446 lines
352 KiB
JSON
446 lines
352 KiB
JSON
|
{
|
||
|
|
"type": "bundle",
|
||
|
|
"id": "bundle--5c36ff44-f368-46b9-928e-4b8d950d210f",
|
||
|
|
"objects": [
|
||
|
|
{
|
||
|
|
"type": "identity",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T09:36:48.000Z",
|
||
|
|
"modified": "2019-01-10T09:36:48.000Z",
|
||
|
|
"name": "CIRCL",
|
||
|
|
"identity_class": "organization"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "grouping",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "grouping--5c36ff44-f368-46b9-928e-4b8d950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T09:36:48.000Z",
|
||
|
|
"modified": "2019-01-10T09:36:48.000Z",
|
||
|
|
"name": "OSINT - CryptoMix Ransomware Exploits Crowdfunding Sites for Child Cancer Treatment",
|
||
|
|
"context": "suspicious-activity",
|
||
|
|
"object_refs": [
|
||
|
|
"observed-data--5c36ffc4-308c-417e-8bfe-467f950d210f",
|
||
|
|
"url--5c36ffc4-308c-417e-8bfe-467f950d210f",
|
||
|
|
"observed-data--5c36ffc4-201c-49aa-8e56-4258950d210f",
|
||
|
|
"url--5c36ffc4-201c-49aa-8e56-4258950d210f",
|
||
|
|
"observed-data--5c370102-93a8-46ab-8677-43a6950d210f",
|
||
|
|
"file--5c370102-93a8-46ab-8677-43a6950d210f",
|
||
|
|
"artifact--5c370102-93a8-46ab-8677-43a6950d210f",
|
||
|
|
"x-misp-attribute--5c370126-546c-4bcd-93bd-4f69950d210f",
|
||
|
|
"indicator--5c3701c2-4d58-4945-8471-4c68950d210f",
|
||
|
|
"indicator--5c3701c3-40c8-4859-b3b7-4a70950d210f",
|
||
|
|
"indicator--5c3701c3-4950-4565-857f-4a71950d210f",
|
||
|
|
"indicator--5c3701c4-89b8-40da-949d-4f80950d210f",
|
||
|
|
"indicator--5c3701c4-2460-465a-b459-495e950d210f",
|
||
|
|
"indicator--5c3701c4-6a0c-4826-8d25-4e38950d210f",
|
||
|
|
"observed-data--5c37049d-12a8-4fc0-a0d0-4b45950d210f",
|
||
|
|
"file--5c37049d-12a8-4fc0-a0d0-4b45950d210f",
|
||
|
|
"artifact--5c37049d-12a8-4fc0-a0d0-4b45950d210f",
|
||
|
|
"observed-data--5c37057a-2bb8-4641-9304-1c12950d210f",
|
||
|
|
"file--5c37057a-2bb8-4641-9304-1c12950d210f",
|
||
|
|
"artifact--5c37057a-2bb8-4641-9304-1c12950d210f",
|
||
|
|
"observed-data--5c370585-a444-4c22-8c9b-497f950d210f",
|
||
|
|
"file--5c370585-a444-4c22-8c9b-497f950d210f",
|
||
|
|
"artifact--5c370585-a444-4c22-8c9b-497f950d210f",
|
||
|
|
"observed-data--5c37058f-1bfc-44b4-a954-47f3950d210f",
|
||
|
|
"file--5c37058f-1bfc-44b4-a954-47f3950d210f",
|
||
|
|
"artifact--5c37058f-1bfc-44b4-a954-47f3950d210f"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"Threat-Report",
|
||
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
|
"malware_classification:malware-category=\"Ransomware\"",
|
||
|
|
"circl:incident-classification=\"malware\"",
|
||
|
|
"osint:source-type=\"blog-post\"",
|
||
|
|
"misp-galaxy:malpedia=\"CryptoMix\"",
|
||
|
|
"misp-galaxy:ransomware=\"CryptoMix\""
|
||
|
|
],
|
||
|
|
"object_marking_refs": [
|
||
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--5c36ffc4-308c-417e-8bfe-467f950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T08:24:21.000Z",
|
||
|
|
"modified": "2019-01-10T08:24:21.000Z",
|
||
|
|
"first_observed": "2019-01-10T08:24:21Z",
|
||
|
|
"last_observed": "2019-01-10T08:24:21Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--5c36ffc4-308c-417e-8bfe-467f950d210f"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\"",
|
||
|
|
"osint:source-type=\"blog-post\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--5c36ffc4-308c-417e-8bfe-467f950d210f",
|
||
|
|
"value": "https://www.bleepingcomputer.com/news/security/cryptomix-ransomware-exploits-sick-children-to-coerce-payments/"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--5c36ffc4-201c-49aa-8e56-4258950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T08:24:21.000Z",
|
||
|
|
"modified": "2019-01-10T08:24:21.000Z",
|
||
|
|
"first_observed": "2019-01-10T08:24:21Z",
|
||
|
|
"last_observed": "2019-01-10T08:24:21Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"url--5c36ffc4-201c-49aa-8e56-4258950d210f"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"link\"",
|
||
|
|
"misp:category=\"External analysis\"",
|
||
|
|
"osint:source-type=\"blog-post\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "url",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "url--5c36ffc4-201c-49aa-8e56-4258950d210f",
|
||
|
|
"value": "https://www.coveware.com/blog/cryptomix-ransomware-exploits-cancer-crowdfunding"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--5c370102-93a8-46ab-8677-43a6950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T08:23:30.000Z",
|
||
|
|
"modified": "2019-01-10T08:23:30.000Z",
|
||
|
|
"first_observed": "2019-01-10T08:23:30Z",
|
||
|
|
"last_observed": "2019-01-10T08:23:30Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--5c370102-93a8-46ab-8677-43a6950d210f",
|
||
|
|
"artifact--5c370102-93a8-46ab-8677-43a6950d210f"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"attachment\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--5c370102-93a8-46ab-8677-43a6950d210f",
|
||
|
|
"name": "scam-header.jpg",
|
||
|
|
"content_ref": "artifact--5c370102-93a8-46ab-8677-43a6950d210f"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "artifact",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "artifact--5c370102-93a8-46ab-8677-43a6950d210f",
|
||
|
|
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoXHh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQED/2wBDAREPDxETERUSEhUUERQRFBoUFhYUGiYaGhwaGiYwIx4eHh4jMCsuJycnLis1NTAwNTVAQD9AQEBAQEBAQEBAQED/wgARCAHCBQADASIAAhEBAxEB/8QAGQABAAMBAQAAAAAAAAAAAAAAAAECBQQD/8QAFgEBAQEAAAAAAAAAAAAAAAAAAAEC/9oADAMBAAIQAxAAAAGoAAAIkAAACJBBIAAAACJBBIAESBBMSQiVIEgIkQkAECQARIAAAARIAARIAAAECQiQARMExIRIIkIEgAiYkAQkRIABCJWJBEgBEhEgAAAAAAQJACJAAAQJAAAAAEIlUSCJIkCJAAAAESAAAAAACJBBIAQFAQkAAAAIkAAAAAAAAAAAAAAiQAAECQAAIkAAAARKAsIlQAAESAABBIACJAABBIAAESAIkESESAIkAAACJABBIASJFAEEgRIAPbrM5ojOaAzp0RnRpDOaJM5oSuc0JM5ojOjRkzmhJnNGDPaIzmiM5ojOaMJntEuc0RnNEZ0aUGfGkM5ojOaEmc0YM9ojOaIzmjBntGDPaMGfGjJnNEZzRGc0RnRoyZzRGbOiM5owZ7RGc0YM9oozmirOjS4jzIJIJCAoAAESAAgSAAAAAAAQFRIAghZABEgAAAAhIiQRIAiREgRIhJEh26uTrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADF2sY5gAAAAAAIkCISUiQAhIAAAAAAAIJAAARIAAAARIiQRIEBQgkAAHbpZumcVvHQPD0yuk0LZnQdbg8jUZ1DUY3QaLI9zQZQ1WZ6nt0cHmafO4ju986TQY+merKuaTPqaTP6z1AAAAAAAAAAAAAAAAAAAAAAAAxdrFOcAAITCokAAAAAAAgKAAAAABEoJAAhYgCJAAACJACJEJAAiElAAAdmtk6xndfsMqdQZ1u8cPnpDOaI4PLUGVbTGK1PI8er2k4I0ByeWgM+e8Z/fPicXp1epw+OoM3t9QAAAAAAAAAAAAAAAAAAAAAAAAxdrFOcBEgAAAAAAQFARIImCQAAAAARMSAAAAAAAhEqAAAAAAAAAB2a2VqBQl1BdQXUF1BdQXUF1BdQXUF1BdQXUF1BdQXUF1BdQXUF1BdQXUF1BdQXUF1BdQXUF1BdQXUF1BdQXUF1BdQXUF1BdQXUkvi7OMvOBEgAAAEiRQAAAQQqQAACAoCJiQAAQEhEgiQQSBCQiQAAAAAAEBQO3SzdJKkrCRC4ovBVaSi0lFpKLiibFF4KreRdaCFpKLiinqVXqQuKPP3KLii0lFhVeCqRC4ouKLii4ovBUsVXFFxReCqZKr1IXFF6kFiq4ouKL0L4+xjpzhSBIACJESAAAAAAAAIkAEJAACJAIkAgKAAARIAiQAAAAAEEgA7NPN0kjw95XGjRuefFpeJxdnvJmx2+h58mhQzfbsucFNGTOv2ScHlreZ539fA5aadTOnp6DP6+ixz8XdBne3bc4Pd1HHz6NDgdVzm8tKpm+/ZU479diczX5zkjv8C3LoDOntuZnR01PDy0IOO3X5md3evsY9vf1OK3dJ5cup5Hjy98HH7e8nH56HoZtdTmjiv3+tePREil6F8fYx054kpEgAAABEgAAAQFAACCUSAAAAABCJURJEgAAAARIEBQACJACJAJ2aebpEc/RVc90WOH16bHJ283UZ1ukObpsZ/fFDh0ffxObx7qnH7dlCOfp8zk76yU5tHnPH19fM5vf26jhz9n0M6NMcHPrSYnb3DHtrVMquyMuusOfk0xy8uoMfq7hj21LGS1hjNkcfPqDI7OsZ/lqjC7dCpyeGnJmV1UY866svq6hidegPD3ABS9C+PsY6c0iprIAAAhIAAARIAhIIJAiQAAARITAAAAAAAAAAAAAAiSAoAAHZp5mmkefpZc6/cM2/eM/07Bn27hmNMcdO8c3JqDijuHj4doy/XvHB5ag8fHsGa0hydYAAAAAAAAAAAAAAAAAAAAAAAAKXoXx9jHTnCggKAiQAAAAAABEgAAAAEBQgkAgkAAgkgkAgkAAAABEgAgSAHZp5ukkWr4r7WxPY1I4KmhfF6DRnL9TvjG6Tvtlwak4mmdDJk1XNwmux+w62VJqxle53sT3NNnwaTKqa7Guas8fIa7Hk12SNXy5PY9vXh5jXjL8TZVyjZZXYdLO5zZZXUdbLuaMZUGtXl8DSth9x3RlSak4eidLg8TXZvQdMZfudtsnzNp5+gApehfH2MhOYKAAAAAAAAIEgAIiRQgSESESCEkTEggmJAAAAgmYBEoCgAAAAACCQAdmnm6SRS/Ovqzand652geXr4cxpM7sJ9OHwNK3D5GnPhwHfPlaOivDNnfPF0rT3zx3W5+c6/Th8zRvxXL+2X6nbOfY7+bn9zojg7S1sz0Oz3yes6PDj6Dqr4eMaFsnrr2vxdJX04anffx5Y7XFz1o9HDQ7p8vE66cQ0ZzrnT0ePuRT0Hnaw87yKV9QAApehfH2MdOdEqIJiYJBEhExIABEgiYJAABEhEoJAAAATEkJWgAiJKAARIBEgRIAAAAiSRIsSAg7dPN0ki1bKAAAAAAAAAAAAAAAAAAAAABEWAAAAClwAApcAAAAAAAKXoXx9jHTnACgAESAESESAAAESAAABETCpIEgAAiQBEgAAAAiQAAAAiYJAIJBEh2aeZppHN01XMtoeJ5+ff4Hg6bHN59Q9M/V8Tm6/D1PLzvJ5+17HHa8nN2R6nFPV4nn6X8z05uyhyT1eZ5x0STyaHMeF/cct/exwevpYvw6Pgc/p7jmv6+Z6eHf4Hjf2ucHtehPj1+Zfy9fI5dDz9Dnteh4e9R49FvY5ubQ8zy6vD0PCvRWHP10s8q+/osdFLgCl6F8fYx05pFAAAAEExIAAiQAECQQkAEEgAAAAAQkAAAiQARIAAAAAAARIA7dLN0kjn6JXKnTqZtdapxenvcy6aFjO7ve5m9PRJj21Bz8umMmNS8cvhoWsy40rrkemhB58/aOB3ycHlrecU4datZVtGTM6/T2Mr17bGXXUsY/R3WOK3XBl9nt6GPbTg5ubW8zh8dehntOpz8etU8OfRqZldehn11eU5fXtsZVNiieHloQuP0d4uAABS9C+PsY6c4UAQSAAAAAAAAAAAAACJQTEiayAAQQqQAIkAIkAiQEEgABESUAADs083SSLVLZn+x1OWx0OPwNNz85oPDlNFmdx6uWDreXidbnodbnqdTy8TreMnq4/U93D6HU47HU5B1qeJ0uT0Pdz+R2uSTqckHY5B1uSTqcknUzvQ7Xh7gAAAAAAAAAAACl6F8fYx05wpEggkAABEgAAQFAAgKIJAAABExIAIJAAAABEgABEgAARIAAAB2aebpJHl62XOaI4Oj3HJ4aQ4vb3Hhz944vb3HD56Q8sraHDXQHP5do5fLvGd3XHDXQGb6dw4Ldozp0B48miOPz0Bx36RnW7xyeGkOKewcvNpjj59QcM9o4u0AAAAAAAAAAAAFL0L4+xjpzhQQAFRIEEgAAABAUAEBQAACJAAAAQiZSJpCQAAICgAESABCJFACOzTzNOyLVlazm95e2P6Go5uA1bZfYdLFsa85I1mN2nXGNonvbO8zWZvsdc41jWnI6zrnKGqyaGzTN8jZnEua85fYdAAAAAAAAAAAAAAAAAAAAAFL0L4+xjpzhQAgKAAiQAAEEgAiQRIAARIAAQkAAIEgAAAAARIAIkAAIkQkRIIHbp5ukkWrZfL1CkegrFxWZFK+opHoKWkePrIinoPO8jyeo85uKrCtfQec3Hk9R4e0gAAAAAAAAAAAAAAAAAAAABS9C+Rr46c0ixIAAIkAhEqRIiQiQRIARIIJiQiQAABEgAAAAAIEiAoAAgSAAAgkAgkHZp5ukkVt5LzdPLonB7+A9r8/QedKj2r4+hdHmdVKeZe1KnpPn5HrNLRHr5Urp9eP2Iil
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-attribute",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-attribute--5c370126-546c-4bcd-93bd-4f69950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T08:24:20.000Z",
|
||
|
|
"modified": "2019-01-10T08:24:20.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"text\"",
|
||
|
|
"misp:category=\"External analysis\"",
|
||
|
|
"osint:source-type=\"blog-post\""
|
||
|
|
],
|
||
|
|
"x_misp_category": "External analysis",
|
||
|
|
"x_misp_type": "text",
|
||
|
|
"x_misp_value": "With people becoming more aware of ransomware, criminals are coming up with some pretty low life schemes in order to coerce victims into paying ransomware. Such is the case with a CryptoMix ransomware, who pretends to represent a sick children's charity and is asking for a ransom payment as if it was a charitable donation.\r\n\r\nCryptoMix pretending to be a children's charity is not new, but this latest iteration is taking it to the next level of depravity by including stories and information taken from legitimate crowdfunding pages for sick children."
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5c3701c2-4d58-4945-8471-4c68950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T08:26:42.000Z",
|
||
|
|
"modified": "2019-01-10T08:26:42.000Z",
|
||
|
|
"description": "Contact email",
|
||
|
|
"pattern": "[email-message:from_ref.value = 'windat@protonmail.com']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2019-01-10T08:26:42Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"email-src\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5c3701c3-40c8-4859-b3b7-4a70950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T08:26:43.000Z",
|
||
|
|
"modified": "2019-01-10T08:26:43.000Z",
|
||
|
|
"description": "Contact email",
|
||
|
|
"pattern": "[email-message:from_ref.value = 'windat1@protonmail.com']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2019-01-10T08:26:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"email-src\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5c3701c3-4950-4565-857f-4a71950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T08:26:43.000Z",
|
||
|
|
"modified": "2019-01-10T08:26:43.000Z",
|
||
|
|
"description": "Contact email",
|
||
|
|
"pattern": "[email-message:from_ref.value = 'windat@dr.com']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2019-01-10T08:26:43Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"email-src\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5c3701c4-89b8-40da-949d-4f80950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T08:26:44.000Z",
|
||
|
|
"modified": "2019-01-10T08:26:44.000Z",
|
||
|
|
"description": "Contact email",
|
||
|
|
"pattern": "[email-message:from_ref.value = 'windat@tuta.io']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2019-01-10T08:26:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"email-src\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5c3701c4-2460-465a-b459-495e950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T08:26:44.000Z",
|
||
|
|
"modified": "2019-01-10T08:26:44.000Z",
|
||
|
|
"description": "Contact email",
|
||
|
|
"pattern": "[email-message:from_ref.value = 'windat1@yandex.com']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2019-01-10T08:26:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"email-src\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--5c3701c4-6a0c-4826-8d25-4e38950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T08:26:44.000Z",
|
||
|
|
"modified": "2019-01-10T08:26:44.000Z",
|
||
|
|
"description": "Contact email",
|
||
|
|
"pattern": "[email-message:from_ref.value = 'windat2@yandex.com']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2019-01-10T08:26:44Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"email-src\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--5c37049d-12a8-4fc0-a0d0-4b45950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T08:38:53.000Z",
|
||
|
|
"modified": "2019-01-10T08:38:53.000Z",
|
||
|
|
"first_observed": "2019-01-10T08:38:53Z",
|
||
|
|
"last_observed": "2019-01-10T08:38:53Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--5c37049d-12a8-4fc0-a0d0-4b45950d210f",
|
||
|
|
"artifact--5c37049d-12a8-4fc0-a0d0-4b45950d210f"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"attachment\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--5c37049d-12a8-4fc0-a0d0-4b45950d210f",
|
||
|
|
"name": "ransom-note.jpg",
|
||
|
|
"content_ref": "artifact--5c37049d-12a8-4fc0-a0d0-4b45950d210f"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "artifact",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "artifact--5c37049d-12a8-4fc0-a0d0-4b45950d210f",
|
||
|
|
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoXHh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQED/2wBDAREPDxETERUSEhUUERQRFBoUFhYUGiYaGhwaGiYwIx4eHh4jMCsuJycnLis1NTAwNTVAQD9AQEBAQEBAQEBAQED/wgARCAJKA9YDASIAAhEBAxEB/8QAGQABAAMBAQAAAAAAAAAAAAAAAAIDBAEF/8QAGAEBAQEBAQAAAAAAAAAAAAAAAAECAwT/2gAMAwEAAhADEAAAAdV6GsT7XqKXM0urvKS/tAuVVmlGsuVQNHM9tT5Dp3l2UsVixXIkqmneXRqtYsrWCCYgmIJiCYgmK1ggmIp9K1grWCtYitYK1grWCtYK1grWCtYKlgr5bwr5YK0xDshzspFfLeFfLeFfLBWmIdl04n0rWCtYK+zLBPpWsEE+lawV8uyy39oS28hEs7msOMbl6dfaOXOiOXsulpdvNyuyxM+gXldqIS6Kpy6R70Vds4crtVWsFfZ8J1S4UStFHbhnnaEerI96OOjjo470ikIpCKQilw46Od6AADo46OOjjo46OOjjo46Oclw5yQjyfCPJiCQjPnToOOiPJ8I8mIJDknQdOOjjo46OdAB3g7VYlrWCvs+lfLRnaGdZ+6BmlfyoC5r2Y9UuO2obewGbtNpfbRbVEqEaZ5NNWZdGCL1cyxTUej2qdVX5r4kiqSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJVygQCQ24tUs0cxrVRzb2O6y5RXLrUx3NHPO1l6uEXquliiRZ2iZYp6Wqol7PYWKUtvaJ2WPKss9FT5+d+tyrlzepS3cx3WXqqDYzzLWbpf2iRaywrZ3PnTexX51ez5Y9Jg17litFisWKxYrFisWKxYrFisWKxYrFisWKxYrFisWKxYrFisWKxYrFisWKxYrFisWKxYrFisWKxYrFisWKxZV2BAWQ05tUtMdAro0W4uO+cdKatsirB6jU8vdcIcsRX2Yq7Yqmc0UStVXTqRg12Kp5eyp7arLHYqvNtRh0XCqnWPN2XKhTpRj0zRnr2CmVis3NSqcPqM3FfcKcvoCmc1kExBMQTEExBMQTEExBMQTEExBMQTEExBMQTEExBMQTEExBMQTEExBMQTEExBMQTEExBMQTEIXVlQshtxbZVN0M6xd1X2Zl0zztGjhC+MgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTdSZxrMNuLbKpurzq6UZWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKbqTONZhtx7JVN1edzy6YMw7Zys8rZnKNMEpujcsLOxKY2zKLu2GJbE5dTrKs2qgq0cHLYyKYWCwkY7JyK+9sKIw0kK7+JC1asgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKbqTO61mGzJrzVdlM3olCdyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApupKHVzDXl1SoTom7O1rmU8noEK5YDaz8NVN9Edlfks0ThauXkJwnyizQlkXTzLviMJ0WWyy6lurjSWw7UaOZ4mvuW0vh3KXs1hZdTIl3NYX0yxG2yvhxn4aowtOW18JVEcupus7G7Et0so1zlEzWZry2vtJfn5WbOURNnZwLAAAAAAAAAAAAAAAAAAAAAAKbqSoWVbMG8RllzvZKE7kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTdSUKWst+DfKKM60yx12bZ+WPQn5cI9WOLLZ7jyNS7HlzPSeRI9V41xuU8NjLQei8i09IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACm6kxjeOb8G/OhjzvdKE7kABCYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU3UmQbxHfg350M2da5Y4WbZeZ09CXmRj1WbHXqvFvPTY6I9Nhqs9N5sF9WvJYaJ45mljoPTef6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApupMg3iO/BvzpGEM70S5O5gmKlop7aM1lo5CwVLRDlgqnIQ7IVLRCYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKbqTIN4jvwb86rcZ6XyoruNbBI2sMT0GKo9J52wtVVmlikawAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKbqTIN4h6Hn+hnVcZM9O9slcZ2gZJaRnhrGTTIUx0DLO8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKbqTIN4h6HnejnVXJs9LZVcuLmWRoZJGlmqNygXqelqNBpVWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACm6kyDeK/R870c2nlzPSrmmVzh7tGGPoDHDeMfNoyQ3CGXaM2kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN1JkG8V+j53o5ueOpnr2cZXBCYVzOoRLVVoAV2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACm6kyDeK/R870c3NHWz1z17pXHlvUHlQ9hGPN6qvJn6Ejxb/UHkS9UYLdQ86n1x5vpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApupMg3iv0fO9HOs1e1jr2cZa5kZBGQAAARkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKbqTIN4r9Hz/QzqlPuelVeuVx53d48+PoIpzbu15ujSME9kzzbtcSiy7plo3DJ6EJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACm6kyDeIeh5/oZ1VXbzHW6cJ65gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKbqTE43h6Hn+hnVULOY6R5bfrHnzt4VSl05akZq7xX2zp3LsrKZLSteIQ0Ui2HShbMotkMcrqx2yZRo5wy8tFN/LzJZZwrhdIO2FeXXULQpWyM/bxTDTAqq2Zy2fLjEtiWzqvMEdMCrtkivtsSi2XSuvXWT5G8kAAAAAAAAAAAAAAAAAAAAABTdSYRvD0PP9DOq49jjponCesAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKbqTCN4eh5/oZ1DkeZ6X5tOO4u5XMl2i8RjE0chYT52shblvJwnjNPeSJwVE7cOsuy25i6yiwnVKBONPDfmtymwFXKOmmu/KaK80i6/FqJTjIo7yR3nKSy2qROPKCduWZbymJu5G4z8qF8s1xZHlBc5Av7VI5zlRbPNeS5nkae12lgAAAAAAAAAAAAAAAAAAAFN1Jhdbxz0PP9DOoIRz01SjK4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU3UmIbw34N+dGeGem2UZXAAAABzhJESREkRJESREkRJESREkRJESREkRJESREkRJESREkRJzoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApupMY3jm/Bvzozwz02yw4rj23kyPUeXWewxQPQZ/MPahj2ABwdcHQAdcHeAAAAAAAAAAABPuTKerDzcx7zyYHsqrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTdSY3W8R34N+dFMc71SjK5AAAA5CYgkIpCKQikI9kIpCKQgnwikIpCKQimIJCKQikIpCKQi
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--5c37057a-2bb8-4641-9304-1c12950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T08:42:34.000Z",
|
||
|
|
"modified": "2019-01-10T08:42:34.000Z",
|
||
|
|
"first_observed": "2019-01-10T08:42:34Z",
|
||
|
|
"last_observed": "2019-01-10T08:42:34Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--5c37057a-2bb8-4641-9304-1c12950d210f",
|
||
|
|
"artifact--5c37057a-2bb8-4641-9304-1c12950d210f"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"attachment\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--5c37057a-2bb8-4641-9304-1c12950d210f",
|
||
|
|
"name": "email-correspondence.jpg",
|
||
|
|
"content_ref": "artifact--5c37057a-2bb8-4641-9304-1c12950d210f"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "artifact",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "artifact--5c37057a-2bb8-4641-9304-1c12950d210f",
|
||
|
|
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoXHh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQED/2wBDAREPDxETERUSEhUUERQRFBoUFhYUGiYaGhwaGiYwIx4eHh4jMCsuJycnLis1NTAwNTVAQD9AQEBAQEBAQEBAQED/wgARCAHBAswDASIAAhEBAxEB/8QAGwABAAIDAQEAAAAAAAAAAAAAAAQFAgMGAQf/xAAWAQEBAQAAAAAAAAAAAAAAAAAAAQL/2gAMAwEAAhADEAAAAegaK4uFT6WqpnELDn451Dlx1Dlx1Dlx1Dlx1Dlx1Dlx1Dlx1Dlx1Dlx1Dlx1Dlx1Dlx1Dlx1Dlx1Dlx1Dlx1Ezi+gOgAAAAAAAAAAAAAAAAAAAAAAABh57FMsJ2s1Zbxw8fr/Tj3YDj3YDj3WeHKOs1HMOqxOXdXtOPdbico6vw5V0+45J1eBy7q8Dl3VDlXT+HMukmHHuwHHuwHH9BYSCQAAAAAAAAAAAAAAAAAAAAAAADRUXw510MMg2sT00apfppxkeETft0kzV5iSYO8ZxtvplAm+GxgM9fvhp3+emWjb4ZxJIiTsBlo2+EiTXiwAAAAAAAAAAAAAAAAAAAAAAAAAABhXWkAz5fo+cIYAAAAAAAAAAAAAAAPoAAAAAAAAAAAAAAAAAAAAAAAAAAAPMcKcvqzyPGfvntee4WhWe5aDd5v3EHLRvQFPcT1IsCnXAp1wKdcCnXAp1wKdcCnXAp1wAAAAAAAAAAAAAAAAAAAAAAAAAAAPIsiEbUjwi7fdxHz07jPVv54ud3NjotVEOhwoRfZ88Ok2cuOocuOocuOocuOocuOocuOocuOocuOocuOocuOocuOocuOocuOoUN8AAAAAAAAAAAAAAAAAAAAAAaai9FB50GsrMrHIgR7kQeV7ijObdAOfdAOfdAOfdAOfdAOfdAOfdAOfdAOfdAOfdAOfdAOfdAOfdAOfdAOfdAOfdAOfdAK/sKe4AAAAAAAAAAAAAAAAAAAAAAAABBJyvFgrxYIcwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1RJes804Zm/kOs5MjgAsOw4/sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxrrC39qJ5IVeJbI0YsVVmWSHHLRHhlqqvSz80RCz9rciej1xdeV+otUaEW3tRNJWNZgW6FqLPyFiWCp2lirfCy9h6Sx9iRyy9qdhYo8QtPIHhYgAAAAAAAAAAAAAAAAAAAAacsD3L3w1Z54nsKfGM/Nvo07vD3HLw1Noy88wPGwe+a8zzDfpN2v30w2+Zmj3cNeuQNGzMRsJgiZSRr1yBhhuGjXLHmrcI/u8AAAAAAAAAAAAAAAAAAAAAaYdkKbZaiBqtBFwmipWwiwrfEqNtoKjO0FV5bCDhYin3WQqlqKvy1EKbjBLBXiwV4sFeLBXiwV4sFeLBXiwV4sFeLBXiwV4sFeLBXiwV+4lAAAAAAAAAAAAAAAAA1R5Efcw26MtTfjqylya8rPfMMjNjiZ+6sTf7pzj3bGzMvdHtbTCM/NGdbsPMTHkuq5XFDNAAAAAAAAAAAAXFPcHUAAAAAAAAAAAAAAAAAx0+xiwU4uFOLhU+llCxghz46Bz46Bz47Cw5/oAAAADzRIEdIEdIEdIEdIEdIEdIEdIEdIEdIEdIEdIEdIEdIEfPaAAAAAAAAAAAAAAAAAPGEUktOwz91DZ60G2kufDh3ceHEO58OHdxrKvoI2smtXhuQ9JZNHpuQdxIQ95tasCQj6CehbCS05maDuJDV4bkb0kIuRIaNRMRvSQw1EhHxJSJ4TGrIzaYxPa8Dei7Ta0YklE9JTXrJCNiS0b0kIu8zaPCQ0+m1p8N6HmSWrE3gAA1aZYqcrQU+dqIumwFWtBESxBjW4r8LMVyx8K6TvyKzZPFVO3iAniqlS8Su9shHjWIqs7IVcyQIseyFZM3iDqsxX+zxW+2Irsp4ixLUkHOWWLrnCqmyBVrQRotmK1ZCtkShBjW4iap/pB02gqs7IQN8gVmdgK2RIyKrKy9K1ZCtmbMgAADTDsYhjs83kLKR4aM88yIk6TzD3eRst/hK91bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADGFKoSW5cdQ5cdQ5cdQ5cdRP4i7OlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhSoBQuowOadL6cy6HM5t0O05m+3+kpE9JTRvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMIc4QMLL0rNk4Q924V+Nn4RY1jkVG2x9NW4BgZvPQ8HpgZgAAPPQAAAAAAAAAAAAAAAAAAAAAAAAAAAADVWXGkhey/SDrsPSB7PxIUnZuI0eXmVmc7wh5ysyP5L0ERP1kbGfoNkSyjkfCZmQsZ4i4yNhA2SsCSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8MwGIyAAY5AwMwGOQYZgBjkGPhmeHrDMMMwYmQDHIMBmwGbDMAAAAAAAAAAAAAAAAAAAAAAA0QrPwqZkjIqtk70q85npDxs8SvysMTZU23hXY2ArZEzwjapnhA9stZAysfCs8s8iqxtRXzNvpFh2eRAwscir9svStysMTTAtNhEbxrlatoAAAAAAAAAAAAAAAAAAAAAABriyIZLQRJyjyzHOHLPGjEladGZK8j6ome68azyhZFjrzxNPurYY+6MybsjSQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxqi3Vgs1b4WaFmSkHEsFbiWivFgrfCzxxrC3U0snK6wPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa/Noj4yhD9liHt3iHt3iLnvERLERLGEaYIm7aI+/0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf/8QALhAAAgIBBQAABAUFAQEBAAAAAQIAAwQREhMUFQUQUGAgISIwMyMxMjRAJHCA/9oACAEBAAEFAvxP8RpRvTonp0T06J6dE9OienRPTonp0T06J6dE9OienRPTonp0T06J6dE9OienRPTonp0T06J6dE9OienRPTonp0T06J6dE9OienRPTonp0T06J6dEx8lMj6jd/FjCDJu42ybEBvyAVZ2mR/P9C+FfUWXcqoFTrpxdWvaaVJFQU5H8/wBC+FfUWIVVyqmMV1Y/I4uK9nRxZ0cWdHFnRxZ0cWPiYaBMXDePiYaDgwdFxsIjr4PGmJhvOjiwYeGZ1cLeMXCLvi4aTgwdFw8NgMXCZkx8Jy+Jh1q+Pgoj4uEksxcOsCjBMFGETw4WvRxZ0cWdHFnRxZ0cWdHFlVFVP1G7+HkW2l2HM36ZTx7CwSt7FaLpoyisvYpK6EOvG11i1JS6aX2LUmq6V7bHH5Y+PqS5G+gIHZQMhVC5O6tHB2yjTRVC3VbQ125rNP0/mwyNTDUQEcbx/sfWny8etu9izvYs72LO9izvYs72LO9iztYfJ3sWHNw2nexZ3sWd7FnexZ3sWd7FnexZ3sWd7FnexZ3sWd7FnexZ3sWd7FnexZ3sWd7FnexZ3sWd7Fnexfq7bttdl25MlHOW2/I+1+udEpu35e/sfa4ZT8rcKm6zzceeZRPMonmUQ/DsYTzcczzKJ5uOIPh2MZ5lE8yieZRPMonmUTzKJ5lE8yieZRPMonmUTzKJ5lE8yieZRPMonmUTzKJ5lE8yieZRPMonmUfV7dOOscb89nHutSNcyHsXImRyipRZuyRrk12Gumtr2GV/rov9fnt5eW+G+4XNddHuulT2832ORrFxqEbrUbjjUFkoOq49KqMakKtVanYu/gqnXp2squrVVtOtRrw16denc2PSzGmszYu77HdtqjKm9d29NRcu/Ua25Br
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--5c370585-a444-4c22-8c9b-497f950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T08:42:45.000Z",
|
||
|
|
"modified": "2019-01-10T08:42:45.000Z",
|
||
|
|
"first_observed": "2019-01-10T08:42:45Z",
|
||
|
|
"last_observed": "2019-01-10T08:42:45Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--5c370585-a444-4c22-8c9b-497f950d210f",
|
||
|
|
"artifact--5c370585-a444-4c22-8c9b-497f950d210f"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"attachment\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--5c370585-a444-4c22-8c9b-497f950d210f",
|
||
|
|
"name": "onetimesecret-message.jpg",
|
||
|
|
"content_ref": "artifact--5c370585-a444-4c22-8c9b-497f950d210f"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "artifact",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "artifact--5c370585-a444-4c22-8c9b-497f950d210f",
|
||
|
|
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoXHh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQED/2wBDAREPDxETERUSEhUUERQRFBoUFhYUGiYaGhwaGiYwIx4eHh4jMCsuJycnLis1NTAwNTVAQD9AQEBAQEBAQEBAQED/wgARCAKoApUDASIAAhEBAxEB/8QAGgABAAMBAQEAAAAAAAAAAAAAAAIDBAEFBv/EABgBAQEBAQEAAAAAAAAAAAAAAAABBAMC/9oADAMBAAIQAxAAAAH6DyfW8HloM3eGzQrqrT63ge774ahoxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPB97weWnN6vlauOrR5vsePfL3fC92+dQ04AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg+94PLTm3YXDZ6Xmg93wvd98dQ04AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGfQlytSesrUMt81gXyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA53EbKvKsPXhRSegx6iTz+m9niamG00skjSxSNfM1pOWC400wxnqsY2M8DWyRNrMNLPoAAAAAAAAAAAAAAAAAAAAAAAAAEZQPOltGKn0h5fs12HmV+kjytO7lePf6A8ufpxPIst0FPoQmeNfukQ8v2OGHm4Web6WIz2ejUYHpRI3wmAAAAAAAAAAAAAAAAAAAAAAAAAHB1EkkRJESREkRJESREkRJESREkRJESREkRJESREkRJESREkRJESREkRJESREkRJESREkRJESREkRJESREkRJESREkRJESR6vQcrsrQkWKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIy4SYVXZWkvL9TOufTn1FFa0txb6CGinRGRdCq7OaTPFOI9WVVfk2GeNk4o5ZGnLeF2fVnK5WZyyNwtzWCiyzCakLii2sJyiLeWmC66olPPtMM7IEeWQJW5dxmptE4X0E420nORsOWpmK2Y7RrrKtNF5lnNFPJyqrTRrLARCTCq7K0lh3ULh76FRmbqC/z/SqMtl1x50PRrKo6ekMnocMDdUZ9U7DybNtRVO+RhtskQzehSZb9AwV6bxXoiZK9MzHPdAzw2UlENszHLRYY7rZnlW7JGHRIZG2JRTuGG+2Zi7tiVp2nj376zNPTE5k9CJhb4Rg76VVcz+hwxR29LAARCTCq7K0l4vtdXw++2PH57I8/J7cDyqvdHhWeyPH57I8mPsDxdHpDy8vvDxXtDx3sDD5/vDxJetMAAAAAAAAAAAAAAAAAAAAAAAAAiEmFV2VpLvPPX0WKB6DLSeg8vWaWGw1PPvNLzrDayjUxWGlTmN7BM2MQ2sY2MUD0GWBtYRuefM2s9JuYOm5j4bWfEeqxwN7BpLnnTNzNYWsA3s9RtYrDS8+RuZ8R6rz9ZawDe87SaHm3mtXmNrFSemxWGkAEQkwquytJY9nlrpjT035K7how2F1ddxXpwjVTC00UVSJ8rGmGXYQty3EbMnTXTZQaK6eHoVcymnufpcp4aITzmqmFwnl6b6K6DVVG0sl51puzxuK7sth2zDYls+ZV2VZ5l9mTWSqy9L7sUi+uNhPUGPm0UZvQGeGsZZ3gACISYVXZWks+jq0LxRbIUx0CuUhmleK43CEbRXXoFFshV2wVRvEY2DNZaIVaBmtsGeVwhXeKVwphpEarxWsGeOoZr5CtYKo3imVgy22iiVoqhoFMdAzXTAAAAAAAEQkwquytJYtvmy6u4ba1cz1mrkajX3z9xB3Obu4NJLmbhvq5iN08A9ClUaOZuG2Xm7CE81pZCuJr5iuNdHcRvjlsLp56Dcx3Fna6o1dydrRf5txKymo2VbPONN3naCyzDoicMca9BHIejXVQa++dYbO49RCTMb5edoLK6JGyurObuZ+m8AEQkwquytJYd2da+T4RkqNebXhLoUXkr67jNNYZJ2RJ06s0LK76p7LpVGdhl1Ki2u+gThoM1nLSlPhVOu4tpsqKmisrl2wqv5IptqsJ5dECE67TlN3SMY3EYyEo21FmbTwq7C4jVXYXU64FPVqdyb6Vo25tZIAAEQkwquytJd5WtqMgZTUqFqvhapiaFVoAIkgEZAAABGQAAAIkgAEZBESAIE1dgAAAAAAAAAAAABEJMKrsrSXj+x1fG57QxU+mPHj7RPN9CRfF77IzYvWHh2+uMOT1OnlaPRHkX+gPHewMNHqjx4+0PFe0PIq9weLu2DyM/vjzNF1p472IHkd9kePR748jVtHjU++PIq9weRH2RTcAAAAAAAAAAAAEQkwquytJd5mXUz5D02K00M9JuYbDU84eiyQNzGNjDYannXmpitNDz+m9jkamEbmKJvebcbHnj0GbSAAAAAAAAAAAAAAAAAAAAARCTCq7K0lXZ1c8rhj5tGevYM8rkYeb1ZO6hlq3jLfMZYbRlloHnz2jBdpFNOwZqtwwx9AYpaxi2gAAAAAAAAAAAAAAAAAAAABEJMKrsrSVF/lr6VcM0em8aVeuyYj2I+JI9t4vD2ZeRtNUfLkeo8eg9+PkVntR8zh7HfHpPeY/PPYYbY2d8SdnsR82C+u8SB70fG3G0AAAAAAAAAAAAAAAAAAAAEQkwquytJd51YTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACISYVXZWkvP9DItmTX0ptqJbTdWsbe1xHs41VNI5Ltpj0IHJ9EY12lfZSISnYZez4Rs7MyStgW1aKyFa4txaaSXJVktFNpRoruPPunEuz6qCNkYHJymlPbiqp0GvLppIXdqJV2yKu12FVllJLvZJyMqVSlw5byZeACISYVXZWku86uPP6NRjs11Hc+2oz6OWGWGvhl5u6ZOaOmXm/KTr0wMevt550+bDz9srDyLtsTuD0BiltrI59tJQt6UR12GaF0zLZLQZqPSiZebaTD30IlEreGWO+sZvSgefzZMxNsDDunMw818Mnd1Bm7rkYO7okatVJmsvsLQAARCTCq7K0l4ntxXyo+0PHewPB9HaPM0auniT9gZMXsDH53ujyNO4eJL2R4+2+w8bP8AQjx5esPF9awPK9WB5E/XHgW+0PNs3DyOewMeP2CYZbC+NV7w8u/RaeHZ7A8iHtDw/U0AAAAAAAAAAAAACISYVXZWku8xLuUYz03ndPQZomt50zcz2FjFI1sEzYqpNbzh6LzunoMGotY6D01OU9Bjgb2So9BTA0sEjawyNjBI2sV5cw9NrLSegwSNrzbzW8+41MPDex8NrCNzFM1PO0GlitNDFw3MVR6TnQAAACISYVXZWksmvq56dwxQ9AVVahh5vGe/ozc1DBPYKatYy17hhnrGW6wYm0VUbBj5tGKWsZ+aRh7tGWn0BkjtGXukY2wUR0jF3YMLcMGq0Y2wYNNwy81jNbYM1e0ZrLRgnsGWG0c6AAAAEQkwquytJVW+SvqVwzR6bxrLPVjgoX05YenoPBuPYeHuN1eXKew8Lp7UsOE9t4156byOHsPFkew8Ww9WGfCe08m09GPkdPWl5lZ67xNZ6DxZHq10dJ6MFhtePA9l5PD2XhzPWZ8Z68fKpPdY/NPcl4m82PH6eu8eJ7TxR7LytJtfPbD05eVA9h5ED2nij2Xk7zQCISYVXZWkq7PLXRoxayuzPSatHnbSm3PE13ed6J0AAAAAEEwAAAABm0gqtAAAAAAAAAACExCYAAAITEJgABEJMKrsrSXeF650AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiEmFV2VpLxvZyrT2fS3zPRgYrrhRsomVJ9Iac+5POjokuWd955ktkzNDb0w829MVW7pDH6dRinr6YO7pHnXX9KK9Qo0cuPPo9WJDF6lRnq2jFzfw5m2RM3NMivPurMMt8TFH0ajLqstPMb
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--5c37058f-1bfc-44b4-a954-47f3950d210f",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2019-01-10T08:42:55.000Z",
|
||
|
|
"modified": "2019-01-10T08:42:55.000Z",
|
||
|
|
"first_observed": "2019-01-10T08:42:55Z",
|
||
|
|
"last_observed": "2019-01-10T08:42:55Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"file--5c37058f-1bfc-44b4-a954-47f3950d210f",
|
||
|
|
"artifact--5c37058f-1bfc-44b4-a954-47f3950d210f"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"attachment\"",
|
||
|
|
"misp:category=\"External analysis\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "file",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "file--5c37058f-1bfc-44b4-a954-47f3950d210f",
|
||
|
|
"name": "payment-message.jpg",
|
||
|
|
"content_ref": "artifact--5c37058f-1bfc-44b4-a954-47f3950d210f"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "artifact",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "artifact--5c37058f-1bfc-44b4-a954-47f3950d210f",
|
||
|
|
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoXHh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQED/2wBDAREPDxETERUSEhUUERQRFBoUFhYUGiYaGhwaGiYwIx4eHh4jMCsuJycnLis1NTAwNTVAQD9AQEBAQEBAQEBAQED/wgARCAJxAtkDASIAAhEBAxEB/8QAGgABAAMBAQEAAAAAAAAAAAAAAAIDBAUBBv/EABkBAQEBAQEBAAAAAAAAAAAAAAABAwQCBf/aAAwDAQACEAMQAAAB25LcPL9HSze+fehmGnvfMfT7cobcoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHGw7sPJ9PRv5nV95ZcGjPns+n+Y+n15w34wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONh3YeT6erTzLU2c4nt9P8x9PrzBvxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcnH9Ey6PnX0SevnX0Q+d+iPeQe8gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwevPQAAAAAAAeHoDwegAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw5exyijpV5jTpxDbLDoPfcHh1auXpNnvN8OiwwOtRzpnT851xrp0ck6N/I65xujkHQhhgdaFnHOpHmaTZ5zbjfPPoAAAAAAAAAAAAAAAAAAAAAAAAAAAAI4OiMte4YW4Zp3DC3DC3DFHeMlPRHG96tJRdp9K8PSGLZ6MPu0ZPNghg6ESFG4ZKeiMmsAAAAAAAAAAAAAAAAAAAAAAAAAAAADzwkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJPPQCEZCLweoiTyZFMQTEExBMQTEExBMQTEExBMQTEExBMQTEExBMQTEExBMQTEExBMQTEExBMQTEExBMQTEExBMQTEExBMQTEExBMQTEExBOJKUZAEAYcvZHAu7I43Y9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMokpRkAQB6x+mtj8NqvObFEDUx+mtzdJpQqNDKNTNE1s0y5mkXq8hvZazc51htYNRa51htc7UXqMZ02YaWW0tZRqZ7iTLE2OdpNCgXsMzWxwN7NE1s0DYrpNTNSb2KZqZZGhVWaXO2ljL6aWaJrVRL1FpIAACMokpRkAQBm8nSQ8upNOeyRbz7ryryyoUa7ymiN5k0+3HlMqyfttZmr6dBohXE9o0RM9uiohsovK6tGcqtl6W4r7DL5ZMr0VxKtMfDJtq0GfRoJz3QLz7NgyZ+mjmy6Czj6d5c9O4c2XQHMj1Ryp9IczXoGGvpI5e29ZzfOmXlz6I5N3QGC7SAAAEZRJSjIAgCvPtHKl0xgbxy91wxUdQczdaMlPRGO28UQ1Dn+7xVn2jlbrxzLdwpjoHM06hj5/cGTN1BzNegY47hz9N45d+0YdNoAAAAAAAAAAAAAAAAAAAARlElKMgCAPWGg6rDeXuZE6rn3mlx7jpMFR1GSo6DmzN7FmjrM9NbmGJ0HOsNrmwOr5x/DtAAAAAAAAAAAAAAAAAAAAAAAAAAAARlElKMgCAI1aBksvGSy8Y5ahl81jPDWKcvQFNWsYm0V1aRDLtGPzaM8NYyWXgAAAAAAAAAAAAAAAAAAAAAAAAAAABGUSUoyAIAix5TsuJYdeObnHarjhOs48zqsVZ0XCtOw4o7Tk1HYnhyHZq58Dr+8b07DieHcczpgAAAAAAAAAAAAAAAAAAAAAAAAAAACMokpRkAQAeiqUx5XaHnor8tHlGgQ9kK1gjC0RjYK5+iufopskK7AAAAAAAAAAAAAAAAAAAAAAAAAAAAARlElKMgCAKI+5DVZzpG9h0Fs8VJ0/eTM6XnP9NzmXmyrJA6UuTadByrzewWGr3B6a+Vp5ZhZxoZxoZxoZxoZx1fqfkPrwAAAAAAAAAAAAAAAAAAAAAABGUSUoyAIA9BGQAAAGWo3sA3sA2ywDewDewbSQHA7+Q+MfTj5h9OPmH04+YfTj5h9OOP8AX87ogAAAAAAAAAAAAAAAAAAAAAACMokpRkAQBiq2QIKfDVGmZJXaV7ses+b5HX5AAAAA+2+J+2NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEZRJSjIAgD156AAAAfMcj6bAch1xyHXHIdcch1xyPtuB9EWgAPB6AAAAeHoAAAAAAAAAAAAAAAAAAAAAAEZRJSjIAgDHn2xKY6ayFHUoK6NIy7a9Jnp2wKvZWnP831ksfRpKJ31HlVwzNQqs9vjj691FTh7MyeX2GC+6Bm2+zOfDbaUZd0I9y76KpjugkKujlWi62khOdZV5rrKvatxjjptMmj2Jbm10Ec+zwptq1xm20WVzmuJRdO0w9Gr0uAAAAAAjKJKUZAEAekSREkjIIeFh4evPQjIAIeFim09AIE0ZABVImhMAAAAI+noCEwAjIESRWWK4lwABEkAQJgITABAmq9LEZABCJahMRlElKMgCAKce6BzLOjIqw9Worjdact1BzvejWnLr7Xi8nbp9ORvvmc2jswOfdpsMOHtROT52PCvm9qJzdej04XvY9KcPXgcuXSHL86/hyqu3E5O6+w4mjdacbZp8Tm2dAvLq7Xhza+t6ca7peEcHVHIn0fDPHcOJZ1PTj2dQcqHZFOHqxOZLfM41vSmcavsenPj1fDjuuKeb24nMu3Dm5+vIo0e+EpRkAQBz83aHHz/QDg+d8ZtIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIyiSlGQBAHrPUbVEDUqiXqImlmgbGSRpV0mpg1FqmJoZBrZvDUyxNjPMtc6w2q6jSyUHSZriaio2MWksc281qpE2K4vYLjSzwNbN4amK4vAAAAAAAAAAAAAAAAjKJKUZAEAY6OoM+Lqjl7bxjr6A57oDB7uHNu2Dnx6UTNR0hjp6Q5EuqOVfuHJ0a5GfL0xzrtYwedAcjbqHMh1hhu0DNj6o5mrSOP0NA58tw5t2wcl1hzNl4AAAAAAAAAAAAAAAARlElKMgCAPWGs6SiJpcyZ0GD03MVJ02Dw6DnQOo5fUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEZRJSjIAgCivYMWmwYp6hjnpFFO0ce7pDJDcMG8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEZRJSjIAgD0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMokpRkAQB6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGUSUoyAIA9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjKJKUZAEAegAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARlElKMgCAPQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIyiSlGQBAHoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEZRJSjIAgD0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMokpRkAQB6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGPpOUZAEPJ+EUhFIRSEUhFIRSEUhFIRSEUhFIRSEUhFIRSEUhFIRSEUhFIRSEUhFIRSEUhFIRSEUhFIRSEUhFIRSEUhFIRSEUhFIRSEUhFIRSEfJhLz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA//8QALxAAAwABBAECBQMEAgMAAAAAAQIDAAQREhMUIGAQFSIwUCEjMwUkMTQyQEJwgP/aAAgBAQABBQLUVoj+TbPJtnk2zybZ5Ns8m3tbV/yfDY+2dX/JkED0e4m+q48
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "marking-definition",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
|
"definition_type": "tlp",
|
||
|
|
"name": "TLP:WHITE",
|
||
|
|
"definition": {
|
||
|
|
"tlp": "white"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|