adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5bbe03c3-0ec0-4ee7-949b-4e3c950d210f.json

5916 lines
5.4 MiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5bbe03c3-0ec0-4ee7-949b-4e3c950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-28T08:58:51.000Z",
"modified": "2018-10-28T08:58:51.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5bbe03c3-0ec0-4ee7-949b-4e3c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-28T08:58:51.000Z",
"modified": "2018-10-28T08:58:51.000Z",
"name": "OSINT - MuddyWater expands operations",
"published": "2018-10-28T09:03:22Z",
"object_refs": [
"observed-data--5bbe03d3-9090-4212-b186-4139950d210f",
"url--5bbe03d3-9090-4212-b186-4139950d210f",
"x-misp-attribute--5bbe097d-c65c-4fc4-9a33-45c3950d210f",
"indicator--5bbe0e30-cfc4-432c-a427-4daa950d210f",
"indicator--5bbe0e31-77ac-47bb-828d-462a950d210f",
"indicator--5bbe0e35-5910-4145-bd71-4120950d210f",
"indicator--5bbe0e4b-4ffc-4a67-9092-41ad950d210f",
"indicator--5bbe0e5f-f118-40ee-a5a1-4eff950d210f",
"indicator--5bbe0e61-63d8-4c71-87ca-4d1d950d210f",
"indicator--5bbe0e63-7954-443a-b3b9-4e09950d210f",
"indicator--5bbe0e65-ed30-48a8-ad34-4e06950d210f",
"indicator--5bbe0e67-c5ec-4b9a-b1ae-4cfd950d210f",
"indicator--5bbe0e68-e554-4c61-b11e-4afc950d210f",
"indicator--5bbe0e6b-e194-421a-bef5-4484950d210f",
"indicator--5bbe0e70-baf8-4293-8e07-4744950d210f",
"indicator--5bbe0e75-c64c-4d6b-adda-404e950d210f",
"indicator--5bbe0e76-2ab4-491d-9f11-4471950d210f",
"indicator--5bbe0e78-ef4c-49c0-818b-4b9e950d210f",
"indicator--5bbe0e7a-aafc-4048-b48e-4e3a950d210f",
"indicator--5bbe0e7b-a5c4-4d06-a1a1-473b950d210f",
"indicator--5bbe0e7d-9788-4e8d-894e-462f950d210f",
"indicator--5bbe0e7e-eda0-42c4-a5e8-4b2d950d210f",
"indicator--5bbe0e81-3a68-4dc6-abc8-477c950d210f",
"indicator--5bbe0e87-48e0-4c21-816d-4374950d210f",
"indicator--5bbe0e88-5cc0-4596-b3ec-4d53950d210f",
"indicator--5bbe0e89-a904-44e3-a565-4a99950d210f",
"indicator--5bbe0e8a-72d0-4209-b1bb-4368950d210f",
"indicator--5bbe0e8c-b780-43ad-a2f6-4264950d210f",
"indicator--5bbe0e8f-4c14-4a29-9a46-4993950d210f",
"indicator--5bbe0e94-dec8-47f8-bf21-4e37950d210f",
"indicator--5bbe0e97-8814-4726-8c7f-4ffa950d210f",
"indicator--5bbe0e99-1f34-4d28-9b10-4f73950d210f",
"indicator--5bbe0e9a-b368-4341-84fd-4512950d210f",
"indicator--5bbe0e9b-32fc-483f-b112-4d1e950d210f",
"indicator--5bbe0ea1-0b50-4c89-bfd7-4557950d210f",
"indicator--5bbe0ea4-28c4-47f9-8800-491d950d210f",
"indicator--5bbe0ea9-ccb4-464e-af89-4bd7950d210f",
"indicator--5bbe0ead-7954-4f96-a028-4609950d210f",
"indicator--5bbe0eaf-dae8-47d8-9724-44fb950d210f",
"indicator--5bbe0eb1-f384-4426-832e-4a13950d210f",
"indicator--5bbe0eb6-77cc-4215-8b82-44b5950d210f",
"indicator--5bbe0eb7-dde0-44b3-a715-4f60950d210f",
"indicator--5bbe0eb7-4230-4f74-b8f5-4487950d210f",
"indicator--5bbe0eb8-c7c4-4f67-82c8-4443950d210f",
"indicator--5bbe0eb8-fc10-4a90-b12e-49c3950d210f",
"indicator--5bbe0eb9-aa60-4db6-908c-4ee2950d210f",
"indicator--5bbe0ebb-5d08-402d-8c6d-4fce950d210f",
"indicator--5bbe0ebe-b0a4-477b-9a65-4e41950d210f",
"indicator--5bbe0ebf-aa70-402d-88aa-4443950d210f",
"indicator--5bbe0ebf-a388-432d-a5c3-4130950d210f",
"indicator--5bbe0ec0-35a8-4d19-ad28-4394950d210f",
"indicator--5bbe0ec0-fdfc-410a-9626-4610950d210f",
"indicator--5bbe0ec1-ec40-4cf8-be41-4d6d950d210f",
"indicator--5bbe0ec1-3b70-49d7-b4e4-456d950d210f",
"indicator--5bbe0ec2-c4e4-45c1-8ca7-4c76950d210f",
"indicator--5bbe0ec2-04e8-4565-a44a-4a81950d210f",
"indicator--5bbe0ec2-2300-465f-8b36-476b950d210f",
"indicator--5bbe0ec3-44e8-46c7-9191-42d9950d210f",
"indicator--5bbe0ec3-d018-4ca0-91c1-401d950d210f",
"indicator--5bbe0ec4-2698-487e-af5d-4478950d210f",
"indicator--5bbe0ec4-14c0-4eab-9a01-4e6d950d210f",
"indicator--5bbe0ec7-3544-4e3f-9d4e-44ce950d210f",
"indicator--5bbe0ec7-2310-4abb-93ec-4849950d210f",
"indicator--5bbe0ec8-30f4-4746-a683-4ff2950d210f",
"indicator--5bbe0ecc-5798-4b31-811c-486f950d210f",
"indicator--5bbe0ecf-550c-4572-882a-4b4c950d210f",
"indicator--5bbef709-1198-44fb-b614-4783950d210f",
"indicator--5bbef70b-d0d0-4c6a-82f9-4b5e950d210f",
"indicator--5bbef70c-fb50-4fef-89ec-4e8e950d210f",
"indicator--5bbef70f-c224-473e-a5b5-4b40950d210f",
"indicator--5bbef710-8e94-4a38-b25f-4599950d210f",
"indicator--5bbef710-9934-43aa-aff6-40e8950d210f",
"indicator--5bbef711-0c90-406b-b169-4894950d210f",
"indicator--5bbef712-8894-4c7d-a835-4122950d210f",
"indicator--5bbef712-718c-42cd-ba5b-4b05950d210f",
"indicator--5bbef713-05c4-47d3-bb74-4efc950d210f",
"indicator--5bbef713-eec4-419d-9dff-4734950d210f",
"indicator--5bbef717-56c0-4ab1-901a-4ab8950d210f",
"indicator--5bbef717-d0ec-4611-8724-4025950d210f",
"indicator--5bbef718-37ac-4dbf-a117-4a40950d210f",
"indicator--5bbef718-b9c4-43c0-91b9-4bee950d210f",
"indicator--5bbef719-709c-413d-af51-4ee4950d210f",
"indicator--5bbef719-e438-4400-bfe2-4939950d210f",
"indicator--5bbef71a-ad08-458c-86e2-4d27950d210f",
"indicator--5bbef71d-d7a8-4c02-b480-43d0950d210f",
"indicator--5bbef71d-eda4-4f12-9f0c-43bd950d210f",
"indicator--5bbef71e-f328-4196-a141-4eb3950d210f",
"indicator--5bbef71e-e224-4ba9-aed2-4332950d210f",
"indicator--5bbef71f-44d4-4490-8ab7-4407950d210f",
"indicator--5bbef71f-1b78-4c0a-b435-4a39950d210f",
"observed-data--5bbef720-43a8-4b70-a29a-49e7950d210f",
"windows-registry-key--5bbef720-43a8-4b70-a29a-49e7950d210f",
"observed-data--5bbef721-0198-44d1-87f9-4a03950d210f",
"windows-registry-key--5bbef721-0198-44d1-87f9-4a03950d210f",
"observed-data--5bbef721-ef90-4859-937a-431a950d210f",
"windows-registry-key--5bbef721-ef90-4859-937a-431a950d210f",
"observed-data--5bbef722-161c-479c-a92a-41ee950d210f",
"windows-registry-key--5bbef722-161c-479c-a92a-41ee950d210f",
"observed-data--5bbef722-1038-4ec6-8301-493c950d210f",
"windows-registry-key--5bbef722-1038-4ec6-8301-493c950d210f",
"observed-data--5bbef723-6778-4a05-a3fc-45a7950d210f",
"windows-registry-key--5bbef723-6778-4a05-a3fc-45a7950d210f",
"observed-data--5bbef723-1a90-496f-a0a6-4759950d210f",
"windows-registry-key--5bbef723-1a90-496f-a0a6-4759950d210f",
"indicator--5bbefcc3-9170-475c-a872-485c950d210f",
"indicator--5bbefcc4-cd58-40bc-a143-4d49950d210f",
"indicator--5bbefcc4-691c-44a9-a0a5-486a950d210f",
"indicator--5bbefcc5-1f00-409d-925b-412b950d210f",
"indicator--5bbefcc5-02fc-47ae-84e3-43f9950d210f",
"indicator--5bbefcc6-dd74-4a21-abcc-406a950d210f",
"indicator--5bbefcc9-8280-4d95-a1e2-481f950d210f",
"indicator--5bbefccc-5cb0-488b-b32f-45a2950d210f",
"indicator--5bbefccd-2f04-4610-930d-49f8950d210f",
"indicator--5bbefcce-78d0-4e0a-9e6c-4951950d210f",
"indicator--5bbefcce-5468-4b10-b415-4b3b950d210f",
"observed-data--5bbefe30-1718-4cae-b3fa-4ae2950d210f",
"file--5bbefe30-1718-4cae-b3fa-4ae2950d210f",
"artifact--5bbefe30-1718-4cae-b3fa-4ae2950d210f",
"observed-data--5bbf0086-44fc-4fea-a218-463b950d210f",
"file--5bbf0086-44fc-4fea-a218-463b950d210f",
"artifact--5bbf0086-44fc-4fea-a218-463b950d210f",
"observed-data--5bbf00a0-e538-4d28-b3d4-4ac4950d210f",
"file--5bbf00a0-e538-4d28-b3d4-4ac4950d210f",
"artifact--5bbf00a0-e538-4d28-b3d4-4ac4950d210f",
"observed-data--5bbf03d5-77b0-4576-af75-4ee9950d210f",
"file--5bbf03d5-77b0-4576-af75-4ee9950d210f",
"artifact--5bbf03d5-77b0-4576-af75-4ee9950d210f",
"observed-data--5bbf0405-e380-406f-b611-4b32950d210f",
"file--5bbf0405-e380-406f-b611-4b32950d210f",
"artifact--5bbf0405-e380-406f-b611-4b32950d210f",
"observed-data--5bbf042c-4c84-4d1d-ae23-4a5c950d210f",
"file--5bbf042c-4c84-4d1d-ae23-4a5c950d210f",
"artifact--5bbf042c-4c84-4d1d-ae23-4a5c950d210f",
"observed-data--5bbf06ae-f9c4-4fb9-b068-4ed3950d210f",
"file--5bbf06ae-f9c4-4fb9-b068-4ed3950d210f",
"artifact--5bbf06ae-f9c4-4fb9-b068-4ed3950d210f",
"observed-data--5bbf07f7-701c-45d8-b786-4fd1950d210f",
"file--5bbf07f7-701c-45d8-b786-4fd1950d210f",
"artifact--5bbf07f7-701c-45d8-b786-4fd1950d210f",
"observed-data--5bbf0804-142c-4835-a6c2-4038950d210f",
"file--5bbf0804-142c-4835-a6c2-4038950d210f",
"artifact--5bbf0804-142c-4835-a6c2-4038950d210f",
"observed-data--5bbf0907-48b0-4ee0-be05-4df4950d210f",
"file--5bbf0907-48b0-4ee0-be05-4df4950d210f",
"artifact--5bbf0907-48b0-4ee0-be05-4df4950d210f",
"indicator--5bbf13d1-88bc-4b03-a881-4167950d210f",
"indicator--0dce5235-c55f-4bd3-8ac0-31177f487562",
"x-misp-object--56f07a86-19e1-477b-bec7-68f3b5f92d94",
"indicator--31a57645-1669-4e5b-a07c-55300bdff8bf",
"x-misp-object--2cb20ec0-1762-421e-9640-4acca2c0d48a",
"indicator--0ccd4d0b-e97f-4dac-9d63-38118a4ff31b",
"x-misp-object--297156af-d00a-49e5-b136-0d8b658dc016",
"indicator--6c5c645a-1154-4e6f-9a8c-e09bec28b813",
"x-misp-object--c19442e0-d547-48a0-9fb2-8309d78c74e6",
"indicator--fec87bee-a27f-453d-81b2-b573b2980dfc",
"x-misp-object--fa3879d1-a417-4bb5-82c1-0771fd8f690d",
"indicator--b870e457-a906-4413-ac38-e27ae839ae13",
"x-misp-object--460c2688-f882-4aa9-9a35-4707ce903ee9",
"indicator--3d147083-9b4f-4565-9cd2-0be561143f21",
"x-misp-object--5005a835-a840-49dc-bc1b-04269dd4ab59",
"indicator--33c319ea-ce85-4548-996d-fada6f872995",
"x-misp-object--e8307187-524b-454e-a7e5-35de3ae028b0",
"indicator--acd0e574-aa79-4dac-80d4-e804d961b256",
"x-misp-object--df591dc3-d453-43fc-977d-4bb8b0bc9cb1",
"indicator--e7d69dcc-6ff2-4f14-a8c3-97a099dc7001",
"x-misp-object--fafae45c-0a60-4442-a37f-22d9fb5b84a0",
"indicator--51cbcdd0-059c-4be4-bb1d-689701e0af1e",
"x-misp-object--e35d7710-6c17-4600-a491-78d9b2d974af",
"indicator--5f1c620f-9bb5-44a0-a49d-d4a20fcc5b56",
"x-misp-object--fd6b82ad-05eb-4cc7-b654-8259cb33f397",
"indicator--e37a5a13-697f-433b-b91f-b796b81c6843",
"x-misp-object--4931955c-02f5-437a-8673-39acb95429fe",
"indicator--0fb7a91b-5a1d-456b-a372-9bd1792e4d59",
"x-misp-object--53a0ab1d-952b-4206-a553-8b111df85bd3",
"indicator--53e618c4-8a5d-4156-a5c6-8ea1f5328d3a",
"x-misp-object--b68a949d-1041-4ec5-a1ee-50774483da01",
"indicator--9ab3586b-39d0-4150-8279-e143df7ad88b",
"x-misp-object--7102d5f3-62d3-4f2f-b6fe-63baeea4ffb6",
"indicator--2df61ab0-86b0-444f-841d-0c3cb4543ad4",
"x-misp-object--90c525e7-74e9-4a8c-ab7e-a609a3633442",
"indicator--b0c96e50-6743-4347-b27f-2d9828182184",
"x-misp-object--f3cd75ac-beeb-4a9f-a2d4-b78604188d99",
"indicator--4a57082d-1113-4c31-ac54-fcabcd334522",
"x-misp-object--21387002-20ff-4b1d-ad38-09d5a5dc2556",
"indicator--08d435b6-9c5c-47ef-827e-0c2e535a1264",
"x-misp-object--8d937a08-3ec8-4710-bc00-62adce8d1fd2",
"indicator--e31585a9-e153-4b53-b420-d6e0519e00c4",
"x-misp-object--96804372-de78-45de-bd01-063861671447",
"indicator--d2f7d021-4acb-4319-81f9-53370a45e832",
"x-misp-object--4d21d162-1fb4-4198-8949-2c296cd028cd",
"indicator--74246f0f-70de-4ad4-a1f4-361cac2bd78f",
"x-misp-object--4dffe3df-3904-40e0-bc19-f002f1b33eeb",
"indicator--88c615e1-7bbb-4b0a-bddc-7b85e2bb579e",
"x-misp-object--7c5e4ccd-80e2-47cd-8cb1-a56ef4e0b865",
"indicator--6c663bc9-cfc1-4ca0-a03c-0b4f60d6e7d4",
"x-misp-object--5bd663c3-7b0b-41f6-8a5e-cbc776ad81ea",
"indicator--109617d0-6a8e-4cc9-aae1-92e11425e4cd",
"x-misp-object--afaeb002-c625-489a-9cec-ce0191ed8d49",
"indicator--bd146a67-39d0-4e55-bd92-27ad3ed4b6b4",
"x-misp-object--db4f4e2d-3ac3-4dbc-9519-3a4204112ecc",
"indicator--4f7b9f67-83dc-46f9-af98-a4b1fc542771",
"x-misp-object--9094218a-0a32-4747-8f21-bf0f7bfed79d",
"indicator--3302d71e-7875-4c88-b2ba-41dad3c95145",
"x-misp-object--16f41dd9-5ec8-42fc-9def-e3b9f5868d5b",
"indicator--cc368270-d79e-4a9d-ba7d-064db8e3425a",
"x-misp-object--7ab71cfb-ea18-49f4-bfc5-cd3ee49738cd",
"indicator--344a7eaa-7132-4b02-82c1-e5584b3169c1",
"x-misp-object--46d0a508-b361-4427-a099-64e9f943116d",
"indicator--245a788b-a28c-4d13-9cfb-6a3f67f892f4",
"x-misp-object--c53779ab-34b1-4e06-80a2-f060d1dd2212",
"indicator--3ca55f8e-4d26-48b5-92fd-5ea47ba8b291",
"x-misp-object--fa93027d-b99b-4cc3-a32d-f0afdec46d12",
"indicator--969cd2bf-3874-4c07-a054-5eec49bf0079",
"x-misp-object--341e106f-4861-4bb6-9581-fbee0cb3632c",
"indicator--46b26e92-d82a-4fea-8c89-580becaa903a",
"x-misp-object--f4196559-f992-4516-bce9-7658600a7894",
"indicator--ba352a5d-16d7-4309-9282-c2e88311365b",
"x-misp-object--afbfb77f-dbbf-476b-bd72-4cc29f2d52eb",
"indicator--277fd140-36c3-4b42-a9f6-56ec81f87384",
"x-misp-object--cdf6b744-d24a-49f9-8ac4-2c2c72de5e56",
"indicator--2d1711bf-a2cb-4113-96c0-26c70f04bc38",
"x-misp-object--348d53ec-29f8-48bd-b32e-d4d632e8bf5d",
"indicator--efb4664d-3744-4557-a6b0-eadb0e46f982",
"x-misp-object--864c648b-dfb9-457c-84a7-a69a18909bfc",
"indicator--0a31c783-7db1-4ee2-9113-dd1393956968",
"x-misp-object--d49c4443-b917-485f-9988-346a4c174c36",
"indicator--5a1bf1ba-5c6b-4882-af35-f992c5545079",
"x-misp-object--7fbb889d-657e-40e0-9458-b7a422b9ccd2",
"indicator--58012976-30e2-4822-b6a7-fdbf701fc7b8",
"x-misp-object--cb449345-1d6a-466a-ba9b-b35a37462d75",
"indicator--dc0c9d2f-28dd-44fe-913a-db5481dfc8ba",
"x-misp-object--ee33f122-421f-4d64-82c7-8e6f75329c57",
"indicator--a4fe4a04-2083-4108-a050-f5920409d023",
"x-misp-object--43dd37f2-90c2-463f-9166-eb111de8e695",
"indicator--5ecac345-ba1e-4426-9400-0f42240de6f9",
"x-misp-object--3d957cef-2600-427d-8c91-ca9a3cc06dbb",
"indicator--b5662b78-6d3b-44cf-86db-a7ffd1324345",
"x-misp-object--e2436b65-f8eb-47f8-96fd-a957987bf24e",
"indicator--c18dbdfc-e3d4-419a-9d61-399cbd689f00",
"x-misp-object--f73e119f-231f-497c-8b71-1b3c9c2a475a"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"MuddyWater\"",
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"MuddyWater - G0069\"",
"enisa:nefarious-activity-abuse=\"spear-phishing-attacks\"",
"smart-airports-threats:malicious-actions=\"social-attacks-phishing-spearphishing\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scripting - T1064\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbe03d3-9090-4212-b186-4139950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T13:51:29.000Z",
"modified": "2018-10-10T13:51:29.000Z",
"first_observed": "2018-10-10T13:51:29Z",
"last_observed": "2018-10-10T13:51:29Z",
"number_observed": 1,
"object_refs": [
"url--5bbe03d3-9090-4212-b186-4139950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5bbe03d3-9090-4212-b186-4139950d210f",
"value": "https://securelist.com/muddywater/88059/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5bbe097d-c65c-4fc4-9a33-45c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:15:25.000Z",
"modified": "2018-10-10T14:15:25.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "MuddyWater is a relatively new APT that surfaced in 2017. It has focused mainly on governmental targets in Iraq and Saudi Arabia, according to past telemetry. However, the group behind MuddyWater has been known to target other countries in the Middle East, Europe and the US. We recently noticed a large amount of spear phishing documents that appear to be targeting government bodies, military entities, telcos and educational institutions in Jordan, Turkey, Azerbaijan and Pakistan, in addition to the continuous targeting of Iraq and Saudi Arabia, other victims were also detected in Mali, Austria, Russia, Iran and Bahrain.. These new documents have appeared throughout 2018 and escalated from May onwards. The attacks are still ongoing."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e30-cfc4-432c-a427-4daa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:35:28.000Z",
"modified": "2018-10-10T14:35:28.000Z",
"pattern": "[file:hashes.MD5 = '08acd1149b09bf6455c553f512b51085']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:35:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e31-77ac-47bb-828d-462a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:35:29.000Z",
"modified": "2018-10-10T14:35:29.000Z",
"pattern": "[file:hashes.MD5 = 'a9ec30226c83ba6d7abb8d2011cdae14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:35:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e35-5910-4145-bd71-4120950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:35:33.000Z",
"modified": "2018-10-10T14:35:33.000Z",
"pattern": "[file:hashes.MD5 = 'e5683fb480353c0dec333a7573710748']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:35:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e4b-4ffc-4a67-9092-41ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:35:55.000Z",
"modified": "2018-10-10T14:35:55.000Z",
"pattern": "[file:hashes.MD5 = '159238b473f80272fdcd0a8ddf336a91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:35:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e5f-f118-40ee-a5a1-4eff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:15.000Z",
"modified": "2018-10-10T14:36:15.000Z",
"pattern": "[file:hashes.MD5 = '16ac1a2c1e1c3b49e1a3a48fb71cc74f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e61-63d8-4c71-87ca-4d1d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:17.000Z",
"modified": "2018-10-10T14:36:17.000Z",
"pattern": "[file:hashes.MD5 = '1b086ab28e3d6f73c6605f9ae087ad4a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e63-7954-443a-b3b9-4e09950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:19.000Z",
"modified": "2018-10-10T14:36:19.000Z",
"pattern": "[file:hashes.MD5 = '23c82e8c028af5c64cbe37314732ec19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e65-ed30-48a8-ad34-4e06950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:21.000Z",
"modified": "2018-10-10T14:36:21.000Z",
"pattern": "[file:hashes.MD5 = '24e1bd221ba3813ed7b6056136237587']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e67-c5ec-4b9a-b1ae-4cfd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:23.000Z",
"modified": "2018-10-10T14:36:23.000Z",
"pattern": "[file:hashes.MD5 = '2e82e242cb0684b98a8f6f2c0e8a12f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e68-e554-4c61-b11e-4afc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:24.000Z",
"modified": "2018-10-10T14:36:24.000Z",
"pattern": "[file:hashes.MD5 = '37f7e6e5f073508e1ee552ebea5d200e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e6b-e194-421a-bef5-4484950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:27.000Z",
"modified": "2018-10-10T14:36:27.000Z",
"pattern": "[file:hashes.MD5 = '3bb14adb551663fd2328d59f653ba757']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e70-baf8-4293-8e07-4744950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:32.000Z",
"modified": "2018-10-10T14:36:32.000Z",
"pattern": "[file:hashes.MD5 = '3c2a0d6d0ecf06f1be9ad411d06f7ba8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e75-c64c-4d6b-adda-404e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:37.000Z",
"modified": "2018-10-10T14:36:37.000Z",
"pattern": "[file:hashes.MD5 = '4c5a5c236c9f4480b3d725f297673fad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e76-2ab4-491d-9f11-4471950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:38.000Z",
"modified": "2018-10-10T14:36:38.000Z",
"pattern": "[file:hashes.MD5 = '4f873578956d2790101443f24e4bd4d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e78-ef4c-49c0-818b-4b9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:40.000Z",
"modified": "2018-10-10T14:36:40.000Z",
"pattern": "[file:hashes.MD5 = '5466c8a099d1d30096775b1f4357d3cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e7a-aafc-4048-b48e-4e3a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:42.000Z",
"modified": "2018-10-10T14:36:42.000Z",
"pattern": "[file:hashes.MD5 = '59502e209aedf80e170e653306ca1553']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e7b-a5c4-4d06-a1a1-473b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:43.000Z",
"modified": "2018-10-10T14:36:43.000Z",
"pattern": "[file:hashes.MD5 = '5a42a712e3b3cfa1db32d9e3d832f8f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e7d-9788-4e8d-894e-462f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:45.000Z",
"modified": "2018-10-10T14:36:45.000Z",
"pattern": "[file:hashes.MD5 = '5bd61a94e7698574eaf82ef277316463']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e7e-eda0-42c4-a5e8-4b2d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:46.000Z",
"modified": "2018-10-10T14:36:46.000Z",
"pattern": "[file:hashes.MD5 = '5de97ae178888f2dd222bb8a66060ac2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e81-3a68-4dc6-abc8-477c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:49.000Z",
"modified": "2018-10-10T14:36:49.000Z",
"pattern": "[file:hashes.MD5 = '665947cf7037a6772687b69279753cdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e87-48e0-4c21-816d-4374950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:55.000Z",
"modified": "2018-10-10T14:36:55.000Z",
"pattern": "[file:hashes.MD5 = '7a2ff07283ddc69d9f34cfa0d3c936d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e88-5cc0-4596-b3ec-4d53950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:56.000Z",
"modified": "2018-10-10T14:36:56.000Z",
"pattern": "[file:hashes.MD5 = '7beb94f602e97785370fec2d059d54a5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e89-a904-44e3-a565-4a99950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:57.000Z",
"modified": "2018-10-10T14:36:57.000Z",
"pattern": "[file:hashes.MD5 = '801f34abbf90ac2b4fb4b6289830cd16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e8a-72d0-4209-b1bb-4368950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:36:58.000Z",
"modified": "2018-10-10T14:36:58.000Z",
"pattern": "[file:hashes.MD5 = '864d6321be50f29e7a7a4bfab746245a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:36:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e8c-b780-43ad-a2f6-4264950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:00.000Z",
"modified": "2018-10-10T14:37:00.000Z",
"pattern": "[file:hashes.MD5 = '8a36d91ca331f62642dbcafc2ea1b1ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e8f-4c14-4a29-9a46-4993950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:03.000Z",
"modified": "2018-10-10T14:37:03.000Z",
"pattern": "[file:hashes.MD5 = '9486593e4fb5a4d440093d54a3519187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e94-dec8-47f8-bf21-4e37950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:08.000Z",
"modified": "2018-10-10T14:37:08.000Z",
"pattern": "[file:hashes.MD5 = '94edf251b5fe7cc19488b5f0c3c3e359']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e97-8814-4726-8c7f-4ffa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:11.000Z",
"modified": "2018-10-10T14:37:11.000Z",
"pattern": "[file:hashes.MD5 = '9c6648cedeb3f5d9f6d104e638bd0c3d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e99-1f34-4d28-9b10-4f73950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:13.000Z",
"modified": "2018-10-10T14:37:13.000Z",
"pattern": "[file:hashes.MD5 = '9f4044674100a8c28f9ed1b336c337ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e9a-b368-4341-84fd-4512950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:14.000Z",
"modified": "2018-10-10T14:37:14.000Z",
"pattern": "[file:hashes.MD5 = 'aa1e8d0e1c4d4eb9984124df003ea7f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0e9b-32fc-483f-b112-4d1e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:15.000Z",
"modified": "2018-10-10T14:37:15.000Z",
"pattern": "[file:hashes.MD5 = 'aa564e207926d06b8a59ba50ca2c543d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ea1-0b50-4c89-bfd7-4557950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:21.000Z",
"modified": "2018-10-10T14:37:21.000Z",
"pattern": "[file:hashes.MD5 = 'ab4f947f4649b9ec28d182b02778aa69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ea4-28c4-47f9-8800-491d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:24.000Z",
"modified": "2018-10-10T14:37:24.000Z",
"pattern": "[file:hashes.MD5 = 'ad92ccf85ec170f340457d33bbb81df5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ea9-ccb4-464e-af89-4bd7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:29.000Z",
"modified": "2018-10-10T14:37:29.000Z",
"pattern": "[file:hashes.MD5 = 'b8939fa58fad8aa1ec271f6dae0b7255']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ead-7954-4f96-a028-4609950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:33.000Z",
"modified": "2018-10-10T14:37:33.000Z",
"pattern": "[file:hashes.MD5 = 'bb476622bcb0c666e12fbe4ccda8bbef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0eaf-dae8-47d8-9724-44fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:35.000Z",
"modified": "2018-10-10T14:37:35.000Z",
"pattern": "[file:hashes.MD5 = 'be62fc5b1576e0a8491519e10bab931d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0eb1-f384-4426-832e-4a13950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:37.000Z",
"modified": "2018-10-10T14:37:37.000Z",
"pattern": "[file:hashes.MD5 = 'bf310319d6ef95f69a45fc4f2d237ed4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0eb6-77cc-4215-8b82-44b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:42.000Z",
"modified": "2018-10-10T14:37:42.000Z",
"pattern": "[file:hashes.MD5 = 'c375bbf248592cee1a1999227457c300']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0eb7-dde0-44b3-a715-4f60950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:43.000Z",
"modified": "2018-10-10T14:37:43.000Z",
"pattern": "[file:hashes.MD5 = 'c73fc71ee35e99230941f03fc32934d9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0eb7-4230-4f74-b8f5-4487950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:43.000Z",
"modified": "2018-10-10T14:37:43.000Z",
"pattern": "[file:hashes.MD5 = 'c8b0458c384fd34971875b1c753c9c7c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0eb8-c7c4-4f67-82c8-4443950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:44.000Z",
"modified": "2018-10-10T14:37:44.000Z",
"pattern": "[file:hashes.MD5 = 'cd371d1d3bd7c8e2110587cfa8b7eaea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0eb8-fc10-4a90-b12e-49c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:44.000Z",
"modified": "2018-10-10T14:37:44.000Z",
"pattern": "[file:hashes.MD5 = 'ce2df2907ce543438c19cfaf6c14f699']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0eb9-aa60-4db6-908c-4ee2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:45.000Z",
"modified": "2018-10-10T14:37:45.000Z",
"pattern": "[file:hashes.MD5 = 'd15aee026074fbd18f780fb51ec0632a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ebb-5d08-402d-8c6d-4fce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:47.000Z",
"modified": "2018-10-10T14:37:47.000Z",
"pattern": "[file:hashes.MD5 = 'd632c8444aab1b43a663401e80c0bac4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ebe-b0a4-477b-9a65-4e41950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:50.000Z",
"modified": "2018-10-10T14:37:50.000Z",
"pattern": "[file:hashes.MD5 = 'd6acee43d61cbd4bcd7a5bdf4ed9b343']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ebf-aa70-402d-88aa-4443950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:51.000Z",
"modified": "2018-10-10T14:37:51.000Z",
"pattern": "[file:hashes.MD5 = 'e3e25957b738968befcf2333aa637d97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ebf-a388-432d-a5c3-4130950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:51.000Z",
"modified": "2018-10-10T14:37:51.000Z",
"pattern": "[file:hashes.MD5 = 'eb69fb45feb97af81c2f306564acc2da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ec0-35a8-4d19-ad28-4394950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:52.000Z",
"modified": "2018-10-10T14:37:52.000Z",
"pattern": "[file:hashes.MD5 = 'f00fd318bf58586c29ab970132d1fd2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ec0-fdfc-410a-9626-4610950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:52.000Z",
"modified": "2018-10-10T14:37:52.000Z",
"pattern": "[file:hashes.MD5 = 'f2b5373f32a4b9b3d34701ff973ba69c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ec1-ec40-4cf8-be41-4d6d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:53.000Z",
"modified": "2018-10-10T14:37:53.000Z",
"pattern": "[file:hashes.MD5 = 'f84914c30ae4e6b9b1f23d5c01e001ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ec1-3b70-49d7-b4e4-456d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:53.000Z",
"modified": "2018-10-10T14:37:53.000Z",
"pattern": "[file:hashes.MD5 = 'faa4469d5cd90623312c86d651f2d930']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ec2-c4e4-45c1-8ca7-4c76950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:54.000Z",
"modified": "2018-10-10T14:37:54.000Z",
"pattern": "[file:hashes.MD5 = 'ffb8ea0347a3af3dd2ab1b4e5a1be18a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ec2-04e8-4565-a44a-4a81950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:54.000Z",
"modified": "2018-10-10T14:37:54.000Z",
"pattern": "[file:hashes.MD5 = '345b1ea293764df86506f97ba498cc5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ec2-2300-465f-8b36-476b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:54.000Z",
"modified": "2018-10-10T14:37:54.000Z",
"pattern": "[file:hashes.MD5 = '029cb7e622f4eb0d058d577c9d322e92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ec3-44e8-46c7-9191-42d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:55.000Z",
"modified": "2018-10-10T14:37:55.000Z",
"pattern": "[file:hashes.MD5 = '06178b5181f30ce00cd55e2690f667ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ec3-d018-4ca0-91c1-401d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:55.000Z",
"modified": "2018-10-10T14:37:55.000Z",
"pattern": "[file:hashes.MD5 = '2b8ab9112e34bb910055d85ec800db3f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ec4-2698-487e-af5d-4478950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:56.000Z",
"modified": "2018-10-10T14:37:56.000Z",
"pattern": "[file:hashes.MD5 = '47ec75d3290add179ac5218d193bb9a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ec4-14c0-4eab-9a01-4e6d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:56.000Z",
"modified": "2018-10-10T14:37:56.000Z",
"pattern": "[file:hashes.MD5 = 'befc203d7fa4c91326791a73e6d6b4da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ec7-3544-4e3f-9d4e-44ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:59.000Z",
"modified": "2018-10-10T14:37:59.000Z",
"pattern": "[file:hashes.MD5 = 'c561e81e30316208925bfddb3cf3360a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ec7-2310-4abb-93ec-4849950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:37:59.000Z",
"modified": "2018-10-10T14:37:59.000Z",
"pattern": "[file:hashes.MD5 = '132efd7b3bdfb591c1bf2a4e19c710eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:37:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ec8-30f4-4746-a683-4ff2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:38:00.000Z",
"modified": "2018-10-10T14:38:00.000Z",
"pattern": "[file:hashes.MD5 = 'e7a6c57566d9523daa57fe16f52e377e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:38:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ecc-5798-4b31-811c-486f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:38:04.000Z",
"modified": "2018-10-10T14:38:04.000Z",
"pattern": "[file:hashes.MD5 = 'c0e35c4523a7931f4c99616d6079fd14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:38:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbe0ecf-550c-4572-882a-4b4c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-10T14:38:07.000Z",
"modified": "2018-10-10T14:38:07.000Z",
"pattern": "[file:hashes.MD5 = '245fa82c89875b70c2669921d4ba14d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-10T14:38:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef709-1198-44fb-b614-4783950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:08:57.000Z",
"modified": "2018-10-11T07:08:57.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\EventManager.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:08:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef70b-d0d0-4c6a-82f9-4b5e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:08:59.000Z",
"modified": "2018-10-11T07:08:59.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\EventManager.logs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:08:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef70c-fb50-4fef-89ec-4e8e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:00.000Z",
"modified": "2018-10-11T07:09:00.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\WindowsDefenderService.ini']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef70f-c224-473e-a5b5-4b40950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:03.000Z",
"modified": "2018-10-11T07:09:03.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\Defender.sct']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef710-8e94-4a38-b25f-4599950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:04.000Z",
"modified": "2018-10-11T07:09:04.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\DefenderService.inf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef710-9934-43aa-aff6-40e8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:04.000Z",
"modified": "2018-10-11T07:09:04.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\WindowsDefender.ini']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef711-0c90-406b-b169-4894950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:05.000Z",
"modified": "2018-10-11T07:09:05.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\ZIPSDK\\\\InstallConfNT.vbs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef712-8894-4c7d-a835-4122950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:06.000Z",
"modified": "2018-10-11T07:09:06.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\ZIPSDK\\\\ProjectConfManagerNT.ini']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef712-718c-42cd-ba5b-4b05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:06.000Z",
"modified": "2018-10-11T07:09:06.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\WindowsDefenderTask.ini']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef713-05c4-47d3-bb74-4efc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:07.000Z",
"modified": "2018-10-11T07:09:07.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\WindowsDefenderTask.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef713-eec4-419d-9dff-4734950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:07.000Z",
"modified": "2018-10-11T07:09:07.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\WindowsDefenderTask.xml']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef717-56c0-4ab1-901a-4ab8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:11.000Z",
"modified": "2018-10-11T07:09:11.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\DefenderNT\\\\ConfigRegister.vbs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef717-d0ec-4611-8724-4025950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:11.000Z",
"modified": "2018-10-11T07:09:11.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\DefenderNT\\\\SetupConf.ini']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef718-37ac-4dbf-a117-4a40950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:12.000Z",
"modified": "2018-10-11T07:09:12.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\ASDKiMalwareSDK\\\\ProjectConfSDK.vbs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef718-b9c4-43c0-91b9-4bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:12.000Z",
"modified": "2018-10-11T07:09:12.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\ASDKiMalwareSDK\\\\SetupConfSDK.ini']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef719-709c-413d-af51-4ee4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:13.000Z",
"modified": "2018-10-11T07:09:13.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\FirefoxSDK\\\\ConfigRegisterSDK.ini']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef719-e438-4400-bfe2-4939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:13.000Z",
"modified": "2018-10-11T07:09:13.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\FirefoxSDK\\\\ConfigRegisterSDK.vbs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef71a-ad08-458c-86e2-4d27950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:14.000Z",
"modified": "2018-10-11T07:09:14.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\OneDrive.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef71d-d7a8-4c02-b480-43d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:17.000Z",
"modified": "2018-10-11T07:09:17.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\OneDrive.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef71d-eda4-4f12-9f0c-43bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:17.000Z",
"modified": "2018-10-11T07:09:17.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\OneDrive.ini']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef71e-f328-4196-a141-4eb3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:18.000Z",
"modified": "2018-10-11T07:09:18.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\WindowsNT\\\\WindowsNT.ini']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef71e-e224-4ba9-aed2-4332950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:18.000Z",
"modified": "2018-10-11T07:09:18.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\WindowsNT\\\\WindowsNT.vbs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef71f-44d4-4490-8ab7-4407950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:19.000Z",
"modified": "2018-10-11T07:09:19.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\SYSTEM32SDK\\\\ConfManagerNT.vbs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbef71f-1b78-4c0a-b435-4a39950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:19.000Z",
"modified": "2018-10-11T07:09:19.000Z",
"pattern": "[file:name = '\\\\%SystemDrive\\\\%\\\\ProgramData\\\\SYSTEM32SDK\\\\ProjectConfManagerNT.ini']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:09:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbef720-43a8-4b70-a29a-49e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:20.000Z",
"modified": "2018-10-11T07:09:20.000Z",
"first_observed": "2018-10-11T07:09:20Z",
"last_observed": "2018-10-11T07:09:20Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5bbef720-43a8-4b70-a29a-49e7950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5bbef720-43a8-4b70-a29a-49e7950d210f",
"key": "%windir%\\System32\\Tasks\\Microsoft\\WindowsDefenderUpdater"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbef721-0198-44d1-87f9-4a03950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:21.000Z",
"modified": "2018-10-11T07:09:21.000Z",
"first_observed": "2018-10-11T07:09:21Z",
"last_observed": "2018-10-11T07:09:21Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5bbef721-0198-44d1-87f9-4a03950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5bbef721-0198-44d1-87f9-4a03950d210f",
"key": "%windir%\\System32\\Tasks\\Microsoft\\MicrosoftOneDrive"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbef721-ef90-4859-937a-431a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:21.000Z",
"modified": "2018-10-11T07:09:21.000Z",
"first_observed": "2018-10-11T07:09:21Z",
"last_observed": "2018-10-11T07:09:21Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5bbef721-ef90-4859-937a-431a950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5bbef721-ef90-4859-937a-431a950d210f",
"key": "%windir%\\System32\\Tasks\\Microsoft\\WindowsDifenderUpdate"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbef722-161c-479c-a92a-41ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:22.000Z",
"modified": "2018-10-11T07:09:22.000Z",
"first_observed": "2018-10-11T07:09:22Z",
"last_observed": "2018-10-11T07:09:22Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5bbef722-161c-479c-a92a-41ee950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5bbef722-161c-479c-a92a-41ee950d210f",
"key": "%windir%\\System32\\Tasks\\Microsoft\\WindowsSystem32SDK"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbef722-1038-4ec6-8301-493c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:22.000Z",
"modified": "2018-10-11T07:09:22.000Z",
"first_observed": "2018-10-11T07:09:22Z",
"last_observed": "2018-10-11T07:09:22Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5bbef722-1038-4ec6-8301-493c950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5bbef722-1038-4ec6-8301-493c950d210f",
"key": "%windir%\\System32\\Tasks\\Microsoft\\WindowsDefenderSDK"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbef723-6778-4a05-a3fc-45a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:23.000Z",
"modified": "2018-10-11T07:09:23.000Z",
"first_observed": "2018-10-11T07:09:23Z",
"last_observed": "2018-10-11T07:09:23Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5bbef723-6778-4a05-a3fc-45a7950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5bbef723-6778-4a05-a3fc-45a7950d210f",
"key": "%windir%\\System32\\Tasks\\Microsoft\\WindowsMalwareDefenderSDK"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbef723-1a90-496f-a0a6-4759950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:09:23.000Z",
"modified": "2018-10-11T07:09:23.000Z",
"first_observed": "2018-10-11T07:09:23Z",
"last_observed": "2018-10-11T07:09:23Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5bbef723-1a90-496f-a0a6-4759950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5bbef723-1a90-496f-a0a6-4759950d210f",
"key": "%windir%\\System32\\Tasks\\Microsoft\\WindowsMalwareByteSDK"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbefcc3-9170-475c-a872-485c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:33:23.000Z",
"modified": "2018-10-11T07:33:23.000Z",
"pattern": "[url:value = 'http://www.cankayasrc.com/style/js/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:33:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbefcc4-cd58-40bc-a143-4d49950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:33:24.000Z",
"modified": "2018-10-11T07:33:24.000Z",
"pattern": "[url:value = 'http://ektamservis.com/includes/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:33:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbefcc4-691c-44a9-a0a5-486a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:33:24.000Z",
"modified": "2018-10-11T07:33:24.000Z",
"pattern": "[url:value = 'http://gtme.ae/font-awesome/css/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:33:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbefcc5-1f00-409d-925b-412b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:33:25.000Z",
"modified": "2018-10-11T07:33:25.000Z",
"pattern": "[url:value = 'https://www.adfg.ae/wp-includes/widgets/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:33:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbefcc5-02fc-47ae-84e3-43f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:33:25.000Z",
"modified": "2018-10-11T07:33:25.000Z",
"pattern": "[url:value = 'http://adibf.ae/wp-includes/js/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:33:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbefcc6-dd74-4a21-abcc-406a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:33:26.000Z",
"modified": "2018-10-11T07:33:26.000Z",
"pattern": "[url:value = 'http://hubinasia.com/wp-includes/widgets/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:33:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbefcc9-8280-4d95-a1e2-481f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:33:29.000Z",
"modified": "2018-10-11T07:33:29.000Z",
"pattern": "[url:value = 'https://benangin.com/wp-includes/widgets/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:33:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbefccc-5cb0-488b-b32f-45a2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:33:32.000Z",
"modified": "2018-10-11T07:33:32.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.237.233.60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:33:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbefccd-2f04-4610-930d-49f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:33:33.000Z",
"modified": "2018-10-11T07:33:33.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.237.255.212']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:33:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbefcce-78d0-4e0a-9e6c-4951950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:33:33.000Z",
"modified": "2018-10-11T07:33:33.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.237.233.40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:33:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbefcce-5468-4b10-b415-4b3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:33:34.000Z",
"modified": "2018-10-11T07:33:34.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.9.0.155']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T07:33:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbefe30-1718-4cae-b3fa-4ae2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:39:28.000Z",
"modified": "2018-10-11T07:39:28.000Z",
"first_observed": "2018-10-11T07:39:28Z",
"last_observed": "2018-10-11T07:39:28Z",
"number_observed": 1,
"object_refs": [
"file--5bbefe30-1718-4cae-b3fa-4ae2950d210f",
"artifact--5bbefe30-1718-4cae-b3fa-4ae2950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bbefe30-1718-4cae-b3fa-4ae2950d210f",
"name": "181009-muddywater-1.png",
"content_ref": "artifact--5bbefe30-1718-4cae-b3fa-4ae2950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bbefe30-1718-4cae-b3fa-4ae2950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAACBIAAAMACAYAAACT+9YfAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAP+lSURBVHhe7J0JYBXF/ce/OQl3AihXAgmIIihEQU6VoGI9WsUDRFsU+ddqrVa8WnsoqD2sB+JRq7UiilUOrXijKIdyKaBBAUGEBBLuIwmE3Mn7/34zu+/te9l9efvycvL7wO/tXDu7OzM7O79fZmej9h/K80AQBEEQBKGOaNemFTadMh3l2flGiBAqcamJ6LflLhwpLDJCBEEQBCF8TuiQaLhC48BheXYLgiAIgiAIgiAIQnPHyV4Qtf+gTCQQBEEQBKHuaNe2FTad+gTKtxcYIUKoxPVORL9Nd+HIUZlIIAiC0JT55l/PYecnCw1f/dPjwotwxq9vxQkdXU4kOCQTCQRBEARBEARBEAShrmjs9gKZSCAIgiAIQp3CEwm+7/ckyrblGSFCqMT3TsKpm+6UiQSCIAhNGNMo8MsLx5AGbgTWJ6Tx/+eTRco4cOGf/2gEhoZMJBAEQRAEQRAEQRCEuqEp2Av8JhJ8ufUgvtp6GOuz8rEnrwilZRXweDyoqqQkVVXwsJBbbavMbRVW/PNKIwdBEARBEAR/1ESCATNQtuWwESKESvwpHXDqt1NkIoEgCEIT5p0rLjOMAg1hFTAgvZ6NA7/8/HMjIDSsEwnEXiAIgiAIgiAIgiAIkaMp2Aui9h08rCYSfPH9fizZeAhXjkjDGWkdkdg6js675hPvM+4/WPH8VYYPiKZ9YmJiUFlZiSo6uB2r1kZrR4ne8Daf3SX5estYwwz/H/7cg12uOXb0qBK+mri4eMTGxSGhdWvaxuoEjZRQylIQBEEQGjvt27TGpr5PoMONA4wQIVQOv/wt+m2+GwWFx4wQQRAEoanx7hWX45c/GUOuBjQMwIP/fOx+IsH+Q3o1IbEXND7EXiAIgiAIgiAIgtC0aQr2gqh9Bw57vvzxED5evx8PXjcIbVq2QGEZcJQU8eJykFIKUkpJeMt7GPppNF1TOunpJ135b6z89zgdSMSRsv3wQw/igQemoqy8wgj1Z9WKaCQmtkdmJnDHHUagDQWlwKRJy5CoTQP4xzPnqq0b9uTk4OiRI8rNCjYr2jGxMYiLjUPXHj3ofONUXF2Tm5WFqqoqJRUVFUrKysowYNAgI0V1QilLQRAEQWjstG9rTCSYJBMJ3HJ4ljGR4KhMJBAEQagv/vnPmdiwcYvh8+e0/qfgV7+a6EqPfPfKy/F//IZBA/NSGCsS7D+YB7EX1D1iLxAEQRAEQRAEQWj8HI/2gmjW9NdsPYgrR6Qqo0BuAZBf5CFF1ANPJVBeDlRVaHdlGVBhhKulCimDGDVJgl1aoki6detmvJ3gC/cXgxI6mANsFOB4fssgc/MCwzRgl5e/fPPVVzhWeFS5t37/Pfbt3Yuj5N+9Zzf27d+H3F25OHTwEMoryrFz+7Zq+0dC8g8fxo7t21FSXOwNM40C5VSghccK0aJlAgYMOtNvv0AJrSxFREREREQat6gRA79cyM8zEXdCAy094hIRERERqQ8pLy9TRoH/vvqMrXAc/8HZbl9nccfyjZuUEm8K+4OF1y1iL4i0iL1ARERERERERERERESk6cnxai9QawbyNw7PSOuk3iw449nvccaLW/HihoPomliF697+EaOe/xavf70D72RmY8yDS3D+7z7C+be/j7KySnRsm6AystK2bVu6fOcCMJcjzC/R6n4gVqMAL1Q49qJp5LdPa4UrqLKqEntycpG7YwdKS0uUIl5UpL8r3LpNG7Ru3RpHjh5B3uE8REcbSyZGEDYGHC0ooPwP4Zt1a4xQqLcJSkpK6JxKUVxEaY4cxZEjzoYRk5rKMnKswONjb8PcHMMbyIp/4Mqxl+HK299ATk1pGZU+II1fHk5w3pRGicP+NeZhYHcOoZy7HXbHznkDd5hh3nDr+ZtiOZ7tOe3E3NvNtP/AShVWQz7VcJvewLZM7c6HCVI3TOC12ZaPgXlcM8z2PJxwqsNgZWC9psvw+Aq1A+F0rYTdOVnDSHz5GASWgSM1lGU1nNI7XRcR7FyqxbmsW8dycKobwrE9hFI3IVyb7TkFaxMu68B1/k44HTfI+dhdL2M9pxrvm0D4eCFctyAIgiAcZ4Ty5gC/CV6XbNm1C5NffNEr7GcjgF14fSD2gsjRdO0Fgo9g4+gg+qUfoYzFg+hD1bDqEqY45W89dqjnWxNBrieYXcCWEMomUD+y1dWCEewY1rK0pnEKJ2z1NaeyDZa/m3OyhgXGBWLNO0idO+mdjF1csPQ1Eux6TUJJ40Ctzs3AKY+Q8rY591rlZxA0D6rT22/zv9+UmOldtklXNhxrHqYEnGe1c3c4rmO4gV0Z2JaLy7ZulqEh3n7EKZwx4yLRr4WMWT7BrjeUc2oAVJsyzztImTil8wsPB6PsHrN/SOTMuc2mXEMhhPr1tqPaPGtNXFxHrcssAoR4n6x8LPD5bVOunJfDdYdOCPUlCEE4Xu0F0fwpvT2Hi9U3DgtJEb8uvQMQE43cYx7ExUShhN8miI7C1oOlOL9fop7tTvK7a08mxToKxSXl4Dy8Qpl6yBHF8+Ot4Rbh7xcypoHAip9RgG0BvDWMAnZ5WSU6OgaxMbEoJuW8kBTvyopKZQRgpTy1V28MHjoMA87gWf1QBoTKyirbfGojR/ILlHGgsLCQFP8j3nBemvDo0aPKSFFWXob9/LbDzhy/fauJuubgZRlJUdiEezzUwVInPeLed/HW09cimcKc07LQ4GVFDlL80lTPo/p+1JU/+g/kTHgWb739LmZMAOY++gZ2ctxOevA9loNrnqb9KS5YHur4PHii58oIm/NUBIQFlSDHBkbibg7zhlv8LPeOBFJGYniy8zntnPMo5qb8XqWfMSEHjz+6gsKd8vHt5y9u05M4XJf9+fjXzVv3pvjqRoldnbMnsHw4PKAtuKpbLYpq4UHKYAUVPB/PCF/52D+wgvZxulbHskm51i9/Mx99fPsysJPgZVldHO8L2+sK3v7tztMxf4f0wcpBYbgDxbY9ONSN22uzPyfnNuG2Dtzmb5cHi9Nx7esgSF2Gcd8EisImvC6EjxMVFa3GECIuhf7VVz2JiIiIHI9SVlaOZ//5Mn59631eYX5+/e3VhJIr7PIJJmof1j9JJwxF+nTripk33UT7epTc+O9/KyMAb80wjud0dvvbCR8/HPj8xV4QOWnK9gIRnyhswh31SxtxysMrTnqSrbjTS8xjuznfmsTM0z7ORg8MIgqbcC3u9FMnUdiEO+nGbvW1cOwqCsNtFft9IlnnQfROJYFlXlP60ERhE26VUNJUl+ptxJ04XZ+761Z4/U7nFOq5Bju21cb2LGY4tIvw2qTNvWvbN9XUHqtfp7t7zSkf53Jx29ad+hHn/iU0O7cpCpvwcETXy7MYb5Yv24fG3kblZpynOldgJV1n4L71K1RG/AfbnYY/+Vpqn77zVvilN8QpnV94QN4hCtADKVRe1fdbgblzKJDxCw9NatxvBLfF36t2ZxvvUkK+joCyrH8JvE+c6234CLq/qH/xhu3ciRzspLCd3rCdOXT/p6T40oQp3vIREQlBxF6gUZ82KCmrUAp/UTkwpGsb9ZHDPfml6ruGh/i1Azrwqm1HMbxPW5zVu4Py/3RYF4qPxrEiildFpIUX1eO8+GSt4X5ivi0Q8NZAoFGADQJadLxtXgHCbxTwLH5WxFu1aoU27doifdAg9ExLVfEJLRMQGxurlg3UbxjY57N48afVxC5doJQWl6g3Hfhtgq5du3nD2d+p84lo276d+u4il8/hQ4f89g0Up7LscmJHR7Gmcy+MXTgLPaBSrH7G6rfIyjewssdIPbDziwvMI1CWY9XKkRh/De/pQco1EzAiZwVW5Xiwcs4bwIR7MT7o/qakYPzT7+iBqyIwngkMcxbnY5sEhvuEH4ApI0fQGTmd0w6sogfiCErD/hR6aKasXI6V3vjAfPzDnSSU9PbX5XQ+O5Cb0wMjRui6QQrVJbm8+9n
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbf0086-44fc-4fea-a218-463b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:49:26.000Z",
"modified": "2018-10-11T07:49:26.000Z",
"first_observed": "2018-10-11T07:49:26Z",
"last_observed": "2018-10-11T07:49:26Z",
"number_observed": 1,
"object_refs": [
"file--5bbf0086-44fc-4fea-a218-463b950d210f",
"artifact--5bbf0086-44fc-4fea-a218-463b950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bbf0086-44fc-4fea-a218-463b950d210f",
"name": "181009-muddywater-3.png",
"content_ref": "artifact--5bbf0086-44fc-4fea-a218-463b950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bbf0086-44fc-4fea-a218-463b950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAACCAAAAMACAYAAAD//YQaAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAP+lSURBVHhe7J0JYBbF+f+/OYBwB/AAIfAGLxSP4MkpCR5Ve4AHqP0VCbS21taKV2tblaD+W60XamttVUCxiqgVz+IBCcjlHVQULxIIIHfCEXIn/+eZ2X3ffd/svu/um/d98yY+n/C8MzszO7M7Mzszz8MeKdt3lTdBEARBEARBEARBEIR2zcG9Mw1ffNixu8LwCYIgCIIgCIIgCILQXolkX0jZvlNuQBAEQRAEQRAEQRCEePHxPx/GxjcXGVuJZ+A552LYr6/CwX3ifAPCLrkBQRAEQRAEQRAEQRDiRVuxL8gNCIIgCIIgCIIgCIIQJ0zjwC/OOZs0cCMwkZDG/9ibbykjwTk3/8kIjA9yA4IgCIIgCIIgCIIgxIe2ZF8IugHh3a934r2vd2NNSQW+Kz+Amtp6NDU1obGBkjQ2oomF/MptNN1GrPjHhUYOgiAIgiAIgiAIgiCYvHTBTwzjQGtYBwxIr2cjwS+WLTMC4oP1BgSxLwiCIAiCIAiCIAhC7GhL9oWUbTt3qxsQ3vliOwrX7sKFI7MxLLsPMrt2oOOPfAJHTnwMKx65yNgCUmmftLQ0NDQ0oJEOwo5VH6RqT7V22K1gf3WFdhlrmLH9x5sHss8zlfv2KeGz6dChI9I7dEBG167kpusESYqbuhQEQRAEQRAEQRCSl5cvGI9f/OBs8rWigQBNeOyN+N+AsH1XuXLFvpB8iH1BEARBEARBEAShbdOW7Asp23bsbnr3m114Y812zPzpyejWuRP21wL7SCGvqgMppyDllIRd3sPQU1Pp3HJIXz/iwn9j5b8n6kCiAyndt982E7feOgO1dfVGaDCrVqQiM7MniouBa64xAm3YUwPk5y9FpjYR4K6HzlCuF74rK8O+vXuVnxVtVrjT0tPQIb0D+g0cSMfbQcXFm00lJWhsbFRSX1+vpLa2FiecfLKRojlu6lIQBEEQBEEQBEGIHf/4x2x8tvZLYyuY44YejV/+crInPfLlC8fj5/yEQivzeALegLB9ZznEvhB/xL4gCIIgCIIgCIKQ/Hyf7QuprPG///VOXDjSp4wDm/YAFQeaSCFtQlMDUFcHNNZrf0MtUG+Eq1ckUgZp6iYL9mlJITnssMOMpxsC4cFiUE2FOcDGAY7npxSK1y00TAR2eQXLx++9h8r9+5T/6y++wLatW7GPtrd8twXbtm/Dps2bsGvnLtTV12Hj+m+b7R8Lqdi9GxvWr0d1VZU/zDQO1FGF7q/cj06dM3DCyScF7Rcq7upSREREREREREREREREJBZSV1erjAP/efIhW+E4/o9nu32dxRvL136ulHlTeDtceHIh9oVYi9gXRERERERERERERERE2p583+0L6l2F/E3GYdkHqScThv39Cwx79Gs8+tlO9MtsxE9f/AZjH/kET3+0AS8Vl+LsmYU48/f/w5lXv4ra2gb06Z6hMrLSvXt3qgbnijBfg1hRrdX+UKzGAX5B4oRzC2jbPq0VbqiGxgZ8V7YJmzZsQE1NtVLIDxw4oOK7duuGrl27Yu++vSjfXY7UVONVjTGEjQL79uyh/Hfh4w/fN0Khnkaorq6mY6pB1QFKs3cf9u51NpCYRKpLIc6suAsXTviJX+5ZYYRjBe7xh/8Wz5YZwWXP4BpL+guvfgYqyimcsZbhD+f8Lfm6YiOevdos4y6sNELD5hXxuEL3s5ZhrQ/C7jwc64+wPW+nc3AKJ2zzccJr/rGsO8I8VpU2TF0yTnm4xqGP2pZrTWuKsY/nPu2l74akdVVv5nZounDlhqlrz3kZtLh9CMeyzWMNibNNH6EfNSPCuakyKK+gujbyd9vGQXk4nE+464cJPVfrcZAEztPp/L22eTS46CeuMespNL/g82hWT8mAakvzuMPUiVO6oPBoMOrubvvOXzb/t1G2t4v29ffLkHkpKjycR4vrLAYEXefOrLw7dFyyqVfOy+G83eOivQTBJW6ePOAnyePJl5s3Y9qjj/qFt9kYYBeejIh9IXaIfaG94HXNbtBs3WqsF5SEm/es86JT2VHk5biGj+a4DCKuza37hCnHvy4j8R9XuHMPV6YHHOvEIPT8rMdJEjgm67F6WFs2q78w+ZhlW4+x2f5OdRwu3LptxSnOmldonk7lOBGufCciHbNd+VFcw6H13ayuCTNNxHytxxzm+MNeo+HO2SnOIOjYrXVkihnn1P+s+4SUZa0n1/XhAmu+TuVHun5jjou6VrhN5wbz3EPzC+7T8T/3KAjSe8PUiVO6oPBoMOpObA2JJejadUZsDUJb4ftuX0jlT/99t7tKfZNxPynkP83pDaSlYlNlEzqkpaCan0ZITcHXO2tw5rGZ+m55kt9fdhQp2Cmoqq4D5+EXyrSJPCl8f7013CL8vUXGNBRYCTIOsE2AXcM4YJeXVVJT05Celo4qUtL3kwLeUN+gjAGsnPsGH45TTh+OE4bxUwFQhoSGhkbbfFoieyv2KCPB/v37sXfvXn84vxJx3759ylhRW1eL7fy0xMayoH2biTrn8HUpEl/ZmHUZXnjxZS03jqLJ7S6soPAVf7sLZZf+3QjPwrN/ewYbjX2AUbje3OfByzAgXPhGmtjvLsMlD9qlJwy/G9k4/294NusPKp9Zl5bhnr+t8MeFy6v5cRmLUJqfR4but4ICbzTSWurD6Tyc6s8xvcM5OJ5bmPqzE8/5kygMf6h4qrsmWrDQomck1x+ndapLJZTPijJkNcvDvVj76KxLEeijtuVazsMIR9YojBig8/LUp1U4YfgjiU7rtt7oeB3TcUDzMCW25xyuTJVTs7CAtLR9nMu2H1vCHGvYfmQvCpvwZn00qvEpOI+NTv2QxKn/2NWv41jidP5RtHk0orAJj0Z0ffwdk4zrTo1vpOSUXWqchzoXUrLo+EP3TawYytdGY3vAZZhlOW5FUHpDnNIFhYfk7VKAgcii+mq+3wo8O58CmaBwdxJxv5E8b/xB9SfbeI/i+jxC6jLxEjJWhGm3ESPp+qPr0R+2cSP4BryVKzb6wzaW0fWelRVIE6X460dExKPU1tbh7/+Yg19fdZNfmP+7/OpmQskVdvmEE7UP65+kE7qRIw/rh9lXXEH7NimZ+u9/K2MAu2YYx3M6u/3thMtPBHy+Yl+InYh9oZ1IFGt2uzWxo45nIwr2O5QdVV7K33wNH84+EioK/3bzc7QTBbmOx+ykt4SpdzPP0LKikVjoNeFsEs5ik79jPqHrN/v9ndoyXBsrDH+o2MdZ6kvlF7A/eOmXptiXEV6c9nEs3/M1bK1vSu+ghzrquTaisPGHSjR2mnBxzfuJc/s59T/n/hPcL5s81Ed4Cc43OrtEfERhEx4qbtO5EbE1cHhI3i5FbA2JluBrV2wNIm1RxL4QjPoEQ3VtvVL8D9QBp/Xrpj7K+F1FjfoO4y5+bIEOYNW3+zDiyO449fDeavtHw/tSfCoqD1C8qiot/DI/zosP2hoeJObTBiFPHYQaB9gwoEXH2+YVIvxEAj8FwAp5ly5d0K1Hd+ScfDIGZftUfEbnDKSnp6vXFeonFOzzWbLk7WZily5Uaqqq1ZMS/DRCv36H+cN5+6BDD0H3nj3UdyK5fnbv2hW0b6g41WXfQ/o4ijWdSMuFJyn/Nk1sSlnABmwqG4iRI424LJrEVTinMzH28YtJcPjK+c8Al96ISVnB4VoYu3A72YBVNMGOHKWWJsiiY81auRwr/fGMNb01nLGGZWHSgy9pJUJhiRt5aeBYVX2UUV04n4d9/TmldzoH53MLX3+h4j1/vR9jzccazljDwtSdEuor/vqzr0u1vfIZrBxIx0FbgX29yHKsWjkKky7R9Z91yaUYWbYCqzj/cOUawgu4LKoPWqLRtklwmgCh4WacXbidMG7rLVI6JjSMxPaco8yLpcXt41S209gS5lhdtGdzYezCWQJ9NPrxycwjTD/0Y93PEJv6dRpLHM8/qjaPRhi78GiEMf0
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbf00a0-e538-4d28-b3d4-4ac4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T07:49:52.000Z",
"modified": "2018-10-11T07:49:52.000Z",
"first_observed": "2018-10-11T07:49:52Z",
"last_observed": "2018-10-11T07:49:52Z",
"number_observed": 1,
"object_refs": [
"file--5bbf00a0-e538-4d28-b3d4-4ac4950d210f",
"artifact--5bbf00a0-e538-4d28-b3d4-4ac4950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bbf00a0-e538-4d28-b3d4-4ac4950d210f",
"name": "181009-muddywater-5.png",
"content_ref": "artifact--5bbf00a0-e538-4d28-b3d4-4ac4950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bbf00a0-e538-4d28-b3d4-4ac4950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAACB4AAAMACAYAAACJxzaRAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAP+lSURBVHhe7J0HYBRV/se/m00DAoTeEghgoShGRboCKrbzFAvNOwT539lRbHfeeZ7eecVTUSx36nmHKCpFT7EXlCa9SFDpAoGEXpIAIW2T/f9+783szm5mNrubQhJ+n+S3r86bmffelPfmN79xHTic44UgCIIgCEI10SSpITac+SxKMnONGCFc4tKS0WPz/Th6/IQRIwiCIAjR06p5suETBEEQBEEQBEEQBEGoWlwHDonigSAIgiAI1UeTxg2xoftklGzPM2KEcInrmoweG+7H0WOieCAIglCXWfvyv7Drqy+MUM3T8bIrcO4dd6JVC1E8EARBEARBEARBEAShehDFA0EQBEEQqhVWPNjY4zkUb8sxYoRwie/aDN033CeKB4IgCHUYU+ngV5cNoxG4EVmT0Ij/P1/NVcoHl/3h90Zk9XLwiFg5EgRBEARBEARBEIT6TrBlxQDFgxVbD2Hl1iNYtyMXe3NOoKjYA6/Xi7JSylJWBi8L+ZVbZrplWPLP640SBEEQBEEQAlGKB72moHjzESNGCJf4M5uj+/eTRPFAEAShDvPhddcYSgcnQ+vAgMb1rHzwq0WLjIjq5eBhUTwQBEEQBEEQBEEQhPpOsGVF1/5DR5TiwbcbD2D++sO4fkBnnNu5BZIbxcEVxsTI6SP+gyWv3GCEgBhaxu12o7S0FGVee2MKy1bHaE+hdtjNZX9hrnYZa5wR/t0fOrIvYvKPHVPCexMXF4/YuDgkNmpEbqzOUEsJpy4FQRAEobbTNKkRNnSbjOa39DJihHA58vr36LHpAeQdzzdiBEEQhLrGR9ddi19dPox8J1HxAF7850tRPBAEQRAEQRAEQRAEoeoor3hw8Ih3xU+H8eW6A/jTTecjqUECjhcDxwqBghKgtBQoY4MH7PISxvPvGBeQ3hE47fp/Y+m/R+hIIi4uFk/8+U/44x8fQ3GJx4gNZNmSGCQnN0VGBnDvvUakDXlFwPjxC5GsVQ/wjxcvUm4k7M3KwrGjR5WfH+Dzg3x3rBtxsXFo17EjbW+cSqtusnfsQFlZmRKPx6OkuLgYvc4/38hRnnDqUhAEQRBqO00bG4oH40XxIFKOTDMUD46J4oEgCEJN8c9/TsWP6zcboUDO6nkmbr11bETjyI+uvxb/xxYPTjL/PUkWD8SyoiAIgiAIgiAIgiDUT2wUDw57X/p8C4akd8TA7u2RnUexXq9SOPCUulBUwu9l8ODfRWHWO/DCHeNCTIwX6WkudLvh3/j21Rt1aUR8XCz+85//4Ne/vhVFxcVGbCDLlri14sHyPNz726ZGbCCsdIDCPAwfn4HczGlI6zYcr754oU4MwdqVq3BGj+5olJSErRs3If/4cZSWleLYsWMqnR/8JzVKQouWLVS465lnKrcqyT2Sg7zcXLRp1w6JDRJV3K5t29W6S0pKkH8iH02Tk9H5tNNUmhPh1KUgCIIg1HaaNG6EjT2eRfNx5xgxQrgcefN7dF9/H46K4oEgCEKNwOO1e+59FG+/+aIRE8gvbp6I5579ExITE4yYivno+uERKR4sXr8Bm3fvNkLAmR06YFDPHo7x4VKTigcHDucoVywr1j7EsqIgCIIgCIIgCIJQVbRu0czwaZTiwa//tRLT7r8YZTHx6Pz0RiDejdv6NMPv+7fAgH9vx579+bi1dzISaFD64ofb4SooQkyRB3v/dxWG3vo25jxztVGcflg+a9YsjBo9GsXFJUZsIJ9/40Za26ZYsGAnHnuskxHrx1Q64AmB4bcvwPBu6cjYtACvvvZzncEBHjivXbUKyU2TkdiwAXJzclBwogCFRYUqjZURyshlJQTOw8oHnU8/3Vi6aigsKMDBfftx+PAhFBQWoP8grSzx08ZNPksHvH7elrTTuqBJE3vFCyacujx5LMEzw2cg9cWXMCrViPLBaf/AUuXviFG+PE7xTuzCrIl3Y1aWDg146CM8OJA8S/6B659eoiMJX3zIbSLUcllhrNcgVP5yaU775rAPjLkfqWPw/IsDsdSXbyAenPNbDFCZ7LCuy8RYJ2bg3okzYKzOKHsM9Cba7Y/d9oUoP9WaP2g7A/bHWGc5nOojjHIZVXZHzHLcPqc+EGqfjKAd4exTllOdh9H2jGPZ5r6MQdbEaLfdpv8G75NTmLHdF0v7WPMSgceiuc3WbQ1RJ07Ybg+h4kPtX0ekZu3yt4uion7s1H8Mym1LqL5oBO2203afQhwDdtj2uzC2x5YK9rsKEMWD6BHFA0EQhJrnjjsfDql48NKLf1UPbsMlUsUDVhCY8NprRgiY+utfKyUDVjoIjo+03BpTPDiUA7GsWP2IZUVBEARBEARBEITaT1VbVqxNtG4ZqHgQwwrue48UqDcPjhcCN6U3B9wxyM73Is7tQiFbOaDR/9ZDRbikR7J+O4HkN2POQAzFFxSWsIEEv1ChbDbRxXYSrPEWMd9A8L11YMGqdJDL8wDsFuoJAbuyrBIT40asOxYFBQU4fvQYSj2lOHrsqBp4p3Xpit59+6HXueepstgKQmlpmW05lZGjuXlK+eD48eM4evSoL95UODhx4gQN7otx4MB+ZO/KCli2nKh9Dl2XJ1MUNvFLnvoHska/hP998BH+91AqZj01A7uC4qeMhi8+eHmfLFkCPERlqHIGYunT/8ASit+VOkbHBcXzMvbbxA/0rsH1VJx6kFcuPVgqyk/pS7L0w08jznHfHPbB612CZ55eoh68/u+FMfDOfAqzUn9rLJ+FZ55aYllfsAzEA+b+G+UidSD6p+h0fmjpS6eyU0Ltj+32OZe/y3E7A/cnxboOqzi1qVO5u2bgXn5o+4KxjCq7ov0P2kcloZexlzD3iaR8nVO8U9vb7lNgef5yiYi3PVT/Dd6noLDDtjm1j9OxGPnx4CC22xPu/r2EKea2GeuruB9zgcFlGhJFX7Q7Vzi1f6htcpLy/S6afq5FYRNfVcJlu1wx6h5CJEKhv+psGxEREZFTXVjB+6V/vq6UDUxhWMEgWCi7wq6cUKKW4fEnjQnDkdPbt1NKBTwWZLnl3/9WSgfsmnGczvnslrcTXn/N4sWqrYdw/YA0pXTAlhVzT3hpLEzbT5tSUgKUebS/tJjGy0a8+tQCLe1WRhHYp4VGxGjfvr26NlrjA8WgkM042mOdb8jYNMdQPbArK1DWrlyJ/ONsRdGLrRs3Yv++fThG4T1792A/j+13Z+PwocMo8ZRg1/Zt5ZavCsk9cgQ7t29X8w1mnKl0wJY6jucfR0KDRPQ6n+c8yi9vSnh1KSIiIiIiIiIiIiIiIlIVUlJSrJQO+AUHO+E0Vmi3W7aq5O13/oc77vytTzgcKj4yCSSGIwuLPWrQeYIG/33aJalXD/bmFqm3DQ7zawleL5ZtO4b+pzfGBV2bq/DV/dpSegzyT/AnAPwr4KErl8WTIdb4ADEUCXyuQbDSASscaNHptmUFCQ+4i4qK1IP+hg0bIqlJY6Sffz46dU5T6fzpg9jYWDU4j4lhU4z25cyb93U5scsXLEUF2rpCYWEh2rVr74vncMs2rdG4aRP1NgTXz5HDhwOWDRanumzbuoWjWPNVvzDBcTuRndURAwbwozYK81vH5AMWY9nSgRipXqf1InXUaAzIWoJlWcHLW2TAaIxMNf0DMQBZVDYtm2qU7YtnjLDC9JuSipEvfKgfwimC04OlgvxLZ2Bpx4HGfnFciH1z2Ae9HNWNStuJZUt2UTLvCS1P+VKXLsZSladiWbpkCVJp2VQVNrHmCbE/IbdPi7/8irbT3J8QYrs+53KXzpwBjH7Iv4yNBO4/CxOYJ1jKL+MkYeyTj6B4h7oNZ5/8wgTGVbztFfX34H3yh+23zbl97I/FaI+H8mK/PZHun5bw+zETuCxLVH2x3Lki8jr25wkWE7s0LeH3cxbGLr5qhH/5CYKLbiysUlbmQUlBUzR/9Ep0tMrwpigtKYJrwAAVbjtA5y2/rAt
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbf03d5-77b0-4576-af75-4ee9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T08:03:33.000Z",
"modified": "2018-10-11T08:03:33.000Z",
"first_observed": "2018-10-11T08:03:33Z",
"last_observed": "2018-10-11T08:03:33Z",
"number_observed": 1,
"object_refs": [
"file--5bbf03d5-77b0-4576-af75-4ee9950d210f",
"artifact--5bbf03d5-77b0-4576-af75-4ee9950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bbf03d5-77b0-4576-af75-4ee9950d210f",
"name": "181009-muddywater-7.png",
"content_ref": "artifact--5bbf03d5-77b0-4576-af75-4ee9950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bbf03d5-77b0-4576-af75-4ee9950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABQAAAAQACAYAAAC+k/RDAAAgAElEQVR4AezdCbRmV1Uv+vm1p61zqq9UukrfQBICiHR6RRCkD0SINArSiogoV73y3rtX373jMmyugj2d1wZRMUBoBEHBjqtIJxBCSN8nVZXqT3++dr/xW1+tqhMgFSAvxMhaY5yz97f3aub8z7nmWmvuudeu7d69p5qa2Rhzq1X0V4YxUatH1GrRWVePahCxqRax/8BiTBw/HYvL3djSbsf8geXoNcZjal09ut0qxtq16PYPxeR4I5bnF6I2aMTU+JZYWerGxMRYLC0dirGpfjTHarHaWY5mazp6w7Go18ai6u6JeiOikZrtRdQWo6qqqIbtqIYzURtuik5nGFPrIvbuvzW2nbAhFhe7UR9ui0aidT5qtVo0m83o9XqxuroaY2Nj0Wq10nmj0Uj31TkYDEJyrV6vp/NhVaXjt/qvXqul+pXXhpTr9hsdCwsLqc2JiYno9/tH6EDv2Ph4KjMcDtMx15F+RMT09HQcOnQotYFufMqT+fzq/LncN34c4fCN5y85CwIFgaMIjPrt0d/lrCBQECgIFAQKAgWBgkBB4L5FoKxf7lt8S+0FgYLAt4oAf83KykrySfE/JZ/P2Fiqju+mGjai2+3G9u0b4uDBlVhYmIsNGzbE/Px8bNq0KRaXFmLdunXJh6T8cDiIdrudymd/EP8Sn5ekLj4j7e7bty+V7XQ6MT4+ntrmK5Nny5bNsW/f/qjLvH///qhHLdbNtGJsohGtsXp0V/sxHFax3Kmi2axHZzViaXE5VruDaE+MxeRkPRYXquC32rNvfzQarZibm4utW7YmZ1Wnu5LK1eu1aDRGTjJOruEAkf2ohvX016iti3o1E1FNRVVNRjXwNx7D4XhUg7GIqhlTk2MxOTEe4xNT0e+PnHjDahDLqyOnGyA51hwBwQGnLSA4x7QjZxzwAJfLJNTuxT/tZqde4m84TA6+fJ1wCJ3wAO86etDCISihZe0x/Qh+2Frs2bMn0Tw5OZnKEiZe8KGukgoCBYGCQEGgIFAQKAgUBAoCBYGCQEGgIFAQKAgUBO5fBPh8+Hr4crJPil8q/3Zv/fr1cdNNu5JPh/PPPX65gwcPJt+QY/ZryTs1NZWY4lfKvqeNG2eCb2jjxo1x4MCBuO222+K4446LxcVRQB06suOQ/+jOO/fE7Oxs1Fe7K8mrODleDwFyc4sL0R0Mol41YqJdi8XVpWhPT8TkWMTM1GysdjsxN38walXE1EQtGs1abN26KTnVRKqtrK7EunWceYPkAOz3e0ccXFHVo9EYj6jaMTE+EePtegwH0zHoT8WwNxPVYHPUYls0Gtuj3Tg+Wi3RflV0O1UsLlVRr41Ht9tLDsX2GCfaSLgAAwRHWmYSGK77cx34kt9SdtalH/fiX44mBGr+W1vdzMxMbN68ORzdz45HEXw8w3eXMp34IfxMf3Ze3l25cr0gUBAoCBQECgIFgYJAQaAgUBAoCBQECgIFgYJAQeDbi4DALz6c7G/iv3HNH18QZ93ERC059Xbv3p2ui/4TlMcZmMvyB3EW8hmJ7OPv4gzkBNy2bVtcc80NyQe3tLQUJ510fGzfvj0F5Ike5J/jbxKMxlHIAckfpY1mtzeI40/YHofmh3H55V+K667/Styxe2/ctnMuDh6cjw3ra6nRQ3PdFE44PVHFwqG5aDQmY3WlH/V2O974G78cW7eOx46TT4k779wdk2PjMey1Y7w1HhyA3tSNWiOqqCJqrZifX03nqysRM2OccREDQXAC2poTEdUwqqoe0a9i/SzHpFdeqxQSudwbpki6bm81er1GtFujCD9gAomTDdgAAhjAgeQvg5jzJWEcdgx+q2oBTO3l9tXjXHKPMAmRwNHkHF1ZIXLete2jT3Lk0VVWPcI4CdS5uvIrxWvLfvPnI1q/+XKlREGgIBBsWkkFgYJAQaAgUBAoCBQECgLfRgTK/OvbCHZpqiBQEPgmEOBj4pPif3Lk0+HEc11g18z29XHttbfG8ccfH29605ti9+6dyd/DP5R8R2Ot2L79uJiZmY3XvOY1sW3b5iNBZN645T/i2PO6ML8SB6CIQb/5jXJb/E78RTt37km+J/f4kpr19njsOzAf//SPn4rFlZU458KHxOO2nxwnHb8uscknx39XDSNajYhhFckh14xaun7Rxa+O6emJuOP2XXHySRvjlB07YmlxMWamN8bNN94eG2c3Rr3yKm5Et9+LTjfitlv3xeTUeOzePRdVZyE5swA0GK5Ev1qKQa8fq516DLpjceDAMFY7SzExtRTPf+ETY3Z2FAHYrNdict1k9AfziSHg+sMYkDHsKPRRGGSOtuOUy2AAZHAvHYDaQztBEKo2naPF7/w+dg7FJCR51irEsZyA119/ffLmEkauO5dVP0dgSQWBgkBBoCBQECgIFAQKAgWBgkBBoCBQECgIFAQKAvcfAnw02Ufk1d3so+J7cr68vJp8RK1WI3bt2hW/9Eu/GCeeeEI0m7bKEzBXJUfgT/7kT8by8nLs338w+Xy8vqtedYgc/Od//uf4P//n/6TzE088MU4//fR4xSteEe973/viQx/6UGzdujVFAZ511lnxS7/0/8Rtt41eOW72oxVXXHlF9Pr9eNwTHh+bj18XXpbdf2gYC8tVLMUwJicbsb5Vi9WFKvbNL8a2LdNR6w9j83o7B45FqxmxceOmOHBgf/Q6C/EHb31L/Ozr/q/YsGEmhoN+VLXDe/UNm9Go+yhIP3r9Qdxxx6F49SseEgLmRnl4uSIG/So6nYjeahU/+/N/GivL8zEz24/1s1ticmoxBoNuLC92o1dbifbYaP8/Tr3sNeVkEy3H6bd3797kIQVedtLJC0AhlOOH9+H7VlWkdvhjIpxz2QGYnJmHwzw5IAmKkHIUH1p4anlgzzv//NT03TkBP/axj8UP//APp5BN/HAk4tOegNnx+K3SPipXnqDdO/xK6e9sBEr/+c6Wf+G+IFAQKAgUBAoCBYFvPwJl/vXtx7y0WBAoCHwjCPDr8P/w2eS3Rfmf+KhuvvnmmJ5aHyecsC2uu+6mFOB18sknJH/Y6urIucdXtGXL+uh0VmPLli3RaNSTD0id7vE72evvj/7oj+If//HjaRu/gwcPxY//+I+nQLd//dd/jb/6q/fF3r2jfQRf/epXx4033pocgmhrNlpj8eVrborHPPq74rjj18V1B4ZxaKGKVjdi4+ZatMebccOtndg+1opmFbHQbcd0P2LpwFxs27oxqtpY7N03jE2b2zHZXBez29bHupmpmJqeiNWlXooYrIZVVLVG+qDHWGssajEVrda66HfHYtDoJnCqaEfTp4C9OtuoxbDmCym1uG3n7UIOozcEYqTXjttjzVCPMrXa6AMbnG/2/eNFFXXn/WlONx/R4DjLUXOYBpp3ol076eSTvxE53m0e7fqTHNUpJFP92uF5JXzt5qhA+dDHSyu5d3dJOGdu46vrwa86SyoIFAQKAgWBgkBBoCBQECgIFAQKAgWBgkBBoCBQELj/EPCGpld9+XA47fhs/OYfEtz15SuuTnvxcQq6dsklz0/BawLE5BufGIv/8T/+R/Ihjcq2k79IvZyIAsyk5z//+fHUpz4zPvzhD6bAsj/7sz+Ll7/85fHWt741VldH+wX+6I/+aDzhCU9Ivie+KR8Kac4vV3HbroNxxrmnxp6lKv7fX/mdmFq3PR5z4cPjiU86LX7ljX8dBw/ui6c86pHRGtbi3R/4aOzedVOcvLUef/bHvxGzs+tjbGy0Zx2i9u0/GFu3bonBoBerneWYGJ+K4bAWg2FEbxDRENrYq0e7613oKmox8mLaALAfo88b9/rtWF6qYnkx4rjtJ0ajVo9640AKi1xcXomZxkTykvb7w2iPjb7oyxEGjDvvvDMB6ffOnaP3qQGfnWjO0QlMf/c2cd5lB556CU7UIced3zZjzG3y2BKyd7dF8BFCLpvpcE3Kxx07diSFUFZSLu8B+NVlU4byryBQECgIFAQKAgWBgkBBoCBQECgIFAQKAgWBgkBB4NuKQI78E/3
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbf0405-e380-406f-b611-4b32950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T08:04:21.000Z",
"modified": "2018-10-11T08:04:21.000Z",
"first_observed": "2018-10-11T08:04:21Z",
"last_observed": "2018-10-11T08:04:21Z",
"number_observed": 1,
"object_refs": [
"file--5bbf0405-e380-406f-b611-4b32950d210f",
"artifact--5bbf0405-e380-406f-b611-4b32950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bbf0405-e380-406f-b611-4b32950d210f",
"name": "181009-muddywater-8.png",
"content_ref": "artifact--5bbf0405-e380-406f-b611-4b32950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bbf0405-e380-406f-b611-4b32950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAACBwAAAJoCAYAAADP4mAvAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAP+lSURBVHhe7J0FYBRHF8f/URI0uCUhQdpCBVqKBShQl6+4VYEKVbwCdS+FFoLUqEFbSnGoQJ0gAUKQ4BIgLmgSIC73zZudvdu77GkuRJhfeOz4zszK7c6+N+Nx+lyGARKJRCKRSCQSiUQikUiqNY0bBAiXezlzLlO4JBKJRCKRSCQSiUQikVRXGjfUH1fwOH1WKhxIJBKJRCKRSCQSiURS3bE2MFBWtAoHUbFnsSP2PPbGZSItIwf5BUUwGAwoKTYAJSUwkDA335ao2xJEfjpYlCCRSCQSiUQikUgkEomkMiIVDiQSiUQikUgkEolEIrmCKS+Fg9PnMvh28+HT2HDwHAaHheLG0IYIqOUDDw8PHmeLdsO+RuQXQ4QP8GR5vLy8UFxcjBKD/pDFtp2eiiNP2dA2k9x5mcqW0IYJ/7TXgsnlNNkXL3Kh1vj4+MLbxwd+tWqxrbeSoJLiSF9KJBKJRCKRSCQSiUTiCE0a1hcuc8wUDnbGnsau2LM4GJeB05nmlgiq1YHJzcJF2N/zR4gSJBKJRCKRSCQSiUQikVRGyk3h4GwGoo6fw597T+PtBzujtn8NXCoALuYBuYVAcTFQQhMc0JYyiFEITw+gUzDQdvACbF0wTAlk+Ph449133sYbb7yJgsIiEWrOtkhPBATUQ0wMMGGCCNQhKx8YPXojAhSVA3w07xa+dYa0pCRcvHCBu+nDPX3A9/L2go+3D5oHB7P6+vC48iY5Lo6Pw5AUFRVxKSgowA2dO4sUpXGkLyUSiUQikUgkEolE4j4+/fRbHDh4VPjMue7aqzF27COX7T3S3TRpZFXh4Dx/1d96OB2bD57B/WFt0DG0EerV8nXIEqHj8M/xz+cjhY8VqNGeJ2UFPbbt4kMMKMlX4g15QFaegW2z+JYoyacwisvERfIz92vT2vI4Z7lkxRKBXrwrM470pUQikUgkEolEIpFIJI7Q2IolQlk5ffY85q8/hr6dgtGzfQskZ7FA9g5LigZFxR7IL2TvtyDjBQ/mJ30DA7w8PeDpaUCnEA9cM2QBNn85VCmM4cve1b/++ms8+eRY5BcUiFBztkV6KQoH27Mw4eV6ItQcUjZAXhYGjo5BZvxChFwzEF/O661E2mDPjmhc1aE9atWujdjDR5B96RKKS4px8SKNToB/8K9dqzYaNmrI/W2uvppv3Unm+QxkZWaiafPm8PP342GJJ07yfRcWFiI7Jxv1AgIQ2tb2OIkjfSmRSCQSiUQikUgkEvdA72vjJ7yOxd/PEyHmPPToOMye9Tb8/GqIEPez+KdV2LJlh/ABvXp1xUMPDrYa7gxNGjUQLnM86Tt2dOwZrmzwyoNd0b19S5R4+iIpw4Bjp0pwOLUEB1NKsD+xGHtJEhQhP1FSXELjCEahD+SkPe/NttpwrZCiQV3/uohLrIOB9zfCoGGNMPqRxhjzZFtMHNeOy+QX2mHKi22xLyET5+LjkZEer1uWPUlNTEJyQiIy2Mv6mTNncerUKZxKT0NKQgIKCgp185SHJJ6MQ/zxEzh5LBbHDh3GoX37EbNzl25aVRzpSylSpEiRIkWKFClSpEiR4j6ZP/8bPP3MS7pCcZfzPdLdUp7sjcvEjaGN+MwGN84/jBu/isVXB86ieUAJHlx9HH2+2IefdidgbUw87nh7A257aT1uG/cb689iNKyjfFDXUqdOHa6YYA112YTMPGXmAktUZQNKRwsqDLz7Lb60gj1I4Z+UC9KSkpGckID8/Dw+YJSTk8PjSQmhVq1auHDxAh9n8PQUSzu4kbzcXFzMymLln8OeXdEiFHw2g7y8PFanfOTmsDQXLuLCBdLusI29vpRUQ3bMxuCB/TF40kqkGv0TsTqFx9rHLH8KVk9ibvIzmWsanzSl0+5LpdQ+d2CumtbputgrRxtmGaet/2yWUoPNslWxqGtZ26XtMybG/kxZiSmacPNjp5PeFUrV3Q666e201+4+KL+9OthKY+98tJLPLM7acbYWzksQZYhwy/NdDzV9qetIex5aC7fTzw5hpz16aNvIxNS/Nq4jwlbfm2Hr2DJ0+9iFvjDrex2/NfTaoa0TE4euQZfboaaxjDc/7+22oyLg9zC13jaOs7V0ZuGuIPouXP8Apa6aaKPfbWGjLSrG461zbTiNE+0oc5+5AQevrR3hlteOTr9SWVba7TgOHC+J5DLgyMwF5W0QT0oFpPCgCvcLZQPLcHfB3owN2BNLMxu0Ri1/P6RllSArpwQFhbSUAmlisG0RLaXAXrwLgCLmN5BFQonyukpTIFIZqpDVQosWLcTsCKZwc1GgGQ2scSGflZ93gc94sO/wr3yWg9LllJbdO3Yg+xKlNiD28GGkp6fjEvOnpaXi9OlTSElJxtmz51BUVIjEkydK5XeHZJ4/j4STJ/kggRqmTnvILRGyL3ELhY6dbzLLZymO9aUUKVKkSJEiRYoUKVKkSHGHFBYW8GkPF38/X1cojj5I6+V1lyz+aQWeefYlo5DfVrhzUj6QMkPa+VwE1PLBpTzgwU4NAC9PJGcb4OPlgTwaQ/D0QOzZfNzWIUB5x2Xy0gNXwZOF5+ZZKHHwMumdmL0Va8M1AqPCgbLVYqZsQDoGtBXKBnplacXT0wveXt7IZe/zly5cRHFRMVcuoI/9Ia3b4OZu3XHDjfQuD66YUGxhhOEOuZCZxccTLl26hAsXLhjDaQkFmmWBlB8K2LlKYxzJiUlmeUsJb7PtvpRS3WQH5nywAX2m/YKVs7pjO32k2gr0ceD8V0SbfwiaR22HYQpzr2YyrR8iPpiNHZQueSWmfJCAh+eLOEprLCMFq7YmIFSzzx3h7yHhkc9FOa3ww8crkWJMb00cLacrxpFfFVZPhPZG1xb0PWYmfmj1Gg+f90gCpofvUMrV7Rfr5ThXH1O8paS0GG5WvrE/mQD9MFWNE/1pK73jYq291sR6em175z0Ci/aW7h9dcaQO1tLono/22mdZL2vH2cbxt3m+64n5dWTQPQ+tnZ+uXi+WYu98Li3Wzjdr9VTEweOuirV0VvrY9jmnJxb3sFJ+vTzWzyGnr8GytoPfB8IxUD1OVN7AZ5A4UpRHMgXYHqXJUyHC+nXgRKxKFv4WQ/Cxtt7WjrO1dGbhFmU7KmiN0ISfdPLtwPLvT7I9WYY7KPbydZnEjstr/NyhxLppnBFH22HZl5dddK41K8etSw927WzV3DeSk5CAk9iyPcUYlpLE7iNBLU1pXBW1f6RIuYxCRgnzP/2OvadPNQpBMxlYCkvO0SvHndKrZ1fj/kh+FMoFtFXDKJ7S6eW3JdbgqvgH4jLQMbQxsgsMGPbpfjzw9WH8vP80mgUY8MLqo3j0yz1YvTsO62PiMOLdfzBo2m/438S13BKhgQuWCLRUAt/m6iscaJUNLhmy0P/e12wqJ6jQwE8Je+FPtWOJcPHiBZyvQEuEHGmJIJFIqhgehj2YMXQC/kqmAXb3wMscMhCDBo03K9fDkIYlU4YqGrJMRkxeijO2fskqgOKUXzF+sFJvW31jLZ023BXUvhsdHilCzIlbPa1UvzqCI8c5P/pzflwGDZ6Jg2U8Ls60o6x95g7Utts7JzfPeQDf7CgUPv1+pbKstdtRHDleEolEInGOymOJYFJyUCwRVuqGVx4MyCso4ooEOewnsGvz2kCJAWmZ+SAjhXM07QH77dx24iJ6tKuDLm0acP//ujdj8Z7IzqGp/um3VRFSuaeylKUFrYg6W4HFrAWWygakaKCIEq9bloXQOAK9u9MH/po1a6J23Tro1LkzWoWG8HgyIPD29uZGBcq4gn45//33TynRS2cp+bl5fHyDxhCaN29hDCd/o6ZNUKdeXT4jIvXP+XPnzPJairW+bNakoVXRppNSFYWWMQ1FUEtyt8CgWWuxckIPTbw90eZn0nUwBhndPdAH8UhOMSB6xSLgkRdMcVrZsQyRQb0QbAyjcbpQ9OwmzueWQWw
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbf042c-4c84-4d1d-ae23-4a5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T08:05:00.000Z",
"modified": "2018-10-11T08:05:00.000Z",
"first_observed": "2018-10-11T08:05:00Z",
"last_observed": "2018-10-11T08:05:00Z",
"number_observed": 1,
"object_refs": [
"file--5bbf042c-4c84-4d1d-ae23-4a5c950d210f",
"artifact--5bbf042c-4c84-4d1d-ae23-4a5c950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bbf042c-4c84-4d1d-ae23-4a5c950d210f",
"name": "181009-muddywater-10.png",
"content_ref": "artifact--5bbf042c-4c84-4d1d-ae23-4a5c950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bbf042c-4c84-4d1d-ae23-4a5c950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABAAAAAMACAYAAAC6uhUNAAAgAElEQVR4Aex9CXxU1b3/985MdgIDKGsmJCiuraIgJAGVtLXVvlZRWW1pkfd/ta8tgqBV++pS7WvdQJTa9T1caAUDKmrf62I1WMkiao321bpBQiassgxbMklm5v4/v9+55869M/dOZkIStnNhcs89y+/8ft9z7r3n9zu/c662a88+HepQCCgEFAIKAYWAQkAh0EsI9O+Xj/fPXIrOplAv1XDiks0q8eOcDxfhwKHWE1dIJZlCQCGgEFAI9BkCPij1v8/AVhUpBBQCCgGFgELgpEXAowYc3Wp7r1FKwdct+FQhhYBCQCGgELAj4LFfqiuFgEJAIaAQUAgoBBQCPY+ApqkhR3dQ1aB1p5gqoxBQCCgEFAIKAUcEfNbYNz7ejY0f78W7jSFs39eK9o4IdF1HLKoDsRh0+kV1cY7Jcww1j11jJaPCCgGFgEJAIaAQUAgoBOwI+JQiawckzSuFW5pAqWwKAYWAQkAhkA4CPt1YA/D6P3eh+h97cE1FKW66eiz8BVnQtK5f1mOm/xckDarQo2nwer2IRqOI6c7+anVvGbMAYYPFMBCicDgkzhRtjTOub/9hsVEgs9PhgwdBP5ImKysbvqws5BYUwJdls39kRrQPcqeDZR+woapQCCgEFAIKAYXAkSGgA3p7FEN/dPGR0TkJS+99/D3QUM061joJYVAiKwQUAgoBhUAPIcB7ALzxyR5W/n903Tj0y8vBoQ5gyz6grROIRoEYOQDQmSo1dHqPBowtBvRozIyjZK/Pi3vv+RHuvPMudHRGnNkMA37/ADR8ACxYYM0ywHqB/e3A3LlN8MPYNEjP3ACwPRjEwQMHmC4ZJcg4QTxm+bIwvLgYWVlZtjp766KlsRGxWIx/kUgE9Ovo6MB548a5VpkWlq6lVYJCQCGgEFAIKASOMQSc5wWOMSaPUXYUdsdowyi2FAIKgRMRgcceW4H/+8eHjqJ95twz8a1vzekzPdKRiSOI9JH2/ubHu3FNRQkr/y37ScnXWfHXoxo6OwGN7M4xTcRBh9ejQfeQLVqDl50E4m8lyjtixAjDeyAe78hjmCqzK/0yHyn/CO9nj4CmpnUoOWtq3PogMzmc39n4Js4452wU9OuHj//5AQ4fOoRoLIqDBw9yblLC+xX0w+BTBqN58yacduaZDlSOLCq0dx/2h0IYOnw4cvNyzXqp7s7OThxuPYwBfj/O+uxnUsqUEZZHxrIqrRBQCCgEFAIKgV5DgGevyfkvDc/CXmPieCXs5VFYyvHC8Sqa4lshoBBQCByLCJC+Rsr/755a7sje174xn73ds3rRm/x3Tz+HDRs2mvVPnjwBX7vuGrjFmxnTCLAPPK35v+nqC3nm/4Kf/RPI9uKGCQPxg/LBqPj1ZmzbeRjfGu9Hjq5j+QubobW1w9MewfZnv4zBhULBtdZVWFiY0lWN3P39ILd/mtlPNgBYlf8QQph6+d1o+GC9tQrHMM3wk7K/PdiC3Pw8tLeHWeEOt4u1BmQUiEWjOHDwADweDxsBHAkdQWS4rQ0H9+/Hvr17sG1bC8onC3dHmu2XM/9trW3weLw4cGA/+vdPlt9afVdYWvP2SLjmflzzYBAzl/8MMwNEsRnPzP8englSeBJuXncrKmRFnLcGCMzGI8tnI5B4LfPZzjV4aOoqBEz6tkTARmMSat3qpmJJvBq03OITqnK/JB7vRy1nKI5jEVyFBfNXgaGgNCk3hR3rtGIHVNzyIm6eZKk1qUwX+S1FRdCFT1ubOdSbRMdar7WN3ein2YZUjxWjpHopwlq3hVfGpsYsEcfOjSe3NnDJ70rfrNIIdCGrzC7psbzWfmuRSea1na38yQRLn6OopH4i4yz3niyaeHYqC2udCXUllqdr137vRMcaJ4kZdaCr+yeVPCnoBqx9yNp/Zf2JZystB/mTMOsiv0me8slnm1MZa5wslAY2MqvtbJW5qz5mK+hwYeXbIVlFKQQUAgoBhYBC4CRDIB0P8d5U/gluUv6tBggyOrjFk2Egk8NHy/S3723jNf/N+4Drxg7C0x8eRMthHVleDeEooHs0fLy7HQsuHoKfvaixBf/7s8+Ax6OhLdxJDgPmQUHaOJB2rbXGmxkoYKz953X/tgSw27+c+Q+RfYD3AhBLAFzpGTRIqfZ5fWhra2NlOxoRyj4lnzbmDIwqLQUp6DV/fY0NBdFozJ3HBL7SvTwQ2s91HDp0iGf6Jc+k/JMXAmHT0dmBw7t2wpedhbPPdTcApIVluoylla8ZVTVBsN5P6w11IPjMA3gmcCuefXQSgs98DwsfqMGzt5AWW4MlD9awUruYLAJ6DR6yXdtWhiTXbtC3J9hpBld/z6VuKpXMq6DlFm+vKdVV7YP3IzjrZ3h2ZrEh8yqUPzobAe7nk7D4eYsRRG/GMzcSn5OEYcQqV20NcMuLeJYArb0f1z54P2oqZFkHPlPmT+bYlc8M6bi1sSt9yYpVVhkXXIWFZEB69EXM4I4kJq0sjwiZU5xdeA0EZuPZ52818sSxg2PbTEKdSxtYZeA2eEC0JRkmnOibxi07l9yZ5b2cmJR0L9SsStHuiaWpP72IxTKa+snqYpQXifvPuZ/b7xOxNlgSkOdmVGWIiWwuScE8O/Z7oMaxLWa7y2MYEe33D0GbjjzuODWvdntGmRLYAm59QsiffF9a84tnoPE8sFG1XOhAzQPxZ4i137m2tSs2FrrWoMt949p/rWXdwk73s1ve7sTrNHTwpLW3UHfIn8hl+CsAvd0+JzKASjaFgEJAIdAFAjTj/+vf/Bb/SHD5l0q3tfhvDa8AGhe6jw2tJboXnjxpAqh+WR+dv25cy3E1XVO+TPnw0PAr3BHhl3JrJzBheD9e9L891A5a57+HNgTQddRtOojyMYW46LRBfP2VsmHwaB4cbu0w3NKIFVL86SVPyr+45pEzbxxgueaZf1LujbX9Bi62mf+Q8BAgL4G4ocBCI5GmcU0N2N7ezgaA/Px89OtfiLHjxmFUaQnzRy75Pp+P1+KTF4Ajf9Dx6qt/Sfq55bXGt7eF2SUkHA5j+PARJn26PmXoEBQO6M/7EBA+e/fsMdOtNGTYDcthQwbD7SfLdutcuwq1xZOEAYDx3IK6mmZUTGINH4GKSQjUbkCtiX0xAqwVy3ZJvJbxiWdq8MQ4eS1pdFF3Eq9Gebd41/pkvfK8AXW1kzCD3R90BGbOQkWwBnVBSpeHzEvnAGY8+oJhFKF0S1rFLMyQ+FSQgSCIFqajA058pspvpcvhFHxmRMcN5xT0uf4EWQ3+alevAmbdEpc7iW8LPpTmwmsgQOqYkZexo/rceHJrgy1oCRajosKgFSg2+7Yz/QTeZP3c7G5pMl72W3eZTHlMurJs/FxbU4PApAoEZB6nfsJplvpkXts5c0zc+WMA4u3B9bi1RVwWomeXx4mOzN+VPDKfOMfpuvVfe/64bO59gvMk4Z2enHH6JGMXdRjtFJeBeJWHG98J8S73TZyPhPy2vuGURvU7xfdcHFGiNYOax/6LxSLobBuAQXdcgWLrb+oARDvboVVUcPywCg2U11pelNXQ71tXoHjqgKR0a95Mw658MY8VKCw8kHF9TPP0z7A8g05Pvzzhxvj1chv1dh9Q9HvuflJYKixVH+jZPkCT2qT8k5Lt9KNX2PJHf8wva/E87v335nXXXY3Jky5ipZ8rBkxjAF0L5f8iUL5M+wN7AOi0yx/ERn9jhxYA7RHsPdCBt7a2ApEotEgUXj2Glr3teJ92B9SBMUX9QPpzZ4fdA4B3DDCQcbNGSIVenqluJ+Xf+iUAMha40WPmjT+0BIDc7ckIQYp+fk4ecnPyksp6PV54vN6keElr4oQyvPFGvbzExIkTXfOamQB0RjrYuEBxI4oCZhkyAJxXOhq7P/2U9weg9MOHD5npVhrxcNyLwir7Rx9timdJCFnzJSR1cdmMqtXAjEcCqF0tLFq6HkRzsBgBORtZFEARahBsrsFDCx5AHVG88SrUzpyNomdWWa6X4+GZtGFjM6oWzEeV4TNffvMLIG8BvmW
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbf06ae-f9c4-4fb9-b068-4ed3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T08:15:42.000Z",
"modified": "2018-10-11T08:15:42.000Z",
"first_observed": "2018-10-11T08:15:42Z",
"last_observed": "2018-10-11T08:15:42Z",
"number_observed": 1,
"object_refs": [
"file--5bbf06ae-f9c4-4fb9-b068-4ed3950d210f",
"artifact--5bbf06ae-f9c4-4fb9-b068-4ed3950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bbf06ae-f9c4-4fb9-b068-4ed3950d210f",
"name": "181009-muddywater-11.png",
"content_ref": "artifact--5bbf06ae-f9c4-4fb9-b068-4ed3950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bbf06ae-f9c4-4fb9-b068-4ed3950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAB0QAAALICAYAAADvxUO7AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAP+lSURBVHhe7L0FYFzXlT7+DZM0YmaWLTIzJ4bEDmPDVNjCtt3tdru//0IXy7CFTdOkDaMTM7MtWzJIMkmWxcwsDeP/nPtmbNmRE6dNut3d99lX8+bOffeeSwcuKnw+n1+hUECGDBkyZMiQIUOGDBkyZMiQIUOGDBkyZMiQIUOGDBky/rdBGfiUIUOGDBkyZMiQIUOGDBkyZMiQIUOGDBkyZMiQIUOGjP91kCdEZciQIUOGDBkyZMiQIUOGDBkyZMiQIUOGDBkyZMiQ8b8W8oSoDBkyZMiQIUOGDBkyZMiQIUOGDBkyZMiQIUOGDBky/tfiQ3eIDg6NwqE2we9SwgQVxo0A/YfS5sGEifz8fsChhFurgN/nh887Dr3WBTi9UHvM9IYOPjgArQVehQNenwHwcwx2qJQuKFX0m2IMXq8GCk8iFIigcBPwqUbpdxPFEw2jF/BQGLtuAn6NCiq3ATq7gtJ2QK0ZpphssGhCYVdGQ+NVQ+f3gaj6SBC1FNZJaSrhUoYS/Ur4NBNQK8bhszkQooqBwhUOr1sFhQYUxg6f2k159AViAFQqFfyUf4/HA6VSKZzX6xWfN38PK4eT72yVIUPGR8CvCjwEoPARjyFv4j+SY77kh5I8VUo1xuEhfqVEmJf4pd0Nn16DCYUHBoUaKosTWr0ONuJrWrdX8CwXvce8VQE14PZDq1RASbzOp/SBWCC8Si/xSz9U/iC/IqbspwgYRAt8uqvPfiU8Ki+F8kFNX1USacRflbD53RSXAlqNFh6HExrilT5Km2PksHB5oDcYYHM74VUpKCy9r1CKODTkfJSsgr5D4ZV4PNEluD3F4XZ7uASgVmspT0Srgr5R2Wi0WtidTijVlD8K5yM/XvkjchIQFF6KW/xO8bmdCnpHA5/PQd+pONw+aFRULkoPXE4PtGq9eHcyOB4vlZdSq4aT0lKp1fAQsTqtDk6SJxqdVsgFn9IPp8su6klJ9USZF/lzO10ky1TkxzEHiPoIKKgelFTOfkrYJzLhF+XtpTyA6FVSHSqoHD1OH/RqBRx+C8kuHdW7Dy63lYovBmqdlfLmpBqPJRlH8pnkmAIkn6mdkMQNxMlxU1vj9BRS+3A5qB1x3BSeWsgnkHUyZMiQ8b8JxB9Z5gk+SXxQyEdJ/2e5yrLqqoz2k2xSkVwhiUXPOp0ODgfJBo1GfP8wON7JkOL1eCQbg0U+x68g/u/1eYQ9wmC+zHEGbZHrERVpDjx9dhgYHg08yZAhQ4YMGTJkyJAhQ4YMGR+GIjB3Zh8bg5tsY/oS+OWzh95kgjY0FFGhpoAPm/bXTYj2DQ7CrwmFSqGFfcKKMfYkg1wHP+xqesHlhpbHBDQGqMgINxi98DgHEaYzwW1VwUDvujw2KLQ2eOAmE98EvTYcXhe94/dDoXKTs0ABMuCdnI4CSr0fVnc3lCo1/K5oSs8JKO1Q8pg7keayeWDWm+GjtHng1qfyw6NSUuwqMXCuEpMDHw+d3w0lvWPzG0GxixF5rcYDLbzwWj1EkR5eHyVI8au0PODupFxLAxdicNsnDQbz4IPNZoNWqxV+wd9vDlzWf7pKlyFDxv9ATJ4QDUyASYOsEr/hQVEBHlglL59JD4fPjVCvCmqHBw6lH26DGkqXF+HEyx0uJyzE70x+EkD0z6vVwMmzjX4F1F7iacyHKSIvxeshVuZVeYm3Eh9kfsj8Skx8Mk38ndIMTo4K/sgTmTwh6r86IUpw88Ctlvm0Dx63B3qVVvBqJ08kEr9Ue/zkp4aVeanRABdP+mrVJBhdxJOJTpI7Wi3xZC+loSBaGTwxyvTxohS1hspBBaeTB4S1VEw++LwkHyh+Awk7l9slUcfyjWUPP7MHwcszouxBtKlUeuL1bqjV/CPzeA08HpI1CpIwSi38VAZT8XdOhydbeTIUSs69Hy6i3RwaQuXtEhO2POnJ9caD1y7yY1p8HqJPT/mlOtGQHAvKmI8C15mCMh6cDGWnoPJyEA1aJclhlQ4TFD/VPoXzUFWRnOV8+EjSUbUpfGaSuySXKc9el4FyaRN06bQmeEkukq8UZyBuUV6UbypO6EjWO5wk96nNsNgMtkEZMmTI+L+Fq/w3IEAIkm2gIlnGi2MMBpYnkrzy+70kV0g+EKQJU0mW3OyEKKfB7+l0Glgm7BS3kcwxF8Uhpc3psj3CE61sj0yFP8mE6JA0IcpUqVSkU1AemUaWN9dDeAV+4A83yUO7k8tGeMmQIUOGDBkyZMiQIUOGjP9tCNjC3efOov7l30MxOCA2qXzm4OFNspuV2bko/uIXkTEtL/ADkUQG9TUTogNjY7A7VKg6V42B0SFY7G4yWB0UA326AaNODY/TDovFS4avAc899zBUGIVOTcavU0u/UVxK+k3ngZMM3fFxyrQiHPYJJ3weL3w8WKu0w+tRQeXXQUVGs8bkR3QS/+aE3xsOt9JK8amhdKopjBpuHujWqmH364keQKvkyU3AoHGT4e2gzPHulo+H0uekHKvgVhE9Cg0cLsoWvRrGE8Reikvhg8dvh1/lhdrL86JXBy64jHhQm1d5j1EZ8Sf78QDI5InRjweXtWz5y5Ah4yNwzYSoxFuCE6LMriWezbzJT3xNCZdGBSc8MLmJn7qJXxq0GFd4oCU+FupVEl/zwaFViN3+Pq8XToUSXuZpxA950lPp412UgQlRlV9McLK/NLkZ5FeTeRfRFxjT5Q/eWXrNhCgFI1KIl9OzmtJyEy2UJkVNdFJYFT0TnWLik+jgvZ4upZ/i4T2JlAeKg3es+qkceEepNGFHafHEK9HIbNlLNHu8fmhUeiFYvcTD9TqSQWInI+UhsGNmsnwLTogG/b1ejxi8Vqs15CcNWvMANr/Ck6I84cq8ncNfD64PTktLssDpdgmZwBOrokDoffbn3/kLl7mLfgsxcQ0ALl5YpFGT/HGL4B8PzgPTwKEl5+d2QWXKk9pcjw6HGwa9ieQ1lbDSJdqKiujmCVe/j+qZypzp4RI2GHSULz+9wztpKW5RMFIdsvN5Kc8Up1rJNaSicuHJXyZBNAgZMmTI+D+IIP9lBOUKcUySBSEhIUIu8XcnGRehoQbi+R6ygcSyUiEfGCwjgqfNXItreSvvBmXZxO+xnPKRPOYTCHh3KH9nfh60OybbKdcjOios8PTZgSdE+RQETn7Y4kTPiAOjVl4UFDjZgf8QjfzvynPgh4wEM7ISw0iWf7xs4fgDG2OvQGSZ0xZf+I/kxz786fGQbuHiBUTSbzcLsXqZPiUymV7xJEOGDBkyZMiQIUOGDBkyPiHUZNcONzWh8kc/QK5SgRk8MSnGSz9jsCFIptyx6hoMRcfgnl//KvAD/XT9hGjb0DhOl51DSFQEps3IhU6jg8VNRqgeMHgBpwsIMQETgxa8+Jv38JWvPgG9zoHG2rOICU9AdHg8GewUUO2H1e5Hfd04RoYUSE1Rw2hQwe11wcMTn5Tvy9UW7N5ZgZnzYvH0l1aSkW+h8jDAZ7LC5fAizJcIt00BXYQKXXY3Kpv60NnjhdatRbyeCjDThMQE3v7iCBjXHwU/lCo3/Ao9Rh2haO11oK1rFHabFXHRIUhPiUZMrJoyyoPJduhcPkpHGgTn8uEBjPHxcXR1dSEvL08Yx8EBd/6Nn28OXNaf0DKXIUPG/zHwqB8ztSBjuzogp+TJK+JJPj/xHHo0qo2wEEPl42YNXuItNieUZiNGPA4YVRpoLC7oDAa4dEr47VaxK9+n1sCv0cDtojg8Poj9nn4f8Uc/3CofxeWDiiJUiTSZXzGf9QXICdDmZ3+Kk/x95PgbT4gqmTx65qNynTyRqVRBz5OMbmL6Xj+cxGZ5glbPu1XdPpjNoRi1TkCpD0wsEm1qPgKXHLFheFQ8tBngr7xDlPLNu3F89LuHaDebIzAxPgGtTiN2XTJP1uv1V3Zk8mogQfYk8HHvSpUSWj7i1mkXE6Iul3QUOnF2ccS
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbf07f7-701c-45d8-b786-4fd1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T08:21:11.000Z",
"modified": "2018-10-11T08:21:11.000Z",
"first_observed": "2018-10-11T08:21:11Z",
"last_observed": "2018-10-11T08:21:11Z",
"number_observed": 1,
"object_refs": [
"file--5bbf07f7-701c-45d8-b786-4fd1950d210f",
"artifact--5bbf07f7-701c-45d8-b786-4fd1950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bbf07f7-701c-45d8-b786-4fd1950d210f",
"name": "181009-muddywater-13.png",
"content_ref": "artifact--5bbf07f7-701c-45d8-b786-4fd1950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bbf07f7-701c-45d8-b786-4fd1950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABsYAAAI8CAYAAABCuB5IAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAP+lSURBVHhe7L0FgGXVle/9u1a33N3dq92dFqCBhgaCEw+RSQgEi02SSYa8TGReXHC3pt3dXcqry93d7Vp9a59bBd3QJCThzXvfzF1wuu4995wta6291vrvvc4+ugkhXOQiF7nIRS5ykYtc5CIXuchFLnKRi1zkIhe5yEUucpGLXOSi/+akn/zrIhe5yEUucpGLXOQiF7nIRS5ykYtc5CIXuchFLnKRi1zkIhf9tybXwpiLXOQiF7nIRS5ykYtc5CIXuchFLnKRi1zkIhe5yEUucpGL/keQa2HMRS5ykYtc5CIXuchFLnKRi1zkIhe5yEUucpGLXOQiF7nIRf8jyLUw5iIXuchFLnKRi1zkIhe5yEUucpGLXOQiF7nIRS5ykYtc5KL/EeRaGHORi1zkIhe5yEUucpGLXOQiF7nIRS5ykYtc5CIXuchFLnLR/whyLYy5yEUucpGLXOQiF7nIRS5ykYtc5CIXuchFLnKRi1zkIhe56H8E6SaEJj9/JHV2901+AqNBh0GvR6/TIf+/T1d+nvyifrfbJxiz2LTvLnKRi1zkIhe5yEUucpGLXOQiF/3fopAg/8lPH48UFla41iD/OAQ6O/4KetbrdRpOttkdk2euTao8dVxJV393Ym2F1BWe/rikmyzkY0B8F7nIRS5ykYtc5CIXuej/EknMbDRSf/I4za++TJiEsHr9J/v8lorbuy02/O64k0UP3Dd59mr62AtjKsiWOJ/+YQud/aMMjlix2uxasC6ht/Ov/OP8Kv86/ycs0JPESH+tMR+HjIbJD1cAA1X3lUDB+Vmd02lB//j4Xwce1yJnmXK/+jLZNheAcJGLXOQiF7nIRS5ykYtc5KL/vvT3Lox19fRhECCcW9NDccMAbb2jjKrET4fCwIIfHQ4m7A75M0GX/LZsegSfX5sueNmCm5ubnHdgs9sUep0sUS12yaFW2OR/q0UrQg4ntp6Y0GE0Ci426dFJve7ucsPfgKkK1ypSdalPusmJhU8S32r4WU0IXNETu+rIFaRmA4wGozaxYbFY3muXi1zkIhe5yEUucpGL/vuRijVNbiaJeU3yTeI++a7iP7UOND42LvGu/YrI8X1Ssapdrrnw3W+zyN2NwNgYFRxP/voJkdQxNjjIjouXuGvXrsmTV9PHWhhTYMAoQXBtxyCnStoZGrUxMGxlzGLVgu8JBQqk7RPyj/OzExi0dg5jMkzwwr+uxWKza+fMZrOUqBazrg6U1UcVVw8MaWhA/Y91fELO6bSA22azObPz5JCicJdiVBiunl6LiTarvmr3fBxSgboqz26zOgN8nR69waCd/yTBw4dJKYcT4Ch6TzHkj0P6eK2qVXsUoFLtHB8f1/66yEUucpGLXOQiF7nIRS5y0f95coJbheEMgpeuJIVKNNArGMW5QPL/D5zy9y6Mdff2c7aik6qOUZbnRBLq5y3Y1vmbwm9O/KjDKLj3UkkzJ/Jq+dlXFzE8Zqejo01wqzs+vn7axIAikxEqa3Q0NZnwMOkICYCxcQfjY6NY5RKHVUdl3SDlpe2kp3vxmS/EYrEqsK3d7iT5rOSh1S1stwou7+/pkTLGtPMKP3r5+eFmdpts3z9GWuau3K4WvCyC363aYpfgcZUgK5jfN0DxUsndWYe6fmhwkNHRUcLCwrUFQRddTdr8wyTPlGw+KB3t1yswvzbHMvnZSep3dd45NtWP75fifGLx/bLfv/badGVZevmmPjvr09oph1bOX7lf1eesX66Xf9XnK8tTNHXuves/1CdF75c1Vd8H2/SPkpNPquSp79foq3bm6nPO79eu+cr+yVWaLZwq5+o+XF23Iuc59f9fL/v9fkupzhPv3XF1XVPfnWV+iH9XnPs4dHWbryWXK+tW5+SbdstH1/F+n7S71JkPlPtRZVxLZ96/9uq2fpg++ndVhurFlW36IF15zYd18P2yne15v54P36d9l0OrS44r9UerXTun7vkwr+WLVsaH6f16FDnvm6xLfb9Gm6fIWa7znr+PPiyP9/viHAf/NaT6Ln+cHf5QX7T+Cb338+Rf9eH9q/4avV/+lde/X+7fKuXa9zvpWjr9ceij2qQSYeScnFS//+22/aOk6tcacM06nDo11TZnW53XXfn549I/co+L/m+Rijs7O7spK6vS1lrUmofDPoGvrxeZGal4eHiIbfjwgpdaGFM7LBR879tcHx6K3t1D06FrksIgmv4JqWwyRSpGnSKp95qkypNYeNvRY9y2a/fkyavpYy2Mdff00dg1xJHCViJD/Fg2LYZQfw+tTWqxaqoE7Y/6Ln/M0uaKum7+9Y8HefZfb9Q6azAYaW5u1pgWHi6B8hUNV/2R+JncIgm6LYIWBBTEROi0DLpxCcAV4LI6ZHDI+aFxHRcvNNDTP0KQn5HHH88QsGbQFt4+SKptRqP8Jh9U8K6C9ZHhYfr7+rEI+FBGxGQyYRTw4O3ri7u7WStnit//LGlOQvFJCU4+2FRfxsa135TJcAhfLNJJ/4AArR0fFIfRaKS9rU3jVVR09FU8c5GLXOQiF7nIRS5ykYtc5KL/U6QmOtQiSFVVDU1NrRqemYJJdsE3QYH+pKUl4+Pj7cQ7nxApSGQw6HE3m9HLX0Vq8W1McJTCR87EQed1Vqt1MulSu+xvUkhQwOSnj0dlda3syG3nnuVpgj096BuGoTFnUqfC+eMCzxSWFfxPY0Mz+06V8cMvzhc4a2L//n1EhIWTmZXN2LjcJKSeBquq0FNb7UNgwARrbpQTH6BX363j5z95l9vW5fCd7y2W/lnfw9yK9HoD3Z2deHh6aBi7sa6O/v4+xgRQq+u8vb0JCAokPCpKeGWWc3+fbJTclTwHBwa1RVFPby+629rp7urS+K0mOELDwggJj5CyVcOcjVPXlpeVia40ccONNzIsuNtFV5JOZKfDLphePTGoJedqivu+cKeSjCfkvNJ1nfB3aqpRkXN+QZWjxoVD9NAxKQO9XK/HZhnHNjH5+gs5VPEfOTalLOdDgFKW3YpFdNrNTfRRilPT80rWepMbBp1KWP5gGVKHmmexWrBLfaotDocOk9kN/YQdq8UmZ6RVop/SLNEZ1R81vyO6rNV7Rb/lu3oq0yb16Qwm+Sz1qZulTTYMmKVNEyrR+go+fCySck3CwwmHXbNXik+qPVf1VZ2XtkzYbdjs8ruMLZPYF73UZlO/fYh3znarxGY1/aRT1xtkvMh5ndRjlZMm4ZleeKaX+tXYm6pbu1v1XWzahHb/h/sz1T419+VmUvNYatFddEY9UapkLdfo9EZpnx2L8FJu0JLYlX1U1zr5r/oksnfYsKjVdtEDpQ9X6tlH0VT7tMRtJWPprtUqUjCZ5JuqX3R2qm6d1C28MknRNnW96udkOVfSh3gu/dZ8i8hbCsao9EuNB+nH1WVM6bQFh2rXezrjHEcqKV9NrGoLDNfgpbpO/a6T36/mtfJjE842Sx1uZpO074PykGs0vfgoHVRlq3KEt0r+0m51TOnYhM0i49AgMlTtU1ereT87RqUbwj/FU01/xAaYpByn/thE7jj1T5Uz2bcr9ecqknPa+Be2KD8gxWj6+F7dbqI/Yms+fKdqu/BFar3WHOpHk7PPSneVbqgytLlWsTkWGTtKL0VlP8DHT5KUzVFjVtlPabvaZljaoOaXPyhjpx6JdDQbK7co+Wr6onRW6aPTBn80Oe/VytXKUiR1acbMKZO/Tk4brWzPB2vRbIq0Q7Xr2nr7EST6qLXpyvplXBiVPVHnpI/q6Rtlw5R+f7LkrFsMPqK679n5K7eNdvqmqbFsnPQb0n9t7Cq2/S2eXUGT93yUTXHR/xukdE3ZAA8Pd1588S1NxlFR4Zrclf0sLLjM3PmzWLpkvsTvzhj4StIWxuSegu9/l5XBQbh5en5oTEzFo1VtbXT09Wm2OjkyArPY0tKGRrV0RKCvD6mRkU5/f40xpZPzW0+eYv3
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbf0804-142c-4835-a6c2-4038950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T08:21:24.000Z",
"modified": "2018-10-11T08:21:24.000Z",
"first_observed": "2018-10-11T08:21:24Z",
"last_observed": "2018-10-11T08:21:24Z",
"number_observed": 1,
"object_refs": [
"file--5bbf0804-142c-4835-a6c2-4038950d210f",
"artifact--5bbf0804-142c-4835-a6c2-4038950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bbf0804-142c-4835-a6c2-4038950d210f",
"name": "181009-muddywater-15.png",
"content_ref": "artifact--5bbf0804-142c-4835-a6c2-4038950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bbf0804-142c-4835-a6c2-4038950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABzwAAAK4CAYAAAABeYsWAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAP+lSURBVHhe7L0HfFXH0T783Kqr3nvvDQlJ9N7de40d1zhxjVvs2Ens2OlxS9wbLrFxw2AMphljeu+9gwAhgYQQ6uX2+82zVwcExjV+3+/1738GVvfec7bMzszO7szsnmPwCUAHHXTQQQcddNBBBx100EEHHXTQQQcddNBBBx100EEHHXTQ4ScIxu5PHXTQQQcddNBBBx100EEHHXTQQQcddNBBBx100EEHHXTQQYefHOgBTx100EEHHXTQQQcddNBBBx100EEHHXTQQQcddNBBBx100OEnC3rAUwcddNBBBx100EEHHXTQQQcddNBBBx100EEHHXTQQQcddPjJgh7w1EEHHXTQQQcddNBBBx100EEHHXTQQQcddNBBBx100EEHHX6yoAc8ddBBBx100EEHHXTQQQcddNBBBx100EEHHXTQQQcddNBBh58s6AFPHXTQQQcddNBBBx100EEHHXTQQQcddNBBBx100EEHHXTQ4ScLesBTBx100EEHHXTQQQcddNBBBx100EEHHXTQQQcddNBBBx10+MmCHvDUQQcddNBBBx100EEHHXTQQQcddNBBBx100EEHHXTQQQcdfrKgBzx10EEHHXTQQQcddNBBBx100EEHHXTQQQcddNBBBx100EGHnywYfALd378XHDverD4NBsBiMsIsyWQ0qN9fBbno/w821t7pgkeaPWNWHXTQQQcddNBBBx100EEHHX7SEBsd0f3tu0Fjeyc67A54DIEIsFoR5OtEgLcdDp8J7d4gmAxmhHnd8Egepy0ErXLdADsiglxw+eSaKQButwkmTwBcnXaYrU6YzE6xVQMQZI5AW6td7FW//Wo2BsLl8sJnbIQ1qA1erw8uhw1GBMNoCJFkELu1E16DQ76znQDB0AiftO8ztMNnOi6GrRcGTwoM3kgEBBgEbyda2zoQFBwidbtVnT6fW0p5BAcDjKpt+eXxyHWf/DaqxO9er1d914DXDD0Ma96nHd3z2g8FZf5318+kuQN6/mZ7TE6n0NBkkv6x/348+FvDmyXVZ3fqCVpdLpcLZrMZVuGp2+1WdVosFnWNv5lHa1sHHXTQQQcddNBBBx1+WvDTPE+orcG5rtfW5Fyj87dLfovRA6slQNb/QGdnB4KDgyX/SXuEa3qv1yMX/PWYzaYzrvs1G8fhcCAqKkzqckh+k7TnRWtrq8obFhaGtrY2lY/liYffjhDbz+NW1wIDAxES7LdJvg3+q4AnA5wsfbixEweOtqOxTQxNt1BBTB9VK/8oQ8//2ycUigwNwPDeSQgMMAtRvrlp0k9oJV/8vwmKpvJHXZI//p8nDSS73aMY8X1AI7zCRuH6zXjpoIMOOuiggw466KCDDjro8PXwvQOeLQ40t7XDKsZ0cLBNDLtOmL2dYhAGws4gqFlstg4nLAYLTCEGtIt97XTJbR8Dky5YQ0LFDjTCyOt2LwzGLrS11wMeI5Li0mHvcsPl6ITJZIZJ6nM6xLA3NcES1K4MQZddjHhfMAKsQTCZDWKge+H2+JQLQ2rttkHF0DS5YTA3y08futqljy4bgoLF7JWG2+1dYpAb1T2D2MpeMdDhdasNwgQGDP0OAbOyOekI4G8GETUblJ+0T5n4nQFSOg9UPin3o0B3W5oNTeB3tqfhqDkatOvElbhotjPBKHjzPsswT0/QytG5ERQUpJwZXV1dqi+sm0nrG/vP/DrooIMOOuiggw466PDTgpNr458KcA3OtTc3NfK7FpjU1v/+YKUbVosVERGhqK9vlvsm+R4i96HW9LRngoICxB5zda/3A9Un7QLWyTq4/med2obHjg5uNIWyDWw2q7ID2A7vsVxAgAXt7R3qWmRkqOBoRGenXeHKOuNiI7t78M3wgwOexxvFyBN+rtlzHOsONCNIOuByC4EkseeqVn6yF91BT6fLizkr9uONh0YiNyUCdhJOypGgdrsfeQ34tcsBNDSKTSkWqNspzJDfYpfKdzuc0gwNU7cYuSajtGEhMwwo6RUoBrJREe+bQDCCUTrgN8LsYod6xNASw1IMYLMQWcvTHVr90UDVKZ07aSgyWOv/ZMSa+JypTUaxHU6HXyDPcF8HHXTQQQcddNBBBx10+GmD3zDzKePTamFwi+t+zVwziFnlhcPugPsnYBN834Bn7dFOWAKMsAbZ0NjcjoP79qDh2GE0t9pxrMUuBrEHFq8RJoMFdjGO3WLL2axm+NztYje2IUAMbrGrERwQipHDh6OoJA1d9kZ0tHZJmRBYzRZ4XJ1iVwWJYWlTAU+jtQWWQAY8LSrg6XTaEMz73WRXFFZ2rf877TaDsMVgFruNv91m0BT1iWnnYQaj2MMel9hsYqQaxNgXhIySkW1zFzMNf+3EJA182sDab9qBtPWYaCtqQUDtugK/4fhfAU+vsm46FQhaG4Se15iYj/eIN+8RL17nd15nALbn756g1cG+sZ7Ozk7lBLHZbMpBojlEeI9wenkddNBBBx100EEHHXT4vw8/vYCntgbnOp32CG2Nnhsyec9oFPtF8slyXu4bsHz5ClRXH1RreIfDqeoxmblJ04CQkGAkJiagvLxcPuPR1eVQa3/G/Vgv66QNwGsMdvIaT4cy0Ol2e9TpTt4PDwsS+03sPLdXBUR5spR1abbT/3jAs6GxCesqG7HhYCvGlKWid2Y0bNwJK/fElhMCqTintKCyq49AsWWue2wG7ry8BMUZUWIYmlC5by/sXXaUlJTCLgTTQPqNo8eAXbssaG+1IiUJSIoHHC4x+FxCWI+PNqQQwIAlK49i47pqBFl8ePAPhUhJpbHqN9ZOAUHCJG2SqTS+aIAeb2hAZ3u72n1LZjLYGRgcjIioaD/SP4LdpYw9dRqW4U4REqcLbS0t6rdXEgOdThGU+KQkWAOsQr9TG6UQrFmzCgUFhQgNDTtp8Orw44AyxuVT8af7O4G/v4n/WjkBNYyYt8e1E+V7XiPwunzIVf7xw5nyflN5Xv86UNWyQI/y/l/8cypodbNOltLa+dY2tHI96pXfqqWe13lZq5TXelbKOuTjZPmvaV+7rvKoKyfAX99Xy6k2e+aVayqvVhcv8bcq/kPb5WUZ16py9dMPkpfX+V9BzzpPh69pm/h/pV4C8/POmerT2tXua7/9l+Raj0KqHpXzZBvd106UPxMwjz+Tv87uwifaIUjhE+XVZd44FadT2v0mOFN737WcfDD/1+N2su6vypG/LP+fEVjlycIn6jwhdz3Lsx1197S25eMUnhB4vbtagiajZ6z3TKCynSGv1p72+3ToLncyv/+3KtGd/zvj8HWg4XB6n78PsA5/JSfwIpzAjXDavf8/wC8bikqKjl+hl0L3DHm0bz3zfhf4Groo4D35+D50P4H/mYp018c/mnz+EPjaNjR8VcXfH/f/Gti+H4Gvb1fh2AP3b/v9fUDa7i6tcNDh/1EQOaBNsmXzdqzfsFUZh4bujZK0AeJiojB06ADExsWILfPj2AQUN278tFotIsKCgFzwiL1Eo9IqtpHaqMnLYqNwB6/HI7aUv+g3QlzMdzNINairdyE4xIJaMQK37dyFhuZGsRct8MArtppD2UtWa4B8Bzra/buQw4JpiLvFjrTDavaJXWfHogVrcd0NN+DscwdLyTYEmC1wdkLtUPZ57WI022HyhUgfzDBaWyXRFjRL2UAcP+ZGYEC4GP5eSR2S36kMbjc38JLc8umBS+ptlWteBBjDYPQGoksaCIsyI7cgAQaT5JFyHM0kp0mdD2Xg0B/MJH9p/JO3WsCTv2mjcrc0d0CTD8o2FTuQ6cRu6x/BDmTAk7Rj+6yTbTFp33mPSXN88FPblU1HBEErSznR9KX2qYGSGwH2g4mODNYVGRmp2mlu5k5xo9rYy+vsvw466KCDDjrooIMOOvy04KcX8CRwnc81uXZak+t12iZc03N9brMFwd7lQEeHXQUfX3jhRbEJ7MjMzBS7wAC
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bbf0907-48b0-4ee0-be05-4df4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T08:25:43.000Z",
"modified": "2018-10-11T08:25:43.000Z",
"first_observed": "2018-10-11T08:25:43Z",
"last_observed": "2018-10-11T08:25:43Z",
"number_observed": 1,
"object_refs": [
"file--5bbf0907-48b0-4ee0-be05-4df4950d210f",
"artifact--5bbf0907-48b0-4ee0-be05-4df4950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5bbf0907-48b0-4ee0-be05-4df4950d210f",
"name": "181009-muddywater-17.png",
"content_ref": "artifact--5bbf0907-48b0-4ee0-be05-4df4950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5bbf0907-48b0-4ee0-be05-4df4950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAABAAAAAMACAYAAAC6uhUNAAAgAElEQVR4Aex9CZwU1bX+18vAsAw0oKzTMAOiqImOYnCmBxVMSNT3oqgwoC88Cb9/YjYEQbK8F40vvsUNREnyYpI3ISGRYUBFk/eyEB18YWaQmOeYxbgyw/SwytKs0zPT3fX/nXPrVld1V3VXzw7egp6quss553731q17zj33lufQkWMa1KEQUAgoBBQCCgGFgEJAIaAQUAgoBBQCCgGFwDmNgB9K/T+nK1gVTiGgEFAIKAQUAgoBhYBCQCGgEFAIKAT6FoHX//N7aP7tr/tMiImfvAFXfPFL8PeZBIqxQkAhoBBQCCgEFAIKAYWAQkAhoBBQCCgEznEEpPL//z45B/D0QWE14Ee68cFz6HByCcCr7x7GrneP4o3GCPYfO4O29hg0TUMirgGJBDT6xTVxTshzArXfva0PSqFYKgQUAgoBhYBCQCGgEFAIKAQUAgoBhYBCoH8j8MKtN0Mo/32h/evYaBp+9Ntt8Gv6GoDf/+0Qav56BLeFinHvrSUIDMmDx5NdwKnzfwRJg0h7PR74fD7E43EkNPv1BfWveYUUUV2YKBCh62hEnCnYHKbff+ObE/UMuZ1OnzwJ+lFp8vIGwJ+Xh/whQ+DP698OEG6wzA0JlVohoBBQCCgEFAIKAYWAQkAhoBBQCCgEeh2B7Kp1z4qk8+c9AF597wgr//9y53QMHTQQp9qBPceA1g4gHgcS5ABAZxJJ1+m9HqBkIqDFE0YYRfv8Pjz07X/BAw98C+0dMftCRIFAYDga3gKWLTMnGW6+wfE2YPHiJgQQEeFa7gaA/eEwTp44wfnJKEHGCZIxz5+HcRMnIi8vz8Kzp25aGhuRSCT4F4vFQL/29nZcNn26I0tXWDrmVhEKAYWAQkAhoBBQCCgEFAIKAYWAQkAhkCsC3/1uJf7y17dts33k0ovw+c8vylmPFHPj9hPktox6KNBP2vsf3j2M20JFrPy3HCclX2PFX4t70NFByxTI3d8jwqDB5/VA89K8vwc+tiQkC0Jpx48fr3sPJMNt5Y8SM6vSL9OR8o/ocfYIaGraiqJpc5PWB5nI5vz6rj/gwksuxpChQ/Hu397C6VOnEE/EcfLkSU5NSvjQIUMx6rxRaN79PqZcdJENla4FRY4ew/FIBGPGjUP+oHyDL/Hu6OjA6TOnMTwQwLSPfiRjmXLCsmsiq9wKAYWAQkAhoBBQCCgEFAIKAYWAQuBDjwDpa6T8//yn62yx+Id/XMre7nk96E2+469v4u29ew3+F02YgJmXXgKncCOhiwv2gac1//feeiXP/F/xnb8BA3y4e8YI/FPZKIR+sBv7Dp7G568KYKCmYd0Lu+FpbYO3LYb9z96EUQVCwTXzKigosCwLMMfRNbn7B/hMM/vpBgCz8h9BBHNveBANb21PJZN2TzP8pOzvD7cgf/AgtLVFWeGOtom1BmQUSMTjOHHyBLxeLxsB0oh0MSDa2oqTx4/j2NEj2LevBWUzr2GKNNsvZ/5bz7TC6/XhxInjGDYsvfxmEbJhaU6rrnsRgdpHcNtjtUDwDjy5rhx1S7+CTWHBP7TqRdxXrstiTvdV4PGlG6En0/NOxKa5j6DOIvpELFj3HSxo1nnocRa6lvSmGzM/i1zluG/r1xCSSY10ExEMNydl4nidfxCATEfhXNY7QMFGuDlM0jbOzdhk4OLE3w1+YYEHM2bmeHzuRgQJIyNMMq3NECfT2JztymkOA5DEP0O5bEgbQUzPXJZMsmaIC2/EsrR2RPXiJFcGWiRcmlyGxPYXtumJh2zHDu3HgqHkWyt4ZGxHLGSGejWX21xPuvi28kr+5vpwouNQNrjBVfYR9JxnarM22NmjT4J3A9ad6Xfs8DHLIgV2qH9zHXOdSGzs+s8sdCUr81nS1MPE8+qCjlP7MNM2romeUz0aiVxeSNlMeHFOK86Wftcl5R5Pxn1QLULcB2fAxCkdqA+T+TsjrY5d+dfw3Cr5sk3SCVd9BcuqkPLeSMY7X2Uoi8xktLOUd5qMz+mcQzm6jFlOgtknlmU3P8s2Keseuxl1IdM4yK6vJFp1M23rz4akQ5CL+nLIqYIVAtkQcOMh3pPKP8lHyv+SH/7QELXyc5/ja7twMgzkcvjJFWH/0VZe8998DLizZCSeefskWk5ryPN5EI0DmteDdw+3Ydk1o/GdFz2Ax4Ov3nEhvF4PWqMd5DBgHHRJGwd6yG/AFG4koAt97T+v+7dEgN3+5cx/hOwDvBeAWALgSE+nQUq13+dHa2srK9vxmFD2KXrK1AsxqbgYpKDX/u8rbCiIxxPOMqbI5fb2ROQ48zh16hTP9EuZSfknLwTCpr2jHacPHYR/QB4uvtTZAOAKS7eCqXTdiEAtVj9WywrhStKoazcCq17Es6SM1j2C2x97BLUhUrZT0oU3AijHyudNirgGrHz+RayU0lH+qokoKwSatTvw7PNfEzEWujJx6tnKjwZBm4Jfw7NPlSO86StY/mgtnuXBkjWdhYqJv9a8EcsfC2PBUy+iQiraGvkMpeTnMAsVvglvetQdf1v87kDLPSR/uTBaEI/U/sQuTIqRKU6mkeewfTmbg/b4Bx3LJQnanZtRXRsWxpNU2VLvzdnt4hiH9HbUnE2uNFrNqM6GsVkWOKeve+wRhBd+B88umCiegUc3ouypO9hoZNuGHTBPrWILe7pJKwM9c7UOzx9lcMLdJtyBDkxlE8+RKJt8JGxlSntGdEOHjfxO2Bn0U0AwpzfLQ4piLljn3O844ONEx3X/Yfv8f82xX0zrB3R8wg7ld5SPG5tNO0jB2/bWph5t02UNTD7HXC56Lu7ZiCC9T6S1NrwR1bVAhbzPSrMnEtRi9a0bEXzqO+JdUHgH1j5/BzMy6sMOE6d0QXP+FNquxZ+IYPNGbGouT76fOG8tNlU1A6A1qjbvDTf0M+ULfQ3PPk8y7+B3UtY+Kys/l+WwYJaVaA8kSH3v1+Jxc5swcSwLlePx2lpoId04w5MMzQjXNqOC3hEAwuEwgsFg+nvdRMf1Zab6ck1EJfywI0Az/j/44c/w1xSXf5rpTz1+pnsFUP9n9IGpiRzutUQcCVpb7+KYOn4cSOn/7A9+wKnp/OPPf57vSZ+kg+4pXTzmsOw+hQ/p7nR4qYeMtsfYZf9MBzBj3FBe9L8/0gZKc4Q2BNA01L9/EmVTC/CxKSP5/u9Lx8Lr8eL0mXbdjZ0EIcWf7AOk/It77oF54wDTfVRf0y/PunCWmf8IeQrQpoCmjQFT6djcUwW2tbWxAWDw4MEYOqwAJdOnY1JxEctHLvl+v5/X4pMXgK180PDyy79L+zmlNYe3tUbZJSQajWLcuPEGfbo/b8xoFAwfxvsQED5Hjxwx4s005LUTlmNHj4LTT+ZVZ1N7s2knXcdnIoJBnUdoISqMa1JYw2gJS/6mdMZDKOPSz3W1tQiWhxCExi9HQ86QrghnLYvktwf1tc0IldOoUUMwVI5g3Q7UGfllOqsMZv51VRuBhauSZTPyUh77/Ia8yIG/LX5BVDz1gm6wIOCscgooU8PkvV16GZd+dionDU4Mvgb+2cqVTp9p1G1E3cRyYQCwlCWTrE5xovSGbEwvm1x2tLJhnFoWp/R70BKeiFBIxys40SinPYYanDC3limVv10ZNMC2/eh5nXC3C7elswP1deWoYFcTDcEFCxEK16LeeL4dZOI6SX1G7NI6Y2ePhbM8XcHa/Nw70cmIs96mzXQy17EJG1vcrXVvpmuPi7v+Mo2OXTuwPJ9WOQRvu3q0S+cmzExrD6ofI+X/BawMmfIGF6LCfJ9VPlPebk1rljWVR6Y4c1qndE7h5ryp1wB10XV1e5L9NJWX3nNGf52ax829W1ncpsvGs6fKkY1vZ+JNzy23LQcM6B3ASr/gEa6rRXDhHUAzGWYojN5XSL4zutROHWToEs3OYKPyOPXNZ0s4Kcak/JNyb/ejlrbuqX+lk9H6cy8bZ3f9p3zaNFbuScmXhzQG0L1U/ildrgd7AGi6JYI2+isZMwRoi+HoiXa8tvcMEIvDE4vDpyX
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bbf13d1-88bc-4b03-a881-4167950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-11T09:11:45.000Z",
"modified": "2018-10-11T09:11:45.000Z",
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\Word8.0\\\\MSForms.exd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-11T09:11:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0dce5235-c55f-4bd3-8ac0-31177f487562",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T11:59:16.000Z",
"modified": "2018-10-26T11:59:16.000Z",
"pattern": "[file:hashes.MD5 = 'ab4f947f4649b9ec28d182b02778aa69' AND file:hashes.SHA1 = '7d0b494354f1db904f21f52da58f14811c536e15' AND file:hashes.SHA256 = 'e04bb1c0a84debcae77cd82b0a27a02cdd68d47214d6bafefec8f5cad71f4a1c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T11:59:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--56f07a86-19e1-477b-bec7-68f3b5f92d94",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T11:59:32.000Z",
"modified": "2018-10-26T11:59:32.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T21:47:43",
"category": "Other",
"uuid": "fbb78d5f-50ce-462f-8538-2e09bda58175"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e04bb1c0a84debcae77cd82b0a27a02cdd68d47214d6bafefec8f5cad71f4a1c/analysis/1539467263/",
"category": "External analysis",
"uuid": "46f13db6-aba1-4eb2-9056-98724eaaca82"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/59",
"category": "Other",
"uuid": "9b6be0c6-73e7-4921-99dd-d140374da874"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--31a57645-1669-4e5b-a07c-55300bdff8bf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T11:59:49.000Z",
"modified": "2018-10-26T11:59:49.000Z",
"pattern": "[file:hashes.MD5 = '864d6321be50f29e7a7a4bfab746245a' AND file:hashes.SHA1 = '243ba07c35cf6b13ca5cde030437aa933840ee57' AND file:hashes.SHA256 = 'b0da2a7d0eeb5ab43eb99108b87d0141edcba4aa11d44c1f708527499410133f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T11:59:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2cb20ec0-1762-421e-9640-4acca2c0d48a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T11:59:51.000Z",
"modified": "2018-10-26T11:59:51.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T21:12:55",
"category": "Other",
"uuid": "ccefa26a-e8f1-4059-8b0c-e883650a1f82"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b0da2a7d0eeb5ab43eb99108b87d0141edcba4aa11d44c1f708527499410133f/analysis/1539465175/",
"category": "External analysis",
"uuid": "4edb42c8-5318-482b-9706-ba634f7d645f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/58",
"category": "Other",
"uuid": "d6f96a07-6f04-4fb5-a4d5-9b77805e1673"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0ccd4d0b-e97f-4dac-9d63-38118a4ff31b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T11:59:53.000Z",
"modified": "2018-10-26T11:59:53.000Z",
"pattern": "[file:hashes.MD5 = 'a9ec30226c83ba6d7abb8d2011cdae14' AND file:hashes.SHA1 = 'faf580608b76a47bcf181ec44bb36d637112d3fa' AND file:hashes.SHA256 = 'f2f573af0f76fe0f21bbe630a4bb50b1c1836eb24429bfb8c93673276f27e374']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T11:59:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--297156af-d00a-49e5-b136-0d8b658dc016",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T11:59:57.000Z",
"modified": "2018-10-26T11:59:57.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-25T04:12:07",
"category": "Other",
"uuid": "6e87a413-11e2-4db4-b30f-9c37295afa68"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f2f573af0f76fe0f21bbe630a4bb50b1c1836eb24429bfb8c93673276f27e374/analysis/1540440727/",
"category": "External analysis",
"uuid": "adc80cf9-1a81-483c-9cd9-ee63e1aab260"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/59",
"category": "Other",
"uuid": "476a4225-fb4a-411e-b1c7-81694562e5d0"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6c5c645a-1154-4e6f-9a8c-e09bec28b813",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:00:13.000Z",
"modified": "2018-10-26T12:00:13.000Z",
"pattern": "[file:hashes.MD5 = '9f4044674100a8c28f9ed1b336c337ce' AND file:hashes.SHA1 = 'cd2267e2d736e925247c2a22e4ca75d7e2ebb21e' AND file:hashes.SHA256 = '5f2a6601d349af00a4cc101a638003af2f330879c333168cbf6a7a123dfb3928']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:00:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c19442e0-d547-48a0-9fb2-8309d78c74e6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:00:17.000Z",
"modified": "2018-10-26T12:00:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T21:15:51",
"category": "Other",
"uuid": "59ea5e4b-a5b2-4fe1-8f2a-d40de70b6c16"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5f2a6601d349af00a4cc101a638003af2f330879c333168cbf6a7a123dfb3928/analysis/1539465351/",
"category": "External analysis",
"uuid": "95289a6a-6ccb-4120-9647-92ba50be4f07"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/57",
"category": "Other",
"uuid": "7ec61e79-d07e-4e6e-88ca-6fcf6d0d97fb"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fec87bee-a27f-453d-81b2-b573b2980dfc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:00:18.000Z",
"modified": "2018-10-26T12:00:18.000Z",
"pattern": "[file:hashes.MD5 = '801f34abbf90ac2b4fb4b6289830cd16' AND file:hashes.SHA1 = '0282bf2a9dca0a87e7fe2a12480c1cc2ea234b49' AND file:hashes.SHA256 = 'b7b8faac19a58548b28506415f9ece479055e9af0557911ca8bbaa82b483ffb8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:00:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fa3879d1-a417-4bb5-82c1-0771fd8f690d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:00:21.000Z",
"modified": "2018-10-26T12:00:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-17T23:41:58",
"category": "Other",
"uuid": "57481417-11bb-441e-9a35-60e6ec1f3ff0"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b7b8faac19a58548b28506415f9ece479055e9af0557911ca8bbaa82b483ffb8/analysis/1539819718/",
"category": "External analysis",
"uuid": "3dac3f72-d638-4382-838b-978aee470ccb"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/56",
"category": "Other",
"uuid": "080dbfe0-8f57-4486-9965-fb65ba7ad586"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b870e457-a906-4413-ac38-e27ae839ae13",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:00:27.000Z",
"modified": "2018-10-26T12:00:27.000Z",
"pattern": "[file:hashes.MD5 = 'befc203d7fa4c91326791a73e6d6b4da' AND file:hashes.SHA1 = '8743083219b6943c0c580093dd4139fe353c9943' AND file:hashes.SHA256 = 'e60c802b692a503f4f91e8809bb961b5423c602f6fb374de1af4d983415de3f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:00:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--460c2688-f882-4aa9-9a35-4707ce903ee9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:00:47.000Z",
"modified": "2018-10-26T12:00:47.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-14T18:34:36",
"category": "Other",
"uuid": "27acc580-2607-4d61-85ec-bd5cfa0c7ceb"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e60c802b692a503f4f91e8809bb961b5423c602f6fb374de1af4d983415de3f1/analysis/1539542076/",
"category": "External analysis",
"uuid": "4822738f-83d9-4a9a-85ff-a5133ec69db5"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/67",
"category": "Other",
"uuid": "3a96fb3e-ed42-48de-8660-328e10a672db"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3d147083-9b4f-4565-9cd2-0be561143f21",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:00:51.000Z",
"modified": "2018-10-26T12:00:51.000Z",
"pattern": "[file:hashes.MD5 = '4c5a5c236c9f4480b3d725f297673fad' AND file:hashes.SHA1 = '7b24d7332f22c4d9ac72070203745b4bea208cb4' AND file:hashes.SHA256 = '616b5f143156dffbdc6cd5765d157874540739f7d74a0b86cb0c4ed342605443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:00:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5005a835-a840-49dc-bc1b-04269dd4ab59",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:00:53.000Z",
"modified": "2018-10-26T12:00:53.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T23:06:37",
"category": "Other",
"uuid": "ff571687-a6a1-42a5-818d-36d1d1d0a9de"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/616b5f143156dffbdc6cd5765d157874540739f7d74a0b86cb0c4ed342605443/analysis/1539471997/",
"category": "External analysis",
"uuid": "c2767a80-e660-4c2d-ba1a-6743626dca55"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/58",
"category": "Other",
"uuid": "9dde102c-dacb-4416-b391-5185126c685f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--33c319ea-ce85-4548-996d-fada6f872995",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:00:55.000Z",
"modified": "2018-10-26T12:00:55.000Z",
"pattern": "[file:hashes.MD5 = 'eb69fb45feb97af81c2f306564acc2da' AND file:hashes.SHA1 = '6059e4d34dee97e6f63be8cb9467327ceb7c7f90' AND file:hashes.SHA256 = '6a68e8b12960257621cb89f979c1fbbd0f13c2338fad0f64e133deb95c99b2f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:00:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e8307187-524b-454e-a7e5-35de3ae028b0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:00:57.000Z",
"modified": "2018-10-26T12:00:57.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T22:23:51",
"category": "Other",
"uuid": "004f025e-8b14-4088-9321-2adcc6770960"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6a68e8b12960257621cb89f979c1fbbd0f13c2338fad0f64e133deb95c99b2f9/analysis/1539469431/",
"category": "External analysis",
"uuid": "a76e300f-4dbe-4ee1-b841-9a0fcb6d7afc"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/57",
"category": "Other",
"uuid": "878d37aa-b3b1-4ea0-9cc3-858f68baecde"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--acd0e574-aa79-4dac-80d4-e804d961b256",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:00:59.000Z",
"modified": "2018-10-26T12:00:59.000Z",
"pattern": "[file:hashes.MD5 = 'aa564e207926d06b8a59ba50ca2c543d' AND file:hashes.SHA1 = '7b5000cbc07308f030f8bedba6620d767a0504b5' AND file:hashes.SHA256 = '3eb27ecfbe5381b9cf4dcba2486e9773d9893b92c95032be784e0d2198740539']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--df591dc3-d453-43fc-977d-4bb8b0bc9cb1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:01:01.000Z",
"modified": "2018-10-26T12:01:01.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-22T02:07:43",
"category": "Other",
"uuid": "0cf968c1-8b54-4f96-9b54-7d5931ae1358"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3eb27ecfbe5381b9cf4dcba2486e9773d9893b92c95032be784e0d2198740539/analysis/1540174063/",
"category": "External analysis",
"uuid": "fa29434e-262e-4d94-992d-e7a6cc2c6760"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/59",
"category": "Other",
"uuid": "0f583fd2-ecd3-4bbb-a414-4512ab544fbe"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e7d69dcc-6ff2-4f14-a8c3-97a099dc7001",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:01:02.000Z",
"modified": "2018-10-26T12:01:02.000Z",
"pattern": "[file:hashes.MD5 = '7beb94f602e97785370fec2d059d54a5' AND file:hashes.SHA1 = '53785a0d58b774125d702cdd70015be273348314' AND file:hashes.SHA256 = '153117aa54492ca955b540ac0a8c21c1be98e9f7dd8636a36d73581ec1ddcf58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:01:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fafae45c-0a60-4442-a37f-22d9fb5b84a0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:01:06.000Z",
"modified": "2018-10-26T12:01:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-17T23:41:31",
"category": "Other",
"uuid": "83d26909-2907-4ba1-aff9-f09839171472"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/153117aa54492ca955b540ac0a8c21c1be98e9f7dd8636a36d73581ec1ddcf58/analysis/1539819691/",
"category": "External analysis",
"uuid": "0de6b052-d025-4fc0-8f3e-edfea36ecac1"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/56",
"category": "Other",
"uuid": "44a5b20b-ffb0-4158-befa-f2685079b0e4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--51cbcdd0-059c-4be4-bb1d-689701e0af1e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:01:08.000Z",
"modified": "2018-10-26T12:01:08.000Z",
"pattern": "[file:hashes.MD5 = 'faa4469d5cd90623312c86d651f2d930' AND file:hashes.SHA1 = '07704be3cb7c7dd6cfb987ded284960f721074fd' AND file:hashes.SHA256 = '41a32a19c78a542ab4d0701c31d9ef6c7f019c9bc604ab9415f4790b7ac6c591']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:01:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e35d7710-6c17-4600-a491-78d9b2d974af",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:01:38.000Z",
"modified": "2018-10-26T12:01:38.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T22:27:41",
"category": "Other",
"uuid": "23e4abbc-275f-42b2-8e89-28a917123c9d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/41a32a19c78a542ab4d0701c31d9ef6c7f019c9bc604ab9415f4790b7ac6c591/analysis/1539469661/",
"category": "External analysis",
"uuid": "369759b7-dc04-4573-aaa3-74f4a02f3a26"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "33/58",
"category": "Other",
"uuid": "14888e4c-d1e6-47ec-8e6e-4bef89fb41c4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5f1c620f-9bb5-44a0-a49d-d4a20fcc5b56",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:01:40.000Z",
"modified": "2018-10-26T12:01:40.000Z",
"pattern": "[file:hashes.MD5 = 'ffb8ea0347a3af3dd2ab1b4e5a1be18a' AND file:hashes.SHA1 = '99d3597fea978d3d8ea6ad1e5727d581ec409c1a' AND file:hashes.SHA256 = 'fbbda9d8d9bcaaf9a7af84d08af3f5140f5f75778461e48253dc761cc9dc027c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:01:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fd6b82ad-05eb-4cc7-b654-8259cb33f397",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:01:42.000Z",
"modified": "2018-10-26T12:01:42.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-17T10:36:10",
"category": "Other",
"uuid": "cef03c0d-37a8-4edd-b4e7-d5c6e9e03e21"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/fbbda9d8d9bcaaf9a7af84d08af3f5140f5f75778461e48253dc761cc9dc027c/analysis/1539772570/",
"category": "External analysis",
"uuid": "90c624d8-f537-4c4d-96d0-43582d1685d7"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/58",
"category": "Other",
"uuid": "901270e4-cbf1-43db-912f-3cac0d96048c"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e37a5a13-697f-433b-b91f-b796b81c6843",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:01:43.000Z",
"modified": "2018-10-26T12:01:43.000Z",
"pattern": "[file:hashes.MD5 = 'bf310319d6ef95f69a45fc4f2d237ed4' AND file:hashes.SHA1 = 'f53f52b9aa4573f7250d7693617f8617ec139aad' AND file:hashes.SHA256 = '009cc0f34f60467552ef79c3892c501043c972be55fe936efb30584975d45ec0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:01:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4931955c-02f5-437a-8673-39acb95429fe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:01:46.000Z",
"modified": "2018-10-26T12:01:46.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-24T06:15:40",
"category": "Other",
"uuid": "344c2c9f-3b0f-4b3f-82ce-735421a7086f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/009cc0f34f60467552ef79c3892c501043c972be55fe936efb30584975d45ec0/analysis/1540361740/",
"category": "External analysis",
"uuid": "9864b8f4-5820-4f81-9f30-dcdd027ed6cb"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/58",
"category": "Other",
"uuid": "bc85be94-5bba-48e1-b653-708cc7e18e67"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0fb7a91b-5a1d-456b-a372-9bd1792e4d59",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:01:48.000Z",
"modified": "2018-10-26T12:01:48.000Z",
"pattern": "[file:hashes.MD5 = '7a2ff07283ddc69d9f34cfa0d3c936d4' AND file:hashes.SHA1 = 'db6376bfd590285e271387c81b676281a7a80abb' AND file:hashes.SHA256 = '18cf5795c2208d330bd297c18445a9e25238dd7f28a1a6ef55e2a9239f5748cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:01:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--53a0ab1d-952b-4206-a553-8b111df85bd3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:01:50.000Z",
"modified": "2018-10-26T12:01:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-17T23:41:09",
"category": "Other",
"uuid": "aec3ad8e-2951-4414-8294-3f120ad31c03"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/18cf5795c2208d330bd297c18445a9e25238dd7f28a1a6ef55e2a9239f5748cd/analysis/1539819669/",
"category": "External analysis",
"uuid": "7039be4c-75a2-41b3-b438-143e2061cc6b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/57",
"category": "Other",
"uuid": "2876775b-b8b5-4a9a-9bfa-3d41beb4a280"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--53e618c4-8a5d-4156-a5c6-8ea1f5328d3a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:01:52.000Z",
"modified": "2018-10-26T12:01:52.000Z",
"pattern": "[file:hashes.MD5 = 'c561e81e30316208925bfddb3cf3360a' AND file:hashes.SHA1 = '0c252c9778029cba362152c4623371b70f8e5422' AND file:hashes.SHA256 = '507039a0c8a9a9c378118cd7015dd824e31b77c2b8835215d1a021bea82c66b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:01:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b68a949d-1041-4ec5-a1ee-50774483da01",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:01:54.000Z",
"modified": "2018-10-26T12:01:54.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-16T18:43:28",
"category": "Other",
"uuid": "5894efa3-341f-4187-acfb-ba9671aa7857"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/507039a0c8a9a9c378118cd7015dd824e31b77c2b8835215d1a021bea82c66b4/analysis/1539715408/",
"category": "External analysis",
"uuid": "c2a8d451-533b-422a-ab8b-59e2b59b8fc3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "24/57",
"category": "Other",
"uuid": "3ea35811-9d92-437a-8e0f-200ef2ea70f1"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9ab3586b-39d0-4150-8279-e143df7ad88b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:02:01.000Z",
"modified": "2018-10-26T12:02:01.000Z",
"pattern": "[file:hashes.MD5 = '3c2a0d6d0ecf06f1be9ad411d06f7ba8' AND file:hashes.SHA1 = '6123f7da1f716bbb9e0a8e76255ee6a68c6c9cf7' AND file:hashes.SHA256 = '38556ba0b512636006c00b51f24ac92755bd1f1b21b4ae1812abf6bf9543221e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:02:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7102d5f3-62d3-4f2f-b6fe-63baeea4ffb6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:02:16.000Z",
"modified": "2018-10-26T12:02:16.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-24T01:03:54",
"category": "Other",
"uuid": "d4ad2444-48d7-4b4e-82ca-e9c893c4b421"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/38556ba0b512636006c00b51f24ac92755bd1f1b21b4ae1812abf6bf9543221e/analysis/1540343034/",
"category": "External analysis",
"uuid": "c483436e-4621-4809-8549-47989da7897a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/58",
"category": "Other",
"uuid": "68fb4c54-1a70-4526-b690-e5648ed7a409"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2df61ab0-86b0-444f-841d-0c3cb4543ad4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:02:17.000Z",
"modified": "2018-10-26T12:02:17.000Z",
"pattern": "[file:hashes.MD5 = '94edf251b5fe7cc19488b5f0c3c3e359' AND file:hashes.SHA1 = 'a02dfebd01369337e01b4f6bfd644d47457bee25' AND file:hashes.SHA256 = '2cea0b740f338c513a6390e7951ff3371f44c7c928abf14675b49358a03a5d13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:02:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--90c525e7-74e9-4a8c-ab7e-a609a3633442",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:02:25.000Z",
"modified": "2018-10-26T12:02:25.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T15:13:29",
"category": "Other",
"uuid": "bf025950-5a64-418b-9353-f178b20594d9"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2cea0b740f338c513a6390e7951ff3371f44c7c928abf14675b49358a03a5d13/analysis/1539270809/",
"category": "External analysis",
"uuid": "639c14de-057f-4137-83a9-42d18645c69a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/58",
"category": "Other",
"uuid": "559330bd-627c-4da1-bbcf-65360a1b8f42"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b0c96e50-6743-4347-b27f-2d9828182184",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:02:27.000Z",
"modified": "2018-10-26T12:02:27.000Z",
"pattern": "[file:hashes.MD5 = 'e5683fb480353c0dec333a7573710748' AND file:hashes.SHA1 = 'c972a47804b6c4259b91c24e0c6db0537d03924a' AND file:hashes.SHA256 = 'abc269676eab9cf71f4f00195d1be02c10ea5bfb383fa1396dc108e0f6f9b9be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:02:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f3cd75ac-beeb-4a9f-a2d4-b78604188d99",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:02:30.000Z",
"modified": "2018-10-26T12:02:30.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T22:21:06",
"category": "Other",
"uuid": "b2170fc8-0314-492a-a056-ae127af70224"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/abc269676eab9cf71f4f00195d1be02c10ea5bfb383fa1396dc108e0f6f9b9be/analysis/1539469266/",
"category": "External analysis",
"uuid": "ada170fb-d732-411f-a153-71bef4482d9b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/58",
"category": "Other",
"uuid": "efc1bbf7-0741-415e-a1f8-e9a7cfe61c06"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4a57082d-1113-4c31-ac54-fcabcd334522",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:02:31.000Z",
"modified": "2018-10-26T12:02:31.000Z",
"pattern": "[file:hashes.MD5 = '16ac1a2c1e1c3b49e1a3a48fb71cc74f' AND file:hashes.SHA1 = '8d5e3bed94115e93e51e67db815edbab10e35505' AND file:hashes.SHA256 = 'bfb4fc96c1ba657107c7c60845f6ab720634c8a9214943b5221378a37a8916cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:02:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--21387002-20ff-4b1d-ad38-09d5a5dc2556",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:02:34.000Z",
"modified": "2018-10-26T12:02:34.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-23T00:27:20",
"category": "Other",
"uuid": "5641fdee-9ff7-4245-989d-1e19129ab9ef"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bfb4fc96c1ba657107c7c60845f6ab720634c8a9214943b5221378a37a8916cd/analysis/1540254440/",
"category": "External analysis",
"uuid": "0edebb25-8990-44d3-b9b7-4dee26732170"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/58",
"category": "Other",
"uuid": "a2e6295c-f018-47fd-b91a-91ba91ad9789"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--08d435b6-9c5c-47ef-827e-0c2e535a1264",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:02:35.000Z",
"modified": "2018-10-26T12:02:35.000Z",
"pattern": "[file:hashes.MD5 = '9486593e4fb5a4d440093d54a3519187' AND file:hashes.SHA1 = 'f9bc806bc1fb99e8e88e3d8f142729bdd5a44ec9' AND file:hashes.SHA256 = '707d2128a0c326626adef0d3a4cab78562abd82c2bd8ede8cc82f86c01f1e024']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:02:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8d937a08-3ec8-4710-bc00-62adce8d1fd2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:02:37.000Z",
"modified": "2018-10-26T12:02:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-17T23:43:45",
"category": "Other",
"uuid": "e5ee124b-3851-40e6-993f-b420649d377d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/707d2128a0c326626adef0d3a4cab78562abd82c2bd8ede8cc82f86c01f1e024/analysis/1539819825/",
"category": "External analysis",
"uuid": "35b244af-573f-4c7a-9cab-196b5a03ba03"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/54",
"category": "Other",
"uuid": "23567f6b-9d28-4f16-8934-f93c366ee411"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e31585a9-e153-4b53-b420-d6e0519e00c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:02:43.000Z",
"modified": "2018-10-26T12:02:43.000Z",
"pattern": "[file:hashes.MD5 = '5bd61a94e7698574eaf82ef277316463' AND file:hashes.SHA1 = 'a80655582da300ba1e1c3f4ac78d61a5a8f6d3ab' AND file:hashes.SHA256 = 'c87799cce6d65158da97aa31a5160a0a6b6dd5a89dea312604cc66ed5e976cc9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--96804372-de78-45de-bd01-063861671447",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:02:59.000Z",
"modified": "2018-10-26T12:02:59.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-19T00:09:43",
"category": "Other",
"uuid": "1d0fb92b-26b0-44d4-a470-d5627eafe433"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c87799cce6d65158da97aa31a5160a0a6b6dd5a89dea312604cc66ed5e976cc9/analysis/1539907783/",
"category": "External analysis",
"uuid": "68b8a252-3984-49af-9e06-427ffd8647a3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/57",
"category": "Other",
"uuid": "77d8e639-57b8-48ea-bff8-12d899391121"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d2f7d021-4acb-4319-81f9-53370a45e832",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:03:07.000Z",
"modified": "2018-10-26T12:03:07.000Z",
"pattern": "[file:hashes.MD5 = 'c8b0458c384fd34971875b1c753c9c7c' AND file:hashes.SHA1 = 'e9731cc102d3c07744a06b63631addf8fc2b3f46' AND file:hashes.SHA256 = '5c7d16bd89ef37fe02cac1851e7214a01636ee4061a80bfdbde3a2d199721a79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:03:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4d21d162-1fb4-4198-8949-2c296cd028cd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:03:09.000Z",
"modified": "2018-10-26T12:03:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-25T03:39:26",
"category": "Other",
"uuid": "0afbb267-8a1c-4447-b229-83f60aac17fe"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5c7d16bd89ef37fe02cac1851e7214a01636ee4061a80bfdbde3a2d199721a79/analysis/1540438766/",
"category": "External analysis",
"uuid": "3f6aa0b4-7a59-45e7-963c-0a4aee1cc714"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/59",
"category": "Other",
"uuid": "6b2c0d26-b8ec-4818-8bf8-7fc21ab36e72"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--74246f0f-70de-4ad4-a1f4-361cac2bd78f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:03:16.000Z",
"modified": "2018-10-26T12:03:16.000Z",
"pattern": "[file:hashes.MD5 = 'e7a6c57566d9523daa57fe16f52e377e' AND file:hashes.SHA1 = 'a008761e02c15773286457854bc92baa6b2f0781' AND file:hashes.SHA256 = '91fe25107612a35f1e1c2b9ffa1027262062ee9a389d1fd4e118ea6f4798bcef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:03:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4dffe3df-3904-40e0-bc19-f002f1b33eeb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:03:30.000Z",
"modified": "2018-10-26T12:03:30.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-22T12:08:17",
"category": "Other",
"uuid": "e155075d-a0cd-4e7f-ac83-5dcd26f7ec1c"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/91fe25107612a35f1e1c2b9ffa1027262062ee9a389d1fd4e118ea6f4798bcef/analysis/1540210097/",
"category": "External analysis",
"uuid": "f35782b4-2bd3-4ced-8d3e-b9fdee1a2595"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/55",
"category": "Other",
"uuid": "70aa74b9-17f7-46f0-9f2d-0850c61b47d7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--88c615e1-7bbb-4b0a-bddc-7b85e2bb579e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:03:31.000Z",
"modified": "2018-10-26T12:03:31.000Z",
"pattern": "[file:hashes.MD5 = '345b1ea293764df86506f97ba498cc5e' AND file:hashes.SHA1 = '72701410c05dda3c088a15f791946cf0861a9bcb' AND file:hashes.SHA256 = '818253f297fea7d8a2324ee1a233aabbaf3b0b4b9cdaa1ebd676fe00f2247388']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:03:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7c5e4ccd-80e2-47cd-8cb1-a56ef4e0b865",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:03:35.000Z",
"modified": "2018-10-26T12:03:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-23T00:44:51",
"category": "Other",
"uuid": "28db44f2-a7a7-4ff0-a28b-73595a216e73"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/818253f297fea7d8a2324ee1a233aabbaf3b0b4b9cdaa1ebd676fe00f2247388/analysis/1540255491/",
"category": "External analysis",
"uuid": "7929d031-2e77-4bf9-86e1-6c23dd9e9ca0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "32/68",
"category": "Other",
"uuid": "1a6d5d54-abd9-4c3e-a67a-cf448db31909"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6c663bc9-cfc1-4ca0-a03c-0b4f60d6e7d4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:03:55.000Z",
"modified": "2018-10-26T12:03:55.000Z",
"pattern": "[file:hashes.MD5 = '5a42a712e3b3cfa1db32d9e3d832f8f1' AND file:hashes.SHA1 = 'a6f51730ee561e3395220b2dd26b927d1de4680d' AND file:hashes.SHA256 = 'b9c70adbc731b1b2779ab35bb0fab29ae703e2a4a7214c5e2749b02daf326a9b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:03:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5bd663c3-7b0b-41f6-8a5e-cbc776ad81ea",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:03:58.000Z",
"modified": "2018-10-26T12:03:58.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-22T02:08:38",
"category": "Other",
"uuid": "17c8b38c-273b-4196-b6f6-6304a28dca4b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b9c70adbc731b1b2779ab35bb0fab29ae703e2a4a7214c5e2749b02daf326a9b/analysis/1540174118/",
"category": "External analysis",
"uuid": "ecd92234-0391-4ff4-9b50-cf3c8780606b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/59",
"category": "Other",
"uuid": "aaeb9a5d-83ce-4c4b-9464-c5c752cc74b7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--109617d0-6a8e-4cc9-aae1-92e11425e4cd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:04:00.000Z",
"modified": "2018-10-26T12:04:00.000Z",
"pattern": "[file:hashes.MD5 = 'f2b5373f32a4b9b3d34701ff973ba69c' AND file:hashes.SHA1 = '36b2a003df195e2d640412a5791b631037e04e4b' AND file:hashes.SHA256 = '2a49d29d58d4d962bee5430e40f488bb79ebab92cf13db5bb4708f3eaf95caed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:04:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--afaeb002-c625-489a-9cec-ce0191ed8d49",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:04:06.000Z",
"modified": "2018-10-26T12:04:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-23T14:07:42",
"category": "Other",
"uuid": "967e1cb9-fa4e-4dbc-bc94-9c49e99cfeed"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2a49d29d58d4d962bee5430e40f488bb79ebab92cf13db5bb4708f3eaf95caed/analysis/1540303662/",
"category": "External analysis",
"uuid": "0b13224b-f5d6-4835-98ca-96aa65aa18b4"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/59",
"category": "Other",
"uuid": "035c4a03-b759-4935-b66b-134ebe2042de"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bd146a67-39d0-4e55-bd92-27ad3ed4b6b4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:04:29.000Z",
"modified": "2018-10-26T12:04:29.000Z",
"pattern": "[file:hashes.MD5 = 'c375bbf248592cee1a1999227457c300' AND file:hashes.SHA1 = 'afe50ddb5bf5702a4cc9a6cc21a441b09dbfb2c2' AND file:hashes.SHA256 = 'aa60c1fae6a0ef3b9863f710e46f0a7407cf0feffa240b9a4661a4e8884ac627']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:04:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--db4f4e2d-3ac3-4dbc-9519-3a4204112ecc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:04:39.000Z",
"modified": "2018-10-26T12:04:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T15:13:06",
"category": "Other",
"uuid": "76997782-64df-422e-9af6-b8563208fce5"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/aa60c1fae6a0ef3b9863f710e46f0a7407cf0feffa240b9a4661a4e8884ac627/analysis/1539270786/",
"category": "External analysis",
"uuid": "6484cb82-39eb-4d42-9878-d6dcbea93a9f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/58",
"category": "Other",
"uuid": "cd8127b2-5546-4275-b3d7-4d1425ed4208"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4f7b9f67-83dc-46f9-af98-a4b1fc542771",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:04:49.000Z",
"modified": "2018-10-26T12:04:49.000Z",
"pattern": "[file:hashes.MD5 = '59502e209aedf80e170e653306ca1553' AND file:hashes.SHA1 = '680fdada9f598f57f774f285dbfea5c383dc5b03' AND file:hashes.SHA256 = '40ffcbf044ec951242a92a09b6a239183def2e74fc18e5975fa70e849d875a2e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:04:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9094218a-0a32-4747-8f21-bf0f7bfed79d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:05:02.000Z",
"modified": "2018-10-26T12:05:02.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-22T12:09:22",
"category": "Other",
"uuid": "d06e1229-9cd6-47ff-a11d-621b3cce363f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/40ffcbf044ec951242a92a09b6a239183def2e74fc18e5975fa70e849d875a2e/analysis/1540210162/",
"category": "External analysis",
"uuid": "2cacb2d3-befa-4eb8-8320-1c50a9bb38d3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/57",
"category": "Other",
"uuid": "3635dbaf-ee96-4cd6-9b58-90184ff70f68"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3302d71e-7875-4c88-b2ba-41dad3c95145",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:05:20.000Z",
"modified": "2018-10-26T12:05:20.000Z",
"pattern": "[file:hashes.MD5 = '24e1bd221ba3813ed7b6056136237587' AND file:hashes.SHA1 = '8d86e25ee414d49cf925d5fd333443e39eebfc8f' AND file:hashes.SHA256 = '3d96811de7419a8c090a671d001a85f2b1875243e5b38e6f927d9877d0ff9b0c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:05:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--16f41dd9-5ec8-42fc-9def-e3b9f5868d5b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:05:32.000Z",
"modified": "2018-10-26T12:05:32.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-26T00:34:39",
"category": "Other",
"uuid": "434f756d-ef27-4be1-83c9-2b61eba6396c"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3d96811de7419a8c090a671d001a85f2b1875243e5b38e6f927d9877d0ff9b0c/analysis/1540514079/",
"category": "External analysis",
"uuid": "9b4acfe3-9c4b-4a6d-ad0b-56bf33d8686c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/59",
"category": "Other",
"uuid": "fffa1e19-c195-450a-a0c6-04331a49bf32"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cc368270-d79e-4a9d-ba7d-064db8e3425a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:05:55.000Z",
"modified": "2018-10-26T12:05:55.000Z",
"pattern": "[file:hashes.MD5 = 'ce2df2907ce543438c19cfaf6c14f699' AND file:hashes.SHA1 = '17ac7424c06f42844b70ac508d12608329d331ae' AND file:hashes.SHA256 = '209fb398318a0d346b933b0c408467fce8dea36c10cd0f69ce4b342e28cee9dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:05:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7ab71cfb-ea18-49f4-bfc5-cd3ee49738cd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:06:10.000Z",
"modified": "2018-10-26T12:06:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T22:18:08",
"category": "Other",
"uuid": "465381ee-3728-499f-8ccc-fb9001348416"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/209fb398318a0d346b933b0c408467fce8dea36c10cd0f69ce4b342e28cee9dc/analysis/1539469088/",
"category": "External analysis",
"uuid": "e0c02618-f216-4a5a-9ef9-515f4f2f8d32"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/58",
"category": "Other",
"uuid": "f4b7b799-d5ae-4303-9564-d1d8896cd47e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--344a7eaa-7132-4b02-82c1-e5584b3169c1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:06:18.000Z",
"modified": "2018-10-26T12:06:18.000Z",
"pattern": "[file:hashes.MD5 = '47ec75d3290add179ac5218d193bb9a8' AND file:hashes.SHA1 = '4e23eca913de2aeb7093cb7ecfbf1dc272ff78b9' AND file:hashes.SHA256 = 'f6707b5f41192353be3311fc7f48ee30465038366386b909e6cefaade70c91bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:06:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--46d0a508-b361-4427-a099-64e9f943116d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:06:48.000Z",
"modified": "2018-10-26T12:06:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-26T00:47:39",
"category": "Other",
"uuid": "1d654ffa-2b0d-4038-ba6d-36d739672f45"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f6707b5f41192353be3311fc7f48ee30465038366386b909e6cefaade70c91bc/analysis/1540514859/",
"category": "External analysis",
"uuid": "2aecd147-b707-46f9-bf79-6d82917db72b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/67",
"category": "Other",
"uuid": "c58a1b2d-1600-48e2-92d0-711442e0309a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--245a788b-a28c-4d13-9cfb-6a3f67f892f4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:06:50.000Z",
"modified": "2018-10-26T12:06:50.000Z",
"pattern": "[file:hashes.MD5 = 'cd371d1d3bd7c8e2110587cfa8b7eaea' AND file:hashes.SHA1 = 'a74ebea575319e9e26a5fcd6939e103dbd230eb4' AND file:hashes.SHA256 = '315a95d2565b05d936d1357311848d7cc021dfddfd8bfe4a3f7dea18c2c19522']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:06:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c53779ab-34b1-4e06-80a2-f060d1dd2212",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:06:53.000Z",
"modified": "2018-10-26T12:06:53.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T22:14:36",
"category": "Other",
"uuid": "a4622b73-9b01-4cad-84cf-c42f58c9f5cf"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/315a95d2565b05d936d1357311848d7cc021dfddfd8bfe4a3f7dea18c2c19522/analysis/1539468876/",
"category": "External analysis",
"uuid": "4c4dffec-736d-4643-8a9d-fbe1b7d39a75"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/58",
"category": "Other",
"uuid": "4eecd42c-bcd8-4c3c-8b21-44a9d8841aab"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3ca55f8e-4d26-48b5-92fd-5ea47ba8b291",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:06:56.000Z",
"modified": "2018-10-26T12:06:56.000Z",
"pattern": "[file:hashes.MD5 = 'f84914c30ae4e6b9b1f23d5c01e001ed' AND file:hashes.SHA1 = '78ba7c54d0ee1009ea8fdf7a198ff3a2b0a7a4f7' AND file:hashes.SHA256 = '18479a93fc2d5acd7d71d596f27a5834b2b236b44219bb08f6ca06cf760b74f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:06:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fa93027d-b99b-4cc3-a32d-f0afdec46d12",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:07:30.000Z",
"modified": "2018-10-26T12:07:30.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T22:26:48",
"category": "Other",
"uuid": "2c5e82fd-e20a-49a3-8b2a-4b53a1afba45"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/18479a93fc2d5acd7d71d596f27a5834b2b236b44219bb08f6ca06cf760b74f6/analysis/1539469608/",
"category": "External analysis",
"uuid": "271f0f46-a4c8-46ea-bbe0-98b84304a82d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/58",
"category": "Other",
"uuid": "a15edd7e-0add-47a9-b03c-b7140b2937e4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--969cd2bf-3874-4c07-a054-5eec49bf0079",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:07:33.000Z",
"modified": "2018-10-26T12:07:33.000Z",
"pattern": "[file:hashes.MD5 = '665947cf7037a6772687b69279753cdf' AND file:hashes.SHA1 = '89f726a22b1cad37d95befeed64a6c379f7db2ad' AND file:hashes.SHA256 = '94625dd8151814dd6186735a6a6a87b2a4c71c04b8402caf314fb6f98434eaad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:07:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--341e106f-4861-4bb6-9581-fbee0cb3632c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:07:36.000Z",
"modified": "2018-10-26T12:07:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-20T13:08:11",
"category": "Other",
"uuid": "3420ce84-479f-475c-ba66-604c7c5683f4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/94625dd8151814dd6186735a6a6a87b2a4c71c04b8402caf314fb6f98434eaad/analysis/1540040891/",
"category": "External analysis",
"uuid": "55cc886a-e25d-476b-8a7e-20a5fe4e6614"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/59",
"category": "Other",
"uuid": "54676eed-d4a9-4ab3-a05f-478ec6349aae"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--46b26e92-d82a-4fea-8c89-580becaa903a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:08:00.000Z",
"modified": "2018-10-26T12:08:00.000Z",
"pattern": "[file:hashes.MD5 = '4f873578956d2790101443f24e4bd4d3' AND file:hashes.SHA1 = 'c8b93462145d8233af5f52c4acea38de255e4701' AND file:hashes.SHA256 = 'ad7210a49bd908aae54da0f496ca62cb10a20c3c934dede84f9afff229186873']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:08:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f4196559-f992-4516-bce9-7658600a7894",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:08:37.000Z",
"modified": "2018-10-26T12:08:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-26T00:58:48",
"category": "Other",
"uuid": "92129c9b-7c1c-45de-a493-af00635c6770"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ad7210a49bd908aae54da0f496ca62cb10a20c3c934dede84f9afff229186873/analysis/1540515528/",
"category": "External analysis",
"uuid": "b14351f0-b0d5-49f6-a388-42bc6abd1d28"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "17/58",
"category": "Other",
"uuid": "13e6c4c4-91e6-42c4-9662-8258abed6aad"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ba352a5d-16d7-4309-9282-c2e88311365b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:08:45.000Z",
"modified": "2018-10-26T12:08:45.000Z",
"pattern": "[file:hashes.MD5 = 'b8939fa58fad8aa1ec271f6dae0b7255' AND file:hashes.SHA1 = '0336503957730b0669a4575fa64b9c4d9d25f240' AND file:hashes.SHA256 = '76e9988dad0278998861717c774227bf94112db548946ef617bfaa262cb5e338']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:08:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--afbfb77f-dbbf-476b-bd72-4cc29f2d52eb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:08:51.000Z",
"modified": "2018-10-26T12:08:51.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-22T22:07:39",
"category": "Other",
"uuid": "d6768968-bbbb-4f37-8c09-49822cf5ef5d"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/76e9988dad0278998861717c774227bf94112db548946ef617bfaa262cb5e338/analysis/1540246059/",
"category": "External analysis",
"uuid": "b782bdf4-6702-4b0c-b531-aac359e9c545"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/59",
"category": "Other",
"uuid": "4aa66c8a-42e4-48a6-91c9-edafbfe98f53"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--277fd140-36c3-4b42-a9f6-56ec81f87384",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:08:58.000Z",
"modified": "2018-10-26T12:08:58.000Z",
"pattern": "[file:hashes.MD5 = '08acd1149b09bf6455c553f512b51085' AND file:hashes.SHA1 = '56837e2222dd6dd2700afdaf35d7d219b4566dff' AND file:hashes.SHA256 = 'f9a825385e4bf2a86943f78708f7b5a3bb4244c334be5cd363c221b59a21d42e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:08:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--cdf6b744-d24a-49f9-8ac4-2c2c72de5e56",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:09:24.000Z",
"modified": "2018-10-26T12:09:24.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-16T12:57:16",
"category": "Other",
"uuid": "f4514c63-d34d-479c-aabc-f399ce433dd4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f9a825385e4bf2a86943f78708f7b5a3bb4244c334be5cd363c221b59a21d42e/analysis/1539694636/",
"category": "External analysis",
"uuid": "39c081fa-2210-4dd9-936e-69f8f0b8687b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/59",
"category": "Other",
"uuid": "bad218fe-9d9a-4251-a7ab-9a4690a5bd93"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2d1711bf-a2cb-4113-96c0-26c70f04bc38",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:09:44.000Z",
"modified": "2018-10-26T12:09:44.000Z",
"pattern": "[file:hashes.MD5 = 'd15aee026074fbd18f780fb51ec0632a' AND file:hashes.SHA1 = '352687a98fb232e5614f7ce7cd57512553535915' AND file:hashes.SHA256 = 'af5f102f0597db9f5e98068724e31d68b8f7c23baeea536790c50db587421102']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:09:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--348d53ec-29f8-48bd-b32e-d4d632e8bf5d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:09:58.000Z",
"modified": "2018-10-26T12:09:58.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T22:19:12",
"category": "Other",
"uuid": "8705cda0-5405-46d6-b4e7-d295efdf377b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/af5f102f0597db9f5e98068724e31d68b8f7c23baeea536790c50db587421102/analysis/1539469152/",
"category": "External analysis",
"uuid": "9a3461b2-a6d2-4233-9a07-e8a682f5f474"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "39/59",
"category": "Other",
"uuid": "3bd447c7-a736-4410-88c0-efc980eb4477"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--efb4664d-3744-4557-a6b0-eadb0e46f982",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:10:01.000Z",
"modified": "2018-10-26T12:10:01.000Z",
"pattern": "[file:hashes.MD5 = 'aa1e8d0e1c4d4eb9984124df003ea7f2' AND file:hashes.SHA1 = 'dfcd4a66adc4ebd573a48f1715a8f2b0c0291160' AND file:hashes.SHA256 = 'cd123cc3c192e822d24534ad52b7c76becbe0b10f987c881d90a4629ef84f736']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:10:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--864c648b-dfb9-457c-84a7-a69a18909bfc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:10:05.000Z",
"modified": "2018-10-26T12:10:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T21:17:03",
"category": "Other",
"uuid": "8d0ceced-616b-42c9-89cf-4f92cc6d2c3e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/cd123cc3c192e822d24534ad52b7c76becbe0b10f987c881d90a4629ef84f736/analysis/1539465423/",
"category": "External analysis",
"uuid": "46db7b18-cf5d-44c7-8710-219172ec1a25"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/58",
"category": "Other",
"uuid": "ba031384-7102-4ea7-bc64-4d257267e9ed"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0a31c783-7db1-4ee2-9113-dd1393956968",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:10:27.000Z",
"modified": "2018-10-26T12:10:27.000Z",
"pattern": "[file:hashes.MD5 = 'bb476622bcb0c666e12fbe4ccda8bbef' AND file:hashes.SHA1 = '4986d8bca37e0863f5baf25a0da27e6b253d12bb' AND file:hashes.SHA256 = '3f14a1210d1f2cdb916275bf32cb49159b6f49a54f246bdcb0e967cd0edb8e82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:10:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d49c4443-b917-485f-9988-346a4c174c36",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:10:29.000Z",
"modified": "2018-10-26T12:10:29.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T21:51:07",
"category": "Other",
"uuid": "37a5c439-b1b4-4c95-bd21-f1e1f076f047"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3f14a1210d1f2cdb916275bf32cb49159b6f49a54f246bdcb0e967cd0edb8e82/analysis/1539467467/",
"category": "External analysis",
"uuid": "08388520-2788-48f8-86cf-e34359a3a533"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/58",
"category": "Other",
"uuid": "447fa4aa-0cab-45ba-8ca7-d8996eef6876"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a1bf1ba-5c6b-4882-af35-f992c5545079",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:10:31.000Z",
"modified": "2018-10-26T12:10:31.000Z",
"pattern": "[file:hashes.MD5 = '5466c8a099d1d30096775b1f4357d3cf' AND file:hashes.SHA1 = '4f632db14f1cda11f7d3f907e746155cde399eaf' AND file:hashes.SHA256 = '9038ba1b7991ff38b802f28c0e006d12d466a8e374d2f2a83a039aabcbe76f5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:10:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7fbb889d-657e-40e0-9458-b7a422b9ccd2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:10:33.000Z",
"modified": "2018-10-26T12:10:33.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T20:15:57",
"category": "Other",
"uuid": "253f6040-7ba2-40f1-9026-2ff49db3ab24"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/9038ba1b7991ff38b802f28c0e006d12d466a8e374d2f2a83a039aabcbe76f5c/analysis/1539461757/",
"category": "External analysis",
"uuid": "3f3c9059-f685-4d08-afc1-4c73cee08a38"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/59",
"category": "Other",
"uuid": "b583f736-79f9-4a5e-bc47-e02fc26f14f1"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58012976-30e2-4822-b6a7-fdbf701fc7b8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:10:35.000Z",
"modified": "2018-10-26T12:10:35.000Z",
"pattern": "[file:hashes.MD5 = 'f00fd318bf58586c29ab970132d1fd2a' AND file:hashes.SHA1 = '6f5f226c071f97ac46c0b4f4d390fcce3f40b860' AND file:hashes.SHA256 = 'bbcafdb4fd7bf107d8b85934286d531536b7a0a30e5eeed07e27f0f7afcf8a77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:10:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--cb449345-1d6a-466a-ba9b-b35a37462d75",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:10:41.000Z",
"modified": "2018-10-26T12:10:41.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-22T12:06:39",
"category": "Other",
"uuid": "8876e6b2-2e78-4e96-9472-5a5c7f16b1a7"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bbcafdb4fd7bf107d8b85934286d531536b7a0a30e5eeed07e27f0f7afcf8a77/analysis/1540209999/",
"category": "External analysis",
"uuid": "fe921098-fd26-4c29-a9f8-be97758741a0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/59",
"category": "Other",
"uuid": "a44f783a-6846-4063-9ad1-51786f917a1b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dc0c9d2f-28dd-44fe-913a-db5481dfc8ba",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:10:43.000Z",
"modified": "2018-10-26T12:10:43.000Z",
"pattern": "[file:hashes.MD5 = 'd632c8444aab1b43a663401e80c0bac4' AND file:hashes.SHA1 = '2b3981a8889d51bb14a3a974d1578b0161b8784b' AND file:hashes.SHA256 = '3da24cd3af9a383b731ce178b03c68a813ab30f4c7c8dfbc823a32816b9406fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:10:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ee33f122-421f-4d64-82c7-8e6f75329c57",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:10:46.000Z",
"modified": "2018-10-26T12:10:46.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-11T15:14:26",
"category": "Other",
"uuid": "4263a1ce-39bd-45de-82f4-e2a9061c5333"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3da24cd3af9a383b731ce178b03c68a813ab30f4c7c8dfbc823a32816b9406fb/analysis/1539270866/",
"category": "External analysis",
"uuid": "8cbe935b-39b3-41ae-b212-6531a480d97f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/59",
"category": "Other",
"uuid": "b5212545-5018-404c-b8b4-c9fff615e8dd"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a4fe4a04-2083-4108-a050-f5920409d023",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:10:56.000Z",
"modified": "2018-10-26T12:10:56.000Z",
"pattern": "[file:hashes.MD5 = '2b8ab9112e34bb910055d85ec800db3f' AND file:hashes.SHA1 = '36216f2ef471a3189f175630cebb06f04e30bf4b' AND file:hashes.SHA256 = '276a765a10f98cda1a38d3a31e7483585ca3722ecad19d784441293acf1b7beb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:10:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--43dd37f2-90c2-463f-9166-eb111de8e695",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:11:09.000Z",
"modified": "2018-10-26T12:11:09.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-21T00:16:09",
"category": "Other",
"uuid": "7c8477a8-c454-4aaf-a0dc-091459cbea54"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/276a765a10f98cda1a38d3a31e7483585ca3722ecad19d784441293acf1b7beb/analysis/1540080969/",
"category": "External analysis",
"uuid": "81f1d13e-321a-422c-9c22-bd12f7659d04"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/67",
"category": "Other",
"uuid": "8d8c772f-2b41-47d9-bff0-31c360bc614f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ecac345-ba1e-4426-9400-0f42240de6f9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:11:10.000Z",
"modified": "2018-10-26T12:11:10.000Z",
"pattern": "[file:hashes.MD5 = '37f7e6e5f073508e1ee552ebea5d200e' AND file:hashes.SHA1 = '34f4c4ac3500a91c5d9394b247ba1eeb7152535d' AND file:hashes.SHA256 = 'd07d4e71927cab4f251bcc216f560674c5fb783add9c9f956d3fc457153be025']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:11:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3d957cef-2600-427d-8c91-ca9a3cc06dbb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:11:12.000Z",
"modified": "2018-10-26T12:11:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-26T00:37:14",
"category": "Other",
"uuid": "6afed300-f5d6-4060-a0f3-e9dd72358090"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d07d4e71927cab4f251bcc216f560674c5fb783add9c9f956d3fc457153be025/analysis/1540514234/",
"category": "External analysis",
"uuid": "b6bd2374-449e-48bc-86c6-8f9f85fb3e7e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/57",
"category": "Other",
"uuid": "992192ee-c474-4e35-96c3-bcb874336924"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b5662b78-6d3b-44cf-86db-a7ffd1324345",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:11:13.000Z",
"modified": "2018-10-26T12:11:13.000Z",
"pattern": "[file:hashes.MD5 = '5de97ae178888f2dd222bb8a66060ac2' AND file:hashes.SHA1 = '32f723050afe20a3b5b6c3a1d60db385045a3dbf' AND file:hashes.SHA256 = 'eff78c23790ee834f773569b52cddb01dc3c4dd9660f5a476af044ef6fe73894']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:11:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e2436b65-f8eb-47f8-96fd-a957987bf24e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:11:15.000Z",
"modified": "2018-10-26T12:11:15.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-13T20:48:54",
"category": "Other",
"uuid": "3ad214b5-7e6f-4772-a671-90c2db86a80a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/eff78c23790ee834f773569b52cddb01dc3c4dd9660f5a476af044ef6fe73894/analysis/1539463734/",
"category": "External analysis",
"uuid": "fbb0e0ec-50b8-45c9-8dd2-3457ea1c7006"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/59",
"category": "Other",
"uuid": "fbec1590-9808-4e00-a56b-bf587d8f1f43"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c18dbdfc-e3d4-419a-9d61-399cbd689f00",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:11:27.000Z",
"modified": "2018-10-26T12:11:27.000Z",
"pattern": "[file:hashes.MD5 = 'be62fc5b1576e0a8491519e10bab931d' AND file:hashes.SHA1 = 'b3545913847b7cb53fe01d599c5dd35b7c82ad97' AND file:hashes.SHA256 = '86b5aab2be0b3f29e3184fd2337792a80706cc593cc17de85eea2401af29738f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-26T12:11:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f73e119f-231f-497c-8b71-1b3c9c2a475a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-26T12:11:40.000Z",
"modified": "2018-10-26T12:11:40.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-10-18T03:49:04",
"category": "Other",
"uuid": "1f03c32a-e9cf-4551-bfca-87673f0711d2"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/86b5aab2be0b3f29e3184fd2337792a80706cc593cc17de85eea2401af29738f/analysis/1539834544/",
"category": "External analysis",
"uuid": "5f555d33-f1b6-42b7-b206-03b0da8796ea"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "20/57",
"category": "Other",
"uuid": "11eb8dfc-9816-4000-978c-a777dcb0ef96"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink