misp-circl-feed/feeds/circl/misp/588b3db6-d5d4-4e46-86d6-42b9950d210f.json

625 lines
222 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--588b3db6-d5d4-4e46-86d6-42b9950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T15:16:08.000Z",
"modified": "2017-01-27T15:16:08.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--588b3db6-d5d4-4e46-86d6-42b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T15:16:08.000Z",
"modified": "2017-01-27T15:16:08.000Z",
"name": "Malspam targeting github users",
"published": "2017-01-27T15:16:34Z",
"object_refs": [
"indicator--588b3e7d-c100-485d-b7d8-4876950d210f",
"indicator--588b3e7e-d0e4-4724-9d6e-484a950d210f",
"indicator--588b3e80-d658-4a16-a265-4dbf950d210f",
"x-misp-attribute--588b3eff-5b28-48b6-a288-41c1950d210f",
"observed-data--588b40e8-8714-4e31-84ff-4bc8950d210f",
"domain-name--588b40e8-8714-4e31-84ff-4bc8950d210f",
"x-misp-attribute--588b5654-1e48-407b-ba73-4e1f950d210f",
"observed-data--588b569b-534c-48ca-9d73-1a2e950d210f",
"email-message--588b569b-534c-48ca-9d73-1a2e950d210f",
"observed-data--588b56cc-0a08-4a34-b192-45a8950d210f",
"email-message--588b56cc-0a08-4a34-b192-45a8950d210f",
"file--588b56cc-0a08-4a34-b192-45a8950d210f",
"observed-data--588b5717-a878-4208-90b2-43f9950d210f",
"email-message--588b5717-a878-4208-90b2-43f9950d210f",
"observed-data--588b576f-efe0-4377-8fb9-4e4e950d210f",
"email-message--588b576f-efe0-4377-8fb9-4e4e950d210f",
"observed-data--588b5836-b6e8-4be5-9cb1-4b0e950d210f",
"network-traffic--588b5836-b6e8-4be5-9cb1-4b0e950d210f",
"ipv4-addr--588b5836-b6e8-4be5-9cb1-4b0e950d210f",
"observed-data--588b58aa-9374-4f37-a5f6-4da9950d210f",
"email-message--588b58aa-9374-4f37-a5f6-4da9950d210f",
"x-misp-attribute--588b58ed-7448-4511-8da9-48f9950d210f",
"indicator--588b59de-1b14-4cff-90b5-0ab5950d210f",
"indicator--588b59df-0b1c-4030-987e-0ab5950d210f",
"indicator--588b59e1-3c4c-40a6-8828-0ab5950d210f",
"indicator--588b5ebd-d448-48c8-ba48-4f21950d210f",
"indicator--588b5ebe-4340-43d3-bea0-4bfe950d210f",
"indicator--588b5ec0-59cc-440c-8b67-49c7950d210f",
"observed-data--588b641a-8b54-47fb-80d8-1a2e02de0b81",
"url--588b641a-8b54-47fb-80d8-1a2e02de0b81",
"observed-data--588b641b-72d8-4430-9107-1a2e02de0b81",
"url--588b641b-72d8-4430-9107-1a2e02de0b81",
"observed-data--588b6437-e6d4-4736-9459-452d950d210f",
"network-traffic--588b6437-e6d4-4736-9459-452d950d210f",
"ipv4-addr--588b6437-e6d4-4736-9459-452d950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588b3e7d-c100-485d-b7d8-4876950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T12:35:09.000Z",
"modified": "2017-01-27T12:35:09.000Z",
"description": "sent by mail",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAGVkO0rMGPetjAkBAJYJAQAgABwAYzFhNzM1YTAyOWM5ZDY0ZjZkMTJmYmVhNmRhNjI5ZmRVVAkAA30+i1h9PotYdXgLAAEEIQAAAAQhAAAALnJbW6/FhgQCPI34qaSjdvs5/0Y/bTvNek6e3mlicvbY9jl5vQJZ9lKj3PIIr/WgJsKQTi1rg3kFRxDKkDo1J0n+gFaKeVDuthP7YdyJzA7kz5rHWelZSrKn+fyVf2Pa4CgACWDNTAXwRALhw+Yi53q2FwqT1o2/Cj+EFrYComGec01OagXJEs3MH0r269L+V6tEvU3GMK/Yb++GamjqwD/r4lG0upxDNkyl6QVIaS6LeiLYNIn/63/SIxZVXxKDzuBNZwnPCn5cEN3FjFGdtqqfx5h0vYebGDExVyhGBSWnu48jwE+ztKsTplgl7hG50V3EkhPQmOz6qjfeBTjXkcIjtiCfOVK7fyVY3QpezdB9RbsphH+UfOasjYLGWe+Mg2JcVZbwvthgC8KVEDGDX1jdQer+TlqgwGeVM7YfDtNPPc7pWf28GhrVYOkSC2aKHNv9ysi7IRm3p1Q2tJRWrbSfzyK6FMsfaFedqr2O+kqJFdG4F2Z2JxCoEm5LXO09uLBbciClq6cFOJPlKP3muxf6PYjrYYep5tRel5mopRnXB+N+T1QMzDHWTcnHmG4TDTNKS12UO+OrG99rr1/zBm/mXhkHD0pWbi6INgOh8+PNCIb3cPBZB4Vt3pPbNZphPucF1LBwj/1k9HUA0lfH1BFdCiR2L9NQYp135n0olBZe+DgUMiLGKlstrCNKpqijhuJp0fbILvcGD3ukOjM+drdT3l9bk18PqOT/9UcSyiRNfRRPhM0L82zDwDKJA+K91kNPrPc0afHlE3Kne0uvPsKNevuk65N/w4qbCX7obiDv73dy4CHajg3duxPjPY65g8RWrLd2Iy3AKVBomTMpnk5+q5XH8ktFuslBigg3kFRkz4zrRja3sjlGDac07uubVLYxMczZC0HtiTib/Wn8N3MX51yUp83PiG60l0BbHoAIxjbJtc61XV7YhSAlbSPxcZH+UwR52MbNJ833iZAt4xMa/qGHrLVh/UEE24S4TynXbNH9FBm1rA82W5rTb4hpDs5LyW3TNW39MIntsFSLgdAntL4objD5Sw6xiShaXOoSm8qT5/mINA+Jb07HxEFYtdwhXTSzpXCnmk/JW3uXdx4ztakBhUMz/NpEnAZ+XZK2I1knt4/6b43DBQVKETsJ2Dzt743VZhyTRZa6upDHZiu6717meJvBFuseB0NlLYgaWNwbb2DyZ3pQZBI8/3VcTY6gkvzU396aFd1mczskOkJyRy1BzdNhBdCceQxSp3/Yegnx+rXZF4uRSQ8LzJIlPhcFMkvi3wbfB2tGDmlEhkf0FlCY3fh3eJ4EUZjn81DTS8rxpT78zERxd8L15v+Q46PDJfXZh+kcuNfqUZmBwPIi04VlEtPiQS4S4mcr4e8TLH5+aGLJuJmfWyiaWX9jKp+S2fsyAauyjvedSSb6r6dTYEhh1Wp60Q2xJ/YFVeGufPLicJVmt98fcxC8uadvyncitYoX+oCDMnDH16nHJPs+AGfzZNsyGKlhcnnqvREsYmKwKGcBB3EpN1y79keS1t2g8U9S22ied8uGvjICxFuqcIPLSijd3MxoZhCYrc38mgF1UzIAIxKvzyHScw5AGvX8w9glUwnANcZklRfkBhZEVcoMDGboD7hTjhABjtgxtUkUsZ4K1aQTrOe7JIbCEfmkmlSiVgf/oe/KYPfp0OJgqkH8e9Px+//ET0FSQ+d9We74eks9wmuxcCK0TUg1t580UZ9F3CRARIpD/MfQPEWgAT6GFy7oieNCzA8kowbX+G3mBSjGhHqsw9tV6f58T/jsMspcB48dP6aj2WIaLHi6hUfKPr3ejl+yFOAkLxkJjR/t4Z+/b2EvxswUo1xNhFNiy/RF5OOQOZ/4rjX71KSQbPJOmXXzCQiI5zi0WtMhHTDwtY7dQ69GE/hohzcU4yYnpPfCZcQ6PQ1NsMjO2nezQbw6MTHtO4Nmv16A6d467P8YyQLHhHh0tE3nA4Gg4zdStW6yNl+FshPDIZCh4jaQKlwBmfxIB4zQGNHFmkvyDl2p/DrqlDqoTCT/KheFDIM6t25vUpQJxDYNmZG3sxfWoUFjfGdotsRXXp2i64PcOD7qYhGJsxD9c6DNCyI7G52Zd+K2/LetFaGgEPEw8R3iD9dxZ2g5Vfam/6JfbLISi0XR5S7Bn2rr/SId4N94CVAYEaM3h9DBIn67Ae9iF0U26wjzIuOFuMloRJzXTAw0zqbKc8ONuZsMc0Ws52wWw5+sv8H6zzUMKtlHfFTV+ECrg+flsLW2ioWe15Q/z2VnQ4ZBMpqOVBGLxv2WBpfYiKDXCP7PKtCT+2ZLEzIfTNLOA8ByTnPoin+qNnZXIVzbLKeBTWqvqcga1Vh5ghyiW8yBMxSlO7/GOTTv1j5trU33haA670nkYiBgdWo3fCAlf5nCi+cDSj9tSnH7gPh/pCYm9c2PzFi/DvQhSp+S6h5JDrOss96+gZHF1WXJYRUgPpSFbwvV3i263xiPiSLXEsm2wmKa0+fhdu7ww0nGKXCo6vwItkroLCVe7xihOHPK+jwjBWQEw6v+MgzByuxQlER5dBcRex8Vt9/1a1aLJYWgBFsYNtExaTtpvHZQNXjACUIFF3iSFq/BaG4NHbgBasK52dFEckxY2L/JFua9ZO2ZMXVsk4WTfMG4cmhlDlRt0yNkybd98pP9o/vxmFjciie6mNnQGkvFvXz/Jec/Ywzmu8xXTtretkH/frvMlOkCm2CKqRvDw8GuN2nWj2jDRNcyZe8CXwJyjcZpzXHSfXJzYzvFP1s2Lj4dPLG0Luot8QwjnohKGvHZ49IGhgqHG3jO0eoUfnAmoJuh3VnciDhk1fVqcBBc8GXEqKPDRqP+0ZG/Zt4lwITUc9T0qInNwCV/o4NjBFK+U5hXRHhQZG19YRzfm/FtpmsAjVw7BID/sDdZu/9/wsdA5k2VgJkzIVLQLyV0VhulzWGfMB3zngJZcm4pZ9d4NJONkCYfk2ay51Yk+k0Cz9kEbTAQOmS5jlucSs9DT2uIcHi6hQDusD6C6Sc1dHlA+5+u0oM08lihaXVe4XSwyWLb5shkMsMJWnozBycolelTr2xvgVp+vJzgn5w0ZJBKwvsBM4VvokogGtKxrK7zEkRbohgKhQjBNYOGOjDCyK8aF9+QkaaNP11hFIyjd4h1gprwPWJae1WiIcpkgHJQt9q9euQFnYbWUiW8YVoaViG8OoTPwUP6gXTcRfQwnKt2uOixFClA0yQXOkZh3QwzInVM9fqntqUk5vsLHbSJidd/WJLfuiUFlqYldi+HupyrU69uDD00qDFdRQOJ+gRaG5E7zxIcpYFcYLtK2QPTkBxwLiZZjSNRMbrT+8EZRqS8CITXnGrxwJdB+XwGqkh7g1M5wn3b8yhqloI7UlbsJQNuXcmXTfGdP2S/9ZlPNOiywLuBaxZG1gWD+/LjWAUfb0b5161475s+Nr1cFE70UgiEN1/xOdn9kwcWp4s63CS83zgu9KbA83eltvbXfXg/Tm6A6rfjr5T2ebn9+nXZG/E3a46gZGi+fu3WlbtFuYtlJLTPit23y82PxG6PGg1TyOzPCQMjq8X6+eD8qFIcJhayfBhPjnJgkrmLWXxNIQWSbNBJmKDU3Egi0M5YPuJtVKWnmDHtl7Y+70ACWWKTyQvWXuDtn0rT7gafaV4CyE1URmnRR3UKCeN7CS5RqqJth2bEnqefzEvmVYwCHXvgY/3/6R5hugkFlZY7+81Veq90N4GnZuOZCRsZGmwDeIK1CRDuLx8pF2tsAGnGak+dC1hHT0fr+4Be9zxlQ8lz6rgYiU9kZ4KTHJO+RkRcx7DckmM21kTKqocIy5TjJgm8j6AkT3pNrUlVttSXSqZ2Rln4DcgVR0gcdAu7Gk5dPKbaZlP5ypRKaDveZ0EvP1/Xpr2+Xz
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-27T12:35:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588b3e7e-d0e4-4724-9d6e-484a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T12:35:10.000Z",
"modified": "2017-01-27T12:35:10.000Z",
"description": "sent by mail",
"pattern": "[file:name = '2701.zip' AND file:hashes.SHA1 = '4ec4258cb17ab4e297f72d6bcb27399a3f5786e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-27T12:35:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588b3e80-d658-4a16-a265-4dbf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T12:35:12.000Z",
"modified": "2017-01-27T12:35:12.000Z",
"description": "sent by mail",
"pattern": "[file:name = '2701.zip' AND file:hashes.SHA256 = '2690dc4ebde17e460aa9fb7c96fdaedba0702cc9737186af6efa66d1c92974ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-27T12:35:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--588b3eff-5b28-48b6-a288-41c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T12:37:19.000Z",
"modified": "2017-01-27T12:37:19.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Payload delivery\""
],
"x_misp_category": "Payload delivery",
"x_misp_comment": "text received by mail",
"x_misp_type": "text",
"x_misp_value": "Hello,\r\n \r\nMy name is Adam Buchbinder, I saw your GitHub repo and i'm pretty amazed.\r\nThe point is that i have an open position in my company and looks like you\r\nare a good fit.\r\n \r\nPlease take a look into attachment to find details about company and job.\r\nDont hesitate to contact me directly via email highlighted in the document below.\r\n \r\n\r\nThanks and regards,\r\nAdam."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588b40e8-8714-4e31-84ff-4bc8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T12:45:28.000Z",
"modified": "2017-01-27T12:45:28.000Z",
"first_observed": "2017-01-27T12:45:28Z",
"last_observed": "2017-01-27T12:45:28Z",
"number_observed": 1,
"object_refs": [
"domain-name--588b40e8-8714-4e31-84ff-4bc8950d210f"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--588b40e8-8714-4e31-84ff-4bc8950d210f",
"value": "gw.yugo-star.ru"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--588b5654-1e48-407b-ba73-4e1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T14:16:52.000Z",
"modified": "2017-01-27T14:16:52.000Z",
"labels": [
"misp:type=\"email-src-display-name\"",
"misp:category=\"Payload delivery\""
],
"x_misp_category": "Payload delivery",
"x_misp_comment": "probably spoofed github user",
"x_misp_type": "email-src-display-name",
"x_misp_value": "alec@cpan.org"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588b569b-534c-48ca-9d73-1a2e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T14:18:02.000Z",
"modified": "2017-01-27T14:18:02.000Z",
"first_observed": "2017-01-27T14:18:02Z",
"last_observed": "2017-01-27T14:18:02Z",
"number_observed": 1,
"object_refs": [
"email-message--588b569b-534c-48ca-9d73-1a2e950d210f"
],
"labels": [
"misp:type=\"email-subject\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--588b569b-534c-48ca-9d73-1a2e950d210f",
"is_multipart": false,
"subject": "Hello"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588b56cc-0a08-4a34-b192-45a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T14:18:52.000Z",
"modified": "2017-01-27T14:18:52.000Z",
"first_observed": "2017-01-27T14:18:52Z",
"last_observed": "2017-01-27T14:18:52Z",
"number_observed": 1,
"object_refs": [
"email-message--588b56cc-0a08-4a34-b192-45a8950d210f",
"file--588b56cc-0a08-4a34-b192-45a8950d210f"
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--588b56cc-0a08-4a34-b192-45a8950d210f",
"is_multipart": true,
"body_multipart": [
{
"body_raw_ref": "file--588b56cc-0a08-4a34-b192-45a8950d210f",
"content_disposition": "attachment; filename='2701.zip'"
}
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--588b56cc-0a08-4a34-b192-45a8950d210f",
"name": "2701.zip"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588b5717-a878-4208-90b2-43f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T14:20:07.000Z",
"modified": "2017-01-27T14:20:07.000Z",
"first_observed": "2017-01-27T14:20:07Z",
"last_observed": "2017-01-27T14:20:07Z",
"number_observed": 1,
"object_refs": [
"email-message--588b5717-a878-4208-90b2-43f9950d210f"
],
"labels": [
"misp:type=\"email-reply-to\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--588b5717-a878-4208-90b2-43f9950d210f",
"is_multipart": false,
"additional_header_fields": {
"Reply-To": "AdamBuchbinder@tutanota.com"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588b576f-efe0-4377-8fb9-4e4e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T14:21:34.000Z",
"modified": "2017-01-27T14:21:34.000Z",
"first_observed": "2017-01-27T14:21:34Z",
"last_observed": "2017-01-27T14:21:34Z",
"number_observed": 1,
"object_refs": [
"email-message--588b576f-efe0-4377-8fb9-4e4e950d210f"
],
"labels": [
"misp:type=\"email-message-id\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--588b576f-efe0-4377-8fb9-4e4e950d210f",
"is_multipart": false,
"message_id": "619BD3AF4490BE5D8184CD7A6E724E86@xpox"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588b5836-b6e8-4be5-9cb1-4b0e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T14:24:54.000Z",
"modified": "2017-01-27T14:24:54.000Z",
"first_observed": "2017-01-27T14:24:54Z",
"last_observed": "2017-01-27T14:24:54Z",
"number_observed": 1,
"object_refs": [
"network-traffic--588b5836-b6e8-4be5-9cb1-4b0e950d210f",
"ipv4-addr--588b5836-b6e8-4be5-9cb1-4b0e950d210f"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--588b5836-b6e8-4be5-9cb1-4b0e950d210f",
"src_ref": "ipv4-addr--588b5836-b6e8-4be5-9cb1-4b0e950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--588b5836-b6e8-4be5-9cb1-4b0e950d210f",
"value": "185.39.170.74"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588b58aa-9374-4f37-a5f6-4da9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T14:26:50.000Z",
"modified": "2017-01-27T14:26:50.000Z",
"first_observed": "2017-01-27T14:26:50Z",
"last_observed": "2017-01-27T14:26:50Z",
"number_observed": 1,
"object_refs": [
"email-message--588b58aa-9374-4f37-a5f6-4da9950d210f"
],
"labels": [
"misp:type=\"email-x-mailer\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--588b58aa-9374-4f37-a5f6-4da9950d210f",
"is_multipart": false,
"additional_header_fields": {
"X-Mailer": "X-Mailer: Microsoft Windows Live Mail 16.4.3528.331"
}
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--588b58ed-7448-4511-8da9-48f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T14:27:57.000Z",
"modified": "2017-01-27T14:27:57.000Z",
"labels": [
"misp:type=\"email-mime-boundary\"",
"misp:category=\"Payload delivery\""
],
"x_misp_category": "Payload delivery",
"x_misp_type": "email-mime-boundary",
"x_misp_value": "\"----=_NextPart_001_1F9B_01D27892.CB6A37E0\""
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588b59de-1b14-4cff-90b5-0ab5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T14:31:58.000Z",
"modified": "2017-01-27T14:31:58.000Z",
"description": "extracted from 2701.zip",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAP1zO0qv5ypOKg4BAAA4AgAgABwAMmZlY2JlODg0OGJhYzQwMDFiNjkyZjYzYjMzMzU0ZDNVVAkAA95Zi1jeWYtYdXgLAAEEIQAAAAQhAAAA5aBzdp0Lb5SIanijE7zecpISZGGH+tnb3GZflvKJxL9QANkttjRxIrwYn4rnISsVnpItxZfArBCpHds30Szg+VWmJROvfjoa29y5RpYVQmUo91HWBGwCNfqf4mgO+ufbNmvW6AiNYweVedGfMyB0J0jiEI1xym4s/ErnJtanBN8sCz9wT2dgWllqWsgrvQULFj47xz4wiLXSq7hBzZGY2yMV+KzBmLmCJ2G5w2Sny6kIbmS+wRyYEzz0bczxcLt+0wAhXkKhJSQDxc9iErUAEEhIf+s3NrbWJnn/6IM4AsYBtcHmwSC+sKNjjHhsmYB23kh7Ne3XXMGXtvXoBJWCWmtH0lumQjg7oXE9BkX6lB1hRUvSzlQuI0pyG8h6cHf6wYfjgzuVnpVW+hxoCwRe10ZHvvrlTLXixReB2F/OLdgKsjf0Hh+sm5L1tZq+4TWEwyn0Mej9oQm3G0rvZPUCVLnRAIg/yLbEXC+F/Einne4oVmQLW/oYeP7WdTGiJvxsdk1UH7BPC01yL8RE7trrDugj+8VETO9RhHfhCWKJ3HmRTLpK8Px2Bm/pREamtboxezLMii3PjA5TTja2KP2XOlmMDCezXZCi3P4LFXaRJFTNj3OBiewcEb/8w7+F4Vd+GeWqG3T8Uzgi+apaSVNxmF52LwF6Y8JIpCHGcopp586zJkdMqy4YOsvxyOkVSgu8lwFW7geXum2tKxRAnEHM3LJI6T+JjXZ2JBhX0xfaUjyxpeA8S1Pj02OXAVm1I/KIMTqrg3SkJ/xxC6oZbgmEaVuGTn1MZS9j3z5pgzBz2V1GxkHtsBDawzEtve+rnZykZEzdY4bE3jfr8l0u4RMDabStNf83mx7RmlM1F12yG/l6lXQX6H0xrChM4u8RcrCkST0mcGpm5vVpHB87Zn49CUp2z6CdlbJPrdRlADWR9E/7IFxUoywY3WAhdkT+8iysXi89yKUHsfPndwFiPJMABpCeJKMsppV5jHiwQKm/pc+Q/1ZMrZVS+Xr1LfPMx6hroVxgW7onLVTIyvRUG9RBEwMjtWaJVQaxx0My+QLC72mmnJF7Q5yPw1zhFJDYpTFLUnfDlGCBU+P17rnYdOKEtahv8r8TBcWJhc/6l63ssgwIYhQqzNed1UrHlHx6VaGQ7TLaUlJXs7feJ2M4yjU5wBwnPqoGcqKQcqtUOh4AJ6ld6QRbI8IBZ1lEUfKNPJFBeBm8LRBOAJv3uXD11RldMD0oQ944/dPXd0jqtufJ1dJpo7flLvckq7req5W1OX1o3HlheElZ/GpCr+u8lgkohpVC+059USwaYr2Qhr+FNHxDAa2zWXcW/e+hCs5pP+/O5Tv0/uyigYDQE13rDSeCne9ci9ehyZtSWaHA4H+qhh+Tk8itFUoFyL8GlXaaJeRGIscXIUIEyhHFIt8mLv3xCaSh+5JZJADq3q2os1PHEszLu8jSPLXE6LIe0VUAMG0hqWRPNXnadrgECTZAbNDGIXamB1avYR3hxAvH2bF7ff7ZHbOabr068L9B3snreUXgNvt52R7fJH7hblfXd/7fiNYJweayHKkURdASFsrUdnea3xvJT7SxDl/U7E7Kyj0iUtaQoCQ7U3qSZalXHgNigqGRRBH0cNrR4JlHTKMc7l/4L7zU9GDo0YEM8DhSSSGQtoZ7imKfI/igeHpf6F0VZe8gWXKhU3gLY43vzGRDMR7koJubenrL6q8SX0wMg2DpwCOipoVb5SAdKq9HNtTjsL9tbm4riXnngkyx4AcK/2qc7EayrVH9eb+WjVx+Q8GMTwl7c/F5l5Pt6qB4a5wRiqV93h6IUKij6kxTmIz1XM833Zd+KvRe5DljlDtyoGhgdTJIT20++ArfzAoBtXKyZ5dZqd+y6w/O6MvNwtkW/7BkC6kq3YCTjLGgdxLVTP4522m1JTSGusUszB722k+f5hqcXU40Qj8qYwN8PeIisMhhDKhYO9fNcNiWrPb9kfMoO16fOM0TSAltXvPzGo7M/Woq+jVgTTywio8i55QvvUf0mtIgWHq1NjPt+t2OWGgPGDqGKTTpme5Mm1glGIjxbGDkewtq31rs8xOT53An9DEihPFFJgTBLFMDl45zheT+qizZ3j3qFbLfA9stdKQ/wBTO2aj9QtP6R19GCqhEVwDN7gM+H17liY78KVgIOcnsjna99AcWaf5GrCSHh9NoXQ2YJ+oYNACJcTelu99URXvTEJz0lswbRwryRvq96SMfBnAFLCZANbAA65hIPU4kcy6NwQtKuu33yGB9IaX+8bpt/Yeju/Ye14tg+M4iw8XSEUT5WY8RuXbCGeiXwtf7VLD15QVicWWXxu6faJx84jFd4Y+e4tMKMtHymZO/1b/Q4GOr7c8oE5VRLmD1YHHGNlSQqTf5CpCrjonaqarN4q8fTds1ZqzDUZK7AFghKB5i3UhWopL9lb+iuZw8LG9XQTyrEWzisqdaj1Gl/DPEF7kgndHf6ZApu5ikc77R437fuzjvIA1zPRMTqqQeoSjf+9CPUWO+FIuWK9/EunPU+KOWWkR166LWuubFvBoBruZmOH8ys7Ymk+nQHT1o1dB8APfaiFsTyTvPmdE2BtIWdBh3qkgfP4B0ndZ/EX879kJG25UG1up9CKeWAuRcqCNartFvPBx7VMezg7idoiCCjDAYEhOC4tnGE/dwLdORc+iqCBDhyj9vd3YFc/NQs4qcdR6k3Wr5NnOrRdPllFg28PoNc/aqOohuMpnKCXwsM8zijZQX2MUKtRqau5ZN23YxOwUP636mrfP74ILAlS6VqVgV9HnY+IXMw0N24dOmUVhwX0rMmZO7t0Rsq5ZSOLZ0B4B9/HK3pnR8ALbPRWGk8mY3z0hXn9TipjJLul7Ajh/dIVHJPrnI1fdyK7RcpttWrwBJVEvbKqwKXGcYV5Y5rh18KlvuesTT8BX2MjCnm8awdxOtpyhZHVL9PGiDaSGPChsUqzILFCpfsWG7/xUyyoZ4rvs7UiMIO9m1qZ4zbdghdITeOl4k24077bnoWI8e4rOtS7A3crHYcu/esJ+7e7D4LKC+qKSGWtSbKD0cTCIwFomZAOHVQGPOfivlXo5/4nM1YzFNF0zMq11MzrgkTlEcIqUjHUJHvTufntYAU0LlR7K/xPrRz2pN54mlO9T7tGpvR8wf9Uyiq31Vff2Dc2WCJ+z991iNGRZQCNFxzjmO+SXc9lLbs4VRutpbaik7ymvehc/67L7N1IdUT+u6IKvoFj7DDKWGGZJoKN1RFIFk2Z9mTt5706/3A+p3H88MYLGioZg8OVJHz25CqCQDw8SHXgW+IBxuAtZF/FPWbpq7Yy4D8T3QnkA32eRMuPj1sd28bRBASTLPdQNe+ylMqoyd8KF6SV1kg/MH4V+R3qqTlJ2BKT0GsRc/rWZODv/Mu/EFOnVL0x8EUYsrpT2RfVCTlsMVyRX6wlNUZAhMc8jHp21Vfrig419kuJ5Os1G7/XlKHPegUqdrjKe5hl7luU7Fp5DfevkWVtGpo2OBeHaGdtNmvzDEVYVmdInpihj5upRWMHsIjnrIpKyfiSxTjqzzSaE+TJOGfKJBev6hQWtSFyDjdrI1n2QcFF2SlNjCN7ePCgEv+4iVP1OWbE/6narw2EiYEqSgYpSGK3vy+JvcF+8RjmC8/KjHPzhgwQnKNbPW7rguVN7pKaGLzQLALqKo8+3yPsrlIhNabljmnmMLvnTczT00XZxqN0vwkFE44lpzDg0RlHn8YExHrDQDhiY2snzRmvDS952a+czx3DmFe/pJ5ga6lUhjAiQNlQdfnV2EgWZyVOnLbYTO6AGe+J4DJ7Wu8jUrOpP/VUTnqc8hTPIXb8zaItYlWTGbzPnKDKccXmfh4E5bN9K+Z3GXbxJEayfGNn+HfX/5LCVJaqdqivZt3LwhfAuO9K
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-27T14:31:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588b59df-0b1c-4030-987e-0ab5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T14:31:59.000Z",
"modified": "2017-01-27T14:31:59.000Z",
"description": "extracted from 2701.zip",
"pattern": "[file:name = '2701.doc' AND file:hashes.SHA1 = '80ac1d4ae82a4f9a3f0068c79b96483fb7a7c16d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-27T14:31:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588b59e1-3c4c-40a6-8828-0ab5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T14:32:01.000Z",
"modified": "2017-01-27T14:32:01.000Z",
"description": "extracted from 2701.zip",
"pattern": "[file:name = '2701.doc' AND file:hashes.SHA256 = '6b9af3290723f081e090cd29113c8755696dca88f06d072dd75bf5560ca9408e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-27T14:32:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588b5ebd-d448-48c8-ba48-4f21950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T14:52:45.000Z",
"modified": "2017-01-27T14:52:45.000Z",
"description": "Extracted from 2701.doc",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJd2O0q0l5P3Cy0AAPeeAAAgABwAYTQwZWZlOGE4NTEwZmVjYmMyMTJkMDg1MThjY2U1MTBVVAkAA71ei1i9XotYdXgLAAEEIQAAAAQhAAAAxWMJ1SpFI0KWdCdQN3IxFaurfRCRQAdc0ZCNyue1XY+KVWutlW9KCmcQ43HZv/07cArJYLbkZX5gfD9kyu6racv1pWKnMJ2bPOyG2TCKIjC1JuNr18GYmiQ1qafbdUNy2+rkn/EFpJvDkRME3h/oh1nIFpeNiQEQTrVeNtHhn5hf/miJXl4VzpbnruoUAmjgRpVS+/uayZ4pXBoWIBtSX1gaBRYJt1Ypusxaxhqh5SPGAeWSUb25DUyDNP0G1WovtwTi4KtSRcjm6xfyXdIIo9S3IHUYFZ2NyjfX8adBdca4LK13jpTXN0+jEIkq0YI96gtxqoS03nx1+fePV+F5A+Tuc7TnB4WKLKiDYpUe/z7tPQ7xQYZ3r3V/5CYrxw3fL0yOz7aE1qtLILfmer95BLvvZcMLV8GV5dgoh92sM5P28cTYYm94V8QzQC/YzaoSytv5wtxEbrbYprwAiHX1xXHU5Hb+WL05ug99eVwyc4Euesis8iabp+A/lwZrm58xC1aAac/F3v3w2HaSADzqd9eI1bbwAs0kpv6DuX7DXVkB73YRw5J26MkDq00kUOd7dbGd+cC68DEckz5xJAz8yTWNp6vXi5+sEW6nrjFD6eqesHzp2vkWW0e+MkDzV5CaW1R0i9FGKcz6yjMCVHKpzzcT3XjOvfPbsio3P+AUQIrx6zHqVjqe2XOU0ewSuyu6WPjpDPazFghrAZDX111WXqhXQaT+oRB38OASAK8uBJ/fT+ScLpQ7rHIgWoZGnDr66PBFbZMGNOSEscH+FQ27lMDoqkxTgS6ylJkqb9Xd/+3m7Dp+N4/YADkR2GGEuOO5AGmmqT3KfiZorUTshJE3eI78QW9Z5ZAnf9qEdrDcFOfGbbczlLQ1JG8ZEZXkR8davx7eYsE/9Ri6yqVFOJGBf4mgskjLysG2Nnp6YZnDmlJ1h7p85ax2yXQnt+u5Zytwbsera1z9KOHakXFQKy7Q2IIj5TDn1CeR2cNytBIvZtRkz+5ZdeMx+b7DBm2IBBO1Llnaihqc764sQ4zznC/lV+iVX7Mi8NCAGAJzuzLE2m/lXC4qHir03Xi6G7ALGmy8c4LKxE76xKVDy85kfsXT0gdpMJhKJ1TzsEWnmKhtDnemF4+j0ppVSsKc9IOq2NsSG5+xlD6zpvjIwxFV0/YPltvJOCBdks5hGLx7Ub8SxTtTPTzY8bkn5oAnaD2pGEhKg8VP6jLQ1AlVRzaewxfR3Io8lFDbIU2QCIINwX+8jLwLAWECMU12vILRfZxDGkLlrJzD5W8TDS6TUWuCuFOXxo5dTbfTjc/eVHA3A0Brbt0M+ik6+rRjblweBLtN0HHjJxZTq/WloNu55sd8OPUz3avxRn9k4hTDb0JeJbPbGI9TGGDwSgD4r8G1Doe/dV4mEci4sv9pLwuIdcE8Lrn+oFzAXgu2PEvpUEjrwjCiHsKBromEpNlP/7jyjLQMnxV2NBk8SPIlgEoZRVhLDpXsg2MamWtodHrY4ZQ4hmt37LITWoQ717057/2Xu+5HmxXxuEeXieyvXZ09+TEz4QQpJPq5W03ykVQ28muglhzAKxeS08Q5ZLTrMpRUXJq3E/h9st6viWEjZ9pktwtBXIGQeBqrLduwhKa3E5eXZPWTg26edFIKx1Hj4CrU8XcR3q0lm31vW1qMI9lm4nHBBEdcvN0Nuhh02lJJPpu5i6BRFb2w8duEyyf7dcqO3M5HmShYRjoeMuxUTutV7DS+Gd41sa9kF7QnWhuXRUC2fDpdsT8YXUZmA4/BTUY4juuIUffNLBaQzIdflSywENcoSWgGQQHUYkDoGnL3BfeB0ZWHe+9eNaTvfpzHndCFR4gim7mJk0SZf5fj/uv4/yV/Yt3HKsZ/bNP0WLu5gCPrESDTvhvNvLG0cYFpO/o/vl/40U3ipsIlifq/K3DPpHcLPlJz4qNQ2s9UJmug2q9Z1xGP68gJ48eXF2v8ZrXhDcCgpOSiOufXCynuayGxbtn/4481OyWxxXw6swZjb+rY37ORJEhbUUTZ/Exe/jimy+ekSw2GoeeB2EzsN2aHm0igzJqgS3TZWsUYPSuNz9fRH/l8LQ6cKNqUbbvpgDes0XBDq8arGB13ejjN0GOg1/sSuByMc/KMpim1Fr5vjdx0sewKSsrFHRsZ1AmN/D7wVMUf5lhhK217Re1zxu1XvA9oIpAHzy/BiHfy6h62anIuw4qPZRpNiPxdhk0UrUMbiMJFvNV++NRHQcGzpTIYSSUyy444ToFT4ULCfVlsrZwcglzcIXMSgL5Ow4m5wVPLYTOvdP3UVX20EhHldv+C7iNFX7Fcn3yPxRVwBEP6o9uJ1pVHf0/0/LWlox52zIt3IFjE13Up06uLujcx2s+bLXcAma56lMv4YxkNu9//meoeSKdtMULh6PZIUU1r0JAQK/elb0t8ymvYp1ZyWT9FGRrhEsH1FfvZPp9PsmK/f97yxxHbj7ErnT3R/QjI2mFkPWJHXno110ufs93CYQuqspgeugUTW4rd/8JXcxjPmsE8Qs2BuzV10SYf9OMwzdSdelhODK6ojjBxx0OUAc0bOO1U5vUtgUe8YdjB9/j1KkimCSFBYv2YnoG21z+JFwNAFrCCPyjrn8XyayRcORe+D/DCIBcgzdOm1ApqMsXSubyVj61vPEMjU/LnmLLDyW2duU5nfjEJi7CA9mFEwfTEh5GQQmOhCUUEryY5D1KUJ2kmte3gveg3AcDGvMg+QJowkfnhP7TN3DhykcMDSJM5pDVvTsUDMPMyEwRjPVuY3UCdlFyzYq31p0XK/NswrkD6KRwgCIQeTDIblvUVFnfHhk0zrSOYt+8JfzzatYTX/PaW6uSm3mejCY6LOVbQrOLTxiv8A6X4l7LUIOzGQkmmLeMdVty6gLNADPS1s76k3iOGiWGks8Lv3BpnRoIVLHM/WtHPQCTfK7/LJ6aQAm4m5Vsj8Ej3jNg4nW3EiPn86gj5d5HbNZ+0TtAkZ3tZpfBplC+Is/1Iu3UchvpRZw1trPskoNDFDBv8tx4HL/P5sm8+yJPdy38QYV2dDxWDcDfTEjuzYWLuILnE6lVN87XyfKuUstsMhErAfQ38io0ekSXAFBGV4zoX8NoJWheJX1v011kc1Jh4jdzybyee5ydzh8/h/rbh3AkXJbTtKwjc+mz85AK5fS6ScMYT3rfVo+geALWJgrybIO3NczAAmbk8yo7ElfI3NjptAdYjPh3w1SpPpvSB+RVgjrlJe6MtBNa4i+7Oo26QU/aK8oHeW2YE/VQuioyi6iEuW2In2gyQcza37wOvKj06+X7o/mGMxgJzofzlAYLcWHidPPGeW8Tsobd+8mAqPVaFnvZ8wNuwDd1eMsJqmpbhFARvzSPIoYMtm09Klmur0ayk6HgP+pvZEiwDHoyR6mJgC00tdHVGwIEt/2OWFpxI3hkthRR4hSoZ79pue855Qy7WMxyblzYgjAwAI2RYw7nYmM/uTnq8VuCE9ZJbG+8xVV303/qlfMQrgijo8t+c4UXeKqGlCEzM4e+fOqF31kdusKy6RkteN0ll2S5FdYqsO7jR2jKFv48csfHtSmWLKlStjBDmeUhZPazQ+CpHnGPSbBLo1wxEtNgcPRVdumuXEcRgvvOhJ7Redcpt49cW88p/Ngx+oQeXvAb5r4bBNfjFqVyYpWTHvcMnLiSHbSG7EI3bSS06zu+NuulvrlsTTKYcJ8SiNpMzZPlm4UWFT5OeBukMdnymjRZ8A1RZWANvTTgnD4STBhHx/+pK7gq3DA6nYeqgliCAJ5riOVJDatY7NdF2VKDiKsYElOXljhsDeFdFS6hBiR3FQYPduhgIar9VcenFyIbKHz6igXje1xf2a+fp9H46+J4s26D2ofouc5/EVmNL7AcaCBFd5QJhtxrsIepLapIEIr
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-27T14:52:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588b5ebe-4340-43d3-bea0-4bfe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T14:52:46.000Z",
"modified": "2017-01-27T14:52:46.000Z",
"description": "Extracted from 2701.doc",
"pattern": "[file:name = 'vba.txt' AND file:hashes.SHA1 = '724919041f87beeff2b68421cd2bf6b00399af2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-27T14:52:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--588b5ec0-59cc-440c-8b67-49c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T14:52:48.000Z",
"modified": "2017-01-27T14:52:48.000Z",
"description": "Extracted from 2701.doc",
"pattern": "[file:name = 'vba.txt' AND file:hashes.SHA256 = 'bae5d104f1c18d59a4a92b4d0269a85cd00c8a8e3c67a7daa15dc01ad89157bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-01-27T14:52:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588b641a-8b54-47fb-80d8-1a2e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T15:15:38.000Z",
"modified": "2017-01-27T15:15:38.000Z",
"first_observed": "2017-01-27T15:15:38Z",
"last_observed": "2017-01-27T15:15:38Z",
"number_observed": 1,
"object_refs": [
"url--588b641a-8b54-47fb-80d8-1a2e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--588b641a-8b54-47fb-80d8-1a2e02de0b81",
"value": "https://www.virustotal.com/file/2690dc4ebde17e460aa9fb7c96fdaedba0702cc9737186af6efa66d1c92974ad/analysis/1485526438/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588b641b-72d8-4430-9107-1a2e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T15:15:39.000Z",
"modified": "2017-01-27T15:15:39.000Z",
"first_observed": "2017-01-27T15:15:39Z",
"last_observed": "2017-01-27T15:15:39Z",
"number_observed": 1,
"object_refs": [
"url--588b641b-72d8-4430-9107-1a2e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--588b641b-72d8-4430-9107-1a2e02de0b81",
"value": "https://www.virustotal.com/file/6b9af3290723f081e090cd29113c8755696dca88f06d072dd75bf5560ca9408e/analysis/1485529768/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--588b6437-e6d4-4736-9459-452d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-01-27T15:16:07.000Z",
"modified": "2017-01-27T15:16:07.000Z",
"first_observed": "2017-01-27T15:16:07Z",
"last_observed": "2017-01-27T15:16:07Z",
"number_observed": 1,
"object_refs": [
"network-traffic--588b6437-e6d4-4736-9459-452d950d210f",
"ipv4-addr--588b6437-e6d4-4736-9459-452d950d210f"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--588b6437-e6d4-4736-9459-452d950d210f",
"src_ref": "ipv4-addr--588b6437-e6d4-4736-9459-452d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--588b6437-e6d4-4736-9459-452d950d210f",
"value": "62.213.71.141"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}