adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5b194472-fbac-4d90-8504-c0f80acd0835.json

730 lines
99 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5b194472-fbac-4d90-8504-c0f80acd0835",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2020-12-09T14:44:22.000Z",
"modified": "2020-12-09T14:44:22.000Z",
"name": "Synovus Financial",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b194472-fbac-4d90-8504-c0f80acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2020-12-09T14:44:22.000Z",
"modified": "2020-12-09T14:44:22.000Z",
"name": "Sofacy Group\u2019s Parallel Attacks",
"published": "2020-12-11T05:42:18Z",
"object_refs": [
"observed-data--5b1944a9-c720-4180-97a3-d9330acd0835",
"url--5b1944a9-c720-4180-97a3-d9330acd0835",
"indicator--5b1944cb-83b8-47b9-8804-d97a0acd0835",
"indicator--5b1944cb-6b54-48b1-be9e-d97a0acd0835",
"indicator--5b1944ea-7140-4d65-bf15-bee70acd0835",
"indicator--5b1944ea-def8-493e-aadb-bee70acd0835",
"indicator--5b1944ea-8b44-410a-ac94-bee70acd0835",
"indicator--5b1944ea-f728-430b-92db-bee70acd0835",
"indicator--5b1944ea-900c-45af-8b55-bee70acd0835",
"x-misp-attribute--5b194501-318c-4ba1-a019-c0520acd0835",
"x-misp-attribute--5b194501-8690-4200-919c-c0520acd0835",
"x-misp-attribute--5b194501-b2f4-4fce-b597-c0520acd0835",
"indicator--5b194527-b478-4cb4-9d60-d9710acd0835",
"indicator--5b19453c-9168-4e25-b394-bfe30acd0835",
"indicator--5b19453d-5428-4f2e-a2f7-bfe30acd0835",
"indicator--5b19453d-cef0-46f8-9eba-bfe30acd0835",
"indicator--5b19453d-bb00-4b77-994c-bfe30acd0835",
"indicator--5b19453d-8f3c-4cad-8886-bfe30acd0835",
"indicator--5b19453d-e284-4d29-a633-bfe30acd0835",
"indicator--5b19453d-305c-47cb-8301-bfe30acd0835",
"indicator--5b19456c-8c64-4c9c-9c1d-c4870acd0835",
"indicator--5b19456c-dd4c-4535-acea-c4870acd0835",
"observed-data--5b19458f-5c74-4724-b1db-d9ec0acd0835",
"file--5b19458f-5c74-4724-b1db-d9ec0acd0835",
"artifact--5b19458f-5c74-4724-b1db-d9ec0acd0835",
"indicator--5b1946a8-6194-4a01-b335-d9ec0acd0835",
"indicator--5b1946a8-d1e8-46b1-ad80-d9ec0acd0835",
"indicator--5b1946a8-b574-4dd7-8627-d9ec0acd0835",
"indicator--5b1946a8-0020-44fd-950f-d9ec0acd0835",
"indicator--5b1946a8-4298-456a-bbd5-d9ec0acd0835",
"indicator--5b1946a8-30b0-47e4-bf8d-d9ec0acd0835"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:threat-actor=\"Sofacy\"",
"APT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b1944a9-c720-4180-97a3-d9330acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:43:53.000Z",
"modified": "2018-06-07T14:43:53.000Z",
"first_observed": "2018-06-07T14:43:53Z",
"last_observed": "2018-06-07T14:43:53Z",
"number_observed": 1,
"object_refs": [
"url--5b1944a9-c720-4180-97a3-d9330acd0835"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b1944a9-c720-4180-97a3-d9330acd0835",
"value": "https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1944cb-83b8-47b9-8804-d97a0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:44:27.000Z",
"modified": "2018-06-07T14:44:27.000Z",
"description": "DDE Docs",
"pattern": "[file:hashes.SHA256 = '85da72c7dbf5da543e10f3f806afd4ebf133f27b6af7859aded2c3a6eced2fd5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:44:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1944cb-6b54-48b1-be9e-d97a0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:44:27.000Z",
"modified": "2018-06-07T14:44:27.000Z",
"description": "DDE Docs",
"pattern": "[file:hashes.SHA256 = '8cf3bc2bf36342e844e9c8108393562538a9af2a1011c80bb46416c0572c86ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:44:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1944ea-7140-4d65-bf15-bee70acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:44:58.000Z",
"modified": "2018-06-07T14:44:58.000Z",
"description": "C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.25.51.198']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:44:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1944ea-def8-493e-aadb-bee70acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:44:58.000Z",
"modified": "2018-06-07T14:44:58.000Z",
"description": "C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.25.50.93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:44:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1944ea-8b44-410a-ac94-bee70acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:44:58.000Z",
"modified": "2018-06-07T14:44:58.000Z",
"description": "C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '220.158.216.127']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:44:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1944ea-f728-430b-92db-bee70acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:44:58.000Z",
"modified": "2018-06-07T14:44:58.000Z",
"description": "C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.114.92.102']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:44:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1944ea-900c-45af-8b55-bee70acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:44:58.000Z",
"modified": "2018-06-07T14:44:58.000Z",
"description": "C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.106.131.177']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:44:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b194501-318c-4ba1-a019-c0520acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:45:21.000Z",
"modified": "2018-06-07T14:45:21.000Z",
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_type": "user-agent",
"x_misp_value": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1)"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b194501-8690-4200-919c-c0520acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:45:21.000Z",
"modified": "2018-06-07T14:45:21.000Z",
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_type": "user-agent",
"x_misp_value": "Mozilla/5.0 (Windows NT 6.1; WOW64) WinHttp/1.6.3.8 (WinHTTP/5.1) like Gecko"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b194501-b2f4-4fce-b597-c0520acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:45:21.000Z",
"modified": "2018-06-07T14:45:21.000Z",
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_type": "user-agent",
"x_misp_value": "Mozilla v5.1 (Windows NT 6.1; rv:6.0.1) Gecko/20100101 Firefox/6.0.1"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b194527-b478-4cb4-9d60-d9710acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:45:58.000Z",
"modified": "2018-06-07T14:45:58.000Z",
"description": "Koadic",
"pattern": "[file:hashes.SHA256 = 'abbad7acd50754f096fdc6551e728aa6054dcf8e55946f90a02b17db552471ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:45:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b19453c-9168-4e25-b394-bfe30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:46:20.000Z",
"modified": "2018-06-07T14:46:20.000Z",
"description": "Zebrocy",
"pattern": "[file:hashes.SHA256 = 'd697160aecf152a81a89a6b5a7d9e1b8b5e121724038c676157ac72f20364edc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:46:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b19453d-5428-4f2e-a2f7-bfe30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:46:21.000Z",
"modified": "2018-06-07T14:46:21.000Z",
"description": "Zebrocy",
"pattern": "[file:hashes.SHA256 = 'cba5ab65a24be52214736bc1a5bc984953a9c15d0a3826d5b15e94036e5497df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:46:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b19453d-cef0-46f8-9eba-bfe30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:46:21.000Z",
"modified": "2018-06-07T14:46:21.000Z",
"description": "Zebrocy",
"pattern": "[file:hashes.SHA256 = '25f0d1cbcc53d8cfd6d848e12895ce376fbbfaf279be591774b28f70852a4fd8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:46:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b19453d-bb00-4b77-994c-bfe30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:46:21.000Z",
"modified": "2018-06-07T14:46:21.000Z",
"description": "Zebrocy",
"pattern": "[file:hashes.SHA256 = '115fd8c619fa173622c7a1e84efdf6fed08a25d3ca3095404dcbd5ac3deb1f03']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:46:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b19453d-8f3c-4cad-8886-bfe30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:46:21.000Z",
"modified": "2018-06-07T14:46:21.000Z",
"description": "Zebrocy",
"pattern": "[file:hashes.SHA256 = 'f27836430742c9e014e1b080d89c47e43db299c2e00d0c0801a2830b41b57bc1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:46:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b19453d-e284-4d29-a633-bfe30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:46:21.000Z",
"modified": "2018-06-07T14:46:21.000Z",
"description": "Zebrocy",
"pattern": "[file:hashes.SHA256 = '5b5e80f63c04402d0b282e95e32155b2f86cf604a6837853ab467111d4ac15e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:46:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b19453d-305c-47cb-8301-bfe30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:46:21.000Z",
"modified": "2018-06-07T14:46:21.000Z",
"description": "Zebrocy",
"pattern": "[file:hashes.SHA256 = 'dd7e69e14c88972ac173132b90b3f4bfb2d1faec15cca256a256dd3a12b6e75d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:46:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b19456c-8c64-4c9c-9c1d-c4870acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:47:08.000Z",
"modified": "2018-06-07T14:47:08.000Z",
"pattern": "[url:value = 'http://supservermgr.com/sys/upd/pageupd.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:47:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b19456c-dd4c-4535-acea-c4870acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:47:08.000Z",
"modified": "2018-06-07T14:47:08.000Z",
"pattern": "[domain-name:value = 'supservermgr.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:47:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b19458f-5c74-4724-b1db-d9ec0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:47:43.000Z",
"modified": "2018-06-07T14:47:43.000Z",
"first_observed": "2018-06-07T14:47:43Z",
"last_observed": "2018-06-07T14:47:43Z",
"number_observed": 1,
"object_refs": [
"file--5b19458f-5c74-4724-b1db-d9ec0acd0835",
"artifact--5b19458f-5c74-4724-b1db-d9ec0acd0835"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b19458f-5c74-4724-b1db-d9ec0acd0835",
"name": "figure2-copy.png",
"content_ref": "artifact--5b19458f-5c74-4724-b1db-d9ec0acd0835"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5b19458f-5c74-4724-b1db-d9ec0acd0835",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABAAAAAKsCAIAAAD9cVh7AAAgAElEQVR42uy9i3tb1Znvf/6H3+/8zu8ZKPQ+l54z0w7TzNBOpmnVUVCKWhV1BKaIqqhVMUWtp27dmKkHUbcC05iqKDFRaxAxCKJgUBDIsYKIE4MSlJiIOHGIEhERJTZxEFEiR3Zky8p57RUWG0l2LtZlX76fR4+f7a2tfVl7ve96v2u/e63/cQEAAAAAAACgGP4HigAAAAAAAAAIAAAAAAAAAAAEAAAAAAAAAAACAAAAAAAAAAABAAAAAAAAAIAAAAAAAAAAAEAAAAAAAAAAACAAAAAAAAAAABAAAAAAAAAAAAgAAAAAAAAAAAQAAAAAAAAAAAIAAAAAAAAACAAAAAAAAAAABAAAAAAAAAAAAgAAAAAAAAAAAQAAAAAAAACAAAAAAAAAAABAAAAAAAAAAAAgAAAAAAAAAAAQAAAAAAAAAAAIAAAAAAAAAAAEAAAAAAAAAAACAAAAAAAAAAgAAAAAAAAAAAQAAAAAAAAAAAIAAAAAAAAAAAEAAAAAAAAAgAAAAAAAAAAAQAAAAAAAAAAAIAAAAAAAAAAAEAAAAAAAAAAACAAAAAAAAAAABAAAAAAAAAAAAgAAAEA1mDmXQSEAAAAEAAAAADmTz02xhcLs7MH1NhQIAABAAAAAAJAbR3vXXygU2PKetjunTo3Swnuvvbzrl3oUDgAAQAAAUAdOH/SdG92LcgCgSoxtf3HXf+omjsUmjh0OfufzAfVfkQygv1tu/lR27NjM5LnRgc0oJQCACHl+55M/dq5in5//2QABAIBsKOz5/f9Dn/HdLpQFANVgeuIshfuLfLbf9a8Ciyxkjh5EoQEA6h8fXChQ0H/7mn9jn8e22CEAAJCRhc/OxJ7+9sgTKhQFABU2rpmZOQFw9nRp0N9307U7fvS14Lc/y/49tWfbe6/3HXh09Rst/3H+9DiKDgBQd46MjfDo//udKyZzWQgAAGTFUf89B1xfRTkAUFnSB9/cdue/9H8Y5b+7+fGJY4f3P7qalofuN9EG2dHEllXXc1Xw6u3/OD1xBuUGABAD6/sf5ALgXpei31mCAACyFQD71//LzOTpS34K+WkUFwCXT6jhSyy43/+nX/OV2+748tD9P7wwlx10pu+mT3ABMIaXAQAA4mAyd874yNe5AEi+fxQCAAAZCgD2JsAlP0MP/q9zY3hjGIDL5dXbb2DBfWzDw3zlwA//tW/lXArQ1lv+RpgXdMTjQIkBAMTAW0ff4NE/fRReGhAAQM4CYPL9Q29v0BTyuY9F/Pb/j3322P8nW5Pa70WJAbAI2bFE2Pqtfu1nhMH9Vv3fZceOXSgUTu3exlfuXn3bwfX39626jq85sO6/+JihAABQL34meP138xtPzRZm2aegSAcFAQDkLABKP7Seb5PLjEEAAHAlMuDdrbf8LcX0g5avv/PcYyy+77/5UzzWf/2nN7Etx98IsTWh275YyM+g6AAA9eXcVEbY/f/Rq8BrvhY9ugsCAAA5kDuTXEgAJF7+Od9seuIkBAAAV0TqrfDcq73fv2G/o2XuIcD3vrD/T7+m5a36v2OzAXCpwARA9MF7UGgAgLrz7I71ZQWAw9+mzAKBAAAy5M2HPwEBAEDFmZ2Z3tV8C+/vD936xQ+GL/acFWZmdv1C13fTJ46+8Of339wRuu3ii8JB3ecxCQAAoO7c+UcV/9zx4avAP3auys2chwAAQP4CIO77Ed8sd/YEBAAAl0l+cmK/o0WY3D+y7jfCDc4cGd7yrU/OTQiw8pqPXhVYec3AD248vvU5FCAAQCQ8u+Ox+XkAvvZmPKzYQoAAAMoSAEP2/3f4sS/vf+yf6RN95LNVEgD5fD6Xy+FGAPmRfe8YH+Uz/szHRvg5/8H43GwAtrvOp07ubPo2mxrsbPwACg0AhSCVhu83T1tIAPx2o/XC/NigEAAAyITZfO7yhwGdGyxofKRSh06lUt3d3U1NTaQBcCOALOnTXHwIQLH+xyp/9DX66sDa/6Jl+mpOAKy67sLsLEoMAIXg8/mam5uHhoZEfp4/XnszCYD87Ex+VrktNQQAkCdzE4E9tix3Jsk+bz78iYnkrpjnltHBh45ve+DQ099J7feyDWayH1TkiCMjI21tbcuXL1+2bFk0GsUtALLk4Pr7eXpPv/YzYwO+i6p7Ohe69R/mc36uDd32xcB8FlDwO5+LPdmBQgNAIeTzeZ1Od8MNNxiNRq/Xm8lkRHiS4+lRiv4PJpU+/w8EAJCtADjg+ir/d+jB///oi3fvW/ult3tWHXxy5b61XzzsvT36x89V6nBut3vFihU3zHPTTTfdAMAScLlc4jSrk+Et24zLjvauHw09z0L8vps+8Vrjv2+/a3nfTdcKpwiYGxHov38g5uH/qZBR0wCoKmazOZVKic32t0Z9v9/0nwXFT04CAQAUIQBqQC6X83q9rPMjGAziFgCZUdReJnx/oei/X/vporiff957PYBCA0BRZDKZFStW3HjjjW1tbfF4XJwn6Xz5gYmps7hZEABAnpyJv3Ji++/rcuihoaGOjg68BAzkzfGtG/NTWVp47R41KYF9a5q2fu8LW2/520zibTYT8MH1NpQSAIrC7/f39PSIM/OHc+jEMO4UBAAAAIAlMfxI86k9A7QwnUkfcj/IVp4/fWrgzhtROAAAAAEAAABAbhxyP1TIz7DlQn6ary8UMP4PAABAAAAAAJAd504cRSEAAAAEAAAAAAAAAAACAAAAAAAAAAABAAAAAAAAAIAAAAAAAAAAAEAAADBPoVDI5/NsOZfLzc7O8pVsmTE5OSncnn9V9O/MzEzR/qenLw5mMjExgdIG9SWZTC5iBcwQeI0VVnuCKvnU1FTRSuE+eQ0va1Ol9sW3WXweTeE5L7Kl0L6Ey8KTYbuic9izZw8t0N9sNsu3LDVeAIA4W23mCvhC6QZjY2Nk0exv6W+L2vdS8ydnxQ+x0IEWcqdlz4cv0HGZ9xPukHvXUq9VtBPhX+arS9dDAABwaTKZzEMPPfTOO+/QMnkKj8ezdu1aWt67d++jjz4aCoXYZocPHw4Gg0888UTpV8J/abPnnntu48aNfP/79u3z+/1PP/10IpHw+Xzr1q1DmYM6sn79+rLrqer29PT88pe/PHXqFKuxRdWemrpNmzZRPReuFO6T1/CFbEq4zA83Pj5OUfjidsHPeZEthfYlXBaeDN/VG2+8EYlEqLmlv1ztlBovAECcPPXUU8xHPfzww0zMF0Et78DAAJn/M888I5xKLB6PDw8PFzXipeZPzop229XVRarAarXSGtoP7fP8+fOX407LnvCLL75IC+T3AoHAr371q97eXjooFxLMu5aGJUKE50N727Bhw+bNm1955ZWi84QAAOBy2bp1K7O0ycnJNWvWvPTSS7RMPoKsK51O882y2Sx9W/qV8F+32012SBbIuxWfffbZiYkJl8t1YX5eQ6HHAaCWUHv2wgsv3HfffWyZmk+qunyBVp47d46WeY1lnei82lPsTg3qzp07hSuF+6Saz2t4WZsSLvPDpVIpaslYo0V7o2+3b99O7WJ3dzcdTrj/xbcUHl24zE9GuCu6OtoP+8t3JTRevrL0QKhIAIhBAFAETxreZrPt2rXr+eefJ8dF6/fv309BvN1up2ieC4B8Ps+Nl3zI7Oxsafte1HbTTgqFAsX3FPSvXr36yJEjg4ODtE9ygLSNw+EocqfsBGifdAJPPPHEtm3bDh06RP6NH4JOeN26dePj4yQA6N+//OUvwv5+oXctCkvefvvts2fPcr3Bz4ddPq2khaLzhAAA4IoFALXxe/fuJd/B8xx4dyP5gscff5znFQi/Ev7LnAiZPRcA5ID6+vr+8Ic/sGeR5DhQ4KAudHV18S4rqofsSTFfIKjdohourLHCak8t6JkzZ5588kla5iuF+2TdZqyGl7WpIvtih6Ndbdq0iZouMpm1a9dStN3f3z8yMrJjxw7aQLj/xbcUHr1omZ2McFfBYPDo0aPsL9+V0Hj5yrIHAgDUXQCQ/VKzS9bNGl+yzfPnz1NwTwExi/t
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1946a8-6194-4a01-b335-d9ec0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:52:24.000Z",
"modified": "2018-06-07T14:52:24.000Z",
"description": "MD5 of 8cf3bc2bf36342e844e9c8108393562538a9af2a1011c80bb46416c0572c86ff",
"pattern": "[file:hashes.MD5 = '1d2c706e821076a59dcd38cf37dcf3c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:52:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1946a8-d1e8-46b1-ad80-d9ec0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:52:24.000Z",
"modified": "2018-06-07T14:52:24.000Z",
"description": "MD5 of abbad7acd50754f096fdc6551e728aa6054dcf8e55946f90a02b17db552471ca",
"pattern": "[file:hashes.MD5 = '35d2ce0651d8bc045e920c10fd52a178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:52:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1946a8-b574-4dd7-8627-d9ec0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:52:24.000Z",
"modified": "2018-06-07T14:52:24.000Z",
"description": "MD5 of d697160aecf152a81a89a6b5a7d9e1b8b5e121724038c676157ac72f20364edc",
"pattern": "[file:hashes.MD5 = '35eb9e586dfef4b385d4ee13a85e29de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:52:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1946a8-0020-44fd-950f-d9ec0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:52:24.000Z",
"modified": "2018-06-07T14:52:24.000Z",
"description": "MD5 of dd7e69e14c88972ac173132b90b3f4bfb2d1faec15cca256a256dd3a12b6e75d",
"pattern": "[file:hashes.MD5 = 'bf0fea133818387cca7eaef5a52c0aed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:52:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1946a8-4298-456a-bbd5-d9ec0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:52:24.000Z",
"modified": "2018-06-07T14:52:24.000Z",
"description": "MD5 of 115fd8c619fa173622c7a1e84efdf6fed08a25d3ca3095404dcbd5ac3deb1f03",
"pattern": "[file:hashes.MD5 = '77d4cc390e8bb7e2b5ccfd92efd3dd83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:52:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1946a8-30b0-47e4-bf8d-d9ec0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-06-07T14:52:24.000Z",
"modified": "2018-06-07T14:52:24.000Z",
"description": "MD5 of 5b5e80f63c04402d0b282e95e32155b2f86cf604a6837853ab467111d4ac15e2",
"pattern": "[file:hashes.MD5 = '794d18f975f94e3d9b1144c542c7f39b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-07T14:52:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink