{ "type": "bundle", "id": "bundle--5b44a06a-d458-497b-b05e-0c1e0acd0835", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-12T10:16:37.000Z", "modified": "2018-07-12T10:16:37.000Z", "name": "Synovus Financial", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5b44a06a-d458-497b-b05e-0c1e0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-12T10:16:37.000Z", "modified": "2018-07-12T10:16:37.000Z", "name": "Trend Micro Blog: Malicious Macro Hijacks Desktop Shortcuts to Deliver Backdoor", "published": "2018-08-23T09:29:03Z", "object_refs": [ "indicator--5b44a084-23cc-4e7a-acec-0a3b0acd0835", "indicator--5b44a085-e458-4ee9-9f34-0a3b0acd0835", "indicator--5b44a085-8e9c-4645-b07a-0a3b0acd0835", "indicator--5b44a085-e524-43a8-a22b-0a3b0acd0835", "indicator--5b44a085-e254-4866-a5a1-0a3b0acd0835", "indicator--5b44a085-10bc-4a12-8c90-0a3b0acd0835", "indicator--5b44a085-dcbc-4be6-a484-0a3b0acd0835", "indicator--5b44a085-f3fc-4783-9300-0a3b0acd0835", "indicator--5b44a085-29d8-40cc-8996-0a3b0acd0835", "indicator--5b44a085-e50c-49c8-b770-0a3b0acd0835", "indicator--5b44a085-b830-48d8-b2af-0a3b0acd0835", "indicator--5b44a085-6a84-42dd-ab5a-0a3b0acd0835", "indicator--5b44a085-d1b4-49d5-9147-0a3b0acd0835", "indicator--5b44a085-8830-4baf-94dc-0a3b0acd0835", "indicator--5b44a085-48f8-44fe-8e69-0a3b0acd0835", "indicator--5b44a085-425c-47a4-906a-0a3b0acd0835", "indicator--5b44a085-8fa8-4a33-8c18-0a3b0acd0835", "indicator--5b44a0cc-9380-4803-a4d2-0c950acd0835", "indicator--5b44a0cd-4f10-4bf7-a9b9-0c950acd0835", "indicator--5b44a0cd-3aac-4026-8086-0c950acd0835", "indicator--5b44a0cd-2844-4c35-b9f3-0c950acd0835", "indicator--5b44a0cd-2940-4451-b513-0c950acd0835", "indicator--5b44a0cd-8734-451f-908e-0c950acd0835", "indicator--5b44a0cd-2024-437e-88cd-0c950acd0835", "indicator--5b44a0cd-a15c-41ba-9334-0c950acd0835", "indicator--5b44a0cd-af6c-45ce-8d36-0c950acd0835", "indicator--5b44a0cd-2c3c-403f-b00b-0c950acd0835", "indicator--5b44a0cd-fb38-4bff-b5d3-0c950acd0835", "indicator--5b44a0cd-ec94-4833-9e6a-0c950acd0835", "indicator--5b44a0cd-1a7c-4818-90b4-0c950acd0835", "indicator--5b44a0cd-3118-4e91-80ac-0c950acd0835", "indicator--5b44a0cd-44d4-4d3e-a76a-0c950acd0835", "indicator--5b44a0cd-badc-4d60-8cc5-0c950acd0835", "indicator--5b44a0cd-ab88-471a-9158-0c950acd0835", "indicator--5b44a0cd-89e4-4fd0-a95b-0c950acd0835", "indicator--5b44a0cd-fd70-4b88-ace3-0c950acd0835", "indicator--5b44a0cd-cab8-4289-b2d1-0c950acd0835", "indicator--5b44a0cd-851c-4744-b26f-0c950acd0835", "indicator--5b44a0cd-98ec-4d88-9b96-0c950acd0835", "indicator--5b44a0dd-fe20-4156-a165-0bd60acd0835", "indicator--5b44a0dd-30d4-442b-b051-0bd60acd0835", "indicator--5b44a0dd-dd4c-4b5f-929d-0bd60acd0835", "indicator--5b44a0dd-1e48-40ef-9052-0bd60acd0835", "indicator--5b44a0dd-9c60-44b5-b917-0bd60acd0835", "indicator--5b44a0dd-88a8-4da2-a8ea-0bd60acd0835", "indicator--5b44a0dd-fda8-4bb7-a230-0bd60acd0835", "indicator--5b44a0dd-57fc-426a-9f50-0bd60acd0835", "observed-data--5b44a12b-a810-4c41-8563-0c950acd0835", "url--5b44a12b-a810-4c41-8563-0c950acd0835" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "osint:source-type=\"blog-post\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a084-23cc-4e7a-acec-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:16.000Z", "modified": "2018-07-10T12:03:16.000Z", "pattern": "[file:hashes.SHA256 = '0181a985897f1fa66ede98cc04e97b05387743de198c2dcf4667fa4fde7779c1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-e458-4ee9-9f34-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = '20b05a17623a7e74f7cfe4296ba79cff8ca6b3ea64f404661b7bc46ab603511c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-8e9c-4645-b07a-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = '2864b1b7417aacc13a4277d8cb9c94b5a04420f6ccc1cc4dfd3be4d369406383']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-e524-43a8-a22b-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = '2b3cd4d85b2b1f22d88db07352fb9e93405f395e7d0cfe96490ea2bc03a8c5ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-e254-4866-a5a1-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = '3b85e737965020d82cdc0890f1243732b71977117cdf310554e9dd91b78bfe63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-10bc-4a12-8c90-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = '451c4c3fbf5aec103833fa98d942b1876d9ce84575a00757562489921bc1d396']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-dcbc-4be6-a484-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = '45b2580db6d13720014753813eb69c1aa0effbd100bb80e5a07d75447489ba0f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-f3fc-4783-9300-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = '7730a98fd698f1043184992f1ca349ea1bdfd33d43a0ece2cd88f9f6da2e37d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-29d8-40cc-8996-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = '804d883661ba51cec97135f9f33c1fa9084384783d59a4f55d496e2901c20289']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-e50c-49c8-b770-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = '96a4f844d7102d0ee757caa1719f1cd95d1386e61eb7c694020d6cf14b546880']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-b830-48d8-b2af-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = '9eac92bec146ce9cef096105f6531f2ee4c2e1a14507f069728a1022ecdcdedd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-6a84-42dd-ab5a-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = 'a4b25e5e72fc552e30391d7cd8182af023dc1084641d93b7fa6f348e89b29492']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-d1b4-49d5-9147-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = 'a9fc2b6f8bc339742268bac6c02843011ebb670114a786a71ff0fa65397ac9c6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-8830-4baf-94dc-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = 'c57bf08c414900b5b4ad907272a606d6695c14dc2acc0264eca53840eee3f3f4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-48f8-44fe-8e69-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = 'c9b7c2189d3cea05a666c45043812d832bed60cfcb8a97222bca9afc53b3d229']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-425c-47a4-906a-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = 'cc60dae1199c72543dd761c921397f6e457ff0440da5b4451503bfca9fb0c730']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a085-8fa8-4a33-8c18-0a3b0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:03:17.000Z", "modified": "2018-07-10T12:03:17.000Z", "pattern": "[file:hashes.SHA256 = 'd904495737dfe33599c0c408855f6d0dd9539be4b989eb5ab910eb6ab076d9ef']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:03:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cc-9380-4803-a4d2-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:28.000Z", "modified": "2018-07-10T12:04:28.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1eoZvAJNwYmj97bWhzVLUVIt0lAqWKssD&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-4f10-4bf7-a9b9-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1f84hF8spepIVwTMAQU0nYs-6o9ZI3yjo&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-3aac-4026-8086-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1G7pfj4X3R4t8wq_NyCoE2pMYFo-TIkI9&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-2844-4c35-b9f3-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1GofUo_21wAidnNek5wIqTEH65c5B4mYl&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-2940-4451-b513-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1NfIqI9SJedlNn02Vww8rd5F73MfLlKsJ&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-8734-451f-908e-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1NgMUcD8FzNTEi45sNc6Cp-VG-EnK_uL-&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-2024-437e-88cd-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1NStRbzXtC4Vwv2qZ0CjrJYbk5ENFmQv_&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-a15c-41ba-9334-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1tBu1-SVAdWQccETb_AxAhBR3CLIrjkOU&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-af6c-45ce-8d36-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1TjywdxSZfENUorSHyjVDprOsT8Sq1_SW&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-2c3c-403f-b00b-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1Xhx22-OVqg-ZcpwU6bVBdP9lWZfzyFzB&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-fb38-4bff-b5d3-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1yC0rtWErmwTTyLO3VuP33pgLkfzy0xik&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-ec94-4833-9e6a-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1YqlYbFUObMjRBvNFfjwkdSJTpxU-rMVy&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-1a7c-4818-90b4-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/chrome_update']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-3118-4e91-80ac-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/chrome_update']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-44d4-4d3e-a76a-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/firefox_update']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-badc-4d60-8cc5-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/iexplorer_update']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-ab88-471a-9158-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/opera_update']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-89e4-4fd0-a95b-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/dotnet/updater']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-fd70-4b88-ace3-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/firefox_update']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-cab8-4289-b2d1-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/iexplorer_update']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-851c-4744-b26f-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/opera_update']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0cd-98ec-4d88-9b96-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:29.000Z", "modified": "2018-07-10T12:04:29.000Z", "description": "Stage 1", "pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/updater']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0dd-fe20-4156-a165-0bd60acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:45.000Z", "modified": "2018-07-10T12:04:45.000Z", "description": "Stage 2", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1lcw-cN9o3NkR6zkeHrDHg-WiUhHBi1wK&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0dd-30d4-442b-b051-0bd60acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:45.000Z", "modified": "2018-07-10T12:04:45.000Z", "description": "Stage 2", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1OhTA1K04zKFaKw7omXJbmN8_S2VmIcdD&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0dd-dd4c-4b5f-929d-0bd60acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:45.000Z", "modified": "2018-07-10T12:04:45.000Z", "description": "Stage 2", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1okynNTx2kEvx1gBQsmmB3OuS0wQ3A3uE&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0dd-1e48-40ef-9052-0bd60acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:45.000Z", "modified": "2018-07-10T12:04:45.000Z", "description": "Stage 2", "pattern": "[url:value = 'https://drive.google.com/uc?authuser=0&id=1ZFcguS1z4bSCpnMibYZZ8KHdFtN6hscM&export=download']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0dd-9c60-44b5-b917-0bd60acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:45.000Z", "modified": "2018-07-10T12:04:45.000Z", "description": "Stage 2", "pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/winhost.img']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0dd-88a8-4da2-a8ea-0bd60acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:45.000Z", "modified": "2018-07-10T12:04:45.000Z", "description": "Stage 2", "pattern": "[url:value = 'https://raw.githubusercontent.com/microsoftstorage/vsto/master/winhost.ver']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0dd-fda8-4bb7-a230-0bd60acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:45.000Z", "modified": "2018-07-10T12:04:45.000Z", "description": "Stage 2", "pattern": "[url:value = 'https://raw.githubusercontent.com/modernconceptplanet/vsto/master/winhost.img']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b44a0dd-57fc-426a-9f50-0bd60acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:04:45.000Z", "modified": "2018-07-10T12:04:45.000Z", "description": "Stage 2", "pattern": "[url:value = 'https://raw.githubusercontent.com/modernconceptplanet/vsto/master/winhost.ver']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-10T12:04:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b44a12b-a810-4c41-8563-0c950acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-10T12:06:03.000Z", "modified": "2018-07-10T12:06:03.000Z", "first_observed": "2018-07-10T12:06:03Z", "last_observed": "2018-07-10T12:06:03Z", "number_observed": 1, "object_refs": [ "url--5b44a12b-a810-4c41-8563-0c950acd0835" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5b44a12b-a810-4c41-8563-0c950acd0835", "value": "https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-macro-hijacks-desktop-shortcuts-to-deliver-backdoor/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }