2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5bbb1f88-fe84-4834-bccd-7916950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-10T07:42:02.000Z" ,
"modified" : "2018-10-10T07:42:02.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5bbb1f88-fe84-4834-bccd-7916950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-10T07:42:02.000Z" ,
"modified" : "2018-10-10T07:42:02.000Z" ,
"name" : "OSINT - New Fox Ransomware Matrix Variant Tries Its Best to Close All File Handles" ,
"published" : "2018-10-10T07:42:11Z" ,
"object_refs" : [
"observed-data--5bbb2419-ffb4-41f3-ae26-215d950d210f" ,
"url--5bbb2419-ffb4-41f3-ae26-215d950d210f" ,
"x-misp-attribute--5bbb4c93-9990-42d6-a210-42cc950d210f" ,
"indicator--5bbc5e1f-dabc-4346-8882-5450950d210f" ,
"indicator--5bbc5e1f-777c-421d-9604-5450950d210f" ,
"indicator--5bbc5e20-28dc-457e-891c-5450950d210f" ,
"indicator--5bbc6418-2098-45c6-8ed7-602f950d210f" ,
"indicator--5bbc6419-1050-491c-83d7-602f950d210f" ,
"indicator--5bbc6419-bd6c-43d1-a2d7-602f950d210f" ,
"indicator--5bbc641a-8154-4851-aadc-602f950d210f" ,
"indicator--5bbc641a-b840-4736-a500-602f950d210f" ,
"x-misp-attribute--5bbc6441-7be4-4677-9ab0-6007950d210f" ,
"observed-data--5bbc6720-8aa4-4c50-b6d9-602f950d210f" ,
"file--5bbc6720-8aa4-4c50-b6d9-602f950d210f" ,
"artifact--5bbc6720-8aa4-4c50-b6d9-602f950d210f" ,
"observed-data--5bbc6b6c-f4b8-4833-a2f0-6012950d210f" ,
"file--5bbc6b6c-f4b8-4833-a2f0-6012950d210f" ,
"artifact--5bbc6b6c-f4b8-4833-a2f0-6012950d210f" ,
"observed-data--5bbc7337-c298-4840-bfd9-7f7f950d210f" ,
"file--5bbc7337-c298-4840-bfd9-7f7f950d210f" ,
"artifact--5bbc7337-c298-4840-bfd9-7f7f950d210f" ,
"observed-data--5bbc7592-d148-4e53-83d3-7fe6950d210f" ,
"file--5bbc7592-d148-4e53-83d3-7fe6950d210f" ,
"artifact--5bbc7592-d148-4e53-83d3-7fe6950d210f" ,
"indicator--5bbc6300-c92c-4478-9d96-5456950d210f" ,
"indicator--5bbc6396-dbdc-46ee-b882-60c7950d210f" ,
"indicator--12119283-9931-40f3-bff6-97439d358a0d" ,
"x-misp-object--b26bb70c-ce60-4296-a44f-16928c6826f0" ,
2023-05-19 09:05:37 +00:00
"relationship--bd25a80f-da1a-4b92-99f1-5de2a4beb439"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"malware_classification:malware-category=\"Ransomware\"" ,
"circl:incident-classification=\"malware\"" ,
"osint:source-type=\"blog-post\"" ,
"misp-galaxy:ransomware=\"Matrix\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bbb2419-ffb4-41f3-ae26-215d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T10:05:31.000Z" ,
"modified" : "2018-10-09T10:05:31.000Z" ,
"first_observed" : "2018-10-09T10:05:31Z" ,
"last_observed" : "2018-10-09T10:05:31Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5bbb2419-ffb4-41f3-ae26-215d950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5bbb2419-ffb4-41f3-ae26-215d950d210f" ,
"value" : "https://www.bleepingcomputer.com/news/security/new-fox-ransomware-matrix-variant-tries-its-best-to-close-all-file-handles/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5bbb4c93-9990-42d6-a210-42cc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T10:05:17.000Z" ,
"modified" : "2018-10-09T10:05:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "A new variant of the Matrix Ransomware has been discovered that is renaming encrypted files and then appending the .FOX extension to the file name. Of particular interest, this ransomware could have the most exhaustive process of making sure each and every file is not opened and available for encrypting. Thankfully, this also makes its encryption process very slow so it could be easier to detect.\r\n\r\nThis ransomware variant was first discovered by security researcher MalwareHunterTeam and is installed through computers running Remote Desktop Services and being openly connected to the Internet. The attackers will scan ranges of IP addresses to find open RDP services and then brute force the password."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bbc5e1f-dabc-4346-8882-5450950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T07:51:59.000Z" ,
"modified" : "2018-10-09T07:51:59.000Z" ,
"pattern" : "[email-message:from_ref.value = 'pabfox@protonmail.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-09T07:51:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bbc5e1f-777c-421d-9604-5450950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T07:51:59.000Z" ,
"modified" : "2018-10-09T07:51:59.000Z" ,
"pattern" : "[email-message:from_ref.value = 'foxhelp@cock.li']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-09T07:51:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bbc5e20-28dc-457e-891c-5450950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T07:52:00.000Z" ,
"modified" : "2018-10-09T07:52:00.000Z" ,
"pattern" : "[email-message:from_ref.value = 'foxhelp@tutanota.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-09T07:52:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bbc6418-2098-45c6-8ed7-602f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T08:17:28.000Z" ,
"modified" : "2018-10-09T08:17:28.000Z" ,
"pattern" : "[file:name = '\\\\%AppData\\\\%\\\\random.vbs']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-09T08:17:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bbc6419-1050-491c-83d7-602f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T08:17:29.000Z" ,
"modified" : "2018-10-09T08:17:29.000Z" ,
"pattern" : "[file:name = '\\\\%AppData\\\\%\\\\random.bat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-09T08:17:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bbc6419-bd6c-43d1-a2d7-602f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T08:17:29.000Z" ,
"modified" : "2018-10-09T08:17:29.000Z" ,
"pattern" : "[file:name = '\\\\%AppData\\\\%\\\\random.bmp']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-09T08:17:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bbc641a-8154-4851-aadc-602f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T08:17:30.000Z" ,
"modified" : "2018-10-09T08:17:30.000Z" ,
"pattern" : "[file:name = '\\\\%DownloadedFolder\\\\%\\\\.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-09T08:17:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bbc641a-b840-4736-a500-602f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T08:17:30.000Z" ,
"modified" : "2018-10-09T08:17:30.000Z" ,
"pattern" : "[file:name = '\\\\%DownloadedFolder\\\\%\\\\.bat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-09T08:17:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5bbc6441-7be4-4677-9ab0-6007950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T08:18:09.000Z" ,
"modified" : "2018-10-09T08:18:09.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "HOW TO RECOVER YOUR FILES INSTRUCTION\r\nATENTION!!!\r\nWe are realy sorry to inform you that ALL YOUR FILES WERE ENCRYPTED \r\nby our automatic software. It became possible because of bad server security. \r\nATENTION!!!\r\nPlease don't worry, we can help you to RESTORE your server to original\r\nstate and decrypt all your files quickly and safely!\r\n\r\nINFORMATION!!!\r\nFiles are not broken!!!\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly DELETED AFTER 7 DAYS! You will irrevocably lose all your data!\r\n* Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\r\n\r\nHOW TO RECOVER FILES???\r\nPlease write us to the e-mail (write on English or use professional translator):\r\nPabFox@protonmail.com \r\nFoxHelp@cock.li\r\nFoxHelp@tutanota.com\r\nYou have to send your message on each of our 3 emails due to the fact that the message may not reach their intended recipient for a variety of reasons!\r\n \r\nIn subject line write your personal ID:\r\n[id]\r\nWe recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \r\n* Please note that files must not contain any valuable information and their total size must be less than 5Mb. \r\n\r\nOUR ADVICE!!!\r\nPlease be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\r\n\r\nWe will definitely reach an agreement ;) !!!"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bbc6720-8aa4-4c50-b6d9-602f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T08:48:00.000Z" ,
"modified" : "2018-10-09T08:48:00.000Z" ,
"first_observed" : "2018-10-09T08:48:00Z" ,
"last_observed" : "2018-10-09T08:48:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5bbc6720-8aa4-4c50-b6d9-602f950d210f" ,
"artifact--5bbc6720-8aa4-4c50-b6d9-602f950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5bbc6720-8aa4-4c50-b6d9-602f950d210f" ,
"name" : "ransom-note-redacted.jpg" ,
"content_ref" : "artifact--5bbc6720-8aa4-4c50-b6d9-602f950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5bbc6720-8aa4-4c50-b6d9-602f950d210f" ,
"payload_bin" : " / 9 j / 4 A A Q S k Z J R g A B A Q A A A Q A B A A D / 4 g l 0 S U N D X 1 B S T 0 Z J T E U A A Q E A A A l k A A A A A A I A A A B t b n R y U k d C I F h Z W i A H 1 A A M A B c A C Q A B A A l h Y 3 N w T V N G V A A A A A B T R U M g R l B E I A A A A A A A A A A A A A A A A Q A A 9 t U A A Q A A A A D T L F N F Q y A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A 1 j c H J 0 A A A B I A A A A D h k Z X N j A A A B W A A A A I B k b W 5 k A A A B 2 A A A A H p k b W R k A A A C V A A A A G J y W F l a A A A C u A A A A B R n W F l a A A A C z A A A A B R i W F l a A A A C 4 A A A A B R 3 d H B 0 A A A C 9 A A A A B R y V F J D A A A D C A A A A g x n V F J D A A A F F A A A A g x i V F J D A A A H I A A A A g x j Y W x 0 A A A J L A A A A B R 2 a W V 3 A A A J Q A A A A C R 0 Z X h 0 A A A A A E N v c H l y a W d o d C A o Y y k g M j A w M y B T Y W 1 z d W 5 n I E V s Z W N 0 c m 9 u a W N z I E N v L i w g T H R k A G R l c 2 M A A A A A A A A A J F N h b X N 1 b m c g L S B O Y X R 1 c m F s I E N v b G 9 y I F B y b y A x L j A g S U N N A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A Z G V z Y w A A A A A A A A A d U 2 F t c 3 V u Z y B F b G V j d H J v b m l j c y B D b y 4 s I E x 0 Z A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A G R l c 2 M A A A A A A A A A B S A g I C A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B Y W V o g A A A A A A A A f D Q A A E M M A A A B 0 1 h Z W i A A A A A A A A B V Q Q A A p C Y A A B h W W F l a I A A A A A A A A C V g A A A Y 0 Q A A u Q N Y W V o g A A A A A A A A 8 z 4 A A Q A A A A E W c G N 1 c n Y A A A A A A A A B A A A A A A A A A Q A D A A c A C w A R A B g A I A A p A D Q A Q Q B O A F 0 A b g C A A J Q A q Q D A A N g A 8 g E N A S o B S Q F p A Y s B r w H U A f s C J A J P A n s C q Q L Z A w o D P Q N y A 6 k D 4 g Q c B F k E l w T X B R k F X Q W i B e o G M w Z + B s s H G g d r B 74 I E w h q C M M J H Q l 6 C d k K O Q q c C w E L Z w v Q D D o M p w 0 W D Y Y N + Q 5 u D u U P X g / Z E F Y Q 1 R F W E d k S X h L m E 28 T + x S J F R k V q h Y / F t U X b R g I G K Q Z Q x n k G o c b L B v U H H 4 d K R 3 X H o c f O h / u I K U h X i I Z I t c j l i R Y J R w l 4 y a r J 3 Y o Q y k S K e Q q t y u O L G Y t Q C 4 d L v w v 3 j D B M a c y k D N 6 N G c 1 V j Z I N z w 4 M j k q O i U 7 I j w h P S M + J z 8 u Q D Z B Q U J P Q 19 E c U W F R p x H t U j R S e 9 L D 0 w y T V d O f 0 + p U N V S B F M 1 V G h V n l b X W B F Z T l q O W 9 B d F F 5 b X 6 R g 8 G I + Y 49 k 4 m Y 3 Z 49 o 6 W p G a 6 V t B 25 r b 9 J x O 3 K n d B V 1 h X b 4 e G 555 n t g f N 1 + X X / f g W O C 6 o R z h f + H j o k f i r K M S I 3 h j 3 y R G Z K 5 l F y W A Z e p m V O b A J y v n m G g F a H M o 4 a l Q q c B q M K q h a x M r h W v 4 L G u s 3 + 1 U r c o u Q C 627 y 4 v p j A e 8 J g x E j G M s g g y g / M A c 32 z + 7 R 6 N P l 1 e T X 5 t n q 2 / H d + + A I 4 h f k K O Y 96 F T q b e y J 7 q j w y v L u 9 R X 3 P v l q + 5 n 9 y v //Y3VydgAAAAAAAAEAAAAAAAABAAMABwALABEAGAAgACkANABBAE4AXQBuAIAAlACpAMAA2ADyAQ0BKgFJAWkBiwGvAdQB+wIkAk8CewKpAtkDCgM9A3IDqQPiBBwEWQSXBNcFGQVdBaIF6gYzBn4GywcaB2sHvggTCGoIwwkdCXoJ2Qo5CpwLAQtnC9AMOgynDRYNhg35Dm4O5Q9eD9kQVhDVEVYR2RJeEuYTbxP7FIkVGRWqFj8W1RdtGAgYpBlDGeQahxssG9Qcfh0pHdcehx86H+4gpSFeIhki1yOWJFglHCXjJqsndihDKRIp5Cq3K44sZi1ALh0u/C/eMMExpzKQM3o0ZzVWNkg3PDgyOSo6JTsiPCE9Iz4nPy5ANkFBQk9DX0RxRYVGnEe1SNFJ70sPTDJNV05/T6lQ1VIEUzVUaFWeVtdYEVlOWo5b0F0UXltfpGDwYj5jj2TiZjdnj2jpakZrpW0Hbmtv0nE7cqd0FXWFdvh4bnnme2B83X5df9+BY4LqhHOF/4eOiR+KsoxIjeGPfJEZkrmUXJYBl6mZU5sAnK+eYaAVocyjhqVCpwGowqqFrEyuFa/gsa6zf7VStyi5ALrbvLi+mMB7wmDESMYyyCDKD8wBzfbP7tHo0+XV5Nfm2erb8d374AjiF+Qo5j3oVOpt7InuqPDK8u71Ffc++Wr7mf3K//9jdXJ2AAAAAAAAAQAAAAAAAAEAAwAHAAsAEQAYACAAKQA0AEEATgBdAG4AgACUAKkAwADYAPIBDQEqAUkBaQGLAa8B1AH7AiQCTwJ7AqkC2QMKAz0DcgOpA+IEHARZBJcE1wUZBV0FogXqBjMGfgbLBxoHawe+CBMIagjDCR0JegnZCjkKnAsBC2cL0Aw6DKcNFg2GDfkObg7lD14P2RBWENURVhHZEl4S5hNvE/sUiRUZFaoWPxbVF20YCBikGUMZ5BqHGywb1Bx+HSkd1x6HHzof7iClIV4iGSLXI5YkWCUcJeMmqyd2KEMpEinkKrcrjixmLUAuHS78L94wwTGnMpAzejRnNVY2SDc8ODI5KjolOyI8IT0jPic/LkA2QUFCT0NfRHFFhUacR7VI0UnvSw9MMk1XTn9PqVDVUgRTNVRoVZ5W11gRWU5ajlvQXRReW1+kYPBiPmOPZOJmN2ePaOlqRmulbQdua2/ScTtyp3QVdYV2+HhueeZ7YHzdfl1/34FjguqEc4X/h46JH4qyjEiN4Y98kRmSuZRclgGXqZlTmwCcr55hoBWhzKOGpUKnAajCqoWsTK4Vr+CxrrN/tVK3KLkAutu8uL6YwHvCYMRIxjLIIMoPzAHN9s/u0ejT5dXk1+bZ6tvx3fvgCOIX5CjmPehU6m3sie6o8Mry7vUV9z75avuZ/cr//2R0aW0AAAAAB9QADAAXAAkABwAPdmlldwAAAAAFdU1zBb6WlwY/fZoBF3XkASYeHgE/5ewAAAAC/9sAQwAQCwsLDAsQDAwQFw8NDxcbFBAQFBsfFxcXFxcfHhcaGhoaFx4eIyUnJSMeLy8zMy8vQEBAQEBAQEBAQEBAQEBA/9sAQwERDw8RExEVEhIVFBEUERQaFBYWFBomGhocGhomMCMeHh4eIzArLicnJy4rNTUwMDU1QEA/QEBAQEBAQEBAQEBA/8IAEQgF3APiAwEiAAIRAQMRAf/EABoAAQADAQEBAAAAAAAAAAAAAAACAwQBBQb/xAAYAQEBAQEBAAAAAAAAAAAAAAAAAQMCBP/aAAwDAQACEAMQAAAB9Wzvndc7p+L7BJd5861MvoFKeaS5LpBdWRRkF1ZFcKVwpXClcKVwpXClcKVwpXClcKVwpXClcKV0StmtLFdxFSLlIuVC1ATRgWnDrnQr6TV9JlJcQJoaSl2ktcgWLJFK4UrhSuFK4UrhSuFK4UrhSuFK4UrhSuFK4UrsRenMpcoNCVhSuFK4Us2kLqjinYeMm149DFGzm5vUyD0fOJ130PO0GmJzY2REohXPolTcAAAAAAAAAAAAAEJjNO4Zu6BnhrGSWkZmkZ+aRXRrGeOoY+6xjlqGRrFENQytQw65imOgY5ahzoAAAAAAAAAAAAAKbgBVDQITCntoAonYFVtBzRnGFW1z80acWT5dLnhqynPW8n1pfUjKrDSUap1LlPLN8ZR56lVbQclmsJM9xonGQBnVC5nmWaPP9AArgrLeUxNSvhdXVaShXI0yADLLNYXcr4WWZJF3YRNUqrQCjlHDSzSNHKuGi3LqAM/ahYomXTxbSYI06MBfKms2zhMAAAA
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bbc6b6c-f4b8-4833-a2f0-6012950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T08:48:44.000Z" ,
"modified" : "2018-10-09T08:48:44.000Z" ,
"first_observed" : "2018-10-09T08:48:44Z" ,
"last_observed" : "2018-10-09T08:48:44Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5bbc6b6c-f4b8-4833-a2f0-6012950d210f" ,
"artifact--5bbc6b6c-f4b8-4833-a2f0-6012950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5bbc6b6c-f4b8-4833-a2f0-6012950d210f" ,
"name" : "fox-background.jpg" ,
"content_ref" : "artifact--5bbc6b6c-f4b8-4833-a2f0-6012950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5bbc6b6c-f4b8-4833-a2f0-6012950d210f" ,
"payload_bin" : " / 9 j / 4 A A Q S k Z J R g A B A Q A A A Q A B A A D / 4 g l 0 S U N D X 1 B S T 0 Z J T E U A A Q E A A A l k A A A A A A I A A A B t b n R y U k d C I F h Z W i A H 1 A A M A B c A C Q A B A A l h Y 3 N w T V N G V A A A A A B T R U M g R l B E I A A A A A A A A A A A A A A A A Q A A 9 t U A A Q A A A A D T L F N F Q y A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A 1 j c H J 0 A A A B I A A A A D h k Z X N j A A A B W A A A A I B k b W 5 k A A A B 2 A A A A H p k b W R k A A A C V A A A A G J y W F l a A A A C u A A A A B R n W F l a A A A C z A A A A B R i W F l a A A A C 4 A A A A B R 3 d H B 0 A A A C 9 A A A A B R y V F J D A A A D C A A A A g x n V F J D A A A F F A A A A g x i V F J D A A A H I A A A A g x j Y W x 0 A A A J L A A A A B R 2 a W V 3 A A A J Q A A A A C R 0 Z X h 0 A A A A A E N v c H l y a W d o d C A o Y y k g M j A w M y B T Y W 1 z d W 5 n I E V s Z W N 0 c m 9 u a W N z I E N v L i w g T H R k A G R l c 2 M A A A A A A A A A J F N h b X N 1 b m c g L S B O Y X R 1 c m F s I E N v b G 9 y I F B y b y A x L j A g S U N N A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A Z G V z Y w A A A A A A A A A d U 2 F t c 3 V u Z y B F b G V j d H J v b m l j c y B D b y 4 s I E x 0 Z A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A G R l c 2 M A A A A A A A A A B S A g I C A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B Y W V o g A A A A A A A A f D Q A A E M M A A A B 0 1 h Z W i A A A A A A A A B V Q Q A A p C Y A A B h W W F l a I A A A A A A A A C V g A A A Y 0 Q A A u Q N Y W V o g A A A A A A A A 8 z 4 A A Q A A A A E W c G N 1 c n Y A A A A A A A A B A A A A A A A A A Q A D A A c A C w A R A B g A I A A p A D Q A Q Q B O A F 0 A b g C A A J Q A q Q D A A N g A 8 g E N A S o B S Q F p A Y s B r w H U A f s C J A J P A n s C q Q L Z A w o D P Q N y A 6 k D 4 g Q c B F k E l w T X B R k F X Q W i B e o G M w Z + B s s H G g d r B 74 I E w h q C M M J H Q l 6 C d k K O Q q c C w E L Z w v Q D D o M p w 0 W D Y Y N + Q 5 u D u U P X g / Z E F Y Q 1 R F W E d k S X h L m E 28 T + x S J F R k V q h Y / F t U X b R g I G K Q Z Q x n k G o c b L B v U H H 4 d K R 3 X H o c f O h / u I K U h X i I Z I t c j l i R Y J R w l 4 y a r J 3 Y o Q y k S K e Q q t y u O L G Y t Q C 4 d L v w v 3 j D B M a c y k D N 6 N G c 1 V j Z I N z w 4 M j k q O i U 7 I j w h P S M + J z 8 u Q D Z B Q U J P Q 19 E c U W F R p x H t U j R S e 9 L D 0 w y T V d O f 0 + p U N V S B F M 1 V G h V n l b X W B F Z T l q O W 9 B d F F 5 b X 6 R g 8 G I + Y 49 k 4 m Y 3 Z 49 o 6 W p G a 6 V t B 25 r b 9 J x O 3 K n d B V 1 h X b 4 e G 555 n t g f N 1 + X X / f g W O C 6 o R z h f + H j o k f i r K M S I 3 h j 3 y R G Z K 5 l F y W A Z e p m V O b A J y v n m G g F a H M o 4 a l Q q c B q M K q h a x M r h W v 4 L G u s 3 + 1 U r c o u Q C 627 y 4 v p j A e 8 J g x E j G M s g g y g / M A c 32 z + 7 R 6 N P l 1 e T X 5 t n q 2 / H d + + A I 4 h f k K O Y 96 F T q b e y J 7 q j w y v L u 9 R X 3 P v l q + 5 n 9 y v //Y3VydgAAAAAAAAEAAAAAAAABAAMABwALABEAGAAgACkANABBAE4AXQBuAIAAlACpAMAA2ADyAQ0BKgFJAWkBiwGvAdQB+wIkAk8CewKpAtkDCgM9A3IDqQPiBBwEWQSXBNcFGQVdBaIF6gYzBn4GywcaB2sHvggTCGoIwwkdCXoJ2Qo5CpwLAQtnC9AMOgynDRYNhg35Dm4O5Q9eD9kQVhDVEVYR2RJeEuYTbxP7FIkVGRWqFj8W1RdtGAgYpBlDGeQahxssG9Qcfh0pHdcehx86H+4gpSFeIhki1yOWJFglHCXjJqsndihDKRIp5Cq3K44sZi1ALh0u/C/eMMExpzKQM3o0ZzVWNkg3PDgyOSo6JTsiPCE9Iz4nPy5ANkFBQk9DX0RxRYVGnEe1SNFJ70sPTDJNV05/T6lQ1VIEUzVUaFWeVtdYEVlOWo5b0F0UXltfpGDwYj5jj2TiZjdnj2jpakZrpW0Hbmtv0nE7cqd0FXWFdvh4bnnme2B83X5df9+BY4LqhHOF/4eOiR+KsoxIjeGPfJEZkrmUXJYBl6mZU5sAnK+eYaAVocyjhqVCpwGowqqFrEyuFa/gsa6zf7VStyi5ALrbvLi+mMB7wmDESMYyyCDKD8wBzfbP7tHo0+XV5Nfm2erb8d374AjiF+Qo5j3oVOpt7InuqPDK8u71Ffc++Wr7mf3K//9jdXJ2AAAAAAAAAQAAAAAAAAEAAwAHAAsAEQAYACAAKQA0AEEATgBdAG4AgACUAKkAwADYAPIBDQEqAUkBaQGLAa8B1AH7AiQCTwJ7AqkC2QMKAz0DcgOpA+IEHARZBJcE1wUZBV0FogXqBjMGfgbLBxoHawe+CBMIagjDCR0JegnZCjkKnAsBC2cL0Aw6DKcNFg2GDfkObg7lD14P2RBWENURVhHZEl4S5hNvE/sUiRUZFaoWPxbVF20YCBikGUMZ5BqHGywb1Bx+HSkd1x6HHzof7iClIV4iGSLXI5YkWCUcJeMmqyd2KEMpEinkKrcrjixmLUAuHS78L94wwTGnMpAzejRnNVY2SDc8ODI5KjolOyI8IT0jPic/LkA2QUFCT0NfRHFFhUacR7VI0UnvSw9MMk1XTn9PqVDVUgRTNVRoVZ5W11gRWU5ajlvQXRReW1+kYPBiPmOPZOJmN2ePaOlqRmulbQdua2/ScTtyp3QVdYV2+HhueeZ7YHzdfl1/34FjguqEc4X/h46JH4qyjEiN4Y98kRmSuZRclgGXqZlTmwCcr55hoBWhzKOGpUKnAajCqoWsTK4Vr+CxrrN/tVK3KLkAutu8uL6YwHvCYMRIxjLIIMoPzAHN9s/u0ejT5dXk1+bZ6tvx3fvgCOIX5CjmPehU6m3sie6o8Mry7vUV9z75avuZ/cr//2R0aW0AAAAAB9QADAAXAAkABwAPdmlldwAAAAAFdU1zBb6WlwY/fZoBF3XkASYeHgE/5ewAAAAC/9sAQwAQCwsLDAsQDAwQFw8NDxcbFBAQFBsfFxcXFxcfHhcaGhoaFx4eIyUnJSMeLy8zMy8vQEBAQEBAQEBAQEBAQEBA/9sAQwERDw8RExEVEhIVFBEUERQaFBYWFBomGhocGhomMCMeHh4eIzArLicnJy4rNTUwMDU1QEA/QEBAQEBAQEBAQEBA/8IAEQgCMAPIAwEiAAIRAQMRAf/EABkAAQADAQEAAAAAAAAAAAAAAAABAgMEBf/EABgBAQEBAQEAAAAAAAAAAAAAAAABAgME/9oADAMBAAIQAxAAAAHwG989uVquMW+KF7Lk0JnG+IWsZTtmtZ2iayjfOzNerBpDWc7UKNS4tas0l1tcjSyYTGzOUaXaxtvWbwbUuM20rhOtEosZiNLtYLmaTaVpPSnXlaWvPFpvNcbSl5wLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOhSMd961q3rzb4XnpvjedDOGdcdcbnWIodEK563RUlWLi+Gmeue81jPWNq0Fs5ubqJcujDbXOaWtnrlbLS8tKxWdNYrUdFKrS2drz0UTefTzdFzbnbS3550arlfO8trKTrZTQRW64RrlrzwLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvebxbZIjXMhOhlOsri6M1yXszlPRE3zm1xlbWZ05m+d51jazWEbXjmWvc1rctGuk1zNdDma3s543xZN03zujK5pOmi87a8vNeVmU63OdvaXmdEGDcYOjC5qLgaS0a1azXqzB0LzzPQvNG1152uTKNJM2l2sI2sc5N5wnpm+ZrMuLfOzNtikxbded
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bbc7337-c298-4840-bfd9-7f7f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T09:21:59.000Z" ,
"modified" : "2018-10-09T09:21:59.000Z" ,
"first_observed" : "2018-10-09T09:21:59Z" ,
"last_observed" : "2018-10-09T09:21:59Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5bbc7337-c298-4840-bfd9-7f7f950d210f" ,
"artifact--5bbc7337-c298-4840-bfd9-7f7f950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5bbc7337-c298-4840-bfd9-7f7f950d210f" ,
"name" : "create-task.jpg" ,
"content_ref" : "artifact--5bbc7337-c298-4840-bfd9-7f7f950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5bbc7337-c298-4840-bfd9-7f7f950d210f" ,
"payload_bin" : " / 9 j / 4 A A Q S k Z J R g A B A Q A A A Q A B A A D / 4 g l 0 S U N D X 1 B S T 0 Z J T E U A A Q E A A A l k A A A A A A I A A A B t b n R y U k d C I F h Z W i A H 1 A A M A B c A C Q A B A A l h Y 3 N w T V N G V A A A A A B T R U M g R l B E I A A A A A A A A A A A A A A A A Q A A 9 t U A A Q A A A A D T L F N F Q y A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A 1 j c H J 0 A A A B I A A A A D h k Z X N j A A A B W A A A A I B k b W 5 k A A A B 2 A A A A H p k b W R k A A A C V A A A A G J y W F l a A A A C u A A A A B R n W F l a A A A C z A A A A B R i W F l a A A A C 4 A A A A B R 3 d H B 0 A A A C 9 A A A A B R y V F J D A A A D C A A A A g x n V F J D A A A F F A A A A g x i V F J D A A A H I A A A A g x j Y W x 0 A A A J L A A A A B R 2 a W V 3 A A A J Q A A A A C R 0 Z X h 0 A A A A A E N v c H l y a W d o d C A o Y y k g M j A w M y B T Y W 1 z d W 5 n I E V s Z W N 0 c m 9 u a W N z I E N v L i w g T H R k A G R l c 2 M A A A A A A A A A J F N h b X N 1 b m c g L S B O Y X R 1 c m F s I E N v b G 9 y I F B y b y A x L j A g S U N N A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A Z G V z Y w A A A A A A A A A d U 2 F t c 3 V u Z y B F b G V j d H J v b m l j c y B D b y 4 s I E x 0 Z A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A G R l c 2 M A A A A A A A A A B S A g I C A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B Y W V o g A A A A A A A A f D Q A A E M M A A A B 0 1 h Z W i A A A A A A A A B V Q Q A A p C Y A A B h W W F l a I A A A A A A A A C V g A A A Y 0 Q A A u Q N Y W V o g A A A A A A A A 8 z 4 A A Q A A A A E W c G N 1 c n Y A A A A A A A A B A A A A A A A A A Q A D A A c A C w A R A B g A I A A p A D Q A Q Q B O A F 0 A b g C A A J Q A q Q D A A N g A 8 g E N A S o B S Q F p A Y s B r w H U A f s C J A J P A n s C q Q L Z A w o D P Q N y A 6 k D 4 g Q c B F k E l w T X B R k F X Q W i B e o G M w Z + B s s H G g d r B 74 I E w h q C M M J H Q l 6 C d k K O Q q c C w E L Z w v Q D D o M p w 0 W D Y Y N + Q 5 u D u U P X g / Z E F Y Q 1 R F W E d k S X h L m E 28 T + x S J F R k V q h Y / F t U X b R g I G K Q Z Q x n k G o c b L B v U H H 4 d K R 3 X H o c f O h / u I K U h X i I Z I t c j l i R Y J R w l 4 y a r J 3 Y o Q y k S K e Q q t y u O L G Y t Q C 4 d L v w v 3 j D B M a c y k D N 6 N G c 1 V j Z I N z w 4 M j k q O i U 7 I j w h P S M + J z 8 u Q D Z B Q U J P Q 19 E c U W F R p x H t U j R S e 9 L D 0 w y T V d O f 0 + p U N V S B F M 1 V G h V n l b X W B F Z T l q O W 9 B d F F 5 b X 6 R g 8 G I + Y 49 k 4 m Y 3 Z 49 o 6 W p G a 6 V t B 25 r b 9 J x O 3 K n d B V 1 h X b 4 e G 555 n t g f N 1 + X X / f g W O C 6 o R z h f + H j o k f i r K M S I 3 h j 3 y R G Z K 5 l F y W A Z e p m V O b A J y v n m G g F a H M o 4 a l Q q c B q M K q h a x M r h W v 4 L G u s 3 + 1 U r c o u Q C 627 y 4 v p j A e 8 J g x E j G M s g g y g / M A c 32 z + 7 R 6 N P l 1 e T X 5 t n q 2 / H d + + A I 4 h f k K O Y 96 F T q b e y J 7 q j w y v L u 9 R X 3 P v l q + 5 n 9 y v //Y3VydgAAAAAAAAEAAAAAAAABAAMABwALABEAGAAgACkANABBAE4AXQBuAIAAlACpAMAA2ADyAQ0BKgFJAWkBiwGvAdQB+wIkAk8CewKpAtkDCgM9A3IDqQPiBBwEWQSXBNcFGQVdBaIF6gYzBn4GywcaB2sHvggTCGoIwwkdCXoJ2Qo5CpwLAQtnC9AMOgynDRYNhg35Dm4O5Q9eD9kQVhDVEVYR2RJeEuYTbxP7FIkVGRWqFj8W1RdtGAgYpBlDGeQahxssG9Qcfh0pHdcehx86H+4gpSFeIhki1yOWJFglHCXjJqsndihDKRIp5Cq3K44sZi1ALh0u/C/eMMExpzKQM3o0ZzVWNkg3PDgyOSo6JTsiPCE9Iz4nPy5ANkFBQk9DX0RxRYVGnEe1SNFJ70sPTDJNV05/T6lQ1VIEUzVUaFWeVtdYEVlOWo5b0F0UXltfpGDwYj5jj2TiZjdnj2jpakZrpW0Hbmtv0nE7cqd0FXWFdvh4bnnme2B83X5df9+BY4LqhHOF/4eOiR+KsoxIjeGPfJEZkrmUXJYBl6mZU5sAnK+eYaAVocyjhqVCpwGowqqFrEyuFa/gsa6zf7VStyi5ALrbvLi+mMB7wmDESMYyyCDKD8wBzfbP7tHo0+XV5Nfm2erb8d374AjiF+Qo5j3oVOpt7InuqPDK8u71Ffc++Wr7mf3K//9jdXJ2AAAAAAAAAQAAAAAAAAEAAwAHAAsAEQAYACAAKQA0AEEATgBdAG4AgACUAKkAwADYAPIBDQEqAUkBaQGLAa8B1AH7AiQCTwJ7AqkC2QMKAz0DcgOpA+IEHARZBJcE1wUZBV0FogXqBjMGfgbLBxoHawe+CBMIagjDCR0JegnZCjkKnAsBC2cL0Aw6DKcNFg2GDfkObg7lD14P2RBWENURVhHZEl4S5hNvE/sUiRUZFaoWPxbVF20YCBikGUMZ5BqHGywb1Bx+HSkd1x6HHzof7iClIV4iGSLXI5YkWCUcJeMmqyd2KEMpEinkKrcrjixmLUAuHS78L94wwTGnMpAzejRnNVY2SDc8ODI5KjolOyI8IT0jPic/LkA2QUFCT0NfRHFFhUacR7VI0UnvSw9MMk1XTn9PqVDVUgRTNVRoVZ5W11gRWU5ajlvQXRReW1+kYPBiPmOPZOJmN2ePaOlqRmulbQdua2/ScTtyp3QVdYV2+HhueeZ7YHzdfl1/34FjguqEc4X/h46JH4qyjEiN4Y98kRmSuZRclgGXqZlTmwCcr55hoBWhzKOGpUKnAajCqoWsTK4Vr+CxrrN/tVK3KLkAutu8uL6YwHvCYMRIxjLIIMoPzAHN9s/u0ejT5dXk1+bZ6tvx3fvgCOIX5CjmPehU6m3sie6o8Mry7vUV9z75avuZ/cr//2R0aW0AAAAAB9QADAAXAAkABwAPdmlldwAAAAAFdU1zBb6WlwY/fZoBF3XkASYeHgE/5ewAAAAC/9sAQwAFAwQEBAMFBAQEBQUFBgcMCAcHBwcPCwsJDBEPEhIRDxERExYcFxMUGhURERghGBodHR8fHxMXIiQiHiQcHh8e/9sAQwEFBQUHBgcOCAgOHhQRFB4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4e/8IAEQgBfgPQAwEiAAIRAQMRAf/EABsAAQACAwEBAAAAAAAAAAAAAAAEBQIDBgcB/8QAGAEBAQEBAQAAAAAAAAAAAAAAAAIBAwT/2gAMAwEAAhADEAAAAb3bs3evyxWeezpYzN2KlRMfW3aRW3aRUqPrFtzI6UIqVX43JTUVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVIk5tcsWK5tmFckbc2EfI6/UbbPTZD37OnCXsTq5clZ3e7pPn8juHLt5/J7fE86u+hlnA4+gCkh9O2fP/noLK84k91njgPvftyuWKprliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliKnC2+ZtX8tU1TyJudZzk+0RXOVPaRPP7qOD1Ln15q6nw/V4d3Tczf7z5ufX/J69X9jk0O2ssVWlhVT6mq21Pyd
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bbc7592-d148-4e53-83d3-7fe6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T09:32:02.000Z" ,
"modified" : "2018-10-09T09:32:02.000Z" ,
"first_observed" : "2018-10-09T09:32:02Z" ,
"last_observed" : "2018-10-09T09:32:02Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5bbc7592-d148-4e53-83d3-7fe6950d210f" ,
"artifact--5bbc7592-d148-4e53-83d3-7fe6950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5bbc7592-d148-4e53-83d3-7fe6950d210f" ,
"name" : "cleanup-batch-file.jpg" ,
"content_ref" : "artifact--5bbc7592-d148-4e53-83d3-7fe6950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5bbc7592-d148-4e53-83d3-7fe6950d210f" ,
"payload_bin" : " / 9 j / 4 A A Q S k Z J R g A B A Q A A A Q A B A A D / 4 g l 0 S U N D X 1 B S T 0 Z J T E U A A Q E A A A l k A A A A A A I A A A B t b n R y U k d C I F h Z W i A H 1 A A M A B c A C Q A B A A l h Y 3 N w T V N G V A A A A A B T R U M g R l B E I A A A A A A A A A A A A A A A A Q A A 9 t U A A Q A A A A D T L F N F Q y A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A 1 j c H J 0 A A A B I A A A A D h k Z X N j A A A B W A A A A I B k b W 5 k A A A B 2 A A A A H p k b W R k A A A C V A A A A G J y W F l a A A A C u A A A A B R n W F l a A A A C z A A A A B R i W F l a A A A C 4 A A A A B R 3 d H B 0 A A A C 9 A A A A B R y V F J D A A A D C A A A A g x n V F J D A A A F F A A A A g x i V F J D A A A H I A A A A g x j Y W x 0 A A A J L A A A A B R 2 a W V 3 A A A J Q A A A A C R 0 Z X h 0 A A A A A E N v c H l y a W d o d C A o Y y k g M j A w M y B T Y W 1 z d W 5 n I E V s Z W N 0 c m 9 u a W N z I E N v L i w g T H R k A G R l c 2 M A A A A A A A A A J F N h b X N 1 b m c g L S B O Y X R 1 c m F s I E N v b G 9 y I F B y b y A x L j A g S U N N A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A Z G V z Y w A A A A A A A A A d U 2 F t c 3 V u Z y B F b G V j d H J v b m l j c y B D b y 4 s I E x 0 Z A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A G R l c 2 M A A A A A A A A A B S A g I C A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A B Y W V o g A A A A A A A A f D Q A A E M M A A A B 0 1 h Z W i A A A A A A A A B V Q Q A A p C Y A A B h W W F l a I A A A A A A A A C V g A A A Y 0 Q A A u Q N Y W V o g A A A A A A A A 8 z 4 A A Q A A A A E W c G N 1 c n Y A A A A A A A A B A A A A A A A A A Q A D A A c A C w A R A B g A I A A p A D Q A Q Q B O A F 0 A b g C A A J Q A q Q D A A N g A 8 g E N A S o B S Q F p A Y s B r w H U A f s C J A J P A n s C q Q L Z A w o D P Q N y A 6 k D 4 g Q c B F k E l w T X B R k F X Q W i B e o G M w Z + B s s H G g d r B 74 I E w h q C M M J H Q l 6 C d k K O Q q c C w E L Z w v Q D D o M p w 0 W D Y Y N + Q 5 u D u U P X g / Z E F Y Q 1 R F W E d k S X h L m E 28 T + x S J F R k V q h Y / F t U X b R g I G K Q Z Q x n k G o c b L B v U H H 4 d K R 3 X H o c f O h / u I K U h X i I Z I t c j l i R Y J R w l 4 y a r J 3 Y o Q y k S K e Q q t y u O L G Y t Q C 4 d L v w v 3 j D B M a c y k D N 6 N G c 1 V j Z I N z w 4 M j k q O i U 7 I j w h P S M + J z 8 u Q D Z B Q U J P Q 19 E c U W F R p x H t U j R S e 9 L D 0 w y T V d O f 0 + p U N V S B F M 1 V G h V n l b X W B F Z T l q O W 9 B d F F 5 b X 6 R g 8 G I + Y 49 k 4 m Y 3 Z 49 o 6 W p G a 6 V t B 25 r b 9 J x O 3 K n d B V 1 h X b 4 e G 555 n t g f N 1 + X X / f g W O C 6 o R z h f + H j o k f i r K M S I 3 h j 3 y R G Z K 5 l F y W A Z e p m V O b A J y v n m G g F a H M o 4 a l Q q c B q M K q h a x M r h W v 4 L G u s 3 + 1 U r c o u Q C 627 y 4 v p j A e 8 J g x E j G M s g g y g / M A c 32 z + 7 R 6 N P l 1 e T X 5 t n q 2 / H d + + A I 4 h f k K O Y 96 F T q b e y J 7 q j w y v L u 9 R X 3 P v l q + 5 n 9 y v //Y3VydgAAAAAAAAEAAAAAAAABAAMABwALABEAGAAgACkANABBAE4AXQBuAIAAlACpAMAA2ADyAQ0BKgFJAWkBiwGvAdQB+wIkAk8CewKpAtkDCgM9A3IDqQPiBBwEWQSXBNcFGQVdBaIF6gYzBn4GywcaB2sHvggTCGoIwwkdCXoJ2Qo5CpwLAQtnC9AMOgynDRYNhg35Dm4O5Q9eD9kQVhDVEVYR2RJeEuYTbxP7FIkVGRWqFj8W1RdtGAgYpBlDGeQahxssG9Qcfh0pHdcehx86H+4gpSFeIhki1yOWJFglHCXjJqsndihDKRIp5Cq3K44sZi1ALh0u/C/eMMExpzKQM3o0ZzVWNkg3PDgyOSo6JTsiPCE9Iz4nPy5ANkFBQk9DX0RxRYVGnEe1SNFJ70sPTDJNV05/T6lQ1VIEUzVUaFWeVtdYEVlOWo5b0F0UXltfpGDwYj5jj2TiZjdnj2jpakZrpW0Hbmtv0nE7cqd0FXWFdvh4bnnme2B83X5df9+BY4LqhHOF/4eOiR+KsoxIjeGPfJEZkrmUXJYBl6mZU5sAnK+eYaAVocyjhqVCpwGowqqFrEyuFa/gsa6zf7VStyi5ALrbvLi+mMB7wmDESMYyyCDKD8wBzfbP7tHo0+XV5Nfm2erb8d374AjiF+Qo5j3oVOpt7InuqPDK8u71Ffc++Wr7mf3K//9jdXJ2AAAAAAAAAQAAAAAAAAEAAwAHAAsAEQAYACAAKQA0AEEATgBdAG4AgACUAKkAwADYAPIBDQEqAUkBaQGLAa8B1AH7AiQCTwJ7AqkC2QMKAz0DcgOpA+IEHARZBJcE1wUZBV0FogXqBjMGfgbLBxoHawe+CBMIagjDCR0JegnZCjkKnAsBC2cL0Aw6DKcNFg2GDfkObg7lD14P2RBWENURVhHZEl4S5hNvE/sUiRUZFaoWPxbVF20YCBikGUMZ5BqHGywb1Bx+HSkd1x6HHzof7iClIV4iGSLXI5YkWCUcJeMmqyd2KEMpEinkKrcrjixmLUAuHS78L94wwTGnMpAzejRnNVY2SDc8ODI5KjolOyI8IT0jPic/LkA2QUFCT0NfRHFFhUacR7VI0UnvSw9MMk1XTn9PqVDVUgRTNVRoVZ5W11gRWU5ajlvQXRReW1+kYPBiPmOPZOJmN2ePaOlqRmulbQdua2/ScTtyp3QVdYV2+HhueeZ7YHzdfl1/34FjguqEc4X/h46JH4qyjEiN4Y98kRmSuZRclgGXqZlTmwCcr55hoBWhzKOGpUKnAajCqoWsTK4Vr+CxrrN/tVK3KLkAutu8uL6YwHvCYMRIxjLIIMoPzAHN9s/u0ejT5dXk1+bZ6tvx3fvgCOIX5CjmPehU6m3sie6o8Mry7vUV9z75avuZ/cr//2R0aW0AAAAAB9QADAAXAAkABwAPdmlldwAAAAAFdU1zBb6WlwY/fZoBF3XkASYeHgE/5ewAAAAC/9sAQwAFAwQEBAMFBAQEBQUFBgcMCAcHBwcPCwsJDBEPEhIRDxERExYcFxMUGhURERghGBodHR8fHxMXIiQiHiQcHh8e/9sAQwEFBQUHBgcOCAgOHhQRFB4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4e/8IAEQgBwAThAwEiAAIRAQMRAf/EABwAAQADAQEBAQEAAAAAAAAAAAAEBQYDAgEIB//EABgBAQEBAQEAAAAAAAAAAAAAAAABAwIE/9oADAMBAAIQAxAAAAGysOnb2eSK9+7OLp9Xk++Y+vHg7I0o+JXmo6VHjy6+6jpQiuvGPqUqKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCK7ypa5YornWYVyR7liJVbzrIcPvGnbgs9PP/HUZMv7T0Tu7krS67d8/z2y2DPXB9tsj+cz9utxPzbjA+P6CSnqNer+eev6C5v8AN/f9A61gLLWrK5YrzXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXL
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bbc6300-c92c-4478-9d96-5456950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T08:12:48.000Z" ,
"modified" : "2018-10-09T08:12:48.000Z" ,
"pattern" : "[file:hashes.SHA256 = '0b03bf1c7b596a862978999eebfa0703e6de48912c9a57e2fed3ae5cd747bea7' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-09T08:12:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bbc6396-dbdc-46ee-b882-60c7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-09T08:15:18.000Z" ,
"modified" : "2018-10-09T08:15:18.000Z" ,
"description" : "Ransomnote" ,
"pattern" : "[file:name = '#FOX_README#.rtf' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-09T08:15:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--12119283-9931-40f3-bff6-97439d358a0d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-10T07:41:35.000Z" ,
"modified" : "2018-10-10T07:41:35.000Z" ,
"pattern" : "[file:hashes.MD5 = '76b640aa00354e46b29ca7ac2adfd732' AND file:hashes.SHA1 = 'afebf9d72ba7186afefebf4deda87675621b0b8b' AND file:hashes.SHA256 = '0b03bf1c7b596a862978999eebfa0703e6de48912c9a57e2fed3ae5cd747bea7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-10T07:41:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b26bb70c-ce60-4296-a44f-16928c6826f0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-10T07:41:38.000Z" ,
"modified" : "2018-10-10T07:41:38.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-27T06:49:04" ,
"category" : "Other" ,
"uuid" : "e2030b2e-550b-4a1b-a93e-1c02dee0ad73"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/0b03bf1c7b596a862978999eebfa0703e6de48912c9a57e2fed3ae5cd747bea7/analysis/1538030944/" ,
"category" : "External analysis" ,
"uuid" : "67045a09-7660-427b-9976-0c4217fbbb3c"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "48/68" ,
"category" : "Other" ,
"uuid" : "ca8b504d-51aa-4e7b-976d-6953f54b7fd2"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--bd25a80f-da1a-4b92-99f1-5de2a4beb439" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-10T07:41:39.000Z" ,
"modified" : "2018-10-10T07:41:39.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--12119283-9931-40f3-bff6-97439d358a0d" ,
"target_ref" : "x-misp-object--b26bb70c-ce60-4296-a44f-16928c6826f0"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}