misp-circl-feed/feeds/circl/stix-2.1/580dc270-81d8-49fa-91cd-417d950d210f.json

463 lines
802 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--580dc270-81d8-49fa-91cd-417d950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:23:50.000Z",
"modified": "2016-10-24T08:23:50.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--580dc270-81d8-49fa-91cd-417d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:23:50.000Z",
"modified": "2016-10-24T08:23:50.000Z",
"name": "Malspam week 44 (2016-10-24) - Locky ('Sebek')",
"published": "2016-10-24T08:29:08Z",
"object_refs": [
"indicator--580dc3c8-635c-42fc-bce2-478f950d210f",
"indicator--580dc3c8-2a90-4e11-97eb-47dd950d210f",
"indicator--580dc3c9-9b2c-4087-a510-4639950d210f",
"indicator--580dc3c9-a1dc-4423-9f6c-401e950d210f",
"indicator--580dc3ca-74fc-4ee9-b67d-464d950d210f",
"indicator--580dc3ca-5b38-400c-8d4d-4e62950d210f",
"indicator--580dc3cb-259c-46f4-b38b-4826950d210f",
"x-misp-attribute--580dc516-2cf0-4bd6-956a-401b950d210f",
"indicator--580dc552-ef14-46b4-9250-4360950d210f",
"indicator--580dc553-9644-4e14-9082-427d950d210f",
"indicator--580dc554-4ebc-47dc-9320-4156950d210f",
"indicator--580dc555-f5f0-43f3-88bb-4e37950d210f",
"indicator--580dc556-62c4-4673-a2d3-4c32950d210f",
"indicator--580dc557-bf9c-4a34-8837-476d950d210f",
"indicator--580dc558-9ff4-4027-a760-4ad2950d210f",
"indicator--580dc559-7d10-4ade-a06d-4871950d210f",
"indicator--580dc55a-90e0-4ffc-81ad-4c33950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\"",
"malware_classification:malware-category=\"Ransomware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc3c8-635c-42fc-bce2-478f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:18:16.000Z",
"modified": "2016-10-24T08:18:16.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.injusticeil.top/user.php?f=1.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:18:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc3c8-2a90-4e11-97eb-47dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:18:16.000Z",
"modified": "2016-10-24T08:18:16.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.injusticeil.top/user.php?f=2.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:18:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc3c9-9b2c-4087-a510-4639950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:18:17.000Z",
"modified": "2016-10-24T08:18:17.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.injusticeil.top/user.php?f=3.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:18:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc3c9-a1dc-4423-9f6c-401e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:18:17.000Z",
"modified": "2016-10-24T08:18:17.000Z",
"description": "download location",
"pattern": "[file:name = 'www.injusticeil.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:18:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc3ca-74fc-4ee9-b67d-464d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:18:18.000Z",
"modified": "2016-10-24T08:18:18.000Z",
"description": "download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '172.245.9.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:18:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc3ca-5b38-400c-8d4d-4e62950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:18:18.000Z",
"modified": "2016-10-24T08:18:18.000Z",
"description": "download location",
"pattern": "[url:value = 'http://www.surprisingdd.top/user.php?f=1.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:18:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc3cb-259c-46f4-b38b-4826950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:18:19.000Z",
"modified": "2016-10-24T08:18:19.000Z",
"description": "download location",
"pattern": "[file:name = 'www.surprisingdd.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:18:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--580dc516-2cf0-4bd6-956a-401b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:23:50.000Z",
"modified": "2016-10-24T08:23:50.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_type": "text",
"x_misp_value": "FileVersionInfo properties\r\nCopyrightCopyright (C) The Honeynet Project.\r\nProduct Sebek\r\nFile version 3.0.4.0"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc552-ef14-46b4-9250-4360950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:24:50.000Z",
"modified": "2016-10-24T08:24:50.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABlDWEmIKip5x8wCAIkUAwAgABwAODU4MTc4Nzc4MmY2NjQ3YjUwNmNmZTVlYWMxMzY0NzdVVAkAA1LFDVhSxQ1YdXgLAAEEIQAAAAQhAAAAskZaXt/w3fysZCr+WzBP/pez1bATs2qlKm30DVsC7f2stWnKzee8w0WDCaOe1CVS1ORLetlvcGsWbdFewIhXY7P39W+eRuZt2nmxVlFUkEYPmSW1pOaZaiZIEeEjnbapwZaLBgO7D0gQB9l8zZFk+LmjbQAcXEdFQ1QslwRWQDKRoWCVOMNx/elyhH4A1EZx128pD8fVAIsUpd6gnmQ1/uDUYqjE2fohaBllrdvBOqF1SMNMdySnmjq3hz+HrCif9uUPKlrVMZIsFU5iCj01huYKr9y5m9OnmFtnAyaOFYkEOuKb9XqzFRICoj+tBvB1KycEkOj97z/yvxMYXD8KaoZETfGZhpv+GzCruxVazUQSLahJ2EMOYrxMoeXUYe7Rb8APPbYoWIkh2eEs9ZQUcfK5hGzlpyp2Wfl0emNo5bBOfVIwWmD6f0zp99tuHTQqfkxJBcjHI21+B7e/4tmAzvkCrwAFWaxoOEk+bacGXt/BUlWEFHj00qgTxfpxO9isb1UB2MKTBPJ+4cwp52TDOZytS4kj+1ZSj1ksh6N8QkzZS2i0xNERsuwpuGbEIBOUnX504VSd0DCoL3ge12wnXrfq1DsBZggkvn0r8b51JJPnO24poctfJeCCgvVdMOwhz+PKm9p7R2n8JSqwnriu7ioCRy2Nkti8plLoRo8nb948sPdhaPDv0oC4USo3VFcQhnSXvbWoV7je+TilI7P4pVbTodgnz47RB0mkzcUa7QKXMvlNfivP5OlIXX7Hdzg5xfQWQEAuXaElJtOfuJPFhoVeLddvokGZrtiMO/CHXjYGKNm26g61M/GC4JN0WCjEIYvVcvN5KaoqLz/zNL6499iDwO5c/b2XRL4s12UTtEXXz8asDtdumrOc4O+2TDC4OzKruiyR+yJI3I/Q4bByvehugRwRrMN40ZIxPqq1+L2oMsCG8NcrTcb5zVpIkFOo68L0zpJdKOVM0HDhzfd7cAAVa/sdPGJ93q7i4gp4+3Z4rsEnaOS8NRmsG94dkDKV9rL1d/rmGuYDBJvhnvheaaonpY66uHQV17ycgJ/2COCqPNtle3fedbH/WMbmMXMkcaFlovEc0RKmZAlt+SLk37oJ9VEevevvZtigH0aKLVXbLBMbbrkHDl27jL0Fr5SL5XhEuiOH7AYM+6+GvmCp1IscGL7gAGdP0YP8/Pl8hKtlhVB9EsheZ4cS6Tz5k1rM6GLKqGgv4/QVRs4qyLnSjCbfrYOyVbqwDaTrRT4lLiHO19rxcWFtBYcUM7+72uKgh4FtVAI81Wc2SmXYcBgsTPk9Zp7qzVPi0fLPkUtF8N/uQchsNLIoqwKX6Mz7KcoR8zf/t/sjGIVoB1COwJpDBFAd52c7ZawLrR0rhMQ81g5r0u65H/ekxECxftkaJhmG72YIAQWhT2eavi8w84MzriKMZnL87ypWQaH9Omi4nqS9ckJ6yML/zwSbdSFlAJGXfaJxNcJKP8lBViAKqNBFgEM/ox6xULXQ/XHy4abW9tgmQ6fi5lV6BwuFGlZXyERdsnlCy3i4S0Wsn3s9eYmORUq1uZitZ1QnJVpwbgfkFlka4Fh354zUc9sno8n7EEzMgjIHAzzD6THgorDVciil/lVKsDHoiJQJBeMjUD5TSy1Ssrzjk0BJCWPmOBXpoCDYvUawV4zzS5jleGeBl9St35HS/12pq+7UJLmUlIWcf0WjjsotOgLJIaskPGw7S5Qf3iGc87frMXREkLx9XwMhulmaZyMfeHu/yvNVFWNtkVoPK4+TGXQfEraYgvQiaFsXS5WvMEbx+DmutXWnMcf2ggV21OJK82ehpyBRbdcAhxDqRaCwDYkS9FzR497GjlvvNzOYAuzmsIiXWzIXjvFzrpS+VRYdy759EVtCKFG6mYd4ulUG7neoGQNoPQHU4IaWMrBA3FmG0xReuk894a6qr6r5Y0TvhVtF51k6erS7iDeHT+2Km7pqXvUzVz/gkPJvOX4xwvzslGsk9FQHBEtzs+ckgrmrJxhKsewDxADHCQOk+nq/2M7C78BKegA6ELmbrKAQJUAwTVMY9MtFFCbFG9BP/tFMbC+i37HvKy3NzP02v4BfT++slJ/RYhkj8vLgdE0AYDkigOumuWhHHE/qg53THg4zM6V9S9FVghe0dE3RdanzAsR7IGahQuE0qI8p8iZusyiNEFgzjqcxFm436h+YUC0811yem+Zgxqkz5MaIy/+zUfXNv0HicTSHy2oLtjemJtf3VeT/Nel0G09cyFkMZAW28Z9wfd2ygD/EO07JKn9+WV645W7KOao+DjyPb2Kb2YOrY6/0BdC6YqnJkfretRf6WVFnhL95QxhAD8LqxLXqmlg/ZMuYHDA6cNlk99gKbmtX7qHerkBY/C0hdptrQq9pTXAS4PdpctvUz+HzPWzdW5lUj+hNOHuXVGUXaSAhi8chMIYr8zGyhzY3N77FNQT+i6GgIJlvhhlJJO8xlpFT8ndfn+L/S7+0v038UMafyw64tpBrMxG7d0RBmFcxnAUwAYNFnN0sNsm7cKnX9zy1elOQKbR9N9frfjoea5HEL9CVs+j3VU1ibHt1XojIuqP0n+Yq4tIx6sXiK74gXad3KSzAUXH3okbaRsn9gS1Ymg0jDfCcIf0fzgi/ZkUVod0cxK4172ramFl7du5BekibSqVBf6LG2ppkUEpO92/spwOzs9Ch+FHlRsHouL6JJPlTFq4fqoPCfgUbdg9uPgWf3MHkxvIkroLa3Cy+BQmZbHZQSwKXqVR2lKQQiuKaukZl0qBA2ncWCt/MJcesJFdtSrQWrBBrRWLx3N09bg8TWYraFft9uuXCOBd1OPWv2I+MKAOs2e7PA5vA281fcZAM82mdX3gkK9euSmz06tT5CM7hlqHz8OjK4fUo0CFT+LqUWcqqDu4Crn65RIFl2FLhXR0lr/II8/B2Z9lKJF58luE32ZXSM0lW8iW5hFqadM3WCTASUaPvw01hl2b/khC6i0iem3ZSWD8qpLAqAPk7IeDTh9cWcC/+dGcp+jxJdy9aK1Ihb7QgJ3Ea0oxdloMHMoTX4KiWTFDUNrvz13yaHtLIQtqjmJE/O22BCZ3LaM1383AMmBr1eLC1PEK+klrg6bfzKIh2LKyRhmNEuh9oy5szcB94AZzFpW/tTNDGYWaQiguFbNgtsCumPhRz3ugo1qaGpYYh26chGzB9gddmTsb4e0vPrsusvQ4Xv6vikVmKUcLQYN530UWlViHzjK4z7GD/YM3q+QwmcsreYT+fMgnMR2Z2VgibuFlvBRqK4s9mTU74/iRKuXRymOlosvDWP+1UugsdkKa7fU1PxWlzjfGVHafoJXmLBQ8cgRV7Hlepo1PlTrpCYU8i7HiWobCV9tfuDYq63raFg8zC338RX0nYvEOMrGd0hHqK3iUIk8IaA4Mvg2BK9WLQ6XH2N4LuE3EubB3/Tzn7Wgjq5+N0a1rZKYAEifiSsJ9+xC8wX4KAG7fS+ROCGHMmrv2/Tbt2N70Li4zhAst7kjU0mnT/EH/FOFoepWJKpEq4nJPt8ETrNjOKVnmFEKjZXxUMgF3f9IY2E1NArD/Vry1sPRafTlelRbYIijAq7Zrj602xlasGGUDI+ogAJWwKs2Pb/uqmFexo08BI8znYbMPTLDldgEydSoYGRwsPiAnZKpKNBZ8H0tDmZGJ1j+bH1iNgWDbR7HQ2LfABJTf0eu/ID4za7zBDGQG+cW6K0ntWvbCOb9lYGVRIC59EjTCYwQQW4DsWOrD+FEO1YpL++vEA2SlvtOtkYGt0Y9GCqCEDDBDmI2Wfl02ZFtYH36OvJDDBZ5zTyJQV3ZvTozva4OlR2Cp4V3LQBN8gGnIuimL2hRqWXY+zgFtz321hV2FTBerJybJJwzzs22qc2cwBO6boqqL5R0kPSeOo6w
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:24:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc553-9644-4e14-9082-427d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:24:51.000Z",
"modified": "2016-10-24T08:24:51.000Z",
"description": "Locky",
"pattern": "[file:name = '1.dat' AND file:hashes.SHA1 = '06635fa1757440a3ab650df5b42606b0feb7f1e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:24:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc554-4ebc-47dc-9320-4156950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:24:52.000Z",
"modified": "2016-10-24T08:24:52.000Z",
"description": "Locky",
"pattern": "[file:name = '1.dat' AND file:hashes.SHA256 = '89a292c7a32286a18c3874804fc362b9c38f49745a1e4745498197d8e2600ee8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:24:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc555-f5f0-43f3-88bb-4e37950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:24:53.000Z",
"modified": "2016-10-24T08:24:53.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABtDWEmByWsrKBsDAOViAwAgABwAOGQ1NGIwZWE4NzFjNTUzNmIyMzZlNjU4NTc1Y2Y4MDlVVAkAA1XFDVhVxQ1YdXgLAAEEIQAAAAQhAAAApA4myEaIG5AqgLeJiR/1cLiM6lpaKPpEV9QJVqq310vSyL1RHRtGV4pCgTyFh9M3wQpoMbTr7XXwkPycsq7a5XNi3/si3jh19TRhNZBi8n2yGkmUWbRsRJZng23fw5YYl/NA50b5NNT2AYjxzE5NOd2kk8AlhSZL7v0XQ+kFCxCDImsPjFhr9Idg6KlXWxtpdv9ZAx0ESDmsdjoISDl37jFGBd1n9/M9srwxKug1LZBUuum9eLxa0Hbni90Hja/RcOW9PSkue0WBdDhx0FsaZ+1edOGopelrgouJd7l4WajpU0qELEFbCm37MhPgBQOvSPgpi6A1pSyfo6ifdeNMmgOvdUvf3D+csZm5uF0a4ubGeVvlqHEwBh65IiekqXllJCoxXZ53d/A6qBd+nSxfBISztUSSnuuFQE3YYCPJBIIoLU7s2DwCZCjA8wfSh0fjwbC9h6yMHUlAwZkZ2bAlnpL51BmVe3/NtyEaJ2gF5YFfmFjioboh7hFwe5kO6r2Ta99nMJQdwyiK8Zcc1UNUXkWTQyHFinkJLJaRT/L4dE4b0H4UQySmEp26ivnpekecsqITB2B2msvN1UgL6FX9rbgPEN/LeXTW7dgBO7/2mF7341IG2H9cPXkN8pQo9CjZ/dCMAmDwnkHUJ0tzrzjJjBgfKF+jWjAOoec21t9yFnF9OWV0mPoEVababscoJ2v5e479Uo9g3vH2NulSMvcRuZBXOw2AqwRHjMEpjM6kWbHfrwSO+XkDxBBD5j9oh1qUNs00IN8ASUeCQVnjwkKtZoMDrvbByoBjDXQMXjvdmRtrT31EABbjApe4nRV4dkcDq8OYFYQLID2nFN3x1eic0azGpcdYxYO2ajw+qcZuOKnR7/SMSpLstCWLyTXSY/TL1Ar8kF/v229GS9wyFB8g1omCiAHoTk6wBm36ylziXe19yjmoe2OUW97rhh5JCcqQMeAQhWflKfCwYFmAwJTjd5Mg66MwEw7S6wWXwZU/YcHZTBu6kGx8eWXqaAM8sdsn8+pZpD61NeC8BoNPOYBHmssTpCmOr7oeTvt3+1Mt9XaaEcUbjYcWBnRQxLUhdFD3UCBTtbgjrFBO5GB8jAxlDVWtjydSb1pSqWhRnLV9v+jaQmduMLq53OuMxaZ8wuO8UYPXXMFtCrcv+jE34YMinCW8t+eVaMkc8+AjLL6ii4imba1WpH7LYp+XTntzhhGGYlp9AViDCuBMZxXTL4PyW1mi2NJAYr2JCmHDWaG3siNj/Ri6bwsixfH6Fcr9bSYb4VFiEaO5+IdhOqTmLfM83YptYBzOGUmcPFWCNJfRbBUYJulwzZAy5xq/FKTpswSekguX+M+BjlZ+4fICY+6vmci1nMiUBIFZth3k19AcMuuzrI4Nfcr6U2f+k29wvn8zIn0tT8yx2iZNkZOcrBKCxRG2VCgLQmvyOAgZS+wftI8bScfrk+LYccxa6vrjbF/pOUaQtlS+96qWo5WiGAQ0gL5Ln8B74AquLeWd6EduliLXhQm+gm0BTYMMA6LFLYODPrb0vMbbZxX7OFQubfZzUSgnq0P4RyxlJNz+zf6rXJ/1MBh8uW109UUfhI4UHh5LVvx/T242Vi+WE1WLUwlZKP8s8Ev9fYeBp8+YzxawMR1lESOJlgQirl3Ne3CfzbCnb1nIaoS5vU8SPHm5WtcClnOMynsokj2OKH0Gk/L6TKh/CegFoWya/qhbyluMGzKPGwtKe46gAa4/WaJQDLjOBNm4srUZe7pdohkcxtiLUufUvE+uIn10Q4VtW1bjGK1bgmxtJsqRe2YXgCUiQZ21Kz17XtMvhIZEBxHZyXqMPOncxq6QYpqPL+GI02f7cgGHSE0WR7NXtqkAG8d53TDLw6e07zcm3+r6dZFkhC7POLnjxGVMvPY/UCIyIAxyH1t10Kv5IYL06wVD2KYLJQ6DxMbKokrmQcZRdK4wC7dNMVZFf2EbDGhl7ORzbFATd2lyXWlBfLD3V2/DsavPSoP4bIf3KZQ3tfDlwdnROVgk3hvki4BhB42aL9QXW4J/XfvJr8Kn8/yYouqtMBJI3kAMVn8/5PhYNlnebbmU/JCbo2BBPGJysmbXgTdBk548rQvKm/A7nDodfxmNHFtKZKEYIXyUFA4LMlt5QOaDit3CkOfaDM9kPd97nVVE5NVJQ9kse6XlUPV6vLN9URBaw+1+mzRwBpd9Ud0UOjGkbsELZ8wcrGZ+1PB1wHRnvCuvlff9Vu5AUiK4sArka1jrVdh2Xz7j2AsrKdXGLLdP/gppBnud+fk72RqGaaiwNFEYpzun5LHCEkQ5/AUew/+0hWiSHSsBoNOOVLi+TeneaM9isBMWNZbQDXMryMxbGIcYjx48PQh/7qicjZw1Ziz6iL5DSUPlyS+pPQgti863J4mnFg4aLB7pOq5YIcLMZ6hw4croVK9WZ9leh6ce++uKPtgAO4FYBapKR7azEOz/4wZn61vaFb8+rIxErtWWCDIt7Xb9I42E/oj6wibAwNE5xtpvc68JuBJAh7l2Mw/UNoxFVf6xfpe//PeJcOYG5rET4EKc/dtwbG2R+1kxtmZqbizv8DtVwcs4n4FR6cEWcq3UIo53nmcAp1V460Sq+6nOAZ6GimH0RRMaQfNw1DcXp48YcF8QMv/CNLDzuD+rDsfirvtErpVAKyXM3fx2v1u2Rj22IWIMDGDmaTikwa+2jJ1kIDPw9GOvB+wDe1xwaVsNB8grdkUNXaPNsdpHMCV3Xi1v4IYcN41gFNOJhs0d4s7Z7iCVwqd2L9JyrreX/3L+h4/GAQGKcA7psqVRjBrwenkUPiW7AjdvfulKke9svWZOzfylZaxW3XgWzyRn5zX1PsmLIApj6otrRtWRtH6jeQ0lPNtPfk62vMVjBBlzCadzpdb2eKzrMYOnj52OaKgUHOVrywn1lczPeAryYBmDoW5C0+EUMSHUkkdHS63Nvrt1Q7lf45qVj8X1+W61aVZ1YhVAkKVGNRY0F8BPrpcEqVeO4C4e54WJ4dF4W7GaemUxGqjJtOAtPYSM6DYTKJemLi5c67RU6csGHD0OX2Q+3lzNsfZHT+JuupYFLneSBm2uLWG/CXIrQELhiI1Glw7vuzkL1crtNf7bhChTe8v9DkitKrrn+8W46ZUOjiyhodxvGkVev54ZSN7ALn8nhE2BOjZ5l+t0roy0F9uJBaN1S9IWiEIIgLaXbQjpszEpPgEUtqHDo6XHftTVK3668plry+hFpnBTDJy3ExeGmdIes3LRG2NV4w13KWCK5UFL7nOmd1MvIp7s4Mv2XLj2bZZFRvutxVwM04hT059DC4A5scqY9XivFSRbPipc4w5Vgl6hUXNBSMZ3FEX7Z4LXwIacGJN7aCZuQ/9safXSFr9yrNVb1lQWdOopiSN9ulSGC1uKQspJAF/nKCKo4LZ62qCNBb84qqnxWyrKc/Uv7ZfE0oaBVpSU2KIupFfNMMayg08+Lgdld/skxkbVhxHTku58abhQxx5eyTYy2oLEuQ+6fKlVNifQO1c1/jswv1C2rNEWRCCTNbi0M/X/MvNvBEbS4IJB83UqrBEh3YY05RkkAgIu2EE20Usjj6i4pUGAD6AIletIOD6o5Y5jRRtU66Rgak5YbjRj8ww/SYT7fDE4pDIV+xgcOka3nMYbKfMQbwrta37Kb5+gcfeM9x2JAroydtCc0zfzHSmBbnhCkx0eQ+7ja3YBV8zZjIwID9BnLf+OF8L8ZOLRx6vQ+hQRZ+YjndHfuIuKyuCdG/IxV1EgmwXfv2Z+Aa0uoX9bY67dwyMhbXyu8JxogzanJzPEPe5DE6FAuLEk89HpZCm04F5DIgzdFQsGZOJNblczL2y5C8PchqphvNzTb2UJbnYs3x6zWpriViEjylqGx+PYDDeOyaN7FnqjYYrfyeWVMk
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:24:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc556-62c4-4673-a2d3-4c32950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:24:54.000Z",
"modified": "2016-10-24T08:24:54.000Z",
"description": "Locky",
"pattern": "[file:name = '2.dat' AND file:hashes.SHA1 = 'bb73bb55c75f620418dfa2bbbd4dbff65b8d5e64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:24:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc557-bf9c-4a34-8837-476d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:24:55.000Z",
"modified": "2016-10-24T08:24:55.000Z",
"description": "Locky",
"pattern": "[file:name = '2.dat' AND file:hashes.SHA256 = '39bab24fce603a1e77c0a9967aedf78a40820fa33b82373a4d385560178f503c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:24:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc558-9ff4-4027-a760-4ad2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:24:56.000Z",
"modified": "2016-10-24T08:24:56.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABxDWEkwsf3/zDwDAIOEAwAgABwANzMzYjdmNzQwNzBkZjM2MmQ2MTg5MDViMmYwZDEwOThVVAkAA1jFDVhYxQ1YdXgLAAEEIQAAAAQhAAAAGnWetp6AWHgXBls9MBu3IcYV/gyB+dLEJIAiH22GP3mpfXDmakRLYQvPR1fxYzah3/UMHxJ5cgdujP5+pYlBfn4dp+8+eXX4MKmKw0BYxQIo28XC2nMPTeTkF8pHIRgIduHUR+Sj2Vkp5UAOJ9n9L9/CnORq7i4hzfahfTxToiF3XNTClcSMrzZbw0Pp5y9RUhDO4OSPB8atkXCff0Olw7Mfa9XJ4iMb6DdFljNwJNLwSAS8ElHXJJckoqb5+m6zAwfC9M4ZL5+hoEL0r53L7Q8cOVpZ273F9mMChu7cVXsj8IuzY9rwN5LdJBG3c1Jj582PLCQBwb/K1ZdI40hTZvZ/uqFDkR3DthFLbU5Sj2bHa/rOJtss2Ra1j4hfWi0Y38KCT8129UjnfpwvUdmM0ArzT96OAJobkochSB7JlWF9wtJC2whaFVYoYJdluVR8U/xBhKx+WJi5COZyUcTDbphgiDInfEORqv1RmAfYxmFdkdXH9rhyogDZf02gbFdWnIvsW1eMD/otULFIZwydGnRXnzQ1gm3VTiVZESRMULPeelux5CacUihkD66pQz9t4WFH+gLsUnCSo+QlCSJC/cDtPgGTW9qwmB4DJLPrzcQ3IfoAIS+bwdZjmG2CyxbF6CC25D6LUpmKk0kD1tUKyuXESW7agFzwmroWzfX4UuMXBuohDvEZleRShMHlhKROQAjtxEL0VakNGdx4uhZcCN7d6b5rKiJp+3Z+6t6MxFLyX69UC1+naav2I5ajrmkosBVk+mnaj8Hso+4UlyYYgdm8/0XLSkSkSIHKFkPnMZMvTgJa4IOxyKQB0k3BVKdMPwJ5RfzhKXMXOnyjIinZOKwn7ORX8/MrPPehiKS0kFs4X1z09ED6tXgR7xUo+oUmyFGepSYX1hSfmh0c1NStfnWK9Fjzkv2hnht6m7EARCt+DL88brJTerv8eHmEuSGgRmNx76zDKHnwu9aj/S0eEAwMcd8zDAWd0KmnqCTQqYhSB7kITpGEJ+B2GSBSrSCGSdBQzV7yY135W52DiIP4EyANAZRf2vW2iOuaclCLEFRxR24opUBw7suI1B4a+Q9GJCcnwj/JkMRIy33RmMShmDfvPBcTemwd371rqfIok/oapqi6jtIeeSdtHJDknZdxjDNLOJ7SgbxIiEJWcrE8wJy3SpgrliI9EY21o+0D18pAorJKMkTuhj2poea+20GZXYHy5dVowj8h2TzAVWwQ3Bqy+MRBe1BA2xBmSg7byc+9DiiIa88xpg+EPCt/ad2Xw0yN5cKzVwQ+h3rRh8uScTG91vqT/nZJo27PfUvrlw9JCsi0Pl5SdMW44plT7dmI86U1QWxFdn9os9PPmiuW4oYUyIv9FzCSsKy/rYf6asjH+OuCDVTh9EqOV5EkLRAxGKE7ZE3exuUnUy3lxB+zoONv61yC6OL3v5MHfIr+UP7tAAQH3bTZLjK5kHBAgz+1F2rguVqUJHCpuw7vfYvFKSkpslCWdY/Y6KPPsDyTvLCsnG1HuCbznfW8rCAXvbsdSEHXqTdqqMA771cOUhhwNyQ01AKynnztbL5i88j4GbbrzyOAJMZpZXei3pTgeElOKYSYX2bTomtaZ7yieTVZMy9CIvji+yFASKsuKqbUmCMIDPbUafji7FbGk/7/GYEGR5NxkFQn8nnjiovm2xIFOIYluu/0zR+6jQE/Efl203EBtcbxo5AWh+SO4aPNfp7S50wmrde+s6i9VSLv9IFhj/Igxjwqx5DErvrT2E0KpDRUVpM37EM9pM3kDhsbZaBIaAcLRBGQlK2wne+BeRKZcCOGo1R1rt3JYxC0UJMZ6gDqV0qtKaB2z3m1I3oXOHR2WupXwv6Gd/0vFpDv5JRUae3QaJIFMUe3go1lDPIqlCNpbZHzdVyzQQ9TXmgRGFwvuz84MDzp8DoBJc51flOvNZybIB9gg+ESmcNItjHJKaX5jaOdh6hrm4ta5ANqR0GYtKxbv807Q42k4eOzOyrx14CHut4LcWiPcr2V1+QTYkosT0lsbNh6xAnZPLyfIZFFVjDEIXPpYdo0QNR80IezjYGaSuv6rE+F94l7HY2ngvt+8fL3D9FihAWQEuGAmRjrKApfM8ucMSla6LeWkEpj161N+Hx07jir/G8Bi1e2X4Ertk8Ii48pOz/KsHHeZdbxhkAJH7vOl715LFyMpKFLtSnzG2pywLNOWefkDdEhRYOuZ/d7y+XA9qKIcg+qmmo1jLRq4NFfoj+YQGJVYOTNvwxIFM5nTN62AhOqqThrbyBCg+FRtO1+C+KuAwRmpqkKdW1Cls3LoMaGkl2nCXmfTRpZw4OG6BmDHdMw/SCVKq/SMeMMWP8QAgeUYd/Jg7hfnOoKrwIc92CKyt1pvd834mz+gwE2j/AGVmP5levgbIyB2ltZoQfNwjN2eirKutFDEpXWSdtIrlrkyX5bXdPXjQEmxDF8TrKIAEWe8isnkzOjEd3edUl0IWUW7kH6OLThgzSi05hHgbINOTamkIlFh/KOqbbab+lcucZCrMacuG0GroK++hhZgHKx3CwAGheNaXOS6UkrJKnCn2fqeT1hiF2fva31XmUzXPrPCPeuKzp/YhhHifLToDwsJEILcLuoy6qycraSo0hz5cixtz7gpNKj8B9KD4WoSGcmT+Eap47+SmKTAgZ6WhjEWrR+1IBwSCP9flhyjFvRWBo83cj/suHwi9s2Vyh2VsHyIg1s6gsKx+2RfuAuAmd74al2qX7OMHOYL5FPwqVebU78xy1WDqRvZj3P7oJ0KPvabkZm1MsBI3vv2rNYyxvNcze+b46QkfD7f8tsWueEFUKb4IMUOR0vz2Q/sRCrsylKg+nQ+yJ27UADjChp09JOtuuIFKI0SZQCsMJRaYCqzLk5WZH8/3v3zxqnBIzXynJf97bYN/SLbiLUyLPCEB/sjS/GB6P0GuMPgzTPaBe1pvJjT0piXDlSjfpd7vfCB39UVDN9sthUB6toUs5ubMOeLbCMCnEcDqRu4g1KJZOlIy3df7OmvOFpvVz21roo+Qh/2aXiEqiePTyBS2SNX7NgfOP54DeimGECq+pwfLLs2I8Sze7orDNlAvYUCBMaK/7IY1S7mktDxUlBXPAqYIivWNbp1OMT2wAW7rk4ogL3m1qTUROrQiqBfT3HoIu+MqSb/cW32VLS1S9RzRlROuv6CZuHl+T9chCBJPDlcWK3D9VlNQHbnsQVAhgO5NQZjQXaM1GUuNsmcn9b3eDr1C/N1ybEbjbgxUcNym+kYjHDYRdMqU/IH8VWqudPU14zD19LW1hagTWILhES5/MVwklekKt/wXYkCwH4lLQ6y03UzZV9laPh7JcvLLUY+Hu6ChQq18b9ies0QqBWl8t8YKvuD+WPGP6Cwpqa4cbOGtKHk2ERWJZC6wqUdGM2MLXve6FwxJyzr+wM18+RfreQMVIvepdoCaxDUpC6e4GPr5MLeZBBv6gKoWeHz7JPXtOqctxNUuT4mIvpqQ/AwR2KbD+9F83lqR7itMxPCvn3wEATASg594Lcj5ZiT7LGbLBgesJnTOqihIeC1UdEO+SLFMJ0XWmGUNVLM/7+qleEeZvgmgl3bR4QAQrJDCAsj/EuOsXKDE0+/lWUNIw6HXx8Vct57f2whvwUv4SmCbb5vo+TJ7Syp2FChaPOFS+FLMFXI+P2IEjFu0NHJFyccDvwfKo4JV2Cfd7EU0CtXvznk2F9/Pof9tCcTjpCpXna69jmMWuWTpZa1siopAc5vT6d35gvWv/TaIfRbaEwFu/gNfOcamaa0nLxOCnRnVaqEgXqW/QLJ3CZASviivdQCmuA1zJxetS7VOREd47nKPkJC8oBRJlD2Qbl4BpuHL87EVvgBSO8DKIrVGI+FfRmbYX0kZuAAwbiCsXxm164CyW8CZwfmc
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:24:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc559-7d10-4ade-a06d-4871950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:24:57.000Z",
"modified": "2016-10-24T08:24:57.000Z",
"description": "Locky",
"pattern": "[file:name = '3.dat' AND file:hashes.SHA1 = 'ceb388ed85a1921f5891efa9b3358ac75f1f5dcd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:24:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--580dc55a-90e0-4ffc-81ad-4c33950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-10-24T08:24:58.000Z",
"modified": "2016-10-24T08:24:58.000Z",
"description": "Locky",
"pattern": "[file:name = '3.dat' AND file:hashes.SHA256 = '245f55dea33f8a6cee9f347a6b08cffd112b9ee847dcfc74e04fe9fd6d40bd45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-10-24T08:24:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}