1312 lines
2.7 MiB
JSON
1312 lines
2.7 MiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--68690840-5104-4c1a-9223-6d0a35c52704",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-06-22T07:47:34.000Z",
|
||
|
"modified": "2023-06-22T07:47:34.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--68690840-5104-4c1a-9223-6d0a35c52704",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-06-22T07:47:34.000Z",
|
||
|
"modified": "2023-06-22T07:47:34.000Z",
|
||
|
"name": "APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations",
|
||
|
"published": "2023-06-22T07:57:26Z",
|
||
|
"object_refs": [
|
||
|
"x-misp-object--aba4257b-3b16-4a30-bcd7-add927143513",
|
||
|
"indicator--cf25b2dc-798c-4c8e-8354-5b1ccda8da86",
|
||
|
"indicator--eee5fbac-5daf-49ee-9962-5f011775f0a2",
|
||
|
"indicator--6062ab98-a092-44b8-8c25-c237b2c2bb03",
|
||
|
"indicator--b8010d27-ff96-4971-a652-4c16e1d96002",
|
||
|
"indicator--c45bfa39-cf7d-46cf-9452-d0df78df2bf5",
|
||
|
"indicator--84d55547-c836-4111-aa5a-cc3ff9219944",
|
||
|
"indicator--5bb63a7a-9e7f-43f2-8765-9d089b663dfc",
|
||
|
"indicator--bde359de-47f5-4db2-83f0-3e623af55269",
|
||
|
"indicator--c3ddff3a-02e2-43b0-b47e-f6d7a90eee03",
|
||
|
"indicator--1f404ef9-7677-4102-baf8-24caf174a7cc",
|
||
|
"indicator--ff14f879-8af3-4abf-8344-17f13f5a751e",
|
||
|
"indicator--f7c4ab60-f8ad-4dde-a129-47f1f72d79e0",
|
||
|
"indicator--47c21f0e-cde1-43ae-bbd6-7c05f2699661",
|
||
|
"indicator--22e220fa-ca7f-4abe-94c4-9cb42137c7f8",
|
||
|
"indicator--34253556-8ba3-47fa-8013-d74d287cf421",
|
||
|
"indicator--aca63f0b-b7e4-4544-aed9-80aaade560a9",
|
||
|
"indicator--616a09f0-4cc8-4227-bbb4-cb6917ded2bd",
|
||
|
"indicator--30576e97-c3c7-46c0-bb30-19680e264b68",
|
||
|
"indicator--f6f6f14b-0a83-4e29-97c8-9f87fb1dc069",
|
||
|
"indicator--928dbc59-8047-4bd4-998f-3d8c42e3394a",
|
||
|
"indicator--7bc0d36a-4e73-4b6b-82ac-b4864d0b0e9c",
|
||
|
"indicator--24d17de4-31cf-4967-bc99-6c1dbba3be40",
|
||
|
"indicator--dd10a976-80d6-4adb-b410-154fefab83ae",
|
||
|
"indicator--6fd830c7-4a8f-446b-b6e9-044bed661a3b",
|
||
|
"indicator--5dcbec94-42d4-4bbc-950c-8c5713dff1c1",
|
||
|
"indicator--09d48190-3b5d-4e3c-b1a8-38920340b253",
|
||
|
"indicator--78168392-f363-4089-b3dc-3f208519fdbd",
|
||
|
"indicator--44f8931b-cf23-47ec-b023-2fdfa8114ff0",
|
||
|
"indicator--6ae69ae1-d8cd-4dda-b507-82bde00357ca",
|
||
|
"indicator--68119593-c328-4af6-8508-2bc78be34b32",
|
||
|
"indicator--103fb4e3-f3c2-4ab5-b752-3d7e64aa8b0b",
|
||
|
"indicator--ac5e133b-8054-4762-ada5-fe64b83e2e85",
|
||
|
"indicator--1125ef0c-0e3f-4183-8ba8-a77b836cfb6a",
|
||
|
"indicator--175ff6d0-358c-4cb2-9d28-3501843840f8",
|
||
|
"indicator--8a6edbf1-a471-46aa-8235-42b46413b5f0",
|
||
|
"indicator--dedfbe89-65c0-4038-b3f7-fd8ad142f2a7",
|
||
|
"indicator--a57ffcff-8a78-4a9b-98b5-86b92b18f452",
|
||
|
"indicator--ebe523ea-7abc-46e4-ad9a-45c2ed6cc5b0",
|
||
|
"indicator--80f6cb75-2c92-421d-aef9-ed23072da4a9",
|
||
|
"indicator--7bda7be8-2c04-46cb-97f1-483ead532476",
|
||
|
"indicator--f2d66bf0-be0d-4edd-8ab5-0104eefeaa39",
|
||
|
"indicator--f64f1aab-3dbd-4f53-af57-270c24c7934b",
|
||
|
"indicator--3620045f-c2a1-427d-b8cf-c413322cbf6e"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Code Signing Certificates - T1588.003\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Digital Certificates - T1588.004\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Install Digital Certificate - T1608.003\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Link Target - T1608.005\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"JavaScript/JScript - T1059.007\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"DNS - T1071.004\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Multi-hop Proxy - T1090.003\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Asymmetric Cryptography - T1573.002\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"System Service Discovery - T1007\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Application Window Discovery - T1010\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"System Language Discovery - T1614.001\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1115\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Data from Information Repositories - T1213\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Archive via Utility - T1560.001\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"System Shutdown/Reboot - T1529\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Office Application Startup - T1137\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Winlogon Helper DLL - T1547.004\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Shortcut Modification - T1547.009\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Binary Padding - T1027.001\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Indicator Removal from Tools - T1027.005\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Embedded Payloads - T1027.009\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Invalid Code Signature - T1036.001\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Double File Extension - T1036.007\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Dynamic-link Library Injection - T1055.001\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Thread Execution Hijacking - T1055.003\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Mshta - T1218.005\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"System Checks - T1497.001\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Bypass User Access Control - T1548.002\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Bypass User Account Control - T1548.002\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Code Signing - T1553.002\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Hidden Window - T1564.003\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"VBA Stomping - T1564.007\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Debugger Evasion - T1622\"",
|
||
|
"misp-galaxy:threat-actor=\"Kimsuky\"",
|
||
|
"misp-galaxy:threat-actor=\"APT43\"",
|
||
|
"type:OSINT",
|
||
|
"osint:lifetime=\"perpetual\"",
|
||
|
"osint:certainty=\"50\"",
|
||
|
"tlp:clear"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--aba4257b-3b16-4a30-bcd7-add927143513",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-11T09:42:40.000Z",
|
||
|
"modified": "2023-05-11T09:42:40.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "link",
|
||
|
"value": "https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "d7f41bdc-0de8-40e7-966e-d15e91a16fd4"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "summary",
|
||
|
"value": "Mandiant assesses with high confidence that APT43 is a moderately-sophisticated cyber operator that supports the interests of the North Korean regime. Campaigns attributed to APT43 include strategic intelligence collection aligned with Pyongyang\u2019s geopolitical interests, credential harvesting and social engineering to support espionage activities, and financially-motivated cybercrime to fund operations. Tracked since 2018, APT43 collection priorities align with the mission of the Reconnaissance General Bureau (RGB), North Korea's main foreign intelligence service. The group\u2019s focus on foreign policy and nuclear security issues supports North Korea\u2019s strategic and nuclear ambitions. However, the group\u2019s focus on health-related verticals throughout the majority of 2021, likely in support of pandemic response efforts, highlights its responsiveness to shifting priorities from Pyongyang.",
|
||
|
"category": "Other",
|
||
|
"uuid": "b46eb2af-e047-4ab4-93d6-23eab7c07171"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "Report",
|
||
|
"category": "Other",
|
||
|
"uuid": "f44c5ca3-40f2-4c1f-939b-bdf7533ee7f4"
|
||
|
},
|
||
|
{
|
||
|
"type": "attachment",
|
||
|
"object_relation": "report-file",
|
||
|
"value": "APT43 Report.pdf",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "70c90efa-8ecb-454d-90ee-29c213fff843",
|
||
|
"data": "JVBERi0xLjQNJeLjz9MNCjI1NTkgMCBvYmoNPDwvTGluZWFyaXplZCAxL0wgMjA1ODMyNi9PIDI1NjEvRSAxNDAyNzYvTiAyMS9UIDIwMDcwMjkvSCBbIDg1MiA4NTZdPj4NZW5kb2JqDSAgICAgICAgIA14cmVmDQoyNTU5IDI3DQowMDAwMDAwMDE2IDAwMDAwIG4NCjAwMDAwMDE5MzIgMDAwMDAgbg0KMDAwMDAwMjExMiAwMDAwMCBuDQowMDAwMDAzODQxIDAwMDAwIG4NCjAwMDAwMDQ0OTIgMDAwMDAgbg0KMDAwMDAwNTE0MCAwMDAwMCBuDQowMDAwMDA1MjU1IDAwMDAwIG4NCjAwMDAwMDU1MTggMDAwMDAgbg0KMDAwMDAwNjE0OCAwMDAwMCBuDQowMDAwMDA2NDE4IDAwMDAwIG4NCjAwMDAwMDY5OTIgMDAwMDAgbg0KMDAwMDAwNzQ4NCAwMDAwMCBuDQowMDAwMDIwOTExIDAwMDAwIG4NCjAwMDAwMzI5NjYgMDAwMDAgbg0KMDAwMDA0MDU1MSAwMDAwMCBuDQowMDAwMDQwODE3IDAwMDAwIG4NCjAwMDAwODgyODQgMDAwMDAgbg0KMDAwMDA4ODMyNSAwMDAwMCBuDQowMDAwMTIwMTM2IDAwMDAwIG4NCjAwMDAxMjAxNzcgMDAwMDAgbg0KMDAwMDEzMjEyNiAwMDAwMCBuDQowMDAwMTM5MzA0IDAwMDAwIG4NCjAwMDAxMzkzNjggMDAwMDAgbg0KMDAwMDEzOTU1OCAwMDAwMCBuDQowMDAwMTQwMjEzIDAwMDAwIG4NCjAwMDAwMDE3MDggMDAwMDAgbg0KMDAwMDAwMDg1MiAwMDAwMCBuDQp0cmFpbGVyDTw8L1NpemUgMjU4Ni9Sb290IDI1NjAgMCBSL0luZm8gMTczIDAgUi9JRFs8OUI4QUQ3RUQ0RTcxNDRFNUJGODlGMzdDNEE3NzIwOTg+PEJENjdGM0NCM0I4QTRENEI5MDg1NTVDODI0OTY3RTYyPl0vUHJldiAyMDA3MDE2L1hSZWZTdG0gMTcwOD4+DXN0YXJ0eHJlZg0wDSUlRU9GDSAgICAgICAgICAgICANMjU4NSAwIG9iag08PC9DIDk4MC9GaWx0ZXIvRmxhdGVEZWNvZGUvSSAxMDAyL0xlbmd0aCA3NjAvTyA5NjQvUyA3OTc+PnN0cmVhbQ0KaN5iYGBgYmBgecHAysDAfYNBhAEBRIBi7AwsDBxrHJg4EhgcwYLsDAp/DzTsYnbmP3ZL30o4+KtczQFWb0bJBXoFTKUGES0MtxM4axg3H5C6BFSsspzJxIAlgXnGg/h0m8vGc15nBc95mumNZIeJYnOH20StFM4rKyxYBJxX9YsL5VyczH6Ri41FIOERk4zVio+F7mdnGSV4mLozswuUKCiod3eK5PyczNa4ykLConkhI6PN2sTitJ4ZIgerni7ybw45YlDI4MRkUfGy0O2spIHKD7i+mcYSLTu2uAMFNTw3JDiy8SkoHl4+VVyk5uZiNZZmJg6DQkY+2ZCKHYufgfRJLVvE3JZR8fLQs/4Wo4QbCxWumvHIOAcfZGiyKtgxGWRfjXTBwSMWRS8ePmh3aNLLObhQ/agk2xqDQm4mJqbYpqeLXKVNUg59yDrMLrBBQUH1hl6USuBmNx99mJKPrzc9AipJbbp6YcGBup+VDVnXGFkEXx9PYmbXU/38g0d8nSibIFCDLtvahIaHTYwsH29fehS/T5Sx6umGRKDRhxmyprbxKSY4OHivj9nisRjopATeiIRHYiwsLLtZT7t0mWWcbH1wFapkA1RJHA+HgzvfPD4Fg8WPQp2aGX8/Xy/bwMDg4tHRAImQtLS09A4gADKZlNSBDIh4BUQIKAgSg4oKisPl09IqoLoYBcOhooKCEF1sEMkGiOkwk4yNjWFM9o4ODBYjWDOMB3EAlCcoGooiVwF3EAaLNTQtA+JeslItkJPEIBtiB6TFgdgZbJ00gwDbMqYCplyGCIY3TNEMn5mUGS+aROj9kW1jeL8zgIGvRoOBT2+S9HsGVYbFTCUMKkzujN2MCxiFGPUZnzK+ZHimn8BwkeGJ9EJgBkOGoQyVDBOAZkYBYRwDJ2M6ozjDMsa7jNMYVzOqMOQxKDHkMbkBI8CU4Yf6AYZsBm2kbMTQxyD7thMUbECsA8T9QP5WIC3BwDApDq5qLYPcfEOoqu0AAQYAqHsw5w1lbmRzdHJlYW0NZW5kb2JqDTI1ODQgMCBvYmoNPDwvRGVjb2RlUGFybXM8PC9Db2x1bW5zIDMvUHJlZGljdG9yIDEyPj4vRmlsdGVyL0ZsYXRlRGVjb2RlL0luZGV4WzE3NCAyMzg1XS9MZW5ndGggNzAvU2l6ZSAyNTU5L1R5cGUvWFJlZi9XWzEgMSAxXT4+c3RyZWFtDQpo3uzRQQ0AMAwDsTT8pSEY17GY+vDjCJzbkyajLc31gId48BAPHuLBQzx4iId48BAPHuLBQzx4iId48BCPfz0BBgAs3yqfDWVuZHN0cmVhbQ1lbmRvYmoNMjU2MCAwIG9iag08PC9MYW5nKGVuLVVTKS9NYXJrSW5mbzw8L01hcmtlZCB0cnVlPj4vTWV0YWRhdGEgMTcyIDAgUi9PdXRsaW5lcyAxNDIgMCBSL1BhZ2VzIDE2NyAwIFIvU3RydWN0VHJlZVJvb3QgMTc0IDAgUi9UeXBlL0NhdGFsb2cvVmlld2VyUHJlZmVyZW5jZXM8PC9EaXJlY3Rpb24vTDJSPj4+Pg1lbmRvYmoNMjU2MSAwIG9iag08PC9BcnRCb3hbMC4wIDAuMCA2MTIuMCA3OTIuMF0vQmxlZWRCb3hbMC4wIDAuMCA2MTIuMCA3OTIuMF0vQ29udGVudHMgMjU2NiAwIFIvQ3JvcEJveFswLjAgMC4wIDYxMi4wIDc5Mi4wXS9Hcm91cCAyNTgzIDAgUi9NZWRpYUJveFswLjAgMC4wIDYxMi4wIDc5Mi4wXS9QYXJlbnQgMTY4IDAgUi9SZXNvdXJjZXM8PC9FeHRHU3RhdGU8PC9HUzAgMjU2NCAwIFI+Pi9Gb250PDwvVFQwIDI1NjIgMCBSL1RUMSAyNTY5IDAgUj4+L1Byb2NTZXRbL1BERi9UZXh0XS9YT2JqZWN0PDwvRm0wIDI1NzkgMCBSL0ZtMSAyNTgyIDAgUj4+Pj4vUm90YXRlIDAvU3RydWN0UGFyZW50cyAwL1RyaW1Cb3hbMC4wIDAuMCA2MTIuMCA3OTIuMF0vVHlwZS9QYWdlL1BpZWNlSW5mbzw8L0luRGVzaWduPDwvRG9jdW1lbnRJRDxGRUZGMDA3ODAwNkQwMDcwMDAyRTAwNjQwMDY5MDA2NDAwM0EwMDM1MDAzODAwNjMwMDYxMDAzNTAwNjUwMDY1MDA2MzAwMkQwMDYzMDAzMzAwMzkwMDY1MDAyRDAwMzQwMDMwMDA2MzAwMzYwMDJEMDAzOTAwNjEwMDYxMDA2NTAwMkQwMDM5MDA2MTAwMzgwMDMyMDA2MjAwMzkwMDM2MDAzMzAwNjYwMDMxMDAzMjAwNjY+L0xhc3RNb2RpZmllZDxGRUZGMDA0NDAwM0EwMDMyMDAzMDAwMzIwMDMzMDAzMDAwMzMwMDMyMDAzOTAwMzEwMDM3MDAzNTAwMzcwMDMwMDAzNTAwNUE+L051bWJlck9mUGFnZUl0ZW1zSW5QYWdlIDgvTnVtYmVyb2ZQYWdlcyAxL09yaWdpbmFsRG9jdW1lbnRJRDxGRUZGMDA3ODAwNkQwMDcwMDAyRTAwNjQwMDY5MDA2NDAwM0EwMDYxMDAzNDAwNjEwMDYyMDA2NjAwMzYwMDYyMDA2NDAwMkQwMDMwMDA2MTAwMzUwMDM1MDAyRDAwMzQwMDYyMDA2MTAwNjUwMDJEMDA2MTAwMzIwMDY2MDAzNzAwMkQwMDY2MDAzMzAwMzYwMDY1MDAzMjAwNjIwMDYzMDA2MTAwMzYwMDM3MDA2NjAwMzk+L1BhZ2VJdGVtVUlEVG9Mb2
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--cf25b2dc-798c-4c8e-8354-5b1ccda8da86",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:00:13.000Z",
|
||
|
"modified": "2023-05-15T13:00:13.000Z",
|
||
|
"description": "AMADEY",
|
||
|
"pattern": "[file:hashes.MD5 = '982fc9ded34c85469269eacb1cb4ef26' AND file:hashes.SHA1 = 'e205ed81ccb99641dcc6c2799d32ef0584fa2175' AND file:hashes.SHA256 = '557ff6c87c81a2d2348bd8d667ea8412a1a0a055f5e1ae91701c2954ca8a3fdb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:00:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malpedia=\"Amadey\"",
|
||
|
"misp-galaxy:mitre-malware=\"Amadey - S1025\"",
|
||
|
"misp-galaxy:tool=\"AMADEY\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--eee5fbac-5daf-49ee-9962-5f011775f0a2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:00:40.000Z",
|
||
|
"modified": "2023-05-15T13:00:40.000Z",
|
||
|
"description": "BENCHMARK",
|
||
|
"pattern": "[file:hashes.MD5 = 'de9a8c26049699dbbd5d334a8566d38d' AND file:hashes.SHA1 = '47a32bc992e5d4613b3658b025ab913b0679232c' AND file:hashes.SHA256 = '43c2d5122af50363c29879501776d907eaa568fa142d935f6c80e823d18223f5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:00:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"BENCHMARK\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6062ab98-a092-44b8-8c25-c237b2c2bb03",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:01:05.000Z",
|
||
|
"modified": "2023-05-15T13:01:05.000Z",
|
||
|
"description": "BIGRAISIN",
|
||
|
"pattern": "[file:hashes.MD5 = '144bd7fd423edc3965cb0161a8b82ab2' AND file:hashes.SHA1 = '1087efbd004f65d226bf20a52f1dc0b3e756ff9e' AND file:hashes.SHA256 = '2b78d5228737a38fa940e9ab19601747c68ed28e488696694648e3d70e53eb5a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:01:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:backdoor=\"BIGRAISIN\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b8010d27-ff96-4971-a652-4c16e1d96002",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:03:02.000Z",
|
||
|
"modified": "2023-05-15T13:03:02.000Z",
|
||
|
"description": "BITTERSWEET",
|
||
|
"pattern": "[file:hashes.MD5 = 'cd83a51bec0396f4a0fd563ca9c929d7' AND file:hashes.SHA1 = 'f3b047e6eb3964deb047767fad52851c5601483f' AND file:hashes.SHA256 = 'fb7fb6dbaf568b568cd5e60ab537a42d5982949a5e577db53cc707012c7f20e3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:03:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"BITTERSWEET\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c45bfa39-cf7d-46cf-9452-d0df78df2bf5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:04:55.000Z",
|
||
|
"modified": "2023-05-15T13:04:55.000Z",
|
||
|
"description": "BRAVEPRINCE",
|
||
|
"pattern": "[file:hashes.MD5 = '33df74cbb60920d63fe677c6f90b63f9' AND file:hashes.SHA1 = '539acd9145befd7e670fe826c248766f46f0d041' AND file:hashes.SHA256 = '94aa827a514d7aa70c404ec326edaaad4b2b738ffaea5a66c0c9f246738df579']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:04:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"BRAVEPRINCE\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--84d55547-c836-4111-aa5a-cc3ff9219944",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:05:47.000Z",
|
||
|
"modified": "2023-05-15T13:05:47.000Z",
|
||
|
"description": "BRAVEPRINCE",
|
||
|
"pattern": "[file:hashes.MD5 = 'ebaf83302dc78d96d5993830430bd169' AND file:hashes.SHA1 = 'bc6cb78e20cb20285149d55563f6fdcf4aaafa58' AND file:hashes.SHA256 = '5cbc07895d099ce39a3142025c557b7fac41d79914535ab7ffc2094809f12a4b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:05:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"BRAVEPRINCE\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5bb63a7a-9e7f-43f2-8765-9d089b663dfc",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:06:43.000Z",
|
||
|
"modified": "2023-05-15T13:06:43.000Z",
|
||
|
"description": "COINTOS",
|
||
|
"pattern": "[file:hashes.MD5 = 'b846fa8bc3a55fa0490a807186a8ece9' AND file:hashes.SHA1 = 'c0c6b99796d732fa53402ff49fd241612a340229' AND file:hashes.SHA256 = '855656bfecc359a1816437223c4a133359e73ecf45acda667610fbe7875ab3c8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:06:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"COINTOSS\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--bde359de-47f5-4db2-83f0-3e623af55269",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:06:43.000Z",
|
||
|
"modified": "2023-05-15T13:06:43.000Z",
|
||
|
"description": "COINTOSS.XLM",
|
||
|
"pattern": "[file:hashes.MD5 = 'f92a75b98249fa61cf62e8b63cb68fae' AND file:hashes.SHA1 = 'e5b312155289cdc6a80a041821fc82d2cca80bcd' AND file:hashes.SHA256 = 'd0971d098b0f8cf2187feeed3ce049930f19ec3379b141ec6a2f2871b1e90ff7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:06:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"COINTOSS\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c3ddff3a-02e2-43b0-b47e-f6d7a90eee03",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:07:20.000Z",
|
||
|
"modified": "2023-05-15T13:07:20.000Z",
|
||
|
"description": "DRIVEDOWN",
|
||
|
"pattern": "[file:hashes.MD5 = '1dcd5afeccfe2040895686eefa0a9629' AND file:hashes.SHA1 = '40826e2064b59b8b7b3e514b9ef2c1479ac3b038' AND file:hashes.SHA256 = '07aed9fa864556753de0a664d22854167a3d898820bc92be46b1977c68b12b34']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:07:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"DRIVEDOWN\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1f404ef9-7677-4102-baf8-24caf174a7cc",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:07:20.000Z",
|
||
|
"modified": "2023-05-15T13:07:20.000Z",
|
||
|
"description": "DRIVEDOWN",
|
||
|
"pattern": "[file:hashes.MD5 = '5fe4da6a1d82561a19711e564adc7589' AND file:hashes.SHA1 = 'e79527f7307c1dda62c42487163616b3e58d5028' AND file:hashes.SHA256 = '8d0bafca8a8e8f3e4544f1822bc4bb08ceaa3c7192c9a92006b1eb500771ab53']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:07:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"DRIVEDOWN\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ff14f879-8af3-4abf-8344-17f13f5a751e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:07:45.000Z",
|
||
|
"modified": "2023-05-15T13:07:45.000Z",
|
||
|
"description": "EGGHATCH",
|
||
|
"pattern": "[file:hashes.MD5 = 'e8da7fcdf0ca67b76f9a7967e240d223' AND file:hashes.SHA1 = 'b0c2312852d750c4bceb552def6985b8b800d3f3' AND file:hashes.SHA256 = '9dac6553b89645ac8d9e0a3dc877d12641e6d05fb52e8de6ae5533b2bdf0abc9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:07:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"EGGHATCH\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f7c4ab60-f8ad-4dde-a129-47f1f72d79e0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:21:28.000Z",
|
||
|
"modified": "2023-05-15T13:21:28.000Z",
|
||
|
"description": "FASTFIRE",
|
||
|
"pattern": "[file:hashes.MD5 = '2bf26702c6ecbd46f68138cdcd45c034' AND file:hashes.SHA1 = '1b9a4c0a5615a4f96a041d771646c1a407b17577' AND file:hashes.SHA256 = '38d1d8c3c4ec5ea17c3719af285247cb1d8879c7cf967e1be1197e60d42c01c5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:21:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malpedia=\"FastFire\"",
|
||
|
"misp-galaxy:backdoor=\"FASTFIRE\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--47c21f0e-cde1-43ae-bbd6-7c05f2699661",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:22:13.000Z",
|
||
|
"modified": "2023-05-15T13:22:13.000Z",
|
||
|
"description": "Gh0st RAT",
|
||
|
"pattern": "[file:hashes.MD5 = '2d330c354c14b39368876392d56fb18c' AND file:hashes.SHA1 = 'a1f72c890d0b920f4f4cb2d59df6fa40734de90d' AND file:hashes.SHA256 = 'f86d05c1d7853c06fc5561f8df19b53506b724a83bb29c69b39f004a0f7f82d8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:22:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:mitre-malware=\"gh0st RAT - S0032\"",
|
||
|
"misp-galaxy:tool=\"Gh0st Rat\"",
|
||
|
"misp-galaxy:malpedia=\"Ghost RAT\"",
|
||
|
"misp-galaxy:rat=\"Gh0st RAT\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--22e220fa-ca7f-4abe-94c4-9cb42137c7f8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:22:48.000Z",
|
||
|
"modified": "2023-05-15T13:22:48.000Z",
|
||
|
"description": "GOLDDRAGON",
|
||
|
"pattern": "[file:hashes.MD5 = '15ec5c7125e6c74f740d6fc3376c130d' AND file:hashes.SHA1 = 'fb09b89803da071b7b7eb23244771c54d979a873' AND file:hashes.SHA256 = '4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malpedia=\"GoldDragon\"",
|
||
|
"misp-galaxy:tool=\"GOLDDRAGON\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--34253556-8ba3-47fa-8013-d74d287cf421",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:22:48.000Z",
|
||
|
"modified": "2023-05-15T13:22:48.000Z",
|
||
|
"description": "GOLDDRAGON.POWERSHELL",
|
||
|
"pattern": "[file:hashes.MD5 = '2a5562de1d3e734d9328a1c78b43c2e5' AND file:hashes.SHA1 = '4b0d0ebb0c676efe855bed796221dd475a39ba40' AND file:hashes.SHA256 = '203ea478fa4d2d5ef513cad8b51617e0c9f7571bf3a3becf9c267a0d590c6d72']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:22:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:malpedia=\"GoldDragon\"",
|
||
|
"misp-galaxy:tool=\"GOLDDRAGON\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--aca63f0b-b7e4-4544-aed9-80aaade560a9",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:23:16.000Z",
|
||
|
"modified": "2023-05-15T13:23:16.000Z",
|
||
|
"description": "GOLDDROP",
|
||
|
"pattern": "[file:hashes.MD5 = '0cc0aa5877cec9109b7a5a0e3a250c72' AND file:hashes.SHA1 = '1d49d462a11a00d8ac9608e49f055961bf79980d' AND file:hashes.SHA256 = '1324acd1f720055e7941b39949116dfe72ce2e7792e70128f69e228eb48b0821']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:23:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"GOLDDROP\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--616a09f0-4cc8-4227-bbb4-cb6917ded2bd",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:23:15.000Z",
|
||
|
"modified": "2023-05-15T13:23:15.000Z",
|
||
|
"description": "GOLDDROP",
|
||
|
"pattern": "[file:hashes.MD5 = '2c530adb841114366ce6177ce964a5e6' AND file:hashes.SHA1 = '5b69e3e5f4f49cf8b635a57a8c92e17a4f130d50' AND file:hashes.SHA256 = '873b8fb97b4b0c6d7992f6af15653295788526def41f337c651dc64e8e4aeebd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:23:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"GOLDDROP\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--30576e97-c3c7-46c0-bb30-19680e264b68",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:23:38.000Z",
|
||
|
"modified": "2023-05-15T13:23:38.000Z",
|
||
|
"description": "GOLDSMELT",
|
||
|
"pattern": "[file:hashes.MD5 = 'c066b81c4b8b0703f81f8bc6fb432992' AND file:hashes.SHA1 = '2508f5ff0c28356c0c3f8e6cae7b750d53495bca' AND file:hashes.SHA256 = '63b4bd01f80d43576c279adf69a5582129e81cc4adbd03675909581643765ea8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:23:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"GOLDSMELT\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f6f6f14b-0a83-4e29-97c8-9f87fb1dc069",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:24:07.000Z",
|
||
|
"modified": "2023-05-15T13:24:07.000Z",
|
||
|
"description": "GRAYZONE",
|
||
|
"pattern": "[file:hashes.MD5 = '1d30dfa5d8f21d1465409b207115ded6' AND file:hashes.SHA1 = '942fd7b4ef1ccf7032a40acad975c7b5905c3c77' AND file:hashes.SHA256 = 'ed0161f2a3337af5e27a84bea85fb4abe35654f5de22bcb8a503d537952b1e8a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:24:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:backdoor=\"GRAYZONE\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--928dbc59-8047-4bd4-998f-3d8c42e3394a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:24:30.000Z",
|
||
|
"modified": "2023-05-15T13:24:30.000Z",
|
||
|
"description": "HANGMAN.V2",
|
||
|
"pattern": "[file:hashes.MD5 = '21cffaa7f9bf224ce75e264bfb16dd0d' AND file:hashes.SHA1 = '862abce03f7f5de0c466fdbd24ad796578eaa110' AND file:hashes.SHA256 = 'a605570555620cea6d6be211520525fc95a30961661780da4cc4bafe9864f394']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:24:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:backdoor=\"HANGMAN.V2\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7bc0d36a-4e73-4b6b-82ac-b4864d0b0e9c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:24:59.000Z",
|
||
|
"modified": "2023-05-15T13:24:59.000Z",
|
||
|
"description": "Invoke-Mimikatz",
|
||
|
"pattern": "[file:hashes.MD5 = '20bc53deb7b1214580e9d9efeaa5e9d7' AND file:hashes.SHA1 = 'e74b816f1c6d6347cb40121e0b50dadd0d8f1f97' AND file:hashes.SHA256 = '908777e58161615657663656861c212ac25696741ef69411021474158fa2b4cf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:24:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"Invoke-Mimikatz\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--24d17de4-31cf-4967-bc99-6c1dbba3be40",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:19:15.000Z",
|
||
|
"modified": "2023-05-15T13:19:15.000Z",
|
||
|
"description": "JURASSICSHELL",
|
||
|
"pattern": "[file:hashes.MD5 = '9cdda333432f403b408b9fe717163861' AND file:hashes.SHA1 = 'd80be054a569df5f201191dcc4fea0dde9622da5' AND file:hashes.SHA256 = 'd2f4bf0caed5a442198fcdc43c83c7b27ae04f341a72b270c9ed40778aa77afe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:19:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"JURASSICSHELL\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--dd10a976-80d6-4adb-b410-154fefab83ae",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:19:15.000Z",
|
||
|
"modified": "2023-05-15T13:19:15.000Z",
|
||
|
"description": "JURASSICSHELL",
|
||
|
"pattern": "[file:hashes.MD5 = 'ddae18c65d583b41a2157d496a4bde61' AND file:hashes.SHA1 = '63e113f0a906af82903dbfac3e78bdd2d146e738' AND file:hashes.SHA256 = 'a4ba1e6ab678a1bdf8bc05bea8310d743928a4e2c05bad104e61afdd9cccf9a1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:19:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"JURASSICSHELL\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6fd830c7-4a8f-446b-b6e9-044bed661a3b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:26:06.000Z",
|
||
|
"modified": "2023-05-15T13:26:06.000Z",
|
||
|
"description": "LANDMARK",
|
||
|
"pattern": "[file:hashes.MD5 = '1ffccf6cb3b74d68df2b899fd33127a5' AND file:hashes.SHA1 = 'a61f009e73ae81a18751e9aee39f8121a3902280' AND file:hashes.SHA256 = 'da22d327124a0ee6a93cd07e85f9804fbc98eda87824ddcf7c8a63d349e87034']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:26:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"LANDMARK\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5dcbec94-42d4-4bbc-950c-8c5713dff1c1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:26:06.000Z",
|
||
|
"modified": "2023-05-15T13:26:06.000Z",
|
||
|
"description": "LANDMARK.NET",
|
||
|
"pattern": "[file:hashes.MD5 = '60efecf4e1b5b2c580329e9afa05db15' AND file:hashes.SHA1 = '12c508ace6e8aa42be02750d759e720b800bf796' AND file:hashes.SHA256 = '034d29fb89a8f68ba714f1868b2181c4cd59d4a2604630ef1554a6ccf3fe6d75']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:26:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"LANDMARK\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--09d48190-3b5d-4e3c-b1a8-38920340b253",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:26:42.000Z",
|
||
|
"modified": "2023-05-15T13:26:42.000Z",
|
||
|
"description": "LATEOP\r\nLATEOP.V2",
|
||
|
"pattern": "[file:hashes.MD5 = '0f77143ce98d0b9f69c802789e3b1713' AND file:hashes.SHA1 = '7da4e8b743478370fa41fe39a45e3ff2ca2194b3' AND file:hashes.SHA256 = '54a8b8c933633c089f03d07cfbd5cafbf76a6d7095f2706d6604e739bb9c950f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:26:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"LATEOP\"",
|
||
|
"misp-galaxy:malpedia=\"BabyShark\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--78168392-f363-4089-b3dc-3f208519fdbd",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:27:44.000Z",
|
||
|
"modified": "2023-05-15T13:27:44.000Z",
|
||
|
"description": "LOGCABIN",
|
||
|
"pattern": "[file:hashes.MD5 = '0b558ee89a7bb32968ef78104f6b9a28' AND file:hashes.SHA1 = 'b7fdb5e5b31adfc5ada0de1e05b0c069968e5bce' AND file:hashes.SHA256 = '79c0fe1467dada33e0b097dd772c36229618b7091baa5f10da083f894192a237']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:27:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:backdoor=\"LOGCABIN\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--44f8931b-cf23-47ec-b023-2fdfa8114ff0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:18:47.000Z",
|
||
|
"modified": "2023-05-15T13:18:47.000Z",
|
||
|
"description": "LONEJOGGER",
|
||
|
"pattern": "[file:hashes.MD5 = '139d2561f5c72fabb099a12c16b8960c' AND file:hashes.SHA1 = '2dd269608dd7f4da171d1a220fe97347162008c7' AND file:hashes.SHA256 = '2c338055e8245057169f1733846e0490bc4ae117d1dadefe0a3f07a63dc87520']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:18:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"LONEJOGGER\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6ae69ae1-d8cd-4dda-b507-82bde00357ca",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:18:47.000Z",
|
||
|
"modified": "2023-05-15T13:18:47.000Z",
|
||
|
"description": "LONEJOGGER",
|
||
|
"pattern": "[file:hashes.MD5 = '14a00f517012279af53118a491253e5c' AND file:hashes.SHA1 = '98040f42103ce3b840dd54bf3490587f141a0bc3' AND file:hashes.SHA256 = '26a98b752fd8e700776f11bad4169a0670824d5b5b9337f3c8f46fac33bc03e8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:18:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"LONEJOGGER\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--68119593-c328-4af6-8508-2bc78be34b32",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:27:13.000Z",
|
||
|
"modified": "2023-05-15T13:27:13.000Z",
|
||
|
"description": "METASPLOIT",
|
||
|
"pattern": "[file:hashes.MD5 = '37e7d679cd4aa788ec63f27cb02962ea' AND file:hashes.SHA1 = '7d66c1f36b4b48d990461ec44d626793ade6a8d1' AND file:hashes.SHA256 = 'b55e9d65a3130f543360a9c488d35475d4789ee7a32a4e94d02f33c21a172bcb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:27:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"metasploit\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--103fb4e3-f3c2-4ab5-b752-3d7e64aa8b0b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:28:06.000Z",
|
||
|
"modified": "2023-05-15T13:28:06.000Z",
|
||
|
"description": "PASSMARK",
|
||
|
"pattern": "[file:hashes.MD5 = 'b077ba5af1dfbd4ac523923eab56bcd4' AND file:hashes.SHA1 = '4e93797dd3b383050cf0ee585aa5b5525efb2380' AND file:hashes.SHA256 = '4a08b78d410bc3d9b78dd63b146767f293dc3f3f6f8092352d2aa2f589e9c772']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:28:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"PASSMARK\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ac5e133b-8054-4762-ada5-fe64b83e2e85",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:29:22.000Z",
|
||
|
"modified": "2023-05-15T13:29:22.000Z",
|
||
|
"description": "PENCILDOWN",
|
||
|
"pattern": "[file:hashes.MD5 = '04d0856afb1aa9168377d6aa579c5403' AND file:hashes.SHA1 = 'f3b774e921eaad9335b9c057dd49b918c5dae4a6' AND file:hashes.SHA256 = 'e637c86ae20a7f36a0ad43618b00c48f47b5591a03af3fb689a16c45afa43733']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:29:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"PENCILDOWN\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1125ef0c-0e3f-4183-8ba8-a77b836cfb6a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:29:22.000Z",
|
||
|
"modified": "2023-05-15T13:29:22.000Z",
|
||
|
"description": "PENCILDOWN.ANDROID",
|
||
|
"pattern": "[file:hashes.MD5 = '4626ed60dfc8deaf75477bc06bd39be7' AND file:hashes.SHA1 = 'a9ff1ebb548f5bba600d38e709ff331749fa9971' AND file:hashes.SHA256 = '2365a48f7d6cf6dcc83195f06ea11b93c955c3a491c60b50ba42788917ba22e2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:29:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"PENCILDOWN\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--175ff6d0-358c-4cb2-9d28-3501843840f8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:20:03.000Z",
|
||
|
"modified": "2023-05-15T13:20:03.000Z",
|
||
|
"description": "PENDOWN",
|
||
|
"pattern": "[file:hashes.MD5 = '768c84100d6e3181a26fa50261129287' AND file:hashes.SHA1 = '6f4b6938ac8fd9591fc399219dbaf4347d8b444b' AND file:hashes.SHA256 = '780e7edbfad5f68051c2039036b00b304d3f828fdbee85d2d09edbcc6d07ea34']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:20:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"PENDOWN\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8a6edbf1-a471-46aa-8235-42b46413b5f0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:10:58.000Z",
|
||
|
"modified": "2023-05-15T13:10:58.000Z",
|
||
|
"description": "PUMPKINBAR",
|
||
|
"pattern": "[file:hashes.MD5 = '946f787c129bf469298aa881fb0843f4' AND file:hashes.SHA1 = 'd3b233d6d8b11235929e4a0cbdb12eefdd47d927' AND file:hashes.SHA256 = '32beeda8cffc2ecc689ea2529194cf806955879a334ec68176864d1e6c09800c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:10:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"PUMPKINBAR\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--dedfbe89-65c0-4038-b3f7-fd8ad142f2a7",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:10:58.000Z",
|
||
|
"modified": "2023-05-15T13:10:58.000Z",
|
||
|
"description": "PUMPKINBAR",
|
||
|
"pattern": "[file:hashes.MD5 = 'c9d70bf370172609da848fa785989939' AND file:hashes.SHA1 = '851ba2182b37bc7380420a986840e16f73947413' AND file:hashes.SHA256 = 'ba3c79dbeca0234fa838ae4c956409115556f437372aeeb0737206d71caf4a38']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:10:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"PUMPKINBAR\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a57ffcff-8a78-4a9b-98b5-86b92b18f452",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:30:46.000Z",
|
||
|
"modified": "2023-05-15T13:30:46.000Z",
|
||
|
"description": "QUASARRAT",
|
||
|
"pattern": "[file:hashes.MD5 = '0085bc8ce16ef17643909c4799ead02b' AND file:hashes.SHA1 = '25d94c9ab7635ff330dabe96780f330f7f2ba775' AND file:hashes.SHA256 = 'a9c404e100bfd2716a8f6bfafc07b0bd6175bedb047d10b94390c79249258272']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:30:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"QUASARRAT\"",
|
||
|
"misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"",
|
||
|
"misp-galaxy:rat=\"Quasar RAT\"",
|
||
|
"misp-galaxy:malpedia=\"Quasar RAT\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ebe523ea-7abc-46e4-ad9a-45c2ed6cc5b0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:29:49.000Z",
|
||
|
"modified": "2023-05-15T13:29:49.000Z",
|
||
|
"description": "SLIMCURL",
|
||
|
"pattern": "[file:hashes.MD5 = '68ce092f1a3d19852ea32db8388de5c7' AND file:hashes.SHA1 = '700acc4e48eae84f80f4dbaf74bf60b79efd49bd' AND file:hashes.SHA256 = '25c2f4703cbaa1ff4dbcfcc16a10b29ef35ccc174b71b21de360d898540889f8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:29:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"SLIMCURL\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--80f6cb75-2c92-421d-aef9-ed23072da4a9",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:30:14.000Z",
|
||
|
"modified": "2023-05-15T13:30:14.000Z",
|
||
|
"description": "SOURDOUGH",
|
||
|
"pattern": "[file:hashes.MD5 = '7e609404cc258bbe283bea6ddd7af293' AND file:hashes.SHA1 = '6618e25dd49b68f7b2b266eb2d787e6f05c964bc' AND file:hashes.SHA256 = '502136707a70b768800640224e48c634057dc651892113b62522f0dd2fcf1e87']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:30:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:backdoor=\"SOURDOUGH\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7bda7be8-2c04-46cb-97f1-483ead532476",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:28:48.000Z",
|
||
|
"modified": "2023-05-15T13:28:48.000Z",
|
||
|
"description": "SPICYTUNA",
|
||
|
"pattern": "[file:hashes.MD5 = '0821884168a644f3c27176a52763acc9' AND file:hashes.SHA1 = '1f6c7c9219f6b6ea30cd481968ae1a038789be67' AND file:hashes.SHA256 = 'e7fae41c0bd8d3d95253bd75dce99015599ecc404bd8d737cec305fc3e4dd018']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:28:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"SPICYTUNA\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f2d66bf0-be0d-4edd-8ab5-0104eefeaa39",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:28:48.000Z",
|
||
|
"modified": "2023-05-15T13:28:48.000Z",
|
||
|
"description": "SPICYTUNA",
|
||
|
"pattern": "[file:hashes.MD5 = '8ca84c206fe8436dcc92bf6c1f7cf168' AND file:hashes.SHA1 = '636f2c20183b45691b742949d49b3d6c218c9cce' AND file:hashes.SHA256 = '7943bf9cc7b2adf50f7f92dd37347381e6d0aef23b34a3cd0a3afcda1d72e16d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:28:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"SPICYTUNA\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f64f1aab-3dbd-4f53-af57-270c24c7934b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T13:20:28.000Z",
|
||
|
"modified": "2023-05-15T13:20:28.000Z",
|
||
|
"description": "TROIBOMB",
|
||
|
"pattern": "[file:hashes.MD5 = '18df13900f118158c33df904c662e875' AND file:hashes.SHA1 = '11f646095495d625e7d71038578cc838a6d5e111' AND file:hashes.SHA256 = '98d4471fe549bb3067ac2f2d9afd50ed1baaddab41ec4270834989e7f1ade14d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T13:20:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:backdoor=\"TROIBOMB\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3620045f-c2a1-427d-b8cf-c413322cbf6e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2023-05-15T12:59:18.000Z",
|
||
|
"modified": "2023-05-15T12:59:18.000Z",
|
||
|
"description": "VENOMBITE",
|
||
|
"pattern": "[file:hashes.MD5 = '107f917a5ddb4d3947233fbc9d47ddc8' AND file:hashes.SHA1 = '75c516dde8415494c288e349d440ce778dede8e3' AND file:hashes.SHA256 = '2d41b04f5d86047dc2353a10595418b0d5239c22112f36eb9d253b2e8b6eb0d0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2023-05-15T12:59:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"misp-galaxy:tool=\"VENOMBITE\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|