adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/599fc448-9ed0-46eb-89ae-93c2950d210f.json

1172 lines
770 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--599fc448-9ed0-46eb-89ae-93c2950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:42:12.000Z",
"modified": "2017-08-25T06:42:12.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--599fc448-9ed0-46eb-89ae-93c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:42:12.000Z",
"modified": "2017-08-25T06:42:12.000Z",
"name": "Malspam 2017-08-25 'Your Sage subscription invoice is ready'",
"published": "2017-08-25T06:43:43Z",
"object_refs": [
"indicator--599fc45f-ade0-43f5-9c6f-42c1950d210f",
"indicator--599fc45f-774c-49cf-b610-4576950d210f",
"indicator--599fc45f-eddc-4839-b143-49fe950d210f",
"indicator--599fc45f-f61c-4ec6-9bbb-4f91950d210f",
"indicator--599fc45f-fa40-40c6-92bf-40f9950d210f",
"indicator--599fc45f-0400-4fea-93d2-44ce950d210f",
"indicator--599fc5cc-07e0-4acb-a64d-93c2950d210f",
"indicator--599fc5cc-87d8-44c8-8729-93c2950d210f",
"indicator--599fc5cc-febc-4fb1-a1d7-93c2950d210f",
"indicator--599fc5cc-3ab0-4687-8040-93c2950d210f",
"indicator--599fc5cc-042c-4b2d-acbe-93c2950d210f",
"indicator--599fc5cc-0cd4-4a76-ba09-93c2950d210f",
"indicator--599fc64f-a03c-43c8-923f-942d950d210f",
"indicator--599fc64f-3ae0-4f81-a101-942d950d210f",
"indicator--599fc64f-8f48-4237-b7b9-942d950d210f",
"indicator--599fc64f-1064-4657-bba7-942d950d210f",
"indicator--599fc64f-5d28-477b-ba6f-942d950d210f",
"indicator--599fc64f-5800-419c-b00c-942d950d210f",
"indicator--599fc64f-6d68-4d3b-b9cb-942d950d210f",
"indicator--599fc64f-bb74-4877-aa55-942d950d210f",
"indicator--599fc64f-9bbc-42c1-8832-942d950d210f",
"indicator--599fc64f-4748-4e75-a0c2-942d950d210f",
"indicator--599fc64f-b1d8-4956-9986-942d950d210f",
"indicator--599fc64f-f1f8-4dd1-a886-942d950d210f",
"indicator--599fc64f-62e4-42ad-b741-942d950d210f",
"indicator--599fc64f-f7ec-41aa-9879-942d950d210f",
"indicator--599fc64f-f260-488c-b6c2-942d950d210f",
"indicator--599fc64f-7cb8-4c9d-be1c-942d950d210f",
"indicator--599fc64f-9328-40d2-9561-942d950d210f",
"indicator--599fc64f-9f0c-40fe-9f54-942d950d210f",
"indicator--599fc64f-e828-4d76-9d63-942d950d210f",
"indicator--599fc64f-99d0-4da5-9f23-942d950d210f",
"indicator--599fc64f-378c-43a3-b7fd-942d950d210f",
"indicator--599fc64f-0790-413a-bc3c-942d950d210f",
"indicator--599fc64f-8cd4-4776-9a74-942d950d210f",
"indicator--599fc64f-1564-475c-8d6d-942d950d210f",
"indicator--599fc64f-a78c-414d-a9fc-942d950d210f",
"indicator--599fc64f-2b74-4423-a192-942d950d210f",
"indicator--599fc64f-09fc-40bd-a005-942d950d210f",
"indicator--599fc64f-cf84-4146-b631-942d950d210f",
"indicator--599fc64f-87c4-47e9-9f76-942d950d210f",
"indicator--599fc64f-a9d8-40d7-9b10-942d950d210f",
"indicator--599fc70d-0fc8-4047-83d1-4187950d210f",
"indicator--599fc70d-9f98-43b0-a85d-4f79950d210f",
"indicator--599fc70d-e998-494a-ac4b-4b11950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\"",
"misp-galaxy:ransomware=\"Locky\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc45f-ade0-43f5-9c6f-42c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:31:59.000Z",
"modified": "2017-08-25T06:31:59.000Z",
"description": "1st stage download location",
"pattern": "[url:value = 'http://gumart.com/SINV0709.rar']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:31:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc45f-774c-49cf-b610-4576950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:31:59.000Z",
"modified": "2017-08-25T06:31:59.000Z",
"description": "1st stage download location",
"pattern": "[domain-name:value = 'gumart.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:31:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc45f-eddc-4839-b143-49fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:31:59.000Z",
"modified": "2017-08-25T06:31:59.000Z",
"description": "1st stage download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.197.248.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:31:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc45f-f61c-4ec6-9bbb-4f91950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:31:59.000Z",
"modified": "2017-08-25T06:31:59.000Z",
"description": "1st stage download location",
"pattern": "[url:value = 'http://haleshomesales.com/SINV0709.rar']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:31:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc45f-fa40-40c6-92bf-40f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:31:59.000Z",
"modified": "2017-08-25T06:31:59.000Z",
"description": "1st stage download location",
"pattern": "[domain-name:value = 'haleshomesales.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:31:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc45f-0400-4fea-93d2-44ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:31:59.000Z",
"modified": "2017-08-25T06:31:59.000Z",
"description": "1st stage download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.192.66.137']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:31:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc5cc-07e0-4acb-a64d-93c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:38:04.000Z",
"modified": "2017-08-25T06:38:04.000Z",
"description": "downloaded stage 1",
"pattern": "[file:content_ref.payload_bin = 'UEsDBAoACQAAAMI0GUtE048G/wcAAPMHAAAgABwAMjRiMjcwYjRhMTA2ZGEzNWUzOTVkOTc3NjBjN2Q0YmZVVAkAA8zFn1nMxZ9ZdXgLAAEEIQAAAAQhAAAAIaPbfM7iTTvoxcmDVB04vr54TPZXBF1HTQcFDP0lfgXNipKMtQlwB48DRdChVhTGKdOYcxbWh1Isg/ZedV721TVm9HcSeGC5+zzuyhNs/GqLIIPoWmHeXoUUKabpwvkYwh7c0GfWcqzUc/qp/VND4DWqu0CqK2UjxdTaMbykEyu1d/NttmvkRm1hCjoVuPrmCkopapwd7g2Wc2GKfHzrvXuaNd/No/Jw65gVr678z/dWBP4C1GIIs3HZaKA5u9aLsPdygALHiEOE7oTFcKZzeDHpFTN7sdGmcysm+WXOiSfWEVqWfmgjDKiel3FqOpvDkX4K0bRgZp6WK1ooBS6lO59zlD4t62L2XDtT3izZKlSIRgDRouP2mOJWcig3xPW9a5QmuORPdRqHTXPfP6N/P5KMKNTKbxacqJDEy06Ju94bIaAuRMa532BCV4ahru56zt/iAOcqoIXu95nHiWTyO8Q26f7CNkT/x+FV24BGQ+L0S/ydX84VfbkGUx2gYTEt3jzDJIEIQUIxeJh5cLhoEME+l2K17vB+Z914hvg8UVbQX9o20nw07fag0cz1HOtlynsx//pjHdRUFgT51l9nusn6Bq29lCxKk7ZiFATABItOCrC2sJZB+RYYXuKB8gM82o2LYn374BFu4S4UjaTSvsahMeQGXHz60cZgWI0PLuw68oINh1JQXc+qsO9VXOfylh+f0r+5Wgp0PT2CLcife9qhigKBhjhthjDENR0cYVfQlmjmv5kTCzOwdH/LUYSMokPlKMezi6ATLw5U9lIBHSkbozpDqWUL7loQigCConVAR52/XNs4+bAYEDq9U77D+glF0yM0BfqhJ3z1Uid7/fDJ8gbOGzEP1IR0ysaKz/jaLkRQ4mzwyLrtJbrANCQLHVteS7nRZR49H8tONBrNXChSllB8ieT4Z7Zp4Sphl/XeXz68kBtjLB46/6m7FSUXRXbJ3uB1B5/YzYrQGr3pgUCKtt8GBmMlb9h5dIJZFIKcEUdFXBl4fUD64HcoOpdA6m+fGTM9s98EUErbY8rwvaWCrZVZHiJvwQVqbNpB/ffgtZyGrHSp4opWDAFbm+xYwIjVwbXvU7NPUgWIvGCsqcAjHyBCxlmm7rPOljUmVJI7EdAQsxBOht3kvUHRG2oPhvob/KYRPqehW93utKYHJYGS12nuQ10ULSZmRJ3LifwzSa/f2caC53YamCQzh7z80K9GIMl9JT6CgkoJ0M1tCPN3/gVM1Ot3l62WYey06JeMjuJ5cVYuAw6Y0gFEZetKZ5AiNAj+/0lrAJxB4FBpO6N9GILgH+RefplBqN2LE8qOADVvqxU6vaqMgfpgbbulDUS5KpxqvGHecMIVWTF0G8VYteMwEXf3SZO74i0mg3wRVR+dwspwyEbcF3Feo0B4iUtCXDjB73/BXev70Ugr5KuoDTt9VnhXcabuVaGB03VdEXj6LFsXAbTTAmHQzAWbIbMkg5jE2wfdcQG2aGSyLhkQvJd0NcHhv8ByciIbBXUs5UWMPP4HPYlYxmOX9fjpbAVdtuDqz66ePTXtLEHAxbCf94XsbYhr5PP3k2yDJgJ9sk+aeQTtluQC5vaemM015hYqPFPzWhwUbjckpbjQLlIb496OGkXa2XU9XzPN/NxekybYVEYEoBgtbZmNVQKwpVqoJz+q2K3LB9fU8uyN3Oi4pcQX5sdh0Pct3ieiAdGmQcWw4KWREnTybXenjdboRu1DN7E9faxM+NefLNw6WTT1KbQl6WsJaM4lMbvKCzS76WHIYGG37IWYGHyzwycN2Ceojqb3Y6M2bO8eYTajRyPwy2uwne2JBLTRRV57PRDXYmPBpRQaqeXaqVuOS6qoqIUII83ReX9N3IQVPPNs29ULuWjm5LQkP6WVjnBgqRBdx1n6mc2UjlHdgmfIyxFhpVWghtQ41ZOh4WJxaPqUWHWovkTmUvDd1LPEpDl1OtdBc/VBcsKLS7UbUw3Xi2jeIJJhFU/JctJ2mABPnAuXHjKQyR81uSeT42db91rVRtAdsUVIV75lE+y1XO53/rgKUhlyE9MCfUOqsqrtGIcj3v06MCJ/IqhURCUPLzf5+k+h/R9WscKin1t4mZrytFiOb6avi/lMeAS0Piq61Quf2ynKoHppOl1VDkiG7pBeJcPnkx2Ufh0aXzq345+GvfJsOBp7kNknHLLULknM4l/keM1nbVoRfT8aPetAzxs+zehqtB+pBXKd972ZSway2VxHorfvULh9CNgnI9DdOlwFFkW/qVR2VSqmiF2AZELr1xT/FzxOH/icMhEgsaQi3uyJZJOqT77eN5Nq3+IUE+76oJQDrem1sG7O5jiiPjPLh66L/+YizBxpWgKgmlbXEm6QjVgKWp26fYsd8clCFVzm1cMhn3yx3xEHXkvlY/EayjVrcinTkAwJqrp1UnkXragg4VxrjpMrRBXtfzJ7sLRnYS1Cz3wxUtD5jtY/dZLF1+tgYG7LrRPBGNLJrRg2+sxvocR/uG69k2pjPx4gxxYmO/xYkGFEOE38nmmZuwTyg0G9ndTBCJS3F/iiktqOobdK21vp7vkbHhF6iHaD237qudGLJ8rAwNW+/z2kVClIUBP/cl5GYnSuiBuWkflpGFpyqgLd2iH1GZjkFyF87l2AWhYvm5BiwZgpUjdiT/4gc+tyqq1VtEafUeLNvXkBmS19tL3D5esKJL7GJFQD4hSU/webOPWOl8KIK09AKjPAkVBLBwhE048G/wcAAPMHAABQSwMECgAJAAAAwjQZSyhdOYkYAAAADAAAAC0AHAAyNGIyNzBiNGExMDZkYTM1ZTM5NWQ5Nzc2MGM3ZDRiZi5maWxlbmFtZS50eHRVVAkAA8zFn1nMxZ9ZdXgLAAEEIQAAAAQhAAAAVQMdOzr+zKj8fWfRqdjMY+Mj8TPBIkj3UEsHCChdOYkYAAAADAAAAFBLAQIeAwoACQAAAMI0GUtE048G/wcAAPMHAAAgABgAAAAAAAAAAACkgQAAAAAyNGIyNzBiNGExMDZkYTM1ZTM5NWQ5Nzc2MGM3ZDRiZlVUBQADzMWfWXV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMI0GUsoXTmJGAAAAAwAAAAtABgAAAAAAAEAAACkgWkIAAAyNGIyNzBiNGExMDZkYTM1ZTM5NWQ5Nzc2MGM3ZDRiZi5maWxlbmFtZS50eHRVVAUAA8zFn1l1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAA+AgAAAAA' AND file:name = 'SINV0709.rar' AND file:hashes.MD5 = '24b270b4a106da35e395d97760c7d4bf' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc5cc-87d8-44c8-8729-93c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:38:04.000Z",
"modified": "2017-08-25T06:38:04.000Z",
"description": "downloaded stage 1",
"pattern": "[file:name = 'SINV0709.rar' AND file:hashes.SHA1 = 'bace8533f660fa525072bb704973148504fdbf42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc5cc-febc-4fb1-a1d7-93c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:38:04.000Z",
"modified": "2017-08-25T06:38:04.000Z",
"description": "downloaded stage 1",
"pattern": "[file:name = 'SINV0709.rar' AND file:hashes.SHA256 = '11e77e2b4ff4a3fd2cdd20f7896a2b44a426978d378a9557fbf60aee318e92bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc5cc-3ab0-4687-8040-93c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:38:04.000Z",
"modified": "2017-08-25T06:38:04.000Z",
"description": "downloaded stage 1",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMI0GUs3+d7LrAcAAIUVAAAgABwAYjJkZTQ4OTNmNjg3ZTA0MTZmZGUzNWVmOWVhNTkwOTVVVAkAA8zFn1nMxZ9ZdXgLAAEEIQAAAAQhAAAAmaNbMgCfeIQ7klwTn4UVCl/jD/NrsnzFBIXeKk8UxP4IAXsPsdC49MXxnyZrLZOECKpV7WDIR7ES+kPGP8tC/waJItjdncq0vAeUbpqbnlLnatzWOqNyBfhVsRZXL7eCLZcK6M/wX0qsBo0k1h0ysCwDAAJ8gL3pmzhaSbeSZVyx8SZxRotkRaxgUoIRk5KdtSiNDOTcoAKvraNz45tdRKoTx7NoKlAGIP+PpnL+5X1NgypacvwUKu/2ZdVSC+dAD0OQ9NzErVuQvZHKvT8ChgBi/I0EjGwLuPsRSibNWSYt27XneDAtkhx4mndbU8+1TbpGsV7v+slZa6bUw0JRU/pYGGUYo7w8j1aUmq3xIF3cTAzs5GnCahl5vR+UiP2Nm8+P9//27MaxWScm5A1/QcSJv8i2enpi4erF8T9TqM1A+tEYwoC4S7lfHlbovrNAlsk33C/SW0HJGlMKves0ZYKUIYImDe1i/2bAv7vCO/nyvHTCm/PMJafe97bg7H0BymTnfn7qJWFFgFbsuLxWxfCbyd7C/tjWbzbiigT9ogO5o+Legk6GrrAXnxAR+TwsaVQlpfvJBS798ZieWH5YufFqMaDMExKPA/PXLvJlB1+HZ8lVP6N/1ILep7Z2LupMI+IUZN7kbTImz2mSVFmLhrq4y7s1hN7Zt0BCScNCVb99s1AjsN3yW8hDjIac+J8GcXZUEFbn8Jn88BMLNiuvXZmN46wr1k1/S5tr6qZMPmQ+xn4im46/BYbV62hnsFOXdHojT3czccuRQOgLvgTLUBDysBGi4e/KEbh2CREKuS3CGoEF+vNmA6Bi1IW3okfKG+YI8ZoMx8bY/HhZ9PjesTmB3YF6lsm9+BqoWRtQQ67J6LsW60Bs/0JKl9b8OdZnr8r6zDGhN8dCiQqe4E+PMVENQLQbQKE6FDxT72RVJVfpRUcyoXtEFLx5MJDOSw8QzO6tplbtfb/+iMuf0Qv0MOnh90d6WuTWUUT5eVnOZIORvZNha6ky1gk9kYs/oGctYZfEn5obO9lFPo1qAPuSCMtiTr0FkzMQL5FHts1+cgmC2zl930l9RZ6MeOJMBfX0EIXSUIzIuS2xvYtw2nwg6VBYGYsOPII2qmNEYXUr6a763dZ+A7sOYhQaFnCARXDf8ndXYl9buZ2KKzylrrz14SfNvrgdKQ7L2g1ZMI5fHr1s10NMcDuf4VNmVK7PmkFnqwvViVUt0/PFiLjjO5nMHO8qIVqagXUxdBda5GWreUw+n9+n4cfs+R02UQjwCSHuFt71P86OrP4Xop5M4XK3Tqs9mCVNIwt852HJNXvd16bNaJSSLkmi+D7BmmTDAZ47NIKJa824CrMZoCTVx8ibZC9MPIwk8JkPpbZOG6Rsh7zbybMXU1T/G2MMVR4NDcze8AtXFdD6Jg5B0rRX8bB7aUk3hQTkyEM6LVaeWSsqK0xaZ/TWzEOk6IiqHXJd9Yy+7PMb0wglozVDKyd+0rxPrzYmnjnLXRxMcpk4t6spSTZmNIQ2u5a9ATijY0X8oejIrCSlLed76TNNmUg8fDEks0AOCwErN6+D3c2LqQU4+DUexN2KAX/vRcPbIgs3pA7aFDU+eMGm4a88clJluN96e2/sNK0Xy7JlXgwU7dhHF0vi++fRxo9OP+RigfJABqpUpafpVfmoD19FxfAg/AVqs+VvyLSM0bto+vRO72jNhYzIc3Luwx86Wa+IjX2IAwtqx8SypVNo669/6at03Jco9qyd3zaeWgBoD2XBQDSNu/X/JYZZLOYhq0AAMpOT+h5LKu6TwloDw5Y/dTxUBYCW/uvwPDdQdO7sWmVTtmDgutqtpNik8RS7KVZvXDrrLzL9CKFRwUGC1i0SegbgVGczIysoGklFe/uMvxsazJtlLPnBsqhqcwZuRa/ftXDTCXJ1NHVqdo4+qCpcmc6FOnN8n9+Bz9KxIv5Ujn/4QVSHQYXgRyDPhq28uAPQNgqfaI/96nonH6cOHjxSRa+Jx9AXS8Ih9gd4Cax1blyyxaQTJ5YU1qoFVmdbmPdJtkSG/2UqCGIq7j4WXX5F78fwjLHJah7JLZ5NffHhrncixFpf7Y66WjF04XK1JmAUFwwLJMVcRoxMAPUfGtQyFx8yFFRQYKxBwctKnaWVtNVnbCmRPV1gysNLtf8PP6jUa8K+9wDANoOL/v+MGCCnYZQpwBCMyEF1SCHHUTpHLOS2kL9Zlg4NZkaCPOK8MnOPKLkeFBux/N5btfZhbpw6Te3rtXNOqBAHPMRC6N/Oi7uRjYRB1ycXXhe35ia2wGotIYk9uToSFs5NnHEwwWh6sDfukdun4FqKLNarAiUG85lfMD6nFwOTsT7b2ARBlHbCQLtYlNO2Mo9XSpU73loA2/RQxjBOylfrsnu6e1qJsXcN6+qtYNv735fSF9+lVSsB7odleBn4wZgNjKQMsjefc7PflE94EDWZ4rEhbyLrCAizux7dYM89k+5DXIJmxdsskEP2lyoptw+iAU44jz9ifJasO/k5spn2/32yZhciCBtGO/FqpV1VsNSTiC+ijw4sveUILph2LtdykZ6unzVTN/ErQh8eW4kfWG35UaYJyac2MAKoJyvVUM/P9ZUrfxirzjVQSwcIN/ney6wHAACFFQAAUEsDBAoACQAAAMI0GUuhlhrSGAAAAAwAAAAtABwAYjJkZTQ4OTNmNjg3ZTA0MTZmZGUzNWVmOWVhNTkwOTUuZmlsZW5hbWUudHh0VVQJAAPMxZ9ZzMWfWXV4CwABBCEAAAAEIQAAAFTcqwWUTJbpdGcdbknhFqM1VyMgYhsnm1BLBwihlhrSGAAAAAwAAABQSwECHgMUAAkACADCNBlLN/ney6wHAACFFQAAIAAYAAAAAAABAAAApIEAAAAAYjJkZTQ4OTNmNjg3ZTA0MTZmZGUzNWVmOWVhNTkwOTVVVAUAA8zFn1l1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAADCNBlLoZYa0hgAAAAMAAAALQAYAAAAAAABAAAApIEWCAAAYjJkZTQ4OTNmNjg3ZTA0MTZmZGUzNWVmOWVhNTkwOTUuZmlsZW5hbWUudHh0VVQFAAPMxZ9ZdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAKUIAAAAAA==' AND file:name = 'SINV0709.vbs' AND file:hashes.MD5 = 'b2de4893f687e0416fde35ef9ea59095' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc5cc-042c-4b2d-acbe-93c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:38:04.000Z",
"modified": "2017-08-25T06:38:04.000Z",
"description": "downloaded stage 1",
"pattern": "[file:name = 'SINV0709.vbs' AND file:hashes.SHA1 = '3490bef54f73a02e244cdec001f871e271fd58e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc5cc-0cd4-4a76-ba09-93c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:38:04.000Z",
"modified": "2017-08-25T06:38:04.000Z",
"description": "downloaded stage 1",
"pattern": "[file:name = 'SINV0709.vbs' AND file:hashes.SHA256 = 'aa75f8ecb2a990615dc534155a15fd9d8ea99ca2db718e8bc6092dc07fda9b2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-a03c-43c8-923f-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[url:value = 'http://bromesterionod.net/af/HygHGF']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-3ae0-4f81-a101-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[domain-name:value = 'bromesterionod.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-8f48-4237-b7b9-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.89.246.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-1064-4657-bba7-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[url:value = 'http://go-coo.jp/HygHGF']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-5d28-477b-ba6f-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[domain-name:value = 'go-coo.jp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-5800-419c-b00c-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.183.65.225']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-6d68-4d3b-b9cb-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[url:value = 'http://haboosh-law.com/HygHGF']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-bb74-4877-aa55-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[domain-name:value = 'haboosh-law.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-9bbc-42c1-8832-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.244.168.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-4748-4e75-a0c2-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[url:value = 'http://hansstock.de/HygHGF']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-b1d8-4956-9986-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[domain-name:value = 'hansstock.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-f1f8-4dd1-a886-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.25.124.78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-62e4-42ad-b741-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[url:value = 'http://hartwig-mau.de/HygHGF']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-f7ec-41aa-9879-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[domain-name:value = 'hartwig-mau.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-f260-488c-b6c2-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.168.153']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-7cb8-4c9d-be1c-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[url:value = 'http://hausgadum.de/HygHGF']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-9328-40d2-9561-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[domain-name:value = 'hausgadum.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-9f0c-40fe-9f54-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '138.201.230.90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-e828-4d76-9d63-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[url:value = 'http://hausgerhard.com/HygHGF']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-99d0-4da5-9f23-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[domain-name:value = 'hausgerhard.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-378c-43a3-b7fd-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.51.164.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-0790-413a-bc3c-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[url:value = 'http://hbwconsultants.nl/HygHGF']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-8cd4-4776-9a74-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[domain-name:value = 'hbwconsultants.nl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-1564-475c-8d6d-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.237.218.40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-a78c-414d-a9fc-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[url:value = 'http://hecam.de/HygHGF']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-2b74-4423-a192-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[domain-name:value = 'hecam.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-09fc-40bd-a005-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.169.22.79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-cf84-4146-b631-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[url:value = 'http://heimatverein-menne.de/HygHGF']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-87c4-47e9-9f76-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[domain-name:value = 'heimatverein-menne.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc64f-a9d8-40d7-9b10-942d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:40:15.000Z",
"modified": "2017-08-25T06:40:15.000Z",
"description": "stage 2 download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.75.191.150']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:40:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc70d-0fc8-4047-83d1-4187950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:43:25.000Z",
"modified": "2017-08-25T06:43:25.000Z",
"description": "stage 2 - Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAG01GUtNrqTVLWEIAAA+CgAgABwANWU4YTE4M2E1ZmUxYjBiMzZlYWY2YTdhMTBiMzBmYTVVVAkAAw3Hn1kNx59ZdXgLAAEEIQAAAAQhAAAAiClEyZ9QjAaIExJHEA8R6kuAv0Nx18NcSciLRQQYPIRTRx0M6w64Bk4NJO+WV5QEztdx8MYyjC4AWFPAcuDvr+47QPUDD0PrkWPC1jMa/RZr2/pq857o1JS79w7x46466SyS5ePYNf3GS2d9d8UhEtWGDj/pnaN1wH8KumH03ela32jt5CMiI7NCejEndxqEJiqBpfsBVfQsmvT44M1pWTUro23uQAEVuW/OkhlkG2n+XNoGbX+M74oDE0iCSb5jLPFL2RBpyNhHO62cbnrHhLL5684MoafPTvOS8LwwJQhVC1fycarvHNF1VxCRY8n1e2wCMlVaLw2xIz67g1f+SVu5aiyovhjBk9t17ntINjuiqYAXQ5wC+JYQTt1kSrgasdvUleAqvfvFbKPDok/eNaA45vQX4dwwG47cW9iJ2lR50dmvDFrUjg9jg/YJMU4Cw8CAA6xw7+ZUTwGybBX7c6kaVXMjfE45OImIjwKVorsNMQapP/F+vk5vpeRrFMuf6em5u4NtgCIVay6R++zQLslbtyLcT689PJxzPVw0oWT4I+Gh1Kihn0r6W6D6lQBjnHERkp34gJ8FRfxjc41Jx8rs8s5RpGEHWSCFTmeD9PDQ5Ku/LiZIRKPz6SCH7HDQLyUA4W+LUa9RXAhJbmmjKmqfrxBVtsCu9ck82zVuwYrTL95MiRrleJ2KoJ5MnEFGNO9W3DFad8ptkSVhRJYuWwnHE+1YC7BdTe2cSSGZ6Ab5CrcyLS08cxt8DbbGV7REQAMcOYI98hUw+Sa0kwll/VXW6u9T/4GUNpl0o+zTL6ZvH3GDDG1tUuxrdG0BH20DZnqOx3FdRrURMDVRxmj5bAUYKJ0FQXjAFjZpIFWMBYD4R71kF4xwPSekHCIhbVc+DAbrfr9lOPWk6HKF6jS6i6iZx4an/5RJzNG4DmHZyEwQQWQ1T70HvSDgJ76IUG2kcWlkmCrADQoHR8F9BWkztw2ckZme9g79Dlqvpp7Q2epxIgTJSiUo+ToYIoYcjwC+7IInSzc2XtULIsMBZ3z/JWniZAZx08UhrS8BhMdYvZohUCuDQeYTli7CuaTawUpeF1f5xvQbBpAfd+4+oRILrqQYcLAAMvfznzBvNaJ8OWoS53utOBNfi3MVMYLUj1oCwRuAb5acjw6hG9fKSBKwJ3I0kHfOXCPhrJipFh0EUsUZA+8Hqtd++j4ibU47QnZ5CdIvchubsy8QF4rX1DCkyAiw3EwLnekECrGZPrz1TmkNkO/6q1jT7dcTzGp3wXHl/bQ5A0BlY3okauy5wFKoaS9RTo3g49fv8FzyP3NK8hJLDyptXZwBZyiyklf0QBcx0Bv1qvbvGE81Dtd24QWNDOPRuquJcXHKbxfDFziUZ3NdEKah57DgyyXsjlpAXt8MftLK+TPxq0Gy30+moNXLHVa1kCBbsbow06EdHNZ7SOY6eXduNjfnbCda82lYUtNjrxBZmt1ajQPI8lD1yuQTTlf1SyHFpSXwLqr75KfXQN5wUooF4IAC8c2MC6Kb+5ESLZNkrXtcAU5F2zajJS+6lxJeGGL1ju3WiFR2vPNids+W7ity7sMVRQSscBkWD2BSF7NCGrsplwfeApraLIIAf1Yl6+x5/E1K+KgOuUFiV6m879w8xYgMl0s3Lc3f8jCcEC8/o+wYmf860XztsuNgOjRksPGQExLkA+As/XXoEDG1bvSDymxpwlukzFaYVZz76hIDYFu9A1MqpXugfxPPiiefwbALN+CX4V+IbxmOUhSE7wlYcbv/jfO3tIQzjyKRDt8YDt1HVRefbKH63dE3TggAS9nAY3OVWbDN8U+CbhPC6+quMxX27GOWI5c1WMyneGtmjuBM35YaxLnCgpWbDCOFs6At8Q2pdSwajRqcz0ue5ZPpeVIZvPsJpO+IW2W4pN7VASTTPA85X5CyRQ5/wJISH0gN5GhbrFHDPDhLJD1/iXJa5aYCw6ImMheS4SYa3jcZHKDqCP1fi+HaFpEAqIwgLMsQAvBZriXpNAJdzxM6meyRHGZUnzOY5jLuRx8ewjlHdNGgm5a7CI/Z7uV4Hx+aL1p3nqEAwkIxLzmu8TCBRgbZs6tuCQVJeU5TYaRbkfFO365YnVnd7Twy23PVikV/i1p3LIlcdBS1ykynauZSaUGiag+U+tS+9bvXgQQokzn1Rv4qGVaQutZ0LBE3u2NHKmH2QJ6Aquj9ZydGthVM6gtdBS8GegeCX2yFttBrB13fXqOkfWyEcHR3e2LZDS3ug88a5FDXwzzdM99ZxLQhq3Ox1iXpVkTT3oOZQO2rwyBUyKqbGQGMYgIfTlrcx3FKKFlplt0m0jyQ/0D1qmik5N6pCPv51WehCFbi+uYQL8SXlqHD5OEM0D88p1S0Ywnum2gLai5kNOJbtRtImZnw+2B6N7qux4k/KPxq1W2S8t+ncP6ZPqnDbcYMvRiClZoFpiuniAYCokBS/1oyNhgmiY/BmRDAgHYtHgM3GEyxEPmN0Uo189eQGW2xb3VCa8L3i+S7dlzB/qsc5XtSbznRXhgaWdIfmbLVqQJM4s+bePiitp/+EfqoQeOYCkmQf6O6MJHmcj+i9U3eKaYLj8PxtnEheulKS5lL3ge4KG50T2V7E71gkBbfXV/UhZTY/5n59JgiCBHcYtc2nL7IhGo0zBDgaCg7qgmLVl72zOHiz4tksCKRUVT57ZODX9TsUjX+Tz+Ee7SysGHlr4Iu1Tt4Gwt0LKdUxP6CUZas5aA2N6v+sjOHtRofA8jiWIN640XLZAvPjv9BFA0lapWhue2pYvsThnWM9nopjnMPSufd6DkU83pNeLWsRQUNfO6lK4ysD1pbzjxANpJnyUT5hQa6icQJZcHM1d/pCSIjfpWrkzxvY49Q+GCntQJTlgG37usrnhC1/pedv7s3pLQiqvNE7CDsRRTojKp9wRGmQruZ9qJscg93MirdkHYWOE5W0YdMhZ7jhAMuQtn0nVJnMGmgM3FJrndxTdR3H+xPlFI8AitpQwhh2sxQij6a+6JnFFckPjWtcKpGUIiGK+9+TlL6TDVOKim8To0BSdT2hyq2DQ8pmNDokQAe/RbGdKWo4DukQiRsL2FLQRQMv1f15ajleeqXVK5keqjdxuCTumVeGEkICRbfhBKhFjAomYKvR7qNmViaGTZap/GH2Knjg0+CdeX/SIde4ggZubGJI7842Vc+ee5pCu4QoJTFog9IOpkd+3XvDh/Jj74ktv3uSibIiV1ZhtP+togIWf4x45jBEkrD5C8ZeO+5pNmLFxhlhl7y83dPNnAj0Yg2QasBW3t9Hd3twjTReDXnyA0LXYDrCA14N6SQJnMxBypvqAdX7IFUEqIz2+of2BrqdMgykL24Z2YxkSun8ySQJHLfVCfmRdkwNdYFfZ2Aq2ATFFVFoQ2vG4NoBLIJzFF2WWuQ2VNqh+fVxvbM+rQACF3IZ6J+E/g2pp2ylfp6zPjtDfVYe+OjOJDsDKJNiJBwZQYDzlyRs4fRk/R95MKqO6nJc8dLJZGCJnKF2g9Q+kUAALHkes8amNkmXE0V8nyrVMCKIucv4QnO4gmSFXCdlY2VwDgt4F67fbxPTefTK6DL4WWaJLsgKf+m+XJ5gTMvBoeMi7oXZ/wCkHPx5d0x8LQ1CBJgkns0BdHtXNaBufXi7dEOHLoSQHsAVixETBX3Zj5qdNpzPOrDGz1MWe+Hyrym6FH7soKY7wMva5Gafq/fAhtCRWvqCsbqaI/lefpS2FefBOHhbtE6yOYTFmNUazcF6kTDKDAvNzq6+uMNgP/6Bjlsn1BfpqJ8OazgV1MaAmT01c8dB0Ff7Sn8N/MzjOxiHiv3iJq1ECGwwqoe3VrsgMHjcANR8MNmkG4X27ggeSJBgh5Xic7MVIwDFmPfz+zPfpTwx7H8dRXbqwDC1B
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:43:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc70d-9f98-43b0-a85d-4f79950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:43:25.000Z",
"modified": "2017-08-25T06:43:25.000Z",
"description": "stage 2 - Locky",
"pattern": "[file:name = 'HygHGF' AND file:hashes.SHA1 = '9d23067187d8e40380580db7c3c64e9e8ba14fd0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:43:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599fc70d-e998-494a-ac4b-4b11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T06:43:25.000Z",
"modified": "2017-08-25T06:43:25.000Z",
"description": "stage 2 - Locky",
"pattern": "[file:name = 'HygHGF' AND file:hashes.SHA256 = 'abacabfc7c6550bd8594fd0b758c3f890a01212fcc23d3a04b04f761684cc86e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T06:43:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink