adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5adeed17-3124-41c1-91b9-4a97950d210f.json

2837 lines
355 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5adeed17-3124-41c1-91b9-4a97950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T17:37:19.000Z",
"modified": "2018-05-03T17:37:19.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5adeed17-3124-41c1-91b9-4a97950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T17:37:19.000Z",
"modified": "2018-05-03T17:37:19.000Z",
"name": "OSINT - New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia",
"published": "2018-05-03T17:37:39Z",
"object_refs": [
"observed-data--5adef6b2-0c40-42f2-b09a-4f47950d210f",
"url--5adef6b2-0c40-42f2-b09a-4f47950d210f",
"x-misp-attribute--5adef6f8-b494-41ab-8387-4af4950d210f",
"observed-data--5adf24e9-4768-4334-bbef-44fc950d210f",
"file--5adf24e9-4768-4334-bbef-44fc950d210f",
"artifact--5adf24e9-4768-4334-bbef-44fc950d210f",
"observed-data--5adf2515-d258-4589-a5c5-1b99950d210f",
"file--5adf2515-d258-4589-a5c5-1b99950d210f",
"artifact--5adf2515-d258-4589-a5c5-1b99950d210f",
"observed-data--5adf25d7-a76c-4b3f-8624-4f17950d210f",
"file--5adf25d7-a76c-4b3f-8624-4f17950d210f",
"artifact--5adf25d7-a76c-4b3f-8624-4f17950d210f",
"indicator--5adf267b-04bc-42bd-8ac0-466d950d210f",
"observed-data--5ae03296-6130-4be2-9966-43eb950d210f",
"file--5ae03296-6130-4be2-9966-43eb950d210f",
"artifact--5ae03296-6130-4be2-9966-43eb950d210f",
"indicator--5ae98af5-3404-4d83-9ee8-4364950d210f",
"indicator--5ae98af6-95bc-4353-b9ff-438b950d210f",
"indicator--5ae98af7-2790-4cae-86a1-4904950d210f",
"indicator--5ae98af7-0880-4da7-9150-4772950d210f",
"indicator--5ae98af8-81f0-48d9-9e4e-4f1f950d210f",
"indicator--5ae98af8-611c-4d06-88c3-4c1e950d210f",
"indicator--5ae98af9-6c78-41f3-89ae-4e7e950d210f",
"indicator--5ae98af9-e05c-492c-8038-42a2950d210f",
"indicator--5ae98afa-0e4c-4b25-a753-4827950d210f",
"indicator--5ae98afa-ce94-4831-bab9-4174950d210f",
"indicator--5ae98afa-ec3c-4db6-9cc9-408e950d210f",
"indicator--5ae98afb-1af0-4200-894e-4285950d210f",
"indicator--5ae98afb-fcf4-447f-a52a-4b26950d210f",
"indicator--5ae98afc-a388-4113-b9ff-49b3950d210f",
"indicator--5ae98afc-70a4-4c42-9700-4457950d210f",
"indicator--5ae98afd-cf80-4192-a5f5-4505950d210f",
"indicator--5ae98afd-f244-44dc-a659-429a950d210f",
"indicator--5ae98afd-bc18-4a29-986f-408a950d210f",
"indicator--5ae98afe-c690-48d6-8b66-45b0950d210f",
"indicator--5ae98afe-c06c-4303-b6aa-4baf950d210f",
"indicator--5ae98b53-0b28-4c9e-95dd-4490950d210f",
"indicator--5ae98b54-a0bc-44b9-9635-4bfd950d210f",
"indicator--5ae98b54-3a80-40fd-8cc0-471c950d210f",
"indicator--5ae98b55-b92c-4bee-8389-4ade950d210f",
"indicator--5ae98bc6-4174-4cc1-b7ea-463d950d210f",
"indicator--5ae98c5b-b9bc-4412-8524-41d7950d210f",
"indicator--5ae98c72-cc64-40f2-936c-4fe2950d210f",
"indicator--5ae98db9-d4f4-4f99-977c-41cf950d210f",
"indicator--5ae98dd1-b830-415a-8f6b-4624950d210f",
"indicator--5ae98de5-f138-42ba-b319-4480950d210f",
"indicator--5ae98e52-6884-4b46-8b3c-48e2950d210f",
"indicator--5ae98e60-3740-4354-bec4-46f1950d210f",
"indicator--5ae98e76-a45c-4f1c-9f80-43b1950d210f",
"indicator--5ae98e8b-8fe0-4d0a-ae73-475d950d210f",
"indicator--5ae992c9-0f9c-4f49-8336-4944950d210f",
"indicator--5ae992f9-d2a4-4abf-a7b6-429d950d210f",
"indicator--5ae99316-d028-4704-adad-469f950d210f",
"indicator--5ae99449-65ec-4419-aeb6-46a9950d210f",
"indicator--5ae994ad-a768-4ee7-a1f4-4330950d210f",
"indicator--5ae994fe-1108-4bf7-a7fa-4497950d210f",
"indicator--5ae9951e-7f10-41ac-b7bc-4234950d210f",
"indicator--5ae9981a-ad08-4334-99f4-471f950d210f",
"indicator--5ae99864-03f8-4a65-928a-4bde950d210f",
"indicator--5ae998cb-f5b4-4f8a-81c3-406e950d210f",
"indicator--5ae99901-3fcc-473f-ab05-4c3e950d210f",
"indicator--5ae9997d-8770-4ab8-b19d-4c8f950d210f",
"indicator--5ae999b8-8d60-4297-a180-4bf7950d210f",
"indicator--5ae99b53-9990-442f-8a80-4301950d210f",
"indicator--5ae99bad-464c-4be6-8451-4552950d210f",
"indicator--5ae99bdc-fca0-4cfe-9271-14db950d210f",
"indicator--5ae99bf9-f24c-472f-b767-1226950d210f",
"indicator--5ae9abdf-465c-4bb6-9474-a8f4950d210f",
"indicator--5ae9abf3-2210-4cc9-97e0-11f0950d210f",
"indicator--5ae9ac09-88b8-4b91-9890-a91b950d210f",
"indicator--5ae9ac1f-e6c0-4d66-b160-14e1950d210f",
"indicator--5ae9ac38-8598-4864-928d-1506950d210f",
"indicator--5ae9ac9d-1eb8-4652-8010-a914950d210f",
"indicator--5ae9acf2-866c-468d-9198-a8f4950d210f",
"indicator--5ae9ad09-0074-4093-927f-1506950d210f",
"indicator--5ae9ad2f-805c-4d81-b83c-a8d6950d210f",
"indicator--5ae9ae3b-fcd8-4175-88c9-1271950d210f",
"indicator--5ae9ae61-7ff4-4b1d-9c77-1271950d210f",
"indicator--5ae9ae72-10dc-49a9-b36a-1226950d210f",
"indicator--5ae9aeb5-57e0-4f5f-88c2-1271950d210f",
"indicator--5ae9aeca-6de0-4888-b26b-a916950d210f",
"indicator--5ae9af2f-c994-4e9a-b4e5-a8d7950d210f",
"indicator--5ae9af42-6da8-4148-9130-a91c950d210f",
"indicator--5ae9af7b-e280-4f48-988e-429d950d210f",
"indicator--5ae9af90-4b54-4f8b-bc95-d2ce950d210f",
"indicator--5ae9afa7-0db8-4409-849e-a915950d210f",
"indicator--5ae9afc4-cb78-4a3e-81a2-14e1950d210f",
"indicator--5ae9b03e-4250-45ba-a01a-451b950d210f",
"indicator--5ae9b050-838c-45e0-ba07-a919950d210f",
"indicator--5ae9b073-9948-4526-af40-1259950d210f",
"indicator--5ae9b087-b410-44c3-b88e-a917950d210f",
"indicator--5ae9b0a8-bd78-4b09-a3c4-14e1950d210f",
"indicator--5ae9b0fb-156c-4a3d-9cf5-a8d7950d210f",
"indicator--f7491bdd-1ef0-4396-8ce0-9836ecc6cb69",
"x-misp-object--61af3dd7-d2d0-4190-b3b3-548c2731036a",
"indicator--a865d3fe-d34a-46f0-a584-b0407e02886b",
"x-misp-object--1e274a7c-acc3-4c97-8de6-2713c49af382",
"indicator--6d1f2a52-688f-488d-8079-9fd7231bafe1",
"x-misp-object--3e9b9cdf-67b5-4f5a-b249-8968780d6edd",
"indicator--82912a16-0d33-442a-ad32-2f7b1974a1ba",
"x-misp-object--3aeb74b0-13be-4c9a-9713-99b92c0f3b22",
"indicator--0f5e820b-d877-4907-bc53-935e590a0057",
"x-misp-object--b0bd7aa6-f585-43f8-8455-957d88f83037",
"indicator--bda9edae-72a1-4ae8-905b-e8b58791c3f8",
"x-misp-object--eed7363d-d9df-4c60-8023-379e611f1e42",
"indicator--043f490a-6ddc-4a71-b2ee-449dbc922568",
"x-misp-object--72bc8ab4-e347-4bf0-8ed4-ce5f95d0db56",
"indicator--3b5e6f4e-964d-43ed-b937-946ece94d05b",
"x-misp-object--44fd254d-c2d4-4ee6-8fca-43ed18455c97",
"indicator--7a13163b-13c1-4226-8036-8c1bb5afe2e1",
"x-misp-object--1c82ca99-3349-4041-a7d1-27347301b8f7",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"relationship--afe22bae-579f-4b43-a683-2ff080813101",
"relationship--306da3c9-c19b-41d4-a318-ebc420aba8e0",
"relationship--4566c00a-c56e-4419-95f4-259c801218eb",
"relationship--509555c5-996a-4117-a109-7ab3eea584ad",
"relationship--09b1bc4c-88e0-4557-b6d5-adf36a0748c0",
"relationship--3fb12e43-542b-4eaf-bcd6-92811a154a36",
"relationship--83528c05-c689-44fb-93d0-b397768a0f52",
"relationship--79a34833-1b2a-4ed3-8081-09124398a5f7",
"relationship--653c7e18-0b24-4397-9a9c-fd36ce0d24d2"
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ms-caro-malware-full:malware-type=\"Backdoor\"",
"misp-galaxy:threat-actor=\"Orangeworm\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5adef6b2-0c40-42f2-b09a-4f47950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:49.000Z",
"modified": "2018-05-03T14:14:49.000Z",
"first_observed": "2018-05-03T14:14:49Z",
"last_observed": "2018-05-03T14:14:49Z",
"number_observed": 1,
"object_refs": [
"url--5adef6b2-0c40-42f2-b09a-4f47950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5adef6b2-0c40-42f2-b09a-4f47950d210f",
"value": "https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5adef6f8-b494-41ab-8387-4af4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:49.000Z",
"modified": "2018-05-03T14:14:49.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Symantec has identified a new attack group dubbed Orangeworm deploying the Kwampirs backdoor in a targeted attack campaign against the healthcare sector and related industries.\r\n\r\nSymantec has identified a previously unknown group called Orangeworm that has been observed installing a custom backdoor called Trojan.Kwampirs within large international corporations that operate within the healthcare sector in the United States, Europe, and Asia.\r\n\r\nFirst identified in January 2015, Orangeworm has also conducted targeted attacks against organizations in related industries as part of a larger supply-chain attack in order to reach their intended victims. Known victims include healthcare providers, pharmaceuticals, IT solution providers for healthcare and equipment manufacturers that serve the healthcare industry, likely for the purpose of corporate espionage."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5adf24e9-4768-4334-bbef-44fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:49.000Z",
"modified": "2018-05-03T14:14:49.000Z",
"first_observed": "2018-05-03T14:14:49Z",
"last_observed": "2018-05-03T14:14:49Z",
"number_observed": 1,
"object_refs": [
"file--5adf24e9-4768-4334-bbef-44fc950d210f",
"artifact--5adf24e9-4768-4334-bbef-44fc950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5adf24e9-4768-4334-bbef-44fc950d210f",
"name": "Untitled-6.png",
"content_ref": "artifact--5adf24e9-4768-4334-bbef-44fc950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5adf24e9-4768-4334-bbef-44fc950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAhcAAALcCAYAAABU9pI/AAAgAElEQVR4nOy9vY7rvnb//fWDp0+uIKexpjCcG5ByLkB2Cldup5Nw0tjNFAFcGjgBppFKq9tFUrhyM9IFnIyuwHAxUnNyBckV8F/ojaRIivJ49tjzWx9gA3skilxcXCQXX2bWBAADQRAEQRDEjfj/GSPfgiAekclkAuq/xKNC9vtzmUwm+P++WwiCIAiCIH4W5FwQBEEQBHFT7s+5KGN4kwm8uLyPfAjip5GFmEwmCDPp/5/Kz0Nc3ig/gtBxa9slvgyzc1FP0JPJBBOpBbOwft4MKnza5p8XQ5zaM4SDaQiCuAmKPvmIznYW0jjxh+OH2O4fGaudC9d1gWSPrm0znJL6uZw2KsAYA2MpgnwLRzEoBCmr0zCw9w2mn6sDQRAGuj7J8L6ZAv4BjDEc/C8o7CvzJv5w/FbbJW6K3bHIeo0AOY5vtZuQnZAgwHpt+sjHIQ2AfIvXa7atLq+KXRNp56N1XErEXvdc2GRR5kMQf2BM28nSilG3Wixjr+tvJ13eVX8Nw1DMy1AGn68XZ4i9CRYJgHwLh5e5Lqefh6rMenyQxwvaDXk8PmO7ZQxv4iGOOdsZmlvqPBt7at5lgp2qyqEdF8s7F0usAiA/vqEEkJ0SIFhhOfSZM4ML4PwhKjdZDCs+P8/wizEUEbdrUjp4aXY8OMeljJ+xzQOk9Tveq1XmQxBEnzKG52wxb3YWiwjYOv2BvIzxvM3rVWWB2TkxZpskQNqsPE1lZCGcbV7vbBZYH094emdIAwBuhKLp22UMb5G0q9oicpFLcgplYorl2gXyI6r1UYFLDrjrJe2a/hRsbRc5tscZCsu5pSE5c9/kWywuOzBW2Wa+fe7mFWs5fj7WFzqdWdM5qyORYHXNvpSPA+uORHoNw9F0/OnTHECOSwFgWuC18QgX3YBWpUmwUHi0ynwI4g9EvnXUu3oyxQU5OOff2SJHf3FQvh2Rw8V6WU3cm11gLN+NXtCOFoYyslMCIEA1tEyxeT9ANcqI5QPT5bq3iBHKBDDd7BAgx/Y1q3deu++J++XWtguMm1vU33TznzOTrgaMkOOnY+1cVB04x9ZZIGkHgAFqRc+f1J24ahj7CT8Lq7LTxrts8A9grEDkVo36R92GIggV/Lm1zVm1cCeqXf3flt9RhoiPVQAgOSE8JYC7BvkW98/vsl3t3HIlv9++7w/7X0WdLrFunLRgpVxRiGQIFwngRnhRJi7xdswBW0dF/vrj3P0/DhGXU2zeUwQActqeIIjx1MeYycm8h9us+Ko7WCXivflYxLaMarGRoHmVhSHaVPkFTa+WdyHlnQwdfuVdIEnoSOTHYWm7NvBzy3fK8eiM+DsX9bklzEci3TbWAkmQir8NIlzCcup7EuqtTxX+SwS3Pv5wjkDj60w3K1ycukwESOkqMUGMZ7rBexoAyYLrp17/2NI/1EeaDiYTB5d1BFeZ4bgyppt3VK+q5/tZdbTROAXtsad/QBG5bbrqnsY7BheH/gsiFwAdifw8bG1Xg25u+d1y/CQmjP64O0E8JBSbYSwlYs/BFhEK+hX4b4fs9+dCsUUIgvjjkL1iS78lQhC/Bdq5IIgHhVZ+xCND9vtzoZ0LgiAIgiBuDjkXBEEQBEHcFHIuCIIgCIK4KRMA7J/+6Z/wt7/9DX/605++Wx6CIAiCIB4cutBJEA8KXYgjHhmy358LXegkCIIgCOLmkHNBEARBEMRNIeeCIAiCIIib8sDORYZwwgU2ekTKGN5D/u15S93b1o9Pl92RTh62fYjrKRF71N4E8VmGnQsh2JgUzpx/58VQ9ccy9jBpAg7Z5jsWKa/qn53j0ZevROxJebUvTe8aUSQZDLJlr1sgKsBYF3Sp972FvsaUqdZZN5g2+rhFwB1V/YbSPZ2kb4bsZMAGtfZ3Q/nvlwyhyk7LGF6tqzL2JBuuvhH1nCGUbKGMPS5NXY6gf94BHe43TZ5CGi6/sXLyfaKfxqSTKZZrYPval0+f5zDX6Nmkj2vz1I4v+FxfuXeyUG1zxNcx4FxkCBdnREUdl76IgO1zbagZwv0MBWNgrECELZ7lDlfGeD6uEQVj8r0C/1Dl0/xLA7uw8Fr5gCDl8pOirOreZeEEC6ScLAf4A7LNn6bm76s3Wn1dUybKGN4CSNv3c2ydEBkyvB7XdZsyFJF6kB0DXz/bdN3/h+xkwAYN7Xtr+e+RMt7jHBWVbs6neiLJEDoX7OrAXdPlGu75o5u0yg+cAeRNPHMAyE5I3DXMgURduNhCby5u146sQHReCJNlFk7gcLbHGEM638Kp04ySswixOEdtXrvLazuJWuskOfWccV2eNozV85A+rs1TPb7gJn3lnvEP/XGc+GKYiTRgCFLpEZgbFb2kReRKzwsWuS6LiuobIZuBfIvIZQCqf3y6NOCeByxAwMRcmnK78rR5aeUTvzflLZJq5FF/nwbo5HIjVpi+1+orGlVm+yRypfxSFqDSRb+MopNBqfuUBeDqgk6n/foNpIP0zQj7a+rVvVO1r1qGXv3gMteV5b8/hrpvp4+CRW7VXr2+KLV99Y1oV/2+LT+r84gCBsEumv93bSGWW8tSRMxV2jEv2wg500DbZnY60YxZijxle6z6VsQi3n4QsHSM/Fb6GKkT4/hkGKu/EJP99u2Lk6uImNuMKW7EokDWc/Wz3C5ifgGLuLlBHDfktmPcO5cFgdt+o27/tDee8G2kno/EuvfSCPYn9iebPH83AJhx56L8OPeeOTNVpPsSb8dcWOWV8TOO61/K7WRjvrUH3XjsKRb1Np24ii1mZyQqobNXbBHhxTflZZYPAJJFt30o76Yp35UfOLtn7E1bv5xs/oEhDepdkPcNpobvtfq6XEaV2TB9mgPCyszBzM1xKcSt2AVSvFdnEwbd+zgIuyRzbJ9jOHL9bNIx8RtY2x8g26C6fdUylPIOCXvH+7ss/+Mx3eww3zqYTBwc1y9wYg/7WQFxAedjFeQ4vlXr3+ICrJdLzNwEpwyo9AqszdsWFcsD0iDB3moL0scqAM4fJVBckLszOL00nV2OktM/VKt8xfGFnU4AfxUgOXF9SZOnvwqQH9/q3YNKhmh2wXYu7xCMkN9KHyN1YhpfBsbC72D6NO/0Wn4ArlvZCoDy7Yh8/lT1yXyL46yox44Ei8kes6LZ5TTtLiU44lfdPinmzY5o9qpoO54cCXZgjOF9M1W3/wt648lmCuN81KJLU9vfc1yK7WWT5zdxkwudZfyM7TztOmgZ43k7x+4Kay3fjsjzqhNPJhMsknoAkrZmp5sd+jt4JeJ9gmBXTQbavIzyTbF5F48UkkVzNml6ByCfY9caZYogWYh3OTjZlBi/v+YbTZn+oe6IzUDjYJu7mDnAdPPe1q+Y7aut6wHdC2fDC6XLNyrdNQg2aGhfpQxW2/6PSOdMvS/f8HzZ4X35Vl9S7SZJfxXUW+kZTskcT9Mplut6MC/fcMznsD0d8l+GBnWRMcdOY+T0D9Xxy/roSHeH7HQCf4VAOhpR5umvEORHvJWoZMAay80KQbLo3Wm4pZ6vylM1VsTXj9Vfir9CkF9QoBrHsdthXk/ixSVHsGomm6CV3Zm5QLCrJt3pEmv3jA+tnxtwda6ctEtRl6touw4XEb9SU7V/oR5PtPORZRr/kGK+deBw7WWT53cx2rkoLrnwcxl71dkg7/oXF+ToJq9FUq32TZeghHwD3nNk9erZguwV2zzAinc1VXmNkc9fIYDGSE3v6pWZUTYj0vcScjuMLbMaKLmBBv2BbbrZVR3nwyBmPZG39zeKCMq9Bdt0A6jq3bNBXfuG4U1keDzqOwUHH9nrFvO0Xtk1K65mIs1OSOq7OdPlunpfXJDb3F9qmG6wCxLsY5PRVDKdksqhhTODW08kIgUutdOLq+SsFgMpt7q31gl8rJS7MHKePl4i4PhWVpPgesnt0q1w4i9O2spvq4+rdNJ+WI0Vl/Fj9e+h0v8pA4rLHCvfx2p+QYEMp2TMODq+XGXbGeXMpfY3YDO36dLUd2quyvM7MB6cFBFz+TM+6ec
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5adf2515-d258-4589-a5c5-1b99950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:50.000Z",
"modified": "2018-05-03T14:14:50.000Z",
"first_observed": "2018-05-03T14:14:50Z",
"last_observed": "2018-05-03T14:14:50Z",
"number_observed": 1,
"object_refs": [
"file--5adf2515-d258-4589-a5c5-1b99950d210f",
"artifact--5adf2515-d258-4589-a5c5-1b99950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5adf2515-d258-4589-a5c5-1b99950d210f",
"name": "Sample payload DLL_0.png",
"content_ref": "artifact--5adf2515-d258-4589-a5c5-1b99950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5adf2515-d258-4589-a5c5-1b99950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAeUAAAFgCAYAAACFTWEJAAAgAElEQVR4nOydzWrjzLb3V172VYQQguRLOHhg5BzwwNIFZGCHM/AoII0beyI4bPDEJqMziCEjDw6x2OQCbA8MxxIe+BosEULIbegdpFdl1VLJdjrutNN7/aB5ni6X6nPVx6pS63+S53kOgiAIgiD8cf7fny6AIAiCIAhvyKIsCIIgCEeCLMqCIAiCcCTIoiwIgiAIR4IsyoIgCIJwJMiiLAiCIAhHgizKgiAIgnAkyKIsCIIgCEeCLMqCIAiCcCTIoiwIgiAIR4IsyoIgCIJwJMiiLAiCIAhHwj92RTg5OfmKcgiCIAjCvwXbdKB2Lsq7EhAE4fCcnJzIuBMOitjUcbDL0ZXja0EQBEE4EmRRFoS/iJOTEwiC4GDpJUkCJycnEEXRwdIUvg+HtidhN59elLMsg5OTE+PArVQqWqd6nqfinpycQKVSUXGjKCr9jab3WQM5OTmB4XD4qTQE4U9Dxx3+ybJMi/OZ8SKT8b8Xv9uehP359KL8+voKAAC2bcN4PFbhSZJAmqZg27bq3M1mA67rQp7n6m6DL77422az+WzRBOGvBcfdZDJRY8ayLMjzHO7u7g6Wj+M4kOc5tFqtT6clk/rx8lX2JOzmYMfXNzc3MJvN1AL88PAArusaPV5kPB5DmqYfOhqjOzoc4HjEhn/QE6bet+d5Ko3FYlGIKwh/A2ULHx8j3AvCZ/kpFY63KIrU/wdBACcnJ5AkSWm6NHw4HILneZCmKYxGI/WiC38W54EgCFQe//mf/6mNU3wmSZKDt51Q5FftKYoi9SyPg3ZGbQ3TGw6H6jduQ7RMf/P8fbBFuVargW3b8Pj4CAAA8/kcOp3O1mdOT08BAOD5+VmF7WrszWYDeZ7DYDCA0Wik0sHd3WAwgF6vBwAAYRjCYDCAPM9hOp1q6eR5Dr7vw/39/S/VVxC+E/V6XXlBrusWJtrhcAhpmkKaptDv97emlWUZ5HkOjuOUpluv19XYe3p6gul0CrZtg+/76pSMxhkMBtBut9XEPRqNII5j+L//+z9wXVeN09VqBQBvHrzw59hlTwAAaZrC5eWl6m+6NuR5ruyNO2XUPnCexjk9CAKoVCqQ5zlMJhPo9XrGDeZ35qAvejWbTbi/v1dH19Vqde9nW62WWlixE0y74WazCQAA5+fnAACqQ3Axx84DeNtR9Xo9zUsGAGg0GgAAcHFxAWmafqySgnBEtNvt0ncwEBxHGHc2mxWuh56ensC2bbAsa+dRNW62y9LF8FqtBgBgPP7kcfC/9DoMF95OpwNpmkKWZbBYLMD3/a3lE36dQ9kTgmuAbdvw9PQEAKC8Z9u2C/HRDmzbBtd1AeBtngZ4m+vn8znMZjM4OTmBdrsNAO8287dw0EX5+voa0jSFTqcDruuCZVlb42NjYkcgl5eXH8o3CAJ1Vz0YDFT4dDqFyWSiOlEQ/jbQW9nnHYw4jn/LOxu/K10ENwm3t7cwm80+PD8I+/O77SmKIpjNZspL/hXwtAX//G2nJgddlLFxcGHeRafT0XbEyHK5BID34+2PsFgs1P8HQQCtVgsmk8mH0xGEvwUcR3j0awJPjbIs2/sdj7J0ebjpaJPH2XUs7fu+uq46xEtnwq+zjz3tw3q9/vAzlUoF5vP5p/I9dg7+75TxaMl0dF2pVJTXip4r7rDoCwF4n7TL00bCMFTp0h3bxcWFOuagHrQg/DthWZa6fyt7Z6Pb7YJt2+pfUeDR4a+ky8Px+PHm5ka96MXj9Ho9iOO4NK/r62sAgL3KJfxe9rGnMlqtlrKzdrttPMLexnQ6hTRNt/7T2e/OSb7ju2vyaTZB+Hpk3OkkSaJeLhJP+dcQmzoOdvWDfNFLEISj5+HhAQDk6Fr4+xFPWRCOEBl3wqERmzoOxFMWBEEQhG+CLMqCIAiCcCTIoiwIgiAIR8I/9okkH94QhK9Hxp1waMSmjp+9FmV5OUAQvhZ5KUc4NGJTx8GujZEcXwuCIAjCkSCLsiAIfwWVSuWvUwwS/v348kXZ87yCfiqArpNMtTdpfKr2VJYO1dpENROqq0x1mMvibwun6dF8sTxBEGg6oPt+Bo7mh+lSbVF65EHD+XeF8XOllLLjEtrmSZKUtin9BCr9nB6GcxWubXkiZW20re2w3vtMvGVa2mVt993u2njfIZ7nQZIk6ndKpVLR+g/7HOC9/lQzGYmiSP2d2yTvez6O6e+87zzP0/LJskz1ObU5qrPM06R1uLm5UfKAx8av2PtXEgSBZhs4fihoW2gDpm+k0/6hdkPz4fWk+twUky1y++Jj2NSGWN4kSbR5tsyGuVb0PvPpIeePL12UsRNRS5Pqp9q2ramOWJalxUclEhRWbzQakOc5xHEMYRiq9Pv9vtLapKIYVFkEpeR4fNSRHQ6H0Gw2Vfr1el2rRxiGBfk41Hm+u7tTaeZ5DpVKZecH/j3Pg5ubG/VMq9WCLMug1+tpcpY4aBaLhQofjUbKmD3P+5CCznq9Vnq2Ly8vxr5JkkTpn+Z5rumXYjjXqt6Hsjbi4VhnHHz7fiu33W5DmqbqDi2KokKbzufzvcUXjo3Hx0eYTCYQx7H62lUURdBoNMBxHLAsC1zX1Sa6NE01wZbVaqVkTCm2bcNoNCrd/KDNYNvipJZlWWEcA7z3ne/7mgjBZrPRxAXW6zU0m82CzaFADYZhXgBvojZof1dXVwfVR8dF6BB81N6/muvra802UOOe1n82mynBENd1YTwea2lEUbTz2+Tz+RwqlUqhXV3XVXaMPD4+auklSQK2batxjbbAnSme9v39vUoH52nf95Uilmn+QtVBVB78yk37QRZl6pXQnQvd7QZBAMvlUi2UOGm8vr5CFEXg+35BIebs7KyQ1+npKTiOA91uFwAAXl5e1O6o1Wqpz/Dto+VM4z8/PysBjMVioT6A7zgO2LatJoHhcFgQgT85OVEfSU+SROvkzWaj6kF3eVjmLMtgs9mo+iAmMQ7UkKbpU6OdTqelnyGkfYFKQO12G3q9HlQqldK+eXh4gJubG5UOTqyVSkXVGScYkw3wUwpsx7I2ouF0wbi7uyu0UVmb4uSAbdjpdGC5XMJ6vdY2Uzc3N2ryMbXRdwAVe7Isg/F4rLVRo9FQSj5JkoDv+zCbzdTvi8WiIJuKDAYDuL293Zn/dDqF2WwGWZbB4+NjYRzf3d0pdafLy0u1wFKvGNt6uVwaN5Vcjxn7NQgCbWHAcNp31P6Gw2HBI8SFl8fzPA9msxnU63W16aAeFN2IeJ6nTpk8z9PS+lV7/2ocxynYhu/7mv3QuabRaMBms9HaOgzDreqAURTBzc2NZpdIp9NRdoL0ej0tvX6/D5PJRJsb7+7uNHvrdDra4h5FETSbzR2130632wXXdb9sA//pRRknA75z4bvdu7s7uLi4UIMS4G0Qvby8wPPzs1KPoZMr7vgxfDweqw7BQdBut407ncfHR60zaPqm4+77+3s1+C3L0oymUqnA6+srZFkG9/f3hYUvTVOwbVtpe9LBe3Nzo4wGve88z6Hf78NwOITX11dN9YQO5MlkosIuLi4K+WZZpu1et3F5eal2fbe3t9BqtWAwGMBgMIDNZlPaNwDvmwGAN+Wt5+dnpcaFnr3neWrnSSfWVqul6jyZTNREX9ZGlPv7+9JFAzG1KZYfOTs7gyzL4OzsTPPMzs/PlfC6qY2OmaurK6Wyc319Dc1ms7B41Wo15f2sViu4vLzUvOfNZlNqO91ud6u3TMEN3NPTU2FRtSxLbWqr1apq//V6DY1GA5rNpvKe5/M5tFotcBwHms1mYaxiWJZl6hlefn6EHYah8qy63W7BI8Txw+NNp1NwXRfiOFbzS6fTUbbWaDRU2Wazmfpts9mo+ZDa0aHs/XfCbYO21Wq1Kiy4tK3xaNjkSCHj8RhqtVrpiYbv+6pN0VGjbDabnc5Wq9XSFvfxeKwcrM/QaDS0Dfzv5NOL8nq91uQYR6MRrFYrWK1WmocF8D7QaVyEHonR4535fA6DwQBc19WMYjqdquNlfrSAx5Q4SdGFIY5jaLf
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5adf25d7-a76c-4b3f-8624-4f17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:50.000Z",
"modified": "2018-05-03T14:14:50.000Z",
"first_observed": "2018-05-03T14:14:50Z",
"last_observed": "2018-05-03T14:14:50Z",
"number_observed": 1,
"object_refs": [
"file--5adf25d7-a76c-4b3f-8624-4f17950d210f",
"artifact--5adf25d7-a76c-4b3f-8624-4f17950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5adf25d7-a76c-4b3f-8624-4f17950d210f",
"name": "Sample C and Cs_0.png",
"content_ref": "artifact--5adf25d7-a76c-4b3f-8624-4f17950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5adf25d7-a76c-4b3f-8624-4f17950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAl4AAADcCAYAAAChxq98AAAgAElEQVR4nOy9z27iztL//+an71WMIp7I9jVkMYIsWGBfQPQIskI6UiR7HcGGJRtbs8YS0iOxwv4ccQGBBYtgZZFrwBYninIb/i1yqqe73QZDyL+ZfknRTIzd3a6q7q6ublK1PM9zaDQajUaj0Wjenf/vsxug0Wg0Go1G87egHS+NRqPRaDSaD0I7XhqNRqPRaDQfhHa8NBqNRqPRaD4I7XhpNBqNRqPRfBDa8dJoNBqNRqP5IP5f1Rtrtdp7tkOj0Wg0Go3mW1PlL3RVdryqFqj5mtRqNa0/jUaj0WjeiaoBKr3VqNFoNBqNRvNBaMdLo9FoNBqN5oM4meOVZRlqtZrwE8fxqYo/GbVaDZ7nAQAcxxHaGwTBUWU6jgPLsgrX4zhGrVZDkiRvavNHkCRJQWee57HQKb0L/5NlGQDAsiw4jvMp7dZoNBqN5jtxMsfr5eUFABBFEfI8h+u66Ha7pypeSRAEbzr0v9lsYNs28jyH7/sYDAbfwkn6DJ6engAAaZoiz3OYpskcWI1Go9FoNNX4sK1Gy7IKkSXP8+B5HvvMcRzmTPERFYrG8JG0OI4xGAwAQIjUqOqpws+fPwEAz8/PwnWK+sht4q9vNht2P9/W4XDIrsdxzCJD5Czy78pHzOT6+DJVkTWNRqPRaDTfg5M7Xt1uF7VaDWEYsm/RkXOV5zmiKMJgMGAOTBiGWC6XiKIIi8UC2+2WPffr1y8AQLPZhO/7LDLV7XZxcXEB3/cBvH7bstPp7KxnHw8PDwCAi4sL4frt7S3yPGdRnl+/fiFJEoRhiCiKkKYp0jRl9/d6PRZFk52kNE3RarWQ5zmSJMFgMGARpDRNEQQBgiCAaZqsTsMwMBqN4Lou8jwXnLzPwDRN5gDe3d19als0Go1Go/lunNzxiqII6/UaAFgUarlcYrFYoFarse1H2po0TROGYeDs7AwAcHl5ya5TtAf4HZGif+l5nl31lEH3DwYDRFEEwzCEz+fzOYs2kYNFUbGLiwsYhgHbttn95FwBr06YzNXVFYDfjh45MgCw3W5Rr9eRpqkQXTMMA2EYfoloV5qm8H0fi8WislOr0Wg0Go3mlXfZamw0GjBNE9PplF2jiA39NBqN96j64HooOkVRM54sy5hDRhGvU8O3dTweo9PpsIifaZqI4xjj8Rjr9brgkJ2SHz9+VL6XnMf5fH7ydmg0Go1G8yfzbme8bm5uWFTEsiwsl8ujyiGHgCJE9K/KoXpLPfvIsoxFvCg69/j4iCzLsFgs2H2maWK1WgGA4HjK1Ot1ACgc5g+CAFmWCX/s1PM8NBoNFkl8DwzDKDjLYRjCdV3lvbZtYzKZvFt7NBqNRqP5E3k3x4u2BB8fH3F3d8eiNYceEDcMg53Xoi1BckAo8kKH699ST1nd9O1M0zRZxKvRaAjX6awZ8Ops0fYlbTmq6HQ6cF0XzWaTtTdJElxdXbHtR9M00el0cHl5iVqthmazCdd1C9uhp4LfqqX6x+Ox8t5Wq4U0TZljzT/3Ff+MiEaj0Wg0X4FaXjGPjE45873R+tNoNBqN5v2oOs/qv1yv0Wg0Go1G80Fox0uj0Wg0Go3mg9COl0aj0Wg0Gs0HoR0vjUaj0Wg0mg9CO14ajUaj0Wg0H8T/O+TmtySk1nw+Wn8ajUaj0XwuBzle+s8RfF/0n5PQaDQajeb9qBrc0FuNGo1Go9FoNB+Edrw0n4bjOELKJPor+JrdWJb1oQnKP7o+jUaj+ZM5ueNFaWMoBU6WZcK1XROr4zjKzy3LguM4wjW53LKJQfWs53nsuSAICtd2pb6xLEt4P544jr9typyPdnqyLMNmsxFybs7nc9zc3LDPZf0mSSJck/XKo9J72fWqtlSr1eB5nnDNcZyCvfDXymyF2nKoLSVJAsuyYBjG0Q5REASF9yjjo+vbRRzHB5fDy/jYNlStl/SeJEnBVvnn+TaVjZMqO6R79o1LJG+5PNoGUdUjt7fKlkmVsd2yrILs+LbRu5C9q/o2f39Z/9tHEASCfFTvS+2RZUd9M0kS1i56nuYPqoP/Xa5Dnmv4ezV/Fyd1vCzLQhRFyPMceZ6zSdU0TXZts9mUPtvr9QrXa7UaRqNR4bppmliv16xcVf5C1bNJkmC5XLLnBoMBsizDeDxm1/I8h2mauLi4EJ6N4xij0Qh5niOKokJ7h8OhMqm0psjj4yNzsojVasXyb5bp17Ztdu3u7k5ZdpnNHGtLNMFEUSRcp0kjz3OkaYputwsAuLu7E2wJKCZ1P9aWHh4elP3kEPr9fmkOzs+u79RsNhumh+VyqXSAj0WO2AJAmqZM17ytynWnabpznIyiCKZpCs7XfD6H67pCIntqx83NDXt2tVrh9vaWleO6rmCLAAT7VPUt3/crOTR8my3LEpzCJEnQbrcRhqFwjR9/7+/v2Wd8O6lvB0GALMvYdd6OkiSplLc2yzIMBgNWxna7RaPREGRC/+90OgDA5rH1el1q/6ZpYjAYKD+L4xjNZlOQ82q1YnMNn99X8/dxMseLVsZkuIey2WwKjg7w2iHOzs6Ea3Ecw3XdwmRW5dnZbCZM+K7r4vHxsVA+rfJ5Op0Oez+5rUEQKCf17watIGn1SnoFfjsg9C9B1xzHEVaWNAjTyo9nOp2yROpU9mazgWEYlfVbhkrvZder1GUYhvKLCdPplA3KhmHAtu3CRBwEgdKBOtaWJpOJsp/wEQM+8iCv3oMgECI4nucpdbavPv6ZsuiEqj7ZRlSOEEUOyqIc8nWyPT7SuA+KENFzVSN5nufB8zw4joPFYoFms7kz8kq02208Pz9XqgN4tQ/XdTGfz9m1yWSC8XiMxWLBriVJgs1mg36/z67d3d1Vckh20e/3Ydv2wdF7vn/NZjNcX18r+wWxzyGnd1bR6/WOcugPeabRaCBNU+VnlmXBdV1l5Go4HGK9XgvXTqEXzZ/ByRyv5+dnLBYLZag6TdM3h/t5np6eEIZhpe1LFfV6nf3//PwcT09PwufT6RTD4XBnGfP5HO12G8DrwD+ZTI52Or8KaZqi1+sJq9dGo4F2u40gCPDr1y9EUQTDMOD7Ppu0fd9nA8p2u2UrRZIhrS6JfduMu/TL29gpQvVvtSV+ojEMozC5TiYT3N7e7iyjqi3x2348WZah2+2ylXW73YbneUJ0IU1T2LYtTNB8G2Wd7aovSRL2DOmVtm+q1LdarVg0ZpeDSeWHYcgcozAMWbSIv75YLDAcDpHneWEyJIes3W6j0WjA8zwWIRoOh8yR2XfcgMocj8e4u7uDbdtYr9elkVeeMAwFB9Y0zb32dnl5ie12y2RO97quy9r1/PzMbOcQqmzXt1qtwtgow4/tcp8OwxCNRgO9Xg+z2QwA2HiicvL5fkifpWnKZMVfD4KgEDEvg8arY8aMOI5h23bp57e3t8qoFx/53Idqy1O19azPv/45nHSrkQ8V0+BH0QJ+ED1FuN/3/dIQ91ugFeSuTkOha1o5eZ5XCP9/R0zTZBM+P+jS4JJlGfu83+8jDENMJhNhcr2+vgbwe2tNFUngnSxiMpmwbUZArV9+eyBNU9amt/JetlQWOeU5xJZms5ly2+Px8VGIql1fXzO50GD98vJSus1Pzo+8ui+r7+HhQdBfr9djDkKV+si5u7i4KL2nLCrtuq6wNfby8gLg1XbJ5q6vr7FardjzhmEgTVMm4yzLWLS10WjANE0AKBw34LeewjDEdrs9KFrCLxLW67VgB+Q8lr2/DL/le319/ebxZt92fVX4rcabmxvhDBTZZKfTEbYbSc7D4VBwJvj5g1940DVaGNDiROXUl9Hv99l2X5WIaLfbRa1Ww3A43CkjwzBKo14Ef/5ONV7JNkfbv/K1qrai+fqczPE6OzsTjIpfrfG4rntQyF1FvV4Xyq6yMuPh791ut0IETN6KVGGapjBB0ZZDrVZDGIbodrt/5MFJVccvC8Pvgj/LBfw+2E8TUxX90tYeTbzH8lZb4m05yzIhAsZvRZZxiC0tl8uDoqo/fvxgk3+z2Tx4sv7o+j6bXRE
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf267b-04bc-42bd-8ac0-466d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:50.000Z",
"modified": "2018-05-03T14:14:50.000Z",
"pattern": "[rule Kwampirs\r\n{\r\n meta:\r\n copyright = \"Symantec\"\r\n family = \"Kwampirs\"\r\n description = \"Kwampirs dropper and main payload components\"\r\n \r\n strings: \r\n $pubkey =\r\n {\r\n 06 02 00 00 00 A4 00 00 52 53 41 31 00 08 00 00\r\n 01 00 01 00 CD 74 15 BC 47 7E 0A 5E E4 35 22 A5\r\n 97 0C 65 BE E0 33 22 F2 94 9D F5 40 97 3C 53 F9\r\n E4 7E DD 67 CF 5F 0A 5E F4 AD C9 CF 27 D3 E6 31\r\n 48 B8 00 32 1D BE 87 10 89 DA 8B 2F 21 B4 5D 0A\r\n CD 43 D7 B4 75 C9 19 FE CC 88 4A 7B E9 1D 8C 11\r\n 56 A6 A7 21 D8 C6 82 94 C1 66 11 08 E6 99 2C 33\r\n 02 E2 3A 50 EA 58 D2 A7 36 EE 5A D6 8F 5D 5D D2\r\n 9E 04 24 4A CE 4C B6 91 C0 7A C9 5C E7 5F 51 28\r\n 4C 72 E1 60 AB 76 73 30 66 18 BE EC F3 99 5E 4B\r\n 4F 59 F5 56 AD 65 75 2B 8F 14 0C 0D 27 97 12 71\r\n 6B 49 08 84 61 1D 03 BA A5 42 92 F9 13 33 57 D9\r\n 59 B3 E4 05 F9 12 23 08 B3 50 9A DA 6E 79 02 36\r\n EE CE 6D F3 7F 8B C9 BE 6A 7E BE 8F 85 B8 AA 82\r\n C6 1E 14 C6 1A 28 29 59 C2 22 71 44 52 05 E5 E6\r\n FE 58 80 6E D4 95 2D 57 CB 99 34 61 E9 E9 B3 3D\r\n 90 DC 6C 26 5D 70 B4 78 F9 5E C9 7D 59 10 61 DF\r\n F7 E4 0C B3\r\n }\r\n \r\n $network_xor_key =\r\n {\r\n B7 E9 F9 2D F8 3E 18 57 B9 18 2B 1F 5F D9 A5 38\r\n C8 E7 67 E9 C6 62 9C 50 4E 8D 00 A6 59 F8 72 E0\r\n 91 42 FF 18 A6 D1 81 F2 2B C8 29 EB B9 87 6F 58\r\n C2 C9 8E 75 3F 71 ED 07 D0 AC CE 28 A1 E7 B5 68\r\n CD CF F1 D8 2B 26 5C 31 1E BC 52 7C 23 6C 3E 6B\r\n 8A 24 61 0A 17 6C E2 BB 1D 11 3B 79 E0 29 75 02\r\n D9 25 31 5F 95 E7 28 28 26 2B 31 EC 4D B3 49 D9\r\n 62 F0 3E D4 89 E4 CC F8 02 41 CC 25 15 6E 63 1B\r\n 10 3B 60 32 1C 0D 5B FA 52 DA 39 DF D1 42 1E 3E\r\n BD BC 17 A5 96 D9 43 73 3C 09 7F D2 C6 D4 29 83\r\n 3E 44 44 6C 97 85 9E 7B F0 EE 32 C3 11 41 A3 6B\r\n A9 27 F4 A3 FB 2B 27 2B B6 A6 AF 6B 39 63 2D 91\r\n 75 AE 83 2E 1E F8 5F B5 65 ED B3 40 EA 2A 36 2C\r\n A6 CF 8E 4A 4A 3E 10 6C 9D 28 49 66 35 83 30 E7\r\n 45 0E 05 ED 69 8D CF C5 40 50 B1 AA 13 74 33 0F\r\n DF 41 82 3B 1A 79 DC 3B 9D C3 BD EA B1 3E 04 33\r\n }\r\n \r\n $decrypt_string =\r\n {\r\n 85 DB 75 09 85 F6 74 05 89 1E B0 01 C3 85 FF 74\r\n 4F F6 C3 01 75 4A 85 F6 74 46 8B C3 D1 E8 33 C9\r\n 40 BA 02 00 00 00 F7 E2 0F 90 C1 F7 D9 0B C8 51\r\n E8 12 28 00 00 89 06 8B C8 83 C4 04 33 C0 85 DB\r\n 74 16 8B D0 83 E2 0F 8A 92 1C 33 02 10 32 14 38\r\n 40 88 11 41 3B C3 72 EA 66 C7 01 00 00 B0 01 C3\r\n 32 C0 C3\r\n }\r\n \r\n $init_strings =\r\n {\r\n 55 8B EC 83 EC 10 33 C9 B8 0D 00 00 00 BA 02 00\r\n 00 00 F7 E2 0F 90 C1 53 56 57 F7 D9 0B C8 51 E8\r\n B3 27 00 00 BF 05 00 00 00 8D 77 FE BB 4A 35 02\r\n 10 2B DE 89 5D F4 BA 48 35 02 10 4A BB 4C 35 02\r\n 10 83 C4 04 2B DF A3 C8 FC 03 10 C7 45 FC 00 00\r\n 00 00 8D 4F FC 89 55 F8 89 5D F0 EB 06\r\n }\r\n \r\n condition:\r\n 2 of them\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ae03296-6130-4be2-9966-43eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:51.000Z",
"modified": "2018-05-03T14:14:51.000Z",
"first_observed": "2018-05-03T14:14:51Z",
"last_observed": "2018-05-03T14:14:51Z",
"number_observed": 1,
"object_refs": [
"file--5ae03296-6130-4be2-9966-43eb950d210f",
"artifact--5ae03296-6130-4be2-9966-43eb950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ae03296-6130-4be2-9966-43eb950d210f",
"name": "Sample configs.png",
"content_ref": "artifact--5ae03296-6130-4be2-9966-43eb950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5ae03296-6130-4be2-9966-43eb950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAi4AAACaCAYAAACOjsOVAAAgAElEQVR4nO2dT4gjyZX/v/p5FjzgHeay8KOobUSmbr+LYdcaU5vSQQdJV0MdJJ10MAUpMJ4fLqSDNfgwMiZFgW8SdPsgsGnpUOCrlAcZpKQM8nEMv4OV6aJ3aJZl1obd9czs7jDxO5RfdEQqM5WqUv3reh8oupWKjIh88SLixYtQvowQQoBhGIZhGOYR8L/uuwIMwzAMwzBpYcOFYRiGYZhHAxsuDMMwDMM8GthwYRiGYRjm0cCGC8MwDMMwjwY2XBiGYRiGeTS8kzZhJpO5zXowDMMwDMNI4t7WktpwScqEYd5WMpkM6z3DMMwdk+Qs4a0ihmEYhmEeDY/ScKlWq8jlcvddDYa5U4IgQCaTQb/f3+m+XC6HarV6S7ViGIa5Wx684ZLL5ZDJZOTfZDLRvm+1WndqxORyObRarTsrj3nYkDGh/u1qWDAMwzDp2emMy33g+z5s28ZgMJDXarXanZVPK9XpdHpnZTKPh9evXwMAxuMxarUaPM9DoVAAALTb7b2WZRhGqvM2/X4fnU5Hpl2v13utB8MwzH3y4D0uUSR5WZK8M6qrPZym1Wpp9wZBgFarhdlshtlsJq+p+WQyGfa+MBqWZcG2bXQ6HXktSidVfSMPzWQy0dJ5nid1jPSP0sfp8mQykWXTtWq1qm0VqfUh/e33+zIdfccwDPMQeZSGSxzVahW2bUMIAcdxUK/XI9PN53MIIVCpVNDtdgEAp6enEEJACAHTNHF2dobBYIBKpYJKpQIhBAzDAHC1gqUyhsPhnT0f8zjIZrMArgzcKJ0MggDD4RDL5RJCCLTbbQRBgHq9jvF4DCEEFouFlqeqfyphXa7VanAcR94T9k5Wq1Wpz8vlEsPhUBpTs9kM3W4Xvu8DwIbhzzAM8xB4FIbLcDjUPCFxzGYzmZZWnVHpm80mAKBUKsH3fQRBgPPzc1kGDdxxlMtlAMCzZ89iy2AYIFoniUKhIL0tq9UKAJDP5wFA2xptNBqx+Ufp8rb6lEolAFfeIQB49eqV/N6yLGkgqdcZhmEeCo/CcKEVa9yqU8VxHJk2TXoA+Od//md0Oh252jVNc19VZ54gl5eXME1T6l6UTgoh5JYS/+KHYRgmPY/CcEmLaZqYz+db041GIwBXbnbTNPH3f//38rsgCLZ6XBgmDs/zMBwOcXJyAiBaJ4MgQL/fx2AwgG3bAIDDw0MAbzwvac9OhXV5m6Gu1sfzPADA0dFRqrIYhmEeAg/+V0W74LouTNOUBwsrlUrsr4EozXK5hGEYsG1bnolRPS7NZhP1ej3VFhLz9Dg4OAAA1Ot1qT+O48hfFMXp5Hw+l1tHy+USlmXJMzB01iUtqi4DwPHxMTqdDjKZzEY+4fo4jgPLsnBxcXFdETAMw9wpGZHyfeZvw6vPgyCAaZryp6sMs42HqvesywzDvM0kjb1v1VYRwzAMwzBvN0/K48Iwu8J6zzAMc/ewx4VhGIZhmLcCNlwYhmEYhnk0sOHCMAzDMMyjYaefQ3P8EuYpwnrPMAzzcNjJcOFDisxTgw/nMgzD3D1JC0beKmIYhmEY5tHAhsstksvlbhyAcR95MAzDMMzbwt4MlyAIZHRlioECANVqFZ7nye9VcrmcjI4LXMVOoYBzlJbuU2O3TCYT+bnf78tyM5nMRsA6tV7h78PRpqvVqlZOEATI5XIArmLHUB6TyUS7puapPsPJyQnOz8+1+lSrVXl/ElTWBx98sJFHGtS6p0nTarW0trgO1NZRqG0QZYhNJhMtDdWFrqsya7Va8nO1WtXuiyv/NlHLJ73N5XKyLg/1jIxax9tA7Qv70K8wUf0PuHquKJmHdYnShfu1mnfUd8RN27Xf7+9dJlGofeu+SBob9pF+V9KMj+o8sw9ucxG6L11S+2wa4uR42wvuvRku5+fnGI/HWC6XePnyJYCrhi+VSrAsC4ZhoFKpaMro+74WgO7i4gKlUmkjb9M0MRwOYwWhRt8FIAVPr0VfLpfa96SMtm3LoHYAsF6v4bqu/LxarVAul+F5HlzXlXksFgsAkNeoLOAqthHFRzo+Psbz58+1uk6n062vaPc8T0bE/vjjjzfyuA0Gg4GMr7Nv+v2+bAPHcXB2dhaZTo0C3ul0pExN00S3243NX21fy7Ju5Rm2oUZ/Bq506b7qkmZQBu62jtv06zoDHfW/qHhklUplw9gYjUaoVCraNd/3IYSA7/uo1+vaPRQtXgjxqMMqLBYL2UcY5m1g71tFFHQuCAKMRiNtsCqVSjKYG03Os9lMfj+fz2Mj1SZNeCrT6RSz2QxBEOD8/By2bWuD82AwwHA4BAAUi0VphKiDPQ2gi8UCxWJxo4zBYKB9poi8rVZLRutVr6sDsuotII+T6onwPA+FQgHD4RCZTCYyD7Ku1dUgeR6irOXJZKI9G92nylO12FUvhrpipnp7nqdNjNVqVdbv5cuXG6vUdrst2+Dy8hLZbHajjmEqlQpev34NACiXy8jlcqk8VQ+FuBWj2m5RK6Swh5DkGuVVCutBv9+Xxrrv+7INwt4sylOtYy6X07wMUfUNyz/s7UxC1a9wnrlcDr7vwzTNyBWuqo+UB90T5w1pNptaX6TnjIuebRgGxuOxdk8aomSmenLU51GvE5eXl5H6EOXh9TwvMl9CbWfVkzocDlEoFCLvUetEehE1LhFReqjmobYFtVvYiI7rA3Hp1fvSjHuqnFRZx4196thGzxhFlKyS+od6T3hcVu/bZYwlz2VSmfQMUeNFlFxUeZHTIemZ4+QY5uzsTKsDtZcqg+t6ifZmuBwfH6Ner8M0TTQaDZTL5Y0J/ujoSHpYLi4uUCwWNS9M0gqw3W4nel1UaNK7vLzcMDwMw4BpmgiCAPl8XnpYVqsVSqUSyuWy9MK4rotarQbLslAulzcUha4FQSDvCdc/artI5fLyUvNEWJaF8XgsvQ9xeXQ6HQghsFwuUa/X0Ww2IYTAer3WJkzP89DtdrFer2WdafUVZ0BMp1PNe+B5nmbkXVxcaCvk9XqtTQhUL9VLoir/Ns9OEASYzWbSCAaAbrcb63UpFAqJ21B3QXjCiMLzPNneQgjM5/ON+rZaLW2lbxgGqtWqvLZcLlEoFGR60gPf99HpdGAYhjQCyFNQq9VkfuPxOHKw8X0f2WwWQgjYti0HFMo/yuvQbrfld47jpB6Ewnmu12tpbIXHjH6/D8MwNE+c53lSn+O8Ifl8Huv1WjOom81mYr3oHoKiwifpVZTM1uu1rK/rugiCAJPJBOVyWetXADAcDrX2A64MEMpXCCH1vtfryb4bllMQBKjX6/KecrmMVquFwWCASqWC5XK5cQ8ttKh81bAJj0uUXvVuW5aFVquFk5MTzWsVBIHWbq7rygVqXB+ISx8mzbhXKBSkJ81xHDlZphn74oiTVVL/UGXT7Xbh+76UwfPnzzVd6Pf7qcdYujc8xhJx40Vcf1XlleaZ08qRdHg8HqPX66FWq6V2VGxjb4aLOrhcXFyg1+tJi4sUx7IsWfH5fI58Pi+9MJ7noVwuJ5aR1uuyS52Bq06/WCxwdHQklSfsbh8MBlIB6Tpdm06n6Ha7OD093bByo7aLVE5PTwFcGXVxg2NUHo7jALjycJmmKTtNuVzGp59+CuBqMmo2m9pg7Pu+NK6Oj48jy1NXbtRetVpNeqouLy/RbDaxWq3kgEw0Gg0Abww4eibSjVKpFLuHSl4m2t5TjSHLsmK9LupWUdyK+rah8lVZh7m4uJDPSLJVtyoBYDabbQyA6jXLsqThDbzRA9Ugj4LKrNfrsfUjg7JYLOLy8hLA1SIgzhhTV1406aYhKc8w8/lc6hRwtZ1I+r0N1eAfDoc7bfdQ36ZBPu6sQ5TM1JUtTVb5fB7D4XDDuItqv8VigU6no+XheR5KpRIKhUJkG69WK9i2LT83Go2tRrzrutLoN01Tm1SixiXXdTfGDPUaHQcILxrpOhDfB+LSh9k27nmeh0qlIseB4+Nj2SfTjH27ympb/6CJmfotyeDk5ESmazabuLy8TD3G9no9mSfpl0r
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98af5-3404-4d83-9ee8-4364950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:51.000Z",
"modified": "2018-05-03T14:14:51.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '65.116.107.24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98af6-95bc-4353-b9ff-438b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:52.000Z",
"modified": "2018-05-03T14:14:52.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://65.116.107.24/login/login.php?q=kt[REDACTED_BASE64_STRING]==']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98af7-2790-4cae-86a1-4904950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:52.000Z",
"modified": "2018-05-03T14:14:52.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '13.44.61.126']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98af7-0880-4da7-9150-4772950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:52.000Z",
"modified": "2018-05-03T14:14:52.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://13.44.61.126/main/indexmain.php?q=KT[REDACTED_BASE64_STRING]==']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98af8-81f0-48d9-9e4e-4f1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:53.000Z",
"modified": "2018-05-03T14:14:53.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '56.28.111.63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98af8-611c-4d06-88c3-4c1e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:53.000Z",
"modified": "2018-05-03T14:14:53.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://56.28.111.63/group/group/defaultmain.php?q=kt[REDACTED_BASE64_STRING]==']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98af9-6c78-41f3-89ae-4e7e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:54.000Z",
"modified": "2018-05-03T14:14:54.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.71.138.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98af9-e05c-492c-8038-42a2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:54.000Z",
"modified": "2018-05-03T14:14:54.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://118.71.138.69/new/main/default.php?q=KT[REDACTED_BASE64_STRING]==']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98afa-0e4c-4b25-a753-4827950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:54.000Z",
"modified": "2018-05-03T14:14:54.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '117.32.65.101']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98afa-ce94-4831-bab9-4174950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:55.000Z",
"modified": "2018-05-03T14:14:55.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://117.32.65.101/users/login.php?q=kt[REDACTED_BASE64_STRING]==']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98afa-ec3c-4db6-9cc9-408e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:55.000Z",
"modified": "2018-05-03T14:14:55.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '18.25.62.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98afb-1af0-4200-894e-4285950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:56.000Z",
"modified": "2018-05-03T14:14:56.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://18.25.62.70/groupgroup/default.php?q=kt[REDACTED_BASE64_STRING]==']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98afb-fcf4-447f-a52a-4b26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:56.000Z",
"modified": "2018-05-03T14:14:56.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.137.43.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98afc-a388-4113-b9ff-49b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:56.000Z",
"modified": "2018-05-03T14:14:56.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://92.137.43.17/group/group/home/login/home.php?q=KT[REDACTED_BASE64_STRING]==']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98afc-70a4-4c42-9700-4457950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:57.000Z",
"modified": "2018-05-03T14:14:57.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '33.25.72.21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98afd-cf80-4192-a5f5-4505950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:57.000Z",
"modified": "2018-05-03T14:14:57.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://33.25.72.21/group/main.asp?q=KT[REDACTED_BASE64_STRING]==']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98afd-f244-44dc-a659-429a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:58.000Z",
"modified": "2018-05-03T14:14:58.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '16.48.37.37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98afd-bc18-4a29-986f-408a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:58.000Z",
"modified": "2018-05-03T14:14:58.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://16.48.37.37/groupusers/default.php?q=kt[REDACTED_BASE64_STRING]==']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98afe-c690-48d6-8b66-45b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:59.000Z",
"modified": "2018-05-03T14:14:59.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.29.51.11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98afe-c06c-4303-b6aa-4baf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:59.000Z",
"modified": "2018-05-03T14:14:59.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://91.29.51.11/default/main.php?q=KT[REDACTED_BASE64_STRING]==']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98b53-0b28-4c9e-95dd-4490950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:14:59.000Z",
"modified": "2018-05-03T14:14:59.000Z",
"description": "File contains a list of MD5 hashes of encoded modules downloaded by Trojan.Kwampirs",
"pattern": "[file:name = '\\\\%WINDOWS&\\\\inf\\\\mkdiawb3.PNF']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:14:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98b54-a0bc-44b9-9635-4bfd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:00.000Z",
"modified": "2018-05-03T14:15:00.000Z",
"description": "Last modified timestamp is used to vcontrol frequency in which Trojan.Kwampirs attempts to communicate with the C&C infrastructure",
"pattern": "[file:name = '\\\\%WINDOWS&\\\\inf\\\\mtmndkb32.PNF']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:15:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98b54-3a80-40fd-8cc0-471c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:00.000Z",
"modified": "2018-05-03T14:15:00.000Z",
"description": "Contains encrypted system information (e.g. MAC address)",
"pattern": "[file:name = '\\\\%WINDOWS&\\\\inf\\\\digirps.PNF']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:15:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98b55-b92c-4bee-8389-4ade950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:01.000Z",
"modified": "2018-05-03T14:15:01.000Z",
"description": "Used to determine read/write permissions on remote machine",
"pattern": "[file:name = '\\\\%WINDOWS&\\\\inf\\\\e11.PNF']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:15:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98bc6-4174-4cc1-b7ea-463d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T09:59:07.000Z",
"modified": "2018-05-02T09:59:07.000Z",
"description": "Sample payload DLL ",
"pattern": "[file:hashes.MD5 = 'ec968325394f3e6821bf90fda321e09b' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\WMIAMGMT.DLL' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T09:59:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98c5b-b9bc-4412-8524-41d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:00:59.000Z",
"modified": "2018-05-02T10:00:59.000Z",
"description": "Sample payload DLL ",
"pattern": "[file:hashes.MD5 = '01cf05a07af57a7aafd0ad225a6fd300' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\WMIASSN.DLL' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98c72-cc64-40f2-936c-4fe2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:01:22.000Z",
"modified": "2018-05-02T10:01:22.000Z",
"description": "Sample payload DLL ",
"pattern": "[file:hashes.MD5 = 'd57df638c7befd7897c9013e90b678f0' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiamgmt.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:01:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98db9-d4f4-4f99-977c-41cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:06:49.000Z",
"modified": "2018-05-02T10:06:49.000Z",
"description": "Sample payload DLL ",
"pattern": "[file:hashes.MD5 = '5c3499acfe0ad7563b367fbf7fb2928c' AND file:name = '\\\\%WINDOWS&\\\\syswow64\\\\wmipapd.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:06:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98dd1-b830-415a-8f6b-4624950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:07:13.000Z",
"modified": "2018-05-02T10:07:13.000Z",
"description": "Sample payload DLL ",
"pattern": "[file:hashes.MD5 = '4b91ec8f5d4a008dd1da723748a633b6' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmipapd.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:07:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98de5-f138-42ba-b319-4480950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:07:33.000Z",
"modified": "2018-05-02T10:07:33.000Z",
"description": "Sample payload DLL ",
"pattern": "[file:hashes.MD5 = '134846465b8c3f136ace0f2a6f15e534' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiassn.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:07:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98e52-6884-4b46-8b3c-48e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:09:22.000Z",
"modified": "2018-05-02T10:09:22.000Z",
"description": "Sample payload DLL ",
"pattern": "[file:hashes.MD5 = '9d2cb9d8e73fd879660d9390ba7de263' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\WMIPAPD.DLL' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:09:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98e60-3740-4354-bec4-46f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:09:36.000Z",
"modified": "2018-05-02T10:09:36.000Z",
"description": "Sample payload DLL ",
"pattern": "[file:hashes.MD5 = '939e76888bdeb628405e1b8be963273c' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiadrv.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:09:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98e76-a45c-4f1c-9f80-43b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:09:58.000Z",
"modified": "2018-05-02T10:09:58.000Z",
"description": "Sample payload DLL ",
"pattern": "[file:hashes.MD5 = 'de9b01a725d4f19da1c1470cf7a948ee' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmipdpa.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:09:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae98e8b-8fe0-4d0a-ae73-475d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:10:19.000Z",
"modified": "2018-05-02T10:10:19.000Z",
"description": "Sample payload DLL ",
"pattern": "[file:hashes.MD5 = 'bb939a868021db963916cc0118aab8ee' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmipapd.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:10:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae992c9-0f9c-4f49-8336-4944950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:28:25.000Z",
"modified": "2018-05-02T10:28:25.000Z",
"description": "Sample payload DLL ",
"pattern": "[file:hashes.MD5 = '3289c9a1b534a19925a14a8f7c39187c' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiadrv.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:28:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae992f9-d2a4-4abf-a7b6-429d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:29:13.000Z",
"modified": "2018-05-02T10:29:13.000Z",
"description": "Sample payload DLL ",
"pattern": "[file:hashes.MD5 = '9d3839b39d699336993df1dd4501892b' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmipapd.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:29:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae99316-d028-4704-adad-469f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:29:42.000Z",
"modified": "2018-05-02T10:29:42.000Z",
"description": "Sample payload DLL ",
"pattern": "[file:hashes.MD5 = '5c3499acfe0ad7563b367fbf7fb2928c' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmipapd.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:29:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae99449-65ec-4419-aeb6-46a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:34:49.000Z",
"modified": "2018-05-02T10:34:49.000Z",
"description": "Sample payload DLL ",
"pattern": "[file:hashes.MD5 = 'fece72bd41cb0e06e05a847838fbde56' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiassn.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:34:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae994ad-a768-4ee7-a1f4-4330950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:36:29.000Z",
"modified": "2018-05-02T10:36:29.000Z",
"description": "Sample payload DLL",
"pattern": "[file:hashes.MD5 = 'bbd9e4204514c66c1babda178c01c213' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiadrv.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae994fe-1108-4bf7-a7fa-4497950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:37:50.000Z",
"modified": "2018-05-02T10:37:50.000Z",
"description": "Sample payload DLL",
"pattern": "[file:hashes.MD5 = 'ee4206cf4227661d3e7ec846f0d69a43' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\smipapd.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:37:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9951e-7f10-41ac-b7bc-4234950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:38:22.000Z",
"modified": "2018-05-02T10:38:22.000Z",
"description": "Sample payload DLL",
"pattern": "[file:hashes.MD5 = '290d8e8524e57783e8cc1b9a3445dfe9' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiamgmt.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:38:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9981a-ad08-4334-99f4-471f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:51:06.000Z",
"modified": "2018-05-02T10:51:06.000Z",
"description": "Sample dropper ",
"pattern": "[file:hashes.MD5 = '0240ed7e45567f606793dafaff024acf' AND file:name = '\\\\%WINDOWS&\\\\sysWOW64\\\\wmipsrce.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:51:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae99864-03f8-4a65-928a-4bde950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:52:20.000Z",
"modified": "2018-05-02T10:52:20.000Z",
"description": "Sample dropper ",
"pattern": "[file:hashes.MD5 = '047f70dbac6cd9a4d07abef606d89fb7' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapsrce.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:52:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae998cb-f5b4-4f8a-81c3-406e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:54:03.000Z",
"modified": "2018-05-02T10:54:03.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '0240ed7e45567f606793dafaff024acf' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\WMIAPSRVUX.EXE' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:54:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae99901-3fcc-473f-ab05-4c3e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:54:57.000Z",
"modified": "2018-05-02T10:54:57.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '2ae53de1a1f65a6d57e96dab26c73cda' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapsrce.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:54:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9997d-8770-4ab8-b19d-4c8f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:57:01.000Z",
"modified": "2018-05-02T10:57:01.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '47345640c135bd00d9f2969fabb4c9fa' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\WMIPSVRCE.EXE' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae999b8-8d60-4297-a180-4bf7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T10:58:00.000Z",
"modified": "2018-05-02T10:58:00.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'cb9954509dc82e6bbed2aee202d88415' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmipsrce.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T10:58:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae99b53-9990-442f-8a80-4301950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T11:04:51.000Z",
"modified": "2018-05-02T11:04:51.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'cb9954509dc82e6bbed2aee202d88415' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\WMIPSVRE.EXE' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T11:04:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae99bad-464c-4be6-8451-4552950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T11:06:21.000Z",
"modified": "2018-05-02T11:06:21.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'b680b119643876286030c4f6134dc4e3' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapsrve.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T11:06:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae99bdc-fca0-4cfe-9271-14db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T11:07:08.000Z",
"modified": "2018-05-02T11:07:08.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'fac94bc2dcfbef7c3b248927cb5abf6d' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmipvsre.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T11:07:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae99bf9-f24c-472f-b767-1226950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T11:07:37.000Z",
"modified": "2018-05-02T11:07:37.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '856683aee9687f6fdf00cfd4dc4c2aef' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapsvrce.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T11:07:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9abdf-465c-4bb6-9474-a8f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:15:27.000Z",
"modified": "2018-05-02T12:15:27.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '847459c8379250d8be2b2d365be877f5' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapsrve.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9abf3-2210-4cc9-97e0-11f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:15:47.000Z",
"modified": "2018-05-02T12:15:47.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'fac94bc2dcfbef7c3b248927cb5abf6d' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\WMIAPSRVE.EXE' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:15:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9ac09-88b8-4b91-9890-a91b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:16:09.000Z",
"modified": "2018-05-02T12:16:09.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'fac94bc2dcfbef7c3b248927cb5abf6d' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\WMIPRVSE.EXE' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9ac1f-e6c0-4d66-b160-14e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:16:31.000Z",
"modified": "2018-05-02T12:16:31.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'cb9954509dc82e6bbed2aee202d88415' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\WMIPRVSE.EXE' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:16:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9ac38-8598-4864-928d-1506950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:16:56.000Z",
"modified": "2018-05-02T12:16:56.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '6277e675d335fd69a3ff13a465f6b0a8' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmipsrvce.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:16:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9ac9d-1eb8-4652-8010-a914950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:18:37.000Z",
"modified": "2018-05-02T12:18:37.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '847459c8379250d8be2b2d365be877f5' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapsvre.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:18:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9acf2-866c-468d-9198-a8f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:20:02.000Z",
"modified": "2018-05-02T12:20:02.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '3bedc1c4c1023c141c2f977e846c476e' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmipsvrce.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:20:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9ad09-0074-4093-927f-1506950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:20:25.000Z",
"modified": "2018-05-02T12:20:25.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'ce3894ee6f3c2c2c828148f7f779aafe' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\WMIAPVSRE.EXE' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:20:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9ad2f-805c-4d81-b83c-a8d6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:21:03.000Z",
"modified": "2018-05-02T12:21:03.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '3b3a1062689ffa191e58d5507d39939d' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiaprvse.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:21:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9ae3b-fcd8-4175-88c9-1271950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:25:31.000Z",
"modified": "2018-05-02T12:25:31.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '47345640c135bd00d9f2969fabb4c9fa' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\WMIAPSVRE.EXE' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:25:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9ae61-7ff4-4b1d-9c77-1271950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:26:09.000Z",
"modified": "2018-05-02T12:26:09.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '3bedc1c4c1023c141c2f977e846c476e' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapvsre.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:26:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9ae72-10dc-49a9-b36a-1226950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:26:26.000Z",
"modified": "2018-05-02T12:26:26.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '6277e675d335fd69a3ff13a465f6b0a8' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapsrve.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:26:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9aeb5-57e0-4f5f-88c2-1271950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:27:33.000Z",
"modified": "2018-05-02T12:27:33.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '856683aee9687f6fdf00cfd4dc4c2aef' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmipsvrce.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:27:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9aeca-6de0-4888-b26b-a916950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:27:54.000Z",
"modified": "2018-05-02T12:27:54.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'cb9954509dc82e6bbed2aee202d88415' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmipsvrce.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:27:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9af2f-c994-4e9a-b4e5-a8d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:29:35.000Z",
"modified": "2018-05-02T12:29:35.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'fac94bc2dcfbef7c3b248927cb5abf6d' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmipsvrce.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:29:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9af42-6da8-4148-9130-a91c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:29:54.000Z",
"modified": "2018-05-02T12:29:54.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '847459c8379250d8be2b2d365be877f5' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\WMIPRVSE.EXE' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:29:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9af7b-e280-4f48-988e-429d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:30:51.000Z",
"modified": "2018-05-02T12:30:51.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'cb9954509dc82e6bbed2aee202d88415' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapsrvcx.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:30:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9af90-4b54-4f8b-bc95-d2ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:31:12.000Z",
"modified": "2018-05-02T12:31:12.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '856683aee9687f6fdf00cfd4dc4c2aef' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapsrvce.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:31:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9afa7-0db8-4409-849e-a915950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:31:35.000Z",
"modified": "2018-05-02T12:31:35.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'cb9954509dc82e6bbed2aee202d88415' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmipevse.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:31:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9afc4-cb78-4a3e-81a2-14e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:32:04.000Z",
"modified": "2018-05-02T12:32:04.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '7e5f76c7b5bf606b0fdc17f4ba75de03' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapsvrcec.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:32:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9b03e-4250-45ba-a01a-451b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:34:06.000Z",
"modified": "2018-05-02T12:34:06.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '177bece20ba6cc644134709a391c4a98' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapservex.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:34:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9b050-838c-45e0-ba07-a919950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:34:24.000Z",
"modified": "2018-05-02T12:34:24.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'fac94bc2dcfbef7c3b248927cb5abf6d' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapvse.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:34:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9b073-9948-4526-af40-1259950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:34:59.000Z",
"modified": "2018-05-02T12:34:59.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'fac94bc2dcfbef7c3b248927cb5abf6d' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmipsvre.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:34:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9b087-b410-44c3-b88e-a917950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:35:19.000Z",
"modified": "2018-05-02T12:35:19.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '3b3a1062689ffa191e58d5507d39939d' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapsrvex.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:35:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9b0a8-bd78-4b09-a3c4-14e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:35:52.000Z",
"modified": "2018-05-02T12:35:52.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = 'b59e4942f7c68c584a35d59e32adce3a' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\wmiapsrve.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:35:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ae9b0fb-156c-4a3d-9cf5-a8d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-02T12:37:15.000Z",
"modified": "2018-05-02T12:37:15.000Z",
"description": "Sample dropper",
"pattern": "[file:hashes.MD5 = '81e61e5f44a6a476983e7a90bdac6a55' AND file:name = '\\\\%WINDOWS&\\\\system32\\\\WMIAPSRVCX.EXE' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-02T12:37:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f7491bdd-1ef0-4396-8ce0-9836ecc6cb69",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:04.000Z",
"modified": "2018-05-03T14:15:04.000Z",
"pattern": "[file:hashes.MD5 = 'cb9954509dc82e6bbed2aee202d88415' AND file:hashes.SHA1 = 'c6a56cd07bfeb45b2fecdf938927e3c5a5a3e38e' AND file:hashes.SHA256 = 'f8022b973900c783fd861ede7d0ac02f665c041b9cd0641be7318999fb82ce8f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:15:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--61af3dd7-d2d0-4190-b3b3-548c2731036a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:02.000Z",
"modified": "2018-05-03T14:15:02.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-02T08:11:41",
"category": "Other",
"uuid": "5aeb1966-941c-4475-a931-4b7602de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/67",
"category": "Other",
"uuid": "5aeb1967-9ec8-47d7-bd4e-429902de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f8022b973900c783fd861ede7d0ac02f665c041b9cd0641be7318999fb82ce8f/analysis/1525248701/",
"category": "External analysis",
"uuid": "5aeb1967-b0d0-42bd-a93e-4df202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a865d3fe-d34a-46f0-a584-b0407e02886b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:06.000Z",
"modified": "2018-05-03T14:15:06.000Z",
"pattern": "[file:hashes.MD5 = '3b3a1062689ffa191e58d5507d39939d' AND file:hashes.SHA1 = 'ce3e75f6f8b187656d18618756da68aac135b334' AND file:hashes.SHA256 = 'ea61bcd4774ce2b6ab364a7831f36e010214be2ba2e6daa7dcba10b7e229ddfa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:15:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1e274a7c-acc3-4c97-8de6-2713c49af382",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:05.000Z",
"modified": "2018-05-03T14:15:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-02T23:44:54",
"category": "Other",
"uuid": "5aeb1969-c000-40c0-b728-479302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "44/61",
"category": "Other",
"uuid": "5aeb1969-7f48-46ae-9f64-430202de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ea61bcd4774ce2b6ab364a7831f36e010214be2ba2e6daa7dcba10b7e229ddfa/analysis/1525304694/",
"category": "External analysis",
"uuid": "5aeb1969-9edc-4fcd-956f-47ce02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6d1f2a52-688f-488d-8079-9fd7231bafe1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:09.000Z",
"modified": "2018-05-03T14:15:09.000Z",
"pattern": "[file:hashes.MD5 = '7e5f76c7b5bf606b0fdc17f4ba75de03' AND file:hashes.SHA1 = '20c30a82cc974cf1ef21dbcd94dfba73d7c4b723' AND file:hashes.SHA256 = 'a37bf368f0285ac938e1477c1c0230d28e8f39717ddded2fd82b00190cdf090e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:15:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3e9b9cdf-67b5-4f5a-b249-8968780d6edd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:07.000Z",
"modified": "2018-05-03T14:15:07.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-02T23:54:13",
"category": "Other",
"uuid": "5aeb196b-3f60-46bf-a12d-4eff02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "51/67",
"category": "Other",
"uuid": "5aeb196b-9198-4e89-9df3-41f002de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a37bf368f0285ac938e1477c1c0230d28e8f39717ddded2fd82b00190cdf090e/analysis/1525305253/",
"category": "External analysis",
"uuid": "5aeb196b-9170-4cdd-bdac-421002de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--82912a16-0d33-442a-ad32-2f7b1974a1ba",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:11.000Z",
"modified": "2018-05-03T14:15:11.000Z",
"pattern": "[file:hashes.MD5 = '290d8e8524e57783e8cc1b9a3445dfe9' AND file:hashes.SHA1 = '3adbb352b23e8750d993e3df27904b0e5a466016' AND file:hashes.SHA256 = '15fc575b0278281541212e393f03278d47ea03d26693efeec8e16261735bc634']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:15:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3aeb74b0-13be-4c9a-9713-99b92c0f3b22",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:09.000Z",
"modified": "2018-05-03T14:15:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-02T23:42:09",
"category": "Other",
"uuid": "5aeb196d-7bac-4208-83b6-473902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "50/68",
"category": "Other",
"uuid": "5aeb196e-246c-4a4f-9303-49ac02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/15fc575b0278281541212e393f03278d47ea03d26693efeec8e16261735bc634/analysis/1525304529/",
"category": "External analysis",
"uuid": "5aeb196e-ace4-4977-b065-45d402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0f5e820b-d877-4907-bc53-935e590a0057",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:13.000Z",
"modified": "2018-05-03T14:15:13.000Z",
"pattern": "[file:hashes.MD5 = '6277e675d335fd69a3ff13a465f6b0a8' AND file:hashes.SHA1 = '3f5ea936f02187e3e6297c410e260e71ca11e14b' AND file:hashes.SHA256 = '6f7173b7ae87b5f3262e24a5177dbbd4413d999627f767754f08d8289f359bb3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:15:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b0bd7aa6-f585-43f8-8455-957d88f83037",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:11.000Z",
"modified": "2018-05-03T14:15:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-02T23:50:05",
"category": "Other",
"uuid": "5aeb196f-2fec-4b91-8a76-4ba402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "53/67",
"category": "Other",
"uuid": "5aeb1970-4b80-4b70-abec-4e2002de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6f7173b7ae87b5f3262e24a5177dbbd4413d999627f767754f08d8289f359bb3/analysis/1525305005/",
"category": "External analysis",
"uuid": "5aeb1970-a68c-45db-8def-43fe02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bda9edae-72a1-4ae8-905b-e8b58791c3f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:15.000Z",
"modified": "2018-05-03T14:15:15.000Z",
"pattern": "[file:hashes.MD5 = '939e76888bdeb628405e1b8be963273c' AND file:hashes.SHA1 = 'a59de3e9f8c0b684575df7cac9cfe2d84ba26d6f' AND file:hashes.SHA256 = '7bb12284fc28fbb270507c410afdc21c60bde5d34d59de67f78796c09f5ccd9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:15:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--eed7363d-d9df-4c60-8023-379e611f1e42",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:14.000Z",
"modified": "2018-05-03T14:15:14.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-02T23:56:59",
"category": "Other",
"uuid": "5aeb1972-f48c-4a84-aa20-4f3802de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "50/67",
"category": "Other",
"uuid": "5aeb1972-5a28-467a-a30b-425202de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7bb12284fc28fbb270507c410afdc21c60bde5d34d59de67f78796c09f5ccd9c/analysis/1525305419/",
"category": "External analysis",
"uuid": "5aeb1972-5c7c-4efa-812a-40f402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--043f490a-6ddc-4a71-b2ee-449dbc922568",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:18.000Z",
"modified": "2018-05-03T14:15:18.000Z",
"pattern": "[file:hashes.MD5 = 'fac94bc2dcfbef7c3b248927cb5abf6d' AND file:hashes.SHA1 = '20b7e624eaa2da04867a9229e9aca41f952917c0' AND file:hashes.SHA256 = '3e7181fd3e893e6b13cc40ed70afa549c8aaf37fe9bee22445b8bd912d7bc522']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:15:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--72bc8ab4-e347-4bf0-8ed4-ce5f95d0db56",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:16.000Z",
"modified": "2018-05-03T14:15:16.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-04-26T05:35:08",
"category": "Other",
"uuid": "5aeb1974-8f10-40c6-a1bc-498002de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/67",
"category": "Other",
"uuid": "5aeb1974-3194-46b2-82c4-4db002de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3e7181fd3e893e6b13cc40ed70afa549c8aaf37fe9bee22445b8bd912d7bc522/analysis/1524720908/",
"category": "External analysis",
"uuid": "5aeb1974-229c-4d4d-8cfa-446302de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3b5e6f4e-964d-43ed-b937-946ece94d05b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:20.000Z",
"modified": "2018-05-03T14:15:20.000Z",
"pattern": "[file:hashes.MD5 = '5c3499acfe0ad7563b367fbf7fb2928c' AND file:hashes.SHA1 = 'd1e791f3f8c79d76d4629b9360e1104156682899' AND file:hashes.SHA256 = 'c5b9406fdbe2c7bb1d516d1d270568c54a6e0002a4506668aaad9ff13298c3f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:15:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--44fd254d-c2d4-4ee6-8fca-43ed18455c97",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:18.000Z",
"modified": "2018-05-03T14:15:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-02T23:49:34",
"category": "Other",
"uuid": "5aeb1976-f414-4f8e-bf56-40a802de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "52/67",
"category": "Other",
"uuid": "5aeb1977-9cf4-48d2-a835-494102de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c5b9406fdbe2c7bb1d516d1d270568c54a6e0002a4506668aaad9ff13298c3f2/analysis/1525304974/",
"category": "External analysis",
"uuid": "5aeb1977-0154-4c93-97fd-475202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7a13163b-13c1-4226-8036-8c1bb5afe2e1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:22.000Z",
"modified": "2018-05-03T14:15:22.000Z",
"pattern": "[file:hashes.MD5 = '0240ed7e45567f606793dafaff024acf' AND file:hashes.SHA1 = '2646a18fdd6a7a2063b3443283ec1159696c1339' AND file:hashes.SHA256 = '14461260f9b3988d4eb4e46bc7d9861172266a9a01bf15c57916a9e4f9dc0618']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-03T14:15:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1c82ca99-3349-4041-a7d1-27347301b8f7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-03T14:15:20.000Z",
"modified": "2018-05-03T14:15:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-03T13:28:27",
"category": "Other",
"uuid": "5aeb1978-1898-48f6-8912-4fec02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "52/67",
"category": "Other",
"uuid": "5aeb1979-f550-4ab5-8d44-4ee302de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/14461260f9b3988d4eb4e46bc7d9861172266a9a01bf15c57916a9e4f9dc0618/analysis/1525354107/",
"category": "External analysis",
"uuid": "5aeb1979-23ec-4f31-a937-4e5502de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--afe22bae-579f-4b43-a683-2ff080813101",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2018-05-03T14:15:21.000Z",
"modified": "2018-05-03T14:15:21.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--f7491bdd-1ef0-4396-8ce0-9836ecc6cb69",
"target_ref": "x-misp-object--61af3dd7-d2d0-4190-b3b3-548c2731036a"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--306da3c9-c19b-41d4-a318-ebc420aba8e0",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2018-05-03T14:15:21.000Z",
"modified": "2018-05-03T14:15:21.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--a865d3fe-d34a-46f0-a584-b0407e02886b",
"target_ref": "x-misp-object--1e274a7c-acc3-4c97-8de6-2713c49af382"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--4566c00a-c56e-4419-95f4-259c801218eb",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2018-05-03T14:15:21.000Z",
"modified": "2018-05-03T14:15:21.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--6d1f2a52-688f-488d-8079-9fd7231bafe1",
"target_ref": "x-misp-object--3e9b9cdf-67b5-4f5a-b249-8968780d6edd"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--509555c5-996a-4117-a109-7ab3eea584ad",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2018-05-03T14:15:22.000Z",
"modified": "2018-05-03T14:15:22.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--82912a16-0d33-442a-ad32-2f7b1974a1ba",
"target_ref": "x-misp-object--3aeb74b0-13be-4c9a-9713-99b92c0f3b22"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--09b1bc4c-88e0-4557-b6d5-adf36a0748c0",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2018-05-03T14:15:22.000Z",
"modified": "2018-05-03T14:15:22.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--0f5e820b-d877-4907-bc53-935e590a0057",
"target_ref": "x-misp-object--b0bd7aa6-f585-43f8-8455-957d88f83037"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--3fb12e43-542b-4eaf-bcd6-92811a154a36",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2018-05-03T14:15:22.000Z",
"modified": "2018-05-03T14:15:22.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--bda9edae-72a1-4ae8-905b-e8b58791c3f8",
"target_ref": "x-misp-object--eed7363d-d9df-4c60-8023-379e611f1e42"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--83528c05-c689-44fb-93d0-b397768a0f52",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2018-05-03T14:15:22.000Z",
"modified": "2018-05-03T14:15:22.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--043f490a-6ddc-4a71-b2ee-449dbc922568",
"target_ref": "x-misp-object--72bc8ab4-e347-4bf0-8ed4-ce5f95d0db56"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--79a34833-1b2a-4ed3-8081-09124398a5f7",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2018-05-03T14:15:22.000Z",
"modified": "2018-05-03T14:15:22.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--3b5e6f4e-964d-43ed-b937-946ece94d05b",
"target_ref": "x-misp-object--44fd254d-c2d4-4ee6-8fca-43ed18455c97"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--653c7e18-0b24-4397-9a9c-fd36ce0d24d2",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2018-05-03T14:15:22.000Z",
"modified": "2018-05-03T14:15:22.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--7a13163b-13c1-4226-8036-8c1bb5afe2e1",
"target_ref": "x-misp-object--1c82ca99-3349-4041-a7d1-27347301b8f7"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink