adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/56eac220-9900-4d35-bb22-461b950d210f.json

7353 lines
2.7 MiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--56eac220-9900-4d35-bb22-461b950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:21.000Z",
"modified": "2016-03-17T15:47:21.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56eac220-9900-4d35-bb22-461b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:21.000Z",
"modified": "2016-03-17T15:47:21.000Z",
"name": "Malspam (2016-03-17) - Dridex (122), Locky",
"published": "2016-03-17T15:48:15Z",
"object_refs": [
"indicator--56eac23a-7cd0-476d-934b-4044950d210f",
"indicator--56eac23b-14dc-45b6-a6b1-42db950d210f",
"indicator--56eac23b-e2e8-4690-965c-4cb4950d210f",
"indicator--56eac23b-8e80-4a02-b69f-4b5b950d210f",
"indicator--56eac23b-1900-4947-a394-4c1a950d210f",
"indicator--56eac23c-9058-4173-a240-4d5a950d210f",
"indicator--56eac23c-8c94-4ee8-8fab-47fa950d210f",
"indicator--56eac23c-c808-4c30-80ab-41c6950d210f",
"indicator--56eac23d-67d4-4934-983b-473e950d210f",
"indicator--56eac23d-9b54-47b3-b3db-4869950d210f",
"indicator--56eac23d-0908-4b02-b7f3-4e6c950d210f",
"indicator--56eac23d-0f88-4c60-8033-46dd950d210f",
"indicator--56eac23e-4514-4fe0-ad0c-4721950d210f",
"indicator--56eac23e-db88-4caf-bc6e-4990950d210f",
"indicator--56eac23e-e064-47a3-9092-4a16950d210f",
"indicator--56eac23f-4a48-440b-b3a4-4e85950d210f",
"indicator--56eac23f-d114-4346-a633-4652950d210f",
"indicator--56eac23f-7ee4-4c62-9b42-4048950d210f",
"indicator--56eac23f-c1f8-4883-a3d3-429c950d210f",
"indicator--56eac240-2fcc-49ab-83bb-4c3e950d210f",
"indicator--56eac240-39b0-4cd2-98aa-4879950d210f",
"indicator--56eac240-12c0-408f-a0ea-4eb7950d210f",
"indicator--56eac240-00e0-4c53-b7a4-47c1950d210f",
"indicator--56eac241-8110-4e88-8757-480e950d210f",
"indicator--56eac241-8b78-4488-8f5e-410f950d210f",
"indicator--56eac241-dadc-40b1-adc9-4b7c950d210f",
"indicator--56eac242-27a0-482b-9819-4f2e950d210f",
"indicator--56eac242-4b10-4ebe-a04b-4cef950d210f",
"indicator--56eac242-285c-4bb8-840b-4dbb950d210f",
"indicator--56eac243-0460-4ef4-86ed-4b6c950d210f",
"indicator--56eac243-e110-4a66-93ba-4a03950d210f",
"indicator--56eac243-a244-4c25-b5d0-455d950d210f",
"indicator--56eac244-8940-45e4-b222-4229950d210f",
"indicator--56eac244-f58c-4e9e-8222-4993950d210f",
"indicator--56eac244-df84-4be6-a71f-4811950d210f",
"indicator--56eac245-ca84-44fe-85d5-4fb3950d210f",
"indicator--56eac245-d9bc-409b-8545-409f950d210f",
"indicator--56eac246-e374-4388-b84d-4551950d210f",
"indicator--56eac246-c998-45c0-adab-48c5950d210f",
"indicator--56eac246-3508-40b2-886f-4349950d210f",
"indicator--56eac247-0c94-4f1b-bd4b-481a950d210f",
"indicator--56eac293-b124-4554-9cbc-45f9950d210f",
"indicator--56eac294-029c-45cf-bc16-4acd950d210f",
"indicator--56eac295-c148-4f3d-ad50-40e5950d210f",
"indicator--56eac296-46c8-46d8-b363-424f950d210f",
"indicator--56eac296-e140-4372-ae61-429e950d210f",
"indicator--56eac297-54ac-46c4-ad8c-42d5950d210f",
"indicator--56eac298-0f1c-4dc8-b1c5-4838950d210f",
"indicator--56eac298-a4e0-4d6f-87ef-46de950d210f",
"indicator--56eac299-212c-4323-aa33-4241950d210f",
"indicator--56eac29a-1fcc-423d-9e72-4a19950d210f",
"indicator--56eac29a-5fe4-4e69-adf4-4287950d210f",
"indicator--56eac29b-f2ec-4b5f-9a51-4457950d210f",
"indicator--56eac29c-b000-420e-8968-4026950d210f",
"indicator--56eac29d-f0d0-4ed7-aa0f-4c82950d210f",
"indicator--56eac29d-e0d0-49c5-a44d-452a950d210f",
"indicator--56eac29e-e5c0-4433-b226-4002950d210f",
"indicator--56eac29f-0e14-4ccd-b6a9-41c6950d210f",
"indicator--56eac29f-7d2c-4f1d-bfde-467a950d210f",
"indicator--56eac2a0-d1cc-432b-b643-4d1f950d210f",
"indicator--56eac2a1-d650-44eb-b596-4a8e950d210f",
"indicator--56eac2a1-2258-42a0-9f37-4339950d210f",
"indicator--56eac2a2-e338-48f6-a82f-41f5950d210f",
"indicator--56eac2a3-3cc4-40f3-bd58-46c2950d210f",
"indicator--56eac2a4-61d8-4299-af23-4e6d950d210f",
"indicator--56eac2a4-8698-445b-b528-4c36950d210f",
"indicator--56eac2a5-5068-4743-a642-4dbd950d210f",
"indicator--56eac2a6-99d8-4015-b2c5-4ed7950d210f",
"indicator--56eac2a6-8120-4542-804f-4d17950d210f",
"indicator--56eac2a7-6bb8-4cc1-9591-4685950d210f",
"indicator--56eac2a8-3d88-47ac-abb2-47c6950d210f",
"indicator--56eac2a8-04b8-4ebb-96ff-4156950d210f",
"indicator--56eac2a9-5420-4193-adf9-4a60950d210f",
"indicator--56eac2aa-7220-46f1-99af-4444950d210f",
"indicator--56eac2aa-abdc-440b-a717-472c950d210f",
"indicator--56eac2ab-0550-4439-aab1-45ae950d210f",
"indicator--56eac2ab-689c-4b2e-b3f2-48df950d210f",
"indicator--56eac2ac-4030-45e3-ab10-4231950d210f",
"indicator--56eac2ac-b168-4c5e-b21f-471d950d210f",
"indicator--56eac2ad-895c-4319-9f3b-429d950d210f",
"indicator--56eac2ae-a38c-492a-9745-4437950d210f",
"indicator--56eac2ae-3310-4539-9b4f-4994950d210f",
"indicator--56eac2af-fe60-4b72-8d9d-415c950d210f",
"indicator--56eac2af-9540-4f68-905f-402e950d210f",
"indicator--56eac2b0-b874-41e2-a4f4-418c950d210f",
"indicator--56eac2b1-7840-4548-85f6-4e87950d210f",
"indicator--56eac2b1-7fe4-4e90-adf9-4403950d210f",
"indicator--56eac2b2-f520-4ed0-b00f-4383950d210f",
"indicator--56eac2b2-16c0-4ac4-bdd3-4ad6950d210f",
"indicator--56eac2b3-e874-4844-aa76-4ed1950d210f",
"indicator--56eac2b4-f9ec-46f1-a42a-44d5950d210f",
"indicator--56eac2b4-9864-4fad-9d46-4884950d210f",
"indicator--56eac2b5-0940-477c-bceb-48bc950d210f",
"indicator--56eac2b6-26fc-4e41-8dc7-444c950d210f",
"indicator--56eac2b6-b19c-4ad1-b647-47e4950d210f",
"indicator--56eac2b7-a288-4668-8a74-457b950d210f",
"indicator--56eac2b7-3cc8-4a79-af65-4531950d210f",
"indicator--56eac2b8-21fc-4990-bc52-4764950d210f",
"indicator--56eac2b8-de40-4816-9d5f-4258950d210f",
"indicator--56eac2b9-d520-4976-8625-4660950d210f",
"indicator--56eac2ba-0dc0-40b2-b5e3-4595950d210f",
"observed-data--56eac362-3b08-465e-b1a9-4dca950d210f",
"file--56eac362-3b08-465e-b1a9-4dca950d210f",
"artifact--56eac362-3b08-465e-b1a9-4dca950d210f",
"observed-data--56eac3ba-bcd8-497b-aea0-4c0a02de0b81",
"url--56eac3ba-bcd8-497b-aea0-4c0a02de0b81",
"observed-data--56eac3ba-34f0-4332-b943-4bf102de0b81",
"url--56eac3ba-34f0-4332-b943-4bf102de0b81",
"observed-data--56eac3bb-1c40-4a77-92a4-4fd402de0b81",
"url--56eac3bb-1c40-4a77-92a4-4fd402de0b81",
"observed-data--56eac3bb-e854-4895-ab44-4c5c02de0b81",
"url--56eac3bb-e854-4895-ab44-4c5c02de0b81",
"observed-data--56eac3bb-4b48-4f7d-8bac-4a1402de0b81",
"url--56eac3bb-4b48-4f7d-8bac-4a1402de0b81",
"observed-data--56eac3bc-a7ec-4fef-876f-4dbb02de0b81",
"url--56eac3bc-a7ec-4fef-876f-4dbb02de0b81",
"observed-data--56eac3bc-f4f0-4364-b50c-410602de0b81",
"url--56eac3bc-f4f0-4364-b50c-410602de0b81",
"observed-data--56eac3bd-31cc-4257-915c-446702de0b81",
"url--56eac3bd-31cc-4257-915c-446702de0b81",
"observed-data--56eac3bd-5778-4e85-acae-49dc02de0b81",
"url--56eac3bd-5778-4e85-acae-49dc02de0b81",
"observed-data--56eac3bd-f844-4519-851c-490102de0b81",
"url--56eac3bd-f844-4519-851c-490102de0b81",
"observed-data--56eac3be-7d50-4c59-a0f0-492402de0b81",
"url--56eac3be-7d50-4c59-a0f0-492402de0b81",
"observed-data--56eac3be-5674-457e-9a66-424f02de0b81",
"url--56eac3be-5674-457e-9a66-424f02de0b81",
"observed-data--56eac3be-75bc-4d5e-a326-4eba02de0b81",
"url--56eac3be-75bc-4d5e-a326-4eba02de0b81",
"indicator--56eac9f2-f6c8-4ac8-a41d-47f7950d210f",
"indicator--56eac9f2-8c28-47bb-8c21-4e0b950d210f",
"indicator--56eac9f2-7d9c-40ef-8095-47ff950d210f",
"indicator--56eac9f3-a41c-4e36-8f5e-4873950d210f",
"indicator--56eac9f3-4068-453c-83db-43d0950d210f",
"indicator--56eaca0b-89a8-48c5-800c-4c43950d210f",
"indicator--56eaca0b-0dc0-4e7f-b549-41bc950d210f",
"indicator--56eaca0c-10c4-4c06-9e71-4009950d210f",
"indicator--56eaca0d-1c44-43f8-84fe-453f950d210f",
"indicator--56eaca0d-5910-4bca-b0b7-4489950d210f",
"indicator--56eaca0e-81d4-475b-8938-4ab4950d210f",
"indicator--56eaca0f-17b4-4ec8-964d-4f92950d210f",
"indicator--56eaca0f-67fc-4f1b-a31a-4926950d210f",
"indicator--56eaca10-c984-4c93-b93e-4090950d210f",
"indicator--56eaca11-0a9c-40c8-bf8b-4790950d210f",
"indicator--56eaca11-56ec-4629-bd44-4c61950d210f",
"indicator--56eaca12-0e58-48b2-bc37-4bea950d210f",
"indicator--56eaca13-1e78-4210-8bc5-4958950d210f",
"indicator--56eaca13-834c-43b1-ae71-4b87950d210f",
"indicator--56eaca14-5428-45de-8e32-4ac5950d210f",
"indicator--56eaca15-e998-4373-820b-4348950d210f",
"indicator--56eaca15-afb4-4ae1-9b52-4eee950d210f",
"indicator--56eaca16-e284-4b97-bcac-4011950d210f",
"indicator--56eaca16-bfac-42e4-9f55-44fe950d210f",
"indicator--56eaca17-e698-4672-a607-486a950d210f",
"indicator--56eaca18-2190-4e09-a5d9-4652950d210f",
"indicator--56eaca18-cf98-4d8c-a0a9-492f950d210f",
"indicator--56eaca19-43b4-423f-b097-489e950d210f",
"indicator--56eaca19-45e8-4e0e-a3e9-445b950d210f",
"indicator--56eaca1a-1ff8-4a6c-a14f-4fd7950d210f",
"indicator--56eaca1b-1174-47a2-bee3-44fb950d210f",
"indicator--56eaca1b-72a8-44c8-a6b4-435b950d210f",
"indicator--56eaca1c-ba5c-4060-b2f3-448f950d210f",
"indicator--56eaca1d-2550-4f52-a4eb-4013950d210f",
"indicator--56eaca1d-4798-4db2-a91c-43df950d210f",
"indicator--56eaca1e-0274-4089-a96a-4589950d210f",
"indicator--56eaca1f-1784-4b13-952d-40b8950d210f",
"indicator--56eaca20-c958-4301-81fd-4cc8950d210f",
"indicator--56eaca20-2438-4c88-9f55-416c950d210f",
"indicator--56eaca21-e514-43db-bbb4-49b5950d210f",
"indicator--56eaca22-8fe8-45e6-8895-4814950d210f",
"indicator--56eaca22-468c-4311-b4b9-4d02950d210f",
"indicator--56eaca23-6fd8-46b6-a10b-4520950d210f",
"indicator--56eaca24-09cc-43d2-a67a-42ab950d210f",
"indicator--56eaca25-105c-4a4e-844c-4da0950d210f",
"indicator--56eaca25-efd4-4887-93c8-49d5950d210f",
"indicator--56eaca26-3d50-48f4-a3c8-4181950d210f",
"indicator--56eaca26-0d60-4105-96b4-4368950d210f",
"indicator--56eaca27-1a14-4e5b-8ce8-4fb7950d210f",
"indicator--56eaca28-0588-447f-baf8-4ca1950d210f",
"indicator--56eaca29-6008-4dde-93d6-4aff950d210f",
"indicator--56eaca29-07cc-4848-a68b-4c65950d210f",
"indicator--56eaca2a-7644-4ab8-8097-4022950d210f",
"indicator--56eaca2b-7b10-40f7-a0b1-4ce2950d210f",
"indicator--56eaca2c-1c48-4194-8f3d-4c59950d210f",
"indicator--56eaca2c-4bec-4afa-904d-4df7950d210f",
"indicator--56eaca2d-cff4-4840-a3df-478c950d210f",
"indicator--56eaca2e-2dbc-4698-89fa-47b1950d210f",
"indicator--56eaca2e-7b08-4ac8-965c-427a950d210f",
"indicator--56eacae6-cb28-44ab-931b-4723950d210f",
"indicator--56eacae6-5444-420e-bc08-43d5950d210f",
"indicator--56eacae7-ada0-4266-b01e-44b0950d210f",
"indicator--56eacb16-5800-4c75-8da3-4a7a950d210f",
"indicator--56eacb16-b578-4e27-9e7a-4a3f950d210f",
"indicator--56eacb16-457c-4333-86cf-48ad950d210f",
"indicator--56eacbf1-5038-4c64-8b52-45d4950d210f",
"indicator--56eacbf1-f69c-4b5f-9733-4398950d210f",
"indicator--56eacbf1-af44-4b79-83c4-4cdc950d210f",
"indicator--56eacbf2-5564-4bc6-80be-41a7950d210f",
"indicator--56eacbf2-02b4-42d4-b5e0-4e95950d210f",
"indicator--56eacbf2-e230-40b3-a942-4eaa950d210f",
"indicator--56eacbf3-0e2c-46d5-b7c3-411a950d210f",
"indicator--56eacbf3-8378-45a3-81a0-4971950d210f",
"indicator--56eacbf3-54cc-46d6-bed0-4b55950d210f",
"indicator--56eacbf4-b95c-4cbe-bf8f-4c36950d210f",
"indicator--56eacbf4-45bc-446a-b25f-48fe950d210f",
"indicator--56eacbf4-0278-4f1b-9c03-4b66950d210f",
"indicator--56eacbf5-06ac-4f04-ad0c-4651950d210f",
"indicator--56eacbf5-048c-4ef7-ab55-40d9950d210f",
"indicator--56eacbf5-8b94-4108-b026-4ada950d210f",
"indicator--56eacbf6-1334-47d1-a6cd-4bf4950d210f",
"indicator--56eacbf6-cec8-4a87-9e40-4144950d210f",
"indicator--56eacbf6-0bc0-46ff-ba56-4626950d210f",
"indicator--56eacbf7-22b8-479d-8187-41f8950d210f",
"indicator--56eacbf7-7a7c-4b29-87bf-448c950d210f",
"indicator--56eacbf7-ff24-4944-bff9-4925950d210f",
"indicator--56eacbf7-8850-446d-a496-4145950d210f",
"indicator--56eacbf8-d8e4-43d8-a92c-43a9950d210f",
"indicator--56eacbf8-6d48-4568-a565-49d8950d210f",
"indicator--56eacbf8-c164-4f4a-9d9b-4468950d210f",
"indicator--56eacbf9-352c-44a8-b8af-4ef0950d210f",
"indicator--56eacbf9-7070-4b9c-b80d-4226950d210f",
"indicator--56eacbfa-e8c0-4f55-bdce-48fb950d210f",
"indicator--56eacbfa-461c-4334-bd48-45b5950d210f",
"indicator--56eacbfa-8ef8-4f2c-b096-4bda950d210f",
"indicator--56eacbfb-b644-4b58-9fcc-4a16950d210f",
"indicator--56eacbfb-d958-4ab6-98c3-4121950d210f",
"indicator--56eacbfb-1a38-4f40-8663-454d950d210f",
"indicator--56eacbfc-b850-462f-9f45-4e74950d210f",
"indicator--56eacbfc-3f1c-4f7b-b440-43e5950d210f",
"indicator--56eacbfc-9ca4-4acf-9049-44ee950d210f",
"indicator--56eacbfd-0e3c-4d94-9198-4a02950d210f",
"indicator--56eacbfd-3788-438b-83b1-4078950d210f",
"indicator--56eacbfd-171c-4a08-9bb8-4bdc950d210f",
"indicator--56eacbfe-9e04-4ad2-b51f-4540950d210f",
"indicator--56eacbfe-457c-4d76-8fd1-43c5950d210f",
"indicator--56eacbff-3594-4fb3-9f99-4d97950d210f",
"indicator--56eacbff-f278-495d-a353-4bd8950d210f",
"indicator--56eacbff-2ea8-41c5-9a3c-4a35950d210f",
"indicator--56eacc00-a528-4c51-a370-470b950d210f",
"indicator--56eacc00-29f8-497c-b84d-4bb7950d210f",
"indicator--56eacc00-d89c-41dd-8716-4651950d210f",
"indicator--56eacc01-cb4c-489c-b715-4f99950d210f",
"observed-data--56eacc9e-211c-4173-ac60-4cff02de0b81",
"url--56eacc9e-211c-4173-ac60-4cff02de0b81",
"observed-data--56eacc9f-44cc-48b6-a055-43ba02de0b81",
"url--56eacc9f-44cc-48b6-a055-43ba02de0b81",
"observed-data--56eacc9f-3328-41a1-835c-41ba02de0b81",
"url--56eacc9f-3328-41a1-835c-41ba02de0b81",
"observed-data--56eacc9f-f430-4697-a779-40b002de0b81",
"url--56eacc9f-f430-4697-a779-40b002de0b81",
"observed-data--56eacca0-a27c-4958-9f41-4e4702de0b81",
"url--56eacca0-a27c-4958-9f41-4e4702de0b81",
"observed-data--56eacca0-3f44-415c-ad20-460402de0b81",
"url--56eacca0-3f44-415c-ad20-460402de0b81",
"observed-data--56eacca0-e128-4dde-a09c-4d6102de0b81",
"url--56eacca0-e128-4dde-a09c-4d6102de0b81",
"observed-data--56eacca1-6f44-4dde-b2e8-4e5b02de0b81",
"url--56eacca1-6f44-4dde-b2e8-4e5b02de0b81",
"observed-data--56eacca1-b4a8-4cee-a226-494d02de0b81",
"url--56eacca1-b4a8-4cee-a226-494d02de0b81",
"observed-data--56eacca1-e5c4-4f49-a818-433202de0b81",
"url--56eacca1-e5c4-4f49-a818-433202de0b81",
"observed-data--56eacca2-b798-434c-ad87-4f1d02de0b81",
"url--56eacca2-b798-434c-ad87-4f1d02de0b81",
"observed-data--56eacca2-671c-4ece-87bb-414b02de0b81",
"url--56eacca2-671c-4ece-87bb-414b02de0b81",
"observed-data--56eacca2-6138-4661-a545-429f02de0b81",
"url--56eacca2-6138-4661-a545-429f02de0b81",
"observed-data--56eacca3-a7c8-4de4-93f2-461c02de0b81",
"url--56eacca3-a7c8-4de4-93f2-461c02de0b81",
"observed-data--56eacca3-2104-42a0-8075-4c9102de0b81",
"url--56eacca3-2104-42a0-8075-4c9102de0b81",
"observed-data--56eacca3-2120-449d-a48e-46b102de0b81",
"url--56eacca3-2120-449d-a48e-46b102de0b81",
"observed-data--56eacca4-7624-4223-a99d-47f802de0b81",
"url--56eacca4-7624-4223-a99d-47f802de0b81",
"observed-data--56eacca4-69a4-43c3-9974-4f4002de0b81",
"url--56eacca4-69a4-43c3-9974-4f4002de0b81",
"observed-data--56eacca4-2c64-4571-b1bf-404d02de0b81",
"url--56eacca4-2c64-4571-b1bf-404d02de0b81",
"observed-data--56eacd5d-ba48-4ecc-be53-489b02de0b81",
"url--56eacd5d-ba48-4ecc-be53-489b02de0b81",
"indicator--56ead0a0-2f84-4b87-9215-4295950d210f",
"indicator--56ead0a0-e120-40cf-b3ce-4971950d210f",
"indicator--56ead0a1-e968-47ea-8d0c-4995950d210f",
"indicator--56ead0a2-23e0-4e9e-8f19-4b45950d210f",
"indicator--56ead0a2-b034-45e5-8dd8-4358950d210f",
"indicator--56ead0a3-8b74-4610-a21a-40b8950d210f",
"indicator--56ead0a4-cbe0-45af-a755-4183950d210f",
"indicator--56ead0a4-6868-4a21-8b76-4e6a950d210f",
"indicator--56ead0a5-5468-48cd-8c83-47ca950d210f",
"indicator--56ead0a6-63b4-4e00-a61e-4849950d210f",
"indicator--56ead0a7-e6b0-4969-ac04-4c4c950d210f",
"indicator--56ead0a7-3c74-40a3-8210-4cc4950d210f",
"indicator--56ead0a8-a450-4141-b8bb-40bb950d210f",
"indicator--56ead0a9-e568-4064-92dd-47af950d210f",
"indicator--56ead0a9-23fc-43c8-985e-4b9f950d210f",
"indicator--56ead0aa-4ea8-4931-bc7e-4de3950d210f",
"indicator--56ead0ab-a334-486e-b6f4-47eb950d210f",
"indicator--56ead0ac-e5a8-41b9-823f-4c1f950d210f",
"indicator--56ead0ac-f0bc-4f41-9b92-40ac950d210f",
"indicator--56ead0ad-3160-498f-aa22-4650950d210f",
"indicator--56ead0ae-dd64-4773-86ce-4a7a950d210f",
"indicator--56ead0ae-8ce0-4943-ac04-4b07950d210f",
"indicator--56ead0af-7554-44eb-9e27-4d18950d210f",
"indicator--56ead0b0-3a24-4c2d-b865-4391950d210f",
"indicator--56ead11b-2b20-4b0e-a60f-45ab950d210f",
"indicator--56ead11c-b0ec-46e3-a6f7-44c5950d210f",
"indicator--56ead11c-8058-4c0c-b2de-4c83950d210f",
"indicator--56ead11c-9f9c-4e80-b5f9-4f85950d210f",
"observed-data--56ead189-705c-45b0-882b-470f02de0b81",
"url--56ead189-705c-45b0-882b-470f02de0b81",
"observed-data--56ead189-a5c4-4cf1-8f73-4c9702de0b81",
"url--56ead189-a5c4-4cf1-8f73-4c9702de0b81",
"observed-data--56ead189-8ddc-4de0-afea-4f6c02de0b81",
"url--56ead189-8ddc-4de0-afea-4f6c02de0b81",
"observed-data--56ead18a-c850-49d4-aef8-439e02de0b81",
"url--56ead18a-c850-49d4-aef8-439e02de0b81",
"observed-data--56ead18a-354c-4fbd-b912-4c1a02de0b81",
"url--56ead18a-354c-4fbd-b912-4c1a02de0b81",
"observed-data--56ead18b-62e4-4a0d-8e2e-465002de0b81",
"url--56ead18b-62e4-4a0d-8e2e-465002de0b81",
"observed-data--56ead18b-853c-495f-9780-4f3902de0b81",
"url--56ead18b-853c-495f-9780-4f3902de0b81",
"observed-data--56ead18b-40f0-4969-9c51-4e4402de0b81",
"url--56ead18b-40f0-4969-9c51-4e4402de0b81",
"observed-data--56ead18c-ba10-4d24-bdf3-4a1b02de0b81",
"url--56ead18c-ba10-4d24-bdf3-4a1b02de0b81",
"observed-data--56ead18c-b6f0-4d96-804a-421b02de0b81",
"url--56ead18c-b6f0-4d96-804a-421b02de0b81",
"observed-data--56ead18c-0f5c-4205-9e46-4b6902de0b81",
"url--56ead18c-0f5c-4205-9e46-4b6902de0b81",
"observed-data--56ead18d-2520-4f06-a728-4bdd02de0b81",
"url--56ead18d-2520-4f06-a728-4bdd02de0b81",
"observed-data--56ead18d-6c48-443f-8f8f-4d5402de0b81",
"url--56ead18d-6c48-443f-8f8f-4d5402de0b81",
"observed-data--56ead18d-9ae8-41d7-b6d0-43bf02de0b81",
"url--56ead18d-9ae8-41d7-b6d0-43bf02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23a-7cd0-476d-934b-4044950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:02.000Z",
"modified": "2016-03-17T14:42:02.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://bartoszosamochodach.pl/r9ks1lc4n']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23b-14dc-45b6-a6b1-42db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:03.000Z",
"modified": "2016-03-17T14:42:03.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'bartoszosamochodach.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23b-e2e8-4690-965c-4cb4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:03.000Z",
"modified": "2016-03-17T14:42:03.000Z",
"description": "Download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '136.243.147.67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23b-8e80-4a02-b69f-4b5b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:03.000Z",
"modified": "2016-03-17T14:42:03.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://blog.couponndeal.us/wp-content/plugins/hello123/89h8btyfde445.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23b-1900-4947-a394-4c1a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:03.000Z",
"modified": "2016-03-17T14:42:03.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'blog.couponndeal.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23c-9058-4173-a240-4d5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:04.000Z",
"modified": "2016-03-17T14:42:04.000Z",
"description": "Download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.30.12.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23c-8c94-4ee8-8fab-47fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:04.000Z",
"modified": "2016-03-17T14:42:04.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://blog.jackintheboxworldwide.com/old5gs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23c-c808-4c30-80ab-41c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:04.000Z",
"modified": "2016-03-17T14:42:04.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'blog.jackintheboxworldwide.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23d-67d4-4934-983b-473e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:05.000Z",
"modified": "2016-03-17T14:42:05.000Z",
"description": "Download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.154.254.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23d-9b54-47b3-b3db-4869950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:05.000Z",
"modified": "2016-03-17T14:42:05.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://br4ndfor.com/5ud9sk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23d-0908-4b02-b7f3-4e6c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:05.000Z",
"modified": "2016-03-17T14:42:05.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'br4ndfor.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23d-0f88-4c60-8033-46dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:05.000Z",
"modified": "2016-03-17T14:42:05.000Z",
"description": "Download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.91.198.130']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23e-4514-4fe0-ad0c-4721950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:06.000Z",
"modified": "2016-03-17T14:42:06.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://crossfat.pl/3ikd5r']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23e-db88-4caf-bc6e-4990950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:06.000Z",
"modified": "2016-03-17T14:42:06.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'crossfat.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23e-e064-47a3-9092-4a16950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:06.000Z",
"modified": "2016-03-17T14:42:06.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://dogtrainclub.com/fik3n5as']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23f-4a48-440b-b3a4-4e85950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:07.000Z",
"modified": "2016-03-17T14:42:07.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'dogtrainclub.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23f-d114-4346-a633-4652950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:07.000Z",
"modified": "2016-03-17T14:42:07.000Z",
"description": "Download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.236.74.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23f-7ee4-4c62-9b42-4048950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:07.000Z",
"modified": "2016-03-17T14:42:07.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac23f-c1f8-4883-a3d3-429c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:07.000Z",
"modified": "2016-03-17T14:42:07.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'heavenlybhutan.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac240-2fcc-49ab-83bb-4c3e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:08.000Z",
"modified": "2016-03-17T14:42:08.000Z",
"description": "Download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.222.134.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac240-39b0-4cd2-98aa-4879950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:08.000Z",
"modified": "2016-03-17T14:42:08.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://immidia.tk/d4fj2sd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac240-12c0-408f-a0ea-4eb7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:08.000Z",
"modified": "2016-03-17T14:42:08.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'immidia.tk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac240-00e0-4c53-b7a4-47c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:08.000Z",
"modified": "2016-03-17T14:42:08.000Z",
"description": "Download location",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.185.189.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac241-8110-4e88-8757-480e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:09.000Z",
"modified": "2016-03-17T14:42:09.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://jaksprawdzicsamochodprzedzakupem.pl/o1pc9vx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac241-8b78-4488-8f5e-410f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:09.000Z",
"modified": "2016-03-17T14:42:09.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'jaksprawdzicsamochodprzedzakupem.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac241-dadc-40b1-adc9-4b7c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:09.000Z",
"modified": "2016-03-17T14:42:09.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://mockup.asia/x5ief']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac242-27a0-482b-9819-4f2e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:10.000Z",
"modified": "2016-03-17T14:42:10.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'mockup.asia']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac242-4b10-4ebe-a04b-4cef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:10.000Z",
"modified": "2016-03-17T14:42:10.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://myprimeminister.in/ne7ue8k']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac242-285c-4bb8-840b-4dbb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:10.000Z",
"modified": "2016-03-17T14:42:10.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'myprimeminister.in']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac243-0460-4ef4-86ed-4b6c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:11.000Z",
"modified": "2016-03-17T14:42:11.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://polscyspecjalisci.pl/x8bn3d5vs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac243-e110-4a66-93ba-4a03950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:11.000Z",
"modified": "2016-03-17T14:42:11.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'polscyspecjalisci.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac243-a244-4c25-b5d0-455d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:11.000Z",
"modified": "2016-03-17T14:42:11.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://projektantstyluzycia.pl/7a3kd4sf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac244-8940-45e4-b222-4229950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:12.000Z",
"modified": "2016-03-17T14:42:12.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'projektantstyluzycia.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac244-f58c-4e9e-8222-4993950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:12.000Z",
"modified": "2016-03-17T14:42:12.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://sharvaripriya.com/hd6as']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac244-df84-4be6-a71f-4811950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:12.000Z",
"modified": "2016-03-17T14:42:12.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'sharvaripriya.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac245-ca84-44fe-85d5-4fb3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:13.000Z",
"modified": "2016-03-17T14:42:13.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://sprawdzonywarsztat.pl/l6jkx1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac245-d9bc-409b-8545-409f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:13.000Z",
"modified": "2016-03-17T14:42:13.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'sprawdzonywarsztat.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac246-e374-4388-b84d-4551950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:13.000Z",
"modified": "2016-03-17T14:42:13.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://studio-lipinska.pl/ji2pk4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac246-c998-45c0-adab-48c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:14.000Z",
"modified": "2016-03-17T14:42:14.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'studio-lipinska.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac246-3508-40b2-886f-4349950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:14.000Z",
"modified": "2016-03-17T14:42:14.000Z",
"description": "Download location",
"pattern": "[url:value = 'http://wszystkocopotrzebne.pl/5h4fg8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac247-0c94-4f1b-bd4b-481a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:42:15.000Z",
"modified": "2016-03-17T14:42:15.000Z",
"description": "Download location",
"pattern": "[domain-name:value = 'wszystkocopotrzebne.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:42:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac293-b124-4554-9cbc-45f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:31.000Z",
"modified": "2016-03-17T14:43:31.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHB1cUgf+U2VcQcAAG8RAAAgABwANGM3NjFlMGI0MTA0ZjY0ZjZjZTA0NWY5ZjFjNDYyNWNVVAkAA5PC6laTwupWdXgLAAEEIQAAAAQhAAAAlXEPX35+sgEqnnSJVWmA1G2tqJi0A2bIa3Nc1ANDJGCykvB219riOQ1B0Sw3G/NrbzdDQg4jNoOAmUDCkPpOPF6+a/ENqM391WpeVLaQS+hAMczpTVoqRCzUa6bKTf9OEgREcRHauwTR8rO37X+xHGQo8m84mSueccIl2IbQha8gnicxZPmxGv8mypQYY/gdzWkesOiLUIuYpvb/dkFw6C4IoRT/++aWocGgiYC0Y/OKC5K0KMDKZ7++yG9SmlRoUZLXpaoy36XX0jyUMpxAmVQf0Cgol1hc1dQix8Al7ie0sBQ8E+LZdHA3yvdDNVAa0AI9dXJT/gPWL1FekTH+4N74zf7x71NTHMsiqPmwVCpk1pYyK0GTDOVVbAsSx6XD3QC+6JpSJpGWLXrVjLpGQE224mev7FU+aABW0lLf/JICsM7Jy45UwQZv2lscMVHlzWyWlmbFD9KJEqbbkzcHcu1rU8zmw0SGMC/O9ns+V2sV4vFBViFS1KhSnbrOxO1R4yGW7+caFuy1MBbYpySRY2UyZh4a1NLrYUhKNQLVLNeoO7h7+WoIq5fsZYe9p6Z/Zi6ZSamuShTUBzavx6vRt3g7Hb3UL3etHHVsllagIv6d/Zy0rthVuGCmmm1F0e4LQ7NFXeNzmVIzowczP7q1c2d0z9+xsFHYo35XgDIP65DQfZYmfFSD5xJDSPck1PUPZBm53+P+2NERXyPKHh2H2PBq9cN4QP+RAWIcSoi1SObwP0FBa7gRGMxdOirZyqKq5wMqeMWcH1cpfG9fXtBNN0HbYYUZ9eqr0OL0Sx1Xo5RZSZ/OUWrwtRYdRIDUY9uhnb4FbhHdYTMGe+VsQdm5sPA+HZQZcCdK1fBkmmR6Dpzpf8KY8RJksGUvTP+8f76w1H/3adEIcJ8iOOl88IbkV7BeDYphFMC0RbeCDbjVaVhw7cfUvDTvNApkUeVscV8oBFm6RAQ+Q3cy6dBsC3b96mT+oR8sT1t6+ICzddqTqD1lgiE4fnW4XXgXCgsZ9ikBAAyPwZdXYSbqWAhG3gqZq06dvbIFfs6IwRhpDjEwfmgplwDStKy4isKDh559NeWPL1/Yt49h8vBA0THbsYEAAkYy3kGmZYX2RCOn/6jfAlQxtcVSNnIPpPUKYMscNvSqGwVVyEBjnAjXnkxc2v1wgi/M6AfFfDeh5FKFVY+cDVO88AYCq1CrncAoDbRUJoJKvlya8Nlqi0EiOVQCyeh1Euw7ZyKoLHncwvppXMftc+iujJm0r48GDtOc4eNNPc/43Ucm/lDbqIpK5JsixZ0YxAavNjrlszTMI7PAf1WJ3Z7VeHg2cemDwE4LJyuiyRpEep6yUApALILbNzA39dDnKdK39je/ucTZ/pdWFdZSzgPYGuTwDspkU935DkDB2B2RBxnoH0YgGrp23y6ZC9AJpTARyunihafmaVUOv4miXt0tGj8+cySz4MbzuNRXV6XHzwkFrw0AlXZ0pkEhG6ZJgcRvLWA6F4vnk83deJiNMvlW7QfHH7GlWwPFTgFKsKjcnpOrUaljhALp6QmCJC3mSCSJeV8SDDWACeYMqtCh3sIj97eRJFB7PssEcT/m5/r/o7z1QfdMW9SYJbjvXb8lPZ9w7V8ptFfkqjAAqivjxxAQUZra9C9ZZ9/lxfN2zC+qV4PXvlH5+NbzGp7vPt2vVSlzegQguY20NjS7OLK6kv1bAPl7jfUIx8n2RTmqe/wYZm05HufArfB/o0RPzTSagNAgoU485QXLTLYez6bfZCT6JkxYx3va094+B7wrGj4ADMp5hM208kpUehATJfiHmv95coORsgiXSaPPYq5C8xao8KlcEE32l2fyXq2bBoYrCv/z8RArsQ6ZXDVmiiA8SSxLihRvQGZsgYGYouDF/M6iLEnz+ILPdiTv1RNYoRCuoenQTcZKVfVdKqxvX2/cN7ccvX8/LYjGByB7FWDhR4dD/fnT7ZfAEns+LUJF1R2WN1QElMFupXpc7wTd6+M1NvdhRZqpiVqy6++EN/5J3vcPrG84bGuZr+rA013mWLY2xMCEcpQjtyxk4VXPrtEG/mD691L6QT9T35gwkVyRD5Ug6cfnXkJ5f6CbcpcU22GDiGaTT6BI1Ju+v3NCJOyM2BRqBaRHvrN8nBeEEaGPJ16TvxR35T/mgbxYQ5ztERPTs9DStSCNOuSd2BlRPZIlmzlnrvEu+pl92rHYpyFt1PrGLkQb/4q33evLs32Zx1Gdrq32GdimEzS6yYwZRD2Wk2UeZ+vW2qonLMgx/i1LjqsgL8s4ZNH2hDBC5ThsEDIq6LUmM4QqtJA93PalgkPxqzaDsST/ifFii8jmrXq97hQUTfFox072AtZUEtYxcvcPPD/D4cHltCcxQV61sgHAsYYeLe5scLzDvfyyrtTLO2HybRB3zRIzXzNBINK29/a4MV2v4N9o7cbdpopaf7ivmkKsXdy+690jqfvbm+10zmv2uqooTzcvp/PvRSKpSPgnTuXdZyAfP8MkNxD5M5WKVAogbhy3KUyfQQXDTzKQXEF2UEsHCB/5TZVxBwAAbxEAAFBLAwQKAAkAAABwdXFIDPe1Fh8AAAATAAAALQAcADRjNzYxZTBiNDEwNGY2NGY2Y2UwNDVmOWYxYzQ2MjVjLmZpbGVuYW1lLnR4dFVUCQADk8LqVpPC6lZ1eAsAAQQhAAAABCEAAAB9wAOJu/6GqQVkuB/IgfLnK3Sj2HyaczvI9svBP0JZUEsHCAz3tRYfAAAAEwAAAFBLAQIeAxQACQAIAHB1cUgf+U2VcQcAAG8RAAAgABgAAAAAAAEAAACkgQAAAAA0Yzc2MWUwYjQxMDRmNjRmNmNlMDQ1ZjlmMWM0NjI1Y1VUBQADk8LqVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAHB1cUgM97UWHwAAABMAAAAtABgAAAAAAAEAAACkgdsHAAA0Yzc2MWUwYjQxMDRmNjRmNmNlMDQ1ZjlmMWM0NjI1Yy5maWxlbmFtZS50eHRVVAUAA5PC6lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcQgAAAAA' AND file:name = 'billing_2ed35c7d.js' AND file:hashes.MD5 = '4c761e0b4104f64f6ce045f9f1c4625c' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac294-029c-45cf-bc16-4acd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:32.000Z",
"modified": "2016-03-17T14:43:32.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_2ed35c7d.js' AND file:hashes.SHA1 = '074c49198802e4e53d855fa98cab2cd62313d24e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac295-c148-4f3d-ad50-40e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:33.000Z",
"modified": "2016-03-17T14:43:33.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_2ed35c7d.js' AND file:hashes.SHA256 = 'd3c49c72a345734c0ee2aa9ca1df121c793bdbefc0055168238436c0ff9db76d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac296-46c8-46d8-b363-424f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:33.000Z",
"modified": "2016-03-17T14:43:33.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHF1cUg7E8JJfgcAAAMRAAAgABwAY2JjYjk2YjFjOTMyMmZhZmUwZjBmMTA4NmE4NGRiMTlVVAkAA5XC6laVwupWdXgLAAEEIQAAAAQhAAAAabiMXH3T7vZL29y/vbiW8jk8Ks/sqV7xqyuTlKMTjxukW7Od2PV7Xo+TJ+R/Qz7QMzGMjJScQD77ox0ucgKkLsGHCUxirQ7sLtBPaEH7eC31Cm8LupFruZ2Rpr3mTLga/AKs28XD23hJkfosUKCW4UHOqjliTJfCPELvQ2XwFNyupWTI6ecSeYMX5nPYSOoJbrTjWIyJjQYpJ66FaZPpIgeG4zwiiThIRIe+V+Kn7AB5pCXzWuD/DB1QyE3pLbp3OkidApw38sv+go/fLu96BvDPNrh8ztOngPumIZyxEGDvkEnoUGhmvkVIrYXxk8uGlVOStGvswJjuc5MojWPXPImikgobh1U0bbK2mw7eZ6nR+k84YdLeVntL5JzntR2L8Chm6tBKUrVF/DcAnv/OYy4st6H8emMeex4EN0GV4dDYnAng5BSlI+GPlXF4P9WvfmqGr5QCDoZi0ndh8WhmSfEMYrvuJeMbEF6+i2FyHifPlLlZScAzl9/IvNAx3ITa+TButFW5rpo0UzIQ9REilzjza5Q6K2Rvk5o3K/vs+FA+09dwFbcLmaAWA4dsIDo9T37+FxPnJIYvZX/HzLoCu2ytYJGqnk387wx4mDO89ZXWHLFTyoXevIMJDSB/aHWaL9ttyVohHLvQWIjwB254VYDE8pynWZanTLTuEbo389eGe/yHoqUNqDg2A2Djqz8z0vRre0UarijI8xo+23aIYb7qm8Lkb8UG+pXfeDnj3eUCqOWsm3bWGx7f0nHn35I5RBgsYoV7tcIh49UBfN8FqP2ARu+1KKh5R9B2IX/wmND0LVac/oHdJiA8vOR7LRR2Bh+JCr3qpOb3I5oOolJKzzctWRqFpRVtXeWWv6c67BUzGDfFcCfqsu2hgcDRJRVuw0P989zcrIQqQcn6r1KPzty9iGCsdlaUQCGZz3Rmeb/9JaWqrsHOJl7DJ15HaiUTqE4p2sWk9T6a5kmQdJtmTNk/ATiiLH5RqbsOeJXbHdNN01LTf1mG5Ak+HCTfINEvZBB0Dvrv5tTHr4bP6OBZkksBxKygWzQ+QpAm9IH0buXCcgSM6Y0BGSKHGpo0ar5s+OZtMWeVZzM3cU2oS2DwpjoL/OOJU6Jgj9VJdEiKLjLl/hS8ZrnTWR5rlib1iTDnKiGPpYdqteu/wW50HCXCFbtCTxM26rGkYzHZxksLvmr84AJRhhj2D+VT59Lz2BBUk/m/r5/udZGtoDyOOLGicOcfXqIHLtHz9hEEp5/RaR9P4ygAflFB+45H6newV7CDqnkVgvXBrUL7zaltvbG9UMVueLW2hdc2n43dUDAUYAIjN5WOMks9ZOCjvuGOrybwaQ5SzoRO/PNLkA1+IJvIPjGtqvgtD8u52YKIZdRJTofZCcqq9jvNqRT9SxGnKvqAWi7kh48nHam5eRB/9Jm0Dbs7KkdsVnMD6to8YeA3leRpZ2Fss0K2XgKrzSY47I1ACBf4aLotCEaWmdo4PPMUQrG7KAod91JcJk7uezxL+TELAcJk9fbIcfEX1u1jQjxCS714brNO2Fqc4YGpzXWibD6zavCKsKeaWnYedyCKoNocT0lhpZmaVOfTn5xyL2kN1KMOFMBjizxpVQbCdr4BdWeKbnO71XwYHAXkMQhn67pOvdK4qxfgc0Oj7W/QYU+U0s9To/ycZnYp540l5UruxmO5PVmGNHfnrq1MdeizP+o63XghTrHb7LpknkvVWwvrt1K47zw1/b+M+XvnJ9kNO6qmGAaM3uP4mLNgKYRNJoZIWwi6nDderS33JelB29yFrT6eKR+0ggJ/+kRBAE7s8Ytls+zCwYHbhWet+BUJa8vPN7inTEwuvGQo0/fyD9kyTZJzw35S3qb9a4iFshcFFnUCIHYQLCf0CZFxi7Le9gVLoqW7Q8hI9HoH04f7JmW5l0rb6dOXildZAjMi4FWvfVuOn5xzakj4C4LBodH3aZUDU72BC3hMN/Lnxj9yMDfzwpaZlYcXKltV28O8+5mAZCJjdQ7QUM5+fOvrXYnZ/JM/TAa/cg6NcChK7FjAkOdZwowBaavO6/vnBSR27EHosWmUq/6z4Tcq8sZMNTxALAIXHdjIm9Jo/fOp0eoELWKeIYBRtmfcULJjsxgfXefE6ad/zI577G9LripK2fPTRrJtwMWgJoUp7GzuGD5ADLG4ClJOa6p1CMPGMo98BgBx/MoKdSaFyNVfvNcrktNq8ho7fuufQLaGhFT43HAjC3C1xwEVi6NaXSzlfqwJ9V44taPu6cDwQkKVUWlX7qaX4JqsG8r8QguLMSbfSHLUmXkmBjmpvjAOA5v1hhSybUatN4RIFLnstLV4ewSTcuK6ysCL+wOJaxd+qdLZbX0bv7f2FP0pf4lgi9EPFn5t2pmAyQS78GG55+uVrQ0BUX+UCasQYQCzUJOOpjmJP5Y3uvaD4LKnz4Bu9u64w5eU0WA5NfYGvp431TyXSQXiyyyTaXg6SIIVdf79GZMCcY7RiJ0FAyZEMCCajlGYmiJVvaXuHsxuy+E23Bypl8/mqvmqRnCf8EPsPsC3DoV5Oiou3lBLBwg7E8JJfgcAAAMRAABQSwMECgAJAAAAcXVxSEDVbm0dAAAAEQAAAC0AHABjYmNiOTZiMWM5MzIyZmFmZTBmMGYxMDg2YTg0ZGIxOS5maWxlbmFtZS50eHRVVAkAA5XC6laVwupWdXgLAAEEIQAAAAQhAAAAeogg/jVAUMdm9P4BulpNhzn0N/MD/ZjJXpyxTo5QSwcIQNVubR0AAAARAAAAUEsBAh4DFAAJAAgAcXVxSDsTwkl+BwAAAxEAACAAGAAAAAAAAQAAAKSBAAAAAGNiY2I5NmIxYzkzMjJmYWZlMGYwZjEwODZhODRkYjE5VVQFAAOVwupWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAcXVxSEDVbm0dAAAAEQAAAC0AGAAAAAAAAQAAAKSB6AcAAGNiY2I5NmIxYzkzMjJmYWZlMGYwZjEwODZhODRkYjE5LmZpbGVuYW1lLnR4dFVUBQADlcLqVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAB8CAAAAAA=' AND file:name = 'billing_04c689.js' AND file:hashes.MD5 = 'cbcb96b1c9322fafe0f0f1086a84db19' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac296-e140-4372-ae61-429e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:34.000Z",
"modified": "2016-03-17T14:43:34.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_04c689.js' AND file:hashes.SHA1 = '2acfcbb0c51384f445cfedd3cbfae3579a683933']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac297-54ac-46c4-ad8c-42d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:35.000Z",
"modified": "2016-03-17T14:43:35.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_04c689.js' AND file:hashes.SHA256 = '38cd48d60526e77711d71245f8525a982803e97faf46b366a0c8e147a3d37a50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac298-0f1c-4dc8-b1c5-4838950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:36.000Z",
"modified": "2016-03-17T14:43:36.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHJ1cUiT8Oho3gcAAIQSAAAgABwAMjdlMjNjNDk0ZjY3NTg3ODNmMzQzMTUxMTUzODNlY2VVVAkAA5jC6laYwupWdXgLAAEEIQAAAAQhAAAAmH2JDhSdcxz3nBvuA/+qgou8YREpVTsvYII0dVUOzCNRHGwerbfn4x2xZpieVWl7YJF8jHmGvkTmPeBcpTYlKMR4mqYtxSD786F3fYxOICr15a4iQ50RtvP2uXrOQSzV3so7ZZISwOvlvp7GidjteLJvk46g2d4NLFmilBhn8cwzT2PZyasnZ/qW9IutBelDWbPDcyiOnmi+vAkgw/94XSsLn3aRpeD2sbQwTRJUqFzN3raKwRiSimID/u7EL6YOAPpLuqVthVdXYdsRzchJLDmXFq56Pj1yelPCm/+Vlp3T3D7/NI9pPe/CRcySOCe8X7QwXuZLEWJGvv0XUhSZHtu75x36nZDlSdLXe/HCcEyUIyqqdI1ZLRL01Mq5Rs+/e5VDPXeIwLgTpWE1zh40WGPILy7ilVedAaYpgttOPKEh+KB6iW/01Zvn3HCHISuzXWrTPDIelpzo2oOyBKRXSDB3lhOJmNWp9/6ZuOnrt8I8H2ggmWrcDkTWBXcDnCux3H2rB74goszNQJNy6EEgdsco3YQh7Xad0lO66GkxMgsr8aBd14rP/8jlSoAQ/WwF1pDX80SB4lQSGTnPy3+5QIhkQCQfLf1uDSd336xrkh/SJOS3Lv4P6w1JR3Tns6964xgR+XOPqDjRkm8ujvZ9MI4//KlDJvsm65EcjaKf/KWQ4sKYwgjCc5jqsHbMMFCg9zlF2cwlIu2XHeqBsQuI11k/fpeJjxkm37R6aKeVRDGowA7Yv7lj87vCVxevnom1VHtIu3+kVOlCqPzG1/EsYCsFCiajLrePddQLAornkNEFiLY7ttQnLPKTcUcGQPcifKU8A9T9QArM5Yb9/D3bCZ3h8T4eRd7KRQOcryuD1JTPUzvhyXkK7Xzmx2SjPAEXA/ZWBc+53qvzIzTa0pLmfuKStR+1MHHNbevxMl5SSnQLiMjFVrjDE0zlTzdg7rrPpNd7np771jMObeTRZMJngE7j1Xc4B098JYpN1D+RLDdUPfPGwU7G5TpnVrr4oZD9kx5pqtJw2dgs73EW8Ln1ogS9zVYoUhet70+jVPDmBFgRoJE3+3Xr6wzfJCqqnMzmQoGyYnKrIwJKM4DrWc9LK38hQRD/nhQ5JNwVneW6uhJPrX5HUd4YK+tqCREALknJIBncJLFp3X4kOYfZXcbSPX8C2StvfrVFOaOC1KsQdDBg7qRbxlzW3lcxg1AUT3rAnD4QyVc9VgmtE7EupNBf3yauu2CmQWkunPA55lHrzH1EHNg+zjwAONRkfqaACirzMyLP00zKvgUqm790+zNxQtqoHcfEYHaKNuxO98Nv/hXKMedfEn4/Xp1cSsUVx/cLmREJnf014YVLPXzamFrlutc5JFg9BeEydf9gVDYugeahzjq15Tz4DVCXz4uBnHCBw0f92H41J73iSMbLBZ4TF2m2dpQso72GuxZfOUh7zy5cV0TeBmppFQDWyBBSy9dt7e7UlJmjw4KPYfwXCLWL/iiZZK2ao285vT68JA26nU9FCnBJqpNb6JIaHvJj0ks4kSr9xRlLSVQVZ36+dA1jb/xFEyvBiRdE0trOaTKyl6s6qXed8bYMPuMpHxV0rib6++9pKzeUVK/SPdj6Ih84Kk24HL/q99dHv1dlp9EQiQQ9UlSp7pqANz5ycsrRgb3AQHOWCvvWOXySsniC6G32zINQBOVLQA39QajG8hPqDa7Ci34RpzALpn2itNVACFJR48AKEGC/GWekuJ0oG3RmImXgWUd3/gH/Z7PCL3yg+WRh+kCIgWoFfnuNLm/wzqThTH7gj2SWSIOomqjYOnBCPhaw5zjoF19+jkRagtQa4B0rIuA025M+wOVRaT7ZNCkGBmMeCmOtHoz1WU064mkkoIzci8LelLQvPjNLGdrGwR+t/U5u/n1R0e8VdgyaaGZtFGFNjZcA4QITD8a61SqMk4guQsSvzXG0V0prGVTuM8D/Ttc4jtgdTY+T3mf3qcFrrIhmcSBJ861kgZkYHhGOsznyWR4wTXgXEhScZENundeuMWv/9CH8F3XbdztxUrT1rgZ1vRUMxD6EKP88cSwGYuXkc7s6es78waUK50mYWeWsz6fri3YCg+LXmXdfC4CbcueNAJ2vcGOw71y9bwsXO6pz82iW6JtT32wfwQv5iqECLgrePYFIClyzdl+lVrc81T/vu+enp5hJaaBeJd3csfGfRl1HGAl85A4fKPmgjGo7Ta8lJCXjT1/FSHWI5gFWBt7Ba9iT5G6UWYUm/TmY8ssHO27HNCTkqpFKsR7G+BaIBNdwxW+reTUPNp/Fw6En3Co6LxfmxTktZigAMon9W84ZDOZ/9O6i56ZG0PuoCzKALadDD7x5VG+AkC0W4NYuYwrpUsPavdapp6wslAvN5SVhvGq8PiGNj8TXzF8X9abPO7JAj+YmBUm3andSMnDZPYoeS2xXr6GcC/1CRAdZYQQ7wczG2T6HUtHMD7GeoYc9Y9iZf9xBKt9dwcg+e+hNEhRxBBdqcowaKkYdEcwwITD1hAqk0xfbavVAnVvA2tuJEry4serOzUymkE7kb3RBhqTxsYF2B+OthQASB5AoOafF0VeLeusewLfQfLo2KKNfOXMb08d3y1LTarMxeuivCc37nJDw1ILPanCdSI3VJNlAqGPbSJxlJG22HNqp3A4k3gEtd1FOUejiKhFEiVBLBwiT8Oho3gcAAIQSAABQSwMECgAJAAAAcnVxSDXVPH0dAAAAEQAAAC0AHAAyN2UyM2M0OTRmNjc1ODc4M2YzNDMxNTExNTM4M2VjZS5maWxlbmFtZS50eHRVVAkAA5jC6laYwupWdXgLAAEEIQAAAAQhAAAAfshcqFe5ux6ajubniWwO9f0ZskxMGDCpcnyxpjtQSwcINdU8fR0AAAARAAAAUEsBAh4DFAAJAAgAcnVxSJPw6GjeBwAAhBIAACAAGAAAAAAAAQAAAKSBAAAAADI3ZTIzYzQ5NGY2NzU4NzgzZjM0MzE1MTE1MzgzZWNlVVQFAAOYwupWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAcnVxSDXVPH0dAAAAEQAAAC0AGAAAAAAAAQAAAKSBSAgAADI3ZTIzYzQ5NGY2NzU4NzgzZjM0MzE1MTE1MzgzZWNlLmZpbGVuYW1lLnR4dFVUBQADmMLqVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAADcCAAAAAA=' AND file:name = 'billing_31a3af.js' AND file:hashes.MD5 = '27e23c494f6758783f34315115383ece' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac298-a4e0-4d6f-87ef-46de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:36.000Z",
"modified": "2016-03-17T14:43:36.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_31a3af.js' AND file:hashes.SHA1 = 'fa5d781cb7081431d4bb92b9b590ae5d1e3748d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac299-212c-4323-aa33-4241950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:37.000Z",
"modified": "2016-03-17T14:43:37.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_31a3af.js' AND file:hashes.SHA256 = '7526ef2d7a7195ccb2f9b1ed9c4be69477643056679974d2f1a405920df2f830']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac29a-1fcc-423d-9e72-4a19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:38.000Z",
"modified": "2016-03-17T14:43:38.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHN1cUhPgiKFPgcAAPsQAAAgABwAZTU4NWI3ZWQ0ODIwMWRiOTdiYjEwMmE2NmFiMjA0MDlVVAkAA5rC6laawupWdXgLAAEEIQAAAAQhAAAAmH2JDhSdcxz3nBq+JVU6AiedjYC7aTM6ckb75gd+9Gcm8h8qFfMYFDWJoARxSf+/mxxgPekuDfBWAdN7L4/o9Dcr4H2v5qjDX0DMWKZE0pueJRTxEXz0nF+69NjQzg8iXaY+/fPalW2KfLvRz6kOHISf7Qbl/d2JAjvqdAg9ebrVmib8ocP7iVUIR9qy8aQr1SjctmeYVn0qUdZxOx8vOituVQIdXEYtDdyFVseAIFgYIUJ4lv2TFDtuWFRSmq0Yvc+1QUNBr1npidlZ5tWx4w2uiMbZLuxm9fS6tw5fIKsQ1J8HFHZFjWzDUGkIQOiN+rRqE5zH18j81bAj++FIX6Z7nT/G8quzMcKAveFXG0L/Kb3kKjJ+ktu0+QgQUF/2KOxWuTnQwMdQ1odxo3ELZjz0V/Jre/Txb0Es09sg77zTSC1BVzsTgulIKsP8IfzDW//13W6u94GJ/JZgoI/aROQSmXrRSrHbPZyijVQJUUcMGlmHhQCUS2CWgKhxHpb7UV+e6AxtchSKlHTjTiuc+tnUjqNQrxTL8LzCGSFjlJV90/az/y3HW08aWKAd0J3lT4YVltkzk7HKlBwTKeBF8acPTmWkN7hfuCil2PQXxfAOHWIKLZqZTzsqv9ugktgc4kHT0dJta9TEuiOpemgyFDDpK2TJKy4+iW5E5nWS7634pY2o1b7u1LSsRP60AYodyCsUAn2phaAFgWtt6yAndLDGC8Jkes3ZGrUsDhLDLdNOlvcZ4auWdPsD5qsERJwOUPC7gxxjUOCsYAspEYvZcdw44vIHT+i4YwKNS7D4EneRzlxAJWKslf+UNL1sDePZZqpE7TvQ5HoL3fWfiOvCUy2L/6GsabHpmZ1GNm/qmFyyJO7VT+hjTit1ZK37jOFWQrg7rlD3XPWjKv4V7sT7m/Dd5iRKFWuV6yxjo8drIZvBAvFGZxb/u+vIrmXCEj/OgLRlrPQ5Z6C2f5t/iIWg1xrtSrntAbluYht8Cfb6+ecjPOId1N3EY6jxgJtig68FM2CjjsP/QrIB37LibEADAevpSsj9/S8FwphqxhYRNBUdm16kIfmHRjvk1JO7IYy7DarbA+KBBX2QH6a9HD7E/QLUHlXnkjek8Arkyd9CxNewX8ZlT2Swaibycw5ALgLe5ijOClwFRwSFslqzGBkpMIm6ko0yFQxcI+lrk99+NOfahsYdGEHu67E6ZLHI0sbjPFGGq8wDNxkJ1aMrEJNdy7VTUeedusP4tthJynUSPneW+l5KHIjKEZSKm36wVw2hSa4eUdvRFT4PIPQVKKUMivbk3Y2fUmdg7vAVXV+oxdMEZo/EYbdIGY+SVAttLxBo6zLfsg+/7fRhpm6lzo8SCd1dZmiD5JcJbGzDBWbZRO42uaEmAcgibbDIXQ0LJ2Em+63+32sVzeRbwlUIzmmz6J/nqrjkHcwIMNay+Svm03jgLyF7Z3MqbtTtpL+4lc82ZPgjxHYTDLcmLLG2Jvenqggdofr9yv5jPnxAPh4e5q/F+8WzwMnslTyTcvgmPOEO7feGESwtiN84bVEdHMMYk+zqXfhWtsEyu0SVOc5IbW0IMoHnts2ocKHsp3R3SB4PNaPujgoinJosFEjdJU0mYamUjHS8zNDTJ2NSVb9OKGs+9Q/xuqLcyD3rZ+3gu1vg2F6cjLiQFWQo77NJAjAQ/RSN5EHmMsvV42xywoapxLKT5G1iTMt2FIpFNrV1IBERhrotlNuoh6Xp9kWe2CE6B89ECNGPPJvM9jDD+yniioPYD+M8iQk/hy2darh1GNBdTMKyx3L8ckZNy3BljePMHvF8t7f8W7LOjmcuayl2UBPVZXlZo7XxKfYP+5xgeGK4sTSPoWE6gHfhsUlD6FpnilJ98Bgd00eQNXqfLW+y5KGmY9sbMKj+Y+g/DZfOB3tC/JE1xYLJHD3mQiujUJL2dmK6r5kXs1SL4mFE89AXFB9wxuBDrRUpfxSi70i+WAZdFSSpbT9ldTKU1yTZFGTV5u0+mY8b5NQ7X1UwV9fAEqGW8AcBL4eHNCvlXy2Ky1ZUDppj9rlxRh62dc24KVcKMQziJed9dS5tg7H0o/i71ghHLwMFfCgWdpof12JJDhts3TKt4ipiWKCt/fCqE0uldjAcDGdftyo2fuh+Acrb0+BhCY2vdrfnCxCmgV6j11ZG02sbe+SLMqD1q3o/yIq7Xj8y8l4Wpy7QsZ30kkh6xCN19Qb5hrhKVQCq3Ei3kNVrXd7skJe2mDooBC83eb9CLOXKUJl6CRZe6ofzQB9MIETd+WgEZftk61OoFIx4Nse4WK62o4g0IJfNr5+tJKdhpkGIDINss42pjx6TLiKxn3/oLsJgjQ09P/Gl/J88mM0CzcU95otn3nZzZWMP1DBTOXGDsji0xgCL1olCndME8x4RPqoHl1Bvp+8/cmYeNJlIQP681aLWrOiFWwnpoQDCCQLsNdxIErnHcOXSQviRUEsHCE+CIoU+BwAA+xAAAFBLAwQKAAkAAABzdXFIRHnbyB8AAAATAAAALQAcAGU1ODViN2VkNDgyMDFkYjk3YmIxMDJhNjZhYjIwNDA5LmZpbGVuYW1lLnR4dFVUCQADmsLqVprC6lZ1eAsAAQQhAAAABCEAAAB+yFyoV7m7HpqO5z4ot5uCmC0ZHPm4wxb09YYFveqWUEsHCER528gfAAAAEwAAAFBLAQIeAxQACQAIAHN1cUhPgiKFPgcAAPsQAAAgABgAAAAAAAEAAACkgQAAAABlNTg1YjdlZDQ4MjAxZGI5N2JiMTAyYTY2YWIyMDQwOVVUBQADmsLqVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAHN1cUhEedvIHwAAABMAAAAtABgAAAAAAAEAAACkgagHAABlNTg1YjdlZDQ4MjAxZGI5N2JiMTAyYTY2YWIyMDQwOS5maWxlbmFtZS50eHRVVAUAA5rC6lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAPggAAAAA' AND file:name = 'billing_53a7f4a9.js' AND file:hashes.MD5 = 'e585b7ed48201db97bb102a66ab20409' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac29a-5fe4-4e69-adf4-4287950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:38.000Z",
"modified": "2016-03-17T14:43:38.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_53a7f4a9.js' AND file:hashes.SHA1 = 'ffeee81d9c75e36b4b7a3d2ee1b8462030d7dcd8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac29b-f2ec-4b5f-9a51-4457950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:39.000Z",
"modified": "2016-03-17T14:43:39.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_53a7f4a9.js' AND file:hashes.SHA256 = '53afefa1c4657a5503c6b81292f0fbad9dfe190f5c313004a351798374ed6369']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac29c-b000-420e-8968-4026950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:40.000Z",
"modified": "2016-03-17T14:43:40.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHR1cUhxa4Z+cQcAACoRAAAgABwANTE0YjQ2ODRkMjEyMmE3MDZjNDdjMGU0NmY4YzFiNjJVVAkAA5zC6lacwupWdXgLAAEEIQAAAAQhAAAAr5jobPbXU/eDEUpITan5MjFwp4Hrg6qxNdO/XUncj95Xx3f5G0D8pSyg2zZiAz8crfsgANsLgMp7TE5l7pC3y6JzIm0HkTrj2po9GOgCrW9KBoKnSlBlDI9CNWmioB5zYNBknamG9Mf5mAPg9eKI4g/FdVW+Ba7TuJIIcYNRsXGLv5Ixvs02qzMUsTZwTnG+WeRCImD6A+S3PIn6SqZeaP+ncKyehZ8g1IGZy5HPp7Q3Oz/3xOQ4+MUSUAunj69uvzyOZXFLoYCSKNanbRBEgk/I0GKRSvLbBVgvJ9nNEGL5poy4hBgE91PLQYBIsc5RwqDl1zBTcqoJ+n0l72aR0eoOiRcp5IrMWSmrHZX4j58bc6iXXySHuPY9XIuimQ9J3V9Q/rNH2p+vf62JE7aPkOGzlja/8c1icxpERs7hW6TRPm6PBC1vWP03yQSp6d8NYHfOo4kYiAnMIrpniibse2fejyIT652gBuEFSctpX1nX8OI7iaafJ3d1Nv/zgTzq6aB4aNGMwpz24kKP96J/+tB8PY8NI1vwsUVWASbK9wwjGnPrxltbpIe6BGSzIfgQT5KOi1gUEkF8QBvO0DoBQFTYWH/cZjKzl3/eNWxy6CLm417JUmLuj39MiqKm/LRoNxFrAmSm9Zi1wZV1TIX1gQb1DdEONTQ/QqmDTaFoptovPacK+WaSs/7LFNoourLAEoxRcNVXTgY6VRW+Zdi69m2f3GhwWT57w52Ve0MsCn0tRmOpWlJtNpJh71kkGccjMHS5SCP8ssm7v1x/K0bvOqxvdZvTOx8Dg/B0SLY3YykDXQazS6EIqSflnK+YeMSInD6jeQRCr82VDBe3FKLIH4EwP4YPTxqRucTFaC0N/oPeeugySzz4mc6RLZzWgMh8Htr3uGYcg+xP8/LjsHupG3dN7duDtnlWUB2mX3h+R4bCRKN4EhDZG8r1v0yoVwGtOxjs7VIi2etGsU2MeKr2Jz8RLA7ZwvKS9PcZ+IWmgV9gAB8B3h7r8fCUqTnWKe9jW1MV9+v/hknooyDGXsd11rbl4A/FXExThriPXVSnAgc9mIUQGLN47mfwSK1NPsRw+W75Vx/9orYZNPWpD3vj0qmQnBqkujh9b3LUVJa6x76yUHJIRanBPT7qjzZobZkANgyl9iwFolEJWtMSDvhTBoEP0GD4hZU7oJmDhXrwBHlECVk/mO6iA+jZUn865ksiHMiuPGcFsoWSvX9Z3UqfIL0raNA9G4HOLtOiqWMpbZcI+03HgUeosxeG5a8QXJ/wup/zciZg7z6Dan8nIRmMiJsMnq7O7lJUuWrIThrwSVwOHBR3O5ooisuKtewG0zR6fkWRQtfeTh+7LwRLXqeKiZ+Z3/kFTv/4gaMDopB/OiF/HZxMuBdHxWCiLaILSOJtFexalm9J5piSDTSL4qU9b2BzuG01NWESqpjJKQ++Xq25bw/EtepdfbkMTMiXGh8jd9gKl8MrmBktRQ1LjHsC5+rG4jwZO6AXSlBagp6PF/jKqYH0i935NhnOCD6wdLfMg2EhBbmXQu/0yj6+WoS396mI0nazOKJzLtji0ofd6ErDkCB2AsK4Y9pquyEd0Euji88UhMKTfg++eHxWJJo1uwZCiePUQlULMA6Z5sHm6IZZMzo613MpLLnB8FG3X3CW1EMce6b0ricvqgvoIaE+G9PpWHOt+PeONskTZkQUvWNrlpYhPirZROMSGDMtCiN1QiS3N9fp1Gamb494AgrtakPTPUtW0x5cDELtVTO/QcZQpB0pJy3+mExG5uDL9nNUTH7Qdxe9zvxUJq0h9b3RDJp8og5QO5/5QT9MN4k2i/W+vOZ3wGoAHdFYzC1IbeI2HWyFHRyA3hmFKFdr7fRVqdFS+55j1tRPYLyzKbHnWwpzuHLFQ3uE1BhJUUwyhv9mL5QTuBJmPuDwXEuPN+Ny0p8WaSacPz0WxE8jrTi10NfLYWd/plHVgTELNdAus+KXdND1NYQu/pRRyn7wzjPF2lqaBZPQmm50P542s3KvzjlG4UbmtGdY8yd/P6Xegz3o7Nv5xmW4E55VFsduu40Xt1g8YsnjPl4H8h8BfVb9Bg3IrBX/iw8S8kd1rAP/HP9PQWd5t1iISBd/Jyj2oNfcr3+zewS+3Oy6YmolLQvymsCJi96ckPSwkRlvaP83IX0Tzq8oVEuBWUHgWP8hT3sv9JY7dB9h0p2e3o55ykbGq/ENlnr2kA4aPXnUH/z+/X26jOUtE1eGXrlUWDNRSdaeHUx74uVQaQfM7noo1YK3INgDtuzkk1LMKxl4Wz9cO3vlKtVeUa5NGmIeh5ihR+9uooIxnP8LKAStpoFr0Cyn+wJWLnMZyfHHZCXM8jeT9BPZjOE1Ns4q55/NwTHrae+aR6l1Co0H558HTRaOITi5c5mF16SxRKm1RXu5IfXQh6txwuZuv8ydK7pAn44jC2a8MxTEw/RsoWy53OIUWy9cDRyjziNTtiKLdRplOTxVFbpTubF6Fk6u7GW/drPWBHcGzisvwUdtw3BeLm1tBHt1au3uUEsHCHFrhn5xBwAAKhEAAFBLAwQKAAkAAAB0dXFInmZ6Hx8AAAATAAAALQAcADUxNGI0Njg0ZDIxMjJhNzA2YzQ3YzBlNDZmOGMxYjYyLmZpbGVuYW1lLnR4dFVUCQADnMLqVpzC6lZ1eAsAAQQhAAAABCEAAAAAtJiqNfIkmTGKk7dsBVX2p9g7fvvG5CXYfTIGHy1+UEsHCJ5meh8fAAAAEwAAAFBLAQIeAxQACQAIAHR1cUhxa4Z+cQcAACoRAAAgABgAAAAAAAEAAACkgQAAAAA1MTRiNDY4NGQyMTIyYTcwNmM0N2MwZTQ2ZjhjMWI2MlVUBQADnMLqVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAHR1cUieZnofHwAAABMAAAAtABgAAAAAAAEAAACkgdsHAAA1MTRiNDY4NGQyMTIyYTcwNmM0N2MwZTQ2ZjhjMWI2Mi5maWxlbmFtZS50eHRVVAUAA5zC6lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAcQgAAAAA' AND file:name = 'billing_83e00c52.js' AND file:hashes.MD5 = '514b4684d2122a706c47c0e46f8c1b62' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac29d-f0d0-4ed7-aa0f-4c82950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:41.000Z",
"modified": "2016-03-17T14:43:41.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_83e00c52.js' AND file:hashes.SHA1 = '8e302994e5a73ec2de6a9ea42de401853d73c000']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac29d-e0d0-49c5-a44d-452a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:41.000Z",
"modified": "2016-03-17T14:43:41.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_83e00c52.js' AND file:hashes.SHA256 = '531f61b67638db502e413e75bf753574643907186a77ff8422d0cc511ea1f45b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac29e-e5c0-4433-b226-4002950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:42.000Z",
"modified": "2016-03-17T14:43:42.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHV1cUg/xbNLTQgAAFgTAAAgABwAMTJjZjMzYWI4NDExN2NmMjM4MzA2MWY5ZmQ5ZGFkYThVVAkAA57C6laewupWdXgLAAEEIQAAAAQhAAAAr5jobPbXU/eDEUu0CJhKPg4W6LVgjrrTy3I/gHsoN35MOzrrRpLRW/fEDUK0Sx0BsYZYGyGP+kL1qkj7l7OyXWyyKGOPeHMMPfbGYIqsEwHU0PmODkZbS0hVrqdgSci+euBg3L0+TQcWM/Sv2vYQVRfoWrSWv4ZPZCpl+gvDCYqpaU4cVncF9rjvCuGspwGYWfS12WHKE+pMd+Mfgd4JLXz2gAG8wrZa6U4Udd1CS8DXbaGqP6KNLMejFdyp4MlknuDbnqpL7/C5q5TFzSiVdprytdQwTiVwap2YE5o09V205Hv0azRZ/NuULOHdv0g7pUlyr4K+1UUQU/0SleAsMiehVTH0naztW98II/27OkU80beXr05oOhpFALmuH45ToAyMLf6mqjA/ngmuC/2pSqUaR/wX3p/oDZ0FCw5eohB9vCO2qMuxHHgt/74hBqKHgvUKTq/pzaUdyxtWgWMqTRszcuVdRxFa0IEzG+X92PjuDbfxHnqE90kw3L+1e70pAg5FTowWYP1lPKvE0dmtQ2v84KddWfGkn7OeSF14RiJRxUvhrPJOjeLVIn04m1bq3or09Ti/GzEyIs7bVeMvyZpNC005OFPxaIWi2SLaSmMQYfqmLPswbcw04zK8fIFrNpseZTEsCr6vUtbB6ye2pThz5qDbc7spg0crSfzI/pThCBnKaEVGS6YVe7lMc7UUvaKOv3XaGwouf+ibXgelNdIvCYV3f/4B/AxsUrLrwZLG16ONEOVyPAi0QyvXcIs0XCiunLC8IgDzNymn+4H2i2zhCize5E13TJnyVWe8n2fElsyxysXx57OEADGWDBUTPZu+KRhGcWpkT/809SDNrOdCfzKjzcfKwZlEAfYilxBlpvb/OSXmFffUHjsqEDxBqP1pAfUDvojF3tDTBuNWAO31Ti1F413Q62IGl5yVvDizwmemxPQ+H91XfCLp/SbwigsRPZ9M11Tj3GShl+d50JruTec29AhvUaWY871kt4kCTYbstKqPM0kuyg/VYCtnVGPxs+fWI/bqE19zVLeQYf6iI1NwQcTaJB9FXgK0hl1oKdv0hClJklpR/D1jMa1be9uqAe+hN1vSNndvbtFA1h0IR9/WSe/6wtW5x0KUZgpPtOXFlgtYKgbb0klqx+EjLSxavDSQHoMwXP3IAAWjqWY8Hy6yHtPZx0/lpWBjRrs7VxYKc+Y+2A82Y3RePJ+wwMksZ6jNzZ/17UC2ELSyCTfOqLKzCYr6wmS2S62ubaPweIqnJynbuO7ZfYLQF+NGAW6QRQT5dIWe878mN7sUcNx+HTHMeJSani5AhFOEpPZOY/6KRDV3Lr/Fom/52kTpQN5LhMKhkHs5e+1/+uV2QLgW1LiOwH37OIO8I5tR8x7DDmrE9kgM2i/jY/TeB26z8PvCY2bmegj3qX0Dt9G9u0ypVgt+H9v28710nHP8GgEduKJ29sbE8xxQPtbkld2wzu3iWfd5EeL2qdMEIWLlkdQt05+vnLHuzthsxsoWH77xfFyh69lZU/01krIKuqtp+Ozx0hIwEgIERDfmZ9Vq1E36btZRm3gmpVrCd491TLERapKU/os98kuBW/+2YRPD/gcmSIaf8kI0of4zc1gE+jMtwVPs93rjJKrqhxhFP4l3sSMx6Wu9bc44FyU7GjwKq2RWmObww2cIfydXJbP346fM3OacfQNsmd89EyrTn2Js02aSNE5rTB5RN9dpvOMCAdmfgSRgzItxEQu/0kUS7gwtHQ1KLto1Izk0X1Z1NIMEO31iPcEOb8qw6Bkb5+6F0DNVxYlbbzfcuYP+7lUwzH0v7QiIP0wzTenwlRwYb3SGqaYgmZdREUbGdz+awnQThPMsFdTwdWbI1ABMRjdjYfgThJ/KvEQOV+9widOskkXzeHLp3yNQGe/2BkMc9VWALzTuE9tdbgc6LU9+wZfS/f/zy4O8pIWB9huTP+MB5tW9aidYHNMR7KSQCT6Q9M52TO6NL+Ojx3vhW9Xoe9Bx+XDv983Tggd+kVk5i2HqjPX4PRe1V0RvdkwkjajlSHL4seMog4Ccyc163zLARU8jojuO+L3/3oIonZ4bt8FlnEF2QsmTe5tTrLSt8/GTf6F8NqdfMVb0x+PNba7E6EGzOU4VZL6o5AVUaxLWnC4W2WDjKg72kFP0+GJVlxgICn4+rpDdnEJS41pazetH4c/aQhGOavKhlkWrhRy+DbCO5HxlkuA3ao2+koX+5acgJT4jopnMTPv2TbAYO3tTpEWJImuuoVwOjixhumyRmIBWr0yaMe54VJ5LujWrkjbaEVJWLYJGtLUtv2udECMvQLA7ivyzE2P/WD9EtdvVGuaFcjv3AQyErt6V+R0fu8a8zv5aKGEC685uwPiCfppUk/cguZzSUfziltPnwVtB/Sn9J7sv+oJSV2OJwlyMjf66GDutNFDc2AFQMT4IjIBn8AdrjfZmDH3sAZx8bqsDP6dPoASzipXmaDAgvIOCynGJwj4fscOEPO2EnbAcziQX5Tw8NX+TouMUZaaE+1AOqpeioTBY1/7R/RRPYuxiT2e70PmAnx8YXqn6KaUYMoUQdCvBGpNeLw8/HaJTplCF/RrZXoJ5E4Z9p6sSlzrxtBGWJKJzTMdNjFsfy+xFmJRNoOuPqmHRMZvxrzZexirJDf4vFh8UDRm4Z/p6lQPXje0EuUmn9YXlMzHN+Rws0mPSfxFEGaxJCHcBHAB4HuJInlIZSet3D+i2DJKxi4ym9iVvVJqyec0ePhNK+sthjOEiSezVNeLWXkQdG+Kxjs2vzkMreCcxUrchzM7wGKwSEkA6BLJnMx4BwOukPzq4whFtXFBLBwg/xbNLTQgAAFgTAABQSwMECgAJAAAAdXVxSCM4svofAAAAEwAAAC0AHAAxMmNmMzNhYjg0MTE3Y2YyMzgzMDYxZjlmZDlkYWRhOC5maWxlbmFtZS50eHRVVAkAA57C6laewupWdXgLAAEEIQAAAAQhAAAAALSYqjXyJJkxipKRy0fE0iZgtcN3ZwMGNNFwfGcIt1BLBwgjOLL6HwAAABMAAABQSwECHgMUAAkACAB1dXFIP8WzS00IAABYEwAAIAAYAAAAAAABAAAApIEAAAAAMTJjZjMzYWI4NDExN2NmMjM4MzA2MWY5ZmQ5ZGFkYThVVAUAA57C6lZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAB1dXFIIziy+h8AAAATAAAALQAYAAAAAAABAAAApIG3CAAAMTJjZjMzYWI4NDExN2NmMjM4MzA2MWY5ZmQ5ZGFkYTguZmlsZW5hbWUudHh0VVQFAAOewupWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAE0JAAAAAA==' AND file:name = 'billing_764c8e3f.js' AND file:hashes.MD5 = '12cf33ab84117cf2383061f9fd9dada8' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac29f-0e14-4ccd-b6a9-41c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:43.000Z",
"modified": "2016-03-17T14:43:43.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_764c8e3f.js' AND file:hashes.SHA1 = '427e134a881ba6c3c2dba228ae5a190570296604']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac29f-7d2c-4f1d-bfde-467a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:43.000Z",
"modified": "2016-03-17T14:43:43.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_764c8e3f.js' AND file:hashes.SHA256 = '25cae9e623eb206a3ade327d437006987ae8ff2e371737fdb6c230daf2b0f8c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2a0-d1cc-432b-b643-4d1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:44.000Z",
"modified": "2016-03-17T14:43:44.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHZ1cUiMS+SmGAgAAKISAAAgABwAYmQ2MDkwOTE4MjJiMzYzMjc4ZTI2ZmRjMTI5ODY3ZmZVVAkAA6DC6lagwupWdXgLAAEEIQAAAAQhAAAAmH2JDhSdcxz3nB85YocdeRdf4b2JUJnjxa50Qys2AgRWy90SKr7kl5D+HJCGUxchLXAO1R5NWcBN72QAlLQHL6Wj1qtez4DF0qnSxoz+fRccbbBocCSna4CKTJ3wAzVx+gAcj+nbZXJtpnnwIOXx4g6OyISK4H6RYsXZgXaP8R/nMcPlLJtTZE4gANbTpQDrfL9CPMzh/MuQibLkF8Psv5LU36jYVqQWvJBKmaEBjW71/t+mipSYV6VrykIzW6TMtTYHb742AyvBd2Ryfs8wpWG5n4654g7cBricWP9CqTEijay0PF2s1C8kXb0YhXZQTVIe4VJBN18/u0txvjC7IWpikK86Pc/KZ20Qf6rt10fWO5g1hBf1o/v2ZPpqmY4u0waG8qL5waAcOdAi1J3GaBTaZOF6xSRYeBf3nlSboHafni726iWbEqy4tUP3t7p/zyQ4qNn4oCUTKAIojCmjAZV+wM/IFYFxTRsEpuyrkqPMqcSCCRDMnSlcVoCKubVnEqRIjz5GCO+9cORMt2SO4FjYxuBcoVQ8pfc8rXGRVPd7Q0yEOM7o+bTG3+ecIqp5ZA6NrO9ba02ZT3SoSyABccEZMJ/A5lxOoltkTN+RaDn90yz3tssqs+ajGphVGqDCmF1p0P2a25CC1nftfTKNEonEkodA8N3UH8LLTDVBmFYRDGHl0nIqyTU+R/prG97nnBSdI5AZnJ1Jp1xB5cCNj0T/Spr9CXmYVofk9QdU/6bbYv07tOTDiJDl/zALjEhiBnt7htZaQsmETlbwWNQ2jxT6A0ylBDj2zZQfRqRihWhaq6WNyy7wNeaU16IDyCg9ivEYAonfgeN2WX4gvolF+egmP4FqGRcLTY+irrtHLI9WwEEg6TN/0Pd0pVnhX9o37mlopLw7uac0C1+3FS7rW/HMPaZNaVcWX/pN8IyKY5FiUU0g/ja2rv+TWK43oMlbNy7013/Hop2bCWJPjMohJLCsyo9/4Zrq/aukaNn2xhdy4hcjEA4F+MfRp9DOEtUxeTfS8a4+EsFXmEvyh/GTwImXh7iQHtVLRAwgpgepgMDsXQSzPHNXQW1Ylc6mTTReFFYH+35akUQzlVaEcXVEMfSUHzB1Njx9eUu86BDJ0d4LJ/0sL4WR0Om+hexT/506hW7OcCeO/X8xVWfaZAW0imFK1qRyneO+S0pofUfiEZzT53MO7jn4x9Ei4OARV01Xa3Pu6ATl9U8BRWX03eOpOpac+6CY4Q3mYUAH7sv7X9r/2VOKt/GnNWUQ2o99X6b5h+Jf2BdgZHQRUY1fkKOM0aCrGHF9S/qjYr1TwrWAq2+XqEYM/PPzELKc46hXFGMd7NG8m6wWgPn8905UJB4JD2s5bzCoOLy9kyeYVzrvlNxeSHLyR9LoS1wi9j79S7c90d9JqIQJHVIRM5TJq5c96pm4ZF0ONJTChRpRq1QvvqMq6nrlwh+ttc4ldhzPp4tUmxpveMIF9T1Tih35iYoPbe3zV8HcL6gNKF3B9tb03PV0QkqHanRiTFuaIPeA8cxVAtBQWbLZ4SdmRPRMO4b8cbHLoYzL7xY+jPJiAHrgUMdtLXz6hqX5MixW1v9dalZCJg4q4BXQQv6qxNVDxpmNwN6cbBsPaiHcFoG1OKhJUQ2R7hYJWUwLC4TC+wqRNGXXPNHBpaazhuei7hD8bZWQH8EBmJduPBs+c5tSHpf2Lhqv1SJOCyDsJpudOwlbIxEeebEZNCKJl9j4LSXqe6IDKtfWlGVJ60Q0Avt4jfVMt+BT/DYjFPKTIo1rCqumx46gE87intfZqcL1FmKf4cmTUzKg4NS6S+mJU6ZKsRAM60wxEdTkg2WxxiTmYhxXJ0rZIbRA0xvTC3XKx7/+JOk4P2pO8+qhbhJ1auJ7B4E2yDYPi4egWe8KgxSHwohSUkHEBT5+DPB8kfz7Ygv3jGnDAEb+An4OW2bW/KNqZQhQB7SoTw8pS7tijn+oQXvfk9asC5ddddsdfPHNa7tYdMGg269utorQwk9Ha9/YoD1dLgTyGMkjwwE5HhA8Cja5fMQFTUfMurk77toj2ABoPbiKZMPhlLEjUOqHOc5f+NxtfeO9f0zLNxlXn+WGvzcwaJd6JkHxHP96tqksreOswGHVTYICyMhK4M2T/C4nTfj7TZhPl6PZiGTiYyPPi12rS1jnbntH69gbIn/FhnkK1UmAX6rWw/LXOmYD1i7CWSKUgbY1H7oRLV0lk/rk2m6QKtkKzlXizcddVI3Vp5VpZr8YkphoY6L6bZHA2h6GNx3P4mvgXDgxGslczG2PsjX0nGBGzSXROwBoyQ2xhXrtHiMzVjBt1afvt0ks57n1ey2PWRqiMVi2nHNsBYz5QYtTiHUWuiqYyTvK3r20vdNatdYhaM9o80hZ3aPdNt9HgQb71lotktqO0EYi+0wEglCSs6jeUC1SZiqMSRRmjTQtJexp4WeOc2Mf1LTNDqdlVQX0CKfy1WVBcmN5VbwaOO4PGw7b7QVUTpq+FLWptPfU3ZpUPscFP9v8rP0rAZocpHU+89ApnaiOEUxLalNNzxrhy577nnFEBi0ZeoVzPT9hf2QKaXmO7ikj5vYckRTpFXKk/cwhp/EsPnHVKjGq8FTrSgasyuWKrq1iMG0OAz3jEEJ8lQDzfU0Hqg7al3YnS7/XIcP08nktpnTiW7gGLEvTuWVvkvh4ZFVAPvbFEPilGEdU8fRhqGbuhufTlE5NlkcvmzOBxmCCrQ9/7fyLAJaKfuqrcQFGDYQ4oR1QSwcIjEvkphgIAACiEgAAUEsDBAoACQAAAHZ1cUivMqGRHgAAABIAAAAtABwAYmQ2MDkwOTE4MjJiMzYzMjc4ZTI2ZmRjMTI5ODY3ZmYuZmlsZW5hbWUudHh0VVQJAAOgwupWoMLqVnV4CwABBCEAAAAEIQAAAH7IXKhXubsemo7iD+2rXXpnrfJfBsXQg9Pwi/HBg1BLBwivMqGRHgAAABIAAABQSwECHgMUAAkACAB2dXFIjEvkphgIAACiEgAAIAAYAAAAAAABAAAApIEAAAAAYmQ2MDkwOTE4MjJiMzYzMjc4ZTI2ZmRjMTI5ODY3ZmZVVAUAA6DC6lZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAB2dXFIrzKhkR4AAAASAAAALQAYAAAAAAABAAAApIGCCAAAYmQ2MDkwOTE4MjJiMzYzMjc4ZTI2ZmRjMTI5ODY3ZmYuZmlsZW5hbWUudHh0VVQFAAOgwupWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAABcJAAAAAA==' AND file:name = 'billing_5745db6.js' AND file:hashes.MD5 = 'bd609091822b363278e26fdc129867ff' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2a1-d650-44eb-b596-4a8e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:45.000Z",
"modified": "2016-03-17T14:43:45.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_5745db6.js' AND file:hashes.SHA1 = '0c76cbe8b9a3d6944ace006a8033724a9cddfbae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2a1-2258-42a0-9f37-4339950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:45.000Z",
"modified": "2016-03-17T14:43:45.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_5745db6.js' AND file:hashes.SHA256 = '4750f1a883b004a783c8978182e0279df3f00ca52ac4770fef72dcf33aa52ba1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2a2-e338-48f6-a82f-41f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:46.000Z",
"modified": "2016-03-17T14:43:46.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHd1cUgDq05JrwcAABQSAAAgABwAZDA4ODRkYjAzM2UzMGQzZTk2YjE3OWM5ZjIxYjNmMThVVAkAA6LC6laiwupWdXgLAAEEIQAAAAQhAAAAmH2JDhSdcxz3nB6YxTVGaD9iyO9mo1in2MYYaU6B0kowLQxSolbGZPCLG8VtBf1JQGsjIhgJ+j8XZWRpfqvLNRY04g9jRt0vK0LKhEZZwjZi1FOYswVc/fz/1APxgNF57n3i3LsJNk+CwhkyLE7Y8Pt4P4VY23n0nTftOtWnuRzecDu4dcwg3RMwiRWlo5rZ1XW7rZ3qJCIBOU+qmo+FqUxtTxU9i3f8kcUBijVMXJeKqx1ja7cbeJeHUUakwUgn7tGmhEpB2ymLC6oQNhQNtii/tm1dpme3TeKNKKWFGjeNPrK6255HtC4deM+eV/Zp+2VHaHBTC63PqBGRIRaWer7s8YnGfbUiiTG2ZXfHloyCqPfVNoqovK8M2JONN59rguYjFE5fiztAE39y3rrkFLiMoBnQWu+rn1DyUYHOAVxjwa7i2C/QiyhNGM/YHYGxXYrkCnjq0v5L1rL9P8zOlHl2u5Q+Q8JoCleQid8WTPC48G0U6Zo9gtSysb/o4+MD22CpkLOE5/LqdatqN7vufH9hOjeQR4sdccHTjUiA2XRcF7n9K3JW27hBAaJ6OVZ6cTxeD47TBCTEvjukIi9mFYQAy+Gm3ToUqHGhYQgoajqzXLblMVZ2geUoU2GEYpi5qljsfDCHEj+QHtkduSECJVm+dCni5zyH392fire/qZ++ZX/hDcMB5x7Ir0Prb8hAAWM7c8L5+HFGGTslIwM6cOeOSLYDswFMhI2fjVNHQPOzVQrlbeY7ysoqDPMaJc3HW66Fd7QJvuU3dTH4yyPkZd6WY4F+NIrKhm82fhZWJurdWbyv8hftStyKHPkDGRKnpL3bf+oIpFvY7rJGbxVCY9E5oUTPoHcq7hgjn/6BGVPGHWAR2lN7UnnT6qB0l2rGvYfiEbEmmo0j1e4Ws9/3mRY6TK0CY3OFD3YYkPY8hG8p/EmWFi0xf5iHko6a9ZuuddEPbOXxWt4B16vqSXaB1ImkeU1f39Gj4l31I9vP7OBNhQUKt14RYGOTqq5Q80Ndd8E0BX9XGLnunQA7PqsjBz6kYiYMT1+hWlSPJ3fJXdeqKtnLJqSthbVYv0TL0Ht8UjAVLW0Q1OLaL2DURoTzOXgy758XKWyUeBDKfcmSfDKp+VAQquGoskiZrdGXcTngxiHcRKBdB+gN0D4vV83qJTCnrk0bj4vNXN469DErnx9Q9LNoB9wMfAsU8r6PaRz6RinEGYU4vhNtOfvyflwFEdYteBp8QDCPyQYFybOV2looVIC9vx2T080rvUW4dkSascBH/dPsfg0rqERoyXthxY1sReBqfKiqP5KulPA63wgVTU3Qg/6q6Swb2kIz2nOMOPRk1cdclG5nr84CHLrsui8GVspQI3CYgZISOMmVLh9W4Hha7enzdSr/S79nkdutOEWct7yaDTX0kAGLLA0+YvfgBsczT5AsX0DPCTCLsFLTmvXE2xhHwKsVWvtOMGVgFYOXqmscaBQgblS//Bnig7U//qlnBlj7CApPU3wekmuhu8/OK8LWg2zKcVZMKQjkwkxTsFnu/OSUttYDMi6/24llpsYgBNGLa7xhy2cC05MSsgOaFFRgIWphgacEtY5XMk1X4WqVxb6tytf3721DLEmiw304HTeVlYxMPezkTxHOHoA6uVXAJfR0hQeiEXWOmE0zyn+bVUoFb236yyWwOJ1v3U4BwVB8Mg7DZD5XGv1skW5XPcm3K+M7zELeR31ciJ98IHns9B4gu4MBFqHQ3KjNdfa30kQyubEbeGXZyXVUHfhzQi1rCiwk+uoOnkO33RCNyfzuW/hjIXabeOS/4qXSoQuyh8/+Q0Gp9uQN3qMluyjQjfCsOBP5aOJWnCwYQ5EcWsWp6yoTUL6oHkk79xK0n99qA1cVGM1AZqSlY58yG3HUUJwZnUgjWZ7S8RZ5q03BSSt0iT/5wQK6OEywmemT8GTrlSBnHal7lnBzPaAV4ejHDM6ym8kx48Hkh90VB4FfphuN7PqqrHb5J1yqp8h5KgjT5e0ByfXcqJ0zxZc0sPUV3hqH4mfGSa8fop23KnXqkJJniZGEylIAcu8Vn2SwX6KjElju/2iZqiBv7QNGgO/UTFV+Sf1UO/sI7jMJFQYS4TX4jFO0ZYOS2CADJtioppx0tmCic5L2yaax3cWR1qIDBtwxo+O2Tg2TCun/ZdVxC0q4ODwB7dU7oZt9z0Sa6D1WDzguFEIdfHisHHsPpzjP6C6a4BYBY0tQH/CxJkoITCBHVXkLZs/xwKe/j2HxkJ4JM9ySpmoqN4otLyor910rwry/z7MMoOC6qkljei9xF2DEsLwtdASLmavxg33pR5XdjZE4jAZ+IQL2aeywILfPpr/72inOOqFVq5G5cjwqBVxTHk/g2dglH18nmD7YRCfUjyw2OTWPYws4eGX1MHMFuIgk6m9TkjSA1PbACCsRJ0S0lNRa2y+A58Lirb5lhGK+LYvFGM2HIG8y2QUijUFk6nnF1chLq3KLp9WaXANxv1FIYVD3sN+i9VtEbHc0tk0RTWrCA6KzZz2DIsjsYfcaugyQcL7Mlc/+Xi29wohSCoSc7ZLA/HMsHYb7OyMZ5W3fwq/dmyp9z3UCwpzymLevAEEhPPOsgCt03nJQSwcIA6tOSa8HAAAUEgAAUEsDBAoACQAAAHd1cUjqEJpDHAAAABAAAAAtABwAZDA4ODRkYjAzM2UzMGQzZTk2YjE3OWM5ZjIxYjNmMTguZmlsZW5hbWUudHh0VVQJAAOiwupWosLqVnV4CwABBCEAAAAEIQAAAH7IXKhXubsemo7jsVW3SnBppAJRt0CIXFMts6dQSwcI6hCaQxwAAAAQAAAAUEsBAh4DFAAJAAgAd3VxSAOrTkmvBwAAFBIAACAAGAAAAAAAAQAAAKSBAAAAAGQwODg0ZGIwMzNlMzBkM2U5NmIxNzljOWYyMWIzZjE4VVQFAAOiwupWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAd3VxSOoQmkMcAAAAEAAAAC0AGAAAAAAAAQAAAKSBGQgAAGQwODg0ZGIwMzNlMzBkM2U5NmIxNzljOWYyMWIzZjE4LmZpbGVuYW1lLnR4dFVUBQADosLqVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAACsCAAAAAA=' AND file:name = 'billing_8971d.js' AND file:hashes.MD5 = 'd0884db033e30d3e96b179c9f21b3f18' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2a3-3cc4-40f3-bd58-46c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:47.000Z",
"modified": "2016-03-17T14:43:47.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_8971d.js' AND file:hashes.SHA1 = '7a3199983bc86098460a134b02c7c90c974b9d94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2a4-61d8-4299-af23-4e6d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:48.000Z",
"modified": "2016-03-17T14:43:48.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_8971d.js' AND file:hashes.SHA256 = 'ca00087654668db0a670ad2368e6ca000cbf29a65d2e93c4e22bb0f4a85ecbfc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2a4-8698-445b-b528-4c36950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:48.000Z",
"modified": "2016-03-17T14:43:48.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHh1cUjIrULLZAcAAGsRAAAgABwAYTgyMjcwMDIyMzdkMzdmZjIwODU0ZDM2ZTM4Njg0ZTNVVAkAA6TC6lakwupWdXgLAAEEIQAAAAQhAAAAoYjkKS/MUOw04xt9b25ViiKHuHaN2Yl+/rOuU+QG8A/O7VKpnsEQA9FDj0pHFgEmZJxp7KKru84GKoX3rwMeE397QEYdcIB+P/sq+xFf/1kkqzWqOkq8Ypbn/d0QfydILP7GAjC4mULaVlUDXvxJVaEMVZ7EVj4ooliq6PgA5Xy6bdysyhbZpmjlTyJGbWJ0CcSRWu3wnYMHiLPMe4wSSRA/lEGiEmGr0CcF7Y3pfi3g6J4tjHWpZV0uOe7mYkM0Y7VAj9NOVmx2ciH+rOL7SUTxUfx1rzY4cc7luSnNaHcSpM03bAXhWORGe0SFV8Ug+hzQhM+bMwbDMQpI4y+PTH6nqDvJ8gIYEGLp64s9UVp6/lqh6z915WrKOawhCdX8CfjDE96wvHf2P77Pl1xSw2fbcXiVPcjGQTv5awVY2XPm8OaET5UCEzF2hvRL+MOJd/gswogD8k/s13WhspXZa7ADBTemcIXpz6Gq1exOoyM+sGXKyXeurlTJmK+WWwQ9LO52v0soxNnyxt9Pg9X6ot7UrJbRd2Nkjis8bKWZKo8P0vUwEYoqiSHQtk18uY9jJx/hRN6kwXh5kN4TgFInUpoSCPgJHDkJ8o0pv3TjZv0rFS5/Mhzz6TcGtqgEAAXSE7gA7k09G9/GOD9muJQw+lIqYonR0jABLCY/s1ex14rCcOW6s1c2pfYQ9523IVjt888arvY/1sOItbVQRsF8KzPmY5n+sQrQQSqSzR7N+fpOdf3KAZc1JFCrqp6DZD4Uc19F/R+F1a3y0RdrHWv8wokJdY1pSER5TMsVkqSCU4hBS/10la9+L4IpzkXnJNzI2sCQ++h6ULHufvJOrw48h079wZOKqMFhJ5JdGKNKk+oAVL7+pzcBbWb0nPEFL04PTHh759IExZKMUGmmjFfvHU2lJr83333AG+HEUN5IGn7h+MgDgxqXAnyebNjApzoAD7LlupUE9VAG6y7ecKReDR4FRg7cEzse4NHdEiB1R+0xuNRY4ixdi90dQM7V2IdxpNCelBc+q87CAY0ESiFDfLryiULO2xGz1fipmdRgcB3QMxWsc14h30RYwXD0wa7Hno/9Nq5ibTH23XOyZNI/Fy3RmR60yyCbeOV9zKeOVGvUSfNAo+/4B+XcoATtSYOoXFcLqhdrBXAOdiqYJIqO3/zMaOf6RKXE0YE4hk9ucwONa+7Kc5XTKQnmHv7blwtO5RC1nYQ4pAvip9SkkcdFCaViHl9STQv+ifDgJdmRPYbtGKi5MPhvZa7wh+P3UtLCYwn/6pRRNONsRFlxue1SPBSkzvaUBHmlKTbVx5o1ehj0z8mHYRyocHwxru7ukRxSZTE/5Up7NurfBlsQGIpNplb8kTCR2/VOio5LImouby7GmT5kp0eSVFh+YXYDyiwLGkebl1o1nKjdvDdVDkZThmeJcEN8a7Wq8IJmJI3oMVHdsMA1AQCqiiFvX/o1TsjO7KwXyB2qpQk4xTvjFZ8ojjBAQRIAkHHDxG6pGhZzB8YnVb0PGCeigOMaVeJ6hRsJuVjjSOaq9KBExbfxJhGBKeWWzTuyNBfcuj40QgFqWE1ZxYHztW5D37ou84HQwitfaFyLHeb0VcdiDbJ9tDnLMNj94g+n+WFbHFTEG0t22PjTJEri7daYSEmjwaPbQ9eTiQvs3BEZT31K8Z45wRy+hXSPlXbbqm1e46vpR1RPtqaJF18k3QVeu5cquRjMnwAnSleWE0qbTzv/3RvHLmV9pedNDuJ0K228LuAD43fKgu8p4qQJAOEywhyfMuIYP0S/kh2uC/2KjhQt+amyU3goHDRUdNG3raL70m7YX61Y13fa59PLKyfjiMP3rb1medwl1vKUZTBp3H1HjyP9tQ60Cql1f9tfapOUf2HnBgi5aJXz6hYovi2+mr1DkLm5iI97OpFjd1q0wKnWgeebVWIk3UH9J4mhF4KFCl7krOIgKUu3TuAvu3DDKl1Z3LdFAiE1NLYrjlnLIx920ClfK9SKca9l1nJDpMxBTGtkJe6pTEdUJLtclWqTOCNN+QTFXbKVRFbWZHpz+iuEBxdZH/DcgxBcK8YUg5zvJHU2HALZ3UK+7AcT3w5GE7yzaz16s+AB8+ulUJShDsbpKGo3tHeYS1mXn4cL5rBzHzT16AyIrW3/z76epeM9bt5/RlLZ6Lt3VmhcUfAdP0fVXGQ5lT7rfWmzs58KOlVEkJB2o6ovJ/jyxkfhdExYH7q1v5++p4LmAeYy8RQgArOIUV2I3kskmgFYiyYRPHjp5SB9Kswo2G4DQwMn8EeqQvkVhhyRVUFxFUP7epcgvAFLCP/zRpeP+05MxirMu1hXtmzPjQXQgiFLa7XPuh5l1GPuYVTmz9cyzAo3srKGjOVIDVgif3CQZ+hIAalJo68ciiANfmmNy7BCr8dz/L0B8pn4PF7BqRfBwaa1a59m+qRsOg/GQheMrWK3mfXsudU8a9exN8gRdxbxWiEp8jKzRLTRm4AZAOH50AvSde6pFKWf5uzWPc/Gbce9mx1QSwcIyK1Cy2QHAABrEQAAUEsDBAoACQAAAHh1cUggi9yKHgAAABIAAAAtABwAYTgyMjcwMDIyMzdkMzdmZjIwODU0ZDM2ZTM4Njg0ZTMuZmlsZW5hbWUudHh0VVQJAAOkwupWpMLqVnV4CwABBCEAAAAEIQAAAL/+r5WtLRhutLUyvV+sEsPuYj+LgrgzIHUQ7fO7iFBLBwggi9yKHgAAABIAAABQSwECHgMUAAkACAB4dXFIyK1Cy2QHAABrEQAAIAAYAAAAAAABAAAApIEAAAAAYTgyMjcwMDIyMzdkMzdmZjIwODU0ZDM2ZTM4Njg0ZTNVVAUAA6TC6lZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAB4dXFIIIvcih4AAAASAAAALQAYAAAAAAABAAAApIHOBwAAYTgyMjcwMDIyMzdkMzdmZjIwODU0ZDM2ZTM4Njg0ZTMuZmlsZW5hbWUudHh0VVQFAAOkwupWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGMIAAAAAA==' AND file:name = 'billing_71281c4.js' AND file:hashes.MD5 = 'a8227002237d37ff20854d36e38684e3' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2a5-5068-4743-a642-4dbd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:49.000Z",
"modified": "2016-03-17T14:43:49.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_71281c4.js' AND file:hashes.SHA1 = 'c41d7bc429fdcf64952ae7901c02f472dc7b9ea0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2a6-99d8-4015-b2c5-4ed7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:50.000Z",
"modified": "2016-03-17T14:43:50.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_71281c4.js' AND file:hashes.SHA256 = 'abd2ecce75354954bfdbc859c571dfc04bc7fdad6a6d13306e3a08e48b55fc24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2a6-8120-4542-804f-4d17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:50.000Z",
"modified": "2016-03-17T14:43:50.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHl1cUjaIXIh3QcAAGUSAAAgABwAMmMxNmUxYmU0MTg2YTVkMTVhZTNkNDk1YjViZThlMjVVVAkAA6bC6lamwupWdXgLAAEEIQAAAAQhAAAAoYjkKS/MUOw04xqXy5GkKdETWxVAA7i6SduwJZ+A0gzhET9J6aaW09fLdFdpkWmi5myGGAquCGiNXzwI9E5wZystgvfasri6QH8jxn8UTLM3ygkv2os+KWQOyn++AX/b0DiOswIGwjaDbk+tss6V/cxMkrbY+zZXWhNeD+0xoUPW6TzZPePPTwIE0IM+jIJfKQbI8Uto4c5lJ87Z6aEsGAZkKtSz1+TIpzSK3LtGi1Scfe2vZovhM9NW6nNnQiaIU6yDwhFASjOfPneEITVmmqPLQpC/cazVoUHFQQHKroC5nmZq74PYAW4nzGT3d1VjGDqMx/usmTn64VGeqSOGf2kGTv4XvT7ZvEygTn1pEcnz398ts954wgA1R1b1lbod4Jo8qXiu8y29w62kKIXXN5QlDYCvXJBMDOHgusac2J84UZLCAsG7EaOmzh7/SeHRaweIJJbRi9vIBnVnhAx+K+YzSPnmw3eoTYFiH2qAUTEl5iExo5cMi5MNJgAoWQ4lWA+uMd9fD1TMkDgeQ8NJD3TWhzXKZCmmwdELvcah5JL3T+n0gsNhnCcTdsMqwijqQ/+l9gyCAidq4LvBJFocSjwKYpslcTMi4d/Mnd+oMQqsCX7yxl0n+fvSn5LdEJatxqZsyVMaikSNFsR36ssUetaP/cEFecceb0I04UOuwgR4z0pvDgGeu49AROBpn3xvEOJd8EoPKfMT4HRItVRPZl12i8Fhx1zSsxLW5OjWiycwvH0kX/VeI24a+7y/T10QkVDzfPamI4W93G9j42s1br0lRo5jYsnPUtPg8hupM1HgfpOgqVR6ufFjxV4nnoeChLkLDaL2D/CBSvPOFp5scsCXe6PfNVQ0g5F6RRJ083iXkXlhWKDLZjzY1TAUJ1v2v42uqTsMlLpL3svMn26HewcQ2g+Gb9emAOhKaiRuDxoeBZDRgk4hnkS5qev8D84t+2iMFOGFLyjTjMP/zgTygCUym2q27BIwJBaGI05KqRBfKlNbyzKmLg9jjlfGnKDX5rKsS8fM4OaYYBp6XCAhCB/h290SL0bAOe8V5tI2is1Co5R3FyQkQdzULtdgTvaw0SkvjKDTxs2or+NgT3VuguyA62Bei0N0yy4EXX7ij9T8nhemjH1dKSq9ioQfwInmDKNgDzmPv3ub29AFgp/hx7EyfKFcGW8j8IRJjzZ1q8LVHuS5bsYHlb3dM1CCpK58tsDr98UVosyPxzmRdW2/aOjI7Q8TUzCBqIrNCT1OBcZ+hleiGsMvDmOACWSPeyW+TKJ6CUMCo7j1uMKT6qtP67wm+AXLg8e3JEsVphXOkhs9hgPIurkQZM7TQcSsPvSBPZ+EKGCSgJJmoWaU+FQZlDRAeR2dS1vz+AIPtYyMWz/vvQS3v73E9hSOevjXXcNW5OxHSvJ2lfSxHlPs7GH9fg5DpvImGWQX2zDa0h3cjefrXpYwiF4YZxfoohizbOllrRpP/o2nlg+b6u3f45oOi3hcmGcu4lN2HleWT3Ru6f1wCp9kwT5qdjVB4zk2mxhC2FMwc/MjvbpK9GRjXg2Fwb5CohJs5JCAaJ7L4CIOSvIB6HbzE/GpdEAf2scLUztZF5JYRy+3VKlGnsRKxg0qHVpFPF/Rk7z6DAyMrTbzED+F14ic387IMEzCeNsG1pjLz4uETWIxCD9+G+dsmhHi4huDGY3zmWeZQS3M+3CyCk1OrPEnpVmFYAiQ9/47xtnuz4Ch7+PNdyo4Mojc+9aoQ5sd1XSMqrb38Dk8NpG3R5GgnEDGty5PzriJfsCTmlU27OHUg7VYDZT0WIYXDS3weRSrBwoHW4P7syUdDp+XYGzsQCHaQeqhEOR+WRgU67eB1dyh2G3SDITa/tmBJRbwnkY8R43XDDETz4MI0orTpIJNKyHUdtkykpz9j9CAKGonc5WBidbcs0UjHkMBHEBvqXFh7wnhnW7weBVblKjZpYPEWTIywa/xWjdlQPOglB5FzyJXzqh5JmnrLh8nKLWqJNHCqR7JFXxaghmtma4yDzKf6qjPgv+ugrBZy6VYhhMax9MeOYlgz8mBUUDwKIRs5Y1DtVRUDXSkzo0JQRKhy5WGaPxiuDqnu5j5+MtmQXrCDXCBOPRn8wPVdwRmQ28SaF4kKza0a+Ast0sY0BxWLx1nvPHZqyIhZI1wB52R21T9AuIzw0lzLo9daMibeIfGuwr00cd4nXBlT0hwOXJy8p3IoxSaz0vknKW8202ReugAU2/a3Klu8tD+sndP6A8q2KFzKAqYtwliufx6VCuNv2kP76QszKXgXj6n98QDtk/4R3zh/4fGrHpKxuP4H1+ZBYg7p1aGHHnet35OC0JbF6kpciKe9uSSCyYb7nOpwZnOYhihu5fkmmFPpnNaIHEFy+4CLIFyHu9LiTG10mfrRAWeBdxczbR3EByFZQSvPP7/jGwp5u/v5YQdohdcJkLc3HIqPAwlfGHRJ9DyCDcTx2XvMUBWo5j6+xwXUhbcQbEArtjzCEgQUvcMcj6qVuRzvz4NJ+wPytWp4jTwr6H4H7I1DN/vOFIWOyC7Bbs7m8OzYrIMXnh/C06qmkTCrwHfVsXCI5yEuBhHDVcr+AgfSsvMQz3qFmEQY3js3jVVNzdJO6C2prIscVAOijzTJhPZk0/7CA2srNOvzXMP5jPGinbYbpSXkiPCw80vJGkVUEsHCNohciHdBwAAZRIAAFBLAwQKAAkAAAB5dXFI8Dw5eh8AAAATAAAALQAcADJjMTZlMWJlNDE4NmE1ZDE1YWUzZDQ5NWI1YmU4ZTI1LmZpbGVuYW1lLnR4dFVUCQADpsLqVqbC6lZ1eAsAAQQhAAAABCEAAAC//q+VrS0YbrS1M92YsUGh9eFMyWIRo3Hn7fr8IaaJUEsHCPA8OXofAAAAEwAAAFBLAQIeAxQACQAIAHl1cUjaIXIh3QcAAGUSAAAgABgAAAAAAAEAAACkgQAAAAAyYzE2ZTFiZTQxODZhNWQxNWFlM2Q0OTViNWJlOGUyNVVUBQADpsLqVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAHl1cUjwPDl6HwAAABMAAAAtABgAAAAAAAEAAACkgUcIAAAyYzE2ZTFiZTQxODZhNWQxNWFlM2Q0OTViNWJlOGUyNS5maWxlbmFtZS50eHRVVAUAA6bC6lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAA3QgAAAAA' AND file:name = 'billing_6736343e.js' AND file:hashes.MD5 = '2c16e1be4186a5d15ae3d495b5be8e25' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2a7-6bb8-4cc1-9591-4685950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:51.000Z",
"modified": "2016-03-17T14:43:51.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_6736343e.js' AND file:hashes.SHA1 = '829b37ce01de23bf24e736364977ca7bceba157b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2a8-3d88-47ac-abb2-47c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:52.000Z",
"modified": "2016-03-17T14:43:52.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_6736343e.js' AND file:hashes.SHA256 = '7cf1c14e28cb186ac8f87968d68c765db84b50633490cba38d4e718e6996f453']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2a8-04b8-4ebb-96ff-4156950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:52.000Z",
"modified": "2016-03-17T14:43:52.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHp1cUgUJWHv1QcAABESAAAgABwAMWI3ODkzYTAyMTU3Y2EyNDlmYWRhYTdjZjI1MzJiNjNVVAkAA6jC6laowupWdXgLAAEEIQAAAAQhAAAAmH2JDhSdcxz3nBOP440hCseh3uFTXZroN1RUpz5ZY+jd9CqLhyx8c6lR2joFwg0U17qutKm3wjZcUku47A0v78ENDtsnjgnXF2+9UIbYO9iVrz7HmnZSLtJID2QJNWNGK3Dcll3eWQkwnyHLvVQegK/Hc4TfwM/f+Pe5VleeFXYiL62+9nPmLo9M3iZuGEdgeAreSqU+WUIBoY46lj5BkftuTK6RyPFfs9ABHxpt6a/FfZJAZ5gHRLSaumZVTGeiDi1gsLmUguC7QSKd9RCFdZVEA+7EFs1vmCgyOZw7eSl9Nmy6przZFyVesegAMjykjBU4Z4j8kF/vhPR5ZHBqnjziVjBTdgS+QyCKjp3NmZPKBxdmSfzg2/r+eKdZZpip50V/wtdymYo8NpK+DmGcYwRMe2uhNAlK/eNb4OY0+7vK1Nd4Ln4NgaHJkVZN5xMhIzaCA6+sixyA3/oZgN7xkm5CaSG89BgPFIitTkBxHJf2WQROSvL9phYaa6t3Oqc0D82FaCwlwZ3ByHf23d0WRwHxEYnW45fjmJWEhxbBeZfCxZVilFDNsQBzeIO2amwSh8nZJV+pekvE2OZcL4/qfCEDW60+19r2UwMUXtqKp76kDByQYI/1a1bvmZPvsaFbElOBT8XCdvWC4UtCiXEir8UgYKc+wRHyTN1AlC9zdcu4dQqRa2vBQxOn203CJXLFJO1w0F7BlwqdbZHyL9YiAbLl8KtzFVlx+vTTLFItcfT6CfS19Oil80fAtsoW0GK0HyMsxi6edC3GaFyY1wCkV4WkTkDgmmWDGhv06d7pxosKA+DgLgbPSW/1LFv2y+Nskgnde8R7UYX7G/WQGrNhP7IY8cx8qVAP4oyN6RHmd8mArN24Vcp2vVxaWv45wmOb5GNLOP1kbYMaQebC3nStwFFCz5A7e6uh3GiWu6hylrccSqEEfECeyLLYyBqOdr1pw0U3w0dgEZ74S4UTz8kk1Y05UhqwVvRb7yOk4ycY91n4juMPpnQKiGz10klTX3FAG22hpyBE6JHywUaSE9Ti5FneGqD8L13AlyhJUoNRnynbFnV5okB1VgurOLMfnHZtK76QUuwrh4+M9v8FTsQKbbje+/6cNXOLSpp2ZDUE0fjk+59OlMqjf6gFlZM0PjnvYiZcvz1Ed1+iZ1SwYi22hg7kh9B08b0cYJz5x4wLOkTV1JV64Mt8uAmcWuxiUt6hcw0gsKtDcD8oA6AjY9+LuRN7+LMrnN5UZqS/UnPBrwYqMLmKZuriDw6TS+Ba/NjSuwAUi+dShI5hvTDsrpn+uWs7OHenM2mcc2uOnbLXho+7Bm0MBZ0kN5l6v5mbXYdVXUoh1DsCf7lmTDiU+GkRgIit4KYK4YiLvvMbgKkkbNmqUGziils0DNy6u8Ep2EXTfCFZ9uJsa2rvgTTpz933TNnB1zAeup/haX7/RYVizxiphxis2UE57ff0DK5OZBZu49s61pvOjkQQSq+eWmLU2bjBdWxYi7JculeQTVDnavJeiu9bjVQQXeF62bS3JWIxacMa4VNi1fXHuJ4H7JQ1V6zzoW6t55mPzJftCDOQA2hm7m9WHHNGKVICKTLRIXjsjo88HTi2plZDw9i6kriEJRIyEK/QSvg2EWHhUpmrOxa20X8usnyTZnGUKqcLwCe4DG/ievb+AQFh/7Gt/rdPbfMNEQ6woEn6HEhDtG3IOcd6WPwjMpdqF7T8fIKJlAqnO6eQ+sdJQEE7mLRoot7PUtFZIJ/OdivO0as+3QcVLom2UXpoFa+WtqEPEOg+7Byz5+4pnWcnqmL3jh2Nm0GmSF97zBPkIwHtZw6qB11rjzZs42RvDoIfUhYdGktAlC7CNrg1Jdst4Tt3UnUTiSgxsMTTYRchx7jwRzyxWDxAl5wnzf4eGFyIZAAbYYmYJ2Pb9cRWVwzcSFL1Qvbskby3ccunPUSYThO2PBLW18vC1TDqgxY7JnnrTxlmEXFDxLeUoeB/xVQ+CrcwDrfgvD7A9GeJITX/XEpA+uiALd6fXCvO8XWlF5BzaAVrAWRzeY6E3GEW//xFyCZHcA6MVHcQvzp2Iu/+9oWcflgT5GrA1CrZOPvW2NXYQzWbwpwPYP8eLYltkcB4Cnrfxb9taMsMA1ch7tYiDWMteCllmkukoKTl2EQQdEAanXDJzYkdk1Vv/BeKZY+dcl+UUzK6BCGfBVv+xLumrPiESXZcAVLoy6u15Yk6iRyqGZtvxpZSCKmlx+h6e/Sa1NiVJa29KRvu0D/TIQdXw80QBD94RjNH06WjPWefUR5sAfI64Q0XZQfAaSFGXQ1OzWrYdxWUwq2aqWe3CnuObuDz9x8jJYUpQQx3mCU7S1aWjFJBy1D/b7vFXKG0a6MczgaBdOwa9TfYHKbA8bXUSB+rRbOVYZc5oAI3WSiWfrfTJGAxty3aILw201j87H/uO0zimI+kIHFAA+ckjam1GajW161O6Op0P/4CHtqlQlTRs4zRGPPdmld/NMoOJPE7nSY/ChVMstDay3hKtLSFPk0qnNzbSHiTZAO983Sl1UP028TQ6jcUmFLLMNxPw/+HJI55xJwYDYc9o8qOk30js8zzM73n/sFLeU7L5a5CruStDHGD8RIrTpSaS9WpZlT3jybDAWseJnqYJBLpORnoExdPbMYPwR8olXXh/vD6vlBLBwgUJWHv1QcAABESAABQSwMECgAJAAAAenVxSCOUC/UdAAAAEQAAAC0AHAAxYjc4OTNhMDIxNTdjYTI0OWZhZGFhN2NmMjUzMmI2My5maWxlbmFtZS50eHRVVAkAA6jC6laowupWdXgLAAEEIQAAAAQhAAAAfshcqFe5ux6aju5DbTJaLSBDfwKFzlOzSC7oCetQSwcII5QL9R0AAAARAAAAUEsBAh4DFAAJAAgAenVxSBQlYe/VBwAAERIAACAAGAAAAAAAAQAAAKSBAAAAADFiNzg5M2EwMjE1N2NhMjQ5ZmFkYWE3Y2YyNTMyYjYzVVQFAAOowupWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAenVxSCOUC/UdAAAAEQAAAC0AGAAAAAAAAQAAAKSBPwgAADFiNzg5M2EwMjE1N2NhMjQ5ZmFkYWE3Y2YyNTMyYjYzLmZpbGVuYW1lLnR4dFVUBQADqMLqVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAADTCAAAAAA=' AND file:name = 'billing_a769be.js' AND file:hashes.MD5 = '1b7893a02157ca249fadaa7cf2532b63' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2a9-5420-4193-adf9-4a60950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:53.000Z",
"modified": "2016-03-17T14:43:53.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_a769be.js' AND file:hashes.SHA1 = '5dc0b9abe2a44b647f3493de8c4acb018082359d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2aa-7220-46f1-99af-4444950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:54.000Z",
"modified": "2016-03-17T14:43:54.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_a769be.js' AND file:hashes.SHA256 = 'b43dc041a17ca6714cc49c1731f348298fd34750774e7dab6bc5c4aa4f69b8f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2aa-abdc-440b-a717-472c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:54.000Z",
"modified": "2016-03-17T14:43:54.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHt1cUiC4MmwyQcAAJYSAAAgABwANDkxMzliYjRhOGRjNDU1NThmOWZlZTkwNGY4NDRjMDFVVAkAA6rC6laqwupWdXgLAAEEIQAAAAQhAAAAmH2JDhSdcxz3nBIc3NHGS4w0/zRdjfRZ8dzNwkbl1rud560F3iY20Rr1bBryjzfTlGPTotMtneZtuYXXveR2cNjodcz10RsDxN43suaygyNlyy1CReZtOMacCLplhyQOIk6YKxP63KBJ40+ikiugxIRFdWYExZZwwiOTWHANijmFq++23bqoJHQtsE8xrhoU8JxfIh9l6jNaNIfgP5EiCnN53OGzFpawOLVxZgcVKvq/hOQm3pdlEX3sn/oQZYHoDmgxBK8SYsqVsjtRYWMwGp39qUNoMqDSRmFp2N/Os+AzNfsqEV8fEzLoaSlTHX3bAWfXEeMvM8dpSLaja4gdNZ/Ps+3dR6W01qOYCfjDHpuc+ZoknSYHfi5uaKtYMLiFR+crF45qNofaB6FWCP5PwLF2sgtTIj0gXUAZTxItxQ0sxwcOGsUZk0xXS7O60dlXLdbrCEDvNFg5lnnC3cWLo0lpj5EILV/Q1r0m2p8U0u/KT6zbok4kZwd65ALuzodRyWSKj5Wo5wzr6y23j3Q+tX+jshL8/Wq/m5tapgtsSPDgFsVfjPKfifgm7n1lAEL9PLhlztvR0Waw2a856sQRyRB0MtYpmwGDghTXbqgdqn3uxgz1NjXy9DFTOe4S541vjszS/a32eeTKIz95v35P3YbjcR3nyjd65wP5hQhydOvyyN3mK+9+aSVp9n/xNqnPKUcgjWdVLGPfHSapjXhtw/LAwDJz1XOmC3jdIy93VjdOmZGELqkfT9vx4UHfSEQkTTTX5LXHzoz3lZQOaQQ6vUd3nvTxAM+jom1Hv8XXEC8liUoOTZTGR0AGy3ctoHzE98u8fADIFo+t9lX8G2NLswaWuYbzmPm7dvV6BFZWoDURopk6e5DQ/EBsMwyhES/q5V8xJA6lDItDZnUUiI8qAPkx1StwrTWALDm1nSgJeCKYCfejqS2X46i3NYUTeGLEcGqpmL/MzbsvrR4lUgxqaOmIXBmn7oyOaTa6OTQdgpWfz9YZackgiIH6by4s9pxiysgVffpQ1ny9RPf4BYtnUyneWugkwG41qriXqEfs0OewLSbotJP4uGZRbqA+OtpB9/vveAUncucYi0OChjiMgQ6hILXuds6ttfbm8GhrZrMevpsuADU+ztmZoHrSHqMAn0deNrdjHYrsjxLTAheTx7m/EX/hwMqYG/709oE4RTquJoW+4Io4WpJXmUvD1lrTqS/kUM++BGMAnyanoYRYsjlwOcGSl3rhzQzs4zNJVvGkCPjhUxFoIGCDEBJYvR/rikb76a243ls9E9wUw//wDQtbfYt7WLXOPRTaRx16VH4bNw0wnFPHalg4Po1NuQbwN74eq6fjwbbyUC+wxkgIuUrvoSFImu+uvZlDqDZwyeQNoHds1Fffoy6KI99xwd9OUeLdnQQnTf86Vsmn/0BKp5KPjmgN4RUal2dRBzg5htbK/yAT9cBf9ltjGMr5Xjku3gFu9BIGsujrlXQTexgSpbze6OEITBztffg37dqyc6r36XLQyM8UYj2dm/F20PTT5rzHCoSoM9bGobgJYt2sRAGHloxP7G3pnAQ7PJiavZeJYin3qVeYkYQk0QFFD1cGV5n94owcvgf5QYgtYwGauOuf5KmO4s0uOBc6J0gB6KrEvBmuCzRmPAVMlVJqtvm+wqziZAMbrWavQX+FTCZkFgzgIvpVfpkeh+nNPCMSjwTu+xpw/KnXMOhf2GWdxAQHVo5G552FBhMdQraC0GoOo2NcY7KpvArdYXlx9LTwefNoqYTfkSCLs8IB+ypq9rkJ8MCrZ6rRxfo7qtXs6/6IG52IMZile4bp1G33h2YcGJcAVgA6SUXuzT41I50Gvt6/SkA5U42DvucnHLZZylMTJ3ocigXPCh0UgYDCXP88rUzaZL5Zo+38r9GxIqFPljLVjcOihsrYqOzdga1mCDQ1IROGXWMM/z09WDEAMiLOSdnRAFXi/o227N5eyEGQTFxOpZB34zwAXFRf4JL9bZJu+yOCYUsoIEfskk0w7egtaT3akTjFuIPZRVWcg7hAfkd5n8K4sAHpE84yPiu/Og7SNCSKcXcqcw2RTEbKV4+B5hogO1FkkcJvpSfFkUYCkhnGMLFxMMurbZ8JVKC8B9wgjcX4ImrIfWmzmH3UWN107sCxkq/I5zSpbtwtNMgEp8lYG5d/sYv2U14jR0P+1ODqnbKhSFGaL8tk/IG9HcmNT1FP87XdajFUh0KWnwQiYZROwyQqw9Kc+6I+2+L+3gLEUFfmj63cnzLzklNZe6WAfhjua7sQkJVdFipriCO2sws19Vxc/nsEw9so9CqHqs7mL1JhbpdbzTi0YySjmyaY8xBFupHd187cDZjlAp3Ld4VpGIMAKgUyDl+G43QHoEDdKkM8y6hz/nPIvSdK9UJ6AJWdtzKLmssUuvHJX3shnCnyx0jGJ8tX8fc/7IPQsKxI5nQJoIc/jFq0wK8aPMW9I2WZZEwwQlrSFyevILXYzTKtyoRJJbiLF7TQ8wZUYBjIKuHFC4xJVPp+0YPNmFK2Oyuq6tBBfDHGhLYOS3eTwgbiwfINL4Jcfvg2gSRNzAjCvYWdZICJcpAHuBV2MdyEH2EJ3qYd/5rQGW6tiMhBZASssO0PidMou1SLK0saCwN+uRuGyiJ67ydqHFBLBwiC4MmwyQcAAJYSAABQSwMECgAJAAAAe3VxSGKTT3QeAAAAEgAAAC0AHAA0OTEzOWJiNGE4ZGM0NTU1OGY5ZmVlOTA0Zjg0NGMwMS5maWxlbmFtZS50eHRVVAkAA6rC6laqwupWdXgLAAEEIQAAAAQhAAAAfshcqFe5ux6aju9O643ShI7b5wBD5LIsr7X7a7udUEsHCGKTT3QeAAAAEgAAAFBLAQIeAxQACQAIAHt1cUiC4MmwyQcAAJYSAAAgABgAAAAAAAEAAACkgQAAAAA0OTEzOWJiNGE4ZGM0NTU1OGY5ZmVlOTA0Zjg0NGMwMVVUBQADqsLqVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAHt1cUhik090HgAAABIAAAAtABgAAAAAAAEAAACkgTMIAAA0OTEzOWJiNGE4ZGM0NTU1OGY5ZmVlOTA0Zjg0NGMwMS5maWxlbmFtZS50eHRVVAUAA6rC6lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAyAgAAAAA' AND file:name = 'billing_b0e0a5f.js' AND file:hashes.MD5 = '49139bb4a8dc45558f9fee904f844c01' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2ab-0550-4439-aab1-45ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:55.000Z",
"modified": "2016-03-17T14:43:55.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_b0e0a5f.js' AND file:hashes.SHA1 = '85cf7c2d6a2b931ad9ab25539aa36cbbb66caad8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2ab-689c-4b2e-b3f2-48df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:55.000Z",
"modified": "2016-03-17T14:43:55.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_b0e0a5f.js' AND file:hashes.SHA256 = 'da172f592cdef05518bbd9ded4812c987dbddc5b4dde020be15bedbe78349fcc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2ac-4030-45e3-ab10-4231950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:56.000Z",
"modified": "2016-03-17T14:43:56.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHx1cUjPjlrKZAgAAK4TAAAgABwAZWFhYzE4N2E4YWYwMzdkOWU3OTJhNjM0MmU2MzU5MGVVVAkAA6zC6laswupWdXgLAAEEIQAAAAQhAAAAS5jnj5CuhHexrEYRlpBXFJOxfQS6kQ59a2HnsXZjML6znj3z9n3cUHcGGBd+j4i9Q+ZQ3VJ8EbljtvuG9qht9fiZljpf8qGLUUtsTneHonjWEb474xfc2hldG4GcDuCRmPXIzayJnanO/MfpYptbU5/GIaA2LRIm1CwiskXxdregavlefBxU91tAhtdl47ujs14X7qpZ9gE3lV7OuRbIq6kJ3NBtcn5k9tPU5BnBX6rPXFavN/lUY/cunDl2Fb97atcNf6t6Xa9jKIkfJ4haSWf8wUOi96+BCTsu2yW2kV2NPaVLCpO0e3XucVUNXaGY4G1MTE/BcHDfpqgbNUKMt3u3FoDAUZL1S60CcZPOcDkv5MW3c4/nC57BxV2aHzlIWKA+rhXaEq3Vrw+kMhAKsyLlNQGRk2OgdyNuZPojWI9LriR+V84qDNCxrTHVTZnml4WmpO7zqJjUF6/js2VkNxgGksGLzo3JHjmBjGFjOMIcM7ftkFgkJtmF4ZgIP87vl0V/46DZph1kCZIZ6g7G6RfpsRuWDAfRTpSzGzm65On4aKidMz4usDl7L/COobS8LBASvMYremXw24Oan3cmgDOi4nPmxK2j56u7+lkfHfrztl8F1Y+Oa5IU077B5ZrJR1PR4x4m1Ja2ZmnWLCu+S9s/yQ2zLtbHArAsqQF/DzcHcg+1k8S6AHEo5gf59zfvYbxVQ9kdN/pQpgD6ppsCUPMjeYyVAgssF+KJGPnoAANpcFXNG1X6L1FmpWtlN/2fKJebSPXA7GDBNxwWiDsJ6mC5lkiiKbt0Gp+62AZpHaYvLWPJFTqaTKgiooFw3qK9ErNZhewO9FDFzibgpkYHEkK1cLQbVG3IuAMcwstpPz3OCX4ZX3Ivhu9x/xXIgzBlvA03+pIQ4DTEV4HgeLe7JzISmi2Dz36qeEP8wGRmYvvdUVSDGOmLQbhc5wVRB6rv/ezgF5hTyzAO6UfK0l22z1IZkUjUa/jd5P86DgU54tB5rCH8HYk9r28LR7UyxY45xx2HufcpTAWqezT/iR+wvQWGwpzYOO/lQhoWOuXrPDIE9xDsEZC2MYN6iEhED21ZI/y62gNuYLOwtGGiOdRLt6N89Z8dSiykJz6kVIavbx6BraN7TobIBNjmIqxPRsFRqol1d5MrUIeTFYuqbDsU0Lg1tUB0wftJm+lU1ESlbJzDXk45cjFgjW9bFPcRBiHKRNYAYKAhz99T5mSiJ2ps+eI4mnqFHARs1XAB6Fx+IhqqgJMPGdMatOe4mDUaSBFP7h0k8TBDQphvS0eCXGTYcu4NMW9wphTThTuHMdcytc0rZ7YzTwDZrf7j/n2bUvj0X7XVDMrvOjy5Q3TSVQ73gq+aziXie21u8qoH9XtVTTOCIuMf6W6Z9LIBgKr5wYDM/DD4meO3ssgZEm4YqNAOj68LylE7mv1ssDYpXVbj4BjyDgQ8cxsg6NqRIYCAYM9+ZQM6Fi+fJ6MiJ6QXMgDWyAVTMYJZFjK09wr0WYPUHto55oQkieGuI/+xPmRhEI/8lpvgKsK3gDm/FoDBz+iuzt8hWZ/+a8H2Sc1z/07QYCd9igmJVFuQHuKik5DCNoqqe+Jxdl2y112IWdH7hxnb9Ny69Sp/T9PwSO84hDvXsBqTHCmctGqbW2SSc2QWkSKyVgDLG65Cm2Q1oOMKpjITVUoGx2uqas0LONWExZvy8+NsB46tLwqiAOkNdMdMryFFXthaBjPiWFXe9BC7QDJRS8eOCMrO/M2Ms53gsQoTw2SdNZ4W55gxT8+U6Nsp1XkM4Xzum+1i/YSmiTaEOcTsl5kPOs/P17pQDf1z08z7XDJbJz4Z6u5zZY/tYgj7fACIXw1zyZijHNO2bhLyfkoqCCV98mIrQxKfEgvfSXV/uu4+xIMLySVe7n4QkjyW3fv6oS3ShsP6H5D204aaxhXs5M2sBG17BRjj2k/IpBAFeoO8H/rk7AnWIUTGfEhK6ucJ1Fb2XuU8LPRzWsUBal5pcEiBExMTXiOMOLfFY2x20yv0mRoWMNF9btQ2cqkibBoW4v6W19kuaPMQ2jg1fIu9ynInVRUakzJqudwBIPC2YnS1wvvoLsTK7Y8iV6GdwzQc6sVfNpbI1Cl9pdUPEMNID/5HPCpLYELy/pZeOjKWO489iGKIxcuMoyyXeVpiYW2c7txWSeMqZ6gtgNXxy77h1NaVzbx06vt0vEVlQC9gxpPQfIcEpLww3B70dyk0iY8cYJ6P3pfCXYH/pIOsP+88eFIkZ1NZqJVD0RzxtUy3iOikh51NTZm3p8bspABV4ML05OQiyQbBTKAj3lpeb1vHXgfK8ZVlWq7wKlaLWb7kjxbj3DDEzKRZLuTqyaY1mSs1xljvfNjXqWI93+aiVBApoUrO9y2rP82fL/jAKMGjnmTCOHvWNu48uq21udRRs4LDOk4tIjOL0cBZIxPDMVP64LLjfOvbkvQofa/ynu33ztwd6e7Q9cVA1a0fZFhBiuvhp5y7Cm1NQtoR6twMWyNq9NRRiULA5IawBjspUftdDNesrAIU5eWzxfUPOoBigo+hGcf1zyPe1hxK9Kpx4hSLTUbbosXiF1WU0SBgZBhKKt7/IUoJFuRkaHhyWsr1fPIhyBtfB0t1qKxmu1zwKAUatpS8yIy8QnIPTYN0VN9Lu/8jF1CvqG59EyjqJi4ny3Dp0XdrAdrNzs5nMFQFZHi/zJaoWLaEQeAX4kQwnX8KfOluSU3yAogdHVPfgSMlVGtz0OhBOBfZ+jYLAYukpclwhbriq6J7QHgRcRinaZ74PyJUyGjVIcYHg0nX7r1L8/h4K8YVO0SCau/MXdvwvA5D33g/UeTP35Z+2EhdgeiqCWg8/9RBUEsHCM+OWspkCAAArhMAAFBLAwQKAAkAAAB8dXFIEvSf6h0AAAARAAAALQAcAGVhYWMxODdhOGFmMDM3ZDllNzkyYTYzNDJlNjM1OTBlLmZpbGVuYW1lLnR4dFVUCQADrMLqVqzC6lZ1eAsAAQQhAAAABCEAAABUqZMIdVj6CrH7OSKlakb4g2TgqDpzLFaxfRy8sVBLBwgS9J/qHQAAABEAAABQSwECHgMUAAkACAB8dXFIz45aymQIAACuEwAAIAAYAAAAAAABAAAApIEAAAAAZWFhYzE4N2E4YWYwMzdkOWU3OTJhNjM0MmU2MzU5MGVVVAUAA6zC6lZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAB8dXFIEvSf6h0AAAARAAAALQAYAAAAAAABAAAApIHOCAAAZWFhYzE4N2E4YWYwMzdkOWU3OTJhNjM0MmU2MzU5MGUuZmlsZW5hbWUudHh0VVQFAAOswupWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGIJAAAAAA==' AND file:name = 'billing_b3b79e.js' AND file:hashes.MD5 = 'eaac187a8af037d9e792a6342e63590e' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2ac-b168-4c5e-b21f-471d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:56.000Z",
"modified": "2016-03-17T14:43:56.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_b3b79e.js' AND file:hashes.SHA1 = '264cc70d445f5d3657db5a3309fb850a8691d327']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2ad-895c-4319-9f3b-429d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:57.000Z",
"modified": "2016-03-17T14:43:57.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_b3b79e.js' AND file:hashes.SHA256 = 'd314d5b902fe1e2dc46e133732e04b2d15fb5cf6f8a725ac1bd7c5264154ae3e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2ae-a38c-492a-9745-4437950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:58.000Z",
"modified": "2016-03-17T14:43:58.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAH11cUgPSGl6jAcAALoRAAAgABwAMGYyOThiMzQ0ZDU4MGYyMGExNmVlZjk3OWVmMDc4ODlVVAkAA67C6lauwupWdXgLAAEEIQAAAAQhAAAAS5jnj5CuhHexrEdPeaBFnSnXgQp45i2TtL90INiLuvMhP80q4Mmm6/oTSyaG4dM0FLsVmx503ZNXs2k2IJeWRxDmxq8Ia3t07qr1FyVTLNm7vfyQkjAXgdMo+dinbhPzZaG0KOaks6Ar5B8+xnBMn9qF9IltQwx9hpjfFrRYFArqAE+yLEHeXUPhmDJcy9YF1XGRPupOtXD5oJzdzscHCoEGh0/4ulcz7Moczs48y8oucj9KzLnoiYF6QX7Ew5SsKt/pXN5AtAGsXDbBLsdnbZDTnKscX5JQ+gJVJEvDaYPJTqTd9h/31SbadeuVA6lojryphLruNA7CHguoY9e0nh4X8UGhLl0Bcy8X9dr7L0cp4BNAs1AVX2Sard09EmAEDJn+MfPkf0TGfgSCGIgVjlOWs5mVDYQvda95dlqRJAMdiGEsV89OJ8fJuLir+QTO2q8QWPjfCfi6L1X0xBsVVU6BnOZgHRgW2y+fVbNywi0lIyoh/Mk5IhBcBBNdl3gj6sJquTTb/QRY0BPppb8fyv2wEdhQHhUvoyScxk5yCjHqNDLz1st6+Tng3SA6INC51SJbkCPlPKoiIvDmQpT1yRpCdNtncES7qdDXGdlkK/mRpendrKoZ/Ala4iOreQqyNmIZwn6TseC0Y/PL79eY6eK705+kERqaNA/hPqNBmWs15z6eCplRh1e3ghqFxnolHaq/OZXtuEUn7UwZHYyWerOqS/qWv/MC7YT4zHxki2ksMylRHqhfdY6bNe/1RRBsFJjebprFeez/tV/oL1TQ9CW66q1RA0AZUGaVLSzojRsXJE4o3dBIhUYee+up+Uo14WJXzd/pWv5o5MoJ2lVGHVRYtAJg91vlHX5vzissrEI3NUN3YkZKWt/oHsVl9zXEgyL3JKc915X6/vIG3BkkE/aWzFFJTpvRrAsWWmru/rA4v6OY705XCSTb0uigDfskUJZCX+2we/4MB4EfdjD2ijczU6rCFPqiYYJ/MCz5xAMFSU1uLWpPLuRX0gv8hxwCxF6xW0AS+agrEG5UJ0auVvtaapDlNfPSd8wsxNiCoE3Vgr4S5hCI36aK3SumrVd21QwjBXPsBZ0/ejB6F3siU+zXRgFBkqq5goRvP3N9PnARTLlvai/S2qOj3d9LmMMCaqGhbCnjHKKlB2pe/DugpM7heSbgiFaFrAGrf4+2PawQSEhhd2fJytuKJpqC4x2uyLs2Ymu6AVHPNax7PYV4ZjeFIUt3HtMV1xlfIKuzRKGlsjBl7lt+LmKVfx4XXqBqJKV+4nmI1v+xKjw4ot3gzIn82oDYLNabnpqXFOcxgCoIaO+C58cAzueT7SCj+Tuukq2EHDE+/i8YO9GIkYFbqu9k0cH5Yu3LO0irApf92AXsOzoy7QFuna/DHxsY0R4TJK+2jtgPoWCt/+vJKvMb7yuLNTV+FTqyk7gtvNeByKPpK1hZWQbb9c8SWBnCvb/6Xn/SWBfW3mxVa5DGBDWKmEkR+fmxLgQz0qLNceCQ8MDNxaizMmKI1BDeY13dvTtTLcopoOfg1z4bh8OPhRq1IE2y4Hgd5Dg0MHNyxpDVYD0PZ+4/kUGkYvZvDYNs9eYdoQNJN1ZvqQcuvEwTCajUcpWgwvG26ebJt00u4tWe0gvj6g2H8zlweIYf3AjnARTH/XFv7nzj3RALzvYrV7zCtVZT07feO8Hsymyzp7qFYfV/qd/DgJnfwMFzVknC6O8JUBkI8Nn01fp7MRpvzC7CMIPDlJbpV4nvYiVFm5XreKel0pp/sdzEa3eKDUNsKKfukVazgoheE2xfzPgorh/mCRG43Kx+vqEW5rqjPOhXLSdeUAa/CvBljfAlHeYIaaxpWovTO364RZo26kDcdmX3rt8xpdjxL1tARp8/Pz79yHYov5A1DFo7XXJvngdGdpAJF50IYStODtIyCg/xV8TGN34YMEgTixCncgKKMIVFeH5KqPLhpeNX3ximwsK/O6gZoHvXHOuaU1jFjsWsINWHhkI4uwqxO4Sv7HDTe17Pxx7VaOzYtZFYTAhzBpe4czfRULMNZGR1nNAky+kPrQy7wys4Z1WCTtlM6Gx09cTTd10hoLuUAc4c691+gmyRaqX0ffu3lJzLPf08w2if8SyLEdNnoF520UMm5uajgA9Yxyby/GVxSmMxjaFtNaFpR08aIvflgY7uB6psMpnmnaanAZ3gS7R5cYGu0B1oi78OahhOz5bcAZadaKHLX1E7ulLpoj0eEURD+V0QeQh6GEyiHGfBxtwuXPvTKwn/fwvHhjvwDu2g/65rah5yXTEPW/ys+OOt6qAqHkmqeMtU10lnHshx1ix4giKcTUblPI1AtRiZzxDjNrAMeiivQOv82czlI4vg/MFSS0znBYv/r/FaXdDI7hXPBfLkrcSAyOJxNJk8VRvoLZOBctIxAtX5xclTqs4iKU4JlXaiU1rztbYmozvXjF1bUQ8Qrwcyp2bdfFVpztRUYQj68vXdKemcOigblrrVBFIafdmwNLJGDeA4Ncq2pVRIsAbL0y51UOGg+MymiP1tiFTMXwmSHl4DCVq94bI3mD9pO6CUrB0HUEsHCA9IaXqMBwAAuhEAAFBLAwQKAAkAAAB9dXFI6JxcExwAAAAQAAAALQAcADBmMjk4YjM0NGQ1ODBmMjBhMTZlZWY5NzllZjA3ODg5LmZpbGVuYW1lLnR4dFVUCQADrsLqVq7C6lZ1eAsAAQQhAAAABCEAAABUqZMIdVj6CrH7OKq4uyw6I8TDEpz8lZyZo+FPUEsHCOicXBMcAAAAEAAAAFBLAQIeAxQACQAIAH11cUgPSGl6jAcAALoRAAAgABgAAAAAAAEAAACkgQAAAAAwZjI5OGIzNDRkNTgwZjIwYTE2ZWVmOTc5ZWYwNzg4OVVUBQADrsLqVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAH11cUjonFwTHAAAABAAAAAtABgAAAAAAAEAAACkgfYHAAAwZjI5OGIzNDRkNTgwZjIwYTE2ZWVmOTc5ZWYwNzg4OS5maWxlbmFtZS50eHRVVAUAA67C6lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAiQgAAAAA' AND file:name = 'billing_b8322.js' AND file:hashes.MD5 = '0f298b344d580f20a16eef979ef07889' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2ae-3310-4539-9b4f-4994950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:58.000Z",
"modified": "2016-03-17T14:43:58.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_b8322.js' AND file:hashes.SHA1 = '606acb1cdc22895208c395334a6694eef889a5db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2af-fe60-4b72-8d9d-415c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:59.000Z",
"modified": "2016-03-17T14:43:59.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_b8322.js' AND file:hashes.SHA256 = 'aad79a4d8083ee17b4693018e660d66d9b039c9ae88ca21959bbd7cb9fdc35d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2af-9540-4f68-905f-402e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:43:59.000Z",
"modified": "2016-03-17T14:43:59.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAIB1cUicw2jw6wcAAHwSAAAgABwAOGM0ZjEwZDQzOTE1MDk2NzhkYWM3YjMxNGRmMTE0NzlVVAkAA6/C6lavwupWdXgLAAEEIQAAAAQhAAAAQy7Bjapkfhc23PPH6CO7xX1GswJEYqID6/ZW4qWp4zFzHDlGIfpOU5rz+bjkDs/DzO/Ytme58wlOB5IvCuqyRVZ/LbVeujx/5Wc86qKe92B2C0qEeK+ESlosUCWDO9Y4rRluCZLA0ttaPDsNNn1i3uYzIH6SI1bGGgKTCffjBOXGyWInZBUDcbnpC0rxlw8SzhcSrYmg8b5ps3EXECF1sAZbCF6ZRqf/LlfCgXxXR9BHFuhv3cu9ZagiUdRoZ8T+FwAqI4/pn4rjTxTvtPSQtWxlqEJW4tsvs36gKut7xKTSyDyW6m5wCtrVYDYh9qYiGCLUsXqT0TSGmdjBR0tbYgTtWYWrQGcZAFIkaBUPMVvIH6X5o4UwPqN2V+m7UZDT/GXBkrzOuSHzUJLq3h1BA1/XCSg8GpsvRmSbofeTXtljQyInFbUmUVugFY2o/NcPJa4Tj2HMAAxiKFVJvet7haL1GrrJ0s+eTNtZ8K2R2EyoFsFokCPXaXyvyKgNOG5hR+Vmq6U8VvsURxUlf53mASWsqe1l4tZe17v4nUof3Q+nhkPZ7W2HrUazPcC0rBxmu9OLsv+qdjpZUjqkoEo7a8VjxH1HdJ/jyUzANPh8KlQULJJIHOq+SfqC/sgG8NPP6NVtHAzPJ/PdjF21SW9uFqb3nfE5uvT2DKnpHolEjLUkW7obti6Qbrhp7jigEveas0X9h5WpFGYzgqINdSB1vfsDEY61tGu3GWjPKxRdHH75nePPk9QP+nkxOCcVUwm6E4bBmtgySlbcx732vn/B2F5wIn6GfFydvuQxgenUqQpjsQL9JgFlHUk916907/wHPTHF3rtf1sofa8IeR5Qs5Xh/FHRmLGhQcGO30nVSWBHZro24tW8kUy/Id69NITENG1qe23xMmLRaM7Z9ga/HW6pyFQebRH8Sm/b19HgUFd10ZFHL55rGRKBssysu6gtsnOMx0Tx5LEgymCjaUO855wnXfTHMSCr+btqrFBAjqJjp7oNrPc797WaYxuLtnjah8TFoFDGWNn7qWE6FeAXMVjS+KuPVKwfG/0RqxQy2o3EieOTVFMRAjyUO/dcALcJstVMyEpLA02BQqlSuA/YEkSXR9EIi7atbuvK7oliAS+Ii3Hg6OCThvpryqk3HbsUsQPAVSsJlzWF7j82vUDNXPji7g4VgRNPx5uLTjywncs+q7z9B8Q9OtmzYkEgNTHNn2rV/Gf4yxnSsg1OrZHckdVBeDQprU0S1yGSG5hRk6WWouhbwbw/Rc9UAzhsv/SpiLDoQRSXbjVyTlySpbmD9syETQ89qMjIoNRNMak29PfNgrYEhDtihNY4GfznTByhFBMAnLs4ZhfRUyd0Az6jvhuT0jO3LKCHCbUQnwdbyj+32Z3CMJcmqEjF4y2EDr43pg4ZpJEpC85AaC+UA065yTSNoJWFZQyyH7Zj+EzkT5wvjaF4LHQyn+ex7m1myZ6JgcWBv0Jbf58uXuBZDh18XH7PWHK4Q//sn4COrQLIathqzw7kQwjVq7y4xY7Kaoe5/4YGLqjJT5vh2idMfuAtxGUgmIC89dcFnFSRWduW6Hke2qSHxJdNKrto3zt6KQ3QWYVGLHvLnc9aagwVQRWVb+pv+wiqxAA7KsPriD2uZEXwp16BwriuCpc+CjvUadDyx5sUGqb5xYy9AmeAkDKqdEX7M45zF5jkUz9MPTmtYzj9pkPBfpmLkSAVIzKQjf9g76Q5E0ra0cFE1oW39CeWH6a8ABEgjVPdMXfbJC2W2z70RGX8OxN/kvhDO/QS5tUdB3h6xro4QdakKywSLDQcdBl5bW3LQ96UdkGCrC2NQUQAsRloakbw0/XK9aNKdTGHLbuVRnPz4KXoHmkFmYvAVyWN2vdT8Qa9s8PR9dkts1Yv5hBJVinBLOuT+RZgGDcHKq79VUyhM3P8E5TpL0rsJoRDFtUphnmMJRkMOgwaIBLzRNSUxAkPQ8/ZliUn1SjYjw9gp1TKJpJaQ9xr1rffpe73fpCBLNvw9480QebQAu5v4BIhYEkcyFXwc5ueEcF1TixE04NzhfTI/sLLIAjEpDXcQx3qBhIe7YRtAELhCLoM4Pet+AqhsKU2QCx+CF1ifJGvFVEfQCJCd8Yi6fdxxgaXm1CYuureCSDtiyXnSY9L3uJNozv7y8wpCoeRwA/f9c5sDidpp9B63IM2JPoWd8VJpeIusoDxv8dh/q7WoIlobD4SGSmunEFrRaC64A1yF6NTaFfDhLCDqDfu5LquO1nCEbCpaMY57J3MyE50jFFB/6uRWy1q2T4zJA9gIuP5+0vXvm4Ie/jcgQRYJHj6hj08gTuc9rdJEmlbsiJ4bSPYuuX43YD4hg3890EoOYa+Mx0OJeRn1r4P2jGi1j3rWxpLkRyVd9W1ZwgqniTn5C5VPKqaEZOCPU1ZjdNGYmZGNi0f3K7u5gY0irIwikci/Q7VnNi9VUTtkIrwYR1JrzE0mlF55P0skC9DjjrQxVD3Wjp2sbNcA4n7UGyxhQQPzFbtdAQQfsO5tFFSyvY76O1kO+Q69zYmpjJTz9bK7pkkh63T6c1B4IvNsoQdm1yam+8wRqfwmgwwoWpYH1CgGJP9ti7TnnTUtdKpz17U1IvDw1AaJh1xamuYwLv1ke4zqcC0Qdry2GBN8mQmEV/VUN1JxSwGykGxUt/+7OZnSLAWvm644D9gn015TjvlQSwcInMNo8OsHAAB8EgAAUEsDBAoACQAAAIB1cUizXj+fHQAAABEAAAAtABwAOGM0ZjEwZDQzOTE1MDk2NzhkYWM3YjMxNGRmMTE0NzkuZmlsZW5hbWUudHh0VVQJAAOvwupWr8LqVnV4CwABBCEAAAAEIQAAAARTnBvNVUDtfa8T/qkg9MgHLrreW5iKOJId/80iUEsHCLNeP58dAAAAEQAAAFBLAQIeAxQACQAIAIB1cUicw2jw6wcAAHwSAAAgABgAAAAAAAEAAACkgQAAAAA4YzRmMTBkNDM5MTUwOTY3OGRhYzdiMzE0ZGYxMTQ3OVVUBQADr8LqVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAIB1cUizXj+fHQAAABEAAAAtABgAAAAAAAEAAACkgVUIAAA4YzRmMTBkNDM5MTUwOTY3OGRhYzdiMzE0ZGYxMTQ3OS5maWxlbmFtZS50eHRVVAUAA6/C6lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAA6QgAAAAA' AND file:name = 'billing_d494e2.js' AND file:hashes.MD5 = '8c4f10d4391509678dac7b314df11479' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:43:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b0-b874-41e2-a4f4-418c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:00.000Z",
"modified": "2016-03-17T14:44:00.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_d494e2.js' AND file:hashes.SHA1 = '79a7d9dbd7f0c96eda3872d4abc5615f44846d87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b1-7840-4548-85f6-4e87950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:01.000Z",
"modified": "2016-03-17T14:44:01.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_d494e2.js' AND file:hashes.SHA256 = 'e44329a4350e0e92481fc632a4588c2f7988cecc0b9ae8d12243352363690ee3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b1-7fe4-4e90-adf9-4403950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:01.000Z",
"modified": "2016-03-17T14:44:01.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAIF1cUjUCq+MZwcAAC0RAAAgABwAZDQ0YzA1OTI1NTkzNTYzZTYwYTMyMmY4N2U2YTE0MjdVVAkAA7HC6laxwupWdXgLAAEEIQAAAAQhAAAAHA8MWDeQ7PLxIK/U0oGkplfKpgdPgbcrLmKVV+Dy7Tlk6ws5t0zg9KBdfop7jjxr5UsoEXdzFADI6hk8L+QvZrW38joJJ3ZqfmoBB8t86OfRtn+Ta72Lzkc21NLX2XwMKoN58FfEQv+OO1GfTMthRDptGqI3+p1wkCXf5gjD5E8oBJ+qKoljtwectXfFkDfpNngpMP2Tvv1j0LCHZCjyum9r9ucS3nBkCLDCut/vjM+6QOr3KMIEG5XgHEq9vudP6k3p2Mn1ouSCOYkagZvD2KihrH4N/w4q1izkX1mpAhtNiyQ4Sr4pY7Q2W6fP1yCg8l6+oSeH6euMgCz1cUjabgjEPL10qMQLbxXXp3LLkTe/tafBTkX65E3Omca56kHD0upCbr0rY51+XSNFSzGr+wA4GlmUINZvRmLqUa+v1nhGC4VO76w9TvQyqFYD2LKqBU1f1z8hsuewZC6/Cqg3QvX1BVDDUHjJ3tVIT9XX8HPxPnPma8dNnAHTPNK0YU4a26j2d0Ze+/cSMx7lMzJoQCKXokl6PsKel4SPcegyq7LlxcSiAbx7PA47k+Ho6zlP6r8RAgE938YJnw5Q8AYiYmCQpoyQqrlQDxPBuh0H0TBTTO7l4zhq3nqk+Sd+IKOKaIrRDOdXuGAuxzZeuIPTGPogmZbAjN0KoN3sWuqoXD2fo+Sp1E1ZLiCtCi5B9kXn904pgyU4eszXaQizizgU42slZFRWM8kvyedMXaRurAYJjM81K6Y0ETUVMEsBJ0SpqnEKHOi9tdtXp7f8W+rnWz8DWE/SuLi6zuyZjiL26NxMfXvwYc/+6z0Uf9ObENuQzmjoiJcdf5S/6wHUNdStHb+Jsg7hOKcIUqUsP8KL8g1I7qJIKw/OgKeMHl9hFhhSVScJ3mEt1S87JZI2W6EBdZB7acFgPRJ0m0h2xYT7h8sU7gHy2tG4IvuZqVuhPum/W/A2LBBDHKK6RGf54zb/qAljy/7YVSS02vTFa4esLV+yeJvcTbhuXEB4LvYpUdfwSbUtbheCLRXpMYAf1cuOsxPYSMSF9e/McT5vcR+9KcNe2DybA3BwBET1hfy9xPm5+pYKE8qTzm61KcMuLLroCtjefXv02CPS9dd656FkvIbYlUxVuS5rmFRIhI7FNQDca7+iX4KFAyW9LsOc8vqrF6SfDvXKUAdtQp8k45yMhOMgR7ecuJ+KhhcbVypC8D9fSoBy3CdqUfJMIfb8l6t8qSjsv+mFTKBqfF2F770EFNabR2xV1CXbUr3ODZZFbjsesv8GBwzITV4GS15lqQOwmxKN799l90joeVupzraXSFf4mqn3INP/pPUzgcizhjw9G7ZKTjO3ToFMLPf/irO2ZuPVSZUj/kMjb3PsG+i+/p7PsImaoXUZym7QUVrS4nc4U/EIJ5eXyc+tY+pi2SoUI7ScfYaIkdRqGfk2LR5ImFvxmLJ8pPiWpwR3aPpneDsp63nWj+QfdGej0kYP8zjlc4hE1hIWtFsgEKmyAnefqma4Ks9+8EbRidWhwyBYLbPsF+M3WhoUfF8zFIvS2oleUmK5xWdn26n9Ue13TnMlagnHOMAAgDJZacKNF67L06PnHITGqL8F7ZLqAQbfXvbd8YbY8Gm56FpFMJDJNFmDgyMqO4+C5I1ptEuMl80OB7UjLONN2cWowQ8LZ6xHxdC5AnskGpuX9EuFhcus3G2RerbvUrTByCSDfTzTBpIW8F3b3IdZ2GGsRU3pCjr0LZbyKWAaMxsgraBI6MNG4gelCxKDARHry1tZG2v+vsbVh9rwEgU2obXJfdv5mHQPg5Lv1+stnfQDTlxyUBcayMOj7t+leDF5IqPFrReHWj4o5PXyeA5rKqOYECR//2z5F5Kbd2SRy3pab2aLNOcg9zAoHdbVOJg42jeVL5oYa+pKKLnX66+PfkHFZB0MaluPJ2XssOMcGFLtD0Vi3qiZc2sBe+ETpb5zcIvuyBcwva0eiS4OE2zNZW1DVdax1exvjlQulX0E6cV7soW2ZpibUc7I5L9ueAh1PRmSU5y34GOjwlVDNg/kbBe6kwDm33ucBkUbTe1H8ZEZmrNZhUvndJkp+1FD0GMMcHW1C3DrxuN0mMNxnUdEtnbZMeFAhcNNpKkkqDCXOe4ZliEWtgpNzvrGjkVjHNGnSrIr+Xa9+7ueGaeHn99rNkZPv4GNLFjjcKdMqtgl9gSbIoOmqyVC6ZIAP0uN0u0hesb9srCp7JkrAHPYlpMqFfHP1iRQuzmRL7254ZrJNEjqg2ZQ6ys3lPxJEcdHmUsgJYBo1OA1f3ids3MTxN5gowJCFNMDSpu2W36qA94Hsq0ZU7M7xM22fkXiZBOmLUBp1PWfOJ4yos0W+Rou4itObG8+j9QOJOPNzR6Q0iyw0e1vejWMYzHQOlNbMX49Nd66wUcuoAU9vCVtidHA3Gi9xCl1nza6Z+actfkb95HsiOvWdN5RcJ37gkxFV1EfneSk2/tTCd3IPfSej6yWOeg1jjl0UGEciYS6KPIxTWOD14I/EL5QSwcI1AqvjGcHAAAtEQAAUEsDBAoACQAAAIF1cUh1PJFvHAAAABAAAAAtABwAZDQ0YzA1OTI1NTkzNTYzZTYwYTMyMmY4N2U2YTE0MjcuZmlsZW5hbWUudHh0VVQJAAOxwupWscLqVnV4CwABBCEAAAAEIQAAAPiv7SWrDjyg4IUTKOYySHeCahFH9C33WakxfvRQSwcIdTyRbxwAAAAQAAAAUEsBAh4DFAAJAAgAgXVxSNQKr4xnBwAALREAACAAGAAAAAAAAQAAAKSBAAAAAGQ0NGMwNTkyNTU5MzU2M2U2MGEzMjJmODdlNmExNDI3VVQFAAOxwupWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAgXVxSHU8kW8cAAAAEAAAAC0AGAAAAAAAAQAAAKSB0QcAAGQ0NGMwNTkyNTU5MzU2M2U2MGEzMjJmODdlNmExNDI3LmZpbGVuYW1lLnR4dFVUBQADscLqVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAABkCAAAAAA=' AND file:name = 'billing_eaef9.js' AND file:hashes.MD5 = 'd44c05925593563e60a322f87e6a1427' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b2-f520-4ed0-b00f-4383950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:02.000Z",
"modified": "2016-03-17T14:44:02.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_eaef9.js' AND file:hashes.SHA1 = '248388ff365309fc40bd0c4b1dc12e8ef57cbebe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b2-16c0-4ac4-bdd3-4ad6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:02.000Z",
"modified": "2016-03-17T14:44:02.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_eaef9.js' AND file:hashes.SHA256 = 'cdc30cfb941e21e9baa5917a27406f317c3e54dbb851e170af4aa3333149d68d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b3-e874-4844-aa76-4ed1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:03.000Z",
"modified": "2016-03-17T14:44:03.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAIJ1cUiaU96x2AcAAEESAAAgABwAMDY1NjMxYzY2YzUzNDUwOWZiOWQ1MzhlZjQ5YzExZTNVVAkAA7PC6lazwupWdXgLAAEEIQAAAAQhAAAAlXEPX35+sgEqnobuCOJZprGi92bjXMbkDmBGU65crwcA8KHQJWZICQtMflrFT5LGHqiPbksv5LKiMhKFfH+17PjRzb8STb6wGfxoxcflxLrXflT/qD6QJq6Gz+SISqIreIZlE1OMF1AYvJyBEC/umV1JIOAcKvHlNOdRJf2XEG2L6HZekwIdkJuicQiUTeRXVVxCpaO81aEI4H2FlTb9udHrv8WiahUkF8gZJ19iuhaavZYZ0bQZ2sqAgJuadjtMJ5nE7WwhEiwigzSyu8SlA9OViFzYBELj2AsuPA++JeMUC4sVquWYZp/jLhy43a5cubtS1tkI1dMiOO+f9gAyWElOrPadYUXtV4XqfcePKG2II2blffiuZ4N/eXjMwd6JrQDqd6ZNr0U2GTuEUOwRi68R1h/ncpnG6PGI9Bh++87zFD0hbxSRNo22BcMlVLmcnGJO29qVvBJC9Smv11iiO8REjZOnDeIglpvlnpo/ExDuljmxuGNpYX+zFGoURVRmSaGxUfOyoh3R9NKuTx6VPou0NI2b+b+Os9xvKzUsJyZE4ttadgnDJJOh9adM0aHGutcCsIMY+UNsXeS1w6K5YssoDvMMGrbfBj3mI7u2LBsyiqBqD9DPyf/E6VSbQCcPWJIKbfQm4jW3IrUbQ8WUum5bDHVZ1whiGZ9RHKS7n48KuggAEPJ9VH/flO8UGuZRTK6BZn6IMndPKrHsWPbZ7PXcfEOikdDMeKYUpSzZTSjGO+n1Yg+mUUP2d09Aui9Y95AbtGU+c22Vx5KZxLssS+eZ/lY3p5MCwS6Oe4T6qZpo4UNT4NNjNtGSr/ZGJY6QO0DXmr/ZJvKvz9MfoauYYiqMSwGqXbu8QxjDo5z8yDMKodktdWqKFPvLzwyC2GvTC//HDmlPxnVRgjhaxG29nrRXMv+uWB2AOB1zlsokhosAkDPE6Od34mczzxTWWnS8ra8RlxDFjhvhl8PSYw9tZVX0m9sHwsRnrBOoRLo5VeC+grzVSJjgj3gpQX8RHBpgLn4n8oJyyuEz7QcAbz7Ss5sEOkc48KwEsKDmVw9D0lmRlvxmoTKKDEbLGnkscnZAlH5CQ7xFpWfiGF7mNit1d7w11qOf9mJK8w6tgMM/wlsPl24Fbqxsmy8NDIdX0YdgInpXNN+qV+AGufEqXXZzarI203O0UB1ekKvHgSlF7K2/sJe7WQKaqBmehxXevwFLqHThdqGUVLLIjuW3vvTlSaNQU0nIuK/orvjsrRR/wrA+6fXHNUdqrNxUdM0f264KVAfm9M+BFV4Fa42NglY6Zq1Bz0+WRyq1cOlAxSC8ZrU4fJRUs5dMBaa7csJNdJOuwz4LTDXcK40sGT1lY0aRTBjbpNnMIN44FKKggmeGtiRpLqvso8o4JNQDXSQDyWfsZzk7WSPKI57oL1GfC7zTyXXkKenJDyvPMVt/vVm7qjq//Z6JPrEBGUVwu+NY8/hMZZW8fE4qF/Lrs/okbaRWze6rEMfkkrDw9Wdye9Sj6Y5IRjcOrLwKk1DhF8k6y7/5hfEpACSXEHMrxZDFtoPuYdYYWznZxXQMxou5wX74qo2mULz7k5YxmBfMKYttDQyTAMAeVVD38ReRlnGrsgVYb2j8TFDMSJXdLf54cV5BU6bya+0vWvCSxLr3nUFbSi3EqaZbtMbXs11eT6ZD8lriZuNy52+VtN4v0h/YWx4yPLq3RFm1hKnBG860bToxZ/Q7S9NAU7X1jmoNt1uCYJhfJjV+X3q5B1nzssHmGaRrbZDf9U+UOuHidfN7uIxadM5RCB+sbjwk9QdSoEU/XtcxAiSIzMcMQUqSLjcBMcb6zh46/M7wT8GaoPXYiEhdBSU/zA3SI22xfVGYughGjz7ccNPrRwx8EYKBU5rdkxlFNSKH7+QXI5PTAFeCBzE1K6IIdyBihc+knWF85XeGWufguJCSXXUGfNE1xQWgyDfndxcf4s+CrgN+5s2Y8YVtMrtw1TS8p0oJq2fAdDfYpmJy2ANmGF1y38xWLMlTEj0lGheSns0fOxF+IzDScn/quFC3hxN6nwWmGILMDAP0Hg/eFuj/xYd4N3V7nNdhH4jMhrORBdyuDIWFsBC7yqxvA+P+NlxhCkyCIM6D7s7Iuml/1Pra85ZecxfgCOHk7vWR/prLR9KBwX08ioCjlG7aL5NFKCicCKrLNcRl79uqAGxK8xd7UX5CRsltJ3fzb4/FpuLA4G2DDC9L+n0l5cm7SMMYJV1CrnX67V0/zjWZAXAGR+CJN3e8fHXrlHHt4pBtkkjztFv83IRG0CfCqVeYyZZBvf2hKYYD3oyWvE0d7mS3/psRTCHKllblqTR6WZ+vsq6kx9xD6OQYT2fc5yfFsqilElmHQ3KekPGRVI+6CZPcubUwO3vRd85VGMT0e1Ey7uMKkWLDRjqrW+Yizc5o7DBiqTZUzCb435kWXz9ykI9ql+fafW1td1XvIkWUAQ9YCJPvuwK+/uV+ZqqAMZZXZ2cqAAHmOshU0fD8SSwjzEYCsfqDceMOYToFKZ/tykUZSpSbwIa/Rs5TkEpziX+hjoyEPXAji1jX7fC5JEqYkPh+HVOuy7hKrb30ggubhA1oCsQHGFwar64Vn1GnHq/h+f1DFSf5YHOz8Mk0KSkD3M7jt1o0DQSQbD+TyqSfmbMlOMRWNUwrxD6kLFBLBwiaU96x2AcAAEESAABQSwMECgAJAAAAgnVxSCQPaXMdAAAAEQAAAC0AHAAwNjU2MzFjNjZjNTM0NTA5ZmI5ZDUzOGVmNDljMTFlMy5maWxlbmFtZS50eHRVVAkAA7PC6lazwupWdXgLAAEEIQAAAAQhAAAAfcADibv+hqkFZEp3OU2NanmEGKajCUJZq9PNHRNQSwcIJA9pcx0AAAARAAAAUEsBAh4DFAAJAAgAgnVxSJpT3rHYBwAAQRIAACAAGAAAAAAAAQAAAKSBAAAAADA2NTYzMWM2NmM1MzQ1MDlmYjlkNTM4ZWY0OWMxMWUzVVQFAAOzwupWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAgnVxSCQPaXMdAAAAEQAAAC0AGAAAAAAAAQAAAKSBQggAADA2NTYzMWM2NmM1MzQ1MDlmYjlkNTM4ZWY0OWMxMWUzLmZpbGVuYW1lLnR4dFVUBQADs8LqVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAADWCAAAAAA=' AND file:name = 'billing_f36bbe.js' AND file:hashes.MD5 = '065631c66c534509fb9d538ef49c11e3' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b4-f9ec-46f1-a42a-44d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:04.000Z",
"modified": "2016-03-17T14:44:04.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_f36bbe.js' AND file:hashes.SHA1 = '339718e53fd222df0b8403cb25d123f088a0f9ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b4-9864-4fad-9d46-4884950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:04.000Z",
"modified": "2016-03-17T14:44:04.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'billing_f36bbe.js' AND file:hashes.SHA256 = '970de0d32aa3299ad9fd22e51a86e83c0ba58fdc18df6eaa9171d033aee3c1e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b5-0940-477c-bceb-48bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:05.000Z",
"modified": "2016-03-17T14:44:05.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAIN1cUh9L21ZdgcAAIIRAAAgABwANTU2OTM3ODE1OGFjMjBjMjM1OGViNjk1NDIxZmQyY2ZVVAkAA7XC6la1wupWdXgLAAEEIQAAAAQhAAAAabiMXH3T7vZL2y4v+7r96vVmsFjyWzSuYYqdnxKOMIOrOSU2Q6ZZfMumFWigIUOgs2PVLJcYRb5roTwCb7Z5aYNvJF5vdS0L3NPgBjy4tqIwldL2n3a3fSvJHL8Qi9tqyxAk8mXWKdgL5lAsSoAnnlgBpb3Gc3AS6y5dHMhnU/rkgKxRZm+0WkKhbc+bJmnh8kje7PfWGmS+1RXLSz8+HAICCMMqJYFXeym3Nm0Swy9X8KnPtK6d1sABP8Fkjcar9z3G9cHgreO4rUaYpbCC7pmyTUJmOX0Arb4caxcodKWBHWvP5V8E1HaTQH50AuNVLT0h/pnpHqACoUE3aVUJDrj1INfOSMOCqGptngpHNLvtXkSjzP+QvufSDWN+LiQZw2/2YWOvCmq8NM512YpiKLydKN2weC/R7aOM2/Pfwjyil4SqQJX8CqyY3wFa6bFfF5P6j0DpR1yulyGYFG7KDqUW1SWn7t2z8OI4KwXjw7DRWqxE5R5Au5A2UG/oxq+N4MXXCvVxc+c50/tb3JoXaeGBuugpD3RMAyEBOdQ6iyoNl0/0QtRITmFKLE4ltCMR/DCK0KE03trMGd9Hms4tsLBbn07pVVPBYQXyu4PwKfTKndlVb0SPZTjg3Ecxm2cu/k11zzhXVvrv5j+1Rez/7xE2VgKxWr/AqzXZ8OfQR/mpjov8h2tXZ2akpBX2USSev6XbbhzJ3ezFYIoDZT1sZJvH5Kgjmvw2XifQ+HXkguJIFE0AjLrAd6bU+XJ8s4jo9tzt3K7amNChY7V7a7pLWYrGVLjcgWDRJDvOx5VWL31EMRuEyz6cB4RTGcKJGiFniOr8wXGaIpVfujOVK9ixoLUXxTwkM7qTBcFRfhByq6tLqIKlxS4k4BXujUeospcyTiV40/mAJBMQvgfXskWcjZ+oWTdUlIfL9Qmzh1FbaDRZsFbPnZQw7QG3WoupIdm1iaFfznIvvrsfHYMlzQTwIghfrkHLTSn+jOZhg7Ghpf1N58MzwnMc0wJoRhS8wZKlkC1bZAzi+L7Djh2lxJVX9dCTJAaYNcKKF2VlfXsu57ci8+AeCZuHVVzQFEYbmEg5vgjvvyZKknTS1SKyvmlpJaZS01u3joN0j3LWygFs/KQYdGIzvkXITJYavg5Kxiz2w13EmyVHISerW1Zzpa6Av9qKxX/Qt19cJvHypaT/4VFpx5gwNsChwzA5wFIceIprQxVCAhvYR2uTF+PLXazfgybgc97gkZaLcjnD8xKxFtUy7zWiCPW70lZAGAKq+gg/UQbhWc7zSKJROybXqHZiWbkWnppnir1StD6bGu5byKBxMairOOUTGx8b+VsVHsqYcYqX9O/r67VHZ0foHou/V3L6TIZCxtP1uHwUSU9Mw9DItDRFnx389a5oCszNxQ4AZ572O52T6hhvUFA0nEpwG9pexWnct9dbk++qD3Zzc5d0Dcij0lPxFNBJM0zErU1GKGpQJZ97Tesqw4OLrm0/9ed/xmlyKxujjURXVs87Zds2Qht8UWsLN7owNGGYQCIN3gr9GrPvl0MSHGfl+7aHn4CCYY27ckgcZCRBXc0CUG439g1w9YLTJdU2LEaYIrpoMAxjOO15S3TwiaZ0rtF7PWa2wJ0HNO3NEeQlQd8oYYIJIQqMUoEV8Sl0+dXjmX4mTwXnrusMVOWF5pX9b7R2rRQndvwOjBK1sEYb5RkhVinnnOn7URZhGxzveOKEBvxNKphtjuB+AvmC3SmDV4BaKu9Zh8yDQVIuvVU8YpQ+txN+WNINVpOPrFOdOX3WQSuK09BGKvIQXZb7Z64a8XnAAaMil1qTSpp5cwWQOinD+7PB15kbw+BF079s9XbTVqYLrC5Yup6VybTTF1pzycqqYh/kU7DdWS3X4gEEwbVBef4Zvh/GP02PmTy/pAbft+piIg7slhUOsIwoTv40SaWNkxJ14J66gQtPpFZZBeryTyefwhgX2MaxULfYjfJyEj1eU28DBu+L6iRKw9nrBwNGiysVu+Q7VCHSrhIxAvFdip2hHci4FoUOjT4M51ejhROhyLW/L7Mrlqpe0aM28vLjoOU+zUoZszsRvlRKC22uA5V6k/NcQnXYX1/5Cq5Pz34KC0uGjyOLybDK9pdLkO1ni+J2o9wGh+gZ/M4heW50SlCKhUPAsnoFTQbdRrm7SAhKpUD9G7m0JEoloKFksRSB9Y9xaQxbe9ZkZvuqwPDoe8Bj2NiPHtbmtx8YAVJcQtMZpegcEiF6ZpEujxBwtW4IVMopvaVLv/ob69MvxA69lIezQTlmROc4ZAIHtgjCAcXXAy4uqQ/J8G82quV74s/uMeNRRmFWhUd9DZMui+B2YmTTgi/C7BvZi7lHrW5l42fD9plYuGkO3DvDDgTWiJt6XH6SD928ZZmO1oDE+OqXNFdqAhbUSE5LeU+Rb2ZYAafKO3G9upl3RNnwfsB9mPAhNMIsIhsl5bKcA1mOlyRq9bGT84hos9t70gClGHA46mz8/8mzQXStuKC+7NFnsG7AeBb4+DkExA3H1ZKCy8drPnDR3I+OHWRQSwcIfS9tWXYHAACCEQAAUEsDBAoACQAAAIN1cUj07RR+HQAAABEAAAAtABwANTU2OTM3ODE1OGFjMjBjMjM1OGViNjk1NDIxZmQyY2YuZmlsZW5hbWUudHh0VVQJAAO1wupWtcLqVnV4CwABBCEAAAAEIQAAAHqIIP41QFDHZvQMvUrx0R0llEkDC+pwjNfDBmIoUEsHCPTtFH4dAAAAEQAAAFBLAQIeAxQACQAIAIN1cUh9L21ZdgcAAIIRAAAgABgAAAAAAAEAAACkgQAAAAA1NTY5Mzc4MTU4YWMyMGMyMzU4ZWI2OTU0MjFmZDJjZlVUBQADtcLqVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAIN1cUj07RR+HQAAABEAAAAtABgAAAAAAAEAAACkgeAHAAA1NTY5Mzc4MTU4YWMyMGMyMzU4ZWI2OTU0MjFmZDJjZi5maWxlbmFtZS50eHRVVAUAA7XC6lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAdAgAAAAA' AND file:name = 'details_1de720.js' AND file:hashes.MD5 = '5569378158ac20c2358eb695421fd2cf' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b6-26fc-4e41-8dc7-444c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:06.000Z",
"modified": "2016-03-17T14:44:06.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'details_1de720.js' AND file:hashes.SHA1 = 'f7d2d5fa2dee663b299c3f224cc20acdcc8f5ce3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b6-b19c-4ad1-b647-47e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:06.000Z",
"modified": "2016-03-17T14:44:06.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'details_1de720.js' AND file:hashes.SHA256 = '4128071eb23503b6bb9faaa8dd5a2fd7724b9ce4bc9f4b36cdf40e07824aae23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b7-a288-4668-8a74-457b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:07.000Z",
"modified": "2016-03-17T14:44:07.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAIR1cUjGe91MjgcAAI0RAAAgABwAZTViYzkyNGQzMGJhNDgyNjQyM2NjNjI4MTA2Yzc2MjhVVAkAA7fC6la3wupWdXgLAAEEIQAAAAQhAAAAlXEPX35+sgEqnoA/9zz7uVtx8hgNhMJ9dacRFEYxQyDVZl/DisS5gVh60P+02emWZVUJJHwriDu4fbTz/MprbITUGj0lyLnAbjZmyXQ3RsyPWf3YI7pVMlsCwIm8+WTG65qJkFyfKDxAj2qzhWUl7bxRMkRrSsynaQOFHgo58RFmUukLZQjOpempI+gWA7yvPtdCvehwe+RO27dMvq9uMEO0F9WJVkuIOodftj8p9+9hNyZOV8kQxjs4QJ3W8SvtbdI+PwqXMdG6rkDrVDWh0EFfzy9ZDOPRwNOagNWFpxwsbcUrY1vMU1zPgaI67wzEWpk5QAdbR4oCMaLuHyTGM3VfhysN6rkZetbVl7kLNLPe2+4KAdYTesYEOwzcM9Zc/dZJ3+oGgZMsW4y9l4hrComau73BgNGKlqtLOL3T7ZwOkWpX1tw9y3dmWiAt3gckljqrrnivk9Ln1vJAIK+h4nZrC6Iv5NYHYDaMRcIVaIsU1EAmoiWNGxA2z3fLyiiKLV4J83kWlfOu+P05lSXdrx6j78/vDB9zswN2WSod1IFAlUJawlZAKkSdOvcnGn/5f8ABddS0naUpZgXBetD0pZ7GbxcqcQslTG4MaE7wDrcLES4+85HEBEYoW3WenJiC2p5eLE0ZBjpOlAvktmE/mGyEAJFOloiQkm/wtNJbOOTtMVJbEHUCwrQmChwgICxBwuBArkjEjD/f6jo5cFFF/uC0RHEBsBybfaUpPE9tju/uEJ4cRlf4jRjXqNjadoYILJYTtE4mX9nhDyxD18c7XyvCqkrLVJIjt5EmYNaqDpBie5VW/14kM3dQXSLUUcCcEr+BgABczvdnNdpIJMu9p7UkbE482bZ8LZsstkEs1WrZfUMW904kJvqTXAmPoJWwArxEFgAKOoPA3nu0k0gTXqtrLHuon6V5gtlH/R8rZUW0YaxAMFAHK8wnkdP+XbqQYHI4E1km2aG/eGyxnKX/Ew+CES/du3C4ubAjk6FbmcNoZf1N9NYS26thdBKBAIzufjxZMYE8BenwU4YBMrsW7vLLA3rtwm0DJ/ZxtFE6hKq+th72Oand4nLiLrdzja0p9wjGx34H3ZERT0SiceQ9ybF/U/O9SkMqKez5zjKP2oC/b9c5rPAKHuF4F3Mi0AXucakf4nLHfWBcybZLcS7cPdtQjqJJA8HOcU9gJiErVqYoPAikPsXxKuC8jgphDtHGw1GXzz2CCqNvec5U9hLrezq8a1f3kwn/ArjOiA9Lg3f/1CgxSXdvlN8gpv9BOC2zej/IAdAaoEKZZl1xbslBwM5Ic76UEVHVWBAvAuu0AOZL8D4pToYLKmzJNly1rF+fFlKTYbeHcFpOVY/y9WZWa/2WwarUJWqFk2bUUD5w/e6Ajpg+i+smGI4a/eXJ94tLphLQHlWk4Z/+MJyrX3D/6K0LvKXf7xzeZke1a5Bt7hHroCPAHxqYEBn8O7hnAsjm8Lo8lIrE6BZ4nCe+eDYLFJyTqkaegLYOJra/5nboGyNrRpgKJC5aj7ssQftN7e1njTF/+K9ug03NePWWOtBH3VziXXsGgc/UPxaKLisJszhQn20YbJEs5++UnahpTiUUAZDiML81XZOcGvKI4Ak9XvYC3eqy/N9h5JUgRS7GQHv+wU89xDVhtsEnNM7K5cyfy9Z1SLsdwlR6oHJNeRA+2RBaqnhGBnFf8lhMbvtUKiIJWNFD7ssCiPaoOAckEZ75ZoR9NP8I57EvbgMupSw9HpArY2UHFTErMjlGPpZXXfO/sWEkG/oYIoSfXDhqoigyC33wr5EkPDs3GEVMYTf4k8SzBKJPy7r29MpEONaJG0Uh1yQJdEsLdQL95Ar59gJ5nQzp64ugSHWcNekUb55jHXyk/N555iWMR0uGVg3I2VuWccl5rXvpaDaYuWNvEvg4/AOuXX6j47ZEo+r00pA4b8h5EaowrqBEsAMhM9gIvU3GZbt2auPjmmWxeWRg8zEPMwt29L46zCtYAJXI4ZvTvdBHmbs34nz0pQsk7N2wM8twVx3n8aTKnbxWjTzUBoa38ndA8jG9QtchbW6jDsBnoaHu4h59MTsINdYBabJM1Z9GYCmqTYcRQB2jXczqXF0DNPi9v+LuzYfyhhhzuxyq10KdYPEBkqlfSYKvIzS95r/QzQQulWN6HHOBkMmYcP5ay1REi20VRBBZUni/yqM2msi5bboaCZr7ME0ODdDrJFufiDERwH4K7M4gIZShFMluRElAVBQSBgu0GXXTiPfbLspVKeOs/X1EpSmmZh9UxZtjkuEovK77q6JykAWzfjnvbn64K2sjr9+hO3zXYnmgMjFvKlDMdM5FSxz108DQCoV07CUzpJzH314JHu+Z6V5UN8cYQ2k4aiGcGJGRW7bCLW8RVft2U83W3Ju/evagcWfotS1rJ6I5vrpVf/fS9A70HnKBgSZbVR5jIZIuPwIQWwHjV4M4VaTa6po7G97lJsKTa17/0q2Nd+X5O6snkNPvupQZusfNBeDxwImPipXeJcnsZfmCjZNVj9qv4/Yg8TZVTGVrIyiN67X0OuQvTHW1vr2dQog8I6RnuSmSQwZQSwcIxnvdTI4HAACNEQAAUEsDBAoACQAAAIR1cUhXPAfrHQAAABEAAAAtABwAZTViYzkyNGQzMGJhNDgyNjQyM2NjNjI4MTA2Yzc2MjguZmlsZW5hbWUudHh0VVQJAAO3wupWt8LqVnV4CwABBCEAAAAEIQAAAH3AA4m7/oapBWRM/Crmb4h8yJpE5FhdL1fIwkqoUEsHCFc8B+sdAAAAEQAAAFBLAQIeAxQACQAIAIR1cUjGe91MjgcAAI0RAAAgABgAAAAAAAEAAACkgQAAAABlNWJjOTI0ZDMwYmE0ODI2NDIzY2M2MjgxMDZjNzYyOFVUBQADt8LqVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAIR1cUhXPAfrHQAAABEAAAAtABgAAAAAAAEAAACkgfgHAABlNWJjOTI0ZDMwYmE0ODI2NDIzY2M2MjgxMDZjNzYyOC5maWxlbmFtZS50eHRVVAUAA7fC6lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAjAgAAAAA' AND file:name = 'details_03bb2d.js' AND file:hashes.MD5 = 'e5bc924d30ba4826423cc628106c7628' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b7-3cc8-4a79-af65-4531950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:07.000Z",
"modified": "2016-03-17T14:44:07.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'details_03bb2d.js' AND file:hashes.SHA1 = 'f237000ba2f879942308ad2bc2ea3984f8fdc713']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b8-21fc-4990-bc52-4764950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:08.000Z",
"modified": "2016-03-17T14:44:08.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'details_03bb2d.js' AND file:hashes.SHA256 = 'dffed482df627d474717ed5b65a3d44446c39d93f70f1979f50e8c4315a881a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b8-de40-4816-9d5f-4258950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:08.000Z",
"modified": "2016-03-17T14:44:08.000Z",
"description": "unique .js file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAIR1cUh8e2e5aAcAAC8RAAAgABwAMGY1Njk5ODQwNWY5OGZhZTk2ZTVkZGVlMWJmMTE0ZjVVVAkAA7jC6la4wupWdXgLAAEEIQAAAAQhAAAAi2utK/QcJ5vOJmEYzwz9II6G29q2OB725EAeu948tYFM1kyPBwzf5OEFnUe53Zgm91VOez+EmSD1BfY3mZua06kg9WiS0wBks2UcWTHJUfW2MWneSa+H0gySupboWtFntUC0f4TZzES227wsd8oZ7WwyhO6ry40jg9nkHaz9Oh4Bj1VNxBcAcpFZ+SjBd4oX1d7LczA0CFJosiscwRSO+ouSgKqAXzJ+1sx8o5BKN3KW2Gu9N/LKlG9qQ1PEo6ANC7i++uGVzULP9BfB6go0/TXKuFgyhSv/2BFSkyH7IqLOpzi2gd+Oba51pu1SO63CcP1eIh4ebbHu/DWuoxAELs5KgGZUXNLhW/tleJfIBlvCjL8j54+diGfi68H/+krfI/CKRCNSuO8h/f7SnGQJwBUMeFSzWxMDHjlXmyOtK0wm8dsEiVmHHulj50yD0lPeDPa5ArHlaZvzhDs5P8oNyKtwlMpihY1iyS158GQB7S09ZwNh5uVpeEHJfxY4f9ZeT0UCye1VTzO22LmzoVorkn8Q15tiMbp+1nw+9+ATrB7YtkLaWn6WcbGbRNEatNUgrOCtBdElFWuMpryZpcGo87epeVeRngwReCyluH6pl9eMd7+elP1h1MT2klg/y9dRgaMuzfNeUoQ/l8xpW7mgWJt4ldWtEhC0pVLs//wuRKbif+1OqO/1oBWeqM3GR28DdC/DoZUV/+bXPn4hP7ZyPE56fqFBjqaF3Qk0F6BfG/UI6qL+BozcpIrdHvfTVzzPFWF85g5pO/yDvpprcxvmIS3h0wmz242A3fRCeK/H2Hm2LrXUu+95/vG8wB74AnpZe3mcwiEZsXB21mfmb0fxe4AMv1fQdjH4/nfaQwnZgA0ggFPKwvnd1VnF9vKS99SRxrkzit+4XQrCV1WgdmVp8CSGOhdtoPtKUJntPlch3hG7RsFo6qSwfJgQOcFMXCiD9C8sCwHwYFDXUeFNaukofZbt8jUaG1tK5A7TPDAhv5yJqq5dMyffBadJRWCQ3heu8xdP9HSsB9J5E2PFaBFhoGO7T4cJlkrpBCEZR00e0NDHhprcC9Kp7ocXvCI5+Uk4pN83omXax1KoZt64VaPFABEP0+QE2zNYtwXcHZj5L3W+MJb2saaAwqLgYNaIr/n4jyNCY5jD8DokJXoknWZgN1N7UHyGE16XK6KbVW8jffGmIUE+qLDurtnjisb+JAEmhWMuZR2LqjnPoIKtC6kIX3rOy5bc1eDFLnDrCCJc3VL/132MdCK+RQgr1ZEFi67c/fXm4DmR56Jplea8BF/n6giX6iucXFctMbGyUYKeJ+rEyHdyhan+3Ilet88OtlMCWQjUhXe1zA1NmrbdfnsNg0g00hGJkW6KGB3SD256o5B5fR9IPuqrQXbNfpSCeSVa8cr5GwW6StYKx5yoX+hooCE/mDxlePRKGI+hcRrpnOmQDwMvXjFt5ZgMScNECdE2b9MtHcFdjSLNA9GcVvELcgmAwyNfQkEutrnCQDkOkt9NCKKkaB3k2HkkJYdAJ5nDJkHK/GnN2Vxw4Uh8jGDSjzPpDgwa3k8hzRMsQgDxiOQhwWtQeoexgI8ZnEoKzgQoDgnhyglV3jrMIZ8N5iwo4HOJhRac6XBBWRQcJZS5pl2FZ54cq+7wQaOL7riO+h+tFKZOvj1rwSrwUgknQ4gkI/6F/7ru0QS+H0yNOgK1/EsWS4z3DqXWV6NKPbYv81r0MCtOnty0NX5FdF1iNwJte1TsoClEVPxj5yNxSJk9+FB10L4Rr0kY/aImadpa21cRpPizUAN2vz4dX6/xFdq9ZXdEXHce/QkBkwK1o2ICWXnsMj2CaSEUOwEIxIMVf+vJUPqChmcQ3ioU+Vy2oXy112Ppynflf8HRkblBl5YnW4FEgC04hGYkJlTulEYLi4rs9q1PlncoHH1+jpoezYuVHY5ps01LQ6075UkXFPJv5GMIdYvN1ImWU/3yZbDaCKnnSASqGxvrnN6P1x72JvCKlp8argphS40eyRb4/xnoSqdXMObYOFlxmNmaLB7h7X3axod6feOJl2Kp1atgTmA36+Fs7gmthiV7cLMJYvh+lg1SDsdk5BGHCocgxSAJcvDdsw4pd9RNen+Rk8xblYGr+/ezCyY2ZLWz81vwPxrwYJ5YFSMKqkv/EsozLmTL2Cbd2SWKTxATvpjoSflkGZQaVsheXQU62yfoQpVMjpJ2XbvDk2R9Yhh28XA+F3CyFG0FzLKWi0Q+QjMU4U8xU+iE9Kdf21beSh1Dd2i5v2H1ifHa76RibOpJB/v5hRf4SocqCdo4aq0M3pkwACZh8Mb9pe00gVi9lZ+nyJx5prweqoIerhKlaaKMEE5a0JfIukhNSPHiytELA7wXgafyJcJ755dlMeTJAKy1DwCe9+fUrkzVCZdEBmhonD8HKGPabyiNaBqZOWx3uUGY1rsqPu296aY+ARO7OzrR8J/3mV3HfpgmH6xyV9o+YCE2uhmp4UuJbelKt+43fzd2O9+wLD5mIqRhlZFdELZ4UEsHCHx7Z7loBwAALxEAAFBLAwQKAAkAAACEdXFI0vQHaB8AAAATAAAALQAcADBmNTY5OTg0MDVmOThmYWU5NmU1ZGRlZTFiZjExNGY1LmZpbGVuYW1lLnR4dFVUCQADuMLqVrjC6lZ1eAsAAQQhAAAABCEAAACFgMYLmdG+mFfpfmEqflcOOnXFbXQU2f1BKsqqoon5UEsHCNL0B2gfAAAAEwAAAFBLAQIeAxQACQAIAIR1cUh8e2e5aAcAAC8RAAAgABgAAAAAAAEAAACkgQAAAAAwZjU2OTk4NDA1Zjk4ZmFlOTZlNWRkZWUxYmYxMTRmNVVUBQADuMLqVnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAIR1cUjS9AdoHwAAABMAAAAtABgAAAAAAAEAAACkgdIHAAAwZjU2OTk4NDA1Zjk4ZmFlOTZlNWRkZWUxYmYxMTRmNS5maWxlbmFtZS50eHRVVAUAA7jC6lZ1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAaAgAAAAA' AND file:name = 'details_6c6e3af4.js' AND file:hashes.MD5 = '0f56998405f98fae96e5ddee1bf114f5' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2b9-d520-4976-8625-4660950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:09.000Z",
"modified": "2016-03-17T14:44:09.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'details_6c6e3af4.js' AND file:hashes.SHA1 = 'b974e38af190daac41efe2d66f477d528c000363']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac2ba-0dc0-40b2-b5e3-4595950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:44:10.000Z",
"modified": "2016-03-17T14:44:10.000Z",
"description": "unique .js file",
"pattern": "[file:name = 'details_6c6e3af4.js' AND file:hashes.SHA256 = 'd2bb6869e33049d104c2d4cc4cbca7c9099d8e928aa555007fd1f4143ce2b04d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T14:44:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eac362-3b08-465e-b1a9-4dca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:46:58.000Z",
"modified": "2016-03-17T14:46:58.000Z",
"first_observed": "2016-03-17T14:46:58Z",
"last_observed": "2016-03-17T14:46:58Z",
"number_observed": 1,
"object_refs": [
"file--56eac362-3b08-465e-b1a9-4dca950d210f",
"artifact--56eac362-3b08-465e-b1a9-4dca950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--56eac362-3b08-465e-b1a9-4dca950d210f",
"name": "Archive-js.zip",
"content_ref": "artifact--56eac362-3b08-465e-b1a9-4dca950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--56eac362-3b08-465e-b1a9-4dca950d210f",
"payload_bin": "UEsDBBQACAAIAPxxcUgAAAAAAAAAAAAAAAARABAAYmlsbGluZ18wNGM2ODkuanNVWAwAk8LqVgyu6lb6ARQAvVhZT+NIEH7mX3iQVoo1M0wSQoDJjlY5HXKTg4Qw82DHduwcdnDsXIj/vnWZQFYazdNKQLerq7u+OruajR4og4EWKD+U80nvNvVpcJ9fm+cXE0cP8mEio+Y2wNEI1sigT3XXOydKc4IEJQz2ChPmzqA4RdrPXXrCpL3uIGHxc5e9gt/UGie8VJiNW8x8lRTmvecjZWhm79OlbTF5isFudZ0iclxmf+4ub1JZ3je6Q1oaSKkbppTqhHVt2vxt7+urwkeSUZ8hIf7cjLoD/I4cd82U6c42V0hCzBl7rzPZ95DmT/krnHTp3BtbB/HXTJy1ZjvWLJthirUjMzhAuZbj+wQnki3j7Uh2pHyWx/RJa0P2s+dAFARak7b+3F1fmrK7u8uTxhZ/mxpZaYJmt0XeYowkd3F0QKWElNv+yuhU3ix9xZb21tpKAF31feZfFw0k9fQNfz8v7yhmXB+4RLKl75G0IiVuAaIY4O4hcDq4Ei7z+r7lnXpWc30RZ4tOxQoTMmlxIRnMQ61FVjiU8ElbSIXfpCDVoxHpdrmx3gSlWVC15hikmRsyby3Jp1xfw6/IcpbF0aOQkyJtRXzhXkI1RoscaCTJCc2O8neyE2FlU/ArGnnuFlcKFwD5UqSHIj0DB2XEVvMBJVa+JILJsdZK3NjZitaXC6YcGrGj+Nsd7HpI2a9DXaRQbASWfgzI4ST5MUK7Xke/p0j2NFd/s1qKrbagPBBL6AVinMFmY5cSK87J7RBdaXuRjWUg7QAogCp7h72+/hhHOtpIojNyW9Wu0K39lolUHrYmsOni2PxzKMa9XOFuyYiZjdRvoknDcAlu4ZuWbh5OA8Csr6aUa04YovO+i5WjEaWoVu6Llm3do3P8lSXO5QDmeS+kcmjMLKl07mO5QKWgfXA6b0KTLHSudw/kRj0UQ+y85oDMWAyYUH72KWl3R0/q+F3TthfxnhaZyMBSUGNSu1NbEu6q1OSoKQGll+FPNq7Uz5S5xatSQ/IRv/8Siw0PJCnZqafH3qnrK6tIIi4DFTwjsZzXD1Lor8Reh1kk/rtFH07RR3FoxQkhhTVO5EzvWCBmbePhXQV7LBdJqreU8ixHZPH8QKLhwWpTJfQwjBGf+Em3SlOKvfIOPSwnSnhlJGI7YTck/1bwAiq7kdjCb/nPcXJ7poRncN/nDACqaDXyCOACC+qtGHVIZjXdbbv8HJ0a8tCb98I4VVHxozXrzpiiSS6VZ6OnU0THwWIsKrslEkp6XODJn/G1enVUs+9UCZcAv3+gWLcmVKNF3MyZWFTKF+XDejPKvyG9ZKTjnvl2V0xc3rPV52MBf/1fBaq9ullggOExfg8aXYPWEV3Vt3pH5KILlWrGJ6gtM8moxfme/g6P8PixLa+tj1genXf1JSMWXJttyt57o1g6VfdAtxgk8jEal2SAaqFr+NnyMjzd8RjManT5kLJtKeUbbyGRk8HLKI1r4q9OWYp2psOEwWRAIhpVSZ9Io9jBu+GmKXdMwTGpto+aDUmddXXcIsHNXhwZQ9Kr5xXW+9OI60Qtbo26AEesTTVmWmksboenWlU3j85CbHeD4OWC0Q/OlMLxQoSOivaSkngiat6u4otm3YikDFxdC3e+IuYVHiPuXjJW25DbIzZbwGHx0NMwmoa9SeCuwqdETVU+KwmD/uYr6q9EggTRN4GhGeGkGWlCs6Kq5uzIm4Qu9G2WmdAK6gue/pQg4/C5YEM4Uyt8UZLwo+Zej1seNu2E+hJYYRR4SoLMT3vINzQDx9GIHqVJp/zhBN/rvjvhRJP3jPvB/MiYTr9fMmHhjC4ZsIpnbZUQutSnBAY1nfToAH41RyyV5w7WKvcp4Ye0CNlDIyQVjWaJmd+si0lJK5CvsEQ45LA/kLe2/k9p99O+/0fyuOV1dEqgSofq+1lMAMxfyVDMR8U0D+s4IQlfgSV3Jr7gXV8VLfdK8RwYFnY7tr4AJtsPAATaAUjJHAx/KykcP38Gn7k2IEqoyidYU89ezs7izWEQgYAzA5qyee7s9RUZaU19wbrGIUr3GGkFNx1rywaBy5EmeGnShBOg67FhZxGmCFzR9IkXOE3gmqfxTqUBmgIeoyaN1ErQDPoMTij6i42JmlPwdqZsyCnz3+bmg5qbA3ZsnxAGNlbqFzAD9l0MExo0hs/ZCk0djS3OJ+wEGS/2ijxjK9TmDKtwDweS+UnUQpSHBla4kxQDW8ddWEoCOOpEx8aYDdRQf4GbMoqqvPw+Ll9zm4K/f6cuZTNoBT06MYccddDa00jtP4Qz7npKiBEIDFNWzE7vC8DwQ0nJQo0X6HXCSsITBjYC+JArjt3nglZhQa7PvsR3lforPh+eX0TGpxmdn5QFeLsxUHjXcVSUaFiMQUj4RUkr8RHwdqQVelMSdCiboZp7S6Zzks8xA89TZt6yaxkjvHbZv/AOZivBK5kmPkcoPa05oOHZzQFUn+HI+fEPqIsvdlopgfe+Q53nMkv/AuASvPd8KKAWhEHsxYvyxPETCfzPArPoDIT+MSFBT0MjWHPRHmgBuOv1X1BLBwg7E8JJcgcAAAMRAABQSwMEFAAIAAgA/HFxSAAAAAAAAAAAAAAAABMAEABiaWxsaW5nXzJlZDM1YzdkLmpzVVgMAJ/C6lYMrupW+gEUAMVYWW/iSBB+5l94R1rJ1lycIbPsakVijkA4ggmQZObBNrYxMTYx5ozy37cuA5OVVrtPK6F2d3V1d3V9X1V3szFjJcopfygfDDsfbX6pfvhiz8y4mqglrbKBzsUEO/3wA7eMGjZNbj10hxY2PW5ehTtsJd935fxeEZ0gOkQuij8pLNhi4/vuosTNeO3aKOmDyHagyK24Y9Vsozx3ked2K+iaPLRwKVNnsZ3PoaQAxQWLn/2eLCGCdjjwWihyzRVIi6ImSrnVlAXezu+LrOiyaC3tSx/2VJBVpwt3SE5Ys2A5Gy1pCx4q0WiofONOXUwuR9xukM2r6aUr/tlkzzzoO87SYkthilIZlxavWQ6tGZ3toDuO0o0+QyET7g4sLBem6FIW3tCsRte0tkeA8wxweOMNsNNhzf52pE9k2kIAhSt4dPQmigPR29jRfoOCYVQHLdmus2mGtJK5OUH8SE7wI+GQGc6wvYzQRj8RYo1S1598l6LhiF9LV+LESZU2PnDAGeWsCHe3hIqfnBZeNB7nKNvG4kT9Z+7ZQpRycb8UuEgjWjpi6xV5xlxw69ber/10iMwZHTyWFPPfd3nHYOkwooWrek8XNYIZd5JlwVRsKRVSj970miklkxSMGwoobpCH9icimrV9yuGSKRx2KZTLcWEcHnHOMc5Wq0WzOaHoTpMu8XthPQbm6nqyKY7fB78xbRJxcuL32L+VFU1gXFm4WasSgYKvgQRc3VpIIoCtfDnteV8lZiG38widMPa2k6JfNiPEe7+VDr9vBASgmFyfRy2CZBnL2OWYDPz69eSXJu1qlmAeyv4me61Xxd0SO0TdBqAmVJh0jARFnb/57UrfCyckYTlLY30Gy8vjNZnUs+aYvsSILcnMFEh7PvAkmZTzx0ijXHot6F/Zd8TfL85OFAxqz9fSJM6vl/r7AD54bYqUwUH2muWF8pLEBveExrDWge1nfxXXzid3DRRLezSn/HJY75urUrZpOcdVirzKFLtjP5RM5QwWUyNlMIaDTLunXV5etpLjBAWewJbIuXBDKDA3lRBrSaothzgEXeULX0JLt+5v0qxQk/QpsVZC9iG+pgRqdy7xlR4XI3LX9GhFVpxFWO7EM868S/uaSo6rB2nmS5MV5zzMg99WYuvw5SGifN/xBevBvaT/i5KQ4pmOKv2I/5KmQQVHMs0DpUmujylzRWFqhksI2vqhNX9vv+fXz5L19ehZQLj4FgR+Opw0ko7ws//ywudV3mu+507in+f+jhgtabsXD6ppghGrV2faD2Z1cWJAetK8tNsktU/biYnHq1Pe3Xrj5exkNwt703VCXvOOplteIha
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eac3ba-bcd8-497b-aea0-4c0a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:48:26.000Z",
"modified": "2016-03-17T14:48:26.000Z",
"first_observed": "2016-03-17T14:48:26Z",
"last_observed": "2016-03-17T14:48:26Z",
"number_observed": 1,
"object_refs": [
"url--56eac3ba-bcd8-497b-aea0-4c0a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eac3ba-bcd8-497b-aea0-4c0a02de0b81",
"value": "https://www.virustotal.com/file/d2bb6869e33049d104c2d4cc4cbca7c9099d8e928aa555007fd1f4143ce2b04d/analysis/1458220875/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eac3ba-34f0-4332-b943-4bf102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:48:26.000Z",
"modified": "2016-03-17T14:48:26.000Z",
"first_observed": "2016-03-17T14:48:26Z",
"last_observed": "2016-03-17T14:48:26Z",
"number_observed": 1,
"object_refs": [
"url--56eac3ba-34f0-4332-b943-4bf102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eac3ba-34f0-4332-b943-4bf102de0b81",
"value": "https://www.virustotal.com/file/4128071eb23503b6bb9faaa8dd5a2fd7724b9ce4bc9f4b36cdf40e07824aae23/analysis/1458223239/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eac3bb-1c40-4a77-92a4-4fd402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:48:27.000Z",
"modified": "2016-03-17T14:48:27.000Z",
"first_observed": "2016-03-17T14:48:27Z",
"last_observed": "2016-03-17T14:48:27Z",
"number_observed": 1,
"object_refs": [
"url--56eac3bb-1c40-4a77-92a4-4fd402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eac3bb-1c40-4a77-92a4-4fd402de0b81",
"value": "https://www.virustotal.com/file/970de0d32aa3299ad9fd22e51a86e83c0ba58fdc18df6eaa9171d033aee3c1e0/analysis/1458225851/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eac3bb-e854-4895-ab44-4c5c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:48:27.000Z",
"modified": "2016-03-17T14:48:27.000Z",
"first_observed": "2016-03-17T14:48:27Z",
"last_observed": "2016-03-17T14:48:27Z",
"number_observed": 1,
"object_refs": [
"url--56eac3bb-e854-4895-ab44-4c5c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eac3bb-e854-4895-ab44-4c5c02de0b81",
"value": "https://www.virustotal.com/file/aad79a4d8083ee17b4693018e660d66d9b039c9ae88ca21959bbd7cb9fdc35d5/analysis/1458223150/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eac3bb-4b48-4f7d-8bac-4a1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:48:27.000Z",
"modified": "2016-03-17T14:48:27.000Z",
"first_observed": "2016-03-17T14:48:27Z",
"last_observed": "2016-03-17T14:48:27Z",
"number_observed": 1,
"object_refs": [
"url--56eac3bb-4b48-4f7d-8bac-4a1402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eac3bb-4b48-4f7d-8bac-4a1402de0b81",
"value": "https://www.virustotal.com/file/d314d5b902fe1e2dc46e133732e04b2d15fb5cf6f8a725ac1bd7c5264154ae3e/analysis/1458219112/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eac3bc-a7ec-4fef-876f-4dbb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:48:28.000Z",
"modified": "2016-03-17T14:48:28.000Z",
"first_observed": "2016-03-17T14:48:28Z",
"last_observed": "2016-03-17T14:48:28Z",
"number_observed": 1,
"object_refs": [
"url--56eac3bc-a7ec-4fef-876f-4dbb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eac3bc-a7ec-4fef-876f-4dbb02de0b81",
"value": "https://www.virustotal.com/file/b43dc041a17ca6714cc49c1731f348298fd34750774e7dab6bc5c4aa4f69b8f0/analysis/1458225852/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eac3bc-f4f0-4364-b50c-410602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:48:28.000Z",
"modified": "2016-03-17T14:48:28.000Z",
"first_observed": "2016-03-17T14:48:28Z",
"last_observed": "2016-03-17T14:48:28Z",
"number_observed": 1,
"object_refs": [
"url--56eac3bc-f4f0-4364-b50c-410602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eac3bc-f4f0-4364-b50c-410602de0b81",
"value": "https://www.virustotal.com/file/abd2ecce75354954bfdbc859c571dfc04bc7fdad6a6d13306e3a08e48b55fc24/analysis/1458222597/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eac3bd-31cc-4257-915c-446702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:48:29.000Z",
"modified": "2016-03-17T14:48:29.000Z",
"first_observed": "2016-03-17T14:48:29Z",
"last_observed": "2016-03-17T14:48:29Z",
"number_observed": 1,
"object_refs": [
"url--56eac3bd-31cc-4257-915c-446702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eac3bd-31cc-4257-915c-446702de0b81",
"value": "https://www.virustotal.com/file/4750f1a883b004a783c8978182e0279df3f00ca52ac4770fef72dcf33aa52ba1/analysis/1458222882/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eac3bd-5778-4e85-acae-49dc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:48:29.000Z",
"modified": "2016-03-17T14:48:29.000Z",
"first_observed": "2016-03-17T14:48:29Z",
"last_observed": "2016-03-17T14:48:29Z",
"number_observed": 1,
"object_refs": [
"url--56eac3bd-5778-4e85-acae-49dc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eac3bd-5778-4e85-acae-49dc02de0b81",
"value": "https://www.virustotal.com/file/25cae9e623eb206a3ade327d437006987ae8ff2e371737fdb6c230daf2b0f8c3/analysis/1458219525/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eac3bd-f844-4519-851c-490102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:48:29.000Z",
"modified": "2016-03-17T14:48:29.000Z",
"first_observed": "2016-03-17T14:48:29Z",
"last_observed": "2016-03-17T14:48:29Z",
"number_observed": 1,
"object_refs": [
"url--56eac3bd-f844-4519-851c-490102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eac3bd-f844-4519-851c-490102de0b81",
"value": "https://www.virustotal.com/file/531f61b67638db502e413e75bf753574643907186a77ff8422d0cc511ea1f45b/analysis/1458220089/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eac3be-7d50-4c59-a0f0-492402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:48:30.000Z",
"modified": "2016-03-17T14:48:30.000Z",
"first_observed": "2016-03-17T14:48:30Z",
"last_observed": "2016-03-17T14:48:30Z",
"number_observed": 1,
"object_refs": [
"url--56eac3be-7d50-4c59-a0f0-492402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eac3be-7d50-4c59-a0f0-492402de0b81",
"value": "https://www.virustotal.com/file/53afefa1c4657a5503c6b81292f0fbad9dfe190f5c313004a351798374ed6369/analysis/1458222964/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eac3be-5674-457e-9a66-424f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:48:30.000Z",
"modified": "2016-03-17T14:48:30.000Z",
"first_observed": "2016-03-17T14:48:30Z",
"last_observed": "2016-03-17T14:48:30Z",
"number_observed": 1,
"object_refs": [
"url--56eac3be-5674-457e-9a66-424f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eac3be-5674-457e-9a66-424f02de0b81",
"value": "https://www.virustotal.com/file/38cd48d60526e77711d71245f8525a982803e97faf46b366a0c8e147a3d37a50/analysis/1458215292/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eac3be-75bc-4d5e-a326-4eba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T14:48:30.000Z",
"modified": "2016-03-17T14:48:30.000Z",
"first_observed": "2016-03-17T14:48:30Z",
"last_observed": "2016-03-17T14:48:30Z",
"number_observed": 1,
"object_refs": [
"url--56eac3be-75bc-4d5e-a326-4eba02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eac3be-75bc-4d5e-a326-4eba02de0b81",
"value": "https://www.virustotal.com/file/d3c49c72a345734c0ee2aa9ca1df121c793bdbefc0055168238436c0ff9db76d/analysis/1458216455/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac9f2-f6c8-4ac8-a41d-47f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:14:58.000Z",
"modified": "2016-03-17T15:14:58.000Z",
"description": "Download location (via .doc)",
"pattern": "[url:value = 'http://bakery.woodwardcounseling.com/michigan/map.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:14:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac9f2-8c28-47bb-8c21-4e0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:14:58.000Z",
"modified": "2016-03-17T15:14:58.000Z",
"description": "Download location (via .doc)",
"pattern": "[domain-name:value = 'bakery.woodwardcounseling.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:14:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac9f2-7d9c-40ef-8095-47ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:14:58.000Z",
"modified": "2016-03-17T15:14:58.000Z",
"description": "Download location (via .doc)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.107.177.85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:14:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac9f3-a41c-4e36-8f5e-4873950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:14:59.000Z",
"modified": "2016-03-17T15:14:59.000Z",
"description": "Download location (via .doc)",
"pattern": "[url:value = 'http://groccery.woodwardcounseling.org/michigan/map.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:14:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eac9f3-4068-453c-83db-43d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:14:59.000Z",
"modified": "2016-03-17T15:14:59.000Z",
"description": "Download location (via .doc)",
"pattern": "[domain-name:value = 'groccery.woodwardcounseling.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:14:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca0b-89a8-48c5-800c-4c43950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:23.000Z",
"modified": "2016-03-17T15:15:23.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAOx5cUhXtTqKcSQAAIk4AAAgABwAMjQ4NGRjZjAxNjJmZDVkZWU5YTVmMjM4YTRlYzAzODBVVAkAAwvK6lYLyupWdXgLAAEEIQAAAAQhAAAA6c0GfrnEdoGvnkV4x5qmEQIsEmF0aY/TFxU0FTa9xrM+LHlFho9m6M4zzKC5YeTNuiGJJI5wYa6XpeySzBMKRauKj9PsJsbX0ssIAs61EfDGlJSHOfLaX2DSupqKFqet+R1a1Kv7Bsb+tGMakMOC2ufqclnerkVkgtK9nIj9raPkQ67y1ybt3Mz59//+lsJqKZVQVFy9qWQ4VSYA92T+gSHx/PBiHe/XnFr8tkH0pTZBs5jP60DTapjSwP99JjAOmPtybXD+suy/sAwqrKDKTLL9MasZ67CHZ3laeLQiZscLxAnyPScXdX4MzmCluMMP5rAAAzT09yN/NxZUQNA7y9+r0Mv/JRFBWLl94sadukf2QdpspspRrvlZ7n8T7Mwl2IIRb7aBhTMcECwNJumbiw92H2Ndtt2ffzAmPh56PXQQ1lud+TtadBQQo8fiGyaEgVxDNPMEbAMXaCAorfOafst0I7UDKV8OPCOk6rzwy5I9wcllnmwYIFKdF+nI7Q0eXTPJonai5gY4ONTEl1dJsmfmY0uH9jfVpbg1voOkAOZXoKnzyWagOLNsu6HE+elKjHoM1wL8PcMr3FW4kXvSOr0Q8yyRkorkW8jqrRuVDPTlqs4qF9QoAenZsifwuLr0Oq0sQiz4Jzdbes8iXXaZ1anU7d37fotXiUDKMnhdLSGMTFi49eDNByOnTq9SLCCuasH6Am3IbSJ6Z/A10MNn190AFnQN27iqnv0ZsoTsUt+2ax+NASpptG/qwfuzV2icBEV8GJJbMbae/CzH6IUXKI8GG06qchQiY0/IX6CadXHCUr1wa4kYAdMZWnN9o6j8Z/cXcDWxdn+EAoKVPyIGevAnGWDdhOWluR/NszRfDIU/xTPBoctiW43O3DXX2nUR93o4wMag+C76biGM7poaI6Bc/OS51fdz6LIZpuZjOjRmSdN9Lse7K4i5M+/ZAv4tJq/8n2hCZRE4ooNFe5e02oz+sfgaaQ0qNX9MVqtgRL8+xLdiYNPF8IQILEkNKi4G/unhEkDflrSUUetlqtoSPj8ra4UfQykmdOIsgs6xRzzGbfOkVpNPnBoeiZKr9VZHInRTRmA8dB4UBIYTgeH+L+76RAWUCqibPVX4P6wEOOS51tpntpg3APKHfgK6Gsbs7SibWTKkXwCnGLDNme9xLkrN1xT/2mScP/dNxtidGPqMhu++m6pPpj7Jn6aWvCjnq8eDxtluWBHJGxRQ3QWnx7hnByqDBXJq8ovoWfKgZE41v5AdhWkQCuU6ZRY0uNPT1QwH+Ec05s1IsQpdvNjcPOBjT0yAb+tsTnFejc0PV/QRzwVPkhfn8YcX5AIGpmpK/rHsf5zR8XMtX4uvdYSjJtxhKMaDXebS5b4boNTbycRck+nZg8So3TeEltrpnDX6PRItFYLzwjI1FwVK5z3ciOC3eeNdXHZcFGPALyf7Mc2HJ2bTfDOrJ+7z5C1ZlQuGIeeN8wIhCOxV8mk+2vHa4vtCDbN4fnNaVr5Oz2ZIgwFUAmi9/L60EFoEokK5vdaqT9ykmH1CzwowMNlUzEx+g2xL1hJlEGcMjkffYC5MXxRcrpDOxhAjuzs+22ZIoyRlYd1bB3EvVD4SEDC0DrXHMsimH3lpsn3yu3Cr42ScTfUa8LCbL+W/2iMpmSCm1oPeXqBHICtMqa+mFn5upKlFshxzFDVyszJ7+B8bJS4j51BVkcmr2wcwC57tE5QfM2Tu3LdKic7Xq05j4H4FZ6BkyHS5pxHF12Mwm4aC6zppxjZx8/55pMH8/Zfo0loFGewONGuKySt/mYRyi9dLwrPlr6mvTPS2o/X11lkXe+DnrHt28f6UbIdqK4xH5s49mVliFMdY1yaIlSu/IXpusVuyEs+L3jcLBcWerw3eRhxPDJDJqhOZtNUiVgDecOhkZ/IJ4F5obrIK96+R5yxYkruEOSJGVEKpTHaCqiWYUNGr+6oSXALs/hK8+iOG6wCOMrmnUWmwBMTb/fa+kQWGxK0Pu6d9Ot/h0GExIffyJd7XiEORAv0phhJ5s89TmV2mp0IszeVV7jHLraHLUHPCgrWm8go89HP3H0h5nntIoyRopVuUKb0Mrx9dwwm3s8sjecwDnyccKwuzl1LNMTr1arYwbUT2wldsnLaaEsA6LDw4A2xTXC8u2xyAGWxOv8JoeTd+7uzjO9NuNi2Kq58/LBA+wZl1jJzwHTACg45jMp0/JT7DWdOR4kQCjyWaE5sRJXgusF9qasoexWVhlhFil+nK+Xv2BefCjh8vtpl9TMC8kpw70mTNjucpwupDkKLPy7/oq/D12GbrnZWhXWui2XElhIlXEZAJvbcKx6weNRHoQUpuf6B+YYFFoGoVjXJ6DI0xpSSDYfhhOEY44WK02unZfoOfwc+34r/iNLqPi6dFbkKNqLcPY06hvWJQxGBrXo5YQC+k9LBzrjahL/DHR82NIatZ5IcZBG5o6uzSY56dD4HuBDd5HO4PMjDg9vnQxHRGZUbA+4heAdhnXu7xGWb26yIR8ZqA9xD722cTAnBKjiB1iZyqup/7/kbizxGurAO+RcVk16vrxck1ygevOPR7S/0PjL96Mmu4ohBO6K30vX1DwZVQYTNpSR/jSc46Ud86dpbibKEGFqkKy7t0WU2toOzHrexMIXSL7At6Okun3UpEM58Wiktz5Zf7nNohThpRddpOuFNyQwbJr41SZpFFklRhdnhCcEDqB0r7ukHRJ1ctB91S+2JNKaotV8nqDs0tP9vh1axbJ3eAFa7+VYg/+POiBd2BsRewpoO0krSB9g48R/6n1cYrc5GsUpls3PAXHMPkepyl4b7hVeQ9GHdD7Jy/JioMgrR7S6xb3N6jelrwzdLZdojH32ts1Ut/Sh0du0U1KriBF8GMKi2dNOQVxUxufcQK0TxWG0B6+9mRW3gA8oRhfR3BBqjbMe6CtkQ1IM9bcvNBNbHnJlu1On3LiYH+OK6qaxCL/i4lVFyzzXFCX64FsmbbMvjz3QtDpEpyUG6ZSLL40OJ2KKCL12hzbg04/URhOSQyPLB9obbuNK7nspjYt8NTrohuLmCTtBUKDS54gSZ/TlcmcbHsdneJMast43iINaen7lONAqICfMbItQMpopKk1d3bkZxbXPQt3MksIxMztbbkQD+KJWvGJhiY8JqwPRGoYIQxTEMue9h5/5tExPYDOMjhmxj6FEjw5571dZ6xN+bXYMJZpgvZ1IPcRi0LI/ekp7qesrENbg+tio2XL+z0AbrSbfdDj/ZOc8Zktaj4Vq4elmNZOdb2Jb+8rnzzBBiML0vMq3fCRmgZQgjNFAFaIj17LC+cARkVWOP21y2JjiUBvbfvjh6wM0sC0weO1pZrcW0csbcYObygLGkqEqv7TB8lXIWLfyneLzdvoVN6x1Cu0zxJEvGnUaLpio4gr6JvTSq3PY55ZlMlCb67wpy0rkxoxzQUUZ4teI6v20ZpPLtnNwLkmNG6wPlSLUNwhR0ZwZqzePY9qF8mDVd/YfdVKnjvbu8Y6KPk3jesOPRWy1zacolalhsC7jZIQ3xmLICS/1f0n/wad14uYm1f/V3oPHuSHdPvzy8fCxvx7eWv7V8WT8cXqYp2Cg4HkovuoIPfNe8W82vp+vFZ9R5H1HOcCoMuza2LB/EnsL5xzl08UJik9XJXqHEYNf5FIrKiMK73iwEX9fOYrsuQF2gmJGp7k9D7/06lyrjvrsK23ieB9p0tHsOrK4TLdBolWaoUmGyVZpEXKCoc6Ucj1OhjKM5/ZPU5TQLfASKTmCCCRjtwRwh+UT/CV0nTVG3gvEoZd6CgqjwC+6xxVOeTaCSHCe+HZlhhtZTWle9MXuLd9XgCH0xX6bsL5ZQloAJAawrGf8N/BreL6MyNF+L2Lb7H5EmL8DTCyx3ARUuAPWAoT6lqhy2ogH
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca0b-0dc0-4e7f-b549-41bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:23.000Z",
"modified": "2016-03-17T15:15:23.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'bestellung_013-adf2312827a2f5eb.doc' AND file:hashes.SHA1 = '875361fb375952f3928803a66b6c87ca9f80665a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca0c-10c4-4c06-9e71-4009950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:24.000Z",
"modified": "2016-03-17T15:15:24.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'bestellung_013-adf2312827a2f5eb.doc' AND file:hashes.SHA256 = '63ea608da741f812883454c8c0ee8f167ba5ee1bca829540a41d493842a22001']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca0d-1c44-43f8-84fe-453f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:25.000Z",
"modified": "2016-03-17T15:15:25.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAO15cUj5AxmjdCQAAI04AAAgABwAMDY5MGQ4YzcxYjUyYTM1MWIzYjA1MzY0NTM1OTkzYmVVVAkAAw3K6lYNyupWdXgLAAEEIQAAAAQhAAAAy9G8IKspkLDSGPRv84Hbnie4pIVs3YhAFo/NIfZmkiPm4JU47TBjUDWPe8VY9hrk55YFxYDaBZgwc2HAMkoRcLso0W0nBiXdRsba+MxGJcM76WWJ1vp9GFk4eTtzDn73sA8ocSoZ2h6iQGKduaTg2q+SkLzCmQapufzwwoib+eXGkCuHbGWwMl9D/3mABTzXejx7elweQCqWEJSdSzAOLi6t/vgkdWwtQWo5I/jSr5ogozCzyqATH9+pwMC6hS6mHPXVaegjTvCx7TC+5dn/mhfWSKXhGCIC4bO4MMcGr7yOzefDsa74nIRiCpMafYEwxvJfgvhKL5ADpBtX6PqadaBmx4oDW4qBZhNYPkpliLhYDQ8s4/+YFDGxGw8n4NNn+pKOaJJKpmSYcl3kzxcGAvl8hro7lVZsjnIhADDNS5Q/XOdBwOJoGkczYNhjMWP/jFItLd4w9bksgf+2eP1MPWTK+hGGF71Q1BYD+x2pF4qd3t273yluXF+NN2QEN2KGzbp7lg1eOj+gn51/etAG23MIOuVb8YqlYSz/H/yR1uGALTc+Sh9XdJka8YUe0r5i1oP7fVRjxdZPLG6CjhRVOnPbuYsqim2LuchaiBEk10tg8eX3EjLsP4K4tWITv4OV7kcXhq2KreM8cuQMVOLBGhGCpaHF8fiWqcrFU9mEJBPJ+OBaQOB2eNc3AAU4YamHqw+XyACeo0QQJ9Y5yBLK++LViicXWKXI+poG1qLbEcfoZN0Mnb55XoPXVqO1dEYoOnE1c2cKOxS/hFhSN98t8YAtfAXBIxrUqAXHpt7CqtaWDen+vSc7JyCVUjr/dF1Mw6g538s/Yl523suzPz2jpv/pNkVhmnNm0hfiOTedAh47S87r5js5W8/1svs33e9GHBAVnqbdGGRuyeBoGouNsQ4EPpRt2i70tRuGAw7CO/2RqP3h0whYwAR4WE3iTT3bZjxS76HGwh6t8N+lMU7CQed5I4pvwcHwCWldmlsffPQ7G5PSR8Ftw+4HxLnClsDDQ9G3iSZ2J5hSTovJooT9tKm0JY6kRq1+jIIO6xwE0C2T+XO5V0+N2+ZuveEU9yBMvkyTEPezJwTQchGfqMbI+EG/CliauhWAgdD4nK5c+xIsJKPr0p5SFax5sHqGQU9rFQyyStQcZ8v3hnAES2pJsavkcEkCcedcB4Az1rhPWFFOtf6m/uzAkHodY0YI0cCHt9DH3pX1cw9goOsCPEpEgSTAv9m/RH5czFiCkkEYf/BgD6ZK13Fxov+X/eY0ZAaUVq0J1HlaRcvH3Bj+GSAsOYEHj/gpC+gKFt5crYvunYHlKrzCzQee2kXuUOIngsJIM36GiODicQR6x64HbzGCO79wB6i1+IT5aKs1hlpiTUPJq1UfKARiCNrxonx+inhIkdPKz+EA7+GphXvF7RAYFWL+wsWXgwgtZQxrWEUL0V/W1pgKSkpmPcakUBXW06IBTLBrGOLn/7yR39IGjMNOxFdK0ZoG6JZFx8bfNZR2dDGZgiWqR9OIcL+HlC4+fnxZHYtEj4ozRucnbcIsELI7ETj5QRi1VarLfvzAShA1F3QFS0QkGsELALrBChVstHwpqU3YAnHzO7MiKDpiRZPdG4wgrlRsBuKsTgr+mv73QKANFEoLuGo6aBvoo9RzJ9aW6AR++dzkbqynHYczEyAJ3FYxb6d4ODIlgeD054SmVbPx/wnulrNccKV0A91NQtpLnGEH9dOTFz2yFXQI1lTiWgiMKuZCFz2ElBYqee1HTneJjNObnLEMFBpAXvVMZPU+9Z0PYV5d8q1fa3rr8kpB3nx0CO7PzSA+4Qd6RsOna5MprMeq3KJNbSQiNXIzDYkj4lq4vMyX0YWtz423o/YZdKxMLd5AhoGmw6VsMxZKDDcJEs1LQd/GVk2BPvyeLEluBly9b2KCSNYHCyeGN9N3mMhvI22J9iY/gUiAHnoN9w8bm+WpB8ry2PRJZ6vRDT13gsd00iOtv1az1w14UtgCkm2TKIOj9SfqatrK02Vy4YsbgYV1koxDv/RqINgROzSd2enwekkPsycEoKBW/y3Tf0nsnCDRPLcXXeRpOu/MHkW4nc5HrwmIo/GuZfil30FwjBwuHqHC0mN9DJXO01TYD1zPBsKO5VxIRnSw3dCAwqegQ/ygr6a7ezN2RWI1b48jCcgUF8X4V+4a2YrZ6xG2UBUVUvfFjYfJgwk39jGGPjF9tKhDvRG4yUr2Psnfr3V6UyRgviPYWgws7ILkYz7jE996EFOMLVRf5uLN9kRaa2GjaBekepUO+lS52bHTKWETcthX0/YS3rpAfXBCv2V6yWGbQ6yJgY2eiytGY1+3OtvrZdaCi2MOS1uRQwuj0AKF8+jijw5x+qI+mceX7dR32dWuTcvg/z7mdLHZ79wHt/Zj/FUVKcmrBP1Fa31idqldkX7HejBgCNN1GZnLhE2MrtLDFNY9WWBMX9RXLnKKRTMyQxOC3MvoIvWoyczK0xQfUpfnWkZ9OF44efUbHbC6+MC6FOsb7NAG3z9fsrGsPE5jZ/yc73z+u7mq0dkyL6X9P5xpjJZxhoZt55OBq0QpqgGpcgWdG9UzDchufhZPRv9CbEx3Y+Gef+7cOWQrOXjB0P9xXJ3aF58f/lMsWtXF9hEmmRNbjXFCZiGLQaeiPVivB1qIBZlZpgqitwZPbtdvFvARgf2xNWDbYnaJkebbTV9JMPmxCBXglFMcErfDmc21OdLiFmnXt7u0gP8dK4at8jdLcmdrQzCCKGAe3MpG2VsEtH1M4t9u/TeRrnWfeYdxP0e0ktw4Oll9h2vO/2LDVU9OVpQ5DbtC0XL9HO2oBK1rvnmAlQBVgRU4091kUVzYdpyTdG7aUQj91kFQvx7/T35EoiynBzVfePNVa4F7hBWyRHOhrxaaO9ieKDeul+PglMk5XEAduxegsHJFNIoJYEdWGvL1EHMtgqJVjAPcFzMrIJG9JgVZWpYYEwXK/DrIXkRKm00ICV/CKGAGj/OCrym38YUW/VA63P+6rzgkXyTBJtUPmDPUTzAz/16eyQi88/8R/St461zBOAqvALeCiZLHffHavjXt5ZMwffKSKkSXVFYeBmeAtqs7Zje9ZVdSpf0rogZYMoIM+qoWFedIXHwGitMubf7AY0fzw8wJSh6W7f7v0YpoE8J/IbOdjD+ZXiFeQKGi1lv/Rj68ORLEjaJEoNza3YaIv7gVxevayJSD3XdRvXAFhN6GVQNF3cdPBNVkXObja6CBjFS8WRZ53L1RSNP8Z1nHEoD09rR5c6sZDN/9YN3o0cqa45iVEYTavOoP9oLI7qw7zm2NLPR1TkGbQiKDS8MAoeJmFRWCvAfiISe36BjXNRhd+tn2LEvA9yjYDGcaSkFZ63ghgdZiV3ja4OQ216pJRxVmzzVuPc8XTmyTkvOAmM7ryl5MEP+72zIbm11su9hUVuOZct5lTgY7TiYGw5lmM9bAQ3KwT2WrmPjAd0RttntTRFmo9SzdNgt2seDETO32E83gw9E7tsdKiYK0y7aDzK4e4NxJdOvWhZkdectJSjUd041WEQIvIDc2xv135QEgJ1vPanBqA2C3AXzlvpGSaJvK7cTLKWEHQbC1s+/MxA24IVSYR58rJuVE3C04ilniloY/7hJ1Qu6jzZl2WsZg2HI0926QhQgaPM5n5zYwUu8ltGYtlprYj/P1+TdN++3ggkOmi/ef5DD9wuXv4YTDjJm5rGn17TCvdHcq7WUr7N6KfNquqlYuRzN6j/CgbVvCYW2qRnBjvD068YfjX3ekoj/eaLic4pFfonCON5la8dhLNLtBc28vgoii4TESXkiy8UfU7IuC4UIZh90YsQzLAazt7I5l1NyxD/LtMri1TZSvVJlstnD9YUomuEMMtSBcNZIj/wUPX3e8EH8tLJXMEk
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca0d-5910-4bca-b0b7-4489950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:25.000Z",
"modified": "2016-03-17T15:15:25.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'bestellung_020-cuajhfmy.doc' AND file:hashes.SHA1 = '69d602034569c52d31cc7301ef27681ac0c44eca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca0e-81d4-475b-8938-4ab4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:26.000Z",
"modified": "2016-03-17T15:15:26.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'bestellung_020-cuajhfmy.doc' AND file:hashes.SHA256 = '188e5ff3ad3e4294e2ec9bb760fbf3eeb0319568d80cc2df8d369d89c6cef512']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca0f-17b4-4ec8-964d-4f92950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:27.000Z",
"modified": "2016-03-17T15:15:27.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAO55cUj15wl9cSQAAIo4AAAgABwAZDYyN2E2ZWJlMTgwN2EzNjMyOWIxNWVjMjhiMjJmMDVVVAkAAw/K6lYPyupWdXgLAAEEIQAAAAQhAAAAy9G8IKspkLDSGPeScJ0gM81Z9SyOYKOXotnFKqnq5qSYbCHyE7/oWeCmccmcwlg2g/DGElbmootfO8lZ0K7NQ0j+mlkdRBH5ww4BxVRHHNx4cABJsynCL2b4HpdwJ/IcoVhZXaZxsJnONai/pEmDOP8cMQQxzJlrcFBaP6RnvMp/jNXL6A1amwfDRWF7JG97D+b2BQjxHTxV620kYT7pyAwV1YpWpSqS8AxHV3mXL0us0vxG0Uag/dgv7aCk1kHtwc4NG2aKUDcSKQ59Dkx99reczcJizWl++IRZ3u6vm4RTCI0zWfCAbpdoLG+35TXRMR2LJ8rtO+Fm5TJ5CJnAnmPm6NvCxUSoCoelA8bNXH1CTuoZLvj6Z3TJLPjaFxOCtQ11IGZmhTKaZmZChpxWamHfUwLQMplld0G+uF1M24/XO+WPuy3JLLNFGBsEEaG2NuD7PYkP4Rdfbg1AFByhoZLZaFKI1cjsPTiJyn4HuDHoD03+qrxGty996hj/wZpzZKeizj/PVwL3o6gC4AmHNI0MI+2IFKxMNSPzEDOelQ652eBgPM2ctZICHuJvF19IrQz+LuZpmLft/eZxw+yg1vTu2Qv+WpEo91+3Veq7Rl68Db9GeYgtxoim2FSnIiVeHnqkuQYE2c9nUOeU/q0uKv1sgxzQi1EVdvpb9CywXGz3h+PT5TrC0PWXw6DOQl3ykacHQsFNisFaOJMF3YTlcZEOoR7zS6Q8DyYHKfc/7rJK0Cp2RSBPXOUwduiral0hMN4mN3UAy68CKKnfJDXmaAKI+pb3r+sz43ry3Oh3l35G6m40VnLuRiYBP3Oyrbfj8yMgMA8xpiL3aH2X8/yx4Ec5gFd62bQXpDpy9a5UPvPltB6ItpEMrM17kt/y+VbmDZYnUT/D8yGY7lGN73xUYzUDxk4UtHlf/t3zlVag7G2ZGigzwZwCTelBPhwcCh1r8vmIP+F+ik+SZ4clZx0fTgF/OM+oIkBapiUr4IVPtKNgPp1AhZ3FKwhExeryHBFPDQKKi87Cwv6vSeuvnUK217njTPMNPrq3fkcu2sxWAORA8T9Lsqk5G2wf1ImzUq9OZAnJ2r9785MtgDjt8Zb0jvmaREZzp8rgj6iXbkSh5khB6KCpYTS8MBYVdj7UenkzHyCQypT7nMjJHPduF+E+nLYC8TMyOBjJu3T6/Wsf5cF414tA0xxt2wCR6dK085hWGyvEVulE6GwTv1pivP+hdUlxBDqhu6Ybd73W88BKshC7wcbun+HDUH7vETkzfzClUexALZy1ZeiO7mAfKFNFhHSOK6kOoM9UcwA7HDsKFs8SbagC4+oEEKnqHqoYZi34qOpRA2NbVXXKg7cYGBSR7r8V/dQ18OrPcjYxeHXTXKbp0n40ihaNClXHfNcBgZ+Zz7355uCW3PE321VMfLEvjBd1u3hyVn5deN2dbqEbH9uEGUu/yllK1QN0d2m/YpcBIFXrHEx1vrFE6nce7g7/r2K9XVIdA2mxojeOgH7Vm3IX2TanEko5fW4BFP1AlvHzOMQooeHh4ti8ZM/rMpf8YI9P+z/Hq8HWBPD1Ohfte1hTGG3kitfALJLMvgtszoxLRYQcRyLeyWZ227uFOX4IR3wg5TJXFXubC3pYNy2xGfhSfq7iEINjYkcs9nwwrpa+w8JXDMo0CyqgqEjz/mNzCqBHjDBesxqe4Yt2+d0J15bP+OMOaVP1m85IkvY8M1lXRYydmnMQnIvhksaQXvCZVc6FrGPfUP/pHgPWE2XnCDygf/UDb42UARl7ADAjqC+yAR/u5GenwuSRYEhpAYzrQt/QG26IKGmRgoYEYUZhuTniKETYvSXMAQKKBIWUIz/JtvtbquDQEnY1ucT8khu5L921xf8mQHfMGgEnh7HYthEnBNtQ4Xk7VlZUWOjnO5tXOUpMdVHtKzKnVcWDDRwBVH5WH9XmCGLknHqjzM0+cRvHDZiYaaZfSeu5qcZYFvIER/FbC4hXHbdpAW3APxS+B/RAoXlctmLs67/fDwUdBjxl93rl5mqyeBHfGs59gRTDEKho0zyu6YcJAhVcc2iXcOqCmTLtQ/qU4vt8YnmHTJEDWia2f7FUneDmsA3/4jWvCnWTqDrKBmCfAORDVunQliswQSfqZSz+lAAFVoMMEsW8w8QDChHArr93cnYfqxfeg91uN0kYSubM3308UjTfuRNAYAE9gtcOzPYclyXUVkMQe3cyEy4TdB/niERFXtdLKgvg1XpJa7EBE7nz98haMANvQjXJTGAZiPbBAoj3CmDoS3edRVYBr4cq2XKjTAvXEuTf6s1TRwkXuGiBr1K+Vv+1x2T2UFddDUu7jEKcJSypPJdw1EVgR0XIY4LJAPB/Xxvp0jb8t4exiHGjzokLyHKTjjFLYKuiJFtejFK5PbUizYMgtu5XUDhg3qULmJVyU+lMQBtsqSXKGdIzIq9r+BdI3uV0G14wIIzppPC0qeeF813yC5bzfh0E45Wvd6SBslEFSVU97zmO0msJkzXlMxanV45xX8FNZAEW8FeJq/qDgCCsFtZeEyEIqkImTnQhKM+yZ++qQOvRMtNXrAwppzFG9TYdOKZPCuVJvT5W4CYFFgKMYLftvtui/+xC1rBGNw0TEdVJVsGb+wkSBa2kWUfKdUfKXNfd07pZDXvhWhj+/fHAjPahhC01xtkRX6oU9sadF8zpmedrIyIs7uawgIPDkAA8+Rxtn8KI/dEQAOjKOKrmtlAQivOVNZtyHfxiQKvWPNILII01gYUY/cn1AjbQlRkGrdioUW/DnodTAv/CVMCxMYrEyTB0sWPMFD816qtvnBJd2K9iVLSKbCAvNR6bgqJNZS/ouxMe1TcogPWNiXl4JFVyiCaQ78YDc8PpQ9ASClKMm0cK+NQ+A/5dg3nXrc5pDxP4Yxfiyv8DbXtaH0V1es462SGdxgkyudB85Jv96BUCMAHD54IUBQ4R9D0MSb/6lRzL2OYWH+Ujon7sohr7V3Q2AUfjx+B3ffz9XjEuAWslC4H0QQezMIRM3Mnxwi5DdWeIV/Nd5BXEWeqmC/4s8OBOhfAsj7PNkiAjNmHiyanNVW3uGB5kJvp2aVbbBd0qfLHWGvmW6+gXgowKXxjAejfalaelAtuUqdQmOLddZQsswyO2ugI96pq5mAv6zGpN7Rdy41IDMaoiz+u/qEHlDryPwjIJ3NZJqyYIzGdM3hGU8LsRD/JblpTnGaI9TvLKCvN9ReMlEbWwR936z+bX5sOxLmRqKMnm71GFsGEQ/CbOH1mGZFN0JRrPGSnwoe43f0S/3NJUbxhLUReJ8HWI0yj+yjofPFW4qBEmzsooCisv5vN2L4DUQmaKADrrqRvJQrSn/zUaaQbh4XQK6OiJemDpJYLrKYWdarbYhYz+j4nE9m1/iaX3XKm54ZdmfYUedD2Ta7pu8E5B7miE8DtS51N1balr+EO2Ptvnebfa6FvJVGbws37lvzu1ecFJHt0uOKpNaXv43uAUWc8GcJpYuB+u6BDP/WkOgKNFO1z3icH9XOvelKSTq70Q3MpvaCdlkPu2J6HzY6NAYJ8hNolRqRXcAM/J2aYQxKvp4wbD7VL2RAfLBt680Y5oYqmrlhxEW7Twd2GXc7wJ9UoVRiUnedsmEASH33UX481RW3Lg/jKPUvgcopAiC3tm62q9UH2qtVOB0WpsbzjDv9f6qpjSh5u0A0ppmnWr6XCfJrmQWNesilCh18gCimQb+z950gwQKdblFZ1mTj+tLNJWlUC7BwFxvk9gsuqIgaM7nbgJmurfx7dMyu/G4EZuQhNW4oHTgu+EGLUeV+4n8krIgHsXFhXpxs57IpIIXSwzHI0YNnVSqcmxKyiMu62foJnPkrwLIDvRjsYVMaYGE3mnO8ryskv6Hi0UhaWT1wp2bkyI8w6g9yELP6
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca0f-67fc-4f1b-a31a-4926950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:27.000Z",
"modified": "2016-03-17T15:15:27.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'bestellung_0061-e3cbb84.doc' AND file:hashes.SHA1 = '0a1b363a83ae8c14c6b0d0faec93864705a02bde']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca10-c984-4c93-b93e-4090950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:28.000Z",
"modified": "2016-03-17T15:15:28.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'bestellung_0061-e3cbb84.doc' AND file:hashes.SHA256 = '69f5e28ba0a62eda8e9c65a5b548fae77d15644ced41513ff3b8237cdbd88afd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca11-0a9c-40c8-bf8b-4790950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:29.000Z",
"modified": "2016-03-17T15:15:29.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAO95cUhMl8uVdyQAAJA4AAAgABwANDljYWFjMmU2Yjg2MmJmYzI4N2FkMDUwM2JlZTNkN2RVVAkAAxHK6lYRyupWdXgLAAEEIQAAAAQhAAAA2qh9zAYrr+iD+mn6wyzz7MYwE9ij1kaIad+Fo00GwR4cYfXxw1yQN4F8x7LBQCrYtgrlqvKgLTl0ICCzLOLMZwZI6lzOATjpPjvcrnNmbMM3JYnO7a0XymY3iJG2kJt5AwsGRMhqp2eBgOi5NKxUTPOnZfIgkYfqu6cxIhN123IHV8sXZUc7kVN4rr90iq6M+nsjrUpyOj4VnNOGROFoeHNx7jN/ez8OTMgrxzwq3WXEXGbN9meISzRuH/15Xr6BepWE0s+eZNQd8epIXSptPj9/zLmcI+uyvHkMQPxKGdQ1pXuI9fBgaVfl9ABfsYPsm0xJgSaG6U9fspX3iRmWunYjmsC9cuqg/hVjFrBDypkqqsfB5WwCBTpZoNO6YpPkPWm8LWCaEL2X8uO3Y5llh5+ccU08dlI07yFCkH9W/fpVmwa1dZ/+Glhjb2e6LDX4Rm+3Dz8Vw0MVqYIlyXoMrpxRYwOdBEsVgB0YAhyl8m5W/Vrq989mr3ZdkckzazhAwS6MJGR31viviPG7izK+vHGbXEZkpmx6G11pcbjKEubXgI574haxl8ka3p4e7MoBznqEx2XBB5J5iNj8OzdW69kxReuRjdZ2xSplts5k3Pmpy+UY2pCYupN20RTs2FujsBw07NL3xwsCCs8s9Nzbp7D1Gp6cBTNSSvF/Y7jZxI+RtRIWo3HEzUZKkYQ6GcNDFgln562mG5qJ/xMJtRk7iZzIbg+Pq3OYJESaBpaGqkPrZBc8h2M/7adytFssy7OougSqyKkMNEwxPD0WHuSurseD5/oAJDZyTCqCaNaN//rla8v5n5BiWJOwEz2S/NgIJ9iD3iVSWBbz4Lb0583BZcEmCjQRh1y39QtJkQmVnUgONc1+bmOnGy8X9R2nTqWuR3NXyJlhNJmj7QjFwDeH5KYV1F3U47cVM3S0WgzVRw77rjAz2GTBQh7JncitbGEZy1wA8IC7dXl6QHrNc2ywN61wsW/FkeASxcRfwYUNkZPWJueV5PZ5DCdWuuUSOrOuyoBeIhH9NQm9sAwA71z4wnZ5tr1cHdtBc5QdS20627+ygo5dV+LtrG2f5IFfYDFYCBRYr6l/1sut2aWs/+VLxozz3sABKd1GeJdzOSKL5O87hCvdi42zTjvLaku2/tWtQylFyR/AgNzV7NEFsXJgRXZ04aDEWJzuSen3IKwZ+abuJ62YjiPnBKB17T3R9OMulutdjdZyuympWrClw/78PAaFB9wP/4fsO4SJoT16y6TjOj1bGmBdXrJreLRbSdEYrAJxA5iwRyEywj4QMWRwVJSReSOW8RmMzZg4AQ4KzfycTqkDpGeWfvnGzxplzGbqOOofcl1JFPn8nxUeqnVcTg6/1YvYCn9ZwprtXtQKXzxpgUw7yEyNJS0HzUuF+05j2n6yiB76keZ5rTkH+9LbWhrO/0fCoEBmCneOY+rJ7dvOCrGRdT/LV+KbC8hcCQNK58+g0VTHtAekHxd1F7IEchRI0o6G5SDZ/7zhraBj8Si+v/gCdDDd5fANFRPjAh3/oqERL71MWVzflhDI0LbsAxMXwKYD7D1q+nMYUnpYZFaC4qLkb7Fdel8lFjjHEr2eP+fihcL7Snd099LsQ/sFzJv2BCwsT53x8FyBHD6x7RflJ+BGh6v1D/ppZF8d9E3/buWKTry9Xiw6NlV/l3SVU6flZFf7ireR5gUmEa26ZZl1T7gHCxFK6EmnkUuty2qo6qlu5Bi94ApGx7L2I2rSI8wQj8gBmgMObb3tsdy0xi4Ue8Et8pzCNM07VKv01wOIVs5qWV3Op2msAtTcrLPq3F4nAUZI3ZFe9Ren5rlD/psOZtiNvcAW+gwcuQBmg0TdQdRX5ae4YHHSsHkX+iclE63EpXzQaZ97hIJnhB89a6rhyGTiHqGoxs84VMDR+pRGaC1oxWUi+1rnyiqnfrsKoCHQ6GPQw938P4+crCZYXO3jTsdePBMBMc+eKCbUaIOlJ+yINhdhDF+1iZSP9VB+WgtVvNCnWR78VzIwBbJFxSnrr0xN7SJiWt/PBLL4M1s9GoVBvh/lZZ5SIZUtTQNC4fNuFImnR5jODstO0+2F7eA0XWlzXXkYJI9benrIJ7Jw+X02V+JK0tmn2sphLu01kNvm3hnPdEv4VnN+Qsf5PYI7PaUrlM+LELv3Vqi3hI+YNU2vgz5sPUF9ko6FibvxvBSeLWXDdNyywDA1D57TWmjc0Wxt1YQ2CtYruqiROlpRHiWZgzDEJzVctOQmOlliry3UeYyuT0TJ5a+RmG1zNSWee76ZOuJZ+JcyHBXN5IoyRApKAFbk4TS9SGWnK+YJ1ypwb+gZDsBK8nirxLTIEF60/dN6JLDk1Ih3j/24J+xDGK65M5bU1Go/94XWPfWTl4PSMq32caqErx1MZp9GywryXPm3zIi+iDxC3RaEWQxhkIvJKkoPVXRodW4d4XG8nzKJHmjHzt9W717edEH2277x8kZQV5UVqNiaOLJFchiIFzlqfUZu0cLPgmtEW9bevbJqzn0NnGcziKGEOZHTeOQ1lzhkVGuanhU8Vi0zd79XEoQRm7kqaqFohkKgsrRfl3D5yMwahPHjn5/PbGVvWLNcC9mOnFUCohofIyFaKyYgrCFJXx9FgpWl6hiH80XfgKWYgC5jLvrIIvst0lyxjGHpZkV9JhCYHiibyL102e85VZooixZnER1ysW/872cLy/LrdR15OFhBUsvxctpPjRdyaqANYxxPm5VeMNAir7aKmejeQk0FmZ/twwoDT7hPRsDgbSdEqQCYQXAvYxH0nyZbncEPQFA+BE53HvYWwUAfLyP1BU4PQU7mQceL7yE2hec/U8J7f0JA0RJQkLs/hruDBItOSHmdr00auyKwSmiHEV9v72+k80fsNkY6ZeGd+XFdPJXbbpcntojz0vdmzmsqaSIAxRrDue8KOyf/zKfMX+J76BDVISWmQVF1SzKF4diJQuxZsHLjCAQVViqjaSK6B7O80hdpfn++mv4NDRzwQB9PepvGcLW+0iNKcDr6QNBLLykiILV0lzbOSer+NtMDadGr0RUlvm7Vxmkn4MlG5UtOYMbUz1kRD9+jyhmTsKd77Ntk4DU3f11ZNGKd3QptZbBpg58FzgIpXQ2TickFU5byOAOmrbPRWxJjoIwYMlPKKxvMXNxUR3BAI93aj/3XrL70mxdoH91/w0BzWmVBGB+6D1SpAdiFtKBTbJCikzLEoX4m7FMdMLSOA+gn+9bpwW4IdbIWgO7ppludEZVGG9tgD/+4PGtqbYUiruk8kdwrkDRHetfgN+KwscHLLvgcA5g/zeiNW41VERqA8GL0/dw3fYi2+IhdTSFwb6MnTOVam3JizAAUv7q1pPTLSJHLBk96aPlie4/E5jtCQRtPO/XE3oNYuB+eCTZZJZtZaqEp+VFmy6LdqW/JtunKK+l+QuzMbKQtnW8z4ct8jpWDGGBz0Gs5W6zzARBz3zXBTlnm9c4J7MHgBNqHdZB+OcgitiKEnmiOqlEx5qCt4D4tJ2q33Vi4/ONnvnw+kVJ4iCvao01lxFuGosv10oo7BUPdlubdVm3f4AOtsuZ0Kpk9hwgpE5HdCQ0fcXnF59R2btCnCoaBxBr9Z3sSisUahMSYU6odjozFSP3hXSIYJ6kxOstuLeyUcg8TvKICz92FJqhWmMxsV11a6ebWGXmanTFVPWB12z6xMs06N5xQ3/vSo+njblCbcBqQCdRuxldzPFlQGmD7EBErJMpRwO3IrDlK5DxbuIiMuKGSRh9d7SOejc0Lc6U2UvSEAhD4duwyqbDj8NDRjXCUIRSBAfLsMCrbUyXBVpEOHclKbHU8cDoPBmQppwkkmhVfanYotJ5dBE9Hdsrl6uKXSQYJKcdEg2Tsvh6D7PJXBrM0x550l4U9KjJ4F+1x+PLfkp
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca11-56ec-4629-bd44-4c61950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:29.000Z",
"modified": "2016-03-17T15:15:29.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'bestellung_0117-0450cd2.doc' AND file:hashes.SHA1 = '2a27e668c9c6dd39ea79211056fa806d156747de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca12-0e58-48b2-bc37-4bea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:30.000Z",
"modified": "2016-03-17T15:15:30.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'bestellung_0117-0450cd2.doc' AND file:hashes.SHA256 = '34f328ae6adca2c91733c0dbb922cef53199ae60901581785c194a9fc1dc718f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca13-1e78-4210-8bc5-4958950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:31.000Z",
"modified": "2016-03-17T15:15:31.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPB5cUgwFtmudCQAAI44AAAgABwAM2Y3MzBjNzY1MTU0ODE5MTYzZmIwMzdjYTgzNDVlYjFVVAkAAxPK6lYTyupWdXgLAAEEIQAAAAQhAAAA2qh9zAYrr+iD+nYImlRCB6KLjmlik+DezSzUUU2nl+KHzlSQ+EiVoq4z+JDSNHcA0hQukpbyg1+RW4Tr5ImjS88bGe8RDqXfOR6b/1+I+LVMrzfIci0FhsKi7xFEskymwMVlV0pvTHdfo3F8zTWZ0LFozE5iAORBPuo1Cj8cJyWJXu9J3xUiy/hDW10uTcleRWf4xeWXSrZYn9n7otZXzM9xjWO6HhnqCQxvvbcJdTpZrkwT0JbAWZCPqhBHJS8TumoR/heRtEjMaAFnKKGPRq/47zpCpV/IZdvwxe9MQcueZe6ki9UNka6Qun6nEpOn2HxMuYothfVb28yjhtBMWCg7Oi3RO6eNTw0Yqgc6tDiCP2poFZNcU2uCh0CrERgUJ8fLtIb2oJj0OHxMSZgi72WfLcaNx4ZRTe7gbZDmW+Pt8Fb8DtR50I4TnDJyZxhVqPSviF1g1qWWTGFib3YBWMYDhpVZLJxnmuw2ZkcMg4ot1ANahx06Ch9BIWOF8fBlkjZYr1KHAuD1aK06viZMzbayqGjZ+XxkcXfzyMqCN9fdDiGCOqQNu/0+7xVmksRJ9xnykozIXCfSSzPR1rZDzfclubZsid62zjOB9lYL/HN4oHU8gFdEfVyYBEJlV08nkuUOFkEDz6A8h6hck91RHFcwnpfsJ8JMxd/F8pSjIabHAaKZ6VBeJhyx75ENz+kryofcsiOT3TO8LKiObv7HxAZjc5IZfelic3wVZJtMp1/qJrDTLnP+UeQJ+LPTSLJW4YCBHj2tPDamBRAENQgdwRm7WOfCm+zn82UOzEEa+qo1H4soA9VzAuPX0BTFDpmjTjv+q4jxa6a/Gzd8pGn4Cn4g9+h/fnPLskiFxzrILLB9WG73nBarsk8oaVwpcL0FlMCeCfkK91MVFX1DfPsHHf7ub7LR5mmFByvQhQC7xq2U38kEBg11rdkSfY3xDwISDkKmKldZK8sc6912N/u8Rmw5Fz540hLCF3iXz2pyCsLV7mUvvAKk2FcK7NVQLgluLBgrjHM5yd0ldjEBOCXS/v7qRqrMZnJaUbyj9P87llVeu9OA82ff9FPv0vx9dcEj1/XGQRxLFRCx2CnGU2ArOiZhhcZFWPitUfe9mF+kxp2RW/fXMPl54tXOxqowmQ6aXGIBuzLIQ9oMg/eceIhSLhlrjd+nCvWqHTu4iQygWM9Bzs9gtik1nJalzd0/BVx6Lu4udGCxdZyoGvVxPVIAsNT2LGi5xgFKeCTSiuZi9ZgofYv3tBhIpVsICtK7Rcs9qDf8WRDUsn4qmanSrdIg8DphAMLZU097ueyjJpAq4n1l2gILDl3g9mbDSykMHK7kJIFzeNFl4DjhetNPan776wfNGnyRF5RzTWtXPbpIR9X6kla07TQK6rqM4Ct6mBaZzN5FsuozGv/4enB0KjL/VixoYniTBud8mfESsfCKzUPmD4p8oj4/UcTOTK0lJ/voRbBOOlBXh37soMCKfs1/IxNLLcWkDLaBPZgYBKAOZ7Mq4zHmM3QotVGdMzraaFsfoWxR81D5CGCBWv+CaSXzDHsW3HgOmPGqK9PL+WYWUVgrmoW4tIb3HD+9mpmQ1oi+XNdf9wFkSHiqPHReBWXWzuUvbIdUTRe/6MMdgvg7D5GFZhqL1mf8syqHCsfNP4ieOqifP5D8iqeMAXrHbt3yG23bHO8eSwjgVDqjRvhcChG+3eGI6Nbj9aNZ5Usu4ybHfnKhCgM+kJVcvKM8mAIpPYqs4E2oIspOkoyqZjiqCx35DI4fNMd60X5ZMdhdkaTYDN6y5WwBPugB5e5J6WhhPQA3x3NMgGBkUbfZ0sTpxMTYVJhK4QhlMZimF98Hm7lKNUMICzDdxywK5Saa53AE/Vd25e5FeIcCqYKFWt+V5U+K7D1HhD0d28ETJnyhRV1keJ1ME9QgWk06/W0BrV24X7Qj8CyWxP1enQ4K4CqRo3xqY/gWLmygHT3VJUb+j0q8nPMKcpay+/0Bupisah9bBcn3nhN6lHyHKCpkG6CFdO1kvw0Qs1EijdgyWw0YwaZvWQ0d6rZbU1KxxbbvP4cqYEOkMaQv5M/4jRtCNGJHdgIT205+zLRAzCI7a0dN6O3pyIE7Py49d/AMYnOWaO6uZhXT3nKS+2/SO+alPehf0rpKquPTsemCHPZtxsHGfxRvuyeb0Kkxr+fdut/lz88oiqUYGyzxkw9/onvxXugA5W8N8kWnqktwMTn8YvuQqfaLmdRngCsgoJ7FUMnUqqJ/vY3wvrSMf/Fj7vqXkddUun3UJMhUp4Gl5hsONeFa5z153bSwN2SkKe0U+gl2nE4n3uttzsk/dhhAV8TE1NmzQGhwbcmVfM3zkGrWpU93J/YHm1oAWWw8m0yxVaYLs3nC6FqRAB8A9pehe5PN3AbwXE3/WkOYLC7pgKfPKXH4CYMmIFNuPvwEfvA5K9znMFEpfaKXtDD7fzz/LO1zYskD23PNAz4q/IdYN61ujEqJS/+XMR1Iht93mWrQ9KSDaQnc+bKJlmzze3nWISfgsYpP6JvbP5355xBA5dMFZWcW+zQAXi33NRVHhdvgB8Y6dsobz6VBwVLBS5nv/kFLAFY6byzxNBffFKgvYIQabYjw8qYMpxAlO5y+CySDuv8lwSGfLwUOmvy8E7J+c1FzuUV5aRr0nPyFWQpnlQQO85aOlFAW/Qf+i0ohiFkr8i/aKjWFdhVbf5wQXLr4v7/97PfPk7Yy6PDGng+Y73l+DCWmTW62AtgynbGPrZVXqp6Nw8/l1int7XFnkrcxynMVSMI0IUOyKbENlinYEsQRrJJRVB3D3DRCgnpNXtKBxJ9NPHgbF0asCZK3czO0BmsYyEBURbYPERjbFeBVN7Vc0nzASYwpJGMIc4wfBoDi5Gz39LMM0qAHDN491wkjSsEqXs5AiCEppHyaFEuFJf/T7+Z+/rQeyOUr55r1G4OD4Mlj7AQVR/zKlQMU+TO84ZSVJpNz2Nw5yYm3L4v4RC25joGy/Yg3CwaeGDzZpIlXkiI70zAdCcVRc+ockgiWOY8hduWaSFRsKxqysP5wtYxJFk7em4hkYbkMuYvRt2AowUbo8au/tbzvb6ptZ9VMuKn+FQBvM1jSoL9F7OaWiBYXZijzHsfOSpOUHOiAEc/u6Buc4ncGS5xkO4kA5f2NwmH02Kd8WcDkYMtqalYxFeDL41a0mDyLXZLA5UGPgg1pmbpImD5FEvG/KhdkovqTAHV3qF/z52rvNS0DgDQ/o+/4swJKQ7AH5Y5a4UKv2Wi/X7WxwDkn6oBbkMlSXm2j7QWZKQRgSDTVDIwk5mfFybfwdny2nZqVju5depGMB+cplWWzlxoEw9Ikj8aeop1DORHdcGktheRS0C4pt/hoYZkDtY7cifZbN7Wu0YKHEk+HRsE12YHpgnZfeaTrWI1yE8orWo98XtoXQrngFPDfI4rrcFe1E2SC5P/JXV76OoYQsRbgsq/hLeKBPhCMqhiqJjfK3IqcARVxEeUHI3rKn75j3Lxoi/1X+smVZJJ3zB7xTwG/ThBC3AbbH1nQqqU2cyReIxR9Pa2g0mICLHY6E7olFWIB42nQSPwgkMYJsxbUXrr4vU/xR4ud16YT2TTD/Gmc96jExvjGnBBO6LDnnzaRfI7C0zGlG2ZZ51/L2K+7Zsjh+u5pOTR8Pb8mtMi607UdktV8zz6YZHmZ9XgQco89juxeyLtwCXBLoBtbPNGR7nS2gqWvPDoLmP2YKG4Qiz2yhbKa9GBeOnb/NAj6L3ji/9q1jR0sr4jyhfuFs44CcythClIypiw9skqbsyWI+cCaAMXPig6Q1DFLiqIt5V/0yASoKV/8R9jlMGwL1+68Sv9sGTuAeX7p1lnb0CuPHU5VM7FJ18EA87qi/9adEGwroDQjVohqglhtCn6J+kmmsN
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca13-834c-43b1-ae71-4b87950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:31.000Z",
"modified": "2016-03-17T15:15:31.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'bestellung_0194-iFqHoViMJP.doc' AND file:hashes.SHA1 = '6710d33e29273ed0cf58450d09a50008f5ec5869']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca14-5428-45de-8e32-4ac5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:32.000Z",
"modified": "2016-03-17T15:15:32.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'bestellung_0194-iFqHoViMJP.doc' AND file:hashes.SHA256 = 'c063a43b6d949e19cc84ed43018c11a6e1762ad76012da54133a01ae6008a465']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca15-e998-4373-820b-4348950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:33.000Z",
"modified": "2016-03-17T15:15:33.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPF5cUhhJlsodCQAAI04AAAgABwAZWM3MDQ3YzFmYjU2N2QwOGMyMjY5NmQ5NmI5NTM2YmZVVAkAAxXK6lYVyupWdXgLAAEEIQAAAAQhAAAAuYdfZ9K7ktwDq6FSCymD+o6Y2/8GL9vOAgPsfvqvdo4ifsFp2Q6B15HRK0++dJbPSr3VBIYandSO3Tw40MnZE0L36MIN88zAWB084yMYijIchy1AMPCbJPXADts6kPTggGrHtp1Ex54YsS3o4AbVFefhnL++VHW/I7KjfZCdhl73xsPvp8IK1qGWgwLQz0iBroxJghnl7QaMy3bm80YeEwfJrfDMLzHE3FRalDsBafGqhXLUDm4qlipaKN2zbKfioZbf7Xsdi0/3kADsSCov80ibQAoV3o1Z4DhIfvEsOzrJhmCpvgJ59xOE5R3HvXPfktdvRCfzl+Nz+DVWeBomcRmWjoDy2/pwBKN+YfrcroXZfUz/qac6SP036FPZEfZ0VBz4NiSc4bTvHPgZ7sbDS2/oSbnkGrZ7fyDuNQj/qcIyi8+g+50twfKk31CiQ3AbtWgbPwhmkNs7CSEaobHpnnLWG3DPfS/lBXq/Y6MzFPJ8DMunMb0lKaAz1k/oQUoYg5/28Pcx87le7UqNDxZoDT4yZGY5t16n12T9WGSD3CN8H4m/l96wAJJaNdsqGgehheFWAWaTiNo0wNDdhYCUL66mKUakZ5CmEZcr8aI4VCIb0SDzpRmY9scEo6QMEL9m9aqETGeb3rI3Zbvu+qKbRy2KUL8S1+/GTN5ZagMbwXA5sNE+mGgSiRnzD0tDTG7zSKcsMuRC3/HF4Nyqa4UI3zpLA4+mHhjV0+R292xjG38JDWor22/HrFv1qDxztXTk94a2p7n9+1cmnJAHIviobbvzzQeScczh2gprNuhH5QwdNpLkcgxJ5ZJYMrxKyidLmZ3lp7YXipbW755HVy/kOxjUuj3J1KAnUhQrE99UsNXxuI3Vc4RZaDlxqNrRZgpe59fQhmnksYNSVF50cFjktjO8ILM5PQkRgoyq2HrP0m+MrLw5Mq8KQez4HvisRvKL7zi7BJKl/xXApiS3GPmoNhSqlli9Zy4hPz4HQSSp2KbbN2nAuaDItpDUqNzgx/Eya7NbSpLo9EZ/lq4TMZE/R8ikfv+k9wSUHetdlruiJuwQDgpBQRyWcEZMSJ2ASstXozUmXnATo53exo6ySjLun9SZCWIRZsNxeOm+mP+Iv524I+Ykxbi3lPkDsMPt9Yu4TBHOU923T/f++CsSOH+kVYrcTLedDkOslZPxwIGDMPQfEK4EUPOR+Yk+h06wz6QnNl05Qm9P++mslA2T7108mfa6tsWb2UkeaI8g+GiimAeu8IaFOdS5oytsbnvUnrmw5E4Zg3aUS7jUAvsgSg2JTCR05E1vqa3q4LPY8Syrv+CQ3rkLyz18Em9jCdeHX9Gjr7gWbGXbfPkf1XOO1wzj5x17WGghH3sqHGVgX8x5q96lmQVyAX758w67enBa2lTLR+Pf9Ri2HkKVMe9YpxY4yPvcHCmy/GrIqg6ra77HBLPFnYmQEB6ML2dBs6LRdFjrFr6Fo0TIOtaZzyOID8DFRD2Kh4Inm8RfUUoW9d+wApe4h4qxc2JpxWRyw0QUA4pdine4wkLrnAv4JbqDHqAmI3HjCpopywzubYQ7+ULnYmXyu2pnX5s4XgxIOcVoO4ErDJ3oQr3nIqTJEAP7FAO5lnUxSBVnExrUWSmMtDNCPDTRGeZQOyXSuUCjGAzwlonUeSc40L7MuSP6tWddRDXqzqeOCrGpPbdA1R72nu5NIYUIS1vry8KnvASLXT9uZUqA/UX8K1tzOASwmySqInHAiCsDb7lZ+ucM4xC0eZRK096+7wb1SjnZ/PxxyvAFmgurwVrHbj9L/1oG/1mYM1x9ItOxSpVXJXnDudkOr0/1APbmIcKWDAAl9wKs8sq1EsKwNzjBUIr7Julcmko1iZKeoaspE7zXKbQqEfo27Vz5T8GjKV0BPNydu/WI15YmVbuxhHsbae9YeLoFRnRaOdCrkrAdECXewZVFBi8wPYfd7QXusbKNImE9BmRQrXrey2Vhg0HdtGbmbOQT03aT12tJ2kM+EFVYnvzOMM93yVF5Vgex0i7iEPTeK6bBm67rbgqJm8VBCxGvqFA0ihFNLxp4KqArS255DHcpTEhscCKw5mX66JesvixtrwE4grM8nwkw/BiG2GLy47faYQwibYWkb8+wyZGvHwdRF/fDy/Uw45vxkD3Z6H7cU/iW2nZ+4BEGankqdU0/B6hFbFFG9bGAaLsiiNwy5JI0wTngQ+eMlbVokxvsxMAeggv/YzJ722nRxV9qskG9+U+zoLiYu4F6jv2UqQ6VgExejgj+mOXecCdqiTeLIkTMZTqlDAmrBUaUqPAmf2TNBLsohnqkb8lZ1wBVhVCAXqp/9G7CLtTMjMs/a9pDFwZPgeOeHB8F8GaCDVqlIbmUQYNbf2ip51LsSWso6NXdKI5toq4zduQSzZPrJWSH1M18JSasZpvXlCNJtRx/dmGEFPszvm8J3f9v9n65P8P0wo7iQP62GlIpXo4kpZbHe/DmcAxJxgWp7waHgXKB7QGxcFrc93w5H5MhiwFpZZ2Ieqz15PSc0ABoJdoyzkiwOWtjDeriBlIEmEy2J+6FqGTCiKbb9YR2duhrQOzYt9zbBWfccN4ZFQj9l9H/Hn0VRU5HJvkpwokjrxIaQFankBA2ePwN/TjFK+I+126BUS7pcaXJ3qt9ppxbh0fGQzdYuXUqXGA9KH0oCx337g7fvuJ1rB60drG0dnSiZ/EWEquR6Ul7QM2oV5F1nHVGTq7IgWs8tWF4rezGxdZWDaC4G1u5zXB4DuI2mjztpRrIZxGzjaebAedjDrhnciq0p/vxRNMQpKJhxup13izHUWkqqMnI28zBRzL388fj4+S19Qr43DHMvfvA/737AFgDSiA7VuIeF/alYddbvPHKh4+hAQdiNEsmKnPMbjoFOdFnTv92YKMQVLoax0ZVUdl8fNEjlNyemgbN0Xz92GKMUkFqkQ6a8J4gzpoAygNCHJq7Kmd2O3Xkn0JbNYzgUsbYTdxFhYWfiIYaOcy/ukxGxB6HwDcPU3+UrYvnR53MYywn/BVrMC03enmgpUSvereAI9Ase23AlEcIVk5bTSYcAwOTAQ1w2N9Kyvv19n5Zfw5VUNd3c5NCKHVvtDgrb01uxvilHRzvwq5gSZec5v3+b+79pzbm/3hz6jiBn7j4ROO38c9xVU4fKErCq8Epte+a3u0KuAZOinK8ejTqheYyigf+ct1K1aCyV/8isXthtJ90S5rxA7L6rb/N1xBhe0Gkw+BPxXtWivTdeuTkXYiWbNZ31KztOr1ZSAuumk/u4jKYW0OnLPnBn8fqNeDvFDzBNmVmO57wVtahuadrLfnhedf8Ms1Ur3wAMP3n/RpztxZHUIBQL/+69DHqMUqSV7P8Ulil9CPbE0cqGtmT40Tr6Tcu6Jf6wl0eqlzxpCGgMOnnt6AlTiQ4isKd9tT+pHpV8tcIwNWotzuB0EwK/eO5ytgnBOrEMsVIoTECNDjZC/rWWkT8beAG/MPCdEsr1pFKn86BojiIEv9Wm/fWZjEFB2hiwYpu/E0gm/ncTexFUjj9DGcZBUcvE7W+KzztxCSVQUCGTONubTlmMYUPwbrrUrEHjfsmEkJW34Ontzs/h2MY/zIYeDKl1VPF866cnYFQpfEl3Sp9+94f1qfyXNltUjrjqk7lwCIoUge8d0Rk5o+cvmTPsHHzQNvYqnRS8N82AQupVQ7TmqpG9lu6HHFQbRw1MzPmaGMx6bKAKG7O7L0EUyQjwd5g8yR6EdNxBIZkN6SVdAPjPFkQLaTvw4FRfMlfm/yJeVqg5dKZ4E4a61Uwgm5FshuCTSYguwRl2fHWbjfayZIqWXznRLe4tm/xVuei0jgmNO23/t6Q5O1MWSJ+Xk4wzd8MD3neaYzet4nvxd02SIK36qKDbZkN7iNBG8se7IxIapIghU
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca15-afb4-4ae1-9b52-4eee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:33.000Z",
"modified": "2016-03-17T15:15:33.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'bestellung_0244-da90e2d4.doc' AND file:hashes.SHA1 = 'f0832ed80edf880eee8c99313cf39f7b1ac17530']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca16-e284-4b97-bcac-4011950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:34.000Z",
"modified": "2016-03-17T15:15:34.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'bestellung_0244-da90e2d4.doc' AND file:hashes.SHA256 = '5c2387775a5b868dc9c6f8405220048b273628639f16c67218ea5d0cf06124ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca16-bfac-42e4-9f55-44fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:34.000Z",
"modified": "2016-03-17T15:15:34.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPF5cUiGadO1eCQAAJE4AAAgABwAMWE0NjRmNGNjZTVkN2Y5ZDRjMmEzODZkZGE2YjkzMTZVVAkAAxbK6lYWyupWdXgLAAEEIQAAAAQhAAAARj0BRBYpgfD7DID+8ElDxHrowk8wq4w7FidyXKCv0IYVIaUn2VK5mBZoFZ4Fd01h1Bbkb6cQfnbEOBYm6yrZbvQfHKy9d9kh2/mJSHF34WUp+SaGaTL4cTSjIVbAEGf7pR2rW5qa/jKYIsae6jixwfFfndDl1OYkgU7lq8C4SW7D7udBUfa/lgdEleOtXt29aZEJCtawfgPPvzcCSqOo9uGuewWNy+WWJCguQURmzG8UVaxxS1T+m1Kh9ZSWKoXuNqUjmhFgqVHCfoujMoswUWTgHpkgUHuhtUk0YkcS4mBy3L0sVRj6X4GWxaMgHQ7ZZ1EZvW3v90uy5Omk/5Zle0z7Z9wo65UQ+VmJUjGvfhgvreUbFTs/IXOJdtNoS+0RYhA7tM3XKOq6CrI8uTs9tbrJJ1lJ/DbO2HVklDBtKMogBeG/F1WoUotWo3MjwcdycbFCanVl80iwhb8sQuGqseS1YuDZVVQQ140ryuyTclwQwDg9M251WSU0CN8vO2kZFu0cDEZmFNc9mP1THvEUaP8hbrJXmk6FAGYfjJrkxZ5ytCp/OdPUY3UnUOrQcwtlaP3RU7KTU0QBEzkgrgb4/vzpd+jaKUSk/aHXR/z/P1ch9IIxysQ2E8b8cmDQhWAvJitNnQ7DhRDVEhxFZFt7eZhPb7hKToObfa3n8W20/VV7c/7aksbTRZFYV0SW6v6WQrbFx4Ja1hmyINTif141aTU7A610Ki7ZvCiXvmGd9srOLP6x+IB1zQp+oeYlUndzjskqdoUYzypPjHl8DAICokqv5BimXmtYxob4DZc584xl6wA4bjwHbMVjtECW+yG4yP8H9rLhaJNYoIOh15Guss3Usr8Q89Ia1lbA+xe3FbaAe64Nrx0BlrB3X7oPo6nAcls6U8cdmCiFuyiW2yEcb8szcyvqPwQ4avvS/hZO57724c462VRLLiqQykljb7UR/1vgKK6iKAFwka/4hKNH6FQngmSj6gwxL5INJKc8O9gb8kxg+I0Pg3Fzkr8EJfkSfX/QpLy8LNBLAmceR2jgh7t3juYrdmaDBRiBahnOo8GDsLGR5MwRpwjGfmQ2E2CjQU8bPHkxMsEMdW9iNLP/3stRQbFfr0lYSIksHtsLRf8MrH8oC6FqRZvY1VrTdK2tDlAOUwm2d2Hgsk3L1vC7nlYDdVocjEzHHn9bFID2Y3ydM1AT0VGu8IhXMwJ3/KUq1I6weRBPStQweTSFPW4yUMB6a5IZWFYlw7Ug8HgUeJ9J5fOvEddAqQiQua+qhodT2mZPZQqQhSmXrXN+W3l6zMJNFh57jt04mwkuNIlYp4iotksv68Kk7cGYn1raYVUky0Dvoz6j74xox6/qjIjViD/A2b+94B23j3GAVlC8udglEjLD8XXpUOl4AuMb2OeeaGOHXMm0yHP8CELNXy1mLSNKwn/WKgtj2pK7nedExjoYWaZeBy7FeMj+yldrZmH20D2fHcASHDpfki5UwwqB4Y71aWFU8T9QOA+iCXNGNLdBu6lPPhAerMh3yIg9/tBlkFz9iGL/2ML3WCldGSRlAhGyU5GgAUWDxbr1QY15oPW0dsfSuZ1kK5+0qy4HrAeHRjgbO8Du6YrNeHMCF9rkir7b07UFaaFlFJ5kCEF5otsQFFl3QeepiwWeUDUraEowJ/64uf91hnBlewMn3vUX0l0f1u+GF40tFoypCyAWTvRDYPp174kftdfMWmt+mnRD+w8kzmZhCU000meSkTyvClWAN/SHbZjT+SoRRHrd9NRpG1WGJLiQtprR/wZVYpZsQth4qaTJ4IM3hjRMHsoKGNdHgiFO6jA/lI4ClBciTmSewFS4OxMJTheSQujJXvE+RFr0yY44KEzrsmFcXW/5zCCfERQ2gUrEpVkQI6VY4u3+H2IeHLesz4bHCJ4Cmt+I136pcAaqU4h54YDQ5uOxeWYguommpzikn/5d8qrBZAlC7cd2Ai6M7EmyRrCzlskMUwg/AHhfO698/Z6FFfzc/RT5b2weQnxmn92pw80JLSoIFfB90aGY+fMnI51Ql0U7y2ZGz6Yu7CtEGZBkpSw8yu8mRq7EIQa4MVJ6a4YbWc97vWV1xNAOBae21waPh5D6D3MpC8O0GKsSqfil8OJR+m9PRcAPzuojSHIk0sy9hPIpJziTKcRTAcfZuy/9g/LLaMspBgAvRpyliYOzgptNNBYkGS4i2QXf2vhioeCRVwcA682eKOJr2FsgU8Sy0b9b7UQkFdhKkvuOpKPIG82Q4qGqZlLlkUD5idil8DaFHX6NDy52BNeaR7nZ/5pfO2cBu+/k8WjRjust0wiaoROdYp5Wd04nG7m/ElQAZ+29Qyfy6+FkFD0T6kzojiNOHqjWMZbd1eo6p8xg7TSOAyMtx0SL8FTt1hR3sr6h7rfVEhE9UOHgkUddYRq8ZlCvFRXA6ez7ymAi96KMq2Ad2uzykxrvlMtV78CwEp1hadSYDMNszlYIOJuoSXINydTBeD8KvWVZ/KrHKGAWNjPJvqI9aliWtjOy73JnRbLi9+QbC08fv/fzJ+IY0FU72yxe6LTCJtpMkWR8XY5o0NB+mNc6zS/FNrp3jn5oyC/d02DAjvxS1BrNfInAhtlIf7NVGcpZBl6EOjh2LuKvYgq0HNq7yYVN7JJd9JSrIorlJ5X04eSe0OyIWaBp384yuvAlJXgqfRU94TSCPiBGShNbMcy1GFnelgQ8M12m8jYl8BpeXjdLKhBFf0c9Aon3JLzwpUt3G3tmKtCcePh8qSP2DThYTGsOuGZH/Xj8DQvzeIk0uLv+RHWRNO5nCKWl7dcPGERgf54G0SnGUGeoaTR0BvpqxKdzPtzaxA+WdwGw41GnxGvINSPgffFSStYLD0sA5UOvBwIl25+VlmeSK/wiSDgrgYR1havVxaJQ4IWffYltD4ogX4jczHHvzfFpm8rcmQ7b7NT4aoK8E9RBoAc5ZC4KMRqiyYMp861o92il6IiHcUEMlh6gj7pApvTceAg0bZOXGBO1d/CCl+Fqa/Yb1mqIeDeDDU8tMnSodvKOh0YHqCa6frLg1f/Y3JRpM15gPILgh9KuH2CCQeVTQ5IDr6gxt5rPzQPwZV9Ax5ofuMk5A51ENVdk9P60kxY27QQyNtr5+mjBc421qcwq2+Ahxzq31BrV+KWU1Fce8Nw+zFCgMHyRAnAQs7XwG5rxs4bVefpCIhM7o5LRdhjweT23MAqokzL3SjsoLz7fnYlSlgNqFnXlLV5D38odocUNIMOn/z4w8jHDwb2veMFIOCugTOcbIJBC82GOn9LSBCSSL2flPYgjTfFd/fR9680RQPEnuTjrkd6YwcTfrobJ24yJBOryzxIuZ1IAfomsapL1E8b+konb+dHL182puspiicEnl7NCk7pjacMkeKbe6IX0+XDnjunSiorhbNuE/svkkOvbASOB/isEnL52ouTnDPaaFz8IS5H/NtzUkyBYnUDvvni+lN9U1oCkUuMTXvRDKcvzmJ9m+aXNOHhVr8SoG1rdrXzoeVZJbC7By0oFCUUk+Ymhs0jy5cmuSnacTmAXDyYJvQ3KsV4jTMcFzaNzxBSIiLdOnpFKms8ocaylR0g4OzOk0jcmCkuqijkBGJSjwWslkhB2fF8AZl5cGyBOevYDv48+SMPKZFgCBctPrRR5CaVD7HK7QFNPdlioyGn+WhCJFjCyxs6EqjbGYk7dLl7K7Xx5fluUR3XLFOvEzNU7jKKjO/SOQ2neBfWfCjfi9ya/BLdyM9AnEodCqoO6wFq7OLaDBLpOEyt2eHthSTF8kVGszd+MldgV35/BPIWQ4spfdYyUEzhMo3YU8LUKWdGd1pMPDq1b+jetf97UZQRZ40GiCL4wlAwE6bV1kKTg+oy6xeYjRtNUt2pra4Lq6rZ5Gzlb6oGm40MPoWiZ4X
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca17-e698-4672-a607-486a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:35.000Z",
"modified": "2016-03-17T15:15:35.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'bestellung_00562-a1e0156.doc' AND file:hashes.SHA1 = '8238e731aa1005a1777e5f82aa680a6edf614ca9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca18-2190-4e09-a5d9-4652950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:36.000Z",
"modified": "2016-03-17T15:15:36.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'bestellung_00562-a1e0156.doc' AND file:hashes.SHA256 = 'bbdcfe20dece102c30a0f6785ed2d9a7f898428285df3086a6f69d38c267c960']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca18-cf98-4d8c-a0a9-492f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:36.000Z",
"modified": "2016-03-17T15:15:36.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPJ5cUiUQx+NPSQAAEU4AAAgABwAZjFjN2M4YzMyZjkzYzdmZGJjNTM2ZjAxNjliMDE2MWVVVAkAAxjK6lYYyupWdXgLAAEEIQAAAAQhAAAAm/MvWwKW+xqvf4JfO25no6/2ABvJL3ONn7ifovt2YifAmOrlm6ORAWSXFnoFa4r5WLoYVpvia/HI1AvfKIlKUA+noDnZjHnuq4N6rZkvYr7aqa+GsY9N96bGdH5W6SM2Dgk5lkUfchXMz/ioVv7YgpoBNmN7U/s1kiZLGybZkho5WJzXlTiiIpX+T+tsKzZKu91ChoUJeZqKUePHLatPCab7Ldc0qkdGpPxSnaECJtzJvgNEzQfOGIs1RLvxZ5f/b7g5TqxuDKMJ1AWDexXBX0EDUSbHl2fEUOp386m9FtRnfFPQnzslfM4zr96mWKofbeMQd7rOJIAhxFoQlgwDu/33fRNtRTtPfOKycIQ/pR65fbR6MTs5+dG1t16OImNsYLif9HtXr3o/jIRtKARHu76BlSDW9MuGSX2I63vMinoer69MQzbEHK/BDRm4UVPuxWBUac2k6O097nz+GKJaiDf+SSn+RKzHG5DA2pPOAQG3kDvQelL89xOcaQBu78uFZYnR1C2ze4bE54e/xkgpC/enYlJIXh1mnj1vmohzS0sWTzUgHWkJyaJ8B840fM3v9lRzS2ohU9NoS23n0ET6SARIxn3wctQLChRk/9KDlvuluhM1oR+Xzer4HaRdbXuPLORrp6ZPIrd0jhohPshlwguVhdJTsSteY/T1ACUPPiSfGjGx6+3AKRS0NwYT1ZniePTRATXQ5sFabZ7auX2Uh7YKsqBDHTmKATNmxWXsHhcx6r9+ZVNSpMgVpmRe5kCOEeesL6beFWRdCnqMLXJcycq/vCSJrMC9KNRQJw0sKzsORWdPCDwocCOvnMh8MaJQ2+TnHUrdjGuDvA9M81odAh3RXe94qsSk0WB1VQHr4B4zlJRUc5mWwd6VI5Munb5l/3jrpTs1BuJ383K4K3KtsKWMld7BD8nTwatiYj9nQVUqHUHHzVnDplEcndtmK7QJ99i+pnriTQY/VqDxtBIqPDWxdJUmD2K2WoKJWvwJJk5fb12SeqnEQITNfYqpq4rF024iYRM7+W3usVyfVd7O2UeeYw8upTjj+lkyMaOjF1KL+ludXlq0L99rZgNU93BEZis2gEGNn1uhVCP0Zj72Bv6FMj6mSd46aIHQ2GmdiEHbvbtul6XsniZzRYG9/k5AZWlPkfanCi78cSIj+24tZUmPl1qriDH00XRAEyB3/pWf8vAbj/lB41focluuoZRveqWf1ipzTK4ay68MN7bqnaomBqF/gGfAZoAi+v9/Pk0W6PkNGBihs9G710w1+n2/PNKInUtQHrCnaMU1Egmof5w9ROYne0Q/p8tNfNFMGH7kFs3jKy+hja4lM8B+8W73EB4r3w00Fkr0k6JLWFnUexWj0yxRyQnnkdRwLVslckBVXPt14HlkpWg3bgkUH0YDS1/dKVcnFtRLq9vkrjPTtSJQKrHnsUmAt3fuxG85xV3YCoZMhcam1mHcBiKxxuazUaoogc8iDfOL6e3fTMghCfFiRQkra71vXtgSWKF9gl0mU3ce0Vgi5Mcu9uk83TC3rPG5WTcG1Ce2+E1z4784f1AoXgv7d/TjbmeQNnKME/SM7GOeP0nwS0702quZ+OEX60VyarRDjHzhPmLpYVWL3E+Cja1R+qKEwJyqljqUZWdsa59jNwAtrYMiWSm29A6mcS9AKXBH8sbuWdchc03I8OpQ981E9uzffU4zdHUpbNGZ0LwZKSFKdfjIDkpMSnOvT8lgrD/ssCH8hpwRYbIDvNmeIfuRIdUxvZgQUwqDLVFYQvaXyiLMA7vI3A48cLwtVP06oswVegq3kKf7/1ZnS2U/BgzagItLUsfqm3donXgZLPswX7nN+PiTC06NkacU6S/st93ODYprg/HScib0oKjJD/pyxpfnBA4CR2XOvD1cEqhju6PA/cu2PHEMsU4EskQPn2Y/nxCLu5Rt/4LRGiuVImMXxGXXni+96sgPJIEkkhFZzjiNQOwWseDHzCxpylziI2cnPOxDzgv6i19FLPa6ALJ/doyBcVUyGIY5HV8tvsYuxbrsWSKm3SDOqDCgqIBdCqNK+828wz1GmDcW3zySbOOU5d17kVlaOnvoKlwU9bnUBId8mCkxeLYXq46anPrq9hVgq1wVHlPLhVQI5XbMKoTGSk38c5F+i8MwjEROvAytODhRUVf3kfuNJ6o9e6gC84op6O1yYshmEKWpiJkjHRUuaOfHYUrq0L0flkIPJ2gD/JQ7KmECcNE22L6jIhT15UIwIOkpVdKKIfkl73zZq+uUU4hYTslIQt94X3LVjKqg4oOAcN8BvaRRghrDtZA7nXcyAX8Sd6RXneM9ueKrOFVd7qUOfvAP67dV+zMgYyXT6HwJhKnvJwhy3nid7v9cUyWng2+I1t5WzfS6XMwmWsJ/kQbkMULIOLwFYy/W+/8HNelclvxRNRasMwyfYD75sn9/Gjr1c0zo06XEHqosXhn+0qv+nCgiqEQ6vjcp2D3UB9SO0EPW2OwvF3y3e8Wa54GqYqpzmWCbNj4CJFppZ/XJqYTcaO+PAo7bveGM+EIVJW2OfjjLi0gbbP40DgrwpCo9anIctXxjO4kGBFUoLeZcZi2uEzJ+lyWN67fc0OISHfVZkHQyE33CqwRKALoOUxttUTEUoSWq66OZ4ztVxW8e2yOOQBT7Q/Ef59fA93TzDHtpRr06slguS2L/T+kA7hiIMBJhhoE1IhxcT0camYJk7GhxMHCRvaZtjJAjhgYoWQ3U9xaXnX+VCNIdg6RBv7rbMmNPK58i47xUTNLGWA3GPEocuAJURrFNqY3MePbPm02CzPHyGhXfoj3gIqDU0fkVRWvbKDK/IFUvQRZ77aISqLJqLraTut6nNNXYKuZlnMcfxpAEkOtA3+SSSgoe7wRCrvH1HF7HH1cOFe8lDTrgfso1tKfDO8jEG+oaf4savm+PRtUVTcWlzOTwfmD7BUaBSH9KbxDu5EpfzoiMhLQLrVPG8SfltvnL2o06cXoXs49cfprHAnna3FuhGf/Eovc2nnBGrPP85ilMnKzl1c7ZgcoGEahhzOvj6Ajk/K5Z7UvXvNZUWAO63XBHv/JMtQ+Hgq9GbGl5fQb1zAy9VdajJjwtzb/Wl1Amxm5QuhI29LUK/oWqeCMdZ4MbVhQBfSWtUA9iXLZ78S7k5s4f2jY9lSKX7bR/63mxWAPEjLQ8JSZy7zwVYxb/cnGN5n4+CfwJAq65WehqECLnNq5/u7pjYDzFQT57pidBwdoUnQQYMMOl7DJqWyuLwrGF59pp5OuJp0dVXTnooOYv+tUQdxjF5AKIjVe4bkiqoz05enwfpZK5aDmQUJOTRGaIUU+XpYuStwZ7WeIsGCYcKuUreHOMSx1Nc8DW5iIiVCzRCZ7IBeIW75fyQSSpms76cnm0nXjsPXH1gMYNV9VHFDn37pVbk+fKPNVP+rEQFs4luwOc5znksPiwxijvU5ILl1ChhE7dfDg9IA9W5V57HRnKiP5vrxr5MjrDHok+x8XHnW3XH4n+E6LkByt0m+dt/Hu8mRT8xRUng6ffh7gG+7vYWFFydKebJgWfBed+QU23iA25VL6NY7H4FCxpB9uyVJwi+Bo/2y5XFOzYDSxUZG8HQ1LAN/e/fgHbg6My129LebX0xccJxi/xSVliFaQZ0ImWNqlBBnupzqAXwe69UXMdEGNL4xvVlB5g6YR4PVLQJIPLyHPQ75WJtOrk22agRTSFwx6inwC5lp56jfXzsyFpqRofaTTUaTEVhS4ppYFNsraxMBRoFcGbMo2irlsnyTGyRc6IppWV51TXxOVhs8zVEBSHq0qHc/QHkB+ngx0svLa9j8NoQtDjgHrpfCpvaDdoCFd8BmIs7oQaz/JmNZYoRYB9XFpZb0nTUpeNfUM0QWmfcIKLctfv6sRRviM8rOnCO9Jtf6AzL4
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca19-43b4-423f-b097-489e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:37.000Z",
"modified": "2016-03-17T15:15:37.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-0b226a77 400653.doc' AND file:hashes.SHA1 = 'be077e40183ce685091d8cdef7297644b3c03133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca19-45e8-4e0e-a3e9-445b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:37.000Z",
"modified": "2016-03-17T15:15:37.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-0b226a77 400653.doc' AND file:hashes.SHA256 = 'ea24f79c0b98d48d7f41c0cfabeb7572b4bf99d8e8564983b3d61860718b2178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca1a-1ff8-4a6c-a14f-4fd7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:38.000Z",
"modified": "2016-03-17T15:15:38.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPN5cUilekObOSQAAEA4AAAgABwAYWYxYzc3MjE2MGQyZjViNjgwMjQzMDNjZWVkN2JlMjhVVAkAAxrK6lYayupWdXgLAAEEIQAAAAQhAAAAm/MvWwKW+xqvf4MXZw8bj0O0zkuSPRR8uQ49/Acp2yUcFWCQIIvv3onj9r9sTEosmbVFRPwpynuu7STufmWoQb1VXQJfE0Ucl+BJYkD5qDbB1KuHJ61OyXwvte/ofk3wJ10XgaL+YQUw/14BASmgjKacRsWMinpI9HtI2ZRLJs4ph9goODSAHC8LZtP0bqP904fLATM3TAEAXnxu8FhCGwRYnJqmZLxeWwbvGbSIKypzZw8J7l7qyqnv7p6PnJarlkp7OURcJS5OSNz8nHbm25gVtjew/i5MeG2/zpNKG637eFqVemCYtTrgUOL9HpjamR3FxwipMyu0KCQZaiWnKkzi2LXyHsDYEVja6Tb5tzO1zRYxgSpz0Xr3bLVGyDMo2Vc049PfUgko5TWvcyKX62YkyN6TMHix0EzKKV2IJX1zZ+z2LnqtWASaNYv1Kk56n4MxQWsIxtrt5Tm9VsPaeRKMI6qRgejWZDCo/BgINx9QHuYh0bLEMV1VcSQ3HSCRwMdgY1KSPHMfMblKHfnINKfZLCmWP9uYD0Na5DDuzhnmaQFiTkV8cGkIBZJh2p+vKoE8aoD5D8bFK1sA9cmoobZLDdpRnxuBWjCPSPWBEAxNIKMEEB9bQ4Wk7KxT1qCeICrCK4cp4qeV1fbd2VD6MsmjDqNLWvkvy4uziGcU8w29EMl5NKoOrtro8/upxPJE6B1bFZyoDHQENLWoadhLcRBfb/kME3X3MDNSSrPiBkI+o2PMGTkSRWWUddLSFnLCsAnJBJ8zUHAqoeD2joyZ9h5TnFzAOjfCyoVRF6K5VqML9gNawRq1jFrrLlQBid3dV3/aERb885KVMjguFAnJ298DY2Dm0aJv1NL5PJnZmK/ywbyzIl5bDOmFso2kCOqZHnmL5Sn901qOJcKq7GY3bxAxaZDowsEu6Gaom1A8kQGbC6qUbMk4oJc7FYJn4q8IvngCJ2GGFDgMke63M7zLoVK0nemRyu2qCf3b0/pF8YKmZceww5JAEpTwHjaj4yRvJ8DgZGmUWIHI9GOtmN2L8BaH00BzTzizrERTPeiwCqmImwJFTOsV5yx7IVY9M8955P8lqELFNM4OjTejWGbyExwMee8iGSiE+eyTF2Za/m+R51vAN/Idx7ZknofWgIy1fz4bxAxmlzCgST70VF1FwD8CcsW+XS53hltN2xrc/Hv2OEfg0Tgb7AKsrrgTx7EHbLt3YLpkjHCaI1DI72BBD2j3VXS6qJWZEfII/Cuf3bCaFticpmZCWL+12HFl2QU6wVKZcsuzExspcEZAiVrDwn3nMmUeLjOcUJuYq7A+D12qV588++H6LxX6DpTVhBXVmWaD0jlW99YVsP4YAI7dAADBvvErVe32JytWBQx7fItlWrfoL1X/BBeexemQr9iIVv7hAO63oeargrtUXREfOExl5snLkG8UDRtrSEei+wXyKKTChmwHZfFp7d70wQ3AtfgelEvg2t9y0PqoCC+AQkBhxTD3RiM7cIUAvvLkcgUrCvT649QAo3WAIxlhjVQ05FeOGyJK6GN4BtIi+6ialGYlX4YFXLHAJckEPfmAt++yy/0x8p//jYZNkSLA1ITO0bsFIkYpYiX3gG+92Hw9ECvIhnvXfJqH3mFx10bTH7+gyy/0pmALb/z6o5GGhU4/VdjoXF7jBeHauXnVBYyM7EU7GH3ykX8B2r3qBVdkvgCsqEGgk5gVFkrSOly4bS9Lr7jXkcpuy+9h9tzo78YZicSsljP5W/4qekR3VRCa8x9nkuDLz8L/fUttaG9s5x0AKe3RrFKv+CmxzVikfZa5NpIk/zmAAdrUDZ8JjWQHNswKjHxfoJuXgu7kJS5c3Cdt2jYxy3F+Py9kouKMhWl1PS+qrLjxTzWUjNc4a6/701Optkp+3aYeoms2L5jqkDGHPXak/LkUWVd2gmygWi7odUMZ5HD20oWhxk7xpL4MSDePZB83FQHlC6nUbl98mx1yJD+GAxEOOLhcUFnYXufdMj0rpeObptFE3oxBJejXpB8hsnI5zg6ZU2e3NCDaE7fVoROmRuuS4mxSm98qLb1p6Z1+9dvqiCdv50qFxpBnVf9k9SitSlbdc1fZTSA/4ZvXbygt0q1u3mTgo5LPx25XjEyJYrDdNg66Tl/Da+dHCXewuoOwjDGElhFFqQz2JXDDRsSVHnnl30Lmdh7d3F24M5hAjUBzf+Klm12EyIovnVETSyUxtEIslcjNFSZu2iwhJcVvg0Xpfwu6b31iJlbJCXQ3QyiYzzRkTSj9Gp2rx8NOeA/L9mqSZfbgiqXiBOkv01uLMQWKYwTQ5F5JhaPFNmrCC/k4n6tXMoRXjewiOhemS+x5nL8MTFdI7ZFVYlyfthb5LQa2e8KTBH/r8VAWA5+KslsdYYoHouvdXDHFsbgTlX6THYbag2/2m36xou+mELmG3728IolswnBYz4W4N0CnLZeZwK5aT/pXNFUnGJBvSniAh2MC3ijL+elQW+0MpkUvbHcvVb7/cGWhC87BfLpMKF/gi3QMI0b5tT329/zEwXPbDdF7H6Tl7DSggZC9P+VMVBqtxHclIJSaDZHW7+AjTqtUpuFMc4Hbv8Tm1hDBcdP1+TelBRfGHz2Ws4/PTY1yrsxxS5FF6b/BJQEMXWsZvN2whh8vFNZAdHuPBy/JBODZrpZlmXYXetnWabgmS/VDeyPyaEnkarcEcfliXmY3qrRmZrCYPUqqJ1VAHbCYpJ09TLkQzuFaATmLX97oRMsv3Q/SpjYqtZe/WUzi0jds/n4M9fIJX5n1mpjpWteZ+g3UgCPgEmgIYiTVHKD0oUYUb8MKcBLINVGs4gW5bLpIR1JLrKZKl/Fd9EACyFYqITCFeYNn1rzVbbXCG2RGWA73lxulP/0P15EjlsSdkYkhT6+IpLpC91kHyHccYXEjKqrXF0ofgsS0s6yEKl4/DJZecLEgZNqwJZ6ByGE+kJcyGiOc79tH227hKQjhg0mHmjLIlCkALZumKupaLrxSQuNlkxauOAbh+lJE3McL04pX6xiPeFlQOoC9IN+/QTc+Ug0IGpZ7oaGgsG+JPCbU3IuyHfJbd8APgPV2HRT3mN4vYBDGG7cLmmykTb0Zt8h6TpnYVu9OkBpO+C1oy0+4RRBLLcUSJpMZ0goxvk+ZcWKsao/NaPGKuxZgV0nceASebes/sfpDitjgcbwu2/oU9v6BohgLE0Eg9XZI7CKeW1Q8QdXqZ1qg4zW1OzhDCMxE7R6TBze+KspdR3gLjpL4Y7foa7oChEu6RNEsZUwG8XD6am3pNYHhR+LZUqrxh5MKVK0ufp7NJ6zfrWS+xpgruYL5D6KhvMpLnotx8o73tEEe66zeWZHS+vaOahScRjYE1ThTB1AzA519d+iuOwjisqsjZvaN0n2xeoBWn/oHuOZNNDNvZ1O4FcZWp5hO+sffGQiZA59KORLF06ol5w5or0CpQxai5H1AGPIeCL15WFabY9zTeRF+FcYYniGvvo4zmmpZplwpIiLTVNY7Mf5dcyTjqG9E/NP47TpIAshESeDXaxLg4XpPnfRl+AF2zzgHpSiAHvrssxT1xXJFyElLIX563GW+H3qcUayFcKAdIZ9Kxwvz1asu+npD2+v9uQuvw1ZsZOQUxxWZlNcriRWcqrokyxlQht/ha9XF1s1fQVv5g+Ttc/iVPVxBwhYcBhtgzPWiDKvBRCB658FHI8qWM3gIA9WwTOY/blyDFLy12OuVzAcbfSOCXOSVXIqSJEZBguhcdhM6Iu7RBzZfWFF2nvR0POncyVYf65G7sPoGOMTxGmiCVrvFKgCQydLaoRceqUlXwpNrhDs7Gv4Ma0S9AKmL1wY5VWEubSaID0DzVTuczMO4gJkRn6GvIw6fXIGvqn/oUripEZcqVGnICRp4dkeV3mNy4sO+5o
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca1b-1174-47a2-bee3-44fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:39.000Z",
"modified": "2016-03-17T15:15:39.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-0be67206 37651.doc' AND file:hashes.SHA1 = '6d43e89abb8cf4d497dd49b31a78c5687dbc71c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca1b-72a8-44c8-a6b4-435b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:39.000Z",
"modified": "2016-03-17T15:15:39.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-0be67206 37651.doc' AND file:hashes.SHA256 = '973a20ba49f510f42e5c72602a65b8bf39b4074053247df955e4bf99def1a0d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca1c-ba5c-4060-b2f3-448f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:40.000Z",
"modified": "2016-03-17T15:15:40.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPR5cUj/HRQbPCQAAEQ4AAAgABwAOTNkOTMyMTBjOTZiZjBkMWUzZjRiOTczODg3YjY3NTZVVAkAAxzK6lYcyupWdXgLAAEEIQAAAAQhAAAAQFLKTPbbEaMcMRrLY21NOB7A0zxbgkq60E9TWig7JE3+4aGqPfGv67CTP57mFu1Rrt8zVdgEH61cV7kYcy8ooSBtQ4awE4cWKb2rpUC/dqX4l8QOKLe+IzeD/wR7wm6J3/2cYpEKcwVyrttpbaVuAqyYJXvYlrMB9eRyoScoBqcizEla1QD1KRual8oudhvkeSIlsjv4oe+z5eS+xgCfocAGvmQkOYPBF/PCaJVQux3urZC8cmTdGGJxFh7SIaFvdZgXZ5I4MGzMoxGaJfBCSieeypJV7gBDVqim7FINXlq3BQ1ciEHynxK8OlGUMuQVSJIhIzcqSZtyrwc6fvMlMF9NRnwrGiQR8rrGUSJ9ALbxYwQmzJ/GRb3fe7k9XmVxyL9yFb8gZltHls0C3Sxdn27hOpVz9FH8qz+FyXg8msbqk41f/AF2KIcxDw5kg596/C5drbF8GPa90aV8eZkAI8KaaTbIIAhXvguIxnYC+7+dHGpbQOlY3OEO8iK83rdxJew2VIqAaF7gXAxhLbALPH4RXMmxghsl/9rq6ykO3XR9+Kmwn26j7iMg8uWoXuLCWBS6rM3c/QL9MU530xS9T4nWTXyuKv5CHzPiyBb/xWdIJEA++tsUD1SKf2WMR8KP0Zq+O6mBgJVhZEWygYNUAJyGYJ6LN0rE1iIz+8a5TlBgWLWm5QULp4S++TIppuEqLQusF8cDEcPG0/DQWLbbwWz0CSBVueBCJh0IETXgB1OYxtclsonDdxvk7ISSkFeVqN5Po9NVG+tTRg7B9DYXee95Sl1fzuM38mPXs0EHcGdx3ASxIycw+Tqo2Zx3fo+bgkYPMju/ToHCT89G05oymmxVvTm/fgfmCpm+Rfv/P5vzpHCwSfFJuOBB2NXfzdPx6kIrXgNxW+8vweqePZSnmMA9UvahRHnxVG4VYoSpfiW0xzvKlsiN1+ucxhiYUNhnxUU1mrX7bYdQRZhI+3+P1HFJPdmDhfqeoV5U1NpSGCtbhJ9oyApWB9/coHWgByFxxrS+4gV6hXCQrJhzgV/9zpM3KMWmiavjBq6lAWK5IyhLZVoAbBmtPUiuyWM2LMx1pwYtk1MJu3h2cUhP+rHET5OJtTPvpystz0ZThpE/1HdiMzPNQeNlt/mpWATQxT2KPg2OHKXR/AlDMFYuqdQZG6kFnRgP8si+uokE2823+ZPMaKtt1/fAzoDaYd+UrL6pa7CpyyUYycB0bXW8iGgTxyd34irXDTiJlO8ltaaSKOV9cw5v/g15uMxTzXPUsMIdnPPI+mq48DAJE8Ng6/uFYvZosit3OE2UrtVpueAj49hiui2mQLzc8epnZ+yHYExhJeaVLLKLq2ur4nJMbiI2DNEvEJPTmoPc4X4phK0E8Z1JM7X287xLATgKTdEe0fm6JyQ5Z5mbg9cy125/BYJVFVQHOUIM/+gPoPYsIYjHcFP/dch3wjqioG8RRGNHNzQc+n3bS8+Vplom0yPPZ6v3ZHMDwrfR5eQoL1Mrl2NVrJ9fZH702uwN7KThbUJPjZNDJFcQdM8YdxxBO/H977BbPkkdjRCLrk94RO34vh5FjACGw/2gEpNGpRowkpe+Bf/13LAboA+fvmF2NK++MddF05xq6y0xvWKCb4nP1sTb9yQKCZUkAR+R6USpmaj4w6rY+YxzNTaCc5uOZqS+2+FZhMm+mGVjW/LYwMSKro8Q7K95FHrDoKh+uKvpQ3Jc6HLOCPUicgoTf7sKmYPpQfWICtgj5nrs6MND2FKf1ayf22rllxpHYOFsbnUjLWe8P8WQlBBlKFCe5zLgKloU2i+zwiOiOywp+CXfZzQnEbeXumpyPHfpWNhajPBtwJXN9N7PkHPx7q1PwI2SA+oihWwrv4U6Ren0Z4/Urglf01EextNctG5klm3Xv9lEdTluMhdkJ48B1fRNWK+sxc8NkEVCsScmZu9o45sTAOZyvR/0lCsC+U4cqdp2LcdQafnIQI1Ug1uSIgKLJBMbfmONp612Y5lCwvngG0kR2MW9ptt3C2gdVo3B7EY331VFWt69Qq1WnKKe/ayGmvGUAML3LniUs2w/TFUR2itifgz/soek+IUgLVbHZrsaeGL15SQEkNDhXdyiB5/hDiljXD2dY8R8cq062ur5DPWY/Cd0tJlW6aNDYao1RdCEdTxTx4F7+FmJZZp5NZkG3w0iiqHjl7UnhN4E1AjG4sQzx/CfYQTJ9JB5XrdH/aNoVFxuIc5qBQfWCNFU75wpji3B1uTN2qf3OPogq0RATcbgUcxqtQGnu7+BlbjAn74M/lpFDjCozqmiZ2Hx/ORC0/xEX8YpzpH+Wv7MWagL0IjKD/rj2K9bAoG0xsDt1O27w+qiqBLRp8zh5lDT4IOnJop3WZdxcssQEDDJXc8wmJaqCJ26qfcXvJyxpa39tfne+nUUkVbmz+B+b/Lfe1odgPhPVjxPyKGDHD8KNgran7QahLSqyy88aCXaCsP/pZEzhWMmqW8Tu8AjwgFQAFk90yhJiFXmKMsq8kwnYQh3hswPh/y4NAZap4EONBbMSAACKdRB8QbAasSVTqDwtyohh+pzvhbcgHlI+DxAtZKl7tKpRkVR48k2t3cUt9iDxye3SN6AdOoP1kizUxjzEHCK7lNe+cZy4UORI+t291j1Z7TLWIThaTodEJCQWQN2TQ5fzFKBI1TPNJYHlppq5YCuB3Vz97MRInAKhLrhNW5fmqYNAgiQ1eTejBlE6JcUye8KMd9Z29cccD3yK/6qiAmxQ1fevZJj3RKgrOhm6rZr1oxyq1cWhW0zEy+nCOnHjTmTvPhuw74o/xNtT8viI7C+iPZRQ+gWciyWb+f3UUKZ+o6WzISC7yr270GoG7dw5+vJF18YaXFyJ72MQ4Tx7fLWHqNSY/cFrc0WFShzXxMCkPu5TEJWCnMQgSKsxgeZDtlR+vOEkDrHe+gkXoZCDL4M3+dKfckeEJlSy+mpEMzOvArLllsrE2IAefRQIEsZS0jo3zE1N1LXqXeTwGTcCJON0ij4y3acKGxSZOJb+YWiMifZMtalv4n8ePXd8Wl3Kg3VtRsqiR5Q2nxKjn/d4p/jAFESaCNJbj4VFpwyWFMQ3Fp8+hD2JLchRt1IEOpb6lahWtnSKcOy39dxIqbWuwMTf+nKAjqBaqFwfXtRipEjq/xw8+/YiA1a7Z/M2uo/u1OwOK+iyQAvSMCx5q21mutfrtQvDv8R2mvN6qSlHYlv+JEuDTPr4aCWBVRtfMNGsq18Lwb7cDRMH48saeTiHBiLGqVuDe8C1F6H0b7Bqf3vn9BAEl3wEduvIb6Z+9/hV18DIH3369Vdy+eTMhULtwofVO9FppUWDw+Qk9UMmnbWodkPJ4/ek6LZsbAW8g/Gzlz3nYNQAUS/HhocLYANscftzc0IEFZ9Uq2jordoKjiWpP3p8Qu6+bIBT0yclK8+u8nDs42WMum8JoeR5ArkAs8UxDGe/vO3jhvnwZJXA/IE5yWgKyjIh11JhIFqjQafrxTWis1/EApG7bnArFhPL32J1ThJUJ2MApg7j/nqAuduwBL0T0CinzPbg41VBFVVyQQK4KnpJT7dTR8lGRW9ebmx8OqhJUf8tGqD2eohnc3E0IuOE02usSVPX85540qeWvn7Gc91EcafFWS5Tbax61U76L/3B1ZGcYbfctUoFQW/bBoQ0Pp2rp3lKl2lF0cYPVdzAOmoC2gWyHKCGpqR0jdij52Yr0LgA+FvpCgTB5P2opWlAnedCN6ztMsf0disYcpkWGK8LS7O6e5qx/AXqNCdHfNdVtqOs2gshlMk0LBsquogcu6lDbc68G+W3hcIBSlphRFSkhgomzrGymVDoN5xGIq/6aKu4LUfGQn6r78bn89KtGiGTfUlHLGBAlA1P9MsYBD24gczu4ruk/LiPBwyw2CYx7
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca1d-2550-4f52-a4eb-4013950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:41.000Z",
"modified": "2016-03-17T15:15:41.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-1e84aa61 469129.doc' AND file:hashes.SHA1 = '69508c5c7415c94de11397fd5127d8d9db47420f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca1d-4798-4db2-a91c-43df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:41.000Z",
"modified": "2016-03-17T15:15:41.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-1e84aa61 469129.doc' AND file:hashes.SHA256 = 'fff6df71d5b47029a44f9af1df0f4b7d144d544dca87cb5d221b30362c43cc9f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca1e-0274-4089-a96a-4589950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:42.000Z",
"modified": "2016-03-17T15:15:42.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPV5cUi8QfuRPSQAAEU4AAAgABwAYTJlZTc1ZDNlYWJjMjBhMWRiZWExZjUzNDJhMGFjNWNVVAkAAx7K6lYeyupWdXgLAAEEIQAAAAQhAAAAQFLKTPbbEaMcMRu/bZLvvh0Tj8pE/Mrdcwo/kofJ1UR6XgkxXnpnIX2exJQ/VWm1vIKbSpXqwjg72E+3rUguN+Tnfr7zyXwx0RLFm7DwJJU4C2ADvjt7lpMaCR4szBSLagZX5eQS3WTTBIdbG6Yn6yLYgP2Ecr6b9jL429EEtJZAO5Ge3J0GH9dIKsbyrQY9+yVpuCOSPaDFnXkxj1YmSz/jUYYeMjdQd9yBsLOwPKZpne4rZNQak8+kuQDs2hwebkFWKJqNOwG5uljP9uan+XDTYrapIedrwmeacGuMds+Eb4QZXLFo/7bSESWWQMrSN6fpArwZFRbscdHevAq4AuUm4gkxXHfbpqtgUO0kLK4qAztobEfITjutGQ9jvbb/ia5BLHaFC6ctRI4EVpmNBnQ0rxbiskY2frgE9q2Thao4G14jWh22gNawZDGcbVBkNOU4MJxTqTV3Jd+TBO1Ykb3k5wSDRof5xxgVFoDM07mFH8aV/wJ2+GVLvqiO/ScTjMiEO0KOtZX/wfeiVNAPKgQ2i6Soh73Jk31dfElM9jtVqeReWMWM8uP1mREjhvnkiTI1Ywy5U/eo6LuYy3lHEjhdGapLWecZl4OBVodB1GfTAkjJfJQSBzisx1lIWPTKlSqAUCkELAGQlb/dDmTf3TrrNk2xikPjZumEbEkQAMvOxBwRMUJApg0LTr4t6iI9xLeLxQcF6ldTK7YvGVybOCemceIXQKAJjFy34avMzDOQMo4D0fTP32+gr77KsW+WsUWatxI3dI+eo7eoaogYz+7EeHG9IXrOKhRYvBaN8S9A4TeDOEAtIbtLKWppov20yx2gnfrea/ZopkX8AqU9ffEi+VEa5FmJCAQr/Sn0NM38mj2Kw87jKKsMhl7yGhLPLpU1bEmMtj+jhY3MdZybon3c4idMBx+CIUVBtQREuw4+28Wl+2onE7emMRFf+sSaIY/dW+rEQuU5W1TOj8ru1YEBF9ukmvrCC2zNJO64b42FVMWV4lDSoMypvhtoREo3EiQ3s+F948qjg/ZjlcXU0ZnWO8AwEvF66EJJ6Ig4X3lfCUYoAO2LUE7Z0MNX2VCfTGHjMdoyHuIESFWFu1ag70GYyyI41mn2IQMthRz3Jb/A4TN8g4xhQm7nJ0i6QlBSNuLpBYmh10BNIip59svwFSfQtwIPWn/9QOGaTV/yfbuhXHLbi5sPv53u0peWb2ShUtv+d37dOsbToUL21pLWLLIx+juScz5gus1N9OryITTV104gEAhfpbQFCUbYMhyxQ/USBeDGb2eMJs7il9gJ6Pu1u8NjBTYEkVbO6/3AQbsBPbOAYf4QmGt5wc9JkPFPquGCjq3ydKlBGF9sTznTUf63iTpBlt13AlZNacbVH6RQA7LtiYZBYUTh3rXKyEpf/EfhxLkw4iqh+/IHak4S9ZR7XBCPIb/kcIS1KM65wzqe+kes4r9twOPJW6k+cg3kffzDowGBac7Mo2pNfjql8ypLtRkABPeB+vz8FJHOLCMf9ZpBQJqFmmrpT8NQW5+hsHQ399pv1Z8gtAf8jn+sPNP1hOR5BWN3cNMfHSUK9NxsYKZv4lDKZU4rV20fe+5clx9qQgX/OPzC8H+aXPhuoolRWhI6ha/E1gKFkwevf6MtfvdbFLfJ6cFDidv0rVyjE/xkPIVVfaN71v2UkJIJhEMza4Bqo72+gpMRk/n0f5zyi1+TG/KlGTZWRjaKBAy6bvV8GiGUrURncJQvl+AbZd0OVqUFvvGA4sgwq4HB/bih2GtSg7uRo6keKnOlnZ6kQSBE2Zv47hnQF3J+C3PCgGBQHmHHSNtkSs9gHQGEpjcwEgIT3We5J6G3qpGOdQKkKyNvzKCEfnrD5nnxaBKA9txtYkBLqQS6AoB5jZP0eGmuF/M4ASnonzrdfRz7VhPznTE3/P4GlYJhkz8UG07L7EBFXm9oQdjaDAV0CQVaSFvzrPqq3PNahXzicOazStmmS0z0TzUXwcDFD8R/h+AvyO4I4f5GnuZUBj6u2NL1JTUST30iXf2/BncPzDKtUcRjXQbzWHH0U+NSykhk/cupo+6L/MUVdY8Zlj1WnEOdEhK9B5SE1S/C/qGvkrsdW3bvZp+D/mCb9nLn+ivpB5zgi5QQC8zO51u57plGeLYnyNrHcrczFg9VcMWlp99BMdexACtM0acqALvfSw/R3OSt+jIf5mzri3xskg6KqsunTIHrnE8FjvqIVsKUR0bXXpvvxs+mrSkiSsTzylJ4Aq0qPKwvg3vDDWGuuTkWMZnKJrOgE8f480xXAi+LfD2xwqGHOpR+2UckFJ8F+1Z6OBfmG6ZpYO19mwYEpjuE9EsGH311D0NW6B6S1AImIUtnzrLx3MEV7DupMUVY2onq6N521/OYB49cj/ttX1W4f2PVp2B7eGCn7AZtCJAiOMQ6aQ4SBE4hQ+avuCxGiXREGqNZLmqlZ9vqK1Okq5MedYkb8M+XYYHE8/zDdNP1wt1mM6hBF/XXatLq8O8AfXeVZfBKK9g/eXc4oip/kKlZyshz3TEo/VUlOLxj45+foVGmKK8W86DH0RDCI2lDopkj6gETurbqJah/wTslE43yCBpGX73tiuKfrYfCsLF/ecLAZ+x09+X5f7vlS0wmHe8jYg98ON1Iga/Qc5RO3BUTaFrMJm5dbJhCMr4Q5gbIe2OBhcrodPZCYAwFpYDdBkXrjY61flT4uBtfc0ZE1ZjXA8wvAdkYv80Nea54Rin1BsiWRzRbJrZdHKbFi59E6k1dN2PZI6JrEoBBTEhH5IDq6G8flUow+tO6OehQM0JHjczrKfmIrWGtXDIx4SgFQjUxY1g/cWSbUD14MF3efLLl48kcxvRjEpuW8K1OoX/7JY1eEKu/yVKFjBvKAQLVVCohRXwXj8Qh2/YezvPIc6ZLxuSxgL33pPBKJCOAb2YfAk1OA5DMxlChz17+ndc1gB7s8oKBoAPpRZBCcENamccJa8ykHdYVFc/6/E9sY3PRR5DnQQaKOCXmwL2fdj8+vHebwk7vl5pRMK4R/sC+n9OsinsBYhb+Upr3KIShoAZMlETX4R8zDCbEL4tTTLB5TZfTI8/9o3Bv8K8aQpYmfmaDQ28TIXi3//WLuLkCQF0unI2mggP1rCSM9ADuempbJiNbTnpYdb0KXBDkWHLq2kExXK/DpmXYKXeZHz4nidqiKKReUHCShQiW50fSnoWtkY5omD07aaRJv7C29ynGtk69mQDA5xvyJ0keCqfDwRNU4t6biSYH/9+wH7iFOUC1iJBpel9uNLU00TlImPo4wX926OqPVA1JK06rCvxQ5kJp+8vfNoQZSpJ6WiwlTFjnAMqncSnmGY4mn8bwRK3JNItWzsZGnPsslVMFIEI8osW/xeeFBgq442IINSDzvLt9e7n57dw43XdWx4FXuiUhaTrRSwGxaxx8YKkpIDovn3dFqpykhcufpvQtkhV67lfpZT8PU8aC/DismC/oEBAXywckwzajOZf8djoQtEHPo9K8rKXIG7pAhBb8dDAZ5G4SP/MUQTyl+S+fOvUQijzPqiMCjWA6I7mJklSbqw7IRPlGkRTXGP8FshMfrze5WqStibyZj4kNjQMsRssaRnwzy0+xy3VJsOAT9dNIfmzPGo4vQEA/LIoNvKD8P6IgmRJCA3UElHZ5TMag+n+a36zJlFnujQLWMia5TTbFfdm8QWDAH+LgfD9EKlgcFJ+UyfrmZ7jUHcjIXz4j0gs2lt6Ypm2+wkBOiQDyRuOIy9Y3z9k7v/zR8Xh22ggmS1ZvXpC7n5pBBeKwkTve3Tn4Gz8fyyduOWDD7pVfdfkTrUgvjzttz8ReU9Y5zLfUXJF/7CuR+qaJFepBXZ7DEb9/7KPF0mTIWsifn6uAAPCII1Vj4kRnOnvh+BIBuIXx7MEpEKFm2J
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca1f-1784-4b13-952d-40b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:43.000Z",
"modified": "2016-03-17T15:15:43.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-3b5e90ab1 94643.doc' AND file:hashes.SHA1 = 'c8b2d780975de00eca7d01fa26c49797c6ab632d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca20-c958-4301-81fd-4cc8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:44.000Z",
"modified": "2016-03-17T15:15:44.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-3b5e90ab1 94643.doc' AND file:hashes.SHA256 = 'e5adf99dbfb6ea81aebc1866e58fd137cd3eb164e9728a02a0da4c5eba63d92f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca20-2438-4c88-9f55-416c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:44.000Z",
"modified": "2016-03-17T15:15:44.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPZ5cUjsudDfPyQAAEY4AAAgABwAYTRiNGI1ODM3MWQ0OTQzZmE4ODAxMDhhNjNmMDQ5NTRVVAkAAyDK6lYgyupWdXgLAAEEIQAAAAQhAAAAn0g/ckGAo3hzdsOnw0WSmSSLVpjf8D+cojoUPLsq2ms4KitnoNbIsjcHGcrAQ3tvEzpX+4SKCnHkeRQr29qGkjjCHBEb5mXtYFRFK1HR6PJNIdxq+TLYYcn3BNS9z+OlHIRsswlRlxqWLsnvM+pG6tDm28+QyZYO7LPPkIlnstuKgbQ/C4SrFu+KAJ9kui2X1I9bIV4b1X0090Xl4t4D1XHhkU0NWX3BhwWgby9Tu8I6V2XZ7EkgZN0muFGci8QEHas1G18YrtqTpojT7XCzToMI5unC/89S1RK+xInl0KiMefePzIGd/NvTR3+ckFM36rLubO9/SMTI1p54Y4ckUhTc1HKtphW9gWYYLHVuJA07Mex05hhA62/4+ttUx+OBn+qyyuTcFmJiwD9DbyVS+4csBiDIBLWXrPXAfTz2DIlMvFCR+0/KZcBmVIoTxcsC7qf2iZh2JO1Ump4xlP1Etq9aWQGBoL1cxi/NpyYSopgiXk5sf+WGBH7vWx23BVlSehBCwT1N/nMJ79YZow8Aj+Ko74FOU29HfGPjryygqDld7HPj/bjPa3UGw0Sw+mpilvGj+4ZqA3wpStGSfInOsCLktPPDZU9jKe2S+wh3DHYrm5MsW8NXQMYayF3l+B+ACGLQgSBtjNCdB+4Bay/XBwZtGZ/nrIqYiOgJDnOt4+kmV11COL9eaE72Re25rNlevBYyNDHeu9oqV3MpUlye61wWW+bEP6MYthbNbpQmE1MLNvi3iznBs2TYBhAzHyQxRPSzKVj10+4vD+A31DVQ3DZM/B1gEmU7+hH0CEO1oThfxYFuCF9NdvJcBuM8JWnMyGVLOBDdHfD/IeWe6/YJ6Dmwl0zmliLtRs23UfmPDpP83vYCeQIgzzyycnXNxKqvHVy7iQ2fQzcgSBrUYSGgIa9JSVoWBq7VldXMArnu4L5393WcoiyIZheiH5h+nax8xRslyvj3Q9Wc47/6PdExtr8LU8GRmaZ0sr86fPDhzlcFKSY/l1Ta9E5hcRgkaKtexyU5ASIuGEFmoDTOO2Ob5DD/rar+rgVJjIdup3uFJDaFOPDTb27jQq0xR1z5cVllkHW8Ttk5eDRNBldY2KOXM4m9wwN07a55a091GShij4LrhxqLG7EkSsjW/lvVZNuis8XKYJiYchb60cMveOZedJPItHIL1p0b8afpxCponGmJLSqnmYul+rqcVGlF2rixcfLcmuYB2oVExI6RBFBalabplaOu4TcRymUqY+VY74w9XXBgamIX7KAUffQfB9djeM7GQozJCH5MZGOhPHgFts7xrk0AYAiH4Oc5VfQpV4TUaspXhfl4NQdVtp0pHRphZTG74FBfIwD6FjuH/uXDgK7y6S1wGRWdbvwAGDpesq2lL5SOYQiMhioYCmCZXaTUlEsHCLZTw9tw2VnZms8XNgdLXjXmfWa72xnqdrH15HOenpRju2Sb17BnfWQN+AJ040hCCD0p0S4WLFd73lEr6POxF3Kdd6ifBr86CVJI5UAhV9GwBiJhlM4sMkIIdBLzziRbbGRsodHNfUd/5xUYS8IlcJHx/wQhM4XNXjGS9znPTlQ9E5Jpa427hrziG6IUHrcuCS2iH3z8kDELiGM3h3eh85ZFe3ptYMat3yPJGE67JCFzuEu+Swxy7tSrH5yPQ5ELn4AObUiOKTUfdaA41Uu5oSw69MB/I0tDhgMgi31RPdAdUPgSTENsnCIEqEcfyio5AiQGldvU32BlcduGZ1coU6bYvtVJXOZ24ZrdHWE5P3viBbmz2MSsjzpqHNdkSxWwbzv72dbq6k0I/UhWYlLM5SzzUvCY5eX0BkDp+OK8s+2h1JapPY2GGtBa1p4GxCQQ7+uxXwSeubF5N8ck3p5c4o6Dag3u90zj6ZIpKetnuqR/famoYSrSIlT/uEATnrRhQmv5+cD/+HZYIAN/lFjhyIwDNQI3FRcpFdoauVlpJsKJt67yXX8fB9bJeBD2qBRbvggzpUm/QbzzLFx8ehbym9DWkPayDx6B+Lszxw6vnGWQ3WuwXsni4icWAYusLCIKWPuwpjakf6qTh+PCiMB3gEhDREvNjEZg1t2gj8oqBgt+AKUNTdW5HGaacC2d30GCOK+i0JgQmqKaz9bMmvzlZyArQtgSSlJL6WqvoSdMi27VnWdmuHuSBaZYQfEASVDcYbmwp1wo8ExZyj6R1gxwBwaX967yk6ZiDDVlTFdKcM7cBDrdtD7EUJGi+1XCDTbJo+KbTIi0drRfZ2fJEBHg8fwJguXh8sqylJMUooco7Gg0SHwK2BbithOKJNdwGlWhbaDyqKIPXPWwNEk/1h3apRo5SA94mCMwL2zT8fR/jf1G0S0t/mOHiLR9JG1IY4dSkzxw4m85E22uCMfRyiCiEtBmb/pa2/d4FPU0orb2k/LVF5Z6ktEX2xQ3BB6L/BH7TN/2VrLJ4PjNvi/dAlVsQk4vUVoc1fO7yXppgFzA9iCfQacmjX7u8MkLEJ2abB+Znp00x0BUzNTKPBpm4O+rt2s+D+OUT25bUgDDMWM4yODGETIH6Mc61QKwgYs0iw3Wblfgd7a6CJtcweBbo2LiDBkaisDdcg3I4JA1dNJr3fFvyR01SnN3aOfWaH9VfKe0B24jOk1TI+X3g4B3K4ZqC9PosIuUESyhcMNpSLXGl0e4/hLs/9nUSM7yHoyZ30dfRjyD2sNrJ24aAY0TeVILVmZlL1B1lQaA+LoPdjIc58chcRY0lmUBlV9YG5VED9n//ysiezux11Q2OE+bhPe617ejzr5K/qOiPMWP31B8x96e+3Zc+JjaEf0T3nloffox8P8+laq3vlxd8TjM7hkYZzaQGbmplim7qQ9bBSRjt7uEk0RR9MVzjfpNh2BIGafvtkI3liPOEsiirQXcK5rYMnFsp8maCI0ShWzF4zZazdgoievaFw2FfDR35z9+SW5iLu16B78xxGzgfrKmga2S9n4/tegpt+cYo9haL0HwCzP3A0lwY4tmb8hK/dYSYw8X/M5fhc8jnWyqV2nVxNGlFvNHGjHCn7B35TyzfcIdKORVttSZ45vdozHvszOfjHhjfR8ZWlG9PmUXCYs4W9FL+B6kO45ZlVEeoZrJAWfIgZDq2KM9PMW8otDwK2HIJ8xrA+WODSFs4TSseDBnF6oBD2vjejDM773UdzRVMQZCiP0O+reDwH3R8EIN5V+gOYXJuQIbVbEF8283WjrDd1hYryU72txH8j2KdqExNKZKjWlz09eSJKaIoC/eV+3F/gbLgJdh8IATAtzKEJZdKsNqQ2HfckXktIkVlzkc9oEw2W562FCZtz43ZSzp4Glp1Ewo99dqd9SBUUjmtXQZkjuLfKNkG2i1es4do3GiZW20RV3Y6Pr3jTPMgoihre8807DEbhg3DBRxulvD4MdnyNksbKW6LlUbJSUKumxysWx+v//4asKlN9JLdDQPq6MD9sbFokG5qc0oJyQ+Ixg8j7JeHJ0MjyBku76D0xKMvkvrPmReMkBm0HRsPlHIZQyqpw54exNHtyIPicwQcqvBB9Yl8IqpJ2I1LgZ2kB1XJOYSN7hpOAxUltRrgPZmGki/JeWcg6sNfSYSyFKQOW1Y3hyM8GA5sglNMO8wd7Cz8NVhFOIbdtt4LndMsElYmYB+k+yhjWXhzguAXKlvSnTVXWSIk5nUPjQuIRaLSY8LK8vHCu03enQW7J02oaLQZFXA9N6OijN3DBa9bGqeBGZjuzKjSIzjFV175OBCNX3jCs3H1FDwfB0gILKz+iYZgss+yJlf5dT++md6LEFYWfyKuEV3tjHH7p5GvdEY3d8VNdpBT5U+Zxo7zt2tG0AnPUGh0/C7hANoqBc26WC+KXPLllVyR4ShwTGboG0b2yxSFuWni2wfCa7w6cL4OTLx2f2HGJmWBOpB9HEp4L
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca21-e514-43db-bbb4-49b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:45.000Z",
"modified": "2016-03-17T15:15:45.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-3f4ce6d6 2796.doc' AND file:hashes.SHA1 = '30208737d5ab28855c0ede0a5ad1ed5a5c0c7bfd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca22-8fe8-45e6-8895-4814950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:46.000Z",
"modified": "2016-03-17T15:15:46.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-3f4ce6d6 2796.doc' AND file:hashes.SHA256 = '21cd52fad698b367d68a19c019db8827e7e589aae4d1171cf1f69484c9df512a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca22-468c-4311-b4b9-4d02950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:46.000Z",
"modified": "2016-03-17T15:15:46.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPd5cUg9zKdAQCQAAEY4AAAgABwAYjk0OWI0MmM3ZGFiNjg4MzU1MWYzOGRlNTI0MjhhMDhVVAkAAyLK6lYiyupWdXgLAAEEIQAAAAQhAAAAn0g/ckGAo3hzdsIm7jYKRjEjOT9hx3SbJcDndAKX7jSUWr8mjwUr9GiAikHK4oMqbb/ZP6FTv7mNdsGyx69nypO6x58BtKRuSL+3/Llrbs+iaQn+hUvMhetvyula7SKjdqqCt1HC2xaraSkNLcXHc9E91Xj2ioh79yxnDxFPmVY4JGsStT7auKs6y084Ubd4N/JrhWsO6s7Zjaak7U5yXMzTyIGAUzTaJDH/c1hNVDiYmAkTUF78nl+6b8g+l8PtwcCESfwYcodXhDZoH6144wcjpOuZEFnRAFm+L7xlsUz9k/DayrE89e8C0G/CVIPmQL7MZNze40wgfFgXVjfPJ/yYPd0X1SBK+XCOi+/04tMk+uxHRbrNTsAs3vR+t50KJt1c0f02Sizs6J0LmY2+KV1so+q0O6FF6FcjJBILYbIfajNGSNSBHfSCpXMFx834zx4pTDbf0hhyRPYTegyuE8Y8qOK6WT9RtB1wJekmXHuRVPGTluXAVhmYbHe7Af19bvjL8LpP3W7cpS7RB7zMYEuteLnO3w8OBCjfQpXRlpxxict8gp556++r/RJ4rIdXkAX7kmi5/beCwD1DVw+Uu+7f7ZF4SMr7UwGM0Zv1XkOrAgZLjMp/IYtWsU/hBPjy/E1QbSvZYRj1Le3FGvKWdBPZdyzsnaFbaGmelN2ixFIiMwLmQF6U3fHjqDHB1xRHqQi2rlEXl30+b07Z9h/Rr4q9x7FtnLi84p4YwMRU4qlEiinKdTbiptmTuH/B8JMJPyDbCgjXGuhAow2wu1MAo9TKFU5YjR2odwLADlY7GhMxt9yztc45uh5hrbj79ZXYwTooJwB0V2rM9WJZBhZE9mEO1nX7hNNvK2JFnAG8hkjbM+9raXrYnVmOygBlYk8LddxQ6nCxWx7KFnqLXNWNmXHTGqEPPnux3yd6pnxkHxU2xYAuVsIO+jYEPjdzX0DGReKRi2iwtWP2qVUkolLcMkgmql8vUxwMPFVDYTwXoGUk/6woTYDwzDiOr4GgmXcU3ln/N9khIqyn2KKLB10Osv3k9cBjtuNGWMBfJhTyMevkpe3bzPj9skRJpdmL6lhWhNUN7IqtSZqcMjYI7WWdcPLKZQfVWG+P6VW6u2XjwejtYflcoLzCecPKkLc0ujdMfKaWIDXWcOsPplTbfmdBDYmlGK4BhQJWy8wJCmFzWps7xau335VxKG+0h0JiZ3QgU9FSDaba9qv42ZAY+qZIa5d/yA91y7/bOQI6LP9eUBFVQeCcj4sL1Hd0E/tqwMJp7gt+7GTlmmZRrC5kfuTwfxAMwVxW2TvC1D36JN958MLLiIYIRb4r8fDuUViefincviuj7F8+pmpPlsDkDEYFULiAcsrRYUynkls2E4MSPiNX4f/7b3gqX19+7NBqAOpG/M37g/rgXSD+JmUmgns0588cHTgOikzFKoq1HtAeU/D7LveHim5dVqGP5BvLprSS6izq7Dn7zX5zE6Gwxn1BnEz/pUoIVJ0DdFWBWEvnLDnASSbyuPsizLKoSF8f7OqheNtmorye7UgWtm05XBFr33fsrga8QYEgT8XcExei6fHXH3YCZYN37wBme2XTwaJ60cKvwTfdJV/ICXzJPFDWDarw1so6cPYRCRUhbQJxaWZ0FlRlun/qOnS30ees9wf5EtbRza+qo4hYUlvsJckkRjUbtqodu3IRQuS5HY/SPlbbjpcpKGapeFJhx3S2TF+JBaSkx1SpLXdrPxZLouHpC2z5jFn2fhUW5s6dtcaZQSOAqBtHExNZBXXQ7ePca+fTm5b69wWAplpVGcBXzdMws9rVG2ggLOhM6hgcoEyf2SQSArvtO74O6bXX00we9tGYY16rZ8icjLY/3HWvoiBqMDZeWFY1S+uKhesrYuUWMMZCf2uk0hMnPSmcIx5T812X9lineuPHVsFV6Id+/SlB6tZLzQ15mT/gHXXDey8oL9UzzMN3rRs0ceAQSUs0bLImyLhNXdHr6pBBH7d5om8OxobRn2Zjst+vtv4t+284i6mgeLtS3a5zeM90pIF9qNwlkyrELq2H6bAHaUf+9dsm0u30QtLIpPo3AsMJIHhPgzoNRk+WviSIUAYGNC6BOjo99fKzrPbz1K8mKWyffPwO76GaKaZ4iWrZIScz7xE/XPJavyGGR8R/regzvHZOaEyIt8BxSPxdWgi8pFnX6FOhEiqVQOjcy9UMuCXoro3V9r35T0n1DOESV2mCExFszmicqeAxYVadFkm/H/4OWfnP3P+Y1l25FZkSVt5eHCCYPdZ1nqfV4KgFrqKfGnEe0HyudWxDg4frTf/+tpNkbRNVkKOsHyvDtrk/Yd7YHc/splKfttZOI4r2BasWxnMZVNqtlpgzQpTXtAYMZnhGEbDfrRbqIuTeZmpKEOoZq+9LiIkZVWGubs9CzpM7UwgxBBYnl9vmI7E6o/84Xp6kXAsXTNjv7xBJiyeG7JUwnfCYqIwxFZcSWhkV3SND2c0BzBewOGQkiFq8KeBaCM6Kf2amCKjkW7ub0wdeHyfVgEUDJMW2gS4J1xyi1Lf4WESd77861qvFEaRFhXmdQxjHmaG+lHUDEScgUFecmhKMobEip7Fbnz3f0cDoHxxrpkQLGaULtpNmaxEQAH+9zTBGzHld7pqPX7gFGAPF7pJqXzZY0EkQrbUi3s5CO7SKZInJARxE5Huw6/I/tFfnWZ7CfahwqWSlk7E2zLo4vMoV4I6g1pFB6G9UHUYrOEUeCMF/KVftyoydzimw3xdcxmtJgLWS+3//GoUUabgMPXfN8kd/U9E2SEwKg0iYz4g0aBevpaaozxmE4XYgxDR2w9YTt4g5cXKB/p2XyI6Cgzr/vGauNXwSFie8b4ga/9KQd9+EB1DH5+eiSIKc716515GzSUG/tftBdtNpyy04zcrG3lf3lIZmIWwQPgVDwFHTFmeYOpJ2QhdGfvM9FSyFkT2l3QqOMDJIROrNeo1xSjPZzzhkN3zLTPO6K5ZcU3zIewOvpYmiy+z+ePozyM0EMEhF7KyTQ9gfFuiAWlkmrgl4HDRuGw4+I4+bHPcIBDDThwyl9oJd7L+Yij5c070wU0tn8f2RJ3cJeted3aFlCu7TDpTH3SrZHzT0tdQjCuwhx6tY5GxRODuuAxkNpxxjWPuIW4s7Yy6Kmi+/nAVciC4YYkAQfcsxshH382/0a4T0/16ELTDQQACjoRkZV9gZ8D0NPZyLk6qp/NY0Xnw43R9Oga5F1ABaIk+2xvFBKRQnxvd1V2Vs2Lyi4ppRZoX3Z88EUSQ3UtHSFA/bWXghfMgJd5kG/jNBpo0IyfREQJe2iYa1b3G+QaMUhlb2Wheij+1qNL2vIw5oMDvQxCFzRFpvbCGFnFE5iQmN/jU91RhOJIREp0uE19IZL+f6E74MVFc1ii+LTEa+JxrfaPUUmTAWlJ+3Ke/hrbCk+TOQI6dZRH0Sw138t77wO1WjtUi4oIvWubrT1ZWlT48SykOEzj77EeXKQwrfkGR1m5+bIg3vcnSTaLQJgvMQCOvL7IpKAbht5NOg5ckTkY9s2BPc3t3LGZ0pSq1sTlIX7sQuZxM8EoI+IvM50suT6X2Sg4QieDJhRDvZxfUIP0C1EcNjCKG7GHrvYWL49/hHLTpFM6/UMo/O6DA92wHRzcU9q423ir/ihKhSnKBF56641LUNLvfwEJY2xNVbBGNV8breFBgagyY05EUSXRtq++9Z2W96zSl795gt9MFh1AEyGOYFtJ79nQVVqt73TXxANZ5HqtgS+dbvVzhFuVIeIpIKaUqxs4DyFZUi5E5WVGNMh3z/Fjp6HTfGzem4lD14SnzkKyZyJgGsxqqaaRTpHX1Qz3vwY82i9qtzd5PGFds+R7kGI1lkjNludY1rr/h4EO18Ue0jXhASblx8ghC18CMJCeBkKS
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca23-6fd8-46b6-a10b-4520950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:47.000Z",
"modified": "2016-03-17T15:15:47.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-127dbca 998.doc' AND file:hashes.SHA1 = '80f8c9204949e1ff11dbad4821a6f7e400baadef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca24-09cc-43d2-a67a-42ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:48.000Z",
"modified": "2016-03-17T15:15:48.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-127dbca 998.doc' AND file:hashes.SHA256 = '451c28e505b2051c630914185dc6c2e0460ae30b219e02fdb6e7990935bf6981']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca25-105c-4a4e-844c-4da0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:49.000Z",
"modified": "2016-03-17T15:15:49.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPl5cUj1LD+wOCQAAD44AAAgABwAMjA5NjVkMTFiNmNlZGQ2OTQyNDFlZjE5NGE1Nzg4ZjhVVAkAAyXK6lYlyupWdXgLAAEEIQAAAAQhAAAAc3gmfpXfy/2JMjvQplTZxHZaZG/vATCkcOAn/otNTqJoWS2Xy8YUiVjs10ESoe0oHiJQ8GcSGVYMbMi5UAbEeBhsdrG9tTT99nDnhplJ3b7tHZzuEbHADJAoZ0DR3JlOoeyjAeNRUPBrVCtGt304M8Z3VZfXPPN8nTMm9KFeQZGoInT2uP4nwBPaVkY5IF8NzUsLNtyEo5YfU2syjFX0TVBciSDEKrjdRRc8oHGzUbHFpPRqR9PeUqQ20wHJQIRA74EKWL7V8A0idE4mVisJZHtl7JLyIWlkf82uLoiO2WyH4jN6XFaL7DG6n6GJC7i9ebNZPnbNPJ37E7Jk5BVV9dVfafI1R1KguMxbLEtZUdGDxiJyGFdah7rCu+JIJZrsJbeQdA4bezBu7Vzs068DYY9YCw5QGJClFnh1cDAKYQ4Zi/WC1ASYFPGdiqpeTf0Aj8jVT+sDvbTvQFfzhUNk1gXjN0/xPLW40uIC3Ed9+wyKLpmzhUpMzv1RaSSpV1cSB67P/7/xwilKImidVx6OgiaxPwcplwFOkuOhDziWkcrvf1Tbu1MTwcUZ8B75stxIXKZUTgaGWj3rGp7swqVsPmjTnI6D3b1NVm0rvChJ3sCG1UIvDA1t1qzdAPsUNZYmy6+u1aExyqKVJjal+JBo/QFuVy1R5uiGMjr+jYJbVopvr/mO+qIkrP8qriVUtM/lHMxRCZ6tcOIJnRy7zmDK2FWOsJMDjqvLQuRld7OJAFlz2pJ8tQpJxADJRDa2W2IUTzSKMkwXTpVAFyJSZKJjAAcJtT/vcDSkePegCtxQNdVXNelJr085dRUwF41jS9FHYMQxjtQSARYUdyPyWFYhIr9sl0lkz0rvF9m9EkTgWgL5z+hDaq37+0qfYTM8hUGAEI/FrPoVuTg5hhflLQyugr3W9bmw/0O4A3z+IxwsmiC+luU7XiMiBVxoy4TrZMMVcbLHFksunnS9CiPjgX2kASBVuTTfJyvySoXiHcOIBiwS+z2dTPGs+43t2XLK88etxN2WzDkcTClUY81gl1wW7RULVeBfGJT5sMxs6E5psuy1fNpzUNdKqEEVvu6zOQkQenChu7YD3TpaODgmbOblb4t4SlT2ZZ0rwZVs0/MToQE09r6Z2PBVkbrvJW44dAGh4cK11Y37GuodkFmRhdx0s3p7re1oY4QOsOolC8TqAuQz1tmLr7xH4YHglWeUdht/H+j9R+iiT8i5Jq2wVUTmSAwK3xAkNfXgVl+E95nJkXDEm4a5FV4SPciCKn1jpCVFMg9F+21Vzofdxp3utL6zv9qO8jCC4cfbKqlNsmMXXLQqdkArSH2x4zY9fGEhwXGEd+dJfyNelRT1erxFduqgUiUVqUURafhkh1CY8a5TvV+Bv6JFSlCjlys0reCEVd6PYUkvGUY1mqgReQtdeBr0MKg9YuLe+MS/uQtn58UIfT/laPadCnrceA+wYw3t0pkv7ikUzyCiUpxPyGujooldSL0Cjtk41+Pcu3LqDQhdMreeJPJTLupNzO3ATbK3zK0+FbBvRToQ8j8dAwzMIVDhgneqZvbXMDvn1nGTsbBPLgLSDbUT9qqUI5u+c6fd7txle8PJm88N4OxV7o4U03qXK5kS8JrPTl8BRuXdKg9fYwo2oPNYBTGRjEOvb9aLIJMBnErb6vWgnMxoKGUPeWEh25qqam1Hym9D5CV09VmgP8a8W+SCJ+4AARElqAHilWxdM+FnoEyR7HKn7sxrviL3RhDbPckJt6op7Sv2/pTxiQtha3B9Os5jy8qY0OfUrFxrFmQoShFArxKbqCihkeog3BzQ1zgyIvM8+XBjTf2dQiIuLO/1l034u/qteGxT3HQl1gRrbocDgj2WkCCH3DFq8CbhSMSGrrpNVODBR6mSHid/43kSsenLYYD85ls60q/tA/TD9xdGrxqcBRcyUrsTp5UU+PhYSoK7Vg7KqDwpc5qcRWN21S8zp5dksVfc9pEPYUDTAz+t2Q+qWh1VkHBwt3kO5qzrf3MHX6qUH3S6UYZyvKb+lGoW8v7ZiavyUzVtoAAXnUNV88aeo3tPvwzne4/p5XTAic80dwIkiOtR+C8jZT9J0J8O3cJIKQC1wn1vLUHYZlkxXHle9mPIK72PWgZf5ejSjJEGpG27IyVKhjmkmPB3GWoB8FtsHOuXsFJ7aHuL13iCNMRQyCaAwnNEu/UVNuV9gjNkf0Dgn76W7JvG+s0R+oKoUhM4Kp3U8pIjRjlLjzJIWuH83Oy3oEiY6tkmkHUJ4z25ehnsPQJowQkZqCvRISQBWNiaPlZ+eD98j8dPEUtcKnlHvys1CeTiwsIlAfj2AmSP1ZRtSxRfO1ZQUU2ZVbzVObmg+ONyhl59u1MG7qHT0xWQmGzQTFO5SFhqI/va3WZjAdVm0voZp6khE7coA10s8O2izL52bRokAHTGyxuCeGdexIKKucoKcXNWs4m3QF6SwSc8VIn4D718vkNXVJVMlK7HclILxdOXWdTwWLzoRhVoO0x/RuSjd0NOuCkBt2MyLIHQIkg9/zox4GhUUtIqKVggQEIMP7/tLWA5dM9GdrCcK9qeCreoE2+qAoJ5ACG5hAY5ska92jQHkopuzlPg3sRu3q3Gxt0+41A76pDhBz3nISCrQ60Sr0SLTVUsG7JJHZf/zt+8kMLMBLqN+b6+N8s8+3asM3h/gF/Ime/aocuf3q7f/RTl3Hy4Kjf80udpFXgr+CLEulzdcUMjL5BhUbrmkRg5xcTiOp1J6FAgV6DjaUgJePLvYwmYBCtO1tF/2yWi3iEBWpyltyMaAfnbKdGZUNlI90LSZpOiaAtR3bXFpj7aRpD4ZoxpiNghh2DsIiNNTd47NO4q1hvhdUkeRhU5LXG4/aSxFdn7gCp/TIr+MWZrv1gKoSWVzU5aYluZa6xc5VRNbmUlWHlc9qe8QaCHSZZRUKg/Ihn3l0R6RC8GCkPpZxxERN1v97L0w3maFy30d5cOdCZ12JqxklB8cJc80v8qN/2iU+eaZZ1pOKVQEwIwLHzjV+sUmvkgyyASeMApW/GKU9jNyTENKdAxvBwkn5+8MMtTWQ2NvDVrfIPWIZC5FM4nBAublo5zHJjczHiF7ZpT31wwfQDsgoMsc6dHM31YHAbckqU0fbF8nGFig6zlohfc26ZmqT96qJBM7k3Sw6r6NaYqTD3YwJ7MvYbXXDRItmJ3OJLSQ4r/VR6uXj8EjCzQBktgChKNruUkyC4PpzH+L4AzULuvhnZgGQ8VwJ0sO6U1mTTmgPYJEl5vyTDl6cF1slRso3+NbYUWOs7mCL5uvKqRaiW9vj7ORLIQNNgkCxwhnqQIp9icaLyr+QCxAfXNPv2uhKLGgB/Gm43lW7hU17vA2sb8IfOa7T9odH3x6INcATL4cOEmH4TQO2bPIa1jkePduty2/wG/PZYbyltvVSEncz0pJkkvubE0LqTo4eV5+GOqJ6jHi/xM+hCstf2vP8o27pMfupSAvVJNeI1EDLe1cZjASL3F4hxqLPDoN1sTW+uB/FaC/SPXVGYifCUmjYhTqVBRhf0u/N94/tGvhmtUHKmsxEiGJICiHDaQkzTwIAwoVn26pUWU0Ayrmv8CUyXJlhdi1CgvzfinBGvc7xuyt2QZno6igCs1m4x1pu0BYQMAlGJiLdkJ1p0DUWiLAFf/GOrtI9zKyqE/FFVlYQNKDdF6t6K1X6W+rGXQtShnTyPGD+TdzhpcQWpOxq1wVSmDO+c2Ee/2waX2jGZcVAjselJaV6BQo/3daQ3xIbDFuocpVlZkeu2VwBheV0y/ojAKrPHwqWsnBF76jH1Xbrrgw2ipqgSbrCINqJJ5F9/+jkp3jrdcvQoUIhpUW/Y0ckDHYdKcXUXUnjaung/NcR9DK9KviqODTnALu/7A0rVp+dV7lU7FxGe8uu
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca25-efd4-4887-93c8-49d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:49.000Z",
"modified": "2016-03-17T15:15:49.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-146e28b9 738296.doc' AND file:hashes.SHA1 = '72b4e1d3e1afb920e6e2c4f6a40c20548ebe3116']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca26-3d50-48f4-a3c8-4181950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:50.000Z",
"modified": "2016-03-17T15:15:50.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-146e28b9 738296.doc' AND file:hashes.SHA256 = 'e4d827da6b65136ff92e5f87dbe8489fb42202b71a2dbb5a6425293e83fa85a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca26-0d60-4105-96b4-4368950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:50.000Z",
"modified": "2016-03-17T15:15:50.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPl5cUhbBuAgQiQAAEg4AAAgABwAYTY3OTRjMzk4ZTU2N2U0ODVjYmRkOWZhMjU3NjM5M2FVVAkAAybK6lYmyupWdXgLAAEEIQAAAAQhAAAAhZB01y12/bTEAruZnFP6kDztxWNkBQrOgPojZ81jY2shBLJdkenPMz5Ht6Rtii2mwXYMIU94kgOZcfh4Adp7A+ltZPX0mGXs5XUuBx3q4WF7KDpIsHo3vQ46B2eT4cipiwD/4M3PLKYUAvyaJO58tSCJAMOMO0k2Wf4GRus+uDCYRgGk5CPM892QiXBS223HY4LNV6FP6TWdDVyxYEUPwihOiUvnNc3hkhCPHRXRwRoD+KAWuuLgrdQ2/7tJ009oqYIlWwcIVjVt6SID8vtnBgMpNxcANn2dvhtiVPRRnfmgMVHyexChs92/R0Ex6yYVm7L3BdSq+dxhTfGsYA/dYNcwxQMmAygWhIoXOHb01+nxI9eRTQ9N08/XgQpsUzI0CV3mOy3zdkb1MRagLt0sGJEyqOp7Grc4/eMwOfbBIdHe+2rLjoy3OuNr4Iebp672QfkQChirwckaNnIme8gOn57EqJH6Ri1wcHqbkEtHabjjKRi+wIsh1K4++kjolB6unYb1EhFGOrE945bqn+tMtOSezP8oGJHtLSS3cdtUxEEU7vLLypXRX31DJPf6eqtD1Vcup3vyyIQi6PvPXyyjQUm35Oox5fnjt6NCIoSugv/B6cfTqRoQWi3e9FmsuSVK5vQKa/ThBw/PxBDInx6OraZyWeh3RaUiVhVH/Bm7GOJAcywdr7xADOhAMAGn0poU3XTSyhVbwfUFbfJj1ty2vcQaK3ijsRub4qJ1/fLQ7W11uHOxn7lUKNhRHoNxUfUwPuJDwDpqPgFcFLd5mGg0pOGp9nswdE8UIH3XWVJGpVhlO8YIulKTQ6heFUO8URcV7PEz8Jx498KP31NhALteOwM3U9CboMcDrHOLpzVvm9NqIFBtzKoBlDv06eV2F66q3zephj8SDC2cGJD9yxW4ofK/D6MSp9qFoirCpVXeeo6x28oQYCWzMP2p0E+Uf6w9388nl3aY9NAdgUjZKAYFxJmYJawqwW4gfm4okSBNqFMu8Ozp0D7lUsDyAO2jTla7E8NonkJ73li/5ZzFdyL7sNiLk4WM+LTgmLYPavWshwXVnwHASODKctrQkc83zfgGm1InQtm1etYLz0Rhx84QQ2FVtt2mkmfZtNu0+Qr7PPJU8JCoC6HetysPFOMuNyNaOJZ9H/uOpGzeASrxAJZZ2+7V+4KpQUzkeRJSN53gMS8/Py+EK9NTcm1cgegFCdUoXYTPmalVFx1UH1vqagzPMADr56Q5XKwuxhZrJ4G9t4+1zc2u6F0SGAqaLIVXy3c6SiYTIoQ+LODw1n9L960R/YWWtCKX19pNktO4cjMjm8cfS3lPiVJdnybhmtcky4qA7aJc0xMYJr4UwQ5kdpbDUNmGuNbIJh9iHu0bhUNO/1DFDdXkemyGyMd6RjuCI+15GO7qohPqJcjFLaNSV6tZ+n6+ZazlgWy/5luIH85V/ZPl0OmPLo/g1lgIoKJk9hGXXYzmUda1oqokPXTSWETmpM0IRVEGYzgjpe0xhE6J1lIsOSUdQzHBdtXskGQr7OYlge2RhjGD2qmreIVL5u+y6mD01cmeF9wfcgZHbt5OPxmU7aDgTsncF4VBV7oet8P5oEGOVGoIc/F/RIy6W3XXalf8OMZNBjXouvjYGrceTLiod5J860ssUdWSckoyc00LhwJu2vpRkJN5JVgCS53DKBEDuX/72V3dwN9BjEaUgs3GT180i/zoLw5qpM25kdZBkeTN/y9lNAUDODX9r/AJE7AVFkF1Om8FGOHvyzLEhTud4XIbC9mZixU5SK4TcLFMryFR2t8bt8i1ufZAnr98+yavOc3zsYMecUElC27jDGBg26Mak5Thd7E7stvJzmetJybgD32v+k2QADvJ1EXp7KENaQUeVmzAkPiR1JX1ueE/EKUMSDwofHQqR/AsIxiIc8kyuPTP4UlV+m+dsJcMhmydMCNcwgG6heDalhv3kWaWRS/emMcMed7PuwsPkoUdkofNRFpkUiLLpIrFk2il/80NXxSdTQje+9+ScYXSov5n24cj95kdmpLNqaheiVakvQvbuaQTX1MJxtR9oRiKzJsReGyie3EaQoNkxenePfUkUIgMVMeIiYp3eYDZ2d7aj7v02zSXXkWqk2YAVAvwiJEB6PZXyipemTQPSgQtThTKZTJ8jhrOOMIQNjRvxboMrBZhzkbD412GYS55Gk4OdtXV49Z5hBKLjzk1G32Ui/wdyu4r+ZXUT26dn5t6nPS0wqp9d9bIXkdaAb/RkRVz8Tdo2jnwsin6/dtUiXAz4l4qeUCU1AEG/ag/zQU+aSSdBEQ3O1YhHLKP0aCHTOJss4NgS8TLYYLQ8slMYj0OY2hvROJ6VZF7ltMv9Blw4JT0PSrYcZ8ve+6fKQYCmMvt3f+DPcOAqEHnXJpiYIFhVHtOgiDC7ttXz3HjAV+Xx8u4XJQWxT3lN5zO47JSHZRX/ET6e95Khq2FPcbesOYYYNJ1wPpAqQxHkRLQbLOlzgMOR4oQozZzyEqR5VfwpxtaWJwT9drbb1U81C9DX8PIfwbWTZd3J4XouqxKNIUZ7aIExMd/30/Zng1vLmYlyliXhpNQShUviSm+cEMUgKtVeBFpSc7V3hLsCYepayL+naQFdHZD0VCKLzp3VgHrr2itsigOMy7mZafSyMWzUlLbh1hLCMQPrd2rfiXOsK7x5Fl5M7F00x00rI1QQq+WB8UeHFTynM1uHDu0vVXmlDpz8ZTkHHmzXYHSHI4JAXZr6QIqhFBdM8nIrNEHSJCwbEunf9rF0BIBs1NQ90J0f8p2xnCECo0Y/Hdgo+uk1PxVISL+ZZLJ2NGkb7Or1TNEvr3XV5Xu5CwTWfnh/q/3HHLeISHdtduu9UjIKSDkQNp50dWFuL9EE4WslxhK2hcUKaRV0ZjTWq0E1vsJY4XVy8V/gq3p9js3YYcJcHnRbsrTn+9KaDJPhERH8pwd4lJ2OKZL1Z+kiqvwpPK8n3j8w9Zylf9L7ORQ7FBXV484zk+AaGp43a+q8Xz6IMAg3QUh1DwC6+QSzPEwHitt7m1bRTm6kCl+KhZQTUx8vpB9E6EzNMdoEAeIxFSnE0izFqjxYRGgwoEopV2Ystr1wXU187o2CGiOy21ljQ5IiYwREDlxj6D9+CIOU/BWEwrO9Sv56Wku7DuCw51G1if+A4ureLwZscmwI0EAs7ZqxjFqYUaXvUD8scqw2aMjlG+3A+qa9/Pnv9Ilgcd8JCSiyH6sFdBA0wR/VVoU6fBIKLumB2sUwJbELp5o55RRV4l5xDWNaUv3zrrDLqPKU7vuQSv1nJabWUrTisoqb96GaxPyg8StHRJTDkUlMygfhO96SJVlCxJ6f7Ht2lVamw3+fOQ2CKYeAkeEZb9eZXYj14IodKsYO6thUaJZSqvqlneEgGETdk9x6Lx929DacXn9PpEVHrSe9xE1xd7HjMtZo1F5gtERJ5/yI9EZ7EycnwpA9QXLpzsGsNGVyqeDGkm2GoA9jWtZgysx2+OiV5M1D/nUE7+6uM0FBPfxuI1ijSpa45Jm65I5gzgKX6VxvBjgo+k1BkyJxkS6QdvyUGaVwdFXSSXQ8kMPAdxuR1mQwBMpumsMt3qniNKc1YbsBqLIIq2DQT2VV/G8gYjy+gXtOP5jSuyRloIx6m/c1qDz14fjU0Xiib9cpAlMWtIcyY1k/7F5ueX/C+MqM32tSLEBE9h9kFGt4mtS/noR3l/CfpAr6Lb+JjcuCaZc9ACOkKleUy/p7fxNLujXSNSYvB5+LAoKdudBJSxqAOB8bfIyjHYUtcbJYkdgGbdO9ABhlyBOFd0T7vBD0xzVUTrSX+4K0ky8vBeyvWB4xSFp+fRI49f+vcitF9wAkmFZXcZ00HzhhWLqeFpMZ2TwIhbP7o9PQtBmIH50w1zXgDl6o5XIO3+G9t
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca27-1a14-4e5b-8ce8-4fb7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:51.000Z",
"modified": "2016-03-17T15:15:51.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-0450cd2 322.doc' AND file:hashes.SHA1 = 'ba7effc5a30b5ebfa702b0e9a6277d2ec7987251']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca28-0588-447f-baf8-4ca1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:52.000Z",
"modified": "2016-03-17T15:15:52.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-0450cd2 322.doc' AND file:hashes.SHA256 = '98cfd4e050f4791d2762fd7387737489ea3f2a23cbbff00cd51b572ea6ee70cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca29-6008-4dde-93d6-4aff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:53.000Z",
"modified": "2016-03-17T15:15:53.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPt5cUhaUNMrPyQAAEY4AAAgABwAZDU1YzZhZjAxMTExOWEwMzgwOTg3MWE2YzllMWVjNzNVVAkAAynK6lYpyupWdXgLAAEEIQAAAAQhAAAAlEMmjHlLzceMo43ixNJfB4TgnYJEuPqZyGI4vA34Uyqxu96O3ceENN2yeYNppPJhb6GAqwHQs5q1vE3lnd9T89pkcUbAbEdvWMiZgFi6HggdtGGT/kr28REXvFtCCwpVWGbWIcFHs6MER+ZM7xf0cATLkE/uC2IjPtYcQkZb3vAJ4/fti/UZaoxDL8ujMiAsEJXbzcvJJal1ipg6bcYEaqh5atQ6loR7um4W56TjQDc4HMgZLYNqxYrcP3pxWt0XzcI/n+wHwQsbVaRlmODifI49//aeioEtjzbp5btLOrLtBjDGq5yTXTlyGXo/ipKG97yqC0EvE+F8Fj97/XGBZYHtLSPoygGXvWc2f4vv03gH90uj/Pi9/cWLZaG1f9+ofi7vOVfzw/0ouXm3ib5Zn6bLCYWSiQ4SdHmWwh4Ie8tOgeuXa/aEVE1Ma0dGZFJRlqdhesdScV8bOyBQdllN2X44x5+TwTl5EFt7GIdZfV+NpkdQu9fESeTnoTWNm5ity56OS22zOcAzIqfIRyY8/UXwVHC6fZ5do7vI/G6KaFfbIcd1GQMV4+caPaVq7er2+TuFUaPoO+5T7Rua/MnDYIfH94hiWRxle8N3oBDHcmFZezsLUi01ADZYPTzAW/jhs3bA11oTnMTh9827kdSpBQd3rLoQXklc7zPsIsF7DNsiSopyevNI/Nx90Npm+tMT3ohpLcIBHn83wt2VrKtz3795x98B6hEKujWrV8i3emsqpD/ZhT3+ebuJB6BZ/t6ahHuj3vHrSLrs0KaGOqI7ko0xy+K6SMwa1zxRmlSCZkvtq761JDEqsy5FgtWxwslFMp7yGBAzAhrdA4nG6IdET8e0ro84YeWhZKXJM2s3QlADxWhA5iaBVVO5HbUyS7lpGL3fiM/y3YghipRFJ5iKRmlEAGWvXMV8VLW8UD+H6aB9IKdvz54Cl82RhpQGDD4yl/raUDJ/xK05iQp7SxhnH6qdFVH1OnXO3ccfdPY9X/Ixvu5Bl5jDLoTpwkekfez8oWggUPKfhoCIF0vuGT95S6Nge8keHL9AsaOZRTKrrSBXEzhALxqIzlXAINifpkjziBW+mE3aHySuvp/s9KIPEua0R1Y/zxOsQ/qkzH0JxmjYCRzTcxVZ/+JOs2Mq+xv0O+4jIBOVEiYhZSbyClbhuzbx2rm1JMUchB7k/zcsTTGxvVIKFMTmEYDEmV8sNqiCR3KqR2M8eCo8XKrRRLPVoBdPfJYFSfpG2Lg+1U804Kzo7oJIObYgrSdt/8hlLdsE+wKJmffnKGjAA2Xf0OKZB9tZTN+elMt4o4bF8tTwdz1Zme8L5Mux0UQJoWP7K4GR7+fIf6yXPPl+X7n5DxwGUM+Uw/+v9gFeLEk3FXkXi8xF3SfGSoCQs+5UXBJYR5b1t7jKg2O4WCrt3p/3DzA20I//jmU9UTOfkwd3EJd3C3IkQQIHOiD5BoYHruAvSRvOpoJDBGXLAIaDYW9JsfoaWz+YqM2U9m5lbqWaJYpdZGsmOsZNE0DIObrvCpI2809V3AwPAumfqpf0Mhm2ditV1z9IT5/JlIloZgWqmwy+3ZeKn6q54puCFWR79sNWhjv5VwDbN0LZ0nNd0JuCJ+AbhQLRik3Wx6B1MuCc+E2iH2F9mVf2S6VJYb37V4Z316EPjBIjAPFcYIhnRB5n+qA7m043eH2XbuzMaMa/F6b/koKG84tgR45WYBjEfzFwSCEmbx03K8zxx1U0o52y49y/EgOlv5uURg1p9oz8hNiSnusDys2Oldzna2M6GEhD1q5aASPlhpLKqVVgNi3FDTHuYFz6dcxZngFmczT2du5biLwM4ZfqS1yRb8tjs0ZlYjKWa9zusaWjINtvmJR8QAqHmkAg+Ij/vXXrHzLPFgM4j1AzOm/uWqHy6p9Y9/MdLVjl9IjmrBl4ahjMAiuPSltvkzp8oEUsQ1ypDrCzFfpXs9g7O2ADIRJyDWk+dlOaDQpDN9PubhzGYG/uD1jRqIF6lljvc9saqZtjjhF0CXPJ1zN6sDgpsbNPU8N2uPnDtNAb/MIvi9ZNahvB9tHee4iJVGErpGBLUp8zZ16iaX6vT82EbuzU2l5el950sXRsENA2BSHTpGNBXNMWvLHGSyMwNZYt1maMtoOxGiguMhs7kZBTQV8rn3YGZDypMiXtfTCPku6gfvcwB/YZ94PdWrJCd5filBVNzlOQvuyeXerxHtjQa+c4FnT7ci2JbnH5Dabhtu43Wq1V3U3NlbDwpCoAgXP0BBTjyVqv1VleWmLVuwDx7v9kg20GlXm7jJx+zrqzwunSdlLZX0N9A3l8P2lM/6G6qhaVt+V62Nvks+5lKnTxaXqaIyZFOvym/SL+T5hOJyaiTO79W5wZwUHc23HD4ThBMIF3sKjAf+reJ/sHDaWiWMFtSWbHqhSpj9VQSgwD8pAEYTTxh8xw2CYNgcFNHPInv/CJwyR3gFd2ywig9GenYNhx+skwcF0dNSn5ylf3bfE5BeNF6rfQR9iJTaXg05zez0KArpNEzhKzHnUCSMVEICln+uXXYsy53S46Jp7qnxQGyN0AVvgL8dWf/fulyRvEgPCAGfK7SK2+NepDyNwtr+U5qHEqyAc6ziXT2+h4dk8d+slgQ1UfcjY7673soFbBSjsoZyvV0v4DxBaHTNtyznFgRbR3tyxEMnGTB6tnAf98tmao95qzd2BUBMXQPO63A74MmkD2CHBjVUIBAulprwsTohHS2iizlb+5AJTbELnVmVK8jXljPfCu+pCvura/TMLKoObEpqphglPmLf7Uzgx7TB9ceNkJLmsXLY8X2L+5tbknJVq+XZdrtcp+MpAmLfAghIE19oU/nTtef0xVDZxmibFGQUnitYZbO/r2UAv/avKmGDM4B79og9AlDpA4SFiKI/qLxvhEYWVf92teywmFEbUMFgbmvvNGqQRiz0iOyb3PBuKG5AqjOZKzxkNeIvyaW75PjGnVIJA5d4UlXYZMzaG2tJuvZKzn8ZdoFUVNf76O+F2LOabyWU6LkKgnH8w9SUiQvikRQi7P/bBMukZF817NcYvy0NsFpF0JL7mLi862cf+MDYzCJHBMmvxdO0RqiL6mx8p8vCLTp6L556mGGjHLG2ffO5LPWki9UcCco276CpvhcHM5Itl395Xcz0cJ6IyWlF+1AkolO4lppQxqNsVVyb4hLdXT70EvzwVuHYTNZ2+tLRl5koFnN8rH/KpVWD1OuJ3V+rezpUFlA//fZYukRSKHL5bYQhQW0W84k1FfXC9YvKKgjj9ueIArj7a2oeMCnOnqzw/NyTNzlNb9EecKn9KCCavfJhc2zM6plOu1lRhU04uQx4CCEhOrdKKEmLb/Akgk6hdDNDLgl7q9kkzhZGECybUaEcV0Ic35CfOLkNOR8J7+unMPXDsaU9s/LF2zx68wRPOVbyht3wtllQ//Bnnh3sgone4UZnjcoIDJfxmp+VhD0j+jFi6bGClJ/Equ9Qd6eZlnVWmIEhHjhrHKTQrOYzIDghyYjO+taPEqehWeOa3+vf1VXpedtEeG8nOe+aldub4V1tHUCujBEXEbhVxvhegg2ovdcTxqOKpxdk83r3sKqrJ4AG3HTDSg731uPn/Zt8PjH3wgy1TF9W05pCk6DetsFCA0cGudwSC7oNgmRfDVeKZQP1FT3t+7MVCcT6I7Q6+Ih5EAim6nvOVvEaR6F1lp1/bjigbVYWGTLBRYHpqGeCZu8HDXgWBgvYHMEf1UPsWvl11Z14o60kvsi+WbOHM35bx0nfKXxwrj5qicRudisdvJ5AnlxDS+dOJ/ioKtJ6f/VOTCji6dqu//n/MAKfKzbE/dIeU2P/5qHOwCF0UHqOctKYurwYSsE+r/clIJKMprQHimzBZXzt4iRxqFgu5RTI0iFucY+8YBrKCquB
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca29-07cc-4848-a68b-4c65950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:53.000Z",
"modified": "2016-03-17T15:15:53.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-09686a0 4578.doc' AND file:hashes.SHA1 = '8f0d6cf23618d30186842ab6447ca4fb056c8d45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca2a-7644-4ab8-8097-4022950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:54.000Z",
"modified": "2016-03-17T15:15:54.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-09686a0 4578.doc' AND file:hashes.SHA256 = '7c50aa4a0175516ca9e9dced0f6a41919e3bb58cfd63decd35afc0246c6f4fb1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca2b-7b10-40f7-a0b1-4ce2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:55.000Z",
"modified": "2016-03-17T15:15:55.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPx5cUg5eKsAPSQAAEI4AAAgABwAODg4ZDkwZjY5ZGQ4ZDk5MzcxOTJiN2Q1YzRmZDAxYWNVVAkAAyvK6lYryupWdXgLAAEEIQAAAAQhAAAAlEMmjHlLzceMo4opTwNTtwWBG17fjhHAYG/YTfs6Pjb1jn73ljqpu1lQ3/9fc9OG9/c8mUBMopc462my52lyzAvKslGnpubj6jJVxsn9kNHIwzk2vFypUx70+ZIz1bNy4x1YpITCDHlKDlD05yLUIVs3z8//6FJOiuHaIy1GyGPuphP4iHE1V4N1zorA8oXfrid6nh8cBmQ0BdqcdUHCMYi1h2yDfgbEFIpgWeG2QcI0znpZdHtsSW+Z7XPbxPTSbEVNDLSK0Zcin4SlyhFTynMGpn78UviBpi52Q9U5MuqiCgEqlLopR9S1S0Mvy91fqjgY76OypdjWRi1F7+DwHZ0FlhPqoBh5LStRaRIYWc4DBvz3yC9CkYtMywljDPAA0w9fr3Zx28xhfSI5ga7g87sz/pUuv/WGMAfxWOk1MdO4Vr2IOhEvAh2jMoMr4uk3WgzJKtFxy7tC4O6wo4lY5jwF3orlu9XlKHCi1h5/n2rs5cYXVidzy/fWNqEXiuCEHI3AepBUes8S3QXOv9m9UDT55bAi8d5AeMUYMRW2Z7V1/Kq6hVHFCd1Tn7y1aUleTt5m9k30qVWAcLIscVc9CZ/8WD1uz2Yd9TBVVP4w74h9JatC4uOmmWbQOwh+ywJYiKtawVPGzHjrurKONqC8ZETsRMY330B+HUicdLL5LxQ5c2VwOB7INdg9C2XVlGqY7ukFHpoT+S6ydUuYcz77B5p8ra0IKBBdPEj8xX/9GkGEeW9ElcxPA/30GZqfZpIqgLxiCfmarAD+si+PnqSY9qjGU6FSknY1t+bC+h0BeEK0Hc/RFsrFYywke8DXlc9VpzNVLJyv0/p9DRBnmMi8+AnevTakYPBZe7Mi5pbEydmEI0+trjQP1d3ldMgHM1vZVPdC8g/3415/rDJKr/wy+6Yx2PqjqHHSWTC2HDt357pn3e2XfFPiXOHWpQHRTkpblcHHz/wQyjOk07IErTkcoVVtJfydS5nstagqvYtiywuvIj/yTvvLO3FPhjk3/F/tfkfbcpG4vXLX73Hjdnk/LtW0dip9URa/Qxoa3JzPk1ZyVMWrhcTdCsXbPHuSJpfdbwOvFHqVorfcGq/6c2s6sto6AFu1wWSEEZo+TjSw7wZBlMYZIjXn/G1VR7yG2UTH35CeTopqDHW/6rsq74fTGvpLpGpIa1quOflw1hFW5P5QKX+ZO6dR2vaehQmYZn/xlr/1Q1CO+BtJWFhCitD5ZBHcijIj/ZxZm0D59lpz75WftYT0AWiMiAy3Me4IABpA6GHJkJnrLjo8ZjG+L0a6n+1WzVQ76Mz0ayDluj62shBSFwmtqLG+MocZqEOBuM/qNApw83KzOAtkljBXSqsvFq0sH4ct5pYx+WhxZuZ+7Jj//GWjOctEw1GsvJkHP9GceN1Gg8rrkymLHdKmdpse/wdh7S2ZdP65egnD5WIadSLk5kM16/3hom9UrOvdipXQFsPaLK5kMkIs0pIPKlDCxcWsb7fr4G+j1/bChrDyvvB7yKJQbGd2yGwKJ7ul3Md7qD6g4VQRsX4WAxwOhvn+W+YD5MzEVsCkYkoLD2OvFZ5g9z0akQu837NUPFM9uOl34MQupndTau1r65RsKXKs254rMsMoZbTzUsBr8mHF044+BzpcuMgejVNHImmHdjCJ4UEGgYk/l+5bMQL3opla796sfXI90yhw1QqHJgssxtr0eBAe8JDfSH+CtZXs0KK16HSMnY9L8mlG8pTF/9Z8Nlm9AE3pFZ8ASbIa/mk6OFbJtG/s6ZXvpbaR+dSs+FrE1B9//JWUn2zchp+F0eQegGo6lSaxxF9NOYRzzgWO32Gr87ux5jhV2a+kJn/YFZ5ElcwbpwMJBKJLkpglsYPIuBbFGXecoiYRkezqIyz2u0gJf9HDXqTc2QV/CrI20Oa47FqvavC26jRo4VrkQ2PB55frC/+EtrBcJ53JYH/jvdYRvPk4LzofMAy19rei/2z98WDkGXtrbzICc/aqkj0kxT2Faz0huLzLJ1sUqn2wpbcor9cYTw1UCZjcQNn+bKmu//zLh3yFly1+NAAgcfQ4Kcnfld4ivs3/5paJHZkVMTAZ14ad+1bqlp75OBzQrdJOXzPeoXWics944z0EOOTYArj5a2k9DXK4AJgKZ7EKBED+I7D1HPyr0//OeSmACLiRQ2/24iTdzvzEhzqzR+H/Uxhu53yMktkSMXxjd5gMHN4Io5GyFF/E12QylElRBEI0M93gkc/8Qp9GZGJfeUGF7H+SqTtAZ/tU6yLEilM7nin3167nGQE/otci/6as+Pe2ADWkXLuxROSxMzQunk+Rw3ZNUUBJTK3AObKfB+tyGoXalxUiETSxkcuxt0UhWuCvfgXJuUlEO2LI5drwfp16AdRzr/Lu/OP5fhDUNcfWR2FVC8COIupXPcvpGlqXwEvs2ZTdVjiLERvY7cq23pYomHaDLhhrEfzvjD0X/qU182f5mwveEiVOWKK64VYNB9yhs9Kocf3IJ43Q22giNt5BDsd2ul4AKajPdioOgMhM8zHcVrGiONezwOVvFYjW0VCCQRGGu5M/iZpw47+6uDsJGPHf+uAqixS5zVrpz2GHmh8QbOnQGVoeDNEay9TGko0eAkZTvZBPrktbxaY8N1+1D0mvuvakLQlNqakP0pH/mPYx+ZakS8YWXXPGV3XPBVsjLlAcC/YalL1ACd0M4Q9+oZc8EjPluewRSLNiTpDznJnUr773P4/yS5iez7CdJ9DhE+0eC7RTGm9CFskdeZLiyq91lX0QpaFRsrq6RcuAFTwYJznJUHE8VOQ9GI/pklID9MQ97W67AW6fw646wrgZbxbHslmftpHTFkAhB8WyO9HGM5D69Vg/vqSIBnGXTd0MrhId+WJsejJHSgAvGW+LA5fIo7H+06FYGpu2RjBynaWhomsdz9xdKh5b9a3Q6WwP/EDWP01uIGuUXsyQWCeMqNB/cphEvuLx23/XPG/ytHY2wzP+d9Kz+avaeGJnyJULLylYXCqlYPUUcgILb0Ss2Q++VzEtin1F5OjnR9BEC4LzBDwZtPaugfXSL3pdknvjmzmqSmcmDz/ICx+ht3xPuZru6YYgJv0g2brrUwiOCW1BRsudATAneTbBRr/8oMRJZOKbeLvOMrVJKQ2fWjYWx2Lmhwpz9sNBf/W6cPaeWP/bVsHJ5uv7IPf7HvblQHpwSKRx9KqW5XvL2qxMjZJttXJOJmTPAkplTR9D+RW1UiJhJExavqvupyYKz7gQm6m77jWy/9iGabDMeFdO793enBGw2HtIsfsoUESUOWEdLzkruvRNzJcIAdFg1JwMt+gsl2tGQH0YLaMPlcVCRqzDCzzJgH4DiDjJZwT/bgJoIBtdU8wDYTe1SnoWjR/4t62vJx1K2n+xjZheJeuQm/blbGTxJTGAc7CrW+yij2i3gsmVYbtuIxqzaH7Xo8/3WYzUhjkEBeqE/H/ReQ3MYfJ1TVIFQY++CjL8bCZ+Hg2bQaHQDnGUiU/jDHIs1BSekdj2ZEzsFuHDhf4r5qYE/hsdg7TWt+9giiU6c1ZYfM/ZSFv4XR5Ntf0wDXGV9EgqzYzX0pXEOLTAbWjyuKJp9FbnelbqizeWQBgLa/+udTW9irBVIie8/9RrfSnihAuGwso/6x2TJej1krymV5qI3PZFHvI+J3iZsauqLqx2dndb6elcAiKAGaaCaVAPDA+V1WdyKvSq6JAghH++abZzyNf+0d9wUfARqU3w38F7bpjcQdK5ZfmMscW2wiaPbxvuhJ3xe42F5oE6JVZLKZMalLtYeUPv2dwbHnnfpwe70UntnmWtVYra8JAk5F86T55wRR9+THJiM1IcYGm2R6lesmOrUQmhIQH2/CvTF5/JHlgcO162KsTSc7DkkWB6M+TD2sStJAlM4++Gw3Szfi
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca2c-1c48-4194-8f3d-4c59950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:56.000Z",
"modified": "2016-03-17T15:15:56.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-aRzvFnheW 960.doc' AND file:hashes.SHA1 = '0149c0a11bd250249d21ee59159c3eb62a056276']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca2c-4bec-4afa-904d-4df7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:56.000Z",
"modified": "2016-03-17T15:15:56.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-aRzvFnheW 960.doc' AND file:hashes.SHA256 = 'cf55d3d1ec63543d01e7846b31642545a4b6441503353b4a2f0bf9fdc0118ebd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca2d-cff4-4840-a3df-478c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:57.000Z",
"modified": "2016-03-17T15:15:57.000Z",
"description": "unique .doc file",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAP15cUgx9ZzAPCQAAEM4AAAgABwAMTA1MTQ1NjAwMDhjM2I4YjI1MTQzNGUyMmYzZGFlNzVVVAkAAy3K6lYtyupWdXgLAAEEIQAAAAQhAAAAy9G8IKspkLDSGOQ2V6/WnfUXRTHAsZsgiEdOBtsem2HZ4W4Rn2+fHr3ctI3h27dbf64fv2Kj2e/PtMkX2eCvKX0682TswrZzEaTCePsK3kUZOzChx/meDCb0y6SBLvX7CIOI1E7tHSHJwrM+wteW6fj7waJl3ZTAzPQIelKGBAlbJ+mibz+SlBX6vBro1Xm3WlDqMiE6e8ypHkBTzzEUnb0eaOtCrtYTpU9wRRENrlgQj/rHYkd+SD26dnPeX6pAUqwqVzXIuNgdeIzHpAoTBLJ0PBch/aOD+gEQvgPv3eImztHEcP00AfVWKV3d+9K3Tn3za5UaUikpZKjuEDIIjlARlS4ZX/WgdTgdEKy9MzDUo3CQgm6pcyRdgI1eb3q+WNn8pf03sEKSvXlYg6PpuF2a3MZSK5vAsGd7daaUNtJRKGd2dRpc/glpG/ZaiO1X1gUtEyI4QCmAnombk6Xx+1eWTcJJnar4ij/8xZjTxeBKmVN+KsQSSvfvziHOyCzSJzRn/cWFkzvrKbCLz00uRVoE75E+sIHN0Z1XTYS8IjUUq/RPEz7wWhPZ/l6MbINbamzyekVriPnjtVGmxwLR4zsGCs7d6KdNny9XyiPHpC70kBFNcwqq92CEELi4xzAPKaoGlcCCCZ4Gyu+dReH8TTQhPgs6sBH7BlNToMwsXjcYnAduzkARf2Fl8ir6mGSiW5OMdVoj5Glt0v4V+BqJpJlaTBB+Hiai82PPliUthHo9YRVv7+YYGp/ax8eAZbgqZBFwk5yjEFfwiflUfVNENa3riXHnB5ixpcxxVMen3fN8Z7W2BgZpYO4gMliYa2t3IOWNzrF+qEp9LfO0OW0eZj3Kzyh7trAvkLugOmMrikd8YcgLwOv3oQY1gVmQ0qrZY72xZELg+mn12+7NCf80wfFOHqfEdDzhM8X3EdmD3SpVgCR0SZXTZUxo/tnlxG9B1OyJUKkb61h757abqEcnB5aXcdzRIJ0HtQTaY5Gon5MD+UK+3WOKvHZdA+4wwjPpcAJsORfZ6Zwvtljh9HHtDKRYNSeONsiTUysUJTjthCB3oiYxaDyVdBxO19gcbQL+KiJR9bMRuB/rTh+e18bUDaNEFTZqgPp7F9XwMotO7N6LVZFSB2TDowmhYx6kXWmAN71mx44PXXYaj5ysfiGIAS5FWTKtl4OB4Dkib6zKSKg8jveNb2e+GbZ/traz63JVHUbC9hMZq6ti5PfwU3PswbBtImkzHn57xEEMBwnBNRuNqTK2K67oGXzijjrZ1b5Umcx6j9EwhgmqwrtuRtH9aeCw71TSoK1s+KQoN9dDp9ZyURBVsITGx7uXlJfIyLr85tGzHGshnhq9L9qeHznuzzGkUxAE1bMT0zGEjyHoyPgYAQAV1U4cu5wVKVlQUMKBy5PcWyzhzxHNI0Nr3oRr2G5EqnFfBUCfZEMAbJUL5STVkPJUdXrGoGJ4e4MqXh0T6loaYqkpkevilpCmAIEjQx+bJXXGoZMQ5UdTILPzGtRTmTWLgNG3xaP2fa2yqihte813Ub6WYyc4wUE/3A2VnNW0B1axSFwW9FTUGMHwIyltjT/Yo7bbKXmjRFzdKifMLEH5SDvHyD7fjFhmcHl0brV5bIyxQ/U4r9SZcKfpELN3D036GYf472oIMPG9CZAbDqOv8wKZ80+UCEcKOQVG587a9M6j7SKU982csXkk10rb1Si/ByqQxb3L3S3GauKh4TedvwUGKPlwyvg38iFOLu6tw+TvNgopLj55VSb2RmRfXx6pkHmijYW+sxTkb3SyOpgj4t5R4Itx2NyikPf1y0sfgjnEG0QI2Bp3cxH9J4J3KR4pjOr4xYk6WJXDETTHoA76UzugllE4jMePWCsQ5f3njAEBKrhnwU645AhMn4Am38Gko5R+2NPg51jBKyIe7giixIYaz7XviSIIRp/yJyCioiYPIO5xe4cZVbpe5Ar+/bBCfIh/j2oa1XzYRCKO3WO54yWfuw9CdM4Gdt9NNJ7quGgGG6ee3QqOazzbj9Zjn8lGsOmbDx1v/KMmkfTE9GiHgHCDDLmcwxn/pzCeq93DxI24Lq2QfPVmpBGefJrKkQU9NSCQ7AkcFji5cO0BCEMmFOXiTn1GoLQOLsPCKNEv6tycxAF3aH8Tjh9hd8s2jRLBsJOfPcBLKDp2+HydlvsF1aTVVHVeObXH5BlqNZakrLcTBR6zJ80WYGZzExJJ3OilSdDKkNkkJyxYkhXiVDlBMaDTX7IiJMAwDpHyCv27MMpw+VvfklXI4hJOnDELA/Z8kH5erXuewkkz/6auEg7555HWZ+Tf+Ddp2SecIFSJifql64mCds7aDO55rnyPLPTbv/tmkdYJL1hHblwbBx6ucYqZGrvFIPYSmwjQfvdMEt3l+IAnaWGLryr4K3zmCRUXNuWRgwtige1M9uVt6G+KndkxkxzC5QJELXHpiFz/ONtxg9Y5CtBZYH0/VHG1x/6EJztyHtQuGjX+nOtf4Jk5N75dxh5htXFe7011QqrzKg7230n87vCDC0dI1pO7Mrxd/q7V8ndNfOKGmguiDvdVetPAoTNg9fqrefgktHH3akWkNJKevfeq7mGy16ObO3g06TBhbMo6wRlEYnFdUXFG0NrPEeT/TpydL5mBER8UWwWEQXcbf8WqFOFGvV+oXkZ5AXmcxj03Ouea/+PgN3+jDgd7/QRygg+JlUkO81T6EiAaT28NlAZxlWLcCphHpUgKuqExiIYRVt4y+vtNOZnoBUwitqvmX+PBSU4orzE8aFQ1w/G2bhRH1Cfv5IvsF99xAKzF3faBsRGOhVy720c7DtWmnvL6XZ2x3JdDr4Q4dz4raEiFwJCxgnkBk4hhc1D1vZOGQr9/q7/j54SiwY/lFBe/hvxwx80X0O0WCPUAscuGhYbheIzkIRgAlmkdyg8lBRgSnJl/BSlEvwQtCvg1r+gNGhv2A22cn8cCb5NUQ+tYKW0JdQ7QvMsjnmaWpcTji2Pu7bmNhcQiH8+Qt7k7FFS8fnuMi4sra85i5KFHfp2/tMO577Za3X0VcO9P6cQvhIXyNA6gZIPpL5FbXlh7XAuUCv9w/vI+mVxad0bL2mCMyI4PvFfntpKug/x520gVxVgLCM27PpuMIf6OgC1KE6cvg8+Qikqfzp7oO5PNulTCaQJ7ot3IddOgb3eKTcxD+XUaZlMgVNhnFhmuQjqN/3pvr2kh07wnQZ+GeEYUC2CKhH5kYFZvY5OzXDpSqWO5DuVPYF8SStqMDO28TdgOC1Aj6h1pKQTUnS2hCu+3Ba0iKpKX9VG2b2DdS696Xn26WnibpNGgbIQ5ZCGQtMa91lqZjgPJsokRqQ0AUBq+Upt8WQwdQspP1TWntO2wP9VT9tOtBxmZrTqDJRMhBK9aaK0Tw18eI6d6rwKePSTJScWMit84rP6GrfPRxMCOttgYqifb/hgHpM4+jr/VUwGLDawcI+UJVuj/uVDTYhss+NV4KMpDgwnGaXYqdt7D6Fjg+EucA5jktkH3FkoZqBsSVBZPZ11DcsjQHMVcCZbfAVjTSJyH1J0kW8TKmEpvNv4K1qQvQTarHfpFhBW3vDuh7/vzRFi+30bhWykW31z74I1YP1puX8y2NYPMis7ucFuMbyQ85NI20f2R91BEP69wgEBmRLfJ9NodYhkhDsgmLnNPDrHbOKm2YARUw6BXvmuHAcqWLQeVZu2ftSgr5mcHsTWXEpUy71KgH0WWTLvNRhaMcNosJPquKIK9NqAjKOCvFreOqQqn8BGmfnu044SkjnshmhXm+nuiLwpyGBZK12+TSEqPw1K5ZGPf+WpnNwsR/ECytD6VtqiUqSSaDXFJvk3qx4rhoGPDcj5lgAD8yH0TKra6WXdN/J9umTPcqLCB9LfD07ttjTGBJJulg2jQob2S+x8N/8
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca2e-2dbc-4698-89fa-47b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:58.000Z",
"modified": "2016-03-17T15:15:58.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-d9 648160.doc' AND file:hashes.SHA1 = 'c0fec20fa0a9af0d6b7d8d03ad6eb02c5a2c83ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eaca2e-7b08-4ac8-965c-427a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:15:58.000Z",
"modified": "2016-03-17T15:15:58.000Z",
"description": "unique .doc file",
"pattern": "[file:name = 'rechnung_-d9 648160.doc' AND file:hashes.SHA256 = '02c690d59f7430740e5cfee1d41e9f9e8b34fe4bed3143123117498b45744c8f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:15:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacae6-cb28-44ab-931b-4723950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:19:02.000Z",
"modified": "2016-03-17T15:19:02.000Z",
"description": "Dridex",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAGF6cUgj8TvJWVQCAABgAwAgABwAODZjNmIyOGJlN2I5NzNhNjlkZDA0OWVjMDI4M2U5MzVVVAkAA+bK6lbmyupWdXgLAAEEIQAAAAQhAAAAz4XV5XwLPtdyWnKeN32QZE9RK+I1fsOOiZf5LvjzUKE+wOfKdM1qxDgTZyF2cjKwr18Qi6w7OedauAS2hOOgqIJVAi9lNoDLsOEgVB2aUlLAVvIp5FTF4eBjVoWwU5SaxoA/u3o9UDHRL6Kr0Hyv3PNkqymlic9ylt9+PfSBLj++yG4PMUFR4/u5ZG3KLjSOQvevs3eL+gTdiyWGz+X5OPEO56BiMsNwBXkGLp6h2WTp7cy9AiuWyKcjXYLkIZqBc+h/VQa3UQ0MtFfxCCI1O1Jmjm4+GdfnhgYvi0MCVdyusTQqF5vwPcfl03cNR0qUjTTQFXyMCthrsxGeM+TezE9Pgy1pr/Q/K2f8aVvI4IylZW1+gqIg6mix20HXkAk7dRYW0OrmgUdW5d2pVnD4HUfVGcVYYnBWw0P0bEmJMXBbQfAByMAyRjvpCiyBOMIR8iwYKq1H0/mwVd3lz1AcGTJsrnHChYuWLHBzdG4PV9+dz0dyA4HWRHliBAV1oC9MNswopblkiI/1LueT/29qNOicQUyi0WJcPoFZ3XxUxtkCd6RiUiIhz8mDcW6g47dYNCReFzqgJIgL74Aw238uR6VWOTANDsH9RQ6FMwZ+w9g+toBV8WAsFRGwRiAC01C1mTTpMgKZ+52sayRS5GYT0Ofos6AEKfAEgeCIaIzjt1+9YODDYK+W/m/OqoFmiAkW/t11+a1dB2pzQ/WyGzopFK4/Fp/JeZ0cg1LRtLDpo0mE4FVhMR9srPVZDtgn5HM/HkZkmTBYGBks5sKdh3rLC0+J9A/85NAtr4rRyHcv5wyymhYlDjgR8SVfQEuV+IqoXh40Nu+8eS8YJYhefDj85plGXg6lwyf1FkZ67rB/lsuSlXjxsqSRW6bUQs7hZ+/mRA65xVaimNJVE0WcfPm0lld67rghS2CDiqN04ZQJpYkCc0afMgsk01Bm53EEi+8wEl9wZXrlGCLNGNYbbamoy9mgz/Zh2jnjPY7M7ioocjrVG1kTczQF3Hoogx7vXARdPKpZz/5AbspSZBU5tmXWzVg0DCudBwtDQIofP/qPBx2tQ43lus+dw0bA23nVpeEKD7qWMVPU+at26ChtIR2z5Hd+AV54aDtDJk0slzTE7Om4l036EeqAjFR/saPNZAFr9ciqRSEnirpvpLQLLLjMUE5kW7pxlJOTiSOTC7P2mhK7x7W2z6hWplzxOmy1mMaKgeL1NtV0WheeIOp9Py4K+cxT+IV/IWUeb0sq4IdYkv5iD0AeK1w/mt2FnLP3DjiWcnkAZ7cTohgTRdHeDc7eYy32cxt9D+Pcmw31UiG/wKYdh62Hg2NFSysEu3PFMKHtVW5hXeWntoQOOqu0znQHD9LYSOS+F5+LZXscbc5tP9SAxItHI9GMumKkYW1HurKCIjnmX8JrhVQOPhqlxsxdJawrJ+6WcLk/cQUJTvA64Jiz8TBelAWc8PDu7JR2Lg5vzEsClceWXEzVNRYACgeV6MjTVL4w4WYq8bD1Ng0otWHAYGgz5RSDc/29M5AvdVDcCx9wBiOPsYoO71lWM4VMPzjKXEDebT0+3PE1iT+Wq45+DtyJC1cr7CyZgVBx2OzsQvXPz8P5IAfAnscrYPwpBSf9Psb1plHMYwdzyyGHMIAKPdXpilmyzUC3zuEO7alEC+bUZ6nhhp3bbueSOV6Nxge4JGoiGF0RmHk0+NeORzPJNHEkBxDNzyHcaLbBgnB7afwlJF5hEkSXnWjD7+tyq94esSdjNZ3pFAFSEyY/k8Rl5siGlUYXVYQ+4WmxYnHbQKvMHPlxHey/9dFD4HLWYjBR0pOJV6iMPdvvPbdvvf91/kspuqm+CD+XplGRoMQ3PYG60U2ry3AzzhDrrAts46SHPVw/Nc0+mZvbKH0LsVhHcCACjkkaMZraYbybsq+eLQpGjoeo/CehdBgXkMcXYLJ4dDqpm8ylaWVnFrCNwBeGifhM+vMPGjyKKHwB6vePQ+FJNPqaznPcLFy1Tcr3D77z2yivv4jUKDq3n4MKa0MtVUq1J3O3Xab3EsmWV8AoqnM9geR6tYaCtCEVATlF/SOtyyMr+gE+rcucp+MYcAZ1roxrtC+p1AIjs/EnyWCrQhhUkUXjhU0nyZhmMh634ZKQIFjwOyA222Rjd4oj2hcDuHHXo2+v104xROOk4KXmxO8vxLEHRH4uEzMKA5Cat3a0m5na2hO25qveqwE6aejXvinq+JaMfaxCHkSOTXjBhG2SYkjjMdpKfL3YRFM6PP/39fJPPaWElPLdE5DPCafKegH3g6jc6ab3ecGeqoYIYrGNJF6sYg8nZvqTACatokeCJMpBXJTOCgacYXOjyD+ZHRFS9qp8UbjPKvjETe6I3CvmXnfo+/Z9bfV+Ecs9Ne8R4IFf0pzOsNXqpWLxUh+OeA/JxihURKOL4soq6U+6iAMyKbppg2C/wDffloS5rrpjakYS5mecZuGBX5Ct2XQB8LiACE3O/9q/ITRTKyMOWIB3WY0F8x88rc8k99iFZbwDjNstLvPkRHyhqoJ01SzsvHxdtIQWkEoP4CB1MactnDA7WH63l8HwGEWY5LKvXERjnen/PkxaCrCE3L3jeQmyZX+2J+bwLb/8eqdtaMQtBeiQC7cZPRxW4pm0DqsxBYQ5I2c3egnbFp9Vmohcy7uVsXqk9iPjlHxe7h+oK+qM1WfzzeliwBL7ZkadYKYhXiM8m8Mbv+8COnw++7eDQeLFZi3bnS4CeAajllxhuTYtv0eYUKNCDRxR2gxJf9PmpbP++YXJCbolRD/UNzRwfKKmtFXemdwpv3ohoA81zjJHF2V0T0NYpHQTf00cmNvJ1cXCUrUyiQh3v6lUhWjimR38MyMYu0/y6cssVaM4PXUoxzUs1seyCzAUDVNn+oEwGEwQ23jhgxXk0Z477YXkhBne2HsP5CN7SlYo9gCSI+PUWICIYxfvJ4iLNB28A87juh9j4NB35iOTZ7wV1GZBoChFv2r7yn2cIET/3bGCEEgnwuI4rb0zR2wULjtdxhxHPWSN4TXeEfw/a7oun2fLl+kyNeCs+3Swf2/Rx8z1sDTt/omILB8Y2mcKxuOmsJuPlcI+Gs9QkDTkcDyBsVJ4xrTW4PCNXJJV9tBIsxBkjAmu7KweYSnT+7L9vnSUGDodBkjg8VNgCUIdK/shTLZ/jKmjJMJpxYYa4YSDiQNhOz12NY/PX4zPG3B+86RZeMeJW3jozLB6GAqMFbDTyebqZJ+iaMI8r2pFzMTVJH5d/nHhNJVeUAc9XO3w3S05iahcfRbttCL4EwUDM46uQ1op3Qq59vGlNZqOaGKn6mFBtJLKLLO3Msg8KlBOpGRutKuM0Is/2Vvw2nLA/+SsWerXCM6OnqcsHzZ3+7gLc2dBQMfgTH72dtT/10BckDPB6nlJI7gBNH/ZT5AkIMwyyij6N3e6MkJv61UTClRNH1gu6exCVWQa4Qn18mVbEwdFEryep5DrjOr1WIbEFKCLAWfVKF1RY494aNEIkZTkMZ78KdQbFkeGwghvDezLhOdtCZV/WUH10OyGaaN+PUlBdggmFF3j1qoOAdnXGKOdr2u6d/2S66wdDMC7QJf0EHkgMyybDH6ThEcLBN++5KPvYcW85I9s40hsTPmhyTE4fj5EHzHx0wCjPgAMNQf8H+68Ls0OUx36ZrC15R+VQfOfv3WSIyrEBE4yS2lmLHyaPx2HXGO+KjM+RBVOyTn75sRg5s+ouJ7ADvtFIMTU3i//muNiKdOqPu2GnoiJMVdTZvJPWLH1eZDbCh2oOdV/tE/+QKQkTdXfeNJTh1qYvvIZuiQ6G9RvF1KCQ4mqhE03gp3m7e34eydUfFcDLJlOY6l++zNjNovwAEyq4KfcS0riDzqlXHVEGCXLUMnVKWY7bui2ODn68WB1taCsO+7Tkj
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:19:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacae6-5444-420e-bc08-43d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:19:02.000Z",
"modified": "2016-03-17T15:19:02.000Z",
"description": "Dridex",
"pattern": "[file:name = 'holy.exe' AND file:hashes.SHA1 = 'c075fe462b1254d74798337b71ef1b82a81c4bef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:19:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacae7-ada0-4266-b01e-44b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:19:03.000Z",
"modified": "2016-03-17T15:19:03.000Z",
"description": "Dridex",
"pattern": "[file:name = 'holy.exe' AND file:hashes.SHA256 = 'a9dd22723f0ad6316c2c87727f5b01319cf703d03799efad44f9d8930c4ce5eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:19:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacb16-5800-4c75-8da3-4a7a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:19:50.000Z",
"modified": "2016-03-17T15:19:50.000Z",
"description": "On port 4843 (Dridex 2nd stage)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '38.64.199.33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:19:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacb16-b578-4e27-9e7a-4a3f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:19:50.000Z",
"modified": "2016-03-17T15:19:50.000Z",
"description": "On port 4843 (Dridex 2nd stage)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.93.239.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:19:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacb16-457c-4333-86cf-48ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:19:50.000Z",
"modified": "2016-03-17T15:19:50.000Z",
"description": "On port 1234 (Dridex 2nd stage)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.17.155.148']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:19:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf1-5038-4c64-8b52-45d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:29.000Z",
"modified": "2016-03-17T15:23:29.000Z",
"description": "On port 443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.16.145.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf1-f69c-4b5f-9733-4398950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:29.000Z",
"modified": "2016-03-17T15:23:29.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.86.188.102']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf1-af44-4b79-83c4-4cdc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:29.000Z",
"modified": "2016-03-17T15:23:29.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '75.177.102.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf2-5564-4bc6-80be-41a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:30.000Z",
"modified": "2016-03-17T15:23:30.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '71.9.39.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf2-02b4-42d4-b5e0-4e95950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:30.000Z",
"modified": "2016-03-17T15:23:30.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.152.248.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf2-e230-40b3-a942-4eaa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:30.000Z",
"modified": "2016-03-17T15:23:30.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '97.86.83.142']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf3-0e2c-46d5-b7c3-411a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:31.000Z",
"modified": "2016-03-17T15:23:31.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.2.245.43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf3-8378-45a3-81a0-4971950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:31.000Z",
"modified": "2016-03-17T15:23:31.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '99.248.17.200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf3-54cc-46d6-bed0-4b55950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:31.000Z",
"modified": "2016-03-17T15:23:31.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.172.215.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf4-b95c-4cbe-bf8f-4c36950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:32.000Z",
"modified": "2016-03-17T15:23:32.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.190.2.168']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf4-45bc-446a-b25f-48fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:32.000Z",
"modified": "2016-03-17T15:23:32.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.2.164.38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf4-0278-4f1b-9c03-4b66950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:32.000Z",
"modified": "2016-03-17T15:23:32.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '24.204.49.244']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf5-06ac-4f04-ad0c-4651950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:33.000Z",
"modified": "2016-03-17T15:23:33.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.99.140.20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf5-048c-4ef7-ab55-40d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:33.000Z",
"modified": "2016-03-17T15:23:33.000Z",
"description": "On port 443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.61.129.235']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf5-8b94-4108-b026-4ada950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:33.000Z",
"modified": "2016-03-17T15:23:33.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.131.80.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf6-1334-47d1-a6cd-4bf4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:34.000Z",
"modified": "2016-03-17T15:23:34.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.0.175.169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf6-cec8-4a87-9e40-4144950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:34.000Z",
"modified": "2016-03-17T15:23:34.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.35.198.188']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf6-0bc0-46ff-ba56-4626950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:34.000Z",
"modified": "2016-03-17T15:23:34.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.82.193.162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf7-22b8-479d-8187-41f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:35.000Z",
"modified": "2016-03-17T15:23:35.000Z",
"description": "On port 443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.88.191.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf7-7a7c-4b29-87bf-448c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:35.000Z",
"modified": "2016-03-17T15:23:35.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.141.111.166']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf7-ff24-4944-bff9-4925950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:35.000Z",
"modified": "2016-03-17T15:23:35.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.134.190.171']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf7-8850-446d-a496-4145950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:35.000Z",
"modified": "2016-03-17T15:23:35.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.11.41.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf8-d8e4-43d8-a92c-43a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:36.000Z",
"modified": "2016-03-17T15:23:36.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.172.43.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf8-6d48-4568-a565-49d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:36.000Z",
"modified": "2016-03-17T15:23:36.000Z",
"description": "On port 443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.96.139.253']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf8-c164-4f4a-9d9b-4468950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:36.000Z",
"modified": "2016-03-17T15:23:36.000Z",
"description": "On port 443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '79.124.67.226']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf9-352c-44a8-b8af-4ef0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:37.000Z",
"modified": "2016-03-17T15:23:37.000Z",
"description": "On port 443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.255.121.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbf9-7070-4b9c-b80d-4226950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:37.000Z",
"modified": "2016-03-17T15:23:37.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.76.17.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbfa-e8c0-4f55-bdce-48fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:38.000Z",
"modified": "2016-03-17T15:23:38.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '90.192.130.30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbfa-461c-4334-bd48-45b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:38.000Z",
"modified": "2016-03-17T15:23:38.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.166.241.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbfa-8ef8-4f2c-b096-4bda950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:38.000Z",
"modified": "2016-03-17T15:23:38.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.20.173.243']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbfb-b644-4b58-9fcc-4a16950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:39.000Z",
"modified": "2016-03-17T15:23:39.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.166.17.53']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbfb-d958-4ab6-98c3-4121950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:39.000Z",
"modified": "2016-03-17T15:23:39.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.136.168.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbfb-1a38-4f40-8663-454d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:39.000Z",
"modified": "2016-03-17T15:23:39.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.31.178.111']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbfc-b850-462f-9f45-4e74950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:40.000Z",
"modified": "2016-03-17T15:23:40.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.84.92.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbfc-3f1c-4f7b-b440-43e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:40.000Z",
"modified": "2016-03-17T15:23:40.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.65.40.244']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbfc-9ca4-4acf-9049-44ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:40.000Z",
"modified": "2016-03-17T15:23:40.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.157.176.96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbfd-0e3c-4d94-9198-4a02950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:41.000Z",
"modified": "2016-03-17T15:23:41.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.67.37.135']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbfd-3788-438b-83b1-4078950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:41.000Z",
"modified": "2016-03-17T15:23:41.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.17.205.232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbfd-171c-4a08-9bb8-4bdc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:41.000Z",
"modified": "2016-03-17T15:23:41.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '2.27.242.20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbfe-9e04-4ad2-b51f-4540950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:42.000Z",
"modified": "2016-03-17T15:23:42.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.124.2.130']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbfe-457c-4d76-8fd1-43c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:42.000Z",
"modified": "2016-03-17T15:23:42.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '136.243.139.147']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbff-3594-4fb3-9f99-4d97950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:43.000Z",
"modified": "2016-03-17T15:23:43.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.188.14.86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbff-f278-495d-a353-4bd8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:43.000Z",
"modified": "2016-03-17T15:23:43.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.206.113.9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacbff-2ea8-41c5-9a3c-4a35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:43.000Z",
"modified": "2016-03-17T15:23:43.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.234.200.250']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacc00-a528-4c51-a370-470b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:44.000Z",
"modified": "2016-03-17T15:23:44.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.133.155.65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacc00-29f8-497c-b84d-4bb7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:44.000Z",
"modified": "2016-03-17T15:23:44.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.126.217.92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacc00-d89c-41dd-8716-4651950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:44.000Z",
"modified": "2016-03-17T15:23:44.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.157.17.124']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56eacc01-cb4c-489c-b715-4f99950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:23:45.000Z",
"modified": "2016-03-17T15:23:45.000Z",
"description": "On port 8443 (Dridex C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.7.194.96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:23:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacc9e-211c-4173-ac60-4cff02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:22.000Z",
"modified": "2016-03-17T15:26:22.000Z",
"first_observed": "2016-03-17T15:26:22Z",
"last_observed": "2016-03-17T15:26:22Z",
"number_observed": 1,
"object_refs": [
"url--56eacc9e-211c-4173-ac60-4cff02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacc9e-211c-4173-ac60-4cff02de0b81",
"value": "https://www.virustotal.com/file/cf55d3d1ec63543d01e7846b31642545a4b6441503353b4a2f0bf9fdc0118ebd/analysis/1458212045/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacc9f-44cc-48b6-a055-43ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:23.000Z",
"modified": "2016-03-17T15:26:23.000Z",
"first_observed": "2016-03-17T15:26:23Z",
"last_observed": "2016-03-17T15:26:23Z",
"number_observed": 1,
"object_refs": [
"url--56eacc9f-44cc-48b6-a055-43ba02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacc9f-44cc-48b6-a055-43ba02de0b81",
"value": "https://www.virustotal.com/file/7c50aa4a0175516ca9e9dced0f6a41919e3bb58cfd63decd35afc0246c6f4fb1/analysis/1458221221/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacc9f-3328-41a1-835c-41ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:23.000Z",
"modified": "2016-03-17T15:26:23.000Z",
"first_observed": "2016-03-17T15:26:23Z",
"last_observed": "2016-03-17T15:26:23Z",
"number_observed": 1,
"object_refs": [
"url--56eacc9f-3328-41a1-835c-41ba02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacc9f-3328-41a1-835c-41ba02de0b81",
"value": "https://www.virustotal.com/file/98cfd4e050f4791d2762fd7387737489ea3f2a23cbbff00cd51b572ea6ee70cf/analysis/1458225858/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacc9f-f430-4697-a779-40b002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:23.000Z",
"modified": "2016-03-17T15:26:23.000Z",
"first_observed": "2016-03-17T15:26:23Z",
"last_observed": "2016-03-17T15:26:23Z",
"number_observed": 1,
"object_refs": [
"url--56eacc9f-f430-4697-a779-40b002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacc9f-f430-4697-a779-40b002de0b81",
"value": "https://www.virustotal.com/file/e4d827da6b65136ff92e5f87dbe8489fb42202b71a2dbb5a6425293e83fa85a7/analysis/1458225854/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca0-a27c-4958-9f41-4e4702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:24.000Z",
"modified": "2016-03-17T15:26:24.000Z",
"first_observed": "2016-03-17T15:26:24Z",
"last_observed": "2016-03-17T15:26:24Z",
"number_observed": 1,
"object_refs": [
"url--56eacca0-a27c-4958-9f41-4e4702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca0-a27c-4958-9f41-4e4702de0b81",
"value": "https://www.virustotal.com/file/451c28e505b2051c630914185dc6c2e0460ae30b219e02fdb6e7990935bf6981/analysis/1458227342/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca0-3f44-415c-ad20-460402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:24.000Z",
"modified": "2016-03-17T15:26:24.000Z",
"first_observed": "2016-03-17T15:26:24Z",
"last_observed": "2016-03-17T15:26:24Z",
"number_observed": 1,
"object_refs": [
"url--56eacca0-3f44-415c-ad20-460402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca0-3f44-415c-ad20-460402de0b81",
"value": "https://www.virustotal.com/file/21cd52fad698b367d68a19c019db8827e7e589aae4d1171cf1f69484c9df512a/analysis/1458225907/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca0-e128-4dde-a09c-4d6102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:24.000Z",
"modified": "2016-03-17T15:26:24.000Z",
"first_observed": "2016-03-17T15:26:24Z",
"last_observed": "2016-03-17T15:26:24Z",
"number_observed": 1,
"object_refs": [
"url--56eacca0-e128-4dde-a09c-4d6102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca0-e128-4dde-a09c-4d6102de0b81",
"value": "https://www.virustotal.com/file/e5adf99dbfb6ea81aebc1866e58fd137cd3eb164e9728a02a0da4c5eba63d92f/analysis/1458213863/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca1-6f44-4dde-b2e8-4e5b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:25.000Z",
"modified": "2016-03-17T15:26:25.000Z",
"first_observed": "2016-03-17T15:26:25Z",
"last_observed": "2016-03-17T15:26:25Z",
"number_observed": 1,
"object_refs": [
"url--56eacca1-6f44-4dde-b2e8-4e5b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca1-6f44-4dde-b2e8-4e5b02de0b81",
"value": "https://www.virustotal.com/file/fff6df71d5b47029a44f9af1df0f4b7d144d544dca87cb5d221b30362c43cc9f/analysis/1458224507/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca1-b4a8-4cee-a226-494d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:25.000Z",
"modified": "2016-03-17T15:26:25.000Z",
"first_observed": "2016-03-17T15:26:25Z",
"last_observed": "2016-03-17T15:26:25Z",
"number_observed": 1,
"object_refs": [
"url--56eacca1-b4a8-4cee-a226-494d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca1-b4a8-4cee-a226-494d02de0b81",
"value": "https://www.virustotal.com/file/973a20ba49f510f42e5c72602a65b8bf39b4074053247df955e4bf99def1a0d2/analysis/1458225853/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca1-e5c4-4f49-a818-433202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:25.000Z",
"modified": "2016-03-17T15:26:25.000Z",
"first_observed": "2016-03-17T15:26:25Z",
"last_observed": "2016-03-17T15:26:25Z",
"number_observed": 1,
"object_refs": [
"url--56eacca1-e5c4-4f49-a818-433202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca1-e5c4-4f49-a818-433202de0b81",
"value": "https://www.virustotal.com/file/ea24f79c0b98d48d7f41c0cfabeb7572b4bf99d8e8564983b3d61860718b2178/analysis/1458226188/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca2-b798-434c-ad87-4f1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:26.000Z",
"modified": "2016-03-17T15:26:26.000Z",
"first_observed": "2016-03-17T15:26:26Z",
"last_observed": "2016-03-17T15:26:26Z",
"number_observed": 1,
"object_refs": [
"url--56eacca2-b798-434c-ad87-4f1d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca2-b798-434c-ad87-4f1d02de0b81",
"value": "https://www.virustotal.com/file/bbdcfe20dece102c30a0f6785ed2d9a7f898428285df3086a6f69d38c267c960/analysis/1458226167/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca2-671c-4ece-87bb-414b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:26.000Z",
"modified": "2016-03-17T15:26:26.000Z",
"first_observed": "2016-03-17T15:26:26Z",
"last_observed": "2016-03-17T15:26:26Z",
"number_observed": 1,
"object_refs": [
"url--56eacca2-671c-4ece-87bb-414b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca2-671c-4ece-87bb-414b02de0b81",
"value": "https://www.virustotal.com/file/5c2387775a5b868dc9c6f8405220048b273628639f16c67218ea5d0cf06124ab/analysis/1458227041/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca2-6138-4661-a545-429f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:26.000Z",
"modified": "2016-03-17T15:26:26.000Z",
"first_observed": "2016-03-17T15:26:26Z",
"last_observed": "2016-03-17T15:26:26Z",
"number_observed": 1,
"object_refs": [
"url--56eacca2-6138-4661-a545-429f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca2-6138-4661-a545-429f02de0b81",
"value": "https://www.virustotal.com/file/c063a43b6d949e19cc84ed43018c11a6e1762ad76012da54133a01ae6008a465/analysis/1458227692/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca3-a7c8-4de4-93f2-461c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:27.000Z",
"modified": "2016-03-17T15:26:27.000Z",
"first_observed": "2016-03-17T15:26:27Z",
"last_observed": "2016-03-17T15:26:27Z",
"number_observed": 1,
"object_refs": [
"url--56eacca3-a7c8-4de4-93f2-461c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca3-a7c8-4de4-93f2-461c02de0b81",
"value": "https://www.virustotal.com/file/34f328ae6adca2c91733c0dbb922cef53199ae60901581785c194a9fc1dc718f/analysis/1458227799/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca3-2104-42a0-8075-4c9102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:27.000Z",
"modified": "2016-03-17T15:26:27.000Z",
"first_observed": "2016-03-17T15:26:27Z",
"last_observed": "2016-03-17T15:26:27Z",
"number_observed": 1,
"object_refs": [
"url--56eacca3-2104-42a0-8075-4c9102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca3-2104-42a0-8075-4c9102de0b81",
"value": "https://www.virustotal.com/file/69f5e28ba0a62eda8e9c65a5b548fae77d15644ced41513ff3b8237cdbd88afd/analysis/1458226513/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca3-2120-449d-a48e-46b102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:27.000Z",
"modified": "2016-03-17T15:26:27.000Z",
"first_observed": "2016-03-17T15:26:27Z",
"last_observed": "2016-03-17T15:26:27Z",
"number_observed": 1,
"object_refs": [
"url--56eacca3-2120-449d-a48e-46b102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca3-2120-449d-a48e-46b102de0b81",
"value": "https://www.virustotal.com/file/188e5ff3ad3e4294e2ec9bb760fbf3eeb0319568d80cc2df8d369d89c6cef512/analysis/1458227414/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca4-7624-4223-a99d-47f802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:28.000Z",
"modified": "2016-03-17T15:26:28.000Z",
"first_observed": "2016-03-17T15:26:28Z",
"last_observed": "2016-03-17T15:26:28Z",
"number_observed": 1,
"object_refs": [
"url--56eacca4-7624-4223-a99d-47f802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca4-7624-4223-a99d-47f802de0b81",
"value": "https://www.virustotal.com/file/63ea608da741f812883454c8c0ee8f167ba5ee1bca829540a41d493842a22001/analysis/1458227666/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca4-69a4-43c3-9974-4f4002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:28.000Z",
"modified": "2016-03-17T15:26:28.000Z",
"first_observed": "2016-03-17T15:26:28Z",
"last_observed": "2016-03-17T15:26:28Z",
"number_observed": 1,
"object_refs": [
"url--56eacca4-69a4-43c3-9974-4f4002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca4-69a4-43c3-9974-4f4002de0b81",
"value": "https://www.virustotal.com/file/cdc30cfb941e21e9baa5917a27406f317c3e54dbb851e170af4aa3333149d68d/analysis/1458226623/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacca4-2c64-4571-b1bf-404d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:26:28.000Z",
"modified": "2016-03-17T15:26:28.000Z",
"first_observed": "2016-03-17T15:26:28Z",
"last_observed": "2016-03-17T15:26:28Z",
"number_observed": 1,
"object_refs": [
"url--56eacca4-2c64-4571-b1bf-404d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacca4-2c64-4571-b1bf-404d02de0b81",
"value": "https://www.virustotal.com/file/da172f592cdef05518bbd9ded4812c987dbddc5b4dde020be15bedbe78349fcc/analysis/1458227630/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56eacd5d-ba48-4ecc-be53-489b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:29:33.000Z",
"modified": "2016-03-17T15:29:33.000Z",
"first_observed": "2016-03-17T15:29:33Z",
"last_observed": "2016-03-17T15:29:33Z",
"number_observed": 1,
"object_refs": [
"url--56eacd5d-ba48-4ecc-be53-489b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56eacd5d-ba48-4ecc-be53-489b02de0b81",
"value": "https://www.virustotal.com/file/5c2387775a5b868dc9c6f8405220048b273628639f16c67218ea5d0cf06124ab/analysis/1458227954/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a0-2f84-4b87-9215-4295950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:28.000Z",
"modified": "2016-03-17T15:43:28.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAG59cUhsLdK6NgkCAABCBAAgABwAN2QzNDJmZWU1YzY3MDYzM2FjZWQzZjY0OWRhNzI0OWVVVAkAA6DQ6lag0OpWdXgLAAEEIQAAAAQhAAAA+4N6MPhhHDYAIwRNOqDXtd42VMKU6iRm7YkdVhYx+8lsM4uZYS0u5wszmHYDfsZp7/S5qKUjFjEd0/pB2aqFg18o7zHI/B/l6I1xO+vBbrQHS6lls0mwGu0YV1/MaEeZi4NlPuyAenkaL8H3MJiGq0H/U9wNe3k6rMd2isQ2ToG5VIv+M8aRazwQ1gsADhZ605ceK+gtYuxAZAv4D5sTpkIWzTpiaSNhsBn2MZwbmQlF/iTvJ9QVDg8LR3f4HdqL58rCoTQtldwrH5gq9Z+SXtfem7MrzSuUeP0BNLdj3yJmR4cCwc13XPk0HaMOEZhPnQOAuAX9aXnrCaxNIeTeoPDkjXWSk3/o/yjU2rRwPeKI8JSaS1dGvivnEjn+GfWKlXjChltvio2zPHCXBcZwGmcKylVBu/UF5EurO9pWlEc7e8NteeDv1mcFnljHf8CZzj2H7Ssl4Dv5ub9a/+XP0pSxA5+AWLkNOUcpYsRu53U5kt+0J58+JzJC481Q5Ixi55JtPZnlywdePZp6ucI1kCUGd2gKUN29vSiTlpKGJqH9q2M/K/3qgbRumq9c5+dCOk0MceDvN7kmCYnyUM8eMhJo2rYP6RbwvnWVSrUexsL4Tu+AUnOPDatw+mYZC2KYUWUxEoQPQq8CdFYt/pCNOkEZXeV4WEC3+GIByZf2D8ywdfIJatHksu5PInQPgQdjyo3r26sJwj8RnoqSnzXFBMpOp4Rf6+vFhcqq0Qd5iE5Pnkgp3+6Fb4cZz+O3repuWNZtmfXzgVI9zlCnifDIjsKfGelC/sosw/+NzENtnPHPGY4VI141P/1tNjDKpLMxS7IZFtQFipqDWcjsFmUciZU/FMxYfyt1UH340tTKWP3fQG4rcpz1cHAwwtB7j9aOFXTpw9AetDNP+n8KoMqUKukiY8el28dWkOWqyU4TIKaKTbGMhhSlxwkoLw5bx8fmzZXcmCv/cwgUiVcH/yD+F+K154LU/pradRjAw0+l+P3ZspPm3Rho85hSP2rELX3OK9WJUg3Pmddx3TSRG/U/AofBhO8Gsu2fCdXOFtjtK9RMLpm+/uOjYdoYl2Yh0bYjPAZeOqiCEZon4y29peVONsPpIUY8bOY1CZBjBpWHv6q9rGI8iS8iw9rSjSgOcMxvahgJ0Ucdi3oEBO2SUa0rmt+ruu0Wvuwh/jE2ODMaIUaSfSFnjI3seVtwfrfaPc3SUlbbXf9XmytZUhobnvs7Qs+wiJTKi0/VUTJVoxgjwQD4haLH073tkytWDqpCX9gVn7yIby9z2/h53xK8iIPoamGkqlOwOxZomewYpwXoBLCzrRX1mmhaoBs/PDdsyiVFlexxZkakkzvH+raaE2TnF2AmlgM7fhh9iuU/qdflZSTthzzaUdymSOuNNVPZrEvi/ih3bLTWfoonMOCOq1cFs4V46suFHwx/KVCvJqdnn3i0SXKiUjJVXXVPwzBbFmibn0KkOujUvhDJJgHjD7jcHEdFFgLOyaehlW9iqfwP4gvkirQIFOX8GcC0WVZI/0ai4EiN8nlvmajQrIytzPNulpI9v0nQNyz4ZD0NZwrSBqbNdRI9E5qFIvvYRm7dLkta2i5nmajE0tCYqZbzNyZ07R3RxNDsr03mE3/+9Yh158B2/TPmTleTbXag2JFezuiVeS+/0eqkWROd8j53UDmDJRmAXSd3SuKTSzs320/bpHJlgxCldpO+QZE7O5/JxvTqFiKFiA/3i8VfV3uRxRat/6v8wrbCul2tscALK2uhEshAGl/CwHiY92xFSStoJsNpfvkWohZgBSq62yHl9FOeAOpz/v5dcCrYmhg0bYz3TzQouv83UY3RCuEjj6slrrNx0w7+ogp6DpMsFshGQKy7UbiIBBK6BRXYJChQWKCOe99F/gjyQ4S3New9HKLWyrrqQMN4guAD0ishCgF1rdp4luWab9BnAL0BVRXol/hgizkUQCKgvroMQRBZSxtOsvXkwNcRy8H/LaVycm58TrG7pmSz8pIuuWuhlvtaqAktvDcZX82bi2OuKtSIZh+xCZbEiMOAZOTOebisQw8ODh/bIYBbrydTbY8ppptEHp2k5NkMszvSgEwXXbXybir3QStUryJAZckId4QCf9AR7uMb3QJ2n4HyICG6miFqFQ6cchDMlbfgMDQO8QvPsP5NOnwXxMELEYBWjwN8CQjb2veVg0Pv9+We5poNHk0cJtTHfqF3VvoZqxRfkGurv1bVorlGJHcr7YOWs+EuiXkr7qlPD08lImp4TY6/jYATewkDbkUaReAr8swmxJJfUH1O6xQ5eI7DDyF7/68JdoZTuc/zNFQn2jnAlVWG0UHHzlNV2aBn+EkxFOkVtPkA8PZ1HtuU0xuOENSO8fwHLVbtl3DOcsLtg0M7gy1HuYY0LRCHTvkvxrEc+aQpBARngQ9GQi62uvb7/7aSmD8bQwsAo3FhbnRlSRACFtdRu7GLqydhQo9Ks79J6g1RxZNS8DD6E6lE7UOS+J2PEAXv++O28Z4Eplch3X9os2zCTk21WF7GH15v57dEyGWNH0B84fLMFFtXqIEuRSrYOYZ7+sPkYab7OmT1dMGojd5SLhLarx6G84pp7g1fEPJLMTI4GhkR63v1NzQJGRe9ovm4Dlg7wd0AmIakxoiX+TOwQerjkEZY8qdFm29sjG2Mo6FL7AsTU7RJRrZnEh31ath5SSjH/QsQIbTNapMEd6I8vXOrigCtJUORYk1P6E2TzfeaTzJu/YiDZOskwe073uUUGlnlesKak9D8ICjkTL6jnfmqYMZigbpwlficxZwKkjEhgycTEeOImVvd78mLJE3/Yj7eAVZYJeNgNWfygepbpzvzjGp3enIQi8XVLZi1MWi6bXJ5DKzQ3zb8jO4GHkdSNH+mgJXyIEbZdhq3RL5TQk0m3zO/JX9LNZTaFk6d/jAizfQ3oO7BeYuBnr3c56NnGQHybcZYDa6yhUCJ7/5gwzaQsC8Ka0HTKzwo0bSLxax0vaFoq6iKd3LEEfrCV0TYvnBXF5noUJkJzTvq191+YhE1N1v8EcGpqBci/gPr9OU/ocJPI2Wsd4bYjw9wR+4YI+qbZNX/WucmwpNDVJGYQpfZ460RZ7Q6mESZeIEpoWhO/p9dKOIun0gUYd3Gmha5drPxVUc7/I9/mDfpBifQFSnKCxP4iBUEl8sBdp6n1KNSnFVr2hexCPAch+IQAHQu5Mvl2FRe9JudD/T7qcOeBUIUExYd9J6l4atSCzAooDgzB0suTYBBdrREsxP6MdmELqes4U9rqL0KYh4TLzxJOfaolJ4t7KOMkYh3hntDtkEOpWsf/prJzpfdAQQtJKiET8ANdcIuyKdOHJ5gHRVfbxqqc8dDhhCkcFT8AOzers8G2rHEoRWjDqmVENwzCSdKppCrf/CDfZNOiJP81wVMQhdXLTS0NSA+fx6ySQImq2o2a/1SLTdu7JP1Rdyuzpwp+1t7RtoiL6OFAartS6CezgpbdoMfaUXkk7ez6F6uKGpcLrWUdAP0ZXKACKJ6oVhmNU7u3BSfOiBU5Bl8vgDWNtJG2tyWaElOo2hxaQQ+MuCRLJlHL1OBESSwdYPucAHAJ0ouA28ju8LcaYSKUMhV8BS5pILtJm6r7ejkyK1uIszGDRrN0FVb5qzvEL0hONhtFR5MPXMxLnAtT424bsZZC2eOp7Mg2IvHwW3LxDAgvh57Girg5LbxqafPkyNQsasrqohHqNU+ouX7/OaOy30TNQp4CMU2fqU87UEjLrJGH3HUk5z8vmjMZHWQzcRMTAokjsqGwio8K5cI2LybFCjjQv2schRD7kVB0wWeCxB1Le7oRxCkRe1X10mfWtYWNoApIPOZMTQL13Ryn9b2/+hjCjmA9u2VeP8fCMHIu+Kmkkffwmy+3mZEpkSk7ApTzGlBoY
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a0-e120-40cf-b3ce-4971950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:28.000Z",
"modified": "2016-03-17T15:43:28.000Z",
"description": "Locky",
"pattern": "[file:name = '5ud9sk' AND file:hashes.SHA1 = '1d5a3a7af300a3ceb50462d33977e70b8765fd21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a1-e968-47ea-8d0c-4995950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:29.000Z",
"modified": "2016-03-17T15:43:29.000Z",
"description": "Locky",
"pattern": "[file:name = '5ud9sk' AND file:hashes.SHA256 = '1f13e821d162f26ccff865e12045dc34b0d6a3f11425ae76e9797d4d7d939a56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a2-23e0-4e9e-8f19-4b45950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:30.000Z",
"modified": "2016-03-17T15:43:30.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAG99cUhJJGqestsBAADwAgAgABwAZDk3ZjVhNzVkMDk4MDdiOWVjZTkzYmE4M2Q2OThlNTNVVAkAA6LQ6lai0OpWdXgLAAEEIQAAAAQhAAAARKg7R9Lyx1wSW6LgURaNqPn3vUiAmygrLwP8sehiVmpf5n0InF9KfEberrKyJuDeTb2/cEIrXW/pESU0AmYQc+STHmUuLTKJpjiXVkrPemoVGExtNxukTTZfI4SiW5lNyD6jqjqjfPz4RjQuxYY5R5FzifCHwul8VVF0QuxxHbcb2geC1edg8dL6Iar1nl3MOf2Qj3YEA33gpCCwvkXddya9NLTOQp5jP8TTBIBZC75krBfYIKk3skWQ2zjOVlvrsDkyPdQflR5X7ZTAVh9Ta8skCeX9w+TFNAanvB0QoMNjm3KIWOKMGjao5jSlolis1BTVPepw2FEuYLx0LuX3UdwCwXjnFx+yedtUXXdO1g5cN1ZV1hlxTtoWbINMCherGgwjt9wqy1A7f9bHQVmtovECnVmO/0538pU9zQiw34yn//VCzUGZaeunKzR3A9mE3agrpe3X5sLRhQ/uOVgAXlpgqNP2NY7Dj6NHdEw2wCKlgCD+7hM+B9bsSZi+19HLeQucMw5T6c/rGiLIhTiECk4+LA3kN+zCC9lS4zuNKSWDC7sNW6MblgUaOD6C/38opG6/I8r9MP0qHqGSv+w3RMZPkZ5gMbXYNZ7tCh7vyvrskja10VANe5q4Ln4IlcEa3POD8X209bTRuZIvyZpLYglLDqOKC44tSQ4Va2jni0LYCKx456/ydNtPzPgpL/Iohcmc8W47Kwl1KpcPbUVWPYkorTeDiXX0auf7ZNCiTVoD0KnZ51s63+qsDlLiJj5ok9h0tBSP9ayyD4tDrCTHRz6p7pEUZ/V0ssxOthC4orvwKVQiB5AbPfk4SH0/DtAFo8OUy2R+A30h46ytrmqNleCIrKtnb8ga3A07+37AScVjnfhbRUaO96XjQvta+JSdGAH3e/g7nneG0Owv8J7mUeYZildcvUQSBqnhUstdYvIRq9JuON4nuBYTdkEzwooqKyu48df7wFg63QpE00NZveKgApbD15s0LVf1vxQ2HnygT/hDi954u/tXeC94AZpb+1kfSGkeK3yyVWzK7wk+UOeCAmGEc2qJy2iMtK4r8oc5z7hfJZx0jD+TPqi6KS8KvYL1t5ZsdJRmDbPCOZ1YWMYS+7ak22hQKmo8DlFVKLh/Zsp49G9RF42ZKjlRDABZbRYh0OF9JKzf/Z3yE087xHnEFM6ZgW7k+3FXPfG3at9RnJ7cs4b0v7wA3AZIOEJT/UEH3ZssDi1lf5KsZDx4vxPEkarDTQCuOn47vBVg7na8LH50Oks5DwUM2iO2J5Rqnb3OPr73nty4VMKxBIII4BfIv03b6g7S2gMTHVzmU7439Ia7pmBYJwSqPwpdlAXGQ55aO4LRQkQU0L8IPjjo7PyC6getcEOYpjuTFVNEUgqJldi6Fkv7DYQRKgf2LohZLtFPRQoynQUy2V90olabl/ZNsLnSsmMsb6ojVZsySDwhd10bMZD7Ffi7c3od5J+QnwWBzRHfFbkKymbGfUY3du133MZ+geJg/TuVc3ZXnpkVsN06Qpk+ia3tz21WYi3cu/QBV4C1hZlKcPU6gCcwf5DzHIMQwu+vK4R196J4YcLbFOQKKlS7oexDqj7Ra25gO4RySMmREDfcqsCdBjQ4Yg6wN+pDU0Axe0iu+MI4JxJ4IdV3+q4oMWPbNHky4KLctQ4RdnR6Q0eq25wvpchUmVGOnJc1stVFp6U4ckJip8I1LhZC1yWcPbwlSlrXlZUuSSUxYO6cSSv4XbUrYbU0IWyOWVgd3fsfqwu0cujK+f5NvCoINDK3Jji6EPFfm7QCP7D2SeeYoF9meULt1GdX3AlRVxnF4vRwHzS6abmFEAM3P21wDEgmeZ53K98cipnViYaCpgS5r/hgMgSdY+4Ca9SCkvWk+a9isgA8V9N3NAnPWhniX4urSkB+oxw0u4wCvJf8iQC0E9u3Iq4EwxTg7aRP6FZJuTZ6cr4QDk5e4GkQmWOVqnXrkvJnYVufAA8SU0fWQz9rAcjEkp8qolwXBUqJwnwwJJHjqQwRwl6vieAZq8LOIMYS9O4iKdZ/61IG0uoTiOvgZWEl0O/OPwk4CKffVuKiSC29np2NhCufifgidMapQ2svKMDXB87jjnFfv+ioXVTgc8AX6Lc/fqMSyTcKDXxVvLMX6EBA3xxp0jvrnP0W6twhYwzbSvct4VSw+d+LkfbXQxCCW44YwuEj8sXoipo3a6dl/ek8rWa16fu9GsfJiho9V27Br+fWfunM0SY95/1XOpsLpg2ehAofd9rGQ3WxYk/fhczl9QXTo6a/kNDj2Ksi79RY6Y9nqEWGSnRTohWGFwehWlPFBvmjJe0yaZTSD76oqZ5SHrc+CyF9wOSrTJMENRbxytU1Mov0X+n21ST87aIwc9sgNVhCpd/cwpEnODgsQKpti30bzk0wXfCr7Y+PWz2wQ4d24Ykx66xLPrb/ICTmWKy4T2M2kKZuGmLEYfkE4qBo1vINshPLI2/PZ0u/5eIHPO9izp+qHcfKEYm/TslRfFHscWckVhUjcSfr/dmtq9TGNsvBqAKbYqsbzEQNCiTaYqZgoEp4dTyoi3VrAyhmK1QKOSGixjOadVa4rF/p+GHyeXX72crhTMeXeNR/CciDb4c961AEM7OunRqOHrOyEF63H6vroMczEzL/fSnryf3HfaAPqrKg/DK0WD7fKLYaYcY4Eiib+tNCEAeBplBOV/SaOpvDzuWxdZKjDJjbRRZnYbqjqosDd9mU+3kvBIf4fO5VclpQWUxPOUsbJf5jOc9a1mpd2gg6+KPFTPtuHEewvE6uwtUaE0JySu9mlYeeXQ3z4Tlb0WpmYvO8D4zt9cC/+zrRUPmlZn6c2c+tagzrfSf107NMR/vj/voIs78C5hv5Bu1KV4oVZGMmaFfdoVVDBFM/vRJucwhb9hcUClq44ixowqFA/d5BUcEWPxfJZoYKTCyfJaCGtAQw60Fwd3cZIg19HLFNCUuHygSm3jsjK/ls4XCdFnuLclMXXnhmYHbDBdZj9xJC2vk6hh1M8SIdMG66RtUL5B73NxR2ghDfSOWWA+69Zca9m/71GLfsXxCzxIaT29PuL+uedesjxc0mBnMFU4CaLeDI30DNCwz1sdgIdP1WIxGi8Yf+WRLX6rz9MaIegHxfwLBKX6thA4alUVgsRCHc8OyXn/gnf13qv29rGRGvAw/DZaPu1niccBVAmvKskpfvn1FcnoeQyGrxTZh+n7KZTrxahdKfqCQxEvWNIiVIOgr1zYnAZtqCYErY43ajYx8YTbvSyWxV9+jdmEEtpcCLRJhy1D+QxzbiIZRPfK/ktqpONgtF1nizP8oBgAlZrPRFqRcWcxe1MAnhBLDhC7zeAF5Vg4rcBGbVS7zDrPz98Nn+06sDh6t8sa5+qaOIJShZ6a3334R55DPPLW161tWIzPUY95LdJmfIQsPesp6J7DCRH8dJUWGszts2ghjOjv6528XdbQuFXxqBqMcg/6Cq3apy9GA8dl57tuw4xqceHbhRsGc3nGtL05LZYaszlppZNKticPiHKQ0hALBIBF4ZIF7X67lyyIVeRY7gFmhFC5c2F0e87bl9XipFnvu7ICJrNDbHkTfmVy9CdbUqqwI6jgBIaUauUHMYK89Paif5WpYZtEEr+y4xVDRgklbyiqgP16ZGjDw6lePaW8bqtsmjqvI1u8CI9ASwNIoaB19EdYIwryuBavrbetl0sCgnx5QShw5nzGoSLvMqT6VCTtiuKFLixVEBhr7hGt3i+bE3neGF4Wqq3//D9gn+vdxcEEkasa9At2o0L7eCQXLH8Zidca3q6eI1pf+o2ATgKvzwWlE+BGHaDzPL+wUOlu48xSJ5lX5R4/EnGvRnpuCuRUoUo6j9J9KapS1qlfhJkwexKvEPGyR7t1AixPN7jEcKuVEjWg65euwqYm
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a2-b034-45e5-8dd8-4358950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:30.000Z",
"modified": "2016-03-17T15:43:30.000Z",
"description": "Locky",
"pattern": "[file:name = '89h8btyfde445.exe' AND file:hashes.SHA1 = '9d97eaee7c5fdce152501a58b470d62074ce0d59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a3-8b74-4610-a21a-40b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:31.000Z",
"modified": "2016-03-17T15:43:31.000Z",
"description": "Locky",
"pattern": "[file:name = '89h8btyfde445.exe' AND file:hashes.SHA256 = '3aec6c929f98ba3108804868e13db541fd10a4ac821d24dc8f9216ec533023ec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a4-cbe0-45af-a755-4183950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:32.000Z",
"modified": "2016-03-17T15:43:32.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHB9cUgfUTsxYAgCAABABAAgABwAZTgwNjE4YzUwMjkzZGM0NmE2M2Q3YzM1ZThkNDlhNGJVVAkAA6TQ6lak0OpWdXgLAAEEIQAAAAQhAAAA7+65ujrOrvcwVVrXt/GG64hTcVGtRHM/wPPWeFw25HLgf65ZGgj6+l4b51cPaRdibFahxc2xl1MlY5i7013hFcOZBTguXDpc0flAWjEGyBHyE79TuWONNOREoK3L7/WqZMAucC7rR3kjMCFyF+0ujh/mYMEwwDEXUmwVgVdj6iv0ZVwXBQhV8nKLUMmumAF61iH8HGhJ0YJc+/MUSxCAHjge8ldhYtb96n5m5ILz6N0ULQbxoRElVoxX4EffL9NijiPYCn7XT3mWHvCwNPBHgkEMa7vSFpyzrHjdv1ZCgZpeiQMh+IOQALxHVbLYjMVgAYmC9YCvemVujuoWT1MsQIFQkybamzhdLOo2q5QWmgIepyJFzfvZIxNB9eGd0IsY8/DmrVSiN1M8QQCsGTsGz+CLwklmYK5qI0zxVJZDJfew84LRims6OBmTv2b3+jTRs41qkJOyhZV5H6/xoMByH8oS4c4z8MkWw9/oFkn5oqUkrO6F5WgiuoW822UVNw1weI2/twn86ahb8NrKtfuXdRy7gZ60YA2hC6LbW9DdSIhRklnMHcHheQN/Rr2ozH17BuVRLddOCW53wJ270bf9XBxru3sMVog0+rr1cdecUl5qItaNDRQcE0MWaIizfox2h8cHKVLm2pxVbu/cU8L+4/TAiL5I8wAxwIoQkd8bXVmmjafkm1huuGbufu2MDpnoG/kuxQ+g62D8VT6OSTLBTAoNZbSnMC0UOn8c6x951ZSSH3crZdRvoSydSn1AtGO9QO10U95oEfutDrTGeHppnU4hSsRnt+rbE1r4mLz5YOqsWSP/jsjkCbFFQh9wd+CkSkWck+mNakKIq/BXTXst8NWyNr2pWXWjkjSah5EKMcvzBH+yf8x2MbfpfNmluiLIxcL7iqj449zrXcqLSV3z6JPFgA2qFwPgY3dXB8axOxKbYSLh6PQ0D/JaG2qU+1Vs9adrnegtYCXH2bgkaGNNANamlmpH8Z+RmGMGpL1uRlrs0nZTcWf/HHsQ/RiBTj7dAsSkkn3RDUdd3QHiyeXuJFL6tNwMPKgR0aNjsx176iv+ckv+kTn6J3jUR4275s6nSItderGhSgcAjGqerMfpnaaHZEymhg7a3/WntIULB3gK4Y3CaahM6xH1Cz0WdoVR1p4s2UWg/fIoxtpvZxYN6YnKS8XD4Vii45PNsYxOJx9F5VMMMzfBu297bXjnt5d6j6hKsRU5dW7I7msOu95bgF/xAiEdFIfxBcoo1TE+B7qhmXOH1nP5tY5xkHPppNCxqwKu9xsN1Nso0irg9UakYkR6a7Q6V4h0PSbxssh5W0jZwliQMg80SttZiwh8nGjQjhmg2BFeUWoxLt81zVEPqqx+sihIHEiSuzveK/5kpbb3zOjR+D72DSeFh9Q1fBVWD20A75O7uYjgeTuyBaTgl3XdSMXt9hrmJRI7XTu200J7fq7o5MrMN5+h6VDUBzLDQ1MJpO5Dad8XDtCd4gCUdbqnNXed4R1uy4c3AWJDVKyQoZ6jwMEjxi8g+FM/FamJ6HOmzsZVGW4GKU+ShnsuPLXhA2IPsfkhiEC+r7PQ5mb+FQgtJ5u+xNWjOE4dupSNMS8NdI341ZAOPVYp8FQlvZl0nClY6uW5/cMRWv2PvosfZlMCDnScfmjSJTdDEHF9GFBK8ujnilHUm8VjIi5WvqdHQW4qRXVIG7gOZCk+nnXlUc925yUuuF0Pe2mhUpUstGVvngvEIquPu8fMl3IC0FBnM0ox0espozb8P/+JYa6j+CGIt+sDUrj+vVSv3skMa7VlVp5U511C0v25T0yS/g2tyJR8RFSbD3dZILNvHeZyZLDD3/hbJqzCGdo2NSsRQJ395ZOOwKBVqJfe2L+L296p6fr1ZPSmpA5pgls1ZQybFovCeBkdeJIS8izPj4OsLfqbJPkYLdz6cpduTKENJoiRGHNyJenr/2xFiceKpThklpbN+kWStEJMrbQq6ifRAcf7DBlfrVN7jlWVl3xIbxE9uycb90BpHZ3HrsDy0zoAuLXiXJUU3hEHS/oauWExkBtberO2QAiLJcnNM7By166PuNXKSYBkM0lE/aLLvUlfuRQAOKSC2yzZPjuu3jeAPN6trTAGkGB2AhF+ONNzzRqwNL/XcJaWSeE73w6PIuhLOhUwKyCgns2TpztwP7KqLF8jIiNkyVTsr8bed2mWdDCV2Wvm3XTbOH2i+alGIlswTXXtDwn2+oOAuwQh58yLPcEUGOR0H7XEkGxsVMvu3aCRbCAK+OkHSAMrf9EdGrIRFpnVhN/AA4+F8OTjodZXV1pFTiZovTy8a8ET68pDpPwroTGSq/nyfQ1RZ+majz82vJrjZF62q6az78jiiFgU1Zuqz1+H0zZv67H/ZTIYccQ0yiN/E0baypXbfnDEuhKiAmSHlwJjP63y3PxNyjomCMNp6zUZi7lCbqdm7qDjYsQESAymItrh87P4DR4ypmqAKfuQkI7S8sFst3Pmf8J1U0wootzx6NcOXrH4TXRulHIA9M+wHCAgrQVqhAc0iB1NxJ2IYbSfXgd0iu0GSBD3Xd2O/GJczorVbld4eebkggX5eEQDaZQO2KavBMwfsB+QWx2aaHzgWPqWXRFEQP2OSNCG8MFa3B+RhQmvoU4uLu4M5rWlnydYxqVSg7HGlSm8fZ8aRRacJ5HSCf8wdidnADIS7CF3+jtkpZ+PFwdrBzYEjg+o3yeKIYiiVx4jLJ1sDSba1f8OksB2MNtl+8ffG1CKsQvIzUqwDlOEmgqK7bt4jzXBfYk4zMkk1fqwjNosp7GSbfWeajnn693Ea3mw3mW5nFHLj8qlHIv7LW4UdMoNKg1K8fyYbVlikEL2ZvAfii2s3YX/GfyOOCGZimw/iL1ra++DSBsU2BeLfZRUVioQejovchkIk4Eld/QrMMYPMnJeuf0EQR3dsfDUdKIoCj3hGM1osssyANL0N3Fu9VCwMagePZq8A4Bes4rpz70jfmd5NYZuD3GezJ2tX/Y4l84HGiikmYvVWz9ODx2uWfPpoAgZAbMdFthwhIjefIJdfi5un8cysqw+Hp+yI0gEeqCZ1UwRRPyAgww39RK0aNQfi+imJo3J9ME2MOUXMpvbBCabizHnO173HPhoaWIF8a+4DUwtdFyZvqaIudIaxOfY86WIfzOkmQ3BnBjazlpY4RaVDJc+lk2qQ2CgFCdvwVC4WRjlTkSFMmmTdRMAGkFaE93BO0w/Raz94SVioUcVUaV0vvEDRgQYf+anXBjSsoaCf/ZUE2wPbdmBV5w8xSzGXOhfcYwoUxbGNjFYM1yICZc4Glet7qhAwNyI+Qj66UzxjIpu2HCVul4o7mIC8zHXjq4hTDodN6dzbgEhconDA30RtPq7hUD17Yb3d0bpA0Ug6PxsNxEg6kpyqe1FnLeQqE6e/TL5JfNed9hTMVJoup0vAjq/6v77ryafAiT5AuNwaEihshOHgofNS7QFXuNwiKkHsBh8o4rwZqjna7cfNovkEPLIkLtns6mtCyMVdArCmcYHyc36yAtmbR5GVEyMH4Jpd5RKhR5IE0wsCWaMnCRcxtzEfjBe+ChEUSChRmVyS64pyY5kL9r9s9+CwTinM0jfitkZIQSCOX5T9P3eJvmoLdPz+roMPQop875vWcaxQG/FkGaPKVdihexXtnxIzwXWqOR7h4QrWIa6yS9FYv1gwrEY1JxGRDxfQMCrXwfLv8mlZtg534CUwNgY9Ka34pSfj6WK3aQhwHtjzkgkoy9zKNYwgbWa5hRMDG47MCcB7r8rTQSAK/OMowfgr8L2aOzuzTxKwmMd0uZ8pNBBZG7a3CKY185N44zF/HKhsVO7i4ojjHSkLkEcedHNvMFAeTKxufACUyMr/XGw1D7ASLfNNUoAiNk8aTO9tJw4xTLSbhVitvXZpg
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a4-6868-4a21-8b76-4e6a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:32.000Z",
"modified": "2016-03-17T15:43:32.000Z",
"description": "Locky",
"pattern": "[file:name = 'd4fj2sd' AND file:hashes.SHA1 = '4d00ff6d9c1e3c56aecf08b41f67d2ec03a0cf30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a5-5468-48cd-8c83-47ca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:33.000Z",
"modified": "2016-03-17T15:43:33.000Z",
"description": "Locky",
"pattern": "[file:name = 'd4fj2sd' AND file:hashes.SHA256 = 'b892a28d847a0d8d814e3447335a303d8474f17da9137c902983b518e2df0fd8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a6-63b4-4e00-a61e-4849950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:34.000Z",
"modified": "2016-03-17T15:43:34.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHF9cUhT7M2gKAgCAAA+BAAgABwAZjA0MmIzYTJhMGYzMGMzZDFmZmU4NzM4ZDYyZDFlNjBVVAkAA6bQ6lam0OpWdXgLAAEEIQAAAAQhAAAAqqI6psTukqMTvJBvMBpCBPyhP/BK+d0qIOGoVb53QvXwxcBP0SgDOC8zPh1T7H8TSkkiNCpeTPCU34ghfGGtNrDszphQkowiazYSaqTST0jG0Ez1c2SWA/hRJCteCWKi51nXB36z+qg2oOd8jvv2DPYF3bjiKJET13TktW40UW1lj9nkFmbZzqd2s5hCkceCjvQI/Ed8I46B9bMzVO7ucOg60IAel1s083b+pwjbrxS4jhHaFB+NfRPdmkvAK9Ev6EyMRqCviEmInrow0Bi717BPYvdTgjme/Lpdo3XJgukdGy4IWVBRKYfu0CAYilaOcUwFY7JvlnWnpb4tnLHSfFIFcq7ArhzNXSAHNkwEz3CVfh5xOnWO8GqNxZS/AoCaPMCMWgBEwHfPupluEX8zY2BWelonpA3SxC1y63Y5vWjxxrjo95wbdQwZjsEoLR46+a7XduClPZRGcMXBGzzpJq8SiF9RZ3qipV/HtadJP+gJ48IgEsLoZyhpad4wSfGksfUl2rETLw1Lg3/UTKMCyoDgVFX8uUhe5PTNyDLnS8AScv1TD+0MlXOlJcjfFUBlJAaedPV1vezjGxqanuUjTNk4EPywcDltgLTyjMtIDt1TmfjG7TyxprQYsr9Slw1XizF7twifkiK9c4uYD2NP8ay8rKH8k0NYEVjRRS98U95dbawi3Ak8qTnhwkuqS4QRmZtHlmS8v7sCxtJBOTDj/hryp/nkLjHm7x1x8rnGWNz6n/gW/ddytPBB2iWxFzw3/5LqhcKWQiR+6cYCiO4VkX1ZTPFcprsbsiZsz/SrV+DuUjUTkNRf06yXFK8A5xkYnOBrkOsg18P6f0gI4ixLMJdZU6uqJrKymqW3XPOWVNeHqTMlJ5Q2GeDveoS22KNMx1b901Xt8/DA55LKuH3dU5UCr/7n5stiT0+gKCZ9nWKWdnP3EHrNy+13eJNsbFVUeyN2/jl56RNg3Ua+3xbVSiL8TInSqcDljTsNRgya9pHvqb6R/oRioQG64LwGQhb0ijMZ3k0oj2mrB4Xpoa26Li9NPfQvC/tVL/bs75NRGHWQ+wSVWuSwGvsKOxILCYU4xM+J9QzII7A4oOWUHpnRvney5N/6FYR349kafAXnwO/QhSFZvW3n8xkT5mGWzmcVEhN7FqHmfWbaEuIw12FUBMXkZeDQ4tNUQNEjUuJ1m89zzavHQr+m5wRxIearHKfEkMUlM7qBdvuJHE+J6oKXVSByKCpJ0R0uVlwnYQaB11/zUvuggbgzDzn6n3HV+iEfHSHGfTPrBGTN4gEYUmfAuo6BzTWD8nEdkDzvp3y9C/cJHupyO6KhTqFu/5lPB0n8JFFmMJsuvijaefqNVpoPANBynhWt1VOzXa7OupmtvaMK46xiSF8GCZAOb0RnZatHK+Xdr8RmaQcsFh9KbU3jxXcXyokMu2sJaO/n16tCss4338WAoVvTDHQqCfMxMFO1H4jfMX+CTMpuAHXCRgYXxiDXSVxHxufY+Prpwv3DKM+6eVAa0jwiaKQi9+XZ22trune+F11wglloW0zDyqIlErejpf2OpLkJYitZ34DIh8W028Jz998V8mUn4etmoiGTvzWrt5CPvnw4WLzBJIvA1K1ofw9OyD0DqD0XOZrtCe0/rciG/syitk1Nm8teZqgyJGsRzMad/ZX8at6NmoBzapHjpDXoMrStBUXai13axx8PwO5/vQKSBiW8+wSAbojkFCAiBy8IS+P++4TSCkOSA+iHB0CVe/RwT1sWLblWGSxjU/or0CYs5J/Fv07/a9FxLLorSqkO0yccdl2cLpXWfVlQJNch7jNrbS1rhCbpmHDK745RD3LInu+Owb7GkYu+GZzJpwtcTJJFYMde8O0N9lnfUDl08WpH9hBvx+jiB9ERvAcX3Q419IWRMKdQmrwBPuQn/iVMI4Modyz34VJBb82GtrVziCe0oryESvbmj9ifsESJqkrjHbZChb+nCtl0yR73K/Bh6Iym1/1rgFQSXsOa3dObaPPUAun4A2Ei0e2fBXQtN0tIeUT1Ugjq2vF4CBcWH+x8CACbO4hhYbWKH3VIIxedsbAJd+eD5J8gYAFEvWBJBt10CPbZQRd3mo11t11Sz5gzSoa1klEiyJp63rm3UOIkQFjQDRupqRFn5TyagDmgWohSuNbOjgk/zEu9FGvj7P8doWTku8RDCtAj9lqbIfzhD1EStNCrySsdgNdznxhjdK7FAamd+8k51/bHJjNbM5Icw8dCVa85Y+3PZV5//c7wCf20WsiSOZE6A9mAEEgzhXFTH1g2LH8zINfDvq6cpLovfEDasYymbPwr7jNFUqRafUPVCqss8UTb8zRC1tZ8Y7TMa5IR1Uh7Nc2W2IGbfrOZiK8W4LCs0iLA9GvI1NvoSB+pH3oDFDXoOVgDFpLESqnVZt83A/To5DkqnNYTgc5Au3ZWkrQwirywFCAX+r+vq4UAcPw/hWRv+3fzJ4dUV4GdLkfcAnMuN/iaqX+dSDub/kXrz7uV0UsLnaslI4NAJFtrL5OgePieH5BVCLRVGkhrzNZ6/An/V1lpHk/D/DcATM0MuA6oT06w0FxO05mpMeB63vxnfH5UK9+M45Kjmz4FVAjCclBiLZRZJC6LKBjJsdBhadoVyhwIeVuWbMNSC0CXuuMEPHauQ1+g/W28n+Bvq1oopIwjUp3wWjXQJTi6d3Z/goYFEBwI4O0Ag8CirQc/tpQ5/vAFjHwnrfwVpslkXIn/6awymAbPF0SWrfWOvxLXpZlNMokqs4xWSpMWdCrsrcjeoqhaoTtIl7Kk3/bK6qf5xb/9qRIIriZJCGev+VeSoP5kj1O23Evoa79/vsdbuqYOzB823ZATTL4gjVrXFv/6BAEyuEdsMnd+diYzseDJK96OgM4EU+TfgcVlGgHS8T5IwZI2OjGkSKTgjdS2Z+76DF/UCyY0eE0obaAf5HvTg99vuSbaXcoSqRTD5hnRdg2QWraDDI8Gl+Dk+/noLyn571apn8V1qkcSwTcOL1z4ODJSR6UImbwRZkqS0nbnCqtGuiinop1+V8GuoI5HiuLGlC7MhvYgsoTcfQ2KsqtEGuXmlcbX+17VPrZ6YUPRHYIAJEfC/K4xJi/FAIvosnzWdNx3VVQw7afCyUjzmHrmsgOGXL+9YyoU860w3H54KMKYffmX+o0R9PDF7NtD9NWHlcZ152MYs1TEVuPl0eQOWoqm50oRnGR4XJj/UTHhNeJ2v4fZETgjjE6ZVbq8kGE8+iejlfroRB9ubiP5tFUxdrEx2WLISTCtQcUAHe/qMoodvpnqclyv4CT0v0RcosP0vSReO18i9gYHVPsAsZia6kTx6YukxHpMRcoC+rMEuvNayEr9e7vQ89rrtQVi0C4xMHeZmYZDXIGlWmuA0Cr0sS1by0zA3mq4XYkmjPDp3dICcOjxVQ499jvHaYlJ3baj88H2Km0F7uaEFKNHTOKuNTFpEWtHXSQMpg7L9GJt/FYM41LTiYMwoOSmxnqL6G7EBvQNfNTP9eiFgszRjUFSP0C2LQA+hwM68kqdzU3n3tfLNqhKwhWUVWrAG6QJgauY/i77kjeQRH2+1RDiWr6TUcImtEi+4v/6SDu7KQMse1Hn0G5VjlWBxOllxVmPENhEzPqTV4NB/MQqeTKCSqi7hpSRcXFg63CQoofELLZhnJMT0RY+YB+ZNOCom7DYhW0/+2i3b9AB1PIhRHD/2mxzB5EKhAT51NeWJ7IKGVg6bExdyMObtvJxv56tE5yEO9JDUlvorY1fmHgCkrn9pZo7ehUBl/aHi5b0+Iq5VyFaNIzBFgK6XTvO4+K42Skw3Boza+DbW4MU4dPK2fb6GGBPL/KZbwB9S1H72J34IUqAWH3kg87ppFowwmHNlkFGwwVb3Ti67sXqBXYgiU29sSs26k
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a7-e6b0-4969-ac04-4c4c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:35.000Z",
"modified": "2016-03-17T15:43:35.000Z",
"description": "Locky",
"pattern": "[file:name = 'fik3n5as' AND file:hashes.SHA1 = 'bc0d00eebf2477f79d1f66dc064c09c0bb7ccd57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a7-3c74-40a3-8210-4cc4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:35.000Z",
"modified": "2016-03-17T15:43:35.000Z",
"description": "Locky",
"pattern": "[file:name = 'fik3n5as' AND file:hashes.SHA256 = '432e7c42ad13c9993ebd4f2ac8fc124fa792426f48cfb5c21f640bccfa03d543']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a8-a450-4141-b8bb-40bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:36.000Z",
"modified": "2016-03-17T15:43:36.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHJ9cUi7VC6xpggCAABABAAgABwAZDdmYjQyMGFiMGE2MWQ4YjU4YjhjMDY0OTA4NTU2NzFVVAkAA6jQ6lao0OpWdXgLAAEEIQAAAAQhAAAA7+65ujrOrvcwVVgrrsWE7xGW1WBl8car8JpP1TGeQrzcpRTFpXv7KhHtHdOIGV0c9haQGt1r0XTfmJnB3z60kfs/7moW6ITyv2jIJ9ounL1MM3RpneelD15jqIDMkmWcquxzxzku/Hb8V+8xq48iuHNODxf4rFDbxLD0rU3aIssJjnhbO9dPVCcV415/gGpNe3LQPRNSNHoXaNB23s8Og0kTVtiZBGBAHxvATguAwN+Sn2afuHJKRqbQn74kwKNAXx8cKPELIiqlAbGoDOhoosaR/ozuZG1MU3gb0JHDS/QIFXHzUvwNi1WrvSeyNXwIXW66s5NfxW1wyVgQegbwODYH+F15wfm2dROk8AqBajTyVVBuA2iCwcIJYQvopr89RkGON7rIgwM0NwHI7xFkgweicAbY+j5K2KBOHdxImuW/r3RSArRE9RvYhzrlZGGgJOpGj+JBOr8CL0NmjQ3odALE9xo/wcngr/7v0In7CoNIUZQGP22b/qEL8yIuTMFsWyABKIpWE6LMPKYyH7QwmS3RTB3udS6pozwkBJx7GTaUQtSxy8A6FuJWzDOXHctNdV3xaNJDFq0vw5KIkYjudGvK9bv+SRPx5W6/lt1jnBZcJ1IxNeBnF6JzZqqI19kKj26XxdRPap/5IaNi7dj/ypeMjUrAigLuaQuAv3BPav0MmFM+Sm9SfYdFXNjxPKXgvNRvOcRjW21tTemH5yRSBvaNIgEIl/RmhfHhZZzcbgV6qm4JZ9bRnRC0zgmQ2Tbf1tZ1tvBJhY6oUUZnmSs56TbgkFRtiQSbLbVjZbJY1GYOMWPYGlgoHiJ5HsbEiyBGZhMO/XCtqEK2gE0EMG4IErSwyshrSE79XhdzXWv2Y4Ky+RaSz2OEVxpLmkAJ97WdCQQiJ9iAvaQ2ncCYCV+5eLEJzuVEb0QEirtcDnhqieU3c0sbAc4V0UpKt1e2qUvt/5X4z5Rer2gQ7QqsNsly9Dv59aq2XEwNq663ozJ0R/ss6IRfgIUsW8v5E9I1iiuS/y4SGf+1IxL/rECff/8EHbKbDAuUb73rzfvLVddDytJCVsoELY/P3jUM2OF/J+7pJtuz/e6kYlxPIS9LSAtRtnKYpr+PZ+e5yt1ZfZpMmeA78ewJB1O1uZzGP592nV0BiXEFKI8TxJAe6Uwdpc2vooeFa7jrL71aJMB098wZO52EZ/Mczd9G7kqWKh4r3d2rWq0SgPaiPF3x8By/ZhCHfZdSdLJVYEjtBx1VrSA4p1o4hEzTsQt+lvG1MsiRMOGlDy3nRrZULwV+kkaIboGFC+k1fiw4mmeXR+HniaktdbpKaUw2e1lRNa80f2X9TJ7ZG0XBo8bU8jio2biPTRYe/fi9jEkN9f9zEcosU2cKrEbVzoaRn8NsFbFcxrevIbcNlB4jQXVo058RaEYyl7k+kJQpr4hMuKx/jCE6DNLqwPuW5tMNVS40tjL4MYC4LWKm8/Le+DmIifdxKLg5WlYoTni4+nFFs2CWfEi8RMht8AF0nLguZltTB9tZtR745hTHAlra7o6zA7DczHyqj2qPqWMq0LrlZYvZVxK48RMYQ4L72dFJhjI1VaH+rMmOEK1sBOua002/FKzJdDPwLbm/dI97JD5pg2DMSd5bnIbddzadrrLAU5DdyKypYoqVtLdrpZm7JwYmNFumbzOR5Qz6D8ymMbUHDdbTMWDFLWXZ2SDCFKNte3llPKsrl+hgRBy3x9MyMLM5HdW91qECg4iTrevoBnwqRpuOLQDmczc7jEFmpD0fr+bZr0/pialOY1pjgfHrK6gACPno8Zgkq0299ck9ppotrVE4EUvMkGPX3JEpfjm2h9wrjjpNDze49MeGpePIbfNq3kelKsETUvlEO8J9uyzCi/KwFDN/Cgl3c6Qb9+SqMnr9zNzyJOBY81D+QwyZKaEoj+G4G+G86rZcJVMIlqc7ciXDo4mmS8slPhaJv7B+7I4F2iseWvOjWMhEQlQgHzsyJuq+e94hT0dkw3v18mIiUC3CS5MivUuv7ZDgu+apbq6TOJ6TogzM7TG/LNwt6Xokzp95zXvSDhAvSwGB4rruYSwN075t5VJ1mDGZ8kGAL8b4d5WVpdgnU5iMmBddBpUrCgJv7Jll517/F6GzNcc/esJit+v8c2n25je6+wJbk10awoI7zgq705Ab+/t3V2p0zqkegQfFj1Ut6guxmCRNa4MfTWOLIU2P38a0onh+T2lIqH1OQd+19q/tf380OAUAELi8Iv4i9pnbuhiewArIldClTsabqhz96kqn/DJCbE112CL/3nJ7bDNHk49myS/9BTimJCizPxRz6Ia/CqWxeIJkf2Bhkt02Fa+Pr4Si9VUukXgIVogojwfgwH/JJclL3+zOKt3dPRHV78ZAq0LxM1I9Mmq5d0vlSrA7+qyZ8APOopzxQ8OSxLYrDQl8IzyxT4ak8CnuP2ohvGmEYNo2st1dBhenBAwf4q3Q7q+lPT40h0QDjN1BM9BY9WeXsQtkGXbSopaFRJbxNv5takzKm/pnFx2jFTldPHqxfLEJ3jfNHMhc/NYhPahaV5FLKR8vETEf8Zf1icNFuMnheZwcidxDlvdaNRhZmNm9EPySen2c9G3eMqQPGUwtNgUmCJX0cbStlb3Hwmtg8oa0lTheGsWp3oVvhmQDpDCu6wTGdR/1l6OmHd4YaNWu3RbR7cKr3INHzRtsmh8rqU998CoIEqcah3JR8UPiB+Zord7z1ksd5DK3WoqhdyhegKwC+qN3w166/hkpq5DTS1qyHHy/nntN+Vbkyj1ayN2t3PuZb9Q607/ZxhGx0d+mtxt14Sgius8CreG1B4f3WWEQn225Y1fmt+H4hMlYB6YtoGVLhnJdzUD+3yq3px0PLDFMc662xz4+rM0dZhbZOUG1sy6F3uZ5nh9lYPIMqknr9WjYmIiW475O4UIJ1kAKoFH2H/GyZR5YYrBu6n70z+/oqmeNJMtW78tlLVzFt4BgHKbyRJ7CpfvO+ZEA31NDYf3M47C0A4D5401gWpQexnHSClJ7YasZd2Axx0Cu+PTKrn3newbQaHPg9dG9Dfa7dOp8BnwaXpTi7aInZxkYEWZZH3IVYAUo6abBfd/AeixUeVFSK5yn8k82dbYBUiwJ4lKOAlO5PiGhQdbycM4LeDkk6e6VApU1QIW+ylCVoDWeWciDJif20EWnRE2rhEbZxrlsELE7XDOwF7rsFe7EsSZU0lr28u/vZ1cDGX9eV7pm66xnOsbmDvQWGdU4jMu+qVFWWSK3bory2UvE8ny/2rBX5heWCTcIn2P+nvuu6IKiU7jV7svo5mOF4MFXk2LGi/Qf8Uq64dNF+0pE5vNd8bWBSvFfuCIV36rE2/KKsmjL4DuPFxkPoy8STL/POoy8O7de0YkSgzL/TQxyJkmTKTNcEqlTlds7krzCOOLzcR39DBdn0pzulcmlKtYd0l923UCia50dwk8MVz6l1tknAtQzMiY7T20bVabXSIXqjId5E1ieZZOEDmQdK0dZ5UZ9zSZUjhu/1J/rOY/GgkivizzO3nCkjrSTWJZdRE77qaFgMnDzn3tdeBXRYikdTJLVISIZ4hXzBwfmFv2T7QkhvVxn+9VqqJ9OjKwKjvWZwkIGs+K2AdCk1Nl4M/IBnKZ2lOdyMAY4DrBH9UjD+2rcWNk+T4UhDgbfzxbHIXjHDKWuGUIgTka7l0jJDY0vASMkHyyBag/GLilOooKNWBXC7nGAFFi62KBaU3qhx+wn60by6tGqo+JOyrWdPTvsMmbBrLn9U5/VU8tH0uPzgnmMn062wSljVFD66hu7m6k1WheKw0K289c7bw02oXRG7RhAXhjhjcdzdQue1/tGT4n8lmUK9B8bkgJLxQAwlYijl30e3x/Rw0uAr3GQC7Pxc5HARg81BSxEA/+jgC
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a9-e568-4064-92dd-47af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:37.000Z",
"modified": "2016-03-17T15:43:37.000Z",
"description": "Locky",
"pattern": "[file:name = 'hd6as' AND file:hashes.SHA1 = '29a429ca06c7ac4e0df4432af6d57ddb7d5c8373']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0a9-23fc-43c8-985e-4b9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:37.000Z",
"modified": "2016-03-17T15:43:37.000Z",
"description": "Locky",
"pattern": "[file:name = 'hd6as' AND file:hashes.SHA256 = '561bbaeec4345c50699dbdd373757b039a7cf4e03c54d3765ece6f5d274c0612']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0aa-4ea8-4931-bc7e-4de3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:38.000Z",
"modified": "2016-03-17T15:43:38.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHN9cUinkWM4gggCAABCBAAgABwAZTNhOGM0MTcyMDA5OGZkMzM4ZGRhYThjOGM4NjhjNTVVVAkAA6rQ6laq0OpWdXgLAAEEIQAAAAQhAAAAOXbdJ30aK/6OSsKplZ6h9bvEOvJF2KUCHAqN+NOJUFsusadYTdZI/OasczFMLP33yXDgIBVLbISGiZZx8+flTtdLtdid20gfl3+hWRKjHIGx9a9jLWSnMsC8s1y0Mq19n6aR2i0lDBG9CW7U27hXspqaNVvOjd301gCIbhrPawfzegK3i/gbGvIGoGiFkFUakifxJ5egvQW5v9wMfxFU2004S4R3Oc+0BwOs9l7gXnL3NoQnb9sNKCrkCYAG3N7a6bFbAKPVMBMg8CFWhmfBZceLxqDsqPnmKVekQHyk/Sugn/4ytoYVm2Vj6pIEHoX7s/5mYw+lq8RwbiyKSKPDwVchpctE3Fse5AXyKYluDFpjK9hpvNPEAYmN15DRCFohelph+DqkaZV2lAAvL1hEkJFZMpuYn9qZ0uH6ZLgA+H55OCKhZuSn73O1pk5XnoLJ0GKUb7QlvSYTWtYQucHkzQA/eHKXgKgMSgvR7Pp0XAj2/aw4tv0Hr1YZeQC5M2Ym5o7FRlfA/8jeu66BMPWBKLXU9NuyQpDY4QEj69Bk0BoITHk2a7rQQB0pnCabyPFA9jdkGMo2cxv/zwXk/F9/FPy8Jaudz9EgiR+bJlor+8+f5+PFMjpmcbPzIvsmfsoeVYjegRsAPWl5+gScEezgxKIqSDZXAyQIMwcJbyoDINT1g6c98Yfe3ezCn7i3J1DbSvJD25AlQIMxGlCvKzVE9i9436BwxZKAA1EmRNuzePAB16tRli000oW42rhzuAcUWVusNqNyjs8i/JlfYQETOLNLDsrlbl+8YrhwPNP9nJkhdOrjqCRg2GP5/H0QDTAjmUWxTkzHKKGwjS8m1ZOhWiwcuWotNdsIEUu08eAQyHwkoIAiOqe2GC0SdW6CcTnVE2HD/AYn9gHIb3brnyp5rsXYAH0AWlrNbBBc8TIcya/WdpUp0Dx4QGQDLsXnqDS6uRLIu9ilybuuR0KCL5q3zjHQ7mSHFG3w0tvSWHHbSujNq8fiOydIMG+70cBBdGw5DUEaOxp1/uh1ZFlfnM3z4/ronLiR1gbrKvK5MbB1Q2xkTKpkpORHCY7m/WMncpT6oPEK5fGoAyYXd3dQHyhoYDgGVxWo7STgVjkR7rJtpA0Xy8yuh/oj+jcM9DWbfWaboIYwmQ3XLIOgKFMaTa4ROZKL1DnapfZX+mvYVBdzHIV90Y7/Z7QCsbez8DtCwe7t2iMUTlMk3hTckWjG5bBHtDDYqL5zOR4SLwvFa6+0De6y3JjjiqEO3eLUHeRx91CRbf0LHh24O73ULrlqZz+6SWs0LS7Jm5N76S0ikN5ZlY+wegOMX9v1arPpLlwP+mk12CqBaBMWsS9pqZ8vCny0GMbqjtgisklYAx93JXYA9aAokV7u0KXOM6zQ9Nu+9DLPHya1U2hUvXQ+EZwHmgojnT+nLMrS+5GBS4w4KTzMWje+V4xkb+3qJjumkijEav36/yI3Ndg/dMvssqJJunucGzLTv6y838iK51ug+oq3DkRk0g5eljZ3rzWBOOjSh4AIBYCYuD3H3Ru7tKx48dBgNktW+dHDWREOrlybv+RgUeNGLbJL6A/VPBdO1lAsARRwZPrZPwE1QRZgPXiK0B+yZIIxWLtMXAbKsuWzROWhvgFGoOX27Z7CRWmTfuo8UPpLkdf9W1dEIcZXyS/cash1Ct9x5kJ7OBco3E0UuMx3mbCIIX9q4KtOmv4JC1LiiirGY7+tSHnAlcuZyBRnK6bNn9n7okf/5rMZkS8dKuvD8MFg4ve6Q46owEGfvzMpmUam9ihh7Li5QE/UonByKlnkuo9JboGzUME6pIbfCu6Eyd3Y9wgB+Lj55aL86ar1XmafiEBAqYxnT3dYZ4lJv8iQeGu6tTjkPMDgFT8yQ5c9Yt/li2dFdVbvanvalcxU80o+zyyzwbktX7xCFvStPjhXf9GK6Gdx0R6P52Dz3118V7nlqZ/+80NMrLM4PsYLDTkWY9TV26kTwjzzCtF4VRDU+neS1DRDvmTnCYGxvXsmgqyRUijgbgZR86uHHe9HYVIZsnRl9McGgU/TAUje4iGbSXnJhCrL4Q3xz9Dm5hGWGOEIrwQd4ZPOsV9nkkcOdjfVgatSIDewFLIisQzM1YptXknoKdhWjRxqtzOpYvQeZwRCUF00PtCYcc81/kj+PUEx2hGZNAtkZTU143bHFtBa4sh9meu70xWPqL0psPEW9FKZNB4W/pn5CKanJpIQaZdnuQViScP1whLRXe1Oxs5Es1RdmtsqxzkFaH02cW7Fxf+9+yZLWYz5qCyNAHq9NuKdZ2Klo/gLR+ELTu75s+3CxIL7yxichwKFaaN/jC8aGGNlCU8jw/a8AEFrkLStDT24SfybcWb8fr5X4But0bXXNewSYhvdNEvwvPyNmaMkSGxnmWaTof4w6RmimTlrDpi2IIb2+rL3n2sB8wiWah6ug5lJeZWDjubVH4UOsHZOtb6o443LtmC73g2Lz10nVpUL+Iz9c8eNyWbpREPWSbEpXewDqm/lLiIKbufX4JuEKJ0PLdLBYlkj9zcr4EwS73tuKgVbOBXFgPD47KNwsxmYLvu7Xwuruc3b+pnja8mE3eRIw/QAqsPXoJK9HBQMnQWZwdJZdQ6QXrJ4n2M/Gj7ArzkWmGlQZe0KI8MgL/WBLP0Cy0LR01A+zYcMhLQgBYa96NMBVu6ntwrOlZ3JKO6WscX01DLMizv2Q95WR2dgaHPCMPkw0fHSruDrGIaCkrrGxaL6JgIyw1Hm9FTgLPwjsM8V+JvB//Eg5kArEILCyTsRWTO3399B/pikAOB9Wnbyb/O5MMIOFiwhREpP5u3AV4/rH4Oxj9DQKpOTB2bdR5wQ9UeSeO2JFNMkg/qra2X0kcSygoUqE6NxFPl/BmK/dh1/SsrKMV/BESffxrx9l1iJUfYIHF4D7g8ghHU1oEUIkO9MwBeHT5BaX1lET8YWKjbEBUCJGs0YfyU5NfzY9kFKpEf1YaYHoIJmlLwMgjbUkSSRpY0I8ekr9K5JwuhxiVWNa6/raOp0S0XmaR72h7QCbs/0+KbuTFk2M6yWLIuNfHAMd04Pp6GYmU16p1vNIddpoWyby7UZCNTfU7AMa0XsmTiHqcMsXMfuV/CHEd8Adm03IUX5bl5kE4S+ieTScffJQ+FmVZ18j62mAg2rFAWNd1LUTHiKIXyG9p2T3inZojk/FrDhEmBzBMUmj+g1RHh0hXvi/2ory/l4g7uGd7GuEU3cZ8nWUmcHxvf0xVhaImqgtvxRW/OR2xJsHI/LKLim5ZFim4lZOIyQPtzELMk2jIKsXE30bp9636usUUwHc3QWw5FyDbW3uVDR/dxTpx4KLWoXqxXxwIvCP/fMNc0vFqD1kDtCaw87P58jW76x+TvNeqS0z6KSdclhEEcBdDL60YkuY9scldCOEKlqtuVKMAnR+j7mt9kj+srJ0BhznHzyGZiooe+EMyk9VZUuUGA8b2e9RsMXuNOY89Q/nbCFAOzamBm+zuhr1N6zPFrgdCcVjCMdznUkKEwCIz6/r0MkoxI5kliWFivlzTSyoH0Sqo6X1r4tgHKM9PWYM1PHgG6KHZmjVmik/+YM4jhv3M7/U3btWf9e6Ulx2GkOq+L72gHZWrlw4Dvr93gAaMykyy5Y1qDjnjJnL5SiId4wm2+kvWGLu9Xf07WVoBHVto1PTODwuEYDng0WT7pSCwpBZePpbjRiJqNLWNI27glUQVRaCPge6AaApJyT5/tVwa5UDcFTDykPmUN1PNMJk6rBC0OgjvGnEqcriN6ZDAHCoUbmYkTysvolZgC8zhQ7xuMdbO0R9xn+lKwoKar4T7hAgxqdJwLpfjGP3JThnWVBps35Ml6FhP8D0qIiGg6+vFOYYvQGdKovsylO6Dw+uAaQ5ZATM6uqf4a7wl
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0ab-a334-486e-b6f4-47eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:39.000Z",
"modified": "2016-03-17T15:43:39.000Z",
"description": "Locky",
"pattern": "[file:name = 'ne7ue8k' AND file:hashes.SHA1 = '2f5220f482b05ab85f7a0dd4c44ead2c277bc7d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0ac-e5a8-41b9-823f-4c1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:40.000Z",
"modified": "2016-03-17T15:43:40.000Z",
"description": "Locky",
"pattern": "[file:name = 'ne7ue8k' AND file:hashes.SHA256 = 'f219c3f921ebbb953c262dc28188135b7c7ae5a6e53bcd9f817629829e87f099']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0ac-f0bc-4f41-9b92-40ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:40.000Z",
"modified": "2016-03-17T15:43:40.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHR9cUgFB5BQNAgCAABABAAgABwAMzRiYTZkMTFhZTkwOWNmN2MzZmE1NTQxMTg5ODJjZDlVVAkAA6zQ6las0OpWdXgLAAEEIQAAAAQhAAAA7+65ujrOrvcwVV7KlUSuwCos/9KRtIxS90q3+XwdKD4Wps09zrUC7x/8v/yBmEnqRQ7G3t4H9PMMF3GnvNSixnEhIvhtQybLtJqPjdbj+VUAEinvn8YQRALn/3LRNM+RwILIY82z6f1eLpPboP4uAMYnXkollNB77JEigERVi61XGaRDgAPEF+aKqZG/k1WnNcjAYYJIt9VMn+lQ6/maTKcNtXHaBvxxo/ardFsNKDt/fBVy6+QLivhz1sKZh9lJ3PRdb5z1qhdvUQmoO07j90jEPB0pVASUWO/+faFpsxI7NUyBtzc+zHWQuEQGHJsKk07L0qc9BYlMnpXSX+WFTWhP3EiPxN/3fSCI3ooEBmwQczn4HOtatL92q9wbOyPDgotTRkj8JMyeO/aLqJox6HNp+HDCHhKjfI081zsNnr1OR6UrpComyjNMdq3AxQvlEqNaccgvohVcrUDuytqoAfzPTTVlqY8HpGBLKN6QDQI3Zb5L4HtFJ81O07qKKjui6lBvho6Wzr5C8RKNhDXlraDOOo2Z5gZR/2Md705PEOMNoIglvzWFgVVzJUPeLa/Gcq1BYy2PNPeY73pFbvlW+83a9ND5hnEI3Ph3pYZ2B4LRn3VNcc9L0KQD/3ujVG7eq+TjWrhZvWtdVrIXd5y2ebIMhwkCY9bK7O167EUZBkAwGxhB6wrizvIRkcMOTnaDcFv8vl8MvWNi1an3JcMSm/SX1Y3EsHDgcadIZtTXlM2iG5ot5+EusPYS5C8c9Iv8Xr7lfCsiX+QcTqVWJJtl9x6MNqFmfqdE04ktd/szXRWf5Xd/8SfudXH2LxYq67BOfEN9iMKb+p8sl5fOw/6bAJxptAPFC71jhNMp0VXAIyV+t28rPd8lk4SpQIHzu9TRebrc/a3UirQH4mi0nVPVKdkpJD86GIUD0MyoLakXnTKfqliiQIir+VMyrJxh6CawdOvkW45na3V/lT5Cfm+mzHVDh+Vdva3zFlGSr56M1Pz/ixU1Y40/a/2KObc6c2BbWfaOhOLl7OJ1Cmv13CASYxpAKNTRmfsleznkkx44uxtnhYtnq7/cEFTmhn9qGidyJjIpu6OdUgCfYckRxg3xHv/mitV8UeDRjwHHPkQCCAwh+SAsE5Q1p+SKxs/Q3Dp5NMLgG48iz0y9uIKbjPKupZ7un4KYmX8afvjEyaIFTb7G4C/TZh6sqSHV3oxheaFzD6VqMfkOonmTWO8C1Xzt9RhwVvLZ5dpXEfeIkNx5JFfNa2roLpHG78o7hmLHemBgEMuE8iJ+0VNmBR/2R1KgCu6FqMa0XF0A42m9k8IZLOeW9GxPCENYHRCMNovqlwJDuHaGVi7inNDQqqvMJu/QNXjz+PCCHK4m3j2ZE71NRX6vJYMxtWPu2FLCRuwTPwFmRT3iIdnN3CSh9Sb9NEJxgYDsSg/2wpDqGGSOjccUFPJfWbqqY95UbCOIR4ZspgId34qb6PI6+yVJwLS7dI8KtQmQVf3OiFcEFiekRR482TuLin/VsNZGXzzPHHzIw90z3CGL8PdLnPvqrKxcn9mzLRDTuOBmfcJX+D5PhXHoAZnptbh97DlmIMsMOysABtqhQNn5/KdRUB3YO5e6G2gOE2o9vDXSLaHlE/5gjQEmhGy2E9CitbBkELdm6s9UHAI/x09s76dnNkfiXkd7QWfvfIJhRPV3suJ2Q2CTyR8P3xST4ySOi69XuoY8jvQqu1nIcFaBX859NFuMTq00YEwIOzo+0vnCwBXkoeSOQAUX7WQ6szAUkbYUJgDgrm2cdF5K3656jGf7KcjK4Aegcadux2bl0ClQnouy4PXcN+OV/T34IOqWLH8vH55aTbTub3LmQTPmmgTrE4Octliak1Mn6RlUQndVphwdVp4iX12YxjPpaT6Zte5BX5dKJys5mlWR1tdESf6PAcnVtTb8PfofJ4R6Cv5/xoKy+54n2tDcob88tMseAQEiz8W1ewF/oni3RANUV+4YiHamhFeYLKBlKOYQz07Awyd0fo1Ner4kh2fu15d2sDMOZmnGLY5SwEoY/8gHPMsewshkPEas6UZBmhKufQDhTYpOdOTIldbLBrPBJyr7kcmhnKKOwnQEvJE5CCI5aiHhoEMXzKDLmWcg7uSvDFnMMzug6fD7puai0dsm3HQqq6L6eY0QUcaD3lAqBzixAj380ZPEVz7ucOFyLQ2KxcElicDj7d/r/8FtGmVpEl4MB1RRYUugy1L8TRZUmigYXZYvsjSb8RcurAcVKQkwS+zRv143/g7a6k0Ac2BSXfSY6ok5qnscrw4k8nDWQUfQt5moclom2kIkUJq9MxdeiH9wQWl2XMwjmW5l7Fk9DIBPF/Y/eqEKTFDwNsFs1QbqJq9JhXPRPZijtrFvZ3huUvG8yakD+eOzkVT2rbxr8gvUJwdyfhVKm73Boe78e/FtL4WY1WzWPq0YtDcJAQl1Ec/GZq6e3x03ZmNSvT7S7OnWFr58iDPiOsdPLtwFoaqCeA7vdjAG0fgHQzMfMS+8k3wycOAwVnmo+aG0EqO0bbGY2Z5EhRml+fUkRfMhb3TZ8c00irIJYNw4bU/xhhIiapkYXpPrraEYDjgxcTQRQ+W8dWpXcNHKfgC7JP14BbAEWvZ8HEVJMNB/KJjtLASEHSfn1dfTWF2vaEG+CYIcq9xkOpcXBI/UVIR/S/HKF51pdsqBFDSI2yS73jZOTG4P2Da1IeU0KywYwFgTmj+meOvXKnmxOJm0d550akjgmnHUftbfGUWyB8UvvQSIpBbS3VcVSyImQH1iNRE5oNS4dGqi1YZjViaW+4nSRd5KHg9m0BUGTcpLOiBPUI0eLvSlWSK4YZAlA1FAcwHfq3anUoM2EtPTwWzQ0Ll5aUjThloQ1V00DYgyyLG8Q7R0KPPDsun5NR/cYhz4e+IR4bIAVKEDYdv9dG+T93MHTy5D/si60jCcxih19qKy/eVMp95ipE2x9owqcRf8mPBdeqgj+khMV5cN5lDteVWCLVL46841Vew81lmY7j/4AkW+txLgNW8s0tHAkO07qhS+kjhz2QEHuJqDRf0FVl9Zvq222bDupDPyewiyvkRsf7JdcjwWxnAvv/9eAeVRyCUdUFlxe6S1rOBKz0pdNPrpZGogo8QQNuRDb/bx85CobVXeK9KSOk4IVcvT3BQ71ucAwWN+CpZspRULKdpFfAQGyvwqIMG/lqx350nwUFmH9p3raQOQ1WX86cT++aXVse8W+wneDMkKMM4tCAX5zgiOLovP5oW2n7cvhkN1xJiniES9KHUTDTAi7BO3hAaYi8SJoUyw+bckr1CSmji7Wr+c4j7aEmcTkhJjUAjFxfX2CEdZDAoXKlMJGK8YOhenv+N+R5ZL0VzA1B6cApwyHQca5jyMi9xRUU1o2SWLyuQFNpFy7hQpuQZCJy4t1C0Z/XKF1n6lq24SPicM0bXBF/sqHB/OxO6irX4dOiS1ndkGF7sqno4PBtcg+WDyNeQ/oqxc7fdvGRaj0FIVlODK2WBrYtNPI2fV430PZVeIUqVZ4nj2VnHB0BH/gcwTjqI0P4tIYhdaCjEAzD0yo++Wl2IhBqmGa9fMwTusAUAgREkepn8C+RJHo7+tlgbcgHNcuS1ekRkfqb8dS2PblsnapUBCzkmrRyycMzUUfvk+w5eVXGL0LpK/nFxngIgSbW88yIgmQU90y0c7UVVMJE5nl2Gtquj59Ryaq/GolTaLcL5/6GcMdulG9bII/bQP3w/Qf/WLpLF4Rg2eVQlHXypIB+dhFBkZPla+uqegJ/cSyt6mhsya1GQxM78dIW1dcXvBmVSDf22DPyg7IhkB5U7OXu2GlC6f7fwOJCeVh9gOwhOi/DK0f3iGbuptJTYaKnYaftL+T3/3Ef5qfxVEEIgbdzsWEFzjULPbDqsK/kRtWN
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0ad-3160-498f-aa22-4650950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:41.000Z",
"modified": "2016-03-17T15:43:41.000Z",
"description": "Locky",
"pattern": "[file:name = 'old5gs' AND file:hashes.SHA1 = '0bac34e79a07ec68476ed762ebcb093fc034e249']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0ae-dd64-4773-86ce-4a7a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:42.000Z",
"modified": "2016-03-17T15:43:42.000Z",
"description": "Locky",
"pattern": "[file:name = 'old5gs' AND file:hashes.SHA256 = '716d39d4b03cb8d73b94a1ff98d29cbf56b1e76b1df4f439b1385b684fddaace']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0ae-8ce0-4943-ac04-4b07950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:42.000Z",
"modified": "2016-03-17T15:43:42.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHV9cUgZCD72zwgCAABABAAgABwAZDU3MDVlYWY5ZTQ2NWJjNTNlOTQ4ZTZhNzEyMGRkNWNVVAkAA67Q6lau0OpWdXgLAAEEIQAAAAQhAAAA9vobeuxVHToRb2LhuoR5r/z1f2gLfcLX6VCGBD8TBRHoXvmTzx/lKNSldB42UTdX5Q07W94iv7il5W+VvUADP246nqiliF2+DNX0lD1fLVh0XjjVh1apzfbRrQpzkQSp3GsM3J0yzGdsaa9enWDGnd1YnYD4tIWf6Bl5BiXykEZsLc7aUy1Fyhom6RbX5L1EVF+2tsEfH+FvBhmmwYaamYDqkq956nabb9cwjaFE82BsL242oRdrHbbgwJBL2tzyf5RqyNKYhd4s/43B0y159DW7CeGwuzAgB8zBr+FWqij0aiJQboNgGX1xL598//3ums2mIBEbcUpn/VXkZvnNFi10lWh80QuHqy11mk5ujVtLzt7xWXLpm/kml7VVQGIB+IhCjbTE7//mW8vDsMGJ3SV2hWQXv9JhxrwEc93SafQQWgHryOj48VNcD0AxZDMEmbC/J5xX2XmCwa9MahWUCBsl1/zT25uiZaFrjjbIofaP0JmEMhqjalt++VC2he/6Tzw/Hv+mouWTpbuSJMT3U6JVG7BScICVaJwn50lgcQsFFprZfCFhfQpXEG300xaE9H4gIDZQooxE7nY2tTH7youvr6ishh71AFZy6SxXPGLFC+GL3h6oW39hhJXSmis3cukmfFThNrds3U5kleYeRw48aZj2Z5edWp7JWRe3y+edaGcEgs+Y4O77ElNxy90AYuCsqveRbGAz8VF3EIzkTNPHXcMmH8d2KYzinlMq/iY2U0xnYbVwgaAWD9LrjQDlIsd6kJsXHC1RBbzRXgPNNMHK8az1mgRvIDCtu27Efq22LAHizLLhB7c4YZp/LYZJkZqY6LNFRI7423Q7/OdzqXk7jMZOhIhAOOhvwLe9/hlzRXNwqlI6suBFTKQDIAmgwjV0g8VZ0Q01qpE7fFgBk2AuOo8GwzV6BLIBZeDSiwarEDxK0h1Igj5OfaJIdZvZVm7a34H3rTsZwUJR2cFHB/BhSsu+NaBbFQJ7vPGDgAfYFZFEtOv+qJhs3Jpx3+fhajd3mqeUxQkz7B9ad6P6TgV2VEIDsjUho0leA53aULIB+brKrV2fw7UUNiQMokhpBJru/HWE3qdiMaOwtbIrDdx8bEQNliYwOODnidqvKUyDEv3XxF6mtwrVoTRGY1JWQuB7FMiscf8DTupaR0pfCd4tFeTYDEmUTSyML0LJ/lETQOTxkqyxVoB/eOuNvwXtnRySA5matoflPzzO23KdD8eFa4K953MGSTQfTJWKkgxSopWzSFokOddX568IRlGDkjWoHMU8zERnH+cUitsaKprBnaZuBvylXrzGLJ/PxC+temV3YRt51QcoMSoUp4MGGYfSTnSU2pr2DF6eVURjh02L2tgrZkLSoZn0JGjJ9Q+SZey8n2ypkanApj02KmmpRD4NEJAV9jrwJBDe8ojf3TivY0xG4nfSYglsNy0shGy7fzPOEHR8Pbuk+QxXTShKl9Yh9mLYH73bM4sN7xw7z9EsZVOutgk2xClzWzQwLHqKmwNAIT6tVi3782QdiPOMSaa3Xw4TX9+82C0hS0qcDuTzTiW0iTkwKZraw7ZWTTUseurzmpSbEwjIi9rZwZcrqf1Rq5eTuKBCOuUXeT69/Lwx2/M6tAW9+9YKDXaXsWPnfzYylHAqovZAHIse9t1h/eZ6D6D18gcLKNr367HtDdLoyuLnj8qpKvgmukVu0cDmf1GT4uLkoFUbrFK8/bP9KtFHC1uOz3qp2QLvzXPsXnMZkLwxs2J+1vfD42SOYtnaFvVI13J7SXpQ3lj9thdA/bat3JXkgfcN2bi//R+uLTZ00m/7kzmhnEkT2AL+bccm83m0iD8x4vPQZmcG3gCYArMNibaGcnWX1LsZojv7BmhnZjLsLDdO6gnYNtGnbcHfWlZVEJjPMe9lofxwL5KX/8FWwZPw9svnRixsR7P2Sz44nyVC0adlT2EnvsQVd8sdJrtATkjQt+CPLcgeFf0QwaIxRMdCWimJmESf4IINw+lhcJZwj/nTNGVOi4Kuuyu9rYX0XT85b8VIzBBoUjZDxtJhyisr9k93EyL18m+MEtxP9LlXkE47RPhZ63Zq5hRugfbQ9qiFcggnxF0sdWs547xD6SjMaMlJkMU4zqg+eCChvgYs8ojWLROL19/yVfthN25qv2JJ4I4Kc9lkcuLGMjY4p1HnU4XgJnC4Fs2cAIqRdd/yllvUdO4YJYzrjd+qBjCI+WpmBDdn3yGJHAlH6nep+2QjVC8WhNBNYmvwALETKhrtTOOwxN8sBkir92Yr6ojBznGOH/4sXHehjUrNLKFNebHme0YXztLvrfHY+gI8Dd3q/ah8pfAROKIP0KRE8Q7wNeritu4FrmQeB+ksLlMpxSo3UqIszKKw3EmKXJ+h0AB5WOvTqMUDRtj6lK0BeZS0uLByz5cmO9d3/aQVBet+NlkjvQqvxdynAMPfxSkoppKdcwWkuRFwTqpgfD/mGoYENB9JYEuw89b7yHXD+pniUq0P4TkXs+ws6VanlMoAMkWjCCnLBwHwKhDtsNv0R5928qaNnVWniCRm0HsSKbNGq2HOjvh+xDj3m5cQwsVX3Qadep+btlIWZorTX2MnvJ8BFRLGPcrH0/C/GS05YhzFuQ/yN7WGQavchU+rYs4dUoPo49G2qDKndFyNKehPAxEyhJV8+L1908wyJXX07/AsmYiJhwepQmzkxSLcw+ASin/F+us5ZK5xFNrPsPxM0AFRpCrOw4acH/B0/oihS+vqwr0nkYlDNsSATrFsnwggwEIAFDVeiVEjqLklIcwDIu7QMROxgtFd0aZiW5lG4Q7d0HTCEOQRuujSkPna41fYgn1Nxo7GLLpuMJELRfXF5H8XTLLAb3EPtWoniQA4hkSQzvg3woVzWOwSb43hGqGVhDJcoHuhMLO+j08NhZfdReGxh8xqIew8PM6zn5d4hRPF9nZ3ybBWmAImG8PTIyy2K0qiNytoeU24H2m6Oog957j7Fu4P2f9f8/j9hX/GWnGKIEZ+zJfwxodvD++Px0jDMYb9+s2ull4ow+m+DI3xWmNI+8HmisHdRzRic34hjZ4Bg6QKwwdj5AZxt4MrVn0wSvkglCsoooRhhvd6BJLLm14ZS634I6lCmoYWVH6bdhi0QToVfBF3Z9UG5M0NQSa616K1EIe9eYos2SW5+Zww52oCrd+mYZgblmQD3csfqCPxxAc96X4OCzpn5io38pUWk91fMK5DbcMw944V/Pynz0tboOW0BaKrHUp/gWIv+OQmij4RhW91WhD7nZaF6pnoqg3XVsKhv7B4L33F0VVmiOqezKRsgBWIEDJzQ8bQM03mXPN7vQHVriMMriWAZuke552voNKjGCXGOxVc6kcL5lgJ9hJBODc/+PfSXFnmEDBgHgLrwIdbtdRNGj3uvs6KF4pvDfNois0EoRBHiT+eSWVdV+DXW6VCc2j8CNwG3C3qKTGe29yPVWDAJ4crMzONo1iklyRU1xQfn2bOA2wZ0mvIrubZr8MlDOVULKiS0fOmfIHxJH8/R+R0lNZkE/wIVVhsYa16g7xhls6ZsPyx6CtDVafbbwRmvAYcfNLAFCYHwN1TfH1H0qMKdYZimFlXx+/+yQpopAEaflrNhd/0aP8MtoNfYTpH3kad0dYwC0JCJrinzeWsOQVQqQ1Hh1ciGC+KPzthmDeKM3V/rxAfGwZ0MCq5BiewlQ6OLltisuD/QuSn/O+SdJlsmNu4od7pRXl8AfZdHm//QMJ2EiYMaq62PdJRQQDewAGHguxSbyx1yuW+9ZDzz6Av8EiGNvG2/J50pKtqd6hXio+JNqQdWuWvGpwsfdwrUiZg+TaaE68Sh6yoYv8FZOlVzz02BCYFsmq8/r+gmwZ8NGaMlxiK+a9wIX9tIzYa9OUHYEtCwKaJ4N2G5hU+YE
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0af-7554-44eb-9e27-4d18950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:43.000Z",
"modified": "2016-03-17T15:43:43.000Z",
"description": "Locky",
"pattern": "[file:name = 'x5ief' AND file:hashes.SHA1 = '49d388714535f719567ec6ba524d6d2ee768e56a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead0b0-3a24-4c2d-b865-4391950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:43:44.000Z",
"modified": "2016-03-17T15:43:44.000Z",
"description": "Locky",
"pattern": "[file:name = 'x5ief' AND file:hashes.SHA256 = '0ff66b496e463f31309b477eacefd5bdf52579f14d4b138d825341e9167e177f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:43:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead11b-2b20-4b0e-a60f-45ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:45:31.000Z",
"modified": "2016-03-17T15:45:31.000Z",
"description": "Locky C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.40.108.39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:45:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead11c-b0ec-46e3-a6f7-44c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:45:32.000Z",
"modified": "2016-03-17T15:45:32.000Z",
"description": "Locky C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.64.154.114']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:45:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead11c-8058-4c0c-b2de-4c83950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:45:32.000Z",
"modified": "2016-03-17T15:45:32.000Z",
"description": "Locky C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.148.20.46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:45:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56ead11c-9f9c-4e80-b5f9-4f85950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:45:32.000Z",
"modified": "2016-03-17T15:45:32.000Z",
"description": "Locky C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.127.231.116']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-17T15:45:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ead189-705c-45b0-882b-470f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:21.000Z",
"modified": "2016-03-17T15:47:21.000Z",
"first_observed": "2016-03-17T15:47:21Z",
"last_observed": "2016-03-17T15:47:21Z",
"number_observed": 1,
"object_refs": [
"url--56ead189-705c-45b0-882b-470f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ead189-705c-45b0-882b-470f02de0b81",
"value": "https://www.virustotal.com/file/0ff66b496e463f31309b477eacefd5bdf52579f14d4b138d825341e9167e177f/analysis/1458228414/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ead189-a5c4-4cf1-8f73-4c9702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:21.000Z",
"modified": "2016-03-17T15:47:21.000Z",
"first_observed": "2016-03-17T15:47:21Z",
"last_observed": "2016-03-17T15:47:21Z",
"number_observed": 1,
"object_refs": [
"url--56ead189-a5c4-4cf1-8f73-4c9702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ead189-a5c4-4cf1-8f73-4c9702de0b81",
"value": "https://www.virustotal.com/file/716d39d4b03cb8d73b94a1ff98d29cbf56b1e76b1df4f439b1385b684fddaace/analysis/1458225729/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ead189-8ddc-4de0-afea-4f6c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:21.000Z",
"modified": "2016-03-17T15:47:21.000Z",
"first_observed": "2016-03-17T15:47:21Z",
"last_observed": "2016-03-17T15:47:21Z",
"number_observed": 1,
"object_refs": [
"url--56ead189-8ddc-4de0-afea-4f6c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ead189-8ddc-4de0-afea-4f6c02de0b81",
"value": "https://www.virustotal.com/file/f219c3f921ebbb953c262dc28188135b7c7ae5a6e53bcd9f817629829e87f099/analysis/1458226707/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ead18a-c850-49d4-aef8-439e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:22.000Z",
"modified": "2016-03-17T15:47:22.000Z",
"first_observed": "2016-03-17T15:47:22Z",
"last_observed": "2016-03-17T15:47:22Z",
"number_observed": 1,
"object_refs": [
"url--56ead18a-c850-49d4-aef8-439e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ead18a-c850-49d4-aef8-439e02de0b81",
"value": "https://www.virustotal.com/file/561bbaeec4345c50699dbdd373757b039a7cf4e03c54d3765ece6f5d274c0612/analysis/1458223567/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ead18a-354c-4fbd-b912-4c1a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:22.000Z",
"modified": "2016-03-17T15:47:22.000Z",
"first_observed": "2016-03-17T15:47:22Z",
"last_observed": "2016-03-17T15:47:22Z",
"number_observed": 1,
"object_refs": [
"url--56ead18a-354c-4fbd-b912-4c1a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ead18a-354c-4fbd-b912-4c1a02de0b81",
"value": "https://www.virustotal.com/file/432e7c42ad13c9993ebd4f2ac8fc124fa792426f48cfb5c21f640bccfa03d543/analysis/1458229367/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ead18b-62e4-4a0d-8e2e-465002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:23.000Z",
"modified": "2016-03-17T15:47:23.000Z",
"first_observed": "2016-03-17T15:47:23Z",
"last_observed": "2016-03-17T15:47:23Z",
"number_observed": 1,
"object_refs": [
"url--56ead18b-62e4-4a0d-8e2e-465002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ead18b-62e4-4a0d-8e2e-465002de0b81",
"value": "https://www.virustotal.com/file/b892a28d847a0d8d814e3447335a303d8474f17da9137c902983b518e2df0fd8/analysis/1458225852/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ead18b-853c-495f-9780-4f3902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:23.000Z",
"modified": "2016-03-17T15:47:23.000Z",
"first_observed": "2016-03-17T15:47:23Z",
"last_observed": "2016-03-17T15:47:23Z",
"number_observed": 1,
"object_refs": [
"url--56ead18b-853c-495f-9780-4f3902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ead18b-853c-495f-9780-4f3902de0b81",
"value": "https://www.virustotal.com/file/1f13e821d162f26ccff865e12045dc34b0d6a3f11425ae76e9797d4d7d939a56/analysis/1458225850/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ead18b-40f0-4969-9c51-4e4402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:23.000Z",
"modified": "2016-03-17T15:47:23.000Z",
"first_observed": "2016-03-17T15:47:23Z",
"last_observed": "2016-03-17T15:47:23Z",
"number_observed": 1,
"object_refs": [
"url--56ead18b-40f0-4969-9c51-4e4402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ead18b-40f0-4969-9c51-4e4402de0b81",
"value": "https://www.virustotal.com/file/a9dd22723f0ad6316c2c87727f5b01319cf703d03799efad44f9d8930c4ce5eb/analysis/1458228581/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ead18c-ba10-4d24-bdf3-4a1b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:24.000Z",
"modified": "2016-03-17T15:47:24.000Z",
"first_observed": "2016-03-17T15:47:24Z",
"last_observed": "2016-03-17T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--56ead18c-ba10-4d24-bdf3-4a1b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ead18c-ba10-4d24-bdf3-4a1b02de0b81",
"value": "https://www.virustotal.com/file/98cfd4e050f4791d2762fd7387737489ea3f2a23cbbff00cd51b572ea6ee70cf/analysis/1458228818/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ead18c-b6f0-4d96-804a-421b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:24.000Z",
"modified": "2016-03-17T15:47:24.000Z",
"first_observed": "2016-03-17T15:47:24Z",
"last_observed": "2016-03-17T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--56ead18c-b6f0-4d96-804a-421b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ead18c-b6f0-4d96-804a-421b02de0b81",
"value": "https://www.virustotal.com/file/451c28e505b2051c630914185dc6c2e0460ae30b219e02fdb6e7990935bf6981/analysis/1458229032/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ead18c-0f5c-4205-9e46-4b6902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:24.000Z",
"modified": "2016-03-17T15:47:24.000Z",
"first_observed": "2016-03-17T15:47:24Z",
"last_observed": "2016-03-17T15:47:24Z",
"number_observed": 1,
"object_refs": [
"url--56ead18c-0f5c-4205-9e46-4b6902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ead18c-0f5c-4205-9e46-4b6902de0b81",
"value": "https://www.virustotal.com/file/bbdcfe20dece102c30a0f6785ed2d9a7f898428285df3086a6f69d38c267c960/analysis/1458228346/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ead18d-2520-4f06-a728-4bdd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:25.000Z",
"modified": "2016-03-17T15:47:25.000Z",
"first_observed": "2016-03-17T15:47:25Z",
"last_observed": "2016-03-17T15:47:25Z",
"number_observed": 1,
"object_refs": [
"url--56ead18d-2520-4f06-a728-4bdd02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ead18d-2520-4f06-a728-4bdd02de0b81",
"value": "https://www.virustotal.com/file/c063a43b6d949e19cc84ed43018c11a6e1762ad76012da54133a01ae6008a465/analysis/1458228412/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ead18d-6c48-443f-8f8f-4d5402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:25.000Z",
"modified": "2016-03-17T15:47:25.000Z",
"first_observed": "2016-03-17T15:47:25Z",
"last_observed": "2016-03-17T15:47:25Z",
"number_observed": 1,
"object_refs": [
"url--56ead18d-6c48-443f-8f8f-4d5402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ead18d-6c48-443f-8f8f-4d5402de0b81",
"value": "https://www.virustotal.com/file/34f328ae6adca2c91733c0dbb922cef53199ae60901581785c194a9fc1dc718f/analysis/1458228789/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56ead18d-9ae8-41d7-b6d0-43bf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-17T15:47:25.000Z",
"modified": "2016-03-17T15:47:25.000Z",
"first_observed": "2016-03-17T15:47:25Z",
"last_observed": "2016-03-17T15:47:25Z",
"number_observed": 1,
"object_refs": [
"url--56ead18d-9ae8-41d7-b6d0-43bf02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56ead18d-9ae8-41d7-b6d0-43bf02de0b81",
"value": "https://www.virustotal.com/file/188e5ff3ad3e4294e2ec9bb760fbf3eeb0319568d80cc2df8d369d89c6cef512/analysis/1458229127/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink