adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5721c2e4-05ec-4af3-9264-411b950d210f.json

3872 lines
1.8 MiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5721c2e4-05ec-4af3-9264-411b950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:18.000Z",
"modified": "2016-04-28T08:18:18.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5721c2e4-05ec-4af3-9264-411b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:18.000Z",
"modified": "2016-04-28T08:18:18.000Z",
"name": "Malspam (2016-04-28) - Locky (#2)",
"published": "2016-04-28T08:46:07Z",
"object_refs": [
"indicator--5721c305-ef54-4c9b-abe0-4a2d950d210f",
"indicator--5721c305-53d0-4f12-b6f6-41a2950d210f",
"indicator--5721c306-28c8-4fa0-98c1-4569950d210f",
"indicator--5721c306-e7fc-45ce-abe9-4a17950d210f",
"indicator--5721c306-ea04-4c37-90d4-4806950d210f",
"indicator--5721c307-5188-4549-a3a6-409d950d210f",
"indicator--5721c307-27c4-450c-917d-4ad2950d210f",
"indicator--5721c308-27f4-47e0-8746-4ecc950d210f",
"indicator--5721c308-8ef4-4997-aa37-4eb9950d210f",
"indicator--5721c308-df50-4c7a-be08-420c950d210f",
"indicator--5721c308-e170-47fd-966f-4dea950d210f",
"indicator--5721c308-faa8-47e0-b36b-4063950d210f",
"indicator--5721c308-d8d0-4572-a444-4b11950d210f",
"indicator--5721c308-33a0-45ee-ac90-4f9d950d210f",
"indicator--5721c309-ac5c-449e-804f-4aef950d210f",
"indicator--5721c309-b5f8-4b5c-b942-466d950d210f",
"indicator--5721c309-49a8-498c-a4b3-49f2950d210f",
"indicator--5721c309-386c-4ba0-b9fd-4d7a950d210f",
"indicator--5721c309-03a4-4bca-853c-46dd950d210f",
"indicator--5721c309-0df8-452c-a169-492f950d210f",
"indicator--5721c309-65a4-487c-96ed-4624950d210f",
"indicator--5721c30a-a2e4-48d5-a393-4da0950d210f",
"indicator--5721c30a-8e9c-4e0d-b61c-48a7950d210f",
"indicator--5721c30a-18dc-4e27-bbf4-4767950d210f",
"indicator--5721c30a-ec0c-428d-b5df-48fd950d210f",
"indicator--5721c30a-b008-401b-8bd3-4e9f950d210f",
"indicator--5721c30a-324c-43d6-9062-4a00950d210f",
"indicator--5721c30b-4d54-4108-99f6-4e0e950d210f",
"indicator--5721c30b-14a8-4d09-9a6a-43f4950d210f",
"indicator--5721c30b-a2d0-460e-a512-4909950d210f",
"indicator--5721c30b-26e0-4f2f-b5eb-481f950d210f",
"indicator--5721c30b-4278-4c37-9ceb-40ac950d210f",
"indicator--5721c30c-b1bc-4337-a175-4e5a950d210f",
"indicator--5721c30c-4600-4e56-b73e-4f21950d210f",
"indicator--5721c408-e6b8-4b3f-91e5-47f2950d210f",
"indicator--5721c409-1860-4972-ab6b-4ec9950d210f",
"indicator--5721c409-9b04-4cf3-8d33-42a4950d210f",
"indicator--5721c409-ffb4-472d-ba0d-4d7c950d210f",
"indicator--5721c409-c2f8-4957-a147-4e6f950d210f",
"indicator--5721c40a-6368-463a-8666-44e4950d210f",
"indicator--5721c40a-7bdc-4364-ba8a-4200950d210f",
"indicator--5721c40a-0fb0-49af-8a99-4dae950d210f",
"indicator--5721c40b-0be0-4aa2-8056-4d76950d210f",
"indicator--5721c40b-f150-4ebf-8298-4eef950d210f",
"indicator--5721c40b-d258-449b-bf6b-420c950d210f",
"indicator--5721c40c-f5ac-4408-9a34-4a56950d210f",
"indicator--5721c40c-929c-4ddf-8856-40ec950d210f",
"indicator--5721c40c-f8d0-4572-8eae-4e12950d210f",
"indicator--5721c40d-0340-4b30-97ae-448e950d210f",
"indicator--5721c40d-538c-4d6b-b635-458a950d210f",
"indicator--5721c40d-7698-438a-9940-4402950d210f",
"indicator--5721c40e-95c0-4943-a7c1-472f950d210f",
"indicator--5721c40f-91f8-4c1f-96bf-427e950d210f",
"indicator--5721c40f-54cc-47b7-b05b-499e950d210f",
"indicator--5721c410-f12c-40d4-a160-4aad950d210f",
"indicator--5721c410-0e24-415d-92bd-4150950d210f",
"indicator--5721c411-07c4-4f3a-9663-4695950d210f",
"indicator--5721c411-b4cc-47fd-a55b-406c950d210f",
"indicator--5721c411-eb9c-4ed8-8212-4253950d210f",
"indicator--5721c412-93a4-4669-a2b6-46b6950d210f",
"indicator--5721c412-9518-4e2c-ad9c-4f58950d210f",
"indicator--5721c413-e448-4d7d-8a0a-4a81950d210f",
"indicator--5721c413-4598-4adc-8d74-4d86950d210f",
"indicator--5721c413-b418-4100-b30b-4f55950d210f",
"indicator--5721c414-c91c-4e1a-9f76-4d2b950d210f",
"indicator--5721c414-7ce8-4380-a01f-4668950d210f",
"indicator--5721c414-4b5c-483c-94ca-4a86950d210f",
"indicator--5721c486-3620-4aee-8380-42a7950d210f",
"indicator--5721c487-8234-40f0-aeeb-4232950d210f",
"indicator--5721c487-8454-4927-8dbd-4b6e950d210f",
"indicator--5721c488-4b20-4fa8-86d1-4458950d210f",
"indicator--5721c489-fc4c-47a0-b5af-41d6950d210f",
"indicator--5721c489-1384-4c99-9ea9-4b5a950d210f",
"indicator--5721c48a-720c-4292-a551-4f03950d210f",
"indicator--5721c48b-3f50-45fc-8994-4151950d210f",
"indicator--5721c48c-72cc-482e-8019-4307950d210f",
"indicator--5721c48c-3af8-4809-8919-4e19950d210f",
"indicator--5721c48d-a560-491b-a7b0-4c5e950d210f",
"indicator--5721c48e-b0d4-4a38-b4ba-4471950d210f",
"indicator--5721c48e-353c-47a1-be4c-4240950d210f",
"indicator--5721c48f-2da4-4863-bcce-4e05950d210f",
"indicator--5721c490-f894-4575-8bbe-4744950d210f",
"indicator--5721c490-5f90-43c1-adf8-48c0950d210f",
"indicator--5721c491-2ed4-4f57-a257-4f34950d210f",
"indicator--5721c492-3cf8-49b7-9dcc-443e950d210f",
"indicator--5721c492-0368-4bf1-9803-4341950d210f",
"indicator--5721c493-8d68-4cf5-acc3-42da950d210f",
"indicator--5721c494-c590-4bc6-95b4-4449950d210f",
"indicator--5721c495-9e4c-432b-8b11-4885950d210f",
"indicator--5721c496-df88-4a5e-9966-4b6b950d210f",
"indicator--5721c497-dfe8-4223-9cdc-4908950d210f",
"indicator--5721c497-05a4-4230-8156-49b6950d210f",
"indicator--5721c498-5da4-4010-8433-443c950d210f",
"indicator--5721c499-de0c-416f-8d94-4d43950d210f",
"indicator--5721c49a-9298-4d4e-9e45-4d9e950d210f",
"indicator--5721c49a-4878-40cc-94ef-4747950d210f",
"indicator--5721c49b-8da8-40dc-bc18-4eb5950d210f",
"indicator--5721c49c-3f8c-4ac5-8aa7-4448950d210f",
"indicator--5721c49c-55b8-487c-a4b2-4bdd950d210f",
"indicator--5721c49d-f2e8-4720-9cce-4b8c950d210f",
"indicator--5721c49e-eba4-41c8-93c6-4206950d210f",
"indicator--5721c49e-82f8-4318-94be-4007950d210f",
"indicator--5721c49f-b1a4-4b7c-9cd7-44e4950d210f",
"indicator--5721c4a0-ae78-4da8-8396-4d6b950d210f",
"indicator--5721c4a0-91c0-4fc1-aee0-4794950d210f",
"indicator--5721c4a1-c148-426f-aa6e-4ecd950d210f",
"indicator--5721c4a2-9aa8-43bd-ae5d-4e08950d210f",
"indicator--5721c4a2-939c-49d6-af4b-44d8950d210f",
"indicator--5721c4a3-38d0-4a69-bf1b-4502950d210f",
"indicator--5721c4a4-f5bc-4a84-a659-424c950d210f",
"indicator--5721c4a5-41f4-4601-8356-4663950d210f",
"indicator--5721c4a5-4dec-41c4-b9a2-4c8d950d210f",
"indicator--5721c4a6-c920-4653-bd1f-4da6950d210f",
"indicator--5721c4a7-ef98-43f5-a79e-49b1950d210f",
"indicator--5721c4a8-1000-4899-bea9-46a7950d210f",
"indicator--5721c6c2-e590-4fc5-84b5-41fb950d210f",
"indicator--5721c6c3-2624-4851-a69a-4e9e950d210f",
"indicator--5721c6c3-5a84-495a-881e-4b33950d210f",
"indicator--5721c6c4-203c-41fc-868f-4021950d210f",
"indicator--5721c6c4-58c4-4891-b119-4c0e950d210f",
"indicator--5721c6c5-54dc-475d-a4ec-4e2e950d210f",
"indicator--5721c6c5-9d38-4180-8733-4548950d210f",
"indicator--5721c6c5-4918-4468-a203-4139950d210f",
"indicator--5721c6da-d7f0-4f0d-a735-410e950d210f",
"indicator--5721c6da-e608-4799-a3b3-42a9950d210f",
"indicator--5721c6f7-d6cc-4712-8e7f-4342950d210f",
"indicator--5721c6f8-b268-4254-b174-443a950d210f",
"observed-data--5721c74a-6184-42a0-b3d0-4cc102de0b81",
"url--5721c74a-6184-42a0-b3d0-4cc102de0b81",
"observed-data--5721c74b-29a8-4779-ac78-466702de0b81",
"url--5721c74b-29a8-4779-ac78-466702de0b81",
"observed-data--5721c74b-f360-4eb0-a94a-4b3502de0b81",
"url--5721c74b-f360-4eb0-a94a-4b3502de0b81",
"observed-data--5721c74b-f9a4-4ce4-9f00-488202de0b81",
"url--5721c74b-f9a4-4ce4-9f00-488202de0b81",
"observed-data--5721c74c-3404-425e-a482-475d02de0b81",
"url--5721c74c-3404-425e-a482-475d02de0b81",
"observed-data--5721c74c-0464-4674-88b8-4d2702de0b81",
"url--5721c74c-0464-4674-88b8-4d2702de0b81",
"observed-data--5721c74c-1a44-4614-a824-42e202de0b81",
"url--5721c74c-1a44-4614-a824-42e202de0b81",
"observed-data--5721c74d-f290-4456-8206-4fdf02de0b81",
"url--5721c74d-f290-4456-8206-4fdf02de0b81",
"observed-data--5721c74d-ca5c-4dd6-b1e1-43d902de0b81",
"url--5721c74d-ca5c-4dd6-b1e1-43d902de0b81",
"observed-data--5721c74d-f0cc-4690-ad44-49b302de0b81",
"url--5721c74d-f0cc-4690-ad44-49b302de0b81",
"observed-data--5721c74d-2324-41f6-912b-434402de0b81",
"url--5721c74d-2324-41f6-912b-434402de0b81",
"observed-data--5721c74e-8db4-41c0-8ed4-439c02de0b81",
"url--5721c74e-8db4-41c0-8ed4-439c02de0b81",
"observed-data--5721c74e-7f24-43ec-a8e2-44b702de0b81",
"url--5721c74e-7f24-43ec-a8e2-44b702de0b81",
"observed-data--5721c74e-dc34-477e-a591-456902de0b81",
"url--5721c74e-dc34-477e-a591-456902de0b81",
"observed-data--5721c74f-a7b4-403c-9757-48c302de0b81",
"url--5721c74f-a7b4-403c-9757-48c302de0b81",
"observed-data--5721c74f-329c-4809-8cb2-4e8602de0b81",
"url--5721c74f-329c-4809-8cb2-4e8602de0b81",
"observed-data--5721c74f-87cc-4595-8c85-47d502de0b81",
"url--5721c74f-87cc-4595-8c85-47d502de0b81",
"observed-data--5721c750-48ec-4a85-b73d-46e602de0b81",
"url--5721c750-48ec-4a85-b73d-46e602de0b81",
"observed-data--5721c750-fca0-4523-816c-4d5002de0b81",
"url--5721c750-fca0-4523-816c-4d5002de0b81",
"observed-data--5721c750-94a0-4bd1-9ffc-41bf02de0b81",
"url--5721c750-94a0-4bd1-9ffc-41bf02de0b81",
"observed-data--5721c751-03c0-45c0-a412-48cc02de0b81",
"url--5721c751-03c0-45c0-a412-48cc02de0b81",
"observed-data--5721c751-856c-435b-8ebe-4df402de0b81",
"url--5721c751-856c-435b-8ebe-4df402de0b81",
"observed-data--5721c752-9bd4-47dc-b4a5-4e3c02de0b81",
"url--5721c752-9bd4-47dc-b4a5-4e3c02de0b81",
"observed-data--5721c752-7ee8-4ee4-954f-413302de0b81",
"url--5721c752-7ee8-4ee4-954f-413302de0b81",
"observed-data--5721c752-e8a4-4156-8b06-4c1402de0b81",
"url--5721c752-e8a4-4156-8b06-4c1402de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\"",
"malware_classification:malware-category=\"Ransomware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c305-ef54-4c9b-abe0-4a2d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:05.000Z",
"modified": "2016-04-28T08:00:05.000Z",
"description": "download location",
"pattern": "[url:value = 'http://be-stlines-tore.com/tr35esf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c305-53d0-4f12-b6f6-41a2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:05.000Z",
"modified": "2016-04-28T08:00:05.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'be-stlines-tore.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c306-28c8-4fa0-98c1-4569950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:06.000Z",
"modified": "2016-04-28T08:00:06.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.6.80.163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c306-e7fc-45ce-abe9-4a17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:06.000Z",
"modified": "2016-04-28T08:00:06.000Z",
"description": "download location",
"pattern": "[url:value = 'http://brutal-escort.ru/tyue7udf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c306-ea04-4c37-90d4-4806950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:06.000Z",
"modified": "2016-04-28T08:00:06.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'brutal-escort.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c307-5188-4549-a3a6-409d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:07.000Z",
"modified": "2016-04-28T08:00:07.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.177.165.31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c307-27c4-450c-917d-4ad2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:07.000Z",
"modified": "2016-04-28T08:00:07.000Z",
"description": "download location",
"pattern": "[url:value = 'http://commonplaces.davidson.edu/y6yaod']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c308-27f4-47e0-8746-4ecc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:08.000Z",
"modified": "2016-04-28T08:00:08.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'commonplaces.davidson.edu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c308-8ef4-4997-aa37-4eb9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:08.000Z",
"modified": "2016-04-28T08:00:08.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'domains.davidson.edu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c308-df50-4c7a-be08-420c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:08.000Z",
"modified": "2016-04-28T08:00:08.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.221.178.138']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c308-e170-47fd-966f-4dea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:08.000Z",
"modified": "2016-04-28T08:00:08.000Z",
"description": "download location",
"pattern": "[url:value = 'http://florsan.net/bch3hs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c308-faa8-47e0-b36b-4063950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:08.000Z",
"modified": "2016-04-28T08:00:08.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'florsan.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c308-d8d0-4572-a444-4b11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:08.000Z",
"modified": "2016-04-28T08:00:08.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.44.163.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c308-33a0-45ee-ac90-4f9d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:08.000Z",
"modified": "2016-04-28T08:00:08.000Z",
"description": "download location",
"pattern": "[url:value = 'http://fundacjaireo.org.pl/hjs6sjd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c309-ac5c-449e-804f-4aef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:09.000Z",
"modified": "2016-04-28T08:00:09.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'fundacjaireo.org.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c309-b5f8-4b5c-b942-466d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:09.000Z",
"modified": "2016-04-28T08:00:09.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.161.167.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c309-49a8-498c-a4b3-49f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:09.000Z",
"modified": "2016-04-28T08:00:09.000Z",
"description": "download location",
"pattern": "[url:value = 'http://h-zd.ru/d6twg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c309-386c-4ba0-b9fd-4d7a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:09.000Z",
"modified": "2016-04-28T08:00:09.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'h-zd.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c309-03a4-4bca-853c-46dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:09.000Z",
"modified": "2016-04-28T08:00:09.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.177.165.93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c309-0df8-452c-a169-492f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:09.000Z",
"modified": "2016-04-28T08:00:09.000Z",
"description": "download location",
"pattern": "[url:value = 'http://ivanmayor.es/q6hsdl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c309-65a4-487c-96ed-4624950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:09.000Z",
"modified": "2016-04-28T08:00:09.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'ivanmayor.es']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c30a-a2e4-48d5-a393-4da0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:10.000Z",
"modified": "2016-04-28T08:00:10.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.109.170.198']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c30a-8e9c-4e0d-b61c-48a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:10.000Z",
"modified": "2016-04-28T08:00:10.000Z",
"description": "download location",
"pattern": "[url:value = 'http://powersom.com.br/n6sha']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c30a-18dc-4e27-bbf4-4767950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:10.000Z",
"modified": "2016-04-28T08:00:10.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'powersom.com.br']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c30a-ec0c-428d-b5df-48fd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:10.000Z",
"modified": "2016-04-28T08:00:10.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '167.114.156.90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c30a-b008-401b-8bd3-4e9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:10.000Z",
"modified": "2016-04-28T08:00:10.000Z",
"description": "download location",
"pattern": "[url:value = 'http://smartmol.ru/a9idk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c30a-324c-43d6-9062-4a00950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:10.000Z",
"modified": "2016-04-28T08:00:10.000Z",
"description": "download location",
"pattern": "[domain-name:value = 'smartmol.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c30b-4d54-4108-99f6-4e0e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:11.000Z",
"modified": "2016-04-28T08:00:11.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.26.122.123']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c30b-14a8-4d09-9a6a-43f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:11.000Z",
"modified": "2016-04-28T08:00:11.000Z",
"description": "download location",
"pattern": "[url:value = 'http://xn----9sbmbsck6b1a4b0b.xn--p1ai/l9skda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c30b-a2d0-460e-a512-4909950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:11.000Z",
"modified": "2016-04-28T08:00:11.000Z",
"description": "download location",
"pattern": "[file:name = 'xn----9sbmbsck6b1a4b0b.xn--p1ai']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c30b-26e0-4f2f-b5eb-481f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:11.000Z",
"modified": "2016-04-28T08:00:11.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.221.130.19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c30b-4278-4c37-9ceb-40ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:11.000Z",
"modified": "2016-04-28T08:00:11.000Z",
"description": "download location",
"pattern": "[url:value = 'http://xn----ctbvdhakkrgv2h.xn--p1ai/a1jxlz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c30c-b1bc-4337-a175-4e5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:12.000Z",
"modified": "2016-04-28T08:00:12.000Z",
"description": "download location",
"pattern": "[file:name = 'xn----ctbvdhakkrgv2h.xn--p1ai']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c30c-4600-4e56-b73e-4f21950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:00:12.000Z",
"modified": "2016-04-28T08:00:12.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.53.112.82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:00:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c408-e6b8-4b3f-91e5-47f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:24.000Z",
"modified": "2016-04-28T08:04:24.000Z",
"description": "malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAIxAnEjqRIAPkdEBAAC6AgAgABwAZjM0ODg4ZTU0YmIzZjdhOTVmYzI2MmNlYzk0YWZlODRVVAkAAwjEIVcIxCFXdXgLAAEEIQAAAAQhAAAANJlZ5KxnqBx00ekPmY7+AG91We6XHliycNVdvVAF6lUlNp3POXhZjamHEXgJXRH32XFXX8JxyqOwjVFXI/BqMsLgaPneXwqNfBK19g35JIcTeKV+P9AsoCHkiIVyF0lzDql9Lvqvi4aAApU8r77Fqoa+gmdcqMyQaGM7dQDi4GmF1U/iyp86hG04m2eOS1XjVCoGw5xp6Tkgr8eS47Ppn9FjRMqSVb5Il47HerT680EZOe2ql3hnpRgVEirWEuN+R1U2DmfsyIiyAbqDC9ylUEDxSzAKdbOtLLE+oCJdPktanT3drMzKpXC+KJuYtUh3iP5LWuavd1Sq30AWbHnJSRIMJEipgxZZAjoPCXYpZFDs06QXYux/k8ege5Bx9Tuw4LZJZ/w64jt7gFyoIqR5ZWFpaQIp3JI+yMigil3jKCw9KcJtp6X38SD9ssNbTk6OSrxvD3SqICpQ4fLe5tHbchabeU8wmZKjEcP+/8HnmYAvr3LRmwKEYksPEfuarbjgAovpUGJEObCCt866qNRs6mOfZJoB34ktBVQnJwjr/4MJp5l92NG9drhWdUZw36JxPnOF3B1YnMkZLpuJe/OuRpYUoiPQzqajF+tkzA7mnjiNa5N6a4PaYXqB8HeXGyjSVHPksrdgjfARGY7zo0iMv9GvpXTOFlD3pg0z/X86ii5nIytSaqloTb3demVHNLg3NBmBQSUgaE2j1D2wvZGSt+ZuMC5GO2WJpp69XlkUoRH8VOLioJjw3LJFcWqdLvUjAjT7+aFnqqwiK1SRXSjmbvAAN9RCJpjVYpq/nr977szsdtky6Ru0p1E2v1PktGlQifv/OaXngdVppewI6ochdBQ78uubQCUS592JxfOGFZk1E/EmiZPArPjRJjln45D0XwzzYpSBGIK+th9N26hrEUjQGV3qiavKy8m/Sfd2Xlh5+0y4sq87jakDHVqOlJ7qMSfiioHe/8fJBDs1n2tn7dvwPbcnsp4uMWRJOQp8yhYYgtEZtvsj1C5QO7AXhPfOrSiUh0jyW8XauhkTsv2Qp2tR5l8EboDTYFZLwFQwjP3QmomEiFUEGX5Hp7tiV/hlMmoSmFd0ElAdYCb2V12GmbK5zJ9Tx+08ZPz7x1jZ3p/t9OPeOqAvCon3oSvyKJh0RzbQnXLhokXQ1RniKGz9+7mL1+Ul+sFJCxpPlDwqPNqR43+s03GqovnZjBzRQ68Bl0O2/53CCWgcoRZCZ+pKoLcdlOx+lv4D3uXzTFYVzg5fiIxWLQ8w9Co2OoTOj6SONLW6ploSZIOXHO5KQxU3Uk1lSsyouPzm22lAuFYot2DWR22rJPPNsTf+x/D26/osRtWXH4zz+jQxei3I7q2vpe2jnp7fuBkvuD+qNKg/zQVi8Otol4i7xn3fbCl35qggstuy1vchhFKLyhTR2mV6iFNTDsOzsPcIgRj6FBILT4QR9t7aNVVT6zsVFEoNk7tFRu+dLWKe2qCav1LBn7ip/v+VxLg/rgS2i3mEvkHPmecOqSkc8ALZ0v3UOcXvU1pTJhmrQdujaAmHmu6kiDn16ZxCy/+wQQWyk/CZDOrdKK7X6FoUyQu/vR1hMNaTg79JIrxTZIfbJ1B3ZNtEvLW36b425HWM/WLn31WOaULzRcqq2vFqGVGblbu7MtmnYLRUkRhLkE4rDK2dEOLgfpNZVjiUsKCGqd27xWw+K6ncmVFzhHW6qNjqDsBBgmQy8IiPMBR/J4HdOPCbecN8WeHJ4zNuqW+vFKbqkLgvo34uW/15cUkQMlGckkgJ2B3HaCwwrWxmlMRy9uO1G0H+tuYh6EVuXNfFeQJ2gHxdNfrmTQpS6YKV9IMLGU8ju5ecNDr14wJBx9Gsy4eTYR6GpblEKqpJr199mn5LfFmsBp4A+u/qKlaaWy/Ze2ol3ASAubEyWgU4sZy8c8yFTtk7k+zhS05cQvu9EDUQt+m9oz0i/OlGoLQoonLSFMA03XzhqV/Tqq0PMNiEQCCfTKZmULWR0QcwXJEEI2PqdaKIsna7zu7JdMg88Afl89CXL9C4V8eJlpqOaBp9NzqjeW8fQhY/ewnF1dUBF27aQ3mr/QnPpJFXUe3cDBOINmFiy5jFW/2XZ1jdzQsjvznrWQtr8brK+zVQrRXJPDaaak5Bb+I2ISxaXr+pbZjdgvvY2Osm6XP5QDpTotWvxEwrW4aB/0Tg1eVCJGooaMjgk4oFFAYgQElnNJWs5v2fsHHjGa5dAmZinoZHz/w6I9z52ocZhJA8Y97znOGSI9LQ+S6P+TvZKmcsrpoTTlW/GxmAXmN7nFJlIk2N6NoQTLwJIOqok0+/0GeO69j0ESWxD1pRTDiEPfdqa9rtsz0SdVeV/aHpnBy/NWPlaxhRc0DpPC7gek78aWpU/ZGNIKttv+VTd4MfqviWlsYVne9SZ1gLEPANW6HJvj9mTUIZs6VeOVJC9h1CqH/N+VJ7jjzEYYwFD0uSqBI5PQRSqrpuGvIxe84wilEoCWlnWd/UEj2VAR74t5wq9OJY4b6ooUCjEdMCyXET+6PyWQmeBBWOw/crWO+OMm+i12gfjnRvlPDUEeI0/aIRmq9p0dhKO3MT6yv8JJ26bgJVGpiKHQCeUS7wNekZ2CCi6rKdw/vjMZMaNbkOjUCyFDh7zcMe5mNIxElnYb+plNbONPWoqDtRR6LIWwAYzgxD6YQJfGcAEbVSid9er2p86KB72AyKzR4YVfwMtIZvKyHeeTypYBJPcac8kYTU7HY8A7OlTr7apOnoFmvh37Np/RHIDy1zG1G+uXcPAoR5cgZ0K4NR3Npb6cn7vmmpgonuxsh4EMEYq3LItHrxVtuy3cV5A76f/QHCUnYiZAcJ1z2Msh26IXBdwPDN5IExWZGxJnb9+tOl0RQTcN9A6WrNjZWU/o7fUzZ5ITq+vu+lfBi5u0p813OtUHRUybdEVL2gr0o27pSgv1p7XJkUnE+RMErusiPysZCGm+tqNYPn+QNrpg4Z5YCcYAP5RsrDEe6O8BLDJYAQJFwg5AgzJQyRIme1oEuEBZPS1GLVannSA6BFA44Pb+gYVI55vGOLo7VdiK0GgBIWxNRZlhc0/NRMeA+39OdgrPnAWcZBgfIMrFdQItNVE+c8h8CTzqEIoVSFYTDR3wtfwT9P/8MywAozfO786fTLoa8kLY7fmw6La2DoQyT4nGferHyXq1mfSKX9fORDIGdxDubcNnmzsVG+kM2kId6zZjOOIo1hZ3a6UJo916YjwY4T9u3tVvurnSx9Am1oDovbvvO5Gq0oxpPu8Ms05eP/kq0aabYbNHFahzXMy6J9S80HvWGb4d+3ld5AOBL4gfMVl1qwhnc8AEzuerY3MZsHGSUZbJOvdJBAHe9IWRacJ3zaMh+Lwj9KkHnPqlCtB/x8NjfHsNIfnYVC6hpv6HZ9DWBWX9L9ySrpfIWROYz9h1Q0AOZqdXcZA04z1m8c1DSp6B9DjZEB15CHjE1WUPW8V7vp/6DxpmggmADjU2/xmlIh6E/jzxrrPWAsaWAbTeegQQq2f5ZPd/5owxAdM3PCFjDHX+d+pwv7mwJV/h/A9vSLd0L9hlr+7zj95zGaB45VomtkB1gswd/roY1cUJVfr2DZvkZd+Na/qxKsaWQbcia08scITjz3Cc3UDt9Cg1oxnimN8JkarGMYCgQCQ0s5q33G1v42gchQuOD469ohk+Px86PuDqp2L8tz5hupHkTWuqomrrfVP0H8D9B25MdY3PeGJ8uzTvpEDXPgaivNlKHAD7ik5EOAJhmL0KBJ8wnbSBbFdDlOCiA4hDEFaYLDhu58VjMERX8vCwCI4clSUk4KHpNNgmkrk5jwyXr+VDz4tY6zSdN1Q7y3vvgQbmNfoLqZ7qESl3xhx3anqV5xdhDL9xIgkNoqP5XVTw/B2HVpDirN5s
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c409-1860-4972-ab6b-4ec9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:25.000Z",
"modified": "2016-04-28T08:04:25.000Z",
"description": "malware sample",
"pattern": "[file:name = 'a1jxlz' AND file:hashes.SHA1 = '028a9c612a1906765254ac0f4ff836bd5ff07a79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c409-9b04-4cf3-8d33-42a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:25.000Z",
"modified": "2016-04-28T08:04:25.000Z",
"description": "malware sample",
"pattern": "[file:name = 'a1jxlz' AND file:hashes.SHA256 = '5639ebb53ec8e33d90129b9063d76abf83d40c5f85eba843346c9dbd141a8150']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c409-ffb4-472d-ba0d-4d7c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:25.000Z",
"modified": "2016-04-28T08:04:25.000Z",
"description": "malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAI1AnEis0kKRXNMBAAC8AgAgABwAODg5ZTVkZDdjZDY3Y2Q3ZGNmMjdjMDk3ZDNiZDJjNDFVVAkAAwnEIVcJxCFXdXgLAAEEIQAAAAQhAAAAiJukOqe+lvrawMtKimJEQO/mibS9JzK9lG5xtYCqgzuBwF173BN3Z+F61KgOpON/TKqCGO3hiviBF4VgynotwednAqab+ELGx7A63nxjfnxbBw3vKx4fVKyOUq2cQcy9Xsf8u4pUx0wkTlKwFt3HHwzS37lMhoekHbvKS7FAAmndYY2BFTlUBVZnnl5U0TqEXJc+8D45XJxfsOpeQWATj2hZaKvQtUkLr/2PXG77gnJBKzRN7ah0WsO4vVsbpJfCRnFFxJEfQle9s0eIWq8h+DPixatmKr1VvX23ZCg52JGDGQ7Mq7iZvkVKqTHafvLkwbgclZhCC/UNc3WQ138skvtCSm52eijgjxtKLoEfLue59GyqZ5mUSVc06JAh3hOF2FSfOX0m30c/jHIyhRGRZ7dd5SzZGtjddKA/E98zpmSECgKGfjflCHCtuT3bk8aV5qoMeaAjAsbT9Pb6g7vytEVWlDHNmfEyb9VBhaIpBpLMfFMwRmUsaQrV1Izsbn05OTlh4UPIgWDju6D8Skxjojlav3XvMthE64bEzDoZjTB0c0INAkly6ntSCSDOE3qUQAwBL0p8mECfo8+L/ge7L1QBG0Qnxi86HDp6OO0LxkNopjzu6lOEGSAJ5OQCZpGRA5GsxbkBq14NMJARWOnyEl7gEynUSguFKMOz2VQEPkng6O6F5t4r8JNwcigai9FebHD8o1p+tappAWOzwYH2kN8LZ1s6vMeJ0N0asLn7Y8fzXTVAs1azfFe1skAdJ/2Ws8lYKO0qG5V+46/iTzstAx8VtS+Q4vuqxoGfUCxxO6tqr+PzLPiRkY3q+h+nZjp2hmH1Icz9+7WpUNLYaHfD5TTaXa78Vpuaju3DMtIYIN3AH4TX2WlqFIn588tj+67OANI4uTjd++TKtAg2gvakvQgWaAC9MJ3WrVRFR+TY+AYgMSA23bL23Ix9uaWNQ+44WS0mAY6HR2AK+NL+zlWpmVvZOSADtUxM6jLwuUDbyECAoY0K/lKYJZr8VDsY77lRkum2AVnkBVWP+5NP0TjRe5H7NpblbkLKZZXua+qCLhnmErzihiwvoUwJ3En9woX5jtBF8/95bPKKDdsSbT6GmkrcbAq6dUIMxdKqsV/2jCIBIX7D6s4oFTA9y86QisQgqSE6i+DN4wDYTPBSfYEIjb1XgLIhbGU5WAuypimUW8qvWVt2gHk4JdY4ahxlwqzKV7s/Whf5yYp9SNw2Xm5ScAgTBb7Kij/CAQqHfP2ODd1ilYkpim+YyMGeQnHgWThhLsY+JunkALQcu6QkFFAj//7sa6YHqBOcT9weAo3q6JI9C6Rey/Fr1etSjCz3hzMoc57yc5/YpiEaVdyXdtzdNtHFah+9FpMWY78+8E7/K2iGzzYkDLCFPlFWi89BtcSTvwZ8a4NcmGci6/k/pz7SbYR929s8du08ektyXlO35e8tXNNgZm9NhSXC3/TmirhZMI6IVzZA4NvS2HLyzVWtthojSYWOzz2OO5qjaqu5o4jTbr+0LmKwCocddbwKLnAAw3Qa+vdqFzSuRS/yt6dQ89Z/ajQk3wQGoATimhqMbKpa5+/5sTZSuNRM5oEyOwxWfrWxmI/uw5PQk5VD2DHwq4DauitVH40gdZfGnU0reZaccuMAhcsvftYHqg5Y7BUw5eXEVU20hB7hKlnbBg09NN7nfCaEpHLi3Izc+mdbdiwdAu+fdE4pPC3HDyAi7uCYG+mM2T/l+9qG2kjf+ZlF7Rjm3tL2B3cNlNHBEKNAoA9I4G5NdDE+DcY1175UL5MZ3ORckEEQ9q8oM2i+tLacFFpemKGNzyf3CF5CBmv4PQvh/2oQhjfX4JRGEp1vxfXs/Dt5bIDRCvL7WLEBvA5vXUVU8c+GPkAcuqQ8iuBTO+YCbfeaHABH7tH0qhB94QSYltft6XlYHidQCKSdvwIEbX457x0dZmJpWI34mrW5Rs7xsklGSxzpeuK1A2TXylXdFh16TEzcdslvMtzmBOXqhGN5PfP+ONWj9Jx7Zlwb2lDhpz8Jn5Fri0viZMvArvFPzczN3QwSzlN/8m8wEYCgTSxzNAxLGIaOJdKPowh0ILn4zo5UX/0D7IzVN278Ij+VfJcDSSV/J5YYGFSBbme4HB81+V0gdU5zbpaIMA3rA9Zkp78A8RScHiZepYHXhBrnC6jv9SF6ege1TQRe/aQ3RZuDIeCDSyllDNhP6KoWO2bkFSyTrSbpcDPNPbQfMQ8K3PnnHR+39HGkhaz7pBOKS1sitgHvYei4UDom+whfVumHYJWn8sG5ngVofJsQzwYMjWcn9zBpHMdK5ocZay1vJsp2k5h1fMGpwoqfxyUBc3/o5sAupmwElPPtJ3hV8eLd/wtSw56oPam/t8kS6W4UmEFHP98EawiWMT7eAG9AF4+duGC8xUZNDl/bX8I/CmABJcgfhFQqNMuuUHimheiUiQebC6IceqW/U4dSeCpi7wjuDtj5pvgt8qaXS/1FjHR9aFHKDNHbml2bea7ehxsq5xHy75ip7WyaU4teZl9B3V+fop+6TNRGwvVw5F7x4uwLgw3nCsNdDpG0YGiZ0LwPUUJeIhzZOUVM0vtEKFWfD9vxx5OtCnMjAHkCfrrd5pad2kGojFSW4NE7CEp54TfiLXPAXYhLOwICetUnwcn2bHAEkQsiZ5sNgaGN6Vw0rUP1zES/BQpnIPzpt5r2gVWgTDKQfyHcu7NGungKcPp5Fc4J/1DPnacHP7zWN2kFFlWHsXsReESiK0co3RaYNhiIMKk/p09dj/YXxMMs31A2Nhiy6QS5ve06b5YOkAu0JEZmcdb5bNdauy222Wo0PMyw/+AuulAAdD+gylBwTuMcAF7fisVmo9rAJjn7fbISNWfk9/RpmzDULuDedPGr1hPWaq+/r796ujizo2tT5tHVCsMbFlG1Nzw5oc9u86vfTLrGOdHPf5wXwv9ZKb42x5QyU47HXyTbbFffP7YdTjeZN8KnapZDeMVDt8QlG3fompIFZ1tKUsxqIGtVa0J12IU9fS8rJYR+ClzzRDcSwOhL7/ngVdsf2T6gigkxtPdVCXVHg6xVPVEAp7JEfbUprYBIfJsFg5o3wbze6BTsajhMy/0dbNzfJFo7ZMvjOAVc+5CVVu7p4ei5x9p7fxkQQ47XLrvJnbheYQmcxvaD4cjUKlMhT266YMTruFTpJnTrCTRSGwXVLAAX0cuyy3mYc5qQ95NmkYS+//jCLFQ15XnA8GDQfRCzBxxybb26oo6VXmbCXrV+HZyOeN45vElAsiHaEIOkaQ6Vpf1PPV1wU9JjQRI8IjcbcrpiHp9Hl2SKGc1rqTZce+MTx5fDUJGHHLGS0T+o+E4v9lWSqR+WBft0SYpeg054desdlofZ4Zf1eKnABXZyAy5n0XI9DoV7gPLgrUpayaKnad2fxFjKbKYzYAw5+OfcnFE+FUh3ys/WXn00dzWTlXxl4tAiq4EEECw3Xg0Gumx9c+DOq9l7aryORjc6xhODOHB1GuHk0gKyVwcVeFOembTWUEUxGhzimFQlzLW4B+KAWHLZNVWy/qyW3e9X98W5bCND/aZDYs3qW4WmDQgRV+6aOOWNySlCodIh1ImAoWh0npLCu6xVTVfgpUMrsouVnO1arTqfq5MoInfvkVzW3cu0A4pBqcMmCrs7aYHBrcnxtQLn5t4eldPtyv50sHs14X9oE2WXLh4OTelhv2476vU9D1Bd3BnEJ2LcNrbLREMhIeCMw2ZBH2cGUEto6r/GBHAfcGjblAGDP1nxkQ5nlrJMCEvMn6urW+M6h2Zeg3Zmt7OFZIWR7dPxQ+JyWP6z4KrsOwl2VFs2Yy1lRISIhR2q/wk9O4eNd8jtyPbl6qgD+UnUPYoIffDKa3FyqFc4pmrojVRZ1Bchvas0jhw+F6THcW/JZ+
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c409-c2f8-4957-a147-4e6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:25.000Z",
"modified": "2016-04-28T08:04:25.000Z",
"description": "malware sample",
"pattern": "[file:name = 'a9idk' AND file:hashes.SHA1 = '7da9a87be6450bab5f918f56033a5fdfdc4e1961']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40a-6368-463a-8666-44e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:26.000Z",
"modified": "2016-04-28T08:04:26.000Z",
"description": "malware sample",
"pattern": "[file:name = 'a9idk' AND file:hashes.SHA256 = '89b9836c31aa36382e413568d85c39bc7ff7b8c06deea7723725ab0cef4bb25f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40a-7bdc-4364-ba8a-4200950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:26.000Z",
"modified": "2016-04-28T08:04:26.000Z",
"description": "malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAI1AnEiUlcmh8NMBAAC8AgAgABwAZTc1ZWM4NWM2ZWQ1NzdhNjMwMzkwZjhhYjRmNGU1YzRVVAkAAwrEIVcKxCFXdXgLAAEEIQAAAAQhAAAAGAB2UUEhMZHl9zn//aGPS7GP7DGvsfAElL30ZYKOTMpE0qb02RVXj1TbKHQd1vjkRpologvYlWWOmmPN9Gaw3ODJ+IIO2XpQmekx+w2FQRmqczP6YoTR+enjdTSiXxwcGacMG3Yl25ih6fCy+u2JZiqfVKqPs1WsnX6EpdoHPQOhmljuGrBvEiGYxwUjXhtEyMTiCQaWL8v3Lzs0FjW9m4eFJ069o5bYCunkXmmUd0VAhBzblaB6x5PWlYWlu4vlD4CiwhubYAybweK5ZucW/vVfmvsiMQfrTPtim1iBFJrNmxGJDJG043D0sTAr0EEGwqYSLj+pTRpWoITrff4BnR4sx1ZUSgw2tZvYX6xrtEV8ZRQrDSlTZ7UohJhRA7IszjjYtbXtmkVzFpGXIdKDhb2XAA48nkyerI7mMWGIFMIFNQ9ThCCEZK4cu3+BxLTBdYmtskq5ryNNlqK4fx5jTP+veJGr2YBAZNhXaEcFHT+cBX6PPwSjZejdKQJ/vFEjIIbI9QIsOAc5CBg+J0VjKx5bjYew8fxjY2sWGOOMrnwlqgUdO+GgljRyTg1SUIfSev6gLiJBjx3XQa2ljWn8PHq7ptOwSaTeEa/hFHX7/ZMqIdaBdO4FBcg4GjE4mqkd5pN++cOFHnStJ7TRjRhPyUpzNvo8lPvpUxfFDrN6kaih80t11l6IeH9GBrk0Y7xuPzHjSgaj+HzOmY34V9SSlJ8qRPz+NOsJbsXs34agMydRbDe6vBdpYOB/Zrsg7Uc12jmeYHsLUPWIwpTASKQc16/yJfg4iugFZTy9STqswRS832FPJzY0JmkJ8VUvK/OPhU3HOttb0aE9Kwsm0SD1P46xqHRLJXulOEb72QQ+OSjSEojyrNPWV4bOI4HgZlnqEhX91nsk1PlbE875nIcj8r5RahQa81bwM1ijqJUnmYCcW6gmRgsFCzHiyyJk/W3lHd5JCbZivPXrFEneTcJI4GFB2vAFlrn0ezVOuKgIKja0uMeMWFrFr5TyttSzeCcQBkoMYGiQRTtkF5oGrhErktGyv/YKjglSgKwNEwvDWadycS8F56YuWV/j+iVT+fJuaT6CbQeB244yCE//I+YbpZQO2fG5wuKpxnRkTPCeIhXeHenDBqdQTeOwLFCJkW8VRHKuNFaEbv1Zlh96P59R63G0NXOw3VPZOh4iOafZA34/RFL6+8gMwyHXbAxDcubUYRE35LnPpuacccdCJbx+ZSnoY5VkZDr6UNyuu8StmQiEo2qYXkDitbneCmKyaF0DcXcZG0EgeGGBzai1n/92s3mEBxq8Y3hBMonRlLb4JZz71yuJfFy+sRGatQ4WTw8Oes94eMmvjg7HluanqZqy9sV0v6+gNwLgi/w7vf6b6HVzyA2vwAayDZtryp4HnnwtMrZ+N/Q2F4fJij/7t2ExhGOM2gZ26JfkJwjBpIn+WmZs65Xe+fUs5fweO3w/mZjyanKdceiVEq5gJ8t7/kV6VpSsad4bACNON423G7P6bmM2D6rI/2+R1YaGevtfasqltwvGSl135wlWPkPQlQDaDShV+LYNBv/Ss1kI5EbBJLUpRObKols6H0L7otMSweI13zx4oGGRDcKk8CUnE2WyIJrNuOo/0WxoQOgj5CUWgl+SYNX2OgOAN5ukUzSRIQoSc9I35k+GNTsw4aURzMH3kZf18TRG/Mq38XSWwK7EOthUGt7ImqamCzFDnMY3+mOsZhx5jYIN71MYv8jN957QQ0yPskEK+swgV0zrol3eTNkq/LnjYSjBxwRwEe/tPF55LIWNKVfkM6yCbCXNAO5zOhK1mxUFtMYRMRLrIDLJ2jZBt4vt1Gam1QIfCvqjreLMGzDLPnv1mEDY/ZejLUpoSJ6Q8z0QSKq6JXRMpcqKfnDYZKBAX5EzcIGUlynXoY7Xt81G96RCRVP4Ayz3ZvmMKkANxIRklRMI47ihixuFuQUkqX0Hb7nD33ABLCixXuDt2PsSAGU+xOeVOld9cZ73RmQMGzvtd6t3m+hz7tiRjl5VROJEN9XiPs5ByPlb/kXsH5Y9MjpNOLccQytJ/4aLOJjPQN+xGRZZMGGykQHOYhZckmyk3XZ/LzUoDnsKiygpnLMyyhTDwewf8EKsmHNbtZM167/qz0yQAL59n2yGfbiqEQluy52bXoCcrlELyxQN2RKQPWvlaLuxAobGPTu2WP/h1U+hgREpIoRbpfyQv8ekczKxz9WT5sA4Qtz78lTrMU9p9ewC1DbLCMMS0mB6J2OhI8VnOCUSb00vgwPG+SJrotqsECqKPeLohXThUqqYdPgZmTxGsTXa9G1lE2y6Sbrx3yIN8zR+sLsivRkqdIHj0iuR7QzWbxCIisG9jalPISDcg1AQ2bBEyqF5pltZ6E88aTRd5klN0GLxz2pW4IWOMQVGomZyMxPEEDPuMWnzFNpGPKMY+pph5AFGW/xckB67zBEl3glQbSKCKXG5HAJBfT1gjO+2ugbuoDUHxi55eVDojzc2mdBLiuLJxFlT9FqI03G4R0gs2/43QHb9uphikDBzDke+YjcfBAe8kHtGectS8P0UfHbkMxDHjA7f/nKCRkxypCds0hd6uqdWCrKAnTEPwBq+GEliw8SQj7VpY44S+/5kseMkVIGpzPIN1wUCKG9GRhMtMhSMPOssLYR9Yvcl+gbxi68xJ/nlPDnuWr8O+l3cAC/AACbFpc9ppF82Ac0fQWg8K0Pe35fW2VrvMsdK3F8zy04PHRsaWolotKD3W5Mrf5SUFznLiJy6PkVkYu6E5QtbVhNi1P1on4CLsLf/53sWUi86nrrtzOQhgQZUP0eRJQtv1t7+uTaQur8doDJu7QvjbSONoYac0fO1YDzGCtAltJu6Ep9szRY21MwEfU2I/bgtkQokjNX89pwtwxnmdbcjtbzmWMedIkdBylQWRM48kqAI6KaF1Pp5eS5MCde2uDlz9J7bNMzc4Mwo2l1PUof3uBNKafxraCTHRTHmaPkXNo9nDIUdMkGpf2uJL5Fd8Oe2OKk94GaqyJGZ3bBwctenz/yK/gcXIz80ZTQGQbXFm2eEFtvhDhenu8rd71WB5iWdOUVxQcch+OpEbbqtLEh8L8Q8zw9mTbqP2N9+bF6QQB+IyysEbgSPRHfBw1EDsx65VoPPMVXq5rOJ/iMGrxyyWkl13EMlpBmUT4g9x2cFkp5lnCFJf0SBxFST30o1Qesyec6awU/q/ExHwdXwdKm7ck4M9m1LtIggnMVDJYqJiW1aCwLCKlp9DbGSCBVjlmtrbxoWRte9sE8mH7bOdGOKMYo8SoNJ4zeHdHMosO8IBkifL42UmMAP1RU69LRRNYLB5XjpRq4XBnmlU0TTf7EhwuFijD2kD+sFWOrut3CbIhGoeU9vD868LoREEijI/RW93l7wpYvSwtP1SSHL2dUyq6+Fr/4IgDzbZM0LkRg/vt1+ZK6VYstBC8EXgVcDvJaRREf93J/xU2LPw+zb4kxKA9uKj1Ke0MfTRTuBAydd7x97YNhyluPitF3N57Hf98RvHzPrUBbK1eoJVyy6FEy3evsXWnayzkLMyp15ZD9a13bpZo7ngHzWvP/BN7DiH4k+ty8feuc6wJMvh+CB9gKxu5iJ2xHb/gyBz9l+1kz3oFMLe4ixUBTBV5PsRu8uGDzg8d1hJBmmq1DQEqRGkLUdNsC9miiFybFPR9PLdyQQFm6YvKZ4kdm1dnhQBi9lIIaC/EOrP8IzMwZohuYM1wwiNlolOQr13yH/FaLXF+SQOCTR8psUfS+FxiZmlX86alHd0lZmxLiJezGba3zhOe7xfxXNNvWy1efAOKAoS9KzdMhRkqfhuGnvSEeJcXXQrHvLLJTteflJ5v9PGhAHZJv7rh7N8cUuuzLco94ZPG+lW7DCbL0ue76POpsq72Ri9kVwgQ
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40a-0fb0-49af-8a99-4dae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:26.000Z",
"modified": "2016-04-28T08:04:26.000Z",
"description": "malware sample",
"pattern": "[file:name = 'bch3hs' AND file:hashes.SHA1 = 'ff6e517e84f2a134345fcf61a4983f1346c10a5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40b-0be0-4aa2-8056-4d76950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:27.000Z",
"modified": "2016-04-28T08:04:27.000Z",
"description": "malware sample",
"pattern": "[file:name = 'bch3hs' AND file:hashes.SHA256 = '405b439e70d440400efca9535eba892ed1597ce9adb0d2eb665030c43ea1a64e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40b-f150-4ebf-8298-4eef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:27.000Z",
"modified": "2016-04-28T08:04:27.000Z",
"description": "malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAI5AnEiGF1TqPNMBAAC8AgAgABwAMmY3NWQ3MWI2M2ZkMzE3NjM1ZjQ1NTRiZDRiNzJiYmFVVAkAAwvEIVcLxCFXdXgLAAEEIQAAAAQhAAAAMoHwAFUmqj0Mr7Mb7yMgOq91+YcHDGVUlG1sn7YbQI1P7drPEKcheJPQOsBCzsbp+ght2N+GaasYVqq+BThDSHT+KDHG/zLRN/2QlwpHpccG8amkfjm8+OQJxOowC9lU88wNr8/iNxqaCwdLwOa9wYqhTcA0tPaKI0s+j+hHjc6Cw2Tz3Pkqlq6NL3c5Tm/lZWg4WeZd8Az6NEad6Cl16Llm4yTaVyedBH/TJREEhNDHrgitx8G8O9dtDrlo3bH6LEcCK/BAbZpa45F3OjlpLxZYfyKNMmx7WFSFmCJ9WGqqAyzNFolsddeSoWTFVJkkitFeA5+FWpj7WP2XtxgpQ5/QDmqgOPd6OKJFnBd6HSVIfY15iRf5ZIVDn4vaVTSTHuJLRp0uDe93OKeaF4wVgxuPu9bpTsmQf5vE/n9gWEV3ZHK+c3NpxbOx3aw72EUYbeNWYD7KWVpvE60wv9ekDF5kCix39XG5jpMVc2JR/OcyQZDWXxoe2liQ6ALd7LRQ3QSz8jF4b+r7xvqzrSZNCiFTj1MjjH3oB3qNoPcMYbLYCwd2r3qT9d098XPAIz7tWPDTkLtf9JHK7nxi7y+5VX3SBRfbzFZqUqsbGsiaaf95JpZS9Flo6uEbLCf4d8bCBHvEdvCi/FCN71zZ4zhm8O6jv1PdfKFpvapStKpgMzi4JEPJeRd+hRFeag7W8oCfYUMy01S3hyMmTI+NDT+/NHoKvjS4oSdbQO3krGBOmjBWbxsTJ5wuAOBbQLigTNF6IO1iaZoWigmjhKRoPS1Ij76RZe5y/2lkYBXLn9opxk/em4fQZYhgTaGOfqBvhUT4yIgVD5Gz8wX6PTMDIpjusHZ0rpN9n4IJ2/HDemtL6qYbuElsXwJ/vFapbjjle5KvnJhK3Ph3rqJXbVG9H3XUVtzdWYNs/RlIu3E1m73w5U7QfqtBFFkccxW6paj3y6ta/ZMALLuqAkMTUNT7qPGKsyjAgDO7qB3VaDA5yEWN+dt8MhHI5STNB+xfcriJ9ANDUKHJwNLr1/n3ZD2V7ahDZAI039BHoWKpFtGDYAhEWpbeuE/ZBl3NVo07nG8LjA0xdlafygH1vrsYbFD656+HEG2PRuvHQcuGMUSI8mAlpq4jLHONC/f4rugJtDR79OMxfxXcFRHucHmePALumss77CyIHibUWCjIrP5CDJRMBrJT6/HG19GXNo1iCRm4NoVTWjSECDSbRl+fF38ClkwtpPTa+2yGWHa/Ubp8+M99HmSIS91JhP8yJjuwc2RVcXammtljSbQCQlMKIK9WUbLLF6VcqayVntu0+Sl4Byvyv9Nd6qj5PPFzZManYbZorLVgO9PYXaEFjNZhl1xUqxSzYx3dfNJnbgxDv4HQ0TtRjRl9bWj6KTDQFcaf8IyFHIxpj6cEYSV7GALIPLsxs0iNTOCO2Rq/j7i8kqEh3WZpEkV1MuWXwmfaKHFJNskLaT2BmafQ2/w/K0Syr0Dn6pVXmMkBCj/XGk6blPVJJpdFoxnGr1TIi+bU42ypOr5UH33B0lPB76atNk1X3paaNVTuMX+OhBH8eRcFaMBwrxKbEDFpPhFmfQb8voNNhuq199SSqoRdWO+MgrzAjQ+7ewoVLkAPpRf8L83FlND9haFG7+StvO5MeIy97eZHyQdWIKuhgY2LHy1/pL1nlU/iVFfO+1TU8n0tBsgoTNYBef5f7/R4eaXIoOmbl+vpd830WzCDhNu4T/5xTyWoCn1BRPfpfGXn/ZWWtLDXz4BWsshvo8xzazkWoR737941vz4vjsR15WF9YQ0KFKY6SNfOtUSJTee3y+5nprNfJB4OrCnkUhBSpZz5kHAl/IjTHND61h96gWE5ycdz1dG3QZ1tfVolEWL5vvW0EI9fOrJjyUgS1zXMP+KNeDMEM/DtyNv6frO/42GyeQhQxHp7pXQ04Bxj9O8YNm9vRZ1OJpiaQuIwy9oOz3VbUt+vQX+MHH+STZg4HdhPv63hmXmgn78kR7UQ87s8l64XsOd4HiXQA3eXtXO/BR/kOkkc6uMoIaktIDtIxfLs7eOLOxKYmHFY6CJRJUCfy/PulMu1ldyePAht62r+3IGExP9yf5ggmrv2K2zQlnku6r74Q8Lt4C8NS2Ir2LQEYvFUJSMoEm7jCvPMcK2gB6NvfUu7USTiJOOgmcXlYUPT81ZO8X56KPqNcTTaCtAcU7KMKTsHgFg6MbY7QMBXiYhmoI9jhhlEmGs2sklhSaM51gv71tsNrId+KkEVsETX4rhIUKyGgGc6AZeEzJPUPX5Soh8zSsxZEK6ha6FSMLR3Dx4tR6YNQdBVEXdoTaMOGCZKxqWAGWymyDtUmShvMLBNNXURU0XAg8I3NB592/f2h1TfU/UNrYEjormDf2i1BxSyHEwbLFuV9LOHVExbymIAoyfJ7RNM97UvXeuxLYdbul/mCdYTmKuENt6+voKMFdReDmFKeEv2QzsjxTVZ4bEo/N/Fc/kPAIsnrCCX/58zejY0p9iMAQbv51mTz6Vrac49P66eaVpOWd16fk0FTcNvvHC79Zzvu3ESJZ0gUD0LqiOfh6667KbVlS5LNb8Owq+30T9E3NqRxdb4k/uTQnqcXx2iZYM3FxaKFwRd+/aYm+L6i+KfumMktO5nxwmHbIv1NBs00YnwkdPNAvkh34ySirIiTT6TSzhBrOgCAqNhxFXDoNRFa+4msx42TJm2Pe/WOW376Fr3XrkC3u48O4ff/EV2QzV6spMVZ3UvejBNZSkHpdJD9cKKfcBfeFwlXTGFCGEWU3P0xJdoLhyPb6/Cuzb43Yj1iFrurSVrqNwQ+cD2VPkGrUnSrWrua0g/r8za8Jidd/f0oxfFHW9d197ByBZRfZdsf3kX8iNI5cgBmxOf3TS2/cI7qlRNzCQMhab8by9jYKSOKqAk5Lv+CfLK2owaLi2Zvhsqj3BEEq38qKUjjZafUeS7VHotpflqqdR9lm97WUUjwUyZxJjqRI3i/m5DpT6riz6Bl5dyVrCm7WfVVEWGxps777dsxceWmYvVhc86Tf8fDseAkSyYjUNnpB99D+19ml/mi1HKPcD59bDlFE5QKUQkdreIvCTzC3bsB7TKH4Nnz/4oGYFzpJ9uVzMHA8km0K4+SXGZ6OlORG8m9IxR+riq28plz3qA+Ucd8nT/gU0MZVvFyox7Jn4T5xlpaK8u6muFiPggzmHeoPLfbetgRpDYr7fwaoWINtWMcX3P4/kTV9eowQ6585OfJBEHh9MkN0ohKo2anelg6Q2x9Mu/eKBr7S2llg7q9ux3cfFLc3K6X8bKnDT+G3xIK9mU89FYRTtWIMkxqHk5VO+dWknh2+muVZ5HZH6bS8fbl8vV1gyyO3qTxGnOwwcKpMPccOUU8GcV4DD1IrvIDLN0APIQWluAicDRaGPTdkFCqAGBSce1oBOGQMFPc+kaBdd1H2f9cUJ+nfKgoOqnmWmegLEu2KANUEboHJVvKcwSD6dbCTulW9vMcJcrEvqqsjlOz5sNmHsyJl4j1wL22epeQAYw8aaDljmD54gKLaVs5bpOFZNnTLnVaFnP0BBYi1qFgtwKwBu6n/uPLCXwZtpguHLfGMM0P8GOKwQOd1w3rnQIvCX3f+zWP+0g916xHq7nBJ8fv05d2jdwmKQbge4XxlxFLHhFjbB6mkT8cMiwCF0g93XoIojepYEa62u6VeKtDUAilPNTdJkOsW1ohnJ7bQfuFEU4p8ZsmTMLcfVNAp6ys27PakS6XXk5tqRF/9ry9G9ZpHAiBurTczIzZTXLSj/PdzK7y9w3YhpcwVQloOKZGwHHuXlwkvqMUx8kouBW2CI9Bdh0JeKXpiwLb9MBDrVNJ3myV15hEk2ioCuNUXpy4JqwnmYFgKxL4LeTskLOwe803yNSMWVb0ZPdi3tHnT/+jF
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40b-d258-449b-bf6b-420c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:27.000Z",
"modified": "2016-04-28T08:04:27.000Z",
"description": "malware sample",
"pattern": "[file:name = 'd6twg' AND file:hashes.SHA1 = 'd3422d54a69efe84c91fbc6ad615642ee65da389']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40c-f5ac-4408-9a34-4a56950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:28.000Z",
"modified": "2016-04-28T08:04:28.000Z",
"description": "malware sample",
"pattern": "[file:name = 'd6twg' AND file:hashes.SHA256 = '6f5cf2172d39828cd8b72a14af7f356818abf99bf21df23e9581370f9480b0ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40c-929c-4ddf-8856-40ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:28.000Z",
"modified": "2016-04-28T08:04:28.000Z",
"description": "malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAI5AnEjspPK8jdQBAAC8AgAgABwANzI1OTc0ZGFhM2Q3NTNiZmM3MGQ0ZmZlNTVlMjM5NzJVVAkAAwzEIVcMxCFXdXgLAAEEIQAAAAQhAAAA8iS8MF27fBRTRnyxEgf0jFYpNi/wYX4f6ZwI6YzIR76bY9hibuJU+7m6PpKW7/yCXY0g5kqFPwDapMaOjJ7arnZ99edcngPTzpWmbQMILmGviY8C+2szwolGtiNp8dRVRJmZcaF1lV5iQTwSZEMTuQZXymAHv5LOooBsRcoS/IUSxkn+ACEovW5hPbqceIUKDBQcyJRtQFaEhgGZMcZS91PA//K2X/1olYuYQbpC79C/ItUKZZSgIEYx1LQ7Kt41OtknVmFAiV5jbWjQEyncr40rM748OWIfTn8fs6ZX7rrOoIPYaMceRpfjzfQnKIndK2jgABSw6HedK7mOexiP01Ra+jP38bD3tO8RzWOy5uj7vlZtNvXYBb0R2rnd5hVhb0jpSXPAmBWpu1SX7qFfGBb+CnJ/sI5i9P9TwtIf7IaE4/TlnOZPDMQWZxLS/H3S4TI7TItHao43+0/6PrNJCI+yi9VO2HVP4XjZQUESJsOaV3An3u7E2MoMM1oKfnmZ9NoObWrzOMpOUirbBlqvnuEyRnzdhnlCBCPFvfXkBpfsAAu+r6MCxNftLyBQrD3X7ab+twuxw1ktpdUxKloX3zovPQdSz7/H+kepELkC5WKipv8UEdzuHQcjcudtrgTEvcDjwAdPkQaKCV+hAnqgwO28nyEQaJ4u4WrnL6Ox7TGbGMPXu+xI4m2i8HGICBFhcnBFUEbf0ldeOwspmXTcxZPOI7ip1BSHWYYERp/83Lrrtp0CYRfF8ATKJx4gFA3HLVAHxdevNa4IDBCzNQzViEIrxqdFID4VGmK7FLYP8pljDadtkiYpJwsyw+joTfZgzv88kL17kg9Dw970lMJIdP/MqI1ezYt+n2B5X4jldU9tVMpTv4juwirhZ085HiNa+o2VYrWAgo9HlZgVNMD6o1cM7fGKpdQHUdMzO9MjWn/j/y8gJiiu1pWl9QgNiqbP9BM0pECXMQ06KEc0iHGHMYzvKrLmpVJd5KtmhcyjMNZHGjtT+IqKXIPoV55bWEtVDSC9PAe/f9VbekiAMdouDye+KoK+fbbrb82R60QsE/RliKf0b3vYRlti3zrHYd00vogVfPimBY4j4I0z7uxlyCijtqHAUD+LAtpymdL6Gg1VSjrJVrFTruEFdjeL8S6WKnnc3NhP2KWGUMWTD3PQKYfR9FEyRfZSJEtXCmAvxVmFUHjEGImZ9j+ZrznhbRMEHiJQLsKCPoPtxbIFRROyIxHNqw6W4IRCitW27OgkNucPVADzTx1Xa3N7JhyIlP6yINjNk8OGdkL/8VTpqSQgrPpHmiLaGO7XnP/lbEOp6Lda2O8nwrlTfPjtul4MT752TbpsDlmQyaGD0woyGurLtdUTFuMBoUHD5wWTBQJmkGpPsV4BFYdezQKlF5ztC20LAW+lhOilUbkZJ4DtGax1cHVVfe/C1yhdbd87o2g8aiWbKIl+2H4tmyY4FF1PuSsPATlbMF0XIo8V11TcDO38XUCk7FDKDE8cWbZmoKSs6YrUHCs0lKgteRK8Xezoxfc5OEMlGy6zopzN8QeleE3tpb9MDV0Mif8dI2G+56Gds6XezFlTPOE4SnmQJ/OR7uB8NB0IKO1PATgWM5sesX1G0JSVENP3Y+nCMaL+a+nVejiwRLdzwAwZ/tlcSNKHZRZxHRTJBHbf5aIHJ2uKZKN7mbfkYU+AdR2bFk4t85KQ1P001c+bmRLJ4l8ZjdLXhEaNZwLuLZZZpXJ5r70pjlXydSQf0K3lOHSrvy3ML/Cc0AqcLYGhv7CqAitb+Tas1LKatt7kodkHuG7ONVCG/qjqCrX1k54zVO6BtxWCANyoijIiTe2ZfI1yILC6XGWi1jn/ozmLODQaGNmwIIP/LJ/VFgKVBrA5mY4gQrPwTK/iNfmVtzRmZ6KW9xx+TZTpbfoCO/a91pJoCmzlp9NagDwHYb7SCeJ90ytMro4vRk4FqiNE42HYCJkJ+ZOZN38bwHX3VTbuXwZx/28GsK3q1a0BJmTc24BVS1ePxMv1PFLmZ0BuwglIPCT3LDAXEN8MmFC8RC6OUyj8tWWAWfcFMUljozV0HzGBrBwFFl+zf0T5SXiV0PbljGVDApPGEZ67wO7cdYlf6z0KYyfw1d08rZc97weUejWmcRb+nGL2jPy8Xe2OL4dBcJUNyWCFZ+sdm5hk2CItEOpnXyv1EIjafCeceJPemWzwKvrG4/DXkUjw91h+frALDIb/Oh/MVRICvYj9DsUEisNA0RogqRfICbHxEkdUVjgNv7XKKsybOA/y1bXKckA47H5KutXmL1gAxJjSSQ058Asw+I/dE1xiPwAk2zSq90ksKRwekRPiNxTFh7q8hmwwUvKJFqoLx28E/dBllC/z+FLmh5yqDittg0MdB/0LgkjZcftN2ZpzH6jQVfpAPP2jFuotPDBpCRjgU3Zpe1leZYPtbb45A7tPo67tellO5iVavx/AG01XEd+Ncp6I9R6oGcpChfiu/v4ZvgFeEykdT1xDIStd3PjvknOz8gpa1ZYYYEVlOGurEmgtxmNiMbOd+g/kTr737r4o2QxylpA9uT2TvOK1mihaeaOsaqp/odJF0TrEqHipFOKYOR+GzbbEYCrYRQeL0YCsHbSO9foAQ8uhEcESYGD0tO9XhWCzpEV0ER2wJ80lggQglu2X+oS7BC6yxc64i+qSttWY5tKKZlOuEvLdUFxPoSME89apyIrOuHNreY3qAn9wl7IYHZohi361u5CyudyQ5dog8iTwKK9C6vMuVGwE3qwNU0LdfAZypsiP5UhcGbaj53AkA/fd/jMnQsyvpC6ppgnq1B10fIn7G6ByAPi+2RotAnsb5UEtqd+ENqZB1oZbhbfscE04q9TcmbmyvKLOCrW0QExoeg1yq5U5ax0aCX/BQXkwWMbtdnzM82pgOvcGnMsUWIFm+5Z3X9JeQm+7caypAxXmpD2TLt0gAJ8p0VC+8KvT5p34gTeSrENC0LTePkkQd5jPsUI2UaXDfDCi4iO09URXWUCicjgucbro7iBbuBn3Q/o0PUSCTnM96fJdqt4n45kZwmNMbasVOLLEslbBy3JGfxg/nkIxIFlyq+xI9Ffd5vq0JYdKlMRG59FXLHu+wU60qK8vkjSKeZm9ZpNAissosL9nzCndMAHYzVyuDedD3y/WfHdVCux1Lmgha5KvupPcEgIL7FZnOB0eWmEqGJB2ES+8CrPe4mg1zy/YZnX3NvMrKgFdZdh4McnfKqRXN/h5i3xMq34/+LMCNjfaJosi7nYm4z6ysrsgB00ezj1lnqGrQ6eYAkECmj2hHsYyFiCTDsHJpvdqTmGgFb0uK/TjFiGZr2zUAvlvj+sWcRiDFDh7eY/7IZrJFujGwxaNVMN7DGnBFbTQy2sHN1z9Ls6+rfZVMZ/u8UnMurtTNxw5/D3jyUWfvZR0j3eBXOTXseDscKkmQT8oRfo6KQ0gieOHggaJS5P1Ps+9rctfoq8LfeKtN2rtVWLRJwy5OAofIAVeIrU0PYn2BzsREKJKMiUmVWktA9A2EqVr05ZtZqKOE5mO3EaFtZuZgKNW6Apjug/wQg69mxPGRP5MOBfQ2y6T/u+HZRKne3ic9X5F/zhpke57geX7wnPrirB5pMdk0fsbUw+6ZtEv3SSRDWEegGmhcTYDsS78uOP8VOXTFnEAJKjsWUCvOXjptXYQdUrKCyf8eruRGz6SGIktlcs+jhZg/IDor61vBYQDUbsAzAhzIS9SYICk/VEhOez2BUZNMAo40qXwkLt7/ZgvjMGtEFDzPXi/vCSoQI82JmlXfiwkl9uVxH4lFPcwbHpGlvSqlvVHmHlC1hEJtf5JsYTlEdFMZ/mo7wijdAHOBJuznnzBmKDsYLZX4JdBWAZrL7TLIBZXtgLnBv2zjaYOgAbeqMAnyQBIHWvsaw
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40c-f8d0-4572-8eae-4e12950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:28.000Z",
"modified": "2016-04-28T08:04:28.000Z",
"description": "malware sample",
"pattern": "[file:name = 'hjs6sjd' AND file:hashes.SHA1 = 'afa459059219e93d24a6a81f9e22664d15ba8db6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40d-0340-4b30-97ae-448e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:29.000Z",
"modified": "2016-04-28T08:04:29.000Z",
"description": "malware sample",
"pattern": "[file:name = 'hjs6sjd' AND file:hashes.SHA256 = 'f3f61797db611b82fa803a3e4f943173e43dd27ec278f9420c4b1397e51a2227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40d-538c-4d6b-b635-458a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:14:00.000Z",
"modified": "2016-04-28T08:14:00.000Z",
"description": "malware sample (probably corrup)",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAI9AnEiQDCgttCMAABeeAAAgABwANjVkMGIyODgwNjA0YjQ2OTg0Y2VhMzZhZmRlYjBkYzNVVAkAAw3EIVcNxCFXdXgLAAEEIQAAAAQhAAAAGAB2UUEhMZHl9zvgDmtrovK2ZHiUbsasU0yZV8M72v8csKmQsV3crvK3K6A6wmZHN0MuxIzY0DhPqXvPPpjO/DsOmkxcu477wCQW0MM/aTOjD3XqBVj34CGi91Fa+2sJ+F8t9qqKDXVYNb44OVmAUwGIZmcqC5XHd7Spspxwj0KKAKFpPlcn96zm7vWW7TxIE/Shu7Na7Ajgx+DL21blDM+qKnVqjJRro/2Bzu4YtYmG++Y2Quoz3LLJBPC0KwUiPNZDAwembZKGUuoWOWzvUiBQRO9/NbtpS/ER81HoiDMxQBLUBHlZPmtan8Zb491Flruul3WbvYdI2WYgfY7UN9k6keMlCwT1OMrjwI0eThiMg26dX6LhWoIDU+Hcvvn8yI8cqcAlb/Qtv5/QcLL8dB3b0zJJJxsbxZkZSjcgTr38HVRMHv02Lxh8eD2Fj/kxFvVINngASCzZ2U2hvDJiuDT0WJKjTiX3ulgLQTTaf0CLYw9qqTcHaXoLN3uGoBWfAA0ukj6pVAn8IEqh1naXBlrb7VY7Z2wbwMqeM36bIE0Jso8tyypGTROvWR9z4DM9tYVGv79QEfx/CB16QcQ2EnvmZsbgRF1naA++MmhOa+YkwHHwB3xD5erjk8QPslK17uXs5lg4+oTonrIBp11swT2CjfIYfFKtNPUC9bycNsZWF8Ecgkdcw74gql/R13sfFyuP6HfDjzCbdLpFpVYg+BOlAlqqmuR87FNEOz4dc6VygebP60oX+Bni6aLrK/iiDKO38M+lsv6smig1lPCAfDs9qbvjQG+5BkCmhQZZN4QLC76bhXs3CVDY0T3T8rPMdqTKEh4NRKrmmfBQv3kYyk+iSQ6qZhJrogOvQRyuZbbhwWYTthOiW5+Kc3h8ZxKsbq6W73/VZ4rFGOiyOJw7u2coC/9hYiixviyf0RX+oU9c+P9ny5lv3TxvlAMCJvT10PgKnRoDB35OuPW6RlTlmVb057FjIiH7VampPBElupJh48zRmsFtqNFcdyovIoLxO90KYts/Ct9flQ9oAv4Md+/s0PM6LEZpoy7C8kjiDrs9kAhvqAY11QsFdWvRvEIiBJ9+UotKf0wIbd/7B8RQ8OF0B4Ti5f50ElL+y4UYkq1TfUIRzYb+G82ZDKwrBfEbN++Wq7PSK/Jd11CmYYL76hwPwBUmK35BrdshU6zIOj5ZvCC8wU8N/41k8wfEoP4Vh6bmaty81lIaNzY2seItVmVzbggyVHCV1B9NO5BIEmIToKdwa4NElPy2et5CcX4/MvjHRXYag4mYTltFpZZ0FLYQjrl4Us8AWERmScg4MLHr8CtVJIIXda7CNyLVEUej8GijnpiM9EzGJ3fBFMDWVl3CLdO4i+NqP1uO9TX2dJ0hpBDY+mt3igcmDOZnE77E+CjmxPJRew1lzaL/cRVZ9Sj4YMxMHi4MwAMWl7absu6zXHcPuBB8SBsHc2gMpidtjFjjwnG9lkOgLsWTgvkRrNniJrLuBL8ykjLBYt/VraUa/oavlemDtyPwUr3Mr/Wo7SKe67BLmpTFxtHN98hxoX9ofRDEYSMQtJ01WhI3zriBfGCsO2d1KIR5FjGav3CJR2F3JM+W7WzZSf5yDDbVOC86sqv2kCLl81SE/naPQnWk+HLnGwZskwCo4XkMy0yX/KxoXjiAc3v4ipd7WpMrQVw4CQ77XjXSzrq1idg3Ke9s/aGw8FcafiD0xJHruFI8vHfstyRuMap6ERx6MQvJkl9Q+R9ZXbzbUEvPpzQcVCfKeyR/Jm20wnjRDhnjJCbvc6WpjBGZyB3OjU8meb7dVNiLcLcE2dpqz/WnDUOqFJ52xqqx3JufN44IjT5J7iDn7zYG6OhUApcmJcA/pa99Yz9ltz/WfFl2K/4fuFy6QapZjvGkehVdkht7X6Hv6S/6BkQxMkecwaqvj/BUPM9D4dkEWnyyYD1lU8zpBqEXHzhfwMAwJhXNMHXuBuL5lICkUMGTAJ1CT9emdAer6uhquLTfRWeTxB3tDtcOCxzWFq4ecDwKs4abfq7iPK4AGv6WGSl23k5bIFFZG7Y3VjkVlXp0VEpRWxjeQG0G04zS562+Btw0ebzAKBe/M2TZcoLJQgLLTxrDRTwiEM+hm9OxtHuvxUPeCTSKV3eANvJKI+clJI3xS7T8IDxPvmHeMrweQ+IoVYBMJ0BS4gN5f4bWQALtkCL44i/eHrYugy3cHUSeou3utlMQIkmoSbOSOK7HN0QsGSa40ui0zGu2ZvcCTTbzt90hylSbRGXXhOowD7Z0wwpS/EOIayChgNwI9yZ1Hifoeiu+ZeKPq/P/EAE28JaVWCoPxrw1R/e+03Hm9lLaJPsaWrJb7rrdT+8iL31vWAHi6P/AY+KdGkFr9aW2yqTMR+it8iy6ku2VTT0goZHSB+8SK8BBMzWbsskeIMQ3GsTPf+m6xL6Max+CNI8nMOYDRLyuN/nEMeoKTchZSpF5WOnbSvw2VSUGDauhznh8TbBBhuhrhuwlan2A31gRXwrSaLq+kELuVqSqk2A19rB6yJwCATQUSlCNLoIAjYyUIjLT346WHy+nAgZtF++SthSo/GcKte25e6+LOWfxzLbLT2JMj1iSnSSy5yyxkhKt85sAOwQpLZMGRAvxQdTlpVUDhoD1fKbEQs54dbANgJWXto/UcrWNBkapfXtRjnDGuiDvPI0q0MUBneLHT/tDwgaJYrN297F9bx2N1Apkkt1fmcMwZ79XaXu1dQIerpMWHfZMPA7gjGdJ+SjHOR2ZmOugVcULB4zgOyJQPtk/k2EVhWkmaYKPy0sYtbCG3saP1lzxchE///bhMU9wAiPq10tF6cJ1jOPOIvvmMc3pYX7B/AcBV26OD0Q1Q9BvFZ2F+gFHAYWUMSjMIxu6BD7TIKVGXSBfcLRWxVBOdPj2iNRk0+f03AxUDdk//zuGjCFRD/+pHa+fj4CMBd63MRfFStmb2XFugpwrT86Ydt2X44NPQFGp1yPbQszOatFGYR6f7F+qhVum/6lP0Fg6dYJ6q4ynJkdg4hDCtlLNkePCeLeUiWZt5Z0+SThxhWqHdMnqr9ER50Ixu3kKkNhWIZxC3J6m8UaF6oAwJg7R/mIY48pXIqGgZHOYrrQYk6iUPbIpAWHQGRw470DTAlmngVD0WCv1bhthnZB1CMQOTg9n3faNSGL0P2dE3LcKoQKrloKjbxzZqVhjyWVnT9WGXv6FvK+nXZoWQEVgpp+c7auK9d+GzLayqsks2kPXPbJwy+9y6ASC3Re7kedSTsS6HipObryIDINi/Zept3vTsOlPmUiPV+f0SERm4jjWD49Vg91HYjZfB3TQTpjyGBheQENDjxaVTuZ1iLhs2dAYRMka/jz85NFWHV8JmXQOrhOeqXo4G411xYZxHSIzpJ24zMlJqq/LkC4XsWAI/ly/7XUofCE1OD+zkOvyp5wkC47Fumr2m1DWnR/CK9cnQqROB+os4i20QrosFGSRsa6jEbpiBfG14B1K1KdcfXL3iMClEc7VQpbIbHHX7r91BWSfOxQAHJYufvKqi6wHh2iL22CocxfgxYTSkkz68x/MHzA6iqw8zO34tZY0CwoGZMt948tZgw8rsDAkb0OHEW8bqSJgMfkAZ8Kz29uGirtm9Kxv++ekzK9MiZEpeR3fjiXI5WJ+MlQz7eX29iymcRfGU6+M2a3rehtNEF9pwBeScTEvybfLqvLw5tsloa5/i5b+TxBYc5mF3ULGtq9JOeroyHyz/lNubhbru3BfxdWiRWThlDmHYj/8MEyHkd90VY0L7ythQXXtxOl+9SdWp51wg3QoDF0vZYRXm1pqxJYBj3nW0FeWKBbiFuR2H1XExVVSiAiayYgTr8lhkgvHQcfO5qXiZWKOiW8yboU2ODwo+XMVmEIoM5iwsfrQHWo7hU
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:14:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40d-7698-438a-9940-4402950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:13:37.000Z",
"modified": "2016-04-28T08:13:37.000Z",
"description": "malware sample (probably corrup)",
"pattern": "[file:name = 'l9skda' AND file:hashes.SHA1 = 'e64ba7bef9c5959fd7629506ef184599003027b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:13:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40e-95c0-4943-a7c1-472f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:13:53.000Z",
"modified": "2016-04-28T08:13:53.000Z",
"description": "malware sample (probably corrup)",
"pattern": "[file:name = 'l9skda' AND file:hashes.SHA256 = 'b10ca2394dd7ddb57f17362641e4187d91df2ba0e2c52cea703175161f28eabe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:13:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40f-91f8-4c1f-96bf-427e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:31.000Z",
"modified": "2016-04-28T08:04:31.000Z",
"description": "malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJBAnEiuy4t8AtIBAAC6AgAgABwANDczYzJiZWY1NTczNDM2NWY0YzM5NmZmY2I0ZThjZTRVVAkAAw/EIVcPxCFXdXgLAAEEIQAAAAQhAAAAQ+q1OUQQzpKxJPBE37aOnVQ99UB2heJNtrOBaB04aq84xz9RA3duz7fT+Bp2J/g2aR30CEdFOTZQ3+miX7u42QV0Ra6O5GtABuDsbt58l/737Bs57tBm6LthLwh5Qa1XfVtUrYbFU7q4eb1MOVwk5tIZigTp/73/1bP3WeuSE/LMGfJkZ6eZPQjBXuA20RIbbPavOqJzmdaH+t5faJ8OtHBzBsO+vOUZFxVNsURQrVEAS9gPvfs30e1f74xRTRRByMBJO5Iw1cJYuFwxAGE/SYyHuQVV4z5JmOe5cUXtTixpduuA2GPFbdC3p8TwCK8H8ZLN8bXVHoH0xZjulkxlVTugYfOICI9dmw4bP+QacCk3fStyfiFmZPOI+nZqMCQdvVeV3podbCP+qVIhi+5fHFUJAw58DQFPxki95fAePL1lBvAmEWsETaP19fFJ/GLCav+guI5JIa7cdFmK+c0wB7vdqzcayzZPp7cvUTYwHF8G90e3rvkcohOUzfsetRxwDNr/QlH5Juo9qv4WUqv/fRomyKWbpq4vHmx4JgIBJhWMeta+U+rA/sRY7NoDBjkM/uyri3Ep/4WpUBs+TVwZ6H2p8r3uEcJRjX20sa0vNuIs7oOpeFVff1ZOVB9xEZk0XjyPdUB4Gov1hHyB93cBhUR0R7dqkemPDagC52P4qUC0pZjPRo2CXkPv5rK4nh+oHW/rAUDL5R0ogQblMnTcQlRwbhWy2UIqbue0q+k66CShsdZNABSj1+RGzNjwGuh05rGekYtXIIf8TNm5Pqug1TTyxir8hfWCt9oBOmsmXAK+YvvFDFAR0vhtRbtUa+VHZP1If5JrvfJlHn5aNc57B1TyN7zBC38ffqdK7IQOO3ihz3wLTVL8hD23nFtQGhalutW+UICC1D0Sp4Mw/wXpscsTN40pmRyNP4zY4UqSRR/74Aw29KxcQ7dYJr4hy7uTshqAxTvmEAb+OFyngCEf4fkBIYbCZEsHwy3a3hh02zTOdIXpFp/fKSg5GY2jdljDMWVEhldIid6Fc14jWXQGcOgwH82pKa7MPVzRZf/7dT5fI8Kp32/MXkhZoDjp0OtKWnJ8qjzZrV2B/x6nxQEPyxacYQyvO9wsJucqC6XThI1WPc3xvO7kT2eFirJzVNEG9cV5wFwEPTJY7i+rED4TC8N3NMJvWL0K4HDcvvl/3CdT6pK7dZo55WGzU83BxOfWLK3wtbkKqLwzhHRvsyLmGFGcIdLxh7QFvfsXgqyc+3SAXbQwR3rfx8vKnS4nmSdP58Q2dTpSREhVJHimwHuVB4ms2lv/lbxuqGtfMr/mgw7opaTah/nkQ9gEbk+JR6TED6LsoVEShhC9kb/dv4g/1goSV7PTE3Q69lv+1mnqJ21adILkpNSzUUhtsqGKXyFJaca8AlcvhvUqFdFGqlbzouGHq4ld1y8L8WFoHIBW8r/H77OJZWA36rEBfNo0PIp2gT2RWekKtORsYBOgQKXwr/cfHEiC0c9o341aDUYd0NlfwVL43PH8WqHorZeCTq1YQ57UkKyN49WWmISYcjGVOgzzGX6QRjwMIsB0vujnaJFbz+H4dTc4HSbPrNgwrakacBYP2w+6eTRcGell2Z54lDsN6D1Cq3658wfnpA2dnoyO/CyVQMNWGUAVly7k0y1UhjiPbrcjHErwbCp1/KjQ2Kmrn2Tt+2yqWlT+ypCOsl8KkqSMBZy5V0B6tjpIfcKqwPpILGEQ205b/FyJ8N7duBsGNEepCXy7iCKfoKfPusPZyBhcNwBOoJL6DbQ8LnEWfldHxXCIHv2tdG0VNuRSmceqqZCG7tbEHzX5j9Js5u2A7ZaL2X9dvzgu1DdYl5sJyMj0+6V2SxsPFOf7/qjwJvqDx/F3cI+fOXeg2UHnWwiWg9Ep1n4VisXrafEg2y31ME1jp2HhqlARVL9QQbTfYCkrJPev5E0ln3VGgCOowJVWolnomAS6dvYeao4J++MZGDPrsGxkW8MP8xrKsibNhPnLaSjof0Dx9DZVV0Q8XsWDfLdfrN40buB6Zb5Ho2SfZhZckOYK2p6Y7BWe3SefdIvfuLk4mjyjBpUwJadHOoJSSl8Jr8W3CwB7/pGv6yG0hiPI5apUqzQnQmjRbG5cav7q+2hvx0WUSB8V7cXVR9VhS3lIIVFPxPMH+4DAmvNByFynRGIcWvFduM5NSHHnETyZwzx7g0q6L4PK9EFQDNLq3qMYbVaRcvGCgC5Z2tK5PRQoA696o2q0FxVypiOB/VIh5A7gbnLqBYsCc/pC8rZgzyWeOvgNSW+Q3IUdzv96Rfw0eH5BXnJVrZscUZVVwmd4iFozBqcyFGpfqCmOUDEvksOV2/AEoNpMvreJ6nTJarF6JN2q34XGr6NnhsrCNImLSCHuIK/WXHEA9WjuWSigF0s5aYT6wwwhamgKfD5ZGdtak1esFu2SWWbJmPSlQyb6L6R166y2jIHoJAnR9NVqaeAACmE6wXDZEoVXSXMyTgnznD+gfQLLWUjkeUWvzvKWwRDkTzUWKqAmI/PuODqQ3FB6Y3GpIJO4uWO9fIbucYpBkDUrhHXjLgUqieJyQwdL8g6eWZit23XxzdCqT7Fl/fLxOZIJFpl4kzf/8SRgul8e6MU1kGblE60PpEhrVen7uHBONRi1duT10pcUOE5biMlBgLmUMEyY/kkyO/CrrcEbfxHH5S2mQn69qYT1p8RlYWECSRyhC+clRM1zZQgcmJYQnPxI3/jDASdsgK5ENEKixwieEJVw759NZ9hxSCmJ2cRsmSAeWQEe7QFk8/qumvwSwFDhhLt1BQJFpv9YywYvPeBX5LyPVjAduScTbB4/JDID4dAA+OFGY8JmpPsV+BOOe3mDa+irYwIJQBgZzNmVNE870JCNPU4yoAAx85H+s7Jz6SPb7SVw2FlW5xBfBNdaYxKcVAkpyesXtShF2TvRbWOAqlmQNUJH06X46Q8+tYi/MEeR00h6RNKxQt9DVQoF8uqPC8AgEaYh5durDALh9Whb5omEGeIhSXB2LkvFXpWgK7GzVqcdS43ASmJLxBtSkWN4CBlecFVFebP39YudnhD1MjJXNGAUEtT1J2V4onkNEd2TDdSB0cCSYLzuXVb5SmzziXmgzgeUM6L13iVrdPUTNhISTVx1qOsvPV8qTf7GqPRO8gg9PVT/lhQ1x3eMmtD3t4e6v/KTTtSScMw4Uefz/nyKBu4SdQOzSNO5Meaoi4vw4pKpBzUNv6V4VlXftR1W8f6hLfQKYFwxbmMKYlb6frVgBkW6wzXwrgt+Vc7VV6RmFZNA/kFMSzMEwBkHUPlvJEal/5bmyUSWYY75JaTVyeEYWYSE5c+fZUZikcnYSyDVbzO4aZ11skJs21ZkFhMKTTF+clqCiHHTnsXL9S49+0tZwVH6e53tyW4HBFu6oY94hOGRCU4W3lcmGFLuaZkubZpS8OGsQr7b34zlqLGIW2TwJRfbu/tIMZhhfYx34DhtfzedA/cYgf9AN3JNiFJTzvr6UEufEqEn1rFwss7e4TTfAp0LKsIRQBWR2J/W6GaDVUYWqiCCaePjgHElvXQ20czpZVMzVUf2MjSrUHzFFQzs0pmnG2JXl1PG4kcYKR4/s3+CXrtFw7iTsZtUBqZ/+gV+z5Usn8WfjkKsQRSUwezqb6idVrNdxMPRGLByghxqCALCDY4Zj3HzNL/fSZYNevLVnb1b+lSn1KMrJiGlysf4Zw3bWAON5z5jzFUXv6Bg7ZkLC6MZXfLh4lDWpjaRiVPU9HVZZUz3ekSJA6PB5M/5Wd64/Cu3X8U1cHd77qt+Zyz1n7h6PT9K/FxyRMtSvkfdzLst4G5pc+ruXwJxoNox4nikYLPCSVvXXMC9sptCCQZ54uTAc0D6Jo0Oc6KVXG6qlo5oXvQgLEGCNVLzDLdiJy
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c40f-54cc-47b7-b05b-499e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:31.000Z",
"modified": "2016-04-28T08:04:31.000Z",
"description": "malware sample",
"pattern": "[file:name = 'n6sha' AND file:hashes.SHA1 = '3cb82e3fb7211adbc30a44276ea676e3a00615a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c410-f12c-40d4-a160-4aad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:32.000Z",
"modified": "2016-04-28T08:04:32.000Z",
"description": "malware sample",
"pattern": "[file:name = 'n6sha' AND file:hashes.SHA256 = 'fd7c35c55e0b26ebb42d019866991f583f5f853e67e7eac8c0117544b3b3a079']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c410-0e24-415d-92bd-4150950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:32.000Z",
"modified": "2016-04-28T08:04:32.000Z",
"description": "malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJBAnEgiqDUn+NIBAAC8AgAgABwAODI2MTAxNTc2ZmMxODU2MDA2MzdlNWQxYTAzYzI1MmZVVAkAAxDEIVcQxCFXdXgLAAEEIQAAAAQhAAAA5fRd2DAMGHJ7rXdSnOzqOkAyhFbi2aPXBtSKt/Gjj71pOEcwN1wEMK98EhOO2+4gHIJSW34XdePNZSHWdnsGRgnMMqVOvKw9FdggTgBVJG9IWA7biOOz8Ed+KxicYZ2rl/KuL48zPadWM55HzV3gDNYsH+JPrAK4G7cPps0CSCKwaFPuGAiGOp+NO5jiA8ELt5pUReRrxUQWZa8H2i6MergsleR6sYJ4xmeYaF1XdUoWlBgBVuubIfWxVu6hlKaf8RsMU+iYExYM9i3wxkn+KXABxenVocFBEbCuilNfS29AOrxJLXvEay0D6jhiS60dLZETeTiNdMZ7eU0TIl/4V0HEOjp6aJYeU5KAaRlf6iGiYVTKUMqX4ZR7FdArBomBuHTywyCjJAZIi2Yhfls2OK53Ga38Xv1HlENGnG41ZE+gNWFAEu4WEFfK3/mtechNA2pdYp057uAJi3jqbzcUk9eRifmTBwEJetYj01xVpMcQjFbuD8HG+N4JKUMwQaqo+MD1TUpoRG4ICiZ+gnpZV44ZDPl1qBk8KRxr9R+Lq1mn0y1+EFEIjFt91fWjKFuXsIzbqb6JUPFl/M3ADuag/mjEo2L3SSueJxb2zZs9pTfQPdFrNrn9G6+Hxm37Eu9PwC6O4DkdgKETZDtrBVSIVlFfd9nVUEpbOQc4gpY6/j7nmHPuk7ym7ZgYqD+Frze4r1iV6hzdMeDZvdtSzvcQUnHAblx+XnYYl+XEmN0Bb6Z+jMkKg4YZKWTluGKmfslLanHL3RN76Q/z3aKobdCvAEwUbzpHdigerC2YOaC2O8nflangreEp2g2e+O9yzd1sSyTt2IO4NSomjixPOpnryBSez0lpGGwcNQffITUi6fXLeivd90uBqzFzhXMIj0czS8x9HWKuxCwzEHBHW4X7Puznuv2gHHM2L3WLNpGGLqhgWvBPtm3cpdPZCh6KVdM3AwnYZ2dE8OfA6s6U6CzO7z8B5kxvwNsncUgAtpLSIf5xa0F5zIszA+0DzqzH4DuX4ZmLoUSLuzxv3hynF6J016+g/QM0ZEPckX2Hu6zswLOaFN9iD0YXJbBM/HCxmI+Zf4HUWSV5JWi6FKnAvUgLQ2D3CYwEyMkRjypLlDiqdV6b8nfVPdukbXhX0TEAkznRsysX6kLcSjJHIbksqGEaHWJDyNdiEmCu12V3x2yBn+/AqGbq7uYfxZ2KliCjaM8g/AT2rGZyj99aL2LcL9lG6L4+K9+X3J96EwZhFYlJKIVsksUY2M+xacSeffpMkt7QXTFrLF9raxpWzZJzpjUAckmJice35pa1s5OvYYHqu8B/8lqKbZgmoxjpLp3VKtXUb0yz8vu58sw1wUURaXo8c0m2jSIfSz0z5gcAgqJQvgvQal7DIpHydr286CHAP4XhN5MlAOmwedtYE6JDHnOeeOX6TjfpuuJOnEfD7NH07aphPdoe3fdVPSOrUkbnH3KBCtv5agTdNI+9roj3FQaLrD1dczPAj06qsn5SKFSXX0XjjSEjuW7i7fyMQ5iK/dbgQplboOXc/QSAv+TZMogdJouvYLbKfX1nsfHxIXLIow0P8UyVBPGQl0s0ObhgScxbaT60K0eDkLEgiY5WEe2Zoq9vtHbflZnN4sZrU2GzOZRIS1Nu/Vpqx8RO/3EbV75ZpfljGz60/xrPh3zhiQGdCLzVTqIBHSgtu4LMhzRYjUzYshqFnY65XXERzt9376hjw77WFa2SJk0etg7YuDXyc6qSzUxkBBJYEMDokYf5vO+aUncqaFW/4PEvYpda/FM/0A9F9J/EB36nv+nwoBX7ni+ZN3wGLAIk4C4Z9ZHAfllkRydf5iVmcbGhimT5VgRdYnDwN+0YK5s+e6ptD4G9UJCbRLKmyg6xMBuHZoDKRO2P2V/0doxLIEXuSjbXcgSxyd82f0OoY1UZ/2Uf6Kvhzrzux//GWwT/lN07aptYDxplxQvOn0Z+VNuvTVntxkMeWF6orrVHBK9paB6zvD8V1Jg0v3oqg9uhEymR/OAJPdXrSCJkG3yTFZCxAZwOY7q8AoQL2OFcyyHlXNzMhBNKtuc1/qnpl4GOMzbAScRXCz8j93Iq88ie5DsqVJWrNxpqa0GwXvKxEIY+Gh5gx+QG7DtBjD2uHh4oNje28MFXmihDqJBwRCOzo/A50hh/KcTHKd2e2neOpK7pOnwOxK0vdJQYkAkUmp78StN1HTrHubN6sL5os+XDZ3/WTFpfRojgNaGzTD5rDvObLOVj79OxgofRMZ0fubmT8SMH1TMlu82MC/eV3TWzTJnudYvvrekG8Sldf7yBl/HtnPZm0MmSQFCPff0rrkNJwM5Qd6oxsfRdAZWm8ws8ygZqGR+MAiXYp+OHVrQE7AzA6+vYgvLgEpiZ5H7MCdDbIZRlp884TCqK5QER40TLI4hLMjNsQ37DIZs3MdbhA/ZCuKP/Q24XTkpHVn2ZegBCIrh2hfac19XCKBXEVHcgO8w5R+JVriLhDRn4queEBRf9I6x1p0cVR/ISUnqs7gjfa5zAWqUP96xBLIiMwJrhBtc5eJ2KAyePF3hoo7ZxtIqU/Z9k8ecQ9vvs3tyerd1XbsMQ8TFS2bY5fOq3VJC8mf0uoPhjFWsn0wZbW42v1/H9VjVxZLb2jytIkPfPlwZiVH+B8VAJ55CrEhVFWAEYdSnybdYCqMKBLF0k7ytulL1IwpQx4MyZI/QSE1XbPq+z1NGA8DKBpxxeRzIEdWgTzUshKTB6Hl4PrJeCjWa6jp/t67rLWuI+oBa0kWkz+MIxUwKwu6Zf6OQoZ/+wE9jk+yvkcsZlc7Q6NCGD86GAsOBP3yCzpqyErcRb+R2bzMF315dxkncM93IL+rPYMFHDToJ1lGC44o8r/lghjdKT6T43qXC7DrvYDOKV594CfUmAcUGG9F0ALmj8YeLt84tu4Nzm9JesZQpLZlxJ2hfdyvfiYCHtAVvGIiGoZ0CbmVJQCaLZAsYPvTa6EZK9CJoJkKoZ3ICVibTDxirU6V/EZWdsKbsIYaJ/vBrpLE58KGg4o8N9dUHKG96P9Kil7oHIGSXtUSMeRAwoKL4WPEZrmZCiItZqcxckBmGyLCB+iy5V2YSxYaRejUgqoOA3favsZLkf9xOpYEtMp5EgN6mE9Wk0ztVsUsmt9HNg0XzXRvfpnINsTlpby6YvMdt5H8Vq3juxENOaT95OnBSkdkMdSpzXiDkGWJsUWcfkJNgZIMf8AaYux/Jd1BWZl55C05X9GR8VEQxeJpXSxZM6KOZ4wKLkGS60pRO43giSOO7+xlLZnMtAxpasXZW17d2CccWz31aNlF8elED/UmLYWB42JQwuIJBAe2AdCmo/eFALv/79qp2opZytjNnpcx8KdFP/CL1nJmbWH5Ul3gPRActN2zimU4KkT066Wr83YIJ3zal2j0fwkxEPQ2foQg8Oi9hv9j1uDMvJpeJwkuG4Rve+Klhcn2BhJEOkXza6xcumwlhnIpnSM7sYeEN1j3EvsnNrCUcW6vIB2CFi6kN9GMDBBvGb/SG22etsllUWodFbREQrw+790anxI1ix0pgxruPivNDCxWE1clbp549ioMmcb+GQx/g6bwhK4tCDf4rqwcVZFPZdDtNQf8BZiGJTVZvtn729it1OymrGOaDizWmBPDF/9kFJ6l4fLCD7dhd33RHkdBC48NadKuQkBbzMigXtbSSmvsjcPK5BSFr2I+Zk0kxvHHXTsTrY02L2oEzAXK736rrPnBuP/XqmilIDTSy6LKTKzzce+vSdEpnIIQ2N75Jcx3tXka8VUOcwl9LA9HgaXKlSiRIFC273Nq0qOGu1cFByXIQkEtHE865cNwsAcztA2M0OuTIPrzgqCz4eRPYmSt+2HZxjcvjGN2W5Wnyhp+hUZquomeRXdHvpIZPygRWGwO
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c411-07c4-4f3a-9663-4695950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:33.000Z",
"modified": "2016-04-28T08:04:33.000Z",
"description": "malware sample",
"pattern": "[file:name = 'q6hsdl' AND file:hashes.SHA1 = 'a70ad8f875e8ce7d23d3d4473523ae032a88de71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c411-b4cc-47fd-a55b-406c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:33.000Z",
"modified": "2016-04-28T08:04:33.000Z",
"description": "malware sample",
"pattern": "[file:name = 'q6hsdl' AND file:hashes.SHA256 = '9960a33bc40f676f5473b43b6c1d95daf6249be9a9128de65c016ab25101bb26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c411-eb9c-4ed8-8212-4253950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:33.000Z",
"modified": "2016-04-28T08:04:33.000Z",
"description": "malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJFAnEhbS3/GW9QBAAC+AgAgABwAMjM4ZDIwZmUzYzNkMWQzOTJmMDgyMDc3ZTQ0NDU2NWJVVAkAAxHEIVcRxCFXdXgLAAEEIQAAAAQhAAAAzVB8NAiXmsRqq9RJUTWqs3knBK+b0gjxYh0QoSTgvBD38vMpuw8HCmO7zZYAvWRgWCiaOGwNqrleEWNmjLpBfv6gOtkD/y6ds6ibcNrCdKEA3BAwj74HD/4d6F2Tkxu+tvBbuXMlssXZtbsf1p7FRd0omCaA+EX3rr9fkiuU5/PuPzJ2mSDPrZgm0F6ZJOLYcN7ffrVRML0dTL4bwQrHs3zwsm2uXBe4GRMl7sivX/zISbGnSf9/G5jjW/rCTpjXnkFUgF5ZgKokOz2TaPw4CUtl6odoxGqtKFPXeHDDJ+2o/oxBEo3QC1dE+EbTWTeEsyDTkq4himhFYRZKh7ooiK43YGZx5eAXEIbnVSkCRU7PoX0p2MTwE+EeOgDiXh3E9WaFOADVKyfYdv1Bk9nNQv8cmy90ohRruRpueyunxhdixIawkRZ+oU0KILvWd2L+e1lQGm/HUjHXFMTvlpL+NfuCfcdyHAVF4HXb57U0YM49zoXEzF6l5NxSUlZNUFQ8HRFc72x93pSkkbrl/lDycr1IvDVzOfWBG7X0EaHr6qJpCA9E8l0BPgBtBtyPCspKePsX2Ew2t7w9P3M1vKBwFGt5RLd/jDAGg/TX0Q2U6Y5iR0lg2iJip600MfnUueKU+C8C/1EoaMqy1dCjsW0CIKYJBWNEc04ptlRIW2zQXP6uwJCqN1AFqFU5FTTlYKV11k/oBQUckRJT6pgpnUqsXrgoyNhQbp0FNY4PL/nqiI1W4CAsw/vEkc9aMYXQoXk3W6xzUq8boOGFmeNIQOF3E1NHu6yU8h9V2Cjc/8yks5vdZdh1abj5ZL+0anUn8j/FAvzBJdhys+GVrZp1MuqZ2bYKw1gvb7Zn8rSjtUz/QRzklWxCwq6jo4nE6I/4tEg3V0gIbZWvZDvzgI/DCZfeJJk4PXe2TiXwMPNWsfr7H4ml9XMV4PZMsiDQUEHTE2VxqublBXUW+U+4QRcTeFJjUKTQNwJyL1eDnprgjbQi0vpKbELjcXazbmknpom5CcM/1zslE0y+MQXEyj9OQwuaZE98AL1bqX9LMl1tcnOqQdEmcD+O4oNevoBYIMSVDmUqxlmDiUGJf+wV8JGr9ququO+jtqQ5JTZvFvobJEMgN40iU8rvTYnj78Iz88d4HqvaoEE1pvoPKGNvIQe8kOgqRrSORK123J1V0v7/+PIWEcKmpUpcDMEDMjaJCARYrLNfNmo6aJYdtpNdoJDGJ0Ugi2QFXn7ZxJION3kBiBppehTIoQT9wk/MKnY2j+ScoThy5Y6W62qGCn3cAzly5W6ITgGgd2x5kHHIRra6T1lp6hCUzMdVoA0qhNebCAo0TZ3doC7eM3EHRpkg8FlS8vkmaptpS7EgFZId5Z8hpSfcVBS3f0X0lBustwCMRNZR7RwnW8EgjjW525GNyq25Tkab9CIOS/bYwLfaW9yC0hyUexU7nOY9i/raT7r0Y6C/eV+CrtdtFGpRX0TfI9ioCJRMViWLzr9Ug37bCdUqZnyFnpPwJM32Cqzg2dJ6f3ZLLUeZYTvxsjA5ADVxJXkABK4YjaYQl+6+wSbN5zxv/Y6wt28UbxOd8PQJmZzGSFw/DWmvatZdfMaAKGpA0Sr4gJbwuYELhU/lZnQxzAJorOoAdSOZ9Czh8zJsithp4pCqbLpTrQbUFo86KnA9ClBO8jwEjCf+c5gz1e7ITUIY7t8E1eLHztQ33pSVI07wGkzkHaXHm1gGTB2Zl/JdMIF45P2ZxmSTZUfbqcLFWJHblauUrL9Q6rEWNEl4ToG/vQBjpKPMADUYLK8dH1UXJguxxvYqN3knoy/piOTmYDlrko0KcJhUG1ff0abrnRo14szzeNKv95xQm8Y+lmetFQ8rQKlybRNbaxf0XsOalW/89QereaLsd2Ky5/gfqV+WLau2BFTcudVwTJ6MSFc2HhIwZkjtmjjb2wevfE+GK3s3EVqZ9MJs2hk4fvIx3aPYCzDMqUJcbouGQERRUNjiYMcxIRJ51eFZ/S1EqZCCYCm1fhA7XUZIbHvJvnYg5OyimQLYFDkZkXX+BHQHxH59TpvT4joCYYOF2kmERACEllGYhMn4FAyKsf5LAemTxtzulcszYOyMmdFwnKLlr61neOVa2mKoXLG3a7GVEt/N3poHzT3akYVeJvK1ku3+ShA13rMQTG+mcZiHbNxopvRW4W9wE/z6my3zKolB/ojvIC0iVHJNwC3pVJ+s808GkGqod2RDD9sA69RG5MZZtWfS1NcB5Jiynea+kWKdygxy7KmLaq4ucCDYNVYsrR2uDFi3ubDBKt/gg/U0Y0ZJ2CKAhXWFKzr9GNznwnn9aVJGThmRTtb2Trim6e7TXp1vKv+Or0VzGkCBp2Lr3hT9+IuWpSvEcLqHc2R1bemVm7QVVFAsAjLCHDp0ZHIwQa1yH/KkGBdEA8VsGvkLeprYDKWODNBtttKUhCniyzxqA7/Is+RMFfH0Ur1wBAeC/nemWjqMK98y4d5zEPRC3ERWDWu9MEMF+AJYPJw+8UyghB16lFirJ28Q1R9ZsMtmpLIviNo2DMwFX2O2sLUGY6iPjKKpM2VJqAyKupxTaKAGPrDwMVrlRBlF3bSFzNU8ZCttfNcYv3uaM8DxdJ51mzqc5/b5gmR7d4BmOiWTcEl666QXo84fnjfSon3MYqNreRRNAREm+QXVRSWHBujMhrAX2uj+mMjxCZgowrSot5oj/mi77V8ENUxWI24Q5BbuAQnFGCitoImnc9KYWI8Np6KWsVZZOFyyuTzNHQYi3XHBK/4Mh5CLhqKhJIU1cw/HmdsTsWSF0Grs0EfxTfmxPMKTEY9WRPY9//Uzg+cC8iL35FwS/AqdvQY+63fOgfpoPXhWCDcoXYicOfZOJIktyE9/LZ7qPsUYRVCNHGx2oDxVLtSYMTlHSMVmkgfw3sOUOlVmQuUZuCuLsEqSPq7aK8W1DcSjaoPA3D2lW5aGsOXOX4tq3v88d9172+fLhNyTvhdOfhMIrY3zREpst1NcQCV7pqM4C4ldupSKmMgFQ0VW4cTigee4N7lxs1RFWKDyEyTJR4LLKlCYS63Kr9ecYbEiWuHbaoxBP1vxLbLw7YzNm0VjAljOJlfGYc7JnZBxl1zcyr2ieQIY4mikGoZVI1oP/aXdhgacwGDl8qT9yyEMZaYbEWwCie60rzLplc+wvXsi4nkKuBqngowhI3k/4BiR65Or6yk4icm5AkwKKKKkR7E+mdtMqUbEEIGgvoHlHxIfD9GV6IE2GLv4YksyxupK9rGPCWXmJKpi2XTYcnpJPkb+LML9YOsbr8hl65Dtr7DawmIxsh9XpXO/ERjFLVND/JrICA9ygJazAqbeKRWgZqgR89ApU3yW4f0vEt/c41REHKCy45jjwruR52TV6J3HJ1a5/trBYGjtndjbxHx5FEkcYVaznSMn3FopuZ7tqzOJTcGqawEV51o5oepzYH3IhtnI3Bg3UHTJCbIu8a99wXCwUc5F3LevrZalfxsvMOVp+zbycCeJcOa711T1Q8kwhcB+DQXUMAVN5TwSauZnbpIQQS0V4B++34KNhrosvFZBruvq9uMHDS2dAIXNa5FtZY/YHoWYlVlqkkcfxAqKNuNZca2q+cP1Y3XlfBLcq+/QjLxP0RYAdPEtMc5cBQmcQAJVBtx0oAXd9KB6CdSCQPCC/9e0y7jvU0w8u6sLoHsm+N+aNSG6zOnmdtEUbel3uUcf+hHCqwpl94MDkrsRnIi8LWZeFWUgxOrwrZZmCNt6TuwPJRvw1RIXaiRP8cPxlizc9crCU8pkz/oWdkT+wWWU4QsLtHrl9ZV3x/ex3z043rUQZ336q/GAs/XgxOnMt813XWlXUnjJwZOUJkaNlNmEvyO39hGfp6kl4+9T1HxTBnEMcN4vfkvhblF8N9ojvY6VMi
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c412-93a4-4669-a2b6-46b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:34.000Z",
"modified": "2016-04-28T08:04:34.000Z",
"description": "malware sample",
"pattern": "[file:name = 'tr35esf' AND file:hashes.SHA1 = '140fd486909533fff8a115f68ae9c94ab9f9a050']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c412-9518-4e2c-ad9c-4f58950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:34.000Z",
"modified": "2016-04-28T08:04:34.000Z",
"description": "malware sample",
"pattern": "[file:name = 'tr35esf' AND file:hashes.SHA256 = '78a25e46ac72c545f402bf02c670ee2f085bef72f5af168582094869cac61625']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c413-e448-4d7d-8a0a-4a81950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:35.000Z",
"modified": "2016-04-28T08:04:35.000Z",
"description": "malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJJAnEhfRCJV4NMBAAC8AgAgABwANDg1OTdiZWYxM2NiN2MwYjY2OGQxYjVmNzYyMDcxNzBVVAkAAxPEIVcTxCFXdXgLAAEEIQAAAAQhAAAAzVB8NAiXmsRqq9c82szzheNSASybtmAmgzY4nAM8hgSC2++Lz/f1LPFR8FrHepaSf5O++01gumntI+VvOiqrgJNq0XVnvdBzqOdutX5YV1uKzvYLxB8yBFPxo/qkX4qJGwzVZ318uge7g0CR46aoKc+kUlmrI5yrPe3uY1mkDgf40ejUcJ5+wYH5FYzt7BrjRGAD94qTnH1CyrThxQBUR99lZIEO95HpQ97O920FL+V/F66QMioU+RxmKbmJl3+6lFvGHC5myHlgZpwU+j0rqYF0Dnp+lBPE+RqcdoaOy0bEgWlaEhBzBj82GN0NXj4qUYerGyjK9lFdRueF9zU0WNhmuiin0Jc0ssdd3BCTnGCC4PUo6GVM2rldy/H55f7l5UJ8laJO33HPq0S0rGea+ILX+Luk7M+gbj8icBjfTovedGBtbHupJ8KM30FQQjjvnPzUlgt1o7MxFLw6hVWRFbjj3HDaPe3674VGLjyBmWlaml1jy7pjM7Uy+ErIq8+6FtNVnyZM5fwf8dfsv/5cdrUj7DNw9czxzxnI/qB+Zdgefv7H0MKkXTUK0nluKJzoMy8AOBh1yFxppXRF8/erw/aoVo7zlr9Xay8GamkLed6I4r7YEuwszCm3YbwGB79ssspvAEr2zbM1DN8/ZNEgwvrWfngK2cb4sEAcOAbT/2Ks6tqYOZK2ivp/L/9n3myiXBM2FvWYgWFrN8r9EuF/cmZ1ZCvi+TLqDXyWH9mSdi3xjjr9/NenDHLFyFg54iH24QszZHWgcYRgljhqyKkNCv+SKluD29VbcfKWVlwHcwOZDthdFvIPRD+LXFGEDPn9L6XGCfUYmadyF8+8cWqkcxconQT/oc3UQpI2HLRmuRi+80bQbyKfyl6MBGMMbDceeMWjtlBcDXVnxeE9V3g21FZISlrwhS8v7BDwTWvJXvDI6b5GT2tlub1TJHuS/N5BomURnCFw++Bh/dxEfh5v9xfAWeGa+l9N91BwlNzmYhb7v+i1+okkBrB+jNvglC/4ZDFTwDmABnLbCEM586n/cNHP2te5q3xoUnIZkDG6Qho073y+QaoYu9JFHGBKym8s6cxZGqvKDGoXUhQ5PpPWRygCADI2QCipX3x3U1NpE9UpGOce9gqHpLn1o/U/WI4PH5XdJfqSdPKG+ZZm+CXz0r9s6Pc/NvUcu6yIcJg+P6bH+ZEnlW3vy+l86HDYRTTpOxkLMnyucJZPAFWihFSeDZ868cRbRRK+Frzp4xIurnNtXAkMXkjQ1v8nkr65joU5O3XQOWqschQJ1gAi0qLfvXjGe/LDSJ7HZoFp3oz0kSAgFlzq6PJIeZt+UOLCeulbccyOlD1QaWTWamlvPgR2/GqPQ005kOoSb1tzYljGgog9Sdw2f+mrc3nLtt7MpqO72hEnLNHt1ex6Qo6eNLKL7KgEnxlqgFy4zxgZG1GFIz8FAg4e4oUczWIxmPe0lfu8M5Uz7PFeZwWnvIqBu5zkXoaTnVvzOr1w7YbK3ylJB8AWz43cnl6RBF74qla/v9D+3uDdA5PaYPpJdN8ODE8CJ67qIGwhdonOsGbNrOUG9Wv4HMHImteLRS8yh7EvpPayysoYyFWxZRsSj+JyEafMDBRaQjUGP9c8wGxiNcnroMl6DK88KCrQ7V/oG2EVsVtA7L+WA13tI4P6sc+gKchVgc0lZnneYhz5r8J9MEcW5MW7kusspBnhguz/uTThAKhCo7bkB5OhXzAe6Zhyv5x2nKjFHW6ZwlaiEPqiZBPWErXZgZrUl8HO6nwfBxWPQi+DhwhIAhOnh4wnjl7JAOJp3Su4O1qFLUn8mzi5Y/f8w5k6gAqqtnNAE9YSc9mNDD/VfgeHkW2uEGDIeL4oBtyT+UA9epOXKCV2uJOKYtryo4feAwLo0L9AQpKzjNHryPpP//N511rg9ObqyBXchM0j58ApuZbRQ7C44yZnPuajfCwoQJxTlS7Ub8zVFkrAAEK/D+hIyNLdYgtQhuwpfTuHT7Ieuj9W7jhyvwBYErNO82q3D5+SE6B07cGi7bi15cvDPcXRNx63TdJSCqpiGVKTBjNSnDfmx9PRquj+kCFWXOOYHBvcYVJBN9RtLYi98CU1Ptwls2R7Hu9+dtKPmRpwW0Hsl8I6ski0fe+xttdbE8vMlqqcHDemNduhSVtus2odKi1mLwbxma7Yh2j87Tk/S3FW7e9ssJ7gt0El5Wy+hrpbXKPJZjBvyHXsoKwr4POnYz3wRKp5rkdvtJmLfI1oi9ak96WXrVsoveOT4Ee6X1e3Rj6ICB1AGZiVvJHpkgGPLmZp5mcGn2rtThUC5l6EwgitJlVDckd0PCqCH05uhz5X7bcfkxxOWXVQNUTWT2PdSd+FRr0lJczwyeDp499NswYfg3sXrmn9WFu8MYDv0Tld7TRoBJRXVoxd9n6lZgcHVVAOrJ5w06z5QulLNAvvYelRaqORBOdbXe5NR5IBClHQTREQ+M2CZvsc4HopjWY5q3xT4zYpM2pTbf3ZpA5hwx2EQB9tQA841xOkS3W5I48TYnL5xWcKS4OswVo8Q2kpMIGtZZbVNXD3n6Y3mUOA2z6gnmXwgY5giW5nJOnnqp/KxP9J+8yiYwS4BB7on7hUa91we4NCzOVYrkpLSmeYVegG360rQJqAjnBs/KRyARDKRC61VZ884YfXWOIACfJdryuwuBB2IygVXz9MoaTANeB7Tm7ob6YlioXSvpr1XxWDtmxMCdJV8UxUCYPRGUz/L8uIi7qy8OOdzRHo4W7R3esQLOfVYXmFygiRLXXTYH79HoVWgTjLOHKP0mZzd57R3jluSa8lQXuuuWNM2SCOL5FNVTuiVP0YxCD10IKdFBMpzYCmbqp5FMCwmYZGWRt9CW/8oBQIKklyK5MbXds2GfWOSp8k+Nxz/g2QFst8IgkbQKiUU6r7mpJaMu9pKVxlEj0NtoLwLy7f/+/mAAzBHuRHMUAbiV2UNCdz5AWLC/HKS+uCFl3nMpXzoyQ/XuG0XXPdxoN/rPXvhMQy7dNaDGKJF7Bx3JDU0wo7XKQwz0ssX+9rbkaL82DUpfyxSVneNRTKxAROBB1RmhKefAuC9o2uEDLwcFCmgb5/eAytoieEcwWwZkLw7t/PPAO8aL1Eh4E7FItxop6YCY/7O4jOYqeUqi7UVmItCdpoqTED0lf9A5XpkcA/4tJtAcpbJKHOpSSWp7fs7EPczsRSHC9SM9naHFma+MUbVOTYsO7zsb6RrAGZL/0cPICco/XOHsRXaC9CZ+u0eO8+tEHmKyUb14LoKRccRiKc8Z+pgeeAu9BCfmadNrAFl0DOGYWJGtlQ2j5JUHVzTdu6eWcZieROMxHrGvUKOWdY35009LO0gD3hJZbY3Np7GByC9V9AWEg8oTXt1/E8S6TcXk7h97DgfX6r8ImqsVNSRDtuDLw38C+gU7UEAnh0bFAxPEtaM94v9QQd3s+Asy7mu5iM6c9BuCEQkLCa5x8twmadiIAAmLOlcAfs8RI3HKETG0JgIqy2ffrYYBfVaSovIskTIWTrPKBjL0BuHYEjJ20nfb6Rgpli2d4pA3lv6/En6MHOEPWjbgGHm12+HiNLdhqmS0H+cUE3S27n+geMxsqXxJjT4S9u/OxPqm5PxrHfB8+OZ30HPHljweby/rJg9yOIcTfAxEoJ98H3eVlf1QWBW5yh5MsRkzvZ6mx9G/yxaJuFDrRRhRCj5clJPwucrELZ47uakDJpV/m25WU9BigjocZd+tosKN7gpn09y1NPoMxL4f3KAj/XDlleiiW/qZNo41cgBXMUOWCJ+BEWyg1NXAIo8WTjgbRPX/3imiV65rav9rhVI+75zmaezsofehPWXe2YfZ1lsXvmquRYeWHfPxCATgedjub7tTHi/yVMaDLnGopbLW8HWQvaMs2+Lr
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c413-4598-4adc-8d74-4d86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:35.000Z",
"modified": "2016-04-28T08:04:35.000Z",
"description": "malware sample",
"pattern": "[file:name = 'tyue7udf' AND file:hashes.SHA1 = '1fb799536472ca4f58d15e92fc9fa4ee9afe946e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c413-b418-4100-b30b-4f55950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:35.000Z",
"modified": "2016-04-28T08:04:35.000Z",
"description": "malware sample",
"pattern": "[file:name = 'tyue7udf' AND file:hashes.SHA256 = 'c3b5e6d554dcf4ff92f2f5dc083b0cbf0fd853fb991cc51bcd2ac0d91d77f890']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c414-c91c-4e1a-9f76-4d2b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:36.000Z",
"modified": "2016-04-28T08:04:36.000Z",
"description": "malware sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJJAnEj/QssrftMBAAC8AgAgABwAMDEwMGYwNjZiY2I1NTdkYjI4MjcyNTFjNjNhYTk4NTFVVAkAAxTEIVcUxCFXdXgLAAEEIQAAAAQhAAAA3QOROnBLuIfi3OtohW90f/q7TrVsy87fcS1A836QQK9S8qCxAlesoltpTo6yEm+i2sRA7PK8r//Iawvu/C/L471KvLeT83DCyqL1gzOsdPik9UUehnQUu7NEfHfGB/7351t52RTDutD2YI1vhkJjAzMbRkNZ9BmdevtrCmx16YsV1uaot6PaYERNE5rytM58swSwEgllP7kViuJwc79RBD/pe/LU7EI831hy0psSLHqa7joVtRwr3jy0iVDmaOKVxjr3f7QGEHqx7C3hM+3UgABZfFIO63fq5SRzAznzh0C86X8aZOSurKvV1l8Yazn0kbNqAb7km8MNA/OEo7Z1/pXqIcIzIEAnfwbjPxg2CpWbqXh1tUnb4z3DuqFLHlXqqyx4F0V6KPf4i7HucTjTwPWf+YlKD8hIgDiIi1eolHwkjaMsKW+1j5HRNNZKTUDImJOodjxYksgcn2eO9GR5u8iawLeaze2IQ54ws9JZy83aQgbjptKBZKuxhxXd6pAYcqrpF+jg+zetunUIButweFe6bVMGXe+tZroiBP0pEr3kj/sTbkflHAAS+VPsUQs2JDywD1b6PCbxcVAqOVq/YLOJQ9gG4mLpI7UopB8L5z8MAbGbA6siySeQA8O6Ar3c4+uUqL9zn9D5sDePmnWbumSReaR1tq0t9ckZAPyonOHqAjjswj+gXpF7x/WI7eoSQaDiexs90OGeYZmg952g66ggP5N+Hc4CJGZDOpz0QqmvuDgPLblkFvoNcf32lgpiMVrSKCjeKJjCNWRhN9rEG2bRw2ST3Qd/Qsb38oLrVmh9vJUuSgDNjwcTkSZnRtXhSzm6Apg3XoutF8cSIaxUc7h8CWobkuKfwF9JnUPNl5a9f8cotUAvE/dJUI7hke8ikGzIpW0XipsAi7k5hNRnog+5kIS0GAXmg4N8zQrJiYlWKluzuT6h719Z0pbGAE8TdafJlMtPPpaJk8aLk+8zmMv16FoTHLr84I0Ftp2tYUf2MOB1eVx8o58KhJvyXCrptw8PjGtC2wjyHDn3edfAwRPEYZjFA0eU7i8+VWz+ysYdbGmtIaBPW258l6kOBgw1HJ5wFHLJqKDf0iXaNvsGRNPNTou2kZ/PXxHbIdcLWtKvHx/27KvDgtxjpYpZBTYuzxy6F7QqC8hKin7/rZ2IeM2M5sEVlGzUtUiuPFyP4zd3L7OY30eqK7XugHzYNNTKC+UOF/e/JUfZerqJUK5pgYUg3WL/FFJDL/wp6k0ViSunyVnpphHUqCFS/VhxcobTbb/W5ZghEiVf7kHyeEHAdLHF7hZGt/l4tSciefccUiCFCx5/MFR4q73FpV7gHPYoqom2IlsU4izMsep52I0a27q9fh1evA14EW26sBcYTVzQkcr0pCsS2iHYEHKfG5vQG3ePqKuC6UbOdNfOQ1qxxqzqqXmF/T9PYSP+VRXqbNuapiwvekpUJuHgu1QyHacyzOpYMSHnSSazCV2QE7gSdszcY6rICRq9V0rVHu6ZP80TqXoFsxY3uVxykBFVeAULnLrWHLS0vlgQVfOsakhaRED1qPGqS0BeqshXf8NnvDE0scgm1PDXbglPirMAJaxPrApnb/CU+iuxnc16ME5RJH5tRRkEuZzZO8mCBRtKY0OnNadX16LDp8IaYdieGbnDII/Y3W4fPilKzBxxgGZmgZEK9nC6zDSlS1EZleO3RgU8GZmvrcv5kWFjBThsgHpDlwmmGGOunX+pJoVqyVABXCYxxRioKRGiVVnKWdAd+PFnOjpbCIRnQpkLJQL/ZsXB0a0iV/LibVsP7wJTbVen7NjCbaU2A8cstVuYQCCqIozrIWBZtsGV8LaHUqvp9PW5Vm06KUv9YKJ8bxUkbmLr7atHu9YolC0kpqJMQkChekMSPMYAQZv6xesYZz5jHiKU+al064ox6E6BYA6vS8qiI0UoRxCiq51hOt7wktKnkQMhTGHGYl6S2WL/jarFCcq69ypxcVIShnQ8243lgAluHW+5bPNzD769/S+jhPOwaedRtFhRyumhLDK2tOrzi4PEGNgTC1iLaHs/I1GtvK+GVF+dgVg2wp3zybC+hyuZv3aEwp+8lRjb2TXv0NOfgKkrW7sL5xmWRb1yxmmaUbTJDMwSPGvli51rVny7WTe2hyggoXoG7klYOGwGFzAn3Zpx+wE0T7gk3ygscwpiSWfvoy01bUOApqgzHGRMdH/6JamuCmac8iEtrWc2ENIZJ0YZE6Eq7FcQBM6xYLxM1Y0wu3iupcNGmy009ygJicFDYiKfk/sO1pojEtUFykugTdc7aIoAY9u4TdzuovNaMs1zLfak6ocEqhJCDHExjOD8DL8iattG+YDCs1eTe6De+qPa8kWsTWvHvHD544EjxOkA70BzDOkZSm54qf+h97kU8GfpBnIAr8KKtAVrDVuivknk2PKl1/cf1NYbD1INzjQNw0zOmdBQigEbI99/IrSuU4AVKYoav/2WiswYQKREAPFVDrfIymEkI1xS7Gpmbob/ryHfSr+AHDWewY3DZkHa8thildS86Wr/pxTtXajLraXi5ZMmNmq1ZF2rW3v6YCwH2xROZn5PbVM9ZSHY3OtqFrdFYILrAdmBVD+85fDegCfrebTmO9e3xK3Wl3c5m8IBK8+/DGFoWEMrTLG78s4L6fagP4BXLlEJw/ww6r51zht58WwW9NX1fxhQPqc+U2PPQn4FMoxcZcjtLBT2KkmA5gdWlsj4ao1T4ffHwcKGc8xeW1dnxa9EtDtMZVUj+qcTMapqSiEsg+E0dmDKtvGM49czQ2R1kKJ+siF2QJzxZSP/BNlo8VyXhsDquCtXV+WUb0y3XOyrWVoUZ0j2P4Rt84WoRwCiVPejEzlvwDdmWr9sIkAkItLKxMaSeAPgIOuDrVmAn0G1zIPifhHzb1JKpsu2AzvoJQebTWPvA6iuWCS0u3+ArpBRFvlBQM7I0D0O1rvH+sJdihImB/Ml1T6sX5nnKhS9mYCU+r/+t7fCwUK6YskqK355jgdbfxjqGCSXJyGezV5E3kDoTK9cWJHPuX2ok/+kKluXERx4ruNhh4a8NDrYdqAPQrxgZmwGf6JR48lCuTly0lh4yGZjzqB1rXymzb78MAxhopLnFHqiqmDX5QVjSDGh/3wg9nn5uWG5TShH2wzDqQqQlZQZcz4Im6PTfZWuZMu8RfQVwWIKo1Hocm8fK2LMMYzMe0K9B0/CxPXE1g+tppeQOefjm7HFqsGmjHgexlI8jMOf5WnYc8A8yl7+RkhOtc/bYJ9GV8pGK5ynwfpv/KndgbcU5ikHdYTbbWop3HZeEy3vl2IHuI/KSUlYsxXWd7dVAomaajB7I8bLrhMAPAKb07tVe4CusE9obI0kN5C6sqfG4VhzYVOj2SfQjynYH2DTnu9PVrB67RNc7MxfEk3l1JZYqas9qf11Nnc2BFw+6hmhhyh4Lcfsc/07Sg6/6+fmu118qXk19VTcnGvJhkZOI7KqevrVr2ydy/mhoRUlM6QZE1XFQUG9gqG/hbV+YbNWWMulXR3w18oKt0VRiOZRecrE8LE/pAApXOLb67IzZSI0lkiH9Y+ifBYHKqxOpca4zAp96xHmCTpQtZFVUbL+B/XEXGgYjnosMwUZanW/onpOo/9IAR4Nx/ka6IqVyebdR7Q0I2tSTjZFW/wEkUSh1RVwKTW6AymlQRgZ+GYbk7B56bT+gdYdSwee1XnFxq3lE+d4CmpKWW1/i2uAM/YJrtmnV+GuyL4hmrqJO7thMtsfSYmM1mSiM7e+ICm1v4n23PQH2muBWoHa6ZJzrKMZE8K/lyWyjGGPetpCRHmjTriPIoaPOqjk9Cdada4EZ9oEZmoLCNB8Wsp87oyR/O6H3hVrnBu/ReoXdtFukLowxIrb+nb3g75Wv2de8vI07Gx3L1
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c414-7ce8-4380-a01f-4668950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:36.000Z",
"modified": "2016-04-28T08:04:36.000Z",
"description": "malware sample",
"pattern": "[file:name = 'y6yaod' AND file:hashes.SHA1 = 'c1e325823023ad65caa10c398489b65c541d4492']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c414-4b5c-483c-94ca-4a86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:04:36.000Z",
"modified": "2016-04-28T08:04:36.000Z",
"description": "malware sample",
"pattern": "[file:name = 'y6yaod' AND file:hashes.SHA256 = 'dfe8570a2a98a463f4bf0adec096d7715a4583eb5c4db48576b78920bb43e649']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:04:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c486-3620-4aee-8380-42a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:30.000Z",
"modified": "2016-04-28T08:06:30.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAM9AnEho5baLBggAACAWAAAgABwANTFiOWZiOWIyY2E3MDZlNWY0YzIyZGYyZDI3ZWEzNzJVVAkAA4bEIVeGxCFXdXgLAAEEIQAAAAQhAAAAvxKLhB+WQ7EHLS1Ws0dQedXBnblhQqS3hr7iPu8RNLbyTHEAkYOBwS7HzS2A1br6oEqePchvdJ3M1yF+Z6pxc4VUrxZx0PPxubCGiocHoZPAWF3WNbmObYuDfs7/TGiXNN3RyPlS8CZfHGHaKYvyrtVpHjahsR4aMwyemmKMGkI9VDJFd0aSzIPT41aBscsgrumkU73ZaNnL4da5xal2qNgQQCs/IVx8MdmQq6TcLB6b6bqtl2lfPpIVAYwHygH5lzEx05m9xKxxemM2hRkYSw3P+MnL2qHQS74ZhPT5nJmP0nLNKNvPgZU1/Zj/6HC3KwsQkzlOYlt5RTMCjYFSFaWnkZIpxIXFOdjZbzQrxOI7Cb5JlAByRsWGyF25wg+H3jt/BcTQMDRa+1NPHIzr6m5WY9RT1lPYv+OWD48wM3BFIf2ngWmvcFZ4Yaxtpv3H+6qQi9jPeh2eLxIGFteH9xEnVhACPls1/rQ4QZb3g1r1F+jphcl5oCrXbCX6r8H5N6nNDp56b6WOFm9/pFNvi9er1cEMPWsf8++1QfdIR2qHLj92Z4/ipJMPvgK0Twju+oV/ZsFTW3xioeHJcvl1bDyYFS5769C+W428WWWoybYIqWqjSYP3pCL1eARZqVRZCv0LZdr3mFPFxuynTmaLqYZ4Df1Zh5N9rzWh6oJmvIVVuzgaLNwnSL+Ns66tnO9lwwTZqpPag0vnEUT8qXhFNmm7NhhfUoYmcRd67+v7cVQKDmpRkX2Y9p8Jv3IH/0zyAeJKzCgqLHQAUTFpvDnA3mFAYDQq0+bT2PU4p1dooEpZ8wzqFKXHkXSOsyGFy1UgrJiqSw/oF+5sPEQ4jznq/0pq3EzTXesRNlGYT8VRMCSNXu/HNtrHIGhGB0dovGHeWRGm6qQZIBv77gwxyD/z2thCNijUmGdA8Ribh7jioQPsL9UnSEJJFNDbGU28GWwiMLp84VpFqiOP7CDBPG5cL8GcjeQydkZNfbBizsf6xrDyUK1rVrGnbrH7XzcdFZ7QQHHatcc2LcXoWr9C8MqKdVMatk4XaZbBF6Q76eTaazq65zm0li7ZwemW90oX0OlsM64y67U54Ya6usRYZjHLa7SFH0o8+9lmOpfTylPoYRN0g06S1OOfJ2Yf5GLo4HRn1Yu9q0ccCsPRkfmJBLM0qrPWT+DHj2O/zyPOIGDLmYIbFgr7FQxmY4KM1N7IStxPGaaQPltF/PkGiNgIXclBT+CmdYyohn5QgJ/x2qze7P9t45VCuK37pI9gZimdw5Sf93swUkRIQayL9Tpu0P81WkjvVZVIrD/VTE2A9wezlxGKldSScxt7ZkXimgTfoP1tLCZADBAxpmy5y2d+nFn2xNtFpn5uYzG3iXSRrtmZRuXBAgdHxSDAwgrdiMvH++XT6YtnZDSjyUUN8UTDr30ex14Iddv6v1rl1XxXHu56f4bQuXdcYINWmJRal4Vf9dNBD4QSdbFezF77O5dQqdO9ZFbEmUHj36epM07m/r6wXQFEFbi0U04DHMj8wb3xhEaPx8JYhpMwtP994adz//9XAjXqB5b+THmHes9E8IeQQ9UBehVUg2fTlajMy1sG+4roAWTMb85Df8L7ZiWar3ZS63FXt8a0azW2RViW/1NqFntxZyDq8zV7W0djY4SCv5tAjhofTy2GFL/DpBSD9IHfEQ2SPqRdX/H1FcbhsDIL49jUrXI3v3gI7m/ipxjqzf28FTuw3IOMi3lbs29UcW68zxdiA3UyFunfodWIxtg2Bf5Z2RURkziK1daHDMNn1EA2sg2EvCBxP0h3Ef+jN33+sOTPjdUOk84WvF+qfBmexM6AAJu0c+/+02jxPfopmaFIh9IcO9tYyf/iWNQkM1NmK3dQnkGskww9ihX2fhqLV9LBQ9F0f7LWk6NsL3e7h+qDINQ/RjtoCbfFTpMRcxnOYKE9m0v2zANEGzd3q2jQTf0V7PUhkVgIJL/Af/ak2tJbc42UlfCBUzBtfIyldHqiY2+SWkUsuW2a9PA0SAU4aN8Dq+ZR4hbTWLe+ZOVtf7R53SPryRRvIeqmK7m9EaN34yo5SOlOdeJ+srAGtRoT4sw5/vtduaEo6HNpeXOZqawH866sVMw5iZbVANBHmll9zKsbO9QY9IonYbcAumRWUoyCTH9AqIWQM1H+49KJ3nKcKaeAqJHxryZ4ZscEXDVtOFRgK8yhXLQbY1oBrVRrLjE9CuBY1TAlEK7WzYE/k6J1PFZbR2GcZXX3xYwHUeNaaY8IRejqoa73FHJigoCGh5FQs9gaDyWmbCrQWcNBx76Wk7EH0qpsUrk6Oq7oHn5V42yslSwhbzlUX8t0VKTxSA/uR7B672kcShJ1gFkC8ORfS1Wpt6GHGxj7oHbaN2BDgvgCbQ84JzmdGN7qPzol8lkfISFzzP5nUukS2IDMPFIjEc7dQGimONlP9DLKaOXeVZI1vvn/WGthcaI2ve1V5HT6IN5OWhFZKr4ar8l68ptG0vVliMwb81Kkk3EOr/MT0BvphFL3YXKaOF/4y15bP5gBrKCcSnmK3B/DFc7ziLDBzwr5cmWak+XasYuRI47euIWP8LC0uffzfXuAYZh0pwxvTjqvtk4EvQIfA8BbkYojOewyxxywDQbBfKRT4tQ7woas5gYJ3Wi6aCa0Vg+jt9/ZhZyxehysTwSh/KghiTDMzRNO9DkkmZU7YiK2BA9F0HoD4BcyUjVDtkH9v2CFwdRhnoX5lJpQSwcIaOW2iwYIAAAgFgAAUEsDBAoACQAAAM9AnEjzlKDwFgAAAAoAAAAtABwANTFiOWZiOWIyY2E3MDZlNWY0YzIyZGYyZDI3ZWEzNzIuZmlsZW5hbWUudHh0VVQJAAOGxCFXhsQhV3V4CwABBCEAAAAEIQAAANKqrdZZVIluBj2hzPPY8glAya8yNO5QSwcI85Sg8BYAAAAKAAAAUEsBAh4DFAAJAAgAz0CcSGjltosGCAAAIBYAACAAGAAAAAAAAQAAAKSBAAAAADUxYjlmYjliMmNhNzA2ZTVmNGMyMmRmMmQyN2VhMzcyVVQFAAOGxCFXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAz0CcSPOUoPAWAAAACgAAAC0AGAAAAAAAAQAAAKSBcAgAADUxYjlmYjliMmNhNzA2ZTVmNGMyMmRmMmQyN2VhMzcyLmZpbGVuYW1lLnR4dFVUBQADhsQhV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAD9CAAAAAA=' AND file:name = '8f7edf0.js' AND file:hashes.MD5 = '51b9fb9b2ca706e5f4c22df2d27ea372' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c487-8234-40f0-aeeb-4232950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:31.000Z",
"modified": "2016-04-28T08:06:31.000Z",
"description": "unique .js file",
"pattern": "[file:name = '8f7edf0.js' AND file:hashes.SHA1 = 'c7460bedcd22a4cad5a41a93685a29f577069203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c487-8454-4927-8dbd-4b6e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:31.000Z",
"modified": "2016-04-28T08:06:31.000Z",
"description": "unique .js file",
"pattern": "[file:name = '8f7edf0.js' AND file:hashes.SHA256 = 'f13060096bccb83d2c2c7034a430bc0541a431fbf0e0251ff2dd6196e2f559f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c488-4b20-4fa8-86d1-4458950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:32.000Z",
"modified": "2016-04-28T08:06:32.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANBAnEh7kveNVwcAAOUTAAAgABwAMzljMDcwZWEzM2Y5OGE2ZTRjMDdlN2Y5ZjZlYjg0NjNVVAkAA4jEIVeIxCFXdXgLAAEEIQAAAAQhAAAAvxKLhB+WQ7EHLTLb0NtQ9XKYKSOxmOO94M/ligi4TbHuCMqPpQ2UeLy9s3U46bObIXPQ4lScS3bQv3UpnODPqq9vk/cQu9FPkr8KZliWnU9ormAn6zo9CbS358BqkFjFlAhBRpBStzUydCE6WOF2WjIKn/uGa/1l0NrWXqC+mGGKw7kSpg7hz3mzWBNqJ5cG7OjYNknwhtLfacTiabV1daasAHe6j60gUp2FRA/wfFN6PTKRBpxbwJhxSdA1Bg1swcfQ9RcZXy8m8uJhMwFe0X2vAGCU2Lb5OX+/DvjDMHhWKvFwW5gzNyLUqqR3Bd4+gHgQ04/8CQrCOI0cxZD/F60nOewbMqR+ah6PCEh4YDoISQCqhOaN2C4WkmMi6ZazFs4nbNysepewl7rQ3XWKxiCjHmejkhk2Hd9S4Aa3yBnMyIkC3D8IEWeFzhnF3vlr0CdVeiHj3o0ELcDjxJ9viQ+PcbqkhahQi6y3/d9Q7eUNmSbksIzNdBtmCl2YlVMlOzZFP8CVekdLWDalM64hMai+Z9M9/V9v5EGxrQrVdbV2J3mDbY3ZaXhMZpvPGGNoPOftzFm8GGjsmI23dQThtsKe4v29tUW03O5EsjSWJyJddWYClSGm/hnAtdHTbl96x2rRCtScUjttECEHGWZ/8poO3HXKTCD//aiBCZgexoCSktFSDWKJQuZh9wJjgu8om1WI/bUp07JYo2TGzvM881AmbrahyUmF95X+JjM+5gP06xLJPXti7Z3LjWxneDo+NDEvrQBtc+aiPNdPIJLt9XPQDMi2alJ7CQr32Pnh651CHdnSynhF/a9D9LXE4Ns+xr+D+Ewjhpg+55oTAa4bCl3pCspfe66+ScfriSKRZxkj+2DNWtdHPtu8TL2AsoGlsK+ujGWqOSceN4SwgYnP5rH9v/DtrM2CZ0YaygRNjSTIUsacEkCYLpfub4zB+cSTIWJ9jNRC3YmWBDG+Mq6dh8rx/QmJvS4P82gMLBRsGBaDvGXvSDH9subhEI2fpjQrEnI8xLuk2IpcYuxgs43/izsr4mub1ZMwEN4YUytRG45Y9/46otEkPpeFFUlV8BC5sVF6NLoOBLsjt8Yi1ndQmCyI/svuqdz/v6w1hPDTU4JqScHFdNHgfW/quxMdcb7B4nRz24PfRf/fk2A4yaEzko73UBfVbH2rkuLH5fftxZvqrS7I2KTAAiEAC1TSBGeltj5d9embZ+z6JyU44ldg+s7HLd2QRTLkn6QoDiacZnGfb/LSkCOK+WqTBwWnHFvfyCS800ZeWtrNr8XFu6IYTSZ3FIPJzAAQAI5zQBDppr9W3chOxy1VwhY9CvDlcbmPPQ9ywaCznoJDgO48k2t3e+pKx3ppTJU8bpTWxZNyABjROPmwauI5t21J9o5ln5K4afMOMu1XGs09eUrWBRjJC4x6J5CK0Js3T7utaN+AWAvmYSVxKLMm4JIIjKqaqZh3+wxBO7TxWHqPpx/qNgy9WVYZ0e3JZ1DQOiiMPVS22wzCrxjpWdKnSNBuQAMBFsbL+2tElkrbD39ILFD2vkyccPCvdRvd3lB/x/QZ33KNYdyPATaeHSMoPpS6CTP9Jcz/0SnLGJSwf4f9HGIOtc3LiG21zhT73iK2T9Vwkcy6vbjMrANvxmXWBttp0gHTawKkCyQZYm+pC2FWgHb1cbSRJhVPpCamRHhOfCXO98pzC3Zi2W6K8iehPnrgoqzp0YXWcQFaQFaPHLVDnzDjndXWySyqZdZ7C1VpTukke5BJdl20EbP53rqe82km4FnrKbiqwngCLUnEvW2FK2wfNCwLD4zzv8CAXh63LdYaMXRy08asybkfUDmt6raGOsZ8CU3/aq/Rssq8MjOLDk63nh9doYNd3gLZ3dN4mdWEJRwjoGZhDtx7D7jJu19dfap0q3/Td6ZFnYnJFeVMiJGzXgA6oyz/ZOooxAdzuQ6nszqpzE6P4keHrHjO+LL8HdiDlDY7AmUQ4HbozlMFUqmTW80ZBm8yi377oodLHXZIA4OOGaHG8FyqqVomaNbdu98xCcW1RZTyTEJyrzJ+upOuSxWW10QV4vk3cqaKaArkunXI1BpQKdhIWCBgf9cnlcxl4hbFW2Dw6a6c845YTV9KXEbvLJPMz22KWG+9d70n8YtTN7tsucbtz2IyJOYxMwI7x3bFudNElXLVDrx8YA9qwwxmjIPDkiWs4Akd7ehOcP4npOpz3gcxeodmYdUns214qMoo0Ql7h3IrUctb9RRS/BDYW0tRW9mvd9MXHCISuiTlheZB4FBLYt+2SBP/RSpfzEHHbOevdw6g/nitrDy/klfkV7Ssm+WAFvPyRzIBqNJRirrYEjCDsctlAaxYZykbwGB4vRUmOx777QNKI8R5C5sPlCsKh5xlIESh+IS2QQ/6+70HyhJJ+ySIUf7j+Uc3tk0WArVA3/EiQN/TkSRlXIKC4EZmwtm61qfcAXwWCAh67pH/ZckaaZdsmn+DvrKlHfQPju+BbWB3H1BLBwh7kveNVwcAAOUTAABQSwMECgAJAAAA0ECcSNQDsuIVAAAACQAAAC0AHAAzOWMwNzBlYTMzZjk4YTZlNGMwN2U3ZjlmNmViODQ2My5maWxlbmFtZS50eHRVVAkAA4jEIVeIxCFXdXgLAAEEIQAAAAQhAAAA0qqt1llUiW4GPb5xTtZ93HfLuAfaUEsHCNQDsuIVAAAACQAAAFBLAQIeAxQACQAIANBAnEh7kveNVwcAAOUTAAAgABgAAAAAAAEAAACkgQAAAAAzOWMwNzBlYTMzZjk4YTZlNGMwN2U3ZjlmNmViODQ2M1VUBQADiMQhV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAANBAnEjUA7LiFQAAAAkAAAAtABgAAAAAAAEAAACkgcEHAAAzOWMwNzBlYTMzZjk4YTZlNGMwN2U3ZjlmNmViODQ2My5maWxlbmFtZS50eHRVVAUAA4jEIVd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAATQgAAAAA' AND file:name = '9db031.js' AND file:hashes.MD5 = '39c070ea33f98a6e4c07e7f9f6eb8463' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c489-fc4c-47a0-b5af-41d6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:33.000Z",
"modified": "2016-04-28T08:06:33.000Z",
"description": "unique .js file",
"pattern": "[file:name = '9db031.js' AND file:hashes.SHA1 = '965dcc3baf0fbbcbf4a4642836e424993849807c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c489-1384-4c99-9ea9-4b5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:33.000Z",
"modified": "2016-04-28T08:06:33.000Z",
"description": "unique .js file",
"pattern": "[file:name = '9db031.js' AND file:hashes.SHA256 = '1bfdded83d970dabb862c448c6e065343fb3374a365c6dac3aadf7dd4f58c074']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c48a-720c-4292-a551-4f03950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:34.000Z",
"modified": "2016-04-28T08:06:34.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANFAnEhnFN1nUAcAAI8SAAAgABwAYTg0YzdlZmI5YTQyMWExZWFjMGNlNDZhNDcyZjNmMjZVVAkAA4rEIVeKxCFXdXgLAAEEIQAAAAQhAAAAvxKLhB+WQ7EHLTMdyc//od/QjvbZTGGuiGuI6xLJmKJ9u5KAOT71ZiRUFyJRsZ8vmAzYz5sxQ/HPoFcBSEdI1AIYfnTJPvt50HbO/Rnu17xd/FT2xMLYEx1TbM9HWrwQ+KbLA5XqPticSoeNr3AfW1HgvGInFrsRVByad3biEcLE+g4u/9/AlkrU2A0vNf7sk/io/hPUk76FdbWadzW0rPxtcstmSm3Do6etO9DGYKyR9tE2osgxtKBGnTlQjqICjr5J7o3+A9KPbMy/llhtsQ8kx9kFIssMz0pFBNnknIMu9uRnZkwaTduFUdaSYEuoIGW7RCHFz6X5jSIv1v65iaAKRa86LRl1FAk5b5mHqnQlxPh8AOVd9cWmC9qya75MiJuwJz+2/t7p3cS9jimAuYplh0WXlFtUQ+pM9kR3FvGEQHdEAKvmUVddyEHvQdsmF3ujx9PDAU2sbUm67GQNy5hoejXv1C9MhDNDQ4ctgoeZNLkbobX1Wlv0fWAPOUTNveX+/KJTJVWEf+P/dPltc91JDbeSkF9oHnzp0CBbdbeee7ARJDGy+KbI8H17NsOSl5o4IDGksPO1SEg8j/rCpHFpZO8B37mlREV2OuUJC4FehZeYcGC7msQdpd3kDnytC/LGAXptiO3jT403tWzof+gqkeorY6g/LtiGRZAqUfakiygUbEGaDbcmue1/QiQ78LDFjIXy68628NNYZCgCRPyCZ3oftAsAqxVdFD9cqKd1T1PDQ7ghnr9bpKJpMRkAVJgx5oGvo4YVoInPU4c+kThEe8jHJKWiy4KrJIt9hka5Y3i4MWkAuSB1N9s7HpNpWaICRlNtLmCjvYCdGqvpd4qoLAyIxwRQbhuW2fXZ7GJQYrY4O01tMdDETXqM1tIkkcZKehvTqxicwbqfi0UNssS8yhMaK/zC2JggNySWwBFWuTuZ0OSpUGT+CoqpE14oqJ2P4Slc6C0z0oqGCiqUEMqMxS0sBKR5yT9DjyBX2+fysCL6ilEmthKjAMt1WeMv6sg8aTAfkYtBQQoEOfwEwNthzlC7GIu9m7iqIU5sZE1U7j0VZag2eKokyWFMuz5ULQAuBQdXokPJKefNRD1Q9IDy8muMlM2W3dATUDOzTpOrnd/gjP3hi+2JFGO8+kAfEgLnDxWSR2IAZbUy2M6fVTKSLUJ88Khxth4vgnncrORHAza9W5I9X+IpzfzJ0aBskbyNlXVsKwPsJ4i/TemZSfoKPwdqnpC3G/oXgQUmCo71e72HpsWNv6s1Xd56RiA990JCjBfa/quOcEQBzC72WwzmQF4VJdfCOER3S53L7Ui/loGgi68wJGp6xV/NVzTKW8jxzqNOXJVh33OuWISTctFAH4loy7kandU5f4hkwLIQ79PIxhoDFhIdNWtXyVPF2DgF9QSaAYB8mJfdsQabp1Uxm3jk2vNmU1Pt2ggCpJ1Q7Vm6WhQhObW93xjBD6GCioFnZdkQYGHygEw/Fn6TFQeHLEbYDmppHMK1z37DqJ9J7H+vrRmSVOlzcHTrnT4qu+2dKFfTwg8rXG0x5xdxeX+YZLqrz0/yOywIf4zkmaRsQYifPezvPoJJngItolHTc5Y+Okl9WUHlbRI5A5ZSvuVUHMnmNKWcvF1wDVt7RnOIS5SHQqKB0pNhNuTpE8rNd6XGlwKhkbix4UHT+d3Hj/kiQ0+6RnYIM6MjtuEHZs2HFZf84MLitTvvSDfrCatWJ9ueCKkHhzwGZyVqM7tV+wycOQth9YJop7u9EjUtjb8FIJhnfie+YZlcs/P8RDyVP7MEMTfYHxAFFbMCTIPGUJkdcRuiTmt7ddBXtgNg4lxpwpzH/1R7F85yB41qbYGMBBcEFc58rljN6QnIPDGwfzAuXmqAt4nIf4pFxim7REzIKBq0XPPbUARYWQ11ZD4geFikpbPvs3tu1amErGsFwCEa5UPpS2WW2wQqQwZwQDov9yAtV2j2tGOf6rCFOeOT019jQ5JnXC/F4sHOA+kDaBTiLWCHaMhKV5ICHwavl7n2I5c9wrSCqRE8IlhKT4dDPUHe51hLsffsythBh1Nf6raYy6bAVLRNPSw7vK0lxyVGkcq7rvXb7M2azTvzjy6T9gbs7vi2LYncygRDBegspp4d12BCdrgGpmQux/tEW09FLSxeavecofdJHDzoNUua6XgswQPCWXNvBbIZRI5QzakB0hA+BtGnY7rnLbvg2Ifn8mro0Le2uBXB4BQODZs+4GY40myNpmxCiFkGTAlGxHUrn7HHNQqa9cMiTQoqJPZSc0yHoX22w2k4iOLkXqUiwaARwxD+XN6TBB3GBpu4pipk6drfzRvrJfuRgR8f0gC8cbFBObjTuZrkmVwbJw8FWRse0awEOzBjAw/EGGKN0TVk4F93TpUYFAtQ0oawZJ7TOP9+VaahqI0hS7rN9VIr07IluQOUuoBTewwgcMibxIeueOAvn0ugGCubgxu9V5zp7qQ5CogXEfsTCnwEXNs4UEsHCGcU3WdQBwAAjxIAAFBLAwQKAAkAAADRQJxI1ddghhUAAAAJAAAALQAcAGE4NGM3ZWZiOWE0MjFhMWVhYzBjZTQ2YTQ3MmYzZjI2LmZpbGVuYW1lLnR4dFVUCQADisQhV4rEIVd1eAsAAQQhAAAABCEAAADSqq3WWVSJbgY9v3junLW0PODKtwJQSwcI1ddghhUAAAAJAAAAUEsBAh4DFAAJAAgA0UCcSGcU3WdQBwAAjxIAACAAGAAAAAAAAQAAAKSBAAAAAGE4NGM3ZWZiOWE0MjFhMWVhYzBjZTQ2YTQ3MmYzZjI2VVQFAAOKxCFXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA0UCcSNXXYIYVAAAACQAAAC0AGAAAAAAAAQAAAKSBugcAAGE4NGM3ZWZiOWE0MjFhMWVhYzBjZTQ2YTQ3MmYzZjI2LmZpbGVuYW1lLnR4dFVUBQADisQhV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABGCAAAAAA=' AND file:name = '09e94f.js' AND file:hashes.MD5 = 'a84c7efb9a421a1eac0ce46a472f3f26' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c48b-3f50-45fc-8994-4151950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:35.000Z",
"modified": "2016-04-28T08:06:35.000Z",
"description": "unique .js file",
"pattern": "[file:name = '09e94f.js' AND file:hashes.SHA1 = 'f86c25ea26f008581b9c6e4ccdad4394b230d9a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c48c-72cc-482e-8019-4307950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:36.000Z",
"modified": "2016-04-28T08:06:36.000Z",
"description": "unique .js file",
"pattern": "[file:name = '09e94f.js' AND file:hashes.SHA256 = '42df4157339cad6fe41ce548447a713844a5177567cca09c461548b958e7643d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c48c-3af8-4809-8919-4e19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:36.000Z",
"modified": "2016-04-28T08:06:36.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANJAnEjpG5bWUwcAAFoTAAAgABwAZDNlYWNjYWU3N2NkZWIxMGE5MWJkNzYxYWYwZGQ3ZDJVVAkAA4zEIVeMxCFXdXgLAAEEIQAAAAQhAAAAvxKLhB+WQ7EHLTCNqdnvhQaYD53IW9cJqqlFO41Z6DdAbZ60yMmkSBKCeMYG27GChoN7OdB8ehmjo2zcK2yk10I3om/wWXWP4SrxCshoge+tUyMYuxQ3uTYSyVYkPOLKX6KwPYsxZhbvUfce4IoqCTZnMjrdXG8T/7skcnW5lKcC6DGuNbfynzPH0m0iLHMkxQPCkYJ2e/zU0+LY9fGzoqInM3PCJaNNQS/63cjf1pnRM0WpVb6xujnoZCC+WCkCqC7XyWDmMh7k6udH9nUr2yOwghIGTVL0VGpOn4qoPVAVVp328CdaVA53vUpD22qL3jkcchzEptXLe6tq2r4JyB/XBiBezFr95V+yyWLYsYIN38EyvN0KC+xRUPrN5MEvRgFZOOlLfI6Iu0xpNr1u2OTp4sTi15dENyGTK+YJ3lDPChx0VHCNyz/FBovS+i8x2PPahsYk3TIAwTTwzw5xrMKEKDkCH+I09YrsnxnoOzd7UjiTf0yJWf2IBYtFJ6Sh8IqvphCwl4ToJDDzpjiMo53mWWhk1RlTRbu6+gxOD5syxBFimU8iM/kLMv46aAL2ZD7XTgtBSoASeuuZY/0nsvC5r1brZBtpoMF6kiU7Sp/5svr7hIs5ZPn3ZpAzgVaNrj8sZn3VI9ZIxdid62B7Pf2DON/fZnTyFFdf3AlRUW4e1nVZeG7d+VEoJ5nD3nGOHR4wfzvIiMDn1iDklK4/K6/82uTSJQvT+EfPWdEP9wcaR2jqufnsbQKvbsZTa//ZnMmWKsU0FL70AP+HgJ47i5abQ7xkBDQlJnLXsg4rBV7WcUso50rfdVce8e5lH0mY9rPMmMtwy0AaIcY2URaA5RZWDr0GQZrkGmu/bILve24z3WObOx/3CTeQtkZ0iFODRFa0H4R1A8iYA/5pSd2Orju3mRHbPww9Ou3qfwGhgpsww2P4zdxswDTnjROScgag3OMVdUcq63aV7U+hj5avxafTgsHcEaQnmOB9JJ7Tas1sdPCH8d9dtiyrsJ9+qs83gVVTELDvyHx761KwMuniD7n5u18v9IWaGlXxoi1TOyeCu1EZjqlg5L/n6FRVhWohQS2upw3FBaN67ECCh6xER4dlKgH3wwPMTJhCKeQGxLZSXUxYrZxh426saMIZDV4ccyd3+E8tNnuHWWDO8qe+bjM674ooGe5cxdFfIBDRbv9P/92Ak7XlcCAHQQIcqGSysEw8OmIT5gYGoqGw13d5ASLUGmPApH+t8igbfTJnYC4terjxQcunOnG2xvLIW0cpKBjPVUkOmPKJtsFcWq7LZ88vSaOnsKXRx0S+MTOEcPoDQIFvD04HPHsDmpAENMAuDEG4GcI+GsIJZGsSCjMSh2FJHfGdJhGKryrunue/WIshEtY1fcWiKmne6vuiP92vleWz+KbCpGfGDuumfNFgJwQj1ifzoA+1Qjj53TqrTxHacLZR342HfrHNFF/DHWHq11vunAzZz/BH6jCgof5U8OuoTNIVv37NsRzxqnNPsD9TCUbdb0BkpYAPUtT/3ns9qxsqojW8GNmRecdQ4/MSkiHKtqdtTC9eTtzBYvmk14N/HQaLYXiWuhy36Y0QmAuKGOkyRaXQauR5SJ3UxhMvaYAFDMR5xjrycCRuRC4TBqINRgJIITMW6oLeastujAS7rSv7LqH9Y21g68bkbFUT8upUarMZUbBKodbVT/PCsv7nPj/m4Xp/dQ6ZonvnT7q1ikbb91GtistgPHoWot21CafWwT2uW0l1NNCxY3WZN0s+Nxe8pm7U9xayg52O9wTBcHDAIT4xnvK4D6g+5iImNNSgfyS/Wuk2Pi2KmTHFMaWDF/AaEa0xKiSeKU46f3oMgkHjbEaJWVUYT/oSZLPQjPMEuW8VR8XgQdQj159pQAK9Ci5QPU241XAcDc7DM0NzON21SqGis7sSksiQYr9Jv9XJnpgTPzTb653YG5XaJ6nzs/zcsQxBBN7FslB07+fyH5LKHdh7qExl5TfFy7Haho+Op/31DAVICyvEefaXemPQRyokhszeR/oBgcfB4VoHAYKHHccK0vz23gh3NB8JwYtKwBwLA+ZSnxv1Zprl9XzTBKCuTP+N9IeveWrUfjrjY7yUvzlu2P3+hb2Dj1AZdnv7dt7eGgYPQVxbSyMEXTFHYfWdbJXTH+v7K+Qz6lKOzLy4nZBkiNUJCopfjZ1PJ8vZlZHrMbqfRbVx2VquDxHCznf5LaBt3AGhOVPZH84fg7Z+Eqw/krAJS5a35STST7GfJp+WJ6yk7RF/l5n4kZWwGSutE4+/IbIZQ0jpUt9ITEupl6wFfD9pynsI4bAf4e4UzyiiuPfMWfSAoskqut6tMoZx7E+gGDXKGXekQ9dOIg1yw9erUwcXjr7t11ZE4AnzIOLtLWkurOt5eGt5NaZI9UKxH1wxFJpPrBgWeF7MMHhV7KorycM7osecUvDw/Vm6lihrcORPhzbAjybCGITqcLDorTmQ8fHrRkIEysWHuIYTUEsHCOkbltZTBwAAWhMAAFBLAwQKAAkAAADSQJxI74C7jxUAAAAJAAAALQAcAGQzZWFjY2FlNzdjZGViMTBhOTFiZDc2MWFmMGRkN2QyLmZpbGVuYW1lLnR4dFVUCQADjMQhV4zEIVd1eAsAAQQhAAAABCEAAADSqq3WWVSJbgY9vNYJT/Ub9OJqxe1QSwcI74C7jxUAAAAJAAAAUEsBAh4DFAAJAAgA0kCcSOkbltZTBwAAWhMAACAAGAAAAAAAAQAAAKSBAAAAAGQzZWFjY2FlNzdjZGViMTBhOTFiZDc2MWFmMGRkN2QyVVQFAAOMxCFXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA0kCcSO+Au48VAAAACQAAAC0AGAAAAAAAAQAAAKSBvQcAAGQzZWFjY2FlNzdjZGViMTBhOTFiZDc2MWFmMGRkN2QyLmZpbGVuYW1lLnR4dFVUBQADjMQhV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABJCAAAAAA=' AND file:name = '9e733f.js' AND file:hashes.MD5 = 'd3eaccae77cdeb10a91bd761af0dd7d2' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c48d-a560-491b-a7b0-4c5e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:37.000Z",
"modified": "2016-04-28T08:06:37.000Z",
"description": "unique .js file",
"pattern": "[file:name = '9e733f.js' AND file:hashes.SHA1 = 'b07a18146d54675cf03bedb560c8a76cccb5d5af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c48e-b0d4-4a38-b4ba-4471950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:38.000Z",
"modified": "2016-04-28T08:06:38.000Z",
"description": "unique .js file",
"pattern": "[file:name = '9e733f.js' AND file:hashes.SHA256 = '631d76c958b8b9156b370a8b376f38f358eb9170f555992437b18ae3ccc630f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c48e-353c-47a1-be4c-4240950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:38.000Z",
"modified": "2016-04-28T08:06:38.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANNAnEg2fxruIgcAAF0TAAAgABwAZTg1ZGJmYTBlMmZlYjc1OWZjOGVkZWYxMjQ1OTA5OTBVVAkAA47EIVeOxCFXdXgLAAEEIQAAAAQhAAAAvxKLhB+WQ7EHLTHJLfzfsP2nY2z35PPhORHXv51orkYw0htHE0Jbho5RB/z/KQ+aTuO34I0nM8IGch1cKx8Hl5zlSQsJZdwYNuYq8ZkBKYwhcHI2+IL4x+8JHTZ3M8OQwNcg9Li9n5WW7Giz/vjH54b3lZ/YsjTStHESIIa5+S5LSmf1LUnWkKN7cr5plbEq9HJDoY39yJLm90iZZb5Bv6xWRhn3rMDAPpLa/gD6pywKBgTd3DhrAear5bJsOO6A+lvikFS2PBy9j2rt0xEk1EiIrtdE1teMNLxsJsMl67xE25bFag39vn7HAdInAxKjcv6rI+IJx/adQVi+3Ueh7KrSxpH641uSxAQQCBMoSfGUqmuxSZfkJMq+TXDYFIuge40jh93QBMfjhbbCipeTugWIjBLcynVRYbfH0Pr5EJx7WvYRL47A9QuoeAqzXRffeKUXLr/98JvLmOQaguTGsWVBnRiLBcybAkJPdRej7qd89NZ0K3M3zpxGu1cChyGoNkY+y0bWtgYWrhw307WZMRz0fgPKVf/lq1cVkSdUo9TZJ3YuX0CnVFSd7TwBfAcuzxzWNQSLvlA4yXO+SgRqRHheDgwoL/ZJT+2mvodf2mBRTfI+aKaI4rS1qh5sMJJGs3Rh4+RSrsWoqXVlclX8MBJjxCCt08daWGD8yH5nfLUt+YAEqTJ8wTJqcQfQ1edI1MfAJCiJAEwie6HvcoxfrH0+EdFDkxrfJ8X7tmpp2eOinTMyLBnnoEAAnRk7OvO4AWO0QoYshtVWrcbTwAwKMLKNdxzy3pBITesNqe9RaWbqjQb9ka5dLanmjbIjUE2bpdV3wHzt8OeWovgtUpJTh8jctDHJCA8zM85iwN6OsvcmI8Ix+YZeum9Ya9kc5fAzIuyzJvgsuhujSVIgNulL1MA3PV7VXekdC5VI4nhDs31YrQ+OVK668qtiB4ErsWuQP+QExLwwWidU+W+g7HRVynWLNA2dv7fBuQX5DFIcUAM9sjaa8vD0xTx071qaTc55/uLQ9PTt3EjN491/XUPVLCzwHGrjk/i1CoZHgj7xYrfRaff9RVEDrbqnFlf0X3W/CnreEUU9rQpZrskn4skZ5AmI3s5kuF+ncTOKeKsdq3I6AaTVSsr65pOed2cpBaEQ7sJTWDsXfhJcBRKKGuoDhaSBhswy5dsZbsa6HM9OiBITt+2h+WWrpnP2sh2lV0d3TRl82QUxSryyoVkNn5lPSs22ZcIlsZ9SDmA9OVHHdpwUEu1M0avlBnFAVVjxH96vXa96OD950x/N2Bnxhwok0SpBbXYy0Uux7g15Sh1YcDczOqbexl/vFdBLHS0+XMnsOj7qBWxGl2e8cmUVtekxqxiFDVR3/9CCWkbBTr+2JqT25mNgKg6MQyv6u7qrFtOgYWUL1nCY5nciAuWEIv2vv1mETYwPDUo7xMoifrymLmdq3l5mChzxISinjITUulSGz5DWbd2BEGSTBKb0iUAW1svJowBZp17mrgIggKCnL35QufgjhybG84yPD+Gqd/nzZRBWAUzTMNeHUf7g4gYagYay/ezp21O8PwxvBW2Io80q5PUW7RynZRbmuDFGPMc2Lpr/zD87ieL4rWZia7loL4rOTGgY7atCzI2j47ADWfiFYMgbV1gqEj4fvs9n/7bsKRb052I7/BS4rLvtIkCf9xDOTOgCWtdxrDDJ0Gg4qUdBQr9G/LYZu4PpOfAMpvLeYazsrfzIEcfbn0mNRcnvRyTreqd3NrQIrWVj4sIWkNQY95F3vGUiWxER/uT1t483Y4TIipjCR12hxZEKa4bS93BhiVuvn4xe28ItqnibPLA9iTjnPmlcLOok6YNk9rctqk5AwS9kKyHEQ2oq/R8aW+AWH5jhoXMDrM7Jn2vM1YTG0k3SxsTjUb32DFaxbnzHNoJHpWYgnw7ax4dbUK5XnFjFvY6G5HEhdhNcB0x6HfwRJ9PXRhYwOh1DqgPRyeYMj2taVA6/1EqxyOUpAPCIbsUCIrEO26Q4e9gVI2KbM2CH7Q0pUZ49rQiDxNuhkufetb74A6JJ3SA+2uwbDg4jSnOJHThjSdU9vwZaTvzcJ/ZLeR3hhZvD3CTmtZeNXAZ/BzzZRFg7FfqK+evXLVYv8GSfbND3JJCia+j+nXGOnXsXkyhCHti8RkqGMRT1KfUSQY47b4WHoQPDjpNb8Hje6dI1PDcyOShV4omSZ4ymf37OZ3HLc+Udv/2ZYKUipTaPJ3SGb1Zae/6jMP1GIbdUyVzta1+jSEkjNwZ8SFmuwauHRiULsYxu6wMq5/Sekmzl0f5vw00OGEL+5xNs/14otJGX3/yrKFszS+rwXY0dtVsyPJR6dX8kWpcjRV79r8fHb7IC3GAfsp3/Qqoi+1zC1Um8+kwa8LzG492qH9Dxe0rYiri4bMBNJmXqTQ1sK0H7totQSwcINn8a7iIHAABdEwAAUEsDBAoACQAAANNAnEgxDG5CFgAAAAoAAAAtABwAZTg1ZGJmYTBlMmZlYjc1OWZjOGVkZWYxMjQ1OTA5OTAuZmlsZW5hbWUudHh0VVQJAAOOxCFXjsQhV3V4CwABBCEAAAAEIQAAANKqrdZZVIluBj29/QxAgzv8oOHy41dQSwcIMQxuQhYAAAAKAAAAUEsBAh4DFAAJAAgA00CcSDZ/Gu4iBwAAXRMAACAAGAAAAAAAAQAAAKSBAAAAAGU4NWRiZmEwZTJmZWI3NTlmYzhlZGVmMTI0NTkwOTkwVVQFAAOOxCFXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA00CcSDEMbkIWAAAACgAAAC0AGAAAAAAAAQAAAKSBjAcAAGU4NWRiZmEwZTJmZWI3NTlmYzhlZGVmMTI0NTkwOTkwLmZpbGVuYW1lLnR4dFVUBQADjsQhV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAAZCAAAAAA=' AND file:name = '60a86a4.js' AND file:hashes.MD5 = 'e85dbfa0e2feb759fc8edef124590990' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c48f-2da4-4863-bcce-4e05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:39.000Z",
"modified": "2016-04-28T08:06:39.000Z",
"description": "unique .js file",
"pattern": "[file:name = '60a86a4.js' AND file:hashes.SHA1 = '9a218270197ec04b4a8268562ce94085ee2d2c1b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c490-f894-4575-8bbe-4744950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:40.000Z",
"modified": "2016-04-28T08:06:40.000Z",
"description": "unique .js file",
"pattern": "[file:name = '60a86a4.js' AND file:hashes.SHA256 = '81e2f8181c7656f626ee6ba8e0ab49c0ad2a702e3164962624a38654ca3f484b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c490-5f90-43c1-adf8-48c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:40.000Z",
"modified": "2016-04-28T08:06:40.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANRAnEig/GqMmAcAALkUAAAgABwAOTljZmU3NjNlM2U3NmFlMTRmMzI5YmRiMDg3NDlhMGNVVAkAA5DEIVeQxCFXdXgLAAEEIQAAAAQhAAAAvxKLhB+WQ7EHLTZVCnddu1lRqiie8go7xD3D4BKje6KEKv8G1h747IzC38BceLB9GqccUX41dTRB2WoXpPwZfZFwF3H6XxjpDAuxUMOs9P31crXHrlmgzRj7u0Gls6H3UXwBuL9sgn2usLj0y9jNI902A5UUD3GUWL1fxfRIp3j1IT5h7aZAUnzfXpl9Wh6GxeghpkybWZ4vHJjiHdAffFaV4NpylOUv6d0wOOo3plZ7hzR6Cu0QxLhIRsfX9fDcMr0QgaPkuRiqDLo/CGITAIUY+kfIOnrVBbkErxYzCLmuGbEdH9crbKA8tNlQd9SG7D/I7BMG1vQ/SRGO8EM5CJ2qQESsi+2ebHU6u5wE7QniemL0dZU9nyzlWGQlVPGd4J8OAk7c6EJo5/I9f/52ZE6zzqHWPWTv2xUOPyp6zberY7ex0+KOXkyaugahduLpKo2VPDIBi7NtBg1FtpG8CxqJ9BNT5ccQ5/b4xMe7ZaTcUPpY8XiRfS7R2VZ/K1xZyvmaxRHMSBeGZg6ngx7v41uIzJkkCth7nccMQ4lKLkeViot2yr75zRqPXbMdZnjrnThGHSxBE+Gq6xAloBZZmLrqIny+zpCPGlJ/ZeGMgmv1IMSVoJDzr2Mk63QXOv9syhOrLEWHBN2iufZpTmIp+SCwJc63FaOKJeokO+F/U+xcZAIG/84L4rOF1Ie0R7Vysxg6pAQl5vgTi7lzLCwfqHf8SF+5n2iWKykFLo1VLR/ZhLrqvlAllgqEg8JQXzcLaEhmEJFQxWsH6RMhdDW2cWXZIrlJPyRerkbHWLPRbEq0TftB/96jtkHcQYACxNEZ6H9iKorzLRA53qhXinza/jzgO9xcExKsuSAU86Ld9OF+gbevYYa/GTN0g91lgWLz22EUWRE2d7vS0OkRCcJiw2NHcW5mp/O83DBrHtp8+p27DLKBfkn8gcrM5hYskSA2CW7yZJo1QH8779xHotUNVDEAonewAKdWG6me547QADm2cYnBqYPYZnb/gpdd0dHwDlnOvxe+i2Lu9GXV+y04+YJcTOb+dtvaViXCCOCPq4zDewBbkAzU1S8ZFPjg4zqSTeyfwgkGVOPjD+2BHbscEuno4XtQkRAce6celv4OhbVC538IdfLsydssq4/eKX9AaifXcvgdWcDKytdAeTiNSgbNpHToIJUfq6lR1osVW0Auns5Mx8dGxPTgeG6O+ruaHW/Qooziagf4VSRo/Hq4uwMyF7JJ9+APFqFTN1hEvypAnjLYU7U5p3tDIVl1W5rgw03P05RZN9N43CvUIYAa0eUBnB1Iydas+u1FRKQfq09a6UtPLeHcyR9qZ6yhcAkCQoAuL+dTZb5K3X/GM80Y4u1w7kssPn3P1McgrHNvjd0jBA3ekMlYmmyK/uRYrwVV39UoSr5b+MFH7NGFJfwzp6S49+XpFwtY5UBi5Az5GTgjye87fLNeg+N/2egJrWNZenn2qWrAiosLfTY6Ji072T1qjKS1ZMbGZU1OWmLt3EJhhXo8EMWDrPM2dEr5SAmikn0pEslKm/20QOKjno5GAXybO8An1msLeE6I0THH9UpN6/HRhyImuys/k2GsetfeCW66WI0cCQBVgg3OsVk34JgXpAyZYe8fO+dE2E56sJQ7k3P63sIxnYc+VQyZ+uaLq9IzT7FVIS6wo4UC0bg6mGz7XzoFbnHNaJLxcb0oRSIA3meBIHwP1VQiI2BC7uvrae3cPPboUF35hY30U4mX51bkXjfxzJlmmxQU3bUixmYqO+YlDCHuEOSTrsM7sC9rvjjhv2tESmb0YEFUXa4+j+eVlIoSO/SDua9FpqCfzvDPQ0euomNWgQUV+b3FTknInYxLUZ4pc2BFHZJml11RjB6F4XEMeye9V+WWU7mt/onFlp34pnDzXtbQ9/IQI/8vue1Hun/vov/jd7tzkE6P7sBxopz5Xc0KAZGhxpddpUS3ayTyLMB3fLsgtb4pwrW7f0SEf+9CKpGJ9mS8u91ZkLIgYxiirx7x1TmIzHzF+umu6AatslPFnkjdB/hbbahA6xBmCo1D613yNT3tavyEdqHjW80VeyY/knfZ8xiKvj5aMsALCJ64cD7hyPwb3rQRdFwyldVSJDkXqZtmgVgegBkUdLV2IaMjdSBs+MeyEFprlTeSB3GMSwjOQ7lbfxugAH5wOcAk28gjoRMnLPTYevETfweoEwLJmOywXALSWk49TX+mgdpKrMNcAIyWa4jpjq27U8h18pIJzITsyNxdjPL5wXq42jC+aQYpeG19XV+ooMI4waslsn/hD/0037t5Ph+/WevQQjEqKTcdR0/G0XZfbASaI7YpAOzIzPiSvPN9JgwHbBMswO5IyiK7WQgc99aIsy9Hj6jhXVmTJaf42tF7oozKUvE+FK9tDLm+KoMp3XvCS13UqiXdlfSKwHiiEkoy+4I9N4n5U09atUf7TlX9m2bfQ1ZKyhSZI5D6Phxv+IJKMIH4jH2e0O0HVNobZKmlMF2a7G+NlC5vf06HmzSYTW3c73yG54HRhZnKDPvSqHBK2VLP/4YhH93B3ASPV8I31iN/MLO1787PezoBaj+nfdWjCucYUEsHCKD8aoyYBwAAuRQAAFBLAwQKAAkAAADUQJxIUkSmXBYAAAAKAAAALQAcADk5Y2ZlNzYzZTNlNzZhZTE0ZjMyOWJkYjA4NzQ5YTBjLmZpbGVuYW1lLnR4dFVUCQADkMQhV5DEIVd1eAsAAQQhAAAABCEAAADSqq3WWVSJbgY9uhS4QmlS+XqFB9bRUEsHCFJEplwWAAAACgAAAFBLAQIeAxQACQAIANRAnEig/GqMmAcAALkUAAAgABgAAAAAAAEAAACkgQAAAAA5OWNmZTc2M2UzZTc2YWUxNGYzMjliZGIwODc0OWEwY1VUBQADkMQhV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAANRAnEhSRKZcFgAAAAoAAAAtABgAAAAAAAEAAACkgQIIAAA5OWNmZTc2M2UzZTc2YWUxNGYzMjliZGIwODc0OWEwYy5maWxlbmFtZS50eHRVVAUAA5DEIVd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAjwgAAAAA' AND file:name = '85fa7f0.js' AND file:hashes.MD5 = '99cfe763e3e76ae14f329bdb08749a0c' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c491-2ed4-4f57-a257-4f34950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:41.000Z",
"modified": "2016-04-28T08:06:41.000Z",
"description": "unique .js file",
"pattern": "[file:name = '85fa7f0.js' AND file:hashes.SHA1 = '8077130148618becc578d382f5cc5f9a804011ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c492-3cf8-49b7-9dcc-443e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:42.000Z",
"modified": "2016-04-28T08:06:42.000Z",
"description": "unique .js file",
"pattern": "[file:name = '85fa7f0.js' AND file:hashes.SHA256 = 'fd761520c97979e47b7b269c78f1aeb6002bcb0c704928baf3c1c89317a5cfc3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c492-0368-4bf1-9803-4341950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:42.000Z",
"modified": "2016-04-28T08:06:42.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANVAnEh3/cobOgcAAAkTAAAgABwANDAyNTdiODY4MGY2MDk3ODdlZjZlM2ZiMTI5NmQ2NDFVVAkAA5LEIVeSxCFXdXgLAAEEIQAAAAQhAAAAvxKLhB+WQ7EHLTdT+w+3AAtPS3t2dsqmRn7GDyJzSpeJ3Y3ZiWpsYy/resmzUjIZCqNegU1Z6TFunVlC77wjqKuCTK9pXzZg7shSUD7QV7ulIjdfwczvUHPpDWsaCbP66KQtPbzGs2Xh88duImlj/qWeRm1Ok/fJjaarJ5ou7nh0xADLuHN+NOKhnSR9YCMyBkRPKPRIVqnNDJBQPmUMGMYR3JS/btWm5xzR3956jeAzhgNe/FYPtK3cxLVgp03w2kNiVsHUFI11x4LxtFfygteMudx2fc17RPTRGR+ANZAFPBTv67Fz3uDqgy2GzPr+LwUKejfs7gALLbBrsbybrJ89MNDCLgprZwre8dhuq4wVCTrDZuxZ6tQiXKRe/jHptiGuq9eSH4ySkSWmEmdRSroSt6YVLQ91GJKfSS0vLhEtTgUmCRlwePj9a+dUVRfDBFziZwM8/dZ4hUUWbNT9fd4Q2aY4cy2Ptd0AT8q2e9TUgwiEZ77nONcYbsvlYhLECsZMAZAQEy/qOVWI3rRQFbX9ZB51IAlgrNKotHfgqqyMmMCtZj/U8G8qlcSYZPDKlQJ3IrYlAjRCtNx1lTLKcHn3ySjkYRzDVbK5md0E7dnYOb2TpbzQ8IkOt+z055mqaEOfHir4+/WQqqsnM8qa1XjqS3YnJvB90n1p0n55xXMHK6vAtGBh0MAf1thA7s8YOWkOubon3EZmfGhpJJFDGr5W0LKI5yh/a+hZh6TuTP8kVGzAsbNI7AVsqR8SQfEzqpIrq5qYlkeht3/6WyOSnMhU1LqypnW1FWGSC/Vj4C8iNRbCzGXjd4Xj156MryLCalSjOoMXQ1nosXQDp74NyGrpnhQETzEZ/pBMPLSSatSOmOBvPUSIkMuFqfiAwfnXmHqRk1vYzpcA6qkhTOYlhtodj9v0/EMYhGFTr/H4jQTkSAOdA3/PyKX0a0A3xuy/smxnWxFYQib6M7byIAPQx4jXTIKvNhp0mNANDjWiBBeQxPcaHAsfXV7YPEI+Azgdta74zZgjTllbKKuXiWEpTigePM5KnbQUdFB7clyoQa6S0FjDyome5vbOjOcQrlvKP081uLJDqSzRcowjJRqPC08FuCKuRagYXINxILyfZW0+Pw+h8pO7ygho/qUxmxHlepJShr36qjktg7cC0KqKgzpmlziyndhOHRLTyiHAV0Hf54aqi9SjM8YBbYLlobv/oeZar84aSbex6rA7wbMdAwhzDHkr7txos42WYuBK9/9Xbn/oYIyn4Y+Nicfu96rotA5xoX8EYCjT3lY+lXycV/vNng9zcy0CH1tycNpaWWifrQl/LuStfgX6XITuhZ3Yr0nPEL5wz5AK1ftOUw5o2BVmftZ0AyS/voGWl4VUpgGJ5R++lA8UiAFjcIAP4HeHc52zNEAT+4UVSCa699iEw6VyROTN5kYs3rXNItO1lmcT/xjslwTuW3UxDb1uE2nsRz76TAQFw9IBIlNs+i97pxvAJiUxMWugt6pIlajJMfLHB0AkWKl29/1BCTsnfDwjrsqhTc9hHvYwRTUavVxRiuCP8hHiRSEnmroR8L2Nod+mBE5wULnDhmUWRtRyzf0kzZ9YFVQEHqoHv6X7WKgprKW7wdqxinxoQSezIlFH+r8PAjv8BSwexp4h/IuXDr8oefGt6JghC5oV4d6hmsJmmwznemPhwyPuKTTsiWTanlObJpGOE9fnLgJXZ307iqSvg/JwVRCGk+z+0BxR96k6R2w8N6TU7sIn5l+xTYxwGmbfwc/z07DYPc7AZl/csQzrsgVlndompBFdfwLxFAO4/Y6KlL2q0kOWUTj35ZpCqGQTSP3nFGVbYYUloTJkwWE2Ki/t1ykr/JlZfQAlpvu/bN5uhL0zhmMJxzDgL6clr8m4xQaogvNnLinkRw3iRR96gKh8/pYgNVoSk28lS4jT9pwxNOaD0JyWYr1J/UguCwuwkOxhANpdhP7TKOXIAnmINf8nw2714cymxVRjRqg5EBM1o/TDzRbCopSAiev+e0AmFAJ6cUVmTQWKj9IwCia7T/TOvBjnGuOrgrqE2FYhAn2tW36nGhMiOZTGeS1dADxv1EJedMRyIrvWLx+E/AAtlbnNMypOvM18RtnaG63PGK3TYHewFDXfnkWguTGb9k/RI65Vq+CJwV5ohZSEsawY/OA3OMa1MPeZ9Sb+7LkImL+JA0JnB8AOPRbVmS1csbB/BFTbxBdd7zIiJl0q/H9UySp3EQ/qvJP2MaqIiLRkl9N+xShfQioqY8vsPjl7bHxsl+/9YUaI9sLH1dqRCCwGzwitCpxL+7uIAvS8rEk2LGQyfEKBPKN0phjWzKkZKl0BVIFWOmjA1kllNhsHPjsvJJD57IhtteDYlPASNhdm3iLsLVu3bnLZ2mhXCeIJZqn0m4tJisIdTty+O0omUSpyYRHRJY1c07r0zsQIVyVH8N3a8gk8BdAk4UpQSwcId/3KGzoHAAAJEwAAUEsDBAoACQAAANVAnEjdiaDXFAAAAAgAAAAtABwANDAyNTdiODY4MGY2MDk3ODdlZjZlM2ZiMTI5NmQ2NDEuZmlsZW5hbWUudHh0VVQJAAOSxCFXksQhV3V4CwABBCEAAAAEIQAAANKqrdZZVIluBj27PWGf+tIR5MXUUEsHCN2JoNcUAAAACAAAAFBLAQIeAxQACQAIANVAnEh3/cobOgcAAAkTAAAgABgAAAAAAAEAAACkgQAAAAA0MDI1N2I4NjgwZjYwOTc4N2VmNmUzZmIxMjk2ZDY0MVVUBQADksQhV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAANVAnEjdiaDXFAAAAAgAAAAtABgAAAAAAAEAAACkgaQHAAA0MDI1N2I4NjgwZjYwOTc4N2VmNmUzZmIxMjk2ZDY0MS5maWxlbmFtZS50eHRVVAUAA5LEIVd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAALwgAAAAA' AND file:name = '28745.js' AND file:hashes.MD5 = '40257b8680f609787ef6e3fb1296d641' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c493-8d68-4cf5-acc3-42da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:43.000Z",
"modified": "2016-04-28T08:06:43.000Z",
"description": "unique .js file",
"pattern": "[file:name = '28745.js' AND file:hashes.SHA1 = '7bf4c268c252fa49cfae91081735ef0b6e157b50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c494-c590-4bc6-95b4-4449950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:44.000Z",
"modified": "2016-04-28T08:06:44.000Z",
"description": "unique .js file",
"pattern": "[file:name = '28745.js' AND file:hashes.SHA256 = '867215ae7b89296d24fbdfd5d76974dd3a099c83a972723858380f9ecf1c5df2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c495-9e4c-432b-8b11-4885950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:45.000Z",
"modified": "2016-04-28T08:06:45.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANdAnEgJJ8t/XgcAAFITAAAgABwAODI2MTllOGUzN2I5MTQxOWI5ZGUwNGY1YTg4YWFhYTFVVAkAA5XEIVeVxCFXdXgLAAEEIQAAAAQhAAAAm31BqBU1eBXTPr0ucs8+gyRaYGr0IPT/t3N5uXvq1asWoPdVSSMJiTAVJIGEePUezDfs9TxXkKxTifPJuUkNokX3woRCyQ1YJNVFNrvqOby4nSgAb0br8YBXHotSBfqbRoDT6UShyNG9CdNeqlVtRoEDF17U/9c/yh4k+TlQpLPSwXODG+rJ/ujcOdrw+w0keVOBK26/HqLJLGbSQn8pCbKEAQ6Y8I7OoopanluZLzNYH3f4PDGxjwS3XsRnNC5O1uIN6G79wNANCipn0lUw+t8PbWxjqS6ju6WZV6QIsJyD86cukmpMTDBdwq5ZV6Jvm/8DKaRVULTkaN7VBUJSJ3X51P9Mk2h3ij73ADczpcIDe/iora4sGrO/p9b2IQvpkBTOCX2yrVmPr9xaqMqJB3epekq7nYYF5RXPQ8X/v3KprNoIGjudX5IEOcjNheTLdquKjdlJFQqHi1n5sd8F3Tx5elYGvgCFfcZujVW28do9X3d5I+ibKtoyK5x9K3Jl5PguhzxNMnfO0mXzf+EdPyeijKW2OeRhxlXHPGouK+ZnIMgQwa6LnH7/uViMscbvB+GtMM9dX0saBhuz4YJcKTaCuWQpYFchBWr3ZAIyzTCOnf8IhxacqT84CzTnoLa0dx8U2km4f72vxIEzsYn/y84pFRlDU2P3Od/yWOSFI/yrS1vCs08V+s641UdaA7Vuc3iGLsxUY9TOqWIwuoUMxZJpiRAzOTm7jWqcsp3dnKQQTvUxOCWAbMszhHGKIiEuzQrZSpy+Stl27kI+c69hkYB/eppI/PTN0wiZNvPlPPIKjguHf0vCGNd/LaJiC0PQNhusyZO5BoKJYzJfhKnQ8PxhpEl/jmwYBdTncrOQiZzozndymse4knyWcEM0Rx1Oks14E6dtgnn3cqLSws4RD1UfKYBzvDrI1/DOgSmhOLZdBzKGR6hCaW9skMUTfuepLjwvzXSrjDU7efS5OfSv2gE9yHDmrY3kpMLLekrwh1UCZPEuZprar1OhENpTWSj5km6xtGtxq5HgeFLHTmW6umqPfrcnTwyoHf3HvcgeKT04WnSpdh5mehFPcqoJsjEr5K0L/abBTToSE/qOC2kPoHRoZ2EkAQH4kBw8eJQoG/YiCWqgE1sKFbfu4NgAWiKKf5JQNVhuF9PmiIGxsfPfbl9VzFc1NOsAjSDC/Lw0pRMwE41cerV07OEfPRw05V+DzuJnXudrykdRMvmxngylQfBu32AILw9TfQ1/JtEc7n4P2ku4KCrr1weO63DNCjaIjo5c08tkIdG9EP+hF4a34teuuhIsoQYAtsglP6ImS5G0ox/tU7H/sEiZ/BNyX41qWHTGaCKPyDiSPF18ugGAIzRjDr0vnATNw/DR68ruc2XwG8sFwCXYnx/phFSI+rqI1KnWTBdI1aVtP2+aKOAso5Iu3eUE5j7qia2BKEfDjaHE0t88xk6Q5rdmVow8JA38iG80SaCabH7tvIOGQdR6XU3Orb7YdQ4VHarX4Ci2R3OFqhNB2d4TFU2/ltJfvD+bAt5eeI0MO5/HUHMm9iGGJLLwrIv0Ix1LyXEbfDiQfyWRWENS2GUoxUozQI8/IXK5HNxgdf00txxaXYgM5pin4YWceeLNNIacOPW6NDLfhWxGlaRVjcdtLUz8H674kxRRh+02Zup/4EfVQRiDG1Nv/WA4Q5T6U8IBF7JZkmbQX0hehCWhUvUuVFyyk9THZuR/QGP9oOUcHJcV5Vy5jlV6iMk0tXFWHzHMKMQzSrcBdIL16TYAzDnf3Rphc/J+C3m8BZtcTLynltZrhWds8cy2Tdjty/DZfJivchHEunBSIyQPGg3pVK9dXIcUmIHxkDOZ2WAbntF9KLzMRvBIdldHxZAJsSSpnzH9TjO5u4bTEXHP5uYh7AElmiD34x4NTCow7NF4IJNpd0qITy48Q3C8nB07T7BCUKkQc372ub88rtmxeQ7ojEg+qO+z7xAMaFelKt4Hr7mKjcYGdUfrcpaM1GfNJA+etQ/gKvNFFxLUAyE+meeRuTvs/znCY6lUEcaQbWRWY5qWFn6MQWp6dj238fW8nDLzq600ugyqfW02OwTWM6bkVRiYvS3fCphrneCPjtWdNryEhMvuH4DjJs9pvVJua+wlCBDOM4E94wb0J65zp9RxCff3LocyjNUTLtF6NDVCxXDjVNggMCyDdbfSFEJEqHK7jJM7ea6rqtQKKu/o/p/1FXKve5wh7os6AuE9nbfiM4cJV6Rdi/sN7tTMr9M8E3NwFgp2GwngqGJyHy+L/ME4Ke/LGMSDAmox0SAH0NEmLa+FDp7MWq3/6aiPGiYq8WkekMYi0BJLzgpWdSMPmtlXGS9Vh4BmYhJqV9aclixFEeejXAWdtFvOZM9PNcUOhaOy+/vnfrXdc4ntajORTfPT1bgvV8r/n707TTlDeOiIgMI5VCzprbj5DKtHBEHesuiD9JCUpc1nLnVr862/aIYBhN7tKexOXC9w20qFuSjEfQgYIYhC6dU3lb5QSwcICSfLf14HAABSEwAAUEsDBAoACQAAANdAnEjw47fVFwAAAAsAAAAtABwAODI2MTllOGUzN2I5MTQxOWI5ZGUwNGY1YTg4YWFhYTEuZmlsZW5hbWUudHh0VVQJAAOVxCFXlcQhV3V4CwABBCEAAAAEIQAAAOINEoWxvJOY85vK+2IOD41kunA7JRyoUEsHCPDjt9UXAAAACwAAAFBLAQIeAxQACQAIANdAnEgJJ8t/XgcAAFITAAAgABgAAAAAAAEAAACkgQAAAAA4MjYxOWU4ZTM3YjkxNDE5YjlkZTA0ZjVhODhhYWFhMVVUBQADlcQhV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAANdAnEjw47fVFwAAAAsAAAAtABgAAAAAAAEAAACkgcgHAAA4MjYxOWU4ZTM3YjkxNDE5YjlkZTA0ZjVhODhhYWFhMS5maWxlbmFtZS50eHRVVAUAA5XEIVd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAVggAAAAA' AND file:name = '623431b6.js' AND file:hashes.MD5 = '82619e8e37b91419b9de04f5a88aaaa1' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c496-df88-4a5e-9966-4b6b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:46.000Z",
"modified": "2016-04-28T08:06:46.000Z",
"description": "unique .js file",
"pattern": "[file:name = '623431b6.js' AND file:hashes.SHA1 = 'd6659f0ea7ee37bd5f8f77e2a6c1447eb798010a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c497-dfe8-4223-9cdc-4908950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:47.000Z",
"modified": "2016-04-28T08:06:47.000Z",
"description": "unique .js file",
"pattern": "[file:name = '623431b6.js' AND file:hashes.SHA256 = 'c275a4524577d6d0a0c8a96428619f643f0825409018eedf039d49a5cd4415bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c497-05a4-4230-8156-49b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:47.000Z",
"modified": "2016-04-28T08:06:47.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANhAnEh61YsfdwcAAFoUAAAgABwAZjMyZmZkYmYwYTNiMDc0NDg5MDU2MjFjOTJjNmVmYzNVVAkAA5fEIVeXxCFXdXgLAAEEIQAAAAQhAAAAm31BqBU1eBXTPrJlLbk4FsBw3nbS50fK7buDDVFhDWMYcW4OWgvv0yyrd7++X1di0a0LGNLa5qtQ35Q2hC2PPv5qmKJ4wBjg59mKyKmb69kDQU5w53wlHh+vNes5y9/Y1cis8HDPuLcRs3OE7ZN62FNuzUlElcWSI9Cm/wrWTb8EWMQkZERIhW8k6WrdWPnstExwSv2zxLSFjx2aeHv+Il/P31ic2unDsGDKVJtTG5gItmzmqveZsTNJo55rOraCcQX5qpvmIxeoywZaBrSKdbrfYUpAVjex1pvUBgw0R7zNFl3uYfBT4RkaOgYyqHKtvADrmDQHHWHg0aWKFfa9OQ3uG3LSINFBLVMjLiDuxsMdL9pgq+2TymZknA0xXBHNmZ3IrznkJtF67esZcKakqna6l9k/qAg+AafC1U/lfMy99c6eqGYcXeR/oc78LyDl2Xaob4UDmItPWVFK9imwOftYexMMAB1mtWSBQrByIZH7uT8ltWFmpH5FuoXfmHPBZrP+hIQTN7ky4Qtio9h0R8ok+dYVr6JZv+tWDv80vztwYkTZk/c1kDvpy6RN1UghdNPqY+sE09lXUNtYydXo5ENX4zI/PDmJ7FxAo/n6Gcyvn85oyN8T5cOLYRmfUCknSLDDFvtIRITAXSceKP5iTyiwBtqAr4Pozu9YMG93+/pdTJUZApJ5zxGy530YNvbT/I4sB0SQRreLlhb5lezZA1hlAjvRUxs5qqJ33J3cJ+mi0RbJAAQkbMW48xv1Kem4AaroHsl9Mm7hgXK3sP7WcSxjptWYbuedccCwV6T69sDfme1dwYYRNqVi4ReVwPxnJSwiIvDueO7ubPIi6DH0DZzHurQ9BWvhr4q+FvCcP6KEB4cs6v1kkNZfwqXuKrCA1gwsKflFvcIsjUxz8Y07rD8qhAaWw6gDUMaXdEpvbzSlTxKqyAFKkchkhxTRg/M+u8Zu36/H0S1tjLe4x0Ir3WrBQvcaBlhiXtjbNhxD67oR+Sf8WgBkf8/xCow/ZbClm93wlVHD4FWYYQEpAX9GUZTxn4e+T99WovPxmnXKhNe7X75r8LEocmHqS5/9xHmBHc0M67bylm8rqAGp1gc8qj/+qjeCNbarI5LRiz4DhRypUyFC6UcI2qf+nP/L86ZiLRfABT9q4Ks1EXADFDtmopjPMlsZHAw+AelFOoQOL5inGuyZN88pGRxk8ODM8Bp8kh46ovzxVIn4ZuAH8kS4/aKFLJHlsZpa1IQtebgERrEKul5OUWTvPTgYFmL7s/sU88aqb9C+22pbPn1ocp8m3lyoLJKg/rofI7DdvKx5K+VdiJLZjVRrOcIQMWtCm1wTwGeiUlEt9BpIf8dgv0iMdAPXHkj+wAj2IUah4BuBidP0G/QVOpgeYHZeLdDMtbI4zwdRvzeH5Fiy4TIWrqtREGggWTYv0oqxVYRtay/vxPo+OHe/NrGfWucc4GR9AKBlUPLZcv8nhIOMBiWyUnjMOcDyM8w46RL56m3ZM+/vdFJdfjPUWqKPC30X5cnx4x/XEC2eafz9liCa6mED+3VXqkTaFjkgvc/5GfQx5uarlXwm/eLvvtU6AOoxhsXmHWmR3IuxMK+hcl30v6FNHLpBSI8awA1ZX1r3Zw00TvmgnO67g+iJnf7RY9vd4mSDNyIr5jD8FL6D/QK0wc7nyWljcvq6rSY3tzWs5D0FWR+KYarKJn7OV4sJ/gQyS4piTxt2EzPOxBAQWgIChbfYb3BvrFnh0mxbIqaguZnNXMmjNW12cVmPQlGosCsmNqPWuFUqiJ14x47+vYg9hTF7vhk51xX3j2aUgvm+QBAFpDLmZ8wlCnW4+P7vaBJ4Zf8TyUnK0I73weodMhUXL4bKGEK8sAIqn+v+YMMhav0jyz02/TAIt7M/99BXt2NJI0KAJx/3vYeUf5Wpg44jVrsedA69ZEbAd8CjygyrDgzrYWTcYOKc4pp4iEz4lyERl4yx+IYM9rMq0Y6p8HoHtJBTLch9ShUDmujCk6N/1zzpUXr/nRJ+eLV2cmJhPdiayWTWTocpiA/W4wjWIjqF8UeACci74hvZgLpacgeichPrHZ/betF8mMq5khlxm3Zr9rZA0gd5LygcTK+XMR9UTBaXqkiRNxtnm8llkaIJTYEGRzYA0gXX9EEoxtGdh+LAFGtmTjfwGURRXrmot8CyDOlPbEnfCDojIC5ke8ZVwOkt1AZb+gvwJ9CeUSV3g3IrtZRqrjOY5rfeY+RLIqjtcvY6dE23BMWksDdU6WElx3g34kyVAGil+I2uzvRui0Fm99wLBZzuIWPRqN6w0uIjrzxnnfzSWVZEdP0qCuRN4PrnYIczgnkWZxLTeguyf/ZM7Bv7SoUwfmtnVRsuYVsHlTQeASvshKcd0+mlPoiB1HynixZnVW+MLtR3pBjJfQIs0weN7mO2nbd4CWBkpWnTbeZ1CdAD+bzafOkdLN+VER6/yt2eW7up6YFfrSdj2uAFrlnKfkAtQy2Z/B3RzcvbloxYlqtrkP4gVkMkoyAVMvPpTSO+7jEy27X1htWCUEsHCHrVix93BwAAWhQAAFBLAwQKAAkAAADYQJxISgmF8BcAAAALAAAALQAcAGYzMmZmZGJmMGEzYjA3NDQ4OTA1NjIxYzkyYzZlZmMzLmZpbGVuYW1lLnR4dFVUCQADl8QhV5fEIVd1eAsAAQQhAAAABCEAAADiDRKFsbyTmPObxWM4mFSYZjzsF3r8I1BLBwhKCYXwFwAAAAsAAABQSwECHgMUAAkACADYQJxIetWLH3cHAABaFAAAIAAYAAAAAAABAAAApIEAAAAAZjMyZmZkYmYwYTNiMDc0NDg5MDU2MjFjOTJjNmVmYzNVVAUAA5fEIVd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADYQJxISgmF8BcAAAALAAAALQAYAAAAAAABAAAApIHhBwAAZjMyZmZkYmYwYTNiMDc0NDg5MDU2MjFjOTJjNmVmYzMuZmlsZW5hbWUudHh0VVQFAAOXxCFXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAG8IAAAAAA==' AND file:name = '08549889.js' AND file:hashes.MD5 = 'f32ffdbf0a3b07448905621c92c6efc3' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c498-5da4-4010-8433-443c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:48.000Z",
"modified": "2016-04-28T08:06:48.000Z",
"description": "unique .js file",
"pattern": "[file:name = '08549889.js' AND file:hashes.SHA1 = '5e635d5c8ae90bd03256da03d9e934c6ca0186c1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c499-de0c-416f-8d94-4d43950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:49.000Z",
"modified": "2016-04-28T08:06:49.000Z",
"description": "unique .js file",
"pattern": "[file:name = '08549889.js' AND file:hashes.SHA256 = 'f4afb034c48232a825b0e3997d6b25c281aa795af67b3c3b2cc9c371b2f888c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c49a-9298-4d4e-9e45-4d9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:50.000Z",
"modified": "2016-04-28T08:06:50.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANlAnEicTGITgQcAAOcUAAAgABwAOGFjOWE1MzExYzcxMmE2MWI5MTM4ZTliYzUxZjRiYzBVVAkAA5rEIVeaxCFXdXgLAAEEIQAAAAQhAAAAqc2crOfwpjIpYcWZaeyIrxlyLA21Y4V+K7XOhHnP5VFAlaAx50fvm///ZJ8pBBx8i+mATVGf9bUDw1kX5knRDVM0xn8q+KVMIn7sIuRBOrhJoI9ocFlfAWROp4hb1elkF2yOJBiSZccVfWYJImjmjnY5ufdsRZi0QGjYfk9Lh47adGDYeroCXFeJzS2zFgaVyoDVB9t3S5GKxD+uY3SsQ1ItLjpMAbDPDfSJ16l1LCR6S1No12WZkXuMf/YWH+kl8sbfZXyUmxZB99JJHmPhaJ56Ye3+Vmt0VmNHmQZnexObnow0yRmErnVax5QQoyNaqfftCdIlXY/M7lCVBlypOEsy5rR1gqeijUP9gfuouXmIQkIj4O+kbu2DnnfNFWaoYo7ilPFRHf2GqhPvzum3/NuBqls2Zln322a5jtZnRGbQmUTRslTcET7u646EIRMuyKgvkrfZL7oD1iEE+6Ps/3jzkubENo2Pg93zORdZeRI7rkdcU7cOMGVwHWFNKvw2rMhjE0SEozWAvjHxnmyK5Or1fC+J3rSYwXE0rLwd+jr+z6ktM7TvhYblEv8NiVcH3AJxPFcs01iTPlguANJb5ogSHGTpzU/Y6NHe69MUnAwavH3s67+iwepHYJJpRwulGCe4Ibpp1qAHDyMe1rwvRwIIgAWKckLCD3lDSR6Dq16M1d43zWW+JZclEqzaOTVPHMeAvhfrCRr9DprL2jzwHlIflz/jj5BHXoblMdoWRDU/WGW0VwffoyzE3OCcOq3El8RnkA4oF5OkWIdDtVHQ4gWG7yzj7ZOzi36sAwqa7cWQ0F/jrhBq/FTX0YQ548kaAhc6g2wz4w8L1xQuf8nUz2lytxJjr1X9i1op6QBFo2T6YLyd8Ac5aGKcNeP8h5vNLFZNJ08y2p7obpT+38WYMLvvzk3BsrND4aWupiEw2oOAHkUXUTWcHqigZYJBRvMXJJa2gpGIHm+rBWFueXgZwvAfG4pNPlfjRdnX/i3LJkk2UVfJUGnMPLuawDvtK8PQGOp6EffjQBEFQYS8r82EUCDRIKEUBoCiCt5NshxRYIWoYHTJbgcDMuV82UTTvnlSfdvlKp28rghQWL7Z2ThF3jc3YA2NW1wRRV0AmgQQsYBhXsbPti0r/h8xZ+rMPVsiL7PGNhP7X4vEAzW5R54xGhzHwnYIYTZrwVIc7nrIBVtebpRKAXdOYfDG/hS6nn55ZtMvEbUUfTH6ZcmQ6vA6p5vsN08v54Ywua8XJgWqNMJm7Sil3Kra6C50rEReEekE7y0vJUJqocuGEBd3mQBuT8ZeQ0irMLGJk/WknX7t4CaKzKeE+H4QiEng6f+xooCJExkoAs4LAl4xpXzqs4kp9DgjYpGjsAeIhVuLWaeEZLGUXBYb8EcSOLD7h4xCnSZgNdBzacNYag1uJEpsDkqFG+VxCAcRanFAYjd71zzmNmydNdPUKe+p80KXsU2DD42A+6utzrIgwpVJhn4KfnbEdnwWF5KdP9NtkrS18ve/8v4+R1Yp20bsCwn608d17EGqbpQ1NXhGQC0p3eSiKUviTqCySDkcmwwZ6iXrXA05xQ+qiKXYMM7emURtSjYdNu52S1aOcwoFV2v25LVTCtlW5oe3Tb++JoSgc3geU2Q7x502gQonNjRWArirUZs3fwBdquvxBBFz6pcW6YnApA5KUEJce2Y9I0ouPpK/ufy6Ky+s+vJdJ4hcustGMzEfNnk9C/yJE+L04V4Bn09WY702bs0vrqTovMsdkoKMludyrO6g5DiPG3oygw6XBXQcLu2y52AqBuxdrw9jHjv3FvkO0hSq2wUHJvs6/U6mBeRLBgMcRYq4o5T/I9/YqckB3joO6R/KuuPbozJ4qYrYM3zfM7oInlXcWW7Ytr8A1K4vfaHDAhjVb1lSAp1SBJmP1JYlZHRIOkgMJS9SEUw7Z9s8Ozsbvw/phU/e2ti37nF1cm37HdvPOyLO8E80W+8L1UXuOzJhIe36uI28qTtd0x6UqDbK+X1csicIV5iFksS4w9me63dVdJ/VinUQO6AWs/PcK7A2+ypc8Bnln51zqlTMDFH8ny3DCwJ6++Xmzas60/VYrZPGB88MGMZlrU3ocigMEryboZHj4YWHxIiC/mqp06Ujbc1cws+RHhTSOQIyzVFzKKU3sinTDOAl/f3/yh7K7f+7g6pMy15mIzZoU9PVc87f3vxDI/OJ1eKDFFe/IavbGR9EDLN2PteVj1goVX84oYYfA5ic+PWVtyWy2yNzDLsr1wPatUJEW5Ttb29a/NeWGrdTJ3lyNlN7TlX3UbJszyJu6XmnMHgv0G8hiH0ZXSn+aUreOvcTavAQPjPyDUaOWzmVmqsP4HOPqEDiK9yftNWxTsnKF4uHKWYvr/QlV10tNDi5PlK8rGfRlezIxutxD9c9ULjLLT9UWKHHC6SIXSpt1Vjh9c90QPfSjbUl/fBU6cHSjBeVqp38Wq13MXpF3LtwYLyVLAifZUk5dzc7INQ8rHkyv20WTs7pNDDZa49TGJ7Zr0LzEiddCdHekkUzgI1J7//vTNLi+ULeo+7WYFBLBwicTGITgQcAAOcUAABQSwMECgAJAAAA2UCcSEkBOasWAAAACgAAAC0AHAA4YWM5YTUzMTFjNzEyYTYxYjkxMzhlOWJjNTFmNGJjMC5maWxlbmFtZS50eHRVVAkAA5rEIVeaxCFXdXgLAAEEIQAAAAQhAAAA/nVNbFi1ublk8FVD5/GFMdt9P/qUz1BLBwhJATmrFgAAAAoAAABQSwECHgMUAAkACADZQJxInExiE4EHAADnFAAAIAAYAAAAAAABAAAApIEAAAAAOGFjOWE1MzExYzcxMmE2MWI5MTM4ZTliYzUxZjRiYzBVVAUAA5rEIVd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADZQJxISQE5qxYAAAAKAAAALQAYAAAAAAABAAAApIHrBwAAOGFjOWE1MzExYzcxMmE2MWI5MTM4ZTliYzUxZjRiYzAuZmlsZW5hbWUudHh0VVQFAAOaxCFXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAHgIAAAAAA==' AND file:name = 'b0f889f.js' AND file:hashes.MD5 = '8ac9a5311c712a61b9138e9bc51f4bc0' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c49a-4878-40cc-94ef-4747950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:50.000Z",
"modified": "2016-04-28T08:06:50.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'b0f889f.js' AND file:hashes.SHA1 = 'f591231e9c3308bfeb691bc7ae99d055ed065cc3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c49b-8da8-40dc-bc18-4eb5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:51.000Z",
"modified": "2016-04-28T08:06:51.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'b0f889f.js' AND file:hashes.SHA256 = '3697f5f6e0f31cea173a4450498a6b031d0c1fa934b384660a31b38ac4d8c5d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c49c-3f8c-4ac5-8aa7-4448950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:52.000Z",
"modified": "2016-04-28T08:06:52.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANpAnEj37uNTWAcAAG0TAAAgABwAYjdiOTcxOGQxYzZhMzg4NjgyYmMyZjMxMDNhNzIxMDFVVAkAA5zEIVecxCFXdXgLAAEEIQAAAAQhAAAA84AYeWvazyR2j4L1jHx9LCuzoOjBCK6IdrclBwwPDjKXq3tOA1w9R8Q+BiDsNgTJPFQjTfAL4zNtfDeh3wpp5fnzo5FdTNjT2+eVsfaxD9t5TQh6X1ELQaT6lSzZxbGuYmLjWob/S7KyaMXk9khbGl3VPSu1CdJH8qn/6ntfJ0oL9nkcZ+trwNj9iN9FT3M3Ab30SBtWotobJ8w8TCAXAiIGeWvK4gQJ6sLxHGw+SyliHnkPNhMbLbg0wKDFn5hDgXRlUiT0NSzHyniFHeTevk61zjKazhQUuFp8NbC8lX7VRG9cXrMVVjwpHgG/fmeBlCUJVCumPH0yQAVE7QfmUGh/WEb6vZ9dIpvSEf4nqFySJ6w4KcSeByxOWMatg14tlMQuoxt0G2Q8eRJEQzlF2+6W80UB6qrTU7IybST9OMRCInVNjTL9lBnmRq9HWzXwlScMNggxKGm0ZzYTnw4dMcqRUXGT5x/BUgY2HYh3Xil7siFzi4XQvs6CrBCEHkOQb4214LRATZ3M5dwxDB8wfu2xzqjyNLfatQ4o4T8FF+qtFe07AwsCyBmhywDKP5M6YpsNYZR+g4fbRgYHc5wwx1ZFau8YrLLXJV+QY5AZIAjUBOyvhyJ/FA6sZ7IcBjFXZqF9FKOU4Ui6aiS9LkyGpuBf8SqHceZ1H0CMfTuwG5mlrIhWZ+PiwnSl2TvUEeVYqgb+xJGIUhsXCxBkrWi8u6OHR8i56p8QUxFDQAIN7KW+YX8JEcj4oTYJb2ag0xeoK43wyIIfhZZzFds72iJqmFl1XzWNyOhNbKlE0WLdFZ1FjFiqD7roFqI/cuhgwe+t0CBGtEbw7yHJb8LsYXqJ/KlHZlrf5X+VAJSMUQgIlPPHuJW589hpNDdWHnnHoSulIIiMwBmCXKmU/XXCiQEAnjnHtIrTmo7D4/3dhtK136tw74CFNlKjlfV5D7JENBEKIjCQcjN8HZhfcMn2zhMplwuyimoM/wKwXBAoZtN2VZw1VCdSFQBYHSgvajWBYSThy5jbxufyExyem68OUJEvdbmZB241ahLlnG6wun8bQmJ/BrX6LouAnPvVLq2hCeJi9TOUDMK/KnswsCyBs5zeNJAc4eNDkr4CgnXxaUkU3+rDWq2bmMnzC1H/TS69ec6Ynk9u861m8yB/62lod76z5GAFLX6Y218tp+nqsaA0ttzaaN6z6364OQS+CFrHpi6g+KZgT6cYXVwce164T1FeqtR/1LLwd6riOp5kxIMiCt785X2/KhwnjkfaVL6qGj+0AyFGkA7WETmDr2eb65wPJAsQtHVicy6EkIzM9FJeIpi2nuAq3zx8jOND5o8F88KhP4aTkySOpsgZZsEtYjZxizyADdv5yVhJWcVJmfhUzZ4z5AfdT2DuPV5UYVp+RhAwp6nvzAYLTzNEhgzsItpidfIS/zY9X2oY5++rl2vKkzHcrp7cWXK2Spt41hJ7vs+HwHL9496X7przKcski07yYmYuUV8gYkl67d4HjaZAhI/BRljX3ZxDTIG1du7ze4+LQ5ImwZKkOUvgZ7Ga+WgZ3ymUqEyvucGDNFZ4SvnFPE9+TRhyfItnNad8AwC67BCnXoIY+AsZYFoOqHLUevvboaaLuztUEmkrqx6KPUWF8/b1W2KmA4n1E2Q7194egUdK2AZM6YlQBOhrvqui4jeHLZelJU3OBdxz1JAOnSjRCOrOrK3dsuM1qYO49YYJ6tqCDLGhSpplUSEFYIj6z2UW1pVrCJKypnXArMNj9tQI0WG9TtiJ36j5f0d0rU4LrAqfPWSKryZynzp0t1lSCFI0cwyyL44NpQlcVYVDMaJDQm3Y/HWpkARsafmjMBp81lC3G31BGzJEWpzdNLS7l217mXk9ybWpRMOoTLJOjhKXHnNiOYfNpF2Ybxj8A6bfGI8rZuG2/5kxJxBMezQztEsrXWiuxRQhkDJLaRk/FOphDyQZ2fJTtg8OkOT4U1SYzGeTc5Qm8Nsle/b44N2IHvvFjm2y+XiDniX8tw9mtk/ZGIV5ASFbJeM6knOH7i92fvD1PZ/6ppos8KNICLFCvGft5zDUjAdVBEBNtlUDs5gHy39zWP1+yktfV6MD7evSxJkotpYq6f6R6HsTs0uJ1J3HgtTVFffclB4S/YpWZ2/EzTKUKdlfjnEt4teEG3v7CanflO45Iplfn75PjkXVCcURymZ3YafXo8TDGja24k7Pa6AqyxSl9UpOGh0gEgVUKEri6W9rGdGLLxFx/j8UQv8nJdSobr/4FM2cum8LtpBghpqhsf1qBWki8m5xiu/t0Cscdtvdsh8QCQDZFiuyzUp7yuoGZui1JNOu0VPSfbEegCEAsPawPCOqLNvHhYhRYo00zBTjfYD57xtMZzODYDyfo2D0zt12wOLigZnBXRE898aWHtd1IAb5/E3SsV4G5h63rHF2d9R/kfk4WZ3jCpuuOEJrpAQz74HR1/9OJtVLMUD71MOU1z2rwwpOWM3w8KBHnxnjmLjECWxQSwcI9+7jU1gHAABtEwAAUEsDBAoACQAAANpAnEiniO8dFgAAAAoAAAAtABwAYjdiOTcxOGQxYzZhMzg4NjgyYmMyZjMxMDNhNzIxMDEuZmlsZW5hbWUudHh0VVQJAAOcxCFXnMQhV3V4CwABBCEAAAAEIQAAAPPsbiS9t/hx3+DEIazpL/rRStVLBbJQSwcIp4jvHRYAAAAKAAAAUEsBAh4DFAAJAAgA2kCcSPfu41NYBwAAbRMAACAAGAAAAAAAAQAAAKSBAAAAAGI3Yjk3MThkMWM2YTM4ODY4MmJjMmYzMTAzYTcyMTAxVVQFAAOcxCFXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA2kCcSKeI7x0WAAAACgAAAC0AGAAAAAAAAQAAAKSBwgcAAGI3Yjk3MThkMWM2YTM4ODY4MmJjMmYzMTAzYTcyMTAxLmZpbGVuYW1lLnR4dFVUBQADnMQhV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABPCAAAAAA=' AND file:name = 'bfea2b4.js' AND file:hashes.MD5 = 'b7b9718d1c6a388682bc2f3103a72101' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c49c-55b8-487c-a4b2-4bdd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:52.000Z",
"modified": "2016-04-28T08:06:52.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'bfea2b4.js' AND file:hashes.SHA1 = '728f7feddaf793f16bcea7ab684e4a6823e427e4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c49d-f2e8-4720-9cce-4b8c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:53.000Z",
"modified": "2016-04-28T08:06:53.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'bfea2b4.js' AND file:hashes.SHA256 = 'd92f3fc284793769215f820b761eb08a1eab7f6e265e84953f034c77a758e0df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c49e-eba4-41c8-93c6-4206950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:54.000Z",
"modified": "2016-04-28T08:06:54.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANtAnEiqxs5NYwcAANwTAAAgABwAZmI4YjkxYzQ1NWE1MzIzZmI0Yjg5ODdjMDZhNWY4ZGZVVAkAA57EIVeexCFXdXgLAAEEIQAAAAQhAAAAqc2crOfwpjIpYcd49aW7ezGKf3tNWhdCHAPv03XLCQP4Wk5oJ+K59pcRZwU60rD5Ecj+UvwhGEHxXQMeC2t6hS34fGiM5tnFis6S5jU/INcfUShlQrKXqNlaM99H65vCMvnY1FGcDOIYoFvo+pJaFwYWy4ySkrcT/6rvDKmQuNOL5XGEPI5WioNgs5nfhaU70fKBNerprpfZUA5df/xf5YkZJMF49cYtBot3H5VMfy2ChQekUPTQ/wiJQjobg3abWQGFsr/16Pb3MoYVgS413/pXNchImf/Y1O3/nuSbXzieyQhBMgg1KFU8oVhgZ+p79KwDFP8jG242C968Q1S/+PttaQBYYI0lqVH9gaxGyLW7GW0yirBA+11AIZO4j3vfOlUC2D7dqEQ6sQ1BXWfyucFdxWePrcB933+s4y6BF6EbWd+5je0FUMOgAvR1iPtPo4Erk9fMKuwYXGkSzGXl6XCIn88ABYITotr1dip1btpBC9BNRUCBuZ9EYWf7JKeXGzmAdZiI6h20ywI4CWqqkpwoDzp4BBYzXFfTOw1iOkyWmhgok6RGt1fiwlxsGY3SmXuoaYPxdAQuk+nYIpATTsAF2/FbB1hNn9ytQl9y4cXdywZ6sq8ATarzzT4BZ0E2l6ggWeRTGFmZs9tVKlv9/319m+650zEE07tS7GweXMTGLepki7okvJl9uhruR/kXgB6/8ISz/88xaDUvzK1b7uXYm5zcy8EbVfeiFcAL5c6pi9EyfKttTOmkVbRaVn2D+/Y5v8O3TuwNkFSCKPHAyJ5vuKeTayxaOmb7qvcQ0ib0t1ejxexOuRxjO/OJysvtEvbUUJOqq7x28W1wCSlGKcX2SQoDYXM6iWnnS3K3/cF2QhUWKJS33lSNk7H3RRGoHQy8KN6FzUYM7s2iqFXM9BR6voLMla6SFKcPiHhe6L3DMO6B8ZeLoZjzjwttVP77KRoDG1103bAReM7p3U/Hk9O4FHbo9u/8jcWCrmpYN82KNdDzYjZIJYcKMh/50dpCbZ8Bf7rJX/xlaPwgSvBwu/sagkZk6IxEvykvBwVwwleP7Ibs+qU6t72eK0/zIyb8EGPc8GTrnSCUN2O5ZAPZn98s6sTHtUzNCBj+vKKGpCP+qZSI9F5foHDeOSuJ7X51OMD98YKgLEetLDPNg1N74JEYHDpxPcxCzLEhNrbuspbY+QIBYy6LkSv4YDG+eGpb3K5zw6hwclZf6oqNYO5z/KwTVg7EQgQyzz4pqekVWKKhEYdudBz0mnyy3h24e9Znaz0Pc8ev7NT2m5vegbuyZ5V5tGQyR4Lk570E/VQ/o77rVcqzefFoY+Aip8CnY2GMggB37srLEpYO8Rpbin//3pWZ/4zCOjKpt29gnWor1JzTXYCYRpoG3MX/A8A+ZTNCkvn2e33JupmSHr5hUNHffE/k1YKk8MgvmSvuKWjlE3gOmCKFnmr8j/oFSAU+ZS69KIiT0z/u0yxNwN8Ylkg0zKNG5C7pkb7UFUTwHeCp5PcikiE2D5FSZ2hmcN24+JMV5OIdJTzDmzg4+yXMWR7PqbcZq09oeIoIjHeg9bGuzV4bSZsW5WaeNr10hgrX/YkEyGDDjMHlpQ3WUp0pFEaJNDEuyCMwFG1Ohj61X64PzQ+k0gGP/E1H+wVfaPOHabJPIIkwQ/X2BJ1bZoKRNql/wUIn8Gd0U6ZUjlE3Op9/u7X3GsgzgA67zLhQRXeZl2RlD84X1BfTv0THAOnNiBoSKTTnUkWyNNMeTHtv0AbpNeD7OQhKMZ9EHYA/jtgPgX6sEnMhcj/0UttXu63+0vutMR0URlT6hv2dooMhB2ZYhI1vq63z5x7DUJ1oL5J7HCn80UJseP8BI/AlFeVaiL4ROh3PnS7t2GGpsc0MkpxD7D/AX5a3dNVm4FP1ZN1HSUxirxuPE5EB5bm+R8TIt5hhoDjntVrf5TYz7yXBxx2ls7m+X2kAIjaN328pUAikr6gnfwG0W4HuVVE03FmvMCWryzYwDimKOK1xk1dumc6ztNi79aDYcVRRHBo8b3upW0fNXbGrCHrzkN1ql4ylo5WOiexJthCn8URlNxlN3VNt4K/jnkaC/pzLwc0EYpI5SlHMP2+12WYw8lrDEow78Yq9ulymqTlNa40omt1wBvrNrEWV94ktROjz95NOVDobOiD5zoLvylaHASPxDtvoFHU/Si05dHCY4TVSdOjGUfWn+2ClfdZvR0GFx+NeLxi48RwkecoGJa64jYHErm2JJoWns0npTccwdMcjH1kD1JyeuGXUiQkXOVmd+B3YkxawJ4rvEJ8Olsa9+j0H40750YjTW+oOmtiZr+0R76FxopIrhlJ3TdeIbkNTZJnsiaJInTMAh9C4niglxEYZURMuS2aO5qlw4RUTozVpr2MSCJsDid3MJNsYrWtBObkMiXbKpXStFIt8m0bIcNxGZDxMiSiTu926ul4s/khjh4TVhShjOqbjN9/c1QrdkPOB9xyFqVCjOABZRiJV2oxHNgkC5NrqmrNABlBLBwiqxs5NYwcAANwTAABQSwMECgAJAAAA20CcSGxI+1QUAAAACAAAAC0AHABmYjhiOTFjNDU1YTUzMjNmYjRiODk4N2MwNmE1ZjhkZi5maWxlbmFtZS50eHRVVAkAA57EIVeexCFXdXgLAAEEIQAAAAQhAAAA/nVNbFi1ublk8Fctr+kX6DcM2J5QSwcIbEj7VBQAAAAIAAAAUEsBAh4DFAAJAAgA20CcSKrGzk1jBwAA3BMAACAAGAAAAAAAAQAAAKSBAAAAAGZiOGI5MWM0NTVhNTMyM2ZiNGI4OTg3YzA2YTVmOGRmVVQFAAOexCFXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA20CcSGxI+1QUAAAACAAAAC0AGAAAAAAAAQAAAKSBzQcAAGZiOGI5MWM0NTVhNTMyM2ZiNGI4OTg3YzA2YTVmOGRmLmZpbGVuYW1lLnR4dFVUBQADnsQhV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABYCAAAAAA=' AND file:name = 'cb40c.js' AND file:hashes.MD5 = 'fb8b91c455a5323fb4b8987c06a5f8df' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c49e-82f8-4318-94be-4007950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:54.000Z",
"modified": "2016-04-28T08:06:54.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'cb40c.js' AND file:hashes.SHA1 = '79abb8548f1cfafb243a3edb372f77e00cc69093']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c49f-b1a4-4b7c-9cd7-44e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:55.000Z",
"modified": "2016-04-28T08:06:55.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'cb40c.js' AND file:hashes.SHA256 = '1cc1e3d7b64a51e8b00de1580f36fea5061f30d38db3c08b987a5f5a3fec7b67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c4a0-ae78-4da8-8396-4d6b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:56.000Z",
"modified": "2016-04-28T08:06:56.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANxAnEiIi7pyLwcAAKcTAAAgABwAOTU5MDYyZGVjYzI1ODNhZjY5ZjBlNWJiNzhiNDFhNzBVVAkAA6DEIVegxCFXdXgLAAEEIQAAAAQhAAAAjk5gWXnW4xElp5nxG3R/IdrEBMb7lg+KuMsrISNsTRBpWMDUkmeTQY14bkAdAo94AbuB5iR+nzlb38v4uvd9o4p6kZ3QnoFw3DCzfn7N69P4Lqo0S0Y95dnp4u3j/tP4hFSY8I/mZ45bQF4FcQEUCDUmcnDAegbRSQRxgnTkCYPL8EcrEIFYtC4o0MxctQfJrXtgn2po2qBKL41h2h0jWbInr9OYz4qK8Ijk/omPh0qCJxX0cdtm1F2lMcx1JN76SmZf7op3UPxhq/gKraUc1c3ESIsa/YKEg7agLgPhVSrVUOt2ZO37ftTLCYy7SegrvquaRHxLe7d2GwL/Oz6HzOTfgxjz1FVL3y6ufwUcvbeDYPI1joSB7Jo8ViVx+Z5k4MHq1Q5ZMLLipJFQHE2U7e3YZw0ksYtPH5z6pOojCji3ZNDOqcMfmECAil3T9JQPrcvquSWkfPCnN6+PGXSCMD7Cy+/Vl1WsshqnZzQkbfDVs74syXLIC1wmCWCON2Mm+LzN6xLw2HfPPFiZTBzBonkm9fSlVWK8LXh0253S0epPMx3P9WfojM3uwCpe7SY1FZ4aCABz/frz8YkI43En75JfAFPwty017H0IcJ/dKzuOFVZFS5NgvNYEnw7XzY6GTXXo6jhOiNIGVsP+o1zlhQaejZ/R4Ufg6JL0Q75DoE+Cfsvd5U/fRrlVQJ7mO/PgNSkFryrwbRPfmzb72n6VELvjuLOzVX1UbWRiUiG8vTMnTb23pf7PcB6h5uNj9BZOgK4GKGiXjo1E7t1c8qUilucd59S5egBYx1BDSnVkKh/3wgrop9rUAF4LkEk5NXOOAjeTZwfMujlQGF4h0+wpgKQ6fMtbFEW2ieXpi164Zu02GIBwFg0GQ+JKmUnMG0xzpesaV2VBLZkc9UKUVKCg1IgmCwoML4qe3ywg5JMC4X7aelGcPnweYNRREhZK7elhim3bQrn8KukrCL35W7intXRPJXLgKClUU1AXGQDrRYykszEmtjBjPaTDC9qA/Bhc3s1tMHgl5LDTLocaS/j8aPpt3+npDNEMA+la9P8BINIv75ebprpvQ7JXGq1WBqQaMASYLHVUG1zcmgMqbOR7kVoNAa4cFA5eFjDEpBiY0GVlxQZnfaol18faKQz9frTE7AKeB5dp8T68HrXGNCssMG39NMSl+BG9+iNBv1Epyn1zZwsZwUMGiqQ2exctHAEhPcy01gPtGMxKnN4lsLmVaLts2zmjePuhSH9c7DbObjkdK5BV9tdTzFs6oc0wyMpAKm+jEBW9IB5jRbR6Ik7qD+OIpfEy32mSx/Jok4imT1Gpbi8TKKq/LUc7huf8PW9DRND1n+4V1QKSlilVNj8lctGla8tWIQCypWXDtL9VR+crz66FIjiQye6xjFeIsUS0JGjOoDsyuPkiJkfFMjnRTUzlp7Xyv6KROlM7tvX0sepmZFYz68LkMrzP6KhtGP4CEM+2IYQPcOMn28N1qd7I/RTMkJBZo079af21/lfMxEnArZg8LXlpP83HkzuhL0Der5OhayNr9PAwhGjD2JSbKXBiZYlExG6+FT9AHzdRU0EPHVcadeylYa9+fSt/tRSbotIQvF03aL809/RacGn8daJmq/KC2vdd2wHCryRc9Ekjdv/UUyt8BbZx4nwYZaVhVa+X/il/orzCVTl44Sjjpz1GlyeewDXTLvezkS6vtOtdW52QyjWLgjkF4FR+SD4EGQyKckfre2sbsRSWpSJ8G0EnioSaHJuYltqSVCwR3TbXd57NcAgBw6EN4F07snMepzDb2xTccTsmDdKO3iJXn3MaE2HJqOPpSKwt5fzCNWQ7dJp1s2YILSoRylae6NHQRoZ9Fc+RsffF522rfg2kvYGMTHUjueMlL2jIpM99QAF8WzvMMQq5Vn3v+SgULDwFXooQIN2gREr5amAzj1ofZ3pFMLt9L6qAphSS86cYm/0D+8hpmGSqwWL0nynsa0jn1DShSwzfXZU6JN3nrxP/gElWjqDkkmXvh4vDr7RWO47nsyHe0R5jywgaBIcFKAS2f1A1/wDm0I3f9Lx7/XJVB/Gi4iu7xPconDDGtQUUsF5feYrcHOybSvT/96CcSLKfTdtW1/Azhd1Eb2Afim8fjYKpEJ4F8LnW1kXyUIkzYx3frpAhtVIJvZHhs85R13dEmcpaVU1xLXtyNRklQ7stMXP1v2e0mT3j8SVexnhCmsGU22JoC/xwhPGV498CWato34Lc2MECYBD/ynbXpXiJ2Q6PdFI5jRSrjD2NJnmGpOQbS4E2R4DSbaPpQSVKAi2Syt9LMIo2WU7G+fg+fwXFl9RXS9ZNaps6jMqzjbmKpjadAp1oK4evVeMmVGLCIR+1m3aYvbxuq4Cwmve/iwF5KBfBF9jGUMXVbl22RN/1cQoeloN+DzW/lXj/t4L0VgJ7/lyxSfjwgRLhP6pIYoQpUEsHCIiLunIvBwAApxMAAFBLAwQKAAkAAADcQJxIxdig3hYAAAAKAAAALQAcADk1OTA2MmRlY2MyNTgzYWY2OWYwZTViYjc4YjQxYTcwLmZpbGVuYW1lLnR4dFVUCQADoMQhV6DEIVd1eAsAAQQhAAAABCEAAAAmL0xmnwneIWm21i0MGFAc13HbGrT3UEsHCMXYoN4WAAAACgAAAFBLAQIeAxQACQAIANxAnEiIi7pyLwcAAKcTAAAgABgAAAAAAAEAAACkgQAAAAA5NTkwNjJkZWNjMjU4M2FmNjlmMGU1YmI3OGI0MWE3MFVUBQADoMQhV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAANxAnEjF2KDeFgAAAAoAAAAtABgAAAAAAAEAAACkgZkHAAA5NTkwNjJkZWNjMjU4M2FmNjlmMGU1YmI3OGI0MWE3MC5maWxlbmFtZS50eHRVVAUAA6DEIVd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAJggAAAAA' AND file:name = 'd96d49e.js' AND file:hashes.MD5 = '959062decc2583af69f0e5bb78b41a70' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c4a0-91c0-4fc1-aee0-4794950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:56.000Z",
"modified": "2016-04-28T08:06:56.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'd96d49e.js' AND file:hashes.SHA1 = '865183b3f35e564473873b5e145f92e6d10bfdd7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c4a1-c148-426f-aa6e-4ecd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:57.000Z",
"modified": "2016-04-28T08:06:57.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'd96d49e.js' AND file:hashes.SHA256 = '1282d049960a3f444885656935abf3ae4fb10fc46af3d6d883876a57340f74f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c4a2-9aa8-43bd-ae5d-4e08950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:58.000Z",
"modified": "2016-04-28T08:06:58.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAN1AnEgk/ErKgAcAAOESAAAgABwANDdkOTYxNTE4NzgwNjg4OTc1Yzg5MzUyZmM3YzI5OTBVVAkAA6LEIVeixCFXdXgLAAEEIQAAAAQhAAAAqc2crOfwpjIpYcEdfbV80s3X5iYI8rqLBX7QjpMrpgBQ1tgyPUGc2eFEEPvLOAcMsrEV0OVnkxXedlqrbIQRzjeSNtpmV0Xo07owmlQnSiXv+IPNu+1x49v2LBgmyJsSG7gfxZbZcFz+2rIAuhNqS6a1eIXXhJC5FTDaQVXDeYBBm+kKIwy+AeAGvUhQ9J2jKeuiGS3ZxjyDAfp/P9GTcFCYKzHMZsrs2wfO2uvs+NNu2hQonylCrig85YcNtLKJp5HSPN9skuMF9MnPR2mowIgqyQvXu72qRL48W++DQ2/nbF9JEtH+J4DHscXS32bAgDc5V7PZLCmluQAd8pw7Ekc/b3ceX1J1IfOoalB8xcKpXq8xc/mf0iSpVyNTTS74Y7QvRY6VNq1evCd4prcxgASw6O6xaNZLmBy2H0wlMG/P5EjHLfn6gy0bSbPv+exe6NJXTUy7Op2U5ZHkQG64kkxtoMppRXgOjrluXyXiOBafNHPgpalNwzo+cBWGaERvQ1waj4ADYypMmukQinbjP4IhGNHylFQTm+41Q+ebvmoExSY+hhE9azS+PiNSr9iRQtF4Sy6LlFQwoOYRP4DiQeOBxM/k9Ck554hRcIVe/M7gm7iVnGEL70GZ/mgdxqKdl5L0t6rrm1oIB5hizgGMTQAWi8VW1hVD8p6MKdbuQIL66PFlCvl9RTk8zZ6qmQKS/wItjxsmKuc2TmdI7Luk70VoFe5HJfP+t2cGSWWU0+t8YnbRERqa4rLb6T0fsCaFyejSVfoXWG+XRVJgDobQOqgAbIXWd7aZW7/Sr8YhH/4kGDn34w9+hIyKVJEEKcblb1pMcqc6GGaWDnK8jasDt0WP3NgGoI+6BweEOzd3S4ieku+KcTmcUewLFnK4f7Y3tnxzL6cW4XWqdElnQGgWvOwb5rpKKmoRVWq4kTL1o+TS6XIQZtABEcjcm+2slokFlta1ZY+zlUfMkPbjOHBXRwgFKq0RNyKXbgXHQbjE265HAI9ieGXNI8V46/a7DqLKgrycTXVfGGDZf/viZCF20t159fX3mYol5uvtVIKae1//hHCGC+c9hVhN4PhZg9sTbl9z965y+jdfFPiH4Ay5C1hjn0unBlNtKjtZVa3B5kePu+zVcXB1aStulnakj7zbYa3FFIe5joXa/kitQI7u6d2JB4TdRgYPIvkzYIGPXgbl0xOteLfcNHdbeYTrFSYAz7z11abIsXGWkETGoKUzmu0RPCBCK6o/oA/CGyd0alNWCtJ8dkwZbcai9nsLtIWuKE284tNxneTg2D0N+knZTkYvWg9R9/8qhCbAFe/zVcZWxHCkr7x38h52vmmPC7ViCiZdUwKs5lnmC10BFENNhovK2YaNxpKw8Kwxu4gRMuyU/Y6M7rmXmLsqMEfyJaSEyrhYEs6xWXDD7CPeI9bDr7beGf454MtGsaOJdAWspjeJC0GD1VVOBDVMNqeBMPRiaYqAVbeYW4fbQsvZugApi4vIhI8z9Rhor52mAYKndzVX/TPy8XUZbOPe4G6hf6oABk5n6lgo6YYjkg/jmlsSbm3ukDK6S0L83rHBokgNUE33TeK0sCZWdqbRZKZ1mIeB+3TOezCFI9+HvSUHghQa9VvXjVHteLxz0HGlru4QJRn9WmuQMh0rwbX4aCemwBS3nBktNuALCVSou6D+ChKVcMbRfKFH9Fike/C9PcgaplL65vNivF540+4VBhccL4g211cCTQ+kI2IOilLW4p90jVMxWjCM7TlcI0SmUqpOPI93CX1wlmXgkKoLuAufTWLqYTqz9+kQH7FYr7uK2TvkcmnEd5uUuMQrAmTMY9H+55bd6zmlDHENRaIqdIwcKPLIVEkgYlpKO+Pc25Wt+C/MlkB+VwXmxuJcvl9A2Sav8PerIm26gDMXF8L9hmOErbHC8JirSKtnp66WBKoKUrU8O5Z2x3AMtRazXwvwoWtWC9p+OoVQVWwuMFB1rDj0K4ERu2TIKz5jnJZVvpAJkpez7Azz6K/dtFDlrolcWFvyCDPSFnJVzAyZQnvPnaS3MQ4rHKbjTOoRbRTVTZGl0zOuuIopIuldm46C2XgmUicHcdYaHri7qZfomvtnpsmonWhLSArHJMQNfLLKoKDyuzHnC/6vdVu2N3Ot4Ewpw4XqdsJAKGe+fbHSISClP3ZttxgbPmD+o06wC6NnV1xAJFPgyDk4pMLlK2MtmDORPFv5hIRkNNac668ktEH1d/i6PTlZwPTeVr609W3AYGOdyOOdz5AU6SlZsLAXRTncSOweTSrv5VOGc0U5pqCbm6p4LakbYQnbiVdhxCs/2fcGgirJ4macY4/zTW4lAamumQQiCTgMOTkm+S2ucmOOUlexG6FKzapm7Wq02I4k4/BuKFXcWsGbJ5Eyqk22NnbuexUy73xFL+XP15KRNCze95d63MtnF9IpnptI3KLwPnocikk9sI8hGZ7FJ7TH8LEn5eEc83CYfyOCZv92aGhnB77EikNexcIvLovbxVYp0M8ffkuaXaEg2+6LmzBrWZSbW8U+7KRxoWAyzGr+JbK1GZ+41RuhUEsHCCT8SsqABwAA4RIAAFBLAwQKAAkAAADdQJxICSr6ahUAAAAJAAAALQAcADQ3ZDk2MTUxODc4MDY4ODk3NWM4OTM1MmZjN2MyOTkwLmZpbGVuYW1lLnR4dFVUCQADosQhV6LEIVd1eAsAAQQhAAAABCEAAAD+dU1sWLW5uWTwUQ4trsHd+5BvlGZQSwcICSr6ahUAAAAJAAAAUEsBAh4DFAAJAAgA3UCcSCT8SsqABwAA4RIAACAAGAAAAAAAAQAAAKSBAAAAADQ3ZDk2MTUxODc4MDY4ODk3NWM4OTM1MmZjN2MyOTkwVVQFAAOixCFXdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAA3UCcSAkq+moVAAAACQAAAC0AGAAAAAAAAQAAAKSB6gcAADQ3ZDk2MTUxODc4MDY4ODk3NWM4OTM1MmZjN2MyOTkwLmZpbGVuYW1lLnR4dFVUBQADosQhV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAB2CAAAAAA=' AND file:name = 'e190d3.js' AND file:hashes.MD5 = '47d961518780688975c89352fc7c2990' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c4a2-939c-49d6-af4b-44d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:58.000Z",
"modified": "2016-04-28T08:06:58.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'e190d3.js' AND file:hashes.SHA1 = '8c08d8616801814bcbddd3c7b6dbc5db5ed19696']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c4a3-38d0-4a69-bf1b-4502950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:06:59.000Z",
"modified": "2016-04-28T08:06:59.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'e190d3.js' AND file:hashes.SHA256 = '9e2c3c9d6228c7a57a2c54783a017fcc3ede7129c27b428c9214034b1393f496']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:06:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c4a4-f5bc-4a84-a659-424c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:07:00.000Z",
"modified": "2016-04-28T08:07:00.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOBAnEifafavdAcAAFATAAAgABwAYjhiYzI3ZTlmMTc1M2RlNjgzZDVlNTA1OWRlZDhmNDFVVAkAA6TEIVekxCFXdXgLAAEEIQAAAAQhAAAA84AYeWvazyR2j7jmtmSHttLe/YacLy1CAouIz0uryLDEYpO5LpxP/JM1FQRLRfsVTFvbmn9Rk07qDUCe5pqwDv3HXpmiI0bn9qDAZ2ci/3J/F72hI7zwjep1MruG4n1F02P82M8T+LYq32A0hyh8sjKHq+z5iBlZIrVcPcwbbdp1BTX+kvZkCGR3inaMbaSsLBF3T6gVaxE8UyI5xnF2o0RacTfJNEcqfe7urpvwZMMwbhP7+k+OYp1j1ikbuqioiq83f+19NHHC9aYoQE7QXkmrMzTuZA0EviGGLRg/GYUhJGVcGGP4uzoBIZKNbAAnCb1XCDhHK8cE/sNJAuDCIntqPDlxDOAeKlcPvSG+fu1WEr8dpmhextHv86fhWm/We8rfJM5gaRFPnac5blWUSbTqfdFyKcEC9frNQlaT/IBt3hBm2BR4ZOz5EijqcypwPEoInuOystNkAkUOahiqK2gcT6tRC+HpLAjSggkyt7w3HqWSsnMHc4cgpjD8CccbuCRM6y88bctv1z0tR5b4JDLdemN64JirAsRf4HaoC8Ej6huBaLgqz6nFdNYFxTjX9qhOra758Rc7uCMC+51tauh0iY+BJS0SsZIXsmpdf8O3TVjA2g4bZLnp2qcZ/stoJIkR9K+TiiOM7snTnKckPh4Y1d5Jz8Me+DCUQ8j6z6f6Z98fvB3IBbZFosQNEuOlbwkOw7t7pmi+s+pZBJ12X9Dp44VHRidtg8l/NXs0wjgN4YqoDAkzqN8EP5byplrsSkJoglYJXHtwuIirTK9k43P1P7nxUUQ3SFiUqipmr70HMqoZDnPvG9ap23Odi9OrR98n+wGMf1Nr7waLTM0ahjLhImfbXoOwfZUi8yUu40F4pbSYyZ3Q6YbUpA9k0F72nDaL2fHvEJtgKrAhuY/VniRK0C6gyusxRtDionvBIuACLjk8OhzvDtYKlD1HiOXE7ISedpYW5gIVOoxNKyfWFPdlBEoEZiMENuahCzNYyFGNDmyl4rcMTKYtqsYWNVZ2YTMAViqEcHEFDaA5UpulRX/iFlVKQ8n6TsICUOO6c/Hbdi1nYzvkAbQHTy5tqDzr/2WEQo0ec4VVEjNUfpKbUjo3Sb8Av7KqkeTK2xqgZuEcWwO788wtXVsxAz7jZ/uQ0VRVAI/HQWHK47iaIseSKHx6aeVUhbgUM/81N5QseXr223Ao0aWRP/9brqmcbNqr7uAu4RVMzk4LXj5hrnKZlBypLmpWKxLTHduQA0H/jqckWH4cCPdAL8sEAPWFtlJNmJfS6XCaBPqgTvGcrxMu53yF4Qy1NTrncX5pq6ZLS8XIuQ20l3rHbLKQu7fhvAPFQLXyHW0u91n+Z2522jRaC34wOSLrtJ/oECUX88BQzjYSSU13ZKZtTdg94AOg5JEsFCW+SwTQ25BEhLuGUfEuVQ0/Qheva8QrrXPzkyybbkC8Wwn07ufV6KkdhAu7xn8rCjTcdw7d9KCmmDD4wIX++fHrWyGEVDRXgcUd1XIXNcYBuN7VsxoGs5TOe6woZ+dprcFfhQobaOs7lttwJ7AmXELzs3fLL7YYbWZLAlHEQv1Qi5T3IHGhDnJwwbeP2pwAEzqfo4UmV9D4+hJc64hFrtbOIDpGGvJzVhyG0+K7aLLOizinaOLCPzI/G12HbiE1/bKLMhPO8zTcC3jbjaAHl76kS4qJyivXufqW2HcmG/xK39SYhN3QXtoXvbquGAGBekn5Rm7w0hB3XdwrppKvfSc0wV295IypVBLHSpBm4LzRNYRU2x9Nn9vp+htQ5M77BgCs3IER9MVYSDfZUpGfqzyq63bQWl9JLIRyl775Zah3u/QDIz1U3jJeeSWjwnFckKbsVfIUFsPrQAVZs26D7CRoQutxZ/P+cJA0BfjYYpf6Dnm4oaqVoQsjvgxxfxH6GA1FvbOdfzo4HEfmjCzvNF43Z5l6zqm52x91S91Lp4f0hXxLns8VYB3Kq9RxjHiw1XuLbrXLVyM3pRsEwm3TYuUJoeX+wC25eRV5MG3KPWNu0X+eaI2mxhTyGx+JONggRPB27oQSLLWBNRyzmo2JTB+tBAOcb3Bn8G35dRVzAXwSD8HOnItvKEjPMCK0mUTeKN9DEZKi2SWzS13efin0Xtn1P0dM84OLykDIJbrgt5JNRxWVZ1lNki/LBDDZlEUhgGNJCQyhHBBOuntjLFjJibKhFJfDJY3LXkdfeVmCs13cWOe5helh1+e+XBDLIZmCBHGBEcxN3BCJJFTc3BaHYdjl377F+bCY4I3Fdr5oaeGzyvP0oZSTpXED+qrfXsOyX5T+d3Owc7RMxZbDBO0TSRbXNFvqDRZZjWD0eU12Z1xhw9sh+TCpNBEALc4+bkPtFTAjnvDrG22Z3p7syy/WASUWSD8T8DYmxft9GnL5gikLcxbRqJ9KBOeVo+hu6lv86jaXDXDkNE1O53zUeFUzfjCcGb80YHg+7KO2F5AYgL3fl5z2DluN5Ir6o/ERAvtJJPP/CEMRrHT1+bNgj7xdeE3tTspin2kQai9f1PG44d29KsEVUEsHCJ9p9q90BwAAUBMAAFBLAwQKAAkAAADgQJxI0DqWKhQAAAAIAAAALQAcAGI4YmMyN2U5ZjE3NTNkZTY4M2Q1ZTUwNTlkZWQ4ZjQxLmZpbGVuYW1lLnR4dFVUCQADpMQhV6TEIVd1eAsAAQQhAAAABCEAAADz7G4kvbf4cd/g/o4zUrq9UzFQ8FBLBwjQOpYqFAAAAAgAAABQSwECHgMUAAkACADgQJxIn2n2r3QHAABQEwAAIAAYAAAAAAABAAAApIEAAAAAYjhiYzI3ZTlmMTc1M2RlNjgzZDVlNTA1OWRlZDhmNDFVVAUAA6TEIVd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADgQJxI0DqWKhQAAAAIAAAALQAYAAAAAAABAAAApIHeBwAAYjhiYzI3ZTlmMTc1M2RlNjgzZDVlNTA1OWRlZDhmNDEuZmlsZW5hbWUudHh0VVQFAAOkxCFXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGkIAAAAAA==' AND file:name = 'e9419.js' AND file:hashes.MD5 = 'b8bc27e9f1753de683d5e5059ded8f41' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:07:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c4a5-41f4-4601-8356-4663950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:07:01.000Z",
"modified": "2016-04-28T08:07:01.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'e9419.js' AND file:hashes.SHA1 = 'baf9be92f7024784a93b1cb2ef9e6ecb4f1914fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:07:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c4a5-4dec-41c4-b9a2-4c8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:07:01.000Z",
"modified": "2016-04-28T08:07:01.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'e9419.js' AND file:hashes.SHA256 = '83189575daa139b572892c1c27e11463c42cdaddb824b193a92c1cd555a2d2a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:07:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c4a6-c920-4653-bd1f-4da6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:07:02.000Z",
"modified": "2016-04-28T08:07:02.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOFAnEiuD2baegcAAGwUAAAgABwAMzNjNTU0NmFmNGE0ODBmMDlkOThjZjg5NTRhZGIzYjdVVAkAA6bEIVemxCFXdXgLAAEEIQAAAAQhAAAAqc2crOfwpjIpYf36L04eKsaYadXx07X2xciRoknIrgRKv7VOvuY3YW2tR7Q9raWQrk1Ww45LeJLuyB281p1mkLm217f6tiBSKNStX2YRvi0UFxi98kTV6QqtnhphHaJg3p74+bjplndwt+LOZgXQxpIUdoAr7IoADEhwiH+4zmaTaEO8y96W+Pr0E6VJKj4MViqiF1OUM2W26L+zMdLNRnEVZ/QN1Y3Vpec1obShOzkN8T0H+ijfbXrNVTL7fZNjGd+BTgujwglJ8nEsNg4xQdHgXmit1X5IOWqXkDqKeGWpTsWnzc1LaVvDh6DB+HsQaQgLK36ZLtDyQbAT3m/aVvFVY/Iq+Ms3/oGgRPdIa5v77mGF4Oy8KTCjXM2Q+MCxsvAFLEym/9XyIxQCylm/vdCoq87AY3YlZxXuh9b7idqeVTbJ7BT/QJo3vthWPxjcA8GIGY9NwLe++XaZfpymf2juKjb3vzCZDfFkAAsU3fMQ39bx3ak6ksRnvk4q4+1Jb9P8C1bWQgG3pi94nt1utztPc+szKvp6C7aZFqnjcraFbPyF+aENGwJOcL2+e0OqZeTRPKceMj9z5ZbqQ84BexWxtqgJI9K2823s3NT11qZeRRtpXrEeiF6EmptF9VNTaz1YtW0ObsJ7R3T88NAHbvLuE+AkW+em23fyf5Cv+1Axg+vVYJU/Aq0vqesFUJjRqo2FFnvIlpE3jncPnR6tfzdFQviaI+lni5Bc/ioFgrATv3Fhpa3iFLYN0ulNHBsoP/syfMurqq517ugQIjELYRlldtWgtc6uxcCMz++ESzz6OFVU5/NEdtThuFiJh8wiRjc2DZz8Acfa2b/aA029a3aQYKhHiEl6D5E1tuC6t9Wxtqru+FTJdRFMcixx+Rd1Gt/Ees/PIMu1laK5iHal4tESjIjfrdqZI/3chuQ56zhIj3D/bCpC6pL/6+iMfsgcZ11pQZD2Wzt+6duscFWkSuywIkyGI/slOJ1VmCamexl1Wb+Vy167EAFMbaRm1qMSfT0xyOQXLyZHegYxfH4nCpvP8F6UK0XHsNrbCcbgkz7DIiXm4nRX6IHTrRYjNsc4uLPtM6ezrnv9W5GmHTcW2gkRbDWx36z+ghSeEpEzuKdlk5NYiSxInuNso41Gue1r/V4z8Kf4HLRc7rQ6sQytps9vQ3/WR+X3CjRaFJYGGnj5uEhUE9LivPljhO2WX4HL+GNE6nrqDIkjusF6do4d8cC9MJGdTFHPoZTtDcH+0XKkOVsnT3Csui3W16qFfRvpYtt8g5JWthJBRdlR7/HaXnMhOOvgiz3UA6ESA2stL/D1ZLs+nOaGhpZ/m0Q5KHsm8MM9xX1IOtBvASqgc83n2OB0Du61l3a10MHa8zaAZ+DyIb7S2Av6UBySrg8jEqG7ftEPJYitWv82/gtog971UyZkNPIrVNP79VGiUajz6Sy29WGVELc0qtVn3Ii2n+aPGzlptLCWKsTvad8Wp2YYv3d0CR8hPAI0r4zHi9mFWrCKdTLLeURyAuBD9VNJKU47SACCHkj9WsQjV5JcypupqJeSdKSp+Er8D4QvbTPQdp/4hWMMPhLSoSzzZo3BpFREsTNXtJJ1agemyTK9dQAFiYqdkJCavnWHbgvd9pE8reCv83RIVNiv4X3dF5PyzRlBbU5lf7OqJjhmFqvbpxmvG7FnWBd2HKh4C59eI7yH4v9ZKW0Z99fRUeQzxTl+BR7yJ6UhJCTz2XnBQe19mUu3kJPShEXKz/C367MhMz6gA37EyThP2xSz2F/+T1JdtIcBrcrB1dxojhDPBSSp4yaok8YfsqzIW343b+0nopLK5IweAjFsfnPJMT1otOjGayYe36dbpM8jNbyRymxHuYQx+s4SNJQaJoUY4lAWxQAnMCaZElehHUp0d7uhJoCAiLrT1+J8GTkfrm3wNyPNpigMQb/xsdXmlwYqAuM5j6SHUViw+Thz9ybS7jSy5bc33cIbRHydQe+cr8JqYbLVjn44svsfD1DDkdiZ/R49VqPCZH3FpoLOOyE8+YwNQOIm92H1AX5K1+35zoIc2tApw4rs/OPx2010iuEkX0kAYuJPGFXUjyuNmrtNpISJJkxBJpvEwGUtI+8zLbxi/t3N7XOpw8ZTLWlj0CwTB6ommU1BG1XKroEp1SsI3GYT7CDRCYkGX96HmcRLUvpIgCXr3428Bxblh5QPuYmNZ/sgmFJyq/QF1VOdVDVQoa93nATmgCmjS8d3J75mBaJSPDjlXh58H/jM7us4CC/A3ZvztlTm4FZeG7/nzP1+w2+XQUCUj3TvYm+jS097rb7k18XeoHhag1wb1JY7Rdd0bqAndeaQDM4KS1BCJ0+vbuqSsL885DmmuAju2pSSlZfrYW8LIOifyfZewqN9ovvzjG16W3C+2BX/2JdJ2RH7L2i5YV42wa7gDXHDGlauVdF5pC0RIRVW1hOqfEr3SeweEQOVJJ5K752G5uAIV1OtSweRta8UBkyOhqVvXjGkWxTVjtiRUVcuZQyxWC83pWMojLmc7pYEloM03iySy3Apt7kjUEsHCK4PZtp6BwAAbBQAAFBLAwQKAAkAAADhQJxIJfKeexcAAAALAAAALQAcADMzYzU1NDZhZjRhNDgwZjA5ZDk4Y2Y4OTU0YWRiM2I3LmZpbGVuYW1lLnR4dFVUCQADpsQhV6bEIVd1eAsAAQQhAAAABCEAAAD+dU1sWLW5uWTwbZtqfBk/XOuQV2mEd1BLBwgl8p57FwAAAAsAAABQSwECHgMUAAkACADhQJxIrg9m2noHAABsFAAAIAAYAAAAAAABAAAApIEAAAAAMzNjNTU0NmFmNGE0ODBmMDlkOThjZjg5NTRhZGIzYjdVVAUAA6bEIVd1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADhQJxIJfKeexcAAAALAAAALQAYAAAAAAABAAAApIHkBwAAMzNjNTU0NmFmNGE0ODBmMDlkOThjZjg5NTRhZGIzYjcuZmlsZW5hbWUudHh0VVQFAAOmxCFXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAHIIAAAAAA==' AND file:name = 'fa85e6e0.js' AND file:hashes.MD5 = '33c5546af4a480f09d98cf8954adb3b7' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:07:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c4a7-ef98-43f5-a79e-49b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:07:03.000Z",
"modified": "2016-04-28T08:07:03.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'fa85e6e0.js' AND file:hashes.SHA1 = '5c9e392738e55e22814355ce3303525507788c4f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:07:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c4a8-1000-4899-bea9-46a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:07:04.000Z",
"modified": "2016-04-28T08:07:04.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'fa85e6e0.js' AND file:hashes.SHA256 = '08e031082b93d0bd1ea5e55fcb66748d3cc357d5b743a494bfed5f5a6c60cba1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:07:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c6c2-e590-4fc5-84b5-41fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:16:02.000Z",
"modified": "2016-04-28T08:16:02.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://51.254.240.60/userinfo.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c6c3-2624-4851-a69a-4e9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:16:03.000Z",
"modified": "2016-04-28T08:16:03.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.254.240.60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:16:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c6c3-5a84-495a-881e-4b33950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:16:03.000Z",
"modified": "2016-04-28T08:16:03.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://31.41.44.246/userinfo.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:16:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c6c4-203c-41fc-868f-4021950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:16:04.000Z",
"modified": "2016-04-28T08:16:04.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.41.44.246']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c6c4-58c4-4891-b119-4c0e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:16:04.000Z",
"modified": "2016-04-28T08:16:04.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://91.219.31.18/userinfo.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c6c5-54dc-475d-a4ec-4e2e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:16:05.000Z",
"modified": "2016-04-28T08:16:05.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.219.31.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:16:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c6c5-9d38-4180-8733-4548950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:16:05.000Z",
"modified": "2016-04-28T08:16:05.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://91.234.32.19/userinfo.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:16:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c6c5-4918-4468-a203-4139950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:16:05.000Z",
"modified": "2016-04-28T08:16:05.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.234.32.19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:16:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c6da-d7f0-4f0d-a735-410e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:16:26.000Z",
"modified": "2016-04-28T08:16:26.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://83.217.26.168/userinfo.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:16:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c6da-e608-4799-a3b3-42a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:16:26.000Z",
"modified": "2016-04-28T08:16:26.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.217.26.168']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:16:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c6f7-d6cc-4712-8e7f-4342950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:16:55.000Z",
"modified": "2016-04-28T08:16:55.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://htankds.info/userinfo.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:16:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5721c6f8-b268-4254-b174-443a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:16:56.000Z",
"modified": "2016-04-28T08:16:56.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'htankds.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-28T08:16:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74a-6184-42a0-b3d0-4cc102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:18.000Z",
"modified": "2016-04-28T08:18:18.000Z",
"first_observed": "2016-04-28T08:18:18Z",
"last_observed": "2016-04-28T08:18:18Z",
"number_observed": 1,
"object_refs": [
"url--5721c74a-6184-42a0-b3d0-4cc102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74a-6184-42a0-b3d0-4cc102de0b81",
"value": "https://www.virustotal.com/file/08e031082b93d0bd1ea5e55fcb66748d3cc357d5b743a494bfed5f5a6c60cba1/analysis/1461809275/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74b-29a8-4779-ac78-466702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:19.000Z",
"modified": "2016-04-28T08:18:19.000Z",
"first_observed": "2016-04-28T08:18:19Z",
"last_observed": "2016-04-28T08:18:19Z",
"number_observed": 1,
"object_refs": [
"url--5721c74b-29a8-4779-ac78-466702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74b-29a8-4779-ac78-466702de0b81",
"value": "https://www.virustotal.com/file/83189575daa139b572892c1c27e11463c42cdaddb824b193a92c1cd555a2d2a6/analysis/1461806423/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74b-f360-4eb0-a94a-4b3502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:19.000Z",
"modified": "2016-04-28T08:18:19.000Z",
"first_observed": "2016-04-28T08:18:19Z",
"last_observed": "2016-04-28T08:18:19Z",
"number_observed": 1,
"object_refs": [
"url--5721c74b-f360-4eb0-a94a-4b3502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74b-f360-4eb0-a94a-4b3502de0b81",
"value": "https://www.virustotal.com/file/9e2c3c9d6228c7a57a2c54783a017fcc3ede7129c27b428c9214034b1393f496/analysis/1461804423/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74b-f9a4-4ce4-9f00-488202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:19.000Z",
"modified": "2016-04-28T08:18:19.000Z",
"first_observed": "2016-04-28T08:18:19Z",
"last_observed": "2016-04-28T08:18:19Z",
"number_observed": 1,
"object_refs": [
"url--5721c74b-f9a4-4ce4-9f00-488202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74b-f9a4-4ce4-9f00-488202de0b81",
"value": "https://www.virustotal.com/file/1282d049960a3f444885656935abf3ae4fb10fc46af3d6d883876a57340f74f6/analysis/1461807215/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74c-3404-425e-a482-475d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:20.000Z",
"modified": "2016-04-28T08:18:20.000Z",
"first_observed": "2016-04-28T08:18:20Z",
"last_observed": "2016-04-28T08:18:20Z",
"number_observed": 1,
"object_refs": [
"url--5721c74c-3404-425e-a482-475d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74c-3404-425e-a482-475d02de0b81",
"value": "https://www.virustotal.com/file/1cc1e3d7b64a51e8b00de1580f36fea5061f30d38db3c08b987a5f5a3fec7b67/analysis/1461811136/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74c-0464-4674-88b8-4d2702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:20.000Z",
"modified": "2016-04-28T08:18:20.000Z",
"first_observed": "2016-04-28T08:18:20Z",
"last_observed": "2016-04-28T08:18:20Z",
"number_observed": 1,
"object_refs": [
"url--5721c74c-0464-4674-88b8-4d2702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74c-0464-4674-88b8-4d2702de0b81",
"value": "https://www.virustotal.com/file/d92f3fc284793769215f820b761eb08a1eab7f6e265e84953f034c77a758e0df/analysis/1461828823/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74c-1a44-4614-a824-42e202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:20.000Z",
"modified": "2016-04-28T08:18:20.000Z",
"first_observed": "2016-04-28T08:18:20Z",
"last_observed": "2016-04-28T08:18:20Z",
"number_observed": 1,
"object_refs": [
"url--5721c74c-1a44-4614-a824-42e202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74c-1a44-4614-a824-42e202de0b81",
"value": "https://www.virustotal.com/file/3697f5f6e0f31cea173a4450498a6b031d0c1fa934b384660a31b38ac4d8c5d1/analysis/1461794384/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74d-f290-4456-8206-4fdf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:21.000Z",
"modified": "2016-04-28T08:18:21.000Z",
"first_observed": "2016-04-28T08:18:21Z",
"last_observed": "2016-04-28T08:18:21Z",
"number_observed": 1,
"object_refs": [
"url--5721c74d-f290-4456-8206-4fdf02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74d-f290-4456-8206-4fdf02de0b81",
"value": "https://www.virustotal.com/file/f4afb034c48232a825b0e3997d6b25c281aa795af67b3c3b2cc9c371b2f888c4/analysis/1461808452/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74d-ca5c-4dd6-b1e1-43d902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:21.000Z",
"modified": "2016-04-28T08:18:21.000Z",
"first_observed": "2016-04-28T08:18:21Z",
"last_observed": "2016-04-28T08:18:21Z",
"number_observed": 1,
"object_refs": [
"url--5721c74d-ca5c-4dd6-b1e1-43d902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74d-ca5c-4dd6-b1e1-43d902de0b81",
"value": "https://www.virustotal.com/file/c275a4524577d6d0a0c8a96428619f643f0825409018eedf039d49a5cd4415bf/analysis/1461822620/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74d-f0cc-4690-ad44-49b302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:21.000Z",
"modified": "2016-04-28T08:18:21.000Z",
"first_observed": "2016-04-28T08:18:21Z",
"last_observed": "2016-04-28T08:18:21Z",
"number_observed": 1,
"object_refs": [
"url--5721c74d-f0cc-4690-ad44-49b302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74d-f0cc-4690-ad44-49b302de0b81",
"value": "https://www.virustotal.com/file/867215ae7b89296d24fbdfd5d76974dd3a099c83a972723858380f9ecf1c5df2/analysis/1461796326/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74d-2324-41f6-912b-434402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:21.000Z",
"modified": "2016-04-28T08:18:21.000Z",
"first_observed": "2016-04-28T08:18:21Z",
"last_observed": "2016-04-28T08:18:21Z",
"number_observed": 1,
"object_refs": [
"url--5721c74d-2324-41f6-912b-434402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74d-2324-41f6-912b-434402de0b81",
"value": "https://www.virustotal.com/file/fd761520c97979e47b7b269c78f1aeb6002bcb0c704928baf3c1c89317a5cfc3/analysis/1461828987/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74e-8db4-41c0-8ed4-439c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:22.000Z",
"modified": "2016-04-28T08:18:22.000Z",
"first_observed": "2016-04-28T08:18:22Z",
"last_observed": "2016-04-28T08:18:22Z",
"number_observed": 1,
"object_refs": [
"url--5721c74e-8db4-41c0-8ed4-439c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74e-8db4-41c0-8ed4-439c02de0b81",
"value": "https://www.virustotal.com/file/81e2f8181c7656f626ee6ba8e0ab49c0ad2a702e3164962624a38654ca3f484b/analysis/1461798417/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74e-7f24-43ec-a8e2-44b702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:22.000Z",
"modified": "2016-04-28T08:18:22.000Z",
"first_observed": "2016-04-28T08:18:22Z",
"last_observed": "2016-04-28T08:18:22Z",
"number_observed": 1,
"object_refs": [
"url--5721c74e-7f24-43ec-a8e2-44b702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74e-7f24-43ec-a8e2-44b702de0b81",
"value": "https://www.virustotal.com/file/42df4157339cad6fe41ce548447a713844a5177567cca09c461548b958e7643d/analysis/1461828780/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74e-dc34-477e-a591-456902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:22.000Z",
"modified": "2016-04-28T08:18:22.000Z",
"first_observed": "2016-04-28T08:18:22Z",
"last_observed": "2016-04-28T08:18:22Z",
"number_observed": 1,
"object_refs": [
"url--5721c74e-dc34-477e-a591-456902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74e-dc34-477e-a591-456902de0b81",
"value": "https://www.virustotal.com/file/1bfdded83d970dabb862c448c6e065343fb3374a365c6dac3aadf7dd4f58c074/analysis/1461828950/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74f-a7b4-403c-9757-48c302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:23.000Z",
"modified": "2016-04-28T08:18:23.000Z",
"first_observed": "2016-04-28T08:18:23Z",
"last_observed": "2016-04-28T08:18:23Z",
"number_observed": 1,
"object_refs": [
"url--5721c74f-a7b4-403c-9757-48c302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74f-a7b4-403c-9757-48c302de0b81",
"value": "https://www.virustotal.com/file/dfe8570a2a98a463f4bf0adec096d7715a4583eb5c4db48576b78920bb43e649/analysis/1461826084/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74f-329c-4809-8cb2-4e8602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:23.000Z",
"modified": "2016-04-28T08:18:23.000Z",
"first_observed": "2016-04-28T08:18:23Z",
"last_observed": "2016-04-28T08:18:23Z",
"number_observed": 1,
"object_refs": [
"url--5721c74f-329c-4809-8cb2-4e8602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74f-329c-4809-8cb2-4e8602de0b81",
"value": "https://www.virustotal.com/file/c3b5e6d554dcf4ff92f2f5dc083b0cbf0fd853fb991cc51bcd2ac0d91d77f890/analysis/1461816186/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c74f-87cc-4595-8c85-47d502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:23.000Z",
"modified": "2016-04-28T08:18:23.000Z",
"first_observed": "2016-04-28T08:18:23Z",
"last_observed": "2016-04-28T08:18:23Z",
"number_observed": 1,
"object_refs": [
"url--5721c74f-87cc-4595-8c85-47d502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c74f-87cc-4595-8c85-47d502de0b81",
"value": "https://www.virustotal.com/file/78a25e46ac72c545f402bf02c670ee2f085bef72f5af168582094869cac61625/analysis/1461822687/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c750-48ec-4a85-b73d-46e602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:24.000Z",
"modified": "2016-04-28T08:18:24.000Z",
"first_observed": "2016-04-28T08:18:24Z",
"last_observed": "2016-04-28T08:18:24Z",
"number_observed": 1,
"object_refs": [
"url--5721c750-48ec-4a85-b73d-46e602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c750-48ec-4a85-b73d-46e602de0b81",
"value": "https://www.virustotal.com/file/9960a33bc40f676f5473b43b6c1d95daf6249be9a9128de65c016ab25101bb26/analysis/1461790171/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c750-fca0-4523-816c-4d5002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:24.000Z",
"modified": "2016-04-28T08:18:24.000Z",
"first_observed": "2016-04-28T08:18:24Z",
"last_observed": "2016-04-28T08:18:24Z",
"number_observed": 1,
"object_refs": [
"url--5721c750-fca0-4523-816c-4d5002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c750-fca0-4523-816c-4d5002de0b81",
"value": "https://www.virustotal.com/file/fd7c35c55e0b26ebb42d019866991f583f5f853e67e7eac8c0117544b3b3a079/analysis/1461828821/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c750-94a0-4bd1-9ffc-41bf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:24.000Z",
"modified": "2016-04-28T08:18:24.000Z",
"first_observed": "2016-04-28T08:18:24Z",
"last_observed": "2016-04-28T08:18:24Z",
"number_observed": 1,
"object_refs": [
"url--5721c750-94a0-4bd1-9ffc-41bf02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c750-94a0-4bd1-9ffc-41bf02de0b81",
"value": "https://www.virustotal.com/file/f13060096bccb83d2c2c7034a430bc0541a431fbf0e0251ff2dd6196e2f559f8/analysis/1461822578/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c751-03c0-45c0-a412-48cc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:25.000Z",
"modified": "2016-04-28T08:18:25.000Z",
"first_observed": "2016-04-28T08:18:25Z",
"last_observed": "2016-04-28T08:18:25Z",
"number_observed": 1,
"object_refs": [
"url--5721c751-03c0-45c0-a412-48cc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c751-03c0-45c0-a412-48cc02de0b81",
"value": "https://www.virustotal.com/file/b10ca2394dd7ddb57f17362641e4187d91df2ba0e2c52cea703175161f28eabe/analysis/1461828626/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c751-856c-435b-8ebe-4df402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:25.000Z",
"modified": "2016-04-28T08:18:25.000Z",
"first_observed": "2016-04-28T08:18:25Z",
"last_observed": "2016-04-28T08:18:25Z",
"number_observed": 1,
"object_refs": [
"url--5721c751-856c-435b-8ebe-4df402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c751-856c-435b-8ebe-4df402de0b81",
"value": "https://www.virustotal.com/file/f3f61797db611b82fa803a3e4f943173e43dd27ec278f9420c4b1397e51a2227/analysis/1461812281/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c752-9bd4-47dc-b4a5-4e3c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:26.000Z",
"modified": "2016-04-28T08:18:26.000Z",
"first_observed": "2016-04-28T08:18:26Z",
"last_observed": "2016-04-28T08:18:26Z",
"number_observed": 1,
"object_refs": [
"url--5721c752-9bd4-47dc-b4a5-4e3c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c752-9bd4-47dc-b4a5-4e3c02de0b81",
"value": "https://www.virustotal.com/file/405b439e70d440400efca9535eba892ed1597ce9adb0d2eb665030c43ea1a64e/analysis/1461814764/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c752-7ee8-4ee4-954f-413302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:26.000Z",
"modified": "2016-04-28T08:18:26.000Z",
"first_observed": "2016-04-28T08:18:26Z",
"last_observed": "2016-04-28T08:18:26Z",
"number_observed": 1,
"object_refs": [
"url--5721c752-7ee8-4ee4-954f-413302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c752-7ee8-4ee4-954f-413302de0b81",
"value": "https://www.virustotal.com/file/89b9836c31aa36382e413568d85c39bc7ff7b8c06deea7723725ab0cef4bb25f/analysis/1461826167/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5721c752-e8a4-4156-8b06-4c1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-28T08:18:26.000Z",
"modified": "2016-04-28T08:18:26.000Z",
"first_observed": "2016-04-28T08:18:26Z",
"last_observed": "2016-04-28T08:18:26Z",
"number_observed": 1,
"object_refs": [
"url--5721c752-e8a4-4156-8b06-4c1402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5721c752-e8a4-4156-8b06-4c1402de0b81",
"value": "https://www.virustotal.com/file/5639ebb53ec8e33d90129b9063d76abf83d40c5f85eba843346c9dbd141a8150/analysis/1461790214/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink