misp-circl-feed/feeds/circl/stix-2.1/5b716ba0-7ecc-4f64-a07c-d96d0acd0835.json

3899 lines
162 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5b716ba0-7ecc-4f64-a07c-d96d0acd0835",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2021-05-24T14:07:54.000Z",
"modified": "2021-05-24T14:07:54.000Z",
"name": "Synovus Financial",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b716ba0-7ecc-4f64-a07c-d96d0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2021-05-24T14:07:54.000Z",
"modified": "2021-05-24T14:07:54.000Z",
"name": "Talos: Threat Roundup for August 3-10",
"published": "2020-05-11T08:01:30Z",
"object_refs": [
"indicator--5b716c18-d458-458c-8350-db180acd0835",
"indicator--5b716c18-2204-418d-91a8-db180acd0835",
"indicator--5b716c18-b3f4-423d-92f0-db180acd0835",
"indicator--5b716c18-6d3c-43db-990b-db180acd0835",
"indicator--5b716c18-96a0-40d4-8f60-db180acd0835",
"indicator--5b716c18-32a0-4dd9-8a7c-db180acd0835",
"indicator--5b716c18-6e84-49d4-95e2-db180acd0835",
"indicator--5b716c18-3f7c-4894-950c-db180acd0835",
"indicator--5b716c18-98c0-40c4-ad13-db180acd0835",
"indicator--5b716c18-e620-493b-b243-db180acd0835",
"indicator--5b716c18-e7c8-40f2-b32b-db180acd0835",
"indicator--5b716c18-3ed8-4559-9a9d-db180acd0835",
"indicator--5b716c18-4920-4878-b900-db180acd0835",
"indicator--5b716c18-0724-48df-8122-db180acd0835",
"indicator--5b716c18-c21c-4290-920a-db180acd0835",
"indicator--5b716c18-4540-4a16-97cb-db180acd0835",
"indicator--5b716c18-f3f4-4907-bc2e-db180acd0835",
"indicator--5b716c18-5524-46cd-8b6c-db180acd0835",
"observed-data--5b716c18-0250-4206-b5e9-db180acd0835",
"domain-name--5b716c18-0250-4206-b5e9-db180acd0835",
"observed-data--5b716c2e-0ccc-4258-855c-d73c0acd0835",
"mutex--5b716c2e-0ccc-4258-855c-d73c0acd0835",
"observed-data--5b716c41-e8c8-44e6-bcb4-dc600acd0835",
"windows-registry-key--5b716c41-e8c8-44e6-bcb4-dc600acd0835",
"indicator--5b716cbe-6488-495f-8378-c6f10acd0835",
"indicator--5b716cbe-878c-4274-80d6-c6f10acd0835",
"indicator--5b716cbe-974c-462f-8819-c6f10acd0835",
"indicator--5b716cbe-a5bc-425e-b91b-c6f10acd0835",
"indicator--5b716cbe-e6ec-4460-bf02-c6f10acd0835",
"indicator--5b716cbe-0c28-41e6-9548-c6f10acd0835",
"indicator--5b716cbe-a43c-49f9-88c2-c6f10acd0835",
"indicator--5b716cbe-de1c-4321-93bd-c6f10acd0835",
"indicator--5b716cbf-cf80-4d92-94d6-c6f10acd0835",
"indicator--5b716cbf-b20c-4602-b35e-c6f10acd0835",
"indicator--5b716cbf-f97c-4f93-a9d9-c6f10acd0835",
"indicator--5b716cbf-b06c-4941-95cb-c6f10acd0835",
"indicator--5b716cbf-0618-489c-9de6-c6f10acd0835",
"indicator--5b716cbf-fd7c-4fe4-b0ae-c6f10acd0835",
"indicator--5b716cbf-b980-4784-b2be-c6f10acd0835",
"indicator--5b716cbf-2224-40df-974c-c6f10acd0835",
"indicator--5b716cbf-b884-4ac3-96da-c6f10acd0835",
"indicator--5b716cbf-0f14-440a-8d2e-c6f10acd0835",
"indicator--5b716cbf-f0b4-458e-bbd1-c6f10acd0835",
"indicator--5b716cbf-5790-4b9f-9b84-c6f10acd0835",
"indicator--5b716cbf-7028-4ed4-9e75-c6f10acd0835",
"indicator--5b716cbf-e16c-4de3-a9b4-c6f10acd0835",
"indicator--5b716cbf-7aac-48a8-bbed-c6f10acd0835",
"indicator--5b716cbf-2df4-4ac8-a246-c6f10acd0835",
"indicator--5b716cbf-13a0-4cd4-b667-c6f10acd0835",
"indicator--5b716cbf-8c38-4036-ba24-c6f10acd0835",
"indicator--5b716cbf-4a98-4e1a-b80c-c6f10acd0835",
"observed-data--5b716d03-f2dc-4506-b4c0-c79c0acd0835",
"mutex--5b716d03-f2dc-4506-b4c0-c79c0acd0835",
"observed-data--5b716d03-7f58-4e42-b744-c79c0acd0835",
"mutex--5b716d03-7f58-4e42-b744-c79c0acd0835",
"observed-data--5b716d03-ffb8-49a1-b640-c79c0acd0835",
"mutex--5b716d03-ffb8-49a1-b640-c79c0acd0835",
"observed-data--5b716d03-6f4c-4108-b7dd-c79c0acd0835",
"mutex--5b716d03-6f4c-4108-b7dd-c79c0acd0835",
"observed-data--5b716d5d-730c-4a0d-8e09-c6f10acd0835",
"file--5b716d5d-730c-4a0d-8e09-c6f10acd0835",
"observed-data--5b716d5d-e2a0-42d7-98ad-c6f10acd0835",
"file--5b716d5d-e2a0-42d7-98ad-c6f10acd0835",
"indicator--5b716da3-4330-4b8e-8fee-d4890acd0835",
"indicator--5b716da3-85dc-4130-97d3-d4890acd0835",
"indicator--5b716da3-38e4-489f-9db1-d4890acd0835",
"indicator--5b716da3-62ac-4ed1-ba31-d4890acd0835",
"indicator--5b716da3-a784-4d5d-b120-d4890acd0835",
"indicator--5b716da3-b914-4475-beba-d4890acd0835",
"indicator--5b716da3-fc00-4260-952b-d4890acd0835",
"indicator--5b716da3-2cf4-44c9-accd-d4890acd0835",
"indicator--5b716da3-345c-4882-a3a6-d4890acd0835",
"indicator--5b716da3-a04c-4783-9c0c-d4890acd0835",
"indicator--5b716da3-a7d8-40fd-968b-d4890acd0835",
"indicator--5b716da3-0428-4d7b-b150-d4890acd0835",
"indicator--5b716da3-89b4-479a-9337-d4890acd0835",
"indicator--5b716da3-ab48-4f67-9fa7-d4890acd0835",
"indicator--5b716da3-6490-49a5-b812-d4890acd0835",
"indicator--5b716da3-71d4-424c-9543-d4890acd0835",
"indicator--5b716da3-20f4-4cb2-8aed-d4890acd0835",
"indicator--5b716da3-b264-434c-9a4a-d4890acd0835",
"indicator--5b716da3-39ac-492a-8271-d4890acd0835",
"indicator--5b716da3-5cd0-43af-b835-d4890acd0835",
"observed-data--5b716f3b-06a8-4bbf-9db7-df1b0acd0835",
"mutex--5b716f3b-06a8-4bbf-9db7-df1b0acd0835",
"observed-data--5b716f9f-26c8-4850-87cf-ded10acd0835",
"file--5b716f9f-26c8-4850-87cf-ded10acd0835",
"observed-data--5b716f9f-8d60-41b8-9d80-ded10acd0835",
"file--5b716f9f-8d60-41b8-9d80-ded10acd0835",
"observed-data--5b716f9f-a448-4de9-a87d-ded10acd0835",
"file--5b716f9f-a448-4de9-a87d-ded10acd0835",
"observed-data--5b716f9f-d4f8-403b-a8a2-ded10acd0835",
"file--5b716f9f-d4f8-403b-a8a2-ded10acd0835",
"indicator--5b716fda-a4c0-4f60-965e-db180acd0835",
"indicator--5b716fda-dc2c-45bb-a3b0-db180acd0835",
"indicator--5b716fda-4924-4f94-b117-db180acd0835",
"indicator--5b716fda-c194-4db5-bb65-db180acd0835",
"indicator--5b716fda-749c-4e2c-9597-db180acd0835",
"indicator--5b716fda-c084-4a3e-85e2-db180acd0835",
"indicator--5b716fda-dfd8-4c40-bd3d-db180acd0835",
"indicator--5b716fda-fce0-4e16-a091-db180acd0835",
"indicator--5b716fda-5de0-46ae-bfd3-db180acd0835",
"indicator--5b716fda-bcec-444a-8036-db180acd0835",
"indicator--5b716fda-7d7c-46e9-9c53-db180acd0835",
"indicator--5b716fda-1c34-48bf-879e-db180acd0835",
"indicator--5b716fda-4c60-4691-bb7a-db180acd0835",
"indicator--5b716fda-f174-44ee-a55d-db180acd0835",
"indicator--5b716fda-1c8c-458e-a2bd-db180acd0835",
"indicator--5b716fda-5618-446e-8ae4-db180acd0835",
"indicator--5b716fda-6a64-4b4f-941e-db180acd0835",
"indicator--5b716fda-bc28-4891-a539-db180acd0835",
"indicator--5b716fda-6330-4526-9a57-db180acd0835",
"indicator--5b716fda-cb38-410e-8d99-db180acd0835",
"indicator--5b716fda-8034-4c24-b7d3-db180acd0835",
"indicator--5b716fda-1e24-4fe3-b710-db180acd0835",
"indicator--5b716fda-6b78-4aba-b86c-db180acd0835",
"indicator--5b716fda-7b78-45bc-9246-db180acd0835",
"indicator--5b716fda-63bc-49ed-b541-db180acd0835",
"indicator--5b71701e-b7e4-4e92-909a-db180acd0835",
"observed-data--5b717037-367c-4e9b-917e-c79c0acd0835",
"mutex--5b717037-367c-4e9b-917e-c79c0acd0835",
"observed-data--5b7170b0-2edc-4b28-9a36-df2e0acd0835",
"file--5b7170b0-2edc-4b28-9a36-df2e0acd0835",
"observed-data--5b7170b0-ce3c-43ad-b826-df2e0acd0835",
"file--5b7170b0-ce3c-43ad-b826-df2e0acd0835",
"observed-data--5b7170b0-ec28-471d-a45a-df2e0acd0835",
"file--5b7170b0-ec28-471d-a45a-df2e0acd0835",
"observed-data--5b7170b0-7ba4-4018-9902-df2e0acd0835",
"file--5b7170b0-7ba4-4018-9902-df2e0acd0835",
"observed-data--5b7170b0-6e58-442d-ac94-df2e0acd0835",
"file--5b7170b0-6e58-442d-ac94-df2e0acd0835",
"observed-data--5b7170b0-5acc-41a4-b61f-df2e0acd0835",
"file--5b7170b0-5acc-41a4-b61f-df2e0acd0835",
"observed-data--5b7170b0-0730-4856-8ffd-df2e0acd0835",
"file--5b7170b0-0730-4856-8ffd-df2e0acd0835",
"observed-data--5b7170b0-81f8-4925-aaef-df2e0acd0835",
"file--5b7170b0-81f8-4925-aaef-df2e0acd0835",
"observed-data--5b7170b0-1048-4410-8c5b-df2e0acd0835",
"file--5b7170b0-1048-4410-8c5b-df2e0acd0835",
"observed-data--5b7170e4-8c0c-43ec-8f0b-db180acd0835",
"mutex--5b7170e4-8c0c-43ec-8f0b-db180acd0835",
"observed-data--5b7170e4-0ec4-466e-b7f9-db180acd0835",
"mutex--5b7170e4-0ec4-466e-b7f9-db180acd0835",
"observed-data--5b7170e4-61d4-4784-8ee2-db180acd0835",
"mutex--5b7170e4-61d4-4784-8ee2-db180acd0835",
"observed-data--5b7170e4-c100-400c-a8f6-db180acd0835",
"mutex--5b7170e4-c100-400c-a8f6-db180acd0835",
"indicator--5b717100-0d00-4a55-86ec-c79c0acd0835",
"indicator--5b717100-5394-4ac5-880d-c79c0acd0835",
"indicator--5b717100-3964-49e7-944b-c79c0acd0835",
"indicator--5b717100-e8e8-4511-9c58-c79c0acd0835",
"indicator--5b71713e-8a80-4708-a788-db180acd0835",
"indicator--5b71713e-e30c-4215-b8ff-db180acd0835",
"indicator--5b71713e-698c-44e2-884f-db180acd0835",
"indicator--5b71713e-8f2c-4ace-a5a7-db180acd0835",
"indicator--5b71713e-cd68-442b-a0b4-db180acd0835",
"indicator--5b71713e-f3d0-442e-8f91-db180acd0835",
"indicator--5b71713e-ac90-447d-950c-db180acd0835",
"indicator--5b71713e-ccb4-4ab3-8f02-db180acd0835",
"indicator--5b71713e-e8d0-4fca-90b4-db180acd0835",
"indicator--5b71713e-fbb0-4d44-94e6-db180acd0835",
"indicator--5b71713e-3668-42e9-90e5-db180acd0835",
"indicator--5b71713e-6ff4-4758-9fb2-db180acd0835",
"indicator--5b71713e-0504-4fcd-8120-db180acd0835",
"indicator--5b71713e-40c4-4435-8b66-db180acd0835",
"indicator--5b71713e-be24-4fde-9112-db180acd0835",
"indicator--5b71713e-bb9c-4c3d-9a0c-db180acd0835",
"indicator--5b71713e-50f4-4762-b144-db180acd0835",
"indicator--5b71713e-f774-4c9a-b2d7-db180acd0835",
"indicator--5b71713e-5670-4337-96c9-db180acd0835",
"indicator--5b71713e-7e68-4540-8f00-db180acd0835",
"indicator--5b71713e-a7cc-412e-ba1a-db180acd0835",
"indicator--5b71713e-1d5c-4c95-baf6-db180acd0835",
"indicator--5b71713e-2854-430e-ab0d-db180acd0835",
"indicator--5b71713e-a134-4e16-9468-db180acd0835",
"indicator--5b71713e-df70-4d3d-ae7b-db180acd0835",
"indicator--5b716e06-08a4-42a3-b6ab-c6f20acd0835",
"indicator--5b716e42-1a90-4614-9115-d96d0acd0835",
"indicator--5b716e67-5274-4deb-8dca-ded10acd0835",
"indicator--5b716ed6-c20c-477f-9b55-d4e40acd0835",
"indicator--5b717126-8e34-42d0-9467-df2e0acd0835"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-d458-458c-8350-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = '25430a357d53aec77dd1f119b838ceae79a22bb3a60c7a002cb7328b098546a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-2204-418d-91a8-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = '54279416f864d374f33fe9a2fe2998db3976c4ff43e8b0da006548489a50bbdd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-b3f4-423d-92f0-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = '5ce812ebf77f6d63de37a1e3d261b9688d595aaeadaef3388f4214896bb64892']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-6d3c-43db-990b-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = '810fb35557e051a7be3f03b37247c90796595a2d5afa1b2c3034187de2a3f0bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-96a0-40d4-8f60-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = '8f08bcadd3a44055a70dbae3308cf18c8d1824e424100eda03ddc71e9417fb5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-32a0-4dd9-8a7c-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = '9435b87c7c91ac98f9f461aeaa6b1630e2270e2d2ccdf6a05d46fa02de91d1eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-6e84-49d4-95e2-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = '9634a2afb40139e39da8c8ef0da8f5104229d7bb4c3b95faee5a4396713f528e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-3f7c-4894-950c-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = 'a137c89d2c6f0ae74217724e1cb56aea726e285d0e6e98adfda16617ad51d176']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-98c0-40c4-ad13-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = 'a2907c7011b20373fd47e03a0f4679fdd51b982b973bb37d1d45bfa4a618bc5a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-e620-493b-b243-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = 'b3c6a0883d9ed8bcf1bf162c0ade8b16f2cd4ae890e30ba9e9540f4bdf5f5ba1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-e7c8-40f2-b32b-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = 'ba5afe1245d10f72637d34a96bf6e365c2f4326da69dcd440beacf421b634133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-3ed8-4559-9a9d-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = 'cd3a4783c2795a16c82518c56f955c9b56f415d59ef5bc77e143f6124123364b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-4920-4878-b900-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = 'd0dbd75a4d8716ba7ca7d025ee1c772aa4ff554214a993b4b874a0a26dcf5a6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-0724-48df-8122-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = 'e2116a9a176ff765f1c5ec23003266bfe0f1592e46e41236482ad4c3520ea53a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-c21c-4290-920a-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = 'e2846881f6127d99222144e4ece509bd18522fdd7791bf84d7697b37ffa40919']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-4540-4a16-97cb-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = 'efc3e1b1d6c13c3624160edc36f678dd92f172339bfde598ad1a95b02b474981']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-f3f4-4907-bc2e-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = 'f7df8c9e36cf3440709111a33721e7ac7268a2a80057df08843ba95a72c222eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716c18-5524-46cd-8b6c-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:31:36.000Z",
"modified": "2018-08-13T11:31:36.000Z",
"description": "Win.Malware.Dbzx-6628757-0",
"pattern": "[file:hashes.SHA256 = 'fdd4cce37fd524f99e096d0e45f95ac4dac696c8d7e8eb493bb485c63409c7b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b716c18-0250-4206-b5e9-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:32:31.000Z",
"modified": "2018-08-13T11:32:31.000Z",
"first_observed": "2018-08-13T11:32:31Z",
"last_observed": "2018-08-13T11:32:31Z",
"number_observed": 1,
"object_refs": [
"domain-name--5b716c18-0250-4206-b5e9-db180acd0835"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5b716c18-0250-4206-b5e9-db180acd0835",
"value": "ip-api.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b716c2e-0ccc-4258-855c-d73c0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:32:42.000Z",
"modified": "2018-08-13T11:32:42.000Z",
"first_observed": "2018-08-13T11:32:42Z",
"last_observed": "2018-08-13T11:32:42Z",
"number_observed": 1,
"object_refs": [
"mutex--5b716c2e-0ccc-4258-855c-d73c0acd0835"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5b716c2e-0ccc-4258-855c-d73c0acd0835",
"name": "QSR_MUTEX_HnRHWDxWQnveBdUtWT"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b716c41-e8c8-44e6-bcb4-dc600acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:32:48.000Z",
"modified": "2018-08-13T11:32:48.000Z",
"first_observed": "2018-08-13T11:32:48Z",
"last_observed": "2018-08-13T11:32:48Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5b716c41-e8c8-44e6-bcb4-dc600acd0835"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5b716c41-e8c8-44e6-bcb4-dc600acd0835",
"key": "<HKLM>\\Software\\Wow6432Node\\Microsoft\\Tracing"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbe-6488-495f-8378-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '0406ad0fe90d371b02742e6821486abbfbf2bbd72a7593e8ddb650f0b97673b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbe-878c-4274-80d6-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '0604aa87706cb7890075b494f026c88b2f03b621367f1bb62a87f5c5deb87870']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbe-974c-462f-8819-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '086af92d83279f5792c15a762a70e158de54b67c1a96bfc14c4ad52a24468f32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbe-a5bc-425e-b91b-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '10f13af2a3591efa3d58c47bb0635e3a653e14ec7726493bb4595b4dd8cd51cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbe-e6ec-4460-bf02-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '127c316e7a10579e61369d6a8154e3e34726209b3cc075ddd6d9875c439c583e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbe-0c28-41e6-9548-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '1fc9fda1b0c868dc7cb0cf6d8867b7aefc202436fe9e41cba5b2b35bb1ce9e9f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbe-a43c-49f9-88c2-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '23ba67cf24c95f3bfd36b66f822feb3d2fd0f72617921550fee034a1b7b8cc74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbe-de1c-4321-93bd-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '27e37ac7cc8b48573a8345223399ce6b0ab9432ee977acf02c09bcf64cf6622d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-cf80-4d92-94d6-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '2bf1192e5200b6f8d25586908b05912a5fa6e06e87540dbb914200446a3deb10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-b20c-4602-b35e-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '2ee83958eb1e8cb622ca833c38e51b53548d299b6574e5b7203741a2d27963f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-f97c-4f93-a9d9-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '2fca527cf8ebf4576e982118e22dfe3fd8e445749a5403dafed36089666f2357']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-b06c-4941-95cb-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '30bbfb79d26a172975e9482204f06423eff6948b1732384e7b6d23f9932ec08d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-0618-489c-9de6-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '30bf6e1a41dea6e4024853f9b7a6a878e4f5e4141dba4b0fe7686159925fe6cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-fd7c-4fe4-b0ae-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '42fca9d196c668747b74f80ca996aee9ae38bed96956b42436949a8d4d33ecf1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-b980-4784-b2be-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:45.000Z",
"modified": "2018-08-13T11:34:45.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '45e6356ca3b373da3a80a72a1b64f1254f4426949598b8877abd6de99e379166']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-2224-40df-974c-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '4ac5db87bc83dcbf1399f4fc0fede3c5ecee5b8ef2a2500fd79b1588ef033429']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-b884-4ac3-96da-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '4b2f6d80bf78ad165c2f07d914cb4137ba31918f3f8f03f812b20715c3451f56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-0f14-440a-8d2e-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '4d7d9d73dad989590860178530dd8848d9b79a23f1cb379bc1ca5545cb196eca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-f0b4-458e-bbd1-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '4e81241256ab4adb5bb96b21633d95773cc34ee72e499659064db0d32046dabf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-5790-4b9f-9b84-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:46.000Z",
"modified": "2018-08-13T11:34:46.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '4ea92195bc159e268c7a348f2649010cb01a3e67c315d2f0b8115eaf2c879692']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-7028-4ed4-9e75-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:45.000Z",
"modified": "2018-08-13T11:34:45.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '5639d3af9cf530a057aebf3cbf92061b58539b2c311491a26d8f404a211d66bb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-e16c-4de3-a9b4-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:45.000Z",
"modified": "2018-08-13T11:34:45.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '59644dcd34cce275ff5d72c022fa76ac42a422b038d816909281e01e392d3b40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-7aac-48a8-bbed-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:45.000Z",
"modified": "2018-08-13T11:34:45.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '599e4e8130e4a1f3f3777c6f9f088cc03c2781f4e802e0e16e417a43ec58c518']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-2df4-4ac8-a246-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:45.000Z",
"modified": "2018-08-13T11:34:45.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '5eef8b5433ebc22e4c9ea3c1462d525192a4bda8d20be4e7b09fe7d03fb9d119']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-13a0-4cd4-b667-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:45.000Z",
"modified": "2018-08-13T11:34:45.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[file:hashes.SHA256 = '6238c7a704baa8771812e4f3452acb042c6475913db4cd57cfaf17a7454d4d22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-8c38-4036-ba24-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:45.000Z",
"modified": "2018-08-13T11:34:45.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.68.235.25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716cbf-4a98-4e1a-b80c-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:34:45.000Z",
"modified": "2018-08-13T11:34:45.000Z",
"description": "Win.Malware.Emotet-6628754-0",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '187.192.180.144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:34:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b716d03-f2dc-4506-b4c0-c79c0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:35:55.000Z",
"modified": "2018-08-13T11:35:55.000Z",
"first_observed": "2018-08-13T11:35:55Z",
"last_observed": "2018-08-13T11:35:55Z",
"number_observed": 1,
"object_refs": [
"mutex--5b716d03-f2dc-4506-b4c0-c79c0acd0835"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5b716d03-f2dc-4506-b4c0-c79c0acd0835",
"name": "PEMB2C"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b716d03-7f58-4e42-b744-c79c0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:35:52.000Z",
"modified": "2018-08-13T11:35:52.000Z",
"first_observed": "2018-08-13T11:35:52Z",
"last_observed": "2018-08-13T11:35:52Z",
"number_observed": 1,
"object_refs": [
"mutex--5b716d03-7f58-4e42-b744-c79c0acd0835"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5b716d03-7f58-4e42-b744-c79c0acd0835",
"name": "PEM944"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b716d03-ffb8-49a1-b640-c79c0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:35:49.000Z",
"modified": "2018-08-13T11:35:49.000Z",
"first_observed": "2018-08-13T11:35:49Z",
"last_observed": "2018-08-13T11:35:49Z",
"number_observed": 1,
"object_refs": [
"mutex--5b716d03-ffb8-49a1-b640-c79c0acd0835"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5b716d03-ffb8-49a1-b640-c79c0acd0835",
"name": "PEM80C"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b716d03-6f4c-4108-b7dd-c79c0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:35:45.000Z",
"modified": "2018-08-13T11:35:45.000Z",
"first_observed": "2018-08-13T11:35:45Z",
"last_observed": "2018-08-13T11:35:45Z",
"number_observed": 1,
"object_refs": [
"mutex--5b716d03-6f4c-4108-b7dd-c79c0acd0835"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5b716d03-6f4c-4108-b7dd-c79c0acd0835",
"name": "PEMA10"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b716d5d-730c-4a0d-8e09-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:37:01.000Z",
"modified": "2018-08-13T11:37:01.000Z",
"first_observed": "2018-08-13T11:37:01Z",
"last_observed": "2018-08-13T11:37:01Z",
"number_observed": 1,
"object_refs": [
"file--5b716d5d-730c-4a0d-8e09-c6f10acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b716d5d-730c-4a0d-8e09-c6f10acd0835",
"name": "%WinDir%\\SysWOW64\\TO5sH5uBMit.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b716d5d-e2a0-42d7-98ad-c6f10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:37:01.000Z",
"modified": "2018-08-13T11:37:01.000Z",
"first_observed": "2018-08-13T11:37:01Z",
"last_observed": "2018-08-13T11:37:01Z",
"number_observed": 1,
"object_refs": [
"file--5b716d5d-e2a0-42d7-98ad-c6f10acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b716d5d-e2a0-42d7-98ad-c6f10acd0835",
"name": "TO5sH5uBMit.exe"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-4330-4b8e-8fee-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '25f8455b83b98f38809af120e35c3eda189a05538f7aa2d527a265520bc3c75e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-85dc-4130-97d3-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '342a9470e5d3dd522c17cf0a5bc588d87a84689d90362c0b18c320385b2e908d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-38e4-489f-9db1-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '41ebdf1d4a210f395d5ee32bf55c6b07ee1e0a0bdf939bd081f6d751323c643c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-62ac-4ed1-ba31-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '54be105a129d959359107d7dff6b379cd366e32bf7be9ac9a06bc2141d3ca7fa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-a784-4d5d-b120-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '5dce0e7e0a1807d2804f28c5d5afd4ac282a022acd1945786bd118e1caf4050c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-b914-4475-beba-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '5fe244200c9367e1b132ccc13df6daaba5479d2491db8fe95658f43981567c5a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-fc00-4260-952b-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '6292ddf51023ccca84211ed4f33944b4c3df1b694d102d90d3dd2a5a080ed2b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-2cf4-44c9-accd-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '649c52d7b9a58837e6ccd308665d63971e424d29480c44448ddbef15e91649a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-345c-4882-a3a6-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '6dd74f0816f8b24a6f93c2dae0c69d33689e4baba632605d138216d9c7aab2ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-a04c-4783-9c0c-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '7322fb7767b733ef5a279720f581d54edae9ea4af69d39aaa3e79fc443e2bb33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-a7d8-40fd-968b-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '76be26ac77aa81a5fb7d78135adb05b579cecc2173ffef5f5ab6b484e37f9e6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-0428-4d7b-b150-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '793b978af24469a77490ea609de0142ff817e557ad78a688dd5d65c2fe49a8db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-89b4-479a-9337-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '7c0e65092e8786d9052bbd74f4dc7b26567e150efb25d1503c4bfd9b3895b8ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-ab48-4f67-9fa7-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '8815e1daad1f9cb4ff4243ff485218e3a0be93e2afef07048852ba79fdd9294e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-6490-49a5-b812-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = '8e84fbc38403f1516447b73b73b5051777314089f0d1fefcfae004b1ef615641']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-71d4-424c-9543-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = 'a0e3bd64d556ce80b85b7d328bb61beeaf2da297dc09058211150617d6a83b8b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-20f4-4cb2-8aed-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = 'b6b3b53b1001b6de24797a89d61bd825760574ab4cb60f7a5971115acb53c8e4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-b264-434c-9a4a-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = 'ef66d0161200d413bb8a577a517fe03f325f2fd2f0df778f6297a8658ca0abc8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-39ac-492a-8271-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = 'f25d03efc63cba1a262034382f809aaa5918f218b965164897df0c989a08dd04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716da3-5cd0-43af-b835-d4890acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:38:11.000Z",
"modified": "2018-08-13T11:38:11.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[file:hashes.SHA256 = 'f8ee14337fe367aded0aee32c6c84ce404eaef53a6f75d86c6c08235f55ec303']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:38:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b716f3b-06a8-4bbf-9db7-df1b0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:44:59.000Z",
"modified": "2018-08-13T11:44:59.000Z",
"first_observed": "2018-08-13T11:44:59Z",
"last_observed": "2018-08-13T11:44:59Z",
"number_observed": 1,
"object_refs": [
"mutex--5b716f3b-06a8-4bbf-9db7-df1b0acd0835"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5b716f3b-06a8-4bbf-9db7-df1b0acd0835",
"name": "shell.{381828AA-8B28-3374-1B67-35680555C5EF}"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b716f9f-26c8-4850-87cf-ded10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:46:39.000Z",
"modified": "2018-08-13T11:46:39.000Z",
"first_observed": "2018-08-13T11:46:39Z",
"last_observed": "2018-08-13T11:46:39Z",
"number_observed": 1,
"object_refs": [
"file--5b716f9f-26c8-4850-87cf-ded10acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b716f9f-26c8-4850-87cf-ded10acd0835",
"name": "%AppData%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\FlashPlayerApp.lnk"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b716f9f-8d60-41b8-9d80-ded10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:46:39.000Z",
"modified": "2018-08-13T11:46:39.000Z",
"first_observed": "2018-08-13T11:46:39Z",
"last_observed": "2018-08-13T11:46:39Z",
"number_observed": 1,
"object_refs": [
"file--5b716f9f-8d60-41b8-9d80-ded10acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b716f9f-8d60-41b8-9d80-ded10acd0835",
"name": "%AppData%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\FlashPlayerApp.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b716f9f-a448-4de9-a87d-ded10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:46:39.000Z",
"modified": "2018-08-13T11:46:39.000Z",
"first_observed": "2018-08-13T11:46:39Z",
"last_observed": "2018-08-13T11:46:39Z",
"number_observed": 1,
"object_refs": [
"file--5b716f9f-a448-4de9-a87d-ded10acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b716f9f-a448-4de9-a87d-ded10acd0835",
"name": "FlashPlayerApp.lnk"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b716f9f-d4f8-403b-a8a2-ded10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:46:39.000Z",
"modified": "2018-08-13T11:46:39.000Z",
"first_observed": "2018-08-13T11:46:39Z",
"last_observed": "2018-08-13T11:46:39Z",
"number_observed": 1,
"object_refs": [
"file--5b716f9f-d4f8-403b-a8a2-ded10acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload installation\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b716f9f-d4f8-403b-a8a2-ded10acd0835",
"name": "FlashPlayerApp.exe"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-a4c0-4f60-965e-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '00cc9438408d1b22b0afc57e3b233ff62774cbcb92e58b392403d8c794d988ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-dc2c-45bb-a3b0-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '118e08c379b0035cef2a155d59d97c6e8cae94b6f46c5e77f58d84c88c689d2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-4924-4f94-b117-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '1f270dc860158d63bb400e08f12bce40a9a50494368ea6e44cfd89f7e0dc23f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-c194-4db5-bb65-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '3e49b3e58eec40b735124509bafcf434904f5945c9d65a5a860b0950850a979d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-749c-4e2c-9597-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '4348a4b50eba73d6eb5d0d254241d0e44fc63c975b589ac5276d6dc5cf8bab13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-c084-4a3e-85e2-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '4a1c1cf9c70b127cc514fa6cdbb0e286ee33bf19f6ff41ca02951c9947dac55e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-dfd8-4c40-bd3d-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '4ae8cf675d6517b7989391fc653e8ddc96aa81cec4802e7e66de30adf0e96d2e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-fce0-4e16-a091-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '527eac30113eb365330ec5c35591fe9ae69d4e1beca8b0ae24666e97d8773e36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-5de0-46ae-bfd3-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '53366f90f59348b8de81bdc04652200d2dcf8bad5cfc46a533c3b20cd0e200b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-bcec-444a-8036-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '5f98685ee9098a31ced944840670772bb972db31ac5d1690974e59f566d1adae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-7d7c-46e9-9c53-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '61e7c5b6a7f1608cf0bf728d15f8cdfc0f9f5c7c3748ee28452cfa2a496e54cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-1c34-48bf-879e-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '70ebc88b9a71c661b68325dd92d0945ea1927e4d115da217640a4efefcf0c730']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-4c60-4691-bb7a-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '722e86b32635a1cace77ceee414761f28e386743fd2c513650e55814179bdac5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-f174-44ee-a55d-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '91bb8eb10e0aa88ea1e33d1ec23893d5a45e01e8ab69081b96835b4aff3b906a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-1c8c-458e-a2bd-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '97645bb27e056b282a0aa46dbbc79ed03bdc29c6f96e369d7537ee2bb1c8dd6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-5618-446e-8ae4-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = '9b36f0e70d5f7b4795b1278e052356484d4f2374f49563195f224ade6ce08c71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-6a64-4b4f-941e-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = 'ac86cafcc7062a389e25a4e26dd15df7ce2e64b7a6890bf5712189ab9ec81c8c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-bc28-4891-a539-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = 'c3883ba74230604d38a638a1b8d0673cc3c91e01b482e6b83a6e6bbd4edd3b10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-6330-4526-9a57-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = 'c56e3ca164803c5668cf0b8228c97626c486f5a7063d4b3109840137b67c8f98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-cb38-410e-8d99-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = 'c82eaf2f1f156b95b43b2a984867e486911f6ceb329daea6ac9a6c53fae42685']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-8034-4c24-b7d3-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = 'ca544eaedd654782fa6b7a130bdc58869c2124a59754ed1baf9a5c00fafae12a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-1e24-4fe3-b710-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = 'd4ab2cc67c707cab8f7aab0fde94b50670f1b787b049f45564fe5368205ed642']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-6b78-4aba-b86c-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = 'eac8c3c76e954d8e2be7a5d1570643b4ce6a856e8143faf6263ad50cf53aceb2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-7b78-45bc-9246-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = 'f0a9c1c2fc19b4abd905e8a2f187f94e74dfe1e7de2d9a5328b13893b301488d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716fda-63bc-49ed-b541-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:47:38.000Z",
"modified": "2018-08-13T11:47:38.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[file:hashes.SHA256 = 'fb2aa3891cc9383631ddcca4076ae800d67d701a7ffb83d48240cc1d72372175']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:47:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71701e-b7e4-4e92-909a-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:48:46.000Z",
"modified": "2018-08-13T11:48:46.000Z",
"description": "Win.Malware.Startsurf-6628791-0",
"pattern": "[domain-name:value = 'lip.healthcakes.men']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:48:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b717037-367c-4e9b-917e-c79c0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:49:30.000Z",
"modified": "2018-08-13T11:49:30.000Z",
"first_observed": "2018-08-13T11:49:30Z",
"last_observed": "2018-08-13T11:49:30Z",
"number_observed": 1,
"object_refs": [
"mutex--5b717037-367c-4e9b-917e-c79c0acd0835"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5b717037-367c-4e9b-917e-c79c0acd0835",
"name": "Local\\MSCTF.Asm.MutexDefault1"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b7170b0-2edc-4b28-9a36-df2e0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:51:12.000Z",
"modified": "2018-08-13T11:51:12.000Z",
"first_observed": "2018-08-13T11:51:12Z",
"last_observed": "2018-08-13T11:51:12Z",
"number_observed": 1,
"object_refs": [
"file--5b7170b0-2edc-4b28-9a36-df2e0acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b7170b0-2edc-4b28-9a36-df2e0acd0835",
"name": "%ProgramFiles%\\WJTLINYZUI\\cast.config"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b7170b0-ce3c-43ad-b826-df2e0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:51:12.000Z",
"modified": "2018-08-13T11:51:12.000Z",
"first_observed": "2018-08-13T11:51:12Z",
"last_observed": "2018-08-13T11:51:12Z",
"number_observed": 1,
"object_refs": [
"file--5b7170b0-ce3c-43ad-b826-df2e0acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b7170b0-ce3c-43ad-b826-df2e0acd0835",
"name": "%LocalAppData%\\Temp\\DaGXhZc6w\\Nursehealth.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b7170b0-ec28-471d-a45a-df2e0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:51:36.000Z",
"modified": "2018-08-13T11:51:36.000Z",
"first_observed": "2018-08-13T11:51:36Z",
"last_observed": "2018-08-13T11:51:36Z",
"number_observed": 1,
"object_refs": [
"file--5b7170b0-ec28-471d-a45a-df2e0acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b7170b0-ec28-471d-a45a-df2e0acd0835",
"name": "%System32%\\Tasks\\One"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b7170b0-7ba4-4018-9902-df2e0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:51:32.000Z",
"modified": "2018-08-13T11:51:32.000Z",
"first_observed": "2018-08-13T11:51:32Z",
"last_observed": "2018-08-13T11:51:32Z",
"number_observed": 1,
"object_refs": [
"file--5b7170b0-7ba4-4018-9902-df2e0acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b7170b0-7ba4-4018-9902-df2e0acd0835",
"name": "%ProgramFiles% (x86)\\OneSystemCare"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b7170b0-6e58-442d-ac94-df2e0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:51:12.000Z",
"modified": "2018-08-13T11:51:12.000Z",
"first_observed": "2018-08-13T11:51:12Z",
"last_observed": "2018-08-13T11:51:12Z",
"number_observed": 1,
"object_refs": [
"file--5b7170b0-6e58-442d-ac94-df2e0acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b7170b0-6e58-442d-ac94-df2e0acd0835",
"name": "%SystemDrive%\\TEMP\\config.conf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b7170b0-5acc-41a4-b61f-df2e0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:51:12.000Z",
"modified": "2018-08-13T11:51:12.000Z",
"first_observed": "2018-08-13T11:51:12Z",
"last_observed": "2018-08-13T11:51:12Z",
"number_observed": 1,
"object_refs": [
"file--5b7170b0-5acc-41a4-b61f-df2e0acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b7170b0-5acc-41a4-b61f-df2e0acd0835",
"name": "%LocalAppData%\\Temp\\U8R09Z5FM2\\OneTwo.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b7170b0-0730-4856-8ffd-df2e0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:51:12.000Z",
"modified": "2018-08-13T11:51:12.000Z",
"first_observed": "2018-08-13T11:51:12Z",
"last_observed": "2018-08-13T11:51:12Z",
"number_observed": 1,
"object_refs": [
"file--5b7170b0-0730-4856-8ffd-df2e0acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b7170b0-0730-4856-8ffd-df2e0acd0835",
"name": "%LocalAppData%\\Temp\\U8R09Z5FM2\\up.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b7170b0-81f8-4925-aaef-df2e0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:51:12.000Z",
"modified": "2018-08-13T11:51:12.000Z",
"first_observed": "2018-08-13T11:51:12Z",
"last_observed": "2018-08-13T11:51:12Z",
"number_observed": 1,
"object_refs": [
"file--5b7170b0-81f8-4925-aaef-df2e0acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b7170b0-81f8-4925-aaef-df2e0acd0835",
"name": "%WinDir%\\Microsoft.NET\\Framework64\\v2.0.50727\\config\\enterprisesec.config.cch.new"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b7170b0-1048-4410-8c5b-df2e0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:51:12.000Z",
"modified": "2018-08-13T11:51:12.000Z",
"first_observed": "2018-08-13T11:51:12Z",
"last_observed": "2018-08-13T11:51:12Z",
"number_observed": 1,
"object_refs": [
"file--5b7170b0-1048-4410-8c5b-df2e0acd0835"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b7170b0-1048-4410-8c5b-df2e0acd0835",
"name": "%ProgramFiles%\\WJTLINYZUI\\GCOMQP0KN.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b7170e4-8c0c-43ec-8f0b-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:52:04.000Z",
"modified": "2018-08-13T11:52:04.000Z",
"first_observed": "2018-08-13T11:52:04Z",
"last_observed": "2018-08-13T11:52:04Z",
"number_observed": 1,
"object_refs": [
"mutex--5b7170e4-8c0c-43ec-8f0b-db180acd0835"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5b7170e4-8c0c-43ec-8f0b-db180acd0835",
"name": "Amazonassistant2018"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b7170e4-0ec4-466e-b7f9-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:52:04.000Z",
"modified": "2018-08-13T11:52:04.000Z",
"first_observed": "2018-08-13T11:52:04Z",
"last_observed": "2018-08-13T11:52:04Z",
"number_observed": 1,
"object_refs": [
"mutex--5b7170e4-0ec4-466e-b7f9-db180acd0835"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5b7170e4-0ec4-466e-b7f9-db180acd0835",
"name": "Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_2c8"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b7170e4-61d4-4784-8ee2-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:52:04.000Z",
"modified": "2018-08-13T11:52:04.000Z",
"first_observed": "2018-08-13T11:52:04Z",
"last_observed": "2018-08-13T11:52:04Z",
"number_observed": 1,
"object_refs": [
"mutex--5b7170e4-61d4-4784-8ee2-db180acd0835"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5b7170e4-61d4-4784-8ee2-db180acd0835",
"name": "Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_2c8"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b7170e4-c100-400c-a8f6-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:52:04.000Z",
"modified": "2018-08-13T11:52:04.000Z",
"first_observed": "2018-08-13T11:52:04Z",
"last_observed": "2018-08-13T11:52:04Z",
"number_observed": 1,
"object_refs": [
"mutex--5b7170e4-c100-400c-a8f6-db180acd0835"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5b7170e4-c100-400c-a8f6-db180acd0835",
"name": "WmiApRpl_Perf_Library_Lock_PID_2c8"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b717100-0d00-4a55-86ec-c79c0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:52:32.000Z",
"modified": "2018-08-13T11:52:32.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[domain-name:value = 'www.wizzmonetize.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:52:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b717100-5394-4ac5-880d-c79c0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:52:32.000Z",
"modified": "2018-08-13T11:52:32.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[domain-name:value = 'ionesystemcare.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:52:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b717100-3964-49e7-944b-c79c0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:52:32.000Z",
"modified": "2018-08-13T11:52:32.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[domain-name:value = 'www.rothsideadome.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:52:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b717100-e8e8-4511-9c58-c79c0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:52:32.000Z",
"modified": "2018-08-13T11:52:32.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[domain-name:value = 'www.usatdkeyboardhelper.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:52:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-8a80-4708-a788-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '002d9959f5e7417cc2cbc657243f2dab82fac3d2e94fa2d0c8e45eda10889b08']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-e30c-4215-b8ff-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '03c948623cf78efe90258d894ab0e793bca7009bd73d0be0f652575f81bda621']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-698c-44e2-884f-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '0f8d729821902252b7f7a1c0d51004d3770356969e7181548126f13f1e2ebf2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-8f2c-4ace-a5a7-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '1e64134ff7358ea6e632fd2377532491235cf089f33095a72552e150088b42f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-cd68-442b-a0b4-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '1eed9456e69a80cb4e8444ad0356d71e09a073715f92e51afa008e80d2a0352a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-f3d0-442e-8f91-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '26f928ef89fde0e3e3fa996073c7c0bba00c2cbfe280de338de15367f4c8f76b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-ac90-447d-950c-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '2b0c6557b39ad8cca97ea6975aa3f4a8341774461b1bacab05d04ab20a9463eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-ccb4-4ab3-8f02-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '3a5ac5c5ee7985367349d84d60be2c5f94f876c56cf73acbae6fc680ebbdb3c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-e8d0-4fca-90b4-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '47bcf1f1bca23a36e291a0ac4cb8d1cd59c0c80d6a8e3b2cc3d646284cc531d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-fbb0-4d44-94e6-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '4ae3efb9a9cca68c098dcdba33d2aef39888cf229cd02be64cbf59a0b68dae30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-3668-42e9-90e5-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '5112edf0351d70ad31152f67e8996c9c4ad062f0023cfd43b4baecb8aa7b16b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-6ff4-4758-9fb2-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '52544303a89f2c4e3eedd64c000504a2ef4c920c20361961fc81cae3f520244f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-0504-4fcd-8120-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '55e181f0e0e88efccf6534949ad8dd93a179e2b94b71e76a9e7db4d938ea2bd2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-40c4-4435-8b66-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '56982cc1f4b4e92aea28a30684bdfc752122eb78fc545ccc3f4169a1597233cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-be24-4fde-9112-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '5c3982a206d40ec00b2029d4bdde1bb37192341583e803556872b97a609411ae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-bb9c-4c3d-9a0c-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '61ee5c724a4c9408e9c8120eabac1babea8e91bf5719b02c78ce129f68239ff6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-50f4-4762-b144-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '63cc723ad7e85798e9126f5cc933c48d0e3cdfa7504579ef0b0b3cced9cb19c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-f774-4c9a-b2d7-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '65a0bb3fd94ec888696598703ed111471bd47962278a5f1006e7e0716bd5b58e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-5670-4337-96c9-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '71d6d1ed9a5bd71e8dbd03a91151a2965ac12198fa1825366bf19c4b14106cb7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-7e68-4540-8f00-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '71e3009284ae35a3087ef041162a2ada636b388738033ea62faefc2bbfca9dfc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-a7cc-412e-ba1a-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '7e17ee126754a9306b4ffcf536f384abe5c718672807de1e27e7c7f3846d9e74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-1d5c-4c95-baf6-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '85b36ab50aeb452822886815076c7c90c30273854496dde7fd3473e62119f672']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-2854-430e-ab0d-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '877b9a03f0b8763c265ecbc4be76ffafc9eb26c4b618c2827ce1e200797ca876']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-a134-4e16-9468-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '885718a7bd95c44d14dec7f0efa101147b671e60a7ecac2622ac86061dab17f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b71713e-df70-4d3d-ae7b-db180acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:34.000Z",
"modified": "2018-08-13T11:53:34.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[file:hashes.SHA256 = '9583c8f1f3c9982a45ed56fbc30f8be06708cfaa8557aa7f5b6117847018cd4f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716e06-08a4-42a3-b6ab-c6f20acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:44:26.000Z",
"modified": "2018-08-13T11:44:26.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\RUN' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:values[0].name = 'FlashPlayerApp' AND windows-registry-key:x_misp_root_keys = 'HKCU']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:44:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716e42-1a90-4614-9115-d96d0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:44:09.000Z",
"modified": "2018-08-13T11:44:09.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\POLICIES\\\\EXPLORER' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:values[0].name = 'Run' AND windows-registry-key:x_misp_root_keys = 'HKCU']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:44:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716e67-5274-4deb-8dca-ded10acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:43:54.000Z",
"modified": "2018-08-13T11:43:54.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\COMMAND PROCESSOR' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:values[0].name = 'AutoRun' AND windows-registry-key:x_misp_root_keys = 'HKCU']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:43:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b716ed6-c20c-477f-9b55-d4e40acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:43:34.000Z",
"modified": "2018-08-13T11:43:34.000Z",
"description": "Win.Malware.Zerber-6629234-0",
"pattern": "[windows-registry-key:key = '\\\\SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\INTERNET SETTINGS\\\\CONNECTIONS' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:values[0].name = 'DefaultConnectionSettings' AND windows-registry-key:x_misp_root_keys = 'HKCU']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:43:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b717126-8e34-42d0-9467-df2e0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-08-13T11:53:10.000Z",
"modified": "2018-08-13T11:53:10.000Z",
"description": "Win.Packed.Eorezo-6629326-0",
"pattern": "[windows-registry-key:key = 'SOFTWARE\\\\MICROSOFT\\\\WINDOWS\\\\CURRENTVERSION\\\\RUN' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:values[0].name = '6518673' AND windows-registry-key:x_misp_root_keys = 'HKCU']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-13T11:53:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}