2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--704d14e0-3a68-46a2-9b20-88a781463250" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-10-27T08:45:31.000Z" ,
"modified" : "2022-10-27T08:45:31.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--704d14e0-3a68-46a2-9b20-88a781463250" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-10-27T08:45:31.000Z" ,
"modified" : "2022-10-27T08:45:31.000Z" ,
"name" : "[TLP:WHITE] Joint CSA: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector" ,
"published" : "2022-10-27T08:45:40Z" ,
"object_refs" : [
"indicator--c7166501-5bd1-45d8-97e3-4634136c5457" ,
"indicator--9a2762d3-7826-4a8b-a1ea-39cd309a596a" ,
"indicator--e5748b36-87ab-4cf8-a6ad-9bc041f0581f" ,
"indicator--6a01d26b-6d7a-4000-8a1a-67d923c04e69" ,
"indicator--138f9eeb-2858-4dff-84e9-bf9d7589b72e" ,
"indicator--c3284cf6-25c7-4f2b-881d-bce199505b0f" ,
"indicator--857759e8-3c07-4b70-aade-5fe7b5da8460" ,
"indicator--ef68bbc5-3aaa-40bc-ae02-a2e7d95feb5e" ,
"indicator--f6ae8d8a-5704-46f9-b403-a314c8096c23" ,
"indicator--ce8554b9-1602-4476-bbc3-7869be2a91b5" ,
"indicator--22449f76-157d-41ae-b5a5-f9b36266e279" ,
"indicator--2536c3ce-4061-4f9c-b9c4-c06d6ecd0db3" ,
"indicator--2d0749f9-0913-4c9d-93f2-bcc69cb513b2" ,
"indicator--cec55dab-f351-4c61-a998-0f8b8c3f9851" ,
"indicator--15fa7f34-5106-4671-b4c5-9073137ed92f" ,
"indicator--34fea72d-0bcb-4fa1-9a16-07d70d376fcb" ,
"x-misp-object--6120480d-1d15-409f-a867-61d92d89b55f" ,
"indicator--d7942518-41c8-4d63-9981-2240d92984f1" ,
"indicator--404a83c0-700c-4cbb-8def-2bb802bc8723" ,
"indicator--29f55101-c92f-427f-a48c-f1b422acc352" ,
"indicator--926e1339-d22d-4de0-b77e-987842bd5cd2" ,
"indicator--b44ce2ec-2bed-4e6e-8277-fc5c2d9e8e04"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\"" ,
"misp-galaxy:malpedia=\"Maui Ransomware\"" ,
"misp-galaxy:ransomware=\"Maui ransomware\"" ,
"target:healthcare" ,
"misp-galaxy:country=\"north korea\"" ,
"dnc:malware-type=\"Ransomware\"" ,
"enisa:nefarious-activity-abuse=\"ransomware\"" ,
"ecsirt:malicious-code=\"ransomware\"" ,
"malware_classification:malware-category=\"Ransomware\"" ,
"veris:action:malware:variety=\"Ransomware\"" ,
"Ransomware" ,
"ms-caro-malware:malware-type=\"Ransom\"" ,
"ms-caro-malware-full:malware-type=\"Ransom\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c7166501-5bd1-45d8-97e3-4634136c5457" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:42:19.000Z" ,
"modified" : "2022-07-11T09:42:19.000Z" ,
"pattern" : "[file:hashes.MD5 = '4118d9adce7350c3eedeb056a3335346']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:42:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9a2762d3-7826-4a8b-a1ea-39cd309a596a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:42:19.000Z" ,
"modified" : "2022-07-11T09:42:19.000Z" ,
"pattern" : "[file:hashes.MD5 = '9b0e7c460a80f740d455a7521f0eada1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:42:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e5748b36-87ab-4cf8-a6ad-9bc041f0581f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:42:19.000Z" ,
"modified" : "2022-07-11T09:42:19.000Z" ,
"pattern" : "[file:hashes.MD5 = 'fda3a19afa85912f6dc8452675245d6b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:42:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6a01d26b-6d7a-4000-8a1a-67d923c04e69" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:42:19.000Z" ,
"modified" : "2022-07-11T09:42:19.000Z" ,
"pattern" : "[file:hashes.MD5 = '2d02f5499d35a8dffb4c8bc0b7fec5c2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:42:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--138f9eeb-2858-4dff-84e9-bf9d7589b72e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:42:19.000Z" ,
"modified" : "2022-07-11T09:42:19.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c50b839f2fc3ce5a385b9ae1c05def3a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:42:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c3284cf6-25c7-4f2b-881d-bce199505b0f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:42:19.000Z" ,
"modified" : "2022-07-11T09:42:19.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a452a5f693036320b580d28ee55ae2a3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:42:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--857759e8-3c07-4b70-aade-5fe7b5da8460" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:42:19.000Z" ,
"modified" : "2022-07-11T09:42:19.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a6e1efd70a077be032f052bb75544358']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:42:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ef68bbc5-3aaa-40bc-ae02-a2e7d95feb5e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:42:19.000Z" ,
"modified" : "2022-07-11T09:42:19.000Z" ,
"pattern" : "[file:hashes.MD5 = '802e7d6e80d7a60e17f9ffbd62fcbbeb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:42:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f6ae8d8a-5704-46f9-b403-a314c8096c23" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:43:09.000Z" ,
"modified" : "2022-07-11T09:43:09.000Z" ,
"pattern" : "[file:hashes.SHA256 = '5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:43:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ce8554b9-1602-4476-bbc3-7869be2a91b5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:43:09.000Z" ,
"modified" : "2022-07-11T09:43:09.000Z" ,
"pattern" : "[file:hashes.SHA256 = '45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:43:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--22449f76-157d-41ae-b5a5-f9b36266e279" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:43:09.000Z" ,
"modified" : "2022-07-11T09:43:09.000Z" ,
"pattern" : "[file:hashes.SHA256 = '56925a1f7d853d814f80e98a1c4890b0a6a84c83a8eded34c585c98b2df6ab19']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:43:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2536c3ce-4061-4f9c-b9c4-c06d6ecd0db3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:43:09.000Z" ,
"modified" : "2022-07-11T09:43:09.000Z" ,
"pattern" : "[file:hashes.SHA256 = '830207029d83fd46a4a89cd623103ba2321b866428aa04360376e6a390063570']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:43:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2d0749f9-0913-4c9d-93f2-bcc69cb513b2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:43:09.000Z" ,
"modified" : "2022-07-11T09:43:09.000Z" ,
"pattern" : "[file:hashes.SHA256 = '458d258005f39d72ce47c111a7d17e8c52fe5fc7dd98575771640d9009385456']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:43:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cec55dab-f351-4c61-a998-0f8b8c3f9851" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:43:09.000Z" ,
"modified" : "2022-07-11T09:43:09.000Z" ,
"pattern" : "[file:hashes.SHA256 = '99b0056b7cc2e305d4ccb0ac0a8a270d3fceb21ef6fc2eb13521a930cea8bd9f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:43:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--15fa7f34-5106-4671-b4c5-9073137ed92f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:43:09.000Z" ,
"modified" : "2022-07-11T09:43:09.000Z" ,
"pattern" : "[file:hashes.SHA256 = '3b9fe1713f638f85f20ea56fd09d20a96cd6d288732b04b073248b56cdaef878']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:43:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--34fea72d-0bcb-4fa1-9a16-07d70d376fcb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:43:09.000Z" ,
"modified" : "2022-07-11T09:43:09.000Z" ,
"pattern" : "[file:hashes.SHA256 = '87bdb1de1dd6b0b75879d8b8aef80b562ec4fad365d7abbc629bcfc1d386afa6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:43:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6120480d-1d15-409f-a867-61d92d89b55f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-08T12:10:34.000Z" ,
"modified" : "2022-07-08T12:10:34.000Z" ,
"labels" : [
"misp:name=\"report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://www.cisa.gov/uscert/ncas/alerts/aa22-187a" ,
"category" : "External analysis" ,
"uuid" : "657d3f21-21f8-4bce-bc86-8b72118215f2"
} ,
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://www.cisa.gov/uscert/sites/default/files/publications/aa22-187a-north-korean%20state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf" ,
"category" : "External analysis" ,
"uuid" : "ed55e806-c3aa-4398-834c-c057dc09cafd"
} ,
{
"type" : "text" ,
"object_relation" : "summary" ,
"value" : "Since May 2021, the FBI has observed and responded to multiple Maui ransomware incidents at HPH Sector organizations. North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services\u2014including electronic health records services, diagnostics services, imaging services, and intranet services. In some cases, these incidents disrupted the services provided by the targeted HPH Sector organizations for prolonged periods. The initial access vector(s) for these incidents is unknown." ,
"category" : "Other" ,
"uuid" : "ce969de8-fc66-49a3-9b63-cde9861cdc2d"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Alert" ,
"category" : "Other" ,
"uuid" : "65182fe5-d52b-4ebd-ba23-bf6e2b3f0ffa"
} ,
{
"type" : "attachment" ,
"object_relation" : "report-file" ,
"value" : "aa22-187a-north-korean state-sponsored-cyber-actors-use-maui-ransomware-to-target-the-hph-sector.pdf" ,
"category" : "External analysis" ,
"uuid" : "0dd6ed29-bb62-4b6d-ba10-afcce02978ff" ,
"data" : " J V B E R i 0 x L j Y N J e L j z 9 M N C j Q 0 O S A w I G 9 i a g 0 8 P C 9 M a W 5 l Y X J p e m V k I D E v T C A 1 N j Y 4 N D U v T y A 0 N T E v R S A z N D A z N z A v T i A 3 L 1 Q g N T Y 2 M z Q 4 L 0 g g W y A 1 N j c g N D I z X T 4 + D W V u Z G 9 i a g 0 g I C A g I C A g I C A g I C A g D Q o 0 O D U g M C B v Y m o N P D w v R G V j b 2 R l U G F y b X M 8 P C 9 D b 2 x 1 b W 5 z I D U v U H J l Z G l j d G 9 y I D E y P j 4 v R m l s d G V y L 0 Z s Y X R l R G V j b 2 R l L 0 l E W z w x N E Y y M z R C O E I 2 Q U U w N j R C O T A x R D B B Q T Z B M E M 0 N 0 M 3 O T 48 R D E x N j A 5 Q z c 1 O T M 1 N j g 0 M z h E Q j g w M D I y R E E 4 N U I y N j E + X S 9 J b m R l e F s 0 N D k g N j V d L 0 l u Z m 8 g N D Q 4 I D A g U i 9 M Z W 5 n d G g g M T U 5 L 1 B y Z X Y g N T Y 2 M z Q 5 L 1 J v b 3 Q g N D U w I D A g U i 9 T a X p l I D U x N C 9 U e X B l L 1 h S Z W Y v V 1 s x I D M g M V 0 + P n N 0 c m V h b Q 0 K a N 5 i Y m R g E G B g Y m B g P g c i G V e A S K Y n I J L 9 C p i d B S J Z u 0 E k C z 9 Y R B L M / g Z m X w b r 6 g S z z 4 D F 3 c H q t 4 D Z G m D y P 4 i 0 W Q 5 m s w F J x l X c I L b O W R B Z U Q 4 i l Z a C x L V / g 9 h p P 8 G m 6 Y N I j y o w O w l E y v a B 2 T l A k k l B A W x a G Y j U n A E i O b 1 A Z I 8 Z i O Q S B 5 J / T I B 6 G R k Y A 0 A i Q D c O U v I / A 2 P x M 4 A A A w D F R h q 9 D Q p l b m R z d H J l Y W 0 N Z W 5 k b 2 J q D X N 0 Y X J 0 e H J l Z g 0 K M A 0 K J S V F T 0 Y N C i A g I C A g I A 0 K N T E z I D A g b 2 J q D T w 8 L 0 M g M z U 4 L 0 Z p b H R l c i 9 G b G F 0 Z U R l Y 29 k Z S 9 J I D M 4 M C 9 M Z W 5 n d G g g M z I 4 L 0 8 g M z Q y L 1 M g M j I w P j 5 z d H J l Y W 0 N C m j e Y m B g Y G Z g Y L r P w M r A I H K F Q Z g B A Y S B Y m w M L A w c P 1 o M G x g W s z M u 2 i C 8 j 43 N Q S W H Q b O B g S F l p u X R B 3 D F L I p H F W Y t m v J y g q v K l U k G T j J B W T O e C H o 6 A B l a y 4 L S L F m C f D 1 f T B B o l V u V q q b Z N 69 F 0 M t V G a h l V Z T n j J c v H E W W B A i 0 i 3 S t B L M n M y g b V 3 R 0 M D A I K Y U D a S B D s B z M V U s H c R s Y G A X N g A J g C Z V y i I g L i M Z w I R D I M r B t 8 A b S S k C s D R Y J Y R B k O M G 4 g M H p g H O B 7 A 12 E X Y X x n q G W Q 1 x D H U J b g x y C / j W l C 1 j 3 h R y u + u e P 0 u S q G C o 5 b Q p z N s 81 B j a 2 f 0 a l A X / H F A U W C g g + K b 7 E c v D m Y I M x k d u C W 6 M Y C 5 z m M X A w O 7 f Y M a Q q Q A P E D U G j p z J Q J o R G L o n g L Q 6 A 0 d + N C i g g I 4 S h a v S Z e B Y c A O i i v E c Q I A B A M x A Z Y Q N C m V u Z H N 0 c m V h b Q 1 l b m R v Y m o N N D U w I D A g b 2 J q D T w 8 L 0 x h b m c o / v 8 A R Q B O A C 0 A V Q B T K S 9 N Y X J r S W 5 m b z w 8 L 0 1 h c m t l Z C B 0 c n V l P j 4 v T W V 0 Y W R h d G E g N D M g M C B S L 0 91 d G x p b m V z I D c 0 I D A g U i 9 Q Y W d l T G F 5 b 3 V 0 L 0 9 u Z U N v b H V t b i 9 Q Y W d l c y A 0 N D c g M C B S L 1 N 0 c n V j d F R y Z W V S b 290 I D k 5 I D A g U i 9 U e X B l L 0 N h d G F s b 2 c + P g 1 l b m R v Y m o N N D U x I D A g b 2 J q D T w 8 L 0 F u b m 90 c y A 0 O D Y g M C B S L 0 N v b n R l b n R z W z Q 1 N C A w I F I g N D U 1 I D A g U i A 0 N T c g M C B S I D Q 2 M S A w I F I g N D Y y I D A g U i A 0 N j M g M C B S I D Q 2 N C A w I F I g N D Y 2 I D A g U l 0 v Q 3 J v c E J v e F s w L j A g M C 4 w I D Y x M i 4 w I D c 5 M i 4 w X S 9 H c m 91 c C A 1 M T I g M C B S L 0 1 l Z G l h Q m 94 W z A u M C A w L j A g N j E y L j A g N z k y L j B d L 1 B h c m V u d C A 0 N D c g M C B S L 1 J l c 291 c m N l c z w 8 L 0 V 4 d E d T d G F 0 Z T w 8 L 0 d T M C A 0 O T E g M C B S P j 4 v R m 9 u d D w 8 L 1 R U M C A 0 O T M g M C B S L 1 R U M S A 0 O T U g M C B S L 1 R U M i A 0 O T c g M C B S L 1 R U M y A 0 O T k g M C B S L 1 R U N C A 1 M D E g M C B S L 1 R U N S A 1 M D M g M C B S L 1 R U N i A 1 M D U g M C B S L 1 R U N y A 1 M D c g M C B S P j 4 v U H J v Y 1 N l d F s v U E R G L 1 R l e H Q v S W 1 h Z 2 V D X S 9 Y T 2 J q Z W N 0 P D w v S W 0 w I D Q 2 N S A w I F I v S W 0 x I D Q 3 O C A w I F I v S W 0 y I D Q 4 M C A w I F I v S W 0 z I D Q 4 M i A w I F I v S W 0 0 I D Q 4 N C A w I F I + P j 4 + L 1 J v d G F 0 Z S A w L 1 N 0 c n V j d F B h c m V u d H M g M C 9 U Y W J z L 1 M v V H l w Z S 9 Q Y W d l P j 4 N Z W 5 k b 2 J q D T Q 1 M i A w I G 9 i a g 0 8 P C 9 G a W x 0 Z X I v R m x h d G V E Z W N v Z G U v R m l y c 3 Q g M j M y L 0 x l b m d 0 a C A x N j Q 5 L 0 4 g M j c v V H l w Z S 9 P Y m p T d G 0 + P n N 0 c m V h b Q 0 K a N 60 m F t T 2 z o Q g P + K H t v p E O s u q 9 N h m n A r P d B S w m 1 g e H C D C x 6 C n X F M W / 792 Z X s J D a J g 3 P m j E e R L O 1 K q + j b l W Q Z a k K J D A 2 R F r K Q M I O v l n D L o A r K D B K U F U c R T j Q X k A s S K g m 5 J E z Y E A q K M C 0 0 F D T h T C o o G M I F 6 k M z 16 A o L X b K L V G U E i G M g Q I j Q g s B B W i m m k I B O h d c Q g F 6 N 1 R B A f v S G g q Q R I g 1 o K k l h 0 J I l G + y R F M G 1 W C r p g p k G I M C W K k Y W M z A s B u c I i W n b o 4 + t z 4 H G 10 O P b p c u P r b T 5 + C v h s C X o L B E F 6 H 8 J y 9 T O J g k O V 3 c R 5 c E r q 9 X b 7 c Y C f 0 N v g S H A a n 8 a i 44 d T 2 r I C / x 0 A O Q w o m 4 J 0 R Z l k P T L k N h s 8 / C + z s K E k f f b f 9 N M 2 K 7e1 y Y L v x w L I n D I f l C H t u H U P b o 9 J U h q w d m N E N B 1 a 6 B 2 v F O O 8 h H k y I H k 4 C c 2 v 5 + m H Z h s M a 2 b O K S Q C p R 2E03 u M I p g E j 7 J p B D 4 f k V z S e w j D H w b c s f 4 r G w U 6 f s B 4 N v p + U L d 9 P j g k L h n 1 S 5 M 9 x M D y O p o 8 g m s a + r 72 / x c G w i I o 4 G E V O L 5 t 4 P d //dBSnBWFU0mAnmnyJk/uHghimg93YN20JroL9cXQ/JYIH+1laDAbZ35strZVrI5yCq2AHt651P3pKxi/v+nkSjd/7mmQcg+toh7ar+RY9xcFpv3/97eSDEzw+c/XDIo+L0UM1Uay69BZJSoPDIhono356P44JDYZF/HRBwtDPEkXR4jyZFFkeXJUTUcy6aQ6iaYwizUH30lF2l6T3wWWS9tNpMnvfT/JpsfMQ5dWk5527AIMzOYpKEabYbBHPYA2cRWfZeZpAbzGRSjj5maEw2l3xML3hBh0XH6V0WRIQaTBhGduxjDkmlHpLmvfrHw1/PSbDuUvuHVg2IIfvrm/q5VA/hDGdLNRrt2w1rbJspZz1jPV+1PqcXKK0ZtmsjCNz7toxx1GbMxEu7tK5HvW2uD7L1O3BkaoyA3JvF93A2nC9F1i94AUKArrzAiaURf01TmB4wwl2z08qHrc84J19YYvx0hss7+gNS0ff0ClkwymkbnUK0+oUAvbH+aK1OUUNtTLRV+6w6BKMMrXSJ2jNIxY903sCXZCkzgdeM/Z/kv8fuL+tR3xWZ10tsG70Utbh7INteJpy/+Ja2GUd9h/nB3vXpyVug2x890bgzUrgGWxbnYhfbcIbqFfha+p1g3r4H1upV8upr+iuP2YhWHV95n6wCHHlB5iH7nBZehiUQaqBiNIrw+EMkfqhgIcekfJQAD2uORTYOiL9073jr1cL69MZjupkAOfpbmgsG3rDUBg2oOC8/Xyg150P1gXC+iliHgYrnddQrY57LsZBzdtPAcvhQ6nFHO3A8vysUMVFBLFqqVIJ5EwLy2bxDNTcupVcYBUsW2BVsGWsMjjGYRtgCnc50K+hup9H6eM4SclBVjwkIzLIssc6uWGd3OvDH4OL6w+VnlfbQrUNj7amnV+4v9T5bTFgI4z9HlPDWLZjHK7AWK3clJRPDhm4469Lc+kZaHBr1nANVwYQksZtj+Gsb2FkDUof75TGjwhqdeTkKCfxzg7XbMUBRuo/L8zsFpVk5WIoD9c7vOzLKmZL5sd4haqm61Gt7bycqwrVUKJ+N1SNrqO6d3jdh2PfElI8h53Pn29GVtWRXWvIhuA272e8/X5mTFdwX4PY1qY0YqiM3ngz96iH5W+FnWrEXkTV44gAC/wENYeRq0a85CshpGZZvORMuTaA0ArUb4XwOL5Lnp/qGLI6ht//udq9umiuvl
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d7942518-41c8-4d63-9981-2240d92984f1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:33:10.000Z" ,
"modified" : "2022-07-11T09:33:10.000Z" ,
"pattern" : "[file:hashes.SHA256 = '5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e' AND file:name = 'maui.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:33:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--404a83c0-700c-4cbb-8def-2bb802bc8723" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:40:00.000Z" ,
"modified" : "2022-07-11T09:40:00.000Z" ,
"pattern" : "[file:name = 'maui.evd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:40:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--29f55101-c92f-427f-a48c-f1b422acc352" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:40:07.000Z" ,
"modified" : "2022-07-11T09:40:07.000Z" ,
"pattern" : "[file:name = 'maui.log']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:40:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--926e1339-d22d-4de0-b77e-987842bd5cd2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:40:13.000Z" ,
"modified" : "2022-07-11T09:40:13.000Z" ,
"pattern" : "[file:name = 'aui.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:40:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b44ce2ec-2bed-4e6e-8277-fc5c2d9e8e04" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-07-11T09:40:19.000Z" ,
"modified" : "2022-07-11T09:40:19.000Z" ,
"pattern" : "[file:name = 'maui.key']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-07-11T09:40:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
