2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5e5da86d-bfec-4b9a-ae77-57540a0a020f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2021-05-24T10:04:31.000Z" ,
"modified" : "2021-05-24T10:04:31.000Z" ,
"name" : "laskowski-tech.com" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5e5da86d-bfec-4b9a-ae77-57540a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2021-05-24T10:04:31.000Z" ,
"modified" : "2021-05-24T10:04:31.000Z" ,
"name" : "Remcos RAT 02-28-20" ,
"published" : "2020-07-02T09:08:01Z" ,
"object_refs" : [
"observed-data--5e5da928-2128-4c62-837d-11b70a0a020f" ,
"domain-name--5e5da928-2128-4c62-837d-11b70a0a020f" ,
"observed-data--5e5da929-019c-48d8-bbab-11b70a0a020f" ,
"domain-name--5e5da929-019c-48d8-bbab-11b70a0a020f" ,
"observed-data--5e5da929-6504-4fcf-87d5-11b70a0a020f" ,
"domain-name--5e5da929-6504-4fcf-87d5-11b70a0a020f" ,
"observed-data--5e5da929-86cc-4555-8657-11b70a0a020f" ,
"domain-name--5e5da929-86cc-4555-8657-11b70a0a020f" ,
"observed-data--5e5da929-5f64-427d-bf21-11b70a0a020f" ,
"domain-name--5e5da929-5f64-427d-bf21-11b70a0a020f" ,
"observed-data--5e5da929-b96c-4d0a-8e04-11b70a0a020f" ,
"domain-name--5e5da929-b96c-4d0a-8e04-11b70a0a020f" ,
"observed-data--5e5da929-1a18-425c-a0d7-11b70a0a020f" ,
"domain-name--5e5da929-1a18-425c-a0d7-11b70a0a020f" ,
"observed-data--5e5da929-2708-4ac3-a2be-11b70a0a020f" ,
"domain-name--5e5da929-2708-4ac3-a2be-11b70a0a020f" ,
"observed-data--5e5da929-eba4-4b20-8af6-11b70a0a020f" ,
"domain-name--5e5da929-eba4-4b20-8af6-11b70a0a020f" ,
"observed-data--5e5da929-027c-435c-a7ac-11b70a0a020f" ,
"domain-name--5e5da929-027c-435c-a7ac-11b70a0a020f" ,
"observed-data--5e5da929-df20-4dd3-9669-11b70a0a020f" ,
"domain-name--5e5da929-df20-4dd3-9669-11b70a0a020f" ,
"observed-data--5e5da929-460c-40a6-a502-11b70a0a020f" ,
"domain-name--5e5da929-460c-40a6-a502-11b70a0a020f" ,
"observed-data--5e5da929-e748-49af-a038-11b70a0a020f" ,
"domain-name--5e5da929-e748-49af-a038-11b70a0a020f" ,
"observed-data--5e5da929-378c-46d1-b83e-11b70a0a020f" ,
"domain-name--5e5da929-378c-46d1-b83e-11b70a0a020f" ,
"observed-data--5e5da929-7128-4032-9491-11b70a0a020f" ,
"domain-name--5e5da929-7128-4032-9491-11b70a0a020f" ,
"observed-data--5e5da929-27c4-420c-81aa-11b70a0a020f" ,
"domain-name--5e5da929-27c4-420c-81aa-11b70a0a020f" ,
"observed-data--5e5da929-af38-4573-9493-11b70a0a020f" ,
"domain-name--5e5da929-af38-4573-9493-11b70a0a020f" ,
"observed-data--5e5da929-cc2c-410b-bfe7-11b70a0a020f" ,
"domain-name--5e5da929-cc2c-410b-bfe7-11b70a0a020f" ,
"observed-data--5e5da929-b144-49c1-b510-11b70a0a020f" ,
"domain-name--5e5da929-b144-49c1-b510-11b70a0a020f" ,
"observed-data--5e5da929-f0b8-4fe3-a0f5-11b70a0a020f" ,
"domain-name--5e5da929-f0b8-4fe3-a0f5-11b70a0a020f" ,
"indicator--5e5daaf0-79a8-43aa-a307-57690a0a020f" ,
"indicator--5e5dab5f-6360-4a90-808f-11ba0a0a020f" ,
"observed-data--5e5dae8c-bbec-4add-8b3f-14820a0a020f" ,
"windows-registry-key--5e5dae8c-bbec-4add-8b3f-14820a0a020f" ,
"observed-data--5e5daf01-461c-4c13-8ed6-11ba0a0a020f" ,
"url--5e5daf01-461c-4c13-8ed6-11ba0a0a020f" ,
"indicator--5e5daa68-3b4c-4207-a7b8-11b70a0a020f" ,
"indicator--5e5daaa5-4044-4e77-afa6-11bb0a0a020f" ,
"indicator--5e5daaba-4204-45ad-9ed7-11b70a0a020f"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:malpedia=\"Remcos\"" ,
"MalSpam" ,
"Remcos RAT" ,
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"" ,
"misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"" ,
"misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1060\"" ,
"misp-galaxy:mitre-attack-pattern=\"Indicator Blocking - T1054\"" ,
"misp-galaxy:mitre-attack-pattern=\"Timestomp - T1099\"" ,
"misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"" ,
"misp-galaxy:mitre-attack-pattern=\"Indirect Command Execution - T1202\"" ,
"misp-galaxy:mitre-attack-pattern=\"Uncommonly Used Port - T1065\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
2023-04-21 13:25:09 +00:00
]
2023-06-14 17:31:25 +00:00
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da928-2128-4c62-837d-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:36.000Z" ,
"modified" : "2020-03-03T00:47:36.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da928-2128-4c62-837d-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
2023-04-21 13:25:09 +00:00
]
2023-06-14 17:31:25 +00:00
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da928-2128-4c62-837d-11b70a0a020f" ,
"value" : "usadroptop1.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-019c-48d8-bbab-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-019c-48d8-bbab-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
2023-04-21 13:25:09 +00:00
]
2023-06-14 17:31:25 +00:00
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-019c-48d8-bbab-11b70a0a020f" ,
"value" : "usadroptop2.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-6504-4fcf-87d5-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-6504-4fcf-87d5-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-6504-4fcf-87d5-11b70a0a020f" ,
"value" : "usadroptop3.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-86cc-4555-8657-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-86cc-4555-8657-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-86cc-4555-8657-11b70a0a020f" ,
"value" : "usadroptop4.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-5f64-427d-bf21-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-5f64-427d-bf21-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-5f64-427d-bf21-11b70a0a020f" ,
"value" : "usadroptop5.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-b96c-4d0a-8e04-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-b96c-4d0a-8e04-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-b96c-4d0a-8e04-11b70a0a020f" ,
"value" : "usadroptop6.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-1a18-425c-a0d7-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-1a18-425c-a0d7-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-1a18-425c-a0d7-11b70a0a020f" ,
"value" : "usadroptop7.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-2708-4ac3-a2be-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-2708-4ac3-a2be-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-2708-4ac3-a2be-11b70a0a020f" ,
"value" : "usadroptop8.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-eba4-4b20-8af6-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-eba4-4b20-8af6-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-eba4-4b20-8af6-11b70a0a020f" ,
"value" : "usadroptop9.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-027c-435c-a7ac-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-027c-435c-a7ac-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-027c-435c-a7ac-11b70a0a020f" ,
"value" : "usadroptop10.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-df20-4dd3-9669-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-df20-4dd3-9669-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-df20-4dd3-9669-11b70a0a020f" ,
"value" : "droptop1.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-460c-40a6-a502-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-460c-40a6-a502-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-460c-40a6-a502-11b70a0a020f" ,
"value" : "droptop2.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-e748-49af-a038-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-e748-49af-a038-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-e748-49af-a038-11b70a0a020f" ,
"value" : "droptop3.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-378c-46d1-b83e-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-378c-46d1-b83e-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-378c-46d1-b83e-11b70a0a020f" ,
"value" : "droptop4.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-7128-4032-9491-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-7128-4032-9491-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-7128-4032-9491-11b70a0a020f" ,
"value" : "droptop5.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-27c4-420c-81aa-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-27c4-420c-81aa-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-27c4-420c-81aa-11b70a0a020f" ,
"value" : "droptop6.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-af38-4573-9493-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-af38-4573-9493-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-af38-4573-9493-11b70a0a020f" ,
"value" : "droptop7.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-cc2c-410b-bfe7-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-cc2c-410b-bfe7-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-cc2c-410b-bfe7-11b70a0a020f" ,
"value" : "droptop8.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-b144-49c1-b510-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-b144-49c1-b510-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-b144-49c1-b510-11b70a0a020f" ,
"value" : "droptop9.com"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5da929-f0b8-4fe3-a0f5-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T00:47:37.000Z" ,
"modified" : "2020-03-03T00:47:37.000Z" ,
"first_observed" : "2020-02-27T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"domain-name--5e5da929-f0b8-4fe3-a0f5-11b70a0a020f"
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "domain-name" ,
"spec_version" : "2.1" ,
"id" : "domain-name--5e5da929-f0b8-4fe3-a0f5-11b70a0a020f" ,
"value" : "droptop10.com"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e5daaf0-79a8-43aa-a307-57690a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T01:11:17.000Z" ,
"modified" : "2020-03-03T01:11:17.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.56.113.222' AND network-traffic:dst_port = '2500']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-28T00:00:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e5dab5f-6360-4a90-808f-11ba0a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T01:11:17.000Z" ,
"modified" : "2020-03-03T01:11:17.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.252.74.84' AND network-traffic:dst_port = '2501']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-02-28T00:00:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5dae8c-bbec-4add-8b3f-14820a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T01:11:06.000Z" ,
"modified" : "2020-03-03T01:11:06.000Z" ,
"first_observed" : "2020-02-28T00:00:00Z" ,
"last_observed" : "2020-02-28T00:00:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"windows-registry-key--5e5dae8c-bbec-4add-8b3f-14820a0a020f"
] ,
"labels" : [
"misp:type=\"regkey|value\"" ,
"misp:category=\"Artifacts dropped\"" ,
"kill-chain:Installation"
]
} ,
{
"type" : "windows-registry-key" ,
"spec_version" : "2.1" ,
"id" : "windows-registry-key--5e5dae8c-bbec-4add-8b3f-14820a0a020f" ,
"key" : "HKU\\S-1-5-21-1640332003-3587316399-2507620052-2742\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\Kronprinser" ,
"values" : [
{
"data" : "%USERPROFILE%\\Lrredsskoens4\\TERRICOLE.exe"
}
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e5daf01-461c-4c13-8ed6-11ba0a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T01:12:33.000Z" ,
"modified" : "2020-03-03T01:12:33.000Z" ,
"first_observed" : "2020-03-03T01:12:33Z" ,
"last_observed" : "2020-03-03T01:12:33Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5e5daf01-461c-4c13-8ed6-11ba0a0a020f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5e5daf01-461c-4c13-8ed6-11ba0a0a020f" ,
"value" : "https://laskowski-tech.com/2020/03/03/remcos-rat-amsi-killing-in-the-wild-and-defender-evasion/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e5daa68-3b4c-4207-a7b8-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T01:11:54.000Z" ,
"modified" : "2020-03-03T01:11:54.000Z" ,
"pattern" : "[file:hashes.MD5 = 'ce2d6bef0c6cfd91ca0bd692bf070fe7' AND file:hashes.SHA1 = '71866e693115a2267657adbcc64e2680b1d3d602' AND file:hashes.SHA256 = 'ee66c92d54e26d81966c3f8a6ebacf2298fd60696f3f0f67dc675bc61d93d14e' AND file:name = 'TERRICOLE.exe' AND file:size = '61476' AND file:x_misp_fullpath = '\\\\%USERPROFILE\\\\%\\\\Lrredsskoens4\\\\TERRICOLE.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-03T01:11:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Installation"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e5daaa5-4044-4e77-afa6-11bb0a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T01:11:37.000Z" ,
"modified" : "2020-03-03T01:11:37.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 94 a 6 b 123 b 494 c f 3990 d 872 d 0 47 b 0 0 71 d ' A N D f i l e : h a s h e s . S H A 1 = ' 0 23831 f 60 a b 29 a a e 1 c 0 332 c b 6 a f 80 c 890 f 4 b 9285 ' A N D f i l e : h a s h e s . S H A 256 = ' 9 c 5 d 88 a a 18845 b d 266819994 a 6 b d a 3253e2 d f 91e942 b 1 b 5428 a 317 a b 6e189155 ' A N D f i l e : n a m e = ' 324 . d o c ' A N D f i l e : s i z e = ' 39424 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A L 0 G Y 1 D / 44 l C a 3 U A A A C a A A A g A B w A O T R h N m I x M j N i N D k 0 Y 2 Y z O T k w Z D g 3 M m Q w N D d i M D A 3 M W R V V A k A A 6 W q X V 6 l q l 1 e d X g L A A E E I Q A A A A Q h A A A A u p J 7553 s / z T A 7 K p N 7 U 7 P o j x A i R f K p Z 2 h D G 5595 + I p 36 d Z h T A g 1 X T C Y C 72 f k J / H d 7 z I a s X F g o s b q Y p f W E / 9 R 3 n 990 s 6 y + m m m P v b O 7 Y / 23 p P U n d 2 W 9 o e v F w / n i j Z m e z 9 M V k O I U d M Q G 2 I + / f 3 u + b r + t v B 9 T y l b y w u O d V M P q D R i b 0 J G l X k p w o H x z z 96 D y r 4 z Y q f b F v j F + x 8 h 972 M 2 q 8 W j U S 5 C k 5 T T d q s 13 M Z d q k 6 j R g i A S r D / A R o A V 0 w s K 4 G F V 3 y T E o 4 i q 8 O G e o y 8 V m B 5 l C J N Q P w C + p Z I w s a B 4 P O Q B v O B E l 0 J E 5 T V p G / 3 N T 8 k M y q L N / e R E l j Q f V G l I h Z Z G k 6 S 1 L N 7 u g o v h p 691 A b a i m 0 O n E e E I 0 N C Q p q V k i t j T z d K N V w w S S m f k 41 O o O / 1 c k e h 5 l N + V J c C v j K c 4 l Z z Q w v r 9 U U r n r K l u + + D 4 G a c c e y W z l 675 c E G K T T g M x N g I X M K 8 j Z L / j w Y l U 13 k 7 V 8 / u b C s 5 y A C n c c H J s S a u a C s 0 H E n W l W l b n Z A 4 K 3 E T m V O Y p b C 607 Y z Q V m C l X 8 G r c U + H w y Y d o n g r 88 x k O b N p c B S c U F C F / 2 r B y b S J L X q N v l S m m u R o P i 0 3 S y F w N U B 8 Q 5 N r 9 W I 4 A J V U g j O H C U / 8 c j x w T A 6 n v p x 1 M e I Y 2825 M D w v g 8 v N g a J r K S 7 S X 1 / 6 p q O X c i G r 7 u J I n U z t Q a z y 0 p s Z s w l k 8 C t / V I H Z L N A j / C L r 7 Y j C l o o g H J v D D R U U v 7 d l 6 L g n 3 V C b 2 b D z m u O H 8 N J 38 I p E X 0 74 Y i L S z s X H m v z 74 I I Q w l Z f / O v i K Q g e V 1 + x o K J 1 z T K q 14 O 9 u N C l u K a i G 6 R r 1 i J P Q k p h H 8 R 2 Y n 86 V j 5 f z x z I 4 V 67 t V 7 J 1 g y C 8 U O X P Q r l v f 21 b 7 r 6 Y / o T p K d 6 C j o a T o c d A t I + Q O n S M c n 5 q 7 q 6 K e d 8 U L u 6 p F j J z + P P + q S z N F i a / F r V w d V t L 5 c X 6 + X p W K R P B / 9 x 61 W 0 57 Q Z E A + 7 s y S c t d 27 f P M v P K k T j S 4 Z W s w t w w j t 5 c d Z 3 J Q u B s U c A H j a w P v V C q r z t A v o Z X Y m //RFMoN6sLL+gcUVOp1SY8AbuIj4rWXAod4zk98u5rxIqenWe6doH75WTQkXYCPnPBfk3f/gbcnoefct5u09DFSWa/aoPWOx/s3iMBJnVGrXbzn6Qrthf++mmqCA/p9GH7dRQWaBG7oVEqXsWfmFq8JH11C14QhrY3FP+jSjTpXfS/oV6OFxVbfBkQVpiJcKImm8WbLbVkB604C0XuV++RYjwqFhveYqxozy2Mu7/TjR/8XYqQ6bh/9WGre8YrJZKN2ct11fYpGPDmP8L/rSNq9ZyTaL2zizdqfpY8kt0c24u16nubx7x+Vh0vH/pWJbdcHXabLvMfexuUAvxdZ2kJJ/WN2ZJuUH7HYe46776MM8JD08g6FZlCGl0HWykLmv0VRwbR3ZzY1xeQy85FPWm3+bcwS54ZrzcdXKGY2FF5EtSeE/9lUmvT3y1T39CaUIwhJC6zyniQHk/ycjYIVVsSvoDSqeP7xQlLz2NvA+QCWh+MCD317FDm0v2JGSXuUjfqEX9BeIgoRfMk9+yFavy1jF4adASkd3eLyDbUkOmHGQr+fLNPP/XisiomsAxBshM/ZHQh/2iyeVjABqQDTos2CIbdqhXxkYj0OontUGJV+ePVRZGPJFuIJZB6tiNHki2/5X2g8t7jJvHZalUSDMdT8R3NEnM/Ocv++imnP1+pRh2taa9xXMAXyNKevrtlyf8xK5E+3LrBKBHWx1EuAiRHGGtPmbas3J0S9J8RfTa3ZiDGCSs7s7H1UF0vJYaPOlt6xZ7PYW37awENPYOb8zEM/GNlEVwD7Qo7XeimFvSscbN8A0cjQiGRGZjHeIzTpFKWipqznITVHnKSAPaYFNdGixqlvBEcq99dKNBz8TEcc9UrcrxBvzTTRu8hH2KNb0PTDptzIKZLGmzt9RmigT+vNpvMBFp7YyAMetZpuCMNcy6cuXMbOtSL0E0+3c9VuJ91ZLpEzkjy8xTZ0hgwGvhWU6DhGdSpVWTot7kXDRKvqgizqQaNNa/eC8AQdj16VsyvS+4AX0HmpZR4d8eNFvEr+esFKueaJWTNwXshSS12pbhQms/jQF35DTEN/fimtT6cIrCAOuNLwJwmPPB6ojLC5cRdJa3ZyyxMeJFxU1hnMO88clTVKWNAv62Z10fWFTW+P0djgyrjLbNCdEza7DouXiPGzEuc/sF5wtlHn6HOPBliwcQ2sMvNxraUL6rR7F1TOus5qK92Oe8bD9q5HjLCYl9QejbygzmrwuYYdEFGbtU/O5dF1fyezoxrSYzFHmmlEDg6uptPGBWeVwD8p67i/v+KQfpQlBku/BUKEJMTwrYz6qJm7BzgMTxTzHluTwEzHt+9OWWx7tyhMqrDZk/B5nD9gWe2ySB7pgfRbQfph0Dgur0BGwLIstlx00atQtDaIrzOKGGqv3e0NrHDdj6Y4u2jraCdAZ+yYa+994aPKXxugIq0RWfCXqG8qs2FQPyE4NmDEGNFAr619kyJssDDItDCiIUWIpMxaWwyP0GAGupOwHgORxm3D3B7DKhI8b4dvgavHLFB1y2mIbJ+U/wZGLIOY78oD3hZ1Gct+wGvktWxhkxI8c8mIzlsTqXH9rO7QFQeLgB4V3HbSpRx4hKMH5JOFmVEI7Ntx9ZQJWxJeNV88L/k1FSzHj/oY013YzSAtEz6t5sFfi0BVUdnRMp3rhGgFvMneAcy9/45qb5C7Ksp4nkUQAxmV5JCwW9X49HBKkYZRXJGJVpVkf29CK+tIXR0Rim4FYPVN2KPZbduFZhqXoFTgezcxm7JhWzRVbLl2yQmPtCsqrqp0YXTEQ7L4C+YG0RxhquvGJVDCX+7c65h/tS5lUXDXDI/KOm5yIAMjlqsYPszgg3YzPSzahB2jMWpjseuho22xTH6zGLPauUZeQ8EXIxsIVvcDxyLmw8Ykd2NapZ3WmmDqRCIIlpEYeM5rqAN8tcIxvPpkzNhGgo7Tz+m4mqnzhL2ygCJ3Lkcmddp2AunwJqkxXxSaRT6wHZ5d1hstx/4DR9RX+AbBdLkvDHEtOUnt2bxXpZfsJmMe+cbnCKfIOWtk9iwzHLaoxynMWaRrsh06TkTpUTSFuZl1EvjwswG9zC6jRT8uXeXhYhUyoZ+7xFL7ZATORuj+1r3nTtAauu7Oru35AAXUXlc7vR83c/mvxVWLo9XcRkxx7MaPHXAObM+AuXK3DFdKZgD41MqzgT6wTiOwY4CHBQ3g+GKV7OphlKecg0BnGVN977XkrixCcgfPoxlPimZGA4gfqfzTv8EdMl/rVRWk5yULtL8Tm8V5ueCWXoqQOgHHQoPooLgPGYmLmgsYMJh+v3BL4MTNDsjjznEJ5yvkLS6/YGKxCaRnEPlkLsHEFcrrxMTbXzn9pDw3sx7lorlVM9CCVgjZBt4sJqFWmn/Bo6MSqjQU85qCtv4L9bRxGWqMejGSLqWlESOqmXvHB2goKiBn3WmDm7dzwFnBTydd00BLMennnuhQ+AxkPfdanhIHeIF+n3bESqejWwLthO8lnWl83uRPxPTbfMKYEGl3ysQbV+Kv32fG5DsQDG1fT9MwmJI5OwTtvTBVpK4oqVIv3baL738aIlPedOneN7AL7PWWJAbJPIxdNPJMXKL4SmQ7hoVmunEvZdex9s3hNOtsC/HFf
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-03T01:11:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Delivery"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e5daaba-4204-45ad-9ed7-11b70a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-03T01:11:37.000Z" ,
"modified" : "2020-03-03T01:11:37.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 2481 f 731 a c f 1 c 77 d f 7 a c 4 b 231821 d c 71 ' A N D f i l e : h a s h e s . S H A 1 = ' 545 c a d a 323 b 15 e e c a 35 a 71726 d 6 b e 830 c c 7 f 8 b 5 d ' A N D f i l e : h a s h e s . S H A 256 = ' 66 c c 741 a 61 f e 877e9698 d 180 c 19 a 47495 f d 49 b d 9699726 d 92 d 88 d 5 c 55 f e 85 d 17 ' A N D f i l e : n a m e = ' 491 . d o c ' A N D f i l e : s i z e = ' 39424 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A M k G Y 1 A v C K m z a 3 U A A A C a A A A g A B w A M j Q 4 M W Y 3 M z F h Y 2 Y x Y z c 3 Z G Y 3 Y W M 0 Y j I z M T g y M W R j N z F V V A k A A 7 q q X V 66 q l 1 e d X g L A A E E I Q A A A A Q h A A A A a A o p / E r f L 0 G d J K W b W f 3 T M u G Z 7 + z l w u N H t / l c K i e a R Q M 36 u I Q 5 B S o w x n 2 w c 913 u 1 K R s X e 9 Q W V 3 R G t N m j c S 1 G Y 24 m K I 80 m W c N 4 F q Y 0 D z o Y w b y V y 5 / S f 9 C 9 p R C / Y k i s Z o s V d l N z T w K m A L 5 O e P G n V s w R Q C q + E d I j 14 h t w g O Z 4 C 3 r X + v k I k H 3 B E S o J 1 T w f L R F J w m i Z k U D W 3 L w Z c B 7 o R y B L S 2 s V R R R o q 8 Z L T G u n t j D E D l d 8 G z 8 + 6 U 9 j G t l T p J 0 e / L 4 u e G 57 + W a 1 f B S d u v 8 k F / g l C 4 J y / 0 7 L S 0 G f A + t k i P Q p U p W 1 R q Q H 8 O M d v E d / J r S X Q x 8 X Q J 74 k N 6 B + 7 n o L e w H 7 d V z F Z w C p O + m M H 1 p v K K P a v L j I J 6 D 6 T G k 9 p X Q s K A O D D F 37 r A e E r 0 t Y i U Y k 8 B t d 3 E d q E U B o Q J p x V z B o T V b B 1 l 2 + o w c D 80 F H A l V B U S N u w o z N / z G B r N i u o O Z J F Z R 4 D c P O 9 S q R T V L j Z S n 68 V h o J v p e Y P P 2 v M V / f H g m d G L z w n X 7 v s v G P n S 8 W x s z n b o / k d + X R T x n C l k h U C r g D 4 w W j 4 i 5 l 5 n Y 8 A 98 W / b f 3 e s l x N H X Z a m H S X h T 7 C 82 h 9 i w I 0 H K + j S q X H F q T Q G 700 k o 7 d t U f g A Z Z V U L G t j 3 g 5 Z G 4 z u w f F A Z T c 0 X Y e / w + b 98 z G 8 V B + b j 8 N L 3 t 0 K k 7 x h D H w t f F C r a s r c 5 d Q g H s 7 f N Y 7 w 6 r T o z Z r Q j e S r c e 3 F K 7 J 2 Q B X F c y h B 0 / 9 U p W Z q i E I W 0 v K l f K E + y q e + s r Y 2 Y Z G t 0 Q K M K T g E s C 979 H f F Y Y P b x J S F 0 B E O c G w e / Z J a P a + h I Z D C C p h 98 x v Y V I O Z c 3 k P s x b z F 0 Y u t F y N G 7 / U B 2 f l Q B n c v R b E C W z d / s g G 9 P z C D B Q b K G u z J S d x k f X 31 z B f L O 7 h p O 2 g w q D f I o k z 40 i Y j s D I 3 t I i F U D F L k O Y n s C d V 6 l Q j V m o U g 2 s H j A b j s E 2 x / O o 8 i j K F E b 7 v b I o 6 E J d N + K H J e c c k 9 r r B z M H 7 P X C o K v b I z R G l h w V s c k p w Y M / + F K B b G x b 7 C 6 i 8 x r Z g a c F / 8 C / k a U o H q s 5 d O d p T + O h A Q 5 H E B s c S H 39 x S b n c 9 B l g K k M U x Z J N J i 7 k Y O L c I p I j q U i I 4 z v B G b g S n j e e A 5 p B P i D v m O P K E 1 X q S 6 l 3 n P i N f s A V K J 4 f T 7 v O J 21 t I p k Z J i R a s t T l X y k 3 d d t V v b P m 6 d s 5 i O m i s v K V w B s i J x m a 2 J 5 f Z x m 5 w p m 7 X 0 J X G E i q i Q f 7 O 3 J P u l 1 O 3 J f h X Z K g 0 o 8 m i M G Y p a z n E H 3 e s 0 m m F I O L Q 0 R R Z F v Y T Z D d u l 0 3 K N x w h 5 c t D 5 V b v X b E S X Y R u 3 m r X w U v U e f W V C y i K B t / F i y q 6 t 6 y i / r 0 2 M N D Z d y 8 r 7 Z v s V P w z O 4 Z K C O 9 h F 7 U D X R P 3E2 p R O S y j H l R 1 A D c l P 19 k X V P G v R L t q / p g Y f / K a c n a G g g H R 798 a I 4 R g o 1 R Z o M O S W G 3 v k 3 S z i f B A O d 0 e H 8 R 6 p j O v i Z 7 C S H q d T + R J E y o Z + k q I j m J c 5 m y L E O b + X l J z e c E D 9 d t b Q u o s M f A Z X o n n D A p 8 v l j j 6 z g i S R 65 K C x m d q U v K 4 K i m v E 5 Y 6 Y x i w k 5 i V 9 F b q O X Q m r c 5 + A r h h 93 j v R O B t S g 7 z W i 0 f s W Q K / 27 D H U n Q 9 v 84 j u d n p Z F D / e X e H 81 g e l m q 5 m d u T r 21 K S e 1 n F Z 8 B b q / D H S A j V h f u U W X U c L 7 q 5 v 4783 R S B q J z f e a W E q C 0 t 9 o I q A H D 9 f f I U p W g 4 f 79E5 g Q V q 87 M U Z 7 r N z z j S 7 E J g Z p v C y 7 m I E 2 / d f S 5 G 0 m Q 9 i 9 Z / 5 C N 9 L c P j F + f q j Q V 2 C 6 T A k P M o x i N f p V W A g / S W W 9 b T 65 Q h G y 1 O R G x i U m / D S 7 e h x 5 p u Q Y M L C 4 Z H w 2 Y d B R d Y s s m Z t 6 z c 8 n 4 w b V x M 1 / 8 X l H P U h P 9 T 9 h L n T K 3 L T H W d y H Z U K s A M R p 6 z e c i n L I h 9 k O n k N / l f o v d N A B r m H t I r q g 4 u G U F m y N u r r Z e i L H w D 7 P v n 6 S c P w U y U Q c i 7 P d F h J P j E 26 N e x V Q F s 71 g m o K z 9 Q B 3 B i z 8 U 0 O X h b A 20 L D t Z a 4 q F j L 8 R A M Q 1 Z s E 6 q U a I S x A H W x J + t d V y 3 z g m o 9 M i 0 s m c Y o U E Z 2 y x B C Q D L F P Z D i K y / 5 e C R d U D i B r 7 B 2 W V z + O 9 i x 1 i C X h y f S V 3 j 8 m U h U y L x Q a 5 L 6 u G B Q 0 r I V k L 0 n z v W M 9 r H y H H x n h M u N k 9 / 51 D M S o q d Q O N X G S s + C P y M m S 3 C X z R w d x f w a a 7 O h 6 Z Z 5 K V b Q I G R Q 3 a X 2 o V K W g L h l m e F / X x D v x T i l 9 c P f C L Y m / Z C v e R Z B H Y 8 p R j + l F 9 G K A 5 P 4 s p x v J 0 K C V k O V 29 n H N Z Y c g U G M 3 f p z 4 t W 1 U N 1 A 2 W I 1 p z 86 H X 5 m m B P F b b g D b Y G Y L c w y k m k V M j U a 9 j T u S 2 z M i + 913 O C h O 1 R y F n 8 w V Z 2 D G G 5 x g d 92 z B H F x o / x + M T C q 8 B p 7 S p / u R c I E w 7 m P C C K b y R K 9 Y L J r L S r 6 I a y I R L i D o + O g g y k 8 N S p I X U b f 9 k 25 N w 3 + / n I 60 j c X R b b z Z T o q N W W a T q 2 E L H Q U f g 31 L e e N c u y V G c K 9 / 8 k Z G a 9 / h l r W e L B E Q r f x a C Q M M b t r Y b L j q j J E 94 X P h R b s f v K Z 6 Z u 21 w Z V 5 w p x 0 6 d S O t 37 C 0 a N o k B K v k 5 r U f c T g h 36 q p j h E I H J + 5 A p t p i + A L Y m I O J e Z f l R L u 2 Y s i P L v O w a b f M N Z y S h X K l W g n B o s Z Q z O M p j / s G Y Y R s w r K D o I 8 O L r / V a 22 c 19 G v T a g L / x L d A L z s Z 5 N v C H T V W A K 9 D v 9 N 1 s a n Z R J I b p 4 K 2 I C W G a X S 9 L 3 n a s h p O U A V p k L u i A / b h k n b v N G u F Q 0 s U Z C N y 9 r E Q Q m I v f 5 D g j L g m b Y 8 g Y K y Q 7 B 8 e V R b x 2 / 0 C h d o q 8 M z X J C l G W w D E + l c D u g r v I C y e j m / r u O J r 1 r I i z b L N 0 1 e M m B M g m w r 8 i H K + m 7 u q d 4 y 44 s 0 n a u 3 t W M C I z B j O 5 u G X E Z n 52 P E V g S B 2 w l N M Q P T 0 P w 6 S P c n o S W d E C Q U l + K h 1 f 10 W w C S c o Y + + z 3 v 3 P r H j 4 u k N p t e S K l s p Y 4 E k r y 3 L P O q X v A s j L 1 p + M d 0 P z E E S u 2 n L Z n c S C U 8 / B 17 + 8 Y M d b m Y U / n B R 7 u C K X 4 u f O T h 84 W B D l 10 R 2 u s b l V K U 5 D Z o N K V Y X e s y d + V C l U 1 N l 8 m 4 G B y B M C 7 L l w t n 4 Q a G N Z / O w r o Y 22 q g F Z q Y f 913 P S l u J G F 9 k 5 T y l 96 N y v j j l 21 q 6 T i L X r r J u I 8 O o Z t G x O w S j a D s c V 5 h P y T e 7 S U q Q Z D M J w q 73 Q Z 1 O m t J o b a t X H j f B t f 51 S f M L k s c h x W H d f E l u d n B 5 O u v H s K u / M i F F V V / t V q K o x p A 9 c V 17 / 1 Z z 9 y s 7 C Z E L d L m K Z J t z D P 56 r t C 8 I e d t E c 95 Y P F 6 r 8 J z f U w j J W / w v f W 3 + E + X t N m q / D W I y 6 U X o z Q p / G F P L 90 M h r T w + S d + N P F s r b o o D J 0 G Q 4 S R 8 X G j 7 O W q s A y y 0 g G x p 7 d t u K n F K f d w d V c W X 0 l D Z j 6 N x G 9 X 7 N J 0 K A E L Q a 87 n K 0 e D W 4 A T h E Q 2 j A M R i 27 t b 46 x b s H O 8 K C K u m g 9 M D 6 H Z p r 1 t S m h h G F / J h 5 g 5 L v j H 4 H V e Q c H s A K B q d T 3 G T j 2 r a o Z y q u P h + K Y i r q d S r E J S 3 f i z B M 9 W B j d J y 6 R G l E w W a T z n H 1 v m S l w w E M 3 O p v 4 z z J / F Y Y 4 J Z H N a 0 d k R s l V J 3 F p I M J Y t 9 O J 7 D p G 8 i z S F x n N I M H X i S H C l Z C S B 3 K 2 K D A E 7 n q K S P 7 y V w T i c w L 5 J H a 3 k + M t r P r H n z t g Y n O G f 3 J Q 7 z n 0 h j i 7 N Y R h I r o 4 A L f l l W q h P O q t p 98 p 1 c m I a l U x o 0 u + I x k K L a C 3 p m M 0 d + b 2 / O O c a Q 0 9 t o y D k P p 184 I U b g Z T B G p Y K
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-03T01:11:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Delivery"
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
