misp-circl-feed/feeds/circl/misp/5e9f7d98-9fc0-4e7b-9d54-41a4950d210f.json

1890 lines
796 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2020-04-21",
"extends_uuid": "",
"info": "Trickbot to Pyxie",
"publish_timestamp": "1588246053",
"published": true,
"threat_level_id": "3",
"timestamp": "1588246044",
"uuid": "5e9f7d98-9fc0-4e7b-9d54-41a4950d210f",
"Orgc": {
"name": "The DFIR Report",
"uuid": "5e9e5d86-5b94-4ff6-b07e-4e3e950d210f"
},
"Tag": [
{
"colour": "#991515",
"name": "trickbot"
},
{
"colour": "#db00c5",
"name": "PyXie"
},
{
"colour": "#ffffff",
"name": "tlp:white"
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"first_seen": "2020-04-17T00:00:00+00:00",
"last_seen": "2020-04-19T00:00:00+00:00",
"timestamp": "1588036666",
"to_ids": true,
"type": "ip-dst",
"uuid": "5e9f97fd-0f40-4a30-b048-4f81950d210f",
"value": "192.169.6.180",
"Tag": [
{
"colour": "#0ab4a7",
"name": "Cobalt Strike"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037120",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ab-f3f4-4c58-8214-b165e387cbd9",
"value": "51.89.115.112|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037120",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ab-a6f0-421c-bc79-b165e387cbd9",
"value": "185.141.27.225|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037120",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ab-2eb8-45e9-9f7d-b165e387cbd9",
"value": "151.80.212.114|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037122",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ab-cd5c-4954-bae7-b165e387cbd9",
"value": "5.182.210.178|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037122",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ab-9bd8-40ea-a6b4-b165e387cbd9",
"value": "188.119.113.60|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037121",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ab-6b80-4db7-8ab2-b165e387cbd9",
"value": "91.235.129.199|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037114",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ac-ed04-48b4-a56e-b165e387cbd9",
"value": "185.234.72.193|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037114",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ac-b98c-4218-ae49-b165e387cbd9",
"value": "194.5.250.200|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037114",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ac-907c-4399-855a-b165e387cbd9",
"value": "185.14.29.141|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037115",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ac-7f00-4658-8150-b165e387cbd9",
"value": "185.99.2.197|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037115",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ac-1be0-483d-894b-b165e387cbd9",
"value": "185.234.72.50|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037120",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ac-9e94-4a9b-86a4-b165e387cbd9",
"value": "194.5.250.201|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037119",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ac-1270-48ce-9661-b165e387cbd9",
"value": "108.170.61.186|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037120",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ac-5000-4479-a551-b165e387cbd9",
"value": "217.12.209.159|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037115",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ac-0df0-4dee-9c44-b165e387cbd9",
"value": "185.99.2.44|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037113",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ad-e45c-43c9-83dd-b165e387cbd9",
"value": "51.89.115.108|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037114",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ad-2c78-48e7-920d-b165e387cbd9",
"value": "164.68.120.58|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037113",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ad-5d90-4e43-ad7d-b165e387cbd9",
"value": "164.132.255.19|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037114",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ad-d2c4-4764-8a83-b165e387cbd9",
"value": "148.251.185.164|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037113",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ad-87a8-4744-acc6-b165e387cbd9",
"value": "94.250.250.69|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037113",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ad-3554-44cb-99bf-b165e387cbd9",
"value": "94.250.249.170|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037112",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ae-5af0-4ab7-80e2-b165e387cbd9",
"value": "195.123.237.105|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037112",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ae-3d20-499a-a120-b165e387cbd9",
"value": "190.214.13.2|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037111",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ae-f340-46d5-ae6d-b165e387cbd9",
"value": "181.129.104.139|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037112",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ae-c7d8-43f0-a1be-b165e387cbd9",
"value": "181.112.157.42|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037112",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ae-1ba8-43b5-a397-b165e387cbd9",
"value": "181.129.134.18|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037112",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ae-ba34-490e-97fc-b165e387cbd9",
"value": "131.161.253.190|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037113",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785ae-35bc-419a-aa37-b165e387cbd9",
"value": "121.100.19.18|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037109",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785af-c000-43f4-a230-b165e387cbd9",
"value": "202.29.215.114|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037109",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785af-0028-42d4-aa33-b165e387cbd9",
"value": "171.100.142.238|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037110",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785af-3cac-4f9c-a173-b165e387cbd9",
"value": "190.136.178.52|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037111",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785af-7654-4b4c-8f56-b165e387cbd9",
"value": "45.6.16.68|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037111",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785af-3a88-4352-9c23-b165e387cbd9",
"value": "110.232.76.39|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037111",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785af-ed7c-4eed-a225-b165e387cbd9",
"value": "122.50.6.122|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037111",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785af-e9ec-41be-8a0d-b165e387cbd9",
"value": "103.12.161.194|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037108",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785b0-b2b0-419a-9800-b165e387cbd9",
"value": "36.91.45.10|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037107",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785b0-541c-463d-9a3c-b165e387cbd9",
"value": "103.227.147.82|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037109",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785b0-5f68-4443-87ba-b165e387cbd9",
"value": "96.9.77.56|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037108",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785b0-83b4-41e9-b1fd-b165e387cbd9",
"value": "103.5.231.188|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037109",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785b0-db90-4684-a3c7-b165e387cbd9",
"value": "110.93.15.98|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 449",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037109",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea785b0-a078-4a2d-a148-b165e387cbd9",
"value": "200.171.101.169|449",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037786",
"to_ids": true,
"type": "ip-dst",
"uuid": "5ea78696-6134-4bf2-8f13-bf44e387cbd9",
"value": "162.248.245.71",
"Tag": [
{
"colour": "#db00c5",
"name": "PyXie"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037786",
"to_ids": true,
"type": "ip-dst",
"uuid": "5ea78696-eae8-4c29-b450-bf44e387cbd9",
"value": "185.206.144.40",
"Tag": [
{
"colour": "#db00c5",
"name": "PyXie"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037786",
"to_ids": true,
"type": "ip-dst",
"uuid": "5ea78696-cccc-4184-931c-bf44e387cbd9",
"value": "216.189.145.132",
"Tag": [
{
"colour": "#db00c5",
"name": "PyXie"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037785",
"to_ids": true,
"type": "domain",
"uuid": "5ea78875-5b30-4963-842c-c300950d210f",
"value": "teamchuan.com",
"Tag": [
{
"colour": "#db00c5",
"name": "PyXie"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037785",
"to_ids": true,
"type": "domain",
"uuid": "5ea78875-23b4-44be-a026-c300950d210f",
"value": "benreat.com",
"Tag": [
{
"colour": "#db00c5",
"name": "PyXie"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588037785",
"to_ids": true,
"type": "domain",
"uuid": "5ea78875-58b8-457e-8b3f-c300950d210f",
"value": "tedxns.com",
"Tag": [
{
"colour": "#db00c5",
"name": "PyXie"
},
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588038008",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea78939-329c-4cc7-a52c-e408e387cbd9",
"value": "148.251.185.186|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 8082",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588038008",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea7893a-fe28-4e1e-949b-e408e387cbd9",
"value": "170.238.117.187|8082",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588038007",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea7893a-f068-4ed3-ad40-e408e387cbd9",
"value": "176.119.159.147|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588038008",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea7893a-da1c-4f28-bee7-e408e387cbd9",
"value": "178.156.202.251|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 447",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588038008",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea7893a-3068-46a6-b465-e408e387cbd9",
"value": "185.99.2.152|447",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 8082",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588038007",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea7893a-a5f0-4b33-a17e-e408e387cbd9",
"value": "203.176.135.102|8082",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 447",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588038008",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea7893a-4078-4baf-aa34-e408e387cbd9",
"value": "217.12.209.176|447",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588038007",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea7893b-1d8c-4c7a-8b36-e408e387cbd9",
"value": "217.12.209.244|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588038007",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea7893b-c494-4ce6-a321-e408e387cbd9",
"value": "51.254.164.243|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 447",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588038007",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea7893b-bbb0-4af3-af48-e408e387cbd9",
"value": "5.182.210.30|447",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588038007",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea7893b-1348-4fb6-afd3-e408e387cbd9",
"value": "51.89.115.121|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588038006",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea7893b-bcb8-4855-8bba-e408e387cbd9",
"value": "5.196.247.14|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 443",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588038006",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea7893b-2f04-430f-860b-e408e387cbd9",
"value": "93.189.42.81|443",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Network activity",
"comment": "On port 80",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588038007",
"to_ids": true,
"type": "ip-dst|port",
"uuid": "5ea7893b-99e4-4b55-a759-e408e387cbd9",
"value": "96.9.77.142|80",
"Tag": [
{
"colour": "#e200a3",
"name": "kill-chain:Command and Control"
},
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1588245879",
"to_ids": false,
"type": "link",
"uuid": "5eaab577-fb70-4585-9d92-4210950d210f",
"value": "https://thedfirreport.com/2020/04/30/tricky-pyxie/"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1588036579",
"uuid": "5e9f7dae-9544-48cf-8295-40fe950d210f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIAHW5lVAMODUqYcMEAAAgCAAgABwAODFlZThjNjJmZmY2NDFiOTlmM2U1YWM4M2M1NzU1MjZVVAkAA659n16ufZ9edXgLAAEEIQAAAAQhAAAApDDgPfzLy28y//wUizUEEBU/52J91+Q4Jy4Mq+iXSG8pfG0khRRBc+C5fdbZKt2bXj58dg0R3C9htyCBrmpU/cmRZ01dOoadqe7wL57U3KQ+SgZlOXkryYUDKsKUFo91jYRzBgMCtVMhlV10LrXcHKhfsn89gUDoM8kwaLPb2p/LtuyFbp/nQgLu6qAkSk0Bltinzq+ah+MOWh00XHKg3JugeCTiggVUvYBC1FK+prr884bpio0AVJRc3yr/oqepLi/tPTAvfa6okWqFrgUqeO7cJa2vg1I/3B2+JE48TpmACRlCw4F90gSPMWCK6WZ6DavBDaQkiMxd0Pkrk3VK9jdf3l/WP3FtpBgtaNUEWlNEvUpOy7qaKhJ7xJKP+rH1t70XD0Tfaw8sDMIafWyKhHPy49jJX/4m1uirpiXEKtYgalba9ZzzfcZ1Uc8RPyD3IN3IzRcC35HRnLPyD9uDf2TPWdnOJeVMAtBn5/nLeLwXmyO8Frvpz6WfjsoLqWF3JmbS9TWDUMeJfEvT/p/07uTaHPjaGY52m5j+E1lYi9mOH6oQqCD2rc7NrBqvTQeAtpqj6GzaVaorG5gE9VSIWOsncvXmTcYDdfh5rQkAmoom6+uqmUE2X+LTx1T1RZA/Vw63ZuR8k9qZgfq9pbBBwPu9FYv9bQcg7jm51qmV23MW5yZ7FIXINn/CZzyY/XVeNz0AniDVisCA3/6VXWqmIBmaJIq1dyC1NnkkfMoTmy4eNJBaKXBiMskSTTvXiJy5TiNFxeL6dVwaJWc9iwQ7N7HBSbNZlKRb3PovvCyJVwvy++Xe6g2B7wNU9Nr0AA+vC5ptsSTTpfOYRAHgYeKCJsOWlPq82Sppsn5WIEKIVg+prXi9VT+2H8sqcdlMThm4y7Cmgq1aGvNtzCY5YmabOtaV/WdKKdA/+V31C2au60K9bXe6ZEfzifsawc7h24QAi5tOBzT/81Zo0v+RuRox3BPz6migw8fL/abnG05SWFhbPLfQmxw1xJZOukM7VLV970hU0ShZ6onwZLIi8/kLKiCcpjui7KIoZGvlFO37krDJnkakOq80dPn5DJQt8ElA4rY3mcGBxJs4VVL48piU4MqBCstF9ZCm0RpyoUXfTHJV/woXzt+wrbaeY5RDpw7Vf/IYM2/Qir02eTTqphE+M7GT+AkvPATqYyk9V6np/2dVKDaFkSIav1QujICDyC69O/oD5l9NFRbM9tpHO4m419g8bJnHnNURq80XBIAyuIPQN1jp4VqxnCeNIWgUvfQSBmJiPV/eAA6B7XVAhzN8kCODDVW4MPjVo8pwRrpvdqBcA7BxlxyTanDr/hazTTzjiJiu2Fk3+bXP5NVmcZFh8EUWND9GPAxWddLSq0PTkIw+23NrLa7csTeskLvRBu2O/9QBPpfYerd8c6lCVf8OX6NXt65ZCsCDp+yeBrhqyMDADKmnOkRlPm8pbCSFTjSkgA/cgPELWcwxLSokxxByJk/UgJ+WoCH29pPIIFuegmVOKsqGyu7TQKEh/KgYOf5U4cMValUep5CvA+npdjRJVJuvG0iH/pMrrObIxX7YY8+6mKeW+hpz4EBe9V0Mbsfi8NK0kLUQEvMj4bd1/EdAztrkUot4yX/vGJ3tLsHU2biCAr8lv3yBOepvCACcW5vB1LXl5nme0RPpc7ECdTuCI25PmicbEj57IOAJIGawoQuRJprKvuAmNoR8rUeBms9sn379Qi2zc8mr/DSXqRCtLa+dhjpM2WYFrmzSiX+gREJMzvE8jV5ndFjmQNSemp6DPgJXjjvMShLlaG83VRauFfHaLKN9sUCw1BZBI9rH3ThkxUv/Jjk9EnfEEgoJ8bLhpdUVhr9D55b6KnEKRNEl1TXBWkXceotpYSJddgzIUHjk8OatblrQCYGQw719q4MOK6DuMlwbQ61QnKb1TA/YvbQe8Sc/tbfNFac3QChWn5uey9X/i40G5rKjgJJDP4xfyq3t6+Rw57iN8HqvgdJ3RzRkWlIuQfm5/P9fR9fwZHquyox8o1qPl9mHTq9V+RT7O2SUm11LHu644aDcsVoaWh5+HAmUl4b6kN+vss/YH9zC43GIC6YglEKXyTebgihgxJEya5w7r0cBr+6XKMYSKFgWz+eR4wD0l5dxpCiEp2SfraTOPdzak4dcPWKn/w0mIq0KtZJMJ7O93HAP3FebYlnyNBt+Ru3Dj8ctbmx1v409YwttHZp6iDTv8BEomqC2lm/V4J8sUnza6JTg4cgDTUT/PXfAyDSdfHCi57ZxBrJmUFCTOTVwKVyKopAxdBqfnkmoszuxLqLoy3oK07wHzMuELKgEpsrrVSSC+GTTuB4aEy5tzALUwqN1floF6WmYmQ34ivGbIrWhVyWhat7YvdBN1j6c9KQaTH0Edav6hZBPIUWA7olvRNxlru2U4q1ZVhVb+6nTDW7Jl2BSPBdT0p032uLdIR3KdhryCZqW8V2keLadWxfjetrbvq2G92cJWgOoq9CYDmyt7abR+oBdb8nV56NuUYEn255/LtTmXiz6SOB+AcXvLnAOHLl0qLYFwI9alQFrRO1m+dK5kNh7Xe7B3FZWNc6BVa5LqyqIvPB9e+q7mvt5eBxW1K/j0yO4oLOt3u4+qv9BcEyRfBfcdd2aKJAoE4CMjz9kv2tiWVWK5CLrh2HMPY0XBsxkikzaLoGfJyKpg8KWMOujdgKey/TIvGNaXNMhI4Cl82c8aAKWV8UypOIhjhoLDLWXsEOowyIfZwzz87A/AcuNSm9WRseZnYp3TgttkYIpcwOm/Ubei7dPiMHU+mbVqyBLEEYz93ie2YWpt2hJt1VSCHQ+aojpLgBNETpfQIPM+UyrgkOfYErgaCJ12qn0WgP572FYM4zisL8CC2/qeBbtmL9FPqXNgaZSItmG5GFsBYh4XfrTMO5L0reGsut9Yi5zH7+KNx18zv5XxGmTZSewH8E9mQnYwex5Hj4gTndV96gpUEcN96vRnfUWjnSwbDgx3zl7Hd0Vbcm0JpMzCNDBSAwfokVFTxHqT9sJpeKT2mq7T+3DDmAy5/ZecYteV0Z/20CyoSxkOTYPxOHf8xqVn4EfMw6CXW/gRBfzMgbt2tLlJ1X5R/+ItwEKOUPwRrIl/kR43Xq+W4h6IOBf8AJrx70YWsPpvPlkjiMf9kPMu37Nb8//NzmCwAvpqtnWsVK8Lyt8ZtiG7i3o0J7MHL/FD9UdbuM577x+S4+DdILMUZ1qj1/9m/SxPknI0bXi6RFpsCB6sKLKp3YgMQZ+OHqBFcGR0CaWQ3FrIqGPI99NoyUZdcZT+vur+llOGtBCDoxEGQVRTQFDkFeSdVokfHBGy4LME7C1UOvfVmR8QRAtkgFhlyLba0Di9hAcEJmu3EcOF6fMbgTJfwKCPHn5QdUF3AB+Ru8WqRGe8hKncUuowa+re5BzT5At3WdLfFUsNkn7LDd8dme3sz3ZeNqznRaZeYQSYNrGBLA6UzIFETB/ENQnhaS9XOXniRVaK032+7denvJ94Vmwyn0xobv3jmnUqR/ekcOV2P1dQ9AzZgxqW4y6WJR8LWjTKMj2hGMlscvnS6NQdAvnIFRKborgwKuZTvZ/ceJWAkevP73zdnt1EQe7GPH5yhdL2JnFtxWQWkZ0+dG55ElUyXVXA70Hpok6fZuzWpFjYst0XLjve8JwEIpAuV9kN3hPHjXqgcdF9vMKrfZnLlRm5P50bgl7XWCK3TeY3JGrp5t+wu/SsWOaLaX7jaDnCXNfkPRgLXIj/eSw1t6b5IuigpFH4/6KFxkkxd+Bex+2OcXwwPL0fTWsG7GHJr0yqPoGXTsEgaLgKZtoIBS+Qvhwf9/pRwIb7jWKAB2y2SS2bx1h3hMzu+XFa2RKzhWGX63QbpUmyAE+TCi5flRcOYHmZM2WsmupHEhknmNcsSajVArTfKnTAWEZwtxXJIvNn/IYE8
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1588036579",
"to_ids": true,
"type": "malware-sample",
"uuid": "5e9f7dae-9454-47e2-a4ef-48f9950d210f",
"value": "dmndfkle.exe|81ee8c62fff641b99f3e5ac83c575526",
"Tag": [
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1587510703",
"to_ids": false,
"type": "filename",
"uuid": "5e9f7daf-ea10-4569-93f9-4227950d210f",
"value": "dmndfkle.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1587510703",
"to_ids": true,
"type": "md5",
"uuid": "5e9f7daf-9224-4ba1-91b6-4f90950d210f",
"value": "81ee8c62fff641b99f3e5ac83c575526"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1587510703",
"to_ids": true,
"type": "sha1",
"uuid": "5e9f7daf-0c78-4cb7-aa99-4b2b950d210f",
"value": "cdde976a0d485e91c9e304eeac91eab5b19126c1"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1587510703",
"to_ids": true,
"type": "sha256",
"uuid": "5e9f7daf-7eb0-411f-8771-4995950d210f",
"value": "4dc82acf2a736e9cbaa39b5decfa943177417ad88d995ebe7fba79d9d0579849"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1587510703",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5e9f7daf-80fc-4be0-8d81-4ec2950d210f",
"value": "532480"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1588036605",
"uuid": "5ea78354-c6a4-4698-bb37-69bd950d210f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "config",
"data": "UEsDBBQACQAIALwJnFCI8ahOUEMAAERyAAAgABwANDQ0YjQ0NmRkMjQ2ODI5ZGIxYjdiMzQzYTdkNGQ5Y2VVVAkAA1SDp15Ug6dedXgLAAEEIQAAAAQhAAAAXJDAYE6YhGPrUSsO54V0Ng8SI4RwlLQTJopEkezfNeG2eZgHLEmoRm6aNHxONU09SnmShWiN+TYXhWUQGYrCJrnfC+Ba4AWhPx4JEejOayaWUzQ0195eFAC5bT9Dl/D0qVWUvtGo92OGPIvNUz1Kwl86Gayv5QeGQBc7lxKZPq8w99UwyFcz9lAp4rg7GXKaJT5MpaqPrhjoIBgoTpQ88HrYRtgMVTjCEm8mqXOn16WhZGEIV8y/Vv8lLoPOfw8fpTkoP/Mjk20Xn/1MDqwbOmO/7hgut9jK3j3XzLfUJgCrwIWmrZ1AsdOH3G9vZx8HOQAQeoQJTq3e+djNBatiylczXUVTwg+d30ClOFpR4P0OBfVMaXzLFf7qzrGdhkmjB2fsmUXl0DMIZhl29OMlERtS4ngo/OxFA3ih8u03CylbgmG6gGCmCE/QO8/mB0BsBC44uBt4IrUZZ4jaP7QcBtTYlmwvZnhE6bTdkK/adsN+kf61KlBMsv/CP8zW9wHtJ3NzteX4VmNnGH7lwc3IM6C8GPJRyC1XoTcu7VOYlLgxL2SMoZF2gGdDoV+bXG54x1lgco9ATMiH48BaqYh+4ssruMBRHWfdL8kcJOIO8C+HplHTBYIN5onF1lwxXYBnYdCkSzJ7BDier8Un4bvW8hdZbQBM5dNRqJpIFnFYsAtzT6C6gy4/PcMFH/uXd21oQCDHzBjjSIqkPxkNy+rF8MvTf4FCySunQnOZx3UrhyyXfqvPFTTkFEvSNJnhrJPCfCDiooDb+5qt1JLSQT5ysUKhfVUsmgPhwy5LNp/JMZfg59yc1AAfWwXNx8lqZbWfymEhtR58HyDlsZhFlqgEg/dOrxLAL1yZR+oVR4ldv9BZ71ESMbRkbrAs05bbQdQA1zc24PetfqoKKWGP9GqMcMFxetV+LOH77sUCyZxtfzmL/kcwSD3znYKbkMxXJ1uIW+aJE73SRl4FkzM42IvoZotm4NIACFK0zoFmi7pauBVHMhj9Bj3u3xri55v9iSfcHspiQHK3j/NhcV9+Slk64n0ZVRn98NyEfhAA9qG3yC9ukrQky7dtSAliyHq4xKe828TNLB8m2AbBNxmNgVFhTxRUbPdvV8LyPxMkNB3FE3Hkj26ZKNm9LdsIdD94bno+ryxbi3PKJbiW55seqZRjLhgaDc7gYKRxMK1nvdIApXXvtec3q4AMI7Lbk7BD7XFK9+KDnVJWbGMfMot8PftQ6uwan7+cG0r0FDPguOhOU14zWPN5NZARy2qE4LVzazXf8iMAntpz4nfe6tonRHvTNjkfaas2kqnTaWxgXj+sOBQWpQZdhTPngMk8eIXDYmuq5TYGaRE5NuSaeODdzHsGAt3PjZQMTgUqrhjVg4gIUXklN8+YkJbiNfaqFj7VJAvLbHz1LjHYyd04JuSxgPKN+sB6iBm3VeZUktaRPREC5PqukPmxeaALRo3IFGbkwQXSgXvXQpJ3Y5Wwhskd06Fqdb2tBaZo4pMM8wuwjKrBEsGE9EXwxOxDzjlrb6f7TvhTYsXOoPnsA1MiOvTK8iolGPhu9jvv7Yd/v+rESuZ9HvMMBEwrG9KNminmjpgEIUlqE8I9h9MnbPmErxegYW9cE5Lt30nJl/KD8IkGvgxYbC8hNJy635o8l3xlP3bsZm/G76jmUlpnVs/vO5KwFHF1HBdrjEjNvwYH7Iu4uqlKRb1uk/MHmlFBh67R65RGRYoRcQ/Hmuv8MzezDb28jqOHumRgWjArEy55quZ6Aukz+wttvnJ2jks++ueDKqn4nqNJKLSy03M64eaAcqYCwI3GicjPuLG5tM9dztzK7Fv9dwSoBiL7+qTihnmFrHK2caDRAdFOJQuetWnYh+M2xvDPEvScwaO5hXv4rfurX+hNroeiGKWaHu2rlb4aGyB+kluf+qVNL5tm0pcqc01mbLAVjQWQcu9u0E202Et3UpgZKXQdPSy9uHlkGerIfCqEORyQ5JpIB8P9O0WfJq22di6Q7j0NlYZ0gQARPt2Ha4e9x2aB5VP3Oguobh7fcJ0NyfIpiBAyC82TMitTQqbesZUFPMKK5uBFkScjt5vU5HTmc3fxiPOViRzEscx452ZVSOmj2JT7ird8Ac60WygRR0PTVoKbUYehbiJeA/LQI+agN4yepCjqyiOc1Tly5k8izOlv8ePjID0zqEVwmPi4H6TihzNoGmlg1ppAmlbI2LtmtWvyqNNgQtPD51BlvV2Jc5kZDVHj5LKDGhXK2Aci7gOtzwzCfmr5KMhKzQhavlJJIO5PfcqXbSdsWb5E012o4uZptTOFvaWJUO496+VecGxrbYOnkEHvHd1J2ayLT57+aoZuWdTmT9aptv5IzRETQuVyRZLWkU6fsS4FgPG4uIf4tiJcxmPwL5YSbLbpkF40KPK7FMcPbRGJv/Skj7EZggOxZhqP6y55O0wch1WCbmpLteEvmy7fmNAaybbfMIwlez88ZKlDRQ/qBSsdjW3SKKptoSOTIBEsRwlzp4qoqmc9kWS09G9AwATIkTEP6eFvZvqIi4PMxut6YZCXqRqPb6H54mh8Tc2wC8eG9N2oQKsz3AJj216SWnxKT5bnUS7NJDj2D46RLa4SpzUIifJW+uKY8UDcF0zXm0fALvS3MFw4xQLkGlAmGrCMSaNSEPQ4jVWPUDe0nHSzKnVtvmMGM77DXP3qVfOai12HHLF2GJ5ArkF/3wcWa4r3vmlMMl6zTHBtWmaKT6swPAVRhD8z82QLpx85fCQul28f3qG8T1pXODk7rUvgGqzpVtwb11iSBKaKeSCpN3f1uWZ8yiUxKFAUIJh7O8GnQEYruMvPnTdmFSFrF2QeuzEPl6sTXQ+Q4rI7IRQG/cFLa2chjhqcFBt2HcgrJGLyUrDyQITcaUKBUbaXgQFF1nMpscKNeTPU84V+SEU2DOp+RnROhRV1ynfjXRBxLLGqYiMEPwH0vx50HHwkFwoZiuYVI81pbGVWnS2qnCkxm4EcEPxb3OWz5fK5sX/7qVTuIVUDmZih4JV+AIXQlXYgD1GLET8xnajv8BwYAMRvQpjbDrxENWA2T0WwrQv3Rom7kEj51ZQ4qGHxlM0OYvYHMwbr6G88Tpm4Q20mmSk/0gl1OlnWe8Ccj3qhyfCbf/iHutDw9tSg0pRBfEInzxagmS7qkH0qN2VpYlSzdIl8vqzFCPGZUEAlaOXfn+jUn0t9d7tCVDB5x7vG2p9oVbjS6LvIkqJnk8WY54MyHDtsk0AdiXXt2fJPUxRlj0kTjA5h8qA6CA4TByxqTQhfbltFx5+6sn4VUBi3DMLLTv9tHA9eJxNGZB0zZsTdOEu7iEJay+/2Ova12JZ+HfkCTYfPYj8InQZZaFVZZbtFT7IfcB79hOHiwFi0+8GtIU6Q8e8irezoR1M/r25kwwSIVC9dYumRwYBLkQVDVBNBIRkYDR6JB7IDFRGenuQvuB1j4kcE9VxkUFVvvB4QIKaMsHUX5cSX85lab/aSiNYEghvapl1Ull/viVr+OHZmf8QJyy+5pZrxtiB4vaTMsfVkHQvQMNpHCuKVYbqR01RHnvaSxzDSrNRPJbfMIQnhGerl5wU6+86HSSdrO66//c61oAAIdpmblOMircQn0NAWUu95fPYiSGZCjsUk5zjfzQ77aG12RglHic9jZqrdHIArAT/1PoazmU/6dTdZpdDHQ/eKXA0cA7tn9G1ekAKNsU57GhSH3It2+qhczH4/vRbdw+hbR7VWPTexsAusDsB8yOFPbTFcZBOkWYM4mP6MtOYbMbfe+GQYcUKT2OCUxc3+nIPm7Pn75tpy1mdPILQvlgDr0Js/lfFn7p2+n68KG4laRNjfjsK44KnuWjbauVTiapY53+hXyL9B2pUgvju9HwS6ETlKlaKHZFSEfrss3G46U6HjGCXg+wRKnkzKbCN8EeBci4Wt3NTcmk7k27QgSXFU57
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1588036605",
"to_ids": true,
"type": "malware-sample",
"uuid": "5ea78354-a324-4fe7-99af-69bd950d210f",
"value": "ConsoleHost_history.txt|444b446dd246829db1b7b343a7d4d9ce",
"Tag": [
{
"colour": "#991515",
"name": "trickbot"
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1588036436",
"to_ids": false,
"type": "filename",
"uuid": "5ea78354-f088-46e3-a248-69bd950d210f",
"value": "ConsoleHost_history.txt"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1588036436",
"to_ids": true,
"type": "md5",
"uuid": "5ea78354-5a58-4817-acaa-69bd950d210f",
"value": "444b446dd246829db1b7b343a7d4d9ce"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1588036436",
"to_ids": true,
"type": "sha1",
"uuid": "5ea78354-e22c-4986-a8e4-69bd950d210f",
"value": "97a481c07f8ca2346f5167ae2ae0d992a8fdebf4"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1588036436",
"to_ids": true,
"type": "sha256",
"uuid": "5ea78354-1424-4614-98fc-69bd950d210f",
"value": "199969c142a625ac50364623ba43898f3db4e4ff3441f93911717ce5cd68bb0f"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1588036436",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5ea78354-a194-47b8-8c42-69bd950d210f",
"value": "29252"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1588036645",
"uuid": "5ea783bb-2a1c-48fd-bb79-4b76950d210f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIAPQJnFCsn2t4t1AAAACWAAAgABwAODJkZjYxMzQ5YTkzOTFhNmNmMjM2MDQ3Yzc0NzE1NzJVVAkAA7uDp167g6dedXgLAAEEIQAAAAQhAAAA/ea4nIfZnlP4SFocS/5x/7dGIB9MXE3Z61082ouHr3VYF3JaFWVpKrRehPm9Ddfqavmr5Nuf/L0g7Dqk8D7rfpEB0/CdV0IcZ71bW3E79+fnGMfQJrtdLQH25paFX5quZAOZ155K3BDX93tCCyNFVDgPSpq86Gp/Q+12xVMxA7kYpgKbnNVy32SQSpR1LmUEDAi5LbiboOF861XBY3mCFZ88IDpmMwRPEr7VyrAfefIhPNhfh5BYCbsHvDh9Ovrb+Hs8poU7ASumINFTwtDrLj4wSugEuwhmeh+9ITUgaAi37kX3WNpy9zOVIrniMNxNYJNADhjgd/6i492jPmvBMvHqULw+ST35j01uzNTOy5K3vo5yCN5mC4pNhsvjqdL6wAWidav4h5P5yb5hjEbgG7FPzs9RskupnEMbu728cxsxTWX7F9evVeOqM1YbBa/h+MxRaA6P2R69II6M8h7mU/yYqz6El5/bSeTxKnO0sb1DyMjetB5KKPCrT3BaZDAdylAvU23SScpQFkNwoEPfjaz+Ou+uzKAXNAlcJvkXJgqig2/vGbQ+ZwYEQZIn9BCPS6BVn5aGWiGOsfThyuvaPUvBRVBcorPBAzk0ujezsPNZ1BgkOm/oZTk9VTN+TWXFcS9N1s2M0bN8UYQxYc+n5TtheOjyISlVdSwlyKtMWKfsF7cSjb62q+jjyLvi4XgvufPeCjSzTwgjqjte+tKMiODVcLj2304S+z1Thqmz/7Ej15h7ICE0EngpZIQ3H1GPz56k8I6ou14ACrqWjLahMMULI+YYoFA3YeXwlyrcv52g674ub8Bn9aXuNd67G2uCuSmsTsdSnPZx7YN+kmjb1yflA0mDVC9eEy6GLOiKMXt2DnrVghAThgOBjgq9VEM4U9lOD/4hGy7PLX54DOH0QnffBH8wk+c6/0yy0qD/H9TrXuSAmsT9WWvlPgzfFfAh3MaTtg3odH8w7R9QBFqMarQ28TdMJVaeDOkiIHHi1xjpfKQXgPGNYDjKB3KmonCaExySDWZvbuGnta+Hl8um8aBfF/POPoHX0E3CAZVqsdg+EOGr5YdtIRCjx4zwsVZ4+CvjgC2YKgrAcoddAwGxl7nyjxoKPcui4QifDX/ZSDhCTQRp24e9UJEPifPZwMlh3HsvL0w0hLkjZsfruhK2F5eVDsIE0ApuFTU/yfRlQxm/Ktxnw3eXqaKMKyq2k4eFwqyl64dHhZE+EvhILk6V4GWUnJvuxD8s4aaMt0vu+VyXkCu7W9o1kSxq2hQm39VHAeSZfh8N3NG+/R3vmdP6XIIQ/wQ7Nmdf0QDnm7QjuAqoiYepT7IVFhV4U0PNzDepo+0yrr/hUpLju/Ry35oR46cpuJdLzSUjWShCXXkfmktNrbm35jwuKDPJZrPC5KUVFFTYy8PEExqAN6+1OQGFNPivBZbElnuMYKH+GnfsAs17jIyWkXuhGShkW6A3wzK4W3XUkD0priwp0mHVDlXKX15UwGm/nHipElIKwjDOceN59Twib6YhWpDslemUoUhn4glZ74r16vHZZN5TzufveNO/qEise/gInMBdZQAuLlgwgALvrUKkXk5PvN8Aw81ezezi8CcMg2bNrwvN6u185MHT7CQtDW82Appd3BNTBhCs5wvUsG+AgA5pHa5v32dQEEG5bt/UnfIfLppuYFRFY7lfee9VQmXl4E4w6ZCjBzeUvJYmeybD5dBbRqTjScWgdg4AsxnSY9umj+f+l2QRqNCmHKdlYIkClnbvUfoGe9EXcm04LfHFpMRl4cZebHcPJ2RdRu5MT5j3cZ20dCvbiFYwM75hsdgVbIaubhBk2CsfqlhrYYkYsKsdzIvbMgM8PTjuL0c8gKnV3PQA6ZBdMoBC6U6h6t+7nf3fOugrgQKdamNli2zMRGv+SxGnucgB3OSJqdX2sCyg0JoWRUdd8rlsXg+JE/ZPwli9cn6jwbg+mcs16ruz2Gs/jCvVKEJDkUEwY96CI9+QI/QWwstT7vtCEeBvHVEg8Kj+iGirp8tYi0GVVi2a3LAkgnKTokP+v4G4KgXwgHwD8kjdDvjZ1JDhUgM2hx3dI2DXvd6EVvq/om4zSvl1aGsuO6+CdlnAwrep7/hQsgvzmHS5d9sM8LEr3w+NkRVYnmg+RG71Nc90/t54TKVV8tXkj4EOrJH84XLZ+zCuvPJw6osp2dreRpRHCa4ty0F0QeHyLtvZUPIBuTK3mYAHSPImpsZSWkB1ong1956eqgPXY60nAKDf2wp78OhN4Y1fGQf/54UKCtyeBaI1lbXGe2OMLHCFUTobdDdF8yJTEXyPHZ/hh3oDsw1I8nHHO4jhRuXmVsWFQJHTxox95ejL2Sf3Tcvy3HZcvsI5bTO/wsdMdTvFa+hwoaHRy+q6q6k94DZvxjhF5dZj8tfxX0W8UtEnbVAXr/EYmhgB4rCY6IPkfLJKOEXyVjAzjZqEy/vLgFXupmLSIMhm/+13VXilPU5xquO37Ykc78pvOm4fwd2pjl6kZjEJHlCLUT7N0H/07bCUWFpTa5q8yEPPZxvdBFQ3rkvLPNNR7M5CYszYaHUFyQ4DwEbL6Qsom3NKkHZT/Qq/szmmfQjuL0AOMN7FipzKEhokCbSumMJb2qtmb6mZg5w7ckIDaua+3ynTYkT27xr21/A3zhiIpr2x1XzgiVbUVoXO6xYxKxoTc0aBvkbGjmjH7HkNrPyso6sIIBUeDyPMCTSMawVWQ9in58ex8yv46vs1lk7fVNHpxGkTN8DNfnlpZnVoOo8UzZjtqBQgPjx5tZee2x7BWP0mpHWTMaN+C4r2gZ4D+vwW/OIRIGBQJZQ88UE0EF+fqEUYZm9NFoZsW9rJR3EgNDrakr+w+khJUY7M9prmEwun37AsLmxaYLJt1fUIt5XCtVRNbu8jbqqlLCEu6XBG3yInFNk2CwAxO9xaK4aDXTf99F5TVt3T0EuU393B1WQKKlB7CCrEQjUl4bINjcBcW+jEx0V3O7k3loJ5PPZQpEEslQK0+kazH9f9GyRqSOiD4QKCehLeuslgYOh3EOc2S7NECqw5YFpk8STsJaMey94Pa5GAafRUbRdbPO/frTwLBda+bivNd+em+g7IiD9XBuB9pU+wxWBhRG1jWR88zEOpfRg8f62bFXBAT5uqEpR9Umqc0QuD/Qev7jZFyKj/+q5Bqal/FX9/Sl/vXM9K5cxZzUj35eGuRyRDQmcm5M7Qw/oHkaZ5kWlDDCDracZf/rgIOdmLOnF/yJcEhLsbDqH1azSz0LtkpG8PByq2NrBCrlUUmW7XLFPBLIdg93HmWWM0y6A+22xxXxvRAeaV9TqDOxKNRFLlfWHHaY4//tdoTZWd1C/MmRaebAMIht3IjLkaFhSLni90F12ZKNswjL5pZV28rrpYnLcreDm+6P95T398+iF1YXiBRNQ28tAEtW7HgWx1NEA+KaAqyNKgpL7g0CLcLrKKt8UGLB/SYVJllyTWQ+Z3+yX5ikzegiaIShFybAo/u//3J3/mH50yqNm23GThN4F+6jLf6TJj/RZwZ1SYWzZnoLq75X9xPCsVV3gxfa4zKHa8oPqCyyvXFkJhFGn07Y82NADXTv+XMjkM42BuD6mle3iOSJ/C2EOwt7kwrWkPbuG77s3sWwReAPcMqMK0v+2g92t0ZJuMSFveU2VQKL/TLmikh6GxvL8hDDfBnDJSEDZ3TTlB0TegjoI6TszRY6vKTXHHSSfJTj+g4NaucNJkEjyxN1PehV/QyIsUCPzP4T7w23bdsOydbjMjrBjHza02Qlul9WbrgXCzuJGKToiho+lUVxoR2zCDDroewBsC+5FOv0Yh2B12qB9QDkqvSqo7M15BHb2uNmodzSEF7d3JHFJ37DOqkP6nxn886OwENa/oVHMJ+e/NSQgAN1efpWJaoBZ9AwIiQ5AZ/4B62W2x/QdAQpfVJFEYFAFq/V
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1588036645",
"to_ids": true,
"type": "malware-sample",
"uuid": "5ea783bc-4190-4bac-9e72-4b76950d210f",
"value": "LMIGuardianDll.dll|82df61349a9391a6cf236047c7471572",
"Tag": [
{
"colour": "#db00c5",
"name": "PyXie"
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1588036540",
"to_ids": false,
"type": "filename",
"uuid": "5ea783bc-3c84-4dd2-98a4-4b76950d210f",
"value": "LMIGuardianDll.dll"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1588036540",
"to_ids": true,
"type": "md5",
"uuid": "5ea783bc-39a4-4f2c-9f70-4b76950d210f",
"value": "82df61349a9391a6cf236047c7471572"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1588036540",
"to_ids": true,
"type": "sha1",
"uuid": "5ea783bc-2a5c-4a29-95f1-4b76950d210f",
"value": "b8ec908cc4a0e8e406ce5d100a8f34a10fe3d064"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1588036540",
"to_ids": true,
"type": "sha256",
"uuid": "5ea783bc-69e0-4c19-a5e9-4b76950d210f",
"value": "80bd15267756343f028cbe77afe810068b0e6a36ce32f52be63f620ef5b5ed89"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1588036540",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5ea783bc-a214-49e9-b08a-4b76950d210f",
"value": "38400"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1588036806",
"uuid": "5ea78453-1750-4d7b-9b04-4b38950d210f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"data": "UEsDBBQACQAIAEYKnFAp1AJVNSACABAgAgAgABwAYTgyNjcyMTY4NzU2YmVjZWZlMmRhYzkyMzRlZTYxZjZVVAkAA1OEp15ThKdedXgLAAEEIQAAAAQhAAAA9KNgCRHRA3olicKA8eM1YzkM8cK6Sro17/OkKydrygJTLYlOvpal4hljPDNZUQqbuvI8CZlzOIMCWKWcmnMdNXXxIGmmVYn4DUne6AAReVNCp8JbinhChV1XAVJS98N0vnm+P6LeTi/ZYMyz8T5bmXPBFzr6t0RCHjVLKrEMDE1xbwwdAR2IuhopKwm9iXmMcmjnJKY4TaTe2RYf6YnYuIeC92PCifaJDh5H9ItSYpNXXuSH/iUTPy6rbJCHYxql68bjA6Z5yrHPd6DmknRd+BsXzdMzJqtenCL2jD3DBaoklCKwlZzSPdLDmRCokd4Tkwq47TKnOTs7K5Zw8rpvP4eBB+eXwj1pwLhlcKbCanOk92etUACMwyqR+O5WAK8h/P+cG4KdY2VblR0/ozonAoOLa9YYDf96g0KVeLJIwjnMUTtrtwX+D7Z6l3gltLQr1cfxfmjcM79clyiB8iYpbG3RhlSh0aXpeFANdEuNnQjyywUMmJsIp+5Fut/Y7tOMRxZLhD/7Y/M74BYLEK3OvJOlOgxJ3ykjofMim0ktW0eCxrVFBiiJT+op4tKWQZrkOBIV99vpjWZwgn9Z6a4lrGPRF2rZDqZDxa/6B+3W506gjzazxuDe5W1coB0Q1zYAH6DLuZmpzqGAxhBYUoFTjhZs6oYxMwoi+CGBpSLAcS9tU8OnI4HQ7xahnNr/AdL+Y1suksTg+vtuHdL3DmovcPm+jA+vkRCfQzw12tooP2K3eG+D4hHrlOdbOSvkvqGxQhUk8jY2GwDJ8T95jd0/d4LLaYTIzyawxGfWEpfWp8D5/o1OujmYHCEblXk2fl7KM11aqDTh2W/Oene4088CzX5+11n5+hoOodU0btHfxyf/A/YrTVBmysroAzqNoRYDsPjOwbEJBXd4nxbrTqitKuAZW0fuaaoabg3+bv8ObtkWG5K/6pvvS3C93ShVUxbN12VByYPfAzx8Nss+6TX3Jd0TKErynZ4eycZhZSHvXi2tWRy/UMWGRXgMbjKmW+gcBHxrKzFSmSf1ONzv+qRStySB8J/mGV9ZsURza4XTRYGvdUGRAKNEVZ6PuNtRW2KxIOKDGsGPwaoZymAwQCj+clY0W3BYd+Uf/lY+OSyz9QSYmw2jYAtNcXafO3HwuBP9uXWDxFc4FW5f68upKb9R7wjZJyCtUKI1QNA4WAbSJ/NCxoZeCTWvO8hBfbHgqkL8w68xV2gPBTZHfu7lqpbXE28RsT7EzwTz7hNWcJPzqDlyQdxd8DDDcQReIQlgAIJ1NJw1gbO+cDyjjoktGNO8oIVwBrFZDHX+X/kgH/Oz4+GXPSr22NnOr6XXHWt2HTjpMHV9UCC+CdU2H0WF5aD5robBdQWvLVvaMtsWoqVI0IkRNy6uS/8QIjUyZVWThtrYa5rJEY/4Uunakc8UnHcyF7DOCYCeuhdxJiBnKLunEO17atKnXdl0XOf7NfgGmGGAl6sov/pV+wuKW9OhTUKySdK5WseS/lJLT25tV1gu18YipcaNx2RKBTEFJKQpTDbYKoA5HArR3FYHpsT7yU2zI/c1JZrZwETT+fMYYJRhSzqxDyC0WpeI6Ljde83DqmLNmN97E9y8SNPvMPteGdHC4V1u8AIwGAwMrg4smOaoN9H9TwdAHFE5dL7ZKX3dCTwidjZcxS5PUiRmJoEoCz/4E/n27HoISfMZCqWhCZYSoyns7JHvOy7wEp8bAky6e5YrNT2d7z/7II8MSdwPOBics7+U1FiCpgrFdHMs8YaDX+XxcBC8LrHAlOFU+tX8Fu8BovjIlzgPLMGcVQTeJvC8tSnQmTR8HNPUb00XeziwLOKVsczi4UyU9RotP0Jh90xNDtax+9ocLYAOCqKCERbVUj7cVUF6oub7MIaCz3sBsYhsk/WAnoENjPxervQ8clgmnMv9Ko66ZbTyJdKQJYvj41oXRxahTKVdjSLIq+wtHwO1jXOLIqiDatjeuV5rcSa/JtkscMowSwRDaKBhjUY5eob3grNPnL1EdgTq6yZncgp83M2/XSlqRh7IyfJLoh+whuXQU5DL3ug+pXG363C35XcWCqwbb5cf7+rwcOQh8LtqaIjetzTwTQjIO8Y3mp+iLu1V3BTOVslrZAG8UA26w2si5Tqg03PE1pMboMqzQilvsWrmTABnzeRanZSIN3XcJkvIa2utEYyFAIJW0roWGX/B5FR5nm7iSo0DvWS2dbm7yDnSNEmxiN028HXf64aopcbZ8gxKNtHY74FX13Qeisd0/c4WNuefy62ps0P/ruB1ZebKNWbE3mJajhE/1j/Yfq9+4JvsibKbqii/5u+e/+Z9CoBMlJ3X5H2R6r5lBE23a7fzqpneiD4xn+rL7ByQpFoC0b5HQD2e1FOfl97yrkfYAvsrTRVv5YM8/RVzjYvmLivC+0DnQls/UItm0NI2wyFvA8atoLmXjDpmHpfc1hEwrTj+7lW3oIiRc6imDgVzc/Y9duz1EjujEUXAAgKz+VQ3Vu8ABUpvMbeBoCLXHetPQ7vzSNSnfcd5Fvj5eWVQ2hM5z6eDrn03lvKFZmfeyR3hnZfz82jmyAA6AWje40owyhoCvprodFOobvJ35Skry9ND92wPXSx59pDE4U3dVbXvHEC0h2BKCRpgffJmcpd7HnETxpVR6qA8b8N4ortrfErIiHBXotgcUoIa0cMxf2Kh60MKgXWqxee/EI+ef+T6bfZS8wOmQ2rsH0Yqhbi8/1xgcQTxOcWM6HO7tFrl8mIHQztRR2rRhwLtlWOZWlbys/KU4+0bGSoY8YQyjPM4GeWnjqfL2Sp5RbaFr1xJF6gYEvMGwFQJs7B8dqzJp2Ic0krkmH6R330iYZ4K6wCDiDU0qZqcoyJvNI5Hd06j0zTRWTuqZHHVaDAQKIN00G+/bTYY0R8a/zACBj52tOupIdUTWyIUhOKN+N60Mfk76JsW/AzowhSwsbpo4iXtDGq4R9KXjwhstJUlcttbRb4pkhfmuu5xEUz4QJtTAirO2m+ybeJqGs4kZWJkBgjZQSVxPIS+lq8MAbuvqgb/YPIs78EIcXfmqPYrTb/O+FZYF8twt3pUpqhTl/Pfo5ORqrpEEB0Pj4UGwQZBE8tys05jnkh3x1vj9zoA2AGPbAiU4EzbzNZMHrjxbQW/2b2t04ipUApm6DkUhqkdsy5Mdd2BDaanXFXAJSLib1FB6AgR6Y7Aw5qvbn+SU7yL/ka9Jz3cScfErX9Rt6jT0b29uTuSVcyOATySQUVxXj2w4vbPUAZBjcKbfQ+7kjKQJ+e2wnXb6HzciakFKIPMSRjhAKzBPFFwxUGFejAPRGaRLTQqCrPsnIFFRCcoswmooWC8ivOHxV1hwPFY+GyJlAiO+KzfxNlNTT4JFhfe0qDKAggK+9+2v1oFXCy4Wam5vm18SKASqa6eaAc2bNNuQSekjNwVlAvCqzws1ifYDXj0+SsuVUx5HAWZLnyH0VhmMn7kYPl7lw2Z+5RHiYw7IHK6n7RLMhH1dE8TzWRoLAbb5UqmC3p8V9vO1utOV3ZC0w0hNwNwILf2Wsmb895IeevlslRFkT/L+DZ37QSAivuJrgM3KN1cSVYA63D1GWjSX7F0v6djsEjJtjUr3OaqDye1kf/YDoex2ILvZdXIRCillIQ59hVB52fdOfbYFsFW8O6/EqM9aKIkxRxVh5T0Sr42dSHgbCClq/CjPN5MIPsGtf2U9KP6+P/eb+2VRdwjo2RBDSSxCxcjL6YkYy0eZM0wLlw3gk52lCxcym3+e5PzMRhxGA0scEfdqf7vikVMJKfREG4VT4SKsbj3czyv9KS0XehNRSVcGwy4riKDiK5BJgseBc0Rj/P/97/BzMeYxPCOPw/X5vkEfCPz24uEC7nsgbjHTv+ceHb3qEkNO2WimPANhLGXE0bmlC6rz70lvNRopIkkBhJ+DG63ra0mVHR/wAF28APg1B
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1588036806",
"to_ids": true,
"type": "malware-sample",
"uuid": "5ea78453-1fdc-47b3-af2e-4b38950d210f",
"value": "LMIGuardianDll.dll.dat|a82672168756becefe2dac9234ee61f6",
"Tag": [
{
"colour": "#db00c5",
"name": "PyXie"
}
]
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1588036691",
"to_ids": false,
"type": "filename",
"uuid": "5ea78453-fb3c-4a66-abc1-4b38950d210f",
"value": "LMIGuardianDll.dll.dat"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1588036691",
"to_ids": true,
"type": "md5",
"uuid": "5ea78453-d614-4950-b5a5-4b38950d210f",
"value": "a82672168756becefe2dac9234ee61f6"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1588036691",
"to_ids": true,
"type": "sha1",
"uuid": "5ea78453-2bb8-4aaa-a0f9-4b38950d210f",
"value": "5bfc42ed380e5b9701ccaec2d2f312069ef4af11"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1588036691",
"to_ids": true,
"type": "sha256",
"uuid": "5ea78453-cb50-46ed-87eb-4b38950d210f",
"value": "39646dd3bf20ff74415b806cea08daa8277ccc1bb7da5df4c5bd4313ae5cd697"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1588036691",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5ea78453-96cc-469d-91ca-4b38950d210f",
"value": "139280"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1588036787",
"uuid": "5ea7848c-6f44-4c88-b135-2911950d210f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "Signed LogMeIn Binary",
"data": "UEsDBBQACQAIAGQKnFBFBJG+6i8BANAvBgAgABwANjI5YWEyOTZmZTRhYTY0YzE2NWI1YWQ5NTRiN2IwMjJVVAkAA4uEp16LhKdedXgLAAEEIQAAAAQhAAAA88ZhfcvkT/tRuI8MyulekfPrp7q04XDXM/rVHI39LW+nSnFx+1jy17dw2Aryz1nj4qFHoNVgrmoeJR+ibzCZriRj/2JU1fX9FFOeccJ2+Iw84ltJw6vymY9jQ7cFXtXcn8VeMP1GykLZ8X5n3izTjvO5TSZUD1xUUX8sMUSEf6dIjgYXSipGdlhzWInjOBV2oCn0/HoxweE9wlrFHwSmsQ/d6FcJSRibx2UVxrMfS67TxyGFuzfiFTfq4X4bmg+xqApN+9VkGeaMjPlQCeipase9IM0EXfDRzgGygQHRaCMS2PGQY9b2tUi9e3ouvhrQyPfnPLBcry1nVfXetpOGjUpiQIFRzyKp/rpR7FSTT9tP+Yb133mHvaMwmq5sz5I2av/aBCT+bQJ2wfOqg/PsgFtwGDszQ3LAjoBtUEVf4jJMfozghb3fyEt4FH1WA0ow8TgMzQyHuQnQFnRO2h/3ITthfKEoHWxG0fUcOXIUy+NXiNLv8qjXpSnajErz+J0b9W4qdMw/ouxWbw8pEyZy2JQeFXsXwijYJj+cVMfRGjFm775L8o14gHID0U+x/3BoN8GYHfA+xNhCMg3wcX6v8WUzo2sfE+Zy5YeZ6jfiQ6Fyo7W8xWiuiALWaxfNJGpKcuCgKSXYmvb0LunKReas9W9PB3FYkpbbTZb8z176JJLfLKflVBpPVLmdVixiUKAhLmQ4JWRmCvSJntK/gD9FfrdvfkE75uR8Ox53ZJ3MV6kl5cZrS5X65n3bqXl22h1QQLauw+tF7DFtEcvNrQpc3obfqFE/EE6G80L0xJ0QMNx0vNVgZFRpfozNzOTBKcL6DIZ/iDbw8XyRYrbP377vf6uoAI11uAPEmbJkS/B2RPIhuci2poGf+CRjUS8YwhG6XIY1GlYxVRuZVbtGUljQPa58IJ2C7ajWyxBi8aDSzOXpbg8au9ozfXNVR9AHsmkCG5hPmQUWdWCbEOLJ4bZfMxJ1xoCss/tsddwCBkZ83FSKc/4Hj1EWk8i7ftUdnoOfDFQ4seWR+1ezLeNwwW0IrSauDBbYXFD4XlMby3Nt5vdmatKGULuf/AZZXQ2+kPRgyCG0WR/xVvfse5zVxPGi3tGQ4lFac36ngdojnkAHwYPd4U2Mci/FDrAvzJqebfVy4i0o2cpQAL0YHCK/d62yU4Mu9l4Kf+PGSznWsVPRjdUQfC/36W3bASXCr2liJdCyDDcp7M70PfOs9gU3VtIb579JHEvoElhNVr/UoMWDJpviNpVo8SAvQ6MJ2TPcg9w58RFPGLp2MdxJp+ybvDB0vgM8rCF9UQYQoMehefTuOT1ZdLAlweXRlfBOHzTQo/6PrNHt+PVTpxeKqqwl9aBmVrov8Tlmsf4easuizhoX16Y5dswF8/9/vg0X3Nldg4pa+LgtKN+Pn9JSylS5m9Or5fszp40S9I4yEnUmBgvmfrhPRti6ev52qQffd1WqrAKKP1q9guB0zmNOlY/CtDNxiYpvMOVhKpjudSa17/AQQKuPunbS4liRBKkttOyqYm3BivkA/5TX5cHqIDNgH7YM718mokJmkyvHFKMaRr9Im1nMFW8yJYZkbUqBl09JVBEyN8GnYUbeWP846AUzmTOghRaS4q1X53p+1VRZ6iAguO6cV44I5wIoVXn782B+pb8DatlrVd3Ow7tKfSTuoNJ0UVGlD0yXQX4O2m+RgmezFDp1/NbZnTKiK/cxLRosL/ttkf9LEav/k/AAAqCruknbeV5/nFrKgV9x31Lo8a6/01U4Uk1Wfy8PnusVb9f0jna59CGxI9pcHjcRc+Oq208pP9QvLel0FtvmBPrnHnRJuyaYIyV8rpWdN5MT+vO9lmj1gOCtFGOjgqvt2MrK8yOofMYKkphkZH4eAT//BUKnwNOt3LOOS+KbJnHBfkcnV2MPWnCo4drtf7qOHs/pidBfMHmahs7Q/pK4DBpeexAYCLDJpvfk12Z3Uqr3rbBCMS1Kaondd26zVI7i8tKK8WJ369QMuvTHx8AoHmOTkpWWg4oCZick/WmYcO9TBK/HI/CKPotEVVOUZGLLGroXCR5H5lkTx6dEBFIv4Whc7YQhcsB0Mcep99QH1+BsPJgq4G6jg+tQaHtmt4Womv8+TRfQbj+ExDc7muS1i9Et0+EXw6mAqWYhw+SZuWQXZ2WkO7iWQ3JsR/6yeiz36AtAlYctvHwX5SymILKD/PpRQ3qstoyWIYLltkdWzZMJ+2SQ4USnmkt7XbE8VheCVAGcRHzhHetgGDSrbrrYRsgIB44xKviQ9JKc32ud+b8tCpyWxL5dgntPJDmkSJX1csLIukSf/YCCtG4P9Nnx5S5nfTI506gao9uSCZu074xOXBt7Nk1mr8aFEGf3MSO/J3DJpZSUopNvoVF+wUaIRyoU59bkHP9epS7n8LqsvBZ6Sz9R+TeZJ0wa7mFR/MekcovXR7zArD5Gwo8+KZhPpvGtCztdfJI/WKSu2i7Q4CSyIK7ioYx1O4c9EAMh2+VrSBS3L20icd2zQrd1QdTli1Qh+EhpifFt9KYUWA2Q39ufik/ATCo4rmHvTRLrOfN2CsDciUly7u3nJKLIq9r8nXBxsvj0HM/W+LdM8q1YKGCTNcE+yD+9tRcy57R/4j88cG/vngk00EHvZb9ABK9dQInQ8FQk7znz6ZGDhdf00vrXKXG30baTQttP3RQ1lPav6gFHJSKfNgBcr010hkYXgC6IRY83WUnLet7YZqzE6ZMSDVltcUGa2I3KuyMkaJtsgnMh6yurOAu2x0TrdLj5BPG6xLmQ8D96b5uhcXGhzSqvOcPeGLp0BmSrPvD42tS4SvA0xKezjPewhBJ62YIbcrpD+ULJmiyNvVPJwNQ7610KEdYTRTZ3b5RcjN6u/OfH2gvcMvdgdIgU/06hJuP6g9dBIwusCNR9M2etBk4Az8GOPh9PD4gyTzhN8mpLhi70jsU1MBViiUXRpnMCazlividl96BqLNPQYur6t4+8zrzGAsRWHNZmM23jPnDt9T57PgZXGLEbKEe+pzbg2cvghZpdDTsmJO+KOkOU4r2eQdYOp4AFpyLFvfnIRpTHACnQ0lZztwuBojZHXxVHoGwHAj+mT35rmIQ0AHesBfTaYi+iqg5/chiSkyZeAReALwT/A30dIj9DexNa1kyZXzdB67wNkN+ztw5hD9qn/EPFiaQJFKzJOr7/src5SaAxJ6GYKk6csC3yMMWNg1C5WxicYXlwEDGBQqEhF+6STxrrX8Xe51Ml2VbXXZ4+zHYGvnLS2zPQ08OTBOq7KriEJvyYw30XQhH8XL8PDoDAsxX6Oe5K3h0JFCm3cJ/a7wUwmTqvazdSgQ80qSjbWmO98Us5LF/HE5lJxy6uPmc2f8n2gIm+Q8KqOZ/Mecua3AvOeXz0ZhsJgYTRGYIjKX9Yh/IJhqS+sADDq4U/MvpTFmw2WApx0FHmzAc8w59GDYA4IUf9mJZrnhL4j+nDPbrz3CATQiCvTDptXIxdIOP1z/NdOICxUofv71esL8CCNTUT0M+Nyc9Sb2RboW+B6AgRH5FgAfXWIbkPodN64WT6WnOa0jiGbXfxVRTamz3zchWF1g8jKRCECkVTDg24zoZ3QiIMcgas50ZhP4zvBDXisjvF/gjCP/OwdD3j8tfsRzbqE6gY1cmUM6VBMHPmQiz6IIfW7axs0r2Kx2K4pJIwkMZH2Gk76xsy1Zk2SWqo2Ir/pa2gQL5yww9ip0niZGnCm8MRVpqqfXgG8fLm922WbPiMiHaZ33qamM6pBhoekcf8WGlA/TddH/JGwSqd2nuySTjoGKFsBui/Zr0I393GSvkUk0jyAXKy5PEgpfgDXk0VNCNKlZPnL2uyYQvjwmA/Si0fkDnV0FMTrqmR0GLpiLH3X0yLc6657ZSpyAKWnhSWZNLMoyhmSAHp6mbG/z3bmB0NgwKghBkP78i3/ckaRH
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1588036787",
"to_ids": false,
"type": "malware-sample",
"uuid": "5ea7848c-35c0-4f7c-862a-2911950d210f",
"value": "msfeeds.exe|629aa296fe4aa64c165b5ad954b7b022"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1588036748",
"to_ids": false,
"type": "filename",
"uuid": "5ea7848c-40b0-4597-8f58-2911950d210f",
"value": "msfeeds.exe"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1588036760",
"to_ids": false,
"type": "md5",
"uuid": "5ea7848c-3870-4514-9676-2911950d210f",
"value": "629aa296fe4aa64c165b5ad954b7b022"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1588036763",
"to_ids": false,
"type": "sha1",
"uuid": "5ea7848c-0858-47f7-bdb3-2911950d210f",
"value": "58c581a7f819cf326cadc3db4f43ffcd8203ee5e"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1588036766",
"to_ids": false,
"type": "sha256",
"uuid": "5ea7848c-c250-4632-8100-2911950d210f",
"value": "5aaca87020e9ef0435536ab151966c8ec054438fd26413d6cb39bb749668ffd1"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1588036748",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5ea7848c-8da0-48fa-b1bc-2911950d210f",
"value": "405456"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "20",
"timestamp": "1588036877",
"uuid": "5ea784e8-6f5c-43a1-94ae-7fe1950d210f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "believed to be pyxie command",
"data": "UEsDBAoACQAAAJQKnFC+srRiPQAAADEAAAAgABwANmQwYjE5MmVmYjM5MDk1NTZjYzY0NTJlZTUzMzZiOTNVVAkAA+iEp17ohKdedXgLAAEEIQAAAAQhAAAATqvcNUqwGzX0vTv4XIGyFGeCJLG1Unpcs60Arg4cUx+wbyEPx1inIPRGAQJf8zV/qr8Wz0xjYePra5+2C1BLBwi+srRiPQAAADEAAABQSwMECgAJAAAAlAqcUDJq+t4XAAAACwAAAC0AHAA2ZDBiMTkyZWZiMzkwOTU1NmNjNjQ1MmVlNTMzNmI5My5maWxlbmFtZS50eHRVVAkAA+iEp17ohKdedXgLAAEEIQAAAAQhAAAA9WKSTENw/HJpsZ06ZqzT8wok24A+IMZQSwcIMmr63hcAAAALAAAAUEsBAh4DCgAJAAAAlAqcUL6ytGI9AAAAMQAAACAAGAAAAAAAAQAAAKSBAAAAADZkMGIxOTJlZmIzOTA5NTU2Y2M2NDUyZWU1MzM2YjkzVVQFAAPohKdedXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAlAqcUDJq+t4XAAAACwAAAC0AGAAAAAAAAQAAAKSBpwAAADZkMGIxOTJlZmIzOTA5NTU2Y2M2NDUyZWU1MzM2YjkzLmZpbGVuYW1lLnR4dFVUBQAD6ISnXnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAA1AQAAAAA=",
"deleted": false,
"disable_correlation": false,
"object_relation": "malware-sample",
"timestamp": "1588036877",
"to_ids": true,
"type": "malware-sample",
"uuid": "5ea784e8-ff94-4a1d-9ba6-7fe1950d210f",
"value": "cmdline.txt|6d0b192efb3909556cc6452ee5336b93"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1588036840",
"to_ids": false,
"type": "filename",
"uuid": "5ea784e8-7c20-40d6-bf1f-7fe1950d210f",
"value": "cmdline.txt"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1588036840",
"to_ids": true,
"type": "md5",
"uuid": "5ea784e8-a770-4fa3-ac16-7fe1950d210f",
"value": "6d0b192efb3909556cc6452ee5336b93"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1588036840",
"to_ids": true,
"type": "sha1",
"uuid": "5ea784e8-7a38-44c6-b0b8-7fe1950d210f",
"value": "a4789b71f8382f23b39c656f797fe1c2f22e3cc8"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1588036840",
"to_ids": true,
"type": "sha256",
"uuid": "5ea784e8-3550-40e2-a084-7fe1950d210f",
"value": "4beed76d5848fda5c41a9705ebef9bd81278e085ed57ffacc97b188ed8979b50"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1588036840",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "5ea784e8-2d18-458c-b54b-7fe1950d210f",
"value": "49"
}
]
}
]
}
}