2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--599fc448-9ed0-46eb-89ae-93c2950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:42:12.000Z" ,
"modified" : "2017-08-25T06:42:12.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--599fc448-9ed0-46eb-89ae-93c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:42:12.000Z" ,
"modified" : "2017-08-25T06:42:12.000Z" ,
"name" : "Malspam 2017-08-25 'Your Sage subscription invoice is ready'" ,
"published" : "2017-08-25T06:43:43Z" ,
"object_refs" : [
"indicator--599fc45f-ade0-43f5-9c6f-42c1950d210f" ,
"indicator--599fc45f-774c-49cf-b610-4576950d210f" ,
"indicator--599fc45f-eddc-4839-b143-49fe950d210f" ,
"indicator--599fc45f-f61c-4ec6-9bbb-4f91950d210f" ,
"indicator--599fc45f-fa40-40c6-92bf-40f9950d210f" ,
"indicator--599fc45f-0400-4fea-93d2-44ce950d210f" ,
"indicator--599fc5cc-07e0-4acb-a64d-93c2950d210f" ,
"indicator--599fc5cc-87d8-44c8-8729-93c2950d210f" ,
"indicator--599fc5cc-febc-4fb1-a1d7-93c2950d210f" ,
"indicator--599fc5cc-3ab0-4687-8040-93c2950d210f" ,
"indicator--599fc5cc-042c-4b2d-acbe-93c2950d210f" ,
"indicator--599fc5cc-0cd4-4a76-ba09-93c2950d210f" ,
"indicator--599fc64f-a03c-43c8-923f-942d950d210f" ,
"indicator--599fc64f-3ae0-4f81-a101-942d950d210f" ,
"indicator--599fc64f-8f48-4237-b7b9-942d950d210f" ,
"indicator--599fc64f-1064-4657-bba7-942d950d210f" ,
"indicator--599fc64f-5d28-477b-ba6f-942d950d210f" ,
"indicator--599fc64f-5800-419c-b00c-942d950d210f" ,
"indicator--599fc64f-6d68-4d3b-b9cb-942d950d210f" ,
"indicator--599fc64f-bb74-4877-aa55-942d950d210f" ,
"indicator--599fc64f-9bbc-42c1-8832-942d950d210f" ,
"indicator--599fc64f-4748-4e75-a0c2-942d950d210f" ,
"indicator--599fc64f-b1d8-4956-9986-942d950d210f" ,
"indicator--599fc64f-f1f8-4dd1-a886-942d950d210f" ,
"indicator--599fc64f-62e4-42ad-b741-942d950d210f" ,
"indicator--599fc64f-f7ec-41aa-9879-942d950d210f" ,
"indicator--599fc64f-f260-488c-b6c2-942d950d210f" ,
"indicator--599fc64f-7cb8-4c9d-be1c-942d950d210f" ,
"indicator--599fc64f-9328-40d2-9561-942d950d210f" ,
"indicator--599fc64f-9f0c-40fe-9f54-942d950d210f" ,
"indicator--599fc64f-e828-4d76-9d63-942d950d210f" ,
"indicator--599fc64f-99d0-4da5-9f23-942d950d210f" ,
"indicator--599fc64f-378c-43a3-b7fd-942d950d210f" ,
"indicator--599fc64f-0790-413a-bc3c-942d950d210f" ,
"indicator--599fc64f-8cd4-4776-9a74-942d950d210f" ,
"indicator--599fc64f-1564-475c-8d6d-942d950d210f" ,
"indicator--599fc64f-a78c-414d-a9fc-942d950d210f" ,
"indicator--599fc64f-2b74-4423-a192-942d950d210f" ,
"indicator--599fc64f-09fc-40bd-a005-942d950d210f" ,
"indicator--599fc64f-cf84-4146-b631-942d950d210f" ,
"indicator--599fc64f-87c4-47e9-9f76-942d950d210f" ,
"indicator--599fc64f-a9d8-40d7-9b10-942d950d210f" ,
"indicator--599fc70d-0fc8-4047-83d1-4187950d210f" ,
"indicator--599fc70d-9f98-43b0-a85d-4f79950d210f" ,
"indicator--599fc70d-e998-494a-ac4b-4b11950d210f"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"circl:incident-classification=\"malware\"" ,
"misp-galaxy:ransomware=\"Locky\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc45f-ade0-43f5-9c6f-42c1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:31:59.000Z" ,
"modified" : "2017-08-25T06:31:59.000Z" ,
"description" : "1st stage download location" ,
"pattern" : "[url:value = 'http://gumart.com/SINV0709.rar']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:31:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc45f-774c-49cf-b610-4576950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:31:59.000Z" ,
"modified" : "2017-08-25T06:31:59.000Z" ,
"description" : "1st stage download location" ,
"pattern" : "[domain-name:value = 'gumart.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:31:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc45f-eddc-4839-b143-49fe950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:31:59.000Z" ,
"modified" : "2017-08-25T06:31:59.000Z" ,
"description" : "1st stage download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.197.248.45']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:31:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc45f-f61c-4ec6-9bbb-4f91950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:31:59.000Z" ,
"modified" : "2017-08-25T06:31:59.000Z" ,
"description" : "1st stage download location" ,
"pattern" : "[url:value = 'http://haleshomesales.com/SINV0709.rar']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:31:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc45f-fa40-40c6-92bf-40f9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:31:59.000Z" ,
"modified" : "2017-08-25T06:31:59.000Z" ,
"description" : "1st stage download location" ,
"pattern" : "[domain-name:value = 'haleshomesales.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:31:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc45f-0400-4fea-93d2-44ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:31:59.000Z" ,
"modified" : "2017-08-25T06:31:59.000Z" ,
"description" : "1st stage download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.192.66.137']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:31:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc5cc-07e0-4acb-a64d-93c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:38:04.000Z" ,
"modified" : "2017-08-25T06:38:04.000Z" ,
"description" : "downloaded stage 1" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBAoACQAAAMI0GUtE048G/wcAAPMHAAAgABwAMjRiMjcwYjRhMTA2ZGEzNWUzOTVkOTc3NjBjN2Q0YmZVVAkAA8zFn1nMxZ9ZdXgLAAEEIQAAAAQhAAAAIaPbfM7iTTvoxcmDVB04vr54TPZXBF1HTQcFDP0lfgXNipKMtQlwB48DRdChVhTGKdOYcxbWh1Isg/ZedV721TVm9HcSeGC5+zzuyhNs/GqLIIPoWmHeXoUUKabpwvkYwh7c0GfWcqzUc/qp/VND4DWqu0CqK2UjxdTaMbykEyu1d/NttmvkRm1hCjoVuPrmCkopapwd7g2Wc2GKfHzrvXuaNd/No/Jw65gVr678z/dWBP4C1GIIs3HZaKA5u9aLsPdygALHiEOE7oTFcKZzeDHpFTN7sdGmcysm+WXOiSfWEVqWfmgjDKiel3FqOpvDkX4K0bRgZp6WK1ooBS6lO59zlD4t62L2XDtT3izZKlSIRgDRouP2mOJWcig3xPW9a5QmuORPdRqHTXPfP6N/P5KMKNTKbxacqJDEy06Ju94bIaAuRMa532BCV4ahru56zt/iAOcqoIXu95nHiWTyO8Q26f7CNkT/x+FV24BGQ+L0S/ydX84VfbkGUx2gYTEt3jzDJIEIQUIxeJh5cLhoEME+l2K17vB+Z914hvg8UVbQX9o20nw07fag0cz1HOtlynsx//pjHdRUFgT51l9nusn6Bq29lCxKk7ZiFATABItOCrC2sJZB+RYYXuKB8gM82o2LYn374BFu4S4UjaTSvsahMeQGXHz60cZgWI0PLuw68oINh1JQXc+qsO9VXOfylh+f0r+5Wgp0PT2CLcife9qhigKBhjhthjDENR0cYVfQlmjmv5kTCzOwdH/LUYSMokPlKMezi6ATLw5U9lIBHSkbozpDqWUL7loQigCConVAR52/XNs4+bAYEDq9U77D+glF0yM0BfqhJ3z1Uid7/fDJ8gbOGzEP1IR0ysaKz/jaLkRQ4mzwyLrtJbrANCQLHVteS7nRZR49H8tONBrNXChSllB8ieT4Z7Zp4Sphl/XeXz68kBtjLB46/6m7FSUXRXbJ3uB1B5/YzYrQGr3pgUCKtt8GBmMlb9h5dIJZFIKcEUdFXBl4fUD64HcoOpdA6m+fGTM9s98EUErbY8rwvaWCrZVZHiJvwQVqbNpB/ffgtZyGrHSp4opWDAFbm+xYwIjVwbXvU7NPUgWIvGCsqcAjHyBCxlmm7rPOljUmVJI7EdAQsxBOht3kvUHRG2oPhvob/KYRPqehW93utKYHJYGS12nuQ10ULSZmRJ3LifwzSa/f2caC53YamCQzh7z80K9GIMl9JT6CgkoJ0M1tCPN3/gVM1Ot3l62WYey06JeMjuJ5cVYuAw6Y0gFEZetKZ5AiNAj+/0lrAJxB4FBpO6N9GILgH+RefplBqN2LE8qOADVvqxU6vaqMgfpgbbulDUS5KpxqvGHecMIVWTF0G8VYteMwEXf3SZO74i0mg3wRVR+dwspwyEbcF3Feo0B4iUtCXDjB73/BXev70Ugr5KuoDTt9VnhXcabuVaGB03VdEXj6LFsXAbTTAmHQzAWbIbMkg5jE2wfdcQG2aGSyLhkQvJd0NcHhv8ByciIbBXUs5UWMPP4HPYlYxmOX9fjpbAVdtuDqz66ePTXtLEHAxbCf94XsbYhr5PP3k2yDJgJ9sk+aeQTtluQC5vaemM015hYqPFPzWhwUbjckpbjQLlIb496OGkXa2XU9XzPN/NxekybYVEYEoBgtbZmNVQKwpVqoJz+q2K3LB9fU8uyN3Oi4pcQX5sdh0Pct3ieiAdGmQcWw4KWREnTybXenjdboRu1DN7E9faxM+NefLNw6WTT1KbQl6WsJaM4lMbvKCzS76WHIYGG37IWYGHyzwycN2Ceojqb3Y6M2bO8eYTajRyPwy2uwne2JBLTRRV57PRDXYmPBpRQaqeXaqVuOS6qoqIUII83ReX9N3IQVPPNs29ULuWjm5LQkP6WVjnBgqRBdx1n6mc2UjlHdgmfIyxFhpVWghtQ41ZOh4WJxaPqUWHWovkTmUvDd1LPEpDl1OtdBc/VBcsKLS7UbUw3Xi2jeIJJhFU/JctJ2mABPnAuXHjKQyR81uSeT42db91rVRtAdsUVIV75lE+y1XO53/rgKUhlyE9MCfUOqsqrtGIcj3v06MCJ/IqhURCUPLzf5+k+h/R9WscKin1t4mZrytFiOb6avi/lMeAS0Piq61Quf2ynKoHppOl1VDkiG7pBeJcPnkx2Ufh0aXzq345+GvfJsOBp7kNknHLLULknM4l/keM1nbVoRfT8aPetAzxs+zehqtB+pBXKd972ZSway2VxHorfvULh9CNgnI9DdOlwFFkW/qVR2VSqmiF2AZELr1xT/FzxOH/icMhEgsaQi3uyJZJOqT77eN5Nq3+IUE+76oJQDrem1sG7O5jiiPjPLh66L/+YizBxpWgKgmlbXEm6QjVgKWp26fYsd8clCFVzm1cMhn3yx3xEHXkvlY/EayjVrcinTkAwJqrp1UnkXragg4VxrjpMrRBXtfzJ7sLRnYS1Cz3wxUtD5jtY/dZLF1+tgYG7LrRPBGNLJrRg2+sxvocR/uG69k2pjPx4gxxYmO/xYkGFEOE38nmmZuwTyg0G9ndTBCJS3F/iiktqOobdK21vp7vkbHhF6iHaD237qudGLJ8rAwNW+/z2kVClIUBP/cl5GYnSuiBuWkflpGFpyqgLd2iH1GZjkFyF87l2AWhYvm5BiwZgpUjdiT/4gc+tyqq1VtEafUeLNvXkBmS19tL3D5esKJL7GJFQD4hSU/webOPWOl8KIK09AKjPAkVBLBwhE048G/wcAAPMHAABQSwMECgAJAAAAwjQZSyhdOYkYAAAADAAAAC0AHAAyNGIyNzBiNGExMDZkYTM1ZTM5NWQ5Nzc2MGM3ZDRiZi5maWxlbmFtZS50eHRVVAkAA8zFn1nMxZ9ZdXgLAAEEIQAAAAQhAAAAVQMdOzr+zKj8fWfRqdjMY+Mj8TPBIkj3UEsHCChdOYkYAAAADAAAAFBLAQIeAwoACQAAAMI0GUtE048G/wcAAPMHAAAgABgAAAAAAAAAAACkgQAAAAAyNGIyNzBiNGExMDZkYTM1ZTM5NWQ5Nzc2MGM3ZDRiZlVUBQADzMWfWXV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMI0GUsoXTmJGAAAAAwAAAAtABgAAAAAAAEAAACkgWkIAAAyNGIyNzBiNGExMDZkYTM1ZTM5NWQ5Nzc2MGM3ZDRiZi5maWxlbmFtZS50eHRVVAUAA8zFn1l1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAA+AgAAAAA' AND file:name = 'SINV0709.rar' AND file:hashes.MD5 = '24b270b4a106da35e395d97760c7d4bf' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:38:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc5cc-87d8-44c8-8729-93c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:38:04.000Z" ,
"modified" : "2017-08-25T06:38:04.000Z" ,
"description" : "downloaded stage 1" ,
"pattern" : "[file:name = 'SINV0709.rar' AND file:hashes.SHA1 = 'bace8533f660fa525072bb704973148504fdbf42']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:38:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc5cc-febc-4fb1-a1d7-93c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:38:04.000Z" ,
"modified" : "2017-08-25T06:38:04.000Z" ,
"description" : "downloaded stage 1" ,
"pattern" : "[file:name = 'SINV0709.rar' AND file:hashes.SHA256 = '11e77e2b4ff4a3fd2cdd20f7896a2b44a426978d378a9557fbf60aee318e92bf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:38:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc5cc-3ab0-4687-8040-93c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:38:04.000Z" ,
"modified" : "2017-08-25T06:38:04.000Z" ,
"description" : "downloaded stage 1" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMI0GUs3+d7LrAcAAIUVAAAgABwAYjJkZTQ4OTNmNjg3ZTA0MTZmZGUzNWVmOWVhNTkwOTVVVAkAA8zFn1nMxZ9ZdXgLAAEEIQAAAAQhAAAAmaNbMgCfeIQ7klwTn4UVCl/jD/NrsnzFBIXeKk8UxP4IAXsPsdC49MXxnyZrLZOECKpV7WDIR7ES+kPGP8tC/waJItjdncq0vAeUbpqbnlLnatzWOqNyBfhVsRZXL7eCLZcK6M/wX0qsBo0k1h0ysCwDAAJ8gL3pmzhaSbeSZVyx8SZxRotkRaxgUoIRk5KdtSiNDOTcoAKvraNz45tdRKoTx7NoKlAGIP+PpnL+5X1NgypacvwUKu/2ZdVSC+dAD0OQ9NzErVuQvZHKvT8ChgBi/I0EjGwLuPsRSibNWSYt27XneDAtkhx4mndbU8+1TbpGsV7v+slZa6bUw0JRU/pYGGUYo7w8j1aUmq3xIF3cTAzs5GnCahl5vR+UiP2Nm8+P9//27MaxWScm5A1/QcSJv8i2enpi4erF8T9TqM1A+tEYwoC4S7lfHlbovrNAlsk33C/SW0HJGlMKves0ZYKUIYImDe1i/2bAv7vCO/nyvHTCm/PMJafe97bg7H0BymTnfn7qJWFFgFbsuLxWxfCbyd7C/tjWbzbiigT9ogO5o+Legk6GrrAXnxAR+TwsaVQlpfvJBS798ZieWH5YufFqMaDMExKPA/PXLvJlB1+HZ8lVP6N/1ILep7Z2LupMI+IUZN7kbTImz2mSVFmLhrq4y7s1hN7Zt0BCScNCVb99s1AjsN3yW8hDjIac+J8GcXZUEFbn8Jn88BMLNiuvXZmN46wr1k1/S5tr6qZMPmQ+xn4im46/BYbV62hnsFOXdHojT3czccuRQOgLvgTLUBDysBGi4e/KEbh2CREKuS3CGoEF+vNmA6Bi1IW3okfKG+YI8ZoMx8bY/HhZ9PjesTmB3YF6lsm9+BqoWRtQQ67J6LsW60Bs/0JKl9b8OdZnr8r6zDGhN8dCiQqe4E+PMVENQLQbQKE6FDxT72RVJVfpRUcyoXtEFLx5MJDOSw8QzO6tplbtfb/+iMuf0Qv0MOnh90d6WuTWUUT5eVnOZIORvZNha6ky1gk9kYs/oGctYZfEn5obO9lFPo1qAPuSCMtiTr0FkzMQL5FHts1+cgmC2zl930l9RZ6MeOJMBfX0EIXSUIzIuS2xvYtw2nwg6VBYGYsOPII2qmNEYXUr6a763dZ+A7sOYhQaFnCARXDf8ndXYl9buZ2KKzylrrz14SfNvrgdKQ7L2g1ZMI5fHr1s10NMcDuf4VNmVK7PmkFnqwvViVUt0/PFiLjjO5nMHO8qIVqagXUxdBda5GWreUw+n9+n4cfs+R02UQjwCSHuFt71P86OrP4Xop5M4XK3Tqs9mCVNIwt852HJNXvd16bNaJSSLkmi+D7BmmTDAZ47NIKJa824CrMZoCTVx8ibZC9MPIwk8JkPpbZOG6Rsh7zbybMXU1T/G2MMVR4NDcze8AtXFdD6Jg5B0rRX8bB7aUk3hQTkyEM6LVaeWSsqK0xaZ/TWzEOk6IiqHXJd9Yy+7PMb0wglozVDKyd+0rxPrzYmnjnLXRxMcpk4t6spSTZmNIQ2u5a9ATijY0X8oejIrCSlLed76TNNmUg8fDEks0AOCwErN6+D3c2LqQU4+DUexN2KAX/vRcPbIgs3pA7aFDU+eMGm4a88clJluN96e2/sNK0Xy7JlXgwU7dhHF0vi++fRxo9OP+RigfJABqpUpafpVfmoD19FxfAg/AVqs+VvyLSM0bto+vRO72jNhYzIc3Luwx86Wa+IjX2IAwtqx8SypVNo669/6at03Jco9qyd3zaeWgBoD2XBQDSNu/X/JYZZLOYhq0AAMpOT+h5LKu6TwloDw5Y/dTxUBYCW/uvwPDdQdO7sWmVTtmDgutqtpNik8RS7KVZvXDrrLzL9CKFRwUGC1i0SegbgVGczIysoGklFe/uMvxsazJtlLPnBsqhqcwZuRa/ftXDTCXJ1NHVqdo4+qCpcmc6FOnN8n9+Bz9KxIv5Ujn/4QVSHQYXgRyDPhq28uAPQNgqfaI/96nonH6cOHjxSRa+Jx9AXS8Ih9gd4Cax1blyyxaQTJ5YU1qoFVmdbmPdJtkSG/2UqCGIq7j4WXX5F78fwjLHJah7JLZ5NffHhrncixFpf7Y66WjF04XK1JmAUFwwLJMVcRoxMAPUfGtQyFx8yFFRQYKxBwctKnaWVtNVnbCmRPV1gysNLtf8PP6jUa8K+9wDANoOL/v+MGCCnYZQpwBCMyEF1SCHHUTpHLOS2kL9Zlg4NZkaCPOK8MnOPKLkeFBux/N5btfZhbpw6Te3rtXNOqBAHPMRC6N/Oi7uRjYRB1ycXXhe35ia2wGotIYk9uToSFs5NnHEwwWh6sDfukdun4FqKLNarAiUG85lfMD6nFwOTsT7b2ARBlHbCQLtYlNO2Mo9XSpU73loA2/RQxjBOylfrsnu6e1qJsXcN6+qtYNv735fSF9+lVSsB7odleBn4wZgNjKQMsjefc7PflE94EDWZ4rEhbyLrCAizux7dYM89k+5DXIJmxdsskEP2lyoptw+iAU44jz9ifJasO/k5spn2/32yZhciCBtGO/FqpV1VsNSTiC+ijw4sveUILph2LtdykZ6unzVTN/ErQh8eW4kfWG35UaYJyac2MAKoJyvVUM/P9ZUrfxirzjVQSwcIN/ney6wHAACFFQAAUEsDBAoACQAAAMI0GUuhlhrSGAAAAAwAAAAtABwAYjJkZTQ4OTNmNjg3ZTA0MTZmZGUzNWVmOWVhNTkwOTUuZmlsZW5hbWUudHh0VVQJAAPMxZ9ZzMWfWXV4CwABBCEAAAAEIQAAAFTcqwWUTJbpdGcdbknhFqM1VyMgYhsnm1BLBwihlhrSGAAAAAwAAABQSwECHgMUAAkACADCNBlLN/ney6wHAACFFQAAIAAYAAAAAAABAAAApIEAAAAAYjJkZTQ4OTNmNjg3ZTA0MTZmZGUzNWVmOWVhNTkwOTVVVAUAA8zFn1l1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADCNBlLoZYa0hgAAAAMAAAALQAYAAAAAAABAAAApIEWCAAAYjJkZTQ4OTNmNjg3ZTA0MTZmZGUzNWVmOWVhNTkwOTUuZmlsZW5hbWUudHh0VVQFAAPMxZ9ZdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAKUIAAAAAA==' AND file:name = 'SINV0709.vbs' AND file:hashes.MD5 = 'b2de4893f687e0416fde35ef9ea59095' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:38:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc5cc-042c-4b2d-acbe-93c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:38:04.000Z" ,
"modified" : "2017-08-25T06:38:04.000Z" ,
"description" : "downloaded stage 1" ,
"pattern" : "[file:name = 'SINV0709.vbs' AND file:hashes.SHA1 = '3490bef54f73a02e244cdec001f871e271fd58e6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:38:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc5cc-0cd4-4a76-ba09-93c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:38:04.000Z" ,
"modified" : "2017-08-25T06:38:04.000Z" ,
"description" : "downloaded stage 1" ,
"pattern" : "[file:name = 'SINV0709.vbs' AND file:hashes.SHA256 = 'aa75f8ecb2a990615dc534155a15fd9d8ea99ca2db718e8bc6092dc07fda9b2c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:38:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-a03c-43c8-923f-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[url:value = 'http://bromesterionod.net/af/HygHGF']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-3ae0-4f81-a101-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[domain-name:value = 'bromesterionod.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-8f48-4237-b7b9-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.89.246.2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-1064-4657-bba7-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[url:value = 'http://go-coo.jp/HygHGF']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-5d28-477b-ba6f-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[domain-name:value = 'go-coo.jp']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-5800-419c-b00c-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.183.65.225']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-6d68-4d3b-b9cb-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[url:value = 'http://haboosh-law.com/HygHGF']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-bb74-4877-aa55-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[domain-name:value = 'haboosh-law.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-9bbc-42c1-8832-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.244.168.26']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-4748-4e75-a0c2-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[url:value = 'http://hansstock.de/HygHGF']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-b1d8-4956-9986-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[domain-name:value = 'hansstock.de']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-f1f8-4dd1-a886-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.25.124.78']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-62e4-42ad-b741-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[url:value = 'http://hartwig-mau.de/HygHGF']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-f7ec-41aa-9879-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[domain-name:value = 'hartwig-mau.de']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-f260-488c-b6c2-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.168.153']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-7cb8-4c9d-be1c-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[url:value = 'http://hausgadum.de/HygHGF']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-9328-40d2-9561-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[domain-name:value = 'hausgadum.de']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-9f0c-40fe-9f54-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '138.201.230.90']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-e828-4d76-9d63-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[url:value = 'http://hausgerhard.com/HygHGF']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-99d0-4da5-9f23-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[domain-name:value = 'hausgerhard.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-378c-43a3-b7fd-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.51.164.62']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-0790-413a-bc3c-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[url:value = 'http://hbwconsultants.nl/HygHGF']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-8cd4-4776-9a74-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[domain-name:value = 'hbwconsultants.nl']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-1564-475c-8d6d-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.237.218.40']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-a78c-414d-a9fc-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[url:value = 'http://hecam.de/HygHGF']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-2b74-4423-a192-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[domain-name:value = 'hecam.de']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-09fc-40bd-a005-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.169.22.79']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-cf84-4146-b631-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[url:value = 'http://heimatverein-menne.de/HygHGF']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-87c4-47e9-9f76-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[domain-name:value = 'heimatverein-menne.de']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc64f-a9d8-40d7-9b10-942d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:40:15.000Z" ,
"modified" : "2017-08-25T06:40:15.000Z" ,
"description" : "stage 2 download location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.75.191.150']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:40:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc70d-0fc8-4047-83d1-4187950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:43:25.000Z" ,
"modified" : "2017-08-25T06:43:25.000Z" ,
"description" : "stage 2 - Locky" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A G 0 1 G U t N r q T V L W E I A A A + C g A g A B w A N W U 4 Y T E 4 M 2E1 Z m U x Y j B i M z Z l Y W Y 2 Y T d h M T B i M z B m Y T V V V A k A A w 3 H n 1 k N x 59 Z d X g L A A E E I Q A A A A Q h A A A A i C l E y Z 9 Q j A a I E x J H E A 8 R 6 k u A v 0 N x 18 N c S c i L R Q Q Y P I R T R x 0 M 6 w 64 B k 4 N J O + W V 5 Q E z t d x 8 M Y y j C 4 A W F P A c u D v r + 47 Q P U D D 0 P r k W P C 1 j M a / R Z r 2 / p q 857 o 1 J S 79 w 7 x 46466 S y S 5 e P Y N f 3 G S 2 d 9 d 8 U h E t W G D j / p n a N 1 w H 8 K u m H 0 3 e l a 32 j t 5 C M i I 7 N C e j E n d x q E J i q B p f s B V f Q s m v T 44 M 1 p W T U r o 23 u Q A E V u W / O k h l k G 2 n + X N o G b X + M 74 o D E 0 i C S b 5 j L P F L 2 R B p y N h H O 62 c b n r H h L L 5684 M o a f P T v O S 8 L w w J Q h V C 1 f y c a r v H N F 1 V x C R Y 8 n 1e2 w C M l V a L w 2 x I z 67 g 1 f + S V u 5 a i y o v h j B k 9 t 17 n t I N j u i q Y A X Q 5 w C + J Y Q T t 1 k S r g a s d v U l e A q v f v F b K P D o k / e N a A 45 v Q X 4 d w w G 47 c W 9 i J 2 l R 50 d m v D F r U j g 9 j g / Y J M U 4 C w 8 C A A 6 x w 7 + Z U T w G y b B X 7 c 6 k a V X M j f E 45 O I m I j w K V o r s N M Q a p P / F + v k 5 v p e R r F M u f 6 e m 5 u 4 N t g C I V a y 6 R + + z Q L s l b t y L c T 689 P J x z P V w 0 o W T 4 I + G h 1 K i h n 0 r 6 W 6 D 6 l Q B j n H E R k p 34 g J 8 F R f x j c 41 J x 8 r s 8 s 5 R p G E H W S C F T m e D 9 P D Q 5 K u / L i Z I R K P z 6 S C H 7 H D Q L y U A 4 W + L U a 9 R X A h J b m m j K m q f r x B V t s C u 9 c k 82 z V u w Y r T L 95 M i R r l e J 2 K o J 5 M n E F G N O 9 W 3 D F a d 8 p t k S V h R J Y u W w n H E + 1 Y C 7 B d T e 2 c S S G Z 6 A b 5 C r c y L S 0 8 c x t 8 D b b G V 7 R E Q A M c O Y I 98 h U w + S a 0 k w l l / V X W 6 u 9 T / 4 G U N p l 0 o + z T L 6 Z v H 3 G D D G 1 t U u x r d G 0 B H 20 D Z n q O x 3 F d R r U R M D V R x m j 5 b A U Y K J 0 F Q X j A F j Z p I F W M B Y D 4 R 71 k F 4 x w P S e k H C I h b V c + D A b r f r 9 l O P W k 6 H K F 6 j S 6 i 6 i Z x 4 a n / 5 R J z N G 4 D m H Z y E w Q Q W Q 1 T 70 H v S D g J 76 I U G 2 k c W l k m C r A D Q o H R 8 F 9 B W k z t w 2 c k Z m e 9 g 79 D l q v p p 7 Q 2 e p x I g T J S i U o + T o Y I o Y c j w C + 7 I I n S z c 2 X t U L I s M B Z 3 z / J W n i Z A Z x 0 8 U h r S 8 B h M d Y v Z o h U C u D Q e Y T l i 7 C u a T a w U p e F 1 f 5 x v Q b B p A f d + 4 + o R I L r q Q Y c L A A M v f z n z B v N a J 8 O W o S 53 u t O B N f i 3 M V M Y L U j 1 o C w R u A b 5 a c j w 6 h G 9 f K S B K w J 3 I 0 k H f O X C P h r J i p F h 0 E U s U Z A + 8 H q t d + + j 4 i b U 47 Q n Z 5 C d I v c h u b s y 8 Q F 4 r X 1 D C k y A i w 3 E w L n e k E C r G Z P r z 1 T m k N k O / 6 q 1 j T 7 d c T z G p 3 w X H l / b Q 5 A 0 B l Y 3 o k a u y 5 w F K o a S 9 R T o 3 g 49 f v 8 F z y P 3 N K 8 h J L D y p t X Z w B Z y i y k l f 0 Q B c x 0 B v 1 q v b v G E 81 D t d 24 Q W N D O P R u q u J c X H K b x f D F z i U Z 3 N d E K a h 57 D g y y X s j l p A X t 8 M f t L K + T P x q 0 G y 30 + m o N X L H V a 1 k C B b s b o w 0 6 E d H N Z 7 S O Y 6 e X d u N j f n b C d a 82 l Y U t N j r x B Z m t 1 a j Q P I 8 l D 1 y u Q T T l f 1 S y H F p S X w L q r 75 K f X Q N 5 w U o o F 4 I A C 8 c 2 M C 6 K b + 5 E S L Z N k r X t c A U 5 F 2 z a j J S + 6 l x J e G G L 1 j u 3 W i F R 2 v P N i d s + W 7 i t y 7 s M V R Q S s c B k W D 2 B S F 7 N C G r s p l w f e A p r a L I I A f 1 Y l 6 + x 5 / E 1 K + K g O u U F i V 6 m 879 w 8 x Y g M l 0 s 3 L c 3 f 8 j C c E C 8 / o + w Y m f 860 X z t s u N g O j R k s P G Q E x L k A + A s / X X o E D G 1 b v S D y m x p w l u k z F a Y V Z z 76 h I D Y F u 9 A 1 M q p X u g f x P P i i e f w b A L N + C X 4 V + I b x m O U h S E 7 w l Y c b v / j f O 3 t I Q z j y K R D t 8 Y D t 1 H V R e f b K H 63 d E 3 T g g A S 9 n A Y 3 O V W b D N 8 U + C b h P C 6 + q u M x X 27 G O W I 5 c 1 W M y n e G t m j u B M 35 Y a x L n C g p W b D C O F s 6 A t 8 Q 2 p d S w a j R q c z 0 u e 5 Z P p e V I Z v P s J p O + I W 2 W 4 p N 7 V A S T T P A 85 X 5 C y R Q 5 / w J I S H 0 g N 5 G h b r F H D P D h L J D 1 / i X J a 5 a Y C w 6 I m M h e S 4 S Y a 3 j c Z H K D q C P 1 f i + H a F p E A q I w g L M s Q A v B Z r i X p N A J d z x M 6 m e y R H G Z U n z O Y 5 j L u R x 8 e w j l H d N G g m 5 a 7 C I / Z 7 u V 4 H x + a L 1 p 3 n q E A w k I x L z m u 8 T C B R g b Z s 6 t u C Q V J e U 5 T Y a R b k f F O 365 Y n V n d 7 T w y 23 P V i k V / i 1 p 3 L I l c d B S 1 y k y n a u Z S a U G i a g + U + t S + 9 b v X g Q Q o k z n 1 R v 4 q G V a Q u t Z 0 L B E 3 u 2 N H K m H 2 Q J 6 A q u j 9 Z y d G t h V M 6 g t d B S 8 G e g e C X 2 y F t t B r B 13 f X q O k f W y E c H R 3e2 L Z D S 3 u g 88 a 5 F D X w z z d M 99 Z x L Q h q 3 O x 1 i X p V k T T 3 o O Z Q O 2 r w y B U y K q b G Q G M Y g I f T l r c x 3 F K K F l p l t 0 m 0 j y Q / 0 D 1 q m i k 5 N 6 p C P v 51 W e h C F b i + u Y Q L 8 S X l q H D 5 O E M 0 D 88 p 1 S 0 Y w n u m 2 g L a i 5 k N O J b t R t I m Z n w + 2 B 6 N 7 q u x 4 k / K P x q 1 W 2 S 8 t + n c P 6 Z P q n D b c Y M v R i C l Z o F p i u n i A Y C o k B S / 1 o y N h g m i Y / B m R D A g H Y t H g M 3 G E y x E P m N 0 U o 189 e Q G W 2 x b 3 V C a 8 L 3 i + S 7 d l z B / q s c 5 X t S b z n R X h g a W d I f m b L V q Q J M 4 s + b e P i i t p / + E f q o Q e O Y C k m Q f 6 O 6 M J H m c j + i 9 U 3 e K a Y L j 8 P x t n E h e u l K S 5 l L 3 g e 4 K G 50 T 2 V 7E71 g k B b f X V / U h Z T Y / 5 n 59 J g i C B H c Y t c 2 n L 7 I h G o 0 z B D g a C g 7 q g m L V l 72 z O H i z 4 t k s C K R U V T 57 Z O D X 9 T s U j X + T z + E e 7 S y s G H l r 4 I u 1 T t 4 G w t 0 L K d U x P 6 C U Z a s 5 a A 2 N 6 v + s j O H t R o f A 8 j i W I N 640 X L Z A v P j v 9 B F A 0 l a p W h u e 2 p Y v s T h n W M 9 n o p j n M P S u f d 6 D k U 83 p N e L W s R Q U N f O 6 l K 4 y s D 1 p b z j x A N p J n y U T 5 h Q a 6 i c Q J Z c H M 1 d / p C S I j f p W r k z x v Y 49 Q + G C n t Q J T l g G 37 u s r n h C 1 / p e d v 7 s 3 p L Q i q v N E 7 C D s R R T o j K p 9 w R G m Q r u Z 9 q J s c g 93 M i r d k H Y W O E 5 W 0 Y d M h Z 7 j h A M u Q t n 0 n V J n M G m g M 3 F J r n d x T d R 3 H + x P l F I 8 A i t p Q w h h 2 s x Q i j 6 a + 6 J n F F c k P j W t c K p G U I i G K + 9 + T l L 6 T D V O K i m 8 T o 0 B S d T 2 h y q 2 D Q 8 p m N D o k Q A e / R b G d K W o 4 D u k Q i R s L 2 F L Q R Q M v 1 f 15 a j l e e q X V K 5 k e q j d x u C T u m V e G E k I C R b f h B K h F j A o m Y K v R 7 q N m V i a G T Z a p / G H 2 K n j g 0 + C d e X / S I d e 4 g g Z u b G J I 7842 V c + e e 5 p C u 4 Q o J T F o g 9 I O p k d + 3 X v D h / J j 74 k t v 3 u S i b I i V 1 Z h t P + t o g I W f 4 x 45 j B E k r D 5 C 8 Z e O + 5 p N m L F x h l h l 7 y 83 d P N n A j 0 Y g 2 Q a s B W 3 t 9 H d 3 t w j T R e D X n y A 0 L X Y D r C A 14 N 6 S Q J n M x B y p v q A d X 7 I F U E q I z 2 + o f 2 B r q d M g y k L 24 Z 2 Y x k S u n 8 y S Q J H L f V C f m R d k w N d Y F f Z 2 A q 2 A T F F V F o Q 2 v G 4 N o B L I J z F F 2 W W u Q 2 V N q h + f V x v b M + r Q A C F 3 I Z 6 J + E / g 2 p p 2 y l f p 6 z P j t D f V Y e + O j O J D s D K J N i J B w Z Q Y D z l y R s 4 f R k / R 95 M K q O 6 n J c 8 d L J Z G C J n K F 2 g 9 Q + k U A A L H k e s 8 a m N k m X E 0 V 8 n y r V M C K I u c v 4 Q n O 4 g m S F X C d l Y 2 V w D g t 4 F 67 f b x P T e f T K 6 D L 4 W W a J L s g K f + m + X J 5 g T M v B o e M i 7 o X Z / w C k H P x 5 d 0 x 8 L Q 1 C B J g k n s 0 B d H t X N a B u f X i 7 d E O H L o S Q H s A V i x E T B X 3 Z j 5 q d N p z P O r D G z 1 M W e + H y r y m 6 F H 7 s o K Y 7 w M v a 5 G a f q / f A h t C R W v q C s b q a I / l e f p S 2 F e f B O H h b t E 6 y O Y T F m N U a z c F 6 k T D K D A v N z q 6 + u M N g P / 6 B j l s n 1 B f p q J 8 O a z g V 1 M a A m T 0 1 c 8 d B 0 F f 7 S n 8 N / M z j O x i H i v 3 i J q 1 E C G w w q o e 3 V r s g M H j c A N R 8 M N m k G 4 X 27 g g e S J B g h 5 X i c 7 M V I w D F m P f z + z P f p T w x 7 H 8 d R X b q w D C 1 B
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:43:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc70d-9f98-43b0-a85d-4f79950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:43:25.000Z" ,
"modified" : "2017-08-25T06:43:25.000Z" ,
"description" : "stage 2 - Locky" ,
"pattern" : "[file:name = 'HygHGF' AND file:hashes.SHA1 = '9d23067187d8e40380580db7c3c64e9e8ba14fd0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:43:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--599fc70d-e998-494a-ac4b-4b11950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T06:43:25.000Z" ,
"modified" : "2017-08-25T06:43:25.000Z" ,
"description" : "stage 2 - Locky" ,
"pattern" : "[file:name = 'HygHGF' AND file:hashes.SHA256 = 'abacabfc7c6550bd8594fd0b758c3f890a01212fcc23d3a04b04f761684cc86e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T06:43:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
