235 lines
1.1 MiB
JSON
235 lines
1.1 MiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5e471206-3fb8-43d3-adfd-4806950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
|
||
|
"created": "2020-02-16T23:05:49.000Z",
|
||
|
"modified": "2020-02-16T23:05:49.000Z",
|
||
|
"name": "wilbursecurity.com",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5e471206-3fb8-43d3-adfd-4806950d210f",
|
||
|
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
|
||
|
"created": "2020-02-16T23:05:49.000Z",
|
||
|
"modified": "2020-02-16T23:05:49.000Z",
|
||
|
"name": "Dever Ransomware",
|
||
|
"published": "2020-02-16T23:07:01Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--5e4889bf-2f14-4bda-bc7e-40dc950d210f",
|
||
|
"file--5e4889bf-2f14-4bda-bc7e-40dc950d210f",
|
||
|
"observed-data--5e4889e6-9754-4148-9116-410e950d210f",
|
||
|
"windows-registry-key--5e4889e6-9754-4148-9116-410e950d210f",
|
||
|
"observed-data--5e49586a-7460-4471-a9d4-4361950d210f",
|
||
|
"network-traffic--5e49586a-7460-4471-a9d4-4361950d210f",
|
||
|
"ipv4-addr--5e49586a-7460-4471-a9d4-4361950d210f",
|
||
|
"observed-data--5e49a9c4-d320-4eca-bca8-4b6a950d210f",
|
||
|
"url--5e49a9c4-d320-4eca-bca8-4b6a950d210f",
|
||
|
"indicator--5e47149c-31a8-4e72-87e3-4a55950d210f",
|
||
|
"indicator--5e47149d-1064-464e-83d3-4973950d210f",
|
||
|
"indicator--5e4715df-5698-48f6-a4a8-4620950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5e4889bf-2f14-4bda-bc7e-40dc950d210f",
|
||
|
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
|
||
|
"created": "2020-02-16T00:24:20.000Z",
|
||
|
"modified": "2020-02-16T00:24:20.000Z",
|
||
|
"first_observed": "2020-02-16T00:24:20Z",
|
||
|
"last_observed": "2020-02-16T00:24:20Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--5e4889bf-2f14-4bda-bc7e-40dc950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--5e4889bf-2f14-4bda-bc7e-40dc950d210f",
|
||
|
"name": "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svhost.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5e4889e6-9754-4148-9116-410e950d210f",
|
||
|
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
|
||
|
"created": "2020-02-16T00:16:38.000Z",
|
||
|
"modified": "2020-02-16T00:16:38.000Z",
|
||
|
"first_observed": "2020-02-16T00:16:38Z",
|
||
|
"last_observed": "2020-02-16T00:16:38Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5e4889e6-9754-4148-9116-410e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5e4889e6-9754-4148-9116-410e950d210f",
|
||
|
"key": "HKLM\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN\\\\svhost"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5e49586a-7460-4471-a9d4-4361950d210f",
|
||
|
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
|
||
|
"created": "2020-02-16T14:57:46.000Z",
|
||
|
"modified": "2020-02-16T14:57:46.000Z",
|
||
|
"first_observed": "2020-02-16T14:57:46Z",
|
||
|
"last_observed": "2020-02-16T14:57:46Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5e49586a-7460-4471-a9d4-4361950d210f",
|
||
|
"ipv4-addr--5e49586a-7460-4471-a9d4-4361950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-src\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5e49586a-7460-4471-a9d4-4361950d210f",
|
||
|
"src_ref": "ipv4-addr--5e49586a-7460-4471-a9d4-4361950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5e49586a-7460-4471-a9d4-4361950d210f",
|
||
|
"value": "5.45.71.178"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5e49a9c4-d320-4eca-bca8-4b6a950d210f",
|
||
|
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
|
||
|
"created": "2020-02-16T20:44:52.000Z",
|
||
|
"modified": "2020-02-16T20:44:52.000Z",
|
||
|
"first_observed": "2020-02-16T20:44:52Z",
|
||
|
"last_observed": "2020-02-16T20:44:52Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5e49a9c4-d320-4eca-bca8-4b6a950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5e49a9c4-d320-4eca-bca8-4b6a950d210f",
|
||
|
"value": "https://www.wilbursecurity.com/2020/02/the-dever-ransomware-experience/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e47149c-31a8-4e72-87e3-4a55950d210f",
|
||
|
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
|
||
|
"created": "2020-02-14T21:43:56.000Z",
|
||
|
"modified": "2020-02-14T21:43:56.000Z",
|
||
|
"description": "Process Hacker",
|
||
|
"pattern": "[file:hashes.MD5 = 'b365af317ae730a67c936f21432b9c71' AND file:hashes.SHA1 = 'a0bdfac3ce1880b32ff9b696458327ce352e3b1d' AND file:hashes.SHA256 = 'bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4' AND file:name = 'ProcessHacker.exe' AND file:size = '1719840' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAHytTlCNjfZg2nsMACA+GgAgABwAYjM2NWFmMzE3YWU3MzBhNjdjOTM2ZjIxNDMyYjljNzFVVAkAA5wUR16cFEdedXgLAAEEIQAAAAQhAAAAL6X58xlLcIP71ML+Xg+5yf1rRfFZxFaF4UHY/D65bAdbgZX6kcT6tlYgZd3G1yQr85mOXkMF2UvuezkmzRwdJPItXSf8anJFgfaaRMLzCG132ynsDWlIWgxjV6+toTL9xlKSXXvAwJVhArUsQd0/TbS7IRIl/Cd4TwJKMmcCASYFgFDwuxggr8DS5TS/PsOjqZlSimmx1x11JzCe3FqMfdIBeVFBjigXUyzOSLj8UJ6uqP4R+xl99qAc541htYrtPkdaq5UyCTvNe89Dc9YQ+p1gorPAh0K+a6gHAHbiXCJZ6Cd5fNXATj+jktqgjypmWF0/ZMbWcFSIKWj5PWUsVWHLRReQLVgOnwgRctNAybtGhv9NSjsAszKkZnBqcn71bmjwLurLwarl0oeU/8ksBs1BCyozNmkOy6dVMfL43oNyrwu3yJeGpB9vFZzW25rPtIzn4BazUorPD6E4rT0ZhRWssu72C5u6U1yTspbo/IjLpyy4EGq2AMtrxvw/IIak67Rf6MrtXIl910rVc91y5sfN/0i1CjA6jiavqh17tsCAp+D93rGJEnUnJmVq1f5pMU+PgR1pJvXJURC1Vtq1Mo/NKjtAcXGh/1K2SmtkVeSr36IsFt/JNts3YRD86pnzz5aTaTeVBI8oTlhzC//cf2iS3eaRUjc215sO5PO51D2zk5EzCIzOryfSx2NbB90kXyIyZRAOogA+ws5WbfXFU6PS3+IBhmJVSbWD+fsIVrfcu34jGygiJ0enzILLtYBZ7Po7V9xh6muSVoPC64XcP6WpU5iC0taTga4jR32whGFFyN7Vbmu/yniuGYprjhqngLRovg42vwxE+sB5thXXlZ462BvWXmfCRwIMfYlaOm6acGsXIIz7gPMEuRLh9yGmmU5OW//fjUheFaDyHmuUSrWgJYRUvXWxkA2btrzGW+NMPckfXXlw1pqjfLqfKGHeuJKdkX92n5HHDsiL6FLXkC7YuIJl+a62/LDDUXF/9vaUrqbcMwAngucwKBYxZpoyG1/QuGi56FeHc2vJu/CkbQ3hi1wAuROiGWe2Wl+9Bk+raabLmuBlJfjBXjfpvAmmGYGTxsxpM8WgGbNZZA0khmnLoOMwSAsWHveHYrg2fYdzyINiyjC/mNJSl/Z/PWl46iImgiAwmFcMT7lCOmUKzKzuXEHKmifTBU8Q366VGCS1ZcfSSoNFzvFVP/rkUMrxzJJhjrJ7rB7HTrYhsKdMg79sJa06I0XqzFRNlgJK8OMKwZ09u3Nbq78j5WsMHBAmpLZnusz5EGVExN0O3xWem/uhO6KBNtxLXc5zi9Om+bvTn2sWEY1NCVOQlikVB8pF0t8NlWrmMkZJ2MYp9sNYd/UMU/pRP7KIETaFxYnP6E6Vk6tIWTaLyt72cSFr9N+m7fQWCCFnNK8+jrvBq33FroJry3OmoYixNfVbc2lXIZsac4iAfT0m+B5U8DSli5H9uNYhOc6XxPRQo5Y7vzJW9MWRDjCSIXfVOTITPDtJOOQ8pz8uV+TlzOHTt7WoodulTWKoA3YmVrBc1uvjeAetUGHa9LYKAt+YD81JYmcSnXf0EBDRJxPmfQzoUeU0s4Y/idg4iuTgDdrlfVdwM8pVKKI1t8oBCcXLj6ILd2o5JhsX4s1QvKF4bxd4A05RV2Tbx9VIBMDAO46LRvyVK0zrhnO2kGGFCBajUXimo5j9bEGYH2zXdD4xOu8sBJniYlFIFRqB/aHpB5jU2RwIl7rh4njqFdYqYJuvX6sN8cpvW95jT7m+wqQDAPvwQ9w8miLOt6RDvlGyxnkepGqKSMZuiYjoPHtDkP4aw0ht6/9pcs0EQ/VfUltDO9KKpcs5feeaHciypxtm3IHrIXL8ayuha6OvSycmXsQAlkqVjmnwdOJFNC5tLRD8gIztLfmv9FcQXo4r5IP5AdR5mJHwwYDDLaVQbNKxR87V3wL6R2vslUSs7lvegVXs5hlA8DvM38bFVwQsB+GUAIF/TFSKZs7/UJ/w69uZIDuJR3JCat8d7pZG928j+jcR5+OZSC+5IlfeJYlFrcoZcATdVi6jQ/7lcqrmiFI34RLbfAW+HLamYyv/kjCvLE/qIKjQctqov1j/tBIeRo3ifPGfsfSCZdsnipB+/ePD8vEDTeHy8kbYCf8YokghZdxcwg7mOTRQ830bA/l9S4g7zRDwllm+Bv+FHgMox2KZh+PIL6RuYfZqZdlwnK6lys5kieLG/d5hA1fasPg2tWrAxajYdfaOW65YoWrCef6Gg64RyfezCW0DAVHm6P4PNUdEKyT1OlTq35/pMpy8Ko1Gh06tXPugY+3XPT7FfSz9CE/oNDDBIZo6+jOjB2OBN46ErrJLUEEx/EAeM4ELOzekmLMh7VtsgcpGKZn3j4Bo+WRNJ32sq2hvyWeMhf95BS7s6KQREE0EbrsRe+XvyX0DkNVCd8xVkTldXWNfSb+4/4g3ArCiKe1HdcI8qoqhf+J/j3/kGGyzwLWTOC/0H5E/JvEdYpZciTMs/mp+vsc8HNCBJ3r604nb+WkEW8AXTEep/4bsEzB+2mFAQIycYM68INYOrIldrh9bLcMiCDobeF54I2I9wWp/vLSkdvSHseOL+7hx4OkC5FS855y1RxrezGI+xhYdZixEokNakFr9MlMOcjg8PTmLRrXTw2XD6r1fwu8YKo+3BgK3Qucyd+OHpq/JYrYgJRGMU1WAEJL8cifoet5hW9BUFvlei237BYMzV4P7rpoLdq50lyei8PYnjx3Ey3kIL31p/ETVYPJ6eLh2TMI6N17rFYXqeFAeRr0p17FVWNHzyAHhT721EK2Ql28MPFeh9YDMzt/ejIwJrDIFau1Qs9ZWsAxa6w2oNNg9kJC2OmSlAIhUqbiZhqNxQDNs5oHjpTPfPo05qHvAIPCLDsO9CNZ5Oe9nAcJvKmipnRF/wpMAWppJUnlM+/nB2d3yn9dT5bTrBxtn7Fs8wZDDaclr+FBJx5nct1hbAxu8HZRsJ+b5gv7RIhMF6u1gbiXwpMmCMaaDFE33YTqXNOp3VufY2xmD5/epUgb1CV7p1KzS9SmdYS7AuEoT4GIyJ3csJD1m1OpNjtr2IgGSVtvTY1NcU1k/6wD4u0GY2xiAjYtVRhgXwoBLAyHBOS+qdrAaOcHLWfL5lRgxbOja+JVqkC5hvbzTm0q0hZ07DPi0K7UV+j4yCYesBsX8noQXEwu/l8VkeU2GRQ1ZY7Bc2f44xLWgFQ0nwEQH9/xTMhaTmuHmapb4ahwFiq11F6edYXpSdZ3eMP4DQrt+Y8zMi/bxgh0uiuHwbG4ihw8KWr3RWl9xvFyZbxU07D1wRDJPop8MjcQzg62KV7tBBv4TWhtBT9QzMKEXuJ71PAI2gVQ6e6EBTpDdsD6LNuHdFZBhhlf8EW4FGa9D1hx2XJx9rMA8rxOxWLKCEYRJz/C/vlzr7L7dkbD9gLKPZlrX/DAclJQHz2uUbeRegy+++KmF61yGPHO/XDXDYPD7gmmYlUAhc5u9TO6Y/94iKJJKMavJy2wEpiM2nJGepKdfI0xFjjhGMrinHDCi0JRdY+pqBvWKikZJBx2CoXqz9BRKb2RblhtVWP0/SjJTwPoNam2WtDzYK9/FCEvTc/eV+LPFO5oLxc7G
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-02-14T21:43:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e47149d-1064-464e-83d3-4973950d210f",
|
||
|
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
|
||
|
"created": "2020-02-14T21:43:57.000Z",
|
||
|
"modified": "2020-02-14T21:43:57.000Z",
|
||
|
"description": "Process Hacker",
|
||
|
"pattern": "[file:hashes.MD5 = '1b5c3c458e31bede55145d0644e88d75' AND file:hashes.SHA1 = 'a21c84c6bf2e21d69fa06daaf19b4cc34b589347' AND file:hashes.SHA256 = '70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4' AND file:name = 'kprocesshacker.sys' AND file:size = '45208' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAH2tTlCf6FIlJVkAAJiwAAAgABwAMWI1YzNjNDU4ZTMxYmVkZTU1MTQ1ZDA2NDRlODhkNzVVVAkAA50UR16dFEdedXgLAAEEIQAAAAQhAAAApmGuOsOGDALnrZd7r1ZU32QFDnhm3guKBpYEOmazlH5aIUYjJgeLoBg7F4I13yWSRAH+wEcbDrxZ3Lf8T59X4LNVhhiLcyQyJV12XZQINpiykyKyX3er8UMXNbTsn0rc2FolWaQoH56b3db7NrT3FmipAmj/C1//JkJNNZFRzf7fwHXSoVQsjZ7pwr5vHEdFfF1pGM6a9Olbao5smirsCzwQ/oCyom5X+PUBArmc/JznQcK95fJkHeiAG2vRzbuApwtNKG2r0alvHkUhTElenFN5qLAAoyMGQ3FRuGxvOxj6O9PN0JavWSiBEOuz7IixT0M78348lvAHEawFAYOgd+/rBbFyEqVXoaW7OAwM2zg71goz1MVQSvamd5UpQYPHCDIT+MtMKLIzvcF6VIFDuxMbBKyVxVmHoSumDebPVcx9BJAnM1SPbbG9DYkEQQS9TLapPB7RJqxE3/6fsDBbFneLuUiunC1ckpqRYPzgtYgieiZn4Mm6wwJkCI6o+CQJovrNYsYDZZ5iUHg4tu927P/KYq9330mtoECyMjMVOci/+k+JqCVXt9u4msvAe1liiT7zOy/8KB3xs5FgP12sWav0VGh+CYUtQaRI0PP2SzesYkqTfTa0Sj7sHXnfiS3gmdveEmTwyDD0YgmEUQaS4/nUt5B3pXCHv6ErEvI9befTEJDI07lxaJy8FCRf3TdImuTs6doRx2bJyG6+2674oxxfdpOIluv8p0DhkBOYuWxFuLrMW7iU6GPg9VzxYTo21f7nu2vO/EczpJO3+HlD1ReqsPVsfCHu8UuvelDCL9Pd/nqbX5VXnMJ1OvIDRFOV2QRkaVb9dxFK9CGIlN/NzylVCX5NSGezkJ99ECGyPCS2QNg7pculv2oxCYv4pzGwk+dkm6q5nQvj+akKyGBUOKhl3LGfi0pajFBfg0Vdq/capYD32yOq7V2Gdp6L2ZQhIzAJUkjgPbzotmjKL9yQDwm5u8v0b88MvO+sxFwpEo00lAvMrXrd5IqIi9WkKH4/qFJHUWYX/+D2QR6UjorczgGmYrnwqq8krysGHo+Q5C97qfqkz/NuC6uxRCdL8n8pt+nR/MIvXiECA/c7SvZ6rfN1aAFCC+NwXL1Gfh2pokBTr34PW0BTNmWYp2DCqN+CZ/1UnvaONFHUd+epo3CD/uh5e9AhL+smDOxb09PzPQ7K2TsfZL6Z0/ixRkSCKc7g+jSkRQF8t1hQkpgZTVOKfMSbM3QiYM6Jtgk/HJJiR/qm63LHid3XnRm0apfo4qCxdCnSGVwX6/7+e1aULvJKOhQebJhosASsQOfbEE1xRd5B/IA4aF4FPNAiLAKKRbXSsbl1uqKJMe2/Hr8gbl8omzSTMzfnhIpIUeuBR6sHt7f9D15pToUbIrPF5+xViMetAfCxv+mTIqvrPkE4IAWLN/aJsExG3bp0J77MfiIQGLJo8aJzi9OSwuswkL5xuXeqr+9lm5XRU+ThQrYWaMnhVBCrSBgVJ4gLQEmljv2mhmlW4gVvti3T/1Ee+LrQBN9UVGHXzL0DOEV+VTNqbmCbML1Tf5kvb0HUf1A79yDWZTVh1JjrcDliHiwJ49n5F3Wfh4OLTiPgvfWeCI2AbJzO5DUiBhRGgz7oV5p5nmLU9Vyh4xAJYpN6Jy7WBpEfGQqGij3K459yZ/RYs4VlwfNzena1LYRd+kWZp0j4/FLOYRtTyJUUiK6YLtOE/W4AgaKK4k5tTlvY1zZpneJjxqHeNUM5osoN9z7E7LQVPsLXzBF0yRz74snoK8K3Q6ligHOKKG44dXX+hXPVPFL2vrcM5PEU0O5VUfIlaUFiYNX2ri00i/Hjyxr1FgiDqllc8HRzXgNiL63Ki0grnpZ3cfWjwdjMVuqEb0tFl5Z6Vxy4QYGqGnlmh1VWkLpGwR3Sb64EfSsAtMFuF8I2YyeaS1aPGRZ9DAyKuV2YnWAWTIeXiQDkWVJFFm0a/EIoEUPjQYbEbOxXOVcK5btCcR2lCKCkaqMlStz5Zce1U5RwGlp6c3peYFyzDFKUmE1RTNF4Lw0Mmf1VcrhOKpqaljuACWXSW6+EalNQurlwRomtTCuC6NFherTH6Il0q/FYWVxfm5yWCgUu16JKbseY4JXis6CcAHM7MIlzi+zE2z7WaL2xt6d9UOSWtyqyCnrRYE3lt9rZ53KyZlkClUnTjmPqIjVA8/2vqX9apJqYMxDWl4wI5cZ5xgwC8d7ZGYC7bqGVgOe6ulDzlc1A5lXfHfp5V50rog2I7tvlkkqzFuYveG74gF75VxQ6YHBApVe8I8MP8RyLwob+J1YW7Vtc42/BVJxmmHaW3681io4M/pDfX1E5yQ0pSmrixYRrY7FQOfAbLG4BJe3O6jz0veKD8AKvv2tW+sU3152LRISjX+bdqW1Y5L6bfgD1v3OhiT2/9jAhcHZt8w9/hcFB/7ajohhGRLhJfs0QBwd67iIUQzpDpkp/tixk0shV/iY8ayJs2IpuNUJHFnfTKVEii75naJkwEHyErSWgTG+HeT0F0RILm9+SF6eDTvOXjTBVrv+H7N/q+rphcUTdpMXJkxb8LztCaztWTuO8A7NZUlu4UHvc0O1bEqHuoQWzuzfXKpvOrKYnLIRA3COIh8t8LgQOGZeMitWZVygMvpODuq/kpSHXbFO1nM79hDmTkSdw6BRJjDzMleaNkAJy6CzIV0ApMf0KJD1aGF5ptxC5YHpWt8LV1WVxzKwLyEOXvPKJLKoPszXo1s79blVSe+fhdoacx+VN3mGTOQPbd9UYWF/NQJ3BCNUFEVKHV1AZ/jV9b2CJg/ybpxfXGjkv3c1gvfUxaK5DKRuArQEAVQMBRNgR7akZbETOmcGl/HddS7H3+47BNng81u8kiG/Z4/DTJv4QOtMg7kV90/h5LxTQV5JOmq/NxTbauGgA4TA81DblneF1dsZENm7nXKLp0qSBC0TuVTlJEQjKa3IZo/iPpzAv4YtC0SfEobe2b5Agd1kCpGPD9aqptQibudr+HSc/YPDVvlwLfIYxqVY5Hfv6DCGaqRIxb0e3t8UMbzo9qfhRsZF5tPZE7ZXb69AGtmol6lUkzPNzI944mKTN9Ttm8QVJ6bNXJ+8Stnb1TFp0FKFH9s5vocs10aZJAB+PaJZnTGkSjFT4MXPcFUdLLurslaXeySk2Edg0Pk5g8ZMZWbIvNZWhvVdhZLddCf7uAHWkWrWXDgEsS58gu9KhS4UHSqTntA8I/oF+kB2G5ZRk0tmM63peXB8cMxCOfM2xHRz1NIVuLkOCpc8nW1Ob+Pqh5GstBN9sGhQH0l+2Kr3TNJ89XNicDkptFsADnb0uAJObyCAcbOlAz+CeGsSH3MO9ivbpPspTEVEfM5Eg4B6YslN4MBBjKsz3n741wgCUIzLcduTz2eEtCwecwjCuYGR535e+ZgAMzKq0vLjq1Q61KEShMunsbbzhkvsEjyaxWnmQ5olNijbsN1DcoomOFIRz/UBTQqq2kpEQ3FCn3RblFmF9NiaOrB66Bnsa5pT8gRhGiIi4TKcg1hApWP+WCAmyvzENvSTV2+kGjTHehvHr3GdTJfTLzOcgZqb5v8fyGEqrCLoWttSYfKYRYX+gc0DVW06nCsMnObh8elZvtC8HwkvogFNVV
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-02-14T21:43:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5e4715df-5698-48f6-a4a8-4620950d210f",
|
||
|
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
|
||
|
"created": "2020-02-14T21:49:19.000Z",
|
||
|
"modified": "2020-02-14T21:49:19.000Z",
|
||
|
"description": "Dever Ransomware",
|
||
|
"pattern": "[file:hashes.MD5 = '273045ac9e57532ba524a2ecedcbfad2' AND file:hashes.SHA1 = 'ec134601a565676b3f4fbcaf1783b0673176fc5b' AND file:hashes.SHA256 = '5597d2864836aad7d1c701805def0372c1e43d58372b1a4259e05152462e0755' AND file:name = 'svhost.exe' AND file:size = '51712' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIACquTlCakudRuI4AAADKAAAgABwAMjczMDQ1YWM5ZTU3NTMyYmE1MjRhMmVjZWRjYmZhZDJVVAkAA98VR17fFUdedXgLAAEEIQAAAAQhAAAAZ2tS7w/mZmJbwQVIj2jGtIjYgRmSnEZxZf331cqX8MYhUBQ9EyViLo/SStk6iPoq554M5z0pQ2KoR1tmryKsbR2+abi9XhBQ0Wag944uU+7/t0CDU/EMX3lmsxk0i+iEr634t+U9wIwDZJajguD5fAn3bq6nLRR7krIdqQUsjHRMoTz8aaqEIcds/B0bhoCz3zkmWZ4VJX2/0cyHk7NBzCz0s/IE6Y4MDqU1D8T4JYMa1UKNx+nhenaszOk0gfzGeefPtsfj0zv36yRlEP7emCat8VQP169LwevCn0tRzpVUl2qCrCAUXPAF89Rg1+Dk9o/eodAgQg/9+Bly+baEYQ86fVk32V9Ba6tU2WtuD9uVfHFXVTs3MUPQ5L/P/TgFGbCKoWdOnJS6D0oE+hcuFOprKKYzgMHkbGOz0Blog2YWGlj9ypxX15kvnlp63aXB7QO+fqF5iJwVXuX7GbbVjUGQB9Cq+P4BGnczmzfvEeuXIzpkxMLJ3GP9+u8cIoaZnow43tTTlf20D0BbkVn7xL6o+Pp+WhhEuQxqXZqE+URFgladpF+DCqKxZbbjfcl0P/XCHCZ12Anmx5bE+2jwdPHOc20zaOOZb29AADGd8LPuM+JYdJ3Utl/+V9VmCxjtDO5K+4QCfbsjOSgV04OXyHtZGeHgjB2L6OVNI4ADVzokr7P6ia2TF72iWqvQbbHL1Lz9SKPmlrgcBT28gJcCWdVtUycHyHQmAa4Hq1FSdyAaB1Esa9wFDY6P/UZHhf/OM3P2LBougcGlg2a/X+mNRSZIiI/cfu0LWq2GHjb0WmTGqljfEuk2s2EXORTvMeZBMDzpk2O3wAWIyYTHLVPRi7QUNVH8QAUgcTrinEVMZmOgQD1qyYAfO52+8MVAxLr+xnB35DBUtF1866TF4N5QQD6JApUN8R043RtZ4VYh6GT2FUVa1xVnLCN5ibBqcZZIFqVp4vN00qfzKYBBS6/iiHDbZwghImWu3BxSL5KGrT1SOe+EqtwSHsOfkAPOQr9dSebXUgIfh3LjnbDOjFMHv731RI4CNTJk83Q6onVBGWj8smjAGypHgcs4ekeoNTJ0aZEqF6jgCGDAE6BY1hTf+AS6GPdHVXNKvCf2oOFfXuYGXRo7oTJpczmqSxtbmbTLwNtPBs2Kmy9giifYy/Eueyv8gQuboTVY2XMgzOk8rcxeLShC6oOxtVY4h734uNy0c9eq7MKXBU/FjcB3TrDs2OrKIhOaPOOsW74EPKb2BjaMUwjfHjAsUpr6EzDHYHaLyQ0leAHLEzFH9eW3NOKsBsjZs/Lcx+/HH7wQ05w0aXivdIRvRDx6TJvyzHdaIZ+73zfsY1XHJ+6GpmeiF9py97F0kWvr+W4L8zFVCsFMXCpNMhwJZbkSnboi7gVYwDVb9Q5v9p9fbueyi/tRoEr3k2wLpKxsKP/n/95dMUrQFge0RU0gG6/1ZtR/R510ICzB6x/H7OD1Zs5I+9YtUY3Ua5gvqNEpwTAzUIO1jEQ7g4ibBp79zst/WgljVQe1wESfwDDZ6JibqAMh6Ogjuy078Nw3bku12bqv93DmJ3xKbWlZxf+F/66jn7RPW/GJDqKV9udyXo4m32hzh84fdIJdI93Gux+9UVYIua0HsqNXNSPUsjHzQ+0MGdnD2CPP2gChHSFnOgTkuMK8+UGr2GO1MEbJSKYUGRaK0ImqphKkjhr7ls/MADInKyDexYcYlGT8uEwAhO55Xr6VbZ/+1cqzGrEn0l1LFXqD+P4jQXyZCylcx+zsESpjNadx7+t1l0y1C28kwZXJH4vJP0trv1rM/NYipjIrYjwcrSYmI55ozqLZ88C7zaDXNufhk5xeCwuJS0gtb68Yv65/b4DMoc5S3lirpQhQr8mHGrkn71LJL4BdLuLP8nlSlaNSpkweRQw+9vtbzT4E/NPPyIjre9rlScEtuJF0Wltwcwdm2enH21Gg0cwsLCZGW5imhSt1VtUjvWsNme+CHuSnalkeVBmgP8UC73JXSrTkGxgsYqqnTD1/MmkWBShX47qM3dF035p2xoBQ2o4eJDbYmHLwGqztLTlqkMjkgHLK3iacXQzoVGwYXXW8JG/JHl6SdVG3sf4KgD8XHlaBuEzHTDYcJ8Xt1m7QtqU4o6T8YIIDd+w2wyW3wn3IYysO0Ny2XAT3EZzdnf6GYvYNQCBObZNDaawAGnJCfYStCsLzboS+YaVdnLDmLX9+8eASYB9dumdtI95hFmvMqRTc9WEIF6pgZPQjxB3uTQpEhXC53JW9SdPYCiwHhT56N0HW7gPy2IPyeTG0YB+8qKFLvjenVxDJSGaeXgaSoVmqSuy98Zy2dxOQWeZGDhVfLB+gKLLfZsT5oVzrl5cmQiRZ/fPQJS+wFju/yXp8tbkQxLLKBME12E52BtHWTKU2S7njRZHV494nfo7CMQ4ecyfd3o0fsyBWjBcVCyTvRXYGCj437YRjJUL0/CTFLD0umqDPeINmvmnLrtEof6ovN6PuTXcxofc0igNlSigs1IIoD4whizJ4Wb3KTBJUYhknf+NC8+iD6AONFC21dBmkXTuNUmoUHmX3nci6GLhG/OTHCJUpWlta6Omo2n3vAB3vKKKPKG9sTfZwbrBKJthYjaCxgb6CaO5UeiOamuaJLGmJ5W6PUHPHhgxTn4aU6+jvObuiW3hErbxnk+OhwneF1ArGVB7xBqezeTq9lzaSFB+r5p0qyzqaAtm0f8GJnr3M+JMkA079fdoKnt1vKFBZiQg3AGgZeedyaGindt8ayU0YUez4HoDwD8lGKSx2haGmrPefyPo+cVL0JC/unQvrFagT5xyB7DQNJ+7OsIp4JdtYdd5K1q5bkhLgxfFonk1Zk5mCl41JbTtPOBHUvrNqpQ0/LcPbHMBgBK3AgAqqnzq+oWEBzOnU3ycNGw7pusHsB+iWp25znr9HMIAfexM3IvuFb6fvUXwANh/YRQdRj7HTc7Qq51Exjck2fjUERbzxwaIKtLqckzpkP9bs0okiJ9PhVg5ahYXALSQGBt4Ivv75+hcS6Nuw/uxXhiSVJtVzRH2FheLQO/GMWc3qS6YafbWhMkIjEbwr0VRzUquRv11qPwxuNPIvaZjTtd56NlSA+Z3hHxgbzKxSVsiCKPN6t7szhbMY0csmcHrSdSzaZn351UMr0xPTmNLwoAP4r+pLYAJaWL1Ug4ysj+DzNZQhtdxDvIFkFo2Sbn7BnVtZZbDyqrLDftZgTInN5cOg6IqYRmpXtS0rL5G0QIJkqzzXJz5dvpH/SsNuFQ/mDxhpt+AkNtnz1DPAjw0CJEiR92kOtqX38tHPNZyf/KDTXPfKAEDxAnYDqMqWRb/fmuximAuEWYc5LBatNt9eKcIVUOwSkaSyJhh4QnX0i30lturUKs14EdOq2Ka3ekaat2VUSpz3dN8Zi4eVbjiSnlkon90ds9Gg9O0rbojr57tfbtJd28CGKS61wxa0ovQAx+S4p6I7Klp3Oqvy61UQxFpaMMAg69evGZcZl7ACWuz9eN5u8uvbaeve1y6fIOgqLhe00ZgSz26DhCN+8iwqfS1ZSnyx5Rkqdr9ERr7JETI2nOE8GdevcLfCri66MpCv0nk9kOe5Bfrx7VjcAF+tTAICPISTlf3L7Q1KHhb9sXQTO
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2020-02-14T21:49:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:GREEN",
|
||
|
"definition": {
|
||
|
"tlp": "green"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|