misp-circl-feed/feeds/circl/misp/574e8687-8af0-40c5-b4dd-baa9950d210f.json

1861 lines
716 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--574e8687-8af0-40c5-b4dd-baa9950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:58:52.000Z",
"modified": "2016-06-01T06:58:52.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--574e8687-8af0-40c5-b4dd-baa9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:58:52.000Z",
"modified": "2016-06-01T06:58:52.000Z",
"name": "A Universal Windows Bootkit An analysis of the MBR bootkit referred to as \u00e2\u20ac\u0153HDRoot\u00e2\u20ac\u009d",
"published": "2016-06-01T07:16:10Z",
"object_refs": [
"observed-data--574e8696-dcd4-433d-b99c-0c79950d210f",
"url--574e8696-dcd4-433d-b99c-0c79950d210f",
"observed-data--574e86a6-3ecc-4004-8b70-0c7f950d210f",
"url--574e86a6-3ecc-4004-8b70-0c7f950d210f",
"x-misp-attribute--574e86bc-dad4-4f04-930f-0c77950d210f",
"indicator--574e872a-610c-417d-aa99-43de950d210f",
"indicator--574e872a-2594-4f73-b21e-4a3f950d210f",
"indicator--574e872a-e448-45b3-86fc-4714950d210f",
"indicator--574e872b-03a8-46ec-9d51-401d950d210f",
"indicator--574e872b-ce80-420b-9210-4cd4950d210f",
"indicator--574e872b-bf98-459f-b13f-48b1950d210f",
"indicator--574e872b-ed20-4e3f-b5b2-4471950d210f",
"indicator--574e872b-a3e8-4750-98ba-40fa950d210f",
"indicator--574e8782-508c-4f62-99e1-4377950d210f",
"indicator--574e8782-95dc-4fc2-b2b1-45ae950d210f",
"indicator--574e8782-14d0-4c28-bec6-4d08950d210f",
"indicator--574e8782-1278-4a87-a5c7-4d88950d210f",
"indicator--574e8783-16a0-4120-a1dc-4361950d210f",
"indicator--574e8783-efdc-43b5-a160-4b28950d210f",
"indicator--574e8783-dde4-4e65-9e56-426a950d210f",
"indicator--574e8783-f444-4e62-8d13-4d25950d210f",
"indicator--574e87ac-3ba0-4b91-893d-4bdb02de0b81",
"observed-data--574e87ac-c61c-4865-8f37-408002de0b81",
"url--574e87ac-c61c-4865-8f37-408002de0b81",
"indicator--574e881d-07c0-4197-8d83-4e35950d210f",
"indicator--574e881e-0e40-4d3d-80b6-4b34950d210f",
"indicator--574e881e-d238-42e4-baa7-4da9950d210f",
"indicator--574e881e-1168-4207-919d-405b950d210f",
"indicator--574e881f-a00c-4d63-a9f6-4116950d210f",
"indicator--574e881f-a23c-4400-9039-413c950d210f",
"indicator--574e881f-50c0-4cc4-b7c2-4c5b950d210f",
"indicator--574e881f-2f2c-44f9-af16-4534950d210f",
"indicator--574e8820-9428-491d-a58e-4782950d210f",
"indicator--574e8820-60b0-4003-8c7e-4476950d210f",
"indicator--574e8820-f5ac-47ed-8444-4534950d210f",
"indicator--574e8821-bfd4-40e1-9cda-4d45950d210f",
"indicator--574e8821-2384-4449-bd73-4af7950d210f",
"indicator--574e8821-3788-4fdc-98fd-4507950d210f",
"indicator--574e8822-b0b8-4467-8780-4b73950d210f",
"indicator--574e8822-55ec-4440-accc-49f6950d210f",
"indicator--574e8822-10c8-4e61-8c5b-401e950d210f",
"indicator--574e8823-764c-4d95-bd5b-4770950d210f",
"indicator--574e8823-8ed4-4d44-90ef-4f76950d210f",
"indicator--574e8823-04d8-439e-86ea-48a5950d210f",
"indicator--574e8824-4ae0-4487-b200-4b36950d210f",
"indicator--574e8824-7194-45b5-98c0-4f10950d210f",
"indicator--574e8824-26d8-4907-80f8-400f950d210f",
"indicator--574e8825-79c8-4c88-bde5-4cae950d210f",
"indicator--574e8825-69f4-4855-8b95-4c9e950d210f",
"indicator--574e8825-ed70-4609-a497-47fc950d210f",
"indicator--574e8826-7830-4b99-be60-4f9c950d210f",
"indicator--574e8826-6f6c-4298-98f7-4be3950d210f",
"indicator--574e8826-506c-423c-8116-4662950d210f",
"indicator--574e8827-ad04-4733-88b3-467e950d210f",
"indicator--574e8827-a6c4-4f53-9816-405c950d210f",
"indicator--574e8827-be80-40d4-8954-4979950d210f",
"indicator--574e8828-2dc0-4109-b0a7-4fd6950d210f",
"indicator--574e8828-dbac-4574-959a-484f950d210f",
"indicator--574e8828-4e24-43ee-8ee9-47ed950d210f",
"indicator--574e8829-b1f4-44ff-9cac-42a3950d210f",
"indicator--574e8829-e7e8-4a36-b3c1-4079950d210f",
"indicator--574e8829-3a74-44b9-bef9-486a950d210f",
"indicator--574e8829-33bc-4a14-bf68-4572950d210f",
"indicator--574e882a-82a8-41c1-9445-46fe950d210f",
"indicator--574e882a-7904-43ba-8171-416c950d210f",
"indicator--574e882a-3c1c-4da8-9b1f-4b55950d210f",
"indicator--574e882b-184c-49ea-86ac-4cea950d210f",
"indicator--574e882b-49ac-49ba-8543-45ea950d210f",
"indicator--574e882c-ae14-449c-8e6d-4069950d210f",
"indicator--574e882c-68d0-423a-a9b7-4150950d210f",
"indicator--574e882c-404c-42bc-b3b4-4258950d210f",
"indicator--574e882d-4388-4b99-bd77-4e07950d210f",
"indicator--574e882d-a9d8-45f4-985c-42a8950d210f",
"indicator--574e882e-7ef0-4495-b8bd-4b9f950d210f",
"indicator--574e882e-0058-4f84-bacc-47c5950d210f",
"indicator--574e882e-8cc4-4c80-ae29-4ec0950d210f",
"indicator--574e882f-1bf8-4870-95c5-43c0950d210f",
"indicator--574e882f-8240-4468-83b1-4364950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574e8696-dcd4-433d-b99c-0c79950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:54:14.000Z",
"modified": "2016-06-01T06:54:14.000Z",
"first_observed": "2016-06-01T06:54:14Z",
"last_observed": "2016-06-01T06:54:14Z",
"number_observed": 1,
"object_refs": [
"url--574e8696-dcd4-433d-b99c-0c79950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574e8696-dcd4-433d-b99c-0c79950d210f",
"value": "http://williamshowalter.com/a-universal-windows-bootkit/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574e86a6-3ecc-4004-8b70-0c7f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:54:30.000Z",
"modified": "2016-06-01T06:54:30.000Z",
"first_observed": "2016-06-01T06:54:30Z",
"last_observed": "2016-06-01T06:54:30Z",
"number_observed": 1,
"object_refs": [
"url--574e86a6-3ecc-4004-8b70-0c7f950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574e86a6-3ecc-4004-8b70-0c7f950d210f",
"value": "https://github.com/williamshowalter/hdroot-bootkit-analysis"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--574e86bc-dad4-4f04-930f-0c77950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:54:52.000Z",
"modified": "2016-06-01T06:54:52.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "In October, 2015 Kaspersky released an analysis of a family of malware they dubbed \u00e2\u20ac\u0153HDRoot\u00e2\u20ac\u009d on their Securelist blog. It was an installment in their ongoing series on the WINNTI group, known for targeting gaming companies in their APT campaigns. The Securelist blog was dismissive of the HDRoot bootkit and called out a number of mistakes they claimed the authors made, which brought it to be the focus of their ridicule.\r\n\r\nThe bootkit in question uses two stolen signing certificates and is capable of running without problem on any Windows system that was released in the last 16 years, from Windows 2000 to Windows 10. The one limitation is that it will only run as an MBR bootkit and will not work on systems using UEFI. It contains the ability to install any backdoor payload to be launched in the context of a system service when Windows starts up on both 32 and 64-bit systems. It also does a fairly good job of concealing the actual bootkit code, only failing to remove the backdoor after running it at boot. This likely a conscious choice made by the authors to have the backdoor responsible for removing itself, and not an oversight.\r\n\r\nHDRoot represents a serious commitment in time and effort to develop, and likely has been in use or development since at least 2006. The sample analyzed here dates to sometime in 2012 or 2013, and is the same sample Kasperky reports to have analyzed in their debut post on HDRoot. However, all evidence points to Kaspersky doing their analysis with a 2006 sample, criticizing problems in the malware that are not actually present. Additionally, they provide no hashes or other information on the actual sample they used."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e872a-610c-417d-aa99-43de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:56:42.000Z",
"modified": "2016-06-01T06:56:42.000Z",
"description": "dropper64.bin",
"pattern": "[file:hashes.SHA1 = '4c3171b48d600e6337f1495142c43172d3b01770']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:56:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e872a-2594-4f73-b21e-4a3f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:56:42.000Z",
"modified": "2016-06-01T06:56:42.000Z",
"description": "driver32.sys.bin",
"pattern": "[file:hashes.SHA1 = '7ff22bd8667ce23e7db8c759bd03c15fb7226c76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:56:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e872a-e448-45b3-86fc-4714950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:56:42.000Z",
"modified": "2016-06-01T06:56:42.000Z",
"description": "driver64.sys.bin",
"pattern": "[file:hashes.SHA1 = '268dd909933c187d2798b5815674d70b930b498e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:56:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e872b-03a8-46ec-9d51-401d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:56:43.000Z",
"modified": "2016-06-01T06:56:43.000Z",
"description": "pe1_decrypted.bin",
"pattern": "[file:hashes.SHA1 = '24a80cd100274e2c39180741aa688a4e73282552']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:56:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e872b-ce80-420b-9210-4cd4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:56:43.000Z",
"modified": "2016-06-01T06:56:43.000Z",
"description": "pe2_decrypted.bin",
"pattern": "[file:hashes.SHA1 = '5d6c1a3c2d827c714b764b1c5a3e7370ed737986']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:56:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e872b-bf98-459f-b13f-48b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:56:43.000Z",
"modified": "2016-06-01T06:56:43.000Z",
"description": "rkimage_encrypted.bin",
"pattern": "[file:hashes.SHA1 = 'aaf677acc05ae94f98f836fb44fd672a4b2d90db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:56:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e872b-ed20-4e3f-b5b2-4471950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:56:43.000Z",
"modified": "2016-06-01T06:56:43.000Z",
"description": "rkimage_decrypted.bin",
"pattern": "[file:hashes.SHA1 = '3c22ef94a737484e2f708393dcbabdfdb9d6cfbc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:56:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e872b-a3e8-4750-98ba-40fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:56:43.000Z",
"modified": "2016-06-01T06:56:43.000Z",
"description": "C_932.NLS.bin",
"pattern": "[file:hashes.SHA1 = '88912b5227145d3a715ae6eeebd5935c89955721']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:56:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8782-508c-4f62-99e1-4377950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:58:10.000Z",
"modified": "2016-06-01T06:58:10.000Z",
"description": "dropper64.bin",
"pattern": "[file:hashes.MD5 = '2c85404fe7d1891fd41fcee4c92ad305']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:58:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8782-95dc-4fc2-b2b1-45ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:58:10.000Z",
"modified": "2016-06-01T06:58:10.000Z",
"description": "driver32.sys.bin",
"pattern": "[file:hashes.MD5 = '4dc2fc6ad7d9ed9fcf13d914660764cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:58:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8782-14d0-4c28-bec6-4d08950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:58:10.000Z",
"modified": "2016-06-01T06:58:10.000Z",
"description": "driver64.sys.bin",
"pattern": "[file:hashes.MD5 = '8062cbccb2895fb9215b3423cdefa396']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:58:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8782-1278-4a87-a5c7-4d88950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:58:10.000Z",
"modified": "2016-06-01T06:58:10.000Z",
"description": "pe1_decrypted.bin",
"pattern": "[file:hashes.MD5 = 'c7fee0e094ee43f22882fb141c089cea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:58:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8783-16a0-4120-a1dc-4361950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:58:11.000Z",
"modified": "2016-06-01T06:58:11.000Z",
"description": "pe2_decrypted.bin",
"pattern": "[file:hashes.MD5 = 'd0cb0eb5588eb3b14c9b9a3fa7551c28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:58:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8783-efdc-43b5-a160-4b28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:58:11.000Z",
"modified": "2016-06-01T06:58:11.000Z",
"description": "rkimage_encrypted.bin",
"pattern": "[file:hashes.MD5 = '76e1e42988befbf13b4f934604206250']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:58:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8783-dde4-4e65-9e56-426a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:58:11.000Z",
"modified": "2016-06-01T06:58:11.000Z",
"description": "rkimage_decrypted.bin",
"pattern": "[file:hashes.MD5 = '613fd19d0abc3d018ead52afabd59fec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:58:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8783-f444-4e62-8d13-4d25950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:58:11.000Z",
"modified": "2016-06-01T06:58:11.000Z",
"description": "C_932.NLS.bin",
"pattern": "[file:hashes.MD5 = '287fac6f4dac57253ac0061be1508f9d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:58:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e87ac-3ba0-4b91-893d-4bdb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:58:52.000Z",
"modified": "2016-06-01T06:58:52.000Z",
"description": "dropper64.bin - Xchecked via VT: 4c3171b48d600e6337f1495142c43172d3b01770",
"pattern": "[file:hashes.SHA256 = 'a9a8dc4ae77b1282f0c8bdebd2643458fc1ceb3145db4e30120dd81676ff9b61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T06:58:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574e87ac-c61c-4865-8f37-408002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T06:58:52.000Z",
"modified": "2016-06-01T06:58:52.000Z",
"first_observed": "2016-06-01T06:58:52Z",
"last_observed": "2016-06-01T06:58:52Z",
"number_observed": 1,
"object_refs": [
"url--574e87ac-c61c-4865-8f37-408002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574e87ac-c61c-4865-8f37-408002de0b81",
"value": "https://www.virustotal.com/file/a9a8dc4ae77b1282f0c8bdebd2643458fc1ceb3145db4e30120dd81676ff9b61/analysis/1461169271/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e881d-07c0-4197-8d83-4e35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:45.000Z",
"modified": "2016-06-01T07:00:45.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABc4wUggXMvC9AIAAAAGAAAgABwAMTViMjQzZDJkMDY1NmNhYWIwNjE3MWQyMjc1NTU2NTZVVAkAAx2ITlcdiE5XdXgLAAEEIQAAAAQhAAAAw9xcbaE0Wc7HkOnXp/uz8xXecvBvtGdmIz95GRItW6+HGGoNYiLhH2o0/0eoV7a99TwVgWaIRglv1oQXSNM2898P0mFoO18dtxvf6mv6z46JbrkAjbZGav2bFV/t+/1Vk2k+iQX8JRTuw8K1a7sFRXGinKy66z4bkwRO4yea9DNfwns/uwnXWzFOB4Nd67mNVFfAoTrpIa+L0JwyE8pO7E+gAMUaRM83s8njw6oZ1m0P/qIwRYdOctygT5jlyZsrlZzqa3JxgMcIAP74fg7/4ArdpUuRvyMVtIzkMA8fjB+ZTGjxAWcW7wM8+zWZI+jprl/2ji9mDZG1QkmJQIQFQDwEgEHSCznKfROCaXHkLMiiqX7tLGeE0I/iv3FRcxvJxkOfVXaCSjXZSoIp8z7YXoqE8rYX032kb+wNujrA3WcrbtKa5XQnkqTidK3adLIP6DN3+5/sue/pbmpsOZR5kc2+1Ig1cryYb5c2iPkg1orl6JphuXuJp/+YYUxaJZeKcx+f4OwwbOtlExCtXl+5ZzmpGyxQsT5Z6i298sHbfeO87U5nWAXDS5RidW9Lxub/1UdRNJQ/pG22/9AmyLF9g9QShSi48F/k3X6lPf1gsXgD1HEJV72GThHVJVfDBpcB57yXi9AinqNyMrhBIm1prXARURtMtnCNUKlseim1VFs+l6qvVAeoP/8PUmCRqEPwcAB8eSwFYZgxiFXoId3p5ZQiosvx2PTZGpPiktWUv6aDxKDF0qOdHFxuVtjwyyyRZFHaQdqmlzvVe4Q2h3rbSvAddt5SYfp2rSX2VaeN/9q+kW+OY+Du+XIUHSeuDOA2N0wL3ZwthXj/nqByhaxDeVNXk9j1Qy/EpOfDddY8qO6VWJ9SR/jvzty9Z3tnmlOBZNoWo4tIfus0iVvSy9Btm8Lklx8l2ly39Aw/gJu8Ra7+J4VE1UbfvBKGnA54RAnc5YolgOeUABmsFrHpkoHkxaJN3ByqVFT7wfsZf8cgXBQCOdd4UEsHCCBcy8L0AgAAAAYAAFBLAwQKAAkAAAAXOMFIQ7Dq/ScAAAAbAAAALQAcADE1YjI0M2QyZDA2NTZjYWFiMDYxNzFkMjI3NTU1NjU2LmZpbGVuYW1lLnR4dFVUCQADHYhOVx2ITld1eAsAAQQhAAAABCEAAABhq+9lJiRdLo80ZfHW642sB7+2wqEp3ezXO/DK1OqcH1C4ADu/mB1QSwcIQ7Dq/ScAAAAbAAAAUEsBAh4DFAAJAAgAFzjBSCBcy8L0AgAAAAYAACAAGAAAAAAAAAAAAKSBAAAAADE1YjI0M2QyZDA2NTZjYWFiMDYxNzFkMjI3NTU1NjU2VVQFAAMdiE5XdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAFzjBSEOw6v0nAAAAGwAAAC0AGAAAAAAAAQAAAKSBXgMAADE1YjI0M2QyZDA2NTZjYWFiMDYxNzFkMjI3NTU1NjU2LmZpbGVuYW1lLnR4dFVUBQADHYhOV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAD8AwAAAAA=' AND file:name = 'verifier_win7_encrypted.bin' AND file:hashes.MD5 = '15b243d2d0656caab06171d227555656' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e881e-0e40-4d3d-80b6-4b34950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:46.000Z",
"modified": "2016-06-01T07:00:46.000Z",
"pattern": "[file:name = 'verifier_win7_encrypted.bin' AND file:hashes.SHA1 = '441f067512cceac809eb50cb8639050d7231787c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e881e-d238-42e4-baa7-4da9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:46.000Z",
"modified": "2016-06-01T07:00:46.000Z",
"pattern": "[file:name = 'verifier_win7_encrypted.bin' AND file:hashes.SHA256 = '9e36d2f6e0a3ac8af2cfe28fc8a7310eb5ee0a5e5ba5d74e5b130220dd70bfc4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e881e-1168-4207-919d-405b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:46.000Z",
"modified": "2016-06-01T07:00:46.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABc4wUgDVJyU9gIAAAAGAAAgABwAN2NmOWM0MzUyNGMzODY0YzlmNzQwODljZjA4YjhiZDVVVAkAAx6ITlceiE5XdXgLAAEEIQAAAAQhAAAAw9xcbaE0Wc7HkOnXp/uBJnumEhucqtXSnFfRgK8u3COVW2Z7aP5eJo8B8HZjsfIBeJTX4rfP7Hc0SEiHb+tNvtZUYl9cx8lU8nTiWD6FOFddNvr/2ZV7AmzTwZFDZ87hf/7J7yu7YU27dJ8DGblfFdycDL74bK/OuBLjcUIMlvcoGIL3ZJv9o39nubBAWw2S6rz8sv69zxQZkYEwqK10kcHv4DTzcFLn3wW3j36nLCwffSU2y9r3hO7n1OcNPzOuM2h0OddWv0NiaaN/J3Jck4GcRIngFdZffFREAu5AsvD0kEKptQDXyfPEPy6CfRPIz/XYTc8AObq+6iLPAwUOmw8KGKGxyM343D3Sci/6FQPOTqC0FOziaobKqJ6mqNUCpe8QZoWpcLC4kI/55CKIgXWzo7UW8wC1OJidvJILuJMy7cQimf11X790RpxAXdLIaJBRzHYSVhrbY5lXgcs9Kkg00xTBHc2PFsn0S4nAlXeo4M/75PULagUME6Q+agsUX3Gyck3w1EnXJQQgU5P48OLzO4IK0jipJxAoc1e62TgK+461FhtXohaRX5asklfOI6G6P0On4OoceIHLZXgzzxB4Np0lInZrncHqeXqElwCn6dR93/2VPZ/Hup+pHi7yIRaI1uhRZpxEZhPCUJ1Di36gNDT194oVJrZ6KZ+7GxSkHvaDbFD6O8lkvXs44dn7wnBaIBOvs3q0AXuo2Rtceqzq7R2gCOsHdTdHJXH6qDNtMIL6mch1dJbyw725+R8K9ndVA1iLql/XAWYYLVsxzpm7IlaAQVLnDlZy79m5mQ8rmxQxa4mILiGCfX8+AiBXFhh+IACYKbkyQn1fTk3KhDzj/9ysV3tp53uwMZ5nHvT+yBbxxea8zTzO5e8mn6AQDc7KlyedbxrI0YKJK2fOTXlp9qJAf6HjZagVuNr8dHTjxVTmv3ey6h+8hCTiY03OBaD88jTQ/jI5qi9Wh74UUrFL1APF+MTyf1TW/dsgoPbyCaPY3J9QSwcIA1SclPYCAAAABgAAUEsDBAoACQAAABc4wUjIze5RJwAAABsAAAAtABwAN2NmOWM0MzUyNGMzODY0YzlmNzQwODljZjA4YjhiZDUuZmlsZW5hbWUudHh0VVQJAAMeiE5XHohOV3V4CwABBCEAAAAEIQAAAGGr72UmJF0ujzRl8dbrjawHv7bCoSnd7Nc78b3XWkXz9LCcjSnuYVBLBwjIze5RJwAAABsAAABQSwECHgMUAAkACAAXOMFIA1SclPYCAAAABgAAIAAYAAAAAAAAAAAApIEAAAAAN2NmOWM0MzUyNGMzODY0YzlmNzQwODljZjA4YjhiZDVVVAUAAx6ITld1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAXOMFIyM3uUScAAAAbAAAALQAYAAAAAAABAAAApIFgAwAAN2NmOWM0MzUyNGMzODY0YzlmNzQwODljZjA4YjhiZDUuZmlsZW5hbWUudHh0VVQFAAMeiE5XdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAP4DAAAAAA==' AND file:name = 'verifier_win7_decrypted.bin' AND file:hashes.MD5 = '7cf9c43524c3864c9f74089cf08b8bd5' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e881f-a00c-4d63-a9f6-4116950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:47.000Z",
"modified": "2016-06-01T07:00:47.000Z",
"pattern": "[file:name = 'verifier_win7_decrypted.bin' AND file:hashes.SHA1 = '82a0ed1de3aac4e9aea4342719b98beb6655e087']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e881f-a23c-4400-9039-413c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:47.000Z",
"modified": "2016-06-01T07:00:47.000Z",
"pattern": "[file:name = 'verifier_win7_decrypted.bin' AND file:hashes.SHA256 = '590c202719f42138a13aee4588f7ec004eae56b79f5a8f6a918593e552f51aa5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e881f-50c0-4cc4-b7c2-4c5b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:47.000Z",
"modified": "2016-06-01T07:00:47.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABg4wUgfQLJk/AIAAAAGAAAgABwAMGQwNzZhMGJlMTk2ZDM0NDE2MjdhOThiNzNkMjFhZmFVVAkAAx+ITlcfiE5XdXgLAAEEIQAAAAQhAAAA0+pbkjbsxVwi2yGBzIBGKH2dmIBW1VCVYfUcqj4OyiXL+iII81D+49vSylzXXaStJiK30rG6msbDdwnsIUlyHPe1Ojlt4oEKmbdoUEyBiRugB0trL0c438p8JEDRXYp5grc1JaxzjhSrgVatQwWAp0BcpdgzAkzlHVZxkbfAEbvcm1XXksKZNuviYzzb9nvGg1xcRDCZOB7KOoo5Y7f+pgOTx8W41YmjnjVcVPMJ+S6NpsxpHJLqGCumf7TnXQ/TrHoRZAlRW9Rg2Xij3ZLdSO7yI1cs98dEvA7qBK3DywlnSlh9FuGR3mKryb2wBUV7dYPRVyOwoHGTFwkzDDinSvqtaEjk83mbGBspX3QbgXmGTSumYn+5SnV1BnvPluvv/ED1kGpwm3msfQUbtAyJOaJo98BfBQijeF7oWTFx/sJPTeSl1qjNa5UD0k97++/qElw4FcoIZaJLn2GIvax7iWm1apTFN0wVlwPG3mJPGk5jV+34ohzsboAIL+fgYnbV8cIUBAUre07SmbfI3xVTpp+qpjJFGTIHVSeGzUPBM6d5PCDnZerRzK//DpyyItJLR1viaBj5kVLvYhoLlr+DGKeydlHs3UUs9rm1vP8zkeY5SUU8TaLZ6gXspUAL23qUsUQFm3S5yWACYMUSJ3GGrXLVPHmQLSLoBR1Bj+o7anAoiEBlgTYyAOaRkaoiDd71VQX3fEy2Uqq/eVBBDp53biNR2KMNbEOhtu9YIKgZZswg2ByYfqLXjjcjhTtolVu+Cl8EmkAp40ergup+t9TK/ZYoKBtzPH5l1zK8zbgkWoyrDWGFT0bdbIs74+JpUVwtyR+ASxJsWx6D5FlZYBNlPBhXbhiRpQJOpdSkzuc8qfTeMMsGixpXDRGoG0voofg0oSQsT6vOq+90RUNlzU/rrrKwcFP60hvd8525bMsaDMtxgmXYKY8VR5M3Na2G7sykj2qR7NswP6jWILWUM1ykfFFxdvlDHfMrdqi8p18GyAhDpy+1BbFk4+ahkm5QSwcIH0CyZPwCAAAABgAAUEsDBAoACQAAABg4wUh5VJHnKAAAABwAAAAtABwAMGQwNzZhMGJlMTk2ZDM0NDE2MjdhOThiNzNkMjFhZmEuZmlsZW5hbWUudHh0VVQJAAMfiE5XH4hOV3V4CwABBCEAAAAEIQAAAC+T27l8ktqTCnr8hMu9tu2SGpl7J7GPOlK9WwdHr1JzmF9QiYY0ncNQSwcIeVSR5ygAAAAcAAAAUEsBAh4DFAAJAAgAGDjBSB9AsmT8AgAAAAYAACAAGAAAAAAAAAAAAKSBAAAAADBkMDc2YTBiZTE5NmQzNDQxNjI3YTk4YjczZDIxYWZhVVQFAAMfiE5XdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAGDjBSHlUkecoAAAAHAAAAC0AGAAAAAAAAQAAAKSBZgMAADBkMDc2YTBiZTE5NmQzNDQxNjI3YTk4YjczZDIxYWZhLmZpbGVuYW1lLnR4dFVUBQADH4hOV3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAAFBAAAAAA=' AND file:name = 'verifier_win10_encrypted.bin' AND file:hashes.MD5 = '0d076a0be196d3441627a98b73d21afa' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e881f-2f2c-44f9-af16-4534950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:47.000Z",
"modified": "2016-06-01T07:00:47.000Z",
"pattern": "[file:name = 'verifier_win10_encrypted.bin' AND file:hashes.SHA1 = '07371beb2b4634b2ea0262df30abb72b50bea8c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8820-9428-491d-a58e-4782950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:48.000Z",
"modified": "2016-06-01T07:00:48.000Z",
"pattern": "[file:name = 'verifier_win10_encrypted.bin' AND file:hashes.SHA256 = '3f2e2b0b1611360b5d96bf493bba2710b53afa71729bb4597c9628e458359901']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8820-60b0-4003-8c7e-4476950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:48.000Z",
"modified": "2016-06-01T07:00:48.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABg4wUg8SOUy/QIAAAAGAAAgABwAYmUyMTBiMTZmMWY2ZGQzMDc5NmE1OWVhY2Q2ZjZiMGJVVAkAAyCITlcgiE5XdXgLAAEEIQAAAAQhAAAAYRbgbx+dMDaNbLAvOrBt3FCXhpHHs4ilNlvFrxsbZMBWoNGF767yu2MR1NC7mL/jjAdKgJnBFWxs1exVcdFOlPbcg0jPdM+sfRPAP4BLMYA6QL6L7gidpRuFRqqvZx3VOFnaDv0aHLvFJPCTR2qk4byvL0tAcNPgev8vtTINdRsv4PaYCTBxu91NX4YOLlNe2sc2HOFURBDS4h/1g7ri6IXxr3Wy7F2qj6DUuKTQ5npytyZ3VOVaLVKmcvIyJYz9A6msYkzYVM1MEq51eSjjWSWyAlIGuZUgS3UbByG91kQwdJUMRT9eTIaIJoMgzWBJ6xPXgLyWHzTapid6+XxreaIiDbFydL8n7GEyMaZPCIkGvWUM5EAjbcmVoj7vwBeaNn1BIT8WCxgnOv7D7EhAIF5YTkZ8p2UdO6Zfiq1i569uXgEzyyfmtKpugaJ3LudPoKugMy0GpY7Rsvf6raFNfEdy7domsm9Dshe++fOJFoRF5BEf80I5qA5hmJTya0hoUo36kJ18IEQrd3znktIO3p9RrQyFO+LNSemaBS57EqRHn8bQ/m4yPmOYeJK0MPONtpCasctQYTgHwiwARPJXK895PRQr1kzTvOm4lwrYTzj8LEX/+DBPJ02JQvnJ5wJBQMYCaVV0BSdffFqLz/GO4QdNNQ3kTMTx3FwkFprN+QJXS9yJvEJJ3cjDWZVHflr2HhfK4Z+w4HDIGWojiM8c/pMFJShHLwsJ4K3cdgfHaomNe9WNe7Hr0pzv1TLa4+Fl6bpBS23xSju4CpCH9Jr4KyaBjNDSK6jpkSD2zMFDQknA8rS/jHNjuASSgKoiSLDDM94V8lxdpLlujObRF+GDzcybzVWT8ZMQQzIMKd3iBs26CIJyzTFFMGNyE6OBeLR1D0a5gReWWxLQg3dtY4Wy735l7Q8g8hBF9TZKC9avi3nrYBPyw3mGt/itAYSJ+9UOnltp48+kHGNMqvDO8OzrRF5blkmmIhZIv1Q0sme9GBJkDWHPA4iMSZmQgWBUUEsHCDxI5TL9AgAAAAYAAFBLAwQKAAkAAAAYOMFI8imVSygAAAAcAAAALQAcAGJlMjEwYjE2ZjFmNmRkMzA3OTZhNTllYWNkNmY2YjBiLmZpbGVuYW1lLnR4dFVUCQADIIhOVyCITld1eAsAAQQhAAAABCEAAACRN77bb7lGGsZdDg+H5+cCcGNEZMv8RxQX9rxH7g4ANr/4Sl0T54n4UEsHCPIplUsoAAAAHAAAAFBLAQIeAxQACQAIABg4wUg8SOUy/QIAAAAGAAAgABgAAAAAAAAAAACkgQAAAABiZTIxMGIxNmYxZjZkZDMwNzk2YTU5ZWFjZDZmNmIwYlVUBQADIIhOV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAABg4wUjyKZVLKAAAABwAAAAtABgAAAAAAAEAAACkgWcDAABiZTIxMGIxNmYxZjZkZDMwNzk2YTU5ZWFjZDZmNmIwYi5maWxlbmFtZS50eHRVVAUAAyCITld1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAABgQAAAAA' AND file:name = 'verifier_win10_decrypted.bin' AND file:hashes.MD5 = 'be210b16f1f6dd30796a59eacd6f6b0b' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8820-f5ac-47ed-8444-4534950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:48.000Z",
"modified": "2016-06-01T07:00:48.000Z",
"pattern": "[file:name = 'verifier_win10_decrypted.bin' AND file:hashes.SHA1 = 'd6fcdb19448be5e75ee7a715f174c1325c915051']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8821-bfd4-40e1-9cda-4d45950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:49.000Z",
"modified": "2016-06-01T07:00:49.000Z",
"pattern": "[file:name = 'verifier_win10_decrypted.bin' AND file:hashes.SHA256 = '3215e61bf465e0d584a11ba9bb3b7046a2829f22db7216b46e217e27af11e803']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8821-2384-4449-bd73-4af7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:49.000Z",
"modified": "2016-06-01T07:00:49.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABk4wUh88ku1q2wAAADwAAAgABwANzZlMWU0Mjk4OGJlZmJmMTNiNGY5MzQ2MDQyMDYyNTBVVAkAAyGITlchiE5XdXgLAAEEIQAAAAQhAAAAgja+0X6i0dxqIRH2Gqoi+IexFf08LJ1EsypQfhlxCa7/Dd5MCXNXZz4pRHC6ZNFAVd3r3AsG+MfLhfrsgdTnhyN77D8GzvQNiAD7IG2tsaONIzke9KFsx7hqkCLQJgS/vYKyv0LTRgdnTHe4G7iwAKj3KHuMrJdEoLpOpzsu5Lgq2+GDBKPL0r072tD4YwQdC6FWycDJg7dJq8W/h852auAd+Sx3z12ujhQvid+cXIZhBXJdi8BkcxQxq8FyeZsj7FeeY8u0Sbaaie7eKtk/w/lJM7Vfwy4ugWc96YuUT4C5JWHwggu7NLuEHLuDaedzUAf8n8HJypkLfDh8T9m43svcDqzvE9r69lsJQW0iJwq0euI/iMCwkrIe18U6xwvkTPM0ASH5/mz9XdKG2LsfqbZpmqoSGPRfQJV9kfa5oip6J4RWCwTWKjbZr73geExu12dfOoN7cKRp3MdolXIV6BtI2M1s3mh9sZJiL60rLxqUyIY6+2Ems/jsYugm4gmiMMWnqDbpN6WvpziTHFhZnOVIOva80J94i8eyNAJjqDJBCvWswWzMoxcDMPeu9VtZhgL/9keljpYoHETRN+FxntWyLdlpIxzsbZnPlMOVPL7iOjt3eOE7Bah0y7V1wkUUsYFzKsqPshe1dmVcQdHbwMdZiugQ9seEPIyB0z0A70EFnwS8pMME22VxXe4LB13OcasXtNCoxXr22hAR5idSfWzUnETYMQTJ5HKs05/GlowDDD/4qa4q7EthQ1O0rncNCSNYoeuxULsuvGE2MqmOrz97ILu3yvETi3TVi0qV5a/K5ESn9WVXOSwcLENcmpzioGxnHqg0LPgMjEOm5kem2tILtMXBWKl5xnSQN2kUq4Dop5Sw6rnd8bYjou/9Ka2pjsrnnTANZycax7QtGylAHWX+IjO6naIv/NJuiBGN6bJhqm+ThH1vCXWfqVIxoJtXI/5e/2M4eH13hIgiYeLiT2ihHnU+qNuj1GihcOl7Qv+o+QVNpOURY18ulyJigJ/anWUCr20F/dXwQXWx9wnOMhbQQUO8g8qn0oA5jlGx+ekkzm9q8X/2iRMn9PaKdE8g7MjIlvGf8Z1h6YfuZPtAwP7IBRZCC1DJY1ZmkwWx+u4UZpGwEH+XnMqaLcxHTt3hnwlqD6Azdg0QMWKbjIJrgvN/+7eZYsjTHJO8tXeAzNum26nER7mE/agengJRnHuwYcfyaKks2/l560uwHtB9jz/h7wSCDZ96uqd5YXK6bP5OM3ccl4xg186Zw53PpV5ykXcx9CgEP7Z5pMevTGFU7pYg1jX/XBItCjmJODXlQtFtFKE/RyBer8DCgfRdfgy9jpooBRT2KVfr2xYKwQPL9N3q67g5ofFxOAk/GLA4KJiuBd8H/eOGKrS81GF7tD4FsxeMcuhbNVuflIKby0LK6cw1k188BEnhPhw33OaeEh+uCEt4PYm5eVmYEtI60mxOxhTuvxwgViAzpHSciHAfDbP1pIJeHA+NE4b4ur7b2Qc05cU0niFF6mk9z5p+8yUjEOPFH81LYUdab0KtVLQrl8kY/Zan4+PMfwBI0GSIJKzy++9fEonogLRCamxKiXkp39DZcrafWHrc4EFr2sAkx6Y4hp7A5yE0GoT+brFmCi3NxpJReS3e/jFC6qamlQyh4iTykZ4tLqu3e9nEZCYLkvBImtCN0FlQP6Phe8jVpF8lDB/eX9gvcU/AmhkW6WxaIXARy7r3zmZGXetE2TY4Suc3p1H4FoHsSpwyMctG3TnJ9NXnz6C1egt5IQv3lJ2VO5V+vVmm740GNnAS77gBfad5ErLUFMMIuccd0wQQ3P5+ptN+fDHTiVu2A70LKI3LKHe05AZleKmF2wj61sXaeZ0sbjgMLUH2tO/VKgXZp3FxSW8ZXEywbP/sYeIKg325/aSRYdTIUN9CAWyivtasvBTTxjgyFWK9HKJ7hK1CaYyEbOiMG1yKvuJ+zXy6Me8I13f9mopdqqZVNWLVCQ6YGayAQcDFoKWVGuD56pMSPpFDhIn4yR67OMSUdeosi+fqxaGkqewSfJtoTHpJRcX2y8LdV1/WbDUt0R23nFjC/QJ5fITRaPRDjlMDroQBdMBFQbRpurgdYjYDBarjjywfwJOqmX+akGUXhlwVX5RHKd5pYcqXL/bFCTrqSGL5UcGgg+EdfAnQeyhUHcAaX8TcHyT+Z0ZatRh1xpS9CBqpTFV+56zQIXvf2unQshiveFxzabFk9atdOFk9mvAnDtW6GQqf8ha/70rcVRxzK/OmMcXTGTzWqQjouQ/5YWkjowYXU+IJiGFRUDasfaGE5npOzj5pXHvimjFdNY4gUmkTEz52SzSriAhifXya+zrnb/DitNifU4SUrQ5CHd8rFFBtmJt5Ar3y4eCoygs9G3S386IH9Wkmvuxwu+kcCYosLlgoDOmIXNG0wEss46oyeUmy3QI06+A0G+fwTZiJMU+dPg/9skpmaZTAZX9OZAgSoDSa8exxM0DHr8gFnIOL9zHAq4fPk3/Wto3XyevmPgVRIw89X7eSBBNpfa7+4dHTfTaY0vIB+Pfk37Is/DCNCCJnwRJ9l7QLPPulpx0+tLuKgLOzsgCbLLnrd/GLgMrhsOEe1RvBVm7cg1mkZVU5AmOfuyS1DtSl9d1hM8D2PYzCf7r0jkaHgR1zqn/P7daBZDs08ddXfzRvL8YvSbhaPzErZz0Mtqox7MUMkxeYU/bNKb5XRNNAtWsYk3ftyUka9X/Vu7zPrUHak4Qs1wazrh17zxNrL3WjnEJ7YIoJy19U09EaUcqFS5m8EMbg6t2yLvfQM1V+6FLKmHLz5K0ACPcj1XGR2XuI8tu/kOJRaegO/3i8WgAN/8RRJ4/ztACNd1fKKbyhKE4T/HnF/xPt5agwIOm8RTsunCgdD5d83bCEEtH5+fS5zIi89bJjk107cnAP/Nea7Rhvx1NDekCKSQxxl5e7uMDf/9fKpnNj7qQk/lXL7IU4RwKqnlGFhyFxtI1BN/+C5ubTfruiTx2yh9oG9o3UylBBlpJl1CeFFe2ZJii76dB7d80LPq7/zgbxUHU/1yx8xh5Cc5Hiee0G/8qACDrQVi9Dni2af+EJPue/lPUte10oHeBW7KBguw3/R3Q99WZTfqbloK0/62b5r5djWP6kpiJEDM0IscTWKHrNfHxosuk1oDso76XzTd7hRI/R3ZD9JWYoZ44YDHkljwS1hstb87MG2Tjq3mNp0ruvIZT4qApesNGQ3kdvA2FriPiveMdr+WAeOokntt7A/OCzlbc8p9JSjYFM+P52kDzEtuy7LkluouI17ceALDc2V++LMUsZqP4rz0SgIEnkn7Sd/U6nr5ImDqdpUX/bXWe5BWKuoxKZx9S9wEZ2wrNUNGggXYEgrQgKSHRLpGfN1DSfdUd2jJbjZutmVb/gHl4+D7I8xFsMDmNSZKxTfY4BD5qCVQ5Yg9QhZcp9+W37DHPXLFwF5Yb5MlEaCwYpxUKWzFYkiWwoiMzIXVEOzaXAlJ4r6eNbEJg2aqo1t5Bnekchp8GlGMVd1tUH18grRFcueM2tYrfmzko47/je3otLg0s1wBNZT9Fhc5hLl/LJBc2Y9363hxPqmau4RXiHR12Y6faJZwnynpEy8BK+l8gFrqOlJci/iB2iSH+0oGbIFPMoZg42/cOx75xKZGks9Q81Tt0Jp9Oy01GE41bR/basHZ3Lk/D0Zh7I0j9BoLJe1k6c50hVZEJfhd0ys77Rb739eiJjusmFT7SXThUJTE7dt1Ept3TYDoX3CKFp5f+pD50QS7UZpFJtFtTK3/IkD61UyX2CR5lTt0l2SZC1JCCeo/M8pHnr/+xDk0sYJtZp5RY6Jrl0dn4kZ7yCXKLSwLb2gq+TEJYqZLpwcoCed43sY9+zWU2Y9QKaB5jC4g
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8821-3788-4fdc-98fd-4507950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:49.000Z",
"modified": "2016-06-01T07:00:49.000Z",
"pattern": "[file:name = 'rkimage_encrypted.bin' AND file:hashes.SHA1 = 'aaf677acc05ae94f98f836fb44fd672a4b2d90db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8822-b0b8-4467-8780-4b73950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:50.000Z",
"modified": "2016-06-01T07:00:50.000Z",
"pattern": "[file:name = 'rkimage_encrypted.bin' AND file:hashes.SHA256 = 'a8e1709a70094b50f8e1812d25a85227159778878980b9dc52c251a052555757']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8822-55ec-4440-accc-49f6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:50.000Z",
"modified": "2016-06-01T07:00:50.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABk4wUi6XBJorWwAAADwAAAgABwANjEzZmQxOWQwYWJjM2QwMThlYWQ1MmFmYWJkNTlmZWNVVAkAAyKITlciiE5XdXgLAAEEIQAAAAQhAAAAItd+ej03hGDq0Go5J2Tv5Sj50jKZ4f+5Flxcffvy+sqxjEvf54RkOYRmNyalPN7zq6ImqKlw8EF//ti8vPkpLbqu7pwjIh6q36imj+ixb/iWYBcncpSqClpqxpB/8z+/+T4L3V+Puu6hejabygoPH+MtYPHZW4SGSarh3n1OqIXOSRXtorciFaTBC/N85IGdbVwrZyW3Ye8uk4sIwmeykYjujcum1OJWpnqYi19zm4sNYuZIYDA94coH5oi5VETU6eodwd4DgOvTAcUjc1p6hg09TTY2uLrElZ+QE0jzJ2nekWURUgRHBi0WAnoAPg0aqFU7L9b4uJuFCLEjLGaSsT6cDXA0+mCxWAHlSrCQySnY+kO8n+GtpC7/OvNXWdRaVEIGBTzBmBF7G8PXoIMGAukfO3dTvSDYW+ZQKz5K8YSIuzpza870RL8PuKgV8sdxi/T/zDh28rN/IEsc5V8+F+Lm4Jw5kv/ty8/YAev9qswxlrxQ7KX90nvkzYVsKSElnBdbLIfkFkCHFewPtYSImkR9PEcoYb0GivZyQl1Kyl1dK2bDQJwF7xsXUFqjoz6AlE8aCcNTo96A1F5NG5HOc6yA3GflR1yKJwQq8y3dMTNzxffqb4K4ZczRjOMMKLDBKrzTByTQk4peS/fx00x9dqxlRnnfDoDa55ov4zcMHOz1x0G3ZQfk6LkMAJrjbYM64vimcuff/RaVe6E+RlhV58zfj2ETs7yxP6BkDXrl/peAoPAdleECsyyrNIpL2EkwbyC01DjAxlMgJm9Sw6sJ9UkBKazPgnvHHPvMqL+1Fq3mGPr/wTDogUj9f91URiC64sqcJDEErqhdfdEfiIU8XuxQK8lIb40y27QFKlP+mSzCIrZSkp9UEnmi91ohRotZVJ3knDh64+5zn1zpJBNCc2D2ZL/Z+GqVmwHUb+HhoPXioOhoPNVq+9wNgsmU1yfe9k0z787SaTohjQIxGZ47s0xl1GJ0M0KyDZDpyzWT4N9FlIyle9yQLvpwP5AFwpf2BtpLmObFsO+UN3MDy20+WrjDempz9JJCwKOvNPUjwwTmU2cxH5pcLTRWve1V4cA6HCVDtxi+O61EzY1ca6wYl0LKwOllI1AGa93nwZqfkg2HVhOWEOTWs3KDpEQBi1eDpp6KZVCU8t4/A/d61dkkIZP/qerCaNkGHL1515yJBcK2bAmTVaBHEF6mTxXXOtH6PkhlsxiuHzRHSeAQepyGRTn36rLkFYmMbCgoRc44lqq+yHHyS9yzf44ij+/lUpStYTNEZ8kdwsch84sxS/PJef6oQ3IVaipIsyDsfwWlxeiO6NKJ3nMhnC2ERBOwayfeV0E82VhXq4/iWjlb/DvwtimQ7i0VhCaF4IlJCBL0OI+c5fSu0db9jUmi+VEN0vFARI33xbrxU2FvfdHlvdItNOXV+vxNos8D/39cw8JbTaouLRD8NgBvJ8KGoWtUGUTdUfMAmcedjuO11IprAB/M8uDceSI19v0QDS6R1p9UQmXUJVBA7tYllGalZ0bMjcIgS5kP/7Bk2snR1GvQ0u7Nyj3WeNjiqJdnVLRcdgA7lxJQi6mAJ7bKcl4+OQdP6TFNNIDj8y2VhjjyG3qu7a7gBbt+gmrvRGiZvV2wNR9slW95dvN2Qbq9Sqbhx5PXL+fmBMJv2o130OxT1zd6BGbZDwExon6XtbSS5XYH4SiPDQl2Uq7oqJt4fapo/GB8pzXnGofe6skVP1uDavYKWuP1aauTObqj7zBYwUdpL5LVkScMUfcuEsCoWqeHAnMYOMFmPlJfpw50DSSPR1/wTPNeCBVcJ1koVHTats92mU/NhtE5JaAP0tkki7KslHxp57RPV4upjOF1jYL+rrwGQUflf0TVdQiRy4OLe1ychciHz1hqHdkmvcaRt5mw6unTwQnRu5NKc9uTwhmXBZOfe+Kb1P2hoGwztLxDgO4aMlt/FFje46NyfZIFxRoLFwuU3eIXQJS6gOzF1jLxUSFt5phFTm/BWptlK7qYot6BA6j+Og+iRdVoE/Ng3nSMaNXPtQairX4ez2e4M+Yrdj8QGjc3HshPEYaQFJBUvaXnBEGT8T01qWPvtZqEVcmQF006oCHXbKEOmLAfXMtdvKUpHb244M1CUGpQ+s6C64rV58XCkijGWgmFKMMdVhTnahJiW2uw/Ue35zAQ7AiOXSbssmC/ECkvS2aNo6brJw4Wk3VCOZHpvIZEx1WRlfhClLScxfkopAOGckoq3MDCk/HfhTn7xsI+moNEBcjPNIw0keflc9xHfZ5GSus7pqpb7rciWgPsVZ4IgCxJCRgxuYpPWq9582RurR86Ssmtn2/U/ZpbAA9mS7qQL8LbNKVmCCQp1x9rnzSsjmCkrvh91sKS+FHkTGS3oicmhMeemwiHoCeymWViChvGL0stNW+ZAYaSFOSwwS3NbHNtLs3H54FNFmgDT3M8g8q6hIv92991opvrAQIjcEZrsg2tvlgAjL2X3Bu8rdoulSLqZuFo/g2NxUuAi8rieWWeJYGihv+CcWDVNk+D3fcvgTWTw4s6Q6tc/cDDk6O07+sIKRGXfDE4bH/lIY8R/F09oCwgnr226iZzg/E/KsdolMwCEr2RtanYFbHoxcnmGyFOSzQFwggArB2bIJG5YVmRact+Sds0nWvZBB49FU6inavvHk725bVW0koLoZLuR4ca6kLa4TG41SGk1SVv7G/7E3YEhOAemjhK4Ze2m/3SUvQJDyZbmo4f0kM3xuRqm1pdN4sAeue/HNHmrnTsLtI2308rCAE4UxlYIwm58HKoREUNPZFaVwa/dmfY5mzDlSusmZD8edOyP/D9sMgbYDVxOcfWh5/lEJtVnSphP5OTetoBEy0wVxA6hjuUifJIKLMJkKBoTsLDp8NVZfXa2Srs2nWNiKEyA8Q5ARfdDHBgMkScta1wAPRcZfTwzYHMuXVX8TZhKXU4GDQX2P/vV+cwMXGh1pqD87DNOIM6T2doL1EpK3iAIiALkp5X/A3Tg9OAbKJ1/QSLXQuaUoC/nQqMx0oI9+kYIbA2JcvIqwBfZjTutRbo9PVMxPJpRY1dQjggsZ4gh1oI91NGJmcP+N4kNHRrzJX/RgPAKrmgVm0Uh7rdsTFZFwc7x3A73NMw7PaeGr74CA7q79ncpePypPSlcVhXbuzvzfTqCrhTKqT5/W2Ywz6LEsfIW1j1tZSmZvamrhI5kenlefH5Eq7Yc3LRf2gZIV0ZHJr7si3Aacw0dbs9ymS5wZ6oea5VtJ7eaZYnYn2k4zOcsnjYkfccgeyGEYmG7SB/JC8pcorE6Q9x/7vhR7xoo/lXvCHIcsvoFDC2GsMY8f/MkLcR3ZESfZzPNJrcAPLwTAlrvwyKXpoZI0F62ayVQwKk9NHgL6t/cXiBty5VonX7CsgF6Ah2piDfpHsm6VrtIGvrfW5T2ZzWSAB9YkE6j9YWtT7FbCroTZ4uISxfmlVxEPsfYEebwwIcLkQWxP+MrZvWBQ7NwUJBqtA5KDXZCZ+dhfmuk46I+LoEvGOG/YvWB9lYjdFqLt+k5HJ7l/rGFPL6Libp0oxiB/BOwC97Tg1sDrfi5NBqSXyHAKgEaMngCB2r7g4MIhDRoLMUGoMV3aYPttW80BKPImFdPPDFFDEgse+uTdGmiAhhc7gaOlYBFCq3bWaJ6EfbDRbXWicqxkShamSIaXnR2p53xZiq3mvfuLt4KJtXBDLBATFrsxw5+b6lpPaRzoYwr215YMMp+UvUr+Obhe89anH5N51RCk7y3dh2B+B5wdAEZx1ZztY6hHP0AaPWzIpiKpI2aejUPwmQ3ghxQcQrxwTUteAx0prTX3QFhjOsMq9mV8K5Ajlp53t8jL+cPfRNQk3pGY+82+StrcyamZlsUdwbR08YoH+VSFMogun8wol53d593Q
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8822-10c8-4e61-8c5b-401e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:50.000Z",
"modified": "2016-06-01T07:00:50.000Z",
"pattern": "[file:name = 'rkimage_decrypted.bin' AND file:hashes.SHA1 = '3c22ef94a737484e2f708393dcbabdfdb9d6cfbc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8823-764c-4d95-bd5b-4770950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:51.000Z",
"modified": "2016-06-01T07:00:51.000Z",
"pattern": "[file:name = 'rkimage_decrypted.bin' AND file:hashes.SHA256 = 'd881fd3322ab1e4c83c6703c330c635d0fbb6cedc99cf6518dce865ab964fdc0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8823-8ed4-4d44-90ef-4f76950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:51.000Z",
"modified": "2016-06-01T07:00:51.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABo4wUi9ZBu8V9sAAAAKAgAgABwAZDdmYWE5YjljY2I2MmUzODIyMTU3ZDc3MWMwNzI3MGNVVAkAAyOITlcjiE5XdXgLAAEEIQAAAAQhAAAANcdilJY6hCDIWtoACiJuAIWDtqJO8vYDazdpq9qKi9J0DELSE9NgZv26Y+CtHo3BgJ12IEyAsDQRt46qpVrr+JI8kO0Im7fE5hmblQSDIpDomZdpqvLVchbYp24jgEswsCTL0gNTCw5XMhSK4kmKR4DtSv1gDUI3U7LSqXipabDOXqC1fgxcrrCoSS94cstwdT3rTNxbKso2rfCNxe3AGyEvGwt/ZOlA6+iqYaN7ZSW9P4YJJKR7jlsRRZI86Xx5jZwa74mCKVjAv0PdzSDA+4trVCdQAP/Tw8UbJdoUjcYhH1fcf/4ou7/8uCBeo1SzMT1hLlJeUmd2p5qGKeers9mJQkdFUA/u8By2Nv7q30vwlN4z4jIcSEDCZC1HGuC1J394X4s2UpwwBhTcq8JH5LQdTUF30S7bNvYIdFArKg/lUgvIFP65XrTUWXYuR3xA5j1gymAmBmv5yP9nIE0OGTOClvR4xlzLKPFYOQeEgmVJbWY1QDSdILjB70kLU8PY5gjPSEllA1wN9L/SJ9uq/F/Ah83UzYrH7nbqnL4hr+LiTkNgmF0eeuXo9XwYhRJVekn7aMDhInbCo4wGz335DHckYqZlmz1x3bILjXiFb91JPs9pkFUOVx/PM15kYFK9+MdK4T++1NNCaurUP8HP7fw0rFPkiCFSE/aOPRiPgZnVZwOFdYBCO6DMenBHszvf/laMqUaP2iGuZP+QaKt6gmKXyQmOI/6mHCCGofl4azcTXJDYXdxiNbFh+An+cOSIBZhJv6gUMRe7gKqhLOJDslq61XPZqEUw4S8I2DFXipFMXxNFlq3ihbRLh6w5Mj+P4SGH6OSG8IfUwShAvvDXy8avdSBSTB0deum55NaT2IIX7NWPG7TWuI9/OXLuVztDHKNqXfYF3kK5/IzusBGxuEFjtHSKMyHUAoBWJRXe8hS9SM9oy60t3RLrJoP6ZQ79i3pHhomvN12djHrM9kuCW80kL14KbcGHx0+NoDQ2iuEPBdOzk2PyxP+i5Qjd/+YGUaknf6VMW7v2lIc7LqvB5TW95+PWWeViJeNhNd8EpuuOd1gUM2D0EGiFp4eok+w1eaAodotTvdZvzFk8uq3Mx+7t1yopmElaZe69C9OgEWStxYLauOJ4juZSzTZVzKlRG+tzjqkpI8+OtSXXxseO9AprR5RggI3KZbHJ05Vj1xucXahMs0yIPC0BOcE76jQKulxgLEpfl8RhETY/4ZHMwecq0ZFf+SChKfaovyVjV+DjoYK3J1MMC94tLd5hswv5zA9wkSpmYxiZ96jdBf17zvmpYMBdQza6vXkhmW9brHJt4P0NzF1Au7jkKywPNWuXBAnKcwS92Pc3G/yvN1K36eekYtQdmxvA8ESBTSdtPADsapa0OueVaLV+BSg7mi7pJ2pDOovjCAF6bDM2Vq2q0HqTWDABzGRsbRuExA7Ej8nHNeciBGS6wULFe2+xycrOhtav6aapu9buY6siy1L9KdwoB3uQLGKdsJ72U3uRmhyFB0Q/3CxEuj3fVYRAsM4hkUC6u6m5xpyMshrH50FtjXBeTOEm0qTWVN8+aqhxo3pBHbNN4SPPLUonsYyUpL2LVQE+ua9GO+mF+aGSGhuBETvZy/PGItAAdZlntCW5gPNkIUcEF2J+tafduxd79WtU7O2ipUFu3zQo6KV9hdnkwmlIkyw2HGdDu+BSt6HM/tfjuBRIoJ5svZglLP/uvQ5WwLTr5Rm5eTrPqrMtnDINfoSX1pzs+SHgKsTYWGnYkLRkLNtd31AlKLGDlpQBjcQlCM4tE1/eQJMxaFwEWcM6EfdN5WoRbP8EBmQFgbUrfyjM/7/xRM8NqOjFuKNdRhLHiESxl+RE2JPmRSxBqM4Xi5Cj+TkVLt5NJToTmV56Fo8Pnj6FzIxGnz0yu8dpWoPCr8DwqwaIAPlUyee2RMAWABZiQOKdB1hBBIxEjW8a/ZdiBPzh+7lVCbCTNrLwOlVbFFPuQKEDrveBPWvQ/+vs47mjUMt3GbLu+qlACYjEQHJdhu112qiHuvDegFtqygQ6HmV0rCPYnvDvyh7qIk2OLUxjZytGxQUb6LUG5vLvixq280VV3KcM+Z/trI4azG7WH7ihC8Mv8U1pC+ytkMhJCUQEsz4WZZQI4xVjkH1j+MdCRYt2M3DbAtPNqPO7oz0z6AV2/uRaylTFLDYF3ihZJHXiKwYMftKLSP9pnah1/wkBSrORnb7Os1RIOSUCKyLQggC0SQBYWkZFAr9GSekxf+xm/Q0CTy9w1nSCGCG/BHGSEVo0VfAcSEwGjnfq05nIbOSAkFcSOv169ZxnycK4RKXoF+O9TTLAHkTjnVA7/4mF1fSXEZ70ahHi/PPAbGsdo/n5r1btcuxpnoVYPBYL90ArjEsS5A8fWlfUJpf3uAsHPqsjcC4Gntqao+oel7+g2j6d2ytTZ6Cks4GP88QbdVc9HbusTRxijNC2yswBWaGMybqs4PiSwIsS11rBiqriaWO/z2V6+fX8WMCT2zQ7zBqFVKOsSFsEKTuFIFTJGBLM9lTsVDwbUP5yWPA8pRNMdPiGaDN4pRU76tFbzal5C1NPF4OxowP72fHDZ3wXXhK5Qc5ZPOIcof7Jc3TzXVdpmnNnI5zqUyGAcoBNwtp4yQAiT7yMJDmQQSNg2Xdzx2JO/oovlwWxdyiW73IDtCOrU9g79JlZVGVvtvERIGUTRROuO7vTPdpj1mV37IU8z9cCcHJ19BUNH8ffq14/1GBbAdOgPlcBQh3uG+YFPhvziXuT8ffVTfdftrvEjkMd1h0d6rtxZTA6H8ggFStrl0aV0oI5Bkiy24OKLD2xWXPr/gDFby41Sz8NmaaobIEF+63vs2wHBA67SNpMvufTgAZVM3Xk1Qd1e5nNHfoUgNHhKGIF80xhqbO/FcVAF0ErV2j+7pful+jITwQogLdO8+rB5rNfn4BZGo73CHAytaBhhhBJSf6X7FxzUYmo/kRH+Utf1Sj8QeCuwCYsb6PCngX1GNrlktGVIMAEK8dq7pcK5gOhfCikABcGmh4sfxYuw66PsBVRIEAVaKddjD4H1mxjuporpbH5jaCKP7NMuyJb9jI1pDYT5r3+P8Z4TuTKUJMTi+RbqtR6uFYwi/EPZDkxGkeby4QaI5j0DE1x9av4gxJx6kh25c3h32Ah/Ca5ctyWBAxYKlVXwmds67TLPkEsHIGl8vqtH8eZeqHtAYuPMydeK2j0NDDVUfVIe4htSvQtRWWrYY3oPQQK3brImiy6qaTGO5dOPaUjg/GtoLonxxv+DtfjD3t73snueSNvZWOA7ututUbChziPMcge/tsXeVPQ7ld2o1ChR/njutVHt/NBzXiD1wiXRiZWfwIpfwq21mqghWtzUqdKJeF7iLF3u3vs8yKQqvepVv5lRm/HzgWdzmuQwAzjTazgK+00ybi+73Ujz1JjxfQBIY4MzvOswRvgWR7r//Yde+uA/zDMDAIeVVkABmVyczDG56AYvcZNSE3LyK1942nfhxka0UrPW+vs8+ml4FPPkPhSSO8+nvDU9K3ry6EUUdMWmVwqQlJw0Edtyfz0i5O2OKN37U8S50IKv3L82HFoLRcIUhZLxC7tFHAeas8ddsyjwCx/gUg1bU5J+ZhBvBQAcJrhU5hVAasu/2KEdkvBSISv3y0MoASL+nM8nZLEYU9eoiktBDS0XzjHynYAbcI50gVRwkhwGvy2ZcWzWGZfzZB2/2HRTSCZP4bS1V81SmkrVvLGoJome5iLZdzhad81330bAxG6UKQ9QIt+GR1tmJwt39g7M2QHoy6HrRD/8iJ2i97b7gb4MAgmoPTSYc6wtAPSXcip8jrF0AYclXRgVte/6XWtq4C2enrB/C4x4yBDTQXb1E4ycU5iwyPaoorQjd7J/rRrwblB6EpkTKOrGo
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8823-04d8-439e-86ea-48a5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:51.000Z",
"modified": "2016-06-01T07:00:51.000Z",
"pattern": "[file:name = 'rkimage_backdoor_encrypted.bin' AND file:hashes.SHA1 = 'ec1ff6fcafcfef1e9162b7b7ff10754d64c15657']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8824-4ae0-4487-b200-4b36950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:52.000Z",
"modified": "2016-06-01T07:00:52.000Z",
"pattern": "[file:name = 'rkimage_backdoor_encrypted.bin' AND file:hashes.SHA256 = '324c0a9711c5a4660cea661eadcbbbd68d4338d6d7493cc205583bded3d05015']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8824-7194-45b5-98c0-4f10950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:52.000Z",
"modified": "2016-06-01T07:00:52.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABo4wUj+XwkxU9sAAAAKAgAgABwAYzI5NTA1MzMwMTk5ZDZhOWIxZDQ3OWUxNTg2ZjgwNmRVVAkAAySITlckiE5XdXgLAAEEIQAAAAQhAAAAItt32O6gDKwD3khTzK21fLscPT4sBMvx2m+rS7/X9yUEkDb9H2IMPXf2+3LS0+5/VvknAMTqhjK+6ocXqY3XAwhJkx+F7qoBTp+6DlVqF9Y/s1E+Te5expeELwwFxDA7dnKnF+y1w7PhjUHsFtXzW9cD4fgpiHzAw623Sm52cgXQ8vTUPc1EPDaSDTlYJV+L3O+sRG/eD2+L1U2r0dFYheGxbnyg6QNWKJMCWCOiC43d+GeuHGa14CK9FXFirV3cXqkMudeJdRSFpOkbpuiUOytSG2oMGA6P0iyFQI5SG9aJChvGAX6yF9lPO5F39rPhYPKR6WkrEQ5DxJmgBgl1GmAPw08fpz/sF6PwNsQn/8sQJ20hdUQjLgf9uZb9ChR6bUXnrHxP3GbQejKBCdt5kNJupYQL3I3KbqKfFE/buF3bm1p5gAvhK0bjgZI4wDCrwABlhqqh4DAqvW439jXlyxIAW/2f/xsPI1rtd40iHcGdCevSu+a6GgSYEQZWWH7MTVu6KAwBIn/YolSIIBRqk+Ww6NJNGVxklfaqOQVLzV2faGGsCGiJdxS4wjO24jFYqVdb3uqkjVkS+GnyRSIWjQ61EPzNhHucKkYY8LC+BRR6V9o+lWwYtzN2vse8izCl1TTopeYerIsSVhW/6qbxaEKE1ScBWQhyslvvr/g4yvMhp2avQhIqBxg1z3w1JtBEIafCGyfAoM6YriZS8bIPCBVihXMoRczv6zgVlShH48r1/hzAgkAdVKR1gEDTM663fXVSpAMgSlzzXCFrZ2LHEe0bRC0JJZf87+EqGCTFkH06ct4PQoLPXR+0Z1ht3gd7FmwX6IAFAgk1lego93X+IJEFDHN2AKhgPgAnj7tuCIPxDh79wEVzwk8cXAR2qDFs6D7qvS6M02qNkb6cRvWmAPeB4OOhjWSXHJfXL0miBOTz+bBOli3QJOlo4eMNqLpELzKBAY6tg9jITdBkkD52qHS6PqjuPCOlVzZ7hV5KQRXYTk+kL9GCxLmR/R1DJNQkIRNKQrO1TEnDK4e+Ef+fK7pVsEzvkJiWY4ZuCVnEMWSAh5yXuJGr63Go6IeN5L1aP1gliVTvglUSsdkRzlia+MkXPxeq3KaKWIGmzd3Y/2pVuyy0wZKiMSSsz8NrbHTPZ45YGeK+MXuhvmiwUgn3sJiuB0fRsCkK+Db0iFcLi0UyMiVRxFpJM7ji3ApzyODAWcyAm4+yBNDhvs4CLHL/UFHOY0JoaiaIOhE7lWP07Ws+otatvo0XKFaIHL7/QjjRZZm0aJrm8/wPIEQkvPi7IiAnRyBM7jtFGx6tcINZ7DAnPWzd0CBMrDA5rMW3QsDkCsYwefSM3YzcNk4XoDGzOmYpoEqwBYoY1o9sHZIzZJTekw4iu9bSiXBiBUAdFwU7MF6kRQ/dUgd5UHhzeRAnhkwM9TA5qjbN0w9ozME3Kv79XVPutKXRC9QS+eLfAsQj+FawZFXyGc0opaK5YFyS9lpnxHIYMOmbqv26bs62W9ODW1iCex2fdKYE2ihZeEVNKwjRpy+BhLGtUmctw9f/WK3QiOjwxX0VVtl4E+4ucXIDfotljV0Hc3E+xnehEr4cwQPxqnYPhaeMQM0ZasFJSZ9poUBUqh/croHlW0Lnp97d1e5guZ/icsh5KZrlbjqN4QIHSLTo9pdvknd+tPKOW/Htw8s1d1oxMcKxqHo5fTwg75ey3vzfjVrPRCbsCI2BmZkFB2IAscdXEyOCx9EHHQv/qjNTuzhb6m4EsBIQ6O3F+AutrDLH2JXuhLHjn98nF5usXC4i1tXJONtbxwIzB1x/plZUPHpUh4pBy0+BryTL7lpgyEiluWthhcoQNGoC/c5yYPq6g/P94k2eau1p4+ug+0dF6Ry7G4ViK9WtE69xVeZURDWeu+8/XVtFT+8XwGxKH7x9FQT4LwlaLYGNFEeD8chqQvFVlSmfY4yij3xseW0lMbU7gOO6DyhQBmd6y+JdRACrC7uL6nqk24oH+y/ncc3h2pS/J2YgM0Fadc0DjfwmFLyicm9RAsy7Tbd8hNJMOfOEwZ2Rzdsv+bp3+JtD0zlFDLczx+5Kk+uAS9Zku8o30xxpF5DwUAfxp1hTrKYZVOUV1/3wZQNjO5xmO9agBMP0IHxcEh4Tc+QTKBq9aymNcMfLP0ZQ3NIjsVgr7xyTM0wMzwQPMMsCl94mS5Hr/nShZs+6FihUBJX8Ow2BCmWJA6XzJ/cp7p1TT/WooMPNlIItMFrm390+x2wDkWMuEu+DEKLeYbLiX/gNfzeVEAKXIJMRm7v97UG3GpO1EOF9fcn7399eJ9O2tT9HNwRo0MI5xUE7gD4WbLk3RTM8yV8u/cRJXsqXg5FDpB7M4xUe020m2Onop5qQnBK39gfqWqja9gaTy6PJu5BUl31fLJda4ZSWtnWSAjB1C6AzS5jWyTLPnocRNyPWJWK7ZNxISf8+i6+PPNarNmZrG6WXUwCfXZKU4kv3QGsULfury/OefssyutphfFPNqaUX4d0umkAGqkzgjUGqHSfLTRTwiC9WKuaU4ewEu+/Z0a6EOtGXlEFTX+jIiAReJt8rv8tBcQ2eEG+uM87YUtogZn5L3vhWXWFgy2BW4awcXPgbm0M9ZHAAmbcProfpKwwwY7jkxHAVmIDCqmh96JvpftnmSh36LahOZ12CdqxVW+3rJSKAzfMYf+SycGhSMRZM0culyVsBl3DiF4sjSA3HUPC8k1tIEoIHSB+zj7REf7sGYhdVA+bcnhiJwUlZGX1i7wlLHbyguZjfczuABhNv3iCGdaEXKzEwkbPUse0xFpmFt66cq0rwS9rZ+DiCNzrF/HpybvfALeCeF18PANaDXdAv0ctN0mdQ8vyEQ2huQ4zE/vvtSBbAd2xCwam/+Totcx/iqV8/M4pTYo4H3PqOCKbyflQQTLyBZqJCq/KVeYoS+j7rdhaqbONGZYwWOvjjQ3t+fyKIrLiG4LFlw2kkNN9upujeqxSYk5lLx4OzCjUZopbe/ixsCrVMBiVVnf4RnD0hSYY9YFMKByCzZMoBxW14xEv2+13oQhWWSqWv+HmiHbA7ea/kNB/Yb+M0UvWhm2AN3cKV0objpqv2TGjyDv8NWXbzT+8EWf3iAkosK05IOhYm4bwmm60kMDWl4I8Gvy/rsAepXcLDaqDrcKsxwpjRga1vbdpdhxE0V6ArHtUHHs0FcrGFbJsp9iu1d/rkx/dRahqeOPTNVKSomTg2C0a5pSDXxww1UuF2UylGxk6RuOlamk4M8cFjArPxTXBuG/kIvGp4MpEmPBmajyoUG/uD7/gieaDdcxWoCAYXSc55Ns0S5c9Q67VICFckb2HMWWxVUGAShCa+sx/YHJLfk9AIaSnl8iDaC+pqFege6V/nHy0iKhXdJZQ9OQZsUHFNZSNIMZ9HvzHzFEXnH4R7AFekMOfDdr16g0fq7hHn3ymlhfMdSGt04XgPLWKhP601W6JFOze+GYa8zvuayol8dB3F2WJ2p/vFy5vG7R1YllcjGvHjcpcS1jzndmq9o51Q6EQK/sWVd7YePEgGQTTCCP2OxENKL5V3LAujcHLWIhvll6ogF9iYjjeph4iZNAsdzkf1aI6ZXN9Pz8D70fA8263AphHwFMbAHSDKPa1IkWk5iVaG4onOsVVkWVNmWpOSKi86SAA8hrejsLxBaZpheCT2pdJ+SF7rTCtEIEv3SatiFvV4Dm68dquj+D+njQ+P//wMLlFmlw+4zX4jOKJOk7ZsRcPqYlZ2echNOdwwVQwRK1HW8V2r73t0WgjS1QM6OfQR/MSEi/L6vpDsvwp8GSd6YXMNJaNyMDDF4ODfpxSpZqQeTz9n0osUZKvEvx7bBJBDQMz/X+UIzANX/QAoZuaCeOen9DzVELMAynCE1sa3dhQI3dHRe1aLYB
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8824-26d8-4907-80f8-400f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:52.000Z",
"modified": "2016-06-01T07:00:52.000Z",
"pattern": "[file:name = 'rkimage_backdoor_decrypted.bin' AND file:hashes.SHA1 = 'a5fb93890a903721529cf5200237dc0200b81b6d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8825-79c8-4c88-bde5-4cae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:53.000Z",
"modified": "2016-06-01T07:00:53.000Z",
"pattern": "[file:name = 'rkimage_backdoor_decrypted.bin' AND file:hashes.SHA256 = 'e067656af9cbdb9607a5375d4e003765de54ac43243eedca6123282e654f77f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8825-69f4-4855-8b95-4c9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:53.000Z",
"modified": "2016-06-01T07:00:53.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABs4wUjkfri8NR4AAAA2AAAgABwAMTM3MGUwMjllNmQyMGJhZDNlNDlkOTVjN2Q5MzUxMTJVVAkAAyWITlcliE5XdXgLAAEEIQAAAAQhAAAAoInBBr6jVguQC+VfUgJVUS8yYQLnUXpn4xOIEb/FRD0yJVUxAws5D5QvuWY7AzGxMeeTS1yVn9U7ALDyfJvnm5/6ZCb8rPcXFzSPRTLD2Q590wkbdTK99+lzvfMxjYUYpmEYtUO9drWWUjccKJ+c1axC8JTbHCjcU0ZeDarQqW60YR2iKn/oCXvsyLGDgZuZGKhmslaCGryiPAbn5ea05zgSQzJE5yTTOvgBxY8vcUr2CBkhJctfvklmfDqCulzIIf9rZdcuZz7Yx8AyFq/yuGQlRoDqa6m9oGbYa0tCPedi4OgHmPkwor/cWJ89WFi+OrQLwdDtnRrsfytb3OWySzyeqPo9v68DF/GUEfl8OOfqJmEd7vDlqbQeE7GuQfOcLjWegKgHPYpqssN1+Cpz774ajH39/iDMP/3ffvisTfGrkD7Vj8jtp0UbCQ5Esr/2Ibh6SXj/jB1D4kdZH6TA04slwlAf4FohawTMTNZGKjyTUWvXhadFqmwKHVCE/gKe6bPEeHP3RAh1CYBy2+uIT5+TBd3aTbJtDqcsgMr3L69DfYtjEKtMPplDxPLGNH0OVOprGsRQlveW/BzTO518vAnxBeQjSo/QjrKECplvQKdUbMI43c+QV27nVqNUQ0geF5hOKeWcv4FxG5/oreR9CuyGesC94sAcsG4jtYljLU5cFh8x0Vg0px0zb9qPzoxu8SIIEeXWeiqkn+zzcRuGANQLbD/AovtRwCYlU0GzhPXfJZIz3kUL6ZcGAZHouy5XYDIA3nGJSYNg0ZO2OSziIe7OZyLFGlZ6hRoxjSCrkfEtQK9tpPCoyykyOaqaxrggopLVMkvleFvLsZx5Pyfj7FopvzLizZIRmtGLgkWblHwiOOj//1cxYroP+tb8tYlWCvsPiqKxQRv+1gW5eVctsxyNm8asQchFrmz6btE8ZbIjrEFlNl5e/w2fH1dPXqUIDYfWEBrbTmIMWTSpixymuGamJCbtmD9dv8XoD2kfoBBkK/OrCqhwokmg5jGkON6XlE0H0Yt5aI6VmW9KCrl7ZLqMRHH+20WT/0ce5yvghf7moxt6Jg1kzraF6pCAYAxyYzaxU1aIP67uOcErjr3L1+bee0yKuLPzYyfAv5PtZ0DcLUjwdFX9y08xpDybONgWcHFa+koBgqnQl/agWqX3goHmfl8by9Rc2X3fVb3QHZ5z6ZG0NJTguHDKFcjJrD757kVvgX7sGvWZqykgvNmSXX9YgfDg3j0wPdi/ushZerSCZx6NmyRhh1FRaEMbpernoB6MZJukT//A1flhYFozC/c0PR7buu3YNsSEJfznVnV2KsypDlJA//3nfqnm1yfdPCb0PBQSmR0jVEL1p0tIx0GOSeAlgiiNKuxrgTH3kAIJwne/YTXTU3qgRLuMtIhw1MRYQrn1wvXwkecJxV502GALzc9JCVuAW4gepD2Vlil04gDJMQdvIQohBsT4VU/azubsHXPNJ0tLxRWlYy0DurPs/TzCQs67j5ecE1XBPBuP4+W0ZzOtIoozJW7pA9h1S22apVOQpD0Oxl88IR1Dp3xdRnKGzzvxas4TX/vAw4Fvz6Gw9ja3JFfuVi76PN3+lrRqvZL+qdJUfv/wVBLx1sGqorLs+D0M2mQlarxEhYH57s84Q1Q1AZ7rTmXMvxVl8oDY59QzTINr+XEguPO3Ajiim+2MrLKCuK/QrwgWUN0a9McgfXpMxhjY/hqj6Ntx6CLaOU4AbruV6csI9I41WJPJVuFSdQzJAbeN2MVx2KTs69GFPlgltKVcaK14Zp2pGUHmSm8AnAGQg3IpjcRnOE2Up+rqxY0jYwTzHNv7j9KQlTeCQgWRdLtuX+r2Ao9uBo9Jn1RMpUEtkoPGzwYvgvuy36MlFr7nxAdAXrErmXFBdBDOwGwzaeyaMVRxJdfVhqmO0+Iynyj9zG8qF18x4Xat4z16DDStOK3NrMurwz9AzuYje+BGPZnUrwYSPPiwf8SMgds1CDTGoWA9CWqKpEapO8UV3Ymzed/siVA4+JCdUXKjSxRvNyQZHInt3On35447YZLWZZ3hvnQvVP/Hr1QTSKpC+JM37LWeozpUAwbF/CJbTd5uFrHMN5zhENhWPe4jbWLmDFbc6tuTI5ndobepzERPNBr08DoECw0ukuSgv63cu0Eq0+aQp9bsa/cEtUhw8MXDn0lino7u0D6xiAcBpRpaZXsik56h7CbkAj2QsSdBXbUhmkNewWkSfmzCpkJj7D4oP/Z3WfECW1xuUwZ8UG3n9tdFBDMVs/YWkZ/93h5aZZCxkf1RydXchlucdrVeNdj0Tp4D25Q/M1m9xbydn1vK+jd5rKs8o1vD0S3zn7k+ECvJKa6uPaVTOeqmNztzvr46Ff9ICYDLrsEGdWCybXQr4o94UTUAdEN4iFS3NbFBwEyNY34QBKDnV1YuVNEQVkKHlgx5jPtx/+BEVf2M9mrItYbsv7GrboXifSnWoD+rmYDKcQdml9iDsbfKEXqMo5Idov4ATRWLtHQE0phMaUWhE9B6z/9Z6rAYgzka+Hpkg8ZT9SLSVWLR6G4Zg+u0n/2C4FkK6NPbliQbmv8HgduTuOq8E+Umo78i8y+UzeiVBKqIIUIS4CuhGi91nM2TAl2UIaYjdE9EaRcLJFulQYq04fS+1sAp4rTOrZQWq1+4h/XdcLqUlLAKmh2Huj/oIMXI9XXXQSRm1xU+WAlmiWKZpTfcY5gmJaIvvV0kGV13OXOJLpoWALacx0GOQ0T2ZjkLiOvAmp13tluCtdbrNQJNHNoEpE6HVUbEQ89XVCTH4WQZH09pkclbbHLcZ/lF6apiEtKs45VhX6gPWBCc7/E/LE0cZuEbaNxEdbYfhXROTLqjAzexYCNMZ++hDcJgeA4xLeqqKY+3NqJvoymDJPreoFhqDyMo8DSoTWVR/bN9FKHdmTmD2dnb7fppae/sQgRCVc9OkEhg5sqW/xwMdHj8Qanby91ijJq0FCb2CVCfmPyvl9vHUBykvRJoBQdAMfzcp7RyR/qub1YtibGo4z3VQSL33x7OcO23U9krODgAh3Pj60YW8w6NFy7Z5bF36rtewyJPTge8BC3HzLlWk7SA+pVbbSormgdvDQMHJQaTlgjqLNSE8b6gHf18AUSBHhaQxjBeBwwRYcik26fOl1lM6ROuT3poAbv00uJwLxH3yzVClR7fr9NsfU+FEwy8cEnA1ps5cPQW7nVXB2po/DHkkEQMaEgKFQv2fPhDggKbpbs941LcjdsW4rzDwUOrmvBuR5MLEpC273wkSslWUrmbrsRmjBjcxVPi4bFrs7S0+7xYQ5loZ9oA34A3edHFcoTZoN8hfrCEtHwQzx1R2DF9nLgO2CR4OeW3lJMTF3rSznrNcLsLLeEiCQHg4L+l89hBoTB1FbHotbieLb2NuL5yf2+PIyCl7Wgar91LrDqtux1OopywJNE+t45xhgRaL8/GRYAmVSZNO7GbkwvmMESZFruMLDA6LRGKLQn65r+JZBdrFmBEJkZ0speq3iywhIFOcjU8vhDZdfM14ilfAVkar91LTBXFJncG6yLZj9tpi4Jj5FDo+y48OwWyifbCv+yVYsK7dg05OiTYQiRCpztbA06IjLhrHwHmWrNMtfZdTTI0nO0I4nMrr689lZK7bazFGW+Dpmais6PgdOTayO0zrgIw8ZzMP5qt0s+bGDwidLKr4RBLMza3ypOLd3a56sPahAsIrL9WdW7oH8TI8DJfhTPuMGaRSJJwcEcx+pN5X4QsUgK5XtmVl2//OokAwcuDfGL5iI52QpxVg92qvIOMphOo36/PNMaNztHLDIgw0dVF2U6jQetGznZu35UscJF7GVLaAXLl5vbWP8EGlkQVj95xwrLz3ucvW3ubOT93O6URiyMFEzqO0IyXWApvJjXa7s0QWF
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8825-ed70-4609-a497-47fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:53.000Z",
"modified": "2016-06-01T07:00:53.000Z",
"pattern": "[file:name = 'pe2_encrypted_b61e8d81.bin' AND file:hashes.SHA1 = '35f712f1fabf7f51f0d757aed949d623eb3dd02e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8826-7830-4b99-be60-4f9c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:54.000Z",
"modified": "2016-06-01T07:00:54.000Z",
"pattern": "[file:name = 'pe2_encrypted_b61e8d81.bin' AND file:hashes.SHA256 = '3f53ada1d45ec072960ee2b91e902727dcfbd56b841a7b60251680565dc8b5c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8826-6f6c-4298-98f7-4be3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:54.000Z",
"modified": "2016-06-01T07:00:54.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABs4wUinZEifxxkAAAA2AAAgABwAZDBjYjBlYjU1ODhlYjNiMTRjOWI5YTNmYTc1NTFjMjhVVAkAAyaITlcmiE5XdXgLAAEEIQAAAAQhAAAAgwJ05Hz2fqWorb0xWOkTNEekPvpM0ivTdt/TSVb/yGZfHtDrz+QPiMA2G/xafVLjaVR2XXMXjjnw/NZ0h9MpAvSvmks1oo8P6riI25TKSXACItl6lDLgagUDG/fYAgAi3TuH8lwIkBR9eK5iKitXXj1InDj1Qyllm8HYDCENeGH0zn1C3uoZpPfL4dBDGvbNh5Rr2KGliSSbkeXO5OwhpfCoSTfJK2TNvqa9SpfcL59M8Yq8RsamCMVeCOjHegBYUqWaSoAijjvW04RMsPq7BHo/uOPlAoutwBLqzfLz/XhdNwJRGLPvmQYKiRFOjJZE3JRPrzzy3Pv6iBRSWfJZtbSKLe7figWkElZA1sypkZVxdJK6QQmkCdtcQiGLvBhy/lY3G6R8gCFmTqgNuJ0FSlxeIQK3ijMg0Np5nAlpWn3avTxsYWo2dEPnGu4HlbcWU/NbOSsXQr3/gtpxIDpuD+bQkbqj58KET5YXrGtcS/9ukzQCBkq+w9eaesN9aS/n8SkDnXS0DxoCzKbik2V+VFlpz0K+Yn9NItcqZdQZ8q07oo9WXjm3sev1MbwS3f9Sih/9MAsidexEtfmZz2SQ3jdwyQjARXuux7Ef8li40VIRk3yn2DhId6VCKPONRpBLibvXXpmB6yFOrfWbz6aAT2wIX4dvwwTU0+fWiUmlRt1WPmnf4uu9NK2qJbGOLg+2ZQOjyfh3YOHA0lelKCAug4BpRGlXUHfJtGeqHvkPWGWHW+LzR+hcJPuq3As1h2TdZ6lSroWAgEYQcDRdc06Gk8bRtKK0XAMHl1gVz59CUTye8JTAD7a05JheaVnQzlgcmFicfOc8UAe2fw/qh8YvBjnoIVsPwV71364w/mCl/HPTwUPd6Al+7aJVjQIvtvfD0X3MtLbZGdbu10VxRUOmeTNuGx3rFmgKJlH3jNZsnHKAkZAR9g9ta1hWTuPCUoWN9nt1xT3qzZKjjIGwygQhOSxTx8bhs7GnySTY6xMSmq1pLA9/6OQyRA7+h60PgDRtX9uDfA5SKKKqHZ0vO0ZtE0mSssnRWM945154CEClIY+QZMt9CC6RIGs946xYLaVJvekWWD3MC/idw3iSEwqhoKjkIgI/TBFOAZrOPDYmt0HW0wW3cBLSkut2wob8NCMJ2uXk2YtHhsDpv9VMdk47B5oNe9SD3ZQih6hX1oSnBRHwEr5A0cszv012gWvXxYvd03DA3f6TpM3l+7Y50zSS1i09Af1+R7lE54tFCwYP/eomBqQWqHJTts3g3d0d/Sh1GpL20/JT7+IvCEgKeCd9kFUPdkYPy1wBCsZLqdGVUS1osdIRfqzDPM+7e6kEUSlHkUofOSrpUC7MNb5X4U8JhhOT3Esr+FEKkRKtvJCX4SGqCJq1Cdz+iFH7XBUXAZEOfDRM6tZmpog0VrfB62IW5bez/JA65TY3lzq4vm0n+Aqr+AOa+YJTdWp4w+NSVJ1uDNDT2gzoYdt1VIVZCiBHX51dXkZTFD3ftvYW5an44rlnsVoX2UNqRMk5M9JjZG+Y0KczSvRwBTvBvOEFFg+jaDdMj2IL6xFRRWuaOqt1edm2bJcmMKRYyX8JSAX+98Cif7KhJUlsAtLG/UPOFSIlKmvF0L0t+16U+w+Qwgt70o/I4Sl4cohjdB3CTi5A1Oq6SaWcoJuWVTd8HPgBAIe1ql+b7t0EWM4CIKN392b2hmKuVcLTwQGvMR9pWNR/vcmBp44gHNXX7/3G4nAV5YE182ixO8WdGd3fR9/tXZYRQeag484huJw2UXFSRlOl3AjLh1KPIs9/Mv7ES1di1LFsr/PSYCUNEapOfYYcdoJ9s9mEGBTMddbZ4nxFDNiVTtU0mW6qKkZNMPL28CAWD9tMKAdrX9WXpCKG/DUG/9rfqvdDkB7rGpT9+I+3/0IjMQHizv82quZA/INDEFnrvtnetG79gKe9GLv1wXrqeQ0Fw6zpe6tjZ2Kh0+bYOg7Osa7wA8rsz4WuaKs2SNb0z/bwPrj/fwKb1kc3pDDdSmD4cIK9dfuT6xQvXgdGsSToSB7QNysom+5nCO017/BqN6EjJGrWdsqcqqLlUijcRPGYW+CE0ueJu+le4xuNH8nY+8RLcDkKDrrfULN+lnfdqTCeHjOdk4ih+26yJj7E4dTywhVVLN/pNkuPjuwhCnz3HvvhPajINVwXBfrg1EEpF7IztYCZ2Wfm296eNQ+Ut8bzFG4ku0yeh0boyo4/7BsBx7eEQcSS6amn02cr0c0j4TD8Tm155fDB2LpZbADHhAnum70gpXfgkztJ7NEA1GRJkYzZ5PsNOh75F/QC6QGIu3631/nix8zg/TLWyWN/RbuAcAuODYOioT7MBA0WiNcbVL2Fh+ZiVT64BiNU97/f1yQrAxgQ2JuOVEvxGYRavVNv5kx5PFMfqEP023TeRhhEhtmowUL79OAx+1+Ce3KOyXErM+kx7WF0mKLvBlwjQRf+rH2zW1Wsl6R8I9uJhUxZQxfe/ne3BO05kP8N8iK6NWOU6UhzoJF0qGzfHup3X7i+KFu8iIF3BXefiAmHM67qm9dz0BFvJ4Zyz0ZIBUul9CNY5hlQfZ0hM32gRq04M+PGNr4mg2gG7+67vokiwaWsp7k21imIcSOxNydKSV4MyHg0wPGIzGob5ukRIqlTCZpVK00CQ04LTZh8jI1DLeP1HAfW/RxJv+ie/HWaiY8yJhtYwg1LuWLO4szytKYhu9vcStlBmzL90rcNujL7/YkDeIJBli0MNUj1lICFPYeidZzE78cBLRgYPviH2jVXj4UDy7ok5JjaQeB59VWdJ3U/dPYvLZi7mxgCWeQxqdpDmz38hQXVkIkI738wJYnIqkf9mJBnjT4iuPbz26xkV51K2Zm9YL0NsK/GPspLFCoakKxgtobL9Jzd4JSrQ8/eaz3oYw9YmiDlJ5ZsSZt0Oz68UBfhJqXSvUPzKLQdDjnrR5rCBOscDfxhSIsvy12cvxtIU1Jq1zhPMQE3YmhcqjDcG8S2DqyAmVuGnMyrqzAq2AQ9jxZgAKxKhIG59dlKbZc0JLrGn/ZTCQHuer0qjObwLbzxCWIbwn7rg7FPWYFv3T0UUO6t6ldVynnNoZ2OcrRCjqpTnQq/NPHl31nZoiq6lwtqzTnk3t8wcxttCuE84PUu/cnpHt/+FappzVWz7V2fXk64FqVFq/vXPCuJfK6iT6HpuDX0zdedh20fIT8ewjCq+4iklVIq8X+PQ1CoaSYJJXv0T4SK8eGBZWhEiGqgzuiNtu0VvleAUBTglGNJZIomSJpBWJCHz1Me8q281Joe1ld5Jz/6rsUmyb/tgojxskLZKgVWacNWFm68yjiWzCpRGSUB+Rr3XpAVRFXsOl5/AI6y8pftdtKxHFaEGj4FfJ1l8FU1z0uwLx6Jy/EDZ/U/gVh2mkVh7FpKsQG2R9VOc1Hu1DSH/sh+VDWr9R5JN2jzCRrMfYCgoZx4XUJ45JjeFNp3QRsf+pcJ/kXaXP6S9k2IaMUQarsbiFztaQ7xB4oDoGTrS2zhB/LJ5HKUUTVkomnPe0sBNEBixzFsDSDsGYDloHz2qwyg6MvMU6WGqXGLDGitMb9Jqt/X6eyzDJVIA8IZjp7m+uaE9ubAPrQ/6VqUrxxOZUmHukvzh+js9Ra9vjElarQFKGBNOKaVGQBNf1IstHe2SMlRxm3aPa2m7LfMT1pM/P5WC73jm7NiCZkLdnQ7nb5YIk4aUS1KLs5EJXxNQ+E6RqX+BzB4opvhPpivmLMbbij6S0KzZtV+YJ3b6arAVUTeJvSBLgf4UzNyzwkQp8fblg+dqYhaUJX0c/TAojboflsk0kE5ehZOk3+JxX9oNd/n+4FhhFF2g2MAT0zqa7zEIyHNGG6YK1VinCYdB6hZiYqizInUTk61V2icfZuzND1rKMiGJv
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8826-506c-423c-8116-4662950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:54.000Z",
"modified": "2016-06-01T07:00:54.000Z",
"pattern": "[file:name = 'pe2_decrypted.bin' AND file:hashes.SHA1 = '5d6c1a3c2d827c714b764b1c5a3e7370ed737986']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8827-ad04-4733-88b3-467e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:55.000Z",
"modified": "2016-06-01T07:00:55.000Z",
"pattern": "[file:name = 'pe2_decrypted.bin' AND file:hashes.SHA256 = 'e3f47d6588b94507619acd51188d798e1adcb9a611960a2b231eddfc853a8ead']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8827-a6c4-4f53-9816-405c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:55.000Z",
"modified": "2016-06-01T07:00:55.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABw4wUg/wbQLDhUAAAAiAAAgABwAOGE0NjNmNDY2ZTE2NzUwMGMxNTUyN2ZmY2E1YzMwMWNVVAkAAyeITlcniE5XdXgLAAEEIQAAAAQhAAAAvH/DQ+OUx+v+FD52TMuyO6vtpF+SOWxr4aEnE6wRLhouT9iGhfFr1DiKfphenAv5LDjEXhoZZxjKHL9Fl4imMbcRJ/xFW9nAl+TnOIr+mrwtACcFe9DYUN6oTveJaEpuv7biDKlRdohOeoABHbVcK77h3cpIqEd6GoXyhsdTiFblOxtv+GLzLAFS7t2HtbdT0djg+FVqQYxWPSf2y7H4tAd24/mMGjwYb/NObJSkk6de06g+WmmF05G3E8n9RkxbHjeBpyVw0GDTfz68aYn9/PQI+K1ENzCDKzx62H8FlBPNkhoaknQ8iP+QOLIGGqdQxC3A1QpOjy7r7j7CQu3AdEkBBXeZbevALBEV06+Fuh6kKpR/tYTYAfHqUR+/bLdyiVvSoMFkk4FT61kf9AsTr7mFsChvGsi7Ae4AfvS21oytBRF2ZaZjvZgDtxYYngaxekxuzVO4nrdb6nBtsfAZ0IICIPBoPN6IKVQW/mPGBhy3BgB4vORuzx6zC2O/0Vh52JJsWSQmMJCoy4c1LVYW7NyEoOZD9Eq10Bttpn/C5ISgCA+Rit+9kXQAnbCtUJW8YIr6smSFaAVkPA3P9FX8b+lJDsa5TFJcn/TJrr6YIlu6qx3NT1aMuuEeav/mkKHtvQ7SsNP4IB7mk2+aHyJPpuuth4B8qI4fjruGuUK3PJeLArSu7/JApdL2yzCOllQg31jRnRIM9auCXhf8wjt8ZlOxpgupqOSNtSP4pvfv4wV1vJ3lmeesuaE4UzG+iA2ufBdaNakCx/xCugHBG1H5XW5HQYb5DWLs0mst+bmDmdixZ5z4Ahxtb9CthaRXT26gM+Iuh9SBQ4UoFK0cQqF/pRaE4C2w0xSCJ4FdslM57dRpeZ05rhwE70t2bUeFoh9BWOJDeggxkNvfFXtkEaqevvnYzMgWa9gwMU+wGuEyP9psumCOOdJFZ+3gAKHmHxNpSKkBxNvOR8tgVJ4tArE4Z3ZlxeZtIjhvNy7u0WZrFlrDC/xKZMz+OaBZPuBzfbrRTLFaIhxHOZEE4zuxOYfRnosu4jlgE84OwM0blItxmtyrwAMAKs9O1EQLxim96H5iqnGjZTRLj1FerTGHFRqm/QHO7FHpbdYv6d6qytc7CWWRbp5OnwlQyaPtRH9R81+k4d6YFnbqx1duwKQH7HD1NqzZqMxzi0P8OgUYsMykoak6ijtQmcOraw/Q1ZwBTFhiMaaYyIX/k0JXSXoIC7cen/PO2LnRGEc1fwEOTjJJEcOMct2Ma2P8ku8jJXx0LDhjn8XjL9UCBSO6TZmV9KkmBoOj/i3ZMrLucfanVXO95X1Qh/k/lOAKzitUzqJKErjLwM3BTaxv4hZkSrfclNSRBfBycWFXLj1Lu9ZL60GWlRlNiC0/So3PIEm8eNtX+Ic9IWolud8N8Esb2xyl4liLdOT1SHGJr7UaU8+Nmh68oQ88QGr/xyxv4qXan4Dush3phwWTxeuX5xaLi0igAVEADbCTqjF+h4vKHGIy/ezpOpbkfn7nfFttUWwFJT+7g+hfCYf2mOEvQS7cj5M9GbOksinRtP2+KMDsTuoSKzixpU2B2s0TMMDf7GULZSDK8xHGT/Sf3xWi+UQbV8FBM8lQoRscuGXa2B4FpGIBHHYuOpSiC1XG2iXl+MnljcK4X6Gb7ewUsrnyme/lB6x3STe5cMzaj/kKJD7qUIfojvsLsm7t6JArWK0VU7GeaQH2tkwu4V1+zwCqZKgO3CUg7OHtr/054/ajio3ZDvvU6+YnwoYMjoXXoWviP01RC6unqkWZFXj7t17w8/LluG1TnolxDasA7UuAnejqFlzaXpaDOknFkD8oWyF3EgBVPV6UFME9sB2Bj5/gk04GKPx0c4xFPmBrBz356LGwZ17APXoHogq7xNPWyUyaA4mxkNHP6mvxuH687xgSsSPdG7uNTH4uFsQYGsbcgBvzdAgoLBhTTbmCZyCKROEQKiPaEcUqI/W5JXAB1RXxoVUhY6k/rhkzY04sfmFajyX6gA7TT6tBkUdWXMToaM3cTCcMO5uyzGYYX0RA+J3nYFdXFTu00ef2x3eFrlWN+bcyP+5u2Ko/i54b0sjwonHOun+2G7eP+KUOKoXsq9+vHJ2fwwrwWF37G/IaH5ebyVghfBnX112bMlU+fv8E6sgTPlQiuUe8q2XRpBzBK/BL7oEa+zfpbZZJqLpUYQwT+QOfHm12E9pC2YFpZmiUIDrDyEe9VYeMB+CE7Q0flJH7PryV5bWDBhUh9KErekG26Zjn0FyVozxWpAl6G4mJhEgzrsJXLtrFbPFgzCtzAwqcyfpoJZvWpjTnkILvx+hrQWsb5IFlZi9QS3OPXj/9SmUYWDzw9DB0ZCzwZo9hkaGw16dLd7xfOuswb4i311/VihohPGPsveHe6gOJhoXgjuhbYoYL4ybkP+IN5VZSPVU3Ps66vMR+1VHtJ/G2qUXHHA5PXt3hlv0BgHkbWVigg7AnK7buSwTEDNeHIJD0sqMjSTtxuUBRqTKw7H7zyfXg0UUei3wtvCJv2hjNYHAKGUk7Afn5SzwdhlTdVL9y+42YOHZ4hBjZON6MWD0zmDdu+d1qVpybaYcSbMW0UA2/YevaB7ctZSYv3wut8kn+Y8iDi0JFsDDC3CdhEdsgsGArMu2+W/6chMIqCGQogajFr6/7LQFKB+USlicG60DJJ/+hAgc/C5XUEbA9tdMIKPILge/hpWo/Ac1NVp6nQPtN5JoV979tTsIdxRhRqjTc1xiIlHxy8gvZzaRVxsHUv3S1wTtKdpN8oUpfj843Pi6VfaeMBY32IwXAB6uAj29d3azArDTpJUkh2gvo4ItFaKk7K1/5Bi+B3AB7v4fCR6w5YETNWbqOsK+JsayYbK0qllpg3pvGqImhOzIyqzXv8TZiiJWyN1b9scnMaPjmYVsHJLrdPpSYgDkm3kQOY7PakhazDlDhHWPnTTx3fWQXrnAoUseiANchraTVC+QhTu01y1gwHefh1ka11YOXOKWgyKetHycu4J7KbpNOo7wTwHJcbChSFE1X8rF3YMyMzwml+4oxM2e1VVBp3lLSXQwT98Pne5kiXqM44GK0oXh3NO5CbfmyPzjE4KNjo98IyRSIz572twf+N6aiEvORlWPsCr1H+SdB55/mzunav/TZ0010deiU+1uRHdCUqcGNVi3UrNW9181eoFUnfp/waIYBdyvd84oHrmCLMfZWT731KZRdonbZqOhWba0HWOg0tEKwGZQ8q0yVUvBCXy6uw2R6Mkd91Ty/rbLu5++h+8klaxNsD+QgKx/MAx8bR3I2thGuedPSZIYNuuQ5HWkJPPSvKqtXcExk2FaI7i1b9EATETOwL2CUmYcwU4WfW1eNcAdkOO1lhP3q3bBBegSXRytNyWzjRB8eVHh5F+O7oVZH2Mxnlu28eSfACnwqWseS63sKaH8klOkwX21IZkF+UrRxjoKGOCoBT3jaXU1Tvivh1wjdImJjqkaGWfIlancOZm6tu8MpnXtgJFWOl6WCN3aq3DQM952K1XD9Ff5QG6IEB35QsNCkA75pTA4yW4Zy8lO3I1qA4w9TjgEPh9HRp7qT/lYMc7Cs+4YbyYnvjjFm64Z0GivKlLq+rlbi12uJsmpkcESPMIUGesseeyQfteXf1GCWOo5dAWnK2MrJvK0FqtqAgEKdORHKLRLZN7KbGh8dIXDBFrnQ9WYb3WbvJkwpCRs2aQ+NIPNvUui+ODIrvvmp/Aa5U/ca0pzeMtbA+qFz+AyqKZu+8+JtK+h7fqqC7xZMhV9kYhrAP3yaMrfQCh2EdOIrGRX5ofxFFvUP9Xb4rAPxBrNrredBbLCND2pkVaVCqNcRZKKlxBRldppkZcuPlUxnfSUgA1mPsNcyBCtLTp6ftmNGfoNcTLLkd/B6TMl1ijT1Iq
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8827-be80-40d4-8954-4979950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:55.000Z",
"modified": "2016-06-01T07:00:55.000Z",
"pattern": "[file:name = 'pe1_encrypted_b61e1dcf.bin' AND file:hashes.SHA1 = '3b7d3bdc7367859c67c7995661fdc21ff629b908']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8828-2dc0-4109-b0a7-4fd6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:56.000Z",
"modified": "2016-06-01T07:00:56.000Z",
"pattern": "[file:name = 'pe1_encrypted_b61e1dcf.bin' AND file:hashes.SHA256 = '67c172aaf14598fb6e0b8daf5b33872f96acffa178571a498752921e88886bb8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8828-dbac-4574-959a-484f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:56.000Z",
"modified": "2016-06-01T07:00:56.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABw4wUhMSeDnJBIAAAAiAAAgABwAYzdmZWUwZTA5NGVlNDNmMjI4ODJmYjE0MWMwODljZWFVVAkAAyiITlcoiE5XdXgLAAEEIQAAAAQhAAAAtU2mqUueUEDThfHkKJoMpYxHLDh/P2bcQUEZurSj48pzMmwg+0ND7kZBij+WjXyxTkxfuj3WunhfIXNnG2lugtBy+GIIgNdP6GGKHCQeGD/gPVrttmaubB1yrPEJyLLbATz1GAxTOMK7OIDhBgfbCt+Hra2ElsDTDww9QfPRXhxq4zeuYm3km5tU8N3kVGFecjiakMPL/wZtq2BYMoI3gSDCpglVxAqQ7a4CoQ8CvgAOcaKfVjN3eJ8Yxn1R/EH+SQOrM0zvKYL6UuqyPw6aC9oceg9IBMzkXLWCDioe+62gRnqB46XVJZN7n4/gCv2ooOFD5xYajZg+5Cnf3g5O06rNyaXNmTGsNqSEDMeYZCDnPKUdHOg/9MmNrBWzh8zHl4MNBGYY1IvfWABxm+T4uHemAnKLS/QSHAj2vfgYMiSVICERFSjvGoyG74rrO+yZQsFsSY+0OHbjsusLDxZwMbApN4aI/RLfWbbHPo3mfl/yRfEzNCgdsN8PFUBrYW+MQsFnsNz3iR9oKWd5eVvjsFAoEyKqs9lzzQrJ0h2/7HhI6JvBWucFZjs8+0q3gmeqOs0hhA7AvM75WRVuK340lbuEIHCYxB5TH/Q/pRXNN4RoHtR4taXqD9rzZlYmJGOtdKmqMwR3ozxaOy9Y1rPscnhrIcOWZY4jNFKenH0cYywV5Q1L3px5qLjsdLoDYODbQQ8qHlr57O4wrJS5H1raUNnVbPmZvqR4SPr5KfF2LolK7PLmOYotiThT/rszMAPJ1uranowSf8QBM9fo+0FY9gLwUSrfMoxh5SFtd8/VaEdcbCK4Io+B5wTbHlewcH/aGfRxL2IL6YcHsZytKZxRN4KDArhbL9ZNlItlwb7wgnTEL075Tp5QPO0p3LKj+5NliII0QOkhe2f67ewBprojNQlv26gbd8zMyVPFBlYn0CmoY/07AJeRmLwnDxAYo2Z5SWDGgu0SwwusuNnlsxsYkPmLhA8fNFSHvLcEIiQk9vl2zSEmcKKM8Nb3iCtrBRQa9JtgJzUFg4y4m65qlmNsc1frg6Qpn0c78YUdxaefrIN24WvmVXD+vNHx5AIlojPsiMygOAZg3MYRp4IegXRbomfr8w8fg79WdYgpXEHzWnXXcqmeL/1+SruqVP0CbJdmV3QvcAq0ip0xALnj4tgHqi4m8BKteY37VtlrWiXxUql7kG8lrnvHXK9XoX7SJv8PrMUw7rz/SgnHBT2o6Lzq1GmUee/7XfUo1TTshu5feT/dRYbbtdfuPGw9QRHV1o/B+/lrCo4KH1nvxbr4FgJ1ByvGxBnB0h6iUrtN48NP8pRP33R6yCAVUm/8kgQOenV6jyTbMwjncM2kNgKM4uHJjqXjb54uyx2IQLuBETz6EUDHKl0pEsbPdyRhqaMOK+2ogbApFSjuTJF0M0mvOGHc06mFZjbbuwZnLkiBz31NQjGWaUTqqEa4JuqQKQNvYVTaeuljZf1OA1AmDVSpv+DERRxbJpVP1w7CW1aK5EndXF0chhPgYp/w/G1UOroABFekgZehddHD/91i1nM1OcFYlRu6+IbJYY3HoRR6uBfNAtQKezk1H+nUcDY/H4EdcuGzFp3Wl3ZpfWnFn4BsxTYjahQWcXOq9Hq6enN5TH/vJh8lUpcjrVJc6Vz9HhhqCwDbEynMW2hyv7ymQiQH2KlBxPA+IJbBte55w/7d8ljmVBpL4ZO7GJxQe4frpC4RGgjFkpTeuzmj4r5sv0DN4HM1/LOrUFbZtfxMTqOkWmhZNdH6DxdtAMX5qhZxUjQa0QTWzf4CPmKVunRdDJPAdGTDGQQHxmhwdcsuDNcSPrMxLcGAQ/wqhjyzU+JM9IU6qUeTiJKHPAi67w8t6Hn41VA4tiijsjD3M4/WLOmwD0bunsd61ZQDOQZbNSy+w/ft1S0pHyRBDBV0JjXIKWQ/E9c7VqoxmMjo2RonX/R7H4RLPvgH9BnR3q8vVMYmeQGMRXLQRaIFPOlwrr9VkpHtc5a0OVO9OesEmSH7NboUNdiPZdtPAWYm8sOuJdGMmom48jL0KRNiQ0oJGu9B1rPrq/Zc55FJ5gh8J6iwB026RPx13dGzGSFRswwUy8Osw7kDFEEAMflmHYtLFI4zuPwhVE4O5d596W0NuuonxSrMSnCRK+LYm6WPQQ4RVW7+mR2WsgpToUN5aZvwyEP9kPrSHMG4Vw4PVQNfTQ6od/uL8WNnuucxL3CTvp5AcnNxIwVg2vHd3CCcIR5xkOsIkhXSuhwe2sopt52lk3TzKm30GfYanzU3NVvixJqZcO3hNoYtMVQR+YiNFtf0DCGoE+RB7jIM0LfeQoYtr6MmkjDCGyresLLymfdrQzbqccaJy3twvwYJczwiE/3CJ9gNQzXENrLk+gLc2s0Hn9pWjsgfxQu9S91566DGPDj++BrGn6TDCJrM9kdDsTGhGYOqn5ZrYNuLVJYE8y/uovs6Y6/atO8sfj92znzBW3BfiuUutZbCfqeWJgAHR8J55QuB6M2LYdheqooLfM8n3q/rCEy1OxCaWEVDxFd15r8yWUM5YyRT1YsUk1DVHY1ag77yubfmQFrGhK1KO28f10tECS0qHBGXFqXhQxSPvhyPpomYvcKr6rz6RwcTkPoO3NjMN7phokCPYUvjqQciNtsvMCuTVMnKCPfuVZ8q5JGnEXDqX+kprTUyzuTxbGwZPd9sj8fIq05p29CmBTaNG1wZyHyvPJ9haVmbIVmoW+AjeCR2bZaFexHFqjjVeNhjVhR/Vm31t1CyePWOCmVCSrZuIkOEhHVkk6N9dWAg+pKtxD/Rq1rb/Jjr62lp86TprsMKgXnS5JGva4iTf4wqgKNw9EobrAlbEezHPtH/DD16RQldr6Sv9poh7i+1zbJZED3yjBBHyFTkhmOYdSF3m5dUipJDAKrYK5i8yFAPNwnfQNjP8P1ZQ7mUpDNuQ+E3e0eaXeWQrQqxCooWLHQ5VApcqP+GN1aIk/Ztxi0gb2fUnlZ9Ar0lGeKAT3mIt8Y2ICIKxIShIJv2DNlqZHefd61L0lAwRzwMuR3vjJHL1Vd2HOBaRLniYZlHj6zr5DkkI6fQOkGxCQ1awFO0CCAr7g17v71iA1Hvgwjj59uG/KXbN+bqB6w7++kLp8881JdlOnpFgOpc18EyMytQbq28PS0AZS/3ar4DaHDKqdl2sI9lHvdH+deV4xxSiO3NW8U97LUpg4HEwA4u8gmDmAQizTq7PjUA3M2i1qDJbes1SrsuA8dEZYjauRGaAfoJTAOMHWibW+39LAhA4LvqbHhUYcaWsRFNNS3K6ephqaY0LLSVxpZmuba3VEUTakhu54XB25dDIjayNPZ59+NwfCvud7QV7L4gLX5shi/DXGr3fC9MgSHc8oEvCrsiyqVFhK+V0SKYuoHmLmmjgxMPKKY9Vm2zUMDOAS4RCOpSyARTZLoeL/ivw8k5nm4M4ifw4iZl4yhyO1PpoFs+Z/p9wnvhOOg1AYiI5fveyI9wR9+k+6vg1bzrQnf8/mh8n1D42qX9MNlViVOQFgllDrEWMsk0TLQUazmen+g4oPs080x3XQLPECUOOyjKK0pbZ709OFpis504e11+2/pFZhCLf+YHk/Y35p6FiAzL3MIYPQQe1oxImdGift5hmpqQGxJyXZXTaT+gYCHN8A6PDlvNB9A6h9fTsjWlG5MrcJnh/HmqSuUiCXanoA4L+6CLbKmD8lcEWNgqz9guPlTsC0mgaaRK+KApSKeyx3tKT/z5dyL+wlzdEWgNM4CQH1pJ0HWhro44G32ujbYbJ/I9TX1Cnq8hEkfYwc1PwPz+UY3448kaNJjpMifujh1Iwsw0MtCm14Pfew2uhxQkEGx2CGjZ9ScUh95NHW1YD5BkGTBZ7Zxe+TetL0RZiDRPHrUWO2BS059Yalq1HD
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8828-4e24-43ee-8ee9-47ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:56.000Z",
"modified": "2016-06-01T07:00:56.000Z",
"pattern": "[file:name = 'pe1_decrypted.bin' AND file:hashes.SHA1 = '24a80cd100274e2c39180741aa688a4e73282552']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8829-b1f4-44ff-9cac-42a3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:57.000Z",
"modified": "2016-06-01T07:00:57.000Z",
"pattern": "[file:name = 'pe1_decrypted.bin' AND file:hashes.SHA256 = '3103a27193561218be83d26071701bf1900aecd3a3994fc4d12e7521acf97ec1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8829-e7e8-4a36-b3c1-4079950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:57.000Z",
"modified": "2016-06-01T07:00:57.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAB04wUiFHz8ZygEAAAACAAAgABwAZmU5ZDY2NWZkMDA3Nzc0ZWUzNDIzNjEyZjY4MzMxMDVVVAkAAymITlcpiE5XdXgLAAEEIQAAAAQhAAAAeETg1+Gj5zS13/H1PFRyTgWpn9bwpQ2rmFJMAz1PpikY+lTdJGe/xuEyCF1Sw5+wJEGAaeDv2bbgnC2fs0wpzydyZ0LJQDifBeeWDq5IdhQ2ED+NzFn2vk/xW8Yb/1yNKKjMoIzlsFj7Zr1KA6b8XrQ+XPW6yFIeH+sZyhvcmQul4J4FYqxNY1+sObBzQxIYlmYftsJWItXDRZfcmqIkBaVKihYkgz/H1qHH3vLfbA+0CGRpWgoLTLrUK3zdB1xTr70Cxmn3xB94YozMwqgUR9txWm7qW76k+bRX+2jBTesZYQPrT5QXIxtSJr/o7SlGvFxSbtcyKNHHnkoLUQjto2fM2pa34C9o+mirEEJzT5NJ1peu9BlXyONBlB99rv1Hz4rRV61eKwL5bcJ8vcOuyoooWMTakLVjP+UGlJKicpqMnqCI6HKOOepzVrp0JMglx+htNGT8Nny8JpkPHMqNlcqiJcqxJs9TV2Z8JkoGxSWLZixOqGs2PdyUUZMYrZ2s8II8/IhK9afhkQNWWeEvpuj1SUXkLEmFZ1cf3Lmmi4izTc/5qC0Oxtav6ES+aFwBq9Xu7iJgiAXfes+JOgI2rxD4CCCRpp3t6L1QSwcIhR8/GcoBAAAAAgAAUEsDBAoACQAAAB04wUibWtDEGAAAAAwAAAAtABwAZmU5ZDY2NWZkMDA3Nzc0ZWUzNDIzNjEyZjY4MzMxMDUuZmlsZW5hbWUudHh0VVQJAAMpiE5XKYhOV3V4CwABBCEAAAAEIQAAAEVoUDI9t7dxS4DNFINyWeaz27XQHZEJO1BLBwibWtDEGAAAAAwAAABQSwECHgMUAAkACAAdOMFIhR8/GcoBAAAAAgAAIAAYAAAAAAAAAAAApIEAAAAAZmU5ZDY2NWZkMDA3Nzc0ZWUzNDIzNjEyZjY4MzMxMDVVVAUAAymITld1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAAdOMFIm1rQxBgAAAAMAAAALQAYAAAAAAABAAAApIE0AgAAZmU5ZDY2NWZkMDA3Nzc0ZWUzNDIzNjEyZjY4MzMxMDUuZmlsZW5hbWUudHh0VVQFAAMpiE5XdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAMMCAAAAAA==' AND file:name = 'mbr-inst.bin' AND file:hashes.MD5 = 'fe9d665fd007774ee3423612f6833105' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8829-3a74-44b9-bef9-486a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:57.000Z",
"modified": "2016-06-01T07:00:57.000Z",
"pattern": "[file:name = 'mbr-inst.bin' AND file:hashes.SHA1 = 'b3343209bbaa365d9768ba415f0e931d40a60d4f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e8829-33bc-4a14-bf68-4572950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:57.000Z",
"modified": "2016-06-01T07:00:57.000Z",
"pattern": "[file:name = 'mbr-inst.bin' AND file:hashes.SHA256 = 'b5b3f04f3b7f20ab103fb9d35eaea8e305a975a2713eb98e14e0ab06701a60f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882a-82a8-41c1-9445-46fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:58.000Z",
"modified": "2016-06-01T07:00:58.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAB04wUhKj7SQywEAAAACAAAgABwAZGFhMGE5MDMyZWUzODk4N2U0OTZjN2FjYmM1ZDBmYThVVAkAAyqITlcqiE5XdXgLAAEEIQAAAAQhAAAAZDlSDLH0iJc4VHmc7msFiZJeOd5eZcTbN0nUHVNEu7ypPpVLe91kyWvkUAvDRER6FXgXCnR64AW1sm2Lzl1qJAHX1ov8Wsk52UZkIELttk3KHxjBgXtsFlYJ4Big/6H5QVCphezu48D4P7sl+xd2LDEDzEV/eUrweEJZm5crBLAG3EWVDJGITtIvk3CU7ZRInpxKrv/URwfSonjKqIziLaqIi5Wc74sMwzBNJOqoLY+zJZK6EgnP4kDgZbuhkOSkkWkc6pswuF6+iVOAe90SgBrnNEY1DWd/ervmdINC88K0x0MfzfJ4MasWJyWk0xLKO46yFhtKqVAYXVHXQdIfAQYifvrGtIeWjhOhFkX7b6CMCbmt/Vsh4B9RQQRUoZsYgeyob2V6frNyyt71x8cdsPLYRA+bbEGrrfSh4+LvEKkc/GAW4shHePNITRFMorI/x2XI/rcGkGkTJyMN3BCV6Jv62QVpzRaMSQ11DeH8eYg7ckLGPIVscniZrZLXtvMhKIjZ/2r8hpG1RH9cCI80P9gj+qCZHYZomq6MZ7p+p/ymIvYhYEAoo06XN8QpdDRiaaRwwwQAkmWHaQHKfaPi4D+6qqcwO0cXwnO/UEsHCEqPtJDLAQAAAAIAAFBLAwQKAAkAAAAdOMFIkUgqVRkAAAANAAAALQAcAGRhYTBhOTAzMmVlMzg5ODdlNDk2YzdhY2JjNWQwZmE4LmZpbGVuYW1lLnR4dFVUCQADKohOVyqITld1eAsAAQQhAAAABCEAAACpKVJF5+rlXRnZu8gKTgl2UJr0aEf5xKP0UEsHCJFIKlUZAAAADQAAAFBLAQIeAxQACQAIAB04wUhKj7SQywEAAAACAAAgABgAAAAAAAAAAACkgQAAAABkYWEwYTkwMzJlZTM4OTg3ZTQ5NmM3YWNiYzVkMGZhOFVUBQADKohOV3V4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAB04wUiRSCpVGQAAAA0AAAAtABgAAAAAAAEAAACkgTUCAABkYWEwYTkwMzJlZTM4OTg3ZTQ5NmM3YWNiYzVkMGZhOC5maWxlbmFtZS50eHRVVAUAAyqITld1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAxQIAAAAA' AND file:name = 'mbr-clean.bin' AND file:hashes.MD5 = 'daa0a9032ee38987e496c7acbc5d0fa8' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882a-7904-43ba-8171-416c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:58.000Z",
"modified": "2016-06-01T07:00:58.000Z",
"pattern": "[file:name = 'mbr-clean.bin' AND file:hashes.SHA1 = 'c73e5ad09f669b3f71a645f8eee41fb5ddb1b08f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882a-3c1c-4da8-9b1f-4b55950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:58.000Z",
"modified": "2016-06-01T07:00:58.000Z",
"pattern": "[file:name = 'mbr-clean.bin' AND file:hashes.SHA256 = '56b1851716d5947b3d25978c131d8ae46ad792dc481bb242b13d1c97f4741630']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882b-184c-49ea-86ac-4cea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:59.000Z",
"modified": "2016-06-01T07:00:59.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIACA4wUjWiwD7C3oDAPCwAwAgABwAMmM4NTQwNGZlN2QxODkxZmQ0MWZjZWU0YzkyYWQzMDVVVAkAAyuITlcriE5XdXgLAAEEIQAAAAQhAAAAynw5HJa09e2pLpOqlBix9RF8JJaBgpJGK/5+zvDDcI1cTB32UT40/7Tbih4EWH6j+bS3fu3OYG9qHH1cxGXmKLXM58bM6Pk0ttgByDMWNJmPRfLIJadcGlsL2s09scMM4mcGUga0xdSqxW2hwmPXYLBX+cavhSeK61cIRsyq50AiYvWX+RnmhfyEI2SudTyVGyZMPbNhgO/dONbvBXwSBBCaHBFPSaRkiaDDuzz2PIfYbf1eJ6QgbVTiddFMulFMwW1CWhNXO34Hvhlh/itFJwti1BMXsQvqJNRgB3H8t/vv+0+uD4IEos0fpr8EfsGxN58ENfthwsfEtCqMgK10j8xHoUXakIOzZind0VrWbF4LtNwMcM5kq3JyuQoriDDOsJV5QrVIIzvzhJfJZR3EgSNUrLIm9vcFx03vraRljcFuiIoypGaPWEJHysybx7joeqio8KUfGQuazmGZrnA4ZO4pueHb7CP9KWwoJwHQ/4NCox2IB+6y0E23dwG86Pbf+qg989SSWyQVFVbMGqTmdlatznB8IzRG7GrHli+deLoFsI3g1A4K4RZmZbdnhG8RluNXnKaL64Rz+66VES1TAlkMWu0CLfXiM2sG6ybap7XzzubtpWsltLHA/D9TLhidKFK+cm6PAnm4amX3eQvc74utSTG70BcbDx7jvCJMk19SMmozXZ9vjGWrkI69v0qZ+VACnhIHEADxNS/HO50v8dggDtjkYrVRji/LPZfBPvusjbdjQ08EeftdjH9OaO2RjShs3f0DZebMZQsQVzkq2RrDn0z7E/p8M4WRzbNRwd1iJJfggQ5bmpNnWq6s3WXrpM15PaGThNJvoM5bF2kxafTUs/twLI0sjAuZXBOVtLDTi1sv/GPOPWieRrnDXpceaZoIsPW2gF5Md0g71dkra+kE+4Na/D3+KKF5w/2sh+VtePgevNIqlrVJj/1E0hpsBZac40B9qOln2I4p837DOewDJPny4N1AdIYNa5fA2IX0hbqD8JGPekMm9LjDno4oOGDFYdcIX0bv0K27Pj3/iGIyau6Tj8KgHD7g/kczz85UnU57DxFcZ65a97MvMX9Wrr3X9cjxBtHyBt2S4ISGiKzdaLpkUHUeAmBuIsYaal8MJKGg/pulb3qiERsqg8iDLXAJA0i/S1KCE0AzeXiIAuGHcLNwS3R/se2hgnWJ9MqR0leBS0jSLduybRo/8RP+3qoe9X6Y6H4I4f0A/jSfHyrhZdxJzTr+9AbZGT2yY9IpOvSiStt2LMR3JYBtylKRhI7gNNUsGTLW2HnOReqJvuG5e6gIECBbqnFsOlZYphnF+xOF+QnGAMXGN2yYObnPaTjOqqofD0l2O5pOlr2wbPsY3rFNGpJP8JaRw1caeyCuXy9QhDBM10jujsAI5raYI3xD6vrWu2H0hQNJD6oK2l0GC90UyCxciBNjDNndlBfKtg/meOgOtWmgnNw90l/3OU/c13QQWRvlhj9bcnux4kdgIZjyy6kvk0kW8Vp8vGsUkvVbtAx3KnmErEuEPPIZygFIsZwLmVliCwbE8pNXVB1o+Xu6kxT3ll60fQCaXCgwug0+/OmM79N0ck7yRkbLQoYzByp0dongNoCOscE6YnBsWJJeRHkhyTl6bHC5dSVOQjasGStU4F/fZeGSh8e12HteFA5whSJISIuV8TdGQ2Vo8EN0utsXxGEfbekyLXZ4DR7ReI+mOeTh0H2PjR8TWd/WFUE1fHHM7ja/4y3t1vQZ7p+d7FNxF90Io8VfFc2GTnuXaq0ZdfEysBoATu8vCv3X4zb2L9anraH4Mk/bBiK+OJX7M3WtUNKepseBW/pVubyf+/CSwr0+9fESU6rYYkV+ZPkmNgqDOrSgHaeDTFc3Fc+03IFFiM7UOhSjhRL5dWyzH/OT0BiNi1dlliepmuzrYYwB030amTI6VqHkuua+gx0KMdQjWuplZHmeAAaeFXskXfkSq0NGIFbciJGs+XV8nuIPZb39sika/rm4JyEfUsQBjMQvqtoKz2QZ/XPu1FAmcIyG2YFt9uT/r+i/G6ubdnHmgbecfxS29vxMW0VoWKTwTx2LFIxktmFVLm9wkeEMMy3Jdif9ieb3xWXz+zooN5ToRkE6pvr9rUVbFZqXBzVpp/Em6l05mGT7Ki9xA3cxwfbE5kyWht31rbxrk3dGDxVeG4MSCjSCE2ZlpF7PFZTYF4gLxqrf1nCwNCNbmzyjD0n46JxPGXWONqUpUqLTtQiamjfxBCeuL5XrfKjX4OK2fmqqVHszUm1zaMzcd/WMz6ANZTO1MdE9f4oNudeR44mbyd4Og8LnnM5cUgv/iIHos1SFO7BVZKCVA2muWyHYQ3a3CAiWnd6fg9JHLdrdo0XeAYqhJ3rJoF7PhihC9W6vafH36GOu+VBJcLtN0Ug2sFe4v2rpxcUOKHZRZ5wv/rHBoDUtjuRhQm2mPknvsfgoXjcSvu6YtvotNAw6J4yphgr1DaiLUV+JFnTacaHk8gqRoEHeBs0sA3b5omnF4IMqYX8xPFe8H1D/ZM0cZDddhvLfyNBsPRh4A4TYnE327hGf93S7uZcg4inVr8xstxGUiQs6Vw0H70ACO2/Reh/tuZNF0rKus3fkk//m2in9yoweZCnSZYs0FG6baEJHXIv+bEN3OeUGLeYVvz9HAHNwPiSa8jRQJTnWhnOerryubEy90d+7dRavAKPdrIne7H+TCAJFpsE9dyS6A/4SRwfPX2FYIPRa0ItuGFGqNoiOOly++4DxRJFsd72bL9B+PagdDFTvd8Z88U9uYZMaYUGdLl0+FuTYkfGUUp1QRfPvI7D62l+caX7y3pJIUgd1SUTL5V7db4j5YpSqjjd++UfXGZtTSm9SJnWS+xk9X8RXap2MNyXd2CjyjJ0djYoAXVslhC9/acivQJOYzp610DaGpJTkQdq/8ie3bHhlBRplfimAE9r1k8Xixn2X/xjdQp3V1nDa4LUyhyAeHiRlrgIkHJkqTXb2tEt1z54yG6qnf5sDEmrD01Ly684im6bt4MdcBI2NNa+81pstehOP0M0gtFMUH66LfPB8DLy8Qupgb5lLtE7+HSc+Sv7W0qPIYRyypTblIrM5Qympt/hSD8lf2Ng7iYu9iy28Zoo2VjHocmbPwhYkDFZxJbXK3bL7kNE2A0nNklr+wzF4bFZc/An/g10/uIt15qMM6U38BtT2RrbDlGXEk1EkJNkKMFiL1OXdMnK5/Rxh3uzKMzxxT36rTluWeufADwh9etfwbDg1a97vFOLOoofHdoAtPez2BWki/7RJFnc98Deu6iac038Kf2gHsTce8BW3UWXDp3Yq8kH78545zsCl2MHpYv/obqW66epLmbXUvMj9wGnlruAYNeJItaK7lfomKupBiabApMHg1Rl0v+fdiFe0h+GtZphcFLd5tgG/ihJqho+A5xeKDagan8lOEV0QSN3koxTrtmgAngcXipCR0sO8ICn7C8d5KH8BK9/Eur2f336GkWRWPOAK7UiHXo518WLDxItmrtGwyFBy2vAFy7SMY7CatGU4eY1kIJMq9PinE/xADskOMtpCuvH9r3EK4IKJ3nBTNIayKvFpAzuZAi7GBaGSs6a7mR09zJksYNjU9kyKlLPUZnOnry1xBbwaMIfM43flF04q38wLkTC9rsRTECW7CCGiK88ArsgmBxUJpnr/3PiDFcVYpaLnuaDK3Z1j+P1v+dHuTga1eArPsMxR+w2hBFC3Tidlv2M1r9m3S8KGpin7iAMWNRnsi+e0+XJt5qzAxJ7t+zYRlFhzDVOOB3LXTQkIgpbaFEvQZgQREQQOR73iYdSvXEI4Q9RsUT/iV26KnXFEjow5K/GOzyYIcNhXSqlqRi+Hq3MZe6cFMxnvI4B76aHy1e5e83sFR+gANLk5aKiFWnKPAY
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882b-49ac-49ba-8543-45ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:00:59.000Z",
"modified": "2016-06-01T07:00:59.000Z",
"pattern": "[file:name = 'dropper64.bin' AND file:hashes.SHA1 = '4c3171b48d600e6337f1495142c43172d3b01770']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882c-ae14-449c-8e6d-4069950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:01:00.000Z",
"modified": "2016-06-01T07:01:00.000Z",
"pattern": "[file:name = 'dropper64.bin' AND file:hashes.SHA256 = 'a9a8dc4ae77b1282f0c8bdebd2643458fc1ceb3145db4e30120dd81676ff9b61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:01:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882c-68d0-423a-a9b7-4150950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:01:00.000Z",
"modified": "2016-06-01T07:01:00.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIACA4wUhTXUmAISMAAEhFAAAgABwAODA2MmNiY2NiMjg5NWZiOTIxNWIzNDIzY2RlZmEzOTZVVAkAAyyITlcsiE5XdXgLAAEEIQAAAAQhAAAAWX/zDf5X5KZ7VB12KpLfxHBPuKSVTc67BJFnMzAZJAFHyzlHP3iYn2XPG3V+tNSMqDgWD8b9ZnrUEK6EdYrN3iW/4n8p/w2jSEWXGBzL6eod0wx7RDF43hm67p0BDQvyaMnaRlDcS04AuSt92N6IAHl4tLwfvnYPmaww/OmMvY9lFH2Bzq0NSmEB3UbaWKjbIN2LXI4e1107CCSAvHymf04TkPmUoJVbDiNlDjOpVVqcKLelJ7+RFjvPT+PkNaDMr1n5YpQNPktlkRrFPqTSZ5czFvi0tfH+qQx8Uyuf/Wq/idPin8EBjZLLZK4sujfW9q3DZX/D/M1oJ4TlIRVb3lIwfiatoFIuW6B5yPEUPLH7EgL5NZsEHLWC3PixFj3B0vcEalYFRrWzZuLgzDZZzBryVdyLDvXhoj/DmuwwoehKEWdh2rR2t+sfjwqkjVPL487bYNSvntAy+wLTEUgt57EwAZqs5+m8242QBzaQhw/vY4SijWSc8JWLtThkK/UsZLFyHFQhWAju33uvYrCBWimNQ1KxoDOsKDVDF771Eh8KmaN0W5f3snyhVEBngzmoMvmWyxgTE2/XKwAdfiqIXPqWmLVcO8FWPDWWR8kPOXzG2PmsP+ki739AXu7lXHMOWXMpe9W2rgLyvS+BVk92IaMT/pMoS78POVxfEEt4Mb+Inl+/mipWWgyvXh6t3br/g3mIOBcr9LD+Ax20ISHDl/KpjtDM4rYq0fMmRQT+Vru78RV8Die/QNTdWX54klFvkPOzbBST9z7E1qgQOT1QEy2D5Hj6Srbspe1w6kMaoNk0/DIKACZIyxFUOWctNQOolAKPT2/xzzrqFIIJrqx7HNiR5/CnwHkrxNb0iKHnT46eA2Upe44PNuD6U/5Xt5lWIklJG0bFQq8M5lnjFQcGDSvdMqtPVqrLJNgjBB73lGcvU0oX+O9kILXDGmK4/XC1VJa4Bc+zBklbq7M313J457x6r8qupoFXeMjclLREhH/bvFh0teyENaQXdRH5pp7Bt8/0G9j+SMYugv5Ik4LK61JueVzIr87XT0M203DOIk9vpXLnogee9wqk5e9EY3aHyzwo9cFpvmSZJirN9MT9MOagPWK4kbgWofv4Rr5B5hcVoaSneZA9mjDkKrSOZR4giOjyLLZQNJvJ4g4xV1j3NAg9mhzZpDHrvc0WB30ttQABfjMoyVzptHImQjNvk9Jf7JejOi/HrSrBMq45qURaCvhqkXIbJdIYSVgzLR/dk6tRl9Hq5+lJIkerr1Bexu+wkP4fYJfSQraGuPMFzhpXPqkx9TyMsOf+3TGfBU5jQrIMjGpvmaHJgzfeiRRfSnjsCZlJwNBMYYIdMXuyzMyvnvYE94PLpE2w/LHlhvh4uBkwSqlMEBPQVsJNRMprP5dqdMsClRzjxd7L65srM+ugUMJyGTcqiQ24IGe6AwogjzVIaNtJYWQvf8lDHwqQOBjAyBRtC1HgZyz0eodQZx0P5OnidVmxJdRJIKU5m0fep14ermBI+vAhKpOwcqUfvnz/6RqVMNfdeLg03X8BXaiGApOz7Ehr/REQsy+w5MFuhPxacfMHOAyT6+XVpO20+E52AyXUOQHEFbeZOOrs/3onZpIsBF3DCKAPok/setpVMGTtz2npxmF+tXNMO/Dy7Pfx2zUTXdeP6iDITPMcE68UQxYaOvfWSb8gix/jBh/HDp33a74rk9xA52JVmnzN3z+tmUMH3wq6Rk8msoJbt0xXsXGye7qh5rlHbfiqvQSW/qNFPM1B13FKqaZQaRYC3byg39QEewd9z4D2x5Y12PafzwvLkkufwdzPRIXI9enDGjLWeJzv+CNHScFhb6W7yF6ADJwkeJq74VV82oGtXkqdFep6bTlxXTDosXICeAVkwuzRJhbxByJapcNZwdvqAVULI8DG2jwMsyaMurYZYZkn7J8iXQGhxSActh5pyZH6LihEW57kJif985VHOw8Q3S2JGoHoAiY0gmuenxUIZ4iWefOCNHeCn3iquKxfEYETHkRMdKg51ZM510r+yt0jLugvvUsFS+xY4LOhJ2reUrfenqvYE4WMuoK2ouslNGXj+q0AVIKhOr2UFyGttwglgT/znR5u/dKr+CQJvea/cwODLj2VjyDydAwXiw2UT08Fsiy46hgZBwySua9c07qifSKIeM/NSdfka59rkKGkaSMIypgrE0LmrThccpNDps4A3CaFNbdr/fu2HVxgg3APDsUAHQMhFqojfsXwtU34YY/N5r7OrhxAvWvKoPKWiFKPRUzxdgszXSwu13nCFpAPmLepK7W8D+ZQj7VhcqepkIxJCDNIfjmDI638HGiEGoBYDx9nYslnl3HI3zA4IJ77It+5IDqN7VDkcvdJlHfLgkgCXm+7M8t4QA97RzbIhe1atJehYdQOFh8VPUS/Dq89tzjO1jPK+niauhLqyM7dpSavdth3bi54/qozZaiR+iOtoKpHtdLHpNA3SFsjTsxQ6F7Ln2LWHYqyKoWaD1Itrem4VlmcPf7CffHsMVJ62spA/crq7T6zhtCPy+v3YnEaZSxC7ju68QkgUmiCjgQxNVawlt6wXq88IHdOZPC9wZAlXUvt08Yk4U0M9qljHTBeAcKeg8U9NeYqOFMKi/VhxgGYOXl3AdYk9isMgotDlrZTG8gvLka7td2DFPKABGtpd0Cit2rW1YRyP3L+UxYq7WyhRO/HO79E4lD2EeFNK1zdz6q8c+/93Pa1aAuLns95eYxs4eKLsMyVV1jmEyvU7avc1v1KBqCSXPgeI+lLXfzJJsdHXhk8CVrgdKnynsnQ47LVYPjzL1yILmCqAGi8AACY+CdPyF6Y/PL+0jpRiStshjNA2Q8qO3EBcwOiR/LuqPc9PSxRrhbScVYxCIapbfMKszq+rDdZRMrXyFo1SMQC/wwB8fqUfcrF3XRsClt4yAFyIhLOmmCJxrYpxyvas/UnH7sVk5iJFNo/bgqWBDVNxdVuQ63bFJRnWUg8nK33BakW7aR9nvAPN35EPkN7nQ6RpZpTd/kPVRF6++I+pE+7RISd0B+HQq+OEr97C/NSsFGDtMAtYztVbqakgLh6uDNiKci+r70mEGCQ71IqHBN8C0z+DDw5rNTaeVeK/xAJFEf5SLXJNi0tZTiJaGxGqXxxq/q5exJx+jfNXlgPvBMUhjIEOsuYVP1Jl11r7IxJ/2x0K76d9FluBFw8HryxP/rfmYigWrYshv2726ZsdHP9MIw1jTFywQaUZYV2ZCFSQuQr/aRY2AD/1RiQb978doAlGHl9gvPGLb3wF1/PVxHKtcvXBoVNeHiMZYaeX7TEx1mA5PnLxKplp5sszmpUTu1avfAUzJzWQ5NnviBuUm8U4OL9YarJNB723n140wiG97y0a5Ox5K/aj3vRgNTU6vlFeT6l+6jXrICEe7l31wgleRpUyp9IDElobJm895C+rM0IY0UPQ572mWGleNK6V2cTvp8QddffXhB/k10BEljvmMG6/XDlXn7XXCC0WDdp7oaSShrrSrmJhnRYceNo49Yni1ce4CDTef3pSZnDt3ESjCKL8Pl8lzCah+iThWjjqZQeXdzsB0oAuuoHMZy3oYKYMsiKt0M86v5MNg+ixo1t09JOzi9Bhd0T/3pVnTzdSMP/9nl2+WO77JpdiD+GEo6Tsv3dlAU5TAitMcE5Nbk7bygv2cLEGObrwu1FwujdOAncBa3g25POy7pbPWEb7uzo9mMiOhkk5EuAUh9ytEqxPO6QpMNPeDe4R9hNSEi2Bprjq2Gx2+qMDU3f8XlDFEcEKxd49EZ9o2RxrsGBRHb/dMm6WtNaEEXUBpGYRjRnMQgRny4Q/zQR/3ZW3zKvE5t+XaB+4jULU9Biua4QgN5hfKNNJp5KkIdDrdIuSCqHukR87oI1+BBKxIHGmX
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:01:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882c-404c-42bc-b3b4-4258950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:01:00.000Z",
"modified": "2016-06-01T07:01:00.000Z",
"pattern": "[file:name = 'driver64.sys.bin' AND file:hashes.SHA1 = '268dd909933c187d2798b5815674d70b930b498e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:01:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882d-4388-4b99-bd77-4e07950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:01:01.000Z",
"modified": "2016-06-01T07:01:01.000Z",
"pattern": "[file:name = 'driver64.sys.bin' AND file:hashes.SHA256 = '4d887bd577541437f0572a7dddbcb3dd94ad259a52f9f57807011939854a207c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:01:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882d-a9d8-45f4-985c-42a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:01:01.000Z",
"modified": "2016-06-01T07:01:01.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIACE4wUjqdUGJFA4AAAAoAAAgABwANGRjMmZjNmFkN2Q5ZWQ5ZmNmMTNkOTE0NjYwNzY0Y2RVVAkAAy2ITlctiE5XdXgLAAEEIQAAAAQhAAAAsiTviFDIkJt0TH2YaL3izgEgAHRnz0s2KXmOKP+Txsz6KuCEX0jg/LjJZ8N7wduR6suMbrptCCO2Kr87q9Nx5Xh7fEnOW+VjOcndz9Wc4XSDgKfZ1EQcDpAC3YFWtOeLixxMVMvJoG1oJp3fDg/hbuQe847WIGtBK2PLat9DQwHock1sfs+Kg056MXQ2NTOlIjOD0iZeWvje/44hUiLe4tdf2aNj4Wv+5uiwSKtOcoEbChWmCpb5x1yCK2Ec5sYGzbyhYXMQYnBI/l/qGSP1oyyJTTCbmsrZ5eimo6O/LXv2wg+Um1eI3yKA3osiDkVuJb4VhEznOy1KHMOGMlzCzs+7WXwFoLe2iVme8x2Kjn+ps6j6bEIPPZVSApwZb3LSSAhhn2Py7+sIypUfa4i9WdiosOuWnTVmblH2blfwLdtzvlVUmvM5ErtMVNIGG6ulOLYDbUQm746lHt3Rcr+mMii0XEpIlRckZJM869VQ7IwNWNOlhd2IoVtdpC3GAQDAjajBWPZFVFb/IdcZ4hXp+vopWtdvz0jBg6RdxU57V4StbpQ5hFCVldkIMBgp6oQDJ0FgNNiXfT1JoIREsWLQQOf5sVho3wn7yktBlfe6bQvBy6G9eNiopxsIWvn74W3BH5J1Ks5SSC/xAgDEhUAutL+a7zCqVSgckcd1wh6CriA9rwYER5fafBu+kpovFl8wr9YYNWg8H/VB8CPofXJZOj3j0c1d1ec2bI4GT40fXMywZKmEtW5AAck44wA6qAm6AV4lhJ/CzpXlIcFrefSmSNs0Fd/+BwIugRldqoHaQvfEUtCCBBjjtBeg4HaoSe2fspmS/du4JAOYpturVQTSccYnCoZhsRcUG3/hVbkIVIpUU3ehBcZy+YF4S1WpbYnJTBy6GuRt0bhnBAXz5iSKNa+llYEK1lpXeTu37TJWUm3ihAZpD0DvUBwGFoYVCbBaSxjlC5mHRrY+5qLf7redUAnI+td+HYa3jSKbwWeh1Q5PxcoA/iuIUoUAQCKEhF3tOPOQzAoV2GRxyV7sYZTFDFbx4xmHfWeG5D4AI20V+Zl3xqX6Qy5gzfD7vkj+nNpzkbamMPxCL5HvU93Bee8I99pe8mJzJfhAtgLwArql70AvG6cpROU1X6ZipH9IWKeEpA9pON6NlgaiqTvWOMzX+8NECWo3vf8d7W1QqA4YhiBbJE0SWcYOViW5bwCICcN5vsrWdm0PlmoceK9+p3FH87jog/ItFx7g49mCDDnuf/eAmIoy7L9yLqoR4pjXZYk/xTwQv718PrCIE252YAIS87EsqvBzI0B0XtlLYnMzLUBa8/z+KVT49DIjayel7+qi07ijN9HRTLltbwxq1M1wmk0Dic3q5xGt2MAvqPeEMCQBUSR/ipQKKa57/vL8qalPQBf+6CzSWTlHbEcJmaxm0Ya+nrV876tLrsNZZYuvUTYpo7JtQD7oQp8eSSSH3zogpBx5NhR00CX7V8je1GBTcX8PScWCvUQy5WJRgLwaO2hBoIGCLz5250Wk8x8Ooczoy1U9JdNWODw/vJkAoAywMoL3yGGgxvppyNEEZKzSqJaqOyRkQ5BrL/FeePCK0IogTS6DDzwzq2zR4yIMRruLu1UkYdw+7NjxBbNWNXRreQhkuVM9GmJQMWR+PCQGgimbaqtwSo1uxpKEMCEob2KKUILtWcDX3UIr/JP+JajKawA/6L6sLOqGlUIZqKC0wmaV1Zrxx62jzSv3PiGoDS78cpJwAlBBGGJmPLYe/WeolcwsoytJzubSaUc3A5RY9XsXwHklNFKI4v4f8KclbNWwkrC7W6q8CgSUSRl2YKe+nqcwdnJ0w1DlXgqGjnnqFCFz+CcdYiR7txVBQ3xgT6ZD73/jkF032CYHbX4ni/cP0Q+mY43qaEOBL1iX+JMsawrp8ekssrzmGci45+/2AOuAvjVKLAcQkzY6k7tpfri0LE4+niXeztdRaUc+BPkjapGulihjdaSFeROajVPNWsFEAGzR9+VM9a2oiagOhl7LDOV9rjruMTeevNYIr8atuMO7VhdN9Opwlsx401YIzQIB1SD0ObdggciFbMQ1nSfN1O0UiuzhXm3WQ8auLSXzI2eO3qQimDx0seyP9lwBw5bIceWaxhohKciPEA9yCrLZjfRk6CQSAR54eL+zsTiGV+EUTOy3ufg//thzLvlcrEvqp+GLFHjYZNUlhV0e6uYMNCnpdOeovwpbywNkH5Dw28qBfX8/T+fKug+I9BgO/RStV9zOMIcTqRoRwAkMmD65b3bmucW6yp5rXJGiMOvmSwbOjIlWkJ7Iiqm9L2xJhOCK+3DYYwUVSUm4hb0N8M0y/pE7BNyeqlcjmfT8n0zzIm+dufjk1mu/MuKOKqs/Grs84soqj6eLMPHks8jUkDci5of/M1o08cKsSUKKo3ZXiaaaxAzGP5IkiNWo4WkgVwHakPDVwA9g8xq1st2pwnLwVatWO8AMX5y0o4QippTjlg+eNH4h3BDeU2/bGEg44fVtzoZCu5NdYpogZvCCRJeEgHiuCiiWMaU8XC2zbKYLCOJ4xEBqwKvsPtUUE25phr4Zu37yiJGV28udzTnRLTT8xHjSIhbJK1gdqQn+uPsLKJ0Rg218TMt88cd6JIP+il4pZmHxOWdzKBT44nTR2nZ9Ahg0plBEzjjJsc7f8ODM4LYGJdCcAQw+8XIymqN81H3Cghs1H7XToPTNch9aG7dzE4YOjSLOczyis81GuM/G9LrvzCu8tx5gBWHj94wOibWbF3IEJHcyW6rbyYaLZ2dvcnPnt50RzzMDQeeAZnzNdLatVDfAivT76FBcLETKaDkJ84JYkkV/cTtiOlGC3Q2SAongD9PBshU1kjcuoh59Z4LPahZ61x3RVoINQ1ha+WK/uhiinJVspqkARsyODlbUiGH3RSo35Pk510sIvGIA17N2gvHI2BjxxrRliZO4d5m4IWebke4tEppXUEOBBcvUXob8nJQr0cQZ2O3RGyUqOduCWaIWnybd0NTwc4n9/k4XdrotuNZAOWKtFsQGJNWNQPwgInbcfUsjHoL8XLb2B53or593Cn55wlnSGpybvizka5ldfSwZOBiobVXYASHxzR8XO6C7kIIe2Bb7Sodw5K4HkHsenh0Xoz8p983252gNkHdQ0mJiSmC9z0OpjLwePuIKy3S+6HyPhCftlhdROfLCNKObruZep9nNJJKmdfGD7Z0G7q1h7wTZtAgUC253Uz7vi6g7AU06Q3lyPvlUDnSApllUVC+4dkO+1v2NdULgjyUoyal16FGIiOnVrFHKdwRK1PC7IGRAtJmGC5eZqHgDbB4lk5MdpqDwdcnPC9XD/nf5VzZtv5XkumiuGhHwEhnKoKDDleSfMSUC7cAZ+vYsymbsZGnk5LYFJJmmqUeY85xoH0EeQpUurUUX9yCefCoGpVOau0yxt0Z/MzjEQB1NROmMgQB6+Wuk6yJj68PF4kgp0ywEDH8COakjdcyCupTxAZQATwXemnLiq+8NxBdNFOIcoxsxjUyP/6HiULZAWACXWjEl7ZuN/K/32SdX9DyMwJCPxs+FnAhcqQ5VFkKuj7d3VHtwQ/PsJjqaypsDA75/z3HrClWNE3nCVG3B69ZYaKaj0ZqjKyYqzow0K377D3emy8kz3bwGCfPTvux8Cq5IN5B3tm6vrGeHHxd36wlwzqFYla/stzXoivy+RtS/7PWDM68g2A7E4CowPPOuySjZ+qnM0KL2Rm2V6YTbv8/vlEKXjvYEuybBcicXyzNPCTlAKlhYmauAvDWQ0R/jshJsSbX7Oi8JvoT2idXn8X4drYNY2pTU01jbVBEfG18jzZJh+gBoqEuh3AWLWXSuQjT3W1wnzhfVKCQCBQ66kwXRM1ze/5VhNXZftPKYGHzzzB4BMNi4YO+nYn
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:01:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882e-7ef0-4495-b8bd-4b9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:01:02.000Z",
"modified": "2016-06-01T07:01:02.000Z",
"pattern": "[file:name = 'driver32.sys.bin' AND file:hashes.SHA1 = '7ff22bd8667ce23e7db8c759bd03c15fb7226c76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:01:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882e-0058-4f84-bacc-47c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:01:02.000Z",
"modified": "2016-06-01T07:01:02.000Z",
"pattern": "[file:name = 'driver32.sys.bin' AND file:hashes.SHA256 = '0531bdbe53e67095aa729809a6608be8cd04b7fc5b2cc3f6a610084cca062ff4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:01:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882e-8cc4-4c80-ae29-4ec0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:01:02.000Z",
"modified": "2016-06-01T07:01:02.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIACE4wUi92h/0WJ0AACJ8AgAgABwAMjg3ZmFjNmY0ZGFjNTcyNTNhYzAwNjFiZTE1MDhmOWRVVAkAAy6ITlcuiE5XdXgLAAEEIQAAAAQhAAAAC0GD66CU1WfqfeNB5CAnDak7wUAoNVfpogK5pztuGhKL6tRKgBe2czqwHYSUB3yamtwXwdz4KmYDYq401EOkND3KoTIGwZwMFYnnv2CEXJYVfVUGyq48F/kGJoNtZ9HDQJVDhC1GWCpsrwmpqovlOA79Fh681yCLdpcpZroQNZGMXDv2V9SJMkESlFcVzDYSXs1IdbuVnD4cAPhGY/gSIkXINowXAxzW/qyUDg27IOKQawSs9qf/Iy9ig7qBm/4W+QM7LstYlcZYXtG2dJFrJXirJ6TRV/EYe85ORFGxPYZf+49NXcWxUU1xW9XYB3OEsl/Fha8yQc7k1HuvZwO/79V5GjNLaOFRBUO26yw4xAMQ66I97nkd6YKtld7/Sag4YN82K2VsoJDiHqYAH1tCYhETqgeUGnGTo6udgjqnEDzzQJ+MLF8lk4KVOdRUgt6N2pqIiDDXNIzQfeES/GHK8RUbLdqKLw3KDoy5j1qkaqSRL+MIDysPuf4OHFRbE0QRbbkjQmS4WKffLGI0KZjuNnrPebl6OtANtdJy+q1es4EWW9Fhxvjuhy4wyn0bwt2OSUo3tobnRkL5QhJDWsZg0Hcon8BbNyT4OU6sliAN9VZdzCtwMM0+SQV6b4NiV4V6owRw3s/sN8ksCAvKJsK0btz3WQ6P3HZaEV+ezEwpnbnbPTcVo2vczaUwHuoSBVW08JtGIh41gXQ/jrVgXUql6LaVefWppnTi9THaHEp7itWz8eGBJSZnL5WcmMtEQBBihtVTLXh08dkQcDAmg1IWyRWZQ/ymneA6FtfNoJ/V0g4DaLrPAPYS2FKLeW4mrL9f6FN7FuVp7patHbbYSqwxUw6n8iFwOMJG8zQ0m7UyJz0KEGBFT7y+c2jc4SeGLwMVP9BdvTyp2UKyoT4rPioUFcWo6fPqLbhngGHyPcpMN6qkc6fmWSQQAb/uAwSOnxF6bNL12GmSgcfq9pdKBvdeNMSOK3vZhC9WMt+JWhHMXc94wqzoIwDBuyGIBY7bOViBChFLgGTMzXhhhFz6ISMzi0vtqCOLX2YhDwtgMQk1WkZcGZc859yKWY0RjmF7N0o9j4Oh84y+5WBYHU7wBhZwvKj6zu49wJFG5fI+SQoMJEfeH2v14ZCYguVaoAzhLCIeiAoCepBP/DL79I1CFfwNG6h63Az5EWEQpwTyndc9WOlo1zbPEiIhftxOv+CHw/wniGnmUtDr9dw1v2/qBCStU4b7/toYwMK1j28sXJEVAdT3QD1RbgStfEzv703TU/Hlj8XEFmMR5UH4ogEMv2SQfvTqnxSGKsSdqd0ZGcLSPf6jhubcLO5zN/iyl07JjA0DXVg9ods/+D/0ZdvgJMU/QrqkwMhLuPuAfuCo6ngXnYMjmM9sIS7XcZAjAi0JP6vT0MAlc5XkRmKwi144zTUFa3h6+em2NR3mbM81VeI9qCObh33Id2Zrmg2Cpi+bxYOk4jYWuP2W/z/qQFGSZpW8J1GJC0LOa1XFHMcYFlZr90NJf4Oy60NUGCqDS5Ilwk447CemRRl33mKR7J2kV9Hzx46XPZUHdIvC4Q8jiZwJiz43OoSWIprsHNLl/Uy5T+wfAKVzF1JA4AUv0vwLYCbiy2cjNGK9yCfJ1ANf3o7RBc2TixxHWDk7yvJo0hfHASt/7qsZRNkdmbAdQUnLMSQNA3HhIFbC5E6jkJQlrq2zfBnKbJOl1Qw95oajOqzfl9CtRiw7pgoG4juZaVr4mS+qeJtt+fwroQf79ytn9GW+FxUYd9VG/ecU04YIt74k6U5Kuaj2U14vsDpK4KReLSXT+so6XJXRdu9U1q2ao/hf5RKb7NbvKzY56jyEP+tVz3av+jhRFDnTpPvxwMI/TyOBRPX6Vj7MNiIWrQwS0qWygGL8uR1RDFApRL7DoZh+hvxME+2TrRPpDObWRNxWQMT6QjaRuJVI+99RR6tpxzt8XrT8f5yk3IstEzqjeYxGYTg+eh+1aC55cCP7I3/qByPRLnLW8m/358PXWjNO7RcrCPUU0XlJ83ZcC9wyiFVk7X4fuhUnbWuu3g8pXkFOQ1yzFU+xM1mt5YPi32bLdXxjoCfwAUEMOhnwizMorHHCKmmLYALAOumMh3vip2WvFF/JU1+pSCtErDHK7Rq2vq0C7W6oDI0QwBCtntfpbyy53zUsWQXLodoQKL3GAQ3tDik5uG2Eb9vzDxsDJjFrEVvch5QGpFYwA9u9OZs5/NcBXomjHoTdz6DO0USPCVbxb+YKXA0+dWfs48MnFTrALbJ04MzvsDEUbo8sGpIwroKa3YfA7mmK5mzytEcmltb8ImFKegKXj++dwAQOvNmTihZ5WQEX9okstGWvbDH56qDnMncKjGXTqaRXZwZl1i3+CKALz2aw6U2O7bfbn5lF6JWwAD9Ap3Mbe+cltGjTb+FmPZpK9wmmKC74NjTiGim33/n4XoHmQTgC72PCo2LFIuSgqymb6hl+y+IR26/f6wjbd0A4dih//608IJamzqvamVu2gd2vl8nxjKnWF8qiivs9xiEwJhfMCyMa0Wum7H8UXSNFfsQOgKrnNrXWw/yPyNI3Pg5AmLXPNokg0QZFzJWkruVWjLU1C2reFxN0WDlG5TL3fh6LbTjh6woD1XHCl03ziEGiw56G/+VDX5mQPVNTIFEak3X1gIEYt9Qtr2g52Jm6qwt2xRXDRV/ilVwfVkgNXKFIo+y4wAd6bHOzm2BNmGDzhOPwHIgcmq0p5c8FXGoNxAmVPM5pDgku3W7NSu2AejzKfmWCjMxNo5YCL+kW4CbLoSpuPktf3yBvD3JHJ/B9EfNjA71erP8mfET3UPoS+OFyAtLaxDcLFA/TupJ4V3uYcOboLtgRKKZsPjd9thIhwC8HoMrek+x0HN+VujYJnJAUFHc2ShBsFgeksg0sBNhmUweBP8R2OQ9bIJb1G2F4EcjQDq13n49SMrMQwIHM3NdSTJasXDdDgpootCyFL/uIcutyxFNg4QlEVrxswDY8QGepBbyT2mHW6ZJhvEFmr6XLdu6s4R4EIGTtfFSLNH5ZDWFtY8oTn6Kz5n48bMyNE01AWuaL0v3RwOI60YEknYq5jwvGIHj5ttJLn6wvw/VNVWUPRGENkKDWQ+lDUX0O6mQ7FHLTgzrNO7zmFOW8dKpT5tF63wojqrxI8NdVf6GtGXrliyfCsiZaoHPvKq8ud8dGc8HjvRRqjrVXyBP2jZuu64YdCnhcwBkcXumRYmiTs8SSOnuEwNC6aKzqhKrZRvP4ggEj7K/KF5OPuZUF8U65bG6qwPfpgQLskjMxk/1slTd7sIyk3pg4x0F3SyUoWRtKaG3rBxSCKH3IeUJbAklapWhWLF3lgff1ojXPiZaoy51Fh3S9wPetO28TT9zvU5G6QAys09Ceyv6ZIXK+90MNVrkAPvyq39cZiqjQ3VYSdA/x3xT/pi9Du9p6ku14j6wClHUtHcuuIixC3bxEmVLhgfZaTpzvl1kRDtjJ3EpinTQvIBCDkJiyTMlqjiWfiYEyzzflXtgJUYUMAhIxdXLo4V/hba7KlpiZkVTqb6qn0L0e5XAJRRdGu7e7PDB3BoSkR+jF3Yf+tx5RVexSSAf8ggW928iPU2vbHHlJVeA9XJDbOuDWF3/zc48/kKK0nRQoFmpkWUFb3/dXnOgtaYYSGp/kuL1Qkt7KoWNd+nK3UAV4yHWi9ympkOYfjKIW/iKQGtOZMUrKaArvjU6PUraVaW84Mq2d0Fbye3rRTIdTLoL6F0xmT4YaHbx5s9EIfmUtgXwENzTblLhd+L0J0bn8n5s373luYUfwGpSG+zipzKhxQW6a5sALqHQD9PJUUHB4RqOax5d/uzg8sL3uAZuJ7/ewmU88SG9fqtMaL5f4me+OUKx03C0I/5olKUM5wXft1Ctu24NGhg
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:01:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882f-1bf8-4870-95c5-43c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:01:03.000Z",
"modified": "2016-06-01T07:01:03.000Z",
"pattern": "[file:name = 'C_932.NLS.bin' AND file:hashes.SHA1 = '88912b5227145d3a715ae6eeebd5935c89955721']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:01:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574e882f-8240-4468-83b1-4364950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T07:01:03.000Z",
"modified": "2016-06-01T07:01:03.000Z",
"pattern": "[file:name = 'C_932.NLS.bin' AND file:hashes.SHA256 = '19aa4a66aa890945da8db83c34663f56b61d2ecb5eec5f7d8e8f13530f610505']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T07:01:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}