misp-circl-feed/feeds/circl/stix-2.1/5bbb1f88-fe84-4834-bccd-7916950d210f.json

563 lines
470 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5bbb1f88-fe84-4834-bccd-7916950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T07:42:02.000Z",
"modified": "2018-10-10T07:42:02.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5bbb1f88-fe84-4834-bccd-7916950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T07:42:02.000Z",
"modified": "2018-10-10T07:42:02.000Z",
"name": "OSINT - New Fox Ransomware Matrix Variant Tries Its Best to Close All File Handles",
"published": "2018-10-10T07:42:11Z",
"object_refs": [
"observed-data--5bbb2419-ffb4-41f3-ae26-215d950d210f",
"url--5bbb2419-ffb4-41f3-ae26-215d950d210f",
"x-misp-attribute--5bbb4c93-9990-42d6-a210-42cc950d210f",
"indicator--5bbc5e1f-dabc-4346-8882-5450950d210f",
"indicator--5bbc5e1f-777c-421d-9604-5450950d210f",
"indicator--5bbc5e20-28dc-457e-891c-5450950d210f",
"indicator--5bbc6418-2098-45c6-8ed7-602f950d210f",
"indicator--5bbc6419-1050-491c-83d7-602f950d210f",
"indicator--5bbc6419-bd6c-43d1-a2d7-602f950d210f",
"indicator--5bbc641a-8154-4851-aadc-602f950d210f",
"indicator--5bbc641a-b840-4736-a500-602f950d210f",
"x-misp-attribute--5bbc6441-7be4-4677-9ab0-6007950d210f",
"observed-data--5bbc6720-8aa4-4c50-b6d9-602f950d210f",
"file--5bbc6720-8aa4-4c50-b6d9-602f950d210f",
"artifact--5bbc6720-8aa4-4c50-b6d9-602f950d210f",
"observed-data--5bbc6b6c-f4b8-4833-a2f0-6012950d210f",
"file--5bbc6b6c-f4b8-4833-a2f0-6012950d210f",
"artifact--5bbc6b6c-f4b8-4833-a2f0-6012950d210f",
"observed-data--5bbc7337-c298-4840-bfd9-7f7f950d210f",
"file--5bbc7337-c298-4840-bfd9-7f7f950d210f",
"artifact--5bbc7337-c298-4840-bfd9-7f7f950d210f",
"observed-data--5bbc7592-d148-4e53-83d3-7fe6950d210f",
"file--5bbc7592-d148-4e53-83d3-7fe6950d210f",
"artifact--5bbc7592-d148-4e53-83d3-7fe6950d210f",
"indicator--5bbc6300-c92c-4478-9d96-5456950d210f",
"indicator--5bbc6396-dbdc-46ee-b882-60c7950d210f",
"indicator--12119283-9931-40f3-bff6-97439d358a0d",
"x-misp-object--b26bb70c-ce60-4296-a44f-16928c6826f0",
2023-05-19 09:05:37 +00:00
"relationship--bd25a80f-da1a-4b92-99f1-5de2a4beb439"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"malware_classification:malware-category=\"Ransomware\"",
"circl:incident-classification=\"malware\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:ransomware=\"Matrix\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbb2419-ffb4-41f3-ae26-215d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T10:05:31.000Z",
"modified": "2018-10-09T10:05:31.000Z",
"first_observed": "2018-10-09T10:05:31Z",
"last_observed": "2018-10-09T10:05:31Z",
"number_observed": 1,
"object_refs": [
"url--5bbb2419-ffb4-41f3-ae26-215d950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5bbb2419-ffb4-41f3-ae26-215d950d210f",
"value": "https://www.bleepingcomputer.com/news/security/new-fox-ransomware-matrix-variant-tries-its-best-to-close-all-file-handles/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5bbb4c93-9990-42d6-a210-42cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T10:05:17.000Z",
"modified": "2018-10-09T10:05:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "A new variant of the Matrix Ransomware has been discovered that is renaming encrypted files and then appending the .FOX extension to the file name. Of particular interest, this ransomware could have the most exhaustive process of making sure each and every file is not opened and available for encrypting. Thankfully, this also makes its encryption process very slow so it could be easier to detect.\r\n\r\nThis ransomware variant was first discovered by security researcher MalwareHunterTeam and is installed through computers running Remote Desktop Services and being openly connected to the Internet. The attackers will scan ranges of IP addresses to find open RDP services and then brute force the password."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbc5e1f-dabc-4346-8882-5450950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T07:51:59.000Z",
"modified": "2018-10-09T07:51:59.000Z",
"pattern": "[email-message:from_ref.value = 'pabfox@protonmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-09T07:51:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbc5e1f-777c-421d-9604-5450950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T07:51:59.000Z",
"modified": "2018-10-09T07:51:59.000Z",
"pattern": "[email-message:from_ref.value = 'foxhelp@cock.li']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-09T07:51:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbc5e20-28dc-457e-891c-5450950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T07:52:00.000Z",
"modified": "2018-10-09T07:52:00.000Z",
"pattern": "[email-message:from_ref.value = 'foxhelp@tutanota.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-09T07:52:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbc6418-2098-45c6-8ed7-602f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T08:17:28.000Z",
"modified": "2018-10-09T08:17:28.000Z",
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\random.vbs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-09T08:17:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbc6419-1050-491c-83d7-602f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T08:17:29.000Z",
"modified": "2018-10-09T08:17:29.000Z",
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\random.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-09T08:17:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbc6419-bd6c-43d1-a2d7-602f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T08:17:29.000Z",
"modified": "2018-10-09T08:17:29.000Z",
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\random.bmp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-09T08:17:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbc641a-8154-4851-aadc-602f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T08:17:30.000Z",
"modified": "2018-10-09T08:17:30.000Z",
"pattern": "[file:name = '\\\\%DownloadedFolder\\\\%\\\\.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-09T08:17:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbc641a-b840-4736-a500-602f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T08:17:30.000Z",
"modified": "2018-10-09T08:17:30.000Z",
"pattern": "[file:name = '\\\\%DownloadedFolder\\\\%\\\\.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-09T08:17:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5bbc6441-7be4-4677-9ab0-6007950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T08:18:09.000Z",
"modified": "2018-10-09T08:18:09.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "HOW TO RECOVER YOUR FILES INSTRUCTION\r\nATENTION!!!\r\nWe are realy sorry to inform you that ALL YOUR FILES WERE ENCRYPTED \r\nby our automatic software. It became possible because of bad server security. \r\nATENTION!!!\r\nPlease don't worry, we can help you to RESTORE your server to original\r\nstate and decrypt all your files quickly and safely!\r\n\r\nINFORMATION!!!\r\nFiles are not broken!!!\r\nFiles were encrypted with AES-128+RSA-2048 crypto algorithms.\r\nThere is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automaticaly DELETED AFTER 7 DAYS! You will irrevocably lose all your data!\r\n* Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!\r\n* Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.\r\n\r\nHOW TO RECOVER FILES???\r\nPlease write us to the e-mail (write on English or use professional translator):\r\nPabFox@protonmail.com \r\nFoxHelp@cock.li\r\nFoxHelp@tutanota.com\r\nYou have to send your message on each of our 3 emails due to the fact that the message may not reach their intended recipient for a variety of reasons!\r\n \r\nIn subject line write your personal ID:\r\n[id]\r\nWe recommed you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files. \r\n* Please note that files must not contain any valuable information and their total size must be less than 5Mb. \r\n\r\nOUR ADVICE!!!\r\nPlease be sure that we will find common languge. We will restore all the data and give you recommedations how to configure the protection of your server.\r\n\r\nWe will definitely reach an agreement ;) !!!"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbc6720-8aa4-4c50-b6d9-602f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T08:48:00.000Z",
"modified": "2018-10-09T08:48:00.000Z",
"first_observed": "2018-10-09T08:48:00Z",
"last_observed": "2018-10-09T08:48:00Z",
"number_observed": 1,
"object_refs": [
"file--5bbc6720-8aa4-4c50-b6d9-602f950d210f",
"artifact--5bbc6720-8aa4-4c50-b6d9-602f950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bbc6720-8aa4-4c50-b6d9-602f950d210f",
"name": "ransom-note-redacted.jpg",
"content_ref": "artifact--5bbc6720-8aa4-4c50-b6d9-602f950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bbc6720-8aa4-4c50-b6d9-602f950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/4gl0SUNDX1BST0ZJTEUAAQEAAAlkAAAAAAIAAABtbnRyUkdCIFhZWiAH1AAMABcACQABAAlhY3NwTVNGVAAAAABTRUMgRlBEIAAAAAAAAAAAAAAAAQAA9tUAAQAAAADTLFNFQyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1jcHJ0AAABIAAAADhkZXNjAAABWAAAAIBkbW5kAAAB2AAAAHpkbWRkAAACVAAAAGJyWFlaAAACuAAAABRnWFlaAAACzAAAABRiWFlaAAAC4AAAABR3dHB0AAAC9AAAABRyVFJDAAADCAAAAgxnVFJDAAAFFAAAAgxiVFJDAAAHIAAAAgxjYWx0AAAJLAAAABR2aWV3AAAJQAAAACR0ZXh0AAAAAENvcHlyaWdodCAoYykgMjAwMyBTYW1zdW5nIEVsZWN0cm9uaWNzIENvLiwgTHRkAGRlc2MAAAAAAAAAJFNhbXN1bmcgLSBOYXR1cmFsIENvbG9yIFBybyAxLjAgSUNNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZGVzYwAAAAAAAAAdU2Ftc3VuZyBFbGVjdHJvbmljcyBDby4sIEx0ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRlc2MAAAAAAAAABSAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYWVogAAAAAAAAfDQAAEMMAAAB01hZWiAAAAAAAABVQQAApCYAABhWWFlaIAAAAAAAACVgAAAY0QAAuQNYWVogAAAAAAAA8z4AAQAAAAEWcGN1cnYAAAAAAAABAAAAAAAAAQADAAcACwARABgAIAApADQAQQBOAF0AbgCAAJQAqQDAANgA8gENASoBSQFpAYsBrwHUAfsCJAJPAnsCqQLZAwoDPQNyA6kD4gQcBFkElwTXBRkFXQWiBeoGMwZ+BssHGgdrB74IEwhqCMMJHQl6CdkKOQqcCwELZwvQDDoMpw0WDYYN+Q5uDuUPXg/ZEFYQ1RFWEdkSXhLmE28T+xSJFRkVqhY/FtUXbRgIGKQZQxnkGocbLBvUHH4dKR3XHocfOh/uIKUhXiIZItcjliRYJRwl4yarJ3YoQykSKeQqtyuOLGYtQC4dLvwv3jDBMacykDN6NGc1VjZINzw4MjkqOiU7IjwhPSM+Jz8uQDZBQUJPQ19EcUWFRpxHtUjRSe9LD0wyTVdOf0+pUNVSBFM1VGhVnlbXWBFZTlqOW9BdFF5bX6Rg8GI+Y49k4mY3Z49o6WpGa6VtB25rb9JxO3KndBV1hXb4eG555ntgfN1+XX/fgWOC6oRzhf+HjokfirKMSI3hj3yRGZK5lFyWAZepmVObAJyvnmGgFaHMo4alQqcBqMKqhaxMrhWv4LGus3+1UrcouQC627y4vpjAe8JgxEjGMsggyg/MAc32z+7R6NPl1eTX5tnq2/Hd++AI4hfkKOY96FTqbeyJ7qjwyvLu9RX3Pvlq+5n9yv//Y3VydgAAAAAAAAEAAAAAAAABAAMABwALABEAGAAgACkANABBAE4AXQBuAIAAlACpAMAA2ADyAQ0BKgFJAWkBiwGvAdQB+wIkAk8CewKpAtkDCgM9A3IDqQPiBBwEWQSXBNcFGQVdBaIF6gYzBn4GywcaB2sHvggTCGoIwwkdCXoJ2Qo5CpwLAQtnC9AMOgynDRYNhg35Dm4O5Q9eD9kQVhDVEVYR2RJeEuYTbxP7FIkVGRWqFj8W1RdtGAgYpBlDGeQahxssG9Qcfh0pHdcehx86H+4gpSFeIhki1yOWJFglHCXjJqsndihDKRIp5Cq3K44sZi1ALh0u/C/eMMExpzKQM3o0ZzVWNkg3PDgyOSo6JTsiPCE9Iz4nPy5ANkFBQk9DX0RxRYVGnEe1SNFJ70sPTDJNV05/T6lQ1VIEUzVUaFWeVtdYEVlOWo5b0F0UXltfpGDwYj5jj2TiZjdnj2jpakZrpW0Hbmtv0nE7cqd0FXWFdvh4bnnme2B83X5df9+BY4LqhHOF/4eOiR+KsoxIjeGPfJEZkrmUXJYBl6mZU5sAnK+eYaAVocyjhqVCpwGowqqFrEyuFa/gsa6zf7VStyi5ALrbvLi+mMB7wmDESMYyyCDKD8wBzfbP7tHo0+XV5Nfm2erb8d374AjiF+Qo5j3oVOpt7InuqPDK8u71Ffc++Wr7mf3K//9jdXJ2AAAAAAAAAQAAAAAAAAEAAwAHAAsAEQAYACAAKQA0AEEATgBdAG4AgACUAKkAwADYAPIBDQEqAUkBaQGLAa8B1AH7AiQCTwJ7AqkC2QMKAz0DcgOpA+IEHARZBJcE1wUZBV0FogXqBjMGfgbLBxoHawe+CBMIagjDCR0JegnZCjkKnAsBC2cL0Aw6DKcNFg2GDfkObg7lD14P2RBWENURVhHZEl4S5hNvE/sUiRUZFaoWPxbVF20YCBikGUMZ5BqHGywb1Bx+HSkd1x6HHzof7iClIV4iGSLXI5YkWCUcJeMmqyd2KEMpEinkKrcrjixmLUAuHS78L94wwTGnMpAzejRnNVY2SDc8ODI5KjolOyI8IT0jPic/LkA2QUFCT0NfRHFFhUacR7VI0UnvSw9MMk1XTn9PqVDVUgRTNVRoVZ5W11gRWU5ajlvQXRReW1+kYPBiPmOPZOJmN2ePaOlqRmulbQdua2/ScTtyp3QVdYV2+HhueeZ7YHzdfl1/34FjguqEc4X/h46JH4qyjEiN4Y98kRmSuZRclgGXqZlTmwCcr55hoBWhzKOGpUKnAajCqoWsTK4Vr+CxrrN/tVK3KLkAutu8uL6YwHvCYMRIxjLIIMoPzAHN9s/u0ejT5dXk1+bZ6tvx3fvgCOIX5CjmPehU6m3sie6o8Mry7vUV9z75avuZ/cr//2R0aW0AAAAAB9QADAAXAAkABwAPdmlldwAAAAAFdU1zBb6WlwY/fZoBF3XkASYeHgE/5ewAAAAC/9sAQwAQCwsLDAsQDAwQFw8NDxcbFBAQFBsfFxcXFxcfHhcaGhoaFx4eIyUnJSMeLy8zMy8vQEBAQEBAQEBAQEBAQEBA/9sAQwERDw8RExEVEhIVFBEUERQaFBYWFBomGhocGhomMCMeHh4eIzArLicnJy4rNTUwMDU1QEA/QEBAQEBAQEBAQEBA/8IAEQgF3APiAwEiAAIRAQMRAf/EABoAAQADAQEBAAAAAAAAAAAAAAACAwQBBQb/xAAYAQEBAQEBAAAAAAAAAAAAAAAAAQMCBP/aAAwDAQACEAMQAAAB9Wzvndc7p+L7BJd5861MvoFKeaS5LpBdWRRkF1ZFcKVwpXClcKVwpXClcKVwpXClcKVwpXClcKV0StmtLFdxFSLlIuVC1ATRgWnDrnQr6TV9JlJcQJoaSl2ktcgWLJFK4UrhSuFK4UrhSuFK4UrhSuFK4UrhSuFK4UrsRenMpcoNCVhSuFK4Us2kLqjinYeMm149DFGzm5vUyD0fOJ130PO0GmJzY2REohXPolTcAAAAAAAAAAAAAEJjNO4Zu6BnhrGSWkZmkZ+aRXRrGeOoY+6xjlqGRrFENQytQw65imOgY5ahzoAAAAAAAAAAAAAKbgBVDQITCntoAonYFVtBzRnGFW1z80acWT5dLnhqynPW8n1pfUjKrDSUap1LlPLN8ZR56lVbQclmsJM9xonGQBnVC5nmWaPP9AArgrLeUxNSvhdXVaShXI0yADLLNYXcr4WWZJF3YRNUqrQCjlHDSzSNHKuGi3LqAM/ahYomXTxbSYI06MBfKms2zhMAAAA
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbc6b6c-f4b8-4833-a2f0-6012950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T08:48:44.000Z",
"modified": "2018-10-09T08:48:44.000Z",
"first_observed": "2018-10-09T08:48:44Z",
"last_observed": "2018-10-09T08:48:44Z",
"number_observed": 1,
"object_refs": [
"file--5bbc6b6c-f4b8-4833-a2f0-6012950d210f",
"artifact--5bbc6b6c-f4b8-4833-a2f0-6012950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bbc6b6c-f4b8-4833-a2f0-6012950d210f",
"name": "fox-background.jpg",
"content_ref": "artifact--5bbc6b6c-f4b8-4833-a2f0-6012950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bbc6b6c-f4b8-4833-a2f0-6012950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/4gl0SUNDX1BST0ZJTEUAAQEAAAlkAAAAAAIAAABtbnRyUkdCIFhZWiAH1AAMABcACQABAAlhY3NwTVNGVAAAAABTRUMgRlBEIAAAAAAAAAAAAAAAAQAA9tUAAQAAAADTLFNFQyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1jcHJ0AAABIAAAADhkZXNjAAABWAAAAIBkbW5kAAAB2AAAAHpkbWRkAAACVAAAAGJyWFlaAAACuAAAABRnWFlaAAACzAAAABRiWFlaAAAC4AAAABR3dHB0AAAC9AAAABRyVFJDAAADCAAAAgxnVFJDAAAFFAAAAgxiVFJDAAAHIAAAAgxjYWx0AAAJLAAAABR2aWV3AAAJQAAAACR0ZXh0AAAAAENvcHlyaWdodCAoYykgMjAwMyBTYW1zdW5nIEVsZWN0cm9uaWNzIENvLiwgTHRkAGRlc2MAAAAAAAAAJFNhbXN1bmcgLSBOYXR1cmFsIENvbG9yIFBybyAxLjAgSUNNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZGVzYwAAAAAAAAAdU2Ftc3VuZyBFbGVjdHJvbmljcyBDby4sIEx0ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRlc2MAAAAAAAAABSAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYWVogAAAAAAAAfDQAAEMMAAAB01hZWiAAAAAAAABVQQAApCYAABhWWFlaIAAAAAAAACVgAAAY0QAAuQNYWVogAAAAAAAA8z4AAQAAAAEWcGN1cnYAAAAAAAABAAAAAAAAAQADAAcACwARABgAIAApADQAQQBOAF0AbgCAAJQAqQDAANgA8gENASoBSQFpAYsBrwHUAfsCJAJPAnsCqQLZAwoDPQNyA6kD4gQcBFkElwTXBRkFXQWiBeoGMwZ+BssHGgdrB74IEwhqCMMJHQl6CdkKOQqcCwELZwvQDDoMpw0WDYYN+Q5uDuUPXg/ZEFYQ1RFWEdkSXhLmE28T+xSJFRkVqhY/FtUXbRgIGKQZQxnkGocbLBvUHH4dKR3XHocfOh/uIKUhXiIZItcjliRYJRwl4yarJ3YoQykSKeQqtyuOLGYtQC4dLvwv3jDBMacykDN6NGc1VjZINzw4MjkqOiU7IjwhPSM+Jz8uQDZBQUJPQ19EcUWFRpxHtUjRSe9LD0wyTVdOf0+pUNVSBFM1VGhVnlbXWBFZTlqOW9BdFF5bX6Rg8GI+Y49k4mY3Z49o6WpGa6VtB25rb9JxO3KndBV1hXb4eG555ntgfN1+XX/fgWOC6oRzhf+HjokfirKMSI3hj3yRGZK5lFyWAZepmVObAJyvnmGgFaHMo4alQqcBqMKqhaxMrhWv4LGus3+1UrcouQC627y4vpjAe8JgxEjGMsggyg/MAc32z+7R6NPl1eTX5tnq2/Hd++AI4hfkKOY96FTqbeyJ7qjwyvLu9RX3Pvlq+5n9yv//Y3VydgAAAAAAAAEAAAAAAAABAAMABwALABEAGAAgACkANABBAE4AXQBuAIAAlACpAMAA2ADyAQ0BKgFJAWkBiwGvAdQB+wIkAk8CewKpAtkDCgM9A3IDqQPiBBwEWQSXBNcFGQVdBaIF6gYzBn4GywcaB2sHvggTCGoIwwkdCXoJ2Qo5CpwLAQtnC9AMOgynDRYNhg35Dm4O5Q9eD9kQVhDVEVYR2RJeEuYTbxP7FIkVGRWqFj8W1RdtGAgYpBlDGeQahxssG9Qcfh0pHdcehx86H+4gpSFeIhki1yOWJFglHCXjJqsndihDKRIp5Cq3K44sZi1ALh0u/C/eMMExpzKQM3o0ZzVWNkg3PDgyOSo6JTsiPCE9Iz4nPy5ANkFBQk9DX0RxRYVGnEe1SNFJ70sPTDJNV05/T6lQ1VIEUzVUaFWeVtdYEVlOWo5b0F0UXltfpGDwYj5jj2TiZjdnj2jpakZrpW0Hbmtv0nE7cqd0FXWFdvh4bnnme2B83X5df9+BY4LqhHOF/4eOiR+KsoxIjeGPfJEZkrmUXJYBl6mZU5sAnK+eYaAVocyjhqVCpwGowqqFrEyuFa/gsa6zf7VStyi5ALrbvLi+mMB7wmDESMYyyCDKD8wBzfbP7tHo0+XV5Nfm2erb8d374AjiF+Qo5j3oVOpt7InuqPDK8u71Ffc++Wr7mf3K//9jdXJ2AAAAAAAAAQAAAAAAAAEAAwAHAAsAEQAYACAAKQA0AEEATgBdAG4AgACUAKkAwADYAPIBDQEqAUkBaQGLAa8B1AH7AiQCTwJ7AqkC2QMKAz0DcgOpA+IEHARZBJcE1wUZBV0FogXqBjMGfgbLBxoHawe+CBMIagjDCR0JegnZCjkKnAsBC2cL0Aw6DKcNFg2GDfkObg7lD14P2RBWENURVhHZEl4S5hNvE/sUiRUZFaoWPxbVF20YCBikGUMZ5BqHGywb1Bx+HSkd1x6HHzof7iClIV4iGSLXI5YkWCUcJeMmqyd2KEMpEinkKrcrjixmLUAuHS78L94wwTGnMpAzejRnNVY2SDc8ODI5KjolOyI8IT0jPic/LkA2QUFCT0NfRHFFhUacR7VI0UnvSw9MMk1XTn9PqVDVUgRTNVRoVZ5W11gRWU5ajlvQXRReW1+kYPBiPmOPZOJmN2ePaOlqRmulbQdua2/ScTtyp3QVdYV2+HhueeZ7YHzdfl1/34FjguqEc4X/h46JH4qyjEiN4Y98kRmSuZRclgGXqZlTmwCcr55hoBWhzKOGpUKnAajCqoWsTK4Vr+CxrrN/tVK3KLkAutu8uL6YwHvCYMRIxjLIIMoPzAHN9s/u0ejT5dXk1+bZ6tvx3fvgCOIX5CjmPehU6m3sie6o8Mry7vUV9z75avuZ/cr//2R0aW0AAAAAB9QADAAXAAkABwAPdmlldwAAAAAFdU1zBb6WlwY/fZoBF3XkASYeHgE/5ewAAAAC/9sAQwAQCwsLDAsQDAwQFw8NDxcbFBAQFBsfFxcXFxcfHhcaGhoaFx4eIyUnJSMeLy8zMy8vQEBAQEBAQEBAQEBAQEBA/9sAQwERDw8RExEVEhIVFBEUERQaFBYWFBomGhocGhomMCMeHh4eIzArLicnJy4rNTUwMDU1QEA/QEBAQEBAQEBAQEBA/8IAEQgCMAPIAwEiAAIRAQMRAf/EABkAAQADAQEAAAAAAAAAAAAAAAABAgMEBf/EABgBAQEBAQEAAAAAAAAAAAAAAAABAgME/9oADAMBAAIQAxAAAAHwG989uVquMW+KF7Lk0JnG+IWsZTtmtZ2iayjfOzNerBpDWc7UKNS4tas0l1tcjSyYTGzOUaXaxtvWbwbUuM20rhOtEosZiNLtYLmaTaVpPSnXlaWvPFpvNcbSl5wLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOhSMd961q3rzb4XnpvjedDOGdcdcbnWIodEK563RUlWLi+Gmeue81jPWNq0Fs5ubqJcujDbXOaWtnrlbLS8tKxWdNYrUdFKrS2drz0UTefTzdFzbnbS3550arlfO8trKTrZTQRW64RrlrzwLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvebxbZIjXMhOhlOsri6M1yXszlPRE3zm1xlbWZ05m+d51jazWEbXjmWvc1rctGuk1zNdDma3s543xZN03zujK5pOmi87a8vNeVmU63OdvaXmdEGDcYOjC5qLgaS0a1azXqzB0LzzPQvNG1152uTKNJM2l2sI2sc5N5wnpm+ZrMuLfOzNtikxbded
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbc7337-c298-4840-bfd9-7f7f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T09:21:59.000Z",
"modified": "2018-10-09T09:21:59.000Z",
"first_observed": "2018-10-09T09:21:59Z",
"last_observed": "2018-10-09T09:21:59Z",
"number_observed": 1,
"object_refs": [
"file--5bbc7337-c298-4840-bfd9-7f7f950d210f",
"artifact--5bbc7337-c298-4840-bfd9-7f7f950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bbc7337-c298-4840-bfd9-7f7f950d210f",
"name": "create-task.jpg",
"content_ref": "artifact--5bbc7337-c298-4840-bfd9-7f7f950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bbc7337-c298-4840-bfd9-7f7f950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/4gl0SUNDX1BST0ZJTEUAAQEAAAlkAAAAAAIAAABtbnRyUkdCIFhZWiAH1AAMABcACQABAAlhY3NwTVNGVAAAAABTRUMgRlBEIAAAAAAAAAAAAAAAAQAA9tUAAQAAAADTLFNFQyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1jcHJ0AAABIAAAADhkZXNjAAABWAAAAIBkbW5kAAAB2AAAAHpkbWRkAAACVAAAAGJyWFlaAAACuAAAABRnWFlaAAACzAAAABRiWFlaAAAC4AAAABR3dHB0AAAC9AAAABRyVFJDAAADCAAAAgxnVFJDAAAFFAAAAgxiVFJDAAAHIAAAAgxjYWx0AAAJLAAAABR2aWV3AAAJQAAAACR0ZXh0AAAAAENvcHlyaWdodCAoYykgMjAwMyBTYW1zdW5nIEVsZWN0cm9uaWNzIENvLiwgTHRkAGRlc2MAAAAAAAAAJFNhbXN1bmcgLSBOYXR1cmFsIENvbG9yIFBybyAxLjAgSUNNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZGVzYwAAAAAAAAAdU2Ftc3VuZyBFbGVjdHJvbmljcyBDby4sIEx0ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRlc2MAAAAAAAAABSAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYWVogAAAAAAAAfDQAAEMMAAAB01hZWiAAAAAAAABVQQAApCYAABhWWFlaIAAAAAAAACVgAAAY0QAAuQNYWVogAAAAAAAA8z4AAQAAAAEWcGN1cnYAAAAAAAABAAAAAAAAAQADAAcACwARABgAIAApADQAQQBOAF0AbgCAAJQAqQDAANgA8gENASoBSQFpAYsBrwHUAfsCJAJPAnsCqQLZAwoDPQNyA6kD4gQcBFkElwTXBRkFXQWiBeoGMwZ+BssHGgdrB74IEwhqCMMJHQl6CdkKOQqcCwELZwvQDDoMpw0WDYYN+Q5uDuUPXg/ZEFYQ1RFWEdkSXhLmE28T+xSJFRkVqhY/FtUXbRgIGKQZQxnkGocbLBvUHH4dKR3XHocfOh/uIKUhXiIZItcjliRYJRwl4yarJ3YoQykSKeQqtyuOLGYtQC4dLvwv3jDBMacykDN6NGc1VjZINzw4MjkqOiU7IjwhPSM+Jz8uQDZBQUJPQ19EcUWFRpxHtUjRSe9LD0wyTVdOf0+pUNVSBFM1VGhVnlbXWBFZTlqOW9BdFF5bX6Rg8GI+Y49k4mY3Z49o6WpGa6VtB25rb9JxO3KndBV1hXb4eG555ntgfN1+XX/fgWOC6oRzhf+HjokfirKMSI3hj3yRGZK5lFyWAZepmVObAJyvnmGgFaHMo4alQqcBqMKqhaxMrhWv4LGus3+1UrcouQC627y4vpjAe8JgxEjGMsggyg/MAc32z+7R6NPl1eTX5tnq2/Hd++AI4hfkKOY96FTqbeyJ7qjwyvLu9RX3Pvlq+5n9yv//Y3VydgAAAAAAAAEAAAAAAAABAAMABwALABEAGAAgACkANABBAE4AXQBuAIAAlACpAMAA2ADyAQ0BKgFJAWkBiwGvAdQB+wIkAk8CewKpAtkDCgM9A3IDqQPiBBwEWQSXBNcFGQVdBaIF6gYzBn4GywcaB2sHvggTCGoIwwkdCXoJ2Qo5CpwLAQtnC9AMOgynDRYNhg35Dm4O5Q9eD9kQVhDVEVYR2RJeEuYTbxP7FIkVGRWqFj8W1RdtGAgYpBlDGeQahxssG9Qcfh0pHdcehx86H+4gpSFeIhki1yOWJFglHCXjJqsndihDKRIp5Cq3K44sZi1ALh0u/C/eMMExpzKQM3o0ZzVWNkg3PDgyOSo6JTsiPCE9Iz4nPy5ANkFBQk9DX0RxRYVGnEe1SNFJ70sPTDJNV05/T6lQ1VIEUzVUaFWeVtdYEVlOWo5b0F0UXltfpGDwYj5jj2TiZjdnj2jpakZrpW0Hbmtv0nE7cqd0FXWFdvh4bnnme2B83X5df9+BY4LqhHOF/4eOiR+KsoxIjeGPfJEZkrmUXJYBl6mZU5sAnK+eYaAVocyjhqVCpwGowqqFrEyuFa/gsa6zf7VStyi5ALrbvLi+mMB7wmDESMYyyCDKD8wBzfbP7tHo0+XV5Nfm2erb8d374AjiF+Qo5j3oVOpt7InuqPDK8u71Ffc++Wr7mf3K//9jdXJ2AAAAAAAAAQAAAAAAAAEAAwAHAAsAEQAYACAAKQA0AEEATgBdAG4AgACUAKkAwADYAPIBDQEqAUkBaQGLAa8B1AH7AiQCTwJ7AqkC2QMKAz0DcgOpA+IEHARZBJcE1wUZBV0FogXqBjMGfgbLBxoHawe+CBMIagjDCR0JegnZCjkKnAsBC2cL0Aw6DKcNFg2GDfkObg7lD14P2RBWENURVhHZEl4S5hNvE/sUiRUZFaoWPxbVF20YCBikGUMZ5BqHGywb1Bx+HSkd1x6HHzof7iClIV4iGSLXI5YkWCUcJeMmqyd2KEMpEinkKrcrjixmLUAuHS78L94wwTGnMpAzejRnNVY2SDc8ODI5KjolOyI8IT0jPic/LkA2QUFCT0NfRHFFhUacR7VI0UnvSw9MMk1XTn9PqVDVUgRTNVRoVZ5W11gRWU5ajlvQXRReW1+kYPBiPmOPZOJmN2ePaOlqRmulbQdua2/ScTtyp3QVdYV2+HhueeZ7YHzdfl1/34FjguqEc4X/h46JH4qyjEiN4Y98kRmSuZRclgGXqZlTmwCcr55hoBWhzKOGpUKnAajCqoWsTK4Vr+CxrrN/tVK3KLkAutu8uL6YwHvCYMRIxjLIIMoPzAHN9s/u0ejT5dXk1+bZ6tvx3fvgCOIX5CjmPehU6m3sie6o8Mry7vUV9z75avuZ/cr//2R0aW0AAAAAB9QADAAXAAkABwAPdmlldwAAAAAFdU1zBb6WlwY/fZoBF3XkASYeHgE/5ewAAAAC/9sAQwAFAwQEBAMFBAQEBQUFBgcMCAcHBwcPCwsJDBEPEhIRDxERExYcFxMUGhURERghGBodHR8fHxMXIiQiHiQcHh8e/9sAQwEFBQUHBgcOCAgOHhQRFB4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4e/8IAEQgBfgPQAwEiAAIRAQMRAf/EABsAAQACAwEBAAAAAAAAAAAAAAAEBQIDBgcB/8QAGAEBAQEBAQAAAAAAAAAAAAAAAAIBAwT/2gAMAwEAAhADEAAAAb3bs3evyxWeezpYzN2KlRMfW3aRW3aRUqPrFtzI6UIqVX43JTUVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVKEVIk5tcsWK5tmFckbc2EfI6/UbbPTZD37OnCXsTq5clZ3e7pPn8juHLt5/J7fE86u+hlnA4+gCkh9O2fP/noLK84k91njgPvftyuWKprliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliK5YiuWIrliKnC2+ZtX8tU1TyJudZzk+0RXOVPaRPP7qOD1Ln15q6nw/V4d3Tczf7z5ufX/J69X9jk0O2ssVWlhVT6mq21Pyd
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbc7592-d148-4e53-83d3-7fe6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T09:32:02.000Z",
"modified": "2018-10-09T09:32:02.000Z",
"first_observed": "2018-10-09T09:32:02Z",
"last_observed": "2018-10-09T09:32:02Z",
"number_observed": 1,
"object_refs": [
"file--5bbc7592-d148-4e53-83d3-7fe6950d210f",
"artifact--5bbc7592-d148-4e53-83d3-7fe6950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bbc7592-d148-4e53-83d3-7fe6950d210f",
"name": "cleanup-batch-file.jpg",
"content_ref": "artifact--5bbc7592-d148-4e53-83d3-7fe6950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bbc7592-d148-4e53-83d3-7fe6950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/4gl0SUNDX1BST0ZJTEUAAQEAAAlkAAAAAAIAAABtbnRyUkdCIFhZWiAH1AAMABcACQABAAlhY3NwTVNGVAAAAABTRUMgRlBEIAAAAAAAAAAAAAAAAQAA9tUAAQAAAADTLFNFQyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1jcHJ0AAABIAAAADhkZXNjAAABWAAAAIBkbW5kAAAB2AAAAHpkbWRkAAACVAAAAGJyWFlaAAACuAAAABRnWFlaAAACzAAAABRiWFlaAAAC4AAAABR3dHB0AAAC9AAAABRyVFJDAAADCAAAAgxnVFJDAAAFFAAAAgxiVFJDAAAHIAAAAgxjYWx0AAAJLAAAABR2aWV3AAAJQAAAACR0ZXh0AAAAAENvcHlyaWdodCAoYykgMjAwMyBTYW1zdW5nIEVsZWN0cm9uaWNzIENvLiwgTHRkAGRlc2MAAAAAAAAAJFNhbXN1bmcgLSBOYXR1cmFsIENvbG9yIFBybyAxLjAgSUNNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZGVzYwAAAAAAAAAdU2Ftc3VuZyBFbGVjdHJvbmljcyBDby4sIEx0ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRlc2MAAAAAAAAABSAgICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYWVogAAAAAAAAfDQAAEMMAAAB01hZWiAAAAAAAABVQQAApCYAABhWWFlaIAAAAAAAACVgAAAY0QAAuQNYWVogAAAAAAAA8z4AAQAAAAEWcGN1cnYAAAAAAAABAAAAAAAAAQADAAcACwARABgAIAApADQAQQBOAF0AbgCAAJQAqQDAANgA8gENASoBSQFpAYsBrwHUAfsCJAJPAnsCqQLZAwoDPQNyA6kD4gQcBFkElwTXBRkFXQWiBeoGMwZ+BssHGgdrB74IEwhqCMMJHQl6CdkKOQqcCwELZwvQDDoMpw0WDYYN+Q5uDuUPXg/ZEFYQ1RFWEdkSXhLmE28T+xSJFRkVqhY/FtUXbRgIGKQZQxnkGocbLBvUHH4dKR3XHocfOh/uIKUhXiIZItcjliRYJRwl4yarJ3YoQykSKeQqtyuOLGYtQC4dLvwv3jDBMacykDN6NGc1VjZINzw4MjkqOiU7IjwhPSM+Jz8uQDZBQUJPQ19EcUWFRpxHtUjRSe9LD0wyTVdOf0+pUNVSBFM1VGhVnlbXWBFZTlqOW9BdFF5bX6Rg8GI+Y49k4mY3Z49o6WpGa6VtB25rb9JxO3KndBV1hXb4eG555ntgfN1+XX/fgWOC6oRzhf+HjokfirKMSI3hj3yRGZK5lFyWAZepmVObAJyvnmGgFaHMo4alQqcBqMKqhaxMrhWv4LGus3+1UrcouQC627y4vpjAe8JgxEjGMsggyg/MAc32z+7R6NPl1eTX5tnq2/Hd++AI4hfkKOY96FTqbeyJ7qjwyvLu9RX3Pvlq+5n9yv//Y3VydgAAAAAAAAEAAAAAAAABAAMABwALABEAGAAgACkANABBAE4AXQBuAIAAlACpAMAA2ADyAQ0BKgFJAWkBiwGvAdQB+wIkAk8CewKpAtkDCgM9A3IDqQPiBBwEWQSXBNcFGQVdBaIF6gYzBn4GywcaB2sHvggTCGoIwwkdCXoJ2Qo5CpwLAQtnC9AMOgynDRYNhg35Dm4O5Q9eD9kQVhDVEVYR2RJeEuYTbxP7FIkVGRWqFj8W1RdtGAgYpBlDGeQahxssG9Qcfh0pHdcehx86H+4gpSFeIhki1yOWJFglHCXjJqsndihDKRIp5Cq3K44sZi1ALh0u/C/eMMExpzKQM3o0ZzVWNkg3PDgyOSo6JTsiPCE9Iz4nPy5ANkFBQk9DX0RxRYVGnEe1SNFJ70sPTDJNV05/T6lQ1VIEUzVUaFWeVtdYEVlOWo5b0F0UXltfpGDwYj5jj2TiZjdnj2jpakZrpW0Hbmtv0nE7cqd0FXWFdvh4bnnme2B83X5df9+BY4LqhHOF/4eOiR+KsoxIjeGPfJEZkrmUXJYBl6mZU5sAnK+eYaAVocyjhqVCpwGowqqFrEyuFa/gsa6zf7VStyi5ALrbvLi+mMB7wmDESMYyyCDKD8wBzfbP7tHo0+XV5Nfm2erb8d374AjiF+Qo5j3oVOpt7InuqPDK8u71Ffc++Wr7mf3K//9jdXJ2AAAAAAAAAQAAAAAAAAEAAwAHAAsAEQAYACAAKQA0AEEATgBdAG4AgACUAKkAwADYAPIBDQEqAUkBaQGLAa8B1AH7AiQCTwJ7AqkC2QMKAz0DcgOpA+IEHARZBJcE1wUZBV0FogXqBjMGfgbLBxoHawe+CBMIagjDCR0JegnZCjkKnAsBC2cL0Aw6DKcNFg2GDfkObg7lD14P2RBWENURVhHZEl4S5hNvE/sUiRUZFaoWPxbVF20YCBikGUMZ5BqHGywb1Bx+HSkd1x6HHzof7iClIV4iGSLXI5YkWCUcJeMmqyd2KEMpEinkKrcrjixmLUAuHS78L94wwTGnMpAzejRnNVY2SDc8ODI5KjolOyI8IT0jPic/LkA2QUFCT0NfRHFFhUacR7VI0UnvSw9MMk1XTn9PqVDVUgRTNVRoVZ5W11gRWU5ajlvQXRReW1+kYPBiPmOPZOJmN2ePaOlqRmulbQdua2/ScTtyp3QVdYV2+HhueeZ7YHzdfl1/34FjguqEc4X/h46JH4qyjEiN4Y98kRmSuZRclgGXqZlTmwCcr55hoBWhzKOGpUKnAajCqoWsTK4Vr+CxrrN/tVK3KLkAutu8uL6YwHvCYMRIxjLIIMoPzAHN9s/u0ejT5dXk1+bZ6tvx3fvgCOIX5CjmPehU6m3sie6o8Mry7vUV9z75avuZ/cr//2R0aW0AAAAAB9QADAAXAAkABwAPdmlldwAAAAAFdU1zBb6WlwY/fZoBF3XkASYeHgE/5ewAAAAC/9sAQwAFAwQEBAMFBAQEBQUFBgcMCAcHBwcPCwsJDBEPEhIRDxERExYcFxMUGhURERghGBodHR8fHxMXIiQiHiQcHh8e/9sAQwEFBQUHBgcOCAgOHhQRFB4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4e/8IAEQgBwAThAwEiAAIRAQMRAf/EABwAAQADAQEBAQEAAAAAAAAAAAAEBQYDAgEIB//EABgBAQEBAQEAAAAAAAAAAAAAAAABAwIE/9oADAMBAAIQAxAAAAGysOnb2eSK9+7OLp9Xk++Y+vHg7I0o+JXmo6VHjy6+6jpQiuvGPqUqKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCKlCK7ypa5YornWYVyR7liJVbzrIcPvGnbgs9PP/HUZMv7T0Tu7krS67d8/z2y2DPXB9tsj+cz9utxPzbjA+P6CSnqNer+eev6C5v8AN/f9A61gLLWrK5YrzXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXLEVyxFcsRXL
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbc6300-c92c-4478-9d96-5456950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T08:12:48.000Z",
"modified": "2018-10-09T08:12:48.000Z",
"pattern": "[file:hashes.SHA256 = '0b03bf1c7b596a862978999eebfa0703e6de48912c9a57e2fed3ae5cd747bea7' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-09T08:12:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbc6396-dbdc-46ee-b882-60c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-09T08:15:18.000Z",
"modified": "2018-10-09T08:15:18.000Z",
"description": "Ransomnote",
"pattern": "[file:name = '#FOX_README#.rtf' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-09T08:15:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--12119283-9931-40f3-bff6-97439d358a0d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T07:41:35.000Z",
"modified": "2018-10-10T07:41:35.000Z",
"pattern": "[file:hashes.MD5 = '76b640aa00354e46b29ca7ac2adfd732' AND file:hashes.SHA1 = 'afebf9d72ba7186afefebf4deda87675621b0b8b' AND file:hashes.SHA256 = '0b03bf1c7b596a862978999eebfa0703e6de48912c9a57e2fed3ae5cd747bea7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T07:41:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b26bb70c-ce60-4296-a44f-16928c6826f0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T07:41:38.000Z",
"modified": "2018-10-10T07:41:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-09-27T06:49:04",
"category": "Other",
"uuid": "e2030b2e-550b-4a1b-a93e-1c02dee0ad73"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0b03bf1c7b596a862978999eebfa0703e6de48912c9a57e2fed3ae5cd747bea7/analysis/1538030944/",
"category": "External analysis",
"uuid": "67045a09-7660-427b-9976-0c4217fbbb3c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "48/68",
"category": "Other",
"uuid": "ca8b504d-51aa-4e7b-976d-6953f54b7fd2"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--bd25a80f-da1a-4b92-99f1-5de2a4beb439",
2023-04-21 14:44:17 +00:00
"created": "2018-10-10T07:41:39.000Z",
"modified": "2018-10-10T07:41:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--12119283-9931-40f3-bff6-97439d358a0d",
"target_ref": "x-misp-object--b26bb70c-ce60-4296-a44f-16928c6826f0"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}