misp-circl-feed/feeds/circl/stix-2.1/5e761095-13f8-422c-837a-4aa60a0a020f.json

346 lines
2 MiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5e761095-13f8-422c-837a-4aa60a0a020f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2021-05-24T10:05:35.000Z",
"modified": "2021-05-24T10:05:35.000Z",
"name": "laskowski-tech.com",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5e761095-13f8-422c-837a-4aa60a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2021-05-24T10:05:35.000Z",
"modified": "2021-05-24T10:05:35.000Z",
"name": "Lokibot Equation Editor Sample",
"published": "2022-01-19T18:21:04Z",
"object_refs": [
"indicator--5e7610da-c138-4add-a2e7-46c674656a8a",
"indicator--5e7610da-0c20-4a88-8ad4-4b3a74656a8a",
"vulnerability--5e76123e-c354-4178-9c1b-4a030a0a020f",
"indicator--5e7618af-5184-4d5a-8d09-4fe574656a8a",
"indicator--5e7618af-b0f0-416f-801f-4a2f74656a8a",
"observed-data--5e761af8-9558-4dd8-8dfd-43b90a0a020f",
"url--5e761af8-9558-4dd8-8dfd-43b90a0a020f",
"x-misp-attribute--5e78945c-f8e0-45d1-9de0-23b8d5388438",
"observed-data--5e78945c-2344-4646-8551-2367d5388438",
"url--5e78945c-2344-4646-8551-2367d5388438",
"x-misp-attribute--5e78945c-ffd0-4060-a6c6-23d8d5388438",
"x-misp-attribute--5e78945c-0d70-4486-8ddf-2416d5388438",
"x-misp-attribute--5e78945c-8164-4dd9-be39-23cdd5388438",
"indicator--5e761144-d120-4a00-a22b-43d50a0a020f",
"indicator--5e7617c8-b490-4181-b9ef-477a0a0a020f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"Lokibot",
"cert-ist:threat_targeted_system=\"Windows\"",
"cert-ist:malware_type=\"Stealer\"",
"cert-ist:malware_type=\"Keylogger\"",
"cert-ist:enriched",
"cert-ist:ioc_accuracy=\"medium\"",
"misp-galaxy:android=\"LokiBot\"",
"misp-galaxy:malpedia=\"LokiBot\"",
"misp-galaxy:malpedia=\"Loki Password Stealer (PWS)\"",
"cert-ist:threat_level=\"low\"",
"cert-ist:threat_type=\"malware_outbreak\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e7610da-c138-4add-a2e7-46c674656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-21T13:05:49.000Z",
"modified": "2020-03-21T13:05:49.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.95.132.48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-21T13:05:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e7610da-0c20-4a88-8ad4-4b3a74656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-21T13:05:59.000Z",
"modified": "2020-03-21T13:05:59.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.170.122.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-21T13:05:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Delivery"
]
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--5e76123e-c354-4178-9c1b-4a030a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-21T13:10:22.000Z",
"modified": "2020-03-21T13:10:22.000Z",
"name": "CVE-2017-11882",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2017-11882"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e7618af-5184-4d5a-8d09-4fe574656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-21T13:38:13.000Z",
"modified": "2020-03-21T13:38:13.000Z",
"pattern": "[url:value = 'http://shgshg9nationalobjwsdyindustrialgoogler.duckdns.org/shgdocument/vbc.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-21T13:38:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\"",
"kill-chain:Delivery"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e7618af-b0f0-416f-801f-4a2f74656a8a",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-21T13:38:33.000Z",
"modified": "2020-03-21T13:38:33.000Z",
"pattern": "[url:value = 'http://23.95.132.48/~main/.isuoxiso/w.php/tOEYLz76bbT79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-21T13:38:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Actions on Objectives",
"kill-chain:Command and Control"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e761af8-9558-4dd8-8dfd-43b90a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-21T13:47:36.000Z",
"modified": "2020-03-21T13:47:36.000Z",
"first_observed": "2020-03-21T13:47:36Z",
"last_observed": "2020-03-21T13:47:36Z",
"number_observed": 1,
"object_refs": [
"url--5e761af8-9558-4dd8-8dfd-43b90a0a020f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5e761af8-9558-4dd8-8dfd-43b90a0a020f",
"value": "https://laskowski-tech.com/2020/03/21/til-how-to-unpatch-office-and-get-that-sweet-execution/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e78945c-f8e0-45d1-9de0-23b8d5388438",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-23T10:50:04.000Z",
"modified": "2020-03-23T10:50:04.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_comment": "Cert-IST Attack name",
"x_misp_type": "text",
"x_misp_value": "Malspam-2020.03"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e78945c-2344-4646-8551-2367d5388438",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-23T10:50:04.000Z",
"modified": "2020-03-23T10:50:04.000Z",
"first_observed": "2020-03-23T10:50:04Z",
"last_observed": "2020-03-23T10:50:04Z",
"number_observed": 1,
"object_refs": [
"url--5e78945c-2344-4646-8551-2367d5388438"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5e78945c-2344-4646-8551-2367d5388438",
"value": "https://wws.cert-ist.com/private/fr/IocAttack_details?format=html&objectType=ATK&ref=CERT-IST/ATK-2020.024"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e78945c-ffd0-4060-a6c6-23d8d5388438",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-23T10:50:04.000Z",
"modified": "2020-03-23T10:50:04.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_comment": "Cert-IST Description",
"x_misp_type": "comment",
"x_misp_value": "IOCs coming from a report published on the Laskowski Tech web site regarding a sample of Lokibot. The attack attempt involves an attached crafted Excel document."
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e78945c-0d70-4486-8ddf-2416d5388438",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-23T10:50:04.000Z",
"modified": "2020-03-23T10:50:04.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_comment": "Cert-IST Malware Name",
"x_misp_type": "comment",
"x_misp_value": "Lokibot"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5e78945c-8164-4dd9-be39-23cdd5388438",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-23T10:50:04.000Z",
"modified": "2020-03-23T10:50:04.000Z",
"labels": [
"misp:type=\"datetime\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_comment": "Cert-IST First Disclosed Date",
"x_misp_type": "datetime",
"x_misp_value": "2020-03-20T23:00:00+00:00"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e761144-d120-4a00-a22b-43d50a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-21T13:06:12.000Z",
"modified": "2020-03-21T13:06:12.000Z",
"pattern": "[file:hashes.MD5 = '71f2c5eb6d2e98447d1716cacba2b561' AND file:hashes.SHA1 = '87fa9e824272c8ef8c465b589362b8a13941f403' AND file:hashes.SHA256 = '207e6fe2a7fae906d9cb12d5c1ce67b4c9f9a6c5e8787fb7dda9496834122b18' AND file:name = 'SOA AS AT 29 FEB. 2020.xlsx' AND file:size = '908288' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAMZodVC/u6EDeooNAADcDQAgABwANzFmMmM1ZWI2ZDJlOTg0NDdkMTcxNmNhY2JhMmI1NjFVVAkAA0QRdl5EEXZedXgLAAEEIQAAAAQhAAAArCemVA645Vn18vtkglL3kjfeorh5QFrsnvXoY+0O+zCqzXsyunUKQnU8BY56jAQdP0H7z/7nPscUCqe+/5unrCIJS/7XsQx4QZ/j64WlONrt2h5pBLzJsK3jL8JJQXkJA7ZmaE+J4NjlS/eRrczc0IfTeVwmAaA+GUNnpfM5mtDDUPJxUMAJJvY0CVRghia477uX56rvldRHMfea49LB3GgkxfvArWJD1YxvbNScg5Oyzf2l5BkKj45gyKlgBbbtk1GJzB9y7JECs6ijcR53HHuApoU+Y6iB9f3eHm6PzV7eTVvxAXox9I/wAOkSHJjafgqL8p/uU2FrhgWE0YV+vK2kc8kwLYNPabaqW+lP0AT43CrPJy2dob9cZ1oCwHRRRjGOdT9bmgIgyIbGxVNIQktrjWTdFZ5HZVcv5s4NBBVuAMLObLnPrMtKxMEP07rIzNp6dPnvR22B2rdyoIjSUdtvOrNvDZy2r1zKaElih6IEzGcaI8hMNZjLEiW77op+OeSiEPUf+UIKJwldc4WKFYpJzuyBf1FdLPb0EevMr8QKQpT5BEx6nfUwESH98WeFcJwmQhYv/mnmha1+79zYPP7PvZ77uhwWFSb00XZqS+0kiTOvdOZvqfm7vUvM6cmoQHEHSg7iuU913jPF3dcrcMjps2pRxfwltqAQ4zi0eYhiIyMTVVIfQAA4Mbfyl2T+HuKOoZV301QZe+SEQ/05CHTq2CkysF2hy+AmzEwcdayVUw8SLKFSpF68aLVj5Vw+MUSn9puRXILwpAqygZ13SleVA+SWsLLs2WQffH1Ea2NpLUIONeJysU3HdqjQiUL7QO9qogiW9v1wtbCpuDcAkkdLPazGYIJJXxTkG76GUd3b3W4VsFgSg4vy5LkfwWCz34E0dwrJNRMELak/ltwJTRnMw4rRTt3o8u8VqTUGWvXgXjNe1BRNk7/AIbJE6+dMvj5fXBRMrCi0GoS92+t7qQ0pFiNRS6Ye5bX9X1tf0ovdKUuzeTub/SfVJGr4HUv12iBSbHMk12U2013BYmlarN6bXF7tQRhoaZi9gEc/PLwwkszI07qzKXVnH7m0eGydSIx8klwHmeQRdBVsdZBIKixCAbacVbjr2GdD7xaKAx/0pwu1mb1nG08UUK8BPmpPzGKSSBTGFX970xsPADrj64pL+cachd4ti20jsJy9KGA7gGuVgPtJ8iWf0sAO2azne6zKjuu+josSrysamE6SOrO4hEO4966Rc7j0uFBaLoTHcEmHHSGJtBEkU78G1Pq5haozWKvByzhRCUnrruoIrduLElNffF6v5vGLoETtVybmLZZrdoN+WXppPEnJt2ZaR5npTBt25m5DqA0JM5HsFp6xy19Iw0AUUpMqMFmsVPZlxjRRuMldwL0TnlJwCVoL52AAMfZihA8OQ41c6qDXZl3jpPWgSSxmyP48j3EKTR96TM0KaNTumpvhj6mwlp3TfFNOoijf+qsACha/Lg9hz94qTRfpx9Y6acNWweXZb+uUJU5/Rh9Y+HtV0UV8qougjybcsdjxqr/g3Qef8Sp+sdrZNTF2YkAHO3MlHzEwY08FUrS19JEQkqiTfbEqfHJ91hxuEWnMRAEuoM2IG0+Kt4F2zu89MCzEbOf2EbE8ON19kllldP1ff/ShhHH2MI1qgOQL75HsiEQ0jGdsqf35iE2dS+dpU0P0yeeoUgJAfY2m0n3SKAFvCg4HjXBxCgSIC9gtuZWN89i1/lNG+YYztivFkvP+y94xue+MoVBUkOHllOCqgGde+SeJ3JUEhnUr32Uf9daZ8ADGIE9NE8/O0smk42pnS+1WSJEU7ObpDMwl0OVKEAEuHFOZFQvYKqqFHOLS6a86ppJ9y+TJKo11Eq1Dedo4hb1qoT6JQocSgHbIKe48RWLQKH6S3E6EIP5pMiOpP75DcvOVm/ShBOEBH9SzPBk9tsElYmrH7Ky4jK481N68D9QRKzezb84TlD57Ao5xtTbwEsCq83PO6/ZNYadL+rK1+I0WQmXZsfnN7js8+YbYkKwOpA52YQXFjYaRDKlqlZ6O9V7sWYNm/sreHVttr/5CRksRWbJ2IzA60602KU04nT+5ubkfNO9f35t92fm7pcBpGD9gtCBhgxdTkmoQfwo7My3VS07q5RCRuaxi6DtabfEQufUj/Z101Iw1xPah/PmW6XezSHOy67dskZu5p1hz8yVtN5oQN8MmECmwCq7+CJCZaeBzIqQRJ2R5t8Zb2tx+4KrH6FuZWwprjKVK0BLyU+8gEcTQIuNDEFiZI7u9JJvSmpoz17i5KBbQrfUw6zOuhZWzDK1xIZeK6lhxQ2ANLZsOjsNm+xD2XffhDECord02AWwD7WoNAJSa7oFXM3pkKH6HtZYVLrWUvdo1Srlc0ijdsGQeUS6/vmhlTyy0MRrYFVX31rBoajJP31WzHIcO/zNIrdltvolMzAkdIfQOfctk2uWQXGVohQMZcHJatyp1pqXdiEIIB4tE4CrogqIbIeN9sFIiXN8BPaE4ziKIIL8Z2JznIHUJa/7BjxX6jYqP6hRHnNQrITqMyod4yHVzjjvtgYxsiREPnEYa0tb/8mBurTBn/5llNcdEX+gOM3caacSyxCGSWCb1euxwan9Uw0xq6r7mhGNDdIRZh5KkUgd55kQ3MY3eLzXVz5593Nw6BuzA7lKRHQDzPCKU3nrphmbm5d/Jqpideu+hBaEZ0cO7MnNKCRL+OvEHD7p9TarYr7lSz+4lUMD2UsHWH9uwvTy21Ilc3ADJp7AMkshG9pGvUqsIQ/BhziN5EcW1Akg3KxttnwI+/resheoTF1ZoTNCvxcFLFUAqi6QAX7Uq9XiH3RO6mylzC6ZugAJXrJsoxSmUP91aK7z3jTtdwyXjN6/nAVk65ezgbvhBNMe+uP5DTU2NUAfr7TeOrMLvW+xpkMcrjHDaHfeaKRQ+1EcqCQZQRsjEo7ZZty2I5Lrozy7z5sO5yJ/BfE29LQAKyuPoifi4xt1MnMq0r9pMy9cW821B+kpsC/0fH1+1oslakzyYWhauSfJ2HhEgFTLhIgCPKPu6Uw5/1D4MwbTQm3AQXSX+KeDdqGnDkHblMoVY30R4OF5qxW+71LFXKI0jHQTFv/C24QMrRNuJpH9zTVPWGlfAoyD4rjVinLBmlELNM3/Gb6wYTq+2EGGQG73JnHYZBdxxROMkWvH5R2GbC38TTLFNdHfwJhau/QUwz8ncRjHJy5Tk5tO5WmiOBHgPv7oJ6/rvaMO1vdnqBYLfZ80GGsbzpiA6GHc3gX3WxxCVcQOCRlskBNZcQt3qZIoK0g7yiAEapb8SQXsqFwYdodPhWBPbuinZ7R/Cj+UxGAnLVKT6EO+uAir6SqImoZ8un6KayGeuLhSTkmru+IiAp++cdgFnxDn/caIcUEZWkViUUPCj2ov1UEfNUlnzXEHzeYzBu4FxpJe7Fop3kVG+m8u0dW+Mvxz+YbNGFqj6MJQft/NomTUABgtEHDXzVNQ1uyXzL1WD5eJ+oYmQaPAE5zgcfYAkPD8A6dMxoXnAOx5HVzYtNBZhPH7lunOTa6SPUsWJyOYweQlUSBLRkEg1CSgibOCHELcNmSybk4QPhW6On9n0w/RslqKZ38J3TuR
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-21T13:06:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e7617c8-b490-4181-b9ef-477a0a0a020f",
"created_by_ref": "identity--5e157d76-c92c-4acd-a54e-4a01950d210f",
"created": "2020-03-21T13:34:35.000Z",
"modified": "2020-03-21T13:34:35.000Z",
"pattern": "[file:hashes.MD5 = '588f7435c0f60c626ef1aa6686d498c3' AND file:hashes.SHA1 = '8ae273618ff5a22bf2ee880d6ce8327aa8a1a4ba' AND file:hashes.SHA256 = 'd04f19307af75f77ec2e418bc6a16454906b93f1117fc5b4ba84a73764b089c4' AND file:name = 'vbc.exe' AND file:size = '1124352' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAEBsdVDM35g7QXgKAAAoEQAgABwANTg4Zjc0MzVjMGY2MGM2MjZlZjFhYTY2ODZkNDk4YzNVVAkAA8gXdl7IF3ZedXgLAAEEIQAAAAQhAAAACoFQCar9zHFHrEIFKaKphl+Usui7i/hX7gXSdyejfHhpb1lip8ERHDD/KkT5c4d2T1py++dn9sDmU5f22FagLfSucZMe+5dc84eBQBJm3zAmXP9gyKmuFpCOgmEqVxzQ05mzdAYawq1pIYld6c5Z1M+jNEShPPX5QxfxGLfD4m/nHVU9zyG33ScCoLCAxqgC1Z5+uMOd3J562aHaf2PEN1MyTrJVABuFMu9L6oMLTrByvNGXaUOkPEKR82k+oNtmT//S/nd7YAPG1D1t0+kBjNlTTzBaeM61ABlyEGwcI6vME6hLc1m6RdM+D2d/C+hT7Aeoim5mMWdGXdHFrcTBOHBPsLgYbztlaZQX5tpDOhU/jWPVoGm1nIX2X3tN/G4lSgoMobke3J976/Mt8TA4boKg8huUb4aT9j/+ndsPNKNhsaBsYT2D1cBNtyTrHQKFeZcwb66gDMWKMhP1T7I5mkZxMDi/BNTiC1E+SVy9y4drR0V5LPABexNYLDsY0QkJ3yKo8thR2INjwvH1GQqj2RwnWLKviYt6RkjJYQYmvU7W6X48bk4TPG8rf24nAKUR+yju1c+NSzKwaEu+181Vd4i3leVj++eJMg9XxMstLymC6eZ2SzvudPMZ83QUkt5YzCqDQ/q4xi0NoibUR7bWYM4GRtKIh7tj8JyPgYK7PkQwLavItW1qTkrDdkfrcPIK5kvNLVktghoqAv8U0pTjzvh6lLorjbXCFRBKl3DEk47SvFQVxC5hyErtDcVSgTTBWFZNpdJjvYmbNCIpOPRO/EWvnh73epduYKXX+ORBeoyOONgW9x6rOZDkeVTgAo76l41zrWr15L9OeIQCafqVmKJTMytvPoAjZswxjjuE3VNa500X7oXkRrt1V5QHIJAgTJSG6sR55wNGjwGc/GeylgFWbnjutUGYj5h18nDG+NqiASfeiFAF5ejlMZtJhjb7kAtnb07z05x3PGHamYnMNk3nFR4mzJOh+26Esx5WQ7qJizn60BGy7a7Tghk7Oxh3KPIZGMdTKamc+AZrNDmr0Gs7g7BTrM1YAMDhcJIQBU1gNTuQbPiMtLAz8vlxdmiyClGvrldG9u1v1ICob5BnvrKG4V0Vk6mX51LHqeWlEms/OmTruNfIVTW2Czno8tt0hOXd1Fw+v/cuUwvNP5ePkzzZM7Rgcvjpls4PGe4nphFeKiXu+mUaB73xJL7jQuGTIEhIZfXOJ0WfH20DODcAr1/4rQTdtsUa5IW87fymeDwOar/caXeu6pTutP4z0IB1G/wR08c0oGpU+2br7yqITgSVaGknnVV1cmNffVUWsjUYB0aBvCYY2E6fLPk0dwopeT2B2gbfNGbfoEK6KVxFuaU+SZJ0ZZLRCmRet2JyviXDBK7jt/ZCobdnCIvayu/XDuCNaAsPPq/5skYgbvEN1kWLT+G4CArZSgNEm/3piJimMGvNo62hNqh6DWbOajXGbz1JgNZhcrIWVDAUEPnZUcXQuBDiPSXaC25iw3fyXDo6hXgH7BYZGMz8av+ATqM3umRI8AlJqqczimV3c7PemUM1bg4uDlcTEo7oCuDUza0B0Xd3lP49Yi615QNtdLot8tTYnAeiUonO/6gNGqXPA/EeI44VrkFrGUDtDW2WaPcPNhob0Yk7BVitMsm3aFGSZ9BxTGtFCE9yG9Bx/rLdZ9Z37g2D3Z9GyHHyPmtVOZLN9plxyLiDJlN8NugzJUjVYlkLnDwv49TE5akuMhWJ2K3CiZwCrSK8XVDyck8Z4IcNhvUL4Zimqh2HzQ9PjXGpaPGgU2HqlLexliTYvJiA9IsA9XLjON1BDxtzwo2J38TbBkD1GKnaTzzFeC2+tFVscgwF11viBTa2GxoRfaB14XiFIrzA4+/jh/Bp5TDSwpPJrvtUnSe96ycfDXSKaHXIQ/gIwSDc3a/vR29TM8vt2WXM6Ih0JisoCf//Ycls7UoL54ZiRlOhx3JFcczT/0bNVIB0JUROu8Pyt6JUFadr8/E3xehoq6H/cQCp5yeZ4TOqiU/WhgM1T6pQDIVk4ndX51mzohf5NCMXxqqqY+k6jIki+CsOKCRzSiox8t0sEj31/hjyw4c0b2XEk4a0wmVCrHG4Qm8kNoRmEWLHQuGi7uLICGvkwK29JHBgs+nz7bfSrG5uMeOZj+70JGKfDav8JWC3aDNzI1XbQZWHQmErPeBHQcS9WbunxDCc2ku2Zx+1Ft/xHJsnHu7I8B5Q65wV1p3n1hyF0vhPHfcSNjGLGOAoEa4v2QWaVWD8Wmvs1ej5giu709BS2eWLx1PTgNeaCa9YeK7NG8EppJrrg8DV3J/ahnZJNvHssvStPTXZWBdCw0T1s52++sr+LIz8oq/WlqLd+4A++luTPmCr5WM54BktlC6Jm8EFXmg/u2FJNDrgjaqIIbHmHkMeMoPLzz/PMeZVXGCsOFMSdHp+nC/CuL5un8cA5s1vtXlCE5KW9QiVny2JaF88jMs8+S1bfM99YcIbIP3c7jMmbrmZhVFszbK8VDb33nQKNGT7efl/BUj32zVZfkMgJd+8M71mfYfbE325poAaQNuMQO1wtDJd+Z1A9FptyiAv0GwfVw4nzGj8bpIuVe+xWfZvIW2fwUovP1QKQ59R80ZN/iwsn6yMD9IyyMw03QhcuucxiaTxNsgDL9UPwNF9Pe+9ECJNPkhvZdX7KoZ+8E1WgFpUjPgcwEnV6I428PVfNfqyk2Yv4ik1I2tncczM3Gg7yRcIVUBrXH2gKSemGOvPwwsKJF3il4uwmd3cB/Vu3GyB87YE4yd0ajik0pKReGmV+rBXyNrDpSymQl4AmtuIGt+E2tyt9Y//iH+VUU1uiPTQ0fSdgvbFAEulS5j0WvnJNqNUV7kg6Z+MHzN0ORMveMI1d7/YyZmVpyqdygG1CcXkGQ56RYoD2HG3Kl9i3IhnDbexVDplgzGjAzCEPuKZnEavQnUj55H4yeNkkMIvhLsjn8janTrpLhGtETRSGiLr27HSoPVHKWik/Y1xEnbhWqnzLz3Km/bYzhtjr5kWWC1DcxyRfufKjdDqaUb7mKbQLqzqgA9mWwV8fmUBfjaDHfWNDm5xmDnIzoJncNuLOG6bQzICnYuPaq09yhoKy5D9IvWON7KANrIZj4A4rvMcXaAmafs7BQdjObhy0POC/l6WfudkfTpqqFPaW22ct7gunEdN1AkOrtekPptm1jELGfpQzyBExECWZsejDmPoBvJoOkztN0V6bHa4CvLY/3ndRYxHCgCe49AfNeDbVeTBbjHDxBmBTPQEI+puKmlenq4nXsgtJtJhK6rD5CAfFfEYGF3vXqHP++1lEeNYij1GLlzxNiqBabOXCWuzIsL7a0vSweu2Z355eDgZ9KIY5TqHVXwjKp48SF3nNe9+2Gwi1cFmron+m6QU+m1OtS/LyteDK0JfQdwH6QIDGLHYZ5z99xAOg2yzZAqzo5fzM+Ww4rwGUz6pLZgrQiMaI/w9+2FIESr8aFjXnQr5QamJoCsR9TDl9259DzaG4Q8I7/kTyiszkCaDCZXc7KdtZIGmtNNEgJq2guXLTs0qAoOlcUipkgMXEsXeJ3a+vzon0YyxUuXzLGJPqDsLC5pOMxRRTVQJgRFxERFoClO9H0KLo7NM+rrQu4W7GV
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-21T13:34:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\"",
"Lokibot"
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}