2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--2af530f6-7486-4a15-aa87-248d0c0b1e9f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-10-26T08:31:02.000Z" ,
"modified" : "2022-10-26T08:31:02.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--2af530f6-7486-4a15-aa87-248d0c0b1e9f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-10-26T08:31:02.000Z" ,
"modified" : "2022-10-26T08:31:02.000Z" ,
"name" : "Charting TA2541's Flight" ,
"published" : "2022-10-26T10:03:18Z" ,
"object_refs" : [
"observed-data--62d778fa-31d2-4fce-873d-e52d520f490c" ,
"file--62d778fa-31d2-4fce-873d-e52d520f490c" ,
"artifact--62d778fa-31d2-4fce-873d-e52d520f490c" ,
"observed-data--8a6753cd-78ca-47c2-bce5-28157520225a" ,
"file--8a6753cd-78ca-47c2-bce5-28157520225a" ,
"artifact--8a6753cd-78ca-47c2-bce5-28157520225a" ,
"observed-data--8750e8ca-860e-4233-8124-939b41750ebb" ,
"file--8750e8ca-860e-4233-8124-939b41750ebb" ,
"artifact--8750e8ca-860e-4233-8124-939b41750ebb" ,
"observed-data--b6776413-b39b-408c-a448-18417210dc8c" ,
"file--b6776413-b39b-408c-a448-18417210dc8c" ,
"artifact--b6776413-b39b-408c-a448-18417210dc8c" ,
"indicator--fe0176be-c570-4f2b-b9ae-c7023ca7b71b" ,
"indicator--4acf48c6-3ed1-4f94-bea7-1b6fe801b981" ,
"indicator--2c869f55-df5e-4fcc-bf17-62fc3863bb19" ,
"indicator--a133c8af-bc05-4bb2-a36e-90b4af326986" ,
"indicator--3628809d-188b-4847-b6e0-35480e458a45" ,
"x-misp-attribute--e621892e-e32d-42f9-afd4-92e58d53e48c" ,
"x-misp-attribute--8ab0b8d2-636c-42b7-849b-b0e371b5abc1" ,
"x-misp-object--e69d8cb6-b8a0-42bc-8c6c-e029f4b5ffd0" ,
"indicator--b8f20704-a074-4f20-bc8a-9f11b9097cc6" ,
"indicator--9ae3bc26-f58a-4300-94ab-90458a50a139" ,
"indicator--5167f167-110f-4077-a9fb-241c1313b211" ,
"indicator--a7ab830c-17f5-4025-9117-7c9a00d43a2c" ,
"indicator--5342d9e1-7c5d-4828-a628-83921af6f5da" ,
"indicator--58fa717d-e89b-46a4-af67-555b5edd2dd3" ,
"indicator--88ad8d69-fd5c-4a63-b3ea-61e277aa6075" ,
"indicator--5539b401-b3de-4a63-8408-8931221e2eef" ,
"indicator--628537f8-082a-4e57-a999-3ce83edf1916" ,
"indicator--ac69b73c-cec5-4d3c-ba0f-d09d9c0f6c5a" ,
"indicator--99e898e2-c31d-4d78-ae4f-ad89da26a73c" ,
"indicator--cc6b04fc-0b4d-49f0-aa61-2567aaec8cf5" ,
"indicator--4e311bed-a38f-4064-8de9-7eb32bebdacd" ,
"indicator--1225baa7-e3e9-4d64-b0d0-140012fb4987" ,
"indicator--9d7ba649-2b4e-4dc0-ad58-fec05509454a" ,
"indicator--c36a2697-8119-46e0-b89f-01384eb2053d" ,
"indicator--8962cf89-2169-4b50-8eb5-a365e15941ba" ,
"indicator--8c5391ff-1d25-46d1-9435-77bcaf4418f6"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"ms-caro-malware:malware-type=\"RemoteAccess\"" ,
"enisa:nefarious-activity-abuse=\"remote-access-tool\"" ,
"veris:asset:variety=\"S - Remote access\"" ,
"veris:action:misuse:vector=\"Remote access\"" ,
"ms-caro-malware-full:malware-type=\"RemoteAccess\"" ,
"CERT-XLM:malicious-code=\"spyware-rat\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\"" ,
"misp-galaxy:threat-actor=\"TA2541\"" ,
"circl:incident-classification=\"phishing\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--62d778fa-31d2-4fce-873d-e52d520f490c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-18T13:46:54.000Z" ,
"modified" : "2022-02-18T13:46:54.000Z" ,
"first_observed" : "2022-02-18T13:46:54Z" ,
"last_observed" : "2022-02-18T13:46:54Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--62d778fa-31d2-4fce-873d-e52d520f490c" ,
"artifact--62d778fa-31d2-4fce-873d-e52d520f490c"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--62d778fa-31d2-4fce-873d-e52d520f490c" ,
"name" : "Screen Shot 2022-02-09 at 9.15.21 AM.png" ,
"content_ref" : "artifact--62d778fa-31d2-4fce-873d-e52d520f490c"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--62d778fa-31d2-4fce-873d-e52d520f490c" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B A 4 A A A H 7 C A Y A A A B M u d 1 N A A A B Q m l D Q 1 B J Q 0 M g U H J v Z m l s Z Q A A K J F j Y G A S S C w o y G F h Y G D I z S s p C n J 3 U o i I j F J g f 8 b A x M D J w M G g w y C b m F x c 4 B g Q 4 A N U w g C j U c G 3 a w y M I P q y L s i s i 3 v r 331 O l d x 7 X i s 6 p e + P 1 W d M 9 S i A K y W 1 O B l I / w H i p O S C o h I G B s Y E I F u 5 v K Q A x G 4 B s k W K g I 4 C s m e A 2 O k Q 9 h o Q O w n C P g B W E x L k D G R f A b I F k j M S U 4 D s J 0 C 2 T h K S e D o S G 2 o v C H A E O / o G h / q 5E3 A q 6 a A k t a I E R D v n F 1 Q W Z a Z n l C g 4 A k M o V c E z L 1 l P R 8 H I w M i I g Q E U 3 h D V n 8 X A 4 c g o d g o h l m / F w G B x g o G B e S p C L O k F A 8 P 2 m w w M k t w I M Z U t D A z 88 Q w M 23 o L E o s S 4 Q 5 g / M Z S n G Z s B G H z F D E w s P 74 //+zLAMD+y4Ghr9F////nvv//98lQPOB5h0oBACfV2CfsbqXEQAAAFZlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA5KGAAcAAAASAAAARKACAAQAAAABAAAEDqADAAQAAAABAAAB+wAAAABBU0NJSQAAAFNjcmVlbnNob3S986+/AAAB12lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4xMDM4PC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6VXNlckNvbW1lbnQ+U2NyZWVuc2hvdDwvZXhpZjpVc2VyQ29tbWVudD4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjUwNzwvZXhpZjpQaXhlbFlEaW1lbnNpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpxn2WpAABAAElEQVR4Aey9Z5cbx7YluOG9K5T3nlX0FCl/3evb5vXMWj1rpv/qrJ6Z/vD6vfuuLCl6WyzvPQreA7N3oFAsSqREJ1FXipRAoIDMyIgdkZlx9tnnhKPJDXazCFgELAIWAYuARcAiYBGwCFgELAIWAYuARcAi8AIEnC/4zn5lEbAIWAQsAhYBi4BFwCJgEbAIWAQsAhYBi4BFwCBgiQM7ECwCFgGLgEXAImARsAhYBCwCFgGLgEXAImAReCkCljh4KTT2B4uARcAiYBGwCFgELAIWAYuARcAiYBGwCFgELHFgx4BFwCJgEbAIWAQsAhYBi4BFwCJgEbAIWAQsAi9FwP3SX+wPFgGLgEXAImARsAhYBCwCFgGLwGsh0M473n5/rYP/wXZ2OBzQq72pzb+Hdrfb+77e25i339uYt9/fV71+7ec14xUcr8dDto1X+/3XXv83rV97nLTf37ScnyQOGo2GvQG8Kbr2OIuARcAiYBGwCFgELAIWgd8NApo3V6tVlEol6PNveZMR4vF44Pf74XQ6jb2gdlcqFWs7vELHy1jVq23Mtd9f4VC4nC74/D54vV6ze3vM1ev1Vzn8d7kPKS643C4zXt3ulgmssfpbv1Y1rtRen89n3tttf5NB4OCAfelyjPpJA/C3fuN7E+DsMRYBi4BFwCJgEbAIWAQsAhaB0wjUajWk02nzlcvlOv3Tb+5z204QcRAKhQxhcnh4aAyU1zGCf3PAvGKDZOxns1kkEglzxOtgpnEm/JPJpLHT8vk89J0InNcp5xWr+pvZTXatMIrFYga3VCoFXaf67re6aZzIlhfJF4/HDXnwpm39ScXBmxZsj7MIWAQsAhYBi4BFwCJgEbAI/J4Q0ARdxokm6DJIfstGnNoqg1UGsDYZKDJeOzs7f9OG2Lsaz/J0FwoFRCIRM05eZ6zoWJE0BvdGy9ErAkev1ynnXbXlH6Ecjc9yuWzIGtVX41djt32t/iO04U3qqHZqnLWv0zcpo32MJQ7aSNh3i4BFwCJgEbAIWAQsAhYBi8BbICDjRJuMt1fx/ra9gTrmVfbXfr+mTe1st1nveqkdP+bBlSHTpLHrcLYCzRv87OTnHzvm19Tmd1UXYVUsFl95rJw+bxsrldFotsLK1RftcXd6X/v5GQLCTZi1tzZebTzb3//W3t9V+yxx8FsbGbY9FgGLgEXAImARsAhYBCwCv3oEZEDLA6rQBsUfSz4tQ+Z9bDKmZE/JgP85N7VZKoVsJotwJGyMOBnP0WgUgUDgl2+/MbyVZ0AS/3fRcuJIIqTJ8gTlq+Kq/d5X37+LVv+aymgRAyJRfk21+m3UxRIHv41+tK2wCFgELAIWAYuARcAiYBH4B0FAxo3kwwsLC1hZWcH4+Lgxnt9H9Zv1KgrZNFIFoLMrDp/H3U46/06r06g3kMlm8PjxY2xtbZk2C4OjoyNcunTpl5fZN+uoFDPY38vC29mPjiDbTWPzze1NhmpUCkjtHqAc7ERPxI1C5gj5qhMdyQS8TMx3mpdpGbjvFOLfeWEM2aiVkGfeiBLC6Ij64Xb9dnMXvI/Otmi+D9TtOS0CFgGLgEXAImARsAhYBH63CEhpsLa2ZoxoxR4Hg0GqDyomDvnHMuM36bGvlkso0UuvOPcSy6lUa4zXfnMo61XGy28s4eHcGnKVmtzkb17YS440REmxRZQsLy+bsIT9/X20P+swZbhX219kUJt2V8rP2l1qtbtO7/4bb80q8qlNPLj1AGsZYsiiXrnpDA+os77qs2d1oIKkkMLyo7t4sp5BpVzAzvoiniyso1BW+W9R1zdu5I8fKAVIG/eX7SnsKxxzUobo1R53tbcYcy8719t930S1mMb6whM83soy38aLx9Krn4NhIPWawadG0ut07zXZ/zX1P6+XXx0Mr97A197TKg5eGzJ7gEXAImARsAhYBCwCFgGLgEXgzRCQcby3t4enT5+aMAUtj3b37l1jRCtcobu722TL9/m0zGErbt2ciUZM/nAT9+7cwvJegdnRvfAEQkh2D2Jichxdxx7W15Joy5ilYVinUV4sKfs6ZfY82Zt73V+MiciR7e1to67QEoJq4/z8vAlbEIkig1SrCwwMDKCnp8cQKSerUjRrKNLAv3v7Dtudh9PlhscfNO0enxhDVyxEb/7rhxqIoGjUKlR+lFCtnzYLX9yGk29pNJay+1i4fw+LR16c/+wahom906EwhZohN8pV5R2gooGkTLnsemViR4a8tncVk35S5xd8UCLLzc1N0yejo6Po6e6Bx+t5LmRC7ckfbuPOV3/HckaZ+d2mbr5wApNXPseZbiVjfPfj5QXV/cmvTH9KPZPLI+dqrTrxkwf9yA6NagX7K3N4vLyLjunLmOyNUY2jhKckiHL7mLt1F6u1Hnz2h7OIUk3iPi0n+ZFy3/QnQ6hxmLZzg7xpOW9znCUOfgI9MUq6HF4p7kg3oOMO/bEbrjpeL5X5SuX+RB31s9hAFvbOynuFU/6udxHe7MHjPnwGRbtv1RdO3UlfcTspTxOEVzzG7vZ6CLRY9SqvvYZZ9/hkQvJ6xdi9LQIWAYuARcAi8FYIaK6gZ1Lbuy6jWhnyletgfX3dqBCGhoZw+fJls8xh+3klQ7RGz2+hUEWsfxxjfVGUjnaxsngL6UIdH149i2SAXlYahEaFwBmFkys7eDxeuJwtI1kGrTzfmm24SFi43R4SByILWnPTBg3FWrmIOmgIcfk2NycldRrX5WoTPr+PK0XQQH/D1qvNeokokWEsw1VbtfKs/TJkR0ZGcPHiRdN2M09usN2VPDK5MkL
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--8a6753cd-78ca-47c2-bce5-28157520225a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-18T14:05:00.000Z" ,
"modified" : "2022-02-18T14:05:00.000Z" ,
"first_observed" : "2022-02-18T14:05:00Z" ,
"last_observed" : "2022-02-18T14:05:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--8a6753cd-78ca-47c2-bce5-28157520225a" ,
"artifact--8a6753cd-78ca-47c2-bce5-28157520225a"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--8a6753cd-78ca-47c2-bce5-28157520225a" ,
"name" : "Screen Shot 2022-02-09 at 9.16.20 AM.png" ,
"content_ref" : "artifact--8a6753cd-78ca-47c2-bce5-28157520225a"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--8a6753cd-78ca-47c2-bce5-28157520225a" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A r g A A A J 1 C A Y A A A A y t o N F A A A B Q m l D Q 1 B J Q 0 M g U H J v Z m l s Z Q A A K J F j Y G A S S C w o y G F h Y G D I z S s p C n J 3 U o i I j F J g f 8 b A x M D J w M G g w y C b m F x c 4 B g Q 4 A N U w g C j U c G 3 a w y M I P q y L s i s i 3 v r 331 O l d x 7 X i s 6 p e + P 1 W d M 9 S i A K y W 1 O B l I / w H i p O S C o h I G B s Y E I F u 5 v K Q A x G 4 B s k W K g I 4 C s m e A 2 O k Q 9 h o Q O w n C P g B W E x L k D G R f A b I F k j M S U 4 D s J 0 C 2 T h K S e D o S G 2 o v C H A E O / o G h / q 5E3 A q 6 a A k t a I E R D v n F 1 Q W Z a Z n l C g 4 A k M o V c E z L 1 l P R 8 H I w M i I g Q E U 3 h D V n 8 X A 4 c g o d g o h l m / F w G B x g o G B e S p C L O k F A 8 P 2 m w w M k t w I M Z U t D A z 88 Q w M 23 o L E o s S 4 Q 5 g / M Z S n G Z s B G H z F D E w s P 74 //+zLAMD+y4Ghr9F////nvv//98lQPOB5h0oBACfV2CfsbqXEQAAAFZlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA5KGAAcAAAASAAAARKACAAQAAAABAAACuKADAAQAAAABAAACdQAAAABBU0NJSQAAAFNjcmVlbnNob3TEUmxiAAAB1mlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj42OTY8L2V4aWY6UGl4ZWxYRGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpVc2VyQ29tbWVudD5TY3JlZW5zaG90PC9leGlmOlVzZXJDb21tZW50PgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+NjI5PC9leGlmOlBpeGVsWURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+Co5EJkEAAEAASURBVHgB7L33k1xXmiV20nufWd4beEfQjtvZDc2u9h+VfpBCilCEVhG72tVMT/d0s2lhy3tfWem9T51zsxIoAAUCIMFukMxHFior8+V7937Xne9857vP0uWBC0e320Gr1b7wzuDlwAIDCwwsMLDAwAI/zQLtdhuFQgGVSgWBQAAOh+O1F9SypPNbrRasVqs512KxvPb8D+GDZrOJarViyhoKhWCz2dBoNJDPF0xd/H6/ee/lsvbrqTrLJvqta+n7+vtDr/fL9XmXvyuVKtLpFDweD6LRqGnrt/2+7FSv12nzKoLBIGRfoGv+zmZzcLvd5ufXbL+3tZXGUalUgtPpRCgUhN3u4NhqIpfLodPpGvvb7fa3vdwHc16/XiqQz+tCo15FYniM9XOaMv7yavTBmHZQkIEFBhYYWGBggfdtAQEXAcOzszOcnp4iHApjembaAL5fG1jRAp3JZHB0eAgbAcbExAQBcR6pVAqjI6MYHhnmYv1rXqZf4Nfed1caXO83Z4EX+9OveeT85pp2UOGBBQYWGFjgl24BMZrJZBLff/89Tk5OMD8/j7HxsUvZz19yXTudjmG0l5aWsLa2hoA/gHK5jI2NDQPwBfSjseivHOD+kltwUPYP3QLWD72Ag/INLDCwwMACAwv8Niwg0CcG8+nTp9jZ2YGDodTR0VETqv81WUDgVVINAduVlRUTane6nKbOx8fH8Hq9iMViv7p6/5racFCXD98CAwb3w2+jQQkHFhhY4CdaQJrGo6MjHBwcYGxsDFNTk2QEB9PfTzTre/26wG2xWIQYTYE+AV1pLMXkHjKEL41mPB5HOByGz+e7VLLQIftbq5SQyWZRqzcAqx0enx+RSARupx3Wd9HxEoS2aiUcH+xh+6yCO3duI+hz8xo/rdoCt7VaDbu7u3j8+LFha4eGhkxd9Z7qLJD77bffmv46PDyMRCJhdMuSK1yUaShnplGrIk8tZaFURgcW6izdCLG+fp8Hdup436W4sl+OmtjN3QNEpuYxnQjD8RY0mOrUatTIQJfQ7DoRDHjhdNj5XgWnR4fYP61gYXYUWV67YvXjytw4PA7bpYZUP7Co1Pr/pfbSfX6OQ/eUVEQOh+559epValV7OuqX76cyNGnzQjaNfKWGNjWsNocLfuqAY5EwbJeU++Vr/Jx/t+oVnOxt4yDTwOTcPMYTwXe+XafdQpXjqFytw+rwUibE8UYtvPpSl7aqU2teKBTh9PqpffXSEbu8Ld/5xro+7aufy/rAxfZ/uW9cdq/BDH+ZVf6C73U7bTPBWTgRSfj9dhMwEzCaLTQpErdQTO2w297ye3/Bir1wqy40cda54NiYNKFJ+u3q+cJF3vkPDdIGF4tmuwOnWxPuu03273zDv/oX2C/YJxqNJhxc5GzsF5qQ3nSYxFICQM7TsDucnMje5ltvuuqH9HmXwKmAhw8fYnl5GQsL80xKCZAhi39IhRyUhRaQ9jadTht2U/pUAUHJFKRJ1bwhZlNAd2ZmBnOzc/D6vC9IF7rtJrLJYzx4vISO1WnGfBtWhBJTuHN9Fn4morz93MN5i+OplM/hNJlHrdECcZsBXj+1sVQ3gXlJEsRSq14CWKqvwJbeF9gV0FUClkDutWvXMDk5+ULilMBGMZvEk+8fIlluEYgQzPA9TyiOK1cXMBQlSHsJJP5g2QksGgQvqbM0bPExtEGA+4Nf6H0ou2dOD/Dg2+9R947is0/uIB72Q++XSwXqqfMYGwoil82gbOtw7RojwH3xwgIvqvfOzq5JgJIjqrZWsp0+E+Mt6Yr6iFh9JSq+z0PXlROcpXOk+12/ft04U68AKX5WyqWx/P2XSLU8bA8XfP4ghm0uRMMs0V95+tS6V85nkTyrIzw8CSTe3UrtJp2s3XU8XNmGf3gBX9y/ybHj5EgiuK/msbf2FN+vHGDhzie4MjPBdePt1po3lUTyJI0DERFKHFQ7a2zo6OvVNT+o7UdGRt50Obx3gCvj1msVIv8aOwnvbzJgnUT5PgPE3lii93hCq9VAkQ1dLNfgiwwh4pf3/X57n+pbLGTpPdfg8YfowQXfoX+zszDr74SDqmZxY3pinCzDmz0hTWoV3vOY32sGhrE4OQQnJ4H3f/QAU4mZz4VyHXFOsi67lV65GANmQze6GBkdNh5+vVqiDSro2r0YjodesgEzW8t57G7twBYcwezUCJwEXz/m6LBNSwQr1UYHEYbwXnedDifWfOYM+3t7yDWsmLlyAxNR3yuMQL8MAnnNRp2TcQl51rfR5E4i7Csuj4+TXIhsCBfS99x3+vd+X7+73TaKuRR2tvYRn17ESDxMBufN9Eu7SVBxeoJcqY7x2XkE3O99WnhfVXzH6xCgELVr4dLCuLm5YRav3d09Ax76DE1vAXu/88I7FnRwOi2gdtBiNj09bZLLBGqVGT8+Pg6Xy0XwUzGOiqQLAiECggIh2mWhD0I0N8qpbbVtGCMYjPrs2N/dwcbqEqYmRuAii9vlHCJnu2uxEpyQ5eSc1iHgbHMul5Mntt9Kdt+pXR64iGlu0MLbrNdQrdk459jJWNl5f5ET3O2AAFUg7F0O1UesrZhZJdMpm1111aIukCfGWZ/ryGay7Lubpgyyjxb9Z/fTvMVyVcgkuoPDWLgyg2LqFLtHJziOc82jI8dZHDXuNNDqgI6viwwviRRyvU3aqc2ZWnUToJNz6yJQ0WtTX9atRgavS0rS7erZosm5otu1kKigI8z3NWoMi1wtI3VyiN39E7jCLSQzMwiIQaY91U5t/ui6HZZXP4IGlx0CscvLS8Ymc3NzuHf
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--8750e8ca-860e-4233-8124-939b41750ebb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-18T14:22:23.000Z" ,
"modified" : "2022-02-18T14:22:23.000Z" ,
"first_observed" : "2022-02-18T14:22:23Z" ,
"last_observed" : "2022-02-18T14:22:23Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--8750e8ca-860e-4233-8124-939b41750ebb" ,
"artifact--8750e8ca-860e-4233-8124-939b41750ebb"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"Payload delivery\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--8750e8ca-860e-4233-8124-939b41750ebb" ,
"name" : "Screen Shot 2022-02-09 at 9.29.02 AM.png" ,
"content_ref" : "artifact--8750e8ca-860e-4233-8124-939b41750ebb"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--8750e8ca-860e-4233-8124-939b41750ebb" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A p A A A A I Y C A Y A A A D a V t z l A A A B Q m l D Q 1 B J Q 0 M g U H J v Z m l s Z Q A A K J F j Y G A S S C w o y G F h Y G D I z S s p C n J 3 U o i I j F J g f 8 b A x M D J w M G g w y C b m F x c 4 B g Q 4 A N U w g C j U c G 3 a w y M I P q y L s i s i 3 v r 331 O l d x 7 X i s 6 p e + P 1 W d M 9 S i A K y W 1 O B l I / w H i p O S C o h I G B s Y E I F u 5 v K Q A x G 4 B s k W K g I 4 C s m e A 2 O k Q 9 h o Q O w n C P g B W E x L k D G R f A b I F k j M S U 4 D s J 0 C 2 T h K S e D o S G 2 o v C H A E O / o G h / q 5E3 A q 6 a A k t a I E R D v n F 1 Q W Z a Z n l C g 4 A k M o V c E z L 1 l P R 8 H I w M i I g Q E U 3 h D V n 8 X A 4 c g o d g o h l m / F w G B x g o G B e S p C L O k F A 8 P 2 m w w M k t w I M Z U t D A z 88 Q w M 23 o L E o s S 4 Q 5 g / M Z S n G Z s B G H z F D E w s P 74 //+zLAMD+y4Ghr9F////nvv//98lQPOB5h0oBACfV2CfsbqXEQAAAFZlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA5KGAAcAAAASAAAARKACAAQAAAABAAACkKADAAQAAAABAAACGAAAAABBU0NJSQAAAFNjcmVlbnNob3QNWlg4AAAB1mlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj42NTY8L2V4aWY6UGl4ZWxYRGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpVc2VyQ29tbWVudD5TY3JlZW5zaG90PC9leGlmOlVzZXJDb21tZW50PgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+NTM2PC9leGlmOlBpeGVsWURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+CjQkQ/YAAEAASURBVHgB7L33k11Hmh14nvfe1CvvUfAgQYJuutVSj3ZW6zShCMXqh/1n9G9sxCp2Q1LshmI0oZF2Z9Q9GnaTTW/ggUJ575733u358tUDCoWCIwGQAPOShXp13zWZJ/PePHm+78vP0OUGvWkENAIaAY2ARkAjoBHQCGgEnhEB4zMepw/TCGgENAIaAY2ARkAjoBHQCCgEzMdx6HQ6aLfbx3frvzUCGgGNgEZAI6AR0AhoBH6hCBiNRpiMJsDQA+ARAlmr1VAul6Et27/QHqKrrRHQCMBgMOh3oO4HPyMEZMTW3mY/owb5RRbFZrPB4/HAaOgZrx8hkFarDcIyNYH8RfYPXWmNgEaACBj4X1cP2K+kL8hY8zqPNzLZkK0/6Xg5dXnzCKTg9XIxeyXd97lv0q+3nPi69X2LxaLarF/pRwik0WiA2Wx+rR/ofuX0b42ARkAjoBH4+SIgA2i9Xker1XotxxwhAzKoyo8IL41GQ/28HBL5825HweJZNznW6XQqzMRlrl6ro915813n+v3FarUqIiZ9v9lsvhZ9X8ou3PDo9vBfR7/RnzUCGgGNgEZAI/ASERCf+2q1ep9Avm7ESwZVu91+f2AVQlCpVF4iYj/PSwsJMplMihA+rYR91U1wE9ItfaBcKavfTzv3df9e+ovD4VATDvksLoPy87psMlES8tvfNIHsI6F/awQ0AhoBjcBPgoCQj9dxEzIkRODoJqRIfo7vP3rMm/RZCKAor1Jni9lyP8DicXWU40VxPrr9UjA73l+kj7wudT/eZtJ+ehmfo71Yf9YIaAQ0AhqBnxUCQjhEpXldTH0ngSfEQdRJIVoyEPc/y/7XeevXq1gs9tpH+w2/zs353GXXCuRzQ6ZP0AhoBDQCGoFXgYCQx2w2i83NTYRCIcRiMWVCe5q61+V5nfvkrKfyHBMKn1j8PrF72n2eeJHDL+VasrLJ6uqqKrvb7UYul1M+gGNjY8qc+fjr9AKMOp3eb4Oom4yAfZ660MHukNZJ0Mrj76S+uX9sLyhI9h3FQtpDMDmKi+yTn/5xT7nDK/u625VykaALR2dsx3Pj9qNKKu3Vu8BRrJ7nklJ+ucbDeHdVnR7e9zxXfbHHagL5YvHUV9MIvHAE5MX8Q19CL7ww+oIagVeEgPT7QqGApcUlrKyu4Ny5c4pEih+WbE96JsqFNAqlCpodEi6LA5GQDzae91QCdVi3VrOOcq0Jj9vFde9+nKFOfDy3trZw8+ZNhMNh5S+ZTqcxMTGBwcHB+/6TJ9WnKwEmlTxSuTLXZ+7C4nDB5/PBaXv2urQbFVTbJljou2Y1PZl8tlnvaqWKDjFzO2RFFgMDXCpodAAnfRbLpSJ9+Jz3ffgO4XroV59IHq/Pi3iPyTX61zl+/YcKwYCcVq2IZK5EZbQNK8vs9wdht5r6Sxg+dPgL/6PdpMrcQMdk4z0ZYPU04n6sAF2Wv1ktIl/rQiYcdqtZ9d1Op4l0qggn+6WT7fNEDI5d82X8+eOejJdRIn1NjYBGQCEg0YmiXIhacZL/iYZJI/AmIyAma1Ht7ty9AzGRisqVSqWQTCbV3/L94yymB2s3cfvWDSwu3MOd+QUcZIqot6joPCNg5UIWi1sHqDce9tV7xtPvHybP8P7+Pm7cuKHM1vL3ysoK8vm8qk8ykVR1EhN9n3jdP5kfOq06cjt3ce3WXdxdWMDte8vYPcigyes800YVq15IYG0/hUKNke5POalazmB5/g5Wt+Ook3jJlk/uYG03iSoJ0cbaEkokkSeVVY6V+pVKpUci0WW/1PHHvsekzROJhFKln9T+nU4L5fgabt9dIG5L2NjaQ60pkf5Sype/dZo1JA62kCpUGV3+/Dftthoo7C7i22t3kcgW0RbizDrVi3Fcv3YLB4kssSarfwGbtI24VEjbHG1XwVf2H913/HY/SoG8LxGzWxpEVhfH4eN3eIF/K6mcoJkYSn7STFKAEEYuTqkvYxOzSKvdeqjhTHQaNnFWZzypQC+jEG/4NQXj9iHGXbroms0mtvcrmjUewbZXjjaM7Gs/VduKcjE/P68GzPfffx/BYPCl9e0jVdcfNQI/OQIyaMnkaWNjQ5EFefd/99136C9kHIsNYmxsVCl4R6NC+wUvFErwDozjzMQwMitXsbSThc3uQMgBVKokaxx7rU43FTmg2ZC/O2gKwTRa4XLaSHYqSNN03qyFUOy4eioS2jy3QdOzQ73z+/d60m8ZhHd2dtQkcHJyEvF4XJFfqd/169extLREZcyP2dlZTFCRdLlcD6lKHSpZzXIBtoHTuDgdRWb1DlbWdxGN+GDsNFCucvkb8jwbI3vtVCVrlSIMvHZD6mKwsqxWNCsFqrF2KllVmLot+Fx2GEhGqo02VUkbA18Ox22CkkkcYDvNCWseGBuOwEblq1IqIFexE58QMpkUIgPDjyViQhLv3bsHr9eL4eFhYulSy/MI6RPyL/ukvs+79UmMKNJffPGFMv9funQJkUjkRBeALseQZiULa+wU5kajiHqsSgVs18soUllus71NVgdVVUYUk+xR6EOHeBhNXZitTqrVBlSKZZhsDlgtRlRrDThsZtTYd+okogbpJy6HaoMasW7zx+ogri1ei5OOVjnLfpthP4lgIOBmdZ+PGUm7VwtJbK5n4R8cQjDghb1bx8HKIjaSGYQnJhUX6TTKqLDcrA7sXBbJyrGyVSuj0eY6tgYL+4SJkxCWmcdwMGOZnWpMPVoaGWekj0pUvCji8jyJr65MfIRUipvFSc+YtOEPJpAdNlCdnVUaQwpjdbgpqTI83XS0aHK
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--b6776413-b39b-408c-a448-18417210dc8c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-18T14:36:42.000Z" ,
"modified" : "2022-02-18T14:36:42.000Z" ,
"first_observed" : "2022-02-18T14:36:42Z" ,
"last_observed" : "2022-02-18T14:36:42Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--b6776413-b39b-408c-a448-18417210dc8c" ,
"artifact--b6776413-b39b-408c-a448-18417210dc8c"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--b6776413-b39b-408c-a448-18417210dc8c" ,
"name" : "Screen Shot 2022-02-09 at 9.18.02 AM.png" ,
"content_ref" : "artifact--b6776413-b39b-408c-a448-18417210dc8c"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--b6776413-b39b-408c-a448-18417210dc8c" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A B D 0 A A A J w C A Y A A A C K 4 h r w A A A B Q m l D Q 1 B J Q 0 M g U H J v Z m l s Z Q A A K J F j Y G A S S C w o y G F h Y G D I z S s p C n J 3 U o i I j F J g f 8 b A x M D J w M G g w y C b m F x c 4 B g Q 4 A N U w g C j U c G 3 a w y M I P q y L s i s i 3 v r 331 O l d x 7 X i s 6 p e + P 1 W d M 9 S i A K y W 1 O B l I / w H i p O S C o h I G B s Y E I F u 5 v K Q A x G 4 B s k W K g I 4 C s m e A 2 O k Q 9 h o Q O w n C P g B W E x L k D G R f A b I F k j M S U 4 D s J 0 C 2 T h K S e D o S G 2 o v C H A E O / o G h / q 5E3 A q 6 a A k t a I E R D v n F 1 Q W Z a Z n l C g 4 A k M o V c E z L 1 l P R 8 H I w M i I g Q E U 3 h D V n 8 X A 4 c g o d g o h l m / F w G B x g o G B e S p C L O k F A 8 P 2 m w w M k t w I M Z U t D A z 88 Q w M 23 o L E o s S 4 Q 5 g / M Z S n G Z s B G H z F D E w s P 74 //+zLAMD+y4Ghr9F////nvv//98lQPOB5h0oBACfV2CfsbqXEQAAAFZlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA5KGAAcAAAASAAAARKACAAQAAAABAAAEPaADAAQAAAABAAACcAAAAABBU0NJSQAAAFNjcmVlbnNob3TD+LwoAAAB12lUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4xMDg1PC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6VXNlckNvbW1lbnQ+U2NyZWVuc2hvdDwvZXhpZjpVc2VyQ29tbWVudD4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjYyNDwvZXhpZjpQaXhlbFlEaW1lbnNpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgot8WFjAABAAElEQVR4AezdaZNdt5En/FMLd3GnRO0qWrIkW953e9rhmZ6IiZl+0xE9X2g+zkT0q2diIma629E9ttu75UW2tVgrtZKixJ0s1kY++ct78xK8KlJFmiIpCSBP4QBIJBJ/4ALIPDg4M5fCDd11BDoCHYGOQEegI9AR6Ah0BDoCHYGOQEegI9AR+IQhMP/c8y98wqrUq9MR6Ah0BDoCHYGOQEegI9AR6Ah0BDoCHYGOQEdgGGb6To/eDToCHYGOQEegI9AR6Ah0BDoCHYGOQEfg04rAR/3yw8zMzA1DuxHZ0GQZ8Q7HpfjHTZc5Hb5hga6RMWVVfFPdW1HuNUTKpPkPI+jpHYGOQEegI9AR6Ah0BDoCHYGOQEegI9AR+DQh0BoSWiV+XQzGxoYZhI3Cvy7tTYgkW10XL17M+2m2c3Nzw+zs7AeMH9N0NyOcxo5gtLa2NpBHuZOyp4wgN6O86+XRjR7Xi1in7wh0BDoCHYGOQEegI9AR6Ah0BDoCHYFPHAJlSLA7oYwJ4q5Q4ptatzSi5aurwkl+ExT/kg0/9wwMJ06cGI4ePZr3ZCSPi7v77ruHgwcPDlu2bMmwPB/lrouSiTxk2b9v/7Bp86aB8SWNQSnF7fnTjR63B/deakegI9AR6Ah0BDoCHYGOQEegI9AR6AjcZgQo662rcBkIpsMtrfs2XZ4Ru5tjYCjeyikDi/vV1dXh7Nmzw9tvvz288847adjYunVrykKG8+fPp+Fh3759mYZP1Uf+j8opY3FxcTh+/HjKeM8992T5DB+303Wjx/Wg3/4erti2tI7prmivoLuewjptR6Aj0BHoCHQEOgIdgY5AR6Aj0BHoCNwKBBgGapdEGi8uhqHAvzRkXE5rZSmjRBkUyrjAd01e8WgzXec9GeqcjirvzJkzw6uvvjocO3ZsIvPFtXjNJf5t3rx5YABRdtGTz7+PwmUZofvylWN3CaPMu+++m2UevPfgTcHhr5H9rzZ6tECWIFXha4WltZ2jDVe+O9qPRk1XfafC052pjB+Ii3aUs//tCHQEOgIdgY5AR6Aj0BHoCHQEOgIdgTsAgdJrZ2e8JnIpFPeVVNYZD7jSXadFFS+v1024ep2jDBXT9NcbbvmUjBcuXBiWl5fzFZbdu3ennMpnDLHLA90t3V1Bzw29F1Z33XXX8PDDDw+HDx8e3n7n7XzFhSHklsozBfINGz0K8OJ3vWH5pvMUrzvWnxgtxpaM1qDRCj2hG0deja7N0+87Ah2BjkBHoCPQEegIdAQ6Ah2BjkBH4JYiUEaLMmqsXVxLPZUCb+eHVzXqdY31BNu+ffuwd+/eYceOHan0yyMvfsVzvXzXG9fys2tj27ZtuavC2R0MCnZX2Pnx1ltvDSsrK1n2RN8OffTSzGjnyvWWu3H6keVD/e00uf/++4c//elPw/vvv5/GmY+l0WPjlf+YU15hsNBbxvUpw4Zw3WfSmGZCd0XixxyMLn5HoCPQEegIdAQ6Ah2BjkBHoCPQEfhkI9AaGC7Frg+7KBgVuGlDRu3wYOhwTQwNNwEiZRU/98Xf7g/l2u3Bl8bYUHF2gjB8VF70H9XrLZerGaXEDhMykuP8+XPD/Px8GmemMbuc59bc3dBOjwIvRUwdfwziWL+XnqCuo+9nWjQKdwWfjBn9uVrehuT23KprHIY7Fn8sbEREfdPycUm9xnWb0EVa4SC97m9PDXqpHYGOQEegI9AR6Ah0BDoCHYGOQEegIzCFAMX8CsNC6HiU9gN3Hxj27N0zRX05SMm3i8FrMaXr4XOFrnsTdEAqJ8NGOeVu2rQprzKG8Bk8XJXmoX3WrYQrBjfZrzqvrsSOk/eODUeOvDPs3r1rcJjp7dzloZo3ZPSY4BMAshppUP/WVkfvMQHbdTVrksZyJfhNh8g8V1gUJiXd1puo5mUXHbbCjpQZIzDqQtIuJ0bq5d59+e4yq37XEegIdAQ6Ah2BjkBHoCPQEegIdAQ6AncWAqWnkorhw3W9Do+/1rWGk0vx9F24jAsMGw4LXVpaynj6db2Gw9Bw4MCBNHyUSkpfv5p+/tfKWfnt8Dhy9EgYPI7E2R47hoMhx9atm0uEIrvl/vW3XokYyn2aOgJ4AKfhI7b+qFHde2+obahqoIqrrThY3oxOUaLdVD/qMHJ89avwyOSRFY5K5yaPJCy6cbbBwTcj2pvQ74tp9zsCHYGOQEegI9AR6Ah0BDoCHYGOQEfgDkbgZuq4NgiUHu3MDGd6eL3FmRnilUW/dsbHQw89NOzdszc3ItxKeMhBhl27dqUcW7dtuZXFX7WsmRCstPirEk0nVJaJsSNYVAWXl5aHpeWlyftF8kqrBmclq0a6vLPDVqLRSbeTHSJ/vWFsWuwbDDPtcF5j8R5XvbfCmDG+CsGU2Zaj8ZXQhl1pxneJy652x1QsZOquI9AR6Ah0BDoCHYGOQEegI9AR6Ah0BO5EBErvpknSShkUOMYOX2lxzkjp5PRturTXWujbPl1b+ra01EY/AlU0ZQx9mHx2nbi8zjI/P5c2APLMzd34Xoub0S4bNnoU4JNCo2IXY4sNkIFtew3gFxcXR40R6TOzI+CBLL9GqobasmVLnnDrlNvNm2LLy5i2GmZSzh1zE6f4DishDYOG3jIff0fGjEiIqFEPin0vEWAccdlCtCl810fQw4Jrdx2BjkBHoCPQEegIdAQ6Ah8vBOph4MdL6i5tR6AjcDMQ+IBevUGm8tG9Ofd11XhSfCtcerVwxa1X1HppxWs9+qvFef2GwYNaXGd40JdnnXcSuv7tdDdu9AipWZjOnj2blwNLGC7
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fe0176be-c570-4f2b-b9ae-c7023ca7b71b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-18T14:40:06.000Z" ,
"modified" : "2022-02-18T14:40:06.000Z" ,
"pattern" : "[file:name = 'C:\\\\Users[User]\\\\AppData\\\\Roaming\\\\Microsoft\\\\Windows\\\\Start Menu\\\\Programs\\\\Startup\\\\SystemFramework64Bits.vbs']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-18T14:40:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Persistence mechanism"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Persistence mechanism\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4acf48c6-3ed1-4f94-bea7-1b6fe801b981" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-18T14:40:54.000Z" ,
"modified" : "2022-02-18T14:40:54.000Z" ,
"pattern" : "[file:name = 'UserInterfaceLogin.vbs']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-18T14:40:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Persistence mechanism"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Persistence mechanism\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2c869f55-df5e-4fcc-bf17-62fc3863bb19" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-18T14:40:54.000Z" ,
"modified" : "2022-02-18T14:40:54.000Z" ,
"pattern" : "[file:name = 'HandlerUpdate64Bits.vbs']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-18T14:40:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Persistence mechanism"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Persistence mechanism\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a133c8af-bc05-4bb2-a36e-90b4af326986" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-18T14:40:54.000Z" ,
"modified" : "2022-02-18T14:40:54.000Z" ,
"pattern" : "[file:name = 'WindowsCrashReportFix.vbs']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-18T14:40:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Persistence mechanism"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Persistence mechanism\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3628809d-188b-4847-b6e0-35480e458a45" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-18T14:40:54.000Z" ,
"modified" : "2022-02-18T14:40:54.000Z" ,
"pattern" : "[file:name = 'SystemHardDrive.vbs']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-18T14:40:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Persistence mechanism"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Persistence mechanism\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--e621892e-e32d-42f9-afd4-92e58d53e48c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-18T14:43:54.000Z" ,
"modified" : "2022-02-18T14:43:54.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_comment" : "Scheduled Tasks" ,
"x_misp_type" : "text" ,
"x_misp_value" : "schtasks.exe /Create /TN \"Updates\\BQVIiVtepLtz\" /XML %TEMP%\\tmp7CF8.tmp \r\n\r\nschtasks /create /sc minute /mo 1 /tn Skype /tr \"%APPDATA%\\xubntzl.txt\""
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--8ab0b8d2-636c-42b7-849b-b0e371b5abc1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-24T13:02:51.000Z" ,
"modified" : "2022-02-24T13:02:51.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_comment" : "ET\u202fSignatures\u202f" ,
"x_misp_type" : "text" ,
"x_misp_value" : "2034978 - ET POLICY Pastebin-style Service (paste .ee) in TLS SNI \r\n2034979 - ET HUNTING Powershell Request for paste .ee Page \r\n2034980 - ET MALWARE Powershell with Decimal Encoded RUNPE Downloaded \r\n2850933 - ETPRO HUNTING Double Extension VBS Download from Google Drive \r\n2850934 - ETPRO HUNTING Double Extension PIF Download from Google Drive \r\n2850936 - ETPRO HUNTING VBS Download from Google Drive"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e69d8cb6-b8a0-42bc-8c6c-e029f4b5ffd0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-18T10:39:33.000Z" ,
"modified" : "2022-02-18T10:39:33.000Z" ,
"labels" : [
"misp:name=\"report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://www.proofpoint.com/us/blog/threat-insight/charting-ta2541s-flight" ,
"category" : "External analysis" ,
"uuid" : "71dbce6b-e0d5-4baa-ae4d-63c408ffbd95"
} ,
{
"type" : "text" ,
"object_relation" : "summary" ,
"value" : "ProofPoint's analysis of TA2541, a persistent cybercriminal actor that distributes various remote access trojans (RATs) targeting the aviation, aerospace, transportation, and defense industries, among others." ,
"category" : "Other" ,
"uuid" : "ca132417-e0d2-4bc2-aa21-d610314a583b"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Report" ,
"category" : "Other" ,
"uuid" : "7f8396c6-e14e-4388-b8af-9a4522f0a26f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b8f20704-a074-4f20-bc8a-9f11b9097cc6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-18T14:42:03.000Z" ,
"modified" : "2022-02-18T14:42:03.000Z" ,
"pattern" : "[windows-registry-key:key = 'HKCU\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\svchost' AND windows-registry-key:values[0].data = 'C:\\\\Users[User]\\\\AppData\\\\Roaming\\\\server\\\\server.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-18T14:42:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"registry-key\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9ae3bc26-f58a-4300-94ab-90458a50a139" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-18T14:42:40.000Z" ,
"modified" : "2022-02-18T14:42:40.000Z" ,
"pattern" : "[windows-registry-key:key = 'HKCU\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\xubntzl' AND windows-registry-key:values[0].data = '\\\\%APPDATA\\\\%\\\\xubntzl.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-18T14:42:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"registry-key\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5167f167-110f-4077-a9fb-241c1313b211" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-21T09:49:12.000Z" ,
"modified" : "2022-02-21T09:49:12.000Z" ,
"description" : "AsyncRAT C2 Domain \r\nObserved Throughout 2021 " ,
"pattern" : "[url:value = 'joelthomas.linkpc.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-21T09:49:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a7ab830c-17f5-4025-9117-7c9a00d43a2c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-21T09:50:31.000Z" ,
"modified" : "2022-02-21T09:50:31.000Z" ,
"description" : "AsyncRAT C2 Domain \r\nObserved in January 2022" ,
"pattern" : "[url:value = 'rick63.publicvm.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-21T09:50:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5342d9e1-7c5d-4828-a628-83921af6f5da" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-22T13:22:33.000Z" ,
"modified" : "2022-02-22T13:22:33.000Z" ,
"description" : "Revenge RAT C2 Domain \r\nObserved in March 2021 \r\n" ,
"pattern" : "[url:value = 'kimjoy.ddns.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-22T13:22:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fa717d-e89b-46a4-af67-555b5edd2dd3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-22T13:23:39.000Z" ,
"modified" : "2022-02-22T13:23:39.000Z" ,
"description" : "AsyncRAT C2 Domain \r\nObserved in April/May 2021 \r\n" ,
"pattern" : "[url:value = 'h0pe.ddns.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-22T13:23:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--88ad8d69-fd5c-4a63-b3ea-61e277aa6075" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-22T13:29:27.000Z" ,
"modified" : "2022-02-22T13:29:27.000Z" ,
"description" : "AsyncRAT C2 Domain \r\nObserved in September 2021 \r\n" ,
"pattern" : "[url:value = '6001dc.ddns.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-22T13:29:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5539b401-b3de-4a63-8408-8931221e2eef" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-22T15:01:40.000Z" ,
"modified" : "2022-02-22T15:01:40.000Z" ,
"description" : "AsyncRAT C2 Domain \r\nObserved in December 2021 \r\n" ,
"pattern" : "[url:value = 'bigdips0n.publicvm.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-22T15:01:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--628537f8-082a-4e57-a999-3ce83edf1916" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-22T15:02:06.000Z" ,
"modified" : "2022-02-22T15:02:06.000Z" ,
"description" : "AsyncRAT C2 Domain \r\nObserved in January 2022 \r\n" ,
"pattern" : "[url:value = 'bodmas01.zapto.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-22T15:02:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ac69b73c-cec5-4d3c-ba0f-d09d9c0f6c5a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-22T15:02:29.000Z" ,
"modified" : "2022-02-22T15:02:29.000Z" ,
"description" : "AsyncRAT C2 Domain \r\nObserved in June 2021 \r\n" ,
"pattern" : "[url:value = 'e29rava.ddns.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-22T15:02:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--99e898e2-c31d-4d78-ae4f-ad89da26a73c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-22T15:03:01.000Z" ,
"modified" : "2022-02-22T15:03:01.000Z" ,
"description" : "AsyncRAT C2 Domain \r\nObserved in July 2021 \r\n" ,
"pattern" : "[url:value = 'akconsult.ddns.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-22T15:03:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cc6b04fc-0b4d-49f0-aa61-2567aaec8cf5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-22T15:03:23.000Z" ,
"modified" : "2022-02-22T15:03:23.000Z" ,
"description" : "StrRAT C2 Domain \r\nObserved in January 2022 \r\n" ,
"pattern" : "[url:value = 'grace5321.publicvm.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-22T15:03:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4e311bed-a38f-4064-8de9-7eb32bebdacd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-22T15:03:48.000Z" ,
"modified" : "2022-02-22T15:03:48.000Z" ,
"description" : "Imminent Monitor C2 Domain \r\nObserved in November 2021 \r\n" ,
"pattern" : "[url:value = 'grace5321.publicvm.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-22T15:03:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1225baa7-e3e9-4d64-b0d0-140012fb4987" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-22T15:04:08.000Z" ,
"modified" : "2022-02-22T15:04:08.000Z" ,
"description" : "AsyncRAT C2 Domain \r\nObserved in January 2022 \r\n" ,
"pattern" : "[url:value = 'tq744.publicvm.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-22T15:04:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9d7ba649-2b4e-4dc0-ad58-fec05509454a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-23T10:32:34.000Z" ,
"modified" : "2022-02-23T10:32:34.000Z" ,
"pattern" : "[file:hashes.SHA256 = '67250d5e5cb42df505b278e53ae346e7573ba60a06c3daac7ec05f853100e61c' AND file:name = 'Aircrafts PN#_ALT PN#_Desc_&_Qty Details.vbs']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-23T10:32:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c36a2697-8119-46e0-b89f-01384eb2053d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-23T10:50:09.000Z" ,
"modified" : "2022-02-23T10:50:09.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'ebd7809cacae62bc94dfb8077868f53d53beb0614766213d48f4385ed09c73a6' AND file:name = 'charters details.pdf.vbs']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-23T10:50:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8962cf89-2169-4b50-8eb5-a365e15941ba" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-23T12:05:13.000Z" ,
"modified" : "2022-02-23T12:05:13.000Z" ,
"pattern" : "[file:hashes.SHA256 = '4717ee69d28306254b1affa7efc0a50c481c3930025e75366ce93c99505ded96' AND file:name = 'charters details.pdf.vbs']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-23T12:05:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8c5391ff-1d25-46d1-9435-77bcaf4418f6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-02-23T12:31:21.000Z" ,
"modified" : "2022-02-23T12:31:21.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'd793f37eb89310ddfc6d0337598c316db0eccda4d30e34143c768235594a169c' AND file:name = '4Pax Trip Details.pdf.vbs']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-02-23T12:31:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
