2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5705186a-a7f0-4309-89be-5094950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:50:03.000Z" ,
"modified" : "2016-04-06T14:50:03.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5705186a-a7f0-4309-89be-5094950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:50:03.000Z" ,
"modified" : "2016-04-06T14:50:03.000Z" ,
"name" : "Dridex (2016-04-06) - botnet 122" ,
"published" : "2016-04-06T14:51:56Z" ,
"object_refs" : [
"indicator--570518bf-a8ac-42a0-ad4d-711d950d210f" ,
"indicator--570518c0-de54-450f-9795-711d950d210f" ,
"indicator--570518c0-afb4-424d-9690-711d950d210f" ,
"indicator--570518c0-a970-40de-aed5-711d950d210f" ,
"indicator--570518c1-0858-4c5a-a7fe-711d950d210f" ,
"indicator--570518c1-786c-401e-bb67-711d950d210f" ,
"indicator--570518c1-0528-40df-9ee2-711d950d210f" ,
"indicator--570518c2-f1c8-4135-82db-711d950d210f" ,
"indicator--570518c2-a904-4909-b873-711d950d210f" ,
"indicator--570518c2-b6ac-4909-a093-711d950d210f" ,
"indicator--570518c3-e3fc-4d77-bec7-711d950d210f" ,
"indicator--570518c3-f50c-44e5-9a04-711d950d210f" ,
"indicator--570518c3-292c-4425-88ff-711d950d210f" ,
"indicator--570518c3-e0f0-4082-8e0c-711d950d210f" ,
"indicator--570518c4-a97c-4dd9-a8cd-711d950d210f" ,
"indicator--570518c4-ba4c-4360-a8c3-711d950d210f" ,
"indicator--570518c4-388c-4557-9b67-711d950d210f" ,
"indicator--570518c5-b7e8-4e2e-a801-711d950d210f" ,
"indicator--570518c5-68fc-4362-8c6b-711d950d210f" ,
"indicator--570518c5-7dc8-4b8e-a873-711d950d210f" ,
"indicator--570518c6-4740-4e29-8443-711d950d210f" ,
"indicator--570518c6-e934-4fb5-8a8c-711d950d210f" ,
"indicator--570518c6-dc68-4fcb-8a49-711d950d210f" ,
"indicator--570518c7-deb0-44e3-aa73-711d950d210f" ,
"indicator--570518c7-c3c0-4b60-9c02-711d950d210f" ,
"indicator--5705190d-4650-43e4-b757-506a950d210f" ,
"indicator--5705190d-533c-4911-8f86-506a950d210f" ,
"indicator--5705190e-57f0-4e76-b06a-506a950d210f" ,
"indicator--5705190e-a394-43ac-a0f5-506a950d210f" ,
"indicator--5705190f-a5bc-40ab-8936-506a950d210f" ,
"indicator--57051910-c938-4ec5-ba8b-506a950d210f" ,
"observed-data--5705221c-a7a8-4187-aed5-ec2a02de0b81" ,
"url--5705221c-a7a8-4187-aed5-ec2a02de0b81" ,
"observed-data--5705221c-fea0-4be0-b674-ec2a02de0b81" ,
"url--5705221c-fea0-4be0-b674-ec2a02de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"circl:incident-classification=\"malware\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518bf-a8ac-42a0-ad4d-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:07.000Z" ,
"modified" : "2016-04-06T14:10:07.000Z" ,
"description" : "Download location" ,
"pattern" : "[url:value = 'http://shop.bleutree.biz/tablets/galaxytab3.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c0-de54-450f-9795-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:08.000Z" ,
"modified" : "2016-04-06T14:10:08.000Z" ,
"description" : "Download location" ,
"pattern" : "[domain-name:value = 'shop.bleutree.biz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c0-afb4-424d-9690-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:08.000Z" ,
"modified" : "2016-04-06T14:10:08.000Z" ,
"description" : "Download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.148.99.90']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c0-a970-40de-aed5-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:08.000Z" ,
"modified" : "2016-04-06T14:10:08.000Z" ,
"description" : "On port 4043" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.245.92.63']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c1-0858-4c5a-a7fe-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:09.000Z" ,
"modified" : "2016-04-06T14:10:09.000Z" ,
"description" : "On port 448" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.70.242.41']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c1-786c-401e-bb67-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:09.000Z" ,
"modified" : "2016-04-06T14:10:09.000Z" ,
"description" : "On port 2443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.33.167.120']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c1-0528-40df-9ee2-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:09.000Z" ,
"modified" : "2016-04-06T14:10:09.000Z" ,
"description" : "On port 1943" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.169.147.88']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c2-f1c8-4135-82db-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:10.000Z" ,
"modified" : "2016-04-06T14:10:10.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '2.96.248.216']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c2-a904-4909-b873-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:10.000Z" ,
"modified" : "2016-04-06T14:10:10.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.8.45.38']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c2-b6ac-4909-a093-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:10.000Z" ,
"modified" : "2016-04-06T14:10:10.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.166.241.182']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c3-e3fc-4d77-bec7-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:11.000Z" ,
"modified" : "2016-04-06T14:10:11.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.174.126.37']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c3-f50c-44e5-9a04-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:11.000Z" ,
"modified" : "2016-04-06T14:10:11.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.0.175.169']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c3-292c-4425-88ff-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:11.000Z" ,
"modified" : "2016-04-06T14:10:11.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.194.159.78']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c3-e0f0-4082-8e0c-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:11.000Z" ,
"modified" : "2016-04-06T14:10:11.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '155.133.82.61']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c4-a97c-4dd9-a8cd-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:12.000Z" ,
"modified" : "2016-04-06T14:10:12.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.96.139.253']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c4-ba4c-4360-a8c3-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:12.000Z" ,
"modified" : "2016-04-06T14:10:12.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.249.199.217']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c4-388c-4557-9b67-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:12.000Z" ,
"modified" : "2016-04-06T14:10:12.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.255.121.202']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c5-b7e8-4e2e-a801-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:13.000Z" ,
"modified" : "2016-04-06T14:10:13.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.246.2.106']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c5-68fc-4362-8c6b-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:13.000Z" ,
"modified" : "2016-04-06T14:10:13.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.190.2.168']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c5-7dc8-4b8e-a873-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:13.000Z" ,
"modified" : "2016-04-06T14:10:13.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '179.51.25.160']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c6-4740-4e29-8443-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:14.000Z" ,
"modified" : "2016-04-06T14:10:14.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.96.12.201']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c6-e934-4fb5-8a8c-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:14.000Z" ,
"modified" : "2016-04-06T14:10:14.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.117.41.155']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c6-dc68-4fcb-8a49-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:14.000Z" ,
"modified" : "2016-04-06T14:10:14.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.35.198.188']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c7-deb0-44e3-aa73-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:15.000Z" ,
"modified" : "2016-04-06T14:10:15.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '24.204.49.244']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--570518c7-c3c0-4b60-9c02-711d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:10:15.000Z" ,
"modified" : "2016-04-06T14:10:15.000Z" ,
"description" : "On port 8443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '71.9.39.36']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:10:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5705190d-4650-43e4-b757-506a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:11:57.000Z" ,
"modified" : "2016-04-06T14:11:57.000Z" ,
"description" : "PE32" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A G x x h k h Q v S J N l 0 w C A A A w A w A g A B w A N z F i M 2 Q y Z m Z k Y m Y x N j I 0 M z R j Y z Z i M 2 R h Y W I z Z j I 5 Y j l V V A k A A w w Z B V c M G Q V X d X g L A A E E I Q A A A A Q h A A A A K L o 5 C N T e e 8 K F A 3 k B Z 2 L J 7 Y O g L a 5 l q v E e 3 t 4 R A X k Q + L V T n t E r 6 g q 6 p r x S u Y O g 85 E i 3 G G M X L B v b H h 7 b 0 J K l Q 5 l i B w v I i A K 3 l e w x C H Y f G / C v F r z S 90 h K m r q q M 6 Y t X H u q k G Q u S 0 f 68 E l u C I S n 3 n s u j K / J d a + y L J m w f 2 l G y y j s Y n I u Y c + B d 2 M I 7 r O S Q F h / P k T x q m 4 X 8 j E V l E d v r P g / i 0 r I K k k N T 0 L X I O 0 s F j W E 9 Y n D X J e b s b / G A i B J D 60 v g J K Z U q u z j i G x Q B q B x 5 i I q l x i 4 j q X I g t X q F c N i E x j C T o 4 U / 40 N X 9 D B x 7 I v j n t N n q 7 s r 7 k + K y n K S S k P V J b t 6 L u u f v B P 0 t 4 A K V p W m h W E K e K y 3 M 55 r w E o Q w H X 0 R N u B f 0 M 2 R b w l x 48 C Y U A W T F c f 2 t 4 K v 99 N X u Q J f H G L w F c s Y w 2 j V D w X / J 15 G P Y 7 f Q l L N x I L a 3 + 7 e X / Z L j d V S l h d i G f S e V t Z 2E05 a y a A a W l W K I E T J C o s X 2 d 2 n N E E C a 3 D X e e p i v V Y a J B u z U y 5 N 5 I / c E M B B K q z I M l + L Z s 0 V 0 V 3 N J y 0 J 6 T Z J Z r U D l 0 c 408 M v m 16 T p 16 a N 4 w 7 F O X w W 3 K 0 K O S n 7 o c 0 o s V j G 4 w 78 e t m d p / J 5 y 4 Q z 3 e B Y E + g r h p O h z h c y U 3 V v b t P Q b P O I l u 1 L 8 Q n m s 2 L 2 s m c p M v Z Z c r M 5 l 54 c r r 2 H b N p d d 9 y y u u A n d / i o a R w d J f r O J j n s 5 X D z c e 1 M f t o w D G y G h t 1 h b y 2 X L g L G l D Z Q C X + a T T a 90 g w Y z y r a a A b c 4 A Z 9 m q A p 2 L v E f l 3 R q b 91 Q 72 z + r h s E A 2 a x 7 F / 0 Q q j 5 W v C S B M h N Y I l D n p g l Q N E A b L 93 H n d + y x z C 5 V + D j E A K l 1 j R M e N Z 8 W g l 0 r I R B f 7 G P r m M 79 I c D d / C M J j F I r a V r q S Q e P M N e b Y A o L f Z z 3 X J H e z g b Y Y w 5 L t Y 3 F Q 9 c V / j h i Z 9 V Y e P V L I m d Z l b n i A C Q w V N Z G c c g h f D Q 24 l U K T Q Z Y P Y 6 z j r 3 n q L H A H z I W k o R P t 2 y A y K X y J q L c k 5 a u x i O V w 983 Z D d 0 d l U H 7 e E l Q X R 6 e F l s Z v l j f q r D U h / c T 3 J N l X s 7 B l L H P w 0 l 6 P 6 b S G 6 G l F I Y W Q t n b X / c 4 o f b 5 Y k n w B h D f i X U E m 60 D N t M t w J m j C / H C 9 f 7 j 0 P N k Z h 8 j S 4 m v n I L v a k c h V F X I r E n c H r Z r j K S 8 o O 9 N n I X S F D 7 y + e R Y D j 2 j + c 95 j p s W J z B h 3 g q N 78 g N t 12 V X d s 0 R X X 8 y m q b V 0 Y i O J 1 c m P A U x B 8 H s / t o W R T q + t j i + h W V h 6 I 8 F + 41 M m r i o U g r J q z e e m Y + v E w D 40 W 30 i f i W Q a f j f H / J Q 0 Q w 6 L X 4 L V C G X D C E k I F t r j B 40 s i k s W M 0 f S A X l v N t C J E Z J + n o l o E N + J r D u K 9 s p v w r s J Q o c E v r 5 F M E 1 K F W t 8 Z o t 49 e O P A 8 Q I i J X H v S w d u 8 T m k q 1 e w U z M i 7 F 4 O f d i 6 n y C C p E S L O k 5 X O c E Z 7 A Q F U 8 r B f L O k V D K 82 b y B J t K X t B S M v 6 o t X Q N a P 3 y Q H J i 1 F L X 2 + G v H + Y V T 9 z C d I t K 2 f s Q u 9 G D E / K + Q A u K n D f G P + / a 6 F X G o t 2 Z M k s w 69 K R B u 8 + S f l k g Q c x y u P U / U 0 4 P / N g i x 5 P a q O + E 5 k 6 K g 4 N B v b A h P K I n U E U V 3 H T u Z x b N E 5 P Y b 8 m W o H 0 4 h W 4 m H t J K o F l Y C n 7007 E U s c r l g I w Y y a 2 N u r D v i 4 U n p L A x h a a 3 b j T K b O 2 k y a F q i f k D 2 S r x i d H J p j b m r f Z s 8 s + V + 3 P 6 + R X F A T v N 9 t g C 5 J Q M 9 x x U f w h U w s R y g U 24 g A 6 / i a k n w k c x k Q F q r M 4 x z W c 5 X m q B E i o 9 R e u V 0 A 3 s Q z s 3 M 0 2 + Z z T n l g 86 i I w S K L h 4 g O K K h p 8 o 3 n z z A Y s V B y o 7 Q a S c P I B A k c S M o c c / a Q b h i Q D 8 j P 2 v y L q f o H E y r H J h K Q v J i C J 4 y Q O N 2 a W x s 82 N E F q H + z 0 T W o C o p m X y x I o q / y 2 P b O N 4 e U R k f r s K r J I J 13 D n 1 g C a x a X 8 Y O 5 G P l h A 4 v 2 s 775 L Y K L B O 1 D 3 p K M p u u y E W H x 11 Q 6 m U 5 N p O 1 f t Y j d 6 W 0 8 c b P j o A b Q l u z p d a v r H 6 O a V x q 9 G B M z 4 m j S q C 0 A N 0 K H K V f e d D r s o Y u 9 B q 5 S p m x y T 6 h 4 M h 3e3 T g D R G 8 Q w 7 k L x + V Y g + 3 B b 3 B i O s 4 K b h k z / t O H k Y F 3 c 6 v p K k x m L S h E d d 0 F h 3 H G Q 9 l 58 W W b E x O t c 7 Y n T u S X Q w 4 L B r T g i P P 4 O L + x o 0 G B j q h d O g r 8 H E z S 7 Z F Z X y h o l S p C Y p O j Z 9 g i I 60 / Q b D j V a n 230 x 3 K 5 X M c u u E O Q s / 0 A N R u c x H I L Q C / T m X 4 H j V 1 c t R k D c Q J N y P 0 2 s v 7 X L 78 K L s O E F 4 H d m R F s 4 D L L o z b M S g U J u J M A T O O v Z T 7 t N m n h J v G g b c H 0 / F V t 9 J Y / I 40 H N B Q / p W a p Z t 8 B F u O N Y R R C N P f x Z a b 786 X d X K j G 5 I w x X c W b P C C T / u J C D Q q h B r d v s U F k h f 5 H I B g 650 U P q A J I V 4 j 6 z R b 1 I i M 3 i c G h V G h Q Q y o O I 4 K b R 4 w e S 6 R P 6 U U r Z k 1 a F e d Y 9 W n M X T v U u s Q O 6 H e b s n A Z a S k F 13 q Z 3 c e n m T + T E H O B K y p 85 j Q A 2 K U r V J X N X B / i c S v x 6 a 9 M z z E w 39 e S j 5 R 0 G 3 Y x I / t r q Q R g D + D K w 2 t e p J S v p y M I y Z K o R b x I o o L 2 m 6 e d E q J H 81 p I u q 6 l d w R H G t N v I r a g E / i j 6 G P F E 9 E / i l P I 3 B k R l l 6 k Q N c q 2 D S w I v G d v 9 M 31 q d 5 D w O M 4 M 3 n 9 R 4 J U z M s 8 M p V q b H B 5 T 0 I o U q s Y A d L w N f b m D w 3 i H D O q 3 o v 13 W D P 3 v c + b d m r / U s H p P o F v a m j 5 u b j X m A s g z u f 6 L O m P o G 5 T b P x t 3 O i y 937 v q b R n w J U p u x 9 w e Y H H t U O 8 + F Z n S D R B K j f G S k R k C D N 5 w U J d G V X 3 U g h d d B g M Q D P g n v v s z C B r + Y v y f e D + j L q 7 Y e X Q u U c L r Z k S M 5 L n d G m a 0 P J V v H f + Y d 24 O e u c D M 4 P g V 2 t P l u C B F L P m k a e G 0 U Y + J i t p s v / Y 9 K G A U i y g u Y s O T N R i K + k a 4 w D F U m H E p w 8 R R G E 23 p 8 + Q X Y V o z V 0 X g Y b 7 / m R 3 k G G x n 6 G u w K 5 C f V I O 0 3 Y f 2 f t d 5 Y V 9 M A Y z t p / A G z b T c Y B B T q l s j c + K X S 1 z h j I n 6 k a W u O O 7 v E z E d q x X r I f z C j o x X o 2 c h O K 0 m n H V A 1 t R 6 G O 0 2 C z F b V l f R K + B c d a p s U E a H p R T G 0 9 O d F 56 z j + p s e Z s V w D 6 C p q E o N n z 34 W A J k u p Q U 7 A D I b P x T P G 4 M f a p b o Z t D c w E b B S 3 D i v 20 a / Y l J O a j b 6 d z D a 8 i X + p X q c E + m 7 H a C 9 X U e 3 V T B K Y c X J r K 7 O y Y P M i Z A B m H A s Z G m P q b G l 2 Q 6 D p e 4 G 2 A A Q / v N 0 7 h D 37 z 9 z A N t 8 v m K 6 h T f A a i 4 / o i F W Q a 7 f E 1 M 1 + C Z n a f j a K V y a 9 v T l 4 z G o V a N k i L O y J 1 P K 3 X d t x q z X E 9 T Y d P x q W 174 B 996 Y 8 N K K r R i 7 d 16 b 4 h E U E Y O x M d a u y 7 j D 1876 C R I q d M y Z v X t N A / 2 r 5 y G t 3 k X 8 T y F O E + w 8 g u v B A p 9 G a P H u s z Y O m s r L P c q L F W L P r f 7 c B B 7 f t a K 3 e e 5 X o P A d j Z s i i D E g / z 0 p J L Y c i + H h 7 E S Z 2 / l s d 7 i O Q y P r P U 79 o e Q h a I r e S T F Z 2 T i f N t c m f 4 K t m P D R w X 9 I Y B 9 P P Z J 7 R x E S c h O 4 b F n e + P E p s Y i B B L a T 3 u h e h m / F L K T L N B M i Y 6 r W w w G X u C a l 4 z a n Q v Q S t R m f b b D 1 K L 1 s z Y H N o s b J s i o L 5 f a R N L q t c O 5 p j z J N e y z 99 m w 9 I l d 15 X K U X m b 8 t O 6 e Y F s D d M t T 3 j J l z T D V q S q l x s A k x X C 4 P X j b t 5 g V s R N 3 K M M 0 m f m Y v C W 51 i H 6 F l N p e t 8 G S 6 Y A 6 k Z I 85 X D f E v q D r i a N 2 k Y i o v 6 V C 6 f W l H l Y L K 7 c D r 8 p X 4 E o J q j n A s y V b l d H e L d G R j x w T / w b q i f M W 2 g 99 H R c J h s v E Q f n D 9 + o j S G X x 0 Z C 0 G p u N l k 6 f q W m + + b K g R l f l B i 2 z K v h b U M s I r L 2 K v S F C g g V w Z Q w h R 6 A C X G W h R p Y c v p P Y g R p O 7 d M F N z 7 d q r a y V 1 P 7 U s e S M 7 y u s T S u D y Z L 6 X X i P D t h s G C o j / v w r c M O H 3 C u 9 E g V 1 l n t Q 9 H S n R w X O E z + q N S V 8
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:11:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5705190d-533c-4911-8f86-506a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:12:07.000Z" ,
"modified" : "2016-04-06T14:12:07.000Z" ,
"description" : "PE32" ,
"pattern" : "[file:name = 'calc.jpg' AND file:hashes.SHA1 = 'ab8bd52bbc1dfe3099df73fafc8504f4fa5e1430']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:12:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5705190e-57f0-4e76-b06a-506a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:12:02.000Z" ,
"modified" : "2016-04-06T14:12:02.000Z" ,
"description" : "PE32" ,
"pattern" : "[file:name = 'calc.jpg' AND file:hashes.SHA256 = '276de439d900d6fc8a589bad01bf71e4379c3ce0228d57ec0620542b51d2e76d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:12:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5705190e-a394-43ac-a0f5-506a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:11:26.000Z" ,
"modified" : "2016-04-06T14:11:26.000Z" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A G 1 x h k i E r j c R D j o A A A D C A A A g A B w A Z j Q y N z V k N 2 U 5 M T h m Z T V h M D M 4 M W U w N T k 2 O D E 4 M W E 3 Y T Z V V A k A A w 4 Z B V c O G Q V X d X g L A A E E I Q A A A A Q h A A A A B J A R j O C 7 g T 27 N h u w G o m 5 k P 3 o / W Q M 1 k Y Y 4 r 8 E o c 4 X J z t y 2 J R X m o y D P b s / V 3 M q F Z o Z Z L 8 t r Z v v 9 f M t G 7 S L r 4 + r f n j 7 R m l u s K g o P l D w r 7 q E l P L d W T u / l R 511 r E R S b t e c M W P v j Y w h j 3 B F J R 1 H y 1 q r H Z v g Q x g E y n n i l a D K F a N U D R c G U X F g Z E P K r b p F P N 1 Y T z 1 k Y W M c t 1 m z l P 6 U 3 K 15 k G o 9 w 0 c l y K P g K r 13 r P R T / 7 M j Z Q h g R k b C d E x s R W r 2 P c J T b w I b a r R 3 k s A V O K T l I r M Y 88 P 0 q d L R h T + 8 j E k k k 8 S 9 C R R p u T V D i 8 u T p Y K e l a V 86 h y Y z + x y a V / c + z 8 M 5 W 0 O j a 0 b n z s h 6 R g a e e y e W t V A E 6 z A t Y p U A 6 J 3 G 6 q h d + I 0 B K D / d H p r o W K z A f 349 s V L g T 0 226 q C D 0 o t F E c 0 H 1 W w T 0 K c 8 g A 4 G 5 r c j 3 v y 10 H X 1 j A Z D 4 p R 0 k w I q c i 83 V M f 1 W 5 j L 0 E c O H Y K j F E 7 / U a I C g c H 2 / o i b A Q P l J B N + 3 Z k r y 9 b m h T m T e y H 4 q Z c k s M k l f y n q 7 I 7 H P s 9 b P 78 A X p n G u X n d j g u r R 0 + + s g x N t R P t i j X S A M 4 j k h C d j C c 3 D G + x 2 l T G e g Q Z q t V k H e e A s 3 a A C V E z v 1 + b S R L U r D S 7 p g U V p B j i n z O r G 2 m Y k 8 G 5 L j P 9 O L k 4 g n p q 56 c 9 q o x G M F l N + z u v p X v 220 g r 4 F U K 0 K H X f 8 A q G p g U 8 c K w Z u J l P S j 1 m X H A F V q E u t I W E 3 / s X l 0 L 4 g p 1 n i X 2 A d A 3 x h W D 2 / u + h G h K 0 5 i p B S w e l 1 l 5 A q m n B X y C q N S X E m U A t 9 p 96 g D b i S p k 0 s H / C t 6 t i 8 g a d + k N 0 I T a E w A v 5 A f g R 8 A Y + J E r G h s M N U b f O u W B C e f P a A 0 1 y N n r X F N K 1 v V b E 9 s l B I u + I 0 v V l a Q 5 E C g L 3 I V j W m 3 K M U 1 F q I B 9 P I I e 3 U N 9 C Y H O p e Q U t l N u M f Y p v o e R T 9 L p B 7 D C l B P C m o w N S x I s g m j T 4 r T x I V 4 q + g d E x K c B z B s d 4 O I y J V 0 E b S 1 J e w x s g M O d N / n Z U k m 0 L n d i S v h 0 6 G / W G v E U o + b A L s Z Y E I s v J v K / L E J K R v 5 E a 6 Y X S e r J d q x t o N r I a a G 8 V m V a P k h V f N Y M v J J + 2 L F v c h O F e b z 5 o j 4 x y s 62 s A p 6 w s Z s h 0 L x k g l v U v q j J G e F 33 j f n Y i s X c N F h D R y Y f Q b 90 N S F P b l 1 I U r 8 o A / z s H k S f S m y v x F N n w 8 o h b D + S Z r S t U + v 1 x z 5 K f g 5 O e 8 Y G q 3 F S 7 / 4 + 18 I 5 G B A M X + 29 f f E e I D 0 j j n H v E D E 3 x H V 0 Q e s 4 s z D Q H 73 S s U 4 C x f 4 H 1 u 9 y N w Y 0 l 0 u 0 D 2 H z d x s Y 17 + 4 D a h 5 o t 8 t u 7 o Y b d J M o k n v 8 p v H d e w W Q B 32 g b g o B + 9 g E a 0 X M o M 3 f g y r j 0 k v x N F Q S t H T C v L M k J 8 E M B F i 54 F B Y m X I U L E R c F 1 t y L D P p E i e c M 6 v e 23 l t X Y 1 Q a 9 t z X S 8 L I P K W W u a J W 3 a 45 G H g f K p k D I c Y S 6 a c 3 b j j x d R k 1 U V 5 O X t J l H T p U x B l 8 i f y Y i + e U m X I o 2 F y B 46 N 553 n f W Y X V V R / Q g c K a e K f W f z e b X f V 7 i u F f y i g 5 e Q z 7 U X p W r n S r o q y B d Y m 7 f w j I H S I A q 7 r N s Y H C n 1 n p A 7 + I g j p v A Y f c C K C K G 0 G O X k s K a 3 m m H i 5 / 4 + E y z V s J E e t c G L T F l M o D t m c i v f F A s x i k 3 A 251 M u y l Y / Y T V f b U + G u 4 W Z 7 u V o 5 T K h a P M v U G t I 6 B N w o h 2 + g w 3 X s g / o 7 b a f i y g 0 Z v 0 E + R a x v f X a Z K 2 Q A C r Q q I C u q 1 a 96 l d S M / i j Z R W P U q k l S f 70 j z O q 2 H + e 3 j V O x g F Y A / r h a m 0 / k n P H 9 o j U 5 X Z T d C l 8 k Y T 7 o U N I M a 1 o 8 d S R h O R M q q Q Z 650 k T d e I D M o r n 5 w Y c M n g 90 M j / H g b O v n T g g h O V / 0 f F p 562 q r e g M Z 9 P i L t Q m F + e c z g P V R k Y 1 D w x a B l G O 5 k Y 9 S z Y 9 / Y S h f R f y Z o c T h K J k 1 l 2 v y i D E B a d k T y j p y b r j E B K L y e x 50 L u E O 5 Z K S J Q 9 c d t L x h O 3 G i M 0 I q c w F Y 6 x g q w 2 p 0 7 g i + Z G 4 z t b j I C t y l D v p i C k n Y U Z L P i I P g h o 8 w + K 2 v w + o C G e L 4 J 7 a j Q N c W w M k R 6 p g s v q f w o w 7 w b 5 p u L s X 9 T n V h S x 3 J 86 m G r e r x n g + T x / N C H V w A S M v C 9 M p H O Z 168 I I z x T 6 H v b k S m v K s U n I U j o x M i h j G a m R O R W d h k R W p N j h F L u + P Q L i Q B d N 9 N Z y x d O s n t B q 9 Y + f E n D x B H F l f q N s 9 s n U d t L 4 a i o J L D e z e A i r f a W l 1 x 85 h K 4 k L X Z A o R 2 M 96 x m X U b m i q s T H d S i c + n C K t F e z W 0 o A H N V M Y 9 E o m r X i / 1 v l w O s X t K l S D s B P O 0 / e w i 71 U r 1 G y 8 x Q V 1 n 3 h M V E Z l X u q Y c M Y V Q 88 N l / R N e F 1 F E G B K O 5 J T n C V r u M 43 / S 1E29 r Z f 1 j p f B 0 o 82 M j / t k G 6 L 6 d t Q a t K H t H V y H 1 R R z + m I t u 1 M v i r t j w T + O f 7 e n r 3 v W w Q k w L t i 9 h l 5 D P a G R w k a s 5 b r e + 0 I O J H P F N 0 91 S x 61 M H X v 1 g r M r P r n W e Q R l w I f P 6 M Y T c v j l F x q B V Z q B 8 p T 4 O r 9 a i h b P Q 6 O A W K / d y / T I a x Y d u 7 v N d 865 J P c M h 65 H b 55 P o X z Q t + / J C h U M I O 2 b z K F O z Z o 2 A e N h y p F E 2 v 0 5 J 3 Q + M 6 / Q / h O b Y d e N n b x C G g 6 Z d p O R O b M i z 1 M J 0 t E m a V P y r J n T 8 U i I Z z 9 y u R H x t j 2 S F U Y 41 i x z e J S B 8 A k 9 l O D t u v 31 k i L 83 t j L M U d J E g j E C l b 8 S W F 31 s A 7 W b T U B N 1 F U v J j 5 y P + S 0 X 5 R A W T d a A U + 7 K B j m s / P k I 9 r 1 E x Q I N P e 7 t L z U j R / m l C + x B w 62 N O N F j U 7 T C Q A s L a / m F J N G N z k t 1 n 92 X o r 64 s i I a r 5 V D z J w B A + i 6 Z p z c 97 y C p k m 9 t t j Z m e 9 z 74 i v f 8 z F Z a W N 5 m V n p P S H s N z c U f z 6 + t H d U F 9 g Y 5 A c t 5 v + j N 9 J h J Q F T 5 o l 6 U P E A b h k 6 m 6 Z M J n g B x 9 k i T x + z E e B Y h t q g j M W H T E j u o g D G 0 Q d I I + 79 V d + j d D o k 8 I w L a 2 s + I d X 5 a y d 0 K E c w q u K e U 5 a Q z S k S j C J W f g a L S 6 Q 9 z L F o d D C q l P l Z O D H m o 3 B j M M m i 44 P / f 4 B t e E / y f W o V 6 S h T F R / R r + g Y N 2 m v x b U l 6 c U 5 + y A s S 7 R N I J + y d O H l / O F 8 G W 9 J Y / u A Z i 1 w T F d e N p + W Z V c B S W L S 0 Q 3 N W w N / y 988 O E O a A K D C / H w P + J P i 8 i 9 m x P U n L V P s v K q E 8 y / x t n m x J d 7 e r h S W + z h f x u B e r 3 a e / t T u Q W A A T i J j F Z U t 6 f T F a A C k U Z e y C H C I k W s 7 N t S 86 R T 0 51 W H m Z Z 9 y c 9 g U 7 c a B K F L q w 80 Z 246 x l k q G h i i A x q l s + L 0 G y q c E e n Q 4 g C b 33 e M 8 q X m P j b t 7 V k P C e 3 g W A 48 K a p P t a E j K X X d z 5 a T x X 4 B N Z 7 I G O 4 b 3 i S H 8 A v H Q X f X s i W m y Q K l g 2 X g W c A D i E t w Y b f C u 0 7 t o f j M 3 P u N h t t C Y 9 B i Z O p X t F z g W C p v l 8 d U f z S X n 9 J r B 8 m Z T p J z w t l X z 6 R x g b c k g c v L T w t 9 U v F P + W J c F M F O A n e A E 6 m U S 2 I x r H 4 c S s p 5 x T d d / D Q F Y a y a M d n W 6 Q M T 7 y + e 7 N N 5 / G s p X 6 Q p / l k s O V R 5 v n N b u V / 8 m r q p z R z 21 A u S g 6 j F q Q / u / 2 p a M f r w + v Y q Y H Y 9 W / i Z a G 3 d m g r b r 9 A X 8 g U f 4 P C l E 9 g Z H 51 q T S N 9 d o B 8 Z X u P F A n 20 q g F k g 0 y Y 4 f w v R R q V C 9 x 9 X i 383 + G 7 h M Y Y w 90 g G N 1 C t p 0 y P y X J K g W W Y l w 5 x a F X + U b G 12 p V 9 x t L a 5 j n S u S I I K R h X l n 4 N K 5 c r H o n e 7 U 3 S I / i p T y e p Y 5 t B k j F k m P q L + z d 4 z z o k 7 X X t V C l l 9 + V f H R V b r V I f s E 7 I 5 r p E J h f 2 t z J h W j e 1 N L a w j + S b 9 y O o e L 7 J i h f c S 725 e r H a e e r O U s C F 3 y p Z u 4 M X x H H B L 2 O 9 / g e J g i J Q r x N v N z 68 G X A + q c I 36 M v 5 U 4 C 7 m t + r A N Q K o l t M Q + H K D i C 9 z 629 f q j t A N 8 l T w g p p S O j i 77 D k F Y H o Q E s V I w g 6 X 9 f w v d w + f X t + U L J M h Q o i c 8 W h u f i 0 q j c 6 M 87 V S j A 7 Z v 3 I V u r a + i F e 6 U h q
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:11:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5705190f-a5bc-40ab-8936-506a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:11:27.000Z" ,
"modified" : "2016-04-06T14:11:27.000Z" ,
"pattern" : "[file:name = 'Invoice Number 2304144 - Issue Date 02160840.rtf' AND file:hashes.SHA1 = 'db6ed6117a984eef40e726675d5d05243e91a119']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:11:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57051910-c938-4ec5-ba8b-506a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:11:28.000Z" ,
"modified" : "2016-04-06T14:11:28.000Z" ,
"pattern" : "[file:name = 'Invoice Number 2304144 - Issue Date 02160840.rtf' AND file:hashes.SHA256 = 'f2c14a8e8e80f37dca28e86d6796f16b37091b90a4a9dd6f471dd3dd276db232']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-06T14:11:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5705221c-a7a8-4187-aed5-ec2a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:50:03.000Z" ,
"modified" : "2016-04-06T14:50:03.000Z" ,
"first_observed" : "2016-04-06T14:50:03Z" ,
"last_observed" : "2016-04-06T14:50:03Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5705221c-a7a8-4187-aed5-ec2a02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5705221c-a7a8-4187-aed5-ec2a02de0b81" ,
"value" : "https://www.virustotal.com/file/276de439d900d6fc8a589bad01bf71e4379c3ce0228d57ec0620542b51d2e76d/analysis/1459953304/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5705221c-fea0-4be0-b674-ec2a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-06T14:50:04.000Z" ,
"modified" : "2016-04-06T14:50:04.000Z" ,
"first_observed" : "2016-04-06T14:50:04Z" ,
"last_observed" : "2016-04-06T14:50:04Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5705221c-fea0-4be0-b674-ec2a02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5705221c-fea0-4be0-b674-ec2a02de0b81" ,
"value" : "https://www.virustotal.com/file/f2c14a8e8e80f37dca28e86d6796f16b37091b90a4a9dd6f471dd3dd276db232/analysis/1459951183/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
