misp-circl-feed/feeds/circl/stix-2.1/59a97b21-a924-4836-a5d8-4a86950d210f.json

1263 lines
1.5 MiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59a97b21-a924-4836-a5d8-4a86950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:40:51.000Z",
"modified": "2017-09-01T15:40:51.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59a97b21-a924-4836-a5d8-4a86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:40:51.000Z",
"modified": "2017-09-01T15:40:51.000Z",
"name": "Malspam 2017-09-01 - 'New voice message'",
"published": "2017-09-01T15:41:41Z",
"object_refs": [
"indicator--59a97b59-7c6c-4e87-9277-4eec950d210f",
"indicator--59a97b59-70bc-42ea-ad3c-474c950d210f",
"indicator--59a97b59-e75c-4e99-8117-41c1950d210f",
"indicator--59a97b59-17ac-4287-9d77-4bcd950d210f",
"indicator--59a97b59-03a0-47fb-86aa-406e950d210f",
"indicator--59a97b59-1e74-4a4f-b4db-4754950d210f",
"indicator--59a97b59-ae9c-4c02-b4a3-4d14950d210f",
"indicator--59a97b59-0eb8-49c3-b0f2-4a30950d210f",
"indicator--59a97b59-7c1c-4bca-a247-4fde950d210f",
"indicator--59a97b59-45b0-4e75-8bbf-4530950d210f",
"indicator--59a97b59-f324-46a9-a520-47d6950d210f",
"indicator--59a97b59-d8d8-405a-9920-4ee9950d210f",
"indicator--59a97b59-0564-42a8-a889-4604950d210f",
"indicator--59a97b59-b65c-4cd6-988d-4c10950d210f",
"indicator--59a97b59-70b4-4c35-b680-46f6950d210f",
"indicator--59a97b59-6370-4775-a621-469e950d210f",
"indicator--59a97b59-d7dc-4fde-99e0-4ebb950d210f",
"indicator--59a97b59-8b2c-4b19-9ea3-401b950d210f",
"x-misp-attribute--59a97caa-c404-4acc-8c63-4592950d210f",
"indicator--59a97d01-5ed4-41be-b41e-434d950d210f",
"indicator--59a97d01-5aa0-4801-9083-46ac950d210f",
"indicator--59a97d01-8ae8-4aa6-95a0-40ce950d210f",
"indicator--59a97d01-e098-41af-8335-4cb7950d210f",
"indicator--59a97d01-0e64-46d5-90ea-42b1950d210f",
"indicator--59a97d01-ff88-46a2-9896-4de1950d210f",
"indicator--59a97d01-f350-4796-b582-4a8d950d210f",
"indicator--59a97d01-94a0-4de8-a809-414d950d210f",
"indicator--59a97d01-c01c-4c84-8268-46fb950d210f",
"indicator--59a97d01-baa4-46db-9a60-4e7a950d210f",
"indicator--59a97d01-ea24-421c-a4d1-40e1950d210f",
"indicator--59a97d01-e788-49f5-b1a8-4182950d210f",
"indicator--59a97d2e-3d60-4364-909f-c04e950d210f",
"indicator--59a97d2e-f1f0-4cb8-b21d-c04e950d210f",
"indicator--59a97d2e-a27c-4a8b-a65d-c04e950d210f",
"indicator--59a97d2e-d5f0-4bb7-8d7f-c04e950d210f",
"indicator--59a97d2e-cccc-44ee-89c5-c04e950d210f",
"indicator--59a97d2e-d81c-41c0-a832-c04e950d210f",
"indicator--59a97d2e-0378-4709-9ed1-c04e950d210f",
"indicator--59a97d2e-0c8c-419e-afba-c04e950d210f",
"indicator--59a97d2e-c9bc-415c-93c7-c04e950d210f",
"indicator--59a97d2e-d4d0-45ef-b2a5-c04e950d210f",
"indicator--59a97d2e-bcf0-4ea7-ac70-c04e950d210f",
"indicator--59a97d2e-bb5c-4c36-88ea-c04e950d210f",
"indicator--59a97d47-8f80-4b7f-80b7-4eb8950d210f",
"indicator--59a97d47-dba8-425f-abcf-4ff5950d210f",
"indicator--59a97d47-a534-41ed-9621-42b0950d210f",
"indicator--59a97f33-6eb0-423c-b17a-43e2950d210f",
"indicator--59a97f33-a01c-49ba-8af7-474c950d210f",
"indicator--59a97f33-c6bc-4296-b4de-4f9e950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-7c6c-4e87-9277-4eec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "initial download location",
"pattern": "[url:value = 'http://paben.co.uk/jhbvDjs0267']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-70bc-42ea-ad3c-474c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "initial download location",
"pattern": "[domain-name:value = 'paben.co.uk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-e75c-4e99-8117-41c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "paben.co.uk",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.233.106.100']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-17ac-4287-9d77-4bcd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "initial download location",
"pattern": "[url:value = 'http://rs-consultores.pt/jhbvDjs0267']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-03a0-47fb-86aa-406e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "initial download location",
"pattern": "[domain-name:value = 'rs-consultores.pt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-1e74-4a4f-b4db-4754950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "rs-consultores.pt",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.172.241.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-ae9c-4c02-b4a3-4d14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "initial download location",
"pattern": "[url:value = 'http://sindeval.es/jhbvDjs0267']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-0eb8-49c3-b0f2-4a30950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "initial download location",
"pattern": "[domain-name:value = 'sindeval.es']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-7c1c-4bca-a247-4fde950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "sindeval.es",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.113.249.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-45b0-4e75-8bbf-4530950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "initial download location",
"pattern": "[url:value = 'http://terae-lumiere.com/jhbvDjs0267']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-f324-46a9-a520-47d6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "initial download location",
"pattern": "[domain-name:value = 'terae-lumiere.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-d8d8-405a-9920-4ee9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "terae-lumiere.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.125.122.53']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-0564-42a8-a889-4604950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "initial download location",
"pattern": "[url:value = 'http://tractament-imatges.com/jhbvDjs0267']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-b65c-4cd6-988d-4c10950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "initial download location",
"pattern": "[domain-name:value = 'tractament-imatges.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-70b4-4c35-b680-46f6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "tractament-imatges.com",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '146.255.103.168']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-6370-4775-a621-469e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "initial download location",
"pattern": "[url:value = 'http://vinneydropmodorfosius.net/af/jhbvDjs0267']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-d7dc-4fde-99e0-4ebb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "initial download location",
"pattern": "[domain-name:value = 'vinneydropmodorfosius.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97b59-8b2c-4b19-9ea3-401b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:23:05.000Z",
"modified": "2017-09-01T15:23:05.000Z",
"description": "vinneydropmodorfosius.net",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.89.249.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59a97caa-c404-4acc-8c63-4592950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:29:33.000Z",
"modified": "2017-09-01T15:29:33.000Z",
"labels": [
"misp:type=\"hex\"",
"misp:category=\"Payload installation\""
],
"x_misp_category": "Payload installation",
"x_misp_comment": "key (wHIPx3Yg61EQPp0WWfE33TIdtOCRENrF)",
"x_misp_type": "hex",
"x_misp_value": "774849507833596736314551507030575766453333544964744F4352454E7246"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d01-5ed4-41be-b41e-434d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:09.000Z",
"modified": "2017-09-01T15:30:09.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:content_ref.payload_bin = 'UEsDBAoACQAAAMR7IUvanKRxuw0AAK8NAAAgABwAZjgxMWU5N2M5ZjM5YWU4ZjI1YjczYTA3ZWQyOGU5YmFVVAkAAwB9qVkAfalZdXgLAAEEIQAAAAQhAAAADmIzGY24aOuXEYzB5DWu+PRdPcNS6vJurfHIJkBJgz3b5Y2QcVGeQ+JgXBl3Aq0XRwt6c3uYR9m9OBlZIjifJEE7RNe868FbQf4/LWWh7EobIO7K04+psINgd7507FlzuDXBl5b5lOOerarfMHPNtx9IJH6caALMEgGTIEIk4rxGVBqMzGidwtJPd7RQsGG+PtBWwSqLdNhgM9Mt9DifOCtW/SrEfYP0Dmsu00Kj/lk6to57HUODfvLaRGpoiBLIBMeccwzSpSyIizemZSHsQjN58Zsf1MeI7LW4T/fmdAxTbODXtH3eSzkXatiu6F4J0sk3DgDM9TKFgCIXuwz51EUCvx6o0A95SZP41j042SU+VpO8bNPkA5HiDn9QIzvtTu9H3XrpNYS0lFP1sROS0nLuIAcW58Hr9h+cttZ8FP7ySeWCuzAUH90FHvLgWjBJNkIgmsbVzsaYIQpOYLzOPBBopabRYP2W8rXfVqmlG5+HhSovY8+Y9q9MLZ2lCQdsb37bSEX8jIuwX9W5skQvjnaePvgnVy1N5lQpRCIuWFWNRBgujtyeOiiTxhLYnB+FehxN5EVRK9mh/A5QXYqbgCMV/eDmID2DeDdie9StAgJnWgn5KK4aadj//DTP8SdtOguhJkR+QlMYyZWk2wk9KhZhiQuFavoAECwK57F2C3+LXzUL1UANaNggaDI5QDb4ZQ4NyeltaUh7HJCsyQqaCYh+TSLx7DJVLfqpgq+p9/0H/j9TWq1fVhGE2T3JIeJ34oZjD9OLE5Cnnpd3p5cZkcDmQKk/u0MST1/YyIulQ8X1ZWeW6v6B6MHlnxIcGk3OopNgsGqb827uoj0GLIx/QYQfdMszzcTPFyd7r8UpZtNUGDh1miFkgzH5JsegiZGgus9k/nW5PRvgUkUZHPtNSLKgy/myjV3FUWkF1syO3ejg4gtwNTtL2mObaekILsqxXkAgsrwdOKZpjxfkvg7ns5BEivKEbDwjRKa86GKUHzIb7QOfzTZS+Ncct2jXCnMifcsWXh/mBiGaZmnku9+O5grYu3J/zkYMd4pw0rQLMrRuR/cu8L2qOlECzjLowK0g0XDOa6HA0oStkafU14u2APW3+i0KRSbsKI8F84fg2rUXXIJXhjRIZxM1gIRhB3vQ1NsUv4DGcPFVlF91jg1YmppbteJshIA6+HplTvH5yQ9wEDya6Lt/bGYoQCvltX4HFzc2QMlPKyH08cj5WLhkW54oW33Kt7XMoGvF1ZE76c525gUfo/HJS4S7nGE7kqTMUJBd06mqOSoaebEBhssK+fOguy1jVP6clMt00vcoiSIoZqjTrIX4SDwFFiyhZVUHX2EMqfKYwWwpPFkFipJuKIL7xn0UeGZgABViEmXvVt0STxhVrW9F7RlgQoSWFT5jv15XpS64CadxEraOW584bCNhykIARf2195V8y3GzIohrSk5IKxYI3NDncZwMnFPeFUTtEZA3qOcmIJTIKeq/a2xyZg5FhKmXU0vQ8FIG/+Fc6hLqBCrkYDqvdu3iYZi/R4VACMLcTU+WS+gX6As1Tqpr41jwHZbq1JYbYZtCVX6wABkBXY/BljtfWuVW59eg6BhrCaYsX8uzYO2bt04Z94hsQ9nIysAbLS3xqa1phWYsJWM9m44ItJ0W4ibmTpAiTYyubPbE+cvEijGtnRfEJDCHW8fnCDJOD2sLYBTd4H35J6xQv/j20B0V8BHWRc6vddXz8k3f6pjENWiobJNB3HnXBz6BFOEltWwSWq/2scvnu5dDD64FZREWP4vgySQzoMhaHjkcqAH2Ac3ldKfJBLTSTMCySk/5O0+gSR3ZMiT+867/+eyw6rjk80UPNt9nVIrx4zZrD7XC7TprHt0N949gBJIPx0uosph668DHnOaIo51wz3Z4AXTqkFsfvwXn+ajjNGVfCHleC188b+cFCBIXipKyNql5OD9ADM1CQUd81y0gDM8ryg6ekpwtn4GL2SVx/ktiajVs5lyz4FMvvMJCdlPNNZZHkWLO6SwrviGYVaky8hSE+zo/saqZg47RuTCrhgsOBsMTjWCOn1XLoFkdaKf76AfJ4lUudbphshRdFVBzt5kgrBISYu/nc0LLQA7+egaW81SD32WMUFU1p7RbhesZWa2zIXHG67vwHaRmB42vSpQMnf5CehnNdpu+I2dzd0zSg4vmRQBMU6BIvkTqRNYpziSI+QJ8EI1X1jPU0mAEA3RR7q5unOvTEMqmjlOIHt5v6lhY1CEeKnHheZxnr9arSXjmeZ6ErJzJeht5JDX4cwSeH4KtNc19fjsyVsmaxS7LmBwFt+d8PGwIv7P6uA5SuUK7xVEtd6Nz+izGXmNozZ7iFbicG1FdPgNBIhazZTyBqEGg+W2+Qgj0FLSsHjPXgG6iVJGn0CdNmS8BJQsPsQZxDBMX9IFfOMPyzfJvnxw4lq/GDR0BWstvU2AKiPSAgk/nAJ4MMxGuzvdgn79/PDBtCkjZvvBqBDUzl+2UFK5Q6/V00r+ohaXdy3zBHVbyIaw82zbBZdW7h2fkJof7gjiwjy/3JNA0X3gIq3s64Q1xS8VmRwT+xUbjY+Fo3yO0JptVXNDsnXUBIINhTIYPPHU1vy2mjfYio//3LN1T2Z4/XHerVXewUOlaaovqFTHoBK0Lr+4L86ZPoJozHVSPAAWWjl2KtoMqZpUwfvBXYErVU2SPWZtqPo6wisgaoVCNQwKWMVrTiraKdyVYyO1Hi5sSadQ7Ty0rbFXb6j+1l2CsRtk7tgphDUFKnbkNP4e9F+e/gxQ979XuYnMHB+4Q0EppJVurj12YBs0zHOQ8zTndBkOn9uEvk24Yl/82YLyNucQnuRjy75pPJvxiNhXe6MP2pvfzpJGP3fQ/Z9lr5ogkeojPIECW5Ruwt7I/12bz8bT3WHmr71zpvGkOeN6/x3JpPPkLn7JSVA/6rLJohuaK1Kt6J1ypp2cZcyT8K71I+0px6y39dvln/G0fOf9lVVdBx9ieZ3Q3uVCNua3geiRHZtqn1JrTz9YYHMRhBEc8nPxA2MUvROtRRtYnqt43aFE8H2DRPSUlmUuNTmoZQ2IaRaLarvxQPABbdcNk7YNU+GseECajveqxfWXS4c7eRenI3vjDV1IED1wOjiXSiWXJm/hI8ct956Wo8TEUw0mmu16fbehi7iDHjGFQwNiukT4UjBcI5ZimfkvSNnxjZfp8jMgfYxy2jkp2+ZzfVL+rmSi1rJ3Pl97Msb5ob9zLR4DqKH3INdkwKI8T/yH4HMkgJK+Zp664E6dr3YNDucfaDGfeIjjb5tP2rUOkZ9vN4XWQ2GBru60kRaJmsk0qYo5g9xP4lCPaZYgclaIKT5Fjfiue9G/3Sj91J0IuxS+05vaD+xeJ0VqTbEchkWr4mrCPEFLhFX3+FdQWRVREtV1OkwsaS1vQ2vLRGszBa2BVi27nXP9LrpQLEyOiqlEo3Zkbov4yiGYCCNVfM1vPxv0kuarJeCIS+ZO/zA6FaPv+FPe1Yok+Y/CZsdqwshzayWeqFt8ETwU1XgQvNeUfRL5NsIB/x61Z+UydQqd3w815QpqAVWQSm5JVDy7uSyQSgu8Y+diTCpL0NOlHKlZJaoEEws2SRJzRTNfKIu1obRAKEjggFP27AGt5B1hrIDZO19f5smi3hY+O7E/TaxEW5paIE/TmzdspP+j740OCyStiajTXFFlVoKOw783lvViThbdSNBXd3hSeMqlBW2OjkMqfuIVbZ1C8qRjY0piwpscVmtfRXgMIhSKXTfBMRdBOu1otZWzDvfyvNGYql6gQVmHgYIi9jSJpK+y2BvWG9Ku6qGfFGDKyZrDzTT+7ki/clkgDTAz+953hADQNhTQT06vVexKyTwFCTXqGU9cs4b1gSMIhbWPePtaGZJYx5B1gAi7lYnB7qU
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d01-5aa0-4801-9083-46ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:09.000Z",
"modified": "2017-09-01T15:30:09.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:name = 'MSG0000000612.7z' AND file:hashes.SHA1 = '8f391fafcab00969f9577b61a3312b1cea241afc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d01-8ae8-4aa6-95a0-40ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:09.000Z",
"modified": "2017-09-01T15:30:09.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:name = 'MSG0000000612.7z' AND file:hashes.SHA256 = '0959726f4c88eb75ea25ad33f1ae32ecac4bc60147bd8224a9789e75032b9379']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d01-e098-41af-8335-4cb7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:09.000Z",
"modified": "2017-09-01T15:30:09.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:content_ref.payload_bin = 'UEsDBAoACQAAAMV7IUt42/9Lsw0AAKcNAAAgABwAYTJjZTBiNzEzY2E4ZDIxMmMyNTg0YTFhZjBmYjEzMTZVVAkAAwF9qVkBfalZdXgLAAEEIQAAAAQhAAAAJrIrD7qLVlOxIIszrmfHPXXsaEAhi0dN/AyAPpEmu8XDE0v+AxmI7WRuzMxyDveduaamt/1WJsXBzw4MJnXrEmg2o5HG7x0H7OlmC5dwry9fo5s+SfdILX+3LJrOa4FQIT45q5swSALXG0JL1TGRF7sQ4Sqhh/QFbv7BFDIr2+Mt9XPzpS941BG66SKwd/A1PAHI6sW7IfD1zSaMHpDiuTwaUiLbUumliDT1LjUBKYTYB/tL7jlBB2njQmeD3/K5KeNhIVwAtrpI8x2i//r/CAuonFBe7lMASCb+kaHPHTzPcgOhp09u3cgd6Gzqm9sDfr1/zNu0jAnipoDLpeSGtMgmrqPzhYDbSRCGFSP2kYsuPi82fCB/wbscbFhQdFtZqQ3+4vKwWZwb8QgJXV9CBqeRqTYoCc8HYFm+r/U93vy9vXHzpv4RkWkeGxltsOBdyiIHskIv3Y7CZczvyv7iiSE4O8eg/G8lwQemWrs24qetuetWGj/JIKDQa0PiuH5NaPiJtdG4VqrPjE1yUULawYmurPh1EEZbLmNLO2D6oal1vgOJRToFX3DLd++9gujLglIF1+92//0G8cLEflAEzinPYzvszYEjvPrTy2EpFWVmye/Ra2qXIDK7PhUGPDWoWizXzRCfHZSLR/MlZr+rs1vSoDF96kfhT+DTs2+nw/rrpVv1m7l9v0/S5Zm8HGhcJgMEGKnGnfFBIuRjqv5gosCeM1E+C+NWgvkUSVDypM24908hJh+9ZLlfhVvAk6whz76hwDp2C04AK7hIIMxtAXTfmDHwL9Q5S5f6bi08l50gdyAIWRtER1MGvn34KfoWm23YXPN4yG/bwYJ2+JWOhWG8jBdfsltRwCmsBa5/kNl7/zOlaXfZ4W5nFAi+YHNcEIxBajU0Kr0lg02SPMr2Ydi5/HzDAG58nFDW0S30zPkcqGDqHOCrWqvSvvT2YhsOxUOT1/ZpVxV3JK/LIeiGsW44iBeHBFtpiY1+hsGMeePOyRrk08wfueUZG1YkVGIqGk/Ox9sA3PLoChRDwM0i8ZH3ljPplwBrsKCFLuwruHRy1KQLiV7ufO1018yUVdSvB07mCPgU/JIlpCXW7CYC8XbGeYjWGrnJjS7fTNj01dcfHcAIumFT9H0qSuzQN8Y8g/KlGNkxc7s0p+Zm8dh/aXtsWFdriONMok0ZVGfTR+l1sg0DpWfNN78pVxiFtc9T8aqLDTJ/tLs3Mi4cJcsn8Ey8PX76+Qb6V/e0qo3xji3Io1jh5RehP/wrUUlDtWbipPgZ9TObNMLIAbeTrQHd9pYTQ3fb3THuc+K/bL6HsuYRE/Gwr2Qq/6/YpICxZWTaoI3reWkARnvLsalMUB70H2y2llPC3192zHoh0vfFVIA4KfaunER9+pDpeIel4Y0eC8WG/IoyjFcDqOkMXQWE1Ah1C0f+qSgiD2hLULgqeZb3PYTavLuhekEBUNQFJY7A3L/4Nat0OOK5q3PwfEeBT8+EEaMROH9XD49NcdHnV6+qbz5od+m+sgZw3I/tVs7dhPRoBMYlAVsdVRIkZDzlHi7wI4JSC6vGzu0lyCxgdcPPRNhWMvJ9RK4L6qhZx4QDAzxAcPiK07Wl329yNGg3TBOcz8Bc3+50irl6nokkcrvqZwzO6VePi5DCMc8mFNluAVNKBkd2s8HhD/NMu1nxzxG2Oyyc/x0fbOlw5NgwdIaGvCx/2LYstrWSYXyK/TBwDXv4lZ4C+BnbYtBx8WKR5GkSFhL0qiKanXBu/Da0LKS0ckgREXD1BCIeP5CtQnPlTx32nCWOuB1Zd+BG6424LJN2DinvVAOj1Tw2zGO6twia8SUxJ36PlpQZTrZ90GKGjMKGToIjPaBRN549l42yfaNfvl4RlWBPIEFV48RjZ/ikipKtlW8EvFIoa2C8WY0zWwNRk6d+190WnlGqimd0+tp5uLXjvve2OnOqa45W9MuVqOhEIPlDtUAjuU1QOdA6XsA1WlKIObUUpwCzm0eWyqOd0nRY2qdXOTAeWKOFGhPXE/ohqt5cQWJyjoZWjjfRbzh8FhouxxtTAb9/QeNbs9Odr9lk5+uKuuCJnP67KZ12ChAvksHoTfA1sPPeMFagD2hyyo+CfOb5DkUFuLIV1op8lKE1C0aSWn7YHIMo3PM3cChlMgUn8wcnmjJvQlusHAhOc8KZv4IcSskJHwC/5/B4RBrB11Mr0+omG69cYUmFrAvhRV0vn000ZFPidwbZlrL3qqvn2gpCFpVJVMvZY9qqIMQYAHXe6+pFEfDjulM0cUO7kymNeEVrImSuJ2vHfVMCUiDYNk0ULgAHj4ru1LpphO+ltGAfVuUeVyRmTawdMsGWw8VufhnSLVJYXi40K2J/n1+5TrDGs16sZcaWau9hvNXjkIqvTN7ttv5EP7I8El3TYhAkR+swRjW4TQTdO4Qv+9390iQhbez74As50/6BpFOED4LJ+VwuMLuuobao77QFAxySYeLh7OTQR4LdoCltFwLF++6IgMDH2RaKHolGIcTs7nx4BWymTknvMRBAaxoXiUcFn9VO5BESq1W36ZM27Qbn1oyiPPAmndUcg041oRVT7qRy+a4aoZZj2vi5C6vIBftue372byjFliHErho1oknF7L+uJg6aqvosw8Rsm77WQWoUauLi93SOwtJ2O20cjEBJfOSWKHV0OC4XqSIaj920StAnGByrNtPhHaXotNZ6pJGzCaH0CPV4eZL6kfz/xPLq8Aw0HAEyYVaUmnlEyGGdXlMpda12IfI/TQktM5w4IQUjqNHtACRz9ABdGHTGNybj4wsto77d/Vs6qYZY3yNgkRz5NF42Pe/wDWhn8jAIRF7oo9my1IjNjEJeBrw2NdUBImbOfyrXuns6SIGciIzwC5rr159Et83UgTlwvt34K/8i9qrLLZWfPSZlbKkC63s7Qnj4DQ0rcE4FdI4ltk/lc6yScPe6+jdKEI3L6SxbofS/zIbuBCXXSV73Cs/YAjBDUL8HpsHo9vIk3Wx8xQPjPH8HCiRlp8t6b/lwZErfy/RCkeEwTlIei8coZHpfKcKspXoYJZj5XlUuybSWQMQyUzOeJC12OtnVXYbMjp1gMxH+tG4Wvo3xUsvSy0JoHMgEsP3cKF5I/hS1qQLF4JIAu5PyWiZ/L1tVeX3bCngZ6ystFfVxLCu808sLcVqxt/vXc/SxczFCy5c9ObpWHlyOZgax5p+Bx4GFPgrc/qmuIYAX9tUfaizUAZIc3F8D05vJrC7iZrEZ+ZkEWAXO2DttxRDmpi1fHaXcB2+yzmSi9cQRQHEc4oyqqJkBjIJOupYSyIxtpsOTLWNn4pcKf2u5HQsv4hdDZvBVfvGB+3OgtKUTafRxXuKhO6THHt1WkTHLHlgKVey3Uj8K+ev1nQbQh1haexAtHxIToYm0oLFYv+4eg14AgGfmUwuKtrD0w+izuMXLFkF0Bkt9/YfX4othmcdrkJplPvonYxGpvuTG4RVPywU6KKcVffLR1JKsKUROkAxhiUspIV3NrBkpzg6U6yEOV91tjXuzfXEhwSyrnhVV1XW/GGMxWRfFaOP/Xzkww1XzdtWD9kuawHKLLrsaiPevwnfH1G2vA71/xGYo8GdMoiowZt8y0zqJNwYnR0bKKaHT7aHsFgUPzcpGvHUAekce4fxsr/PO8uGHwpZV8bW9XUnGEVaw+bxrweJZgJ7jz9ZtbOxwCIDwhkP4Vsx5w2RqCeYnmeVxbot77e6LCz7rgFI+VogQBiQoYYIPpwAZ5SYPuYI/ohoX3yf8S96d0lg9151CdZSxeIIZ/CGOM1C18csf6HPngqXDUXQlCz5PYPowOowddT+69jevlrKeGKFWegB1UyRYg2eio7ruSJY+3LA3gW5ttYCAtjEM/3tkZQpQNBs4TtD+rZoKhvpiPx29Df
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d01-0e64-46d5-90ea-42b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:09.000Z",
"modified": "2017-09-01T15:30:09.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:name = 'MSG0000000749.7z' AND file:hashes.SHA1 = '0d5b332776754956b02b4d0efc1d09903802b9c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d01-ff88-46a2-9896-4de1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:09.000Z",
"modified": "2017-09-01T15:30:09.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:name = 'MSG0000000749.7z' AND file:hashes.SHA256 = '341d2cee579f7671a85d3c79dafdf75a84006d169b04a8a130ddc4724d0b2a17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d01-f350-4796-b582-4a8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:09.000Z",
"modified": "2017-09-01T15:30:09.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:content_ref.payload_bin = 'UEsDBAoACQAAAMV7IUvUoXlisQ0AAKUNAAAgABwANDA3MzQ2MzhlMDFkZWU2YjRjYWM3MzZiOTU3MzVhNjBVVAkAAwF9qVkBfalZdXgLAAEEIQAAAAQhAAAAXv4MAj8ty1wg+uhL2ttJhNpBd0prePYzWiXjPaid3ioLr457Du69NPMm8tm1HwM83SW0/ELJdyuwlPo+ptxuR6Lj6wDNezbyKiv7ZSrfRpqSrKT8MuOSmKVpxGq486NB3eocMgWLF5OMMn3R8wmWFnRHKBkMs4wjPUGLVCZTkcmmhRE9o064qzciALLCd/R0Il0S74UCoK9K5ynYhh6XbAROwcTrrnut2toUPIiHeHzq+e9IMk4PbgHupt++eywf3/0o0cbjb4riKF6+Hq9maKiVd1hVgawhXpKgcboklSz4G3FDQmkqWtF/oVcuq3vzi5ctrnmVVWaGebhGgJUGjUSSafDA0Pn+JwFRKXG2Dt1OFgPgJk+ljPy3zMjVpYSRpf3QiQoIBpIvRT8L4wjHoFUZQrHI9w3stpN+bwBM/n98lu+ixBz6ArDK1auAbmGzHheTvzfepP5Kp7c+1oil2YPmfKggK08o1QHn/m8JF6i2tZgtHSwAXKDNYFBuHC7Zk15oPEskc3j8SOaXl6HBF6Z97o3pzA1VPwM2WE6bgifnS7kUboDYUFvoQqhrLz9A/ei/iICNaigZOSrK3QoBDhMyacz/ucqTmpnqI2S2qmQtWipW/6lGfqSejJm2HoKoD+/Dnr8izFsqrlutqPK79Pp5MS9L4XbQ3S4wEXOtGp4WK+Fk/uJa/aat817BvNV+8FZ/DpkABLvpx0oJciCJ7MTKhJWPxtDaLnDJSuWdK2qCymyhd0LsV63ikTx8Gu5e6nkaK3ioeKP+rZhexas/Ra7tUtJZxK6qQqnEG/Tz/tqAk2Hoeg7knThAmy+tRLFv0lO+/2tNRDVbQyLDWNIHSW4zt3C8jWz52uQ8qg2a9B/u/Ot08BkHJfGC0NKLRpS3+shjV1QPzU5OcozcDSTTYrA8gqR7vs8otYe6g+9QaClYtKDzg4QOEv+kta3aci4wH+HDnYAjRcK3J8HCfa4hpLaTQ93HUpRAzoClcOfaIesBYXk0njdrraDCcee9TDffig/dBLYzc9L2dtYzssOQ8roKnvBbkUlT7RBVK9qXblZB3VR+E6j/Ov/QV4sS1pnhqKTzgYIbpCKTcRSNyD4vUP1TGACVfcU+x9jGXtqcKosNzQRVEcaQMftAyDM9ebyAhoCz26fgI+oxx53FauIw+80rDoDih/pfkEIJKvl+JnO6WdjdniVV+zE+dgUA1fzzeOnnmfw6SodtYaX3cgWL1tw1SQ9/u1v7ljJNF/hcA8b9/mfUnbDH3Zery5Ile8R+gMo92P+g3KGEvtSAof9UJvxCndCtlZj6fHXVjA43jX2WOdeDCggpjbDGLBJgX+n+k4LnOs0bcRU43ArCn9L8pC5DMAojb+KYXEy/W+89JNHKEDleWwuSB2h+IkWY6fmkAY5C+MnDSaHj8mYVRFi6sqMBgWfW5gFZyPKR9eyd8AzrDoTksL+YQybdHldmh9UYuocElyBITu0NZox66Zqn0AaEvS0Q7QUXPqCY3lgVEinSqOP6IF6xdsOgSsrTIW4xlht+yNxlNkREWhyjQW12bnk7N1CevIR/S8M/9YuRzb5zYJAkHqvvEKBQaLVUUgR1NjqaCi6zJsGkxrYdN1SylHtDM72kxXe7FkZ6fn9ftjoA3UN8RS1NHvQ5sivkNjHrNuh0KgJG/kxX+cJmhbSNQiNMwf7qaJN10tVeK/xjIb5RaIRhbFBcnC0SSD82siQJQnv1taLvA4bek/aXN15VOUQ9WYERj3IR9CxruLzC6RUuWyR7uoprUc/auHc9Vh7SJIgbDugEiUTjCDVrBnRogIoylHQ53o1Mqx8/7q/fQjU21Y/JHNHOXMIJY6wg01rTBQI75PZIcO/iQ3MUGksC9sBbgQYet5YvStyFPNrQdVuQ1edx6+On9JuBGfyN2qdXN2OAqfwmcteqpeYX+XhR9x8Gbsfg7iLVJNIIwBNyFKyYmd8ImOgT8N6a6MC0/4PGcYaL5tmISyv8StIwtYQjhlJCKD17KFDYkjNw4QbbaPryyj0Xr5PBoeeYoC0izu0uS9fHbz0g8Su+gbTIWSZQxWqkjhnIs39/6bFxsPKSAoS2JKYXPQ3Q9207SBkohxr00PW2XmGQOxnuTAMI4/T0Xjjb6MsfwBS1yVWKmGYE4+sNkx/1Fe3c+Ff1tHzUrf7XQbBMdig+08snQ5hR6VDaC4d6JgLj+SZF3yz/gIeab62Qd+4gMjg+25hHW/OruPbMg0F0oUHnRitV0s3bnomoWaihBk5rn2UJN2i3JKphFF0AV9YETlTAVhN24CZ8KbzMwiakNdGw4loyQHXqRwd5YBkLYUbAO0mqnHg9K9du9uD2akn+Si4QeiB1nIu95fJ3tRz/uQps+Y3YbhIavEBQ2b2FFjAZWBOvgv2yoJ6SyPG+hJLp9hS0djxB+L4uKF/9dGMi3OGvq/zkktNgZzDNQc5Moucrj9tKZV2uEVfsb+tvhuF+FAKUuNjvf4MQQC5+nVPu4fhKCU2MoO/MCVskNSh0UeMIHpbXcn5h7NTfmFm49M5aOaRfpx7P0roDJ8rMBeGsHKjktAORQjNB0PwYhF7VZZWfRC/Qu1ZuSPMKEwpgB8czrheMpOeke33zxFNPBB7zCvQWubgAhnK6KewvIzSBSqpOu3uEv6M3BM2eb45fDhRgPxX4P58n1pqq0xe1Dol3WGbk/4TTB697Qy/qeFim8adrsPi+PCdzQ/Ai1Vt83bnAzQT3xQE0DjuMywKltIbxAkYjCqdCvqpPPKu1CLZ8eLj+SHzFCmS6Tlo6BbzXIGA2zQmPJoXf4Mneyati4J5cMN8cE8HRyPICjifQ2yIljX/RDQ3tu5Z1ZK0J2ZOGC7sxh1opoKeAsZaUnWvAXW5SmBzKE3PgmXELJCHKRwVoFuAKDsBAOCgq2GMQp1hXj4ZlwzEOxc3xri5bc3MzVRlJs+WlIplZXE2XiXIPSIQL4iRyVBcu7/pllZOFMHoB2Xgd3PEjBnY0/IFFm95lw3mh8jXWFikKzyWCzAPPeY8lWSeyV0uTiimOV4JXEzIMyed5m2naYG+y1hiriIf6cLkUM5VK+EsCjk/+HnJK0yGSIntfrzSL6zKyHNaGys1cNrugsZg3g9LKNF+h5OwtprxsPh73nstNiVlbo5HKts/y1Ex32uzAPC9I/pLsdynYJQrP9A1CBd78roa446HaWgo6pmfTestib/a2PSP6ov+zer6LmWBuj3S+g6RWY49Zkxo3W4qYFcrqzcTLhyqYtlYURaqefg1MRpAbXLjMIYFYyzXacM/Hk5RfJiY006YFTrY+O9HlAILhKTfTDW1t5TrDo0eTeq7V36EmqqqRCq1teWJXr0hhL7TFxpygEzdpEcvoqREK85CQvtdPnoLSrGv/mYw9LrcgBSkOL+hk65807sdO5bqyud3omtjLA7UxpHjHhT8l8DYgTNldW6Z6fTZ8JXet8cJlLggCIWhPrLWxpBw0k6Hg4qVpRJwHFntaI3KwcfxPN7lc2/nBoc81+F9FdoFAGjaXb/gfVFUAgkCc11qsLtrYT7s4mZQkyN4i1t//LRvv1xEskNb896PTTQMZYQcsv4DhVEtiCNKpsW5MhoBPFdlJu2GSv+qgvi64TIZpLWTQCg09DHS9W5MgrmNTftSHaV6ySnXVgknaKkro+VlvGW/pwNkcYKLuMZfoKFw5UpO2AZpbJKdkMBLY2hyl2CV2vW9uM61kMY3ApHBd/o9SI1wy2JXTIqjhoLEj2BurBOqUSLW+L0tgxrq8/kjYh59eIMkrYsF6BL4KBWWoGgUL6E7SQpjqjwWeffgsrFqAcBqWJm19fxnZyKvTqFWSdH02+lHQX3G365Re4upbof0JTJ3wLEThA1m1x2KsJKcbZFlhiKiRQ7JEpIfOCgRPFgTgPO70f0
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d01-94a0-4de8-a809-414d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:09.000Z",
"modified": "2017-09-01T15:30:09.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:name = 'MSG0000000795.7z' AND file:hashes.SHA1 = 'aa4127523b1c77fdaabf8bd40014df39d5aa635b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d01-c01c-4c84-8268-46fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:09.000Z",
"modified": "2017-09-01T15:30:09.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:name = 'MSG0000000795.7z' AND file:hashes.SHA256 = 'd030e81912c53d6d6f54a2bc5bda6b368919aa0de066506ceb5002131379a115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d01-baa4-46db-9a60-4e7a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:09.000Z",
"modified": "2017-09-01T15:30:09.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:content_ref.payload_bin = 'UEsDBAoACQAAAMV7IUuym07guw0AAK8NAAAgABwAMDEzYmQ4MWZkZmU1NGExNTI0ZTE3MDAyNGMyOGQ5ZWJVVAkAAwF9qVkBfalZdXgLAAEEIQAAAAQhAAAAAcUJ1DfDBF88bSHyDAaquNUVUC4Q1ojn1pkePIzp2fn7ln1gYUwnfRJ38xfzv1f9LPbA5nCPHBTZcM7mT1aUBXKIYjMFagsOyOOXh0L83aThNjQaoYap+1bCxsY1Y0p8fxS4326SXH2/4iLBQoa1tK87TT4sFqnGuLj/2VouPK4YJb0rMeGO/kpuc6EV1UswWRA9H5u2w+T7qK02IiOzRFvGv+MvagLZQdZ9cDAz15x+j3O/7CUt7aNqVaFkTZSfotmeEHASIij+7G63y34R14Nm23bPqIn+u2NZk0g39iE+8w2lFgnJZk5xDtyZrB+AyASjBQu5wHcifK1XJt9PPbziEPfWfcwQ9JToguCGkSzqRGfKj9LVZnYdQ8WefRuasGx95cXohQNEP7dqSFJGeII2eeISDW43CB508bK+KvnRwqxDtk7cVwa2677Ix/6sTXvKW8sWl83uHhzRjVWaoTtEyZX23jOPS6hgIeacX+T9Pbx09E+frfrtaPMPq1XBYUacH1lppW1ZZZpgRlnGuf0/B8Z9/QogMHhjHIzBwqHJqTo7rQVlbBx1ZAezfyQZ4LWLFACklYVBbHvDuuJle9goC2KQmBaTV10M28jgtMi/u9KLnDyQmGdoTCQg2RGtFjL6i31OG4SNfSNaipZB6eVT005Ez6GlwCQG5CSo1upZXCGAatxvCZ5Niz2l9Co+cQ0pxgbmSFs6PYCaADjlWwTZ/CgKLphvJoFBMVWWJZT/GFh3l7fD9fmyZ6H2dUOW62wV4iNJzAr4w8F4gebHkZLJkuA3DVwklvB48hjEZrndcaD2XPzjHNaWuG1RrWXiZk2umoZ0Rs12D0/jSnt5eREjx9VrJWkZSqUwQNQ2dIxuJNHz9UupvNKhHJ9ZEzSLfmrE73ywc1gbWFsYFcFVJEYvA5AoNZeKcDDLsaCQJTU8UFn/XxU3h+DIFgEFAifi2A0ly53L15SztdtMAtOLwAlSJPt1tXlIVaM47kSBiTrDXswv7ugmYygATE/ULX3H9enlzjXvwK3rRfL7q8rZbg/2i/es/4crGpDQZXwAyLjSbf4VbchMZpq3d0GqPKLitiFx+GVpWfwlTgKMlmdt6a++EhEQYsvkJ3zm4Ej/nWJxCvxVOT0WUbHajH93fhnz2ksXn2O9Dg/i4vCmiPNIdD2W1LIcaAIh3Ti5aZm1zcg6jE9dIe+eNhm/T/jVJcyOd5Q+etkxhSGz+2qwrUOjnuBUSiJWnlvj+ZbZu2itVBiZIJiwJRTJ8GAkapDHOfquSRyvtQqfMYVqz5NkSenD9lycQQ6zs14pWiiyq/+lf6Zh42MM7qXziDz2u7pDMk0T1M09Ay0IcAO9xcSsoAiAYiexsVvAWIYSSZ5ruF7k0LpQSzfndk8iJ/qCeyK+dLaPK0jVFI9T/wp9BokGBaluZ86elGXLPL3g60HX0zHOEjfF3i3XoJpw9iihmuyI5rgthcUwk5bREGSgjSMuQcW3gtrcPOM0kMybzJYtsbZpp9FLO/Mvd9pqFx2L3z1IX58EzqzqTZOieK+3U65R3ls+vtk2xNFjbXT+76bYwowpgC4Aw56XxWdH8+vXhD5sr3FOvhfQqZaloRzVBIE3+GeoGILY52brGfPL8UuQ5NLcbzNI2ZDh7aR7TOLgNH2PL5D5kddpeOMtw+6u3P3BBSjaRXHwoyYcRs/FB/wkKvoNcuoZldfhiS7gnigWzPTHW4nZh8FoOY933NXLrBGKxS+gEpAZlpOMyKPDwwEHddVGXW7/s0a2MnSXWbIZWAJek/SRLHP4z/SmkT6r4FbI+6KP116Z84Pbt3bq1fZyfiVIitZg2r1+RBhOQjixlAagI5BXIWxtfmNlcZrtsoI9MYduJ+4UzLb+QkXkZNsVgXp+NnzCAerPeh8ZUDAV+Dp3Js4lHR0Orwa/VKlJHRwBYe8kADdyOboDY+YUF3zrWupHLVCZFCWC/p7Qlvs/Hx+surHj+T6zTdyQrkj8vQ+FwWOndS3ZiwMEbz0erKE725P28Rkovv/GGTx755C3ryIzMXuDk2dC+QwzEWIETK51pF8jwoQOHwR0Vf5Lx1QOYNtVwz8tljflLgyYLQkYLyqMup2J9d/m5SnIyFYq+o7jXF7HwB62V48P+Xw59Y/0jxRkpuhDDcGBLDcMDG3xeQB9sh65cGblH5R+5O74gZbkNPX6WLNe/DpnxIfD+pcdWYigUrbnxXTZdq2OeT+q1u/6EDagxGgIyVendeDGcTibdAzfIZvZNEyv7MXhslu4Yc+GgO1Q9pVP92IujqgtivxJJTIzFihAY915Yjs/hQxkyh+mshppdXP2pHTGqZ7oaf7IHnPXuxviEcPMnDgOFZrB4cq45VkA8cMsxNZL7g/ZQ9wxW1GL6dco0zw1SNZ+3VoI+v0cjoZ0u5wNdyPREZJYzdwVtUZD2kRfLiO6KRb/5o1qE6r5CvmRtSwU23Y8Xk+kbO/PXChsR1buKdMaKzinsHA5RHzp5iaQE+fkH3dd87tpyCDQ00zMRDH8ePu5lOra7/ze5uPIsQeNZUn5ycWimTuVankmEowvsLhWUVkV+ujJHh9yVYdoi4dAkJBuxcysE7wrxAjU9Dd23Gl+SsK0y+lKQf5h5sTNfc98xAbKcUgRzX5AxpaRod2hxhgJwqfAgxWR3326tQdTmcTvq2sGzpQFxJ6K9Z963Br+wbVhJVvStThP3KctU1PFJxK6jftWkxsMeiEYuWRbxjxoK47lM623QhV47r4d4f59ZwWGUDV4LCtZ4ToIx2Qu81Im0S48joAP1WOgaACsRf1ZeebuXRpZwEC8+Tni7MDnjpV8JqYkEizjubW79pmBTDF9B4B9xbJlhCVhzfZZbHA4y3V/bN5JpnmkwkCcsinb476+X1ldyyCYMU1BzXGgpRPW3+AR13uyTZBKd6xHDnZRdliPlxDnthmIEy3tvBiAYarakFK5E68+vrsaB1OkKx4QAK3yz5MZT8GbcAdQy6bimnMyFroreKgmo6hy9ePH5kqY+DBgefPPQ+xyPoHv3QfliSo8pO8LWxO9XLoF/AQSgboGcdOcYXEE7J4n7ZLsiQhtXAmu4Y0DfXBVXrrVIeCUpCWC0l3KwYjNz5DEFs2rJqQ1eZuVCvGmhcYay0CIKuIozcg19kUM9jBEznS/5BtLOlC/GTRjxpVfgSfsB3vPh2UuFSXb6ws1BLWgi2LCamjCuPt7EInZEvcvvbFHbWJU8URNyIgRqhR4uU0Gz9x1Yg6DEYl2fcM7cp1aHlEezhte3j+PXphB544RGrXnh0mDD2Mfa95U37hk03V2TajDxHPSsWb2GiO/lWL9x107feHqeYaQ8Xwszh7dLrDD8fvYJkCW1a1ey/bX+Y1srUGUXqF9C34F2CWk3PKsitlIIDAgu8FNBqnDgDQxvKa6Am8O1t8OQFaMBekBeratjFCaljT34HvkIqz2ElAdkGzNb2ZAJjM3rkQEOsv6EMubyxGRnDGeoNTO27/GrUfyI/211NgIFwOqyepayBvLyLpNKeTEzka7C4RNfFcwuRnpMMrYOavrz0u19CI1CIFd1bUcuM7i4EKnehs4/m0z/DZjUTjusR96ASqbwjntm53pZgzXZAseCeHIV3kB5Qh1rGwW8DVoTzhaZeCILmyLtW6nobkjnIeFIemY5C5SK0/TlOcGwldRxGdSevhW1QR//Qj89XT6YHPVAol4b28omDxBB7qiQEKetCqQdnCtQS8emqZG8BgUtOOynRM66eCMGEvguEdbzND3EN+n2J9rXhn9KL6pgRMEpm5t3opaybt8Y1y3EhcL4eMCzo7+72zWXnjSPIAUHaat3ehY3WzOSX7ccXEAAB3RCuiuJwj6qRuaUAkkfu3Ev6nxrePl8vJ7Yg+x0/XJDFzDTLpWrS3Y/mt7IQ
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d01-ea24-421c-a4d1-40e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:09.000Z",
"modified": "2017-09-01T15:30:09.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:name = 'MSG0000000835.7z' AND file:hashes.SHA1 = '9c173a3f365a1f2bff43424a2ecc7ae4967365ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d01-e788-49f5-b1a8-4182950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:09.000Z",
"modified": "2017-09-01T15:30:09.000Z",
"description": "initial payload (via mail)",
"pattern": "[file:name = 'MSG0000000835.7z' AND file:hashes.SHA256 = '810b168ad5189ae4b75fbaa536bac63d078b54d774781c2e23e640306fefadf1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d2e-3d60-4364-909f-c04e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:54.000Z",
"modified": "2017-09-01T15:30:54.000Z",
"description": "in .7z contained .vbs",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANt7IUuleaZlog0AAL8tAAAgABwAMDY4ZGUyZTA3ZGRkMTBmZmNlNmI0NTNlMTdhNTQwMjVVVAkAAy59qVkufalZdXgLAAEEIQAAAAQhAAAA0T/CGS+i1usVpteNcEGHnUoTu327ChL47sWfONSneMniaUH6UoGt7BuweqvpKuI2NYjV5Z41FmDkH3xpbBtXlA8AphSji23iw1rpWZzJq3hOGYGZKCfnjImlVEde/UBCcje8jW1zs1Hn5PyoGlfklLuqUxjF/tt4FoPL6bP6ZkLXnhX7PsRH6mlavIYvmUKJdq/9EXe0ki+uMbdcJMrQqhnuTtrqTNY9pPEmxIGVk65XJv+565gBT1j7IbbtMcam4o0rW7UlPnz1p5vyZ4e8cjGnc2DSgHfOLG2lr97BHs2B9oNM7yUpJ/Q8HnV6vcBKLXrhE3Fk00o9ZQQ49Y0gFXYmHSMUVkrHZ4WlczoOG/WZ3glysfQwZjl9UrIbJR1P5nJr4v/m3ROWkmzoFuaOtniIwa9n+ss+CVPi8mWRJX4zMgVPwPJh5NVM5bIaBev+9kzTMC+uGoJ36nXALoOz1pEBJiR/RPNDpBdXSGeyoPADRkRk+ltOHbTxkFMyKVKO9GH/r6n83t6hayU0+v90UhBWVAi5GJkBeY8bsi6exjC4w/vn/GwX6wjoiOIUGgJVWdIMfhQXKKwTX+KL1OUOQOvnftbUkAVJmoSFyWoZPXcU/+ojuGiBrJb8ct14AoEhpRE4288SgqFq4NoEmVjTFhnf+eHK30IXSl5KNBDymWiJsPQPs97KqmbGKNRVRP1DEmO0NXKDXpBsW3HhgvAToOVJF9ZDm1Ep54XZdbKMeUFKsGIcl4DSwcLYcK1kp/y3X/fFmS5ylCLXdq/IpsEjYa4sQIuL/zU3i5Ek6FIv3BSi8xjQ3mdRUtYuOS95WfMTQjX+SqLlf46gOrQbCz799kA56c9K8EVxYvrn+48ErHfN4LElTVkqDvqyZJdIFjgtJRWi19hJjwJPcrqm2tVAxJ4xOZDG96KR0lyelLmu8cWSxeCypNwWJFMp0qqkMGG0olraVgQy5yFevGoXQFa2GvwxA+hzms8TCLIbTNNCdYhoIvndt5pFswdNwh1vnqFk1AWOmJsoI4u4wunKAZ3RD09qneZgjPSiwYcltHvTUfEZxtbN6sn35iBVWIPrLwzh4Ecs2d91gFm6DE8pSHuLcfS9EtBPDKFHDvtlSejP85AKPrrz3vhl8t6wjhl3nUdKkRO2Hjp26jwaOrdL2UJOtJTkFNKfGeAvPj0853Ffldie6oGXJGUf18yyKkYY05c+PodFmSGXPymud4R3PT8aYS6NJ/QDvdi87kt5IjVIy95AIPpYyJfqiknayviJpUaHB/kS7+jTNqYAbC5IW0PhaflbAFq/Y5eSIeHi51uY2J7m+tYWw+tZCYatY/HkSOudsr/yQACRIbHUXR4j8uqx5px4/eb5b/Ttn50Xiac6fIiOJ+7B6ioxb5LNtSmDKBXsSCh9nFOuAHFRD8dPakEj9YttHfXIiiDy4HmpIC7+bFTOJSFDRyYGvqOXyQqltN3DqHCVITv8cEfgKdoCXZ/nyBWtxa8hBIPCD4JWv3uFCLxVfg34YDRU0Z1u4wR6Ut5dIrE0fxZ+IWpcPUQa5smBjy++qTjNNysbgSxxZcyFrtMVPgai7cn0SRquCGolGeCCNbWM5+fApKOX6eHV0aIDZhPhkmPV8qrKZRYjC8dhku6nnwIFzNPaJaMi5pEH5SfN/zzNsUCnaBxdAZIc7nzBgyB4YbGpKx98PIv8yN9h3KBUKdLXXd0Pt0yt8cbZZDtw2w0RkxsvbJ7FQkw3TsGq4G00qJWfyltfMFWq66NUwRvk9xDgASfmxu/2SMqEH+VqhVpT6L3TdM5YHYYARlL/73S6kqCfm7AyGjuzwODxXgaKsNcBreVQP0xQWTMIr/sXMlwfcdPIjLxM7lqx/dlBsXvNGj2qlSefmTB7FcDXZChbw1JHl9i0/CckiFILPejMe6sNsJoZXUPoQ4aay622JpUn0rDH4X2/Gw9QK3vc07N4Wj7q1VsuBxLBDb0iu/lo6Ysm7LmRXYsjn+ex1ZgXDNbvYh3yJTfRNPLrE3pNSu0cHeKQD+iiEMASJ9tgVa2u/woE5NUElw9idbi1Af9F84CzJhAYzLJ2VrZ1XzKtKYGTULVJjPqF+GIUrEnBMXKXohBspiUODOhifNtvgWEhx+vk29piE/Ua8jZD86apNIXCkN8IMl5oweIEiZqc1y6nP7npLe7dv5vzBbT1e1a+XVZ/V/CBasvKReWlpGFgl1fZVbDB0UOGBp+ExIu9Aext440ndVr6OM051LoVlwPy7CTnVpDX/keZEukKAP77l58xPBuC0TeXeNgQuolmncTKqbDTVXx9kASwtPBdF5W9XaPqnuZCufpbBdZE3iD4Tfyw4laNRnU0Drrjdxo84yqI3sqh4ELSaGUb8gwznym7ta33tRjleyHqk5bs0TC9G6bUdr4xdDONzOLOXhmcL0W5rqpo8A8ctq/h988OacUAzQJkK+TzBrnJ6xO878spxJNgFY4IAeNGbKiizLu3m9zuQU9+D2GSyOV4bRlXxWSrLqH6yKsmP6GTyNsMDKOHRbZisvrQxCA4rf+meiODleszmgMvJkaeCEbYDGVz+nVCMhh2jk3TkQkDN+Z8VmncZNnJK7fh1rA1bMKaHT89v0fIj3YJNt22xjiQsqZtSzHFXhqB7jU9FWvh7/gWF8JouBgFwZFDeMb6XzrrtV4sW5bHrvskMmoHbDMIBvxFvfmEec+vnUjBn4+y8RNTfPpJa801LaYf5+CIxVrtUNWa3Mc4mTzFYVKQoR+3hb9cB2VS/kUWOtgrb9kBwGL2kCLxqKt0ZuPVEVrom+QKb/HrduAdEkKWdBLOKqcUevBNy6Fs45tniq+mN0YYYAgWBcnmuC10onw4adjeegUHZ9oOjiNAuFubT+kRHnOrh1Un1O5mA1SXX3OkM9ma9yvrfwlkX/xhPZqb0c1F5l9HHwgqfgPbhLPYOfWCSxzKUUacV21BwUzV/OHimRAShsBOK8m8+aIWt4oJe21fYOzxFwaBiBYjNXD6yPHVtgXqTBH+SzbxpNbySLfQvO3/AnvlptSfqs/zbN2ePY/tzGH30hCxxpoV1q+HIrvMHi6/39TooybrmE/g3dp6CpWKpofHWi1/4gdlz85GmrC4WANizLku46n1w/RGKrNNax+FUp6iZyq6ca4eRmk0OtbVseeMoI4YoZA8O1FC0Rq3NqhjZELP5Bb7h4wPhWEw/jAdQeKZzNCvZr5+R/erLSPuUh805tQ9qusOmC26NQukzSArKzaWF03XcUVp0ojwKVDqgf3nPY98KDNylydLgLhEjaDb4lOd0zU4gS6mzkHZtXEdRHerm+cJM2P5loTW9WZB6aRGcGeLq0MJYEo40q3jrdCMXh8zl8v1o7tugZVSHdL3VYfLHOlJQ7TFg3oskMtEdKKiZjXq3VdMb0Gp1/OqUwPp3YZGvimhTi/+KIbjF3F4wmDtbiK+6pZWJ3OilNqyBIJTWTSj3/z4/PSqZuYG7v7OYW5cGwO6UJbfEHHNcI7JeUfBXNTdxz7KHZNx7MWeSbJmJXFIq+KV0vblJjYPRxXx/Vy+v0l5mO6+oMzm+8K4FeQePSvMr9av+e/rYMYhHTb674aaDdl7ze/BnxOnB6f8VdXMkQ6lKD3Rj4olVLL7O62SOaQgKhnSUXmTmgMkOnMHJhlZQy9cQnPtL9BseVU+Iwa8So8rrQrgdzRJKEDlyXj2dcotD9FEU9xYo7pLTAUF/Vw5HhqBsr/3K3pb4CalpUoTdWpa4/qw0u7To7/30MMUU3it/rcNVEk6+OgGQORVImN2fwF5sSYGOlgHWdQte9KR5MmtJjA3p1CqWWmfmMhyEmDktepb7NuUqjReZDxqJaK8u1hkd6xSGTKkJpFNk2yvEkw4X1/dVs6ttUme5GKWNlt8Q188WoljbJ8ub+
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d2e-f1f0-4cb8-b21d-c04e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:54.000Z",
"modified": "2017-09-01T15:30:54.000Z",
"description": "in .7z contained .vbs",
"pattern": "[file:name = 'MSG0000000260.vbs' AND file:hashes.SHA1 = 'bd5c8d44826c798eeaa270eb5b54d9cb2b3efa66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d2e-a27c-4a8b-a65d-c04e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:54.000Z",
"modified": "2017-09-01T15:30:54.000Z",
"description": "in .7z contained .vbs",
"pattern": "[file:name = 'MSG0000000260.vbs' AND file:hashes.SHA256 = '831bad58d7e491172a69cb1f5f01b6088fb07aa29d2004d2ee80e0be1a2474d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d2e-d5f0-4bb7-8d7f-c04e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:54.000Z",
"modified": "2017-09-01T15:30:54.000Z",
"description": "in .7z contained .vbs",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANt7IUuOFiNurg0AAKkuAAAgABwANmFjMzczMzZjMzFiYzJmMzY5ODI4MmM0NWZlY2M1M2RVVAkAAy59qVkufalZdXgLAAEEIQAAAAQhAAAAJcAHlFFgvp3ivqsb22lqcqqvi16YLmv3KSjHg5Njl2ElNS0R8LhhCG00p7T+2vuMJrqn/OfPDz7D+K2/E34cpMdI517MppLzegkfodLawC8JU+x3EeObj04JBwYjwkvaFalw5Li52f8ySzdc05ZUoVysG8uSOVwVFIERS7UHktbo8K9tEHQcBeZyABAtNvxcNjaA5BrQrYj7ndoQLoQ3Nc53xnmhd9QQ+6Sub8tf2e3Xl8dX6KeuJ7QHA8rFW7CJWjpquBzfRIFyId3BMiRCXs19hQeck8iwAVbCp6U9/wfVFRq+u2alAyA42ux3jtfkHeLYP25VE9sFRAzgLSAP2RclesYWNVD+fDufX4Dgyv/hBMI0aoMAGKt2bG90XJpont+HW2OnhUkF7GsyLuE1tv3joyI4pmYlUv/XsKpzU+8STFJxLYk0XNhFkyUupVLis+fMcV19dhhFHh9I29ESKh+gzWnTTM2Z51LtO0KbSp6N9kLRBr4qrgh/J0THJOjDLMkohcAqYqTIwB5flEKlxM0xK4s5gDHO90O0JO56GgPvJV7yjlP9E8v5M9S3s0tKIcTyPDG7CKfrfler4JdFW0YbvA0MMqj912qnCfqTBwnq7EeejKnnxxDpmrQB8SNts6yGPBq8abJYByvprByQx7Hz7wu+nHTEUAG35K/iaLeZxc/jPIQ8IS+7uuMYhNMc9lyS01vok+/v7szna++pnLaGOqEhScnbruXqec8KovS6HUxGiYlB1Vq6++4ljvNd4xwJe2WazBbqsgkJkvOhz0SY7/BB5qyIPXrP2CB2d6cd6Vg7mJWjWrLYT1hyneURkZNhvWiQUv4h4Si5Xjt1YZTjfM5A6mKsWXVBPm251wz/AeeCLHA0HKgGJKc8kiAPjfJ9dfCp1tBI11fhI7Xh4c6M/FbSfKmTZ20vzaAg5zMbZCSlSwNNT4RD7PbdYTnNFEYwWQkuwjpdmFM9lYjRqd/vz4QsKLvtQuXpR/zcrurkcg+1wUmYdJYsixLo+4KRbvMU3k+F+vKn4MYWpHLBkIyCimiihriEFELqz5kuwaTYnI8eDO7gFPNeKmfbVClx9Ynhx4l5KkJGb9qvHNYOIJfrS6v9mveBZkxPD5gSOfzqxyMeSq4BJ68vLhAqvtLDX/l91nXmecpOZktSwEWBew5AOE805yo6St3PwBq16Y4k1c71LzsTCUmfEJpq4pEr7riSHaxkbJSV5OuiH4uR8IIVqBOMNATo+ONY6zOY92u6JzWs5oPXRvRsYm338uQ5mGFjypFCp4qtzSl7tWEnWt4085R2/SyiDYddfFMC4OR4fcKC29WUcKLCn0QD8JpQOkbwVL1yGYnoKoFH9PiG3jcwh8z/vSUkGGJN9paeqby3cn9spsjsktQ4ixUBMl2ih8v/y5GLm4+z7LDA43wGyHVuxFkfaEP5UzLq5/Knm/1wJKqisqhTdCgrJUz6WBULH2Uki8AYujY09ZjWqRqHk9+HRA4EQjXgbYG4654OJhRMVwvV/Xtbjkb+/yZgSXSX+XUlZH4RSonLXpWqMPnZx7IA+wFaqrgo5/o4XS8Th6T/vhYZjZxc9yWjawXeHqKjPTPiZBYZUicovaEFkyMztiyDxlW92oMP2OAzDWrGgTegwLf20Hi6Tzfo2y479deN2ly/Ntn35jduqHOM2SwvJrY9rD1UJynToiTSl2jjAKIH8aN77lmiPTeRqlXUSuuK5agD45AoxpBL5mfdNG9BURKzhGWXO9WHoZSeNMaEprr838IIc2ko8tEGiyDjz58DIJ3iLk7YKS8NTnCCA6VRxZktKk7da7kGrp/0uvNUZDkFMhYApxqU6eHVafRIgVOipeDHEtcfDq6hO6ASCg6UE3d9JPrrS6FBXboyJKBC7E0BmWWjpyaSeumEAjfAvN80PQfy/UdfMBcpJN1zxmPjcrpWSCatUZwkZKjtryFra07iL5FaY0615yRTvvmzN6bK7BN4RNrPk5SBvn4wNqyWgRwe5KUUqK4lQaInHwgYWspfhsa+5Jk/xd2nyj2JBqkb3ECmlhPB9OGnp23E/tJtAMbiQyvKkMw2qh4lxs0tE/H5kKBl8swPGLxECbA9fA2u5LWvuZwZtHqO5Hnhh0uU09ix7hoguvorVFf/fGBdp13pzYg/t9Bhr52sVr0G+0r/5MxDoutJGMDRx0Hbo3ZiuYAZOmkJeEeOnmLLHk/RgzcFl+Vwi7raRncVrcBpbrQQdcZ/b9UJUN3uxpWwa2tcjbFYRrOJHkYYKQIZdhnT2URWd/0sa/StIfX4zLKa/p49bEJL7Jp2rsFI5fliuPng0AtlfBSfh6LsClgA1QsjptgsABczyagZPRZeD66Z9GRwIiNBSnadWzAQ9YUr5RYHPsyfMrr/j3tCa0jGm9bU0nsTjW0WM/2ZaEQ8arcJYsdUyBNwvneotvhMYUPKH/nteVLJV3lPCkTrH2eLtKDQN/WlhfcqavgvsvofawP/GbcZJKUs+jXQUJiP26TxQoH6QFyW2k7hHxtnKdjpjl7L/JZLs4PEDvk8kBsDXknj0HIqsi/tSLF1dGJH4S8HlnbutHrqcc9NFSf5H+rv2BvABIMVuSGhxsZBUdshXH0nHFbgOXsq0/uNsyrFfPU2Aeh5tHtsbTKOmQm8S0N9Nm/nlrRaOTKSfcOX319hGb1/AJL3aYQNePTu++53YZ3i5fUgcwaOIqPoQ0o4UcctHa6xULsbhbqW0BsSA5Y85NbUO7VRAfa0DkRkl4yN0vVFW3jkGO0IdUdP4f2rxbnL22NbaYnMQP0BHjGwC5YhXHxPxN7kO3ZCsCjuKU0RflDYtCP+QoTJnKMUwc1dUNno3jIignD7fcLriPJyt/WAeYF2gjd2pv4/8CKyyRZ5wvpradsrHutIvCujgCggd+JHBVBNX8JmsQdk0vHfY0UPr+NmlaGYaDxYt48SlE+qjaOo9WxA+Qmi3ol/DvkFR0ueKXJdSifeNBXAEXg7FNLorzBtYS3IZyE6KLBmoIpXXJJ1puBu6E4R3HEwX4FBFB9YL/gUI9v8Ei65RJ8b9oWdxKTy8BaS9HoEVLVBuSCo9PM//psllns2jABLidNSKBkFEdcYnfrelXmJ1msDINSVelM+Izevk4xLFXcI5lJ1T2gKgR6aWyQHTZzhBFb3gHsbnldcIndRkIQjm8vbLl/iSUQ2gpx9HoY5WVLPMA9t4oEFxIxY/tbJM9xZ+/a9tgT67xUD6YBY6axMFTa/Ix867fCZw77XgdEXFNAvQhuVltyus7oLT6rSizYY6NKmBBYYYD1vZOZIw1LbEQtmKcYcynwLQfqQRCkjb4CyPHwOMqd0aBB2YcfvZK4fBT+pMlZbUfbI79QYAx1OyIV/9yfchhzURpzpvSaXzbymAm8b6Uh6N4J52W0dt/OLQV2e74oKzBeem2bV82+VLCkD9dBYwL7gbJbM8qLNvnisFJN2REq+9+Lu+ZRz2CKgodGHtfP+wpAOel1GC4reoWC/KhuYmpCJLGJ2HyrwdncK7eR33U+DQV4q96vn9n6lj0WeEfadf2TtBPVwnPQtOAURDIvnC1+cqIweR8hYwdhI6+sE1/Nvb0guf+G3VRDnFBRWBA9qXekaTiRQAVGYihv/blllH6wXV0y2r/gF6mvxp4zR+Sr5Z4G6x38GAPZhsV4CZ4EqcO4GrV+LQsntMAdUo9kDiUa5hA3CYL/Am9yNLAiDW3NP7G7Z4ZXhB/sjCyjpkvF4ovdgIbvtU5g1RcSwBPGdEj9+hrc8khlrOKAn3rjt25Bd4j7EUbLU4NMM5mF3o/+xNylHler6ZOR3yQsPAnSq1+VgX2K4O01nkVek+iFyFWj92vy/PkgNxTlMHTw3lZrh8FlpUuiZmpoLev7YU2bQHjDykg1rDSRO9rt6C4nq7X
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d2e-cccc-44ee-89c5-c04e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:54.000Z",
"modified": "2017-09-01T15:30:54.000Z",
"description": "in .7z contained .vbs",
"pattern": "[file:name = 'MSG0000000425.vbs' AND file:hashes.SHA1 = '45bd6ae48962a655b761aa9d0e22572bc7771d41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d2e-d81c-41c0-a832-c04e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:54.000Z",
"modified": "2017-09-01T15:30:54.000Z",
"description": "in .7z contained .vbs",
"pattern": "[file:name = 'MSG0000000425.vbs' AND file:hashes.SHA256 = '4edc07aeacc9fca9b0d2f7ee8b7a5f65e15446448d392793a282e38b9c8a37bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d2e-0378-4709-9ed1-c04e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:54.000Z",
"modified": "2017-09-01T15:30:54.000Z",
"description": "in .7z contained .vbs",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANt7IUv20OjGnA0AAE8tAAAgABwAMjZjNjAzMzJiMTVjNzMxZTk2NTBhMmQ4NDJiMjdmZTNVVAkAAy59qVkufalZdXgLAAEEIQAAAAQhAAAAr8gBn2ZFTGSwXLOrpJvLDakeD8EOGtupQ9IWkzKVGSnFY3s9ktWi6/R+UQ+bqV1L1biIneag+gkHqeFwx+1tdLRJMRYR/yCMeFPGq04hMteLoci/1QgdHYm06TTyfzyQpiuJUexrKYK8LWKbJfTp/RoEmiVHCP0Ffucp7AqtsnlA7HzxghZr9wn0t6TtrKngcFb2U4xTqg/E+Xm2+o4Q13I13zjuH/EbqPHhxi+nRCheBn8YvhZgUokuNUV2taaEzfe4Py2/gjycYko3Zxhtzz+DVN/EgfRjxfcEQuTciee3XoxqCCKdkjW0ouoW3DBNTMUoP7Wuke7uVo5QOgFUUh3Pd229bn65f7oRqYnrsToxJFMvwtY/XeHN0VYGcksWpRk3bSqww6xkNhKzIn5Da2AxwjYE9aNwQONq84xPWuBBqpYSd+19D++Lf5DG5p9NLhjmd89nv5lsqy2ETwV2hixShj9M9/LsBe7PCas4etF6j06x3X1An1kw2OiiJzm9ArugdlE0HBdL5QtWYp/iNn2uNmEwNW5tCCc4HC2ZkcKeAB9UMi2pKi9Hbuf6xXNTOgI4u/IMiMveuggf6an30zTXvCE4HL3eB6Vr7nX3KYAZfZzbDluI9g1WXLN2IT292EiGKoWiWP8/xcldUK9pCy2kfDM6FLpAJS4PBoHCp5V7E8ZE6Ul446cU0PxRJ/v+v6v14HVuFzSIefFGOFS4jUO6lBxpyWj81+5lopVNEgDvYsMgMoE2h7mLfyl+q81FLb/CO9HZeoS2iTMRf32VWa5Q/utnjNqSXFV5AbJPEx0tUDK0j4vAyaFEBWh6v8tGEU91W5ZCN2xz89lFxY5eBsjGQ9ud66f+39QzDhC7bvDJWQqem64cz2HDiiQ6CsJsFjsFqRUinJzjvp4IICxOkohY0oZGykyTi+HdeN1tYcC33r8fHvP5YV50jZhVeDlu2UVi4sTBw9jXHfvCKfaDXjygnno2p+xOQoioiHUuFv0N57uwar023RhuKzyKVzVbhpX6RvLA48uYg7ZccrmZP71vDY2ZqznebKOmju/5XHukC4Ci0I44lt+9JpgJMWOkEnDrgnet/+07WPHBcljYw+FeMMKS5TjzcEbssL+qZPUQxWGyWuDkE9a69KfW5Zi72k7JnGW7rgxq8U0kKfSzhvFt6VUdxgFehIEmbLmRmrKbsvLjTfe8XwQHB1jEXpcZUSAfv3/acF7/DYaNKbUGt2VDb1obRRcl2CLOGisuffJXjhWheKPf71Hzdu8tk1nYghtMYEehilykv93LbHk4n3TopkIT3585AL4X7YdiC6niELFu/efp65IM01uL4u6jdVNyEfsy36qMAZiPgpLUDZw4VagyQSCQBnR3oMOYAfQizuE0yCrqwzmhNgs2Kcfc3ncT2Y1lngGaX2UG3S0qmDZNv9oNO/tRjCqJSz54jYg81m/lZy487EGtxMtPh+pprU3KaKdxlyNs4cdjuMmTWFYadg6TIJSRRAGy8qKPF9IshT8E05ms5yYukQWk+89Qqb8hZJd9UnwBnvmpsLEG+/RBJEdVyGdaWhqq7mXNbHIm5xYK5r0eJp0JiNBLJfkXM+cmNmpckaUT6LoJ+QFjdTajDpmgj/GUgWd9HUmTAyHUML+lN198xpSxQirownOtq/jmm2SUmTeCIkJzPjmrekzA4O3y7zxC6cI9ztD6PidDO69NMQschFdLX0dTbarylsa2M9YFgEu6n/WWLP1rLZucd1ZjOd39SZADFILS+uxb/Bv7BqaFCw4o8rZgbheyyqvrMseV6lkBqBzvrY2iJ88MUG4I7Q3hpOs4SzL8wMW4uEIq3szmRJ2e3Yf5c8hA5kfPtVbcFayRrT6BQiWJR1AAM3SHlaRh+mwcmig0aLEA7/kB5weerVDa8AdnIvxjnZf/3QOHjJwLuqAIK/9pVRpdMhvw1yNJmxvP+MdXisevBktbmC3SjYaXG/iTrW1CK0stl6nin5TscFdWTv+TQJRW6peALOht2XA/xeXKR8YNiWsAvrzAjQ989oIL53FS9jk4tFGeSl3S3t2TfJqI+7UwqU3ETNnY/FcGYpt9Zs5fqlT7K/NDE1TnfBlgLktQtFYWSHem+pxv+kue14ar/A57C1Gw++prlGx0ADYsyLG01WOv7tLkPaIVefWlVxMKXasPdjADpAvvUpLK2638KcWaYoQQ5U937n27Ie6M+MhfisQ91rfigaj9i3c7QLp1AVsC75FbJHPPbZUGo69kJQMg3MWbnGkiiRotXuDMz9NTQ6oGcaV9sElENzW7xiKX4Llh2BZP1wgJEOTKY0l0ruIZ7teiynN4fFLb343KjKNVaxvTq6pRiLbwYGJCky6aNpKGlyoGXeo4fcqX8NtB8IaaAYk1xcq/tWTdbn0NZnDc8nGjBJZNTH4sRZ7rFsEzGYzmoMbYyOam7agI5Pjrr/SbKzgTBKhn7fKm/xH2TCOzYIQwU/Dd4W/8NF7UNa6OVV0KpoVrwIF4IWT+uE1l+UjVFIjrReJEKkjdH/Dx+8rq8IiB8Eg2RPBTxSw+Xb4EB+wnjgiFhn3Ehkd25V/E0KUoLoA5FxpQzJwWnkOF2JQnihRDFTcG4J4GO7hUMc17TthadUKVGqNN4+45dmv6GQDl7gji4jeUE1sJB9tw+nXXZTbZ/E3VKCza82ooHf2PeEZI5z3tvkfY+vLx+XgcVQ9Quj0dCP6lvMeLrSgPwlacvPscA9wmdxeGap+NTzv7WTBPGfBQarNz1WFCBQCz/VYcahcMzgmeaRCdmZVt+S+fwbXuhV/vkbGpfOWg7AppvddXQ9CtKZTXyLb8njJ0s5NHYeRULXL/m4oBxu04krgftQVzJJJ4lMJP62F61G01P+35fMhbIQzDbUn+WhsXY/6asud1e7Zk7Bc8NrEtHyutbsHFTf1YDcYeRFU8u1OFwfp18R8Xm3aahm8Kxp/Q05eI+s0fM4A6m1TbA6IZwj3iK3P2JOc+PgghNhe1U9v44PrqS9NsH7I+WsjG/NVUdCV/Ez2GXul/2jwxkMOOhA2wE+qI4AxC7MX27swbjEANqJ8ESwQe35jdorNjJTHM/71fk2kSU9ZsYe6IAt7kbcrVTM3V6qibKEjLyvYVCxGbuZ8HrtHma+H1Ypbm4bDK7V6OhwxNNuaKgfHR+RE2HJuk/yJ/jOFZJr2n1HPaF5NUWpb8CqGV1JrcOKPW5Mh5bJDgL5NtEfkrTYXeZOUMptEjnL1HrVTWA5K1OmV2fSfB7r2FeuAmrf/oHHpBuP4Tg2kxDASTShmBh3JDYM6Z3mZJ4m6wBjFuN4mlwKNMWwlictC9KnJlquim1kOg3Uk2AxY7qdM7CmckYglQm0sQRzsk2LCAaPdaXnTgLypvT+H3m9xO/YTuT4nF0K4WtN1LKULIdkIN0z+iftpLFBWvpmbwm5VJosRStjh8pb0NYHG5U8BzmMa7esPG3cndkYbEzA4K/g1QisBW6qZ+VRCy9kdO7v4MbEGqrs93/FJ10nRo0TqgfEmqA/MD5URCwuVyE07yfG/p93YYCox6mI+dz+zs1EsLCv0/dhCMYEZWjaCKC34V/YyiK7/c78OtdmiYCc6c0bjSK965wLQhzwAOVFsf501L4cA9Th5O7TjJrVPruDC3n8onabbOkWBdUnMKeSLEm7qUQl677mGMBVHJisLNlPB1IbdRJVmL9qUGWtZ6fivyMFqkl1yKFdizdEt/A5WVsq4P6QHZ+3FGcmkXf4wRUR/lCV3GK1zjrf6X38bSTShBDD7YznjcB0lJH2zI8KR1TTAHgosPTajD+dX8G6uIyVVgY9/nzUwSPl0VkVRZwF71KBizfU6YyjdBL0yx0A5q0j6r6Ecx4WFHOP+d1zit5+RGnxfbk1DQdOvnXCeyp91YtSf1JtXjHF
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d2e-0c8c-419e-afba-c04e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:54.000Z",
"modified": "2017-09-01T15:30:54.000Z",
"description": "in .7z contained .vbs",
"pattern": "[file:name = 'MSG0000000516.vbs' AND file:hashes.SHA1 = 'c5d563edc8b60b1de62f78b74584cb119a8cb2f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d2e-c9bc-415c-93c7-c04e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:54.000Z",
"modified": "2017-09-01T15:30:54.000Z",
"description": "in .7z contained .vbs",
"pattern": "[file:name = 'MSG0000000516.vbs' AND file:hashes.SHA256 = '8dfcd55c583a17375e09a90797bd2ec87c53eb8f7bce09098cef4da15ec24653']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d2e-d4d0-45ef-b2a5-c04e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:54.000Z",
"modified": "2017-09-01T15:30:54.000Z",
"description": "in .7z contained .vbs",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIANt7IUt3svrfqw0AAB4uAAAgABwAMjI2NTFiMGE5NzljZDc3NWJmZWJkYjlmNjRkYWY2ODNVVAkAAy59qVkufalZdXgLAAEEIQAAAAQhAAAABNDLXbrOLPpbdTOZm51cD3dOMb+fnPSMeSO4hJZG+/YyyQs1JW60uN965j5zshiG+3qbo/c+M89o4WvdchL0b2aLZm1lNw7ll3CEdXpiIau9f8IiyX0jCzMib6tiTTDCrAoydbUz7pT25/b/zUag6T/KoM5lfNtH+NiloIXSce32E/TOc+/wPk/QceIQ19CUTOkE+wcHA7jLanl26HZZ7P7JBTEeB67pV4wPh1E3lgmwYOtPshH5DLiRQpAX/SBW5aqKA0Etas6Na3gikLMm/TVIXzUXRVRc95MOQAPmCvWwvXUBIq6KRUvStcuokDxhNxFwcA7t864AqBCTTfLz+6XWwjSevi6lFG3pCOYmGpokaw54P2/nLO84it52KZ1xrv+PCn2xtsUgUk6p1VG6yioZkl57fqHPlitTffjstzy2vpsKycu96wEyM4pisHopiea9tY/jq53o0eVrPwnWVpC8HfOQy+dCFxojj+72M5iftfv4q+zBhWHfueNeOW7gfhvknEfZLDjS6QPLqoMnF/9e7X6K9ayS2Yg2RE/4/tqMEOEQocXPHRP+ojgX4aMurUjSwDTnXekN/H+mvOf+g3WXKqzPxFhucc1Lyhg9FWoD/q8JBlYt3gOO0jQR8PSe5PFi9xTKF3R27kCQZEXPDefajbdZHxLRJFxRitiPn4x9j+Y16zSvHqKSP7YCRR/5yO8Grhl4cEPwg38rWvLOJD8LTBc4Ie2J8hY5eX5eyI9r+O9ThRBGeGJJsunRYqY9Qao27kKc6FQ/LBtQd3gglT+VJAppPblUsRC9n7ha+y29h4yWpqEJAVYYk//G2fdBdq5En4yIcXPmxHmTG+Hw5U9tJlPzZONBDj5Y9wGvRTq38T9Jj9gh+Pb6u4tL54AFKOJE5dBrWE+GR0tL3mP80hrIPYMFuBg/dZNCBSScdLnf8daanU50y61F2gHyKBh9IscewrewM3ZQ2FkV0vOvb/IwP9zo8TbAj6jfqUuh5hLM5y7c7PeNlMbEqBXLf/I6/ocd8B4myy8YqAY8fzWSz/5gzTTokUOtiDp6nkwTncR502v6LDEcLTNNRi7DajTfO87UQKtX2+Yd3MY76ZvFJTUBWmW4eYHpt5RJhMOd4eUt1O3vi+/JLgEKl6klbEt5/5qA7xpJC6N44MQBT7f6mN4JbvW8hbtb6Kci1uuLshxVSqJWz9hV2kg0tO0EB85PneEWvYnjw8G0z6+rbULyQxPQ+G9r1Zf5LMO+LKEyD83HEWmxyoFkHCrSGWJll+d6rqcA4ujzqDy5OPU/pyDM68EUhUgwlnfWlsI4rXvxB+1Jtz/P+wD8xidDSo87Q/N+VjZa43WIOOcmXI6q67MVaVFWtB3QEROu0bO/GY84yRG5AdGGTBwWodv1jwFAhWIOydvUCrvIObH4KxrIV9Dt0YS7ByrLR9jdU4OY3/h0ZgaghLwVGTtQu7LjMoP1Nkca300a5gBUneTVT4s8VBGKnKuY2dSjjcoayMWVa8d1bjEaoNstOvB7+m0TPasxc9OBzmxVBz9sej6AKrKP9YDLh1mc4iQq8yparpk+4JsKR8ENfagNkj3KmMK8gVO0yxdEWsHWAuHrbVEyitVf9PzXUm59LdxTw6XGTqfEEBVHEn3ao41OfowVa6KVihvYeU0mIRhcpJdcV4cJWeJLIQ1qrNfmwAkGTUPHakwIUSUuQG9d41lMioRZO6/vQMfApY2vU1rvOrn3UoKDXQBLC9NI1I2GBG7SBOWiXHniFn3DOGrr8j40s9ElDborKAE40aF58vL46oFuDG00ZzIlq9I/JQfynIspUdaJzXaA6/RB53vRV/iUcVMKngWKY1E6sbJ6yxcdkfmP2stklvQN1k6F2zl4U2Kn9e2WpnwgjIyEdRHDJweFIcwB0vZiWewSUGSQb/WM1bTZtLCqn38FuFe86cwABKDYKmXJh91CKgy6nIbqAZfFqRA8AujT2pBtyWJXEC6LUchtBup2h4mkZLQO2rHvzUJfTk/X/hylZ5+c7waNyuTUsUQPQCNPdjkCg59jcp2DDtTGzQqR7P4Ewn9nmlznytrg8gf7LlaYI0cVdgvIO19/yFBWtKHI5aRsHjFvPgsIrY52YnPhcysm4A+CV0MmUyKX0f2/BqRWX3lE4mprJrJee241JbHAfSBmJvlA/Vw0WimWAJpqg1V0SzRzsBdYl4arFZRBfvkQNrHlXxUxZFMvDdl4o2jxOZ74KyXo5ylu108XjTKn+wmYQXafoHyLNRp5FSw+cx1I/laK+kuBvNuuRpn0YZkqE8i38H1KWnc9x8wxLj5cH+iGH+ORQuE5FD69rx3zj/65enmhg3jq+49XVF80jtNqyrNevHxgr+PyewpR0uMO9JY4UL7G7R69CEa6pmOoI+9N5BTF+OxD3egMgsYp1Sy7B4SB785a3HWhPZ+PZk7+RbDmUVx3Tv5GnAWVRECFcxZuJTqCbNV7lyoxXnyiUbqZ0sZBY7CVfy3eIULfm+lAjdQkDS3rcrp14VhtUAjjdoOedr2QIcQJI4zxgn3m2opOCJghEUyLkc/9737FAeRFnuLPvVnH4My4Nv4cVie/BfUSCZG+l6quVzzwAn5XfFMjXxUS4IDtXyHFKbwhrKXcr64LCBLTp5wlC4u0GlsYNbnhlHQw+SrT2i+mFsV8noODUDDezsHqHVS8Dxduz04hdOb7PyB90aTSmfLeMGImdi6GZf44ZU3K+IsPg4PSKB5r7TnxlRa9V+gkvGa1R30VhNaEqtkiuK8SbZyr6r0fV6HUg9V/vkydgU5wm9WEyWNI3BfegKfkOHXTmHvCtjS3ZHv+MlZzTWwojb1pVpfSzLQSukqto1zfVGWNoXiAKPYudKhgSNrtTdxURsGkjpZ3kV8S+5J3IqZfVIUXRZNlsu3YocKmbT2oZEcdbB6I9VaQt7YOCDn5sbugdmf3wm+kl7j9Mlo61ckLKD5ueEiHSl9PM1ba9lVFPUvaizH/CDgxf99OB4nIIiv1DlTb79RHsXhfI2cyC1WBi2BT10PHX3N6+BtMgYKWryILMz6zMBvpvufpCIjCzpC5wHr4HAg+GL8s44X4rPfonrrFgAURHcO0dgQGlBnG0wXk5owFG7xQympZB+RJ/oFzq7yc5m5UKm7/gCiHZCp36DG9ZTjYWCNhOWzaFiHq4QkFqkSuPwSdwY0qMGQDgkaI1GZjylOWfai+lpk09MJ9KUWqMJsx8skmjO0kXEnfLM+ZCfDC+QY1qmC8b2K1jrdrFmQqRR6WgkigVDpFH8vIbKyK784JTR8X2lMWc4VbDLcqorcli+/4Wy60MPs7f6yn4D+cU0PBmHkTP4dfopnclUFHvmwRUGbd17cAIdbVq5R68YA5i3D5la6uxR5VY9LrthDkDqvy62Ysts0s2bQpvCQE7aYamp6SV2+lVgLWSFOOiQqMXhwmnvEZQGJaVtOf5LT/g+wJ7LIA4No48ixQnDkkiVmcy6RxrZHp9jyN7sG4Gh2qzNS5jMRM5f7e/Ma+1ud2iia46tUjG57phJh43oTtmfb74CTcVVZqTrL7obe0mPPLE6Bs11U1MpTkZI2z3qokBJ1ZBq1yGqtBSv4Lfu+GjNMR3sQ3AdrF+wRH8HfYcvBoG1gSdU25isNLfYec/3f5gf7BlSAgRwDKxeESCUlPbf89X37wuWvZdYNwkhecZjy3fcxYGTUs013V92DJHGmsbtsREJQTY2ZPCbdX4h6ej7Wgign500RIOi0MFiANDmmwdgVRvliUZMlEa39uHi4/mns3PLBe2qmB2UDWVVsIA3s+3NNm0uiGcXNQt3txYbBb2dYT9SqhVQKzdSZorYf6rz0A+fpVptH7ukfSUInaPcyn1YqSZcz7N2wbHg8bWW5a1tDA/MUyz4NTr/UKG+/9S5+lsG
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d2e-bcf0-4ea7-ac70-c04e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:54.000Z",
"modified": "2017-09-01T15:30:54.000Z",
"description": "in .7z contained .vbs",
"pattern": "[file:name = 'MSG0000000729.vbs' AND file:hashes.SHA1 = 'd777655bce806bea56f58e3a3928a84d704c5c13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d2e-bb5c-4c36-88ea-c04e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:30:54.000Z",
"modified": "2017-09-01T15:30:54.000Z",
"description": "in .7z contained .vbs",
"pattern": "[file:name = 'MSG0000000729.vbs' AND file:hashes.SHA256 = 'bf11c500a491a0f3fd9b3d5f6c56ccad08267b4cb12e00d0f5c0a96e5cac13e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:30:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d47-8f80-4b7f-80b7-4eb8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:31:19.000Z",
"modified": "2017-09-01T15:31:19.000Z",
"description": "encrypted payload from download location",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOp7IUs9JXQ7aJMIAAA6CgAgABwAZDE2OTVjNjkwY2FmNWJiMDY1YjIxZWI1ZDExZDdlNDBVVAkAA0d9qVlHfalZdXgLAAEEIQAAAAQhAAAAuo3oZwNMmckd0bnOb12joZ2ta1IkpUaLsLhEO9rg20v/zuYyKh4HsoTY87ncNpFpYYIP6RQSTot/6D5Ng28bIYxCwXZnpJ8nadrG4zwRAgyCZg+COLwFUoS2/ekxIBrmKVKLUqwm4lR4ck/+WIUpChGUriVrMMSeChEol/DUfdZrVFHENQlcaviJiD4llGu8Y7uhEkVlKYWPZT89nELnr1+LWftjLuKFKWVz53UjpYDwn1ldgX9yCQ3Hm2kk/4mZzqd1ChZKWoEWl1Df5wbUXPnRztLW2YLpI/YbNdg1g3OOSJPh762WrpjSd8QZYzj5u3cwTRVx4Ry3CYHSRC2YXc9NA4yAyCNJdzAiz17cVYQWOgIAviZocj3tNZaT2NiDaAr3prQTfNjgi/o9juQDlVYsWUdbKqR+Mhleavq9jj4Y/Q20yQWGewf1C79PuD2MNB2xvQIPhe0hQFRzwa9f0sb6sJ+tRldEznBYOpjXVb9g51zff8Evk0l7mwUExoSypQ3lQfTw8DysAdiLu9XwHWO/Pmc616l4waf5usLu6RYQ5NEhCo16FyEdx0HrmD/QsEYIZIXOTjhrsJW3UOhvYvPuZnN8TXZ0dXIUq6WA87ayndgtbxN39Mm/eNdOlHk/VEFxham9VfT5eo2fgrVD183XIbwT6JMXfq4manb8FMPF1blGWzry5La1Xs7CV4EQRFXvgRTOMVREn8BCo8Ht6LZK4VW5q5NMacMqcanZoFnWt3teH3zcS3IlE1VjGVVf92BBKY5iVb7eEoZd27io1lw0oDXhcL7N+pw4qoSRqOUJx5AVXuyw0SkoY3+MOs4UcGsfrenUEO7WDbwlWbCKVdmQOie+bSj2KAVlGFTPrdyjOkQ4NiWil94wcuPDyaLTzvpl1NXONeGGzyjj4muLeBCEfqHJ9Lvnw3C/XK53kVOF0qUM5RO3zSqj8xhkpboG9ga9fKb1N0tk/VlRNCpoReoHH+V7U4iMUf4y/We4Gl/iZQkrHp1bPxG5GRyalLQ0MJPfq2OSQOCW/UHQtP8e3zqWvWcWkQEUqEmokjh7HwUPy5WlER+rXoQdm5iSamGEIXwD+lTypfIiS1z/Gs9IBBkZ35doBu9R4/1YdOUCKAYr8tRqTJ29sXviqZVSc1HUbvDLhC/zvH/rdXubeKxgfFK8BDnAQW/s7K2+JunKfsIydIYG5mv+VZv6xlTmTt9THe/JtcClqWiPv/j0UnLfryk6U299Mnul6Yin+izMviX5g5BvQnMj9WGfIyNzH8/aE1h+nlaJtfRYOEkRxCWfZvrvKugbD1awslmGAzIT+W4mY4ANnDbmO1HZRZRm4bKxEtYOeQqgdvwjGtOfKpRWeRPZyN/OpEup+RAri4mayM40PgoWsmUS/FjgyIsSnMxEqGOHNBaokeF03I8XE9RK4K18Iig55g8VnWjSQRJ+ZMF6GhJhJIcGQTl8oRYqCYf2Q674XQm/JEMEPbeCgiJj0uvcEchrQq9qQjET6q5BjX964MBn3mceNaSMHmBlOvYEr1Sp+h3siUSR1kQ+qHeR9ONl/2soG63jC+L3AH2lewEhYfODxJoDxvhwCIKgHEKXk/388Sx5L37tD0siU998uhonAv3/vWmnridJHY/sUVOq4+s/DPKiakS4lF45/IUKu0GgKb2e6K/X+iyl3UokEkWHk4HpJQnxW24kpbOShPYQAeUl1V+Rf6dW10dFJdbFyG0PyIhfnQzRmTNBkqn+HShona2Fg/P+JBfHowKIWFbBzZCwVXoYpAwOLINzNP//OfgqvJ+GMYJk5lpmXAwreQIeq8RyllnmZN8vDpV51JtO2NO9kOTNGzLYaN1DC2vS6j1q+RQQA8TGjJXe0OQbJMMN7qJPqcAV7QWrcflFqXxPByO8JY2WE44bhEF8niUq0ulbKiRECzRdAZncC2sCXCFqN+umKADIskSAGelWuR5SAsdj2RrpgikJJWvaoeGgjLHXCCFH0X5gpg8K3CQleHlBOYBU4Bu82kKCOb2DgWwkMEGSOxYNqPCZjR5u6hkHVchznUjdNcqV/2g3IAUU8QW76BObx3F66BP0ftWXHD/ltu0bm5hSWcR+SjCJr6w1KHEhluJmPsThJAfRT6JVKtki2H4a7B+r1/3Ho0bGtS2xzdiouPntvsoK0dafhDPj7vt1B5Rybp1L1cPAiHuSU7pScqcdk5ubDkgpctmya4RcdF4Xh4gLEzyRiJyMDKpC/elPP/Sk6wvNoFoQN5ToevbHnvQR7MRKEP8mwRfJSK6w9oO4ZLd43s+fRl+fpjXJ6jdK5ZlscNn5kJJ3aWO06if/WIWR2vCKXnpuPDdpOGWj7iwoF8vNKLPq9W5CWXCLIKayk00HSD+qzyxV+4UNhCm8Zjl4Bh2LKwJOQcVRoevKWq57dBcprBYW0ekaAoJemq2OIJF6lEwRqD8D67vI35htFOSla1fb9JX7q2gyDttgozKRfwSys3DmLGEbE274gdgusIZ+4p1orazAVrvL7qRybC75lWMmJH7bz9nMJ+CfgV0sgxPMO1kF8dyaz8JW2P+EZiJKb6yWPYlyyCzOveTdcYBZhuyz8idWEY/VYVqmnrBd+1NFktEOgGlvBihl2nsoXv6tf9btqheUrZyV6dVV6YmMwZp3Rqo12eByOIO/W/uhWqne2nAj8Nq9fnUoIJk1oZCG63Az7aiqDTRZvUH4Gf7bHJZFrOCD87Kg/fDjJUDYM00bhXXncoab4MMmWQo2taTWxrfaapgdPj/fTdC6bcNeyKritbBE6C+ZE5xrnDppi5b7/DXJjKTbI+fYW1+aIIgDchZkQrGadM7MVKDQFzEGwo/tvgUTvC3cWkBXMPl6LIhyrSQOZ5gatQ3elcKxPI2PgrtnXqewp0qzR3hWQ2EwAWLxo7zSL6GyUeDtOP6T+cf7pdJ9Dw3dTEtYOp3T+rNtaZbBwf+Ktvn7a95xrKohIlG4PnQAMpmFQXh2ajOvKt8PLWGbPDUg1i0xAoL1bkTXHeIIVnsU2/+WY4bfAnVhgKMhXLRuxMLSkTbe8xiyubVSWdtsPFoHFuP+FJ8nbd4lYgaY8s6P0g3NUD4N1DAuKYLlDshbViZIHyeVbbgoDStlVEbtjf9unydgclGVjOYoqNbbiysUNfAJclyBY4RqbmPeIMnRa4sg4LUu9yCP68dZJS4Zu8Vy//QIxS2OBy6/zhWtF1iLN+x+P/5kJ+fl9XM4Gbq17mGkWHlYEw4O7Qm3vdwhCNPceW5ffZUF5aBvy2J0oEE8r7c/G9EaLIo1tPBvNJapJ0Pnzm1G8ku6G/tQqd/mhF8GUVsijeBUowJdsie5ji8CSEkGSEEa7QSS1BnsCgwRn5Gyo5z6Ti8gVMI7hcXYUT9X4ATRwjdJ86S8KahLEivRN4fcZbXOgYLhVMU/saQ2h+X+BrLIts5vm/mmIVlz0suNBllxixEZxXSZU3WHEuNuJYzI8ONKfGxp3eoJrqXR+gyD1UN0fF3yXTqiNOkt5KNLLRgKPeYSXIQIEIqXN6cSqu+f+cVRoYKp85fjhCfwTG9P0BRoM803KE0r3e3fLDrh/b+J//mkwbsmFMm78HOmKJQsT7DjYQUpC/XVJB0ChFSzO2I5UqSbWy/9PVpSwUaMeFxoHjtME1UbQpJjyjOsal+DX/6pwXdtfjOtJriIuhj6pXIRngd3bXTQA8VmKiC+4e6GHy7s8TV07Dtf5QS6xSDXggSxKQ9Bglk4IFjRdqUMLGRDEcLuErFArCMHcQ7J/EGv1f5c2GaMKdyKfA/MldgoJp3S7RaenaSA9hjoF0fCjBuBjxTiof5tlnXnOahmoUQJQTdUCcnmkaMxsyDK4OemghU1qzTUuiixFHZVY4kOHzXtXhKZtm18p618a6LmudntuHtEkTSA3JdyWT
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:31:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d47-dba8-425f-abcf-4ff5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:31:19.000Z",
"modified": "2017-09-01T15:31:19.000Z",
"description": "encrypted payload from download location",
"pattern": "[file:name = 'jhbvDjs0267' AND file:hashes.SHA1 = '45b1826cf5ee1a17ee54c22318dec4bee9011777']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:31:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97d47-a534-41ed-9621-42b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:31:19.000Z",
"modified": "2017-09-01T15:31:19.000Z",
"description": "encrypted payload from download location",
"pattern": "[file:name = 'jhbvDjs0267' AND file:hashes.SHA256 = '7e1fda8857d74312526ee7d563eaf2211cef0d3e02a511e49b475abf923b549f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:31:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97f33-6eb0-423c-b17a-43e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:39:31.000Z",
"modified": "2017-09-01T15:39:31.000Z",
"description": "decrypted file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPB8IUsXf4sLamEIAAE6CgAgABwAMmYwNmQ4MWUzYjI4ZmRmZGRjMDRlY2NiNTUzMTMyNzVVVAkAAzN/qVkzf6lZdXgLAAEEIQAAAAQhAAAA9nzF1EKMBT/WaNRP2wQ5nEEDfD6nW/WOPRWfXdy3HxZ9mZzTDU7itnwDpQ+oFKRjilcG2zoqCyu+LgJC1MzkP5lg9nMSrXVJVtfFzkPntRFgtqywnDPoqh1tn6lS18eOVHO0QOG3zCnJ+4CXmBEvdmtIgiWjmms4TgDcJkMdbaSHvU9g+gnUPMvrLSBeEojadrtN+eIBQK1xu2+3e9iojgnte31OV+yyUl5MddqU2ElSDIx7gin2T//lAmkDKnKji+33VaSrppEM143xkfXA6ULsPABVjcTp5cMvqQwSNk/3npyXzjLN3V2VkRMBpq/slc2vZfIJmHgnP6xvggQCFO0TatJ4qwSuVtj8UfsNRqn2aPzo3O7+O/RjE6REPzjRZiazyjbw88YDQvPVtd6JRm1gqnr6aPxOURa4HNFYN/Hi6s95niEnKcWHgIuN6SQEDUvp6e/W9V9E83M88M7jqIC1fxDSpgcLnB+4c3VUMtkPYxJ00s7cnLW8hPGWp/5PKdIT7upcuZP8qIxvEmRcjbQx4nIa+xxP9gr3NHByIX1ZKS0TW7xKchFjlArGXWss27EITkGhEQp1tZc0HnotxWyYWXCr4p5SS4+juDX592Y/7MFtdX/tfBkBd/cwHKgaVHsBRJavB9d5KV9b7m1uoys2SZV/vExUSnM2YEH/esr8ooNc6QRqnXQE4Ml7a9KhzxTvxntn4cX89cgNHP9paIiyFRX6yr6Cj4Ly1lsrB32uJp7/s+yYFO38kxNJo7dPsEoyVvAIUKTxqScuViEJYuOF52ylLIg6QXVvPJKHUofph/hAlEk6OENbmFxKEfTEWT4DRD70d3MNWOc/k6gHpYwJlaggi2xwxCsmGjadm1h0VGPUYb7tOK2YdkluuZru3c3AM7MMdzqx4pz8P04/qa9YbEC12rbT/tQ9XdX8fvKqL7OjBv364yxBHlJpfJc1X8ZCzw0uXMvgWCAYCy42KAYGYOiLjF7Z1j5WErQBwuMI23gVBwfMldbLeEPeprCa5mG1bCjoW+Xpm/GQb7l0xM9N88e70296+4nmKRcG1dHCUJuiXqypN2OWddfFHytZtMwVg2N1t44Hp0ZQdmbIQOU1F/NJTXfZSbA9Q5rTbDHjFGMSJ6l+VxGvM+bHjGIN/KLPQtxe9AbxK1361wYcl1e8dehWSyUDpfmvL2ShyN6MSBg8y2feUZzsTrzG4Q1KTIC9XUgHTZ1xL2J66Ir+55Y0od+UnHpa2TZCIIF4E3CQWQpBbSsTBsRwGpBT7qhu9ppZN2DFYl0JcLZ0oAnUg/G8uJx8ou1PLciqOrkFShEo+gdnscow1krurv3l1Ozl5uos2GB6yMg33xfEA1yTiFpMdLE1VaK8fXv6Teca2bbRKEcdSCao493k3m00qsgdppmXmPoYXKN7TownpVMMXp2onmkeBpqNBwRoKQ5KdgMNxmpgV08rcW/ZqLNZj/gOy9smgdnWc1qnnhi7VHuC4x5ONkh7foJlJs2ewbKPIXIw7hIzXoQZITFNCQASh7M4UehnPIMpkPqd90hRIlM2gD/69GWk4kbT3nVno4Dp+gBfqGNFsy0OYwlyUkB/29pgT5mdmnwzKdnQfxSTb2LtGAAn3xdwR8REYwnXedL086nkP+BtHcTydKYiMnMocZ/zIEuXPJYUSNcdQSxhMQ3NPR2HeFeIPFN04iCnSi6F539HlXJOAZo3qdHdt7BXFOec2aB3xc9sSZOb42dkfjcVDQB6NLcMmGAKXr3MZ/CyELHoCyL8AK/tA9nO5mudwW7mDNFOXoc4pkpDYJ3VCzPhp8xz1pvj5SVG9ppSmwLuU/H0uZSBeA7b/PIugtX/NHXaXXk0ZeUl9M/CPUyM+EJgRMvQsWWknZ7ifZrkDP45GgIk5+qlZzKNs2GIgWesYgaSnnCV68mZL5X93cQj2EPMzqmyHEAQDLUmG79CP5q4tt1vPIG7YEPZ2suGl179niuKgbOELDwIhGwbcg1oO5X2CP6tJivk6Oq81T72QOlNmiNMsnSmYbwljjI9emysJoGaKOX9m2v84V4JNCrU1oqo+bidjYV0clocwO1lNo2YnEfAPhvDAhZYL6m23dYT2F4nRxfpgBjqb9+fd+xl2mxawbcvSMs659cITdY4TvuLr8z+BiOZzIPwTIdFUPhbfeiy/7G9ExlEXGwjofto9V8abZWPCOpZ8zFHynkhB4sNgzT6NeNohzw2EIrgofluXeA5FKHAPGSsPHcsC2GaXh4Ov9Iuqz85UWjHk0ZIXphAhsM7liRMq2M+HE0h0Rq13M0SOOKgH2WdsBb9ukT4I5rUIJ7uOF9WioloW2iWRz1rMMyyBFiW1o6/Gs9e8XpQ8ZTBrtTzpWB4UadRKWs1iwF+yev9o3BFp4+t0+rwqJcmovjV+RmuHu9LyNdcKNNewA8R2nvKI6l7gMrkNNkhYx+c8yfNBIyBL1efV4XlvHT9pELyb7zhcI5kSst+OqiQj+U1wTZylf1xPmUk6wYKw6Qyy8GJVEe6ErrL7Kym7FqqklSbid4rk8DHcF/dS66UIVN8QphmWWGXIhdEiOdq5b9uJz1JoYMCtfZnl2DnuKfPdCNSpN3hxcR3tKrxsmYXaWOnwR2Op5tzNK8J8X6ykPER4TsaFgqTE6PDp40y4GOLm624eImpZpaS/1A4M+Ff58Lq2RkkSEH4QMUDF2on2+7qboyabNRyC5xAAK4OJ/Ud4aXsuGgX02Q+ThfXMfLeyE9RJLN/xrYyfgJxq6kiguVaqeNpH6wD/i308+hBYBoVx11qd4X+S+ZCI+o7u0ibyk5+L+HDnP7aQ4/5i3W7xDJjvQP5EP9Ayd4k9TDROvXFmlV1o6ztMDxAjgOeMFoSHkWBrVehW40QXGoAoijmbbvhuD0PK3uXwzm/rnA0JtaJwamct+cAYKk5Zja/JGumgBfR/uwrGXv0B2ypfLloIX/LAWtvgrH/u/uYrV6gvpx3txwS+pATziR3obDGukeV1m38OhJknOPgsIinEd8O6TPaGh1hRt4ZwQy7lfYH3A5MFJgdzYP3zbYEWM056orEV3gSzQLr49shCsY1ADNOYAIz7nbpRpTcI9k6FFzpnyVNvpdRx6XcysXsEK7ciTBSrVxaRIK/GG+YcYTgsS4Ru/XqXdmmH7djk1KbOLunFGGRAN8CF44Wk+c05CUnqJrUsPJ2rFKHD8L07/q6MEF3Awe4dLnyfdpl33xH3IFvX6swn6H/iJWR9kCG1nTrouO0gV/ZwkKM9HhOd+fo6pwlO+hxYxSD06aD5lMfqXn4FH4Ok3xY0K6OVTnhGF4XCnkhrH4Z5psnoxkfS6UABoQaEzdgu6Gs74p/T9/L3rSyU6meM63SEgVJs/GOshbITi/o3OkHmh1uetw2jNjKJk+ARtsBgh+bRHnImwCGexFS++9f4rVkqJbK62rYNOfDn3E4NaFXG94cRHl5xMj4otVe/GS6wZLKqwjOU9IzOH70y76JusrKHHrQHoVbxxqcZWOWqBfgOea6wXzbe1DrOQvczSQnNROuLAQvHuDG32U5+8TIJ0U+kTc/9v45nM/ag7hVEso1AbsDyT7Ys8RtBgOhUQ3GY+wdKct4dbsxzeAKsOp8SKWklllUuBs/UimeSHiqwoqpyVrFPS1LFb26JUcpMCYBTHPWYg5ZratHhbSiWun420arstV0nyXBQJU32QPguBS2NQVFiGCM3h4As3wi25U/ez/2nP9pAAduEGIwaAMxy0AXWoL6OWb2NykE5kOVu0Ey3zKix8xmP3VmZ3aoecwjtQrxpCHSMGiAv7SEXy2MiCqcwZlFdrNKPbyewFTktwt1WJ8dpMKKfuGRbZ1jWXpgZtdMBV2zpiv2q9sv0P06baiuR0BPNIy2eHpOMy2J0/YGazK6vWTzm52w3d
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:39:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97f33-a01c-49ba-8af7-474c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:39:31.000Z",
"modified": "2017-09-01T15:39:31.000Z",
"description": "decrypted file",
"pattern": "[file:name = 'jhbvDjs0267.decrypted' AND file:hashes.SHA1 = '2ecdc5fcd4c726cc8349201266bc839af875c1c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:39:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a97f33-c6bc-4296-b4de-4f9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-01T15:39:31.000Z",
"modified": "2017-09-01T15:39:31.000Z",
"description": "decrypted file",
"pattern": "[file:name = 'jhbvDjs0267.decrypted' AND file:hashes.SHA256 = '2b004e63065a8c06959511b848d2ecdae8295b8068f97cf7b15d4fd57588ba4f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-01T15:39:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}