adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5e78dc2c-afc8-411f-94a5-40bb950d210f.json

1092 lines
1.5 MiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5e78dc2c-afc8-411f-94a5-40bb950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-26T15:46:37.000Z",
"modified": "2020-03-26T15:46:37.000Z",
"name": "wilbursecurity.com",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5e78dc2c-afc8-411f-94a5-40bb950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-26T15:46:37.000Z",
"modified": "2020-03-26T15:46:37.000Z",
"name": "Trickbot to Ryuk in Two Hours",
"published": "2020-03-26T15:47:00Z",
"object_refs": [
"indicator--5e78e080-d6e8-40f8-bbbb-448a950d210f",
"indicator--5e78e09f-d584-403a-acbb-4d17950d210f",
"indicator--5e78e0a3-3740-42c5-920a-4272950d210f",
"indicator--5e78e0a8-d80c-4b5d-9ff2-45dd950d210f",
"indicator--5e78e0ae-af1c-4148-807f-417a950d210f",
"indicator--5e78e0b4-0918-49d9-8a30-43f9950d210f",
"indicator--5e78e0b4-1714-4604-819e-448d950d210f",
"indicator--5e78e0b4-3514-49f4-85aa-4ff7950d210f",
"indicator--5e78e0b5-2ed0-4b67-b81f-47e3950d210f",
"indicator--5e78e0b5-c310-45a1-826e-4d05950d210f",
"indicator--5e78e0b5-b4d0-4bea-813d-453e950d210f",
"indicator--5e78e0b5-baac-4b98-8ef8-46ad950d210f",
"indicator--5e78e0b5-20e8-4abb-96a2-44eb950d210f",
"indicator--5e78e0b5-da18-4d2d-a374-4f2b950d210f",
"indicator--5e78e0b5-0a7c-41b8-8c01-4488950d210f",
"indicator--5e78e0b5-f574-449c-8c51-49f2950d210f",
"indicator--5e78e0b5-d624-43d5-8b07-4bcc950d210f",
"indicator--5e78e0b5-c9f4-482a-9251-468e950d210f",
"indicator--5e78e12f-968c-4e3f-970a-400d950d210f",
"indicator--5e78e1f9-4550-4c36-b04d-1863950d210f",
"indicator--5e78eb0d-ed40-40b7-ad71-1a48950d210f",
"indicator--5e78eb0d-82f8-40af-a6c7-1a48950d210f",
"indicator--5e78eb0d-a630-4147-bfbb-1a48950d210f",
"indicator--5e78eb0d-4da8-4591-a7ed-1a48950d210f",
"indicator--5e78eb0d-881c-4774-8869-1a48950d210f",
"indicator--5e78eb0d-6aa8-4181-b2b6-1a48950d210f",
"indicator--5e78eb0d-bd48-4643-a3ed-1a48950d210f",
"indicator--5e790a19-21a4-496a-91ba-422c950d210f",
"observed-data--5e7ba09c-9c2c-469c-871f-0572950d210f",
"url--5e7ba09c-9c2c-469c-871f-0572950d210f",
"indicator--5e78dcfa-bdc8-4583-8efa-c9fc950d210f",
"indicator--5e78dd06-3ce0-47d5-b00e-c9fc950d210f",
"indicator--5e78dd07-53f0-4fd9-b97b-c9fc950d210f",
"indicator--5e78dd08-4070-45b4-8e65-c9fc950d210f",
"indicator--5e78dd09-42f8-4b6b-830d-c9fc950d210f",
"indicator--5e78dd09-63f4-4330-a68e-c9fc950d210f",
"indicator--5e78dd0a-8c8c-44cb-b817-c9fc950d210f",
"indicator--5e78dd0a-f6e0-43b1-8678-c9fc950d210f",
"indicator--5e78dd0a-9560-4f05-a747-c9fc950d210f",
"indicator--5e78dd69-d680-468d-8a43-4a68950d210f",
"indicator--5e78ddfe-49d8-4865-9313-4dcd950d210f",
"indicator--5e78ddff-bc64-4bd6-a15b-4221950d210f",
"indicator--5e78ddff-1490-43d3-b74c-4fbb950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053\"",
"misp-galaxy:mitre-attack-pattern=\"Disabling Security Tools - T1089\"",
"misp-galaxy:mitre-attack-pattern=\"Group Policy Modification - T1484\"",
"misp-galaxy:mitre-attack-pattern=\"Hidden Files and Directories - T1158\"",
"misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"",
"misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"",
"misp-galaxy:mitre-attack-pattern=\"Rundll32 - T1085\"",
"misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"",
"misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"",
"misp-galaxy:mitre-attack-pattern=\"Credential Dumping - T1003\"",
"misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"",
"misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"",
"misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"",
"misp-galaxy:mitre-attack-pattern=\"Security Software Discovery - T1063\"",
"misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"",
"misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"",
"misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"",
"misp-galaxy:mitre-attack-pattern=\"Network Service Scanning - T1046\"",
"misp-galaxy:mitre-attack-pattern=\"Domain Trust Discovery - T1482\"",
"misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"",
"misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1076\"",
"misp-galaxy:mitre-attack-pattern=\"Remote File Copy - T1105\"",
"misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"",
"misp-galaxy:mitre-attack-pattern=\"Windows Admin Shares - T1077\"",
"misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"",
"misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"",
"misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\"",
"misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"",
"Cobalt Strike",
"PowerView",
"Ryuk",
"trickbot"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e080-d6e8-40f8-bbbb-448a950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:14:56.000Z",
"modified": "2020-03-23T16:14:56.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET POLICY WMIC WMI Request Over SMB - Likely Lateral Movement]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e09f-d584-403a-acbb-4d17950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:27.000Z",
"modified": "2020-03-23T16:15:27.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET POLICY SMB2 NT Create AndX Request For an Executable File]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0a3-3740-42c5-920a-4272950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:31.000Z",
"modified": "2020-03-23T16:15:31.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET POLICY Powershell Activity Over SMB - Likely Lateral Movement]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0a8-d80c-4b5d-9ff2-45dd950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:36.000Z",
"modified": "2020-03-23T16:15:36.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET POLICY SMB Executable File Transfer]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0ae-af1c-4148-807f-417a950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:42.000Z",
"modified": "2020-03-23T16:15:42.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET POLICY Tunneled RDP msts Handshake]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0b4-0918-49d9-8a30-43f9950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:48.000Z",
"modified": "2020-03-23T16:15:48.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET NETBIOS DCERPC SVCCTL - Remote Service Control Manager Access]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0b4-1714-4604-819e-448d950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:48.000Z",
"modified": "2020-03-23T16:15:48.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[GPL ATTACK_RESPONSE command completed]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0b4-3514-49f4-85aa-4ff7950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:48.000Z",
"modified": "2020-03-23T16:15:48.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET CNC Feodo Tracker Reported CnC Server group 15]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0b5-2ed0-4b67-b81f-47e3950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:49.000Z",
"modified": "2020-03-23T16:15:49.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex/Trickbot CnC)]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0b5-c310-45a1-826e-4d05950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:49.000Z",
"modified": "2020-03-23T16:15:49.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET CNC Feodo Tracker Reported CnC Server group 19]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0b5-b4d0-4bea-813d-453e950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:49.000Z",
"modified": "2020-03-23T16:15:49.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET CNC Feodo Tracker Reported CnC Server group 21]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0b5-baac-4b98-8ef8-46ad950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:49.000Z",
"modified": "2020-03-23T16:15:49.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET CNC Feodo Tracker Reported CnC Server group 12]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0b5-20e8-4abb-96a2-44eb950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:49.000Z",
"modified": "2020-03-23T16:15:49.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET CNC Feodo Tracker Reported CnC Server group 9]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0b5-da18-4d2d-a374-4f2b950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:49.000Z",
"modified": "2020-03-23T16:15:49.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET CNC Feodo Tracker Reported CnC Server group 14]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0b5-0a7c-41b8-8c01-4488950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:49.000Z",
"modified": "2020-03-23T16:15:49.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET CNC Feodo Tracker Reported CnC Server group 4]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0b5-f574-449c-8c51-49f2950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:49.000Z",
"modified": "2020-03-23T16:15:49.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ETPRO TROJAN Cobalt Strike Malleable C2 Amazon Profile]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0b5-d624-43d5-8b07-4bcc950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:49.000Z",
"modified": "2020-03-23T16:15:49.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET POLICY Possible External IP Lookup ipinfo.io]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e0b5-c9f4-482a-9251-468e950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:15:49.000Z",
"modified": "2020-03-23T16:15:49.000Z",
"description": "ET Rules that fired during attack",
"pattern": "[ET POLICY OpenSSL Demo CA - Internet Widgits Pty]",
"pattern_type": "snort",
"valid_from": "2020-03-23T16:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e12f-968c-4e3f-970a-400d950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-25T18:17:52.000Z",
"modified": "2020-03-25T18:17:52.000Z",
"description": "C2 / Possible Cobalt Strike Team Server",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.81.5.253']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-25T18:17:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78e1f9-4550-4c36-b04d-1863950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-25T18:17:41.000Z",
"modified": "2020-03-25T18:17:41.000Z",
"description": "C2 / Possible Cobalt Strike Team Server",
"pattern": "[domain-name:value = 'norulless.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-25T18:17:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78eb0d-ed40-40b7-ad71-1a48950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:59:57.000Z",
"modified": "2020-03-23T16:59:57.000Z",
"description": "Trickbot C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '146.185.253.178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:59:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78eb0d-82f8-40af-a6c7-1a48950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:59:57.000Z",
"modified": "2020-03-23T16:59:57.000Z",
"description": "Trickbot C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.123.239.67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:59:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78eb0d-a630-4147-bfbb-1a48950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:59:57.000Z",
"modified": "2020-03-23T16:59:57.000Z",
"description": "Trickbot C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.62.188.159']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:59:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78eb0d-4da8-4591-a7ed-1a48950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:59:57.000Z",
"modified": "2020-03-23T16:59:57.000Z",
"description": "Trickbot C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.214.13.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:59:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78eb0d-881c-4774-8869-1a48950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:59:57.000Z",
"modified": "2020-03-23T16:59:57.000Z",
"description": "Trickbot C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.44.51.113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:59:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78eb0d-6aa8-4181-b2b6-1a48950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:59:57.000Z",
"modified": "2020-03-23T16:59:57.000Z",
"description": "Trickbot C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.255.96.187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:59:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78eb0d-bd48-4643-a3ed-1a48950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:59:57.000Z",
"modified": "2020-03-23T16:59:57.000Z",
"description": "Trickbot C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.176.135.102']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:59:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e790a19-21a4-496a-91ba-422c950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T19:12:25.000Z",
"modified": "2020-03-23T19:12:25.000Z",
"description": "RDP Tunnel from/to this IP",
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '195.123.242.48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T19:12:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e7ba09c-9c2c-469c-871f-0572950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-26T12:28:05.000Z",
"modified": "2020-03-26T12:28:05.000Z",
"first_observed": "2020-03-26T12:28:05Z",
"last_observed": "2020-03-26T12:28:05Z",
"number_observed": 1,
"object_refs": [
"url--5e7ba09c-9c2c-469c-871f-0572950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5e7ba09c-9c2c-469c-871f-0572950d210f",
"value": "https://www.wilbursecurity.com/2020/03/trickbot-to-ryuk-in-two-hours/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78dcfa-bdc8-4583-8efa-c9fc950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T15:59:54.000Z",
"modified": "2020-03-23T15:59:54.000Z",
"description": "Exe called RYUK or ran shortly after RYUK",
"pattern": "[file:hashes.MD5 = 'c908088e542ca306759249cf4b35d25b' AND file:hashes.SHA1 = '80e9d9b7fd95f6529cfd0d94a15d24a14ab0e91b' AND file:hashes.SHA256 = '1c7f778b20d47a6466f4f2b49dcc0e269e62526bb325bb4173450000e21993c7' AND file:name = 'aHSIi.exe' AND file:size = '143360' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAHt/d1BQUfVQjSABAAAwAgAgABwAYzkwODA4OGU1NDJjYTMwNjc1OTI0OWNmNGIzNWQyNWJVVAkAA/rceF763HhedXgLAAEEIQAAAAQhAAAAqAW2fnY9wXAVtCOfRHEF6W1dCnKUiDHbwFJAHmOwcZUNV83QaxYNYpx5DhFPz28bBNcZ90DnYluci5rLezP7Cx1VPuRNBWR2XmrtRX+l6APJ/3cJMolXYtadCN9tZikLGB7EN7oAbbFeJEk97Sa+Afr3gGgFdgWR74UdF1P95wughRbEAfhp539RqEjjToFwoOENEi3QuUukIa2IpgkGXpaY4/uI/1PQk9x+bVzPfT04F4fxrAvLFSuIyPfYx333H8XtF6pMM67WoaB3/ZQ8SUxEuZ+ab3cEMeFf/zR9lVsZELDpHQlwLp32iVbEFpPPLtjibSy9wJPDD67i0OzzBQxG7GXfWQgxkoR+p39olzEC0KKsL6msAqUaD9RzD9egq4zsvgbzQPBOgl59mqFZFO6ZVTxuWGNmO4PK4PcWkEkW5ftbKUx1svf9NDIGACAdbUS/gDjCp/wiMYg9WMzQXssSNApQqRfQLTVxmODgSIojWURlACzuz4XE0eh5Dy/LIAhqLn4rkzrP/G6VfixZGYSnlOLFDNoynruLCxDge/T/R12eCIQ1QlwY3nCKDtfhBOlZ0B0lORDs/a0l58gYIbWhOtxHiuhRwMKWtZIuByk2hCgCCbVTUWYKrsQTNc/6Wi1NXsEyYpXMv/4kk8cr/50cNqYH/ky7gt7uWKLibjnWDOkiacnEwNvKm/dI5KYvUJvcSc+w47zDThG/IJuhUWXJrbBq5E2P6/yzY4LXaBUUy9FJiJBgIK8lLWdzfHSzoZGqU8ICE12XQ7dxwTvf8wU9ZuqZUU7y/8QWKQ4xpvwRCBYSYcDzk7nnpzwssYjLtU/+3frM40Ob4MMYqio9gmMvLYL+mDemXr9oP3UxFsgo3xko6B7XreDtY5dYQ/OPmR6ALr8JmHaNV+FOXVYxyyOccLfDa6V+7zniPnJ/HuYp0KBVe6sKC2ON4Lhxq37abLz/oi3IAsTE/iu4lRnAvD+m/zeeXC7MYzhf/lqyf+LOYZ89/FGCXpmO3Y1+eQYwNlXETzXAdHWpYRYQwn0jsMtP8pRDGX5hRKhv+1DpdeDHu81scKZEoae4+k52R/rugXJ38oSipaKUBt2lKEGqyuCxHZqXyUkw7lYwTK0TKP9RppZWZrzEopFUFA8717LfCEoxlHlkbAJAt9kMgfFeQ6xUhJ4XwAsSNPdI7xxFp1MgYMrv7E2AT5/L9AyatAXr6JCgCkR29aVl/irspx0rz/0YoV8uJGnuxNThUJl8ac+1a6ZY6M4GGehDG8BYnEGYea7+eDi2l7eIupzBYoolLNevZF2rr1iyc19tfONplE2/uA/YFZIMO7A75brUwD4PEVCOhXE/cXGZsV+V+RDKH9r0/qOEyM+9Dt+Q9PK/U0aWa7JUVNBjvcsa9vDhjj6NChUt18JT1aBRLrTwznf2+LRegSZWfGZf3vqqe2dswYWBYjIUPh7EVF+tsF7ypricTLZPMaT5iJXmjfHA2caoMmBxYlc+ZJ1FNQ6dacILwaBmasH5k7vNgrLq7frKgjl+ZLjIxUXMy4KYVq6CORbhRkI6HY8qmDipvWS9cRPa+IZpaKGNjgMMddaETdJ+CQQg33ACEzsIhHwOJOd/DwYxvX1vA8Q6Ek9q20DMlRE7Y2Ehrd6pbFbrlNuj2Cj5Aj8k3ftlxvuHHqpu0HLgdPv8W7lzz7zxcEg3KwdzaLY9ql2/Ixu8TLGKyDWveUiozQ/PeQ9KkIf/4/vUtwVLpAFciaOvmJHhDjbM7HVpncn4oGCudbr8+sCAMnCRzSYDDJDK19uHq1LWyHomo6DX/74Hc5eZDcsYkO9hsu8kKX5sFqa1A3J+fZh9YrzP3Q7Ygjh293Fvne35kdWxlUgN5jNlf0LKpsbumr4REpfifqutvVYdNbKsBnWuhj/Rh04MKHhXJBTwf6yz2T+xreAlFVeL4elMsSE23zLYoDNpZPheT7EL4KJTqCz3l7J8bJpfQSviJbDyc/XdcPztRldv/38sum4JqJGsWjXj9GHgA+sLMrc3ooNiJaLDoGRReLCbBpdjlqa0K9JEwsg7U/iBcuQfFr0aa4y5gk0U7kVs/nGchQ8zRKS47pbxf+l59QfPjcBJolJUdDQ/+8QOI1N2nZJAivx075ZOAuYpvD/6B1hl9bRjefPCzcwoLuHC3XJmbx+vM6cqU2mrfiLCzHaHd/KGW9gdHfn8JydWyIxTaQqvVJQhhHq5kFZvTcc/ewANMkci2fmjXsW7zIWwL93F9BzXhnifBeIt4WhZBPIiWs/zDS+naGy1cM6cqsVVbGqDlECstpsrBCQYVQGV2c5crctJC6bHsBGin8ZF/YnnElOAfV9HnFBWlinMswOb+nGKdS0Fd6vkojgw6Wp90DvJqR5PcZJhJMALtIBE/acUFnQH45Rj1P1SHnnn5Lehw94ZXjJVmYbDs/cRJNjrFZdM7u+2e9Cbk8E+NQLeHmHGa6KpoFY3WncEe6kvKxbnIX6YyeBO6TsRS3yPIK20JJjjODV0N1qKeRW8Qdo78AsnlToc5UevWZptV7SyGiOnWfo856dvCOZGDYaMAe3UrZi4CnhBqfiEyXbVyxtj90aQh+Wvw18wi9hGfF2sMev9GanvAUFocZ+Hp9YtzrZjEjfulThVYj4+rhkxauBwXNWoCxgPHMDqjAnXGJiAuxmBNe4f6fae9M0kzMYB1/A6IB8foElgNGje+9RN+lJUaJkGvkHmE/sr4RQN8PuTWDo/KU++/Ye+ISSXfbt2OSv/jdN0kVIwtopmTsmxTWwddZzgdZ5wTlU8gfCNuznBv//M2MpCqzoFh3W5TMPnWunL4vYmLI6nh+UlbCvORVZa1Hasvxix9ny2eHaeJGwA60q17XOosEtlkX+3gYM7DkGX7SChRb5NWtbxXcmMSC0p5mvGOTxGgwTCNSKTnC3ubuhDyhn5zKRjLQmGwlLCE3WHduW97ooSdOj3S/QIAnrtuCXUMtjJ5c5Nj0R5hU2HL1Nv2oRMLcFh7Hq9L7QyOPHi1b6tj1z5P3InZHrQgAHKX+8ap6R2Kx3MCSCtSKmsXItHLdqOd8YIzz6bVO+EKD7w927tRonFcQvlNVKRuyXmRTxaTe7Xt2eSzgbbEuc0LMX08L5H4uqdIxO1WIM2J21eXUFA4k5EBI2rZnWCaislE4KjjB/qx3Vp2BPzWM3d93rj0IQHszPYfs/aTNVs5EOW/Y3oPo9Qryizfc8lrgCJIhjZDsmI7SkSVxiPRp98ueXigvCWcLzw04GvSWGJxUebSr5T+jtrugzy/kKHMhkXcEXHF96FTIIC9XEf/iSVbj5lqqZc+gPtNl8dPWIhgXn9HadMnhQC1rMrQiNHB/zYwyNbMtqRfqvM9uzJBN0NOdXLZ3eVU11mr6vTOBkVFUYEO+8PVwH0I+zZSD+BUYp+wOxHNP/NyUjMyzN1Vw/PNv3JNE/HXV5wtwaQUZNPFw8jXrEXcPTeWWE93EOdr/f562glMKX+iJH2pve6id7sS2VbClyupy4pRtIOo2i2AWNpK60dD0rT/+/lzEnjf/bq9uCjwYweQYK5Si+F8Lx/n3bcfKTP1dH2hamsEg4+5w8a/P0OS0DUDYO5+XIkfmcPQlZAKUNez4AuAJpRATYyaLsofpOX7/lS3
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T15:59:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78dd06-3ce0-47d5-b00e-c9fc950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:00:06.000Z",
"modified": "2020-03-23T16:00:06.000Z",
"description": "Exe called RYUK or ran shortly after RYUK",
"pattern": "[file:hashes.MD5 = 'c908088e542ca306759249cf4b35d25b' AND file:hashes.SHA1 = '80e9d9b7fd95f6529cfd0d94a15d24a14ab0e91b' AND file:hashes.SHA256 = '1c7f778b20d47a6466f4f2b49dcc0e269e62526bb325bb4173450000e21993c7' AND file:name = 'cAvYqaMfOlan.exe' AND file:size = '143360' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAAOAd1BQUfVQjSABAAAwAgAgABwAYzkwODA4OGU1NDJjYTMwNjc1OTI0OWNmNGIzNWQyNWJVVAkAAwbdeF4G3XhedXgLAAEEIQAAAAQhAAAAPw80nszkmABL5I2gBWamuBwf+0O6D46dQeii15B5w10eYaixAeL1XtArCKIOAZC69MfFA+gp8E8G1U8xunhwOxKf8kBVycdKLVgbmbQbmh1NMNCWeH5OiBHhiHEabBCeCkl0tknGiC2Sc/FRp0TV0ieIyTDm13AKac3aZ1nmP9qsp6qFIi1pzlurol/y5DI99RmtB6eHZKAArU0l6BDc/FXY/9xVsIbvGWlWko1xTls5jkNI5aVBr8kHtjBQU52iC8IhqdqbSjysOi604vLiz6BiPt0RzUdkBP2sl4NZ5WNIZyhgTp3idiWOurb4IGDQEtsJQWTlBjLodHScbPZT3vXhFCn6mujqBTiU2jcl3oAtleN/51mS+LBQG8i+GLanbx0vBH3GmESF4BrwoitWRNt7CIE/tx3QakUZbM9fluiYj0f03uSySqnBJrvDVoTmS9kL5k7fg9GSXn7t/Gj5eBRiUfF0JxXsYPwldaXOWImI8eqxJlD51BwuMH20Q8t7WJaL2ExK0IXKledErsMpcxVezUIzRpo0Qm37ZwaPfhuKuaKElGhV13IvS8s+ybj3qq09kRmGlTl+YU6uUM+44CIJw/AnDwtuzoeDeV0nUIKAmsvgaYM6C9SbZmTPfon/sn3AvNBRrTfOuyLAds2r2jcCp5jRWzzAjs+aa+DloJ1H35HQ/FwxC9ECillxiau85Mvga6K7A7RV/6OCXYo1vzutzKRAtYpNhsk2lOjdf1FqPReLS3CH48FSDgvq9gMlWcKMrIvhhE1yWKZq8c4mkpisO4rJXRYBfnPzi0oK5w+ATi2iuOWYpZ31iF+j9jiKTLoNAstNAXtBdFRQBxzJhAtb7g6ouPG6L+sq1OCmVj9ibarPVBUUmmWG5fsJMxpWOQy8X5Y6PXDc1bBoYIg6docmqyQ9ajhtibdazzOIaPS/X48qKePwQfOciaFv7KXX++4iJ8IWSr6Qbh/sXJJoJJtiLHxYXsF9CcQyIwXCmhxrBR9MCohs1lA1BuAclvsCmyUdAlCy87Ms0sNzGGOH7/3XU623NL6JD/iio2FFZlihmJdT+ciR47fze8MoxHuAINMg9nIvj100qAMD9o/RR1qirdvn9n3DQAzCTrhL9AyzwMiTw6nxWOxR2gu5v9itYMzCWhg5uxqxVEaa74nLHJRp/GhJoEuZPA+/vM3y3kP5jxvQB3Ue+pY/nX+UxUKYpfSUWZZcbh5avSDAkQcv0M1dRBvZlaT+GpXaEOWab1PXrxXWzpUsKVkp1TlyFDyFMF04nczPjupvXcwqKiE/Iq7CtlOLSICNxrLYr4hkqDEnU/sK1Yl2rofi/ZAVNI7pDpwvYtAjKMWTOr/oPSHPIEGknCHRDkbXJQVpgBnfoIZfsGM6/RMhWSUY7IDJ9OZ3CrAquPeWBSd4MJNrMOOKQ6DReTJtE8/+G1T4vLsKWT/aa8f+nF6SW0TRQyGr8072ljFJdF7bkI/W5yUW5rubD7scYmNlP77io+4OPMeYrH2fMVUkfqvp4GbOlGRojboDdKzTdaGYxUhcTkHc0Jdhie8PhW6/frULXN8G3hroWo4m1YBhkSLJvVhaobpQwgnwycs3TIWDHV3X+valb0nKVJTC8OGfWABNpom4JBv86fSip6rRU1cuUph218+9ZxvByuwzCJhns3LEog+rx9YG5eUYT9T7wPWZiYjA1fDLWaQ8Sys/bC4lvjfiu8KNhAceZrsY30Qd9KHvSi48Q2Oymsc5BHicf+MMnbEVjjkVcnJHEp439a2DvNDqCaY0KWQropVLZpScPy+6uZpiKLKJASEa64Tmqswf1chzvRCYNtlB7dH9PfoY1HIsemqfPlTAWCpkQPYC5ujNzu0R9t/rb9IOsvBNvx5TfwBQD99whfh6TjyPfAp8taYOvBLVWGuSlTLNovBAVPxLqW+Zscx9/qhHaXuusZJvRQ+ZEiunjNFJEDq2f7H4i/ANNbjif9O7Hzc88n3E5ByEH90mSzSCsTCB5LYbTX7Q5VJeGmR4ywPznV0UQ40pBwteo5VLrfbzyamVwjusoKsSFxNQVZG/e1CJy+rPgVjCB3bStJa7LeX/SEXNDtMaJFZJFYlkiAIhn6YvS2pbl2O6v6e7cnuJObnR83zpuLt0KP2naAP/ulo0pU75cNkBqcfLz5SuveR/d2EgR+fYpRUEwEH2zcMLU0sqGQbYbMxLZOKO0PPPD26pfvd3cuksG5oReh5crfa03Rz5l7wlw8wxihIswU4Q0eeQmikAheBXY7cHzgcAgz2e56qEpJK2wWXXlxua3VVlojmcNZIQSZqQ8ct6w/v8N7Q1cSDCaJjqZm6q7yNraIi9B2XEjNF12GGAwdN1DvKndpZTyCLUR5cQ8JlyXQgp85Myrp4uwo0nOT3rwKwb6rUqA2BiApRA8xc9x4kAhT0DpaDsfRADmO0cvuSyJmG0mGpDdwUno6ZZVierLCMTvMre5FPmd5cC+eQoCcGL4wXyTLoitRpw5AI82t2YusZzZ4STrbefZpFCOK/P4QHJiLh1Jvjm+inqjkAUNH8A7H5Dy/iQ8OA+jnw/DV5y37VFWSCvpaiMGT/JexKhZZvLcMECm9wyQZIZ/ltAqLgP8fInUhmpgjk+XZtrb4QmG2DAUXtCv8jswcQZM/BnfW/Togi4GwY+nd4aHir24HQRdPOeBjnvCwtGB/rQOpQ3GEBoKLjCob3pRrF6d7hfWIF+2P+exPSlw1jhDfc0y4YvKtgHYKW+PI8bvkaRzpFgELBUJbW1k5GUeAYX1sRyOgygiZnmBO3qD+90jKUkMjPSms5fGeTr4KCZn8+AkhYdaJ0cikTmkcgo8UYi3oAzPo3LnpT/j/WdXwiwvIo4kdpM+QLNT0RGvYU/1FgnBXfuO2ZmtSZUlHLVh92TbFBK9gD0BAbS/Ek6GActTETOfdum7quCzyGVjebkyh1A5la5CML2gcOjjWQvwvg/kfGJPJwLv2AgiEG+ddrZlCzWxwLvuIIttUdub1ua+n18nz/7uI0iPd5QFYjhMuFK8xxQCPdV6HEpBkHPGaxJq9/YYa2UtLHBqpOYjhKya4Ja1z7gqSlINnu62f55KHwjJcLLYF2Jjyp3wk8TWPQGPLAlRWSAYieWLpY03MoNH4GGbVLLqfclBTVTUzSr/WSRHEm3DBuZGAwftqiutJeeIWNghv2V9gtaQdLILKRiKw4m7nJyEM2XNo+GveOYJ60UavteCeyFpv10/P9GGMt2QW2bt230x7QJYEgj462IpeCxEA7N8cSpEWMyR5/cKiIx9siFIBL02b+JmQ+DpbAZJFEkqAhkAFYiC4NUOnmzb1lF5pU5Z6wXti2NU7/s5lHFi/0nRrX2NdK3+D/OhPEBETWilVNnYA7oJsHEkDMyyFuPiBjS4nsidx3VOBGcVTYf7nX23RFPccZXhTgqOSunOSiIQEz/QruxcirDx1dJYAlNsjc/+aEhQB6meol9P7p+V3CwHXR37OUjDXxYu6CKKFiTGuvBO0W4QWudCt0/PonTBbRaUNukYY/Ph69iipijNmbJNH2r5x+Yf5317c4wQY6svRNxMR3g5pOZdM4usZtSR4Yr+NLpDcCjspItpOeHTFxMzXOm0EYgkxApB+fXNyafX4
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:00:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78dd07-53f0-4fd9-b97b-c9fc950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:00:07.000Z",
"modified": "2020-03-23T16:00:07.000Z",
"description": "Exe called RYUK or ran shortly after RYUK",
"pattern": "[file:hashes.MD5 = 'c908088e542ca306759249cf4b35d25b' AND file:hashes.SHA1 = '80e9d9b7fd95f6529cfd0d94a15d24a14ab0e91b' AND file:hashes.SHA256 = '1c7f778b20d47a6466f4f2b49dcc0e269e62526bb325bb4173450000e21993c7' AND file:name = 'cSKtg.exe' AND file:size = '143360' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAASAd1BQUfVQjSABAAAwAgAgABwAYzkwODA4OGU1NDJjYTMwNjc1OTI0OWNmNGIzNWQyNWJVVAkAAwfdeF4H3XhedXgLAAEEIQAAAAQhAAAA6ot9ADybXhIYJc3TmDdlFnCzgrGHChwaMA0ndl6sP0eOAp5vl/k1spqx1quGjjXAeI3T4m0DMvmqde+Tpl7cnqeIlQhhU/Lv3sSRWY+Z6j5DCdMCGQPzC7WRgQJCom0T6M7QcnYBjV0rhUCnvQV1J5C9Cjrd/PLSdAD9iyBKQ7rq6A2RqZHpSLf5evwcG/jW1cLLZjsOG05u0PvLIcgTXZ1IY9SQy9QIjXBgJTnaGMfDRbBjm7Q8Eb1jdxf7WkVTPR1xZHt7B2pCUwozd4H3KNJsJq0pt0+S0lSsYbm3ORWSqAp6fcU1xdICrXg4tLcOWVgMJQP+34Rwk69PC3bDoafpNvlV7IYOZM4PHx6wbodgtR/QwbizcM40zLb7koU/EZ/2McnAP6fZXHvVIawKyk/J34/XNYdLaZAMqiaNKakjzZiR3Di53hmaQ3BHWDy3qPdDI2OIyzG2I/DaCmEG1OJF/JeErU6+6JhP7n85optbH2RSB+z2tYnUeEetVn6oT5bqFipA3VcBGZFyhmECFRB13YWWP1wPQR+FQF8S8EZN5WIgRJp7R9oYTYtPEHXAlRQBaVEbq2WUXcD+tkwyCtWtSginTKwCQASGIGRPnFh1wiW/bka4wYbEAJFEDPZtbnnKVn48kVMns7vMrVbJm+0K8Y3og/AxT/mXffRgWSsfJU7nnLcjULl5lQuws6EcVoHmN15ozRmgKjcC4OjfwqZWsHLGFzmLwZkLhh8usvdt3HKKiDE71tFNRW+DMTTHr9Msb6Tf0dJxciQffG/arwN3DfSQkPnxWb6xweWMayqkqs/Akb6nUdaPkSl6E/o6c1wgXbuTZqZ+FGjQoWB+rnnirM+Z22g27HAOeT/udZ6B/p+cZPWxxbgzVsu1PCo0050/mAU5vqHJPHUKVgOPCICRYhE1jEZxAVukWReDGC/Bs4xWO9l4ek4RVrTGMmgqnbZNZLgUK30sMzEDqHRWFELXCfvr/iE2neoeejUuGUS6Fe9MlQHh2fqqlpfa2+7TQsBFuVZufkwWG5uNRP6tBCvWFnvaL2XFMgczLfEeNhQ7NSoshwXPCMvKmgP8GCx4LNX+9qip38XEfaAAc+Wj5Q5hDHatAjUS+8TxCshO8SXL1TcYbalhEcBFb8wN+OueQVqPKJou0qMR7hfgfLLMCH6GFGdWdcT/cOM88kC5bsMWre62x0MWsR7LBz5gmT02wtnBgEGqQHmUK0tloyjk+KY220B0RqqYtSVvwlV/1Y3sXfZvUQCMBV+wsM1xpulbzPaIoYUic+fVh3XA1eLhuDRs+cCrJduM+aBx3oG1p8KmpGCSa3RsWwMztRLtJgDJBRxeGrHkB36Nel6fh/ARY9ma5dyPeTESZIOgKeUVyqPDVhO7+rRp/HUB3Yuk4dErRRawCca42gRjRld5npUYatdRdTOBKbrpxBG5JRm/JWo/6ujDOeAQP8gtgpsnZC6YwPHYSij6/4qnbglcXjI0VituFH/HqhUJAmJVV+A0j1zPHaeUBaKteE6PUBxHSC/1yA8AQEC4O0j1zsvV+kzySD8V/FLfrfqJoe3Nnj6MAykvQHKARSZ3aOCewwnkFzpTrBP+6p67+uUhwDzEkpISXLHu7/YEVvMyXyZA5kZoqzRcoigCjFK4LgIgvGI30V3D8PBhwUC8WdgeLoS1fg9plxEER6oSgRMOxYWejbeiqTPyJv6dd+jcdlZi6WHX+PIi35TBdLs8+GnAZksgQ02mzD149Gq7K/LbqAONlrrf9KGzZHA1H1oHvrzNxs0y/xvDpd+M53KJ3c91JJXUgVr1hrj+K+BrT8BM+qBSih/nERFaffFD47yKLCKbxa4NvCCSsfwcvLwkWdAUTt00dgimFbWATSxAYIZ+AL33MNUMR/Zo8wBWqZSkLwa76XxW3XRdPMw+Mz7pIO4mKYcXvmVESe9kYpTCZ3aXwiKZIGRSUXs7eoVY7tIOGywWXZ4c67J+Xun8IFS7A5sAIA8t9a9CXaEmWNtWN9y0dO0GYiS917VCMS0zw+adkuC1v+4/mL3baEowz3fqclwCM5qNSXfeFOC22UKvdjBhYN7hK7dvb4w0vVvRxMQ5Gwt2cKhTRIjVc93ECrRI3zzMy4oM/HWyKuCiOFNe5vZ/o6aYS94iGYzOSEde6Ycrsm+LAjUnFZibzEpXIQc1t5pMZDgTiy1HCGoDlrOGPX8S5xQ7mmfVukFEg8nhPCQiy0l1/lpurhyi3sqh4Prcw57TIWXRit4IKfLb7znO3HIxRu/k96wLw0jxaQAYyZS1j4uPDJmpgcfkfLXI5srjR1TTx7vQzq0Y/JVyfeQ1gUW+1r3twtcT04Jmhk/DgJonrbHRr0FDKG6oPZgKouDRyldBBVzjUdcNWxTs5P/LNTQ4IMRNi8f9lQr4oHUT09HP6Jx5SHbPNxaQEqh/6dsU82lFTNo/eYcTOeKA0ml44Q9LUR9JyZyvG4yTwkxLWNzMsirRs57TAyO5t6tj+RZXpqiGyDMBcNDIuxAJoCrcnOpUMqAczw/FvMEvzipRZ73Cg/f9VevLM68UHftUppGY9JBzEJPALd2+/it+/FD4/WUszUgJzmYRX+Bgmp0MuzO7uUvEE0QjjwEbBwz8GddrRrCgxbKbxmcZYiSBK+7cGDA1S8i1Aj1UsVVIEloNllOLWhjwY+5JCTj4MgNPfJePcye3YzNORlMcWSQP4D0EKYxvo218YM07RPD37+SU08rr1ColbB7tQJtNpw+m250AMmPSwpPJZuEdtEPiTxoJH29nF35I7KU0PAvUH4vBtWEyNEOEd7qzxmaCyH633sg5Uv3uhc3+OS4sMp/UfInRRbGiXQcoijIwUEmW8vOt0VKuBd7JN5lVrSZDFMtKvL8IxyeiNXszoG/w2Ob3L3h7A7WkEvXTSryhqiibZ375hWnjzfMEZr5KFCgEADYeHVs+uGwzsAPsqHkk3nnLhqrJgHOyTqsC9447mmj/8D+XrnESdLiHH0V/IRpJdfUqcQNSUdUZHiSE3nTyertQ++Tlz6LIByGhlcEE1uZEVFv3vodZtsnRumAlSYjq6yYG0zat8rIKdpLcrTCFCM4aDK7C/tCkYnjYtIa52e9i7Eeln0bQ1WjPUP9+lGhXN7CBteyxPI22t/7rXdtovXZvnSAT/oEv7HyYOyT5Mgw5xSXMgfRMCOa1g0LjZY8YQPoG4royYnehBaJhI5WRBj0X47sqfYxZWqZeIzteSreI2k9HYn5/9PpVwgfG+QV5A+sdeqPdqnfCPkwDf0JbiSXzFMM1nxsOH+AC908UporUBXAgMQ5xRwFIzGRCqJKql/jotW7Ux+p4lmMGzQNXlyg4OI6wKbvqPgXYtP/n9BRySvteoqOYKEVJXyP1Z2KNMYFXmgb5QV0irOscCjZbRzt4VyYatCTb2LA0Hhxxbq2C2RdRE+z0w1kBlvRTHT9ImOFzKWoCkdzN7+k7RNRlPALbEPkpd9/d0+Xi1S5DGfN1N6cDWmzNCo5MdwLn1psJN48j38ROgqBBQggRgJmDZaHN6FwTAtd1jZoTyMnKJr/kL2e+CJJ2KPegnZLmEEwTkMdLSbOQo01pYcV7jfQGlisg7tYTNQjz78QcDyVMTP+9duBCelLwH7DUetrFZcUSh
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:00:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78dd08-4070-45b4-8e65-c9fc950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:00:08.000Z",
"modified": "2020-03-23T16:00:08.000Z",
"description": "Exe called RYUK or ran shortly after RYUK",
"pattern": "[file:hashes.MD5 = 'c908088e542ca306759249cf4b35d25b' AND file:hashes.SHA1 = '80e9d9b7fd95f6529cfd0d94a15d24a14ab0e91b' AND file:hashes.SHA256 = '1c7f778b20d47a6466f4f2b49dcc0e269e62526bb325bb4173450000e21993c7' AND file:name = 'dOpMdPWIBlan.exe' AND file:size = '143360' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAASAd1BQUfVQjSABAAAwAgAgABwAYzkwODA4OGU1NDJjYTMwNjc1OTI0OWNmNGIzNWQyNWJVVAkAAwjdeF4I3XhedXgLAAEEIQAAAAQhAAAAw2Gca6RbOkpdp8fFWGOHWT2Zb/uTrArXAFa4cvEyKvMS8yQtymNpHkqJlFSiMS7fwYCF0bwl+LPF7Oj53xS/gtmvnlwXOjWd3HaK7l7CSEDuM3uIImXKiQKDr8TBl9HFtMVmI3B47S4K5leekjVF+VElWspsEiHSNriTIvpWonYn7sNBwztqmFyxh4USO/C65BbElMqj4bVLHXXorlfHbsvNMbGD0Gtgpw5XbroHBTi4Zcxj3cwjh0+ulHlyK8Ng57ri4Uu12KewvjdmJsXyutZS2VyVHBfYN1DmYe29tc65XDBeN27uuVgHtbw3vnCeDMAI0CZgCGlxFSVqwfsug7LdkunDC/F4Oqy7+Ctt6PSu8c/nqJb1lB03rAAmSXY5RskqohqujYsUm9UccwisL0OSqsiHtR8VMOeMjRQmPbD39/4msL9vJ9e2h3wP7wVNTni6A2akMvumz9rq/BOyROXQOwFSbYz/cQBZZ4lNej0mKggG1uOlYOBD+sIdKd0YWh4DBgCwsog/KDzQ7xAmx29GZTLtf/1/NTf8Y4CjqU4/I+7UCD5pzOAlYHXyFS/WMppch4GEDyxzQlEMHNka1NHIOnKuq8JBi/x0GDhHszNyRjgN3gokIducgwQ3+SbIAeJI1ErqMaHLlxI5+Sn1g/NW4JO2YjVCLIznI3HxPqZPoFZDPvDGeIrL+96uHovI0pBwG4iJ1AYYOhx6GcDnJZlA7Cgr0+QkL44I4x96951VtQpLkrYMVQgYyJGh/C9Y6/rnjgiewxop535yKDwRQ5Xm0Uk4gz0wzNRlfNSuti7hXAqVesdXxRyWw0nc0IAwpnvFXZc4alZj+71I4ytvoYVKQnh7bNvxdS1qnSclaf9rkpsgSR/qZVPyK+xn1vI0ZlQpK1CantpGeLMymE+kP5sL8lynF6MA1SNHfjIV9bl73mpZ1Ixz9y1vJyVQoNGdbZ0AC7euNc21afzU15xcy3dR4NbQwXwKqz1uoShzJWe/nDwqPDgXhv2zcod9vaVPsh7KMi1l/jn80L4aABIGMTsf8bKN2CkBjqoFosHAJsTTrIpdoGre2HzomBENrDX3ldMCittZdXb63rpkl7pNw1e1S5PJm/4InzCaqoRMyE72HXhPRpZKz+Xt5rv56Do+PYXFT/r3i1aaC/C1JmSj36f9EQwd8gBGkFgDJfXoz3Q0l/O3d/tbcprRBielIErCnsdpnP55cP8O5t9uzQz0NGzQWL/HppXyfK8sxmUKZDQw+qaDQqBnK3C2hrJFN9Z+0MHSeZjTjszLZYZt+Q+4aytJqGyerI5GIU4+rztL/5z0z/G6VOoFuIHKKoPFxvD+n6UDE0Upnav7AmkdgbGFmWxCWhu32HSnSNKSxlp8Vk+6fUTUR0tQWS/hNEv74JElOV6llmtAmxcqTsyd5tDLWD/6AsdnmKJYKjMlCWA1ffI4HZssDS2L3K3X61Tneld57t5S/OgX+zrQq//TS1j+k2VV0EMcG/fitIHrcZjM6qpoTp2kwG9KPf8tD3FCW3FMcD6z56H4mnwkCgE1mXfWyBL8ljSRiZNwgl+nbOiMOuFBsjiEcGd0jm1mTR3tWou3zZc1LOMbgILT6d63BJsuShWik6thNXLzFFgWkH1OC7rXOxJFiXku/oB9ohdMKepSgheZ/1SMUvTl4B4ZYOjF5AGLuOWWCLw1ltVnbfUikpBVZcvoL54fH3RZT8JPW1NncuJHDRxmlhZjNgXXSlmESRtjqwI618bMTYnI96f2VX7rBp7CI5z7ImnVuTxmBjPa7X8e4K3R6crISRkfHuKYm7A/I3V0CF34X+qzTcAzASoFKhYirepZ1P8Xw3niBKM4ZKkQm59aqh7C1xD2MW+61bxFa5cJ+ACF4k3k7460nJ7vnteJ4Molk58iyrScYuK2qkOSUYMqK7RwN9xri1OwM8ywBMjU6MdbH0aEahz+R+LJBXv1wpwAyQj9W9mNdu0gGj0uueITSXm/CsRWCshjgfIq3LlEM8OBnDNdFFv6qBfg7LoSM2sMuQUA0xfzk7TNZxA0nl7bxamgGGetTh5FFTbG4cvRWShI+DFdfETxtR485MMgysuDSwGEFkZhINQhARyMPoNs7swwMc3QN7SymLvwD9cE5J/MJuY2gAWR+Yo1BNhFGplvOMp7vbudK3zDIMew6pYezKdgC97pczdHg5NcljdxH2S+H+h6or9A7jbWIshSYQwRzitusiqbGFc+cnMHjQEsIQDv30MkV/br2Lg0mRs4JSos8UEYeg3J8yn4BBW6AoCDjmRNovjFGr06VlssnKO78V0x7+kFUcYc20EKeaTm9K/2UilMS2QMtkvtkTiQ13fiPSbw+DSWmiz8G4l9Debkd6e7klZaKW2IC/m7AZxFnSLI1PC+ghw3T4/8ZubdMdTj7fcE5ERP5CqUfxh1kI1FEdd14POio+/dPvnx4dizejJZSTRvqiZbt3J+mUTQSVI+/F4CQ8w7j645QUsp8uQDszu5V2VsFdUzh/n3kFatrg9A5jjmO3jiMdbvhd+ziWH+6z6yJWj2rawl9sVj1Ey+M4aRQXlp3Ez2SOGzLEkvjm6x+DAoSr/7/VXHkF3iW3zRQR3h8ITGXkgwjQAKCAnGcbj/RZGygQIYCZG0FfZP64kGhYBM88D1mJjt552CFmFpzGdRC6laUxdy2BPfn1SPcwUQv5X7PbU04dIoMJo5JoIUbOvRnjC/7bzBWlUzTsJjXZzhEF+A5HuvBrUtB+CnWH7jSIxSThsKNuSE2jrzatF0v0Jy2ZKJoIXv1NDf9y2TGTZDo7MEv23R03P2RSJ1XcMtIuahgOKBA/S7ItZiDTUVXFBXJtEZDxdKtfErL4xEo6gpG0+T3wD+XO6D607oNHjDVvBBcJY1APkNkhFgptO9hr+b5w3CR4yTgCZ8KowCvFlXXfdHlvUczo/KdkHkptq4q8DsAKZtrYv/mHXJqTj9lzYVPRpLdAOrDNYDYA5fugvkrNgiL+E36F6MGZvrJBwZP/ISaSvH/KWKQYih02AI2VvT0s7txlA9SkNHcsg5gLNKrVYZHCjOf9MKJSDwa5NvgXPaXSXDOs8i3diGEgFFkszdqJzylnGCyFQqUD7mdQxpb4j4VAMvVkCnCGd8yBbWAum0Era9ycSmUM0GTaqd58kgLMJXroV/WFSNVbIRiQ93r6kU12aehe0wrQV/ymsjsHc14NzFtQVOjfFzj0yCvzFcuoDFOf5PGoXJrfai2PB7LksT4nwMwEBcrKN/HsamnwM5wOuslYIOvKljqCI9QQzsmUlvaYtiNcleh8yuoQGr1/OmQMNlQ9sQnJCdYxa/KAC2NgbrVoClvAt5FpeG81W90gb0ljA7bjJJuuDr+KtiIjIC5VpI27WqgTeWt4ys3zQ8J8MYBwNtI53RXuVeYL/r64dpRF4JzS/pCr0EEi3ExuvITml9qOCppYnzZ3vm8ZmKuzdm8FxK5wlKnRdfECMC3X74EiK1aHuN6tucjyVLdg1RAr1C3mXOEzaVeFrcU40T5r50XJ1dBBoNIKjQuT2f4qkNRGwZ163XmrrzwkPyzmAsEum7NC+VWTnkzidKzMzBO2Atc07nGrAC4eF/3M93R1HHJuuaiyosH3XE8vlbv2
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:00:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78dd09-42f8-4b6b-830d-c9fc950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:00:09.000Z",
"modified": "2020-03-23T16:00:09.000Z",
"description": "Exe called RYUK or ran shortly after RYUK",
"pattern": "[file:hashes.MD5 = 'c908088e542ca306759249cf4b35d25b' AND file:hashes.SHA1 = '80e9d9b7fd95f6529cfd0d94a15d24a14ab0e91b' AND file:hashes.SHA256 = '1c7f778b20d47a6466f4f2b49dcc0e269e62526bb325bb4173450000e21993c7' AND file:name = 'hOXrbKdIZlan.exe' AND file:size = '143360' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAAWAd1BQUfVQjSABAAAwAgAgABwAYzkwODA4OGU1NDJjYTMwNjc1OTI0OWNmNGIzNWQyNWJVVAkAAwndeF4J3XhedXgLAAEEIQAAAAQhAAAA70Tjdw3HytieHbSdo2RUev2Z7GkkFbL457YcSM+a4RcabXHKEsANexQqo7oNFCucEALD02pkdufc5F8O/xNwSn+QVoCrNnCDL/rDEXSQSwcVzgbIlEm0IsY5cLOD1K+pTd3hNOTFyBTnv7KOLx/9fNoTofjTDm/6ZbKb7LKea68h19jDKqvdUAwM1H0f9vksPLoO+ydI94Hw698jAHnS9lYdKZCQypTGJRDN605a3py4bdnZCZ+6OpjlDJdBNA66ea+ifGYSkHfOJxP4z+bspH1YyudfHbBfbRn11XTa6WWodShWoo4hov9IjBRZG77WmYbpHz9HEYf2bUTYsw060FH1s2SkWaxbVt6C61TGJXpXYQn82qmTsEAPO+o+hAKEaL1e136+V50lM5vh+4IQM1C4DdFciGbxNT8tMcC6acYgh2Y6+cZk5NJ9QvGzMOy+43MiVM88+jpjBndKtLxW8GoZiKiSZTpgo7IUsN6GiPqaeN5zj+RUyzVmdrmVmv+dRSYzzLlnorr/wRoWBjjbRpTTWBYA3S6k71WH74oxAaWY0P2RToVo967H8z1k1oIKaG3NoW79m2zxifYL0e95MZui+yUid3IsFybo/bUxK1s1+s/swCiodKlEAerWzl8ufnbtEj2OZnA6cohEZzfaAuGW1uP6OrmhFGUf0g99kTCmBUm1IyGSv+t6Go/WqH/zxIN+d33hS2YnJYsRkDPIoj2njCAX8gdRCCQsvzN4X87FC7UFD/897T2CxSA1oPnHELCM6GTIUkMzFTFhKWsbgrhmk57quGe2rLhzSe54ummKenjABJc/xzkfkiLsSFbEdl8zH9TGNRGRnme9CHsvv1ctxj1skP7z/KN1A4v+ViOsbTVyBKB7wFOtFXpF4nUfEBBSDCbid3Fevi0QfNAHuGNtLnjV7Bo6Z0xaZEyjlL3NFUmuOTE6xyoBJpyAMe189AJxQ5D4xf0zfyzd5Bv3Ov6EhmIS/acqYmc/8oZMUL60vo5Pb3E6546ZU3v7Swg9rCRPB/jflL4G/1pnQKzdRmwx0R6XBYOJvjwBeQw4BLFzt9VUmRMWg0xfpTGBxwlC7jfwHZEZDXd5CHcgnigYcSokJsFRmPmDni79UuT4ek30f1v0dJcC3xsXsnaAzaB+kJVD6DtYnEAZo0ArMNbq6SolW4Ugp/cgTJY0HBJez50cOuIBtUSPdM7n3dAHNgqOp0oRROS3hvgbGgHQo5IJ8HSyhFKMY2iMQrUtumKH6B4cD8naX4HiJoBmrxlYIvurlhBlk7tgyLfIaSYTekMxNTWtP4o1u4JLsi2efH8Ei/VudjpBHMQDyZDahaJgXQPOuuj12owR6jpvINCGBoB89HziJvCUG3kcsmzBMYpHQLZZPUud7sn/Z/HIQwXUyV/pFioeZvuMtu5eF/fjG5jMDWZIjirXYxOtjzqjaxaKiVNIaK6i5XkESJsHXiYULYwBOWnlsMzARx7dBvyx6EBOI/EldBjGALbaZ10VPhnVpkSxc2GNKAc4qqEX+cdwelECu96tGxZ7zGwj4+1cs30v7fm67Q2IMGlZG+Al8rzYHmblDTX23L8qFv8izRUd5uRdhTJFE04hNXte+FTTd85kiB3dvPKYgxLiXsU3DFLkQFLDiUOmW4YdVzDzx+VwlXvPd/+f8pj5PSFhLltf/SJIyHWiFw/OugP5u6bciLTucLHQEt5fii77qE3e6ZHgMmuZeOtv5jDO8T/JIjzF+/zL1kWZiNLvicivk3K2+S7KN2PaCFH2hZSths9fajsm5lkgQDI+28i7joH19OCeWwqJT9uu7GCLp2v9JViTiRJQS4+0ofevXpzUAc+hBQOIsGkdBdpALkhaya7Hk9mvJ4Rbmeijs6rCR50HDrSDoxi1GBI9msTE+fzKU10kNcMTaQhiPZ0+1tCAGw8fROcw+OwHjBYzlKwL4CJqoxYH3PezHHlazDE/afCFSftpNKB3SG7LRvYtllw88Hc5i2ThzqPxM/OZzjbuYAzpaaiSh9j4gKk+mLhvN57Xb79LqNRyri12MQnP5PZ8fBJaLmM2FsAtTfKpdox7fZ2FSZBVLL4/pHTn93+9DKjJKfGxpP+x/7p0SJ4yn7gJCNj5xVXgkEu44MSY2xp+pTo/534FqFHhfQoTI64JVZowR/cuvGeA6fCilHevDStNwSVeRArMo62DC5TPF0hsBbDPmveXTSLECMRlcXZ0x+vS7U7JIlGWS4oS5HBBnCn9nn0Bl8X0bdgwjqpxxaszW8bw+44sLYpH1nV71TPt/WpdAVFyMKe2W2I7aQoiAkquQxtSijanNgyOyhDokP9YnjoxB4r+WPjZMYYKxQowQq7hk3cAk1sZHJ3LZ+Fza6O2ZJyZ2FYkQOuqSzk3NuCTqb3HFk9VcrlA5OMTwCVGu9yuTPcfHpf8DsktSyvnYFAN+PZNvrYd9RhXgyyahCEtaY5yYAUQMoBlq8EfdEOhrk0X0aOz1wvo3vUGlY2URFgy1D1J6CibFxkkNXT/ZAbV38iDVPDrWG8+OKJ1LZuhvkBXImzH1qaGthAAF1WR7gQRHO2pJ5vkm38Wt4k9l3mKu7dsOE2e4dSkbzw2XaQrqqNx0Qe2lfHfrK0NnIQ/djwSyP7cfhOe1OqLGxltu7YFclI83gtGJYnT0C6PsJk3MZePeewkLYPELWP0N7vSywUsBcJU0LA1zGI5cSQDTHyh/iS7q0PIKccsr7bUpz0MlZX4I7/LmoWMEh211elIpPeInTzfuPV3ho6X8bfAjOBBEPCaHFAMrk40MAjlcnTygzg9rw369S7RDb38LtGiJlCw5afXUkElW3pY/BaP75ZJdfnyEi0nA/1ruDkhqk9GxvqIGs1vh+S0/JtE6Sqhb8067MkMZYUFCJOrZmbwZCV2Kn7cTMKKStfeQRmXSy5KttBZfUSfaLVfBaPzg7KgH7AvHjkPrpofkIW0QHkAl+KkWS33MNQFiIdfPJFegWyINH1/SRNFHaaBFJ3anp9AKCPY38d2tAIZITIgc5LGe6t2+PtZiAv8/WWrR3Upn6MsgZsHRySocuLyxz+/QBv+mGi0lXBJvyn298on0+j3VFCxMMikt1ldxmggSgsBBkpXB3wgxmcMp4rslPsE66C4QUrbDwyfCCCQA+hrWegxNufk6pRbXDk+wGAJRKjbYPw3STsfRUJjM4pgM33zJL4pXbx4nvXVDyl9JPC2o9hoGoJArl5dA/qssdihs4WsC6jq75lSuRBnbEwleJ3jD9KofnVYIROFVCKHuaJZC7P8R56gopwy6PWVqMY+mwolLvlq1MVhR1bQAzUgzv1Rj5iervszLsvEcxhcB05I9bMGu8Xs6lXkifAaRMSxfS4AYlHhSkSM7pO+JRizBZaQ9xnmNEElYtXkYEcWgfOv/ZvqfBQoP2O8OWvELcDGOcNolNAVI5yr9oRat43gNDHBTZW4JJia7ZWhJ0QwDUE903d13xdasysWBHQsaNhuXY34Wt9i5TcHC2tw9rMQSOXt1if9nFGoOvFBam++zdz+TGC3mlNs6dRv8Aind22SJjFrfqkrn9Yo0muF914cBqZoHSGldWvyL96GF9we5R9DLYcTf+I0g3vnzrHks9LHUVU2C0wUKbMJEFkMbU
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:00:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78dd09-63f4-4330-a68e-c9fc950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:00:09.000Z",
"modified": "2020-03-23T16:00:09.000Z",
"description": "Exe called RYUK or ran shortly after RYUK",
"pattern": "[file:hashes.MD5 = 'c908088e542ca306759249cf4b35d25b' AND file:hashes.SHA1 = '80e9d9b7fd95f6529cfd0d94a15d24a14ab0e91b' AND file:hashes.SHA256 = '1c7f778b20d47a6466f4f2b49dcc0e269e62526bb325bb4173450000e21993c7' AND file:name = 'muIVOiFnGlan.exe' AND file:size = '143360' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAAWAd1BQUfVQjSABAAAwAgAgABwAYzkwODA4OGU1NDJjYTMwNjc1OTI0OWNmNGIzNWQyNWJVVAkAAwndeF4J3XhedXgLAAEEIQAAAAQhAAAA9BBqbHrxhWrPZwyhFOuF0FA9FLTnYAhIcti1Vew56grx8Sl5kXmL2Nrdm+c108BDR7uLswEUl/eS5r+VDq8ad1vHRDu4VM+JrYDCWg56Vf6yaqhri92CGT7sjnDogaWu4g2uHB/i2cJV/vaAEP6voRTlyo37RorIJ3s/s8f8z5i3cNmNWtaNF7aYCKnnKSYOdlXexE4j7DEXk/m1qvdx52q9KA4XQMqDYmZ4IPe43WdMj7R8IjRe2J8qvhig3cSdGhuq8Rn4duZtTnz2WBgSdEuje35jCfL3eo5w2TaWPzxXSleZQBm7INr0ahicyuljIY/1tAwS4ElQ2+kKcjU7bwatM8VX5H91T/YcDY8KPs2wzC+21tb28/BAfqZuOzT0FQkKCSfDEGkxQonlLR4M+zMRvv6Pt7zO8hMz0k9qathv0GayRecFV9wImly5etr3orVx1GxNtCLcVRH4F2sZ+Ugd9WUdShNCuFUwUbKPSfA40vDK15+dehaTJSkzzCcK9KfnhNLr2/nRySj60KsUfYqy2litx/qMnL/hgigGM5Ig+ltKdXvlD6+tI+DmCibxOPTOQsZB1CCPRnhos8SSpUKK/V6TdetK0yoa0rBLLhUtyo7mBWRI6VMGhlbIMWlhSfzTMOR5aAUPAxj+P9cD3BBXhF7Nm3d5J6L1/eDV3Hac3La1PU708xlLxQUINO+19DuxOh55C4ajsibKGxGKR1PQA/+tsaT8yYtB6DbP6LaPUuHCxPi28Jx4cWTpb6IIU8+NDRjKVsvb7olsD8eWpySvj+zOZ4r7SQsi36qvPppBD3T4W5DOEnrjVS4pTBGUAlGiuHP34oYTrFL+xubEKhrGKwU8FtDFfZQya+FSriwbJVf1zXPnXUQAXOVa9cNZdZILCoEeRrQw+ekOazyfX0nNpKMR+wmL1zEoJMJUuXvAOmZ3YA2QIBzrRHwSIYD1CvZ/06bl3d1px1AVzfBM443+7i/YIxBgIppVOTfi7WFwwcVPZJavW0bTq0IXqJNU4xmzmhSDCRhdrDeTmOoZ32iq2ajnI5FOBQZzzpBUD+mB5vmaw+Hn8SbuprR4rvQ3DpKc1LImhBPnjQb0Z+am2+67dZ7CUGr78vB8fuFaydR7qE/eem0UhykgTx8OMN69DGgHiNm6cw7q7veMziCMM2DqVDrY/zNj397RlyPagCxnNmXYlj92+l5xSXW2ftaQjPkIlq7Tb81vcAwj9pD+jpsvkOBUVVEQ4kKvyVnSPeBiz50ObZcn3HZ+983S/Qgq+13N9xg+5NvkbxcKUdiJxkNUqzGUozNQiPKcSzRzLXaDTDiJS8Du19eq70zZHkvvSceBa7hZDubyX0hakW87XC8R3WLA0EpK69zeUHpkGvTMzPBpyIKe2PoFxnCzFpnmlRnzEzE452EtseLBMkytULkQnSjREFkICIb6iHzfAHh3vxXA3fIFUQ1YFTms26TNC2I9NM9JgqLsJvFAkUyokG6EYVu/7Pvq6Jl8IzUedvYtENGvsrPcELeJeao6jnngsXLSaBR7P2BgSoS4UsPBngbTsIw/Y7NOhJAjfcxWrKz6qC+1p0T6LbYTT4kEtH3VsIke4hY7qX1Vc0frozaL+Y3m+EPdopEFqvJoOlU7iNiFFcEJ8QVfAGW6DkG4DIKG7CDx23S1ZikPnqtW3ShuaRvfjlRmZkJtA21Nct5I0M14fpN8nUr6+QfYFtRdQeJgP4M0X9n4Zjm020bFtX3XMPCfDfR9J2BAKhqAnGGeDCfDLPkNEjCSfTk9QMnXXPZmo5PiNjTpovucEJ1rlHKOGkHYVJOUs+jORbcWeSlpp56FD48MNrQ/WEWlF4udLTpfLnmuIWZKGstDyQ03kCP3ymCxgSzXEbnweghG/cd/TFQS31mGR5fgUAfs+vSs29B03XqHXc37TvCHnVYPjp8FPBtdeH4WeaHQuIGqtM8MI40cqH0HAfmQ7ELKaRgApbW+lW1q78YXnY2rMgjWunvYFTx1EFxnjqMuKUPRuCLyd2zx1YjQG8BmGXDm9msutbrECOAP7uo9EHRW3fOcScOkdmG3wsw5DNgg/NyYTWfEQYcwT4rZLuY/h/P3Q8wyXm896eVZ3elALJPJm1a8i/3XC+7IfLeNcDEp8St0dXqyx4OvuzdSoqRln2CmOd1ADiaHQlvgqJM+d9fSW9sJUm9fPSuba1B4q4WxyHwN68/FtzoMg7nFltJNt1cTW3N4Lh0RNB8JmI4+nN2J+Ohbw+lnZXQV0NuZro6JXvL2iUzo+uwh/jF2F4iaNtPVL4RdyWk/6z47LNNnQDMAzVhUIHleHYcDz5BpvtB14pl2kNQIVYXQ9GKocK+hKEbgwa1TsJKnlihXzdhcZfVtvfY1TPFgQrOY/Y5sS0a9GXx1ODlUwehXEcleNX+aPGFAS09DhxxBCqCbLW5cHmaPV5cKX/Z8ScQzEkHFE3a87sdbeiTIFNkHX7Gqd7ztTI4wipK4Dko8nq10FeHPPdamPS9CAcVPhbWAXIlPwKYLp8bEBUYChfjdkdEY7srACK9HDifZy/eUuAkghwz+QJe4d3aZkHsxAqXe0PAROse1ZOa3sKEB/qd75I+tcgUbxYo6PC9gFuBEDsxBHgtyyjAxYMvTyExZ12X8Qm1Mr+FCQ7rU0NvW9UFvPT4dXEacsdlCz9a2KwhgFBio70sKg2wCfxVEvybcXiCRkq6mQ5tybnud9Bct5Hjvd9ZXzeqFwh5DJ32LKNuaoJKlF5yp5IA8A0aOPAGzNmUEkeZxKpcPB+5Pz2I50yX8QsK2vcgPUuU3zYkNerpvheNBjbUUX3F2VJhp2ZpJ4yIkQSstpEMW2FK2rs7oONwlGuzSqPytwqBS0xkn6aNvKfcjYtjFRaiaXaZMKNBS0HQQ5Ixsl5awDPI3OehUssQvLo4c1dZdBzO3AtPY5R5aYpcj9e6wrHDidOUk3ZLj7WakkudnzdJjR7kxc/JFdAxRCA7xN1xs2a3IPaiR7XOLYlByzI7Ou6wWHlNMgBCkdqAaHHervqlQFg99VjOAhiNrbrdl7ZoqvGgYR27TzPzxf2TouswkCsPDGBH0/8tw88iq1qVkAsMdlh0CyC98S+W7Q6sLPlxotRnoNqjIxr8q4vI+M6ulEk8/Ku9yoHSzG6NcrctinvYMBfdqo1WFJrKxtbiZ95vHU2SDthUJu9TFIJB+6JJQv8Y+bQTArIY8eFnw7g/wTw04xDj8Yu8pDs7BKUT+IBKNVN8UVRQrBlEgN3BMnkNRoumStpHhtMkAvO0e+z5AnOs/EFZsdzt08Zm3x5K130BfxxuZf7sqY3Kf9+gCk1dKCcblKbWMjXMzmdSIsRCuCwLeqrZSyd+ZvS7duKpKXlih+QQ5L31stRQVt9aUzftTxzH74vXUXdpQ7hGDGN/SGHvz89gTKmSmrnj7RPbi6311ndzbXRVDQaezaAp06pJYtCFPywxpX53iElg7/R6Tmx7Ec7onWK382rab/Oxv8dG+Zc/MP6GAgn+yFqaH9ZDmZew/kibOPNQRLgERU+YF36me++WuzRbktkuNyi2Za2sp6mcG0gTVM3P1AIntGhmBlc1J/IPD1TA3ewogd9xOJ46ECzsigO29ALiID5HmwRUGgqEY/p
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:00:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78dd0a-8c8c-44cb-b817-c9fc950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:00:10.000Z",
"modified": "2020-03-23T16:00:10.000Z",
"description": "Exe called RYUK or ran shortly after RYUK",
"pattern": "[file:hashes.MD5 = 'c908088e542ca306759249cf4b35d25b' AND file:hashes.SHA1 = '80e9d9b7fd95f6529cfd0d94a15d24a14ab0e91b' AND file:hashes.SHA256 = '1c7f778b20d47a6466f4f2b49dcc0e269e62526bb325bb4173450000e21993c7' AND file:name = 'vlGEgCBTilan.exe' AND file:size = '143360' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAAWAd1BQUfVQjSABAAAwAgAgABwAYzkwODA4OGU1NDJjYTMwNjc1OTI0OWNmNGIzNWQyNWJVVAkAAwndeF4J3XhedXgLAAEEIQAAAAQhAAAA4FWpv7ysu70oa/GnAY7gnbpB5O1MZywQmqaBSWOp8mH2pzOjASYD6MQSweI+g5ozq1I/knUMmBPp02ST6HH7pE6rualtUwxTeor8iTN5EbS33SLDMYKNh5xbWlIfce/xv5G7wHnB3ZOs5Bz9IMEhPseO/SP1NqXis/HHhVmUrOLkj+tevTQ5Vy2uO3MqEZul8IM28pdjfAo8EacCbU81X6O2ar8l+3iSASBCP1qU2U9Ej/0TrJurgkJR1tF7tF5/yg2+CGGD6C4g1Ztp+9EKjL3K0KpWs8cOjWLh7fBtte5jjlmzO3K6yGxziSVN/TqnRAskunJgFv/RsxjPG4Il/erfw7QYOlxgwldLEa9bKj2jn27c85fHjxFhtS+1+hWtTPCWsN3kBsElZhrRG8kuxcQW73lPGRciN/kMevkVOVJVeUCceNKAFAb0AYczU2DoCCWZmhcfCOf4JAedccGWN2P9Ketw1Z6piBm/tDhXzantRmH8czDaMHGZDoX9AiG0UZvn0CMUn4JNVF0c7aZx4lJmNOW7KaFG7IRX6Q6gjm/WK8praOc72ESJgff8EhHolLia0Ba86w4wLROYyX310ZBs/691vlrZqhq7I3g+CL1vo5wKgmqEMFd3BpuB7/sZ0C3x14kg4RAUvqu9HRGqBhUnkpcmpqgZeqRXkSAuo3q1/y0494mPhqt549ky6Dlxen/FyBX28SZ/+GOcbfZQKOp4YMZF8TKbF5caa/fCKEqPVc4dVZhJ0kUO9Um5Nw/6zRoltcp4TUbgJ+SewmLXh1H2mn0g0Ukb1LBLo2kzemxN1cNkar9XDRn3scuswkgPtt7qvU5rKXFHs3MyBHFpEcCisCT8XE8DmOyrD4jG2Q9b+7xQeVan8FlCFBmfGGeiA0BPyUnjImwOLthu94v57l5gYxVOVE0d7ro5YZ3prQKRg7jHIJyxcmZE2uZ8UJ6mNw7mSoMPQG7HN/qe4xennEFBO2z/xbhCRRFjta6RdCIG29z+YTnOqXQrigVsoWXm6+ZpYb6eIzrPFnIwc+gVbP82sYTpocQy3e+lQbYGN+MnmHYAZDcgRKnPd/lLPXRta9RZlXW1zAQI1jZ61ImAbzrh76RuUzSH/Txazq6kQA7Avf/ZDe9TNRcNNX5wz/sG3RVYgyHW8+hOX+aaDyyT4sdJIFED1EaDzt0Y5opsATYfAXofkjrcZ0uNxoc/Ro39Zacz9jBJgOOSnVUXb5318/yH9EYSGs/F+05W9X7A4J5P00W/ZfYvciTN2yesTHYVeJwufb5KwHxNaP2QFemuQVvCrAXZw+aJh82Ij6bFuEV5uhTGgD0RbkHL75KVyUJSVwx22icZwLF28qrVnzw2tTQ3nUjbm6hgsmpTjJ5Kzpmk6wSQ8iAUoyPPK5jgLiijj4tGheFwD0JoYzJFv00sCcwL4PZEu+wc5124XJEpX7W/l/NQPqns8PufFxXusCnAks7uvk6cYzxW3jyhjTA4Tyd9f04c4teLL4yJM+9cCVOVSFEnQJLU/V6a29d+M9g30dTb1nqUKdN2csn+/4IVC2E9gI3YbqJgyKirjdMzZVS2Fl307UNkZCWpYlat6lZgXKGoQA1GojP7t11elt823C3JcPn3IRADPwMLehydrkJUhKLSP6dksOG5/cBHV1AiPTRcYO/h7V+qdjbXKiiZC/pXTNAXEuy0rzyPQ/EJlx7NY1l3YAq6e+rKG7FWMGyUJTETCVlPcgcGKFcrQlR1Xf1ICKDZThzRtbpJzhW+og0fEx7SvVOcvvLElLWkJuUqdX+xNSRjq6OU3e8oK1tGU+1QqRPCYnQpgNh7MyjZI4JJn9AImrZetcKgQL3xu+7R9gYbHVQyQ5cO1yI8NQK5+6L3FDbdzMRNjQc3PqQaxsa0T3wdR3NdKsWTN6N0yAo+5CyBsgDdEQgghRdO4vodMxdIiYs8B85el5jJBgh+/XcWNfgA9qUKAYAJ8pRAs1Dx/viOgz6BPtNQRSio4q2Vocmga9ue1mEt2ewVtJ6ZotPj7ILYkN/q59xqHhLl9gXpEp9PtNsic7eejmBIZw+YMX+eWV4g3E2QaJYVJ3bLiB1icIZ8bXi3jNWbh5in9Vzw0AZeuOE3Jm/oo6Cvx1uEKJDE6kHwy5XHFqVfeZciv5OBMdrArS7eklcpAgYYbXdh9Sr7i08Nfow1cUG4uqCP1UcAqLrRCe8GVAGiXY/L1VvgCN1J0L6rZnY6qQAWeEtFTO+LY7ANyLl3DfWKLatJ33R+aivP1dz+c96cF+K5MQrBNh0yPqCdvHAgyyOS2BFIEkTto1N1aSow+6hggJrt+WLQ5Tod028X2tA24jlT6g8+e/JUO71EJwmar8AqKo62ZxiFdaTmfKoZ98AgAGdpwvpCqwh9upLmaJK35Xn0iUFwW4ZlQxpvCp/eC5gWUSJgn7ZyTc4swsjwqGn+oa3SiZQLyAon2fCcFc37CM0WPyVmU9pKft57MbcysZs/Otewtwyc3SxCeF5+AYp1vxTzZ8RKuv+6wCCeVAqkMNwjJ/EYgyac7GOyP4jGoiM4igvx3RoQfeINWycDnoB7sSnYe5pKH27QtkDaEwCNSwcqI6FPYUZwWhqesXhQX2lyy0PZ5P/lc4Uawk9/+MzoyQcKrm0jaQXm6cVMJ9pKvFCjelo1vSp2axV1pyBd24WNvRsR0Fbo3xfRnS7UtHBDt/V4aBrUYN0UYQeB0g1ylEpP59ua+0OuA8AmTFREYKHHOZoFBi0HSLhS0qL9KOVB4OX59tMNNoIzdSLz/5nYBjcLeYGGhWuVHQbH605Brp/08vXmm1I+F5hcPF4jLoAxi1+tA9frcRKGVBtiJfegYAI7Xgmms+xSGxb3jLaCrRAKrlmwVOHh0SVkBt9O6E20RDFnbZ3waxWHxlLw2f2Hw1ODdd5iEeq1L5X7LRX7R9OBVBBXhqO3dC9LAeiaRq+qtAq0Qumj3aOCPTUsuJJPoEdOwXvDS9I+2HM6pgwE1urEuT+ZTnr3jsK4UG8QYfam14hhXgcBw5+1x0K+5dMZ7wTMHDREIaklL1v81RHPPMwRyaLKnqIjr9tF68j0BoS6OGsDSw1C8Rwm18ij00Iqwvtn2uSnrdLyuMDZavNxTGtTickfQEHA7sT8D8zNxCNiq/RdJxVhJQU/ta0XGxNN10CHJqSpF62dqdIsspzpqJc7J5fzucPv8MfRxMna3KGoZmXvmf8WGgVP960Fq0huJB+lC8J9ZtgcjnvOcpA9TVD8PPWAYstGn38FECdWfv+Cujknbh69vK037iDrZXiA/62tmm+zKIiNQB7rgpa3uyzWHlbaEPugXgi/4QQidBDk3wWrGqxmvWq48Z0R8YJRwHJvVMmy0cU872UfrlYYoQjoBMjLbizTDU+1ikD6cJftZgJlFI9d/Zmp4XGSoSUriNt3GASCMGB9yLqUoI1qUTRrENtLvtL2eD2VqPw5Js8RMKbkTV42oDahK2M7KDKiRWW86H8cSM/ntMdgW4t8Vlhx8Dfy7bo/H/Esr+bcRfkBaJw7VIr13FKJ+qxuZDfCHJqXRgzgMBcNEFg9UtMuvpxzMMlLwEO9sVOc0mGGGnQUk4vxe7VA+/U+0QCvegc1aKHuJR4Eb8nEVkzte9lND+
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:00:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78dd0a-f6e0-43b1-8678-c9fc950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:00:10.000Z",
"modified": "2020-03-23T16:00:10.000Z",
"description": "Exe called RYUK or ran shortly after RYUK",
"pattern": "[file:hashes.MD5 = 'c908088e542ca306759249cf4b35d25b' AND file:hashes.SHA1 = '80e9d9b7fd95f6529cfd0d94a15d24a14ab0e91b' AND file:hashes.SHA256 = '1c7f778b20d47a6466f4f2b49dcc0e269e62526bb325bb4173450000e21993c7' AND file:name = 'VSuzYpQlrlan.exe' AND file:size = '143360' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAAWAd1BQUfVQjSABAAAwAgAgABwAYzkwODA4OGU1NDJjYTMwNjc1OTI0OWNmNGIzNWQyNWJVVAkAAwrdeF4K3XhedXgLAAEEIQAAAAQhAAAA4mxTFXz0MRuvaZPx6A9IzA3lJlvp02MAaty8wz+6VgJ9WzjVcBGJZ/RSnN83MVIM7V6nQiqU4p/jcySqyQpksFnTeGzJlSyltjEGjAuyBn79ZTGHOjL9FsrKXqAE788/I2WyBFwbjHPJ5piQsZsIS+PPzxC2RTPy0WjMA6pPzdnsaxc1+/iR7jlS7fvlQoEP/wSiBnnZqQs5F8VcnK31EOQQZltxlYMfF7oILZuQWp94Ydt02z51J6CfVMK2b7r2sLlM2j5aMVT8fhL+vq85QYhYD4UMBKXPP6WIVeB4Q7c8QnCafJa4f0UZsBEH+WabcDO0uu6cGiyni9fHtDiZ99V7Qp/giQsHa6DszcmfCA061gvR6gtfhuEg0p7xSK946ux+loTga2ioNRRi1CTK7vQmB7gYDm+lUqHpHWD3qoQTLA+DWl0LV9Bx9FJaVdRooFC+ghiBVNOdUSdW6fTyb/4hx8tj6zCqz0xL10Ma/j+D8CopFQNAzfk/GeJyBMUJCD4kJufJbYW3kjiFqRYq0XVCKcmd5PI31CCRlwmQuyMh2+J8uZctdyxlskzIih7ewMcvBStRbhcNcPXG8aUDSp9/L96zK1fBF4o5/s48CQxFEb4LgLo32rr2WIw/4WpBb4G2sSKgSda/tAEO4W0quxtrm66hTwHPNam9cQ18wh0zdhfm6Upr49ESxe5JZa+KlhuDKqk9CFj1EVToao8gD+HFmjHGBrf6Wkl2+46feormUckuSrZDyBWM6J8z6Qaa7r8zJjE8xcjtt0+GKz7qFW2RElDkV+RKl8ASZlRZsVmflpXfD7FII1f/NSo9alyxTHQvOtQjsBU/CgHQjqpPaCmoMRrcxTAct29NfCMqfrkXiKvENIxz1KntGfuMqhx/SFfOXGGE1XmSQJ9EO48sUaHkgWhXJ2j3HDz1MjcJMY+Upe/Z75yA5Zsmc6hkHjJAYtbmys7Jhdx+7Fu69cFeotlv5bcVPgwHuOS7ncQWUVfanCf2PPRooNqM2aYNpcGVl0MlDKuoD6N1C7QoHtp8yOcl0BLI5X/Y96Zidr/BJj+bCRm3F7t4GfTQbUHhwPkZjNReMtigMpoYrZTLl64FZuwmf0l+uoHMokbbORjVuf1jUUnA70HTB/9wuHgiRmHGy9aeifvCZARf7CZ3Cc5eDOSekenD3UmLUZU0yZhD8276Ig2X0vyx3/nYfMvifLcbB/T32YlD7a9JlpEaXVn+M2qIVHn2KxCWUk8dGTe+uUtWV6IaJ5l+X1EiTG38OeagdwBFhRbWqVX9gN+uecq8IQHkpQNe3osAli5mK/vAnDVbLNaw35AwO0CL58G0eJnH783AKGDNgKdFHb4nWP0DDIszxJJhqLWmfLEoq6J3oZ9GYwpxzttVvviEEyAABHUXP2yGWwl0zLhsD+5QtG4wc0HKatGdi+h1I8F7IQZoJcy+rSM8rcwJhFfLz1LeC7d9PxX3gNPD55abDrBwMoJBu5xlxIz0CZQaklc/J2afrQWilat6r0zWqhvyfT/9R37POmLkZJhD+YpUrPCe+JzJQpSQb4o49FZG3goo3qBQM/vkbSFopNhGub1xzAsCC7+4rfOQqVjAHuY+itvQ33q5cQqwdPYDi+QUt9gOGwPkWOKHP8WENE3JFRAeSPb9Sj9Nkq9o6qIkCP9JaHTtu1VhtZrKofPW9JynwR3Bf5MzzSRxBQvXfuK9cuZeq7nDh+VsoeU8Q9ox03PV2mzDn9vL4wx5A3FoLA/3+kFdDIYEppS8U3Hmz2a0FJLTPBdk7FsObOcEm4Mr3qoNtyDd0SlLIAwVSXaysbPKwDFM3R2OgiG7B1wm6nYj3GUc93ChhuHLSnXmurbVfq5SUTiTc4SSmRLtWZie44gY9SGfHbol1U00iTuXg2iuTJv8snhUMFjTrDvTOh41IwVZzu8y5nUOJOWLJFi5XqLt7UoGBXtbK4odc69CrPBe0zzQcQuG2IX8rdcCXyIC8ad6d7cOp9NVAMoBNY7DjU9DEOuwFpYRqmvX2K+n95Ox4rjd3Ff8NsWG6rq44+JR2YGO9AYL5jiQ5QkIZzzSa9WLr5Srv8RFputiSFsZC5mhzhGd8F71yxT0XKnMR/D60yQrfnUB0lFS3sVDXDeoVWHEwmavXGpEk4afNId1HVh+gg4p9pBli114DbGnMxVHib7lAODLrlTD7Kq8Sp31y8EMPO8NxHy4GdglUIJNigOYU6cNTvrsJaAkidxtYyZPKfXf1yrRZZ3Wy75tQNpLLaIaxUUsSautW+RiZmJYzlU/Iy27UwVJpi5W4krGJP+WQRtq9yeNatsjsf0ZZolWt9cBLCIXuUKzpYN831LUxs3BJ4dHspjn5CXNKqee+6q7t2TGEeRVn6zRCxpCmfAjqDqUfPdoIX3n/sVwAxZhNpy5uOCh1XzJ6YJuVR1qFjPf4BrqNZBi/3au5bnuY3yNxc48udviJAdxLQPkNIHwPt+IevzX528U10DgG3vUTXjizn2zOF7gbGZw90FYwTaR8GdZS9GNm2+zlqsB5nC8nCRfEpMVYMnTv4G9UiSmcwLV16CeSOyuxbLrzkJ8U62C9zjAwIKlAxpTckYjxuEWQr842y0rlNvIYrH35U0lcK7wWDUMQ7fNUQ81F+xhmgYOqDKVgKYe/0rVIAJkvNgvEtQ0acoldgiWS+zUaQgCeqMsAkSQOssIWQ4ImkFWfsJzQPFSGoI9RJAfhmaERGw2iqpkh9C86pxUKnc/wX9KOVLTEci+/6kBCV1lLvSrqnRk66B/sWE7DaGaPeCT5KTHf2NSW19kRBVO4AXqW8XG7XIPB7HFB8bd6BZZFiXNoUBiROSdIfIs9DkYjTtvyPVvbjrggucJNExx2kuMe6UrPS0SmM3JWOZy4lhp0Ftc5TnNMk2KjQaPm7oJ5P5G+zXN3p0PuRtRu+uvwRPjg2owNKIDXAxubo1FuP+uwET8lMXOANSsZ/LkbA7eUh6TANLM1jF2WhS3LXVc2fsQjyuAPKxfSGRxpOdKnQlIYfj/PzDJS5dc9yX0/8TDi425LaOdoQV6KFZm6cXqapkCmGg3adcn+9A9ggE53m3HelMbaVZ/D/Ez0z/GFtAVbjwYXkgp09FTYiilzUl+kJRW/ZfSQSFmzGv3CeR0EJqtDDSpWEN7cYtF1SrPIvbOF83Mr/f2hieGA9xN3g5o/XLzN7tFyAR7jBo8JtyIy90QtfRb1OsyY8X+iDG5eyTLdNAEFhCJVbJfxYO3mMRcbYQ+vuOPAxWEky+JXPQoHQTQXkpxdr4qfTKp7PK7P4ez0PQNsdYm3FI2DdXB1x5gVbakAaAEgAwR/iEUzOd8tp2Rb2hVk16Fe3xWKTHGhsLERPQOi32oJZQr7bx0JfPWtlo0xLSVsaGX20dS5mK2wEi89nWh3UvIyMIMMohc/im/hD5w3Vl1RtZDczpzKty+GYjWsrebLtyyQxXhHstK82piAudnTJsIU30sP/2S5ph7CRu5t29RQt+vGZKfVmVmnSUGLT1Ih1pO7aPmwsvzCOgU5HoOKS+cJjrKyOqi8tKoslj/UC+yz1o12q80KJcEcQCX5KuagzYPvma09XOt3NB1Oz4CU9prKl1OTr2ElAv7/sOg+pg/Iipt8JoktV
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:00:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78dd0a-9560-4f05-a747-c9fc950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:00:10.000Z",
"modified": "2020-03-23T16:00:10.000Z",
"description": "Exe called RYUK or ran shortly after RYUK",
"pattern": "[file:hashes.MD5 = 'c908088e542ca306759249cf4b35d25b' AND file:hashes.SHA1 = '80e9d9b7fd95f6529cfd0d94a15d24a14ab0e91b' AND file:hashes.SHA256 = '1c7f778b20d47a6466f4f2b49dcc0e269e62526bb325bb4173450000e21993c7' AND file:name = 'yjnfV.exe' AND file:size = '143360' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAAWAd1BQUfVQjSABAAAwAgAgABwAYzkwODA4OGU1NDJjYTMwNjc1OTI0OWNmNGIzNWQyNWJVVAkAAwrdeF4K3XhedXgLAAEEIQAAAAQhAAAAMzZQU+RAD6YcTvB06YhzjRzOS332Rqs1uCq6vMijh3hTosD8cnWUv7gD/aOPOYlt53aOzn1Y2TKZuh2tIT9TfTIPTJCyblBg4Ox8+rgOifbEYGxYFFnnDANl0KLr/yBT8plb3FajwvQ4Lk3daRurFhZ/2jcNtb945wxJsJWyHzdt/t4LtA1CT0TLp7jXBR2IZUFviPUGWcT69JHDSYmlunsRWblwTSbaLb+hwHJ+UnwIrt1ddHyP2ZEPvT93VNFpd8k0KkfZCdJbh/Q87jhYGtzufhmS64sS0UNwTFpBnXxgSu3gfomIgpbJjUCyrETIfhmG0dl7ruARvzrtQ4osaM/2BRI2vcz2AUq5sga08a+IAzEW5g02hl0JRwYV1+PrFYgk2YNmdh9WDESKB6UxpYgSxT8CtqPImCH/hgQqg6FhfgXCPg5/uOlLyIeU50yC7+mHPUNKW4cp08SwCwfomso6Ca4qdBoisQJoGStBl0eQ8VCOx4GyyfAPqUOtpvLiNs3FCq8SU9Wf0FJe3QBEHyZfEU/cNMO+omRiZrG77xWvl3LCL3C/9aHt7qrH7azNx1palmNH+E/pbD5hng2Plx90xe+00M2W5ycRSKzzRGfbHvzHfLgFo9wWxmDLQSNGKVVlCCewMsPywluVpdS+CwPrwWWwqLRac7gy9NTJMnVV21R7F9kYfhq8gpLS3vX3txGSejNgWquvGVwmKSM/q4IQYu6vFjfiiKpuUBTvIVBP1b/UNcxI7yXITAnKbGjJMbvOif4xG27qC46pzTPzzcKxvNzM2CzxoqsXbkQfSIhaU/2UqpwuqANYtZytGqoTr4OyKGh+aeqLWcjagCXMUJZV4cEX66t6AJ5cC2MZuK1FsAQeXZAFnc+KTmCD7PJng5m6KwZbZOkAByf/2u5YSVlkwa/UavsfBoca5CkrNmoqqIB66wIlsAEYBu9t+vzpdDfCLf4iZunTRaSgYIjhWsjmCKT5Z0EAykKwWGMeeo3BcKhYgT8luWfkjQBgfFq2/yCi3HiZvS8K/0e5pNJTMz8FBx7qlz1BJEJsgfAo2/wJC1FNK2X6hfCEStPyG2e2JH2R/IqtI1D3FfelbenIiBAOU1+NbOgqjv9WZxpYakZ1tkpPuzj7lTnfNcJIdsCM/549YGVLPAGr74vvxDtcZYxbXyNYyUX5QvwVFnZqBLLe8A3oAdMJ7Bcwn3Qx01+3VuA7r+WcAHvb9IhyB+0rP5lmIm1AQhjPgoTZzmdG9G5T414diVmA+7JQmvYRoApc7a5AHG/ZdtXwmtn/j+Hc+zGMSeRqa3nztjXR0UDZO5R1/Vh4fMVo3t+w+KtFuYDc3O8Zw1ol3Wxwy4LsLUFnfOv+JqxLKlt26ngpYw9MZyEt6NhbgpBesnP6U494xIz0OtLYzgjvWJWuWEqaW0+Apmynk5Ody7/JVMPF3/f2CFxdRC/ptL2yDhbc1Jc5CyZfp21MCmeK5dvd0li7/k7FOQvpmYN7QiKrhu6c7VvFwneIGA8fqHCo24Tk+E7xLip8g7Te/tPHiHnO9wKgzWg1Yrq34oPKm1AqDgDR976+cZJlejA53sDJU8WDnE+9NHSGXJhNussw/3vsXqmWA89GQoocrVpwLfDklKhfBtStoTfoStsJllFR7PdsyxINtwOwzziCr4NexqCQXqn5wHkrtQi5fbRfaiCJvaLwQavYM5ZdzyBY6mgsc8EoymSkstCK+y/NOygcZFmZY3YT2Df88qL6p+57XF2vs/D0Bpcq+bV2YiMTJjv+miL965FqDeIEzhiA4Mlf0EyZwwToASBiYcZcHNUsF57COUv0WNtXSu19EbjXeboDqK50vihJBB8iH0njfv6Flp3oCyqT+ML42R7oH6E96WQW/OV9LtvWcEd5qb7qbm12iBi/I6xbU8bDOOGP4q+3fh2cDXdrHNdpD5pb3uPX7DseXn/d6D3shW6DnNrNFfFlDJzvzHVbon3JKGnBd1POJbnxlAG9UIYirDw+d8wIFnp7XbhpoSN4A96yhlqHqb17+MKcPhiqOT9sQiJk9NfiupO2gdCznxeWXPcLTPUVOrjkiL8rjPKrYJJl5qoIZRBHAJvg4MwqrBnzPeVrVwXlAhkmUPbbdqUaqoW+6Xm2a5J46RluSKodVL32cQR87FrtJbMtolgrXAo8KMTg2wIUQeWazGKzF0IrV+mOWzmZK11a45rShhgmwW5jzhdn2sIdPt+Jm2qRVhDZZbO/JJ0OiwogvSBelQOW4iQLD4IoSq1F17uFnwbM0LY02cTAaPjvHCvDHQuWtoL2/fh/Q5xfzd6+FyGlzK9OolIrPJJr4aAj8A2VnAOloCcKo8d0z5Gn7aEkmeuZqmQ5P5x63xQbjgHOD/wzIOnjqbWeIH9BQnN8MVctEfMkToS37HCWD0cM7PM5GmnCk8YfHDaKN6Q9JBt1OgKDw9XrsveF3f9IPjlrh+UlOkgF7ylU+djcGVQTb6l1d14w6JKZYUz2rbXaBynyqaM7VJ2z6z2XfXqtGtNmnsN3HxZnwBJ+N3qq8UGjq8OJWG4lEpwEPzObiKxzrLgMeNQp9RY+k75x/mucrP2e9VZoN/HF7w7NizzGlSbOlYNVpq29k2+u9epovfmNsXeJj31GoL2A70+fhBX+xylufo2hiLtma0W1htgSITZ6cZOlfv06aetA3WBm3tAIlnfJBStAesLObf0uu9xSCfSZ9xySlKeKnh1mtBCA/hcU80hxY1ZhdHfLW1LJQoRSTwIrlfD00OtCT6jMvUV7x0nRw+4Kz5tKObMmx18PHw+DVn36tpZ0R/6gjCr8DpX1b0VjL5OTMDodmOjszEaPa52Nih0Vu5X7WfdbzRDaxoWt5RwZRiLlk6VPvFvzG6BZgl1GVwKS6neHe17MpRMhqOiGvYko0iJU0Llil/wmz1+20Qp3x5RhgpusHP7JAO5EcYo/2YO0OIBLj/vVzvXWmVO2u4G36u2A/Z8J8ktxpLOyLuIVfDj5OhmVl1TR4lUeKlEBuX5ogwspGO3nAcThOOyUtf+1e92oPHNquIQwUH67dP6pXWNW2udeTWjPbzeNcIsHMQDOtAi9/fatmbyimgmnRzWcdqKPBshE8/gryJsKjp+O4cqMDGHDlJbZoUnkJ5z/a8EOYxL1o0E+9czgap4Uam053umvSyIkpFFR6G9If7M91H6pFO5RsS6xqzBtTLFjgIuRjORx04UmhDMS6hxy0mVZwCIcm4/ppmH7n32Vr7YHF3zn6/pRmCCTMa//1Qq+1awYUW+0xT6QG9nbVlIOIrO8WgRG+z5c8Nwuux8zKb2yY+91bqvV/+0473/ki8WR/tp8Wmm+EKG9BUcGIMdU5tePkNbL+h1+Dxpb5oGWjLXIgvbfvc5BlndePurVwhWWJ6hpkJICYwt6h8tE+qutrsH6gyNFmETiph+rzQbK2vbJ12miAsvfj+SiQ2gul1fZ08Z1wXYewQ+CYn0bprtt+Ac1Nu+8f0y+6KUTGf5Pa8+CMi9tc1vzEghSDd4AlEC26sID56m2G1jbto+3w09PSbnVZtpi+wQfRTAVH05v0n8idIJ1uGI+vhV7ouuThL7PGhARoj7GZ8KUDUTmX71zOvJwL6p5n+OsJ8sUW0k2cqh/xk/HbzwBp
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:00:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78dd69-d680-468d-8a43-4a68950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-26T12:32:28.000Z",
"modified": "2020-03-26T12:32:28.000Z",
"description": "RyukReadMe.html",
"pattern": "[file:hashes.MD5 = '707cd0593aa6917a81cb18571d68affb' AND file:hashes.SHA1 = '83e2c8cd65f1a124cd680c797b517f67f0f0519f' AND file:hashes.SHA256 = '0cc351f09bf0de42a100bf4bc30cbd5e6e613055ef35354d0b8a613a748b0c8b' AND file:name = 'RyukReadMe.html' AND file:size = '627']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-26T12:32:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78ddfe-49d8-4865-9313-4dcd950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:04:14.000Z",
"modified": "2020-03-23T16:04:14.000Z",
"description": "Potential Cobalt Strike Beacon",
"pattern": "[file:hashes.MD5 = '4bd6b95947819e3175031bf917da0e6e' AND file:hashes.SHA1 = '90c80b856664f041770637ff6fd9dceb2a5eea0b' AND file:hashes.SHA256 = '28a40dcbe6d9626d2115b76f3827017ba7c5a68d40179e9b77955f0b13ac25dd' AND file:name = '13307d2.exe' AND file:size = '285696' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAIeAd1AyRGSJYE4CAABcBAAgABwANGJkNmI5NTk0NzgxOWUzMTc1MDMxYmY5MTdkYTBlNmVVVAkAA/7deF7+3XhedXgLAAEEIQAAAAQhAAAA0Mb5loZmAPUSIHMQD+V+nMvaVTDzFXWa18Cfz7QAN11jOB0IS61cEgSRllP/UeRAwXzexh9vEa9ywsvmmoWc4X5t+voYpqRLdmLYpRjM5VxU7zQPBO4vpdFiiRJYnkrHoe8sKIr+V35kSa3VbpBYN/Seaipb9ubvhX22DCFbtF/O7T3eTq0QKMdlaksw+gbH03+QdCiUduHkdQrgia4Qt7EAj2QXey/f4wb43WZNZxQRXSn51teESuxHXCcnMpxbJYFCp9f759SllL+q732umjoBog6e9JbGyX4Gu2nv/jj7rwpmxKZeOHGLu5wXqPsp1MpMw3JlOGa2wyEPwetBeEzPcI6URrzdrsRcuQpdOiNGSafBa8Lb21WVe0P9R6fSpKfxLd8tsd24bHgwi0jPjUv6mgKHvaaApn3t6KqYR8Q/D7s2E2/2gwW+WMdygRlTslVIc2b+1DoyYq2sPDpaicsdUtKqZBHUgXpJ4W9p2SdGX1ijAUg+i+O0qh8WPXmhoy/tDKlebfS64iTUuhFoFS4YZ6YRNkn+hCYYUt6Jux9E1fcvbBLWepVmBi36IGFIAxoINJdr9jzcEsi1SychKzQDDbeZlF0RcGVrfJck+hARjbMfG1GjKSLMrgL4Ili+gcjelC1LvAnXRb+RX3W/jOVBWaHJHp0fEXdpR8+leUdfd+aj7zJHlAdZGIHvD7ywo71Ax4lhbYJqpzWxOH3zjnWFxueB3/nWhnd0IrFkVxQmQu/XuEOIoOSKtlxEPyRjt2sIKWf0J2uGjT9DlRhCfYxCc+IHWM+wdYS3PGvp/cRESoo7f2PZDQAHr3NMGOyhFQAOZI2R7ZIKzv2zKTEtiYjJtNbhK3Ya43tg3xxWDLAvO/I/JS/s1KXWzm+QGfNeflfgJ6PVyYdqejLrV5odYZ/ulmr+hZJKxzOaXziHn13vKHtAjUpLwPwQa5gEB+1/29oYvehk/j1xPtrY1K9gS7+A0vWolgEVGNS1lZi+AAALY4JBnfFWqKjEv5DZvnm3LXIyuw/8vQwlKF0Ec6rTolbnwMIV170FDfPhbn+x8FeAmaf24nOqtwKRax/SbdGwYLq0bUmnrJ9galP7FXnuYToDsd6x6v6lztURY2mdLtwI1LBd7tYkoX/R9DfHmf79plKUrg38fP7YMptrX60kCL4QyroLGmHHc/spaXjpyunxtyrcZRQWi2Jy3IH7dF6bbMyqnXjEDkrGorOsRFEisgK89+tpHmtpDUbFnr0bmvkttS1x/DL2NnGScL3ZliyrDuZ2yiRDrRrUQdgtaXd9zJKs1tL6q8SDrRhOxVKlZstzcHUYx/XEFIk8BZcaNkcrPsiqsfVkyoaB+OBt5mKVU62qkT56J5oqicRM9EDnfg+9FUXwRid1JtgynvvLcbtQpLKuRX5QSP63qTeyYtAe/3Xs2RGq4Gh8MoJv5wt4poCxTAIVfXmt9EwU5gAPdSBajW6BGi7woOms/pf6cegZJsLf/AtlLQGAGpv9WbzEcbL/YCrOrCXNZ6s+Jk3jNbsOWV9UjmJNqyqJaWPKELLJ5OeBcy72FCTMCCpMB8nPp4zsq2EVBvlVFhhUcdwhh8DqjAS5Vi45t7Q0PW5abHzSKneo2s/N35gXR6h6uHMs7DifzFsFkErl4lWhUNADhJG93k8eSbVyiz+YZ0EfWZeI1hrb2rw9JmzCKRlw6q174U6YOnFkMv2E9P7YZ4xkgUOmF9QzQ9nRK3rtnjT6+3lq2y6eHb1zO2/JMqT6F0epqpEwDxo+K4Te+7GUrb4GLdpojdU3lPyEXC0R5gVw9lprJm3p2vhcPhy+B2N/Gb7tcTwBVy40L34U3kvKXz1rxiuQb3bceuJQk5i64bArxq0shJWLXk/zQ1xjvfyH5w5PXes/xIk745aQL/t9MtFUaklT+m1zOz2V9GL8OkdND2awzb9mVArUt2cm3XuqodeZUpmCw7/1hiu18+evQTSiodqiMaJ8kLKlJ3XpC3bzf4zxUgYZEaiz07xuxjzLhMv3LwWN0icG1TgDvKMepAp++hcRNceO6R9JyfAggNCvelMk0LybwgukhEWu2k3SqxH4Zi+46aN3DZhh/US+WAJRqZPOTH26XF1wr2HiLXS7pA4cvDiFWrU714qjgsEm8rHFg+PJhxp/f0D+S/w4do3nq4H5RPVX/66xiTSUBVRlnaAwJOp91Tt+s4ZGKkUqz0X4ru4dIpH7tUNct3kFwD2a5SLoX3Brrn2IkRTg2QwzabJgyKXVpzRcgpwKIOR178+50Thh+drCFBrGiKZ0IGEqt5aRb2Nod5FyxtbpHPQ952K1wORAei6q/w67tgP7C8KFdNV/ahAqTbJKvBO3bwcnxgbW+5UhgzD/YNbeW53P3bH9TFKc8A9eEDKzTqgQi6ATGR7LpQ/Qn0klQDsu/vA5XwOCbiPnhXlKypKVYTo9qQ7VQAq8o1uR0hHpFZu/8+hzxUus1rxPhf6x9uMom7KkHzxe2VritvokeYOvPs1Lg6G7UV6ZxM4YrX0iYDfHj1a84/G1h/5Lo2Pg+vXD2RV2sxiWvdOQ9tMq9VpToO2lUUXYKWtkhCrIvWJaGRpo/25vvbyTB1IajcXgjEZ7rYfdFvWYTFkq4VsZMCSSuRP2zYP5cRbdbdP4lEwQZFu46+SjCKiAN1yyFAHouv5ncQ4haj/rVAfJduETKIWm8Nued7vOoFpQTPwNocP1x7swT4F1j4KFMH6eYlsYCSIIEWZ77IeqzCnpojUuc7+5GEEIQAJYFo0uzcujwuJ4iz2PNdpTs1kPFUf4Jv6UhQ+O4t3znz0KevaMoeDsUr3HFZTaZdoAdND4lmFSD4dF1JyKMTkaxmL1QDKEw6RZ5JtIBMXFPO4+ibFYv0gE+sc2UaNijx9VzmOfksGbCbdhFDvrjHVedoCLWepcZWyNyrdNkcw7Zk/nXwVoBaKs9cNGmR/9Byc08g6U52FWDe5hMRn4X514/hiylmrDfXE27uHpcKfpZiqiS5MWwFbNSDMaGZ2NZqzMtkpG+XLHvt/fSYOB5+76DqjTr01xybhsqf4TtBGP+P6O7MZVrSgNCvjAm4OoMAnR/nYCwIuS1QIAlbgBpiXNr+GQezR0PPr7SQuSNxUnu5uhqDKdcr8BkmeQCPT4UXqhVaiXhsy5ndyzgoaIo40Zw23mcK/ZkEZYNlYYILyheEi01Wx/n0iCx4zY1v8aNjq8ViQ7fpPn2MSGYM/CVPIz+CMhFYJjq6S/o9eY0RGpCue7ZW1XnY4qfLR7ZPETZ23/l5ZAIz3/bBAtV56VPHvOGnCSTevZDwV05ewSsGG+zv0DuzHvDnFj0wGBLTooPGNAeV7W2pXo+Ufk8CRnC4j+ste2sxEbLhGfX86/Ru9zUXoqruiKXH7GLW8cOoFyw35Mt1itM2yBGW/9us7SxmUgfyVhWEYjDdbFYlApac1HmI/ErePCWrS+V/nOKzr0FZAphdpQlWIsW/XUPlHZjk9zeP+CahzFSJ4G9cB7UtusyBPZnR04LGWKjs0okWwRSjGGZXSEyQDnjXhOnABWB3NX9Y0aEDTrGMPBkF9o1HYLXNuOb4CKaa/QoMNMfVZZNXqcT0/2bkXVG772GYCV5FBU8KeaNTrMHLJTv5AX6NnOh0l
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:04:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78ddff-bc64-4bd6-a15b-4221950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:04:15.000Z",
"modified": "2020-03-23T16:04:15.000Z",
"description": "Potential Cobalt Strike Beacon",
"pattern": "[file:hashes.MD5 = '9692ca87687778c5a9d44100e6a6c4b4' AND file:hashes.SHA1 = '3e2ed3831001d5abd32e581e31b4fdb38a8d3733' AND file:hashes.SHA256 = '04c1075572d92c5281b82ad017db9b2a0f6374befff3bd69e1ba81b722c6a9bd' AND file:name = 'd417c9c.exe' AND file:size = '285696' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAIiAd1B5BYsU104CAABcBAAgABwAOTY5MmNhODc2ODc3NzhjNWE5ZDQ0MTAwZTZhNmM0YjRVVAkAA//deF7/3XhedXgLAAEEIQAAAAQhAAAAPYkus58yzfoO82X9UhWlCHJwGs7KqI5AkiX8aZ/gBmgpcH76m29svIQo+z6moyM5G1oGJaIyF1ewCHUPlvgus0fYMUKqMDAMgkJxUBJE2xyq0CjjDWBoQWGLBqQRee9EGSDzohATFb1jQKTkMJ1Q4ssZbnX4gCHTfLDj7sEKDr+5biK9ONEMRAqW9QPA/k4d9iiaICap+43q0cQmaQuf5eGNpA6ZqbnoI4POPSezxelzmmQURSLTGtV2IxZH4AjbjF8iSxAf3WYBiC9DGnsFoZq2yBGgRfsJpqRJeKjlCcxhqNVeuFmpINbUOxVtaVZIhh31mJ1RFLfngrAMcRN5zyIQNsxNe4UozkjoI2Im5p78MOCR6rreXNjO6/Dj1GRZTK4eCF88Vm+AepLZ2ETwBdwu58W9ki88ytcpNTvN5tc9u6MrbEXO6Gl0uDKoLFn/PEeIqW0S81gEQM2axv13lcGKcMuZynzPTk4hWmzb+EqPv4jtZoEup7vdGt9WnpAriZXJy3yG74ZBcTZjCAIsSNsJk6mPJtdJAaE6RB1yqUoU37SirzPtGXKWeUjB/EGHuM7EfwsxwPw2ObcfpqfbfF7uIQFk6ZqQPKaC+uQxlc2AePbbGclfBTAZwDGUqV+JrSTpYb/rOVN9McGIkg4ibcIdK9NGItOUFFRwCAOLC7WDR0V2Y2DIafs68BWFUfXoKCmYukvI1YnDOMMafSvsnF3K+nK0I1aVFwg2y1VXCJ9ZK3U1LiMqhbR3dIzQOmAO5aFN2Aj/wU+HagjVXljnI9LcvwkyF9LXrVCQsSJfP/2CWR89/Q6G3xFSQugE+mvCiAJAhRPheuexdiZLZKzKD/RR3jqKy/gmzDymFeY+uKj5bk1UVNgbh/4Q9pFXUEVTXAn2tO8A684NOLGVkc28v32j4y8Ntz2eKbJqTe2l4QsQiRtts3zRVub5t1k8RMYHLTBzGkiihngdhWtPbvWbg1ZlsG0k6tZ/rOCOAQKKo/7Xi+bE28K3RGQU1UxfMqTMmO2Kptt/7URn+X5lhiNbakTnQKqsexLksmiAVWnsqPr+DlIRmzdv5wv6+lq5+om3FsRqaY+59hHDNNY4Tf23vz1fdMlRyHA2I9Ye7ALRj55qzCmx7P3RCFnpuA4EzBrzl1Lo5YKZQkg+Vsm7lwtfTN+AbZ7q//UVO85ZufVqjs+b8W0yI8B+LzIRWeNyl622YqB4krMV+g8jAUVV6YPm5RwkEuu6OvWLvIJeOli5WWdWNIg/lcWALBnIz5F5m8Bp9PIWnudr9irtF6Rc1MF+wbMiRvYDZ69JKJzfa3LoTxilry3YnrpODpD12kzgjMfxvb2vB8rpXWurfejWVCqHjNo/6Mx+r9Tgz5Z0PTGunOfZYh/XHexGwxfUgRVZgEZ2q6LNzPt8adNgaB/pp5/iWaIl6sn95SBmxUz8xS2A4n1MH/lGiHiuhc6rQ1HwPHZ88RjiqcclgmDFQlytB+/IUqAa6zX/pwyX2CAQMKL90C4xVJVQZVq/T4bzIZ3U6RsyPmwIVtWEvCqC8hnxeFcVO/XMXf2EHfKVq8ttj1bkin++QlJoqdGp/sBRuZO7Sk7TLVOz8B+RDK1YDRVMZZApnmGfAR6P1DxFQrLs0xOHyfj4VG8oB0O2Y02wcXYXorZ/zTX665hsTwQ6coEuJyBznATed2OBWJpEZES9ReaziHDa+DjjSh/XtBGmtGvKNvnfjHTC1o4s9LjGEWtJAWbGrNYEkL81oHIfeBYFwPtuLviUbT8hE3+vg4VnyRoVS7OJLH32lSxzJTDAI9BcGPp0lHffxUQv2VDOm8hY3+lxNACyejtb1NlhY3q07J/mtyp8vd4nYB3ZvGvVn/3s3zXJ3AaSLXr6R1HbNSGh5auGOAjjGwrp0dyDOoRfhYRFZsptiwvIoPdTBqqd6JahD+MnMj36Hag0mXujdI7R2+70v/Z7hfyafuTG3yjZvTjfkCSCJpUf13/tOwOveJZVBRN81rTf8EQaFolqn5cEZtGda7D+UTbPsajQNKszZCDLYFxKnR1bkkrVxOxLhF2nPmlXUgson2Rbyyr28/Z32WZ7mmv6vmb0xKWY3QupwQQU6yIwUV/uxbXZVqxfqL/U8x9/QjdnJykZda2Xv2r/qsHpQxWz2jweyolkM1zgWlgCseYpHyqNJYsXSUXyCJfs9RhR/IajCRGhA6dVxvUUK3n4sEEM2k0tLq5rrPMxBSxKNrXn8Egh9xSVYVG8S+rZ7o+zOfOqV3LrpbHCQxNU7M8WrC20e2GwqRUI3/ynfJNmBAfj+1UJP96PK9N83EgI7H0GS0n8BXegKdSYxWZA6GjsyN/UQ/DM5a2N3gKmforpq8mLXZpoHbpYdQdB//siUHqAnreEhHoTSd4TZ2lc0amfbvo4OjZ3V2/0HBPKvbW99fwAfdpUjMZaUEgapJRvs216DOdv0KMXCCcRjVP3vnhCZdXkyf8HJAq0PcU0ZuXlB3hq4jPC+1Z6PIilCfio5p5GxtoCiIx7/rNGrx/+ePezduGmRmftl/7G5eR5Niu+weZCugo8vtfywUdLWFUPUvpjQa8Jvv+PPkQNG4Aa85hWaV2+J+fO2omEtfVsp01u6eGNHfFpPUytczX29246GRU5ocSDeCeGFR8e1rB9yxQ2T713wivt8Q1qVlfl7WLPKVd25sKFxEmuEac8MKk1YAyojUK/xlX+L/KqkV8IoOkXJRh73S2uJOVrp1LCHqqbtJ6rftN+18JZWRFK1eX5pcorWbZQefWueFAROfmuHgf4GpGxEAiCcjY9Wr70U+8d2zDxNQsy6lNTzG6+TxXR7rPdF+gPY8UZ377+Xboqigzu/KgztPVmz9mfdpcyzzTqKa2MCI5pytt7Kdup8z+AF3uYgATF/R0+e1HQ2Ksb9HYtcFp0F6O0PbPrR+HiUtIsnYQIkaq6rmiAnoIR11YfZEYGcO0BFmTED2pNDuP86FV1PgfSH9l2ouDsjPvHW2qTIOJ7yI5UwNERYQ9jFmmoKV2QqI9I/fxgULbtzaCjLzkinROSbe+IrLozWOQVfHFjHBMbtR1U+xqGZixobdLitClNo/85Hx8sPIR7vCimGc1lp/aM/lCEerV8Bni+XVu78U9NQhBIbQTuivXZbIm9tT8/t/Pj1hbUv9pYBhrj9zOV1vHzSgtRdaH0Qt0CjbSg6Am7d+ZuIIQ9jRA8HNk+n1sD4Klz7XMCikJT3K5FBNn7KZiVvxRuNfU2c/mBOmGF0xr8QYYDqkyp1lswYa2TWKOZFK6ZeTMEIRMfA8chsqauYn/mOGsnh4DvS8puQgDXU1SaZWCYMic7jusFI1qT1PpBynDm1ZTlNh4+v1QNTzXsQ21PGp8Ss7hyjpYUYF2IyVq1pPxT2/DMk49nVOhyLAuyu5nwMTILaJcolZaYPzc7GjI4z7hQAiJZqGazJhdcoqSTG9tCYkoOcGXTjxx7BEcViv+XTWac91WWnyCYKhtXN0PVO3rqqN4m2tuGKwUvJHKi3fNVVDZoCBMjAZ8I7V0Qvn3PGvrRqTg+ZO2yLfTv+ABfMcxX+KRsWADpp7qpU3Y6PwIE4Zn88V1LSc48kZvLKN9+TPFPkvWjVhUgDXJuVpVGwHtTENK7kWZ7fITALjf
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:04:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e78ddff-1490-43d3-b74c-4fbb950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-03-23T16:04:15.000Z",
"modified": "2020-03-23T16:04:15.000Z",
"description": "Potential Cobalt Strike Beacon",
"pattern": "[file:hashes.MD5 = 'ca7b238df0492720bea33e2c0af3f552' AND file:hashes.SHA1 = '18a45b60928a0e516d641def15fc49127ef0888b' AND file:hashes.SHA256 = 'ca7f5a7897bd4725390df3e851fa19e54f9896f5cd27c1ad0f70321711963c51' AND file:name = 'db73b2.exe' AND file:size = '285696' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAIiAd1BOHzw+3EwCAABcBAAgABwAY2E3YjIzOGRmMDQ5MjcyMGJlYTMzZTJjMGFmM2Y1NTJVVAkAA//deF7/3XhedXgLAAEEIQAAAAQhAAAAJT5MUSv3bh+jJhABvMGvsfo+4ZOt4e5cXVlueI80YHO1o2C1+e2jn1DB0QOTa+rDvS8Ub25R4VZwx8mrcOob6FYlsRLMOMnowV1yyoCi5fev6zqZD8Ba3IvvAdfIE2xx1/YdD2Y22Kp9ZVfSdTwvkuP9q1PbCWI7ro7Nl/D70j0YGHL3No1BCGUZamc7DzAaBsnO9Ew1UAQRT+xUBC6FNTCMTXhstmFBrmxTfxS/AeNKwwSNZ302KqT3FIY+GtPmkWYWrIXCuIYGDCIN3trv3zBmdLv/iv8OBl+pL2NMh9Vz25RCmLXMUCGhFy+9HXPSieiOUFNV6bGYZqh0qBG7Shz2e6l7Tup3hdb3PiEs6iQ4tH0I+0IICIo9qfhAuvCgSNviYyNMSyoUxgSWlF0uWkaLTFYyox3KFXd2kMkbTVwIOu1e9FpHbzIzLj67JgDKwaVUvWgvk0YskkzsMeL8T4CsEsIuqhDMmb2lwJIG843YOCiyt5UYNK07Lf2LniSgW+DRMTZbSnm9Zas7KMEX2Dy/s7hIANzpClJlQrqaOqkzQJtY/1H3SZDegjmp7O7XFEXGc3rqDiGFbWY6WQ0rrKPGK+N5Ui0UfZBFmh0UqeTtrXJUwQLUDqe/Wba9vKdPSCvG/SpbgIvQL8+QlbBp76gs+TNMkpOJCeloL7p/hzUk5RKaGSR1ovn8EpcUNgGXLJ/mDWBhgIDpP25/H8IB7AVurZSZQJkf40amydxFfOHghlIk97vOaWcQGdEqxWFdm993/1v7ivI2CMaF1i1EeIzISH/+6meETQeqe1gOo0ST+TnC0v477Jn2OMhB4b8N22j6Fg2g0tJCPI4HA8SA+OASKwdwXauTujahkqP64YAGHBmLcg5pQzBXNMegv44ma4A7AlPFsAATY+1AuVj/jj8MtKw1v7+DBniN40pj2lV+NWi7vIQcBaPpCSelB1XjZyiteW5L9cf5y0b1PUhF307Pa15yz16omtHQr+mcrLPOiJ5RDlsHS/tVcwxod8gpkQ3fx9goHQlovAfcQ7wq27TE/zNOwpGcbEVH0c8EiF2y2SyF/eRBuAt5bAhrCS6XzAM9kfzma3+5w+QRI1vuwEhF3WgFkOGR7eR2HTBVyev2C40wumR/3WRaJYEV31QdMibvJC1p+QuL1vY0tduaC6JzKxorOqgvEZCEH8cRu3CX7BoZeQ8qp9J6SzbvBCEGxNqAhD57BvUWsbXckzev6VE18EmeBEZ2TN07RP9R+BIvAeosHbIYGTylH9Tg2RA/4AIgucrjkfz2xDp3YLqBnRR8EYAZ75huPhXMwgMwavhkB6U1LA0rKb0aS2ZzKbKNqty8sdGbbagiLY0UP28EGPyHKGETFjhhHNqZdpiGqszeJD52wZBYWxNcGBlS6bjS++qJv7FCZNZmJrW0qFwo22XlP/6XL+PXSmPn9EPMWAUfZGZY++P7+sI5k3tYayJ3UhgRavpPXxLO/JclN8k3XWUfm2HV7U/YlBoLwaMBW6SqE2ONiiQ/30V82/eD5U9uAudk7qeHgbyZWQWHuI50RKHnAVfV0YPNkjP9HPe2bwSmcFf0PYX93DaZRhyqQSj/8iA5MvePiAcQVkKmRKeYMKu7U+jdg6hhumDNPmoZUNCciSvB4/wH+frTIbjH4HkvYGuGkooEDb4zxrSgD7tT8twL+upooCtk6RT1BDDk78W0ww5PrAu8fv69U2HU4dnnPP1VfWYGNjDY+IncyaHKUvn2zww0sp43IXwnjhePpQ6mmJt5BNLKfkFH6ujW2NVYeZNe7+3vYjpS5IdGLDC9sTuL8YCFMCsMxCaPD0iHYTHpfJhh7UbCuw/2ElVm7VsdFmUn+f13cN6q/IMNhf3VyoakBZaq1Api2rVnW9Cd5+Z4O6SDGcP/VS2RYSfXKXwrsyIrqTzzKuI+X8uxvAJLHgCnWLoMCBlzDBqXKtmNi/3iVbv12/clmYLWtXIJKbphrrBn2gqlOCGTp6mHWLxzODpOIWdYryZqz6ZoleI8P5w29qtUuoaDJzr7M8gdzv48g8c5pq5tM2S7w0CTx41pzdzk3tQTQchN7i49YFWd8GW+k7z0p5BEwA4ZTOztBNmXL1sFpeokr+afaXYiBRtG4DiXZhw3cQNePuv15ktaPjaskeyM/mBTqwGfN3Zx3sbKhVugQxM8+Xq0MBh6IOolZrLAFPpQPqLtkIutPbS4piE9Sk9kSIJxNcbsm9K8otAsrKv98/1oYMxIDnJJOekdugiJg4HyeMxt841yH6Muro8nSiUEwWIfSl4ptfjb7gBpHQe6rR6p+RTj/LdM268s5Xveq84L0YeqsHiUzdaPQAlXBOlpwRj7tE0uVoorR2HA514nTYBRchZOa5Uq1gOXHQ8FpKbw+T556i426ikulmIsN/bylh3eZ6VrpF3/5CF2na0cK6JUY8Ar8ystgc4yjaDAJXf/xWFNKeqCTbaab3nV/4Iv6ZC/KQ+LMc0VlsEOMvqegfBuG5avmEDmtAxHqYiUCcDybLwQwd+3OkIDNi23x32y8RMQZ0tJGyVk0yYk8OzNEqh15C6zbW+BIM9mwBlKa7I9X9EAVxvsceC9QEXkoxScYZsPmGSlpAuLSXxvgc9EQHiucrAmRcwztgSM1Ya9mfpYEhll5T+/bBK4XxKm/KVi43LSlsivf2D4N1uaw1qiaVE27waunOjf5PAC/8KTa2xXdMKxg6KOXebj4IaJMq018Vq1WD1bdxKBcrz5ETnwHM4uGQgOiyEXKSXouqD5WQLv3pG711r7VIK0feXw4KC332bKgrNs0fTNdneEiIHKFekf+7MUoWiiCQZP6SkdCK4l3lO8lutIUCx1BtiL+/LFIC0DxAd5VXYtiGG8SzG4jvEtW7cBZAEPevORabaiDMXqoK6zHPEOAQ5YQrOUbNd30mZT+4Em0SfY+uw0AnaW2jaLtEyAZ6DLWMbThO28krDOYYFilq34seqzObGwkvHJpNsj7GOdz7sPXMkwrgxf26ssLyCRH8kHgIPunGJL1q/elu4GvmUpAiwhsPjFsejtv4hBNtb+Nv4Mo9pK3UhF/T47HMgFlWTL8wbZCHfe++bAZ7MPZnAEtdQLVwwCpXJjJWNdo768UvDvucmVvapusVFsChNp2qqaTxKj7I7A0PKTE8KBV4VOh/lFuBPGwP7pysLHeNVW52KVrHqbnjn7AtQZEw4bZcYKPMHQx1L3gB5Yni/9g7VDvhva/Q/6SlHalaje5mXjCw8+R/qo4Hof7+lKGIveCkHf3WJpJixXfjvVriyGUNOnM9/khH2hU+1jRD40EnIQbx/x37jpsUdHVAbNeUHZ/4VInFicA+tVMg/zMwmFf74UXQcSA5rwZUypeknvObnJMhy/aoXivFJG3Zg4URFJgLHChAXpfwv75TNYR4W1DycMLlKDWdODq7bUh5Nl3Vu1hVA47vn4EzgcWqPLqiwG+KMSCQi7bAj0NUqqt8AAJf75njtETx60CZ8ZPXgE9Hvq83UMIir9RqZMrrF771zmHzHMF3rj5vGI4NGuvvaKvNG0rwF886mgzhiL9gn0ZFYcDDFv4aOR7GnHKytsHd9qN5+Pr2Dr5OaqHdyIK9pWm2g0mB7DDtqwzxNW3Tdylp6bagdnHboW
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-03-23T16:04:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}
Reference in a new issue Copy permalink