2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--19b55cd3-2c7f-4bb5-805c-308b412958b0" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T12:35:02.000Z" ,
"modified" : "2022-08-25T12:35:02.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--19b55cd3-2c7f-4bb5-805c-308b412958b0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T12:35:02.000Z" ,
"modified" : "2022-08-25T12:35:02.000Z" ,
"name" : "Brazil malspam pushes Astaroth (Guildma) malware" ,
"published" : "2022-08-29T10:06:03Z" ,
"object_refs" : [
"indicator--0da40295-0f8f-47df-8d0c-9d532e983683" ,
"indicator--691be0a1-895e-419c-a04d-86ba3c13bbd5" ,
"indicator--f3f893fc-a551-4e28-b854-ab569b2c65e4" ,
"indicator--ee62be81-f12a-4483-8607-7466e33413fe" ,
"indicator--c2c89f4e-c684-40ad-b4a6-54298fe99aa4" ,
"observed-data--c8b27262-595e-43a2-852d-ef865c640198" ,
"file--c8b27262-595e-43a2-852d-ef865c640198" ,
"artifact--c8b27262-595e-43a2-852d-ef865c640198" ,
"x-misp-object--c2a30035-48ae-40f5-86f6-124413506cb7" ,
"x-misp-object--064047ba-5588-4b86-8de6-0995582dc8a0" ,
"indicator--84344391-a4b4-43be-9035-5097dfabfbd7" ,
"indicator--fd2a4aed-7106-4690-a4a7-409591d0f6aa" ,
"indicator--a8f32a60-264e-41f7-afbb-8389eeb20508" ,
"indicator--12b17044-0396-41a2-90d8-99c0a9d72800" ,
"indicator--9e37ae47-066a-419e-bf01-767ce62eec2a" ,
"indicator--341f6945-6d2e-4371-85d8-fdb865724cf3" ,
"indicator--763161ce-dd82-4b8f-ba22-d36bd98bc131" ,
"indicator--ed6b4e81-0f6a-486d-90cc-263516bde2b1" ,
"indicator--d5b5e0be-8ba1-4971-9b02-b989f0ffda1b" ,
"indicator--da91ab76-e168-4747-87c9-81f5e686d33f" ,
"indicator--0ee28202-8cc1-4e77-bc13-c213883f2e46" ,
"indicator--cda082db-9efd-41c0-9836-64395fe5300c" ,
"indicator--76598496-4b19-4a76-9b2a-91e206eec5d3" ,
"indicator--6f82506a-1b4e-4161-a0ea-a76a8989f6c5" ,
"indicator--c3ef89ed-bfa9-4cd9-9ab0-a68c59bac805" ,
"indicator--918d37c8-b620-4072-8b73-07cfe334fa3a" ,
"indicator--21c80502-62f4-4c8e-855f-d8989df45ad8" ,
"indicator--93621a33-455e-402d-929a-75d3c1ce5cf5" ,
"indicator--cea55e6a-2a6d-46c6-b8fd-dede0b4cc0ba" ,
"x-misp-object--aa63b00b-a7b2-4fda-9384-09ba97a9cd1c" ,
"indicator--8a53113d-2c57-4bfc-a001-1de27e002e50" ,
"indicator--9356c0e4-d1c3-42d9-a50b-c3ad66045487" ,
"relationship--a378892d-c379-49fe-8260-3f06be0a8452" ,
"relationship--6f6f2116-f55b-47c5-93de-8ceceecc9221" ,
"relationship--4b3d8950-862d-4922-a91e-50b6bfef45c6" ,
"relationship--81fc3515-ccca-4d3f-a840-596b27ef76b9"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\"" ,
"misp-galaxy:malpedia=\"Astaroth\"" ,
"misp-galaxy:mitre-malware=\"Astaroth - S0373\"" ,
"misp-galaxy:rat=\"Guildma\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0da40295-0f8f-47df-8d0c-9d532e983683" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T07:18:27.000Z" ,
"modified" : "2022-08-25T07:18:27.000Z" ,
"description" : "Link from email" ,
"pattern" : "[url:value = 'http://w7oaer.infocloudgruposolucaoecia.link/P05dWVqI0WghlU4/UeWgmk3mU3p8yeyxkUgI8Um1R1/65837/gruposolucaoeciainfocloud']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T07:18:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--691be0a1-895e-419c-a04d-86ba3c13bbd5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T07:23:12.000Z" ,
"modified" : "2022-08-25T07:23:12.000Z" ,
"description" : "URL to legitimate website generated from iframe" ,
"pattern" : "[url:value = 'http://www.intangiblesearch.it/search/home_page.php?db_name=\\\\%3Cscript\\\\%20src=\\\\%22https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js\\\\%22\\\\%3E\\\\%3C/script\\\\%3E\\\\%3Cscript\\\\%20type=\\\\%22text/javascript\\\\%22\\\\%20src=\\\\%22hxxp://w7oaer.infocloudgruposolucaoecia.link/P05dWVqI0WghlU4/UeWgmk3mU3p8yeyxkUgI8Um1R1/65837/gruposolucaoeciainfocloudAvDk.T036\\\\%22\\\\%3E\\\\%3C/script\\\\%3E?']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T07:23:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f3f893fc-a551-4e28-b854-ab569b2c65e4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T07:23:12.000Z" ,
"modified" : "2022-08-25T07:23:12.000Z" ,
"description" : "Traffic to initial malicious domain that provides zip archive download:" ,
"pattern" : "[url:value = 'http://w7oaer.infocloudgruposolucaoecia.link/P05dWVqI0WghlU4/UeWgmk3mU3p8yeyxkUgI8Um1R1/65837/gruposolucaoeciainfocloudAvDk.T036']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T07:23:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ee62be81-f12a-4483-8607-7466e33413fe" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T07:23:12.000Z" ,
"modified" : "2022-08-25T07:23:12.000Z" ,
"description" : "Traffic to initial malicious domain that provides zip archive download:" ,
"pattern" : "[url:value = 'http://w7oaer.infocloudgruposolucaoecia.link//inc.php?/gruposolucaoeciainfocloud']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T07:23:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c2c89f4e-c684-40ad-b4a6-54298fe99aa4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T07:23:12.000Z" ,
"modified" : "2022-08-25T07:23:12.000Z" ,
"description" : "Traffic to initial malicious domain that provides zip archive download:" ,
"pattern" : "[url:value = 'http://w7oaer.infocloudgruposolucaoecia.link/YBZJPTBQV/482NJ8NS74J9/N6D6WW/gruposolucaoeciainfocloud_097.88933.61414z64y64']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T07:23:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--c8b27262-595e-43a2-852d-ef865c640198" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T12:31:58.000Z" ,
"modified" : "2022-08-25T12:31:58.000Z" ,
"first_observed" : "2022-08-25T12:31:58Z" ,
"last_observed" : "2022-08-25T12:31:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--c8b27262-595e-43a2-852d-ef865c640198" ,
"artifact--c8b27262-595e-43a2-852d-ef865c640198"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--c8b27262-595e-43a2-852d-ef865c640198" ,
"name" : "2022-08-19-ISC-diary-image-01.jpg" ,
"content_ref" : "artifact--c8b27262-595e-43a2-852d-ef865c640198"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--c8b27262-595e-43a2-852d-ef865c640198" ,
"payload_bin" : " / 9 j / 4 A A Q S k Z J R g A B A Q E A Y A B g A A D //gA7Q1JFQVRPUjogZ2QtanBlZyB2MS4wICh1c2luZyBJSkcgSlBFRyB2NjIpLCBxdWFsaXR5ID0gODAK/9sAQwAGBAUGBQQGBgUGBwcGCAoQCgoJCQoUDg8MEBcUGBgXFBYWGh0lHxobIxwWFiAsICMmJykqKRkfLTAtKDAlKCko/9sAQwEHBwcKCAoTCgoTKBoWGigoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgo/8AAEQgEsAUkAwEiAAIRAQMRAf/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//EALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/aAAwDAQACEQMRAD8A9Q+GXw58GX/w98OXd74Y0ie5msIXklktVLOxUZJOOtdN/wAKt8Cf9Clon/gIn+FTfCP/AJJh4W/7B0P/AKAK60nigDjP+FXeBf8AoUtE/wDARP8ACl/4Vd4F/wChR0T/AMBE/wAKk8SeONN0hZEhdbm4Q4KIeAfc1z9r8Y9Be4EV1FcQ9i+NwBrojha0480Yuxg8TSUuRy1Nz/hV3gT/AKFLRP8AwET/AAo/4Vd4F/6FHRP/AAET/Cuj0fVbLWLRbnTbiOeE90PSr9c7TTszZO+qON/4Vb4E/wChR0T/AMBE/wAKP+FW+BP+hR0T/wABE/wrsqKBnG/8Kt8Cf9Cjon/gIn+FH/CrfAn/AEKOif8AgIn+FdlRQBxv/CrfAn/Qo6J/4Bp/hR/wq3wJ/wBCjon/AICJ/hXZUUAcb/wq3wJ/0KOif+Aif4Uf8Kt8Cf8AQo6J/wCAif4V2VFAHG/8Kt8Cf9Cjon/gIn+FH/CrfAn/AEKWif8AgIn+FdlRQBxv/CrfAn/Qo6J/4CJ/hR/wq3wJ/wBCjon/AICJ/hXZUUAcb/wq3wJ/0KOif+Aif4Uf8Kt8Cf8AQo6J/wCAif4V2VFAHG/8Kt8Cf9Cjon/gIn+FH/CrfAn/AEKOif8AgIn+FdlRQBxv/CrfAn/Qo6J/4CJ/hR/wq3wJ/wBCjon/AICJ/hXZUUAcb/wq3wJ/0KOif+Aif4Uf8Kt8Cf8AQo6J/wCAif4V2VFAHG/8Kt8Cf9Cjon/gIn+FH/CrfAn/AEKOif8AgIn+FdlRQBxv/CrfAn/Qo6J/4CJ/hR/wq3wJ/wBClon/AIBp/hXZUUAcb/wq3wJ/0KWif+Aaf4Uf8Kt8Cf8AQpaJ/wCAaf4V2VFAHG/8Kt8Cf9Clon/gGn+FH/CrfAn/AEKOif8AgIn+FdlRQBxv/CrfAn/Qo6J/4CJ/hR/wq3wJ/wBCjon/AICJ/hXZZooA4z/hVvgX/oUtE/8AANP8KP8AhV3gX/oUtE/8A0/wrs6KAOM/4Vd4F/6FLRP/AADT/Cj/AIVd4F/6FLRP/ANP8K7OigDjP+FXeBf+hS0T/wAA0/wo/wCFXeBf+hS0T/wDT/CuzooA43/hVvgT/oUdE/8AARP8KP8AhVvgT/oUdE/8BE/wrsqKAON/4Vb4E/6FHRP/AAET/Ck/4Vd4F/6FLRP/AADT/CuzooA4z/hV3gX/AKFLRP8AwDT/AAo/4Vd4F/6FLRP/AADT/CuzooA4z/hV3gX/AKFLRP8AwDT/AApf+FW+Bf8AoUtE/wDANP8ACuyooA43/hVvgT/oUdE/8BE/wo/4Vd4E/wChR0T/AMBE/wAK7KigDjf+FXeBf+hR0T/wET/Cj/hV3gT/AKFHRP8AwET/AArsqKAON/4Vb4E/6FHRP/ARP8KP+FW+BP8AoUdE/wDARP8ACuyooA43/hVvgT/oUdE/8BE/wpP+FW+Bf+hS0T/wDT/CuzooA43/AIVd4F/6FHRP/ARP8KP+FW+BP+hR0T/wET/CuyooA43/AIVb4E/6FHRP/ARP8KP+FW+BP+hR0T/wET/CuyooA4z/AIVd4F/6FLRP/ANP8KP+FXeBf+hS0T/wDT/CuzooA4z/AIVd4F/6FLRP/ANP8KX/AIVb4E/6FHRP/ARP8K7KigDjf+FW+BP+hR0T/wABE/wpP+FW+Bf+hS0T/wAA0/wrs6KAON/4Vb4E/wChR0T/AMBE/wAKT/hV3gX/AKFLRP8AwDT/AArs6KAOM/4Vd4F/6FLRP/ANP8KX/hVvgT/oUtE/8A0/wrsqKAON/wCFW+BP+hR0T/wET/Cj/hV3gT/oUdE/8BE/wrsqKAON/wCFXeBP+hR0T/wET/Cj/hV3gT/oUdE/8BE/wrsqM0Acb/wq7wL/ANCjon/gGn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gGn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gGn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gGn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gGn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gGn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gGn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gIn+FH/CrvAv/AEKOif8AgIn+FdlRQBxv/CrvAv8A0KOif+Aaf4Uf8Ku8C/8AQo6J/wCAaf4V2VFAHG/8Ku8C/wDQo6J/4Bp/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq3wL/ANCjon/gGn+FH/CrfAn/AEKOif8AgIn+FdlRQBxv/CrfAn/Qo6J/4CJ/hR/wq7wL/wBCjon/AIBp/hXZUUAcb/wq7wL/ANCjon/gIn+FH/CrvAv/AEKOif8AgGn+FdlRQBxv/CrvAv8A0KOif+A
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c2a30035-48ae-40f5-86f6-124413506cb7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T07:05:10.000Z" ,
"modified" : "2022-08-25T07:05:10.000Z" ,
"labels" : [
"misp:name=\"report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://isc.sans.edu/diary/rss/28962" ,
"category" : "External analysis" ,
"uuid" : "d43c3904-7b68-47cb-8e70-822df291fa49"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Dairy" ,
"category" : "Other" ,
"uuid" : "942ecdc3-13a1-44fb-af08-2eb47a2a4e18"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--064047ba-5588-4b86-8de6-0995582dc8a0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T07:06:31.000Z" ,
"modified" : "2022-08-25T07:06:31.000Z" ,
"labels" : [
"misp:name=\"report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://otx.alienvault.com/pulse/6303804723bccc7e3caad737" ,
"category" : "External analysis" ,
"uuid" : "9d0fdc3e-65a6-43e9-a371-eb3b29e72c42"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--84344391-a4b4-43be-9035-5097dfabfbd7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T07:21:59.000Z" ,
"modified" : "2022-08-25T07:21:59.000Z" ,
"description" : "initial malicious domain" ,
"pattern" : "[domain-name:value = 'w7oaer.infocloudgruposolucaoecia.link' AND domain-name:resolves_to_refs[*].value = '172.67.217.95' AND domain-name:x_misp_port = '80']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T07:21:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fd2a4aed-7106-4690-a4a7-409591d0f6aa" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T07:52:32.000Z" ,
"modified" : "2022-08-25T07:52:32.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'ahaaer.pfktaacgojiozfehwkkimhkbkm.cfd') AND network-traffic:extensions.'http-request-ext'.request_method = 'GET' AND network-traffic:extensions.'http-request-ext'.request_value = '/?1/' AND network-traffic:x_misp_ip = '172.67.212.174']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T07:52:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a8f32a60-264e-41f7-afbb-8389eeb20508" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T07:55:07.000Z" ,
"modified" : "2022-08-25T07:55:07.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs') AND network-traffic:extensions.'http-request-ext'.request_method = 'HEAD' AND network-traffic:extensions.'http-request-ext'.request_value = '/?59792746413628799' AND network-traffic:x_misp_ip = '104.21.11.4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T07:55:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--12b17044-0396-41a2-90d8-99c0a9d72800" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T07:57:49.000Z" ,
"modified" : "2022-08-25T07:57:49.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs') AND network-traffic:extensions.'http-request-ext'.request_method = 'GET' AND network-traffic:extensions.'http-request-ext'.request_value = '/?59792746413628799' AND network-traffic:x_misp_ip = '104.21.11.4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T07:57:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9e37ae47-066a-419e-bf01-767ce62eec2a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T08:00:04.000Z" ,
"modified" : "2022-08-25T08:00:04.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs') AND network-traffic:extensions.'http-request-ext'.request_method = 'HEAD' AND network-traffic:extensions.'http-request-ext'.request_value = '/?33954141807632999' AND network-traffic:x_misp_ip = '104.21.11.4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T08:00:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--341f6945-6d2e-4371-85d8-fdb865724cf3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T08:00:09.000Z" ,
"modified" : "2022-08-25T08:00:09.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs') AND network-traffic:extensions.'http-request-ext'.request_method = 'GET' AND network-traffic:extensions.'http-request-ext'.request_value = '/?33954141807632999' AND network-traffic:x_misp_ip = '104.21.11.4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T08:00:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--763161ce-dd82-4b8f-ba22-d36bd98bc131" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T08:09:27.000Z" ,
"modified" : "2022-08-25T08:09:27.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs') AND network-traffic:extensions.'http-request-ext'.request_method = 'GET' AND network-traffic:extensions.'http-request-ext'.request_value = '/?71576927405639060' AND network-traffic:x_misp_ip = '104.21.11.4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T08:09:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ed6b4e81-0f6a-486d-90cc-263516bde2b1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T08:09:31.000Z" ,
"modified" : "2022-08-25T08:09:31.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs') AND network-traffic:extensions.'http-request-ext'.request_method = 'HEAD' AND network-traffic:extensions.'http-request-ext'.request_value = '/?71576927405639060' AND network-traffic:x_misp_ip = '104.21.11.4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T08:09:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d5b5e0be-8ba1-4971-9b02-b989f0ffda1b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T08:12:24.000Z" ,
"modified" : "2022-08-25T08:12:24.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs') AND network-traffic:extensions.'http-request-ext'.request_method = 'HEAD' AND network-traffic:extensions.'http-request-ext'.request_value = '/?59784568396678051' AND network-traffic:x_misp_ip = '104.21.11.4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T08:12:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--da91ab76-e168-4747-87c9-81f5e686d33f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T08:12:29.000Z" ,
"modified" : "2022-08-25T08:12:29.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs') AND network-traffic:extensions.'http-request-ext'.request_method = 'GET' AND network-traffic:extensions.'http-request-ext'.request_value = '/?59784568396678051' AND network-traffic:x_misp_ip = '104.21.11.4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T08:12:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0ee28202-8cc1-4e77-bc13-c213883f2e46" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T08:14:26.000Z" ,
"modified" : "2022-08-25T08:14:26.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs') AND network-traffic:extensions.'http-request-ext'.request_method = 'GET' AND network-traffic:extensions.'http-request-ext'.request_value = '/?40018133101693668' AND network-traffic:x_misp_ip = '104.21.11.4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T08:14:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cda082db-9efd-41c0-9836-64395fe5300c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T08:14:31.000Z" ,
"modified" : "2022-08-25T08:14:31.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs') AND network-traffic:extensions.'http-request-ext'.request_method = 'HEAD' AND network-traffic:extensions.'http-request-ext'.request_value = '/?40018133101693668' AND network-traffic:x_misp_ip = '104.21.11.4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T08:14:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--76598496-4b19-4a76-9b2a-91e206eec5d3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T08:16:21.000Z" ,
"modified" : "2022-08-25T08:16:21.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs') AND network-traffic:extensions.'http-request-ext'.request_method = 'HEAD' AND network-traffic:extensions.'http-request-ext'.request_value = '/?33450285101613952' AND network-traffic:x_misp_ip = '104.21.11.4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T08:16:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6f82506a-1b4e-4161-a0ea-a76a8989f6c5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T08:16:26.000Z" ,
"modified" : "2022-08-25T08:16:26.000Z" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'cteasc.ijnkwnkxeguxaxmldwyogggwfk.sbs') AND network-traffic:extensions.'http-request-ext'.request_method = 'GET' AND network-traffic:extensions.'http-request-ext'.request_value = '/?33450285101613952' AND network-traffic:x_misp_ip = '104.21.11.4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T08:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c3ef89ed-bfa9-4cd9-9ab0-a68c59bac805" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T08:48:14.000Z" ,
"modified" : "2022-08-25T08:48:14.000Z" ,
"description" : "Data exfiltration through HTTP POST request" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'hcu11m2mkk2.rouepcgomfhejergdahjcfcugarfcmoa.tk') AND network-traffic:extensions.'http-request-ext'.request_method = 'POST' AND network-traffic:extensions.'http-request-ext'.request_value = '/' AND network-traffic:x_misp_ip = '104.21.25.34']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T08:48:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--918d37c8-b620-4072-8b73-07cfe334fa3a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T08:48:53.000Z" ,
"modified" : "2022-08-25T08:48:53.000Z" ,
"description" : "Data exfiltration through HTTP POST request" ,
"pattern" : "[(network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'j2vfrc7gddo.aeabihjpejprueuibdjmhfmdcpsfr.gq') AND network-traffic:extensions.'http-request-ext'.request_method = 'POST' AND network-traffic:extensions.'http-request-ext'.request_value = '/' AND network-traffic:x_misp_ip = '172.67.165.46']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T08:48:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"http-request\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--21c80502-62f4-4c8e-855f-d8989df45ad8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T10:01:27.000Z" ,
"modified" : "2022-08-25T10:01:27.000Z" ,
"description" : "Example of downloaded zip archive" ,
"pattern" : "[file:hashes.SHA256 = 'f254f9deeb61f0a53e021c6c0859ba4e745169322fe2fb91ad2875f5bf077300' AND file:name = 'gruposolucaoeciainfocloud_097.88933.61414.zip' AND file:size = '1091']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T10:01:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--93621a33-455e-402d-929a-75d3c1ce5cf5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T10:00:48.000Z" ,
"modified" : "2022-08-25T10:00:48.000Z" ,
"pattern" : "[file:hashes.SHA256 = '5ca1e9f0e79185dde9655376b8cecc29193ad3e933c7b93dc1a6ce2a60e63bba' AND file:name = 'gruposolucaoeciainfocloud_097.88933157.086456.45192.cmd' AND file:size = '338']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T10:00:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cea55e6a-2a6d-46c6-b8fd-dede0b4cc0ba" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T10:00:30.000Z" ,
"modified" : "2022-08-25T10:00:30.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'db136e87a5835e56d39c225e00b675727dc73a788f90882ad81a1500ac0a17d6' AND file:name = 'gruposolucaoeciainfocloud_097.88933157.086456.45192.lNk' AND file:size = '1341']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T10:00:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--aa63b00b-a7b2-4fda-9384-09ba97a9cd1c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T12:26:21.000Z" ,
"modified" : "2022-08-25T12:26:21.000Z" ,
"labels" : [
"misp:name=\"lnk\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "lnk-command-line-arguments" ,
"value" : "%WINDIR%\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -windowstyle hidden -Command C:\\W45784602214\\Asus.CertificateValidation.2022.1728.641.AutoIt3.exe C:\\W45784602214\\Asus.CertificateValidation.2022.1728.641.AutoIt3.log" ,
"category" : "Other" ,
"uuid" : "ae85c254-10d8-4ee9-96bb-aa1e353824dd"
}
] ,
"x_misp_comment" : "Command from Windows shortcut in Windows Startup folder on the infected Windows host" ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "lnk"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8a53113d-2c57-4bfc-a001-1de27e002e50" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T12:30:06.000Z" ,
"modified" : "2022-08-25T12:30:06.000Z" ,
"description" : "Windows EXE for AutoIt v3, not inherently malicious" ,
"pattern" : "[file:hashes.SHA256 = '237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d' AND file:name = 'Asus.CertificateValidation.2022.1728.641.AutoIt3.exe' AND file:size = '893608' AND file:parent_directory_ref.path = 'C:\\\\W45784602214\\\\' AND file:x_misp_fullpath = 'C:\\\\W45784602214\\\\Asus.CertificateValidation.2022.1728.641.AutoIt3.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T12:30:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9356c0e4-d1c3-42d9-a50b-c3ad66045487" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-08-25T12:31:11.000Z" ,
"modified" : "2022-08-25T12:31:11.000Z" ,
"description" : "Malicious data binary, AutoIt v3 compiled script run by above Windows EXE for AutoIt v3" ,
"pattern" : "[file:hashes.SHA256 = 'e31658734d3e0de1d2764636d1b8726f0f8319b0e50b87e5949ec162ae1c0050' AND file:name = 'Asus.CertificateValidation.2022.1728.641.AutoIt3.log' AND file:size = '246116' AND file:parent_directory_ref.path = 'C:\\\\W45784602214\\\\' AND file:x_misp_fullpath = 'C:\\\\W45784602214\\\\Asus.CertificateValidation.2022.1728.641.AutoIt3.log']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-08-25T12:31:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--a378892d-c379-49fe-8260-3f06be0a8452" ,
"created" : "2022-08-25T10:01:01.000Z" ,
"modified" : "2022-08-25T10:01:01.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "contains" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--21c80502-62f4-4c8e-855f-d8989df45ad8" ,
"target_ref" : "indicator--93621a33-455e-402d-929a-75d3c1ce5cf5"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--6f6f2116-f55b-47c5-93de-8ceceecc9221" ,
"created" : "2022-08-25T10:01:27.000Z" ,
"modified" : "2022-08-25T10:01:27.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "contains" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--21c80502-62f4-4c8e-855f-d8989df45ad8" ,
"target_ref" : "indicator--cea55e6a-2a6d-46c6-b8fd-dede0b4cc0ba"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--4b3d8950-862d-4922-a91e-50b6bfef45c6" ,
"created" : "2022-08-25T10:00:48.000Z" ,
"modified" : "2022-08-25T10:00:48.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "contained-within" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--93621a33-455e-402d-929a-75d3c1ce5cf5" ,
"target_ref" : "indicator--21c80502-62f4-4c8e-855f-d8989df45ad8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--81fc3515-ccca-4d3f-a840-596b27ef76b9" ,
"created" : "2022-08-25T10:00:30.000Z" ,
"modified" : "2022-08-25T10:00:30.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "contained-within" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--cea55e6a-2a6d-46c6-b8fd-dede0b4cc0ba" ,
"target_ref" : "indicator--21c80502-62f4-4c8e-855f-d8989df45ad8"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}