adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5791cf23-9e10-4537-9f59-4c55950d210f.json

493 lines
393 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5791cf23-9e10-4537-9f59-4c55950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T08:32:18.000Z",
"modified": "2016-07-22T08:32:18.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5791cf23-9e10-4537-9f59-4c55950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T08:32:18.000Z",
"modified": "2016-07-22T08:32:18.000Z",
"name": "Malspam 2016-07-22 .js in .zip with embedded Locky (campaign: \"Financial statement\")",
"published": "2016-07-22T08:32:44Z",
"object_refs": [
"indicator--5791cf42-98ec-4e57-99f2-43b3950d210f",
"indicator--5791cf43-4cfc-462a-a57a-4871950d210f",
"indicator--5791cf43-4530-4d53-a127-4c5e950d210f",
"indicator--5791cf43-5d04-4de2-8ca5-4af2950d210f",
"indicator--5791cf43-0a70-4103-854b-47fd950d210f",
"indicator--5791cf43-9230-4702-9022-4470950d210f",
"indicator--5791cf44-78f4-44d4-8707-400f950d210f",
"indicator--5791cf44-6658-4fab-8d78-45e9950d210f",
"indicator--5791cf62-3890-455d-83ab-4e9e950d210f",
"indicator--5791cf63-7f40-4069-8399-4481950d210f",
"indicator--5791cf63-cde4-4e40-82b0-4285950d210f",
"indicator--5791cf63-47e4-4c88-b342-4dbb950d210f",
"indicator--5791cf64-3810-4226-9d3c-47ce950d210f",
"indicator--5791cf64-9e58-42ae-a682-400a950d210f",
"observed-data--5791cfe4-9f98-43ae-9d03-4c57950d210f",
"email-message--5791cfe4-9f98-43ae-9d03-4c57950d210f",
"x-misp-attribute--5791d005-c7c4-48f7-978e-46ad950d210f",
"observed-data--5791da12-5790-4c61-b354-4e3902de0b81",
"url--5791da12-5790-4c61-b354-4e3902de0b81",
"observed-data--5791da12-4178-44fd-8634-412802de0b81",
"url--5791da12-4178-44fd-8634-412802de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\"",
"malware_classification:malware-category=\"Ransomware\"",
"estimative-language:likelihood-probability=\"almost-certain\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5791cf42-98ec-4e57-99f2-43b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:46:10.000Z",
"modified": "2016-07-22T07:46:10.000Z",
"description": "Locky C&C",
"pattern": "[url:value = 'http://176.111.63.51/upload/_dispatch.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-22T07:46:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5791cf43-4cfc-462a-a57a-4871950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:46:11.000Z",
"modified": "2016-07-22T07:46:11.000Z",
"description": "Locky C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.111.63.51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-22T07:46:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5791cf43-4530-4d53-a127-4c5e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:46:11.000Z",
"modified": "2016-07-22T07:46:11.000Z",
"description": "Locky C&C",
"pattern": "[url:value = 'http://185.117.153.176/upload/_dispatch.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-22T07:46:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5791cf43-5d04-4de2-8ca5-4af2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:46:11.000Z",
"modified": "2016-07-22T07:46:11.000Z",
"description": "Locky C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.117.153.176']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-22T07:46:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5791cf43-0a70-4103-854b-47fd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:46:11.000Z",
"modified": "2016-07-22T07:46:11.000Z",
"description": "Locky C&C",
"pattern": "[url:value = 'http://77.222.54.202/upload/_dispatch.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-22T07:46:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5791cf43-9230-4702-9022-4470950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:46:11.000Z",
"modified": "2016-07-22T07:46:11.000Z",
"description": "Locky C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.222.54.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-22T07:46:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5791cf44-78f4-44d4-8707-400f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:46:12.000Z",
"modified": "2016-07-22T07:46:12.000Z",
"description": "Locky C&C",
"pattern": "[url:value = 'http://194.1.236.126/upload/_dispatch.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-22T07:46:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5791cf44-6658-4fab-8d78-45e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:46:12.000Z",
"modified": "2016-07-22T07:46:12.000Z",
"description": "Locky C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.1.236.126']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-22T07:46:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5791cf62-3890-455d-83ab-4e9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:46:42.000Z",
"modified": "2016-07-22T07:46:42.000Z",
"description": ".js with embedded Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANU99kirBqNzrywCAM3EAwAgABwAZTgwMmE3MjVkZDUzMzg2ZGMyNWYyN2FkN2Y4MzFkMDFVVAkAA2LPkVdiz5FXdXgLAAEEIQAAAAQhAAAAza3cARkkK2iBuTg9JHLz+hGsjyX0detz9ThREWzMkgPKz87Gspsg6Wk4eBq3b4uQ7ruGqzOhPUOFwzGEWDlHFt6IHbbYaM6Lj4p6C6WcYXE3jY7cKOP6XLxKOD/YcnDhRk/Otp9Tq10ij5TrE1c8c1pPY+ln2xixGd1G89kSLVz+NjMqsIZ4cghhu1jE9wWhZZGKu6/Jr9KFokXfqBXHrTeZuwfcof7JCltwQeGufQEmP2dMxKmG5tQLfzwGvCbi1nhN4jOHyKrOsa1iZNh5LvX4oMwJ5KfCLX3IJbWVMOe/SDupUjF2/zIeBA3v9u4+gz5nhWZXrOhuWeEOxrVNpAQHTGzSxm5MurP5wVE5//QR+TaRJc91zqihTnAKtQYJkoAKJMRXGodfm6oSGrGEW4hsomJioQJa6WQrCyjwDIm7k+4iXZidqXIwzyS/vhWExtjPyn2qbzennGQ3f/pPCfUZMKfWg20oS0EZaFJzkeL7Td9eF34H6egCfLDAHnGj6gT6wzGIQondBw8jATaQd+pbiHc47nJH6s1r9cBDPa30/pxHhU0x7YypvWbZ8yCbhjDjb4jyyXvxoppGSVqQHQ9oplFPFGIS9TxIjusVul1oaDeh33dYVi9i3AErZuHclj79g6CHuN4NOdxxCQF25hxBfvQQ/EbUXkJNQcbRkyzfngBx/6WolN8hWzxKSr0Z8Uyl65inEGjjcXFfjeGJr+G34VVTbmvMGGrGW9DdJw4Zh6UjdmGki0kL3IZf2ssMCydgIIdyUj2QEE3+JByXkCU1oreAeFQYTy5eZ8xT01gJgsAOVo5fBgodXlCZzFUswLAJ34SHfNE5Q/W37rd4V54CTyDbhiQDNlV4A99YT+F9HO5jIPnlr1s4hKyfU3VmrWiENotVHPqoN/PjCuCDk0wyxQpnHGgyn6L67/JFSkGs6Imnwlf7ENvRdTGOKgxeJ8T2SuEuLpKvnUIcCMo26UgjZ0ol88HWE8rkExKk2/moPGQJnxA6r9Zz+lhDAbSzJRLBZd7EZMqq4ndiaEW4TZgqNKPLAPuLisEgFOjXPOM/SjplXf5ycLWJtAVSKhzIbOKlOllbmNN9u/Yz0jh6dNpe2wT2RW4NdxKzLCUez5SujTAMcPsz1NUDy6ony6VUyfQIi+562JLaj2QjNfHR7UHZd/ydZCGna4zMsKDw2peqzcjSecqb76b3fL64XhjtlYyCvHAS1ZkkgsPkchqxBDdtL2glGeVJ3mfpMM5iYwHeQeu7E1b30DP7/lhnzN9VW6HPH+XmkAMyzhssagC9rXMX9C6QxD2b4QV3B+8m5Pv4vRLIUjwfi0bwFdHjcNo8VERLNJMwi1XakTSEMbCz3w48Rrc0c7CTq4YR3h25xj10h+BiO307fvAWXmFHdm+tn4hKBHp5/7MB9svfKSVwFbqcVvXUt1xrXJYGd90RrGxfPgW1YX14kz8C2LQlfPIbywUs1kCLNGqKbQqlTmbDc/mJj8fMxO9GB2sJTGPf/J5wXXt1zbY4n+IOinXB0gONh4tS/mj3Kp2Kz2wKM+eDN5P+bCKMEqfkcmq1JzEkZxDjgDmsOHCdvrhYnJBw/maTKIZmSwdnKC7q+QBK+wgiH9wmPOEZPQ+pc3PN2Z19od3FZzwRHGLm7E/tX7bHf61Xa2X2nGZFV5CGue2iGJ/qrh/8qgHeVbIL85nG0E5b+rDec3/gNi7vg0hbLox4Lcv48pdtJ/MlMC5vnaPA4yl4O3PrtpiUdkDHZ96+jiGpkKCbRE6471ahJGfTwdR+Fo0Y/ukS+hOmgcTYYGZhYUy+3PU130EDLFg7BjS88nrqEst88cyAkEph3BJpKYu9eSJ39bJY3ISQnlBW+axD86LZCKypkzhEmO0EJE8geOQip1TBpZgTatdYfI4OuHIyLQDAbuFa6+SkejdVbM9UNLW5lKMoH6rorrCZo7fTLmCV5cO6VQJ5q9Ey60NjPyCNnQYqdfLRNQnTm+1Vhv0VRYg3U8o1fxuH//+7mtW774tCg6Oe3coQMbvPmGhRCxPNg1IOi+T5UaYxUgr4yJ+bGmCRiOiI97WTpqfABp+vIMsPp3MqrpzUiwW2HrYcsOW9Gwo9GERZk7uo2ZoNghVNY5VdiUnvOGJ+u1u1UmJADrs4uIHZsYR8xzhI6WfffASaK6aFSVhHqs5n6iqxhMixNxNPyfb7KUdTnDWh9ojoZbQb8olUcrHCQYCRbG1c3BTxx/WUrPQg45xBegAOML7m9HjoIoinCxGwH7/Cm85qV5gw8vakCaKd2LLF/OUdMsK2xv9KLQaYMILOtNj44nqsRKcsvNPG/qc5gSxXOYzpmT9DaKcqSqsm6JU/NW/P4qSUe6ghjxFULZNrBuXJ+aKxI8RQmJoxOFZDcWxRy43LB5VGC65UxESXmTjGDWqlUQE5xrbbAGeg1Kn0Crq3V/fpJlz6DXl7bvWTCp0l8WwD8RWxtsb6DY+Muhf0oaMppmWPWr+CFH2w/0s9GwTbemy6YBkTF6czpoIVhLzn9CmMHy/DEg7SzuofzkOayxNiYQ3Cp2rTW4G5bm6mbTlhSd7iqWG2LrAItebDmVbBKOfPUw6AcgihbuiNXVfprGeRFQCxX7/peIq6Yyg7BgwkesjmaFyN3aIJZJHY2XZwdz9e9J6VOIl8RDq7kT+IRiCZAuGEX/8tESUxiS8TelEaJDpmqdj0Q8W7AIFsnI2ozXRBhUxwqZS4ute7hCNRnrG9kYZvlW1zUMTWT84AaHBHi1NHwjkVOgsMLn33Tvnf7hmAAchh+I/IJwyol/iO7hID5C2BGf/ujmMH6WjnzIInmvHuqSQl6jf83T+9SpDPb1UlMO4MvrqGxSSVN7kotdI03HpxIHO5SSwijQ4J7RY8NX2uiKI3Y1Hm42pNOcLq6DFmwa6IF1Dj3a6Kbpz0EkBt3idKZFkrBNm25bVwl9ZXX3MQ312tqwelOHTeX2ABBpAznjoy1z9Emt0FGdejFKTQkry7FcCW0mj5I7nSC8ywbZsJV0QFOboT3jL67OON1NZr6QziUw7SGGxSIUF3EcG4iY1YMbh7ipoYCatbVXydU19cX+GF2JAOKx4A/eStu/nate3oK1/GRBGqLoyXl43dIxMOB7hSKh4k8v4LVXkmvKgRA2snXYcxfE//7o479K9nK5aCcdPaSqAesHqQGhMnhnqRm4cDoE3EsZYsUVi6+Ipmjv8rG2qjD7vJDXhMZq6qpgbo/JqutmRWHBxrv8636zM4145BDksvMWgGrC7i1F3eAEMOW8EXJrRRIYuICDeJyyoGVR7mPDGq/U0JUD021twDYeLXYX/j/4/dtgpO+PF4dh7yELrXaH52WIREPyhLR4wAjmcAhhCyt3VyAJ0JdQF4YxoZ2EBmkjcF/qIZb5xpEpEEbz59uvaF4lgzBe7y4522rGUV7Yh+Cq/4ch/2JaklhjvJMmLMb+y2BEd8ykyPbSgizQJK3nEhpgbQHoBUgbSoGkIH8Ogl+Vv/LPAOqQSk7vD2VN+P8P1wRyS6zfJLlCkcN+9lWbrRVRuNMf9HMauBVctGMbTaTPNlnY1k6rMG4cS6YcTJa4D3daIG9PE/Ki8MW43d++80Qtt3PR6gf0EOiEP01zrnV70Lp9du9RdenuD9AJiSafd6Y/YIjZtGSn4aOs2L5KT4qTJWLBAR7wSigChBL4LZDuy+Gjbm3kTNmeiHYKpMnU0zyz0zd012kfBV5RhzHXgEMai5ReZvfJAsFiUWlBEKSXkkl9ZKVo91gGMAtPRkYMDe/b3qD9GTrtEEdPi/OGfj1ujw7MlBckbUqJmbTWkCy+M6iFoEiA+Q96vqhN8Rg39nPC/9oDZl+6cQtfK2pu54KTSlMK/Bu680HtNitTdNP2nNsfU2+ueg0s5FywOJLhsKnBzXyg
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-22T07:46:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5791cf63-7f40-4069-8399-4481950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:46:43.000Z",
"modified": "2016-07-22T07:46:43.000Z",
"description": ".js with embedded Locky",
"pattern": "[file:name = 'INV000 9fd.js' AND file:hashes.SHA1 = '743083a798ba1661826d206ef452a20c13ee9513']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-22T07:46:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5791cf63-cde4-4e40-82b0-4285950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:46:43.000Z",
"modified": "2016-07-22T07:46:43.000Z",
"description": ".js with embedded Locky",
"pattern": "[file:name = 'INV000 9fd.js' AND file:hashes.SHA256 = '00f3d67cb462fb0091f25a94ff974348ed51a1823fada1e68242d1d1419ee6ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-22T07:46:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5791cf63-47e4-4c88-b342-4dbb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:46:43.000Z",
"modified": "2016-07-22T07:46:43.000Z",
"description": ".js with embedded Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANY99ki6VCEw0ywCAMXEAwAgABwAYjM5YmU1NTZiYTk4ZWQ5NTVkOTg3ZjgxYTJkNTY4NzJVVAkAA2PPkVdjz5FXdXgLAAEEIQAAAAQhAAAA0FP6DD9CWlgDyyY/H4aEyZ3Vy8+HRMn+6bEAzPkc9+atkR2C2cDpHzPRWzVQ24cIXhaBWL3AOlKnIsSyWdvCPvZC3tPNyQH0g84R7V5XPGT4h59FOeAasG6a7mcfnKIGy+s7etqhe0rbkYVrcLhQkMXc/1S7Buc0E2dwacNs52eLhUyTCNc5fcfU82QutPsfvcynlReyoJkPFodH4GtNlcWEcpc+Ab+0aa0UaKS5w0/RNqPpiOZlTSnMiWaXHnLj7x7x0cruRF14J+qndrrgm7mPjBG5aLRGg/8XE8jL+S2w7aZ+w4Tzz9iwNID65Y6DSsXPHstCyFEHVlFzEXobpwivqHKrCXJ9FKcwkOiL2BphFcT5bRR7Pr1emC9ba0VlCPoHbzYgY9wD8noNwO7eEF9q447rPGgBNI6Iej0x6h2c4FzAusyYh2R+U86OL2rNtNt+kQCE2ZlDRnc8HIMivp+3DCPQdk8+SAhSaS2M+Z8eZnfn5Fyj4Ry7FX9WOjOX0kgCETUKewbLsMR2J53L2Nd/US98EbDeyDaMsCUUR/NtO/0YEtqktJn97ET4YgkF4wK6oLHeuWzSghCMjfoVWyHl52tJ1YctjCtzbIl3dCwge4crMxInODcx/mvpt3vY1oCw5fymFOzYJ1Uo7JUakSu7OkIFugmUDciASu7QY7Fic9W3VYh4BuV3RYGCryadYEucOiNcFN014GjB+DfSTaN5EX+sp9u4nGT8UnE0LDAa5R2m3nsNKaj8fbx/akbBFlIyL64+86Iggcw3YxSrQo4Oi0rb7c+F8Cd/3R1K9CAhFcWY7fqEn5/0MJ7vA+LMVB7W1YndMfO/wsUqV1+c5sQ1UsvfmW65zcd174RpccE4AumTOYYUxH/yyhscBHnFWVd9MNIPe+Dv9NaxjMiUTRQPyTF3S0y4IYdYlO6UrHrZHknhputKN3f46sml2Gmsq2e770THvXJEyEUSmVAfLmo75ZM5oPfiSUaXzxLzH8w++jyCrWVSfKLAoceVHixkvoz5E/WDL67Gsbs2L/y0ecq99m8Vw1xD9NbGBUCNn26j/qb9Th6i1ANPz0SMGkp+3L+gnrcL6tH72YRzoJyjrmvpKaelffi92fxe4DAJu2XDQHbPetQsosdsU85vfkER4njd5G4KxT3l05SDRIqCPYAXjRiqAtAd0sq2yONVrWgRPmOryCdS1wmjVIX8FWFJYFCtcPYDtAU6wRxwdjvPfKmdl6/xB/z+SYmNxroYSl8gIJGUvrIYDyx6A2kRQCk/Sb2+SZyTNFdZb1WjYV81rJeas8S6Ig78oZwqyYljWaT1ENvlMu/dpI6zGpjAC16a2OVHvaJd6DzldeYp6GGcZipWGNK/rOX+uDpjC27G0r7tWWVz94uwVh/2bTwY3rrsdP2SgIf1LaWEoP8yBrKi8haqsCEdRN9RqDomrNCH+VhCK1Zl3yuScIegjK5+YF+Y8S0QmfiTH5UpT6pqyUz+ZoylUglRRGfs6dpYJ7VIVwPea3mUMKsIDq9m4eQ0VRNfhD2WM/YtHaKu9CJ/ujJoROv0RMIq7avVIP8FD+RkvGbC7yweJ8xAMLASu2HJTKniU2g0TIJ+mY1fZz24YBvh/Qxc4pJFlfSFrgtg3TFs52DbBjXTqv4V1FHj8NNaSeERz6smXVJ3C/O7n3kkmVQAidKo4z+3kcKX0ms+EghF1/HdtiTd2E9Z8jVsd3z5U0+SozGgXXOaac1v6Mgmjch/1K/4qaazgZV+PVTrRoHRWHRYxkK2QxGx4gFdW7R4sAP/44hpDQbdlnErGLOnpMQZdfTQJHL0rMIoKhvizbTUnakewwmZhhWoYmYuncOICVT0sLBNudYvyhB2bfTtTJg+c7XgnkjnZngiKWAyIOzbWi+802Bund0SAqmDM2MPNT+dqmi3SXG6oizk+hwuwYrhmZgYRXbXlXKRX096H5hrBmrMMtY65RKsbPksd2zI/KRxjQQXKXdkPUPnx3VYQCUXlVNTm/tScot5ajE+UGY+AAm2K4iifMdUxDrIaqlO27beFuFu0EiaSL0Kg+FU5DoTtisFI1PJzyhDFSUS1FBKMsgfY5Fv7CN6oq0ceyvMtFSs6pGQIjOJwGRp6GiCJt0JZPJhziWR7Msnzlzj6+0DQrfVrEvXWQnK3hrSp6JYyCzE1YY6eC4WjmIeh2fN6TE4jJNmarQKGZZnr1Yxwv8ahRlSeTGDW3eSJZHageECcQ5Siv447jZq2N4vJY8FWlW4KrQPbeJ2AgEv2QI9Yf7GYnkZyBk8Z9N3rZ28uCYwuaJj3gcuP62opvJpdCDrM9IJRyN5ct5ybQT3Qdg5ecydUBuL6zeuLnaqroL309L/P8rqGtA1DrozTpuNC2MYRvzqw4pqaRFzZYuGvow9GwD2++D9L5jlB15rIyeiuLr8GNbwA3dZp11pmMal8GD5ZsH0VPFBZXoQ9Q31VeNfysnUE9YckJJw3xhMaI+ePeI9PIzEC34TTrN4cB3GeMRCfxBjB2ZHZPsaLGthenXTw1aiXrKBT8yOnrZRQWSLWLqPbJ+OXiR90aIu6J9oPbxewJMgjXgRvVId3dC8rWinGH8LY2DfbkO60gfSKzdmyvh37RBV0XIMGE9V8mNtLmVZKPVNsZnhTIzLqwzAsy0dfqZULYnDl/1TYbMzYtpNiRgxQMSw2xyIFgfwYuDjmLuzYrI0Mwv0lqighDypyHHzChYRHuyPFoQFenJ2WPih779O5xYrzDBkb2hQb8Ius2uVhrhAbVkG1hSeqWsR5DLHXl1vRD43iLJlUc40Lj+lhEGn5nzc+tmPLO4T94rXREF4gLVgw5H+ReArmR9ASmXk+J46lOc8FCVjv/9PJaMw0F9V4vvSAQBWYCHA9LD63rasxIPjWRaxDZTd3bTfpjPCOpdwRSLCSv/XAlZ8Ev5BaUOh6DcuvsnmK7oFJ291cLKNabkZBLzizS1ibkcKf4V5tgDY3zrTDDt+yjWjqy74ZJm72KfcFfCYs7YwQVOVG9KkQ95A/IOARyvT1SoXUnZSN+7chp9f4QRNt2q2Wayyk7lGT3BYgBx3rEdGWJe+7nJfgNqTPrFs75OelEixFQ2Kbl865h6kIj6X0GqeW5M/KarJjSxlMh76tCwSwIflXTIFQXil3ypCFYWq1MYPmiu28NTSADnMx97etJv9DqkYvmMrIV2TtQKU7ir6X9suDgphzf8GxGnrYancjotqtHcP1QXZhZWcUNL0Bm1nqZ2aBGh3ibexjuy19gxA8FeBiOIT0cPkSPm9Eo65rQ+px7D6PAgxOcmk5d8hFBbze7fC2PNSgjjU0zXAJQrtC+5kjhAK6u9TefCkbtbKiOOjAc8kqdXbmqdQXPdvLFt/XKYovrB710O48sAQhFKgE0UfxWvxGphQSfYnhcAQEcjl0/fik9mpRFGs2rHTApSzSM9+buRnDGDyEE8i6iW1UJNj/fBcy+bFINzr4frnUey226x9zv+jpA3RCJeyqv7WosBf1Q0B1yxnvSJoaD0eBKZR5eg3LAWjVZJpNsgvRgvqE8n9lEXm/QSZxbuEsY99HXy9KgfacTz0Rxzt9A4FxljM3V4/L4xf1FV5hKe8V7pq83LYfmwzDX07RagPlp3c/D9zJp3EsQNy/uK/sfQrIC5Gv4KBIGsuzzPoWSy4jEm0SXosgIhu0nIIR1W2J2UQquXxdCXs4laQqpCumE73Af5F6Y7qnmGRlSn4n7VKyKvZrmmZc7uu1MgcED1Bo75y7hQNy8ChBEbmVJapeMf5wnOc5+aPVf221pXil5AsxXtkr0mB+4gw8a+ytWi633vGEMhIqJz63fEuw0Dmwom9gYl4yYWOOvWkWQSXRbMwbaWPlYbawo0LIYW8lGZJ8ysfdmiYFvC/DPBVC4EsIJ1GB0BWkf
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-22T07:46:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5791cf64-3810-4226-9d3c-47ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:46:44.000Z",
"modified": "2016-07-22T07:46:44.000Z",
"description": ".js with embedded Locky",
"pattern": "[file:name = 'INV000 3648.js' AND file:hashes.SHA1 = '712b31c10ccb843fae4cce1df0d151698345df3d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-22T07:46:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5791cf64-9e58-42ae-a682-400a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:46:44.000Z",
"modified": "2016-07-22T07:46:44.000Z",
"description": ".js with embedded Locky",
"pattern": "[file:name = 'INV000 3648.js' AND file:hashes.SHA256 = '838ad87b5c2af12b7f6eca84dc1f31907649ffcac0f51ade3036a262073ae08f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-22T07:46:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5791cfe4-9f98-43ae-9d03-4c57950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:48:52.000Z",
"modified": "2016-07-22T07:48:52.000Z",
"first_observed": "2016-07-22T07:48:52Z",
"last_observed": "2016-07-22T07:48:52Z",
"number_observed": 1,
"object_refs": [
"email-message--5791cfe4-9f98-43ae-9d03-4c57950d210f"
],
"labels": [
"misp:type=\"email-subject\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5791cfe4-9f98-43ae-9d03-4c57950d210f",
"is_multipart": false,
"subject": "Financial statement"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5791d005-c7c4-48f7-978e-46ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T07:49:25.000Z",
"modified": "2016-07-22T07:49:25.000Z",
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Payload delivery\""
],
"x_misp_category": "Payload delivery",
"x_misp_type": "user-agent",
"x_misp_value": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Trident/7.0; .NET4.0E; .NET4.0C)"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5791da12-5790-4c61-b354-4e3902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T08:32:18.000Z",
"modified": "2016-07-22T08:32:18.000Z",
"first_observed": "2016-07-22T08:32:18Z",
"last_observed": "2016-07-22T08:32:18Z",
"number_observed": 1,
"object_refs": [
"url--5791da12-5790-4c61-b354-4e3902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5791da12-5790-4c61-b354-4e3902de0b81",
"value": "https://www.virustotal.com/file/00f3d67cb462fb0091f25a94ff974348ed51a1823fada1e68242d1d1419ee6ef/analysis/1469130716/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5791da12-4178-44fd-8634-412802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-22T08:32:18.000Z",
"modified": "2016-07-22T08:32:18.000Z",
"first_observed": "2016-07-22T08:32:18Z",
"last_observed": "2016-07-22T08:32:18Z",
"number_observed": 1,
"object_refs": [
"url--5791da12-4178-44fd-8634-412802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5791da12-4178-44fd-8634-412802de0b81",
"value": "https://www.virustotal.com/file/838ad87b5c2af12b7f6eca84dc1f31907649ffcac0f51ade3036a262073ae08f/analysis/1469147126/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink