misp-circl-feed/feeds/circl/stix-2.1/58c6915b-50e8-431f-a9ed-420b950d210f.json

521 lines
891 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--58c6915b-50e8-431f-a9ed-420b950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:39:55.000Z",
"modified": "2017-03-13T12:39:55.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--58c6915b-50e8-431f-a9ed-420b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:39:55.000Z",
"modified": "2017-03-13T12:39:55.000Z",
"name": "OSINT - New Linux Malware Exploits CGI Vulnerability",
"published": "2017-03-13T14:03:50Z",
"object_refs": [
"observed-data--58c6916f-5478-4187-a7f0-4a0b950d210f",
"url--58c6916f-5478-4187-a7f0-4a0b950d210f",
"indicator--58c69189-e964-4765-a8ea-437c950d210f",
"indicator--58c691b1-69c8-492c-b284-46ed950d210f",
"indicator--58c691b2-2130-4b8e-816b-4081950d210f",
"indicator--58c691b2-ba6c-44db-9ccf-44c0950d210f",
"indicator--58c691f7-546c-4d61-b6b0-433f950d210f",
"indicator--58c691f7-ff88-454b-900b-4f43950d210f",
"indicator--58c691f8-a14c-4c48-b3bd-4410950d210f",
"observed-data--58c69289-6074-4d27-b142-4a37950d210f",
"file--58c69289-6074-4d27-b142-4a37950d210f",
"artifact--58c69289-6074-4d27-b142-4a37950d210f",
"x-misp-attribute--58c692be-fe9c-4005-a915-4c4b950d210f",
"indicator--58c69323-a45c-4ab6-a681-45ac02de0b81",
"indicator--58c69324-ceb4-45a8-a9e8-424d02de0b81",
"observed-data--58c69325-cc48-44c2-b0ad-4ba902de0b81",
"url--58c69325-cc48-44c2-b0ad-4ba902de0b81",
"indicator--58c69382-e418-4d68-b7f4-4f9f950d210f",
"indicator--58c69384-f3d4-41d2-a742-4156950d210f",
"indicator--58c69385-4834-4c80-a2e2-42f4950d210f",
"indicator--58c696e6-0488-4c13-bb39-41e3950d210f",
"indicator--58c696e8-1fb8-41e5-9a0f-43b6950d210f",
"indicator--58c696ea-f1f4-48f1-907a-4456950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ms-caro-malware:malware-platform=\"Linux\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58c6916f-5478-4187-a7f0-4a0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:39:55.000Z",
"modified": "2017-03-13T12:39:55.000Z",
"first_observed": "2017-03-13T12:39:55Z",
"last_observed": "2017-03-13T12:39:55Z",
"number_observed": 1,
"object_refs": [
"url--58c6916f-5478-4187-a7f0-4a0b950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58c6916f-5478-4187-a7f0-4a0b950d210f",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-linux-malware-exploits-cgi-vulnerability/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c69189-e964-4765-a8ea-437c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:39:55.000Z",
"modified": "2017-03-13T12:39:55.000Z",
"description": "IMEIJ sample has the following hash",
"pattern": "[file:hashes.SHA256 = '8040422762138d28aa411d8bb2307a93432416f72b292bf884fb7c7efde9f3f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:39:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c691b1-69c8-492c-b284-46ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:39:55.000Z",
"modified": "2017-03-13T12:39:55.000Z",
"description": "ELF_IMEIJ.A download link",
"pattern": "[url:value = 'http://172.247.116.3:8080/Arm1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:39:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c691b2-2130-4b8e-816b-4081950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:39:55.000Z",
"modified": "2017-03-13T12:39:55.000Z",
"description": "ELF_IMEIJ.A download link",
"pattern": "[url:value = 'http://172.247.116.21:85/Arm1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:39:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c691b2-ba6c-44db-9ccf-44c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:39:55.000Z",
"modified": "2017-03-13T12:39:55.000Z",
"description": "ELF_IMEIJ.A download link",
"pattern": "[url:value = 'http://192.154.108.2:8080/Arm1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:39:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c691f7-546c-4d61-b6b0-433f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:39:55.000Z",
"modified": "2017-03-13T12:39:55.000Z",
"description": "ELF_IMEIJ.A download (compromised site?)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '172.247.116.3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:39:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c691f7-ff88-454b-900b-4f43950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:39:55.000Z",
"modified": "2017-03-13T12:39:55.000Z",
"description": "ELF_IMEIJ.A download (compromised site?)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '172.247.116.21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:39:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c691f8-a14c-4c48-b3bd-4410950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:39:55.000Z",
"modified": "2017-03-13T12:39:55.000Z",
"description": "ELF_IMEIJ.A download (compromised site?)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.154.108.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:39:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58c69289-6074-4d27-b142-4a37950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:39:55.000Z",
"modified": "2017-03-13T12:39:55.000Z",
"first_observed": "2017-03-13T12:39:55Z",
"last_observed": "2017-03-13T12:39:55Z",
"number_observed": 1,
"object_refs": [
"file--58c69289-6074-4d27-b142-4a37950d210f",
"artifact--58c69289-6074-4d27-b142-4a37950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--58c69289-6074-4d27-b142-4a37950d210f",
"name": "linux-malware_1.jpg",
"content_ref": "artifact--58c69289-6074-4d27-b142-4a37950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--58c69289-6074-4d27-b142-4a37950d210f",
"payload_bin": "/9j/4QAYRXhpZgAASUkqAAgAAAAAAAAAAAAAAP/sABFEdWNreQABAAQAAAA8AAD/4QPyaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLwA8P3hwYWNrZXQgYmVnaW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/PiA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJBZG9iZSBYTVAgQ29yZSA1LjMtYzAxMSA2Ni4xNDU2NjEsIDIwMTIvMDIvMDYtMTQ6NTY6MjcgICAgICAgICI+IDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+IDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczpkYz0iaHR0cDovL3B1cmwub3JnL2RjL2VsZW1lbnRzLzEuMS8iIHhtcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD0idXVpZDo1RDIwODkyNDkzQkZEQjExOTE0QTg1OTBEMzE1MDhDOCIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDpDNzkwNTNGRjAzREUxMUU3QjBBMUYyNDNFMzcyQjE5OCIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDpDNzkwNTNGRTAzREUxMUU3QjBBMUYyNDNFMzcyQjE5OCIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBJbGx1c3RyYXRvciBDUzYgKFdpbmRvd3MpIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6MUU5RkFBREVDNDAzRTcxMThGNTZGQzdEN0IzM0I3NUYiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6MUU5RkFBREVDNDAzRTcxMThGNTZGQzdEN0IzM0I3NUYiLz4gPGRjOnRpdGxlPiA8cmRmOkFsdD4gPHJkZjpsaSB4bWw6bGFuZz0ieC1kZWZhdWx0Ij5QcmludDwvcmRmOmxpPiA8L3JkZjpBbHQ+IDwvZGM6dGl0bGU+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+/+0ASFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAAAPHAFaAAMbJUccAgAAAgACADhCSU0EJQAAAAAAEPzhH4nIt8l4LzRiNAdYd+v/7gAOQWRvYmUAZMAAAAAB/9sAhAAGBAQEBQQGBQUGCQYFBgkLCAYGCAsMCgoLCgoMEAwMDAwMDBAMDg8QDw4MExMUFBMTHBsbGxwfHx8fHx8fHx8fAQcHBw0MDRgQEBgaFREVGh8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx//wAARCAHDBG0DAREAAhEBAxEB/8QA0gABAAIDAQEBAAAAAAAAAAAAAAUGAwQHCAIBAQEBAQEBAQEBAAAAAAAAAAAAAQIDBAUGBxAAAQQBAgQBBQUQCw0GAwYHAgABAwQFEQYhEhMHMUFRIjIUYXGBFQhCUnLSIzNzk7PTlFUWFzcYkaGx0WKSsjRUtFbBgqJDU6MkdISkxHVG4mTkJTZmY2WV8OHCg0TUNTjx40WFJxEBAAMAAgEDAQQIBAYCAwAAAAERAjESAyFBBAVRYXETgZGhsdEiMgbwYnIzweFCUiMU8aKCJDT/2gAMAwEAAhEDEQA/APVKAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIKFd76drKVyenazfTs1pDhnj9luFyyRk4k2owuz6O3kVpLhh/WA7R/j7/dLv3lOsp2g/WA7R/j7/dLv3lOsnaD9YDtH+Pv90u/eU6ydoP1gO0f4+/3S795TrJ2hbdtbowW5sYOUwln2ugRlGM3JJH6QPoTcsogX7SktWlkBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBXs73A2ZgLrUczl4KNtwaVoZXdi5Cd2YuDP866UWjvzxdsP7R1P4xfvK0ln54u2H9o6n8Yv3kos/PF2w/tHU/jF+8lFn54u2H9o6n8Yv3kotK7f3vtPcU0sOEycN+WAWOYInd3EXfRnfVm8qkwtp1AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEGnlctjsTj5sjkpxq0q7MU05+qLO7C2vwugrP54u2H9o6n8Yv3laSz88XbD+0dT+MX7yUWfni7Yf2jqfxi/eSiz88XbD+0dT+MX7yUWfni7Yf2jqfxi/eSi1yUUQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBX9wb92dt64FLNZaCjakjaYIZXdieMicWLgz8NQdkotG/ni7Yf2jqfxi/eVpLPzxdsP7R1P4xfvJRZ+eLth/aOp/GL95KLPzxdsP7R1P4xfvJRaU2/vraG4rMlXCZSC/YhDqyRxO7
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58c692be-fe9c-4005-a915-4c4b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:39:55.000Z",
"modified": "2017-03-13T12:39:55.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "ELF_IMEIJ.A"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c69323-a45c-4ab6-a681-45ac02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:40:03.000Z",
"modified": "2017-03-13T12:40:03.000Z",
"description": "IMEIJ sample has the following hash - Xchecked via VT: 8040422762138d28aa411d8bb2307a93432416f72b292bf884fb7c7efde9f3f5",
"pattern": "[file:hashes.SHA1 = '931321a4e6fb126f83bb6a0ff8ad4ffd260b9438']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:40:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c69324-ceb4-45a8-a9e8-424d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:40:04.000Z",
"modified": "2017-03-13T12:40:04.000Z",
"description": "IMEIJ sample has the following hash - Xchecked via VT: 8040422762138d28aa411d8bb2307a93432416f72b292bf884fb7c7efde9f3f5",
"pattern": "[file:hashes.MD5 = 'a16a281cbe544af40f8463c7f5186496']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58c69325-cc48-44c2-b0ad-4ba902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:40:05.000Z",
"modified": "2017-03-13T12:40:05.000Z",
"first_observed": "2017-03-13T12:40:05Z",
"last_observed": "2017-03-13T12:40:05Z",
"number_observed": 1,
"object_refs": [
"url--58c69325-cc48-44c2-b0ad-4ba902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58c69325-cc48-44c2-b0ad-4ba902de0b81",
"value": "https://www.virustotal.com/file/8040422762138d28aa411d8bb2307a93432416f72b292bf884fb7c7efde9f3f5/analysis/1489408605/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c69382-e418-4d68-b7f4-4f9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:41:38.000Z",
"modified": "2017-03-13T12:41:38.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIADNlbUr7kv4V8ZsEAJVRCgAgABwAYTE2YTI4MWNiZTU0NGFmNDBmODQ2M2M3ZjUxODY0OTZVVAkAA4KTxliCk8ZYdXgLAAEEIQAAAAQhAAAA/XpVob7PniLROC+rAtfvx7KVqsHrM0LA6hT4+yGGgojqNsSHXP7Zlue3NfhoT+zDjBtG2p2qYw9IPGD5ovR+iOIdhWc8NpBV3eh5wXgO6RMqBg5TDULi/1j3e+GZCiNjwmFjj5BzDsZiYIo+O4rGcuSvWtmCyyKl0+ox2ErSVRX3MVfB1Axr8YKr19diOuLTzpqxZM/qP2BIDnKNs9XoTAbAx5M1+SL+9TyqIMYYjZEh+BJfCrasMD6Dy2YO4JT6NnV8rMA5QdFUUGMdEq0iTVzVsTS9W88aYw+EdhUC4hFJ84xIxzxQjvh70iumlW0WjngdhSVzFfwKMiSlqLQC2M7K6qwWOHIdi5TEehGJjeUNsChzPClxz4s5Im6DUJV19S9l4IPTwpvw7YlLiKU6vMDCDJ3PcMdXqgY3X9HeGmk8JVOMpd15xTh1/sVAUGFRA0Us1ZLqMS1j2WRPxucw5cuGZRY6EshMd1SL2+u1PtpC/2G5nLAD8wvkkgGi8vZYV902y7Ij2JvHO9M4VHG6F8y6MqW73/WMVsJ9NOxEZUb+E1lgm/yu0vqlZjyWm11VmXnjECbMeI/m4wIwfw2g6NZ9c2LXxvV9S6aQEXWh4ogPd+gwwUtS97rBLjNaWWEB8J9MIqf3NeFcmf0Mrai0Gx7ntXQXCkaltiNJFqGjNJY003JpofnFvWURSgnlK21y0PJSATlF+xERKtU0XY6MPyLRyGBkmpKf8/0r6XQ9Bb3ke8x88/3aE2t6EzrTCLnvtQMjhI8InNbuhtXpSaJ/FSuPQ3iN4sHbwjgtxcisNAdfZriQiANwFfnnBPplhHTc2L/Vbnf1JZny7z2kUYDgoLUwuQGL4FnWBSHVNcoX3JCzXhr+L+D7g2XqrIAa+VrUlysYvA8s41Ud7alM7/MxBsXN6cJsek63z4L4CK6syf8CL4IWP02ATHJ8AbXfR31Myq06nX9vdfyawGahSMu8lH8cJSwb8kMcaKuhYbEHloct3BzVg9gNpGAg0ztty8OpfYkL4SpDgsa/5+T9AKyBxUWOqvWEKVtvF+FL7whfdp4QAea+wQ+zuZr94tCY9h3k5B9xNjb2J5+nCUCz1u5+hszVCSGg7TGluKMiX8GmbafXshXkvMCrJ9uwaOL6g+9yfgxiXpIMnWTGTKCCwTRH2b3bHNP3r/nd8z7azUP1hAJoI7z5A0BAMPb67kooK0WkINOUOFA8y+CAzgg9XsMVY6u0Qo+lTKhyAIJEqbz/rwCURYZYSSjAv7VWjfSXgGmfLWnRJZ6o+EztAeQK9UvEnRfc233RgXnB5NjOUlHqGAbva8Eo0v2QI4VOcsSFf7c7TXeCTGpf9CSWZmSKb5qiyeCXUR5JUQU11uVdQXYUtUBMnUhgULCuwattJtH7ijcTVM6Rki3KRcKSf6aVi0qDBIXPAsN3RsMcaUFIJQidV8tMock5nv3K1VJZptYAGfvXC3MCgKl+a8ADFtXtOGv/RryU3HAEwU1SC9e4n56NglxxvGYmYHnGj9XTTipwYjjUI5qxgjpzpyu0lsniD86u4S9fkyVAxqeEmxI2Zzia9Fg64LSOVR09NABkhFpKtYZ2ueomxXvyh7ZzEKLKnDvG24EPNQNx97EXvdFi+TQv6LnjFG4VdjSpR1PPwVBOzAFM3Hha5KyKY7Cr3RBGVzdjAzcqTodKWC7PBMlvxozYnIqbSY8CXciN7SSPm6NuM8yzbBoo2Cq5fhAXNh1iT/h/aK5+ja6oJY34FF88rcAayaYllz7Wevj1Q0AfdCdBkJ/Wy0FV3ZURDbWR2BFFFVuUXguOldZw8mm4C/xni2VGAN4j+K6v2momDYk4wu8ulRDRNBxvNi2vDrxK2cQX6CgvyUcNxd5CobPToTxLq9RU1D6YSPhlVUS3XrQxk4I3qr87NjMw4wa0wQkEwJ+dmc5tSNy0rD9wwJd9rDvGYLwHtk84PyhDwecJ8NCm8hG4H4KqISVxZeGxECnieHGLfFpxN8ZhCOhbLIurV4N++srZ528rTZFt17GCtevu9mW90dbS6oLgoHA8uOeT8AMvxLIT8vAVv5i1d/l5HU9vnjzL0gR9U+8SLLHZWptJCEV67VGT+RMdUGp3W6ivp/cslxqVq2gW2gbCPSksRqyC/kKrKLHsZpr3f4BwJmwHg5NcSg016rPDVJTUNXCb5xsUCqZji1Jx6P2atIop01d/I1zDNCxAAndb7SHFHkZmO3ljo02Ztj5vDtgqzwRK3k+PmfSi3K3nxTN2gJEWZlp067kBCpGYmrpidA5Fwyys2qsLk4iOPRtEDojhwhvD2ArFe9h1oFP5cw52/WWiJwIEZSPVkmbfR6+oIgycPK4MEMlpuDwS8N18naNhX1gv8uFXDOh7vZ2YudlYBmHOqjwPO4QK6Q08ENf7lK//gfsaehj/uFKBwU2U5mOq8RgRlDk22/lalyfT+/XZEjz/oqc2K3vXxnae45/Di487Op2Es13ZJ2IsuOMhav1L5DZsOXCNYMN26wQ7UQFzs7NcCij/JstrEtJrbt6vHrtL+ylUsVSpLi78P6SRHSTFg8t7EGIB6q4A/XlDR+BWIZBTJNjLbCHIMLQHGHTZWT3N2iiYrf/DONxEzPzqKBS6wCeQmyhPkjsnJddiaFhG8G8DNJMDQcecn1PKb/NsniWOo1gXbdNX+rO2BeH/PqAyH811N5nU7pFjPoFjDissJzcfaNzqIXSS2MCv3kwkRcNdd3652EnohBCcImPTRn6e0jgDgA2nJN1ryoKkGHqv/u9OZKS1weZA5c4wUDGb4NdXHoW6YVxkyNbGXIbhBUTzcMtN5XGIQWiXaHzN/ScmOqy7wfcr66qjUkuN394c0tipvR5eFFilzN1gIpUCCMKzkY/+U5UYwKU0VPZL0CpOHCALDW1WxUwpLFAxpL1i0YKuXY4EzcttcPO+6ZX5LlK0paRD/gsRnjKmo89VIInbJ7U2NPgeNc6B9XkLdeFcTX9yNGGX/l3/m4s1oAgLu5VxlNp3LiUGseDiYtRO1wa2FqQzQ4+m5dWeDHgdHMt3jV/nAAn+SHuZasF9YhISV3kh661CKHZ9fxJNk/VP/XIsO788Ob1TcVW/5sZ42Ua7oGkcXP9GFdceIqvhPCRDZia6MilwutVkUsMCJrjDciNyzrUqWpkEz15Ks8HeKrPbNEgcAiKtwWP7c2fLcPiz8zrqEuQlpF00tj+k7L63TcycfesjPau9gMpHMEWkwkKNk89HnArwkbmH4Lc5/CM6r+/0SwKuxzF3AeTxZBEyKIe6Dd9eat4lfuc8C4/Lyle/MdK3k2X+ldY4Wa6Ubic32sDBJbdm3V8bGXl1+IXWL/i96/wa19TPF9ifhdqPq39WJ0Sxi2Tze+QwvzgDC7ytOlxIWae1yXUejtnNliVrPbuEftQW6X9yxhGTeOpT3mT9AHiUssbQbYLdO5DkGfz+MhdbpZnbcfcHsaVbAI/fEjmCTLCS6+kMfUvFJmDNMukX/yZH8nkbrRpdvgk2RhX2STFe2b1+XZb7+wPGaZP5Uld296Pshm1jeS7TrCKFR8dNkcls76kk4+Pjfce+Oyk3ZO1B4b9piP0dFfFDwaxoGJMK3gFaA8xgMQUqkUp162NTEPwhVEvZSoDjL/gJdfvSk0R6oHtDoaHgbAUOC9PT+baUmpceTzIwOx+WCCwJR1Mvk++r1KQ01/6EdTzVMcrqR6mqVwsudynJDqhUk5CSsQ5Jwdiq+uM2Uf2enyG2ARrFOKm9ifVBFvJVKfY7THe1Kr1fu43TcnGDw1gI7LO+GW49317b1+xNbQKCZIkwc9o13XXyMDN7jeaw/YMBERNba3ZTFW7licTLt7hf8J2MWsWNvh0I/FAXWobPBOIEqFTanZJUkYcT5LOpzBFQs5Eq+FKc4/5X3V
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:41:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c69384-f3d4-41d2-a742-4156950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:41:40.000Z",
"modified": "2017-03-13T12:41:40.000Z",
"pattern": "[file:name = '8040422762138d28aa411d8bb2307a93432416f72b292bf884fb7c7efde9f3f5' AND file:hashes.SHA1 = '931321a4e6fb126f83bb6a0ff8ad4ffd260b9438']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:41:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c69385-4834-4c80-a2e2-42f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:41:41.000Z",
"modified": "2017-03-13T12:41:41.000Z",
"pattern": "[file:name = '8040422762138d28aa411d8bb2307a93432416f72b292bf884fb7c7efde9f3f5' AND file:hashes.SHA256 = '8040422762138d28aa411d8bb2307a93432416f72b292bf884fb7c7efde9f3f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:41:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c696e6-0488-4c13-bb39-41e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:56:06.000Z",
"modified": "2017-03-13T12:56:06.000Z",
"description": "Related sample",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAANnbUqENPCFYJoEAOdQCgAgABwAYjQ4NmNiN2FlYzNlNzViMGNkZjI5NGNkMzhmNGM0MTdVVAkAA+aWxljmlsZYdXgLAAEEIQAAAAQhAAAA3W+2RwBkHkcv8YWrv8VpsIkytZzTtV1RZWYJejHkFUEwdYdBTaNwhfgLFyNwjLI/PeSqwWejOEqfcfufUA1GPwWQtU8un3CPvLoPcWU0P6er7/LjoSHylacxDuq+X5OugKYNWHdg6oxMsTugszi/DOQMDZwzV6rRqYZL3990l7ZG/jFsmHZ5eL7zi191X8DUPDY1dXIXq9ssFku94633i94jTYnNFoQtGrryl8RLoCLkkQfRkjyWFWKaL2kK8sZchW0zdWqYQ/RyiHcPbhsGFa5UZgeX9k0579KCfs69DqT6BgYMxra8JNxW9L8QzhoHyVKsBc5Oo1yjk0k2dtX3LIugwsk6OYJY3mYscEFbEQDmGfnFojsM1SyVKUZjKv6QAx71zXITYf2i7A12EDn2917lBmo45LIej0RVxppFp0TEU69d62mVqIu2m4MsPicGPJWYIIsBXwp6vJHZ3TqLdKCSK25haqi6/mBR0m0aJ+jWmfb1YwcKq6GWq4fMgGCh9FkKtQILyt15XanKbj7aiI55B3OWRHo71jnmXOTLT0blIqmxqqRm5b9cXHkw98MR6Ce0Pe2DcE3sAuQ1Fm/ho66/wuJ3JlmXNJirQFCq4iX+QKfcgu7B1qA27Wfo1PMUtb0uYQ8BAfWqVlVvG+r/sCC3b8XEciQI5jLhnWmDVsYFpSQ7FtzMCUP4TzE2+rZTO2mOa41eAkH3KpnyRpy3NvMU5qYPiwmdN4ZxIFljU62fAWArmXetQ6d2r4b0qQzyziUjcKdBNsf+inun7Y58WHcadX7sYY/L7Hg9fGDxBwARgA2EzZPgSlQ+To/L2G4kOKTQgNGg3CU1NQV7SUY8MpMCxRNOf5H7bNUIYN0MC2VYi6bPnabTU62KmPYwhYTWEnQ0IJzqmNXEx5hiGnE+HrQknhnybQaoX4Bz0IuBzP4wrqSQsIh3aHcTz3ValHGuHJnbEUC96pBuRaT4xHuZ5707fVq6ccVN31vMfvWuB5azpOI9RPI+QfojZ2IZNHLVuULjNluQnDhuFxJ8YW+6IO6f5Viqk9aigNPha0QaRhRIqSaT2EPV/Hq2K5TlYfSfpsuMaS+Mc217p5sObhKQZE5nkTWYADpbG+x330ynK4NPiqX0lrER1U1RsRCRGn4ZXMVXDq1RLVhEwOibM4uGtY0XfoI7k/pDFWufwkc6Qrv6yRMOlMi8bfIQ6ln6v3uBj3EYzB+pKw3oabbI1iW6y5lUO7LHKxuyBPkU0ikmuDniWUfBJSl3ckiEnFH1AaadyoknhzLhVcTo2h3HsW9hFv6N7Z3lBfxP7rjjUUWR4pT7H3ZxayOcbUYk+GcSitfdPa93N5Hz5Bpke/RRqU4RknQ5U+PtA7/UX54kJ70KOeXETWgi0i2b3mWRuo4vXEhMllsXBkj3lF3ifXJGggL/Fy1Q3kGGPfW7vL08p5+sUbXW5cMVQNeGuuR4U+vEOgw93hJSVHBgFwz9CeAEDjfW51ShGzvybz/+/YZMaoteM8WT0Sc64S4klBH347m/A7jEsClFNC4c91q75fH7e5yzvm8K86yWukD5IPe4AdKwAcp6XoPoAALyKN3H7A/cBvVJwAW/KJhQiTFe3N/kfJZtFaIR2p3OYN4Xm/3Vxz9qDHtcuLbFKArQ4gfRatbuoj7XyqKtvKneS2n44MK+RxWPayNhKQW1pA9PEYQdDeEMu+bvr00y5+vWnC2T37pO2EE+VVnU3OZZ58DRYiHV8MsogIXeObaIEiTpBTYUtDlUnBJaM4KYe6+XARjSI3d8opARmaPKVZZQGNKtqre/5rjz0eUN3ao9SF9u+v7zi0n9Pmy9LTNqj+KzgDhUrfvhK3v5Pyi9l1T1t/PtJ9+h+tRBdBnKPIHMfN5YYzxPS/wSpKA22Z3TwN5n9TTRcFalmvrzG2rs/IEmm/4IWy9G5HKjgGVoCUAqCHlMeKbMICnpiw8uLwiBabq4fF2tP1q+/cw/kptwl/GyXQDDzvmpe35TyLc22BytJmhlzZjN9cghWoevTwd3n58Iz/NfwkVx9+P10EmUnZmqUO9Hd233Ld1Dpu9NVu9PRBzzEST3cdGecWS/MFr6BCD0lr0vN4QS0nzX2t/1VX50vKjNLVGOldWW2LkY+AwAiYAoQQNT5BoGl1tLwVdYGzv8F8OmGetrjiLCI40LyPxNHdAPUKC3We8zLn5pV85BApOSv3Cas1Lcmp3D5GgU6bBLdwL33IH8kc5sRxqNqoJVk+hxdKvKhj5PZZrAvo+cV02ggjl9m7hVwhhwdNvSuJeKi5UOeXjD4GKtPYRv/YTDukJi6SY4E8egrhJHrIA+FqvhfLnetjzTAev8KdsK/e7ZSAWnSfhpoLaH9bos3sx39am5FlkGY2DdMxU9g+VwL/V5GGbhOHo6ORkFWITGI/jPW1YeJIihY+ZgpP+bzn124rXxuo5qaEq2y7XuIIjbHQT7fojBLXz/U6fY48Vo0xgDLiXZoBi2ZifbF6c32+q1NcBLiQUaaJc4xY8yPXZnC/Efp6WJF3w8y36QcJEywFtjVHvPVAcNvPEG28UjFPgdFd4DQhImMcJGhacKgh8hVyb9u9bNH7qnDWhNnhHL2+J7jluaWygsWP3eVJFgzKriQlukSojGqawaMcIeAHitiWDUbo8GenGhopbEJaNWgBrGZUrKKt9EITNAZj2q+NZs3yXNb2a+m453KSduAx0Td6wteSEO0cIC3orIxqwVv4w3E5PdAOY9buQYAMYZ7p61b6AyoxUXIqZiddzryjrw7e+Jhde5jvnaBSB5CizEoPjCNKm7iKfSB5bqv7yQBbSllEsfmqYHq9SACxR9YaiWqEoxw7zYAkc1MemwibO3FJqbuZ3MSeUdAfVVqOPeeaNOMYGzdJSHYbWSSawfR+wLPDvnqnspHlRLcFuXCPnb1Eb7HjGACwKGa/X4AfdocyiRPchHPDDpuEUmUcTUb3G5WFoJu/dBmAKp3CKj83dG7S2eaVs6hpYe7kyrmalWrQmfEPqBQnX8IrFtkHKeJ8HfJQfqRlL3JG4MH9Zqt+fDaidwmulfwiYd3qIT2PMk9bOOVA3eAv4xaIQ3CoCCVqnPHIDLOtzHpKYnHwEoNY7RAEITIS31qFDviVpOGRpIRJHju82IPaqaJlKa2PuwkzXFa693YN7mB2KvUd7JCIaEKjjSx/vXyC5VI0JNgBBrvWSmpfgA8AaUVZ7IKe4+zZYhJuqC+gHuFpTvLp+O4YmdDGT96jpR7uojXH5CXAQA5RPIldBRVkJw25Y9QeK206SmDkaIQslNOkd/Wjj0veewZg767JannN3Fl8BpBo5pC3YuyaHr1pnCvSzAscwlniNhTxQANaJ7EhxqA1glpj7d8r1HxAk7EAi33dQwGGCsUNM2ppwyl3I2WIhIpOkMifph6iOe9gZ8/K7OjkB6BZVJSFUWzGfwtqBPdS/pm8dc9bbD8zfyBfL34WDvpKj+otaIBYP8hqYzpbopyn1h/SswnyMYpfI+3f8x5Jg8bD9KAT/gzkSm18Xzsl+Zszk7HP8ZTvhU7U1HZVMgptOri2/QQ96yqJAiYw7IJf+uPGkn3+Zi1QuNpqk1dNkl2RTgMdDOgvP/oqzTPttUYu6OAPKLj+NXSSa5GfC2dDRv+lLAoxElFebna72mHkm2AjCzVVq+w08KBI+pSdPrvRwpxDmGTW8OYCLeZSuNKj/KkSwIad9uN/EV0Ramc6ZTiwuDbEn9kBBmWubLbtYe+/LwqymkrUpUQptUbN6tk7lwjvXfEIA1DxmKKLNmSZgE4C84Q98/J1t8WaXgZ1BnvL0PvA1o2i5vvUCBiNt2C0GMLXURSeE5W6i4b4M3mh1XejZBHKEI0fAbHoU+++H9IxI2Ma4gRulJWpfn4nXhY7BwbpvklWwaKS9ThV
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:56:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c696e8-1fb8-41e5-9a0f-43b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:56:08.000Z",
"modified": "2017-03-13T12:56:08.000Z",
"description": "Related sample",
"pattern": "[file:name = '4394cc9f411c83d9fd0aceff9c73485649b607c80b244c23bd28872c3a3df6fb' AND file:hashes.SHA1 = '3e0a2a39dabed50020618a36473588926ed78730']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:56:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58c696ea-f1f4-48f1-907a-4456950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-13T12:56:10.000Z",
"modified": "2017-03-13T12:56:10.000Z",
"description": "Related sample",
"pattern": "[file:name = '4394cc9f411c83d9fd0aceff9c73485649b607c80b244c23bd28872c3a3df6fb' AND file:hashes.SHA256 = '4394cc9f411c83d9fd0aceff9c73485649b607c80b244c23bd28872c3a3df6fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-13T12:56:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}