1271 lines
1.7 MiB
JSON
1271 lines
1.7 MiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--59a4fb50-e07c-48d8-b0c8-483c950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:46:24.000Z",
|
||
|
"modified": "2017-08-29T05:46:24.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--59a4fb50-e07c-48d8-b0c8-483c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:46:24.000Z",
|
||
|
"modified": "2017-08-29T05:46:24.000Z",
|
||
|
"name": "Malspam 2017-08-28 'IMG-'",
|
||
|
"published": "2017-08-29T05:57:51Z",
|
||
|
"object_refs": [
|
||
|
"indicator--59a4fb6b-64bc-4a54-924e-a845950d210f",
|
||
|
"indicator--59a4fb6b-2800-410b-90f8-a845950d210f",
|
||
|
"indicator--59a4fb6b-ee0c-440b-8e29-a845950d210f",
|
||
|
"indicator--59a4fb6b-1b08-40ae-9c26-a845950d210f",
|
||
|
"indicator--59a4fb6b-62d4-489b-b3ab-a845950d210f",
|
||
|
"indicator--59a4fb6b-8cb0-46f3-a669-a845950d210f",
|
||
|
"indicator--59a4fb6b-a470-42f3-a61d-a845950d210f",
|
||
|
"indicator--59a4fb6b-2e40-4f1a-92d3-a845950d210f",
|
||
|
"indicator--59a4fb6b-873c-4381-8c1e-a845950d210f",
|
||
|
"indicator--59a4fb6b-7918-4d99-812c-a845950d210f",
|
||
|
"indicator--59a4fb6b-13d8-435e-941d-a845950d210f",
|
||
|
"indicator--59a4fb6b-a958-4abb-93f9-a845950d210f",
|
||
|
"indicator--59a4fb6b-ecd8-42f4-af32-a845950d210f",
|
||
|
"indicator--59a4fb6b-4530-4264-bf48-a845950d210f",
|
||
|
"indicator--59a4fb6b-16a0-41e9-8646-a845950d210f",
|
||
|
"indicator--59a4fb6b-c6c0-4386-809e-a845950d210f",
|
||
|
"indicator--59a4fb6b-918c-4602-9c9c-a845950d210f",
|
||
|
"indicator--59a4fb6b-bd9c-4b08-a5dc-a845950d210f",
|
||
|
"indicator--59a4fbd7-1384-4920-9da0-4c2c950d210f",
|
||
|
"indicator--59a4fbd7-2698-4099-9599-42aa950d210f",
|
||
|
"indicator--59a4fbd7-b804-4125-9a0a-4451950d210f",
|
||
|
"indicator--59a4fbd7-3464-4f8b-9d74-489b950d210f",
|
||
|
"indicator--59a4fbd7-1f00-4bae-bd96-4964950d210f",
|
||
|
"indicator--59a4fbd7-fed0-4cc0-9864-443f950d210f",
|
||
|
"indicator--59a4fbd7-0e38-4988-9f44-4e69950d210f",
|
||
|
"indicator--59a4fbd7-1370-4c48-86d3-4eb1950d210f",
|
||
|
"indicator--59a4fbd7-0f48-425a-8abc-43d0950d210f",
|
||
|
"indicator--59a4fbd7-81b8-4aa0-8587-4d76950d210f",
|
||
|
"indicator--59a4fbd7-300c-4622-ac95-42ef950d210f",
|
||
|
"indicator--59a4fbd7-5eec-41b1-8e58-4237950d210f",
|
||
|
"indicator--59a4fbd7-ef54-466c-8821-4819950d210f",
|
||
|
"indicator--59a4fbd7-7330-4282-b22c-425c950d210f",
|
||
|
"indicator--59a4fbd7-30bc-4e72-a4f0-4c29950d210f",
|
||
|
"indicator--59a4fbd7-4814-4584-945a-4345950d210f",
|
||
|
"indicator--59a4fbd7-6a64-4ade-9330-4c76950d210f",
|
||
|
"indicator--59a4fbd7-9d90-48fe-9f05-42b2950d210f",
|
||
|
"indicator--59a4fbd7-ce68-4807-97a8-4c0b950d210f",
|
||
|
"indicator--59a4fbd7-534c-40f4-b7ae-4080950d210f",
|
||
|
"indicator--59a4fbd7-e77c-46c5-b2d0-4b1a950d210f",
|
||
|
"indicator--59a4fbd7-c990-433e-88cc-4e23950d210f",
|
||
|
"indicator--59a4fbd7-99e8-46e7-9fc0-4d44950d210f",
|
||
|
"indicator--59a4fbd7-696c-4542-a153-4e51950d210f",
|
||
|
"indicator--59a4fbd7-f300-43f6-a55c-4be9950d210f",
|
||
|
"indicator--59a4fbd7-0b48-4218-a334-4f63950d210f",
|
||
|
"indicator--59a4fbd7-3244-4a3c-b31e-4604950d210f",
|
||
|
"observed-data--59a4fe24-3c2c-45e4-86d4-4b9e950d210f",
|
||
|
"file--59a4fe24-3c2c-45e4-86d4-4b9e950d210f",
|
||
|
"artifact--59a4fe24-3c2c-45e4-86d4-4b9e950d210f",
|
||
|
"indicator--59a4fe58-3854-4170-89e1-46d9950d210f",
|
||
|
"indicator--59a4fe58-3398-405d-82cc-4f0e950d210f",
|
||
|
"indicator--59a4fe58-dd70-4cf9-9e6f-49dc950d210f",
|
||
|
"x-misp-attribute--59a4ff43-e894-4b06-b424-fc01950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"circl:incident-classification=\"malware\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-64bc-4a54-924e-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[url:value = 'http://drommtoinononcechangerrer.info/af/78wygGHDwf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-2800-410b-90f8-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[domain-name:value = 'drommtoinononcechangerrer.info']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-ee0c-440b-8e29-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.89.249.74']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-1b08-40ae-9c26-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[url:value = 'http://gotcaughtdui.com/78wygGHDwf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-62d4-489b-b3ab-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[domain-name:value = 'gotcaughtdui.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-8cb0-46f3-a669-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.238.99.64']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-a470-42f3-a61d-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[url:value = 'http://griffithphoto.com/78wygGHDwf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-2e40-4f1a-92d3-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[domain-name:value = 'griffithphoto.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-873c-4381-8c1e-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.32.177.50']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-7918-4d99-812c-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[url:value = 'http://grlarquitectura.com/78wygGHDwf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-13d8-435e-941d-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[domain-name:value = 'grlarquitectura.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-a958-4abb-93f9-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.89.16.143']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-ecd8-42f4-af32-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[url:value = 'http://halley-informatica.com/78wygGHDwf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-4530-4264-bf48-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[domain-name:value = 'halley-informatica.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-16a0-41e9-8646-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.227.136.197']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-c6c0-4386-809e-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[url:value = 'http://hendrikvankerkhove.be/78wygGHDwf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-918c-4602-9c9c-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[domain-name:value = 'hendrikvankerkhove.be']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fb6b-bd9c-4b08-a5dc-a845950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:28:11.000Z",
|
||
|
"modified": "2017-08-29T05:28:11.000Z",
|
||
|
"description": "initial download location",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.255.9.102']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:28:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-1384-4920-9da0-4c2c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBAoACQAAAMArHUsR63ORqA0AAJwNAAAgABwANGY2NTUwNTRiMmQ5Y2MwNzI3NGUxY2QwYzNkMzU1OTZVVAkAA9f7pFnX+6RZdXgLAAEEIQAAAAQhAAAAKJLDKeKeJl35XHhsZzjC1csJd/gB29eVQWzKN7pixq2IZiXaiOd8TYWb272LHzqi9YD+OcsjMR3WLV0zl/0NvU4f9L/Ch5MoX55Q4Ji/ijBiCT2UwbO8vzbQdj8Oq+DxIRCHU3j7lFLqMPix6Gq5Ay0SNh5xtMI5sVhOuZttKGr+aWW7BjHp4wTmVwGQCUBriXDz51A0MI1ummV5mg734ZgFthJ6nMSXg9cdYexOY66qt+dGP0MYjur37fYpwd0BrUAzUu2SPD2KY7cIlj3NGhAB846K9ioFcH4aAXa+86xRpnX1Kp9xRb2yzC9Wd+zyRgKwR3o+b2H9ElLAh5+OVmrE3/nwMWXqPhzhmJ6nMfffMXsk698me7M3Sg9BgkAIS5PnX7FPfxIP6Q0IyOK72X/oKcTVvQYvTfEG8IYrY/glSlfTlctDLASwIeaxG5er4QhTs0TfwOdaoCW4aZ8SbZrFKiO7IXPCfXCoSL2ohxY4KlZYke7qdFVtEljb5hURJupJ5xg7AHKKpdCItFh5Pi0E/gNDzUNsp1UZxdXhE1aGlMWiNKC1Kz89qbPq4GC+Nytr80/Un5TBaNkAA6WsVgfDRkQlO1QMU+YUzZl1JwKeDx5JxJ3NxMogT0w/cj25x+IEUNvvxsjOyqvmVqpxKSrwIF9fgElxfTvjspvG0sFKzyQRGxWtxlWsrRB+sZ7x7hVHEjzMshSJy8dgCAAn8mCIkHFjO5c1Xr0r6m7bx0ZBYmQZMwSbDURDiJtolKgPCH9zM4RiiuLnwxhNIaez4e846mS0pIMMTlRX9u5kTVr0C9l6DnwPtFlJdBM89rDyIkiiMKTH5ByOeGGecUdIx0MVxj7ao59AZ8/LdAl7U+qpTa7HVFzEjpKV+GNvIlvDDnSYaDe0wI07U8kkgWMenMuy7bCRK+tKuyK2uqg/wxUD/nmM4efQWOxLNx2jby3/UW+HZy8KKFLQZsV7Iz+o0S9hzwTH1WntyxpdzAzbP7R7ZUwQiJ5+3Ow17+rG2fVUQtEy27FmvONDfyxi5fmyLA9A4esFiPpLLH2HtUjHQeNBhlsQpbbQoQ5RhNL916lPz06A9Nt2UMfo2BzS1mY5kFvuoBsurK9vD4enwSPTzpPSNGE+8qeDhAzfXSphcIDwLrGU5Nca55B4bPz55pjNDQJ96pYCMSAPHI4wl/GJ7SwijZYz2CnXhq+h7hVytY9Vb+CTU5JzX6fboDX1fKJqcv+Ek9ovqMsGgZUCEQ1Uod18rwl9Ki4fxE6Hhq+iy0/ImIIok0lUAu6h9gnpj1kBIFGn2YxBb61FQXLo4HvBRPqHltlNv4X8A2rlfQZqlFWeIzizXjd2UBhujptb0PUHWelfufv3RqzOvVTsIIaHGDiNGbgZejO+umrGnQ1etx9I+5QJ35wRWkBZdlx8xutlzu/JK4ERgBJqm7pINXNlmSoEXF8fviLC85rJtfb4W2zrlwz5D6ksRSo6u3CTMoMu+ZX3M/8icrNThYhZ9aF8bVOkoJVS03OIicgy7QO0TiCi0zQ+1v7QP5oHVeiQ37Gnwb5I8kru2JwYVWJTboewTzN//7W2bvpIVTcLcHQUdwG2hg5SKCw2Q4WLLU5LW20y4uflSSl5EfA6K4cLXWDlK7llMnnodkYdoWv03wO6XUOqyEm3dCeD4bNkZXdbtYhOBLPYnxucOmFYQfB2bOcAS7Qu7jMESPuOOf/kxEAmhx7apKuFULdVX8/sleai+r6eJrA0MzHHjPApzyB4dMa1J5lfFYSfVX7uCULRYNtY5XxzLzE+ihU844BLldhbLQ4ldcNBrw+Ql0NfH/nv+pWCoDfrB/kHsq+W0xcrlI6/a9lWRMRZqmkkXhjI/ejSkmNuMX3VAmE6E438ay9Wsu67YbPRiYWhALJ32EL7jE9FRfQW+KqZFks1LOfgf9xjFC5QKAMT6DiyM3LN4dmYLtncOAdXU5adYLjlUWf1bbFr285Gy2v2jgwHGdxUHpTOFW4JOoA9GFBHI/6gmRuGRxFBm6CJr+fSYylKuEZg6hl/M7CN5Nxqlm8MG5G0vEjFWotRV+koLEecNZhMhiCB41QVpKejbAO1SqImYLOiNxbd/8WJIVrLdDczL5OEYNemA9jRutjZIyeBvqRmeQ1/E0wM3g/4T8g6tVKj8tlONMXV+/CJh/aDV2ntURp3lCjOTsBwDp2fxled1vLkPqqtzgdOF4ZXKaF3fvs5r91vm7n2O3t+G4xb64Z4WXjIwHp+FtP/E1NsZQ5EF6kGRtna6y05svbN5QNOn6XNE+wyCGrVYD/CMHbWBEL5zgyGXETUvU99jJtDISDrqMrIzdnI3k0FZkwpWdl/2AHVn1/jFh/yFeAv0vGqYNjKOZiKG/7hnSGRH5sBTBuhqsruyjRAhyxkXXBUxoplcYkx6D5RSnOOlK7CDJLuZiKNC8Rd1Q+/nUt6hAcH4s8y+yrOfHM3MMueKdbzWLCR9wkQEauRUkd1Pmvhe9wFj3BUiz/HpzAUd9mtnmvihwsqK3ZqulRemfVbtJ6g6GJ/WjV7HtKJPmPKSkw68k0mZ3JprXt32sPDMG/TJbWWF9D/72gdAueyn5fPs6UxZmJd9POoDrrko1bYUkjMO20UdUjzTLdPsTqA1dK8oAsfxg1PCqMxep9KgXzO7J0g0zBFNvf6/qre0y4SR3EGlX675mmXwlV5MJXgR0ixAnM8V8EGKqf8gPZMD6NgP5RkV0YDpkkA0TlAxUo8cJvIzpcnPDUTLypavGrq+/MO8WnGRXYLQsZXscgbxvP2P+WQZ6u1mIfCFSSx1i5e1Aejc0C7hBBTmYYk6xbeCfUZ8uWZZTmmBjs26LrTudI45+S4NPvzNV8evOxRZIOolbF61YCkMZA1gte+p50E6giI1ZQZquNlf7urbuFJsHN3BU3uv65TKqo9ATLt1vS2+WLNCrHvjJVQWFaJ07DGm5s6f3OxFdc8tZ8+GHH8QEe319KdgIBhOBUPkOtciZdT25KL9WIYQ5s6jW7mPDfSpoPDFm8jLKMmT2XI2ckDgUFI0e/Y4ojIKXhFDpeTqCVE41CflHSfmgR0y4DtGtvU0xK5GXSktQa9VktayPfAaDaXhHNR4dE0wHsdbPdxyPLFlr/Ff80abSxHxLG7vq1AJyooHF885OLScAGnkcv7Jas/Xh36kIZUsX4qSp76W0K/Ntz4NsXC4oDgaP2OKTnJbYnqncklqQnHP2dXeqUEKjF+2L5Xo7svXffdyYv5rAjdqZ+8Bublq4/QOdLwuKfX6hc8SREmKql81lgLygy015xnQTjSYJQE8LqQ6B1vs0GjkiwExNWugXcoCAF7+fOEw2/SrkehO1iJA5Qvr30ejA3KM6iGmWsNitA5uYmVVFM+hlz3imasuP68ncXH5fDlMSM75/ALzYtiUuXoNZkd+V6qgm7GC1Ai+js+FrNHvI5XjHrCgmqMeKwn1uEkId/07d7hAqw3p4o8mpUITLOGHSeft+nyb/EYcmHOlqm5fAzxA2XvIeCuOsmw807tt232PWHcMg4HsA3wZrwb6ANPug+bFVipGK0l8N47kvp8wXqVavS+RtyG/LirFxrzvt/21lBMuIFKgt8UuywAIGNsrzJ0Tn4qxKpTocfaJkYGLHk7K2FrthY855ulW+lz+7hkwDKIeC/owijJuEyYEw9rBO14HZ5hoEhVXa7jBBlcR1PUrvzSOXZsV8+9WimnL77o2S86Xbuv4yh9YHmQqBZtSqba679odlsnRHF7gVD43Y6LOG+8CCN6xIX9Cb3GqIo2COUbAqtRKsfoXkaXjVio9E8tO0NjOKq+MXus+VnNjk04Vpltv8LCLWmzTBs4hktYQOMgSmjEXeKzqMbvs5ci7HchDZPbVLW2q3q0KyRZGpaXqVHvh5NxIjMI8VvIJP
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-2698-4099-9599-42aa950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = '213977108.zip' AND file:hashes.SHA1 = '8ffdef84e27bd74fde6b49152c93dfe0140e2e74']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-b804-4125-9a0a-4451950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = '213977108.zip' AND file:hashes.SHA256 = '2d5741a9fc8553be7facef9c904910bc5172502d29489048a74a3c0fb9691acc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-3464-4f8b-9d74-489b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBAoACQAAAMArHUubZtnDsQ0AAKUNAAAgABwAYWJjMDdiYTI0MGRjZTNmN2JhN2NlZDc0ZTYzZmRmMjZVVAkAA9f7pFnX+6RZdXgLAAEEIQAAAAQhAAAAiBWf9K7usH3QPQp6hLp2irlsFaBNnvRgVb6ZVz9fxCkWJEescKnIUm9s5rJnC3LCnffdXwgdomDNZ4jX1x1msETD+CVN7mlhDrDymjATJDJo7zfLimP5reKqxHQryHaW6geUDhUXHVARW61yoYkhD1sWpsm5Qn7jDGhPc+T/kvEQfDLBcwXAqUmaaGTAhmTc+6WQf3hTgrOzg1TBforb8zrW1QDO++cxwyCtKuvvZfqm8+d0FZJuLm1ZTlQVxzXGfa0b04PGI3DFHlXD295oxxDxl+0q+O8OHpsOJMwhJLDb5TTc61dwmKztR3Wis/u4c8M1kHsaSdv+lNTog1jv7NdHi2WrLJcNUrdsARuDOEMC6GHXRpqQ5u+eVzfDiJ7MIdwb5BBhl2RZFS4Q4b5f4hH5VwWWE6FCCd1o7rZ91KXGVzACv5tJKqC5CVe3sAYp/D7Y+HxWYW8LYtpOonnEuCvutsxXpCpCkFYhUjXmzJ8luSPwwAoj/FEoF+oKRPnuKd9eqFeAux6GCWLRdJpvEpyPjcJwLtq+Qk/JVqLhgSBLeHy2djfuAqCx1kwBtDBKHYQQHy+aj+yEjG2Sljl1bf/uDodJE1emhCNm5FVb8g43uTN+6+6Zdylv29mwlB99EqkzbtWrs3uyqkIAuXNVsQBpuG/A60IVlBkbZV1uXbFiS58BOR0v1V7RWveIZJm3AWbj8A0nMR/DZx4qHBPxcS1MURUd7rMNKbLUdj6gq5pSNWVrMtUbhaNvq7B89KK8n3rjDTs9FL/9SR3pDn4KmlPXrIg7Trx/WvFA8LA8ezAWp9/dyqIzjmNdJLtHEw4RQZyKjY0+/kXEa8vmC5ea9V57s2vunFnW+Z0ONOGF1WSZcv4ucZEsq9FGb47s3f0fphWi81kYF8148eYkjfj0WSnfM2uTU0LXk/VPD7daO10m1HlXAlpmMKdBtt36o4zTYKQvpmgUsAGOFyDfx7LsL3cQY0NTfc79zkZpFSfvTkp8i9leEHQGDKlAhPCxzoZY9FMxqG9RvfJlNQID41RkJKlH923sUKbPlPJo+YVPWo8Fdi+RbtujckgQUdYOYwo0bLHZ/CM4anj16MpYux++88OJydeIIroJuo4AsjzUdy34E45NDNJb2ovJxm3ad3Gy/kIhWlBJAopxOf7t9kgDnAusRZJZRhiFZAw49J7Sm/+pD15bvNePMtzfpJjZuW4JPR0hY+Ll7URurIGm1/x0r9UDyuFDgQqu1UNK7hSHCJMHq+tJbwAU1DAZPfvXHD3CLs2H+h9sDDVP9P92VAqbJMGtu2nC0aZJhcfY5jptzyQMyStjIKSH1LJDnBH/7gXkn5b5X7Dyl4guj4WxUN9qFAGRLnGKF5DSvimTco58eZBYfGIUzd+RpDDvK2A7+mT2YSclHiXTDQNjVitKzxIq9QqrY8lWzvbdn4Ryt81l74SkjpxnWiqvxyfZnqLmh8TMkTSkWOKEuZvyFBH86HdcROktlSIqomwjrI1pss/g8Hz3MAholpilJK4KFRzNAlwi9VrlZopCaymv3Ycwg2MIPOWWXUv5n2/ECUmX8ZyWj9Byz0UaVVuxvfAzhe8OtZV2IYOUfneO6ZQWsh6lbhWb3nSmcelrBOAxDDZ8IHQZXYloamuomsF5/W2ka2sf8WhIi+WDX9/hDWI4nHXqyOgZlpGbuL4pae7HclqoG81huEco851TFgHw4IAciZNuLFQA25if2o9RfLl8/IbFjeJVtx5GFlDgDtBOtq5PgoXA6AZ6DG5OmEkdchSnp31tMN4kKi5XE/eiSUi4n6dSJ6NIPouL27fPfb+8jTLUF/WZgKuVW/J4OR1dxNs+64B4FaYsL88BKtOJFSHOdy0PO1M452ySQvS/u//eCBieGV6tn01XwEjmGFPPdYb/5pPu4ABJQUNDauXVNaDwgFCk5WO5VkubjgZL2AO48lJZQxodQmWfCA0QSYoJlYJDhyVCn7jmqJqn5vyAjaD7tI+znerIJ5UytVRZixQis6NDbvxz3rJOmBZJof+vWI42UZFpTdrExSHLUM3/vUoCz0v2jIqdfE5P1otZEw8hLpL5tE+ktWwmN02eLpm+7SoaIOpBinMoBvqNScJ16M1udJa3W6H2wQa3SX9w/EkHElycquJpL1jyp3u2HcKOhkZmboTcq38g73MgGX8jl77BMwObylPx0LfnpXsqMHahdKPvpe5uGKI/njobrZdF2HgLar/l7cbpUNmM57folmoBWh+/xqv18Ao14gjfkAnpXvQ5b9LMMBDzzTaWIEjKZb9Z0OjhZ4cMJDarwIejQtPpNIeKjZOS0RYuV+T/KRxB0ZBdVpS9X/WT8GeBT77UfieAGlg6L4DBHQL87laIZLM3MGPt/3ehyCxCpgcgtnvto24TG954gQUtDbOoSgXZXgUply9XtHOamEUGngjNE5Uc1oAPXXIESHaCqo221lbKzsuGv9qGb5VN9ew3Fl9Q5WHfOdOSq+V0PZc5dZWam5g2OWD3L2Z3fyFL2qqb4Bro7KOdyYBf7iDMhNqqbU36tF/E/5jWCoFrFymETa+NO6hJsVJAcMTpIR0SMNpKLcHjmOAi+mx0XPAHqAmPtqYecQu/6qRnhwJ2bbfM1StDTE00zvizU0UvUylskkessMvO+4v5lDbBRgxSJ4gcjFb/w8lMlRNLfvFusGKINlx7KN263/S2b2gNW9+aXzX7QepO5glE72xI1TwwhM6o0fUeicPHOdNrHSUlnk5UHeMMsQkixs9d7EyLBr17Bysth1H0QbNuWgDzwgyoPebxnDWcFEuWo/+SM5dwGBEp/kELl7RKig4vrXsoe3wbMhMTIBTqBsWZo9RfhBd2WF67vHzmMyvBQlma1f3JNtMExb9TQfrrVCGH9xuhRZ/AlEnU312dE9vovi5H92qIB3jo+diz9xEl2aJ7zwr6VppWed4ePD0R4Y+mPlNtF+90L3fKgLuo9fG5FVN+W0BafsBwfgMssTS7IetsTgtf8pGp3aRD7olOpluPqOPvkdgH9IJLqZLMKI1jKy8FCQ3TMYNlatZmhre+4CJtIg0D6THnpY3THhBfGtK98QgRO5pljh5aB+dGipfwfy6thYfNdMSyRNR/g+12127sYfLaK9ppKX3cxyqAUSAJdtYbTeVOgynLfBtlG3FFG/XNYqf10kNHz05WvDQUfzpdgiBWlUH62aUGp33nI0N+t4a5VrkvKSMlMLWJwtUjdUJHgIck0S39c4sjYtX/FA1DPeyILWnyBqAt1yyhtcbgiYAw42AOu1sJ4FtqszqCQ4iZwEjIK8cZUnl8vRIoyn86+w/NUO+qlAJP+AvltWoiIfi21T8rfIYaSY186CcqSmDcb9QSHH7yx+jRMoPyIZay+kQab66ccJuwTxk+YSOAIngVHDm43WTWabhbuziBK6jgy7TxrDK6DYliKne5F/J9HrdZbYsB6T262joQvoo04NvtAKQYV3uSIhOChFmy/M1MwQ/zFQ93lImQBHao+Cef1dwOjK0N7DZRLzorIAxFggSFPQL4ToJoU66iw+hkK+GrO7jpXur3tGnJV9vSWudoflGu7N1JOsoqf+FLwjCYjo5Nt0dtt+hsNtnbnVfdTgdiiwqG09/LvuBjhWlUsojM1ybzmlbGrzSyTLIwp1sXQxec68DPK8yEJVXjHLiEHx0gvcTtTNOWZuWlhcLBHSrBryFRHJgkguk3Sp0YBP8G54M4qpVjSzA4/GL+FTKNij5ojEGRsKS8DVl22Cseaj8BxtHe5btLZ5O9DYcMxgCwstI3bqhDdz6sZHl64biHrzYitaDKf76/W+RlbYa0+zkyMHNmLInBW70YcKj0Zm6JIEwPEswMQzSjxvIU+IHIKANB00VEEWnfHvSFqux0m35KiuPQpWI2uZ2MEqJ9zR
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-1f00-4bae-bd96-4964950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = '245406674.zip' AND file:hashes.SHA1 = 'b6a73b9bc80f89c209b5ed348849dc68082fba5a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-fed0-4cc0-9864-443f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = '245406674.zip' AND file:hashes.SHA256 = 'b2c29ec37ae4378fe375a0d3ff7a1b5513a61232d447e5c4add0def33397a9eb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-0e38-4988-9f44-4e69950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBAoACQAAAMArHUvrQNc8rg0AAKINAAAgABwAYTQzOTMxNDhhNzFlM2JiNDYzNmU1MWVkYjMzZGM4NzRVVAkAA9f7pFnX+6RZdXgLAAEEIQAAAAQhAAAATDKwFlnYMEIVgj+v4+oUsIlgJZJ/Taxed3oQrpIEJTnKSAlZlXffMZWuayVmwwFt4yMcxH3sic7qQX+fgV3kdyqmrVxU+pJUbKh/ZVX/MAlT3PG3Wx7AUIGM0xC3RU3xjTFACsb+6UFFFd5Z4/M5SlHSZhfg59GEatUi6fgaoiLVzlXNVRDTWWQt3jn6sH0zOG5iu6Fyer5HLZEFxmdFAA+r27SBUyMbt2xp7OBrh23OHumdHj5ALbuB79s1EHzMo3yAYpcl/Q/cMvr6OUOOLz72sIPTkstGhTuwMPJJwfKQnzLsVUksaJVf0z8iJMdax5tiFpDdrdJJJEX/WGHwy/GLyFF5FXuzV0r6Wi2rwu7sUv9N3XTZBwztxf23gpCSfAyjw1T8VVWEwAcEpwAZVj1ODBAu0a9yikgPURqaarVxEv/W/eJCjbwmN/A18qTGxUdtQ5aMRsJBtq8ezXkw2KOY7UEzPI1WfrqJ+eN6SGHTysJNB/XFCzO6eo1VFLUDCkHwg3C7XlDba6Eq7csk6K5QwpFVXjh24u0xYGMX84F3O0G2vQ3WFEtxaCe3qR3i4tKxKC6XZ80kbgkUJGq0oWOeCiCmRbwbQlRM0DnbnFIqmWYwi0jdIBMlUlWDmEA6L6I7/8Ii0Zma1lhXRTZcxxX3wvBzEDDmWNm+OZhN3AEeLD7f/s55bvvsg+h/A3RUuVTEUgu1BHHiMNWugzcIbfQpJV0hH7MkCmHX+dCdr18v1VXJ2EIjVfxf+cubJRv/SrivcKOV/L4XvBwpv7lU7pTGUQYoJUrnm8OemUxHrvzRmKZuKAyAqNdu7r+ua/h6wY0lnrRyA+3r+bL2uuUM9uJ8xeGlXcF3zCVoYeoMoIyJ/YwuUrucpdveByNmVFfedswyfJt6d0pRckTXa9yavsCDnrObTVj1+gXcJJYIVQnHV1hGXcIhc5+cBcRkuFcexIkZKusktwD0jrxQoHE1Xxi9xpaKlvcZyVSwmml5BfnofLAQPp9RZK9Cvll3Hb19F3+SEUQ0N1W8CGMNLzeq4JoZh6xOlo/ttmzPL4MiGWG1bTXCOjmKXiAm2EOiM9fErt/uviLSNAImxt+8FQsfB8f8KP6C/Q0nzC8cLLnFfIss1T/9sxZceyEBPWue1NZ+8aIqOfTEGcybvwfba624+pzyZPWd1hBhpuIVdk1ihXEgFhmBHMPkKumr1Xh4AG1ue+HOxCpRjLpwHii87K7yV3tR6UsIaPmZo+GfE5mt6DdTltZUlttp1yvYrcDBUj/qfvxeqKQQ0Ggtlj7nmEf/LYS2TyMiypnuc9qiHRgFYsajQqPisL9b5H5hT14vDMnwcH53kqAV3e4sI+s+zwRFylhP5ZQSVL5uKCstOjD74olq/DbDVK/kcsgrl018lqhDWzKYQoA4HlwcsatAl7Q9KQBUqQd4gb6ZOsg3lW99txFd14r+mefhN6vQ2QglRgmuQP56ujsepVOpDsCINrP/H8IlZGDZcOcLR5etT0BHb7Cp3lFcgyYZCoqsUfnwOvBXcnS1cC/mlj8uZBZL71GTEDPVi66eiNT6pfumvchPUlk++Kj5zx50TquNaF16DCZfuxH843sulJFTfiJpU/E5Id37xbABFRaCHKBmYv7qvVXcgdhm076wrADtDiJ6PSL5ASanMmZSRcszW2ol9/rLfCZm++Oypevfg72GP2KYULhq/zo4HpArJlqsJmqez4bKXu/M5mDqHv18MjMTe/DbsCi4XBpfD/e6v/XhEsn1jQds8yGwEOcv+WcCUQD2XyKgQ7LUK6qFo4sgp7JL90xMV2AGXttGJ2fTQc9iIUdHpJTXay75LmrnjT48wTsGS0SboWQNIk76gvXSV7bQUsxYFk9Ew5rwmGyEQTdioXmPMvXcRUe5tiJiDWa4ay55vnIO3QVf1xzeEynUmeuVAdsXJFVswT6+CUF/xHX525sWbd4f+uGU3PsT5QNo1yu8jXlP7O8PxNOTKhs3MCiC6BGiuJ5ZxVDai+Nn6PUFx2T86aZ9AWBY0UisMu+fJ8O81te9iOo+GOIO8qBMvQO0U8SF62CqFC98D0GN5ARRSndS5+tiJjFVPYpVW8T+vxoWG165QrOwGtT2WyiHvHcF5ltxaQnoK3F9sMDcRLPBZUO1xZUnO3ZJF8ul5Vle+XM5O398JlQwuQhtxYNnW5VLsz8ABlWNG92VMlj1KGOC2VVATnTGf4kQvbsm20YjGmBPgXN7UhrtK8LqtRXdy5Q8K71JX5kR0PKNE7pshWNvUQwgfdZC/SsfQ1/vY6Vu3R+bN4tsfgbGQhta4ypPaX20usZRLtye4+y8tvyfVaWWUXoMB4DFCAOxPJP7FOpJWgnXxUksYGDK6ZJSLRd/P7WTFuQj+o/8Gyc+tZzzXuNtW2XCONy2OP4xMGC/bbLYG+Fr7YMD2HsvqWj2r0iu0CT8IwTRg+1yGQfNKoLFb2LTM8UqZnh4fZFn5Ur+1zZIZc/Ybk9NdJInb68Q9kommHOdoOiD9beeLy7B3z6mmI2NX8k32sTC8fLtqvtylkfiYa5E0+PsECULnXKreEjOJwbO676Lyo6MdXj0y89vLVVQ1HktkObbmXv7Ex16DuoU9UAAPmhxfM9i+22dKYZ1KOmv4dAoSpVzfda7ga1TVZTlvNrT2CSRCFeri+YOCXRgVH0ktTxiPIrwQv6dfO8Cf/n40PfF/Oo4/18wkjAKJSjB9/1Hs5mWMuqrJwaXk7mzsRJEFqNZjg4ndHeXCwy8aGHHxn4UtGaJTSK7BLD9cs8+ILYbKL7sqEhL6kp+wPG/llwvuDtOyVAnnrCAbbeQ731QiaAMzlqB9MA5CCb7i0/MKLonN7Ov/QzdmrSt6nrsbSmOgp5axM8+Lk9tCP//1dHWhwja00/rMSF735lxob0I4LRABV9z/VJZisPBq3w2pCjrL3DdSGGgup+2wWOvcNsu/mhdI7hXIDB1bj/ZuNTOzTAjXeyj7X6DA1XghsNyaSB+Fm1Z0Go7kuozYHyh0ck2vlTFX8VDt67bmR6PfO/OKN2OC+bM4oRH0fYQWosZzUtl975yRS2jik5hBoUcbXWkRKfPfyGJJcn3oJRHAhS6vWE/rf+N+cHTpKDSZeTPIqh+pSi9YS0/3b+BGd0b5I6zuwv75JwEsw0YVfpYwF7oa3PNTh+yv5sIMIQIFNTSCs1SORqCW4JBQn5kkrHofI8DfGKKWtvCOciJeVq2ey8mhaPpZHhQxb1rgQ4tOAtmxUf5UwVvEbe+XdbJ6nlg8OgEtsTaIFYiBvLv/eOmI/MooB3dOQXfnfoouCip4UhhtyYoMhhoA7IyY0FZhwBb8xg7EzXG/DuWsTIL08Ii6McqWK79nJ/RLFfG6xTsy1Z6IaDQtfjcBwqL1seKe13Lf5m7v/9bhK8VR0c/pnGlxf+/eRYhhur2CxkHNeXiZWwWz25bljpQVvvtQ64d0JEFON3Vp7xubHqqkVAigMtQMZFsh2LLiV3fjp0ssDxkZvi3q3tQ2VYlInoSVDDW7IrlL/UQEWjTfJk83a/8siyp2M7LLiB1LndGeu5Qrf/JRqvT96gMq/r04sUlo5Q4gwoT+OBrSSJMWjZxKXg1dyrYY6L89InwDL9Jfql4P0tCvHuqk6lu90MaPfSrnXqzuEX5TdKAWXZT1NKCkQs7p8LNy9jFkBrQ2yibNg7rPjEyxdIHkBV3jF32lDqPkCsOm3QkaGEs91uNyFZU7vgCSLDhEpmwfLTjfZ5ZKz0IA8ZyZY2LJEkZOel3nYfecBCvrm0qOlNQgFbKnQqn+9sTlfCq1HTVqvgJIV04v8pIveSm5c7xEnsIbZseRHv+Tewxp8t77KZlQTMY6aeYvGWWTa18C3J9ZOxZENW/7xLxEZWVkm0uPtRhZKVB9AT4KinhLSqwoU
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-1370-4c48-86d3-4eb1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = '711895595.zip' AND file:hashes.SHA1 = 'b59c0212b0ea5773d5adcf7420356236781ddf8b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-0f48-425a-8abc-43d0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = '711895595.zip' AND file:hashes.SHA256 = '624150174f412dbe0315916c1176fd4af300820931cd1d606ad8d2eaff20ed39']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-81b8-4aa0-8587-4d76950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMArHUvRXxOZ2wsAABsmAAAgABwANTI1YzcxYzAzN2NlNmMyNjdjZDBjMTMxMjU4NDU2MjJVVAkAA9f7pFnX+6RZdXgLAAEEIQAAAAQhAAAAtz3xV8+wqIhGBV3bwhk0DLdSkx4O8ckmYzjjln69iw+NkPFrLZ/8wDh1XlaTKBqxQulIZP4l/H2ZXWyLUDXhH4/sM8sDYkEgj/t929GqOPFTnJHU1u42tbi5INgLpBM6yMWWPW1SYaBDkW37u90s0MOWJ5mMwDgi1I57I2tWWehLdZJghfK7RqRg3XIe4L0Tk0h8KYxLsQGi8JKtNOl/C0/Ark3SSPGErLldB3bDGZY/Vz5ACH4PuVzZL5q6YmlgUcNtRMLaVDQh3ob83FeG4XOAd53lcWGUVcoMLiJr5pYZoQ9x9w0FnVyONFyxrE3Puiqw0iippk2jREXf9TU9JaTI+qxddCPeHL/CFSbKKPMCd1e1rTlGGKDveYqE6fMzH9C5Cv2OLKJWcui6selDVrVKDHZdJIDyLvXkzD+VzvbW07b1SUchqh0r6bkneLPx9kVojKyZG/jaWupCMB+Z2zSUqjZ2BBJiv+gIXwUn3Aae5H0kHr6fBDIyRoJEILlefXpHaYT1Qy8wfaRe4mKkcEPJF29vCQ42GB8WSAXwT/GpL8tK88qTCRaF+6wzBdp2a1eZ+rkUCG/0nixL3o20lwh9aFHkdMUYKdiBf6LVnSknkSbI08fo+11h6vhgeNJFZCBA48PMyyB5WKUdGadF27UDgSkxNo4AdLeRCOhhletF+84AmXMXokPrsInbrV8u+6GGRYRw9hVx4lGJmw3MlZpkzXrzj1kiwTdAmiW56sHkq8hF/1M17Zuz6HUZMh6yR2O0DAUFyEVfZQOTAux4EJ/vyanIQtoPO6bqpvaExsMHEjFvCNpmn4ynywPCNAUlFMKaiNp7YrlZx3xqbKQyy+NpGa5K1LqjmWo4S7ZdJvKLsTjfEqxjPBJumCku42FSzanKMFAPlPeAd2reptrsfgty8N7wsKRdQAYb/5o5HcjTeG/nVvmKMvBeQpFBiBzKNZ0ipg7Gqtb6J8Y6OTBAxfvgFjwxV5JUlw2DPkMwomRh1zKMIR2W0iTxhTGGxzjHLRvfNqFG1O0CjSmPFbqGnL96skN9JQhm4ow70h+/WU1D3M1E/s7idtz8U57/8VoSP47LIlA/dA0dCJYV5WcjslDSW6c/4SK2XRd13vQLFJxAoPsLHbYuiD28EZ8x2W1xFVmED8hrmXLJBmjWHG89abq3jsxPnhpSJgsLpveu/qXX6XhLeL1vVw7X0NHi08/rOANHiqrmG8MBvVCNIHn657BUkw7bmfT4rnCN2fRLV7Ft9QoX5pZztRRBjQPIoorHKu28sdVHNF5Z6f1C6a2imXrnmilSgVgMP7Nge6Ny3u5oP6gtYi/l3H1jf8VnkxbYhIs4xGsmneY8KzyHEQqbLwj2E5Zk4LhFnPN+GAr0hG88jZe23IuDhpVZ3L6TavLyIUChbWYmSpzrUQpAw6qcbw+MTHgQJ0mMQ9PkmxHe7rZ3Kc9fdsIkXUjvJfXtxShBU1khA74xh44dwHvrzINvMkvUHc3LimPy0U7dO5WDvAUMI8uIElTcFH1noBUyMsnVONMcwsHnlUXORghnPZqFCLmICdkQIo6Adg8Qim6QNRHiwTwtoCrR2mauuyEcYcqIQk7L3J3K5yWxlfVRPpJEbH8xJJVCVYCjf6rio3AEQYZbY/zWiefoWgpElI2hmNnkFhUS6tSl02fWQOV5WYDeHBRd8bMjiOiBT1HjigbQ0he4FWCaoC8+ec0ix3cIuLdGHh+FGgQM6pctvDhr/SGk4ot3r4jxVKbFJw4PCZGAi+YoZAuKC2I/ncKyE23RwAAFURAWeb1xSGmTs4qM+SqgiRu9fSm+JAU1q1YaOMzrhBKQwyewRt4yzQcMTS/ZeN0E4G5SRXp06GrhMIyi4RdvP11KNAOD83hXxnPjTY3hqNB1AUhHPKEHhFEUz1rIOf21tb2gdFopvW4SxgiDnPMvttY9PVyCRpEJ5Z8IoYONRA0dNhV0AkTJS24XMD85rCa8+27meKOCd7Q+LQHN2dxndy0fG4kD7IP+ZzNUNYcfgD1royoALLc7SQ7gCuwBBPzl9q9jTSnWMyzAhtYPpb+PWRLlXn1wZ2aqI0GfS+uHquHYFqfOwYCqQlUrtNG0mcB4xzY+Di7rRooBrPlk86KfpZIe9Sit1e6wmI5QKuj43Z3/rFJUsk9d2y2++PrHTClVajprm1yUNwqsDecKVnJZgkCcvTYCeBgq/W04oWHDfPYOtByoiKc2DGxyVK7PWSm7Yw3R8ZFw9z2djLkGVHld2LQf+8nvf6HPvkRm+nGfU3+dOh+Xz/Bnd4cJd6ozlG4TeG6aw91lyoOfAb3GBtogX8cDfR6k4s4Jo9wvDumlozLeIIxc6yj7zCf9oVVbEUfB1mJe8i+cSR9sbcPW0pHOo0eK+NqPGVTuwllUGsPyeT7DxpTOxLndfdkegMeocqqg47UDLzb7DeCB7SIV7yn5EHYJInPFYebrQRiRB3aqBCuVtUUwK+WUxdVxnpED8xPImgqYzPWVD7rrY10OtrIyGmUb9OjywZTNji7ZTK/uEI73o4yWK07HUboXjl3ArIHWIl4lx8kDbeetA4zUh9LViNCgdsHwVFvFQPr8ueyKIvfMd3q9LKtNrnBiK6bomS6Z6gwdVuklGY9lu22GOqHJc9gGIwiPyNS325yTULpr45S7IYpHJb2y3Q3D7MOZbLhUc+3uZuYT7g1Uy07D4GJyn4pFYZtLko0hhuuLxHbB0+wBu0Y9EJ76cKtP9lFu2yyKcMYJGCkMlBFjp3JCuFXMB/zwa8dUlZOybjFPK8wFXoP/bbW3VVylNlCRA2um8K/WX9Mh24+vKOi3c/Pbo+mYICojGkrM0sXX1plUcBwg426ILHLA6h7CXhw5Sqpsv2JQCxByX8CLtfLBh0qcGqeGrNog9mLjZ6Fgtnl7jfyFI7YFWwj6cSiMYX+kLiTmT5Vz58oKDhEIz2xYZvVtWOprghCIB7Pd7q8OZ8Jt+5LfBPFNYfGcOGjjQ5rtlsToiQh6P5UCSPPafc9/Hcot5M0qrueB0/ERqBVEMPlHRJmadw4vlWV+O5ba8b8M5xOK4qyFmHWFO+/sBcymFmw3VJZHfW++1zWJiICEVJPlSXSL7blQFsLQi6pMIwQMrvvbo2bJzvLOBKdrhcYwTO4TLZ7XjeLW86Paox/V/KJ2NjeOEay2RwXl8nu4hLLD5SX0a1zypgJ0S6w9fwywicyhjtTtmYCBSDS2nHfgjV8NYgulyzZkh9Eeg6m934KursxT3cbS4VNBrWLCC0YcK9eXhoXpiUXF+wPNBFhrAB2+LfEWFuXYg67n+f5Hlwobb8qazFu/6ki6NrWq9h9YeM3D5CFNxYomTeataStblPloGDXrFcNMfs+cXBlQ6IKxoX5Z/46j3868p2FQXJ9UogMqbkAziqNcaiasfeMlhxhdovKdMqpLViq6gG4t+Gz4vV+Eg0ttFFzUlIBpUYv+rqTwJ/CrKJDyC5N7wEiEF38sX8ux3AnDEHpgaOYn/F3tvOXxmEbjB+miaFBOaaw1q1WIlOaI6F3y9moI1WKhIx3Soj0hj/NZil+i9mHzDgBDUjwpNwVe1HaGgmDEghTqnqe3jVb9r6zdBK636ARCSh2s5T7DfcxSRZIyU2vIhWF1ZivBde1xGWELarFlh4+VOPdHRRuYUeXJQOBMDE3+klQDrwKLeeYmKAABeQSkxLJiS8Rmfxh+czt7qNXcWlfJ4eg36TvJ1iiiajxuR1nSYlSt3wgCQKwBGrQOM5I5zgrarcS/dfdfYKkhUWFJr9RtQSURnJsjDlfqlv4ue5NCUgQi9+EmJsicjwehrThNyFvw6gqLL8VR+gbxqW9VkGbmkCYYZjQQqXRBjFj03GmOSyh6d2lODy031vH5LwZ5KgCE5eKFVHZVuwa/YAa77531ig
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-300c-4622-ac95-42ef950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = '213977108.vbs' AND file:hashes.SHA1 = 'eca7c1e5643b5862035d2931062df530f318d14d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-5eec-41b1-8e58-4237950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = '213977108.vbs' AND file:hashes.SHA256 = '42f167384cb4eeebec49fb0a78039a7ffb17f7100c7c3e00f5a3facf6b244d71']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-ef54-466c-8821-4819950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMArHUs8E1sG4gsAAFAmAAAgABwAM2E4NzE0YWYyZDI1YTQwNmQ0ZjBiOTJiYTJlNmIwYTBVVAkAA9f7pFnX+6RZdXgLAAEEIQAAAAQhAAAAqIwB3pvG2QDkzqMYqnGlWiPRc4mUXwNgv7fPauexwJXMOIeQkra84D4QlD7p0gN9QV1LpwUlCxR3ibHmjrBy7lgpcFKjDL/97kCMHKhw0zvICZfznnbCi8vzUCCwUHHEMOECFI4+KoFnVPi+TyH9AxyEnuGfDZkWZXikDQjxLf7dK60RfNCwGnN7dAwDvtFch2f0y8dFUr7PmkXZg4k98c7NnlkxGgGUEZVYdRO0vRUGLtewKdbly/Lf/9u2EDzv4ALOgfWIsShzlNYGSQdg14RysgGWOQ6gicZvaiMJQbpZm/XwRgp8A6u8ZQLr3lwZjsB2pxctLqRzD2wM9r1ZmK7g4P5UUlJigHpRcOzysOBEcbm41ITYoZ5cYi7VWG/53PJgS27JT+pKmKl2QAfWwocnELkHkvUb7Q43BzUVvFgcIgkUBSqOBML4K5uKUyyRBrrK4DLaQ+BDNuIL39ToLm458dhiuMYS8T/OztoV7inJS9tESag7Dn5ffPR0vhOGrBygZ533aQB+x4fLXEKIHO6IMi1kYCrkanDQ35zlRaGBWyUfn/WNkXsMQxxuLKbaU5ppXGAnAi7+GtddJeggOogFVpdS3D6meQ7/dSKxptvnhHgAR+Z/JjYa0cbjoA6WSmtNtoNQsiHcnYrPyoKclhmxZTIBPVwIviJQcdCVJgVS7juzfNIQWWBzbZHeE4sbD5LBQn1Y8s3Lpp7BNTWiHMfOuwfuAAM6Vi0JUnmy/bB/TqGLria422tjXfBkjt+ZEsFk3y0taG1VBVg2ULqsGHmSInV59f63Gv7WXhquvRBqAKRt2EUGRTuvQ0QuLuAfNfAoxqOgKXsvs275U5PPuJSHwoRmcTisSSgTdduXhOXckCBx8SEZyE4qzNdyyviGwZqx0xS1nEzUzExXCG/fL1OTUVh5DIFzj6+efciSFwwOYNH3Sy4UO+8/nPe2buz8xUz94OpsR2mCXhkS1KH8kGk6613FogLQOzdVorvw/taZNFmSXWgjXlvV/4MG3UDnw6lGozOTGqLAzObLq1oloQaeMBdTl7G+y6iFrW4haq1O9p8J4k0UDhvka7y0Yx6rubiPLwwKdugz9D3HTYpzA/b00SGZr2tjxWd3m/QHkQsMuf2fYEkUy5t0M2DSpV+BXdCrfY6lXi/joUzbnlC5Zrjncgy5wLTEQpVyg/G/bkN9XeChPRBvihqnafPI39oc5fVtICVltE6S6Ti8zdNRIbFDaE/y5fONFX+GduHcuZvmBAErd6mCukXm1AvWFFhGBzp8g7ActRgg6oQMbx4gPOiHR98hfa/1++8nGGaR3RtTI9hvHqsDEuTj4qiIFHBMeR+gw1z7UrogrKNKClzQLeZ743J54i0PYl1PKNMKnbT5RHfSKLYRwgw7UJDEVm6DntJ+BfT/kCyMhb13L33jPc7eIfqEcNwiWBssT+apLFAxwyKVi9lY7AUpHy6lfpid7VOCD3YPMcSlZ7Ocq2wvoxE4k2unj2Xs65t5pZZZyANRr5N+Q4ywG3i6LMEIDXKt5k2axEshD1a3MbW9YWqUsQ3E+MxsGTIdSzryAbXZ7WNd9dLdw1bMkC6QJ0EYC0KN/omGhJRc76wWVHTGtv2EiWgilY2PINCRDIXMItoEKhMZwLkkY0FNZ6/GbfMa8d6Fow5Li/P7cF9aFZnM+jg8E9rMqpqeoFQQSxryLF3NwO/XBjpYJYlzmEZYMMeXWMDw/UiOzWwN7gCN54p8exrKDTAXwtDCvKaRi87ASCp88cb6eWKcwopSRFF9cTnHIcnRewu6AfzeZdPf14znK772mUCB9gpBFSbKKDgbnFH617uTykxtNGhs1nC1pTiK0t+aJqc0PRGmEdhx2ym97ByyYbxzPr9PPO9+TEIsAxezIbLVVhpxp7hLBQacIeig5SVtfXEz8rw2ZYTBVy6uGjuQ0JJaUJDJBAuL7RMnzsC+4lUj8L4tD0nDWe8/XLnP3lrYI1N6Ggr7kDoNnWt2ZAIlchGKUOydBfdtODEapS7ADpnYzeXNC1ul2ahanBXTNeXFIcKgCSuqNYSH/Y73xX9UtHkqayQHmCsQx5JBQ4lQSP1EtIc4OZzRZzxgebQtYw2fgWxaSd6Fd3VaMgp9aQWR50vquEy3ObQuG5QRCUmzFoVqqRWg5Ca5k2Gf6LVs4JSL646J6DhEFyFbSoAK3SVn+jlBwZ3RdU/H2mADzLMZjBG2PGLYzvDdjwWGOqD5/kNHiEah1MN6i6/daiKQGMX2xkGVOqoTvr9dqEvjyNVQlcpesaykNQxQsNABWzPq81MKuAWCksn6fOSnv6VbAhk3vMB5PilHCSM6xa8c6n6BkafBFH1SSQuj984AvSS4MBGTPNAYiMLblhjlgKDuCuFGRcgxxDArkbqGfkQbWdzrw44ft87MnD+cE3qmFVjVLKHGXGGkURBfLEdSTrLnykMjYQtBHX+6Uz7mh23PfXQxAJKCmEbFFltF1DoTzALDIhW1dj8PU78V+yEAd1TRIJ68oOgDFvs1ZNpX19YlN1p4mxyLVlBkUN8hyo5ku8KiYb+lzqBZU64WNO3YyA6+aaW6Cem1mW1ynxDly2YZAGZSTB3b+HFHEVs6UlBH1Lc9zOQ/I6ckHk08IMPtuDLIvwbnOMMcwirN8QUsChPlxobXqJzZ/xKGWARzS5zvsJqHWkxXoKWEtutXUytPF2mnKvAO5NXq/F4lvILQy9qPGhFQ72UYwJvhmFANlFEqq76v66wJPy58BupIZVbL+uIpeS00uSKW5z+qFng8VWqgP1QZL8qRrcdfOMXZDEBqMR8nyKFeJZWbmI/+KNtgXtR5LVwH+8kZR1z+G18+O0PJ2AMDVDCujl66yLnlYnRCgF7NF+1VzItTUzlO3zHLLVHAK8y7rZ3lDiMysefrXmvl7v81CHW3Tn9KgfNndrNOWFMutbt9lVXAxp0923ZJB/2wAgjsNozFwU5a3v3cimsg9uAIBF/Xremr5gRGVf/rSxvwSsJwnMRyjjkvAGzosyUOVQqMmRCRxT8vQjERhnvkB3hOUtVMQQju84sNI+2ycAcJGn1KFUflNDehmtmo2h+4hZuZbnQO9lBDUTnu13aaqxESaOoIKWKsE5QrLpEr9RoimUycEu3rvDFpK7l4H2kURZiYOGGFDMhaK9090JKYCs5Qj/2uD/Iz+xBJzK+KAda5O0OtBsPUMwNnxMk46RKvDUDwYHpqT7LwWLWayzWg/zZmiLZXKoqyDqPaw7VMNdC0wY8LLUWRsmvXhRlGb295ej1+d9ygTjhsw5t+vQEhzupSSXxkZlMUhm0z0aHnXBKC2O2gpn9HuRnz1cCOM/js/soQk2xbZ6GN9mtmjgmi3v30TWJz9qbjRDLc9pBdji5lSsiDF8gUDu0WWJ7ozVnG2CO5Jg37pzw5T0qiUzf0Hlpi9JifYv4Tczt05SCj9zs6Q6Ke8fFe5zquiX/zwNl+/rTk9IqL0vv6PpSsSotMqSisZ+rC+VC8SIXWlUWTGpCDQk5EuSVoR6c3B6+9kDA5LT5bj+yYPFbkB8f+MEpOmCD1l4H/auzf7NZzCO5DWNaaSK4E02QRDPZDTntwl9HUGML8/7VxieFJKWvhuXfosK/JLne6ekZUyEiGbQct993FVCAOmOeUAFKIPEfZJIPKWBA8MaLTiplHnEAtky+rgY7C26zOnOZV7vwSosv2p4a5ydGIG1T9N65opUh0RFyJ+w5ucNkKlC2X+ivaL+MIPX0ksqdWa52K3uDAbAPjhxab3Qb4/q26P6TCFwU52KTSpn21VhHbV0NEsvIgrw/yYq7auC4qKPGJldGEl2xP0NXcwqzbLV3JTLd+hD6K6zpqEFc8cpcUOZO/tnI5fR511MUTx4nmFONqy1ijyTosemFi2EJKch58mC+iB5Mr+P
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-7330-4282-b22c-425c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = '245406674.vbs' AND file:hashes.SHA1 = 'df574a51cea740ab914b634eec3c451e5bdde4ef']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-30bc-4e72-a4f0-4c29950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = '245406674.vbs' AND file:hashes.SHA256 = 'b7c8473499b3f7a0e2c0bebb902dec3ecfaa529df5ab2ed179709c961ae236b8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-4814-4584-945a-4345950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMArHUvgli2l3wsAAOQlAAAgABwAYzQwMmRjZTI3N2NmMmFhMjdhZDg5OWI4MWQxNzY2YzZVVAkAA9f7pFnX+6RZdXgLAAEEIQAAAAQhAAAA6XG+j33K9lGebImSStuFJm1HPcjCtiTalt7tjmdoDqoFnGB2q6yN1x8OSRzhoghUAz5pvJ/jJpqFwUvi6hJHitHF4cEpNT2yOufm3jnxZUoh0JcbN+2BNzAE1uho50YgW8yLgqIgJzCoIkqBg7RyoY0Y1IiI6EQEwq1eVq9DCrUktU1n5q9L9Nur0jNOOH4l7fZpAWmtZzwIAv8a6mxyuCRjlH3PSvvi4KINq0iacvfFV+WEcbS+Jr5ZDP7JZEfQSnd4kRP0WXW7P/ORS6mTqYDiYeigq9EIi2ydL2+fECqvuRYBBIgvuH+ayUbT0oBiV0ipK4Kpo0JvtMvEgCL3F9NKc3TAnbU/BRu8Wmz5Ud7uthcr6mvS1G4yKGMUpFQQS3zRyU/0xT7+tZBYRQPSFhBtq4FTPZg4bzh2d9prd23GRtWLOK54Zjyz+HOEKfg002W0x4FlB1/UzDxL86rd3SW2TVMsaEvUlKutKYY+NHfqwQhNR+UIwMzQbUa3nr78E2JTVe5/e+lkXzMvb5WJbteOxGoMmiuAITJv5Lqse/XqXuWJ8eYavGXp0PQoeYj5/bMgQv1xePFD0lD2PfCfGaByNkB3DCJMrfGo4/oJtBcUMsWokFPRhr03qPAclebRLmWAS7VEHBGI9a3nRb+Pb5kA71PisgtzPuF+3x945WANM3AUhENL76pNy/oOHA/D+wG+/0Sl/JXqi2kqLja2eUTIhh1upOTnRSAdC2bk0b7ihW1cgK0AUq9ic3s7ChGzdTEqL87Erk7itv1KFagNJLdsoi7ZDJ3mT9L3MKaLy6vL7LybidVKOWe1YvVMcsb/FNUL8ftlVoI6kdAGuelM41uRCg8jBXFsnZ3ukDIBOB71aqUw840OAMTH8C4PgT7tMWUKwT8bFVEar22iAsKibituAP6tCOcDxT8tpVlNqL/c91totpVhFTXTcJ20x1phYzGaGXNX8fAnbrb4jEm8AYeTrwfgKPk6C4zgJETYqTbrrLE8foD39gXZd+8qY7TZvAwGcxGLX60NEc3VN8ld+ooU0C09xkbzBEBLtwWRQh3dg2n/OHqJUAVAZz/e0dlhkaXbBBxepYFpy1Z3Do0xNJyOpUU57kRkxyUPpChkKJNWws0c0eW/Nec/ACyYU3Pm/0wYHWWNTTT3dGoU5l0/owGDcTo8Y1IXdceSq8rEUbK0IBb7REZMs1bh+4fcjrDcmfeDArsivDaIPD3Cci29qOWL+41dATcV8WQ44p7IfQGBKhtBq2sp22b5cgyGmPNcPElTagfQ0HVCw6s/Kl0SQu3DQ1DIoeUZ2VFybDbNIIMJHfCLBZAbwx/NaRI2HJN0xy9VLI3NUarq8Fq2cL1EXw8b0RY1uBqk+rLVsv/oRG/v6Kbeh8pXZp0cb++DczM+8mCA0jUdRagR5NW1LokpYs/ioLeTOSUM4rF/lxfLg6GLe62JNKIrDaLZaDqnX15wVWhaIBrksUuK/QHFTQCeqVCISMJy+V9y+bLgE1QQxxjHTF4u6x3Bqxjv3NxtLC2LCtRoVVBhsqwWhX13r0a8lS36Y3M/eyCepWIlQnZfHr0F1LSv2c/qQJKWfw9KgQRz5UeL2WKuPoK98+fz6IvQd0a8KwixEUx+Gqj9RB18lSl1UZtarEFW4BCePQqnIAiG1xEVkANZDLoTwBh17hIq7GIK0hNRWGG1vRvPpHJovGEfrNct/xIvYnzaI2HTRk5qF6W5pdik3QEETBe38I7nU6I8KDRt4EomVL4NDzK2vjSdJejKG7mok1xR78P0T8WVMitfxWPNkTTkEkTGQHd2NYvLJH7VNW+PzeBZ+8AWqUGI7EwZcH6jgbG9KhA2B+R7/tnVO1zOrtj4lq2C4QNQ0i2BDi6lkVm7rSgr6STH2CfN6obu0KB/2R+4QsdOBAXln9FuBb84Lq65fWVxSZXPFR+cWvoQ8xhGTt/0HGPf1rJzlCWz9qUxd346VVbu/Jrns2iRl2NUm3MYKlPYZL5WsLX2pS3e0brn3dxpwFFgfxwXnbGvtncubL/2wPbPCT1KA89Ew1lytl5TXQ+R9C4MYQ8O2W3ngcCnGinpiTCBW05BkHS+YWdpdJ9/pV9qqYFHEen2LSRoVv6g5P5MWA02bYeUZVY8ouufP/2xamDm/PH/Eg6oqvfPPMYxxGgkiZN41ra1/uFmYYz6nQRKwZWr2ySoAZanrNuEaTTrhztwhkcvKXiNhaXa7XbUD8iora3G5NF/5I0L/xwZNx4B6u12T11z7pl10ctiUwbf4Pm/dQDhhwInc5LPptz3XmfjaShLndN4S+niHe3EpW2xV/uiWe/fqtj/bj94TrUaM1qFQfRYTRbwn9pSWDnV90B0bqfVugSTMfPjpLiTFmdJ2Fm6F1dC8btmxJAUOIHpTm4l+rJxkh9qGZk85RbH0XtauPhvBMvBZyv8kljA+LwJt4LGqXJuLEI/ehYb6gFaoP/ZOW3dHs8bLm21Nj3Ka50cHsW4b8S7dTThxbX9ov1N0PzfMtHaAV0GE4RcRGmNY9UvKxabZ6UVU3hDITbsbG+5YJuCwJl2u5KRn3nBZw3G7NhQDcadflIbP3fzdQxa9nHGAr5pQZeFlMLoTiEaoMEn4/DRFnc1AeLt5DyCHrbjU7pfXgcd61tfoyRTuVWP44J3tKlF0nVx/zc/iOJBE5ld6/UWpCpwoZYko7ZXsi+/HgBPe7aiY0B8jBPsHeXJvERlXrP2fGLpuYIQZyu+o/nzFEsCWexdSLQKuUbf4muKZCLlzrkcVIJYB65EE+t+4XGJ7FnmO523n+DbCkj2BZ1N9DeiDM9bDvNfeerTxa3dqMjnGQBrH2Be+n9ERIW6jKdokj1+J5ESG6J0csuo46Lde9yybzsneaITUswXhbWSfhOvi4DXs7jcTLtW/GAMyXQhh2MmnUH2bHIAbqmTjRF3ygPaUCh/m7FtKl7DmLOk9ofOOI+9ugsUo3rsWtP7qZLwgIu4ugVbi6LAGMerVLnHmeSHjIH9ePNhYoiMMIg4kDMy8Yiv8N5O+gegFyBD9B77iY+h3OUVUWH6wtahf+YZNW8x0AC1n09t+AHxrkF/qU0CO+sHmzUklpYRQCewTpNFETc7TO9fsXRw5pIgR152MfeTqnid0YV4xj3occ/btWJKNigrzDCFOuraURtYhKMKRfNPwOB4w+mxN9QOih86yWe9Lu6m1w+1NE38iyDvKB1BYwlVqnQ5rFODbqUOU7jvbZLyFnzufEB+6xkDsouu8XaFuEyToMZL7IvgzzffaPIASCVa+z3Z5Xshnv+ILRAJ+GeDR+/mYnUKFOIwut0hgHv2v6m2e/0gbXSKWTqD1YPEvm5M30yGx/S1Aq7hKJWYZ/c+J6fd3HDvw/DTifGG26Ho0tuCuWfFE2DZuPVywKSoLmAOc6veaC2FUPw3xntOaehCS2C+eqY0kVWpgyM/ZB46TXHefFjrYUZh3dVjgaxchC1CXZyISQRnajSUMwpU7BkVpDFzMJ3h+XB+u2fuF1xdmXOIFedc6i5lr0DX8gdP7qvgf7/zYyF6lbfFdCx/7CM1xbe+xPlLTRtl0/etHFw7ymJ/gFZ7ECqVosJ+erWeDYupmH6Z9qN3uvDTyvBHNSRc32k0xGkOajpV1FYPPIif1qrM2TOq+b4g+T2wavCPbHhSRi52h+NeoQWcR9Qbh+7QBEDTE6nWGY7saxf8iNyFo7Z5vSYUr/MhozjQhhecQuUoHE2vkIAWptabZpUDm+dXv7Eq8DfLLEsT4hvNTqDCazYEYQyd/rC70g9e/gVJ3lXLFc/5jJACu4LdxVwPvFi9okz179rWUQzX8C4rdnrGOp58101qNqJRe5ypZxZU2blZF0DGNkju7M2FrlYor31bEyjPdfR33AEXAhg2XHwphxE1q1kV8ITKfV
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-6a64-4ade-9330-4c76950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = '711895595.vbs' AND file:hashes.SHA1 = '6b9e5de21086d45584bd1995437a3fe44d937e9c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-9d90-48fe-9f05-42b2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = '711895595.vbs' AND file:hashes.SHA256 = 'a98c2297129d449afdeb33f43a98e9331283dd2dd8447010ed6f6f4f4a14b54a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-ce68-4807-97a8-4c0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMArHUs8vrm03g0AADMOAAAgABwAM2FhNDhmYzYzZDIzMTE1MGM3OGVkOGE1ZThkYjgzYWVVVAkAA9f7pFnX+6RZdXgLAAEEIQAAAAQhAAAAq66Q2pi9dHgrJ7tK4e60c4driQdB7tUMGPLd/R8s3lyQBOiv9+AoJZ8SgAet+u07+ZO0zXwENm7mAOKzR4M47AuDR5CAofU0FsRqTIzsV5afzTwwktO5VNd7C9ZHOL1lgvfDpNOxX7Xd3KSzpxLDFvbxSIDhODNisNhkSVubu8bjvyNFahIikisB/37T3fFz2hYZ8Oe6qoEM1R9YVpM0jHzY0m1IFG+xZeRaX2YXkIfNx/7UAL2VUwEY0JnalzCQe8Ol6H6PPzUrF7xvtfbjhhNT/HKooNmNgcFnrGGpckZ3UqrIEF1DC65yNN/+aI825hTYMwqUhmTkmsWZccovS7ClNRbU+zErc8V2oVUy8vXoJLmr5ZERPJ1A4HA3SlvnJGNf6nCgEx7kBboLaX2mbt6JZLovRUwexxKWAXJXtwN725qIkGjYwOUGsrWD07gwooRpkfgak68FrAJtPYgsmtQhLwr1A9KfhQW6VICZWoHdhCSAxGnajLZPUfWHGda8lfwW2b6OEwhE/SHucGKqlWFUDj6XHzWXDWwTYqAUzE0LmJT0QnZvF+sZ47uKGArykKEg/cdcnR9BXwXUgR/u1sq1ZysLwORlx62Qs+6gB4vE4UBlU2IQARheKgUas1+xfMhNde12uGFvSbDnLsD7ConSXTypm9Jr9479nmEvLSaDylgwKG6thibUeUEXpT6kgjMsX1veTJRKLdbx+dwUZphEIx2/LX/QQjEEmmoLLA5bmYFsUvImSFxnZBi4q0BuQsO69lg9YTRlzRdiQ/wBsxu0Q7AQnP93GAyLmea0aXxA9xVEmBa3deigzu7KYJUrvCHC+Tf7c/yecjQT0B2vFw0vtwm5WgzjCvFec7dkZXiKD/W3YlWwT63nj18VZaA5jNoVvb2Z5tZu7nilhKdtOam4rC4Jfu2VpGI6oeGBeqnzQL5wuR4tD42k31kARjODKVyx5rhMiogcmlGck2gfCKyEeQC9DmlY53XSE9XzBSKFwLXvN6CvTnHC1JC1GgOjmnutRqbDVTsuwvS2mXuGaSWgAmiJKd/YMh++ywUAsAN/ZdT1SdVooJJoz/Wc4W57CHISayIzipfxYalT6G5kleZAc5UB+v8rJawSpVn9hqPOMz/9kLW1H/ldYgbwsju7/3jpDui98tRXQRHYIcJ1b3awtHLMwMZTe9Do5Ipv1Ffq6xLZnVnFBe2CJPjRPzh7DkgidcVGYMPiTwe66mWuW+iejjlooKajMGYzZalTtwPFxAe/I0xF5PtA0Z+TzEWllV36y6Q7wI+uaUDsrRmzryewsKxWxaF0ECt9Oz2OvK83MGLFt5S+wA/1NIEJ1GZri6T93E3c6r4pXhJnIG4LF7tH5O3UwW918QJqoWn4uLZDLr5SsHd+VgzPescFJ4FZMfKwADPYzhoC414ClQIQHtn7BxvXG+6FRQ6Aal4W1OBjg2P47+UTQGSejxngCjHYlDpWTMvy7mnSN6dLEacaGLJ74JsuHr7IK/AzTLG3g2fBW7kGODyLYVRWhBekjxa235W0VLKPEoDDdtxgdmHNOzhQJVy6pAa0n9SqgaXemQl/D73e8UiHalpzyNtrN4TVjnk0VfG0UgR5FRJ9h6RUmKmMgq9RmTecSWhI4uACe/xlxU+PfhJXzRfZF029C06GOBRi/cfCkuuyrV3WczPibBxzN4d9UadBi2Ep1iwimck2c5iheFxxrjb21Wwv3mmZvORe54+sFz29JXRGjnt6KAM6n2MpBcNOxcgXvtnkbpyaKqtFt6wv4sWJtwYDkZ3ya9HHMDxWP/T/gold+LufIrv64tmw00a0vZOJK5adR/Xk8CKFmFZy/toxh8s9TgB4PNwoXOZ0mXuYPfarmE/AyJYMAdeybk7ocm7CiMqRzEiCs7G5CxXclW78hxJvYNP0e8a2yeLFcRVEFHKHew3ZtNn6F+lfiO17cw0GvsogaGWg5f7iN95hPLN9B2W4mnoW4qbcnAnI20jMItht4p42S58qcCJ0zgS2vjQPdOOcqFGRJlGaNQL0tQ8HW1lHj2+7UEMgObbWyISZNZX1lKP9sNCWQdBl5JnhH3bt/o6ceNoXnkZUcR3wWjarsy88GZChPezGLIpHjvLJJekoCFjys8qGNQW5/LP1EbKzK0lzpf4eAFo8c/VXPF72wE1IwN8bf7x5RTtSkkOV+tFhT1ChOe2MpTgEBtqU7/cAQRsSXKWzfPfBtwUnBzvSwNWrDqRiaRy6XeSsivzhu9L/MPrLmmP7/3wbepj3oHrQDJvggcUzj+6w/2aEpvVHfLfQkzfmYS9BNTNQ61Pc0B9jkHLf2wMtKEH7MB0jexDxAF+9IK3lGxJSJA++HR1T5/WiXIfxQ4TUlwZEYf/5L7j4kpKFnlCdd43YRORMfJSfgdPNzjgzbCD4WDFP8Yi4ZSa+KGeCgt7ATe/aTdW/OjKrbguUZ9ouO1jfQ7zGPQsnKozgpYd446ynRPlh7FkdLts6/ZXTm5vjWmHt/aHEgTsil7mfYhp7p66geAsNdf2n31HixHXNJYlN9xzIH4rbewfp0k4GAm00aLBvWg1KVczFkgbkeAEhtanohUjtTbf5o4O6/HcamoBy/9yu0AQIXvnqWlJN3LwsgyhSTQEhM5FVgxAeNngGzVnR4w0kNAr5eDrtLDjVBIvuSl+DUXqCP5dudF1/wCVYhdiEGA3B66A/4qyiBs5OLNiuzidAGLU/5l0vAA2wqHDWeVlEUmQQgi/OHmb2cjZlAK3MvDlE/0pjCnFVF/bM+PPETEvaqXjyF4MOdTReQTS1EidYnpyq2Ck/RINFdo/FPVrwrytuUHMuxsnBYCedCyvabJcPo4A2PUHEpcufQOPZP1tW++NMfwhqVQE0W8x4j2ytIJxeBziHjUH8/9nEyoKaCBv26HMY1LGRMqyD7dQj8aqK2tjZ0CLFxeZEEOHyXtAq0EbAcPPDjpi498UBnYL4lC0UN/vAbyzIfnXOWfKWZozXoHToQP+XjMnCyxAHYyYPFWwnsbLlLofmnJEz2VbgB86fuTL7KfoVp0F3v6gPnJJ7u9+axBxpeg/AXTw0wgx3yYBKREIkT+XWKeJjNl7LnGwes/srwA8T+JpcUG5JvEIhi8nmZLx+ntFoCkXNtXENYaMtw55BVH7m+V2ZcplxGl193H0JG11BwsT9vkLVdB02GSt7O414iVyOg430+KMc379cnvdkXrk9DIGTUAp2MBsZYK6qQAuqQGpOUWeijwdvRY2dH2nXwDKi2s+yQxQb5EMScUuqTrYRGRpZryYOlKCgblpQKlWiNEULMmKN4tAi4DsxqbVm5LS5Kn/3lPur//DDn3vmkxc9mIcXAyqMOCjCxJLNd9MZVfDnFytFuBEWZD2VdCfRnW1T5KsN+k3oN5de1E03NXP3IQJVCm0kJHp+yXFjgizkhlTJd0qt7GIJwaDcgKCNV/CprUnh/pYyA3/9JuWHzi7/ac1gvYv+gi5O64G6Z9m075AKgvKx77SaAmS5kFeWDQHtDU4YO72W4I7DKCallO9o7YZzwTqtQ5wSDOG/GfTUo5UxnG6whLKT7VR7n28h96bUcTKioJkY3cGa89ohRv8XxBMhpAyD60HT2cvuqHbX/S/OJXOHO6KY7ZzWfs4W7bDfu6i9B2zcGb5S8Yfs8EoRkI+ei8v3HHNqIo3kxs4kDUlKWJNzan3O4vlqD8ipNA7i7V+Qs06O1fkAW7Bnm39On+nZ7gl/ZFVr4GnLr3lxfaUBMRONlqogVics5+ZnOrT9wWNoNybfsgxnezXMe/m6Abym91Bv6uSDgyEcRWcnFA4a3DmSocbxblaWwDqq9OPhFBgq3BrcBqoS0896OWe4psqXtGJ3KoHdOFkdN7E0wPLwAqOB4S91qHs3RX1t0Lswj9HY5mEPr1JOAS
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-534c-40f4-b7ae-4080950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = 'IMG_1255.zip' AND file:hashes.SHA1 = '57e22e93f10340f1b0357a6f5c2cecccfd9d981c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-e77c-46c5-b2d0-4b1a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = 'IMG_1255.zip' AND file:hashes.SHA256 = '404894035f4d995261dc77fd7073c8c195173b13151bbec9c35125313e549d6a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-c990-433e-88cc-4e23950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMArHUu4Zc7CMw4AACoOAAAgABwAMzNjNDJkNTJiMDkxYzQ4NTgxYzJjZWMyOTMwNDEzNmFVVAkAA9f7pFnX+6RZdXgLAAEEIQAAAAQhAAAAtg6Uc3dAKETRoXW4jQ0nh5m5s9uNfdhvLivPIjLuzQ6Rm+KRoYZ8kXUZuL0noEHnH7iKm0E4TKj2Hu9oZKK7WKHyA2/EfOUl45ayN7yivDjx4wUADCLP1fbwajK/S6n2Zh9Sn6yE09jGyqVh3TRE2TkhrEzMGiwazWPCPi5YcNpBcrtVLl8h5QG29qEZuPicak6GHai7aO/Vlih4qb7ak3ETUfKjuNIHWUZ+oTSCc35CT8tckec1jDhs1xHxJT/T2Qc2XJZXlR4b6eb+C4aHAEtHhSJvpxVOZcQ+Fbx1BECvKKbdm1Ibf9KWZXllcI7/G2vR2Dcl+O7LkzviNWDItu9Hn9WpQcvzecO64pG7NlFnhm5K3L+H52I833g2LCw3mjj/gSKBj+o3wRlOtOas2JqY2DAo6+1BSZKbyUgWAkprdxToofMQ6tvpTAjS87Z0ihzU+LVZJxU2tQoe6c3FsIVv48AkqNFjCmA2uffRhSxGaqeAUrCsffpKU34yA1n7gNVdZlkuREpFDgO9TySPLBjRWuTTivXjNMKToQkwVckohORiqpaVAHB9np0DBrixmCI9TnNcP3/WaW0zn8Ktvv5RqDAB36XkCcY/5AndZhKmKWzzcBNLvZru74ZGJHS3/PMSKO2OADBMqVZ/50/v7Tl5gJoflvc9PspxgU9gEz3vFTXtuaD3KXS3QTX8mWi/OwD+N/0tUquvLre+U3OAQihHQt8I/BDqVF0dylBfCjun6bMmy7IM9dPPfjHuv2PA2XzBim9wqFG9ygJWLFcyAly7potgqQbwMQdpt5CJ+MHElBl0LlvDlv4LMhuirhN0ORcXfYkWWUA5J2lhvz4RmpCJXqbrpT8D6bRdIRpbpbpvqlfbqi6KUHWtVds4UHmfSc/Mxwsurn73V43p0LjiTdfEGcOFhny1WoBg8CQEAxxSdKYqd/oha/Vd86ea29+5WRHJ0qkLf9Sr/gMHiP60aBMReBMRrRYY9QQLPn+MmwtrFHqhR8GatRtWIa+yMFrOCcf0I+0IRAtG148gdLtmP6rjGV3Np0/azWbnIJsAVYQIFcrfVTAw54oD5ZKzbyVWAjP0+F/1jim1ZMh3+VYvjC/UQ13ABML+CbVV/fbW0Fq5z6pBjVoViTl/b07pwsbvcCdL9OXmWsj0JP4pN99jMt1/Av8mZIGzxBYtTxDdoCibCthvytINpMrF8oKxk29RRjqS+lhuzP2eOmy1cjXLiAps5LexbOAPm0HzFitkoOcL3uGC+4gzZ1tIViRQz7RahVmbt9ZILZO7Kn/BRRnzDgkOdHtm9+0lyO6XBNJFCtWUzVam+0bLXlqHKGcJiG4OqOLVoqZr4Qj77hhCy53l0waA9vKCrRgYOPPc9rSWILSihTPZUwo/0mmVqEfvgQvyWKL9ojMUjev8jglqDxyRb84lv01fwOV4+1GuKGCbsrrNKUijRXh92752jAv0h6BnUK6H2YHL3nVjew0u8+mvZQgRpQDaD6x9bMZ4FybyyMy/VpLEuALZUEVWSXFlU563PMXDX14KdnvYWJoJOOsy0VyTjlIJ2yqcy3jYjSqxRSTxHMbthUe3QLhOgkXApn4yagraMDWsr8lxYHuA8o8N0GlJSL2I7DwAT2/l3mDsC3xUBfl6HTNKtvExOO5rPwDcd2ZMaXDrlGEEtT1A936B3hM9HqD31KnojVCxsmGpbUH3nT8gqyb+FqCp5fNTbbmdqpsDiWtDWDlg5YUCKRTm5DSoaPjCEgKrRfBx0aE3UOsvoF5dFB4LPtMBl8wxmQ3vr0vfwy9PtMQG8sPfKZSLnc4sp1UU5eGs/WIdZywzsTreHdAgagn4i/5CYSdvRkeAwJcrZ1SPcYVgo6YYa3W8BymcBdqgTxQdj6oes/qGeTCXPG0TU+S+5g7Ld+O1Kt0mbedlVOu8q+5/ypU30mrHxaRqHdGJp7rK1w3kh9agMJjcvOMurO9oxTQmCoW1zhk6NuFl0/NcplsIOWg9QIMzdvANq//hNxeORTxnklMwY6E7QL5mEXJAgWjqqhMziC2Xf82EsUeONH8czrUkFjcP6qB3XsYf3yR9T7iBase1ITnpJleFykVhXrCC/eK9+lcI7FA5nejWEMv00vPQYt4Q4U9df9SlsxS4YHV0x6Sx/Dtw/zmlJBrEreMIC/hD275QIhbs3fW7ZiyQDd3eLUCOIr3P/ifDwSOfpn0f6BmyxRHjCxds4HL7tboHul5ptDjZOUN8kG7ucQn59rZ7dRD/6f4sG9o/ROnAOwCaV1adUAD7D19NUcgyYg7VEOkjifU92YgRfmRVqYx6wYCbTeq14hKb/4THMHwNcCaWdn68UyICogWVjYK4GfKSPkjP6ibKczmmzh29PwPLpP+qWaHRQbssd62EwxWPTXU0jthvRVVtLiviYOdQCXLCywhldyQ5x5npqWmf9OaRBpaDyL/pTzTJ6S+imJ4G3EoCo44ulccjpT+NnSXNmuczwbbsmKNzPAbe1fuY82MNM+k3TUbKzhOdqAiV2jRaggI+zjOvt98SDOhhk/dt0zz/i7Urd1EHh4/+IFYsyaFPiDCixmWETJUscx2XWuY7zrwZ6iIrbW3QIEebox6HWOOnb85UJsyBMfyBwtKW9bOJXu+F06f6/sQExR368anhChZaM7Q/38jEpHt/qC3FM+VJDa6ZcLf67l19PBMPeyr3fC1+UNZ9d6ISfi4WHHZ33NsaWO6vcK4QxseFM6QKYrYwrOXr8rXj3Z4NNbNaEGdGkKF5p1zas7svtQun1Abfcjn0YUx8do5GWgxpHaAJW8jwmB0zmui75jlLRbk5Li3mdWQ6P7uN8kIOlb0qrT9M+wmrdq/5FGEU3+e0oTRx3ytnmDjw6w/x2NXPzi3EbWUc2u6s+PxQ5HNNeqqixj8ovGHnUavmI9gaJD0OXLT0uf/YQiOe2ZQRAO3IPmRv/EGPGsu/vfNtw753Ty/3LlCe0I6m3EYFIojG8F2sefdjFiYxT/5iLkmafn/6eInVObNypeqNS8KCaSfTGZHjcA+FBsdVne6E2PgubXnp5UsfMyQPkbDE+k5SN/wscmTVNawmw91pogbeQ0Pa5nz2VmGjyp54JAfcuqGJ+ZW2N+mfAR6OJ+6EM48U7o03mmSJqPY1JIbKcG/+MXTTuulTc6ADNEg+fAdNpPWgLcj7UteCGoSMMD1+GkU1tyXPwcxCMc49/JT3mmzS1+LQYlnvuy8XYxYg+sJa8fO2rnS1gOXjXUE9QpN5F8QcyYxCg7TP/Ku3AQ2xj8OhzQD/kczkj6nKIGA2sOg2QT5S1CnQNF8i6DZqIGBO4d9B+bC3hwi1fYcoIe3osRaPAUUNXl5SYHAmg2E5n8TU/4t5uOkvMNBJA+79L8rbv5NQZISOt0rjSoTR4KqjJRSMMGgTCvQ3PeB1tKySjcytQjvgw8pSzCOMMjSB+rD2wAhYujV9qrbCkOTgKHbjch6JeMeh/OJRvydxymik2Ca/bE2f58neCdyIRL8TkYfDDfm1xTivuGrcGaYr4XW9v9WKgK3OL50QU2uJZ7HC8jLUhqFVjruw0mpRYzfVbHu+yAC0FPJWez5dacttxpwm5yeEtI8SiXtLFAb3X7ZPfdfuB63VPrc6OMFN+CtRm9ofzNYKU1FBOI0WdHnzv7ow2EOq9Q8ZWTvrcYWaHyEC/5LG+7Fn6A2PXAO9DXmgbkz0bEENYkVwT07d8AQcSYumdFskaw2gOVeLSjXfIT72uBT9d6uRuQKrxkk6v9UoMIXHdC+O5srUo2hyGlTdlFgejInOYtTyFH5YPS+da/ypVvSxLs5m9+Rls7rJqwf10tbnFlXPhn9ZeEAEMLstwh41b8fAoHEIgm+GLtyPoUVACDIwSn2nMttZXyrMYH75TmNgj0ejrnoaV6SMgCN7+1
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-99e8-46e7-9fc0-4d44950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = 'IMG_2189.zip' AND file:hashes.SHA1 = '7053a6052f3caf28325ff0df4c214a1d88eda782']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-696c-4542-a153-4e51950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = 'IMG_2189.zip' AND file:hashes.SHA256 = 'a9ac0630fdbc7d948b77d11c4748386fee5dd4733bcbd9c30b6842732490c311']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-f300-43f6-a55c-4be9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMArHUs6PhSm5A0AADYOAAAgABwAZWVmMjg5NjI1M2Q5OWViODlkZDAxODM4MDUyZjY0MDBVVAkAA9f7pFnX+6RZdXgLAAEEIQAAAAQhAAAAXBzqsXrYLBrzL7r42meX9AB5mvN+Yye2o23C2hg0/FCvjOE/VRvft4B4GVi8w+ElHza9vJf43/Hmfi1Qon3JFdkc73jfltiq7IetPuCkwuDXEx4haPdkS9DRgTIQWA5HuEKuNpaOVe9Q+4sJOHHmhVIACsiLPcPU5PcyBCDR3T1mh4/3jr3MVSl+BHS3ZNdn7ByeoSTbQcoHMYqpdqPUQA5Tq+6XgUJh3lFKwCq8nBNLUBlZuTJnh1kuPKrg+Rm4lMp86aBwGV8+APsWdTx8uBstYCTfA2R/4fzx/yNqMF6boc0023d+6l9bXclUJpPkRrTFLKwpBG+o6d/jYmF5O+04ASL4QHTBx+9AVxbQVPXZhiKZck/7tpjOvELg0taHSuu4INzkJJAuoznPsvnmn56FQjgmYEJattf28BGZaUYe/gUG/bcnLtqb4SVp6kmo51Ossa9QIsBdNRUjD/dauUlcUHe1PoxIPgJIZLtWr0WVN42MQOsxhKZl5zH7Xq9AmTYYWxgKROymyhmOrySGv2X1VGEhotLYZgluNuRwyFzYhB6hh1zF6984x6CzR7ZFAC2Pyeo7O5hnQTVl3LJPxPbvvDvvMhPF+WyZy4DFE/QoFYXF/iFTvmAT+SK27qIukIELt27cWtZZ7UxR042cw5iTnpGMSlZVn92t6knKKjLDYyaYqh5ZQaPSWxzjtDizeiO1/X16wxiyCQ4CJUnjihGpPWxyOL6k6nLmZsRxPuUxgiL4JSxZn4r+qcjNTLiFeMgB778ltmfxH9l4pheI4AckAqq0T/61bge9SW6MVcojOmOQ1rzh1SsW7yFdAsa2nvvwTVsGfSi7PrlLUwbSZtCMM6S/yji85pCpZ/pfYHoveSebkLm9EokBdeZFXJYkC+MB+TKSfLykxuAbRF+goD0haf6dG+Oq0md4cnLPTj87/6uePl/93JJXebltehAbJaQ56hGGEAnNPORQU0+VbaF/z7KxTXOQ5fwoQOycP9G6csQb7mYfBantApDUZ27mPvVwl9fjyjlEVsqYIMOvGt65s2qghvtGysO5S+Ej/Iw0lMBsV7KeFn1kgymTpXEt9bNZNjXnvww9FH81NEmtxPBobVhyge4BVZX/yn0x/PT20WQs5qnJmxox/ehsVMT4/usNP5sFU97EK2tnqIxc1fl+M/vSynZungy1eq7802S0MfynKEyKlIUB7bicvvrR0iQT2OI6/ti2gtX+NH5FjPcSRNn/eIFLLOyPx1CxXTNMSMNKTOzRcjXElAbMxXqFKobDdpIwuCf4Jj8sMT7JChKLhKNjm1k1XXH2OLeY9Nm2JNSpLNj8YtuXGsvn7phJTbSAlVsEDsRsAuvGvAqnImqP63TXZUmnsVBO15r2RCrw9O8pWFyyGiON7V+HCZN9ORehZ8lwXL6kPQJmbi+NZoCpBiRr2mN054resML2hoQwfc4KpU4yW/r+Ro+sqIYRgbParX2ySgIDvPqbh+25pXHUCSrHzKHVgm7eRZf2FCioEq/6lKy9FNI04HSxEoDfVO7ifQ3/XvSzl+Ca6Zq2nxXEYEIMtYT/FLko+vfGIzi6eCbppw6VPSZkhE2uySVoO0+DcpdOUdM9EkSXPrWcm49iYgFcMg9x69mPsRtwqtPOQ3PzSyZo2Lpu1cUs3Yvy2XxcTU+OGAo3N8GMFslnFnWwY2xWC9bdI//FARl22+OmkhyZ45KnSwnr+/Vbkue9gN65jxEu1tuOIgc0dXnDKgRZLAm+sPvnkX4kTo1OVXneMmGYM5GjIbXYhA3JrwKVPM/CLu/3AcYWadEEoAPhprgGBSmqD3MpJscw4/4wtReTT0yOdwq/jzFnq5j1aRYePsOufyfPsyOxPPZpAfY9eLBT/R9WAmlJMP+f3xnVpXIC9uKZTQKRNqPoRtWFgkLkiir6dURfFMmNLfA2EpkHUECwmKslta5JQNto6xQrI4LBFPcC7mWAjUQEQ3b6IShVefxx9dxVN0x/t/1h6HgN4qwBHtnRnuGpDiMw8hqAUEq/0CbZ+KFMzUxWAZegxmvyHAF7831KZ82WHnBAuS6F1HI05cYXuFh4RSfByylmCj05zez02gMU60D6og7n5/XW19rMShLnTFCDVRwwTv0genrN60LKqSb8wJ4jOvnF1UCsqN3KV40V+cgqDNzGVMcFXeuIFaCRtO22gzqrEy7Ry7nC3DkzYgcvj7vqFm40BLWGNjcn6KB/IOc7N3MNzOpGzWY7gZKCdIqLT0lm5KMDgvz1cSvhXN32RvfoJOm5r0rkpgx/Fjz2nmvbwL13+qIr2zY62CmPaiFXWX7sZbAEVqhPRtDKZRJXI0SUniM2Cp84msfeGCGI1+2XQrCoZPa4KNAsm9f8YOM6Rk1ZzI1lUZSIf3aJ6ui4t18Wdx6ZqA4vPZTKiSKlYSpMz6ysLmzB6uF8wFWhsGO2lPth8wLpaec1kn/pC1feiNV950lmxod59ld0z6yvXwdZ5gzBynKJ+3uaG/YI9DmLuWOCQLBED08e5Z9Y67nXT5CKWQGHsvdTQWqKMWTxrYpVmd4xYRJeBOts9sgdCg6coqJVZ7ZmxBUiNkwpnTOulAg2nT/o3seTIwr4wv18v1oh/C5CV7KwtSPoZNQswe25OZvzPq/XgKFGs+BsFWaubRkJPQJEd6w16JhhKdkaq4Se9IXYNhhIjmx7w2XgM3e4JYyH32SjEAhIWB6X5SqY0Vj3jAV/Eoue1IXG6bTxinq4mVSzt1mzSQo74sUZgDZRP8mR+umB9hKXCmWU1FixnEnXKhzU48QeLZKT27c/vIpMfn14S4LzfnYvKnc/UmlBJ0CS4RcKATILaIeqycgaAsLxjfwLy05QTG5oiqwmDeAXgOhb3m7Vukae53ZCQqGXZwSgsp6ybvtfhQm/NFEv3hlRchnasv2IACSgLeJoyBX1uPCmy8X0aU1uQjtOsA4obWMhLvlZ1Td+EFlj6NmVCZ7c3b4qv/tVgXwvB6b5sCXPRoX+f8zr2E8mayKe7TowjTG349x/qBV1z0xImdpUzbVyW2kVgB0frE/GvZb6CaBt6OpOL7s5Wl+w8O3OqAeHYUNrUqAm+LgPpxDFZJfRDCcYQA0nW6NwyMQ0MTMkADsBLpzPMiDHftM3JdkXbHLMofVcFDYh/6/pqZhf3NEwbMYwjaV9NrL4QmS8tSwrX4fSaBYbZzhijGbrotMo5xaFEeDMH7NAySPsojhns9ZmoC+5YYD8satLFX3BBUElxe205SHPu6onQsGtArUzW3IHwewPsODO6dDbVuR7I2KywwFQhFazOYD9ZRSKOFQtY5IdKQUzBUAYOjYwyJq81bhTkSvHi6maia8znUpww2aDKv2QhYgegHYi1ysL1AH/8gkX+7+AsuVN0fFiBMd6VHcWjLvJu98lmso9GfPnAMytrfuEVFbX7YrUs1RsAP/k1RGvDFtFhjU3/B5QiP99DvnuDq07Dtk/z0Ghmdvr7I9lmBpXe4RDJzk14wcOJ0EZGxn2yMjZlRrwBuNEn8j0Gt80I1u1dENsRx8RVYI3oIkboB4VVpIKa1zfgQbs2znkZPHX9QYMnwgsNoSQu87dG0zTbdn1u1qrh4MQefDvporsSK+MVXI+8a8hr87r7+DlWWaLDtwdcZJOsKQ30/U3cKaBLKoPwj64vYKWmqAkxyKslw7GrmXeqZkICWQGHXoUZJgVUKubyRTArOK8E1o626TzClfhpFfME81+9a2jxhNlDocvdea8winqEJgaplRPnQq/UqNcExSeLwxQMAYh07yjjDJgFdyc9p0j6pXSyQthHH2aPpCd9rJj2EJ0FWj7MqNgSWIIT084D2pL8i0HI0ryn0/8Nl132HJiP0QbtaIPjXqAX5N8M45Nl6m2D8A/LZdFe3ZkMVDcwgcVqQ/0H4XYPg
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-0b48-4218-a334-4f63950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = 'IMG_9388.zip' AND file:hashes.SHA1 = '1f60edf01fd59b9d9a57eba7c63b9d6bf91685db']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fbd7-3244-4a3c-b31e-4604950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:29:59.000Z",
|
||
|
"modified": "2017-08-29T05:29:59.000Z",
|
||
|
"pattern": "[file:name = 'IMG_9388.zip' AND file:hashes.SHA256 = 'c84ed4cc2999346258646f733f8febd454c535989ad83103a798ad36abeaacb8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:29:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59a4fe24-3c2c-45e4-86d4-4b9e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:39:48.000Z",
|
||
|
"modified": "2017-08-29T05:39:48.000Z",
|
||
|
"first_observed": "2017-08-29T05:39:48Z",
|
||
|
"last_observed": "2017-08-29T05:39:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--59a4fe24-3c2c-45e4-86d4-4b9e950d210f",
|
||
|
"artifact--59a4fe24-3c2c-45e4-86d4-4b9e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"attachment\"",
|
||
|
"misp:category=\"Payload delivery\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--59a4fe24-3c2c-45e4-86d4-4b9e950d210f",
|
||
|
"name": "78wygGHDwf",
|
||
|
"content_ref": "artifact--59a4fe24-3c2c-45e4-86d4-4b9e950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "artifact",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "artifact--59a4fe24-3c2c-45e4-86d4-4b9e950d210f",
|
||
|
"payload_bin": "CwnncEk3MWwwdDNYhbp0T4gzNXJnYjNxdUcwdk9EMXRGU3dwSjcxbDR0M1h6RXRPMDM1cmdiM3E1RzB2z0QxdEhMzX5KgzihFcwyFLdkICdZQBUCFQ1UA1QqEBUuKl8bMnMVFWpFRAIUHV14Pgonb11cURdJbz57EUcwdk9EMXQWFndwBjY1bDQ7Igh6RXRPMDM1codiMHA+Rjp2T/4xdEYpfnBKNzFsRdwzWHpVdE8w4zVyZ2JzcTVXMHZPRjF0Q1N2cEo3MWwxdDJYekV0TzBTP3JnZjNxQlw7dk1EMXRGU2dwSicxbDR0I1h6VXRPMDM1cndiM3E1RzB2T0QxdEaDd3DqNzFsNPQyWFqcfE8wMzVyZ2IzcTVHMHZPRDF0yjp2cFI7MWwwZjNYZkV0TzAzNXJnYjNxNUcwdk9EMXRGU3dwSjcxbDR0M1h6RXRPMDM1cmdiM3FdoDB2D0UxdEZTd3BKNzFsNHQzWHpFdE8wMzVyZ2IzcRszVQ47RDF0Uup3cEonMWw0zjNYekF0TzAzNXJnYjNxNUcwdm9EMRRoIRMRPlYxbJxsM1h6lXRPMCk1cmfcM3E1RzB2T0QxdEZTd3BqNzEsGhBSLBtFdE+UtjVyZ5IzcTXBMHZPnDF0RlN3cEo3MWw0dDNYOkV0jx5BRgAEYjNxFZ44dk/EMHRGiX9wSmkwbDR0M1h6RXRPMDM1cidiM7E1RzB2T0QxdEZTd3BKNzFsNHQzWHpFdE8wMzVyZ2IzcTVHMHZPRDF0RlN3cEo3MWw0dDNYekV0TzAzNXJnYjNxNUcwdk9EMXRGU3dwSjcxbDR0M1h6RXRPMDM1cmdiM3E1RzB2T0QxdEZTd3BKNzFsNHQzWHpFdE8wMzVyZ2IzcTVHMHZPRDF0RlN3cEo3MWw0dDNYekV0TzAzNXJnYjNxNUcwdk9EMXRGU3dwSjcxbDR0M1h6RXRPMDM1cmdiM3E1RzB2T0QxdEZTd3BKNzFsNHQzWHpFdE8wMzVyZ2IzcTVHMHZPRDF0RlN3cEo3MWw0dDNYekV0TzAzNXJnYjNxNUcwdk9EMXRGU3dwSjcxbDR0M1h6RXRPMDM1cmdiM3E1RzB2T0QxdEZTd3BKNzFsNHQzWHpFdE8wMzVyZ2IzcTVHMHZPRDF0RlN3cEo3MWw0dDNYekV0TzAzNXJnYjNxNUcwdk9EMXRGU3dwSjcxbDR0M1h6RXRPMDM1cmdiM3E1RzB2T0QxdEZTd3BKNzFsNHQzWHpFdE8wMzVyZ2IzcTVHMHZPRDF0RlN3cEo3MWw0dDNYekV0TzAzNXJnYjNxNUcwdk9EMXRGU3dwSjcxbDR0M1h6RXRPMDM1cmdiM3E1RzB2T0QxdEYSNTNKcncrND15E3oIOgAwcncxZyd1NjUOej1PCX87RhI1M0pydys0PXkTegg6ADBydzFnJ3U2NQ56PU8JfztGEjUzSnJ3KzQ9eRN6CDoAMHJ3MWcndTY1Dno9Twl/O0YSNTNKcncrND15E3oIOgAwcncxZyd1NjUOej1PCX87RhI1M0pydys0PXkTegg6ADBydzFnJ3U2NQ56PU8JfztGEjUzSnJ3KzQ9eRN6CDoAMHJ3MWcndTY1Dno9Twl/O0YSNTNKcncrND15E3oIOgAwcncxZyd1NjUOej1PCX87RhI1M0pydys0PXkTegg6ADBydzFnJ3U2NQ56PU8JfztGEjUzSnJ3KzQ9eRN6CDoAMHJ3MWcndTY1Dno9Twl/O0YSNTNKcncrND15E3oIOgAwcncxZyd1NjUOej1PCX87RhI1M0pydys0PXkTegg6ADBydzFnJ3U2NQ56PU8JfztGEjUzSnJ3KzQ9eRN6CDoAMHJ3MWcndTY1Dno9Twl/O0YSNTNKcncrND15E3oIOgAwcncxZyd1NjUOej1PCX87RhI1M0pydys0PXkTegg6ADBydzFnJ3U2NQ56PU8JfztGEjUzSnJ3KzQ9eRN6CDoAMHJ3MWcndTY1Dno9Twl/O0YSNTNKcncrND15E3oIOgAwcncxZyd1NjUOej1PCX87RlN3cEo3MWw0OyIIekV0TzIzNXJ9YjNxFVUwdm9CMXQCADMjMpwzbFwsN1gmVnJPlq4wcmZiM3FPR1j1tgQxHkY7d3BaN9ndoHQz24JFe8oaZTVyDxjKMTUtMB5PRCF0rnxCcEq0yWw78SMOekUcNclzNRhnCjNxJUfYY3pEMfe+U3j1vGIxbFz3yhh6L3QnMDMlco8Bp3E1wvB5yplkdEY7DYkKN1tsXHQzSHqtlnswM7aKZ222smBHMB7MvXF0LFMfcEonMYQE4DNY/4V7yppmNXIP4coxNS0wHk9EIXSuRONwSrLxY7HlZlh6rTlzMDM1cmdiM3E1RzAeNb1xdCxTH3BKJzGEvEAzWP+Fe8rOKzVyDxjKMTUtMB5PRCF0rjxDcEqy8WOxkStYei33tnAzX3IPYjNhNa+O5U9EtLRJ1rtoSjdZFs00MzJ6LXRPIDPdT1NiM/T1SLXFV0QxHMWqN3AgN1lsNGQzsPbWdE+18zr3/XozcV3EyTZPLjEcRlNncKJEomw08fNX/8RsTzDb3SZnYjNxNUcwdk9EMXRGUx8Ks3cxBjQcM1hqRZyuAzM196dttrJhRzAeNb1xdCxTH3BKJzGE/EczWP+Fe8qaZzVyDxjKMTUtMB5PRCF0rvxEcEqy8WOx5WdYei33tnAzX3IPYjNhNa/O5E9EtLRJ1g8kSjdZ7800MzJ6LXRPIDPdl/ViM/LNRz/zERAxdK6N5XBKNzFsNBxJoTpFHk9YMzViZ4ppQjVHtbZAwQ0gRlMf87N3MQY0HDNYakWc5qIzNfenbbZSYUcwHsy9cXQsUx9wSicxhKTmM1j5vXRAtTphcmcKSYh1R1p2J0QxZEa7eUNKN7KUNHu2tylFdCdKynVyDWJbcTVXMJ67djF0w5N49ZxkMWzcqGJYekV0TzAzXQieIjMbNS8wdl9E2aV0U3f1iji032d0MzAAvDRPWjNdcmdyM5mNdTB2yoQ+8dwAd3AiTcgsNB4zMHpFZE/YrAdyZ+HLcTrCsCVPRFn3vxN3GkpfMWwkdNu160V0zMgzOvcBMTNxXcTJNk8uMRxGU2dwouSgbDTx81f/CCdPMFtPiydiWXFdRzBmT6xjRkZT8rBFsgU/NHTbT0dFdE8wMzVyZ2IzcTVHMHZPLLKNBlMdcCI3MXw0nL3JekXxjz+2ZHVnYlvyzAcwHE8sMXRWU58F2zcx6fR7tmB9RXQns8p1cg1iW3E1VzCeE9UxdMWrd3/PKTZsNBywoTpFHk9YMzViZ4px4DVHtbZAwTRzRlMfCrN3MQY0HDNYakWcjgEzNfGfYjz03kEwdic+yDRGOXcYSjchbNzTAlh6xoxPP7bkdGdiWwvMBzAcTywxdFZTn/17NzHvzHQ83c1DdE/YWmdyZ2IzcTVHMHZPRFkOvxN3GkpfMWwkdNs9S0V0zMgzOvchMDNxXT3JNk8uMRxGU2dwonwAbDT3y1h1wFgdMDNdCJ4iMxs1LzB2X0TZRXdTd/OyNz7pJiYzWBI/jQ8wWTUaZ2Ijcd1QAXZPwfF7w6omcEpfspV0dFlYEkV0XzDbU+JnYrCJNUi1qR5EMZyEaHdwSjcxbDR0MzAAvDRPWjNdcmdyM5ntdzB2zLwxe8PqJnBKX0uVdHRZWBJFdF8w24tCZ2K2sTrCkCdPRFn3vxN3GkpfMWwkdNtV6kV0zMgzOvfhMzNxXcTJNk8uMRxGU2dwosS+bDTx81f/KCVPMFu2iydiWXFdRzBmT6zr+0ZT8rBFsmU9NHRbIoMFdCUwWzVyd2LbKAVHMPW3RD7xfAJ3cCK0yCw0HjMwekVkT9iUunJn4ctxOsIQJ09E2epkU3dwSjcxbDR0M1gSP40PMFk1GmdiI3HdUAB2T8fJdEnWGGZKN1kWzTQzMnotdE8gM92PSGIz8s1HP/MaUjF0LimOMEpdMQQ0dCNYkqZbTzCwzXJo5whnNUdY9bYEMR5GO3dwWjfZXbt0M926SvFtJjM1Gh2bc3FfR1h2T1QxnPZ8d3DP9z7pPWI
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fe58-3854-4170-89e1-46d9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:40:40.000Z",
|
||
|
"modified": "2017-08-29T05:40:40.000Z",
|
||
|
"description": "encrypted payload from download location",
|
||
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIABQtHUvktDKeQ5IIAAA4CgAgABwAYTdmZTY0OWM3OTBiYjNkZDJmN2IxZGE2MTQ4YjgxMTRVVAkAA1j+pFlY/qRZdXgLAAEEIQAAAAQhAAAAe+gtGw37R0M57t1WFKkLeEMAfCPnbhSvp3o3ju4j6lmznjUkNRqcBX46zILTl0PsZDtiFjGW2sAmCVy03aTQmupdh6UzoUfKCuTGuDwqN6CXyPsfgZeW083Ul6Yhdpg5ABCqUyi533eifvtmTMVF64d57X0tTb7fAAEFda5PWDAVWcBUpTSj2nZ9BS1wceCeOwTfYLIDNgnkyw5ZJ8mrCpNyqqh29ouYX2N5VQ177ZjfoOHZPIjXZf4FTaPO+gxsGzB1c8Cv4gJoKhhoLdwLvH6ZFPn+PPcP5vXa5tOgVDD1/C6wW40Aw9xQSE72iPVTbm/D0WcWCuTsZkRM+eS5bbERgndbGjf1iVtdMpZynMfIuEF1PnZZKCzlSuzmrRYqTQ5FnTx06z1VcETIbnrUwE25b3WL67bAe2lZT/LTlIwlpqa4e3Y4Rx1JzVRceJauFsQm/K882peljDq5q1vZ7304Tvc+TMhgliXGDofyHlFmga28rRzVQZhhk4IlxGM/gL8p5OcYpU9vnavhrdO5alIvQ9LqvZ4zsRbheGhJTrLx4xNu1QrbKn7pYDTEiQ4p8hC1L/P6SqQ3eNB/o8NuvrY+u/jk1FPsuRfqNf3VOtITXPy21UID7pBGYDnEKCaJNqLdusldKLxNzxZxdTvaER/AePo/w68Et9GlQvqByxDvEP45L6kbcGysoz42JaJVPiEgU459WtDK+REiAU5vUqXNrDRKrxGZ4vQmp9pDEYdEgRcKWYXN+dNj2571wUO9OrKW7NXsprT0AcbctQrTI1ugIk1hAmjPdaozvjgl+g7zYor57m/PdbHz7Dl+P09jK03myUAMeKt9GLWWGex4yXIr6RNo5L/9eLJOknxczvWmDcfoDkd9BpGJhlA8TTJsNYUrXN3ILVDkMHmpNxIqPOHJFJ6FDFBG+im1C0OiRPedOtHLHELrtZbxkk7i9bfl9OBhudUFZVsir3CwZP2PNHvoGG1LYxv25Y0sB8Mv1Mjjit+6bs/EdfGC9ZSefAxFKmclKRhW/96vVzac4teuD0d/BFXmeRmTU+lTqyPhIMU4YGc7B0wF6CzfVOGPbgauM4cs+38mpjZHjnmeSzq8oT+Im9x8StiveKKNExtR6JVAyBoYFfjU5C8j48bhoVt9TNciSyK0TkfAUKOyhNLbu6E0K0mLlpbFw+7fY9J4K+EHKCmlekdsod1tSmV0aRCQJknwQvGDiWzTjqgvs8H6BoiJ8Sq2Mb7+aab0WquOVE0ob5CUz63i8sbEA2R5ZidREk1wKnD+N3kX6aKEQRp1MpRR3x8vXlP6ZSCLjVVPaqeOLcLdp3dx+1FqsSNGfrimfcRg050PppUX6xsXBOEOAOoeF+QAfc3zwnUoMHRIYFp2IYHnJhwVtEobvXPYg1Mq7ymMVQl6SDhmj8SxObC6Q7E9QsH8oqmQ2DhtJ8OxkSezON7j0RWhXd7hvs3sgkaJFiItTqmPgm1/CPUyHou8SYauZFO061CKm0wf2Z1XnNQUM/bQkve0ieL814frEmPcMcR8PZSZbBDjf9FKi+mtWXhCsArC0W+r4bEdqKwQzgIyT0V4Il+7FPV2Pz3goZrcm6421o8ExGBz1koo2WiABu86KMAVECapYQfJO/e3r6+rTcrP46+O+0W2oc+fVSRSrmSS+fsftTkr6lHMFxSmmK3jlBxCcPwra5X+iPuO714YICKuwUvrL26+Wt8cYZsGqdPWw8NllZVhPnz/+WPZoYVop6x6NfXfXFu7O/nBajaUwNr3ML/GT2N87L8R6z0Mvmh8Uh8IWc0ge6bgA5R0XPTX1HUhwBoWMNOOTwc4I2wGY+1tzWsbtcH78QAiSnBWhH9pPKn6ioSd61BzBvmmIEw8l6ASRQhbJZZU+Ny4tdh+HgMKnnAIf4VnlxKR32QnRPmwbjR5vEy2B9hicpHougqFgvOyvYrEd+0Nm2XQTHuaXTJj897h3ErBqKbkjO5w50uwOFdWUOaMbqjuV1/0fAgInV1m9RAcdImYo+XkiVkckEyjqMgQJZLzzaRlqngcbja3ssFLZAlbqafF9d6y+yVHW5lnUmktrdm+u8cHpzy7foByXETgV8wZwBDabnf8I/zW8ESMRnve90tJLAUUZv/+jZIgAgAf3uvxBcTzrgD+pWxNGRiTtHE1Xdk+bnm1WGH9G5JypYm9aR9JaS9IMThcejnfrZAdleE1x2De/Yhx23KcEGeawlLowMZPlNFF6WWtCUJ+r9iw7lngZBTsCHYqbzh7+Fdtb3nlbxzlNgm0ENz60YKa5i99ma2uSyEe+cWhQUPjg7uToKDmtcWfVsZZaiWUXCYjv3gWEGjUM7+NkzgMTGWOktWlLCqRURE+qw3uJAsTzx2vpCJ7W6Sll8U2XEKZw3Kpr3aazI8JjCR8ksRP2oVg94EpL0GtTFim+UO/bhO43k6Gj0wDWU/u6CcGuvxiGo4M0XrLUb2NUWm4Elr/qlKhK2PCl1gsS2UBDXJfhuHxCVa0nNHPLJRKIRPr7kSs9cAWCGxmi17fNRuxUQb9nZJPudQhjqQg5XSTKyaI0JgV3d5TdOLtiFyLZhqElkBuD8iZtwZ0cxoQHh2h2crxktzvBcKolYrL0iArzR8Eb4j7/G/7XUvfBMLm1zA2skRiF+Ax4YHcJoxLLuSAD3xV9MF5m78r4BS+hzj11Rg7BDTU1cD2Aroxz2AIlGrDAcYSq2I3yOvkGyhs6VDQhE6FINUDeV/ez5a2ZHfjJxDbnx9ojmzysZQSjv3BO/YMw2Lg29SRiEFoW4DJBcheUt76ueKHz7vXpni5mll2OvpqDwZPM1kIIXGBXKgSFonYpjXD9qxCEXTZ0ZNJvis8PGnss/mbAow0MZH9Kyv06INwQ7J97iyiJI3IWD/HL3loT7LeQIos9rYq31lgf+jJbb643YJIbe8ZsoGhoOAEKg/RpS4q3G+p+gMADJk+aodbVHFuAuX/jpvaQx28o0hKgit9/axlEVsw4lYndiaYupSzZwtT+H86Yb0tdHFnLNuyD8qcyR8gHF3Cz08lHyLClMtSLkHod5gkhUkrGJua197icbciW3Ws2Yb5LcOVqoSDDAy9XFffrVWiKsnJjjaILMAUg4mY3zMNR2PpUoZhwNoD/ckWLMzzbaLoCxwwYzkmyqQ8dH7SYu7y5/Nq+r43GFSLsnkQnKQTNRhJQFLZ+s3SmtNbaFnUJa05s04OblVeU5AQowhmYr+6BPfJ8vlaSjTnJo8id6QqVxzYMKPrGId+GDGWPIkcEtfChW9rJia+UhQ1HSezD3P3Saluc5+5NWKVVOJC8/PWr9t5EjXUvj1hvIpp37c5sJkvOYQSmNGPcYzuPkPtEvWsEZhqn7YOolhKcy0X+6HJ74B4beHbA2F8+uFUB0z+yrEb2OC/6oDJxGfykoRWILwO5REQjbeamtkzKkMzR86fPPlmdjZidT5+XU24YVGTkxeQxAXlrVsvpu0KVUF5eJagzaDAj12KMC2ky21BSm7l7RULda2M4FVN6pvhLqZ8hELTDhvhpWSpW2a16xtjX1jB7lff6X512+YuANY4TGv/5yvTQHqgNuYHpUHu4ExqPlCdlArIs4GrVHIC0dRfA1f/VS5CuoVKKd36tcSvB3tzRNZ+WHxbtcwLxuG4uJfpOJLQAMGs3HNIS0iOi/e9RdPZ4go3jETZcE2xpy7K6i97J/lyGf+BC2LA65kj0FUDIOVczsFR74pCAKnXpsA0pCkLwE/dqzM+R/w9TnqdCrbJPiRo34tZeact+2H1MES5QvmFlTQklCQGvhTFirBtSYZzvx8vUS7kdRa2ctzA88WlzNif43IKmnZPM9t9Eg0AG6TTdhTwdY83rHWaSSWZFcfoO11pcx3g0CEIreJmY0nubNE/Iem0qRGCRbDtcKjcb+
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:40:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"malware-sample\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fe58-3398-405d-82cc-4f0e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:40:40.000Z",
|
||
|
"modified": "2017-08-29T05:40:40.000Z",
|
||
|
"description": "encrypted payload from download location",
|
||
|
"pattern": "[file:name = '78wygGHDwf' AND file:hashes.SHA1 = '7b6c07e7b209cdc42f711eab6900460046d68a5e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:40:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59a4fe58-dd70-4cf9-9e6f-49dc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:40:40.000Z",
|
||
|
"modified": "2017-08-29T05:40:40.000Z",
|
||
|
"description": "encrypted payload from download location",
|
||
|
"pattern": "[file:name = '78wygGHDwf' AND file:hashes.SHA256 = 'b0db65be041153bd7f5a521a134860a1f50cf641dcc575c2ed860b621e671700']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-08-29T05:40:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename|sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--59a4ff43-e894-4b06-b424-fc01950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-08-29T05:44:35.000Z",
|
||
|
"modified": "2017-08-29T05:44:35.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"hex\"",
|
||
|
"misp:category=\"Artifacts dropped\""
|
||
|
],
|
||
|
"x_misp_category": "Artifacts dropped",
|
||
|
"x_misp_comment": "assumed XOR decryption key (FSwpJ71l4t3XzEtO035rgb3q)",
|
||
|
"x_misp_type": "hex",
|
||
|
"x_misp_value": "465377704A37316C347433587A45744F3033357267623371"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|