2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--599bfa79-e7e0-44a9-a0fb-5bfb950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T10:10:57.000Z",
|
|
|
|
"modified": "2017-08-22T10:10:57.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--599bfa79-e7e0-44a9-a0fb-5bfb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T10:10:57.000Z",
|
|
|
|
"modified": "2017-08-22T10:10:57.000Z",
|
|
|
|
"name": "OSINT - Emotet, New high-volume spam campaign has links pointing to malicious documents that download banking Trojan",
|
|
|
|
"published": "2017-08-22T13:09:35Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--599bfaa7-bf20-4d7f-8932-5c26950d210f",
|
|
|
|
"observed-data--599bfacc-1738-4ffa-bedc-5c26950d210f",
|
|
|
|
"file--599bfacc-1738-4ffa-bedc-5c26950d210f",
|
|
|
|
"observed-data--599bfacc-2744-48ad-bbb7-5c26950d210f",
|
|
|
|
"file--599bfacc-2744-48ad-bbb7-5c26950d210f",
|
|
|
|
"observed-data--599bfacc-a2cc-4611-9b0d-5c26950d210f",
|
|
|
|
"file--599bfacc-a2cc-4611-9b0d-5c26950d210f",
|
|
|
|
"observed-data--599bfc13-3cfc-4e81-9d45-497e950d210f",
|
|
|
|
"file--599bfc13-3cfc-4e81-9d45-497e950d210f",
|
|
|
|
"artifact--599bfc13-3cfc-4e81-9d45-497e950d210f",
|
|
|
|
"observed-data--599bfc36-7904-44ca-9832-4593950d210f",
|
|
|
|
"file--599bfc36-7904-44ca-9832-4593950d210f",
|
|
|
|
"artifact--599bfc36-7904-44ca-9832-4593950d210f",
|
|
|
|
"observed-data--599bfc59-4834-4db1-b44b-35ad950d210f",
|
|
|
|
"url--599bfc59-4834-4db1-b44b-35ad950d210f",
|
|
|
|
"indicator--599bfe83-4e3c-4402-b758-404002de0b81",
|
|
|
|
"indicator--599bfe83-23f8-439a-85de-44be02de0b81",
|
|
|
|
"observed-data--599bfe83-679c-4ca5-9eae-401202de0b81",
|
|
|
|
"url--599bfe83-679c-4ca5-9eae-401202de0b81",
|
|
|
|
"indicator--599bff95-71d0-4755-9891-48b1950d210f",
|
|
|
|
"indicator--599bff95-3ebc-4e26-8618-4b6a950d210f",
|
|
|
|
"indicator--599bff95-e6b4-4eee-9b89-4597950d210f",
|
|
|
|
"indicator--599bff95-8134-4684-b0a2-47a1950d210f",
|
|
|
|
"indicator--599bff95-4c64-409c-b2df-4509950d210f",
|
|
|
|
"indicator--599bff95-fbd8-441b-b590-41ec950d210f",
|
|
|
|
"indicator--599bff95-749c-4457-a2bb-44ff950d210f",
|
|
|
|
"indicator--599bff95-9924-4ecc-8af6-422b950d210f",
|
|
|
|
"indicator--599bff96-3c7c-450a-8929-454f950d210f",
|
|
|
|
"indicator--599c0331-fb60-4c94-900f-486a950d210f",
|
|
|
|
"indicator--599c0331-ce20-4804-82d0-43c0950d210f",
|
|
|
|
"indicator--599c0331-d120-443e-b15f-43a8950d210f",
|
|
|
|
"indicator--599c0331-f640-4dc1-a85d-4291950d210f",
|
|
|
|
"indicator--599c0331-e0c8-4b20-8230-4752950d210f",
|
|
|
|
"indicator--599c0331-be6c-4d20-b449-4f0e950d210f",
|
|
|
|
"indicator--599c0331-ff48-4b30-b42b-4ca3950d210f",
|
|
|
|
"indicator--599c0331-c46c-4a19-adbf-4429950d210f",
|
|
|
|
"indicator--599c0331-7a70-480e-a966-46b4950d210f",
|
|
|
|
"indicator--599c0331-5760-4630-a02a-4271950d210f",
|
|
|
|
"indicator--599c0331-d6f4-4a91-938d-47cf950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"circl:incident-classification=\"spam\"",
|
|
|
|
"misp-galaxy:tool=\"Emotet\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599bfaa7-bf20-4d7f-8932-5c26950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:50:59.000Z",
|
|
|
|
"modified": "2017-08-22T09:50:59.000Z",
|
|
|
|
"description": "Emotet variant",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '9214359938285f26785f7eaf25a74dddea678065']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T09:50:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--599bfacc-1738-4ffa-bedc-5c26950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:50:59.000Z",
|
|
|
|
"modified": "2017-08-22T09:50:59.000Z",
|
|
|
|
"first_observed": "2017-08-22T09:50:59Z",
|
|
|
|
"last_observed": "2017-08-22T09:50:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--599bfacc-1738-4ffa-bedc-5c26950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--599bfacc-1738-4ffa-bedc-5c26950d210f",
|
|
|
|
"name": "Invoice number <random digits>.doc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--599bfacc-2744-48ad-bbb7-5c26950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:50:59.000Z",
|
|
|
|
"modified": "2017-08-22T09:50:59.000Z",
|
|
|
|
"first_observed": "2017-08-22T09:50:59Z",
|
|
|
|
"last_observed": "2017-08-22T09:50:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--599bfacc-2744-48ad-bbb7-5c26950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--599bfacc-2744-48ad-bbb7-5c26950d210f",
|
|
|
|
"name": "Invoice <random> reminder.doc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--599bfacc-a2cc-4611-9b0d-5c26950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:50:59.000Z",
|
|
|
|
"modified": "2017-08-22T09:50:59.000Z",
|
|
|
|
"first_observed": "2017-08-22T09:50:59Z",
|
|
|
|
"last_observed": "2017-08-22T09:50:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--599bfacc-a2cc-4611-9b0d-5c26950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--599bfacc-a2cc-4611-9b0d-5c26950d210f",
|
|
|
|
"name": "Invoice <random> Message.doc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--599bfc13-3cfc-4e81-9d45-497e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:50:59.000Z",
|
|
|
|
"modified": "2017-08-22T09:50:59.000Z",
|
|
|
|
"first_observed": "2017-08-22T09:50:59Z",
|
|
|
|
"last_observed": "2017-08-22T09:50:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--599bfc13-3cfc-4e81-9d45-497e950d210f",
|
|
|
|
"artifact--599bfc13-3cfc-4e81-9d45-497e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"attachment\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--599bfc13-3cfc-4e81-9d45-497e950d210f",
|
|
|
|
"name": "DHy6RZGUwAAW5Gb.jpg",
|
|
|
|
"content_ref": "artifact--599bfc13-3cfc-4e81-9d45-497e950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "artifact",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "artifact--599bfc13-3cfc-4e81-9d45-497e950d210f",
|
|
|
|
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAJHA44DASIAAhEBAxEB/8QAGwABAAIDAQEAAAAAAAAAAAAAAAUGAQMEAgf/xAAaAQEAAwEBAQAAAAAAAAAAAAAAAQIDBAUG/9oADAMBAAIQAxAAAAH6N3tl8tbjmcdeJIVDprPoC3ke2VCcrW8yVLx7HBEyCQEe5+40pAR7VKkekOc50gI9ICPSAj0gI9ICPSAj0gI9ICPSAj3jYYa/ZlnQbkXsO7HLzEj54NZJ+uHB3a93aRiN6DqPRjPnaeHAO7Hkescu82buGcOTzJiKxKajgx3jmSIjkiI5IiOSIjkiI5IiOSIjsSQjcSWCN1dsESCUwRaFlzbv7dhHJER3mShj2jrCcOe6vErVLfWujmse2nddZnZKoM9LjS/bePdup0zS0xo3ubWOkSXJpkUSBo3gBFygODvAAAAAAAAAEXqmRB5mxA9cmIXMyITbKiD8TuCNzJ4OHb04IPls2CC57LgqMlL5IPtkNxAdExk4Ya0CClOkANO7UeTB728+8yAAAAAADGPWs88HZtMevOSH7O30PHvJCTbA4u3BF9rwe4yRyaa3bal08vy8fT/Lde7124bxnHPwF6Y+hfPfoXP0fQuPsjvm/p86YraSXuI8E7qjuctgAAAAAAAAAAAAAAAAHnI8s4Hl5M58YNuNWTZjwM+c5PO7zk2POT0A8eDc0ZNujdqDGTdnVqN/nTg3ubB2euDJ3uHYdTn2GzGMnhsHh78mcY8mPQZzgenke8ecnoHnzsGmqWqmfMd0zF9/B7nn03Z9TkPf8z44+xq2+OPsY+OXK4stA4u8AAAAAAAAAAAAAAAAAAAABjI849jXjaNTaNWdg142jVnYPHnaNPjpHM6RzZ6Bo9bRrbBrxtGnz0DndA58dI53QOd0Dmz0DRncNOdo1evY8Z9DznI8vQwyAAGjeq1VG507r5bD1cvXjvGqwpezqx6LKgeYs6sCzy9BvwKVE3VXvc1nlb2xM+g/Ep9U5clUXFloV7ohMql6lawAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdcad08th6+Trx3owpf3ca9axES4oLbqF+oN+GGDOfOTOMhjIAAAAxjwPfrVsMgAAAAAAAAAAAYwMsYPTyPWPOD3nXk2MDLAywMgAAYwM58+gAAAAAAAAAAAAAABTrjTunlsPXydeO9GFL9lypkmWDxxQ5F+ezjF+oN+NWr1zG9owdDlHXnk9nQ5x0OcdGNHk6XMN+NKG71z+TqcqXU5SOrPJ6Opzk9Oef0bmnBtc46M8+Te0DqayNmtoN7nJ3Y58HTnl9HQ0Eb2kndjVg3OYdOeUdTlydTmI6ffHtN7QTsaBv38PYbAAAAAAAAAAAAAAAKdcad08th6+Trx3o05B3Gl+3RvEPI7wr1h5CmX6g345+bv0nNjuEe7PZw++zByN/k1GDPnaNT16NbOuHvzs2y5neOB3kcHrtycbsJ5fXSObHUOJ2Dkz1ZOR1jU3EadHbg4nYTwY7xweu3JxO0jjdhPHjtEe7xwO8cGe4cTuI4dvTk5XUTxOwcfY9mQAAAAAAAAAAAAAAKdcad08th6+Tpx3pF4r1npcABq24KFfqxZxRL3wFezYvMKxK93qVelOuRh8+23fllCpzJAcVn9kBy2TYQvRKbykT0v5R2BIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnXGndPLYZCP4Md5/HPspfY1j1jm8HZni9HW5h0OPwd7gydzjI7M8ftPTnl9HUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTrjTunlsO7TIY768bcUvrbBx+O3Bx+urJzOkcXjvHBnuHG7COT30ZTzet+T0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTrjTunlsMhHyGO4UuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1xp3Ty2GQj5DHcKXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU6407p5bDIR8hjvCxkzzUvDbpr2Qfbt7iG19/WQ1rg+07wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdcad08thkI+Qx3ClwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFOuNO6eWwyEfIY7hS4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnXGndPLYZCPkMdwpcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTrjTunlsMhHyGO5E1Wl/oChSxZ1e5C2K/xFtVHyXBXcFjQ3GWVSZYsCubSeVbpLAq0gTKtbyeU7wXRTI8+hqpqLgiYIuaod5YFN7SyoHlLQpcsTyraS3qj7LWrnGW9Ew5blX9llVoWVT8lvRMUWtWNBblZkyTUvvLKp+wtiGjC2IDSWVVuYuSJr5dlB7i4IDgLcg40tys7iwKrIE0gdBZUDtJlC8xY1N0F5VzyWVVd5Y3JBlnV3yWRUdBdVU6Cxq12EyrXks6BngBTrjTunlsMhHyGO/HGbNtLpaEybW2QODnlxE80+I/jnBE80+IjlsIg/M8IbXOiJSwg/M8IHdMCv+p4aubuFXzZxF7e8RGqcEDA3wRHmZHJFWAROJcRnPNiO5poRGqcFbmesRnLOjmjJwQGZ4Qm6VEHI9YjOebEVqmhF884IHZNDki58Q8wEX5lhGapgRHR3iJSwr+ycED1Sgi9M0IjTOjgj58UKwzghuWxiK5p4Q+meERskxAdMsIPgtYr9gABTrjTunlsMhHyGO8JCXZS9Q7LGKRbukAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdcad08thkI+Qx3PHulwDSmNwiQDx7ADx4mNwiQADx7AAB4PYAAB4R7efSQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFOuNO6eWwyEfIY7wUZY+LfCHkc7b12Rfburbg0yO2YjcSekjerrwecs1tG+ZPZekft7PVbRniS8zEdL6OqtoHr6s3rr9Z3524NHfstEdyTni1eTds30vHapbTMRiX02iPxJ5RMvPri7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFOuNO6eWwyEfIY7hS4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnXGndPLYZCPkMd4TildVL7PFalDs7YPBbGvYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdcad08thkI+Qx3ClwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFOuNO6eWw9vF247cujfovGBNfOM4kzjJkHnGcTDOMmQnOzXsgEPIHvx7SET3+vPrHQEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdcad08th7eKQx24tEnhMYk0xFYlUorMoIxKIROJZMROZURaUJjNkghHpARqSEb77yeB3oPRS4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnXGndPLYZCPkMdwpcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTrjTunlsMhHyGO4UuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1xp3Ty2GQj5DHcKXAAAAAAA
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--599bfc36-7904-44ca-9832-4593950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:50:59.000Z",
|
|
|
|
"modified": "2017-08-22T09:50:59.000Z",
|
|
|
|
"first_observed": "2017-08-22T09:50:59Z",
|
|
|
|
"last_observed": "2017-08-22T09:50:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--599bfc36-7904-44ca-9832-4593950d210f",
|
|
|
|
"artifact--599bfc36-7904-44ca-9832-4593950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"attachment\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--599bfc36-7904-44ca-9832-4593950d210f",
|
|
|
|
"name": "DHy6RZEVYAATaAD.jpg",
|
|
|
|
"content_ref": "artifact--599bfc36-7904-44ca-9832-4593950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "artifact",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "artifact--599bfc36-7904-44ca-9832-4593950d210f",
|
|
|
|
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAJHA5EDASIAAhEBAxEB/8QAHAABAAIDAQEBAAAAAAAAAAAAAAQFAgMGAQcI/8QAGwEBAQEBAQEBAQAAAAAAAAAAAAYCAQMEBQf/2gAMAwEAAhADEAAAAfo09s35a0O58fWEsOQ+nN+oOvK9s5Dvl1bGyxuveQOdsFgK9HnGlYCvarUr1hHI6wFesBXrAV6wFesBXrAV6wFesBXrAV7bqDLQbWeRqV/hYY1ustcY2km5RsCbrmxTV7AnHpmYZat5iqbA2tW8wQZJs21/TFd5ZCq8ttJX+TxEynZlcsRXLEVyxFcsRXLEVyxFcsRWrHwrtVryRbrP0qmqsLjfO2EDyxFf5YxCGq7o1ZTq42ZQb0/Poro/7pt46XL1F7Zcg8/TseLze/M+u465xq40b3zetdYnUTTYudA0bwAq7QECeAAAAAAAAAI0K2FJjeim22gp1wOfzvfDnNl7iVce/Ff7O8KPT0XhQRuoHH29oKnG42lBbTPSi19EOf6AAGGeJp9eHu+NuMwAAAAAAePcTGtm7DzLz0gxrj09BWSZY8jyBXZStRlCl+kG015nwAWMYHEvdlN8Pesh39BvHn0L579C+f6PoUOZXTdP7pqtpZZ1GBe6q6OdYAAAAAAAAAAAAAAAAB574eeZeDFiPcPDZ7p9NjWMsXpjsxzM/cMjIBjgbWgb9OQ1++emW3Vgb8NA3I+JLygiwQNhLRthtYZGPmwa/c/Ax8McvPT33wZMRn5iMweYbBhzvS8p+P8ATh0/H9f8vp8DH9T/AJ/e7Pqdh+F+98cfY2dfHH2MfHOy7F5egfF94AAAAAAAAAAAAAAAAAAAADz0Y+ZjW2DU2jV7sGtsGr3YMPNg1YSBG8lCMkiPluGr3YNbYNWO8R0gR0gRvZAj+SRHSBobxp92jV7sGDMYshiyHj0PPQAwzcaNmY/PYsoz7pKiy5GwrXMMb6dzGR0qhjHTuYHT2/A98Diud7Vz2fc3zm9vO36jw6v3J25aqqAdI5mXxduSy66sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH57FjGfdJcSXI2HDDG8+x57qxUW44Ft1DvuB748Y6zc05mzz0PPXA8DS63e6N4AYjJj6egMfDPzHwzaxsa/TP3X6ZgAA8YDP3XkZMRkAeHrEZPPQAAAAAAAAAAAAAAAAAAAAAAAAD89ixjPukuJLkbDhhjczsuMszoMIVOVeMyGO+4HvjTpzjG73QJCMJWUTZxv80+HrQ637InpKRRJRhJ2wZJvax5jr1EnyOJCOJCO4kexhKRXUpFEpFEppcbmnEkI7qQiuJSL6SUZ1Mzi7nNmWnYbA6AAAAAAAAAAAAAAAAAAAAAAB+exYxn3SXElyNhw15R9jjc3RvFPY7w57oYhxnfcD3xHj2GBCWAr03MgZzPOInm/EiJnvULKR6Rkv0hJG4gyN2w0N4ha7EVyxFcsRXeWTitWQrli6rliK5YiCnOIONg6r1gK7yycVvti6r1gIe3ec0bMwDoAAAAAAAAAAAAAAAAAAAAAAH57FjGfdJcSTI2HEdxz3T42AA1bfDgu+5jpxwndwDnveix45i1nZdc9aS7Hjl/egjdcfn145jZ0ApYHYenO1nYyHOC+iaN7oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH57FjGfdLCvgSNhf8AkfdjeTWMvImBOQROQhN8g+E/2vyJ6GJiGJiH6TWA2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/PYsYz7pu02EjYa/c/Mb1tgg4T/CCnCEmiB5YeEDKb6REwQ0wQ/ZY8Zj0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH57FjGfdLCvsJGwDGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPz2LGM+6WFfYSNgGNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfnsWMZ90sK+wkbChpusgY3F36rY5+TI8K+xz2nLWHQwypkSNpRdVU7y6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+exYxn3Swr7CRsAxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD89ixjPulhX2EjYBjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH57FjGfdLCvsJGwDGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPz2LGM+6WFfYSNgVMXG+gcl4dc4+cdE5yUXLk8Dr3IXZaOZ8OnVvPnZKDeXDjLA6NzGk61RRjpnMwDtXL7jonOxDrVPmWrmN50DktB2jncy/cd4dk5+qO1cz6dKoYp1DjelJr57MO2c14dM5zUdQ5GcdA4yadM4royycfelm5EdcpYR07ndR07mdZ1ThL8vHOYnSuB6otHA2h1SqrTp3HzDpHJ4nXOZ3HQKGuOvcXbF8o9B0blop2bkpZ0Tmh0rntB1DlZ5duM2nXOPlHTKS7AAPz2LGM+6WFfYSNhE1z2N1HtsKCfYCjsJgqIPSilnyxzEy7FNpvxz3vQCo03oqdF6I9TfCi19COUu7AUXl8IemyFAvxSLsRI1oOB6uzECPbio1XgoaHvBUb7AQ4VyKDZdiByXeCp3zxQedAOes5wobGaKnReiqg9GKry2FRV9WKTV0Ap/bcUlhLFJ7dDRzXWChhdWKj22FRInirh9AKFfCrj3giQrgVC3FRssxSe3Q5+1ligk2wovbwVFpmAAPz2LGM+6WFfYSNgRs863NO7giNcllbxZNO7nQdEbvJI5006u5ltO7nRgZh0h4azPVuXeWCvnZ7kOaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/PYsYz7pYV9hI2FLTdTo9vHl51vnvMeBZbMaodHTN55v3o3VBvuGe8tuvd28wazoXnvn7eTgUmvoms0kbpBz91uY1z+PRN5osrtztP1NXZeXrkPH1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/PYsYz7pYV9hI2AY2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+exYxn3Swr58jYctrv6vG9sTZIKmyz2miBeQyTFl15lt81HSK+wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPz2LGM+6TYUyRsIuvKHjcpEE1G9JHmjWS0ITsoWZKnU9wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfnsWMZ90mwrCRsIca1Y3UrYVntkK3C1FSthV5WQrbIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPz2LGM+6WFfYSNgGNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfnsWMZ90sK+wkbAMbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/PYsYz7pYV9hI2AY2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+exYxn3Swr7CRsAxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD89ixjPulhX2EjYBjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--599bfc59-4834-4db1-b44b-35ad950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:50:59.000Z",
|
|
|
|
"modified": "2017-08-22T09:50:59.000Z",
|
|
|
|
"first_observed": "2017-08-22T09:50:59Z",
|
|
|
|
"last_observed": "2017-08-22T09:50:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--599bfc59-4834-4db1-b44b-35ad950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--599bfc59-4834-4db1-b44b-35ad950d210f",
|
|
|
|
"value": "https://twitter.com/msftmmpc/status/899798902559318016"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599bfe83-4e3c-4402-b758-404002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:50:59.000Z",
|
|
|
|
"modified": "2017-08-22T09:50:59.000Z",
|
|
|
|
"description": "Emotet variant - Xchecked via VT: 9214359938285f26785f7eaf25a74dddea678065",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '59639027a7fd487295bad10db896528ea223684e6595cae4ce9a0bec8d809087']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T09:50:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599bfe83-23f8-439a-85de-44be02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:50:59.000Z",
|
|
|
|
"modified": "2017-08-22T09:50:59.000Z",
|
|
|
|
"description": "Emotet variant - Xchecked via VT: 9214359938285f26785f7eaf25a74dddea678065",
|
|
|
|
"pattern": "[file:hashes.MD5 = '5aa9fa89cee3ffc4c3009e34db830de0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T09:50:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--599bfe83-679c-4ca5-9eae-401202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:50:59.000Z",
|
|
|
|
"modified": "2017-08-22T09:50:59.000Z",
|
|
|
|
"first_observed": "2017-08-22T09:50:59Z",
|
|
|
|
"last_observed": "2017-08-22T09:50:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--599bfe83-679c-4ca5-9eae-401202de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--599bfe83-679c-4ca5-9eae-401202de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/59639027a7fd487295bad10db896528ea223684e6595cae4ce9a0bec8d809087/analysis/1503373480/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599bff95-71d0-4755-9891-48b1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:55:33.000Z",
|
|
|
|
"modified": "2017-08-22T09:55:33.000Z",
|
|
|
|
"description": "Emotet Links - 17th August 2017",
|
|
|
|
"pattern": "[url:value = 'http://elabora.org/WNYK418522']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T09:55:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599bff95-3ebc-4e26-8618-4b6a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:55:33.000Z",
|
|
|
|
"modified": "2017-08-22T09:55:33.000Z",
|
|
|
|
"description": "Emotet Links - 17th August 2017",
|
|
|
|
"pattern": "[url:value = 'http://magicians.co.nz/WQEL919279']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T09:55:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599bff95-e6b4-4eee-9b89-4597950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:55:33.000Z",
|
|
|
|
"modified": "2017-08-22T09:55:33.000Z",
|
|
|
|
"description": "Emotet Links - 17th August 2017",
|
|
|
|
"pattern": "[url:value = 'http://poshevents.net/VJFH311487']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T09:55:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599bff95-8134-4684-b0a2-47a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:55:33.000Z",
|
|
|
|
"modified": "2017-08-22T09:55:33.000Z",
|
|
|
|
"description": "Emotet Links - 17th August 2017",
|
|
|
|
"pattern": "[url:value = 'http://kntfilms.com.ar/Galeria/PXNH119520']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T09:55:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599bff95-4c64-409c-b2df-4509950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:55:33.000Z",
|
|
|
|
"modified": "2017-08-22T09:55:33.000Z",
|
|
|
|
"description": "Emotet Links - 17th August 2017",
|
|
|
|
"pattern": "[url:value = 'http://hercom.cl/GJBO609775']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T09:55:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599bff95-fbd8-441b-b590-41ec950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:55:33.000Z",
|
|
|
|
"modified": "2017-08-22T09:55:33.000Z",
|
|
|
|
"description": "Emotet Links - 17th August 2017",
|
|
|
|
"pattern": "[url:value = 'http://johnstonwells.com/joomla/STBD585747']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T09:55:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599bff95-749c-4457-a2bb-44ff950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:55:33.000Z",
|
|
|
|
"modified": "2017-08-22T09:55:33.000Z",
|
|
|
|
"description": "Emotet Links - 17th August 2017",
|
|
|
|
"pattern": "[url:value = 'http://yamtech.com.sa/WMZX43402']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T09:55:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599bff95-9924-4ecc-8af6-422b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:55:33.000Z",
|
|
|
|
"modified": "2017-08-22T09:55:33.000Z",
|
|
|
|
"description": "Emotet Links - 17th August 2017",
|
|
|
|
"pattern": "[url:value = 'http://dekormc.pl/css/MQGK305215']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T09:55:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599bff96-3c7c-450a-8929-454f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T09:55:34.000Z",
|
|
|
|
"modified": "2017-08-22T09:55:34.000Z",
|
|
|
|
"description": "Emotet Links - 17th August 2017",
|
|
|
|
"pattern": "[url:value = 'http://addidesign.com/LZIM941693']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T09:55:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599c0331-fb60-4c94-900f-486a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T10:10:57.000Z",
|
|
|
|
"modified": "2017-08-22T10:10:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://absoluteart.biz/Invoice-number-35490/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T10:10:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599c0331-ce20-4804-82d0-43c0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T10:10:57.000Z",
|
|
|
|
"modified": "2017-08-22T10:10:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://dusk.be/Invoice-number-412790-Notification/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T10:10:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599c0331-d120-443e-b15f-43a8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T10:10:57.000Z",
|
|
|
|
"modified": "2017-08-22T10:10:57.000Z",
|
|
|
|
"pattern": "[url:value = 'https://polishbikers.com/3303-Invoice-Notice/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T10:10:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599c0331-f640-4dc1-a85d-4291950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T10:10:57.000Z",
|
|
|
|
"modified": "2017-08-22T10:10:57.000Z",
|
|
|
|
"pattern": "[url:value = 'bryntel.com/JWYFPGLBMH8935758/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T10:10:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599c0331-e0c8-4b20-8230-4752950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T10:10:57.000Z",
|
|
|
|
"modified": "2017-08-22T10:10:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://glacierhills.org/Rechnungs-Details-61357123952/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T10:10:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599c0331-be6c-4d20-b449-4f0e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T10:10:57.000Z",
|
|
|
|
"modified": "2017-08-22T10:10:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://showreggaeton.com/Invoice-827715/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T10:10:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599c0331-ff48-4b30-b42b-4ca3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T10:10:57.000Z",
|
|
|
|
"modified": "2017-08-22T10:10:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://natech.com.br/wVZtWN/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T10:10:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599c0331-c46c-4a19-adbf-4429950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T10:10:57.000Z",
|
|
|
|
"modified": "2017-08-22T10:10:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://era.lt/wUGfcJn/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T10:10:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599c0331-7a70-480e-a966-46b4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T10:10:57.000Z",
|
|
|
|
"modified": "2017-08-22T10:10:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://omnisrecordings.com/HZKybTQwj/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T10:10:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599c0331-5760-4630-a02a-4271950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T10:10:57.000Z",
|
|
|
|
"modified": "2017-08-22T10:10:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://net5.com.au/WZwgR/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T10:10:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--599c0331-d6f4-4a91-938d-47cf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-08-22T10:10:57.000Z",
|
|
|
|
"modified": "2017-08-22T10:10:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://laguapafilms.com/BVgUGBfots/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-08-22T10:10:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|