adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5b04369a-e36c-44c1-986f-08ef0acd0835.json

785 lines
209 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5b04369a-e36c-44c1-986f-08ef0acd0835",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T16:03:10.000Z",
"modified": "2018-05-22T16:03:10.000Z",
"name": "Synovus Financial",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b04369a-e36c-44c1-986f-08ef0acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T16:03:10.000Z",
"modified": "2018-05-22T16:03:10.000Z",
"name": "TrickBot pir4 loader config",
"published": "2018-05-22T16:03:36Z",
"object_refs": [
"indicator--5b043705-2cd8-4330-90d2-0bb30acd0835",
"indicator--5b043707-835c-4cde-8f41-0bb30acd0835",
"indicator--5b043707-53e8-46d5-875b-0bb30acd0835",
"indicator--5b043707-1664-49f9-b1e6-0bb30acd0835",
"indicator--5b043707-ad44-4f66-abc4-0bb30acd0835",
"indicator--5b043707-1ec0-4214-9f17-0bb30acd0835",
"indicator--5b043707-596c-40e8-8af4-0bb30acd0835",
"indicator--5b043707-e9e4-4ea7-b745-0bb30acd0835",
"indicator--5b043707-0458-4a92-a31c-0bb30acd0835",
"indicator--5b043707-b500-4974-893b-0bb30acd0835",
"indicator--5b043707-e05c-46e7-a136-0bb30acd0835",
"indicator--5b043707-91ac-4099-ad98-0bb30acd0835",
"indicator--5b043707-a2cc-4e75-a908-0bb30acd0835",
"indicator--5b043707-f7b0-4768-b3ac-0bb30acd0835",
"indicator--5b043707-2f54-4829-9614-0bb30acd0835",
"indicator--5b043707-dc38-4731-825e-0bb30acd0835",
"indicator--5b043707-4780-4936-9327-0bb30acd0835",
"indicator--5b043707-9e24-491c-8a32-0bb30acd0835",
"indicator--5b043707-9940-4dd5-8c49-0bb30acd0835",
"indicator--5b043708-3408-4162-b3ed-0bb30acd0835",
"indicator--5b043708-dce4-4691-b6ac-0bb30acd0835",
"indicator--5b043708-3dcc-4e5c-a348-0bb30acd0835",
"indicator--5b043708-5420-47b1-8978-0bb30acd0835",
"indicator--5b043708-a2b4-4369-ba7e-0bb30acd0835",
"indicator--5b043708-a944-4972-b8e0-0bb30acd0835",
"indicator--5b043708-3e84-4f64-a50d-0bb30acd0835",
"observed-data--5b043749-4328-4c9a-b3f7-08f20acd0835",
"url--5b043749-4328-4c9a-b3f7-08f20acd0835",
"observed-data--5b043808-ce34-4fec-946f-2bc50acd0835",
"file--5b043808-ce34-4fec-946f-2bc50acd0835",
"artifact--5b043808-ce34-4fec-946f-2bc50acd0835"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:banker=\"Trickbot\"",
"misp-galaxy:tool=\"Trick Bot\"",
"osint:source-type=\"pastie-website\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043705-2cd8-4330-90d2-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:27.000Z",
"modified": "2018-05-22T15:28:27.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.75.117.70' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-835c-4cde-8f41-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:29.000Z",
"modified": "2018-05-22T15:28:29.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.55.251.211' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-53e8-46d5-875b-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:30.000Z",
"modified": "2018-05-22T15:28:30.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.91.178.139' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-1664-49f9-b1e6-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:30.000Z",
"modified": "2018-05-22T15:28:30.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.112.52.197' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-ad44-4f66-abc4-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:29.000Z",
"modified": "2018-05-22T15:28:29.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '138.34.29.172' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-1ec0-4214-9f17-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:29.000Z",
"modified": "2018-05-22T15:28:29.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.121.142.202' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-596c-40e8-8af4-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:29.000Z",
"modified": "2018-05-22T15:28:29.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.102.177.205' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-e9e4-4ea7-b745-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:29.000Z",
"modified": "2018-05-22T15:28:29.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.121.142.214' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-0458-4a92-a31c-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:29.000Z",
"modified": "2018-05-22T15:28:29.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.161.180.42' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-b500-4974-893b-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:29.000Z",
"modified": "2018-05-22T15:28:29.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.86.222.142' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-e05c-46e7-a136-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:29.000Z",
"modified": "2018-05-22T15:28:29.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.20.207.204' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-91ac-4099-ad98-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:29.000Z",
"modified": "2018-05-22T15:28:29.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.96.73.154' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-a2cc-4e75-a908-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:29.000Z",
"modified": "2018-05-22T15:28:29.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.42.192.194' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-f7b0-4768-b3ac-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:29.000Z",
"modified": "2018-05-22T15:28:29.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.227.31.46' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-2f54-4829-9614-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:28.000Z",
"modified": "2018-05-22T15:28:28.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.144.49.162' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-dc38-4731-825e-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:29.000Z",
"modified": "2018-05-22T15:28:29.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.72.175.17' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-4780-4936-9327-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:29.000Z",
"modified": "2018-05-22T15:28:29.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.48.51.8' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-9e24-491c-8a32-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:28.000Z",
"modified": "2018-05-22T15:28:28.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.243.179.212' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043707-9940-4dd5-8c49-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:28.000Z",
"modified": "2018-05-22T15:28:28.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.177.255.76' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043708-3408-4162-b3ed-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:28.000Z",
"modified": "2018-05-22T15:28:28.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.180.198.78' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043708-dce4-4691-b6ac-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:28.000Z",
"modified": "2018-05-22T15:28:28.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.213.199.63' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043708-3dcc-4e5c-a348-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:28.000Z",
"modified": "2018-05-22T15:28:28.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.109.24.78' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043708-5420-47b1-8978-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:28.000Z",
"modified": "2018-05-22T15:28:28.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.223.26.125' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043708-a2b4-4369-ba7e-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:28.000Z",
"modified": "2018-05-22T15:28:28.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.146.60.173' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043708-a944-4972-b8e0-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:28.000Z",
"modified": "2018-05-22T15:28:28.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.143.219.150' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b043708-3e84-4f64-a50d-0bb30acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:28:30.000Z",
"modified": "2018-05-22T15:28:30.000Z",
"description": "TrickBot",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.233.60.148' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-22T15:28:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"veris:action:malware:variety=\"C2\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b043749-4328-4c9a-b3f7-08f20acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:29:13.000Z",
"modified": "2018-05-22T15:29:13.000Z",
"first_observed": "2018-05-22T15:29:13Z",
"last_observed": "2018-05-22T15:29:13Z",
"number_observed": 1,
"object_refs": [
"url--5b043749-4328-4c9a-b3f7-08f20acd0835"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"Support Tool\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b043749-4328-4c9a-b3f7-08f20acd0835",
"value": "https://pastebin.com/Xjy4sfT5"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b043808-ce34-4fec-946f-2bc50acd0835",
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
"created": "2018-05-22T15:32:24.000Z",
"modified": "2018-05-22T15:32:24.000Z",
"first_observed": "2018-05-22T15:32:24Z",
"last_observed": "2018-05-22T15:32:24Z",
"number_observed": 1,
"object_refs": [
"file--5b043808-ce34-4fec-946f-2bc50acd0835",
"artifact--5b043808-ce34-4fec-946f-2bc50acd0835"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Support Tool\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5b043808-ce34-4fec-946f-2bc50acd0835",
"name": "DdzhzFtVwAAp5Wl.jpg",
"content_ref": "artifact--5b043808-ce34-4fec-946f-2bc50acd0835"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5b043808-ce34-4fec-946f-2bc50acd0835",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAR2AxwDASIAAhEBAxEB/8QAGwABAAIDAQEAAAAAAAAAAAAAAAUGAgMEBwH/xAAaAQEBAQEBAQEAAAAAAAAAAAAAAQIDBAUG/9oADAMBAAIQAxAAAAGBVZlY4vgHe4B3uAd7gHe4B3uAd7gHe4B3uAd7gHe4B3uAd7gHe4B3uAd7gHe4B3uAd7gHe4B3uAd+PEO77wDvcA73AO9wDvcA73AO9wDvcA73AO9wDvcA73AO9wDvcA73AO9wDvcA73AO9wDvcA73AO9wDvcA73AO9wDvcA73AAgTRCroKWuvwpa6fSlLoKWuvwpa6fSlLoKWuvwpb78AAAE5BypFJqaKWukOQYAAAABNEKugpacgwAXQpa6/Clrp9KUugpa6/Clrp9KUugpa6/ClvvwAAAAALp9KUulMPgAAAAAAAAEtE9lnJ8t9QlAAAAAAS8VdyjAAAAS8RbyoAAl4i31AAAAAl4i31AAS8RbyoAS8ReqoogAAAAACXiL1RQAAABLxV3KMBLxFvKgAAAAAAAAAC19NLF1+UvrOX4AAF0+1XkLopYvlOw5y6faULopYuvyli6faULphTu07Zqli6Q8GLfUJCPJqaqfOXT7ShdFLE5B9HOW+oSEeALfUJAj5qF6C2VyOVdsannFp+0oXRSxdflLF0h47kAAO/tg+g57pU+cuvyli6faULopfQXSncgAW+obSVmqWPvzo5wAAAAAABnhmYAW+oW8qAAALfULfUACZ6a7eqoqR545gHR0kckec5r3RJ2yCTkHKBb+fo67KzFkpI/SNSI6OmGuJyVC31AAW+oW854yzUUWesXqyszdQt+bUBQAFvqFvqAAdHSS0ZZ4ayZokxDygEjznNe6JO2QScg5QBIkckvhaqJPYkGAAAAAABnhmYASMdbyoAAAkY631AAAsUfO1AAkZGu28446NsVldSe2WHTsECxWR0dJxkoFi+yVKLF9rgko0JGOt9QAEjHAABIx1vKgAACRjrfUACRka6Nuu60o+AAsUfNVc17dV2spL78lAWLtqBY/ldH34AAAAAAADPDMwAt9QnSCAABb6hOwQABb6hOwQAt9QnSCBe1SHCAC90Tu4QC1wfBZ6rC6Ipa6/DVUJ6BAAAAFvqE6QQAALfUJ2CAALvSOnQYgAvcFAhdqT2WcuJKBb6hOwQAAAAAAAAAzwzMALHXLeVAAAFjrlvqAABY65b6gALHXLeVACx1y3lQABY8+ncUpt1AAAHdw+r0srgFjrlvKgBZqzdapVjgbVFQAAAAAB125S7M+e70iUAB18l5sgeiu27NqApY65byoAAAAAAAAAZ4ZmAFpqwun2l/C6KWLr8pnwtVVAfT4C08EL9LmpYnO2rA+/BaasJqapnwukPBi01vV9S4Z0st0+0r6XOmfJciCXIqYhRdFLE521YXSHg5YiduvKyUkoqLlun2lC6KWLr8pYun2lC6Uz5LkQS5tgwnJili6/KWLp9pQukTAhaasLp9pQunLVQAAAAAAAAAzwzMAAZ4Z4AGeGeAAzwzMAM8MzAAGeGeABnhngAM8MzADPDMwvVF77OK7506XkAAA7ONZb89CWuc4AAAAL1Re+ziu+dOl5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM8J2yQhrTAvqRufbxvRr+dS50urma0ynF8lm6vd4KfDgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxA+/Afe9rg+bM7rQz6JeR3fbx4Fukl8/Xjqjz16BF1U1u7ihr3lFCfes41mri4Nud6c7d2JGvvycwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGeGZgAD1eq1LK7mc4fY+v0feLB5vVKZXdz5t0s1B0r6lw+VSUeh1eD4KtuyDxT0qJ84lJq6VSpzlzLQ0Tm9kzqh+t798hX8XzvVvJyeYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnhmYAAPUK5etS3Svx9CFSEixXkzKsVGR9B1TweZSEnZSBj/SZGzzfG9fF896pHZL5+9Qp9nNEXmvvTDbZLJ64ZObLa+m7hPH5osdcnmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ4ZmAAN8xALuwxHN8e3t2xpym+mufHXol4BPn9s/UxcuSsLLpjTUtu+1Ab7dSlnXIQn16+/5wJZHOLXVh1QnxAnjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ4ZmAALlHbee9OTcwv3dO/j+TybNzkt6rFBzU88FE9nHPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzwzMAAGeAAZ2oqTu5730pTjb51h5pwh11nLz8ueu8y+VrVVYL1LWeXvRPO5TvttUN6XR0jHp/mEpJX08wet1GypLFMlEWW2TXlz0uDsqC2xSQ6wxc9HE7dl3HOmxuFTbNcwAAAAAAAAAAAAAAAAAAAAAAAzwzMAAZ4Z4AE7YKEJnm4Pmvf29sKksFi89Tyerx3nK8/Y+Xyn7LdeGqC912G+16bBVHCOr0jy0ek06HWXjRTku250cexU+oYVbrB5iT1Do8nTXqGHmuFzfcaJ3S6ZWC+33SHHqOM7PUQ1PQJPKAAAAAAAAAAAAAAAAAAAAAAAzwzMAAZ4Z4ADuk7weXapLTr6OvnkN06c3BbbVPBB8chuvDio1+rsv3rir3UXULP9SmXGHnz7HfLPNR1CvNNudFxh5848oazzX2h3il3PVMb7bXnVmm+jGq5X7JN6z5lh6dX1goz73T6Ebn16NXm6u2+Tj5QsdcnkAAAAAAAAAAAAAAAAAAAAAAAZ4ZmAAM8M8ABliOvRrXrnnpTOeAxYuGWgLJjh6+yWC7+KOLRAWWKs0SOFflnkZKmHJNa7ImR66jLL9sNKmHFOcdnDx2WqS9G7hsJ9gu/qsg5rvqkufRyS96xmsnPdrxKDIAAAAAAAAAAAAAAAAAAAAAADPDMwABnhngAWG2eZTh84PuvX1pLTwb5qfs1D4Z826Umzx14zkzCYJ9qMxvzbDpieHUnKdb+OWs3So2w45mtabL35nbuSarN0qNsSKvVU47LnVMueX5fvIZ+r1zUDrS7aK7WFmZnXVYkOD7r19aS08G+an7NQ+GfN5w4gAAAAAAAAAAAAAAAAAAAAAM8MzAAGeGeAASthKSluC+rQl+ZvhWXunmgI31HVeXnfL6r5VK69lwKXr9GoFbI30jzeN/ZJT1VOKtCKr18nptnm3dZZ+Xz/is/BVe22SwJ53ttk/NefRvqOqzzFduBIDnnOaeuMSOd3Fu+zPPSktEzkAAAAAAAAAAAAAAAAAAAAAAAzwzMAAZ4Z4AHXaKYJPVwr7OrqiyTnXWE8t3xpS59Jh6cl6r152L3x1BZ6BwU5LKWugD0ulRKy1yFES2OyecC3VL4ss8nRRe+7zZLd+OqLLnvoqXbKQy+vs5cTjLTtMN9nGTzgAAAAAAAAAAAAAAAAAAAAAAM8MzAAGeGeABnao+wFQ55Pm19bZx7e2a383RYp83po92r14Wv7lmtQqt54c2UjuyZ3nHy71isZsDdqldTTAWSEspXpdfnopN8pFgaw47dQNZ6pnisBVrZ86MahoqQk9Zr8VZcVhYvVKvqR+xx3Oyx8E9OVI1z0DPEAAAAAAAAAAAAAAAAAAAAAAAzwzMAAZ4Z4AA7ji+dGq9MHXzy4JDgc/i47rml/b9ploacgzZrvtWqLXnYUIRnhfaJWK+chTk5BwXHdZSHoUctOTnFHJrs8cR
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink