adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/56e050e6-ac24-43d3-9c24-4f71950d210f.json

3034 lines
2 MiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--56e050e6-ac24-43d3-9c24-4f71950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T07:14:00.000Z",
"modified": "2016-03-10T07:14:00.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56e050e6-ac24-43d3-9c24-4f71950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T07:14:00.000Z",
"modified": "2016-03-10T07:14:00.000Z",
"name": "Malspam (2016-03-09) - Locky, TeslaCrypt",
"published": "2016-03-10T07:52:07Z",
"object_refs": [
"indicator--56e05109-7bf8-42c2-9eca-4bb3950d210f",
"indicator--56e0510a-f0c4-41ba-a62f-4bfe950d210f",
"indicator--56e0510a-2eb0-45e9-9f8b-4ddf950d210f",
"indicator--56e0510b-e8d0-46db-9921-4f9e950d210f",
"indicator--56e0510b-ab00-4d88-9dd0-4bd3950d210f",
"indicator--56e0510b-b1d4-4191-90ac-4909950d210f",
"indicator--56e0510c-1738-4ad3-b6a4-45a4950d210f",
"indicator--56e0510c-19d8-42c9-8e8b-4415950d210f",
"indicator--56e0510c-87dc-4122-833b-4ffd950d210f",
"indicator--56e0510d-0134-4a73-8b7e-49e4950d210f",
"indicator--56e0510d-79f8-4c65-a718-425c950d210f",
"indicator--56e0510d-61e8-4e0e-b2f5-4b19950d210f",
"indicator--56e0510e-5d40-46ee-9aa8-4e49950d210f",
"indicator--56e0510e-b6d0-49ab-87c3-47ee950d210f",
"indicator--56e0510e-9520-4a9c-bf31-4838950d210f",
"indicator--56e0510f-0028-447f-9e20-4fa6950d210f",
"indicator--56e0510f-2aec-4749-9b4e-418d950d210f",
"indicator--56e05110-61d8-482f-852a-4d4b950d210f",
"indicator--56e05110-5f0c-4fa5-b231-4f6a950d210f",
"indicator--56e05110-8e34-459e-9782-473c950d210f",
"indicator--56e05111-89e0-45f3-92eb-4225950d210f",
"indicator--56e05111-b804-4d30-a2f1-4bac950d210f",
"indicator--56e05111-3ca4-4e1b-84ee-4eac950d210f",
"indicator--56e05150-3138-4ec6-91bc-4bf9950d210f",
"indicator--56e05151-b3a0-4e8d-8e9d-4419950d210f",
"indicator--56e05151-4260-4252-8988-4c4d950d210f",
"indicator--56e05152-03c8-4d94-86df-4eb3950d210f",
"indicator--56e05152-9950-4e78-8856-4380950d210f",
"indicator--56e05153-4280-4bb5-96bd-48bb950d210f",
"indicator--56e05154-dd20-4a71-876c-48b5950d210f",
"indicator--56e05154-ef58-4e21-97c8-4d48950d210f",
"indicator--56e05155-42d8-4da5-9eb7-48db950d210f",
"indicator--56e05156-d7dc-4cc6-bc94-443c950d210f",
"indicator--56e05156-2604-4676-9a02-48a4950d210f",
"indicator--56e05157-5e38-4241-90f1-4879950d210f",
"indicator--56e05157-4a2c-42cd-8784-4396950d210f",
"indicator--56e05158-4b78-4401-a4ea-4c10950d210f",
"indicator--56e05158-a98c-44ea-a2c6-4d17950d210f",
"indicator--56e05159-6808-4582-b5d8-426c950d210f",
"indicator--56e0515a-8448-43fe-a52c-4ccc950d210f",
"indicator--56e0515a-3b60-42bd-a183-40f7950d210f",
"indicator--56e0515b-cdd8-48d8-b0ad-4767950d210f",
"indicator--56e0515c-0838-4227-ab97-494f950d210f",
"indicator--56e0515c-4bbc-4d08-9b3d-4fc7950d210f",
"indicator--56e0515d-0898-4683-adbd-41db950d210f",
"indicator--56e0515e-f180-4367-b206-4a44950d210f",
"indicator--56e0515e-d0ac-48d6-9852-49c2950d210f",
"indicator--56e0515f-baac-4658-b3db-4343950d210f",
"indicator--56e05160-bb60-46fb-a1b1-4504950d210f",
"indicator--56e05160-5984-47a5-b043-46a4950d210f",
"indicator--56e05475-5834-4759-865e-420f950d210f",
"indicator--56e05475-1044-435b-89cc-4057950d210f",
"indicator--56e05476-80e0-4985-a496-4afc950d210f",
"indicator--56e0563b-bed8-4701-a1e8-4233950d210f",
"indicator--56e0563c-8690-4690-8762-4990950d210f",
"indicator--56e0563c-2cfc-458d-b7c6-4fcb950d210f",
"indicator--56e0563c-b1e4-4c0d-bc18-4502950d210f",
"indicator--56e0563d-c8fc-4574-8459-4618950d210f",
"indicator--56e0563d-c68c-4469-901d-4b5a950d210f",
"indicator--56e0563d-0af0-470e-954a-4143950d210f",
"indicator--56e0563d-3828-4bef-b064-44c8950d210f",
"observed-data--56e08431-a8bc-4ae5-adaf-40e902de0b81",
"url--56e08431-a8bc-4ae5-adaf-40e902de0b81",
"observed-data--56e08431-e128-486c-ad48-451902de0b81",
"url--56e08431-e128-486c-ad48-451902de0b81",
"observed-data--56e08431-52ac-4140-a1a0-484e02de0b81",
"url--56e08431-52ac-4140-a1a0-484e02de0b81",
"observed-data--56e08432-3a40-4d51-b365-46cc02de0b81",
"url--56e08432-3a40-4d51-b365-46cc02de0b81",
"observed-data--56e08432-573c-4d4e-94f8-45af02de0b81",
"url--56e08432-573c-4d4e-94f8-45af02de0b81",
"observed-data--56e08432-8ba8-4213-b16b-490302de0b81",
"url--56e08432-8ba8-4213-b16b-490302de0b81",
"observed-data--56e08433-8f20-427c-8f45-41c102de0b81",
"url--56e08433-8f20-427c-8f45-41c102de0b81",
"observed-data--56e08433-b3c4-4651-b935-47c402de0b81",
"url--56e08433-b3c4-4651-b935-47c402de0b81",
"observed-data--56e08433-5834-4fde-bc67-4c3602de0b81",
"url--56e08433-5834-4fde-bc67-4c3602de0b81",
"observed-data--56e08434-afb8-4fd7-b552-49b802de0b81",
"url--56e08434-afb8-4fd7-b552-49b802de0b81",
"indicator--56e11720-d168-4b40-ad11-4632950d210f",
"indicator--56e11776-752c-4455-bd3d-4994950d210f",
"indicator--56e11777-be00-4b4e-abae-40f0950d210f",
"indicator--56e11778-3700-4f81-9c82-4060950d210f",
"indicator--56e117ef-5320-4c92-8649-4679950d210f",
"indicator--56e117ef-17a8-4974-bfa3-46d6950d210f",
"indicator--56e117f0-8998-4652-8b0d-45dd950d210f",
"indicator--56e119b1-d4c0-48fd-9311-4da7950d210f",
"indicator--56e119b1-bdb8-4734-be5d-43a0950d210f",
"indicator--56e119b2-5cc4-408a-8134-41f8950d210f",
"indicator--56e119b3-0118-44fc-9333-4836950d210f",
"indicator--56e119b3-ebec-4ea1-9a1a-4581950d210f",
"indicator--56e119b4-1294-4866-886e-4537950d210f",
"indicator--56e119b4-852c-497b-ba37-49dc950d210f",
"indicator--56e119b5-d068-4f79-a60b-4817950d210f",
"indicator--56e119b5-fadc-4715-9f62-4760950d210f",
"indicator--56e11a49-79e0-408a-9404-4ae0950d210f",
"indicator--56e11a49-66b0-4a71-8eec-453b950d210f",
"indicator--56e11a49-3da8-47b2-ad4e-4682950d210f",
"indicator--56e11a4a-e794-4941-900e-40e0950d210f",
"indicator--56e11a4a-e62c-4d9d-96a7-4419950d210f",
"indicator--56e11a4a-6758-44aa-b6e7-44cc950d210f",
"indicator--56e11a4a-477c-42af-9c90-46e6950d210f",
"indicator--56e11a4b-2ec4-41af-aca4-445b950d210f",
"indicator--56e11a4b-741c-4756-bf7a-44bc950d210f",
"indicator--56e11a4b-6de4-48bd-94bd-4274950d210f",
"indicator--56e11a4c-f22c-48c1-954f-417b950d210f",
"indicator--56e11a4c-f064-4128-90cb-47fb950d210f",
"indicator--56e11a4c-0248-4240-9c3a-4bf8950d210f",
"indicator--56e11a4d-5b58-4a82-9f43-4918950d210f",
"indicator--56e11a4d-6790-4d68-81c4-4c52950d210f",
"indicator--56e11a4d-4428-4553-9913-4dc9950d210f",
"indicator--56e11a6f-0dd4-44d3-a5ae-4606950d210f",
"indicator--56e11a6f-3a5c-47a3-82ce-4305950d210f",
"indicator--56e11a70-ce24-46e7-a898-41cf950d210f",
"indicator--56e11a71-7fec-487e-945e-414c950d210f",
"indicator--56e11a72-b760-4f12-88ac-4a53950d210f",
"indicator--56e11a72-8464-4817-b455-401e950d210f",
"observed-data--56e11eb8-47c8-440d-9578-40ce02de0b81",
"url--56e11eb8-47c8-440d-9578-40ce02de0b81",
"observed-data--56e11eb9-99c0-4a86-8381-4c8802de0b81",
"url--56e11eb9-99c0-4a86-8381-4c8802de0b81",
"observed-data--56e11eb9-8f0c-49f2-b65a-40d002de0b81",
"url--56e11eb9-8f0c-49f2-b65a-40d002de0b81",
"observed-data--56e11eb9-af70-44ed-9572-431f02de0b81",
"url--56e11eb9-af70-44ed-9572-431f02de0b81",
"observed-data--56e11eb9-7018-4708-a936-409002de0b81",
"url--56e11eb9-7018-4708-a936-409002de0b81",
"observed-data--56e11eba-d16c-4cda-b5e6-465502de0b81",
"url--56e11eba-d16c-4cda-b5e6-465502de0b81",
"observed-data--56e11eba-260c-43c2-874d-4aa802de0b81",
"url--56e11eba-260c-43c2-874d-4aa802de0b81",
"observed-data--56e11eba-bf28-458b-8580-4f6a02de0b81",
"url--56e11eba-bf28-458b-8580-4f6a02de0b81",
"indicator--56e11c5e-76bc-41ba-8290-48ff950d210f",
"indicator--56e11c61-5c48-448c-88ef-436b950d210f",
"indicator--56e11c64-fc48-44b3-9302-4f7e950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05109-7bf8-42c2-9eca-4bb3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:25.000Z",
"modified": "2016-03-09T16:36:25.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://kaleofis.com/system/logs/98yhb764d.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510a-f0c4-41ba-a62f-4bfe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:26.000Z",
"modified": "2016-03-09T16:36:26.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://ari-ev.com/system/logs/765uy453gt5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510a-2eb0-45e9-9f8b-4ddf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:26.000Z",
"modified": "2016-03-09T16:36:26.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://www.ekowen.sk/09y8j']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510b-e8d0-46db-9921-4f9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:27.000Z",
"modified": "2016-03-09T16:36:27.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://torgtehnik.ru/system/cache/.../1.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510b-ab00-4d88-9dd0-4bd3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:27.000Z",
"modified": "2016-03-09T16:36:27.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://witchbehereqq.com/69.exe?1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510b-b1d4-4191-90ac-4909950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:27.000Z",
"modified": "2016-03-09T16:36:27.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://witchbehereqq.com/80.exe?1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510c-1738-4ad3-b6a4-45a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:28.000Z",
"modified": "2016-03-09T16:36:28.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://mommycantakeff.com/80.exe?1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510c-19d8-42c9-8e8b-4415950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:28.000Z",
"modified": "2016-03-09T16:36:28.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'mommycantakeff.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510c-87dc-4122-833b-4ffd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:28.000Z",
"modified": "2016-03-09T16:36:28.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'www.ekowen.sk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510d-0134-4a73-8b7e-49e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:29.000Z",
"modified": "2016-03-09T16:36:29.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'witchbehereqq.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510d-79f8-4c65-a718-425c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:29.000Z",
"modified": "2016-03-09T16:36:29.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'torgtehnik.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510d-61e8-4e0e-b2f5-4b19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:29.000Z",
"modified": "2016-03-09T16:36:29.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'ari-ev.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510e-5d40-46ee-9aa8-4e49950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:30.000Z",
"modified": "2016-03-09T16:36:30.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'kaleofis.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510e-b6d0-49ab-87c3-47ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:30.000Z",
"modified": "2016-03-09T16:36:30.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.117.183.252']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510e-9520-4a9c-bf31-4838950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:30.000Z",
"modified": "2016-03-09T16:36:30.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.243.75.135']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510f-0028-447f-9e20-4fa6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:31.000Z",
"modified": "2016-03-09T16:36:31.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '147.213.4.6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0510f-2aec-4749-9b4e-418d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:31.000Z",
"modified": "2016-03-09T16:36:31.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.82.74.197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05110-61d8-482f-852a-4d4b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:32.000Z",
"modified": "2016-03-09T16:36:32.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.135.108.94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05110-5f0c-4fa5-b231-4f6a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:32.000Z",
"modified": "2016-03-09T16:36:32.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.118.142.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05110-8e34-459e-9782-473c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:32.000Z",
"modified": "2016-03-09T16:36:32.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.25.97.48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05111-89e0-45f3-92eb-4225950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:33.000Z",
"modified": "2016-03-09T16:36:33.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.108.87.179']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05111-b804-4d30-a2f1-4bac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:33.000Z",
"modified": "2016-03-09T16:36:33.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.73.151.140']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05111-3ca4-4e1b-84ee-4eac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:36:33.000Z",
"modified": "2016-03-09T16:36:33.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.64.35.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:36:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05150-3138-4ec6-91bc-4bf9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:36.000Z",
"modified": "2016-03-09T16:37:36.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALKEaUjJK1Q4YAgAAD8TAAAgABwANDRkNjMzYTYzYTM5MTUxZmJiN2Q0ZjVmOTljODNjZmJVVAkAA1BR4FZQUeBWdXgLAAEEIQAAAAQhAAAA2kLCjUkPHlgz+xnxM0b6U277XWS6kKgMiuJTB53mTW4BBnv+ScNVI+ux1aNRyhuZuciEK99o46p6XRgHRVCY7iCwm0/K8viBzUjPEGESkRYkmlYAjrC4Qp2rI4IOKw+8uczFptjv/v6tobfVW5qT2sN66p+u8PBltRmMVwF446LvtCTWAh0HV/9NCZyMDUxkse8NlAP/ZaMwDrA3/eTfXH4lOOm3jKadzzcWTnNbn5f3bdiev1rW5os2qFcv86ISabvLxZxN8iWSRC3RUB+x0URHOGZSDotTNVPaaM9pV0jq2dHRh41ulc5bK+2lctHKOKGuuXhldJYMZmXodegeuAivHcjuMoW7RGxmOTWv6Q4jImS+m2GDAmmir2/e/0ueNBeiIQWWGX4TwSwVmAG3HIkgtdWkrqWmjuCBY8xO0dgEX0s4hxCJAiaWPq+8nfodd1tD1rUJZX3yGmoEj1HUbmA/WP4UXK99RMQXGjOJGZEyrA9/SKgqsEYErS0F0tRFrojfnqWMgE3ZLHsouRtiHEnIFeDBpqy4thMTHzkiayA0W1DmamNyAWWnaxp4BzZFgRBXx8V3rrXKvE6RSitm9XT0pKQY487tIRzpUZq6T0rbKEfpj1itZb3C40q7C50jF4f7DpJNcAd8fwFHzCg6XMMrbI/nj5txg5eNMfCxMtqC/rMTHPqLDc9Jzio8oykJ84yz+Xu9Fdp0aAfLjCJRgdMzTYnjpqIpov80lONr5ZP4m7NLeSNaWZJO+3fTmKn10kHSUf94LYY8bg5AceYoibThzmfie0ixZDPRGj5BeiYPXqDKlro0Wug7KN6rvSIQHnZyL52EDVPJM8nYbWoMTfftuBvuCzsRDQ1T1izuexefVoQiQcnO5ye6myX7mJe0iU7+iHAas340IwKyLpaime517S5NresVvGVFT+iKCZkV5dEF880Ubjmoez4LFfxR5vKQiJsbhvu6nF3I33X88DEuALIMu+pBBPhdZJBjAi+aXe5WfueRD5MG4Q4b6z8foodelZ/LF1rLytSAd+Zujrlc/bSjsGzNusQWQ2stzBtwLdVY3GniZoafi+GQ64sBV2+CJF8e1JZfjrR5KQ/gKcmKRtEekVUi57zj5yI1PNY3+p6RYXG9v5JvVs6S99Z8oJMHw+3siWk7PJ0ZV87c7s0coCeEXJDjhrU+YGAeaDuqB6FWqpNS5s5AkZj0qbQYYvQVr7MkiYno1MNGtMciDJZb+9sZg1dki3tLpaYcpvH7CXygmM8MHHNvUJT+W63HimSRDWmHn3Jpe9ZNjIMRh279TXGgs256d0hMuejFmT3MkU3vuZXCnm+6Jgl+sudMy0ktyqZS6PklyIHk6L2MHjlcnra2PHQEgl2l40MJ9VY6lzSLxHC5rUTa1hfXIK278hOowYfiBGaFGPScdvUEUFZ2n3xgdnIV2M5BM4wwCzMseNxSD6U+6es/y7hM1B7i5dIZAz7O5fEuVDzKUXkuvD8FzXGvmfbUqQEKt7DqlKYWtARumnPL1vsPT8sFEsJz9mrbK+Jd6a8qDm7fmF29yQMn8JI9wZVQq99dwt1Eq/pRgi66F9zFxAavA7kToo+MaggcxP0HPlIz5kBes+vr4hs1pOAzDb5+f/ZKUmjNqZdCCG7va2PT4Npnck2MpBKCHfpsNIQLRXucBU57gyh+4i3qWLjLWeK5liKjvJIO9zUBP3CN9g0gsVyd3LssGxkNJDQZ5rkIrCCRlSImfVjA3htEFKvIPM0nvTS+ThEhUsJyHRx8HhlQJPv6Lgnq8NK/nWTJNEnro2N+pZ9S2h1jbNOWxuFvPnDtQIU+/b+fynu2B9e9J62MHMCyyUuwxbKp68i6POLoYK8PBgl1i2SpbpGbJaMAhcmvxESxn9sxznnAyrBiKZB3vAfIwSgfsSeRMdqTD3Y7DFeT+cI8kReOZQeUZBT3cxvaDOjOyY/U/HTh2dXP8l5WqoLuH8xuhbmHZqVgUcdW/UyaI5DVlNiXqZagTMpnd+VcnMk67VM5PEwksfY/PpNmoX4UgVfJbLniImICEqi4cy8IdyS6JmYG0Y44YW4k9olR0UmmybL1lZw3bcyKLXnbzBPg0iEPu+1U7lhmVN1iOw41C/NZv425iDglGRPak8ripYhCxpeBpI79QTekEzaNwrSZzqD7/xXMq8wdLkeeg13ynFRYv+j2PL0HbcDaIi0vnExmilBT3yNEbnZofKlGk1Lxp+ZT/QfNCLESmSNoWm0xiWGA+C1JwF8cHMG4jGwkLP8t4cwBgk7q09561du6ZsRRTPVcnqeq6wjozCKAtWO+3WwJquxKsmSrjZ8KV0j8uU8cT4gNJSHNAeZUMTw5PGIlY45SwGEX5iNuTV6utxLoQXptjQ5Kf/ALGHQERfmIbMbGqpbYFAvAFhiw5XdDM4IuWCe6azixQuFuBIDlxfiyZxBpnJDMGMwqzdv80WrwHn+fuOduLjtfjSz583jvzqIJBV7yse4ZN3FCbIcfyuuDC3qRr+cIb+o6R8/eppxiA1YpgzXLQrmgtM2kni7L2ZhWNsHaTx4kCzR4DQJjVt60lQI2Yvv8xDFLSqbXj1Sl1DPbGAq6wOi4Hvn/YPgnf07ScH+T4JNJHUYxH6423j+P3CKQxhmVPXWELOzJUH9eH5cD9YfxA3L0W/uqEWbUH/C1Fp3QmjkKnx+oiABwBqarIMS5RQsa6QZSeUFMCM0p/K/Aln07jqK3/Nsl2XMfcEhwUX/E9UAM0j1yPulY2z7zHndRJvtB1dQLMstzjD9+ZtGBwCEy/Lzd3kCc0hhi37qe2Hjxu++jw+IhnLmYV7OGcqf+HIPfySHMws0Xzf24NKFpKJeGqSpQSwcIyStUOGAIAAA/EwAAUEsDBAoACQAAALKEaUiShGYnEgAAAAYAAAAtABwANDRkNjMzYTYzYTM5MTUxZmJiN2Q0ZjVmOTljODNjZmIuZmlsZW5hbWUudHh0VVQJAANQUeBWUFHgVnV4CwABBCEAAAAEIQAAAInT6XnawLQV6WRp2p4UJuT+JFBLBwiShGYnEgAAAAYAAABQSwECHgMUAAkACACyhGlIyStUOGAIAAA/EwAAIAAYAAAAAAABAAAApIEAAAAANDRkNjMzYTYzYTM5MTUxZmJiN2Q0ZjVmOTljODNjZmJVVAUAA1BR4FZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAACyhGlIkoRmJxIAAAAGAAAALQAYAAAAAAABAAAApIHKCAAANDRkNjMzYTYzYTM5MTUxZmJiN2Q0ZjVmOTljODNjZmIuZmlsZW5hbWUudHh0VVQFAANQUeBWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAFMJAAAAAA==' AND file:name = '092.js' AND file:hashes.MD5 = '44d633a63a39151fbb7d4f5f99c83cfb' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05151-b3a0-4e8d-8e9d-4419950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:37.000Z",
"modified": "2016-03-09T16:37:37.000Z",
"pattern": "[file:name = '092.js' AND file:hashes.SHA1 = 'da893665253bb150357f5334044ce226f83bf5fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05151-4260-4252-8988-4c4d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:37.000Z",
"modified": "2016-03-09T16:37:37.000Z",
"pattern": "[file:name = '092.js' AND file:hashes.SHA256 = 'cc34e2ed0fc564dbabadddaa5c7f953f7187a6d5a8aaa8ae92edd9d11baf3de1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05152-03c8-4d94-86df-4eb3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:38.000Z",
"modified": "2016-03-09T16:37:38.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALOEaUgSGRSnfQcAAAgPAAAgABwANWZiZWIyOGFjNjQ3ZTcyNTkzYjM1NzlhYjUzMzFmNmZVVAkAA1JR4FZSUeBWdXgLAAEEIQAAAAQhAAAA9KwrSFG4a1IUgG0pd0b3V7L0U+TPc32MJ4PDUJJfy/IYxS4BFl/VcGHsu/h7mdkme4uDxXADaAjjenF5xfg//v3ryZkKQ/o2RroNuEz9A+jnUpB88FFgKp6c1aSM7znNxzZ7xa9CyAIXVSmhW8okIYH6c49CwCgJq15X2oQUvqRmiMdH+j2C5uYrwk62bhlKQZxImx3w/9rGfJ2CcczGve3iZLeuaacQAC9SsWdY10dhZBC76rdkGgaKZ8GUdzuozPGI49p8KkxsyyBmuiV0VxRQRzlRjiVq8FkAgZ39KeoiHsDRvOnebZ5+6iwHhkCwP6Bdi+DQT79Ca1uCpdl7FR3zMXNX4aQQ1DXWQbyts182xdkPlLbQmyBIltmgLNgHKnqE7RCMKf+jAECM1BTxzDvqquw2iZmaatTjhec30VtlS9zzwrE9EJBlnViz9HH1bSkOcs6GsJeHiHNHXkvomqsldPXgXU/oVylR0Ys05ZFVvGsSd5Ww83B2xKMyN4MeR3XkahXuJlDj7y4shWWcajfFwgZ8DfBzMOP5l3pBL+6kjEsGWlZoENV3khIXo+ST5gIJWDDBBN/dwkiZr6ygBtCWQ7lfY1tVBT3a+0tL9N2ZXUl6zGiJGznRuAWLgA23qV0nHm/N1NLIkF+0rVQUnaO50rW3sJqkFxVYx4vQJC+joGyMWASVSvLyG7laQbYmZ8Uh5hIMKdRnwSYNPo9AoPD2VDzeCZO6rAzXvyQUC6mYXnKl3jOvMtg+UA4QK8/nCB3MZGOvSWl1xMqxVNogiE8ThHqPXyMZVTPke+GMwALpT6iCo21sAi8wpeq2h63Vi1ZFb1RqPOIf3qVU9gIXksG7E/TowkoeROQXc8Pfn1bz0qb4f3zBSmjo/KElKIO19xbTe4jfGbh8PJ7Y9W+o7mNXmLq41GFGctRcX2sshF6qPx/4PH5GjtRO7S8iapHKGj8MJiIBZKHjAsWcloKAtJBvE2jvsLHHXihnggtYqR7DREvy55uH16n/Kz69q3M7ljsOYwIyDLy4jEdlpO0eWgTA71RTppZ9ITjE0tHouqrgBqXI1pWxqoeiU2ynkxNUogaze/t3tfImSIW19zUQW0Sr3TH0sBFjd2vET7vsX8ExCl4v0y/blvM3CwshuocLBZCHdBilQob+yfZItn0M+IzpTxxaWlhGu2clMoawPsU/auxKB4VdQmlGq1aZsImjd8F0XWPazKEZrUKZkzcBUSFuJ94WoUO3mVQ5NPwI6qGU+NY/HSPxuj/oKV9W2Fx9oP8taZe40eqEqr05wJpD73rF4Ev1VdRt9jrU+pXX7xPkU921emeyXQHyVzk/NT5wQVl+U4nlYFwmnYFEM3sj0XGOjwZwn4WQmH04mQOXviHsIDZJwp/f5SZpdLyx6ftHnbgJByNT554rt8m1eflbBKiBDdxIgoGNo8DqExucdA2gaHtaixZ8VwFPgDKkocTtx3k0X+C5gCkE6Y7Sjc8l3qQry8KY/kJ8QvrcQBTiqHCiuHCEZFaXCMY8Pe+g5iPziiqxtu8X3a9jZJtffMWpmRwVvjapWzpAgasr2qXb3+62MWXC+qdfHY/nl3xJJZ1g6wLIrvCrbRWok05g4Lqwy8tnXd/L48np4YJcTWRdmAaPqdtJznrtQxg1pYn6I6ZOqY+ZXTsxON+IxzDBPUz8rBok4Z/gb7sG/57eqOyrDp3np/18spd1tpiBk+S6VsEoifcUz5ITv6QU67h8Wccq7YF4IW42KNyMEEO5UTS+/vosdEGc3c7OyfEylIHvMhoc91HW6xWYuJxQFan7cuJInzO1d5ogXEh96Jdf77Ekd3+XGovnFBeUA0eaw6gZPWxT1LS531/haVo9EaX65O8XIJ7kEveksnxFZdALCTPs0ZXsLuIDUj3XuB9B4EWk6Azrvc18p0oo/nKc7QwYBPrOhCqyObG/qLje4TARwwu8qHDrjzwTJe1eEGM7jYESxgjf49eeHNCeByjtiMtwhn+IdthfHY97fmLG5lo+mIxQzlJfwo/8D4M/M2Dmwny19vE6C4byLqLLLxuFIcOQRAuInrMURb3tcPVxVINyEHTYmsECEudMppiG1d7jaomvqMvkhaz5wHVaoVpOqwJt4GzQ9iBJi1juwnYq07ZHZJpkyo4ePVl+rAIms7vhCFqg79JUZAY1w0LmtwclcpfT69NMSsc6pjBpG54pc3C7LAW6WC9tkUHlG54BuVJxNcDvcFpD1aLiIMjBLgN3vTjTz3dotI7Dh84R+TjyuWxW7rN+pO/Pu0pA9OnB4X+9Q7+Ji35RB5/4umIsLK7JfjB9pRa6Q6J8HBWg9i9tCFJhvOc2NUU3OIaOlk+ZfFVt5vGyf0LxMVGQr3Yyk589Snv4puS3y91MIiPNlVcaZ45XUAZIBO9/l/QE3CLY/NjfrufZHT/Z+kl41bT2p3RD+E1LRvKkPttNPJ6+SFL9aryOlL8lMUrTiqvcb+d+NB0ZFRmUPzTRHVWK+TN8nlgWVqa/pXhcHfpIc+5hyzNUPARkKs4Ih8NH6jBBK8qfLNJyBJnvUEsHCBIZFKd9BwAACA8AAFBLAwQKAAkAAACzhGlIUDY4Qh0AAAARAAAALQAcADVmYmViMjhhYzY0N2U3MjU5M2IzNTc5YWI1MzMxZjZmLmZpbGVuYW1lLnR4dFVUCQADUlHgVlJR4FZ1eAsAAQQhAAAABCEAAAAX6dJ4iW6Mq8zVdlQ6kjB6Ybc5HSSKY2OXtBOqnVBLBwhQNjhCHQAAABEAAABQSwECHgMUAAkACACzhGlIEhkUp30HAAAIDwAAIAAYAAAAAAABAAAApIEAAAAANWZiZWIyOGFjNjQ3ZTcyNTkzYjM1NzlhYjUzMzFmNmZVVAUAA1JR4FZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAACzhGlIUDY4Qh0AAAARAAAALQAYAAAAAAABAAAApIHnBwAANWZiZWIyOGFjNjQ3ZTcyNTkzYjM1NzlhYjUzMzFmNmYuZmlsZW5hbWUudHh0VVQFAANSUeBWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAHsIAAAAAA==' AND file:name = 'invoice_Dpoqlp.js' AND file:hashes.MD5 = '5fbeb28ac647e72593b3579ab5331f6f' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05152-9950-4e78-8856-4380950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:38.000Z",
"modified": "2016-03-09T16:37:38.000Z",
"pattern": "[file:name = 'invoice_Dpoqlp.js' AND file:hashes.SHA1 = '49d55b2251f5b38c4b5bed3caa3a22cb350b8c31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05153-4280-4bb5-96bd-48bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:39.000Z",
"modified": "2016-03-09T16:37:39.000Z",
"pattern": "[file:name = 'invoice_Dpoqlp.js' AND file:hashes.SHA256 = '1f8f0007f437b4cf355913722568b95112a3786be6d24c0980cb4bb72af94d96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05154-dd20-4a71-876c-48b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:40.000Z",
"modified": "2016-03-09T16:37:40.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALSEaUiyMZ/XiwcAAAoPAAAgABwAZmI3YjMxZTkwYjgzMDhjN2U1NjI4NWM3ZmE0MjZlZWZVVAkAA1RR4FZUUeBWdXgLAAEEIQAAAAQhAAAA3i5zydo5/39FWUZVrJwHpgsm2fClRLb5GWNzE3pMq1HYNIuCOGp39B2s+Yu98dYD5iliZxDGqRkNFhr0wLqbCwknfL9p9N+pY5j5IzCN0t24D5YnT0SJ7jBzeJyXPkBrRWaUss06EdOS96WYOZQHZhKHczdEXQ6lyGXuC4mOCZc/UINmTye20/+Cslh3ao4JC2CLClTMwvoR3fnvvJeJFT1Wqy16kBJtGvtyNZ6eu3Yp2pDFeGUB2b49eUU5UMVFwqKxv1gjb7Iyfdzchr3Uh5HkAeWCpJ365KScz9YdYJyluuuBNRET07W8zT8suJDjGwRUSc5vRXJ3PSsJ0UfLXQim80iZVGgvlnj1YF5c4wSxqdrkFYTtJxGC6s6SQQwiHB9ONIM1a1zc+4yOCo2vtjaW2EFkwUnHAsohMBnCuJydjdZ5Zlfy99amYTuOQ63lzA/ZEmbEvj5n63ME+EUvvKxXcupJiMnQd4sMDw2mq4mVbmZoj6/yhEnMS/QV070/QDOI9uJ8qdQPayhArhAyV5+1Im6ppgrdlN4Ld++Xxn5FBceLxH56OkEcyxnWhnlEs1aAjVUrkdfPuGMbBRzG0NrPqcvYQu9tPYg/50oY1wTpoZgxVXZ5kToxF8UsqL0lw1nn8FeY2JXEBA/5/naAr5jVgcNwkXW0HtiokH0GmlZlFUH00PNSpz2P/DWfkAQk7Fd2Tkw/J98uW0/7ncAKZqP9m56M6lyJqlnac56Ulk18Pyv2wHlEvN8fxdBIpUS1EJ3SxIPPyfQSMQrPWwwka6t5wPNpSInBATAIys3TQZf+slbXsFXO1J3h9I+EaCOZdqgb5cZ+LsMBiB1jLKcq4K42SW6/YK090t68KJOkFGaAxqtluWjDklkEiJOJeTEf3nRmGnbHzeesNeRljLmgywqI0hwORpe0/GCy84X/9wVnIeG9zXrn0ap+UqoT15JCroFkVqQ5Cq5xMynlCunrbwtmcssKSP/sAGJSN3NcJ73zOWWxNIooVzUmlUjvRIIQ4WFOlw9HKOh9s2LhunSa+kvBABnJus+opUb2La6jm5L8hsgnQYpdujCSJ5zWpIt+y0FZ/ggxxINy0EWh5FYjgwj+adhlEYu/kwii9aAAwYu0vVTqBCdu5cZEoSOvUvpgfQB6L3PooE6SKLCm8aRR5gCZlCn7TG4o9eIEffGgkGr/HUtjFI8rv6s78J+7jQX5MkhGXpByCwYjoQqi8TtHWgXMaIbyGHChdPdWQiMfXXyuSQZAbHVzbP8WVdLGlDHolszj4fOq7WyzicSIXYCSUFQS4am2wvCCbdUq6sIcnmdrANLuh7Fr43yxJPOsmKO9r6Vjzpnq8WjRfPTb4KNm/cbUbe1RFU3JR1OC1kbqEzmwOwLPm9gKssu0RSbe0JO8t8P8PKCtdzKMzeUj0lXXCQiCFlwNrKrbIMcijtgKy+WzJd95lwzSocK0bLrVHPYkAv7mlPfOD+tbjHKT2xkFRGRygNlCP3HX6US/ZwkbVJF/U0F0+Vdj6FtC14sCVGV387iJy8KH/VQ9tzaRimIuq37b01WThEFW0soqauz3wnoNcvp2nUnsalJz+YIUtinJP2xHpF7MAzEY82SSCK352qFa7YW7QqtVLdzC3XAsgN6iasH0/qkKj8QFh/O+4HKeJ6v30RRetNu/8EGBcmRYXvpM0VGZK2RXcCiOIoaumn02rHI9tjD3/52Ruu4HQh0qxOi8tK0z5RISxIjHMEDr0aXpxBz9+dwaB97k6uDFDHUJs//A9xpUK2ZLVtG8mmRwbHZgNdASxRiL/dsJ4atheFR9nyYzGCxWjULlygdJzeeZll93j/HA1tzEttS3U8fK+D6a+aXO/iEAA9o++LkausOVfrMhX4PofmiRSUk5zJBuN1O0Gxd5Etg3Ns7MSZFUGy9f4uzHikWq32t0RApfx/fT+xkTDyhJUuESDtfh/TFzqVZnVOiPNJZEjV4UI8XkQwhYD471ZGe6bUGa9pi3eIhd2ovm6q5nOCUT9xA4kwn7fmFsjG09EW6766egZCww6UJBR5/Ub3anGTJVUSucGgGa5MrPAOXvCW4QNeaZDLpNzqVh2tVjF7sbAABWqAHqr6RcFn7PTaDM7uxxd8jTxBxZGzD+xTQLSRM+MD/1+4RybyxOWwwbc4mhxto26R+eYz3UWVOnEa6z553uOXYRgxh0+4absMRDLiD1ERZHIUj38lt5o6xSTAhv2onpvqXyOziyissPW4Ny1GgCA54E9fZVehCFdUetm0qoFbV4UNkJPGVomqQ3mXaA1LVGsHgW9iwZorHK4O6KrShe05y9vABsHhW1/5llEjLM7gu/queiRNrvmZvay8F2GsXm6FQiOgbsexhMkPrWwcenNqDHicfGfLzq/XK09f9qOFQYKsOkE/BuQK3bJM1E7fd9o35+7KU98oosJeppjR0HIj43E3F3/LGHFwpBxfYGD5gXHRdFamH2/hsprVUJxhiq1rgopZiOLZGrZ3OLsr/sNVM5QN61WrLKtI96ZTvuit6gEij7rTKCMw+YQ32W0Y2IHlfOpD8ykBGHsXP0SyhQSwcIsjGf14sHAAAKDwAAUEsDBAoACQAAALSEaUgig8CNIgAAABYAAAAtABwAZmI3YjMxZTkwYjgzMDhjN2U1NjI4NWM3ZmE0MjZlZWYuZmlsZW5hbWUudHh0VVQJAANUUeBWVFHgVnV4CwABBCEAAAAEIQAAADrHNTaGXfifPkJGsJzpMXErcnzS6LAcKuLGDVANXDTkQPpQSwcIIoPAjSIAAAAWAAAAUEsBAh4DFAAJAAgAtIRpSLIxn9eLBwAACg8AACAAGAAAAAAAAQAAAKSBAAAAAGZiN2IzMWU5MGI4MzA4YzdlNTYyODVjN2ZhNDI2ZWVmVVQFAANUUeBWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAtIRpSCKDwI0iAAAAFgAAAC0AGAAAAAAAAQAAAKSB9QcAAGZiN2IzMWU5MGI4MzA4YzdlNTYyODVjN2ZhNDI2ZWVmLmZpbGVuYW1lLnR4dFVUBQADVFHgVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAACOCAAAAAA=' AND file:name = 'invoice_SCAN_LltxSn.js' AND file:hashes.MD5 = 'fb7b31e90b8308c7e56285c7fa426eef' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05154-ef58-4e21-97c8-4d48950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:40.000Z",
"modified": "2016-03-09T16:37:40.000Z",
"pattern": "[file:name = 'invoice_SCAN_LltxSn.js' AND file:hashes.SHA1 = '71eb9147fbd1b2e26a765e7d4de376a1991922ec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05155-42d8-4da5-9eb7-48db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:41.000Z",
"modified": "2016-03-09T16:37:41.000Z",
"pattern": "[file:name = 'invoice_SCAN_LltxSn.js' AND file:hashes.SHA256 = '192a46bb8952ccc1fcbb620ce5adaf77b67f32949cf4989c1bed0a22ec46f96d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05156-d7dc-4cc6-bc94-443c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:42.000Z",
"modified": "2016-03-09T16:37:42.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALWEaUg+ldnXfgcAAAgPAAAgABwAZjU4OWI1N2MwMWNlNTY4ZDk0ZmRhZDg0MGNmNDEwNTJVVAkAA1ZR4FZWUeBWdXgLAAEEIQAAAAQhAAAA9KwrSFG4a1IUgGtq/lsDY+RHNZNR3FAahJi+utp2szYsGn37ewyxU3SGzigbDx4XEBjEiOPTCNE0SwfzSspMwqfd/1TeJfeLjitQztpnPu1jjPG9EN3XpOWzCqZIDy0Rdixupac7/hlaMae4OCpwAAebT4o4/UgaIyZqO6Vfrv8whNxbLD7BTamn43/BR7rFwEwPv5oHCHeIo67w0ihypRM8/ed1vtu2ehG/TNuRBjVKzoXBrvUGre4TAMyXt2kDwMF8NcBbEKPy0TfAaBRsBiZOSyBjKHXDV8kgHo3y46FAdw049Zv2NYgbWJBkDDOxMKYdTuBUwDkAVAMBQ989Mnjd7fP7XB0QYOBmo7aWrCJDV0mfH22ucrKFjjHqSWTRHb7z6xmlV2aM4HPtM4KC2M6wvHZ7BQTuseqG2kNSRWxStCNye0E9exQY89cKUIpwoVEzGHGN6XZeLDnm8FbceOlPWqs83/PUnLz3z5ePGwJ0+zq6xl5kQUJjY2CwOhorYpNf79aumEefG0HVHIP66UzER2qo3qNBnXe4cD3znnLUzTUFWp7cnaq5lTsUnVaWCwc91oXHvffwV+sThONE8/iJjKWnsUW2RehuZklRbPh0ls7PQnwwbH8uD/fAWfNpGMudbhM6XQRABTydIeotAUyqkyrvYMwZ5z1MI+HEFMDopCI/Kkqv1hjJj64o0VwyVa4dDYc8BQ9lHjXSmImoK7pvdwwSZ9LCI/sJZgEd+FlNqkTKcTiqVWreUD63XmWuL5hhuW63icJ7AFkyVmVrShOUH9/HlxJ888xEgtArD/oRVLGAQ/hPxov1fYbW01GcbakxVa9b5Dw4wbkXJnzx+GzhLXfGXfajwDdMk9rB8WCKVKHkFwSgMlM2S7UqMlNsDwnBLYG/Xdgej9rvoHY4UQGiproAz4s7x5mNOUvRGVcATgEqi5zglxgzrfB95pg1mHQnfYoTICti8GZLBONpDD8ThmykZ85SJ0+Fj2Ja1QKDl2uuc4Avfpk/fZ6Bb4zJAHnlFKnSzlvPRpB3vbTuj90tjQIEPvI9SvQJ3A0hEoclpL4SgGhWSeDuM/ED7USnjQWOYOjNZHg/szqMEfogSMKQmidAP6ogml4W8vk2PrCi5EZuZMYc7qUUQ/l9Fh13snklG7mT9AjQu4kGHiRM4Wo6TBIW63LcVYJBG5gscY2wJOKhUi/e01tCoX8+dlii9Nbf8adRacMc7Vf9nVihdLBuQwSZD8AzApsgAkS3jYKqgTJlCmuWa1Y6EnP4n8f72bpIhhiqDbFm2vZOnYAZyLo4OxqRQIBeBB5HEnRJTzpOqoKAQ1zedUtv1niEuQMUEoS3e7eFN8f7FIfoMHq0HrgwbEbTBXtil6IXjoYozSmMhBaWeiOAYUo8B5EOnpM6T1QwC5H5FoDMQ+wRP8qm8RiszPNwkeRcPC+jhj86g1MaYFbFuh2cvEghWlAyLapLjpPIo7irgD9PBTqycBv94PP2SAa6sht74hzQg5Y0xuMRpDBIziJOqrteCq2pytFIYk2N/dlIJrtKqfzsJq4LwGovWEGcAp7o/Fu+Ibtb3s7bcOkAJNIBxym68srtSJlpV+poLwlfWKEoxuZZiXCNLLxgnpMYrXD6bpPO7luHRc8kw5ZaFNOVwtLHEtfV5pEkhBvWaX8tkOpAGgKKr/dBdnuXPSVZbQv6kI+GFRlIAcIPr9CkOI5q7+qZHDfrHxyhnpqAIaljkdyAo9EOGC/nRqo6p6eyMJBDJd3I7tqUlOqvOyY2Qj0wewtx6ChuQAKpCPHA5yJhSOskrVDV9kAMCPOjCj2h65D+CDrx6M4BFXlRkn2FAvt6e9Pl/15Oso2nGeowKRIsGAZNglcW7VEmXoErgVAb012rBfqAdZz7bXW2Yi/ZGhjmF2ysNKRaVlNU46CMEpTxW06zGNrXdhLUjQNGKNCd6moC1DOEDsxbQwnjPviN1sjKRjY2qErqVb03xvhfUr994bTO0o0LxHGSlYhaMUYeDIL+5HHy5wLSAiAkqOwyNO05EWwIgPZCCOvQ/Np6wmaTMXFmhVxkMiDyy1Q4quNrez31ecd6dxi5A1pGCFQEZR41czt6d94jWE73FQhuv7+BtEbtpYxvY9Md2tM6GtbtiQRXER921ZjW6GGBxrK8yXnhkFkcDL7HmQLAPq90i++lsz1ykI991nNCy4+tIJTbGHIohcxP1tFWi1/0L3H+V5j26shw4xW1VFWoVMvIQpdQDjgrQLDZw090p8bgy2IipYlDGT69D4DJbSu3FYubvZkUmLhVvd95jJFzM4/cO65eeSyEo1TGFkLufdiAMsLavU37tefAPh1z8F39wOwv4rXcNnCA5g5xJ9O7ZWG2iqOiUvPIhjjk0OquZ65ar8wMOAqIzMTXQ+na0/vHMScY8swDQ8ULXfWOQlnJlpSZay0Dbsnox7OazAm1y0CqLE8Vu9OpqUjcxovrThnQIOyBga38B1uJifOd1xcwhA1xRpdYNasqoZhLBE7EdIVsDrGcossqGzwFyNdKH1QjTpu7k1tb9bjeB+/7xVBLBwg+ldnXfgcAAAgPAABQSwMECgAJAAAAtYRpSOvylHEiAAAAFgAAAC0AHABmNTg5YjU3YzAxY2U1NjhkOTRmZGFkODQwY2Y0MTA1Mi5maWxlbmFtZS50eHRVVAkAA1ZR4FZWUeBWdXgLAAEEIQAAAAQhAAAAF+nSeIlujKvM1XDahZQSUItT8KEdp2G8EOwdEBRr26vLjVBLBwjr8pRxIgAAABYAAABQSwECHgMUAAkACAC1hGlIPpXZ134HAAAIDwAAIAAYAAAAAAABAAAApIEAAAAAZjU4OWI1N2MwMWNlNTY4ZDk0ZmRhZDg0MGNmNDEwNTJVVAUAA1ZR4FZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAC1hGlI6/KUcSIAAAAWAAAALQAYAAAAAAABAAAApIHoBwAAZjU4OWI1N2MwMWNlNTY4ZDk0ZmRhZDg0MGNmNDEwNTIuZmlsZW5hbWUudHh0VVQFAANWUeBWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAIEIAAAAAA==' AND file:name = 'invoice_SCAN_zLWtmD.js' AND file:hashes.MD5 = 'f589b57c01ce568d94fdad840cf41052' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05156-2604-4676-9a02-48a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:42.000Z",
"modified": "2016-03-09T16:37:42.000Z",
"pattern": "[file:name = 'invoice_SCAN_zLWtmD.js' AND file:hashes.SHA1 = 'e7eec76ef8add57a102f38f9c1ad9da61ff2c79c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05157-5e38-4241-90f1-4879950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:43.000Z",
"modified": "2016-03-09T16:37:43.000Z",
"pattern": "[file:name = 'invoice_SCAN_zLWtmD.js' AND file:hashes.SHA256 = '1af82c782877d943a137a3d7de610cb2cfc8871879de4912d6b5cc3c6cb0acea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05157-4a2c-42cd-8784-4396950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:43.000Z",
"modified": "2016-03-09T16:37:43.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALaEaUjaJQl50gYAACgPAAAgABwAOGNkYjdiNWQ4YWNkNDM5NmM3ZThmNTcxOTNiZGFiZGRVVAkAA1dR4FZXUeBWdXgLAAEEIQAAAAQhAAAAVkkVf7+h9kQQLblXIFE/NSTfyR6aYLrYRcodJEPdrQIUJ9Zaa9GhY/0hPb/Z+Wbpl52DeiDg8Z8GWv9hn9z+iVNBpNROuoLDlREbPSoCKPwxqARrB4ZfzAittkGaHRjYdT2hEAg5cdwqt074EkrXGop7fpnyZ64rcXaB/eFRNNoc0lYHiOpUnPhenGclPJVklKe1RqAQ22SOiouakPm/fMCpyvzQxt+INuc32DYvr89Q5mHT4jDHPl5VjfozJ1VqvwP8fgIsVEQFhIt+pdr8+EgtTmjlxBIVxw8SPKUX2MzIbeHlLc5MnldgdVe7FeyVcwkuXi5logOER4FEVE+byi8y0rWcN6DJ4q3sGgdBUtv50Yd+Ht+GWxbDrYIbGBXw4yMTD4KLkiiyn/VIc3f78rx8ak4hlApQUMERpic1PsBjIM6TZV828rZvWO644QOZrd2005RZhS5NxSmhFn2ChPhtO0jxh+g/7TXP4UtSLMlBhaKCa1PFdi9fNbE8XAwSqx07AxO3U9d2Cr6mwAjoyryEv6bRjvWVDXo1EGyoSf0lx01U0XAYViJXA4M2/d7H9N+VTLXIkkv1cPcOZBrbbamg0kUAYVnW0vpmz9d4aLWJg8kgCjkoR5gt4uwB8zUYu+14N4Bd8y1Yb1eyjJ74yRynZhxqq0OUzooThK8TyyOXgKDtRz74qR9lw9xBUQawbxjzWqL/vDJt5/z5fzGMjteOtO2bUsUFIEPJ/K1/GDW2QADpDx5m0OdUsEVmpsitGd3/gVNch3fOkEEDOlxkSzLCQIz6lhl7/RmAKzbKQnKFI7ucpuuiw0OTiMw37UFFFOTTlyIR8G7Fo5puk9sul5rDixyLp+9NLpKX2PBt3ZfsWG1wz9k/jTWdmRSbSj52aBE9wmrQYNmKmLidFiTg9yjf27pcb1Oi9xnMZMt7HrLnAfQUQWK6AjukEZu1pzth/zMjXW1rbVdYakUhaN52PIP5t8uTcTBCLc5j8Tp0wxzfa1/5WVBmmENmPupc6ITTAIzNrCF6RU5lTu4CyQTNnrWh2wtMAkzzzG/Guc4VECJkueXmDVp7iz5rgIUtbL7G0vA/13nm8WODYMrzN5R4wiqyBqFEKGLR5gEs2L2DMc+9rQ6Tq/epDxsYInjr49J8gG2tdGu2MVKGf+PieCN/bRWZHN/u2DSZy0/R6flaKj/DYG3MnxmrTluznhUgP6+GEF4ioFITA6rRn/xEPml9ENBA/EiJ2zfqPZhNfbHJxeH5CV2mQz5LHjzp1IaJPZgFgdMcvhJQT4Pu/xDXbtnWqh6H2/T8nE8U3mJ+xikQ0ecYry0GMilv2ybmd3623U/tWcO7SMiz/54MLkNnp9S7UDHRk+H8BAalUcflLiWuAtWEt2ZuMkwm4ZXsMyPGa2c/gY2tF1HLthRE1pSXfgaHLLIEmCRUr0RtZXyM7dB4ehwu1p/63MB+uLZhQKktyxAjJUAfMu/xdnjvoF+AVhaFZ8lG9SDBX59nAiJU2u4gr40jh8NswxgUE0J7C6tdPbeGAS5RMa19lSqUDTK7VxsivQKHDau8zVKY7tzOz7zI66wJzaaHVXip8iBpT1G0awaIMqaNZZjaMX44m56SGX+cNcPSMN/t0loQZOSax9AnAPZuzS5VkQ1T389BhMxHOSQNL2zDGdtmWZqPvXHkl72yoHP3JPddQ8RmKy2ssTNkSTvFI7kKwnsQK/B0f1+TNlL5TLkr4lFXvNHI61kReZO2fbOUvFjNaH9C1owXgIQZufaAVbXe52HoKoSWCQ/lipQuy3JvcIBUhOlVxDg2fLGBfbFagqIeTl/TPOkUtkhXgYF7mE8Spccs/pZ4fiETwFue0Ioyo2YP7n84pHz9CZAxZtA4YIceaENRxroI4qHTncVGLluGGLcs2YMbUG1KStSL8IGPE3rl+r/VOXrocMknZyMQNv+5n9MhcaCfm4YyRJ1KdoD41b/CwLy8prtFp6sHlXLgDcylQoWWII5+dfkWkM7oZLeY+qMVg9/87VPqcydL1YqiVtkVJlBqsVYPvMciYW96ou1t0n9EFu05Wy7uI/QFOlvIdzonVIO3trtnhQVi/fHDE8wsSxD0fDBQ3anug6DS7APPj+9vkH4BY1cKNeellQRy8VpXbJFbbLs1vh4sw3I6/kCIwC8yFILNQ8HZS7Npg9/e7QH5TfXTk71/ECpZjapBTVcm8VC8C2lK4ChbKZ6jCsenk9SrIwslycdXUF08476UeJ6J8zY/+z4l7XYfb1IyhbGaJM7YnHc/afWcCRPgPWixLjPkQs7j4jtpPe+xkgdEleaQRJ2rtAPZTT0aUEsHCNolCXnSBgAAKA8AAFBLAwQKAAkAAAC2hGlIHITE+yAAAAAUAAAALQAcADhjZGI3YjVkOGFjZDQzOTZjN2U4ZjU3MTkzYmRhYmRkLmZpbGVuYW1lLnR4dFVUCQADV1HgVldR4FZ1eAsAAQQhAAAABCEAAABYPchuk90QZLeIQqV4OlrsxR3ZILww84m7J4hM4Ay8SVBLBwgchMT7IAAAABQAAABQSwECHgMUAAkACAC2hGlI2iUJedIGAAAoDwAAIAAYAAAAAAABAAAApIEAAAAAOGNkYjdiNWQ4YWNkNDM5NmM3ZThmNTcxOTNiZGFiZGRVVAUAA1dR4FZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAC2hGlIHITE+yAAAAAUAAAALQAYAAAAAAABAAAApIE8BwAAOGNkYjdiNWQ4YWNkNDM5NmM3ZThmNTcxOTNiZGFiZGQuZmlsZW5hbWUudHh0VVQFAANXUeBWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAANMHAAAAAA==' AND file:name = 'problem.725765290.js' AND file:hashes.MD5 = '8cdb7b5d8acd4396c7e8f57193bdabdd' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05158-4b78-4401-a4ea-4c10950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:44.000Z",
"modified": "2016-03-09T16:37:44.000Z",
"pattern": "[file:name = 'problem.725765290.js' AND file:hashes.SHA1 = 'c4940aa42fa81267a9e2a63f2a1c719a5088f468']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05158-a98c-44ea-a2c6-4d17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:44.000Z",
"modified": "2016-03-09T16:37:44.000Z",
"pattern": "[file:name = 'problem.725765290.js' AND file:hashes.SHA256 = '90e4468b681b4dfcac724aa46904e8fdadbf8cd238b88d9e2769c1f2024d078d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05159-6808-4582-b5d8-426c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:45.000Z",
"modified": "2016-03-09T16:37:45.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALeEaUhAu9F5PAYAAF8NAAAgABwANDU4ZDU0N2VmNmUxMGFlMTllNTE5MGQ1ZTJkYmExOTJVVAkAA1lR4FZZUeBWdXgLAAEEIQAAAAQhAAAAVkkVf7+h9kQQLbih48WTAI8tKGRFRY+pBEe/EKRBgwS089O8WtvRWjgMi0DYfksnrEKWOAmgEK+3KdHBGx+OrwX9h00/ytXJ+asVm0dWcyQ8WW4W/9WI2gcE3yNsyrzkjaauLy3kbFVJty6s8g2pbhtQzMs5urCIdwDKlN0YSiPsNB3cLqH+GPok81V3BveVMOBwtEefBVE8YNHgmNHXzKhLeMMOyAUdEN4bmqgYSDSbh218JSmnbZDRhasENNulT7EpLBjrczYVFmnPYoNdURyVTrsXAacu6phdH73mUC4bAAEJXqh2Q5hxML/pvzxHAErSNkMMOQ0uMNCIYaZkCjeix9vNFaHHVqeY/6hVsx5iNh0c3NgdefAkDJidY0L34dDcX+xibWhl2nSlcKR8l7uXWhKDYMVJK+X59Wsj2lK9GKdEed0VEzlEfWK1J+y/eUnLHuHgJuJHNs5QZBbmvuhjiwGGxZ2vSKtigEbOPjRGRAweHRVK1nmrnZXIRab9mcpY/yBS2LZXA8pJyIvQ5JOTN8ZH0P0iQ2O+FLjgpaNyA8PAYYyLp8zYHpdjRrbHyUPxbxbIlIPnbdu0pHLvMoNzf6v22H6rQyEHb4JRT+cvLrKev+c/ahhE2fAny63qGQvYBOd+XqwG1xCcr3WP86S92p/ezSvAzCy1Y0LKW/o3vNbOMZCkjJF6zyNN8/UBpA/Ri+sIuKp1wRzzcTNV5LKN+erWjsx9dinftMFefIdaqEaNmkolmNpq+OSSWqVRYzsHtfFTO6Ed9VCFTlB0pj5D6V42KX3cS9XYbHrrWXZoCQCU1DNNZ7HZ1duGBLHIfBIbT9wd+OPhlqXYzt1nbkMR2RTP78GW3zMnzU0NrDAShi9Mn9YhHKPBjH4vGBgyhvhXCI7NI66X0+87pc+V4mfHeqCmvm+tQhhNHen0rC+36GuEPE0Au/chQIANo4JeRtpjyT4GvyrdB3jA4OrEjaJYiA+k40KgNjiHqBHCY59+DEQtCoLlBJD8P+nzaNE9e/XHqb9tO4hUoPW1Q73t8TLPydnm7XB/GW5b/h26ebj/9nsKRzOZXdotDkpjwMmKEhb3NrYlnp3zdvcqnCvaxG5RmLP6Og+dd10RYN9BkwX0hdOyIuyAH5lbBvkLfgJnc2qp3zZEEk4FShyA1q1feH8HS2xMmoNj4iS6qXJje9X33LV70Gqec4GD844K4tZvKzIcqLqpR8N2Q1xcednd2tua+WXAaCV89DP0Rtx1Lb1Q9lKVmQ1hskWsWogAAkv6fgK6xN9i8BSs/+VOCHUdZkGetRI0C3XAwgP+FBWkRdYYHVA6O3kj/UrQFhqwBtSq+IaJGgtZd/1jUiLCQFeu/GnFDVs7+UFIkreKH8Z/fPBayCpTjhuMHL26GgfCY2Qjqs7hZavlp3Ohy7OWv1UlNtMryBaaHDwVKy0E50TrS4AiCNbELeEZfZh9Fon1Gu0QMb2LWTEOoatdAhkQVVfwRHib8RN+0Rc6jfOaSSsQGH7F+PWqesgwkmdDTVr1WBE9UiYeooqTAldQGrvy+W7u9jJTGumWJU+Zw9yKCBF99teTCgrk5rLjH3MekMaocN+l6YBrJRlUxL2FmyzidmAJQeUt5hPH26Uns1kaZWhbglqOZbRBFQgFsVIak27NZ9iWxNxWMWZtfuPXNxqy9WLjUnNcZLIO+17lo6DpN/EPwHbBtR4grspZ/wYYsYthf6GMhHJp7nYbwku8x2iMnOwyy1aPWH16NwcSQ4zrXzy/Hll1Hklg9e+DFhNqhrtluAaXUBkBDFBChpMVTrp9RcKP9Oghn7NLl+BQlL4UF6sDSoiLLs1YfW1iDJ0Co4bdYSG5/QvmHr1Zt8UCvAgC9ZDj77X7cZOjeyvcviOcrt2Hi1D94miwPoorFmBu0/3wI5em13lHgP/Zt5uUeCFWW8XJZp1ifGnfPZr5aaqiDLnfYfb/eYxub32CbSai6dCI/mNLhxDkKkjamYwEzUjb30qJ7CNwXIrI7CJ5ksy3pDGA5Y4bTx/Rjhi6LhHp3Sq12yf/QM5MNEwsnhKDIrS/13AgUycCBP2b/wHq7AQNLH/0i3fd3fqMtkDPxGD7kwXCM2N8uAEXy8CnWeDvQpESUEsHCEC70Xk8BgAAXw0AAFBLAwQKAAkAAAC3hGlIII3bPCAAAAAUAAAALQAcADQ1OGQ1NDdlZjZlMTBhZTE5ZTUxOTBkNWUyZGJhMTkyLmZpbGVuYW1lLnR4dFVUCQADWVHgVllR4FZ1eAsAAQQhAAAABCEAAABYPchuk90QZLeIQ9Iqbgh7lEX1/3mPiIXhWoVvFnJm31BLBwggjds8IAAAABQAAABQSwECHgMUAAkACAC3hGlIQLvReTwGAABfDQAAIAAYAAAAAAABAAAApIEAAAAANDU4ZDU0N2VmNmUxMGFlMTllNTE5MGQ1ZTJkYmExOTJVVAUAA1lR4FZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAC3hGlIII3bPCAAAAAUAAAALQAYAAAAAAABAAAApIGmBgAANDU4ZDU0N2VmNmUxMGFlMTllNTE5MGQ1ZTJkYmExOTIuZmlsZW5hbWUudHh0VVQFAANZUeBWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAD0HAAAAAA==' AND file:name = 'problem.735045709.js' AND file:hashes.MD5 = '458d547ef6e10ae19e5190d5e2dba192' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0515a-8448-43fe-a52c-4ccc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:46.000Z",
"modified": "2016-03-09T16:37:46.000Z",
"pattern": "[file:name = 'problem.735045709.js' AND file:hashes.SHA1 = 'f57d0795b9f030b079df12920e878b2fae0c4e09']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0515a-3b60-42bd-a183-40f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:46.000Z",
"modified": "2016-03-09T16:37:46.000Z",
"pattern": "[file:name = 'problem.735045709.js' AND file:hashes.SHA256 = '00b1fa0bf426c6abe13e8334b1d92e9deb284c4aa19117b4dd988ef61c924ce7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0515b-cdd8-48d8-b0ad-4767950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:47.000Z",
"modified": "2016-03-09T16:37:47.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALiEaUh/SMykEQcAAOwPAAAgABwAZjc4MTBmYzkwMmRmNzQxMDEyNjcxNmEyMDY5ZTI4M2RVVAkAA1tR4FZbUeBWdXgLAAEEIQAAAAQhAAAAVkkVf7+h9kQQLbe1SqkPHy/MIsVp2VRLrpDnTaYdkmVZ7sj9eXjTLyO3EbGncg+D/jhIdeEWYDtvZVGyOSK/nGOvCfFYFb3QeDRv6VT92mFoYEq4yKWBvdAPCFNZVBN2xF+x8F7a5y8n5qHmSmmu7OLjdpCmJPW1mXiV8ubz7JS2JgslD/aWs0a7s9wq/9AhDsLWfWNc3yyrT9/rCPk4yVjp2Y3+7R94nhF+m9Bs4t0gZ+tlkF6mphguNHCsPflXj54kWhF8B4pEkBgc9IQmsrSJhS8lNDtPawfJBwgIf6QreZGBayLojhEzwfcLCUUkjtqn0d8gfgBsrHjlwIRR2ZjeH3aU4tpD+COF3Ht9Tq7be6PuZh3M4iXwthLQiXaMdMk3w5AhyxGI5PONPkS3FAxD0g8qAY5qBNP56FR1hxLrtcrmDbcgk4fhRy0TAismhaTdcb4BHlLUOlHyXy0QOZKg99hK1ApSDMiy92WuS5unVxf96TqkcNj9IZc4tN3EvSvdaT4ZmyBPci+CBoSzH3ENsljvE+aSVgTxNKNYBVKPUeXyQRgrlowaAh3DhgyIi4Ssp6/BY8DbkNVkuI3M9sLfBUIb8+q1Yo8YRxQMY/k6Hp4mztafU00XXM5R0Rt2pYBg8DQ22WpHCg90wW2wFMbDKgvSlnzUhB28WZIOMIpCWhZiffMVpPdmckyE1MFYoaJ2swV3uRPo690tSf4pzrpOd3Llit5oB22t5ityr7ds6mbjRerImOxIQx0mydbPV/X3v2Odf412rxU9WK8d5KYkhQ77tc8+bq/6Bxax2ZCaG7ufK3O8uoIQzpUYAN3XFGwr4Xp9Q8hjJVAEaBtEIolGp9mQnm6+R6kJFsQiprNJJ74eSSEBhy1AT5lROosFh1YD3/BVNKxt+mjLh4yUJqR2uYyMxj7ncKIEpDoj5/5+vH6pYRCJR7Q2N6g7QWp2zSeYnf/WAFLPJuPMM5IE13yTndzoGWE5Sf+BWC5jIIRS8pIghQrICXGsRcbI5suOobsYScYPSsfcRf8bWJ53lwVbTnPKsMGJqLe6SDs0UX2FbKSPl9ugvr8sTQ3uZo+rwdozKbKYQOMJgxVbc3PzCdC7l32ctWycuJ6M/TyFO+ELhDf4roIk4l/mliaMf65zupN5ARE9USiupF5RuHcQRyuoVQQeShvw3hn6WW5Fo0XvhrpgycBolGoYbPkdMbhwHke20p+Hq+LIqLjFY1/cIFpju1VNzrkx4qvbnu8duhhUYl029QYy3wOTtr+coi0gwK1rNcHBoLMCzWiNsFnpy44oEuAdXYSYGaN6SXorfdZMdybbZhPRhfbL7rfsK1/lyMR9flN1wMH7efd3WNvp2gaYFAy262iY0/S92LfeVjbB5/1E/i7n7RLNcqqCk4a1zHTpgx2q/UdC8XkwqNO00SN56fJvHNZfa2phURv1FxTWubASrwE2VIhfjMLcvuWPpDF5r5+HgelON1gQPMuJ7v4fqsurnIK2IbnHshsUw+dXwVeZkhRZg7hOkIF150z8GHMYx5HttwochMezJzkgJs4O9biKSwEoPq4ShexnmLZmk5v0peG7WvmXygp5w//2BEZfFBM9c8J7Ldy7Aykp/vVM5vyIVs+wgcMnlXEACdg6Gsov8RZKFpzNcb/e6HiWqO60d7KHF1AnkmTw1JF9EL/4dIiUAp6VndwTlofoq4C5iVEI8hqUgBj6LISLVHHPsPL/RsokenCcm5BldllxX92rBJREuJaVuoVhgiwwoMUjTqzSI8Ld7oTkvELBtBl30O2Py66eIVqHiC5CzcxVK0HOg3ybgndheXyQQTXKezYiIh37jdzLE6V86hDSbL7zKbgBMmSlT6yNfhQW6O3adprm92kto7ZSIvbWpMjqmAzv9AM+Ba/kvQ8ujaSmXyy10eRJd/YlPiKQDR4ja/Bd0cLa9N/jgCHgQ+TuCuMBZY6pWqN0n2ao4RreIXZYnbFjenea/Gr9jmR1feuEAwHXr3t5PFqNFP1Eze+RMp/QzinGH3HAYJ07+Vd0esQsziX0Wu3nx12dcGVjrmfI3786IdILfnWFBYUiDDjVxQVyJ/CJqEWk2+qyNYAlD3IivBxESU+8Dax7KJv16Cfsw5EZZWBh18kWnZCY5O6Qfdw5P9wzUACG04DGxfuCS/00BwHwP5lW2r21Z+H3krBdBUZlbQBtL7IP3eriItu75PZAnET0Dvw7ONlI7GhOQxVzb8mTVPtnSUs1T5CeN+QXMYHi0td/1W67LNS8X6+gr1xE0TpncCTwCvgyLpc/EkPOrSl9nx1jZqy7lJ8itLmrC/W8a/883VFo3BomwXFv3xXjI4Zsg1xmaalBpd+gyhxPLmBcaw3KeXljhKaEixuL4RH3KJUfWLMtn3JNB1kMrIqlC/WwUEsHCH9IzKQRBwAA7A8AAFBLAwQKAAkAAAC4hGlIh6hLsh4AAAASAAAALQAcAGY3ODEwZmM5MDJkZjc0MTAxMjY3MTZhMjA2OWUyODNkLmZpbGVuYW1lLnR4dFVUCQADW1HgVltR4FZ1eAsAAQQhAAAABCEAAABYPchuk90QZLeITGo2gvT5qzM80Q/YUO5SdOQ83z1QSwcIh6hLsh4AAAASAAAAUEsBAh4DFAAJAAgAuIRpSH9IzKQRBwAA7A8AACAAGAAAAAAAAQAAAKSBAAAAAGY3ODEwZmM5MDJkZjc0MTAxMjY3MTZhMjA2OWUyODNkVVQFAANbUeBWdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAuIRpSIeoS7IeAAAAEgAAAC0AGAAAAAAAAQAAAKSBewcAAGY3ODEwZmM5MDJkZjc0MTAxMjY3MTZhMjA2OWUyODNkLmZpbGVuYW1lLnR4dFVUBQADW1HgVnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAAQCAAAAAA=' AND file:name = 'watch.881452758.js' AND file:hashes.MD5 = 'f7810fc902df7410126716a2069e283d' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0515c-0838-4227-ab97-494f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:48.000Z",
"modified": "2016-03-09T16:37:48.000Z",
"pattern": "[file:name = 'watch.881452758.js' AND file:hashes.SHA1 = '8c44d22ebe9a12b77d52d07df6e170b24a8c4f19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0515c-4bbc-4d08-9b3d-4fc7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:48.000Z",
"modified": "2016-03-09T16:37:48.000Z",
"pattern": "[file:name = 'watch.881452758.js' AND file:hashes.SHA256 = 'ddf70b11b61b6c496c78c93c759297286e227f03b8cbc3ba9d7df0653295d877']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0515d-0898-4683-adbd-41db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:49.000Z",
"modified": "2016-03-09T16:37:49.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALmEaUgMISVBqAgAAA8UAAAgABwAN2Q5NTdmYTkzZTNmMDY0N2MxMmFmMjcwNDExNGUzOTNVVAkAA11R4FZdUeBWdXgLAAEEIQAAAAQhAAAAVkkVf7+h9kQQLbZ+YHxq6I9zKyxeYHZgjDPdiUv4KrDfmaFNpjKwgZwM7A1usEVhr6IhnB9zsVNm6HvfxqYMTmUqWcdu1UIUt/a2p5mLf9Dz0TPuFEtvbyC+kzz0bM/SQQ/LmHfabhSBRMHwJvIy+fP8oBLSMF4gdhe27AxUxK95J4d9cmGj+TcoZCPfye8niidPabOP2rTMBYjhIM796I8/2TvTeIenFu2ENhd1kpNWT1q2q13EmEo6GHLLjWWG59IRylYDauoawhl5+p7uRd5kTKj+6Mo3C1iEiTaY5/qBVISm51SOKl1eTVFRxs11XEsFeHFL2+aAjvMl+j1yPZ/qkWlgyvp2ViKi5IwznT7WrKRGo6gnLc160mR6wrJfFhvdLCFi1bfRjtGIfi4VHlWCS+g9RodPZhBCdEDsBzZ+R8WdhK4H1r4YWtBUycvWOy5Yn5uaKAOvIOXT8aaXnBpSL9qZRBl8T70LQlECrCAQS07m2aruWbUfN6n1pB5tqnq1URqVuDPfYQQeZkobvFlqYhFGJqFP8KicPCQrqlUcPB8iMoW0KIQA1+DJ5n2uuJVEAtGe3TtrJsIp7uEI9f6FpZwaXc5FFOstEf5cmfYKohHQvmmrxYmmzvfoE0v6pDtEoPS2h0TFI886A6Dq8dIfmy3ZiRx/DvTftJ1Zbt9VQiiTVGDsRd5HqWVea3bMTirxzPW5sCboA3rruVEt6AAv3Ha7FfTjBpGH49AWSWAsPKdLrN4L8BLDK+18Zb1/wV7LBOeQl0MxPRihPcxm0caXecgcwVT1TgulQ+JKHxSo36BTFBdfczQRbsn6baU8pF00l4J3Y5dInyie8GrceQDZ/GJJpnVTkrZeqySEzCXP2jxpspTfGXC8lpk7ktlBIv6IBH0wicbRip289oOWF+6+wSSclUmouWK9+pg6nUNHblY6vIRUde1FZIzQxtj+37cae9W8OeKQc4U2YIoZ8o/KdeLPexpZaQiHOfw/TvWa2fl//LGY5ET8xAkvDdv06M/f2XOgG160pTMb9uWP7dmUBriXGwFzSI/FRP1ofnwiKg3tyN8PYuJYDmDDmpzD2A4N/4SLadcwECz1S7/FLi6BiUYyTElOaO27q2C8XYBDc52+c+LUbs5O7AaJGZWkeW5YAN86HtlKhGbVefdQb6nivLye2j50pze50xz1RIGWi1C+7xSFiijNRK5fqSrX/WPC+tRAoYIqlIdD449LWaOd10h+sXw6e0BrwxKq/Nkbv2TNOOQb5Zyirk6/BNHPoHVDHXn0l2bRosfeOx8XqGhSfxygXYloSuZHkdNoTvJt9SJA415oBNX95t7LoKv2o9CZPZVQn0NCSz72warkY3Hih2Fomo0lXxFRgIHOFbFmstLneh+1/yDivX7c02TE9gipaIk0bOvKHXDU2SzH5ARiHoEtERDBUFQE7GRa7zvTqLvdFkCSiL9mViCkWUaRFxdTyzSIUqr3fN5+gI0Ii6yMz2Z/QTuG0cNtPUaCIal/CLXnRY47zXugivMZuuQg/jnRG3l1INP5DjEddu8ITSeiZ7PBjSQiJ69FsLjKNVw7esUTDQbrfSYMGxr/9K0KtaLU4xCXkqIb3b7Bju2DhDfEU6mFKALjkg6xs6yXd97WOTVQxNCTzN/L01skPZuVXOA1+Pyc4VE0xzpbOI8WESf2d4e8ie77V5JhIqPOKA/msLiRtTdbC7iQCOB5ownKDMvnDVQboZPp3omdK100ZKGFrNFRijDSAGZ3ldAwJxJ4XyJbsSAr+5TFNnspWh1tEvuVAxv6bvptSj5vz7OHhRBCh7279xO7NAIITBo5hMpcAjQGla+SMbjL5WEE8fP4C58Tst9ZIILYpx0ULKxq+wP7qVJS2WnEdmUSoXqhV/pBAAIOFmq6PxKna64NO3iHiKWUm+fshL9e19pjewR6dEGmFsCYpDnK3v1c1JD6Damm64PlzRQNyza/pUklThx76eBMIvd5h940Ccg38fXFieG+WotlZp4qmTV8sp/CcKXoo42RADst8ABVU/3bNwKe6seezSCpmyTt2LSviadDqvu7ptgrlzD8abM76waOCiT6UfSFU3i2Ry6yI6WcqAjqyjRO6HhFUAtGxn+5EB2rSRKWIZp/BGCFXxoGqFmdaR5zHUr8YS/jQ+8GJUDhfBWSZvJJMufpol97xS3a9P6iiIp8xcVjxouLU3LACI1X3GfBRDBUWLIpxX9QxviJjURny6hpZRbuUqAkeGB2CsSoUrOl1+vF2cRoDI6QLHIMvIBwHxJKo6qC3GeWnCm09w7F4qgpL/+4puBqY6C3y/qtoQXTFIqcyS9EG8iuN2VvvDElA7W6czwUyw7iCJXGkcDV643HIJCyW7y0VQqO1yxAjhMGee4p30OimPz0TXIGYgRS+3DQ3NgZ4Z8472C48tgvae5WSykCOK5uqA9ebKuuv8J3j0rBNoU7qnbes21LFiSJQzayNZDZ8AQZkQijz24SrG4NJwjlnd9o32wD7gWyS7wHRKe4EYVHQFqNv3yB5XRkVuyuzBgg6vqeAwqUEjheKNlK6fhvP3ZcKgavp4uMtXmb6ovFnCmIveI3QPbVeP2ZNwE50CKLjpn2b3UsAQrili7eRnZbScp511YQrBamNzCdokUtI35RpT2xpS2oXac/w/liEe6xRQStfqSAALNoUg5K7o7lS2j8sORXkoX+sY+xEX1ymNXWnpp9ql7jdwvaWqStVfpqsgnTb//9Vj+AjnZuIPGUlAPsG0trtI4/uInDppss39MLJvgaZJpZIAnGHzRbu0fdxdkc9loUTQAghUTyUfZAP4csDHomoAhnn2pns85xHe0T01zubip/s+AorIR8Lalhc0784bDKaXb4dwAT2DTD6CL8sr7M804laMYNbtcue0JivwFfUFFNgyZuQvGBnP1LBSTnVxfmjL8SYk78k2rjEUVQSwcIDCElQagIAAAPFAAAUEsDBAoACQAAALmEaUhzF896HgAAABIAAAAtABwAN2Q5NTdmYTkzZTNmMDY0N2MxMmFmMjcwNDExNGUzOTMuZmlsZW5hbWUudHh0VVQJAANdUeBWXVHgVnV4CwABBCEAAAAEIQAAAFg9yG6T3RBkt4hNxOAgY21iddtxFzB6QlCLCveU7VBLBwhzF896HgAAABIAAABQSwECHgMUAAkACAC5hGlIDCElQagIAAAPFAAAIAAYAAAAAAABAAAApIEAAAAAN2Q5NTdmYTkzZTNmMDY0N2MxMmFmMjcwNDExNGUzOTNVVAUAA11R4FZ1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAAC5hGlIcxfPeh4AAAASAAAALQAYAAAAAAABAAAApIESCQAAN2Q5NTdmYTkzZTNmMDY0N2MxMmFmMjcwNDExNGUzOTMuZmlsZW5hbWUudHh0VVQFAANdUeBWdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAKcJAAAAAA==' AND file:name = 'watch.913872711.js' AND file:hashes.MD5 = '7d957fa93e3f0647c12af2704114e393' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0515e-f180-4367-b206-4a44950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:50.000Z",
"modified": "2016-03-09T16:37:50.000Z",
"pattern": "[file:name = 'watch.913872711.js' AND file:hashes.SHA1 = '2d3d72d7df8c35ed7939431ac8c0309aa2e4cedb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0515e-d0ac-48d6-9852-49c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:50.000Z",
"modified": "2016-03-09T16:37:50.000Z",
"pattern": "[file:name = 'watch.913872711.js' AND file:hashes.SHA256 = 'e42da926490c01d608eb02cbb6553ac488cfc24b5c56d6566617eeca9003aa82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0515f-baac-4658-b3db-4343950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:51.000Z",
"modified": "2016-03-09T16:37:51.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIALqEaUjUdiS+xAoAAEYZAAAgABwAOTJhZWRjNDgzY2IwNGNjZDU3ZDM3MmE2NTc0YzA3YzZVVAkAA19R4FZfUeBWdXgLAAEEIQAAAAQhAAAAVkkVf7+h9kQQLbWQZyAI+GwH/fmnU3dFgqmQhIhpeabsKJmfcuzzjjqOGx39JsP8iMVwOTsLBTkj+ZzYKkfNhv+SjS/QmRqP6mHy59GsrA0HvwNKz26AGYRa9KbHm2rG7HMu7zdzlNME1t26tULMEO8gcasXDbYWYWgzHrEme0IUJJ87cx2JhuiVuDoSrh3DMQZjv0qPf/cWfxujftPHS8riAPxEGUyuHNmbIKPKQrU+K8/zK62/XvbiVcphWYuzbMRd+XV/nQ8FHqgJcHDY2cDYFe0/jG+YbC43Z4RHIvE0gSPDneaM8hUloMsR2z/+O2sjJHl55AayvyC3JnSGLh+TTtU1lY2kuUL/zmSJIsij1xtRTci9GjX0ldj39jx/+2kJ9BkFQlosjv66xNPXpXMAO7WYBcyySpnyiWD8RaphWwomH7gAFogIeimTINHKIPzBdUfaC8vSCVWpInXetLK1CFDGegieqH/qvQC2aVQNlNkmla/q929cgiFv+BGDe5ykLm/xO9WIZuwuGeHC2OtEgofK3hgBZk6XwpIYX803qnvH9KMm3FO1tf4ChO5ulR0sqfK+lrxOj0INSrCOOkNv+0yYywr2/3X0Uf5YcXMOlx/e/oqOE9H+k0RmnzqoYzWr4pYZu/WHNznbIPt8t8X+0bPrdYR/O4byOmdtUmSHalsgUnX8OyB0nn1M4E/uolSFj2nJ/Pvi6XnOJ5POqEuwXeiUTIiiRyXKvvU/4QNLMEUcsRYRGlV6RJ7tz1aYSLbZrBsW7Q7OKkph90Vv9NUSw4hGIj0jS4YqmhkfHJy+Ygebk8n85gqDQMaLXYCz6Xfj1ZzhcJif+sVL2XkZba+y81VX/9tfTwIgdNO/Lfre5s9XK+lMogsokupGa0X1itiq14wP0z6cH9xkLM7VkIUxLadUZszWMD9YziZr/0u9q4wP+pmVzLfNzOrJ83fERqeO7t5akf/SWLd/PzLHcudyeFp6L73TZJJAeRn40cK1+8gh6FuALQG0rbQV1tvvNmxoahgY5RXCOFCaTLkX3xjTeQinAdpAhXv9pIfNlk31CZCc1KRYQGorfWM9oNXvaZCjRc0oz9TkBGGlf2vSEvq5vsv/n1I+KMTPzvAFPzlBwwiz4jVJiZk5kzsuKXk8ph+n/NZrhJqtKwl9UcgLRMlthnUAkAoyuK9lZ+SkaoO1hMeFcsJxAKU1XxCrLcqs+cz8blvY/voEi5dBZjdKZO6cYDVaLDyoTl70xliDCwW7upPcIEswJlMfEMQfRVFGmwJ4Hy/Ok/hjJ07OhsV+S4zEJbOogcdrqOxW90nm2xxC5udsuao4dYWvvoeQIsaHtfNPFhy9ld6Zn0VB26ZNwWRzloyY4WWyyg2/LGtsYxzbwCpLSXRTdqAV3HoKgLujcllUxNb4rmnb0egV9nNuoQnina/JeWnfEQaMJX+fEKvDRLSul6+frgMv6EgPv4FEwiN/6En9JHkUC+YOz8uQGnBXy+NrB/m71bwvYMl4AOTkJA0YAlIxCkLHQksdWnoF//hG6fxefZu80r5CC7zwJk6niR1cR/0mcbA5c9qBsPoZ/XPYPvfnunEkNW9/xMepXqg+0XZbxmHBpQfL3ySmhz1RGilbs2B9y9ne3lZVSdq3+CW9FLgiZntoTBoVQGnMKXDINOejxRwfKEFecOWtUUVkL2U2xCsSFT02xUyg8GiWPeLicD2QIAav+1WSCdhCGMJGbJhCnpeCk12TXmB2PFaOxgb1pIb4i7aDy6KX3jzJew/Sx3FVqfMq5DZiQKNx+qOtbuA1CH8VolxcBABUt660QdmufBYq2vzXT4zku4ThDlJ66BUl2FWxS5k4wGSo7ErShxn8ETvzZyhPxktA+YB3srVjIJrxinfYDWR36S6dgJLmrxWnVyb+Q2xqcRTTqMlQzzfITyp5aV6WeNqBz+Sj0ax4M+cIJelUcf9NQ5R6L89T9/Ho9Vm3WmppjYFN2b5J0Rrcxcip0SMXGNOdWMsBwi3x944eBpmTGEG6iJV2aHKeXpv/b9Ln1FBtD0uplKzazYmxlWtVBasy9k5w6hl0YcMESuRED6wlJ+z3n/2wkQSQGtNe3Sxp7LSzYuHHdPBd74wnObx1FDHu0Swk3hPRqgNiOFI9eBgid5GkFYwaE/p7xMi4GKtqdVuH6wRL/hTVCJpAi+6Cit8HTcuDUHKOH56Tq1WGKyQRXcdey7A/yWO08jOu7ZVPq5STvVHb+2U97sGljhHaH8JJRg6Ymf08VwqjJprbfdRRT0nYqfC/QQdhfwnHIYhqpKHweV3SJs3YGTmqxh+M4IZQA2ouQRFQmvfq+1jS517+lIwoZcFXlG0xLw0EYYMV5f6FH7JCyRtE0birYOuDtYOTMX/P/J3XW+XyWvh+PEx3jHlSnADkUs9UiE26bz30QPkmiXmiTFg7VrsiKQ7kwrhbciz7p3p9gk+rdiYJDyMhSCSGdJra5W3RcbzKpFMIEKamVVgshfpqfltDvWPa0YDw/3kAhVNiaPi5MMgKdkkLzaNkqQP5ktLXJI9ksJp4LpeG1nVK2LZ+fH7MaTkt3WNNMtQTlDDibEtjThEGcuesFrIuV3jOvm1sQy93xIQ4zhRd7r9G24nxG21DgtGHe5tpRPNNMRLd6u+JGq7qHlp45u+IsIL0LPCENwiOVCzs7fJ+T40ktMBf9fgzse17mY+mGWd1h5ByF+C8l0+HEueu1oct9Vrub1XMSbfz3pxl85/JNZ81WrQTm49cASRW1KV+2+ztSiG3kb4073pfDggvMlxLmzOhS/iYByzWgbXwPQ6JqXEA9GBRh0H7qqz/IkNb2+SXNWv51SpMFpUFXQjkgyrkLraWeFTTRTXkXr3Ea+8S4kvL6dBciNDy7MaX299D6jLWN2O1Bh/w9YoMUVknQBCxGG9pm3zD0Vozvt0Fp6WvUfcXvrzVe/dyVkidfQG7yYLFB1vDS7TZwgQaaBBEe7eClIEabncDJQ4tPhe2B42pFKtm0Tv6inNcRATqKP7Go0BgRMIzCxCXkCXXGvXMqfULgjLtBsC7Gl4gY+0DZ80kWKg/4oNbwHg52j+lP4BaAmAgAMS4it4ig3otMpj1HRaVbYtvCD8Ts89v+QrB/k9GbMltMdvVxVBkvk7wjF1SVMVIpc1rnQUrnvwSrdIQt3WIaCNFQC7xqjc5XRTPdziPDzzntSfE2tsilBtv2cjD5w+K9zt8QNznaed+1LmQNvaWEhJQ296RV0hq+3tgH/edSfjhhGiSBVrfLPslfw2g0lmBH5Tpw7aBJ3fQduP00OxnWwRK1PfNirMk5nwduSdoSP4rJxHEM2ULEcz1vabnF7dOLrcudBviWIbs0xE655gwjpNHNtmIo3Y/OxPZ/NeK2h7lDICxPk5piUQPNsDJ+f4YFuvgLu1JSEPp2l0euBRoPh69ChQ1nnDiwnCvT1JT9b66ycDOs8VXFzdKkOEKlRQBh3euNPGmXP5pAYbZVYLOzxDoc0Bvov2Wo7VfVhSGHLO7qAYxJppbQ4Jo15CocvQHpBvikeW3wUHRocEFAHbKXF9dAmrPltVqhHOZK/7A5uQx+n9BZTU4isk2tmd5msBE8zO5UYRabxAZSa5ZPHglio/rcgW1BReTJ8CnXOhT7yJw5c6q3EamOu4i9WryNCYvpT76VepQSwcI1HYkvsQKAABGGQAAUEsDBAoACQAAALqEaUgLEn/rHAAAABAAAAAtABwAOTJhZWRjNDgzY2IwNGNjZDU3ZDM3MmE2NTc0YzA3YzYuZmlsZW5hbWUudHh0VVQJAANfUeBWX1HgVnV4CwABBCEAAAAEIQAAAFg9yG6T3RBkt4hOdm2KOQnPSH+cilrbv+u9wCtQSwcICxJ/6xwAAAAQAAAAUEsBAh4DFAAJAAgAuoRpSNR2JL
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05160-bb60-46fb-a1b1-4504950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:52.000Z",
"modified": "2016-03-09T16:37:52.000Z",
"pattern": "[file:name = 'YUN3242325208.js' AND file:hashes.SHA1 = '89d7a593b730a2c7c89fa506dc2b37a51068d67e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05160-5984-47a5-b043-46a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:37:52.000Z",
"modified": "2016-03-09T16:37:52.000Z",
"pattern": "[file:name = 'YUN3242325208.js' AND file:hashes.SHA256 = '7724f7c3f68423afa353df334435adcbf6a3a5356a7c6d03e08aa5ddf41d43eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:37:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05475-5834-4759-865e-420f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:51:01.000Z",
"modified": "2016-03-09T16:51:01.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAGCGaUidunNZjqoBAACkAgAgABwAZTEyZmRlMDE2MDYyMjdkNDVlODA0OGZiNGU1Y2M4OGNVVAkAA3RU4FZ0VOBWdXgLAAEEIQAAAAQhAAAABqF3T1npyl1MTzsklYZrP86dVO0FReGNPJ/H6rRttPhdwyg8NEtjvpfSnyOA8yqA/0JIoPcIpPm/xtWgFZ/JqW6WE42vEVKgqM/ps6LVuTvE31XIoFcrErAbutcZahxETEJO/tKpH8E1F5bGIO9h9D0E45tU+JHHkKvXeqbGGNG955V8HMk4+/JdXvUHRan/TTXbSpiw+zkUqgIJUb42+UkbShZrQP9kkiQhpp1XHCQqp+D5ycGU1jFwtG8fP5ldGMtEOUZWq0PkKlmUgpLWdB0+IWvI+oBFpK80TwTGn2jTj5ALm3wec3wpPX1iUHLo1iPbakcsSp4FOYRbPyu3VQ5zoIeTTfvyv/lCbnsPoI1BoseL4scE5mx8DsS3CsqvvHHFfUYuQSvnwXUylrGNa3VxOzOt64FwLsytPvH/unCVTEUcAsnzt4pbO6itdmyZoFtfkAmwW9RYezHIvmPn+R4VWLv58Rhksmom48Tb9bupCiZB9nbKaL+VHZ5+GRqR+nP5zZ/85TQVd8ESxI4NXuluxNW6t9fdNUxG8OEU6mxNeC3ZNSpgMRiUSoQt2TSSuZdBG1nW6iQjgN0n+RMtacpcqZ9T8rCZUQUkHoNiAKe3/0rWtsXkGaV0F/rP6jVKtBcSdPCGrhtZczdSUSFDA8p6kDqTZ94ZhQW12G+U4uytAtB8cPyZl/OaKGVrX8gS6a6ITSuFnHk0/GJCTbVocNvo2qsBbZ/0rICbF9uJXfDksgeE/oJi/Xe5IVENEyBA8uZU/yFZI9yVb1K7lGlislG/D+wtkmv/3qKYo0ORX6c6df/CM0F9qib8Ex3gRxq8Cl58HM6uCzsFkOicfFTaxtUjXOfP1wd6WUTmBg+656K4mcDUgmNrFk9+xQSdD/9f3mZ3e0gEZvIc0LIYLn+MNJ35Wew0cCK2J6Bhcxl2iUKEEOOzDt/49QyEfdlXlqavU2SalGP7mFqXkSEN++FCRDUV+zjZ7csJB89Q1wEYGnjAv0nddoXZDEvLDkFwSfU8+riv5st44t16Nh+4MveNHRh69D8iuAu1hdX8r/E+qTWfvRRVozfbG8kJSXid8zULMj/+oKqrx+slerEgV44StnBorL8WpLT0TmP3u7pwE9z1MCoqHmRRHIwlilzgiiSFd2xlZsKq340TO4L9TN9dHAMyQOoNLxiW26Md64vz8bxjgtTV/V2PSdXOxKVkqGYCDuS82LjikwWLNalhn89F9SXb8LbYlcf6DyeLGjJuXv85edlHV58oKJivnACrM29Z3n96G/SKHJerZ9Qp55A8w1MrGmF1vREGETvoik4Cv963Tl25jcYrUMSZWF97cEL4N63q5j9APJzA+GMq6qP3tQberpgUQSNxwVQwTj2nl6F7uTuXEK48zbzlrnAd/PdV+TTnha8sDB+yM2YAHGgcmMfdxcjv25Ixh7/w8x6VEs4KaB94jP2DQpxbU8qtC8D+KnGt6I2jnAsCdjJhH7J5wmdFub8FhAEwjbQrhXnsuISNVJXpps7Ge6/qXnxwwa0gVTFuqn5z1thEl9f9HSCaDYw7brR8SPH/Gsa7IQVPwstuxUa0ey1zDfBhGLO3Eo53IPsraDdRIGeH6+TvZ5f9pXhYLPKrMOZXtmVAeBNq9Sk82j/eB/DnXcv+oIVfRw1o2Bk+iZ8sx3Y+2i/Fy8PR8RgegMRfPchH9fHU3nxedJLDmm+h8cmCszuVOkWRHrsz9f+iej7ZSTgIfvSxh5bOXfxj551Iv71vz+NOEAs81lwk4thW9K4M9PAWh/470z1uASF20RTyzTnRVn+6p5VFES4xcAEdPxBsuBrVczwoLRdHH+5YceBXBgaDWFGKKDAU5fRMUBDOx0N34InZSsimzsp1QjB4U4KHeitSlMuEmPI9docOclm/wg3lPRD2bVOvEzgiBH504z3/EPwN+RG65wbk4P4l+lAVHWjR9SxOYuZJV9g5vsnnlwDltdPGVLc9BLb7MUgi9mP2wUxqKGkYXPXFQ/6QFKhzyEkf4NA6pn5NE46tY3x5ZH59GPdmW6Gu7Xhr421vl9FBSIvLe6ITA6KPj0sdC0w9K5iA2CkfXkPrUBTUCiw1Cv7KOVXExOCzVrYir8YClmTCqJdDlj0vYo3EIklHy2nybmhtW+nx1iqjvZbZoV7jFcOEpecEc7fNiM2uoMTfolMFTqJqlZB3p8qGRk8SVKSdcLBRgZN45au7gULcv2i4yPYJkcWyxUEDQgYHCCRUfHxfxiwTu+pbU1OQHcuXkOvk/K6INBGp2DHsu1FGx5pumxhpgqOGoSr9oyqpQKSMsKxKGBAxTRpVVIPWQahN2GVCO/rPjG5zvFSGmKJlUSSMO/oi0jliW+QH7j2jiGFUcVfUlC52BOeO8lYBdcCZrl5YoO8yU5yaBtPva/d2CLzLlWi5M6lt61uh7nF8BmYdNesid//OMMOPCSaGBfdZKMg+57VPacetSzsQvNzbRB7Oj3hEQELvaBtWhYkKnS6VDpr4eTSpk+QkxhzeAqq7y0WkjoKImv6xO6k/3a9zW9NfpQr59cJdL5PnHou9sNo/Hmu3b1Xb7ugXxQNf2epbnDjjM8ktl/YrTQzMTg4DqPxXw2iq1twKe9wI6uMo1bP0e6jqSUe2kWAO+3BIaUVm/pCXjzt0oNWt+Et4GdFh47AoFqqNtvdmKWYImuVB0ke6ziOpxS3u7u2H2Ekd6iBgY1Icbe8ghA9S/mBwfNTQUjPdTKP6t1zChNSs6S7M9Nv5kRiuBWEwW2tOnmkAtzYakiAEbkSuUBdVs6Vs8fSDdt23X1xrIpeXN7gJYNT9NFRpRneCPH1vwKCEm12FDB5vBDY4CJc7BiW/fzYs/zc4l6+CCBAaypMP4+W9gmHjuQ03776JhKi41Lak30S7aLLIMOnsgRonhtn4BG184HP0rPcLGr0qz2Zp3ck4Y9mxvDLhfFu6J6Cxay3sApABzvoxHZZMqls/vDWeltPzO8QQP4jJ9UeRfILo17uiPoQ56cr0kwE2/IBBJMJeoiULOaN61Uc+zvhgs68M229sYedUGQMTzl6SM9Nel2YsLJHzV3PvNG2Bp8r70fRd7BDmHXBkGBUUHhgBPL5Vy6axDQDYfCrPc1tGCcX5KuRJ+NVzt5nyk3Fck/bLJsKnJP9AweeiJp/RD9Piue7aMhHwRUZ2OmzK6Fnyr4Y7r8hyvqjGNGVf1U3dc1DCKSCwbHEz/8/MHblwzH8hTipra/QzTx+BjNHA4611WCJzYCS6ZCdgx6LNTwhDgjJABCT3Tu1ovd6/PXzgA6HgkxaB5nw+jMWpHwn2W1fWu9w0llKN7ly3KC5r+bJUTMuh5wGgEr3bTfYCex55PezVbYesFGHxEc7vq9K6qggPbzJ5fK1YzDodMC45AeSkQhVFlE4AiD3cIIDDLumc9wc12bMHUMla/slqpcgoxGdpNwuAkhKItthxl6TlSVm+pin7oS5N3nBnBrfTPbe/Rnxkiw83Z8DFotnlzbJ6OvvpY2kr6OJHDzrwZHdWgBGfZnUsJHsoBv9nRd1xX1NVNHJWBc73K7ixDiG2reDpT0ji1bqgY+XVV6jRc1fVZX7RgEHdR5YSIRilISqnlw2YFWZAvp0TJ04cs8WBq9k3GSFCl+CK6bVIaOyCpfBKV48bRf+1QFqSgvKKM1g5RcRTPcWXuL/x053ywLraB5r5ij8hDJi9s94KbO9BBeCCni32N+bTbFuBhJbDfubrpy8NanvAFDNiwRW4kXyZbcgkG+I9fO9asQJJ0sCazT+aWKptin510AYbF9pZnuxH53cSYufZlObhLMvXekLgD0JBqRa72LHvPnhxkXTOaj/InB3zBdoFi7CNPy8hSwlbKq6rKRrRFmDzjWH2VHV+IZafFTxIWa0q/RzM0qde21I/e0J4Wk
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:51:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05475-1044-435b-89cc-4057950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:51:01.000Z",
"modified": "2016-03-09T16:51:01.000Z",
"description": "Locky",
"pattern": "[file:name = '09y8j' AND file:hashes.SHA1 = '430a038349c05fa47aa7917f7d97ba4dac15cbe1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:51:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e05476-80e0-4985-a496-4afc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:51:02.000Z",
"modified": "2016-03-09T16:51:02.000Z",
"description": "Locky",
"pattern": "[file:name = '09y8j' AND file:hashes.SHA256 = 'd536fb9620493a6fee54863306b744cbaf2bb7c3301d2042406b3a6383b23a57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:51:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0563b-bed8-4701-a1e8-4233950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:58:35.000Z",
"modified": "2016-03-09T16:58:35.000Z",
"description": "Locky C&C",
"pattern": "[url:value = 'http://78.40.108.39/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:58:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0563c-8690-4690-8762-4990950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:58:36.000Z",
"modified": "2016-03-09T16:58:36.000Z",
"description": "Locky C&C",
"pattern": "[url:value = 'http://91.195.12.131/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:58:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0563c-2cfc-458d-b7c6-4fcb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:58:36.000Z",
"modified": "2016-03-09T16:58:36.000Z",
"description": "Locky C&C",
"pattern": "[url:value = 'http://37.235.53.18/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:58:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0563c-b1e4-4c0d-bc18-4502950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:58:36.000Z",
"modified": "2016-03-09T16:58:36.000Z",
"description": "Locky C&C",
"pattern": "[url:value = 'http://151.236.14.51/main.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:58:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0563d-c8fc-4574-8459-4618950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:58:37.000Z",
"modified": "2016-03-09T16:58:37.000Z",
"description": "Locky C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.236.14.51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:58:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0563d-c68c-4469-901d-4b5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:58:37.000Z",
"modified": "2016-03-09T16:58:37.000Z",
"description": "Locky C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.235.53.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:58:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0563d-0af0-470e-954a-4143950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:58:37.000Z",
"modified": "2016-03-09T16:58:37.000Z",
"description": "Locky C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.195.12.131']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:58:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e0563d-3828-4bef-b064-44c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T16:58:37.000Z",
"modified": "2016-03-09T16:58:37.000Z",
"description": "Locky C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.40.108.39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T16:58:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e08431-a8bc-4ae5-adaf-40e902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T20:14:41.000Z",
"modified": "2016-03-09T20:14:41.000Z",
"first_observed": "2016-03-09T20:14:41Z",
"last_observed": "2016-03-09T20:14:41Z",
"number_observed": 1,
"object_refs": [
"url--56e08431-a8bc-4ae5-adaf-40e902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e08431-a8bc-4ae5-adaf-40e902de0b81",
"value": "https://www.virustotal.com/file/d536fb9620493a6fee54863306b744cbaf2bb7c3301d2042406b3a6383b23a57/analysis/1457547604/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e08431-e128-486c-ad48-451902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T20:14:41.000Z",
"modified": "2016-03-09T20:14:41.000Z",
"first_observed": "2016-03-09T20:14:41Z",
"last_observed": "2016-03-09T20:14:41Z",
"number_observed": 1,
"object_refs": [
"url--56e08431-e128-486c-ad48-451902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e08431-e128-486c-ad48-451902de0b81",
"value": "https://www.virustotal.com/file/7724f7c3f68423afa353df334435adcbf6a3a5356a7c6d03e08aa5ddf41d43eb/analysis/1457532525/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e08431-52ac-4140-a1a0-484e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T20:14:41.000Z",
"modified": "2016-03-09T20:14:41.000Z",
"first_observed": "2016-03-09T20:14:41Z",
"last_observed": "2016-03-09T20:14:41Z",
"number_observed": 1,
"object_refs": [
"url--56e08431-52ac-4140-a1a0-484e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e08431-52ac-4140-a1a0-484e02de0b81",
"value": "https://www.virustotal.com/file/e42da926490c01d608eb02cbb6553ac488cfc24b5c56d6566617eeca9003aa82/analysis/1457530763/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e08432-3a40-4d51-b365-46cc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T20:14:42.000Z",
"modified": "2016-03-09T20:14:42.000Z",
"first_observed": "2016-03-09T20:14:42Z",
"last_observed": "2016-03-09T20:14:42Z",
"number_observed": 1,
"object_refs": [
"url--56e08432-3a40-4d51-b365-46cc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e08432-3a40-4d51-b365-46cc02de0b81",
"value": "https://www.virustotal.com/file/ddf70b11b61b6c496c78c93c759297286e227f03b8cbc3ba9d7df0653295d877/analysis/1457530629/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e08432-573c-4d4e-94f8-45af02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T20:14:42.000Z",
"modified": "2016-03-09T20:14:42.000Z",
"first_observed": "2016-03-09T20:14:42Z",
"last_observed": "2016-03-09T20:14:42Z",
"number_observed": 1,
"object_refs": [
"url--56e08432-573c-4d4e-94f8-45af02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e08432-573c-4d4e-94f8-45af02de0b81",
"value": "https://www.virustotal.com/file/00b1fa0bf426c6abe13e8334b1d92e9deb284c4aa19117b4dd988ef61c924ce7/analysis/1457548208/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e08432-8ba8-4213-b16b-490302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T20:14:42.000Z",
"modified": "2016-03-09T20:14:42.000Z",
"first_observed": "2016-03-09T20:14:42Z",
"last_observed": "2016-03-09T20:14:42Z",
"number_observed": 1,
"object_refs": [
"url--56e08432-8ba8-4213-b16b-490302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e08432-8ba8-4213-b16b-490302de0b81",
"value": "https://www.virustotal.com/file/90e4468b681b4dfcac724aa46904e8fdadbf8cd238b88d9e2769c1f2024d078d/analysis/1457554205/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e08433-8f20-427c-8f45-41c102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T20:14:43.000Z",
"modified": "2016-03-09T20:14:43.000Z",
"first_observed": "2016-03-09T20:14:43Z",
"last_observed": "2016-03-09T20:14:43Z",
"number_observed": 1,
"object_refs": [
"url--56e08433-8f20-427c-8f45-41c102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e08433-8f20-427c-8f45-41c102de0b81",
"value": "https://www.virustotal.com/file/1af82c782877d943a137a3d7de610cb2cfc8871879de4912d6b5cc3c6cb0acea/analysis/1457536258/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e08433-b3c4-4651-b935-47c402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T20:14:43.000Z",
"modified": "2016-03-09T20:14:43.000Z",
"first_observed": "2016-03-09T20:14:43Z",
"last_observed": "2016-03-09T20:14:43Z",
"number_observed": 1,
"object_refs": [
"url--56e08433-b3c4-4651-b935-47c402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e08433-b3c4-4651-b935-47c402de0b81",
"value": "https://www.virustotal.com/file/192a46bb8952ccc1fcbb620ce5adaf77b67f32949cf4989c1bed0a22ec46f96d/analysis/1457538983/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e08433-5834-4fde-bc67-4c3602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T20:14:43.000Z",
"modified": "2016-03-09T20:14:43.000Z",
"first_observed": "2016-03-09T20:14:43Z",
"last_observed": "2016-03-09T20:14:43Z",
"number_observed": 1,
"object_refs": [
"url--56e08433-5834-4fde-bc67-4c3602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e08433-5834-4fde-bc67-4c3602de0b81",
"value": "https://www.virustotal.com/file/1f8f0007f437b4cf355913722568b95112a3786be6d24c0980cb4bb72af94d96/analysis/1457536304/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e08434-afb8-4fd7-b552-49b802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T20:14:44.000Z",
"modified": "2016-03-09T20:14:44.000Z",
"first_observed": "2016-03-09T20:14:44Z",
"last_observed": "2016-03-09T20:14:44Z",
"number_observed": 1,
"object_refs": [
"url--56e08434-afb8-4fd7-b552-49b802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e08434-afb8-4fd7-b552-49b802de0b81",
"value": "https://www.virustotal.com/file/cc34e2ed0fc564dbabadddaa5c7f953f7187a6d5a8aaa8ae92edd9d11baf3de1/analysis/1457527501/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11720-d168-4b40-ad11-4632950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:41:36.000Z",
"modified": "2016-03-10T06:41:36.000Z",
"description": "Locky C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.154.157.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:41:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11776-752c-4455-bd3d-4994950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:43:02.000Z",
"modified": "2016-03-10T06:43:02.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAGE1akgDbBFhNTgCAB+dAgAgABwAZTdiZDg2OGZjYmYxNmUxMzc1NmY1NDdmMDE2YTYyZmNVVAkAA3YX4VZ2F+FWdXgLAAEEIQAAAAQhAAAAvxPe82Tz0JNHQTjiGIlIjOHeGTlhEaHuoZuL0iHVBX2N8tTqp1enpf/mi9VTyE0RpVOp/8YlYVA8sSxUypIZSfYED+wcOcM+sgBusES4rgkOUpqfgsTvBOm1nkoghsYEUI+VqnDCGKrFX96z8ruHVxd4utg8f/QiIvGmh9UV5Fgx7h6j+2DFY+vMzNMoJCr8vcYOWo6qyrqYCcmxF9650mFFqyNPTWyO4Fy4hep/EqD0S6YuUdmT9jnXkoXU7t8zr8WlfZhe/5Lm2gJBDdlOnkH28tUbd7LDo7ibA8qhNITtflHZoGuzdGkVxXVyaoTbWvw1LLfsGD/emWjBbA/Ujj/i5dNvxIdt8PcWnxUSH5JOXcMRS7v9+PO4Pp5Pi3/O4hCa5YYd4tAYai7hDfIh64IKRqxpgihFRxjr5RF8o3woV/kUQozSQ5c8Xa3DX8P+1yPpLD75X/mW87OjyLTyeQ19Amfe2cZWlfW9hzmE6hjUJSYpEp3tCl124Y25s4+tXBBEjbLY4fPgjh2A8GZEGTOzJylfLpGqfBPH2RT50HBJybuncNBX8otnNYnsN2LYDlcqjIpVfS1dhq3MuwRLKl0q2/rSH58EvTAcFRfwOpdo61FLBnSBkIoD9oNC0vbeBNGOHLS3atrpRPI7QtX6LZjz6QjR2EcXmuy8tSlYn2V6AwF+y46Ms9Mi4u6I33J2Wq4d+nOvJt74FFat0zjzG2enhaeKkRcP9FcKtWmJ034T+am4kHXtnJHHrXkmX0WRAYcx5YamGq6Qhk66pfTZgCsCjHB974lD5rJ81DxlcUmzS3amkPHf1uBzxwEEz/hMpUQx0XihAl/lRRToQ2VGNAg5tG4ijSNtrUkuScMXHB1GkGzTQrm21g7FEET7Dyar9Le5OrLO0c7NaucTnZA0mS0siBogkC+V73Mlmt74uWUbEoHMPayiRAczQG0Zd9g/Q5apKZ2IAqRG8qnmfcOFqJCD7PJnwYmIOs7bUlkej+U5/PuhZO18N6c6z3WaOwsez0tcOfLoAM0fuNVcIpoobEEwWSw99/b/JA68sqCNH4hjrkfo6DozLXA/vzeXZuY+ea/F5PQYty/H2dDNKP48Qf/HbLazj0APi6DJ1G59oCDob/U09TEsthhu2yaI6GgOVbDuQ7AzCMolCUgFemQ7jk4JrzZCQUq26cizWKw9AfzdLNXZrmniN8TVUlpGAk/BOPXKQulN90uOS2Ixg3WVQdMk0Svy1H/o+5u9UEoMQR1hNgna988ovi7WJ6iQ+nluy6Ll7ivL4Rp+zwK+xrrNl+OzPih6AIqXjspVANaFZ0vX3E4wioyGQqmXMSMlQrfTodI4J1pfvwAiSVmfySKsPLauXxmAbsI/pYeLMj93l7onBlIbmS95P5REVw4JWBHY953Vw8/QOSIzFMWXw1BgE/EwRs3w69gS0tp8njQKZGon4kM8TPVBI1vu7nOcIT6lFgQXm/lYG92ShqnWNG1uiijP8o6ps5BG7x++ezWgv3RXGtwLquxCGPhNfwZtBY0qe9bj7dww1u0nvWVyGyWMAgmpcsaaPxLBE31o17FNQmdch71uwaD3MPQkcY3RFY8PTBV0xbGIX+53LC97Z12O3RJkrUJCskc5F12vWbGL99nyX0yl23/vq64QqaZTES55q9IF/LyUetQ3qHXSb1wdeFk70pYv5JAv/6ML4B5g1T8vwyI1iv2p2dQS0vlc9rQ4hrv43FH6ocDuNuCt5Jl+hFxG0D5f2kxYYj2DNvJdxAa+gd7ZclODaKChd+tgBUGZh7LERQ+YIBnQul58F30C+tLtlRerm6OOQYNRhieJ8UXmGEIlkeE4044vcIY9E8X/S2sK72RbAixItwL65PeFzLRvpD66FG7a8lFei2h8Y+5/0JtTRpuUd0x05NbuTIZZszzG/CYmZUkw/0scD1POBReJE8AucbFROHVME052siy1PwwdDh0IdFgldS3idVYCGsUsj9eGIsCDMg4DCIPkjVLeHmhsKPGSVah/I7ItOfMl/t9XNjFKFzSNyfdMHQUd36+Rzp/rn/6tIQH5Nc+sApfdlgFecC6BBDrkkWRaZbzWVoTMNBgq9bW71s7/MGNNZ0epqloXuB9jnU+t2mKgkfYZV/AclchgQ4aWAiv0CKLvFRahjPHif6T+VSA8mMAAPAYsVQKUWDZDCt06XBdtIXcLbWnAeIOA+Y5XsJFRBvsz9UPJU/TtvTVIZXJj8CIk/W9q5D8WynJsKqm0EVmAp/Nr/5mi3iHj3gwKXO+KnizyJKBahD4b5oFTNPqX2WwJ1aL2AQRqn5vSazsvrY9GGz6kFAaKGgIht6P5TV0uefY8Ys44amYFBsx3/7TMvnDNYp+3tA+dYlvWJ3nTRVo5d4eVLBhCju5zbR061fKir7VkcEimeT8WSen1jlBloia3pVZFDNKo2LXl0IQWyXrEhsugAo4rdjdyvOM53zeLAfAxKuI6ROolilRdaXe+hBv2uOUl7xnRfe0xX75O7PS45VLj+6mcHTgOp/wl9x7yvGLanyAwyo2JIOYLR/CNEgiwxpIb3/8RL0sizK9FGJB2xiQGpZHfX+Uhd6JeCDWh4m2FUG1zQJ4pYsNgapxjsyvtA0IJSy5HxWWT5D6RL38wbQ9EvAKL81DKdevvAuSrSd4bwOEzspHB+YXBvJnqfK2ZWAcjOz6cQcGymj+AO+QlwTwObR3O8ny+rbLzOgZx6LkpU6LUQb4vGS1VSeMpfkcfQHM2ynNOJB/N63Pa/O+8cz/NUB0Cgps07ffXu9Ez95kdEShomlRxXc/GlUQaLWO5tD6roE/IOyZFifngKIocqu8SH0McqfTqgltQZkTJRD47u5uP2JrVwWWIZzaxKz1gccoNypPqIuYoaJVX23wLmuZjjy9u2IKqVCqjMjyLRvo12BxvyMTSiE6iyhxIjxfn+jRHg4VXu3esZ4vfNcM5TE8DLuGfapyAN8kT2VQnkvRLZKf00CwRJ+vDly9eyuF9JF7tRHj2ANmdO3y9WX0uMWUHbWoBq3dO6JoueQ5xSuX+LYtbRzdvuulmlaFJ2gJ/Cl59kFR3t1PhgYcNS1ilFwiHPzgve+oDgz2FVGjjRlmU9AcQoNIaKj4hxVXGnDMCFyB5SPXN13+FnQztLrxxO+mYs3CIJ0Ek0n6PR9wCB4sRscTvbcN10+q2250LSzRN+6R3COiGGq6ZjYqEiQaPf3WPDbgGdsKbmf35gevloXWIBl39iWSniFBR/jteb0xQY4tmAOVI00bOxev3PtnSR3QJh6pWhMl/gD1KfdCmrhkPJVUGaIGogCyfHc+cagaeiqcIHn9xFwNwykNEM3UsxD+xfROd1mvt2mwUfYTvV6US6DJQWMzkfQPLlZAdg0UdhthZnrH14EHnNJ1eZuy65s4A1oYcPOVK2A1oWa4B71HoMpITJri53pci1iLs/+6XYMj4vPnVC0+rFOmuRGzhWMx8Emj3ZkGpk7OvcRFMhyHP/1c9RQ1TS4e0y90JMQ7oPXW7606+IaEZuic//kcLXnRn7bvR023c9yTxkQpra56cmG3pc+5giIOeGFDDcWIMsl7DrSLM1SYNWt79JZs5hP7UVf8dmc0D/tzXdvYINZSIUujcJaErK8SRbDF04ww6fuPojxfpgyO1dnral/NJntu7zJHkaX2G7j8PcHQwmY1gV95BPZlfcNFxjekDQSjKtHNkAwCJ5vWZH6pf+xum9S2Ne5VeMN2wb+JHBsGEab/Ka2OSp9g5rYnR9NNfPJ06g9mPkGLWMGGWDUxu6c/3qXYx60J6lJKiJu7M8GUH7Eo4jvXdjEQPyxfAk3mLe09j4SD9YufjfKR2/Yo9tqQMcTsozbk4f/PW7dHByMMV9dHjGMErzbF2ZyQKStaca3GYsuENc3D5FjJ24M
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:43:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11777-be00-4b4e-abae-40f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:43:03.000Z",
"modified": "2016-03-10T06:43:03.000Z",
"pattern": "[file:name = '98yhb764d.exe' AND file:hashes.SHA1 = '3ab801425b1bf8eae78c0b4fe0751d92aef8014e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:43:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11778-3700-4f81-9c82-4060950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:43:04.000Z",
"modified": "2016-03-10T06:43:04.000Z",
"pattern": "[file:name = '98yhb764d.exe' AND file:hashes.SHA256 = 'a1241150c5b9e095d0cd37a51a4eeb511b2087e036ea02d75f045659f0f8286b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:43:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e117ef-5320-4c92-8649-4679950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:45:03.000Z",
"modified": "2016-03-10T06:45:03.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAKI1akgkgvI9I6oBAACkAgAgABwANmQ0MmM1YWEyMDExNzQ4M2I0N2I2ZTljMTA0NDQ2MjZVVAkAA+8X4VbvF+FWdXgLAAEEIQAAAAQhAAAAsUs8ZHTxzSFOz4VPpSvABOgVMAqBxatkoHYVm72X/BoXCMKcHYTe+AfQBi7CWowmLss03xGyEd5BpiyaSUpmRn34dWJ9AKKhKW1sb7gqtEDOre2MS56oH2dcjFx46v+DIH0rRh3sf9Os9CeYbzJW08g0pRDqDnIUWk6lIxhUteYqla6rFNWfDWeUKH8hXGmo8Jf7/3OIslhSMedmoOaDBZLhkWqDQSvjrGfsCVGbMUAOsAfIuRZrAQ9k6o9zgxzu/j6RyWgYg87QlIYwUuE/CyuFvS+8n8OLKJ1rv5wmeeSb2srBHPKrnzCQYKrqQoiMvjQGVxfFBcBYTnxc7nZGln4O8rvbfdIWbtqQ8Uk4TpJxgWEWf4xfZHPceF8YxnZAI3EmOEn1S/bOarpxW4XWZEQVOs9qygi/2IuYykOgVTc0J08cBhouzaLw6DmbrNCfwFEc1Z8z3VwSLLXhDVZTrtVZZSVGlgJkH4nYQmkLNVvcKMnTaAzbNAMmdK8lKHA1Rm9woer6sDolBvgxpsZVY4LJMAG/N7mk15gudbe/QxH5m0Fjh48HkjwTTnoAR//HPyWeeSS0TJ22TKYXAKqwv5xorhkkx6lJr8bN7ixmnqIL6hJS4CFzpOCQQr8YatFGbKp+mRcLPz6UHJGfF6YFT9/8SV86B+n6r0rjCoQcZ516XkpDe4kdwEntS0X6I3j4jsjDP23chRhmb1VfwBEuGMP41jUHqAcc4hsCB6bduzYQ5p+uzzuy4nfw1CUplWaaE+aHBawCnkFvUm/J13FE8oq+69CmaxnW8OXyF2Yzi7cT74yBu3h+LaNNDZGGcOeAeIN6hZ/2I37A7MpqV3i3Qe6V3hxvvd5zfugwbY9FvV3YFvwALgNavsEWnByLclFirVkcy5gBsdTK8o/fJeUEU+wAxfUvSqI1URsNW3ZWRCgc9oUtfrT6qzT9T3fU2iiRc3pMRuu1lZi8hZ2rZQag4YwwSoXwSRvqvYFOmjxl8BvWdeeCvyneH8rbRnVz9+S611sff+xNYPIpjL1n5c+kSpxs9mM++fB0b7Ww8BRiJUTVvf0QgKpOVPeMGVVbvXiXwM9ksYxmrBSKwlgs31G3Ne8BXVj9k2f6cohJdxRg9SK9eBAx/ZlELwBG2ZhepeJiNnFjAKZc7gUrGvCxKdrIwkOHFmFBt25jck8ZI9B265DeLVBAjEwvDOGrV85EDaB51ei8y9iHOxUrLghBPOyHuOt9y0jvuo+WDdUUimBdbgLravX98O/IvchcL9ni91k0+22bbcstt2rYb+vJlVdpLsSOxb6ytq0aRCWxXpjpyPbbnOkAK+DWRnFR619Kr4C5Csq5Xi0YkHQExwcWOOJLJ4ynZ78CmbRcZ+Vg5EFxOpzju1erAuFGCfbFxy/JyTRiCk6YPup8EpabPLqjh32k8fVVhIAo4kopeVJvENw2RrnsUGG4/ls+RpshuxeK/hE8/7Q0FD92bgAsS2krDSe9VoZMRk9OieRPajy65uk4uYmnDpANHe9WKtfb4WjnJfnvyP7UHnvcSdeRV291ZBIUUbrkfpTTK9GCyhaYHQiES9D9QdNQm5A25C6iwNBaOPBDUdrsABdfzSsXr9ANNrMhG7q8G/cGNFlt5K84FJEGHlTQrmgPQ5IiJ94TEhXZhAEFGX9w2r2MxvUbSYq03oUnnKHqAwYkke9TqLItrV0ueXdsz+xm8C48kXLX6wOQ9NFhTRynoa4xZEEHo/yx/Bt3IadbkUtKPM+kJ/Zqj8SDr7fKKUdkjGSeQ+6n4ZlUf5/VQoXzVASQ2HOkJKF/238wW4cb+AENthW+AXsnp2CYVTXghNJZb/aDGpnypcPZOPGu90VGR4C3UarJiZSyIxdUo344ZBM7Z+t2O2htyTETaGyv6fpgjCo9Mh+oibcElqpE0DHpzrUGZ+jJazbHnn43Ck32JLKwexFGnJ4VFIXZSE2hyaqGBzDDa+iASYUmdZmqa6ODrxhngIF/PGIACCIGfrbDqSw44fsUjXCK+K0tEHPuFbsZbtUG4glSaeqg6eQi4egUW9pUC9c2bVKBjj0g3DJkEV8hIjAEQ/3wept5CpW+1SqQJ3HKNbeXMhPTXzakwDHt5Sw2nnqbVyVs7iRFLDeVZyyHxnWraZ2izm3Z4DQo0KVzhzvbUmuDEMfiti7H1y+ngWyxLq5wCoNltDs4yOh/u9Zbv6Tmqa16Oo/qo9nk/Xue2pnmylCJT2oo4JxJpuQbhUJOJdY9vNRxs4lkySW2BmVmpjupWO6utMdoQSoBEHBYwd2AGBLojvdOFBQPOiEpKAHj4ojRrxZOd+la8x89B0cVETwzGRSF9Q5E8J292agARJZixdnRp/ObF1nUSv4Wr3mlH4MO3ne3sKRqPnHXPbdr5yrzdCyQhA0X+A+PlE1GHl4X9PsuvkBdwz24sWiHaKIIzT1Aw5mfdF2p3kyK32NGuRuglaDXDrWWZBrFciqQVOS/roNfkmDrAzUuqPRt7HOZhO8I+QyBRrYDOD//T8HqJ0z99BoqrtFcYSOKH/HKOpPoDD8vXohNgNrr5+PmPjlW1BSoBPLjn4EBRlpVIm4Yafiy4rt++hGPjVoX9jh7qJdQSULwv+SPWMoHzv4vZqp05+hQIB3uMgM1KgPaNAQ/eUZwnxAbtOJN5T6fPdrKgvHMmZsE+jIrYyClLR5g/Bzi0Ol6C5pWXUpgHcXqHk0SbPKRUYqSk36BVmKDxcU6XJme7NV+Y1zUQTDTLkYTEx9xiSGeckn3f1569bkWOJFlES00VI+7QEUcgnfMUgHxKpeIxQeqs1ypPux8Pkuq38guJpr1LmhYyimiymPt4ToEwp9YnL6Q6axqY4WuDmphXK4XwHuzO75xjRNTSdl7OFYtNaugtiyjFSTjPyt744YhtNmbokm+/YkLnI+aO7UhGFnUPJQQOtJp86N3gBcIQVrfaAFig2H1orB+j15kPViaPPTXO31sTMu3LDg0co95xTGtRrC6ldCXoXUIrBB/+lXesb8hfGaojK3QQ0KovV1RdmZlTJpnBSwgLzjuWB6F9gLAaTCMPy9j8FDLluSTUC4JuTyNwJgk5at4YStkl+2Wsny+aDDwsS5GlEoviBdZVWYFb1i/g3scAETDt6X8cmsUD3PjzJL8jFl3zAMQy34mZAktzFTs5HaMDHiHXfi60MW6bzpY2FQvgMs4z/i+b+p0lm8f50KS9Gbz/116c0EmW4R6uDf/akko7549TW0uAjeSPv6M2eFA+dnouD/CqFuIVA+Q2oXG90tIkcXbNcy8ZVy2dG35iva9GTSVWLuRQJ2nX5G/46scBRlMK/MLIH/AnEqrrx44NwChx8g/0KwRJgsRqmZk26gV9DUAg3q5pb9azTabGDz7OtWKnTqGLIzSoz5NtjftjTxPLwNzeoJeN0e/cDl6gKJkG6jyRn/C9F5PWTr+keMYFkQ/UBAGrleHYJRj4lVG0tvNnzlGqwgIlvQRfN3InITQ30/VG3uaIMO3D1ttj9n1BoBj4GFEC2VzpszI/mK4y0PnBc8WPvXQCax2r17y6zzeoTcjlMv3wNFSsEct+RYcZogr2Ry0wNYUU9PAqlORulWwRLXos3YM7Ii/PLqrib//RPzBPc6T+oQVb/jeORRm1c0gPU0C6fK9QBC59F41RgHeYvR0aSTznmCQoMS1dG19tmNBlJs+SWLhKxr4vDs8xEQmWircAQrQRTqCyeUWw2LP+GSWews7zXCukTP+Nb8GsRkcq9SJ2eT0cYSNlLdrNkUijWSyviPvyZmKh+6bjPEzpcSt7DUwM7jqipmIiRigpmD5MFXq3zIPx2ymCyN6wDRk8eemvCw6eXif+4rjkBHC0XsKWBgb/Yf3QAt47+9hbp0xtPrUIht4J+Nwq+3dcz2aPA/acpEoR7RIT7
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:45:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e117ef-17a8-4974-bfa3-46d6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:45:03.000Z",
"modified": "2016-03-10T06:45:03.000Z",
"description": "Locky",
"pattern": "[file:name = '765uy453gt5' AND file:hashes.SHA1 = 'bd2846e87e4012ea72a508300de8ec3c68778fea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:45:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e117f0-8998-4652-8b0d-45dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:45:04.000Z",
"modified": "2016-03-10T06:45:04.000Z",
"description": "Locky",
"pattern": "[file:name = '765uy453gt5' AND file:hashes.SHA256 = '94212563ebd10f4fbd52f203dd45c939e9ef097b96d0a7ec8d9952e8369b7e75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:45:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e119b1-d4c0-48fd-9311-4da7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:52:33.000Z",
"modified": "2016-03-10T06:52:33.000Z",
"description": "TeslaCrypt",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJA2akjIgjYW+8EDAACKBgAgABwAMmIwMzM3NzRmZjhkZTk4OTk5ZDRkNDA4MTVlOWRhNWJVVAkAA7AZ4VawGeFWdXgLAAEEIQAAAAQhAAAAHK8cichvpstNlSGXjII4Wh2HQAcmu807sck8/poTFOLPcq63K1DGLUuSDBxgvivRl6CsYg8W2DMNHX4MlBdwzZa3QAkplF88sSK0fQbgNMh6gVCA2wp8X6JaMQCPt9nj9s3kwdliNUmfWLjY6RCiPItlZDqu/4XocL/HrTeHl66WNBx5Xre2MZa2ZunluyU1JCmKVmV14nzhAoYFcxq566WdkyLbknisZ6o5ypnPac2YoS1q9NR3ptxGmJWGU+GqAyxfC6MBPRMg0x4LFC4+sMgwV7W87eb3gcyuN1dJV5VxT3qvVrKrCXD6x//FbFvHqHXq2USnpq1wctyzw4jccmS4SenNck4vTlYQLqOwYezBxm2uVx7wpBzgIoF+mzd6CisyEAjizoAglGRIdHKcJgHw7kuslWJFgTva9B/9ND8Euz5z8t0GCYWL4gsp3YrY2vvSmTHmWWtn3Il48jkd+RJAjh35AG4W5ZPg9hQ/MOQg1p50W2cJAwvaHq20heQNq64et7eddx8Hg/bZnGX5ShOvsDYqliocnVPIum2hO8bkIeYKYokhaOvrtYENpjiu7Zv7WycWTdLn3mm/laPQnl2BTA/RChtSwMc1fuP9QzbuHmqqK8zqlQkAYu69Sd+o5fWluqU7hyTVnatBYjTj8xEBsjm29VWux0oswxTv7EGUNPbKgcflRs568xuIGD6C/fSC0t75gMq0g38XuZpjOOcChP6jmh6DT3/fJHKaq5i/CdAz1wwq5EKEdyfLmSQniO/xbKhfzTBydwwFpUwOuFGfwiHAe66MOfUDDpgCYCZbn2i4ExdZq+Uuz32+Y6QZUCdAEnPza+Fjlw2gccvw1TF8ClwKKCu6ZQFfZKd3iuem8XZPTSRNlkX3+MdZCZ/4i00XAjPQBo7aDil3vJYelUva+AngbatIfiU7mu5uO//4WTgz+wjUR7mFZNEc+RDE7ZgfOHqyfns6lQKW2i6H2j2jkrZuXrSLajo+IM4QQR4LGVm9RP3+l+0uqyjVefoqZPYaQM+qZULSqPVk/52wCvwMn9gXHggs323cxCCB9sg8MKfhgEPU3gV6LKFXxwSW98Xl60ovSuGijdKJEc06j4l2N2gFPflVDIYpO+6zWeKtLBvXD0/BuFDPuLk922XiD07q0zLaTlIH1mvjJsFbHxvzvc4yUOd2DMGh042ebszUwdUSN/MucRDRlXoZcHuiJRfn+x+FX/ZQczlcCTvGS/TN4p9xtsIsDIO/HPqqR4GClWCtaPbDKfp6S3YzkNu5aI1hZqZTgYolbIenyOPdJ4HGaA14pf/kRbqC8do5YJEXN8KRWfP8HYFmDbVTHQXg3zRCEWe4Y0L4GBjPiNHcKLs8f363tiU5PWNC01Bmi9fse9Xl1S2scOMIrJiJz1r339yRcueF94cDM62M2Sy0TqMTocsspNGXgqrOtyNLoX7I2aQmaEi5/BS1b9Y5rkWTDt8Lq+k/frbVfjFeuYIuZnQ9iWVAaPh0o4HAaVbwIWwAK95JCvtBNmorohMiIREJtFy8+ZAlVuabiVFHLUwDb+zYQ77ZLOZ/zrzFp6JIkwq3Gh249jav7xS7Np1Wt/6dNRNo4qLPa4I8nqRfzTb57EW+V6Xbh1z66bpJQH14wxZul67T71AQgyqI05tLqZZsfUEpZZouvVyv+IVykJkCfi70n93/Gx9FKEJZ2J/WLlBg4iZ8CNFa2J3fvHLdkSxmVZVplj1LS/Fc2AcMIPvnSjr+e3Rhcw2VLxyguRRaTVV5ybVMDH8HpoREEEPuKda6QFne5kcpZzHPzrbyK2SoEgtpSorv8l9iJ1LOxAHQPuRG5SZp7muiJMMTff7PVTgb1u8gi309EKFQolHdgqGF6ePNiLlEzZ+QTKQg61CzN7RbHU2G5og9LcmtGhxmqGxZ4WvTBlrQ/Lfl2HF298y25blJX3ImiQ/Ph2AVw66qIwKUCZ3babdH6BOa7YGu7n0uQqw75bIXlDRaFgLmatuuPVnc/SCku295sW6d02ZZ4GwiyJIvU+5ToR63WstLxe7aMXQvtsVLCtLAs2HYQiMBuZHz3XbDPmMrGBu8mihjIYojIESced+1SHfq4kR4zLMhYBbyi4rEk/uao2aqetO6L1UuueisuxVoHpxOhyXJ18XyXzevwnB8SzCfc/xc8PrCrErW+pho55FDb+jyeUVXp+jgLXra6PYmYky6Pcwu8pJjvbpTMgU9RDB5+Ydm6TfyTxVtl3Opvv2xVqHlHGSVfhjbLD36udvOvr3t593kShv65y4u2+w/D6GlshCKQz8kF01vxOL4bNHtbJ1LQJH89wV49XE6fKJaAVSq3BiXBZHOeilus0Wjre3TrFglAFBc8IG3AIkH+tW7IXdwgXsDaxkm7/4q0zERNsXEhVJAA09jkZb+CSmHuY2oFnEf0kqPtNDoeAHGTHJQEvbzTwHFtegTMOhZ50In2/iVmV78GQiYC8BV3L+yWd4miBxOmP301zsNl1PbzBYCuXLTPWSmAUcDBT7co6KLhP6Acrv8GU7ptZlBpqqpXMEPjK1nE8t2ZwTMxH2XIiXFuO74e45p5DSB7h1EVfD5L855v8c/wXAwADIU1IfR+74qBNJEDBxUnk8POt7AIr41Vj5m5Xt66lddEbh7exmIX1+IuH5H1sYTi3FLLmMRS2PTiYywgTwukqJZpt8VyFMWoxqFTBMO7IJYQ5S+xuRjbcC1LvW9ZSzkvfN5iQIoLELoHgi4Rn1loM/48PiHKFTK8nENM8aLmBR/kjtkvtVTK3M3KtCG2O2b73VgCFNcHZiqmTD/nzj6z3EB94RvIUQRghTjeAC3K6VgbBmI5kx3IoQOfGV5kke7Exlp70AtlGXWy29g7YIMiJILKv+AosfLxS1Z/PoKuH+fZdtYJM2O4CfThsTp3o0q74l+Aia+17T9RE422yb7az0zM8NO8jBg/7YNEepcyLYCW2h2pGu6gm3I1Ftk9eVztzG249vrSM5M0HjXQk/OO/SZ6qgmHhwfuPdtOXVZCXCsHjN2OeabXoztAGTKEcwGX22vMrZSaEyuyM58AHXmbc3/VYBjiUqUCUhD5linBCQ6PoDlncCL0j897ZdNSzrGPIM2iVHW/hC/YMaBpugY4LkP0sTOswaVOh8x/gXLQ+3IhR6l24wHh+r47+RRkI/XIjOf+rDiW0hfdyZ5BE3MnBaujOQsCbjj2H63OXJna35kBop+r98gvSYKbp38ccWyv8t/ayyXCNsQPmgXrQbGip1UoGJDOOzYE2FT1YUwc3MWKmN+ieSoBb7cwrMPuTALXAy7wL1eOyJyj8ETgNaaloTd1AzU6eSV9S26WObVaB/nZ+q+btd3dREdChgAlsLH5PxfRzOvGC+2D5G1fR1OPGBHLCUfWr0io83TIfJfZtgkx+8hRjybfPXrHvz8nlY2kmVY34UZANGxyAF195bJXQ81z9jYn5L5Ek9rqYveNY3LAiXxI5G6j999NjoNC8Fivo79kceUsGo/xdr9xf1yrFaL4IK8AO628hpEVQW61hqUEpE5bz2vDueA7MauqSZzbtRgk4qF7VjszIvDV3CrsWzPY3m2dq/L1V3m8jM9SLGTsIRyLH++bzxLlp7H7pkuqOTekDj9adqP+s3rU4b2TlMJ3EQ4eaPd2uDXNGkPeSdchLPjiJhCXpIcArxWw5I26COu289FHFzzj4ROEWiwTxWfwwCMplSuStJnWzVTEsTndrzeXSWZcOB2O6T1ddUctSSb2ZMzncff9veOrC7fUomJexklctEx/14rASy/awvLcfaioJizPZcZP37um6j+FXLsFbs61wE2QiLKMI2fU3S2SuvtWJkTQtjA/adgDcD+84DE1ejFQiYogROKmPDbZkapFZ4dchFsQdBUtAdPr9MS2hF9FbG0ZS
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:52:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e119b1-bdb8-4734-be5d-43a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:52:33.000Z",
"modified": "2016-03-10T06:52:33.000Z",
"description": "TeslaCrypt",
"pattern": "[file:name = '80.exe' AND file:hashes.SHA1 = '08d493d7afc20b9cfce70e641fb07537fe105f32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:52:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e119b2-5cc4-408a-8134-41f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:52:34.000Z",
"modified": "2016-03-10T06:52:34.000Z",
"description": "TeslaCrypt",
"pattern": "[file:name = '80.exe' AND file:hashes.SHA256 = '5863081c8714364fd4f88667667e6d8930512d30818db66d96317790385e4336']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:52:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e119b3-0118-44fc-9333-4836950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:52:35.000Z",
"modified": "2016-03-10T06:52:35.000Z",
"description": "TeslaCrypt",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJI2akjz7H06p9EDALfTAwAgABwAYWYzNzEwMDQ3NGQ3ZjU5OTMzYjE1NjdiOTlmMTYwY2RVVAkAA7MZ4VazGeFWdXgLAAEEIQAAAAQhAAAAIHxLx4zHoHTo9gqDlKAf4a63w3rdd0hjgsBlff5vAivw1AehXWA+/IvWShDS21BP/vn3djTv5JPGwGzUb3Slfn3yjS050FHaqX1xrE6rT6fxfaCJSe548osGyz4V9U4jBTz16tNRviEcecFdCb1dbWzRs7zAbsjUWQ0rypMEY97erRLCtKJ2yxPORJlH6NY0v3zy4N2wDeENnk2zpDi0zREYoj7myPwpvh95IOgoJqr21AYibp3JoqI17njXUb2ZUAch69y90STTR0RWqOVOU2WOsnmv6vDKHFhsCgsLRlbQOaAZXzOkCtOnJXha8k7k8+Wvo5b+IcY+gwV0gklhPHdwQaMGUtULpKi/zTgJc8465h2ktuiwjT9gAEhfIeARbEU2fx25FLpWF8GgTVBJfNsJChx4bYQ1vj7MaXbxxzBO8QyvA+OI9atbWYjCgyum96I57R4c/e66npNpHFLccfs/ap0D6v+9qpN+nRZYXARv1+IvH6Ujm42ldGsTSbJQydmoHb3Qdqr3jWZj2kHrUzVNtQHY5FfiMenTGMdzvU2wCqa8Fcqg0aa7Q97qxvZdweeNO5xhe/bosMz3k1QZ/zcx1Bpjll8HQ/inmu57flItvczqCuuJrFezgnTCzQgxhKSoPC+uIbLVGxF6opeiLO98cYTp4r9JNO1OIE5+nZJRcZkK9dfhaCJLVOXcKEm06h2voy386R8U5yIXUKMz4QH8dC7/gsaCV3eW/TD0QLAzdEqKYjkqSQru6KkYNj1IASwGsjZFYaDQjk18surKpZj3pTTnRs+IDSfx0HOXzXUeBEWTNqnkZMtWsmsauLV2MhxEOGJOYGVS+CRyzIdW1eONzWTUqPsOWjmtWh837Z2eSbYlDJsAxzuH9GlOYLQmOlwO5UsPMnzfpZYfJI58Ggg/DX9MeTokzwxCWV6Ylj9L63DbSsr1VgYzp4A/dMNwXxWAGHHYqh/SJnMYHt18WuEWtCimdFdenRi+gmMC/LonEVvJ4YfChQ35t1VkC/Lx2WOtHrrCPvNwFI0h8RHx8RG7NlgOMFDJDY9DMVYLKY7MYfymmyOiRxy9lIpnghPhMaed1oVVvI1xaqUB84eQGzVE2cOTeYssNVllRavU7EILo/aEviVgEyTnaFhW7aAe+H9IxMgEwnS9QFDx+S6MuU7DRKZXb7oEkUQGhjTq/IileAa0c+EpNEC44yPH3oF81rocFwRgfHhL16fQvxZCyl6cvHguJx6vf1QD37/y/6QGs6GPigu8XZsgXf9A4O950KV/xmC4Rl2IN6CoEY+gQEBh60kvNKdJ2FHGtVFm1OCHWeH8VJHp56zhMjBV8B9GZ/tuics/EAS+j9DKTQVpcdLvC1a5g+c5kjJ75h9YFGyZ9g2laMCRmz7XDkimlYjKGXj6eqtaMocTcqIRxhTtATdnMfxf8sg07TPLKO049II9Bet7A3xw/S4g1MzBLXMsTQizetuTv1l71l+mABMLivWrGdHrgSSGfEc7VFD7V7oeMcsbDyokDuJB/diCzn/Y9oHxzgOaFcPr4FJFFkNGM/mazqQwLZwmzWRab4cMkZc0w+kcQsyIQIjtGHeeUDwpF5nSoTZHrZJpXfpN8e/iW6DO1FZzEHaEMZfxnH0pA+6qusSXO4bZhip+oSJ/Y/4UNGrqaw75EfwnfI7PS4tm9wu1cr78NtFD/iFiJ1R5rSIsk3pa6MQEx+D/YSEElr9khDQpgMw9X7HIsE3vQFrZZM9iCgFyl/j7xVj6R/567Bd13fcSJj2c10t1t6Ql1rON0GtC+x0T+QrYqnd7BjwPBGDthyMltMWYbN9pG4ZPNx01m/Zcrna8Dc7GL/D4sKmRLjMqapkoD6svxHRYRCSokGqlsVxqqFHO9QSVmx7Zncm+4juY02hnI0yPp0Y1bCoOiXG+O//sw2gq3xll2Bu7kKMT1WtTCTUtZFbIU48kh24sTUqY9biP9/4s5d7T6mihk/OOlXbtoHuy3LOzf23P72Xz3sswG+jl/Pon6l108zCkJGMAXbTd6eslNL7mLFhy8mOaxXtGAjwKgjPA+DWt08TLFchQTRxm7oHXrzwR1lxIeH3c1Z5WF6uMVc/mton4hZBYOMVxi3+O/JcB7Acm49SWg/n3IcEpbhc5vR+VA0wuuuXdV6Yst9PoyKxxKbYPsJYGOvEaljs31wgSOyTFhV5AmUGZIpDiC7PSP9hBieriOJtyGRH9JPrit8MDh+ePxtlD22ydaZ1v5Ba7zJGNq3NCPlWN5PAXv0Lg2gSHss6dEtEp5ARcqP9OE0CrMMVjAHFLdPVZTVYF9NOKWOetehpEMhYIGmWEJzLd6IveiQZdrmu7KrrSVE/LPeMDmPuQ6Jl3+9w10WUrRrJiEnf4a87QYWi0RTGT8NSB9BHZvlVNtbW1ucCRrgkCFxFcfORFSChDKgHEYZ8hnZA2vumX4K3q6TTSmy7hzLU1Y84qJIDEpeUyctuzjA2c6snmYxpIR/0H5dhD19WYKoBNF0qaAHohEiwsctM9MCVazL9K+PfE7+xOvWo2y1QWDA637aZhS8u6bfGlSOcVYVIWlzpqO6PiVAkIBcyd471n/AthyecRAHvHfXeGOhemPnxW6m1AzOXOUc+8++VGAR4mqCVuVDE21YFywxDi3QwROhmLiX+iRnBlB1Up/PKkYGsYdFvlx0LqDP36Z3elUWV09GnReZ5kcWld8MHNX1tIpZuW1GnDdnJRoG2w3gWJTXpki0Y+aVB81IwtS0Ooyp22IgJ7HH/WhckvuXmaXgyza5YNwtbVRndjpPLH2SttUhf4huLxAEA9sryNTcn/jJiXWoA1InUY+V3t6IuzZGw8q/IwXpLR7fHVzBXPpbWavG1JjdCX05hJQ/6Lb7WHCj5FmkyDqeuiS5xWz5ePIamdlSU9BlGwUdcnMKEAkJRdpjYuer578i1gPUnr9+jfWb+dBg++oYXbyxCNyQqaNnIURoGAybyi7gBr1F2yutnf5LuZATpqWjpqNB/XGLoD9z51mnc1J4T1obTMJjxaoResLqbcEjsYelCz5W/MZGcmXCsiFdoMgG9wzWOf83oacg9KJxO+TGfYFY6cPXgh4GZPbYo2NHjSgsFDzb0Nv0v07U/vpeEsjg/D/KwpcenncNSbKoCaJjyzq4Bvlmp+LlAjrG58K2mh0r4V0TwjywfVNTo5SlbseD7Y5NslVMJcTNt2ggyUnSVHLBS3aKGcL6tFKxq7BP553gHOzrKH3GvDxHdPmeCGsz4qO1oCTIbWVva7rX16pclshSBNvdLx+ZxUjqnlB/Pgv9kp/+cl/wlBfN7WacxATuaHlUlJqP7U1S7tTIpaGemUP6SCWOZED0QfktkWKWbUHzz6Ggy17JK3cRXqdKh2k8OKP7Iija8YohnBbH2leSfKUSvNMgr8zfvak8ukzLq/51lui9YsfCkuiTghIY4g8ycYyHdS9VRx8i8GcqPkgDnJVMqYuzCS3DUYj8L6UR9KDQR9WdR7hM1y41AKkNF4a/sgcz4N9AgZ5hi12DpWgy5xnhQLQN4UUqaKsSsrBH318+sr7VRN6lDXN4Fu73zRIBQ6V4h7f/jkeYexIv13tOE4Z9rd8IWZd/Birtk/I6WIyA5ihLpB6gwKcMXuWMV9GkUvuSPVJdW1u499TIyCZyVjHCxj0zvPieagym0OPmNjAYu/mAmgD0fDIsFGirS+ksVdxiOqvkCb5dcOyOm9yVAIE2D10CqSCiSY430PTnXLG6CtvVHOU1NjvC6DuzEsfkyBoJkWHSnqBVqCmS06RKceFo8bzjc4apKY6RNmju4eNCy2RfuRXw9eKMNvpISgHEpYxtZbD3GoK+75FULC89qr63EnDbv7VTjkhFWMNK1oDhl5RacWAFYkiB+4DMcG+soHvDix6ox+mr
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e119b3-ebec-4ea1-9a1a-4581950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:52:35.000Z",
"modified": "2016-03-10T06:52:35.000Z",
"description": "TeslaCrypt",
"pattern": "[file:name = '80.exe.gz' AND file:hashes.SHA1 = '84b9da7aba08ae045cbeb79feacdfb38baecb4c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e119b4-1294-4866-886e-4537950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:52:36.000Z",
"modified": "2016-03-10T06:52:36.000Z",
"description": "TeslaCrypt",
"pattern": "[file:name = '80.exe.gz' AND file:hashes.SHA256 = '2b602a949a0e62c5a45549fd91ce1777ed1dc0b05c8472ae3ae224d05fb82754']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:52:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e119b4-852c-497b-ba37-49dc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:52:36.000Z",
"modified": "2016-03-10T06:52:36.000Z",
"description": "TeslaCrypt",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAJI2akiJEfLht84DAGzQAwAgABwAODQxZDc4M2VkZjY1MzRjZjBmNzllMDc4MjRlM2E5MGFVVAkAA7QZ4Va0GeFWdXgLAAEEIQAAAAQhAAAAeTATJXEu+n1kwq0peBC5R+25SQ8EhfPbnEjcqD5oTY+KcfGaSrx+SFqmnjtYzo4cIn9yjoCVI3jLNeUQZLb3XpSHuvs70ZyR/Yjwv4ZMWNCmomI22XGH3n9Z1FRHOGYCl+ed+xjgeywuBMTvmoA3b3aPpcQbDoWHQ8cmmCeO3UvFDKMN6xfJyNmXKlSt6venctDn0S9ukIBefcEcz7snaWdx7oo1Tv5iUYgMiMWgKigbch25U5RbZHNczCIkNy8rO2rXC3ly1ozVBhvemeUJdaBPzLmAvxzElrRqV1xxpRgUQXG5QTOKtk5odc6CT0TPBnfNFibjUW7wqv/IlEKIys6TVpKMZhXFmrdDlCFLy0iXEwWGOnnwef7eQ9olozU8RkQyIf4qA4E4N+/IteXQCf7bqtOcZnMEYyMSEGMECtCJBZYmFwJ6B+03i3dYKcjuqc0+0jL75HpDGTzdVzni/iiF28UHjMwrmZWGJN00IpfSAJzR2KjLlIzxA4za15puEqeGc1GbirEnNQSXpfkrHMWaJagaGjNofP4oQaFtQT5v4C1BGv3yc6yfQNGobJ0yHwDTHFdjDrngCqi6tRS3QZWTCJas8arpvf0MYB5OFoP0XEFnmJrQQIuMycxdxLCX56nZI1PyXlH0agXCnnWJLrFIacPjFOha50CIsz9p1GGoR8pbCxMWBmFm5bV4NO+dPodgPfXTyfhhj62zl0Ey5DiWXoJn2o2zeHbrMdhv0mV0THju8dEJZG6+DKWs4+hWyaJtztZZ1J4+Y930BfDLebCpdLj+kdyvMwkY11v2ugmmIWKAMpyo2AyK5FFQnyVy6c3w+itWK/D+Ao1rRd2CnjpCd2EAbAVZDlu4UqOJ8HPXpTBb8JCbT1f3hrjI10KmqNMq5NX+VkWx6WOTb6pLOUBGz/BFlU2YiWfH4pXXEUoc/5OAQigoHyKYXwq7t4yU3l/mX+5FmSM8VBVSVvD01Zy/VMT97zUp3sn503xB+obuQagI5VKKEhgSNvpq9UpxhNsTcL4QLx9NKJuaNM1YTeAqxbAJ5JYKnLdAxMf8i3jo5qqu7f7VLfwlyC/Damj8ZazIxl17DsCBd0Ax/4/ZYxiL6BqfdFa7Ss3U3GGBRAq5oLzC2MeQmY87a4JtWEu1AZtb3cVfGXuqlgtGrTI4qNXvmKfBGCRmRsION235hoMcOCY5i971l7WNJ9SJ2orxGdOPQlYTLqFqudgc8bRpbgI0Bi/6eMT/FSgozYr23btIDMf04yUuOLSEDAXnj6x+6DCWQ8OCOuiDYoLP6wLNHjU8uFXTpoHsrnZuYZgZP7FGHja39vqSjFTD4NqLXbkQlutME+1FJKvbwydR8Mr9u4Kjagb7wR0c51VLZ/BpQPeqoVfgvbG7QpzcTqlDBLpJ6dbUqfepFofEG5eC0evBWqOodgLFNlsBTKraQ299frLb27Eo3qSugudBklOWDzDuaR/+2z8OE+UMTzyKoaA5lyIB2yrNjO7u1Q09imZjQitlvlvLSOl7lkqVdy7GtYszhjEjI7jWHCCdtYkITfVs+SQMU29yk73ZKcHZCD6Cf5scWOlqQolA+5K8xa2Zq9W0MYSfjiot0L/kcB1+7lNLO3jyQEkpFkiEe/hWisGArfxxueNcgFPTfDUp+ATgY1DFmpXIYcqNeBSrleETVAI4DMfwjCDZCohPCaK/X4vW0RqjofN4ProCA6lbfL/IyjdWvusblvlXjOQc9+YkLEVzJAfvSCcN6+1ljLDDGNmC2QPJdiyYNDtNOAw0xML3GLgfz+4DJnmuKSMT2Ir+0tN29ofp4R8aDY0MLj+LdEJuJVnhO+r3fLsMajpBStGh0MflE4/6Sli9zeEMre081XES9d5F178Yw2cJ2fKREZUTyXU7irh+7iHDJbUmVM/Sqw2v7shW3ZPi41p7mziewCMuSbHS7++gVR2XiCgLA1roK9swWTneWoSn5v2K7RQBkG8or7dA2qfThALaCxc4qxwoKQe5q6cxs3CRmOpvwpza+XQyi4YUJ6RKr136MEVMSezQJ4nDL4b4B+Vt4tW0maKM/BLZaWptfyYHdRIaawlO7v/Rh6kxZML+FiYO9eB+FVDdDAN3EyNHOmhhlIGghj5IT4F0WPyMA3esM7fxbEZTJ870678HzRJJ+mCEOxoTHc4Ue6qpkKwqei6pQXfc/ct/77AJRfbKmkQjXY9CD14WN91G+IXvX6/4z/qLdfMQGPQCIfcT7ywJxvrfa06yb7NqZtlVBje6x02ynhBgQQAtqHbd8aEIpxQhWG9jML3qXkw9hb22BMvx2xIeUhMHlNPKEk5ouBT3w0VeOL/sY35sl25PhIS2iPlzGK+Met5k5OQ6BEvTKruKVCmlQHMTx0dIMe81SwCI6R8St0P1dtFr+L04EjVPBXLzLbdo9VUVkcWeBb+JlAghOoiyA2zlnQn2CXjsFfJ5PUyqov2G+cBFV32DWjsERcEYVg+cF7cxZnqhaRAlxA4S1PZjVMXg3CvDzUdPMXKXoBLPhoJ4J0R3c1ceGxhyj1IEbSssGOlK7ZDSrqMuJdArk2eVeCE/mBDn6xJ6UpmHrpkjdSSzuMCzmY5GqKcacCzq+omfe1NyVYbdCIp861TRRsQ8LSx94iIINZ3mxt7A088o6wi9FkWMNoh/8jqO9Ijvi4sQlV9XHAmqlbigCDZR9HIUQxg6TxVmhmeigsyndln98rt21JvKOa+TfwO3wGnkmvvR0imLH5peeU+e5rMmrWk9Y7Qv2BYyNCV0Skso00mEu7+K6FGly2ITDnzkSvq5GhtY21B95nRru7QZfpCNjNgTx8Xyqoq2mfgHSUMkdws4cN3u1j7nuEucMNmv4SHjq8DIh6a+fPyfk2lWpNElgngyn0VSfzv17xAs+vm61tjXgiD3jRrNz+mXmtzIFQFoRCX+YXj1PRGZYWy49+00JLH3WpGAhN2JnraWHpG+xmPqZqDF2NVpWARp3SdkvKxnHC6AaZHB1+hYKCJ7XN7WkTbq+ta42imGd/aPLWBdPgL82p/3JStjrhPk1JWvDihxiXcqpbdl4Q+o316iDVV7Jmnq8Df8wTaEPvYkbYMZ+9XBKHAohc20qDCDkln/aNY5qwO5cOtF2eqtD7AdbqsIkA7ORStVyMMt99XCYy/V2g9Pd0XWxEwDkhtj+PNFuFH7FTIC4fGSBztTw7/mj9sbB76nV5OkoT8F+OlqCS/Dm8iOKsK9SBMbbuxh3q41symtEbAGxvn/MzyzDtgGT33ynSjJuVZlhOJ8N606Y+F0ChAK0Hwq2TOh/p8VhYxPKBGll0I2GwxXsWqvr4KHDEgJ/HLot3KCq3i+yWVL6btpWoC7OzmGVuh8iKS9NxS5gWmynSY9JC+2LdTQWalRBeGtGk7vw+81LmVrmGjz32ajlb2cUYk5IPna/KyunO3C3q+adskI7EuqJIVd9QBuY/x+72wCr7oZRcvQpaHhJfIX9GpvvbTlNA9i0f3W+KCZAbjLhk8gSukY+VZ/Ze7mCb2KNQ71b4GWa2rf1M4aLLIeyUt5zkxiGHz9tzBRqXXkPLa35L1AUXoID6KIXnTmTZ7MkQMCDqDvXKNKTcCc4lluIHXvHWreV9Zc6beCJyK2z8gbOoNGpONEHqchRiEWLHuZAqm1i8KpCzf1Koi0/iwsJJW2Gfl2eGyYhf6N0NlV02qiWVTmzxdDzkX1jKkRFh56vtleWChahYuXK4tWuYTMyB8FHVH5m+IGEYOBMCllzT5I8O/Wum9nVwqnB73Lc/o40qK4+UE44clARSCMI+JfH8P8oB9BYLkll7N6CQz/NXjTkrdHZ9Ww9UF4xmyI7oKPXxDNp7IzezwOGa4SiWZYvPRDCfxPRlYqFU2oOYqpf/dLPWuDUJyVu2aaVIZLYBp8Ru8DSX
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:52:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e119b5-d068-4f79-a60b-4817950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:52:37.000Z",
"modified": "2016-03-10T06:52:37.000Z",
"description": "TeslaCrypt",
"pattern": "[file:name = '80.exe.gz-2' AND file:hashes.SHA1 = '3802ff83640b013fc1295d6a3191fbf18a1846e5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:52:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e119b5-fadc-4715-9f62-4760950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:52:37.000Z",
"modified": "2016-03-10T06:52:37.000Z",
"description": "TeslaCrypt",
"pattern": "[file:name = '80.exe.gz-2' AND file:hashes.SHA256 = '019cbaf5d6e0e88ff36ce1be20dcaea0c72c3eeddee27f4773531d8b66a2ca8b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:52:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a49-79e0-408a-9404-4ae0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:04.000Z",
"modified": "2016-03-10T06:55:04.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[url:value = 'http://ahlanmedicalcentre.com/wp-content/uploads/wstr.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a49-66b0-4a71-8eec-453b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:05.000Z",
"modified": "2016-03-10T06:55:05.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[url:value = 'http://specializedaccess.co.uk/wp-content/uploads/2015/09/wstr.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a49-3da8-47b2-ad4e-4682950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:05.000Z",
"modified": "2016-03-10T06:55:05.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[domain-name:value = 'specializedaccess.co.uk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a4a-e794-4941-900e-40e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:06.000Z",
"modified": "2016-03-10T06:55:06.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[domain-name:value = 'edge-institut.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a4a-e62c-4d9d-96a7-4419950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:06.000Z",
"modified": "2016-03-10T06:55:06.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[domain-name:value = 'ahlanmedicalcentre.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a4a-6758-44aa-b6e7-44cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:06.000Z",
"modified": "2016-03-10T06:55:06.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[domain-name:value = 'cam-itour.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a4a-477c-42af-9c90-46e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:06.000Z",
"modified": "2016-03-10T06:55:06.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[domain-name:value = 'www.informaticauno.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a4b-2ec4-41af-aca4-445b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:07.000Z",
"modified": "2016-03-10T06:55:07.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[url:value = 'http://edge-institut.org/wp-content/themes/bstr.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a4b-741c-4756-bf7a-44bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:07.000Z",
"modified": "2016-03-10T06:55:07.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[url:value = 'http://www.informaticauno.net/gamma/tmp/bstr.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a4b-6de4-48bd-94bd-4274950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:07.000Z",
"modified": "2016-03-10T06:55:07.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[url:value = 'http://cam-itour.info/users/28c4fe1/wstr.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a4c-f22c-48c1-954f-417b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:08.000Z",
"modified": "2016-03-10T06:55:08.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.233.160.146']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a4c-f064-4128-90cb-47fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:08.000Z",
"modified": "2016-03-10T06:55:08.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.105.62.205']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a4c-0248-4240-9c3a-4bf8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:08.000Z",
"modified": "2016-03-10T06:55:08.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.168.47.225']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a4d-5b58-4a82-9f43-4918950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:09.000Z",
"modified": "2016-03-10T06:55:09.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.40.132.132']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a4d-6790-4d68-81c4-4c52950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:09.000Z",
"modified": "2016-03-10T06:55:09.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[domain-name:value = 'informaticauno.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a4d-4428-4553-9913-4dc9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:09.000Z",
"modified": "2016-03-10T06:55:09.000Z",
"description": "TeslaCrypt C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.87.28.241']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a6f-0dd4-44d3-a5ae-4606950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:43.000Z",
"modified": "2016-03-10T06:55:43.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPY2akiKJM5eS2wCAAB8AwAgABwAM2ViOTc5ZTE2YjRjMGExOGVmMWYzMjkzNzA0OTM4ODBVVAkAA28a4VZvGuFWdXgLAAEEIQAAAAQhAAAAlHeKYvagnrvR+NDJo+lvoJYr0JbRLEJnEGJHiWTgpSP6r2MpMiBOyDtVzx5crhUPp35mFiMSZE2HvhtaOJQq5ioltQhJNosbUByOuR062BghyXlaJC/bXRRd7n3SVgadXghSLjLKqqU0OmWDYpSWaiyvL2yZU5nxPRFc1Llp8pH3Z+88pK+3BBq+5aGWokdXqZ3JDMFYrz8vNxlDCiazzm8HddMn45FO9nm/XMJLHiT23e3LGQ/DKxcASpqeduBoVMXYRtGjec0XtSw5Fbkp0reafmF6fqI7w67mp8yZBf+1x1krEk62Sq/4nsO9r88GuW09Az3qfkomltndVO6sV4dQauGFb9Y0Dv134UkaBeDD9HQWm+eKMe/+5bklT8WrPIRQN3UutHc3IzpSFESrLwip9qBTf5ew2jLZoe/yfI3FBFFjL32OOT2p5fIRcby4o90Cc5JP4EyOvXzMtEnJl+72a9ICjwDehJH4l3MkVwexXL980mKgiC1RbsdZRc+iGBdBYkZ3GLsTjU/yhiQWWODoS2wEC4bM9VIGA7R5ks0PNc9RoMKMqXeWb8koSkgFVE9XusmoiboKlZgQqMtnlHeciuJV/E/ekAnUzmd8WOyQcJGEQ16B5HY+OeoBf7WGDvOYyDV/5E2UgThwLC/GfjHmIq+BKFV+u63FFO9obuxP46h0EIN3cvwKfCFa4Zn+w+1jzZ3mAq4GldDHDbsVOEd0WNwT7+4xLhmUfM9sRi0MQchvU/a1bzgrw3sUpA+LhY+wB0Gbs+YnIqh4KS49nptsnjnq1EE4aSJeARiLwLVGiw/Dwb2rVqwmhuw6X6SafD3UNyW0iaWPBkYoRQ3C30M8xJeFBtjQLKyJX5MrhexGJeB0f02VmU4kjzS6o+NMCVrioovTInLLrctT1TFvPQ/r1HvVvdPMYrz+uKPPZjboz/wZzAYHctlIx+cxGrH9PgnyUTsg2rRG5AL+eRZkV1ogW+v1QXzYP/wdM28VBVp4rpuILvHoKjPWrpPwDeRbcxVUo4gDCfF4jG7n+DsR20SBof5Fac89SmGTUMoSS0KAI2Atr3YSp2UMw0MEIYkF/bo3daTCeD6TPPHuoXB0jFM63JenAIe4sgkCd0jsMAStqknn6LqAQ9H4ixzEyKtcye9ZEW7QcG8Mf4TkmDAEBYCFZn7wlVPtEKzqk4a1q6BTOrkL6h+3rFqODaKc3annG3Ne4rhBwtikl5S0N7qLudMudDbLyXvqCC79R+Ptl8dkXF6RziIYOM7fPJfEH0brAX6NKToDf+RX1yKiwArGIXLdQt3lt9vx/L6Um7/QtaCiCfi8KM3AEJ7GlAUoBqkceObBmneiQuQDGvOaEUVdsClT0W+I93jHaIXhWTnyhlBskPEDxBRLaR+tou8d18ISEjOnbrKK9ddaCDofjUQo0J2WRT42kGcge8tDPn7qduzgPRM9kx5E+drUKB8p1hdxVj82qztRp0NW/mpGRtn6LMHXE5G2UObCh1/qV2MGPCwkSr+KtfpNiNEdLZ7l2duxMtnl5qETcnc5b0Oj7eOHoqQ1CCvN+upHfN48M6mV+hQ2aNvuAj8JxYd9Hy+ZMoLXfh78v+OUibhfAGKduA9tKH6vKB3AVXz2NAeahtAdWeGTNPg1/ZtIFG47vCn3Y4teoCy4Nq+ItJDrmVoXHGIUXbLZJ1PrRHKI1z49rZs5BRcSN/LvY4x4aH2+lVeC2o2LFo/rsQeHAOCOJcngUN0C75TlSkU0vmUsE79RgRNs3SBfo1BwkbvVFkDkVFsYktcgM4SAGdXVeUoJHXL3tgDFaUkOnebLzshZWOcXrB0KNS7to8kKJRcb//0awBesLFG2wH39/da0l4gNt+nkN6eNVNX4FwA1nh6EKfIuAkKP3KjXxW+MMAeGNI4s2bG90vp3JqFqPBN7p3OGa16JjoaDpM/f0onLJsUNE0wmTMmAbQnTq6EiqSwc1wifbLkcWDrGHJ2ZLc6Z0znrjO+JjWP7aIhHk/P780iAURUhRwIJ5WYL7yCJ4yJ+2pzHNk0faCrHWOm734OE4BfP8Z4Z+3uCye4dN/V6NqMHXWNQDolwwlEjMD57ry2VTc4KQQpMgHwtdIV2ixBFmDHTfmn5KPiyzb0krXSCTUc4jfJO+X7m5978RsbvB7jYghtHSJDt8EQTsztyHhz+CXPKPTDWXjc6hhEcO80UfyQhPLOb14q6s/w0CoeP7dMBBPVIoF0bCxuGkxQaztRzX94kSO8nIHEKDWGJrXmdwfEqr6BT6Di3hpTuk5B0oCWLFHZGdUnFUBMGyhIZ1UV70OiNbFPDL75WbHaXchq/kmaWlxozMXUHkb+EMV+Btetwtd5WjZzwzYMT4W6re8HqkcgooAqspKiDmKFvAQME/4yrujfxJMEBbBL4A7rWGpMAYyg9qkWJIcmnVaNwaBWap+UqrNbztGmHmHZ7A9U3oMlXA5ZXL5FZHQVWpHcyatVm55UcS7rh4Qzj+TCoBWqdTz2jVEYjc7Tzsieyf7uHsfdZmCbjQGJUoU27ZCTpPArW0HYYhuWxLWHOO1VwStbJL45PMMrvYTA3byu4kp3avXeOthL0XOsx8VSAy10Z1pivCCQTtMVXDte9VnVQx3VZUph5pvvHsErdX6TEfDcUkKxwYmr/1IIxJ8+Z/fAKueceRluSlUEIsgvcL+MArRliqsN27lROmK5IXVgOQsP+SqCbx01vGW2dHzPKdJo7x1Ypt6E8dSuSJc7+9MWPWxKpUlDHcYm/5dQl9yyFvWtPqZysQVsnlXSrPB0lL5YDH4E6ORWhLWtnMgXaGrznDk5t+JrOW1Xvq0z8pbkgfGWSJrqxRl9E1dZXV6ezppq8vyVEJPNygrgu2NMtww4rgh4PX2txgRefkUgZCFQcoNf5lt9NBjIZIA7RQWBpWYGZKBqNGgf0fa3nVy+XbZnMVkS5y3ll47sOnlUTbZBCO5b9/V5rN1WnDBW5YoqU5C1Bm0JRa/QXXhOMJbKnsXLxgM+XSCucg//l8uh4EIoG+/w15irz5AZLezT39RVCUPvcbaKB2iixyuIuc2FRDcO5VTvYwHDaO6ks8vBDhsERe3Mkk+I0Y0XF2uqus5TqlbaQuaHTfecr7CvfBtodwCbVglAiVqylBfbAz/TqWdPUSN0lnC9ryGA/MQuTd8/OiyZe4ls6WrnZYrRZCklA8CGqfU+Pd+2KLjjU3KoCwGAQgqNOrzYCqdE6NVrLJCPrynMmxSX2DAzquJisg4Vth/vJooLhzNZ5wUTC7B/C3CckbeecSQlyWUtkE81ChbN7oF2JSC7dkituAoOO9oaOiqUc9TCnxYN/3/biY1E5FS4cmJPExN/eI7YaW57G7SBYaK2SuMDXXqrdc5c18YGBKt3aRqlZ2Mr+9P+CUVplm0R2pgVtgwygfuPCiDMANTbaomxjg5PFx8m9DM3UkX38EjR/1Lr1CspHwIjELM20gys1+20TsLdYGEnVoE1I+oRB8e85xYfx5QtNSC+ZiJ8xfItLW6RBZ3Y5fPzkLx+6hyEQ5SZKt2y/omDlnmgPmGv8sa7eqkR0ReF/R0yLaPdHR8lz7fGQuu/xFg4r4H7YpCB2JYJ/c1P4eKdw1TY+CtKGlC2Xj0wtnyiSIjtdXNWXKfXcuLtir70Xh3GbPCiMnC3wS8wOOjlJ/ev/X9dVjkHinf2XMus2Li8nIToaZeQJYMjCmB/OuCxumxwedXopOOOvgFXQ1qdhiDt72ZaDbdVsx0NKQBl6ApGp0LCTkxHmgAIb5opG/j14ZprtCeD4GhQsEBIfCdpsAeYYGeOU4VyeFq36OPjCh+JsyvEcFH38S1VNE805wSZQN4MaBMqdEzcpmtNTPj0qAZXZQXuLLUkxuwgrN5Nf0zQNfRgJzZQNLcoocl5szzH9fi
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a6f-3a5c-47a3-82ce-4305950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:43.000Z",
"modified": "2016-03-10T06:55:43.000Z",
"description": "Locky",
"pattern": "[file:name = '69.exe' AND file:hashes.SHA1 = '4716856ccfaf9d6da5c5ef7fd92c815750660108']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a70-ce24-46e7-a898-41cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:44.000Z",
"modified": "2016-03-10T06:55:44.000Z",
"description": "Locky",
"pattern": "[file:name = '69.exe' AND file:hashes.SHA256 = 'b38d6261a2031977d74e18dd8347328fed9fa352757ef3a77717049b84353556']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a71-7fec-487e-945e-414c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:45.000Z",
"modified": "2016-03-10T06:55:45.000Z",
"description": "Locky",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAPc2akhVTZCfcWcCAP9nAgAgABwAZGM0MmUxNzQ2MTBiMGUwMzM0YWM4OTc2MTcyNWFkNjhVVAkAA3Ea4VZxGuFWdXgLAAEEIQAAAAQhAAAAYERtKb80oxUEGU96oHmOIDNchqbyp+WqyALDQgvcs8fc59fbKvfPXMAqhuseKbgWpZt67dC7LJ0yf9jueNnVFvLfqsREcf46RHhzlW6uErKVBIycRUejEn4UPmjO8SrhDbjnEdPlK8PKLaXqtjXG1S6RLiDPPRKOsADT5vfUhTj/A8rcMX824bhSEX71ONRtqsGSNwn9x2z45mDTw238iBIuYfQrZHymV6v7qQjg9USES34CpkAwv+Dr6pGiPMpYQhdEvi1mz8Igvp4Vltp1wiX8nSphQkBVrB4OZeFdPx+UA+iA0/w72fa8MS4OJRNmazcANEfa4RLm+GKnwGHp5GqXDSYmTIt/uY6BXcgzwfPIx7VRhxHsDbBiAeC9BNUgh7ssB7zvmZdIeyY1WLmPnaYDn85rWpSrpujklOlBhjt5ke/In+N8IpjKc7LQDBYCIXYGf1FkBgbshMHyu3Siu5jTfpEeDUu8JnimR0pabGLJrhjD3pPkNRO+LYKt9uHOIdU4CnzjsCpMKpPqDrKNE9SFl/nLoDqylx6GD+1PPFKfIBjwKIbJeFFE9QS8l2SakYBQ+MXb4y9DdkT9xaDgtg0YJEAC4VpSgHd7MWaUGOnxb2E6QG3R//K6fI5tZdxpD+3e8WTvkKyyP/Et3nIzDdLuY5Tf2PWaOxJpxE3uQLA7ldxq/vRm2lTeGQnOzXxrQ9Kr58KrjCYziDe1Y/HWJvHG3uPPhpc7FlRqDrlTXHkVefrBYBtLpGAIc1/KDnj3/PpACi36RrpsRhPPQfnWxSx6v33Zx1LOwLnmabfl88j+H+d5yo/Biflc185gLpKLObpU8F8JyFN/Q9VILR77cyQJKhlFhiKhh8JR3qsv0SP6P8wiV2Qc4EQnFXXg972FjA44dTZAwkrO689J3EK1ybK8CcRo+gM8Zr23SvSOTsi3fviQFlhv+crpeoAHwGuXb7ExRp4KEZ5G0+Sdvd79SHS63J1WBUUQtefMCWlIpJXdOUelhe6bYNYNrn1Kwkw9KN1sZbVGQGMirmk/syi9Plv7bPJFj0XNfcOsxRSqcic9ygXK76nXNSwCRVOTz58z/dJIZrfVM7EzuOn4Is1b1K1jvjA9CRXfsc8FRx2y33uPhURWXRHCpktSJ92ArnqqUvw9GpPR5oeHUv5EidkDhQ56pr357nEDTyYp4YA1Ijf9Uno1FbSoapCbEf6Jfr52vDDG205Bt06u5Lr0jmrjkmZxqogB1ia8MvbX0GfFebtHFD3tHQvbZyDre+aGOgXEfh8a8j+yTTxbsLewz3LFE2AHeDbc7oT9lGWfNVKZSGYVwdkIlmO6PaIP7/JGuRvuMq6wtsYQcmhB7rQRNK2YNyqRl0bF5qnOGgDlawcNrp/qmSARefaMhsvamDG+XhLWG776warY1zm9Itl9Cr3HQeXDjhGTJPJ3eSego6bKExwVSdds1Xtu3gKjjamkNjHA0Lw8pBxTBdoSOY/irESezDTt1BohRVZvkcb60dkaUTsvLZEgcgP9o/Z7roXOOmOgEW+/U6T1jMX6HmsiNwOQYTRYyYTcrHNgVECs0ZSdpjxfltWZ/QogDzHtDlwCzUbeWh1qmIigZLAf32C0eTYUwWwHVjJD2D+fsbPZPMP3AcLeP6+FPndkZbY7dWQ58kaOq+/xrsKmHSvgxOxlfmUzoZRns+YOf//g5UakMvezTHJh17dzgj2fCgHirrcv/ntkICBTd0rPu4WhLJextGCWcG+7T2a/o6EK3Dp+VlVjDxOaUxOKW/4DI27SMs38CEI4TyFDFQVnz1Yx/YOETwt0V//6iVVZY+zwb8nMBDtDab+jzEc7Xzb1LaAI0i7+tRfVsgmimdzuBUTlwFdQ0lE4UDYrO5XRxZrj7K+4XjYFFx0OQNGjLvfpcR4/6MicTgykBUFgaFI3wLOLnaF7zP0xOHJukpoXpM1i0HpMXtWvBHVwvAa2BIdXi2ZH804rTEbTIbl/Woapxh1f/JOuzOXSxg/KiWZmmP9YZBqxLRLy1PxBMIYmhHOS/Zk57u9N34bVcZi92OkyPkmixVJx4huBtobWQnWl/LE9wU8IXK7XBshEA1F9vOFAyYqNGMLAztc1z9d7e9HUnXt8OMqkbR4BR0vNg+n+ARnIImQvHL84+ONwsMriatovUmRFHOZI+VKPxXWN9JRQV5Ji7WNnRcG4Xbw6qv9Q5btBmervPQGgTjQNAqGKWLjeNNC4NHzWaPOSwCVwTx1t5GOWs0HL+23x1ksufVe0zbc6pIX9NhPimzdFIF2KXFASAag9bZJsQ196ifieU85XWoxUDQQsR9t3HocB9uoOhr7n3ZJckGL4fS23xncJfMXoKp5xSGPz85RL+mFZ9+6Y+CocQQ8gDMKmywlDFPxl60XWeD9CYMouRHiWSnQT1lpPi+AeHk2o+95b+l+mGTjX1YsDjw8kIKxtE0tBP5VIDWGvXjmQK5fAI9ceYd4AC4YfIIDOyLbcb+1pOOsqgA9Ibuox5PFECOc1OOB09QE1mwlMkRbvgFEjh1Ae/wSqZo1iD1MmdeRWKJWP67oRBJ4Ze4ydoxeLQjXxYy+T3zUTAP6xLXM2BZRTINA/bgh7Hy0gvMo92p9oW9RvfShIWgcBqXlpnZUY9OwrnMLjB9AlQoToPTCu+RlQn261fEHfJTh1XqvwveQmpU4+FLhE4oKw1i5PKLmEJOMHuwdCRMSv6+73fnajuRpwWJptUCvY1dS4awCPTFquqNe8bUTV33006MU4CUve769lrvhCDM1F2U8JFrhGHmYfUjTro5HxMoQNJzv7+fa2/V4BIWN0Ok1CFJntHXn1T5l0ZiR8ljPSWmjovf8MX/Hd78WfkQTLYLWokg+kEU7Vn/CUgYtFNN9xUr0Gr9SoBIh5m4aKUsyUw2CUv7M6hjW7Za5kFRP4NDKX8vBVPzgNGDKjdzXHaNiU34k0vDURP8ATA3WFsQnDw5iX6sp8j207dDmOPk2runBPaUsZ+Pj6gw0bOLw+0freKEM1z1u/Juut+Xa9MPt1T9Q6x1PyyssGRL+tHdhW1OG5aDnQddpaF81/iQGWzrPT3y1pfzwsaIaZH5EmNUwNFHYb+HUcxmB114DPJhSyIyTn0Zek8FOch5AC62dVCVfstWxfBOEL7DmQP3ULHGFDXFz/mbp4kU61JEVXNREaq+Q8/r1PzWH9diK7RqNNjZ9FKbYu4zQ4VL+AjuQDgspAJHWyK+rSitFjSsE27Fz2rhLZpBKw3W/PA1GzfJdgxGqkXRjJPxDLODxX+5v6fj1Jma5WFgbvsoV16R60XjjhCPeK7T5+KSVVLhXsXd1fqv7T/xxbSf6WaN99sjIlSSjW2P3zkOs8v+9L7WdfF31kkVIcDQGs0gA42UfXk+9wuBvk/fZYSxgrJk6hQO3dKmZnuRY3g+mG4N26ZHRexHkEsz3UNT46wQnit02AKzxJNPkJbK9y5b7FP8djk29C/3Ra0LKi+WQcLGvGaEu3NLZZGCTyrqrr8aHfx64bZIei5HkOJ9JXRI+fT1XWfjtmviRenJdoFK9Hd5CoPtG9SmUI4u6OAMy8mUrVd45/1nuR4GAbpvI30ggWSBxMN0BBqmdQXqt4eeCQS6O9+6Rmhm0XgEa/v526wszClbycQDHcsYgHLyG5+WcK8crtXV760KQ0OskCwTgcrZm7iOIDb4HZcI/ZvGf184NhaxxYkpzJb+FwaLIHgFmyjT6dTyN7DHeNn8fY9EFl50aR7DrKfIS3DRHdk9KbyrKsUPLWEdxgDUbAzPKxbdu5bJ0fCS6BUnQbdBIwPsOHtDLNj/UW/QEXDEg/rntSsWR2BT5pB5KFbEbKb0FDY4/VyVgjNQTEXclqM16wLTj4mkln5EyRLNKtzI1t3Yj8oZuTHfi0Ovpt0+4VW8Mp/C
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a72-b760-4f12-88ac-4a53950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:46.000Z",
"modified": "2016-03-10T06:55:46.000Z",
"description": "Locky",
"pattern": "[file:name = '69.exe.gz' AND file:hashes.SHA1 = '310df2a0e574db6511b35a165d71c4d78c050c02']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11a72-8464-4817-b455-401e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T06:55:46.000Z",
"modified": "2016-03-10T06:55:46.000Z",
"description": "Locky",
"pattern": "[file:name = '69.exe.gz' AND file:hashes.SHA256 = '9b09a502597a71b493d88663f45cf66f73760e005ebde1138b6f0c80ae7aa070']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T06:55:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e11eb8-47c8-440d-9578-40ce02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T07:14:00.000Z",
"modified": "2016-03-10T07:14:00.000Z",
"first_observed": "2016-03-10T07:14:00Z",
"last_observed": "2016-03-10T07:14:00Z",
"number_observed": 1,
"object_refs": [
"url--56e11eb8-47c8-440d-9578-40ce02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e11eb8-47c8-440d-9578-40ce02de0b81",
"value": "https://www.virustotal.com/file/b38d6261a2031977d74e18dd8347328fed9fa352757ef3a77717049b84353556/analysis/1457563464/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e11eb9-99c0-4a86-8381-4c8802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T07:14:01.000Z",
"modified": "2016-03-10T07:14:01.000Z",
"first_observed": "2016-03-10T07:14:01Z",
"last_observed": "2016-03-10T07:14:01Z",
"number_observed": 1,
"object_refs": [
"url--56e11eb9-99c0-4a86-8381-4c8802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e11eb9-99c0-4a86-8381-4c8802de0b81",
"value": "https://www.virustotal.com/file/94212563ebd10f4fbd52f203dd45c939e9ef097b96d0a7ec8d9952e8369b7e75/analysis/1457583610/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e11eb9-8f0c-49f2-b65a-40d002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T07:14:01.000Z",
"modified": "2016-03-10T07:14:01.000Z",
"first_observed": "2016-03-10T07:14:01Z",
"last_observed": "2016-03-10T07:14:01Z",
"number_observed": 1,
"object_refs": [
"url--56e11eb9-8f0c-49f2-b65a-40d002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e11eb9-8f0c-49f2-b65a-40d002de0b81",
"value": "https://www.virustotal.com/file/a1241150c5b9e095d0cd37a51a4eeb511b2087e036ea02d75f045659f0f8286b/analysis/1457550696/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e11eb9-af70-44ed-9572-431f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T07:14:01.000Z",
"modified": "2016-03-10T07:14:01.000Z",
"first_observed": "2016-03-10T07:14:01Z",
"last_observed": "2016-03-10T07:14:01Z",
"number_observed": 1,
"object_refs": [
"url--56e11eb9-af70-44ed-9572-431f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e11eb9-af70-44ed-9572-431f02de0b81",
"value": "https://www.virustotal.com/file/d536fb9620493a6fee54863306b744cbaf2bb7c3301d2042406b3a6383b23a57/analysis/1457590458/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e11eb9-7018-4708-a936-409002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T07:14:01.000Z",
"modified": "2016-03-10T07:14:01.000Z",
"first_observed": "2016-03-10T07:14:01Z",
"last_observed": "2016-03-10T07:14:01Z",
"number_observed": 1,
"object_refs": [
"url--56e11eb9-7018-4708-a936-409002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e11eb9-7018-4708-a936-409002de0b81",
"value": "https://www.virustotal.com/file/00b1fa0bf426c6abe13e8334b1d92e9deb284c4aa19117b4dd988ef61c924ce7/analysis/1457583013/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e11eba-d16c-4cda-b5e6-465502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T07:14:02.000Z",
"modified": "2016-03-10T07:14:02.000Z",
"first_observed": "2016-03-10T07:14:02Z",
"last_observed": "2016-03-10T07:14:02Z",
"number_observed": 1,
"object_refs": [
"url--56e11eba-d16c-4cda-b5e6-465502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e11eba-d16c-4cda-b5e6-465502de0b81",
"value": "https://www.virustotal.com/file/90e4468b681b4dfcac724aa46904e8fdadbf8cd238b88d9e2769c1f2024d078d/analysis/1457582706/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e11eba-260c-43c2-874d-4aa802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T07:14:02.000Z",
"modified": "2016-03-10T07:14:02.000Z",
"first_observed": "2016-03-10T07:14:02Z",
"last_observed": "2016-03-10T07:14:02Z",
"number_observed": 1,
"object_refs": [
"url--56e11eba-260c-43c2-874d-4aa802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e11eba-260c-43c2-874d-4aa802de0b81",
"value": "https://www.virustotal.com/file/1af82c782877d943a137a3d7de610cb2cfc8871879de4912d6b5cc3c6cb0acea/analysis/1457576714/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e11eba-bf28-458b-8580-4f6a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T07:14:02.000Z",
"modified": "2016-03-10T07:14:02.000Z",
"first_observed": "2016-03-10T07:14:02Z",
"last_observed": "2016-03-10T07:14:02Z",
"number_observed": 1,
"object_refs": [
"url--56e11eba-bf28-458b-8580-4f6a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e11eba-bf28-458b-8580-4f6a02de0b81",
"value": "https://www.virustotal.com/file/cc34e2ed0fc564dbabadddaa5c7f953f7187a6d5a8aaa8ae92edd9d11baf3de1/analysis/1457588612/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11c5e-76bc-41ba-8290-48ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T07:03:58.000Z",
"modified": "2016-03-10T07:03:58.000Z",
"description": "Automatically added (via 98yhb764d.exe|3ab801425b1bf8eae78c0b4fe0751d92aef8014e)",
"pattern": "[file:name = '98yhb764d.exe' AND file:hashes.MD5 = 'e7bd868fcbf16e13756f547f016a62fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T07:03:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11c61-5c48-448c-88ef-436b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T07:04:01.000Z",
"modified": "2016-03-10T07:04:01.000Z",
"description": "Automatically added (via 765uy453gt5|bd2846e87e4012ea72a508300de8ec3c68778fea)",
"pattern": "[file:name = '765uy453gt5' AND file:hashes.MD5 = '6d42c5aa20117483b47b6e9c10444626']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T07:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e11c64-fc48-44b3-9302-4f7e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-10T07:04:04.000Z",
"modified": "2016-03-10T07:04:04.000Z",
"description": "Automatically added (via 69.exe|4716856ccfaf9d6da5c5ef7fd92c815750660108)",
"pattern": "[file:name = '69.exe' AND file:hashes.MD5 = '3eb979e16b4c0a18ef1f329370493880']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-10T07:04:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink