2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5d1dc7d2-8c8c-40d8-9eb9-ba1d950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-05T19:26:41.000Z" ,
"modified" : "2019-07-05T19:26:41.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5d1dc7d2-8c8c-40d8-9eb9-ba1d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-05T19:26:41.000Z" ,
"modified" : "2019-07-05T19:26:41.000Z" ,
"name" : "OSINT - Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus" ,
"published" : "2019-07-05T19:32:09Z" ,
"object_refs" : [
"observed-data--5d1dc7f3-78b0-49da-9208-e66f950d210f" ,
"url--5d1dc7f3-78b0-49da-9208-e66f950d210f" ,
"x-misp-attribute--5d1dc80b-001c-4988-86d3-d815950d210f" ,
"indicator--5d1dc8d3-d704-4379-8cb9-ef2d950d210f" ,
"observed-data--5d1dcb0b-5ea0-45a5-bcf0-4bdd950d210f" ,
"file--5d1dcb0b-5ea0-45a5-bcf0-4bdd950d210f" ,
"artifact--5d1dcb0b-5ea0-45a5-bcf0-4bdd950d210f" ,
"indicator--5d1dcf67-39a8-41bb-8d37-49f8950d210f" ,
"indicator--5d1dcf68-e2c0-4f95-bb31-448a950d210f" ,
"indicator--5d1fa440-8cc0-40e6-a139-4e9702de0b81" ,
"indicator--5d1fa453-e900-4dbf-b9ff-fa8202de0b81" ,
"observed-data--5d1fa5b6-653c-45ce-a1aa-4641e387cbd9" ,
"network-traffic--5d1fa5b6-653c-45ce-a1aa-4641e387cbd9" ,
"ipv4-addr--5d1fa5b6-653c-45ce-a1aa-4641e387cbd9" ,
"indicator--7ccf1784-d672-49a9-a9c1-47571248ecc2" ,
"x-misp-object--5385bb52-5807-4cd1-9b73-2a477774ecaf" ,
"indicator--5d1dca91-67f4-4d72-ae65-404c950d210f" ,
"indicator--5d1dcb68-1c60-41fa-af3d-ae2b950d210f" ,
"indicator--5d1dcbd1-1ecc-49cb-9581-4560950d210f" ,
"indicator--5d1dcc9f-4ff4-4a67-9d55-4c50950d210f" ,
"indicator--5d1dceb0-5e88-4c96-9198-4be5950d210f" ,
"x-misp-object--1b2bf589-d1bd-46ec-bdd9-e3377bf59cee" ,
"x-misp-object--b9d123b3-6e49-44dc-9650-cba9b90be445" ,
"x-misp-object--5d1dd042-92e0-47ab-b0c5-4df9950d210f" ,
"indicator--d4b1b6a9-8ad8-42a3-837d-2657a643fe05" ,
"x-misp-object--24904b19-a810-4f5e-9eb3-ebe8f0c8d4a6" ,
"x-misp-object--ad843e55-3218-4fb9-9acb-1e1bd2b9946e" ,
2024-08-07 08:13:15 +00:00
"relationship--8896acc9-e38f-46ac-befd-79b7a5284adc" ,
"relationship--8b3b21ca-a46c-42b2-8ca9-c34f86c571fe" ,
"relationship--d9027a99-55f6-48c9-a5ed-f58da8eb9f50" ,
"relationship--2b996db1-7de3-49a4-bf4a-2693b8e6a6c0" ,
"relationship--c2ecfbdd-372d-4009-9d10-d0aea23db7ea" ,
"relationship--4af4ac70-d129-4193-944f-4a281b359d81" ,
"relationship--2a0fd6a4-b2db-4b43-9783-655d10959887"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:threat-actor=\"APT32\"" ,
"misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\"" ,
"misp-galaxy:mitre-attack-pattern=\"Custom Command and Control Protocol - T1094\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:source-type=\"blog-post\"" ,
"osint:certainty=\"93\"" ,
"estimative-language:confidence-in-analytic-judgment=\"high\"" ,
"workflow:todo=\"review-for-privacy\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d1dc7f3-78b0-49da-9208-e66f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T09:33:39.000Z" ,
"modified" : "2019-07-04T09:33:39.000Z" ,
"first_observed" : "2019-07-04T09:33:39Z" ,
"last_observed" : "2019-07-04T09:33:39Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5d1dc7f3-78b0-49da-9208-e66f950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5d1dc7f3-78b0-49da-9208-e66f950d210f" ,
"value" : "https://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5d1dc80b-001c-4988-86d3-d815950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T09:34:03.000Z" ,
"modified" : "2019-07-04T09:34:03.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "The OceanLotus Group (aka APT32, CobaltKitty | previous reports: The SpyRATs of OceanLotus; OceanLotus APT Group Leveraging Steganography) is using a suite of remote access trojans dubbed \"Ratsnif\" to leverage new network attack capabilities. Blackberry Cylance threat researchers have analyzed the Ratsnif trojans, which offer a veritable swiss-army knife of network attack techniques. The trojans, under active development since 2016, combine capabilities like packet sniffing, gateway/device ARP poisoning, DNS poisoning, HTTP injection, and MAC spoofing. \r\n\r\nWe delved into four distinct Ratsnif samples, three of them developed in 2016, the fourth created during the latter half of 2018."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d1dc8d3-d704-4379-8cb9-ef2d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T09:37:23.000Z" ,
"modified" : "2019-07-04T09:37:23.000Z" ,
"pattern" : "[file:hashes.MD5 = '516ad28f8fa161f086be7ca122351edf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-04T09:37:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d1dcb0b-5ea0-45a5-bcf0-4bdd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T09:46:51.000Z" ,
"modified" : "2019-07-04T09:46:51.000Z" ,
"first_observed" : "2019-07-04T09:46:51Z" ,
"last_observed" : "2019-07-04T09:46:51Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5d1dcb0b-5ea0-45a5-bcf0-4bdd950d210f" ,
"artifact--5d1dcb0b-5ea0-45a5-bcf0-4bdd950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5d1dcb0b-5ea0-45a5-bcf0-4bdd950d210f" ,
"name" : "Fig0-ratsnif.jpeg" ,
"content_ref" : "artifact--5d1dcb0b-5ea0-45a5-bcf0-4bdd950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5d1dcb0b-5ea0-45a5-bcf0-4bdd950d210f" ,
"payload_bin" : " / 9 j / 4 A A Q S k Z J R g A B A Q E A S A B I A A D / 2 w C E A A Y E B Q Y F B A Y G B Q Y H B w Y I C h A K C g k J C h Q O D w w Q F x Q Y G B c U F h Y a H S U f G h s j H B Y W I C w g I y Y n K S o p G R 8 t M C 0 o M C U o K S g B B w c H C g g K E w o K E y g a F h o o K C g o K C g o K C g o K C g o K C g o K C g o K C g o K C g o K C g o K C g o K C g o K C g o K C g o K C g o K C g o K C g o K P / A A B E I A O U B X w M B I g A C E Q E D E Q H / x A C 0 A A E A A g I D A Q A A A A A A A A A A A A A A B Q Y D B A E C C A c Q A A E D A w A D B w w N C g Y C A g M A A A E A A g M E B R E G E i E T M U F R U r L S F B U W I j U 2 V G F z k p T R B z J T V o G D k Z O V o b P B 0 x g 3 Q k N V c X J 0 d a M I F y O C s e E z R T T w R G L C A Q E B A Q E B A Q A A A A A A A A A A A A A A A g E D B A U R A A I B A g M G B A Y C A w E A A A A A A A A B A g M R E i F R B B Q x Q Y G x I m F x 8 B M y M 6 H B 0 U L h B S O R Y v / a A A w D A Q A C E Q M R A D 8 A 9 U o i g t P a i W k 0 G 0 i q K d 7 o 54 b d U y R v a c F r h E 4 g j 4 U A q t M d G a S o f B V a R W a G e M 6 r 45 K 6 J r m n i I L s h Y u z n R P 30 W L 6 Q h 6 S 8 I o g P d 3 Z z o n 76 L F 9 I Q 9 J O z n R P 30 W L 6 Q h 6 S 8 I o g P d 3 Z z o n 76 L F 9 I Q 9 J O z n R P 30 W L 6 Q h 6 S 8 I o g P d 3 Z z o n 76 L F 9 I Q 9 J O z n R P 30 W L 6 Q h 6 S 8 I o g P d 3 Z z o n 76 L F 9 I Q 9 J O z n R P 30 W L 6 Q h 6 S 8 I o g P d 3 Z z o n 76 L F 9 I Q 9 J O z n R P 30 W L 6 Q h 6 S 8 I o g P d 3 Z z o n 76 L F 9 I Q 9 J O z n R P 30 W L 6 Q h 6 S 8 I o g P d 3 Z z o n 76 L F 9 I Q 9 J O z n R P 30 W L 6 Q h 6 S 8 I o g P d 3 Z z o n 76 L F 9 I Q 9 J O z n R P 30 W L 6 Q h 6 S 8 I o g P d 3 Z z o n 76 L F 9 I Q 9 J O z n R P 30 W L 6 Q h 6 S 8 I o g P d 3 Z z o n 76 L F 9 I Q 9 J O z n R P 30 W L 6 Q h 6 S 8 I o g P d 3 Z z o n 76 L F 9 I Q 9 J O z n R P 30 W L 6 Q h 6 S 8 I o g P f l q 0 i s l 3 m d D a b x b a 6 V o 1 i y m q m S u A 48 N J U o v C 3 s Y V E t N 7 I 2 j L 4 J H R v d c a e M l p 32 u k D X D 4 Q S P h X u l A E R E A R E Q B E R A E R E A R E Q B E R A E R E A R E Q B V 32 R / z e a U f 0 u q + x c r E q 77 I / 5 v N K P 6 X V f Y u Q H h J p A c C 4 Z G d o 419 F t N i t N 6 h t D 5 r a L W a y t L Y o 453 v d P T t Y X P J 1 i e E A a w A 395 f P I n i O V j y x r w 0 g l r s 4 d 4 j j g V l q t M q i e 4 w 3 B l t t 8 F d B q C G a I z D c w 3 e a 1 p k L A M b M a v C V p h I d Q W K e C z X W W g l p q W o q Z a a W l p 5 X E P c 0 g s 7 Z 5 J A I d h x B 4 N g C z 0 + j t r Z e N K 5 p 207 K K 1 z b l D F U S y N j B c 8 t G s W Z e Q A N 4 b S c b V W r n p D U V z q I N p q S l g o 3 u l i g p 2 u D N Z z g 5 x O X E 7 S B w 7 w 2 Y W R m k 1 V 1 f d a i e m p K i O 5 u 16 i m k a 7 c 3 H W 1 g R h w c M H e 2 p 77 f 2 b r 0 / P 9 E i N E L h L p X H S V F v d B Q u q Y 4 p J q V s j 4 G N d q + 1e7 O + H D G T n a F P W z R + x 3 a p h m Z b T T x R 189E6 J s s h Z I G x l z H P J J c 0 D H b E E f A q L X X u t r L 713e9 r K w S N k Y Y 24 a w t x q g D i G B 8 i m D p x X t k B h o 7 f D A 50 r 5 q d k b t z n d I M P L 8 u J 3 u I j H A s 5 e / L + z O Z m 0 u 0 a k i u F L H Z b Z L I T R s m q O o m y T w 6 x J 7 Z j j k l u A N u S M 5 U x P o 3 Z j V 19 s F M I Z L b H S y y V j p n j d Q 4 s 3 T W B O q B h + z A G M b 6 p N 5 v E t 0 b S R u g p 6 a n p Y 9 z h g g D g 1 g J J P t i S S S d 8 l b 8 u m V V U 0 z o J K e g k e 9 s T K i X V c X z s j O W t f 22 M b B n A B O N 9 E H n 79 P 7 N j T W 2 t p J H T U N s o o L W a h 8 c F V S 1 L p x K B v B x 3 R 4 B x t x g F V V S 9 z v k l b b Y 7 f D R 0 l F R s l M 5 i p w / t n k Y 1 i X u c d 7 Z v 4 U Q d 5 Y i m M h M h B v J h a Y M h M h M J h A M r H u 8 f K + o r v + k o 5 V F X J k 7 G 9 u 8 f K + o p u 8 f K + o r R T B x n G x V h R O J m 9 u 8 f K + o p u 8 f K + o r R R M K G J m + 6 V j c Z d v j I 2 L j d 4 + V 9 R W r P + r / g C x r F F G u T N 7 d 4 + V 9 R T d 4 + V 9 R W i B k 4 C L c K M x M t v s e 1 c E W n 2 j U k j 8 M Z c 6 Z z j g 7 A J W r 3 H F f L d L T z z x 1 G Y o d X d H a j t m T g c C 8 D 6 G d + F i / n 4 P t G r 2 F b O 969 f E c 8 r r T o x l G 71 R y n W l G V l o y 4 d k t p 8 L / t v 9 S d k t p 8 L / t v 9 S + b o v T u c N W c N 7 n o j 6 R 2 S 2 n w v + 2 / 1 J 2 S 2 n w v + 2 / 1 L 50 + N 7 A 0 v Y 5 o c M t J G M j j C 6 J u c N W N 7 n o j 6 X D p B b J p o 4 o q n W k e 4 N a N z c M k 7 B w J N p B b I Z p I p a n V k Y 4 t c N z c c E b D w K g W b u x Q + X j 5 w S 892 K 7 y 8 n O K n d Y Y r X Z W 9 T w 3 s i + d k t p 8 L / t v 9 S d k t p 8 L / t v 9 S + b r u 2 N 72 u c x j n N a M u I G c D x q t z h q y d 7 n o j 6 L 2 S 2 n w v 8 A t v 8 A U n Z L a f C / 7 b / U v m 6 J u c N W N 7 n o j 6 d L f L d F T w T y V G I p t b c 3 a j t u D g 8 C w 9 k t p 8 L / A L b / A F K n 3 P v e s v x / P C h 1 M N l h J X u + f c q W 1 T T t Z c j 6 R 2 S 2 n w v + 2 / 1 J 2 S 2 n w v 8 A t v 8 A U v n D W l z g 1 o J c T g A c K 5e1 z H u a 9 p a 5 p w Q R g g q t z h q y d 7 n o j 6 N 2 S 2 n w v + 2 / 1 L Z o L v Q 18 x i p J 90 k D d Y j U c N m w c I 8 Y X y 5 W T Q P u x N 5 A 85 q 51 N l h C L k m y 6e0 y l J R Z f F X f Z H / N 5 p R / S 6 r 7 F y s S r v s j / m 80 o / p d V 9 i 5 e E 9 p 4 R R c g Z I C m J b B M 2 W e G G q p Z 54 H B j 449 c E O L w w D L m g b 540 s C G R S j r F X s 3 Q v Z A 0 M O q 4 u q I x g 4 y R t d v g b 43 w u X 2 O q j u 7 b c 6 S n 3 Z w 1 t Z s g c 0 D G T n G S N g 3 s Z Q E U i k 47 L U 1 E j h R P g q m D V G 6 M f q N L j v N G v q k u 2 b 2 M r r F Z a + W G O S O A E S F o a N 0 a H b X a o O r n I B O z J G E B H L A H E N w w P 1 W 8 b S D v 8 A 1 q T u F t q r f u f V U b W h + Q 0 t k a 8 Z G w j t S c E c S 0 0 B 1 j d r a x w Q M 7 M j H A u y I g O B x L l C M r j a E B y i 4 y e J M c a A D j U c p J R + 5 v 5 D v k V x I k d V y 0 9 q 4 Z 4 P v X O 5 v 5 D v k T c 38 h 3 y K i T q i 7 b m / k O + R N z f y H f I l x Y 7 T / q / 4 A s a z T M c d T D X H D R w L H u b + Q 75 E Q Z w 0 4 c E d 7 Y / v X O 5 v 5 D v k T c 38 h 3 y I C W 0 M 78 L F / P w f a N X s K 2 d 716 + I 55 X k H Q q G V + m V h a y N 7 n G v p w A G k k n d G r 2 P b q C s Z Y r v G + k q G y P 3 H U a Y y C 7 D j n A x t X p p N Y X 6 r u e e q n i 6 P s V 5 F u d a 7 h 4 D V f M u 9 S d a 7 h 4 D V f M u 9 S 9 u K O p 48 M t D i s l M t N S F 0 m u 8 N c H Z O S O 2 O M / A t R b n W u 4 e A 1 X z L v U n W u 4 e A 1 X z L v U s U o r m U 1 J 52 F m 7 s U P l 4 + c E v P d i u 8 v J z i t u 0 26 u Z d a N 76 O p a x s z C X G J w A G s N u 8 l 2 t 1 c + 61 j 2 U d S 5 j p n k O E T i C N Y 7 d 5 R i W P j y N w v B w 5 k Q t u i l L Y a q N 0 m G O i O G k 7 C 7 I 4 O N c 9 a 7 h 4 D V f M u 9 S d a 7 h 4 D V f M u 9 S t y i + Z k V J O 9 j T R b n W u 4 e A 1 X z L v U n W u 4 e A 1 X z L v U t x R 1 J w y 0 N y 5971 l + P 54 U O r D c a C s f Y r R G y k q H S M 3 b X a I y S 3 L h j I x s U V 1 r u H g N V 8 y 71 L n T k r c e b 7 l 1 I u / D k u x q x v d G 8 O Y 4 t d x g 4 K z X B w f X 1 L m k O a Z X E E H I I y V k 613 D w G q + Z d 6 k 613 D w G q + Z d 6 l e K N 73 J w y t a x p q y a B 92 J v I H n N U P 1 r u H g N V 8 y 71 K w a F U d V T 3 W V 9 R T T R M M J A c + M t G d Z u z a u d e S d N 5 n S j F 41 k X R V 32 R / w A 3 m l H 9 L q v s X K x K u + y P + b z S j + l 1 X 2 L l 8 k + o e E g c E F T 50 m q H 1 t R N O J Z o 5 J G y R x P m J E Q E j X 4 G R / 8 A r j g U F E x 0 s j I 42 l z 3 k N a B w k q + X n 2 N 6 q 33 O 2 W q K S u l u F X O 2 n M k l A 6 G j D i D r B k 5 d m T V x t w w D A J B 2 L c 8 j G 1 Z 3 K z S X l k E d a 19 O + X q h z 3 a h l / 0 + 2 G z L S 0 5 I 3 w Q Q V j q r l B U 3 d t c 6 n m Z k D X a y f V O s B j L X a v a 8 B 4 V v a a a O x 6 O V k V P G 66 P 1 w T u l b b j R t e B j D o w 5 x L m 7 + 0 h v 7 l N X P 2 P m 0 d g k r o r j N L U x U 9 L U O Y a M t g k E 5 A D Y p t c 67 h n a N U b x x v F Z G N 7 Y f Q 18 b M i e y p x E j N y q m R n U I d F V l k p L Q R l 7 w 3 t s 527 B v B Y 49 J 5 B D S N k b V O f T l m w V R E b w 1 w d t Z j f 2 Y z n x 4 W 3 p 7 o i 3 R
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d1dcf67-39a8-41bb-8d37-49f8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T10:05:27.000Z" ,
"modified" : "2019-07-04T10:05:27.000Z" ,
"pattern" : "[domain-name:value = 'search.webstie.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-04T10:05:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d1dcf68-e2c0-4f95-bb31-448a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T10:05:28.000Z" ,
"modified" : "2019-07-04T10:05:28.000Z" ,
"pattern" : "[domain-name:value = 'dns.domain-resolve.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-04T10:05:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d1fa440-8cc0-40e6-a139-4e9702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-05T19:25:52.000Z" ,
"modified" : "2019-07-05T19:25:52.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'b20327c03703ebad191c0ba025a3f26494ff12c5908749e33e71589ae1e1f6b3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-05T19:25:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d1fa453-e900-4dbf-b9ff-fa8202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-05T19:26:11.000Z" ,
"modified" : "2019-07-05T19:26:11.000Z" ,
"pattern" : "[file:hashes.SHA256 = '7fd526e1a190c10c060bac21de17d2c90eb2985633c9ab74020a2b78acd8a4c8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-05T19:26:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5d1fa5b6-653c-45ce-a1aa-4641e387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-05T19:32:06.000Z" ,
"modified" : "2019-07-05T19:32:06.000Z" ,
"first_observed" : "2019-07-05T19:32:06Z" ,
"last_observed" : "2019-07-05T19:32:06Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5d1fa5b6-653c-45ce-a1aa-4641e387cbd9" ,
"ipv4-addr--5d1fa5b6-653c-45ce-a1aa-4641e387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5d1fa5b6-653c-45ce-a1aa-4641e387cbd9" ,
"src_ref" : "ipv4-addr--5d1fa5b6-653c-45ce-a1aa-4641e387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5d1fa5b6-653c-45ce-a1aa-4641e387cbd9" ,
"value" : "66.85.185.126"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7ccf1784-d672-49a9-a9c1-47571248ecc2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T10:10:15.000Z" ,
"modified" : "2019-07-04T10:10:15.000Z" ,
"pattern" : "[file:hashes.MD5 = '516ad28f8fa161f086be7ca122351edf' AND file:hashes.SHA1 = '98389cccd15253a56827411b4d7b313b8ab481d6' AND file:hashes.SHA256 = 'b4e3b2a1f1e343d14af8d812d4a29440940b99aaf145b5699dfe277b5bfb8405']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-04T10:10:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5385bb52-5807-4cd1-9b73-2a477774ecaf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T09:38:45.000Z" ,
"modified" : "2019-07-04T09:38:45.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-07-03T15:11:12" ,
"category" : "Other" ,
"uuid" : "103ff02d-8c11-46fb-9ec7-32ff39d893ba"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b4e3b2a1f1e343d14af8d812d4a29440940b99aaf145b5699dfe277b5bfb8405/analysis/1562166672/" ,
"category" : "Payload delivery" ,
"uuid" : "359b71bc-eae8-4614-a7a2-3fd8039ef9ab"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "21/69" ,
"category" : "Payload delivery" ,
"uuid" : "3f4dcb8f-2edb-4726-ad9a-85ec722eead0"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d1dca91-67f4-4d72-ae65-404c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T09:45:42.000Z" ,
"modified" : "2019-07-04T09:45:42.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 516 a d 28 f 8 f a 161 f 0 86 b e 7 c a 122351 e d f ' A N D f i l e : h a s h e s . S H A 256 = ' b 4e3 b 2 a 1 f 1e343 d 14 a f 8 d 812 d 4 a 29440940 b 99 a a f 145 b 5699 d f e 277 b 5 b f b 8405 ' A N D f i l e : n a m e = ' j a v a w . e x e ' A N D f i l e : n a m e = ' C l i e n t . e x e ' A N D f i l e : s i z e = ' 1387520 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A J l N 5E7 a c k M Q X h A G A A A s F Q A g A B w A N T E 2 Y W Q y O G Y 4 Z m E x N j F m M D g 2 Y m U 3 Y 2 E x M j I z N T F l Z G Z V V A k A A 5 H K H V 2 R y h 1 d d X g L A A E E I Q A A A A Q h A A A A j I 9 D M q A N l E K p 79 c 93 R 0 E c 8 F J 0 q P I O w Z A d M 6 X Y c u D P t c X l a k G S 6 Q h Q M / s s K R E e U 7 L q 5 r d W D K + k y A M z Y n O o R 9 z I B N 2 C g 61 X 8 q 1 B g t A o M H R M 0 Y c s x 3 Q w K F 0 b h F F R l H 2 i k q p h 0 l Q 3 C g q 0 J U T G k I 5 Q M t n + t L R y l P M j n f f h x C G p H e v d s / J 3 Y c L L A N 0 I T Y y 7 U B E 8 T 9 d q s Z L E 2 V M Y M v Y E d h d J T o e e k E + l a 2 o 38 x p L c D l u O Z X + t z c a 7 g + I K M 8 + m z P + l y 6 T S O J 93 W g z k 2 y 1 r Z / g P 6 A f R 9 V / e D 8 h n v Q A b + Q k z 2 K P / 47 P S J J K x e u E K I P 1 n K X P j m 3 d B + 6 J t c R q L D h T 1 r y t 5 W H X j h i k 0 1 C C w 9 / z u P o K a f g P 2 T R 3 r 2 O f y u 1 C A 2 A + A o N G v o g C 0 870 V q h t + + h X b 4 V D T 9 d N k i b T 4 J 9 q d / 3 j d w S M X j m 6 K j F 1 Q h 1 z 6 S m d n x d H / 42 a d u M u E R D e J y V / 5 M j 0 b v x G K 0 U M W U P q l A t s x z L x A l z 3 d 4 k 4 k J B L M l q V u S N G j 3 P O X w u / 8 g h 8 Z X P C 5 g D C + 7 N g 9 Q c S z y q H C 2 Q q y V 5 w V 39 T q C z / N n z 1 t B R l 0 y E I A O P 7 m N s D P r a N n I E E y 0 p M f k I 8 V R y R F a E b U s q 2 + D + 6 s j + 33 I b J d x 0 z F x M 269 W Z W r E U 9 l 5 O p W e l z I J a + T 2 / t T C u W Z k 48 n B L o r n N Z x 7 z M N V 0 U u d X F Y Q K W I W I z + W Q S j e L 9 P n D D / j s F U S O I 18200 G q r m h P q W W 6 e c i H H R 3 g h 8 n A N Q r M 3 n Q g Q B 3 P h H 0 n R O z N 9 K i 6 D d V z 9E3 k m e j w a K N U C E g 1 B 3 w 1 + E D d / 46 J U h o D / 8 o n G s v H z + M O U 81 L X a W W 4 A K K K R Z y g M p M x Y k j / y U k K y B y g o B B U Z B v u H f U P L z H a i E 7 u 8 u 79 b x N E q + C b N + R D E k L / n F 3 V G 9 Z G 4 t y i y I i 1 Z l M f c 74 p 618 S Q C 0 9 N f V t Z V N O V E Z W A V E K d o E a + A g h 16 e E 0 4 Q o t o i u Y 1 G J q M O E Y G 5 C O m k d 34 m N A P m S w T L s J 8 B l v o k P C M T K E w D G s B N J V 3 a b s O E G e T P F 0 F e L m i w q K w + E I 5 y a x E S h N A B I 0 v b 2 I o 4 Y m 5 n G X S m C a 1 O L Z v G 8 Q 9 o z 0 r 28 R W R W Y R a 373 N I c R r M t Q G 8 B N c X / 0 52 T M S Q f N c g B s 3 P b b D Y o q D o o 3 c V e z 4e4 c p w z L B a p G F g F 6 L 6 x a T R W V 2 l O C Z F x / y W + J / s D 1 v R g Q X + y 6 w N e u s 77 W h u G o + T D P o m C y f H H J I m G / R X / 1 k L y S u p q 2 O V 23 B y W q W 7 T N 5 g s Y D 6 i K L 2 I C I k w 77 S 7 m J x D V A f c z / S 1 T i 5 l q N 1 K m 5 g / f t z e i c c I r S J l G Y C A / q W R y q X j 4 A U G 2 F E n V 9 P n L 7 r f 7 y G p 3 m C p 8 j G u y H m a w V g L R j 9 q v D R V c M A f T / d j Z y s 9 p E i I s 59 S V j p c P 6 L T T r I L s J r G r 8 y H r W V R M g V I u T P M h z h p r o W d c n 6 F T G h Z f 6 l U 94 R 8 B L I N T + U Z u O f E i A G 0 a d V B S x c K e y 9 y K W 5 E k z 7 + f P w L 55 r R / 1 M i v f f M s q m / F s S W c t v p w v 94 H t l p c x i R j w 2 F u l u M t 7 A z 8 q E 7 q j c C 5 I i k 7 O N N r v 2 G I g T u J X 3 q j K S 8 q J 1 i h A c 88 b z t N b D q c J V N S H 4 i T 5 q 0 J Y c O P K k 7 F h K H 0 k n B 5 z w q p 4 l a m s K R p G g J q s 4 R d Q b L 80 w z R F i L p 36 S a 4 e k D 1 Y F r p n Q W F B k F d + T B g G e R z y K m 3 U Z 8 x z N b F d Q + a p P 87 w s G E a X 2 z x e h h 9 r f M Y G c n L Q E b l H w d t 1 + 3 c C z b a z v I a z U p 3 v b A F 1 a F 1 r Z q u C k O + z v E / o b C E C f / L F F 3 o n N 7 R l P Q G 9 z a Y Q W 8 H 4 R M 4 Z S i r 88 k i V L g h X X i v A H b a 5 H t G o B G Q B n + Q E J u d 8 r n t s s s e L v u r m o G P 0 e o W K b V 0 s A j 49 f 2 z S p 5 F m r x L 4 H d 4 s e d O v 53 h //HLgmbGLr7Usk/A9FQOdmcpYs0PE5+O1DKa1CQwzEocnCeb6MiY2H8LYE0845LIN6kGikpxnI4pgT0nfUHKUEaMnLK2g5vdsMB3SLuNcrgrW3udLr0CZN4+XhfQgavDAY512xbBaK0pmAykfwWYSQLJhFO3A3eFfKSis2UPCgU31r2jabBsJh3JjnrQDUoOWQ1mjLURJt8zn1StMLaJlMsSaLeHEtk6sPaHJkw9aSEqu28VtUCW7+bYzG5xQGGI9I+xGd4P9RMZDX4yjt3J532e8ELhywgofb/fVSI3dBD86zvjydWrnK9IEmgFx95dMefhR43awwZ2BFBeTpWEewD50K1+vV8M+DbOlXE19JxWkFniPu0ciVrCby3KEYyQ+SLIMV5EDSqvkhqfkHqYvrjN6OVqZEoNfNlOYYHLtnS/4LnaH7TBp97cczp89v6sm1E3dWbqq/OPireUSY/W3YdxWwe1CkcXvIBk22ZFGbbhGVrrPH94Svt8qHkO1fxkHdn6OSPLBZlPu+GqesAU7pjsMvMXSqgUCVvjZeqxleCJvdzxgmKHauviyMFnVnh1YHVPiI5Ea9DFxnis8tR5ulzSYycOokVhFXw9GqNEUq6bwAYoYup51Wdnz+x7tjKOuSnTodV0cEg/geweXFdfOAnzOtj9CQBhT2YxWZEJwdGi6B6Y/t4Afwjri0Fl+COmTgHiDptQVU4XKa9h8jn2wUJGCurcrsyLV6K0xAJjNz7+tCHTe6PdwzkkAtOijQK8kyVWym8QMbIrQWCYDxkXLLgd/GYyTBhSEkS09bIyk5jTCIeAO9WdtMlxenrjuvisWR7rRVHY6BWVGNUjMDpVXzCh3f5Xf0ximA9jerjXJlC/2DoKtX47doDFiWwpZSPCJhUcNkbrC2qMhBr0xJzNeLdL8kC6Wh8mGKOjOdbWqfrASJwOpSGQxvrGAferzHlu3ut1uax093mFzP4eyViAHSGSlrNyguruBi0pq4OwhQfXrVTcD02gPP8KAZkv9u3eCUIeT7qHh3nZzOjML931ecJnIW7gtebgwZi+XuzHfOHeNrOWjiwzoKsQc7d1MrAhSiia8wXWfycReKAhZeMFaXp8HzsG2YP9UduPdFA6oPkXfca/RStDGPaKEpoYad3ESid95poPKMCXf/CNB9sPgXDMJmsijcpvzl0aFGrKxrfng4vox6fH/iBx2B0u+j49Yl8/bi4LrRXNYA3dgM3mFqpcsZjpmOYkMQUwfusx+WMXiuXnoiJ2GwUfQaT35ECQcZxDaeD7FxyFfcB+F9dZ6/m57b4MS/K6untqzM6+Wcd09Niw1E2Ek/4FbHewesIr6+oz88QB/PVRaPygS0m6NmBzjLQIM4ckd488SiHVOLQUdCwdPWoZJf6Ih5ntHDdj0wnr+tk+fdn721z4/guoRAnUkgd2jbJAqg9A19o4NMDlYVbXmOw/WOngWE1OgRPuHN/V5GgDayEaQRjG5WwD2lowjfCIV89jG5N9/2Z2Nu0Q27ZPmKH2cMgAtUznMz+PwfLKDUPI0hPrGQzeHB1hQewAJOVxc/EB1EYOPqdPCV0PWSeB/Eye0bI5AqEU30iE3UfXgr44AtXl2gMRUH3Nzt59hdV55zMtTumXFj3LP7gBbhM1WM+4eYYuV6QZ+ITKD5aE7+sKkTGghqUVR9/O2VKAb/vlxwksyD+GXl6cgPG+BEj+atmOvuob2iKvUSA/RcXsWOqFCeeG94/M/pJnvbUKGGyY4ZShvKEIzAQbl8OckVH5395LMQC0GkipBGMWYo1qhyW4M0y/L/o+aG7kkqOzWfKrpyGFQOK04O55X8eFrO4spE9oV8Bo136x0X4czhaVp8P
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-04T09:45:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d1dcb68-1c60-41fa-af3d-ae2b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T09:48:24.000Z" ,
"modified" : "2019-07-04T09:48:24.000Z" ,
"description" : "Second sample" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' b 2 f 8 c 9 c e 955 d 4155 d 466 f b b b 7836e08 b ' A N D f i l e : h a s h e s . S H A 1 = ' f 31 b c 350 c f 533e166 a e d 46 e e 69 b 4 a 6 d 16523 b 88 a ' A N D f i l e : h a s h e s . S H A 256 = ' b 214 c 7 a 127 c b 669 a 523791806353 d a 5 c 5 c 0 4832 f 123 a 0 a 6 d f 118642 e e e 1632 a 3 ' A N D f i l e : n a m e = ' b 214 c 7 a 127 c b 669 a 523791806353 d a 5 c 5 c 0 4832 f 123 a 0 a 6 d f 118642 e e e 1632 a 3 ' A N D f i l e : s i z e = ' 1387520 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A A x O 5E4 v T b L d U x A G A A A s F Q A g A B w A Y j J m O G M 5 Y 2 U 5 N T V k N D E 1 N W Q 0 N j Z m Y m J i N z g z N m U w O G J V V A k A A 2 j L H V 1 o y x 1 d d X g L A A E E I Q A A A A Q h A A A A d U J r R q O q O y x e X y R 6 J X M 844 / 6 W 96 + f R 4 G N B X O + l 0 k 0 B V / V w G V 5 R Z Q n G 8 z 9 O P 4 A j s 1 B f 1 j s V a I 94 G i + e O D N w r m 6 N B 2 f z p d y k 79 u d w K a 10 P g + E d y q i 8 E N K g I p r f W 9 d a m W I 6 N m f e a S z k J z p T o l 5 v A c j A L 3 h h E 6 X J 5 i u s n h / w x v f V m 4 F x J 6 d r w O q 0 1 V G 8 h L l C r j c C D l h 57 V I R Q v a q K S R 0 t a x E d b W Q Y u s f I x u l n J t X c x x Q g G I e 7 + P p j f D U p u a N K H G 7 y D r j X J B c 5 M V 2 o c Q 8 t d z N 4 I j R T m f O K 43 n x G q K b T 9 j Q 35 l 0 P M Q J N l a d 2 h 34 S E 7 e / Q J Y I 8 e I U H 69 W 7 n H i O W R z M + m / F + N R h 5 p Q n x d x r J K 5 C R R 4 F y D v 405 f 6 O m H t l e S f 9 Z x d b 9 k m 52 B g z S f + h o Y E s i Y 2 a 1 m l 5 c e X V R R r C h b n n i b S v D U l A i 9 N P c P k S a y 5 z E N l b 26 g P O N / 1 X f w O L A V w n s b m v B 51 S X l b a V h O w 7 I R X a 4 V u P 3 U 5 v D n e K R g X c V j 7 K J g R M t r D 1 K n G 2 R b 6 i 87 C y 84 g T S X Z s G 9 z Z E Z w u 4 m S 9 R 49 A A a Z 3 n 0 m J k 9 d + O 2 m 2 K G L R x G t R y X j Y u R g 4 S n S R c z n X l 1 D Y X Z B X p s O 3 X l R i H 6 G 4 N 92 G R j b 6 H j d L v c w O Y M O p / B d c d o v C n 46 h n T S 1 I K 4 l 3 L 3 J 2 V e 0 z v 5 g t v N v J f o 1 e Q q D c 4 e i s s M E a + k m k 0 a Y K i y X 1 p l Q 8 a y W 0 V m W A / P P 9 z m t e P 8 D u K Q 6 I g i k 62 J R G t L 3 l s r q L x e m C J f G a F n k E e S z k G G j b M J 4 l F / 2 s m P D J F s c H S R i a j a Y P 6 w g B h T f N + K C / V X 6 g s x q V 79 + z Q t U r E B i a X H N / e 4010 y e k f C e L Q S v N G q w f e R u Q / d o Q S o a f 78 d g 2 M g n G i w / Y e m 0 3 Q 4 V 5 A g t x T x O g I F h F 3 N B J d y Q 1 U M e U K 0 v c d 4 k f S n c x l s z 8 r K U c a c P L u / i U I r d N 3 w b l r W t s 1 P Y 6 k J 6 m V E p q t X t 4 c e z S 3 T J u r T Q q v Q M 4 R 6 E F + D 2 N j l T W d H Y Y a b K Q m 4 r H K U 6 Y B C W k O v 96 K q k 7 D N Y 1 z E X / 5 p d W / B V W M S Z I M M A 4 l i L + P i R 0 k y l m T S n b 1 / w 7 U U O A b H a W c u O W W a d F P j 6 U 0 d G 6 Y N m 4 A / L z 6 g + / Z d w I 0 m C V E b o 3 p K F 0 F S 9 O I p t p c 1 a C J I G P I W K C b u j 7 X S b O 9 V l j G 6 R + l h 4 U h e Q f w I b D r a F x O U w Z 8 C K F l 9 J g V I 0 + a j o c 74 n + i T S V u n F j B 0 B s a 18 R L R x y 7 / 3 d 7 R N A r + V p 1 u 9 X w l l 4 s + r O R q Y 0 7 h m M e 7 h j U b o j x 4 C O V b k I V I h N H / u 6 c u C Y K U P A B Q e x L g 4 i N J h v x s l M A 0 x s C + A P S w E S S D d e A r X f Y S N z o X 7 M 7 z v 4 H S x 7 P B 7 s O / W K r C Z j Z N q p / 3 M x J 6 C 9 O 0 y w u p Z 9 K x 5 S H B W o 1 w P 1 g S N Z h U O N 2 W T Y e a J M 1 F f i R e D s I p F Y k 0 Z l W H E F + g N g f H 9 T / f e / U z W u Q Y 5 V b g f f 1 i y 2 i m i v r o / S u C e b q X b V h F b g Z E K 4 r E M R V m 8 L o i 8 A s T c i 8 c y H g K q p K Y C w n u q g C R Q X 2 N d K q x l D e k t J t E l k U F M m 0 J j f M z 9 K 7 r z p W z H 6 o A f A A l b M u e k u H f S Y g 4 e s D E e Y 9 l f g d u n G h 1 R 127 Q y / D E 8 M + A H C x 1 G J k h J G V v x 2 k C Z g h J p T D w x I A z Q c N C g i o a / D A t n X P t y 50 R 3 e g j s s i 0 b O J 7 m V L E P h U 5 r L m Q N T B W s P + k Q 8 M O 3 H I 6 Y + R / V z 7 i 6 Y q 28 S I L 71 + X + A 7 F 7 g 0 N u b 7 l e o A y k e k 5 M R h K + 7 i i i Q V K r a P h I / x l W M 5 u y I R / G f W 2 b C a T c W 66 V 1 t w d E U X k Z n 1 H E A X 6 O k d U U D 0 t t s 7 M U o b H B 6 j E 8 m X I B g p Q m o G t Q U d U + A m I I j 8 R W P q Y 32 e L d P s + R 5 i 6 s y Z E S 90 R C 2 S A I B 59 o c L V b p 4 c R L l / R i j s w + y u 923 M b g U t h n l E N 9 Q g a E f i v U 6 M N Y x N C v 0e9 D 7 N I L A e M 561 v 6 X u 730 o y K H q C 20 P O T n o M a l u N L / M v e P 64 B n P t i N C 6 U Y 7 H D 8 j d 3 G f J 29 i 5 x b t o d V W z a D U P / q O 8 / 1 L K h z p s R r M l Y f 9 n 18 Q g 4 n L d S u t H Z 8 I o u B 1 T V m T + L t K 6 + 0 z P M q A u n c V d n o J c J H t n F H 6 Q h s j / 6 + I d U 9 F G I s g T M z y 1 i 3 D 1 V K R c F w R h q j t B m h 3 L m Z c S X J x h s x v z v f W K D d A X H 9 u d b H c p v I p e N l U h I 3 r G Y b y l P 1 J a Y K 9 T 6 K r / g S 9 e n J a b v t A 3 F u x U 2 s b A M z c c / 68 m y N F f 3 f o 9 y O J V a J 7 W y E X m 9 n e l 7 q A K b + s S a Z r O 1 Y h 5 + N x 25 A 1 y 2 c y 6 W 9 D + q a v T l t n z K U + 4 k n H 2 x N n G F B O g r Q 2 / r 636 f c f P I n o q J J Y 8 w S 3 q K R i J w 8 J / f i v l K R P z k r r a U 6 V F f 4 M m M w h M x X B t i j D q L A y V 4 t y k A m N c V B p P y N 3 U F S E Q z Z / 6 E x n 6 s h I S j 28 B j I 4 S w p g v s v 7 k 5 Y 9 S X c C v s j F G U X t X z C x b / Q F G x + I K p o X u n d 7 O W g E I 8 o 1 n p Y l l Z e n M F A y w S S f N p 4 V b 1 t o E m b 4 e x W n K 5 k m M 4 Z M X 1 o O e e S 4 f o 1 b S B 2 m N Y P 7 y h I d I A x B Q x Z B f b j L l w M R G 5 V b h P V F a M k 4 D K 6 J s b j N 6 B A W I 3 t C z g 4 q 91 v W c 6 v a s B w j n C A m S X L 6 n 1 p m t u 9 / 8 d T 2 A r J e 7 t I w p Y Y 1 m B a 1 t 4 g j Q 0 I e 2 r H C c v s Y p w q N 9 y a n M q c l / r c h 0 x S 73 c G t i Z l j z c Z j 9 u c U s 5 I p n 8 O a l 7 K w h C y 7 G O u / q o t D 1 n i L O g o J n p u 0 O Q Y z t J f B G X T W P F A C R F c C C x o q + g 5 F B D B I x W k h 37 m r 1 W e E T R X m V 8E1 j r e D b N g J N d L a g c Y U K 1 g 3 P l 6 / r Q a y W l O L O w z 0 X / m x 8 v Y b J Y B 8 r K C 9 L r 3 u J / 9 u Z 1 B g L q X B H B f w g X g i q z M o k n R L P 0 W U J x c P b / 8 W M H 2 I o m n p p 34 Y v l F K t V m j 6 V u Q f h Q + q x + V v m p 55 S w 5 P G U h P s E A 0 d 60 j b q O T + M / 8 D 3 G k q g N v k m 617 Q E a 8 I y N t K U L 8 A F E T x j 1 V v g q D O b b w 6 G t Z A 769 Z U 9 i Z k 1 q Q 3 u O 9 I i P L R B m F m H f W H N 9 G S J J 1 t W X S j u i s w A s J l v / B u 7 / Y H Q K Z I t 9 Q O c q f 1 D e G n t N z 9 A n 0 e Y 1 v z m 0 Y 9 k 7 C t l h r D Z V G V M Y z E 6 T y 9 K 4 D s y E h f l x c 5 o Y F n l K + s q n C s v E u W X U W T k a j J x A W C R K O + s R A s r m J a z a p + S r e j w L e 48 a g A C U B 4 G U h 8 u f 45 Z G 4 N I N 2 a U x E c 7 v 4 K b B A E e K 2 p y A x p J B W Q m y d S u A L M K r i W G i 4 a N E l / F x x + 2 z x L y / P O Y 9 k q 9 w v 89 V 55 i w k r O / P 9 w E d f Y h j 861 W E Q D f b W X g 8 A T w K X U H F p X C G n N / + e F U j 9 b F o + a o B 2 F Y 8 t L D d e S d Q w E O I A o S M w R k 4 l + z k M / o W r V s f e f p j B b g L B N f d h l P C I q 6 / r J h 1 j L 2 u 6 P a V e K B z + j P L A T B w Z S p a R u 6 p E 0 685 S M q D q E d R i 1 l A F U A 4 W p H V s 72 b i e H k J X + p + F 8 x S 9 V 7 d 63 G 0 V + V y T w i n h 2 b L f n k T H T 9 B H h q O 72 m l k e R n a o N m w F Y W S E c C / 41 g R K Z c y G L J s B E x + 6 a P o d s Q l u 3 F v F i U Q G b R h 7 W v p A N l U 5 q W o k M a h f a n d J + S B g d G E P T 52 U V W G K 4 m t Y 9 A H I 5 G C b G t x k J L r 2 Y f a / 6 y 6 N 3 R b y e e o w 16 Z / 8 J D l c Z a o E c k L t j Q a 8 g P B x v 3 P C H S n H G 3 R 6 P / C S S 7 P h + V o j A l j G I Y + D t y c F Y s 5 P F K 47 d N U 7 Q Y + o v 6 b 2 G 1 R x Y t B z
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-04T09:48:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d1dcbd1-1ecc-49cb-9581-4560950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T09:50:09.000Z" ,
"modified" : "2019-07-04T09:50:09.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' b 2 f 8 c 9 c e 955 d 4155 d 466 f b b b 7836e08 b ' A N D f i l e : n a m e = ' b 214 c 7 a 127 c b 669 a 523791806353 d a 5 c 5 c 0 4832 f 123 a 0 a 6 d f 118642 e e e 1632 a 3 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A E V O 5E4 v T b L d U x A G A A A s F Q A g A B w A Y j J m O G M 5 Y 2 U 5 N T V k N D E 1 N W Q 0 N j Z m Y m J i N z g z N m U w O G J V V A k A A 9 H L H V 3 R y x 1 d d X g L A A E E I Q A A A A Q h A A A A o t m b J 0 9 r A s e g h 8 J Y q / 3 d 8 O t w q i G w e o 6 x Y a 2 z r K M f g L V J X p J 5 u b U J Q Y u 74 f a T 3 q f 7 q p X 1 j 4 y o i c t m L Z e M 1 j x g 0 i 2 O K U N l 977 h 5 x a 6 H U g y C K 5 c z r T y 0 0 C p K o E 2 l m M t y V 4 n Y t N w e 1 o b C c L X S 2 K u Z i a X W U W w 5 E o c 3 F F S K x a R W g m X Y m L m O 3 F V g 974 Q 4 u H q u n t + S 7 m 8 Y J O B x Q 5 + M d o K a K z 6 Y 9 g L 0 e O e p c 7 w J v z / T B + 6 / o E u N k u l q D H a 5 l n c / Q / + R L b e F 5 g M w E g B j X S r j a E s u E I 3 r r p 0 g Q V v 0 r x B p N q V Q 8 / + k B / 4 r v D y Q Q 519 y W T 40 S Z g j g u M H D B D e E c N A q V f F O C R 9 M l n M H 0 2 Z M 4 Q 9 p j f J P n y / P t 6 n C o e y v U w b h 1 T M m E n V 1 G 1 T s Q x t y T w z v x 0 q B M C E b d + R 0 t p 1 b 8 / u u O + + 5 z L i 1 S Z 5 Q 9e8 R 0 o / l + 4 g l 1 P 2 c U X B 7 b M o K e 8 + a U R z + K 561 e U 3 U V H B E 9 u 2 S 6 a E p 0 w E v l o P R k + / m E U 8 h 8 n m C O e J s b S z 1 j 7 N V a D O Z y k v S 2 i h f A s G G a Y j v d C m m + x d L d 1 e r N I n + a b q E Z g f V 3 U t D w k a b A y s h e b N r s E 8380 S h q r B X O c 8 x B r y 0 f C 3619 r o G 7 q i Q 3 k B / Q S + 3 H f t d K t B 8 i F S M y p z q p p W r 2 z 5 i 6 Z u J 6 C u n A x F k D + M 446 b M Q G o E k k 8 P o N n q f j x f r 3 c 2e74 P V R W X A z W Z 87 v r 9 P u d Q I C 539 U 9 Y / 48 X u 1 V Q E B Q T + Z V 0 m a t q 5 D 9 F O 9 x j W 46 C t T 7 H Z 9 v 9 C + B J D V h h 5 l 0 k Z i T Q + p L j Z d z 3 W 6 G o o v X 0 a T P s W 3 d 5 Y H 1 f 4 q 42 G O A y h O w B g P D u R T n i S C 0 M c v w l Z e C n 8 D 2 K w I 8 p R B 6 z + l g l D W z U r R X H q X K 8 u V J 6 T S 5 m 44 m X N H + D r I E b M n n U g H R u + R 6 + E n 7 w H p i V h g Q U 1 V H E t 0 z L f 5 Z J x K k h d M K R 0 q d D B o / h R g j z 40 d 6 s 93 x R a / Z t A M D l Q + e S e O b r w q W / m i M x g u L W l + 20 K n g t Y 3 G X 2 + j V Z 0 o 2 / Z K 3 D J x k 698 g P y e f G / c T b 64 Q 8 z x A Y 5 E P t 5 z e T 4 n 1 h z Z 3 + C a g h j J / 2 r N V F H o U t 8 b Z g 3 V 1 F x V X F J R C D 9 y n 6 S k S d 1 N 1 h t 7 p U M l 9 M q q 12 p E z F u S I Z B f m K y l m i 0 Q 0 D J Q 9 l 9 y R z k 5 v r P C F b r k g s V i u S / n x M + O 4 r d l V 6 Y + h a 5 T Y s F 6 h V l E x p 0 64 v 0 6 j y N Z 51 l 5 n b d P R P q h o Y c O 9 i Z I N E 4 x 3 g t n s U C E w + b M e 9 h 6 a f L w E M 2 V 7 E e N 5 O W 7 q c s 5 f V Z M k 9 H P o Q H V V 6 F P f y 2 Y 4 Z e 7 A p t b K H K F J x 89 Y G A 4 X k f 1 U a s j z Z d X b W p c Z f e d e u A Z O x S y E N o R 2 C 2 I m D H 0 C t a F R + + k h r d p 1 Z R U 42 N 8 p J z t a 49 R o N i z 2 T o j 2 L Y e B f v j + 2 V a i x q O S y M H U l K Z G 4 A P 7 n 7 S s A X y + H 9 G 3 f 80 W 80 V 4 u v x Y 50 b v B 9 R J 5 N L 24 a Y L Q W X E n l c c M 2 a 0e7 D 5 O X D D l + r 3 b O 4 I x v v 3 + 7 T I S V c 0 a q W s p 6 k x W H y s p H r b V w E m Z D k D t V 2 h C P g d 9 c n Q O K a n P K T T w 8 B I Y 5 J 4 Y 2 h x t K B k 450 V Q c g V I m 1 l 1 k F c 1 + p F i p g i t K o r i N K I D B 8 J a x d F n J V o X d J Q R W B J 0 + B Q g 9 L T 6 t 0 o O u P j m H U W R a s C 9 W O G c l S U o D P M v 5 U + z x x O 5 N p y X c M T s 0 7 z B 4 w i I Y Z U K 17 J 5 a 6 o V i D O + D 7 W e y O n n n J R M i n Y 36 F V 59 D g L 1 + 0 E I 4 r f / u K K L l G Q E 1 b M 1 h J l U B k j y y S k P 9 T n O 1 h P h a g k e X m y c 8 f g b d l i u p R S Z O 8 L K q H H 9 H 1 k k U u h N k p Z c C R 0 A a n N 7 d n P o 7 x L A g 0 z F V z B 4 N t f 3 r 8 R 3 / b Y K f h b 0 n Y p R c 3 w y s / B 0 I O Y P Y B 8 / 9 d 4 s 2 J L + P C l W 3 L h H j y U N J v y 6 a h V b d b x D A x k O o 28 P L 5 L s 0 M G Y 5 K x t Z T F g j 2 W I D D 1 t B o s q f C S L I R Z G B H w f p 4 X / y t s W f i 94 d H e 2 j i 2 V D g n t p D 7 D p w D L 1 g C 8 t g c / F U S V p / X M J h v f E g j R + X o W X u E 7 w A R g R c 5 k q 4 g + 4 F r u H Q 1 x N c L x z W 8 G I G P R c W i h L 1 m z A + o s W o q d 2 f o 1 V a v F A x C 1 h k r j l 7 S d X T k z P k h 2 c c I A R O w U P c k Y m V V 3 K R 1 H T 5 d s x 5 d 37 Y h 9 l i U K y d V V e T f f L E l O X W Y 4 + l n 4 B P 99 F K 0 Y h A m Q a T X z 8 x d w g w f N e s Q s Y H 84 L D W G N a s J H s W r D J J 7 + S H 16 I 3 q 8 z V / Y J q W i 9 B F R F C 2 k w M S R a D C G W l G d H R J t p f H Z i f 3 h n x 2 v 9 v H A P w H u R 4 x O C t + c n d 2 Q m F E S n E Q 7 I U d U C S 7 T U F M a i M n I 1 O 5 u r + w o a X X e a p C H U X w I 0 B k / c r 9 v + f W f D 0 b p f w C b / 3 n C p 4 u 2 B h 5 a R j j J a u 0 f E y k R G T 0 p s 2 T O r H u t 8 m 1 o f c I 0 E x T F Y w G I Q b 3 v w q 9 h J g m C 5 D J P R S S R Q 9 s j O E x 2 U / K C + X 98 L y k 4 R j Q v S J 4 w 1 u 0 C c m Z k G S w q O r r w Q V d T B k L o k b 8 x v O 3 d P Z W y l j c p V R S c n j c R D f e Y 1 o 8 a b U Q V H w f m x H 3 J n H g B l m Q B q k 6 O B + u X q / I + V 97 t q c z y x 43 r 7 n f j 7 z 8 p L 0 + X R E Y T R g c x q d I d 4 W Y f 0 N R 1 J o x m y b T 4 J d y + o 6 j u x u t P C h E X V m d w 8 G 1 Q S D h n L 2 W G O A Z N u X j m n o 9 H k R B a A P r B G I F X / s 4 v + k Y o 5 H p n G G Q i / 8 z M 780 y r 7 L D q 9 o h 9 S 57 u D s Q t 3 e D B q y V G + U e x B n f P a L t O D K P u l 3 K x U T e F a r g V k Y E T C O g 6 w t i 4 k C L h 8 g p n u W t c 1 F 1 V J R D M 0 R W D 5 r D W g i 7 s Y c t 7 S f Q 6 G h Q f m / 2 u q / R C o N J 8 s x A i y 9 j 4 X Q i D h M 8 B y n I Q w f k + F m p + J + / U U U //mAiuMgLwvJEW6P58xHoCZH96U8JEGywKhmSRiBjVePSAykD2RosovY83lFWrkHREWdLEfjktiKZnsZ3rKKl72Pd0o2OkquKkE4LbW3OjeOnuWsiQt2K9e33jHfB9dJeenrEQKgvBc+5IxkpcIUsn4XFV8XoLKr9QYTYDW8i/bpmfgmlTORcjffup44aSfYVVHtPF/gzl7SdFoy3U+VC8zGtVf/NModN4i2ONJRmgqB/5uEiVwYMGyTYGog18ua2dzztgnAuFHn0jcRqalP59QxbximYp/b1CJ31cDcV3opZX3rEN4zOAJT1Aw2y8W7YiQCwmaCy5gTxGxAK7XbaG5uGa3BPoiJY0amHfVWp1boLIETAM1Uw6y3+I6YQQExpwg6TJ7l1KfssBZZZXy/Tu1khNVs08zsUvPT1OCasKjKcArAZ2H5t1o58Um9/n1WQQVjK25MONFj+UtQ7CMwEKVSfDH6h5s0h0bgnWXGMUNrAJt8ozOascawEFrAehaaa3/HyTBPpGBGT6ICRiO1r4BS9PtKsnfMbvx30cRK5hLieBt+oOj33wUhcklTtN50HPulCUjubfFpKqZxR+yVdSNktsyl48VsO726Roeal0+alCCSEO8l9ifO9vBdWtn3ZCqNBCyo15eLG1fSzUyRXgipCdjn0QMlpSn/7o12E4kGN3SyalfX2jOAWepyEeHq/EwGrAZA7n3piUIUNyJw4m5vduJFnqy8+YsjfvVL/NS0gN4zskg7I+KUzSKwE3ssxMWPedtwXI1Nhdf7HVsWGjemciDEGV+riYtxPQjh2cNcFhp8K4DBadUyoG0QyjJmdYZU/2AfQnLOli+bLYArVmtHudXJuAjFZzEeGaJLwBgICYxvEzZ5egFJ8jeazFs45Sd06zdwIBFswjRzKnsb5rYNCHBqoWDmtIE4dmJ2ZzV1057UEKUj9lznrP8Jnw7VHQHtHWYtlV83CCKpCxB85sjbAfSctv6+gxwegWx0t//nDRx3UAd3EMrdUzBjTJ2QqCEYI1OQjHu9Ndnsa3iN
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-04T09:50:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d1dcc9f-4ff4-4a67-9d55-4c50950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-05T19:26:41.000Z" ,
"modified" : "2019-07-05T19:26:41.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' b 2 f 8 c 9 c e 955 d 4155 d 466 f b b b 7836e08 b ' A N D f i l e : h a s h e s . S H A 1 = ' f 31 b c 350 c f 533e166 a e d 46 e e 69 b 4 a 6 d 16523 b 88 a ' A N D f i l e : h a s h e s . S H A 256 = ' b 214 c 7 a 127 c b 669 a 523791806353 d a 5 c 5 c 0 4832 f 123 a 0 a 6 d f 118642 e e e 1632 a 3 ' A N D f i l e : n a m e = ' b 214 c 7 a 127 c b 669 a 523791806353 d a 5 c 5 c 0 4832 f 123 a 0 a 6 d f 118642 e e e 1632 a 3 ' A N D f i l e : s i z e = ' 1387520 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A L J O 5E4 v T b L d U x A G A A A s F Q A g A B w A Y j J m O G M 5 Y 2 U 5 N T V k N D E 1 N W Q 0 N j Z m Y m J i N z g z N m U w O G J V V A k A A 5 / M H V 2 f z B 1 d d X g L A A E E I Q A A A A Q h A A A A P r B Q 2 P V o g G i X L w E k h w B Y 8 T z q 9 A 1 L B 3 o 6 x Z u V h o O j m a j x w A 1 v V D h o w L u c H d l h u K + h 7 x q e V s g J X t K s l 5 N U s X F 0 V j C M z v t + H l O j d g P N A b z p N O L b q B U I G A b 2 N w z W e L G 2 d c U z B l h z Q Z I E S 3 B s R P a P 2 i K k n i H G T + J 9 L e u 7 z f c a F t L J I n 7 j b 14 t k F u E 2 t 1 f 4 K w Q z K b 6 t T l K r C i X P M h w s r j p V B N v g z C 5 Y p A a Y e l q L b p + 3 I 2 R N D Y f E J O k x a p I T l A 9 L h l c x 2 q W 2 N 8 T v I 4 d d j T 2 o x w k 76 f I Z 4 U K g z O X L + B G n P v r O f A o D o 0 f 76 z l 8 e y Y o h m 62 L 2 A N i M o c y D / 0 K 5 g W v L Z S p B i 2 r 16 d j t Y y Q f x S p m 17 B f H u b e L O D R E m b q D b / c V X k 6 a + 8 j Q P C 5 q J 61 j N D C l K v q Y 5 l O X P 4 d I I e 1 l 1 s y A o j O g l w k D x d b 28 r Y d 0 W U 0 v o 0 o R Z j n z d x 6 X q 6 P g N D L H a A K A + y d 1 P 3 d 95 I b p Y k 4 n E n o L Q W t A L J 8 / 0 q w h d w l R F D n W F g u n b V A v L 5 n 2 k w z F z k d I g O 4 A p 8 h V c P 5 G Y F 2 c c o H T 35 w P j x 9 e n L x U 90 Q q G s g Q n S 31 t 34 F + K W m M W U a 1 m 5 Y q M X c 28 w N m D G P p A I r U D Y J u H G c Z t Y U Q Q w b M W q A Z e B z i J W j Q n L 7 D 0 D 4 A W 9 r I 5 z R O q C s V / M 0 u g C K 0 J o E k h 2 S s 7 v T l u C 2 k s z r 8 J e i w A l X x g 7 W J F I I f I s N w 15 k p e / u k G V L j 3 X C y f 6 n / 3 E P F T Y p Y D H 1 V 2 / L f E q c + u d C W T g L 0 A 2 I b J 7 V e 8 t p T A N y E P D M M R R Q b q o i 6 m E i 4 r m Y Z h y Y B 4 j O y 1 U d 8 b 9 + + e x 9 D z L A I Z Z 4 B A O Y l B 87 E S w 1 Y t N f 3 h Z 2 E t E K 7 e P 1 c k X p J 390 G q 6 O q V u 7 f 1 T d k y v n i / Z x v 6 W 9 + i X m + p 5 W e f d 2 n u I k F U 9 M o W P K + y a A a + v k h W 1 J m d o L E 4 W f W c y a U / R w 6 x V g e S 5 U 2 Q q v 4944 v m N K o m + T K r U P n v m / 5 R 8 P V 9 / m F a r X 61 S v P B 4 X B E Q + 3 m R x u i + t 8 a j 0 x o G t x T I a S I G B o J 1 b A C I 6 H p z / A b 8 n c J 3 s + C m c Y 87 T e U / 3 C H w U e g 1 C 5 U b X X i S C j X V s u p U t z k A y S 8 M U k B H x x s D s X f k z 1 P I O 15 M h 58 c z o j y 5 p G l U q r t e b F U n S l U v s Q 0 i r / E 6 o z f Y A U r 5 q 3 j J P i T 3 m r 2 Y O j B 1 g p 4 F S 6 q L k F n Q h F o o g Z 0 T B Z G v v t 0 8 D o u s J f y B 8 q u L J b 3 y / A R z 0 / e 7 m R 1 P D 0 a B Y k B k f h q l z i i m Z 8 b I w e 48 w v J o A e N Z l y h O t b M K c P H B V R + 0 + J a O 3 t 6 x L g 7 l y j m k s r g 0 T B 3 Z G A w 7 M Q o F P 9 l c R U X Q R m v 0 R W O l X n Z 50 e p U R O a R h 7 n N 0 R r l 7 Q A n g n n S S j O M V W A k P r r f s F X I u c j W I 9 j C 6 F C 81 / w k U 2 i 8 k U e w S 9 f t W U D C w 92 c Z F g l v M Z v g i X Q s g b D N J Q t h / I 9 z W C I C s o H f 3 r 8 B 0 K U P n n x a R 219 Y e Z h 2 X J 4 M J m o U R u s Z 4 y W P e n D D Y P N t v r K I y Q B Q 6 I z / P Z 0 Q O l 9 L S + t 1 o t z h z S a b 1323 w H 2 N 4 k 0 1 x c i N W s J l k Q O n N Z 4 M w S I O v 85 x S e T I G + i X f S 1 a b C R w / W N 2 a E X J m D A j L v B w Q p J B F 8 N p S / E H m n P M 2 L x h p h M 2 a Z k q E W Z r t e z c z w + 9 / + p q h k c G I B c V c v p C p w c u B W z t J T N h h V R e C 5 r y M 3 D F J I i A 6 A V k K p w s p D B K S S d d g o g T D 7 k n z a 2 u 9 S L G y S Z V S u G B s 5 t J B x w L k j B 0 Y W R 8 u k 5 C K 9 m M Y k F B 2 l M q K d q 5 n 7 r Q m G h x M e f T 9 s 1 M y x / I J Z E y f u b g i a u U n r u y r / T b m D 7 T D Q K Z O a r 4 F o J s S M e 3 d 2 b d H L P E X D X R t a a E D K g 5 c D Z C Y a Q 3 P X 8 r Z D K X w 5 Y R 7 R G o s y L 8 I Y h g h e M 6 R r T a R Y z n 29 y D n z 2 h m J 7 + 6 t o y b B 0 W W 6 b D z u b b C W S c g J s f W q S j m + z D 2 y h W d + E 7 h K H o T C Z k g o 5 a T 2 W k d c S y v q C 3 C S y t V P q R 6 u w o i k H E L c 5 f V 7 R E p 2 z t O o h P 6 Q e c e + 8 T f H + R d F c V N x y l R M 7 b n E r b h U y 1 k t h v / F o / H X h D 1 T L o t T k q v e q g c Q c P 6 c d w + U J 4 I / 9 A K x L D a 0 i K H 4 n X I 6 d J b X d G M Y + U V 2 Y 7 Q I b v W F m 0 l u w y T p 1 i W d D M E 2 N p E I E L Y m Z 3 J o A k 7 M O v P S e B o E e n z w c 2 d H p p O 29 y H F 7 L y g W I B E I 7 Q x e h l Q / Q y q R v 4 G u F k T j F Z z b W z 0 d 8 y d 2 U E B M U h m u P 0 41 E j C f q C d i N u j 84 m 6 h r 0 5 O i y w v a W e c o c 9 Y x a i k n I u a 2 O s Y Z 0 b f B v m e X r y I M 87 m e p x Y K B L Q V p O l o X s f M i 5 c a H f 2 K H L N a P t 35 v A o + 6 //NpcjEgmTF68N6gm7BC8m8PBc+tHB6vOwWZQPRHbOPAJPcxImSotG0LdUfvFz9O2kjGLkGD/DZdIpi+8eMYrnHb9BojMkadwHW1K7tlrbJMu1uX9K7oJ2/VbA6bGW0kD4fs/TZw9Y/mrT+8KhRZuk5mAjYuNswoWbLKSC06rtKW0Qot0ULe8+YU+np0Cie92kthjj7KEGIIDSdzs8j5daMa5LkHeshKpSFABh7YZptoKoqvC8K6jRA2z24hFAs4vXjh5sxpM5zKXz/FNVeZSbm2P9NHNh0lBka/4jLTsoOe/l7Wx890qfNbwAeWKKd+65jVR9AUMSiPpQLx9osMSDTCH9QmgrL4yxCVrTl/przGXOGlPzj6WF3yOKe2V3Elo9wgRZuz2ADhW2ke6ffMzTMxw8G51pex0gvuRPut8BmNFsGy9vQwVgjbI+I2QMWJwp1hCjTwqNPwD6J42KA+gueFM6KcBUhAdrU5YcZFzWRch05zivfpUVUvvILkFvscfWFhSJaVNfJ9Od7k4gTWiMh7lI8slMtf4d8+auD9q4gnaPO/kI+jGipYzdkp+sTsJSY5IDyQoP3Ga+QDF3aRuELzPcRW41u9TxU54jvdvKFGU+HDRMvcxfJDFyNHjfreFplPhdOHHRobWunm8uNU9E4rChBuZ/QswmdoqLO/Ilw21ZQYvLsICq1I2YTb1iWyl0ECK+JsaP9ufUBaJo5yXjII2olqH68suB1oq7OoPL6e4nWrSBIoRxE3OaE0dorVVgT6/MWRjJJI5ixi5R8ZY844KGsvyLX3lOpBs6zrMC31geE0r/tOtwTWs6sNiLcoGwndU1FMm93DBIgoorVXXCusPYNtUsZATKa0K5EyN0Je56V2/k2SbCtSWvi+WcWSmlV8qJ0g1K4C8rz5uF7wSbfjcy4z1jfjcw6kBYFGHAuM1bx+LH9+nymzRtv+0RL606yRArEaEA6N+kP6JDtXRs5ZsaAXrq30dv3PjxUWwEjs9NHSpTKYRCykMVzhZYXrd4xVCe/coKtHVYZJUoWOL2nBZOCW5GTgDBnbyTUp8BWf+NYAHlThRWMu8dE/s+H+P2qNb2+86fwjSY0UeWN2+0gkNguVH6qqiyN7kydRvjK8Z/1/HMrHATftk0PJbyXByCoSz3bO0aahl/Gxfsb67bgDiiAWOvaFWzxmgfUqJNf3/Bur/TlnP1yK9EOW5dTAIsDbu6HAVGQtKM8JQ01TMpHRjIhpy21802lcNB+/4hEVr5Pbe5yIepWNfkvwO+h7HS4yXn8z95+/Fcn6QYMes33iftNCSFke54j4t9LvrOYwPrQpor6bPATGY7vr/81eK
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-05T19:26:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d1dceb0-5e88-4c96-9198-4be5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T10:02:47.000Z" ,
"modified" : "2019-07-04T10:02:47.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 7 f 0 a c 1 b 4e169 e d c 62856731953 d a d 126 ' A N D f i l e : h a s h e s . S H A 1 = ' 1687 f 9 a 94 a a b 13 b 18 a 105 d 62745300 d 8 b 49 b 0 37 b ' A N D f i l e : h a s h e s . S H A 256 = ' b 20327 c 0 3703 e b a d 191 c 0 b a 0 25 a 3 f 26494 f f 12 c 5908749e33 e 71589 a e 1e1 f 6 b 3 ' A N D f i l e : n a m e = ' b 20327 c 0 3703 e b a d 191 c 0 b a 0 25 a 3 f 26494 f f 12 c 5908749e33 e 71589 a e 1e1 f 6 b 3 ' A N D f i l e : s i z e = ' 442880 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A E x Q 5E7 q y U F n o i Y D A A D C B g A g A B w A N 2 Y w Y W M x Y j R l M T Y 5 Z W R j N j I 4 N T Y 3 M z E 5 N T N k Y W Q x M j Z V V A k A A 7 D O H V 2 w z h 1 d d X g L A A E E I Q A A A A Q h A A A A h s J n 4 G X V u s b B B D S T i U b t l X P h x u V l I A 3 X b m 2 E + d I d 3 e b m b C J k s R 2 l X 2 / z M A p 4 f O a 2 P v f C S Z H Y 8 H Y J 7 k N n G A 0 87 E N c / i 8 E M / t f 9 W k x 2 g d R e t N 81 J R H 0 n A v h t l p e V A 3 N v i r 8 C t O 8 v J W E p G N 4 N F N u w F c H Z G 1 A h v r B p 6 m K M s n 8 G 7 o K y / m O Q x e 9 z e N k 9 F B s F q t S I n g G B c x 7 F X N z 3 G 8 M 8 L S S u P o j E v e / F x R Z u m 7 b B O j W z K D V z T K h T w O V e J q z e z d u 8 W S 7 t o S W C W T Q 6 S / L c 13 r e F j L u 7 b 9 F N R Q U W O F Y w L p U Q N D h W E i I m P C E U f 2 b 7 O + g j 1 f R V y + 1 x E V K v V 3 u 5 i 7 w S 3 m v C Y V 7 o 4 C c p k i E D 35 s e e b p c V p 9 / p 4 r 26 t p F 8 Q U O 2 Y M k k 7 D y 2 e u c G O J p 41 g r J U R L z a Z f y H 62 U a A s U Q R L f n 7 a 9 F L F M j D w C P P e F 2 N W x d b 0 A q f i S l S I o i V y t B d 7 d 43 Q P w w 57 P 1 Y p e / 1 G / q t p L I 3 r I P J n K x S b w C z R K q y T U 7 r O z 72 B B i 9 U S Q 7 z Z I v W 3 v t u C A 8 N G 40 H Q 0 v V L 4 S 6 h v 1 C f P q 1 Q D C 0 o a r X m D X r J P Z u M r f U K c e D T N V y m t y e e l o I X E Z 0 K 8 W J + 6 i 3 A A W V 5 N u 7 E j N D M H O 0 M Q 7 o W T s 7 g t O L 6 N Q J c t 4 q N 1 q b K 6 r w t f 8 q F A O / Q h T H D 0 r l N E V i U X h i t 3 P 7 k 4 G a N z 281 j V E R v q e 3 P B K c n o f g W Z V 6 x r 9 V i e U g U G 8 H M t H d Q h l 5 B e s d 5 O q U I 0 d F d z X T 4 c X J Y m r s D f w c o g U x V q R s X T s W 2 Y Q 0 f r o c m i E y + z L + U l D m R t G 7 a F U W m s L C M n Q T x t H I H y I V 382 y x + e K 5 g S d X 0 P W s a G P d 9 A E w s X b b / i N e q r A o S t Z q 2 J 9 T I V S G J 5 o 19 A l T 6 u L B B g 47 b n N 6 N g R i K l M G 78 P / N l i W J I b g k W a F T t A j U L t 0 w J 4 Y 6 A B n J X Y C K h w 5 s p I j 6 s l t A Q w O 75 c O r / o k f s D x b Q w f 4 R e g X K F w J K 3 R R 2 O 1 j e 2 v m D j I I V + C k i 1 r X 5 K B j u o / m T d E 9 / x y P 0 l H R L 1 a v + S t O O u P z P q p v R B j f U K a 7 B v v A 2 y K 4 Z O y w P 9 g / K O 8 q 1 A Q h t H s 3 B v Y V m 8 r p t L b E G A J H X 93 Q u R t 4 n s l w y b 4 I O 0 t y O T e 1 f x N + 9 + 7 Q D z o W l p 0 d 5 I Y z J C T c e L 84 i V i w m l M Q M t O X h + d k h b U Z V z b / E V F t U K 6 O a 7 N D / 8 G v Z o 2 v O A l R X t A k a C q b 8 D c K v 7 v v a q O l z Q Z Z Q f 0 H 3 v 8 T r Z j L 0 p F W a c q Z U g u P j N a M J C l B 0 h 2 / I / h r M Y d 64 i q x i T E y B s o N G p E 3 q w n 4 s X O G z 0 m n 8 P e F e 0 H t S f f 5 S H z w 5 z H b q I U q E O M i V f Q h N x / r J 1 U F d R n P U l l u j A 9 y M k v / N B C 5 x F t 4 g 8 k 7 Q i A 52 u L p 8 U t f u 7 N i i y L 9 + V e q k / h X m 9 j K M G / J h 0 k i d L / u H T e L u 6 I 2 t / + c J b 0 0 8 g r w E R K J 19 s N F Q g k C Y 5 V 9 L F 9 Z H n A o 0 U k g / N 3 y X 9 I 426 l 5 T G T U i Y E c L g 6 m u N R X 85 E V y d G p I Y C P h C Y p x h 2 X E T v l + o c q 5 N n v 4 H O S D o o f 4 I P 9 G b G X g X A m M J z L 38 L n 1 d t x o W v U c 1 q 9 k H x 9 z o J 2 g L L B Z S A h 21 o y 17 r + 2 F r v M F i E F I F U / Q e J 2 X / M 5 G D F n q j m o j 0 y X z k i 0 h l Q 3 G u D p h 0 K 6 x H x w K c u 8 m z R c p w q C u X v t w 24 q T 8 n Y 4 b Y g D j R H n n N / 393 l a U l S v / 6 A F x N K 4 d p y Y E 1 J X 44 B 3 i h e o n 51 / 8 c G J j c N E 6 + 8 I E E W F q 0 2 K x p r h N c s E k 2 x W g C d R C I o M 6 i A 90 H U 6 I W t n i l e T H x F j U 7 T z v D C 8 T u H f X q 4 D B Y Z O X E S K 3 r a V Y s W X S r f J c z K Y d B i k T 782 e b V g 3 G i m Q w 2 B B 1 / n L q t r H y 1 g 8 g + a y Z c W f 80 s K J 5 U G V A G W Y J + 9 G b G K 6 C g X z e G h O q Q P P 686 + n j I L n K z F s O p K B 9 + R k B v t 9 Z d P y O g I S r h u y / Y X D L T J a A O l l 2 Q y S t u 7 X J T 8 t 8 E o 449 Z C O H V + K d e 8 B E i w p u W e I R u x Z 7 O z y A z o q j o q 0 n B f H I n 8 d L d E y 3 K m 8 S N z l C Q A s g Q J K t d e y U q Q q l c S 51 r m t 69 Q i / k 3 i n e w B S u s l 8 h l A S X B w i G G H Y J f X L V D f k Q W + g P v 92 c y y n B u B + U P p 2 B O k q z 0 W g G g Z A r t A i l y U u 7 D e I d k L N K y 6 P h f 2 z N y 47 s X A G I d o k A K e k M v o 5 y Z h s y H b f 1 v w k k K z I J 490 y Z c A O k h L K P d 3 r g H t H F F 7 M l f I g T 0 j G d b 61 V j Z l y z P T U H k M H 236 O b P k + u I k L T A U N J o m T R w 1 u 1 i q Q J e 9 o z u y x e C a 7 J D C t E F t I V 1E5 z 5 C H M T M E / w m 3 D 1 F Q m p F 3 S h h W 18 t 49 J + j z S e y 8 / b d 4 s 35 B l + 5 a D F P i 2 Q 1 e H 1 r n s q J X y f c u u D Z 0 W X s Y y v A l F G C r r + E f s m W A Z m K + + 6 J Q i h 1 g Q n 4 J Z P + 1 y a j t L G 7 A v M 6 F X U I m 8 k R j K W B d g x 78 W p V Q W X 9 L 72 i y s X X i S v z e 4 g v H p v i 4 B W h l A 2 D C T y 3 g R W r H X 4 F f e L J b p U S T + q K S V Z 5 D t i 1 j g H R S 9 v x S S V K B B a m K e 7 M A t 8 x e V w + X K I Z g u u P U g Q / o 2 w r o E R F K k y U Y 9 v J b i 5 A W J j E 1 T B F h T D 8 E T Z I k w V 9 O J 5 P 0 B 1 I r L 6 U q 8 w s k P D 8 / Y K g / a S k V b F E D d E d 1 v x t h T q f c W h 8 k p m L 5 Y U c I 6 o r f l G P 1 i p v 0 + w X Y z h x Z K 1 V K W X D P O P F w 7 N u h I d b D S j x s I I A e D D y + 3 / D l Q H L 7 z E L u h c L t N m D 6 V N e d K C 26 C T p 6 U g 9 b N B d s z 9 z s C O A s s Z 0 G a j + A I p q 1 j S 29 N R I X 224 w y o 6 e o f 6 S X q b b n D R F n I X y h n x Y O n 3 h Z F P n c n c L n Z K K j i 9 K W Y w R U 9 X e + P D p 2 Y q p B k v I 2 h z n w V J E x C V k E y y q j k K c u 6 P 0 8 g k k Q 2289 Y F V 1 J w D W X v V 5 F J v 6 f s 1 o Q w J W A d d i g + 6 D A G 9 V W Y v 3 T Z u 7 t S e Y J l M g b B D / + q S E 801 r + y B N 760 s p j R / f Q K Y L V b l h 2 T G C A Q x y l W p t B A b z p J r j Y A w V N i d m P l J H f 6 r C G E w Z T q m Y 2 k B Y / a / K 8 y b o V t m N l O I + q Y l A E L Z z z X N l 14 w H x u 5 y x / d Y P K I 4 b E 4 Z C n p F G a R K Z e H P m c s x l S x z S i N 7 p e l Z W j h D q H y l f l p F x u v g Y 1 L 3 m o e a 0 I G g P 4 / U g 9 o X h K E 9 Z w t S c v d W y C 9 l f 8 k j M 81 X F H 9 q a I s v + 6 H H 99 W p F y G r S I D B t r L x p X 26 a 51 d 2 Q b y z d t D 4 c J C e c I b t C u z z c 6 U M q 7 L h j R v I N Z D W e 90 S + F m o l c 51 + b d i 8 y 7 h l S D c v q K E N 2 N U M H O 95 h W E 3 s / E 4 + p 2 u T E j 2 Q q X d 3 z n D P U r k 4 h O p C H L t 6 Y c b 4 N b T j Z 9 k n w N R T a v G f 8 C l o 16 G D + G H O W t q A x L 4 E m r G o m 7 / T + l K + T I E P a 9 / m w F r x t h + + b A q c m f c y F J m h 9 k D V 8 S l J q 8 G 1 M l H M k i d O 7 h U J x 7 f n Y A Z z y I q h w B I U d 7 L D 6 h / N 3 j 3 i r 4 G l 8 k p k u D z R N m T n U I T P 2 G G l E P Z m T G Z z R H E y X p 5 K 248 / E a Q x L I P L 8 y v h P w e e x y z O G s x w + s R 1 j d T C r S m z q W 55 s 60 r / B a P z T x i p 8 i a C i E W x V A o c 3 B e M + l c g V R s 5 C h D F d Y L 4 k i q a b I H T R 685 g X H k / + s l 66 C d L 7 S G 905 V j Z t K w o 0 0 Z + d F p y I o a 0 F k D Q n g E c C j 5 F b o S P 5 W t E Z 0 H O e d + Q A L a 7 n y W G C K 7 J d R H U o G R q T T B r a J 4 r 7 B 3 R Y L Y 1 / D C n v 3 S X N c 61 o a e 3 P Q 2 l
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-04T10:02:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1b2bf589-d1bd-46ec-bdd9-e3377bf59cee" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T10:02:47.000Z" ,
"modified" : "2019-07-04T10:02:47.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-07-03T15:12:45" ,
"category" : "Other" ,
"uuid" : "cca3eefe-49ec-4842-83d8-baf38d68972e"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b20327c03703ebad191c0ba025a3f26494ff12c5908749e33e71589ae1e1f6b3/analysis/1562166765/" ,
"category" : "Payload delivery" ,
"uuid" : "c3fc986f-c317-46e2-8502-c025de6de496"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/69" ,
"category" : "Payload delivery" ,
"uuid" : "a102335b-ecd3-4e79-8d4a-a4e48b974de3"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b9d123b3-6e49-44dc-9650-cba9b90be445" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T10:02:47.000Z" ,
"modified" : "2019-07-04T10:02:47.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-07-03T05:43:22" ,
"category" : "Other" ,
"uuid" : "772c6917-2b8a-4dbb-a9ba-bbef0d772bb8"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b214c7a127cb669a523791806353da5c5c04832f123a0a6df118642eee1632a3/analysis/1562132602/" ,
"category" : "Payload delivery" ,
"uuid" : "2883e42f-bc1b-491f-8363-d7be4dc00306"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "17/67" ,
"category" : "Payload delivery" ,
"uuid" : "0dd22965-bb69-4035-890a-ad7a8916b45d"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5d1dd042-92e0-47ab-b0c5-4df9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-04T10:09:06.000Z" ,
"modified" : "2019-07-04T10:09:06.000Z" ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "scheme" ,
"value" : "http" ,
"category" : "Other" ,
"uuid" : "5d1dd043-2370-4c2c-ad4b-4470950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "resource_path" ,
"value" : "/cl_client_online.php" ,
"category" : "Other" ,
"comment" : "POST containing harvested system information" ,
"uuid" : "5d1dd043-a384-43a9-b3e9-45b9950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "resource_path" ,
"value" : "/cl_client_cmd.php" ,
"category" : "Other" ,
"comment" : "GET C2 command" ,
"uuid" : "5d1dd043-9d04-4442-9f4e-4c37950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "resource_path" ,
"value" : "/cl_client_cmd_res.php" ,
"category" : "Other" ,
"comment" : "POST result of C2 command" ,
"uuid" : "5d1dd043-e630-47ff-9e51-4f70950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "resource_path" ,
"value" : "/cl_client_logs.php" ,
"category" : "Other" ,
"comment" : "POST log message" ,
"uuid" : "5d1dd043-1690-44fc-a71a-48ca950d210f"
}
] ,
"x_misp_meta_category" : "network" ,
"x_misp_name" : "url"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d4b1b6a9-8ad8-42a3-837d-2657a643fe05" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-05T19:26:41.000Z" ,
"modified" : "2019-07-05T19:26:41.000Z" ,
"pattern" : "[file:hashes.MD5 = '88eae0d31a6c38cfb615dd75918b47b1' AND file:hashes.SHA1 = '52e7f36c92ffdbe624478a02ac8ac8208436ce8d' AND file:hashes.SHA256 = '7fd526e1a190c10c060bac21de17d2c90eb2985633c9ab74020a2b78acd8a4c8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-07-05T19:26:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--24904b19-a810-4f5e-9eb3-ebe8f0c8d4a6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-05T19:26:41.000Z" ,
"modified" : "2019-07-05T19:26:41.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-07-04T14:54:29" ,
"category" : "Other" ,
"uuid" : "75bdea15-901e-4381-a272-cf482842614e"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/7fd526e1a190c10c060bac21de17d2c90eb2985633c9ab74020a2b78acd8a4c8/analysis/1562252069/" ,
"category" : "Payload delivery" ,
"uuid" : "016e8dce-ddda-4e0b-ba96-f75ca87561b7"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "48/66" ,
"category" : "Payload delivery" ,
"uuid" : "f9f87943-109c-438f-aba6-964d80e01e3e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ad843e55-3218-4fb9-9acb-1e1bd2b9946e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-07-05T19:26:41.000Z" ,
"modified" : "2019-07-05T19:26:41.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-07-04T14:53:20" ,
"category" : "Other" ,
"uuid" : "79d8b7cb-0b7d-42dd-8b24-feb157d776b2"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b214c7a127cb669a523791806353da5c5c04832f123a0a6df118642eee1632a3/analysis/1562252000/" ,
"category" : "Payload delivery" ,
"uuid" : "eaf4016f-2fd7-4551-a542-149a2e073790"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/66" ,
"category" : "Payload delivery" ,
"uuid" : "14050522-faa7-4d29-b94b-e7cdcd2b435e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--8896acc9-e38f-46ac-befd-79b7a5284adc" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-04T09:38:45.000Z" ,
"modified" : "2019-07-04T09:38:45.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--7ccf1784-d672-49a9-a9c1-47571248ecc2" ,
"target_ref" : "x-misp-object--5385bb52-5807-4cd1-9b73-2a477774ecaf"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--8b3b21ca-a46c-42b2-8ca9-c34f86c571fe" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-04T10:10:15.000Z" ,
"modified" : "2019-07-04T10:10:15.000Z" ,
"relationship_type" : "uses" ,
"source_ref" : "indicator--7ccf1784-d672-49a9-a9c1-47571248ecc2" ,
"target_ref" : "x-misp-object--5d1dd042-92e0-47ab-b0c5-4df9950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--d9027a99-55f6-48c9-a5ed-f58da8eb9f50" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-04T09:45:42.000Z" ,
"modified" : "2019-07-04T09:45:42.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5d1dca91-67f4-4d72-ae65-404c950d210f" ,
"target_ref" : "x-misp-object--5385bb52-5807-4cd1-9b73-2a477774ecaf"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--2b996db1-7de3-49a4-bf4a-2693b8e6a6c0" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-04T10:02:48.000Z" ,
"modified" : "2019-07-04T10:02:48.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5d1dcc9f-4ff4-4a67-9d55-4c50950d210f" ,
"target_ref" : "x-misp-object--b9d123b3-6e49-44dc-9650-cba9b90be445"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--c2ecfbdd-372d-4009-9d10-d0aea23db7ea" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-05T19:26:42.000Z" ,
"modified" : "2019-07-05T19:26:42.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5d1dcc9f-4ff4-4a67-9d55-4c50950d210f" ,
"target_ref" : "x-misp-object--ad843e55-3218-4fb9-9acb-1e1bd2b9946e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--4af4ac70-d129-4193-944f-4a281b359d81" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-04T10:02:48.000Z" ,
"modified" : "2019-07-04T10:02:48.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5d1dceb0-5e88-4c96-9198-4be5950d210f" ,
"target_ref" : "x-misp-object--1b2bf589-d1bd-46ec-bdd9-e3377bf59cee"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--2a0fd6a4-b2db-4b43-9783-655d10959887" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-07-05T19:26:42.000Z" ,
"modified" : "2019-07-05T19:26:42.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--d4b1b6a9-8ad8-42a3-837d-2657a643fe05" ,
"target_ref" : "x-misp-object--24904b19-a810-4f5e-9eb3-ebe8f0c8d4a6"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}
