misp-circl-feed/feeds/circl/stix-2.1/704d14e0-3a68-46a2-9b20-88a781463250.json

617 lines
764 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--704d14e0-3a68-46a2-9b20-88a781463250",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-27T08:45:31.000Z",
"modified": "2022-10-27T08:45:31.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--704d14e0-3a68-46a2-9b20-88a781463250",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-10-27T08:45:31.000Z",
"modified": "2022-10-27T08:45:31.000Z",
"name": "[TLP:WHITE] Joint CSA: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector",
"published": "2022-10-27T08:45:40Z",
"object_refs": [
"indicator--c7166501-5bd1-45d8-97e3-4634136c5457",
"indicator--9a2762d3-7826-4a8b-a1ea-39cd309a596a",
"indicator--e5748b36-87ab-4cf8-a6ad-9bc041f0581f",
"indicator--6a01d26b-6d7a-4000-8a1a-67d923c04e69",
"indicator--138f9eeb-2858-4dff-84e9-bf9d7589b72e",
"indicator--c3284cf6-25c7-4f2b-881d-bce199505b0f",
"indicator--857759e8-3c07-4b70-aade-5fe7b5da8460",
"indicator--ef68bbc5-3aaa-40bc-ae02-a2e7d95feb5e",
"indicator--f6ae8d8a-5704-46f9-b403-a314c8096c23",
"indicator--ce8554b9-1602-4476-bbc3-7869be2a91b5",
"indicator--22449f76-157d-41ae-b5a5-f9b36266e279",
"indicator--2536c3ce-4061-4f9c-b9c4-c06d6ecd0db3",
"indicator--2d0749f9-0913-4c9d-93f2-bcc69cb513b2",
"indicator--cec55dab-f351-4c61-a998-0f8b8c3f9851",
"indicator--15fa7f34-5106-4671-b4c5-9073137ed92f",
"indicator--34fea72d-0bcb-4fa1-9a16-07d70d376fcb",
"x-misp-object--6120480d-1d15-409f-a867-61d92d89b55f",
"indicator--d7942518-41c8-4d63-9981-2240d92984f1",
"indicator--404a83c0-700c-4cbb-8def-2bb802bc8723",
"indicator--29f55101-c92f-427f-a48c-f1b422acc352",
"indicator--926e1339-d22d-4de0-b77e-987842bd5cd2",
"indicator--b44ce2ec-2bed-4e6e-8277-fc5c2d9e8e04"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:malpedia=\"Maui Ransomware\"",
"misp-galaxy:ransomware=\"Maui ransomware\"",
"target:healthcare",
"misp-galaxy:country=\"north korea\"",
"dnc:malware-type=\"Ransomware\"",
"enisa:nefarious-activity-abuse=\"ransomware\"",
"ecsirt:malicious-code=\"ransomware\"",
"malware_classification:malware-category=\"Ransomware\"",
"veris:action:malware:variety=\"Ransomware\"",
"Ransomware",
"ms-caro-malware:malware-type=\"Ransom\"",
"ms-caro-malware-full:malware-type=\"Ransom\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c7166501-5bd1-45d8-97e3-4634136c5457",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:42:19.000Z",
"modified": "2022-07-11T09:42:19.000Z",
"pattern": "[file:hashes.MD5 = '4118d9adce7350c3eedeb056a3335346']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:42:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9a2762d3-7826-4a8b-a1ea-39cd309a596a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:42:19.000Z",
"modified": "2022-07-11T09:42:19.000Z",
"pattern": "[file:hashes.MD5 = '9b0e7c460a80f740d455a7521f0eada1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:42:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e5748b36-87ab-4cf8-a6ad-9bc041f0581f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:42:19.000Z",
"modified": "2022-07-11T09:42:19.000Z",
"pattern": "[file:hashes.MD5 = 'fda3a19afa85912f6dc8452675245d6b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:42:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6a01d26b-6d7a-4000-8a1a-67d923c04e69",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:42:19.000Z",
"modified": "2022-07-11T09:42:19.000Z",
"pattern": "[file:hashes.MD5 = '2d02f5499d35a8dffb4c8bc0b7fec5c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:42:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--138f9eeb-2858-4dff-84e9-bf9d7589b72e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:42:19.000Z",
"modified": "2022-07-11T09:42:19.000Z",
"pattern": "[file:hashes.MD5 = 'c50b839f2fc3ce5a385b9ae1c05def3a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:42:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c3284cf6-25c7-4f2b-881d-bce199505b0f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:42:19.000Z",
"modified": "2022-07-11T09:42:19.000Z",
"pattern": "[file:hashes.MD5 = 'a452a5f693036320b580d28ee55ae2a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:42:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--857759e8-3c07-4b70-aade-5fe7b5da8460",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:42:19.000Z",
"modified": "2022-07-11T09:42:19.000Z",
"pattern": "[file:hashes.MD5 = 'a6e1efd70a077be032f052bb75544358']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:42:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ef68bbc5-3aaa-40bc-ae02-a2e7d95feb5e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:42:19.000Z",
"modified": "2022-07-11T09:42:19.000Z",
"pattern": "[file:hashes.MD5 = '802e7d6e80d7a60e17f9ffbd62fcbbeb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:42:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f6ae8d8a-5704-46f9-b403-a314c8096c23",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:43:09.000Z",
"modified": "2022-07-11T09:43:09.000Z",
"pattern": "[file:hashes.SHA256 = '5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ce8554b9-1602-4476-bbc3-7869be2a91b5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:43:09.000Z",
"modified": "2022-07-11T09:43:09.000Z",
"pattern": "[file:hashes.SHA256 = '45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--22449f76-157d-41ae-b5a5-f9b36266e279",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:43:09.000Z",
"modified": "2022-07-11T09:43:09.000Z",
"pattern": "[file:hashes.SHA256 = '56925a1f7d853d814f80e98a1c4890b0a6a84c83a8eded34c585c98b2df6ab19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2536c3ce-4061-4f9c-b9c4-c06d6ecd0db3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:43:09.000Z",
"modified": "2022-07-11T09:43:09.000Z",
"pattern": "[file:hashes.SHA256 = '830207029d83fd46a4a89cd623103ba2321b866428aa04360376e6a390063570']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2d0749f9-0913-4c9d-93f2-bcc69cb513b2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:43:09.000Z",
"modified": "2022-07-11T09:43:09.000Z",
"pattern": "[file:hashes.SHA256 = '458d258005f39d72ce47c111a7d17e8c52fe5fc7dd98575771640d9009385456']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cec55dab-f351-4c61-a998-0f8b8c3f9851",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:43:09.000Z",
"modified": "2022-07-11T09:43:09.000Z",
"pattern": "[file:hashes.SHA256 = '99b0056b7cc2e305d4ccb0ac0a8a270d3fceb21ef6fc2eb13521a930cea8bd9f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--15fa7f34-5106-4671-b4c5-9073137ed92f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:43:09.000Z",
"modified": "2022-07-11T09:43:09.000Z",
"pattern": "[file:hashes.SHA256 = '3b9fe1713f638f85f20ea56fd09d20a96cd6d288732b04b073248b56cdaef878']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--34fea72d-0bcb-4fa1-9a16-07d70d376fcb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:43:09.000Z",
"modified": "2022-07-11T09:43:09.000Z",
"pattern": "[file:hashes.SHA256 = '87bdb1de1dd6b0b75879d8b8aef80b562ec4fad365d7abbc629bcfc1d386afa6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:43:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6120480d-1d15-409f-a867-61d92d89b55f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:10:34.000Z",
"modified": "2022-07-08T12:10:34.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://www.cisa.gov/uscert/ncas/alerts/aa22-187a",
"category": "External analysis",
"uuid": "657d3f21-21f8-4bce-bc86-8b72118215f2"
},
{
"type": "link",
"object_relation": "link",
"value": "https://www.cisa.gov/uscert/sites/default/files/publications/aa22-187a-north-korean%20state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf",
"category": "External analysis",
"uuid": "ed55e806-c3aa-4398-834c-c057dc09cafd"
},
{
"type": "text",
"object_relation": "summary",
"value": "Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH Sector organizations. North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services\u2014including electronic health records services, diagnostics services, imaging services, and intranet services. In some cases, these incidents disrupted the services provided by the targeted HPH Sector organizations for prolonged periods. The initial access vector(s) for these incidents is unknown.",
"category": "Other",
"uuid": "ce969de8-fc66-49a3-9b63-cde9861cdc2d"
},
{
"type": "text",
"object_relation": "type",
"value": "Alert",
"category": "Other",
"uuid": "65182fe5-d52b-4ebd-ba23-bf6e2b3f0ffa"
},
{
"type": "attachment",
"object_relation": "report-file",
"value": "aa22-187a-north-korean state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf",
"category": "External analysis",
"uuid": "0dd6ed29-bb62-4b6d-ba10-afcce02978ff",
"data": "JVBERi0xLjYNJeLjz9MNCjQ0OSAwIG9iag08PC9MaW5lYXJpemVkIDEvTCA1NjY4NDUvTyA0NTEvRSAzNDAzNzAvTiA3L1QgNTY2MzQ4L0ggWyA1NjcgNDIzXT4+DWVuZG9iag0gICAgICAgICAgICAgDQo0ODUgMCBvYmoNPDwvRGVjb2RlUGFybXM8PC9Db2x1bW5zIDUvUHJlZGljdG9yIDEyPj4vRmlsdGVyL0ZsYXRlRGVjb2RlL0lEWzwxNEYyMzRCOEI2QUUwNjRCOTAxRDBBQTZBMEM0N0M3OT48RDExNjA5Qzc1OTM1Njg0MzhEQjgwMDIyREE4NUIyNjE+XS9JbmRleFs0NDkgNjVdL0luZm8gNDQ4IDAgUi9MZW5ndGggMTU5L1ByZXYgNTY2MzQ5L1Jvb3QgNDUwIDAgUi9TaXplIDUxNC9UeXBlL1hSZWYvV1sxIDMgMV0+PnN0cmVhbQ0KaN5iYmRgEGBgYmBgPgciGVeASKYnIJL9CpidBSJZu0EkCz9YRBLM/gZmXwbr6gSzz4DF3cHqt4DZGmDyP4i0WQ5mswFJxlXcILbOWRBZUQ4ilZaCxLV/g9hpP8Gm6YNIjyowOwlEyvaB2TlAkklBAWxaGYjUnAEiOb1AZI8ZiOQSB5J/TIB6GRkYA0AiQDcOUvI/A2PxM4AAAwDFRhq9DQplbmRzdHJlYW0NZW5kb2JqDXN0YXJ0eHJlZg0KMA0KJSVFT0YNCiAgICAgIA0KNTEzIDAgb2JqDTw8L0MgMzU4L0ZpbHRlci9GbGF0ZURlY29kZS9JIDM4MC9MZW5ndGggMzI4L08gMzQyL1MgMjIwPj5zdHJlYW0NCmjeYmBgYGZgYLrPwMrAIHKFQZgBAYSBYmwMLAwcP1oMGxgWszMu2iC8j43NQSWHQbOBgSFlpuXRB3DFLIpHFWYtmvJygqvKlUkGTjJBWTOeCHo6ABlay4LSLFmCfD1fTBBolVuVqqbZN69F0MtVGahlVZTnjJcvHEWWBAi0i3StBLMnMygbV3R0MDAIKYUDaSBDsBzMVUsHcRsYGAXNgAJgCZVyiIgLiMZwIRDIMrBt8AbSSkCsDRYJYRBkOMG4gMHpgHOB7A12EXYXxnqGWQ1xDHUJbgxyC/jWlC1j3hRyu+ueP0uSqGCo5bQpzNs81Bja2f0alAX/HFAUWCgg+Kb7EcvDmYIMxkduCW6MYC5zmMXAwO7fYMaQqQAPEDUGjpzJQJoRGLongLQ6A0d+NCiggI4ShavSZeBYcAOiivEcQIABAMxAZYQNCmVuZHN0cmVhbQ1lbmRvYmoNNDUwIDAgb2JqDTw8L0xhbmco/v8ARQBOAC0AVQBTKS9NYXJrSW5mbzw8L01hcmtlZCB0cnVlPj4vTWV0YWRhdGEgNDMgMCBSL091dGxpbmVzIDc0IDAgUi9QYWdlTGF5b3V0L09uZUNvbHVtbi9QYWdlcyA0NDcgMCBSL1N0cnVjdFRyZWVSb290IDk5IDAgUi9UeXBlL0NhdGFsb2c+Pg1lbmRvYmoNNDUxIDAgb2JqDTw8L0Fubm90cyA0ODYgMCBSL0NvbnRlbnRzWzQ1NCAwIFIgNDU1IDAgUiA0NTcgMCBSIDQ2MSAwIFIgNDYyIDAgUiA0NjMgMCBSIDQ2NCAwIFIgNDY2IDAgUl0vQ3JvcEJveFswLjAgMC4wIDYxMi4wIDc5Mi4wXS9Hcm91cCA1MTIgMCBSL01lZGlhQm94WzAuMCAwLjAgNjEyLjAgNzkyLjBdL1BhcmVudCA0NDcgMCBSL1Jlc291cmNlczw8L0V4dEdTdGF0ZTw8L0dTMCA0OTEgMCBSPj4vRm9udDw8L1RUMCA0OTMgMCBSL1RUMSA0OTUgMCBSL1RUMiA0OTcgMCBSL1RUMyA0OTkgMCBSL1RUNCA1MDEgMCBSL1RUNSA1MDMgMCBSL1RUNiA1MDUgMCBSL1RUNyA1MDcgMCBSPj4vUHJvY1NldFsvUERGL1RleHQvSW1hZ2VDXS9YT2JqZWN0PDwvSW0wIDQ2NSAwIFIvSW0xIDQ3OCAwIFIvSW0yIDQ4MCAwIFIvSW0zIDQ4MiAwIFIvSW00IDQ4NCAwIFI+Pj4+L1JvdGF0ZSAwL1N0cnVjdFBhcmVudHMgMC9UYWJzL1MvVHlwZS9QYWdlPj4NZW5kb2JqDTQ1MiAwIG9iag08PC9GaWx0ZXIvRmxhdGVEZWNvZGUvRmlyc3QgMjMyL0xlbmd0aCAxNjQ5L04gMjcvVHlwZS9PYmpTdG0+PnN0cmVhbQ0KaN60mFtT2zoQgP+KHtvpEOsuq9NhmnArPdBSwm1geHCDCx6CnXFMW/792ZXsJDaJg3PmjEeRLO1Kq+jblWQZakKJDA2RFrKQMIOvlnDLoArKDBKUFUcRTjQXkAsSKgm5JEzYEAqKMC00FDThTCooGMIF6kMz16AoLXbKLVGUEiGMgQIjQgsBBWimmkIBOhdcQgF6N1RBAfvSGgqQRIg1oKklh0JIlG+yRFMG1WCrpgpkGIMCWKkYWMzAsBucIiWnbo4+tz4HG10OPbpcuPrbT5+CvhsCXoLBEF6H8Jy9TOJgkOV3cR5cErq9Xb7cYCf0NvgSHAan8ai44dT2rIC/x0AOQwom4J0RZlkPTLkNhs8/C+zsKEkffbf9NM2K7e1yYLvxwLInDIflCHtuHUPbo9JUhqwdmNENB1a6B2vFOO8hHkyIHk4Cc2v5+mHZhsMa2bOKSQCpR2E03uMIpgEj7JpBD4fkVzSewjDHwbcsf4rGwU6fsB4Nvp+ULd9PjgkLhn1S5M9xMDyOpo8gmsa+r72/xcGwiIo4GEVOL5t4Pd//dBSnBWFU0mAnmnyJk/uHghimg93YN20JroL9cXQ/JYIH+1laDAbZ35strZVrI5yCq2AHt651P3pKxi/v+nkSjd/7mmQcg+toh7ar+RY9xcFpv3/97eSDEzw+c/XDIo+L0UM1Uay69BZJSoPDIhono356P44JDYZF/HRBwtDPEkXR4jyZFFkeXJUTUcy6aQ6iaYwizUH30lF2l6T3wWWS9tNpMnvfT/JpsfMQ5dWk5527AIMzOYpKEabYbBHPYA2cRWfZeZpAbzGRSjj5maEw2l3xML3hBh0XH6V0WRIQaTBhGduxjDkmlHpLmvfrHw1/PSbDuUvuHVg2IIfvrm/q5VA/hDGdLNRrt2w1rbJspZz1jPV+1PqcXKK0ZtmsjCNz7toxx1GbMxEu7tK5HvW2uD7L1O3BkaoyA3JvF93A2nC9F1i94AUKArrzAiaURf01TmB4wwl2z08qHrc84J19YYvx0hss7+gNS0ff0ClkwymkbnUK0+oUAvbH+aK1OUUNtTLRV+6w6BKMMrXSJ2jNIxY903sCXZCkzgdeM/Z/kv8fuL+tR3xWZ10tsG70Utbh7INteJpy/+Ja2GUd9h/nB3vXpyVug2x890bgzUrgGWxbnYhfbcIbqFfha+p1g3r4H1upV8upr+iuP2YhWHV95n6wCHHlB5iH7nBZehiUQaqBiNIrw+EMkfqhgIcekfJQAD2uORTYOiL9073jr1cL69MZjupkAOfpbmgsG3rDUBg2oOC8/Xyg150P1gXC+iliHgYrnddQrY57LsZBzdtPAcvhQ6nFHO3A8vysUMVFBLFqqVIJ5EwLy2bxDNTcupVcYBUsW2BVsGWsMjjGYRtgCnc50K+hup9H6eM4SclBVjwkIzLIssc6uWGd3OvDH4OL6w+VnlfbQrUNj7amnV+4v9T5bTFgI4z9HlPDWLZjHK7AWK3clJRPDhm4469Lc+kZaHBr1nANVwYQksZtj+Gsb2FkDUof75TGjwhqdeTkKCfxzg7XbMUBRuo/L8zsFpVk5WIoD9c7vOzLKmZL5sd4haqm61Gt7bycqwrVUKJ+N1SNrqO6d3jdh2PfElI8h53Pn29GVtWRXWvIhuA272e8/X5mTFdwX4PY1qY0YqiM3ngz96iH5W+FnWrEXkTV44gAC/wENYeRq0a85CshpGZZvORMuTaA0ArUb4XwOL5Lnp/qGLI6ht//udq9umiuvl
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d7942518-41c8-4d63-9981-2240d92984f1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:33:10.000Z",
"modified": "2022-07-11T09:33:10.000Z",
"pattern": "[file:hashes.SHA256 = '5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e' AND file:name = 'maui.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:33:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--404a83c0-700c-4cbb-8def-2bb802bc8723",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:40:00.000Z",
"modified": "2022-07-11T09:40:00.000Z",
"pattern": "[file:name = 'maui.evd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:40:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--29f55101-c92f-427f-a48c-f1b422acc352",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:40:07.000Z",
"modified": "2022-07-11T09:40:07.000Z",
"pattern": "[file:name = 'maui.log']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:40:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--926e1339-d22d-4de0-b77e-987842bd5cd2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:40:13.000Z",
"modified": "2022-07-11T09:40:13.000Z",
"pattern": "[file:name = 'aui.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:40:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b44ce2ec-2bed-4e6e-8277-fc5c2d9e8e04",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-11T09:40:19.000Z",
"modified": "2022-07-11T09:40:19.000Z",
"pattern": "[file:name = 'maui.key']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-11T09:40:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}