2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--57ce65d3-6170-47b5-8f3f-47e0950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:09:50.000Z" ,
"modified" : "2016-09-07T13:09:50.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--57ce65d3-6170-47b5-8f3f-47e0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:09:50.000Z" ,
"modified" : "2016-09-07T13:09:50.000Z" ,
"name" : "OSINT - Pok\u00c3\u00a9mon-themed Umbreon Linux Rootkit Hits x86, ARM Systems" ,
"published" : "2016-09-07T13:10:05Z" ,
"object_refs" : [
"observed-data--57ce65e1-4f10-4fb3-9384-3305950d210f" ,
"url--57ce65e1-4f10-4fb3-9384-3305950d210f" ,
"x-misp-attribute--57ce65f2-d28c-41aa-8fb4-47e4950d210f" ,
"indicator--57ceaeb1-0da4-4e04-8aef-49fa950d210f" ,
"indicator--57ceaf0f-5354-416c-bb90-4d21950d210f" ,
"indicator--57ceaf20-1ccc-4f0d-9ee6-4e8e950d210f" ,
"indicator--57ceb2bf-4b1c-43b0-acf4-4cc3950d210f" ,
"indicator--57ceb50e-ea7c-462a-8701-4379950d210f" ,
"indicator--57ceb541-9b40-4d25-a6f2-404f950d210f" ,
"indicator--57ceb541-0240-465d-b304-4596950d210f" ,
"indicator--57ceb542-e970-4703-90fa-4621950d210f" ,
"indicator--57ceb587-47c8-4d49-a733-4d9c950d210f" ,
"indicator--57ceb587-4b88-4221-9931-45c9950d210f" ,
"indicator--57ceb699-fed0-4314-b5ac-463d950d210f" ,
"indicator--57ceb69a-c2b8-4629-832e-4c9c950d210f" ,
"indicator--57ceb69a-9f80-4d49-ba67-4bf5950d210f" ,
"indicator--57ceb69a-be88-4eb0-81aa-4d00950d210f" ,
"indicator--57ceb6c9-e724-4ada-9114-4bf4950d210f" ,
"indicator--57ceb6c9-bfb0-4aa2-93b3-45d6950d210f" ,
"indicator--57ceb6c9-f94c-4d66-bf87-4bc9950d210f" ,
"indicator--57ceb6f4-cbd4-4570-9068-4104950d210f" ,
"indicator--57ceb6f4-64dc-4089-bf9d-469a950d210f" ,
"indicator--57ceb6f4-fe00-4257-be31-444a950d210f" ,
"indicator--57ceb724-3590-4a74-8a75-4879950d210f" ,
"indicator--57ceb725-3e6c-4802-bf02-494d950d210f" ,
"indicator--57ceb725-e0bc-48d2-b842-4f36950d210f" ,
"indicator--57cec3a9-5d6c-4485-a593-4fdf02de0b81" ,
"indicator--57cec3a9-f2b4-41c2-a770-4efa02de0b81" ,
"observed-data--57cec3a9-03a0-45c9-aa62-494702de0b81" ,
"url--57cec3a9-03a0-45c9-aa62-494702de0b81" ,
"indicator--57cec3a9-b7a0-48b8-9823-4b0b02de0b81" ,
"indicator--57cec3aa-0a50-49a3-9bbb-4d8002de0b81" ,
"observed-data--57cec3aa-ce48-4425-b633-4d8d02de0b81" ,
"url--57cec3aa-ce48-4425-b633-4d8d02de0b81" ,
"indicator--57cec3aa-301c-481e-a15a-455902de0b81" ,
"indicator--57cec3aa-dd3c-4d19-b800-4c0702de0b81" ,
"observed-data--57cec3aa-1f50-4880-8383-4ccb02de0b81" ,
"url--57cec3aa-1f50-4880-8383-4ccb02de0b81" ,
"indicator--57cec3ab-1660-49d3-950b-473f02de0b81" ,
"indicator--57cec3ab-dd10-456d-98c1-4e5b02de0b81" ,
"observed-data--57cec3ab-f214-4341-b831-4bbf02de0b81" ,
"url--57cec3ab-f214-4341-b831-4bbf02de0b81" ,
"indicator--57cec3ab-f1c0-433d-a13a-4dbb02de0b81" ,
"indicator--57cec3ab-ba9c-4f0d-ac18-4db502de0b81" ,
"observed-data--57cec3ac-8608-4478-a0e8-462f02de0b81" ,
"url--57cec3ac-8608-4478-a0e8-462f02de0b81" ,
"indicator--57cec3ac-2088-4e7c-abe1-4f4f02de0b81" ,
"indicator--57cec3ac-6f10-4cf1-90d4-440702de0b81" ,
"observed-data--57cec3ac-8bf8-4ee7-9a49-488f02de0b81" ,
"url--57cec3ac-8bf8-4ee7-9a49-488f02de0b81" ,
"indicator--57cec3ac-2800-4b0b-8ed8-433d02de0b81" ,
"indicator--57cec3ad-c184-419f-bd59-45a602de0b81" ,
"observed-data--57cec3ad-0544-4a72-b378-498e02de0b81" ,
"url--57cec3ad-0544-4a72-b378-498e02de0b81" ,
"indicator--57cec3ad-1574-42ab-8402-4c1d02de0b81" ,
"indicator--57cec3ad-7258-4fdc-aaf5-4b1402de0b81" ,
"observed-data--57cec3ad-0a58-4e03-b707-446b02de0b81" ,
"url--57cec3ad-0a58-4e03-b707-446b02de0b81" ,
"indicator--57cec3ae-c8c4-412d-9943-42d802de0b81" ,
"indicator--57cec3ae-dc74-4a4c-ab0d-450902de0b81" ,
"observed-data--57cec3ae-e510-4922-bddd-4e7c02de0b81" ,
"url--57cec3ae-e510-4922-bddd-4e7c02de0b81" ,
"indicator--57cec3ae-b2a0-4864-823a-4f5802de0b81" ,
"indicator--57cec3ae-1f54-4aac-8c79-402702de0b81" ,
"observed-data--57cec3ae-f4f8-438b-8e59-4ae302de0b81" ,
"url--57cec3ae-f4f8-438b-8e59-4ae302de0b81" ,
"indicator--57d0101e-9248-447a-84cb-06c3950d210f" ,
"indicator--57d0101e-30a0-4a1e-830c-06c3950d210f" ,
"indicator--57d0101f-8874-417b-b565-06c3950d210f" ,
"indicator--57d01020-38c0-4d9a-a3f5-06c3950d210f" ,
"indicator--57d01020-7ebc-4930-a09a-06c3950d210f" ,
"indicator--57d01021-4324-44f0-a6b4-06c3950d210f" ,
"indicator--57d01021-5c6c-4be2-8f08-06c3950d210f" ,
"indicator--57d01022-6888-4ca1-8a2d-06c3950d210f" ,
"indicator--57d01023-7a28-4113-b710-06c3950d210f" ,
"indicator--57d01023-4f28-450f-baad-06c3950d210f" ,
"indicator--57d01024-7d60-4390-b4e3-06c3950d210f" ,
"indicator--57d01024-2d2c-43aa-9083-06c3950d210f" ,
"indicator--57d01025-8914-4961-af6d-06c3950d210f" ,
"indicator--57d01026-1dec-48a2-a881-06c3950d210f" ,
"indicator--57d01026-ff8c-4a13-991f-06c3950d210f" ,
"indicator--57d01027-dbc8-4582-ba37-06c3950d210f" ,
"indicator--57d01028-d170-4e4e-8311-06c3950d210f" ,
"indicator--57d01028-e5c4-4f71-bf58-06c3950d210f" ,
"indicator--57d01029-cb54-43b4-af13-06c3950d210f" ,
"indicator--57d0102a-7b48-4003-9af9-06c3950d210f" ,
"indicator--57d0102a-8f68-4c84-bfd8-06c3950d210f" ,
"indicator--57d0102b-1964-4f34-9e65-06c3950d210f" ,
"indicator--57d0102b-6334-4498-9083-06c3950d210f" ,
"indicator--57d0102d-0f98-472b-a469-06c3950d210f" ,
"indicator--57d0102d-6070-4ca8-aefb-06c3950d210f" ,
"indicator--57d0102e-2a2c-447a-8d95-06c3950d210f" ,
"indicator--57d0102e-af60-452e-a779-06c3950d210f" ,
"indicator--57d0102f-673c-4059-aa77-06c3950d210f" ,
"indicator--57d01030-6e28-4356-810c-06c3950d210f" ,
"indicator--57d01031-af44-4609-9582-06c3950d210f" ,
"indicator--57d01031-170c-4393-81bf-06c3950d210f" ,
"indicator--57d01032-1fb8-4ca2-a48d-06c3950d210f" ,
"indicator--57d01032-029c-4e6f-a09e-06c3950d210f" ,
"indicator--57d01033-70f4-467b-b03e-06c3950d210f" ,
"indicator--57d01034-ba94-401f-a7f2-06c3950d210f" ,
"indicator--57d01035-3298-4836-819d-06c3950d210f" ,
"indicator--57d01035-c31c-4e50-92e2-06c3950d210f" ,
"indicator--57d01036-92cc-44a6-872a-06c3950d210f" ,
"indicator--57d01036-7954-488c-a7ed-06c3950d210f"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"malware_classification:malware-category=\"Rootkit\"" ,
"ms-caro-malware:malware-platform=\"Linux\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57ce65e1-4f10-4fb3-9384-3305950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T06:44:49.000Z" ,
"modified" : "2016-09-06T06:44:49.000Z" ,
"first_observed" : "2016-09-06T06:44:49Z" ,
"last_observed" : "2016-09-06T06:44:49Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57ce65e1-4f10-4fb3-9384-3305950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57ce65e1-4f10-4fb3-9384-3305950d210f" ,
"value" : "http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--57ce65f2-d28c-41aa-8fb4-47e4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T06:45:06.000Z" ,
"modified" : "2016-09-06T06:45:06.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "rootkit-feature\r\n\r\nThe Trend Micro Forward Looking Threat Research team recently obtained samples of a new rootkit family from one of our trusted partners. We are providing a detailed analysis of the rootkit, and also making the samples available to the industry to help others block this threat.\r\n\r\nThis rootkit family called Umbreon (sharing the same name as the Pok\u00c3\u00a9mon) targets Linux systems, including systems running both Intel and ARM processors, expanding the scope of this threat to include embedded devices as well. (An aside: the rootkit does appear to be named after the Pok\u00c3\u00a9mon of the same name. This Pok\u00c3\u00a9mon is known for hiding in the night, which is an appropriate characteristic for a rootkit.) We detect Umbreon under the ELF_UMBREON family."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceaeb1-0da4-4e04-8aef-49fa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T11:56:26.000Z" ,
"modified" : "2016-09-06T11:56:26.000Z" ,
"pattern" : "[rule crime_linux_umbreon : rootkit\r\n{\r\n\tmeta:\r\n\t\tdescription = \"Catches Umbreon rootkit\"\r\n\t\treference = \"http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems\"\r\n\t\tauthor = \"Fernando Merces, FTR, Trend Micro\"\r\n\t\tdate = \"2016-08\"\r\n\t\r\n\tstrings:\r\n\t\t$ = { 75 6e 66 75 63 6b 5f 6c 69 6e 6b 6d 61 70 }\r\n\t\t$ = \"unhide.rb\" ascii fullword\r\n\t\t$ = \"rkit\" ascii fullword\r\n\r\n\tcondition:\r\n\t\tuint32(0) == 0x464c457f // Generic ELF header\r\n\t\tand uint8(16) == 0x0003 // Shared object file\r\n\t\tand all of them\r\n}]" ,
"pattern_type" : "yara" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2016-09-06T11:56:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"yara\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceaf0f-5354-416c-bb90-4d21950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T11:57:03.000Z" ,
"modified" : "2016-09-06T11:57:03.000Z" ,
"pattern" : "[rule crime_linux_umbreon_strace : rootkit\r\n{\r\n\tmeta:\r\n\t\tdescription = \"Catches Umbreon strace rootkit component\"\r\n\t\treference = \"http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems\"\r\n\t\tauthor = \"Fernando Merces, FTR, Trend Micro\"\r\n\t\tdate = \"2016-08\"\r\n\t\r\n\tstrings:\r\n\t\t$ = \"LD_PRELOAD\" fullword\r\n\t\t$ = /ld\\.so\\.[a-zA-Z0-9]{7}/ fullword\r\n\t\t$ = \"\\\"/etc/ld.so.preload\\\"\" fullword\r\n\t\t$ = \"fputs_unlocked\" fullword\r\n\r\n\tcondition:\r\n\t\tuint32(0) == 0x464c457f // Generic ELF header\r\n\t\tand uint8(16) == 0x0003 // Shared object file\r\n\t\tand all of them\r\n}]" ,
"pattern_type" : "yara" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2016-09-06T11:57:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"yara\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceaf20-1ccc-4f0d-9ee6-4e8e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T11:57:20.000Z" ,
"modified" : "2016-09-06T11:57:20.000Z" ,
"pattern" : "[rule crime_linux_umbreon_espeon : rootkit backdoor\r\n{\r\n\tmeta:\r\n\t\tdescription = \"Catches Umbreon strace rootkit component\"\r\n\t\treference = \"http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems\"\r\n\t\tauthor = \"Fernando Merces, FTR, Trend Micro\"\r\n\t\tdate = \"2016-08\"\r\n\r\n\tstrings:\r\n\t\t$ = \"Usage: %s [interface]\" fullword\r\n\t\t$ = \"Options:\" fullword\r\n\t\t$ = \" interface Listen on <interface> for packets.\" fullword\r\n\t\t$ = \"/bin/espeon-shell %s %hu\"\r\n\t\t$ = { 66 75 63 6b 20 6f 66 66 20 63 75 6e 74 }\r\n\t\t$ = \"error: unrecognized command-line options\" fullword\r\n\r\n\tcondition:\r\n\t\tuint32(0) == 0x464c457f // Generic ELF header\r\n\t\tand uint8(16) == 0x0002 // Executable file\r\n\t\tand all of them\r\n}]" ,
"pattern_type" : "yara" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2016-09-06T11:57:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"yara\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb2bf-4b1c-43b0-acf4-4cc3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:20:45.000Z" ,
"modified" : "2016-09-06T12:20:45.000Z" ,
"description" : "/hideports" ,
"pattern" : "[file:hashes.SHA1 = '738ac5f6a443f925b3198143488365c5edf73679']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:20:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb50e-ea7c-462a-8701-4379950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:22:38.000Z" ,
"modified" : "2016-09-06T12:22:38.000Z" ,
"description" : "/.bashrc" ,
"pattern" : "[file:hashes.SHA1 = 'b5e68f8e23115bdbe868d19d09c90eb535184acd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:22:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb541-9b40-4d25-a6f2-404f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:28:18.000Z" ,
"modified" : "2016-09-06T12:28:18.000Z" ,
"description" : "/bin/pkg /bin/zypper ./bin/emerge /bin/yum /bin/apt-get" ,
"pattern" : "[file:hashes.SHA1 = '73ddcd21bf05a9edc7c85d1efd5304eea039d3cb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:28:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb541-0240-465d-b304-4596950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:23:29.000Z" ,
"modified" : "2016-09-06T12:23:29.000Z" ,
"description" : "/bin/espeon-shell (detected as BKDR_UMREON.A)" ,
"pattern" : "[file:hashes.SHA1 = '48a6e43af0cb40d4f92b38062012117081b6774e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:23:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb542-e970-4703-90fa-4621950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:23:30.000Z" ,
"modified" : "2016-09-06T12:23:30.000Z" ,
"description" : "/bin/unhide-self" ,
"pattern" : "[file:hashes.SHA1 = '88aea4bb5e68c1afe1fb11d55a190dddb8b1586f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:23:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb587-47c8-4d49-a733-4d9c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:24:39.000Z" ,
"modified" : "2016-09-06T12:24:39.000Z" ,
"description" : "/bin/umbreon.py" ,
"pattern" : "[file:hashes.SHA1 = '42802085c28c0712ac0679c100886be3bcf07341']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:24:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb587-4b88-4221-9931-45c9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:24:39.000Z" ,
"modified" : "2016-09-06T12:24:39.000Z" ,
"description" : "/bin/espeon (detected as ELF_UMREON.A)" ,
"pattern" : "[file:hashes.SHA1 = '66d246e02492821f7e5bbaeb8156ece44c101bbc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:24:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb699-fed0-4314-b5ac-463d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:29:13.000Z" ,
"modified" : "2016-09-06T12:29:13.000Z" ,
"description" : "/bin/spytty" ,
"pattern" : "[file:hashes.SHA1 = '4f6c6d42bdf93f4ccf68d888ce7f98bcd929fc72']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:29:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb69a-c2b8-4629-832e-4c9c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:29:14.000Z" ,
"modified" : "2016-09-06T12:29:14.000Z" ,
"description" : "/bin/.x" ,
"pattern" : "[file:hashes.SHA1 = '1f1ab0a8e9ec43d154cd7ab39bfaaa1eada4ad5e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:29:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb69a-9f80-4d49-ba67-4bf5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:29:14.000Z" ,
"modified" : "2016-09-06T12:29:14.000Z" ,
"description" : "/.init-append" ,
"pattern" : "[file:hashes.SHA1 = '81ad3260c0fc38a3b0f65687f7c606cb66c525a8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:29:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb69a-be88-4eb0-81aa-4d00950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:29:14.000Z" ,
"modified" : "2016-09-06T12:29:14.000Z" ,
"description" : "/.umbreon-ascii" ,
"pattern" : "[file:hashes.SHA1 = '7b10bf8187100cdc2e1d59536c19454b0c0da46f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:29:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb6c9-e724-4ada-9114-4bf4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:30:01.000Z" ,
"modified" : "2016-09-06T12:30:01.000Z" ,
"description" : "/.profile" ,
"pattern" : "[file:hashes.SHA1 = '96d5e513b6900e23b18149a516fb7e1425334a44']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:30:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb6c9-bfb0-4aa2-93b3-45d6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:30:01.000Z" ,
"modified" : "2016-09-06T12:30:01.000Z" ,
"description" : "/usr/share/libc.so.2284441204.i686.ld-2.22.so (detected as ELF_UMREON.A)" ,
"pattern" : "[file:hashes.SHA1 = '851b7f07736be6789cbcc617efd6dcb682e0ce54']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:30:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb6c9-f94c-4d66-bf87-4bc9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:30:01.000Z" ,
"modified" : "2016-09-06T12:30:01.000Z" ,
"description" : "/usr/share/libc.so.2284441204.x86_64.ld-2.22.so (detected as ELF_UMREON.A)" ,
"pattern" : "[file:hashes.SHA1 = 'e2bc8945f0d7ca8986b4223ed9ba13686a798446']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:30:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb6f4-cbd4-4570-9068-4104950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:30:44.000Z" ,
"modified" : "2016-09-06T12:30:44.000Z" ,
"description" : "/.ldso/strace.so (detected as ELF_UMREON.A)" ,
"pattern" : "[file:hashes.SHA1 = '17b42374795295f776536b86aa571a721b041c38']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:30:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb6f4-64dc-4089-bf9d-469a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:30:44.000Z" ,
"modified" : "2016-09-06T12:30:44.000Z" ,
"description" : "/promptlog" ,
"pattern" : "[file:hashes.SHA1 = '394fae7d40b0c54c16d7ff3c3ff0d247409bd28f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:30:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb6f4-fe00-4257-be31-444a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:30:44.000Z" ,
"modified" : "2016-09-06T12:30:44.000Z" ,
"description" : "espeon (ARM version, detected as ELF_UMREON.B)" ,
"pattern" : "[file:hashes.SHA1 = '022be09c68a410f6bed15c98b63e15bb57e920a9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:30:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb724-3590-4a74-8a75-4879950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:31:32.000Z" ,
"modified" : "2016-09-06T12:31:32.000Z" ,
"description" : "pkg (ARM version, detected as ELF_UMREON.B)" ,
"pattern" : "[file:hashes.SHA1 = '3762c537801c21f68f9eac858ecc8d436927c77a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:31:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb725-3e6c-4802-bf02-494d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:31:33.000Z" ,
"modified" : "2016-09-06T12:31:33.000Z" ,
"description" : "strace.so (ARM version, detected as ELF_UMREON.B)" ,
"pattern" : "[file:hashes.SHA1 = '2cd24c5701a7af76ab6673502c80109b6ce650c6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:31:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57ceb725-e0bc-48d2-b842-4f36950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T12:31:33.000Z" ,
"modified" : "2016-09-06T12:31:33.000Z" ,
"description" : "umbreon.so (ARM version, detected as ELF_UMREON.B)" ,
"pattern" : "[file:hashes.SHA1 = '358afd4bd02de3ce1db43970de5e4cb0c38c2848']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T12:31:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3a9-5d6c-4485-a593-4fdf02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:24:57.000Z" ,
"modified" : "2016-09-06T13:24:57.000Z" ,
"description" : "umbreon.so (ARM version, detected as ELF_UMREON.B) - Xchecked via VT: 358afd4bd02de3ce1db43970de5e4cb0c38c2848" ,
"pattern" : "[file:hashes.SHA256 = 'e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:24:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3a9-f2b4-41c2-a770-4efa02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:24:57.000Z" ,
"modified" : "2016-09-06T13:24:57.000Z" ,
"description" : "umbreon.so (ARM version, detected as ELF_UMREON.B) - Xchecked via VT: 358afd4bd02de3ce1db43970de5e4cb0c38c2848" ,
"pattern" : "[file:hashes.MD5 = 'bbeb18c0c3e038747c78fcab3e0444e3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:24:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57cec3a9-03a0-45c9-aa62-494702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:24:57.000Z" ,
"modified" : "2016-09-06T13:24:57.000Z" ,
"first_observed" : "2016-09-06T13:24:57Z" ,
"last_observed" : "2016-09-06T13:24:57Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57cec3a9-03a0-45c9-aa62-494702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57cec3a9-03a0-45c9-aa62-494702de0b81" ,
"value" : "https://www.virustotal.com/file/e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853/analysis/1472872777/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3a9-b7a0-48b8-9823-4b0b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:24:57.000Z" ,
"modified" : "2016-09-06T13:24:57.000Z" ,
"description" : "/.ldso/strace.so (detected as ELF_UMREON.A) - Xchecked via VT: 17b42374795295f776536b86aa571a721b041c38" ,
"pattern" : "[file:hashes.SHA256 = '991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b73088522']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:24:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3aa-0a50-49a3-9bbb-4d8002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:24:58.000Z" ,
"modified" : "2016-09-06T13:24:58.000Z" ,
"description" : "/.ldso/strace.so (detected as ELF_UMREON.A) - Xchecked via VT: 17b42374795295f776536b86aa571a721b041c38" ,
"pattern" : "[file:hashes.MD5 = '2b1863acdc0068ed5d50590cf792df05']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:24:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57cec3aa-ce48-4425-b633-4d8d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:24:58.000Z" ,
"modified" : "2016-09-06T13:24:58.000Z" ,
"first_observed" : "2016-09-06T13:24:58Z" ,
"last_observed" : "2016-09-06T13:24:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57cec3aa-ce48-4425-b633-4d8d02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57cec3aa-ce48-4425-b633-4d8d02de0b81" ,
"value" : "https://www.virustotal.com/file/991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b73088522/analysis/1473161723/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3aa-301c-481e-a15a-455902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:24:58.000Z" ,
"modified" : "2016-09-06T13:24:58.000Z" ,
"description" : "/usr/share/libc.so.2284441204.x86_64.ld-2.22.so (detected as ELF_UMREON.A) - Xchecked via VT: e2bc8945f0d7ca8986b4223ed9ba13686a798446" ,
"pattern" : "[file:hashes.SHA256 = '4fc4b5dab105e03f03ba3ec301bab9e2d37f17a431dee7f2e5a8dfadcca4c234']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:24:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3aa-dd3c-4d19-b800-4c0702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:24:58.000Z" ,
"modified" : "2016-09-06T13:24:58.000Z" ,
"description" : "/usr/share/libc.so.2284441204.x86_64.ld-2.22.so (detected as ELF_UMREON.A) - Xchecked via VT: e2bc8945f0d7ca8986b4223ed9ba13686a798446" ,
"pattern" : "[file:hashes.MD5 = 'd0d97899131c29b3ec9ae89a6d49a23e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:24:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57cec3aa-1f50-4880-8383-4ccb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:24:58.000Z" ,
"modified" : "2016-09-06T13:24:58.000Z" ,
"first_observed" : "2016-09-06T13:24:58Z" ,
"last_observed" : "2016-09-06T13:24:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57cec3aa-1f50-4880-8383-4ccb02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57cec3aa-1f50-4880-8383-4ccb02de0b81" ,
"value" : "https://www.virustotal.com/file/4fc4b5dab105e03f03ba3ec301bab9e2d37f17a431dee7f2e5a8dfadcca4c234/analysis/1472872774/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3ab-1660-49d3-950b-473f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:24:59.000Z" ,
"modified" : "2016-09-06T13:24:59.000Z" ,
"description" : "/usr/share/libc.so.2284441204.i686.ld-2.22.so (detected as ELF_UMREON.A) - Xchecked via VT: 851b7f07736be6789cbcc617efd6dcb682e0ce54" ,
"pattern" : "[file:hashes.SHA256 = '8752d16e32a611763eee97da6528734751153ac1699c4693c84b6e9e4fb08784']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:24:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3ab-dd10-456d-98c1-4e5b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:24:59.000Z" ,
"modified" : "2016-09-06T13:24:59.000Z" ,
"description" : "/usr/share/libc.so.2284441204.i686.ld-2.22.so (detected as ELF_UMREON.A) - Xchecked via VT: 851b7f07736be6789cbcc617efd6dcb682e0ce54" ,
"pattern" : "[file:hashes.MD5 = 'e7e82d29dfb1fc484ed277c702187818']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:24:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57cec3ab-f214-4341-b831-4bbf02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:24:59.000Z" ,
"modified" : "2016-09-06T13:24:59.000Z" ,
"first_observed" : "2016-09-06T13:24:59Z" ,
"last_observed" : "2016-09-06T13:24:59Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57cec3ab-f214-4341-b831-4bbf02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57cec3ab-f214-4341-b831-4bbf02de0b81" ,
"value" : "https://www.virustotal.com/file/8752d16e32a611763eee97da6528734751153ac1699c4693c84b6e9e4fb08784/analysis/1472872773/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3ab-f1c0-433d-a13a-4dbb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:24:59.000Z" ,
"modified" : "2016-09-06T13:24:59.000Z" ,
"description" : "/bin/.x - Xchecked via VT: 1f1ab0a8e9ec43d154cd7ab39bfaaa1eada4ad5e" ,
"pattern" : "[file:hashes.SHA256 = '0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:24:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3ab-ba9c-4f0d-ac18-4db502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:24:59.000Z" ,
"modified" : "2016-09-06T13:24:59.000Z" ,
"description" : "/bin/.x - Xchecked via VT: 1f1ab0a8e9ec43d154cd7ab39bfaaa1eada4ad5e" ,
"pattern" : "[file:hashes.MD5 = 'b982597ceb7274617f286ca80864f499']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:24:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57cec3ac-8608-4478-a0e8-462f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:00.000Z" ,
"modified" : "2016-09-06T13:25:00.000Z" ,
"first_observed" : "2016-09-06T13:25:00Z" ,
"last_observed" : "2016-09-06T13:25:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57cec3ac-8608-4478-a0e8-462f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57cec3ac-8608-4478-a0e8-462f02de0b81" ,
"value" : "https://www.virustotal.com/file/0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff/analysis/1442181954/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3ac-2088-4e7c-abe1-4f4f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:00.000Z" ,
"modified" : "2016-09-06T13:25:00.000Z" ,
"description" : "/bin/spytty - Xchecked via VT: 4f6c6d42bdf93f4ccf68d888ce7f98bcd929fc72" ,
"pattern" : "[file:hashes.SHA256 = '0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:25:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3ac-6f10-4cf1-90d4-440702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:00.000Z" ,
"modified" : "2016-09-06T13:25:00.000Z" ,
"description" : "/bin/spytty - Xchecked via VT: 4f6c6d42bdf93f4ccf68d888ce7f98bcd929fc72" ,
"pattern" : "[file:hashes.MD5 = '0ab776fa8a0fbed2ef26c9933c32e97c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:25:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57cec3ac-8bf8-4ee7-9a49-488f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:00.000Z" ,
"modified" : "2016-09-06T13:25:00.000Z" ,
"first_observed" : "2016-09-06T13:25:00Z" ,
"last_observed" : "2016-09-06T13:25:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57cec3ac-8bf8-4ee7-9a49-488f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57cec3ac-8bf8-4ee7-9a49-488f02de0b81" ,
"value" : "https://www.virustotal.com/file/0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f/analysis/1473087594/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3ac-2800-4b0b-8ed8-433d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:00.000Z" ,
"modified" : "2016-09-06T13:25:00.000Z" ,
"description" : "/bin/espeon (detected as ELF_UMREON.A) - Xchecked via VT: 66d246e02492821f7e5bbaeb8156ece44c101bbc" ,
"pattern" : "[file:hashes.SHA256 = 'c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:25:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3ad-c184-419f-bd59-45a602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:01.000Z" ,
"modified" : "2016-09-06T13:25:01.000Z" ,
"description" : "/bin/espeon (detected as ELF_UMREON.A) - Xchecked via VT: 66d246e02492821f7e5bbaeb8156ece44c101bbc" ,
"pattern" : "[file:hashes.MD5 = '087dd79515d37f7ada78ff5793a42b7b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:25:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57cec3ad-0544-4a72-b378-498e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:01.000Z" ,
"modified" : "2016-09-06T13:25:01.000Z" ,
"first_observed" : "2016-09-06T13:25:01Z" ,
"last_observed" : "2016-09-06T13:25:01Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57cec3ad-0544-4a72-b378-498e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57cec3ad-0544-4a72-b378-498e02de0b81" ,
"value" : "https://www.virustotal.com/file/c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480/analysis/1472872772/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3ad-1574-42ab-8402-4c1d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:01.000Z" ,
"modified" : "2016-09-06T13:25:01.000Z" ,
"description" : "/bin/unhide-self - Xchecked via VT: 88aea4bb5e68c1afe1fb11d55a190dddb8b1586f" ,
"pattern" : "[file:hashes.SHA256 = 'aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:25:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3ad-7258-4fdc-aaf5-4b1402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:01.000Z" ,
"modified" : "2016-09-06T13:25:01.000Z" ,
"description" : "/bin/unhide-self - Xchecked via VT: 88aea4bb5e68c1afe1fb11d55a190dddb8b1586f" ,
"pattern" : "[file:hashes.MD5 = 'df320ed7ee6ccf9f979aefe451877ffc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:25:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57cec3ad-0a58-4e03-b707-446b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:01.000Z" ,
"modified" : "2016-09-06T13:25:01.000Z" ,
"first_observed" : "2016-09-06T13:25:01Z" ,
"last_observed" : "2016-09-06T13:25:01Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57cec3ad-0a58-4e03-b707-446b02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57cec3ad-0a58-4e03-b707-446b02de0b81" ,
"value" : "https://www.virustotal.com/file/aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b/analysis/1423751099/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3ae-c8c4-412d-9943-42d802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:02.000Z" ,
"modified" : "2016-09-06T13:25:02.000Z" ,
"description" : "/bin/espeon-shell (detected as BKDR_UMREON.A) - Xchecked via VT: 48a6e43af0cb40d4f92b38062012117081b6774e" ,
"pattern" : "[file:hashes.SHA256 = '122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:25:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3ae-dc74-4a4c-ab0d-450902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:02.000Z" ,
"modified" : "2016-09-06T13:25:02.000Z" ,
"description" : "/bin/espeon-shell (detected as BKDR_UMREON.A) - Xchecked via VT: 48a6e43af0cb40d4f92b38062012117081b6774e" ,
"pattern" : "[file:hashes.MD5 = '9eef7e7e3c1bee2f8591a088244be0cb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:25:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57cec3ae-e510-4922-bddd-4e7c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:02.000Z" ,
"modified" : "2016-09-06T13:25:02.000Z" ,
"first_observed" : "2016-09-06T13:25:02Z" ,
"last_observed" : "2016-09-06T13:25:02Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57cec3ae-e510-4922-bddd-4e7c02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57cec3ae-e510-4922-bddd-4e7c02de0b81" ,
"value" : "https://www.virustotal.com/file/122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670/analysis/1472938012/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3ae-b2a0-4864-823a-4f5802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:02.000Z" ,
"modified" : "2016-09-06T13:25:02.000Z" ,
"description" : "/bin/pkg /bin/zypper ./bin/emerge /bin/yum /bin/apt-get - Xchecked via VT: 73ddcd21bf05a9edc7c85d1efd5304eea039d3cb" ,
"pattern" : "[file:hashes.SHA256 = '0751cf716ea9bc18e78eb2a82cc9ea0cac73d70a7a74c91740c95312c8a9d53a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:25:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57cec3ae-1f54-4aac-8c79-402702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:02.000Z" ,
"modified" : "2016-09-06T13:25:02.000Z" ,
"description" : "/bin/pkg /bin/zypper ./bin/emerge /bin/yum /bin/apt-get - Xchecked via VT: 73ddcd21bf05a9edc7c85d1efd5304eea039d3cb" ,
"pattern" : "[file:hashes.MD5 = 'f9ba2429eae5471acde820102c5b8159']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-06T13:25:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57cec3ae-f4f8-438b-8e59-4ae302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-06T13:25:02.000Z" ,
"modified" : "2016-09-06T13:25:02.000Z" ,
"first_observed" : "2016-09-06T13:25:02Z" ,
"last_observed" : "2016-09-06T13:25:02Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57cec3ae-f4f8-438b-8e59-4ae302de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57cec3ae-f4f8-438b-8e59-4ae302de0b81" ,
"value" : "https://www.virustotal.com/file/0751cf716ea9bc18e78eb2a82cc9ea0cac73d70a7a74c91740c95312c8a9d53a/analysis/1472938049/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d0101e-9248-447a-84cb-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:26.000Z" ,
"modified" : "2016-09-07T13:03:26.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAG1oJ0kc8PKsxAIAAPMDAAAgABwAMGFiNzc2ZmE4YTBmYmVkMmVmMjZjOTkzM2MzMmU5N2NVVAkAAx4Q0FceENBXdXgLAAEEIQAAAAQhAAAAIeNyb0XvoBpVfbLoAxDuXQXoES3wUfZ4QkqqWxON5cTFGqFTxhuz5j/vEnbIz+Aj3VGECE6kSDQlwpChJLatqtpMcz0X3DiL6KQv8kAhiZEGvilJzKVfshfmHsRXcYBccTundJRZI/C1Hx6gSa64ASsfiHL3xO7Uu29KFFtpkB4vtx4nC4WMkMvnSve3bxz4RWbsuhkyc1sYkxSzUi+Gzf0gQhn1V3VvHayps+UZd6LoWp33US0VHpPe5Rl5RhGefo3V5pAy0vU7W6AIZJWaLBYYsZiK+z0Zl4rgOyfIUMYGhHEX5iSN713g/Tdyo/B5kp+FP4HcMC2wszk0Q0gTEJb8KdEElPKN8bihh+GojtIt5nj+hxu1pq+Px1qgVuRhwEUzExvXVlGhq0q9pTY2c+G4Oa+5O2ESAs4sf/DyoQfUDXCCUTW10T65De5qBhg2SO030IIxsjeJ72pBmy6BX6E2kqfW3elOUiNQrpQF0k4Os5sSCmZ7JAez4pgyr+sKYLGVv6TwzVzJhxQKMkEWpkaPM5JLveGhpSKubdKnR7LkUvjFaYCkall0yzlQY/wQcha9RHjt7qiTSTTXhLIks+BB2x8FxdYG1mY1o+lhxfZCjMr4oD/3AiD3jdjAeY7arhmhffAqMAqcqfgQlt+F/nmeBsIX7Za9MhfRQwVdnWJxpRIDw+6jwlEA5CKsb8wCiExWJTgdYtA+e1f7ggtVXXNyczfaisMckVY3J33U1gTkW8UXypKcOszSVXjZG0FzfuR1h7BkVyOWOWB+PleEwVNwU8qB95Kn/wM6o/K/DmV0jpNpaBDw/EWdVOxeZlo8AF662ZuTuskHIRuzQMGLWCug4oWYNlMAU9ouaeF4WteuJeUY2mmXMELYBatTO5ew32yP0JRQA8nHN7zkizN4mJmB+uxdNvBl9UbpyksLl7DtTSrlUEsHCBzw8qzEAgAA8wMAAFBLAwQUAAkACABtaCdJAPy10EAAAABAAAAALQAcADBhYjc3NmZhOGEwZmJlZDJlZjI2Yzk5MzNjMzJlOTdjLmZpbGVuYW1lLnR4dFVUCQADHhDQVx4Q0Fd1eAsAAQQhAAAABCEAAAAi8BA4NMHD1O2HYWFXdN6eZhQWoYs9zyUOy8KemqX3zcncmsbzVNP11WiyGfv8heFyAJ4KGtefbdym1CrD3m9HUEsHCAD8tdBAAAAAQAAAAFBLAQIeAxQACQAIAG1oJ0kc8PKsxAIAAPMDAAAgABgAAAAAAAEAAACkgQAAAAAwYWI3NzZmYThhMGZiZWQyZWYyNmM5OTMzYzMyZTk3Y1VUBQADHhDQV3V4CwABBCEAAAAEIQAAAFBLAQIeAxQACQAIAG1oJ0kA/LXQQAAAAEAAAAAtABgAAAAAAAEAAACkgS4DAAAwYWI3NzZmYThhMGZiZWQyZWYyNmM5OTMzYzMyZTk3Yy5maWxlbmFtZS50eHRVVAUAAx4Q0Fd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAA5QMAAAAA' AND file:name = '0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f' AND file:hashes.MD5 = '0ab776fa8a0fbed2ef26c9933c32e97c' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d0101e-30a0-4a1e-830c-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:26.000Z" ,
"modified" : "2016-09-07T13:03:26.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f' AND file:hashes.SHA1 = '4f6c6d42bdf93f4ccf68d888ce7f98bcd929fc72']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d0101f-8874-417b-b565-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:27.000Z" ,
"modified" : "2016-09-07T13:03:27.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f' AND file:hashes.SHA256 = '0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01020-38c0-4d9a-a3f5-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:28.000Z" ,
"modified" : "2016-09-07T13:03:28.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAG5oJ0nHNg4QRgIAANoDAAAgABwAYjk4MjU5N2NlYjcyNzQ2MTdmMjg2Y2E4MDg2NGY0OTlVVAkAAyAQ0FcgENBXdXgLAAEEIQAAAAQhAAAA860ubD+JuslFxrlEL8Fl23/ISyOHnUgQ84Rngf7Z4+JrnwqeDcGk/6Gv5OL4qzLWWKdi5IHXFzdSk7R6F1uQYwj9LOdpMmgqMAeQOIbRLxxHMrfa/m+kNiVYYz+//GASuSVNMbkUUkrTJtn581M6WZtptWDwDD/nV2TgG+oGOJohLTHJBLohlpqxIAqmDbGwF9MISmPxy/OEEgV3qfvZJuZVjoe/Inhv9pbX1jtxCGgJPvviAyHVBm8vjid+3ydw12b3cC3h/TEvJlDKVAzSik/xzDmsxggICb8i+p/ZzyTViR4a6E4SsrNECR9cybKaKBY4EjoQkj062ImJXhoaaZBr/v3Bzkuo2fMA1DUmQyYJI0V5PHYJBjfHuF30/MIuD0bS3zAsWG+xDuekFQ/wj/uAW45IPfLS+FMaKF+SIz1FnMklhEuNJOWfoUz6Lzou298J6MBGOxFBCBlYlH3loiu+4KedTQWpE39MtBO/qrTjnh8OUct/5MrU64fAZ2UarMycoaXUJ43OEayccyoAPM2JN2RTPeB7YetPqQllpsNrSFDxQDNV9/sVZP6vrjBh3ROSUuZoEzy4SxlOcoqdnp0PZw5gpE0MPx0o0waivz4fVLjki0nOVVQSppv0Uf9S8wojOqTjMhAYCeHgXrT6OT0zSumjcIytk2IL823rZuCRH5MuShh6tN/XWApWXi3ZwFz45rOnJh4e/nipsarD2hLpJ0B5VD3Umtuf/kxZQ0rHmMonzZGu27idgdhRrP2hkb4KUXD+UEsHCMc2DhBGAgAA2gMAAFBLAwQUAAkACABuaCdJGtS9qEEAAABAAAAALQAcAGI5ODI1OTdjZWI3Mjc0NjE3ZjI4NmNhODA4NjRmNDk5LmZpbGVuYW1lLnR4dFVUCQADIBDQVyAQ0Fd1eAsAAQQhAAAABCEAAACH4kQSnjcgpb95N0uBQ/EHhJt1FfiKUPCAsKMiH8mhEumby2KUMC7nzsfcGAxFV8Udt6h8njUhKxwmtkJezL37s1BLBwga1L2oQQAAAEAAAABQSwECHgMUAAkACABuaCdJxzYOEEYCAADaAwAAIAAYAAAAAAABAAAApIEAAAAAYjk4MjU5N2NlYjcyNzQ2MTdmMjg2Y2E4MDg2NGY0OTlVVAUAAyAQ0Fd1eAsAAQQhAAAABCEAAABQSwECHgMUAAkACABuaCdJGtS9qEEAAABAAAAALQAYAAAAAAABAAAApIGwAgAAYjk4MjU5N2NlYjcyNzQ2MTdmMjg2Y2E4MDg2NGY0OTkuZmlsZW5hbWUudHh0VVQFAAMgENBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAGgDAAAAAA==' AND file:name = '0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff' AND file:hashes.MD5 = 'b982597ceb7274617f286ca80864f499' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01020-7ebc-4930-a09a-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:28.000Z" ,
"modified" : "2016-09-07T13:03:28.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff' AND file:hashes.SHA1 = '1f1ab0a8e9ec43d154cd7ab39bfaaa1eada4ad5e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01021-4324-44f0-a6b4-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:29.000Z" ,
"modified" : "2016-09-07T13:03:29.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff' AND file:hashes.SHA256 = '0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01021-5c6c-4be2-8f08-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:29.000Z" ,
"modified" : "2016-09-07T13:03:29.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A G 9 o J 0 m z v 4 N g k l 0 A A I j + A A A g A B w A Z D B k O T c 4 O T k x M z F j M j l i M 2 V j O W F l O D l h N m Q 0 O W E y M 2 V V V A k A A y E Q 0 F c h E N B X d X g L A A E E I Q A A A A Q h A A A A 0 o s p 6 l V f e q A P u 5 J W 9 Y z a A f K b A s K 6 m h S F Z z q z 0 X B a O q P U J b Y R L t z H g l M 0 p p 3 Z + v L q d B S Y + Q E e d l d Y j b n e w h k j + c D Z P X o Q M R u F g r a P 0e88 z 2 x r S J G D 0 k e z h l 8 w h O 430 p I z o f y J P t x v X O C l / h 4 U 1 b J p G A E D v e Q b D H + m E d F 9 j D 7 S 1 g e X N g 8 q k 8 O D Y Y y Z i 3 H s V k Y n I M k E h M 0 4 t Q L c J 8 S i T W 4 r I h x k w B 31 T l r H 0 o k P 7 G T S i n U D k T K H M T m W m C P s V v V 1 s P y 1 W O a k f d 9 O K 9 O n p + F t E + V g H y U H 16 b j h 3 + K n h A K P 9 J T m 2 Y d B L e I Z Y h L v h H l Q P i i t d n K V Y m Q s H O z B O Y 26e4 G P J o Q 465 s i x C W E t C z F e v m P M W j O K N L y U j t A u Q M 0 7 k d U q X 8 M f x s 2 Y Q V 55 J S n 2 t Q G X Y h j P n L 39 h H w U q 6 m Q T A s k 8 e p L n e y Z 37 I z R e C 7 I B l K D m 9 D C 6 o Q 3 s P 0 T K n r z / b m k A w F 27 Z 4 p B 8 F s g j d n c i Y X 65 Y J c S J j Q k w z M D J 8 s H B 2 q q v W A u U E G / 11 r Z y 0 p M i g b x f 2 q d R S 3 h 1 I p n K M 1 S Y W K 9 K h 6 v 9 v Q v d D o L G 100 W 6 d E C i p w x I 1 K y L x 65 r r N A n e R t g R y u x S M u U I 76 h + M P a F U t E v q n k T 7 U x + z r K N h p H 2 c X p c t 0 X X 0 A e X k 4 w F s 1 K E 4 o B J F x y / E 3 M f o a I R 6 D r Y H e G u y p S + m d u o 3 w 0 7 P U r V G I R O A + / c X S c T Y Y a w W R O C x 2 j v C l y 8 l 15 h S V V E a / i r c u O / L i i E i C H I J l J 407 O h w E z L i k s g 7 r F m T + I 1 h o t s l Y e b K 9 x P V C 5 s E Q K 8 v V D y g b T g N 3 A I k Z O Y z 3 H 6 F p x O i y 191 h A m k / j d k v 61 x b f m a t t 4 M M v g V b z w X q y Y D 9 C Y j A 8 L i K s W B l o 8 i q k 9 g 9 k v u 6 b j W u Q x s k 23 u 4 n N h r t Y r D T N l O T R t P 43 L 8 e n 3 l q i P m p a D / o 0 x z w 0 7 Z o w S B Z 2 V Q A D z U J C s s h b 5 h O h s f P a b p n c u X k W L e Z R d z j v O A X G U t O p 1 t J s M P q W Y y l K B s L g p L d G M / O x Y 1 l 9 G w g 9 O G V r r U 4 J M t V C / b j E j + r R 6 V v 8 Y C q 1 M W M q 2 + I X D b E 5 r y m K 68 L 3 U T y c w g h R Z X d c / u 28 H G H a / R z V L U 0 j t e j A e r p / v R z m S S V f J a c 9 P 7 Z H A V Q R y 8 C J a w u 2 p N z n c Q L Q p t Z I + k n J 86 I K 9 / 8 i o W p I p Z f Y y U n F d v z C Q Z r o i W Z i z 22 Y s D B K j H P F 0 v f R 4 d 8 b b 1 R m x O Z U + s c t l I G C L q V P Q / P 9 A n O V J w s B V A K q J B m H 8 F B a 1 s N y Y g n Q o A / Z c 3 S H 5 b + p 2 c R 5 r g w g 7 d N O / M 7 C K p y M Y m l + b p E 42 W q R l b C + 106 q s p h C n b r / C Y 0 Y 8 I o 2 m x G w g Z w r C c 4 v z c Q + q o K L D 5 I O 2 m + h a F 2 I g d 5 e I s j p d i X 2 n d n j Z r I R s 9 a K / I t 6 k S x r J D A d w b s u k P s Y V e O 2 E p / + d 43 V e 5 P E h Y M E F m t 3 V E k B G s + v f + y N x D R K 1 F I w v G K t i + b / + N f W G x i x i E d 7 B R d r h H 7 l F m L s I N d F n d O T q Q i X i 1 u t S Y u 7 G D p Q 8 E M u 2 r 70 J I F s L + R S J B r i I r g K T l l 1 X 521 I V q g 1 A 1 d L i p A Q R 8 P t 82 m 7 F L Z t n 3 G t q 1 T H y d 6 W r 7 d w R T 3 p S R a B X n a x S 3 x E C 3 A e C r c j //+auVgL4R7rlkiFXwjXRoEB5K9mcGtDiDFYVouUtMEll813GsNFYZfSc2I+QLqaEa5ZYfe/8zOL20zt/HyOxdgJVNSiOxOL+3KuQs9d+wD+iLMrTCdtTc105XxrKUBh9zwFc/svnMD5jntDYG58lg9Lr8oNZwPzi80L8j8x1HKtCqWDbyq6OUvdlFQ4qu0Kc+5SYyF/ai8sFNr65TPGApleg19V23M943DeiYxXZK9v63rArkQN4EWFxhHkx42uSDtWC4PgvWPkbWxSiIrD59OQHVe2V0rrSh9rKlOu0uyL/rFqWGhSyIpMX/DsHZZ6mqtFES03Uz2AeZB/1XKfSfIAGPzG3Akvkb8oTjtFtgZ3/MWtVJz3KjLN3B4FsIyJv63siHLErPuTwV2owNmW+Q39cHwvMC7+S3rGudgoPdNM0POF5HaL/LZufyq5cb5yww/t+l2dcZxujpvBrf6QbxAJ/R5HXIuCCREwF98qsZbkDI2KsdNuUBCLwrj8WvQlsik1c87hJsyYlzGvVWbvy4esxjxbMGU05OU+OzwoJpGi7NRwZNbEHvbM3Rds58p7rRu86Ks/QDVWFxb+vS74zIwwXMgQtDI2z5oZH/dAKGvAPlDw/3s6kRivnPXEgD1Fy0KZ8h14ETjoWfpYhwM5l5CnJdg4TokqCpLSsj5Z/Y0xcQIyWwzOBQTJUwoU5Rm5QE1YF9QlRekncp3ZT19Qb3jsSez2HMnaorHvbbhYPztEjYWE//dsYVGgGU4/vX2hHya28NtBfdClQrh/BJ1N8L8aUMBTNj+Tp8pxyydo9Th1CZmRvT6Cf+oJ5ygHw5ULmhREXhCH/jONMKjANhQoudzqKUhN6PwETk9yrbvPPWmVAh7nQFIbIVDpK+ko55UtAUBbXhtnObF2qKbKUvRUztd41OGOasAV27l1XttqmZdN6iPkyK7zUbd05ZMIhVWFU4NY3BE3b8iU+qxinFMIz5QAUeII3B9O5j23QI45qq7iRap5/lAVSn2rUGkYvKCZy6uzcMYxy+C6E7kslOpVhn2opJF3zId5s3QNu4ZFpmEl4FsrGvvIOTOKITA8IaT0CCmS0ZPzMfPaI38ldCkTYFrh0s1KDblh4lk/8PnQTFSNl8nvkhsk6UvKYU6tOtUzefjARzl0A5AXSSyMn5WUGebfj0W/esTxaw8vTO5NBg69kaaOalbuBzbguv+NL/afxgze94X6A0TvvLMPoUvakebpOLefu46kG0fr4jh0tOCcGRf/ccWWQ0LmmjNgoewOdSf5KaHOo/ZtLP5je7yJKUAUAajBHrk9Y6/NsWydx8f1xz+4t37wRWxxLRoGimdwEMv6cKEKjONjRaYsljHTEe4cTenlbRUFgFjiEFywBvaz7m7xZf3c++LsRfMVkDC8o9I7ykVwfizgblH7E5J2pUinxyVhsbFWm6v5/S/CDFUdjgXDbepV27lh2dteQNEkve8yr1nTPLWvqVcw4cB1HCNDTHpV1cGHaLm5vaD/6lBSxQTRhGRDBLXfZZluLa0D5Ku3kmeAANSVpPlNOm9r175CYk6TRH1DLi/MLO4E1fQ+PIBYkcWx0LsOvQj9Kx3Y2VpKQidq91t/tTSo+lsUbZrviEVVXcK0iPLPTDut2eSBuEDV6cuT5U8OMdUlnFjXvazW5JM71+sjINc9BUWdYfd4jnS285diRea8bmEdp+OENykgnrvZApLlrr/fbaYEqRoJO4qtY7avN43JCm+JAUnToMnR19z7CVQ2b3E/lQlNS3S/qRhsHuPknJ1N55Q99rKyp1mt9w5/poq/55D2cOYvONEYio8R/eFE34EPutUC2fByC8obxga5oh/XjRbtLmfTXUJxVmkwWPlUaXI2nlXSz0YSXMnHOtygCj3HwYpC08dK+e/HveLi+2+vPZbPHUU+ljrGJPlteLvG4FY+t4wm82IVT5TMg1z/PZ5SYDpZsmMW8vMNkG9eLWQqBwKKzI5H+ngHtedaB3jc10eZhipiulxKDum1k72zNSwoK0JaT90SpCFmPfhA9byBtqYXAZbhSb47DL8FaGo0OClhWLx6oz9K+vusuJbxx82cijrjH9fYNUJUyjjKZPKpIXXH4+NZEKUDSn1C2CvYbUlYCzkkYsMKAwRn8fbI3MTtDVqspRANVxX0agf0cSsqc8vWS0bYsKBNCy/EJanj1vDKvUIXZMwFGrcA7FGh8yt3+VzlwsOFKwIFd61GBzjocPW6oQLJ8Q5JxWLSByFVSrfjDXau0xY5O5TFV0A9dbRl3y9+6MUNJ23NPPVRBYCBOL6wMUj7RSeSbgECBUEnc2WowwsePxTwJTh/1QiYlGbB8GFJo
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01022-6888-4ca1-8a2d-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:30.000Z" ,
"modified" : "2016-09-07T13:03:30.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '4fc4b5dab105e03f03ba3ec301bab9e2d37f17a431dee7f2e5a8dfadcca4c234' AND file:hashes.SHA1 = 'e2bc8945f0d7ca8986b4223ed9ba13686a798446']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01023-7a28-4113-b710-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:31.000Z" ,
"modified" : "2016-09-07T13:03:31.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '4fc4b5dab105e03f03ba3ec301bab9e2d37f17a431dee7f2e5a8dfadcca4c234' AND file:hashes.SHA256 = '4fc4b5dab105e03f03ba3ec301bab9e2d37f17a431dee7f2e5a8dfadcca4c234']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01023-4f28-450f-baad-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:31.000Z" ,
"modified" : "2016-09-07T13:03:31.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A H B o J 0 n u E + 7 X 3 g 8 A A J 8 k A A A g A B w A Y T Q 3 Z T M 4 N D Y 0 N z U 0 M j g 5 Y z B m N G E 1 N W V k N 2 J i N T U 2 N D h V V A k A A y M Q 0 F c j E N B X d X g L A A E E I Q A A A A Q h A A A A 0 o s p 6 l V f e q A P u 40 C G U A p V Z D e U g Q 5 k a q 8 C 6 d v U Y j z 4 z s z d M Q I A 6 n u n s h p 274 O 6 h g f C q P w o w X i D + m 8 X i w K E y F S Z X l h H q e s U Y C h D 0 8 l S 1 v g 6 T U c H S g M b E B G F O N B C q M / p 8 g X D e k 4 e / g 2 a R e 2 F y 7 Y B l h e A d T p 3 f R V s B y F T j J p v 1 V G Y F Q v l 9 t e A w P d M p f m C E m v z R B y e U 8 A R q 77 Z k B / h f T p r S a a d Y Q W a l x k p t 0 37 D 1 Y Y g t J 3 k M Y o J y m 2 U / t O F 1 d e G s 3 y U Y 4 Z J Z H x g m z 3 m E 1 d B X u j w S V e x b A R o A q T Q w x 336 F q n O s 7 i O r K X 3 O L t c k 6 X O U j e 838 W 8 f D E Z Y U Q 77 V s 5 e B P J 5 c P 2 I o 5 k / j b j N 6 h D U 44 X m + Q N L e 74 D k 5 D j E y m G m U M n l V T t C t V O o Z Z G U 7 g 5 D L e 2 K w R a N I c d k P z h c 64 A s + R n U 1 + l N A 3 i J g O b U X D l J i j J m X u V W R u M C 2 o z P S b 4 o f m / Y y l 4 h E y k C P v m D Y b L + / 7 o 6 y z W j 2 l Q Z g / V k p Q e k Z B 39 A Q 0 Z F l p S 5 Y n 8 N O 9 V a f Q z R 2 B t T s 3 o 1 i O w U 5 d Y R 8 + q e C / 9 w Q t x e a M T P v J + n h L N b 46 b u 9 K m 4 a w Z 6 K X b c R Q + a A T q U S 3 n 6 S z k n B f P N N 2 g T 6 z z q T 0 y L Z e 7 + i T v S y 4 + q 8 B B U c I m D b e o l n 1 B y D o g a Q 4 L B X K l w V i I H c + G W p b z l N 3 b n m R W A F d v t V Z x H O B 3e9 i d P Z t 8 V 2 Y y U R x S / S H L Q 6 c 9 Q l 2 W 4 + g B U Z D 8 c 7 u Q 2 A V d X 2 l M B H X h k n y 4 I y v t 2 E w Y N W o b B + I F x / 96 U 5 x K Y t V V F o H v / C k 0 O N E m N B 0 c 6 k 2 o 2 / d 3 + 7 s c G m A q t N y z P R d G i 1 B x P Q T H U Q I G C 2 N y f L 61 P h a u q r L d H a X Q J w f L o 6 e o / z 388 l a c x K 7 Z U 4 r Q J 4 s J Z D H V u h a j 2 V e C 8 D l i j 8 O M U B 1 d H e W + L 2 L 1 a W B 2 K o 7 / + P O C k 4 n u 90 a 1 D j 0 3 K h n V / i c x q a w o 8 Z f I D D r g n H k B 5 Z 6 T h y + w S Q B 5 G D 8 a Z r R F 5 h I y o L i t t m v 0 m n T p U H N V f f V s Z 5 N X a + e q o + o N W z Q m q / u h m 4 y U w 2 r s L U 3 P W H L z d y 6 d 0 d k w U P k d 56 + Y 4 A 1 V j Z c m o p H m 0 7 + 5 j y m o x p J a K V I m + T 5 V X 5 u A u F O p Q 0 t w a T w R 11 t p m m m I q F 7 H + X o e M G n A u b 2 t W S u g B R R g D N E Y g G r 4 b q D j 4 b C R O s Q i B s Q 7 n R r C p O K x T 98 L x E U Z v X r w v j U j F U U p O 7 H s K w a t I s p D Z V c O O Z o l F a Y k x r M R s q q 6 G A j P 3 v L I k M u E G 36 Z B M K W K o A o n 2 x X 67 P r U m s 33 G + E z b K F a L M A g Y M a K O / M 9 W e J X I O M u 7 M B + t T K Z I + f i m m + 4 o F 8 A J Y P E n W I B y k H q 5 V Y j h B B P E V d 27 w u f r t 48 k N 7 H K w G V Q w W j C 86 T r F c S I h v h c D b Z l h k y A A i E k X S O 12 G B 0 U L F 4 H p m b n e j p W i O j 0 f Y K / H A o 2 u t 2 H P R 2 a K f P F P l W r H 2 + j y Z F O o Q w r 28 A r Q D 7 I w w n v 8 + i n b 9 L A A H e z W F X L q a b w X O t 8 N M 0 w 7 L Z F O G X v E 72 X s l d w S 64 m B f l L D q 3 A F F Q h a J R z Y z 9 g p w 1 L C j 4 G 9 p W f l X N F a 8 r 2 F r a e y n Q k p T A s d d l R L 9 S x 2 V K P 3 W + 2 V W Q 2 x E O v 2 K S I R c D a G C t i G / E 1 n K E X L M R 4 P p / 7 t 9 l E t g a q 0 1 e / i 0 M i X e w L y j u I 5 Q o g X V c L T r g s a x y 317 W 2 w q m H 1 f / C m F h M a 6 N h q I A o 9 T O L H W n v V 60 E U 4 V o 80 m r Y 9 s v t X 0 O Q O m D 8 / r U T e 7 g b Q U 690 M 9 k e 1 m I n n H t e 8 d H 8 l I X 0 i q j Y x i s r C f F 4 / T t K 5 P 75 r 3 b 6 O Y M T s T 1 O m K 0 + 45 k j F l g l i 0 t Z L i p 7 C t V / 4 g j Q g L 65 S Y u J Y Y g l D l 7 a H A 8 S p 0 k 0 3 o 8 v H T b C J A c Q j 2 P b 8 N R L 9 O A 3 X X q D 4 Y + Z Y V c Y s h K 3 T P A 4 F 1 x 8 f m h r 1 q + j o Z S C f t D 6 I n 7 x R R b S G f 6 A f 12 F A r S c 5 e y 67 E d F r M e S g e j / F j s 5 A Z / c m q H L O i u p / 9 H h U m 78 S M R v E V z 78 U x a x R N e s U N j W i m m J / V Z M 7 d 3 l Z B d 0 / h j X Q M J s T t a S f o Y 7 W j 7 E d r c r 3 m o 0 V C b Q O / D 4 G E w o u v X + f C I d F 3 H w g x j I M 40 t a J 0 I s a M v D 0 J 5 R l R D b O O 3 h d W a M 9 Y e 1 v L H + 0 Q j 2 + y e U B 8 g S N v 6 t / q r v H F w M n L P J 87 R v C a 4 F P h h H c z q n q P L h M V 20 u v T 2 E q 2 M 6 u o t 4 O v y n f h X B J 6 T E b D Z e K z X p n k P 2 O U j j w y q e d 971 L j O 0 42 N V L A / A 0 e M y c d u R D O s 2 g R P B k z n g g w F U P j g I N t 2 t f i Q t F + c o F q p l 9 A P z 7 o G 7 O B B L 1 P g J 7 x k k / X O K i s l h q E Z 2 + e n N C C 37 s h v 34 C e N R T z / f D F L R M q E / G Y C b d p c t C h 53 t 94 E d 10 J 9 F j 35 q / f y + o b v v u P l i 70 H B i s k n T 7 M Y 6 J P m B / 4 m N + i L u Z 8 f I q 0 M I 8 P p N H P 6 q e P e i e q t p / E i D 6 B I 0 l I S L j r Z 6 p 0e7 U y x 3 h p d x H F D H s G D 4 V X 14 F J Z S R p c 3 E Q J p 47 p 5 b u u 5 K W B / U 4 J I G z V j / E C Y 8 t V N P m Z d X u d y Y t W n S f h v K H N M B 4 b j M E g M q 2 a 4 r L W d s Y L x z L f 2 y L d e d t x x 1 U d d O E x v 25 U Y E N a + b x Z l Q 1 G d p D B V G o x + Z t O s S o P F n c d n I 2 z m A 9 c 0 Q k 5 X / H a p c G N T b D J V b D b 9 P 7 z s L h y H K 1931 x a M G 0 12 g x J 6 / g l I f s R / w H K 0 B h 2 C 9 I k + S 55 w M F N f Y 8 n 4 r H U V a 31 W j O s G D M Z Z U d + L x M A D L P A V G T j 9 r / g B 8 N p N H 4 v D n v N h s W 5 Q t 1 m V B 51 Q Z Q J w P L 3 f L T 8 d W Q 5 n u z 7 C p 4 x d J N W p Z e U J V C W b C 80 x X + 1 K c 1 p M m e I f H N Q q N Q h G 0 L C s X B i 3 D I K P j P j j P H a 2 / l H u + Z h y Q / y 0 1 L 7 F D U A O q B Z R w W d e G T q x L I T P d e C c j 8 K K a q P A J t M b + z m O 5 H G I v f 4 y q w u X / O 1 g 0 P / k h h h R + S y k F q K Q 5 d t y w s 6 A i s 1 a U w K Y J X s B 4 K M c V H 6 M 0 u q 4 f + I 5 i T c 1 B B 6 S y 4 v O o 8 n n T 1 t G F I K 3 X s r D L f 0 D + i M S g v 0 7 R H i g N C w y M f 2 A + i D M B E 6 L s 4 A K 3 n D q F 6 t E N g W + F Z y F Y 9 o 91 f p h u t + k C i y Z 4 r W C d a c H 3 v H R r C l m V u 4 A L q 9 N V H j 8 Q v Q 14 E r j m d o V D O v k 9 j k J J F H S T K q I m 4 P k e u N Y N a J S d m w k e g W G G c J C q f R P 47 v P Y B c B Y / 0 8 + c 3 V b 922 u G w M Z 2 F s c x H y v z 314 f J p G 83 i E y q j y U N a t e b c B 0 9 X Z a q x I k P 8 C f D j 0 24 z r E z 2 U Y 7 x j d 7 V y Y S y i a U 3 U C a j 8 T o p V g 1 i m Y Q l 7 B u a F 1 X 1 D W I J h U 35 a J u o z 6 P + s Q 4 v F B K X 0 h a C 3 y o R j P K X c 6 O P 3 R i W 42 / b 6 f d D n 9 y x K S y O K P 5 h 5 h J 85E+1 / U u h / A + B U i e e S k M L / M E F h o Y p Q d E I + f 2 s i A p x W I V k 50 k n X B J 8 I k Y Z b R O j 4 V T t a b l C A T w r + 97 V b J I B w D D u z 71 e U r 74 O Q u v U L q f m L P a e T C 2 w v I U K J 1 f z k / t n 56 g Z C U p r / q a S B A e w + 7 x j 9 h i X X J D Q p P + o i v s t x 44 L + Y H P N L / 3 N 8 D M 425 m 2 x g J 9 u p K z z q L g k D F e X r 2 s d / b k E J O n E K D f k B k Q 2 k r I g C X M l m z 4 + Y Q E v b Z d 80 k 6 q P 5 l U 8 E Q z m c Y z g E x / A e u a m f v v f V s a U 1 T b z / m e h M s H e q p Y z A s D U i X Q B 2 v A b 5 / a T K Y v 9 H 5 i O O H c w 0 c u 1 O w r T E Q f L H 3 M r H C H q h h t U m K 7 j c Y + s a J k V + 218 L 6 G D j b 0 C P f r D 7 b N T 1 k D x n z Q D G s b V y G U j c 84 y p T x Z F Y h u x f h f E M A z x h e 0 y g 3 f Z 5 V y B 9 z 0 I n E 0 e h o c 2 T 2 D q H g m s k r Y y Q X 3 / e p O Y j x 2 L S q Z O R 5 F N t t 8 H s k 5 L O x i R n i J 1 k O b Q A t g L Q z v D v 0 m 46E69 h c L 1 Y a Z C w A i K 8 c h M U x f o T K G v Q w b k p E 8 q o u G E l v m + S a V 2 r L / P i E 9 H y m Q g M X E B A w F K 8 f 6 A 8 k I W 6 L o 9 U i P p M i N P 3 p / i I u l Q Z A H N H F E P A q W W a I W 6 L s 8 d Q 0 l j O n e V 2 C 8 + U x U f B 1 L F I C v 5 d + a y M K g Y f W y X l e o I r B J b 98 R L v y B i A b X Y N w i H 4 Z Q J
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01024-7d60-4390-b4e3-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:32.000Z" ,
"modified" : "2016-09-07T13:03:32.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '015a84eb1d18beb310e7aeeceab8b84776078935c45924b3a10aa884a93e28ac' AND file:hashes.SHA1 = '022be09c68a410f6bed15c98b63e15bb57e920a9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01024-2d2c-43aa-9083-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:32.000Z" ,
"modified" : "2016-09-07T13:03:32.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '015a84eb1d18beb310e7aeeceab8b84776078935c45924b3a10aa884a93e28ac' AND file:hashes.SHA256 = '015a84eb1d18beb310e7aeeceab8b84776078935c45924b3a10aa884a93e28ac']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01025-8914-4961-af6d-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:33.000Z" ,
"modified" : "2016-09-07T13:03:33.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A H F o J 0 l F x M C I b Q o A A A U Y A A A g A B w A Y j Q 3 N D Z i Y j V l N j k 3 Z j I z Y T U 4 N D J h Y m N h Z W Q z N m M 5 M T R V V A k A A y U Q 0 F c l E N B X d X g L A A E E I Q A A A A Q h A A A A 73 Z k u 21 f S y b T R T 4 q 1 r z B 6 g Y m 5 l K 6 r g G i i F c F H h S d C m P y H j O N I N P x q X d c I e + l g d e V D h E 6 z t x l q 8 c D Z v v G k C U h z l 9 i d Z R O v J + H Y P G l z V C / C n P P y J i d w 3 o R k W a p 9 t 7 k t 28 R l 7 r x o 6 h s 0 D K + H u + l 6 h 9 x O p X d X r T w i 1 r f t N D V U F 2 X G U K g d w C d R T 0 E / R I 6 P 3 M y B e F y S x Q K a U R x N e c I I 9 u o 71 i 3 w O c W i b M f M E 5 f R O c 7 + U I o V c J B h C m x 1 R x 2 s M 6 P l a k K U l X + K c R x y Z R H I X h j a K m M Y H Z i 8 H q + f 6 D 1 t g w 8257 p A x E 1 C o 2 b b E B k X v f 6 M E V 5 T Z z 9 t W S T m H / m t k 9 / O P H 8 K R j k F c q 7 g k y X S Q L r m f S w o 2 o 7 Q 6 R T 4 b M p w U b C G P N F H I 7 q f c j E / t 9 n U G V y X 0 k 6 r q c C X y 452 H q V X H W m r m A Z q 7 d + A H M N R x g 0 c c H T L A Y 6 e t n C y V 6 s U 9 S 3 x l M M e 0 7 N w J c I 3 z 0 o t G f K 0 A h V //FIAEbp12btHQYmAJM9qhuWp251GRxB+37avNJ9joKCAQbS6uJKiOlETYTuxhnACQLEqSKCX0FZWUl4pDWiOBCDY92fEwXZruhpEMPIIXwkSDSQtgX2B9XGD/1mhrApVH2SxhW1Xyh3yH0MaFlyumyJFTD34PMFdUW6t03+IuTnahjkSV7tmRbHm/CLAbJxkeIDkDCDFKXTgWK/C9J8s7numv2nxhdcDVsSYwujRm/E/6WJkAlu39f/pz8G6Yy+8J9ZEGvzJV1RkM4PImw0hesmRxtGMYEg1M3FmHPrI/tf79OhSvlqxLDn0YjX3RmO6RshkK/3nZbSJxUbBlcwU+M5s1b+Ow5MmpBAS9KMv8LbZgWi8J3PPWAfKCoLmU+6BrMnhSjXhL+Jx/YDanKsJ80zRFaIMcpl8jSwxTZppuTN8++6E5VTUHJ0gWgpdPhFsCukWuONkiHNSOhBO5fF7d4cdLd1BrukLK2oW1QLB23ySlu3hFeG3oEKGaX6fh6q5tGDT6TBXzPws83eQT5QZ+QIciMP0GgAr4EJYC8GIAVk5jlSGeigzsQ9TYDzHGQfp1qFLjs/zgvFVhkFoHxIU0a3sB+uU+EVBsC5tKHrSFeN2InWLt1jppJKx+7jWliKBuuXlQ13oM1R/ps+Xmi+8yZdAGJgeM6+of0wKyQVu6pmsC1/9yCzKO8wjWpHOnWSbH394Uv+WBfCqz18dOqhxQK80d9cESwVYln12RYIhDfDfHPBPmdM6+qdx5jdTLtV6CLk4Ta6Eyq8Ms9Hi8RhAd42ITcZLMVjOFnUskiWyOfRLiwc0GCT8J9DCtSftrOnr7P6F/ythHiCsu/qPP6biN9YlWpmAoRE77NwnZNXhSQ+5XgmXi3wKy/81xy/VBa5dP2Ul2nMZFnWRHzfp8JyXhcJtZkvaO2xP9+omOh6G883FasUL68JR7LFMiceUit7kcbV9fnoXkUqZFS2M0zwFuafg/6QcC4BR2XQ2qdaOaCSpKaI9gK6SJfLRqIfWmDxvDPvooJOjxI+O2c38THnSVsrr+LafJOm1hwHfHgXtx9w20WgyePLu6hh0B3D6l0MNuWXe3OrP47xMqB1SPcCCPrJ4S508g+cv0rX06ONGUzKd4CRWztgHD9nBoQj37lK0f9rqY3VVBmo66UM2zIuhjnlkf3a8+2R+9FOVTas0bLMnuGaICqKjLi697lAhzrzV09MW2Co3lxLUrsUUkuwouRsHbgtg2M4p975hd1nIlwujOHdubSws/rK26GhABmmVO4LnYfk6Mq6JG3rDK/MGeaxrJ/6RxohxEMVl11Bgv421ogbCHMdMbSBQQXg8PdJc2yP1UuXg1KP/hD4htisK9yLhb1FfP45MaYvZKTc01fm3UEwltpczSSu8onDJ0K7RF4qjZqIpBdincEeBAUIUqT2nKfv1XcXPr9/Q/25r5MVXGGaovP3ZTXdLWUVU5lFmQIZ5PZb0Fu9bMzZ8NAzVe0nkrjZ3XXLyJLsA7Crhpg9BIj97kY1BMiXWswF68o/2ozRLt7NjAEIGOlGLJ/OzZEk8+wMzSU/EpgCFD66LH4YMU+vgloQd3I08UyaAAA36TXACHXEjktz+BXcavlpu1OvdUnZ1SjE0xAtjukiN1mVHL7o0fqi5dg/0fYlHxP9yetdjcm0XLsFtyZYFFMxJUOEUsarPHNdfxYOkPQ9Loqr03qxhnNTNXA1rj5ii7X9TIW42JrQNzKo7gn+PHT6qYa1DcBpqFXsMteXMNcTaerCFcZKiLI2J+G56mn9E6AVIuaaGk4gXKorAYq74CC3wYPQXV7NuADnHJ1Dop3dzqs0FXaZFZRP6HTFQI1dzeVvu96H4IH2P3tp1mr3i1hh5D3yvoP7yjo+5HccUKH32DkFVK6BgMrVkCWpR0+xgCsvGaKqcoQdRWoHWclTuBY72De/8uCDdyLrnSdNVT2AE9408FXVsLXaUWe+y54LaTWzV8bvG2FYYvPRFjCqRPBdHMB8epJ2TW3NovSggpgxGz45iLuUC9Ga2iSUI+t/yTyxDRcTyU5niOgyrLwVM5BnLtWJi7UCXrm27GIw0WFUlfEuJ6pUbvHSiU2a84nJBiFcqfyqG8oWN5zbfiJmMHCHXjwDRaDJ3mGxcZ110aTkQJJBdpWLHSPj47bGgUeOl46vaGlEYBEiDowWy/o8HqVk8uD00COVfEfYYSbFZV2bzwDpkGYehTba7+WESJn2eBYbAvrq+zTTxYbufMoU7XoN1f98iCWrJTErJJyEDLl/XV1Ej1Jm9Vm6bq3+UOZ1mQj+cUGIM9k7RTmWZZKp2BUpB4gUZzAgri9NtPF/WSoyW+NN6SqU21EUQ5OKYOsOcf50wYt+sXrYNTVTM9M2phn8nFKznZcy0/k1o4SbjF34lIRP3NrEikcO+CCbhs8GPh0L5hW7T3VVnCuMA3jTuJzYOGspkDYvFnwlkVinxSLWgdIzGYl3FWelb1YSEv2IUc2w0vXgJcVWigg4R+YLl34bCan0CJEH+lo6FEIRoTrXnLpi+NoJYMPdQdjmJLsUihAkQJODq42+UXSAqjS/cBPibjdZaOkj5yBXVTUxLTVfX7WuNMQQPObOzjY0AA0uJBNdpFRmzgaDmgrGeipI5CQt9ITq9WnVdi6PVCm3LPUJDYS/S1/5ZlZWkP12odgtYizGA2DDMB0myDS9snrgrecQ2F91R+SMzVNn0Y5Aej9KzTYp5t4FdxD62sqpxL6CZn+/77rFHPF5d8hHxAmQDD4kvikydr9tgSmFfNNbkYYim/mj03YbcbYIwRIpZmQrPadIaB8spDqnl1W13VoWXOWSDupwAvcTvlrbZ9Xsma4T7wReQ9wNAHDFlgm0zalhL+QAeu82qcd1mh0jKTzhJJ0NsqyUXqkY19W1wNPp4tz8y+zCi2GH6L6f7Z7Hq7zfOWChnyxS0W/dEgGHtuPXx9+ASpt/I0n5nhm7ZCZbQIlVIqjqkYa44qx8PBd61KWrlg1/SdUx34xoqn8Kae+LIyJzqGNIDfRStqvCSEg1dlcfOEyTNfXiUOMdsGGDGltLGmWQ/VieV9vV80wMDq7BYuBQSwcIRcTAiG0KAAAFGAAAUEsDBBQACQAIAHFoJ0k/aJigQQAAAEAAAAAtABwAYjQ3NDZiYjVlNjk3ZjIzYTU4NDJhYmNhZWQzNmM5MTQuZmlsZW5hbWUudHh0VVQJAAMlENBXJRDQV3V4CwABBCEAAAAEIQAAAHP6sUdvcltnIAL/SOCe74ai1BXkm6TPPdp6NaK6tg24xDhIlHvI1umvCvkvxt1dmlb7CGF7QLb/r089QWKpl1OaUEsHCD9omKBBAAAAQAAAAFBLAQIeAxQACQAIAHFoJ0lFxMCIbQoAAAUYAAAgABgAAAAAAAAAAACkgQAAAABiNDc0NmJiNWU2OTdmMjNhNTg0MmFiY2
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01026-1dec-48a2-a881-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:34.000Z" ,
"modified" : "2016-09-07T13:03:34.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '409c90ecd56e9abcb9f290063ec7783ecbe125c321af3f8ba5dcbde6e15ac64a' AND file:hashes.SHA1 = '3762c537801c21f68f9eac858ecc8d436927c77a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01026-ff8c-4a13-991f-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:34.000Z" ,
"modified" : "2016-09-07T13:03:34.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '409c90ecd56e9abcb9f290063ec7783ecbe125c321af3f8ba5dcbde6e15ac64a' AND file:hashes.SHA256 = '409c90ecd56e9abcb9f290063ec7783ecbe125c321af3f8ba5dcbde6e15ac64a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01027-dbc8-4582-ba37-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:35.000Z" ,
"modified" : "2016-09-07T13:03:35.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A H J o J 0 n F s r n / P A o A A F g d A A A g A B w A Z j l i Y T I 0 M j l l Y W U 1 N D c x Y W N k Z T g y M D E w M m M 1 Y j g x N T l V V A k A A y c Q 0 F c n E N B X d X g L A A E E I Q A A A A Q h A A A A 73 Z k u 21 f S y b T R T 38 O Z m G F m r R l M 9 c 2 w I / N G A f 0 c 29 D o P e z B B q / m o b d E C 1 q h F a c k i r D 1 n c V n 8 K V 4 Q a K N M H g 6 l U Z M Y c 89 N q b y r 4 x 3 M M t 8 l x D d u F t r 2 K W u w + x O / 2 B r S n J A X N 5 f n O J J J 4 r j S G T N i Y A 7 s 2 Q o b x 4 i 6 R p Y e y 3 W o r 7 e B a g S o z G w / x x Z + Q K V x N M P A A 71 e d W P s q h Y K V N 2 t 4 i Y 67 a K e P B 1 Z t e n S 5 x f J 17 Q g p Y u F 7 U / s t p G P z b N V t U C f 3 C G / 8 U Y s Y X / 5 Q u H C B r W b f G F g K d C j g M 7 E z d P 2 B h m j q K Q D T G i N C U 3 Q u D d S y v / b 8 O c a i v G L R v S q J 0 42 y X M R Q 62 w N x R K N 6 d e t K l u R Y 2 h j W o s b f H b I y 9 z p u 4 S F o u 9 e p E m 2 U q 1 l U l L 3 C J J V a d 1 D s f e n M 0 + t Q V A w W l S r Q N T u r d E w w j 65 A L L 0 u 9 y Q P g 4 z L z C m M p s 2 f P u b C F 755 v h D + + f D 7 f s 5 b z + T 1 c Q p k i 9 n W L N 0 X G 42 a z D O O 6 s a X e B 9 H O 65 P q a a W o x O S / + I J 7 X 4 B 0 r z 3 a N 1 E J X N W l + d X v 66 O O Q 0 G z J 1 v m 3 D r / b R M 5 O e H c V N X F N k X 6 P H j 9 / H 12 a p 3 M J c G 61 r O d B P P H D H t p r y W T d w F A O z H 9 x l Q u F V Y f N a W B u J f M N 5 E / R m I c r h g / b 2 I d i 7 M J 9 k M e i G 88 J N m l c S t 4 g h C P p 7 c S g J b B / 5 Z Y J l n A d I y g P m k g r 8 D M O C 3 o s d k Q m L X q k h D E k 0 w T 1 T M e b d 5 Z 3 F 2 n 18 w l u g g E + r R / 6 i L L H t J l B i J L e 5 y w T m 8 r k C v U G A T 8 w h w 3 d K j 89 K r e T R Q R l G N w x o S a B G n t t 3 t b T Z C p N U D o 5 K D k G p J S q 5 n U x 9 c 7 W O + R B r P f 19 q v x C 6 Y W e N f u 4 a J 2 U 83 g a 0 M 3 p u F 7 E n M u 6 B Q S U M 8 H J 7 y b u D l t m D b b y S U Y + B s l z h n k q A C 3 W O M X W d / V o j n v 8 v b B W S w L a U N Q M H v f S 3 N b h 7 V 0 j 5 + 5 R w s n 4 r J O / L A l D i r L u t 7 F / 4 O j I + 2 j 0 G j S B C J 7 x Q d + I 2 l w Y A o A W / H k s + Z g q y z O e x G b b c N L H x D l W e 5 u h K 27 i n h 5 Z 35 d E q Y h 6 B 9 R w H 0 U P u 865 M y 51 K 1 D a 5 C i l O y P r M + M w k O U n A t L B H E B V 5 k D D 1 O 7 a r P 1 m v 0 x C N Q B d h 9 T Z L s s f M y 9 y A l T y A f Z E y z 550 x S b f Q L d s S m h + 3 L + 7 F U O V / A F g u 18 Y I c q X 6 r 61 d W r I 3 / R f y T q C r t E f p N S e B 69 F 4 x n 2 h z q u g P L g U a O o e 5 t A Z i M 2 N N w r O U q f f g v G o P 3 p g I S s 6 p w R e c U e D H O S m c n E p B 1 g s Q V 12 J c M 9 p W / 1 Z f W 259 + q 2 E l + U s a u U 6 B A O b 5 a g 4 E u F R I d J Q X Y / x D 882 s k 7 W p r N 1 A c k b X d K 8 q G p H W L x o m B R v 70 n R C C u Z l f 7 R Y 5 I d a g y 60 i 9 I H P z r q x L + v 5 V Q B 0 G j F p 1 V 1 / C q n V h 13 K x l w i A m z h 88 f 0 A x 7 B g / A x d M G 8 Q M i b a u y 2 e T a + h 5 m G W A y p l 3 l s X b z 4 L n A y i a i C z J a o G K R f k x A h B 5 Y d h N f R 4 H / C N Y E I S H e F C E q 6 L e K + e 0 V o 4 P S 1 t Z W C N h M d F O d o 0 T o L H 0 w 7 j x j w u Z n A G Q G 0 g k l J 9 x H 1 + L u O x I q Z j / Y 44 X J N Q g w K s q h b z d x j N 0 J k i d C 6 v 7 M H n 9 b N f 1 l e D M S y u 49 Z j 1 B e b C O 80 E a b F S 0 R z X y 8 h k I K Z r v w H E t S g E h l D F B K g n P U 9 h o F I S n d I f u 8 j W a W w 911 T H I y E A 5 P Y F 2 b S a V J r T Q u v w Z q u f V v v k h t j R O g v F s u Q b G Q f 0 g f / 4 H M w B 10 J 93 k / v b c o Z X 7 a Z b J D r + Y e W O G C l U X / i j Q T U U 9 M c 4 r e v N 93 n l D 5 H K g Q H x q Q V x y 1 x y i Y Q t b 3 J A b z i C 2 D x F T I a T 1 o W d x + x l U 0 o 3 B E j Z Y y o D O K S O d D d 7 A J n 1 x P B W d d z N / e W N 9 j j 8 H F g q C M q d + w 2 p r H w n t Y F q p U / k I P 78 k k 4 f l 7 v g r S c Q n 9 R R V R p F u U O 4 S r A K Y J 3 W o V c T o + 5 Z r u E N Q m 1 e W 32 B h n w J m i p R v B D T 3 o 419 a M 9 y N t w D w Z R T K i x V h J J k A I 1 + n 0 s l t V 5 g f o X p g k u 6 k b H X c + y Z d L v 6 K + K j c e r m H k V 1 Q K 46 C 49 p 1 H h 2 x I z m d c H V K B h x L J U G z j N y D H G 4 m 0 F L x / 1 G C C B X i Y h I W D U T o y n L E D 2 Q / D k g N l c D o a 1 K N g 4 x d M S 2 R r g K 3 H u W u n b r t u G i u k d K v G I p y v h R e i s K A Q e U t W y x C M g e w 3 i g n O I P 6e3 S k 3 + I a S S m s A x + C 2 m M K 1 V n D B z e E c r W 4 M t Z M 6 o z Y 67 s C 6 t h L g / 84 l x x o X E p z z H 7 g I r E S d 7 O J n f W X Q / I a I R J g Z 2 q 2 n v T B u c v N Q 7 y f V n a T z d b G 3 F H c L P 3 O e j t F o N s i y q J J Z z E S 6 s v W k c 0 E U X s i E d F 0 8 Q f H d e F + d v c 28 W M 3 A Y e 9 / Y B 9 e C j v c w 4 X E 6 p / 9 f Y 5 + F H K c I O Q 7 A / n + v 885 T J h j 0 2 z K l Y b Z 2 X n L s y 2 t T I C 9 w P R e w g F c U T 2 + 9 r q x p + o T n 6 c r A I V v F q p 55 M 782 k e b u i y D z K A k V S W g s q 1 v N X 7 O F 19 X n V q J V 3 K / 2 m C 0 + C W f k b O N i s 15 o / N y 2 e s 6 b Z c f 2 W u S E O 8 U G + k n N B E g T E 3 W d g U s A 0 j w 50 x U t T r J Q y q w / w A M I z 8 g X F b p n h K L f p v A i 87 S L q N 2 L Q A d 4 j V S L e A N J j X 4 D d s 9 y I U d 4 V F F e Y X S q W m Q f u 2 g 3 x t z l E 8 k g 0 c 2 n A e k k 1 c u Q V v s 7 v P d O w g i q v 3 Z 2 d l k e m T G H S E g b 6 v d g p 3 g c u f W a t T F 0 b J F L A 57 Y x J A l u P p b + l S / 9 U U T K 4 C g a h W u W / i g M w g D P B H S F E U M A Z f M g 3 P 8 t D g 0 D 33 f f t I D M s E L L d C e 60 R a b V i I 8 e M Q 3 U g n d I P u Y n C c s n O 5 / M G t H s G M N B m g q t 9 h F + K 78 f c W A / F Z I a b e a t 3 F T D W P 0 W h W Q e L P o k a o X 7 Z p p H / p b z 9 e u T P 37 F p n 7 z x U J F U r i o V Y t 0 8E3 / u + x 77 E S A 9 p B h U O u o 1 T y N s j t 6 j R y 9 M 1 s U D 5 Y 74 g K i + a e 9 S S K V 5 k C Q 6 i R t O 7 H S + s K N Y Y C r B D S W M x F d n / K 1 I C J e z C S D 93 r n H E q 0 p V B F 65 x o J t z K 9 f 8 N w c h y h 4 L 20 J f k K O B g 3 p / j b r O / b Z N W 84 u w 5 o P U U P h 7 B n 0 / b p + v l T Y Z z 0 p o C L U R m 1 r S H 1 z r s Q V v o 7 k 0 b O l K T 2 q T K S z c 6 C s 8 U c o g U Z d n 4 s V Z W m W d p H R X M 36 C b k D f 0 O h 9 G K g w I P E r K G q q M k W 6 o 96 g d B i 6 P p A R s 5 r Y 4 A Q t d 99 + R X Z T y 8 J W + E l o E A u 0 s Y o p P I / + Y d h 2 t b x F Z M s d r 7 h / z W 7 H W 7 Q c T J z j i Z F / e U 8 w 0 n z G z f B f I I 3 U C w R 2 f e n p b N d K a n 2 f S l n Y T k s v z a L 1 Z V 8 c + 0 / I u B / e 9 R U v n w T H R A z X t y m I H C N a 77 q P t D D E K L C N O b c T 3 f K 8 K I o Z G e T H o + A 4 M w V x 3 N b G 61 R G I 5 t 0 t e o U a 7 C F 9 Z u k y k Y n 9 R j D 2 i v 6 X b v 7 / 6 I F G G 295 D L i + 0 h F k 0 9 V f a 1 F O 0 O P r f U o u X c s J 6 M / r M J w s S t g h S L t T B V E q c o y X B + S e C D l X Y p o x h m f p n 8 i N 4 C J 8 O r M / R 4 H B R r 3 Q g o Z O 5 R W c c 1 N G b / V J b A N i N o p 2 a 8 W e e A 3 B v P 1 U 3 K 42 P S Q U B Y i e n 8 j w F 2 h 9 m E z r o i b m i 8 y y I r Y 4 k //JRorXnhhx09zERTgpd1BLBwjFsrn/PAoAAFgdAABQSwMEFAAJAAgAcmgnSTiXaYM/AAAAQAAAAC0AHABmOWJhMjQyOWVhZTU0NzFhY2RlODIwMTAyYzViODE1OS5maWxlbmFtZS50eHRVVAkAAycQ0FcnENBXdXgLAAEEIQAAAAQhAAAAc/qxR29yW2cgAvwN4jo1ZGzqEfrtFP5Zo40KQETvFGGUj30glXHPQMMUhGBY/Xm6xP4JHpRPBwhAB9pnQM/FUEsHCDiXaYM/AAAAQAAAAFBLAQIeAxQACQAIAHJoJ0nFsrn/PAoAAFgdAAAgABgAAAAAAAAAAACkgQAAAABmOWJhMjQyOWVhZTU0NzFhY2RlODIwMTAyYzViODE1OVVUBQADJxDQV3V4CwABBCEAAAAEIQAAAFBLAQIeAxQACQAIAHJoJ0k4l2
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01028-d170-4e4e-8311-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:36.000Z" ,
"modified" : "2016-09-07T13:03:36.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '0751cf716ea9bc18e78eb2a82cc9ea0cac73d70a7a74c91740c95312c8a9d53a' AND file:hashes.SHA1 = '73ddcd21bf05a9edc7c85d1efd5304eea039d3cb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01028-e5c4-4f71-bf58-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:36.000Z" ,
"modified" : "2016-09-07T13:03:36.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '0751cf716ea9bc18e78eb2a82cc9ea0cac73d70a7a74c91740c95312c8a9d53a' AND file:hashes.SHA256 = '0751cf716ea9bc18e78eb2a82cc9ea0cac73d70a7a74c91740c95312c8a9d53a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01029-cb54-43b4-af13-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:37.000Z" ,
"modified" : "2016-09-07T13:03:37.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A H N o J 0 m 0 D c M V h 0 8 A A A z Z A A A g A B w A Z T d l O D J k M j l k Z m I x Z m M 0 O D R l Z D I 3 N 2 M 3 M D I x O D c 4 M T h V V A k A A y k Q 0 F c p E N B X d X g L A A E E I Q A A A A Q h A A A A T C W q o O f w g 7376 l J 9362 S 8 y k Q p x O T m e r w + L A d l k 5 f A M m 3 p 71 O d l 6 w p I j X e Z a o k q j b D x v I V 0 k q 540 R P R i 4 o k o 2 A S D O w I / L E s D 3 G Q t 70 d u 7 R o z W k X z f 66 L 1 z 2 V 8 C 0 R C F 7 q k P W T I v O 2 e x Y m t P u x E i X G J r b 3 I Z / P E i 2 S g W H J u b a 0 g b N E U A t H A V G M q z + i Y V P i a 9 R 9 j B r s u 0 f o + 22 D g p 9 R / e Q Y F P e 9 o n D / z 3 Z 9 A G B S e F l V s T J 7 A E y g w 4 v m / E 5 U S 3 u I E u D 3 g 89 r P N m i f Z Q h b 2 D z i Z O J n z W p Y s 7 r 3 m V M E Y o K D i O m g q o U 0 X m Q S X M b I l C / m + I J 5 Q 5 p S r L 24 t G w w N Q 9 o y q P / J U 0 i 3 r l h G 7 L f s S o y j L 0 k h E q H / A 0 g 0 7 C K 9 X 64 Y o 52 h t M N 8 f 1 r k n Z R G U r 1 u 1 T v S y M v u i 0 f G d m k 8 x d Z w T 2 P x E 0 f y Z r V M a r s e o A L w Q S 6 C c L E l A b L / V g E l Q x 1 A v W y B J N V Y t g c f c B g J n l 8 F F f u Z N e P J e 4 Y / A W l 7 M z a t O R 4 y h Q A e E Y L s b V k D 6 k / y o J j A c i B t R 8 g / t l P U q 3 G v U K R I 0 Q S 3 g w o z F L T O A V M F J d p h i w d X T h w Q R D H X 7 N 3 v y K A k h i u O l / v T R M 8 S 3 K 0 O I z Y 0 8 H g E 1 z f 9 S Q B I w u 6E+43 w + b W h j y p 3 l D R o O F 89 l 59 w f 1 u l / k R + F D r o A Q B 9 L I 4 z w L z 2 s h q l q P 30 u T V 0 b S R K O x O U u q Y c y g J a I H a M C T T H o i u / 0 o v p K 4 l F t y Z W 8 J 3 k D X 85 U U H Q B J 7 j u o K g g X Z 3 D t J 8 S Z + h s U 9 j n 4 l J 2 N p y 2 Q j F n j B M f b T I W M K m O B Q c 8 F w C I w C y l g 27 k T x 2 h o L j j N 5 R 4 d x W e 61 A 1 c k C E T S H B w h d H z a d y I I Z X m D e 0 B 9 B 66 v 5 P K q 9 W s d X S c s b z D f O y V V B C 3 h 5 u h E S 0 R e O D k F r 5 S B I u L 34 Q p u Y n V 8 l 2 I / I j i e h 7 E o 1 F I 9 R S E G / J I M e F 3 R o l Y t y W C x u T 7 n p 3 i g g I h k s S C D f L / I 7 Z C y 7 u L I s 2 z u h 2 m 0 a 9 U 0 o s d h O P q P g Q 9 f 2 P W u U 2 Z V I 6 p S 2 m 9 p X N g 0 a + e 4 y H 5 d V q X S n g H K s L D i f 5 / X k h p U G E w 9 g 8 V B q M p z 8 z 6 k X 0 C 9 o 8 X 2 E m s g g i k g b G W 6 + E p 9 w u r U g y s j + T I 3 z w G Z P G d a 5 t K c o 4 M N l u + E C d o 4 / h 2 H F 5 c + v h T 6 I 0 w 1 z W J m S / U J Q / 0 n O 1 M 0e0 + Z Z + x a r W b 7 B O 5 H J z F Z u Y R x s N v T c r Z h U q s A W F c t J v H 5 O F e U A T X z u g i O w B Y J u S s m r 5 C d m j 79 P m r d j C G 6 o H b f d K K 95 a 37 s / I B V 76 h + t o N J E M x C b 5 C S b 9 T g v 2 x P v + U 0 L a B D / D K 4 N h Z Z 8 T F Z 5 o S A P E x a 1 L L n Y y V g h w 8 / i 6 r 9 h 4 F E z 0 Q j Z z v V 93 c 0 Y M D B F 26 L 94 T Z W 2 M 5 i c c s 89 e e o K A M Q i k 8 H t E y b 0 74 n a 7 R R z 99 D 6 H O N S r x B 2 i h H r j S G s 6 d 5 S 8 p y 1 X l B D o O 3 d z + O H j i q x 1 k o G m D Y l J s / q t S k o d c C 9 c c O A 98 Y Y w 0E3 f M 1 g N V g W y J 3 e O e E B Y 5 L s l w W 8 d S g c + F N j U f h y K S 1 D c j D y 9 u d Q z i n w g U 5 j T F d W a w c 1 S U w S T + w R v z 4 v O o z E 1 + F 6 i S R 5 i S p y i G r E 4 x r e D I g U o + T W P H q l z + 34 E V E x i B U X C H R j g m b W h q w h O 1 I y e 60 r a v F w i X E 7 U u C m R v / 8 e v l Z y U P r E f D B O T d a U X E j y D E H f 9 B Z 4 W p F o t J n n r K n G c a o 5 J O 8 D P x K R + u m W z 2 O i Z 1 E y J M A y H O b w M F Y x a k M t P M A 9 K K q u x h K N V 8 Q q Z 8 e B u T / Q f u 28 G a l h Z p T z f u z u Y l F K r k w u 7 T w L X 5 v p S 2 e M K n q u 3 H u 7 p J A r f M e d p r s / a h T k t x t u b u A n p s 3 V s l z p Q g x y u n w q 6 o 20 S r w 5 v Z W M / 6 T A V u i x t h J R v c f X q + u 5 v X n 817 v a C j B w U C S 7 L e D M h r D g B f i z 4 / X u J 9 M a K K i o R S 7 j o X 8 P P B o y c t V E 8 k l C P V t y C L Y S k c l x a D l V 6 x n K S x 5 H Y 2 s h e q T 8 t 9 d p n q 6 A P n l r O Z 9 A m t A S j P H T v g 5 P U m Z a 469 q l U p G J l z Q x L 9 g U s L H V d Z k 8 E b B 9 E L H O 927 r X h 7 C 4 G w p 0 2 V A C W W w 3 n 0 t + 8 P J e h l l 6 f u S 1 t M V j C K m g F h 5 Q Z O Y d Q t Z H x 8 Q S l q y D c d s D k p 5 R h P 1 J M o 1 R 9 f k P y X b g i z / L 3 K E X 8 u V K q N e 0 Y V 7 w Q x A p u U T e I b 0 D t K x E N n 4 y E H 3 f 9 i 7 N n + t t n v 58 Y P M 9 p l 5 z v D m S e T m y f P q j R 3 j V t V e A l y i b 9 T p 5 f y p g K 12 A l + M 1 C 1 e o a K r W K b R o D N w k G / I Y w J u 7 x w c 6 w l Y v 9 F l q 0 + 0 1e468 F w g s K h h D o I e 42 U a S O G U R 3 a v n N O + p W U H s n 81 c n G A + H m o S Y z O r J e l k 70 W f B 0 F f u x b 9 P n K E t + S e L j W / p K k j L k K K J W o 9 o Q V Q J 1 d D e a X s D X + + Z z B p l Z T g G r z P z / Q L w l K t N v f d z 3 D X A 8 b 7 I H z M 9 U F W y I C B 7 t O a G J Y P 4 j N X q T K Y f v d H 5 z q 5 + O l 2 I N F M J b Q U X a M M Z 5 n a V 2 I G r B N i G O L Q 7 a I 0 K c T 7 k J 1 Q e m m 9 U 6 P 3 q r 7 h F x H Y P v 6 o u S m Z 0 v L N 8 g 7 j k E C g I T X K L X U m p T 8 W / K a M a i o t u 74 O d Y 6 Y / p 8 f y B 7 S w p s L 6 O p I 3 m K 7 N g l u 5 a F T Q 0 F S O L J B 7 U f h 3 n L R T 4 C c b E e 45 X f N A 0 1 p 79 C I o M R 6 n p P J 79 x 8 + R X X V 4 W / 1 t Y e 3E1 f b + r K k o b x J Q N 4 G 79 d L 18 s i + o l l L 4 E E b M F f d X 489 m d 7 b Y t 73 g i x T i E b g j K l / D N R H D + H l M m F t S N z / 7 q F + S 9e0 v O r m 7 O B M g 60 i O R n T L 6 b r w / A l g E m n G b B K 1 S a s 1 N 0 22 U c q v 66 T V A 39 a B A N n V D w I D Q k E z 8 / u 2 i s 2 + f P K j 3 f z 0 3 y k 4 Z 6 m Y P j V 3 A / + w S D B E s m H 36 K Q 5 f r f k / L G V F k t z + n z 6 r V x y 2 Q 1 i W p E Y B 4 I 6 u m d p q C M 7 M i w b A n c k N B o A d 4 a a V L a H j r 2 q F s K / e d C D U 9 l k N I H A u G 9 E K K V y n G o p C 1 w 61 v m w u J l / 79 i O p 0 I m U C D h k + Z N F D Y Y m S q F H Q h Q M / x f l 67 F Y S A j 5 n v 3 C 5 X D j x C s Y a h u Z t h A 0 X 4136 f f e r n R n 6 E p 4 h s X o V J F Z e y 5 + K N c A / 4 u U P 8 P c R y x V B b 5 m n 2 / H u w L N i D J 32 f N j t O x w j w L K v D q A l V i e U 5 q N C U j 7 Z M Q H J g s V I 4 B c m M y Q J N P + + K 0 f W m a / c H F T F 9 r C D T c u 8 Q P W o X n / S x t y f t b u 3 H C c n L r C E Y J O S t U X q z H / q 9 / v m n x d B e Q g Y y 1 D 0 8 e F 9 w + d h r t k p D d Q a 9E5 B 7 o 4 c 6 W l E m E G 99 t C b A 4 Y B W B Q k f g 0 0 a 4 V J 767 F H L 7 c P I g i F m o W n N p k u a b Y 9147 P l W Z I X H e L m 3 L 5 + g y T m / 6 K V q 59 H C Q B d / 7 t g Z o g 9 P f 8 n h B E m n r Y c 8 y O X u z t K 7 t u V K J 3 N F 0 I 2 u Y z u 6 A u 0 v E 84 b 1 z f d 8 V D u 9 K 65 z 3 K T F H 0 Y M 6 l K n b r G c e S 5 o d O v M u 23 M + 5 w g X S T v t m j h s g e S P F f 5 j U b t m w C A w F T 3 h J e U E 0 715 v J N 1 l 2 R f / Y R M m / k V e I A 6 S R S y D J L A z m P h t p d 0 r e w e 0 L e I 99 d H f 8 b o l + 742 t W 3 L 1 l d + L l Q o q w T 31 / i O S 6 o D 8 T k 9 k I Y 8 x L P n q a X z x N a B I l 7 s d j / i x F R a G I 7 U v d t 1 y T H r V J L m Z w Y I G S R w g 24 m M i 7 U / 5 I R p y e V T F J O D b e t U j c l r R Z Y X m z s s K X e N J h 988 h O x V m O g L o V 39 v V p V / Q U w 5 Y t 5 Z U d L E 9 C J H B w F U X + 9 r h K I S F E N e 43 G 9 G 5 S x 6 y p W i g E Q v 3 r z j q 76 r H t n x d f b I g 63 G n h C 3 L T f K z 7 + 3 v 0 S F w y 30 l a f / x l x S c / m O A z 2 T Q G Z g P 2 z F c X w J 4 C 5 t i e 3 s 3 U D 3 B H 5 C o a p g l v 8 O x j h 5 y y v 4 Y D E A B d l v U y Z h F Z J P u q P V b e n d x y 5 i 9 b y 60 d R H c m H K C p x L S b h / 2 r 4 O 93 g B 4 j O H V v e Q 1 + V 7 F 4 z B v P 8 W v l d G t S L W r a + 6 J U E I m J p K d Z 0 q X a H t K v K 5 A v + y z H h t T x I T P 55 u u D w D J f 97 H r C 5 e m L s B 3 W Z 1 q V h S K 4 y b j h 0 c h e C a U D g t p J x f 5 T r w O d Q P 63 a P c v s 1 a b q i C 8 C + Z u j a I U T
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d0102a-7b48-4003-9af9-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:38.000Z" ,
"modified" : "2016-09-07T13:03:38.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '8752d16e32a611763eee97da6528734751153ac1699c4693c84b6e9e4fb08784' AND file:hashes.SHA1 = '851b7f07736be6789cbcc617efd6dcb682e0ce54']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d0102a-8f68-4c84-bfd8-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:38.000Z" ,
"modified" : "2016-09-07T13:03:38.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '8752d16e32a611763eee97da6528734751153ac1699c4693c84b6e9e4fb08784' AND file:hashes.SHA256 = '8752d16e32a611763eee97da6528734751153ac1699c4693c84b6e9e4fb08784']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d0102b-1964-4f34-9e65-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:39.000Z" ,
"modified" : "2016-09-07T13:03:39.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A H R o J 0 n f x 4 h u C g o A A P A d A A A g A B w A M m I x O D Y z Y W N k Y z A w N j h l Z D V k N T A 1 O T B j Z j c 5 M m R m M D V V V A k A A y s Q 0 F c r E N B X d X g L A A E E I Q A A A A Q h A A A A T C W q o O f w g 7376 l U 88 Q G i g o T Y X L m z m x N 3 N j K k Q a / H b b F l o h 16 d A o h q G h 7 Y v c N I s z c x R g W L 1 x r R h 27 r 7 + 9 o k x n n B w Z k W 9 K 7 K U U x 21 T 7 + 4 e j V a C b z i h U 21 i w a 32 H q e E N 9 + W C 1 p u k G J w k N S k X Z 6 b Q X I A B 3 Y 29 j g t p x p x f j u E e 1 W i o i v f I V B Y Q S O U 6 R m E N + N c W 45 H L d + i l 1 F W Z f Z P 3 / i M X / h N 3 H / G t R E G V M v 0 7 v T h + 2 Q p 7 / T q j 3 t n v q q b b u U e + X L U g b 8 p k l P m k C d t 0 83 q r z O i U 8 Y P 4 j M p X u 86 E Q I H + f 3 i D O y x j + 7 m p r m F y H D p D U E 7 D 1 p w D k l y Q i O 8 / Z p J k j H 89 l U f g s 4 T V t j D C 9 b m P / 3 d C R T T e h 8 z G 0 6 B b j F X u 5 G L B F l b I h c D o 7 P r 7 j h z / S A 9 y o S o h D n N w X 4 j z n 9 / z 5 x B K T J S D C p B M m r i W g z 6 Y O f M W S e v K F 4 H u g e L q k i w G X 3 Q a 0 O o H D b 9 c R e V 0 4 S / c W N 2 c Q p f z T 5 d v 9 s / A 1 J K i n f G 9 V F k C w k 9 W T T R G N M t P 2 z G / h x + 4 p p x w b R 3 b g v z P 8 p J W T K G f f / u t Z L e L h I E x F Q b b p o i d S B 6 f + m o R y O + o o Q u v 49 S A 56 Z f q L 0 q f + i i n S Q 1 C X n Y 2 Y 9 U n 5 L 79 l u S p 9 K x 1 a p Z 8 f g S r e T x K C K 2 + O 5 c v w Z v K P l Y Q I N Q o X U l 31 h W c 7 k l w M V u D z 9 / + M L w J 3 g e H l C 21 n F s T p L E 1 u s b k d n f F A Y d t e Y D p L z Y F B T 2 n t 5 F 3 e L d t 5 s R 1 G G 88 A g / U j r w 1 Z M n j L F J i W G 67 W G 7 w 2 G h t O U X h j O X s C m V t y 1 Q y M i t X j w B h R m U T g r W A Q K 1 W n x 3 g l r Y i b o I h 9 w e q E i L 1 m t V 5 C a o t y q G W 9 P v E H k W X m V r d 5 E G B s G O t e O C H / Z v H U S 1 U n / h t t T 4 Z 9 a o H f S n 1 x b Y + S D m J U H 6 a G g J K c U j U e J K y Q 9 L p X L 9 I 98 e N 4 v o E d K O h U W V l K Z 3 O n j B C Q N 9 U c F w k E b t G K s h b z M b a M x W 7 / h V + e W 1 p J a l t y t 10 + r 1 y + s V W l Q 4 j V d F s s w i s 5 S 6 S V r 3 d C 4 x p e q O 2 r i Q y u C F V 44e7 c V 3 Z p 8 l 0 U r a h D + 8 S D R 7 s 9 W C B v c U r a j v 0 9 v S O g C e 3 j 9 r r R P G I 8 n + V B 6 L b 4 x W c A 9 D P N k 9 L p e D d S b K V 9 W h k C Q k n L g 4 k z s e D 8 Z h 1 S a l U B 6 B U n / O i B k p P y y N 0 x O i m o D P M c 8 t d Z h 8 X U 9 O m E z 8 s E e 6 T q c d V 1 b 5 J r P E S 4 P M n y x s 1 d 1 T H 15 j f e 6 p + v j q s K G j c q q Y L u r 7 l m + L 1 p w g I E e J + n Q q C W Z D J n I 1 L M 2 x N p d u A 6 C P y e h 9 c p K a v q v k M j f U S 2 q 9 P 4 N N t j U G T M 1 V a o 0 F 5 H c x 47 Y c Q 0 8 l g + 4 m L 74 Q u p 3 J W c U R c 66 f t W Y h 2 x Q f b f p n 5 r a h z t D o 8 H P g R u 0 X e U Q i f + + 18 G w 350 y Y M / h e Y S J E m I P v 9 D 5 i P v / 7e9 W F P I P f q n C i w 3 l y P g F t y v j g N J r p D h t a e x J v k n q 9 I w N K y t L f x V R J V 5 S m s f 8 o m r 2 y m I m I A / I p 1 D E R 98 x y y 6 P V Z U T B A 3 g X s E k F 1 c 1 l + 5 O t d g 5 + K U L p 6 E L G I S s 97 C o o T S j 7 v r e K K 9 I L y E d G n M Y + B 9 i V N U q q m 8 n h j 6 E i n I e P Y k r s S n y s t d 6 R Q Z k 28 u 9 + n n 8 X Q 92 a J E a P T 77 M 98 I + + m D c c n N H F / Q g O 7 a o 5 I v F c + v T Z P L J U a b 9 X Y n a A b k R 6 V w J 6 H F J 87 A R W c V b y a 0 0 9 T a w a k R J V 0 n p Z o n 0 S b c L D t j W t E W f D e Z i F u d 1 h 7 K w Q X 8 d 2 l u b M / z E h V / 5 l c 8 v f K 8 d Q o h 3 w o G 8 R K R l 8 K z Z 4 N N u P O B 1 r L P j T M S 2 N W i i p s B t + 0 q H d v Q u m 2 W e s b K 3 X U e X r c 8 l + 8 g z J a G N c N w U D q F a c v 6 i O R K i I G j + y j Q B l B 9 P p 1 D B U S p n F g r O z 4 D 1 p 9 x W p U F G d / h v A d i 3 c i g n l Z 0 S c N 5 m 9 c 2 Q m q t z p g D B L 9 e O a 7 J g u c g v j x O 3 R G J + 4 Y N 6 L g H i y c P K j x D t 6 P N E R + x O D f z j 8 Q e O w Q Z A j W t Y Z F y q J r 9 D 2 R h H C + e b Z D f z z 2 s Z s m K N R K F 7 I / u 2 O i b c U q n s e 1 v D + 5 l i 71 V B t p M e 8 S / 7 i V T 3 M Q m 6 i 5 e X g D x z o N 22 Z 6 V L Y A E p j g h k w G x a Y a q a / v 7 H e 86 F w s D / Y y i L h u N v 7 H I l U V x A h F 2 e A a f e 4 i U z K H t s Y j q d E B O 5 P s 0 F G q 0 Y I + o U q u p 8 r n z w O a x 6 P 9 r w o 2 I / Q Y j f t f + U / H T Q 59 + y Y j v Q s S j k p C s O H u R t 427 j q L m k 1 Z S g w q 0 e L //+XXRO3gHtTVL18rFbY7y33uDpMoXnBjjLVyI2SvD9MYSe6k7O2dh+LNITvdaIZ+MBH/w7iTov2rSKNa9Igcd3C/OjyNi7UjLWwQeW57Tl3tyWm8W7jXVxIgOQ7wFXfLtW2B13jn3DUc3xka/YeDNQwOmOwu0Z+6dbQ6OdJvQltyPjcCzHzugEgwIa8HnzhhMOGNsdiXtQByBr6M6VA+j+S6ACbrdtd/Qx7qMtCVM7SPvld6ozFkTzIWxiyEkIRgtKi+oAFkaZod4zpDDXu1/4bvmmlXhqVrZZlU8rq7VIV50PwPkGh45ZlV/6EcxcRjeHwMZAEehcsYpTczxHA4p6jF958RdawlQASpKU7dVLOjExkqHQ5A+GmAK4raPaP2TUUx25ogBWfCKMxqJmeY0f5IqX1dVqu2NU+hMKnkcZ4+KUUlfNJkDwhTQokWBkRkdvonLk/4YaJnNRxl+73KbCeVfQlRomx396H5zSVqDUKW4jJIFFt4cBo5zBZb1k8NxloEoAvJWj1veXI8762Ri320ES7ii428gDwFbviFs9dYZop7RYxXUnqtbL7I08YgXwP6o5On7p0drqj1X9FnMr+LBucSzi9gVOcj7sM6NWQYL0Qvpj/sMvylZx7kKNg1wQ9DAZsdhrnUO+Tix3WEtJWs/c5Wk3TWzc6kzAtbJztkC+bAjzGGSM7wM9ZrNXAU2zI+yYMuzR60TlHICPdTv+p45u1OO2V/+1fRhIUxWkfz0FloXwWJSawjXaWzUThJDrgConJQ4IbEDtwC9XGENcmyKYwVkwOuOpTVnAatyG7t11SqVm30M3WWdmLwCFd4ytY62D5/zT9u1ujQYs16649ASgmqwYpy8tT7JXoc6O09GPMTb3+3aL4z10CW+53VSSn5Ezv1uX0Uw0YMCFrN+gg/CLTyS7N9Y3sPleJMUOSNwA6oKw/+457FvcN368Mrrd+BTSPP6Hc3YTQLdmZ5BtZ8k/AWn5pWAP3ToF1kDRU/sMecCJZM2NZeMQOO/BMb+qEYHRux1bkyAnwVeWtEKtSdE2afhl2UNb+rQzsxaLa9+fsgibXOpZFhkfZOZYEGukR/TLfPwH1g2CREauQqBsD3QrkU5X4WsEw82bzlau0jsBs5ON1PQDzxyMcAcJ9sukGyh1xFpEt8v67PlKg//kyM+TeX+AIGN1EIYS3YROgRpJjXa60+U4I40q9g3IUSa6xBPj0llzDagSMlwqeEOMdAYJdOBllLMOacEYbVw6X2OUms2rVzpTe9QSwcI38eIbgoKAADwHQAAUEsDBBQACQAIAHRoJ0n+DfU2QQAAAEAAAAAtABwAMmIxODYzYWNkYzAwNjhlZDVkNTA1OTBjZjc5MmRmMDUuZmlsZW5hbWUudHh0VVQJAAMrENBXKxDQV3V4CwABBCEAAAAEIQAAAN/aSou0UrBElBTqAyTmQulmJw7q1qTJvqZpcUHGw6VMMcf0t0nPB8EP7RoyyuUfeMTOFN+hj9/aaMO/MWcu9LgqUEsHCP4N9TZBAAAAQAAAAFBLAQIeAxQACQAIAHRoJ0nfx4huCgoAAPAdAAAgABgAAAAAAAAAAACkgQAAAAAyYjE4NjNhY2RjMDA2OGVkNWQ1MDU5MGNmNzkyZGYwNVVUBQADKxDQV3V4CwABBCEAAAAEIQAAAFBLAQIeAxQACQAIAHRoJ0n+DfU2QQAAAEAAAAAtABgAAAAAAAEAAACkgXQKAAAyYjE4NjNhY2RjMDA2OGVkNWQ1MD
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d0102b-6334-4498-9083-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:39.000Z" ,
"modified" : "2016-09-07T13:03:39.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b73088522' AND file:hashes.SHA1 = '17b42374795295f776536b86aa571a721b041c38']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d0102d-0f98-472b-a469-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:41.000Z" ,
"modified" : "2016-09-07T13:03:41.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b73088522' AND file:hashes.SHA256 = '991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b73088522']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d0102d-6070-4ca8-aefb-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:41.000Z" ,
"modified" : "2016-09-07T13:03:41.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHVoJ0loVCWunAMAAHcIAAAgABwAOWVlZjdlN2UzYzFiZWUyZjg1OTFhMDg4MjQ0YmUwY2JVVAkAAy0Q0FctENBXdXgLAAEEIQAAAAQhAAAA73Zku21fSybTRTqOaT9FTFJP/hT4PeXF/9v4TdEv16wdR12S6p3f01Xl3R6rHNv2nJNOBKLNffj6EN3TEvCr0g22LmkuBjbYlms4QQiV+UZ6uxxL/5osLa2Lh7c0Q5h4nXl7DlaQGL5HgfQ50kzHGxgQV/S8Uf+yIeiqDCwgqfd1jZerfn5aHm7hEBfmvlGFNTqhwa+y5QfnSuiTyTgi8PZ6ia/llVUnzcjHgBUEHC1IuLzjAlZ54NKWtpiQXcOAT4rf2wZvY+BqqKY0GpsizfoDr2ed+8g0BCYjvPESiBc04QDP2OKTms6ChZLHmbOy5eMc3y6HMQRG0P4QrX8O2539jK65jcIrxbTOr1+9nN3XXWAumAOmKYRdIgZEAEz9qcQufbla+pMy0hPohJOBrQdfskIYNXmUfynS5bGj68maNFpOMqSLsa2p5eswq8RBdLVtYOcFrUjiekPRc5PyJ+8eitLHckfQPlYc3OmLoZcCEpKkFND71KsfUrfx+mj1nbLTsse12yfyeRx2T0caksOxRcAc4f5QSs7bOoNGFE2TMY1JFeKKpcHn+LieFuwmUFRFC7tFbncJ0SRbgWtC2sXtXF1iqLod832O/1tbsXVp3NyECZDjbN5Iza5ht1OOzwmk+7oN4xe+Y7NuqXXYnM0eNDaF/jg4Yj1tAQPXLkVwWkd0QYfPeHBMsTOkn/qyo9MBuOVHvUBRoYtMx2L26u7E3WN6LYZxc20tYpMHNJCoKV8x3uIthHjOSfz9VBsJHhIk9Yc0Nz/SSydyrDmFqHd4dLqjrKswk+GO1gT8DtLhVYkJ04ya5XnRi5wZfGZuhh+85M55+KI2UgmuKLvD+KO/qM8s+S3h2yC54M6sgHLhvuI21cor+Spbb2FR9fJsf6Y1PMjuFDHYvtmuj2Bj3LStbA9U5YgxGzg1cil2PWtyUaG2QwI5VoKtQQ9SJ21Yv0xvrvaIbg5KeYK3OUKWG3iyihvNEXmUWnBlJeILZqmN3uAsIJedCsorRPjFRgc4bkeJMfvqdrc0ZplBnPAx92USM7A5V4qbV/9hAa5TEzO3KEIhWtRvjSMo0CikPhUCedIA+oiqsIn3KV0KoJqTS9+jhThMrT4A4zoFs143xVidj1UsAGVZJbu42B7zDGx0oCQJiAEp0HYE0xGREOQiupYZSddVhH9f+PJ+b3N1Ij5Hj2NbcZ04q2VC/5FYyXApzIXWCzsT4Td5eukNUEsHCGhUJa6cAwAAdwgAAFBLAwQUAAkACAB1aCdJaEx/LEAAAABAAAAALQAcADllZWY3ZTdlM2MxYmVlMmY4NTkxYTA4ODI0NGJlMGNiLmZpbGVuYW1lLnR4dFVUCQADLRDQVy0Q0Fd1eAsAAQQhAAAABCEAAABz+rFHb3JbZyAC+59PfRTlK/78yhhInOcKwDFGPcV3+PL6zmjekpf/yGAfcgeVhjQFfEeU+n3Npo2qdpDHvwtQUEsHCGhMfyxAAAAAQAAAAFBLAQIeAxQACQAIAHVoJ0loVCWunAMAAHcIAAAgABgAAAAAAAEAAACkgQAAAAA5ZWVmN2U3ZTNjMWJlZTJmODU5MWEwODgyNDRiZTBjYlVUBQADLRDQV3V4CwABBCEAAAAEIQAAAFBLAQIeAxQACQAIAHVoJ0loTH8sQAAAAEAAAAAtABgAAAAAAAEAAACkgQYEAAA5ZWVmN2U3ZTNjMWJlZTJmODU5MWEwODgyNDRiZTBjYi5maWxlbmFtZS50eHRVVAUAAy0Q0Fd1eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAvQQAAAAA' AND file:name = '122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670' AND file:hashes.MD5 = '9eef7e7e3c1bee2f8591a088244be0cb' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d0102e-2a2c-447a-8d95-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:42.000Z" ,
"modified" : "2016-09-07T13:03:42.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670' AND file:hashes.SHA1 = '48a6e43af0cb40d4f92b38062012117081b6774e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d0102e-af60-452e-a779-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:42.000Z" ,
"modified" : "2016-09-07T13:03:42.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = '122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670' AND file:hashes.SHA256 = '122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d0102f-673c-4059-aa77-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:43.000Z" ,
"modified" : "2016-09-07T13:03:43.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:content_ref.payload_bin = 'UEsDBBQACQAIAHZoJ0k7TbTMJAAAABoAAAAgABwAZGYzMjBlZDdlZTZjY2Y5Zjk3OWFlZmU0NTE4NzdmZmNVVAkAAy8Q0FcvENBXdXgLAAEEIQAAAAQhAAAA73Zku21fSybTRTlOxqFc/OCy8orNzHFJdFpG/KQ6Zt+3/vE+UEsHCDtNtMwkAAAAGgAAAFBLAwQUAAkACAB2aCdJGf/iAEEAAABAAAAALQAcAGRmMzIwZWQ3ZWU2Y2NmOWY5NzlhZWZlNDUxODc3ZmZjLmZpbGVuYW1lLnR4dFVUCQADLxDQVy8Q0Fd1eAsAAQQhAAAABCEAAABz+rFHb3JbZyAC+G2F/YuJTa7QaXAPI8Z1jSVB27CaZqNdrmI2c0yew6BRseHggRGK39aJ0cdQryIEYGrnVqxeqVBLBwgZ/+IAQQAAAEAAAABQSwECHgMUAAkACAB2aCdJO020zCQAAAAaAAAAIAAYAAAAAAABAAAApIEAAAAAZGYzMjBlZDdlZTZjY2Y5Zjk3OWFlZmU0NTE4NzdmZmNVVAUAAy8Q0Fd1eAsAAQQhAAAABCEAAABQSwECHgMUAAkACAB2aCdJGf/iAEEAAABAAAAALQAYAAAAAAABAAAApIGOAAAAZGYzMjBlZDdlZTZjY2Y5Zjk3OWFlZmU0NTE4NzdmZmMuZmlsZW5hbWUudHh0VVQFAAMvENBXdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAEYBAAAAAA==' AND file:name = 'aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b' AND file:hashes.MD5 = 'df320ed7ee6ccf9f979aefe451877ffc' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01030-6e28-4356-810c-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:44.000Z" ,
"modified" : "2016-09-07T13:03:44.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = 'aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b' AND file:hashes.SHA1 = '88aea4bb5e68c1afe1fb11d55a190dddb8b1586f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01031-af44-4609-9582-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:45.000Z" ,
"modified" : "2016-09-07T13:03:45.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = 'aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b' AND file:hashes.SHA256 = 'aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01031-170c-4393-81bf-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:45.000Z" ,
"modified" : "2016-09-07T13:03:45.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A H d o J 0 m L F 8 f J B Q s A A M Q a A A A g A B w A O D R k N T U y Y j V k M j J l N D B i Z G E y M 2 U 2 N T g 3 Y j F i Y z U z M m R V V A k A A z E Q 0 F c x E N B X d X g L A A E E I Q A A A A Q h A A A A H G i z 2 N i l 25 G x / z o Q B C O z U E 8 G d N j h a U Z 3 B X 6 F 81 W B y i L Y z t t c 8 k H f p 6 D I a 1 c I o i z Q A d s + M d 3 T 6 a q O X k 7 X o Z O K i J x 6 U w 6 o B V Z j E I 0 V e A O e R N z 35 r X x 9 D e 8 s e Y A l Z y 48 R + t o v I + x G X d a b P 4 b M S h G Z K S q t G b E R J 2 w u i k B J y J P s j r B O K L l S c a k f 9 P k o v n m 3 Y g 7 U N 2 O y 7 h c R L c M y / l T K g R v z N z i k B + T U i g R z n L 6 J l p S q Z H d W D f L q e E v N V u F 7 q q v o k + y p Z i 5 P z 2 R M c M P X Y 6 p T 22 I S W 4 W q o j 1 v U 4 X M 1 a K 6 b P m e R a 2 / t x I a / y J p K 4 d U x p B x S o H N B h o z I K P A v B y F k g v D S l w v j R + t S A r s Y p b F T 1 c z d w g P m q 17 V 9 X a a H t l v 5 G 6 c R S O o 2 o S 88 f 6 d 2 + 7 E r O K c z n Y L y v S h B O J Y I 2 d 6 E s Y Y 810 v B 6 z n J M / A G E h p 8 c 5 w m P E T 5 l B f P Q U / P f 99 U R Z S 9 Y q O b D Z g 3 h S b L o A B 6 X s t O b P K e S s F + + o Y Y 5 W W u W y 1 M r w p 78 I j B 3 M 9 V l c Q 1 U u q a h 3 F W d F 8 g 2 I Y X B + Y Z v s z 35 c M J x E M d S l O n N l i 0 D U F e r 77 + k W q R y u t Q A O T p L 1 F e h Z C P 4 z 1 Y Y d l c f F A G K j z C Z t x t U X H e z p I F 91 L 9 L M S z s 3 C H L 682 i m i 7 + E T x I w j 9 r T T W / 9 e K 6 c 0 Y W 5 I 9 p n d K g Q p E w K / Z K L 5 G H 2 l w w y r z g f a D L R 3 a / Z T i + / m n 16 I u + f f y C C k q K F o a d Q f m 3 T q d q 0 G C v O j 0 S L q 7 A c Z M H v d v i 6 g x W m 3 Y N i / v b a W z 1 u A N I U G j V o V v X b B a / B 40 C Q F f b j / r B Q u + 9 Q G h 8 z + R n s E B G K Z q c R / H 5 C Y I 7 G o c G e o o W I + s m e a 39 c + v c / y X / b a W 9 O R 7 Q S 9 E U n 9 M c f z 76 / + r W 1 N U E v k e U j n y L L c L A Q q u N Y 3 t q x p L E s Z 7 A C 7 A y n u O Y u q c A D O m v T y d h f i g e U n U K 5 R 2 t W 6 d j p E g I I I O c 34 n P i v r p J M h + y n u I L r x a b J z b w 22 H R A v C + m U O t O y r c X F N l t C j 7 k g d u W t w S o r m 8 k A J f w O A E 6 A p c M O L v q w o W 1 e K j t k r d S w C y a c 82 t g p S 7 E z x 4 r y l Z u W j o 7 k h 8 W E R H L 9 H S S V a 63 Y 3 X a 97 J J q b D 6 r x H E d V A H Y U J l I C v O M t b R T 9 M 4 k Q R B p I K 9 U i F l B u Y J h o v 9 E t b b c I f J A A s c F a G y + b n c O M Q p O n b U l m k H 6 p i h u B u / 0 6 Q w I d Y J H o P h M i k 5 G z j s s T R e C 3 K H R p V q S I w e 2 k y j m M r z y n c o X Q a V Y p i R 569 l P R s G g j r u P d K I U a O c t a 7 u 0 q k 9 o I W T 9 B h + U i v g d z N z 1 K J o l s f O K 2 j x E d / 0 O T R C 3 H V a k 62 t C s P 5 m R m r v d 0 G S U r o p S 0 B k y E V F a y W k c r A n p s E G I 7 A o o n w z 5 x A o Q i 0 A 6 L Q 7 k 38 B T 1 n j r W 0 Q a 4 R b w n V 5 p i 6 k k 31 f e X m 52 N O u y 0 j Q 7 G Q b U 0 y d B Y O q X 4 R c G d j b U s z j t m 3 / h x 0 K i X l i l i S F F + B e o c F a 4 p w O N 0 g Y T o 39 b I k k + O b b O 1 k g G A + 3 V y v d 5 T s P A v r k C Y u K / w d m 3 J 5 o x i h W J z x X e p s 6 X I h c 9 Y T v 2 O M n o J 68 + x / T E f 7 A b B E C t i 2 h 0 R 7 W G B u N D x E k r E q 25 I X o p W 7 T W f Y p o C u v E 4 H u 9 u 77 Y g C 0 C C l e j p q 9 N l X H Z 9 Y Q A 9 A k N b K p k Q x C A G 3 R h 4 d q I c h A z Y K x L E l c b Z K c D p M W q C q v i S W i i U T v + G k / O Z t 1 U V f r L R W D d G B o u E 3 e A u J 8309 p O v J x b e l 5 k t d A q E N r M N Z y / j w N e i U G 8 s c d y v 8 X C D y k V + m 1 B I 3 x d z 5 G 2 T X 813 B h v u d q a b 6 y h 4 C l V U L A G O C Y 3 J F p 1 Z r P b y S o h X V / R 24 E L M R l v I 7 F 7 I 0 c O H W 3 k b p e m 6 / W U 0 t Q n d k h Y U b P D / e N h 2 Q i p L f g + v r p v L 7 P a p P y P s L Y P V 7 X N c + r 6 t k 4 j c p c J p m I F o E X B j Q P A I m U r u 6 c 3 l / P p B w H R O + j r / Q 1 + 6 R x c L x s y m y a 69 Y W d f c E 2e3 N H X e 5 Q E z y X v z m u l U E o p t h / 5 c q 2 g h Z E J c t S e F w E x W f U 4 k N j n Y 1 o F R e //8o8eIL5jHFojyZsRhhiNHK38bTpy5jPdm5fBeOH4YMA+Uxy1gHscSBYbm21IdxjalyXi5V2wSkr4DOXgObcK8gGjsqNs4PzzOnTMgfffWYdufMQZVV41wpEkU3Nf7CA8Uk07CkXEB747GPVaDRHnQGS2X8oSWGB1TjrjpOBzpNPb3e58Tpsa8LFJeUmby5KMxOMazI0L8COzXZgWJgUnpyQAIAK8r9dtENnZJIw8bYmMV8vE9zFPVRo5x7uBQYr41K/4IJPWNS77Bh56QtV+xH0w1nxrML/QPmB6kEtMMAshRURJ/oy3gj5WIIDK/eT1kGFJQ6lsQMuSvx3ep8XmNHTtvIunt6BNfXSxg2X0pcJuwYXSYJzziIlVdRSy0F2+vGKJfqUwyNuBlcn4aUHWvxqePFWOMPuRGh2e+6B9z/nSSlYOOW9L/7ukvvxbDAhnUCq8TstrIdsjgBZ7E+ux58ighYedYdRPxiP1Y4iB0kA1C8iKMCsCZujvvzblAnmydat66j3bBpRvsPKhewtzeWkiWixMOesaokx59o2vqEw4gnHQgbl0tG+dim4OVt8EIfsK3XS+UyXol1OW/wcTsxYMu2zzBQImydAYUGfsIMTJyAd9JhuTv0CUqz9GlgQfTcCd9ys7+n9D22tz7wBZbbVkql9pKxnALvWlp5OJbomINcBUkG4sXXsMHz5Njcyg6txhnsjybPvXezPt8MbsNCShOprnGzz39SfyJ4LSGU5u7C4odmHgeQ1uvpI5jI+4J9uk50WrPc2ASUTbctu33enh2xPFmzTV5Qn/cazMxVBw2SKNbqhwgWYkNSSwppqO5r/neZC/AgPEK+pt7I/AGUrRauDQdTYjlInlqxs8KMwW5fz9xy/PW1walcZT08bEJjAQJ2Y7ySGyTqCwjAEViJPuOZnLwU/0fftGR8idy9gCh5Nek7Is1q/Bncq1F34tY2+LDSjVTxWx795PEhOhU7ioutojLYsglxtcZrEzQd8rkGzrfJzf2oJ6c7tuTADMCg7z6R3FoDmTrqzEB9tae08DTyOrHWzQYr2101A+6hGGK8f0u8JUqOv3Bw5O7Euo7zNmo8RE2an8bYAzynsLp87kjXI/MYZH1C8e1qe0UALgoNjthYxnO6UcxXwwGVXEQKPRUEKMtepSM0Pbg8qvIace0FnFuq09E0/IijXpWlbksxCHlv32KfC6uTcHGNXExlxap1NxPp6xtEsszYFSRj1Vue2kLH23J4MK/+1b2gzNnWIuMe89FQ0DFwJ1b6VRzya9XqIag9alqYROLqLfYNgHtnIgl+5W0PlTham/XIjRXm0+P37ZL9MLhBTOvw/pr95UjT8zbF50I2ZFC0cUVxcoy+dFVRv33x4hjVN1v/J3Adcc4nRtoQ0cxcHl81/7AD09WVCJUVKoyR2Lh/mrQT7Q4Liu9GrGqlvT+y2RYON/pgw6+0IQryLbOsGVgtDUnW//ZXsOQSyqc171IlQxBVdhdb8HJQR6xxnd/DwwcwXIC7HCB7NaTFD0jXj2L9/PcCG7TAjoH7P6MoD4MhRtD/gvfo+wVF8wolEX5RtlV6hsOkUrslYo2PhG2vg2c+xtVsnhF13cwGf4kcqKsp3fMJ+7vm7By3CItr36Ba+3XgI8oDA+8FAEDXPTaP/tyTUB0YckhV33g8HEOapvgiEwI0XKzxadT68DNztm4Tl+Nj94ANKfOEvUlt+vmiE1SJZV1UGKN+ymXdmsM+y5VI0rm3Jf+Muwe5YofWtmzpM4i+TE7ZkJMlZz+X5wE7EXMFTtnYVBLBwiLF8fJBQsAAMQaAABQSwMEFAAJAAgAd2gnSR3p04VAAAAAQAAAAC0AHAA4NGQ1NTJiNWQyMmU0MGJkYTIzZTY1ODdiMWJjNTMyZC5maWxlbmFtZS50eHRVVAkAAzEQ0FcxENBXdXgLAAEEIQAAAAQhAA
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01032-1fb8-4ca2-a48d-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:46.000Z" ,
"modified" : "2016-09-07T13:03:46.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = 'acfb014304b6f2cff00c668a9a2a3a9cbb6f24db6d074a8914dd69b43afa4525' AND file:hashes.SHA1 = '2cd24c5701a7af76ab6673502c80109b6ce650c6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01032-029c-4e6f-a09e-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:46.000Z" ,
"modified" : "2016-09-07T13:03:46.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = 'acfb014304b6f2cff00c668a9a2a3a9cbb6f24db6d074a8914dd69b43afa4525' AND file:hashes.SHA256 = 'acfb014304b6f2cff00c668a9a2a3a9cbb6f24db6d074a8914dd69b43afa4525']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01033-70f4-467b-b03e-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:47.000Z" ,
"modified" : "2016-09-07T13:03:47.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A H h o J 0 k Y 8 I z 2 t Q 8 A A L A r A A A g A B w A M D g 3 Z G Q 3 O T U x N W Q z N 2 Y 3 Y W R h N z h m Z j U 3 O T N h N D J i N 2 J V V A k A A z M Q 0 F c z E N B X d X g L A A E E I Q A A A A Q h A A A A H G i z 2 N i l 25 G x / z V z I Y J O K n u p 5 z D r s Z M b C a / m f i 7 N a g S / a 4 W D K X O 5 e S 3 m R 66 M g Y 5 A Z Q d g m R i x Q h A j r q s x x f D 12 D N p u c H y c r G h 6 M u Q 4 V c p D 7 b T j d H M V H C e k H y 6 + Q W U T y 0 E z P e 3 R I 97 + a X 0 A + y Q S p 7 x B u 8 D Z C v 6 b F m e G u T S A f Q p 9 B 3 J p O a n q W e x O w 820 l Y 3 H a 5 Q m z j 2 U d / I o W i y 9 + D Z 0 g e G m h U z v E 4 q d A N t j v 1 D S a X Q i x W N p z H T J 5 R S o i h w 8 / P U W D y V r g e 766 D M 5 f 7 p F E p + 7 X W 5 a P P J q f o p 8e9 y i V R 5 B B 7 c L f 8 a 0 p w X N f I 9 V J 6 J q c B E u n s o t a 5 e f z I C a k f 6 g H s j v v i 4 m 4 q 8 S p U p B S k J Y D Q 0 m p q m 2 d n r 6 l T E 9 I k W G j v W Q c 1 b d D 9 M n u 7 / 7 K h 5 X v s S y S h s E l w 4 k E h b j q M 9 s k W v r z V l p 9 K L x 0 j 9 b 7 R 9 u T y + Y V x L 5 I n 7 / W R n K N W X l 0 v d 7 J o g N j / T d F N T m U K m + l L i N l X 7 / A 0 y C 6 + c Y p a 4 e / 46 f 2 Y L t U J F 9 S K Z F Z Y q B b Y S R D K 61 q 58 a 9 U I 2 m B L E k T + D C 7 F M O B T k P 7 G 434 l W L y 43 C K S q o 5 w H D r 5 M y f 7 m q V V s 2 g 24 r L b x 0 K + j I R j u I R c 1 P v u V y 4 C U 3 u r 0 b G F p q W k + i b P n I P d 9 R C t 6 f n s z Q p h U m v C D H l H Y H n n N 0 v C 2 o x v w k j p o L G D R O y O l l 4 N M 7 r 6 U C k 4 + E Y i e b h T K D e P 6 t x 2 U 3 q P 3 X j L S E o n A q 9 E f e 1 K f 1 c k d f y 0 S U c Z j 4 R o U u J 2 J v Z I f G H m H a b z l Y C M V 71 j Z h f 1 N d g k q Z s 7 f S 7 H y P 4 S o T L s t b x m 0 v b Y e u Q N k y m z S c H J p B c t c o O K R W n 1 o A D 6 C 2 i u d 0 Z m M K x a e P w S c n L 9 I S b S s L o F F B J X Z p a r B 0 j 1 e b X M 8e12 F 5958 q 7 e U I 8 K 0 R I k t 8 k S a T c f u k q l C B M a F O R N y 9 P L z h k e c L k d l r / b R s H 56 Y S l O C Y E X c D H 2 j B m g 7 l P P 6 A Y 3 k v C T S r t 2 O H C y J L M B k i w J Y z k / h 0 q t T w p O m f b d C E c 2 a z 2 Z 2 g c p k f O R / 3 V j d G l I 5 u k 6 s B O U h B v e l 4 k i G h z S d j / u s 0 z G + P U 9 z u n u u G H H P G F c K n S j l v V d + p k t T B 3 T p Q O a o o O F 1 O O d n b b X 6 Z s t v 6 p k s X A m d A A T 2 g L J Q B E 2 r b D m n d E + U T 6 k s O g 5 s k W 7 l V G Q b b Z 1 R u H g i k L + Q t 4 j p P o C 1 O b P B X f y V o p y j j 4 R I e E T C u w t + + P K Q H V x y k L H t F I 5 Z I S t v T 689 V + F v B D f e 9 M h D e F N V N M y T v L m 2 l i u g c Q 2 r 6 + j M Q d z u F U t B v X l m R k D 17 L z 4 //KiYiRm51Ba4N8lUwpX48oO4jWk4xIjLnoobnzZvf8KaSTVujmt0TuGz5KT+K9RU4SP9h5JMAxNc/nNqOOQTbPmHmYEoOx6BdZLmccY2x0R6eBScT5Tptq3KkviyxQdrRLCDWIPDqVlkyRbG4B3uyXhZzlpF71rMCattWEA7k/+tvOL91mp2fJTU2u8ZjOvBzm3bb/QMJ+OO0npBUSeapKULDfRVSdQxqTX2XY2sk3HBrtL1TgbePuiYs/zD1K1id90+e+Fi5G/GJWnMH9J8cUZFL3wlatyqtHVKMHJ8FiahaaLjRKg5F0nvXDyu1vouR+3HhWWED0R7KXTI9mkKAju1J1h8praoWGv4ngMrXaBKz6NTG8uIPr8buuN7625NikliSnxR6mXwCGKDifWeBOZtTw3AKDjG3a7jOEq3k1FXSLVDbqaGaqmoSV7rH1l15suhQeJ3wxVKwsXx8dfRciHZRKm0wX4WkljuvxRCLcrbp0heb/u4JeGvlGPkJgLgT4KTtZVg8DxfuyG0+YBR0GbquqtrYwn0SMfS/GrBI/3K/KToCNPgu5tvie0vOzIuo0aWMYX+PYs56EUBqLD3ROshgxhrRkBZzJBA6X+m8yWMfhH9gCJKZnOqdzTVuq27z0idbZziNGV8BF/x8uoQkfc+LS0pXbdk7qkADz74RSp4IEfL094K10xRI+RZN2Z5/CGm1AsVmTk0O3hBOC2MBOQQqArRvVi+OtgLJOdcCDQOQiI7IXrCm0JoDa/rn3o3UQOn1cDp7pzos8LXXJkSIItY5tbvFPpB+AADg4/hiW5DR9eKPhUiUUWxISRySMH3suxileR7KJfXqMJTJ9T/b5fKXon/mrnh0ob7Mz/KCwIKL5Nc5+kEqxVNQGmylClWP+iO2h3GVmH9qVqL/Ki/HkpozKUGv89EgC4Puww8WmCQFQVJsaYxnFtAgG2ikj3ASvMAKomb6hMdrODjgyvhb3++E1C2Ss7fmibTSCAPtV9xo3VkipACNIF+cTmtsZDDGTVOwgszAFXQhp7mPZzsU3GtXUfzjVbpLJ+OLJp/flfTO1yl/Rb6WuY1DLKT7XaGSvRS6+G3+cQ5KmgK9II59U4U5FRwnUu4wCSVvI70mCnXMO8NhgQn8/8CGL1/+ocNzsYkqQvVFxnCNt85pqrMQ+sCzSR7AB52g6EdwTPo9k2AP8lWJoIREsWLIAr3nA7oEXGrJEWrd0J0gEFli5nBcyn4vslyu2CABGNpkHOUYEeNwk9OVLjDXf7XwDnfHRJU7tylJrFqM/ByQl6xEmeitHgVC1+yf/C5vgNfY8Gy6wyn2DLNRMvlynqKuMjPFCvqo4ixPAzl+nL4010P3frEhLX/m0kr89ZbnwVICJuXdZAmR9KzKF5pk/OP2QLUbJTQhZrWodfCLaQEdlJffFqG668PR7qmrmRIvKD6wjID0YmhCWX4VCkz3guukavXREbefq1YvKKCb7taRaus33hsqxJb5TmmK91EJJn/2deBon8WcHeSkEF/DvWkTIEKLk1hCCiQhw6/eaueTyJkHZI9APsBAH1xHF5bhRUIqs78Nzbd80FK89JnYb/A4R8tt0FvVaP7Vxb1SohzJKWwxhznxY0iaXyLBTYdYxk4pP5jOShjCkxIcfcId/OdoeBnevU0A5CfXF9ZAGmpV9Gin7XsIi+yheOfcqbgjF314nd3zFTQmgZNPxRUxupOOYvzB7/pq6XgrBIYYtaTFc9p22S2R3Y0z4RCCc9duWTYIZbgP4Bkt9XzzddpdIE80f2LvXz1pzl+ZzmBeqIox9BJJ1Pc+hLl09Q+zSaiccXY/QKY5EisJtAmLnk8iErMRCV5pnWVO5w7hV5F5LisRRRtzJUfi+XlI/RS6FO8TErysFX8XclzKd+hR43pm1WqMlSbg4cakjSK1ISNWUdaFjYL7XswxGSs6hWKZW1Qb/J0hWGjNxcpbooaC0SstkxhAf/g60gvX+oG+h12E5ooPZXTckNy63s4U7LqkKemhJbUXJtHjpDa7krEZE6D6D3hzWJESQTNHT42VdOexk9IceI5xUO1jiv1EduB1Uxq4r6UKiUHCWSFWXcDR/zDncTCUKGpy8V8JsZ1XOPt2IoHTsDBUPVrIJ16aVPBLTsv+5RU2dlLLLp/na3lxso2FyQFwH6mvfoxifAKssYUXKQ7SOXvt8m7Zkt0GKK7JWQtrX/vR33O2lJw+y2JfVLGbvIXz4bW/BxWQYjH6Cj3nQb56OJugvlcvpxyDRxfsdYAiRGi0IGtR+Aa9czsJWduos+VzsKh0GFQbJUjcxO6OwEzmccVjxcfwNBIDVv9Jo7AFGd2XnNn0X9po7F4h3UvQq0c2ciR8edZtdM2417lQHooazeMv7rTJ8iq5O3RM1VaR7JvRrQ/fZlKD84YGU4M9BbUjV1EnMZZ/zCjkKhbeiIUqqAo3l20KEeLDLe+e4Ya/sqpsRoFxfuWq1bXh0eJzsfu1OlJeUKc9iuXi91hsvs9fyCfekcbBLM2k+/TlDVNOjk22M86hcHGzItzRu1gy2GcG+N9whUxHeh8N++fGJpoVMij6HcwN8A/XjUxNBGvmQVZjH5SUg3fQ8UxW9lECyEbm+yIQJeuJshEzOpN2i40jtrcLizTTKiHrBo+Juezn/rbKkh
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01034-ba94-401f-a7f2-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:48.000Z" ,
"modified" : "2016-09-07T13:03:48.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = 'c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480' AND file:hashes.SHA1 = '66d246e02492821f7e5bbaeb8156ece44c101bbc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01035-3298-4836-819d-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:49.000Z" ,
"modified" : "2016-09-07T13:03:49.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = 'c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480' AND file:hashes.SHA256 = 'c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01035-c31c-4e50-92e2-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:49.000Z" ,
"modified" : "2016-09-07T13:03:49.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A H l o J 0 l c / o 1 a E 1 w A A A Q Z A Q A g A B w A Y m J l Y j E 4 Y z B j M 2 U w M z g 3 N D d j N z h m Y 2 F i M 2 U w N D Q 0 Z T N V V A k A A z U Q 0 F c 1 E N B X d X g L A A E E I Q A A A A Q h A A A A 73 Z k u 21 f S y b T R T Y D U B 4 c D D Y Z s p r m M t g 0 Y 848 S D D o L E v N b 4 X u z s y w x G J b G S C u 7 V G 8 t d L b s M a 1 n i z + B J y R n a 72 J L Z n m K 9 I o + j U l R b 2 a X 1 K A 1 J e o h f p C y 6 P O f 92 I z V H L D o w d r d A r j V h O X S 8 G m B O D V T y z T o 39 m W d 2 X B a v u i 8 M i m b 5 i V 14 Y k b p A Z b v 4 z n E q 5 p O X H r M g t d T B J G x S B 2 R D / B 5 X Z 1 e F Y Q b a / c Q K I 5 y n Z R Y P K p w n 8 N H I M d U J N 1 M u S h K 3 j 7 H Z x H P q T 2 b n 8 o y 2 X E G z N Y k F 33 Y k l a / c T t Q V U f g r L 5 S I R I X R e i s N G V p M L B D K 1 + n d y g 5 W 71 Z V 84 a S 54 d F h u F c 0 E v M n l Z 10 L V C T Z I J d 9 A R s 58 X U R V h d 12 H s 0 z u F U H t f 5 L i 5 x 7 h r H j 1 z G 1 / B Q h V b k C E W T y r 19 y P u I F G N U m 4 t x 457 B l T M 6 a 3 E p A B q g G i 9 M Y s 0 l l 7 c d o P R V m u e z C r 6 I F n w z J W j Z + o + V j G h D 6 R + z q e R g s v E F 0 L X 8 E x K 7 y 4 N i U x y u Q Q o y I I F x l Z w l E V p U p 4 p D g 8 r w l 4 M W V 3 P x F 59 D U d q T 1 M X S 0 l K y r + 6 k b 1 X j U 9 B j d e A s v g B m z 1 V e q c j X h j + Y l x F 4 f B e c j t J R X S p k X m L h A x R E 3 H x f h 2 w E r e p I 2 V D X B H X d A e c A + n E V J i z C W V D r 7 + g A k Z q Y 4 g F S W m f y 1 u C F 9 m d x i C Z b Z 2 m Y D 6 W d J X U 5 Q k 8 U 1 N D A G A T H G N 3 / 4 D j T e V q M P Q o b t P c k R S b + 8 H B I L w 6 E O 4 c Z g a d i U D m J w U D + a L Y 8 R U E F x e E T l 56 T V y k f V 3 F S m h 5 h P Z + F M 5 i c k t p Y B O D Q y Y a x Z r j / j m x v a V H f H 8 m x O X l j Q i s D 5 c 9 t 9 g 12 J E + 0 k i 9 J / M M p Y X z Y n N v k p + Q 77 N z a + 6 t A w 57 Q a m 8 H I d / d m C 7 X j 11 Y o 6 / C 4 k l T x 8 s v 2 R x b H j L 9 y I B Y J 4 P d l N / o F k h W 1 F w H 9 o J n E y s f r c A w k g Z v 2 Y N h X T S / q H c X s F B n X Z C R k i K D j 8 k Q + o w j V s g J R X g g 0 L l x n g G Y W M D m L Z T p V V Z i N 3 G i b A X D l d l 6 v F S j g 5 u + R r 8 c H b i r 7 r w y 6 X U / K x R 1 A s y v x F L / z 0 X f / b f U g p o d O W h E n Y Z V s 9 + 7 m q E o 4 j s 7 B j 8 Z O d m v + y 0 d g v 8 k a e d L E H V p L n L b f g i W H w S l / w Y e D E o + c 69 o F v 2 n o N C t 1 F / q E + i I j s 0 5 S g P Z l f p h 0 i p o s e R P A 9 S 6 e U L Z d Z 3 O s c 6 t i 2 L F 1 / h A I w q P s 6 y N 51 f j k d + f 6 / I 5 E J k P j 2 H R 7 x x i 11 n J Z w G K k z b t m 5 W t G 7 g U K p w t i n V U H g I E f i S B e L S H N Z e 9 k E z u t Q O 675 K O x 9 z + a d J 0 K D 410 Q F L T g a S q i g c V z s 3 X p L k S 0 E N q a s 9 y g t 28 b 19 x m j v n H 6 V S C J p w l m 7 C p m F M Y D T G 5 + s s X L 0 Z W Z e 19 G L T h T c k d z N 3 C 7 m l / v y x M Z B 2 J S D v i 0 j V E p n t 74 G f l i F g q r Z q w 8 B H i g E y G M W s I h 9 p 9 e i m o 7 i N w H q 6 s C C Y b 55 K Q I E e z W p Y 2 I L b w c p P w s e Q n 15 U + 4 / m 3 + p B t G B l l D V w h L 34 p q S P n b Y X b u a 0 x W G r 2 o 8 B d E 4 d u p 44 Q x 9 i q y w e K Y Z l w 3 L d V j 2 f R + 47 g G / F 9 i z Q z b 3 u R p k + P f m b H U h A P I B Z S 60 W U b g K a N o + a k 0 Q 1 l b R H V G k L T y x 4 / E u 2 F y / 0 m r W G b 6 u v + C K 626 T 7 / 4 + x f I r n O U a n A 9 K E 4 j j R + 84 C B U J R + E 3 F T a a r i B G m V p z D m c m 2 i o d 4 M y z V 4 B x U K h 7 H U h r w t o e T 4059 / T z i A t f 9 h I 2 H w 7 O N V u I Q D G 92 o Q Z Q 4 B + k D s 0 X 4 D V D Z Y G 0 m S U F C X n Z t e a h V S Z x L N A m 64 X C D a C K H V J R X 8 T D I U D + T Z F 0 K T R g l e u T E M o J U m u I 5 O S 1 s I G k C N 3 Z e 1 u B j 84 w g 8 P 1 x Y y w f g X o o E k v t E S u e d q R J 6 X / + 3 c x 0 E t 87 l E y U s O H Y m t 4 x s b F B r l G a q 8 J k P y v 3 r n 82 Q I x Q k o M L 8 k a S q r 3 I J w y w O 9 p t N L w Z G / t 2 Y z K Y j 3 j J y h y J N 2 h A N Z a C x O 3 z x I U y s 8 S v h 7 g + A c f K F n 80 D s 58 Z O m M J + 2 J I Y f 8 H d G 3 M k d 3 j r 384 j 0 B P d I j O q 6 j v J 12 X D D 35 u 8 a y f i H q j O M u N / G t U M O m Q b h N L 4 k 1 O 6 m T 5 y m i 7 Y p 64 O j i U 3 J d v R i h k E F q D 9 L L 2 M X f m 4 p Z 9 n D E T A 2 f O t 4 a f 0 s N S X k 3 E z p J g f Q 3 / I Q / j / s R Q 4 g r / N P S s f e I K p o a 55 Y o q M S T i X 9 R i q B R r f r F e O 5 W E l R R + 8 a S K T c J I + d P P w s d W U g Y / 4 k W Q + B h 7 v 5 y E 3 z n 2 L g C Z s 1 i i d c F d s 4 S 5 Q 5 l E j n Y H R c w s k e b 9 z n S 54 a g A L C r P H L y c T r m k o 32 c 8 Q / u 5 A g a B i L 1 / P i m b n H z 8 q j W b x o N d l O U U b k E D o I V r D j / a 0 / i 8 s Q B 347 s m l u N f q I h 8 D l H M L T I b 9 z p l 59 k E c d Z 4 q / K j Y M p x j T u S T V H 83 E x x l C E S e 7 x k z P R n K 9 F V L i G b p 9 h Z l z v h f C L p p K Y V / K Y v + 9 + u c Q 5 v e 7 + 3 a A 89 e X v C W x l R i S Z 98 / U Z 7 N 6 Y H + Y G b u Q 2 d 2 R 9 U C l q T u d j O K 98 z d 0 1 r S 0 k 7 k F q g t n r d w h Q K B 3 z g 574e4 L n k L g Z o 8 Q 0 j d s / g e w B j j n 8 s z d n l K E L 7 t M 5 X c S j Z T w J q s P e u P p x N e t / Z e c o q 2 g 7 x D J d 6 V Y F A / Z P T a 5 I 1 w h x X 6 X 0 M l g N g L S K Q 564 p q Y + U f + n C y k i c N b m 4 R s A P U K i t s 418 b U E K l n u N 8 E z 9 I 1 m U 0 N V / g Q W L N T Q r n O N I O t b Z a D X 3 M e d B U f k I f r j f j V B F L V W T l i p 3 s k X C D n C K K v I P 4 S U X 8 k l + G x K Y l j 2 S J R e t U u q Y A V T f r d o Q M m l D l O 89 D 6 w h 0 w V q 1 b S z y Q 39903 X f N T d i r m / G i N h + I a t h N g h O + s l 2 R Y S V l S g M S R 4 + t Z v p D e r L s I s q x r R G D l X b e f 5 a / q E 6 H P N y t U Z 9 c t v q 3 u i 8 Q t 6e1 o Q a n 6 a t U Z F R z g 45 d l N P r z m 6 W C p V M p O e 0 5 Z x T e 7 f C B l r b d V l U 7 p 3 z + R F u x e 4 L Z w c f d k 5 E X 0 I 46 / X 7 E X 9 E R X l r i E u t J r 3 x a / 8 Z I y 6 P 8 o m U o A a a T E 7 q J Z Y 7 w M q o q T A A E D q J 9 C R f H E 9 N J N 2 r 0 u T T i O k v f R g f A r O t V o P u r g j a 9 / f U p h v S 50 P v f Z C 8 q E u 8 x O M E Z 8 X l j U J U Z X Y R k D F n x U A + R o t R q F x F N T P y 4 / 5 t a a j 7 g 9 q Z J q q 4 L / L r Z J b l V j y M T u T O I t Y o i X 3 t 4 i v y 4 q y 10 + n p Y v h l w B 7 b f S H f w 0 L J F W t V m K e e y h u b l k I x X 7 d z / Y i + / g 6 m l V x B 9 t X k g f h Z T z g X a / b / n + t W w Q S f w m B b s G 8673 t J 1 F 9 k D M p 1 B y k z G L w d X K x B 0 2 / 4 c K M L 0 0 / I K V n c z w / 2 f W x U Q v g g J S N M / l N M n J P n b j y w h D 5 t 86 R R 9 o D v 5 s N C A f W v W G d L X 5 / 2 i D H j A 6 a D T d n 12 t l U Q E l z H b o y B C j K 1 S 3 t 8 y G 81 W D X 9 h L R S T L h m N 0 X x f k J P / x T t 4 m i 7 W v 0 2 F w M s K 1 M u v 5 l B f D n n t Z G L C T h O A w / Q c 3 / + 5 m a x V 2 u 7 / g y M b m v g E D W o R 70 e M V W 1 Y 5 Z i g O g n Q U c + W R C u 2 k w 6 / 4 X s G c 3 V P K j e d A w P B z b I Z 5 r 37 N X 6 / U r j N x + Z l S f 3 b a Z D M N j o F x E d r F u U n A Z K b I M e g N h J V P f K C L L n M r k + M T + d t y M K I H k u p r X b p K Q j 2 L w 5 C g B h L h X m K g 9 W p C z A n D n D G g 5 n E w p G G V U H 2 H w F w i l o L J e 0 D x p f Z H n o 5 Y r Q y S o Q t a y s H c B F U i J 9 g 2 I q c a b i X J t I X p 8 g V R r u 5 l i U O D P f G R a //ypKi2uGlH6gWkTotjXKL0852z8wxAV0fpIpyEL3l+e4Xa0ZvhnVSSr7/7q3Xfd2mQn37nkIlaFa8K7DkUXi5FTglS9w6pNKjA6WQ4fj7XafNYNyFsaQaV3cP1DfSOrU1eddytCDCY/YVrgNMkRfIPpu20hQRTMNAb0zvcE8ROhcw99xryX/QlAe6nWWJ0o84EOpBoRFXGNhGITPlim3xEhBxRsoNH8HHXtp8WlAlfnXnWqwNusImuBjT9jAto0CLJj340ylLRdBcuvV7cj4tnsHQuto
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01036-92cc-44a6-872a-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:50.000Z" ,
"modified" : "2016-09-07T13:03:50.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = 'e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853' AND file:hashes.SHA1 = '358afd4bd02de3ce1db43970de5e4cb0c38c2848']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57d01036-7954-488c-a7ed-06c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-09-07T13:03:50.000Z" ,
"modified" : "2016-09-07T13:03:50.000Z" ,
"description" : "expanded manually via VT" ,
"pattern" : "[file:name = 'e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853' AND file:hashes.SHA256 = 'e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-09-07T13:03:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}