2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5af14f0e-3778-4a34-8cab-8659950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:57.000Z" ,
"modified" : "2018-05-08T12:28:57.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5af14f0e-3778-4a34-8cab-8659950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:57.000Z" ,
"modified" : "2018-05-08T12:28:57.000Z" ,
"name" : "OSINT - \u00e2\u20ac\u0153Cyber Conflict\u00e2\u20ac\u009d Decoy Document Used In Real Cyber Conflict" ,
"published" : "2018-05-08T12:29:19Z" ,
"object_refs" : [
"observed-data--5af14f39-0310-4038-8195-89ee950d210f" ,
"url--5af14f39-0310-4038-8195-89ee950d210f" ,
"x-misp-attribute--5af16d3e-86f0-4bf2-b3a5-4e4b950d210f" ,
"observed-data--5af17136-817c-464f-9279-4311950d210f" ,
"file--5af17136-817c-464f-9279-4311950d210f" ,
"artifact--5af17136-817c-464f-9279-4311950d210f" ,
"observed-data--5af17145-c94c-4497-951b-411b950d210f" ,
"file--5af17145-c94c-4497-951b-411b950d210f" ,
"artifact--5af17145-c94c-4497-951b-411b950d210f" ,
"observed-data--5af1715d-0250-4124-81df-bc75950d210f" ,
"file--5af1715d-0250-4124-81df-bc75950d210f" ,
"artifact--5af1715d-0250-4124-81df-bc75950d210f" ,
"observed-data--5af173ac-a6d4-4f96-b4ac-5a17950d210f" ,
"windows-registry-key--5af173ac-a6d4-4f96-b4ac-5a17950d210f" ,
"observed-data--5af1754a-aa0c-46de-a87a-45e5950d210f" ,
"mutex--5af1754a-aa0c-46de-a87a-45e5950d210f" ,
"indicator--5af1764b-e398-4941-83b0-423d950d210f" ,
"indicator--5af17259-2c04-4ffc-9fb7-4848950d210f" ,
"indicator--5af17269-f3bc-4264-bd4c-4391950d210f" ,
"indicator--5af174a8-3934-4a04-994d-89b8950d210f" ,
"indicator--5af18d58-4168-49b7-9f76-d121950d210f" ,
"indicator--5af18d6e-218c-465e-a8b5-48ca950d210f" ,
"indicator--5af18d82-ca68-45eb-bde2-4956950d210f" ,
"indicator--5af18ecd-932c-4679-ad81-42b2950d210f" ,
"indicator--5af18eea-b254-48be-9965-420a950d210f" ,
"indicator--d01a1f56-520d-43dd-a8dc-128ea3686b56" ,
"x-misp-object--f06f0463-2e37-478d-b082-8d44e89bd6d1" ,
"indicator--85500cfa-8d6b-49f8-9900-99dc0172e3ee" ,
"x-misp-object--1d43848d-7842-4357-8161-4f692dbe6364" ,
"indicator--e3c98d38-6cce-4fe3-832d-33d3aadb0e88" ,
"x-misp-object--5f6c2742-b8c2-4538-80fa-402df8bc6f3d" ,
"indicator--70c53962-cc6d-42fd-90bb-7b89ea1841e0" ,
"x-misp-object--8f43be07-b484-4985-a388-2150078f89b2" ,
"indicator--2d06f66e-76ae-473b-9561-bd22199dbd80" ,
"x-misp-object--09e5ec0c-0ae8-4654-ad36-b23fdd405bb2" ,
"indicator--33f0f2a8-76b4-4f1a-96e9-8c207dd86bf9" ,
"x-misp-object--0ba9aa23-ed52-4caf-b6ae-9415d8006bee" ,
"x-misp-object--afb022c9-8751-4226-8cb9-110026ddc73c" ,
"x-misp-object--5a6ce1ca-0ce4-4112-acf0-f759f554e4d3" ,
"x-misp-object--9e68a641-1e38-4f66-9db2-7d29d978a9dd" ,
"x-misp-object--86e9947c-958f-4a76-9314-9eafcbcb9de5" ,
"x-misp-object--483c8559-c3c8-4a7a-a2d1-d7a7a13cfc20" ,
"x-misp-object--0f9c57e5-2917-4305-b828-df759cfe478b" ,
2023-06-24 09:36:52 +00:00
"relationship--2a53a555-bd4e-43a8-83fc-d96ef095899a" ,
"relationship--f1fa327b-012d-47bd-997a-91310b712761" ,
"relationship--392ee048-b017-47f0-a8d6-31bdbc5c03fc" ,
"relationship--48372305-fd9a-495b-b19d-6b5e68d2b0fd" ,
"relationship--acd59767-e0ea-46b6-9322-640ceac7501b" ,
"relationship--49f9f7c6-f441-45ae-b3e6-36eb3301961c" ,
"relationship--4dce83eb-888f-459f-940c-1925a6c8d197" ,
"relationship--c457915e-01d9-4e44-8e15-312a5d154307" ,
"relationship--f9efa3ee-709a-42e6-8298-29705fb43fbe" ,
"relationship--58ebbab3-1448-494f-8c77-30590262cf19" ,
"relationship--805252f2-cf7c-4b9a-b404-bd4b545424c8" ,
"relationship--c9e31d14-41a9-457c-a6df-a2aa17c470fc" ,
"relationship--6d1e3c8c-2910-4310-8e09-ab9719a56218"
2023-06-14 17:31:25 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\"" ,
"misp-galaxy:microsoft-activity-group=\"STRONTIUM\"" ,
"misp-galaxy:threat-actor=\"Sofacy\"" ,
"misp-galaxy:tool=\"GAMEFISH\"" ,
"misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT\"" ,
"misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"" ,
"misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"" ,
"osint:source-type=\"blog-post\"" ,
"workflow:todo=\"add-tagging\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5af14f39-0310-4038-8195-89ee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:36.000Z" ,
"modified" : "2018-05-08T12:28:36.000Z" ,
"first_observed" : "2018-05-08T12:28:36Z" ,
"last_observed" : "2018-05-08T12:28:36Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5af14f39-0310-4038-8195-89ee950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5af14f39-0310-4038-8195-89ee950d210f" ,
"value" : "https://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5af16d3e-86f0-4bf2-b3a5-4e4b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:39.000Z" ,
"modified" : "2018-05-08T12:28:39.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear\u00e2\u20ac\u00a6). Ironically the decoy document is a deceptive flyer relating to the Cyber Conflict U.S. conference. CyCon US is a collaborative effort between the Army Cyber Institute at the United States Military Academy and the NATO Cooperative Cyber Military Academy and the NATO Cooperative Cyber Defence Centre of Excellence. Due to the nature of this document, we assume that this campaign targets people with an interest in cyber security. Unlike previous campaigns from this actor, the flyer does not contain an Office exploit or a 0-day, it simply contains a malicious Visual Basic for Applications (VBA) macro."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5af17136-817c-464f-9279-4311950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:39.000Z" ,
"modified" : "2018-05-08T12:28:39.000Z" ,
"first_observed" : "2018-05-08T12:28:39Z" ,
"last_observed" : "2018-05-08T12:28:39Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5af17136-817c-464f-9279-4311950d210f" ,
"artifact--5af17136-817c-464f-9279-4311950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5af17136-817c-464f-9279-4311950d210f" ,
"name" : "screen1.png" ,
"content_ref" : "artifact--5af17136-817c-464f-9279-4311950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5af17136-817c-464f-9279-4311950d210f" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B A I A A A K + C A I A A A C 3 m i v W A A A A A 3 N C S V Q I C A j b 4 U / g A A A A X 3 p U W H R S Y X c g c H J v Z m l s Z S B 0 e X B l I E F Q U D E A A A i Z 40 p P z U s t y k x W K C j K T 8 v M S e V S A A N j E y 4 T S x N L o 0 Q D A w M L A w g w N D A w N g S S R k C 2 O V Q o 0 Q A F m J i b p Q G h u V m y m S m I z w U A T 7 o V a B s t 2 I w A A C A A S U R B V H i c 7 J 15 Y B P F / s C / s 0 n v K 0 A p L V d T L r k p I H I I N K A o 6 u 9 B Q V D g 6 a O o I K h I U V B R k C K I K C p 4 P E E O L R 6 A g l K o j 0 O l T a F K A a U p h 9 y Q l h b a Q m H T M + f O 749 N t m m O z W a T t m m Z z + P V 3 d k 5 v r M 7 u / l + Z 74 z g 8 r L y w E A A D S V 1 U A g E A g E A o F A I B D u A q S e J G Y Y L C Q a R S F P S i E Q C A Q C g U A g E A j e p Y 4 Z 8 M W P 59 K U h d V a k 8 t k G F s Z A D x K f l 0 z A S H x 9 k B w o C R R 0 f 6 F J 7 p b B z I M c / 168 R 1 a I z r b + q a F L K J t 22 i K o h p b E A K B Q C A Q C A Q C o Z Z a M + C z 7 e d + / C 2 / 95 g H d E Y K 83 b z 115 F d a L V M Q 0 c K v y 4 T i g S P E q A K B Q g Z b Y d O G h i Y O 4 U s y X A M E z R 9 W K a 1 j w y R i E w n 4 Z n 329 K D N C O W A I E A o F A I B A I B F 8 C c X M D B v 57 d x f F K F 2 N 0 a Q 3 Y g y 2 P f k W L O M A V l e x 1 Y A A G + z s t G 7 R 5 v + 4 H i J A C I H E X x o Q J L 2 k z M z 4 c g w b a j K Z / j l 7 w Z d t A J Z 9 v y l 79 u g m k U g a W x A C g U A g E A g E A s F M 7 W i A 3 s D o 9 E Z 9 j d Z k M N b p 2 L f C 1 g b A A A h x k W 3 S 2 G r 3 X E z k I J Y L Y w A h i U k K k k C 9 g e H C G I b h S e F T M A x D z A A C g U A g E A g E Q n 3 z T 37 V 3 x c r 8 k v 1 B a U l A N A x K i Q 2 K m h g 15 Y 9 Y y N s Y t a Z G 8 A Y 9 I x R z x g M z v L F G N e x A V g c q v c A 2 D o K q n u C s V V s Q Z Y A Q g x j q O N X 0 7 T M g M Y W g U A g E A g E A o H Q n C m l 9 Q f + u n 34 d H m b l u E Q 6 N + m U w c A 0 G n h 2 B U 4 / P e F E f 0 i H x 4 c E 9 U i k I t f x w w w m Y w m o 95 k d G w G 1 B k K w A g Q B k A Y s / 7 + C A N 24 E b E X g O z E c A a C w h Y G 6 C O Z Q A u B w Q o b D L V k R Y 7 G b L w Q Z q Q q A Q C g U A g E A i E J k c p r d / 1 x 63 C M u q e T u E A M g C Q R w M A q I t p k A H I O h w r o G 9 p C 6 c m t I + 2 W A J 1 R w N c m w E Y A B B G 2 K L 2 I 9 Y A Y E c E r B y E a j E P B L C K P 7 a k R g D Y Z o w A + C 0 B C j M m f x u B B N 0 V X 6 A J i U o g E A g E A o F A a G o c + O t 2 Y R k l k 8 k A I L 47 J A 6 R W a 7 I l C o 6 L Y e W y W R X S u k 9 R 2 / M G h v H X r A Z D T C Y j A a j U e 8 w d 4 s Z Y O n c t + j w n B F Q Z 65 w b T J z T I R Y Q 8 F C r X U A Y B 5 J Q L x m A J h M d e w T R 6 M P P k o T E p V A I B A I B A K B 0 L T 4 J 7 / q 8 O n y e z q F A w A E m m 0 A l R p U 5 + g k h U w R L 1 O r Q V V M y w J l B / O u D b m n Z d + 4 C A C o 422 P G S O D 9 Q x T 5 x 9 m D L b / T A b M G B i T A Z s M D G N k D N p T G x 86 v X H M 6 U 1 j T m 8 c Y z L o T H r d 6 Y 1 j T H q d y a A 7 v W k M Y 9 B h x s i Y j J h N Y j J g k w E b D Z g x Y K M B T A Z s M t q X Y i M G g / W Y M Y q + O / + a 9 D T P q U 8 x Z f L j 7 D 9 v 5 e a V f H j y 967 A U J 8 y + 87 d 8 O 4 d 8 w U c V o e n j t w l + w O f Q l w L 95 G 62 I v B h v i I e A Q C g U D g Y e e u P X N f e W P n r j 1 C I v 99 s a J N S 7 M v U L w c A E C l h t T 9 a p W a V p 6 j A U A u B 9 A C A P g H h e W c v 82 m c n s X Y c R 6 u C D z n g E I g 8 l k A o D Y i d 8 i o J B U E h A Q D I A 6 T / 3 J T + q P M Q M A J q N R 6 i 8 B 1 h 8 I M E K A k d l / y N o r i M C y f c d P U y Y / v n 3 H T 40 t i F A 4 U Z u W 2 P W E k L v R X G + U T b 34 d U 37 O + C z 90 R E C / f Z u r D 4 u H g E A o F A 2 L l r T 9 b h P 7 d + t W 7 a M 3 M A Y N K E c f z x 80 v 1 E G h 2 n l e d o 5 X n a F b p B 4 B 4 u X l k A A B o A F k g X C m o Y S / V j g Y g h D B m G B N m T I z 1 P 5 P J Z G J M J s b E 2 I A Z B j C D T a w Z Q P n 5 S w O D p P 4 B i E I Y 4 c v b H s c I s y v k s N F N R u P p r x 858 / W j R p M R M w z D Y I w Z B j O M i c F W u b J l m d g C 6 / z D G D O e 7 E P s j H 9 N e p r 95 z D E 5 p L D k P q D 67 q z 0 a h s Q u x P r Q M b u O P Z Y d e p w y 5 V g Y L Z J L S v q c N C H d 4 Q 4 Y V 6 F 3 v 5 b U K c S c t z 1 d k d d p j K Y U h D w v + A b E J c 1 l F E K / I 6 / G 3 S m Y T 8 T d T r s H 0 K 1 q W w B o C P i E c g E A g E h 3 A 2 A A B s / W p d 1 u E / X Y 4 J F J S W g H n e L 0 2 D u e N f L p O t n S 2 X y S B N S a v V N G 2 O K 7 t 6 o 4 o 9 q j t F m M E M Z h j M I M 7 H n / 1 v 7 R J B t Q v + A D s b A G N 2 / u v V H 55 k U 3 S f n o 5 N J g B g T C a u r x 9 j 5 t w 342 I f 34 o A 1 D 9 N 6 / G f 3 S C R A M Z c z h g w A M a 4 t m S r h U k x A D C Y Y R j s Y O 6 B Y B z q 7 v + a 9 H T 6 z m / t j 9 k D L o T n o L 6 x / u W 2 O X A W g S d y A 8 A v g 7 X C I V B C l 32 x D i v u M J 9 G 6 Y a 3 q a m N G A I f n / C r Q i L U E 9 Z V Y w + 4 x + 1 u h 7 r L O + B W b l 5 H + I 1 t x D d R C D 4 u H o F A I N y F W N s A L M L H B K x t A A B I T p Q B w N o 0 i w 1 g D q e 52 L V m A E I I A 2 C M L L q 2 Z T l / y 2 U M m F 3 N x 7 x r G O v Q Q y G Q S A C g f e I 3 l E R C S a Q B A U F c D p j t v E c U O 2 K Q / 9 M 0 N j M T Z i R I a n E s Y s t g A A N m Z w m z m x g j a 0 u A F Q y Q B 3 a A t d b u S X d + A 88 r c O g 7 Y a / 2 u U x V f z h U 9 d x K 6 F Z M r v q + q b j Y 3 w 1 w V V P + x y f u 4 d q k 8 o X b 5 V a P s n D f m w a o l 8 t n y t 8 m e W I 2 Q E t 2 W U r j i k c g E A g E G 6 x t g G n P z O H G B K Y 9 M 4 f H D O g Y F a L T A h 1 Y a w M A A K 0 F t R r q 2 g B A a y E u J o Q 9 t h o N Y J f 0 R K h 2 O R / W B Q c h y 0 U E r F c / W E L N + w g j A A g I D p J K / I F C l E Q K B g M A I A o h j N k D N r 8 O E 7 + j E A C i A k N C E U U h d r V R D A h h A A p j Q M B a A Z b V R X H t 6 A M g 5 G I p o Y a i Y Q Y B + L H 5 b W 7 c H 2 m b 0 h 0 6 H g h J 6 A z h G f o C D k U V O N w h 4 q r w V A 2 j z 3 E j A K J b h b g S 67 V e I p 6 p u J i N g o + L R y A Q C H c t 0 56 Z k z B i G G c J 8 B M b F X T s C s i i 6 w S m p K r B u v M f A I A G L X S K C 2 J P 6 o 4 G I A A E m O 3 p 57 T + 2 l E B j B D C r N q P E a a A Y l f 5 l F A A I P U P 8 A s I A g D A w D A m A E B S C m E E A J R E w q r y A c H B U q k U E E X 5 S R C S m G c J Y 3 Z c g b F M P r a M B m A E C G P L c q S A A C M A q v H N A I J o G s u H u + E L J X 2 o 9 U d j W Y P k m R I I B A K h A W B V f / a A 7 f 7 n T n l S D e z a 8 v D f F 0 D W o T Z I C 2 u T 5 Q C Q t E p t C a J B C / q a i i E 9 Y 9 j z O m Y A Q h J A E o Q k 5 m 55 c 6 D Z J r C M A i C z / 5 D 5 A j B G K Q B Q E q l E K m W n D U g Y I w B Q l J 85 Z 4 k U I d R l 2 s + X t k 5 k Q 3 r P / h 1 R E k u / P w M M o o D B G F G s x s 9 u t o U x x h g h M G 9 U j C Q I S b w + G p C + 81 v O y U d I N 7 + 78 U X A T T H k W W c G r P r w H H p g c z j r n a 0 / b G Y l 2 s h g L S q P 2 N Y y O 8 u Q / w 7 w F 9 q Q j v I C H 5 C I q 86 i 2 a d q y D b g s B T 7 h y g i W / s H 2 i h t 2 + E d d m Y k 8 M d s y C E a l 8 + l s c Q j E A g E g j W T J o y z d v 6 x O X V G z 9 i I E f 0 i j x X Q 7 P Z h r A s Q X W c g g A Y t 0 F p 4 Y E B k 384 R b B A q L y 9 n j / o / 9 U t E j 27 a 8 g q j 3 m B W / 5 G 1 G c D u A Q Y I I c p i J W A E F C C D X q u v q f Y P D v H z D w Q A B G D Q 63 Q 1 V Q F B I R j A U F P l F x Q i k U q N e p 2 + u p p h G I m f J C A o T C r 1 Y 1 i X I E A Y m N o d i i 2 A 2 R A A 9 v 9 S f 7 / A s L D y 8 x c y 141 m B a 6 p q b 50 O f + R M Q q P b n b 9 s + 83 Z Z f O s U F B w Y 0 t i E / g L a 2 C a C d 3 M + T p E w g E A o F g Q + k d 7 f d Z h V d K j b J A G X C + Q N y 0 Y C 3 Q W h g Q J 536 Q P v o l u Z F h a x H A w A B B U h q d v y x 2 A C I Q g i B 5 X 8 Y U Q g B o h C F 2 X k C i P K X U H 7 S Q M p f Q l E S c 1 a U x M 8 v g J J S g J G / N I C S S i i K k v p J / f z 8 M c M A k k j 9 / I C i K L a / H x A D j P n Q r P p j z A D G G C G z G Y A Z D E i K E O X J F G F C Y 2 E z B 9 E r u R E t 8 G 7 D u 62 I Q C A Q C I R m R l S L w K k J 7 f c c v X E w 75 p / U J g s E A B
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5af17145-c94c-4497-951b-411b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:38.000Z" ,
"modified" : "2018-05-08T12:28:38.000Z" ,
"first_observed" : "2018-05-08T12:28:38Z" ,
"last_observed" : "2018-05-08T12:28:38Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5af17145-c94c-4497-951b-411b950d210f" ,
"artifact--5af17145-c94c-4497-951b-411b950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5af17145-c94c-4497-951b-411b950d210f" ,
"name" : "screen2.png" ,
"content_ref" : "artifact--5af17145-c94c-4497-951b-411b950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5af17145-c94c-4497-951b-411b950d210f" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B A M A A A K / C A I A A A C T B J N N A A A A A 3 N C S V Q I C A j b 4 U / g A A A A X 3 p U W H R S Y X c g c H J v Z m l s Z S B 0 e X B l I E F Q U D E A A A i Z 40 p P z U s t y k x W K C j K T 8 v M S e V S A A N j E y 4 T S x N L o 0 Q D A w M L A w g w N D A w N g S S R k C 2 O V Q o 0 Q A F m J i b p Q G h u V m y m S m I z w U A T 7 o V a B s t 2 I w A A C A A S U R B V H i c 7 J 15 Y B P F / s C / s 0 n v K 0 A p L V d T L r k p I H I I t O B D U X 8 P C o I C T x 9 F B U F F i o K K g h R B x O u B x x P k 0 O I B K C i F + j h U 2 h S q F F C a c s g N a W m h F A q b n j l 3 f n 9 s s t 3 m 2 O w m a Z u W + T x e 3 Z 2 d 4 z u 7 M 5 P v d 0 5 U X l 4 O A N r K a i A Q C A Q C g U A g E A h 3 B + 1 j 2 s j d D s w w W I w 3 i k J u J 0 E g E A g E A o F A I B D q i V p L 4 P M f z q a r i q p 1 Z p d h M O b Z A A J 6 f l 1 L A S H 3 T Y L g Q F l S Y v v n H + / O d 2 Q Y 5 t q 1 k j u 0 1 u 1 o 65 s W i o i 2 b a M p i m p s Q Q g E A o F A I B A I B F s s l s C n 287 + 8 G t B 7 z E P 6E0 U F u z s r 32 K 6 n i r Y x 0 41 P l x H V c k e q w A U S h A z m z d f 8 D M w N w p F m O A Y Z j i a y U 0 r X 14 T K L I e B q e v b + q M E A 7 Y g w Q C A Q C g U A g E H w P x K 4 T G P i v X V 0 S R + l r T G a D C W O w 7 c + 3 Y h 0 N 4 D 3 F v G E B 1 t n Z b d 10 L f 9 x P V C A E A K Z v z w g S H 5 R l Z X 5 x R j W 1 W w 2 / 33 m v C + b A S x 7 f 1 X 17 N F N J p M 1 t i A E A o F A I B A I B E I t t e s E D E Z G b z A Z a n R m o 6 l O 9 z 4 P W z M A A y D E e b Y J Y 6 v g c z 6 R A 18 u 7 A G E Z G Y 5 y A I N R o Z z Y x h G I I R P w T A M s Q Q I B A K B Q C A Q C P X N 3 w V V f 12 o K C g 1 F J b e A I C O U S G x U U E D u 7 b s G R v h 0 H / t O g H G a G B M B s Z o d B Y 1 x r i O G c D i U M M H w H w v q O 4 N x j z f o o w B h B j G W G e C T d O y B B p b B A K B Q C A Q C A R C c 6 a U N u z / 8 / a h U + V t W o Z D o H + b T h 0 A Q K + D o 5 f h 0 F / n R / S L f G h w T F S L Q J t Q t Z a A 2 W w y m w x m k 2 N L o M 6 A A E a A M A D C m J 37 j z B g B / O J 2 G d g s Q N Y e w E B a w b U M Q 7 A 5 b A A h c 3 m O t s c Y S c D F z 5 I E x K V Q C A Q C A Q C g d D k K K U N O 3 + / V V R G 3 d M p H E A B A M p o A A B N C Q 0 K A E W H o 4 X 0 L V 3 R 1 I T 20 X W N A d 6 Y g G t L A A M A w g h b N X / E 2 g D s u A B v p l A t l u E A V v f H 1 t A I A N u M F I C w M U B h x u x v I 5 D r t + I j N C F R C Q Q C g U A g E A h N j f 1 / 3 i 4 q o x Q K B Q D E d 4 e k I Q r r E 4 V K T a f n 0 g q F 4 n I p v f v I 9 V l j 4 / g B + W M C R r P J a D I Z H C Z g t Q S s X f x W N Z 6 z A + o s H a 4 N Z v G J E G s r W K k 1 E A A s 4 w l I 0 B I A s 7 m O i e J o D M J H a U K i E g g E A o F A I B C a F n 8 X V B 0 6 V X 5 P p 3 A A g E C L G a D W g P o s n Z y o S I x X a D S g L q E V g Y o D + V e H 3 N O y b 1 z t m o H a y f e Y M T H Y w D B 1 / m H G a P v P b M S M k T E b s d n I M C b G q D u 54 c F T G 8 a c 2 j j m 1 I Y x Z q P e b N C f 2 j D G b N C b j f p T G 8 c w R j 1 m T I z Z h N k g Z i M 2 G 7 H J i B k j N h n B b M R m k 30 q N m I w 2 I A Z k 9 s v 6 J + T n h K 49 S m m T H 6 M / e e t 2 L w S j 0 D 83 h U Y 6 l N m 33 k b 3 n 1 j v o D D 7 A j k k X t k f + F T u F f C f S Q v 9 m K w L j 4 i H o F A I B A E 2 L F z 99 y X X 9 + x c 7 c Y z 39 d q G j T 0 j I p K F 4 J A K D W Q N o + j V p D q 87 S A K B U A u g A A P y D w n L P 3 e a H l X b G M G K n u i D L W Q I I g 9 l s B o D Y i d 8 g o J B c F h A Q D I A 6 T / 3 R T + 6 P M Q M A Z p N J 7 i 8 D d m I Q Y I Q A I 8 t E I v 70 I A L L t u 0 / T p n 82 L b t P z a 2 I G L h R G 1 a Y t c T Y t 5 G c 31 R N v k S V j f t 34 D P v h M 3 S r j P 5 o X F x 8 U j E A g E w o 6 d u 7 M P / b H l y 7 X T n p 4 D A J M m j B P 2 X 1 B q g E D L L H r 1 W V p 1 l m b 1 f g C I V 1 r G B w C A B l A E w u X C G n 5 Y y 5 g A Q g h j h j F j x s z w / 5 n N Z j N j N j N m x g b M M I A Z b G Y t A c r P X x 4 Y J P c P Q B T C C F / a + h h G m N 0 z h / V u N p l O f f X w 6 a 8 e M Z l N m G E Y B m P M M J h h z A z m x c q m Z W Y T r P M P Y 8 x 4 c k q x M / 456 S n 2 n 0 M X m 0 c O X e o P r g P P R q m y c b G / 5 T s 2 c P e z w w 5 U h x 2 r I g W z C W i f U 4 e J O n w h 4 h P 1 L v b y 27 g 4 k 1 b g q b M 37 D C U Q 5 e G R P g D 2 b i 4 z K M b p c j r C J d J Z x I K F 1 G v w 3 Y r 8 F N h b Q A f E Y 9 A I B A I D u H M A A D Y 8 u X a 7 E N / u B w Z K C y 9 A Z Z l w D Q N l u 5 / p U K x Z r Z S o Y B 0 F a 3 R 0 L T F r + L K 9 S p + W N 6 K Y Q Y z m G E w g 7 j 5 / u x / a z c N q t 0 C C N i V A R i z y 2 G v f P 8 E G 6 L 79 A x s N g M A Y z Z z P f 4 Y M 2 e / H h f 72 B Y E o P l x W o 9 / 7 w K Z D D D m Y s a A A T D G t S n z d i v F A M B g h m G w g 3 U I o n G o v v 9 z 0 l M Z O 76 x v 2 Y v O B e B i / q G / + N t c + H M g 4 D n B k B Y B r 7 O I V J C l z 2 y D j P u M J 5 G 6 Y y 3 y a m N G C I / n / i n Y j z U E / y s s R f c 55 b a r e 7 y D U i K z e u I f 7 G N W B P F 4 O P i E Q g E w l 0 I 3 w x g E T 8 y w D c D A C A l S Q E A a 9 K t Z o D F n b Y J Y 7 E E E E I Y A G N k V b e t 2 / x b H 2 P A 7 P 4 + l g P F 2 J k 9 F A K Z D A D a J 31 N y W S U T B 4 Q E M T F g N k u f E S x 4 w Y F P 0 5 j I z N j R o b k 1 h l G b B o M Y M D s o m H 2 i G P E N w Z Y w Q B 5 Y A r w F X d P O v U b e I 2 B w 0 k U 9 p q f y 1 D 1 h 0 N t T 1 J A S T 657 P u m 7 m L / N s B V T o U / n 3 s f 1 y a U L 7 w u S f 3 K 4 i f h N E C + X H 5 T 4 T I p 4 L M B S r L L V B p X P A K B Q C D Y w D c D p j 0 9 h x s Z m P b 0 H A F L o G N U i F 4 H d G C t G Q A A t A 40 G q h r B g C t g 7 i Y E H 5 Y 65 g A u 88 n Q r U b / L B z c R C y P k T A z v A H q 6 v l l G E E A A H B Q X K Z P 1 C I k s n B a A Q A R C G E M X v B x t d h 4 r c U A k B U Y E g o o i j E b k G K A S E M Q G E M C F h D w L r l K K 4 d g w C E X G w u 1 F A 0 z F C A M D Y / z 437 O 22 T u s M Z C G I C O k N 8 h L 6 A Q 1 F F D n q 48 V R 8 q I Z R 6 b h x A L d L h X s p 1 m u + 3 P i m 7 v l s F H x c P A K B Q L h r m f b 0 n I Q R w z h j Q J j Y q K C j l 0 E R X c c x N U 0 D t k M A N O i g U 1 w Q 34 k 3 J o A A E G C 2 v 59 T / G v H B j B C C L O a P 0 a Y A o r d + l N G A Y D c P 8 A v I A g A A A P D m A E A y S m E E Q B Q M h m r z Q c E B 8 v l c k A U 5 S d D S G Z Z N I z Z 0 Q X G u h b Z O i a A E S C M r X u U A g K M A K j G t w Q I b t N Y 87 k b P l H S k 1 p / N J Z B S L 4 p g U A g E B o A V v t n L 9 h B A O 5 W I N T A r i 0 P / X U e F B 1 q n X S w J k U J A M m r N F Y n G n R g q K k Y 0 j O G H 7 b W E k B I B k i G k M z S O W 9 x t J g F 1 r E A Z J l I Z H k A j E k O A J R M L p P L 2 S U E M s Y E A B T l Z 4 l Z J k c I d Z n 208 U t E 1 m X 3 r N / Q 5 T M 2 v v P A I M o Y D B G F K v 0 s + d w Y Y w x R g g s x x g j G U I y r 48 J Z O z 4 h p v t I 6 a z X 6 p / N + B W H A r s P A O 8 n j y H s 7E5 n P X R 1 h 82 i x R t Z O C L K i A 2 X 2 Z n E Q q / A e F E G 3 L S v M g P 5 M Z T Z 97 s Q z V k G X C Y i v 1 H d C N a + w / a K G X b 4 R t 2 Z i c I + 2 z I g R q X 36 W x x C M Q C A Q C n 0 k T x v F n A d n c O q N n b M S I f p F H C 2 n 2 Z D F 2 L h B d Z z i A B h 3 Q O n h g Q G T f z h H 8 B 6 i 8 v B w A + j / 5 c 0 S P b r r y C p P B a L E A E N 8 S Y I 8 H A 4 Q Q Z T U U M A I K k N G g M 9 R U + w e H + P k H A g A C M B r 0 + p q q g K A Q D G C s q f I L C p H J 5 S a D 3 l B d z T C M z E 8 W E B Q m l / s x 7 N w g Q B i Y 2 v O L r Y D F F g D 2 / 3 J / v 8 C w s P J z 57 P W j m b l r q m p v n i p 4 O E x i e 6 / 7 A Z h 76 + q L p 1 j g 4 K C G 1 s Q n 8 B b i g V R U O 5 m y N c n E A g E A s G G 0 j u 677 K L L p e a F I E K 4 C Y F c a u E d U D r Y E C c f O o D 7 a N b B n K h 2 s e 0 4 c Y E A A E F S G 6 Z A W Q 1 A x C F E A L r / z C i E A J E I Q q z a w Y Q 5 S + j / O S B l L + M o m S W q C i Z n 18 A J a c A I 395 A C W X U R Q l 95 P 7 + f l j h g E k k / v 5 A U V R b K 8 / I A Y Y y 6 V F + 8 e Y A Y w x Q h Z L A D M Y k B w h y p M V w 4 T G w m Z J o l d i I 4 r g 3 Y Z 3 S x G B Q C A Q C M 2 M q B a B U x P a 7 z 5 y / U D + V f +
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5af1715d-0250-4124-81df-bc75950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:38.000Z" ,
"modified" : "2018-05-08T12:28:38.000Z" ,
"first_observed" : "2018-05-08T12:28:38Z" ,
"last_observed" : "2018-05-08T12:28:38Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5af1715d-0250-4124-81df-bc75950d210f" ,
"artifact--5af1715d-0250-4124-81df-bc75950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5af1715d-0250-4124-81df-bc75950d210f" ,
"name" : "screen3.png" ,
"content_ref" : "artifact--5af1715d-0250-4124-81df-bc75950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5af1715d-0250-4124-81df-bc75950d210f" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A 3 w A A A T x C A I A A A D r / w b 9 A A A A A 3 N C S V Q I C A j b 4 U / g A A A A X 3 p U W H R S Y X c g c H J v Z m l s Z S B 0 e X B l I E F Q U D E A A A i Z 40 p P z U s t y k x W K C j K T 8 v M S e V S A A N j E y 4 T S x N L o 0 Q D A w M L A w g w N D A w N g S S R k C 2 O V Q o 0 Q A F m J i b p Q G h u V m y m S m I z w U A T 7 o V a B s t 2 I w A A C A A S U R B V H i c 7 N 27 d q r O 28 D x 4 b f + l 4 I p X F 4 B X A G m s b K 1 g x K b d J Z 2 a a D U z p Y q T a B + C 7 w C V 4 o M 98 J b c B q O H i I x O / l + m r 0 V m R O I T 54 Z R U v T V A A A A A B j + u / R D Q A A A M D v R 9 A J A A C A 0 d 0 e d E a O p m m a E 92 x M b 9 I 4 p u a k 9 Q e m 37 S / 3 o A A I B f r Q o 6E98 x t Y z p + M 7 Z c N L a p a F 9 S 5 V + U c 21 M e t t g V s S 1 T r 2 P Y F f 9 L o W 3 o t e P a G 7 m 9 n 6 l Q g d A A D 8 U U X Q G T m r j 0 W c p m m a p n I j g v 14 V b p x m q a p Z x i e 5522 / n g V C S F E 5 E z m w X Q j y 45 N v i H h m P j b v b 1 x 9 d q T 1 o u 935 L s B A A A f 1 M e d C a f p + P p M 8 l C I t 3 a b f I c Z u K b m q b l c V q S 5 y j r 6 c k q Q 3 p F H j H x A 7 F 0 X X c p g n K f o b o S 39 S 0 y f p 4 X E + K J G k t e I x 8 x y x a Y T p R W a Q z P 3 k y d i 296 F g c z t a v U Z 5 t d a K o J w l a P V / b k i 0 p M B 2 l y x 3 J y + Q 9 O N o L q / m 0 v r C P w T t R J w A A + I v y o F N 3 Y 7 n 8 W K 2 K U O p z I X d W / r x n i P J F a X N K f T 9 f i c U h y 5 A e F m J 1 W R 4 x e l 3 P N q 4 Q Q p 10 H q p L d + M 0 l Z 5 h e F n O M k 3 T u M w k R o 759 v Q S 53 n a + L B 4 W 2 W x Y P J + M p b N h O P C 3 r 9 F b p y G t t h v 3 x a H v M D 4 p W q 877 w V f U r T N H 55 e s 3 j T m u X S s 84 n j 6 m h z R N U y m X p 3 k 77 J Q f R 2 M 6 a f d 6 M j W O w f s F w w M A A P D b V G s 6 d X e X x 23 y s P i Y T y 5 b b m m H Z R 5 R 6 N a F C x e j t 5 P 3 k m U C r R f v 9 P a 1 p Y 7 R 22 n 5 Y l W h p W 7 t l q e L J r L t z c 7 S i x 11 d z M L 3 h M h E j / Y 7 + d l R l X T J v P 9 X g 0 W j e U u i 2 R 1 / W n W U e z n 6 Q u 9 A Q A A + I 3 y o L P 2 F R 1 d t 1484 / R 5 U 4 G d O b 6 a x N / u q 2 n y y f o 42 l J H / X l 2 D B p l R 2 / 7 j q n v 3 P F D C i G E U B K q Z V 718 m o 7 I 1 E A A I C / r M x 0 H t c r P y n X Q r 4 H Y v m c / V 9 / m h V L E Z P I d 7 b 1 r x j t 56 Z f L K F M f G d 7 W j 7 X p 7 N b k t d g F t Y C u n B W L H U c r k s I I f K o M I l 8 U 8 t / k 8 h a z I L X q A o t k 8 g J Z t n X e P R d O F t P y h Y m k W P O y y S r E P u t E 1 V 99 r f Z J t 3 d z I J V t T B U J J G j m V d 84 W k y N Y r o t U Z + H I 1 i V A E A A P 6 W L O 7 z D M P z 7 G J B p T B s N S y s V l o a d u j Z Q g h h e P m T d i j L / Q y 7 l S B s q E o S e Q 3 V s s 0 s u 9 h d V x m e 2 t V W T y q V h V X j D c M O 1 W Z I d Z u y K b S H G h / W R q P Y V L b W 8 G T z U a O b d j 2 w T t N U 2 h 0 Z V A A A g D 9 B S //qvdcjR3tbpLu+mfYvF76dylj9ElPkaNvpVdP0AAAAvwa3wRyF9eKJ9WvtjkTbk3cg4gQAAH/UH810+qa2Pmb/Nbx6RhIAAAB390eDTgAAAHwnptcBAAAwOoJOAAAAjI6gEwAAAKMj6AQAAMDoCDoBAAAwOoJOAAAAjO7bg87I0dquubP5HSW+afrJ+dcBAADga7496LR2qfQMw6vuxKnckB0AAAC/0iOn11uJxiIL6kTNB9lWs0qNOvUMZaJsNB3H1JxIiMQ3NU3Lq8gelMUlvqlpk/XxuJ5U6dZEaUl/XQAAALjWg4LO41rTtEl2J0rdjePspuTWToa2IYrEpyEMO5Q7SwghhO+8LQ5ldjR+eXotY8HEN1fKxsNimj2vu3GVRdXdOE1DW6gPpWcYnizLLG+GOVAXAAAAbvCgoNPwuufVdWsXy42Ya5o2Py1lvLOyQDDxg/1+XiYlNW0y3++D92yn90AsXyy9KsON0zxUvcVgXQAAALjBI6fXdTeusoulRL7thWEYQnxINb2o5CTL1ORYLfvOugAAAP6AH/GTSeXaziRyzMlWhDKOY7kR24npRIkQQujuZhas8gf5K8vvvD8vRbDylU2+UxSoP82OwXtSPL3dt+r+kMVOpqY5ybm6AAAAcIv0m1XLKlWGJ5VNdpg2H6VpmoaeXc7HG3YtGSnVTYYdSmVLuUTUDj27rKxojaEUqJQ4UBcAAACupaVpeq/4FQAAAOj0I6bXAQAA8LsRdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARne/oDNyNE3TnOhuBX5T2QAAABjdf0IUMV3DtXcbt3Y9t7jskPiOWVTj+M7ZcPKasgEAAPDj/CeEENYulZ5heNXdMas7lo8gclYfizivaCOC/XhVAQAA4CdoTq8nvmn6SfU4S4KaTpmaNGtZyVrKMvq8qMrk83Q8fSZZJbq129hl1Zqm5bVnD5pT6onSDLWVAAAA+NGUoPO41jRtsj4KIYTuxrErRJEEPZ4+poc0TVMpl6d5EQgmvrkSi0OeHD0s3i7LWepuLJcfq1URPX4u5M7Kny8TrLobp80p9f28qu6wECuTuBMAAODfoASdhtc7r24sd64uhBC6/jQrnkzeg9nGtfT8oZKzPEt3d3E2vy4Pi4/55LKvCNlhXFanW+5mtn7lq0UAAAD/gub0uu7Gsat3vvReahP4um69eMbpson5JmM6uVurAAAAMJ7en0xqrO3soD8vT1s/Kl6URM72wq8EHdcrPyn3ew/E8jkv8ml2DN6zRZ2R3yxvPzfL6hLf2Z6Wz+OGxwAAALiP4ieTJuvjca3+YlK2trPaZPqJEJGjzfdiP88e6W58EG/52kxt9bZY2tm2c5Ua3vJjNSn2+9hUuVXrxRPriaZp2mT7UZaX+KY23ws7rKpbfUwPY6dkAQAAcCdamqaPbgMAAAB+OW6DCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNERdAIAAGB0BJ0AAAAYHUEnAAAARkfQCQAAgNHdI+iMHE1zojsU9NsxUAAA4K8i04k7iRxN+7FBdRI5ppZptzByhhqe+KbmJNULv7+L1zY+8U3TT76vfT+LcryKx394NADgJ8mDzuzTtGI6V1ymrV2a7qw7Nei+HxHNfvV9ct/JmcbfdaB6W/CFI/kl1i4N7fMvax+S0UOCyNEmW7GRMk3T1hFIfHN+Moz+nV/XwnvRhRAXd/Gubmi87m5m69frTnL1vLnD++MLR/mLVwD1eAkhbhsNAMAY8qAz+zS1wzR3WHysfmjO6irNfqXp90cN30p348aRnAaTH5XosXap9AzDqw7IMpiMea5FzvzkyXhn6Xp7Y+Kv1sI7bGY9Oyf+dm9v3I49v8eNjbde7P32qqPuxmmapp5heJ532vq3tzhvwHcf5Vzn8bp+NAAAY+iZXtetxWz/FglR5c6cqJzlM50ou4JXebXW/F6VNamSHvmLEt8xi+2m40eJutdkfTyuJ13pkWqO8bb8nZpAyRqYP656mNeT11DUZzY6pzTEdBwz22+48X0DlVVYjYdZDu3ZZlxId+OwSvQMjWF3vwZamHXMqQ5l9Fnr1mXHKxFCGNOJUl7XudHVQGV8B+qK3vqjxsRfrWdh3B9TJu/B0V60ktOJclCUyn5Q4/WFfQzer3yPJH4glq7rLkUwfGpc/1dM7Sjnb4a8lOL64ERfvwL0HK+bRgMAcHdqBrDKj8lGfjC0hRCG4YUy7dBMJmZF2Eb5pPQMw6t2lbL8v/Qa+zZeWvJsW61chrbd9bLOxhVqBTcqqnffM4SRly+lZ4haT5SGyFDd2Nv4zkqKp9TyUhnWh62nGed63D2kA2M40K/+FkpPPSVkaBuirHnoeEmvNiFcL7733AhtYXjFVhna1VCfqcvw0tA28qrqh7zqY/f
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5af173ac-a6d4-4f96-b4ac-5a17950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:38.000Z" ,
"modified" : "2018-05-08T12:28:38.000Z" ,
"first_observed" : "2018-05-08T12:28:38Z" ,
"last_observed" : "2018-05-08T12:28:38Z" ,
"number_observed" : 1 ,
"object_refs" : [
"windows-registry-key--5af173ac-a6d4-4f96-b4ac-5a17950d210f"
] ,
"labels" : [
"misp:type=\"regkey\"" ,
"misp:category=\"Persistence mechanism\""
]
} ,
{
"type" : "windows-registry-key" ,
"spec_version" : "2.1" ,
"id" : "windows-registry-key--5af173ac-a6d4-4f96-b4ac-5a17950d210f" ,
"key" : "HKCU\\Environment\\UserInitMprLogonScript"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5af1754a-aa0c-46de-a87a-45e5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:37.000Z" ,
"modified" : "2018-05-08T12:28:37.000Z" ,
"first_observed" : "2018-05-08T12:28:37Z" ,
"last_observed" : "2018-05-08T12:28:37Z" ,
"number_observed" : 1 ,
"object_refs" : [
"mutex--5af1754a-aa0c-46de-a87a-45e5950d210f"
] ,
"labels" : [
"misp:type=\"mutex\"" ,
"misp:category=\"Artifacts dropped\""
]
} ,
{
"type" : "mutex" ,
"spec_version" : "2.1" ,
"id" : "mutex--5af1754a-aa0c-46de-a87a-45e5950d210f" ,
"name" : "FG00nxojVs4gLBnwKc7HhmdK0h"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af1764b-e398-4941-83b0-423d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:37.000Z" ,
"modified" : "2018-05-08T12:28:37.000Z" ,
"description" : "C2" ,
"pattern" : "[domain-name:value = 'myinvestgroup.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:28:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af17259-2c04-4ffc-9fb7-4848950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T09:48:58.000Z" ,
"modified" : "2018-05-08T09:48:58.000Z" ,
"description" : "payload" ,
"pattern" : "[file:name = 'netwf.bat' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T09:48:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af17269-f3bc-4264-bd4c-4391950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T09:49:26.000Z" ,
"modified" : "2018-05-08T09:49:26.000Z" ,
"pattern" : "[file:name = 'netwf.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T09:49:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af174a8-3934-4a04-994d-89b8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T09:58:03.000Z" ,
"modified" : "2018-05-08T09:58:03.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'e338d49c270baf64363879e5eecb8fa6bdde8ad9' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T09:58:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af18d58-4168-49b7-9f76-d121950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T11:43:20.000Z" ,
"modified" : "2018-05-08T11:43:20.000Z" ,
"description" : "Office Documents:" ,
"pattern" : "[file:hashes.SHA256 = 'c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T11:43:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af18d6e-218c-465e-a8b5-48ca950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T11:43:42.000Z" ,
"modified" : "2018-05-08T11:43:42.000Z" ,
"description" : " Office Documents" ,
"pattern" : "[file:hashes.SHA256 = 'e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T11:43:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af18d82-ca68-45eb-bde2-4956950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T11:44:02.000Z" ,
"modified" : "2018-05-08T11:44:02.000Z" ,
"description" : " Office Documents" ,
"pattern" : "[file:hashes.SHA256 = 'efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T11:44:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af18ecd-932c-4679-ad81-42b2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T11:49:33.000Z" ,
"modified" : "2018-05-08T11:49:33.000Z" ,
"description" : "Seduploader Dropper" ,
"pattern" : "[file:hashes.SHA256 = '522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T11:49:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5af18eea-b254-48be-9965-420a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T11:50:02.000Z" ,
"modified" : "2018-05-08T11:50:02.000Z" ,
"description" : "Sedupload Payload" ,
"pattern" : "[file:hashes.SHA256 = 'ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T11:50:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d01a1f56-520d-43dd-a8dc-128ea3686b56" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:19:48.000Z" ,
"modified" : "2018-05-08T12:19:48.000Z" ,
"pattern" : "[file:hashes.MD5 = '2163a33330ae5786d3e984db09b2d9d2' AND file:hashes.SHA1 = 'e338d49c270baf64363879e5eecb8fa6bdde8ad9' AND file:hashes.SHA256 = 'c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:19:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f06f0463-2e37-478d-b082-8d44e89bd6d1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:19:47.000Z" ,
"modified" : "2018-05-08T12:19:47.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-01T10:29:11" ,
"category" : "Other" ,
"uuid" : "5af195e3-f254-4d01-9051-44bc02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "46/67" ,
"category" : "Other" ,
"uuid" : "5af195e3-6334-4c64-8542-40f102de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead/analysis/1519900151/" ,
"category" : "External analysis" ,
"uuid" : "5af195e4-b494-46fa-8f97-445302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--85500cfa-8d6b-49f8-9900-99dc0172e3ee" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:19:51.000Z" ,
"modified" : "2018-05-08T12:19:51.000Z" ,
"pattern" : "[file:hashes.MD5 = '94b288154e3d0225f86bb3c012fa8d63' AND file:hashes.SHA1 = '4873bafe44cff06845faa0ce7c270c4ce3c9f7b9' AND file:hashes.SHA256 = 'e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:19:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1d43848d-7842-4357-8161-4f692dbe6364" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:19:49.000Z" ,
"modified" : "2018-05-08T12:19:49.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-08T00:14:43" ,
"category" : "Other" ,
"uuid" : "5af195e6-6af8-4405-9fee-424802de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "38/59" ,
"category" : "Other" ,
"uuid" : "5af195e6-1aa8-44b3-afdd-410002de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae/analysis/1525738483/" ,
"category" : "External analysis" ,
"uuid" : "5af195e6-99cc-45e1-b188-434d02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e3c98d38-6cce-4fe3-832d-33d3aadb0e88" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:19:54.000Z" ,
"modified" : "2018-05-08T12:19:54.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f52ea8f238e57e49bfae304bd656ad98' AND file:hashes.SHA1 = '169c8f3e3d22e192c108bc95164d362ce5437465' AND file:hashes.SHA256 = 'efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:19:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5f6c2742-b8c2-4538-80fa-402df8bc6f3d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:19:52.000Z" ,
"modified" : "2018-05-08T12:19:52.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-08T00:23:54" ,
"category" : "Other" ,
"uuid" : "5af195e8-c8c0-4b43-8b1b-427702de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "37/59" ,
"category" : "Other" ,
"uuid" : "5af195e8-2698-4bc6-9a24-4faa02de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52/analysis/1525739034/" ,
"category" : "External analysis" ,
"uuid" : "5af195e8-c930-43ab-b99a-4f9402de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--70c53962-cc6d-42fd-90bb-7b89ea1841e0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:19:56.000Z" ,
"modified" : "2018-05-08T12:19:56.000Z" ,
"pattern" : "[file:hashes.MD5 = '60bc999ff14ee2f359130d6c1375b033' AND file:hashes.SHA1 = '142f524121fe16e1c67031f12015be4adec42bb7' AND file:hashes.SHA256 = '522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:19:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8f43be07-b484-4985-a388-2150078f89b2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:19:54.000Z" ,
"modified" : "2018-05-08T12:19:54.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-01T22:15:25" ,
"category" : "Other" ,
"uuid" : "5af195ea-4d40-4c07-bd52-481402de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/67" ,
"category" : "Other" ,
"uuid" : "5af195eb-72e0-4311-b125-495a02de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805/analysis/1525212925/" ,
"category" : "External analysis" ,
"uuid" : "5af195eb-304c-4a12-a080-4b9802de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2d06f66e-76ae-473b-9561-bd22199dbd80" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:19:58.000Z" ,
"modified" : "2018-05-08T12:19:58.000Z" ,
"pattern" : "[file:hashes.MD5 = 'fc7d4cde5d2266082966d80f5f1566b9' AND file:hashes.SHA1 = '8a68f26d01372114f660e32ac4c9117e5d0577f1' AND file:hashes.SHA256 = 'ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:19:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--09e5ec0c-0ae8-4654-ad36-b23fdd405bb2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:19:56.000Z" ,
"modified" : "2018-05-08T12:19:56.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-08T00:25:24" ,
"category" : "Other" ,
"uuid" : "5af195ec-c700-4cd3-8577-469302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/67" ,
"category" : "Other" ,
"uuid" : "5af195ed-cc5c-44e2-be4b-4e0902de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18/analysis/1525739124/" ,
"category" : "External analysis" ,
"uuid" : "5af195ed-5830-47ac-8e98-49a402de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--33f0f2a8-76b4-4f1a-96e9-8c207dd86bf9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:20:00.000Z" ,
"modified" : "2018-05-08T12:20:00.000Z" ,
"pattern" : "[file:hashes.MD5 = '085be1b8b8f3e90be00f6a3bcea2879f' AND file:hashes.SHA1 = 'cc7607015cd7a1a4452acd3d87adabdd7e005bd7' AND file:hashes.SHA256 = 'c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-08T12:20:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0ba9aa23-ed52-4caf-b6ae-9415d8006bee" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:19:59.000Z" ,
"modified" : "2018-05-08T12:19:59.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-08T00:01:00" ,
"category" : "Other" ,
"uuid" : "5af195ef-0ee0-46ed-a80d-467302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "31/60" ,
"category" : "Other" ,
"uuid" : "5af195ef-a244-422c-ad06-418202de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f/analysis/1525737660/" ,
"category" : "External analysis" ,
"uuid" : "5af195ef-1c20-4075-8090-4bff02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--afb022c9-8751-4226-8cb9-110026ddc73c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:40.000Z" ,
"modified" : "2018-05-08T12:28:40.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-01T10:29:11" ,
"category" : "Other" ,
"uuid" : "5af197f8-9f34-43c2-86c1-4dee02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "46/67" ,
"category" : "Other" ,
"uuid" : "5af197f8-e498-43b8-aabf-4f1802de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c3b2c7bbd2aa1e3100b9382ed78dfa0041af764e0e02013acdf282410b302ead/analysis/1519900151/" ,
"category" : "External analysis" ,
"uuid" : "5af197f8-0a44-4d11-a7bd-48fc02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5a6ce1ca-0ce4-4112-acf0-f759f554e4d3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:41.000Z" ,
"modified" : "2018-05-08T12:28:41.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-08T00:14:43" ,
"category" : "Other" ,
"uuid" : "5af197f9-11d4-451d-b851-4d9102de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "38/59" ,
"category" : "Other" ,
"uuid" : "5af197f9-3798-4061-b5ec-4a2002de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae/analysis/1525738483/" ,
"category" : "External analysis" ,
"uuid" : "5af197f9-de3c-42eb-9871-4cdb02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9e68a641-1e38-4f66-9db2-7d29d978a9dd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:42.000Z" ,
"modified" : "2018-05-08T12:28:42.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-08T00:23:54" ,
"category" : "Other" ,
"uuid" : "5af197fa-ed74-4a1f-a551-48a002de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "37/59" ,
"category" : "Other" ,
"uuid" : "5af197fa-a36c-41ac-b100-4fc602de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52/analysis/1525739034/" ,
"category" : "External analysis" ,
"uuid" : "5af197fa-9648-4feb-8949-42b702de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--86e9947c-958f-4a76-9314-9eafcbcb9de5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:42.000Z" ,
"modified" : "2018-05-08T12:28:42.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-01T22:15:25" ,
"category" : "Other" ,
"uuid" : "5af197fb-98ec-4c87-9a05-447402de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/67" ,
"category" : "Other" ,
"uuid" : "5af197fb-d9ec-4d0f-bf82-4a7502de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805/analysis/1525212925/" ,
"category" : "External analysis" ,
"uuid" : "5af197fb-23d0-4566-aed8-408602de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--483c8559-c3c8-4a7a-a2d1-d7a7a13cfc20" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:43.000Z" ,
"modified" : "2018-05-08T12:28:43.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-08T00:25:24" ,
"category" : "Other" ,
"uuid" : "5af197fb-5300-493b-96aa-437002de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/67" ,
"category" : "Other" ,
"uuid" : "5af197fc-cffc-44fb-a9ae-421502de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18/analysis/1525739124/" ,
"category" : "External analysis" ,
"uuid" : "5af197fc-4c84-427b-8c03-4cd302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0f9c57e5-2917-4305-b828-df759cfe478b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-08T12:28:44.000Z" ,
"modified" : "2018-05-08T12:28:44.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-08T00:01:00" ,
"category" : "Other" ,
"uuid" : "5af197fc-ece0-48dd-a063-447602de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "31/60" ,
"category" : "Other" ,
"uuid" : "5af197fd-f858-44f4-a74a-497102de0b81"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f/analysis/1525737660/" ,
"category" : "External analysis" ,
"uuid" : "5af197fd-53e4-4acc-b695-453002de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--2a53a555-bd4e-43a8-83fc-d96ef095899a" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T09:49:23.000Z" ,
"modified" : "2018-05-08T09:49:23.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "executed-by" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5af17269-f3bc-4264-bd4c-4391950d210f" ,
"target_ref" : "indicator--5af17259-2c04-4ffc-9fb7-4848950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--f1fa327b-012d-47bd-997a-91310b712761" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T12:28:45.000Z" ,
"modified" : "2018-05-08T12:28:45.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5af174a8-3934-4a04-994d-89b8950d210f" ,
"target_ref" : "x-misp-object--afb022c9-8751-4226-8cb9-110026ddc73c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--392ee048-b017-47f0-a8d6-31bdbc5c03fc" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T12:19:59.000Z" ,
"modified" : "2018-05-08T12:19:59.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--d01a1f56-520d-43dd-a8dc-128ea3686b56" ,
"target_ref" : "x-misp-object--f06f0463-2e37-478d-b082-8d44e89bd6d1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--48372305-fd9a-495b-b19d-6b5e68d2b0fd" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T12:20:00.000Z" ,
"modified" : "2018-05-08T12:20:00.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--85500cfa-8d6b-49f8-9900-99dc0172e3ee" ,
"target_ref" : "x-misp-object--1d43848d-7842-4357-8161-4f692dbe6364"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--acd59767-e0ea-46b6-9322-640ceac7501b" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T12:28:46.000Z" ,
"modified" : "2018-05-08T12:28:46.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--85500cfa-8d6b-49f8-9900-99dc0172e3ee" ,
"target_ref" : "x-misp-object--5a6ce1ca-0ce4-4112-acf0-f759f554e4d3"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--49f9f7c6-f441-45ae-b3e6-36eb3301961c" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T12:20:00.000Z" ,
"modified" : "2018-05-08T12:20:00.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--e3c98d38-6cce-4fe3-832d-33d3aadb0e88" ,
"target_ref" : "x-misp-object--5f6c2742-b8c2-4538-80fa-402df8bc6f3d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--4dce83eb-888f-459f-940c-1925a6c8d197" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T12:28:46.000Z" ,
"modified" : "2018-05-08T12:28:46.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--e3c98d38-6cce-4fe3-832d-33d3aadb0e88" ,
"target_ref" : "x-misp-object--9e68a641-1e38-4f66-9db2-7d29d978a9dd"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--c457915e-01d9-4e44-8e15-312a5d154307" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T12:20:00.000Z" ,
"modified" : "2018-05-08T12:20:00.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--70c53962-cc6d-42fd-90bb-7b89ea1841e0" ,
"target_ref" : "x-misp-object--8f43be07-b484-4985-a388-2150078f89b2"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--f9efa3ee-709a-42e6-8298-29705fb43fbe" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T12:28:46.000Z" ,
"modified" : "2018-05-08T12:28:46.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--70c53962-cc6d-42fd-90bb-7b89ea1841e0" ,
"target_ref" : "x-misp-object--86e9947c-958f-4a76-9314-9eafcbcb9de5"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--58ebbab3-1448-494f-8c77-30590262cf19" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T12:20:00.000Z" ,
"modified" : "2018-05-08T12:20:00.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--2d06f66e-76ae-473b-9561-bd22199dbd80" ,
"target_ref" : "x-misp-object--09e5ec0c-0ae8-4654-ad36-b23fdd405bb2"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--805252f2-cf7c-4b9a-b404-bd4b545424c8" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T12:28:46.000Z" ,
"modified" : "2018-05-08T12:28:46.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--2d06f66e-76ae-473b-9561-bd22199dbd80" ,
"target_ref" : "x-misp-object--483c8559-c3c8-4a7a-a2d1-d7a7a13cfc20"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--c9e31d14-41a9-457c-a6df-a2aa17c470fc" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T12:20:00.000Z" ,
"modified" : "2018-05-08T12:20:00.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--33f0f2a8-76b4-4f1a-96e9-8c207dd86bf9" ,
"target_ref" : "x-misp-object--0ba9aa23-ed52-4caf-b6ae-9415d8006bee"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--6d1e3c8c-2910-4310-8e09-ab9719a56218" ,
2023-06-14 17:31:25 +00:00
"created" : "2018-05-08T12:28:46.000Z" ,
"modified" : "2018-05-08T12:28:46.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--33f0f2a8-76b4-4f1a-96e9-8c207dd86bf9" ,
"target_ref" : "x-misp-object--0f9c57e5-2917-4305-b828-df759cfe478b"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}