misp-circl-feed/feeds/circl/stix-2.1/57ce65d3-6170-47b5-8f3f-47e0950d210f.json

2396 lines
233 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--57ce65d3-6170-47b5-8f3f-47e0950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:09:50.000Z",
"modified": "2016-09-07T13:09:50.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57ce65d3-6170-47b5-8f3f-47e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:09:50.000Z",
"modified": "2016-09-07T13:09:50.000Z",
"name": "OSINT - Pok\u00c3\u00a9mon-themed Umbreon Linux Rootkit Hits x86, ARM Systems",
"published": "2016-09-07T13:10:05Z",
"object_refs": [
"observed-data--57ce65e1-4f10-4fb3-9384-3305950d210f",
"url--57ce65e1-4f10-4fb3-9384-3305950d210f",
"x-misp-attribute--57ce65f2-d28c-41aa-8fb4-47e4950d210f",
"indicator--57ceaeb1-0da4-4e04-8aef-49fa950d210f",
"indicator--57ceaf0f-5354-416c-bb90-4d21950d210f",
"indicator--57ceaf20-1ccc-4f0d-9ee6-4e8e950d210f",
"indicator--57ceb2bf-4b1c-43b0-acf4-4cc3950d210f",
"indicator--57ceb50e-ea7c-462a-8701-4379950d210f",
"indicator--57ceb541-9b40-4d25-a6f2-404f950d210f",
"indicator--57ceb541-0240-465d-b304-4596950d210f",
"indicator--57ceb542-e970-4703-90fa-4621950d210f",
"indicator--57ceb587-47c8-4d49-a733-4d9c950d210f",
"indicator--57ceb587-4b88-4221-9931-45c9950d210f",
"indicator--57ceb699-fed0-4314-b5ac-463d950d210f",
"indicator--57ceb69a-c2b8-4629-832e-4c9c950d210f",
"indicator--57ceb69a-9f80-4d49-ba67-4bf5950d210f",
"indicator--57ceb69a-be88-4eb0-81aa-4d00950d210f",
"indicator--57ceb6c9-e724-4ada-9114-4bf4950d210f",
"indicator--57ceb6c9-bfb0-4aa2-93b3-45d6950d210f",
"indicator--57ceb6c9-f94c-4d66-bf87-4bc9950d210f",
"indicator--57ceb6f4-cbd4-4570-9068-4104950d210f",
"indicator--57ceb6f4-64dc-4089-bf9d-469a950d210f",
"indicator--57ceb6f4-fe00-4257-be31-444a950d210f",
"indicator--57ceb724-3590-4a74-8a75-4879950d210f",
"indicator--57ceb725-3e6c-4802-bf02-494d950d210f",
"indicator--57ceb725-e0bc-48d2-b842-4f36950d210f",
"indicator--57cec3a9-5d6c-4485-a593-4fdf02de0b81",
"indicator--57cec3a9-f2b4-41c2-a770-4efa02de0b81",
"observed-data--57cec3a9-03a0-45c9-aa62-494702de0b81",
"url--57cec3a9-03a0-45c9-aa62-494702de0b81",
"indicator--57cec3a9-b7a0-48b8-9823-4b0b02de0b81",
"indicator--57cec3aa-0a50-49a3-9bbb-4d8002de0b81",
"observed-data--57cec3aa-ce48-4425-b633-4d8d02de0b81",
"url--57cec3aa-ce48-4425-b633-4d8d02de0b81",
"indicator--57cec3aa-301c-481e-a15a-455902de0b81",
"indicator--57cec3aa-dd3c-4d19-b800-4c0702de0b81",
"observed-data--57cec3aa-1f50-4880-8383-4ccb02de0b81",
"url--57cec3aa-1f50-4880-8383-4ccb02de0b81",
"indicator--57cec3ab-1660-49d3-950b-473f02de0b81",
"indicator--57cec3ab-dd10-456d-98c1-4e5b02de0b81",
"observed-data--57cec3ab-f214-4341-b831-4bbf02de0b81",
"url--57cec3ab-f214-4341-b831-4bbf02de0b81",
"indicator--57cec3ab-f1c0-433d-a13a-4dbb02de0b81",
"indicator--57cec3ab-ba9c-4f0d-ac18-4db502de0b81",
"observed-data--57cec3ac-8608-4478-a0e8-462f02de0b81",
"url--57cec3ac-8608-4478-a0e8-462f02de0b81",
"indicator--57cec3ac-2088-4e7c-abe1-4f4f02de0b81",
"indicator--57cec3ac-6f10-4cf1-90d4-440702de0b81",
"observed-data--57cec3ac-8bf8-4ee7-9a49-488f02de0b81",
"url--57cec3ac-8bf8-4ee7-9a49-488f02de0b81",
"indicator--57cec3ac-2800-4b0b-8ed8-433d02de0b81",
"indicator--57cec3ad-c184-419f-bd59-45a602de0b81",
"observed-data--57cec3ad-0544-4a72-b378-498e02de0b81",
"url--57cec3ad-0544-4a72-b378-498e02de0b81",
"indicator--57cec3ad-1574-42ab-8402-4c1d02de0b81",
"indicator--57cec3ad-7258-4fdc-aaf5-4b1402de0b81",
"observed-data--57cec3ad-0a58-4e03-b707-446b02de0b81",
"url--57cec3ad-0a58-4e03-b707-446b02de0b81",
"indicator--57cec3ae-c8c4-412d-9943-42d802de0b81",
"indicator--57cec3ae-dc74-4a4c-ab0d-450902de0b81",
"observed-data--57cec3ae-e510-4922-bddd-4e7c02de0b81",
"url--57cec3ae-e510-4922-bddd-4e7c02de0b81",
"indicator--57cec3ae-b2a0-4864-823a-4f5802de0b81",
"indicator--57cec3ae-1f54-4aac-8c79-402702de0b81",
"observed-data--57cec3ae-f4f8-438b-8e59-4ae302de0b81",
"url--57cec3ae-f4f8-438b-8e59-4ae302de0b81",
"indicator--57d0101e-9248-447a-84cb-06c3950d210f",
"indicator--57d0101e-30a0-4a1e-830c-06c3950d210f",
"indicator--57d0101f-8874-417b-b565-06c3950d210f",
"indicator--57d01020-38c0-4d9a-a3f5-06c3950d210f",
"indicator--57d01020-7ebc-4930-a09a-06c3950d210f",
"indicator--57d01021-4324-44f0-a6b4-06c3950d210f",
"indicator--57d01021-5c6c-4be2-8f08-06c3950d210f",
"indicator--57d01022-6888-4ca1-8a2d-06c3950d210f",
"indicator--57d01023-7a28-4113-b710-06c3950d210f",
"indicator--57d01023-4f28-450f-baad-06c3950d210f",
"indicator--57d01024-7d60-4390-b4e3-06c3950d210f",
"indicator--57d01024-2d2c-43aa-9083-06c3950d210f",
"indicator--57d01025-8914-4961-af6d-06c3950d210f",
"indicator--57d01026-1dec-48a2-a881-06c3950d210f",
"indicator--57d01026-ff8c-4a13-991f-06c3950d210f",
"indicator--57d01027-dbc8-4582-ba37-06c3950d210f",
"indicator--57d01028-d170-4e4e-8311-06c3950d210f",
"indicator--57d01028-e5c4-4f71-bf58-06c3950d210f",
"indicator--57d01029-cb54-43b4-af13-06c3950d210f",
"indicator--57d0102a-7b48-4003-9af9-06c3950d210f",
"indicator--57d0102a-8f68-4c84-bfd8-06c3950d210f",
"indicator--57d0102b-1964-4f34-9e65-06c3950d210f",
"indicator--57d0102b-6334-4498-9083-06c3950d210f",
"indicator--57d0102d-0f98-472b-a469-06c3950d210f",
"indicator--57d0102d-6070-4ca8-aefb-06c3950d210f",
"indicator--57d0102e-2a2c-447a-8d95-06c3950d210f",
"indicator--57d0102e-af60-452e-a779-06c3950d210f",
"indicator--57d0102f-673c-4059-aa77-06c3950d210f",
"indicator--57d01030-6e28-4356-810c-06c3950d210f",
"indicator--57d01031-af44-4609-9582-06c3950d210f",
"indicator--57d01031-170c-4393-81bf-06c3950d210f",
"indicator--57d01032-1fb8-4ca2-a48d-06c3950d210f",
"indicator--57d01032-029c-4e6f-a09e-06c3950d210f",
"indicator--57d01033-70f4-467b-b03e-06c3950d210f",
"indicator--57d01034-ba94-401f-a7f2-06c3950d210f",
"indicator--57d01035-3298-4836-819d-06c3950d210f",
"indicator--57d01035-c31c-4e50-92e2-06c3950d210f",
"indicator--57d01036-92cc-44a6-872a-06c3950d210f",
"indicator--57d01036-7954-488c-a7ed-06c3950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"malware_classification:malware-category=\"Rootkit\"",
"ms-caro-malware:malware-platform=\"Linux\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57ce65e1-4f10-4fb3-9384-3305950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T06:44:49.000Z",
"modified": "2016-09-06T06:44:49.000Z",
"first_observed": "2016-09-06T06:44:49Z",
"last_observed": "2016-09-06T06:44:49Z",
"number_observed": 1,
"object_refs": [
"url--57ce65e1-4f10-4fb3-9384-3305950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57ce65e1-4f10-4fb3-9384-3305950d210f",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--57ce65f2-d28c-41aa-8fb4-47e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T06:45:06.000Z",
"modified": "2016-09-06T06:45:06.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "rootkit-feature\r\n\r\nThe Trend Micro Forward Looking Threat Research team recently obtained samples of a new rootkit family from one of our trusted partners. We are providing a detailed analysis of the rootkit, and also making the samples available to the industry to help others block this threat.\r\n\r\nThis rootkit family called Umbreon (sharing the same name as the Pok\u00c3\u00a9mon) targets Linux systems, including systems running both Intel and ARM processors, expanding the scope of this threat to include embedded devices as well. (An aside: the rootkit does appear to be named after the Pok\u00c3\u00a9mon of the same name. This Pok\u00c3\u00a9mon is known for hiding in the night, which is an appropriate characteristic for a rootkit.) We detect Umbreon under the ELF_UMBREON family."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceaeb1-0da4-4e04-8aef-49fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T11:56:26.000Z",
"modified": "2016-09-06T11:56:26.000Z",
"pattern": "[rule crime_linux_umbreon : rootkit\r\n{\r\n\tmeta:\r\n\t\tdescription = \"Catches Umbreon rootkit\"\r\n\t\treference = \"http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems\"\r\n\t\tauthor = \"Fernando Merces, FTR, Trend Micro\"\r\n\t\tdate = \"2016-08\"\r\n\t\r\n\tstrings:\r\n\t\t$ = { 75 6e 66 75 63 6b 5f 6c 69 6e 6b 6d 61 70 }\r\n\t\t$ = \"unhide.rb\" ascii fullword\r\n\t\t$ = \"rkit\" ascii fullword\r\n\r\n\tcondition:\r\n\t\tuint32(0) == 0x464c457f // Generic ELF header\r\n\t\tand uint8(16) == 0x0003 // Shared object file\r\n\t\tand all of them\r\n}]",
"pattern_type": "yara",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2016-09-06T11:56:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceaf0f-5354-416c-bb90-4d21950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T11:57:03.000Z",
"modified": "2016-09-06T11:57:03.000Z",
"pattern": "[rule crime_linux_umbreon_strace : rootkit\r\n{\r\n\tmeta:\r\n\t\tdescription = \"Catches Umbreon strace rootkit component\"\r\n\t\treference = \"http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems\"\r\n\t\tauthor = \"Fernando Merces, FTR, Trend Micro\"\r\n\t\tdate = \"2016-08\"\r\n\t\r\n\tstrings:\r\n\t\t$ = \"LD_PRELOAD\" fullword\r\n\t\t$ = /ld\\.so\\.[a-zA-Z0-9]{7}/ fullword\r\n\t\t$ = \"\\\"/etc/ld.so.preload\\\"\" fullword\r\n\t\t$ = \"fputs_unlocked\" fullword\r\n\r\n\tcondition:\r\n\t\tuint32(0) == 0x464c457f // Generic ELF header\r\n\t\tand uint8(16) == 0x0003 // Shared object file\r\n\t\tand all of them\r\n}]",
"pattern_type": "yara",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2016-09-06T11:57:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceaf20-1ccc-4f0d-9ee6-4e8e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T11:57:20.000Z",
"modified": "2016-09-06T11:57:20.000Z",
"pattern": "[rule crime_linux_umbreon_espeon : rootkit backdoor\r\n{\r\n\tmeta:\r\n\t\tdescription = \"Catches Umbreon strace rootkit component\"\r\n\t\treference = \"http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems\"\r\n\t\tauthor = \"Fernando Merces, FTR, Trend Micro\"\r\n\t\tdate = \"2016-08\"\r\n\r\n\tstrings:\r\n\t\t$ = \"Usage: %s [interface]\" fullword\r\n\t\t$ = \"Options:\" fullword\r\n\t\t$ = \" interface Listen on <interface> for packets.\" fullword\r\n\t\t$ = \"/bin/espeon-shell %s %hu\"\r\n\t\t$ = { 66 75 63 6b 20 6f 66 66 20 63 75 6e 74 }\r\n\t\t$ = \"error: unrecognized command-line options\" fullword\r\n\r\n\tcondition:\r\n\t\tuint32(0) == 0x464c457f // Generic ELF header\r\n\t\tand uint8(16) == 0x0002 // Executable file\r\n\t\tand all of them\r\n}]",
"pattern_type": "yara",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2016-09-06T11:57:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb2bf-4b1c-43b0-acf4-4cc3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:20:45.000Z",
"modified": "2016-09-06T12:20:45.000Z",
"description": "/hideports",
"pattern": "[file:hashes.SHA1 = '738ac5f6a443f925b3198143488365c5edf73679']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:20:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb50e-ea7c-462a-8701-4379950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:22:38.000Z",
"modified": "2016-09-06T12:22:38.000Z",
"description": "/.bashrc",
"pattern": "[file:hashes.SHA1 = 'b5e68f8e23115bdbe868d19d09c90eb535184acd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:22:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb541-9b40-4d25-a6f2-404f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:28:18.000Z",
"modified": "2016-09-06T12:28:18.000Z",
"description": "/bin/pkg /bin/zypper ./bin/emerge /bin/yum /bin/apt-get",
"pattern": "[file:hashes.SHA1 = '73ddcd21bf05a9edc7c85d1efd5304eea039d3cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:28:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb541-0240-465d-b304-4596950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:23:29.000Z",
"modified": "2016-09-06T12:23:29.000Z",
"description": "/bin/espeon-shell (detected as BKDR_UMREON.A)",
"pattern": "[file:hashes.SHA1 = '48a6e43af0cb40d4f92b38062012117081b6774e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:23:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb542-e970-4703-90fa-4621950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:23:30.000Z",
"modified": "2016-09-06T12:23:30.000Z",
"description": "/bin/unhide-self",
"pattern": "[file:hashes.SHA1 = '88aea4bb5e68c1afe1fb11d55a190dddb8b1586f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:23:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb587-47c8-4d49-a733-4d9c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:24:39.000Z",
"modified": "2016-09-06T12:24:39.000Z",
"description": "/bin/umbreon.py",
"pattern": "[file:hashes.SHA1 = '42802085c28c0712ac0679c100886be3bcf07341']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:24:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb587-4b88-4221-9931-45c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:24:39.000Z",
"modified": "2016-09-06T12:24:39.000Z",
"description": "/bin/espeon (detected as ELF_UMREON.A)",
"pattern": "[file:hashes.SHA1 = '66d246e02492821f7e5bbaeb8156ece44c101bbc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:24:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb699-fed0-4314-b5ac-463d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:29:13.000Z",
"modified": "2016-09-06T12:29:13.000Z",
"description": "/bin/spytty",
"pattern": "[file:hashes.SHA1 = '4f6c6d42bdf93f4ccf68d888ce7f98bcd929fc72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:29:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb69a-c2b8-4629-832e-4c9c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:29:14.000Z",
"modified": "2016-09-06T12:29:14.000Z",
"description": "/bin/.x",
"pattern": "[file:hashes.SHA1 = '1f1ab0a8e9ec43d154cd7ab39bfaaa1eada4ad5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:29:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb69a-9f80-4d49-ba67-4bf5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:29:14.000Z",
"modified": "2016-09-06T12:29:14.000Z",
"description": "/.init-append",
"pattern": "[file:hashes.SHA1 = '81ad3260c0fc38a3b0f65687f7c606cb66c525a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:29:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb69a-be88-4eb0-81aa-4d00950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:29:14.000Z",
"modified": "2016-09-06T12:29:14.000Z",
"description": "/.umbreon-ascii",
"pattern": "[file:hashes.SHA1 = '7b10bf8187100cdc2e1d59536c19454b0c0da46f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:29:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb6c9-e724-4ada-9114-4bf4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:30:01.000Z",
"modified": "2016-09-06T12:30:01.000Z",
"description": "/.profile",
"pattern": "[file:hashes.SHA1 = '96d5e513b6900e23b18149a516fb7e1425334a44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:30:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb6c9-bfb0-4aa2-93b3-45d6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:30:01.000Z",
"modified": "2016-09-06T12:30:01.000Z",
"description": "/usr/share/libc.so.2284441204.i686.ld-2.22.so (detected as ELF_UMREON.A)",
"pattern": "[file:hashes.SHA1 = '851b7f07736be6789cbcc617efd6dcb682e0ce54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:30:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb6c9-f94c-4d66-bf87-4bc9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:30:01.000Z",
"modified": "2016-09-06T12:30:01.000Z",
"description": "/usr/share/libc.so.2284441204.x86_64.ld-2.22.so (detected as ELF_UMREON.A)",
"pattern": "[file:hashes.SHA1 = 'e2bc8945f0d7ca8986b4223ed9ba13686a798446']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:30:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb6f4-cbd4-4570-9068-4104950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:30:44.000Z",
"modified": "2016-09-06T12:30:44.000Z",
"description": "/.ldso/strace.so (detected as ELF_UMREON.A)",
"pattern": "[file:hashes.SHA1 = '17b42374795295f776536b86aa571a721b041c38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:30:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb6f4-64dc-4089-bf9d-469a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:30:44.000Z",
"modified": "2016-09-06T12:30:44.000Z",
"description": "/promptlog",
"pattern": "[file:hashes.SHA1 = '394fae7d40b0c54c16d7ff3c3ff0d247409bd28f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:30:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb6f4-fe00-4257-be31-444a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:30:44.000Z",
"modified": "2016-09-06T12:30:44.000Z",
"description": "espeon (ARM version, detected as ELF_UMREON.B)",
"pattern": "[file:hashes.SHA1 = '022be09c68a410f6bed15c98b63e15bb57e920a9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:30:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb724-3590-4a74-8a75-4879950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:31:32.000Z",
"modified": "2016-09-06T12:31:32.000Z",
"description": "pkg (ARM version, detected as ELF_UMREON.B)",
"pattern": "[file:hashes.SHA1 = '3762c537801c21f68f9eac858ecc8d436927c77a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:31:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb725-3e6c-4802-bf02-494d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:31:33.000Z",
"modified": "2016-09-06T12:31:33.000Z",
"description": "strace.so (ARM version, detected as ELF_UMREON.B)",
"pattern": "[file:hashes.SHA1 = '2cd24c5701a7af76ab6673502c80109b6ce650c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:31:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57ceb725-e0bc-48d2-b842-4f36950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T12:31:33.000Z",
"modified": "2016-09-06T12:31:33.000Z",
"description": "umbreon.so (ARM version, detected as ELF_UMREON.B)",
"pattern": "[file:hashes.SHA1 = '358afd4bd02de3ce1db43970de5e4cb0c38c2848']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T12:31:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3a9-5d6c-4485-a593-4fdf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:24:57.000Z",
"modified": "2016-09-06T13:24:57.000Z",
"description": "umbreon.so (ARM version, detected as ELF_UMREON.B) - Xchecked via VT: 358afd4bd02de3ce1db43970de5e4cb0c38c2848",
"pattern": "[file:hashes.SHA256 = 'e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:24:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3a9-f2b4-41c2-a770-4efa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:24:57.000Z",
"modified": "2016-09-06T13:24:57.000Z",
"description": "umbreon.so (ARM version, detected as ELF_UMREON.B) - Xchecked via VT: 358afd4bd02de3ce1db43970de5e4cb0c38c2848",
"pattern": "[file:hashes.MD5 = 'bbeb18c0c3e038747c78fcab3e0444e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:24:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57cec3a9-03a0-45c9-aa62-494702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:24:57.000Z",
"modified": "2016-09-06T13:24:57.000Z",
"first_observed": "2016-09-06T13:24:57Z",
"last_observed": "2016-09-06T13:24:57Z",
"number_observed": 1,
"object_refs": [
"url--57cec3a9-03a0-45c9-aa62-494702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57cec3a9-03a0-45c9-aa62-494702de0b81",
"value": "https://www.virustotal.com/file/e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853/analysis/1472872777/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3a9-b7a0-48b8-9823-4b0b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:24:57.000Z",
"modified": "2016-09-06T13:24:57.000Z",
"description": "/.ldso/strace.so (detected as ELF_UMREON.A) - Xchecked via VT: 17b42374795295f776536b86aa571a721b041c38",
"pattern": "[file:hashes.SHA256 = '991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b73088522']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:24:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3aa-0a50-49a3-9bbb-4d8002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:24:58.000Z",
"modified": "2016-09-06T13:24:58.000Z",
"description": "/.ldso/strace.so (detected as ELF_UMREON.A) - Xchecked via VT: 17b42374795295f776536b86aa571a721b041c38",
"pattern": "[file:hashes.MD5 = '2b1863acdc0068ed5d50590cf792df05']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:24:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57cec3aa-ce48-4425-b633-4d8d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:24:58.000Z",
"modified": "2016-09-06T13:24:58.000Z",
"first_observed": "2016-09-06T13:24:58Z",
"last_observed": "2016-09-06T13:24:58Z",
"number_observed": 1,
"object_refs": [
"url--57cec3aa-ce48-4425-b633-4d8d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57cec3aa-ce48-4425-b633-4d8d02de0b81",
"value": "https://www.virustotal.com/file/991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b73088522/analysis/1473161723/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3aa-301c-481e-a15a-455902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:24:58.000Z",
"modified": "2016-09-06T13:24:58.000Z",
"description": "/usr/share/libc.so.2284441204.x86_64.ld-2.22.so (detected as ELF_UMREON.A) - Xchecked via VT: e2bc8945f0d7ca8986b4223ed9ba13686a798446",
"pattern": "[file:hashes.SHA256 = '4fc4b5dab105e03f03ba3ec301bab9e2d37f17a431dee7f2e5a8dfadcca4c234']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:24:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3aa-dd3c-4d19-b800-4c0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:24:58.000Z",
"modified": "2016-09-06T13:24:58.000Z",
"description": "/usr/share/libc.so.2284441204.x86_64.ld-2.22.so (detected as ELF_UMREON.A) - Xchecked via VT: e2bc8945f0d7ca8986b4223ed9ba13686a798446",
"pattern": "[file:hashes.MD5 = 'd0d97899131c29b3ec9ae89a6d49a23e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:24:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57cec3aa-1f50-4880-8383-4ccb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:24:58.000Z",
"modified": "2016-09-06T13:24:58.000Z",
"first_observed": "2016-09-06T13:24:58Z",
"last_observed": "2016-09-06T13:24:58Z",
"number_observed": 1,
"object_refs": [
"url--57cec3aa-1f50-4880-8383-4ccb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57cec3aa-1f50-4880-8383-4ccb02de0b81",
"value": "https://www.virustotal.com/file/4fc4b5dab105e03f03ba3ec301bab9e2d37f17a431dee7f2e5a8dfadcca4c234/analysis/1472872774/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3ab-1660-49d3-950b-473f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:24:59.000Z",
"modified": "2016-09-06T13:24:59.000Z",
"description": "/usr/share/libc.so.2284441204.i686.ld-2.22.so (detected as ELF_UMREON.A) - Xchecked via VT: 851b7f07736be6789cbcc617efd6dcb682e0ce54",
"pattern": "[file:hashes.SHA256 = '8752d16e32a611763eee97da6528734751153ac1699c4693c84b6e9e4fb08784']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:24:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3ab-dd10-456d-98c1-4e5b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:24:59.000Z",
"modified": "2016-09-06T13:24:59.000Z",
"description": "/usr/share/libc.so.2284441204.i686.ld-2.22.so (detected as ELF_UMREON.A) - Xchecked via VT: 851b7f07736be6789cbcc617efd6dcb682e0ce54",
"pattern": "[file:hashes.MD5 = 'e7e82d29dfb1fc484ed277c702187818']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:24:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57cec3ab-f214-4341-b831-4bbf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:24:59.000Z",
"modified": "2016-09-06T13:24:59.000Z",
"first_observed": "2016-09-06T13:24:59Z",
"last_observed": "2016-09-06T13:24:59Z",
"number_observed": 1,
"object_refs": [
"url--57cec3ab-f214-4341-b831-4bbf02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57cec3ab-f214-4341-b831-4bbf02de0b81",
"value": "https://www.virustotal.com/file/8752d16e32a611763eee97da6528734751153ac1699c4693c84b6e9e4fb08784/analysis/1472872773/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3ab-f1c0-433d-a13a-4dbb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:24:59.000Z",
"modified": "2016-09-06T13:24:59.000Z",
"description": "/bin/.x - Xchecked via VT: 1f1ab0a8e9ec43d154cd7ab39bfaaa1eada4ad5e",
"pattern": "[file:hashes.SHA256 = '0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:24:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3ab-ba9c-4f0d-ac18-4db502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:24:59.000Z",
"modified": "2016-09-06T13:24:59.000Z",
"description": "/bin/.x - Xchecked via VT: 1f1ab0a8e9ec43d154cd7ab39bfaaa1eada4ad5e",
"pattern": "[file:hashes.MD5 = 'b982597ceb7274617f286ca80864f499']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:24:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57cec3ac-8608-4478-a0e8-462f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:00.000Z",
"modified": "2016-09-06T13:25:00.000Z",
"first_observed": "2016-09-06T13:25:00Z",
"last_observed": "2016-09-06T13:25:00Z",
"number_observed": 1,
"object_refs": [
"url--57cec3ac-8608-4478-a0e8-462f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57cec3ac-8608-4478-a0e8-462f02de0b81",
"value": "https://www.virustotal.com/file/0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff/analysis/1442181954/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3ac-2088-4e7c-abe1-4f4f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:00.000Z",
"modified": "2016-09-06T13:25:00.000Z",
"description": "/bin/spytty - Xchecked via VT: 4f6c6d42bdf93f4ccf68d888ce7f98bcd929fc72",
"pattern": "[file:hashes.SHA256 = '0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:25:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3ac-6f10-4cf1-90d4-440702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:00.000Z",
"modified": "2016-09-06T13:25:00.000Z",
"description": "/bin/spytty - Xchecked via VT: 4f6c6d42bdf93f4ccf68d888ce7f98bcd929fc72",
"pattern": "[file:hashes.MD5 = '0ab776fa8a0fbed2ef26c9933c32e97c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:25:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57cec3ac-8bf8-4ee7-9a49-488f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:00.000Z",
"modified": "2016-09-06T13:25:00.000Z",
"first_observed": "2016-09-06T13:25:00Z",
"last_observed": "2016-09-06T13:25:00Z",
"number_observed": 1,
"object_refs": [
"url--57cec3ac-8bf8-4ee7-9a49-488f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57cec3ac-8bf8-4ee7-9a49-488f02de0b81",
"value": "https://www.virustotal.com/file/0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f/analysis/1473087594/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3ac-2800-4b0b-8ed8-433d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:00.000Z",
"modified": "2016-09-06T13:25:00.000Z",
"description": "/bin/espeon (detected as ELF_UMREON.A) - Xchecked via VT: 66d246e02492821f7e5bbaeb8156ece44c101bbc",
"pattern": "[file:hashes.SHA256 = 'c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:25:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3ad-c184-419f-bd59-45a602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:01.000Z",
"modified": "2016-09-06T13:25:01.000Z",
"description": "/bin/espeon (detected as ELF_UMREON.A) - Xchecked via VT: 66d246e02492821f7e5bbaeb8156ece44c101bbc",
"pattern": "[file:hashes.MD5 = '087dd79515d37f7ada78ff5793a42b7b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:25:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57cec3ad-0544-4a72-b378-498e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:01.000Z",
"modified": "2016-09-06T13:25:01.000Z",
"first_observed": "2016-09-06T13:25:01Z",
"last_observed": "2016-09-06T13:25:01Z",
"number_observed": 1,
"object_refs": [
"url--57cec3ad-0544-4a72-b378-498e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57cec3ad-0544-4a72-b378-498e02de0b81",
"value": "https://www.virustotal.com/file/c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480/analysis/1472872772/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3ad-1574-42ab-8402-4c1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:01.000Z",
"modified": "2016-09-06T13:25:01.000Z",
"description": "/bin/unhide-self - Xchecked via VT: 88aea4bb5e68c1afe1fb11d55a190dddb8b1586f",
"pattern": "[file:hashes.SHA256 = 'aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:25:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3ad-7258-4fdc-aaf5-4b1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:01.000Z",
"modified": "2016-09-06T13:25:01.000Z",
"description": "/bin/unhide-self - Xchecked via VT: 88aea4bb5e68c1afe1fb11d55a190dddb8b1586f",
"pattern": "[file:hashes.MD5 = 'df320ed7ee6ccf9f979aefe451877ffc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:25:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57cec3ad-0a58-4e03-b707-446b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:01.000Z",
"modified": "2016-09-06T13:25:01.000Z",
"first_observed": "2016-09-06T13:25:01Z",
"last_observed": "2016-09-06T13:25:01Z",
"number_observed": 1,
"object_refs": [
"url--57cec3ad-0a58-4e03-b707-446b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57cec3ad-0a58-4e03-b707-446b02de0b81",
"value": "https://www.virustotal.com/file/aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b/analysis/1423751099/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3ae-c8c4-412d-9943-42d802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:02.000Z",
"modified": "2016-09-06T13:25:02.000Z",
"description": "/bin/espeon-shell (detected as BKDR_UMREON.A) - Xchecked via VT: 48a6e43af0cb40d4f92b38062012117081b6774e",
"pattern": "[file:hashes.SHA256 = '122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3ae-dc74-4a4c-ab0d-450902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:02.000Z",
"modified": "2016-09-06T13:25:02.000Z",
"description": "/bin/espeon-shell (detected as BKDR_UMREON.A) - Xchecked via VT: 48a6e43af0cb40d4f92b38062012117081b6774e",
"pattern": "[file:hashes.MD5 = '9eef7e7e3c1bee2f8591a088244be0cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57cec3ae-e510-4922-bddd-4e7c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:02.000Z",
"modified": "2016-09-06T13:25:02.000Z",
"first_observed": "2016-09-06T13:25:02Z",
"last_observed": "2016-09-06T13:25:02Z",
"number_observed": 1,
"object_refs": [
"url--57cec3ae-e510-4922-bddd-4e7c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57cec3ae-e510-4922-bddd-4e7c02de0b81",
"value": "https://www.virustotal.com/file/122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670/analysis/1472938012/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3ae-b2a0-4864-823a-4f5802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:02.000Z",
"modified": "2016-09-06T13:25:02.000Z",
"description": "/bin/pkg /bin/zypper ./bin/emerge /bin/yum /bin/apt-get - Xchecked via VT: 73ddcd21bf05a9edc7c85d1efd5304eea039d3cb",
"pattern": "[file:hashes.SHA256 = '0751cf716ea9bc18e78eb2a82cc9ea0cac73d70a7a74c91740c95312c8a9d53a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57cec3ae-1f54-4aac-8c79-402702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:02.000Z",
"modified": "2016-09-06T13:25:02.000Z",
"description": "/bin/pkg /bin/zypper ./bin/emerge /bin/yum /bin/apt-get - Xchecked via VT: 73ddcd21bf05a9edc7c85d1efd5304eea039d3cb",
"pattern": "[file:hashes.MD5 = 'f9ba2429eae5471acde820102c5b8159']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-06T13:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57cec3ae-f4f8-438b-8e59-4ae302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-06T13:25:02.000Z",
"modified": "2016-09-06T13:25:02.000Z",
"first_observed": "2016-09-06T13:25:02Z",
"last_observed": "2016-09-06T13:25:02Z",
"number_observed": 1,
"object_refs": [
"url--57cec3ae-f4f8-438b-8e59-4ae302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57cec3ae-f4f8-438b-8e59-4ae302de0b81",
"value": "https://www.virustotal.com/file/0751cf716ea9bc18e78eb2a82cc9ea0cac73d70a7a74c91740c95312c8a9d53a/analysis/1472938049/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d0101e-9248-447a-84cb-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:26.000Z",
"modified": "2016-09-07T13:03:26.000Z",
"description": "expanded manually via VT",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAG1oJ0kc8PKsxAIAAPMDAAAgABwAMGFiNzc2ZmE4YTBmYmVkMmVmMjZjOTkzM2MzMmU5N2NVVAkAAx4Q0FceENBXdXgLAAEEIQAAAAQhAAAAIeNyb0XvoBpVfbLoAxDuXQXoES3wUfZ4QkqqWxON5cTFGqFTxhuz5j/vEnbIz+Aj3VGECE6kSDQlwpChJLatqtpMcz0X3DiL6KQv8kAhiZEGvilJzKVfshfmHsRXcYBccTundJRZI/C1Hx6gSa64ASsfiHL3xO7Uu29KFFtpkB4vtx4nC4WMkMvnSve3bxz4RWbsuhkyc1sYkxSzUi+Gzf0gQhn1V3VvHayps+UZd6LoWp33US0VHpPe5Rl5RhGefo3V5pAy0vU7W6AIZJWaLBYYsZiK+z0Zl4rgOyfIUMYGhHEX5iSN713g/Tdyo/B5kp+FP4HcMC2wszk0Q0gTEJb8KdEElPKN8bihh+GojtIt5nj+hxu1pq+Px1qgVuRhwEUzExvXVlGhq0q9pTY2c+G4Oa+5O2ESAs4sf/DyoQfUDXCCUTW10T65De5qBhg2SO030IIxsjeJ72pBmy6BX6E2kqfW3elOUiNQrpQF0k4Os5sSCmZ7JAez4pgyr+sKYLGVv6TwzVzJhxQKMkEWpkaPM5JLveGhpSKubdKnR7LkUvjFaYCkall0yzlQY/wQcha9RHjt7qiTSTTXhLIks+BB2x8FxdYG1mY1o+lhxfZCjMr4oD/3AiD3jdjAeY7arhmhffAqMAqcqfgQlt+F/nmeBsIX7Za9MhfRQwVdnWJxpRIDw+6jwlEA5CKsb8wCiExWJTgdYtA+e1f7ggtVXXNyczfaisMckVY3J33U1gTkW8UXypKcOszSVXjZG0FzfuR1h7BkVyOWOWB+PleEwVNwU8qB95Kn/wM6o/K/DmV0jpNpaBDw/EWdVOxeZlo8AF662ZuTuskHIRuzQMGLWCug4oWYNlMAU9ouaeF4WteuJeUY2mmXMELYBatTO5ew32yP0JRQA8nHN7zkizN4mJmB+uxdNvBl9UbpyksLl7DtTSrlUEsHCBzw8qzEAgAA8wMAAFBLAwQUAAkACABtaCdJAPy10EAAAABAAAAALQAcADBhYjc3NmZhOGEwZmJlZDJlZjI2Yzk5MzNjMzJlOTdjLmZpbGVuYW1lLnR4dFVUCQADHhDQVx4Q0Fd1eAsAAQQhAAAABCEAAAAi8BA4NMHD1O2HYWFXdN6eZhQWoYs9zyUOy8KemqX3zcncmsbzVNP11WiyGfv8heFyAJ4KGtefbdym1CrD3m9HUEsHCAD8tdBAAAAAQAAAAFBLAQIeAxQACQAIAG1oJ0kc8PKsxAIAAPMDAAAgABgAAAAAAAEAAACkgQAAAAAwYWI3NzZmYThhMGZiZWQyZWYyNmM5OTMzYzMyZTk3Y1VUBQADHhDQV3V4CwABBCEAAAAEIQAAAFBLAQIeAxQACQAIAG1oJ0kA/LXQQAAAAEAAAAAtABgAAAAAAAEAAACkgS4DAAAwYWI3NzZmYThhMGZiZWQyZWYyNmM5OTMzYzMyZTk3Yy5maWxlbmFtZS50eHRVVAUAAx4Q0Fd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAA5QMAAAAA' AND file:name = '0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f' AND file:hashes.MD5 = '0ab776fa8a0fbed2ef26c9933c32e97c' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d0101e-30a0-4a1e-830c-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:26.000Z",
"modified": "2016-09-07T13:03:26.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f' AND file:hashes.SHA1 = '4f6c6d42bdf93f4ccf68d888ce7f98bcd929fc72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d0101f-8874-417b-b565-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:27.000Z",
"modified": "2016-09-07T13:03:27.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f' AND file:hashes.SHA256 = '0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01020-38c0-4d9a-a3f5-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:28.000Z",
"modified": "2016-09-07T13:03:28.000Z",
"description": "expanded manually via VT",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAG5oJ0nHNg4QRgIAANoDAAAgABwAYjk4MjU5N2NlYjcyNzQ2MTdmMjg2Y2E4MDg2NGY0OTlVVAkAAyAQ0FcgENBXdXgLAAEEIQAAAAQhAAAA860ubD+JuslFxrlEL8Fl23/ISyOHnUgQ84Rngf7Z4+JrnwqeDcGk/6Gv5OL4qzLWWKdi5IHXFzdSk7R6F1uQYwj9LOdpMmgqMAeQOIbRLxxHMrfa/m+kNiVYYz+//GASuSVNMbkUUkrTJtn581M6WZtptWDwDD/nV2TgG+oGOJohLTHJBLohlpqxIAqmDbGwF9MISmPxy/OEEgV3qfvZJuZVjoe/Inhv9pbX1jtxCGgJPvviAyHVBm8vjid+3ydw12b3cC3h/TEvJlDKVAzSik/xzDmsxggICb8i+p/ZzyTViR4a6E4SsrNECR9cybKaKBY4EjoQkj062ImJXhoaaZBr/v3Bzkuo2fMA1DUmQyYJI0V5PHYJBjfHuF30/MIuD0bS3zAsWG+xDuekFQ/wj/uAW45IPfLS+FMaKF+SIz1FnMklhEuNJOWfoUz6Lzou298J6MBGOxFBCBlYlH3loiu+4KedTQWpE39MtBO/qrTjnh8OUct/5MrU64fAZ2UarMycoaXUJ43OEayccyoAPM2JN2RTPeB7YetPqQllpsNrSFDxQDNV9/sVZP6vrjBh3ROSUuZoEzy4SxlOcoqdnp0PZw5gpE0MPx0o0waivz4fVLjki0nOVVQSppv0Uf9S8wojOqTjMhAYCeHgXrT6OT0zSumjcIytk2IL823rZuCRH5MuShh6tN/XWApWXi3ZwFz45rOnJh4e/nipsarD2hLpJ0B5VD3Umtuf/kxZQ0rHmMonzZGu27idgdhRrP2hkb4KUXD+UEsHCMc2DhBGAgAA2gMAAFBLAwQUAAkACABuaCdJGtS9qEEAAABAAAAALQAcAGI5ODI1OTdjZWI3Mjc0NjE3ZjI4NmNhODA4NjRmNDk5LmZpbGVuYW1lLnR4dFVUCQADIBDQVyAQ0Fd1eAsAAQQhAAAABCEAAACH4kQSnjcgpb95N0uBQ/EHhJt1FfiKUPCAsKMiH8mhEumby2KUMC7nzsfcGAxFV8Udt6h8njUhKxwmtkJezL37s1BLBwga1L2oQQAAAEAAAABQSwECHgMUAAkACABuaCdJxzYOEEYCAADaAwAAIAAYAAAAAAABAAAApIEAAAAAYjk4MjU5N2NlYjcyNzQ2MTdmMjg2Y2E4MDg2NGY0OTlVVAUAAyAQ0Fd1eAsAAQQhAAAABCEAAABQSwECHgMUAAkACABuaCdJGtS9qEEAAABAAAAALQAYAAAAAAABAAAApIGwAgAAYjk4MjU5N2NlYjcyNzQ2MTdmMjg2Y2E4MDg2NGY0OTkuZmlsZW5hbWUudHh0VVQFAAMgENBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGgDAAAAAA==' AND file:name = '0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff' AND file:hashes.MD5 = 'b982597ceb7274617f286ca80864f499' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01020-7ebc-4930-a09a-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:28.000Z",
"modified": "2016-09-07T13:03:28.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff' AND file:hashes.SHA1 = '1f1ab0a8e9ec43d154cd7ab39bfaaa1eada4ad5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01021-4324-44f0-a6b4-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:29.000Z",
"modified": "2016-09-07T13:03:29.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff' AND file:hashes.SHA256 = '0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01021-5c6c-4be2-8f08-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:29.000Z",
"modified": "2016-09-07T13:03:29.000Z",
"description": "expanded manually via VT",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAG9oJ0mzv4Ngkl0AAIj+AAAgABwAZDBkOTc4OTkxMzFjMjliM2VjOWFlODlhNmQ0OWEyM2VVVAkAAyEQ0FchENBXdXgLAAEEIQAAAAQhAAAA0osp6lVfeqAPu5JW9YzaAfKbAsK6mhSFZzqz0XBaOqPUJbYRLtzHglM0pp3Z+vLqdBSY+QEedldYjbnewhkj+cDZPXoQMRuFgraP0e88z2xrSJGD0kezhl8whO430pIzofyJPtxvXOCl/h4U1bJpGAEDveQbDH+mEdF9jD7S1geXNg8qk8ODYYyZi3HsVkYnIMkEhM04tQLcJ8SiTW4rIhxkwB31TlrH0okP7GTSinUDkTKHMTmWmCPsVvV1sPy1WOakfd9OK9Onp+FtE+VgHyUH16bjh3+KnhAKP9JTm2YdBLeIZYhLvhHlQPiitdnKVYmQsHOzBOY26e4GPJoQ465sixCWEtCzFevmPMWjOKNLyUjtAuQM07kdUqX8Mfxs2YQV55JSn2tQGXYhjPnL39hHwUq6mQTAsk8epLneyZ37IzReC7IBlKDm9DC6oQ3sP0TKnrz/bmkAwF27Z4pB8FsgjdnciYX65YJcSJjQkwzMDJ8sHB2qqvWAuUEG/11rZy0pMigbxf2qdRS3h1IpnKM1SYWK9Kh6v9vQvdDoLG100W6dECipwxI1KyLx65rrNAneRtgRyuxSMuUI76h+MPaFUtEvqnkT7Ux+zrKNhpH2cXpct0XX0AeXk4wFs1KE4oBJFxy/E3MfoaIR6DrYHeGuypS+mduo3w07PUrVGIROA+/cXScTYYawWROCx2jvCly8l15hSVVEa/ircuO/LiiEiCHIJlJ407OhwEzLiksg7rFmT+I1hotslYebK9xPVC5sEQK8vVDygbTgN3AIkZOYz3H6FpxOiy191hAmk/jdkv61xbfmatt4MMvgVbzwXqyYD9CYjA8LiKsWBlo8iqk9g9kvu6bjWuQxsk23u4nNhrtYrDTNlOTRtP43L8en3lqiPmpaD/o0xzw07ZowSBZ2VQADzUJCsshb5hOhsfPabpncuXkWLeZRdzjvOAXGUtOp1tJsMPqWYylKBsLgpLdGM/OxY1l9Gwg9OGVrrU4JMtVC/bjEj+rR6Vv8YCq1MWMq2+IXDbE5rymK68L3UTycwghRZXdc/u28HGHa/RzVLU0jtejAerp/vRzmSSVfJac9P7ZHAVQRy8CJawu2pNzncQLQptZI+knJ86IK9/8ioWpIpZfYyUnFdvzCQZroiWZiz22YsDBKjHPF0vfR4d8bb1RmxOZU+sctlIGCLqVPQ/P9AnOVJwsBVAKqJBmH8FBa1sNyYgnQoA/Zc3SH5b+p2cR5rgwg7dNO/M7CKpyMYml+bpE42WqRlbC+106qsphCnbr/CY0Y8Io2mxGwgZwrCc4vzcQ+qoKLD5IO2m+haF2Igd5eIsjpdiX2ndnjZrIRs9aK/It6kSxrJDAdwbsukPsYVeO2Ep/+d43Ve5PEhYMEFmt3VEkBGs+vf+yNxDRK1FIwvGKti+b/+NfWGxixiEd7BRdrhH7lFmLsINdFndOTqQiXi1utSYu7GDpQ8EMu2r70JIFsL+RSJBriIrgKTll1X521IVqg1A1dLipAQR8Pt82m7FLZtn3Gtq1THyd6Wr7dwRT3pSRaBXnaxS3xEC3AeCrcj//+auVgL4R7rlkiFXwjXRoEB5K9mcGtDiDFYVouUtMEll813GsNFYZfSc2I+QLqaEa5ZYfe/8zOL20zt/HyOxdgJVNSiOxOL+3KuQs9d+wD+iLMrTCdtTc105XxrKUBh9zwFc/svnMD5jntDYG58lg9Lr8oNZwPzi80L8j8x1HKtCqWDbyq6OUvdlFQ4qu0Kc+5SYyF/ai8sFNr65TPGApleg19V23M943DeiYxXZK9v63rArkQN4EWFxhHkx42uSDtWC4PgvWPkbWxSiIrD59OQHVe2V0rrSh9rKlOu0uyL/rFqWGhSyIpMX/DsHZZ6mqtFES03Uz2AeZB/1XKfSfIAGPzG3Akvkb8oTjtFtgZ3/MWtVJz3KjLN3B4FsIyJv63siHLErPuTwV2owNmW+Q39cHwvMC7+S3rGudgoPdNM0POF5HaL/LZufyq5cb5yww/t+l2dcZxujpvBrf6QbxAJ/R5HXIuCCREwF98qsZbkDI2KsdNuUBCLwrj8WvQlsik1c87hJsyYlzGvVWbvy4esxjxbMGU05OU+OzwoJpGi7NRwZNbEHvbM3Rds58p7rRu86Ks/QDVWFxb+vS74zIwwXMgQtDI2z5oZH/dAKGvAPlDw/3s6kRivnPXEgD1Fy0KZ8h14ETjoWfpYhwM5l5CnJdg4TokqCpLSsj5Z/Y0xcQIyWwzOBQTJUwoU5Rm5QE1YF9QlRekncp3ZT19Qb3jsSez2HMnaorHvbbhYPztEjYWE//dsYVGgGU4/vX2hHya28NtBfdClQrh/BJ1N8L8aUMBTNj+Tp8pxyydo9Th1CZmRvT6Cf+oJ5ygHw5ULmhREXhCH/jONMKjANhQoudzqKUhN6PwETk9yrbvPPWmVAh7nQFIbIVDpK+ko55UtAUBbXhtnObF2qKbKUvRUztd41OGOasAV27l1XttqmZdN6iPkyK7zUbd05ZMIhVWFU4NY3BE3b8iU+qxinFMIz5QAUeII3B9O5j23QI45qq7iRap5/lAVSn2rUGkYvKCZy6uzcMYxy+C6E7kslOpVhn2opJF3zId5s3QNu4ZFpmEl4FsrGvvIOTOKITA8IaT0CCmS0ZPzMfPaI38ldCkTYFrh0s1KDblh4lk/8PnQTFSNl8nvkhsk6UvKYU6tOtUzefjARzl0A5AXSSyMn5WUGebfj0W/esTxaw8vTO5NBg69kaaOalbuBzbguv+NL/afxgze94X6A0TvvLMPoUvakebpOLefu46kG0fr4jh0tOCcGRf/ccWWQ0LmmjNgoewOdSf5KaHOo/ZtLP5je7yJKUAUAajBHrk9Y6/NsWydx8f1xz+4t37wRWxxLRoGimdwEMv6cKEKjONjRaYsljHTEe4cTenlbRUFgFjiEFywBvaz7m7xZf3c++LsRfMVkDC8o9I7ykVwfizgblH7E5J2pUinxyVhsbFWm6v5/S/CDFUdjgXDbepV27lh2dteQNEkve8yr1nTPLWvqVcw4cB1HCNDTHpV1cGHaLm5vaD/6lBSxQTRhGRDBLXfZZluLa0D5Ku3kmeAANSVpPlNOm9r175CYk6TRH1DLi/MLO4E1fQ+PIBYkcWx0LsOvQj9Kx3Y2VpKQidq91t/tTSo+lsUbZrviEVVXcK0iPLPTDut2eSBuEDV6cuT5U8OMdUlnFjXvazW5JM71+sjINc9BUWdYfd4jnS285diRea8bmEdp+OENykgnrvZApLlrr/fbaYEqRoJO4qtY7avN43JCm+JAUnToMnR19z7CVQ2b3E/lQlNS3S/qRhsHuPknJ1N55Q99rKyp1mt9w5/poq/55D2cOYvONEYio8R/eFE34EPutUC2fByC8obxga5oh/XjRbtLmfTXUJxVmkwWPlUaXI2nlXSz0YSXMnHOtygCj3HwYpC08dK+e/HveLi+2+vPZbPHUU+ljrGJPlteLvG4FY+t4wm82IVT5TMg1z/PZ5SYDpZsmMW8vMNkG9eLWQqBwKKzI5H+ngHtedaB3jc10eZhipiulxKDum1k72zNSwoK0JaT90SpCFmPfhA9byBtqYXAZbhSb47DL8FaGo0OClhWLx6oz9K+vusuJbxx82cijrjH9fYNUJUyjjKZPKpIXXH4+NZEKUDSn1C2CvYbUlYCzkkYsMKAwRn8fbI3MTtDVqspRANVxX0agf0cSsqc8vWS0bYsKBNCy/EJanj1vDKvUIXZMwFGrcA7FGh8yt3+VzlwsOFKwIFd61GBzjocPW6oQLJ8Q5JxWLSByFVSrfjDXau0xY5O5TFV0A9dbRl3y9+6MUNJ23NPPVRBYCBOL6wMUj7RSeSbgECBUEnc2WowwsePxTwJTh/1QiYlGbB8GFJo
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01022-6888-4ca1-8a2d-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:30.000Z",
"modified": "2016-09-07T13:03:30.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '4fc4b5dab105e03f03ba3ec301bab9e2d37f17a431dee7f2e5a8dfadcca4c234' AND file:hashes.SHA1 = 'e2bc8945f0d7ca8986b4223ed9ba13686a798446']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01023-7a28-4113-b710-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:31.000Z",
"modified": "2016-09-07T13:03:31.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '4fc4b5dab105e03f03ba3ec301bab9e2d37f17a431dee7f2e5a8dfadcca4c234' AND file:hashes.SHA256 = '4fc4b5dab105e03f03ba3ec301bab9e2d37f17a431dee7f2e5a8dfadcca4c234']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01023-4f28-450f-baad-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:31.000Z",
"modified": "2016-09-07T13:03:31.000Z",
"description": "expanded manually via VT",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHBoJ0nuE+7X3g8AAJ8kAAAgABwAYTQ3ZTM4NDY0NzU0Mjg5YzBmNGE1NWVkN2JiNTU2NDhVVAkAAyMQ0FcjENBXdXgLAAEEIQAAAAQhAAAA0osp6lVfeqAPu40CGUApVZDeUgQ5kaq8C6dvUYjz4zszdMQIA6nunshp274O6hgfCqPwowXiD+m8XiwKEyFSZXlhHqesUYChD08lS1vg6TUcHSgMbEBGFONBCqM/p8gXDek4e/g2aRe2Fy7YBlheAdTp3fRVsByFTjJpv1VGYFQvl9teAwPdMpfmCEmvzRByeU8ARq77ZkB/hfTprSaadYQWalxkpt037D1YYgtJ3kMYoJym2U/tOF1deGs3yUY4ZJZHxgmz3mE1dBXujwSVexbARoAqTQwx336FqnOs7iOrKX3OLtck6XOUje838W8fDEZYUQ77Vs5eBPJ5cP2Io5k/jbjN6hDU44Xm+QNLe74Dk5DjEymGmUMnlVTtCtVOoZZGU7g5DLe2KwRaNIcdkPzhc64As+RnU1+lNA3iJgObUXDlJijJmXuVWRuMC2ozPSb4ofm/Yyl4hEykCPvmDYbL+/7o6yzWj2lQZg/VkpQekZB39AQ0ZFlpS5Yn8NO9VafQzR2BtTs3o1iOwU5dYR8+qeC/9wQtxeaMTPvJ+nhLNb46bu9Km4awZ6KXbcRQ+aATqUS3n6SzknBfPNN2gT6zzqT0yLZe7+iTvSy4+q8BBUcImDbeoln1ByDogaQ4LBXKlwViIHc+GWpbzlN3bnmRWAFdvtVZxHOB3e9idPZt8V2YyURxS/SHLQ6c9Ql2W4+gBUZD8c7uQ2AVdX2lMBHXhkny4Iyvt2EwYNWobB+IFx/96U5xKYtVVFoHv/Ck0ONEmNB0c6k2o2/d3+7scGmAqtNyzPRdGi1BxPQTHUQIGC2NyfL61PhauqrLdHaXQJwfLo6eo/z388lacxK7ZU4rQJ4sJZDHVuhaj2VeC8Dlij8OMUB1dHeW+L2L1aWB2Ko7/+POCk4nu90a1Dj03KhnV/icxqawo8ZfIDDrgnHkB5Z6Thy+wSQB5GD8aZrRF5hIyoLittmv0mnTpUHNVffVsZ5NXa+eqo+oNWzQmq/uhm4yUw2rsLU3PWHLzdy6d0dkwUPkd56+Y4A1VjZcmopHm07+5jymoxpJaKVIm+T5VX5uAuFOpQ0twaTwR11tpmmmIqF7H+XoeMGnAub2tWSugBRRgDNEYgGr4bqDj4bCROsQiBsQ7nRrCpOKxT98LxEUZvXrwvjUjFUUpO7HsKwatIspDZVcOOZolFaYkxrMRsqq6GAjP3vLIkMuEG36ZBMKWKoAon2xX67PrUms33G+EzbKFaLMAgYMaKO/M9WeJXIOMu7MB+tTKZI+fimm+4oF8AJYPEnWIBykHq5VYjhBBPEVd27wufrt48kN7HKwGVQwWjC86TrFcSIhvhcDbZlhkyAAiEkXSO12GB0ULF4HpmbnejpWiOj0fYK/HAo2ut2HPR2aKfPFPlWrH2+jyZFOoQwr28ArQD7Iwwnv8+inb9LAAHezWFXLqabwXOt8NM0w7LZFOGXvE72XsldwS64mBflLDq3AFFQhaJRzYz9gpw1LCj4G9pWflXNFa8r2FraeynQkpTAsddlRL9Sx2VKP3W+2VWQ2xEOv2KSIRcDaGCtiG/E1nKEXLMR4Pp/7t9lEtgaq01e/i0MiXewLyjuI5QogXVcLTrgsaxy317W2wqmH1f/CmFhMa6NhqIAo9TOLHWnvV60EU4Vo80mrY9svtX0OQOmD8/rUTe7gbQU690M9ke1mInnHte8dH8lIX0iqjYxisrCfF4/TtK5P75r3b6OYMTsT1OmK0+45kjFlgli0tZLip7CtV/4gjQgL65SYuJYYglDl7aHA8Sp0k03o8vHTbCJAcQj2Pb8NRL9OA3XXqD4Y+ZYVcYshK3TPA4F1x8fmhr1q+joZSCftD6In7xRRbSGf6Af12FArSc5ey67EdFrMeSgej/Fjs5AZ/cmqHLOiup/9HhUm78SMRvEVz78UxaxRNesUNjWimmJ/VZM7d3lZBd0/hjXQMJsTtaSfoY7Wj7Edrcr3mo0VCbQO/D4GEwouvX+fCIdF3HwgxjIM40taJ0IsaMvD0J5RlRDbOO3hdWaM9Ye1vLH+0Qj2+yeUB8gSNv6t/qrvHFwMnLPJ87RvCa4FPhhHczqnqPLhMV20uvT2Eq2M6uot4OvynfhXBJ6TEbDZeKzXpnkP2OUjjwyqed971LjO042NVLA/A0eMycduRDOs2gRPBkznggwFUPjgINt2tfiQtF+coFqpl9APz7oG7OBBL1PgJ7xkk/XOKislhqEZ2+enNCC37shv34CeNRTz/fDFLRMqE/GYCbdpctCh53t94Ed10J9Fj35q/fy+obvvuPli70HBisknT7MY6JPmB/4mN+iLuZ8fIq0MI8PpNHP6qePeieqtp/EiD6BI0lISLjrZ6p0e7Uyx3hpdxHFDHsGD4VX14FJZSRpc3EQJp47p5buu5KWB/U4JIGzVj/ECY8tVNPmZdXudyYtWnSfhvKHNMB4bjMEgMq2a4rLWdsYLxzLf2yLdedtxx1UddOExv25UYENa+bxZlQ1GdpDBVGox+ZtOsSoPFncdnI2zmA9c0Qk5X/HapcGNTbDJVbDb9P7zsLhyHK1931xaMG012gxJ6/glIfsR/wHK0Bh2C9Ik+S55wMFNfY8n4rHUVa31WjOsGDMZZUd+LxMADLPAVGTj9r/gB8NpNH4vDnvNhsW5Qt1mVB51QZQJwPL3fLT8dWQ5nuz7Cp4xdJNWpZeUJVCWbC80xX+1Kc1pMmeIfHNQqNQhG0LCsXBi3DIKPjPjjPHa2/lHu+ZhyQ/y01L7FDUAOqBZRwWdeGTqxLITPdeCcj8KKaqPAJtMb+zmO5HGIvf4yqwuX/O1g0P/khhhR+SykFqKQ5dtyws6Ais1aUwKYJXsB4KMcVH6M0uq4f+I5iTc1BB6Sy4vOo8nnT1tGFIK3XsrDLf0D+iMSgv07RHigNCwyMf2A+iDMBE6Ls4AK3nDqF6tENgW+FZyFY9o91fphut+kCiyZ4rWCdacH3vHRrClmVu4ALq9NVHj8QvQ14ErjmdoVDOvk9jkJJFHSTKqIm4PkeuNYNaJSdmwkegWGGcJCqfRP47vPYBcBY/08+c3Vb922uGwMZ2FscxHyvz314fJpG83iEyqjyUNatebcB09XZaqxIkP8CfDj024zrEz2UY7xjd7VyYSyiaU3UCaj8TopVg1imYQl7BuaF1X1DWIJhU35aJuoz6P+sQ4vFBKX0haC3yoRjPKXc6OP3RiW42/b6fdDn9yxKSyOKP5h5hJ85E+1/Uuh/A+BUieeSkML/MEFhoYpQdEI+f2siApxWIVk50knXBJ8IkYZbROj4VTtablCATwr+97VbJIBwDDuz71eUr74OQuvULqfmLPaeTC2wvIUKJ1fzk/tn56gZCUpr/qaSBAew+7xj9hiXXJDQpP+oivstx44L+YHPNL/3N8DM425m2xgJ9upKzzqLgkDFeXr2sd/bkEJOnEKDfkBkQ2krIgCXMlmz4+YQEvbZd80k6qP5lU8EQzmcYzgEx/AeuamfvvfVsaU1Tbz/mehMsHeqpYzAsDUiXQB2vAb5/aTKYv9H5iOOHcw0cu1OwrTEQfLH3MrHCHqhhtUmK7jcY+saJkV+218L6GDjb0CPfrD7bNT1kDxnzQDGsbVyGUjc84ypTxZFYhuxfhfEMAzxhe0yg3fZ5VyB9z0InE0ehoc2T2DqHgmskrYyQX3/epOYjx2LSqZOR5FNtt8Hsk5LOxiRniJ1kObQAtgLQzvDv0m46E69hcL1YaZCwAiK8chMUxfoTKGvQwbkpE8qouGElvm+SaV2rL/PiE9HymQgMXEBAwFK8f6A8kIW6Lo9UiPpMiNP3p/iIulQZAHNHFEPAqWWaIW6Ls8dQ0ljOneV2C8+UxUfB1LFICv5d+ayMKgYfWyXleoIrBJb98RLvyBiAbXYNwiH4ZQJ
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01024-7d60-4390-b4e3-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:32.000Z",
"modified": "2016-09-07T13:03:32.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '015a84eb1d18beb310e7aeeceab8b84776078935c45924b3a10aa884a93e28ac' AND file:hashes.SHA1 = '022be09c68a410f6bed15c98b63e15bb57e920a9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01024-2d2c-43aa-9083-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:32.000Z",
"modified": "2016-09-07T13:03:32.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '015a84eb1d18beb310e7aeeceab8b84776078935c45924b3a10aa884a93e28ac' AND file:hashes.SHA256 = '015a84eb1d18beb310e7aeeceab8b84776078935c45924b3a10aa884a93e28ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01025-8914-4961-af6d-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:33.000Z",
"modified": "2016-09-07T13:03:33.000Z",
"description": "expanded manually via VT",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHFoJ0lFxMCIbQoAAAUYAAAgABwAYjQ3NDZiYjVlNjk3ZjIzYTU4NDJhYmNhZWQzNmM5MTRVVAkAAyUQ0FclENBXdXgLAAEEIQAAAAQhAAAA73Zku21fSybTRT4q1rzB6gYm5lK6rgGiiFcFHhSdCmPyHjONINPxqXdcIe+lgdeVDhE6ztxlq8cDZvvGkCUhzl9idZROvJ+HYPGlzVC/CnPPyJidw3oRkWap9t7kt28Rl7rxo6hs0DK+Hu+l6h9xOpXdXrTwi1rftNDVUF2XGUKgdwCdRT0E/RI6P3MyBeFySxQKaURxNecII9uo71i3wOcWibMfME5fROc7+UIoVcJBhCmx1Rx2sM6PlakKUlX+KcRxyZRHIXhjaKmMYHZi8Hq+f6D1tgw8257pAxE1Co2bbEBkXvf6MEV5TZz9tWSTmH/mtk9/OPH8KRjkFcq7gkyXSQLrmfSwo2o7Q6RT4bMpwUbCGPNFHI7qfcjE/t9nUGVyX0k6rqcCXy452HqVXHWmrmAZq7d+AHMNRxg0ccHTLAY6etnCyV6sU9S3xlMMe07NwJcI3z0otGfK0AhV//FIAEbp12btHQYmAJM9qhuWp251GRxB+37avNJ9joKCAQbS6uJKiOlETYTuxhnACQLEqSKCX0FZWUl4pDWiOBCDY92fEwXZruhpEMPIIXwkSDSQtgX2B9XGD/1mhrApVH2SxhW1Xyh3yH0MaFlyumyJFTD34PMFdUW6t03+IuTnahjkSV7tmRbHm/CLAbJxkeIDkDCDFKXTgWK/C9J8s7numv2nxhdcDVsSYwujRm/E/6WJkAlu39f/pz8G6Yy+8J9ZEGvzJV1RkM4PImw0hesmRxtGMYEg1M3FmHPrI/tf79OhSvlqxLDn0YjX3RmO6RshkK/3nZbSJxUbBlcwU+M5s1b+Ow5MmpBAS9KMv8LbZgWi8J3PPWAfKCoLmU+6BrMnhSjXhL+Jx/YDanKsJ80zRFaIMcpl8jSwxTZppuTN8++6E5VTUHJ0gWgpdPhFsCukWuONkiHNSOhBO5fF7d4cdLd1BrukLK2oW1QLB23ySlu3hFeG3oEKGaX6fh6q5tGDT6TBXzPws83eQT5QZ+QIciMP0GgAr4EJYC8GIAVk5jlSGeigzsQ9TYDzHGQfp1qFLjs/zgvFVhkFoHxIU0a3sB+uU+EVBsC5tKHrSFeN2InWLt1jppJKx+7jWliKBuuXlQ13oM1R/ps+Xmi+8yZdAGJgeM6+of0wKyQVu6pmsC1/9yCzKO8wjWpHOnWSbH394Uv+WBfCqz18dOqhxQK80d9cESwVYln12RYIhDfDfHPBPmdM6+qdx5jdTLtV6CLk4Ta6Eyq8Ms9Hi8RhAd42ITcZLMVjOFnUskiWyOfRLiwc0GCT8J9DCtSftrOnr7P6F/ythHiCsu/qPP6biN9YlWpmAoRE77NwnZNXhSQ+5XgmXi3wKy/81xy/VBa5dP2Ul2nMZFnWRHzfp8JyXhcJtZkvaO2xP9+omOh6G883FasUL68JR7LFMiceUit7kcbV9fnoXkUqZFS2M0zwFuafg/6QcC4BR2XQ2qdaOaCSpKaI9gK6SJfLRqIfWmDxvDPvooJOjxI+O2c38THnSVsrr+LafJOm1hwHfHgXtx9w20WgyePLu6hh0B3D6l0MNuWXe3OrP47xMqB1SPcCCPrJ4S508g+cv0rX06ONGUzKd4CRWztgHD9nBoQj37lK0f9rqY3VVBmo66UM2zIuhjnlkf3a8+2R+9FOVTas0bLMnuGaICqKjLi697lAhzrzV09MW2Co3lxLUrsUUkuwouRsHbgtg2M4p975hd1nIlwujOHdubSws/rK26GhABmmVO4LnYfk6Mq6JG3rDK/MGeaxrJ/6RxohxEMVl11Bgv421ogbCHMdMbSBQQXg8PdJc2yP1UuXg1KP/hD4htisK9yLhb1FfP45MaYvZKTc01fm3UEwltpczSSu8onDJ0K7RF4qjZqIpBdincEeBAUIUqT2nKfv1XcXPr9/Q/25r5MVXGGaovP3ZTXdLWUVU5lFmQIZ5PZb0Fu9bMzZ8NAzVe0nkrjZ3XXLyJLsA7Crhpg9BIj97kY1BMiXWswF68o/2ozRLt7NjAEIGOlGLJ/OzZEk8+wMzSU/EpgCFD66LH4YMU+vgloQd3I08UyaAAA36TXACHXEjktz+BXcavlpu1OvdUnZ1SjE0xAtjukiN1mVHL7o0fqi5dg/0fYlHxP9yetdjcm0XLsFtyZYFFMxJUOEUsarPHNdfxYOkPQ9Loqr03qxhnNTNXA1rj5ii7X9TIW42JrQNzKo7gn+PHT6qYa1DcBpqFXsMteXMNcTaerCFcZKiLI2J+G56mn9E6AVIuaaGk4gXKorAYq74CC3wYPQXV7NuADnHJ1Dop3dzqs0FXaZFZRP6HTFQI1dzeVvu96H4IH2P3tp1mr3i1hh5D3yvoP7yjo+5HccUKH32DkFVK6BgMrVkCWpR0+xgCsvGaKqcoQdRWoHWclTuBY72De/8uCDdyLrnSdNVT2AE9408FXVsLXaUWe+y54LaTWzV8bvG2FYYvPRFjCqRPBdHMB8epJ2TW3NovSggpgxGz45iLuUC9Ga2iSUI+t/yTyxDRcTyU5niOgyrLwVM5BnLtWJi7UCXrm27GIw0WFUlfEuJ6pUbvHSiU2a84nJBiFcqfyqG8oWN5zbfiJmMHCHXjwDRaDJ3mGxcZ110aTkQJJBdpWLHSPj47bGgUeOl46vaGlEYBEiDowWy/o8HqVk8uD00COVfEfYYSbFZV2bzwDpkGYehTba7+WESJn2eBYbAvrq+zTTxYbufMoU7XoN1f98iCWrJTErJJyEDLl/XV1Ej1Jm9Vm6bq3+UOZ1mQj+cUGIM9k7RTmWZZKp2BUpB4gUZzAgri9NtPF/WSoyW+NN6SqU21EUQ5OKYOsOcf50wYt+sXrYNTVTM9M2phn8nFKznZcy0/k1o4SbjF34lIRP3NrEikcO+CCbhs8GPh0L5hW7T3VVnCuMA3jTuJzYOGspkDYvFnwlkVinxSLWgdIzGYl3FWelb1YSEv2IUc2w0vXgJcVWigg4R+YLl34bCan0CJEH+lo6FEIRoTrXnLpi+NoJYMPdQdjmJLsUihAkQJODq42+UXSAqjS/cBPibjdZaOkj5yBXVTUxLTVfX7WuNMQQPObOzjY0AA0uJBNdpFRmzgaDmgrGeipI5CQt9ITq9WnVdi6PVCm3LPUJDYS/S1/5ZlZWkP12odgtYizGA2DDMB0myDS9snrgrecQ2F91R+SMzVNn0Y5Aej9KzTYp5t4FdxD62sqpxL6CZn+/77rFHPF5d8hHxAmQDD4kvikydr9tgSmFfNNbkYYim/mj03YbcbYIwRIpZmQrPadIaB8spDqnl1W13VoWXOWSDupwAvcTvlrbZ9Xsma4T7wReQ9wNAHDFlgm0zalhL+QAeu82qcd1mh0jKTzhJJ0NsqyUXqkY19W1wNPp4tz8y+zCi2GH6L6f7Z7Hq7zfOWChnyxS0W/dEgGHtuPXx9+ASpt/I0n5nhm7ZCZbQIlVIqjqkYa44qx8PBd61KWrlg1/SdUx34xoqn8Kae+LIyJzqGNIDfRStqvCSEg1dlcfOEyTNfXiUOMdsGGDGltLGmWQ/VieV9vV80wMDq7BYuBQSwcIRcTAiG0KAAAFGAAAUEsDBBQACQAIAHFoJ0k/aJigQQAAAEAAAAAtABwAYjQ3NDZiYjVlNjk3ZjIzYTU4NDJhYmNhZWQzNmM5MTQuZmlsZW5hbWUudHh0VVQJAAMlENBXJRDQV3V4CwABBCEAAAAEIQAAAHP6sUdvcltnIAL/SOCe74ai1BXkm6TPPdp6NaK6tg24xDhIlHvI1umvCvkvxt1dmlb7CGF7QLb/r089QWKpl1OaUEsHCD9omKBBAAAAQAAAAFBLAQIeAxQACQAIAHFoJ0lFxMCIbQoAAAUYAAAgABgAAAAAAAAAAACkgQAAAABiNDc0NmJiNWU2OTdmMjNhNTg0MmFiY2
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01026-1dec-48a2-a881-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:34.000Z",
"modified": "2016-09-07T13:03:34.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '409c90ecd56e9abcb9f290063ec7783ecbe125c321af3f8ba5dcbde6e15ac64a' AND file:hashes.SHA1 = '3762c537801c21f68f9eac858ecc8d436927c77a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01026-ff8c-4a13-991f-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:34.000Z",
"modified": "2016-09-07T13:03:34.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '409c90ecd56e9abcb9f290063ec7783ecbe125c321af3f8ba5dcbde6e15ac64a' AND file:hashes.SHA256 = '409c90ecd56e9abcb9f290063ec7783ecbe125c321af3f8ba5dcbde6e15ac64a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01027-dbc8-4582-ba37-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:35.000Z",
"modified": "2016-09-07T13:03:35.000Z",
"description": "expanded manually via VT",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHJoJ0nFsrn/PAoAAFgdAAAgABwAZjliYTI0MjllYWU1NDcxYWNkZTgyMDEwMmM1YjgxNTlVVAkAAycQ0FcnENBXdXgLAAEEIQAAAAQhAAAA73Zku21fSybTRT38OZmGFmrRlM9c2wI/NGAf0c29DoPezBBq/mobdEC1qhFackirD1ncVn8KV4QaKNMHg6lUZMYc89Nqbyr4x3MMt8lxDduFtr2KWuw+xO/2BrSnJAXN5fnOJJJ4rjSGTNiYA7s2Qobx4i6RpYey3Wor7eBagSozGw/xxZ+QKVxNMPAA71edWPsqhYKVN2t4iY67aKePB1ZtenS5xfJ17QgpYuF7U/stpGPzbNVtUCf3CG/8UYsYX/5QuHCBrWbfGFgKdCjgM7EzdP2BhmjqKQDTGiNCU3QuDdSyv/b8OcaivGLRvSqJ042yXMRQ62wNxRKN6detKluRY2hjWosbfHbIy9zpu4SFou9epEm2Uq1lUlL3CJJVad1DsfenM0+tQVAwWlSrQNTurdEwwj65ALL0u9yQPg4zLzCmMps2fPubCF755vhD++fD7fs5bz+T1cQpki9nWLN0XG42azDOO6saXeB9HO65PqaaWoxOS/+IJ7X4B0rz3aN1EJXNWl+dXv66OOQ0GzJ1vm3Dr/bRM5OeHcVNXFNkX6PHj9/H12ap3MJcG61rOdBPPHDHtpryWTdwFAOzH9xlQuFVYfNaWBuJfMN5E/RmIcrhg/b2Idi7MJ9kMeiG88JNmlcSt4ghCPp7cSgJbB/5ZYJlnAdIygPmkgr8DMOC3osdkQmLXqkhDEk0wT1TMebd5Z3F2n18wluggE+rR/6iLLHtJlBiJLe5ywTm8rkCvUGAT8whw3dKj89KreTRQRlGNwxoSaBGntt3tbTZCpNUDo5KDkGpJSq5nUx9c7WO+RBrPf19qvxC6YWeNfu4aJ2U83ga0M3puF7EnMu6BQSUM8HJ7ybuDltmDbbySUY+BslzhnkqAC3WOMXWd/Vojnv8vbBWSwLaUNQMHvfS3Nbh7V0j5+5Rwsn4rJO/LAlDirLut7F/4OjI+2j0GjSBCJ7xQd+I2lwYAoAW/Hks+ZgqyzOexGbbcNLHxDlWe5uhK27inh5Z35dEqYh6B9RwH0UPu865My51K1Da5CilOyPrM+MwkOUnAtLBHEBV5kDD1O7arP1mv0xCNQBdh9TZLssfMy9yAlTyAfZEyz550xSbfQLdsSmh+3L+7FUOV/AFgu18YIcqX6r61dWrI3/RfyTqCrtEfpNSeB69F4xn2hzqugPLgUaOoe5tAZiM2NNwrOUqffgvGoP3pgISs6pwRecUeDHOSmcnEpB1gsQV12JcM9pW/1ZfW259+q2El+UsauU6BAOb5ag4EuFRIdJQXY/xD882sk7WprN1AckbXdK8qGpHWLxomBRv70nRCCuZlf7RY5Idagy60i9IHPzrqxL+v5VQB0GjFp1V1/CqnVh13KxlwiAmzh88f0Ax7Bg/AxdMG8QMibauy2eTa+h5mGWAypl3lsXbz4LnAyiaiCzJaoGKRfkxAhB5YdhNfR4H/CNYEISHeFCEq6LeK+e0Vo4PS1tZWCNhMdFOdo0ToLH0w7jxjwuZnAGQG0gklJ9xH1+LuOxIqZj/Y44XJNQgwKsqhbzdxjN0JkidC6v7MHn9bNf1leDMSyu49Zj1BebCO80EabFS0RzXy8hkIKZrvwHEtSgEhlDFBKgnPU9hoFISndIfu8jWaWw911THIyEA5PYF2bSaVJrTQuvwZqufVvvkhtjROgvFsuQbGQf0gf/4HMwB10J93k/vbcoZX7aZbJDr+YeWOGClUX/ijQTUU9Mc4revN93nlD5HKgQHxqQVxy1xyiYQtb3JAbziC2DxFTIaT1oWdx+xlU0o3BEjZYyoDOKSOdDd7AJn1xPBWddzN/eWN9jj8HFgqCMqd+w2prHwntYFqpU/kIP78kk4fl7vgrScQn9RRVRpFuUO4SrAKYJ3WoVcTo+5ZruENQm1eW32BhnwJmipRvBDT3o419aM9yNtwDwZRTKixVhJJkAI1+n0sltV5gfoXpgku6kbHXc+yZdLv6K+KjcermHkV1QK46C49p1Hh2xIzmdcHVKBhxLJUGzjNyDHG4m0FLx/1GCCBXiYhIWDUToynLED2Q/DkgNlcDoa1KNg4xdMS2RrgK3HuWunbrtuGiukdKvGIpyvhReisKAQeUtWyxCMgew3ignOIP6e3Sk3+IaSSmsAx+C2mMK1VnDBzeEcrW4MtZM6ozY67sC6thLg/84lxxoXEpzzH7gIrESd7OJnfWXQ/IaIRJgZ2q2nvTBucvNQ7yfVnaTzdbG3FHcLP3OejtFoNsiyqJJZzES6svWkc0EUXsiEdF08QfHdeF+dvc28WM3AYe9/YB9eCjvcw4XE6p/9fY5+FHKcIOQ7A/n+v885TJhj02zKlYbZ2XnLsy2tTIC9wPRewgFcUT2+9rqxp+oTn6crAIVvFqp55M782kebuiyDzKAkVSWgsq1vNX7OF19XnVqJV3K/2mC0+CWfkbONis15o/Ny2es6bZcf2WuSEO8UG+knNBEgTE3WdgUsA0jw50xUtTrJQyqw/wAMIz8gXFbpnhKLfpvAi87SLqN2LQAd4jVSLeANJjX4Dds9yIUd4VFFeYXSqWmQfu2g3xtzlE8kg0c2nAekk1cuQVvs7vPdOwgiqv3Z2dlkemTGHSEgb6vdgp3gcufWatTF0bJFLA57YxJAluPpb+lS/9UUTK4CgahWuW/igMwgDPBHSFEUMAZfMg3P8tDg0D33fftIDMsELLdCe60RabViI8eMQ3UgndIPuYnCcsnO5/MGtHsGMNBmgqt9hF+K78fcWA/FZIabeat3FTDWP0WhWQeLPokaoX7ZppH/pbz9euTP37Fpn7zxUJFUrioVYt08E3/u+x77ESA9pBhUOuo1TyNsjt6jRy9M1sUD5Y74gKi+ae9SSKV5kCQ6iRtO7HS+sKNYYCrBDSWMxFdn/K1ICJezCSD93rnHEq0pVBF65xoJtzK9f8Nwchyh4L20JfkKOBg3p/jbrO/bZNW84uw5oPUUPh7Bn0/bp+vlTYZz0poCLURm1rSH1zrsQVvo7k0bOlKT2qTKSzc6Cs8UcogUZdn4sVZWmWdpHRXM36CbkDf0Oh9GKgwIPErKGqqMkW6o96gdBi6PpARs5rY4AQtd99+RXZTy8JW+EloEAu0sYopPI/+Ydh2tbxFZMsdr7h/zW7HW7QcTJzjiZF/eU8w0nzGzfBfII3UCwR2fenpbNdKan2fSlnYTksvzaL1ZV8c+0/IuB/e9RUvnwTHRAzXtymIHCNa77qPtDDEKLCNObcT3fK8KIoZGeTHo+A4MwVx3NbG61RGI5t0teoUa7CF9ZukykYn9RjD2iv6Xbv7/6IFGG295DLi+0hFk09Vfa1FO0OPrfUouXcsJ6M/rMJwsStghSLtTBVEqcoyXB+SeCDlXYpoxhmfpn8iN4CJ8OrM/R4HBRr3QgoZO5RWcc1NGb/VJbANiNop2a8WeeA3BvP1U3K42PSQUBYien8jwF2h9mEzroibmi8yyIrY4k//JRorXnhhx09zERTgpd1BLBwjFsrn/PAoAAFgdAABQSwMEFAAJAAgAcmgnSTiXaYM/AAAAQAAAAC0AHABmOWJhMjQyOWVhZTU0NzFhY2RlODIwMTAyYzViODE1OS5maWxlbmFtZS50eHRVVAkAAycQ0FcnENBXdXgLAAEEIQAAAAQhAAAAc/qxR29yW2cgAvwN4jo1ZGzqEfrtFP5Zo40KQETvFGGUj30glXHPQMMUhGBY/Xm6xP4JHpRPBwhAB9pnQM/FUEsHCDiXaYM/AAAAQAAAAFBLAQIeAxQACQAIAHJoJ0nFsrn/PAoAAFgdAAAgABgAAAAAAAAAAACkgQAAAABmOWJhMjQyOWVhZTU0NzFhY2RlODIwMTAyYzViODE1OVVUBQADJxDQV3V4CwABBCEAAAAEIQAAAFBLAQIeAxQACQAIAHJoJ0k4l2
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01028-d170-4e4e-8311-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:36.000Z",
"modified": "2016-09-07T13:03:36.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '0751cf716ea9bc18e78eb2a82cc9ea0cac73d70a7a74c91740c95312c8a9d53a' AND file:hashes.SHA1 = '73ddcd21bf05a9edc7c85d1efd5304eea039d3cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01028-e5c4-4f71-bf58-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:36.000Z",
"modified": "2016-09-07T13:03:36.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '0751cf716ea9bc18e78eb2a82cc9ea0cac73d70a7a74c91740c95312c8a9d53a' AND file:hashes.SHA256 = '0751cf716ea9bc18e78eb2a82cc9ea0cac73d70a7a74c91740c95312c8a9d53a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01029-cb54-43b4-af13-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:37.000Z",
"modified": "2016-09-07T13:03:37.000Z",
"description": "expanded manually via VT",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHNoJ0m0DcMVh08AAAzZAAAgABwAZTdlODJkMjlkZmIxZmM0ODRlZDI3N2M3MDIxODc4MThVVAkAAykQ0FcpENBXdXgLAAEEIQAAAAQhAAAATCWqoOfwg7376lJ9362S8ykQpxOTmerw+LAdlk5fAMm3p71Odl6wpIjXeZaokqjbDxvIV0kq540RPRi4oko2ASDOwI/LEsD3GQt70du7RozWkXzf66L1z2V8C0RCF7qkPWTIvO2exYmtPuxEiXGJrb3IZ/PEi2SgWHJuba0gbNEUAtHAVGMqz+iYVPia9R9jBrsu0fo+22Dgp9R/eQYFPe9onD/z3Z9AGBSeFlVsTJ7AEygw4vm/E5US3uIEuD3g89rPNmifZQhb2DziZOJnzWpYs7r3mVMEYoKDiOmgqoU0XmQSXMbIlC/m+IJ5Q5pSrL24tGwwNQ9oyqP/JU0i3rlhG7LfsSoyjL0khEqH/A0g07CK9X64Yo52htMN8f1rknZRGUr1u1TvSyMvui0fGdmk8xdZwT2PxE0fyZrVMarseoALwQS6CcLElAbL/VgElQx1AvWyBJNVYtgcfcBgJnl8FFfuZNePJe4Y/AWl7MzatOR4yhQAeEYLsbVkD6k/yoJjAciBtR8g/tlPUq3GvUKRI0QS3gwozFLTOAVMFJdphiwdXThwQRDHX7N3vyKAkhiuOl/vTRM8S3K0OIzY08HgE1zf9SQBIwu6E+43w+bWhjyp3lDRoOF89l59wf1ul/kR+FDroAQB9LI4zwLz2shqlqP30uTV0bSRKOxOUuqYcygJaIHaMCTTHoiu/0ovpK4lFtyZW8J3kDX85UUHQBJ7juoKggXZ3DtJ8SZ+hsU9jn4lJ2Npy2QjFnjBMfbTIWMKmOBQc8FwCIwCylg27kTx2hoLjjN5R4dxWe61A1ckCETSHBwhdHzadyIIZXmDe0B9B66v5PKq9WsdXScsbzDfOyVVBC3h5uhES0ReODkFr5SBIuL34QpuYnV8l2I/Ijieh7Eo1FI9RSEG/JIMeF3RolYtyWCxuT7np3iggIhksSCDfL/I7ZCy7uLIs2zuh2m0a9U0osdhOPqPgQ9f2PWuU2ZVI6pS2m9pXNg0a+e4yH5dVqXSngHKsLDif5/XkhpUGEw9g8VBqMpz8z6kX0C9o8X2EmsggikgbGW6+Ep9wurUgysj+TI3zwGZPGda5tKco4MNlu+ECdo4/h2HF5c+vhT6I0w1zWJmS/UJQ/0nO1M0e0+ZZ+xarWb7BO5HJzFZuYRxsNvTcrZhUqsAWFctJvH5OFeUATXzugiOwBYJuSsmr5Cdmj79PmrdjCG6oHbfdKK95a37s/IBV76h+toNJEMxCb5CSb9Tgv2xPv+U0LaBD/DK4NhZZ8TFZ5oSAPExa1LLnYyVghw8/i6r9h4FEz0QjZzvV93c0YMDBF26L94TZW2M5iccs89eeoKAMQik8HtEyb074na7RRz99D6HONSrxB2ihHrjSGs6d5S8py1XlBDoO3dz+OHjiqx1koGmDYlJs/qtSkodcC9ccOA98YYw0E3fM1gNVgWyJ3eOeEBY5LslwW8dSgc+FNjUfhyKS1DcjDy9udQzinwgU5jTFdWawc1SUwST+wRvz4vOozE1+F6iSR5iSpyiGrE4xreDIgUo+TWPHqlz+34EVExiBUXCHRjgmbWhqwhO1Iye60ravFwiXE7UuCmRv/8evlZyUPrEfDBOTdaUXEjyDEHf9BZ4WpFotJnnrKnGcao5JO8DPxKR+umWz2OiZ1EyJMAyHObwMFYxakMtPMA9KKquxhKNV8QqZ8eBuT/Qfu28GalhZpTzfuzuYlFKrkwu7TwLX5vpS2eMKnqu3Hu7pJArfMedprs/ahTktxtubuAnps3VslzpQgxyunwq6o20Srw5vZWM/6TAVuixthJRvcfXq+u5vXn817vaCjBwUCS7LeDMhrDgBfiz4/XuJ9MaKKioRS7joX8PPBoyctVE8klCPVtyCLYSkclxaDlV6xnKSx5HY2sheqT8t9dpnq6APnlrOZ9AmtASjPHTvg5PUmZa469qlUpGJlzQxL9gUsLHVdZk8EbB9ELHO927rXh7C4Gwp02VACWWw3n0t+8PJehll6fuS1tMVjCKmgFh5QZOYdQtZHx8QSlqyDcdsDkp5RhP1JMo1R9fkPyXbgiz/L3KEX8uVKqNe0YV7wQxApuUTeIb0DtKxENn4yEH3f9i7Nn+ttnv58YPM9pl5zvDmSeTmyfPqjR3jVtVeAlyib9Tp5fypgK12Al+M1C1eoaKrWKbRoDNwkG/IYwJu7xwc6wlYv9Flq0+01e468FwgsKhhDoIe42UaSOGUR3avnNO+pWUHsn81cnGA+HmoSYzOrJelk70WfB0Ffuxb9PnKEt+SeLjW/pKkjLkKKJWo9oQVQJ1dDeaXsDX++ZzBplZTgGrzPz/QLwlKtNvfdz3DXA8b7IHzM9UFWyICB7tOaGJYP4jNXqTKYfvdH5zq5+Ol2INFMJbQUXaMMZ5naV2IGrBNiGOLQ7aI0KcT7kJ1Qemm9U6P3qr7hFxHYPv6ouSmZ0vLN8g7jkECgITXKLXUmpT8W/KaMaiotu74OdY6Y/p8fyB7SwpsL6OpI3mK7Nglu5aFTQ0FSOLJB7Ufh3nLRT4CcbEe45XfNA01p79CIoMR6npPJ79x8+RXXV4W/1tYe3E1fb+rKkobxJQN4G79dL18si+ollL4EEbMFfdX489md7bYt73gixTiEbgjKl/DNRHD+HlMmFtSNz/7qF+S9e0vOrm7OBMg60iORnTL6brw/AlgEmnGbBK1Sas1N022Ucqv66TVA39aBANnVDwIDQkEz8/u2is2+fPKj3fz03yk4Z6mYPjV3A/+wSDBEsmH36KQ5frfk/LGVFktz+nz6rVxy2Q1iWpEYB4I6umdpqCM7MiwbAnckNBoAd4aaVLaHjr2qFsK/edCDU9lkNIHAuG9EKKVynGopC1w61vmwuJl/79iOp0ImUCDhk+ZNFDYYmSqFHQhQM/xfl67FYSAj5nv3C5XDjxCsYahuZthA0X4136ffernRn6Ep4hsXoVJFZey5+KNcA/4uUP8PcRyxVBb5mn2/HuwLNiDJ32fNjtOxwjwLKvDqAlVieU5qNCUj7ZMQHJgsVI4BcmMyQJNP++K0fWma/cHFTF9rCDTcu8QPWoXn/Sxtyftbu3HCcnLrCEYJOStUXqzH/q9/vmnxdBeQgYy1D08eF9w+dhrtkpDdQa9E5B7o4c6WlEmEG99tCbA4YBWBQkfg00a4VJ767FHL7cPIgiFmoWnNpkuabY9147PlWZIXHeLm3L5+gyTm/6KVq59HCQBd/7tgZog9Pf8nhBEmnrYc8yOXuztK7tuVKJ3NF0I2uYzu6Au0vE84b1zfd8VDu9K65z3KTFH0YM6lKnbrGceS5odOvMu23M+5wgXSTvtmjhsgeSPFf5jUbtmwCAwFT3hJeUE0715vJN1l2Rf/YRMm/kVeIA6SRSyDJLAzmPhtpd0rewe0LeI99dHf8bol+742tW3L1ld+LlQoqwT31/iOS6oD8Tk9kIY8xLPnqaXzxNaBIl7sdj/ixFRaGI7Uvdt1yTHrVJLmZwYIGSRwg24mMi7U/5IRpyeVTFJODbetUjclrRZYXmzssKXeNJh988hOxVmOgLoV39vVpV/QUw5Yt5ZUdLE9CJHBwFUX+9rhKISFENe43G9G5Sx6ypWigEQv3rzjq76rHtnxdfbIg63GnhC3LTfKz7+3v0SFwy30laf/xlxSc/mOAz2TQGZgP2zFcXwJ4C5tie3s3UD3BH5Coapglv8Oxjh5yyv4YDEABdlvUyZhFZJPuqPVbendxy5i9by60dRHcmHKCpxLSbh/2r4O93gB4jOHVveQ1+V7F4zBvP8WvldGtSLWra+6JUEImJpKdZ0qXaHtKvK5Av+yzHhtTxITP55uuDwDJf97HrC5emLsB3WZ1qVhSK4ybjh0cheCaUDgtpJxf5TrwOdQP63aPcvs1abqiC8C+ZujaIUT
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d0102a-7b48-4003-9af9-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:38.000Z",
"modified": "2016-09-07T13:03:38.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '8752d16e32a611763eee97da6528734751153ac1699c4693c84b6e9e4fb08784' AND file:hashes.SHA1 = '851b7f07736be6789cbcc617efd6dcb682e0ce54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d0102a-8f68-4c84-bfd8-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:38.000Z",
"modified": "2016-09-07T13:03:38.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '8752d16e32a611763eee97da6528734751153ac1699c4693c84b6e9e4fb08784' AND file:hashes.SHA256 = '8752d16e32a611763eee97da6528734751153ac1699c4693c84b6e9e4fb08784']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d0102b-1964-4f34-9e65-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:39.000Z",
"modified": "2016-09-07T13:03:39.000Z",
"description": "expanded manually via VT",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHRoJ0nfx4huCgoAAPAdAAAgABwAMmIxODYzYWNkYzAwNjhlZDVkNTA1OTBjZjc5MmRmMDVVVAkAAysQ0FcrENBXdXgLAAEEIQAAAAQhAAAATCWqoOfwg7376lU88QGigoTYXLmzmxN3NjKkQa/HbbFloh16dAohqGh7YvcNIszcxRgWL1xrRh27r7+9okxnnBwZkW9K7KUUx21T7+4ejVaCbzihU21iwa32HqeEN9+WC1pukGJwkNSkXZ6bQXIAB3Y29jgtpxpxfjuEe1WioivfIVBYQSOU6RmEN+NcW45HLd+il1FWZfZP3/iMX/hN3H/GtREGVMv07vTh+2Qp7/Tqj3tnvqqbbuUe+XLUgb8pklPmkCdt083qrzOiU8YP4jMpXu86EQIH+f3iDOyxj+7mprmFyHDpDUE7D1pwDklyQiO8/ZpJkjH89lUfgs4TVtjDC9bmP/3dCRTTeh8zG06BbjFXu5GLBFlbIhcDo7Pr7jhz/SA9yoSohDnNwX4jzn9/z5xBKTJSDCpBMmriWgz6YOfMWSevKF4HugeLqkiwGX3Qa0OoHDb9cReV04S/cWN2cQpfzT5dv9s/A1JKinfG9VFkCwk9WTTRGNMtP2zG/hx+4ppxwbR3bgvzP8pJWTKGff/utZLeLhIExFQbbpoidSB6f+moRyO+ooQuv49SA56ZfqL0qf+iinSQ1CXnY2Y9Un5L79luSp9Kx1apZ8fgSreTxKCK2+O5cvwZvKPlYQINQoXUl31hWc7klwMVuDz9/+MLwJ3geHlC21nFsTpLE1usbkdnfFAYdteYDpLzYFBT2nt5F3eLdt5sR1GG88Ag/Ujrw1ZMnjLFJiWG67WG7w2GhtOUXhjOXsCmVty1QyMitXjwBhRmUTgrWAQK1Wnx3glrYiboIh9weqEiL1mtV5CaotyqGW9PvEHkWXmVrd5EGBsGOteOCH/ZvHUS1Un/httT4Z9aoHfSn1xbY+SDmJUH6aGgJKcUjUeJKyQ9LpXL9I98eN4voEdKOhUWVlKZ3OnjBCQN9UcFwkEbtGKshbzMbaMxW7/hV+eW1pJaltyt10+r1y+sVWlQ4jVdFsswis5S6SVr3dC4xpeqO2riQyuCFV44e7cV3Zp8l0UrahD+8SDR7s9WCBvcUrajv09vSOgCe3j9rrRPGI8n+VB6Lb4xWcA9DPNk9LpeDdSbKV9WhkCQknLg4kzseD8Zh1SalUB6BUn/OiBkpPyyN0xOimoDPMc8tdZh8XU9OmEz8sEe6TqcdV1b5JrPES4PMnyxs1d1TH15jfe6p+vjqsKGjcqqYLur7lm+L1pwgIEeJ+nQqCWZDJnI1LM2xNpduA6CPyeh9cpKavqvkMjfUS2q9P4NNtjUGTM1Vao0F5Hcx47YcQ08lg+4mL74Qup3JWcURc66ftWYh2xQfbfpn5rahztDo8HPgRu0XeUQif++18Gw350yYM/heYSJEmIPv9D5iPv/7e9WFPIPfqnCiw3lyPgFtyvjgNJrpDhtaexJvknq9IwNKytLfxVRJV5Smsf8omr2ymImIA/Ip1DER98xyy6PVZUTBA3gXsEkF1c1l+5Otdg5+KULp6ELGISs97CooTSj7vreKK9ILyEdGnMY+B9iVNUqqm8nhj6EinIePYkrsSnystd6RQZk28u9+nn8XQ92aJEaPT77M98I++mDccnNHF/QgO7ao5IvFc+vTZPLJUab9XYnaAbkR6VwJ6HFJ87ARWcVbya009TawakRJV0npZon0SbcLDtjWtEWfDeZiFud1h7KwQX8d2lubM/zEhV/5lc8vfK8dQoh3woG8RKRl8KzZ4NNuPOB1rLPjTMS2NWiipsBt+0qHdvQum2WesbK3XUeXrc8l+8gzJaGNcNwUDqFacv6iORKiIGj+yjQBlB9Pp1DBUSpnFgrOz4D1p9xWpUFGd/hvAdi3cignlZ0ScN5m9c2QmqtzpgDBL9eOa7JgucgvjxO3RGJ+4YN6LgHiycPKjxDt6PNER+xODfzj8QeOwQZAjWtYZFyqJr9D2RhHC+ebZDfzz2sZsmKNRKF7I/u2OibcUqnse1vD+5li71VBtpMe8S/7iVT3MQm6i5eXgDxzoN22Z6VLYAEpjghkwGxaYaqa/v7He86FwsD/YyiLhuNv7HIlUVxAhF2eAafe4iUzKHtsYjqdEBO5Ps0FGq0YI+oUqup8rnzwOax6P9rwo2I/QYjftf+U/HTQ59+yYjvQsSjkpCsOHuRt427jqLmk1ZSgwq0eL//+XXRO3gHtTVL18rFbY7y33uDpMoXnBjjLVyI2SvD9MYSe6k7O2dh+LNITvdaIZ+MBH/w7iTov2rSKNa9Igcd3C/OjyNi7UjLWwQeW57Tl3tyWm8W7jXVxIgOQ7wFXfLtW2B13jn3DUc3xka/YeDNQwOmOwu0Z+6dbQ6OdJvQltyPjcCzHzugEgwIa8HnzhhMOGNsdiXtQByBr6M6VA+j+S6ACbrdtd/Qx7qMtCVM7SPvld6ozFkTzIWxiyEkIRgtKi+oAFkaZod4zpDDXu1/4bvmmlXhqVrZZlU8rq7VIV50PwPkGh45ZlV/6EcxcRjeHwMZAEehcsYpTczxHA4p6jF958RdawlQASpKU7dVLOjExkqHQ5A+GmAK4raPaP2TUUx25ogBWfCKMxqJmeY0f5IqX1dVqu2NU+hMKnkcZ4+KUUlfNJkDwhTQokWBkRkdvonLk/4YaJnNRxl+73KbCeVfQlRomx396H5zSVqDUKW4jJIFFt4cBo5zBZb1k8NxloEoAvJWj1veXI8762Ri320ES7ii428gDwFbviFs9dYZop7RYxXUnqtbL7I08YgXwP6o5On7p0drqj1X9FnMr+LBucSzi9gVOcj7sM6NWQYL0Qvpj/sMvylZx7kKNg1wQ9DAZsdhrnUO+Tix3WEtJWs/c5Wk3TWzc6kzAtbJztkC+bAjzGGSM7wM9ZrNXAU2zI+yYMuzR60TlHICPdTv+p45u1OO2V/+1fRhIUxWkfz0FloXwWJSawjXaWzUThJDrgConJQ4IbEDtwC9XGENcmyKYwVkwOuOpTVnAatyG7t11SqVm30M3WWdmLwCFd4ytY62D5/zT9u1ujQYs16649ASgmqwYpy8tT7JXoc6O09GPMTb3+3aL4z10CW+53VSSn5Ezv1uX0Uw0YMCFrN+gg/CLTyS7N9Y3sPleJMUOSNwA6oKw/+457FvcN368Mrrd+BTSPP6Hc3YTQLdmZ5BtZ8k/AWn5pWAP3ToF1kDRU/sMecCJZM2NZeMQOO/BMb+qEYHRux1bkyAnwVeWtEKtSdE2afhl2UNb+rQzsxaLa9+fsgibXOpZFhkfZOZYEGukR/TLfPwH1g2CREauQqBsD3QrkU5X4WsEw82bzlau0jsBs5ON1PQDzxyMcAcJ9sukGyh1xFpEt8v67PlKg//kyM+TeX+AIGN1EIYS3YROgRpJjXa60+U4I40q9g3IUSa6xBPj0llzDagSMlwqeEOMdAYJdOBllLMOacEYbVw6X2OUms2rVzpTe9QSwcI38eIbgoKAADwHQAAUEsDBBQACQAIAHRoJ0n+DfU2QQAAAEAAAAAtABwAMmIxODYzYWNkYzAwNjhlZDVkNTA1OTBjZjc5MmRmMDUuZmlsZW5hbWUudHh0VVQJAAMrENBXKxDQV3V4CwABBCEAAAAEIQAAAN/aSou0UrBElBTqAyTmQulmJw7q1qTJvqZpcUHGw6VMMcf0t0nPB8EP7RoyyuUfeMTOFN+hj9/aaMO/MWcu9LgqUEsHCP4N9TZBAAAAQAAAAFBLAQIeAxQACQAIAHRoJ0nfx4huCgoAAPAdAAAgABgAAAAAAAAAAACkgQAAAAAyYjE4NjNhY2RjMDA2OGVkNWQ1MDU5MGNmNzkyZGYwNVVUBQADKxDQV3V4CwABBCEAAAAEIQAAAFBLAQIeAxQACQAIAHRoJ0n+DfU2QQAAAEAAAAAtABgAAAAAAAEAAACkgXQKAAAyYjE4NjNhY2RjMDA2OGVkNWQ1MD
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d0102b-6334-4498-9083-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:39.000Z",
"modified": "2016-09-07T13:03:39.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b73088522' AND file:hashes.SHA1 = '17b42374795295f776536b86aa571a721b041c38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d0102d-0f98-472b-a469-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:41.000Z",
"modified": "2016-09-07T13:03:41.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b73088522' AND file:hashes.SHA256 = '991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b73088522']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d0102d-6070-4ca8-aefb-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:41.000Z",
"modified": "2016-09-07T13:03:41.000Z",
"description": "expanded manually via VT",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHVoJ0loVCWunAMAAHcIAAAgABwAOWVlZjdlN2UzYzFiZWUyZjg1OTFhMDg4MjQ0YmUwY2JVVAkAAy0Q0FctENBXdXgLAAEEIQAAAAQhAAAA73Zku21fSybTRTqOaT9FTFJP/hT4PeXF/9v4TdEv16wdR12S6p3f01Xl3R6rHNv2nJNOBKLNffj6EN3TEvCr0g22LmkuBjbYlms4QQiV+UZ6uxxL/5osLa2Lh7c0Q5h4nXl7DlaQGL5HgfQ50kzHGxgQV/S8Uf+yIeiqDCwgqfd1jZerfn5aHm7hEBfmvlGFNTqhwa+y5QfnSuiTyTgi8PZ6ia/llVUnzcjHgBUEHC1IuLzjAlZ54NKWtpiQXcOAT4rf2wZvY+BqqKY0GpsizfoDr2ed+8g0BCYjvPESiBc04QDP2OKTms6ChZLHmbOy5eMc3y6HMQRG0P4QrX8O2539jK65jcIrxbTOr1+9nN3XXWAumAOmKYRdIgZEAEz9qcQufbla+pMy0hPohJOBrQdfskIYNXmUfynS5bGj68maNFpOMqSLsa2p5eswq8RBdLVtYOcFrUjiekPRc5PyJ+8eitLHckfQPlYc3OmLoZcCEpKkFND71KsfUrfx+mj1nbLTsse12yfyeRx2T0caksOxRcAc4f5QSs7bOoNGFE2TMY1JFeKKpcHn+LieFuwmUFRFC7tFbncJ0SRbgWtC2sXtXF1iqLod832O/1tbsXVp3NyECZDjbN5Iza5ht1OOzwmk+7oN4xe+Y7NuqXXYnM0eNDaF/jg4Yj1tAQPXLkVwWkd0QYfPeHBMsTOkn/qyo9MBuOVHvUBRoYtMx2L26u7E3WN6LYZxc20tYpMHNJCoKV8x3uIthHjOSfz9VBsJHhIk9Yc0Nz/SSydyrDmFqHd4dLqjrKswk+GO1gT8DtLhVYkJ04ya5XnRi5wZfGZuhh+85M55+KI2UgmuKLvD+KO/qM8s+S3h2yC54M6sgHLhvuI21cor+Spbb2FR9fJsf6Y1PMjuFDHYvtmuj2Bj3LStbA9U5YgxGzg1cil2PWtyUaG2QwI5VoKtQQ9SJ21Yv0xvrvaIbg5KeYK3OUKWG3iyihvNEXmUWnBlJeILZqmN3uAsIJedCsorRPjFRgc4bkeJMfvqdrc0ZplBnPAx92USM7A5V4qbV/9hAa5TEzO3KEIhWtRvjSMo0CikPhUCedIA+oiqsIn3KV0KoJqTS9+jhThMrT4A4zoFs143xVidj1UsAGVZJbu42B7zDGx0oCQJiAEp0HYE0xGREOQiupYZSddVhH9f+PJ+b3N1Ij5Hj2NbcZ04q2VC/5FYyXApzIXWCzsT4Td5eukNUEsHCGhUJa6cAwAAdwgAAFBLAwQUAAkACAB1aCdJaEx/LEAAAABAAAAALQAcADllZWY3ZTdlM2MxYmVlMmY4NTkxYTA4ODI0NGJlMGNiLmZpbGVuYW1lLnR4dFVUCQADLRDQVy0Q0Fd1eAsAAQQhAAAABCEAAABz+rFHb3JbZyAC+59PfRTlK/78yhhInOcKwDFGPcV3+PL6zmjekpf/yGAfcgeVhjQFfEeU+n3Npo2qdpDHvwtQUEsHCGhMfyxAAAAAQAAAAFBLAQIeAxQACQAIAHVoJ0loVCWunAMAAHcIAAAgABgAAAAAAAEAAACkgQAAAAA5ZWVmN2U3ZTNjMWJlZTJmODU5MWEwODgyNDRiZTBjYlVUBQADLRDQV3V4CwABBCEAAAAEIQAAAFBLAQIeAxQACQAIAHVoJ0loTH8sQAAAAEAAAAAtABgAAAAAAAEAAACkgQYEAAA5ZWVmN2U3ZTNjMWJlZTJmODU5MWEwODgyNDRiZTBjYi5maWxlbmFtZS50eHRVVAUAAy0Q0Fd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAvQQAAAAA' AND file:name = '122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670' AND file:hashes.MD5 = '9eef7e7e3c1bee2f8591a088244be0cb' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d0102e-2a2c-447a-8d95-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:42.000Z",
"modified": "2016-09-07T13:03:42.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670' AND file:hashes.SHA1 = '48a6e43af0cb40d4f92b38062012117081b6774e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d0102e-af60-452e-a779-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:42.000Z",
"modified": "2016-09-07T13:03:42.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = '122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670' AND file:hashes.SHA256 = '122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d0102f-673c-4059-aa77-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:43.000Z",
"modified": "2016-09-07T13:03:43.000Z",
"description": "expanded manually via VT",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHZoJ0k7TbTMJAAAABoAAAAgABwAZGYzMjBlZDdlZTZjY2Y5Zjk3OWFlZmU0NTE4NzdmZmNVVAkAAy8Q0FcvENBXdXgLAAEEIQAAAAQhAAAA73Zku21fSybTRTlOxqFc/OCy8orNzHFJdFpG/KQ6Zt+3/vE+UEsHCDtNtMwkAAAAGgAAAFBLAwQUAAkACAB2aCdJGf/iAEEAAABAAAAALQAcAGRmMzIwZWQ3ZWU2Y2NmOWY5NzlhZWZlNDUxODc3ZmZjLmZpbGVuYW1lLnR4dFVUCQADLxDQVy8Q0Fd1eAsAAQQhAAAABCEAAABz+rFHb3JbZyAC+G2F/YuJTa7QaXAPI8Z1jSVB27CaZqNdrmI2c0yew6BRseHggRGK39aJ0cdQryIEYGrnVqxeqVBLBwgZ/+IAQQAAAEAAAABQSwECHgMUAAkACAB2aCdJO020zCQAAAAaAAAAIAAYAAAAAAABAAAApIEAAAAAZGYzMjBlZDdlZTZjY2Y5Zjk3OWFlZmU0NTE4NzdmZmNVVAUAAy8Q0Fd1eAsAAQQhAAAABCEAAABQSwECHgMUAAkACAB2aCdJGf/iAEEAAABAAAAALQAYAAAAAAABAAAApIGOAAAAZGYzMjBlZDdlZTZjY2Y5Zjk3OWFlZmU0NTE4NzdmZmMuZmlsZW5hbWUudHh0VVQFAAMvENBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAEYBAAAAAA==' AND file:name = 'aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b' AND file:hashes.MD5 = 'df320ed7ee6ccf9f979aefe451877ffc' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01030-6e28-4356-810c-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:44.000Z",
"modified": "2016-09-07T13:03:44.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = 'aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b' AND file:hashes.SHA1 = '88aea4bb5e68c1afe1fb11d55a190dddb8b1586f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01031-af44-4609-9582-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:45.000Z",
"modified": "2016-09-07T13:03:45.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = 'aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b' AND file:hashes.SHA256 = 'aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01031-170c-4393-81bf-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:45.000Z",
"modified": "2016-09-07T13:03:45.000Z",
"description": "expanded manually via VT",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHdoJ0mLF8fJBQsAAMQaAAAgABwAODRkNTUyYjVkMjJlNDBiZGEyM2U2NTg3YjFiYzUzMmRVVAkAAzEQ0FcxENBXdXgLAAEEIQAAAAQhAAAAHGiz2Nil25Gx/zoQBCOzUE8GdNjhaUZ3BX6F81WByiLYzttc8kHfp6DIa1cIoizQAds+Md3T6aqOXk7XoZOKiJx6Uw6oBVZjEI0VeAOeRNz35rXx9De8seYAlZy48R+tovI+xGXdabP4bMShGZKSqtGbERJ2wuikBJyJPsjrBOKLlScakf9Pkovnm3Yg7UN2Oy7hcRLcMy/lTKgRvzNzikB+TUigRznL6JlpSqZHdWDfLqeEvNVuF7qqvok+ypZi5Pz2RMcMPXY6pT22ISW4Wqoj1vU4XM1aK6bPmeRa2/txIa/yJpK4dUxpBxSoHNBhozIKPAvByFkgvDSlwvjR+tSArsYpbFT1czdwgPmq17V9XaaHtlv5G6cRSOo2oS88f6d2+7ErOKcznYLyvShBOJYI2d6EsYY810vB6znJM/AGEhp8c5wmPET5lBfPQU/Pf99URZS9YqObDZg3hSbLoAB6XstObPKeSsF++oYY5WWuWy1Mrwp78IjB3M9VlcQ1Uuqah3FWdF8g2IYXB+YZvsz35cMJxEMdSlOnNli0DUFer77+kWqRyutQAOTpL1FehZCP4z1YYdlcfFAGKjzCZtxtUXHezpIF91L9LMSzs3CHL682imi7+ETxIwj9rTTW/9eK6c0YW5I9pndKgQpEwK/ZKL5GH2lwwyrzgfaDLR3a/ZTi+/mn16Iu+ffyCCkqKFoadQfm3Tqdq0GCvOj0SLq7AcZMHvdvi6gxWm3YNi/vbaWz1uANIUGjVoVvXbBa/B40CQFfbj/rBQu+9QGh8z+RnsEBGKZqcR/H5CYI7GocGeooWI+smea39c+vc/yX/baW9OR7QS9EUn9Mcfz76/+rW1NUEvkeUjnyLLcLAQquNY3tqxpLEsZ7AC7AynuOYuqcADOmvTydhfigeUnUK5R2tW6djpEgIIIOc34nPivrpJMh+ynuILrxabJzbw22HRAvC+mUOtOyrcXFNltCj7kgduWtwSorm8kAJfwOAE6ApcMOLvqwoW1eKjtkrdSwCyac82tgpS7Ezx4rylZuWjo7kh8WERHL9HSSVa63Y3Xa97JJqbD6rxHEdVAHYUJlICvOMtbRT9M4kQRBpIK9UiFlBuYJhov9EtbbcIfJAAscFaGy+bncOMQpOnbUlmkH6pihuBu/06QwIdYJHoPhMik5GzjssTReC3KHRpVqSIwe2kyjmMrzyncoXQaVYpiR569lPRsGgjruPdKIUaOcta7u0qk9oIWT9Bh+UivgdzNz1KJolsfOK2jxEd/0OTRC3HVak62tCsP5mRmrvd0GSUropS0BkyEVFayWkcrAnpsEGI7Aoonwz5xAoQi0A6LQ7k38BT1njrW0Qa4RbwnV5pi6kk31feXm52NOuy0jQ7GQbU0ydBYOqX4RcGdjbUszjtm3/hx0KiXliliSFF+BeocFa4pwON0gYTo39bIkk+ObbO1kgGA+3Vyvd5TsPAvrkCYuK/wdm3J5oxihWJzxXeps6XIhc9YTv2OMnoJ68+x/TEf7AbBECti2h0R7WGBuNDxEkrEq25IXopW7TWfYpoCuvE4Hu9u77YgC0CClejpq9NlXHZ9YQA9AkNbKpkQxCAG3Rh4dqIchAzYKxLElcbZKcDpMWqCqviSWiiUTv+Gk/OZt1UVfrLRWDdGBouE3eAuJ8309pOvJxbel5ktdAqENrMNZy/jwNeiUG8scdyv8XCDykV+m1BI3xdz5G2TX813Bhvudqab6yh4ClVULAGOCY3JFp1ZrPbySohXV/R24ELMRlvI7F7I0cOHW3kbpem6/WU0tQndkhYUbPD/eNh2QipLfg+vrpvL7PapPyPsLYPV7XNc+r6tk4jcpcJpmIFoEXBjQPAImUru6c3l/PpBwHRO+jr/Q1+6RxcLxsymya69YWdfcE2e3NHXe5QEzyXvzmulUEopth/5cq2ghZEJctSeFwExWfU4kNjnY1oFRe//8o8eIL5jHFojyZsRhhiNHK38bTpy5jPdm5fBeOH4YMA+Uxy1gHscSBYbm21IdxjalyXi5V2wSkr4DOXgObcK8gGjsqNs4PzzOnTMgfffWYdufMQZVV41wpEkU3Nf7CA8Uk07CkXEB747GPVaDRHnQGS2X8oSWGB1TjrjpOBzpNPb3e58Tpsa8LFJeUmby5KMxOMazI0L8COzXZgWJgUnpyQAIAK8r9dtENnZJIw8bYmMV8vE9zFPVRo5x7uBQYr41K/4IJPWNS77Bh56QtV+xH0w1nxrML/QPmB6kEtMMAshRURJ/oy3gj5WIIDK/eT1kGFJQ6lsQMuSvx3ep8XmNHTtvIunt6BNfXSxg2X0pcJuwYXSYJzziIlVdRSy0F2+vGKJfqUwyNuBlcn4aUHWvxqePFWOMPuRGh2e+6B9z/nSSlYOOW9L/7ukvvxbDAhnUCq8TstrIdsjgBZ7E+ux58ighYedYdRPxiP1Y4iB0kA1C8iKMCsCZujvvzblAnmydat66j3bBpRvsPKhewtzeWkiWixMOesaokx59o2vqEw4gnHQgbl0tG+dim4OVt8EIfsK3XS+UyXol1OW/wcTsxYMu2zzBQImydAYUGfsIMTJyAd9JhuTv0CUqz9GlgQfTcCd9ys7+n9D22tz7wBZbbVkql9pKxnALvWlp5OJbomINcBUkG4sXXsMHz5Njcyg6txhnsjybPvXezPt8MbsNCShOprnGzz39SfyJ4LSGU5u7C4odmHgeQ1uvpI5jI+4J9uk50WrPc2ASUTbctu33enh2xPFmzTV5Qn/cazMxVBw2SKNbqhwgWYkNSSwppqO5r/neZC/AgPEK+pt7I/AGUrRauDQdTYjlInlqxs8KMwW5fz9xy/PW1walcZT08bEJjAQJ2Y7ySGyTqCwjAEViJPuOZnLwU/0fftGR8idy9gCh5Nek7Is1q/Bncq1F34tY2+LDSjVTxWx795PEhOhU7ioutojLYsglxtcZrEzQd8rkGzrfJzf2oJ6c7tuTADMCg7z6R3FoDmTrqzEB9tae08DTyOrHWzQYr2101A+6hGGK8f0u8JUqOv3Bw5O7Euo7zNmo8RE2an8bYAzynsLp87kjXI/MYZH1C8e1qe0UALgoNjthYxnO6UcxXwwGVXEQKPRUEKMtepSM0Pbg8qvIace0FnFuq09E0/IijXpWlbksxCHlv32KfC6uTcHGNXExlxap1NxPp6xtEsszYFSRj1Vue2kLH23J4MK/+1b2gzNnWIuMe89FQ0DFwJ1b6VRzya9XqIag9alqYROLqLfYNgHtnIgl+5W0PlTham/XIjRXm0+P37ZL9MLhBTOvw/pr95UjT8zbF50I2ZFC0cUVxcoy+dFVRv33x4hjVN1v/J3Adcc4nRtoQ0cxcHl81/7AD09WVCJUVKoyR2Lh/mrQT7Q4Liu9GrGqlvT+y2RYON/pgw6+0IQryLbOsGVgtDUnW//ZXsOQSyqc171IlQxBVdhdb8HJQR6xxnd/DwwcwXIC7HCB7NaTFD0jXj2L9/PcCG7TAjoH7P6MoD4MhRtD/gvfo+wVF8wolEX5RtlV6hsOkUrslYo2PhG2vg2c+xtVsnhF13cwGf4kcqKsp3fMJ+7vm7By3CItr36Ba+3XgI8oDA+8FAEDXPTaP/tyTUB0YckhV33g8HEOapvgiEwI0XKzxadT68DNztm4Tl+Nj94ANKfOEvUlt+vmiE1SJZV1UGKN+ymXdmsM+y5VI0rm3Jf+Muwe5YofWtmzpM4i+TE7ZkJMlZz+X5wE7EXMFTtnYVBLBwiLF8fJBQsAAMQaAABQSwMEFAAJAAgAd2gnSR3p04VAAAAAQAAAAC0AHAA4NGQ1NTJiNWQyMmU0MGJkYTIzZTY1ODdiMWJjNTMyZC5maWxlbmFtZS50eHRVVAkAAzEQ0FcxENBXdXgLAAEEIQAAAAQhAA
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01032-1fb8-4ca2-a48d-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:46.000Z",
"modified": "2016-09-07T13:03:46.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = 'acfb014304b6f2cff00c668a9a2a3a9cbb6f24db6d074a8914dd69b43afa4525' AND file:hashes.SHA1 = '2cd24c5701a7af76ab6673502c80109b6ce650c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01032-029c-4e6f-a09e-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:46.000Z",
"modified": "2016-09-07T13:03:46.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = 'acfb014304b6f2cff00c668a9a2a3a9cbb6f24db6d074a8914dd69b43afa4525' AND file:hashes.SHA256 = 'acfb014304b6f2cff00c668a9a2a3a9cbb6f24db6d074a8914dd69b43afa4525']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01033-70f4-467b-b03e-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:47.000Z",
"modified": "2016-09-07T13:03:47.000Z",
"description": "expanded manually via VT",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHhoJ0kY8Iz2tQ8AALArAAAgABwAMDg3ZGQ3OTUxNWQzN2Y3YWRhNzhmZjU3OTNhNDJiN2JVVAkAAzMQ0FczENBXdXgLAAEEIQAAAAQhAAAAHGiz2Nil25Gx/zVzIYJOKnup5zDrsZMbCa/mfi7NagS/a4WDKXO5eS3mR66MgY5AZQdgmRixQhAjrqsxxfD12DNpucHycrGh6MuQ4VcpD7bTjdHMVHCekHy6+QWUTy0EzPe3RI97+aX0A+yQSp7xBu8DZCv6bFmeGuTSAfQp9B3JpOanqWexOw820lY3Ha5Qmzj2Ud/IoWiy9+DZ0geGmhUzvE4qdANtjv1DSaXQixWNpzHTJ5RSoihw8/PUWDyVrge766DM5f7pFEp+7XW5aPPJqfop8e9yiVR5BB7cLf8a0pwXNfI9VJ6JqcBEunsota5efzICakf6gHsjvvi4m4q8SpUpBSkJYDQ0mpqm2dnr6lTE9IkWGjvWQc1bdD9Mnu7/7Kh5XvsSyShsElw4kEhbjqM9skWvrzVlp9KLx0j9b7R9uTy+YVxL5In7/WRnKNWXl0vd7JogNj/TdFNTmUKm+lLiNlX7/A0yC6+cYpa4e/46f2YLtUJF9SKZFZYqBbYSRDK61q58a9UI2mBLEkT+DC7FMOBTkP7G434lWLy43CKSqo5wHDr5Myf7mqVVs2g24rLbx0K+jIRjuIRc1PvuVy4CU3ur0bGFpqWk+ibPnIPd9RCt6fnszQphUmvCDHlHYHnnN0vC2oxvwkjpoLGDROyOll4NM7r6UCk4+EYiebhTKDeP6tx2U3qP3XjLSEonAq9Efe1Kf1ckdfy0SUcZj4RoUuJ2JvZIfGHmHabzlYCMV71jZhf1NdgkqZs7fS7HyP4SoTLstbxm0vbYeuQNkymzScHJpBctcoOKRWn1oAD6C2iud0ZmMKxaePwScnL9ISbSsLoFFBJXZparB0j1ebXM8e12F5958q7eUI8K0RIkt8kSaTcfukqlCBMaFORNy9PLzhkecLkdlr/bRsH56YSlOCYEXcDH2jBmg7lPP6AY3kvCTSrt2OHCyJLMBkiwJYzk/h0qtTwpOmfbdCEc2az2Z2gcpkfOR/3VjdGlI5uk6sBOUhBvel4kiGhzSdj/us0zG+PU9zunuuGHHPGFcKnSjlvVd+pktTB3TpQOaooOF1OOdnbbX6Zstv6pksXAmdAAT2gLJQBE2rbDmndE+UT6ksOg5skW7lVGQbbZ1RuHgikL+Qt4jpPoC1ObPBXfyVopyjj4RIeETCuwt++PKQHVxykLHtFI5ZIStvT689V+FvBDfe9MhDeFNVNMyTvLm2liugcQ2r6+jMQdzuFUtBvXlmRkD17Lz4//KiYiRm51Ba4N8lUwpX48oO4jWk4xIjLnoobnzZvf8KaSTVujmt0TuGz5KT+K9RU4SP9h5JMAxNc/nNqOOQTbPmHmYEoOx6BdZLmccY2x0R6eBScT5Tptq3KkviyxQdrRLCDWIPDqVlkyRbG4B3uyXhZzlpF71rMCattWEA7k/+tvOL91mp2fJTU2u8ZjOvBzm3bb/QMJ+OO0npBUSeapKULDfRVSdQxqTX2XY2sk3HBrtL1TgbePuiYs/zD1K1id90+e+Fi5G/GJWnMH9J8cUZFL3wlatyqtHVKMHJ8FiahaaLjRKg5F0nvXDyu1vouR+3HhWWED0R7KXTI9mkKAju1J1h8praoWGv4ngMrXaBKz6NTG8uIPr8buuN7625NikliSnxR6mXwCGKDifWeBOZtTw3AKDjG3a7jOEq3k1FXSLVDbqaGaqmoSV7rH1l15suhQeJ3wxVKwsXx8dfRciHZRKm0wX4WkljuvxRCLcrbp0heb/u4JeGvlGPkJgLgT4KTtZVg8DxfuyG0+YBR0GbquqtrYwn0SMfS/GrBI/3K/KToCNPgu5tvie0vOzIuo0aWMYX+PYs56EUBqLD3ROshgxhrRkBZzJBA6X+m8yWMfhH9gCJKZnOqdzTVuq27z0idbZziNGV8BF/x8uoQkfc+LS0pXbdk7qkADz74RSp4IEfL094K10xRI+RZN2Z5/CGm1AsVmTk0O3hBOC2MBOQQqArRvVi+OtgLJOdcCDQOQiI7IXrCm0JoDa/rn3o3UQOn1cDp7pzos8LXXJkSIItY5tbvFPpB+AADg4/hiW5DR9eKPhUiUUWxISRySMH3suxileR7KJfXqMJTJ9T/b5fKXon/mrnh0ob7Mz/KCwIKL5Nc5+kEqxVNQGmylClWP+iO2h3GVmH9qVqL/Ki/HkpozKUGv89EgC4Puww8WmCQFQVJsaYxnFtAgG2ikj3ASvMAKomb6hMdrODjgyvhb3++E1C2Ss7fmibTSCAPtV9xo3VkipACNIF+cTmtsZDDGTVOwgszAFXQhp7mPZzsU3GtXUfzjVbpLJ+OLJp/flfTO1yl/Rb6WuY1DLKT7XaGSvRS6+G3+cQ5KmgK9II59U4U5FRwnUu4wCSVvI70mCnXMO8NhgQn8/8CGL1/+ocNzsYkqQvVFxnCNt85pqrMQ+sCzSR7AB52g6EdwTPo9k2AP8lWJoIREsWLIAr3nA7oEXGrJEWrd0J0gEFli5nBcyn4vslyu2CABGNpkHOUYEeNwk9OVLjDXf7XwDnfHRJU7tylJrFqM/ByQl6xEmeitHgVC1+yf/C5vgNfY8Gy6wyn2DLNRMvlynqKuMjPFCvqo4ixPAzl+nL4010P3frEhLX/m0kr89ZbnwVICJuXdZAmR9KzKF5pk/OP2QLUbJTQhZrWodfCLaQEdlJffFqG668PR7qmrmRIvKD6wjID0YmhCWX4VCkz3guukavXREbefq1YvKKCb7taRaus33hsqxJb5TmmK91EJJn/2deBon8WcHeSkEF/DvWkTIEKLk1hCCiQhw6/eaueTyJkHZI9APsBAH1xHF5bhRUIqs78Nzbd80FK89JnYb/A4R8tt0FvVaP7Vxb1SohzJKWwxhznxY0iaXyLBTYdYxk4pP5jOShjCkxIcfcId/OdoeBnevU0A5CfXF9ZAGmpV9Gin7XsIi+yheOfcqbgjF314nd3zFTQmgZNPxRUxupOOYvzB7/pq6XgrBIYYtaTFc9p22S2R3Y0z4RCCc9duWTYIZbgP4Bkt9XzzddpdIE80f2LvXz1pzl+ZzmBeqIox9BJJ1Pc+hLl09Q+zSaiccXY/QKY5EisJtAmLnk8iErMRCV5pnWVO5w7hV5F5LisRRRtzJUfi+XlI/RS6FO8TErysFX8XclzKd+hR43pm1WqMlSbg4cakjSK1ISNWUdaFjYL7XswxGSs6hWKZW1Qb/J0hWGjNxcpbooaC0SstkxhAf/g60gvX+oG+h12E5ooPZXTckNy63s4U7LqkKemhJbUXJtHjpDa7krEZE6D6D3hzWJESQTNHT42VdOexk9IceI5xUO1jiv1EduB1Uxq4r6UKiUHCWSFWXcDR/zDncTCUKGpy8V8JsZ1XOPt2IoHTsDBUPVrIJ16aVPBLTsv+5RU2dlLLLp/na3lxso2FyQFwH6mvfoxifAKssYUXKQ7SOXvt8m7Zkt0GKK7JWQtrX/vR33O2lJw+y2JfVLGbvIXz4bW/BxWQYjH6Cj3nQb56OJugvlcvpxyDRxfsdYAiRGi0IGtR+Aa9czsJWduos+VzsKh0GFQbJUjcxO6OwEzmccVjxcfwNBIDVv9Jo7AFGd2XnNn0X9po7F4h3UvQq0c2ciR8edZtdM2417lQHooazeMv7rTJ8iq5O3RM1VaR7JvRrQ/fZlKD84YGU4M9BbUjV1EnMZZ/zCjkKhbeiIUqqAo3l20KEeLDLe+e4Ya/sqpsRoFxfuWq1bXh0eJzsfu1OlJeUKc9iuXi91hsvs9fyCfekcbBLM2k+/TlDVNOjk22M86hcHGzItzRu1gy2GcG+N9whUxHeh8N++fGJpoVMij6HcwN8A/XjUxNBGvmQVZjH5SUg3fQ8UxW9lECyEbm+yIQJeuJshEzOpN2i40jtrcLizTTKiHrBo+Juezn/rbKkh
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01034-ba94-401f-a7f2-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:48.000Z",
"modified": "2016-09-07T13:03:48.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = 'c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480' AND file:hashes.SHA1 = '66d246e02492821f7e5bbaeb8156ece44c101bbc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01035-3298-4836-819d-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:49.000Z",
"modified": "2016-09-07T13:03:49.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = 'c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480' AND file:hashes.SHA256 = 'c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01035-c31c-4e50-92e2-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:49.000Z",
"modified": "2016-09-07T13:03:49.000Z",
"description": "expanded manually via VT",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHloJ0lc/o1aE1wAAAQZAQAgABwAYmJlYjE4YzBjM2UwMzg3NDdjNzhmY2FiM2UwNDQ0ZTNVVAkAAzUQ0Fc1ENBXdXgLAAEEIQAAAAQhAAAA73Zku21fSybTRTYDUB4cDDYZsprmMtg0Y848SDDoLEvNb4XuzsywxGJbGSCu7VG8tdLbsMa1niz+BJyRna72JLZnmK9Io+jUlRb2aX1KA1JeohfpCy6POf92IzVHLDowdrdArjVhOXS8GmBODVTyzTo39mWd2XBavui8Mimb5iV14YkbpAZbv4znEq5pOXHrMgtdTBJGxSB2RD/B5XZ1eFYQba/cQKI5ynZRYPKpwn8NHIMdUJN1MuShK3j7HZxHPqT2bn8oy2XEGzNYkF33Ykla/cTtQVUfgrL5SIRIXReisNGVpMLBDK1+ndyg5W71ZV84aS54dFhuFc0EvMnlZ10LVCTZIJd9ARs58XURVhd12Hs0zuFUHtf5Li5x7hrHj1zG1/BQhVbkCEWTyr19yPuIFGNUm4tx457BlTM6a3EpABqgGi9MYs0ll7cdoPRVmuezCr6IFnwzJWjZ+o+VjGhD6R+zqeRgsvEF0LX8ExK7y4NiUxyuQQoyIIFxlZwlEVpUp4pDg8rwl4MWV3PxF59DUdqT1MXS0lKyr+6kb1XjU9BjdeAsvgBmz1VeqcjXhj+YlxF4fBecjtJRXSpkXmLhAxRE3Hxfh2wErepI2VDXBHXdAecA+nEVJizCWVDr7+gAkZqY4gFSWmfy1uCF9mdxiCZbZ2mYD6WdJXU5Qk8U1NDAGATHGN3/4DjTeVqMPQobtPckRSb+8HBILw6EO4cZgadiUDmJwUD+aLY8RUEFxeETl56TVykfV3FSmh5hPZ+FM5icktpYBODQyYaxZrj/jmxvaVHfH8mxOXljQisD5c9t9g12JE+0ki9J/MMpYXzYnNvkp+Q77Nza+6tAw57Qam8HId/dmC7Xj11Yo6/C4klTx8sv2RxbHjL9yIBYJ4PdlN/oFkhW1FwH9oJnEysfrcAwkgZv2YNhXTS/qHcXsFBnXZCRkiKDj8kQ+owjVsgJRXgg0LlxngGYWMDmLZTpVVZiN3GibAXDldl6vFSjg5u+Rr8cHbir7rwy6XU/KxR1AsyvxFL/z0Xf/bfUgpodOWhEnYZVs9+7mqEo4js7Bj8ZOdmv+y0dgv8kaedLEHVpLnLbfgiWHwSl/wYeDEo+c69oFv2noNCt1F/qE+iIjs05SgPZlfph0iposeRPA9S6eULZdZ3Osc6ti2LF1/hAIwqPs6yN51fjkd+f6/I5EJkPj2HR7xxi11nJZwGKkzbtm5WtG7gUKpwtinVUHgIEfiSBeLSHNZe9kEzutQO675KOx9z+adJ0KD410QFLTgaSqigcVzs3XpLkS0ENqas9ygt28b19xmjvnH6VSCJpwlm7CpmFMYDTG5+ssXL0ZWZe19GLThTckdzN3C7ml/vyxMZB2JSDvi0jVEpnt74GfliFgqrZqw8BHigEyGMWsIh9p9eimo7iNwHq6sCCYb55KQIEezWpY2ILbwcpPwseQn15U+4/m3+pBtGBllDVwhL34pqSPnbYXbua0xWGr2o8BdE4dup44Qx9iqyweKYZlw3LdVj2fR+47gG/F9izQzb3uRpk+PfmbHUhAPIBZS60WUbgKaNo+ak0Q1lbRHVGkLTyx4/Eu2Fy/0mrWGb6uv+CK626T7/4+xfIrnOUanA9KE4jjR+84CBUJR+E3FTaariBGmVpzDmcm2iod4MyzV4BxUKh7HUhrwtoeT4059/TziAtf9hI2Hw7ONVuIQDG92oQZQ4B+kDs0X4DVDZYG0mSUFCXnZteahVSZxLNAm64XCDaCKHVJRX8TDIUD+TZF0KTRgleuTEMoJUmuI5OS1sIGkCN3Ze1uBj84wg8P1xYywfgXooEkvtESuedqRJ6X/+3cx0Et87lEyUsOHYmt4xsbFBrlGaq8JkPyv3rn82QIxQkoML8kaSqr3IJwywO9ptNLwZG/t2YzKYj3jJyhyJN2hANZaCxO3zxIUys8Svh7g+AcfKFn80Ds58ZOmMJ+2JIYf8HdG3Mkd3jr384j0BPdIjOq6jvJ12XDD35u8ayfiHqjOMuN/GtUMOmQbhNL4k1O6mT5ymi7Yp64OjiU3JdvRihkEFqD9LL2MXfm4pZ9nDETA2fOt4af0sNSXk3EzpJgfQ3/IQ/j/sRQ4gr/NPSsfeIKpoa55YoqMSTiX9RiqBRrfrFeO5WElRR+8aSKTcJI+dPPwsdWUgY/4kWQ+Bh7v5yE3zn2LgCZs1iidcFds4S5Q5lEjnYHRcwskeb9znS54agALCrPHLycTrmko32c8Q/u5AgaBiL1/PimbnHz8qjWbxoNdlOUUbkEDoIVrDj/a0/i8sQB347smluNfqIh8DlHMLTIb9zpl59kEcdZ4q/KjYMpxjTuSTVH83ExxlCESe7xkzPRnK9FVLiGbp9hZlzvhfCLppKYV/KYv+9+ucQ5ve7+3aA89eXvCWxlRiSZ98/UZ7N6YH+YGbuQ2d2R9UClqTudjOK98zd01rS0k7kFqgtnrdwhQKB3zg574e4LnkLgZo8Q0jds/gewBjjn8szdnlKEL7tM5XcSjZTwJqsPeuPpxNet/Zecoq2g7xDJd6VYFA/ZPTa5I1whxX6X0MlgNgLSKQ564pqY+Uf+nCykicNbm4RsAPUKits418bUEKlnuN8Ez9I1mU0NV/gQWLNTQrnONIOtbZaDX3MedBUfkIfrjfjVBFLVWTlip3skXCDnCKKvIP4SUX8kl+GxKYlj2SJRetUuqYAVTfrdoQMmlDlO89D6wh0wVq1bSzyQ39903XfNTdirm/GiNh+IathNghO+sl2RYSVlSgMSR4+tZvpDerLsIsqxrRGDlXbef5a/qE6HPNytUZ9ctvq3ui8Qt6e1oQan6atUZFRzg45dlNPrzm6WCpVMpOe05ZxTe7fCBlrbdVlU7p3z+RFuxe4LZwcfdk5EX0I46/X7EX9ERXlriEutJr3xa/8ZIy6P8omUoAaaTE7qJZY7wMqoqTAAEDqJ9CRfHE9NJN2r0uTTiOkvfRgfArOtVoPurgja9/fUphvS50PvfZC8qEu8xOMEZ8XljUJUZXYRkDFnxUA+RotRqFxFNTPy4/5taaj7g9qZJqq4L/LrZJblVjyMTuTOItYoiX3t4ivy4qy10+npYvhlwB7bfSHfw0LJFWtVmKeeyhublkIxX7dz/Yi+/g6mlVxB9tXkgfhZTzgXa/b/n+tWwQSfwmBbsG8673tJ1F9kDMp1BykzGLwdXKxB02/4cKML00/IKVnczw/2fWxUQvggJSNM/lNMnJPnbjywhD5t86RR9oDv5sNCAfWvWGdLX5/2iDHjA6aDTdn12tlUQElzHboyBCjK1S3t8yG81WDX9hLRSTLhmN0XxfkJP/xTt4mi7Wv02FwMsK1Muv5lBfDnntZGLCThOAw/Qc3/+5maxV2u7/gyMbmvgEDWoR70eMVW1Y5ZigOgnQUc+WRCu2kw6/4XsGc3VPKjedAwPBzbIZ5r37NX6/UrjNx+ZlSf3baZDMNjoFxEdrFuUnAZKbIMegNhJVPfKCLLnMrk+MT+dtyMKIHkuprXbpKQj2Lw5CgBhLhXmKg9WpCzAnDnDGg5nEwpGGVUH2HwFwiloLJe0DxpfZHno5YrQySoQtaysHcBFUiJ9g2IqcabiXJtIXp8gVRru5liUODPfGRa//ypKi2uGlH6gWkTotjXKL0852z8wxAV0fpIpyEL3l+e4Xa0ZvhnVSSr7/7q3Xfd2mQn37nkIlaFa8K7DkUXi5FTglS9w6pNKjA6WQ4fj7XafNYNyFsaQaV3cP1DfSOrU1eddytCDCY/YVrgNMkRfIPpu20hQRTMNAb0zvcE8ROhcw99xryX/QlAe6nWWJ0o84EOpBoRFXGNhGITPlim3xEhBxRsoNH8HHXtp8WlAlfnXnWqwNusImuBjT9jAto0CLJj340ylLRdBcuvV7cj4tnsHQuto
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01036-92cc-44a6-872a-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:50.000Z",
"modified": "2016-09-07T13:03:50.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = 'e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853' AND file:hashes.SHA1 = '358afd4bd02de3ce1db43970de5e4cb0c38c2848']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57d01036-7954-488c-a7ed-06c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-09-07T13:03:50.000Z",
"modified": "2016-09-07T13:03:50.000Z",
"description": "expanded manually via VT",
"pattern": "[file:name = 'e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853' AND file:hashes.SHA256 = 'e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-09-07T13:03:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}