGANB2t8h0BOAclrg7dvRc76dZXLumjVxmqPGJ1779dZ1aDXIm5sYQzC8vyNW60PJ2l+v8sMcJH06jOWG0ZNckAcmO6p9GudStGPAIGWhfMbeeO8/V/OEK7lI+mxxFEUpK2R7uUpRgFEAVwGcfwgnGZo9oXCYRsTIsG8iq55PunXJNJ9UvNA1++cJmMZK2ULVWItQJl/ePHmErfN8ciR7LpBjLgM1Usnf5q7duHZTj+8B6xAOHnP1qflN3BfwsKgFFpcr+QfLybsjUYoLofWfwCLQEOtq43KFPqSgAgtpp3HKUCA214E4MDqlLgiYtcXpAYPwe7Gmuy72pFV2om2Jd83EVg8ahvmmRB4OEvgUAxl3nuYCNVoffvSTIIjr30s/dBNPUjkS4RTZx+jI7a4GaeQiAfw+ZaNGtsbeISAv9HxFpxyvus39XBcK9Zd9Pl8jOJTc+mzJmkIJIr5VSgK1zNZTb4PHi8n9f4Xs9rc/tXO5TZG7q+IqrUd42VJabjXv6tIQI+GL4K/yGKRnwfU0ler1sITlyom/NSrYRjdl0Lcpes7dSHt6xTqWWLyCnquO/u/twRGIWUpwsq/nFC9gyfH05lEfSYWeNiDsown+l3b3tWrYWnXzjV+PQDMQnk6Hz9G5mWrtpibFmYMcpN+WoClsVTtNHZPY5x4Zf9/haBbK2f7KDN5KHEQ9bDx5gD0JqtiwEf1eCT
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4e1-f5e4-414b-9e0f-4757950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:45.000Z" ,
"modified" : "2016-03-11T15:31:45.000Z" ,
"pattern" : "[file:name = '32tguynjk' AND file:hashes.SHA1 = '2acd98f82297e0aba7c9cbd79554ca0dc84ebc73']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4e1-a0f8-4714-a3d8-458a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:45.000Z" ,
"modified" : "2016-03-11T15:31:45.000Z" ,
"pattern" : "[file:name = '32tguynjk' AND file:hashes.SHA256 = 'd0228c8adbf53f5a3a846e86f36617598aab6804ac8cd73a1a0bca672e550fea']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4e2-0bd8-456b-94ed-48bc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:46.000Z" ,
"modified" : "2016-03-11T15:31:46.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P d 7 a 0 g o 3 O 4 S 89 Q B A A C A A g A g A B w A N W U 5 Z G Q 2 M T c 2 M T h m M T U z Z G I 1 M D N m O T Y 1 Y W J l Y W Y 0 N z l V V A k A A + L k 4 l b i 5 O J W d X g L A A E E I Q A A A A Q h A A A A u 1 b q S 4 f N 2 p F a 87 D / a 44 q 2 V G K 4 e f Q U I E h 1 k R x K R T Y C q R 8 z W 2 g W o / r G 18 e W l T r a 0 f 42 E b Q y q n l 44 V 5 u 7 K Y a M + L J w j u f Y p e A + h r S o V 8 l e o s E k w W F s O X z N a o e L D q 1 A p 9 r L m q 33 y J 5 N k q G L w U X + b 0 Z u / C Q W u r Y N B s U u K 0 o o G t 0 Y a k 7 u V P K a Q 7 V 969 P Y B N W H V U X z x c 4 i h C Z 7 W K Q l O P l N t + 95 L c f C z v v i B H P E J J 0 i F s / c 3 h N i B I c W A N 8 V R q D u + f Q f 3 V 9 x k x u G o Y L R b z e f 8 S 7 + H + E 1 r 0 o 20 K p 0 K Z S t u p L 78 A j 8 L 5 N G a N y i P N o 7 x O b n B 3 j r r F x Z 1 n O g D L B P 8 k x 0 e r E X U y S U B S N K q m I 4 v C 0 H P d X a T 3 u Y j R l 4 U m 4 u o 1 u 9 c g C D 4 o U Y N c L V L F N O l d V i l z 7 k s / s H l m Q d H h 7 W S 2 h + C Q C / 1 t 9 W w o o M v t i 8 + B K w t S n H u 5 j j j h p + / V n 84 e O t H r U m x V x m l y m 3 p L Z M T 0 s e m 4 O y 9 m h 31 w D g 7 z J 5 Q L g p 1 / H C y b k L 1 Y E a p / C V 56 X n z I Q S E h u n e v A e g 3 x 8 p Z l 3 t 4 V D i u k D 9 g + T o u C U J O h U W S d i 6 M S t a 86 g A S x O M O d G Y K 9631 L g s j z 12 U n U M o I q l P P L z m w c d N A p S w f Z r y N F z z c S a 6 n R D l E g O 7 s F n H X z r V I m V / b M / D b n G e + 2 e c H X B 7 M F p h K k O + T r f t 9 Q w b C Z 8 J v 0 R C j X v z i e g T u D 9 t 0 M C t r //0FNORtm0uU196EEdak8LXAEZOLraIbQ+Cj8Jltq8HomiO9lXe9CAEw8gu4USRYgL1ccVH3ubdsKujxCXAZrJVjjpS/Zlp2ALjAa7TN2zXs1dxUmgIxTaW36wy+pHaF+EkPyVvJ0IRo5xjcOmvigRy06ljISvKx2DF2ulyc6/aPQy9bcVSeSjYKrVREQTDMl8CUyKrFTP2uGph8Tekgg7B2bOv8XBkE3yyoovh8JORMsrL35OpKQgtBRhvcF+bXWYR7yIksyEWzMRL6v1X3iWp5fRn3P93AXuOz8UKWi0a7IMsphvidf1nKmigTyy2E2+bnj9PtE1ipvfuaeWtXj6PR9PxhP0tpjiHt30C8P2tygMJYQedjWPQJ5uVxTynH2bGH+qU3UtKeg2rFNjUVXSVhXedNLLBYCyLC4lMWJ/Wkw9QQXFD5acKH3Y9t45Hh6YJsCE6lgfA2k6+QmvbYDFnjRQbPxylSm6DVKO69eyovsv311LH7YcYWPYHFtR74ZUpog126mD6qBkHemz4sMiF6BfNfFVO5fNCp382YljcID8PL5pAeaRdCTL0ERb63S8xfc69VDQYlBJF63H5e+navoc8qVwAqtGm8EIvpKtqybu9DYxXNiaoLGJpvDl9oHS2vkc9HGjc/eNTYEGh9VYV1HCK6GBsBa7b2dyrwTTSVgqFwnwThATpItxNu4YG/aAyfCnNN3ZSkndrYaQif5nObqJ41OqgcP4pNh1IarzUYMSK9tYsp2Chq9RW05bnsXTgBs9vLD1Atxqm8fBRMQHptCjAehKMRFLqtG9rB4ka5tND5HVRZ6XSvwG/VE1H6Smxz2ueYKwmtE2Hz0aXtUD5Nwqc0KjUIJyfgbnYHtci81or1tCgag6mKW1tM/WbBUNf5kaIrDPBDsQ7kvBwbwiFFkIyLfVb+sj+58sCZPl1xAb/4OKjEFO/Hs6jbRvwSf3D/Y6DSwC+4N7v8BQoZXMbA+Vs0DWrUF595Vmfya0xccJofA5KnzXG3AfaOCwgEKYwpw86//iclE6kF1CtnjAyaWmF7V4yucfuEmoOBMvg9xpQmdaXyjhoZJCbVQiCkMfMmgAKbg58qRslnAClpyIauSI1shIsE6P6OCYc3c3+4U6W5as0TT6V12RS9LJfJodZN35oEsftZ3GUKsq1k4/LrkuAVo66+iYRXBU4FOr4l6/uAu8KhNUg1ktMfxSAmtHAjNSDSS0mlMoCGZOG9/1Ht3gO7FTQ8eiZgyJAWvKl3yZnw9YHw8o30it3EqVbRvWCm2ePYP0vbdq5rkJcMedzcK275m1qQXB+0tLCJLLqO9+ZFQiJ4X9UPq2z61d9diaqF5noYxmiq7Bha5P+dh7k+7wJ3N6kSEnkt7/J1UIAAl4M14e2eTbfRmr0stC4rl2BDVvbbm77cazwDx75a4jMZx5p0kxWEPgenFPIaCbH3caIElyvia8JKAjbZcp2ey9DWvn7kxPUK0L864KD2y+2hDewzM731Pjv38JRKfttvk9zKkgXz403oWMoclroIZhsm5avA/N6CxNSWTxc6vudpdrZIJwguIEoNJNpAwHtjF8yRu+2GVSN5jnI5lcKeQYN5Ctm6y0uADdZYcD4uDMXV//ZvBXAIjDdyBriCBAcFONK999DJWBEyUtsdY5Tcw/f0YSzzBd6RdtpKBzWyj/yGg7ZWZCk/gKAc6n8oAutqX/DxSuJ0Z7mIYqcEFnhAr6+3yiwB2JA1fbRjEEH1Q99ih8M5hYzMJKFJyzS75yQrPZ4JVJO7f1jpf3QGXz1NFjxytrPSIce8RcDXaYg7MNGDS5jZVmm7LO3sQ/FQpO6UQnq8Evbrlv0rOrFo8V0Jj2Z3oiR5skPEakLtaJKlwv1u7set1QWy/VFHwIjsJGDFAUfLklPeH8sWBc3LLG7gFOgmoiuswCxQzyIH46xFgeFov+9KnuNRd7Wf3B6fhSx4FgSauoirdGstTBTtw3PbYAy80vejzxCxaywd+W7itjhV75CSfn9YGZoD3FktcDqWHTdFDH7TVL6NMzcJMrzmEA3ksiFX1zQO/ss9YoUjuoUb3N2Urb584e+7jJdRCmmCubz5w8SAeD+6+y2Fbc2j6fc762MWuQGyu11/ApISowlk/2oTAQzDltc71SE1HqOPnL6JbAdezi1v+dYsCcHF0U6IkpY2yJdKFbWpbwDsyg1tpPWVsAUeC8JkSDt0DentgbsoZwX9OOu99R8v1kqObxxnU8OMkX+/VHgA/d26NrFQ9HlycNnjIFYjElpdSLHilvg3B2fLCCDqaDeFl/Zc6t1bq36JezvDzAbCCtxlfEKhTLPwLPbi1/5yh7l4nCjRE0wHpvuKZ+n/wCk8/kQsMP1t3O6DZBt6gLfYBF7933aQ9m4PTqPDKfROma38HZj1jKDW0Y9Ufa7coMNw2Kz3vPEe9I1PZbpju7yK0IbNLohk64qvXnjTL+7oCGSF0oYbivW7nvZPJcph0bsjOlV7OTfe8Kii4sm03KKzQxneV88enoaGBPTlBzbsWLAUoRhar59/bBZ7RAXksJMc8SjGIe9n0CA4DvomglRAsHxXNTNChisYzgX4t3HRCVUX5hMx/u2hTfTLbLB/ZNg3ee45SYttWacvFJkmLpLdpSls7uwMKvV7uaIeLgoZDHBEsjH1P0+b8UAN3k6UJnt+trnZVBV0MxGVxTpaPREbOTEY/eKCyo2sCWtvZ6baAmSlZsHNCDKhB2lWkfIx6kGOOm7r7QpSZMgerCO7t6CzKzTgNxIcA6Y3NUOWv7u1AHyQMjrQxajbudF7ljl5oa07vL9/prruX0kMfrkh2pqrXVAacaPTsdsx8HlwwK/sTEg2xRWc4zHxSuo28PIODADLk0shMG2eafMz7+LchAjK239qVNlQw0rNYPhsRwvw8JPGskf2fjm7kyFGCOvUsfOuBigNWbcxC2PLWymw2+D3dQLh1D7LwaA7JbjJZY52t2Emziuj2AdbIdZlozoIarqhMnjNEpYwOY/zm0MHnMNrxerWahz52ZEWQvMHbl6qHynsDnqDcnPOQVlvf49fVEYzks+2rGhTGzHeiU8N59Sdq6zeEqczoSh0ga4sNsbe1AP7YKo94eSnii15Jtzx8c58GEfrdddVlC7Wjhxa09M+Q00YXPySKGEE/2joNcg2MfcTXZ1MQtut0qWUZP79LPqbuoiF9fZUzZmUyixaLO+vn/GtFZ12Y
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4e3-b330-4ab1-b91a-4ab8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:47.000Z" ,
"modified" : "2016-03-11T15:31:47.000Z" ,
"pattern" : "[file:name = '69.exe' AND file:hashes.SHA1 = 'ced2758106f2f7157afad7cf4c61586dc60de694']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4e3-7934-49f6-b4f8-4f37950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:47.000Z" ,
"modified" : "2016-03-11T15:31:47.000Z" ,
"pattern" : "[file:name = '69.exe' AND file:hashes.SHA256 = 'bee14206aa3e443af592a6946671d191f878f2cb7ca04013704b8fd4014a4c3a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4e4-7940-47cd-af34-47cb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:42:48.000Z" ,
"modified" : "2016-03-11T15:42:48.000Z" ,
"description" : "broken? Crashing on XP" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P h 7 a 0 i Q 4 U V W 99 E B A A B O A w A g A B w A N j N j Z T R l Y m J l N T E 5 O G Y 1 N z J l O D R m N D V l Y T R j M T J i M D d V V A k A A + T k 4 l b k 5 O J W d X g L A A E E I Q A A A A Q h A A A A 1 e q E m 4 w V y R j c W u R i 8 w 5 i Q Z h I t v f k 9 H k k L n u 0 G W u p 1 W C r U f S V O h S L h W H u c S Z u N g I N M l w U a h o O 3 V H I 6 O 0 G N / + / I 5 B f X c D b P t / 9 I 1 q 86 a 1 f g f V x A T q H U S l E K n e N 1 B R S w K b x 0 t B v y v I z X g W 7 J b 0 Q c d a j A N 3 W q O 1 S O Z W u N N Y r M 41 D h 4 Z 3 B e w m Q I G l v 3 L 9 F a x A P G 7 f 4 W t t K O P o A 32 I E Y 9 V A T 4 l X h C k X Y e B b p J W C o L Y C 2 p d p C w R y P X G N 31 c s Q e b o r H r m U z 2 U 3 Q 1 q t + 19 u G 9 S V y l m Q F B a B 6 Z X w K k G 2 T Y Z h B G c j 4 q z m T F S H U A M u H u v w U W M Q I 5 D 4 N i N 0 u y h a Y H d A u b f + r S Y 8 B V M L 5 D S y d + U Y g L l j b f H 9 n o t x + q 5 I G x I F 8 Q c R r s j 0 O s M N 1 x T d M k K f N g w Y v A O o j U E Y 2 w i o n e 1 d x w u o 7 C M B b E 3 T / A + E v h K T X v l s / K U 0 s K c m B O h 6 q C 9 u H u Y L s V d i s u 0 9 X h a R j y F U j W p m / i M V d w / X a S t m 8 h C / t B c O z V x 3 f J A M E f v Y o O X h g f f 0 S x l L 3 n R G t P s c e p k c m y N F R 104 g 3 Y + 0 z s w G 8 j N K C B j o X D p 13 n P 2 e M F 4 j / 0 l E 6 q I D R M j P f L W t 0 j N 67 x q E P + 6 F 6 x d r f a Z j l X f B g p H d W r K 5 T 4 l T h q r X n + f M 0 G 0 e e f r t 3 Q n z a d z P h N M z a g O W r U L + K E u L 3 E m 9 F L Y 1 N b 7 h Z R s 1 E e S v 6 t e r g g 6 k a S n I v Y O D C U f b 7 R 8 K P E y W 5 Z n z 9 m R 6 j p y d o S P Q U e c T j j H 3 S C o b 83 z n t 6 c h t + A i Y l + i C 4 Z 7 j E g y X x c 6 j 2 Z j H q z Q 3 B J o E + b t T k B w n W 2 c I W x g 3 N b H G 8 / Y D j + z 5 x Y j t i t 9 y l x f Z Z n c P r F 1 W i + h m T o Y F k T + w z L P 90 h d o Y 1 M + D O a 471 q S 0 v T 4 C c e 8 B j n / E B I 52 q x J W j R p p 3 N 8 z v p z 0 f P a m P L + v k O I 63 k E a m d E C d C D 2 X j 4 j n U H f G 3 h + g C 3 w Z R U O O q z k 1 N l n x E X A x k A r v M / 5 f v j G u Y t n O n Q g o y H o c W Q f k V x 7 g d o p h 8 f X l c k J j j z q Y x H / h N O K 6 A 1 O A r i 6 R 26 V U t J f C B 4 C X P p M i 1 j 9 l l 9 K + F g + G D f 9 S 1 e Q z 2 U r x V p 4 A x A z 57 N + 3 k J b 9 f 7 Y r A b Z D z b p I 5 U b 0 A D Q I q M K g q v n 6 C 8 u r 1 o A 2 U r u r 2 w 8 l I I B / 0 u g S + D h D s g Q + h 5 E + v h 6 X x n S n 6 / D 3 g 3 q 6 Y 0 3 T M Q X b H E F a X Y D O N c b p g I s Y o j j k e + h v + z E E 3 + o B i r 7 l H M U d z F g 4 S w U T Y Z U B B 0 8 H m e p A h u x h 9 u T u c h U v 0 U 2 x y j p L / 0 J R R I 1 L w k o + P I B L i z T A k V o 6 S a B s B c B C n J 19 n 8 u 3 r S s h 6 z h l F a Q A C H w 3 z 6 K c + 510 J Z y X V U p r x h I d b u T l O 1 Z v / A x i j v K g B U h / i Z N S s l x n A t Q 0 A S p V 8 q F u / X F e + r n d A T + S z S o A h N 6 R N 5 L 0 n y t X 1 i w g 89 c Z y T s X B v Y 2 B C b v s F L 34 s r e v J W e e 6 T r T o n V J j F 6 c e 2 e z v 8 Q c W o Y y 3 K O d / x 1 M l 4 z p H O x g A + A f m 3 E F u a t O Q i V R M i f u 71 s f / k c m P f S O Z L M M 7 n H D 0 S h f X t r O b K O t 1 u U O V c s W z v O T F p b i Y A B U G K 3 V P 7 U e t e R 4 Q w S N g + 849 u z m f 2 B s O b i / C P O O b h o M t t u L i N o F y G y 1 D a E w W r u g R n a f j P P Z U z 7 b b z W X r W r f O a f 2 r S 3 S m Q / 7 + V 5 g b p 7 / u z Q p m 0 84 h Z D 25 V c M G i 8 W l Y X U N d x R 3 J g V 1 a O F u w S n u w u i Q r d 2 W Z E O b 1 w O d B F 8 R a F p 3 x V D 5 l N O x 8 K J 3 w u C T A C F R 0 a 8 b l y T / n U 30 r q C G x z 52 A 7 t c R a F w W M 93 D V z 9 P w / 1 r M s C R E X p d n G N o 8 q A 0 H x 34 j r F P V y W 5 c P m T i 44 N a 6 r R Q v m h F x N E Q e K o K v a p S G u + v 7 X b b 9 j + Z j D H Y 0 w r v + M M L s f C z q U 1 / 2 O t c 0 k H y z h 4 j 4163 i T J Y k A 1 L S X k X 0 8 j h 2 H q C R x t m w I o O A z Z S v j O Q p y K 8 W M T a q P v c X u w d z p b d B 5 P O Z y q U A O 8 d L K 9 C F 0 V U h q 1 A x w w k y 6 y T 0 F U 9 j x I r 2 B l E P v m 0 t A T m 5 l S r A 2 y o C l y 88 C W E e H O x D 5 O 3 E v + 9 a v C + g v a X A q q W 3 z t i Q k f K Q 0 + / N X o m I d 0 d Z w 8 G o M s I t Y / Z A 32 O 8 G L P P 8 m 55 T O H u y u 4 i H 82 d Y P b + q 8 A I H C y 5 A 4 q r S N c l Q n 9e5 F 5 B L / b i I C i y 7 X e B r S x L f V K q P I o w k E 9 d s 9 u H 0 t / W g L K T J v j a a a u m s 6 C S U 0 v 3 A l R N s q D 8 + m I W X z c P x y J 6 X 6 E R q 2 u 7 + z i D c 7 u e f C / c g Z S Q p T / v R m V t a Q R A r O A R / G j / 9 c S l s 35 o b 3 t T e E P 0 C 4 K c Z V 3 U L 0 L B q G f n h D p l 8 x q q s f q t t 5 / + i p Y 1 U 9 B B t O + V u w x x R 2 P 4 a r d E I 3 M F 5 G C D H 9 A b u h j N F 5 I U H y W d Z L 3 g G U U e 0 I I I e d O P M O f b z F q S n L p M W d b 68 R X P B n E B h i g b S H n I 8 V m h I P N Z b 0 d 7 O i P l s k j T L z I R h Q 1 w V V A a T u f J 1 W 6 P h N 1 z e S K k 5 b e G U X L l J l 6 a 7 O a 4 K 7 S D Q X h I F k J Q 3 W H x G H X m Q q z 1 G J F / y j G p u i L c N 33 H O M U K z / Q A z S 905 m i A W 5 W l l D v E 91 v d 26 X r 4 y F 1 N m R 1 E y B n I 7 e + t + f c O u L z k Y 9 G l 28 n Q e H r u d d T e C n T g R f Z / U 0 U / g H Y + w W U S v Q R D z U G r q O n z x 5 a w y 2 E f L b x c y R C d v N k 31 M y 5 u e p + b c Q D Z m z G l 2 F T B O t / H b 6 N H r E k Z 6 / D R Y d Y x e w B N J n j 1 / X g E g x I q r W f u 9 E K X o F b e U J r G 1 I 7 J H g L c J a Q O i x r D H l C / S a Q Q V L B e M M l E 7 K Z B w 8 n L H I e J F 9 W M N / 7 W 0 Z K t T r T 3 W e w b b q q r 6 e g M O 5 b r 7 n o B g d C K 2 w L B J e K 1 B b P p T y 430 d g L N d D w 1 o W x W U K P H A p E L y m T o t E s x x 9 O X j l 52 e a / 0 f g r O s S I J O l N T k n 2 v k v f Z N u G U n 0 D M Z E G K z 7 W E 5 p Q E L I 8 + 6 p S G j V Z Y 5 N F t 70 j m 5 z m o 6 n o F v l H A 6 T W c Q Q D + P D s E o z m m O l F W T l k e u w b j n 0 j 0 z q v J V 2 y q h c Q e P r D M B 9 g F w i b O / v 4 Q P 3 l 0 p w o R z b l e R R 2 i 2 w 2 x g n K s e O D S h Q c M 5E6 z 3 D m k I S E v x N C 2 f N y m n N e E U T x M N k E Z l 6 O r C s K 1 o 4 / z x i o B b p L G H L T y X m 2 c J 0 S 7114 k Q Y Q D T O 2 Q p j 63 D T G 9 g + V 6 S b z 2 A e F 6 R + Q h 8 D k / + U 4 + L S v W d + D T L C o H r Z 0 3 M D 8 U b l 3 I 1 I q q w L u A C z D U C j q / V Z S T K h 5 g w 9 G Q v n T z e v M 5 m 3 o h 3 Z G 1 A 6 P c c 8E03 N w n X c k f W i e b H n d B / H T H 7e51 Z 6 D j O d i j z v y V q e e C w F 6 p 7 o l t g p b N J A S 3 r Z Y j z q z 4 D 6 L 96 f f 2 T e u T W y B 98 N 0 U R n C 2 E w U 9 w 7 i p u 8 j 0 i O z 9 N 1 E Z m 33 l L U l z d I J Y a l h i p t S Q D q Z 50 v C y B f 66 j V f Z Q 0 z c s 9 W V L G u m q e k Z Q B G F x j n K M c D K X R V n u s D F 0 H u l O v Q c z Z c X 0 H E Y V D Y p d y 9 k 5 + 8 Z V V g X l V B Y s r 5 m Q W F S c e e 7 i G 8 L u j V 2 f w P S d 3 N s v K k N X 9 q H 9 f 739 g / R k H 41 q / L f d F 9 G 63 s 2 f L i 6 o 5 v q t t 1 u l z t v U s B z G k g / U v X c u e 4 j U F K E a i O 6 y 1 j C F O W M 6 Z j E Q K x s C m P R L c L k G j 82 S 30 s B B O R S k / 9 x X J M e W W q y n s k B u u P g Z r m 0 F 35 w B + F v f 7 o c U O / F G 6 s K T 4 E h p 60 c 4 n i a n e Z / 0 j Q x v n k L 3 a u r 7 r u v M i 5 b n Q N P 139 x j n / 5 B w R i b h z W b V u 9 f G H 1 Q W D M + c 8e6 t Y B e Y 40 L c a l J + Z t F U z j z / B L Z r l V e r J P 1 y y l q O 3 q R G 5 C f s Z y 9 R i i U + n s t f E v c S P v n h O d i x h H B W d L 85 y U L b k C f n 5 d C W a 1 x X z n n a A p O u i 90 u H f z 68 E z t r b P S h U + + c E n B V s m o h v E 5 Z P Y 209 e U G I 8 C f z 0 j F t p c P y 8 l V / Y b k t 5 O g d i t 8 u u m t y H E 57 f E Q i 9 g i u g p v 6 G m 2 P E m I I m + S d S K d 9 H d t n + A z G d E C O U F x z H r E / 15812 P m m w y Z L F n w v k n Q d D H I l v O H o 478 j h g X v 8 q T q x w E + t 6 a i E J F r C H 4 P f P 2 L i p c C / z 0 S q a R 4 m W M q K O
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:42:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4e5-1d54-445c-b5af-41e5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:49.000Z" ,
"modified" : "2016-03-11T15:31:49.000Z" ,
"pattern" : "[file:name = '80.exe' AND file:hashes.SHA1 = 'd597de857c14af220249c2681d9e38a46ab719fa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4e6-f568-404b-937e-40ff950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:50.000Z" ,
"modified" : "2016-03-11T15:31:50.000Z" ,
"pattern" : "[file:name = '80.exe' AND file:hashes.SHA256 = '717ab1f2d9b2a06474b6f6dd297b253e9ae6bced85ca319574269b71a4bb2e90']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4e6-5dbc-49bc-a644-449a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:50.000Z" ,
"modified" : "2016-03-11T15:31:50.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P l 7 a 0 g m i z E g F d 0 B A A A 2 A w A g A B w A Y W E 0 N j R l Y W Q 4 Y j c 0 Y W U 5 N W Y y M 2 Q 4 N T M y N D I 0 Z m E 4 N 2 Z V V A k A A + b k 4 l b m 5 O J W d X g L A A E E I Q A A A A Q h A A A A 1 e q E m 4 w V y R j c W u X a a a w F M 6 m t h C C a z M D v 7 a t j r c B + V s R X U K T N S 36 U Q 6 H q l i n P u 2 M A y G l y I d 3 S v d 2 x y L 1 U 42 p v f s O R v X G Z 8 y T x U 2 G a d 7 Y D h s x X D K + O W T W L 2 i u B b T B e / U K j y N k q V h Y 0 1 G + 2 D d J j A 6 a W 0 f o F q 3 B 8 J X h 7 E a D W r m B n 5E5 V b s g Z 27 I 5 d H y 6 J F u 2 O C S p P M Q I J s v Q G d Q j i e 7 W a J B w s v L f G L u W j i i 4 A K C 7 U m H G p T F x K Y x Z Z I B Z W f Z u J 7 z 4 V B q q c H H I G j Z Y G c 0 I c A Q n e x P V a H E w 1 z q I w x 8 t s w l w F W g j Z i C u U h x I w h 5 n + s W / j X y T g U X w 6 h 5 h j S z E f C P h d z h r c K c Q C D M X d 8 n q B z F d w n y G A f C M B 9 p S U Q f / c T c x V 0 Y O + L 9 s P k g x Q H 0 H y H w N D G 4 c G A T 7 n g U A O x P J 0 a N G l 6 D 4 A y + Z w G q 2 t i 8 n 8 i Y y w 475 l S T 2 b R 2 T u q N g Y 8 U T O c f F j P a y p z 7 G E o n 6 W / V z o y Z Z c w j b 7 / P W + y W 5 K 67 x V O S m r W M l E U i Z I M d + w P v p y E 3 o 8 l w A 8 u z D k P l 7 R C 6 s j V T p T j Z L i Z v Q q C O Q L o P O 28 p J R i 9 c 4 K C O P 1 Z c c z 41 R h C G M 3 i n M 8 w N j t s f J E U G i Q 1 W P Q S 9 i g i m 606 a V U 7 + H 7 d H K 9 F t r 8 M l T g H V + j T z z 9 c + g T z a Z Y F M y y F G w h F R Q 3 g F 1 O + T h B Z U N 0 w K a 8 C n e d 6 G h t i i 7 I C C p 1 O E I S + n n f W 6 l z V j E V A E N W g q E I X t N e n E w P j y s b y H p 7 m Q k F I m A T 6 + 3 + x 0 19e1 e P H + Y 2 O O T 27 z w 9 h K w q q Q 7 y 1 C u 32 H j D Q m E T c h / j Z l q r N A w + V W H r r b h O V d U 3 s P x o / U t i B n L I V 634 t J P R d c R 5 M D 0 a R 46 X 8 o z K A M T 4 q J X G U s c q 0 o d h v w 2 r + 465 n T i + p N Q s g I R S b S d A E W 77 q O F / M q Y q N 8 P 4 A Z Q V I u x Q N X 8 f a B L t H w g D O p 2 Z G q t m d i 3 N F U J V s h y W 9 / 6 S 3 + X d O D 5 K P o n 6 v + B S G u m g 100 H h z h A h f T N o P i j k e q A X 3 t U D Y D j R X q C g N X E N m s A B L 1 v m q F h t E B B Z L / a M 5 q J O m 64 u q 2 z j z n L g T y e Q 3 b v 5 d M s v q u f q E c p O W G p Y K 0 50061 S 4 L y j 2 e B d c 1 Y w x Y 3 z p V p e B 6 N G s 5 k b K 6 H + Y c q 8 H i x + O b n w f 7 D e m d I Q i y k z H + K y y Z M l h T w 454 g v w d b p F o L 0 I S M x Q b h H L 3 t y 5 R 3 X L M D V Y 9 P Q W j p K k l s O R c u I x + 74 g m p m t f / A c Q S w p O Y i D U R / k E M w s 9 h q 11 u P T C V O a B Z T c r R 1 t 9 s M + s J b p L i 8 H Q Q 3 F F i Q k V g g 227 q V r 6 h j s O J X 9 X b z + s 0 S r H G n u r C t e p k x O D W 3 K T w N L 442 V n q C s L J 0 Q n Y u o 23 h 3 Y m t 9 G U T 44 P o c s c P D j 5 C 3 k K v g h J z q + S / q C P 8 j j W I v b n T J s W 6 e Y Q y p w u y v l c t y R M P h h a G j x w y b v U X m m r V D H H q G W K B P C E x B Y K H g u D K w b r P 28 C C I X / M p X 6 q 9 w M b I r C a w Q 3 r s L 72 j V a + + 3 n u o 5 Q a p 3 w b v w a D + Z v 9 g r U l D I M 4 V + y V j q S 8 d 1 s I x o o + b s 1 R i f X d + J 9 C 8 X 0 W i + a 3 C P h w U z A 9 F a 4 Q D t D M P 3 g 4 H G J u X s W f 6 t R Y C r v q A k E q 3 a p a Q G U i 4 T o P 1 R + / d F 6 R a W 9 D l U u P N l J F Y 9 X w J I R p c 4 E h W Q 4 Z 1 T 9 J G G C e L m O 5 M 2 / F G i o 4 + q k f X 9 s k 6 c e 180 / i y 9 d 41 a Z z x D a H l l K R S f T R E h 6 D y V C e t 2 U m A o z T H T l h x n g o c 8 g T d a l u o G r r v T o I d i W D z r v X o f n H g 6 p Y z 8 M r s p m q I B o p k + J 1 Z v v w q S k f 5 b c / Z K h V 48 C b A g j A v W c 0 W + S S z C b X t s j c x h b p 42 W Z y V Y V / o J E p d K Y e Y f h 86 n s L V h f + C u S Y C q e d D z n D a / f Y i 2 y z t 6 q p R D r a B l a + K C m P z 8 W Q n W 9 B K 1 n H 2 d L N V g T x W l r Y c 7 I m a 4 m G 3 a S d c D f Z y d O 4 E o q 3 d f g w 0 F I 1 P n H E t v a K X 9 o w E Y M V r s / W R h d L l 6 U U 222 r s Y O Q r G K U p Q c j j r k 21 H K M f e p + p 0 / R Z A Q w v b v 1 y l J S v S U A H D t n d L 8 i G J I v 3 w 94 I i F k f 42 M T y / 5 N P Q S q W M G D S H j r M z D K T O R T 9 M X a 6 B V n y l V 7 + 1 q 4 O T T T B l K n t f b E y e B s S u 8 p e J 70 n H M V n 7 M g / T F H h c I b L n B v H 9 c j B a U X C N a 64 / 4 K E g c R R w 5 K s Z e p f p j Y n Q d g j G T 54 A h L l 6 m b p S 7 T e D t F r V N 9 U 4 D c o m z m Q 81 z s C M 8 u r G / G q D u p H O 0 z d l S w a i i L w b 1 V t D d r s t Q 5 z h U h r H 6E2 s S v V + l V G 5 + B C t 7 w c r N F + d o J d 0 c U X 4 x j E 8 f q 7 A 8 w A n e a 45 Q r r b b W T d 3 V k X 7 V 0 R W b a n N n W X A Q W J h O d b P P j G j H G s 0 a 7 V x D T K h m Z G x 8 H A p M O 7 q s N s 6 U s O p E j a 0 y 6 + 0 X R B h U h O 8 g v 3 R f q e A Y y C Q S O Y 4 K 5 m I S i Q H N f l 9 p g c 4 m i e 8 F G u r 0 m W I m I t R E N q H x G 6 l t C O B x X P y 5 g L y v + S e N H 7 h M S w o u c n b y U D b t E T j r f g x O e P N 1 e r 9 Y P M s h m m d u e e y e m U A z q Z N b P w L R b r j N i D 53 p 2 G K / I I I R x 1 X 9 r w 1 + o d X K y 6 H 4 g B B y 4 V o i p f e 5 Z F l 5 T + + 3 w S 8 k U K a 4 h e O p J N 647 s 2 V Y Y H W L / G e F 9 S J S / 6 d i i 5 b T 2 q v + z M o 16 t L x C G m 1 U x q S l E l Z 7 s n l Y C 1 t / B 1 J / v H 5 Y F R f k H l e w J Q f n v Q k L s D V 6 w N c w 1 A / o 3 g g R j y I w 7 / q V V P 6 N J q V w X g N n i b h W R m 79 m 3 z I u h z w f u U t 9 a e d 904 Y n r X B Y Y 15 H M 9 X 5 n Y Q q q e b T g W r E t W 7 v 5 R c i 4 V 5 w F 8 l L U 3 i s L M S U c J Y H M J c b 0 x F J x 0 v R d t O 6 C F z d x o D G O p 6 X + t 3 I D Z n M 2 z W S t L V F n x H Y r E P V 0 H M r U q C M T V e o B C A 2 B + c F 0 7 y E n L t Z 9 m N h H u 0 7 u M R z 8 / G T y V r c 1 Z T Y a 5 B 7 A 9 E F d 8 T A s l Z f m 4 M J Q 5 d Z P c o D Y e 13 g V 9 i 0 Q N w e c 6 R H o z / P C p 1 M j O m x c d C z z z T V I W e Y P 0 P q 7 H d T G 7 G c h m x / h t 62 p m m 81 d 4 n E I 9 v x 7 z Y l V Q Y 7 a y / 4 S Q r Q 5 w g D z h U V X l C x m z W C y X H N B H t p D 9 F C / m G e N z h 8 q 57 L F c t n B a c N W E C t o p r o i u T / R y c s A j H W E I u c T d f 9 X h B o I Q Y H O E e J X 6 b I Z I b D w 6 F W y h r l p I I I / 5 S 4 / S 66 o C X w W J 965 o 3 G r X r w g 7 E E a r 2 W b M + G y Y Z H 7 B o U B m 4 d 35 a k w 56 I N V g R O h 0 N t H l y c X h / Q L Y Q v g D F l n I I h t b w j b O K w 0 i o 3 e Q b R j X h k N v O 7 S K q x O M u O z X k c j o p E B 9 T 8 A n 5 j + 3 / H Z F o R q A B i Y V J l g Z p t r H S 52 p o K Z f a z X O 7 D 2 I 0 t i A z 9 L q Q p c n A i n 6 + W D 4 C j k e w + r v 3 D u q a G u Q T N Q i Y / f l 0 X z o 0 G M b k p H R u + 5 Q z t B n 6 R G E E W G 0 / w p 5 f x D m D c L X U z v n u 4 y W P B y H Y 86 w A 0 4 J 2 T j 9 E K b l a 9 p e d 9 s F O v g C v 8 J C x / j v y 8 Z o D 7 j E 272 B M u V P L V E v 4 P a 0 H t / 3 U I e f 16 G e 8 L A 2 C u o W X t 0 3 P 7 q / 3 z P u 28 K w 9 z m m K 9 W p Z 13 b 5105 f O o C A x D T 308 v d F Z 4 j j L D A 57 I 0 d 8 D 1 A j M r T 7 v c h J S M F S 45 y j g n 1 q r n G 9 a H v 3 q T x T X 8 C f G 4 T K E I q U s b n j Q 8 k s 30 p b 2 k r b l / F y k O H Q Z C M J / A + P 7 N + R O K D 8 l i d Q T A F 403 R B 84 T 0 0 v 1 Z E j V 6 e w b j L e j r U K M S U l k o p 3 W / J I y C C 2 G 5 H I G 0 V w e j i b S 2 B W x F A / c T s W X S w Q g p 3 M j + P g w u 81 V H + e K Q x m Z F a T Y f f J K j V L h t f w B I L c R V T 0 2 + K 5 V p 1 e C m E 7 / v S G 0 / 78 c l z r a S I l U W L o Q Y G 6 Y 4 z E c Y A N d R m D C l n B x + 62 j k f 1 D l f 9 O X s h 7 m o 0 x 8 M Q B h j M j b D 5 w z F b n 8 n T k U 9 l N J h z 2 f N 0 e y 9 I Z 6700 R g l l z b f r 6 r 0 g c n 2 P d Y S 5 y w 91 B G o x k 6 I f s g 2 K p R G V O L K F C 8 l U I h h H X Y P 23 M U + 7 v H B 3 T J W 9 D y V E b S d a i n s r N 64 P b A E s k u a u N h a j z N X S b D Z e j u r O U u P K 3 G c c 73 H / 2 x A k l o p a j H z J s m 6
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4e7-3cfc-462a-8ac2-4153950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:51.000Z" ,
"modified" : "2016-03-11T15:31:51.000Z" ,
"pattern" : "[file:name = '87745g' AND file:hashes.SHA1 = '711987852d293efa9cdae6326ab543cd41e26561']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4e8-70c4-4cf3-a85d-4029950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:52.000Z" ,
"modified" : "2016-03-11T15:31:52.000Z" ,
"pattern" : "[file:name = '87745g' AND file:hashes.SHA256 = '002f8158966ab89ef6e0c33bc79708653002af90c5f7685154813b4856169b54']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4e8-cda4-43ff-b0d7-4202950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:52.000Z" ,
"modified" : "2016-03-11T15:31:52.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P p 7 a 0 i L s l 5 o Q s Y B A A D o B Q A g A B w A Y j d h Z D J h Y T J m Y W I 4 Y W E 4 O D l h Z D N i O G N i N z E 1 Z T U 0 N T Z V V A k A A + j k 4 l b o 5 O J W d X g L A A E E I Q A A A A Q h A A A A / H e v e E k s P N 2 J e H i R z n W F C F Z c E U 8 Z u k J k a C Q j 5 v n b k 9 a D w W 5 t h Z 6 / 7 N C n c l e a W R w q R 3 F Z 1 O 204 x 89 a f n X f w V O Y f y v 2 q U I v S c X a p J T 58 M 2 t I T 6 E c n L B 404 N T x N 1 c m D X F f L B g 5 q 55 / W R Y X n t r x 3 R U T L 9 J p d c y P A L W U w H + g M P Z r u / i F S U N g v q j a U i F 3 Y Z z X J K o G H 1 / 6 S o m g E 9 d p u 9 b R / 2 y G b n i F O W o D T 5 g S U Q J G k t n 6 a j A t O W m T o 8 a L 4 S g C 7 K E g X I E p r D X f s 49 a n I g 2 j g 7 N x p Z g U t h n 2 s V 1 X y M 1 o E 7 t N b o e u u v 0 j d A S C H y I f k 83 B L G U K z I p E 5 I C C F A V R 5 y u a 7 f 3 U 8 k D a e Z 4 t c d e k a 5 / 7 F V F c D N h U u t e q i / k C 5 + H + 4 z W j b 135 t d k R m i r l A X 0 q L s c n / t a r N T T 8 I w W V e m o h G L Q Q r A T B h 53 g 6 D l R O 4 a I 4 d Q W G C k G z + y x f 24 g u k w 9 l T k h 8 v M E z A A I X Z t R D T g 1 n F B g R 0 K E A Y u R / 2 P + P V 48 v p h k 7 w J W g X c t 4 l e d A v H V O 91 g H L 1 y T j A D b G N u M c R 79 b S Q J z V r k T 5 / 90 D w U 1 P 3 X 7 L 3 Y I h u l d f P z K l o I v v q c m B v + 9 C P w U 2 V R e d R e 8 a p 3 i d w + L g 0 L m T Z v A e Y G 5 O L b 5 A v I H 3 i B E Z K b H y Z O y 6 X g 6 X d a 6 R w A I w H q R D c 9 G d e C D R G b F f P p L p J b u Y 0 t 2 w g D C 5 M Z a C x 2 D Z 1 Q c O 3 W 0 j d i k y C 7 e U 40 v s g r l 2 W H p L X / 0 M T r 0 X N x l l g q d e C B W p D 8 N R 5 C x J m y i 1 a Q c w w Y R t e O g P V E 3 a i k 0 o U T u Y O l k 6 z Z r g K D p U 0 y Q j 2 w q 6 e s V F n 7 w x t z 4 C / H K v T N S C y j 9 R t 1 s d H n 4 P z a r F H p c g Q i T M r y O J 0 L g W b D M 6 P L R y u G 3 l p 99 I N 8 b P 6 F U l N q M h c y 2 j R l P / s I y 7 z 3 U 54 r h 9 m k n 64 e X Y o / A 3 S t w + c c b r W b p N N l 3 i a V x J t t E y r p Z 4 F T I I Y E N i R A D R m 66 z L o 6 M l c 9 S d c I t 88 D + M q O P 427 P P m 8 i O 95 J q s J z L 8642 + D t z U H p d j v P K 5 p P H 3 t k M o d x v 7 V T w + P 9 Y / m M N Z g k 88 K E r B t C J / u h x 8 y q + r e e k f O t v W I g S c n Q F X E v q R r l o C 5 N T / l I m f q 3 E G q L z Y G T j 3 z M j c Y + Z r s s n 8 t 553 z b q C 9 U / n F S m 0 / A / n X B e o T 0 c P 6 f M / w e e y N X p h r 9 r I 4 / X D X H H l C r R X f s 0 V U y 0 8 q 1 p z Z 3886 R 3 c h D K 7 j s v C J S M R C z f h T 9 J Z 2 i J C 1 X H M t d 3 Z 92 y s S l Z n W d o M K S N f c 26 M Q x G c 2675 u F 9 n g s Q 14 Y P D G l U s t p i x o o b G I o L N v D d t w j 4 O u i 0 4 F l N 0 Y s Y L 2 c L V R F P r u z o P C 2 K i b 4 h 2 q o 6 U S Z K R A n d i L O H J 1 e k E u F W 7 V A w 5 i S r 8 o M + 5 h 0 K R Z F L S + 3 v / l d 857 F V p 7 T Z a J 0 A H w 6 t 1 n V m 6 O 7 G Q i D k g e R / P 9 q W + j Q J v X v 251 Q A 5 U V A W Q + u r I N R U j 6 w 5 j I F 5 u x q L P j 24 p w Z B x V T t f k K x Z V 2 C H L F J b H L J S 1 b F o x 8 T G C Z h v W 6 Q c l c c p d b t B P e f v b R D N 3 O z i / e u h V X r a j b j U Q v 7 D q m f a 30 e Y F z u q Q V t 23 v J 4 t T S P i x Q w S J P o 7 x E 1 z j / V J c T n Q T Z O S T / n Y g M Q 22 c 7 k J J r Z O L s M + X V m 6 I J v P 4 Q d O g v 8 C h L L 0 n F C 2 L 2 B j 39 O J 26 F s / s s i A L e Z G x E N + 30 n z i K 4 t v j o Y G 6 b D T E b f d Q h u N R J k 76 x G T 4 M u L 38 Y b 5 a h Y a e h 4 x T u e J x g t Q x a q Y i g b y 8 a 2 X j / t K d i C K i X V R j 3 T 3 E W E K h Y L y u r O 30 + F h A 0 j I f i x o W u 95 w j Y p Q H m 2 H 2 + 1 S 2 L j C m Y u m s e T 1 n a 9 J 7 k Z 7 D + Y R M n P j 626 e I R f 6 e V B a p 14 g 996 O 4 S 7 w t 1 F t n U 8 g D d f T K A 5 r W 99 I E d l 6 q X q Q g g B o 2 o v j Z L v o S 1 y G / P R 6E5 T L 8 j F / P R E 6 F m m o L 4 j p n 3 l 4 h F F s J r V L e l Q E / G h G J C Y N 1 a j J H 57 V X b p x v M u T M / w e X Y c P y + y d 8 V R 5 T m 5 B g o O d 8 y Y Y I + I v Q L D 6 k G 6 A p 8 p W 0 a M W j P v d l C p C / q 3 W + s A i o T / 0 w g D 1 K M r 1 l d R f H C y N 2 C f O d 0 A w Z 1 L k r 22 p 57 j K i C 6 v E w T s Y o D m e l a C H e p C y 2 b U R i 1 V 2 w V e 6 + h 3 e e V k D 2 D o y J n g B R u L I z r H K 1 / o Y 88 K s e W / u z o f 6 d A H T 1 T O R F Q s w E l f D i X z S b 8 u C J z o 1 M d b z j b B 4 A B g 8 v o B W 7 l Z a 9 p Y / v C B F M F Q c u C 22 P l M o Q U d T + o z A v 43 J v w u u Z H 2 l 7 r n J X D K f u S V D / X j 5 P o B M o G J G 5 s j f u x q a G i F P g q 3 / k J N O f l i z 2 K n 9 U / r X w Y 1 W v / P h o 35 V w 5 S w O U E M b 8181 Z M y A i S m 4 k g D g o r u P P / J T Z R B V W R W T U 0 A 7 C F U g C w v n r e G Y i 1 i O A t e 3 A k 6 w P t H 5 p U R x 1 q + b w + F h T J 6 S i i W L B 5 w b S U g D q / l I a 6 N / 9 K U l c r x T q C 3 m o L G 8 V 5 G z W 6 S B + o 8 Q / M k V y b i a Q F 1 p k w c s 67 R w k X x 1 u E y 4 D R Q c 1 B k i S 6 g p V q P 7 Q V b k o / z v t I n o O D J R u B V r l t y w H 3 r H E V s U L W f c R X y 3 Y s k 9 N b A 7 P 1 S X U R j v P R l b D o a 0 D f s c 0 1 g 0 O f 0 p V w S g O d w U t r i E a 3 r l R T u t V 6 I E q l + p c X T m t Y r s + 7 L W U V W Y j F A G D d 3 E y + s N S J t z T p W F O c B c x 9 x V 5 B j a V V 471 S 5 / X I W 62 w 0 9 M 4 C b f o 884 j g O Z q H e W L 9 S v K v b a U I E 2 J e / k 7 F 4 L Q U 7 t R d V K T B l C s i T z 1 k B e M S m h Y l j 41 O u P 0 S u e 4 D q r w d S s b y H 1 v p 0 y r r l y h z 4 c h 6 J 4 X 96 N H 6 Z 0 3 Z n 0 f 0 W J 6 S U A W R W P i 3 f Z X g 6 x G 2 u Y o s v a S T A L 6 + A N A j K x W 0 C 5 d O K s 2 G C s p G p / e A 5 Z k A r N 61 X 1 Z 0 e q u 5 o X T h n x 5 r b 61 E H 6 J w f y b a I b f M 7 v n Z f D k G N W H 8 w x c j y I C 5 x 0 c A I / B U 6 d z J y 8 m n t w m w t Y k l F c l r y m V I 67 V 0 h b n y n F e 7 Q g T C n y 6 + b w 2 n 87 r k v H N s r U f p x K H 6 n W N 8 I Q H o G L d i 4 P y W j v J h G B 7 U 8 J 4 P 3 K 2 n w D 0 V S U 8 Z u S 2 x g T u T S + S f 2 p W 5 L O T 5 l d 2 a t s D R A 7 i h e K G o C u U g W 23 d + g f b 8 l e / u 4 t c 4 g i 3 n a V 0 6 M 2 J x f 8 Y v x s 4 F p w W V G W b / L L 2 p 0 u b o 6 W d e B d p B k 7 V n A h 6 z q x e A r A U g r O s O j 7 g B V q L 0 C 8 X 4 Y 3 n 0 x K 1 D k 76 X u 0 y O 4 M L i V Y t 7 b N N C s J W V D Y 2 B 7 c T p A Z 7 w m W L F y h O G p D U R a v T 6 j f o g 6 o i k 0 9 T 2 V g P e + r i p o R T S Q c f F 0 e g 0 h t 3 W M C F n / v y m H 5 / J f V Y v 2 G z k 5 A Q J J i L 9 E r N n v r Y r l W s 2 q R e 72 v k Q a v N N q 6 U a b D t W a W P M b I M u 63 c a P k C x v s a j p 42 R 2 R y / w b z 0 h n x L P 1 a D + k G l q K j 6 b G L 3 T p a g i B c V M H l l D 5 D v j F X i 7 i 6 c 5 V U X L p t L Z F j + X B g E V P E k O u L Y Y P q B f I h d T n N F 2 V d J Q 0 n j w K A M B 0 t k 6 u 1 s F L z V F t C A 975 O t N E f F 4 / K S + B A 6 v p M c t 0 o X e H 1 R h l u A S K r v f l q 7 N Q N s M Y o b Y A d l k 7 s C I D 44 i 0 26 N 7e6 O q u 1 p U 4 q t s g R f R S p m T B S E 94 F t J R u a / h y O T j r a E A O 6 S g p w 5 O N V b y Z Y 71 c x u L 5 G e m 5 x 1 e y G 6 T t s M f f z 6 k W d K A l b 5 p r o O X u y w h b N 5 + a 79 D 3 B 738 + m k y 6 a B c 6e6 d k u l O o F h J I L Z H H u x h 0 Z 7 S 7 k L T j G F y d g M R d r H p I 0 k c 7 u Y Q r t b 9 B U 3 E x A D i I 0 41 S i 6 W M 5 j L Z k Q 0 b a T 2 n Q 3 j V A l X C R X Z b c y j e M L C W q K l W 0 k v p P e C t 5 E O K R r 831 N + g D Z d n z L k T B l b g n 1 Y 6 w w U Q 2 A B Q p l 1 x 4 x j z e U W l P + T A L d 6 a n Q 8 R E N d b D H k //SjaKFZozb0g662xOhD+4JH1+QQCRqUUj/olt9SZKROOi8tA7W0WZCnEu4yotcanNOMGWILBM0X1caTh2ul6bbnAOPhhcNcnwzSDKcM2H35ypuY2Te+a3Z5uxPS7Q1zj4oDYj4oeY2h+hjALNhpGmUrV9tDEsCY2S7ms/WxvvF5N6mecSosk19NqYQ
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4e9-8c68-4618-a45e-4be4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:53.000Z" ,
"modified" : "2016-03-11T15:31:53.000Z" ,
"pattern" : "[file:name = 'uy78hn654e.exe' AND file:hashes.SHA1 = 'e235dd9f5b45088c378ee35b3c19fc9b981f5c36']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4ea-d720-48ef-b2a2-4f6f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:54.000Z" ,
"modified" : "2016-03-11T15:31:54.000Z" ,
"pattern" : "[file:name = 'uy78hn654e.exe' AND file:hashes.SHA256 = 'a2b7ecf7285d8fb8331b543c2e521a942d3434450af828c2e3e89bb50a165830']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4eb-9d58-469b-abc6-4446950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:55.000Z" ,
"modified" : "2016-03-11T15:31:55.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P t 7 a 0 j j 9 A U Q 4 d I B A A D 0 B Q A g A B w A M T M x N z Q z M T d h O W F j Z D E w Z j I 0 N G E 2 Y j g 3 N D c 1 Y z Q 4 N j Z V V A k A A + r k 4 l b q 5 O J W d X g L A A E E I Q A A A A Q h A A A A m h V j v r l 2 o o l 7 L m Y w V T T e 9 a J t 4 h 2 T a 0 y t 9 e Z F + 6 B B 3 K 2 d P W 1 b o 2 L 7 p i K P x Q Y V e x q I d W W 90 q y G g w p r P t w p 5 Z Z O C A 7 c i V c / R x f p Q U 75 W 3 G 5 j K r Z 1 T 39 R l k 1 n p i x A G G Z p r Y o 6 Y V c p i 4 W 9 W 2 G W l I J n i F 93 m S c D A 400 p s U 8 P z o 5 W u E h z 4 G l l H k c y M r R l k 3 o w k P g f h d K N 4 W c x 9 S Y 4 M l p d l a 4 u I G X C J 8 I q r q R 30 T L t B M C z K W j + b k 6 + s U K p K C 756 D v e d R Z o w V j H z F O k j h x J P 1 c z A k w t S c C q U d m Y j j Y q 3 b b 1 T p m x M k a 8 X F Q a 3 C 9 z k E 9 K X i v B r T w j C e y a c s m b z o u d Q s T g I 49 X R k S o P 466 J 99 m L 5 g L Y 8 i X n l F h x Y z 1 g Z F Y m A K K f j y 0 V e 0 c k t g N e o 7 M 4 g S 3 H / M i I S o C v 4 r V u w o x D 6 g s S I t Y R L Z F n e 90 o T I Y Q B X g G B 5 B M L x 4 / Y O H i g I 74 g 3 z 7 F M A v M x R 8 i A H o / t l s M i 9 X q L N e h 4 + Y P / 2 c j o S B K 0 7 h p k d E v x j j z M p P 0 y L w 0 L S e I K w k R K Q l 4 G K j G + c O b P N w Q a 1 k p L n v I I w s 5 P Q + 3 a S V v X + e g l b u M 8 g w L 7 u P 4 N 5 L 6 H + m 83 z r C B g + u B h a r e J k D 0 I q 6 h u Z 6 b d v o g l D 73 r d 4 W 1 C M 4 h H T A Z j 7 r 5 h 85 c d A o o 51 p S N g 5 p Y D 9 b a x m / 0 Z I Y 4 m n T y n Y + R x z U H f h / Y L I i z 5 X Y / 41 h t P p p R C 332 h b K x J L u 1 + n 6 v r d 93 I l 8 b S D B v i E p 45 w w d / d u h X m o r q r J 2 X l u x 0 o h 2 h 4 j c 7 O T m A p 7 q z o E y Z D L i z u y 7 e o 0 v v k K a M s n Y o Z w I q m U a O f g S C 8 i I C 0 7 R M f A w m 6 q k J O D k H 62 s / H R l W 4 g F k d + o S D G x E B b Q L w n Q T F T 0 4 T u z l X 7 V w Q z k N 7 Q m N F y s e Z 9 r R V / G N e A 8 H s e 6 C y z n p E N / i Q B I E W a Q v 3 / b z b 0 a i a 2 u I q c R r x 91 b h l L n p h z g 5 N j A 5 c a q r a z b M L s S T b C / l i D Z C s b 6 j W W y p p c L l T l 13 p n F o / L F N J C f i s z 0 W i 1 / b L t v l h n k g H 0 R H 7 / 4 R G 52 V H t y R + f z w O 4 g m 4 P 1 d d a L 4 D c s j v R L L 9 S R 1 d t f 1 N b v M 4 B j B B u l L T 6 H P m A S M n g J c N S Z R A c w K x l H U H v / T P s C B 1E3 w Y K w k C W X U O K X b j Q 7 V j v o t F p L X x i + U m p i 9 H R k F N F B D G g h Q P s X g i j q b n R S 8 L P h z 6 u a m S 98 g Y C c i r i 0 k F i S 8 a 9 x v E Z p J s L O 9 L e A J m 6 Q B D 9 V r j I M x V V l Z U D / K 1 X j j h E y J E 1 j U K f 1 n d J 9 j F K q R G 8 A Z p 4 Q C d S I o d W F y E r T 1 p J 6 o V W 0 0 O r 8 r 7 B / X Z W t C T b 5 o / a r x s 58 X C g i z M 8 E O U O I o Q 4 f y J p 5 W j z e / I 8 Y e x F + Y 2 G v e f p V i S s o / D 7E1 Q w u 4 + h 4361 d l J y L i 1 i c 1 N z f m K T 6 o + t v a v U r p F A h p P q J Z q 0 f n Z 720 w Q 54 Y z n 7 G T J u l j a r I o d 1 L r P N Y Y 23 H / 5 e E 2 C W q R r J n q z 5 x + Q y z Q E z q 30 B t T o S q s s v X 3 w o O o 0 N E R l a 9 J K Y s B h 6 I n 9 N A q 8 z W z S c W W M 5 N p T 8 Z r L M t A b 8 C 28 j W m l i S / 4 n j 4 t 4 z t R c l L n 1 l E U Q l I F A h Z M h e N P V N A E f y B y K G t 6 I L u w N w / Q M R t p X S / l t 8 U C p + v z Q S F C 5 F u 2 O b d 0 X H W j y V I l X n h J D f H s E W 9 D W v a 82 Q 6 x 7 p W P m G l p S O D R y Y h H Q y K U I 1 v C v s S l X I b A G m P M 3 D Z 7 X M 1 m k a a Q v q m e n D s y w D x I R 7 Q H b a a 0 0 W H d P n m H E 0 u 0 u o v B H Y 1 z z c f 77 y t A / y R e q 8 y 84 i C w b d 6 p C V Y O k m p 9 Q h M Q b c 6 Y f Q P a k t u 6 M N l L I 5 t d q x 3 Z 7 W I U E k M C p s S T g p x 8 z b 0 + q L W S k s F M C U o K t A c Z l f C F g T 1 t F K W t P K 0 p Y F Q G x N 7 z A j 6 F Z i G A d C 4 u l g B P + Y Y x R f q 9 T Y 4 j 37 R r 3 q Y w u s p W G k l L N 64 s n F C u 9 R 2 G S i h r v G T 0 U K I G 2 Q R E 1 z v 5 F f V 4 L G q c I 7 h n 24 M 1 R T + U M 0 0 L T 5 l B v + u v 9 L Y m D b r V b + 1 / o N 6 r 882 X i k m p w n i 7 w Q + X 2 z 0 u 0 p X G r A J 4 C T j D 9 L + 8 X e 4 / R w a M 290 A e j V K D 7 r b J f 6 I M a f 6 A a s + h e U r S 15 Y O H T S B k a Y H W 0 1 G E e 4 Z i C l 6 Q t A F o o T b s v W Z N s o O H 3 h R p U C 2 Z l T K r r F F K w v h 12 J x P 5 r S W B h k J 3 Q N s 6 b p b + l i 3 R Q E 3 y 6 u p I n A t S T g v U j o g m G / q 6 M F O W e u h A r e P G V 2 / x 1 f X n x N l O b E K 6 t F r T o M o H 9 m a N x B q w x o w A M + i 5 l c 9 c R l U r I v a O q l Y N R S c a c c 0 / C V S u D Y w / D B g k z Q L w O s r J l b h a N Z W T q K t P W Q R B A K R + w V u / N / X 7 P 8 g J F + D p l 82 t R Y L G Q i I g O R h V e 9 O w E l h D Z L m i x o + y Q J N d Z e 2 v L K v L M B O e C e K I A 1 I 6 t P Y n 657 R 58 T D L c q Z T i b m J W K V T 2 D r t r 88 g 3 B l Q w w T p n g a 6 r s 6 H z Y k N e I 8 e h D 8 d 7 g n C 5 k J H u a b q u z v 2 X 4 h I s 3 o z r m Y B 0 9 V H N H P j y F 1 u A W N e i N / k k J w X V G I 3 A 9 n 3 X 6 v k M n l 2 m K V m 6 W 8 U r o T c E r H m W k r 0 A N D U f d W / D J 68 o f i q W q + O k 3 w F 3 p z Q l G L Z 7 T r Q n T p 5 q t Y A M p Y y 0 V a R 8 F P 3 N h M J 8 W D 6E0 h k n N s L T F e Q l + E u T s o d d m d s R e C M V g 7 S z b o f p 4 r j a T t P F w S g Z i 30 l A t y m K k 9 x E 2 Z b e w T Q v T X T E b s X H r V i J B Z 6 B F Y 1 v R 0 R r u h z E W q k v H I y N 2 j h o V 0 X F 2 E Q H z A 98 u C F L Y z 3 g E S I z x c B g I N D w / i y v K y + Y r M 1 p S T e T m A p v 2 i 4 e o K k K Y x s A x 6 V O l + 5 X P n t 5 c T p 9 d X h h x / a e c / F t B f s G a W B + u C t + P J 65 g F I E F g U h n 0 a 5 T d 0 a b 6 G 9 H V m L B V k v + K v Q y 5 P g / 9 r j p Z v N Z t o 85 h y L a m R C B h S F e w j M x 8 Z M M a f Z E M f 8 d I p L E u E 5 h s N T 3 y + 3 m P 1 T K y j i J l T O N h m f g V z i N c e c v 7 C 9 q Y h r / N e e t 5 R N W 7 p W Z c W Y n Z G L q j 1 J o u 6 b y O a m a G + t i 0 G H J d c E v p P E V Y W U M l m 5 I 1 j a P X G J W Z w z d S l E p d F f e X 5 S o e C V 0 K j 9 x 35 I O k D L L 6 U u G d y q m K N B H z v i a C v V A w b s p 3 Y S l X p E 7 q l A 6 C n 3 a p Q 6 c B w b A 5 T X s A b 0 K 29 B a X l D 3 X R 60 i B P b X z H M C H u p t v r H Z M H t N V W / R A 0 T U Y x 1 l N 6 z j n T r 6 d e 0 m e f Q C 2 r c 9 P 7 k C D o c u Z I z v t C F b C e Y j m 7 k b x 2 N l X L 52 K J I F F T e E + + H e j 5 V + S p s k S u z t z C t d b c i + c y k T p k Y 9 F e y G / Q Q E 5 V M 0 c P 1 E y F t 8 u e q 8 U o N a y z s 6 s 60 v q u T k E r J C M h / a f X v B D 9 T m / g C N Y K Z X 9 Q y h g J X M 8 m j S 6 p E b l j 8 b o Y x y 0 O s + 8 K X 3 D p S + z G V f D Z 0 / d k 8 g Q U Q n o y S t s / y w p l d i u 3 s y A C o v e B 20 l n d s F E P D C Q b c j I r D / 8 F K 19 W a p j i q e d c x t e k A i O 0 o 1 m R U 1 Q z J w L q z Q l e Q A C d k E f 5 R f v f t 8 t 0 q n H e M c i A q m E x q 0 J d V R C f 4 U 1 w Q / 7 J H J G P o I n v M 2 f Q x j j O f 9 l 6 f 0 w i U f B a k K j S 9 Z K 9 E R X u N D v / 1 k a H w g C Z i Z o 9 d v y 0 5 u l b z T H V T I a s J m n w 15 T 76 l f 6 i A L W q X O x + x P u K C g W 0 A u W 7 X 8 I m 84 c s O 2 K B G 7 e a i s s 6 M n T a 7 T 91 k l E 4 E E b o l 7 H l m j 5 A N 66 x c Y Y g I l r R x 1 F 7 u d O A r i K q 6 m 0 n v k q o H a G O F t 0 j A E c / K K q p k F d 3 u V w H H c L U q I 5 h z R P B 4 S 4 w O b h 2 p 28 r 6 s 4 a g F G F P h L u s W T r C 2 E Y b S t B H r j x Y K 0 B 40 L T 5 V 9 z L b p e g 3 / R H K 2 c T K P T 28 W D p P H j G 7 k J r X V x w S / O 7 b o C f b 1 F a n O r T b 4 R Q p V u g l Y 8 b N R F x G E 3 V u c v K j 2 s 1 p w E 0 I V + t R A n E T k 4 W y H d 7 B K Y W 0 R f L q J F c k G i C i O x c y J q k 33 x S s H p g 0 N K D w r x u A N j Y 1 f d O d Y g x x i y o K w h d H t j N y L B o F N l t S y Y 0 f 3 s L f w R s K F Z F n n U u V I z T K i B / 7 z 6 O 4 b E 0 L s C u a R 8 w T 3 P g 4 + q / n I p z W P g 3 r d / O b F C r w 2e9 W e m h M 8 W f 6
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4eb-c684-47f4-b3b3-4e8d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:55.000Z" ,
"modified" : "2016-03-11T15:31:55.000Z" ,
"pattern" : "[file:name = 'uy78hn654e.exe.2' AND file:hashes.SHA1 = 'e25418fb175eeda2d30e8a8b981753bd8844f9b7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e4ec-7d24-4e5d-9a92-429b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:31:56.000Z" ,
"modified" : "2016-03-11T15:31:56.000Z" ,
"pattern" : "[file:name = 'uy78hn654e.exe.2' AND file:hashes.SHA256 = '7bcd80f4ba829652fcd4514585d00052ce8c8bdb48b3f7b651846de264bcba32']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:31:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2e6d5-0d80-4eeb-972a-4b00950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:40:05.000Z" ,
"modified" : "2016-03-11T15:40:05.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.234.33.149']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:40:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81a-90a8-4300-b1ca-4f9402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:30.000Z" ,
"modified" : "2016-03-11T15:45:30.000Z" ,
"first_observed" : "2016-03-11T15:45:30Z" ,
"last_observed" : "2016-03-11T15:45:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81a-90a8-4300-b1ca-4f9402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81a-90a8-4300-b1ca-4f9402de0b81" ,
"value" : "https://www.virustotal.com/file/7bcd80f4ba829652fcd4514585d00052ce8c8bdb48b3f7b651846de264bcba32/analysis/1457707283/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81b-aa00-4883-98ed-40b402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:31.000Z" ,
"modified" : "2016-03-11T15:45:31.000Z" ,
"first_observed" : "2016-03-11T15:45:31Z" ,
"last_observed" : "2016-03-11T15:45:31Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81b-aa00-4883-98ed-40b402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81b-aa00-4883-98ed-40b402de0b81" ,
"value" : "https://www.virustotal.com/file/a2b7ecf7285d8fb8331b543c2e521a942d3434450af828c2e3e89bb50a165830/analysis/1457710845/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81b-4200-4cdd-bc5f-4cc602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:31.000Z" ,
"modified" : "2016-03-11T15:45:31.000Z" ,
"first_observed" : "2016-03-11T15:45:31Z" ,
"last_observed" : "2016-03-11T15:45:31Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81b-4200-4cdd-bc5f-4cc602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81b-4200-4cdd-bc5f-4cc602de0b81" ,
"value" : "https://www.virustotal.com/file/002f8158966ab89ef6e0c33bc79708653002af90c5f7685154813b4856169b54/analysis/1457707240/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81b-2068-4856-b447-42ca02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:31.000Z" ,
"modified" : "2016-03-11T15:45:31.000Z" ,
"first_observed" : "2016-03-11T15:45:31Z" ,
"last_observed" : "2016-03-11T15:45:31Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81b-2068-4856-b447-42ca02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81b-2068-4856-b447-42ca02de0b81" ,
"value" : "https://www.virustotal.com/file/717ab1f2d9b2a06474b6f6dd297b253e9ae6bced85ca319574269b71a4bb2e90/analysis/1457710513/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81c-64c0-4eaf-914f-4fde02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:32.000Z" ,
"modified" : "2016-03-11T15:45:32.000Z" ,
"first_observed" : "2016-03-11T15:45:32Z" ,
"last_observed" : "2016-03-11T15:45:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81c-64c0-4eaf-914f-4fde02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81c-64c0-4eaf-914f-4fde02de0b81" ,
"value" : "https://www.virustotal.com/file/bee14206aa3e443af592a6946671d191f878f2cb7ca04013704b8fd4014a4c3a/analysis/1457706127/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81c-fbd8-4201-b674-408602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:32.000Z" ,
"modified" : "2016-03-11T15:45:32.000Z" ,
"first_observed" : "2016-03-11T15:45:32Z" ,
"last_observed" : "2016-03-11T15:45:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81c-fbd8-4201-b674-408602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81c-fbd8-4201-b674-408602de0b81" ,
"value" : "https://www.virustotal.com/file/d0228c8adbf53f5a3a846e86f36617598aab6804ac8cd73a1a0bca672e550fea/analysis/1457707234/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81c-ecf8-4462-a8d1-4cd502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:32.000Z" ,
"modified" : "2016-03-11T15:45:32.000Z" ,
"first_observed" : "2016-03-11T15:45:32Z" ,
"last_observed" : "2016-03-11T15:45:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81c-ecf8-4462-a8d1-4cd502de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81c-ecf8-4462-a8d1-4cd502de0b81" ,
"value" : "https://www.virustotal.com/file/c8747c602ae5b03174a9b5c77385438bae0d8d6704726e6fb7d1a5c4e767daf3/analysis/1457707231/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81c-dea8-4f73-bab3-402f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:32.000Z" ,
"modified" : "2016-03-11T15:45:32.000Z" ,
"first_observed" : "2016-03-11T15:45:32Z" ,
"last_observed" : "2016-03-11T15:45:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81c-dea8-4f73-bab3-402f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81c-dea8-4f73-bab3-402f02de0b81" ,
"value" : "https://www.virustotal.com/file/ade66be0355a4ea01f4a84241726f337a86be41da8b86348d04e68a99da74529/analysis/1457696058/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81d-2fc4-4455-b59c-47ec02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:33.000Z" ,
"modified" : "2016-03-11T15:45:33.000Z" ,
"first_observed" : "2016-03-11T15:45:33Z" ,
"last_observed" : "2016-03-11T15:45:33Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81d-2fc4-4455-b59c-47ec02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81d-2fc4-4455-b59c-47ec02de0b81" ,
"value" : "https://www.virustotal.com/file/a52738b57d91f92f70f7a24a65673182ed250de11c964383bf0c8095ff0a588a/analysis/1457700897/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81d-80a8-4b36-8ed0-426a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:33.000Z" ,
"modified" : "2016-03-11T15:45:33.000Z" ,
"first_observed" : "2016-03-11T15:45:33Z" ,
"last_observed" : "2016-03-11T15:45:33Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81d-80a8-4b36-8ed0-426a02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81d-80a8-4b36-8ed0-426a02de0b81" ,
"value" : "https://www.virustotal.com/file/11e8df42ed046221c90d81b93daeb46dd209abe35dee9048218f9f1ebd5275fd/analysis/1457708437/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81d-1500-465f-ad9c-480902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:33.000Z" ,
"modified" : "2016-03-11T15:45:33.000Z" ,
"first_observed" : "2016-03-11T15:45:33Z" ,
"last_observed" : "2016-03-11T15:45:33Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81d-1500-465f-ad9c-480902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81d-1500-465f-ad9c-480902de0b81" ,
"value" : "https://www.virustotal.com/file/abd224981a03fe7d254c7f0c4ac4411f0f23238a7c7d43fa22e650fdc09e6497/analysis/1457695022/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81e-acac-4460-9953-408702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:34.000Z" ,
"modified" : "2016-03-11T15:45:34.000Z" ,
"first_observed" : "2016-03-11T15:45:34Z" ,
"last_observed" : "2016-03-11T15:45:34Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81e-acac-4460-9953-408702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81e-acac-4460-9953-408702de0b81" ,
"value" : "https://www.virustotal.com/file/8df68a892f75722da88f2634551d8adec138b7d34a1a4ad2b992c180ef1f6307/analysis/1457696024/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81e-9090-4007-aa56-441802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:34.000Z" ,
"modified" : "2016-03-11T15:45:34.000Z" ,
"first_observed" : "2016-03-11T15:45:34Z" ,
"last_observed" : "2016-03-11T15:45:34Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81e-9090-4007-aa56-441802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81e-9090-4007-aa56-441802de0b81" ,
"value" : "https://www.virustotal.com/file/7ad984e6c4f170c82de77d8e0cb3026ddfb86e3d51f1d7168085ddb8ca2aac66/analysis/1457706097/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81e-c780-43b2-b23b-4f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:34.000Z" ,
"modified" : "2016-03-11T15:45:34.000Z" ,
"first_observed" : "2016-03-11T15:45:34Z" ,
"last_observed" : "2016-03-11T15:45:34Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81e-c780-43b2-b23b-4f4002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81e-c780-43b2-b23b-4f4002de0b81" ,
"value" : "https://www.virustotal.com/file/182a7d2e2744d6fee97a4aedba1bafbf1df9676f8d00af4841e89c665f933116/analysis/1457701072/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81f-73f8-46f7-a777-422602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:35.000Z" ,
"modified" : "2016-03-11T15:45:35.000Z" ,
"first_observed" : "2016-03-11T15:45:35Z" ,
"last_observed" : "2016-03-11T15:45:35Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81f-73f8-46f7-a777-422602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81f-73f8-46f7-a777-422602de0b81" ,
"value" : "https://www.virustotal.com/file/1a9d0655e2a4509fa89cbc842d5e0a8b472c2cf966cb619e36272fe12ea00546/analysis/1457707045/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81f-6094-404e-84ab-411702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:35.000Z" ,
"modified" : "2016-03-11T15:45:35.000Z" ,
"first_observed" : "2016-03-11T15:45:35Z" ,
"last_observed" : "2016-03-11T15:45:35Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81f-6094-404e-84ab-411702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81f-6094-404e-84ab-411702de0b81" ,
"value" : "https://www.virustotal.com/file/3204df9176fc0cf9e2b0a255076b125c69841673b96e2d9deab63c203b6e2977/analysis/1457708626/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81f-3584-4a61-be41-469a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:35.000Z" ,
"modified" : "2016-03-11T15:45:35.000Z" ,
"first_observed" : "2016-03-11T15:45:35Z" ,
"last_observed" : "2016-03-11T15:45:35Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81f-3584-4a61-be41-469a02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81f-3584-4a61-be41-469a02de0b81" ,
"value" : "https://www.virustotal.com/file/873fb560250755555e2530a4c9a58553b1aea9d52fc4282e5547edc20fbededa/analysis/1457706186/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e81f-7d6c-45fb-9b37-472902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:35.000Z" ,
"modified" : "2016-03-11T15:45:35.000Z" ,
"first_observed" : "2016-03-11T15:45:35Z" ,
"last_observed" : "2016-03-11T15:45:35Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e81f-7d6c-45fb-9b37-472902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e81f-7d6c-45fb-9b37-472902de0b81" ,
"value" : "https://www.virustotal.com/file/b92aa998fe6fe5667bd5418ee1f7773bc4d9634d9fcff440ab78e66d6c58d036/analysis/1457705390/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e820-1ba8-4942-a756-4be502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:36.000Z" ,
"modified" : "2016-03-11T15:45:36.000Z" ,
"first_observed" : "2016-03-11T15:45:36Z" ,
"last_observed" : "2016-03-11T15:45:36Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e820-1ba8-4942-a756-4be502de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e820-1ba8-4942-a756-4be502de0b81" ,
"value" : "https://www.virustotal.com/file/1510b2e001378f1a1a7ed5582a35f89269d6d32bf8e23f13a06f3f9f131fc4a3/analysis/1457709939/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e820-da2c-468b-b1bd-410902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:36.000Z" ,
"modified" : "2016-03-11T15:45:36.000Z" ,
"first_observed" : "2016-03-11T15:45:36Z" ,
"last_observed" : "2016-03-11T15:45:36Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e820-da2c-468b-b1bd-410902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e820-da2c-468b-b1bd-410902de0b81" ,
"value" : "https://www.virustotal.com/file/a2e54950817f09e61a655f90e16a20781e138a926bf7e0557a62741840b07317/analysis/1457703268/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e820-09f0-4552-b12a-440902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:36.000Z" ,
"modified" : "2016-03-11T15:45:36.000Z" ,
"first_observed" : "2016-03-11T15:45:36Z" ,
"last_observed" : "2016-03-11T15:45:36Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e820-09f0-4552-b12a-440902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e820-09f0-4552-b12a-440902de0b81" ,
"value" : "https://www.virustotal.com/file/c33babaf1e100437a8eac1dc30be2176f3ff775ef195b7f8a16577725b6574a0/analysis/1457709938/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e821-9d78-4838-b5e6-408f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:37.000Z" ,
"modified" : "2016-03-11T15:45:37.000Z" ,
"first_observed" : "2016-03-11T15:45:37Z" ,
"last_observed" : "2016-03-11T15:45:37Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e821-9d78-4838-b5e6-408f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e821-9d78-4838-b5e6-408f02de0b81" ,
"value" : "https://www.virustotal.com/file/0a884c6fbe5314727a24b65eb1196a8d59ceae4b57ca237f4c5c974673545696/analysis/1457709938/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e821-095c-4a0b-b4ef-4f5a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:37.000Z" ,
"modified" : "2016-03-11T15:45:37.000Z" ,
"first_observed" : "2016-03-11T15:45:37Z" ,
"last_observed" : "2016-03-11T15:45:37Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e821-095c-4a0b-b4ef-4f5a02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e821-095c-4a0b-b4ef-4f5a02de0b81" ,
"value" : "https://www.virustotal.com/file/f365ae19431e7accfcd0d9977fb52cc288fc5f4b39c63f483105c8d5ee3cbea0/analysis/1457709938/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e2e821-9934-4c65-89a8-470802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:45:37.000Z" ,
"modified" : "2016-03-11T15:45:37.000Z" ,
"first_observed" : "2016-03-11T15:45:37Z" ,
"last_observed" : "2016-03-11T15:45:37Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e2e821-9934-4c65-89a8-470802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e2e821-9934-4c65-89a8-470802de0b81" ,
"value" : "https://www.virustotal.com/file/3f789e86a91efa6409a60728a05dedf950443f5a75d2cb658f84ca4db0ba9a4a/analysis/1457704747/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2eb45-a1e4-44ed-81e4-40c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:59:01.000Z" ,
"modified" : "2016-03-11T15:59:01.000Z" ,
"description" : "Automatically added (via 08h867g5|7f55862138081352125e9b60a27a06c3b39d8523)" ,
"pattern" : "[file:name = '08h867g5' AND file:hashes.MD5 = '30c8f7bfab3fdcddb7865bae48ce08e1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:59:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2eb48-5f18-4a0a-b81c-6599950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:59:04.000Z" ,
"modified" : "2016-03-11T15:59:04.000Z" ,
"description" : "Automatically added (via 32tguynjk|2acd98f82297e0aba7c9cbd79554ca0dc84ebc73)" ,
"pattern" : "[file:name = '32tguynjk' AND file:hashes.MD5 = '5618525d0aaf0ee471a3be5842617206']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:59:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2eb49-9c00-4b81-811e-4f32950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:59:05.000Z" ,
"modified" : "2016-03-11T15:59:05.000Z" ,
"description" : "Automatically added (via 80.exe|d597de857c14af220249c2681d9e38a46ab719fa)" ,
"pattern" : "[file:name = '80.exe' AND file:hashes.MD5 = '63ce4ebbe5198f572e84f45ea4c12b07']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:59:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e2eb4b-3ee0-4eaa-9e3f-410c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-11T15:59:07.000Z" ,
"modified" : "2016-03-11T15:59:07.000Z" ,
"description" : "Automatically added (via uy78hn654e.exe|e235dd9f5b45088c378ee35b3c19fc9b981f5c36)" ,
"pattern" : "[file:name = 'uy78hn654e.exe' AND file:hashes.MD5 = 'b7ad2aa2fab8aa889ad3b8cb715e5456']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-11T15:59:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
