2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5e4b486e-9968-4af1-87dc-4ff4950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-28T02:34:40.000Z" ,
"modified" : "2020-02-28T02:34:40.000Z" ,
"name" : "wilbursecurity.com" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5e4b486e-9968-4af1-87dc-4ff4950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-28T02:34:40.000Z" ,
"modified" : "2020-02-28T02:34:40.000Z" ,
"name" : "Trickbot and AdFind Recon" ,
"published" : "2020-02-28T02:36:18Z" ,
"object_refs" : [
"indicator--5e4b4dfe-0ce8-4566-8a57-4131950d210f" ,
"observed-data--5e4b4e18-84d4-4868-bee8-40a9950d210f" ,
"url--5e4b4e18-84d4-4868-bee8-40a9950d210f" ,
"observed-data--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f" ,
"network-traffic--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f" ,
"ipv4-addr--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f" ,
"indicator--5e4b4f62-a104-444e-b2f8-440a950d210f" ,
"observed-data--5e4b52bb-7008-4580-85a5-499c950d210f" ,
"url--5e4b52bb-7008-4580-85a5-499c950d210f" ,
"indicator--5e4dde50-4068-4086-a0b5-48d6950d210f" ,
"indicator--5e4dde50-c9ac-4244-a140-4992950d210f" ,
"indicator--5e4dde50-2228-4a95-a45a-4bc4950d210f" ,
"indicator--5e4dde50-460c-454a-84e6-4613950d210f" ,
"indicator--5e4dde50-16bc-4b12-9577-4f30950d210f" ,
"indicator--5e4dde50-95c8-4fc5-bf9d-4688950d210f" ,
"indicator--5e4b48bd-3bc8-44fd-b151-4c63950d210f" ,
"indicator--5e4b48d0-666c-4b87-b405-4428950d210f" ,
"indicator--5e4b48e7-14dc-4faf-aea6-4a6f950d210f" ,
"indicator--5e4b4906-c264-4880-8c75-4c2a950d210f" ,
"indicator--5e4b4960-5bbc-4e05-aee6-4127950d210f" ,
"indicator--5e4b4971-e698-46cc-81fc-418b950d210f" ,
"indicator--5e4b49a2-40d8-4a64-93de-440d950d210f"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"Banker: TrickBot"
] ,
"object_marking_refs" : [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4b4dfe-0ce8-4566-8a57-4131950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-18T02:38:34.000Z" ,
"modified" : "2020-02-18T02:38:34.000Z" ,
"description" : "enter.exe which loads Trickbot" ,
"pattern" : "[url:value = 'http://support-it.online/upl/data/enter.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-18T02:38:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e4b4e18-84d4-4868-bee8-40a9950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-18T02:38:16.000Z" ,
"modified" : "2020-02-18T02:38:16.000Z" ,
"first_observed" : "2020-02-18T02:38:16Z" ,
"last_observed" : "2020-02-18T02:38:16Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5e4b4e18-84d4-4868-bee8-40a9950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5e4b4e18-84d4-4868-bee8-40a9950d210f" ,
"value" : "https://app.any.run/tasks/dc8771c7-04fd-47f5-b273-c8d433862c2e/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-18T02:41:29.000Z" ,
"modified" : "2020-02-18T02:41:29.000Z" ,
"first_observed" : "2020-02-18T02:41:29Z" ,
"last_observed" : "2020-02-18T02:41:29Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f" ,
"ipv4-addr--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f" ,
"src_ref" : "ipv4-addr--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f" ,
"value" : "216.170.123.19"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4b4f62-a104-444e-b2f8-440a950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-18T02:43:46.000Z" ,
"modified" : "2020-02-18T02:43:46.000Z" ,
"description" : "Trickbot C2" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.133.145.31']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-18T02:43:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e4b52bb-7008-4580-85a5-499c950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-18T02:58:03.000Z" ,
"modified" : "2020-02-18T02:58:03.000Z" ,
"first_observed" : "2020-02-18T02:58:03Z" ,
"last_observed" : "2020-02-18T02:58:03Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5e4b52bb-7008-4580-85a5-499c950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5e4b52bb-7008-4580-85a5-499c950d210f" ,
"value" : "https://www.wilbursecurity.com/2020/02/trickbot-and-adfind-recon/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4dde50-4068-4086-a0b5-48d6950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-20T01:18:56.000Z" ,
"modified" : "2020-02-20T01:18:56.000Z" ,
"pattern" : "[url:value = 'http://support-it.online/upl/data/socks.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-20T01:18:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4dde50-c9ac-4244-a140-4992950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-20T01:18:27.000Z" ,
"modified" : "2020-02-20T01:18:27.000Z" ,
"pattern" : "[url:value = 'http://support-it.online/upl/data/addUser.bat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-20T01:18:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4dde50-2228-4a95-a45a-4bc4950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-20T01:18:32.000Z" ,
"modified" : "2020-02-20T01:18:32.000Z" ,
"pattern" : "[url:value = 'http://support-it.online/upl/data/adf.bat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-20T01:18:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4dde50-460c-454a-84e6-4613950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-20T01:19:26.000Z" ,
"modified" : "2020-02-20T01:19:26.000Z" ,
"pattern" : "[url:value = 'http://support-it.online/upl/data/AdFind.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-20T01:19:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4dde50-16bc-4b12-9577-4f30950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-20T01:18:41.000Z" ,
"modified" : "2020-02-20T01:18:41.000Z" ,
"pattern" : "[url:value = 'http://support-it.online/upl/data/test_64.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-20T01:18:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4dde50-95c8-4fc5-bf9d-4688950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-20T01:18:45.000Z" ,
"modified" : "2020-02-20T01:18:45.000Z" ,
"pattern" : "[url:value = 'http://support-it.online/upl/data/test_32.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-20T01:18:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4b48bd-3bc8-44fd-b151-4c63950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-18T02:15:25.000Z" ,
"modified" : "2020-02-18T02:15:25.000Z" ,
"description" : "socks.exe" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 9 e f b 4 a 465942 d c 0 94 a 5 a 57e055 f d 608 a ' A N D f i l e : h a s h e s . S H A 1 = ' e 1348386 d a 5 a f 1903766352 d 4 a 224 d 859933e941 ' A N D f i l e : h a s h e s . S H A 256 = ' c 93 a 357 e a 1772 e b 376 e c 4528 d 7 a 6 b f 8 c f a c 31 d 9 b 9 b 4 f c 5455 d b c 369 d 6 b d e 3583 ' A N D f i l e : n a m e = ' s o c k s . e x e ' A N D f i l e : s i z e = ' 139264 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A O 0 R U l D z 2 w j f l / g A A A A g A g A g A B w A O W V m Y j R h N D Y 1 O T Q y Z G M w O T R h N W E 1 N 2 U w N T V m Z D Y w O G F V V A k A A 71 I S 169 S E t e d X g L A A E E I Q A A A A Q h A A A A C m z I l I s e 136 X 83 f s x m q 9 Q u B a e G F L + H j o j C Y 9 x 2 J b P t W V c Z s 40 I w j c 7 I 7 R p M 3 T L d R B 4 K U I L Q b F f 5 G H X j 2 f Q / y y 1 E H g h l E s 8 e B p 2 D x R 2 l t w I N r U A h b Z n 8 q e O e A d 3 U G T + b H Q S G R / 6 D l 5 C Z o R G y 3 E X e t e a G K O f N u o T W U N H r s o Q 0 9 O L O H T j s 5 T 0 m o x Y j J F d V + W p A e z 36 z 9 A R F J n k K G o x a A k p p 4 d f H D 3 C n 7 c P b W w 507 e p L I b k a s r I 3 a f 7 b E Q x D j 7 r y U J v 7 h g I 2 z D A L D W n O I V W I M y H q L D M 0 r N Y + N S H L + t i 2 s H / x V P 5 i + G a b w j i E B J z 0 37 g 3 a Q O R Y c a l 1 D m 0 i 77 B W E y K H b F q L g u l n / S Z c k h R p A w S / S r L O d e i Z S m a m w Y V L K 1 q W C x J Q g / K I e G Q g J L b p w J c Y c w y 62 g r d M K q 8 D e M T V 4 O L v 6 B q 2 Q 1 M a d c 5 N j W A K k W 46 P 2 i U F N C 9 t h i Y n k b K h 4 e p l H 4 p V v i w z + F k / Q 3 i f A S F y M o q Z 50 s j i k 4 P o 9 Y r m 2 H y 2 / Y c 4 M I I r I o m l q h J 18 G B Z I H R w u C r V U L y 0 p Q o G O D 9 d g H y D 4 Z 4 x u Q l 5 + D G j j T f 7 H k H s 7 g n 1 z h 3 c H 3 q h w / y 7602 R H x f n X u u e P 5 g 5 + f R P J h f e I O Y 4 Y 30 / p N U 0 m I f e B j 3 e D K y y T o m 1 N D Q 5 R D p 78 r 9 F / Q D X j t i r w h k h f V P w K 0 M 3 n m p k p b 2 L D 60 e r 0 Y k + v + x a 6 R V n E N N B A H a C m 2 x i x p R l P J 21 r A S U F 1 Y B 1 o g N 53 U 0 W h D O b x 8 h Y P / M B T G F d V Z u P J w o U r j K i d h V V i / 6 M s F 13e3 v 1 T W L 4 f h a c / j N Z R F T E J h B h 50 w 9 z 2 / t 2 H n 7 g O c c w g g 92 D 9 D 5 b t E X v 7 / o r a 2 Y r + y 2 u 20 X a v t Q s f R r I 5 o G 4 Z D + O T 6 a f H s W V L e u F / H Q a n K O j s T q r b d s N c C 6 a i u g x J A w P 6 + M Y G Y 6 H 9 + u 1 K R 8 T E b k K E Q B / K k v V / r c w L d T 0 X X g 0 y i 7 x B G J H P w 2 u 3 x o L h D Q a A M C u F 3 F X Q 6 e f o I H 5 k Y 5 M E / f w I q D Z i W 1 u H 0 O Y 46 I T z n q 1 l G 5 N 1 h Z + / L u Q 9 + 1 D 4 r u I a i 6 O 2 v f P w W D S D B 35 J r u v o C D G J I R O W + + 1 x s i x Q c f D H A v z E z 0 K t P A c T w g B v 7 K T u i W U K V d 9 U A W c r k P e V H / 0 8 V Z A A O k Z 1 K U / t 1 J 4 Y 1 g 9 F C u s g i H L w R / L b L A y x B U 9 z m R l p L f j 1 i F R T h M L K s 8 J 1 D 2 i v c E w t n Q L U m O Y z E V a J + 5 a E t 1 E F r W / H N A T c K 9 X 4 q d a P v r W j d Y w W + 2 z O y g s l k p W j S t h k k 31 + S x A I t Q R b B 0 6 m a j T U z N M M 14 Z E F / d T h G J s C L O R 1 r s u U P h k N 67 h 1 K r k x w Q a 58 m C v D M 1 V e 6 s L + u D g C k l v L 1 E j K Z S t 63831 N k n 4 + v 9 f E G 18 A O v z g r q X S 4 Q 0 N L / B F A P c P I S g c o 8 g 858 G 6 q 3 k Z 5 Q 2 A L I N x O M k 7 N 9 q d A G w 8 H k u Z U V R y b U 8 H h D 8 J d p C S V y 2 z M E 9 y 5 m W E S s + 8 D m A Q J o K k y l i l d v 50 y l R 2 / 7 U Q h 5 k x l I c a q R p h Y D A V O A a x 7 G u y x x X w C F w W W 1 Z u H 5 Z I z P Z d T D H E + D D Q H Q H y z t S o r 5 W H g x Y d 89 o V y 9 q l t p Y Q r S 4 C G c U w n U d 4 N 8 g n d k q o f r g l r 507 W Y X Z 1 R g h u / W G k H N H p s Y l s F e V I 8 s x u e 6 M K / R G + 3 E a i W J h 8 Y P f C w v x q w c + 8 C U X m K G t 6 i I t I Z j N + x G H 6 w s e U i h V u v h X i 0 2 T P r 0 8 E y m u 78 U N k D b 4 V I 5 v Y d w 4 J f c k s w 8 I B h s v K c Z Y 0 W N c J + B V / T O t O j V / i b q l i B L B + M G e m y k m W g A h h j b H u g D m z k s 41 L B O 5 m a E A Z 1 w P J x H H z X r N k s J a R + G k z j z k h Q S y L M 0 b V X X k e Q M A d s 3 a 4 W R y y f I U r g a / c z 8 I u o H L e A i W I 1 a m K L 2 b N K K X w e S w k T u U R c s k p w I 3 Q i / k w e y K s 7 r 4 M M I Y H z 6 R s Q 29 a f 0 z Y g 2 n f J W 0 / D + o t Y y J X J 7 S v f U E / t 3 A r / R W O 0 J w K C F 50 F 4 k h x 1 m P P Y j t C r z X e a s 2 w r N H U L N o f P x S x G e y + Z 0 d l U P p s 6 J b m C f T G j t d 3 R f 2 h E r 4 v e 2 S n a v D n u m m U G J i q a b S g u b g m y E 983 e N t P y K k G S z C K B a O o q G a / F l W F C 7 o 0 f C R f / M l G 8 h 9 f / k N k h p H S 8 C J / z V 9 a A A z G z M X V i j J C z w Q Y / N j 1 / q / w 6 F Q K c q z J a 9 + O K g o K q l 7 B 7 C C Z l M O M 2 c z s p p + P 1 W c j p M x Y w h u p 7 l w y Y s e F 2 I 4 j k S 9 u + O p R + 8 P b m e q E V i T 7 J c v j j b b e x v v x I 1 j n c H F q H N i N N s q G H 33 T Z d k X g O Y m s K T S 676 y 4 w a f H j s 1 Y 20168 d V h 3 E W T i + X f 9 t L M s b t r i G P w g K m F q F N d m b l 5 J z L 3 D F l C Z b f y W r x D t 5 C 9 s u t H X t F N n 1 T F h K Y w e F R x c b Z 8 v z d 58 + N 3 R b E p Z V S n U G + s x u b M 6 U c S 0 + 2 u v 9 e S i 3 K L T 8 o z 7 c T a R T Z + k E c y L 9 r Y C z F t I c S C 2 C T m r u d + Q u D t s 3 w K N V z U E V n L a q U t x T 8 N h M i 8 u w w N b 1 V y 6 j q C b n q n s r d / w + w o 4 k Z V y u i R 5 M q M F o / F l O Y c 4 v s G x k L q a x d l b x n I x 44 A w l l K M H 6 R 0 R x s j l P h + H T 5 N F x p I G 9 N p Q f E c M 1 a G P U j + T J T K t 5 L r f l Q p b 96 F R F Z Z F b U B H E Z u X 39 h 9 m z a B p N w 8 d T v e e j 7 k H E i 1 m / F w Q g + I O 9 Y D 2 u + U f 8 m c O 6 y 77 v F R d G 0 7 P R Z D o o m i q 9 n 8 W + 7 / b Z p A s W 6 q Q H e f x I R 3 x f U o n v J K n p L 1 J p R M R v 0 S L U Z f 0 a 3 q 8 r h H 5 y e u b J 8 i 0 9 y m Q H h W j f K T K + A W S d f A + 0 n / T I 5 a f V E b J N C l P 1 R a b 3 d T n 5 h 3 n r B n + 5 c f d P K f Q M l 6 E z z G 8 s P x O v J w 7 N o N 0 j V E c V x 6 x u a X h B b y r d 3 H g p D E V i 6 G L r V Q K p E 11 / i W C 4 Z w 6 j g 9 h l M S t t q A p 24 E c o P Y r N b P 8 / P z n t 9 l t 4 + H G V m f 3 C a A x e A l b C E t y V a f x f F P R o h B 4 S 7 F f x T T M q M Q a 5 z j 70 p W j u 7 r Z h p + W B U E 4 S 321 p t V a 4 I K J + K / 5 K 5 v o x 1 / Y t g Q 4 E f D d s b R S R x w q V U H V U 72 F 9 R n A 99 B 6 l S V Y f / H E L D i y y n 9 K p I g 53 s m B e U I Y X V J 1 H H 1 H o 2 O v Z n F o J V 7 U A H + o + 8 r Y R 7 I 3 + d R q H v v w c / X o U v u N + 3 H P k w 1 I c m m E Y 4 t 7 E E s T 3 n d d S a v 8 f w f 1 l U b Y g f S N / b W c 2 w C U 2 o L X 4 D B J 9 W W w f T Z o P h X z u / D l + c 3 R K 4 W / d r F N G 4 b b w B k 569 b L f q l w 1 m 4 I O W K y C G 7 A 1 m a v K Q f H d 435 U S J p t I L J v B c P 9 U W O i 332 C G 5 M E P N b W j M n k Q P U Y C r / x C J f w h v m J / n J 203 / N g 27 o W G Q t H x 4 w c T 51 Q 4 k W M 7 y O p Q T I n j K U D Q N D W H T F e L e u 2 C Y Z 7 x j d l J c a 0 2 b 88 U 4 B e Q 2 e L R Z f C Q j W p + s s E s b e I w 7 P K w + 8 S Z 2 l m 82 V M i c Q k R c 8 / 4 + 0 G B C Y T q 6 Q x H G 8 J X C P N A 8 a 6 w g l u 3 l j W F u g j W 1 d g B h A y D S u W d v E e A V D e k E H i U U y N I f 4 + l v l s 9 K w g h L T m M n G Y 898 b D 22 e H n 7 j 0 C b R k L I C s E H 8 r R + z W q K 1 H H P D z d d f 8 / j Q k J F I K G L k w S U Q y Z 6 g 0 K E / n + x o e h / r p u 9 u E w 7 O 8 i P i x n U y t f I 2 X W 9 + y l w T M B 2 i A N + M c J / R C f S j 0 8 q t s k r B Q z w 7 x L s i U m I 9560 D 31 i k v X 19 f l d 18 H P D j A c v 1 c g D Z 0 V x J L v z g p e v / v F M u E H 6 F j F H L 5 T c 3 e J + e P a R B K R 9 D A P V n X V h q t 4 s 3 D 6 s + c O j I G r R s t z X x 73 Q T e j R T 6 q F s j u 6 / w 7
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-18T02:15:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4b48d0-666c-4b87-b405-4428950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-18T02:15:44.000Z" ,
"modified" : "2020-02-18T02:15:44.000Z" ,
"description" : "test_32.exe" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 538 a 9 f 7e97 c 6 b 0 2e3 e c f c 9 f 831 c e 600 b ' A N D f i l e : h a s h e s . S H A 1 = ' 3 a 5 d 3069e607 b 2 d a 534964e8 b 6 c e b 698357 e b b a 6 ' A N D f i l e : h a s h e s . S H A 256 = ' 5 c 9 b 25611 b 59 d 453 b 9 b 1 a e 2e88 f f d 83 a 87 a 4546 e a 7e6 b 61 b f 4e079701 e e 729 b 2 ' A N D f i l e : n a m e = ' t e s t _ 32 . e x e ' A N D f i l e : s i z e = ' 122880 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P Y R U l A 6 L m g y W b I A A A D g A Q A g A B w A N T M 4 Y T l m N 2 U 5 N 2 M 2 Y j A y Z T N l Y 2 Z j O W Y 4 M z F j Z T Y w M G J V V A k A A 9 B I S 17 Q S E t e d X g L A A E E I Q A A A A Q h A A A A 97 f J h S J E v m + + m O i O w O x D / D X U I N 7 S H p E + p 8 C g Z r o 9 A o 8 I E y R H s a 5 U o S t 7 G w U c A E 6 S I 2 H a O B y V 6 w 1 o r X k H k J Y I a Q 4 d y 9 x T n a G r 8 T U v R M a p G N o q 8 S c H L i Y M T I u i 2 X p 4 Q r 3e7 e H E s T M k z / Y f / 1 t r 8 D M U 0 l Z o j F v c / H F 1 p M f r 1 T e T w o 8 f C k R 1 G J 5 w c c p W l R O 7 m I Q o M f + e C Z T D v v / C 93 u s n C E i p Q A m l + u T e A 3 N N 9 V V 5 n W I R z + e l U x J p e M 8 u z r 5 F F q f h 7 g r g 1 d L L 2 g b I d 7 O 79 V K Z k e h t v 634 g m n B 6 h F k o + G l 7 I 2 v 3 V e 0 Y u 5 F 7 P J p / u X z U f g T i V D M K 7 N 1 V V K O H n 0 m 3 Z h C V V Y r T 3 q r Q Z V V b a j 6 S F y / K z S R W g R + 1 j D A L l + 3 Z w t 7 l C d e P m O 7 g C b J c J v h 4 j V + I H x O E T E l 0 h n D 2 C h C + e s 41 E D + L G O 0 L 70 a + 7 p t h o o N n k T / o h G Y r i z u B 46 N L H t X 6 N c J s b a B G 9 + V R a U r p M O 7 S N n 8 u S d G b T X 65 q E r u 7 K n X q y l 0 p t d f Z b D 4 f a W F H 9 H b D d m z 3 m v T h N u l S i F q c j i 5 / w D 5 Y m K w 1 p r 0 J i D m R z y q j h u H 0 Z r y U 24 X P i 3 j q F 2 + A R F n y i J 2 d + x D F D A Q h h e P k n F f t D 7 Q H H 8 C l G y i g Z I x M N V a Z Z 4 O 9 B N b q N v 8 W R U v 5 o f B I o 0 H b N d x o y w t c + 2 g T X b v k V r X P r f 15 C N 4 U F C Q 3 O C O O b c + 0 S f E 2 W Y I n y H S x p q X z 7 y E E 6 E W + Z n t A n c + 6 o B w O 9 t U m f / K / G t l i H + 23 + S c w l 6 n A o 2 C c H J I B m T t s q 72 n b 0 u a X z z n F 3 F r s P c 8 c s d s Z j o 93 + p G i a T u 9 Y s O p y 9 Y L x H f I E r V + 8 g N m 3 n F I H w W K u G Z r W f z b q B 0 i T 72 z N S p c X i E / M L 3 v a U c m l v / 4 Q s t I Y r t L b I 6 E Z D w O y C f M I L 4 a C j a Z x Q w w s z A A U b q R M + Y c S S R D x t M A m t z D L 5 X 9 i B P L 5 + L Y / W u A b f r d g X F P z 4 + K V I w O R X 7 N N m M A / c / Y G N 3 Z y 8 P A i 0 i f s Z / + g X x h 8 z 6 c t v U 7 h d W Z E k v X 0 2 B i s k / j f T Y W K m H m k e U C U s S F H F P 81 K Q A e K i n j h A T 7 J v E a N F P D D 9 u G j 9 k c w q w //ACTsOQtHEmtCrPbNp6FaJBvyymMvU1y+1EAzMi0nKRjvz55A0eaXVmyh8vPNnwcMMa5dV6s/vHhZT4vovJBpEkspLCopTdj8j58WzNjklPDsqObXzVQ6PlvxfZPEAwufDX8o/w6Rkb+i/9CUyy4gV+kYUKKzhsEEASjDepCedEbQpcRfmAjf58776ky/vUdXw/WOf6T/L0hfZ3zzornAyLbldUznVBOcCjNbmnVweYgu2isu/E1txcrdp9jC6Pn78vKS5bh9MMA0jEDk5S6rNbY+KsDES+qRORT+uHi3b7kJqvzKSwAzdovXdnh3IDSW4/7WiS0kjPKE+IaXqf8rhHSgxBEAb1k+hiKSK3R++2I0aLmpktuJ3ouVGEKQwhia8mCNUXQ2Dq5obPnOP0yh9bzNqPzbWrIgcJ+3ZOtaQpG7nStJKsVN/oRQ33Qge5QeMRtA4ggiwfUbHTXVJxXNvbJbZzTQyI7VJcHYJwQbXncMRDxUAepD3EL0FGTTZ12vKc5XOPBWpeTzd06xHIqAHWWVoD4eEkpCwd5FRYzpNihmr1mZvEanuOU0uOZgJxCRKLKvib7ihxKU3AgZCWWhcxMxQHgFHBq30XRkwyU/i9nldHcMlaEFs80yxel1PlEgOavJTtBzFeJw3TPOb+nMOQgFumA5TqWWn8PMR+VbSrbdlr2eXA4lJ18FmF3AcNHeGxfvn9vgMQwoYqSB/s2L/zLGxNxGIAfhOclRrEkCy1oA7t46kLMcS0w/5OsSwUhx/FPTAdA8aHXOISLbnBEleZe/o4e1VQG8Uu7eUOXIAhnQI9NsTK0Z/Qbs1MAhdGk3ZJ0CLlPFVz/pf66Ebe5qdXeG6BBEIhM0Y9FZi6R/vuksbfcMSauPRxIGJajau5SKfDiirmEWPEQNFo20l1U9g0PruZe9eAh+S9xr07bu/0y1bsHIus1FVJ5VyOOtOA6qlDr8to46skGkSAbI9XbyLvrKDmpm2yAbVa9xO7DuINfiDfLcgl7NDp5jtheZQJr+0kSUVKnsXXZD12/zgekTHtfB4UPjPdUBrKotALb/dmnwWZ/x8/dQ6sqFWcBBjubq5K1jDa04tjGEMyeTLYRckLGUKKqVKRW/xop4/RKypZLRSFxbX5LGXom24Y91Sf6P6Bmt6MMp2ZyCyPZ9Ap9P1Q6OOMx7RDj9bL9fE5DuoD+DAUZQmKvAT7cI5Tb5SfZpsGH4z2f0BdqlDNX9EFLKMZvPJ2Az3kVPqXZdrSQPGlwJaEadBgHIv4qtvhEsr68zQzRaESsrCybRxovSXul4tFl4z1ytNq8u2JkQGELmhvsZn6+AA1mQ18LPsxUoPhe1Gwi1q0Ul+15r09KiVHBs7KnbFLRcbBA+vQL28yGov1B0kkLmi/BRPNb9xHPU9AVcBoXXNwLmvFl+p+QyXVIEdN8ls19T3N6tUs2BNseFHAiup7DyW3u44C1qoKZ8ZTIjBM8c6zeusV9rTKKmcKEKhkyAbH7zUUs+JCu72NJUv7jh/K9nbznaoEuZL0PVy+6LnTJu2V0lZBUN837edUHEfamm9Iz8PpxytGHr4YxEcmUJ3c7yT405FPAF01+KVpTvEi53GWHmGJxQYlT1z7tfsKBK7ZFIqzrvnjhUoDkGEWHuln4oeFJOWYhJKoddBV/DeHBt5t4ezmg9ZbwW2E/9jz5WG3TfbYrCTq20yG0GYKjbz32xVyDO1zo/ZCNH3tsQ1RBQsoqLadkA5yWMOmlOBcWAIPCiS3mNAScUHrkDU+MSJCF0YrxGAfAZkXi6j9gF49wzbKLpp/wyXrTqkohfdSHG1xKPWVeUewwNU1NNYUMtnpS0NuVyO7P7G8RbaDKffSBRVSEPE6UZwND1f/7cGJFvJR1dq966g4l0/1BM3tQ7GaSigR73J+jtl5Lln85vO2VchF3/5djfv7bBD2TWCOr+pFOcW4iIJ1Q0URfnKyrBTPbKHURIrbV9s/eP6msornngKaKK1RqDrK/rz7uG+j8vM9paIdPFEVYrUpAkzd6WN28KepAvv0wlEn2gPlKyWKpZ20sVkYP1kdChVKAXYEBzzmOzwQHN0mNEWbcFQSrFY3pu67Mtpq8aQgN74rGqopfwWkQUUOzwwRtTjnUUIVskCCcO+MSgxWRNjBJQCk5GuQEJyupY7/b1YuSWWmhHLRc5bplMKhSypkGCmNrEf+sWCp0emaLqaCjSgHEFYxprYnWkbxs4KWEI8C9z17aKwVbqKDAljC2+FEwL1uZXZYl7GrYN6urt51aRz+2OsZ+y0cGjuqApCU/iHt1MzH995mZvquVmuiCeB8S9GYjitDseEjScSfxSWnL9TGuAyz5Zz5zLI//b4re8QXb10WCH6E11PBmsjZY0BjooCGnYhxEtUC+tkOQ4QAYKc+yP7msTp+ZLNqYzqInEecXa9pKq3TPlPZNobD4DykQ+xAOMXxzaxlb7S2R3Ma9v04I7Dls4MGhodvsvKtMHP5IabW2q/OgJtpHltcN36pTaSP80ws0vXTHHXge77+kwyeYxYwXMSsYLTMKH7bsgziTw1djzQt0c8eimjHmGJcEn9FWlUCpkpO0TS
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-18T02:15:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4b48e7-14dc-4faf-aea6-4a6f950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-18T02:16:07.000Z" ,
"modified" : "2020-02-18T02:16:07.000Z" ,
"description" : "Trickbot" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 3694432 f f 283 b 6 d 928 f c 9 d 97e18 d e e 92 ' A N D f i l e : h a s h e s . S H A 1 = ' 2 b a f f 313 b 0 d b 9363816 a 799 f 4 d 2 f 14 b 69 b 420421 ' A N D f i l e : h a s h e s . S H A 256 = ' e 5591269 b 1 e a d 7 a 5 b b 8 d 50 f 6 a 465e479 f 3010 a 611 a a e 1 b 33 c a a 78 a 4 f 7 e c 16922 ' A N D f i l e : n a m e = ' . e x e ' A N D f i l e : s i z e = ' 307200 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A A Q S U l B x n a l V p I w D A A C w B A A g A B w A M z Y 5 N D Q z M m Z m M j g z Y j Z k O T I 4 Z m M 5 Z D k 3 Z T E 4 Z G V l O T J V V A k A A + d I S 17 n S E t e d X g L A A E E I Q A A A A Q h A A A A U x 6 + 4 v I b W r C S s + c 50 b 4 w 2 l L O V 0 q U H X I z K u o N o B X p n n v F v 130 v t G 97 h w A k g R 64 V m f o A j Q c W 9 R 9 L S K 2 k X J u B U o 6 V w P C P d u u y 5 c 8 t J R H K J J 1 M D z F q F O C 9 r v j P D T i R B L g r T 2 v w w c 4 X 46 l g G O Z F g M l q h i h m 98 Q A y a 7 v F P 7 b d V Q x b o O W G Z k R a G d 0 l G + v 0 O C X z U o S 0 J E X O n c g I Q U w U C U 4 k O c 6 c 0 c x z x F G B J p z a h 8 c y + G j Q 1 f 74 X 0 + u k u S b P x l Q g i C i Z d O r 516 g D s i U S B O D O N J P l y 1 x i r G 4 h j K d w P n y J X O A N v 5 S 7 m q 1 j Q x Y 7 g H Y v Z F 7 u l 37 X T w A G q J y i 7 m M r Y 6 n J x G l e N R M e O E s g y j n v T S S K B Y L h K y / t D 9 + 7 x q 6 t a 1 R F 4 N o r y u / 0 q p 3 c I s e X b a z Q q N Y w k L n O p 1 J M 5 A q D q E 9 k 9 s V 4 v X K L G r t Q 4 l 6 t j U 3 x e x 54 X d R C 5 Y W 2 g k E u Q k E m g s v 5 D l 4 G P V Y r 3 w R E G c H Z O E v u q o o C 8 e I / t n Y d t A b 22 k I x B g / d y L G J 8 d Y G 7 o w + F R j Z b + F D L t 65 t a i Q C 5 H Z / u 3 a l F x d P 3 H w 2 D o 89 n R K 5 E r g V o G j R x / 4 / I p D W c / U 9 V V 3 p 1 d 39 l 5 L b G V K A U j n H C 4 F c z N z 0 4 i q A j P n 2 M 0 6 T 5 U p h o o G G z R x p N J m b / y o B z e 1 V z i J O u r 2 p n t k 2 Y n S t D Q t 0 I H k Q o S Z X V C a I p W + 5 R B e o e + W K l 9 O m p D u x 61 q e 785 c W m m V W X O f 3 P e H 4 t + / s F g T T N T n e w Y h F K T S w S B w 676 Q G 5 v 7 y 6 J J f J M w 8 x 4 b 1 c R K 7 h i 8 D C R D P I N s Z Q W 29 G q J j Y 6 e R g A O S v W 2 C B 9 W b N S B 8 F I 5 z G b d x T G x / x V F 5 o t 8 h s v t Y c p E W 7 a M 3 b m m c 8 U v p e 1 s K J D l W c / x c q v I B c K l Z b l s g C Q f y w Z h v 7 n B D q Z V Y l o d / C n H 2 m S D 3 o 7 o 5 i W y F L s F C p s D u c z Z B B E j v t E f t t j o 7 S C n m Y Y S 2 p 6 Q B p 2 r w Z A I n y r f 6 D 0 h T Z 72 C 7 z S J c y n Y 5 b b D 4 Y q 0 U N b b 95 T 7 I F K J K G 1 c u h m f / w X o / U 65 X K 16 b b I Q M s c C O 8 j F M 3 X / A r 6 L h t z x n I s d M M s z z T 7 U u a U C a v v d l z m 7 Y a 4 p z F 9 S l j u 5 X r 4E33 N w G d B J 0 j d m S y P 2 a T n D a L 2 v U f x o l b D U A F R I Y G 1 p + n H P 7 O K l 7 N 8 a m y 6 b 5 X w J q M 1 o E N l 7 d C E 6 O + J D a 40 t R Z f P Z U 2 x V + U I v o V 5 e a X z v K 9 / p e X a g R 8 J X T 62 k 0 g T C / x + Y X k T B S b p O d C A 6 P p x z e L Z K k A G 6 R j V 1 m c Q d S d s p y y c I Z p Y k i q E T + D C W 0 x / v X w 85 I Q Q e 3 q y + q E 4 v 0 H 2 + 3 w C + b 3 Y H L c O S O z 6 M w c i R 0 m F M R K 4 u k L D B C q u p d 7 Q j F r k f 9 + n R 2 C v x 6 k b z U E 7 A 2 W + 9 C c U R h g 8 T x s z d P i J 1 T 8 k m / e J k e U 4 G e V d s u a l B c k 2 b x x o z 9 p G 82 o U I K s x o 3698 S 0 P y w D E J Z I H 3 p I 5 + + D c F y y / p l w F 8 o C 8 L u / p u 0 e O / Y 3 B V x c t w B u f A z s B j q O v P 0 n 9 g 5 / a j h m z b B J e 2 H e D l l 0 N M G K x S 0 q A g s + 0 i 9 A q W T i 6375 F p j t k w F N S Q 8 / Q T B L A A 6 e r o d Y 4 k t X D I x o w i x w a x h l 8 B D i a i f Y q 3 W x 0 n S c 2 p 7 r B L o B Y z y a c l O Z q j Q N C b B A T / Z 0 N i B L X x Q J B 55 U I v S m m b h X 7 B s 89 J c C i d T A e F L b Y q 2 K O f V j q x Q m Q U 4 k q 1 x P R N Q x g s B r c 71 k C w L b G S V A y N r B X h w K q k l T v o N w / o 7 D 6 Y g s J j 3 x G a 8 Y l G M 9 W Y b L p b 8 U Y P O M x T b k q k / m + X A f A 6 J 4 y R A x y c T G H N P 7 n 7 I Z u m X g r l W g I L I 6 F H e T 9 r d H P O r B v q f u k 2 Y K b O L L 6 J Y f v s M Q p f 3 f P 4 Q k K v y k w E 0 s 5 D p 5 W E J a 8 h Y J V K r h A V H Z V A b 7 k K i / C j o M D a h u t Y p b V y w 0 X Z 1 T O y f 6 x 1 J p 7 a x s C e z I p t n B D c H k l p D I Z 5 w V R D u X 8 Z e D A f a j t O 2 h y N a O L F o O z w A T x r S Q O O D K 9 G q k O l C E 5 S v k x 22 B 4 + J R O d c O l v w J A e G 6 q q u N + c G Z k g d g d 6 o X u z 1 z I p 5 R J J o O J v J z E g r 5 x W G X h 1 / 2 y a d J 2 s O K z U Q W w Q Q P 7 V k W v K h 6 r L o t M g A u S g w F o 6 m u i I 37 X A R S Y l m h t 3 b w e H P 5 a 5 b l 4 h p L + 0 u a W Q N c H J Q I I X h G C H R G o t x n 6 M b H d M e r U W A n i h 8 p z E G n y o j v q T o F q L Z L 9 C a q o G D U n G B d n N l G 0 i D d J U d I 9 x k f w 2 Z r e R y t s h n X B q q b r G v 0 B 68 s Q X L a j 8 L Z r L c i G 7 Q a S 0 f R 58 Y L u t m q a 3 a Y J g t T F F s h H S + u b x x H 3 H I d 7 r q 6 F Q 0 J T c X q 8 Y u m P q V d 9 U v Q 3 + D v d U x B 5 d 86 / O 4 E Y i Y Z N C w d A v a P U 1 l U S 1 S y X m C y U E q S Z z P d W w K P 36 G Z O D l 3 V x M K t 7 f A A Z 6 y 5 e E b y i y N l T v V T e 5 h I 44 c D 6 T m 17 m i a g D 4 L Z u b t a / x z s l B b P p g Y P s T K e + l Q u s 3 X 0 d E T K o w q n B F 5 o P E k o A p b B 0 v u 9 l / n 3 i x z h 9 D s F w f f 2 n / Q / Y k e 72 V g S Z w / H v Z w R i P p g p f K s z 7 x h g x b q h D W n E O E V y N 7 v + 7 K g H D / L q 3 P 4 i M C 3 r f 1 P O Q f / q k u e R u Y A n U R H C I e j Q 8 F 0 V a H p d t k Y z c F y N s N w 0 a 7 A d r Y L 0 M 6 q / 2 f 0 U M g Z C A G V B m o L c g 46 K Y M u / a j U h P k L s e 15 q z 9 o S X z o z E 4 g O G I Z c L A 35 G f 4 U n L g S 4 W M n 4 W K v v K c s N J u a / 4 S y q v 45 W 84 V W 8 D 4 r 37 Q y G F a N 23 j Y v 1 z e / a Y 1 P v A k L C k C a f H o Z z + 35 w o E 24 D S S s I T f b K E b L I B j 9 H m 6 X 1 X f L Y h g R 1 f 8 d F t v N 17 M u t b d Z l i T G H 5 R c w / u J c Q U M W v A 6 k V Y j y B a R Q / 6 v c z c d g Z b I + F a I G P I Z 2 E H r y s n v 9 Y C I n N i 8 j z v x 5 z W f N Z h r g A 90 c 4 j n 6 Y t k P x w Y M 8 Z l 0 R x R b N g w s Z k w H N C o / A x Q Y e c r T 0 K Y J v h s p Q o 39 P N k 2 P 15 E H i Q 5 v T Y 8 q t 12 S w W 4 P g g i g 6 x w A 2 e j b F u 3 + Z 5 l Q F 15 i l U w A F g t z 0 24 l Q D j 4 U N U 3 l c m z E a i K F k r 8 g W W U I s 9 W G 4 f L a u P t Z V M H F U l p B X h S 2 M a 0 A a 9 w 6 V Y l d 3 + W 7 J z X 8 y + O O O f z B 9 c i + R r 2 m v v 6 u 9 m 3 j C t 54 y A n K T M q p V q h Q 77 Y P n W r Y u H f E 3 s g l S R M C / 7 C C t u h H C H A U q 4 K v X q Z H / f D 2 x s 5 f 5 h M Q 6 j G t q / b 74 S 7 i R t z z M X / o p t x k 2 Z V o g g Y X R t Y B V P N 5 l j 7 G m I W 7 t o D 5 n w g A d y v 9 M 6 s 6 D u v 9E4 S M 7 h w e W n 946 Q j D f c J m B 2 K v E Q U 8 w Q / S x A q P G 8 k Y 0 e u g L m V T E i w O F U R 7 A M 3 t 4 / X m P U f 0 p R v n I D S v i T c X P L H D R P H 5 d w V V u g / T t 3 O 5 L p L 7 N k P d B m H 3 v A a S 8 J o + + P x G O K I b z D J 95 W B 1 A k a g x S E C C D B 4 n i p m x v 5 N p l H k m 47 L d t 3 N G u a d 0 Q l 6 p u e A t 1 c k H x J w 4 g B k V P M j e N O 8 b S i d q N X g C p H 11 i N J f v K j x A H P / w 66 a o s w x q C + + B b + I + o R 1 T c S z h O O Y D M 7 X l J M o 1 R M O Q n V m A P s 8 N t p J i W 8 I Y M 1 L R I w 1 Y L d + S F 2 d I / D m 7 j v z B w 3 c V U 8 z a c / 5 O V 7 h d 8 t Z G 5 Y T i n c e t P U t 5 a N u B A c O 8 C l e 56 H c v a 9 D W W r 7 S M + 3 f C V O 1304 f D y C u y K N y + l 0 H q N c g 4 z 4 T v M A n A S K u e j f 8 G K 0 a r b K 4 J 7 A X 2 H r w S 9E2 a o P S G 8 P q 5 J 2 w 2 A T Z j I / F w / e h m K a Q L Z L 3 E z w m g M C j Q P l 6 I i 9 g k + 7 J R u F l 6 R X Y G a W G m N x 0 v w o S m t 0 e R t y D M / D S u z
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-18T02:16:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4b4906-c264-4880-8c75-4c2a950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-18T02:16:38.000Z" ,
"modified" : "2020-02-18T02:16:38.000Z" ,
"description" : "AdFind" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 9 b 0 2 d d 2 a 1 a 15e94922 b e 3 f 85129083 a c ' A N D f i l e : h a s h e s . S H A 1 = ' 2 c b 6 f f 75 b 38 a 3 f 24 f 3 b 60 a 2742 b 6 f 4 d 6027 f 0 f 2 a ' A N D f i l e : h a s h e s . S H A 256 = ' b 1102 e d 4 b c a 6 d a e 6 f 2 f 498 a d e 2 f 73 f 76 a f 527 f a 803 f 0e0 b 46e100 d 4 c f 5150682 ' A N D f i l e : n a m e = ' A d F i n d . e x e ' A N D f i l e : s i z e = ' 1394176 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A B M S U l A d L e Y O T a o H A A B G F Q A g A B w A O W I w M m R k M m E x Y T E 1 Z T k 0 O T I y Y m U z Z j g 1 M T I 5 M D g z Y W N V V A k A A w Z J S 14 G S U t e d X g L A A E E I Q A A A A Q h A A A A y O w m t i V E M e x K K C l 3 j j t S 0 q p h w i y E y r 8 Z + y + U H V K L m r v Q f b I D e j //PkwqNd6QmftQZbzKZMDr4HBOh5ObZyhxyk002469zyXA7K3Cp9YFeGUDBZTVxBhhmcf4+hBTOtaxjClfN4J6SyyuprmDQocHPHFaPcbRZVfC9XuGFHFc/qNBffol7VNkEhYruMVJJ1dNolBep972/omw/Tie45qKIFxOrfj+XHMndfcd5RHtsWi+1eQbVN3BWZbmHNB1vp8A2m76emApb/VWFATT8tzunyrKof0wvf+MvLmF0g/aFuZ0+3rOk5UqB72zyWEqEVdbMmMU5PdtTDWXbqLWt+RGZ4rirecOS28dWPTrvCo0WSzz/K9lUgDs3TSQKjRAHRKC7V10sjfjbgfggHDoEYtXj5jfZB7ahjy/UFiwEtwORhnF4zXclOBKdw4agy43LzsjF1H6Z6SffvsqgUiB6Uo7PUZ9c5GZcVAlKm0aonejuVwFrg7liOPhpz2Y3m/+OPxQOhamzBJZAiwWOrEg9c/+kFR2zJnhqm84KSZMNMHRzSKi0S798jBQLGhiygzGunWnVgj9BeJQZN9flh7ayd1ruUNmLxPUBC3OGui38aOYxHKG4X9U1g94kgtyfdJXAW8Fb9AO09W7NJRRazYBScbj9+3dBIvyJXXdtp8Nq/iPHb4ibpJxCNs+wTGWl/QB2GLcsY5H8ToY0FUZoOyl75r8ZvZgoql/Sx9u0G7Wrsu/4Ynlm1mM6D+q7+IYYF4xcfnuXar/qHjJqA9R1mYf+QJvNiWhftWjGGU3DS5jpMT/Lg75SQDn+/rHZgHeUe6kVEOtjtt0Bc2XVlTUO499R0mrYWH0A7xvbQ6hJG1xR46W3hlJOtXZBZApGJ1a90RNG9brERZuWqZdOCRSdGrTozzjLWXATSMdxChuslKs+JFDVTmVMWG9j1008G2rkBzQ99U2JtXo7HyoRtZU1OeUzY6Y7z08EuuBMaud9aqPV7Ufqga5xRIdw/5jtQrNAloL6+hgjpZHKQXP+AMFKdEli7Z7ri95eIE/H23zzT2xZBRO6rje/S2Oz4v3CYcc3Oexk+ulO130OSVZN9LMEjazHXErDH5GJr/iA7YNMxJucdoCHg8bY/jIjCT6xOPRq6tZM8r7orXly2Jb5y559VKErVgSsKKOC9Gz6vS4TkJ1vmUQAP0qYhX2lO8DrzIrsw7tOAmfW7SuHzYrnd756wdZlHfX0hoIsHwSRymFyvZJh04chL5+4A/7CB8O20XvpNledH7IjZ/bSv/LlJnx/2OLTOa5G7QRC/+ZkBuG3FoTqIk14QAS5mK0prlVdQVC1RfXl1tNMT/bzh3MQ6N2QYcQFfnqNfgKrIGKNEZvU5dqxRFtbYHrJgG6iimpRrbRvzUEcu1hpcskyk3NzoagjhwdwCmB4z219XTWmv1TOrbTFvWbTLGFxG4MipAeXXEyR98ysQGdYO7j866RHOXWKVGDgBYif0Ob1Zp4vJzLvyQV7jt1OSgnAL1Z5lJp648s17opzO+enE3eA3h4iD1gebxNZMLH9A+aSBJbiXjVGhCfvRVtPIkoObjMs4vVJc1xFjOQDCUGQDX0oURqc8/GkTdCwU9dK8McxXEDMLe6KMPuqA5S3WyD7g2ncicYulwxPKtYbaUjnxJnsT7P3cTFTM2ZP0g/mAaWYurf5sHV6obRYgW4YPz0VfTjlYjs8lQ9CXfDYjaJMzEfk0caW7hU0ig/AJyMWz6Kyh+wR0KjazOzMuSs6amrs5BzUNmuaOOapNC6rMeyddWoY8aq1+0jw0fPtvFY4MdpC3a4fwyadBRh7hNOQGz8rkguQBdXszY39jJgQtsFONUXFLjnrAR+gr2EoA2ln7168WOUAmWByGg+eLHADz7tFxU9mJ3q0ULHeSsDSL117mWl3xKSGPMwp7/0gPMdI2KIYlMvDCnNRpxQz/wGaASngqWG+JHgJaKcbao++WSmaqUIhjJSI11nFuxDnx6nthbHBGVD4jHpUKZ0bRZIInM/tLrIZd3Rr+oWCvNqoNkPqbKSePOzXidOe03nbehiNWOoHF+70vEkiW7T5Q8ZWesB+6eSDdpQULNJtcRza7EGSgfXf7RDtAk/Mily7uzQOIbojg2E5tvAPBGcASAraPnCOmTnxYGUpstiOaEjIcMexjV0WhBulHqpRLJch2R5Q07M2sk/QW2iiD4elnhIxOSHx8rcchBNHNzNBH+ty2Y3JYfQa8FctZeLlxjnuh9Y1vmtWs7GGAmpol1bL7zyL8TcYMQrdX1KthBpcFjmEERyfC1Q/LtYHAstaUfa9ngGSMlTQt0DwiQ4JfusZW9b6G3SN19zjSMZ38iieh4pAXr5IKcamby4nZC+HaZMlURk34r4/Pljwq0mPyBDbVyTvJX0u6732/Gij4hh5mgM+WhcndoGt1PV6Vg4wd4VUWxDRnVLHQJjQjV5uRye+p0oN0vURIJi9O6S/KKnO2idZLZ04HdTQDAHCUxfHlzJPGITqolwFAkkDRy42XeDChf3UrI/VCd5IlVuYMg0Ku+bWDCnr5wDzt4VBB8qYWREY/DhB9XIvGh0herd7K9v1giEdffemJOWDsmpFE5jh0ORKYv81FAhyrPG04d2a/SpqggWP11t02D8tWKi/HgXwRgXEeTpAMGK/qzmhsqx4dYSWEOe/j8QMsk1AffNMSc0uRUIf7ksbPWvj3mS7fPdERXvnrICIxpg5qjXfpj+Nmm/KUVhJMG8fjAttNMFF0TWEFvENoLh26e1sZnbmePp+pNt6BXmFHhz3DJ3CS+K2xXEG77xu/4iKSvyW1UnG0unb2I27584F7vzofVIIHTwvDYshfml3oIMWewyTstm7i6YUA4RXET53PUha8znv1ezQFFyI34hcZz2HHmyQND3KK9/RelP05urmVzJZ1gAtLWqtg5zyJ3WjfgUkws9d45fsi0u8mc2wR+7cveKcjPcXpLzCQLswfbvlKbbavmED1umQSCkqvxZbCrhkHa88DZhDBLVxhuGwoUvP85psP9fTo+0n3DoDQeUBJ3tvuZMBTOQRb4nQXqOilcgW0iiNIO8fX3PntS0shgt5okYYWxOGJmFxEWubLe+48F51p0N6tM5Gud+sALiKrqV81z0ZetatGGzEqmQKJNecWEomOOcGb0al3EjCMR7HjWOTcLR0QMP1dYVs0/GV/E7DN4EaqvbSbEjen7APXczFBPtvnoz52DnowhG0Bs6rR+sevePy3p/a7F0Z4n55rE3LzxptqpOdHp0hbVqLxkkCNlam5jLiejAl2fYdGzsmTVean9DAVB/PZ3vRjVfF2LHHhEclS6P78iOznK7uOZrYT9pT9yo8Ke5P4/4gZ3V7NOv7xiFoGhtKhIna4zfIHRph5BOMlPCfpyvZTw4U4EgPXBRIv3/V1vL2JveCdCdbg8tPHGzBqWn+AXIwIGrnLMl6RU0tdOGHumPfzmNJKbwCGMdlW3349uvZ2yO6/q9gJFSxtI5Utn80e5wCzb/KMat7oGkOK2btWD7lgHc8K8IG48jPlYivbxbK4j6oBu7+sZ9c20VKDngQJocd5atPllBGPiZjL06Yt3Xkw13pBPftv4fqPSZ1ASuSVCvqXLMbTz5wpsQro6rfPZ
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-18T02:16:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4b4960-5bbc-4e05-aee6-4127950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-18T02:18:08.000Z" ,
"modified" : "2020-02-18T02:18:08.000Z" ,
"description" : "AdFind Recon Script" ,
"pattern" : "[file:hashes.MD5 = 'dbbdb5aa4a033fcae3b699e169706bfd' AND file:hashes.SHA1 = '73c0b77442e5aa91fdefcfedf0e43efa7b7cac04' AND file:hashes.SHA256 = '2f49676e70ad99b0136132183e197cbd88eb294d3ed4048da7f607f2c21f6df9' AND file:name = 'adf.bat' AND file:size = '493' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAEQSUlDk2jvG6wAAAO0BAAAgABwAZGJiZGI1YWE0YTAzM2ZjYWUzYjY5OWUxNjk3MDZiZmRVVAkAA2BJS15gSUtedXgLAAEEIQAAAAQhAAAAJPSdiGn3gE6webJKL98fJFkqBKM+q4nHsGaPyMLGZfwO0ds9rEE6OxFpjbd7w0O3B49qYD7ENp9DC6rgrCLLNncIcCKKuYbP48+NUcVl7jGrfuM6aQJV4gOJSWHgDGhy2qO2/IJsgYMFpA5O4Dkiy/Tx+n/GAo8Z7Av59cea8LQ7pnpPDxEN6C9vTC9ecbNslXYke1VFOFdvTrcT+huiCuiYEqFJ+PSrEA3QXq2+I4EyOO1ZiBbZp8XtHoHFh0pJ93xSP7/OzBodFyiTyiqscq1BzHnaZy5sq1VJ5fLxOAPJ/RLOUqicnbVbRFBLBwjk2jvG6wAAAO0BAABQSwMECgAJAAAARBJSUA5/ihUTAAAABwAAAC0AHABkYmJkYjVhYTRhMDMzZmNhZTNiNjk5ZTE2OTcwNmJmZC5maWxlbmFtZS50eHRVVAkAA2BJS15gSUtedXgLAAEEIQAAAAQhAAAA+M6RjWLOVY8s6LnDd9+lgrFBpFBLBwgOf4oVEwAAAAcAAABQSwECHgMUAAkACABEElJQ5No7xusAAADtAQAAIAAYAAAAAAABAAAApIEAAAAAZGJiZGI1YWE0YTAzM2ZjYWUzYjY5OWUxNjk3MDZiZmRVVAUAA2BJS151eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABEElJQDn+KFRMAAAAHAAAALQAYAAAAAAABAAAApIFVAQAAZGJiZGI1YWE0YTAzM2ZjYWUzYjY5OWUxNjk3MDZiZmQuZmlsZW5hbWUudHh0VVQFAANgSUtedXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAN8BAAAAAA==' AND file:content_ref.x_misp_filename = 'adf.bat' AND file:content_ref.hashes.MD5 = 'dbbdb5aa4a033fcae3b699e169706bfd' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-18T02:18:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4b4971-e698-46cc-81fc-418b950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-18T02:18:25.000Z" ,
"modified" : "2020-02-18T02:18:25.000Z" ,
"description" : "Add User Script" ,
"pattern" : "[file:hashes.MD5 = 'c872ffd205753b7331e18c96e5274393' AND file:hashes.SHA1 = '6529f55f28cc1411af98db6586a965df49479573' AND file:hashes.SHA256 = '77aebf8c0fc3caa445c5b8130cf69a988e625ccf45d89118cd30d90021a58436' AND file:name = 'addUser.bat' AND file:size = '1785' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAE0SUlAJZzkExAIAAPkGAAAgABwAYzg3MmZmZDIwNTc1M2I3MzMxZTE4Yzk2ZTUyNzQzOTNVVAkAA3FJS15xSUtedXgLAAEEIQAAAAQhAAAACSzUVQf3Mp8l2K1QC8MTKQ5e9WueVCj6SecupIe/iE6pOsHxvz9NvQq+4FAwUfQnLNcARTfwyVrUBepKc5AS6OITBPMWfreuv6H/iQ1cZ+SVgkzOhIaIh2VJQ4rQEVvFq8WfJS233QCttQuA1tc7rbk24II06G7AoIkxp9AKGo7eXw0vUiI3sg/2YMIBKJ2cvwBOLVG7AqaLqu3qW55MbIsS4aEJTGSGYadgKHgEgH0q5F79um8Vot4T4FOj9KXsReUJ5bxpJAVZ28ibDKMWDoX1ZjJKEwv71t600fk/MTLlhELUTLmpFwNLoHPO7SaXsNa1FF1x4O/so+LcwsjEYfgWsZMk0dSJu6JD+p3sXw1cuewJPhFwntmF9vJp//BPHcLJqGPiXxVnEnJn1kaXMWiTlhKWSUXgL/pJDhN+8ySOxvxY+5f9yjzH5S62o9xGGmUwsMQ0BxB1c/Q6N3671lRhzR8+C3lTAR5W/K3qo4MBuvT4Z0LjPHKgIwv5lkjssqAvSUWMN4BXLV0XwhB3OKIuJyPMjxtuQbHzy2xgCRPZjds4IjJwVhFeYZtdczAVnYlJviAWr+3BZPl3729tS3uu3J5GRGjXL/egTC5eTTjo6mwMYZNQluHojhXBhTw/BAwsO6X17FTLwnjfixWgY1Uz002lVdSj5zB8lnvflucSnfc288Z6S1uBSe8ScqwPQ0vBnzNWpH6KURdEc6o8uEVcwPCu7UxZbYrvYahqd75r6biBoF+UW5dpcihGbmzKPedwjs497Y5ExrC8o/xK/p7aZt3k8h6abG9vFGqsxM2yfHsc+pxsTOzQ3Eyqf33edZDC+BiWsM6LQWdN9kIIuVzy9N9FADnpMoQgBUBmqdVoSxhPDCIKthlNU23hdL6vU/166Pb781MoXxAt7yFytDF8YZ81oxVC4cF6PnFDHmNDwm89UEsHCAlnOQTEAgAA+QYAAFBLAwQKAAkAAABNElJQZL4DGBcAAAALAAAALQAcAGM4NzJmZmQyMDU3NTNiNzMzMWUxOGM5NmU1Mjc0MzkzLmZpbGVuYW1lLnR4dFVUCQADcUlLXnFJS151eAsAAQQhAAAABCEAAACD8EuCTdDWROcP20nJysedbs6/aLqUUVBLBwhkvgMYFwAAAAsAAABQSwECHgMUAAkACABNElJQCWc5BMQCAAD5BgAAIAAYAAAAAAABAAAApIEAAAAAYzg3MmZmZDIwNTc1M2I3MzMxZTE4Yzk2ZTUyNzQzOTNVVAUAA3FJS151eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABNElJQZL4DGBcAAAALAAAALQAYAAAAAAABAAAApIEuAwAAYzg3MmZmZDIwNTc1M2I3MzMxZTE4Yzk2ZTUyNzQzOTMuZmlsZW5hbWUudHh0VVQFAANxSUtedXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAALwDAAAAAA==' AND file:content_ref.x_misp_filename = 'addUser.bat' AND file:content_ref.hashes.MD5 = 'c872ffd205753b7331e18c96e5274393' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-18T02:18:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e4b49a2-40d8-4a64-93de-440d950d210f" ,
"created_by_ref" : "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f" ,
"created" : "2020-02-18T02:19:14.000Z" ,
"modified" : "2020-02-18T02:19:14.000Z" ,
"description" : "Trickbot" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 9 e f b 4 a 465942 d c 0 94 a 5 a 57e055 f d 608 a ' A N D f i l e : h a s h e s . S H A 1 = ' e 1348386 d a 5 a f 1903766352 d 4 a 224 d 859933e941 ' A N D f i l e : h a s h e s . S H A 256 = ' c 93 a 357 e a 1772 e b 376 e c 4528 d 7 a 6 b f 8 c f a c 31 d 9 b 9 b 4 f c 5455 d b c 369 d 6 b d e 3583 ' A N D f i l e : n a m e = ' d x g m t d k . e x e ' A N D f i l e : s i z e = ' 139264 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A G c S U l D z 2 w j f l / g A A A A g A g A g A B w A O W V m Y j R h N D Y 1 O T Q y Z G M w O T R h N W E 1 N 2 U w N T V m Z D Y w O G F V V A k A A 6 J J S 16 i S U t e d X g L A A E E I Q A A A A Q h A A A A v U c f k 4 N / h m I q w A K L Q 2 M J u p Y 64 P a V V e k 3 U Z X / h h 7 F r O 3 n t s d G I n i V q p M S v u A s R x Y B T e f T 7 C 9 M K v x n R 2 R k T 8 S r k w Q 4 a o e 3 h W 76 l t t t i s v 6 + a s L 4 u o P / G B c 3 X 5 Q j O 5 i L U 76 Y 2 L x a + i 8 M i b d r I s s e L R a 7 o g y J W u 0 x p Z E P k l z 15 F A t J Z U 3 p M Y v U 8 A X C l L q K v Q f f 4 d J I D 8 u d 3 X F b F 33 a r 7 H s B X r C / v E D Z n Y v P A H V + j f 7 l T b r g S I A j c g g R X A g r C F 2 v 1 d + T L B T F l L s M N t x Z c U X L b D s / Z S w y r R O W Q 8 h e Q t 2 j r a j 0 y C M c u p a L / b w d N Z 32 R 3 l N m K I D N k A f I L + X P 9 g x h / F g r 2 b 1 Q b A f d F a h A k v B G F C b B f p + O z a c A j q o s y F H 450 l D 5 C M Q t R i H j s I h z J g F R J b Z 1 m P F u q 9 m s J B q G P V L k 9 e r y c V 5 q V 58 X X 4 q P P p r q h 2 H X k 37 m M c c q 9 F W e E b q z H 901 k V 6 u Z h I 35 K X g + / O A U C C c p M T / f q J G 1 G d W J h 0 U k q T p 0 N H m I o 1 P n e 5 i C C m k L F k P / o m T f p 8 Y R V e b x a a I m G 4 V r O E x y a 55 y h E a A j z J N a j o p d t R K d J o B O + K q 24 E h l 0 q t 5 R 6 I q s F l l 1 w 3 y q 9 q d A P N c + m Q D k 18 W 6 u 4 g / w K m W w B a o L C M R k d H f m I p 9 P h a f I p k q 43 I w G x 7 S R / F J y / G F p a w 0 1 H Z S S Y c A 3 j z 0 q 3 Z F 6 t x k r Z p k l T 0 t 7 k X R D t J b F I T E 9 h C j F P H o v u a 48 z 8 o k H s 8 h w 6 T d R / z N 60 H D E M p 38 j D F S 6 k M M Y n e R Z 4 v u J h Q M z 8 e i 2 r S W G r w f y d / c T G T 5 g g W d 0 m N l j b 5 a I f 8 v h d v s x U / T m z B s A O M K E C g j k p 6 + G j 6 j 2 V t r B q v w g G L z M b r A c r E r q q d / o o j i Q F 7 A o Y 3 X v l t x d t v y I W D 0 H p M h / t J V G u X 76 l Y G r 3 T 9 l s P W r + n I R e n y i / X S W 0 r B M G + V + s N 4 D J r n B n a / S n Q W v F X w e B 4 p 2 u S c f u / o Y T 1 N 4 P I C G u a z t Z K F W F l Y z x j + 3 W i + t Y j D G 42 T R T a z K 4 t 8 b O 6 Y 8 x e n 6 u 2 O r V 6 H m 6 T c 6 d O u + N G r 8 J f U l K 3 r k u 2 z P k U y T 4 q k l 2 B y O Y n b i C 5 a W R y J 7 U Q Q N Y 9 f X J 5 M c 7 U I O D 6 B L s / F B r S 1 d N p 8 y E l Y g m 7 C A a 40 w O y 6 e S L n R 5 e N R m b o H h e o V m a f Q T E y f q L N w 211 B 6 D 9 q J 0 e d f T T I F 8 E J C D W a i l Y m T a N Z H 4 q n s z l 8 I N i F a d r R V c Y i a J 1 G m L 2 P 9 H b O 4 B d 8 U X K m 73 a G q b Z e 6 J + 9 M r R Z / t V O D / 9 B e N G v 60 t F B P w t n q 4 d x T H T u E Q z q t j J J i f g X J K k E t s R + t M Y l k 4 H B S 3 D u h a 6 C l H 3 y s 0 G v e x R V D Z Y J 17 n I i j T 7 n / P n v J D j f j S f S c p N f X q 3 b q E B x H 9 S a I u A v G o 74 l B m T j s / W d W 1 p E O z y 7 r 0 i x s s f K l Y S 9 u I N / t 2 j v S H D q 4 o q 0 Y w m f 8 a H y U l 150 r O c d R E F P T f E N 4 n A u I I z 9 w S V c B 2 z R / Q A Z a x 0 / v o Z 922 F J w 6 u 0 K 8 o n K c C j u 8 L J W a a 9 k G j T X F R W h X M X z a m z l K a Z s f 4 H s / k r W j j g y X f / v U k f k 3 + t M C T G l 5 K w i j v e z m z Q 7 O A L A 5 n 8 R 9 Z 3 U Y x q f G Y c + K T M x H m T L d / G o T 14 t L / Z O x u U j d e X i H Y f S F R O + N f w X 24 D e 2 X X F Y 52 R O c 9 K J m U M 1 Z c t I Y 8 V r 2 k + p s 3 Y p T D H b o k P o X A N P 4 a U M F 1 g 4 l K 8 I F v 7 x 0 k C o V u Y v 6 Y n M 4 o H m w P 6 P z b N 21 k s e N z g c Q 7 r y + c M E N i M u g p s W C n + u 3 L Q / E n 8 D F h w / t k b V m U p 8 y Z l M A 8 B g x y J 7 n n T V 8 K A 1 r w / f I z a E B K W 8 J q v m E x 6 A 9 y D H f R c G O W m Q g r z d E J p w f l H 0 3 n k L T I R I f D + Q L X v k h 9 Q k r J s x X 6 f x k F p R I x 0 8 V s T G + I r 6 c C a L / D 43 Z A a Z P x m + c K J y + Q 3 b A G v B 2 S F r Y 35 p E O P c N 9 p O K y W Y v 8 M N w 4 / 6 c P 1 t n c y h N 3 C K K 9 q m 5 Y C / e q w b 7 t v S m y 7 H K / Z 0 I O b X e P i s D P U 4 + d B b y g a E R J E t q K S w + 5 + / I E E t Y n Y f Y / v b m I j B N g b N A m R e 6 D w O i x h h V 3 V D L y k d O C L c z j 59 r z V E i K 2 t w 0 j n u z J Z 9 h h x 8 d e L H N c y 0 v f b K b I h n 4 V t Q M g J S J m T I x h h 0 O U R S W u G l H E J 17 a 1 w H J 84 i y j 8 r M d 3 I E K z O 7 w O 6 U P n X x I C r 78 m B L o T //ZpIlwl7t+xovM5v/1RWeq++SietImNlxHwUM13YP4J2FfQvDItkwSntkKwFzYqhOL6tSuyMK9tF/eiXRaATYzqgsCTptNfJ4+TlyDCIJQPykX9iMz8/0242+oRIBYrV7Z+PYJXhj8Xwvtz5Xz3qCj5L5QEQS8gXJmFtenxqo0wNgDKQYF/GUlLmgVNKSI/jseAQ+nMwfbl0v2byADZteboUyCHR5lIDkE/5NfAYcS4jJaoYdnXTbiY6LTekKQYk2MO2e8FO2hVHAoOihSFOVA+3zpdJ9rrjrdScBuLfHEVF0mrjXC+3enSNUz+BhgISV1hiHCqeIqmitv6zEOnc8docmoimvcZJiFw2ClbRc8KIK6OAYq6IU3S2cWH1iM0au1sdXunmv27WQiIFyYDQDFKNHenx7p6H+ktlou0GvY0GNrkYT1aQAfSIHLlrnbHY72OAQf/TxEjRZkDoc2jvfZhxmMqVGS5SVUOJNcgDACs1AgIb1yzcZ45KO35gpFoB8bu6ltfR88sGwQ/MDPANE/szB4zA/tmXusgcxqudd7Tx57gXthX4x5rMJfiMwzc1LHIXVKFbE5DpwjKDMSEGyGvd7il6Y6RBlk7KRiwlbnOoItJGujVfam3+HRZ09N7Jla4tQTscV4FNS9na+YVan91XoQLuot4fGYwItUbPHaOBZXDKH+597WV2vGYwm0X3CiqI7eO9/X6GdCx/ARL4+pSscJs2FyHEgULJD2+yEzJpVNrlANuO3HrFviZh++tK2usgwSA5NG6td1pIZdqLHpu+PRd1FIt+SQ/M1nyqqBEruauJkQwit6I9kVWPr2tQ1sVryOvSlp67RW5K4YelFkSLFvROBV69zvH//TQl1GWb7YvFy1974tsMgRwy8flGmoQ9Kt2CvCsnCDwdml9SYc69V3FA92Sa2qGswtvcqDmxf3il7d+BbtKZVaze6uouFQrHL8Tap9oFvJS/iQTOGNtEaCtvYXeJp3dSMvFe7zCyvwJFlT8hoQQB6OFIr/WxJi6388iqRMEAlbV74PscyhRslTyu2NuBuKzD9AC9nTY/9ssHeT++MCfArlaDx6WfFrwQaeYnlasHZ6Xc+1wgxcl9UO+Apbh5Vn7IYCjON1oDW1u6xaMTHoS5K19/PL7cRfuM0b/umflsBokbbZYhDbOACP5cHQqfbkXkgzywawKTYjZhb4fl93zHgfGmhr/iVfjqndDPNhxL4EG4k0ECtBzdr3v2vBktqpQdT3DjV4WST28bNFOVh8/0TxedZ1SFF8XUcssML+7HkrlhfONMnL2aVj8WHYj303VELtJ/kgN2doWxICVmbWf1fLjNYO//eplWujf9iH5x0S/++aVFFWSFwEetGq4mbiEvD+FuEFJR9OOtOLOFUrAvNSMOjxnm4DEL6H+qMrjOMR3vOgTWMNv9O9YX1+lrbNaqRv8qV9HEvUAnW8TWv6NU0YeicDSperqD7ilnZB10c77tza1F8OqyJMOIZaGYHvC7yVJSB/Ak5aIr95ETFUaRkfiRjxYk
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-18T02:19:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:GREEN" ,
"definition" : {
"tlp" : "green"
}
}
2023-04-21 13:25:09 +00:00
]
}
