adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5e4b486e-9968-4af1-87dc-4ff4950d210f.json

504 lines
1.2 MiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5e4b486e-9968-4af1-87dc-4ff4950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-28T02:34:40.000Z",
"modified": "2020-02-28T02:34:40.000Z",
"name": "wilbursecurity.com",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5e4b486e-9968-4af1-87dc-4ff4950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-28T02:34:40.000Z",
"modified": "2020-02-28T02:34:40.000Z",
"name": "Trickbot and AdFind Recon",
"published": "2020-02-28T02:36:18Z",
"object_refs": [
"indicator--5e4b4dfe-0ce8-4566-8a57-4131950d210f",
"observed-data--5e4b4e18-84d4-4868-bee8-40a9950d210f",
"url--5e4b4e18-84d4-4868-bee8-40a9950d210f",
"observed-data--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f",
"network-traffic--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f",
"ipv4-addr--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f",
"indicator--5e4b4f62-a104-444e-b2f8-440a950d210f",
"observed-data--5e4b52bb-7008-4580-85a5-499c950d210f",
"url--5e4b52bb-7008-4580-85a5-499c950d210f",
"indicator--5e4dde50-4068-4086-a0b5-48d6950d210f",
"indicator--5e4dde50-c9ac-4244-a140-4992950d210f",
"indicator--5e4dde50-2228-4a95-a45a-4bc4950d210f",
"indicator--5e4dde50-460c-454a-84e6-4613950d210f",
"indicator--5e4dde50-16bc-4b12-9577-4f30950d210f",
"indicator--5e4dde50-95c8-4fc5-bf9d-4688950d210f",
"indicator--5e4b48bd-3bc8-44fd-b151-4c63950d210f",
"indicator--5e4b48d0-666c-4b87-b405-4428950d210f",
"indicator--5e4b48e7-14dc-4faf-aea6-4a6f950d210f",
"indicator--5e4b4906-c264-4880-8c75-4c2a950d210f",
"indicator--5e4b4960-5bbc-4e05-aee6-4127950d210f",
"indicator--5e4b4971-e698-46cc-81fc-418b950d210f",
"indicator--5e4b49a2-40d8-4a64-93de-440d950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"Banker: TrickBot"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4b4dfe-0ce8-4566-8a57-4131950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-18T02:38:34.000Z",
"modified": "2020-02-18T02:38:34.000Z",
"description": "enter.exe which loads Trickbot",
"pattern": "[url:value = 'http://support-it.online/upl/data/enter.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-18T02:38:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e4b4e18-84d4-4868-bee8-40a9950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-18T02:38:16.000Z",
"modified": "2020-02-18T02:38:16.000Z",
"first_observed": "2020-02-18T02:38:16Z",
"last_observed": "2020-02-18T02:38:16Z",
"number_observed": 1,
"object_refs": [
"url--5e4b4e18-84d4-4868-bee8-40a9950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5e4b4e18-84d4-4868-bee8-40a9950d210f",
"value": "https://app.any.run/tasks/dc8771c7-04fd-47f5-b273-c8d433862c2e/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-18T02:41:29.000Z",
"modified": "2020-02-18T02:41:29.000Z",
"first_observed": "2020-02-18T02:41:29Z",
"last_observed": "2020-02-18T02:41:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f",
"ipv4-addr--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f",
"src_ref": "ipv4-addr--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5e4b4ed9-8a4c-4ab4-8d04-413c950d210f",
"value": "216.170.123.19"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4b4f62-a104-444e-b2f8-440a950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-18T02:43:46.000Z",
"modified": "2020-02-18T02:43:46.000Z",
"description": "Trickbot C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.133.145.31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-18T02:43:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e4b52bb-7008-4580-85a5-499c950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-18T02:58:03.000Z",
"modified": "2020-02-18T02:58:03.000Z",
"first_observed": "2020-02-18T02:58:03Z",
"last_observed": "2020-02-18T02:58:03Z",
"number_observed": 1,
"object_refs": [
"url--5e4b52bb-7008-4580-85a5-499c950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5e4b52bb-7008-4580-85a5-499c950d210f",
"value": "https://www.wilbursecurity.com/2020/02/trickbot-and-adfind-recon/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4dde50-4068-4086-a0b5-48d6950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-20T01:18:56.000Z",
"modified": "2020-02-20T01:18:56.000Z",
"pattern": "[url:value = 'http://support-it.online/upl/data/socks.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-20T01:18:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4dde50-c9ac-4244-a140-4992950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-20T01:18:27.000Z",
"modified": "2020-02-20T01:18:27.000Z",
"pattern": "[url:value = 'http://support-it.online/upl/data/addUser.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-20T01:18:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4dde50-2228-4a95-a45a-4bc4950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-20T01:18:32.000Z",
"modified": "2020-02-20T01:18:32.000Z",
"pattern": "[url:value = 'http://support-it.online/upl/data/adf.bat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-20T01:18:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4dde50-460c-454a-84e6-4613950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-20T01:19:26.000Z",
"modified": "2020-02-20T01:19:26.000Z",
"pattern": "[url:value = 'http://support-it.online/upl/data/AdFind.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-20T01:19:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4dde50-16bc-4b12-9577-4f30950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-20T01:18:41.000Z",
"modified": "2020-02-20T01:18:41.000Z",
"pattern": "[url:value = 'http://support-it.online/upl/data/test_64.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-20T01:18:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4dde50-95c8-4fc5-bf9d-4688950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-20T01:18:45.000Z",
"modified": "2020-02-20T01:18:45.000Z",
"pattern": "[url:value = 'http://support-it.online/upl/data/test_32.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-20T01:18:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4b48bd-3bc8-44fd-b151-4c63950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-18T02:15:25.000Z",
"modified": "2020-02-18T02:15:25.000Z",
"description": "socks.exe",
"pattern": "[file:hashes.MD5 = '9efb4a465942dc094a5a57e055fd608a' AND file:hashes.SHA1 = 'e1348386da5af1903766352d4a224d859933e941' AND file:hashes.SHA256 = 'c93a357ea1772eb376ec4528d7a6bf8cfac31d9b9b4fc5455dbc369d6bde3583' AND file:name = 'socks.exe' AND file:size = '139264' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAO0RUlDz2wjfl/gAAAAgAgAgABwAOWVmYjRhNDY1OTQyZGMwOTRhNWE1N2UwNTVmZDYwOGFVVAkAA71IS169SEtedXgLAAEEIQAAAAQhAAAACmzIlIse136X83fsxmq9QuBaeGFL+HjojCY9x2JbPtWVcZs40Iwjc7I7RpM3TLdRB4KUILQbFf5GHXj2fQ/yy1EHghlEs8eBp2DxR2ltwINrUAhbZn8qeOeAd3UGT+bHQSGR/6Dl5CZoRGy3EXeteaGKOfNuoTWUNHrsoQ09OLOHTjs5T0moxYjJFdV+WpAez36z9ARFJnkKGoxaAkpp4dfHD3Cn7cPbWw507epLIbkasrI3af7bEQxDj7ryUJv7hgI2zDALDWnOIVWIMyHqLDM0rNY+NSHL+ti2sH/xVP5i+GabwjiEBJz037g3aQORYcal1Dm0i77BWEyKHbFqLguln/SZckhRpAwS/SrLOdeiZSmamwYVLK1qWCxJQg/KIeGQgJLbpwJcYcwy62grdMKq8DeMTV4OLv6Bq2Q1Madc5NjWAKkW46P2iUFNC9thiYnkbKh4eplH4pVviwz+Fk/Q3ifASFyMoqZ50sjik4Po9Yrm2Hy2/Yc4MIIrIomlqhJ18GBZIHRwuCrVULy0pQoGOD9dgHyD4Z4xuQl5+DGjjTf7HkHs7gn1zh3cH3qhw/y7602RHxfnXuueP5g5+fRPJhfeIOY4Y30/pNU0mIfeBj3eDKyyTom1NDQ5RDp78r9F/QDXjtirwhkhfVPwK0M3nmpkpb2LD60er0Yk+v+xa6RVnENNBAHaCm2xixpRlPJ21rASUF1YB1ogN53U0WhDObx8hYP/MBTGFdVZuPJwoUrjKidhVVi/6MsF13e3v1TWL4fhac/jNZRFTEJhBh50w9z2/t2Hn7gOccwgg92D9D5btEXv7/ora2Yr+y2u20XavtQsfRrI5oG4ZD+OT6afHsWVLeuF/HQanKOjsTqrbdsNcC6aiugxJAwP6+MYGY6H9+u1KR8TEbkKEQB/KkvV/rcwLdT0XXg0yi7xBGJHPw2u3xoLhDQaAMCuF3FXQ6efoIH5kY5ME/fwIqDZiW1uH0OY46ITznq1lG5N1hZ+/LuQ9+1D4ruIai6O2vfPwWDSDB35JruvoCDGJIROW++1xsixQcfDHAvzEz0KtPAcTwgBv7KTuiWUKVd9UAWcrkPeVH/08VZAAOkZ1KU/t1J4Y1g9FCusgiHLwR/LbLAyxBU9zmRlpLfj1iFRThMLKs8J1D2ivcEwtnQLUmOYzEVaJ+5aEt1EFrW/HNATcK9X4qdaPvrWjdYwW+2zOygslkpWjSthkk31+SxAItQRbB06majTUzNMM14ZEF/dThGJsCLOR1rsuUPhkN67h1KrkxwQa58mCvDM1Ve6sL+uDgCklvL1EjKZSt63831Nkn4+v9fEG18AOvzgrqXS4Q0NL/BFAPcPISgco8g858G6q3kZ5Q2ALINxOMk7N9qdAGw8HkuZUVRybU8HhD8JdpCSVy2zME9y5mWESs+8DmAQJoKkylildv50ylR2/7UQh5kxlIcaqRphYDAVOAax7GuyxxXwCFwWW1ZuH5ZIzPZdTDHE+DDQHQHyztSor5WHgxYd89oVy9qltpYQrS4CGcUwnUd4N8gndkqofrglr507WYXZ1Rghu/WGkHNHpsYlsFeVI8sxue6MK/RG+3EaiWJh8YPfCwvxqwc+8CUXmKGt6iItIZjN+xGH6wseUihVuvhXi02TPr08Eymu78UNkDb4VI5vYdw4Jfcksw8IBhsvKcZY0WNcJ+BV/TOtOjV/ibqliBLB+MGemykmWgAhhjbHugDmzks41LBO5maEAZ1wPJxHHzXrNksJaR+GkzjzkhQSyLM0bVXXkeQMAds3a4WRyyfIUrga/cz8IuoHLeAiWI1amKL2bNKKXweSwkTuURcskpwI3Qi/kweyKs7r4MMIYHz6RsQ29af0zYg2nfJW0/D+otYyJXJ7SvfUE/t3Ar/RWO0JwKCF50F4khx1mPPYjtCrzXeas2wrNHULNofPxSxGey+Z0dlUPps6JbmCfTGjtd3Rf2hEr4ve2SnavDnummUGJiqabSgubgmyE983eNtPyKkGSzCKBaOoqGa/FlWFC7o0fCRf/MlG8h9f/kNkhpHS8CJ/zV9aAAzGzMXVijJCzwQY/Nj1/q/w6FQKcqzJa9+OKgoKql7B7CCZlMOM2czspp+P1WcjpMxYwhup7lwyYseF2I4jkS9u+OpR+8PbmeqEViT7JcvjjbbexvvxI1jncHFqHNiNNsqGH33TZdkXgOYmsKTS676y4wafHjs1Y20168dVh3EWTi+Xf9tLMsbtriGPwgKmFqFNdmbl5JzL3DFlCZbfyWrxDt5C9sutHXtFNn1TFhKYweFRxcbZ8vzd58+N3RbEpZVSnUG+sxubM6UcS0+2uv9eSi3KLT8oz7cTaRTZ+kEcyL9rYCzFtIcSC2CTmrud+QuDts3wKNVzUEVnLaqUtxT8NhMi8uwwNb1Vy6jqCbnqnsrd/w+wo4kZVyuiR5MqMFo/FlOYc4vsGxkLqaxdlbxnIx44AwllKMH6R0RxsjlPh+HT5NFxpIG9NpQfEcM1aGPUj+TJTKt5LrflQpb96FRFZZFbUBHEZuX39h9mzaBpNw8dTveej7kHEi1m/FwQg+IO9YD2u+Uf8mcO6y77vFRdG07PRZDoomiq9n8W+7/bZpAsW6qQHefxIR3xfUonvJKnpL1JpRMRv0SLUZf0a3q8rhH5yeubJ8i09ymQHhWjfKTK+AWSdfA+0n/TI5afVEbJNClP1Rab3dTn5h3nrBn+5cfdPKfQMl6EzzG8sPxOvJw7NoN0jVEcVx6xuaXhBbyrd3HgpDEVi6GLrVQKpE11/iWC4Zw6jg9hlMSttqAp24EcoPYrNbP8/Pznt9lt4+HGVmf3CaAxeAlbCEtyVafxfFPRohB4S7FfxTTMqMQa5zj70pWju7rZhp+WBUE4S321ptVa4IKJ+K/5K5vox1/YtgQ4EfDdsbRSRxwqVUHVU72F9RnA99B6lSVYf/HELDiyyn9KpIg53smBeUIYXVJ1HH1Ho2OvZnFoJV7UAH+o+8rYR7I3+dRqHvvwc/XoUvuN+3HPkw1IcmmEY4t7EEsT3nddSav8fwf1lUbYgfSN/bWc2wCU2oLX4DBJ9WWwfTZoPhXzu/Dl+c3RK4W/drFNG4bbwBk569bLfqlw1m4IOWKyCG7A1mavKQfHd435USJptILJvBcP9UWOi332CG5MEPNbWjMnkQPUYCr/xCJfwhvmJ/nJ203/Ng27oWGQtHx4wcT51Q4kWM7yOpQTInjKUDQNDWHTFeLeu2CYZ7xjdlJca02b88U4BeQ2eLRZfCQjWp+ssEsbeIw7PKw+8SZ2lm82VMicQkRc8/4+0GBCYTq6QxHG8JXCPNA8a6wglu3ljWFugjW1dgBhAyDSuWdvEeAVDekEHiUUyNIf4+lvls9KwghLTmMnGY898bD22eHn7j0CbRkLICsEH8rR+zWqK1HHPDzddf8/jQkJFIKGLkwSUQyZ6g0KE/n+xoeh/rpu9uEw7O8iPixnUytfI2XW9+ylwTMB2iAN+McJ/RCfSj08qtskrBQzw7xLsiUmI9560D31ikvX19fld18HPDjAcv1cgDZ0VxJLvzgpev/vFMuEH6FjFHL5Tc3eJ+ePaRBKR9DAPVnXVhqt4s3D6s+cOjIGrRstzXx73QTejRT6qFsju6/w7
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-18T02:15:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4b48d0-666c-4b87-b405-4428950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-18T02:15:44.000Z",
"modified": "2020-02-18T02:15:44.000Z",
"description": "test_32.exe",
"pattern": "[file:hashes.MD5 = '538a9f7e97c6b02e3ecfc9f831ce600b' AND file:hashes.SHA1 = '3a5d3069e607b2da534964e8b6ceb698357ebba6' AND file:hashes.SHA256 = '5c9b25611b59d453b9b1ae2e88ffd83a87a4546ea7e6b61bf4e079701ee729b2' AND file:name = 'test_32.exe' AND file:size = '122880' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAPYRUlA6LmgyWbIAAADgAQAgABwANTM4YTlmN2U5N2M2YjAyZTNlY2ZjOWY4MzFjZTYwMGJVVAkAA9BIS17QSEtedXgLAAEEIQAAAAQhAAAA97fJhSJEvm++mOiOwOxD/DXUIN7SHpE+p8CgZro9Ao8IEyRHsa5UoSt7GwUcAE6SI2HaOByV6w1orXkHkJYIaQ4dy9xTnaGr8TUvRMapGNoq8ScHLiYMTIui2Xp4Qr3e7eHEsTMkz/Yf/1tr8DMU0lZojFvc/HF1pMfr1TeTwo8fCkR1GJ5wccpWlRO7mIQoMf+eCZTDvv/C93usnCEipQAml+uTeA3NN9VV5nWIRz+elUxJpeM8uzr5FFqfh7grg1dLL2gbId7O79VKZkehtv634gmnB6hFko+Gl7I2v3Ve0Yu5F7PJp/uXzUfgTiVDMK7N1VVKOHn0m3ZhCVVYrT3qrQZVVbaj6SFy/KzSRWgR+1jDALl+3Zwt7lCdePmO7gCbJcJvh4jV+IHxOETEl0hnD2ChC+es41ED+LGO0L70a+7pthooNnkT/ohGYrizuB46NLHtX6NcJsbaBG9+VRaUrpMO7SNn8uSdGbTX65qEru7KnXqyl0ptdfZbD4faWFH9HbDdmz3mvThNulSiFqcji5/wD5YmKw1pr0JiDmRzyqjhuH0ZryU24XPi3jqF2+ARFnyiJ2d+xDFDAQhhePknFftD7QHH8ClGyigZIxMNVaZZ4O9BNbqNv8WRUv5ofBIo0HbNdxoywtc+2gTXbvkVrXPrf15CN4UFCQ3OCOObc+0SfE2WYInyHSxpqXz7yEE6EW+ZntAnc+6oBwO9tUmf/K/GtliH+23+Scwl6nAo2CcHJIBmTtsq72nb0uaXzznF3FrsPc8csdsZjo93+pGiaTu9YsOpy9YLxHfIErV+8gNm3nFIHwWKuGZrWfzbqB0iT72zNSpcXiE/ML3vaUcmlv/4QstIYrtLbI6EZDwOyCfMIL4aCjaZxQwwszAAUbqRM+YcSSRDxtMAmtzDL5X9iBPL5+LY/WuAbfrdgXFPz4+KVIwORX7NNmMA/c/YGN3Zy8PAi0ifsZ/+gXxh8z6ctvU7hdWZEkvX02Bisk/jfTYWKmHmkeUCUsSFHFP81KQAeKinjhAT7JvEaNFPDD9uGj9kcwqw//ACTsOQtHEmtCrPbNp6FaJBvyymMvU1y+1EAzMi0nKRjvz55A0eaXVmyh8vPNnwcMMa5dV6s/vHhZT4vovJBpEkspLCopTdj8j58WzNjklPDsqObXzVQ6PlvxfZPEAwufDX8o/w6Rkb+i/9CUyy4gV+kYUKKzhsEEASjDepCedEbQpcRfmAjf58776ky/vUdXw/WOf6T/L0hfZ3zzornAyLbldUznVBOcCjNbmnVweYgu2isu/E1txcrdp9jC6Pn78vKS5bh9MMA0jEDk5S6rNbY+KsDES+qRORT+uHi3b7kJqvzKSwAzdovXdnh3IDSW4/7WiS0kjPKE+IaXqf8rhHSgxBEAb1k+hiKSK3R++2I0aLmpktuJ3ouVGEKQwhia8mCNUXQ2Dq5obPnOP0yh9bzNqPzbWrIgcJ+3ZOtaQpG7nStJKsVN/oRQ33Qge5QeMRtA4ggiwfUbHTXVJxXNvbJbZzTQyI7VJcHYJwQbXncMRDxUAepD3EL0FGTTZ12vKc5XOPBWpeTzd06xHIqAHWWVoD4eEkpCwd5FRYzpNihmr1mZvEanuOU0uOZgJxCRKLKvib7ihxKU3AgZCWWhcxMxQHgFHBq30XRkwyU/i9nldHcMlaEFs80yxel1PlEgOavJTtBzFeJw3TPOb+nMOQgFumA5TqWWn8PMR+VbSrbdlr2eXA4lJ18FmF3AcNHeGxfvn9vgMQwoYqSB/s2L/zLGxNxGIAfhOclRrEkCy1oA7t46kLMcS0w/5OsSwUhx/FPTAdA8aHXOISLbnBEleZe/o4e1VQG8Uu7eUOXIAhnQI9NsTK0Z/Qbs1MAhdGk3ZJ0CLlPFVz/pf66Ebe5qdXeG6BBEIhM0Y9FZi6R/vuksbfcMSauPRxIGJajau5SKfDiirmEWPEQNFo20l1U9g0PruZe9eAh+S9xr07bu/0y1bsHIus1FVJ5VyOOtOA6qlDr8to46skGkSAbI9XbyLvrKDmpm2yAbVa9xO7DuINfiDfLcgl7NDp5jtheZQJr+0kSUVKnsXXZD12/zgekTHtfB4UPjPdUBrKotALb/dmnwWZ/x8/dQ6sqFWcBBjubq5K1jDa04tjGEMyeTLYRckLGUKKqVKRW/xop4/RKypZLRSFxbX5LGXom24Y91Sf6P6Bmt6MMp2ZyCyPZ9Ap9P1Q6OOMx7RDj9bL9fE5DuoD+DAUZQmKvAT7cI5Tb5SfZpsGH4z2f0BdqlDNX9EFLKMZvPJ2Az3kVPqXZdrSQPGlwJaEadBgHIv4qtvhEsr68zQzRaESsrCybRxovSXul4tFl4z1ytNq8u2JkQGELmhvsZn6+AA1mQ18LPsxUoPhe1Gwi1q0Ul+15r09KiVHBs7KnbFLRcbBA+vQL28yGov1B0kkLmi/BRPNb9xHPU9AVcBoXXNwLmvFl+p+QyXVIEdN8ls19T3N6tUs2BNseFHAiup7DyW3u44C1qoKZ8ZTIjBM8c6zeusV9rTKKmcKEKhkyAbH7zUUs+JCu72NJUv7jh/K9nbznaoEuZL0PVy+6LnTJu2V0lZBUN837edUHEfamm9Iz8PpxytGHr4YxEcmUJ3c7yT405FPAF01+KVpTvEi53GWHmGJxQYlT1z7tfsKBK7ZFIqzrvnjhUoDkGEWHuln4oeFJOWYhJKoddBV/DeHBt5t4ezmg9ZbwW2E/9jz5WG3TfbYrCTq20yG0GYKjbz32xVyDO1zo/ZCNH3tsQ1RBQsoqLadkA5yWMOmlOBcWAIPCiS3mNAScUHrkDU+MSJCF0YrxGAfAZkXi6j9gF49wzbKLpp/wyXrTqkohfdSHG1xKPWVeUewwNU1NNYUMtnpS0NuVyO7P7G8RbaDKffSBRVSEPE6UZwND1f/7cGJFvJR1dq966g4l0/1BM3tQ7GaSigR73J+jtl5Lln85vO2VchF3/5djfv7bBD2TWCOr+pFOcW4iIJ1Q0URfnKyrBTPbKHURIrbV9s/eP6msornngKaKK1RqDrK/rz7uG+j8vM9paIdPFEVYrUpAkzd6WN28KepAvv0wlEn2gPlKyWKpZ20sVkYP1kdChVKAXYEBzzmOzwQHN0mNEWbcFQSrFY3pu67Mtpq8aQgN74rGqopfwWkQUUOzwwRtTjnUUIVskCCcO+MSgxWRNjBJQCk5GuQEJyupY7/b1YuSWWmhHLRc5bplMKhSypkGCmNrEf+sWCp0emaLqaCjSgHEFYxprYnWkbxs4KWEI8C9z17aKwVbqKDAljC2+FEwL1uZXZYl7GrYN6urt51aRz+2OsZ+y0cGjuqApCU/iHt1MzH995mZvquVmuiCeB8S9GYjitDseEjScSfxSWnL9TGuAyz5Zz5zLI//b4re8QXb10WCH6E11PBmsjZY0BjooCGnYhxEtUC+tkOQ4QAYKc+yP7msTp+ZLNqYzqInEecXa9pKq3TPlPZNobD4DykQ+xAOMXxzaxlb7S2R3Ma9v04I7Dls4MGhodvsvKtMHP5IabW2q/OgJtpHltcN36pTaSP80ws0vXTHHXge77+kwyeYxYwXMSsYLTMKH7bsgziTw1djzQt0c8eimjHmGJcEn9FWlUCpkpO0TS
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-18T02:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4b48e7-14dc-4faf-aea6-4a6f950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-18T02:16:07.000Z",
"modified": "2020-02-18T02:16:07.000Z",
"description": "Trickbot",
"pattern": "[file:hashes.MD5 = '3694432ff283b6d928fc9d97e18dee92' AND file:hashes.SHA1 = '2baff313b0db9363816a799f4d2f14b69b420421' AND file:hashes.SHA256 = 'e5591269b1ead7a5bb8d50f6a465e479f3010a611aae1b33caa78a4f7ec16922' AND file:name = '.exe' AND file:size = '307200' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAAQSUlBxnalVpIwDAACwBAAgABwAMzY5NDQzMmZmMjgzYjZkOTI4ZmM5ZDk3ZTE4ZGVlOTJVVAkAA+dIS17nSEtedXgLAAEEIQAAAAQhAAAAUx6+4vIbWrCSs+c50b4w2lLOV0qUHXIzKuoNoBXpnnvFv130vtG97hwAkgR64VmfoAjQcW9R9LSK2kXJuBUo6VwPCPduuy5c8tJRHKJJ1MDzFqFOC9rvjPDTiRBLgrT2vwwc4X46lgGOZFgMlqhihm98QAya7vFP7bdVQxboOWGZkRaGd0lG+v0OCXzUoS0JEXOncgIQUwUCU4kOc6c0cxzxFGBJpzah8cy+GjQ1f74X0+ukuSbPxlQgiCiZdOr516gDsiUSBODONJPly1xirG4hjKdwPnyJXOANv5S7mq1jQxY7gHYvZF7ul37XTwAGqJyi7mMrY6nJxGleNRMeOEsgyjnvTSSKBYLhKy/tD9+7xq6ta1RF4Noryu/0qp3cIseXbazQqNYwkLnOp1JM5AqDqE9k9sV4vXKLGrtQ4l6tjU3xex54XdRC5YW2gkEuQkEmgsv5Dl4GPVYr3wREGcHZOEvuqooC8eI/tnYdtAb22kIxBg/dyLGJ8dYG7ow+FRjZb+FDLt65taiQC5HZ/u3alFxdP3Hw2Do89nRK5ErgVoGjRx/4/IpDWc/U9VV3p1d39l5LbGVKAUjnHC4FczNz04iqAjPn2M06T5UphooGGzRxpNJmb/yoBze1VziJOur2pntk2YnStDQt0IHkQoSZXVCaIpW+5RBeoe+WKl9OmpDux61qe785cWmmVWXOf3PeH4t+/sFgTTNTnewYhFKTSwSBw676QG5v7y6JJfJMw8x4b1cRK7hi8DCRDPINsZQW29GqJjY6eRgAOSvW2CB9WbNSB8FI5zGbdxTGx/xVF5ot8hsvtYcpEW7aM3bmmc8Uvpe1sKJDlWc/xcqvIBcKlZblsgCQfywZhv7nBDqZVYlod/CnH2mSD3o7o5iWyFLsFCpsDuczZBBEjvtEfttjo7SCnmYYS2p6QBp2rwZAInyrf6D0hTZ72C7zSJcynY5bbD4Yq0UNbb95T7IFKJKG1cuhmf/wXo/U65XK16bbIQMscCO8jFM3X/Ar6LhtzxnIsdMMszzT7UuaUCavvdlzm7Ya4pzF9Slju5Xr4E33NwGdBJ0jdmSyP2aTnDaL2vUfxolbDUAFRIYG1p+nHP7OKl7N8amy6b5XwJqM1oENl7dCE6O+JDa40tRZfPZU2xV+UIvoV5eaXzvK9/peXagR8JXT62k0gTC/x+YXkTBSbpOdCA6PpxzeLZKkAG6RjV1mcQdSdspyycIZpYkiqET+DCW0x/vXw85IQQe3qy+qE4v0H2+3wC+b3YHLcOSOz6MwciR0mFMRK4ukLDBCqupd7QjFrkf9+nR2Cvx6kbzUE7A2W+9CcURhg8TxszdPiJ1T8km/eJkeU4GeVdsualBck2bxxoz9pG82oUIKsxo3698S0PywDEJZIH3pI5++DcFyy/plwF8oC8Lu/pu0eO/Y3BVxctwBufAzsBjqOvP0n9g5/ajhmzbBJe2HeDll0NMGKxS0qAgs+0i9AqWTi6375FpjtkwFNSQ8/QTBLAA6erodY4ktXDIxowixwaxhl8BDiaifYq3Wx0nSc2p7rBLoBYzyaclOZqjQNCbBAT/Z0NiBLXxQJB55UIvSmmbhX7Bs89JcCidTAeFLbYq2KOfVjqxQmQU4kq1xPRNQxgsBrc71kCwLbGSVAyNrBXhwKqklTvoNw/o7D6YgsJj3xGa8YlGM9WYbLpb8UYPOMxTbkqk/m+XAfA6J4yRAxycTGHNP7n7IZumXgrlWgILI6FHeT9rdHPOrBvqfuk2YKbOLL6JYfvsMQpf3fP4QkKvykwE0s5Dp5WEJa8hYJVKrhAVHZVAb7kKi/CjoMDahutYpbVyw0XZ1TOyf6x1Jp7axsCezIptnBDcHklpDIZ5wVRDuX8ZeDAfajtO2hyNaOLFoOzwATxrSQOODK9GqkOlCE5Svkx22B4+JROdcOlvwJAeG6qquN+cGZkgdgd6oXuz1zIp5RJJoOJvJzEgr5xWGXh1/2yadJ2sOKzUQWwQQP7VkWvKh6rLotMgAuSgwFo6muiI37XARSYlmht3bweHP5a5bl4hpL+0uaWQNcHJQIIXhGCHRGotxn6MbHdMerUWAnih8pzEGnyojvqToFqLZL9CaqoGDUnGBdnNlG0iDdJUdI9xkfw2ZreRytshnXBqqbrGv0B68sQXLaj8LZrLciG7QaS0fR58YLutmqa3aYJgtTFFshHS+ubxxH3HId7rq6FQ0JTcXq8YumPqVd9UvQ3+DvdUxB5d86/O4EYiYZNCwdAvaPU1lUS1SyXmCyUEqSZzPdWwKP36GZODl3VxMKt7fAAZ6y5eEbyiyNlTvVTe5hI44cD6Tm17miagD4LZubta/xzslBbPpgYPsTKe+lQus3X0dETKowqnBF5oPEkoApbB0vu9l/n3ixzh9DsFwff2n/Q/Yke72VgSZw/HvZwRiPpgpfKsz7xhgxbqhDWnEOEVyN7v+7KgHD/Lq3P4iMC3rf1POQf/qkueRuYAnURHCIejQ8F0VaHpdtkYzcFyNsNw0a7AdrYL0M6q/2f0UMgZCAGVBmoLcg46KYMu/ajUhPkLse15qz9oSXzozE4gOGIZcLA35Gf4UnLgS4WMn4WKvvKcsNJua/4Syqv45W84VW8D4r37QyGFaN23jYv1ze/aY1PvAkLCkCafHoZz+35woE24DSSsITfbKEbLIBj9Hm6X1XfLYhgR1f8dFtvN17MutbdZliTGH5Rcw/uJcQUMWvA6kVYjyBaRQ/6vczcdgZbI+FaIGPIZ2EHrysnv9YCInNi8jzvx5zWfNZhrgA90c4jn6YtkPxwYM8Zl0RxRbNgwsZkwHNCo/AxQYecrT0KYJvhspQo39PNk2P15EHiQ5vTY8qt12SwW4Pggig6xwA2ejbFu3+Z5lQF15ilUwAFgtz024lQDj4UNU3lcmzEaiKFkr8gWWUIs9WG4fLauPtZVMHFUlpBXhS2Ma0Aa9w6VYld3+W7JzX8y+OOOfzB9ci+Rr2mvv6u9m3jCt54yAnKTMqpVqhQ77YPnWrYuHfE3sglSRMC/7CCtuhHCHAUq4KvXqZH/fD2xs5f5hMQ6jGtq/b74S7iRtzzMX/optxk2ZVoggYXRtYBVPN5lj7GmIW7toD5nwgAdyv9M6s6Duv9E4SM7hweWn946QjDfcJmB2KvEQU8wQ/SxAqPG8kY0eugLmVTEiwOFUR7AM3t4/XmPUf0pRvnIDSviTcXPLHDRPH5dwVVug/Tt3O5LpL7NkPdBmH3vAaS8Jo++PxGOKIbzDJ95WB1AkagxSECCDB4nipmxv5NplHkm47Ldt3NGuad0Ql6pueAt1ckHxJw4gBkVPMjeNO8bSidqNXgCpH11iNJfvKjxAHP/w66aoswxqC++Bb+I+oR1TcSzhOOYDM7XlJMo1RMOQnVmAPs8NtpJiW8IYM1LRIw1YLd+SF2dI/Dm7jvzBw3cVU8zac/5OV7hd8tZG5YTincetPUt5aNuBAcO8Cle56Hcva9DWWr7SM+3fCVO1304fDyCuyKNy+l0HqNcg4z4TvMAnASKuejf8GK0arbK4J7AX2HrwS9E2aoPSG8Pq5J2w2ATZjI/Fw/ehmKaQLZL3EzwmgMCjQPl6Ii9gk+7JRuFl6RXYGaWGmNx0vwoSmt0eRtyDM/DSuz
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-18T02:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4b4906-c264-4880-8c75-4c2a950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-18T02:16:38.000Z",
"modified": "2020-02-18T02:16:38.000Z",
"description": "AdFind",
"pattern": "[file:hashes.MD5 = '9b02dd2a1a15e94922be3f85129083ac' AND file:hashes.SHA1 = '2cb6ff75b38a3f24f3b60a2742b6f4d6027f0f2a' AND file:hashes.SHA256 = 'b1102ed4bca6dae6f2f498ade2f73f76af527fa803f0e0b46e100d4cf5150682' AND file:name = 'AdFind.exe' AND file:size = '1394176' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIABMSUlAdLeYOTaoHAABGFQAgABwAOWIwMmRkMmExYTE1ZTk0OTIyYmUzZjg1MTI5MDgzYWNVVAkAAwZJS14GSUtedXgLAAEEIQAAAAQhAAAAyOwmtiVEMexKKCl3jjtS0qphwiyEyr8Z+y+UHVKLmrvQfbIDej//PkwqNd6QmftQZbzKZMDr4HBOh5ObZyhxyk002469zyXA7K3Cp9YFeGUDBZTVxBhhmcf4+hBTOtaxjClfN4J6SyyuprmDQocHPHFaPcbRZVfC9XuGFHFc/qNBffol7VNkEhYruMVJJ1dNolBep972/omw/Tie45qKIFxOrfj+XHMndfcd5RHtsWi+1eQbVN3BWZbmHNB1vp8A2m76emApb/VWFATT8tzunyrKof0wvf+MvLmF0g/aFuZ0+3rOk5UqB72zyWEqEVdbMmMU5PdtTDWXbqLWt+RGZ4rirecOS28dWPTrvCo0WSzz/K9lUgDs3TSQKjRAHRKC7V10sjfjbgfggHDoEYtXj5jfZB7ahjy/UFiwEtwORhnF4zXclOBKdw4agy43LzsjF1H6Z6SffvsqgUiB6Uo7PUZ9c5GZcVAlKm0aonejuVwFrg7liOPhpz2Y3m/+OPxQOhamzBJZAiwWOrEg9c/+kFR2zJnhqm84KSZMNMHRzSKi0S798jBQLGhiygzGunWnVgj9BeJQZN9flh7ayd1ruUNmLxPUBC3OGui38aOYxHKG4X9U1g94kgtyfdJXAW8Fb9AO09W7NJRRazYBScbj9+3dBIvyJXXdtp8Nq/iPHb4ibpJxCNs+wTGWl/QB2GLcsY5H8ToY0FUZoOyl75r8ZvZgoql/Sx9u0G7Wrsu/4Ynlm1mM6D+q7+IYYF4xcfnuXar/qHjJqA9R1mYf+QJvNiWhftWjGGU3DS5jpMT/Lg75SQDn+/rHZgHeUe6kVEOtjtt0Bc2XVlTUO499R0mrYWH0A7xvbQ6hJG1xR46W3hlJOtXZBZApGJ1a90RNG9brERZuWqZdOCRSdGrTozzjLWXATSMdxChuslKs+JFDVTmVMWG9j1008G2rkBzQ99U2JtXo7HyoRtZU1OeUzY6Y7z08EuuBMaud9aqPV7Ufqga5xRIdw/5jtQrNAloL6+hgjpZHKQXP+AMFKdEli7Z7ri95eIE/H23zzT2xZBRO6rje/S2Oz4v3CYcc3Oexk+ulO130OSVZN9LMEjazHXErDH5GJr/iA7YNMxJucdoCHg8bY/jIjCT6xOPRq6tZM8r7orXly2Jb5y559VKErVgSsKKOC9Gz6vS4TkJ1vmUQAP0qYhX2lO8DrzIrsw7tOAmfW7SuHzYrnd756wdZlHfX0hoIsHwSRymFyvZJh04chL5+4A/7CB8O20XvpNledH7IjZ/bSv/LlJnx/2OLTOa5G7QRC/+ZkBuG3FoTqIk14QAS5mK0prlVdQVC1RfXl1tNMT/bzh3MQ6N2QYcQFfnqNfgKrIGKNEZvU5dqxRFtbYHrJgG6iimpRrbRvzUEcu1hpcskyk3NzoagjhwdwCmB4z219XTWmv1TOrbTFvWbTLGFxG4MipAeXXEyR98ysQGdYO7j866RHOXWKVGDgBYif0Ob1Zp4vJzLvyQV7jt1OSgnAL1Z5lJp648s17opzO+enE3eA3h4iD1gebxNZMLH9A+aSBJbiXjVGhCfvRVtPIkoObjMs4vVJc1xFjOQDCUGQDX0oURqc8/GkTdCwU9dK8McxXEDMLe6KMPuqA5S3WyD7g2ncicYulwxPKtYbaUjnxJnsT7P3cTFTM2ZP0g/mAaWYurf5sHV6obRYgW4YPz0VfTjlYjs8lQ9CXfDYjaJMzEfk0caW7hU0ig/AJyMWz6Kyh+wR0KjazOzMuSs6amrs5BzUNmuaOOapNC6rMeyddWoY8aq1+0jw0fPtvFY4MdpC3a4fwyadBRh7hNOQGz8rkguQBdXszY39jJgQtsFONUXFLjnrAR+gr2EoA2ln7168WOUAmWByGg+eLHADz7tFxU9mJ3q0ULHeSsDSL117mWl3xKSGPMwp7/0gPMdI2KIYlMvDCnNRpxQz/wGaASngqWG+JHgJaKcbao++WSmaqUIhjJSI11nFuxDnx6nthbHBGVD4jHpUKZ0bRZIInM/tLrIZd3Rr+oWCvNqoNkPqbKSePOzXidOe03nbehiNWOoHF+70vEkiW7T5Q8ZWesB+6eSDdpQULNJtcRza7EGSgfXf7RDtAk/Mily7uzQOIbojg2E5tvAPBGcASAraPnCOmTnxYGUpstiOaEjIcMexjV0WhBulHqpRLJch2R5Q07M2sk/QW2iiD4elnhIxOSHx8rcchBNHNzNBH+ty2Y3JYfQa8FctZeLlxjnuh9Y1vmtWs7GGAmpol1bL7zyL8TcYMQrdX1KthBpcFjmEERyfC1Q/LtYHAstaUfa9ngGSMlTQt0DwiQ4JfusZW9b6G3SN19zjSMZ38iieh4pAXr5IKcamby4nZC+HaZMlURk34r4/Pljwq0mPyBDbVyTvJX0u6732/Gij4hh5mgM+WhcndoGt1PV6Vg4wd4VUWxDRnVLHQJjQjV5uRye+p0oN0vURIJi9O6S/KKnO2idZLZ04HdTQDAHCUxfHlzJPGITqolwFAkkDRy42XeDChf3UrI/VCd5IlVuYMg0Ku+bWDCnr5wDzt4VBB8qYWREY/DhB9XIvGh0herd7K9v1giEdffemJOWDsmpFE5jh0ORKYv81FAhyrPG04d2a/SpqggWP11t02D8tWKi/HgXwRgXEeTpAMGK/qzmhsqx4dYSWEOe/j8QMsk1AffNMSc0uRUIf7ksbPWvj3mS7fPdERXvnrICIxpg5qjXfpj+Nmm/KUVhJMG8fjAttNMFF0TWEFvENoLh26e1sZnbmePp+pNt6BXmFHhz3DJ3CS+K2xXEG77xu/4iKSvyW1UnG0unb2I27584F7vzofVIIHTwvDYshfml3oIMWewyTstm7i6YUA4RXET53PUha8znv1ezQFFyI34hcZz2HHmyQND3KK9/RelP05urmVzJZ1gAtLWqtg5zyJ3WjfgUkws9d45fsi0u8mc2wR+7cveKcjPcXpLzCQLswfbvlKbbavmED1umQSCkqvxZbCrhkHa88DZhDBLVxhuGwoUvP85psP9fTo+0n3DoDQeUBJ3tvuZMBTOQRb4nQXqOilcgW0iiNIO8fX3PntS0shgt5okYYWxOGJmFxEWubLe+48F51p0N6tM5Gud+sALiKrqV81z0ZetatGGzEqmQKJNecWEomOOcGb0al3EjCMR7HjWOTcLR0QMP1dYVs0/GV/E7DN4EaqvbSbEjen7APXczFBPtvnoz52DnowhG0Bs6rR+sevePy3p/a7F0Z4n55rE3LzxptqpOdHp0hbVqLxkkCNlam5jLiejAl2fYdGzsmTVean9DAVB/PZ3vRjVfF2LHHhEclS6P78iOznK7uOZrYT9pT9yo8Ke5P4/4gZ3V7NOv7xiFoGhtKhIna4zfIHRph5BOMlPCfpyvZTw4U4EgPXBRIv3/V1vL2JveCdCdbg8tPHGzBqWn+AXIwIGrnLMl6RU0tdOGHumPfzmNJKbwCGMdlW3349uvZ2yO6/q9gJFSxtI5Utn80e5wCzb/KMat7oGkOK2btWD7lgHc8K8IG48jPlYivbxbK4j6oBu7+sZ9c20VKDngQJocd5atPllBGPiZjL06Yt3Xkw13pBPftv4fqPSZ1ASuSVCvqXLMbTz5wpsQro6rfPZ
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-18T02:16:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4b4960-5bbc-4e05-aee6-4127950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-18T02:18:08.000Z",
"modified": "2020-02-18T02:18:08.000Z",
"description": "AdFind Recon Script",
"pattern": "[file:hashes.MD5 = 'dbbdb5aa4a033fcae3b699e169706bfd' AND file:hashes.SHA1 = '73c0b77442e5aa91fdefcfedf0e43efa7b7cac04' AND file:hashes.SHA256 = '2f49676e70ad99b0136132183e197cbd88eb294d3ed4048da7f607f2c21f6df9' AND file:name = 'adf.bat' AND file:size = '493' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAEQSUlDk2jvG6wAAAO0BAAAgABwAZGJiZGI1YWE0YTAzM2ZjYWUzYjY5OWUxNjk3MDZiZmRVVAkAA2BJS15gSUtedXgLAAEEIQAAAAQhAAAAJPSdiGn3gE6webJKL98fJFkqBKM+q4nHsGaPyMLGZfwO0ds9rEE6OxFpjbd7w0O3B49qYD7ENp9DC6rgrCLLNncIcCKKuYbP48+NUcVl7jGrfuM6aQJV4gOJSWHgDGhy2qO2/IJsgYMFpA5O4Dkiy/Tx+n/GAo8Z7Av59cea8LQ7pnpPDxEN6C9vTC9ecbNslXYke1VFOFdvTrcT+huiCuiYEqFJ+PSrEA3QXq2+I4EyOO1ZiBbZp8XtHoHFh0pJ93xSP7/OzBodFyiTyiqscq1BzHnaZy5sq1VJ5fLxOAPJ/RLOUqicnbVbRFBLBwjk2jvG6wAAAO0BAABQSwMECgAJAAAARBJSUA5/ihUTAAAABwAAAC0AHABkYmJkYjVhYTRhMDMzZmNhZTNiNjk5ZTE2OTcwNmJmZC5maWxlbmFtZS50eHRVVAkAA2BJS15gSUtedXgLAAEEIQAAAAQhAAAA+M6RjWLOVY8s6LnDd9+lgrFBpFBLBwgOf4oVEwAAAAcAAABQSwECHgMUAAkACABEElJQ5No7xusAAADtAQAAIAAYAAAAAAABAAAApIEAAAAAZGJiZGI1YWE0YTAzM2ZjYWUzYjY5OWUxNjk3MDZiZmRVVAUAA2BJS151eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABEElJQDn+KFRMAAAAHAAAALQAYAAAAAAABAAAApIFVAQAAZGJiZGI1YWE0YTAzM2ZjYWUzYjY5OWUxNjk3MDZiZmQuZmlsZW5hbWUudHh0VVQFAANgSUtedXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAAN8BAAAAAA==' AND file:content_ref.x_misp_filename = 'adf.bat' AND file:content_ref.hashes.MD5 = 'dbbdb5aa4a033fcae3b699e169706bfd' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-18T02:18:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4b4971-e698-46cc-81fc-418b950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-18T02:18:25.000Z",
"modified": "2020-02-18T02:18:25.000Z",
"description": "Add User Script",
"pattern": "[file:hashes.MD5 = 'c872ffd205753b7331e18c96e5274393' AND file:hashes.SHA1 = '6529f55f28cc1411af98db6586a965df49479573' AND file:hashes.SHA256 = '77aebf8c0fc3caa445c5b8130cf69a988e625ccf45d89118cd30d90021a58436' AND file:name = 'addUser.bat' AND file:size = '1785' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAE0SUlAJZzkExAIAAPkGAAAgABwAYzg3MmZmZDIwNTc1M2I3MzMxZTE4Yzk2ZTUyNzQzOTNVVAkAA3FJS15xSUtedXgLAAEEIQAAAAQhAAAACSzUVQf3Mp8l2K1QC8MTKQ5e9WueVCj6SecupIe/iE6pOsHxvz9NvQq+4FAwUfQnLNcARTfwyVrUBepKc5AS6OITBPMWfreuv6H/iQ1cZ+SVgkzOhIaIh2VJQ4rQEVvFq8WfJS233QCttQuA1tc7rbk24II06G7AoIkxp9AKGo7eXw0vUiI3sg/2YMIBKJ2cvwBOLVG7AqaLqu3qW55MbIsS4aEJTGSGYadgKHgEgH0q5F79um8Vot4T4FOj9KXsReUJ5bxpJAVZ28ibDKMWDoX1ZjJKEwv71t600fk/MTLlhELUTLmpFwNLoHPO7SaXsNa1FF1x4O/so+LcwsjEYfgWsZMk0dSJu6JD+p3sXw1cuewJPhFwntmF9vJp//BPHcLJqGPiXxVnEnJn1kaXMWiTlhKWSUXgL/pJDhN+8ySOxvxY+5f9yjzH5S62o9xGGmUwsMQ0BxB1c/Q6N3671lRhzR8+C3lTAR5W/K3qo4MBuvT4Z0LjPHKgIwv5lkjssqAvSUWMN4BXLV0XwhB3OKIuJyPMjxtuQbHzy2xgCRPZjds4IjJwVhFeYZtdczAVnYlJviAWr+3BZPl3729tS3uu3J5GRGjXL/egTC5eTTjo6mwMYZNQluHojhXBhTw/BAwsO6X17FTLwnjfixWgY1Uz002lVdSj5zB8lnvflucSnfc288Z6S1uBSe8ScqwPQ0vBnzNWpH6KURdEc6o8uEVcwPCu7UxZbYrvYahqd75r6biBoF+UW5dpcihGbmzKPedwjs497Y5ExrC8o/xK/p7aZt3k8h6abG9vFGqsxM2yfHsc+pxsTOzQ3Eyqf33edZDC+BiWsM6LQWdN9kIIuVzy9N9FADnpMoQgBUBmqdVoSxhPDCIKthlNU23hdL6vU/166Pb781MoXxAt7yFytDF8YZ81oxVC4cF6PnFDHmNDwm89UEsHCAlnOQTEAgAA+QYAAFBLAwQKAAkAAABNElJQZL4DGBcAAAALAAAALQAcAGM4NzJmZmQyMDU3NTNiNzMzMWUxOGM5NmU1Mjc0MzkzLmZpbGVuYW1lLnR4dFVUCQADcUlLXnFJS151eAsAAQQhAAAABCEAAACD8EuCTdDWROcP20nJysedbs6/aLqUUVBLBwhkvgMYFwAAAAsAAABQSwECHgMUAAkACABNElJQCWc5BMQCAAD5BgAAIAAYAAAAAAABAAAApIEAAAAAYzg3MmZmZDIwNTc1M2I3MzMxZTE4Yzk2ZTUyNzQzOTNVVAUAA3FJS151eAsAAQQhAAAABCEAAABQSwECHgMKAAkAAABNElJQZL4DGBcAAAALAAAALQAYAAAAAAABAAAApIEuAwAAYzg3MmZmZDIwNTc1M2I3MzMxZTE4Yzk2ZTUyNzQzOTMuZmlsZW5hbWUudHh0VVQFAANxSUtedXgLAAEEIQAAAAQhAAAAUEsFBgAAAAACAAIA2QAAALwDAAAAAA==' AND file:content_ref.x_misp_filename = 'addUser.bat' AND file:content_ref.hashes.MD5 = 'c872ffd205753b7331e18c96e5274393' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-18T02:18:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e4b49a2-40d8-4a64-93de-440d950d210f",
"created_by_ref": "identity--5e16d2bc-5c68-4ef1-bc80-47f5950d210f",
"created": "2020-02-18T02:19:14.000Z",
"modified": "2020-02-18T02:19:14.000Z",
"description": "Trickbot",
"pattern": "[file:hashes.MD5 = '9efb4a465942dc094a5a57e055fd608a' AND file:hashes.SHA1 = 'e1348386da5af1903766352d4a224d859933e941' AND file:hashes.SHA256 = 'c93a357ea1772eb376ec4528d7a6bf8cfac31d9b9b4fc5455dbc369d6bde3583' AND file:name = 'dxgmtdk.exe' AND file:size = '139264' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAGcSUlDz2wjfl/gAAAAgAgAgABwAOWVmYjRhNDY1OTQyZGMwOTRhNWE1N2UwNTVmZDYwOGFVVAkAA6JJS16iSUtedXgLAAEEIQAAAAQhAAAAvUcfk4N/hmIqwAKLQ2MJupY64PaVVek3UZX/hh7FrO3ntsdGIniVqpMSvuAsRxYBTefT7C9MKvxnR2RkT8SrkwQ4aoe3hW76ltttisv6+asL4uoP/GBc3X5QjO5iLU76Y2Lxa+i8MibdrIsseLRa7ogyJWu0xpZEPklz15FAtJZU3pMYvU8AXClLqKvQff4dJID8ud3XFbF33ar7HsBXrC/vEDZnYvPAHV+jf7lTbrgSIAjcggRXAgrCF2v1d+TLBTFlLsMNtxZcUXLbDs/ZSwyrROWQ8heQt2jraj0yCMcupaL/bwdNZ32R3lNmKIDNkAfIL+XP9gxh/Fgr2b1QbAfdFahAkvBGFCbBfp+OzacAjqosyFH450lD5CMQtRiHjsIhzJgFRJbZ1mPFuq9msJBqGPVLk9erycV5qV58XX4qPPprqh2HXk37mMccq9FWeEbqzH901kV6uZhI35KXg+/OAUCCcpMT/fqJG1GdWJh0UkqTp0NHmIo1Pne5iCCmkLFkP/omTfp8YRVebxaaImG4VrOExya55yhEaAjzJNajopdtRKdJoBO+Kq24Ehl0qt5R6IqsFll1w3yq9qdAPNc+mQDk18W6u4g/wKmWwBaoLCMRkdHfmIp9PhafIpkq43IwGx7SR/FJy/GFpaw01HZSSYcA3jz0q3ZF6txkrZpklT0t7kXRDtJbFITE9hCjFPHovua48z8okHs8hw6TdR/zN60HDEMp38jDFS6kMMYneRZ4vuJhQMz8ei2rSWGrwfyd/cTGT5ggWd0mNljb5aIf8vhdvsxU/TmzBsAOMKECgjkp6+Gj6j2VtrBqvwgGLzMbrAcrErqqd/oojiQF7AoY3XvltxdtvyIWD0HpMh/tJVGuX76lYGr3T9lsPWr+nIRenyi/XSW0rBMG+V+sN4DJrnBna/SnQWvFXweB4p2uScfu/oYT1N4PICGuaztZKFWFlYzxj+3Wi+tYjDG42TRTazK4t8bO6Y8xen6u2OrV6Hm6Tc6dOu+NGr8JfUlK3rku2zPkUyT4qkl2ByOYnbiC5aWRyJ7UQQNY9fXJ5Mc7UIOD6BLs/FBrS1dNp8yElYgm7CAa40wOy6eSLnR5eNRmboHheoVmafQTEyfqLNw211B6D9qJ0edfTTIF8EJCDWailYmTaNZH4qnszl8INiFadrRVcYiaJ1GmL2P9HbO4Bd8UXKm73aGqbZe6J+9MrRZ/tVOD/9BeNGv60tFBPwtnq4dxTHTuEQzqtjJJifgXJKkEtsR+tMYlk4HBS3Duha6ClH3ys0GvexRVDZYJ17nIijT7n/PnvJDjfjSfScpNfXq3bqEBxH9SaIuAvGo74lBmTjs/WdW1pEOzy7r0ixssfKlYS9uIN/t2jvSHDq4oq0Ywmf8aHyUl150rOcdREFPTfEN4nAuIIz9wSVcB2zR/QAZax0/voZ922FJw6u0K8onKcCju8LJWaa9kGjTXFRWhXMXzamzlKaZsf4Hs/krWjjgyXf/vUkfk3+tMCTGl5KwijvezmzQ7OALA5n8R9Z3UYxqfGYc+KTMxHmTLd/GoT14tL/ZOxuUjdeXiHYfSFRO+NfwX24De2XXFY52ROc9KJmUM1ZctIY8Vr2k+ps3YpTDHbokPoXANP4aUMF1g4lK8IFv7x0kCoVuYv6YnM4oHmwP6PzbN21kseNzgcQ7ry+cMENiMugpsWCn+u3LQ/En8DFhw/tkbVmUp8yZlMA8BgxyJ7nnTV8KA1rw/fIzaEBKW8JqvmEx6A9yDHfRcGOWmQgrzdEJpwflH03nkLTIRIfD+QLXvkh9QkrJsxX6fxkFpRIx08VsTG+Ir6cCaL/D43ZAaZPxm+cKJy+Q3bAGvB2SFrY35pEOPcN9pOKyWYv8MNw4/6cP1tncyhN3CKK9qm5YC/eqwb7tvSmy7HK/Z0IObXePisDPU4+dBbygaERJEtqKSw+5+/IEEtYnYfY/vbmIjBNgbNAmRe6DwOixhhV3VDLykdOCLczj59rzVEiK2tw0jnuzJZ9hhx8deLHNcy0vfbKbIhn4VtQMgJSJmTIxhh0OURSWuGlHEJ17a1wHJ84iyj8rMd3IEKzO7wO6UPnXxICr78mBLoT//ZpIlwl7t+xovM5v/1RWeq++SietImNlxHwUM13YP4J2FfQvDItkwSntkKwFzYqhOL6tSuyMK9tF/eiXRaATYzqgsCTptNfJ4+TlyDCIJQPykX9iMz8/0242+oRIBYrV7Z+PYJXhj8Xwvtz5Xz3qCj5L5QEQS8gXJmFtenxqo0wNgDKQYF/GUlLmgVNKSI/jseAQ+nMwfbl0v2byADZteboUyCHR5lIDkE/5NfAYcS4jJaoYdnXTbiY6LTekKQYk2MO2e8FO2hVHAoOihSFOVA+3zpdJ9rrjrdScBuLfHEVF0mrjXC+3enSNUz+BhgISV1hiHCqeIqmitv6zEOnc8docmoimvcZJiFw2ClbRc8KIK6OAYq6IU3S2cWH1iM0au1sdXunmv27WQiIFyYDQDFKNHenx7p6H+ktlou0GvY0GNrkYT1aQAfSIHLlrnbHY72OAQf/TxEjRZkDoc2jvfZhxmMqVGS5SVUOJNcgDACs1AgIb1yzcZ45KO35gpFoB8bu6ltfR88sGwQ/MDPANE/szB4zA/tmXusgcxqudd7Tx57gXthX4x5rMJfiMwzc1LHIXVKFbE5DpwjKDMSEGyGvd7il6Y6RBlk7KRiwlbnOoItJGujVfam3+HRZ09N7Jla4tQTscV4FNS9na+YVan91XoQLuot4fGYwItUbPHaOBZXDKH+597WV2vGYwm0X3CiqI7eO9/X6GdCx/ARL4+pSscJs2FyHEgULJD2+yEzJpVNrlANuO3HrFviZh++tK2usgwSA5NG6td1pIZdqLHpu+PRd1FIt+SQ/M1nyqqBEruauJkQwit6I9kVWPr2tQ1sVryOvSlp67RW5K4YelFkSLFvROBV69zvH//TQl1GWb7YvFy1974tsMgRwy8flGmoQ9Kt2CvCsnCDwdml9SYc69V3FA92Sa2qGswtvcqDmxf3il7d+BbtKZVaze6uouFQrHL8Tap9oFvJS/iQTOGNtEaCtvYXeJp3dSMvFe7zCyvwJFlT8hoQQB6OFIr/WxJi6388iqRMEAlbV74PscyhRslTyu2NuBuKzD9AC9nTY/9ssHeT++MCfArlaDx6WfFrwQaeYnlasHZ6Xc+1wgxcl9UO+Apbh5Vn7IYCjON1oDW1u6xaMTHoS5K19/PL7cRfuM0b/umflsBokbbZYhDbOACP5cHQqfbkXkgzywawKTYjZhb4fl93zHgfGmhr/iVfjqndDPNhxL4EG4k0ECtBzdr3v2vBktqpQdT3DjV4WST28bNFOVh8/0TxedZ1SFF8XUcssML+7HkrlhfONMnL2aVj8WHYj303VELtJ/kgN2doWxICVmbWf1fLjNYO//eplWujf9iH5x0S/++aVFFWSFwEetGq4mbiEvD+FuEFJR9OOtOLOFUrAvNSMOjxnm4DEL6H+qMrjOMR3vOgTWMNv9O9YX1+lrbNaqRv8qV9HEvUAnW8TWv6NU0YeicDSperqD7ilnZB10c77tza1F8OqyJMOIZaGYHvC7yVJSB/Ak5aIr95ETFUaRkfiRjxYk
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-02-18T02:19:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}
Reference in a new issue Copy permalink