2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--56e050e6-ac24-43d3-9c24-4f71950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T07:14:00.000Z" ,
"modified" : "2016-03-10T07:14:00.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--56e050e6-ac24-43d3-9c24-4f71950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T07:14:00.000Z" ,
"modified" : "2016-03-10T07:14:00.000Z" ,
"name" : "Malspam (2016-03-09) - Locky, TeslaCrypt" ,
"published" : "2016-03-10T07:52:07Z" ,
"object_refs" : [
"indicator--56e05109-7bf8-42c2-9eca-4bb3950d210f" ,
"indicator--56e0510a-f0c4-41ba-a62f-4bfe950d210f" ,
"indicator--56e0510a-2eb0-45e9-9f8b-4ddf950d210f" ,
"indicator--56e0510b-e8d0-46db-9921-4f9e950d210f" ,
"indicator--56e0510b-ab00-4d88-9dd0-4bd3950d210f" ,
"indicator--56e0510b-b1d4-4191-90ac-4909950d210f" ,
"indicator--56e0510c-1738-4ad3-b6a4-45a4950d210f" ,
"indicator--56e0510c-19d8-42c9-8e8b-4415950d210f" ,
"indicator--56e0510c-87dc-4122-833b-4ffd950d210f" ,
"indicator--56e0510d-0134-4a73-8b7e-49e4950d210f" ,
"indicator--56e0510d-79f8-4c65-a718-425c950d210f" ,
"indicator--56e0510d-61e8-4e0e-b2f5-4b19950d210f" ,
"indicator--56e0510e-5d40-46ee-9aa8-4e49950d210f" ,
"indicator--56e0510e-b6d0-49ab-87c3-47ee950d210f" ,
"indicator--56e0510e-9520-4a9c-bf31-4838950d210f" ,
"indicator--56e0510f-0028-447f-9e20-4fa6950d210f" ,
"indicator--56e0510f-2aec-4749-9b4e-418d950d210f" ,
"indicator--56e05110-61d8-482f-852a-4d4b950d210f" ,
"indicator--56e05110-5f0c-4fa5-b231-4f6a950d210f" ,
"indicator--56e05110-8e34-459e-9782-473c950d210f" ,
"indicator--56e05111-89e0-45f3-92eb-4225950d210f" ,
"indicator--56e05111-b804-4d30-a2f1-4bac950d210f" ,
"indicator--56e05111-3ca4-4e1b-84ee-4eac950d210f" ,
"indicator--56e05150-3138-4ec6-91bc-4bf9950d210f" ,
"indicator--56e05151-b3a0-4e8d-8e9d-4419950d210f" ,
"indicator--56e05151-4260-4252-8988-4c4d950d210f" ,
"indicator--56e05152-03c8-4d94-86df-4eb3950d210f" ,
"indicator--56e05152-9950-4e78-8856-4380950d210f" ,
"indicator--56e05153-4280-4bb5-96bd-48bb950d210f" ,
"indicator--56e05154-dd20-4a71-876c-48b5950d210f" ,
"indicator--56e05154-ef58-4e21-97c8-4d48950d210f" ,
"indicator--56e05155-42d8-4da5-9eb7-48db950d210f" ,
"indicator--56e05156-d7dc-4cc6-bc94-443c950d210f" ,
"indicator--56e05156-2604-4676-9a02-48a4950d210f" ,
"indicator--56e05157-5e38-4241-90f1-4879950d210f" ,
"indicator--56e05157-4a2c-42cd-8784-4396950d210f" ,
"indicator--56e05158-4b78-4401-a4ea-4c10950d210f" ,
"indicator--56e05158-a98c-44ea-a2c6-4d17950d210f" ,
"indicator--56e05159-6808-4582-b5d8-426c950d210f" ,
"indicator--56e0515a-8448-43fe-a52c-4ccc950d210f" ,
"indicator--56e0515a-3b60-42bd-a183-40f7950d210f" ,
"indicator--56e0515b-cdd8-48d8-b0ad-4767950d210f" ,
"indicator--56e0515c-0838-4227-ab97-494f950d210f" ,
"indicator--56e0515c-4bbc-4d08-9b3d-4fc7950d210f" ,
"indicator--56e0515d-0898-4683-adbd-41db950d210f" ,
"indicator--56e0515e-f180-4367-b206-4a44950d210f" ,
"indicator--56e0515e-d0ac-48d6-9852-49c2950d210f" ,
"indicator--56e0515f-baac-4658-b3db-4343950d210f" ,
"indicator--56e05160-bb60-46fb-a1b1-4504950d210f" ,
"indicator--56e05160-5984-47a5-b043-46a4950d210f" ,
"indicator--56e05475-5834-4759-865e-420f950d210f" ,
"indicator--56e05475-1044-435b-89cc-4057950d210f" ,
"indicator--56e05476-80e0-4985-a496-4afc950d210f" ,
"indicator--56e0563b-bed8-4701-a1e8-4233950d210f" ,
"indicator--56e0563c-8690-4690-8762-4990950d210f" ,
"indicator--56e0563c-2cfc-458d-b7c6-4fcb950d210f" ,
"indicator--56e0563c-b1e4-4c0d-bc18-4502950d210f" ,
"indicator--56e0563d-c8fc-4574-8459-4618950d210f" ,
"indicator--56e0563d-c68c-4469-901d-4b5a950d210f" ,
"indicator--56e0563d-0af0-470e-954a-4143950d210f" ,
"indicator--56e0563d-3828-4bef-b064-44c8950d210f" ,
"observed-data--56e08431-a8bc-4ae5-adaf-40e902de0b81" ,
"url--56e08431-a8bc-4ae5-adaf-40e902de0b81" ,
"observed-data--56e08431-e128-486c-ad48-451902de0b81" ,
"url--56e08431-e128-486c-ad48-451902de0b81" ,
"observed-data--56e08431-52ac-4140-a1a0-484e02de0b81" ,
"url--56e08431-52ac-4140-a1a0-484e02de0b81" ,
"observed-data--56e08432-3a40-4d51-b365-46cc02de0b81" ,
"url--56e08432-3a40-4d51-b365-46cc02de0b81" ,
"observed-data--56e08432-573c-4d4e-94f8-45af02de0b81" ,
"url--56e08432-573c-4d4e-94f8-45af02de0b81" ,
"observed-data--56e08432-8ba8-4213-b16b-490302de0b81" ,
"url--56e08432-8ba8-4213-b16b-490302de0b81" ,
"observed-data--56e08433-8f20-427c-8f45-41c102de0b81" ,
"url--56e08433-8f20-427c-8f45-41c102de0b81" ,
"observed-data--56e08433-b3c4-4651-b935-47c402de0b81" ,
"url--56e08433-b3c4-4651-b935-47c402de0b81" ,
"observed-data--56e08433-5834-4fde-bc67-4c3602de0b81" ,
"url--56e08433-5834-4fde-bc67-4c3602de0b81" ,
"observed-data--56e08434-afb8-4fd7-b552-49b802de0b81" ,
"url--56e08434-afb8-4fd7-b552-49b802de0b81" ,
"indicator--56e11720-d168-4b40-ad11-4632950d210f" ,
"indicator--56e11776-752c-4455-bd3d-4994950d210f" ,
"indicator--56e11777-be00-4b4e-abae-40f0950d210f" ,
"indicator--56e11778-3700-4f81-9c82-4060950d210f" ,
"indicator--56e117ef-5320-4c92-8649-4679950d210f" ,
"indicator--56e117ef-17a8-4974-bfa3-46d6950d210f" ,
"indicator--56e117f0-8998-4652-8b0d-45dd950d210f" ,
"indicator--56e119b1-d4c0-48fd-9311-4da7950d210f" ,
"indicator--56e119b1-bdb8-4734-be5d-43a0950d210f" ,
"indicator--56e119b2-5cc4-408a-8134-41f8950d210f" ,
"indicator--56e119b3-0118-44fc-9333-4836950d210f" ,
"indicator--56e119b3-ebec-4ea1-9a1a-4581950d210f" ,
"indicator--56e119b4-1294-4866-886e-4537950d210f" ,
"indicator--56e119b4-852c-497b-ba37-49dc950d210f" ,
"indicator--56e119b5-d068-4f79-a60b-4817950d210f" ,
"indicator--56e119b5-fadc-4715-9f62-4760950d210f" ,
"indicator--56e11a49-79e0-408a-9404-4ae0950d210f" ,
"indicator--56e11a49-66b0-4a71-8eec-453b950d210f" ,
"indicator--56e11a49-3da8-47b2-ad4e-4682950d210f" ,
"indicator--56e11a4a-e794-4941-900e-40e0950d210f" ,
"indicator--56e11a4a-e62c-4d9d-96a7-4419950d210f" ,
"indicator--56e11a4a-6758-44aa-b6e7-44cc950d210f" ,
"indicator--56e11a4a-477c-42af-9c90-46e6950d210f" ,
"indicator--56e11a4b-2ec4-41af-aca4-445b950d210f" ,
"indicator--56e11a4b-741c-4756-bf7a-44bc950d210f" ,
"indicator--56e11a4b-6de4-48bd-94bd-4274950d210f" ,
"indicator--56e11a4c-f22c-48c1-954f-417b950d210f" ,
"indicator--56e11a4c-f064-4128-90cb-47fb950d210f" ,
"indicator--56e11a4c-0248-4240-9c3a-4bf8950d210f" ,
"indicator--56e11a4d-5b58-4a82-9f43-4918950d210f" ,
"indicator--56e11a4d-6790-4d68-81c4-4c52950d210f" ,
"indicator--56e11a4d-4428-4553-9913-4dc9950d210f" ,
"indicator--56e11a6f-0dd4-44d3-a5ae-4606950d210f" ,
"indicator--56e11a6f-3a5c-47a3-82ce-4305950d210f" ,
"indicator--56e11a70-ce24-46e7-a898-41cf950d210f" ,
"indicator--56e11a71-7fec-487e-945e-414c950d210f" ,
"indicator--56e11a72-b760-4f12-88ac-4a53950d210f" ,
"indicator--56e11a72-8464-4817-b455-401e950d210f" ,
"observed-data--56e11eb8-47c8-440d-9578-40ce02de0b81" ,
"url--56e11eb8-47c8-440d-9578-40ce02de0b81" ,
"observed-data--56e11eb9-99c0-4a86-8381-4c8802de0b81" ,
"url--56e11eb9-99c0-4a86-8381-4c8802de0b81" ,
"observed-data--56e11eb9-8f0c-49f2-b65a-40d002de0b81" ,
"url--56e11eb9-8f0c-49f2-b65a-40d002de0b81" ,
"observed-data--56e11eb9-af70-44ed-9572-431f02de0b81" ,
"url--56e11eb9-af70-44ed-9572-431f02de0b81" ,
"observed-data--56e11eb9-7018-4708-a936-409002de0b81" ,
"url--56e11eb9-7018-4708-a936-409002de0b81" ,
"observed-data--56e11eba-d16c-4cda-b5e6-465502de0b81" ,
"url--56e11eba-d16c-4cda-b5e6-465502de0b81" ,
"observed-data--56e11eba-260c-43c2-874d-4aa802de0b81" ,
"url--56e11eba-260c-43c2-874d-4aa802de0b81" ,
"observed-data--56e11eba-bf28-458b-8580-4f6a02de0b81" ,
"url--56e11eba-bf28-458b-8580-4f6a02de0b81" ,
"indicator--56e11c5e-76bc-41ba-8290-48ff950d210f" ,
"indicator--56e11c61-5c48-448c-88ef-436b950d210f" ,
"indicator--56e11c64-fc48-44b3-9302-4f7e950d210f"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"circl:incident-classification=\"malware\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05109-7bf8-42c2-9eca-4bb3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:25.000Z" ,
"modified" : "2016-03-09T16:36:25.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[url:value = 'http://kaleofis.com/system/logs/98yhb764d.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510a-f0c4-41ba-a62f-4bfe950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:26.000Z" ,
"modified" : "2016-03-09T16:36:26.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[url:value = 'http://ari-ev.com/system/logs/765uy453gt5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510a-2eb0-45e9-9f8b-4ddf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:26.000Z" ,
"modified" : "2016-03-09T16:36:26.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[url:value = 'http://www.ekowen.sk/09y8j']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510b-e8d0-46db-9921-4f9e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:27.000Z" ,
"modified" : "2016-03-09T16:36:27.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[url:value = 'http://torgtehnik.ru/system/cache/.../1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510b-ab00-4d88-9dd0-4bd3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:27.000Z" ,
"modified" : "2016-03-09T16:36:27.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[url:value = 'http://witchbehereqq.com/69.exe?1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510b-b1d4-4191-90ac-4909950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:27.000Z" ,
"modified" : "2016-03-09T16:36:27.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[url:value = 'http://witchbehereqq.com/80.exe?1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510c-1738-4ad3-b6a4-45a4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:28.000Z" ,
"modified" : "2016-03-09T16:36:28.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[url:value = 'http://mommycantakeff.com/80.exe?1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510c-19d8-42c9-8e8b-4415950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:28.000Z" ,
"modified" : "2016-03-09T16:36:28.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[domain-name:value = 'mommycantakeff.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510c-87dc-4122-833b-4ffd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:28.000Z" ,
"modified" : "2016-03-09T16:36:28.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[domain-name:value = 'www.ekowen.sk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510d-0134-4a73-8b7e-49e4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:29.000Z" ,
"modified" : "2016-03-09T16:36:29.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[domain-name:value = 'witchbehereqq.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510d-79f8-4c65-a718-425c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:29.000Z" ,
"modified" : "2016-03-09T16:36:29.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[domain-name:value = 'torgtehnik.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510d-61e8-4e0e-b2f5-4b19950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:29.000Z" ,
"modified" : "2016-03-09T16:36:29.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[domain-name:value = 'ari-ev.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510e-5d40-46ee-9aa8-4e49950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:30.000Z" ,
"modified" : "2016-03-09T16:36:30.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[domain-name:value = 'kaleofis.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510e-b6d0-49ab-87c3-47ee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:30.000Z" ,
"modified" : "2016-03-09T16:36:30.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.117.183.252']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510e-9520-4a9c-bf31-4838950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:30.000Z" ,
"modified" : "2016-03-09T16:36:30.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.243.75.135']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510f-0028-447f-9e20-4fa6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:31.000Z" ,
"modified" : "2016-03-09T16:36:31.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '147.213.4.6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0510f-2aec-4749-9b4e-418d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:31.000Z" ,
"modified" : "2016-03-09T16:36:31.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.82.74.197']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05110-61d8-482f-852a-4d4b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:32.000Z" ,
"modified" : "2016-03-09T16:36:32.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.135.108.94']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05110-5f0c-4fa5-b231-4f6a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:32.000Z" ,
"modified" : "2016-03-09T16:36:32.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.118.142.154']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05110-8e34-459e-9782-473c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:32.000Z" ,
"modified" : "2016-03-09T16:36:32.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.25.97.48']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05111-89e0-45f3-92eb-4225950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:33.000Z" ,
"modified" : "2016-03-09T16:36:33.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.108.87.179']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05111-b804-4d30-a2f1-4bac950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:33.000Z" ,
"modified" : "2016-03-09T16:36:33.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.73.151.140']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05111-3ca4-4e1b-84ee-4eac950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:36:33.000Z" ,
"modified" : "2016-03-09T16:36:33.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.64.35.2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:36:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05150-3138-4ec6-91bc-4bf9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:36.000Z" ,
"modified" : "2016-03-09T16:37:36.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIALKEaUjJK1Q4YAgAAD8TAAAgABwANDRkNjMzYTYzYTM5MTUxZmJiN2Q0ZjVmOTljODNjZmJVVAkAA1BR4FZQUeBWdXgLAAEEIQAAAAQhAAAA2kLCjUkPHlgz+xnxM0b6U277XWS6kKgMiuJTB53mTW4BBnv+ScNVI+ux1aNRyhuZuciEK99o46p6XRgHRVCY7iCwm0/K8viBzUjPEGESkRYkmlYAjrC4Qp2rI4IOKw+8uczFptjv/v6tobfVW5qT2sN66p+u8PBltRmMVwF446LvtCTWAh0HV/9NCZyMDUxkse8NlAP/ZaMwDrA3/eTfXH4lOOm3jKadzzcWTnNbn5f3bdiev1rW5os2qFcv86ISabvLxZxN8iWSRC3RUB+x0URHOGZSDotTNVPaaM9pV0jq2dHRh41ulc5bK+2lctHKOKGuuXhldJYMZmXodegeuAivHcjuMoW7RGxmOTWv6Q4jImS+m2GDAmmir2/e/0ueNBeiIQWWGX4TwSwVmAG3HIkgtdWkrqWmjuCBY8xO0dgEX0s4hxCJAiaWPq+8nfodd1tD1rUJZX3yGmoEj1HUbmA/WP4UXK99RMQXGjOJGZEyrA9/SKgqsEYErS0F0tRFrojfnqWMgE3ZLHsouRtiHEnIFeDBpqy4thMTHzkiayA0W1DmamNyAWWnaxp4BzZFgRBXx8V3rrXKvE6RSitm9XT0pKQY487tIRzpUZq6T0rbKEfpj1itZb3C40q7C50jF4f7DpJNcAd8fwFHzCg6XMMrbI/nj5txg5eNMfCxMtqC/rMTHPqLDc9Jzio8oykJ84yz+Xu9Fdp0aAfLjCJRgdMzTYnjpqIpov80lONr5ZP4m7NLeSNaWZJO+3fTmKn10kHSUf94LYY8bg5AceYoibThzmfie0ixZDPRGj5BeiYPXqDKlro0Wug7KN6rvSIQHnZyL52EDVPJM8nYbWoMTfftuBvuCzsRDQ1T1izuexefVoQiQcnO5ye6myX7mJe0iU7+iHAas340IwKyLpaime517S5NresVvGVFT+iKCZkV5dEF880Ubjmoez4LFfxR5vKQiJsbhvu6nF3I33X88DEuALIMu+pBBPhdZJBjAi+aXe5WfueRD5MG4Q4b6z8foodelZ/LF1rLytSAd+Zujrlc/bSjsGzNusQWQ2stzBtwLdVY3GniZoafi+GQ64sBV2+CJF8e1JZfjrR5KQ/gKcmKRtEekVUi57zj5yI1PNY3+p6RYXG9v5JvVs6S99Z8oJMHw+3siWk7PJ0ZV87c7s0coCeEXJDjhrU+YGAeaDuqB6FWqpNS5s5AkZj0qbQYYvQVr7MkiYno1MNGtMciDJZb+9sZg1dki3tLpaYcpvH7CXygmM8MHHNvUJT+W63HimSRDWmHn3Jpe9ZNjIMRh279TXGgs256d0hMuejFmT3MkU3vuZXCnm+6Jgl+sudMy0ktyqZS6PklyIHk6L2MHjlcnra2PHQEgl2l40MJ9VY6lzSLxHC5rUTa1hfXIK278hOowYfiBGaFGPScdvUEUFZ2n3xgdnIV2M5BM4wwCzMseNxSD6U+6es/y7hM1B7i5dIZAz7O5fEuVDzKUXkuvD8FzXGvmfbUqQEKt7DqlKYWtARumnPL1vsPT8sFEsJz9mrbK+Jd6a8qDm7fmF29yQMn8JI9wZVQq99dwt1Eq/pRgi66F9zFxAavA7kToo+MaggcxP0HPlIz5kBes+vr4hs1pOAzDb5+f/ZKUmjNqZdCCG7va2PT4Npnck2MpBKCHfpsNIQLRXucBU57gyh+4i3qWLjLWeK5liKjvJIO9zUBP3CN9g0gsVyd3LssGxkNJDQZ5rkIrCCRlSImfVjA3htEFKvIPM0nvTS+ThEhUsJyHRx8HhlQJPv6Lgnq8NK/nWTJNEnro2N+pZ9S2h1jbNOWxuFvPnDtQIU+/b+fynu2B9e9J62MHMCyyUuwxbKp68i6POLoYK8PBgl1i2SpbpGbJaMAhcmvxESxn9sxznnAyrBiKZB3vAfIwSgfsSeRMdqTD3Y7DFeT+cI8kReOZQeUZBT3cxvaDOjOyY/U/HTh2dXP8l5WqoLuH8xuhbmHZqVgUcdW/UyaI5DVlNiXqZagTMpnd+VcnMk67VM5PEwksfY/PpNmoX4UgVfJbLniImICEqi4cy8IdyS6JmYG0Y44YW4k9olR0UmmybL1lZw3bcyKLXnbzBPg0iEPu+1U7lhmVN1iOw41C/NZv425iDglGRPak8ripYhCxpeBpI79QTekEzaNwrSZzqD7/xXMq8wdLkeeg13ynFRYv+j2PL0HbcDaIi0vnExmilBT3yNEbnZofKlGk1Lxp+ZT/QfNCLESmSNoWm0xiWGA+C1JwF8cHMG4jGwkLP8t4cwBgk7q09561du6ZsRRTPVcnqeq6wjozCKAtWO+3WwJquxKsmSrjZ8KV0j8uU8cT4gNJSHNAeZUMTw5PGIlY45SwGEX5iNuTV6utxLoQXptjQ5Kf/ALGHQERfmIbMbGqpbYFAvAFhiw5XdDM4IuWCe6azixQuFuBIDlxfiyZxBpnJDMGMwqzdv80WrwHn+fuOduLjtfjSz583jvzqIJBV7yse4ZN3FCbIcfyuuDC3qRr+cIb+o6R8/eppxiA1YpgzXLQrmgtM2kni7L2ZhWNsHaTx4kCzR4DQJjVt60lQI2Yvv8xDFLSqbXj1Sl1DPbGAq6wOi4Hvn/YPgnf07ScH+T4JNJHUYxH6423j+P3CKQxhmVPXWELOzJUH9eH5cD9YfxA3L0W/uqEWbUH/C1Fp3QmjkKnx+oiABwBqarIMS5RQsa6QZSeUFMCM0p/K/Aln07jqK3/Nsl2XMfcEhwUX/E9UAM0j1yPulY2z7zHndRJvtB1dQLMstzjD9+ZtGBwCEy/Lzd3kCc0hhi37qe2Hjxu++jw+IhnLmYV7OGcqf+HIPfySHMws0Xzf24NKFpKJeGqSpQSwcIyStUOGAIAAA/EwAAUEsDBAoACQAAALKEaUiShGYnEgAAAAYAAAAtABwANDRkNjMzYTYzYTM5MTUxZmJiN2Q0ZjVmOTljODNjZmIuZmlsZW5hbWUudHh0VVQJAANQUeBWUFHgVnV4CwABBCEAAAAEIQAAAInT6XnawLQV6WRp2p4UJuT+JFBLBwiShGYnEgAAAAYAAABQSwECHgMUAAkACACyhGlIyStUOGAIAAA/EwAAIAAYAAAAAAABAAAApIEAAAAANDRkNjMzYTYzYTM5MTUxZmJiN2Q0ZjVmOTljODNjZmJVVAUAA1BR4FZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAACyhGlIkoRmJxIAAAAGAAAALQAYAAAAAAABAAAApIHKCAAANDRkNjMzYTYzYTM5MTUxZmJiN2Q0ZjVmOTljODNjZmIuZmlsZW5hbWUudHh0VVQFAANQUeBWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAFMJAAAAAA==' AND file:name = '092.js' AND file:hashes.MD5 = '44d633a63a39151fbb7d4f5f99c83cfb' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05151-b3a0-4e8d-8e9d-4419950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:37.000Z" ,
"modified" : "2016-03-09T16:37:37.000Z" ,
"pattern" : "[file:name = '092.js' AND file:hashes.SHA1 = 'da893665253bb150357f5334044ce226f83bf5fc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05151-4260-4252-8988-4c4d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:37.000Z" ,
"modified" : "2016-03-09T16:37:37.000Z" ,
"pattern" : "[file:name = '092.js' AND file:hashes.SHA256 = 'cc34e2ed0fc564dbabadddaa5c7f953f7187a6d5a8aaa8ae92edd9d11baf3de1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05152-03c8-4d94-86df-4eb3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:38.000Z" ,
"modified" : "2016-03-09T16:37:38.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIALOEaUgSGRSnfQcAAAgPAAAgABwANWZiZWIyOGFjNjQ3ZTcyNTkzYjM1NzlhYjUzMzFmNmZVVAkAA1JR4FZSUeBWdXgLAAEEIQAAAAQhAAAA9KwrSFG4a1IUgG0pd0b3V7L0U+TPc32MJ4PDUJJfy/IYxS4BFl/VcGHsu/h7mdkme4uDxXADaAjjenF5xfg//v3ryZkKQ/o2RroNuEz9A+jnUpB88FFgKp6c1aSM7znNxzZ7xa9CyAIXVSmhW8okIYH6c49CwCgJq15X2oQUvqRmiMdH+j2C5uYrwk62bhlKQZxImx3w/9rGfJ2CcczGve3iZLeuaacQAC9SsWdY10dhZBC76rdkGgaKZ8GUdzuozPGI49p8KkxsyyBmuiV0VxRQRzlRjiVq8FkAgZ39KeoiHsDRvOnebZ5+6iwHhkCwP6Bdi+DQT79Ca1uCpdl7FR3zMXNX4aQQ1DXWQbyts182xdkPlLbQmyBIltmgLNgHKnqE7RCMKf+jAECM1BTxzDvqquw2iZmaatTjhec30VtlS9zzwrE9EJBlnViz9HH1bSkOcs6GsJeHiHNHXkvomqsldPXgXU/oVylR0Ys05ZFVvGsSd5Ww83B2xKMyN4MeR3XkahXuJlDj7y4shWWcajfFwgZ8DfBzMOP5l3pBL+6kjEsGWlZoENV3khIXo+ST5gIJWDDBBN/dwkiZr6ygBtCWQ7lfY1tVBT3a+0tL9N2ZXUl6zGiJGznRuAWLgA23qV0nHm/N1NLIkF+0rVQUnaO50rW3sJqkFxVYx4vQJC+joGyMWASVSvLyG7laQbYmZ8Uh5hIMKdRnwSYNPo9AoPD2VDzeCZO6rAzXvyQUC6mYXnKl3jOvMtg+UA4QK8/nCB3MZGOvSWl1xMqxVNogiE8ThHqPXyMZVTPke+GMwALpT6iCo21sAi8wpeq2h63Vi1ZFb1RqPOIf3qVU9gIXksG7E/TowkoeROQXc8Pfn1bz0qb4f3zBSmjo/KElKIO19xbTe4jfGbh8PJ7Y9W+o7mNXmLq41GFGctRcX2sshF6qPx/4PH5GjtRO7S8iapHKGj8MJiIBZKHjAsWcloKAtJBvE2jvsLHHXihnggtYqR7DREvy55uH16n/Kz69q3M7ljsOYwIyDLy4jEdlpO0eWgTA71RTppZ9ITjE0tHouqrgBqXI1pWxqoeiU2ynkxNUogaze/t3tfImSIW19zUQW0Sr3TH0sBFjd2vET7vsX8ExCl4v0y/blvM3CwshuocLBZCHdBilQob+yfZItn0M+IzpTxxaWlhGu2clMoawPsU/auxKB4VdQmlGq1aZsImjd8F0XWPazKEZrUKZkzcBUSFuJ94WoUO3mVQ5NPwI6qGU+NY/HSPxuj/oKV9W2Fx9oP8taZe40eqEqr05wJpD73rF4Ev1VdRt9jrU+pXX7xPkU921emeyXQHyVzk/NT5wQVl+U4nlYFwmnYFEM3sj0XGOjwZwn4WQmH04mQOXviHsIDZJwp/f5SZpdLyx6ftHnbgJByNT554rt8m1eflbBKiBDdxIgoGNo8DqExucdA2gaHtaixZ8VwFPgDKkocTtx3k0X+C5gCkE6Y7Sjc8l3qQry8KY/kJ8QvrcQBTiqHCiuHCEZFaXCMY8Pe+g5iPziiqxtu8X3a9jZJtffMWpmRwVvjapWzpAgasr2qXb3+62MWXC+qdfHY/nl3xJJZ1g6wLIrvCrbRWok05g4Lqwy8tnXd/L48np4YJcTWRdmAaPqdtJznrtQxg1pYn6I6ZOqY+ZXTsxON+IxzDBPUz8rBok4Z/gb7sG/57eqOyrDp3np/18spd1tpiBk+S6VsEoifcUz5ITv6QU67h8Wccq7YF4IW42KNyMEEO5UTS+/vosdEGc3c7OyfEylIHvMhoc91HW6xWYuJxQFan7cuJInzO1d5ogXEh96Jdf77Ekd3+XGovnFBeUA0eaw6gZPWxT1LS531/haVo9EaX65O8XIJ7kEveksnxFZdALCTPs0ZXsLuIDUj3XuB9B4EWk6Azrvc18p0oo/nKc7QwYBPrOhCqyObG/qLje4TARwwu8qHDrjzwTJe1eEGM7jYESxgjf49eeHNCeByjtiMtwhn+IdthfHY97fmLG5lo+mIxQzlJfwo/8D4M/M2Dmwny19vE6C4byLqLLLxuFIcOQRAuInrMURb3tcPVxVINyEHTYmsECEudMppiG1d7jaomvqMvkhaz5wHVaoVpOqwJt4GzQ9iBJi1juwnYq07ZHZJpkyo4ePVl+rAIms7vhCFqg79JUZAY1w0LmtwclcpfT69NMSsc6pjBpG54pc3C7LAW6WC9tkUHlG54BuVJxNcDvcFpD1aLiIMjBLgN3vTjTz3dotI7Dh84R+TjyuWxW7rN+pO/Pu0pA9OnB4X+9Q7+Ji35RB5/4umIsLK7JfjB9pRa6Q6J8HBWg9i9tCFJhvOc2NUU3OIaOlk+ZfFVt5vGyf0LxMVGQr3Yyk589Snv4puS3y91MIiPNlVcaZ45XUAZIBO9/l/QE3CLY/NjfrufZHT/Z+kl41bT2p3RD+E1LRvKkPttNPJ6+SFL9aryOlL8lMUrTiqvcb+d+NB0ZFRmUPzTRHVWK+TN8nlgWVqa/pXhcHfpIc+5hyzNUPARkKs4Ih8NH6jBBK8qfLNJyBJnvUEsHCBIZFKd9BwAACA8AAFBLAwQKAAkAAACzhGlIUDY4Qh0AAAARAAAALQAcADVmYmViMjhhYzY0N2U3MjU5M2IzNTc5YWI1MzMxZjZmLmZpbGVuYW1lLnR4dFVUCQADUlHgVlJR4FZ1eAsAAQQhAAAABCEAAAAX6dJ4iW6Mq8zVdlQ6kjB6Ybc5HSSKY2OXtBOqnVBLBwhQNjhCHQAAABEAAABQSwECHgMUAAkACACzhGlIEhkUp30HAAAIDwAAIAAYAAAAAAABAAAApIEAAAAANWZiZWIyOGFjNjQ3ZTcyNTkzYjM1NzlhYjUzMzFmNmZVVAUAA1JR4FZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAACzhGlIUDY4Qh0AAAARAAAALQAYAAAAAAABAAAApIHnBwAANWZiZWIyOGFjNjQ3ZTcyNTkzYjM1NzlhYjUzMzFmNmYuZmlsZW5hbWUudHh0VVQFAANSUeBWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAHsIAAAAAA==' AND file:name = 'invoice_Dpoqlp.js' AND file:hashes.MD5 = '5fbeb28ac647e72593b3579ab5331f6f' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05152-9950-4e78-8856-4380950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:38.000Z" ,
"modified" : "2016-03-09T16:37:38.000Z" ,
"pattern" : "[file:name = 'invoice_Dpoqlp.js' AND file:hashes.SHA1 = '49d55b2251f5b38c4b5bed3caa3a22cb350b8c31']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05153-4280-4bb5-96bd-48bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:39.000Z" ,
"modified" : "2016-03-09T16:37:39.000Z" ,
"pattern" : "[file:name = 'invoice_Dpoqlp.js' AND file:hashes.SHA256 = '1f8f0007f437b4cf355913722568b95112a3786be6d24c0980cb4bb72af94d96']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05154-dd20-4a71-876c-48b5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:40.000Z" ,
"modified" : "2016-03-09T16:37:40.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIALSEaUiyMZ/XiwcAAAoPAAAgABwAZmI3YjMxZTkwYjgzMDhjN2U1NjI4NWM3ZmE0MjZlZWZVVAkAA1RR4FZUUeBWdXgLAAEEIQAAAAQhAAAA3i5zydo5/39FWUZVrJwHpgsm2fClRLb5GWNzE3pMq1HYNIuCOGp39B2s+Yu98dYD5iliZxDGqRkNFhr0wLqbCwknfL9p9N+pY5j5IzCN0t24D5YnT0SJ7jBzeJyXPkBrRWaUss06EdOS96WYOZQHZhKHczdEXQ6lyGXuC4mOCZc/UINmTye20/+Cslh3ao4JC2CLClTMwvoR3fnvvJeJFT1Wqy16kBJtGvtyNZ6eu3Yp2pDFeGUB2b49eUU5UMVFwqKxv1gjb7Iyfdzchr3Uh5HkAeWCpJ365KScz9YdYJyluuuBNRET07W8zT8suJDjGwRUSc5vRXJ3PSsJ0UfLXQim80iZVGgvlnj1YF5c4wSxqdrkFYTtJxGC6s6SQQwiHB9ONIM1a1zc+4yOCo2vtjaW2EFkwUnHAsohMBnCuJydjdZ5Zlfy99amYTuOQ63lzA/ZEmbEvj5n63ME+EUvvKxXcupJiMnQd4sMDw2mq4mVbmZoj6/yhEnMS/QV070/QDOI9uJ8qdQPayhArhAyV5+1Im6ppgrdlN4Ld++Xxn5FBceLxH56OkEcyxnWhnlEs1aAjVUrkdfPuGMbBRzG0NrPqcvYQu9tPYg/50oY1wTpoZgxVXZ5kToxF8UsqL0lw1nn8FeY2JXEBA/5/naAr5jVgcNwkXW0HtiokH0GmlZlFUH00PNSpz2P/DWfkAQk7Fd2Tkw/J98uW0/7ncAKZqP9m56M6lyJqlnac56Ulk18Pyv2wHlEvN8fxdBIpUS1EJ3SxIPPyfQSMQrPWwwka6t5wPNpSInBATAIys3TQZf+slbXsFXO1J3h9I+EaCOZdqgb5cZ+LsMBiB1jLKcq4K42SW6/YK090t68KJOkFGaAxqtluWjDklkEiJOJeTEf3nRmGnbHzeesNeRljLmgywqI0hwORpe0/GCy84X/9wVnIeG9zXrn0ap+UqoT15JCroFkVqQ5Cq5xMynlCunrbwtmcssKSP/sAGJSN3NcJ73zOWWxNIooVzUmlUjvRIIQ4WFOlw9HKOh9s2LhunSa+kvBABnJus+opUb2La6jm5L8hsgnQYpdujCSJ5zWpIt+y0FZ/ggxxINy0EWh5FYjgwj+adhlEYu/kwii9aAAwYu0vVTqBCdu5cZEoSOvUvpgfQB6L3PooE6SKLCm8aRR5gCZlCn7TG4o9eIEffGgkGr/HUtjFI8rv6s78J+7jQX5MkhGXpByCwYjoQqi8TtHWgXMaIbyGHChdPdWQiMfXXyuSQZAbHVzbP8WVdLGlDHolszj4fOq7WyzicSIXYCSUFQS4am2wvCCbdUq6sIcnmdrANLuh7Fr43yxJPOsmKO9r6Vjzpnq8WjRfPTb4KNm/cbUbe1RFU3JR1OC1kbqEzmwOwLPm9gKssu0RSbe0JO8t8P8PKCtdzKMzeUj0lXXCQiCFlwNrKrbIMcijtgKy+WzJd95lwzSocK0bLrVHPYkAv7mlPfOD+tbjHKT2xkFRGRygNlCP3HX6US/ZwkbVJF/U0F0+Vdj6FtC14sCVGV387iJy8KH/VQ9tzaRimIuq37b01WThEFW0soqauz3wnoNcvp2nUnsalJz+YIUtinJP2xHpF7MAzEY82SSCK352qFa7YW7QqtVLdzC3XAsgN6iasH0/qkKj8QFh/O+4HKeJ6v30RRetNu/8EGBcmRYXvpM0VGZK2RXcCiOIoaumn02rHI9tjD3/52Ruu4HQh0qxOi8tK0z5RISxIjHMEDr0aXpxBz9+dwaB97k6uDFDHUJs//A9xpUK2ZLVtG8mmRwbHZgNdASxRiL/dsJ4atheFR9nyYzGCxWjULlygdJzeeZll93j/HA1tzEttS3U8fK+D6a+aXO/iEAA9o++LkausOVfrMhX4PofmiRSUk5zJBuN1O0Gxd5Etg3Ns7MSZFUGy9f4uzHikWq32t0RApfx/fT+xkTDyhJUuESDtfh/TFzqVZnVOiPNJZEjV4UI8XkQwhYD471ZGe6bUGa9pi3eIhd2ovm6q5nOCUT9xA4kwn7fmFsjG09EW6766egZCww6UJBR5/Ub3anGTJVUSucGgGa5MrPAOXvCW4QNeaZDLpNzqVh2tVjF7sbAABWqAHqr6RcFn7PTaDM7uxxd8jTxBxZGzD+xTQLSRM+MD/1+4RybyxOWwwbc4mhxto26R+eYz3UWVOnEa6z553uOXYRgxh0+4absMRDLiD1ERZHIUj38lt5o6xSTAhv2onpvqXyOziyissPW4Ny1GgCA54E9fZVehCFdUetm0qoFbV4UNkJPGVomqQ3mXaA1LVGsHgW9iwZorHK4O6KrShe05y9vABsHhW1/5llEjLM7gu/queiRNrvmZvay8F2GsXm6FQiOgbsexhMkPrWwcenNqDHicfGfLzq/XK09f9qOFQYKsOkE/BuQK3bJM1E7fd9o35+7KU98oosJeppjR0HIj43E3F3/LGHFwpBxfYGD5gXHRdFamH2/hsprVUJxhiq1rgopZiOLZGrZ3OLsr/sNVM5QN61WrLKtI96ZTvuit6gEij7rTKCMw+YQ32W0Y2IHlfOpD8ykBGHsXP0SyhQSwcIsjGf14sHAAAKDwAAUEsDBAoACQAAALSEaUgig8CNIgAAABYAAAAtABwAZmI3YjMxZTkwYjgzMDhjN2U1NjI4NWM3ZmE0MjZlZWYuZmlsZW5hbWUudHh0VVQJAANUUeBWVFHgVnV4CwABBCEAAAAEIQAAADrHNTaGXfifPkJGsJzpMXErcnzS6LAcKuLGDVANXDTkQPpQSwcIIoPAjSIAAAAWAAAAUEsBAh4DFAAJAAgAtIRpSLIxn9eLBwAACg8AACAAGAAAAAAAAQAAAKSBAAAAAGZiN2IzMWU5MGI4MzA4YzdlNTYyODVjN2ZhNDI2ZWVmVVQFAANUUeBWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAtIRpSCKDwI0iAAAAFgAAAC0AGAAAAAAAAQAAAKSB9QcAAGZiN2IzMWU5MGI4MzA4YzdlNTYyODVjN2ZhNDI2ZWVmLmZpbGVuYW1lLnR4dFVUBQADVFHgVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAACOCAAAAAA=' AND file:name = 'invoice_SCAN_LltxSn.js' AND file:hashes.MD5 = 'fb7b31e90b8308c7e56285c7fa426eef' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05154-ef58-4e21-97c8-4d48950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:40.000Z" ,
"modified" : "2016-03-09T16:37:40.000Z" ,
"pattern" : "[file:name = 'invoice_SCAN_LltxSn.js' AND file:hashes.SHA1 = '71eb9147fbd1b2e26a765e7d4de376a1991922ec']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05155-42d8-4da5-9eb7-48db950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:41.000Z" ,
"modified" : "2016-03-09T16:37:41.000Z" ,
"pattern" : "[file:name = 'invoice_SCAN_LltxSn.js' AND file:hashes.SHA256 = '192a46bb8952ccc1fcbb620ce5adaf77b67f32949cf4989c1bed0a22ec46f96d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05156-d7dc-4cc6-bc94-443c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:42.000Z" ,
"modified" : "2016-03-09T16:37:42.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIALWEaUg+ldnXfgcAAAgPAAAgABwAZjU4OWI1N2MwMWNlNTY4ZDk0ZmRhZDg0MGNmNDEwNTJVVAkAA1ZR4FZWUeBWdXgLAAEEIQAAAAQhAAAA9KwrSFG4a1IUgGtq/lsDY+RHNZNR3FAahJi+utp2szYsGn37ewyxU3SGzigbDx4XEBjEiOPTCNE0SwfzSspMwqfd/1TeJfeLjitQztpnPu1jjPG9EN3XpOWzCqZIDy0Rdixupac7/hlaMae4OCpwAAebT4o4/UgaIyZqO6Vfrv8whNxbLD7BTamn43/BR7rFwEwPv5oHCHeIo67w0ihypRM8/ed1vtu2ehG/TNuRBjVKzoXBrvUGre4TAMyXt2kDwMF8NcBbEKPy0TfAaBRsBiZOSyBjKHXDV8kgHo3y46FAdw049Zv2NYgbWJBkDDOxMKYdTuBUwDkAVAMBQ989Mnjd7fP7XB0QYOBmo7aWrCJDV0mfH22ucrKFjjHqSWTRHb7z6xmlV2aM4HPtM4KC2M6wvHZ7BQTuseqG2kNSRWxStCNye0E9exQY89cKUIpwoVEzGHGN6XZeLDnm8FbceOlPWqs83/PUnLz3z5ePGwJ0+zq6xl5kQUJjY2CwOhorYpNf79aumEefG0HVHIP66UzER2qo3qNBnXe4cD3znnLUzTUFWp7cnaq5lTsUnVaWCwc91oXHvffwV+sThONE8/iJjKWnsUW2RehuZklRbPh0ls7PQnwwbH8uD/fAWfNpGMudbhM6XQRABTydIeotAUyqkyrvYMwZ5z1MI+HEFMDopCI/Kkqv1hjJj64o0VwyVa4dDYc8BQ9lHjXSmImoK7pvdwwSZ9LCI/sJZgEd+FlNqkTKcTiqVWreUD63XmWuL5hhuW63icJ7AFkyVmVrShOUH9/HlxJ888xEgtArD/oRVLGAQ/hPxov1fYbW01GcbakxVa9b5Dw4wbkXJnzx+GzhLXfGXfajwDdMk9rB8WCKVKHkFwSgMlM2S7UqMlNsDwnBLYG/Xdgej9rvoHY4UQGiproAz4s7x5mNOUvRGVcATgEqi5zglxgzrfB95pg1mHQnfYoTICti8GZLBONpDD8ThmykZ85SJ0+Fj2Ja1QKDl2uuc4Avfpk/fZ6Bb4zJAHnlFKnSzlvPRpB3vbTuj90tjQIEPvI9SvQJ3A0hEoclpL4SgGhWSeDuM/ED7USnjQWOYOjNZHg/szqMEfogSMKQmidAP6ogml4W8vk2PrCi5EZuZMYc7qUUQ/l9Fh13snklG7mT9AjQu4kGHiRM4Wo6TBIW63LcVYJBG5gscY2wJOKhUi/e01tCoX8+dlii9Nbf8adRacMc7Vf9nVihdLBuQwSZD8AzApsgAkS3jYKqgTJlCmuWa1Y6EnP4n8f72bpIhhiqDbFm2vZOnYAZyLo4OxqRQIBeBB5HEnRJTzpOqoKAQ1zedUtv1niEuQMUEoS3e7eFN8f7FIfoMHq0HrgwbEbTBXtil6IXjoYozSmMhBaWeiOAYUo8B5EOnpM6T1QwC5H5FoDMQ+wRP8qm8RiszPNwkeRcPC+jhj86g1MaYFbFuh2cvEghWlAyLapLjpPIo7irgD9PBTqycBv94PP2SAa6sht74hzQg5Y0xuMRpDBIziJOqrteCq2pytFIYk2N/dlIJrtKqfzsJq4LwGovWEGcAp7o/Fu+Ibtb3s7bcOkAJNIBxym68srtSJlpV+poLwlfWKEoxuZZiXCNLLxgnpMYrXD6bpPO7luHRc8kw5ZaFNOVwtLHEtfV5pEkhBvWaX8tkOpAGgKKr/dBdnuXPSVZbQv6kI+GFRlIAcIPr9CkOI5q7+qZHDfrHxyhnpqAIaljkdyAo9EOGC/nRqo6p6eyMJBDJd3I7tqUlOqvOyY2Qj0wewtx6ChuQAKpCPHA5yJhSOskrVDV9kAMCPOjCj2h65D+CDrx6M4BFXlRkn2FAvt6e9Pl/15Oso2nGeowKRIsGAZNglcW7VEmXoErgVAb012rBfqAdZz7bXW2Yi/ZGhjmF2ysNKRaVlNU46CMEpTxW06zGNrXdhLUjQNGKNCd6moC1DOEDsxbQwnjPviN1sjKRjY2qErqVb03xvhfUr994bTO0o0LxHGSlYhaMUYeDIL+5HHy5wLSAiAkqOwyNO05EWwIgPZCCOvQ/Np6wmaTMXFmhVxkMiDyy1Q4quNrez31ecd6dxi5A1pGCFQEZR41czt6d94jWE73FQhuv7+BtEbtpYxvY9Md2tM6GtbtiQRXER921ZjW6GGBxrK8yXnhkFkcDL7HmQLAPq90i++lsz1ykI991nNCy4+tIJTbGHIohcxP1tFWi1/0L3H+V5j26shw4xW1VFWoVMvIQpdQDjgrQLDZw090p8bgy2IipYlDGT69D4DJbSu3FYubvZkUmLhVvd95jJFzM4/cO65eeSyEo1TGFkLufdiAMsLavU37tefAPh1z8F39wOwv4rXcNnCA5g5xJ9O7ZWG2iqOiUvPIhjjk0OquZ65ar8wMOAqIzMTXQ+na0/vHMScY8swDQ8ULXfWOQlnJlpSZay0Dbsnox7OazAm1y0CqLE8Vu9OpqUjcxovrThnQIOyBga38B1uJifOd1xcwhA1xRpdYNasqoZhLBE7EdIVsDrGcossqGzwFyNdKH1QjTpu7k1tb9bjeB+/7xVBLBwg+ldnXfgcAAAgPAABQSwMECgAJAAAAtYRpSOvylHEiAAAAFgAAAC0AHABmNTg5YjU3YzAxY2U1NjhkOTRmZGFkODQwY2Y0MTA1Mi5maWxlbmFtZS50eHRVVAkAA1ZR4FZWUeBWdXgLAAEEIQAAAAQhAAAAF+nSeIlujKvM1XDahZQSUItT8KEdp2G8EOwdEBRr26vLjVBLBwjr8pRxIgAAABYAAABQSwECHgMUAAkACAC1hGlIPpXZ134HAAAIDwAAIAAYAAAAAAABAAAApIEAAAAAZjU4OWI1N2MwMWNlNTY4ZDk0ZmRhZDg0MGNmNDEwNTJVVAUAA1ZR4FZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAC1hGlI6/KUcSIAAAAWAAAALQAYAAAAAAABAAAApIHoBwAAZjU4OWI1N2MwMWNlNTY4ZDk0ZmRhZDg0MGNmNDEwNTIuZmlsZW5hbWUudHh0VVQFAANWUeBWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAIEIAAAAAA==' AND file:name = 'invoice_SCAN_zLWtmD.js' AND file:hashes.MD5 = 'f589b57c01ce568d94fdad840cf41052' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05156-2604-4676-9a02-48a4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:42.000Z" ,
"modified" : "2016-03-09T16:37:42.000Z" ,
"pattern" : "[file:name = 'invoice_SCAN_zLWtmD.js' AND file:hashes.SHA1 = 'e7eec76ef8add57a102f38f9c1ad9da61ff2c79c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05157-5e38-4241-90f1-4879950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:43.000Z" ,
"modified" : "2016-03-09T16:37:43.000Z" ,
"pattern" : "[file:name = 'invoice_SCAN_zLWtmD.js' AND file:hashes.SHA256 = '1af82c782877d943a137a3d7de610cb2cfc8871879de4912d6b5cc3c6cb0acea']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05157-4a2c-42cd-8784-4396950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:43.000Z" ,
"modified" : "2016-03-09T16:37:43.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIALaEaUjaJQl50gYAACgPAAAgABwAOGNkYjdiNWQ4YWNkNDM5NmM3ZThmNTcxOTNiZGFiZGRVVAkAA1dR4FZXUeBWdXgLAAEEIQAAAAQhAAAAVkkVf7+h9kQQLblXIFE/NSTfyR6aYLrYRcodJEPdrQIUJ9Zaa9GhY/0hPb/Z+Wbpl52DeiDg8Z8GWv9hn9z+iVNBpNROuoLDlREbPSoCKPwxqARrB4ZfzAittkGaHRjYdT2hEAg5cdwqt074EkrXGop7fpnyZ64rcXaB/eFRNNoc0lYHiOpUnPhenGclPJVklKe1RqAQ22SOiouakPm/fMCpyvzQxt+INuc32DYvr89Q5mHT4jDHPl5VjfozJ1VqvwP8fgIsVEQFhIt+pdr8+EgtTmjlxBIVxw8SPKUX2MzIbeHlLc5MnldgdVe7FeyVcwkuXi5logOER4FEVE+byi8y0rWcN6DJ4q3sGgdBUtv50Yd+Ht+GWxbDrYIbGBXw4yMTD4KLkiiyn/VIc3f78rx8ak4hlApQUMERpic1PsBjIM6TZV828rZvWO644QOZrd2005RZhS5NxSmhFn2ChPhtO0jxh+g/7TXP4UtSLMlBhaKCa1PFdi9fNbE8XAwSqx07AxO3U9d2Cr6mwAjoyryEv6bRjvWVDXo1EGyoSf0lx01U0XAYViJXA4M2/d7H9N+VTLXIkkv1cPcOZBrbbamg0kUAYVnW0vpmz9d4aLWJg8kgCjkoR5gt4uwB8zUYu+14N4Bd8y1Yb1eyjJ74yRynZhxqq0OUzooThK8TyyOXgKDtRz74qR9lw9xBUQawbxjzWqL/vDJt5/z5fzGMjteOtO2bUsUFIEPJ/K1/GDW2QADpDx5m0OdUsEVmpsitGd3/gVNch3fOkEEDOlxkSzLCQIz6lhl7/RmAKzbKQnKFI7ucpuuiw0OTiMw37UFFFOTTlyIR8G7Fo5puk9sul5rDixyLp+9NLpKX2PBt3ZfsWG1wz9k/jTWdmRSbSj52aBE9wmrQYNmKmLidFiTg9yjf27pcb1Oi9xnMZMt7HrLnAfQUQWK6AjukEZu1pzth/zMjXW1rbVdYakUhaN52PIP5t8uTcTBCLc5j8Tp0wxzfa1/5WVBmmENmPupc6ITTAIzNrCF6RU5lTu4CyQTNnrWh2wtMAkzzzG/Guc4VECJkueXmDVp7iz5rgIUtbL7G0vA/13nm8WODYMrzN5R4wiqyBqFEKGLR5gEs2L2DMc+9rQ6Tq/epDxsYInjr49J8gG2tdGu2MVKGf+PieCN/bRWZHN/u2DSZy0/R6flaKj/DYG3MnxmrTluznhUgP6+GEF4ioFITA6rRn/xEPml9ENBA/EiJ2zfqPZhNfbHJxeH5CV2mQz5LHjzp1IaJPZgFgdMcvhJQT4Pu/xDXbtnWqh6H2/T8nE8U3mJ+xikQ0ecYry0GMilv2ybmd3623U/tWcO7SMiz/54MLkNnp9S7UDHRk+H8BAalUcflLiWuAtWEt2ZuMkwm4ZXsMyPGa2c/gY2tF1HLthRE1pSXfgaHLLIEmCRUr0RtZXyM7dB4ehwu1p/63MB+uLZhQKktyxAjJUAfMu/xdnjvoF+AVhaFZ8lG9SDBX59nAiJU2u4gr40jh8NswxgUE0J7C6tdPbeGAS5RMa19lSqUDTK7VxsivQKHDau8zVKY7tzOz7zI66wJzaaHVXip8iBpT1G0awaIMqaNZZjaMX44m56SGX+cNcPSMN/t0loQZOSax9AnAPZuzS5VkQ1T389BhMxHOSQNL2zDGdtmWZqPvXHkl72yoHP3JPddQ8RmKy2ssTNkSTvFI7kKwnsQK/B0f1+TNlL5TLkr4lFXvNHI61kReZO2fbOUvFjNaH9C1owXgIQZufaAVbXe52HoKoSWCQ/lipQuy3JvcIBUhOlVxDg2fLGBfbFagqIeTl/TPOkUtkhXgYF7mE8Spccs/pZ4fiETwFue0Ioyo2YP7n84pHz9CZAxZtA4YIceaENRxroI4qHTncVGLluGGLcs2YMbUG1KStSL8IGPE3rl+r/VOXrocMknZyMQNv+5n9MhcaCfm4YyRJ1KdoD41b/CwLy8prtFp6sHlXLgDcylQoWWII5+dfkWkM7oZLeY+qMVg9/87VPqcydL1YqiVtkVJlBqsVYPvMciYW96ou1t0n9EFu05Wy7uI/QFOlvIdzonVIO3trtnhQVi/fHDE8wsSxD0fDBQ3anug6DS7APPj+9vkH4BY1cKNeellQRy8VpXbJFbbLs1vh4sw3I6/kCIwC8yFILNQ8HZS7Npg9/e7QH5TfXTk71/ECpZjapBTVcm8VC8C2lK4ChbKZ6jCsenk9SrIwslycdXUF08476UeJ6J8zY/+z4l7XYfb1IyhbGaJM7YnHc/afWcCRPgPWixLjPkQs7j4jtpPe+xkgdEleaQRJ2rtAPZTT0aUEsHCNolCXnSBgAAKA8AAFBLAwQKAAkAAAC2hGlIHITE+yAAAAAUAAAALQAcADhjZGI3YjVkOGFjZDQzOTZjN2U4ZjU3MTkzYmRhYmRkLmZpbGVuYW1lLnR4dFVUCQADV1HgVldR4FZ1eAsAAQQhAAAABCEAAABYPchuk90QZLeIQqV4OlrsxR3ZILww84m7J4hM4Ay8SVBLBwgchMT7IAAAABQAAABQSwECHgMUAAkACAC2hGlI2iUJedIGAAAoDwAAIAAYAAAAAAABAAAApIEAAAAAOGNkYjdiNWQ4YWNkNDM5NmM3ZThmNTcxOTNiZGFiZGRVVAUAA1dR4FZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAC2hGlIHITE+yAAAAAUAAAALQAYAAAAAAABAAAApIE8BwAAOGNkYjdiNWQ4YWNkNDM5NmM3ZThmNTcxOTNiZGFiZGQuZmlsZW5hbWUudHh0VVQFAANXUeBWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAANMHAAAAAA==' AND file:name = 'problem.725765290.js' AND file:hashes.MD5 = '8cdb7b5d8acd4396c7e8f57193bdabdd' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05158-4b78-4401-a4ea-4c10950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:44.000Z" ,
"modified" : "2016-03-09T16:37:44.000Z" ,
"pattern" : "[file:name = 'problem.725765290.js' AND file:hashes.SHA1 = 'c4940aa42fa81267a9e2a63f2a1c719a5088f468']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05158-a98c-44ea-a2c6-4d17950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:44.000Z" ,
"modified" : "2016-03-09T16:37:44.000Z" ,
"pattern" : "[file:name = 'problem.725765290.js' AND file:hashes.SHA256 = '90e4468b681b4dfcac724aa46904e8fdadbf8cd238b88d9e2769c1f2024d078d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05159-6808-4582-b5d8-426c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:45.000Z" ,
"modified" : "2016-03-09T16:37:45.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIALeEaUhAu9F5PAYAAF8NAAAgABwANDU4ZDU0N2VmNmUxMGFlMTllNTE5MGQ1ZTJkYmExOTJVVAkAA1lR4FZZUeBWdXgLAAEEIQAAAAQhAAAAVkkVf7+h9kQQLbih48WTAI8tKGRFRY+pBEe/EKRBgwS089O8WtvRWjgMi0DYfksnrEKWOAmgEK+3KdHBGx+OrwX9h00/ytXJ+asVm0dWcyQ8WW4W/9WI2gcE3yNsyrzkjaauLy3kbFVJty6s8g2pbhtQzMs5urCIdwDKlN0YSiPsNB3cLqH+GPok81V3BveVMOBwtEefBVE8YNHgmNHXzKhLeMMOyAUdEN4bmqgYSDSbh218JSmnbZDRhasENNulT7EpLBjrczYVFmnPYoNdURyVTrsXAacu6phdH73mUC4bAAEJXqh2Q5hxML/pvzxHAErSNkMMOQ0uMNCIYaZkCjeix9vNFaHHVqeY/6hVsx5iNh0c3NgdefAkDJidY0L34dDcX+xibWhl2nSlcKR8l7uXWhKDYMVJK+X59Wsj2lK9GKdEed0VEzlEfWK1J+y/eUnLHuHgJuJHNs5QZBbmvuhjiwGGxZ2vSKtigEbOPjRGRAweHRVK1nmrnZXIRab9mcpY/yBS2LZXA8pJyIvQ5JOTN8ZH0P0iQ2O+FLjgpaNyA8PAYYyLp8zYHpdjRrbHyUPxbxbIlIPnbdu0pHLvMoNzf6v22H6rQyEHb4JRT+cvLrKev+c/ahhE2fAny63qGQvYBOd+XqwG1xCcr3WP86S92p/ezSvAzCy1Y0LKW/o3vNbOMZCkjJF6zyNN8/UBpA/Ri+sIuKp1wRzzcTNV5LKN+erWjsx9dinftMFefIdaqEaNmkolmNpq+OSSWqVRYzsHtfFTO6Ed9VCFTlB0pj5D6V42KX3cS9XYbHrrWXZoCQCU1DNNZ7HZ1duGBLHIfBIbT9wd+OPhlqXYzt1nbkMR2RTP78GW3zMnzU0NrDAShi9Mn9YhHKPBjH4vGBgyhvhXCI7NI66X0+87pc+V4mfHeqCmvm+tQhhNHen0rC+36GuEPE0Au/chQIANo4JeRtpjyT4GvyrdB3jA4OrEjaJYiA+k40KgNjiHqBHCY59+DEQtCoLlBJD8P+nzaNE9e/XHqb9tO4hUoPW1Q73t8TLPydnm7XB/GW5b/h26ebj/9nsKRzOZXdotDkpjwMmKEhb3NrYlnp3zdvcqnCvaxG5RmLP6Og+dd10RYN9BkwX0hdOyIuyAH5lbBvkLfgJnc2qp3zZEEk4FShyA1q1feH8HS2xMmoNj4iS6qXJje9X33LV70Gqec4GD844K4tZvKzIcqLqpR8N2Q1xcednd2tua+WXAaCV89DP0Rtx1Lb1Q9lKVmQ1hskWsWogAAkv6fgK6xN9i8BSs/+VOCHUdZkGetRI0C3XAwgP+FBWkRdYYHVA6O3kj/UrQFhqwBtSq+IaJGgtZd/1jUiLCQFeu/GnFDVs7+UFIkreKH8Z/fPBayCpTjhuMHL26GgfCY2Qjqs7hZavlp3Ohy7OWv1UlNtMryBaaHDwVKy0E50TrS4AiCNbELeEZfZh9Fon1Gu0QMb2LWTEOoatdAhkQVVfwRHib8RN+0Rc6jfOaSSsQGH7F+PWqesgwkmdDTVr1WBE9UiYeooqTAldQGrvy+W7u9jJTGumWJU+Zw9yKCBF99teTCgrk5rLjH3MekMaocN+l6YBrJRlUxL2FmyzidmAJQeUt5hPH26Uns1kaZWhbglqOZbRBFQgFsVIak27NZ9iWxNxWMWZtfuPXNxqy9WLjUnNcZLIO+17lo6DpN/EPwHbBtR4grspZ/wYYsYthf6GMhHJp7nYbwku8x2iMnOwyy1aPWH16NwcSQ4zrXzy/Hll1Hklg9e+DFhNqhrtluAaXUBkBDFBChpMVTrp9RcKP9Oghn7NLl+BQlL4UF6sDSoiLLs1YfW1iDJ0Co4bdYSG5/QvmHr1Zt8UCvAgC9ZDj77X7cZOjeyvcviOcrt2Hi1D94miwPoorFmBu0/3wI5em13lHgP/Zt5uUeCFWW8XJZp1ifGnfPZr5aaqiDLnfYfb/eYxub32CbSai6dCI/mNLhxDkKkjamYwEzUjb30qJ7CNwXIrI7CJ5ksy3pDGA5Y4bTx/Rjhi6LhHp3Sq12yf/QM5MNEwsnhKDIrS/13AgUycCBP2b/wHq7AQNLH/0i3fd3fqMtkDPxGD7kwXCM2N8uAEXy8CnWeDvQpESUEsHCEC70Xk8BgAAXw0AAFBLAwQKAAkAAAC3hGlIII3bPCAAAAAUAAAALQAcADQ1OGQ1NDdlZjZlMTBhZTE5ZTUxOTBkNWUyZGJhMTkyLmZpbGVuYW1lLnR4dFVUCQADWVHgVllR4FZ1eAsAAQQhAAAABCEAAABYPchuk90QZLeIQ9Iqbgh7lEX1/3mPiIXhWoVvFnJm31BLBwggjds8IAAAABQAAABQSwECHgMUAAkACAC3hGlIQLvReTwGAABfDQAAIAAYAAAAAAABAAAApIEAAAAANDU4ZDU0N2VmNmUxMGFlMTllNTE5MGQ1ZTJkYmExOTJVVAUAA1lR4FZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAC3hGlIII3bPCAAAAAUAAAALQAYAAAAAAABAAAApIGmBgAANDU4ZDU0N2VmNmUxMGFlMTllNTE5MGQ1ZTJkYmExOTIuZmlsZW5hbWUudHh0VVQFAANZUeBWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAD0HAAAAAA==' AND file:name = 'problem.735045709.js' AND file:hashes.MD5 = '458d547ef6e10ae19e5190d5e2dba192' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0515a-8448-43fe-a52c-4ccc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:46.000Z" ,
"modified" : "2016-03-09T16:37:46.000Z" ,
"pattern" : "[file:name = 'problem.735045709.js' AND file:hashes.SHA1 = 'f57d0795b9f030b079df12920e878b2fae0c4e09']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0515a-3b60-42bd-a183-40f7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:46.000Z" ,
"modified" : "2016-03-09T16:37:46.000Z" ,
"pattern" : "[file:name = 'problem.735045709.js' AND file:hashes.SHA256 = '00b1fa0bf426c6abe13e8334b1d92e9deb284c4aa19117b4dd988ef61c924ce7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0515b-cdd8-48d8-b0ad-4767950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:47.000Z" ,
"modified" : "2016-03-09T16:37:47.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIALiEaUh/SMykEQcAAOwPAAAgABwAZjc4MTBmYzkwMmRmNzQxMDEyNjcxNmEyMDY5ZTI4M2RVVAkAA1tR4FZbUeBWdXgLAAEEIQAAAAQhAAAAVkkVf7+h9kQQLbe1SqkPHy/MIsVp2VRLrpDnTaYdkmVZ7sj9eXjTLyO3EbGncg+D/jhIdeEWYDtvZVGyOSK/nGOvCfFYFb3QeDRv6VT92mFoYEq4yKWBvdAPCFNZVBN2xF+x8F7a5y8n5qHmSmmu7OLjdpCmJPW1mXiV8ubz7JS2JgslD/aWs0a7s9wq/9AhDsLWfWNc3yyrT9/rCPk4yVjp2Y3+7R94nhF+m9Bs4t0gZ+tlkF6mphguNHCsPflXj54kWhF8B4pEkBgc9IQmsrSJhS8lNDtPawfJBwgIf6QreZGBayLojhEzwfcLCUUkjtqn0d8gfgBsrHjlwIRR2ZjeH3aU4tpD+COF3Ht9Tq7be6PuZh3M4iXwthLQiXaMdMk3w5AhyxGI5PONPkS3FAxD0g8qAY5qBNP56FR1hxLrtcrmDbcgk4fhRy0TAismhaTdcb4BHlLUOlHyXy0QOZKg99hK1ApSDMiy92WuS5unVxf96TqkcNj9IZc4tN3EvSvdaT4ZmyBPci+CBoSzH3ENsljvE+aSVgTxNKNYBVKPUeXyQRgrlowaAh3DhgyIi4Ssp6/BY8DbkNVkuI3M9sLfBUIb8+q1Yo8YRxQMY/k6Hp4mztafU00XXM5R0Rt2pYBg8DQ22WpHCg90wW2wFMbDKgvSlnzUhB28WZIOMIpCWhZiffMVpPdmckyE1MFYoaJ2swV3uRPo690tSf4pzrpOd3Llit5oB22t5ityr7ds6mbjRerImOxIQx0mydbPV/X3v2Odf412rxU9WK8d5KYkhQ77tc8+bq/6Bxax2ZCaG7ufK3O8uoIQzpUYAN3XFGwr4Xp9Q8hjJVAEaBtEIolGp9mQnm6+R6kJFsQiprNJJ74eSSEBhy1AT5lROosFh1YD3/BVNKxt+mjLh4yUJqR2uYyMxj7ncKIEpDoj5/5+vH6pYRCJR7Q2N6g7QWp2zSeYnf/WAFLPJuPMM5IE13yTndzoGWE5Sf+BWC5jIIRS8pIghQrICXGsRcbI5suOobsYScYPSsfcRf8bWJ53lwVbTnPKsMGJqLe6SDs0UX2FbKSPl9ugvr8sTQ3uZo+rwdozKbKYQOMJgxVbc3PzCdC7l32ctWycuJ6M/TyFO+ELhDf4roIk4l/mliaMf65zupN5ARE9USiupF5RuHcQRyuoVQQeShvw3hn6WW5Fo0XvhrpgycBolGoYbPkdMbhwHke20p+Hq+LIqLjFY1/cIFpju1VNzrkx4qvbnu8duhhUYl029QYy3wOTtr+coi0gwK1rNcHBoLMCzWiNsFnpy44oEuAdXYSYGaN6SXorfdZMdybbZhPRhfbL7rfsK1/lyMR9flN1wMH7efd3WNvp2gaYFAy262iY0/S92LfeVjbB5/1E/i7n7RLNcqqCk4a1zHTpgx2q/UdC8XkwqNO00SN56fJvHNZfa2phURv1FxTWubASrwE2VIhfjMLcvuWPpDF5r5+HgelON1gQPMuJ7v4fqsurnIK2IbnHshsUw+dXwVeZkhRZg7hOkIF150z8GHMYx5HttwochMezJzkgJs4O9biKSwEoPq4ShexnmLZmk5v0peG7WvmXygp5w//2BEZfFBM9c8J7Ldy7Aykp/vVM5vyIVs+wgcMnlXEACdg6Gsov8RZKFpzNcb/e6HiWqO60d7KHF1AnkmTw1JF9EL/4dIiUAp6VndwTlofoq4C5iVEI8hqUgBj6LISLVHHPsPL/RsokenCcm5BldllxX92rBJREuJaVuoVhgiwwoMUjTqzSI8Ld7oTkvELBtBl30O2Py66eIVqHiC5CzcxVK0HOg3ybgndheXyQQTXKezYiIh37jdzLE6V86hDSbL7zKbgBMmSlT6yNfhQW6O3adprm92kto7ZSIvbWpMjqmAzv9AM+Ba/kvQ8ujaSmXyy10eRJd/YlPiKQDR4ja/Bd0cLa9N/jgCHgQ+TuCuMBZY6pWqN0n2ao4RreIXZYnbFjenea/Gr9jmR1feuEAwHXr3t5PFqNFP1Eze+RMp/QzinGH3HAYJ07+Vd0esQsziX0Wu3nx12dcGVjrmfI3786IdILfnWFBYUiDDjVxQVyJ/CJqEWk2+qyNYAlD3IivBxESU+8Dax7KJv16Cfsw5EZZWBh18kWnZCY5O6Qfdw5P9wzUACG04DGxfuCS/00BwHwP5lW2r21Z+H3krBdBUZlbQBtL7IP3eriItu75PZAnET0Dvw7ONlI7GhOQxVzb8mTVPtnSUs1T5CeN+QXMYHi0td/1W67LNS8X6+gr1xE0TpncCTwCvgyLpc/EkPOrSl9nx1jZqy7lJ8itLmrC/W8a/883VFo3BomwXFv3xXjI4Zsg1xmaalBpd+gyhxPLmBcaw3KeXljhKaEixuL4RH3KJUfWLMtn3JNB1kMrIqlC/WwUEsHCH9IzKQRBwAA7A8AAFBLAwQKAAkAAAC4hGlIh6hLsh4AAAASAAAALQAcAGY3ODEwZmM5MDJkZjc0MTAxMjY3MTZhMjA2OWUyODNkLmZpbGVuYW1lLnR4dFVUCQADW1HgVltR4FZ1eAsAAQQhAAAABCEAAABYPchuk90QZLeITGo2gvT5qzM80Q/YUO5SdOQ83z1QSwcIh6hLsh4AAAASAAAAUEsBAh4DFAAJAAgAuIRpSH9IzKQRBwAA7A8AACAAGAAAAAAAAQAAAKSBAAAAAGY3ODEwZmM5MDJkZjc0MTAxMjY3MTZhMjA2OWUyODNkVVQFAANbUeBWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAuIRpSIeoS7IeAAAAEgAAAC0AGAAAAAAAAQAAAKSBewcAAGY3ODEwZmM5MDJkZjc0MTAxMjY3MTZhMjA2OWUyODNkLmZpbGVuYW1lLnR4dFVUBQADW1HgVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAAQCAAAAAA=' AND file:name = 'watch.881452758.js' AND file:hashes.MD5 = 'f7810fc902df7410126716a2069e283d' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0515c-0838-4227-ab97-494f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:48.000Z" ,
"modified" : "2016-03-09T16:37:48.000Z" ,
"pattern" : "[file:name = 'watch.881452758.js' AND file:hashes.SHA1 = '8c44d22ebe9a12b77d52d07df6e170b24a8c4f19']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0515c-4bbc-4d08-9b3d-4fc7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:48.000Z" ,
"modified" : "2016-03-09T16:37:48.000Z" ,
"pattern" : "[file:name = 'watch.881452758.js' AND file:hashes.SHA256 = 'ddf70b11b61b6c496c78c93c759297286e227f03b8cbc3ba9d7df0653295d877']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0515d-0898-4683-adbd-41db950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:49.000Z" ,
"modified" : "2016-03-09T16:37:49.000Z" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIALmEaUgMISVBqAgAAA8UAAAgABwAN2Q5NTdmYTkzZTNmMDY0N2MxMmFmMjcwNDExNGUzOTNVVAkAA11R4FZdUeBWdXgLAAEEIQAAAAQhAAAAVkkVf7+h9kQQLbZ+YHxq6I9zKyxeYHZgjDPdiUv4KrDfmaFNpjKwgZwM7A1usEVhr6IhnB9zsVNm6HvfxqYMTmUqWcdu1UIUt/a2p5mLf9Dz0TPuFEtvbyC+kzz0bM/SQQ/LmHfabhSBRMHwJvIy+fP8oBLSMF4gdhe27AxUxK95J4d9cmGj+TcoZCPfye8niidPabOP2rTMBYjhIM796I8/2TvTeIenFu2ENhd1kpNWT1q2q13EmEo6GHLLjWWG59IRylYDauoawhl5+p7uRd5kTKj+6Mo3C1iEiTaY5/qBVISm51SOKl1eTVFRxs11XEsFeHFL2+aAjvMl+j1yPZ/qkWlgyvp2ViKi5IwznT7WrKRGo6gnLc160mR6wrJfFhvdLCFi1bfRjtGIfi4VHlWCS+g9RodPZhBCdEDsBzZ+R8WdhK4H1r4YWtBUycvWOy5Yn5uaKAOvIOXT8aaXnBpSL9qZRBl8T70LQlECrCAQS07m2aruWbUfN6n1pB5tqnq1URqVuDPfYQQeZkobvFlqYhFGJqFP8KicPCQrqlUcPB8iMoW0KIQA1+DJ5n2uuJVEAtGe3TtrJsIp7uEI9f6FpZwaXc5FFOstEf5cmfYKohHQvmmrxYmmzvfoE0v6pDtEoPS2h0TFI886A6Dq8dIfmy3ZiRx/DvTftJ1Zbt9VQiiTVGDsRd5HqWVea3bMTirxzPW5sCboA3rruVEt6AAv3Ha7FfTjBpGH49AWSWAsPKdLrN4L8BLDK+18Zb1/wV7LBOeQl0MxPRihPcxm0caXecgcwVT1TgulQ+JKHxSo36BTFBdfczQRbsn6baU8pF00l4J3Y5dInyie8GrceQDZ/GJJpnVTkrZeqySEzCXP2jxpspTfGXC8lpk7ktlBIv6IBH0wicbRip289oOWF+6+wSSclUmouWK9+pg6nUNHblY6vIRUde1FZIzQxtj+37cae9W8OeKQc4U2YIoZ8o/KdeLPexpZaQiHOfw/TvWa2fl//LGY5ET8xAkvDdv06M/f2XOgG160pTMb9uWP7dmUBriXGwFzSI/FRP1ofnwiKg3tyN8PYuJYDmDDmpzD2A4N/4SLadcwECz1S7/FLi6BiUYyTElOaO27q2C8XYBDc52+c+LUbs5O7AaJGZWkeW5YAN86HtlKhGbVefdQb6nivLye2j50pze50xz1RIGWi1C+7xSFiijNRK5fqSrX/WPC+tRAoYIqlIdD449LWaOd10h+sXw6e0BrwxKq/Nkbv2TNOOQb5Zyirk6/BNHPoHVDHXn0l2bRosfeOx8XqGhSfxygXYloSuZHkdNoTvJt9SJA415oBNX95t7LoKv2o9CZPZVQn0NCSz72warkY3Hih2Fomo0lXxFRgIHOFbFmstLneh+1/yDivX7c02TE9gipaIk0bOvKHXDU2SzH5ARiHoEtERDBUFQE7GRa7zvTqLvdFkCSiL9mViCkWUaRFxdTyzSIUqr3fN5+gI0Ii6yMz2Z/QTuG0cNtPUaCIal/CLXnRY47zXugivMZuuQg/jnRG3l1INP5DjEddu8ITSeiZ7PBjSQiJ69FsLjKNVw7esUTDQbrfSYMGxr/9K0KtaLU4xCXkqIb3b7Bju2DhDfEU6mFKALjkg6xs6yXd97WOTVQxNCTzN/L01skPZuVXOA1+Pyc4VE0xzpbOI8WESf2d4e8ie77V5JhIqPOKA/msLiRtTdbC7iQCOB5ownKDMvnDVQboZPp3omdK100ZKGFrNFRijDSAGZ3ldAwJxJ4XyJbsSAr+5TFNnspWh1tEvuVAxv6bvptSj5vz7OHhRBCh7279xO7NAIITBo5hMpcAjQGla+SMbjL5WEE8fP4C58Tst9ZIILYpx0ULKxq+wP7qVJS2WnEdmUSoXqhV/pBAAIOFmq6PxKna64NO3iHiKWUm+fshL9e19pjewR6dEGmFsCYpDnK3v1c1JD6Damm64PlzRQNyza/pUklThx76eBMIvd5h940Ccg38fXFieG+WotlZp4qmTV8sp/CcKXoo42RADst8ABVU/3bNwKe6seezSCpmyTt2LSviadDqvu7ptgrlzD8abM76waOCiT6UfSFU3i2Ry6yI6WcqAjqyjRO6HhFUAtGxn+5EB2rSRKWIZp/BGCFXxoGqFmdaR5zHUr8YS/jQ+8GJUDhfBWSZvJJMufpol97xS3a9P6iiIp8xcVjxouLU3LACI1X3GfBRDBUWLIpxX9QxviJjURny6hpZRbuUqAkeGB2CsSoUrOl1+vF2cRoDI6QLHIMvIBwHxJKo6qC3GeWnCm09w7F4qgpL/+4puBqY6C3y/qtoQXTFIqcyS9EG8iuN2VvvDElA7W6czwUyw7iCJXGkcDV643HIJCyW7y0VQqO1yxAjhMGee4p30OimPz0TXIGYgRS+3DQ3NgZ4Z8472C48tgvae5WSykCOK5uqA9ebKuuv8J3j0rBNoU7qnbes21LFiSJQzayNZDZ8AQZkQijz24SrG4NJwjlnd9o32wD7gWyS7wHRKe4EYVHQFqNv3yB5XRkVuyuzBgg6vqeAwqUEjheKNlK6fhvP3ZcKgavp4uMtXmb6ovFnCmIveI3QPbVeP2ZNwE50CKLjpn2b3UsAQrili7eRnZbScp511YQrBamNzCdokUtI35RpT2xpS2oXac/w/liEe6xRQStfqSAALNoUg5K7o7lS2j8sORXkoX+sY+xEX1ymNXWnpp9ql7jdwvaWqStVfpqsgnTb//9Vj+AjnZuIPGUlAPsG0trtI4/uInDppss39MLJvgaZJpZIAnGHzRbu0fdxdkc9loUTQAghUTyUfZAP4csDHomoAhnn2pns85xHe0T01zubip/s+AorIR8Lalhc0784bDKaXb4dwAT2DTD6CL8sr7M804laMYNbtcue0JivwFfUFFNgyZuQvGBnP1LBSTnVxfmjL8SYk78k2rjEUVQSwcIDCElQagIAAAPFAAAUEsDBAoACQAAALmEaUhzF896HgAAABIAAAAtABwAN2Q5NTdmYTkzZTNmMDY0N2MxMmFmMjcwNDExNGUzOTMuZmlsZW5hbWUudHh0VVQJAANdUeBWXVHgVnV4CwABBCEAAAAEIQAAAFg9yG6T3RBkt4hNxOAgY21iddtxFzB6QlCLCveU7VBLBwhzF896HgAAABIAAABQSwECHgMUAAkACAC5hGlIDCElQagIAAAPFAAAIAAYAAAAAAABAAAApIEAAAAAN2Q5NTdmYTkzZTNmMDY0N2MxMmFmMjcwNDExNGUzOTNVVAUAA11R4FZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAC5hGlIcxfPeh4AAAASAAAALQAYAAAAAAABAAAApIESCQAAN2Q5NTdmYTkzZTNmMDY0N2MxMmFmMjcwNDExNGUzOTMuZmlsZW5hbWUudHh0VVQFAANdUeBWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAKcJAAAAAA==' AND file:name = 'watch.913872711.js' AND file:hashes.MD5 = '7d957fa93e3f0647c12af2704114e393' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0515e-f180-4367-b206-4a44950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:50.000Z" ,
"modified" : "2016-03-09T16:37:50.000Z" ,
"pattern" : "[file:name = 'watch.913872711.js' AND file:hashes.SHA1 = '2d3d72d7df8c35ed7939431ac8c0309aa2e4cedb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0515e-d0ac-48d6-9852-49c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:50.000Z" ,
"modified" : "2016-03-09T16:37:50.000Z" ,
"pattern" : "[file:name = 'watch.913872711.js' AND file:hashes.SHA256 = 'e42da926490c01d608eb02cbb6553ac488cfc24b5c56d6566617eeca9003aa82']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0515f-baac-4658-b3db-4343950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:51.000Z" ,
"modified" : "2016-03-09T16:37:51.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A L q E a U j U d i S + x A o A A E Y Z A A A g A B w A O T J h Z W R j N D g z Y 2 I w N G N j Z D U 3 Z D M 3 M m E 2 N T c 0 Y z A 3 Y z Z V V A k A A 19 R 4 F Z f U e B W d X g L A A E E I Q A A A A Q h A A A A V k k V f 7 + h 9 k Q Q L b W Q Z y A I + G w H / f m n U 3 d F g q m Q h I h p e a b s K J m f c u z z j j q O G x 39 J s P 8 i M V w O T s L B T k j + Z z Y K k f N h v + S j S / Q m R q P 6 m H y 59 G s r A 0 H v w N K z 26 A G Y R a 9 K b H m 2 r G 7 H M u 7 z d z l N M E 1 t 26 t U L M E O 8 g c a s X D b Y W Y W g z H r E m e 0 I U J J 87 c x 2 J h u i V u D o S r h 3 D M Q Z j v 0 q P f / c W f x u j f t P H S 8 r i A P x E G U y u H N m b I K P K Q r U + K 8 / z K 62 / X v b i V c p h W Y u z b M R d + X V / n Q 8 F H q g J c H D Y 2 c D Y F e 0 / j G + Y b C 43 Z 4 R H I v E 0 g S P D n e a M 8 h U l o M s R 2 z / + O 2 s j J H l 55 A a y v y C 3 J n S G L h + T T t U 1 l Y 2 k u U L / z m S J I s i j 1 x t R T c i 9 G j X 0 l d j 39 j x / + 2 k J 9 B k F Q l o s j v 66 x N P X p X M A O 7 W Y B c y y S p n y i W D 8 R a p h W w o m H 7 g A F o g I e i m T I N H K I P z B d U f a C 8 v S C V W p I n X e t L K 1 C F D G e g i e q H / q v Q C 2 a V Q N l N k m l a / q 929 c g i F v + B G D e 5 y k L m / x O 9 W I Z u w u G e H C 2 O t E g o f K 3 h g B Z k 6 X w p I Y X 803 q n v H 9 K M m 3 F O 1 t f 4 C h O 5 u l R 0 s q f K + l r x O j 0 I N S r C O O k N v + 0 y Y y w r 2 / 3 X 0 U f 5 Y c X M O l x / e / o q O E 9 H + k 0 R m n z q o Y z W r 4 p Y Z u / W H N z n b I P t 8 t 8 X + 0 b P r d Y R / O 4 b y O m d t U m S H a l s g U n X 8 O y B 0 n n 1 M 4 E / u o l S F j 2 n J / P v i 6 X n O J 5 P O q E u w X e i U T I i i R y X K v v U / 4 Q N L M E U c s R Y R G l V 6 R J 7 t z 1 a Y S L b Z r B s W 7 Q 7 O K k p h 90 V v 9 N U S w 4 h G I j 0 j S 4 Y q m h k f H J y + Y g e b k 8 n 85 g q D Q M a L X Y C z 6 X f j 1 Z z h c J i f + s V L 2 X k Z b a + y 81 V X / 9 t f T w I g d N O / L f r e 5 s 9 X K + l M o g s o k u p G a 0 X 1 i t i q 14 w P 0 z 6 c H 9 x k L M 7 V k I U x L a d U Z s z W M D 9 Y z i Z r / 0 u 9 q 4 w P + p m V z L f N z O r J 83 f E R q e O 7 t 5 a k f / S W L d / P z L H c u d y e F p 6 L 73 T Z J J A e R n 40 c K 1 + 8 g h 6 F u A L Q G 0 r b Q V 1 t v v N m x o a h g Y 5 R X C O F C a T L k X 3 x j T e Q i n A d p A h X v 9 p I f N l k 31 C Z C c 1 K R Y Q G o r f W M 9 o N X v a Z C j R c 0 o z 9 T k B G G l f 2 v S E v q 5 v s v / n 1 I + K M T P z v A F P z l B w w i z 4 j V J i Z k 5 k z s u K X k 8 p h + n / N Z r h J q t K w l 9 U c g L R M l t h n U A k A o y u K 9 l Z + S k a o O 1 h M e F c s J x A K U 1 X x C r L c q s + c z 8 b l v Y / v o E i 5 d B Z j d K Z O 6 c Y D V a L D y o T l 70 x l i D C w W 7 u p P c I E s w J l M f E M Q f R V F G m w J 4 H y / O k / h j J 0 7 O h s V + S 4 z E J b O o g c d r q O x W 90 n m 2 x x C 5 u d s u a o 4 d Y W v v o e Q I s a H t f N P F h y 9 l d 6 Z n 0 V B 26 Z N w W R z l o y Y 4 W W y y g 2 / L G t s Y x z b w C p L S X R T d q A V 3 H o K g L u j c l l U x N b 4 r m n b 0 e g V 9 n N u o Q n i n a / J e W n f E Q a M J X + f E K v D R L S u l 6 + f r g M v 6 E g P v 4 F E w i N / 6 E n 9 J H k U C + Y O z 8 u Q G n B X y + N r B / m 71 b w v Y M l 4 A O T k J A 0 Y A l I x C k L H Q k s d W n o F //hG6fxefZu80r5CC7zwJk6niR1cR/0mcbA5c9qBsPoZ/XPYPvfnunEkNW9/xMepXqg+0XZbxmHBpQfL3ySmhz1RGilbs2B9y9ne3lZVSdq3+CW9FLgiZntoTBoVQGnMKXDINOejxRwfKEFecOWtUUVkL2U2xCsSFT02xUyg8GiWPeLicD2QIAav+1WSCdhCGMJGbJhCnpeCk12TXmB2PFaOxgb1pIb4i7aDy6KX3jzJew/Sx3FVqfMq5DZiQKNx+qOtbuA1CH8VolxcBABUt660QdmufBYq2vzXT4zku4ThDlJ66BUl2FWxS5k4wGSo7ErShxn8ETvzZyhPxktA+YB3srVjIJrxinfYDWR36S6dgJLmrxWnVyb+Q2xqcRTTqMlQzzfITyp5aV6WeNqBz+Sj0ax4M+cIJelUcf9NQ5R6L89T9/Ho9Vm3WmppjYFN2b5J0Rrcxcip0SMXGNOdWMsBwi3x944eBpmTGEG6iJV2aHKeXpv/b9Ln1FBtD0uplKzazYmxlWtVBasy9k5w6hl0YcMESuRED6wlJ+z3n/2wkQSQGtNe3Sxp7LSzYuHHdPBd74wnObx1FDHu0Swk3hPRqgNiOFI9eBgid5GkFYwaE/p7xMi4GKtqdVuH6wRL/hTVCJpAi+6Cit8HTcuDUHKOH56Tq1WGKyQRXcdey7A/yWO08jOu7ZVPq5STvVHb+2U97sGljhHaH8JJRg6Ymf08VwqjJprbfdRRT0nYqfC/QQdhfwnHIYhqpKHweV3SJs3YGTmqxh+M4IZQA2ouQRFQmvfq+1jS517+lIwoZcFXlG0xLw0EYYMV5f6FH7JCyRtE0birYOuDtYOTMX/P/J3XW+XyWvh+PEx3jHlSnADkUs9UiE26bz30QPkmiXmiTFg7VrsiKQ7kwrhbciz7p3p9gk+rdiYJDyMhSCSGdJra5W3RcbzKpFMIEKamVVgshfpqfltDvWPa0YDw/3kAhVNiaPi5MMgKdkkLzaNkqQP5ktLXJI9ksJp4LpeG1nVK2LZ+fH7MaTkt3WNNMtQTlDDibEtjThEGcuesFrIuV3jOvm1sQy93xIQ4zhRd7r9G24nxG21DgtGHe5tpRPNNMRLd6u+JGq7qHlp45u+IsIL0LPCENwiOVCzs7fJ+T40ktMBf9fgzse17mY+mGWd1h5ByF+C8l0+HEueu1oct9Vrub1XMSbfz3pxl85/JNZ81WrQTm49cASRW1KV+2+ztSiG3kb4073pfDggvMlxLmzOhS/iYByzWgbXwPQ6JqXEA9GBRh0H7qqz/IkNb2+SXNWv51SpMFpUFXQjkgyrkLraWeFTTRTXkXr3Ea+8S4kvL6dBciNDy7MaX299D6jLWN2O1Bh/w9YoMUVknQBCxGG9pm3zD0Vozvt0Fp6WvUfcXvrzVe/dyVkidfQG7yYLFB1vDS7TZwgQaaBBEe7eClIEabncDJQ4tPhe2B42pFKtm0Tv6inNcRATqKP7Go0BgRMIzCxCXkCXXGvXMqfULgjLtBsC7Gl4gY+0DZ80kWKg/4oNbwHg52j+lP4BaAmAgAMS4it4ig3otMpj1HRaVbYtvCD8Ts89v+QrB/k9GbMltMdvVxVBkvk7wjF1SVMVIpc1rnQUrnvwSrdIQt3WIaCNFQC7xqjc5XRTPdziPDzzntSfE2tsilBtv2cjD5w+K9zt8QNznaed+1LmQNvaWEhJQ296RV0hq+3tgH/edSfjhhGiSBVrfLPslfw2g0lmBH5Tpw7aBJ3fQduP00OxnWwRK1PfNirMk5nwduSdoSP4rJxHEM2ULEcz1vabnF7dOLrcudBviWIbs0xE655gwjpNHNtmIo3Y/OxPZ/NeK2h7lDICxPk5piUQPNsDJ+f4YFuvgLu1JSEPp2l0euBRoPh69ChQ1nnDiwnCvT1JT9b66ycDOs8VXFzdKkOEKlRQBh3euNPGmXP5pAYbZVYLOzxDoc0Bvov2Wo7VfVhSGHLO7qAYxJppbQ4Jo15CocvQHpBvikeW3wUHRocEFAHbKXF9dAmrPltVqhHOZK/7A5uQx+n9BZTU4isk2tmd5msBE8zO5UYRabxAZSa5ZPHglio/rcgW1BReTJ8CnXOhT7yJw5c6q3EamOu4i9WryNCYvpT76VepQSwcI1HYkvsQKAABGGQAAUEsDBAoACQAAALqEaUgLEn/rHAAAABAAAAAtABwAOTJhZWRjNDgzY2IwNGNjZDU3ZDM3MmE2NTc0YzA3YzYuZmlsZW5hbWUudHh0VVQJAANfUeBWX1HgVnV4CwABBCEAAAAEIQAAAFg9yG6T3RBkt4hOdm2KOQnPSH+cilrbv+u9wCtQSwcICxJ/6xwAAAAQAAAAUEsBAh4DFAAJAAgAuoRpSNR2JL
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05160-bb60-46fb-a1b1-4504950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:52.000Z" ,
"modified" : "2016-03-09T16:37:52.000Z" ,
"pattern" : "[file:name = 'YUN3242325208.js' AND file:hashes.SHA1 = '89d7a593b730a2c7c89fa506dc2b37a51068d67e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05160-5984-47a5-b043-46a4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:37:52.000Z" ,
"modified" : "2016-03-09T16:37:52.000Z" ,
"pattern" : "[file:name = 'YUN3242325208.js' AND file:hashes.SHA256 = '7724f7c3f68423afa353df334435adcbf6a3a5356a7c6d03e08aa5ddf41d43eb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:37:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05475-5834-4759-865e-420f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:51:01.000Z" ,
"modified" : "2016-03-09T16:51:01.000Z" ,
"description" : "Locky" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A G C G a U i d u n N Z j q o B A A C k A g A g A B w A Z T E y Z m R l M D E 2 M D Y y M j d k N D V l O D A 0 O G Z i N G U 1 Y 2 M 4 O G N V V A k A A 3 R U 4 F Z 0 V O B W d X g L A A E E I Q A A A A Q h A A A A B q F 3 T 1 n p y l 1 M T z s k l Y Z r P 86 d V O 0 F R e G N P J / H 6 r R t t P h d w y g 8 N E t j v p f S n y O A 8 y q A / 0 J I o P c I p P m / x t W g F Z / J q W 6 W E 42 v E V K g q M / p s 6 L V u T v E 31 X I o F c r E r A b u t c Z a h x E T E J O / t K p H 8E1 F 5 b G I O 9 h 9 D 0E45 t U + J H H k K v X e q b G G N G 955 V 8 H M k 4 + / J d X v U H R a n / T T X b S p i w + z k U q g I J U b 42 + U k b S h Z r Q P 9 k k i Q h p p 1 X H C Q q p + D 5 y c G U 1 j F w t G 8 f P 5 l d G M t E O U Z W q 0 P k K l m U g p L W d B 0 + I W v I + o B F p K 80 T w T G n 2 j T j 5 A L m 3 w e c 3 w p P X 1 i U H L o 1 i P b a k c s S p 4 F O Y R b P y u 3 V Q 5 z o I e T T f v y v / l C b n s P o I 1 B o s e L 4 s c E 5 m x 8 D s S 3 C s q v v H H F f U Y u Q S v n w X U y l r G N a 3 V x O z O t 64 F w L s y t P v H / u n C V T E U c A s n z t 4 p b O 6 i t d m y Z o F t f k A m w W 9 R Y e z H I v m P n + R 4 V W L v 58 R h k s m o m 48 T b 9 b u p C i Z B 9 n b K a L + V H Z 5 + G R q R + n P 5 z Z / 85 T Q V d 8 E S x I 4 N X u l u x N W 6 t 9 f d N U x G 8 O E U 6 m x N e C 3 Z N S p g M R i U S o Q t 2 T S S u Z d B G 1 n W 6 i Q j g N 0 n + R M t a c p c q Z 9 T 8 r C Z U Q U k H o N i A K e 3 / 0 r W t s X k G a V 0 F / r P 6 j V K t B c S d P C G r h t Z c z d S U S F D A 8 p 6 k D q T Z 94 Z h Q W 12 G + U 4 u y t A t B 8 c P y Z l / O a K G V r X 8 g S 6 a 6 I T S u F n H k 0 / G J C T b V o c N v o 2 q s B b Z / 0 r I C b F 9 u J X f D k s g e E / o J i / X e 5 I V E N E y B A 8 u Z U / y F Z I 9 y V b 1 K 7 l G l i s l G / D + w t k m v / 3 q K Y o 0 O R X 6 c 6 d f / C M 0 F 9 q i b 8 E x 3 g R x q 8 C l 58 H M 6 u C z s F k O i c f F T a x t U j X O f P 1 w d 6 W U T m B g + 656 K 4 m c D U g m N r F k 9 + x Q S d D / 9 f 3 m Z 3e0 g E Z v I c 0 L I Y L n + M N J 35 W e w 0 c C K 2 J 6 B h c x l 2 i U K E E O O z D t / 49 Q y E f d l X l q a v U 2 S a l G P 7 m F q X k S E N + + F C R D U V + z j Z 7 c s J B 89 Q 1 w E Y G n j A v 0 n d d o X Z D E v L D k F w S f U 8 + r i v 5 s t 44 t 16 N h + 4 M v e N H R h 69 D 8 i u A u 1 h d X 8 r / E + q T W f v R R V o z f b G 8 k J S X i d 8 z U L M j / + o K q r x + s l e r E g V 44 S t n B o r L 8 W p L T 0 T m P 3 u 7 p w E 9 z 1 M C o q H m R R H I w l i l z g i i S F d 2 x l Z s K q 340 T O 4 L 9 T N 9 d H A M y Q O o N L x i W 26 M d 64 v z 8 b x j g t T V / V 2 P S d X O x K V k q G Y C D u S 82 L j i k w W L N a l h n 89 F 9 S X b 8 L b Y l c f 6 D y e L G j J u X v 85 e d l H V 58 o K J i v n A C r M 29 Z 3 n 96 G / S K H J e r Z 9 Q p 55 A 8 w 1 M r G m F 1 v R E G E T v o i k 4 C v 963 T l 25 j c Y r U M S Z W F 97 c E L 4 N 63 q 5 j 9 A P J z A + G M q 6 q P 3 t Q b e r p g U Q S N x w V Q w T j 2 n l 6 F 7 u T u X E K 48 z b z l r n A d / P d V + T T n h a 8 s D B + y M 2 Y A H G g c m M f d x c j v 25 I x h 7 / w 8 x 6 V E s 4 K a B 94 j P 2 D Q p x b U 8 q t C 8 D + K n G t 6 I 2 j n A s C d j J h H 7 J 5 w m d F u b 8 F h A E w j b Q r h X n s u I S N V J X p p s 7 G e 6 / q X n x w w a 0 g V T F u q n 5 z 1 t h E l 9 f 9 H S C a D Y w 7 b r R 8 S P H / G s a 7 I Q V P w s t u x U a 0 e y 1 z D f B h G L O 3 E o 53 I P s r a D d R I G e H 6 + T v Z 5 f 9 p X h Y L P K r M O Z X t m V A e B N q 9 S k 82 j / e B / D n X c v + o I V f R w 1 o 2 B k + i Z 8 s x 3 Y + 2 i / F y 8 P R 8 R g e g M R f P c h H 9 f H U 3 n x e d J L D m m + h 8 c m C s z u V O k W R H r s z 9 f + i e j 7 Z S T g I f v S x h 5 b O X f x j 551 I v 71 v z + N O E A s 81 l w k 4 t h W 9 K 4 M 9 P A W h / 470 z 1 u A S F 20 R T y z T n R V n + 6 p 5 V F E S 4 x c A E d P x B s u B r V c z w o L R d H H + 5 Y c e B X B g a D W F G K K D A U 5 f R M U B D O x 0 N 34 I n Z S s i m z s p 1 Q j B 4 U 4 K H e i t S l M u E m P I 9 d o c O c l m / w g 3 l P R D 2 b V O v E z g i B H 504 z 3 / E P w N + R G 65 w b k 4 P 4 l + l A V H W j R 9 S x O Y u Z J V 9 g 5 v s n n l w D l t d P G V L c 9 B L b 7 M U g i 9 m P 2 w U x q K G k Y X P X F Q / 6 Q F K h z y E k f 4 N A 6 p n 5 N E 46 t Y 3 x 5 Z H 59 G P d m W 6 G u 7 X h r 421 v l 9 F B S I v L e 6 I T A 6 K P j 0 s d C 0 w 9 K 5 i A 2 C k f X k P r U B T U C i w 1 C v 7 K O V X E x O C z V r Y i r 8 Y C l m T C q J d D l j 0 v Y o 3 E I k l H y 2 n y b m h t W + n x 1 i q j v Z b Z o V 7 j F c O E p e c E c 7 f N i M 2 u o M T f o l M F T q J q l Z B 3 p 8 q G R k 8 S V K S d c L B R g Z N 45 a u 7 g U L c v 2 i 4 y P Y J k c W y x U E D Q g Y H C C R U f H x f x i w T u + p b U 1 O Q H c u X k O v k / K 6 I N B G p 2 D H s u 1 F G x 5 p u m x h p g q O G o S r 9 o y q p Q K S M s K x K G B A x T R p V V I P W Q a h N 2 G V C O / r P j G 5 z v F S G m K J l U S S M O / o i 0 j l i W + Q H 7 j 2 j i G F U c V f U l C 52 B O e O 8 l Y B d c C Z r l 5 Y o O 8 y U 5 y a B t P v a / d 2 C L z L l W i 5 M 6 l t 61 u h 7 n F 8 B m Y d N e s i d //OMMOPCSaGBfdZKMg+57VPacetSzsQvNzbRB7Oj3hEQELvaBtWhYkKnS6VDpr4eTSpk+QkxhzeAqq7y0WkjoKImv6xO6k/3a9zW9NfpQr59cJdL5PnHou9sNo/Hmu3b1Xb7ugXxQNf2epbnDjjM8ktl/YrTQzMTg4DqPxXw2iq1twKe9wI6uMo1bP0e6jqSUe2kWAO+3BIaUVm/pCXjzt0oNWt+Et4GdFh47AoFqqNtvdmKWYImuVB0ke6ziOpxS3u7u2H2Ekd6iBgY1Icbe8ghA9S/mBwfNTQUjPdTKP6t1zChNSs6S7M9Nv5kRiuBWEwW2tOnmkAtzYakiAEbkSuUBdVs6Vs8fSDdt23X1xrIpeXN7gJYNT9NFRpRneCPH1vwKCEm12FDB5vBDY4CJc7BiW/fzYs/zc4l6+CCBAaypMP4+W9gmHjuQ03776JhKi41Lak30S7aLLIMOnsgRonhtn4BG184HP0rPcLGr0qz2Zp3ck4Y9mxvDLhfFu6J6Cxay3sApABzvoxHZZMqls/vDWeltPzO8QQP4jJ9UeRfILo17uiPoQ56cr0kwE2/IBBJMJeoiULOaN61Uc+zvhgs68M229sYedUGQMTzl6SM9Nel2YsLJHzV3PvNG2Bp8r70fRd7BDmHXBkGBUUHhgBPL5Vy6axDQDYfCrPc1tGCcX5KuRJ+NVzt5nyk3Fck/bLJsKnJP9AweeiJp/RD9Piue7aMhHwRUZ2OmzK6Fnyr4Y7r8hyvqjGNGVf1U3dc1DCKSCwbHEz/8/MHblwzH8hTipra/QzTx+BjNHA4611WCJzYCS6ZCdgx6LNTwhDgjJABCT3Tu1ovd6/PXzgA6HgkxaB5nw+jMWpHwn2W1fWu9w0llKN7ly3KC5r+bJUTMuh5wGgEr3bTfYCex55PezVbYesFGHxEc7vq9K6qggPbzJ5fK1YzDodMC45AeSkQhVFlE4AiD3cIIDDLumc9wc12bMHUMla/slqpcgoxGdpNwuAkhKItthxl6TlSVm+pin7oS5N3nBnBrfTPbe/Rnxkiw83Z8DFotnlzbJ6OvvpY2kr6OJHDzrwZHdWgBGfZnUsJHsoBv9nRd1xX1NVNHJWBc73K7ixDiG2reDpT0ji1bqgY+XVV6jRc1fVZX7RgEHdR5YSIRilISqnlw2YFWZAvp0TJ04cs8WBq9k3GSFCl+CK6bVIaOyCpfBKV48bRf+1QFqSgvKKM1g5RcRTPcWXuL/x053ywLraB5r5ij8hDJi9s94KbO9BBeCCni32N+bTbFuBhJbDfubrpy8NanvAFDNiwRW4kXyZbcgkG+I9fO9asQJJ0sCazT+aWKptin510AYbF9pZnuxH53cSYufZlObhLMvXekLgD0JBqRa72LHvPnhxkXTOaj/InB3zBdoFi7CNPy8hSwlbKq6rKRrRFmDzjWH2VHV+IZafFTxIWa0q/RzM0qde21I/e0J4Wk
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:51:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05475-1044-435b-89cc-4057950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:51:01.000Z" ,
"modified" : "2016-03-09T16:51:01.000Z" ,
"description" : "Locky" ,
"pattern" : "[file:name = '09y8j' AND file:hashes.SHA1 = '430a038349c05fa47aa7917f7d97ba4dac15cbe1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:51:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e05476-80e0-4985-a496-4afc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:51:02.000Z" ,
"modified" : "2016-03-09T16:51:02.000Z" ,
"description" : "Locky" ,
"pattern" : "[file:name = '09y8j' AND file:hashes.SHA256 = 'd536fb9620493a6fee54863306b744cbaf2bb7c3301d2042406b3a6383b23a57']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:51:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0563b-bed8-4701-a1e8-4233950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:58:35.000Z" ,
"modified" : "2016-03-09T16:58:35.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[url:value = 'http://78.40.108.39/main.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:58:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0563c-8690-4690-8762-4990950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:58:36.000Z" ,
"modified" : "2016-03-09T16:58:36.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[url:value = 'http://91.195.12.131/main.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:58:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0563c-2cfc-458d-b7c6-4fcb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:58:36.000Z" ,
"modified" : "2016-03-09T16:58:36.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[url:value = 'http://37.235.53.18/main.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:58:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0563c-b1e4-4c0d-bc18-4502950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:58:36.000Z" ,
"modified" : "2016-03-09T16:58:36.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[url:value = 'http://151.236.14.51/main.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:58:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0563d-c8fc-4574-8459-4618950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:58:37.000Z" ,
"modified" : "2016-03-09T16:58:37.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.236.14.51']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:58:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0563d-c68c-4469-901d-4b5a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:58:37.000Z" ,
"modified" : "2016-03-09T16:58:37.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.235.53.18']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:58:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0563d-0af0-470e-954a-4143950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:58:37.000Z" ,
"modified" : "2016-03-09T16:58:37.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.195.12.131']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:58:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e0563d-3828-4bef-b064-44c8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T16:58:37.000Z" ,
"modified" : "2016-03-09T16:58:37.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.40.108.39']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-09T16:58:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e08431-a8bc-4ae5-adaf-40e902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T20:14:41.000Z" ,
"modified" : "2016-03-09T20:14:41.000Z" ,
"first_observed" : "2016-03-09T20:14:41Z" ,
"last_observed" : "2016-03-09T20:14:41Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e08431-a8bc-4ae5-adaf-40e902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e08431-a8bc-4ae5-adaf-40e902de0b81" ,
"value" : "https://www.virustotal.com/file/d536fb9620493a6fee54863306b744cbaf2bb7c3301d2042406b3a6383b23a57/analysis/1457547604/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e08431-e128-486c-ad48-451902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T20:14:41.000Z" ,
"modified" : "2016-03-09T20:14:41.000Z" ,
"first_observed" : "2016-03-09T20:14:41Z" ,
"last_observed" : "2016-03-09T20:14:41Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e08431-e128-486c-ad48-451902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e08431-e128-486c-ad48-451902de0b81" ,
"value" : "https://www.virustotal.com/file/7724f7c3f68423afa353df334435adcbf6a3a5356a7c6d03e08aa5ddf41d43eb/analysis/1457532525/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e08431-52ac-4140-a1a0-484e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T20:14:41.000Z" ,
"modified" : "2016-03-09T20:14:41.000Z" ,
"first_observed" : "2016-03-09T20:14:41Z" ,
"last_observed" : "2016-03-09T20:14:41Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e08431-52ac-4140-a1a0-484e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e08431-52ac-4140-a1a0-484e02de0b81" ,
"value" : "https://www.virustotal.com/file/e42da926490c01d608eb02cbb6553ac488cfc24b5c56d6566617eeca9003aa82/analysis/1457530763/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e08432-3a40-4d51-b365-46cc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T20:14:42.000Z" ,
"modified" : "2016-03-09T20:14:42.000Z" ,
"first_observed" : "2016-03-09T20:14:42Z" ,
"last_observed" : "2016-03-09T20:14:42Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e08432-3a40-4d51-b365-46cc02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e08432-3a40-4d51-b365-46cc02de0b81" ,
"value" : "https://www.virustotal.com/file/ddf70b11b61b6c496c78c93c759297286e227f03b8cbc3ba9d7df0653295d877/analysis/1457530629/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e08432-573c-4d4e-94f8-45af02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T20:14:42.000Z" ,
"modified" : "2016-03-09T20:14:42.000Z" ,
"first_observed" : "2016-03-09T20:14:42Z" ,
"last_observed" : "2016-03-09T20:14:42Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e08432-573c-4d4e-94f8-45af02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e08432-573c-4d4e-94f8-45af02de0b81" ,
"value" : "https://www.virustotal.com/file/00b1fa0bf426c6abe13e8334b1d92e9deb284c4aa19117b4dd988ef61c924ce7/analysis/1457548208/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e08432-8ba8-4213-b16b-490302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T20:14:42.000Z" ,
"modified" : "2016-03-09T20:14:42.000Z" ,
"first_observed" : "2016-03-09T20:14:42Z" ,
"last_observed" : "2016-03-09T20:14:42Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e08432-8ba8-4213-b16b-490302de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e08432-8ba8-4213-b16b-490302de0b81" ,
"value" : "https://www.virustotal.com/file/90e4468b681b4dfcac724aa46904e8fdadbf8cd238b88d9e2769c1f2024d078d/analysis/1457554205/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e08433-8f20-427c-8f45-41c102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T20:14:43.000Z" ,
"modified" : "2016-03-09T20:14:43.000Z" ,
"first_observed" : "2016-03-09T20:14:43Z" ,
"last_observed" : "2016-03-09T20:14:43Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e08433-8f20-427c-8f45-41c102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e08433-8f20-427c-8f45-41c102de0b81" ,
"value" : "https://www.virustotal.com/file/1af82c782877d943a137a3d7de610cb2cfc8871879de4912d6b5cc3c6cb0acea/analysis/1457536258/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e08433-b3c4-4651-b935-47c402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T20:14:43.000Z" ,
"modified" : "2016-03-09T20:14:43.000Z" ,
"first_observed" : "2016-03-09T20:14:43Z" ,
"last_observed" : "2016-03-09T20:14:43Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e08433-b3c4-4651-b935-47c402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e08433-b3c4-4651-b935-47c402de0b81" ,
"value" : "https://www.virustotal.com/file/192a46bb8952ccc1fcbb620ce5adaf77b67f32949cf4989c1bed0a22ec46f96d/analysis/1457538983/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e08433-5834-4fde-bc67-4c3602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T20:14:43.000Z" ,
"modified" : "2016-03-09T20:14:43.000Z" ,
"first_observed" : "2016-03-09T20:14:43Z" ,
"last_observed" : "2016-03-09T20:14:43Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e08433-5834-4fde-bc67-4c3602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e08433-5834-4fde-bc67-4c3602de0b81" ,
"value" : "https://www.virustotal.com/file/1f8f0007f437b4cf355913722568b95112a3786be6d24c0980cb4bb72af94d96/analysis/1457536304/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e08434-afb8-4fd7-b552-49b802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-09T20:14:44.000Z" ,
"modified" : "2016-03-09T20:14:44.000Z" ,
"first_observed" : "2016-03-09T20:14:44Z" ,
"last_observed" : "2016-03-09T20:14:44Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e08434-afb8-4fd7-b552-49b802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e08434-afb8-4fd7-b552-49b802de0b81" ,
"value" : "https://www.virustotal.com/file/cc34e2ed0fc564dbabadddaa5c7f953f7187a6d5a8aaa8ae92edd9d11baf3de1/analysis/1457527501/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11720-d168-4b40-ad11-4632950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:41:36.000Z" ,
"modified" : "2016-03-10T06:41:36.000Z" ,
"description" : "Locky C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.154.157.14']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:41:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11776-752c-4455-bd3d-4994950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:43:02.000Z" ,
"modified" : "2016-03-10T06:43:02.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A G E 1 a k g D b B F h N T g C A B + d A g A g A B w A Z T d i Z D g 2 O G Z j Y m Y x N m U x M z c 1 N m Y 1 N D d m M D E 2 Y T Y y Z m N V V A k A A 3 Y X 4 V Z 2 F + F W d X g L A A E E I Q A A A A Q h A A A A v x P e 82 T z 0 J N H Q T j i G I l I j O H e G T l h E a H u o Z u L 0 i H V B X 2 N 8 t T q p 1 e n p f / m i 9 V T y E 0 R p V O p / 8 Y l Y V A 8 s S x U y p I Z S f Y E D + w c O c M + s g B u s E S 4 r g k O U p q f g s T v B O m 1 n k o g h s Y E U I + V q n D C G K r F X 96 z 8 r u H V x d 4 u t g 8 f / Q i I v G m h 9 U V 5 F g x 7 h 6 j + 2 D F Y + v M z N M o J C r 8 v c Y O W o 6 q y r q Y C c m x F 9650 m F F q y N P T W y O 4 F y 4 h e p / E q D 0 S 6 Y u U d m T 9 j n X k o X U 7 t 8 z r 8 W l f Z h e / 5 L m 2 g J B D d l O n k H 28 t U b d 7 L D o 7 i b A 8 q h N I T t f l H Z o G u z d G k V x X V y a o T b W v w 1 L L f s G D / e m W j B b A / U j j / i 5 d N v x I d t 8 P c W n x U S H 5 J O X c M R S 7 v 9 + P O 4 P p 5 P i 3 / O 4 h C a 5 Y Y d 4 t A Y a i 7 h D f I h 64 I K R q x p g i h F R x j r 5 R F 8 o 3 w o V / k U Q o z S Q 5 c 8 X a 3 D X 8 P + 1 y P p L D 75 X / m W 87 O j y L T y e Q 19 A m f e 2 c Z W l f W 9 h z m E 6 h j U J S Y p E p 3 t C l 124 Y 25 s 4 + t X B B E j b L Y 4 f P g j h 2 A 8 G Z E G T O z J y l f L p G q f B P H 2 R T 50 H B J y b u n c N B X 8 o t n N Y n s N 2 L Y D l c q j I p V f S 1 d h q 3 M u w R L K l 0 q 2 / r S H 58 E v T A c F R f w O p d o 61 F L B n S B k I o D 9 o N C 0 v b e B N G O H L S 3 a t r p R P I 7 Q t X 6 L Z j z 6 Q j R 2 E c X m u y 8 t S l Y n 2 V 6 A w F + y 46 M s 9 M i 4 u 6 I 33 J 2 W q 4 d + n O v J t 74 F F a t 0 z j z G 2 e n h a e K k R c P 9 F c K t W m J 0 34 T + a m 4 k H X t n J H H r X k m X 0 W R A Y c x 5 Y a m G q 6 Q h k 66 p f T Z g C s C j H B 974 l D 5 r J 81 D x l c U m z S 3 a m k P H f 1 u B z x w E E z / h M p U Q x 0 X i h A l / l R R T o Q 2 V G N A g 5 t G 4 i j S N t r U k u S c M X H B 1 G k G z T Q r m 21 g 7 F E E T 7 D y a r 9 L e 5 O r L O 0 c 7 N a u c T n Z A 0 m S 0 s i B o g k C + V 73 M l m t 74 u W U b E o H M P a y i R A c z Q G 0 Z d 9 g / Q 5 a p K Z 2 I A q R G 8 q n m f c O F q J C D 7 P J n w Y m I O s 7 b U l k e j + U 5 / P u h Z O 18 N 6 c 6 z 3 W a O w s e z 0 t c O f L o A M 0 f u N V c I p o o b E E w W S w 99 / b / J A 68 s q C N H 4 h j r k f o 6 D o z L X A / v z e X Z u Y + e a / F 5 P Q Y t y / H 2 d D N K P 48 Q f / H b L a z j 0 A P i 6 D J 1 G 59 o C D o b / U 0 9 T E s t h h u 2 y a I 6 G g O V b D u Q 7 A z C M o l C U g F e m Q 7 j k 4 J r z Z C Q U q 26 c i z W K w 9 A f z d L N X Z r m n i N 8 T V U l p G A k / B O P X K Q u l N 90 u O S 2 I x g 3 W V Q d M k 0 S v y 1 H / o + 5 u 9 U E o M Q R 1 h N g n a 988 o v i 7 W J 6 i Q + n l u y 6 L l 7 i v L 4 R p + z w K + x r r N l + O z P i h 6 A I q X j s p V A N a F Z 0 v X 3E4 w i o y G Q q m X M S M l Q r f T o d I 4 J 1 p f v w A i S V m f y S K s P L a u X x m A b s I / p Y e L M j 93 l 7 o n B l I b m S 95 P 5 R E V w 4 J W B H Y 953 V w 8 / Q O S I z F M W X w 1 B g E / E w R s 3 w 69 g S 0 t p 8 n j Q K Z G o n 4 k M 8 T P V B I 1 v u 7 n O c I T 6 l F g Q X m / l Y G 92 S h q n W N G 1 u i i j P 8 o 6 p s 5 B G 7 x + + e z W g v 3 R X G t w L q u x C G P h N f w Z t B Y 0 q e 9 b j 7 d w w 1 u 0 n v W V y G y W M A g m p c s a a P x L B E 31 o 17 F N Q m d c h 71 u w a D 3 M P Q k c Y 3 R F Y 8 P T B V 0 x b G I X + 53 L C 97 Z 12 O 3 R J k r U J C s k c 5 F 12 v W b G L 99 n y X 0 y l 23 / v q 64 Q q a Z T E S 55 q 9 I F / L y U e t Q 3 q H X S b 1 w d e F k 70 p Y v 5 J A v / 6 M L 4 B 5 g 1 T 8 v w y I 1 i v 2 p 2 d Q S 0 v l c 9 r Q 4 h r v 43 F H 6 o c D u N u C t 5 J l + h F x G 0 D 5 f 2 k x Y Y j 2 D N v J d x A a + g d 7 Z c l O D a K C h d + t g B U G Z h 7 L E R Q + Y I B n Q u l 58 F 30 C + t L t l R e r m 6 O O Q Y N R h i e J 8 U X m G E I l k e E 4044 v c I Y 9E8 X / S 2 s K 72 R b A i x I t w L 65 P e F z L R v p D 66 F G 7 a 8 l F e i 2 h 8 Y + 5 / 0 J t T R p u U d 0 x 0 5 N b u T I Z Z s z z G / C Y m Z U k w / 0 s c D 1 P O B R e J E 8 A u c b F R O H V M E 0 52 s i y 1 P w w d D h 0 I d F g l d S 3 i d V Y C G s U s j 9 e G I s C D M g 4 D C I P k j V L e H m h s K P G S V a h / I 7 I t O f M l / t 9 X N j F K F z S N y f d M H Q U d 36 + R z p / r n / 6 t I Q H 5 N c + s A p f d l g F e c C 6 B B D r k k W R a Z b z W V o T M N B g q 9 b W 71 s 7 / M G N N Z 0 e p q l o X u B 9 j n U + t 2 m K g k f Y Z V / A c l c h g Q 4 a W A i v 0 C K L v F R a h j P H i f 6 T + V S A 8 m M A A P A Y s V Q K U W D Z D C t 0 6 X B d t I X c L b W n A e I O A + Y 5 X s J F R B v s z 9 U P J U / T t v T V I Z X J j 8 C I k / W 9 q 5 D 8 W y n J s K q m 0 E V m A p / N r / 5 m i 3 i H j 3 g w K X O + K n i z y J K B a h D 4 b 5 o F T N P q X 2 W w J 1 a L 2 A Q R q n 5 v S a z s v r Y 9 G G z 6 k F A a K G g I h t 6 P 5 T V 0 u e f Y 8 Y s 44 a m Y F B s x 3 / 7 T M v n D N Y p + 3 t A + d Y l v W J 3 n T R V o 5 d 4 e V L B h C j u 5 z b R 0 61 f K i r 7 V k c E i m e T 8 W S e n 1 j l B l o i a 3 p V Z F D N K o 2 L X l 0 I Q W y X r E h s u g A o 4 r d j d y v O M 53 z e L A f A x K u I 6 R O o l i l R d a X e + h B v 2 u O U l 7 x n R f e 0 x X 75 O 7 P S 45 V L j + 6 m c H T g O p / w l 9 x 7 y v G L a n y A w y o 2 J I O Y L R / C N E g i w x p I b 3 / 8 R L 0 s i z K 9 F G J B 2 x i Q G p Z H f X + U h d 6 J e C D W h 4 m 2 F U G 1 z Q J 4 p Y s N g a p x j s y v t A 0 I J S y 5 H x W W T 5 D 6 R L 38 w b Q 9 E v A K L 81 D K d e v v A u S r S d 4 b w O E z s p H B + Y X B v J n q f K 2 Z W A c j O z 6 c Q c G y m j + A O + Q l w T w O b R 3 O 8 n y + r b L z O g Z x 6 L k p U 6 L U Q b 4 v G S 1 V S e M p f k c f Q H M 2 y n N O J B / N 63 P a / O + 8 c z / N U B 0 C g p s 0 7 f f X u 9 E z 95 k d E S h o m l R x X c / G l U Q a L W O 5 t D 6 r o E / I O y Z F i f n g K I o c q u 8 S H 0 M c q f T q g l t Q Z k T J R D 47 u 5 u P 2 J r V w W W I Z z a x K z 1 g c c o N y p P q I u Y o a J V X 23 w L m u Z j j y 9 u 2 I K q V C q j M j y L R v o 12 B x v y M T S i E 6 i y h x I j x f n + j R H g 4 V X u 3 e s Z 4 v f N c M 5 T E 8 D L u G f a p y A N 8 k T 2 V Q n k v R L Z K f 0 0 C w R J + v D l y 9 e y u F 9 J F 7 t R H j 2 A N m d O 3 y 9 W X 0 u M W U H b W o B q 3 d O 6 J o u e Q 5 x S u X + L Y t b R z d v u u l m l a F J 2 g J / C l 59 k F R 3 t 1 P h g Y c N S 1 i l F w i H P z g v e + o D g z 2 F V G j j R l m U 9 A c Q o N I a K j 4 h x V X G n D M C F y B 5 S P X N 13 + F n Q z t L r x x O + m Y s 3 C I J 0 E k 0 n 6 P R 9 w C B 4 s R s c T v b c N 10 + q 2250 L S z R N + 6 R 3 C O i G G q 6 Z j Y q E i Q a P f 3 W P D b g G d s K b m f 35 g e v l o X W I B l 39 i W S n i F B R / j t e b 0 x Q Y 4 t m A O V I 0 0 b O x e v 3 P t n S R 3 Q J h 6 p W h M l / g D 1 K f d C m r h k P J V U G a I G o g C y f H c + c a g a e i q c I H n 9 x F w N w y k N E M 3 U s x D + x f R O d 1 m v t 2 m w U f Y T v V 6 U S 6 D J Q W M z k f Q P L l Z A d g 0 U d h t h Z n r H 14 E H n N J 1 e Z u y 65 s 4 A 1 o Y c P O V K 2 A 1 o W a 4 B 71 H o M p I T J r i 53 p c i 1 i L s / + 6 X Y M j 4 v P n V C 0 + r F O m u R G z h W M x 8 E m j 3 Z k G p k 7 O v c R F M h y H P / 1 c 9 R Q 1 T S 4e0 y 90 J M Q 7 o P X W 7606 + I a E Z u i c //kcLXnRn7bvR023c9yTxkQpra56cmG3pc+5giIOeGFDDcWIMsl7DrSLM1SYNWt79JZs5hP7UVf8dmc0D/tzXdvYINZSIUujcJaErK8SRbDF04ww6fuPojxfpgyO1dnral/NJntu7zJHkaX2G7j8PcHQwmY1gV95BPZlfcNFxjekDQSjKtHNkAwCJ5vWZH6pf+xum9S2Ne5VeMN2wb+JHBsGEab/Ka2OSp9g5rYnR9NNfPJ06g9mPkGLWMGGWDUxu6c/3qXYx60J6lJKiJu7M8GUH7Eo4jvXdjEQPyxfAk3mLe09j4SD9YufjfKR2/Yo9tqQMcTsozbk4f/PW7dHByMMV9dHjGMErzbF2ZyQKStaca3GYsuENc3D5FjJ24M
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:43:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11777-be00-4b4e-abae-40f0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:43:03.000Z" ,
"modified" : "2016-03-10T06:43:03.000Z" ,
"pattern" : "[file:name = '98yhb764d.exe' AND file:hashes.SHA1 = '3ab801425b1bf8eae78c0b4fe0751d92aef8014e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:43:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11778-3700-4f81-9c82-4060950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:43:04.000Z" ,
"modified" : "2016-03-10T06:43:04.000Z" ,
"pattern" : "[file:name = '98yhb764d.exe' AND file:hashes.SHA256 = 'a1241150c5b9e095d0cd37a51a4eeb511b2087e036ea02d75f045659f0f8286b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:43:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e117ef-5320-4c92-8649-4679950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:45:03.000Z" ,
"modified" : "2016-03-10T06:45:03.000Z" ,
"description" : "Locky" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A K I 1 a k g k g v I 9 I 6 o B A A C k A g A g A B w A N m Q 0 M m M 1 Y W E y M D E x N z Q 4 M 2 I 0 N 2 I 2 Z T l j M T A 0 N D Q 2 M j Z V V A k A A + 8 X 4 V b v F + F W d X g L A A E E I Q A A A A Q h A A A A s U s 8 Z H T x z S F O z 4 V P p S v A B O g V M A q B x a t k o H Y V m 72 X / B o X C M K c H Y T e + A f Q B i 7 C W o w m L s s 0 3 x G y E d 5 B p i y a S U p m R n 34 d W J 9 A K K h K W 1 s b 7 g q t E D O r e 2 M S 56 o H 2 d c j F x 46 v + D I H 0 r R h 3 s f 9 O s 9 C e Y b z J W 0 8 g 0 p R D q D n I U W k 6 l I x h U t e Y q l a 6 r F N W f D W e U K H 8 h X G m o 8 J f 7 / 3 O I s l h S M e d m o O a D B Z L h k W q D Q S v j r G f s C V G b M U A O s A f I u R Z r A Q 9 k 6 o 9 z g x z u / j 6 R y W g Y g 87 Q l I Y w U u E / C y u F v S + 8 n 8 O L K J 1 r v 5 w m e e S b 2 s r B H P K r n z C Q Y K r q Q o i M v j Q G V x f F B c B Y T n x c 7 n Z G l n 4 O 8 r v b f d I W b t q Q 8 U k 4 T p J x g W E W f 4 x f Z H P c e F 8 Y x n Z A I 3 E m O E n 1 S / b O a r p x W 4 X W Z E Q V O s 9 q y g i / 2 I u Y y k O g V T c 0 J 0 8 c B h o u z a L w 6 D m b r N C f w F E c 1 Z 8 z 3 V w S L L X h D V Z T r t V Z Z S V G l g J k H 4 n Y Q m k L N V v c K M n T a A z b N A M m d K 8 l K H A 1 R m 9 w o e r 6 s D o l B v g x p s Z V Y 4 L J M A G / N 7 m k 15 g u d b e / Q x H 5 m 0 F j h 48 H k j w T T n o A R //HPyWeeSS0TJ22TKYXAKqwv5xorhkkx6lJr8bN7ixmnqIL6hJS4CFzpOCQQr8YatFGbKp+mRcLPz6UHJGfF6YFT9/8SV86B+n6r0rjCoQcZ516XkpDe4kdwEntS0X6I3j4jsjDP23chRhmb1VfwBEuGMP41jUHqAcc4hsCB6bduzYQ5p+uzzuy4nfw1CUplWaaE+aHBawCnkFvUm/J13FE8oq+69CmaxnW8OXyF2Yzi7cT74yBu3h+LaNNDZGGcOeAeIN6hZ/2I37A7MpqV3i3Qe6V3hxvvd5zfugwbY9FvV3YFvwALgNavsEWnByLclFirVkcy5gBsdTK8o/fJeUEU+wAxfUvSqI1URsNW3ZWRCgc9oUtfrT6qzT9T3fU2iiRc3pMRuu1lZi8hZ2rZQag4YwwSoXwSRvqvYFOmjxl8BvWdeeCvyneH8rbRnVz9+S611sff+xNYPIpjL1n5c+kSpxs9mM++fB0b7Ww8BRiJUTVvf0QgKpOVPeMGVVbvXiXwM9ksYxmrBSKwlgs31G3Ne8BXVj9k2f6cohJdxRg9SK9eBAx/ZlELwBG2ZhepeJiNnFjAKZc7gUrGvCxKdrIwkOHFmFBt25jck8ZI9B265DeLVBAjEwvDOGrV85EDaB51ei8y9iHOxUrLghBPOyHuOt9y0jvuo+WDdUUimBdbgLravX98O/IvchcL9ni91k0+22bbcstt2rYb+vJlVdpLsSOxb6ytq0aRCWxXpjpyPbbnOkAK+DWRnFR619Kr4C5Csq5Xi0YkHQExwcWOOJLJ4ynZ78CmbRcZ+Vg5EFxOpzju1erAuFGCfbFxy/JyTRiCk6YPup8EpabPLqjh32k8fVVhIAo4kopeVJvENw2RrnsUGG4/ls+RpshuxeK/hE8/7Q0FD92bgAsS2krDSe9VoZMRk9OieRPajy65uk4uYmnDpANHe9WKtfb4WjnJfnvyP7UHnvcSdeRV291ZBIUUbrkfpTTK9GCyhaYHQiES9D9QdNQm5A25C6iwNBaOPBDUdrsABdfzSsXr9ANNrMhG7q8G/cGNFlt5K84FJEGHlTQrmgPQ5IiJ94TEhXZhAEFGX9w2r2MxvUbSYq03oUnnKHqAwYkke9TqLItrV0ueXdsz+xm8C48kXLX6wOQ9NFhTRynoa4xZEEHo/yx/Bt3IadbkUtKPM+kJ/Zqj8SDr7fKKUdkjGSeQ+6n4ZlUf5/VQoXzVASQ2HOkJKF/238wW4cb+AENthW+AXsnp2CYVTXghNJZb/aDGpnypcPZOPGu90VGR4C3UarJiZSyIxdUo344ZBM7Z+t2O2htyTETaGyv6fpgjCo9Mh+oibcElqpE0DHpzrUGZ+jJazbHnn43Ck32JLKwexFGnJ4VFIXZSE2hyaqGBzDDa+iASYUmdZmqa6ODrxhngIF/PGIACCIGfrbDqSw44fsUjXCK+K0tEHPuFbsZbtUG4glSaeqg6eQi4egUW9pUC9c2bVKBjj0g3DJkEV8hIjAEQ/3wept5CpW+1SqQJ3HKNbeXMhPTXzakwDHt5Sw2nnqbVyVs7iRFLDeVZyyHxnWraZ2izm3Z4DQo0KVzhzvbUmuDEMfiti7H1y+ngWyxLq5wCoNltDs4yOh/u9Zbv6Tmqa16Oo/qo9nk/Xue2pnmylCJT2oo4JxJpuQbhUJOJdY9vNRxs4lkySW2BmVmpjupWO6utMdoQSoBEHBYwd2AGBLojvdOFBQPOiEpKAHj4ojRrxZOd+la8x89B0cVETwzGRSF9Q5E8J292agARJZixdnRp/ObF1nUSv4Wr3mlH4MO3ne3sKRqPnHXPbdr5yrzdCyQhA0X+A+PlE1GHl4X9PsuvkBdwz24sWiHaKIIzT1Aw5mfdF2p3kyK32NGuRuglaDXDrWWZBrFciqQVOS/roNfkmDrAzUuqPRt7HOZhO8I+QyBRrYDOD//T8HqJ0z99BoqrtFcYSOKH/HKOpPoDD8vXohNgNrr5+PmPjlW1BSoBPLjn4EBRlpVIm4Yafiy4rt++hGPjVoX9jh7qJdQSULwv+SPWMoHzv4vZqp05+hQIB3uMgM1KgPaNAQ/eUZwnxAbtOJN5T6fPdrKgvHMmZsE+jIrYyClLR5g/Bzi0Ol6C5pWXUpgHcXqHk0SbPKRUYqSk36BVmKDxcU6XJme7NV+Y1zUQTDTLkYTEx9xiSGeckn3f1569bkWOJFlES00VI+7QEUcgnfMUgHxKpeIxQeqs1ypPux8Pkuq38guJpr1LmhYyimiymPt4ToEwp9YnL6Q6axqY4WuDmphXK4XwHuzO75xjRNTSdl7OFYtNaugtiyjFSTjPyt744YhtNmbokm+/YkLnI+aO7UhGFnUPJQQOtJp86N3gBcIQVrfaAFig2H1orB+j15kPViaPPTXO31sTMu3LDg0co95xTGtRrC6ldCXoXUIrBB/+lXesb8hfGaojK3QQ0KovV1RdmZlTJpnBSwgLzjuWB6F9gLAaTCMPy9j8FDLluSTUC4JuTyNwJgk5at4YStkl+2Wsny+aDDwsS5GlEoviBdZVWYFb1i/g3scAETDt6X8cmsUD3PjzJL8jFl3zAMQy34mZAktzFTs5HaMDHiHXfi60MW6bzpY2FQvgMs4z/i+b+p0lm8f50KS9Gbz/116c0EmW4R6uDf/akko7549TW0uAjeSPv6M2eFA+dnouD/CqFuIVA+Q2oXG90tIkcXbNcy8ZVy2dG35iva9GTSVWLuRQJ2nX5G/46scBRlMK/MLIH/AnEqrrx44NwChx8g/0KwRJgsRqmZk26gV9DUAg3q5pb9azTabGDz7OtWKnTqGLIzSoz5NtjftjTxPLwNzeoJeN0e/cDl6gKJkG6jyRn/C9F5PWTr+keMYFkQ/UBAGrleHYJRj4lVG0tvNnzlGqwgIlvQRfN3InITQ30/VG3uaIMO3D1ttj9n1BoBj4GFEC2VzpszI/mK4y0PnBc8WPvXQCax2r17y6zzeoTcjlMv3wNFSsEct+RYcZogr2Ry0wNYUU9PAqlORulWwRLXos3YM7Ii/PLqrib//RPzBPc6T+oQVb/jeORRm1c0gPU0C6fK9QBC59F41RgHeYvR0aSTznmCQoMS1dG19tmNBlJs+SWLhKxr4vDs8xEQmWircAQrQRTqCyeUWw2LP+GSWews7zXCukTP+Nb8GsRkcq9SJ2eT0cYSNlLdrNkUijWSyviPvyZmKh+6bjPEzpcSt7DUwM7jqipmIiRigpmD5MFXq3zIPx2ymCyN6wDRk8eemvCw6eXif+4rjkBHC0XsKWBgb/Yf3QAt47+9hbp0xtPrUIht4J+Nwq+3dcz2aPA/acpEoR7RIT7
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:45:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e117ef-17a8-4974-bfa3-46d6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:45:03.000Z" ,
"modified" : "2016-03-10T06:45:03.000Z" ,
"description" : "Locky" ,
"pattern" : "[file:name = '765uy453gt5' AND file:hashes.SHA1 = 'bd2846e87e4012ea72a508300de8ec3c68778fea']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:45:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e117f0-8998-4652-8b0d-45dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:45:04.000Z" ,
"modified" : "2016-03-10T06:45:04.000Z" ,
"description" : "Locky" ,
"pattern" : "[file:name = '765uy453gt5' AND file:hashes.SHA256 = '94212563ebd10f4fbd52f203dd45c939e9ef097b96d0a7ec8d9952e8369b7e75']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:45:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e119b1-d4c0-48fd-9311-4da7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:52:33.000Z" ,
"modified" : "2016-03-10T06:52:33.000Z" ,
"description" : "TeslaCrypt" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A J A 2 a k j I g j Y W + 8 E D A A C K B g A g A B w A M m I w M z M 3 N z R m Z j h k Z T k 4 O T k 5 Z D R k N D A 4 M T V l O W R h N W J V V A k A A 7 A Z 4 V a w G e F W d X g L A A E E I Q A A A A Q h A A A A H K 8 c i c h v p s t N l S G X j I I 4 W h 2 H Q A c m u 807 s c k 8 / p o T F O L P c q 63 K 1 D G L U u S D B x g v i v R l 6 C s Y g 8 W 2 D M N H X 4 M l B d w z Z a 3 Q A k p l F 88 s S K 0 f Q b g N M h 6 g V C A 2 w p 8 X 6 J a M Q C P t 9 n j 9 s 3 k w d l i N U m f W L j Y 6 R C i P I t l Z D q u / 4 X o c L / H r T e H l 66 W N B x 5 X r e 2 M Z a 2 Z u n l u y U 1 J C m K V m V 14 n z h A o Y F c x q 566 W d k y L b k n i s Z 6 o 5 y p n P a c 2 Y o S 1 q 9 N R 3 p t x G m J W G U + G q A y x f C 6 M B P R M g 0 x 4 L F C 4 + s M g w V 7 W 87 e b 3 g c y u N 1 d J V 5 V x T 3 q v V r K r C X D 6 x //FbFvHqHXq2USnpq1wctyzw4jccmS4SenNck4vTlYQLqOwYezBxm2uVx7wpBzgIoF+mzd6CisyEAjizoAglGRIdHKcJgHw7kuslWJFgTva9B/9ND8Euz5z8t0GCYWL4gsp3YrY2vvSmTHmWWtn3Il48jkd+RJAjh35AG4W5ZPg9hQ/MOQg1p50W2cJAwvaHq20heQNq64et7eddx8Hg/bZnGX5ShOvsDYqliocnVPIum2hO8bkIeYKYokhaOvrtYENpjiu7Zv7WycWTdLn3mm/laPQnl2BTA/RChtSwMc1fuP9QzbuHmqqK8zqlQkAYu69Sd+o5fWluqU7hyTVnatBYjTj8xEBsjm29VWux0oswxTv7EGUNPbKgcflRs568xuIGD6C/fSC0t75gMq0g38XuZpjOOcChP6jmh6DT3/fJHKaq5i/CdAz1wwq5EKEdyfLmSQniO/xbKhfzTBydwwFpUwOuFGfwiHAe66MOfUDDpgCYCZbn2i4ExdZq+Uuz32+Y6QZUCdAEnPza+Fjlw2gccvw1TF8ClwKKCu6ZQFfZKd3iuem8XZPTSRNlkX3+MdZCZ/4i00XAjPQBo7aDil3vJYelUva+AngbatIfiU7mu5uO//4WTgz+wjUR7mFZNEc+RDE7ZgfOHqyfns6lQKW2i6H2j2jkrZuXrSLajo+IM4QQR4LGVm9RP3+l+0uqyjVefoqZPYaQM+qZULSqPVk/52wCvwMn9gXHggs323cxCCB9sg8MKfhgEPU3gV6LKFXxwSW98Xl60ovSuGijdKJEc06j4l2N2gFPflVDIYpO+6zWeKtLBvXD0/BuFDPuLk922XiD07q0zLaTlIH1mvjJsFbHxvzvc4yUOd2DMGh042ebszUwdUSN/MucRDRlXoZcHuiJRfn+x+FX/ZQczlcCTvGS/TN4p9xtsIsDIO/HPqqR4GClWCtaPbDKfp6S3YzkNu5aI1hZqZTgYolbIenyOPdJ4HGaA14pf/kRbqC8do5YJEXN8KRWfP8HYFmDbVTHQXg3zRCEWe4Y0L4GBjPiNHcKLs8f363tiU5PWNC01Bmi9fse9Xl1S2scOMIrJiJz1r339yRcueF94cDM62M2Sy0TqMTocsspNGXgqrOtyNLoX7I2aQmaEi5/BS1b9Y5rkWTDt8Lq+k/frbVfjFeuYIuZnQ9iWVAaPh0o4HAaVbwIWwAK95JCvtBNmorohMiIREJtFy8+ZAlVuabiVFHLUwDb+zYQ77ZLOZ/zrzFp6JIkwq3Gh249jav7xS7Np1Wt/6dNRNo4qLPa4I8nqRfzTb57EW+V6Xbh1z66bpJQH14wxZul67T71AQgyqI05tLqZZsfUEpZZouvVyv+IVykJkCfi70n93/Gx9FKEJZ2J/WLlBg4iZ8CNFa2J3fvHLdkSxmVZVplj1LS/Fc2AcMIPvnSjr+e3Rhcw2VLxyguRRaTVV5ybVMDH8HpoREEEPuKda6QFne5kcpZzHPzrbyK2SoEgtpSorv8l9iJ1LOxAHQPuRG5SZp7muiJMMTff7PVTgb1u8gi309EKFQolHdgqGF6ePNiLlEzZ+QTKQg61CzN7RbHU2G5og9LcmtGhxmqGxZ4WvTBlrQ/Lfl2HF298y25blJX3ImiQ/Ph2AVw66qIwKUCZ3babdH6BOa7YGu7n0uQqw75bIXlDRaFgLmatuuPVnc/SCku295sW6d02ZZ4GwiyJIvU+5ToR63WstLxe7aMXQvtsVLCtLAs2HYQiMBuZHz3XbDPmMrGBu8mihjIYojIESced+1SHfq4kR4zLMhYBbyi4rEk/uao2aqetO6L1UuueisuxVoHpxOhyXJ18XyXzevwnB8SzCfc/xc8PrCrErW+pho55FDb+jyeUVXp+jgLXra6PYmYky6Pcwu8pJjvbpTMgU9RDB5+Ydm6TfyTxVtl3Opvv2xVqHlHGSVfhjbLD36udvOvr3t593kShv65y4u2+w/D6GlshCKQz8kF01vxOL4bNHtbJ1LQJH89wV49XE6fKJaAVSq3BiXBZHOeilus0Wjre3TrFglAFBc8IG3AIkH+tW7IXdwgXsDaxkm7/4q0zERNsXEhVJAA09jkZb+CSmHuY2oFnEf0kqPtNDoeAHGTHJQEvbzTwHFtegTMOhZ50In2/iVmV78GQiYC8BV3L+yWd4miBxOmP301zsNl1PbzBYCuXLTPWSmAUcDBT7co6KLhP6Acrv8GU7ptZlBpqqpXMEPjK1nE8t2ZwTMxH2XIiXFuO74e45p5DSB7h1EVfD5L855v8c/wXAwADIU1IfR+74qBNJEDBxUnk8POt7AIr41Vj5m5Xt66lddEbh7exmIX1+IuH5H1sYTi3FLLmMRS2PTiYywgTwukqJZpt8VyFMWoxqFTBMO7IJYQ5S+xuRjbcC1LvW9ZSzkvfN5iQIoLELoHgi4Rn1loM/48PiHKFTK8nENM8aLmBR/kjtkvtVTK3M3KtCG2O2b73VgCFNcHZiqmTD/nzj6z3EB94RvIUQRghTjeAC3K6VgbBmI5kx3IoQOfGV5kke7Exlp70AtlGXWy29g7YIMiJILKv+AosfLxS1Z/PoKuH+fZdtYJM2O4CfThsTp3o0q74l+Aia+17T9RE422yb7az0zM8NO8jBg/7YNEepcyLYCW2h2pGu6gm3I1Ftk9eVztzG249vrSM5M0HjXQk/OO/SZ6qgmHhwfuPdtOXVZCXCsHjN2OeabXoztAGTKEcwGX22vMrZSaEyuyM58AHXmbc3/VYBjiUqUCUhD5linBCQ6PoDlncCL0j897ZdNSzrGPIM2iVHW/hC/YMaBpugY4LkP0sTOswaVOh8x/gXLQ+3IhR6l24wHh+r47+RRkI/XIjOf+rDiW0hfdyZ5BE3MnBaujOQsCbjj2H63OXJna35kBop+r98gvSYKbp38ccWyv8t/ayyXCNsQPmgXrQbGip1UoGJDOOzYE2FT1YUwc3MWKmN+ieSoBb7cwrMPuTALXAy7wL1eOyJyj8ETgNaaloTd1AzU6eSV9S26WObVaB/nZ+q+btd3dREdChgAlsLH5PxfRzOvGC+2D5G1fR1OPGBHLCUfWr0io83TIfJfZtgkx+8hRjybfPXrHvz8nlY2kmVY34UZANGxyAF195bJXQ81z9jYn5L5Ek9rqYveNY3LAiXxI5G6j999NjoNC8Fivo79kceUsGo/xdr9xf1yrFaL4IK8AO628hpEVQW61hqUEpE5bz2vDueA7MauqSZzbtRgk4qF7VjszIvDV3CrsWzPY3m2dq/L1V3m8jM9SLGTsIRyLH++bzxLlp7H7pkuqOTekDj9adqP+s3rU4b2TlMJ3EQ4eaPd2uDXNGkPeSdchLPjiJhCXpIcArxWw5I26COu289FHFzzj4ROEWiwTxWfwwCMplSuStJnWzVTEsTndrzeXSWZcOB2O6T1ddUctSSb2ZMzncff9veOrC7fUomJexklctEx/14rASy/awvLcfaioJizPZcZP37um6j+FXLsFbs61wE2QiLKMI2fU3S2SuvtWJkTQtjA/adgDcD+84DE1ejFQiYogROKmPDbZkapFZ4dchFsQdBUtAdPr9MS2hF9FbG0ZS
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:52:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e119b1-bdb8-4734-be5d-43a0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:52:33.000Z" ,
"modified" : "2016-03-10T06:52:33.000Z" ,
"description" : "TeslaCrypt" ,
"pattern" : "[file:name = '80.exe' AND file:hashes.SHA1 = '08d493d7afc20b9cfce70e641fb07537fe105f32']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:52:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e119b2-5cc4-408a-8134-41f8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:52:34.000Z" ,
"modified" : "2016-03-10T06:52:34.000Z" ,
"description" : "TeslaCrypt" ,
"pattern" : "[file:name = '80.exe' AND file:hashes.SHA256 = '5863081c8714364fd4f88667667e6d8930512d30818db66d96317790385e4336']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:52:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e119b3-0118-44fc-9333-4836950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:52:35.000Z" ,
"modified" : "2016-03-10T06:52:35.000Z" ,
"description" : "TeslaCrypt" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A J I 2 a k j z 7 H 0 6 p 9 E D A L f T A w A g A B w A Y W Y z N z E w M D Q 3 N G Q 3 Z j U 5 O T M z Y j E 1 N j d i O T l m M T Y w Y 2 R V V A k A A 7 M Z 4 V a z G e F W d X g L A A E E I Q A A A A Q h A A A A I H x L x 4 z H o H T o 9 g q D l K A f 4 a 63 w 3 r d d 0 h j g s B l f f 5 v A i v w 1 A e h X W A + / I v W S h D S 21 B P / v n 3 d j T v 5 J P G w G z U b 3 S l f n 3 y j S 0 50 F H a q X 1 x r E 6 r T 6 f x f a C J S e 548 o s G y z 4 V 9 U 4 j B T z 16 t N R v i E c e c F d C b 1 d b W z R s 7 z A b s j U W Q 0 r y p M E Y 97 e r R L C t K J 2 y x P O R J l H 6 N Y 0 v 3 z y 4 N 2 w D e E N n k 2 z p D i 0 z R E Y o j 7 m y P w p v h 95 I O g o J q r 21 A Y i b p 3 J o q I 17 n j X U b 2 Z U A c h 69 y 90 S T T R 0 R W q O V O U 2 W O s n m v 6 v D K H F h s C g s L R l b Q O a A Z X z O k C t O n J X h a 8 k 7 k 8 + W v o 5 b + I c Y + g w V 0 g k l h P H d w Q a M G U t U L p K i / z T g J c 8465 h 2 k t u i w j T 9 g A E h f I e A R b E U 2 f x 25 F L p W F 8 G g T V B J f N s J C h x 4 b Y Q 1 v j 7 M a X b x x z B O 8 Q y v A + O I 9 a t b W Y j C g y u m 96 I 57 R 4 c / e 66 n p N p H F L c c f s / a p 0 D 6 v + 9 q p N + n R Z Y X A R v 1 + I v H 6 U j m 42 l d G s T S b J Q y d m o H b 3 Q d q r 3 j W Z j 2 k H r U z V N t Q H Y 5 F f i M e n T G M d z v U 2 w C q a 8 F c q g 0 a a 7 Q 97 q x v Z d w e e N O 5 x h e / b o s M z 3 k 1 Q Z / z c x 1 B p j l l 8 H Q / i n m u 57 f l I t v c z q C u u J r F e z g n T C z Q g x h K S o P C + u I b L V G x F 6 o p e i L O 98 c Y T p 4 r 9 J N O 1 O I E 5 + n Z J R c Z k K 9 d f h a C J L V O X c K E m 0 6 h 2 v o y 386 R 8 U 5 y I X U K M z 4 Q H 8 d C 7 / g s a C V 3 e W / T D 0 Q L A z d E q K Y j k q S Q r u 6 K k Y N j 1 I A S w G s j Z F Y a D Q j k 18 s u r K p Z j 3 p T T n R s + I D S f x 0 H O X z X U e B E W T N q n k Z M t W s m s a u L V 2 M h x E O G J O Y G V S + C R y z I d W 1 e O N z W T U q P s O W j m t W h 837 Z 2 e S b Y l D J s A x z u H 9 G l O Y L Q m O l w O 5 U s P M n z f p Z Y f J I 58 G g g / D X 9 M e T o k z w x C W V 6 Y l j 9 L 63 D b S s r 1 V g Y z p 4 A / d M N w X x W A G H H Y q h / S J n M Y H t 18 W u E W t C i m d F d e n R i + g m M C / L o n E V v J 4 Y f C h Q 35 t 1 V k C / L x 2 W O t H r r C P v N w F I 0 h 8 R H x 8 R G 7 N l g O M F D J D Y 9 D M V Y L K Y 7 M Y f y m m y O i R x y 9 l I p n g h P h M a e d 1 o V V v I 1 x a q U B 84 e Q G z V E 2 c O T e Y s s N V l l R a v U 7 E I L o / a E v i V g E y T n a F h W 7 a A e + H 9 I x M g E w n S 9 Q F D x + S 6 M u U 7 D R K Z X b 7 o E k U Q G h j T q / I i l e A a 0 c + E p N E C 44 y P H 3 o F 81 r o c F w R g f H h L 16 f Q v x Z C y l 6 c v H g u J x 6 v f 1 Q D 37 / y / 6 Q G s 6 G P i g u 8 X Z s g X f 9 A 4 O 950 K V / x m C 4 R l 2 I N 6 C o E Y + g Q E B h 60 k v N K d J 2 F H G t V F m 1 O C H W e H 8 V J H p 56 z h M j B V 8 B 9 G Z / t u i c s / E A S + j 9 D K T Q V p c d L v C 1 a 5 g + c 5 k j J 75 h 9 Y F G y Z 9 g 2 l a M C R m z 7 X D k i m l Y j K G X j 6 e q t a M o c T c q I R x h T t A T d n M f x f 8 s g 0 7 T P L K O 0 49 I I 9 B e t 7 A 3 x w / S 4 g 1 M z B L X M s T Q i z e t u T v 1 l 71 l + m A B M L i v W r G d H r g S S G f E c 7 V F D 7 V 7 o e M c s b D y o k D u J B / d i C z n / Y 9 o H x z g O a F c P r 4 F J F F k N G M / m a z q Q w L Z w m z W R a b 4 c M k Z c 0 w + k c Q s y I Q I j t G H e e U D w p F 5 n S o T Z H r Z J p X f p N 8 e / i W 6 D O 1 F Z z E H a E M Z f x n H 0 p A + 6 q u s S X O 4 b Z h i p + o S J / Y / 4 U N G r q a w 75 E f w n f I 7 P S 4 t m 9 w u 1 c r 78 N t F D / i F i J 1 R 5 r S I s k 3 p a 6 M Q E x + D / Y S E E l r 9 k h D Q p g M w 9 X 7 H I s E 3 v Q F r Z Z M 9 i C g F y l / j 7 x V j 6 R / 567 B d 13 f c S J j 2 c 10 t 1 t 6 Q l 1 r O N 0 G t C + x 0 T + Q r Y q n d 7 B j w P B G D t h y M l t M W Y b N 9 p G 4 Z P N x 0 1 m / Z c r n a 8 D c 7 G L / D 4 s K m R L j M q a p k o D 6 s v x H R Y R C S o k G q l s V x q q F H O 9 Q S V m x 7 Z n c m + 4 j u Y 0 2 h n I 0 y P p 0 Y 1 b C o O i X G + O //sw2gq3xll2Bu7kKMT1WtTCTUtZFbIU48kh24sTUqY9biP9/4s5d7T6mihk/OOlXbtoHuy3LOzf23P72Xz3sswG+jl/Pon6l108zCkJGMAXbTd6eslNL7mLFhy8mOaxXtGAjwKgjPA+DWt08TLFchQTRxm7oHXrzwR1lxIeH3c1Z5WF6uMVc/mton4hZBYOMVxi3+O/JcB7Acm49SWg/n3IcEpbhc5vR+VA0wuuuXdV6Yst9PoyKxxKbYPsJYGOvEaljs31wgSOyTFhV5AmUGZIpDiC7PSP9hBieriOJtyGRH9JPrit8MDh+ePxtlD22ydaZ1v5Ba7zJGNq3NCPlWN5PAXv0Lg2gSHss6dEtEp5ARcqP9OE0CrMMVjAHFLdPVZTVYF9NOKWOetehpEMhYIGmWEJzLd6IveiQZdrmu7KrrSVE/LPeMDmPuQ6Jl3+9w10WUrRrJiEnf4a87QYWi0RTGT8NSB9BHZvlVNtbW1ucCRrgkCFxFcfORFSChDKgHEYZ8hnZA2vumX4K3q6TTSmy7hzLU1Y84qJIDEpeUyctuzjA2c6snmYxpIR/0H5dhD19WYKoBNF0qaAHohEiwsctM9MCVazL9K+PfE7+xOvWo2y1QWDA637aZhS8u6bfGlSOcVYVIWlzpqO6PiVAkIBcyd471n/AthyecRAHvHfXeGOhemPnxW6m1AzOXOUc+8++VGAR4mqCVuVDE21YFywxDi3QwROhmLiX+iRnBlB1Up/PKkYGsYdFvlx0LqDP36Z3elUWV09GnReZ5kcWld8MHNX1tIpZuW1GnDdnJRoG2w3gWJTXpki0Y+aVB81IwtS0Ooyp22IgJ7HH/WhckvuXmaXgyza5YNwtbVRndjpPLH2SttUhf4huLxAEA9sryNTcn/jJiXWoA1InUY+V3t6IuzZGw8q/IwXpLR7fHVzBXPpbWavG1JjdCX05hJQ/6Lb7WHCj5FmkyDqeuiS5xWz5ePIamdlSU9BlGwUdcnMKEAkJRdpjYuer578i1gPUnr9+jfWb+dBg++oYXbyxCNyQqaNnIURoGAybyi7gBr1F2yutnf5LuZATpqWjpqNB/XGLoD9z51mnc1J4T1obTMJjxaoResLqbcEjsYelCz5W/MZGcmXCsiFdoMgG9wzWOf83oacg9KJxO+TGfYFY6cPXgh4GZPbYo2NHjSgsFDzb0Nv0v07U/vpeEsjg/D/KwpcenncNSbKoCaJjyzq4Bvlmp+LlAjrG58K2mh0r4V0TwjywfVNTo5SlbseD7Y5NslVMJcTNt2ggyUnSVHLBS3aKGcL6tFKxq7BP553gHOzrKH3GvDxHdPmeCGsz4qO1oCTIbWVva7rX16pclshSBNvdLx+ZxUjqnlB/Pgv9kp/+cl/wlBfN7WacxATuaHlUlJqP7U1S7tTIpaGemUP6SCWOZED0QfktkWKWbUHzz6Ggy17JK3cRXqdKh2k8OKP7Iija8YohnBbH2leSfKUSvNMgr8zfvak8ukzLq/51lui9YsfCkuiTghIY4g8ycYyHdS9VRx8i8GcqPkgDnJVMqYuzCS3DUYj8L6UR9KDQR9WdR7hM1y41AKkNF4a/sgcz4N9AgZ5hi12DpWgy5xnhQLQN4UUqaKsSsrBH318+sr7VRN6lDXN4Fu73zRIBQ6V4h7f/jkeYexIv13tOE4Z9rd8IWZd/Birtk/I6WIyA5ihLpB6gwKcMXuWMV9GkUvuSPVJdW1u499TIyCZyVjHCxj0zvPieagym0OPmNjAYu/mAmgD0fDIsFGirS+ksVdxiOqvkCb5dcOyOm9yVAIE2D10CqSCiSY430PTnXLG6CtvVHOU1NjvC6DuzEsfkyBoJkWHSnqBVqCmS06RKceFo8bzjc4apKY6RNmju4eNCy2RfuRXw9eKMNvpISgHEpYxtZbD3GoK+75FULC89qr63EnDbv7VTjkhFWMNK1oDhl5RacWAFYkiB+4DMcG+soHvDix6ox+mr
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:52:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e119b3-ebec-4ea1-9a1a-4581950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:52:35.000Z" ,
"modified" : "2016-03-10T06:52:35.000Z" ,
"description" : "TeslaCrypt" ,
"pattern" : "[file:name = '80.exe.gz' AND file:hashes.SHA1 = '84b9da7aba08ae045cbeb79feacdfb38baecb4c6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:52:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e119b4-1294-4866-886e-4537950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:52:36.000Z" ,
"modified" : "2016-03-10T06:52:36.000Z" ,
"description" : "TeslaCrypt" ,
"pattern" : "[file:name = '80.exe.gz' AND file:hashes.SHA256 = '2b602a949a0e62c5a45549fd91ce1777ed1dc0b05c8472ae3ae224d05fb82754']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:52:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e119b4-852c-497b-ba37-49dc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:52:36.000Z" ,
"modified" : "2016-03-10T06:52:36.000Z" ,
"description" : "TeslaCrypt" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A J I 2 a k i J E f L h t 84 D A G z Q A w A g A B w A O D Q x Z D c 4 M 2 V k Z j Y 1 M z R j Z j B m N z l l M D c 4 M j R l M 2E5 M G F V V A k A A 7 Q Z 4 V a 0 G e F W d X g L A A E E I Q A A A A Q h A A A A e T A T J X E u + n 1 k w q 0 p e B C 5 R + 25 S Q 8 E h f P b n E j c q D 5 o T Y + K c f G a S r x + S F q m n j t Y z o 4 c I n 9 y j o C V I 3 j L N e U Q Z L b 3 X p S H u v s 70 Z y R / Y j w v 4 Z M W N C m o m I 22 X G H 3 n 9 Z 1 F R H O G Y C l + e d + x j g e y w u B M T v m o A 3 b 3 a P p c Q b D o W H Q 8 c m m C e O 3 U v F D K M N 6 x f J y N m X K l S t 6 v e n c t D n 0 S 9 u k I B e f c E c z 7 s n a W d x 7 o o 1 T v 5 i U Y g M i M W g K i g b c h 25 U 5 R b Z H N c z C I k N y 8 r O 2 r X C 3 l y 1 o z V B h v e m e U J d a B P z L m A v x z E l r R q V 1 x x p R g U Q X G 5 Q T O K t k 5 o d c 6 C T 0 T P B n f N F i b j U W 7 w q v / I l E K I y s 6 T V p K M Z h X F m r d D l C F L y 0 i X E w W G O n n w e f 7 e Q 9 o l o z U 8 R k Q y I f 4 q A 4E4 N + / I t e X Q C f 7 b q t O c Z n M E Y y M S E G M E C t C J B Z Y m F w J 6 B + 0 3 i 3 d Y K c j u q c 0 + 0 j L 75 H p D G T z d V z n i / i i F 28 U H j M w r m Z W G J N 0 0 I p f S A J z R 2 K j L l I z x A 4 z a 15 p u E q e G c 1 G b i r E n N Q S X p f k r H M W a J a g a G j N o f P 4 o Q a F t Q T 5 v 4 C 1 B G v 3 y c 6 y f Q N G o b J 0 y H w D T H F d j D r n g C q i 6 t R S 3 Q Z W T C J a s 8 a r p v f 0 M Y B 5 O F o P 0 X E F n m J r Q Q I u M y c x d x L C X 56 n Z I 1 P y X l H 0 a g X C n n W J L r F I a c P j F O h a 50 C I s z 9 p 1 G G o R 8 p b C x M W B m F m 5 b V 4 N O + d P o d g P f X T y f h h j 62 z l 0 E y 5 D i W X o J n 2 o 2 z e H b r M d h v 0 m V 0 T H j u 8 d E J Z G 6 + D K W s 4 + h W y a J t z t Z Z 1 J 4 + Y 930 B f D L e b C p d L j + k d y v M w k Y 11 v 2 u g m m I W K A M p y o 2 A y K 5 F F Q n y V y 6 c 3 w + i t W K / D + A o 1 r R d 2 C n j p C d 2 E A b A V Z D l u 4 U q O J 8 H P X p T B b 8 J C b T 1 f 3 h r j I 10 K m q N M q 5 N X + V k W x 6 W O T b 6 p L O U B G z / B F l U 2 Y i W f H 4 p X X E U o c / 5 O A Q i g o H y K Y X w q 7 t 4 y U 3 l / m X + 5 F m S M 8 V B V S V v D 0 1 Z y / V M T 97 z U p 3 s n 503 x B + o b u Q a g I 5 V K K E h g S N v p q 9 U p x h N s T c L 4 Q L x 9 N K J u a N M 1 Y T e A q x b A J 5 J Y K n L d A x M f 8 i 3 j o 5 q q u 7 f 7 V L f w l y C / D a m j 8 Z a z I x l 17 D s C B d 0 A x / 4 / Z Y x i L 6 B q f d F a 7 S s 3 U 3 G G B R A q 5 o L z C 2 M e Q m Y 87 a 4 J t W E u 1 A Z t b 3 c V f G X u q l g t G r T I 4 q N X v m K f B G C R m R s I O N 235 h o M c O C Y 5 i 971 l 7 W N J 9 S J 2 o r x G d O P Q l Y T L q F q u d g c 8 b R p b g I 0 B i / 6 e M T / F S g o z Y r 23 b t I D M f 0 4 y U u O L S E D A X n j 6 x + 6 D C W Q 8 O C O u i D Y o L P 6 w L N H j U 8 u F X T p o H s r n Z u Y Z g Z P 7 F G H j a 39 v q S j F T D 4 N q L X b k Q l u t M E + 1 F J K v b w y d R 8 M r 9 u 4 K j a g b 7 w R 0 c 51 V L Z / B p Q P e q o V f g v b G 7 Q p z c T q l D B L p J 6 d b U q f e p F o f E G 5 e C 0 e v B W q O o d g L F N l s B T K r a Q 299 f r L b 27 E o 3 q S u g u d B k l O W D z D u a R / + 2 z 8 O E + U M T z y K o a A 5 l y I B 2 y r N j O 7 u 1 Q 0 9 i m Z j Q i t l v l v L S O l 7 l k q V d y 7 G t Y s z h j E j I 7 j W H C C d t Y k I T f V s + S Q M U 29 y k 73 Z K c H Z C D 6 C f 5 s c W O l q Q o l A + 5 K 8 x a 2 Z q 9 W 0 M Y S f j i o t 0 L / k c B 1 + 7 l N L O 3 j y Q E k p F k i E e / h W i s G A r f x x u e N c g F P T f D U p + A T g Y 1 D F m p X I Y c q N e B S r l e E T V A I 4 D M f w j C D Z C o h P C a K / X 4 v W 0 R q j o f N 4 P r o C A 6 l b f L / I y j d W v u s b l v l X j O Q c 9 + Y k L E V z J A f v S C c N 6 + 1 l j L D D G N m C 2 Q P J d i y Y N D t N O A w 0 x M L 3 G L g f z + 4 D J n m u K S M T 2 I r + 0 t N 29 o f p 4 R 8 a D Y 0 M L j + L d E J u J V n h O + r 3 f L s M a j p B S t G h 0 M f l E 4 / 6 S l i 9 z e E M r e 0 81 X E S 9 d 5 F 178 Y w 2 c J 2 f K R E Z U T y X U 7 i r h + 7 i H D J b U m V M / S q w 2 v 7 s h W 3 Z P i 41 p 7 m z i e w C M u S b H S 7 + + g V R 2 X i C g L A 1 r o K 9 s w W T n e W o S n 5 v 2 K 7 R Q B k G 8 o r 7 d A 2 q f T h A L a C x c 4 q x w o K Q e 5 q 6 c x s 3 C R m O p v w p z a + X Q y i 4 Y U J 6 R K r 136 M E V M S e z Q J 4 n D L 4 b 4 B + V t 4 t W 0 m a K M / B L Z a W p t f y Y H d R I a a w l O 7 v / R h 6 k x Z M L + F i Y O 9 e B + F V D d D A N 3 E y N H O m h h l I G g h j 5 I T 4 F 0 W P y M A 3 e s M 7 f x b E Z T J 870678 H z R J J + m C E O x o T H c 4 U e 6 q p k K w q e i 6 p Q X f c / c t / 77 A J R f b K m k Q j X Y 9 C D 14 W N 91 G + I X v X 6 / 4 z / q L d f M Q G P Q C I f c T 7 y w J x v r f a 0 6 y b 7 N q Z t l V B j e 6 x 0 2 y n h B g Q Q A t q H b d 8 a E I p x Q h W G 9 j M L 3 q X k w 9 h b 22 B M v x 2 x I e U h M H l N P K E k 5 o u B T 3 w 0 V e O L / s Y 35 s l 25 P h I S 2 i P l z G K + M e t 5 k 5 O Q 6 B E v T K r u K V C m l Q H M T x 0 d I M e 81 S w C I 6 R 8 S t 0 P 1 d t F r + L 0 4 E j V P B X L z L b d o 9 V U V k c W e B b + J l A g h O o i y A 2 z l n Q n 2 C X j s F f J 5 P U y q o v 2 G + c B F V 32 D W j s E R c E Y V g + c F 7 c x Z n q h a R A l x A 4 S 1 P Z j V M X g 3 C v D z U d P M X K X o B L P h o J 4 J 0 R 3 c 1 c e G x h y j 1 I E b S s s G O l K 7 Z D S r q M u J d A r k 2 e V e C E / m B D n 6 x J 6 U p m H r p k j d S S z u M C z m Y 5 G q K c a c C z q + o m f e 1 N y V Y b d C I p 861 T R R s Q 8 L S x 94 i I I N Z 3 m x t 7 A 0 88 o 6 w i 9 F k W M N o h / 8 j q O 9 I j v i 4 s Q l V 9 X H A m q l b i g C D Z R 9 H I U Q x g 6 T x V m h m e i g s y n d l n 98 r t 21 J v K O a + T f w O 3 w G n k m v v R 0 i m L H 5 p e e U + e 5 r M m r W k 9 Y 7 Q v 2 B Y y N C V 0 S k s o 0 0 m E u 7 + K 6 F G l y 2 I T D n z k S v q 5 G h t Y 21 B 95 n R r u 7 Q Z f p C N j N g T x 8 X y q o q 2 m f g H S U M k d w s 4 c N 3 u 1 j 7 n u E u c M N m v 4 S H j q 8 D I h 6 a + f P y f k 2 l W p N E l g n g y n 0 V S f z v 17 x A s + v m 61 t j X g i D 3 j R r N z + m X m t z I F Q F o R C X + Y X j 1 P R G Z Y W y 49 + 0 0 J L H 3 W p G A h N 2 J n r a W H p G + x m P q Z q D F 2 N V p W A R p 3 S d k v K x n H C 6 A a Z H B 1 + h Y K C J 7 X N 7 W k T b q + t a 42 i m G d / a P L W B d P g L 82 p / 3 J S t j r h P k 1 J W v D i h x i X c q p b d l 4 Q + o 316 i D V V 7 J m n q 8 D f 8 w T a E P v Y k b Y M Z + 9 X B K H A o h c 20 q D C D k l n / a N Y 5 q w O 5 c O t F 2 e q t D 7 A d b q s I k A 7 O R S t V y M M t 99 X C Y y / V 2 g 9 P d 0 X W x E w D k h t j + P N F u F H 7 F T I C 4 f G S B z t T w 7 / m j 9 s b B 76 n V 5 O k o T 8 F + O l q C S / D m 8 i O K s K 9 S B M b b u x h 3 q 41 s y m t E b A G x v n / M z y z D t g G T 33 y n S j J u V Z l h O J 8 N 606 Y + F 0 C h A K 0 H w q 2 T O h / p 8 V h Y x P K B G l l 0 I 2 G w x X s W q v r 4 K H D E g J / H L o t 3 K C q 3 i + y W V L 6 b t p W o C 7 O z m G V u h 8 i K S 9 N x S 5 g W m y n S Y 9 J C + 2 L d T Q W a l R B e G t G k 7 v w + 81 L m V r m G j z 32 a j l b 2 c U Y k 5 I P n a / K y u n O 3 C 3 q + a d s k I 7 E u q J I V d 9 Q B u Y / x + 72 w C r 7 o Z R c v Q p a H h J f I X 9 G p v v b T l N A 9 i 0 f 3 W + K C Z A b j L h k 8 g S u k Y + V Z / Z e 7 m C b 2 K N Q 71 b 4 G W a 2 r f 1 M 4 a L L I e y U t 5 z k x i G H z 9 t z B R q X X k P L a 35 L 1 A U X o I D 6 K I X n T m T Z 7 M k Q M C D q D v X K N K T c C c 4 l l u I H X v H W r e V 9 Z c 6 b e C J y K 2 z 8 g b O o N G p O N E H q c h R i E W L H u Z A q m 1 i 8 K p C z f 1 K o i 0 / i w s J J W 2 G f l 2 e G y Y h f 6 N 0 N l V 0 2 q i W V T m z x d D z k X 1 j K k R F h 56 v t l e W C h a h Y u X K 4 t W u Y T M y B 8 F H V H 5 m + I G E Y O B M C l l z T 5 I 8 O / W u m 9 n V w q n B 73 L c / o 40 q K 4 + U E 44 c l A R S C M I + J f H 8 P 8 o B 9 B Y L k l l 7 N 6 C Q z / N X j T k r d H Z 9 W w 9 U F 4 x m y I 7 o K P X x D N p 7 I z e z w O G a 4 S i W Z Y v P R D C f x P R l Y q F U 2 o O Y q p f / d L P W u D U J y V u 2 a a V I Z L Y B p 8 R u 8 D S X
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:52:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e119b5-d068-4f79-a60b-4817950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:52:37.000Z" ,
"modified" : "2016-03-10T06:52:37.000Z" ,
"description" : "TeslaCrypt" ,
"pattern" : "[file:name = '80.exe.gz-2' AND file:hashes.SHA1 = '3802ff83640b013fc1295d6a3191fbf18a1846e5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:52:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e119b5-fadc-4715-9f62-4760950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:52:37.000Z" ,
"modified" : "2016-03-10T06:52:37.000Z" ,
"description" : "TeslaCrypt" ,
"pattern" : "[file:name = '80.exe.gz-2' AND file:hashes.SHA256 = '019cbaf5d6e0e88ff36ce1be20dcaea0c72c3eeddee27f4773531d8b66a2ca8b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:52:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a49-79e0-408a-9404-4ae0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:04.000Z" ,
"modified" : "2016-03-10T06:55:04.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[url:value = 'http://ahlanmedicalcentre.com/wp-content/uploads/wstr.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a49-66b0-4a71-8eec-453b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:05.000Z" ,
"modified" : "2016-03-10T06:55:05.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[url:value = 'http://specializedaccess.co.uk/wp-content/uploads/2015/09/wstr.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a49-3da8-47b2-ad4e-4682950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:05.000Z" ,
"modified" : "2016-03-10T06:55:05.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[domain-name:value = 'specializedaccess.co.uk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a4a-e794-4941-900e-40e0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:06.000Z" ,
"modified" : "2016-03-10T06:55:06.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[domain-name:value = 'edge-institut.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a4a-e62c-4d9d-96a7-4419950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:06.000Z" ,
"modified" : "2016-03-10T06:55:06.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[domain-name:value = 'ahlanmedicalcentre.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a4a-6758-44aa-b6e7-44cc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:06.000Z" ,
"modified" : "2016-03-10T06:55:06.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[domain-name:value = 'cam-itour.info']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a4a-477c-42af-9c90-46e6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:06.000Z" ,
"modified" : "2016-03-10T06:55:06.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[domain-name:value = 'www.informaticauno.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a4b-2ec4-41af-aca4-445b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:07.000Z" ,
"modified" : "2016-03-10T06:55:07.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[url:value = 'http://edge-institut.org/wp-content/themes/bstr.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a4b-741c-4756-bf7a-44bc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:07.000Z" ,
"modified" : "2016-03-10T06:55:07.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[url:value = 'http://www.informaticauno.net/gamma/tmp/bstr.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a4b-6de4-48bd-94bd-4274950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:07.000Z" ,
"modified" : "2016-03-10T06:55:07.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[url:value = 'http://cam-itour.info/users/28c4fe1/wstr.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a4c-f22c-48c1-954f-417b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:08.000Z" ,
"modified" : "2016-03-10T06:55:08.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.233.160.146']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a4c-f064-4128-90cb-47fb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:08.000Z" ,
"modified" : "2016-03-10T06:55:08.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.105.62.205']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a4c-0248-4240-9c3a-4bf8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:08.000Z" ,
"modified" : "2016-03-10T06:55:08.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.168.47.225']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a4d-5b58-4a82-9f43-4918950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:09.000Z" ,
"modified" : "2016-03-10T06:55:09.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.40.132.132']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a4d-6790-4d68-81c4-4c52950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:09.000Z" ,
"modified" : "2016-03-10T06:55:09.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[domain-name:value = 'informaticauno.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a4d-4428-4553-9913-4dc9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:09.000Z" ,
"modified" : "2016-03-10T06:55:09.000Z" ,
"description" : "TeslaCrypt C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.87.28.241']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a6f-0dd4-44d3-a5ae-4606950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:43.000Z" ,
"modified" : "2016-03-10T06:55:43.000Z" ,
"description" : "Locky" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P Y 2 a k i K J M 5 e S 2 w C A A B 8 A w A g A B w A M 2 V i O T c 5 Z T E 2 Y j R j M G E x O G V m M W Y z M j k z N z A 0 O T M 4 O D B V V A k A A 28 a 4 V Z v G u F W d X g L A A E E I Q A A A A Q h A A A A l H e K Y v a g n r v R + N D J o + l v o J Y r 0 J b R L E J n E G J H i W T g p S P 6 r 2 M p M i B O y D t V z x 5 c r h U P p 35 m F i M S Z E 2 H v h t a O J Q q 5 i o l t Q h J N o s b U B y O u R 0 62 B g h y X l a J C / b X R R d 7 n 3 S V g a d X g h S L j L K q q U 0 O m W D Y p S W a i y v L 2 y Z U 5 n x P R F c 1 L l p 8 p H 3 Z + 88 p K + 3 B B q + 5 a G W o k d X q Z 3 J D M F Y r z 8 v N x l D C i a z z m 8 H d d M n 45 F O 9 n m / X M J L H i T 23e3 L G Q / D K x c A S p q e d u B o V M X Y R t G j e c 0 X t S w 5 F b k p 0 r e a f m F 6 f q I 7 w 67 m p 8 y Z B f + 1 x 1 k r E k 62 S q / 4 n s O 9 r 88 G u W 0 9 A z 3 q f k o m l t n d V O 6 s V 4 d Q a u G F b 9 Y 0 D v 134 U k a B e D D 9 H Q W m + e K M e / + 5 b k l T 8 W r P I R Q N 3 U u t H c 3 I z p S F E S r L w i p 9 q B T f 5 e w 2 j L Z o e / y f I 3 F B F F j L 32 O O T 2 p 5 f I R c b y 4 o 90 C c 5 J P 4 E y O v X z M t E n J l + 72 a 9 I C j w D e h J H 4 l 3 M k V w e x X L 980 m K g i C 1 R b s d Z R c + i G B d B Y k Z 3 G L s T j U / y h i Q W W O D o S 2 w E C 4 b M 9 V I G A 7 R 5 k s 0 P N c 9 R o M K M q X e W b 8 k o S k g F V E 9 X u s m o i b o K l Z g Q q M t n l H e c i u J V / E / e k A n U z m d 8 W O y Q c J G E Q 16 B 5 H Y + O e o B f 7 W G D v O Y y D V / 5E2 U g T h w L C / G f j H m I q + B K F V + u 63 F F O 9 o b u x P 46 h 0 E I N 3 c v w K f C F a 4 Z n + w + 1 j z Z 3 m A q 4 G l d D H D b s V O E d 0 W N w T 7 + 4 x L h m U f M 9 s R i 0 M Q c h v U / a 1 b z g r w 3 s U p A + L h Y + w B 0 G b s + Y n I q h 4 K S 49 n p t s n j n q 1 E E 4 a S J e A R i L w L V G i w / D w b 2 r V q w m h u w 6 X 6 S a f D 3 U N y W 0 i a W P B k Y o R Q 3 C 30 M 8 x J e F B t j Q L K y J X 5 M r h e x G J e B 0 f 0 2 V m U 4 k j z S 6 o + N M C V r i o o v T I n L L r c t T 1 T F v P Q / r 1 H v V v d P M Y r z + u K P P Z j b o z / w Z z A Y H c t l I x + c x G r H 9 P g n y U T s g 2 r R G 5 A L + e R Z k V 1 o g W + v 1 Q X z Y P / w d M 28 V B V p 4 r p u I L v H o K j P W r p P w D e R b c x V U o 4 g D C f F 4 j G 7 n + D s R 20 S B o f 5 F a c 89 S m G T U M o S S 0 K A I 2 A t r 3 Y S p 2 U M w 0 M E I Y k F / b o 3 d a T C e D 6 T P P H u o X B 0 j F M 63 J e n A I e 4 s g k C d 0 j s M A S t q k n n 6 L q A Q 9 H 4 i x z E y K t c y e 9 Z E W 7 Q c G 8 M f 4 T k m D A E B Y C F Z n 7 w l V P t E K z q k 4 a 1 q 6 B T O r k L 6 h + 3 r F q O D a K c 3 a n n G 3 N e 4 r h B w t i k l 5 S 0 N 7 q L u d M u d D b L y X v q C C 79 R + P t l 8 d k X F 6 R z i I Y O M 7 f P J f E H 0 b r A X 6 N K T o D f + R X 1 y K i w A r G I X L d Q t 3 l t 9 v x / L 6 U m 7 / Q t a C i C f i 8 K M 3 A E J 7 G l A U o B q k c e O b B m n e i Q u Q D G v O a E U V d s C l T 0 W + I 93 j H a I X h W T n y h l B s k P E D x B R L a R + t o u 8 d 18 I S E j O n b r K K 9 d d a C D o f j U Q o 0 J 2 W R T 42 k G c g e 8 t D P n 7 q d u z g P R M 9 k x 5 E + d r U K B 8 p 1 h d x V j 82 q z t R p 0 N W / m p G R t n 6 L M H X E 5 G 2 U O b C h 1 / q V 2 M G P C w k S r + K t f p N i N E d L Z 7 l 2 d u x M t n l 5 q E T c n c 5 b 0 O j 7 e O H o q Q 1 C C v N + u p H f N 48 M 6 m V + h Q 2 a N v u A j 8 J x Y d 9 H y + Z M o L X f h 78 v + O U i b h f A G K d u A 9 t K H 6 v K B 3 A V X z 2 N A e a h t A d W e G T N P g 1 / Z t I F G 47 v C n 3 Y 4 t e o C y 4 N q + I t J D r m V o X H G I U X b L Z J 1 P r R H K I 1 z 49 r Z s 5 B R c S N / L v Y 4 x 4 a H 2 + l V e C 2 o 2 L F o / r s Q e H A O C O J c n g U N 0 C 75 T l S k U 0 v m U s E 79 R g R N s 3 S B f o 1 B w k b v V F k D k V F s Y k t c g M 4 S A G d X V e U o J H X L 3 t g D F a U k O n e b L z s h Z W O c X r B 0 K N S 7 t o 8 k K J R c b //0awBesLFG2wH39/da0l4gNt+nkN6eNVNX4FwA1nh6EKfIuAkKP3KjXxW+MMAeGNI4s2bG90vp3JqFqPBN7p3OGa16JjoaDpM/f0onLJsUNE0wmTMmAbQnTq6EiqSwc1wifbLkcWDrGHJ2ZLc6Z0znrjO+JjWP7aIhHk/P780iAURUhRwIJ5WYL7yCJ4yJ+2pzHNk0faCrHWOm734OE4BfP8Z4Z+3uCye4dN/V6NqMHXWNQDolwwlEjMD57ry2VTc4KQQpMgHwtdIV2ixBFmDHTfmn5KPiyzb0krXSCTUc4jfJO+X7m5978RsbvB7jYghtHSJDt8EQTsztyHhz+CXPKPTDWXjc6hhEcO80UfyQhPLOb14q6s/w0CoeP7dMBBPVIoF0bCxuGkxQaztRzX94kSO8nIHEKDWGJrXmdwfEqr6BT6Di3hpTuk5B0oCWLFHZGdUnFUBMGyhIZ1UV70OiNbFPDL75WbHaXchq/kmaWlxozMXUHkb+EMV+Btetwtd5WjZzwzYMT4W6re8HqkcgooAqspKiDmKFvAQME/4yrujfxJMEBbBL4A7rWGpMAYyg9qkWJIcmnVaNwaBWap+UqrNbztGmHmHZ7A9U3oMlXA5ZXL5FZHQVWpHcyatVm55UcS7rh4Qzj+TCoBWqdTz2jVEYjc7Tzsieyf7uHsfdZmCbjQGJUoU27ZCTpPArW0HYYhuWxLWHOO1VwStbJL45PMMrvYTA3byu4kp3avXeOthL0XOsx8VSAy10Z1pivCCQTtMVXDte9VnVQx3VZUph5pvvHsErdX6TEfDcUkKxwYmr/1IIxJ8+Z/fAKueceRluSlUEIsgvcL+MArRliqsN27lROmK5IXVgOQsP+SqCbx01vGW2dHzPKdJo7x1Ypt6E8dSuSJc7+9MWPWxKpUlDHcYm/5dQl9yyFvWtPqZysQVsnlXSrPB0lL5YDH4E6ORWhLWtnMgXaGrznDk5t+JrOW1Xvq0z8pbkgfGWSJrqxRl9E1dZXV6ezppq8vyVEJPNygrgu2NMtww4rgh4PX2txgRefkUgZCFQcoNf5lt9NBjIZIA7RQWBpWYGZKBqNGgf0fa3nVy+XbZnMVkS5y3ll47sOnlUTbZBCO5b9/V5rN1WnDBW5YoqU5C1Bm0JRa/QXXhOMJbKnsXLxgM+XSCucg//l8uh4EIoG+/w15irz5AZLezT39RVCUPvcbaKB2iixyuIuc2FRDcO5VTvYwHDaO6ks8vBDhsERe3Mkk+I0Y0XF2uqus5TqlbaQuaHTfecr7CvfBtodwCbVglAiVqylBfbAz/TqWdPUSN0lnC9ryGA/MQuTd8/OiyZe4ls6WrnZYrRZCklA8CGqfU+Pd+2KLjjU3KoCwGAQgqNOrzYCqdE6NVrLJCPrynMmxSX2DAzquJisg4Vth/vJooLhzNZ5wUTC7B/C3CckbeecSQlyWUtkE81ChbN7oF2JSC7dkituAoOO9oaOiqUc9TCnxYN/3/biY1E5FS4cmJPExN/eI7YaW57G7SBYaK2SuMDXXqrdc5c18YGBKt3aRqlZ2Mr+9P+CUVplm0R2pgVtgwygfuPCiDMANTbaomxjg5PFx8m9DM3UkX38EjR/1Lr1CspHwIjELM20gys1+20TsLdYGEnVoE1I+oRB8e85xYfx5QtNSC+ZiJ8xfItLW6RBZ3Y5fPzkLx+6hyEQ5SZKt2y/omDlnmgPmGv8sa7eqkR0ReF/R0yLaPdHR8lz7fGQuu/xFg4r4H7YpCB2JYJ/c1P4eKdw1TY+CtKGlC2Xj0wtnyiSIjtdXNWXKfXcuLtir70Xh3GbPCiMnC3wS8wOOjlJ/ev/X9dVjkHinf2XMus2Li8nIToaZeQJYMjCmB/OuCxumxwedXopOOOvgFXQ1qdhiDt72ZaDbdVsx0NKQBl6ApGp0LCTkxHmgAIb5opG/j14ZprtCeD4GhQsEBIfCdpsAeYYGeOU4VyeFq36OPjCh+JsyvEcFH38S1VNE805wSZQN4MaBMqdEzcpmtNTPj0qAZXZQXuLLUkxuwgrN5Nf0zQNfRgJzZQNLcoocl5szzH9fi
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a6f-3a5c-47a3-82ce-4305950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:43.000Z" ,
"modified" : "2016-03-10T06:55:43.000Z" ,
"description" : "Locky" ,
"pattern" : "[file:name = '69.exe' AND file:hashes.SHA1 = '4716856ccfaf9d6da5c5ef7fd92c815750660108']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a70-ce24-46e7-a898-41cf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:44.000Z" ,
"modified" : "2016-03-10T06:55:44.000Z" ,
"description" : "Locky" ,
"pattern" : "[file:name = '69.exe' AND file:hashes.SHA256 = 'b38d6261a2031977d74e18dd8347328fed9fa352757ef3a77717049b84353556']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a71-7fec-487e-945e-414c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:45.000Z" ,
"modified" : "2016-03-10T06:55:45.000Z" ,
"description" : "Locky" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P c 2 a k h V T Z C f c W c C A P 9 n A g A g A B w A Z G M 0 M m U x N z Q 2 M T B i M G U w M z M 0 Y W M 4 O T c 2 M T c y N W F k N j h V V A k A A 3 E a 4 V Z x G u F W d X g L A A E E I Q A A A A Q h A A A A Y E R t K b 80 o x U E G U 96 o H m O I D N c h q b y p + W q y A L D Q g v c s 8 f c 59 f b K v f P X M A q h u s e K b g W p Z t 67 d C 7 L J 0 y f 9 j u e N n V F v L f q s R E c f 46 R H h z l W 6 u E r K V B I y c R U e j E n 4 U P m j O 8 S r h D b j n E d P l K 8 P K L a X q t j X G 1 S 6 R L i D P P R K O s A D T 5 v f U h T j / A 8 r c M X 824 b h S E X 71 O N R t q s G S N w n 9 x 2 z 45 m D T w 238 i B I u Y f Q r Z H y m V 6 v 7 q Q j g 9 U S E S 34 C p k A w v + D r 6 p G i P M p Y Q h d E v i 1 m z 8 I g v p 4 V l t p 1 w i X 8 n S p h Q k B V r B 4 O Z e F d P x + U A + i A 0 / w 72 f a 8 M S 4 O J R N m a z c A N E f a 4 R L m + G K n w G H p 5 G q X D S Y m T I t / u Y 6 B X c g z w f P I x 7 V R h x H s D b B i A e C 9 B N U g h 7 s s B 7 z v m Z d I e y Y 1 W L m P n a Y D n 85 r W p S r p u j k l O l B h j t 5 k e / I n + N 8 I p j K c 7 L Q D B Y C I X Y G f 1 F k B g b s h M H y u 3 S i u 5 j T f p E e D U u 8 J n i m R 0 p a b G L J r h j D 3 p P k N R O + L Y K t 9 u H O I d U 4 C n z j s C p M K p P q D r K N E 9 S F l / n L o D q y l x 6 G D + 1 P P F K f I B j w K I b J e F F E 9 Q S 8 l 2 S a k Y B Q + M X b 4 y 9 D d k T 9 x a D g t g 0 Y J E A C 4 V p S g H d 7 M W a U G O n x b 2E6 Q G 3 R //K6fI5tZdxpD+3e8WTvkKyyP/Et3nIzDdLuY5Tf2PWaOxJpxE3uQLA7ldxq/vRm2lTeGQnOzXxrQ9Kr58KrjCYziDe1Y/HWJvHG3uPPhpc7FlRqDrlTXHkVefrBYBtLpGAIc1/KDnj3/PpACi36RrpsRhPPQfnWxSx6v33Zx1LOwLnmabfl88j+H+d5yo/Biflc185gLpKLObpU8F8JyFN/Q9VILR77cyQJKhlFhiKhh8JR3qsv0SP6P8wiV2Qc4EQnFXXg972FjA44dTZAwkrO689J3EK1ybK8CcRo+gM8Zr23SvSOTsi3fviQFlhv+crpeoAHwGuXb7ExRp4KEZ5G0+Sdvd79SHS63J1WBUUQtefMCWlIpJXdOUelhe6bYNYNrn1Kwkw9KN1sZbVGQGMirmk/syi9Plv7bPJFj0XNfcOsxRSqcic9ygXK76nXNSwCRVOTz58z/dJIZrfVM7EzuOn4Is1b1K1jvjA9CRXfsc8FRx2y33uPhURWXRHCpktSJ92ArnqqUvw9GpPR5oeHUv5EidkDhQ56pr357nEDTyYp4YA1Ijf9Uno1FbSoapCbEf6Jfr52vDDG205Bt06u5Lr0jmrjkmZxqogB1ia8MvbX0GfFebtHFD3tHQvbZyDre+aGOgXEfh8a8j+yTTxbsLewz3LFE2AHeDbc7oT9lGWfNVKZSGYVwdkIlmO6PaIP7/JGuRvuMq6wtsYQcmhB7rQRNK2YNyqRl0bF5qnOGgDlawcNrp/qmSARefaMhsvamDG+XhLWG776warY1zm9Itl9Cr3HQeXDjhGTJPJ3eSego6bKExwVSdds1Xtu3gKjjamkNjHA0Lw8pBxTBdoSOY/irESezDTt1BohRVZvkcb60dkaUTsvLZEgcgP9o/Z7roXOOmOgEW+/U6T1jMX6HmsiNwOQYTRYyYTcrHNgVECs0ZSdpjxfltWZ/QogDzHtDlwCzUbeWh1qmIigZLAf32C0eTYUwWwHVjJD2D+fsbPZPMP3AcLeP6+FPndkZbY7dWQ58kaOq+/xrsKmHSvgxOxlfmUzoZRns+YOf//g5UakMvezTHJh17dzgj2fCgHirrcv/ntkICBTd0rPu4WhLJextGCWcG+7T2a/o6EK3Dp+VlVjDxOaUxOKW/4DI27SMs38CEI4TyFDFQVnz1Yx/YOETwt0V//6iVVZY+zwb8nMBDtDab+jzEc7Xzb1LaAI0i7+tRfVsgmimdzuBUTlwFdQ0lE4UDYrO5XRxZrj7K+4XjYFFx0OQNGjLvfpcR4/6MicTgykBUFgaFI3wLOLnaF7zP0xOHJukpoXpM1i0HpMXtWvBHVwvAa2BIdXi2ZH804rTEbTIbl/Woapxh1f/JOuzOXSxg/KiWZmmP9YZBqxLRLy1PxBMIYmhHOS/Zk57u9N34bVcZi92OkyPkmixVJx4huBtobWQnWl/LE9wU8IXK7XBshEA1F9vOFAyYqNGMLAztc1z9d7e9HUnXt8OMqkbR4BR0vNg+n+ARnIImQvHL84+ONwsMriatovUmRFHOZI+VKPxXWN9JRQV5Ji7WNnRcG4Xbw6qv9Q5btBmervPQGgTjQNAqGKWLjeNNC4NHzWaPOSwCVwTx1t5GOWs0HL+23x1ksufVe0zbc6pIX9NhPimzdFIF2KXFASAag9bZJsQ196ifieU85XWoxUDQQsR9t3HocB9uoOhr7n3ZJckGL4fS23xncJfMXoKp5xSGPz85RL+mFZ9+6Y+CocQQ8gDMKmywlDFPxl60XWeD9CYMouRHiWSnQT1lpPi+AeHk2o+95b+l+mGTjX1YsDjw8kIKxtE0tBP5VIDWGvXjmQK5fAI9ceYd4AC4YfIIDOyLbcb+1pOOsqgA9Ibuox5PFECOc1OOB09QE1mwlMkRbvgFEjh1Ae/wSqZo1iD1MmdeRWKJWP67oRBJ4Ze4ydoxeLQjXxYy+T3zUTAP6xLXM2BZRTINA/bgh7Hy0gvMo92p9oW9RvfShIWgcBqXlpnZUY9OwrnMLjB9AlQoToPTCu+RlQn261fEHfJTh1XqvwveQmpU4+FLhE4oKw1i5PKLmEJOMHuwdCRMSv6+73fnajuRpwWJptUCvY1dS4awCPTFquqNe8bUTV33006MU4CUve769lrvhCDM1F2U8JFrhGHmYfUjTro5HxMoQNJzv7+fa2/V4BIWN0Ok1CFJntHXn1T5l0ZiR8ljPSWmjovf8MX/Hd78WfkQTLYLWokg+kEU7Vn/CUgYtFNN9xUr0Gr9SoBIh5m4aKUsyUw2CUv7M6hjW7Za5kFRP4NDKX8vBVPzgNGDKjdzXHaNiU34k0vDURP8ATA3WFsQnDw5iX6sp8j207dDmOPk2runBPaUsZ+Pj6gw0bOLw+0freKEM1z1u/Juut+Xa9MPt1T9Q6x1PyyssGRL+tHdhW1OG5aDnQddpaF81/iQGWzrPT3y1pfzwsaIaZH5EmNUwNFHYb+HUcxmB114DPJhSyIyTn0Zek8FOch5AC62dVCVfstWxfBOEL7DmQP3ULHGFDXFz/mbp4kU61JEVXNREaq+Q8/r1PzWH9diK7RqNNjZ9FKbYu4zQ4VL+AjuQDgspAJHWyK+rSitFjSsE27Fz2rhLZpBKw3W/PA1GzfJdgxGqkXRjJPxDLODxX+5v6fj1Jma5WFgbvsoV16R60XjjhCPeK7T5+KSVVLhXsXd1fqv7T/xxbSf6WaN99sjIlSSjW2P3zkOs8v+9L7WdfF31kkVIcDQGs0gA42UfXk+9wuBvk/fZYSxgrJk6hQO3dKmZnuRY3g+mG4N26ZHRexHkEsz3UNT46wQnit02AKzxJNPkJbK9y5b7FP8djk29C/3Ra0LKi+WQcLGvGaEu3NLZZGCTyrqrr8aHfx64bZIei5HkOJ9JXRI+fT1XWfjtmviRenJdoFK9Hd5CoPtG9SmUI4u6OAMy8mUrVd45/1nuR4GAbpvI30ggWSBxMN0BBqmdQXqt4eeCQS6O9+6Rmhm0XgEa/v526wszClbycQDHcsYgHLyG5+WcK8crtXV760KQ0OskCwTgcrZm7iOIDb4HZcI/ZvGf184NhaxxYkpzJb+FwaLIHgFmyjT6dTyN7DHeNn8fY9EFl50aR7DrKfIS3DRHdk9KbyrKsUPLWEdxgDUbAzPKxbdu5bJ0fCS6BUnQbdBIwPsOHtDLNj/UW/QEXDEg/rntSsWR2BT5pB5KFbEbKb0FDY4/VyVgjNQTEXclqM16wLTj4mkln5EyRLNKtzI1t3Yj8oZuTHfi0Ovpt0+4VW8Mp/C
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a72-b760-4f12-88ac-4a53950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:46.000Z" ,
"modified" : "2016-03-10T06:55:46.000Z" ,
"description" : "Locky" ,
"pattern" : "[file:name = '69.exe.gz' AND file:hashes.SHA1 = '310df2a0e574db6511b35a165d71c4d78c050c02']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11a72-8464-4817-b455-401e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T06:55:46.000Z" ,
"modified" : "2016-03-10T06:55:46.000Z" ,
"description" : "Locky" ,
"pattern" : "[file:name = '69.exe.gz' AND file:hashes.SHA256 = '9b09a502597a71b493d88663f45cf66f73760e005ebde1138b6f0c80ae7aa070']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T06:55:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e11eb8-47c8-440d-9578-40ce02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T07:14:00.000Z" ,
"modified" : "2016-03-10T07:14:00.000Z" ,
"first_observed" : "2016-03-10T07:14:00Z" ,
"last_observed" : "2016-03-10T07:14:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e11eb8-47c8-440d-9578-40ce02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e11eb8-47c8-440d-9578-40ce02de0b81" ,
"value" : "https://www.virustotal.com/file/b38d6261a2031977d74e18dd8347328fed9fa352757ef3a77717049b84353556/analysis/1457563464/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e11eb9-99c0-4a86-8381-4c8802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T07:14:01.000Z" ,
"modified" : "2016-03-10T07:14:01.000Z" ,
"first_observed" : "2016-03-10T07:14:01Z" ,
"last_observed" : "2016-03-10T07:14:01Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e11eb9-99c0-4a86-8381-4c8802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e11eb9-99c0-4a86-8381-4c8802de0b81" ,
"value" : "https://www.virustotal.com/file/94212563ebd10f4fbd52f203dd45c939e9ef097b96d0a7ec8d9952e8369b7e75/analysis/1457583610/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e11eb9-8f0c-49f2-b65a-40d002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T07:14:01.000Z" ,
"modified" : "2016-03-10T07:14:01.000Z" ,
"first_observed" : "2016-03-10T07:14:01Z" ,
"last_observed" : "2016-03-10T07:14:01Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e11eb9-8f0c-49f2-b65a-40d002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e11eb9-8f0c-49f2-b65a-40d002de0b81" ,
"value" : "https://www.virustotal.com/file/a1241150c5b9e095d0cd37a51a4eeb511b2087e036ea02d75f045659f0f8286b/analysis/1457550696/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e11eb9-af70-44ed-9572-431f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T07:14:01.000Z" ,
"modified" : "2016-03-10T07:14:01.000Z" ,
"first_observed" : "2016-03-10T07:14:01Z" ,
"last_observed" : "2016-03-10T07:14:01Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e11eb9-af70-44ed-9572-431f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e11eb9-af70-44ed-9572-431f02de0b81" ,
"value" : "https://www.virustotal.com/file/d536fb9620493a6fee54863306b744cbaf2bb7c3301d2042406b3a6383b23a57/analysis/1457590458/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e11eb9-7018-4708-a936-409002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T07:14:01.000Z" ,
"modified" : "2016-03-10T07:14:01.000Z" ,
"first_observed" : "2016-03-10T07:14:01Z" ,
"last_observed" : "2016-03-10T07:14:01Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e11eb9-7018-4708-a936-409002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e11eb9-7018-4708-a936-409002de0b81" ,
"value" : "https://www.virustotal.com/file/00b1fa0bf426c6abe13e8334b1d92e9deb284c4aa19117b4dd988ef61c924ce7/analysis/1457583013/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e11eba-d16c-4cda-b5e6-465502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T07:14:02.000Z" ,
"modified" : "2016-03-10T07:14:02.000Z" ,
"first_observed" : "2016-03-10T07:14:02Z" ,
"last_observed" : "2016-03-10T07:14:02Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e11eba-d16c-4cda-b5e6-465502de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e11eba-d16c-4cda-b5e6-465502de0b81" ,
"value" : "https://www.virustotal.com/file/90e4468b681b4dfcac724aa46904e8fdadbf8cd238b88d9e2769c1f2024d078d/analysis/1457582706/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e11eba-260c-43c2-874d-4aa802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T07:14:02.000Z" ,
"modified" : "2016-03-10T07:14:02.000Z" ,
"first_observed" : "2016-03-10T07:14:02Z" ,
"last_observed" : "2016-03-10T07:14:02Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e11eba-260c-43c2-874d-4aa802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e11eba-260c-43c2-874d-4aa802de0b81" ,
"value" : "https://www.virustotal.com/file/1af82c782877d943a137a3d7de610cb2cfc8871879de4912d6b5cc3c6cb0acea/analysis/1457576714/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e11eba-bf28-458b-8580-4f6a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T07:14:02.000Z" ,
"modified" : "2016-03-10T07:14:02.000Z" ,
"first_observed" : "2016-03-10T07:14:02Z" ,
"last_observed" : "2016-03-10T07:14:02Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e11eba-bf28-458b-8580-4f6a02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e11eba-bf28-458b-8580-4f6a02de0b81" ,
"value" : "https://www.virustotal.com/file/cc34e2ed0fc564dbabadddaa5c7f953f7187a6d5a8aaa8ae92edd9d11baf3de1/analysis/1457588612/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11c5e-76bc-41ba-8290-48ff950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T07:03:58.000Z" ,
"modified" : "2016-03-10T07:03:58.000Z" ,
"description" : "Automatically added (via 98yhb764d.exe|3ab801425b1bf8eae78c0b4fe0751d92aef8014e)" ,
"pattern" : "[file:name = '98yhb764d.exe' AND file:hashes.MD5 = 'e7bd868fcbf16e13756f547f016a62fc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T07:03:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11c61-5c48-448c-88ef-436b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T07:04:01.000Z" ,
"modified" : "2016-03-10T07:04:01.000Z" ,
"description" : "Automatically added (via 765uy453gt5|bd2846e87e4012ea72a508300de8ec3c68778fea)" ,
"pattern" : "[file:name = '765uy453gt5' AND file:hashes.MD5 = '6d42c5aa20117483b47b6e9c10444626']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T07:04:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e11c64-fc48-44b3-9302-4f7e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T07:04:04.000Z" ,
"modified" : "2016-03-10T07:04:04.000Z" ,
"description" : "Automatically added (via 69.exe|4716856ccfaf9d6da5c5ef7fd92c815750660108)" ,
"pattern" : "[file:name = '69.exe' AND file:hashes.MD5 = '3eb979e16b4c0a18ef1f329370493880']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T07:04:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
