1421 lines
No EOL
93 KiB
JSON
1421 lines
No EOL
93 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5cac8884-5a80-4a5b-b3f9-ada3950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:21:59.000Z",
|
|
"modified": "2019-04-09T19:21:59.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5cac8884-5a80-4a5b-b3f9-ada3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:21:59.000Z",
|
|
"modified": "2019-04-09T19:21:59.000Z",
|
|
"name": "OSINT - STUXSHOP The Oldest Stuxnet Component Dials Up",
|
|
"published": "2019-04-09T19:26:39Z",
|
|
"object_refs": [
|
|
"x-misp-attribute--5cac88a1-c61c-43b2-81cb-2bc9950d210f",
|
|
"observed-data--5cac88b4-82f0-40c1-bf5c-3009950d210f",
|
|
"url--5cac88b4-82f0-40c1-bf5c-3009950d210f",
|
|
"indicator--5cac8f36-c224-4ca1-b482-c1da950d210f",
|
|
"indicator--5cac8f36-bee8-41f2-97ba-c1da950d210f",
|
|
"indicator--5cac8f36-a064-4c8f-9b64-c1da950d210f",
|
|
"indicator--5cac8f36-3c18-4fec-8be3-c1da950d210f",
|
|
"indicator--5cacea3f-924c-4319-8993-43a302de0b81",
|
|
"indicator--5cacea3f-0ee0-4dd4-a623-418202de0b81",
|
|
"indicator--5cacea53-f988-4e9c-8d3a-467302de0b81",
|
|
"indicator--5cacea6e-5a00-489d-aab9-46c502de0b81",
|
|
"indicator--5cacea6e-74d8-45d6-905e-45ad02de0b81",
|
|
"indicator--5cacea82-abf4-4c0d-907c-4bb402de0b81",
|
|
"indicator--5caceaaa-e558-4992-99be-4a1b02de0b81",
|
|
"indicator--5caceaaa-2ebc-4fbc-bdbe-411802de0b81",
|
|
"indicator--5caceaaa-4660-45bc-92c7-4c9702de0b81",
|
|
"indicator--5caceaaa-78dc-4a6d-83e6-4ff002de0b81",
|
|
"indicator--5caceaaa-f400-4670-8acd-4c5b02de0b81",
|
|
"indicator--5caceae8-f6cc-4959-97cf-a79102de0b81",
|
|
"indicator--5caceed5-75f0-4a37-adbf-4c8702de0b81",
|
|
"indicator--5cacf076-9a94-4851-83c9-4ecd02de0b81",
|
|
"indicator--5cac89aa-7884-4eb1-95fd-4a27950d210f",
|
|
"x-misp-object--d66ade80-17a6-47a9-9efe-7b5a922dfaa1",
|
|
"indicator--5cac8b2f-87ec-4432-bb7d-2c32950d210f",
|
|
"indicator--5cac8cc9-7984-4dfa-85f8-49af950d210f",
|
|
"indicator--5cac8dc1-95dc-466e-85ce-4b0c950d210f",
|
|
"indicator--5cacea17-9ba0-4939-95e7-474c02de0b81",
|
|
"indicator--2868aeaa-a19a-4b36-b693-e55b1a32d633",
|
|
"x-misp-object--95f4e9d8-aec9-4e52-b133-8688a3857540",
|
|
"indicator--d7f8c044-89dc-411c-a777-6110c35e1185",
|
|
"x-misp-object--73ebef95-1302-4712-b237-7aba3002f249",
|
|
"indicator--308606ca-729c-4050-8d8e-72f00f17a981",
|
|
"x-misp-object--7403084a-f132-4ff9-a53b-6342ed8032ee",
|
|
"indicator--dbbdfe4d-13dc-4fc2-b189-0582aec45f8f",
|
|
"x-misp-object--67191d81-2968-4471-b804-e92b25166e28",
|
|
"indicator--de4d97dc-5512-4f11-b590-7f56e1877cdc",
|
|
"x-misp-object--555db026-ee1b-4775-91f4-a1b52245a78c",
|
|
"indicator--6b9bfb62-ea86-4bb9-9d1e-7aa8ed2150eb",
|
|
"x-misp-object--ddaf5a99-1963-4a4a-93eb-0b69396bbb46",
|
|
"indicator--6edd0812-8c25-4923-8e60-1872a7a81a1c",
|
|
"x-misp-object--b7b2cc69-43cb-4213-9dfd-d7b5043a819d",
|
|
"indicator--421a889c-305d-4fee-a7c9-6b0114a2beb9",
|
|
"x-misp-object--596ec4c3-ec57-4be1-8edf-777fb2b48aa0",
|
|
"x-misp-object--5cacf023-7368-4a33-a5a4-4e8502de0b81",
|
|
"indicator--5cacf0d7-870c-4b90-a5bb-4c1c02de0b81",
|
|
"relationship--4ef96889-d7aa-40b8-be25-5ce6de4c6203",
|
|
"relationship--d9dc9213-1c5c-4d17-b04b-3bc032b6c202",
|
|
"relationship--4f0a8f43-97e1-4076-8dff-884e07090f55",
|
|
"relationship--15a8a0ee-30ce-4011-9989-47b0de6ac270",
|
|
"relationship--ff2226dd-3d75-457f-82b9-1674a9ed9016",
|
|
"relationship--0aa3de93-d3fc-48db-8a12-6a14a6a24f2b",
|
|
"relationship--0e204fd1-c7f3-44a0-860b-4fb0636744a1",
|
|
"relationship--285dab3d-1699-4368-92d9-06a89a182a8e",
|
|
"relationship--21ecdd34-4658-402a-aa87-b9a319175ddb",
|
|
"relationship--479e15f5-7c37-4e86-8242-11d5ca9d74d8",
|
|
"relationship--e723a4be-7d7a-430b-939b-e8b098634523",
|
|
"relationship--d882cf57-ffe6-464c-8a99-34f979df6828",
|
|
"relationship--3ed6d032-6ffb-4d2f-8f12-9e3e37145e06"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:lifetime=\"perpetual\"",
|
|
"osint:certainty=\"50\"",
|
|
"misp-galaxy:malpedia=\"Stuxnet\"",
|
|
"misp-galaxy:tool=\"Stuxnet\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5cac88a1-c61c-43b2-81cb-2bc9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T11:57:21.000Z",
|
|
"modified": "2019-04-09T11:57:21.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "During our research into the GossipGirl Supra Threat Actor (STA) cluster, we discovered apreviously unknown relationship exemplified in an early Stuxnet component \u00e2\u20ac\u201cbuilt in part on theFlowershop malware framework. While other known versions of Stuxnet were partially linked tothe Flame platform (a.k.a. Flamer, SkyWiper) or the \u00e2\u20ac\u02dcTilded Platform\u00e2\u20ac\u2122 (a.k.a. DuQu), this older1component shares code with Flowershop \u00e2\u20ac\u201can even older malware framework active as early as2002. In an interesting show of longevity, this Stuxnet component \u00e2\u20ac\u201cwhich we\u00e2\u20ac\u2122ve dubbedStuxshop\u00e2\u20ac\u2039\u00e2\u20ac\u201c is configured to communicate with known Stuxnet command-and-control (C&C)servers and even includes logic to suppress dial-up prompts for disconnected (or possiblyairgapped) machines.The value of this recent finding is twofold: First, it suggests that yet another team withits own malware platform was involved in the early development of Stuxnet. And secondly, itsupports the view that Stuxnet is in fact the product of a modular development frameworkmeant to enable collaboration among diverse, independent threat actors. Our recent findings,alongside the outstanding body of previously reported technical analysis on this threat, wouldplace the \u00e2\u20ac\u02dcFlowershop team\u00e2\u20ac\u2122 alongside Equation, Flame, and Duqu as those involved in toolingthe different phases of Stuxnet as an operation active perhaps as early as 2006. Perhaps themost apt metaphor for Stuxnet is that of a \u00e2\u20ac\u02dcplane built as its being flown\u00e2\u20ac\u2122."
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5cac88b4-82f0-40c1-bf5c-3009950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T11:57:40.000Z",
|
|
"modified": "2019-04-09T11:57:40.000Z",
|
|
"first_observed": "2019-04-09T11:57:40Z",
|
|
"last_observed": "2019-04-09T11:57:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5cac88b4-82f0-40c1-bf5c-3009950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5cac88b4-82f0-40c1-bf5c-3009950d210f",
|
|
"value": "https://storage.googleapis.com/chronicle-research/STUXSHOP%20Stuxnet%20Dials%20In%20.pdf"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cac8f36-c224-4ca1-b482-c1da950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T12:25:26.000Z",
|
|
"modified": "2019-04-09T12:25:26.000Z",
|
|
"description": "Stuxshop samples identified thus far contain four hardcoded C&C servers such as",
|
|
"pattern": "[url:value = 'http://211.24.237.226/index.php?data=']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T12:25:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cac8f36-bee8-41f2-97ba-c1da950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T12:25:26.000Z",
|
|
"modified": "2019-04-09T12:25:26.000Z",
|
|
"description": "Stuxshop samples identified thus far contain four hardcoded C&C servers such as",
|
|
"pattern": "[url:value = 'http://todaysfutbol.com/index.php?data=']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T12:25:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cac8f36-a064-4c8f-9b64-c1da950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T12:25:26.000Z",
|
|
"modified": "2019-04-09T12:25:26.000Z",
|
|
"description": "Stuxshop samples identified thus far contain four hardcoded C&C servers such as",
|
|
"pattern": "[url:value = 'http://78.111.169.146/index.php?data=']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T12:25:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cac8f36-3c18-4fec-8be3-c1da950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T12:25:26.000Z",
|
|
"modified": "2019-04-09T12:25:26.000Z",
|
|
"description": "Stuxshop samples identified thus far contain four hardcoded C&C servers such as",
|
|
"pattern": "[url:value = 'http://mypremierfutbol.com/index.php?data=']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T12:25:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cacea3f-924c-4319-8993-43a302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T18:53:51.000Z",
|
|
"modified": "2019-04-09T18:53:51.000Z",
|
|
"description": "Stuxshop Modules",
|
|
"pattern": "[file:hashes.SHA256 = 'c1961e54d60e34bbec397c9120564e8d08f2f243ae349d2fb20f736510716579']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T18:53:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cacea3f-0ee0-4dd4-a623-418202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T18:53:51.000Z",
|
|
"modified": "2019-04-09T18:53:51.000Z",
|
|
"description": "Stuxshop Modules",
|
|
"pattern": "[file:hashes.SHA256 = '1daa2b15b70e486927c8fc06eed434080ab408a1b320be9fefe193c20d1d9a7f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T18:53:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cacea53-f988-4e9c-8d3a-467302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T18:54:11.000Z",
|
|
"modified": "2019-04-09T18:54:11.000Z",
|
|
"description": "Stuxnet Installer with Embedded Stuxshop",
|
|
"pattern": "[file:hashes.SHA256 = 'f34c85bb4fcd87225468d0e8ee4441ebc92f42b3f69500d85e28be3c553ce433']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T18:54:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cacea6e-5a00-489d-aab9-46c502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T18:54:38.000Z",
|
|
"modified": "2019-04-09T18:54:38.000Z",
|
|
"description": "Stuxnet Installers with Resource 231",
|
|
"pattern": "[file:hashes.SHA256 = '77211838bb6783121fe1aeff182c8cc1cba9c9f0c1e5a0027e0c0b9dfa18e2ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T18:54:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cacea6e-74d8-45d6-905e-45ad02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T18:54:38.000Z",
|
|
"modified": "2019-04-09T18:54:38.000Z",
|
|
"description": "Stuxnet Installers with Resource 231",
|
|
"pattern": "[file:hashes.SHA256 = 'a01845255bdc61b610cac269a5562ad09415aaf2a1490d53d55c4c3597670803']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T18:54:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cacea82-abf4-4c0d-907c-4bb402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T18:54:58.000Z",
|
|
"modified": "2019-04-09T18:54:58.000Z",
|
|
"description": "Deobfuscated Resource 231/Stuxshop modules",
|
|
"pattern": "[file:hashes.SHA256 = 'a248c9eeb8e53bbebce42f55e2bfa71bfc70ffcd9dff3271bfd338e1578f37a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T18:54:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5caceaaa-e558-4992-99be-4a1b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T18:55:38.000Z",
|
|
"modified": "2019-04-09T18:55:38.000Z",
|
|
"description": "Flowershop samples with relevant code overlap",
|
|
"pattern": "[file:hashes.SHA256 = '32159d2a16397823bc882ddd3cd77ecdbabe0fde934e62f297b8ff4d7b89832a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T18:55:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5caceaaa-2ebc-4fbc-bdbe-411802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T18:55:38.000Z",
|
|
"modified": "2019-04-09T18:55:38.000Z",
|
|
"description": "Flowershop samples with relevant code overlap",
|
|
"pattern": "[file:hashes.SHA256 = '63735d555f219765d486b3d253e39bd316bbcb1c0ec595ea45ddf6e419bef3cb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T18:55:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5caceaaa-4660-45bc-92c7-4c9702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T18:55:38.000Z",
|
|
"modified": "2019-04-09T18:55:38.000Z",
|
|
"description": "Flowershop samples with relevant code overlap",
|
|
"pattern": "[file:hashes.SHA256 = '683ce2c7c80b180768fe4d2a39030dc7c4f67db79d1953ee4803522131f533a3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T18:55:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5caceaaa-78dc-4a6d-83e6-4ff002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T18:55:38.000Z",
|
|
"modified": "2019-04-09T18:55:38.000Z",
|
|
"description": "Flowershop samples with relevant code overlap",
|
|
"pattern": "[file:hashes.SHA256 = 'c074aeef97ce81e8c68b7376b124546cabf40e2cd3aff1719d9daa6c3f780532']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T18:55:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5caceaaa-f400-4670-8acd-4c5b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T18:55:38.000Z",
|
|
"modified": "2019-04-09T18:55:38.000Z",
|
|
"description": "Flowershop samples with relevant code overlap",
|
|
"pattern": "[file:hashes.SHA256 = 'ec41b029c3ff4147b6a5252cb8b659f851f4538d4af0a574f7e16bc1cd14a300']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T18:55:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5caceae8-f6cc-4959-97cf-a79102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T18:56:40.000Z",
|
|
"modified": "2019-04-09T18:56:40.000Z",
|
|
"pattern": "[rule STUXSHOP_OSCheck\r\n{\r\nmeta:\r\nauthor = \"\u00e2\u20ac\u2039 Silas Cutler (havex@Chronicle.Security)\u00e2\u20ac\u2039 \"\r\ndesc = \"\u00e2\u20ac\u2039 Identifies the OS Check function in STUXSHOP and CheshireCat\u00e2\u20ac\u2039 \"\r\nhash = \"\u00e2\u20ac\u2039 c1961e54d60e34bbec397c9120564e8d08f2f243ae349d2fb20f736510716579\u00e2\u20ac\u2039 \"\r\nstrings:\r\n$ = {10 F7 D8 1B C0 83 C0 ?? E9 ?? 01 00 00 39 85 7C FF FF FF 0F 85 ?? 01 00\r\n00 83 BD 70 FF FF FF 04 8B 8D 74 FF FF FF 75 0B 85 C9 0F 85 ?? 01 00 00 6A 05\r\n5E }\r\n$ = {01 00 00 3B FA 0F 84 ?? 01 00 00 80 7D 80 00 B1 62 74 1D 6A 0D 8D 45 80\r\n68 ?? ?? ?? 10 50 FF 15 ?? ?? ?? 10 83 C4 0C B1 6F 85 C0 75 03 8A 4D 8D 8B C6\r\n}\r\ncondition:\r\nany of them\r\n}]",
|
|
"pattern_type": "yara",
|
|
"valid_from": "2019-04-09T18:56:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5caceed5-75f0-4a37-adbf-4c8702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:13:25.000Z",
|
|
"modified": "2019-04-09T19:13:25.000Z",
|
|
"pattern": "[rule STUXSHOP_config\r\n{\r\n\tmeta:\r\n desc \u00e2\u20ac\u2039 = \u00e2\u20ac\u2039 \"Stuxshop standalone sample configuration\"\r\n author = \"JAG-S (turla@chronicle.security)\"\r\n hash \u00e2\u20ac\u2039 = \u00e2\u20ac\u2039 \"c1961e54d60e34bbec397c9120564e8d08f2f243ae349d2fb20f736510716579\"\r\n strings:\r\n $cnc1 = \"http://211.24.237.226/index.php?data=\"\u00e2\u20ac\u2039 ascii wide\r\n $cnc2 = \"http://todaysfutbol.com/index.php?data=\"\u00e2\u20ac\u2039 ascii wide\r\n $cnc3 = \"http://78.111.169.146/index.php?data=\"\u00e2\u20ac\u2039 ascii wide\"\r\n $cnc4 = \"http://mypremierfutbol.com/index.php?data=\"\u00e2\u20ac\u2039 ascii wide\r\n\r\n\t $regkey1 \u00e2\u20ac\u2039 = \u00e2\u20ac\u2039\"Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\MS-DOS Emulation\" ascii wide\r\n $regkey2 = \"NTVDMParams\"\u00e2\u20ac\u2039 ascii wide\r\n $flowerOverlap1 = {85 C0 75 3B 57 FF 75 1C FF 75 18 FF 75 14 50 FF 75 10 FF 75 FC FF 15\u00e2\u20ac\u2039}\r\n $flowerOverlap2 = {85 C0 75 4C 8B 45 1C 89 45 0C 8D 45 0C 50 8D 45 08 FF 75 18 50 6A 00 FF 75 10 FF 75 20 FF 15\u00e2\u20ac\u2039}\r\n $flowerOverlap3 = {55 8B EC 53 56 8B 75 20 85 F6 74 03 83 26 00 8D 45 20 50 68 19 00 02 00 6A 00 FF 75 0C FF 75 08\u00e2\u20ac\u2039}\r\n $flowerOverlap4 = {55 8B EC 51 8D 4D FC 33 C0 51 50 6A 26 50 89 45 FC FF 15 }\r\n $flowerOverlap5 \u00e2\u20ac\u2039= {85 DB 74 04 8B C3 EB 1A 8B 45 08 3B 45 14 74 07 B8 5D 06 00 00 EB 0B 85 F6 74 05 8B 45 0C 89 06\u00e2\u20ac\u2039}\r\n $flowerOverlap6 = {85 FF 74 12 83 7D F8 01 75 0C FF 75 0C FF 75 08 FF 15\u00e2\u20ac\u2039}\r\n condition:\r\n all of \u00e2\u20ac\u2039 ( \u00e2\u20ac\u2039 $flowerOverlap\u00e2\u20ac\u2039 *)\r\n or\r\n 2\u00e2\u20ac\u2039 of \u00e2\u20ac\u2039 ( \u00e2\u20ac\u2039 $cnc\u00e2\u20ac\u2039 *)\r\n or\r\n all of \u00e2\u20ac\u2039 ( \u00e2\u20ac\u2039 $regkey\u00e2\u20ac\u2039 *)\r\n}]",
|
|
"pattern_type": "yara",
|
|
"valid_from": "2019-04-09T19:13:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cacf076-9a94-4851-83c9-4ecd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:20:22.000Z",
|
|
"modified": "2019-04-09T19:20:22.000Z",
|
|
"pattern": "[windows-registry-key:key = 'HKEY_CURRENT_USER\\\\Control Panel\\\\Appearance\\\\Old']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T19:20:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"regkey\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cac89aa-7884-4eb1-95fd-4a27950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T12:21:53.000Z",
|
|
"modified": "2019-04-09T12:21:53.000Z",
|
|
"pattern": "[file:hashes.MD5 = '455abb43295b9a69e355e4e43457bf30' AND file:hashes.SHA1 = '1e0fe0400e04440942a4a1a5bcd3bcd3150a2eea' AND file:hashes.SHA256 = 'c1961e54d60e34bbec397c9120564e8d08f2f243ae349d2fb20f736510716579' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T12:21:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d66ade80-17a6-47a9-9efe-7b5a922dfaa1",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T12:07:08.000Z",
|
|
"modified": "2019-04-09T12:07:08.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-09T09:00:19",
|
|
"category": "Other",
|
|
"uuid": "fe2cf46c-9b9f-45e4-9909-009d17c89312"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c1961e54d60e34bbec397c9120564e8d08f2f243ae349d2fb20f736510716579/analysis/1554800419/",
|
|
"category": "Payload delivery",
|
|
"uuid": "4dc602d6-a883-4d96-9a6d-08d62774f5af"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/70",
|
|
"category": "Payload delivery",
|
|
"uuid": "6127da9f-dbd0-4a70-b003-f73444bdafa6"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cac8b2f-87ec-4432-bb7d-2c32950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T12:21:03.000Z",
|
|
"modified": "2019-04-09T12:21:03.000Z",
|
|
"pattern": "[file:hashes.MD5 = '455abb43295b9a69e355e4e43457bf30' AND file:hashes.SHA1 = '1e0fe0400e04440942a4a1a5bcd3bcd3150a2eea' AND file:hashes.SHA256 = 'c1961e54d60e34bbec397c9120564e8d08f2f243ae349d2fb20f736510716579' AND file:name = 'c1961e54d60e34bbec397c9120564e8d08f2f243ae349d2fb20f736510716579' AND file:size = '72456' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAAhhiU6Cbwf/0UoAAAgbAQAgABwANDU1YWJiNDMyOTViOWE2OWUzNTVlNGU0MzQ1N2JmMzBVVAkAAy+LrFwvi6xcdXgLAAEEIQAAAAQhAAAAXWx30pzG0qXDihDntIGFcB3uLBJt8j5oo/CZ15N7nYm4UomLesE9trJgBKvo1hLoz6nVvw7+uWaRJIF9akwxNcmO5J0kZJpLFJ52CRLnQSyZMCi+5x5ntEjZ+ELbAVQLzZuGYIUp2tnIkrNW6zq6Bjyh+meeaYQcFOOO+W7ODf1zCvembSyd6KbCjGRtmUosbFHDRGRNY0QPnGv88X3YTBSq4l5KylxKRfV6mbqFFd9r0p9m5d5aTUeG3/mdjqZF5ydDMj+fw8jLe5Ebnghy5yA855hgedP7fNyohVRQH5m47prWus9WFOspnyC9tQHaTTPwI4edeCwPZV0CmcIlJfL/+VSgY0XVfGFu7hyj/uOqOvnA3LilY6lGOmEY174vu55150aOgGVkaKY8a8DWilcN8jhAYb1neqaVuvUDY5JPkDbiNrkwqs8Wf5ThHIm65jfa64Ki/rx8mVUDs315ir0I+oJuoqxnEJdTI97lKZA4YBn5QKDEhW5CJg3OF10yIYPARfCy65Gzp9y6VKbYxOTjhZBN3OxuyK4HAUYQi78Av9wKjAV3zV07ngNBlwIOwqIXejZiZlsJBhfdpx66pgGFVWJyzeXDzSBioKHwwnuXK8GvKTj3+yvUOnRlWi9x3jATLZtU3kim/vL4vx4XB8+cgbVFdyb/hiL0lpeRFHX0U13YDv0VlOzsgw8Tc0fcp0Gz1nG07yJP9BzXtXZH9lX1KhyKch4bq9r42Jxmn6SAVElW2TQB6P5MSuz6jR7K0RU8QXpkQJ9ahph/3cUdLDspmvGvkY/Yil57NsIRLKZ3qJczq7b3uxFW4f+otad+9eNzUY5cgcLXazs9UhEEHVxp8qAFuZGhgmQgFERLj3IayEzade/SAur19O/1B3SDltJu22j4osvRCFM8OtuCsfaXfJdFjKFQiOYqAvco9COwzvOtYYtTtcQCFgtRX6xqukvjj20qTvNQPRTq4/6ukwvEOvgRrU6y1AVcy5rtduE3giUn1dw90Ca4FN3th5IjWUCB1MICjB1fq3YwQm9AAWahLDW5EVGWPGsehZjffaKby9VHLb5+2NEj+Gq1qTjjiUhSVdkg3mzvkAW17d48y+RzZEJ6YuuiEdB67HAhNT7WNmDGZZYNAzgemviXWc0pdk3w9egm0Vt99H8E+2GkJt8Z9n9gnv0bpIbb6CirR6tJm6VbN/rOTg9QhQW8ZoSfY/FaXDf4Cz7oQ6venuZAr68bd/ssaJPacWwrY0FY+UbN4l1cHgWbsfXih6fGzk20jyStm8TjvYj+rIoq1KidH9oegcj6DKaZNPKrn9YHtJ9RtOztQeOizsGTwPCBh7UxN21a1Sz/wxdtImKg0ogXYooWx4wvbvFmcTtlBEpLJr/R9GwaxxtOktAbl88EEl9rsPB8+6heNhYkXk4t5DxjsABz0trnIg69yXVoh/FHd7QZMBbDkROFoNLcvaQTwLtwHLH4AXsICG0JL4MITG+jr0UngTRnwbeWfhUtR1aKy9dTM2EDs9X0lCP+nr8IByUyzJewj3UzSpGdfPyErQeAO2cpuW9O3tfvF5GgsY6SmlT+5W3jizn3kMPEB13XkpzQyKx3DdU0MqR6zzmxFz+BoLocu04n7b+2RqqTvruNf7kadnh8WcN//C1v6TBnJ57GGFxzsPqjm0940LqszT252bjCOHgfUauE0RNWJolklFHfZ47dZACsYyshYIYsN2+lkrSkI/foYHCSFGMiZbInROpdzu2aUmkqxOfqyCAgp1lDG+qg94jpqVdzZsTUINvDxVbTk+fnvHxjM/kMVazoDBdK2z30Pc09ZigwQ3+4w5vKSH6w5D3ap3TnqubKIaWksaTPiTYxVTZRoju1jYBOdmiQNoPfCN/dOCPoOj4rWZr1Xw0650g5ZHw0KkXRIKosS5zgY/RUUyeO3qYbw7ksKHcQI3+PsdSqmlsuKqR6wWumn2wlB4EiJWo72k2hZGgxYS53QgqMXARf7CQ+aN65iES9m0i45zqalyi3NyDfqqHrbTL+Wcln29fyfnjS9unQYFupnbbGYMdKjaT1dhN95K0W/t6A+kdrTXE77bc0+B29UzY2fh4WRrxyUvPpxPJ6f4POJ+9FHeI7p4SlikWHn3nfxWzmW1LwHLIugwUQmFN0u9gkEG2qWH/4gYEjTwi8iyfVxjUe+YotocfjNJTR2rXuiPeX9D6z4YCFi5cNMYcJBvwa0XNu1jN6a+ZcrFyD78+Qgy+bZASsD2hVsK2i1sQ4xx3aFxK0bFfrR4TX2vdulocaYjOZsu4Q9Xmu51eHVm/VZBC8IBKDkwT6+0wBhoCrfYhnsVKuaMRmh7k+YCfWXkB8QROmAtcS5FX3ZlRl/+v1fLzGG+DsLe0NZXss+DrLVikXu5GzK2WMkutuWj2VJzdyKSyIV+wnXEZk5H72imoChGAbd2Gug2t2uIAH3kwibgVOMorUavXFYsBPC85CQRjRP/Yx3dWnbx4YtX6ik+RG81XGDdr1auOrP4jvh8ihjx683kOufdZ7B/w6v2kk01Dmx0XAdqjardedU0tXWZOFrxer9CFxljLOxQvMj5z6CO9OjFbZt9zXMGjx+QztjRfAO8Sg+CsucxKZ7IvgewbGtb9Ngcs0vCeNNPN6FSTKE07SnrasWivIszEmKfd4sX9+l1pBTTD1GpvUPsSwrVo1EWk5e4spnh3uNAWXuj1RF8GmoDR6CQIeYpE9HxkiCdMHbjRalPyxAZi4ra21G5rh8cVi6ZEPIS7rfKNvrZGacq6tMZJA35/EaxOZtQrCO6a3YFI9VbuoWAj/CUl8dGBYXUF9re9QS175hW+/ZY4UrJTX/a+HvO/5RUSsXnyR7Q/hInugDt7WeBblRF2Kj63ntBRKp0c1iEjLUIBbkoEdcGJ0Pw+fEZZxD735NtMBVDntDLRbHwSPcHhLY+RAi4yEqz3orJgVuJjUfyKxLZaRm8Jb3dM/cQUq5TZ1fuOFm1y15f7RDCXAECIp9xkxX/C/B6QPDkfHXWUYJb6O7kgvONoreG6NiRf2Dh6LA3X2cNDuibwQy0cy94d77vwr3gGnW0vmOPxSQQQ3wmlkm5eLq3brm0ZNlr5JZOUur3FB4Lcu+y/5W8ihsOexgSbjrKyS20Vxt1dxyj2adJGl4XmLU2NvbdcBTdo0Tr7T/HVxa6MPORBCAefwlX4xPzWiLH1Ls6OWvpkC6vyhnDYq2408iuzMQUAV/y2Tolif3jIIjFAJ4xCXBfT4WOT0umag3YV0rMZYab5Cz558e7a30XKoMRHahC3Df8b9t9hKAU4X1Ljk/nYa8bZp0Ew9UYyAP9ZiTgwoCM+xRfHQezPm6lC8pHqieLLpQV5X5HaIyMmCGEFMCxkESunnWQqQsae+7oiV3w+5Dz8pVCLSh0y6FAnlnGZ6dYIuo+MTwv6VJSw9OaI1nJHNMe9guGM9wYMxX25HDH9JUItQIhtyyFIkFkiK/BrleAaEmqOrQvovkzmttGJ96TcvK5hGadJOq4lIq4ZYyyaEt5YQ6AxUOFVOggjyekGQgvINoFrE+z4o5odPHVv9NoBmLhiI8kATeCBAcG15RTn97v6Vd22MTw3LXnh/XmnxFOMiV/ghoM52ZtBk+QeWcr51aXtZOKkpNS9aFakJ32FD53dXikpa9zJMO8R7M8zFwJ0kMR7/T2NcUU6OmTbOIN48A67ppdjH6nt1lFCWCsbuJ1Dy5YlbRc7iSCLqi8/sQnjcdV2oiCpHDe5WvXH1xQN8QD7CKHJlKvwnGAyWV8Fwn06WtH2Ew+P0bZUUhi6LyTDSn1V20ANqaWbZZllSEZ5s0eHAmLraJDHoBmionShRBd/ttHk8RW8Vl5k3F233xS1lIYFZXiVNzyxQymVluwsuKvnR3Clfyn/+/QAPB4qYaZT0iYpamrYk1CA7Qlc9GfC8WAfuy1QAULTZ6LQ8ho/yL5Jwpu9FMFM+b49bWVwFP9ogsFBqGRq7WK9mf8/tZY5/7sNTDWQQITRYzztsRiyt3MkorGQ34lRzqaOL0q/1HfYPIpap8ITkNAqBRD29fBdmgaLdcMoAMSwrG/a7JJAiphDBv6Pmh2r2e0AV80HiR3GZDUSMSMreQeab0HPKN9gQ542pKMX0VhvVenIOY2pGrwts8NzXAgUxFYkpguCP9a/2idObHWYrWx666v8fuwLG1BBOyK4SzfJ2JCgiVT97XN7JG/9envsyfRtWZvA8f+2XNn24L0JI/Cs5XMZbfpEoY45yM7VL0DI4Q6G7rxXoLrZnmyRBqObJFeiEcNroK+xmP34qG1PGd91KhWX/peq3Je2zO/MqRle0bGBcc57QFd0oqhZhw4pn0wBxPWeGheGrvcPagEVNh8Y9fSi6hAyHZGWLYJfLb4PIxFeaQ4ZhtqLuI3YZiDMPOpNnlhDjhSlS/Y3FSLTVUInSCk/cqq2+iUQWlTUitsjfdPs8hETi3hg+MjabLIBL6OuvG3vLnd71ZbFtzhqxTV+KPuuCFPz1lG0pZB91Y1KKIcs8tQftMV/ZZm1WXpVW0Lmrc2h9TgquHTacbhXtg8PbT4/F1d2QsEjomiOzpThdT/Vy/gMM/QGHbK1mBo1sIutfLIX/0bwRSyU/CZfn6jpiSc5cwN9xG3fhnUm2iyrPkYg1JnZB7u9P24mg9rL7FMY9FoOkTn2ZGMpd0skhQsbZNRmnnwR/YvbUskLrrio/Utoi7uiVGQWg6zw32DJgRoKL2064ZFbiOmTQC959IT+Oc9BtDPcsKioKUgB1WyNn9d/qj4Pw7QOGXSz3N668Y0Kn3+jtfedZ8Y4bi7Twzs9u9INc8wBTxqJ2Yek3ZIArk8uhGjjdvTGh3qcGshtfRlzQL7fOrcSkWgRwqGJAwvOZKupBVEXpU/1LUeKumSPl+bEGQka9+WywMJTwZsD+3wMXZbIAKBWnii014gryO5i6oA3+n+XX+iyx35hq/v4biuxiGCL4rBhDTL0nFoTn0DMYc27Vh8lY1DUN6qLjAZA3tDEFurkUtfHKWib/WFxse+++JWBUx5aVeeyWS79N15DFuWIsfKXzzL9TEDx1vkTcjTjqBLQwhNZ5holIZbfBDeZKyEG25JcxlwO+F/ueo03cfqmoKmCYRnY2rxcQeq5DWmhHQIW8xI+GK6L7FuV4j3tdU2vJmEGFc9ECIaJNoZ4XbFTcBtS1oCLH45EV6miXNZEU2LKxbeabejT3p84cKh7JfidRLZwFNOaULClblwfWnIgm56o9CP6FQA7IzzZGkI/aubo9Sq9c16rP6palSJoZfKWz6bZVk4fcmbFJwJdcTIWNSqeM0lts3BJPCq/jzvv0wwii+tZ0Wpg2Vb+EYRQv4tpbQ1FV+uYolq8rCO0QNxWQWs4fFqWn95McgRD2EV/1jZLN6rDsqpEgn9IFL7qgol5DHZfko9Vycj2TqyewBypJqeHOWotQVuTKEXyRWcyPz1skePeCZ1qdFl75f38cZzJ+/f9A3+jQmy7MphBXe0mpS36PlRaneW2fFBk5QubNnqgFlGCkBFizwL2i8bVSVlaoMiZirwwJKtRgO1hQCk1WZJ5gjg5cJXlclk/851/R1FcJ6U5zxkjz/Fa8z00cuEWxmP1wyIGPdSLUYpGo6Gbj3++nm0sbjny/RPCicllmi05wgyOccm+65Gvoq++BxYJEn8Rd5txUN7Ef3qLFYTtiB7N+vrs7xYvk3B4Ov1abRacFQkN3lfAH4+mkfJTbimjcI7F4UP2AU9jCK5PUZ+iWYFsBgsuQWThFAeO19kU55ONVjtsKRgZe6HHGDaiOKlJMXTGDglrCWk0HvdIfzCKVLLCSNHHGn+9nh6R3o3WQDdNVkDnCsmqrxP5DKC2Zi1WzwWw/fUGHsxf8Bni0Mky5iyLC5Gx3kil08pnPXBhViPHaY8D/hjXRCxqZdKIhcVcQQ86SGFIh2Xsf3v3iwNpLV933nvIMqS0+D4rz7iIh3qvjGbfteJLuoljtaBwqzJYMbFaEGzdpZcJnmJGlg5TZe3L6Vh2NJmwyijyps1aJOQ0ogWvDWI7oDPwAWA8Fts9/kZpdbx121yrri6dZL1jEbjx5kJemNkFUQg1yBYYUsspOchWr3biFsaK3yiVRqzwllspSXTXuYMEsI4QspL+NLiyDGYp3hTejelmMuymBNl5W6TkXiHTYu9X8GRKmU3Ar8tZ+5YkKgG+boPnDL4ftHsr+o68oSmN1llv8DoWtwe/HZpyL+VXbQvA70JZyJLs2PLeyvcnOkOfBtkeQ6EtxefM39uz3yE1kCyz1p5HoxEtItC6uNOmQyMHOU3wpp9cBg6CkcSbu6tVStgCFjvM47BizKPlHl7GLCxi1Q0azLENxmvzi8+8G/dduqvQIiriGDpT9ibERHXaLsy8umKBXFP1reS8z2SnGU9cu6Zm+IZFa+UkVY3ZQ24LjVxj/t7ot3mu1wryzvWERwBQ/HsBSujZO/QUya7ZIkmJ5xTSv1k7wK4Vuy/guoLI6sVX9qks9O3TvXGkXfmOhcrC9riyshwasVpbLds0ed/5UIrOIW+JSBGJ+0RETu2wVNSnBXgBVOx9aXdHABAq9AH4KDmxMme1aTLjti3cx2vKElp60szVhKbSHzkKL2vbo9CjnphzhdEsy4QxUdgWoXcym08k0ehANnMyvNhYHvUlZlfbZDr8b20K7XgdfdNskBNzMaX2ahEFwAeisuWNe0zS1hQdGmCk42IpPXRwYe5qdnpPCEshbSbV0TLJiSJISOQ1irzT7uXaxKZOo0cDrSVRLr+4yQ31tbpm3rSaG1mNe5ernEJKbARP1iAiHTN3DqDsF9U9y1RcogKbGblTcUicvmOEPF5/BvLwJkNDSE6cEkavwRGi0d0nE6ejnz7YIr0ish0aAC5B1o/JcJkPL4r3riNRLyrvPOGUGGNOZC2u+7u5ZzAVXIrE3AS2d8bzedgRi3Bvz3/M83t0MMcbCEQMqx83/MbFQlWPb8HTx8IY3Ied4S9KZXkR4p0qUOSUMEPY67GYJP1JitvIy2jyxRZ8Pq88d5SnzQ/WvzceBdy1iE8hGqpfrik4EuJ1rqu9kzqpymC8R7ZTpJ0PX8i/a+gDSmeGERzFgO8NJCUz5aO3ljCAB4GJytsbOlrVMMNViT/0EdMmTvvSS/B3rX3v5plmP5Qp56jnUwEL2YaO6hMP+TjQug3sBV/x+5cdfht3A4QvTzb2CUT150hluXhsSJUlGKdJACmqu5Wtbzx287dFifvzzck+uEip5ewR0urq1rf/9gvMXygxFg0tPc8Dxd5l3ixsY4uK2aFv/Mzcod9/S7Bf+H1yV97yz11yxhlm9rD2gVGYX4+0JPjwEDKsTcXTLZYfnnZbOi9MBmJCBFFWf0BdsvRiDaLNIv7E0Ad73aThJNWj6/19kaaCkWaWZ/y+0WYhI3APnZT4Okv1NINr7w5EEpVf6IITwsCXBn5BHcZKNIMWxVlnxrbPUott6RI/pAYQEQluvYRdLoex1y5LHqYvFVCOefMA1rg+QwgGBz6PjATu0qCnUubwWMQZqsrVFFV/70LD8e+R82NXk9Sj8DPawyV9gfuHESNJsvKuk5qIxtkmsUpn2Ase98+KShFm910RvSgH5May1/zqKpikayHlPGTLDAEemaZ6uuHtyDoTLywYMzrt+M2rfosOVJUKVc9ODRP0vnJMt+leqhIUe/4wd+uns83RXKxuDd9RvrFBLeGhRV6o71YbTFyY+bJ6DJKIFS8pVkSwgc7gt/qUVYRyTr4G8BvWxXduHXVDALosz2dXK6XJvMLvzPQVaRCXtah/T7LizpkwuG7eu+DiV5y1H/NqckyIOp9ADwU5676GPhUEA+EppJ227hFN8u3MRAM2pvI5ZFPwP3ioEHAKT/4otenY+0/Bfu50ujd8gH9RuqcTPgv+FFKbaWoF8z9jkO3f3dUu9YQRoEF6Udr78NLZJ+rjmCB5U7vjUR0/prE+HAmTizFoBlAVtE9QrNZVtCrWKvIQ7Cd9hwX9+J3dL38qPFFmo/cjikpNZFl73ruwcWmcqdFohIhJkIE8X83hvadDYFarZsTiVVteBUqF+dxq5fE60KdEEcVWCT7Da7On/QOa+I/PM1Q6q/oaSjFxsLPrrZIHbtfcul5FRYC+sUVTULqrpn/bbc3ubUpUtqya8R/0FYArfQEq9pFqyHS4BMTtkSl2TXzJ7fHtCfJYESGBBY8ADxkX7z1axh941Rhf+y+fOuxkNoCrVQlNrcwBw2vOkBvArtMxiVgA1f6wPZJBeTKy4FIXrXjr2rr3GIKBjAGod3EqPwMZs9zqrjhGQ18EtZRoFRCrYfp5+6kf8qOhoMxkOExF2Hk7ApG+oYiQwbL9bsnbPVYwb60wTqYF0eXJ/szJ1mUPkW1Chw1rGLyDD0jVOjsHx8zJ6aODvnEMmomYDHDyy0QMcdQof71m/6D30Fn/8Op8/9yIiF/MJH+FSeF7yUdgXPYJeDfVx8KFDdnTkgFsavSrSznv5AiqjcOY0Q4A1exQGegPItHcYb8yNvsBaUct/5/4rCiaiYhxhdwRZgagn9Yv8BD9yaKpntVrMorbglQL8CRJ9ekEK+R1aVuIu5BXDYvFDYM5otE+YuczU8n/6Cou+hfydKUQ8AORQUQeYHTPZkVq57o7oxhsEHleJr2n889PSGaLqI6RzHHsdYMzRyu/DOcqWAILTEo9AZqOzGzOqz6Pj2EqhEbHzZZ/ZqtzT9P5yHeCf0rf7+UjIg0BbN2cmCGCQCP3Jawk3ut1mkFK4dIy4xNPTmpEpm7jqFlCPbxoOal6PoquT+AzeZ/TBgCcyOzXBorYpWKMziSkfocllSx2EihNfVscq5j6Q0ttz/sm0R7fJM+LG6lAMrmiQgE/HEs6ciiy+/+sHMxB9yqLlTLeoOTsTmPGSCbj/tvK9miMCAttGuhu9m7i/5s78+euLQes8aewgOdI/rqvuAiVKNzkhT0P5Lc0TZjlvB3I4hlzlh2DiJ5pK+jAzgo7eTtSHTc0hbH9rXdMgcyjUiqt+RanNWaioVTeQSnkKK6jiIDMcBm5Gh5ByCeG4pbPkHRs3Bu05ZSlQ1SfTtUhDim1tn8xAS/TTByg8Ar1OoBYY5qm/7wq4Owm0NICH+6L7V1iQ3aH39RO4UUXThEUJ/7u3fzJ6keiRVAmdfvr0ZVchW+DfmXcYh6pwVPDDtyWprCpmX56McY5chhCGLY/UDED1LLgh1AmVMpm9nhCP6EEh5IeXbhv2up/aVYfpD4v/2g/Yqx/GU7K55dHYcZKtzW/eg9bcLkzqGsvw8ueBuu/gR7UN+AqEKp/SFTWnV/z4NMl3n7SmnjDr0fK70pl2npZq0Tn2jeXUcagGlo059iiVbyDWEJtPBdMamtvbub0JrGXcmh6KBYffbRAPi85huPelK0y23RfauOgp8LEijaKGXawm5iTwAzBgGfkcOF0Bp/VHPiD1VwUrvqgXiD5x6PP7UxHVCOI98voYCWDgAnSn7OFSsI3F2Pte8rWxdPPJIfhh2yWWX+vCu2OixSScpN2U6vPwRpA2jOQatwzC1gyz9oXDdWQlD3x5Yi8NB5U9/lSzLcS3ERwAdKs05WvXeOMS8sMNwtQ0nMdeYUAENyhivdB+h23v5i6fQ09jOcAo2ktVvZieejTMN4mRwYu1rH9LD4VUZphBNDEWaInONH9SWzhLL2kjwKB1Sy90f6YdadN4XMHvCd93VrrE4yAXHSk2E6+F7IURmaLlmViHXBg/Le35nFePwLIjJf/BXCSuL6wMqFRaatJm988lfNE+jaxFywnd72x22HCWI7ZMHiBwvPLritBq3LMPhDPFtOiA0zew9CmbjicQUZZWCUgIz6Gcucg4MM+Iz7uGle7tLpFvUwf9K8/dzYniQvidnRfo4DHGrdo7x26H2taIl5rgDuGAQo0yU18USHZvApGBFyUM4mT8JhAJ9dePgCjEeM9spMVn0ZZgixiuCJhzptcF9nBWSHcvl4PIG4S0IodLUyRoPmfdrnfqIVnXs84MD5t+4uYgLt48eChsLx9bh77N+6PsMaEYKD66NHmG/2cLvXB3pXZHrsZZpTcZJU50T0ecvXx1N0av+kUafNseVXnWa535bjE9JFCEMWoYKi0YRb9ItAfGfXCNKdEL06ACa3PULZEVBZPtVOsYehZlH1nHsWBS3IW427V3wNUc1Av2ss46TnrOTkOwnJeatZ9XNlMGAC+Jg7cB5+EpM2fJHys01ugctSvTKbio7IEx4h9oqsm6gTcE/JlTPJvshHtayID8mNU12scV0S9Y42tQhaT8RfdunJs+zTNhzE4O8cFVQSaIzeVe+bWv1zFq3rPCyADFVv3kyqhUsh4NZax10qKFEvb89NMR85K7VjVR8OqFv8FJVkimid1Uw35gJs5RnOWEyWvUvaVlCa/QzL3PqS67O0hGP7cv61qGrHoYFbXdm03umWoSv35SqRJb/3l7yCKSRJZPToY0f+6hvtieI4wgdhVeaDh7kmZ+KtzaMV1aNRFP0gYmL3gKWMJ87Mmi3kV8tM+U+1wsFIv3SutLTEQU8zhnEy160jBb29BPO8RgaPbFWviyEEtSZ7YNRihVNI5iFn7JRlDc8/+fIAFO/11ZRAYgY5XQWpld24fK0ajtNlqOm70KKnoHk7mQvpVcKMXLnKyPu1I0N8hMtlJ55uDod43QalizPJNLNfC/naD0MwjlgrtN4gk67kIsi/HfaQK4U7j67NOQCq+0SrvQImBPrpLRZk1vjKnFDGcx9KpZURHEsew9g2FpTvo5DHRGxC+/LdwptPJKfB9B0AQgInURzCACaJP3A84na3nbLAnRNYWMXReSEY5V+2iowUj8NT/5a6Zrp0vvIw1eeUowyESkxrctNBD4ZsAELuT/oD1+AslTIGAJZmSjNSfzJ7sctUE44hvLk1jZv0bSA0shOUfHMYz/hBCcw2+XZgWjcZdgKNiOVxW8RJoTodTOKKa6G83t9yFdYqVg8OlVEi6rRmsazbuJsNXopWwRVPUeOtT+PAlum40/r2D9+mtjsqFb62e4Au8hblB8/AsYGGeCbJGdOxQP1iyCcoaxyBvOfkmCHwi6G3zz+G8VVDOjFsnWA3qmyCn6NGGYXz0MicSIGNq1kwgRXU481/b0LlmLM/ends6GLROst4impe5GHCwF/BUR5JQ1ufkUnPM9FSv8e911tJOu9n8zk+aySx5M0rvxuuSaLcLqwIAjP28iaPZKoz730IsqKKa6GSXKUe++VVWqC5iRjHQYpznzfHOVPkfyjxLI/yQdnc/gEgXbIMTl1kFnIeRVUmmTOdoUFi24b6eS6+ViefbziJEWmYm5zY+jGmtzuAzvocs8PyZL6UsfkfzyglmNmxhXcTHVM1ftZEPriUgcArF+dGbzlSwhzogyXK9vY2Iy8owP+60ZgnKVplAx5MJG/crrWk1S4HwhrxU6oqsHoQpuqcUiGjZdIpPqq/kmZl3YQ/4LJFJiPMJ+YWcqd/TnHLNNYDPrU0BsIvvUkOfLYZlQcOmtU6iD9B5x760e82ZsUHIkh50wBznU177JZJki+GECJLm0+gtIaTGO5Kl6W0r4iJDZMTiU+HvpwmKXHD43oyoeA6xSiYj+kdgVffJBRfbTHDMHJTK8HJEidWQuIMnMYtSzKp4wHE0ghhrMjvJIj6jx3oOEdrSQKjoW81PpxgrydpyKnB33Qsr2RdMJPMBskZGCeGkIhn7n9ULhWZxxjLBbwcbH8OufnCileLd/Obq9926rv3jaDcDo77JODeCkzLtJmU5Kfog3D8n2556M83p+c8qmio/4lBodQX79JSL91TlAXgfzOUz+UDO8w+moe1zI476vHPgTa86NT28x9miTekaWfBNmfwMz5OgR8UTVKmnCwkoBEybCC5JUvQQoaurwyw+cszEIkZfN5zRyJZfrBwMTE2l7Lw5ZiQh8F+6DjN4Lt3WrdBiuh9EH0qsJloczBTPnBhuN6U0AoE6BqmiPMjMSr7iw+XO8ShC5hwQrgDlwHPhjg7BiCLHFwLQGGAShQO3oIC0QsslkfWxR6S4ONlVVeAoCzACu5IZbeQjRw/9cDTnT/uWi5AZ12MvDWecaI+F6CeNaN15KUm0tbHJMwEGYw2CFtk525xU8S3GZEUwP+m53wN/pYM9RgB/3ZUZ76PPi7W4SrtbC8RHckOIhJ1ttaReP+Z6Hj4+Fo/lMYDdkm9bAaDebEs0+s9Tr7DroSmnxp6iF6WzPZdJU5KxlWIohxxe/zGgZgTvKCv49xUvtbzlfjCus+pAuv0FYAdlm3dHn4xmQlouoP4ywB/6Hw4JZbJ6Elx1+mpE3lMeLnw0BZZyodd50rKRLT17zM3dzvAHA2flnlSEl1iQqp6jaEY/QJjuSs0Oqlpj/60XOgSaGOadgkCLume1Jac8swSXYhFtUFrTd7hM4r8lktlIVumGfuybq38K3cJNGABwWui+gyc99AncWFKywY9o58JEb2TVxn3vDaC3I0oozSEiQcUtRxkfzdz25glp9PnPC422VblYS4rvSDav+NDHWDUz2FauX8HisfWypWTyjL8GuB1dxiAZ7+SrtxUQjL5LYY6YX4UO9BxpuvMLRrqGja9igTAUmcf+bxuWFCTIqpY7zzTjKVhHfO6UOnYjK+rIVkSjDmRrgqnHVyOKEdrutsrin66VMXGHNODkKivkCq/jOkBObrxP7gtmMEf0sBDdw1I3gizPHfx5AMLuXfhfLsdOm3CQxhslarrpKsqsbsHJem5SRLKPdcpILho1j0Z7Fnyu4Kl1ElQTcceUI54JgbOv+OjQao6ZU/+pkyHhyMuOFN2AR6ApcMnVWBYhDs1rWp1cF136RIyvjgJjaDsuwayqKUmaRafZ61wKHzn/EjO3gt5BeZ490BNvOaAKSboAYxsYqtgqOxHO5DEsK53Jy24qaHDgKr5qPOyHODgUkXwPK7O0FTu2RVYd8jCRx+GfYFMzCltQ/NV8Bp+wmAi87TVHyDz8TAkbT+pJRmDkaWbb6rcZXTOBFAyk7CWSSRPtOE8PPrLI2KU9Y/VryMqsyPYYDmwPOpx/6gYxEY09CZC5Kr1L0aWXotr9VlGvo+B7YN7WiW0W2Vn/SPf6pLeUyaN1XnAX23SpbO/JUv3X9fdUI5TGfpAt8kRfhu/avBy8cQ4ci5Arn9sitVS7RsyMWjzHjR8URITrPIuW99GCVQ6/2sQXfl6SteH+G4BXw+ghoaY1eL1B6bAEiMz8oXMTxKy4BaSGJe4Asq1u3dWFl6g+1vYcRhxhyOoczdp9Fsi1IZSwGEw3kiIL2Emc03NNHmZcwCyc7ekBB8akV8M1AA5HjY4E5AwJc8RN856FFmchRIFs70PzksEal83QOITQU+GJ1X2oeBSfltwg0G6shjuwWZr5QxEPycKadbq0yO9JdV4jh4hNq4F6hxQguSuwkrscr8yH5cFpyT8LJ51ks1q/ZM3FK9zLgJVZ2Jm5TWXWu2FNRLlr+J9DFynmlevPmN06Kcc1UCcft8THuU8/krxMbLyd82hlvZPgzk0+5V36Hm+zzdTUiwcpjBNQAJM4bfY47QU4LEJsSRxYYjs0dwJYlLOpuPRjPsgKC3th+HAgrIlZ1Jzipjodord5+C2iIuG7HwREnfXz8exyDl1rqCFdHqLnqPTuMZ7mRrOp3fBc/MC438bW9uydZmp1BhXWD56eSwxuwMIJo5kJtAFZEjBC4PWtI8oBqFMlfxd/PoX/PhoD+kUkTIal4ih0rpHhyepht6S1axNvRS6Z5h4+uVqTJE6qk0PfEYRbwoQfqUFnwJXZgGTl/wsKHGyfHjow/zOSIzwWnBptL5Xk6L75B8p42f+doPdD5mKKPcfSS6D5eJ5L0yrL8CJMSTKZPvQzmKztyA7+fVbTqv0D/+aloUZiRzAFBrByVQf2/ehxrqvdNSjKXQQimAa9vk8RxYqWcSah0mECLk1zpFJeO8L1xRvkYx4Ll9ag85eXp5dwrkJo66vDXLudOGFjQ0IzCuiqxQnFKYuEjMSS6I4UJj1SWVPBuT1g9cUpVw5iQBZvg/6XuOx9aOb/jHDtVPtg3yOLWyJEb+Uk6TCYPl+Yz9FibaASR2je6KtQaRDP6mq73ZHzC8IO+JmbnH/9xlEcWKRjvV1p8AD5AICrtfz7JsbffoCEss559q/RI+g4t3SL3cgPnGDM6EtOdFKkUnSI8OhfzyaMacSzy9BtRTqhC1zv4W+ycNQpGsgrA5XCFhm1/Wk2GsOQdANhm1umj5ssL7bragWKRwXumkfyCYBOcDown8LNaWq3NsM64/kgOH8hbKuVTPQFJ8s8zp/rSGIGevQDuIr8PJHuiY4OvgOU3O65paLkNzTyR0hkHIhjK/SVMrpFc0m8wSvxSFajCQgxhF6/yLD5+669iYukTKNLKi5ezOTO1gJ4YQrOlYr8aspfMvrCFeg0EAtY+Abv7G1DXWw+BoAaIR1F3IMOsdN28e6/N01zyz9fNyMxexJ1OfjOmbIkpul4XTN4x3dWTcbsZ9mbQxwEOuFG25Wo6Cv2N5qlRZ17U/qqsU5zxTJ1HcQ5PwHxPY67gIylf3p6IddF+eEnebr+rFtWR8pezIh3F48QZ9AkkHxSf47hqBdgSDtupGT+LzgwuVQ3TElhxyoXs+dwwJk28G3yWsHNPoaven6DYqgjN5PnWjul/BRFhyLCwosSn9RjxDwkj9PZ42oo+Btp/iXBLnLsOFizxhv1dybk+fag0voJR7nJQPs8zor+I8lI+nhCCT+istk3utoHgv7QXPQVnSnKVJuALUyDyS0FqlnHRqusDhcEauNJA32LNek5fA4PVqwUfA/x4uAOTIZO3YzwG5S3PhOK7wrvFbAzwYbEY3vZX2ItW+O3pwLom8XfOMid4St9Wgs/9NwQtXp0tTPMmWzYo5BlkC+8NJ4MX0XHM046F5yBchsq95AB4RP9d5Gw/u7gFAtQALlTE6O6Ou+aVUE82pS2Zjfx2kt/ZD56unpKxk/K6VD5ymHBt/GyzPfLFsapVQR0NqLAv3WfDJkahgYd0yC7FUlvRP7qBMTLl8+IPL4vLrFrILq/hNYNqch6JkgBJtArOXffID7JUy71NirjNqZDCo8yn8hIBSfCYwHpg2yX2s69IS+ggKMyrjrk3BXePNWT7El6qNhL75R4x3yR8vC3R4hvPVvOCsO+GePvmYX2LOrpfDWtbKxZyhSeCHTQjWJNqh6EqoU/bxuCh3ezBPJBc43VDLY4em13zaOzaduQc9H3hRie3TgFqM6QSyGoFIi3E4mxMw5xzSAZqvi14GNsjtzubv2cayJGZ7s/mLafwJ+tUtsvYGnMs6OK6MQUpaG2yt382FX74wX8kWdAvty7+g6mnDhsvYtHqjde4CYhmo72TKmMZAW37X8HR3flc7Nmik8Ix+6DCuAH3vkRYsIgA8NMpbdZ9AbQJauJORYBt1DYJiOZdXED5xPSWY5rihR8xbjTfcFCbqlwiqkE+FFXNiEdEVfI+CdmIomAP9L2aYzdHcvxrdKNtTB8Ep9VAtjCZC/CioyeAHMR4rxYBeutpI7m+dKVAX2Ejamxc8igiajuBgX/7ezU5sGeqH8ET5z8YL5g+cX16a1EOJqWi7zWL7nVQLHrM7swOfnH597LVSJzgjMfYJCE+snCgcfb4KO928ZRMqsFoXlp0ztK16dnZhYlN4RRstJrGgNTeA5S4kKtHhHSTnIPb1JxI9/1c0WxigumYp8ZUOG/YOzAaU6S6qZoXXHwFynfxIUUnR3R8peW2yb25aGIrQpkCLFLby6Obk7VRzZVu/j0ypPiXb3qlAZOP2vkISdo77Eww9CBP8yFtkELz3fkC/mZdSxz1PYg5RKstJSYP8YOBsGPaGUKBrK9l8B7hbkDQO7hsizQcAIkBO0FQWIADTdZu0wJc2zH4TePg0ZSNlokcKpn6BfC9YVIS0xTnAIG/Eevvimy2d0zLozzgL9ztpWKoeIBmsx7mtR17Uwkiw7qJoRXdw89rNYt8gg+MY67AVS4gsdT9VjtzuYgd/3Fx4500nxpd70BNPBeDH+lqRub0K+DjjYu6P0hLy8UPUZvzmMJPqtXyIxiNNy5piVuCf8F6HfK4UzmeyAtoZQ3eaLYiGj4mE6HIMC68i3r8xQVqrWqHjrlJWVXJFpwHUNfWE6NcqCSFAQ2bnO7c6fGJ58cE7cL1QJGJm1J+UtJWrNCfYBNhlE+BJbgTh4a5OoabpXKPn8CRfy1/e+7tIAtNP1tbOJRcUNXTrhEWym3V9L0IPZhkINPz8bB2fudmcJTG3526/l8CTxOiK9IUCY2a5EAzJUlA2oAbHn9BAnLYcrRb8yEwR85ZJim80vFz4MnpUcUW2GO0aShWMRsF4APk0ZYjJBIdc2PFA1QbtQkXyLvM0+IFwKg1DffmDVExY6b5fqZwQk30y2NnIh5KudwrA5Mvoy75AU7AwvwjDCuTQKC6YyX4VrLqymKIiyrPmR1qY5tMBFJ2d0r/PfY4FQ82Yc15ajgAyL3TkWiXb50L+Aq6teZORwCVMUjjNTGHB/m8EituZRwu345FauY1cPtly3ypjJ2gFJi4+RRcctJoIUu5KfHj+7lxgvYZ9DKKgKkGj3Bhu58BnQwt2KO0psXaQc35QDVPpJ5ySrcH0Fz8RKeeOAxc6Y367myXd+vS7O+GzosKcxMcsXMgpUMQDbNs8LDqs9/yjXKEh1MnxOq9lISgJxeB5dQK3u1HhvnxeB8q9VuVAijqNA9uq3Jtn8ZhZkWUiIb5r7XdHUuvtjpfilECu05YW/g3d4TLX5wmfOHJr0ZnggOUcCKGFeD/o/HHjV0yVIaDGll4an6MmAHk0ikXykjhQ9GwRMf16iM1ZAn9Omo+JKl+2HDJAxJOFjaUbYX1XVGi8Rsi1wy1mrLxfRpQoNl0qu6wxFFX7Uj4EhP3EyWpN8aYgEyiQT6O6BqzFMfnmFWaJr0QDh5I9nI09M/Hy1hUM5diz1K0b2MfMvhLiYiju7qCREBS8Sy5ZBuHjoqF7glcN9sZMPH0SgMky7nSiffixcHWR7tXxH4AwiDSbxK2SzsGhgUaLlONywTclEygWKt+wMc227HdOHOA0bLkgdamvD/lZ7+4ViStGvL4ouYoTVGuTk7BHkqkgE9ZKRpWqWS0C2w7AjKg68ZjXELYQYpJUzZFyzy9+qsDZCZNy3fwPZslCQADafY+HjBonT6MP6VWjhEvAh7SM3wbaQuyLCKrrgzx5am6obVtRLoRNbD87jQTZk9qA/4hloRDvcH+L3ebpPKGYqvGTpiste3BCZ5Jz97bztzmGdTj6Vcw6UGdrM8I5w2YiIFOrTdUwpPGY1Y1VEXoiaetHNpaJxNkgq2wdlM/8nV4GfQteSREyztPhLgq/OEGCIkB6RB4F8ciCIuXpAeOjZXVK2BTxiTilZp9pJt3AGkdPMjDtI3atjX5zryUDMg6I+rf+CQEaDq2X0aQ8BkiE3rf0AWqso9bG6Ls9mqSqH5QXjQD1UTjeW4IOIAYlcY9KirhPEUt/58Z0BWptBvH2yldMV5nvzyn9l9hbzquxQZWbWRzupIVisubuSMFQBi718Kha27X7+iZpIPRIuZtRGG+ffOgwjzTZWceU/2F1gpLxjOWT7AX3Wsi1OA4Z2ewRkBNRw42lEicAVt71CrZTuEXDZiWyxA/K/RDpo/xmgpMrPJYeHtZJ5Q3xH+Yqs8s1eMEEDXRxKIKyt6AUR4i5hLc4lu2vo1ViEMTXG1p5a40H9R6946g2HFE0IkO/vGaPC5O9I+tlPfaGrCWxMtFBbEa3YrwPtgsAWUGiMBUgVA28UalJrIoYY9a/CVD3ZuCCO1WyWGuj4JOtfD9PrPuQ9qmWsYWmtFfebautr00CCJ/xUhCHLWOLXisf1EaJAYL9d+eQ9VyRScTvDNDSFuEYu9KhExVaneqIQJkNrL1kHRizDSZpNYPLmIi4blXCOyFwo4E9Dq4+EhDvucFVY1NLcn4elgyq/JxfyQ8tic0IPYWQZ33H5C4hqAqvrmmwjaS/h6i0WVeTWGMSumwXSop9VD8ALShEleAf1pt0y1zz3axwVVWsz78oE3d35FXyCWAif5TlJL6MImMJ8LxOK+0FXSqiB1SC6uicpVil5JNRBiqnEnAkSWGrD+b/8FSUqaS6jFDKued5pT+L1nsxcUpkbD72/daHIxP7hKbpShg33riQXRYnXHs7f345fRoe9Ni8nvqH8hHxyto5/3idRGmQRFEK6/zrTZo/6IbVGVcJUpVKNYb+OM+Yrp7Az4q/5UKpJhp1nIhI33ufS2SQj0uFW6LMa6Eea0R5iu8SKRwGj0+LgAQ4AaIfWjSxjFlOyLwBVVGzF824m/PT1LvH6qrIX9l9oYkICryPxZT9S59l0qVW/zbQflTsn58eapI/LQaFqexcFQpj6UW8yuHyTv65wjtHhnbzAmiluf62fhtjuZ7apJ3CSQcBRf762+ghfALfOMOI9xnOGoyRFWJ+KY6P/Tw7cOlJaVfn84MAWW4eiZz1YOkYSyjZCcPCL0ooelzuS7Y9S33QyXHSgVmApj/MOG/I/IFrG/+AM3HtOZHF4lpKPZeQ60WCxxWzGGrtLYNJ6ynC0puW3YYgl533OwAUQzunFcjsSuw0kcTXADLHx0XAeEk856iWFgVlOTBB5y/efRZAD66/tVTi59YznJ2B68kL1PvtqyHAc5+u/bLe12DTBoOyeIbOo5UtmxksWp/4JY4lxqq0jXs0fqeCUuOvpo3Nde2njFaKKuHxf223CjgTlHHSfQ/4Q6L9eOjoje4jsqcx9HYxvqbhQwQBBBwfbiqLSWy/lwLfYVFCnQ0mm0cRZfRvdnim6Q/IWFhLF+EgOYJS9ps6m20avBPf2Lu9gt2/MkKV323IZvoX3HLvlABhIVIRtcqX66q8dHBFrzYx3pTX7kl3R6Ry4ApaLNGZwwyYPfYQVkmu0TM12a1nM3fTji7PQSCcYMAtvrf5JvcIWaRHrdsNo77Ype5tNmgaLV3g5LAa0BODNuF+2keaejhlD/6Iegq1cr66mdP3YEE/4OItggDjaZBZ/Fi52DMckljq5CoA4/Cs5Sw0zIouAu6EzNqeGC4/3BWBpc3q+nn4XeXzbnyOTRxLtqClYqYBVOI8inK/R5wt/VcN+laVs6YHBcSE/U8/1ht89yTLg1gM/OrU29eQIQ1Tg0aZgBtFLJk0/Ssu5klYZ3lexlH6K4Hu+UD2mQ+8QwBDHvZvwnAkuo5AI0b4K0Y+UKZkVQFUHvlrfIOPSW97VI++adDgNH7eXYQKBJqxCcGLEzRX1ZyC3QmaiL7y2ETuxDdvUJbJHHElpVpHWJEWjbTjKmNs7DGAx1IFvOyInon9dlHl8kxOWd7t0IboaQVRXJxemCze7p4Em0/4CZhwbrRBfabAoYUkN2CdZ2mHf5FxDJP7uY0AGnWx/JOYAPAx5KCrAXzQMYwCa1wi8WFFPT1eDHLlqcwXr6s39rGojEld0Uil8uZAaj67qL3p6bsyGtG9lgZPyIauoVpdl3F91Oui90FcRyQHzCugd4uBwhBSTgm0XLZxPqZvcBYML/a1m+KunRcQHT3j+hhB1aw3jc5xq0Zchh5344PVJ6UFuccFfgvcFnB1AH0QLlZyVce6gBb7OwCwdIL0n1/aHRbEv7RZDOHHIfUDW2A3aJvI0nVWJEzAyIb60zoIIoOh+hRe4IMzFK6utjT/fBfnPt70lxiUIvL/Wq7PWiLIt2cnFfRU7h9xBz8H/4InAB7rvmf4ZZ02dNpLi/mfUFJDs0jvHrXqXyugCr1+noikrOYeLlG6XSwfmEEO+u/mDbSSvbloxn9zN7zGL0V0bmve66B1Mx22T0ZxHJIpq2d/oYlXTSGBpJAuXhe8r4pagiOzw/2qrt3pHk24wDLc1qgHnTd/pAjvkBtCG/JUlyveQ0gOR5fVuGlRRmc3DMa+p0YlltmkiDCMoK+eQv3us77PpthY7hIPWD2QEP5M2Gw/RMiT4fus6yGqJkqI2lKNc9edQC+G3zxxjf6Brj9TAOUkrStjKepXRgBxBHtWKMB7EVnhXhHTxM8NkLL+sSV+774gcQpe3V5k38M3Ez+6DkpdMsieRPAuiJSMz6lfCGrnDrtCSpIz1bCaymUPalhjJ+49WBjRJE3hJ62WxHY8nsQ+OOIcsbz/CskTvR7IkqO/DW7/BwT/jQg3qNte3LNQbbi/aVIWyaAhzJ8aoC1OmVwCvxr+xu6r/0Kn0MLBJpv0oKZPAs5kMQPsPbMf3zsXItsPj1pXpJD26qymhIKhQjcFsWzZRPWbyX0d01fVWTgTDEGeRB+qJHIUaNaswXlknWEqq/G582Hy9pGE0XICawE/gnwhOB8r8duFASblMmCvspooNlrpBLP65z0PhX55+K0khW0L/5RO7G1OclHF/DnabqpOumZTiyKZpbDRJC4F+nOTRZlNahy8Tk4AhJQBd+zWvz6910GRznACa+GSxUyidMwgqoV0OfLIGYFhFtreUaHVVA5dT2126KMDm5+nfkEbBHX1X54F/DNsWbLMxqA2DrjKQgRyLRGyBIuEyec4tDuJSerxwwgwQwlLSpdYlc9To+BcVCCGy8RyM3z2lZOjHu+W6DFlCNPxIaVltPQoDk9snPPdtm0bsXHqX+cfZTG3RGU1kMccyOn396DUAtGmBboPZjDLwW5yVekm2PbYkvi39Jw8zT8ZIWrlgRlc0NJHOFTwxZ35W+95wDk8B6zplc4GmrcTp29EUtKxzv1bUrnAzqeFIn67CFJ0PpN3zViVGABMOjcwRLs6FwZmYjeB6tYNppC4K50veUBU8LuR+nm81U99MxW0pHtfQOq6Xv8qSgQdXDk8eYNwOL3kgS959UD7oRUC9N6frxJZzMKfMep8sKnyM/DWpbwiUgHipBTIz+C3LanEfsaSnVDNj/HritMG1VUv0l5riDff7tyljIASv1SX07fxI+bRA4/louad9DjPjgXLqNZZ46xEF3NbAysQmkTmWWJBtvOb6jZ3Ujhi2oPySZ0Gyw3GBH1PI/mDdrwlgXJJvdTQvcoXqV9H9Y5e2irkXHZ5+EKl7eX1hCIXeHoOfWB2cwyFh2ZY1th/+mVPulRzeBktnJrJIeEmdb9QBqiT3rhGGSlQSo2+J2i2fBK3kMMBUlHA0Gut7uaiKftwNi7uF+nOnR6bBBgDUDjNSrwS2zIQC/QTZptesaFVuiGUODrAZpgEJLMQgmPfovn7rTmZBAHRcXL9wE2m9krX+c8JYER2WakjC89X+HDfP4gOhT6rdRGRwiwyxbtzdNo/Apaf3Tkd1LSZxl0NdVcTWNVPYh24f4UIEJZcOSSP8nG5HMCAy1oDfRX1Ifsqp6+XlvpNU0EcgKWmiIvYoka1YYjp9cnZIvwP/bJZnNEWS66M2yTVmQDnR3p1+7qilWaJmZNv3XU6EuzuPFNjmTHqYCQf6UvH/AQbRT01B+WU99z7RUkcEHSmHwNlOwe5L3a61tieiaTAWLQ2Avof8Emv4a+rZrR5qxwHlG6166qaNJzWcDV1D0ITNfuYfSJhNO2nKRLPwcTmC6c6mb5ZzzAMjSsnRb39XSbeYcrCYaLLyyI0fx3XWGzbZhPnwisK7wVzx+5w83btDaKIQ0pzOau4zt2TAWHGN7Skn5MnN4OarpX9EYW6D+4x0q9LbJQrelLuKDZQT3fC4d/183kc+HZ4LTtfB2/TIzK4ZBjtrlV4d0pZHtcKkkUjKYopVqqBVAY0No2YmhVnVAQdLxQGvHKkyP0WWVj7Rirj+ifN3IL2dftTfnemZS5IbFbUzqu/ivm1Vk6WobVC/N9SOCWoN8rANGahbFb+6BjtMn6oNW4LQW88bw03VURpeDTAvEVTUwhYGJccV/Z4q3tCkTskj+eHsIjY5B0Db1UhjDQfopDDiql0TovPF8joIgF6+AP3NYnYL54atROgssnAcJ3I/HOqNWeZSMAW/KZtOdjPq/6q2WIluIlQ7FQGYB+1LMhCF0iX90aI0XowgzLDeSdzcs56nWrkYvNnf5oZUc0cQHgj+VAuttUMPTY36mrtvcbMVweIde8e6tD5+bC4rXiinNPOAOcoxtlhCCinLMv9Gwq9h6lAx003JDaqU7MO+/7tjnoI3hkhvwtUjDeoBnMU1QKr2jwxOXw4G8z5ZOWKsP8Y/uTksP9RZ1kvvCXm17zECepp9yMbziyfvT+j9jNQ9M3J3PABQHyjVHT9pZ0ueDmyrD7GyxVhtsf4ayB6+GhxhNPPLhR5ivsdbJ0Maw0HFVrr3WI3ig1zMSOYjNenu1re9XoBwbROTEDfIwfuBqTEW4Tpt1QOtqbRYTf4Epd7mo6tMpd0/iZSUuZFXNZLi1GYQ3lkedWRzAYecd4NIq8nwNEGgrpvTvJeEXTfKTftKqbYAXVnLugFCeFnSlPL7qbiru2rN0MFBA64HfdK2AP3d7agxOhnY5zRD8Xlo4fO7DeOAXpUHOPov0amqmGvlhrZ1eRAte476/HwTe4MR+hOqUbLq38Kz9JuuRcg5iKI7JkdXjvChvMi95amnqoepfgrIA+T2YK/rt4d/sugxGaO6IjYsFQih7mdvnAGeY0lwMdZo+9x+LswjUgLVnDPK2VXmipUYMZPoD0n4tZEmci5odJc9EfVWukSzz/i8sg4vyDCfw7EujjBH8LbH/vwhoi3S7K+i05r8euMW40IfT1eEWXz4apnGTh2mVutM2MqndlkS1BFxWUFflSSdECorWFGOFt+FJmhnq5bdDFa/WexSLNaVSc+zEVu3U2tNFRCG8VnMwLY3IDWApCHaIuAYk5AXxydccbymjNBRL7XdsVpaJTRM9S2jCePjEIptMYtIsN1SwdNnoyReh4Db2FpoNW4oKfLLWe8zhuTEHqr5DMiAtJz/CYlEHyKS9+R/SJBuaY4JhuhtGOAc0Qn57QL69RYfbNtEzIaXsq866f3BiwyDiPT20Sw6u9pixEJ/Ee0xjz6Z2qy2cIKgQEm+qIwNSy/ezOfNeOoKVIMiEKf2mt/u7dKuyMR7zH/jcAltCgxRGfSEWUOvZw5uV0lagqDuF3AHmNaV/Wl4dX5vzIniVb8F/ZfKoYkGkI5sjqfWacHw14Lc5XeJL8PKEn9bqUVBeZldH9DyWMXG8ekKtr1umT41EYWDz3pYK+LyZz0He1qvsxqw9WJcPIVRAoJZm73+wf1dCaHDn+vXzSgeLW5zPcw4cHVW3wcCh1qgFqJoZVO2e3hGlHzP2IAne8nNUqRnw7eZgtmA89an/E3Y16nvBaMxZks28EzN1VZArdK2ZgLduEv/Mzs1+grsbzSy9MZikaXBkMhjQSMWwAM27qWIMWj01vY9nGCcEOXxoO135OL7ojOcnWjyrSPBrIHYM66ElytnK1EkW1TYKVG/EwpOG6e/crbFmZFCE8AQsz1YySLVw1hbngGPFyN1QZE+Pm6FLzR4Kg0ZHLrQ/Iqx8ZyM5uRRQdzXwxfAjhwyQTtGr6BCFB3yoF0yibWVlfi7uW4bVH+VGr+x1Pg9B9B5i7vIkfQfTa5P3eWsN/CeyBFi/QSbeje4t+4AHq5w4esTyC8hlnSjznJhTNNHvSmiEg3p4dDOYyGFJy/A7qAK8GQ0Gj9GujQ9MSNNQcHhUY6PH/NAPUnUn30nJN+PsBNSd9+J/21P3dM6HiLsymV2MKZnWdYQ1XYCCLy9Xq15FP+zb8ATHxPWYmXTKQOlFCyMCxviRKWOXPk1m629qbtqrObUhaCE94Zo3xbeh7pka9rNAS0fqpFtICfsuQNBbyi4OVeIgTuDqayRtMyazzNYGviWfuS0JFqc+yzknKPXsMvPA2nUvymmULeDfH4fBdfV4VJ+f9KqHtZ5EfmuKIK6HfTgEI5MXzGI8Jnvtw+2ejAk7vLqHuGfazfTw5EGQZ0xEAbLWZwhmQTcN5aw40g3MjEP8JbQpMzZsHBDWnSDZLd2vBn1DlRpiDL3z2DyNN9SMHJUcbvOgdCcZa2I3/+p5vS1oig5LmD/YGym6L45Z+jQzB5/wB7vo+uVa43NxwXdjUC0YBJhwaRvcv3FNYDXIArEXKYHOrBEf2PhEwV6UopvUeNctIdcCkhTl66z+FgkLtXK21vWp0wL6lDt6wFoYUvePJyrzIGi5q9qvZLh4cm9ATcEQLI2xJVO+QWPP7v1DWLEOsI46d7PHUPFlOAjhnNxyaU6+P5KsMwwZSnD6vDa1UBnnAHjQUXU0FaGrpR8vYwqo0kwv7urnHev9O9p5fFpx4TfXFfQfPOg4df1701L1v860VKnWVnKwmB1KeenLAqD8rpfNvW3qB0FXWlPXKjH6i3da/t7IhboKrLkcyc5tFtKfVbHlql3kEaAjxCNqYXlVYbLcaOR4SEgIIrZ+Ltz4kCVxPKxfjqXcMv007AvPwbNJpaItiyXSMgi84g9GyGzf/SFPBZ7GmBL+QwNolHdomlh02Iutpf8aXHZKYpdR8ZNdF4SBwNIKziB55s69SKwOCEyGbBuuXL2dYV/5vR1TPppOt9KQWtdTBF0KksTaGrA1SyqD4JgzUQtU9gUvSjwIBX67y1E2ovhDHeD9hxu5AkggV8eTKYuQA+mj68dBH9h+jwYPTw5s+TkgfdbqWs/4ByT3KJzXJQN7OKA2JElYBMjVr+JfvqRrgTnWJOw9Zop5AfHYOw9lau6uqk1KYga3m+589wf+LFMD/05wQuSM6Wwij9NwLa7Ig4odgVBifBJ9I1WMtwhCmSxDPfNwc1ocTNCtm0wm1fG/GbilKxcMF6SO8zDGq5e/svMePkTVxBYrO6Zwh271MUgqd/S0LjUwtyGOekWz1rWVu1X9PGsYufa985LyMYHclndAnXrjydJU1rnM8YekjrlJ9pgrcu2hieMU/fljXzg46UmTT6sVB3LoznAZNArTmAbCWQxw8hBBj7w4emyFFcuWGF0GNNHB7S7q7bEg7iZBXCq6ua7TI3tuUAQR3WriMTpHN0vtfkDuVQcceJGuul9DWdoxnx/tULaePx+XTPhRXVQUZcPYu6NXUsIz0IpX61hKMnm0gctHQTtDtTF7ewyMy+01WzjYF7FaBMtxjCkJZjWHeaHoq9YbHWFpSoGkI2IadbKYRjYwkvS086X+iQJiuw34Lqp3mF0kRlGLf+1lj5tmNiBJFoiFRkuQiVSM9o4exQUZez1my5iQCOHAezikYQmrB40sas3Gzbi7QYTqVdUNM3kd7c1HPWar+3guY5cV6sgTnw3s02bujzE2kgNqrts6Mt1Ye0T8qPrckWxzco7m8T6XYY2yRjio1HV8YFck/KUaGTGwkPewHkm5KN0ECPtEfNqvFnj8163yWcNx+GvWXiGohI1mZKah1tq0Xdod8yaqJPHghRVCk6hHxwxXdA6VjedFHapIsxeXhGkFwspyS+N5yGgkItdrla784hl3O/wb7tnF/Iz6T1k2fv1WGWKT+9q2yBjlI+tTD8zDXTMy4aKm1K4Uq2MdjMZnDnJWTo65elhRNzlBLBwiCbwf/0UoAAAgbAQBQSwMEFAAJAAgACGGJTmMkMhlAAAAAQAAAAC0AHAA0NTVhYmI0MzI5NWI5YTY5ZTM1NWU0ZTQzNDU3YmYzMC5maWxlbmFtZS50eHRVVAkAAy+LrFwvi6xcdXgLAAEEIQAAAAQhAAAA2krblQAH8hnNFJ0WeYhUGAwvhEkDtYjR2afScEif5ztEtoSAK2tdrzja5Iz04NSugBinbvMWr2B1ggD4gkMx2VBLBwhjJDIZQAAAAEAAAABQSwECHgMUAAkACAAIYYlOgm8H/9FKAAAIGwEAIAAYAAAAAAAAAAAApIEAAAAANDU1YWJiNDMyOTViOWE2OWUzNTVlNGU0MzQ1N2JmMzBVVAUAAy+LrFx1eAsAAQQhAAAABCEAAABQSwECHgMUAAkACAAIYYlOYyQyGUAAAABAAAAALQAYAAAAAAABAAAApIE7SwAANDU1YWJiNDMyOTViOWE2OWUzNTVlNGU0MzQ1N2JmMzAuZmlsZW5hbWUudHh0VVQFAAMvi6xcdXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAPJLAAAAAA==' AND file:content_ref.x_misp_filename = 'c1961e54d60e34bbec397c9120564e8d08f2f243ae349d2fb20f736510716579' AND file:content_ref.hashes.MD5 = '455abb43295b9a69e355e4e43457bf30' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T12:21:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cac8cc9-7984-4dfa-85f8-49af950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T12:15:05.000Z",
|
|
"modified": "2019-04-09T12:15:05.000Z",
|
|
"pattern": "[domain-name:value = 'todaysfutbol.com' AND domain-name:resolves_to_refs[*].value = '211.24.237.226']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T12:15:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cac8dc1-95dc-466e-85ce-4b0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T12:19:13.000Z",
|
|
"modified": "2019-04-09T12:19:13.000Z",
|
|
"pattern": "[domain-name:value = 'mypremierfutbol.com' AND domain-name:resolves_to_refs[*].value = '78.111.169.146']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T12:19:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cacea17-9ba0-4939-95e7-474c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T18:53:11.000Z",
|
|
"modified": "2019-04-09T18:53:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = '360752e2f6938ae91ac8fb212c62c0c4' AND file:hashes.SHA1 = '346de24b4081b0dbccd0f3458734b08258eed8a7' AND file:hashes.SHA256 = 'f34c85bb4fcd87225468d0e8ee4441ebc92f42b3f69500d85e28be3c553ce433' AND file:x_misp_text = 'We wondered about the deployment of these curious samples. All of the functionality pointed to\r\na command-and-control module meant to function alongside other components, and not as a\r\nstandalone piece. As we hunted, we came across an unpacked/unobfuscated sample of\r\nStuxnet presumably compiled in 2009 that contained Stuxshop in its entirety' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T18:53:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--2868aeaa-a19a-4b36-b693-e55b1a32d633",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:10.000Z",
|
|
"modified": "2019-04-09T19:14:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fa1e5eec39910a34ede1c4351ccecec8' AND file:hashes.SHA1 = 'ca3c5872080ec86a041b2b887caec9f28ba7b884' AND file:hashes.SHA256 = 'c074aeef97ce81e8c68b7376b124546cabf40e2cd3aff1719d9daa6c3f780532']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T19:14:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--95f4e9d8-aec9-4e52-b133-8688a3857540",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:10.000Z",
|
|
"modified": "2019-04-09T19:14:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-09T14:27:10",
|
|
"category": "Other",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "b0d502dd-ff60-4d76-a5a3-7ffd57be3fe0"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c074aeef97ce81e8c68b7376b124546cabf40e2cd3aff1719d9daa6c3f780532/analysis/1554820030/",
|
|
"category": "Payload delivery",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "6094c770-b3db-4eff-9f59-3e51787a615a"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/70",
|
|
"category": "Payload delivery",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "eb3ecbbe-9ed5-487c-9321-967a75105a4d"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--d7f8c044-89dc-411c-a777-6110c35e1185",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:10.000Z",
|
|
"modified": "2019-04-09T19:14:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = '984c7734a61f5b0c22291a4e26b224be' AND file:hashes.SHA1 = '2a1cc9c615cc2a798cf491a81e52ca050d4e828b' AND file:hashes.SHA256 = '683ce2c7c80b180768fe4d2a39030dc7c4f67db79d1953ee4803522131f533a3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T19:14:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--73ebef95-1302-4712-b237-7aba3002f249",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:10.000Z",
|
|
"modified": "2019-04-09T19:14:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-09T17:37:54",
|
|
"category": "Other",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "ad8d9850-f381-49c6-b650-62a57c8bf3b6"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/683ce2c7c80b180768fe4d2a39030dc7c4f67db79d1953ee4803522131f533a3/analysis/1554831474/",
|
|
"category": "Payload delivery",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "1a976776-aafe-414e-bcf5-acd3caf060cf"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "27/65",
|
|
"category": "Payload delivery",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "bcf66b81-63ce-495d-aee2-1dffdf10aae4"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--308606ca-729c-4050-8d8e-72f00f17a981",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:10.000Z",
|
|
"modified": "2019-04-09T19:14:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4e0a3498438adda8c50c3e101cfa86c5' AND file:hashes.SHA1 = '0655670f1cb40e84ba12adb9711f001269712054' AND file:hashes.SHA256 = 'ec41b029c3ff4147b6a5252cb8b659f851f4538d4af0a574f7e16bc1cd14a300']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T19:14:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7403084a-f132-4ff9-a53b-6342ed8032ee",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:10.000Z",
|
|
"modified": "2019-04-09T19:14:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-09T14:27:24",
|
|
"category": "Other",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "7176c395-37ca-4d30-941c-0b19c00a2996"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ec41b029c3ff4147b6a5252cb8b659f851f4538d4af0a574f7e16bc1cd14a300/analysis/1554820044/",
|
|
"category": "Payload delivery",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "958ba48c-fd6d-489d-8c11-2f6bc6f79191"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/69",
|
|
"category": "Payload delivery",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "c149c768-5027-4e7e-a5d6-8ebac9b6bb3c"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--dbbdfe4d-13dc-4fc2-b189-0582aec45f8f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:10.000Z",
|
|
"modified": "2019-04-09T19:14:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3ba57784d7fd4302fe74beb648b28dc1' AND file:hashes.SHA1 = '648a62d74ab1076e66a7a70f0899b8093eca2b01' AND file:hashes.SHA256 = '32159d2a16397823bc882ddd3cd77ecdbabe0fde934e62f297b8ff4d7b89832a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T19:14:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--67191d81-2968-4471-b804-e92b25166e28",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:10.000Z",
|
|
"modified": "2019-04-09T19:14:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-09T14:25:43",
|
|
"category": "Other",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "0052a797-5299-43f8-bb60-fc6f0e5b8827"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/32159d2a16397823bc882ddd3cd77ecdbabe0fde934e62f297b8ff4d7b89832a/analysis/1554819943/",
|
|
"category": "Payload delivery",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "fafdb38f-5748-48f9-8873-6c6086237764"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/70",
|
|
"category": "Payload delivery",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "5d48d630-34cc-4288-aabf-4186fcaede15"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--de4d97dc-5512-4f11-b590-7f56e1877cdc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:11.000Z",
|
|
"modified": "2019-04-09T19:14:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = '300d2a3f47803c2814a45382d84d3446' AND file:hashes.SHA1 = 'ec5dd52971f550a77c3544819c56674378976509' AND file:hashes.SHA256 = '1daa2b15b70e486927c8fc06eed434080ab408a1b320be9fefe193c20d1d9a7f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T19:14:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--555db026-ee1b-4775-91f4-a1b52245a78c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:11.000Z",
|
|
"modified": "2019-04-09T19:14:11.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-09T17:37:53",
|
|
"category": "Other",
|
|
"comment": "Stuxshop Modules",
|
|
"uuid": "54971c2b-ffc5-4568-a9dc-9ba3ec8e95e3"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/1daa2b15b70e486927c8fc06eed434080ab408a1b320be9fefe193c20d1d9a7f/analysis/1554831473/",
|
|
"category": "Payload delivery",
|
|
"comment": "Stuxshop Modules",
|
|
"uuid": "ae87b543-4eaf-4790-847a-9e81e2576099"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "43/68",
|
|
"category": "Payload delivery",
|
|
"comment": "Stuxshop Modules",
|
|
"uuid": "e44ee586-67fa-4411-a3d4-329acf59622b"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6b9bfb62-ea86-4bb9-9d1e-7aa8ed2150eb",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:11.000Z",
|
|
"modified": "2019-04-09T19:14:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7b0e7297d5157586f4075098be9efc8c' AND file:hashes.SHA1 = '421156c4858878ef8beeadf54c4549095445b682' AND file:hashes.SHA256 = '63735d555f219765d486b3d253e39bd316bbcb1c0ec595ea45ddf6e419bef3cb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T19:14:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--ddaf5a99-1963-4a4a-93eb-0b69396bbb46",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:11.000Z",
|
|
"modified": "2019-04-09T19:14:11.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-09T14:20:50",
|
|
"category": "Other",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "46da9467-63b7-4c06-9c57-d83d362007b6"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/63735d555f219765d486b3d253e39bd316bbcb1c0ec595ea45ddf6e419bef3cb/analysis/1554819650/",
|
|
"category": "Payload delivery",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "2de83530-15bd-4536-a3d9-51752d3a52fd"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "45/71",
|
|
"category": "Payload delivery",
|
|
"comment": "Flowershop samples with relevant code overlap",
|
|
"uuid": "ffca2167-370b-44d8-8eb2-7bfbd7118538"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--6edd0812-8c25-4923-8e60-1872a7a81a1c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:11.000Z",
|
|
"modified": "2019-04-09T19:14:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = '79c02836b6b6939ecea43691278424e8' AND file:hashes.SHA1 = '62e021e7ce7e6c382820b5a083221732ef5649b9' AND file:hashes.SHA256 = 'a01845255bdc61b610cac269a5562ad09415aaf2a1490d53d55c4c3597670803']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T19:14:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--b7b2cc69-43cb-4213-9dfd-d7b5043a819d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:11.000Z",
|
|
"modified": "2019-04-09T19:14:11.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-09T17:37:55",
|
|
"category": "Other",
|
|
"comment": "Stuxnet Installers with Resource 231",
|
|
"uuid": "be7cd761-b99d-441d-8fe3-98c0fe63ff8a"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/a01845255bdc61b610cac269a5562ad09415aaf2a1490d53d55c4c3597670803/analysis/1554831475/",
|
|
"category": "Payload delivery",
|
|
"comment": "Stuxnet Installers with Resource 231",
|
|
"uuid": "9a5f1b2c-0306-4d7f-8ad9-d8d57a895f7b"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "44/64",
|
|
"category": "Payload delivery",
|
|
"comment": "Stuxnet Installers with Resource 231",
|
|
"uuid": "01cbe4d0-780b-4530-9812-d999bc1938d2"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--421a889c-305d-4fee-a7c9-6b0114a2beb9",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:11.000Z",
|
|
"modified": "2019-04-09T19:14:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6df1c77d4aabc3e3d91fcfdba8e7986d' AND file:hashes.SHA1 = '39b106c2405c3b5d65ddbb17571fc53b26893e9a' AND file:hashes.SHA256 = '77211838bb6783121fe1aeff182c8cc1cba9c9f0c1e5a0027e0c0b9dfa18e2ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T19:14:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--596ec4c3-ec57-4be1-8edf-777fb2b48aa0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:14:11.000Z",
|
|
"modified": "2019-04-09T19:14:11.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2019-04-09T17:37:55",
|
|
"category": "Other",
|
|
"comment": "Stuxnet Installers with Resource 231",
|
|
"uuid": "ea99549b-5bd3-47dd-aa68-bda0ce2c3b42"
|
|
},
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/77211838bb6783121fe1aeff182c8cc1cba9c9f0c1e5a0027e0c0b9dfa18e2ac/analysis/1554831475/",
|
|
"category": "Payload delivery",
|
|
"comment": "Stuxnet Installers with Resource 231",
|
|
"uuid": "e50ac7c2-3672-445d-92bb-bc78d3742ba2"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "53/70",
|
|
"category": "Payload delivery",
|
|
"comment": "Stuxnet Installers with Resource 231",
|
|
"uuid": "a6e18bf7-3d93-4c64-9b6d-021a3b2c3542"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--5cacf023-7368-4a33-a5a4-4e8502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:18:59.000Z",
|
|
"modified": "2019-04-09T19:18:59.000Z",
|
|
"labels": [
|
|
"misp:name=\"malware-config\"",
|
|
"misp:meta-category=\"file\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "text",
|
|
"object_relation": "password",
|
|
"value": "F117FA1CE233C1D7BB7726C0E49615C4622E2D1895F0D8AD4B23BADC4FD70C",
|
|
"category": "Other",
|
|
"uuid": "5cacf023-5f50-43d4-a585-44cc02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "config",
|
|
"value": "not included",
|
|
"category": "Other",
|
|
"uuid": "5cacf023-fdf0-45af-9095-431502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "format",
|
|
"value": "other",
|
|
"category": "Other",
|
|
"uuid": "5cacf023-a61c-4c80-9eff-40e202de0b81"
|
|
}
|
|
],
|
|
"x_misp_comment": "The control server response is decoded using the same 31-byte XOR encoding, with yet another\r\nkey",
|
|
"x_misp_meta_category": "file",
|
|
"x_misp_name": "malware-config"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5cacf0d7-870c-4b90-a5bb-4c1c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2019-04-09T19:21:59.000Z",
|
|
"modified": "2019-04-09T19:21:59.000Z",
|
|
"pattern": "[windows-registry-key:key = 'SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\MS-DOS Emulation' AND windows-registry-key:values[0].data = '19790509' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:values[0].name = 'NTVDM \u00e2\u20ac\u2039 TRACE' AND windows-registry-key:x_misp_root_keys = 'HKCC']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2019-04-09T19:21:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"registry-key\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4ef96889-d7aa-40b8-be25-5ce6de4c6203",
|
|
"created": "2019-04-09T12:07:08.000Z",
|
|
"modified": "2019-04-09T12:07:08.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--5cac89aa-7884-4eb1-95fd-4a27950d210f",
|
|
"target_ref": "x-misp-object--d66ade80-17a6-47a9-9efe-7b5a922dfaa1"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d9dc9213-1c5c-4d17-b04b-3bc032b6c202",
|
|
"created": "2019-04-09T12:21:25.000Z",
|
|
"modified": "2019-04-09T12:21:25.000Z",
|
|
"relationship_type": "connects-to",
|
|
"source_ref": "indicator--5cac89aa-7884-4eb1-95fd-4a27950d210f",
|
|
"target_ref": "indicator--5cac8cc9-7984-4dfa-85f8-49af950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4f0a8f43-97e1-4076-8dff-884e07090f55",
|
|
"created": "2019-04-09T12:21:53.000Z",
|
|
"modified": "2019-04-09T12:21:53.000Z",
|
|
"relationship_type": "connects-to",
|
|
"source_ref": "indicator--5cac89aa-7884-4eb1-95fd-4a27950d210f",
|
|
"target_ref": "indicator--5cac8dc1-95dc-466e-85ce-4b0c950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--15a8a0ee-30ce-4011-9989-47b0de6ac270",
|
|
"created": "2019-04-09T12:20:32.000Z",
|
|
"modified": "2019-04-09T12:20:32.000Z",
|
|
"relationship_type": "connects-to",
|
|
"source_ref": "indicator--5cac8b2f-87ec-4432-bb7d-2c32950d210f",
|
|
"target_ref": "indicator--5cac8cc9-7984-4dfa-85f8-49af950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--ff2226dd-3d75-457f-82b9-1674a9ed9016",
|
|
"created": "2019-04-09T12:21:02.000Z",
|
|
"modified": "2019-04-09T12:21:02.000Z",
|
|
"relationship_type": "connects-to",
|
|
"source_ref": "indicator--5cac8b2f-87ec-4432-bb7d-2c32950d210f",
|
|
"target_ref": "indicator--5cac8dc1-95dc-466e-85ce-4b0c950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0aa3de93-d3fc-48db-8a12-6a14a6a24f2b",
|
|
"created": "2019-04-09T19:14:11.000Z",
|
|
"modified": "2019-04-09T19:14:11.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--2868aeaa-a19a-4b36-b693-e55b1a32d633",
|
|
"target_ref": "x-misp-object--95f4e9d8-aec9-4e52-b133-8688a3857540"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0e204fd1-c7f3-44a0-860b-4fb0636744a1",
|
|
"created": "2019-04-09T19:14:11.000Z",
|
|
"modified": "2019-04-09T19:14:11.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--d7f8c044-89dc-411c-a777-6110c35e1185",
|
|
"target_ref": "x-misp-object--73ebef95-1302-4712-b237-7aba3002f249"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--285dab3d-1699-4368-92d9-06a89a182a8e",
|
|
"created": "2019-04-09T19:14:11.000Z",
|
|
"modified": "2019-04-09T19:14:11.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--308606ca-729c-4050-8d8e-72f00f17a981",
|
|
"target_ref": "x-misp-object--7403084a-f132-4ff9-a53b-6342ed8032ee"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--21ecdd34-4658-402a-aa87-b9a319175ddb",
|
|
"created": "2019-04-09T19:14:12.000Z",
|
|
"modified": "2019-04-09T19:14:12.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--dbbdfe4d-13dc-4fc2-b189-0582aec45f8f",
|
|
"target_ref": "x-misp-object--67191d81-2968-4471-b804-e92b25166e28"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--479e15f5-7c37-4e86-8242-11d5ca9d74d8",
|
|
"created": "2019-04-09T19:14:12.000Z",
|
|
"modified": "2019-04-09T19:14:12.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--de4d97dc-5512-4f11-b590-7f56e1877cdc",
|
|
"target_ref": "x-misp-object--555db026-ee1b-4775-91f4-a1b52245a78c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e723a4be-7d7a-430b-939b-e8b098634523",
|
|
"created": "2019-04-09T19:14:12.000Z",
|
|
"modified": "2019-04-09T19:14:12.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6b9bfb62-ea86-4bb9-9d1e-7aa8ed2150eb",
|
|
"target_ref": "x-misp-object--ddaf5a99-1963-4a4a-93eb-0b69396bbb46"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--d882cf57-ffe6-464c-8a99-34f979df6828",
|
|
"created": "2019-04-09T19:14:12.000Z",
|
|
"modified": "2019-04-09T19:14:12.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--6edd0812-8c25-4923-8e60-1872a7a81a1c",
|
|
"target_ref": "x-misp-object--b7b2cc69-43cb-4213-9dfd-d7b5043a819d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3ed6d032-6ffb-4d2f-8f12-9e3e37145e06",
|
|
"created": "2019-04-09T19:14:12.000Z",
|
|
"modified": "2019-04-09T19:14:12.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--421a889c-305d-4fee-a7c9-6b0114a2beb9",
|
|
"target_ref": "x-misp-object--596ec4c3-ec57-4be1-8edf-777fb2b48aa0"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |