2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5e9f7d98-9fc0-4e7b-9d54-41a4950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-30T11:27:24.000Z" ,
"modified" : "2020-04-30T11:27:24.000Z" ,
"name" : "The DFIR Report" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5e9f7d98-9fc0-4e7b-9d54-41a4950d210f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-30T11:27:24.000Z" ,
"modified" : "2020-04-30T11:27:24.000Z" ,
"name" : "Trickbot to Pyxie" ,
"published" : "2020-04-30T11:27:33Z" ,
"object_refs" : [
"indicator--5e9f97fd-0f40-4a30-b048-4f81950d210f" ,
"indicator--5ea785ab-f3f4-4c58-8214-b165e387cbd9" ,
"indicator--5ea785ab-a6f0-421c-bc79-b165e387cbd9" ,
"indicator--5ea785ab-2eb8-45e9-9f7d-b165e387cbd9" ,
"indicator--5ea785ab-cd5c-4954-bae7-b165e387cbd9" ,
"indicator--5ea785ab-9bd8-40ea-a6b4-b165e387cbd9" ,
"indicator--5ea785ab-6b80-4db7-8ab2-b165e387cbd9" ,
"indicator--5ea785ac-ed04-48b4-a56e-b165e387cbd9" ,
"indicator--5ea785ac-b98c-4218-ae49-b165e387cbd9" ,
"indicator--5ea785ac-907c-4399-855a-b165e387cbd9" ,
"indicator--5ea785ac-7f00-4658-8150-b165e387cbd9" ,
"indicator--5ea785ac-1be0-483d-894b-b165e387cbd9" ,
"indicator--5ea785ac-9e94-4a9b-86a4-b165e387cbd9" ,
"indicator--5ea785ac-1270-48ce-9661-b165e387cbd9" ,
"indicator--5ea785ac-5000-4479-a551-b165e387cbd9" ,
"indicator--5ea785ac-0df0-4dee-9c44-b165e387cbd9" ,
"indicator--5ea785ad-e45c-43c9-83dd-b165e387cbd9" ,
"indicator--5ea785ad-2c78-48e7-920d-b165e387cbd9" ,
"indicator--5ea785ad-5d90-4e43-ad7d-b165e387cbd9" ,
"indicator--5ea785ad-d2c4-4764-8a83-b165e387cbd9" ,
"indicator--5ea785ad-87a8-4744-acc6-b165e387cbd9" ,
"indicator--5ea785ad-3554-44cb-99bf-b165e387cbd9" ,
"indicator--5ea785ae-5af0-4ab7-80e2-b165e387cbd9" ,
"indicator--5ea785ae-3d20-499a-a120-b165e387cbd9" ,
"indicator--5ea785ae-f340-46d5-ae6d-b165e387cbd9" ,
"indicator--5ea785ae-c7d8-43f0-a1be-b165e387cbd9" ,
"indicator--5ea785ae-1ba8-43b5-a397-b165e387cbd9" ,
"indicator--5ea785ae-ba34-490e-97fc-b165e387cbd9" ,
"indicator--5ea785ae-35bc-419a-aa37-b165e387cbd9" ,
"indicator--5ea785af-c000-43f4-a230-b165e387cbd9" ,
"indicator--5ea785af-0028-42d4-aa33-b165e387cbd9" ,
"indicator--5ea785af-3cac-4f9c-a173-b165e387cbd9" ,
"indicator--5ea785af-7654-4b4c-8f56-b165e387cbd9" ,
"indicator--5ea785af-3a88-4352-9c23-b165e387cbd9" ,
"indicator--5ea785af-ed7c-4eed-a225-b165e387cbd9" ,
"indicator--5ea785af-e9ec-41be-8a0d-b165e387cbd9" ,
"indicator--5ea785b0-b2b0-419a-9800-b165e387cbd9" ,
"indicator--5ea785b0-541c-463d-9a3c-b165e387cbd9" ,
"indicator--5ea785b0-5f68-4443-87ba-b165e387cbd9" ,
"indicator--5ea785b0-83b4-41e9-b1fd-b165e387cbd9" ,
"indicator--5ea785b0-db90-4684-a3c7-b165e387cbd9" ,
"indicator--5ea785b0-a078-4a2d-a148-b165e387cbd9" ,
"indicator--5ea78696-6134-4bf2-8f13-bf44e387cbd9" ,
"indicator--5ea78696-eae8-4c29-b450-bf44e387cbd9" ,
"indicator--5ea78696-cccc-4184-931c-bf44e387cbd9" ,
"indicator--5ea78875-5b30-4963-842c-c300950d210f" ,
"indicator--5ea78875-23b4-44be-a026-c300950d210f" ,
"indicator--5ea78875-58b8-457e-8b3f-c300950d210f" ,
"indicator--5ea78939-329c-4cc7-a52c-e408e387cbd9" ,
"indicator--5ea7893a-fe28-4e1e-949b-e408e387cbd9" ,
"indicator--5ea7893a-f068-4ed3-ad40-e408e387cbd9" ,
"indicator--5ea7893a-da1c-4f28-bee7-e408e387cbd9" ,
"indicator--5ea7893a-3068-46a6-b465-e408e387cbd9" ,
"indicator--5ea7893a-a5f0-4b33-a17e-e408e387cbd9" ,
"indicator--5ea7893a-4078-4baf-aa34-e408e387cbd9" ,
"indicator--5ea7893b-1d8c-4c7a-8b36-e408e387cbd9" ,
"indicator--5ea7893b-c494-4ce6-a321-e408e387cbd9" ,
"indicator--5ea7893b-bbb0-4af3-af48-e408e387cbd9" ,
"indicator--5ea7893b-1348-4fb6-afd3-e408e387cbd9" ,
"indicator--5ea7893b-bcb8-4855-8bba-e408e387cbd9" ,
"indicator--5ea7893b-2f04-430f-860b-e408e387cbd9" ,
"indicator--5ea7893b-99e4-4b55-a759-e408e387cbd9" ,
"observed-data--5eaab577-fb70-4585-9d92-4210950d210f" ,
"url--5eaab577-fb70-4585-9d92-4210950d210f" ,
"indicator--5e9f7dae-9544-48cf-8295-40fe950d210f" ,
"indicator--5ea78354-c6a4-4698-bb37-69bd950d210f" ,
"indicator--5ea783bb-2a1c-48fd-bb79-4b76950d210f" ,
"indicator--5ea78453-1750-4d7b-9b04-4b38950d210f" ,
"observed-data--5ea7848c-6f44-4c88-b135-2911950d210f" ,
"file--5ea7848c-6f44-4c88-b135-2911950d210f" ,
"artifact--5ea7848c-35c0-4f7c-862a-2911950d210f" ,
"indicator--5ea784e8-6f5c-43a1-94ae-7fe1950d210f"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"trickbot" ,
"PyXie"
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e9f97fd-0f40-4a30-b048-4f81950d210f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:17:46.000Z" ,
"modified" : "2020-04-28T01:17:46.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.169.6.180']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-17T00:00:00Z" ,
"valid_until" : "2020-04-19T00:00:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Cobalt Strike" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ab-f3f4-4c58-8214-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:20.000Z" ,
"modified" : "2020-04-28T01:25:20.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.89.115.112' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ab-a6f0-421c-bc79-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:20.000Z" ,
"modified" : "2020-04-28T01:25:20.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.141.27.225' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ab-2eb8-45e9-9f7d-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:20.000Z" ,
"modified" : "2020-04-28T01:25:20.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.80.212.114' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ab-cd5c-4954-bae7-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:22.000Z" ,
"modified" : "2020-04-28T01:25:22.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.182.210.178' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ab-9bd8-40ea-a6b4-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:22.000Z" ,
"modified" : "2020-04-28T01:25:22.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.119.113.60' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ab-6b80-4db7-8ab2-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:21.000Z" ,
"modified" : "2020-04-28T01:25:21.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.235.129.199' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ac-ed04-48b4-a56e-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:14.000Z" ,
"modified" : "2020-04-28T01:25:14.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.234.72.193' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ac-b98c-4218-ae49-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:14.000Z" ,
"modified" : "2020-04-28T01:25:14.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.5.250.200' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ac-907c-4399-855a-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:14.000Z" ,
"modified" : "2020-04-28T01:25:14.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.14.29.141' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ac-7f00-4658-8150-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:15.000Z" ,
"modified" : "2020-04-28T01:25:15.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.99.2.197' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ac-1be0-483d-894b-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:15.000Z" ,
"modified" : "2020-04-28T01:25:15.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.234.72.50' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ac-9e94-4a9b-86a4-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:20.000Z" ,
"modified" : "2020-04-28T01:25:20.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.5.250.201' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ac-1270-48ce-9661-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:19.000Z" ,
"modified" : "2020-04-28T01:25:19.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.170.61.186' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ac-5000-4479-a551-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:20.000Z" ,
"modified" : "2020-04-28T01:25:20.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.12.209.159' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ac-0df0-4dee-9c44-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:15.000Z" ,
"modified" : "2020-04-28T01:25:15.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.99.2.44' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ad-e45c-43c9-83dd-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:13.000Z" ,
"modified" : "2020-04-28T01:25:13.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.89.115.108' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ad-2c78-48e7-920d-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:14.000Z" ,
"modified" : "2020-04-28T01:25:14.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.68.120.58' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ad-5d90-4e43-ad7d-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:13.000Z" ,
"modified" : "2020-04-28T01:25:13.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.132.255.19' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ad-d2c4-4764-8a83-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:14.000Z" ,
"modified" : "2020-04-28T01:25:14.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.251.185.164' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ad-87a8-4744-acc6-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:13.000Z" ,
"modified" : "2020-04-28T01:25:13.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.250.250.69' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ad-3554-44cb-99bf-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:13.000Z" ,
"modified" : "2020-04-28T01:25:13.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.250.249.170' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ae-5af0-4ab7-80e2-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:12.000Z" ,
"modified" : "2020-04-28T01:25:12.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.123.237.105' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ae-3d20-499a-a120-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:12.000Z" ,
"modified" : "2020-04-28T01:25:12.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.214.13.2' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ae-f340-46d5-ae6d-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:11.000Z" ,
"modified" : "2020-04-28T01:25:11.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.129.104.139' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ae-c7d8-43f0-a1be-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:12.000Z" ,
"modified" : "2020-04-28T01:25:12.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.112.157.42' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ae-1ba8-43b5-a397-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:12.000Z" ,
"modified" : "2020-04-28T01:25:12.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.129.134.18' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ae-ba34-490e-97fc-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:12.000Z" ,
"modified" : "2020-04-28T01:25:12.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.161.253.190' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785ae-35bc-419a-aa37-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:13.000Z" ,
"modified" : "2020-04-28T01:25:13.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.100.19.18' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785af-c000-43f4-a230-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:09.000Z" ,
"modified" : "2020-04-28T01:25:09.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.29.215.114' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785af-0028-42d4-aa33-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:09.000Z" ,
"modified" : "2020-04-28T01:25:09.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '171.100.142.238' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785af-3cac-4f9c-a173-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:10.000Z" ,
"modified" : "2020-04-28T01:25:10.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.136.178.52' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785af-7654-4b4c-8f56-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:11.000Z" ,
"modified" : "2020-04-28T01:25:11.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.6.16.68' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785af-3a88-4352-9c23-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:11.000Z" ,
"modified" : "2020-04-28T01:25:11.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '110.232.76.39' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785af-ed7c-4eed-a225-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:11.000Z" ,
"modified" : "2020-04-28T01:25:11.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.50.6.122' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785af-e9ec-41be-8a0d-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:11.000Z" ,
"modified" : "2020-04-28T01:25:11.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.12.161.194' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785b0-b2b0-419a-9800-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:08.000Z" ,
"modified" : "2020-04-28T01:25:08.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '36.91.45.10' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785b0-541c-463d-9a3c-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:07.000Z" ,
"modified" : "2020-04-28T01:25:07.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.227.147.82' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785b0-5f68-4443-87ba-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:09.000Z" ,
"modified" : "2020-04-28T01:25:09.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.9.77.56' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785b0-83b4-41e9-b1fd-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:08.000Z" ,
"modified" : "2020-04-28T01:25:08.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.5.231.188' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785b0-db90-4684-a3c7-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:09.000Z" ,
"modified" : "2020-04-28T01:25:09.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '110.93.15.98' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea785b0-a078-4a2d-a148-b165e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:25:09.000Z" ,
"modified" : "2020-04-28T01:25:09.000Z" ,
"description" : "On port 449" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.171.101.169' AND network-traffic:dst_port = '449']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:25:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea78696-6134-4bf2-8f13-bf44e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:36:26.000Z" ,
"modified" : "2020-04-28T01:36:26.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.248.245.71']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:36:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"PyXie" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea78696-eae8-4c29-b450-bf44e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:36:26.000Z" ,
"modified" : "2020-04-28T01:36:26.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.206.144.40']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:36:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"PyXie" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea78696-cccc-4184-931c-bf44e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:36:26.000Z" ,
"modified" : "2020-04-28T01:36:26.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.189.145.132']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:36:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"PyXie" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea78875-5b30-4963-842c-c300950d210f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:36:25.000Z" ,
"modified" : "2020-04-28T01:36:25.000Z" ,
"pattern" : "[domain-name:value = 'teamchuan.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:36:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"PyXie" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea78875-23b4-44be-a026-c300950d210f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:36:25.000Z" ,
"modified" : "2020-04-28T01:36:25.000Z" ,
"pattern" : "[domain-name:value = 'benreat.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:36:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"PyXie" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea78875-58b8-457e-8b3f-c300950d210f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:36:25.000Z" ,
"modified" : "2020-04-28T01:36:25.000Z" ,
"pattern" : "[domain-name:value = 'tedxns.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:36:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"PyXie" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea78939-329c-4cc7-a52c-e408e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:40:08.000Z" ,
"modified" : "2020-04-28T01:40:08.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.251.185.186' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:40:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea7893a-fe28-4e1e-949b-e408e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:40:08.000Z" ,
"modified" : "2020-04-28T01:40:08.000Z" ,
"description" : "On port 8082" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '170.238.117.187' AND network-traffic:dst_port = '8082']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:40:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea7893a-f068-4ed3-ad40-e408e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:40:07.000Z" ,
"modified" : "2020-04-28T01:40:07.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.119.159.147' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:40:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea7893a-da1c-4f28-bee7-e408e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:40:08.000Z" ,
"modified" : "2020-04-28T01:40:08.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.156.202.251' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:40:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea7893a-3068-46a6-b465-e408e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:40:08.000Z" ,
"modified" : "2020-04-28T01:40:08.000Z" ,
"description" : "On port 447" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.99.2.152' AND network-traffic:dst_port = '447']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:40:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea7893a-a5f0-4b33-a17e-e408e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:40:07.000Z" ,
"modified" : "2020-04-28T01:40:07.000Z" ,
"description" : "On port 8082" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.176.135.102' AND network-traffic:dst_port = '8082']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:40:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea7893a-4078-4baf-aa34-e408e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:40:08.000Z" ,
"modified" : "2020-04-28T01:40:08.000Z" ,
"description" : "On port 447" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.12.209.176' AND network-traffic:dst_port = '447']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:40:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea7893b-1d8c-4c7a-8b36-e408e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:40:07.000Z" ,
"modified" : "2020-04-28T01:40:07.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.12.209.244' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:40:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea7893b-c494-4ce6-a321-e408e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:40:07.000Z" ,
"modified" : "2020-04-28T01:40:07.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.254.164.243' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:40:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea7893b-bbb0-4af3-af48-e408e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:40:07.000Z" ,
"modified" : "2020-04-28T01:40:07.000Z" ,
"description" : "On port 447" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.182.210.30' AND network-traffic:dst_port = '447']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:40:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea7893b-1348-4fb6-afd3-e408e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:40:07.000Z" ,
"modified" : "2020-04-28T01:40:07.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.89.115.121' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:40:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea7893b-bcb8-4855-8bba-e408e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:40:06.000Z" ,
"modified" : "2020-04-28T01:40:06.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.196.247.14' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:40:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea7893b-2f04-430f-860b-e408e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:40:06.000Z" ,
"modified" : "2020-04-28T01:40:06.000Z" ,
"description" : "On port 443" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.189.42.81' AND network-traffic:dst_port = '443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:40:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea7893b-99e4-4b55-a759-e408e387cbd9" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:40:07.000Z" ,
"modified" : "2020-04-28T01:40:07.000Z" ,
"description" : "On port 80" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.9.77.142' AND network-traffic:dst_port = '80']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:40:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"trickbot"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5eaab577-fb70-4585-9d92-4210950d210f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-30T11:24:39.000Z" ,
"modified" : "2020-04-30T11:24:39.000Z" ,
"first_observed" : "2020-04-30T11:24:39Z" ,
"last_observed" : "2020-04-30T11:24:39Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5eaab577-fb70-4585-9d92-4210950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5eaab577-fb70-4585-9d92-4210950d210f" ,
"value" : "https://thedfirreport.com/2020/04/30/tricky-pyxie/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e9f7dae-9544-48cf-8295-40fe950d210f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:16:19.000Z" ,
"modified" : "2020-04-28T01:16:19.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 81 e e 8 c 62 f f f 641 b 99 f 3e5 a c 83 c 575526 ' A N D f i l e : h a s h e s . S H A 1 = ' c d d e 976 a 0 d 485e91 c 9e304 e e a c 91 e a b 5 b 19126 c 1 ' A N D f i l e : h a s h e s . S H A 256 = ' 4 d c 82 a c f 2 a 736e9 c b a a 39 b 5 d e c f a 943177417 a d 88 d 995 e b e 7 f b a 79 d 9 d 0 579849 ' A N D f i l e : n a m e = ' d m n d f k l e . e x e ' A N D f i l e : s i z e = ' 532480 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A H W 5 l V A M O D U q Y c M E A A A g C A A g A B w A O D F l Z T h j N j J m Z m Y 2 N D F i O T l m M 2 U 1 Y W M 4 M 2 M 1 N z U 1 M j Z V V A k A A 659 n 16 u f Z 9 e d X g L A A E E I Q A A A A Q h A A A A p D D g P f z L y 28 y //wUizUEEBU/52J91+Q4Jy4Mq+iXSG8pfG0khRRBc+C5fdbZKt2bXj58dg0R3C9htyCBrmpU/cmRZ01dOoadqe7wL57U3KQ+SgZlOXkryYUDKsKUFo91jYRzBgMCtVMhlV10LrXcHKhfsn89gUDoM8kwaLPb2p/LtuyFbp/nQgLu6qAkSk0Bltinzq+ah+MOWh00XHKg3JugeCTiggVUvYBC1FK+prr884bpio0AVJRc3yr/oqepLi/tPTAvfa6okWqFrgUqeO7cJa2vg1I/3B2+JE48TpmACRlCw4F90gSPMWCK6WZ6DavBDaQkiMxd0Pkrk3VK9jdf3l/WP3FtpBgtaNUEWlNEvUpOy7qaKhJ7xJKP+rH1t70XD0Tfaw8sDMIafWyKhHPy49jJX/4m1uirpiXEKtYgalba9ZzzfcZ1Uc8RPyD3IN3IzRcC35HRnLPyD9uDf2TPWdnOJeVMAtBn5/nLeLwXmyO8Frvpz6WfjsoLqWF3JmbS9TWDUMeJfEvT/p/07uTaHPjaGY52m5j+E1lYi9mOH6oQqCD2rc7NrBqvTQeAtpqj6GzaVaorG5gE9VSIWOsncvXmTcYDdfh5rQkAmoom6+uqmUE2X+LTx1T1RZA/Vw63ZuR8k9qZgfq9pbBBwPu9FYv9bQcg7jm51qmV23MW5yZ7FIXINn/CZzyY/XVeNz0AniDVisCA3/6VXWqmIBmaJIq1dyC1NnkkfMoTmy4eNJBaKXBiMskSTTvXiJy5TiNFxeL6dVwaJWc9iwQ7N7HBSbNZlKRb3PovvCyJVwvy++Xe6g2B7wNU9Nr0AA+vC5ptsSTTpfOYRAHgYeKCJsOWlPq82Sppsn5WIEKIVg+prXi9VT+2H8sqcdlMThm4y7Cmgq1aGvNtzCY5YmabOtaV/WdKKdA/+V31C2au60K9bXe6ZEfzifsawc7h24QAi5tOBzT/81Zo0v+RuRox3BPz6migw8fL/abnG05SWFhbPLfQmxw1xJZOukM7VLV970hU0ShZ6onwZLIi8/kLKiCcpjui7KIoZGvlFO37krDJnkakOq80dPn5DJQt8ElA4rY3mcGBxJs4VVL48piU4MqBCstF9ZCm0RpyoUXfTHJV/woXzt+wrbaeY5RDpw7Vf/IYM2/Qir02eTTqphE+M7GT+AkvPATqYyk9V6np/2dVKDaFkSIav1QujICDyC69O/oD5l9NFRbM9tpHO4m419g8bJnHnNURq80XBIAyuIPQN1jp4VqxnCeNIWgUvfQSBmJiPV/eAA6B7XVAhzN8kCODDVW4MPjVo8pwRrpvdqBcA7BxlxyTanDr/hazTTzjiJiu2Fk3+bXP5NVmcZFh8EUWND9GPAxWddLSq0PTkIw+23NrLa7csTeskLvRBu2O/9QBPpfYerd8c6lCVf8OX6NXt65ZCsCDp+yeBrhqyMDADKmnOkRlPm8pbCSFTjSkgA/cgPELWcwxLSokxxByJk/UgJ+WoCH29pPIIFuegmVOKsqGyu7TQKEh/KgYOf5U4cMValUep5CvA+npdjRJVJuvG0iH/pMrrObIxX7YY8+6mKeW+hpz4EBe9V0Mbsfi8NK0kLUQEvMj4bd1/EdAztrkUot4yX/vGJ3tLsHU2biCAr8lv3yBOepvCACcW5vB1LXl5nme0RPpc7ECdTuCI25PmicbEj57IOAJIGawoQuRJprKvuAmNoR8rUeBms9sn379Qi2zc8mr/DSXqRCtLa+dhjpM2WYFrmzSiX+gREJMzvE8jV5ndFjmQNSemp6DPgJXjjvMShLlaG83VRauFfHaLKN9sUCw1BZBI9rH3ThkxUv/Jjk9EnfEEgoJ8bLhpdUVhr9D55b6KnEKRNEl1TXBWkXceotpYSJddgzIUHjk8OatblrQCYGQw719q4MOK6DuMlwbQ61QnKb1TA/YvbQe8Sc/tbfNFac3QChWn5uey9X/i40G5rKjgJJDP4xfyq3t6+Rw57iN8HqvgdJ3RzRkWlIuQfm5/P9fR9fwZHquyox8o1qPl9mHTq9V+RT7O2SUm11LHu644aDcsVoaWh5+HAmUl4b6kN+vss/YH9zC43GIC6YglEKXyTebgihgxJEya5w7r0cBr+6XKMYSKFgWz+eR4wD0l5dxpCiEp2SfraTOPdzak4dcPWKn/w0mIq0KtZJMJ7O93HAP3FebYlnyNBt+Ru3Dj8ctbmx1v409YwttHZp6iDTv8BEomqC2lm/V4J8sUnza6JTg4cgDTUT/PXfAyDSdfHCi57ZxBrJmUFCTOTVwKVyKopAxdBqfnkmoszuxLqLoy3oK07wHzMuELKgEpsrrVSSC+GTTuB4aEy5tzALUwqN1floF6WmYmQ34ivGbIrWhVyWhat7YvdBN1j6c9KQaTH0Edav6hZBPIUWA7olvRNxlru2U4q1ZVhVb+6nTDW7Jl2BSPBdT0p032uLdIR3KdhryCZqW8V2keLadWxfjetrbvq2G92cJWgOoq9CYDmyt7abR+oBdb8nV56NuUYEn255/LtTmXiz6SOB+AcXvLnAOHLl0qLYFwI9alQFrRO1m+dK5kNh7Xe7B3FZWNc6BVa5LqyqIvPB9e+q7mvt5eBxW1K/j0yO4oLOt3u4+qv9BcEyRfBfcdd2aKJAoE4CMjz9kv2tiWVWK5CLrh2HMPY0XBsxkikzaLoGfJyKpg8KWMOujdgKey/TIvGNaXNMhI4Cl82c8aAKWV8UypOIhjhoLDLWXsEOowyIfZwzz87A/AcuNSm9WRseZnYp3TgttkYIpcwOm/Ubei7dPiMHU+mbVqyBLEEYz93ie2YWpt2hJt1VSCHQ+aojpLgBNETpfQIPM+UyrgkOfYErgaCJ12qn0WgP572FYM4zisL8CC2/qeBbtmL9FPqXNgaZSItmG5GFsBYh4XfrTMO5L0reGsut9Yi5zH7+KNx18zv5XxGmTZSewH8E9mQnYwex5Hj4gTndV96gpUEcN96vRnfUWjnSwbDgx3zl7Hd0Vbcm0JpMzCNDBSAwfokVFTxHqT9sJpeKT2mq7T+3DDmAy5/ZecYteV0Z/20CyoSxkOTYPxOHf8xqVn4EfMw6CXW/gRBfzMgbt2tLlJ1X5R/+ItwEKOUPwRrIl/kR43Xq+W4h6IOBf8AJrx70YWsPpvPlkjiMf9kPMu37Nb8//NzmCwAvpqtnWsVK8Lyt8ZtiG7i3o0J7MHL/FD9UdbuM577x+S4+DdILMUZ1qj1/9m/SxPknI0bXi6RFpsCB6sKLKp3YgMQZ+OHqBFcGR0CaWQ3FrIqGPI99NoyUZdcZT+vur+llOGtBCDoxEGQVRTQFDkFeSdVokfHBGy4LME7C1UOvfVmR8QRAtkgFhlyLba0Di9hAcEJmu3EcOF6fMbgTJfwKCPHn5QdUF3AB+Ru8WqRGe8hKncUuowa+re5BzT5At3WdLfFUsNkn7LDd8dme3sz3ZeNqznRaZeYQSYNrGBLA6UzIFETB/ENQnhaS9XOXniRVaK032+7denvJ94Vmwyn0xobv3jmnUqR/ekcOV2P1dQ9AzZgxqW4y6WJR8LWjTKMj2hGMlscvnS6NQdAvnIFRKborgwKuZTvZ/ceJWAkevP73zdnt1EQe7GPH5yhdL2JnFtxWQWkZ0+d
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:16:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea78354-c6a4-4698-bb37-69bd950d210f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:16:45.000Z" ,
"modified" : "2020-04-28T01:16:45.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 444 b 446 d d 246829 d b 1 b 7 b 343 a 7 d 4 d 9 c e ' A N D f i l e : h a s h e s . S H A 1 = ' 97 a 481 c 0 7 f 8 c a 2346 f 5167 a e 2 a e 0 d 992 a 8 f d e b f 4 ' A N D f i l e : h a s h e s . S H A 256 = ' 199969 c 142 a 625 a c 50364623 b a 43898 f 3 d b 4e4 f f 3441 f 93911717 c e 5 c d 68 b b 0 f ' A N D f i l e : n a m e = ' C o n s o l e H o s t _ h i s t o r y . t x t ' A N D f i l e : s i z e = ' 29252 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A L w J n F C I 8 a h O U E M A A E R y A A A g A B w A N D Q 0 Y j Q 0 N m R k M j Q 2 O D I 5 Z G I x Y j d i M z Q z Y T d k N G Q 5 Y 2 V V V A k A A 1 S D p 15 U g 6 d e d X g L A A E E I Q A A A A Q h A A A A X J D A Y E 6 Y h G P r U S s O 54 V 0 N g 8 S I 4 R w l L Q T J o p E k e z f N e G 2 e Z g H L E m o R m 6 a N H x O N U 0 9 S n m S h W i N + T Y X h W U Q G Y r C J r n f C + B a 4 A W h P x 4 J E e j O a y a W U z Q 0 195 e F A C 5 b T 9 D l / D 0 q V W U v t G o 92 O G P I v N U z 1 K w l 86 G a y v 5 Q e G Q B c 7 l x K Z P q 8 w 99 U w y F c z 9 l A p 4 r g 7 G X K a J T 5 M p a q P r h j o I B g o T p Q 88 H r Y R t g M V T j C E m 8 m q X O n 16 W h Z G E I V 8 y / V v 8 l L o P O f w 8 f p T k o P / M j k 20 X n / 1 M D q w b O m O / 7 h g u t 9 j K 3 j 3 X z L f U J g C r w I W m r Z 1 A s d O H 3 G 9 v Z x 8 H O Q A Q e o Q J T q 3 e + d j N B a t i y l c z X U V T w g + d 30 C l O F p R 4 P 0 O B f V M a X z L F f 7 q z r G d h k m j B 2 f s m U X l 0 D M I Z h l 29 O M l E R t S 4 n g o / O x F A 3 i h 8 u 0 3 C y l b g m G 6 g G C m C E / Q O 8 / m B 0 B s B C 44 u B t 4 I r U Z Z 4 j a P 7 Q c B t T Y l m w v Z n h E 6 b T d k K / a d s N + k f 61 K l B M s v / C P 8 z W 9 w H t J 3 N z t e X 4 V m N n G H 7 l w c 3 I M 6 C 8 G P J R y C 1 X o T c u 7 V O Y l L g x L 2 S M o Z F 2 g G d D o V + b X G 54 x 1 l g c o 9 A T M i H 48 B a q Y h + 4 s s r u M B R H W f d L 8 k c J O I O 8 C + H p l H T B Y I N 5 o n F 1 l w x X Y B n Y d C k S z J 7 B D i e r 8 U n 4 b v W 8 h d Z b Q B M 5 d N R q J p I F n F Y s A t z T 6 C 6 g y 4 / P c M F H / u X d 21 o Q C D H z B j j S I q k P x k N y + r F 8 M v T f 4 F C y S u n Q n O Z x 3 U r h y y X f q v P F T T k F E v S N J n h r J P C f C D i o o D b + 5 q t 1 J L S Q T 5 y s U K h f V U s m g P h w y 5 L N p / J M Z f g 59 y c 1 A A f W w X N x 8 l q Z b W f y m E h t R 58 H y D l s Z h F l q g E g / d O r x L A L 1 y Z R + o V R 4 l d v 9 B Z 71 E S M b R k b r A s 0 5 b b Q d Q A 1 z c 24 P e t f q o K K W G P 9 G q M c M F x e t V + L O H 77 s U C y Z x t f z m L / k c w S D 3 z n Y K b k M x X J 1 u I W + a J E 73 S R l 4 F k z M 42 I v o Z o t m 4 N I A C F K 0 z o F m i 7 p a u B V H M h j 9 B j 3 u 3 x r i 55 v 9 i S f c H s p i Q H K 3 j / N h c V 9 + S l k 64 n 0 Z V R n 98 N y E f h A A 9 q G 3 y C 9 u k r Q k y 7 d t S A l i y H q 4 x K e 828 T N L B 8 m 2 A b B N x m N g V F h T x R U b P d v V 8 L y P x M k N B 3 F E 3 H k j 26 Z K N m 9 L d s I d D 94 b n o + r y x b i 3 P K J b i W 55 s e q Z R j L h g a D c 7 g Y K R x M K 1 n v d I A p X X v t e c 3 q 4 A M I 7 L b k 7 B D 7 X F K 9 + K D n V J W b G M f M o t 8 P f t Q 6 u w a n 7 + c G 0 r 0 F D P g u O h O U 14 z W P N 5 N Z A R y 2 q E 4 L V z a z X f 8 i M A n t p z 4 n f e 6 t o n R H v T N j k f a a s 2 k q n T a W x g X j + s O B Q W p Q Z d h T P n g M k 8 e I X D Y m u q 5 T Y G a R E 5 N u S a e O D d z H s G A t 3 P j Z Q M T g U q r h j V g 4 g I U X k l N 8 + Y k J b i N f a q F j 7 V J A v L b H z 1 L j H Y y d 0 4 J u S x g P K N + s B 6 i B m 3 V e Z U k t a R P R E C 5 P q u k P m x e a A L R o 3 I F G b k w Q X S g X v X Q p J 3 Y 5 W w h s k d 0 6 F q d b 2 t B a Z o 4 p M M 8 w u w j K r B E s G E 9 E X w x O x D z j l r b 6 f 7 T v h T Y s X O o P n s A 1 M i O v T K 8 i o l G P h u 9 j v v 7 Y d / v + r E S u Z 9 H v M M B E w r G 9 K N m i n m j p g E I U l q E 8 I 9 h 9 M n b P m E r x e g Y W 9 c E 5 L t 30 n J l / K D 8 I k G v g x Y b C 8 h N J y 635 o 8 l 3 x l P 3 b s Z m / G 76 j m U l p n V s / v O 5 K w F H F 1 H B d r j E j N v w Y H 7 I u 4 u q l K R b 1 u k / M H m l F B h 67 R 65 R G R Y o R c Q / H m u v 8 M z e z D b 28 j q O H u m R g W j A r E y 55 q u Z 6 A u k z + w t t v n J 2 j k s + + u e D K q n 4 n q N J K L S y 0 3 M 64 e a A c q Y C w I 3 G i c j P u L G 5 t M 9 d z t z K 7 F v 9 d w S o B i L 7 + q T i h n m F r H K 2 c a D R A d F O J Q u e t W n Y h + M 2 x v D P E v S c w a O 5 h X v 4 r f u r X + h N r o e i G K W a H u 2 r l b 4 a G y B + k l u f + q V N L 5 t m 0 p c q c 0 1 m b L A V j Q W Q c u 9 u 0E202 E t 3 U p g Z K X Q d P S y 9 u H l k G e r I f C q E O R y Q 5 J p I B 8 P 9 O 0 W f J q 22 d i 6 Q 7 j 0 N l Y Z 0 g Q A R P t 2 H a 4e9 x 2 a B 5 V P 3 O g u o b h 7 f c J 0 N y f I p i B A y C 82 T M i t T Q q b e s Z U F P M K K 5 u B F k S c j t 5 v U 5 H T m c 3 f x i P O V i R z E s c x 452 Z V S O m j 2 J T 7 i r d 8 A c 60 W y g R R 0 P T V o K b U Y e h b i J e A / L Q I + a g N 4 y e p C j q y i O c 1 T l y 5 k 8 i z O l v 8 e P j I D 0 z q E V w m P i 4 H 6 T i h z N o G m l g 1 p p A m l b I 2 L t m t W v y q N N g Q t P D 51 B l v V 2 J c 5 k Z D V H j 5 L K D G h X K 2 A c i 7 g O t z w z C f m r 5 K M h K z Q h a v l J J I O 5 P f c q X b S d s W b 5E012 o 4 u Z p t T O F v a W J U O 496 + V e c G x r b Y O n k E H v H d 1 J 2 a y L T 57 + a o Z u W d T m T 9 a p t v 5 I z R E T Q u V y R Z L W k U 6 f s S 4 F g P G 4 u I f 4 t i J c x m P w L 5 Y S b L b p k F 40 K P K 7 F M c P b R G J v / S k j 7 E Z g g O x Z h q P 6 y 55 O 0 w c h 1 W C b m p L t e E v m y 7 f m N A a y b b f M I w l e z 88 Z K l D R Q / q B S s d j W 3 S K K p t o S O T I B E s R w l z p 4 q o q m c 9 k W S 0 9 G 9 A w A T I k T E P 6 e F v Z v q I i 4 P M x u t 6 Y Z C X q R q P b 6 H 54 m h 8 T c 2 w C 8 e G 9 N 2 o Q K s z 3 A J j 216 S W n x K T 5 b n U S 7 N J D j 2 D 46 R L a 4 S p z U I i f J W + u K Y 8 U D c F 0 z X m 0 f A L v S 3 M F w 4 x Q L k G l A m G r C M S a N S E P Q 4 j V W P U D e 0 n H S z K n V t v m M G M 77 D X P 3 q V f O a i 12 H H L F 2 G J 5 A r k F / 3 w c W a 4 r 3 v m l M M l 6 z T H B t W m a K T 6 s w P A V R h D 8 z 82 Q L p x 85 f C Q u l 28 f 3 q G 8 T 1 p X O D k 7 r U v g G q z p V t w b 11 i S B K a K e S C p N 3 f 1 u W Z 8 y i U x K F A U I J h 7 O 8 G n Q E Y r u M v P n T d m F S F r F 2 Q e u z E P l 6 s T X Q + Q 4 r I 7 I R Q G / c F L a 2 c h j h q c F B t 2 H c g r J G L y U r D y Q I T c a U K B U b a X g Q F F 1 n M p s c K N e T P U 84 V + S E U 2 D O p + R n R O h R V 1 y n f j X R B x L L G q Y i M E P w H 0 v x 50 H H w k F w o Z i u Y V I 81 p b G V W n S 2 q n C k x m 4 E c E P x b 3 O W z 5 f K 5 s X / 7 q V T u I V U D m Z i h 4 J V + A I X Q l X Y g D 1 G L E T 8 x n a j v 8 B w Y A M R v Q p j b D r x E N W A 2 T 0 W w r Q v 3 R o m 7 k E j 51 Z Q 4 q G H x l M 0 O Y v Y H M w b r 6 G 88 T p m 4 Q 20 m m S k / 0 g l 1 O l n W e 8 C c j 3 q h y f C b f / i H u t D w 9 t S g 0 p R B f E I n z x a g m S 7 q k H 0 q N 2 V p Y l S z d I l 8 v q z F C P G Z U E A l a O X f n + j U n 0 t 9 d 7 t C V D B 5 x 7 v G 2 p 9 o V b j S 6 L v I k q J n k 8 W Y 54 M y H D t s k 0 A d i X X t 2 f J P U x R l j 0 k T j A 5 h 8 q A 6 C A 4 T B y x q T Q h f b l t F x 5 + 6 s n 4 V U B i 3 D M L L T v 9 t H A 9 e J x N G Z B 0 z Z s T d O E u 7 i E J a y + / 2 O v a 12 J Z + H f k C T Y f P Y j 8 I n Q Z Z a F V Z Z b t F T 7 I f c B 79 h O H i w F i 0 + 8 G t I U 6 Q 8e8 i r e z o R 1 M / r 25 k w w S I V C 9 d Y u m R w Y B L k Q V D V B N B I R k Y D R 6 J B 7 I D F R G e n u Q v u B 1 j 4 k c E 9 V x k U F V v v B 4 Q I K a M s H U X 5 c S X 85 l a b / a S i N Y E g h v a p l 1 U l l / v i V r + O H Z m f 8 Q J y y + 5 p Z r x t i B 4 v a T M s f V k H Q v Q M N p H C u K V Y b q R 0 1 R H n v a S x z D S r N R P J b f M I Q n h G e r l 5 w U 6 + 86 H S S d r O 66 //c61oAAIdpmblOMircQn0NAWUu95fPYi
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:16:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea783bb-2a1c-48fd-bb79-4b76950d210f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:17:25.000Z" ,
"modified" : "2020-04-28T01:17:25.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 82 d f 61349 a 9391 a 6 c f 236047 c 7471572 ' A N D f i l e : h a s h e s . S H A 1 = ' b 8 e c 908 c c 4 a 0e8 e 406 c e 5 d 100 a 8 f 34 a 10 f e 3 d 0 64 ' A N D f i l e : h a s h e s . S H A 256 = ' 80 b d 15267756343 f 0 28 c b e 77 a f e 810068 b 0e6 a 36 c e 32 f 52 b e 63 f 620 e f 5 b 5 e d 89 ' A N D f i l e : n a m e = ' L M I G u a r d i a n D l l . d l l ' A N D f i l e : s i z e = ' 38400 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A P Q J n F C s n 2 t 4 t 1 A A A A C W A A A g A B w A O D J k Z j Y x M z Q 5 Y T k z O T F h N m N m M j M 2 M D Q 3 Y z c 0 N z E 1 N z J V V A k A A 7 u D p 167 g 6 d e d X g L A A E E I Q A A A A Q h A A A A / e a 4 n I f Z n l P 4 S F o c S / 5 x / 7 d G I B 9 M X E 3 Z 61082 o u H r 3 V Y F 3 J a F W V p K r R e h P m 9 D d f q a v m r 5 N u f / L 0 g 7 D q k 8 D 7 r f p E B 0 / C d V 0 I c Z 71 b W 3E79 + f n G M f Q J r t d L Q H 25 p a F X 5 q u Z A O Z 155 K 3 B D X 93 t C C y N F V D g P S p q 86 G p / Q + 12 x V M x A 7 k Y p g K b n N V y 32 S Q S p R 1 L m U E D A i 5 L b i b o O F 861 X B Y 3 m C F Z 88 I D p m M w R P E r 7 V y r A f e f I h P N h f h 5 B Y C b s H v D h 9 O v r b + H s 8 p o U 7 A S u m I N F T w t D r L j 4 w S u g E u w h m e h + 9 I T U g a A i 37 k X 3 W N p y 9 z O V I r n i M N x N Y J N A D h j g d / 6 i 492 j P m v B M v H q U L w + S T 35 j 0 1 u z N T O y 5 K 3 v o 5 y C N 5 m C 4 p N h s v j q d L 6 w A W i d a v 4 h 5 P 5 y b 5 h j E b g G 7 F P z s 9 R s k u p n E M b u 728 c x s x T W X 7 F 9 e v V e O q M 1 Y b B a / h + M x R a A 6 P 2 R 69 I I 6 M 8 h 7 m U / y Y q z 6 E l 5 / b S e T x K n O 0 s b 1 D y M j e t B 5 K K P C r T 3 B a Z D A d y l A v U 23 S S c p Q F k N w o E P f j a z + O u + u z K A X N A l c J v k X J g q i g 2 / v G b Q + Z w Y E Q Z I n 9 B C P S 6 B V n 5 a G W i G O s f T h y u v a P U v B R V B c o r P B A z k 0 u j e z s P N Z 1 B g k O m / o Z T k 9 V T N + T W X F c S 9 N 1 s 2 M 0 b N 8 U Y Q x Y c + n 5 T t h e O j y I S l V d S w l y K t M W K f s F 7 c S j b 62 q + j j y L v i 4 X g v u f P e C j S z T w g j q j t e + t K M i O D V c L j 2304 S + z 1 T h q m z / 7 E j 15 h 7 I C E 0 E n g p Z I Q 3 H 1 G P z 56 k 8 I 6 o u 14 A C r q W j L a h M M U L I + Y Y o F A 3 Y e X w l y r c v 52 g 674 u b 8 B n 9 a X u N d 67 G 2 u C u S m s T s d S n P Z x 7 Y N + k m j b 1 y f l A 0 m D V C 9 e E y 6 G L O i K M X t 2 D n r V g h A T h g O B j g q 9 V E M 4 U 9 l O D / 4 h G y 7 P L X 54 D O H 0 Q n f f B H 8 w k + c 6 / 0 y y 0 q D / H 9 T r X u S A m s T 9 W W v l P g z f F f A h 3 M a T t g 3 o d H 8 w 7 R 9 Q B F q M a r Q 28 T d M J V a e D O k i I H H i 1 x j p f K Q X g P G N Y D j K B 3 K m o n C a E x y S D W Z v b u G n t a + H l 8 u m 8 a B f F / P O P o H X 0E3 C A Z V q s d g + E O G r 5 Y d t I R C j x 4 z w s V Z 4 + C v j g C 2 Y K g r A c o d d A w G x l 7 n y j x o K P c u i 4 Q i f D X / Z S D h C T Q R p 24e9 U J E P i f P Z w M l h 3 H s v L 0 w 0 h L k j Z s f r u h K 2 F 5 e V D s I E 0 A p u F T U / y f R l Q x m / K t x n w 3 e X q a K M K y q 2 k 4 e F w q y l 64 d H h Z E + E v h I L k 6 V 4 G W U n J v u x D 8 s 4 a a M t 0 v u + V y X k C u 7 W 9 o 1 k S x q 2 h Q m 39 V H A e S Z f h 8 N 3 N G + / R 3 v m d P 6 X I I Q / w Q 7 N m d f 0 Q D n m 7 Q j u A q o i Y e p T 7 I V F h V 4 U 0 P N z D e p o + 0 y r r / h U p L j u / R y 35 o R 46 c p u J d L z S U j W S h C X X k f m k t N r b m 35 j w u K D P J Z r P C 5 K U V F F T Y y 8 P E E x q A N 6 + 1 O Q G F N P i v B Z b E l n u M Y K H + G n f s A s 17 j I y W k X u h G S h k W 6 A 3 w z K 4 W 3 X U k D 0 p r i w p 0 m H V D l X K X 15 U w G m / n H i p E l I K w j D O c e N 59 T w i b 6 Y h W p D s l e m U o U h n 4 g l Z 74 r 16 v H Z Z N 5 T z u f v e N O / q E i s e / g I n M B d Z Q A u L l g w g A L v r U K k X k 5 P v N 8 A w 81 e z e z i 8 C c M g 2 b N r w v N 6 u 185 M H T 7 C Q t D W 82 A p p d 3 B N T B h C s 5 w v U s G + A g A 5 p H a 5 v 32 d Q E E G 5 b t / U n f I f L p p u Y F R F Y 7 l f e e 9 V Q m X l 4E4 w 6 Z C j B z e U v J Y m e y b D 5 d B b R q T j S c W g d g 4 A s x n S Y 9 u m j + f + l 2 Q R q N C m H K d l Y I k C l n b v U f o G e 9 E X c m 0 4 L f H F p M R l 4 c Z e b H c P J 2 R d R u 5 M T 5 j 3 c Z 20 d C v b i F Y w M 75 h s d g V b I a u b h B k 2 C s f q l h r Y Y k Y s K s d z I v b M g M 8 P T j u L 0 c 8 g K n V 3 P Q A 6 Z B d M o B C 6 U 6 h 6 t + 7 n f 3 f O u g r g Q K d a m N l i 2 z M R G v + S x G n u c g B 3 O S J q d X 2 s C y g 0 J o W R U d d 8 r l s X g + J E / Z P w l i 9 c n 6 j w b g + m c s 16 r u z 2 G s / j C v V K E J D k U E w Y 96 C I 9 + Q I / Q W w s t T 7 v t C E e B v H V E g 8 K j + i G i r p 8 t Y i 0 G V V i 2 a 3 L A k g n K T o k P + v 4 G 4 K g X w g H w D 8 k j d D v j Z 1 J D h U g M 2 h x 3 d I 2 D X v d 6 E V v q / o m 4 z S v l 1 a G s u O 6 + C d l n A w r e p 7 / h Q s g v z m H S 5 d 9 s M 8 L E r 3 w + N k R V Y n m g + R G 71 N c 90 / t 54 T K V V 8 t X k j 4 E O r J H 84 X L Z + z C u v P J w 6 o s p 2 d r e R p R H C a 4 t y 0 F 0 Q e H y L t v Z U P I B u T K 3 m Y A H S P I m p s Z S W k B 1 o n g 1956 e q g P X Y 60 n A K D f 2 w p 78 O h N 4 Y 1 f G Q f / 54 U K C t y e B a I 1 l b X G e 2 O M L H C F U T o b d D d F 8 y J T E X y P H Z / h h 3 o D s w 1 I 8 n H H O 4 j h R u X m V s W F Q J H T x o x 95 e j L 2 S f 3 T c v y 3 H Z c v s I 5 b T O / w s d M d T v F a + h w o a H R y + q 6 q 6 k 94 D Z v x j h F 5 d Z j 8 t f x X 0 W 8 U t E n b V A X r / E Y m h g B 4 r C Y 6 I P k f L J K O E X y V j A z j Z q E y / v L g F X u p m L S I M h m / + 13 V X i l P U 5 x q u O 37 Y k c 78 p v O m 4 f w d 2 p j l 6 k Z j E J H l C L U T 7 N 0 H / 0 7 b C U W F p T a 5 q 8 y E P P Z x v d B F Q 3 r k v L P N N R 7 M 5 C Y s z Y a H U F y Q 4 D w E b L 6 Q s o m 3 N K k H Z T / Q q / s z m m f Q j u L 0 A O M N 7 F i p z K E h o k C b S u m M J b 2 q t m b 6 m Z g 5 w 7 c k I D a u a + 3 y n T Y k T 27 x r 21 / A 3 z h i I p r 2 x 1 X z g i V b U V o X O 6 x Y x K x o T c 0 a B v k b G j m j H 7 H k N r P y s o 6 s I I B U e D y P M C T S M a w V W Q 9 i n 58 e x 8 y v 46 v s 1 l k 7 f V N H p x G k T N 8 D N f n l p Z n V o O o 8 U z Z j t q B Q g P j x 5 t Z e e 2 x 7 B W P 0 m p H W T M a N + C 4 r 2 g Z 4 D + v w W / O I R I G B Q J Z Q 88 U E 0 E F + f q E U Y Z m 9 N F o Z s W 9 r J R 3 E g N D r a k r + w + k h J U Y 7 M 9 p r m E w u n 37 A s L m x a Y L J t 1 f U I t 5 X C t V R N b u 8 j b q q l L C E u 6 X B G 3 y I n F N k 2 C w A x O 9 x a K 4 a D X T f 99 F 5 T V t 3 T 0 E u U 393 B 1 W Q K K l B 7 C C r E Q j U l 4 b I N j c B c W + j E x 0 V 3 O 7 k 3 l o J 5 P P Z Q p E E s l Q K 0 + k a z H 9 f 9 G y R q S O i D 4 Q K C e h L e u s l g Y O h 3 E O c 2 S 7 N E C q w 5 Y F p k 8 S T s J a M e y 94 P a 5 G A a f R U b R d b P O / f r T w L B d a + b i v N d + e m + g 7 I i D 9 X B u B 9 p U + w x W B h R G 1 j W R 88 z E O p f R g 8 f 62 b F X B A T 5 u q E p R 9 U m q c 0 Q u D / Q e v 7 j Z F y K j / + q 5 B q a l / F X 9 / S l / v X M 9 K 5 c x Z z U j 35 e G u R y R D Q m c m 5 M 7 Q w / o H k a Z 5 k W l D D C D r a c Z f / r g I O d m L O n F / y J c E h L s b D q H 1 a z S z 0 L t k p G 8 P B y q 2 N r B C r l U U m W 7 X L F P B L I d g 93 H m W W M 0 y 6 A + 22 x x X x v R A e a V 9 T q D O x K N R F L l f W H H a Y 4 //tdoTZWd1C/MmRaebAMIht3IjLkaFhSLni90F12ZKNswjL5pZV28rrpYnLcreDm+6P95T398+iF1YXiBRNQ28tAEtW7HgWx1NEA+KaAqyNKgpL7g0CLcLrKKt8UGLB/SYVJllyTWQ+Z3+yX5ikzegiaIShFybAo/u//3J3/mH50yqNm23GThN4F+6jLf6TJj/RZwZ1SYWzZnoLq75X9xPCsVV3gxfa4zKHa8oPqCyyvXFkJhFGn07Y82NADXTv+XMjkM42BuD6mle3iOSJ/C2EOwt7kwrWkPbuG77
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:17:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"PyXie"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea78453-1750-4d7b-9b04-4b38950d210f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:20:06.000Z" ,
"modified" : "2020-04-28T01:20:06.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' a 82672168756 b e c e f e 2 d a c 9234 e e 61 f 6 ' A N D f i l e : h a s h e s . S H A 1 = ' 5 b f c 42 e d 380e5 b 9701 c c a e c 2 d 2 f 312069 e f 4 a f 11 ' A N D f i l e : h a s h e s . S H A 256 = ' 39646 d d 3 b f 20 f f 74415 b 806 c e a 0 8 d a a 8277 c c c 1 b b 7 d a 5 d f 4 c 5 b d 4313 a e 5 c d 697 ' A N D f i l e : n a m e = ' L M I G u a r d i a n D l l . d l l . d a t ' A N D f i l e : s i z e = ' 139280 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A E Y K n F A p 1 A J V N S A C A B A g A g A g A B w A Y T g y N j c y M T Y 4 N z U 2 Y m V j Z W Z l M m R h Y z k y M z R l Z T Y x Z j Z V V A k A A 1 O E p 15 T h K d e d X g L A A E E I Q A A A A Q h A A A A 9 K N g C R H R A 3 o l i c K A 8 e M 1 Y z k M 8 c K 6 S r o 17 / O k K y d r y g J T L Y l O v p a l 4 h l j P D N Z U Q q b u v I 8 C Z l z O I M C W K W c m n M d N X X x I G m m V Y n 4 D U n e 6 A A R e V N C p 8 J b i n h C h V 1 X A V J S 98 N 0 v n m + P 6 L e T i / Z Y M y z 8 T 5 b m X P B F z r 6 t 0 R C H j V L K r E M D E 1 x b w w d A R 2 I u h o p K w m 9 i X m M c m j n J K Y 4 T a T e 2 R Y f 6 Y n Y u I e C 92 P C i f a J D h 5 H 9 I t S Y p N X X u S H / i U T P y 6 r b J C H Y x q l 68 b j A 6 Z 5 y r H P d 6 D m k n R d + B s X z d M z J q t e n C L 2 j D 3 D B a o k l C K w l Z z S P d L D m R C o k d 4 T k w q 47 T K n O T s 7 K 5 Z w 8 r p v P 4 e B B + e X w j 1 p w L h l c K b C a n O k 92 e t U A C M w y q R + O 5 W A K 8 h / P + c G 4 K d Y 2 V b l R 0 / o z o n A o O L a 9 Y Y D f 96 g 0 K V e L J I w j n M U T t r t w X + D 7 Z 6 l 3 g l t L Q r 1 c f x f m j c M 79 c l y i B 8 i Y p b G 3 R h l S h 0 a X p e F A N d E u N n Q j y y w U M m J s I p + 5 F u t / Y 7 t O M R x Z L h D / 7 Y / M 74 B Y L E K 3 O v J O l O g x J 3 y k j o f M i m 0 k t W 0 e C x r V F B i i J T + o p 4 t K W Q Z r k O B I V 99 v p j W Z w g n 9 Z 6 a 4 l r G P R F 2 r Z D q Z D x a / 6 B + 3 W 506 g j z a z x u D e 5 W 1 c o B 0 Q 1 z Y A H 6 D L u Z m p z q G A x h B Y U o F T j h Z s 6 o Y x M w o i + C G B p S L A c S 9 t U 8 O n I 4 H Q 7 x a h n N r / A d L + Y 1 s u k s T g + v t u H d L 3 D m o v c P m + j A + v k R C f Q z w 12 t o o P 2 K 3 e G + D 4 h H r l O d b O S v k v q G x Q h U k 8 j Y 2 G w D J 8 T 95 j d 0 / d 4 L L a Y T I z y a w x G f W E p f W p 8 D 5 / o 1 O u j m Y H C E b l X k 2 f l 7 K M 11 a q D T h 2 W / O e n e 4088 C z X 5 + 11 n 5 + h o O o d U 0 b t H f x y f / A / Y r T V B m y s r o A z q N o R Y D s P j O w b E J B X d 4 n x b r T q i t K u A Z W 0 f u a a o a b g 3 + b v 8 O b t k W G 5 K / 6 p v v S 3 C 93 S h V U x b N 12 V B y Y P f A z x 8 N s s + 6 T X 3 J d 0 T K E r y n Z 4 e y c Z h Z S H v X i 2 t W R y / U M W G R X g M b j K m W + g c B H x r K z F S m S f 1 O N z v + q R S t y S B 8 J / m G V 9 Z s U R z a 4 X T R Y G v d U G R A K N E V Z 6 P u N t R W 2 K x I O K D G s G P w a o Z y m A w Q C j + c l Y 0 W 3 B Y d + U f / l Y + O S y z 9 Q S Y m w 2 j Y A t N c X a f O 3 H w u B P 9 u X W D x F c 4 F W 5 f 68 u p K b 9 R 7 w j Z J y C t U K I 1 Q N A 4 W A b S J / N C x o Z e C T W v O 8 h B f b H g q k L 8 w 68 x V 2 g P B T Z H f u 7 l q p b X E 28 R s T 7 E z w T z 7 h N W c J P z q D l y Q d x d 8 D D D c Q R e I Q l g A I J 1 N J w 1 g b O + c D y j j o k t G N O 8 o I V w B r F Z D H X + X / k g H / O z 4 + G X P S r 22 N n O r 6 X X H W t 2 H T j p M H V 9 U C C + C d U 2 H 0 W F 5 a D 5 r o b B d Q W v L V v a M t s W o q V I 0 I k R N y 6 u S / 8 Q I j U y Z V W T h t r Y a 5 r J E Y / 4 U u n a k c 8 U n H c y F 7 D O C Y C e u h d x J i B n K L u n E O 17 a t K n X d l 0 X O f 7 N f g G m G G A l 6 s o v / p V + w u K W 9 O h T U K y S d K 5 W s e S / l J L T 25 t V 1 g u 18 Y i p c a N x 2 R K B T E F J K Q p T D b Y K o A 5 H A r R 3 F Y H p s T 7 y U 2 z I / c 1 J Z r Z w E T T + f M Y Y J R h S z q x D y C 0 W p e I 6 L j d e 83 D q m L N m N 97E9 y 8 S N P v M P t e G d H C 4 V 1 u 8 A I w G A w M r g 4 s m O a o N 9 H 9 T w d A H F E 5 d L 7 Z K X 3 d C T w i d j Z c x S 5 P U i R m J o E o C z / 4 E / n 27 H o I S f M Z C q W h C Z Y S o y n s 7 J H v O y 7 w E p 8 b A k y 6e5 Y r N T 2 d 7 z / 7 I I 8 M S d w P O B i c s 7 + U 1 F i C p g r F d H M s 8 Y a D X + X x c B C 8 L r H A l O F U + t X 8 F u 8 B o v j I l z g P L M G c V Q T e J v C 8 t S n Q m T R 8 H N P U b 0 0 X e z i w L O K V s c z i 4 U y U 9 R o t P 0 J h 90 x N D t a x + 9 o c L Y A O C q K C E R b V U j 7 c V U F 6 o u b 7 M I a C z 3 s B s Y h s k / W A n o E N j P x e r v Q 8 c l g m n M v 9 K o 66 Z b T y J d K Q J Y v j 41 o X R x a h T K V d j S L I q + w t H w O 1 j X O L I q i D a t j e u V 5 r c S a / J t k s c M o w S w R D a K B h j U Y 5 e o b 3 g r N P n L 1 E d g T q 6 y Z n c g p 83 M 2 / X S l q R h 7 I y f J L o h + w h u X Q U 5 D L 3 u g + p X G 363 C 35 X c W C q w b b 5 c f 7 + r w c O Q h 8 L t q a I j e t z T w T Q j I O 8 Y 3 m p + i L u 1 V 3 B T O V s l r Z A G 8 U A 26 w 2 s i 5 T q g 0 3 P E 1 p M b o M q z Q i l v s W r m T A B n z e R a n Z S I N 3 X c J k v I a 2 u t E Y y F A I J W 0 r o W G X / B 5 F R 5 n m 7 i S o 0 D v W S 2 d b m 7 y D n S N E m x i N 0 28 H X f 64 a o p c b Z 8 g x K N t H Y 74 F X 13 Q e i s d 0 / c 4 W N u e f y 62 p s 0 P / r u B 1 Z e b K N W b E 3 m J a j h E / 1 j / Y f q 9 + 4 J v s i b K b q i i / 5 u + e / + Z 9 C o B M l J 3 X 5 H 2 R 6 r 5 l B E 23 a 7 f z q p n e i D 4 x n + r L 7 B y Q p F o C 0 b 5 H Q D 2e1 F O f l 97 y r k f Y A v s r T R V v 5 Y M 8 / R V z j Y v m L i v C + 0 D n Q l s / U I t m 0 N I 2 w y F v A 8 a t o L m X j D p m H p f c 1 h E w r T j + 7 l W 3 o I i R c 6 i m D g V z c / Y 9 d u z 1 E j u j E U X A A g K z + V Q 3 V u 8 A B U p v M b e B o C L X H e t P Q 7 v z S N S n f c d 5 F v j 5 e W V Q 2 h M 5 z 6 e D r n 0 3 l v K F Z m f e y R 3 h n Z f z 82 j m y A A 6 A W j e 40 o w y h o C v p r o d F O o b v J 35 S k r y 9 N D 92 w P X S x 59 p D E 4 U 3 d V b X v H E C 0 h 2 B K C R p g f f J m c p d 7 H n E T x p V R 6 q A 8 b 8 N 4 o r t r f E r I i H B X o t g c U o I a 0 c M x f 2 K h 60 M K g X W q x e e / E I + e f + T 6 b f Z S 8 w O m Q 2 r s H 0 Y q h b i 8 / 1 x g c Q T x O c W M 6 H O 7 t F r l 8 m I H Q z t R R 2 r R h w L t l W O Z W l b y s / K U 4 + 0 b G S o Y 8 Y Q y j P M 4 G e W n j q f L 2 S p 5 R b a F r 1 x J F 6 g Y E v M G w F Q J s 7 B 8 d q z J p 2 I c 0 k r k m H 6 R 330 i Y Z 4 K 6 w C D i D U 0 q Z q c o y J v N I 5 H d 0 6 j 0 z T R W T u q Z H H V a D A Q K I N 0 0 G + / b T Y Y 0 R 8 a / z A C B j 52 t O u p I d U T W y I U h O K N + N 60 M f k 76 J s W / A z o w h S w s b p o 4 i X t D G q 4 R 9 K X j w h s t J U l c t t b R b 4 p k h f m u u 5 x E U z 4 Q J t T A i r O 2 m + y b e J q G s 4 k Z W J k B g j Z Q S V x P I S + l q 8 M A b u v q g b / Y P I s 78 E I c X f m q P Y r T b / O + F Z Y F 8 t w t 3 p U p q h T l / P f o 5 O R q r p E E B 0 P j 4 U G w Q Z B E 8 t y s 0 5 j n k h 3 x 1 v j 9 z o A 2 A G P b A i U 4 E z b z N Z M H r j x b Q W / 2 b 2 t 0 4 i p U A p m 6 D k U h q k d s y 5 M d d 2 B D a a n X F X A J S L i b 1 F B 6 A g R 6 Y 7 A w 5 q v b n + S U 7 y L / k a 9 J z 3 c S c f E r X 9 R t 6 j T 0 b 29 u T u S V c y O A T y S Q U V x X j 2 w 4 v b P U A Z B j c K b f Q + 7 k j K Q J + e 2 w n X b 6 H z c i a k F K I P M S R j h A K z B P F F w x U G F e j A P R G a R L T Q q C r P s n I F F R C c o s w m o o W C 8 i v O H x V 1 h w P F Y + G y J l A i O + K z f x N l N T T 4 J F h f e 0 q D K A g g K + 9 + 2 v 1 o F X C y 4 W a m 5 v m 18 S K A S q a 6 e a A c 2 b N N u Q S e k j N w V l A v C q z w s 1 i f Y D X j 0 + S s u V U x 5 H A W Z L n y H 0 V h m M n 7 k Y P l 7 l w 2 Z + 5 R H i Y w 7 I H K 6 n 7 R L M h H 1 d E 8 T z W R o L A b b 5 U q m C 3 p 8 V 9 v O 1 u t O V 3 Z C 0 w 0 h N w N w I L f 2 W s m b 895 I e e v l s l R F k T / L + D Z 37 Q S A i v u J r g M 3 K N 1 c S V Y A 63 D 1 G W j S X 7 F 0 v 6 d j s E j J t j U r 3 O a q D y e 1 k f / Y D o e x 2 I L v
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:20:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\"" ,
"PyXie"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5ea7848c-6f44-4c88-b135-2911950d210f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:19:47.000Z" ,
"modified" : "2020-04-28T01:19:47.000Z" ,
"first_observed" : "2020-04-28T01:19:47Z" ,
"last_observed" : "2020-04-28T01:19:47Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5ea7848c-6f44-4c88-b135-2911950d210f" ,
"artifact--5ea7848c-35c0-4f7c-862a-2911950d210f"
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5ea7848c-6f44-4c88-b135-2911950d210f" ,
"hashes" : {
"MD5" : "629aa296fe4aa64c165b5ad954b7b022" ,
"SHA-1" : "58c581a7f819cf326cadc3db4f43ffcd8203ee5e" ,
"SHA-256" : "5aaca87020e9ef0435536ab151966c8ec054438fd26413d6cb39bb749668ffd1"
} ,
"size" : 405456 ,
"name" : "msfeeds.exe" ,
"content_ref" : "artifact--5ea7848c-35c0-4f7c-862a-2911950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5ea7848c-35c0-4f7c-862a-2911950d210f" ,
"mime_type" : "application/zip" ,
"payload_bin" : " U E s D B B Q A C Q A I A G Q K n F B F B J G + 6 i 8 B A N A v B g A g A B w A N j I 5 Y W E y O T Z m Z T R h Y T Y 0 Y z E 2 N W I 1 Y W Q 5 N T R i N 2 I w M j J V V A k A A 4 u E p 16 L h K d e d X g L A A E E I Q A A A A Q h A A A A 88 Z h f c v k T / t R u I 8 M y u l e k f P r p 7 q 0 4 X D X M / r V H I 39 L W + n S n F x + 1 j y 17 d w 2 A r y z 1 n j 4 q F H o N V g r m o e J R + i b z C Z r i R j / 2 J U 1 f X 9 F F O e c c J 2 + I w 84 l t J w 6 v y m Y 9 j Q 7 c F X t X c n 8 V e M P 1 G y k L Z 8 X 5 n 3 i z T j v O 5 T S Z U D 1 x U U X 8 s M U S E f 6 d I j g Y X S i p G d l h z W I n j O B V 2 o C n 0 / H o x w e E 9 w l r F H w S m s Q / d 6 F c J S R i b x 2 U V x r M f S 67 T x y G F u z f i F T f q 4 X 4 b m g + x q A p N + 9 V k G e a M j P l Q C e i p a s e 9 I M 0 E X f D R z g G y g Q H R a C M S 2 P G Q Y 9 b 2 t U i 9e3 o u v h r Q y P f n P L B c r y 1 n V f X e t p O G j U p i Q I F R z y K p / r p R 7 F S T T 9 t P + Y b 133 m H v a M w m q 5 s z 5 I 2 a v / a B C T + b Q J 2 w f O q g / P s g F t w G D s z Q 3 L A j o B t U E V f 4 j J M f o z g h b 3 f y E t 4 F H 1 W A 0 o w 8 T g M z Q y H u Q n Q F n R O 2 h / 3 I T t h f K E o H W x G 0 f U c O X I U y + N X i N L v 8 q j X p S n a j E r z + J 0 b 9 W 4 q d M w / o u x W b w 8 p E y Z y 2 J Q e F X s X w i j Y J j + c V M f R G j F m 775 L 8 o 14 g H I D 0 U + x / 3 B o N 8 G Y H f A + x N h C M g 3 w c X 6 v 8 W U z o 2 s f E + Z y 5 Y e Z 6 j f i Q 6 F y o 7 W 8 x W i u i A L W a x f N J G p K c u C g K S X Y m v b 0 L u n K R e a s 9 W 9 P B 3 F Y k p b b T Z b 8 z 176 J J L f L K f l V B p P V L m d V i x i U K A h L m Q 4 J W R m C v S J n t K / g D 9 F f r d v f k E 75 u R 8 O x 53 Z J 3 M V 6 k l 5 c Z r S 5 X 65 n 3 b q X l 22 h 1 Q Q L a u w + t F 7 D F t E c v N r Q p c 3 o b f q F E / E E 6 G 80 L 0 x J 0 Q M N x 0 v N V g Z F R p f o z N z O T B K c L 6 D I Z / i D b w 8 X y R Y r b P 377 v f 6 u o A I 11 u A P E m b J k S / B 2 R P I h u c i 2 p o G f + C R j U S 8 Y w h G 6 X I Y 1 G l Y x V R u Z V b t G U l j Q P a 58 I J 2 C 7 a j W y x B i 8 a D S z O X p b g 8 a u 9 o z f X N V R 9 A H s m k C G 5 h P m Q U W d W C b E O L J 4 b Z f M x J 1 x o C s s / t s d d w C B k Z 83 F S K c / 4 H j 1 E W k 8 i 7 f t U d n o O f D F Q 4 s e W R + 1 e z L e N w w W 0 I r S a u D B b Y X F D 4 X l M b y 3 N t 5 v d m a t K G U L u f / A Z Z X Q 2 + k P R g y C G 0 W R / x V v f s e 5 z V x P G i 3 t G Q 4 l F a c 36 n g d o j n k A H w Y P d 4 U 2 M c i / F D r A v z J q e b f V y 4 i 0 o 2 c p Q A L 0 Y H C K / d 62 y U 4 M u 9 l 4 K f + P G S z n W s V P R j d U Q f C / 36 W 3 b A S X C r 2 l i J d C y D D c p 7 M 70 P f O s 9 g U 3 V t I b 579 J H E v o E l h N V r / U o M W D J p v i N p V o 8 S A v Q 6 M J 2 T P c g 9 w 58 R F P G L p 2 M d x J p + y b v D B 0 v g M 8 r C F 9 U Q Y Q o M e h e f T u O T 1 Z d L A l w e X R l f B O H z T Q o / 6 P r N H t + P V T p x e K q q w l 9 a B m V r o v 8 T l m s f 4 e a s u i z h o X 16 Y 5 d s w F 8 / 9 / v g 0 X 3 N l d g 4 p a + L g t K N + P n 9 J S y l S 5 m 9 O r 5 f s z p 40 S 9 I 4 y E n U m B g v m f r h P R t i 6 e v 52 q Q f f d 1 W q r A K K P 1 q 9 g u B 0 z m N O l Y / C t D N x i Y p v M O V h K p j u d S a 17 / A Q Q K u P u n b S 4 l i R B K k t t O y q Y m 3 B i v k A / 5 T X 5 c H q I D N g H 7 Y M 718 m o k J m k y v H F K M a R r 9 I m 1 n M F W 8 y J Y Z k b U q B l 0 9 J V B E y N 8 G n Y U b e W P 846 A U z m T O g h R a S 4 q 1 X 53 p + 1 V R Z 6 i A g u O 6 c V 44 I 5 w I o V X n 782 B + p b 8 D a t l r V d 3 O w 7 t K f S T u o N J 0 U V G l D 0 y X Q X 4 O 2 m + R g m e z F D p 1 / N b Z n T K i K / c x L R o s L / t t k f 9 L E a v / k / A A A q C r u k n b e V 5 / n F r K g V 9 x 31 L o 8 a 6 / 0 1 U 4 U k 1 W f y 8 P n u s V b 9 f 0 j n a 59 C G x I 9 p c H j c R c + O q 208 p P 9 Q v L e l 0 F t v m B P r n H n R J u y a Y I y V 8 r p W d N 5 M T + v O 9 l m j 1 g O C t F G O j g q v t 2 M r K 8 y O o f M Y K k p h k Z H 4 e A T //BUKnwNOt3LOOS+KbJnHBfkcnV2MPWnCo4drtf7qOHs/pidBfMHmahs7Q/pK4DBpeexAYCLDJpvfk12Z3Uqr3rbBCMS1Kaondd26zVI7i8tKK8WJ369QMuvTHx8AoHmOTkpWWg4oCZick/WmYcO9TBK/HI/CKPotEVVOUZGLLGroXCR5H5lkTx6dEBFIv4Whc7YQhcsB0Mcep99QH1+BsPJgq4G6jg+tQaHtmt4Womv8+TRfQbj+ExDc7muS1i9Et0+EXw6mAqWYhw+SZuWQXZ2WkO7iWQ3JsR/6yeiz36AtAlYctvHwX5SymILKD/PpRQ3qstoyWIYLltkdWzZMJ+2SQ4USnmkt7XbE8VheCVAGcRHzhHetgGDSrbrrYRsgIB44xKviQ9JKc32ud+b8tCpyWxL5dgntPJDmkSJX1csLIukSf/YCCtG4P9Nnx5S5nfTI506gao9uSCZu074xOXBt7Nk1mr8aFEGf3MSO/J3DJpZSUopNvoVF+wUaIRyoU59bkHP9epS7n8LqsvBZ6Sz9R+TeZJ0wa7mFR/MekcovXR7zArD5Gwo8+KZhPpvGtCztdfJI/WKSu2i7Q4CSyIK7ioYx1O4c9EAMh2+VrSBS3L20icd2zQrd1QdTli1Qh+EhpifFt9KYUWA2Q39ufik/ATCo4rmHvTRLrOfN2CsDciUly7u3nJKLIq9r8nXBxsvj0HM/W+LdM8q1YKGCTNcE+yD+9tRcy57R/4j88cG/vngk00EHvZb9ABK9dQInQ8FQk7znz6ZGDhdf00vrXKXG30baTQttP3RQ1lPav6gFHJSKfNgBcr010hkYXgC6IRY83WUnLet7YZqzE6ZMSDVltcUGa2I3KuyMkaJtsgnMh6yurOAu2x0TrdLj5BPG6xLmQ8D96b5uhcXGhzSqvOcPeGLp0BmSrPvD42tS4SvA0xKezjPewhBJ62YIbcrpD+ULJmiyNvVPJwNQ7610KEdYTRTZ3b5RcjN6u/OfH2gvcMvdgdIgU/06hJuP6g9dBIwusCNR9M2etBk4Az8GOPh9PD4gyTzhN8mpLhi70jsU1MBViiUXRpnMCazlividl96BqLNPQYur6t4+8zrzGAsRWHNZmM23jPnDt9T57PgZXGLEbKEe+pzbg2cvghZpdDTsmJO+KOkOU4r2eQdYOp4AFpyLFvfnIRpTHACnQ0lZztwuBojZHXxVHoGwHAj+mT35rmIQ0AHesBfTaYi+iqg5/chiSkyZeAReALwT/A30dIj9DexNa1kyZXzdB67wNkN+ztw5hD9qn/EPFiaQJFKzJOr7/src5SaAxJ6GYKk6csC3yMMWNg1C5WxicYXlwEDGBQqEhF+6STxrrX8Xe51Ml2VbXXZ4+zHYGvnLS2zPQ08OTBOq7KriEJvyYw30XQhH8XL8PDoDAsxX6Oe5K3h0JFCm3cJ/a7wUwmTqvazdSgQ80qSjbWmO98Us5LF/HE5lJxy6uPmc2f8n2gIm+Q8KqOZ/Mecua3AvOeXz0ZhsJgYTRGYIjKX9Yh/IJhqS+sADDq4U/MvpTFmw2WApx0FHmzAc8w59GDYA4IUf9mJZrnhL4j+nDPbrz3CATQiCvTDptXIxdIOP1z/NdOICxUofv71esL8CCNTUT0M+Nyc9Sb2RboW+B6AgRH5FgAfXWIbkPodN64WT6WnOa0jiGbXfxVRTamz3zchWF1g8jKRCECkVTDg24zoZ3QiIMcgas50ZhP4zvBDXisjvF/gjCP/OwdD3j8tfsRzbqE6gY1cmUM6VBMHPmQiz6IIfW7axs0r2Kx2K4pJIwkMZH2Gk76xsy1Zk2SWqo2Ir/pa2gQL5yww9ip0niZGnCm8MRVpqqfXgG8fLm922WbPiMiHaZ33qamM6pBhoekcf8WGlA/TddH/JGwSqd2nuySTjoGKFsBui/Zr0I393GSvkUk0jyAXKy5PEgpfgDXk0VNCNKlZPnL2uyYQvjwmA/Si0fkDnV0FMTrqmR0GLpiLH3X0yLc6657ZSpyAKWnhSWZNLMoyhmSAHp6mbG/z3bmB0NgwKghBkP78i
"hashes" : {
"MD5" : "629aa296fe4aa64c165b5ad954b7b022"
} ,
"encryption_algorithm" : "mime-type-indicated" ,
"decryption_key" : "infected" ,
"x_misp_filename" : "msfeeds.exe"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea784e8-6f5c-43a1-94ae-7fe1950d210f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-04-28T01:21:17.000Z" ,
"modified" : "2020-04-28T01:21:17.000Z" ,
"pattern" : "[file:hashes.MD5 = '6d0b192efb3909556cc6452ee5336b93' AND file:hashes.SHA1 = 'a4789b71f8382f23b39c656f797fe1c2f22e3cc8' AND file:hashes.SHA256 = '4beed76d5848fda5c41a9705ebef9bd81278e085ed57ffacc97b188ed8979b50' AND file:name = 'cmdline.txt' AND file:size = '49' AND (file:content_ref.payload_bin = 'UEsDBAoACQAAAJQKnFC+srRiPQAAADEAAAAgABwANmQwYjE5MmVmYjM5MDk1NTZjYzY0NTJlZTUzMzZiOTNVVAkAA+iEp17ohKdedXgLAAEEIQAAAAQhAAAATqvcNUqwGzX0vTv4XIGyFGeCJLG1Unpcs60Arg4cUx+wbyEPx1inIPRGAQJf8zV/qr8Wz0xjYePra5+2C1BLBwi+srRiPQAAADEAAABQSwMECgAJAAAAlAqcUDJq+t4XAAAACwAAAC0AHAA2ZDBiMTkyZWZiMzkwOTU1NmNjNjQ1MmVlNTMzNmI5My5maWxlbmFtZS50eHRVVAkAA+iEp17ohKdedXgLAAEEIQAAAAQhAAAA9WKSTENw/HJpsZ06ZqzT8wok24A+IMZQSwcIMmr63hcAAAALAAAAUEsBAh4DCgAJAAAAlAqcUL6ytGI9AAAAMQAAACAAGAAAAAAAAQAAAKSBAAAAADZkMGIxOTJlZmIzOTA5NTU2Y2M2NDUyZWU1MzM2YjkzVVQFAAPohKdedXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAlAqcUDJq+t4XAAAACwAAAC0AGAAAAAAAAQAAAKSBpwAAADZkMGIxOTJlZmIzOTA5NTU2Y2M2NDUyZWU1MzM2YjkzLmZpbGVuYW1lLnR4dFVUBQAD6ISnXnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAA1AQAAAAA=' AND file:content_ref.x_misp_filename = 'cmdline.txt' AND file:content_ref.hashes.MD5 = '6d0b192efb3909556cc6452ee5336b93' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-04-28T01:21:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
