2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5a69fdaf-0350-429a-b961-062f02de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-26T03:01:26.000Z" ,
"modified" : "2018-01-26T03:01:26.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5a69fdaf-0350-429a-b961-062f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-26T03:01:26.000Z" ,
"modified" : "2018-01-26T03:01:26.000Z" ,
"name" : "OSINT - RTF files for Hancitor utilize exploit for CVE-2017-11882" ,
"published" : "2018-02-16T08:52:15Z" ,
"object_refs" : [
"observed-data--5a69fdbc-171c-4a58-906e-062f02de0b81" ,
"url--5a69fdbc-171c-4a58-906e-062f02de0b81" ,
"x-misp-attribute--5a69fdcd-f7cc-48c4-8293-485602de0b81" ,
"observed-data--5a69fe51-9a00-4f72-929f-4fde02de0b81" ,
"file--5a69fe51-9a00-4f72-929f-4fde02de0b81" ,
"artifact--5a69fe51-9a00-4f72-929f-4fde02de0b81" ,
"vulnerability--5a69fe81-cbb0-45e5-819f-063302de0b81" ,
"indicator--5a69febe-be34-4b88-8334-032c02de0b81" ,
"indicator--5a69fff2-f0d8-494a-bd10-411e02de0b81" ,
"indicator--5a69fff2-1f78-461d-a2f1-4dbd02de0b81" ,
"indicator--5a69fff3-3f20-4e0d-bde1-43b502de0b81" ,
"indicator--5a69fff3-7390-42d5-a6d6-4a1d02de0b81" ,
"indicator--5a69fff4-8e84-4696-b451-4ca402de0b81" ,
"indicator--5a69fff4-133c-4d88-8181-495602de0b81" ,
"indicator--5a69fff5-f430-4def-9cbe-459902de0b81" ,
"observed-data--5a6a017f-25c4-4a22-83f7-032c02de0b81" ,
"file--5a6a017f-25c4-4a22-83f7-032c02de0b81" ,
"artifact--5a6a017f-25c4-4a22-83f7-032c02de0b81" ,
"observed-data--5a6a018f-5418-4a92-b282-446502de0b81" ,
"file--5a6a018f-5418-4a92-b282-446502de0b81" ,
"artifact--5a6a018f-5418-4a92-b282-446502de0b81" ,
"indicator--81094cbe-8289-4cb0-9a8b-87878aee444b" ,
"x-misp-object--1d635d3a-b3f0-426b-a2bc-9e4e23aee183" ,
"indicator--5bc79f93-8d40-4dbb-90e0-ae79c6a3a0fe" ,
"x-misp-object--9992e4e0-7cb8-4a20-94d3-59fdc388f9a8" ,
"indicator--b9ff84f5-2a18-417e-b486-d8ed3980d8c6" ,
"x-misp-object--89a56b37-1e0e-4b89-9ece-2f720ffdb8e8" ,
"indicator--baa167f7-1035-40c1-9754-d076ef5e23fc" ,
"x-misp-object--60e1fd7b-6daf-46b7-920c-6e50b9093afb" ,
2023-12-14 14:30:15 +00:00
"relationship--da4ba623-2d7e-4279-a279-809daf8dffee" ,
"relationship--ba8bff4f-1f29-4f6a-8892-ccf8fef6c3ef" ,
"relationship--c6aa45bf-750e-4a67-a27f-17004e53924f" ,
"relationship--3a920034-c74e-499d-9586-ef13a9243718"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:tool=\"Hancitor\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a69fdbc-171c-4a58-906e-062f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:43.000Z" ,
"modified" : "2018-01-25T16:05:43.000Z" ,
"first_observed" : "2018-01-25T16:05:43Z" ,
"last_observed" : "2018-01-25T16:05:43Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a69fdbc-171c-4a58-906e-062f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5a69fdbc-171c-4a58-906e-062f02de0b81" ,
"value" : "https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5a69fdcd-f7cc-48c4-8293-485602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:43.000Z" ,
"modified" : "2018-01-25T16:05:43.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Malicious spam (malspam) pushing Hancitor malware (also known as Chanitor or Tordal) has been somewhat quiet since its last wave of 2017 on December 21st. During the holidays, Hancitor took a break. And in the first three weeks of 2018, I only saw one wave of Hancitor malspam that occurred on Wednesday 2018-01-10.\r\n\r\nBut on Tuesday 2018-01-23, we saw a new wave of Hancitor malspam. This time, links in the emails returned an RTF file that exploits CVE-2017-11882.\r\n\r\nAs usual, these waves of malspam are most often caught by spam filters, so few people will actually see the messages. And best security practices can easily prevent these infections from happening.\r\n\r\nBut we continue to see this malspam, so today's diary examines the infection traffic in my lab environment."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a69fe51-9a00-4f72-929f-4fde02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:43.000Z" ,
"modified" : "2018-01-25T16:05:43.000Z" ,
"first_observed" : "2018-01-25T16:05:43Z" ,
"last_observed" : "2018-01-25T16:05:43Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5a69fe51-9a00-4f72-929f-4fde02de0b81" ,
"artifact--5a69fe51-9a00-4f72-929f-4fde02de0b81"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5a69fe51-9a00-4f72-929f-4fde02de0b81" ,
"name" : "2018-01-23-hancitor-malspam-image-01.jpg" ,
"content_ref" : "artifact--5a69fe51-9a00-4f72-929f-4fde02de0b81"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5a69fe51-9a00-4f72-929f-4fde02de0b81" ,
"payload_bin" : " / 9 j / 4 A A Q S k Z J R g A B A Q A A S A B I A A D / 4 Q B A R X h p Z g A A T U 0 A K g A A A A g A A Y d p A A Q A A A A B A A A A G g A A A A A A A q A C A A Q A A A A B A A A C b a A D A A Q A A A A B A A A B 1 Q A A A A D / 7 Q A 4 U G h v d G 9 z a G 9 w I D M u M A A 4 Q k l N B A Q A A A A A A A A 4 Q k l N B C U A A A A A A B D U H Y z Z j w C y B O m A C Z j s + E J + / + I P Q E l D Q 19 Q U k 9 G S U x F A A E B A A A P M G F w c G w C E A A A b W 50 c l J H Q i B Y W V o g B + E A B Q A F A A k A H g A o Y W N z c E F Q U E w A A A A A Q V B Q T A A A A A A A A A A A A A A A A A A A A A A A A P b W A A E A A A A A 0 y 1 h c H B s A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A R Z G V z Y w A A A V A A A A B i Z H N j b Q A A A b Q A A A Q Y Y 3 B y d A A A B c w A A A A j d 3 R w d A A A B f A A A A A U c l h Z W g A A B g Q A A A A U Z 1 h Z W g A A B h g A A A A U Y l h Z W g A A B i w A A A A U c l R S Q w A A B k A A A A g M Y W F y Z w A A D k w A A A A g d m N n d A A A D m w A A A A w b m R p b g A A D p w A A A A + Y 2 h h Z A A A D t w A A A A s b W 1 v Z A A A D w g A A A A o Y l R S Q w A A B k A A A A g M Z 1 R S Q w A A B k A A A A g M Y W F i Z w A A D k w A A A A g Y W F n Z w A A D k w A A A A g Z G V z Y w A A A A A A A A A I R G l z c G x h e Q A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A G 1 s d W M A A A A A A A A A I g A A A A x o c k h S A A A A F A A A A a h r b 0 t S A A A A D A A A A b x u Y k 5 P A A A A E g A A A c h p Z A A A A A A A E g A A A d p o d U h V A A A A F A A A A e x j c 0 N a A A A A F g A A A g B k Y U R L A A A A H A A A A h Z 1 a 1 V B A A A A H A A A A j J h c g A A A A A A F A A A A k 5 p d E l U A A A A F A A A A m J y b 1 J P A A A A E g A A A n Z u b E 5 M A A A A F g A A A o h o Z U l M A A A A F g A A A p 5 l c 0 V T A A A A E g A A A n Z m a U Z J A A A A E A A A A r R 6 a F R X A A A A D A A A A s R 2 a V Z O A A A A D g A A A t B z a 1 N L A A A A F g A A A t 56 a E N O A A A A D A A A A s R y d V J V A A A A J A A A A v R m c k Z S A A A A F g A A A x h t c w A A A A A A E g A A A y 5 j Y U V T A A A A G A A A A 0 B 0 a F R I A A A A D A A A A 1 h l c 1 h M A A A A E g A A A n Z k Z U R F A A A A E A A A A 2 R l b l V T A A A A E g A A A 3 R w d E J S A A A A G A A A A 4 Z w b F B M A A A A E g A A A 55 l b E d S A A A A I g A A A 7 B z d l N F A A A A E A A A A 9 J 0 c l R S A A A A F A A A A + J q Y U p Q A A A A D A A A A / Z w d F B U A A A A F g A A B A I A T A B D A E Q A I A B 1 A C A A Y g B v A G o A a c 7 s t + w A I A B M A E M A R A B G A G E A c g B n A G U A L Q B M A E M A R A B M A E M A R A A g A F c A Y Q B y A G 4 A Y Q B T A H o A 7 Q B u A G U A c w A g A E w A Q w B E A E I A Y Q B y A G U A d g B u A P 0 A I A B M A E M A R A B M A E M A R A A t A G Y A Y Q B y A H Y A Z Q B z A G s A 5 g B y A G 0 E G g Q + B D s E T A Q + B E A E P g Q y B D g E O Q A g A E w A Q w B E I A 8 A T A B D A E Q A I A Z F B k Q G S A Z G B i k A T A B D A E Q A I A B j A G 8 A b A B v A H I A a Q B M A E M A R A A g A G M A b w B s A G 8 A c g B L A G w A Z Q B 1 A H I A Z Q B u A C 0 A T A B D A E Q g D w B M A E M A R A A g B e Y F 0 Q X i B d U F 4 A X Z A F Y A 5 A B y A G k A L Q B M A E M A R F 9 p g n I A I A B M A E M A R A B M A E M A R A A g A E 0 A 4 A B 1 A E Y A Y Q B y A G U A Y g B u A P 0 A I A B M A E M A R A Q m B D I E N Q R C B D 0 E P g Q 5 A C A E F g Q a A C 0 E N A Q 4 B E E E P w Q 7 B D U E O Q B M A E M A R A A g A G M A b w B 1 A G w A Z Q B 1 A H I A V w B h A H I A b g B h A C A A T A B D A E Q A T A B D A E Q A I A B l A G 4 A I A B j A G 8 A b A B v A H I A T A B D A E Q A I A 4 q D j U A R g B h A H I A Y g A t A E w A Q w B E A E M A b w B s A G 8 A c g A g A E w A Q w B E A E w A Q w B E A C A A Q w B v A G w A b w B y A G k A Z A B v A E s A b w B s A G 8 A c g A g A E w A Q w B E A 4 g D s w P H A 8 E D y Q O 8 A 7 c A I A O / A 7 g D z A O 9 A 7 c A I A B M A E M A R A B G A O Q A c g B n A C 0 A T A B D A E Q A U g B l A G 4 A a w B s A G k A I A B M A E M A R D C r M O k w / A B M A E M A R A B M A E M A R A A g A G E A I A B D A G 8 A c g B l A H N 0 Z X h 0 A A A A A E N v c H l y a W d o d C B B c H B s Z S B J b m M u L C A y M D E 3 A A B Y W V o g A A A A A A A A 8 x Y A A Q A A A A E W y l h Z W i A A A A A A A A B x w A A A O Y o A A A F n W F l a I A A A A A A A A G E j A A C 55 g A A E / Z Y W V o g A A A A A A A A I / I A A A y Q A A C 90 G N 1 c n Y A A A A A A A A E A A A A A A U A C g A P A B Q A G Q A e A C M A K A A t A D I A N g A 7 A E A A R Q B K A E 8 A V A B Z A F 4 A Y w B o A G 0 A c g B 3 A H w A g Q C G A I s A k A C V A J o A n w C j A K g A r Q C y A L c A v A D B A M Y A y w D Q A N U A 2 w D g A O U A 6 w D w A P Y A + w E B A Q c B D Q E T A R k B H w E l A S s B M g E 4 A T 4 B R Q F M A V I B W Q F g A W c B b g F 1 A X w B g w G L A Z I B m g G h A a k B s Q G 5 A c E B y Q H R A d k B 4 Q H p A f I B + g I D A g w C F A I d A i Y C L w I 4 A k E C S w J U A l 0 C Z w J x A n o C h A K O A p g C o g K s A r Y C w Q L L A t U C 4 A L r A v U D A A M L A x Y D I Q M t A z g D Q w N P A 1 o D Z g N y A 34 D i g O W A 6 I D r g O 6 A 8 c D 0 w P g A + w D + Q Q G B B M E I A Q t B D s E S A R V B G M E c Q R + B I w E m g S o B L Y E x A T T B O E E 8 A T + B Q 0 F H A U r B T o F S Q V Y B W c F d w W G B Z Y F p g W 1 B c U F 1 Q X l B f Y G B g Y W B i c G N w Z I B l k G a g Z 7 B o w G n Q a v B s A G 0 Q b j B v U H B w c Z B y s H P Q d P B 2 E H d A e G B 5 k H r A e / B 9 I H 5 Q f 4 C A s I H w g y C E Y I W g h u C I I I l g i q C L 4 I 0 g j n C P s J E A k l C T o J T w l k C X k J j w m k C b o J z w n l C f s K E Q o n C j 0 K V A p q C o E K m A q u C s U K 3 A r z C w s L I g s 5 C 1 E L a Q u A C 5 g L s A v I C + E L + Q w S D C o M Q w x c D H U M j g y n D M A M 2 Q z z D Q 0 N J g 1 A D V o N d A 2 O D a k N w w 3 e D f g O E w 4 u D k k O Z A 5 / D p s O t g 7 S D u 4 P C Q 8 l D 0 E P X g 96 D 5 Y P s w / P D + w Q C R A m E E M Q Y R B + E J s Q u R D X E P U R E x E x E U 8 R b R G M E a o R y R H o E g c S J h J F E m Q S h B K j E s M S 4 x M D E y M T Q x N j E 4 M T p B P F E + U U B h Q n F E k U a h S L F K 0 U z h T w F R I V N B V W F X g V m x W 9 F e A W A x Y m F k k W b B a P F r I W 1 h b 6 F x 0 X Q R d l F 4 k X r h f S F / c Y G x h A G G U Y i h i v G N U Y + h k g G U U Z a x m R G b c Z 3 R o E G i o a U R p 3 G p 4 a x R r s G x Q b O x t j G 4 o b s h v a H A I c K h x S H H s c o x z M H P U d H h 1 H H X A d m R 3 D H e w e F h 5 A H m o e l B 6 + H u k f E x 8 + H 2 k f l B + / H + o g F S B B I G w g m C D E I P A h H C F I I X U h o S H O I f s i J y J V I o I i r y L d I w o j O C N m I 5 Q j w i P w J B 8 k T S R 8 J K s k 2 i U J J T g l a C W X J c c l 9 y Y n J l c m h y a 3 J u g n G C d J J 3 o n q y f c K A 0 o P y h x K K I o 1 C k G K T g p a y m d K d A q A i o 1 K m g q m y r P K w I r N i t p K 50 r 0 S w F L D k s b i y i L N c t D C 1 B L X Y t q y 3 h L h Y u T C 6 C L r c u 7 i 8 k L 1 o v k S / H L / 4 w N T B s M K Q w 2 z E S M U o x g j G 6 M f I y K j J j M p s y 1 D M N M 0 Y z f z O 4 M / E 0 K z R l N J 402 D U T N U 0 1 h z X C N f 0 2 N z Z y N q 426 T c k N 2 A 3 n D f X O B Q 4 U D i M O M g 5 B T l C O X 85 v D n 5 O j Y 6 d D q y O u 87 L T t r O 6 o 76 D w n P G U 8 p D z j P S I 9 Y T 2 h P e A + I D 5 g P q A + 4 D 8 h P 2 E / o j / i Q C N A Z E C m Q O d B K U F q Q a x B 7 k I w Q n J C t U L 3 Q z p D f U P A R A N E R 0 S K R M 5 F E k V V R Z p F 3 k Y i R m d G q 0 b w R z V H e 0 f A S A V I S 0 i R S N d J H U l j S a l J 8 E o 3 S n 1 K x E s M S 1 N L m k v i T C p M c k y 6 T Q J N S k 2 T T d x O J U 5 u T r d P A E 9 J T 5 N P 3 V A n U H F Q u 1 E G U V B R m 1 H m U j F S f F L H U x N T X 1 O q U / Z U Q l S P V N t V K F V 1 V c J W D 1 Z c V q l W 91 d E V 5 J X 4 F g v W H 1
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5a69fe81-cbb0-45e5-819f-063302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:44.000Z" ,
"modified" : "2018-01-25T16:05:44.000Z" ,
"name" : "CVE-2017-11882" ,
"labels" : [
"misp:type=\"vulnerability\"" ,
"misp:category=\"Payload delivery\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2017-11882"
}
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a69febe-be34-4b88-8334-032c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:44.000Z" ,
"modified" : "2018-01-25T16:05:44.000Z" ,
"description" : "The Hancitor binary was encoded as a base64 string in script returned from ofthi.com. (compromised machine)" ,
"pattern" : "[domain-name:value = 'ofthi.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-25T16:05:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a69fff2-f0d8-494a-bd10-411e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:04:02.000Z" ,
"modified" : "2018-01-25T16:04:02.000Z" ,
"pattern" : "[file:hashes.SHA256 = '6dcbf652b96a7aea16d0c2e72186173d9345f722c9592e62820bcfe477b2b297']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-25T16:04:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a69fff2-1f78-461d-a2f1-4dbd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:45.000Z" ,
"modified" : "2018-01-25T16:05:45.000Z" ,
"pattern" : "[file:name = 'fax_518506.doc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-25T16:05:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a69fff3-3f20-4e0d-bde1-43b502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:04:03.000Z" ,
"modified" : "2018-01-25T16:04:03.000Z" ,
"pattern" : "[file:hashes.SHA256 = '2c506742267dd9d41dc62f2614f6306458da185230fb46cb467c98a8f48317a4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-25T16:04:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a69fff3-7390-42d5-a6d6-4a1d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:45.000Z" ,
"modified" : "2018-01-25T16:05:45.000Z" ,
"pattern" : "[url:value = 'http://ofthi.com/1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-25T16:05:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a69fff4-8e84-4696-b451-4ca402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:04:04.000Z" ,
"modified" : "2018-01-25T16:04:04.000Z" ,
"pattern" : "[file:hashes.SHA256 = '8418887655f69ab5a61915bad2af633462760b128d38f53911da020d70e4862e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-25T16:04:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a69fff4-133c-4d88-8181-495602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:04:04.000Z" ,
"modified" : "2018-01-25T16:04:04.000Z" ,
"pattern" : "[file:hashes.SHA256 = '42b02d621696ec33e9140fedcf8b48695059595f9469dbf28daf4667ac0d214f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-25T16:04:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a69fff5-f430-4def-9cbe-459902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:46.000Z" ,
"modified" : "2018-01-25T16:05:46.000Z" ,
"pattern" : "[url:value = 'http://yoyostudy.com.au/62a.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-25T16:05:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a6a017f-25c4-4a22-83f7-032c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:10:39.000Z" ,
"modified" : "2018-01-25T16:10:39.000Z" ,
"first_observed" : "2018-01-25T16:10:39Z" ,
"last_observed" : "2018-01-25T16:10:39Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5a6a017f-25c4-4a22-83f7-032c02de0b81" ,
"artifact--5a6a017f-25c4-4a22-83f7-032c02de0b81"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5a6a017f-25c4-4a22-83f7-032c02de0b81" ,
"name" : "2018-01-23-Hancitor-infection-malware-and-artifacts.zip" ,
"content_ref" : "artifact--5a6a017f-25c4-4a22-83f7-032c02de0b81"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5a6a017f-25c4-4a22-83f7-032c02de0b81" ,
"payload_bin" : " U E s D B B Q A C Q A I A E J R N 0 w 5 F K T d G i M A A D + x A A A t A B w A M j A x O C 0 w M S 0 y M y 1 I Y W 5 j a X R v c i 1 S V E Y t c 2 F t c G x l L W Z h e F 81 M T g 1 M D Y u Z G 9 j V V Q J A A N c X m d a E e F n W n V 4 C w A B B B f p m S I E Y C 93 C 3 U 46 y k J 9 c t V W w a I K J 9 s b C m T Z W y + f / J E Y 38 J F e 2 U + l 1 j U y 9 I v u 2 S c f x i j S B a n X L C R 8 c u 1 / M L y E C X Q K P / o C H d r 7 h L o P O T x s + V K f u d V i 4 b l L Z h s 5 h V 0 Q G m P H M w D F c Q o r c / 3 n R U H m t d L W b z b / T w 4 X j 4 s X 1 Y T X R L Z m W r M / z A C d Y n g L Y 13 Y T W t / U K t e T J o k h J x e 0 z C M M t q 0 Q 6 W S E S w R R j g V i z l Y Y 5 f s q Z X i B z y F R n b p 41 t 1 J 1 o d Y R 4 Z q d 96 n 3 e O t P B T S b R V I 1 z R K 6 G h T M X N p m q B l Y C L K 5 j v v 0 B s o P 9 I 5 G T A V 9 t + G o v q S D F C y 1 O F C h e Y V E l 4 y / J N k E 2 W X 34 k z p Y u a / m 7 i o j 2 O q v 1 D P + z u K u I Q A c D F 5 l L a M k s D G I f G L 74 G v U I 6 D M n M t 0 i j 1 y M m q O k q G q K Q i t v H t w Y C o j k G y B + S h R + j 4 s T M + 7 g i R M J M U T c W q E D K l 7 R T J a a Y k C R d U u W 7 M F 9 c l H r U b N i r R f C U D f Q B m r H T 5 x L Q X Q x a B D p y S D A z v p j G X G o P O 4 f a C w U f o R 8 y 9 y + J D E 9 q t 2 y m 9 c Z h v z + D 9 M L N T 3 j M G T J m 5 G 4 z 21 K s t v w n F 7 i K y e h 4 M D h 6 + g n 8 f B 0 8 L P v w 3 h y m F G 21 R x A r L C B H a 5 F s 1 W S 3 X 6 p u F A W N M T L b 8 g Y 39 P e R Y K s 7 u Q D Q D 9 k m O + + e 13 K q 5 V 5 N 0 c 0 L 8 M J 6 Y 3 f h I y c L l 6 w R R a i a e M e 3 M 6 q G P D H F V 1 A 51 f v 5 V C o a o M Q 6 T 2 u J e 9 p I M 9 E D M w 0 F Y 3 g B U H q 3 V T 340 C 46 c f 0 w S J d s r M D w S 6 q P Z 6 Z s r E 5 d r 62 Y C Q q 9 u 4 q F x V Q s 2 / Y + w v h P c 17 E D a 3 G C z A F r 39 f O F I Y M T v 5 / N j c k 5 a R T n T u M V D F g j W a P D M U D A n k P N r U m I H v y 61 J x 5 f N 4 n x r P 9 b n q w e 9 i 2 A T x + P z z Q 5 Q U f p K m m I P p L t p l 5 + G c 0 x v Q 2 I 6 U 6 + w + e U k M G i V w y v r R b 2 H U 2 P A T 73 J n 84 G m O g 3 g U N U D T N B X g k M D m / E l 9 W w a Z l F A C N v T 4 I 9 W d 6 m A I I i M c N q K X 2 / r p u 2 y F Z I 1 H F F 7 h s J + S S g q g s X W k f 8 d O j i z z l g n C y u 6 h Q b O f s g 3 C j P p l 6 n e y F H H w u k e / t s u + Q 8 a I u f 8 w S C R V R v c M 1 A u C K 4 h S Z H a M P C N N L + j W K l v 2 w M W 8 r q o 1 Z w s e 3 C r m 1 c h v S H S R 4 C C c H 0 N b c M c r l i w Y w i 7E5 k k i 6 t 6 p Y l Z + A O N W b z 51 F h a 8 V y z 5 K G p H d I I q M L v 7 y Z 3 k M p z W 8 m J h 9 r k j 7 + M b C p a 0 i b N k / M J Z q E q 4 y b z W D n G P / k G c d F e e Z l f Q v a q U 7 d + S 8 O / R X v Z 403 u F X e V t n z x w F C i k 370 l M g r 6 X p F f h A R x N W n N s T r f s 6 J u z H + I B p 1 R d G D a S l 9 O O O l F o H D s q B 2 I W U n 0 + q Q Y O L / u 2 h 9 u D n g o X k U R z g i K N O J G T N B L 0 c k u Z 6 e F 9 J + U 6 g P 7 d l U + f t v + B g v S k r 0 e B G u K n W f Q D 4 i D W G E c x U T y d 4 Y m G l Y 9 L A j L w 1 H Y W l F o p m a L n w w G G 3 o s 64 r / 6 O / 3 z H f a X T d c 7 C G D v c F a h A e K 2 b M j H n v L 7 d L C V 8 M f E 4 p 3 j D + z C H H J m 9 T E N k P B 0 b K a 6 B Z N G o q I w 0 z I X x B B u p u / a 4 B y 4 k T D 25 T e X c B Q E 1 r E g J H z s 7 W + n E D 6 U f T u 2 H 4 y u q p W y 5 Y 460162 O 6 V b N F h 94 P G 30 X l g E 8 m h C Z i c 7 r b 2 M D W P A v B 1 s y r u X 5 J q N v g g Z c r P 5 p l G L + g Z 7 N m o a y T 6 i e 5 k r Q Q g Z s r x h X z F 5 l h R b k Y O B W d m 9 v 6 l c f M J w D k N I o m h v x U U z k 8 Y e Y u 0 E l K 15 v n u c Y 7 Y H p a A I w M x s 0 p m c E z 2 o f t + 3 Z X X e L o k Y C I W o O K 1 d u 7 N i 2 m r E j f 0 T J 7 w l t a P g r d C g N 7 L V 2 z X s 2 X b Y j A V B b p S k y K Y d K l 5 f A J c y 1 p d 5 w 5 y e 3 l B A 5 r t t f d P Q 0 t k r W J q M i y H 5 i n Z z c Y h Y g a 4 d n 59 g u y M d K k f V 2 g 2 o E p K 0 / f f c d j + t O W c j r 6 S k k y w x j z T + N w w K C f I s / + N 0 d / M y 5 j G a f q d W Z 7 Q 5 u f e d + o Q M D 8 k o L 3 l G 5 A h u + a B q t l q Y 9 / F P i J P + S E 275 p S + 3 T K I u 8 P r 3 M W u p d d e U 93 c 9 a 94 y n + e x V f v j r / + h g C b R 0 k F 3 F 1 K p r x n 3 k b 4 U R t X s 7 j Y 52 P t B k / r v 2 N Z X K X Q 5 o H j F 5 r M l u F 0 S w d f g v 4 d b l H N C Z 2 f W 8 c 6 c n i 8 q g R 6 z M t K z a R r b m Y 3 T E g B w B t s B U Y s H v D Y D G 5 Q n z S 0 V m + h x v d H X + B Z m z R Y k q n P O L 4 I x 5 / G C W i g M c e 6 c N B / A k U h d T 0 A X J K L x X o F O K c I 0 V H g N J G d O O y P v 20 h M Q Q 169 e Q C M A s S g S m z V 9 l / Q s w V l w / b Q e O E y 6 U 5 M k s S P 4 I R G i D 1 R l P 2 K j j X F 0 z 0 R 0 4 M u 0 b J W D M K t Z F I G 6 N g + H j p u S c x 1 J B U m + g T P u H 34 w n d H 0 9 V M K x 0 l w W f c E t Q z g C O e w 3 O 3 u Z e P V t U A J E R u Z b R u j D c U K 2 J O y / N K S k c M 6 B U U T X / m L K + i / P B 906 k n 9 R f e 1 w H n t 0 5 N D c r E T b H R R Q i + z V P U Y S z T Z 8 X 7 / m e J + t b S j Y F z c 6 D Y 6 a J + L f S n W 1 n f j k M F Z G V o W U s B K r s Y G g j D 1 u q F a S F G V G Y G 0 M V w e D u i H i f Y K 8 C O 0 k P T k A + L e c v l p + / E K I V e o Y A G H N T K v e i 5 Z 2 K C q 8 j O L s j y O S m L K u v t y 2 V x X g R i q + C b x R o J 8 P 3 U + W 6 r U r Y N K a o V W b E O F Z B q p h G J 0 n I I C c f f 8 Q z K f h A E h I k O x 7 x + q K f S k W S W j t w O j H t y t c c Q e c G b v p R 0 2 D w D / 3 q 8 d M d j 8 y i b n S 1 Z B m N B x + f t r u 4 Y s L 6 R W 111 H J j G Q s z Y V C X u w A 8 n w H o P I L O h 5 P Y p J a u 0 V s A y 1 B e s A A 1 D V f 5 T y Q x z A P Y N r H x v k 4 t S 6 v 7 e C Y 7 R A g k W i t c T A R c 9 B f M t N h r m 2 z p i N C N x j d M q P r q j 2 P N G g 53 P 2 k + T I Y i m H g Y v r S c G t W B 3 d Z 7 w s X f 0 g u G g j v n D J X k n E w A u d I d B S 2 V R G X E e P E D D G 8 i b 33 X d Q t i B n Y 9 y Q x 7 h D Q C 2 o I f a h Y D E V F K 7 c 3 o 0 S c S L 4 j M q B v n h 40 z c 9 F l X H N e j b N x H O B C k E E / O l F E Q H s G + e Q a M 5 I s j N r o a B w r Q 5 m J 5 h e b I T x g t F R v l / 8 G 260 S j Y D Q 4 V U N j U k 8 C t 7 Q j H f a C 6 k 2 W C w h + s X C m e T F f Y t H u V T A n 9 s Q 0 N a j S U r a 5 Y M k w 9 r r 9 d s C O P e X K d E w D 0 l N B O k i t D g L p L x I Q 8 r W 4 C / t g X 1 D I B z U 8 Q N C y G l I G z g B z H X c T X 6 H v + P / e 2 Q D o a U C W T 9 s 11 x 1 P R i b k u D M g y Q t a V 2 D v J w D b o w U L L z H i j P W p b C W c W 7 N m T R k b 6 h q + L b E K E j A N X / Z i i b d F G G h C 4 W 6 L S W p Y W m p H G s M C R M z n q H l T l C n B L / b s k v a O L + c K L R R I Y f f N e + M 2 F F l B d G 8 T E j u W 8 + d 2 t U S 1 w V E W u Q 1 y e k v H S g g i J K + T r n b z P r r P 7 Q S u N 98 g U m x D / u 1 I 0 a i k 4 a a j x C E I X W p 1 E F a h 8 P M l w H d m b 5 Y o G S U s Z B I 6 c d P N A H G I R + Q N 28 D K 4 v y S I b v r 2 w U F T g A P e d D r g t 0 A v 7 b L 3 v 7 D a L H a J K U g y I E o 63 a 7 B q q 4 l x A 83 A r 28 z g 8 l O M i q Y O / F S a 1 O r 5 I T d r p f 6 g G M b s k r + q o E n I b 43 B 486 V / Y z h B 3 O P / T c K w v k V p E w v U h t k 4 M 4 x v z U 3 p m 3 l 7 b 66 L W 8 p f 6 E I r D 4 n P H m X P T O 8 M / 4 Z 6 g Z x 1 D 37 Z m z 7 O f X 1 G 8 i H j E D I I O L K c H x Z W 9 l r l S P J j P W 2 S i p + z I 6 L G X C 8 W / + J d 8 B p P d 3 k 3 u z A w 0 l P Y B R c 0 N b i o Y Y S + 8 L b G v 8 b O f 9 w D V t K B T X C o m i k q W 6 Y 9 A h g g 4 J o j f M L H v s o x Z m 4 C 58 V 8 X n i 0 28 y B y 4 c i R m 4 r F w u j q x p o j i l h A E p 1 w u I c S W S M 5 y Z p 8 Y 97 l I 1 J 5 + n j Z Y 9 M D 5 g r V E 1 w k o I p h n J 8 D / 38 n U 7 p F J 3 t m 36 o f z N m e k A N 9 x f b e q k a 7 M S v 4 N G S w b 2 n n 8 w p p 0 I + V t N x q P l L 1 g t z O A 3 v 4 E M I s X / 8 y K J W x j k u + a m R C i c p C j R S N Z q 0 7 N w 4 s D 38 Q R I I T J A x v 7 z G k x 8 g O k v d 9 n P D 9 O 4 T g + X V + k T b 8 H s P 7 X V 8 u 3 s P u 4 l K y a M O v Y W y K G
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a6a018f-5418-4a92-b282-446502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:10:55.000Z" ,
"modified" : "2018-01-25T16:10:55.000Z" ,
"first_observed" : "2018-01-25T16:10:55Z" ,
"last_observed" : "2018-01-25T16:10:55Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5a6a018f-5418-4a92-b282-446502de0b81" ,
"artifact--5a6a018f-5418-4a92-b282-446502de0b81"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5a6a018f-5418-4a92-b282-446502de0b81" ,
"name" : "2018-01-23-Hancitor-malspam-30-emails.txt.zip" ,
"content_ref" : "artifact--5a6a018f-5418-4a92-b282-446502de0b81"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5a6a018f-5418-4a92-b282-446502de0b81" ,
"payload_bin" : " U E s D B B Q A C Q A I A P S C N 0 y + U g t w Q g 8 A A H V 3 A Q A p A B w A M j A x O C 0 w M S 0 y M y 1 I Y W 5 j a X R v c i 1 t Y W x z c G F t L T M w L W V t Y W l s c y 50 e H R V V A k A A + u 1 Z 1 r r 32 d a d X g L A A E E F + m Z I g R g L 3 c L d k M 2 R p B G F F v C P 44 + b c 9 G Z f X J k o x J 7 F K m g t T a a 6 v T R x N J 9 X F p G 9 f E t 4 i F P p j c C L G k L 8 R n Y y J a 1 i L U B 2 m a Q 0 S T O F M M H G c h J g f x G E s b 2 j I Q a h l 2 T S d g x 4 + j j i r g F P + 0 T t n z B m j A g 5 t a S Q N h / Y M O Q X s 31 C k w X I Y Q + h Y A C s U 43 V R b p i i u r N O l + g O 1 B V p V q X V p 7 v R / z u v 3 i a U a i 1 k m 41 W m r W h e o S F t Y P / u F V 4 g q x / G Q B G i l C t A T / 6 G E k s N R U A A I A h B Y G E M D 7 f S / s 0 12 Z L w v v y / V 932 t c 0 Q l / U y x J x z 1 w M n 2 y d h A 1 I 0 3 Q k J h E m d s 5 s X 25 d U U K a 9 c B 8 E P h y 53 E x p w 6 J J n s y I V k E M Q b 14 B w X r U i c o v f U J L s W e C I B v 7 V R b M 94 V H A g P D / C N Z 2 X n M W Y 13 f 8 k g S A p R 8 E T f L l f 3 Z 1 k X L 2 a o F M F K 8 l a j E f A g W K 5 + 7 q y / Y k K I O b n 2 M O T U 0 y Y u P X P X n 2 s O u O c h 0 T s / F x h G u C m C 2 r 3 t s o c 0 m w p N Y 4 n T + c 2 I J F B g b 6 B 6 S s 7 p G 95 q H u H d a b a d 6 M Z Y n W E 3 g 3 V T s L v J 7 e N 4 E + f R C 9 P 1 m G G z S H R g 4 B 3 A 7 f H a N U / 5 J U i I I U X k m u v f g u B G V O k E R p c c D K s W u G 68 S W g u g 0 Y Q 0 l E x 2 i + 5 n Q S 3 X m g h S 8 a q f L h F V X D Q W 7 k h H 6 M P V L a M I D P h 6 a P g 27 B o c a T C 7 k X r c Q E D K g 7 B k X M P 8 g F m s Q J s f M u L X 3 G w T Z q 81 E v Z X U X + p 0 4 n 5 c N G e S z 81 d C Z W 8 o A I + 4 j J w R K g o 1 R / u n j z t 4 t m p G v Q 6 i t m E f F y 1 V l s W j 7 L 2 r C u m + m V W K E O L n P K 6 l S s g T g b + q a c X Y C i K K W V q O o 6 g Z d U M w 1 k G y v q x t 9 s 5 q v / b z p 2 y Q o N F P T 7 T x 98 d L N q J x s 6 f 0 6 h p X j F G c A Q W s N y 4 e o t r M 1 p J r u C B C h 8 I T u l E b 8 D Q g S v g F G w S a S M p 5 I 0 x K 9 E T H z r u f + u v / r Y 85 L s p s 3 L C B 3 n p Y v X k N o O g O V j n v 440 V / 9 p F j + z 3 y m G 2 v q L f 1 D d 1 B 1 r w d 9 V l S s 2 s 6 t l r V 3 X U z U S 5 X 34 Q C H a w 111 L s E Z O W m F e 1 c f 109 q u Y C F C X s O S 2 Z 1 R M P 6 S c k Z K H i B K 0 E i I b r V r 3 V q j 6 O i Y g a D 7 z 5 G O h L 6 Q h e 7 Q k w J w / r 6 A b J L b E F O H 4 A 2 Q t A 3 j j r 9 R p 5 O o 6 p G o i c F T r P y X b T u m i p c d m D y i X B w 6 w C 5 V x U h c Q U s C b f v 8 O / v H b 3 z 55 Y m u b J 3 H I H l w t N 6 n j D 8 H 1 o l A m b o 7 J s A w f k 3 P T H a x i J w P b 73 o l f E D 2 a 7 Z G 69 f l u W N c x v 9 l F / e O Z 6 d s E 0 w v + K 8 Q C 7 D w 80 A R f K e 2 F K W L g T v 5 O C 95 g 0 c r u 45 d 4 Y 9 X L j K T K S o U 2 g G T l k 2 Z t A H 9 o N l 3 q C r N k z X 9 Y W 3 + s 7 M N M q h Z c E k e X z W R B h 4 T T L A w Q 4 H 8 Y X S Z E E 6 R f d P 1 e r W + K 4 x F O k z J X Z X R 7 c 21 W E S d s / h a s U U 0 t X Y C K Q H h 40 b e q P m M Y a e D S O 6 g t l I O 7 Y F 8 G G i I 1 Y g F B a 1 L X T E G k 4 K M 6 a y v K B R 65 S f D 9 m j / B J T h z 3 C Q j S A x w V W G H s e V 9 b x 1 c W 3 N + v w A I W P Z I I Q + Z g Y y I r a h 3 k Z 4 / z W A u S G y W F 4 x J 54 C P Z k 7 X K h b u L 0 D u o f w w h 1 h y r b y R 0 p r 1 z 0 e H / u 0 H 5 Y i W b 3 V Z S f D v + z S n q p O b g T F s 0 u t o o j g n / + s C G H q 3 K m L i / t O 7 x m Q d V f 1 c F K v h V v K V j l G w D R W n v o q X C K h O H / R O a J 9 c 6 T P Q C A C L s 8 i C Z D 1 K G l 3 J Q E X + q / T N b a w a R j b + z B x 7 v 9 e m 6 P q n m Q H m D I F k B E S H W G S 2 I b h 40 o g Y C 9 + S a L 31 a 6 Q l 82 w h S 6 f C S / M i A 8 C A T + Z k M 5 h i Y f P 9 j 9 O A q / s G Z I w k N l 4 w Y K Q l p 5 J Y + s s f T S W N l r N n L T i P O J 9 R v f y j h n L W A f 3 M f w 0 s 71 w h T k z m e U S G Q 64 M 0 0 2 S n R b G o E K e 2 U 6 Y L E x d W f Q h h 5 J f C t f 9 C p n 2 + V t D 14 s w T E Z g O t l l g 4 D u k B Y x L l W u p + I Z N S I 8 Q g 8 s N 2 W K 9 N 0 6 z u C 45 u r + U D G / A q d R C p m I P h p q 1 / z W R + L K t L l S N g B + L Y G I r b O c J A 51 X q 3 + R F Q u G h F U C w g Q R O c 6 a f i k v q X R f 7 V 8 j g S U 7 O R I q e n 4 p s S P r j 5e39 c 0 B Y z 1 P y I w Y T j n Z p J + m L G 140 m t Q Y 6 F 3 D r h B Q Z h / h v 4 O 44 D J w q n I I y 1 + e j w k j M C 8 X 83 t V g D a b u i d b f 5 a y d 2 I I W L 5 G M z 5 v N L f S z d x K C b V Q J Y s u 8 q c N T K 0 V X l 4 R x n s u y 98 o n E m s n g T x Y h 2 x Q m 1 k 6 c O M E x t P f h T 4 G G 1 g / I o 8 l T r L 3 i 6 R N u W 2 O M E s j d S 5 / R k K c q k n 9e3 + i 7 W u b z 5 e F 3 S t 7 i o U U T g J K A A l D G g L v l x l Y 3 p B V 1 c C U d W Q O m t J a C v a p H f x u h 8 j 6 T V P 8 m b L d o I b k H V z A m d 9 C T O P y i z G W + D V 0 Q n 7 a U U 5 g k / b p e d 8 D Q s S I o R L z x C b f R j 9 f o 6 n M d R K D z q B s N w x n I c e / C h F 7 H E 5 d 7 k g + J A 88 h A i i R U + d u M v Y q h D Y h x T o V O T U 5 + l J U l c c R K e J I Q r n f z W C Q l v w f G O O F Y 9 + J m G 0 W / j M I p n y f u O S y 2 S Z s g S G l V n y 1 j 9 O 5 l v B n n k T W H 8 F c 6 d 3 P r a + 3 R u 9 p j C n u T o J 25 y d Y z p F i U M B b U Y 5 Q q B Z / V r V h 0 q w k x W 3 t b q h V J W W E 4 B k c v O J w 8 g E 1 D o 3 u o A 1 H G e D o v M 6 n U W P 4 n R z 14 t 8 P 8 I D u b x O + I O v B w F J x j e n 0 7 h c 4 i 8 w X 3 b w 3 n 6 D s U g V 5 Q R d 9 O Z l H m u i K a r T f 5 + O 9 S 6 I 2 s n o O 3 d u M t h N r T A 42 d 5 / L A t F d Y E l 3 n v l 2 n O R j e + F A n p 0 m W S e E s v s u I P 9 q a K c O v 65 x b T z q h 0 D Q + C Y 1 G G s W + r p Q 2 i I e z h 8 U Z 5 C 3 / 27 c D S K p L 3 i R T W H b R 2 Y S u 4 H B J W V N G q j w g k p M u D 9 z Q h q K U J 5 I E G 25 p A j V 5 x e x i 5 b v S w p Z s b x h e o x H J v l 0 m w 9 C 6 N w N S 9 M Y 1 O f g L N 55 Z 6 C S z J B q r D L c w Q D u p + q u 4 y h P H G 2 / 58 m w T S o G z t K h 9 S T s O n P b w Q R 8 + z G Z y 8 t u U Q z o h Y s b w e / c E S + p + q 1 f e B S 8 w j 9 X 4 N D t b m k c Z 51 L v F 8 B 8 / L E / o 26 P V V v A K g P z n D P t I B 2 r y q q 0 / X + 0 W 1 p o M f D V 7 p T C d / u + Z G 9 z W S l X u 21 G B u u 41 g o F B w X d 3 J b l O P y D Q y R R 6 z w d F 0 s d w v m r a d R c r Z W 7 A x a B H b v 0 A x W 8 F q 5 Q t p P C i W U 1E3 W B + V E w Y L x C J p o l T L q m e q w S L L O x 1 p a V k y c C l b E Z G k K G j u T Y t G p 3 f m F i H L 6 h W e I N x m K F c b 4 I x 78 K J s + D l o W U K h Y P K c m 9 G b r T D t x P w z m u s l e + V t A i v x j W W B Q p a W K 0 2 U R x E Y b K 99 c 6 v 3 T 1 I k l Y p q w 4 J j 0 D x h J c e d B z e Q B P W N v v / f B W H T y A + A i 8 I q w F g D + P y t d Y N g m U i W E A F O W D Z F A z z L t 2 O 98 R n x l R L 3 L f J x 6 Z B 3e9 r S I m 7 S K t b p P D J u I R 0 b X S / C f R M y o 4 t d P M m X / k U h a P o h 3 z V 6 T a D F j d y D B X s I 9 W m Z 9 a f Z h + f L 2 O b j B p R W I 9 d 5 Y o j A H J p J S i u A N / 6 m z w w 0 N y i 99 Q 24 p o p D X 7 Y + 6E6 e h R b V M l p c R G H q R q t v Z 8 u 4 R 8 y U 3 m k Z 3 P o v f R / i b O z b L M f 1 x v I g j / x N s p Y 6 + G 95 P L L y L j E e Y m Q Y d 0 n + 3 V T L 65 k U C h j 4 G q X d B H k + R X P 2 D R v n 1 K G h X d E 3 x z g K T f 9 R S o H l r p W 7 P i 91 x d h m T e + B a u F u W + b F b T s k 3 t l 1 + O l b 4 D i M N D O w y l 71 S P j Z K D L C b x 11 f L E f / W A H h B Y / z 4 w z r c q Q E d T B U I A D A 7 m B P H J j Z C q D u P C u e 15 y M 90 G A A Y z D x l 3 v d S j D k U L g z H T c R V N + F F r R S t M u r r e z r g l l A 70 J y g m o m 5 o G 7 U X S f O J 8 x Z L 0 14 x b G d x 7E3 v I I t D 44943 i s F n h P Z H s A l b S + p Y a L 9 Z c b j V z v u j n b B K k K 25 y 0 6 q 2 K j 9 B D W V y A 5 n 9 r n o a / v + b 8 m I u U W L N X Y e N f q q w K N p h 9 u e t m V u J l r l Y + Y q e a O y j h 7 B R 5 F 2 j Y s n 0 t T 3 W / + e T D R b H g A 0 R b 3 B G B V o 4 G f b g 5 x Z F 9 v R 7 a r Z 95 Q d d p z h h 4 f c w 2 c 6 m i j s 9
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--81094cbe-8289-4cb0-9a8b-87878aee444b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:49.000Z" ,
"modified" : "2018-01-25T16:05:49.000Z" ,
"pattern" : "[file:hashes.MD5 = '773937dec274c21dc962ad3f8d37c08f' AND file:hashes.SHA1 = '71b00ac82d7e6ed48197c21d62bf55ab8e6535d6' AND file:hashes.SHA256 = '2c506742267dd9d41dc62f2614f6306458da185230fb46cb467c98a8f48317a4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-25T16:05:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1d635d3a-b3f0-426b-a2bc-9e4e23aee183" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:48.000Z" ,
"modified" : "2018-01-25T16:05:48.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/2c506742267dd9d41dc62f2614f6306458da185230fb46cb467c98a8f48317a4/analysis/1516839729/" ,
"category" : "External analysis" ,
"uuid" : "5a6a005d-b9f0-489c-a256-4ae502de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "31/64" ,
"category" : "Other" ,
"uuid" : "5a6a005d-da38-436a-9f4f-4ca602de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-25T00:22:09" ,
"category" : "Other" ,
"uuid" : "5a6a005d-8fd8-41c9-8a20-477e02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bc79f93-8d40-4dbb-90e0-ae79c6a3a0fe" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:53.000Z" ,
"modified" : "2018-01-25T16:05:53.000Z" ,
"pattern" : "[file:hashes.MD5 = '17292469799cbbba73122ab21a292ddb' AND file:hashes.SHA1 = '8c3030f403e00e680de749ccdb0628724c5335dd' AND file:hashes.SHA256 = '42b02d621696ec33e9140fedcf8b48695059595f9469dbf28daf4667ac0d214f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-25T16:05:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9992e4e0-7cb8-4a20-94d3-59fdc388f9a8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:52.000Z" ,
"modified" : "2018-01-25T16:05:52.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/42b02d621696ec33e9140fedcf8b48695059595f9469dbf28daf4667ac0d214f/analysis/1516873074/" ,
"category" : "External analysis" ,
"uuid" : "5a6a0060-7d78-4d2d-bb88-48ac02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "37/63" ,
"category" : "Other" ,
"uuid" : "5a6a0060-8ac8-48cc-a42e-4fb302de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-25T09:37:54" ,
"category" : "Other" ,
"uuid" : "5a6a0060-8dd0-4563-9c60-4c4f02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b9ff84f5-2a18-417e-b486-d8ed3980d8c6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:56.000Z" ,
"modified" : "2018-01-25T16:05:56.000Z" ,
"pattern" : "[file:hashes.MD5 = '800edbb09259000697b201ff25d54bd5' AND file:hashes.SHA1 = '09e6215f684b5ea268d55d5fe1c0ccddc4efa685' AND file:hashes.SHA256 = '8418887655f69ab5a61915bad2af633462760b128d38f53911da020d70e4862e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-25T16:05:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--89a56b37-1e0e-4b89-9ece-2f720ffdb8e8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:54.000Z" ,
"modified" : "2018-01-25T16:05:54.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8418887655f69ab5a61915bad2af633462760b128d38f53911da020d70e4862e/analysis/1516839688/" ,
"category" : "External analysis" ,
"uuid" : "5a6a0062-3c74-4549-b6a1-45fa02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "34/65" ,
"category" : "Other" ,
"uuid" : "5a6a0063-e8c8-492f-973b-485f02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-25T00:21:28" ,
"category" : "Other" ,
"uuid" : "5a6a0063-8da8-4492-a288-4e4402de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--baa167f7-1035-40c1-9754-d076ef5e23fc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:58.000Z" ,
"modified" : "2018-01-25T16:05:58.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f03bea1ab5ce09c23c147f838b4e8b8d' AND file:hashes.SHA1 = '7d7c28b3a679e5763ff1b71b4f0a28394b3b2281' AND file:hashes.SHA256 = '6dcbf652b96a7aea16d0c2e72186173d9345f722c9592e62820bcfe477b2b297']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-25T16:05:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--60e1fd7b-6daf-46b7-920c-6e50b9093afb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-25T16:05:57.000Z" ,
"modified" : "2018-01-25T16:05:57.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/6dcbf652b96a7aea16d0c2e72186173d9345f722c9592e62820bcfe477b2b297/analysis/1516827505/" ,
"category" : "External analysis" ,
"uuid" : "5a6a0066-480c-4d9f-9543-464102de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "20/57" ,
"category" : "Other" ,
"uuid" : "5a6a0066-9090-4157-9e7f-427b02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-24T20:58:25" ,
"category" : "Other" ,
"uuid" : "5a6a0066-d318-4dd5-ab16-40c202de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--da4ba623-2d7e-4279-a279-809daf8dffee" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:52:14.000Z" ,
"modified" : "2018-02-16T08:52:14.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--81094cbe-8289-4cb0-9a8b-87878aee444b" ,
"target_ref" : "x-misp-object--1d635d3a-b3f0-426b-a2bc-9e4e23aee183"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--ba8bff4f-1f29-4f6a-8892-ccf8fef6c3ef" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:52:14.000Z" ,
"modified" : "2018-02-16T08:52:14.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5bc79f93-8d40-4dbb-90e0-ae79c6a3a0fe" ,
"target_ref" : "x-misp-object--9992e4e0-7cb8-4a20-94d3-59fdc388f9a8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--c6aa45bf-750e-4a67-a27f-17004e53924f" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:52:14.000Z" ,
"modified" : "2018-02-16T08:52:14.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b9ff84f5-2a18-417e-b486-d8ed3980d8c6" ,
"target_ref" : "x-misp-object--89a56b37-1e0e-4b89-9ece-2f720ffdb8e8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--3a920034-c74e-499d-9586-ef13a9243718" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:52:15.000Z" ,
"modified" : "2018-02-16T08:52:15.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--baa167f7-1035-40c1-9754-d076ef5e23fc" ,
"target_ref" : "x-misp-object--60e1fd7b-6daf-46b7-920c-6e50b9093afb"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}
