2023-12-14 14:30:15 +00:00
{
"type" : "bundle" ,
"id" : "bundle--68690840-5104-4c1a-9223-6d0a35c52704" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-06-22T07:47:34.000Z" ,
"modified" : "2023-06-22T07:47:34.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--68690840-5104-4c1a-9223-6d0a35c52704" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-06-22T07:47:34.000Z" ,
"modified" : "2023-06-22T07:47:34.000Z" ,
"name" : "APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations" ,
"published" : "2023-06-22T07:57:26Z" ,
"object_refs" : [
"x-misp-object--aba4257b-3b16-4a30-bcd7-add927143513" ,
"indicator--cf25b2dc-798c-4c8e-8354-5b1ccda8da86" ,
"indicator--eee5fbac-5daf-49ee-9962-5f011775f0a2" ,
"indicator--6062ab98-a092-44b8-8c25-c237b2c2bb03" ,
"indicator--b8010d27-ff96-4971-a652-4c16e1d96002" ,
"indicator--c45bfa39-cf7d-46cf-9452-d0df78df2bf5" ,
"indicator--84d55547-c836-4111-aa5a-cc3ff9219944" ,
"indicator--5bb63a7a-9e7f-43f2-8765-9d089b663dfc" ,
"indicator--bde359de-47f5-4db2-83f0-3e623af55269" ,
"indicator--c3ddff3a-02e2-43b0-b47e-f6d7a90eee03" ,
"indicator--1f404ef9-7677-4102-baf8-24caf174a7cc" ,
"indicator--ff14f879-8af3-4abf-8344-17f13f5a751e" ,
"indicator--f7c4ab60-f8ad-4dde-a129-47f1f72d79e0" ,
"indicator--47c21f0e-cde1-43ae-bbd6-7c05f2699661" ,
"indicator--22e220fa-ca7f-4abe-94c4-9cb42137c7f8" ,
"indicator--34253556-8ba3-47fa-8013-d74d287cf421" ,
"indicator--aca63f0b-b7e4-4544-aed9-80aaade560a9" ,
"indicator--616a09f0-4cc8-4227-bbb4-cb6917ded2bd" ,
"indicator--30576e97-c3c7-46c0-bb30-19680e264b68" ,
"indicator--f6f6f14b-0a83-4e29-97c8-9f87fb1dc069" ,
"indicator--928dbc59-8047-4bd4-998f-3d8c42e3394a" ,
"indicator--7bc0d36a-4e73-4b6b-82ac-b4864d0b0e9c" ,
"indicator--24d17de4-31cf-4967-bc99-6c1dbba3be40" ,
"indicator--dd10a976-80d6-4adb-b410-154fefab83ae" ,
"indicator--6fd830c7-4a8f-446b-b6e9-044bed661a3b" ,
"indicator--5dcbec94-42d4-4bbc-950c-8c5713dff1c1" ,
"indicator--09d48190-3b5d-4e3c-b1a8-38920340b253" ,
"indicator--78168392-f363-4089-b3dc-3f208519fdbd" ,
"indicator--44f8931b-cf23-47ec-b023-2fdfa8114ff0" ,
"indicator--6ae69ae1-d8cd-4dda-b507-82bde00357ca" ,
"indicator--68119593-c328-4af6-8508-2bc78be34b32" ,
"indicator--103fb4e3-f3c2-4ab5-b752-3d7e64aa8b0b" ,
"indicator--ac5e133b-8054-4762-ada5-fe64b83e2e85" ,
"indicator--1125ef0c-0e3f-4183-8ba8-a77b836cfb6a" ,
"indicator--175ff6d0-358c-4cb2-9d28-3501843840f8" ,
"indicator--8a6edbf1-a471-46aa-8235-42b46413b5f0" ,
"indicator--dedfbe89-65c0-4038-b3f7-fd8ad142f2a7" ,
"indicator--a57ffcff-8a78-4a9b-98b5-86b92b18f452" ,
"indicator--ebe523ea-7abc-46e4-ad9a-45c2ed6cc5b0" ,
"indicator--80f6cb75-2c92-421d-aef9-ed23072da4a9" ,
"indicator--7bda7be8-2c04-46cb-97f1-483ead532476" ,
"indicator--f2d66bf0-be0d-4edd-8ab5-0104eefeaa39" ,
"indicator--f64f1aab-3dbd-4f53-af57-270c24c7934b" ,
"indicator--3620045f-c2a1-427d-b8cf-c413322cbf6e"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"" ,
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"" ,
"misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"" ,
"misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"" ,
"misp-galaxy:mitre-attack-pattern=\"Code Signing Certificates - T1588.003\"" ,
"misp-galaxy:mitre-attack-pattern=\"Digital Certificates - T1588.004\"" ,
"misp-galaxy:mitre-attack-pattern=\"Install Digital Certificate - T1608.003\"" ,
"misp-galaxy:mitre-attack-pattern=\"Link Target - T1608.005\"" ,
"misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"" ,
"misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"" ,
"misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"" ,
"misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"" ,
"misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"" ,
"misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"" ,
"misp-galaxy:mitre-attack-pattern=\"JavaScript/JScript - T1059.007\"" ,
"misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"" ,
"misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"" ,
"misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"" ,
"misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"" ,
"misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"DNS - T1071.004\"" ,
"misp-galaxy:mitre-attack-pattern=\"Multi-hop Proxy - T1090.003\"" ,
"misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"" ,
"misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"" ,
"misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"" ,
"misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"" ,
"misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Asymmetric Cryptography - T1573.002\"" ,
"misp-galaxy:mitre-attack-pattern=\"System Service Discovery - T1007\"" ,
"misp-galaxy:mitre-attack-pattern=\"Application Window Discovery - T1010\"" ,
"misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"" ,
"misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"" ,
"misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"" ,
"misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"" ,
"misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"" ,
"misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"" ,
"misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"" ,
"misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"" ,
"misp-galaxy:mitre-attack-pattern=\"System Language Discovery - T1614.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"" ,
"misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1115\"" ,
"misp-galaxy:mitre-attack-pattern=\"Data from Information Repositories - T1213\"" ,
"misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"" ,
"misp-galaxy:mitre-attack-pattern=\"Archive via Utility - T1560.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"" ,
"misp-galaxy:mitre-attack-pattern=\"System Shutdown/Reboot - T1529\"" ,
"misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"" ,
"misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"" ,
"misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"" ,
"misp-galaxy:mitre-attack-pattern=\"Office Application Startup - T1137\"" ,
"misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"" ,
"misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"" ,
"misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Winlogon Helper DLL - T1547.004\"" ,
"misp-galaxy:mitre-attack-pattern=\"Shortcut Modification - T1547.009\"" ,
"misp-galaxy:mitre-attack-pattern=\"Binary Padding - T1027.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"" ,
"misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"" ,
"misp-galaxy:mitre-attack-pattern=\"Indicator Removal from Tools - T1027.005\"" ,
"misp-galaxy:mitre-attack-pattern=\"Embedded Payloads - T1027.009\"" ,
"misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"" ,
"misp-galaxy:mitre-attack-pattern=\"Invalid Code Signature - T1036.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Double File Extension - T1036.007\"" ,
"misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"" ,
"misp-galaxy:mitre-attack-pattern=\"Dynamic-link Library Injection - T1055.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Thread Execution Hijacking - T1055.003\"" ,
"misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"" ,
"misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"" ,
"misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"" ,
"misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"" ,
"misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"" ,
"misp-galaxy:mitre-attack-pattern=\"Mshta - T1218.005\"" ,
"misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"" ,
"misp-galaxy:mitre-attack-pattern=\"System Checks - T1497.001\"" ,
"misp-galaxy:mitre-attack-pattern=\"Bypass User Access Control - T1548.002\"" ,
"misp-galaxy:mitre-attack-pattern=\"Bypass User Account Control - T1548.002\"" ,
"misp-galaxy:mitre-attack-pattern=\"Code Signing - T1553.002\"" ,
"misp-galaxy:mitre-attack-pattern=\"Hidden Window - T1564.003\"" ,
"misp-galaxy:mitre-attack-pattern=\"VBA Stomping - T1564.007\"" ,
"misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"" ,
"misp-galaxy:mitre-attack-pattern=\"Debugger Evasion - T1622\"" ,
"misp-galaxy:threat-actor=\"Kimsuky\"" ,
"misp-galaxy:threat-actor=\"APT43\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\"" ,
"tlp:clear"
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--aba4257b-3b16-4a30-bcd7-add927143513" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-11T09:42:40.000Z" ,
"modified" : "2023-05-11T09:42:40.000Z" ,
"labels" : [
"misp:name=\"report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report" ,
"category" : "External analysis" ,
"uuid" : "d7f41bdc-0de8-40e7-966e-d15e91a16fd4"
} ,
{
"type" : "text" ,
"object_relation" : "summary" ,
"value" : "Mandiant assesses with high confidence that APT43 is a moderately-sophisticated cyber operator that supports the interests of the North Korean regime. Campaigns attributed to APT43 include strategic intelligence collection aligned with Pyongyang\u2019s geopolitical interests, credential harvesting and social engineering to support espionage activities, and financially-motivated cybercrime to fund operations. Tracked since 2018, APT43 collection priorities align with the mission of the Reconnaissance General Bureau (RGB), North Korea's main foreign intelligence service. The group\u2019s focus on foreign policy and nuclear security issues supports North Korea\u2019s strategic and nuclear ambitions. However, the group\u2019s focus on health-related verticals throughout the majority of 2021, likely in support of pandemic response efforts, highlights its responsiveness to shifting priorities from Pyongyang." ,
"category" : "Other" ,
"uuid" : "b46eb2af-e047-4ab4-93d6-23eab7c07171"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Report" ,
"category" : "Other" ,
"uuid" : "f44c5ca3-40f2-4c1f-939b-bdf7533ee7f4"
} ,
{
"type" : "attachment" ,
"object_relation" : "report-file" ,
"value" : "APT43 Report.pdf" ,
"category" : "External analysis" ,
"uuid" : "70c90efa-8ecb-454d-90ee-29c213fff843" ,
"data" : " J V B E R i 0 x L j Q N J e L j z 9 M N C j I 1 N T k g M C B v Y m o N P D w v T G l u Z W F y a X p l Z C A x L 0 w g M j A 1 O D M y N i 9 P I D I 1 N j E v R S A x N D A y N z Y v T i A y M S 9 U I D I w M D c w M j k v S C B b I D g 1 M i A 4 N T Z d P j 4 N Z W 5 k b 2 J q D S A g I C A g I C A g I A 14 c m V m D Q o y N T U 5 I D I 3 D Q o w M D A w M D A w M D E 2 I D A w M D A w I G 4 N C j A w M D A w M D E 5 M z I g M D A w M D A g b g 0 K M D A w M D A w M j E x M i A w M D A w M C B u D Q o w M D A w M D A z O D Q x I D A w M D A w I G 4 N C j A w M D A w M D Q 0 O T I g M D A w M D A g b g 0 K M D A w M D A w N T E 0 M C A w M D A w M C B u D Q o w M D A w M D A 1 M j U 1 I D A w M D A w I G 4 N C j A w M D A w M D U 1 M T g g M D A w M D A g b g 0 K M D A w M D A w N j E 0 O C A w M D A w M C B u D Q o w M D A w M D A 2 N D E 4 I D A w M D A w I G 4 N C j A w M D A w M D Y 5 O T I g M D A w M D A g b g 0 K M D A w M D A w N z Q 4 N C A w M D A w M C B u D Q o w M D A w M D I w O T E x I D A w M D A w I G 4 N C j A w M D A w M z I 5 N j Y g M D A w M D A g b g 0 K M D A w M D A 0 M D U 1 M S A w M D A w M C B u D Q o w M D A w M D Q w O D E 3 I D A w M D A w I G 4 N C j A w M D A w O D g y O D Q g M D A w M D A g b g 0 K M D A w M D A 4 O D M y N S A w M D A w M C B u D Q o w M D A w M T I w M T M 2 I D A w M D A w I G 4 N C j A w M D A x M j A x N z c g M D A w M D A g b g 0 K M D A w M D E z M j E y N i A w M D A w M C B u D Q o w M D A w M T M 5 M z A 0 I D A w M D A w I G 4 N C j A w M D A x M z k z N j g g M D A w M D A g b g 0 K M D A w M D E z O T U 1 O C A w M D A w M C B u D Q o w M D A w M T Q w M j E z I D A w M D A w I G 4 N C j A w M D A w M D E 3 M D g g M D A w M D A g b g 0 K M D A w M D A w M D g 1 M i A w M D A w M C B u D Q p 0 c m F p b G V y D T w 8 L 1 N p e m U g M j U 4 N i 9 S b 290 I D I 1 N j A g M C B S L 0 l u Z m 8 g M T c z I D A g U i 9 J R F s 8 O U I 4 Q U Q 3 R U Q 0 R T c x N D R F N U J G O D l G M z d D N E E 3 N z I w O T g + P E J E N j d G M 0 N C M 0 I 4 Q T R E N E I 5 M D g 1 N T V D O D I 0 O T Y 3 R T Y y P l 0 v U H J l d i A y M D A 3 M D E 2 L 1 h S Z W Z T d G 0 g M T c w O D 4 + D X N 0 Y X J 0 e H J l Z g 0 w D S U l R U 9 G D S A g I C A g I C A g I C A g I C A N M j U 4 N S A w I G 9 i a g 0 8 P C 9 D I D k 4 M C 9 G a W x 0 Z X I v R m x h d G V E Z W N v Z G U v S S A x M D A y L 0 x l b m d 0 a C A 3 N j A v T y A 5 N j Q v U y A 3 O T c + P n N 0 c m V h b Q 0 K a N 5 i Y G B g Y m B g e c H A y s D A f Y N B h A E B R I B i 7 A w s D B x r H J g 4 E h g c w Y L s D A p / D z T s Y n b m P 3 Z L 30 o 4 + K t c z Q F W b 0 b J B X o F T K U G E S 0 M t x M 4 a x g 3 H 5 C 6 B F S s s p z J x I A l g X n G g / h 0 m 8 v G c 15 n B c 95 m u m N Z I e J Y n O H 20 S t F M 4 r K y x Y B J x X 9 Y s L 5 V y c z H 6 R i 41 F I O E R k 4 z V i o + F 7 m d n G S V 4 m L o z s w u U K C i o d 3 e K 5 P y c z N a 4 y k L C o n k h I 6 P N 2 s T i t J 4 Z I g e r n i 7 y b w 45 Y l D I 4 M R k U f G y 0 O 2 s p I H K D 7 i + m c Y S L T u 2 u A M F N T w 3 J D i y 8 S k o H l 4 + V V y k 5 u Z i N Z Z m J g 6 D Q k Y + 2 Z C K H Y u f g f R J L V v E 3 J Z R 8 f L Q s / 4 W o 4 Q b C x W u m v H I O A c f Z G i y K t g x G W R f j X T B w S M W R S 8 e P m h 3 a N L L O b h Q / a g k 2 x q D Q m 4 m J q b Y p q e L X K V N U g 59 y D r M L r B B Q U H 1 h l 6 U S u B m N x 99 m J K P r z c 9 A i p J b b p 6 Y c G B u p + V D V n X G F k E X x 9 P Y m b X U / 38 g 0 d 8 n S i b I F C D L t v a h I a H T Y w s H 29 f e h S / T 5 S x 6 u m G R K D R h x m y p r b x K S Y 4 O H i v j 9 n i s R j o p A T e i I R H Y i w s L L t Z T 7 t 0 m W W c b H 1 w F a p k A 1 R J H A + H g z v f P D 4 F g 8 W P Q p 2 a G X 8 / X y / b w M D g 4 t H R A I m Q t L S 0 9 A 4 g A D K Z l N S B D I h 4 B U Q I K A g S g 4 o K i s P l 0 9 I q o L o Y B c O h o o K C E F 1 s E M k G i O k w k 4 y N j W F M 9 o 4 O D B Y j W D O M B 3 E A l C c o G o o i V w F 3 E A a L N T Q t A + J e s l I t k J P E I B t i B 6 T F g d g Z b J 0 0 g w D b M q Y C p l y G C I Y 3 T N E M n 5 m U G S + a R O j 9 k W 1 j e L 8 z g I G v R o O B T 2 + S 9 H s G V Y b F T C U M K k z u j N 2 M C x i F G P U Z n z K + Z H i m n 8 B w k e G J 9 E J g B k O G o Q y V D B O A Z k Y B Y R w D J 2 M 6 o z j D M s a 7 j N M Y V z O q M O Q x K D H k M b k B I 8 C U 4 Y f 6 A Y Z s B m 2 k b M T Q x y D 7 t h M U b E C s A 8 T 9 Q P 5 W I C 3 B w D A p D q 5 q L Y P c f E O o q u 0 A A Q Y A q H s w 5 w 1 l b m R z d H J l Y W 0 N Z W 5 k b 2 J q D T I 1 O D Q g M C B v Y m o N P D w v R G V j b 2 R l U G F y b X M 8 P C 9 D b 2 x 1 b W 5 z I D M v U H J l Z G l j d G 9 y I D E y P j 4 v R m l s d G V y L 0 Z s Y X R l R G V j b 2 R l L 0 l u Z G V 4 W z E 3 N C A y M z g 1 X S 9 M Z W 5 n d G g g N z A v U 2 l 6 Z S A y N T U 5 L 1 R 5 c G U v W F J l Z i 9 X W z E g M S A x X T 4 + c 3 R y Z W F t D Q p o 3 u z R Q Q 0 A M A w D s T T 8 p S E Y 17 G Y + v D j C J z b k y a j L c 31 g I d 48 B A P H u L B Q z x 4 i I d 48 B A P H u L B Q z x 4 i I d 48 B C P f z 0 B B g A s 3 y q f D W V u Z H N 0 c m V h b Q 1 l b m R v Y m o N M j U 2 M C A w I G 9 i a g 0 8 P C 9 M Y W 5 n K G V u L V V T K S 9 N Y X J r S W 5 m b z w 8 L 0 1 h c m t l Z C B 0 c n V l P j 4 v T W V 0 Y W R h d G E g M T c y I D A g U i 9 P d X R s a W 5 l c y A x N D I g M C B S L 1 B h Z 2 V z I D E 2 N y A w I F I v U 3 R y d W N 0 V H J l Z V J v b 3 Q g M T c 0 I D A g U i 9 U e X B l L 0 N h d G F s b 2 c v V m l l d 2 V y U H J l Z m V y Z W 5 j Z X M 8 P C 9 E a X J l Y 3 R p b 24 v T D J S P j 4 + P g 1 l b m R v Y m o N M j U 2 M S A w I G 9 i a g 0 8 P C 9 B c n R C b 3 h b M C 4 w I D A u M C A 2 M T I u M C A 3 O T I u M F 0 v Q m x l Z W R C b 3 h b M C 4 w I D A u M C A 2 M T I u M C A 3 O T I u M F 0 v Q 29 u d G V u d H M g M j U 2 N i A w I F I v Q 3 J v c E J v e F s w L j A g M C 4 w I D Y x M i 4 w I D c 5 M i 4 w X S 9 H c m 91 c C A y N T g z I D A g U i 9 N Z W R p Y U J v e F s w L j A g M C 4 w I D Y x M i 4 w I D c 5 M i 4 w X S 9 Q Y X J l b n Q g M T Y 4 I D A g U i 9 S Z X N v d X J j Z X M 8 P C 9 F e H R H U 3 R h d G U 8 P C 9 H U z A g M j U 2 N C A w I F I + P i 9 G b 250 P D w v V F Q w I D I 1 N j I g M C B S L 1 R U M S A y N T Y 5 I D A g U j 4 + L 1 B y b 2 N T Z X R b L 1 B E R i 9 U Z X h 0 X S 9 Y T 2 J q Z W N 0 P D w v R m 0 w I D I 1 N z k g M C B S L 0 Z t M S A y N T g y I D A g U j 4 + P j 4 v U m 90 Y X R l I D A v U 3 R y d W N 0 U G F y Z W 50 c y A w L 1 R y a W 1 C b 3 h b M C 4 w I D A u M C A 2 M T I u M C A 3 O T I u M F 0 v V H l w Z S 9 Q Y W d l L 1 B p Z W N l S W 5 m b z w 8 L 0 l u R G V z a W d u P D w v R G 9 j d W 1 l b n R J R D x G R U Z G M D A 3 O D A w N k Q w M D c w M D A y R T A w N j Q w M D Y 5 M D A 2 N D A w M 0 E w M D M 1 M D A z O D A w N j M w M D Y x M D A z N T A w N j U w M D Y 1 M D A 2 M z A w M k Q w M D Y z M D A z M z A w M z k w M D Y 1 M D A y R D A w M z Q w M D M w M D A 2 M z A w M z Y w M D J E M D A z O T A w N j E w M D Y x M D A 2 N T A w M k Q w M D M 5 M D A 2 M T A w M z g w M D M y M D A 2 M j A w M z k w M D M 2 M D A z M z A w N j Y w M D M x M D A z M j A w N j Y + L 0 x h c 3 R N b 2 R p Z m l l Z D x G R U Z G M D A 0 N D A w M 0 E w M D M y M D A z M D A w M z I w M D M z M D A z M D A w M z M w M D M y M D A z O T A w M z E w M D M 3 M D A z N T A w M z c w M D M w M D A z N T A w N U E + L 0 51 b W J l c k 9 m U G F n Z U l 0 Z W 1 z S W 5 Q Y W d l I D g v T n V t Y m V y b 2 Z Q Y W d l c y A x L 0 9 y a W d p b m F s R G 9 j d W 1 l b n R J R D x G R U Z G M D A 3 O D A w N k Q w M D c w M D A y R T A w N j Q w M D Y 5 M D A 2 N D A w M 0 E w M D Y x M D A z N D A w N j E w M D Y y M D A 2 N j A w M z Y w M D Y y M D A 2 N D A w M k Q w M D M w M D A 2 M T A w M z U w M D M 1 M D A y R D A w M z Q w M D Y y M D A 2 M T A w N j U w M D J E M D A 2 M T A w M z I w M D Y 2 M D A z N z A w M k Q w M D Y 2 M D A z M z A w M z Y w M D Y 1 M D A z M j A w N j I w M D Y z M D A 2 M T A w M z Y w M D M 3 M D A 2 N j A w M z k + L 1 B h Z 2 V J d G V t V U l E V G 9 M b 2
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cf25b2dc-798c-4c8e-8354-5b1ccda8da86" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:00:13.000Z" ,
"modified" : "2023-05-15T13:00:13.000Z" ,
"description" : "AMADEY" ,
"pattern" : "[file:hashes.MD5 = '982fc9ded34c85469269eacb1cb4ef26' AND file:hashes.SHA1 = 'e205ed81ccb99641dcc6c2799d32ef0584fa2175' AND file:hashes.SHA256 = '557ff6c87c81a2d2348bd8d667ea8412a1a0a055f5e1ae91701c2954ca8a3fdb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:00:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
2024-04-05 12:15:17 +00:00
"misp-galaxy:tool=\"AMADEY\"" ,
2024-08-07 08:13:15 +00:00
"misp-galaxy:mitre-malware=\"Amadey - S1025\"" ,
"misp-galaxy:malpedia=\"Amadey\""
2023-12-14 14:30:15 +00:00
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--eee5fbac-5daf-49ee-9962-5f011775f0a2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:00:40.000Z" ,
"modified" : "2023-05-15T13:00:40.000Z" ,
"description" : "BENCHMARK" ,
"pattern" : "[file:hashes.MD5 = 'de9a8c26049699dbbd5d334a8566d38d' AND file:hashes.SHA1 = '47a32bc992e5d4613b3658b025ab913b0679232c' AND file:hashes.SHA256 = '43c2d5122af50363c29879501776d907eaa568fa142d935f6c80e823d18223f5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:00:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"BENCHMARK\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6062ab98-a092-44b8-8c25-c237b2c2bb03" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:01:05.000Z" ,
"modified" : "2023-05-15T13:01:05.000Z" ,
"description" : "BIGRAISIN" ,
"pattern" : "[file:hashes.MD5 = '144bd7fd423edc3965cb0161a8b82ab2' AND file:hashes.SHA1 = '1087efbd004f65d226bf20a52f1dc0b3e756ff9e' AND file:hashes.SHA256 = '2b78d5228737a38fa940e9ab19601747c68ed28e488696694648e3d70e53eb5a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:01:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:backdoor=\"BIGRAISIN\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b8010d27-ff96-4971-a652-4c16e1d96002" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:03:02.000Z" ,
"modified" : "2023-05-15T13:03:02.000Z" ,
"description" : "BITTERSWEET" ,
"pattern" : "[file:hashes.MD5 = 'cd83a51bec0396f4a0fd563ca9c929d7' AND file:hashes.SHA1 = 'f3b047e6eb3964deb047767fad52851c5601483f' AND file:hashes.SHA256 = 'fb7fb6dbaf568b568cd5e60ab537a42d5982949a5e577db53cc707012c7f20e3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:03:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"BITTERSWEET\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c45bfa39-cf7d-46cf-9452-d0df78df2bf5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:04:55.000Z" ,
"modified" : "2023-05-15T13:04:55.000Z" ,
"description" : "BRAVEPRINCE" ,
"pattern" : "[file:hashes.MD5 = '33df74cbb60920d63fe677c6f90b63f9' AND file:hashes.SHA1 = '539acd9145befd7e670fe826c248766f46f0d041' AND file:hashes.SHA256 = '94aa827a514d7aa70c404ec326edaaad4b2b738ffaea5a66c0c9f246738df579']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:04:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"BRAVEPRINCE\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--84d55547-c836-4111-aa5a-cc3ff9219944" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:05:47.000Z" ,
"modified" : "2023-05-15T13:05:47.000Z" ,
"description" : "BRAVEPRINCE" ,
"pattern" : "[file:hashes.MD5 = 'ebaf83302dc78d96d5993830430bd169' AND file:hashes.SHA1 = 'bc6cb78e20cb20285149d55563f6fdcf4aaafa58' AND file:hashes.SHA256 = '5cbc07895d099ce39a3142025c557b7fac41d79914535ab7ffc2094809f12a4b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:05:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"BRAVEPRINCE\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb63a7a-9e7f-43f2-8765-9d089b663dfc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:06:43.000Z" ,
"modified" : "2023-05-15T13:06:43.000Z" ,
"description" : "COINTOS" ,
"pattern" : "[file:hashes.MD5 = 'b846fa8bc3a55fa0490a807186a8ece9' AND file:hashes.SHA1 = 'c0c6b99796d732fa53402ff49fd241612a340229' AND file:hashes.SHA256 = '855656bfecc359a1816437223c4a133359e73ecf45acda667610fbe7875ab3c8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:06:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"COINTOSS\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--bde359de-47f5-4db2-83f0-3e623af55269" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:06:43.000Z" ,
"modified" : "2023-05-15T13:06:43.000Z" ,
"description" : "COINTOSS.XLM" ,
"pattern" : "[file:hashes.MD5 = 'f92a75b98249fa61cf62e8b63cb68fae' AND file:hashes.SHA1 = 'e5b312155289cdc6a80a041821fc82d2cca80bcd' AND file:hashes.SHA256 = 'd0971d098b0f8cf2187feeed3ce049930f19ec3379b141ec6a2f2871b1e90ff7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:06:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"COINTOSS\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c3ddff3a-02e2-43b0-b47e-f6d7a90eee03" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:07:20.000Z" ,
"modified" : "2023-05-15T13:07:20.000Z" ,
"description" : "DRIVEDOWN" ,
"pattern" : "[file:hashes.MD5 = '1dcd5afeccfe2040895686eefa0a9629' AND file:hashes.SHA1 = '40826e2064b59b8b7b3e514b9ef2c1479ac3b038' AND file:hashes.SHA256 = '07aed9fa864556753de0a664d22854167a3d898820bc92be46b1977c68b12b34']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:07:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"DRIVEDOWN\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1f404ef9-7677-4102-baf8-24caf174a7cc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:07:20.000Z" ,
"modified" : "2023-05-15T13:07:20.000Z" ,
"description" : "DRIVEDOWN" ,
"pattern" : "[file:hashes.MD5 = '5fe4da6a1d82561a19711e564adc7589' AND file:hashes.SHA1 = 'e79527f7307c1dda62c42487163616b3e58d5028' AND file:hashes.SHA256 = '8d0bafca8a8e8f3e4544f1822bc4bb08ceaa3c7192c9a92006b1eb500771ab53']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:07:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"DRIVEDOWN\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ff14f879-8af3-4abf-8344-17f13f5a751e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:07:45.000Z" ,
"modified" : "2023-05-15T13:07:45.000Z" ,
"description" : "EGGHATCH" ,
"pattern" : "[file:hashes.MD5 = 'e8da7fcdf0ca67b76f9a7967e240d223' AND file:hashes.SHA1 = 'b0c2312852d750c4bceb552def6985b8b800d3f3' AND file:hashes.SHA256 = '9dac6553b89645ac8d9e0a3dc877d12641e6d05fb52e8de6ae5533b2bdf0abc9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:07:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"EGGHATCH\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f7c4ab60-f8ad-4dde-a129-47f1f72d79e0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:21:28.000Z" ,
"modified" : "2023-05-15T13:21:28.000Z" ,
"description" : "FASTFIRE" ,
"pattern" : "[file:hashes.MD5 = '2bf26702c6ecbd46f68138cdcd45c034' AND file:hashes.SHA1 = '1b9a4c0a5615a4f96a041d771646c1a407b17577' AND file:hashes.SHA256 = '38d1d8c3c4ec5ea17c3719af285247cb1d8879c7cf967e1be1197e60d42c01c5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:21:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:malpedia=\"FastFire\"" ,
"misp-galaxy:backdoor=\"FASTFIRE\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--47c21f0e-cde1-43ae-bbd6-7c05f2699661" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:22:13.000Z" ,
"modified" : "2023-05-15T13:22:13.000Z" ,
"description" : "Gh0st RAT" ,
"pattern" : "[file:hashes.MD5 = '2d330c354c14b39368876392d56fb18c' AND file:hashes.SHA1 = 'a1f72c890d0b920f4f4cb2d59df6fa40734de90d' AND file:hashes.SHA256 = 'f86d05c1d7853c06fc5561f8df19b53506b724a83bb29c69b39f004a0f7f82d8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:22:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:mitre-malware=\"gh0st RAT - S0032\"" ,
"misp-galaxy:tool=\"Gh0st Rat\"" ,
2024-08-07 08:13:15 +00:00
"misp-galaxy:malpedia=\"Ghost RAT\"" ,
"misp-galaxy:rat=\"Gh0st RAT\""
2023-12-14 14:30:15 +00:00
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--22e220fa-ca7f-4abe-94c4-9cb42137c7f8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:22:48.000Z" ,
"modified" : "2023-05-15T13:22:48.000Z" ,
"description" : "GOLDDRAGON" ,
"pattern" : "[file:hashes.MD5 = '15ec5c7125e6c74f740d6fc3376c130d' AND file:hashes.SHA1 = 'fb09b89803da071b7b7eb23244771c54d979a873' AND file:hashes.SHA256 = '4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:22:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
2024-08-07 08:13:15 +00:00
"misp-galaxy:malpedia=\"GoldDragon\"" ,
"misp-galaxy:tool=\"GOLDDRAGON\""
2023-12-14 14:30:15 +00:00
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--34253556-8ba3-47fa-8013-d74d287cf421" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:22:48.000Z" ,
"modified" : "2023-05-15T13:22:48.000Z" ,
"description" : "GOLDDRAGON.POWERSHELL" ,
"pattern" : "[file:hashes.MD5 = '2a5562de1d3e734d9328a1c78b43c2e5' AND file:hashes.SHA1 = '4b0d0ebb0c676efe855bed796221dd475a39ba40' AND file:hashes.SHA256 = '203ea478fa4d2d5ef513cad8b51617e0c9f7571bf3a3becf9c267a0d590c6d72']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:22:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
2024-08-07 08:13:15 +00:00
"misp-galaxy:malpedia=\"GoldDragon\"" ,
"misp-galaxy:tool=\"GOLDDRAGON\""
2023-12-14 14:30:15 +00:00
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--aca63f0b-b7e4-4544-aed9-80aaade560a9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:23:16.000Z" ,
"modified" : "2023-05-15T13:23:16.000Z" ,
"description" : "GOLDDROP" ,
"pattern" : "[file:hashes.MD5 = '0cc0aa5877cec9109b7a5a0e3a250c72' AND file:hashes.SHA1 = '1d49d462a11a00d8ac9608e49f055961bf79980d' AND file:hashes.SHA256 = '1324acd1f720055e7941b39949116dfe72ce2e7792e70128f69e228eb48b0821']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:23:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"GOLDDROP\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--616a09f0-4cc8-4227-bbb4-cb6917ded2bd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:23:15.000Z" ,
"modified" : "2023-05-15T13:23:15.000Z" ,
"description" : "GOLDDROP" ,
"pattern" : "[file:hashes.MD5 = '2c530adb841114366ce6177ce964a5e6' AND file:hashes.SHA1 = '5b69e3e5f4f49cf8b635a57a8c92e17a4f130d50' AND file:hashes.SHA256 = '873b8fb97b4b0c6d7992f6af15653295788526def41f337c651dc64e8e4aeebd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:23:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"GOLDDROP\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--30576e97-c3c7-46c0-bb30-19680e264b68" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:23:38.000Z" ,
"modified" : "2023-05-15T13:23:38.000Z" ,
"description" : "GOLDSMELT" ,
"pattern" : "[file:hashes.MD5 = 'c066b81c4b8b0703f81f8bc6fb432992' AND file:hashes.SHA1 = '2508f5ff0c28356c0c3f8e6cae7b750d53495bca' AND file:hashes.SHA256 = '63b4bd01f80d43576c279adf69a5582129e81cc4adbd03675909581643765ea8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:23:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"GOLDSMELT\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f6f6f14b-0a83-4e29-97c8-9f87fb1dc069" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:24:07.000Z" ,
"modified" : "2023-05-15T13:24:07.000Z" ,
"description" : "GRAYZONE" ,
"pattern" : "[file:hashes.MD5 = '1d30dfa5d8f21d1465409b207115ded6' AND file:hashes.SHA1 = '942fd7b4ef1ccf7032a40acad975c7b5905c3c77' AND file:hashes.SHA256 = 'ed0161f2a3337af5e27a84bea85fb4abe35654f5de22bcb8a503d537952b1e8a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:24:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:backdoor=\"GRAYZONE\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--928dbc59-8047-4bd4-998f-3d8c42e3394a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:24:30.000Z" ,
"modified" : "2023-05-15T13:24:30.000Z" ,
"description" : "HANGMAN.V2" ,
"pattern" : "[file:hashes.MD5 = '21cffaa7f9bf224ce75e264bfb16dd0d' AND file:hashes.SHA1 = '862abce03f7f5de0c466fdbd24ad796578eaa110' AND file:hashes.SHA256 = 'a605570555620cea6d6be211520525fc95a30961661780da4cc4bafe9864f394']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:24:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:backdoor=\"HANGMAN.V2\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7bc0d36a-4e73-4b6b-82ac-b4864d0b0e9c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:24:59.000Z" ,
"modified" : "2023-05-15T13:24:59.000Z" ,
"description" : "Invoke-Mimikatz" ,
"pattern" : "[file:hashes.MD5 = '20bc53deb7b1214580e9d9efeaa5e9d7' AND file:hashes.SHA1 = 'e74b816f1c6d6347cb40121e0b50dadd0d8f1f97' AND file:hashes.SHA256 = '908777e58161615657663656861c212ac25696741ef69411021474158fa2b4cf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:24:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"Invoke-Mimikatz\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--24d17de4-31cf-4967-bc99-6c1dbba3be40" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:19:15.000Z" ,
"modified" : "2023-05-15T13:19:15.000Z" ,
"description" : "JURASSICSHELL" ,
"pattern" : "[file:hashes.MD5 = '9cdda333432f403b408b9fe717163861' AND file:hashes.SHA1 = 'd80be054a569df5f201191dcc4fea0dde9622da5' AND file:hashes.SHA256 = 'd2f4bf0caed5a442198fcdc43c83c7b27ae04f341a72b270c9ed40778aa77afe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:19:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"JURASSICSHELL\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--dd10a976-80d6-4adb-b410-154fefab83ae" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:19:15.000Z" ,
"modified" : "2023-05-15T13:19:15.000Z" ,
"description" : "JURASSICSHELL" ,
"pattern" : "[file:hashes.MD5 = 'ddae18c65d583b41a2157d496a4bde61' AND file:hashes.SHA1 = '63e113f0a906af82903dbfac3e78bdd2d146e738' AND file:hashes.SHA256 = 'a4ba1e6ab678a1bdf8bc05bea8310d743928a4e2c05bad104e61afdd9cccf9a1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:19:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"JURASSICSHELL\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6fd830c7-4a8f-446b-b6e9-044bed661a3b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:26:06.000Z" ,
"modified" : "2023-05-15T13:26:06.000Z" ,
"description" : "LANDMARK" ,
"pattern" : "[file:hashes.MD5 = '1ffccf6cb3b74d68df2b899fd33127a5' AND file:hashes.SHA1 = 'a61f009e73ae81a18751e9aee39f8121a3902280' AND file:hashes.SHA256 = 'da22d327124a0ee6a93cd07e85f9804fbc98eda87824ddcf7c8a63d349e87034']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:26:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"LANDMARK\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dcbec94-42d4-4bbc-950c-8c5713dff1c1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:26:06.000Z" ,
"modified" : "2023-05-15T13:26:06.000Z" ,
"description" : "LANDMARK.NET" ,
"pattern" : "[file:hashes.MD5 = '60efecf4e1b5b2c580329e9afa05db15' AND file:hashes.SHA1 = '12c508ace6e8aa42be02750d759e720b800bf796' AND file:hashes.SHA256 = '034d29fb89a8f68ba714f1868b2181c4cd59d4a2604630ef1554a6ccf3fe6d75']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:26:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"LANDMARK\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--09d48190-3b5d-4e3c-b1a8-38920340b253" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:26:42.000Z" ,
"modified" : "2023-05-15T13:26:42.000Z" ,
"description" : "LATEOP\r\nLATEOP.V2" ,
"pattern" : "[file:hashes.MD5 = '0f77143ce98d0b9f69c802789e3b1713' AND file:hashes.SHA1 = '7da4e8b743478370fa41fe39a45e3ff2ca2194b3' AND file:hashes.SHA256 = '54a8b8c933633c089f03d07cfbd5cafbf76a6d7095f2706d6604e739bb9c950f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:26:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
2024-08-07 08:13:15 +00:00
"misp-galaxy:tool=\"LATEOP\"" ,
"misp-galaxy:malpedia=\"BabyShark\""
2023-12-14 14:30:15 +00:00
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--78168392-f363-4089-b3dc-3f208519fdbd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:27:44.000Z" ,
"modified" : "2023-05-15T13:27:44.000Z" ,
"description" : "LOGCABIN" ,
"pattern" : "[file:hashes.MD5 = '0b558ee89a7bb32968ef78104f6b9a28' AND file:hashes.SHA1 = 'b7fdb5e5b31adfc5ada0de1e05b0c069968e5bce' AND file:hashes.SHA256 = '79c0fe1467dada33e0b097dd772c36229618b7091baa5f10da083f894192a237']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:27:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:backdoor=\"LOGCABIN\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--44f8931b-cf23-47ec-b023-2fdfa8114ff0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:18:47.000Z" ,
"modified" : "2023-05-15T13:18:47.000Z" ,
"description" : "LONEJOGGER" ,
"pattern" : "[file:hashes.MD5 = '139d2561f5c72fabb099a12c16b8960c' AND file:hashes.SHA1 = '2dd269608dd7f4da171d1a220fe97347162008c7' AND file:hashes.SHA256 = '2c338055e8245057169f1733846e0490bc4ae117d1dadefe0a3f07a63dc87520']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:18:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"LONEJOGGER\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6ae69ae1-d8cd-4dda-b507-82bde00357ca" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:18:47.000Z" ,
"modified" : "2023-05-15T13:18:47.000Z" ,
"description" : "LONEJOGGER" ,
"pattern" : "[file:hashes.MD5 = '14a00f517012279af53118a491253e5c' AND file:hashes.SHA1 = '98040f42103ce3b840dd54bf3490587f141a0bc3' AND file:hashes.SHA256 = '26a98b752fd8e700776f11bad4169a0670824d5b5b9337f3c8f46fac33bc03e8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:18:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"LONEJOGGER\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--68119593-c328-4af6-8508-2bc78be34b32" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:27:13.000Z" ,
"modified" : "2023-05-15T13:27:13.000Z" ,
"description" : "METASPLOIT" ,
"pattern" : "[file:hashes.MD5 = '37e7d679cd4aa788ec63f27cb02962ea' AND file:hashes.SHA1 = '7d66c1f36b4b48d990461ec44d626793ade6a8d1' AND file:hashes.SHA256 = 'b55e9d65a3130f543360a9c488d35475d4789ee7a32a4e94d02f33c21a172bcb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:27:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"metasploit\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--103fb4e3-f3c2-4ab5-b752-3d7e64aa8b0b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:28:06.000Z" ,
"modified" : "2023-05-15T13:28:06.000Z" ,
"description" : "PASSMARK" ,
"pattern" : "[file:hashes.MD5 = 'b077ba5af1dfbd4ac523923eab56bcd4' AND file:hashes.SHA1 = '4e93797dd3b383050cf0ee585aa5b5525efb2380' AND file:hashes.SHA256 = '4a08b78d410bc3d9b78dd63b146767f293dc3f3f6f8092352d2aa2f589e9c772']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:28:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"PASSMARK\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ac5e133b-8054-4762-ada5-fe64b83e2e85" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:29:22.000Z" ,
"modified" : "2023-05-15T13:29:22.000Z" ,
"description" : "PENCILDOWN" ,
"pattern" : "[file:hashes.MD5 = '04d0856afb1aa9168377d6aa579c5403' AND file:hashes.SHA1 = 'f3b774e921eaad9335b9c057dd49b918c5dae4a6' AND file:hashes.SHA256 = 'e637c86ae20a7f36a0ad43618b00c48f47b5591a03af3fb689a16c45afa43733']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:29:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"PENCILDOWN\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1125ef0c-0e3f-4183-8ba8-a77b836cfb6a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:29:22.000Z" ,
"modified" : "2023-05-15T13:29:22.000Z" ,
"description" : "PENCILDOWN.ANDROID" ,
"pattern" : "[file:hashes.MD5 = '4626ed60dfc8deaf75477bc06bd39be7' AND file:hashes.SHA1 = 'a9ff1ebb548f5bba600d38e709ff331749fa9971' AND file:hashes.SHA256 = '2365a48f7d6cf6dcc83195f06ea11b93c955c3a491c60b50ba42788917ba22e2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:29:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"PENCILDOWN\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--175ff6d0-358c-4cb2-9d28-3501843840f8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:20:03.000Z" ,
"modified" : "2023-05-15T13:20:03.000Z" ,
"description" : "PENDOWN" ,
"pattern" : "[file:hashes.MD5 = '768c84100d6e3181a26fa50261129287' AND file:hashes.SHA1 = '6f4b6938ac8fd9591fc399219dbaf4347d8b444b' AND file:hashes.SHA256 = '780e7edbfad5f68051c2039036b00b304d3f828fdbee85d2d09edbcc6d07ea34']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:20:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"PENDOWN\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8a6edbf1-a471-46aa-8235-42b46413b5f0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:10:58.000Z" ,
"modified" : "2023-05-15T13:10:58.000Z" ,
"description" : "PUMPKINBAR" ,
"pattern" : "[file:hashes.MD5 = '946f787c129bf469298aa881fb0843f4' AND file:hashes.SHA1 = 'd3b233d6d8b11235929e4a0cbdb12eefdd47d927' AND file:hashes.SHA256 = '32beeda8cffc2ecc689ea2529194cf806955879a334ec68176864d1e6c09800c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:10:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"PUMPKINBAR\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--dedfbe89-65c0-4038-b3f7-fd8ad142f2a7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:10:58.000Z" ,
"modified" : "2023-05-15T13:10:58.000Z" ,
"description" : "PUMPKINBAR" ,
"pattern" : "[file:hashes.MD5 = 'c9d70bf370172609da848fa785989939' AND file:hashes.SHA1 = '851ba2182b37bc7380420a986840e16f73947413' AND file:hashes.SHA256 = 'ba3c79dbeca0234fa838ae4c956409115556f437372aeeb0737206d71caf4a38']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:10:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"PUMPKINBAR\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a57ffcff-8a78-4a9b-98b5-86b92b18f452" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:30:46.000Z" ,
"modified" : "2023-05-15T13:30:46.000Z" ,
"description" : "QUASARRAT" ,
"pattern" : "[file:hashes.MD5 = '0085bc8ce16ef17643909c4799ead02b' AND file:hashes.SHA1 = '25d94c9ab7635ff330dabe96780f330f7f2ba775' AND file:hashes.SHA256 = 'a9c404e100bfd2716a8f6bfafc07b0bd6175bedb047d10b94390c79249258272']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:30:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:rat=\"Quasar RAT\"" ,
2024-08-07 08:13:15 +00:00
"misp-galaxy:malpedia=\"Quasar RAT\"" ,
"misp-galaxy:tool=\"QUASARRAT\"" ,
2024-04-05 12:15:17 +00:00
"misp-galaxy:mitre-tool=\"QuasarRAT - S0262\""
2023-12-14 14:30:15 +00:00
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ebe523ea-7abc-46e4-ad9a-45c2ed6cc5b0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:29:49.000Z" ,
"modified" : "2023-05-15T13:29:49.000Z" ,
"description" : "SLIMCURL" ,
"pattern" : "[file:hashes.MD5 = '68ce092f1a3d19852ea32db8388de5c7' AND file:hashes.SHA1 = '700acc4e48eae84f80f4dbaf74bf60b79efd49bd' AND file:hashes.SHA256 = '25c2f4703cbaa1ff4dbcfcc16a10b29ef35ccc174b71b21de360d898540889f8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:29:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"SLIMCURL\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--80f6cb75-2c92-421d-aef9-ed23072da4a9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:30:14.000Z" ,
"modified" : "2023-05-15T13:30:14.000Z" ,
"description" : "SOURDOUGH" ,
"pattern" : "[file:hashes.MD5 = '7e609404cc258bbe283bea6ddd7af293' AND file:hashes.SHA1 = '6618e25dd49b68f7b2b266eb2d787e6f05c964bc' AND file:hashes.SHA256 = '502136707a70b768800640224e48c634057dc651892113b62522f0dd2fcf1e87']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:30:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:backdoor=\"SOURDOUGH\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7bda7be8-2c04-46cb-97f1-483ead532476" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:28:48.000Z" ,
"modified" : "2023-05-15T13:28:48.000Z" ,
"description" : "SPICYTUNA" ,
"pattern" : "[file:hashes.MD5 = '0821884168a644f3c27176a52763acc9' AND file:hashes.SHA1 = '1f6c7c9219f6b6ea30cd481968ae1a038789be67' AND file:hashes.SHA256 = 'e7fae41c0bd8d3d95253bd75dce99015599ecc404bd8d737cec305fc3e4dd018']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:28:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"SPICYTUNA\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f2d66bf0-be0d-4edd-8ab5-0104eefeaa39" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:28:48.000Z" ,
"modified" : "2023-05-15T13:28:48.000Z" ,
"description" : "SPICYTUNA" ,
"pattern" : "[file:hashes.MD5 = '8ca84c206fe8436dcc92bf6c1f7cf168' AND file:hashes.SHA1 = '636f2c20183b45691b742949d49b3d6c218c9cce' AND file:hashes.SHA256 = '7943bf9cc7b2adf50f7f92dd37347381e6d0aef23b34a3cd0a3afcda1d72e16d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:28:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"SPICYTUNA\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f64f1aab-3dbd-4f53-af57-270c24c7934b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T13:20:28.000Z" ,
"modified" : "2023-05-15T13:20:28.000Z" ,
"description" : "TROIBOMB" ,
"pattern" : "[file:hashes.MD5 = '18df13900f118158c33df904c662e875' AND file:hashes.SHA1 = '11f646095495d625e7d71038578cc838a6d5e111' AND file:hashes.SHA256 = '98d4471fe549bb3067ac2f2d9afd50ed1baaddab41ec4270834989e7f1ade14d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T13:20:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:backdoor=\"TROIBOMB\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3620045f-c2a1-427d-b8cf-c413322cbf6e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-05-15T12:59:18.000Z" ,
"modified" : "2023-05-15T12:59:18.000Z" ,
"description" : "VENOMBITE" ,
"pattern" : "[file:hashes.MD5 = '107f917a5ddb4d3947233fbc9d47ddc8' AND file:hashes.SHA1 = '75c516dde8415494c288e349d440ce778dede8e3' AND file:hashes.SHA256 = '2d41b04f5d86047dc2353a10595418b0d5239c22112f36eb9d253b2e8b6eb0d0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-05-15T12:59:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"misp-galaxy:tool=\"VENOMBITE\""
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}