misp-circl-feed/feeds/circl/stix-2.1/5703b3c1-e6a4-421a-a394-440f950d210f.json

1339 lines
573 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5703b3c1-e6a4-421a-a394-440f950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:07:32.000Z",
"modified": "2016-04-05T13:07:32.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5703b3c1-e6a4-421a-a394-440f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:07:32.000Z",
"modified": "2016-04-05T13:07:32.000Z",
"name": "Malspam (2016-04-05) - TeslaCrypt",
"published": "2016-04-05T13:16:58Z",
"object_refs": [
"indicator--5703b48c-d0d8-40fd-8324-443c950d210f",
"indicator--5703b48c-45a8-4a4c-9517-4774950d210f",
"indicator--5703b48c-fc28-4d1d-a153-4f61950d210f",
"indicator--5703b48d-b7c0-4d1a-ba6e-47b1950d210f",
"indicator--5703b48d-4a00-4e7f-95b1-48b9950d210f",
"indicator--5703b48d-d6c8-427c-9a53-4c74950d210f",
"indicator--5703b48e-df00-4369-9fb2-4386950d210f",
"indicator--5703b48e-27c8-4a62-8795-45e3950d210f",
"indicator--5703b48e-9350-4c41-a4fe-4ec7950d210f",
"indicator--5703b48f-6f88-4e33-a873-484e950d210f",
"indicator--5703b48f-4cc8-4504-9445-4457950d210f",
"indicator--5703b48f-dc30-4b00-8fd5-4c03950d210f",
"indicator--5703b490-1da0-40a4-ac67-4c2f950d210f",
"indicator--5703b490-4a88-4404-9b9c-4323950d210f",
"indicator--5703b490-36ec-40c7-8afd-437d950d210f",
"indicator--5703b491-f808-441f-9877-432b950d210f",
"indicator--5703b4cb-2be8-45ca-a24d-4d2f950d210f",
"indicator--5703b4cb-1b78-463a-aaeb-4e2f950d210f",
"indicator--5703b4cc-065c-492a-bda8-4bc8950d210f",
"indicator--5703b4cd-98d8-43f6-bb6a-4869950d210f",
"indicator--5703b4ce-4690-4716-aac6-491a950d210f",
"indicator--5703b4ce-2edc-41d9-b431-45c2950d210f",
"indicator--5703b4cf-b320-43c5-8af7-448e950d210f",
"indicator--5703b4d0-6ec0-4e22-8096-4f48950d210f",
"indicator--5703b4d0-5a18-4d8c-a0ad-48c4950d210f",
"indicator--5703b4d1-37d0-4048-ae32-4880950d210f",
"indicator--5703b4d1-1d98-4e42-b510-478f950d210f",
"indicator--5703b4d2-5528-4d4b-922a-488e950d210f",
"indicator--5703b646-d990-41eb-a222-164a950d210f",
"indicator--5703b647-9374-4d1b-8300-164a950d210f",
"indicator--5703b647-f93c-4d8b-8cf4-164a950d210f",
"indicator--5703b647-0b00-4380-b508-164a950d210f",
"indicator--5703b648-09c4-46e5-9e22-164a950d210f",
"indicator--5703b648-ab68-42f5-997d-164a950d210f",
"indicator--5703b80d-9bbc-478f-9ea5-4890950d210f",
"indicator--5703b80d-b084-41b0-9cc3-4fb2950d210f",
"indicator--5703b80d-40d4-469b-9212-4b5c950d210f",
"indicator--5703b80e-cbf4-4967-9e9b-4a90950d210f",
"indicator--5703b80e-c104-4ed3-8fb3-4d10950d210f",
"indicator--5703b80e-829c-45ad-bcc6-42d0950d210f",
"indicator--5703b80f-6594-459b-9d2b-4e11950d210f",
"indicator--5703b80f-01b0-4f8c-ba16-4481950d210f",
"indicator--5703b80f-9d38-4773-b3f0-478a950d210f",
"indicator--5703b810-8bd0-4f56-b4b8-4654950d210f",
"indicator--5703b810-3e44-448e-9aee-458b950d210f",
"indicator--5703b810-f420-4584-8660-42dd950d210f",
"indicator--5703b811-f3c4-44c9-9989-417a950d210f",
"observed-data--5703b894-f000-4d47-9773-480702de0b81",
"url--5703b894-f000-4d47-9773-480702de0b81",
"observed-data--5703b894-22b8-407c-abdb-4db202de0b81",
"url--5703b894-22b8-407c-abdb-4db202de0b81",
"observed-data--5703b895-5f9c-4a7b-967f-496902de0b81",
"url--5703b895-5f9c-4a7b-967f-496902de0b81",
"observed-data--5703b895-c1fc-45ff-8a65-46ec02de0b81",
"url--5703b895-c1fc-45ff-8a65-46ec02de0b81",
"indicator--5703ba4f-ce3c-4b89-bfdd-49ad950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\"",
"malware_classification:malware-category=\"Ransomware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b48c-d0d8-40fd-8324-443c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:20.000Z",
"modified": "2016-04-05T12:50:20.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://marvellrulesqq.com/70.exe?1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b48c-45a8-4a4c-9517-4774950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:20.000Z",
"modified": "2016-04-05T12:50:20.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://marvellrulescc.asia/70.exe?1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b48c-fc28-4d1d-a153-4f61950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:20.000Z",
"modified": "2016-04-05T12:50:20.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'marvellrulesqq.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b48d-b7c0-4d1a-ba6e-47b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:21.000Z",
"modified": "2016-04-05T12:50:21.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'marvellrulescc.asia']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b48d-4a00-4e7f-95b1-48b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:21.000Z",
"modified": "2016-04-05T12:50:21.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.58.191.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b48d-d6c8-427c-9a53-4c74950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:21.000Z",
"modified": "2016-04-05T12:50:21.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.25.109.92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b48e-df00-4369-9fb2-4386950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:22.000Z",
"modified": "2016-04-05T12:50:22.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.135.116.226']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b48e-27c8-4a62-8795-45e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:22.000Z",
"modified": "2016-04-05T12:50:22.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.14.19.104']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b48e-9350-4c41-a4fe-4ec7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:22.000Z",
"modified": "2016-04-05T12:50:22.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.66.218.139']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b48f-6f88-4e33-a873-484e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:23.000Z",
"modified": "2016-04-05T12:50:23.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.36.174.59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b48f-4cc8-4504-9445-4457950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:23.000Z",
"modified": "2016-04-05T12:50:23.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.241.249.226']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b48f-dc30-4b00-8fd5-4c03950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:23.000Z",
"modified": "2016-04-05T12:50:23.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.197.19.167']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b490-1da0-40a4-ac67-4c2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:24.000Z",
"modified": "2016-04-05T12:50:24.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.254.59.207']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b490-4a88-4404-9b9c-4323950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:24.000Z",
"modified": "2016-04-05T12:50:24.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.107.174.29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b490-36ec-40c7-8afd-437d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:24.000Z",
"modified": "2016-04-05T12:50:24.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.212.162.6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b491-f808-441f-9877-432b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:50:25.000Z",
"modified": "2016-04-05T12:50:25.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.118.142.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:50:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b4cb-2be8-45ca-a24d-4d2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:53:51.000Z",
"modified": "2016-04-05T12:53:51.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAGxmhUiVBW/BUfkCAABABAAgABwANmI3YmE4YWIwMzBkNmI0YTQ3MDBlOGM3YjliM2E0MGJVVAkAA8u0A1fLtANXdXgLAAEEIQAAAAQhAAAA0dBIQnRW2id7x7mYKdwEyVH9HFtLixpA2aJvRBSLyGmeUsrndCIXyAoIquhfk0XbR2A4h3fCZheJJ6jJhiH21g8g4duNS88TtbMlfEPf0sd13BYSZen5wMmnI/U/Pm1KrKNM/8j5fQBKJOHwTztJhtBArdsywE8bLFuIbnAoa8xgawUvLf+c6nvhJHENKirWydbVsuLu/ZjsHFHvafd4SIvYK+CQ0zQb3mKmJ8EpuSfV1huj+z5Uakg61zvL82SVl3zW54uSbexQlLZaZr5BWrRxSpZHOtqQJmKIHjoYfbhh3aK6UQCM1AD5wAUX65E56SfsE0jPhnZn0unayrOA4nQe/NRu0LzO9u9x+JOjivwYQWIz99iNMP2bGst39C65D8Aamec8dcvDw7a1U8TYaSLilqMOVyPw6s3d731Jpkxqcm4V0Y9OsincEMIdoxpDGglZkjjJiD+OJXWODr19qV7nzLlbTPgWTQ2j/9vVr8Ho6JCqdpvpTODeZTbTC2bt5/QZqG9ulSbz3BMYtxTBUHG/7bkHFWDvoEvzLeX1EgJBF+qXaMUrqWxP4nKog05D6G3fYZ3H3ztHfwgTKjY1P0HY8C81mMNMB8XdgdEUgtuUhYtyBxS2MElThnSGKRSMCnsfHPf0PQmB8LPzDO4AC5tJEkV047aF6+PpN1FfETbPGwGPpRx5icUSJJyhJOJUPaoyTgewTor8TEaVW2XhsuilRcwDv8+BkaA7US0pIiMx2zO2rv6itV63MBsqWIhMAJrP3wsDiqpTYPHZz8hajYTHcaqf6Pds5Z8dv3yTFAu9X/WPkSXz6EnshbiBo4e0uS3UU0i2JAM49oXptCMUVU06noPZbjQQCbE3i82IPB6k2yhP81HYxRk8XW/IQStLuWBQnRgE5lv0EyLfSli+8pkv8/Q7cZAMub9sAs7JdlWyNrtWCouNUFN+yvBrfXpgHszw1uvDmCj1jL1bLvphSM1AAn8j6obv3557WDQdViPSJv2l1vhLmmOs0zYPV/f/0Yp0grdoKTW2zIVq58GB9JAA/7ZJlTzvRouDIoStPIFTt4E/iCbcjT17tF2PIvmNYuBStu8RWGk4qzIWFW427CZ0+2IVdE0Wn5Q9tPGiAXhhlgr94ISXqOb0ip3EbsnBqXxOUma74LeCq8gi192cQ3kYUj1DSQL2j5C/Fx32iyMAB9A+lA/gus8asfi6U25Q111pGO2gc1IwwRna3YwntOR8BRVIQVCcmK6VPmACzIT1cEf1a4PUbFMIrMRCLnA9MNBIRzaaQMgNQsIa0isO2ZBB+nyy4QIyoMTb7J032sYoCGtWGhNmGcVU0+G7Mwb5nS6FIGQb/CwwK3EDl3eyQ2I4zwYSak67VxipEQgt96U7IKI5uDp3Jb/vsnQ2uKAzgxINH20GKNwjJjiKYChjvmw3jhHfCiSmi6bF/2EhnK2rp+jnn1OC5ZXKK0C8W6LnaWsdgtLCbt9H2Duecxq7hEx2OProtK/9RFrstHbQ4WmFKrrIAsUUNVzg5L+kcDPmffGL0gbmhGVgRNpExmUQTNOU5GTDgLLtl4Y50ZVNSsGXgGaRGlJFasKh4/u3j/pcHe37SAZ8+qOfzzB8/hZGxgdGAqtvM8+HYKf67jZD3Wq0T4O83FFkThf5vB7kjcwp4TslLIxSK3U0q232rqi4vs8hGm3a9uLBYyAQtMfg/uKAuF+MYNmEM8pD0dcF69+iGHa2fs5WNR7fRlTxCk1FLBgEI6ZboxxWJrKNpwBRl7vNg6tQlZcEkgRkLpxmittM1IzkjyBCgy9Wk3OFgnOJhfXme/esmV8YNtF5RUJ2XSYCo/A4oV7NUF5VrgMXQW2Dn9Qqz9EePuJoogP49eIbmvnFxYegYBMqeUQNyWXf2EfjZgSGIhgC+Z+3onDKZ/W3AzIP/WOFPtavC1BXg1LOwOcZ5MUjSLeg/tm3LdJDyrUpco+X2WLQEzPAJZEEhfv4bgjm3mYUCLh8ekLevkWmOo7Mvmwloy/UBEUq+RAzjJM/Y/5I0FVaWYGOI+h1SWDrwP4Q+29WNlXm6XmVozlA91At6fuhyHbkLI/UWuGfF0f/c16QFeQgdWNRIQhScoK8Zpvq9RtGPCXOzS660fVq9NbWLfGLezxJhCQiaEcwHf6ytGmmHcOzfxEth0ETuDIi1rKjYP6uY2zhWkUAmtRAe6zd+dhO72KHP+1Q0hgkfKii6SNHWCk/lj9DTnCQ4Kv7Hv7QkK7sjamoxPwJcHnw7czt1jVabz4jpZTZy2PR/zRRDRtXHes1q8s0eQhlJ2cweDyfFsBYBMyI1AHpmxYa5hPyydCKUxAjLTCZM0P4wmNb7BK7SCIiH+B2NfHFo+9s5fWbmXUQuNwBNveDPJBVpKekrAcx3LMvVOZ7VrtOtsyF4O+ciyW3PP8oHD6tomDTnL+8eFt9TTMmRXLOV210lt+pgovncxK8C93Ytb3p9F44jiEyKIgQdOrNfWXpWNdVZjfTAxyWro0X/BitzUvluYc1CfhWbglRXqC5fMsxQAxeyzJn7oYP7edHiPdgGDOBoBmmgPGPQBQI2WJ27FNgOiVwruLD9D5+zouAX36YVHTk+BImwY8kDcgSEYgWsS5hLz9kE72o9T8SQ2+riwvWPcKJ0L3DYHFnd+x2PEzCte3PNtatDbw4nPrJ7J4hs3Ar1IY9bBGL6WUrWQLIuDc+Rmwdw+p4/znG+1FB87W8YE03q0LjCCKC9I8Cj9qSPDHGkmqveXopqNbmZk/L/GJWU8d+xzMre5MN5vtXQKaMrZsPolS78Fd8rfNKocgZ1Bmi32BfwpaeHnPc1LakshUKSjv+QFiZDl82WXDWs9dAxcIV4IfEtb64GQf1pWDzEI+ukP8lm+Lsvh/b0SKxuq5kl3WNAqqK57s7c44vkZEraU92ox4Okn+UnHqs3tArxyNX3heeOLIrgyvoHFFsz+kTe7a/IkRn/dhg66D3ouQjf4/PkvdAjfpOX8Wu3IZdZNyuMsy7W+4l5dWMnVcKzXPQBvrNiJjgPDBPSYc6JxqTtw1euKAcVevvWZerhC4GUcu4+3vbbNRXYCbAnMfRuRqqU8XTqpWY8sE5mbBfNNLRaffJJpbDQ8ZfW72IoXHP4yl2iGx/R+EEhpHMWe8fGwnRpFsJl21cq9fvmiqwpXWCBfmqd1DzVZkdVPuv+YDH43rWqzW4ehJeJoEcX6YNBr8YDoF8dX60UAMRZ0AMtGSh8Bs1btWNSwnkbqi+bHYMQvcxggMyFwwISqQoowwoYCMnEY8Z9zsWbwNsEx5pAotNxbUSSCQdSnx8gJJpW33e/uBvyjp8O2FKYCtPgDpBhhg6nXl6W/il2XRmNBdVaR7O+qLWPBDaZ7QBprDYCQT236EF/cV5m+7HIHPwz/yyHb+NX+zoTmO/n1YSmLFNTHqtAqWzB8fMrlsKsoWlWJ+/a7cma0mZg6k2Z7Mj+vPxuRePSPkn+WhacZ8ObLTFIryDA3biZm6KQC7ZervKLct0bPH1LHxBtGBGPZ0Yvc1xto+KGnmQYCfF/LmvZKTjnVByjr4MwQgdNEC2JrPYfm53Z4D0us8/26Tey6RhngV8RoHWumCUGQcfQkfDLidb7fp7JzDLJdOyd9vM78EexsP6z0PqAaGm07TN8u9JSakYo3bsr3AUT4M8is6QX/5xp3jjNIdeijW62VWplt9rqagqqFHjV+S6SGviGmHAJi/dZBnIqDRQJUKPuW3JCu0PzT9S5pXmP25+Azwm0fAz2eLdjtwG0XcKAjJx8huflbB6+uIlF6MbMvppddfiIGMGXP5OMJGpzuGMooWIgPKN4qvgFvKRSyT+4BSqCdw+VEVhIzxrsw60xU0EYt9T1riT9WYvGP7h0PItSf/s+dKUEwqjOmJtWn6JpQp8riDqJi
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:53:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b4cb-1b78-463a-aaeb-4e2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:54:13.000Z",
"modified": "2016-04-05T12:54:13.000Z",
"pattern": "[file:name = '70.exe' AND file:hashes.SHA1 = 'feed220d6c57f318e56d367dce4625da7f6ae967']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:54:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b4cc-065c-492a-bda8-4bc8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:54:04.000Z",
"modified": "2016-04-05T12:54:04.000Z",
"pattern": "[file:name = '70.exe' AND file:hashes.SHA256 = '218e9bfb8a87783f8ac48e346933e651a457d03fd1b4c72bd4ee6f48c6ba7e6d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:54:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b4cd-98d8-43f6-bb6a-4869950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:51:25.000Z",
"modified": "2016-04-05T12:51:25.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAG1mhUhVWkHnY/kCAABABAAgABwAODk1MjM3N2EwNTEzYzI0Y2QyYTAwZTU5NDZkNDUxMDNVVAkAA820A1fNtANXdXgLAAEEIQAAAAQhAAAA0dBIQnRW2id7x7iwjMZKoLGEwIrsnPSiAgQOrJnbmkIlvLYLOCnz3ip9R2hP2nOxpwH0jfcUKVt/1Z5BsNBOF0LzB6tdftPdQudEzz+i2tRwkUwwm/h1PTRQ84xs2D/4yBU0wOpExKL1OlGOStjxXnwYJjvZByoRxL5q0HdSHLH1PvKgz6TV0MSDxIc2m7puw/xc+TwZMgQ7IX1fyEhYnu3yUDSnGQEBbDyEDzf7DScLv/6Mdo+o/llvImAnNSGAfkXtGs9oV4ewENO9OeD2jmYPuKhG48FZQnIm30eti5SP3PaDA56l8V+L3hs6852WGHzXmE20qXvSgVY/2PnoUIL3sg1pi8ilIiUG3wZ+V0HeYIrZ+U/6icqajNcv7LO4GpEG1o5Op6WT+S2cJ0Idpi0HSAYqbJqmx2ya/8hVoROyaJutvkDCqG3e7YcFHWWPnhJWQd9eUyoxUe/L9YFDbzOSCASYj6NGUSKYWC5def0rcNweFUo2yhil2ngALM76j/zFJoukrsHiFv0RUH1Dr/0FY19g04iS4qKmbskDsfYS+9E/zArHOlqLzxwWU0PvKc60jQM9urzoh0viUZjSg3FgJvKKVI6EILhsKpsndiel3n1S+kmo0d4bDNPN+m7Z6ypaZyjpZb1C/pttVBCl5W7dlqsee998jnW6xanXHYKZWN6HGwYlbvZWD9ZdLKDMGKWvwSwjpPqHWk2ScQtQWBxP0/RdTlJor7x3SyoP3DuqWbVjf/hD01aHCHzlc9Vehwc92GsKPYwGUheJOMkPsbum7IojfqNeLZWbCh9uxCqVaVDgq23Ijip374VLQujIOdliLHT+fZbEPo2WKmS5aOGV7S/c8oCaXHADJiQeC0E/lmmBuF/sJUPnvUhY0ujp8N46dgdk1YYnbWb0ej/Po1zh0lu7ULEI6J3D2EAfCQ34tujx+1VTzFoSHFdnMB23kVd9hMTBeS6+OIvQuDMfuYx7JWyxUZWdHeptwNaUqS8KMJlWAgn2JwANMqF6c2pNmPKYi3zoUwz14mIYhD8aMQfE2SkKM/w5uReCcjclkWgipYaRN9REeOFkowa84MY388abB6+esomFs9yFwxeDvTuN+LOV8pz00AQcVLEhFvWb96YibsLg8dz5AI+tCq1pzG0IKX24L6kAbpUsUQSLY+Lylxfl3sSJx7eMm5VGS4fCcvULRrPLoei/NxoIfLtq6bgmrFV4Rhq3y1Fk/nLusrSOi8dOzKkE12Ti7ZoNw4v5m0CRMSYYZAza8m4KQlKlZed2fPmIUSODKDIRXoKPE69Y1uO437bQFPjbTMmU8xZG7QFdUo4WuCbiSL7HyLbJkhzubVVFBK1SgCHQ0n2CWKSDdEncgFzfgcWnWxH7sL8EMFn1OdlOzKJyDUe8ImaeScFbVuIy7FQrZBkUSlrxo1tS5jS3jAqneNsT4oX5fZcrQJ944ROWtDDWBqHupguHxjvTyKXVZDfmL9VuJTXxOcQFNLTYsajz51jdnMVYpBxNC8Acg52GYZ+3Z81hdDoBRjV6On48OVexZyyr56axqd1nO4gGnF4CJC57Qk0RUppLe8P0qXkQ8TX1WgGC2c9HMtn/eTCLCRQlQu/R5kSinZpJB+ENQxL76S9nMt3RtNqkw+GA6FtgMTbSBUHFus/RPUMDOp5PtiUG1cvz8cZcQB0Aagk9yIfBwYll8Q7gz2YLNci/P65C8pcWEX3JIo1dCuyAmRDj7ddtL4pR02wUzE/6Jov9DldWocWDfRqZw6bE0e2V6O/QyknAOF7VQAliUOEzymH+w5vO1yjlPq27pjsmvdd6PDZXYiHdlXAapY0g3QFQ6vK4Rl9v+xqBvmTYKQq6Kn5DQt5amiSWukUDYPrbRYgcr8Acy08GY2SVtZKF2Nbv+rPNC7acPPa8btKTorzdRTl8kh85BLFHvLUZjx5xnlteuRb2i5OT2Oaz9hrEVpL6SwvJqxfQOnUdmv5ovqjZ18rR7/EV/1RD62oD+R+eW6/NL2QGza23GfhhR0/rQAg/rgVDUPcY2qiwRWp+7ZHjNegP5DaQum6naVB3PV6v0TEECw6XiWft5K/CB3sP/jW7LvgXHdK8l3CTcvsnetEMxzOhCwzyZ8cJaA3cMUOCxBeqKTCVCDF2/lQxxHpgjAQWpjA3UZ2C0lPsQPD9CLHxv1zamxF9NLUJ/OPAwAUWrYsl2KR96WEIrWVO+LAHt7/IBb10TDYx0aygZ/G3VQyjkdwUruQOytZJP+7vgvkxYS0cl1OTZkVDMQDMUMblLAD5v61gssBH5er3x0TTFRpijORV7CpO3mP58tsAomGhoAxfIqE1XZI15re+jUZ5H5EGxhjDnlfXP9OubCT4OClP4bT3WV5d7baXZ+vwqKHr9qVo0bEcYEm8w4pYY6YzUFs2w/+QS6hDdgW9JHKd81Z88elGxsdtEYvb26PIPi6ivd8CsrtyOwF+PIfp2WD4v5n/qYptysalyAWdjrTi5MG3D6cnCqGJXxg+/sr7WlHeQpyewEKjGJt5OLwkEd76sv8nR4asO3/F0oZP/uCJYQahyX05m0onWAaoyNqc2RXgGhrr5CWCZusvTuw7Vv+OhBay+9jguqGZ425llHkLpd8J+lGq6Bn7wlHtDxmkPibUa9KbwguskRTQOrl/fX8fLDUthOOf/iwvLcO05vLnu0cuQE6rF/SXd0OdkzN30IA/MFlfYVe1Jw9IYx3e4kO4aes/vOGu2lMWn7u2rqu3iJdxy/2kKrt7nSTiiSvr5/Qp46S9SYJlrhDgGS85Ac8M+ndqm2chClOCNM7+Uf5UTcRfSrwhyQRmJql+rVarBhCCqyLchgM+uHO0XBZfmutrK2SNFT2Qjwrmdjc1dS/NcoBhv5DU9tHSsH23EHAuKDvM+5Rkyllq7CNzSX48h06QV8XQi+ZxcMcmZgd3MCr5mipeTuNl8VaXa6Q/qxnkRF71iSOwOSAx1gsQQEHNttS1CbtU0RlttrxkGEHZevA3D4uACesjNqfvqun7G5cF44pKTUkOThGxmBQlqphv5K3rOF3edYpbkv0RQZuH7Mc/5YKyVAjNqI2Kx8cJw9RCk1NwDxIZ8hATkp83FLMWHO7iI9uoro8QWsbolshlvoksEwWrl1e280+9mPftajycLSZZSY8uQWw53g6/Cg9SL2L4HQiRsz6xw7FK34LIep1Ik13x4/PzGfkVOiPuA3IKH6e9I8J1E0Rmxyf6SCoEe4zThQq20mkqd96ACtbQsdXSY2E6SYnSIs53tzDKhMyAqkbe9iYE75iCti0ZLj9q3dCTiMQJ9LXgHkId1/J8/2FCzbKGowYLs+eEWMtw5aqhyaN/87tRQ+JoLchtCLGTt5ZeuSa7ExHsPLv4BVOqrCWubEGVm7w6NURjum/W5u2XuGfmf31R5A2xO2+PfdmVLihFnGrxNH62Vy85CSzZG4oZJK2gEgQpqO0KQNxyBPtGaabpSXG67zIrSVq0TkYVPRCBVDm5JP42rwLxuGtnJn10kmLK+WtwJLwtSC0UaS+la5QpUMMevLbMgr2vvW75mSdUNcJkyoZt7BFy0/VkKOnPe+SzhBN9kDVdbAI6R+huXjKIFzofsU0sOPDWa8cqu1RVuvvUQrzcGjKhtBQfC5SWKHLwczJmnK+dqU4O0rDMva+hONJJ5pkQ2aiCokpoj8FRhyxMul/PZ+S2juYrvkhxXoeJ11zWXIfbw4tA9D2htK+oLNOKuFhq7+SBa6H5MVXU8O4ivHkUOXv8L7cBBvWCeHAT5Ksb5h4Bfc54OORYiFl7kNTjytIxWJxZ5sg9ETewdhzqbYSuKqpZ3EQzr+HfMaWZDRLfmN7+TFFS7bOx+QtsmnQYLYg06ziXQuXOk/u/aOGkYqMEyuaktInqbpIANjxoDwYua3+OPq
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:51:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b4ce-4690-4716-aac6-491a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:51:26.000Z",
"modified": "2016-04-05T12:51:26.000Z",
"pattern": "[file:name = '70.exe' AND file:hashes.SHA1 = '1d9453cf990eb07ce9fd216cd80a565247444510']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:51:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b4ce-2edc-41d9-b431-45c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:51:26.000Z",
"modified": "2016-04-05T12:51:26.000Z",
"pattern": "[file:name = '70.exe' AND file:hashes.SHA256 = 'ff5926f47c07542be71d4c425273c57292b4905c36edd76a193b5fd4c1af3ca5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:51:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b4cf-b320-43c5-8af7-448e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:51:27.000Z",
"modified": "2016-04-05T12:51:27.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAG5mhUjOocd3/QkAAJwTAAAgABwAYzc4YzFiZThmZDNkMjk3YTc3ZWQ2ZTgwMzdiZTI4YWJVVAkAA8+0A1fPtANXdXgLAAEEIQAAAAQhAAAA0dBIQnRW2id7x7vYkO7fVWfwVsVQ89LLha+IXRj1TLryExdJzyvoPPPTF0eF4Xkla07Z1jF+jcabrTM2nUlSChRfGS1bXp5+HcReMxG78fQrcdgZrBH+XhQfR8gPFgsdEQoIiceAMlwcZbBbbHGk9Z+lmDKBHozliti/6/uMqUjHAvHarwILsTaT0X8bLvHdUSwe2ePJCmodSaETEjGydFFpa5Hqhfyx/rTlGDYMXRE1l0xYlbP8mWhsz7L+hWj9zQ2Pt/XixH2Avzl7lS2NwEH5k92ZM4rotU/kcbewqJd2p1MTjiAZ7dJP0UD7I8uj2E1TGyJFoi9Csfi/2a9bLQyhzACt7dgYb7ruJN6JTRQGYj5xVtmz2HSoJos6Jh9xTnAZyvbTmaoXQtfag3qH1CIxNQam0D6I6rfmW3xlv3kER0z+4DLyqGUfcdo7n1GUSRIh7lA0fr16sGi7EbeQjCQUzGF9T4Y0mBZtqH5VJvPZuqS8iaUEVKzT5cIlHAwwqbUMdJiYNKxuTavCG4iWGWHigrtREt+N8Ex19QIUw7X6EpMVXDfKrC+jcjnbAmuCworohUNQVJsPBK11DfCTUUaPe60+Wa3yNroIvjkUMJib31yo076mhCgaY3qoUUQ0uM/MIt6KkWsd4YRr+haWjojy7+PBCjo8tlpeHEpTkjhQXRV1Q3DLkZjcZ49yszHCPymIdJnBBzoDsFMLKOgSmDVjYqvBDK5PfrzICYcR49OfnQiNoe0aFpQbQRdhU6sGeGyhWYmfF4zweVTFJlmZX7hnb8gtv13hhsZkXlviOKaeBAQKGqfGx7Trnxv+ntFlyfqRyufG9ONB7KWAkEAnAQL5S+o1XB2/8PiQketZXmkntb9u/9ggDj5KCuBY2F+6STFVryqI0Im6BcifUr8ksdIePDxStcJvPiAoaKAz2hYJCw6Ocxeucie6Ct1rrlvNzBWL42KvtKdVZ7fsuDrIKlm0nUy4VZVEIayUKF39h2wOBTnQKSm7ZODCwmU0QwBYE7NQwV71RcTNya7sUT5eeokvTRyKKKbcAUVIYaBJfmARoddTt/ghr/9+qjfVUl7wti9pFZaGgd3UoYmmU4meU8nOFWUzPWtxxa3TxEGD0b9H4VZS3NDB7MsMQKXLlrKIxkYRchqCx30hCPIHHNr5XpGesEklwQEyOzFNP8awiSJ2nJ+68pFidYu7OYgwwYwMXBvO0B7Ozs+ifxhMOkkY4zNHsoLnN2NRBy62Fq3JasL7WNTsE+NZr8MGNnxlk114de7XxskE3EAJj7EQbsPAyR8iR2mLcMnQyAgrsJ8vUZ5WDnyISv3kBlNbdmVR/CscyEe4Tm3scGB5IM3AOqBi9vm319UFwKoK0HhcWCkgo/AF/pvGN0s1wJoBfkTnlh4fSg+t/cofiq2WFzbwWU1cu/YPlZ8erMAv1+hVEWmxgMWk+9Z5QDUv3ykNtCSV/TZnsdWBVQK6xv+4Ze1WJFsAoxS/dPhqgkW6Nq/kkozc+fNzkYbPxeRBGwc8URdgvQiuxEkmSupD4oSSQyDN+BW7gI4l3udeIy29fPSGKhsMYUDkl/iz/BHmyVQH0lzyyXEJj1NzcN5hWu8kkedZmEvtes8dV356X2/oX1MaL+189ROp4wufjOAcamLGTjGiRSjvgzb9rfw+YowEohavh/Jg0+I8c8ZFW5YF3ndWgdJb1NPlAxdDBIeAoxt4HFHqV/A2SXzozqazjsUiJRn2oMoA8hlHDsQ7jbmBWMwCOZebMV4AubIt9Q8Ksk9Q3SIf2Arjr+PdlraOi/wKVSJvg6Lu7DZSsBql0XyZnF67MLwJKKLBZmxSMDtUjJiK/mfWC/GgOjo5gZ2JYuNZ8YnyNy/RujrgnwU9SW3WXtt3dmyblwhgD9roTeiYa1Lxa6Rr5vK16SZPRmMijq+OWRCzipiBItQ1A2p2nFmtg8QSozbOCOjsUkpxv2/u1GXarQNZ5O27h8i/A1DnBAVbBVgrGaojEqylknTkTRyNdkWtcBKME3GlQLXGH+V2V646xzegKKA/St5ntY2YzPOmsrM1ViVgNIdmtgTvuQb06P3M0XzaBscCjUL5EC6PMTo8Da4AexvmmriwSJzcS4qgkOs4+3mmPVNlpmT1nA/ZsS1mfmVKPRWBV/IGrndQ2g+9avYlveC2zOJEumbbNzsakHGhTA15JrOD1j9837EIw9B+yhPUOa8yjbq/9mUCKzpqc8spRWu/5cAOB4RWdCCc6nFM1KidNiA3vzN+jMY6i5G/rPGTzN2pfqbASjAdskSFlSMFvf8cQlOtE41Iy5IY7ndfmmG3TVxM459fW+nsO6PPZ8iBGEMjwQaRhkXJLn/zlzzS0u1dyj0sBVuJFdzEpBZrTn2KTiNVaVVN433iMJaiaKq6gWA2eQ7AKDr5xKOLg8/dM6xy/T8ka7k6hUSfjsFt55wRcF1LBoeGWCVx1wXVCLzPuMTC68PF32xtKA6Q7298yxLBizvXah/mXsWCtoveUXjbV+SXKyl9+du3GGMcHZWxTdoT9QZIME9ZDQKeNdh5BBD5uHzzl3eZAgR98q5hNlB3ENXhvJX2Hvmx+4e7DDnNSb4NOGIhv5UHJQfvjaatXS9ZfNaWIRLMkj1ycLCX7W+k/2CS0qFOh4QsuKnI8Fk9jGdJ9YaZjkv0bl2SdsC01dQAp9Z88P6wAfbV2Fa/UM/7WH4A/ShMg5TaWnVB5kFIw8j/PvlmpvVkFfTDM1SXXB9hOdfJGkvSFehQpBYePN3DUtI9DHbqtda96D1n+H+SDjh7PgJyDlKwWeAJGmZpDk2x4b1wi+ioAZQy10Ep3V5gbxoBk9nGfiFlj9pBZ51J1oDyvpon08FIqbyR2enuDvxHd136Umrpdlxun+yQ+nBS+hkCu3ACWq1VWDcfmnTwVemp+5cxzZNRJKYRczx0uzSh+D6/tvsjNv0IDhhSyVL7eHrF5zmJ3Mojcu6LyIimYGoc34m6joXg/1xBtFgtwkDanYbX4FPtD3iL9MMZfie18hl9dLSlV9KLpwherk0eD7DQQ0sMU9QgOAG+7jxvV8M90UKeHwu7eDplD5yZNRhZjuatF/xku6R2mt3sAz3siMFG24YN8fpkEO8ePLQuyXsVLqe+nlD3Vcxo9F55LJAXeqrE43rj4ra3SxhmLE1ty/C82D7UbNvCIycokbN5UK5i4/9GjeXIV7BC+Hfz9LASNoXc2Fci5y4nLviDUBP/IIwBhdll0RKTjrO7kGdt42RAg0YualPwLQUETkadWZfTUqwGTp5ehpcfJucsArRU2lm6tuP3InIklNRbwMCPvE6+3KToL5OGMKQTEu8okn5vgIRh+jA9MRKI8ROBIVma71clYOO2v0HYJDMi6KSiUQs+0O+L9VMyCSxnmW2etVBLBwjOocd3/QkAAJwTAABQSwMECgAJAAAAbmaFSFduQlwcAAAAEAAAAC0AHABjNzhjMWJlOGZkM2QyOTdhNzdlZDZlODAzN2JlMjhhYi5maWxlbmFtZS50eHRVVAkAA8+0A1fPtANXdXgLAAEEIQAAAAQhAAAAvOw8Iul4KUD9C2RGbrVYTh+j/UsEB+4XXnesnVBLBwhXbkJcHAAAABAAAABQSwECHgMUAAkACABuZoVIzqHHd/0JAACcEwAAIAAYAAAAAAABAAAApIEAAAAAYzc4YzFiZThmZDNkMjk3YTc3ZWQ2ZTgwMzdiZTI4YWJVVAUAA8+0A1d1eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABuZoVIV25CXBwAAAAQAAAALQAYAAAAAAABAAAApIFnCgAAYzc4YzFiZThmZDNkMjk3YTc3ZWQ2ZTgwMzdiZTI4YWIuZmlsZW5hbWUudHh0VVQFAAPPtANXdXgLAAEEIQAAAAQhAAAAUE
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:51:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b4d0-6ec0-4e22-8096-4f48950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:51:28.000Z",
"modified": "2016-04-05T12:51:28.000Z",
"pattern": "[file:name = 'accent_XNTlJN.js' AND file:hashes.SHA1 = 'c9107bb9f8588f5ad1d82710b84adbad184eccb7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:51:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b4d0-5a18-4d8c-a0ad-48c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:51:28.000Z",
"modified": "2016-04-05T12:51:28.000Z",
"pattern": "[file:name = 'accent_XNTlJN.js' AND file:hashes.SHA256 = '00c43b11fa0e897ad030463b89e6ee03bc4484cd09bae540f8efb6680a916ee9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:51:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b4d1-37d0-4048-ae32-4880950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:51:29.000Z",
"modified": "2016-04-05T12:51:29.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBAoACQAAAG9mhUgPFDkRfwoAAHMKAAAgABwAOWYzYTg2MDZiMTUwNDA4NDdmNTc1Y2FiMGYyMGJiNGFVVAkAA9G0A1fRtANXdXgLAAEEIQAAAAQhAAAA0dBIQnRW2id7x7pUJss9jaUbl7SbgVKI/oSwenAHRSnggqpeC1Zr6JpRgkdtcePJP1GCFdxIY7t2mZZi5yBo8pclBIqp6DLuBvg2p/SqYTNiVtEoli72vok51khhfL8KVrv+LtlKnSrtbEKCAp8Cu+jZ6iw4+u9ZoarVcu5eqLZVUOO/0vIi3zumAXXH2njtrrE47MeJWApGCcABhHw48kC3hiS6sEV5s4ay02xand57qQCTD2xpbe9MafA5iWvur/cwwPw7I7eifFsz3Lu62NCiby7yf60iURha8t3cv1s599O/BCRCJpaPHyzh3AGgL7Q++Kar84VBuhId0r8gFqHceuWAlnZZ+SOrYXzOQ57z5T8ZqFXj5pZOB+FF7RyKkNLWrjikJLD6GPLtHGX0z1g5z4VMrlQh1mDY0SzHozkUa5nnbnyvBlwTQWa7C6OkLLyie+TJ9wW1TNPVE8I70nouEDczXG6FXRNZwBmwATeUNrdAXVeU775k40JVWsutq0/ng7TbfX2EWlm7p5N+C7NDY5ldW1NcFQokgSk4dHbD266LZsY2ovdDnXzsOrSkw5zelz1M+fGBudQGhF3mGW35Fy5DSDIlQUJNnBTZFyhatCy+dLAVWZnIKFrBTXGsYEI97F0/SdO0TP8W4ZgXfl9LFh61/VcVk+JtXtIRoPiLEPkYAS/N604A7A2UqB4SNnBYLT8wGcI4cc/a8wKHz6mv8kT/P8OUwOOdYFeBeEYQDVYrf3SOhWAXBmOF08Trb4ih3BvLkxMqKhIy1JRD7JZqXkEGyGl99obAlhLVr4GUQuFFPKDSJt7c26ROYugguVjb6CcdirXzwtkLscWH9YyzXB2IOcIVoWfZw1ZOk6sw1gwcobdPCeDj9gUviKPcjQfuQCUIudc1tWj9XMDpNJRFBqskZ3WczXVKgqbVsMl4ThLpEq+XxqZJeguVAqwesBxBcEjr6/3foUw3xC7/KzjfikdNfBfPQmc3veS9UCv44/rcCFFYOH/SOZmp1G/j4zmGaqz2b9hVDTOJpmHp1LMAenJQ3AqZN6emLG8Vsupkp6KF+krqeNXJW1hu+25rYjxirxbknp4yQabYw3EgekfsZ9pbUX1gruawn6EG7MYOZ88UFF7gXJiTeaxKsukdDABd2ULhxKsCtVuqhXGbIooKSQlmZHeZu9yrI0iBDqK58KwtXrVhzkzcdZzPgyncbJ35N0hrX7zwGrrV1RyKfqOgn2mS73u37WLIljaT23jeyf0k93nsb+tgliTAXlx6LZdZWrt+nMEgxKV/OT5e3rkTxIJ5Jov5etF5K3RVoCVyxyLLC2qaJDMAI8aGbK6UVldUh/G3NTPSrJMLfxajoyKmNftmfi7RVbCV7o8EjPOD/3wTj2zUXnX+wZnkFA4HcwWZZZV8UGYF4wlLTMjjUWGu2DSs6vkrPZjhR01aoiM4hehzkc0cBd3jSUlhy9JM7sDPVVWxSesFhXTQR3+1j+KqPTw5tug/Sc5vwmrz0JBEp1GNP+AL8+z5Iw1Mnzv6Z7lUGg5iU2unMPnzgdLk0pw0dKhwMPHYh+qL18zPoIsZ7w9bzO9b5rWOOjflUh9sEFlNHMWtzqFvPQYlEz/BqQ29ptco86uO/gy1XfK6QGAS6zsfeY3s4R8cEb7Yqz35NK40xBaCJlWCiWXnGCLMWzK7TBFgcm5l+HS4A8KlthggF2KPRz6F4BEBczxixTpkyEIwem+MKZ6ZvpdFQJXoirbhtF4JrJl5y7iCxiK/eDi/6gC4f6Hs9DK2ijCuur7HK2Ik1HEkuLl/xz7s4HNUxwBX7PwbbpeKKAMB+blHhEe9B1ighUmI6Ex8tH4dMxYi32igI8SBZnemQM9LLRIriTsr9Ry2X58xv+AXs2Fh1zmdEHlzrwAaIixxskCBqRQBl875DkpleqrIBXzs2On/NSMiTjehL8rYg3h4kSjwJJfpQvXs6d4ZyGBiksJYWNOAEswTYKr2HD5iyekp8DbsoBxXUGF2ruEkMMglQ+GQsMvFh6t2Q+Qtz8j/7+yseS0DC74nhUwkC8RgRJ+XyDDp5b9ontKfWspDniieZpuhduIzIuzr4yVEASMFVYaqLdUXNFVFbHDdIqIJBKOZyyh0AhAAQtrKgZDYYDOhNPKR2n50mey50lof6/GQ1VAm0Ej2hWUzDnWuF8nXhyyw9pgSgOizM1bCqfI1LksLRON7ldpzWwBQ8ThJFdVoWSYPvsyIMs2Cw8Gb5fav5tQXTrSjGXDknQDB3zEQf1hZsEHfEdt0w/RZ16/cuYBkL7feh8CcUnBxVMCv1c21Ahuyt9UfIta8pMdeAtHVaUpBd6G+5fyyGKbcOxzXYEMPn34BSh7ACoaIob25HyWqGgD9w/r6vWIJQqo5zXB4vXpFdTw866MPsBP9fdvQ02+uLaZh3OVuY3Jab9AscAl056vP2zCFyfxFUmOki9340UNWwZO68ZaCRDR9wBhdXVxft/f6mi9wR4lMUDgD46/VUHh4OVRp4O0HgtFpahW+lekllzTihVxTYQDEqZeWRKlKOazSrhbhzDNUvR3mfb/6QfLFrGdVTfq+UEriroRil2jtbk12bgkbgdJtrl0uaAqruzOsU6l/7l9NrTykPrYgPD4JyJvyNgfrWGCrGCidsvgZxxeBYM1OO8kGoRup+2T8lwmcluZY/P52Qdv3MCamO+SYstYNB26cyDg1j3wMcu4RS0VVROEJJAmjuYkc08U6y6TLzNaAH/sZkGV4IitupLiQ/raFlsTyXVagx9JwjDHUc9uByAmMcuSeD1LrvU1rr2IgGaVlrkpl5/dUWIAsF51ouMyvqWWSc7ZEySvSIIafveb/lmYQ3HZB1l20IRuYQtbLaFxFPhkmKmuWmOcm+KhXgqwkIFJncr/hUuOr5hBBXdeWDfG7YvJFr6+E29bAz9dBP231FK6E1F/pJ/gJw3z1TNDFJ5eRhkUHxVwejGM85C5DWBUA+Lk3Cgj+ErnLb6xYHrC0YFF+0JSLUwoKrB0UOR4praHRLTq6tUjZm4TbvX0z33yHhq1YmnGSdWvAy8uVOzUygpjJbeu6Q4VgQdVFL+4G+H/S/qd9MphCwyMsAPUdw+7qOz0tEfn9c99v9/+Rl4H1Pn3K1iAWg1YFvn1jmyqL6s5UhpU15skkLGSc4ithGXJofZodBxk0ZRH48SNa6LOX+77d2dnyG/3l36+pM3RYJ80yumkWqjOf+HmLjSenu3LOxnbsC2wmA225CrjPOWJEy5E2ErVDLUYgFXZbg11mk/Bc6V4pUYfVqZsnoKrQCAnC3nCKkHCMn3DtBs1ccbEztZBLE//C0wCUFcfgD5iw+q/lgBOvCGhca4NNTjPDu0aFN/FPuPzXElG0H4CFEfhBfiTMZT63RlPXegAn5vhbuVhUjo9qWQJnnhXptK1CzUWFb0hzA5d08AN3IJZM5qi/4aqXm9t8nLwryXS76Yqmoz0egABmEinnQzpFexGBlTrZHA2/Muz25qojugOqLC5mWnmJingDFrSC+rA3pNWprDdelXNfSFwEMezTydJzFmRpbxWvqe4yPU5yx2kgK19QSwcIDxQ5EX8KAABzCgAAUEsDBAoACQAAAG9mhUgsMpwhJAAAABgAAAAtABwAOWYzYTg2MDZiMTUwNDA4NDdmNTc1Y2FiMGYyMGJiNGEuZmlsZW5hbWUudHh0VVQJAAPRtANX0bQDV3V4CwABBCEAAAAEIQAAALzsPCLpeClA/QtlKIIuZYydldXj64Nnuj8mW8neF/4ORrC46lBLBwgsMpwhJAAAABgAAABQSwECHgMKAAkAAABvZoVIDxQ5EX8KAABzCgAAIAAYAAAAAAAAAAAApIEAAAAAOWYzYTg2MDZiMTUwNDA4NDdmNTc1Y2FiMGYyMGJiNGFVVA
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:51:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b4d1-1d98-4e42-b510-478f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:51:29.000Z",
"modified": "2016-04-05T12:51:29.000Z",
"pattern": "[file:name = 'team_invoices_119741.zip' AND file:hashes.SHA1 = '91b3ef3ad72a124fc88fb9d79c211b1744222ea0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:51:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b4d2-5528-4d4b-922a-488e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:51:30.000Z",
"modified": "2016-04-05T12:51:30.000Z",
"pattern": "[file:name = 'team_invoices_119741.zip' AND file:hashes.SHA256 = '94f354409a154d8ad4a9f47c3131e543258911f676c1a1a31d3815dc103078fa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:51:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b646-d990-41eb-a222-164a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:57:42.000Z",
"modified": "2016-04-05T12:57:42.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://addagapublicschool.com/binfile.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:57:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b647-9374-4d1b-8300-164a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:57:43.000Z",
"modified": "2016-04-05T12:57:43.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://helpdesk.keldon.info/plugins/editors/tinymce/jscripts/tiny_mce/plugins/inlinepopups/skins/clearlooks2/img/binfile.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b647-f93c-4d8b-8cf4-164a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:57:43.000Z",
"modified": "2016-04-05T12:57:43.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://coldheartedny.com/wp-content/plugins/wordpress-mobile-pack/libs/htmlpurifier-4.6.0/library/HTMLPurifier/DefinitionCache/Serializer/URI/binfile.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b647-0b00-4380-b508-164a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:57:43.000Z",
"modified": "2016-04-05T12:57:43.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://closerdaybyday.info/wp-content/plugins/google-analytics-for-wordpress/vendor/composer/installers/tests/Composer/Installers/Test/binfile.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b648-09c4-46e5-9e22-164a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:57:44.000Z",
"modified": "2016-04-05T12:57:44.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://studiosundaytv.com/wp-content/themes/sketch/binfile.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:57:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b648-ab68-42f5-997d-164a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T12:57:44.000Z",
"modified": "2016-04-05T12:57:44.000Z",
"description": "C&C",
"pattern": "[url:value = 'http://thejonesact.com/wp-content/themes/sketch/binfile.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T12:57:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b80d-9bbc-478f-9ea5-4890950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:05:17.000Z",
"modified": "2016-04-05T13:05:17.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'addagapublicschool.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T13:05:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b80d-b084-41b0-9cc3-4fb2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:05:17.000Z",
"modified": "2016-04-05T13:05:17.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.239.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T13:05:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b80d-40d4-469b-9212-4b5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:05:17.000Z",
"modified": "2016-04-05T13:05:17.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'closerdaybyday.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T13:05:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b80e-cbf4-4967-9e9b-4a90950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:05:18.000Z",
"modified": "2016-04-05T13:05:18.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.185.151.39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T13:05:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b80e-c104-4ed3-8fb3-4d10950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:05:18.000Z",
"modified": "2016-04-05T13:05:18.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'coldheartedny.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T13:05:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b80e-829c-45ad-bcc6-42d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:05:18.000Z",
"modified": "2016-04-05T13:05:18.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.26.75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T13:05:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b80f-6594-459b-9d2b-4e11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:05:19.000Z",
"modified": "2016-04-05T13:05:19.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'helpdesk.keldon.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T13:05:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b80f-01b0-4f8c-ba16-4481950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:05:19.000Z",
"modified": "2016-04-05T13:05:19.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'keldon.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T13:05:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b80f-9d38-4773-b3f0-478a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:05:19.000Z",
"modified": "2016-04-05T13:05:19.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.228.3.204']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T13:05:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b810-8bd0-4f56-b4b8-4654950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:05:20.000Z",
"modified": "2016-04-05T13:05:20.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'studiosundaytv.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T13:05:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b810-3e44-448e-9aee-458b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:05:20.000Z",
"modified": "2016-04-05T13:05:20.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '76.162.168.113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T13:05:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b810-f420-4584-8660-42dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:05:20.000Z",
"modified": "2016-04-05T13:05:20.000Z",
"description": "C&C",
"pattern": "[domain-name:value = 'thejonesact.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T13:05:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703b811-f3c4-44c9-9989-417a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:05:21.000Z",
"modified": "2016-04-05T13:05:21.000Z",
"description": "C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.186.220.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T13:05:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5703b894-f000-4d47-9773-480702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:07:32.000Z",
"modified": "2016-04-05T13:07:32.000Z",
"first_observed": "2016-04-05T13:07:32Z",
"last_observed": "2016-04-05T13:07:32Z",
"number_observed": 1,
"object_refs": [
"url--5703b894-f000-4d47-9773-480702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5703b894-f000-4d47-9773-480702de0b81",
"value": "https://www.virustotal.com/file/94f354409a154d8ad4a9f47c3131e543258911f676c1a1a31d3815dc103078fa/analysis/1459858330/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5703b894-22b8-407c-abdb-4db202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:07:32.000Z",
"modified": "2016-04-05T13:07:32.000Z",
"first_observed": "2016-04-05T13:07:32Z",
"last_observed": "2016-04-05T13:07:32Z",
"number_observed": 1,
"object_refs": [
"url--5703b894-22b8-407c-abdb-4db202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5703b894-22b8-407c-abdb-4db202de0b81",
"value": "https://www.virustotal.com/file/00c43b11fa0e897ad030463b89e6ee03bc4484cd09bae540f8efb6680a916ee9/analysis/1459858357/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5703b895-5f9c-4a7b-967f-496902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:07:33.000Z",
"modified": "2016-04-05T13:07:33.000Z",
"first_observed": "2016-04-05T13:07:33Z",
"last_observed": "2016-04-05T13:07:33Z",
"number_observed": 1,
"object_refs": [
"url--5703b895-5f9c-4a7b-967f-496902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5703b895-5f9c-4a7b-967f-496902de0b81",
"value": "https://www.virustotal.com/file/ff5926f47c07542be71d4c425273c57292b4905c36edd76a193b5fd4c1af3ca5/analysis/1459860369/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5703b895-c1fc-45ff-8a65-46ec02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:07:33.000Z",
"modified": "2016-04-05T13:07:33.000Z",
"first_observed": "2016-04-05T13:07:33Z",
"last_observed": "2016-04-05T13:07:33Z",
"number_observed": 1,
"object_refs": [
"url--5703b895-c1fc-45ff-8a65-46ec02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5703b895-c1fc-45ff-8a65-46ec02de0b81",
"value": "https://www.virustotal.com/file/218e9bfb8a87783f8ac48e346933e651a457d03fd1b4c72bd4ee6f48c6ba7e6d/analysis/1459861008/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5703ba4f-ce3c-4b89-bfdd-49ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-05T13:14:55.000Z",
"modified": "2016-04-05T13:14:55.000Z",
"description": "Automatically added (via 70.exe|1d9453cf990eb07ce9fd216cd80a565247444510)",
"pattern": "[file:name = '70.exe' AND file:hashes.MD5 = '8952377a0513c24cd2a00e5946d45103']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-05T13:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}