adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5e5709a4-8850-453e-9f11-275a0a0a020f.json

308 lines
3.6 MiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5e5709a4-8850-453e-9f11-275a0a0a020f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2021-05-24T10:04:30.000Z",
"modified": "2021-05-24T10:04:30.000Z",
"name": "laskowski-tech.com",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5e5709a4-8850-453e-9f11-275a0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2021-05-24T10:04:30.000Z",
"modified": "2021-05-24T10:04:30.000Z",
"name": "Racoon Stealer",
"published": "2020-07-02T05:50:25Z",
"object_refs": [
"indicator--5e5868bc-0fe0-4390-80ab-d3b874656a8a",
"indicator--5e5868bc-1560-4807-9a76-d3b874656a8a",
"indicator--5e5868bc-0900-4886-9566-d3b874656a8a",
"indicator--5e5868bc-ea68-441d-a83a-d3b874656a8a",
"observed-data--5e5868bd-1fdc-4ee8-a3ea-d3d374656a8a",
"domain-name--5e5868bd-1fdc-4ee8-a3ea-d3d374656a8a",
"observed-data--5e5868fd-03b8-4af4-8b39-8add0a0a020f",
"url--5e5868fd-03b8-4af4-8b39-8add0a0a020f",
"indicator--5e5709b9-16d8-46eb-ab16-275d0a0a020f",
"indicator--5e5709ca-9564-4380-bee4-275a0a0a020f",
"indicator--5e570b34-1438-42ee-98d1-275a0a0a020f",
"indicator--5e586338-8820-458f-86a8-8add0a0a020f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"keylogger/infostealer",
"racoon",
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"",
"misp-galaxy:mitre-attack-pattern=\"PowerShell - T1086\"",
"misp-galaxy:mitre-attack-pattern=\"Command-Line Interface - T1059\"",
"misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\"",
"misp-galaxy:mitre-attack-pattern=\"Remote File Copy - T1105\"",
"misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"",
"misp-galaxy:mitre-attack-pattern=\"Data Compressed - T1002\"",
"misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"",
"misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e5868bc-0fe0-4390-80ab-d3b874656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-28T01:19:32.000Z",
"modified": "2020-02-28T01:19:32.000Z",
"pattern": "[url:value = 'http://35.228.134.218/gate/libs.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-28T01:19:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Delivery"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e5868bc-1560-4807-9a76-d3b874656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-28T01:19:32.000Z",
"modified": "2020-02-28T01:19:32.000Z",
"pattern": "[url:value = 'http://35.228.134.218/gate/sqlite3.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-28T01:19:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Delivery"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e5868bc-0900-4886-9566-d3b874656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-28T01:19:08.000Z",
"modified": "2020-02-28T01:19:08.000Z",
"pattern": "[url:value = 'http://35.228.134.218/gate/log.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-28T01:19:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"kill-chain:Actions on Objectives"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e5868bc-ea68-441d-a83a-d3b874656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-28T01:19:19.000Z",
"modified": "2020-02-28T01:19:19.000Z",
"pattern": "[url:value = 'http://109.201.143.181/1B5F/raccc_1B5F.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-28T01:19:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Delivery"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e5868bd-1fdc-4ee8-a3ea-d3d374656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-28T01:11:25.000Z",
"modified": "2020-02-28T01:11:25.000Z",
"first_observed": "2020-02-28T01:11:25Z",
"last_observed": "2020-02-28T01:11:25Z",
"number_observed": 1,
"object_refs": [
"domain-name--5e5868bd-1fdc-4ee8-a3ea-d3d374656a8a"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5e5868bd-1fdc-4ee8-a3ea-d3d374656a8a",
"value": "doc-0s-24-docs.googleusercontent.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e5868fd-03b8-4af4-8b39-8add0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-28T01:12:29.000Z",
"modified": "2020-02-28T01:12:29.000Z",
"first_observed": "2020-02-28T01:12:29Z",
"last_observed": "2020-02-28T01:12:29Z",
"number_observed": 1,
"object_refs": [
"url--5e5868fd-03b8-4af4-8b39-8add0a0a020f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5e5868fd-03b8-4af4-8b39-8add0a0a020f",
"value": "https://laskowski-tech.com/2020/02/28/definitely-racoon-this-time/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e5709b9-16d8-46eb-ab16-275d0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-28T01:18:50.000Z",
"modified": "2020-02-28T01:18:50.000Z",
"pattern": "[file:hashes.MD5 = '28c643a1f69f9fca9481a4bc9f3f38f3' AND file:hashes.SHA1 = '904afe59f6438848be96fd26fdeab01267070d25' AND file:hashes.SHA256 = '4478328408cf3c38b356eed6e86171a5c879663d79867c2b55ec8a0538d7588d' AND file:name = 'raccc_1B5F.exe' AND file:size = '53248' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIALcBW1DtR9L8alIAAADQAAAgABwAMjhjNjQzYTFmNjlmOWZjYTk0ODFhNGJjOWYzZjM4ZjNVVAkAA7kJV165CVdedXgLAAEEIQAAAAQhAAAAiJy2MpPdZzlQuIXOSmGRkuuwanLHrUCG95VYpdQ9yim69tPE13Cn8JHLV38IgWwmK3PpBE673nh1rM0vzUKoaEWuzALy7c4rEVAI0T8jkKU3iFgexNupDWDz6M3J7GWNbEM6zLIRy4lXUZFFlsZOYIOQfjD2Dkq5pDsrI3cTK+piqZkX4ZuOZpq1FaMP0fjD0GC2OKs7auV9e4oLP20sMm7Duuox22SZhtgpPcAoDibEeUtJN5V8fkNp/j9j9IqwqYQMdT7UhVN9dnA+sw1Pw3QjJSO5sDVdUt2yb/M8qc0K2TCr3R6/0XMKHn1LFIJugmLOoWvnjO1TtqYXD2yTEDJunl6gIeFvcxn3ZzYsD4qRmOBa6nzpErGAzzXGEbMfNdQzICCEZCvKOIQJKqU0Wdw37O/bGzPhG/B7LRqQsZPrRfePwEKyXWoOymhzo3fMhvHTWB8ZTvX6u8DwazQg+6CsfAVN0uLgCoBQe/qyXbWBhtK7Ld37o8zmefQcmxbcoDMo2Et6y8p9kjLSRky69sTOWsld9g82tGhEDWjxRVcf8M/u6o5cZ7ubFsxwyib5BoRH/wW8q1A9iEIWFbLMDXq/mAGeSLI9JK6xHIrgvfEVzcKeLXkFiovVfnOkqW7EYzkEGabbfH5qZqKb7e7lUOh5mdL45INktPGWJjqh5OciTKt+5wfYJpuHcpGVfNYRLOjdtPA4hORZSoy42zRKxhDq4T+ZtANNPdRQcdFz7rFGtna3Pb6hvONE6nqlf7im91KP/nuPzWjT6OO38atBCJ87mnYTP6SK77TzKltmGHiaO31GF2AUEXYf8QhPZ4PmBlZGWT1HJeVxqw2NGTmxJFdRotbBmGqnSs3n8wi8RGN0orFUOHRRWYcFncECJoUYdy++PgMZ8ehBokvitz+vMJ+OdYcpmjVXWzUn+vfB9yLVrffb6rL7DkPY8P5yRiyYKyDxbYLI80qWwu5nlpvV225I9t/oYCQIOT9GtW0vhSgeMPjNnPiO+JKQlgbuFTmQciac02FtMlljfbcY5HjvytAPGtzLtyV7PKSifCBmVNrFvP4RN8O7Jw0TtYH032zFkj4GUH1R42kogYcpVnjj5meR5FhpLbkO3eZGZI4ynNWJWIUdLyURPHAwxuZ+K3++UwbAGDaPpxO+01IZbsKHRT/G4uVFbbKHNfKUWiQAkSIKdKKB1WiImp7yQcelCxXAwB5/CaiPs8cn3ASHkmfnXoaAF4nksKD3Am+2D4Z+gMDY1fJo10z31mQUmFEhZPzWS2acc6YH9Z3zMwroZa+wo1d9gAWoPuP/jafnkE2rrUblbK/yz+o1c5Q02pR243YbM7M2Cl5yerIg8EQpGMFanjafgXPyVCvZhkZD3tXN3/ORP2HpL1lwbwzTNdVbA0qBPlQ+UWbL1u8TYHpDNge3B+Bctww6sfc5wyVWhoI02SzoDscg8wGbZXSK8WXKxiLTx2ZZF7sD2R+uGEAeYeqHvyekOK6So4B+cH8Tv2bapHSq7wO68AtBTwYvZ4+DT/v2NaO5rURg99OFnrBzshFK58paNEChv3P4ufX2z/5P2IG8nu3Cj3TeGnXwaE1UV3OitPuQYeFmnU92UfAxz7artVnCj5eVJ8eXyRUZha8j45ds0bS1p0FWo2asv4rsEwPVRoSakpjBiyloTz0AmZgOwgJrYS39+xR2QZD3UCJnyfBpds2ji+N+BOSc3HMvzg8c52KcN4k0x2izS4t7sVPI8IJOXZBDpVsIRFeVXnV12KukVsrZwtVgM6GhRfagnPKOb9SNxQLwy9lLMjLj32XHLYMGVgzyDqy6cVEG6Si3p3jHVZNkXrRdg7Yzvj4LWuFAxrOdcCDAn3sfmdbWkh7DD8Ixdcx/9UbX5BpERdmDc6+doSz3/vEcCGuPJBk+TQOQxiwT2gFSJAPlyixUPPnoC/UVJGac1lYzRK5BcHb+X7ZG3f3fqWm8iGyy++qb8pEALiMeWxwV7Q5551qsigD0A+V6ObDelp53h18Y362RMLJ2lCSjhluKvcyNvYoq7Y3hmjzBYqIR5Hgyuw89t3fPw0yYlpsVQ4v2UMrSgm+tmgg1QKhhix+nfkh3JuhawsWWWlpoQQ9tYrmONlXCR/T6vCkZTaEjhoOIFBrb7Xm75CBqnQa/4tGG2PG6tXsbtoUdNEuaerckoFbyOE1niEmuUESw3qb0YCs4QmqhVaGXbz0LG8jjF/5k9qWuOzJ43q4voo0IwpB3fRbCm1FVchSTyf0yRhhzZd9GvcYP6vLKu/tCpIoRLhelG11arKbb8L9BkFJzy2v9O4FGSEgn5ZfdZgNPx2yAzCsXNUxFhl3zZc1oJFFLoA6jYxwVBqL4BpE+k0kVVi2sOPvWT9xMFzuQzl5+suuhwgr5FxPkEZ/iI0J96iDipvVb6eU4mI7dR3G/yzPD0UNIjLmb24mwJ1RknW2K7HdqS/tZjZpv+bDgYoSCZqcbtrbseOtoS4aXeYazZpS36FacVb2mKRpOFbjAMAoVpRFXF+DjwD0GPyIRqJSLYKUGlj1srIGpAk4tG3Q2GFTQffNEM1PblS6uWlR6+dn51Vx3p4wBULXJqZnsyTNFR30j4YwuyVoaco9b/YSj6rl4kkg5xt91b7b9YWhaTVYdvjH8N5yaiBqyXl8Ih+FdJUheDeY5Y4suL/kXuuyOYoRrZCLuqg8IiQN2lIpf97WK4kzEGSMV/eO/kSqdwpqgp5Rddb2329K4Zr5G0kPNXMCvMlCtL477SF8qStMECyCQKebhgwh2uFNME9V8x5DbBxj+tisYCuRkilW+OX32cyzLN9BPl5iTBnitz4N773Akx+UqdCqo//XtdLG42KyX/z2g4MVfZ652M78u4hnjjgmjoMt7+Cty7lccy7eQHjOBjrIPEdp5IgYbJYNrMJzzi1W2TSaK5GYwgrXu2O6n75jXr3rs68X8/5xfWcAx3a79ETQbczQerDREVjqKbIXHwVbHgTGHMkr+ZOa4AoC9DlQHXyx/LVBTVNjSZGBGFO2r8ErX8i8rcWfQeb4j2lg0IWD5AsnerrkKGqfRI7DnpDNkHigYyfqqyQnmZN6IVQfnIm9h5wsaYHyKGus4sDopgK348rDJDZIAK6ZkwCeFK/DFpWVoZSCSihiPuqVYVCx/zh+tqsuHF26VB176NVkE3XWC4t4Gyo/7m1nlicdyjCr2n8Fd1z8VEKs9BwiG8q1b3fHx00S4bzNz+bMbXNrYmlBQqFIEgJSZrurhm4WMF4SH/anrrCXBiaKHTzEzqNY9JU/6ou2Pz8mabypOhL9FhR5/uqgGv7QWpl3G2JIW6/i/z/gGt5hGIG3S27sPUwXxzwQG0RbwezqQKK2+yBiIsbgKP+qHf/B+PrHHQLgeSXg0pFYmQ6IbSC2hhgDJGcb+fqLDkl8oUL+gWVCZri7G2mJiZ1wf9IZPMGRH+sQXVKBXfHWlGynHkTDt5xcdm0i5Ckpj3dMp+QENsLGNmBf7mI+DJSz+sb7fTmft6iFoPpXy7uOHqZKZOGKowM0hMrVH+kadMrsf8BpJWUHREkGbIzNknvrn29QopM/UONzAzetcoL83HnqJ1o277hdZpC2SmUBXyLXW6hXAtjnw5BYNYcjB/l8+f63wqYKmz
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-28T01:18:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\"",
"kill-chain:Installation"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e5709ca-9564-4380-bee4-275a0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-28T01:20:03.000Z",
"modified": "2020-02-28T01:20:03.000Z",
"pattern": "[file:hashes.MD5 = '6ffe0b3009316720968139c02ae06aa2' AND file:hashes.SHA1 = 'c6d85ab5723e37dc81f8662d066e6260f76cad0f' AND file:hashes.SHA256 = '40543a9b3f82e8321f21206489245abdd565d3d7c8bfaea9241506a4176a4504' AND file:name = 'hrjytrj.cmd' AND file:size = '20' AND (file:content_ref.payload_bin = 'UEsDBAoACQAAAMEBW1CeHkZWIAAAABQAAAAgABwANmZmZTBiMzAwOTMxNjcyMDk2ODEzOWMwMmFlMDZhYTJVVAkAA8oJV17KCVdedXgLAAEEIQAAAAQhAAAA69GQvedCA7qMU6mfCHy3d7XwGK8o2a10KDdYInTwxphQSwcInh5GViAAAAAUAAAAUEsDBAoACQAAAMEBW1B0OMEUFwAAAAsAAAAtABwANmZmZTBiMzAwOTMxNjcyMDk2ODEzOWMwMmFlMDZhYTIuZmlsZW5hbWUudHh0VVQJAAPKCVdeyglXXnV4CwABBCEAAAAEIQAAAI4XI0cNxSlmFbI9I7/LP+GVEZ6g6UgRUEsHCHQ4wRQXAAAACwAAAFBLAQIeAwoACQAAAMEBW1CeHkZWIAAAABQAAAAgABgAAAAAAAEAAACkgQAAAAA2ZmZlMGIzMDA5MzE2NzIwOTY4MTM5YzAyYWUwNmFhMlVUBQADyglXXnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAAMEBW1B0OMEUFwAAAAsAAAAtABgAAAAAAAEAAACkgYoAAAA2ZmZlMGIzMDA5MzE2NzIwOTY4MTM5YzAyYWUwNmFhMi5maWxlbmFtZS50eHRVVAUAA8oJV151eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAGAEAAAAA' AND file:content_ref.x_misp_filename = 'hrjytrj.cmd' AND file:content_ref.hashes.MD5 = '6ffe0b3009316720968139c02ae06aa2' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-28T01:20:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\"",
"kill-chain:Installation"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e570b34-1438-42ee-98d1-275a0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-28T01:18:37.000Z",
"modified": "2020-02-28T01:18:37.000Z",
"pattern": "[file:hashes.MD5 = 'c1847a04d79f0c84a88dfc2f556e5acb' AND file:hashes.SHA1 = 'b05a8cfc70d8ea97d1127feafac6c40320d4dd52' AND file:hashes.SHA256 = 'f002c889dc7fffee97cfc41b25c1b27bb65704ca0c71a320a9ff58d95ba4131c' AND file:name = 'BANK.doc' AND file:size = '245354' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAIICW1CIu8labV0AAGq+AwAgABwAYzE4NDdhMDRkNzlmMGM4NGE4OGRmYzJmNTU2ZTVhY2JVVAkAAzQLV140C1dedXgLAAEEIQAAAAQhAAAAYlxpCiKfLcPL3LOK2kmRmYOxMnYesXaqZwLglu7Q3xau0Eo4JZ5Q6CMPxFF9jG70EBxt12AEUC5AVRXaCDp24kBZN0xAnTTwbSy8abNEHuseWCcNaqwrC9PRmXPjA/93uG2zQ61B3XXChE+Cg3JmD1CfE7k+prfZ+eZ3MvtSmxJfpcljREyDiu/deqBMqAR/NRyy9TSzIiTnaxB3nJx9e1G5FakePeNrn/p+9I3m7/h9xLhHYgzgtweEkUgb0YafgdHnFrceyG63o32xa1HfnIiXtSVPWwOl6YFdtz4blPngiLI/ZWvfK3KeWxYNNkYjMmx+t0XYnNiA/K+65+tDcC7MMll9apwrGiPcjpwm97hBeSvEipPbOmP8OwEaukt7Wl1avGKz7yH3BGFLxacwfldJNkoXbeGjh5HLy0YzfXtGZztg80BNRPuFCssPFfGN++LIMzG3UjsbkxnerZbH9NXTI0s9ilXm8WJ8UZalaOie6DxFFg9rgyz7T7u68pam3+GmK8egZ3xP6/x+D/tQxwCn7X1Xm64sKzDuM7MxoSZIP0jWh/czZvvCaVpqzhZipToBgU/uKNzLzdZZoydyTRn+zandNfwqi8RnR4ZylkmdLsy/2DEv9iNBvVDyb3uUpvRe0qlgYv8rMOYfJ5QT6sQ3xE5P9npGGfN2TIclu20s4/ajlp+pn1afRCyAfaB7qJFxsX3xaukrBcKDWGL7IReEfklRc4RxeBDPP3x4pLHerzPWwT3pbAc7SOFqMT+MNNVu7kjb+QOL+bvIs4m49uDt54Jpvx5lvqcgw0Jji8HdcyXNbuWamUI3NCP+OrCh1jmXXSKR0XtdssraL7o7e3JRgS615RRMzKwiFPJPQrcRSbvIWxlt7b1GoYdEY9El2YvHeuCDgFfCuku+knx5jKd4R3ijhzL8wxP43uoXesWFH2uXQBJZqkiWsOS/gWeVHuAMh5PXzw3PnfFliikAz8lftJ9AYotX5z5NpjysTcBnYgc+R4uUfsaoz06dyzC6K46Jcs/N0+/nDKspcRZYmBtN9sK8D+7jvNDkiv4tHnZadLLi06v8C5B8QKfnmUy9j5B1GTEf237k95/de29wbI1usS42aC95cGUaSo4tm53dRsgPMqyArEqVEKs27X0elyYDwVoQ0PTLNmn/JrEhvEzpu/72zL9PPdbPNjW02XavKUkYGhE5Ya1/y+DelxeVZJxcoiRJVSnI/48YLTiva3hXZRQc9CdQ1JmI7YwiBP/NojxYUgKfOKwOb+tn4dt98UYW7D6WZvBhC9JGF3tT8R7Fcwp0PEAqFn7LWrhnFhJsRIQWP/XxZxB+0LlvRXoCA/xHrsP286WxHK2XSFnVctcqcbqS+HNX8MLHLT4l3qEuekTRJ82cN+op2/7xEK6ixFm4bnAXzRm4N3IbMsB8DFh80k6vTCPXFeMXqau81EMW6kc0/uzCMMyg9p1TGR3ymG0KzuzGy1WUy0iJUl89iQ+TZD5qKIiw5TE5AMuy2o7jAhUZ9JRQFUTn4/kG+QJ9VBy+2rUwXI9py4Kh8WZuC/yNc3sK28eSwxOjZVMT3FBItjDNS3Zc5qUbz+IS9eeXhOOEghnTBTxWMFHnYnzMQTq6tueZMvVOUDmqLJ3qw+YPe1yMd49OFDiP3h45To3+5b15En+wuI7Z1W3wcq2r0n9GDT6t551O9hHwvMFZTNA8Fsk/9KzKQFK6e5kxESPYEej/dcnS6Ubc5nsR3ncCpQTqjV33v7kw5VE9mN19Tsj+vASSwi/f7v2J9irSusq3lB4761illJONbP8E0Xhfyt68ZkGU4GLJm304jxmRhM4mkwCSVvFH2H0vqcgBFtnIxaDfjcLL0xZX5YWCPdAD+HDE0+Nv7CBnTZHZsA1+G5lrUFAWXnyRFEjeHVu/KFX9/ifOFd+RfbRgfsA3PunLHPm6iEbxl9rTQzrpVJlw92RRRaILheziNkrm5Ht31CMSpVkStYpK2/NCXBlCQiitJkrBfUqXD1QQxrcnB6YXiJERmOBQhvCYUWa+POzlC9fZ1HNyClfQQQLJsmqusoSyUXRDF2iItMfNORpekMU5N/6Pz6ZG+nTm/yeVHekRA4yQs/IKnboWV0UQUgXacLHS/PILbQaZQtUYKpbUbk6szSz1L9j7r5r8h6VXp/rBEkd9MAU9xhAslC/kcOA79pBj6cYsQ7r3M4999n6D7PfqvF0yShNXe0ITbrLSMuoFYR0rGDScJkgpjYLvVq653BTLzA5TkFpNJP7Psff6uVLHqmWDhF79keSF4ZNOLk49tLYNRNiocgh2LqYQUfqdkMZYUoajylGg0ArzuDYQlIDMbwj8R9oPqLRMuTy37WNFwHofWJOs/D6GuRvNOuY9Knk1zVgc8THM1W8qbjmdHNQPH/ctV1rARMQXQIZlNtg5s+KaLPg7oBv6BLpi52If3YgNXKUBLOy6d4qa9ne5aDaG/Q7LUY6OvsO/M161mT61A5vPyXkQh+9FrYOMuQBHQkR9sba2cDwhXP1D+sc4duGNfZztySTpFhbhBIZz5AG3lkjOzwampdjHNzVSeUZuVijDAFs47VPSZ8HlRrMnazeIjVZaSwbjTaOHI/pe/CISr76ysUTMChLjilVowJj0l+DTebXaqxlUL40WQCdh8sam4jbLX+VXdU5bQlWxckKwl0eO/dOy9P6Wz7xCaUxJsKWpzuhoX6MUTLrMATuNEsMKpGqVYnGwdbxqJicdBDTAfDwSFW5shhvyA2qSUUarWUkrPo5toe78tB4Z2KM7dcY8ZLyh6bJXIEStoTihBjPKsArO5/6ufvpzn1naY8FgKf/MJ5vZqmpsqwE8MT1LKWZhZHhzUeM4lKpKiBiXyxe1SdUNjTUFPv2GLb6iEQetYOcOGw6Fa5TQOlako1p/RwN1pnISSa7nqGgy4Pr0ihlvm8y+VtEoEIiVTxA6BuHDhFQOmq/nDoYpUTeHVQ3AZVMXtgmEsYc/ri+iaPrjvEBI7IKEdxav0OKv0ATVV62jcSW1kRibB1LEDVZjHEiRvZKzcvqfLpJL2TuvFQRaaY37Ui4IGIprxtQ62KKQeEbc/QcU855Pek4XVsg4C3piw0UBD843Mxg9IAVUvUK4SZNW5xZbZkpUi8NOcbsk3BRs+M/5Pu3A/GAWrPE1qtMFn9mWNxYRUqmHBZvIj8ew2Z9Sa4bwONqeKJVORQ9qeZoXMOTQvylgi74MZfVOKTvttZGcUKi3OXLxALYGxdJ+vxgD2B1ZbSAzCjuqSJ6xr2HGE9Sw+7pO3uimr+E3d0mDXQt6P5dm0Fg37u9gv6ZEIZ6vLWwqmbwIIdex6Xxf4GqboQ7f4dgFd07O2N4BCg9o9PcBlMfzCR+T3rtRDoPXG9NalRJEtMRhM7Io97C5SNUD/Q0F8BaX4h9V7DI8Rs0a7B9LyZ1jUVYcTFa38IUENwIER2Kf/T5d3CmajboAonaciQAFJm6fa23bQo9H6K36N8T6Pn37ZdYIlAJwKG/h376RbIjqvZyDzh7kYPxlmjV4XZd4bRaAL5hk+VtrcN2Jh11OashKd8jZWuKw84uB7uMk2r7zK4yf9qTTpSqVjpUmdrx7DE7nNMym5wuRfIflJeooKKJAuGoJljEiu6vxTWl5yur2Le
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-28T01:18:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\"",
"kill-chain:Delivery"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e586338-8820-458f-86a8-8add0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-02-28T00:47:52.000Z",
"modified": "2020-02-28T00:47:52.000Z",
"pattern": "[file:hashes.MD5 = '1117cd347d09c43c1f2079439056ada3' AND file:hashes.SHA1 = '93c2ce5fc4924314318554e131cfbcd119f01ab6' AND file:hashes.SHA256 = '4cfada7eb51a6c0cb26283f9c86784b2b2587c59c46a5d3dc0f06cad2c55ee97' AND file:name = 'libs.zip' AND file:size = '2828315' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAPoFXFB+vUYIJ+IqABsoKwAgABwAMTExN2NkMzQ3ZDA5YzQzYzFmMjA3OTQzOTA1NmFkYTNVVAkAAzhjWF44Y1hedXgLAAEEIQAAAAQhAAAAPmvWvRRePoF5DiJTT8A8k4Dfm0IUxVTxjS5UX06EF1i1OuOcC8qS32J4Kk9OjNpZOdvGWnLZoUBfo3R77UKIBiaEIhnQFsbtZUoMwNzr4T1P6JlXE8y8aHiL1N4G57es1BpJVK9SFi+JPtcxCQa0YgygiPa7kYxccLWvKQ4EUSxIDJlb/PpXM+a34FM+l+2LavxRowFwEYdIxlFqvlA08ygxdQA8vjAR9L3DCGCDz351TTFdQ219IzSmYKgtSurSvx2OjpX5zfWNjXhLBHbJ2C+KNWTH8tZTOUr4rSVyB5cX7FacmM9lH1zuZu9YzviGNAeq/ENzY0O01xoPrZ/7HgxOdaNOXSNMIew7VjBeYcu+BDBeWhM9ZuQN+4wfqyMSHKlbT3imDlz+LGTRUCYHWkhrfxoTpI2eKrRlJlocNGS+yuzKI7mSEgQ41kQe2fSA44oZV6iX3RLJ45tE0s4wj7UwvfYLTDb1qHoF0iQGTdo28HN93suuU0tBDY3cNqLXfjr1dxOX+sEApFI0twqjFoEGVxudBmxENWUqGzW3Ga0tws/G5hSxfdUUH+Prl/XQ3mKwla+0HQNwP3SswkPZbEcj9ZsyB2Js0+VNZQ8uqbfRbOjzVC0sZZmjscZnLKZcRdH3m1G3g88bz4paBALoNuVfURX1D+j/324617BhN0/zNd4qY7CwkM+2QKLwgDR9HCBGUl+N6B2H8YpSnpDDohjDlP7pDQ6xRA1e+8P4w//NzfflkIsx356tupoXuwuFDyVFszO8LgVlV5o8oh29g1WribBbPAkFXKeubDYMYoqrwRaJiIYyf+Fm+Rv3GtgTtb2A1wpNsbYGi8YAZIwdE/JY5Np6p6cZlygZtTIYwFufzSfnt3OIcir7d8EiriLY3q1SaL1hmuD/XdIKNyXha22c1BZmxLkdID6jon/waAavpxrrywoT4PtKPGM8ZUOzrWygAu/1FuL9RVkCGzUo43ptEnJScwT0PhmRPsEceI+xqyJC02PTXI52Ydtx+vJvFQ3zPH0OVETsK8o3N0x3rZmDkLvSWicjCG41axk0h44G2V2TDAc5oOl/kD+uGS8NndZ+zlTrfWPeYk1siEp9IRAlZgFF/xncnfjkKG4YW3M+JdGCx1k8edwvIUfcaN3U7QY3W9s8fxwqW4cJErnNurrRRzA35buXWwtK12kJIiuVTB+3wfGf5OJmknsfalLTltHcih2BcA3qFUj2UsiNvjoIOtWPxZt6mevmU201pHYMA6+Mz8NwQcqMce5Kz8Rvv0H1jeJnl7VF+j1SJwo7jE0QxDMRbnPmb0eQavAJ9nRrss27gTkazNudvC7Lomz8L29NuxyNigfeNzvEwtm41srzXq7yJwB/GSCB69sHV5MqsEf4BnDauTGt+0iKRKSq/7LiTgbb7jFEbH23IXHrr0oAPBm8RbJUXzZrz+Xh4d7dhAtCYYRrtotbCXfCPVqy838qrmyjkzndSh8j3HXE5aA7qlqwi2oWwOn0xTn3ftyZOU/Rvyb24H1gYQatucJGd9rdTCr+U1S/Pz1S2NguqZ7v1YQ/HBVZm1gdK7CWxhwK/+IbB2PCZ/MaI4C9rulBoirpVgaSrkcwh4xdRJ8iNIFYfkVza3YDqNQ2L4TzdcWTu2GTgVXURgyny7VxZGmnJI2kACD6SQ3ywYoB9ETiR7pApE4IIA8O84Yqui2vhXhKrWleqYgISAap70suBP8L3678ZrZkyNV4F2+VPuJntE1KGM1fkVmSclwFFLTSDJxUwp7O1/0suAbDaG4yCzS5XVM+iOMUD7U/PEjZy4odWQ9jf6SUz9crCvbXpaU5N0UWuOHVC+rtvms5lkq6+m4aBBE6vbsp3/jGDwr7hwPiezxGOCi4TH3DC5UmlSh3VbZWD1ELK28JA+Ny8CMW3G18tqnUPJlgog+FUDUGGv0Y7Ng7i5KQEpKXWyZeWAkqiMZ+5bjTV1yYFb7dIlCey26WfNog3zNFBuutglRAC+oHT8AW3YD0EMJu3/Z1V5hAVmJ4Qjq3YAopr7U8m2SvXPGYalafkXTvTXX5t/ke6PVFlY0EmdhZOX8YEx3K3M3oqNkfbkSbnXCaxg0s28LKir90gxyeCi906GXv2DnJIXirhFqPIke3QGgxaF7Cwr4OOnH86gvxmBJS3J9RslvmLz37pac07BNXRU/of1lCwharK22RW2xK7ZetqjMA6LJt96bD7rOAdy2hlfyDar3W3u8+kd3iniApGL64twgS+Ucw13JpSU8m1U/WS/aVHa7bsUGVmXPUFdGnSmy3dmW7k+1ldSrUk248VdOA65I2DCRbXHDZlzEQNpZBcmy02Ym5ApeK6eSQMOfzldNOwCb9CPzIxoxgWKDzDExUWEDGrgcyN2Pvq5KCO4qxYbruSvztn8yAPNTSk73eqhliN3qMJAiWxoIs93FtcCqXP9mv2i/fClJUeBDHeEou61j5KD58DKqtylEM2frHCJeUWOMtOfeOm0PTFky4hpHa3DEGXvYLlQR6lnnhLWd4865S+YK2nvliCipRdr9/NIpydKspTXSIqZ58Q6WzMqdkxS75STiQj5XWt+Etju95F4q+/QdX8jzUogvzstVF+77vpByG4xMlF6GCUWAuEaaxXvld0CjS3BGhbINw2XYAuWMfnhe+lTXs7qK/LlnMKV6Hravu44gX503pGsz8HcqptkmJC6F3chm8hy/fixY/zUvqwH6cl8sjNMvJ2VQ5fHqAhOBDterWMxtg7x5EO+5D7ggMREQUydZiHsG0DaB7Z5eGubiUBSxevliYbwTuU8M+eXkbhGuVuXZ5iOrb9I8n8xOSKwtc5RFndFiRnTwk9ib6GwjdTxu32SHE+0wkBIPaskDypCFgrUtMvUk9hFLUAQghmdh/r9IHW+PfTeR2XZPWPbJy4zclcfv9+M1taov7hK9SsMuKXSxKvQGtVps4vy9EGd8+IDEzAUMHkvrAzPDNiTsr54NxVdvtNNt5yxq6OW69CV0DgiCoO5NJy2chxUcHphhk/Mj/Obz+dp6y1yHzZe6fMlag+0AXoLwk4q9kPObd9J/yMuciAmCsCJS4Z3z/cXzxZcEJzAaWq/F0xclBSQ0BpStfvI2L8qTBXVgWzhGM4Yrl4SLHacln3VgMj6qDMchVJHAZe4WAtVkm+1NpdehDeOtHqjkpQSfsaFU3iqf3gLtaBv7ATbcH9NbRGhD5N7Zvk5qYicrKz0PiB3K6yCfXT1joTfOCMHIrG37ELEOhqMdhzxl/TDUCgHIQAI8fz4NYRP8UGoiMLzx6vauXL2ngcZ8xPisrUOkxBzd5eWQ0Ez1xZFELBKxC6Pu4SWAciKniazmapL1g8epHf+6Rrj50I1wrtjOEecRCICAAv1fWSNncgWfYdKgKewYcYkz/uk2a42zV2KFRc7lqkgx/t3MvDwQF8RmutzMD+2GQqsds6Pac7NyH9+zjit91+K4uTMywYlYW3OGNY3CU0N61md+py0wTJbbE3nqFOLXxZS2n5AroxDyNZuypIvJGKP0HgWgBKBYMtPX6Du5KRS6pSEk6DRV1QwQO4xdtVAtcqfDT31fI1FW3oyf5HevkZFggJVB9g4U7sYDpoYiOXcYK/3FCAgFoFIfj2xuB09X4NdUkYNxlu
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-28T00:47:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink