adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5e9f7d98-9fc0-4e7b-9d54-41a4950d210f.json

1914 lines
826 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5e9f7d98-9fc0-4e7b-9d54-41a4950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-30T11:27:24.000Z",
"modified": "2020-04-30T11:27:24.000Z",
"name": "The DFIR Report",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5e9f7d98-9fc0-4e7b-9d54-41a4950d210f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-30T11:27:24.000Z",
"modified": "2020-04-30T11:27:24.000Z",
"name": "Trickbot to Pyxie",
"published": "2020-04-30T11:27:33Z",
"object_refs": [
"indicator--5e9f97fd-0f40-4a30-b048-4f81950d210f",
"indicator--5ea785ab-f3f4-4c58-8214-b165e387cbd9",
"indicator--5ea785ab-a6f0-421c-bc79-b165e387cbd9",
"indicator--5ea785ab-2eb8-45e9-9f7d-b165e387cbd9",
"indicator--5ea785ab-cd5c-4954-bae7-b165e387cbd9",
"indicator--5ea785ab-9bd8-40ea-a6b4-b165e387cbd9",
"indicator--5ea785ab-6b80-4db7-8ab2-b165e387cbd9",
"indicator--5ea785ac-ed04-48b4-a56e-b165e387cbd9",
"indicator--5ea785ac-b98c-4218-ae49-b165e387cbd9",
"indicator--5ea785ac-907c-4399-855a-b165e387cbd9",
"indicator--5ea785ac-7f00-4658-8150-b165e387cbd9",
"indicator--5ea785ac-1be0-483d-894b-b165e387cbd9",
"indicator--5ea785ac-9e94-4a9b-86a4-b165e387cbd9",
"indicator--5ea785ac-1270-48ce-9661-b165e387cbd9",
"indicator--5ea785ac-5000-4479-a551-b165e387cbd9",
"indicator--5ea785ac-0df0-4dee-9c44-b165e387cbd9",
"indicator--5ea785ad-e45c-43c9-83dd-b165e387cbd9",
"indicator--5ea785ad-2c78-48e7-920d-b165e387cbd9",
"indicator--5ea785ad-5d90-4e43-ad7d-b165e387cbd9",
"indicator--5ea785ad-d2c4-4764-8a83-b165e387cbd9",
"indicator--5ea785ad-87a8-4744-acc6-b165e387cbd9",
"indicator--5ea785ad-3554-44cb-99bf-b165e387cbd9",
"indicator--5ea785ae-5af0-4ab7-80e2-b165e387cbd9",
"indicator--5ea785ae-3d20-499a-a120-b165e387cbd9",
"indicator--5ea785ae-f340-46d5-ae6d-b165e387cbd9",
"indicator--5ea785ae-c7d8-43f0-a1be-b165e387cbd9",
"indicator--5ea785ae-1ba8-43b5-a397-b165e387cbd9",
"indicator--5ea785ae-ba34-490e-97fc-b165e387cbd9",
"indicator--5ea785ae-35bc-419a-aa37-b165e387cbd9",
"indicator--5ea785af-c000-43f4-a230-b165e387cbd9",
"indicator--5ea785af-0028-42d4-aa33-b165e387cbd9",
"indicator--5ea785af-3cac-4f9c-a173-b165e387cbd9",
"indicator--5ea785af-7654-4b4c-8f56-b165e387cbd9",
"indicator--5ea785af-3a88-4352-9c23-b165e387cbd9",
"indicator--5ea785af-ed7c-4eed-a225-b165e387cbd9",
"indicator--5ea785af-e9ec-41be-8a0d-b165e387cbd9",
"indicator--5ea785b0-b2b0-419a-9800-b165e387cbd9",
"indicator--5ea785b0-541c-463d-9a3c-b165e387cbd9",
"indicator--5ea785b0-5f68-4443-87ba-b165e387cbd9",
"indicator--5ea785b0-83b4-41e9-b1fd-b165e387cbd9",
"indicator--5ea785b0-db90-4684-a3c7-b165e387cbd9",
"indicator--5ea785b0-a078-4a2d-a148-b165e387cbd9",
"indicator--5ea78696-6134-4bf2-8f13-bf44e387cbd9",
"indicator--5ea78696-eae8-4c29-b450-bf44e387cbd9",
"indicator--5ea78696-cccc-4184-931c-bf44e387cbd9",
"indicator--5ea78875-5b30-4963-842c-c300950d210f",
"indicator--5ea78875-23b4-44be-a026-c300950d210f",
"indicator--5ea78875-58b8-457e-8b3f-c300950d210f",
"indicator--5ea78939-329c-4cc7-a52c-e408e387cbd9",
"indicator--5ea7893a-fe28-4e1e-949b-e408e387cbd9",
"indicator--5ea7893a-f068-4ed3-ad40-e408e387cbd9",
"indicator--5ea7893a-da1c-4f28-bee7-e408e387cbd9",
"indicator--5ea7893a-3068-46a6-b465-e408e387cbd9",
"indicator--5ea7893a-a5f0-4b33-a17e-e408e387cbd9",
"indicator--5ea7893a-4078-4baf-aa34-e408e387cbd9",
"indicator--5ea7893b-1d8c-4c7a-8b36-e408e387cbd9",
"indicator--5ea7893b-c494-4ce6-a321-e408e387cbd9",
"indicator--5ea7893b-bbb0-4af3-af48-e408e387cbd9",
"indicator--5ea7893b-1348-4fb6-afd3-e408e387cbd9",
"indicator--5ea7893b-bcb8-4855-8bba-e408e387cbd9",
"indicator--5ea7893b-2f04-430f-860b-e408e387cbd9",
"indicator--5ea7893b-99e4-4b55-a759-e408e387cbd9",
"observed-data--5eaab577-fb70-4585-9d92-4210950d210f",
"url--5eaab577-fb70-4585-9d92-4210950d210f",
"indicator--5e9f7dae-9544-48cf-8295-40fe950d210f",
"indicator--5ea78354-c6a4-4698-bb37-69bd950d210f",
"indicator--5ea783bb-2a1c-48fd-bb79-4b76950d210f",
"indicator--5ea78453-1750-4d7b-9b04-4b38950d210f",
"observed-data--5ea7848c-6f44-4c88-b135-2911950d210f",
"file--5ea7848c-6f44-4c88-b135-2911950d210f",
"artifact--5ea7848c-35c0-4f7c-862a-2911950d210f",
"indicator--5ea784e8-6f5c-43a1-94ae-7fe1950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"trickbot",
"PyXie"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e9f97fd-0f40-4a30-b048-4f81950d210f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:17:46.000Z",
"modified": "2020-04-28T01:17:46.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.169.6.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-17T00:00:00Z",
"valid_until": "2020-04-19T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Cobalt Strike",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ab-f3f4-4c58-8214-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:20.000Z",
"modified": "2020-04-28T01:25:20.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.89.115.112' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ab-a6f0-421c-bc79-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:20.000Z",
"modified": "2020-04-28T01:25:20.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.141.27.225' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ab-2eb8-45e9-9f7d-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:20.000Z",
"modified": "2020-04-28T01:25:20.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.80.212.114' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ab-cd5c-4954-bae7-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:22.000Z",
"modified": "2020-04-28T01:25:22.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.182.210.178' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ab-9bd8-40ea-a6b4-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:22.000Z",
"modified": "2020-04-28T01:25:22.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.119.113.60' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ab-6b80-4db7-8ab2-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:21.000Z",
"modified": "2020-04-28T01:25:21.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.235.129.199' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ac-ed04-48b4-a56e-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:14.000Z",
"modified": "2020-04-28T01:25:14.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.234.72.193' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ac-b98c-4218-ae49-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:14.000Z",
"modified": "2020-04-28T01:25:14.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.5.250.200' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ac-907c-4399-855a-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:14.000Z",
"modified": "2020-04-28T01:25:14.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.14.29.141' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ac-7f00-4658-8150-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:15.000Z",
"modified": "2020-04-28T01:25:15.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.99.2.197' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ac-1be0-483d-894b-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:15.000Z",
"modified": "2020-04-28T01:25:15.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.234.72.50' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ac-9e94-4a9b-86a4-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:20.000Z",
"modified": "2020-04-28T01:25:20.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.5.250.201' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ac-1270-48ce-9661-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:19.000Z",
"modified": "2020-04-28T01:25:19.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.170.61.186' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ac-5000-4479-a551-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:20.000Z",
"modified": "2020-04-28T01:25:20.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.12.209.159' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ac-0df0-4dee-9c44-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:15.000Z",
"modified": "2020-04-28T01:25:15.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.99.2.44' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ad-e45c-43c9-83dd-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:13.000Z",
"modified": "2020-04-28T01:25:13.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.89.115.108' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ad-2c78-48e7-920d-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:14.000Z",
"modified": "2020-04-28T01:25:14.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.68.120.58' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ad-5d90-4e43-ad7d-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:13.000Z",
"modified": "2020-04-28T01:25:13.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '164.132.255.19' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ad-d2c4-4764-8a83-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:14.000Z",
"modified": "2020-04-28T01:25:14.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.251.185.164' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ad-87a8-4744-acc6-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:13.000Z",
"modified": "2020-04-28T01:25:13.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.250.250.69' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ad-3554-44cb-99bf-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:13.000Z",
"modified": "2020-04-28T01:25:13.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.250.249.170' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ae-5af0-4ab7-80e2-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:12.000Z",
"modified": "2020-04-28T01:25:12.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.123.237.105' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ae-3d20-499a-a120-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:12.000Z",
"modified": "2020-04-28T01:25:12.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.214.13.2' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ae-f340-46d5-ae6d-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:11.000Z",
"modified": "2020-04-28T01:25:11.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.129.104.139' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ae-c7d8-43f0-a1be-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:12.000Z",
"modified": "2020-04-28T01:25:12.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.112.157.42' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ae-1ba8-43b5-a397-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:12.000Z",
"modified": "2020-04-28T01:25:12.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.129.134.18' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ae-ba34-490e-97fc-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:12.000Z",
"modified": "2020-04-28T01:25:12.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.161.253.190' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785ae-35bc-419a-aa37-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:13.000Z",
"modified": "2020-04-28T01:25:13.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.100.19.18' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785af-c000-43f4-a230-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:09.000Z",
"modified": "2020-04-28T01:25:09.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.29.215.114' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785af-0028-42d4-aa33-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:09.000Z",
"modified": "2020-04-28T01:25:09.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '171.100.142.238' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785af-3cac-4f9c-a173-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:10.000Z",
"modified": "2020-04-28T01:25:10.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.136.178.52' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785af-7654-4b4c-8f56-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:11.000Z",
"modified": "2020-04-28T01:25:11.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.6.16.68' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785af-3a88-4352-9c23-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:11.000Z",
"modified": "2020-04-28T01:25:11.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '110.232.76.39' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785af-ed7c-4eed-a225-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:11.000Z",
"modified": "2020-04-28T01:25:11.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.50.6.122' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785af-e9ec-41be-8a0d-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:11.000Z",
"modified": "2020-04-28T01:25:11.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.12.161.194' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785b0-b2b0-419a-9800-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:08.000Z",
"modified": "2020-04-28T01:25:08.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '36.91.45.10' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785b0-541c-463d-9a3c-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:07.000Z",
"modified": "2020-04-28T01:25:07.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.227.147.82' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785b0-5f68-4443-87ba-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:09.000Z",
"modified": "2020-04-28T01:25:09.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.9.77.56' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785b0-83b4-41e9-b1fd-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:08.000Z",
"modified": "2020-04-28T01:25:08.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.5.231.188' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785b0-db90-4684-a3c7-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:09.000Z",
"modified": "2020-04-28T01:25:09.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '110.93.15.98' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea785b0-a078-4a2d-a148-b165e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:25:09.000Z",
"modified": "2020-04-28T01:25:09.000Z",
"description": "On port 449",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.171.101.169' AND network-traffic:dst_port = '449']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:25:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea78696-6134-4bf2-8f13-bf44e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:36:26.000Z",
"modified": "2020-04-28T01:36:26.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.248.245.71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"PyXie",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea78696-eae8-4c29-b450-bf44e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:36:26.000Z",
"modified": "2020-04-28T01:36:26.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.206.144.40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"PyXie",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea78696-cccc-4184-931c-bf44e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:36:26.000Z",
"modified": "2020-04-28T01:36:26.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.189.145.132']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:36:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"PyXie",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea78875-5b30-4963-842c-c300950d210f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:36:25.000Z",
"modified": "2020-04-28T01:36:25.000Z",
"pattern": "[domain-name:value = 'teamchuan.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:36:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"PyXie",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea78875-23b4-44be-a026-c300950d210f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:36:25.000Z",
"modified": "2020-04-28T01:36:25.000Z",
"pattern": "[domain-name:value = 'benreat.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:36:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"PyXie",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea78875-58b8-457e-8b3f-c300950d210f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:36:25.000Z",
"modified": "2020-04-28T01:36:25.000Z",
"pattern": "[domain-name:value = 'tedxns.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:36:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"PyXie",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea78939-329c-4cc7-a52c-e408e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:40:08.000Z",
"modified": "2020-04-28T01:40:08.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.251.185.186' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:40:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea7893a-fe28-4e1e-949b-e408e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:40:08.000Z",
"modified": "2020-04-28T01:40:08.000Z",
"description": "On port 8082",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '170.238.117.187' AND network-traffic:dst_port = '8082']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:40:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea7893a-f068-4ed3-ad40-e408e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:40:07.000Z",
"modified": "2020-04-28T01:40:07.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.119.159.147' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:40:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea7893a-da1c-4f28-bee7-e408e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:40:08.000Z",
"modified": "2020-04-28T01:40:08.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.156.202.251' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:40:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea7893a-3068-46a6-b465-e408e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:40:08.000Z",
"modified": "2020-04-28T01:40:08.000Z",
"description": "On port 447",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.99.2.152' AND network-traffic:dst_port = '447']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:40:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea7893a-a5f0-4b33-a17e-e408e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:40:07.000Z",
"modified": "2020-04-28T01:40:07.000Z",
"description": "On port 8082",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.176.135.102' AND network-traffic:dst_port = '8082']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:40:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea7893a-4078-4baf-aa34-e408e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:40:08.000Z",
"modified": "2020-04-28T01:40:08.000Z",
"description": "On port 447",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.12.209.176' AND network-traffic:dst_port = '447']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:40:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea7893b-1d8c-4c7a-8b36-e408e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:40:07.000Z",
"modified": "2020-04-28T01:40:07.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.12.209.244' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:40:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea7893b-c494-4ce6-a321-e408e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:40:07.000Z",
"modified": "2020-04-28T01:40:07.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.254.164.243' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:40:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea7893b-bbb0-4af3-af48-e408e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:40:07.000Z",
"modified": "2020-04-28T01:40:07.000Z",
"description": "On port 447",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.182.210.30' AND network-traffic:dst_port = '447']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:40:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea7893b-1348-4fb6-afd3-e408e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:40:07.000Z",
"modified": "2020-04-28T01:40:07.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.89.115.121' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:40:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea7893b-bcb8-4855-8bba-e408e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:40:06.000Z",
"modified": "2020-04-28T01:40:06.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.196.247.14' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:40:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea7893b-2f04-430f-860b-e408e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:40:06.000Z",
"modified": "2020-04-28T01:40:06.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.189.42.81' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:40:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea7893b-99e4-4b55-a759-e408e387cbd9",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:40:07.000Z",
"modified": "2020-04-28T01:40:07.000Z",
"description": "On port 80",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.9.77.142' AND network-traffic:dst_port = '80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:40:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"trickbot"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5eaab577-fb70-4585-9d92-4210950d210f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-30T11:24:39.000Z",
"modified": "2020-04-30T11:24:39.000Z",
"first_observed": "2020-04-30T11:24:39Z",
"last_observed": "2020-04-30T11:24:39Z",
"number_observed": 1,
"object_refs": [
"url--5eaab577-fb70-4585-9d92-4210950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5eaab577-fb70-4585-9d92-4210950d210f",
"value": "https://thedfirreport.com/2020/04/30/tricky-pyxie/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e9f7dae-9544-48cf-8295-40fe950d210f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:16:19.000Z",
"modified": "2020-04-28T01:16:19.000Z",
"pattern": "[file:hashes.MD5 = '81ee8c62fff641b99f3e5ac83c575526' AND file:hashes.SHA1 = 'cdde976a0d485e91c9e304eeac91eab5b19126c1' AND file:hashes.SHA256 = '4dc82acf2a736e9cbaa39b5decfa943177417ad88d995ebe7fba79d9d0579849' AND file:name = 'dmndfkle.exe' AND file:size = '532480' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAHW5lVAMODUqYcMEAAAgCAAgABwAODFlZThjNjJmZmY2NDFiOTlmM2U1YWM4M2M1NzU1MjZVVAkAA659n16ufZ9edXgLAAEEIQAAAAQhAAAApDDgPfzLy28y//wUizUEEBU/52J91+Q4Jy4Mq+iXSG8pfG0khRRBc+C5fdbZKt2bXj58dg0R3C9htyCBrmpU/cmRZ01dOoadqe7wL57U3KQ+SgZlOXkryYUDKsKUFo91jYRzBgMCtVMhlV10LrXcHKhfsn89gUDoM8kwaLPb2p/LtuyFbp/nQgLu6qAkSk0Bltinzq+ah+MOWh00XHKg3JugeCTiggVUvYBC1FK+prr884bpio0AVJRc3yr/oqepLi/tPTAvfa6okWqFrgUqeO7cJa2vg1I/3B2+JE48TpmACRlCw4F90gSPMWCK6WZ6DavBDaQkiMxd0Pkrk3VK9jdf3l/WP3FtpBgtaNUEWlNEvUpOy7qaKhJ7xJKP+rH1t70XD0Tfaw8sDMIafWyKhHPy49jJX/4m1uirpiXEKtYgalba9ZzzfcZ1Uc8RPyD3IN3IzRcC35HRnLPyD9uDf2TPWdnOJeVMAtBn5/nLeLwXmyO8Frvpz6WfjsoLqWF3JmbS9TWDUMeJfEvT/p/07uTaHPjaGY52m5j+E1lYi9mOH6oQqCD2rc7NrBqvTQeAtpqj6GzaVaorG5gE9VSIWOsncvXmTcYDdfh5rQkAmoom6+uqmUE2X+LTx1T1RZA/Vw63ZuR8k9qZgfq9pbBBwPu9FYv9bQcg7jm51qmV23MW5yZ7FIXINn/CZzyY/XVeNz0AniDVisCA3/6VXWqmIBmaJIq1dyC1NnkkfMoTmy4eNJBaKXBiMskSTTvXiJy5TiNFxeL6dVwaJWc9iwQ7N7HBSbNZlKRb3PovvCyJVwvy++Xe6g2B7wNU9Nr0AA+vC5ptsSTTpfOYRAHgYeKCJsOWlPq82Sppsn5WIEKIVg+prXi9VT+2H8sqcdlMThm4y7Cmgq1aGvNtzCY5YmabOtaV/WdKKdA/+V31C2au60K9bXe6ZEfzifsawc7h24QAi5tOBzT/81Zo0v+RuRox3BPz6migw8fL/abnG05SWFhbPLfQmxw1xJZOukM7VLV970hU0ShZ6onwZLIi8/kLKiCcpjui7KIoZGvlFO37krDJnkakOq80dPn5DJQt8ElA4rY3mcGBxJs4VVL48piU4MqBCstF9ZCm0RpyoUXfTHJV/woXzt+wrbaeY5RDpw7Vf/IYM2/Qir02eTTqphE+M7GT+AkvPATqYyk9V6np/2dVKDaFkSIav1QujICDyC69O/oD5l9NFRbM9tpHO4m419g8bJnHnNURq80XBIAyuIPQN1jp4VqxnCeNIWgUvfQSBmJiPV/eAA6B7XVAhzN8kCODDVW4MPjVo8pwRrpvdqBcA7BxlxyTanDr/hazTTzjiJiu2Fk3+bXP5NVmcZFh8EUWND9GPAxWddLSq0PTkIw+23NrLa7csTeskLvRBu2O/9QBPpfYerd8c6lCVf8OX6NXt65ZCsCDp+yeBrhqyMDADKmnOkRlPm8pbCSFTjSkgA/cgPELWcwxLSokxxByJk/UgJ+WoCH29pPIIFuegmVOKsqGyu7TQKEh/KgYOf5U4cMValUep5CvA+npdjRJVJuvG0iH/pMrrObIxX7YY8+6mKeW+hpz4EBe9V0Mbsfi8NK0kLUQEvMj4bd1/EdAztrkUot4yX/vGJ3tLsHU2biCAr8lv3yBOepvCACcW5vB1LXl5nme0RPpc7ECdTuCI25PmicbEj57IOAJIGawoQuRJprKvuAmNoR8rUeBms9sn379Qi2zc8mr/DSXqRCtLa+dhjpM2WYFrmzSiX+gREJMzvE8jV5ndFjmQNSemp6DPgJXjjvMShLlaG83VRauFfHaLKN9sUCw1BZBI9rH3ThkxUv/Jjk9EnfEEgoJ8bLhpdUVhr9D55b6KnEKRNEl1TXBWkXceotpYSJddgzIUHjk8OatblrQCYGQw719q4MOK6DuMlwbQ61QnKb1TA/YvbQe8Sc/tbfNFac3QChWn5uey9X/i40G5rKjgJJDP4xfyq3t6+Rw57iN8HqvgdJ3RzRkWlIuQfm5/P9fR9fwZHquyox8o1qPl9mHTq9V+RT7O2SUm11LHu644aDcsVoaWh5+HAmUl4b6kN+vss/YH9zC43GIC6YglEKXyTebgihgxJEya5w7r0cBr+6XKMYSKFgWz+eR4wD0l5dxpCiEp2SfraTOPdzak4dcPWKn/w0mIq0KtZJMJ7O93HAP3FebYlnyNBt+Ru3Dj8ctbmx1v409YwttHZp6iDTv8BEomqC2lm/V4J8sUnza6JTg4cgDTUT/PXfAyDSdfHCi57ZxBrJmUFCTOTVwKVyKopAxdBqfnkmoszuxLqLoy3oK07wHzMuELKgEpsrrVSSC+GTTuB4aEy5tzALUwqN1floF6WmYmQ34ivGbIrWhVyWhat7YvdBN1j6c9KQaTH0Edav6hZBPIUWA7olvRNxlru2U4q1ZVhVb+6nTDW7Jl2BSPBdT0p032uLdIR3KdhryCZqW8V2keLadWxfjetrbvq2G92cJWgOoq9CYDmyt7abR+oBdb8nV56NuUYEn255/LtTmXiz6SOB+AcXvLnAOHLl0qLYFwI9alQFrRO1m+dK5kNh7Xe7B3FZWNc6BVa5LqyqIvPB9e+q7mvt5eBxW1K/j0yO4oLOt3u4+qv9BcEyRfBfcdd2aKJAoE4CMjz9kv2tiWVWK5CLrh2HMPY0XBsxkikzaLoGfJyKpg8KWMOujdgKey/TIvGNaXNMhI4Cl82c8aAKWV8UypOIhjhoLDLWXsEOowyIfZwzz87A/AcuNSm9WRseZnYp3TgttkYIpcwOm/Ubei7dPiMHU+mbVqyBLEEYz93ie2YWpt2hJt1VSCHQ+aojpLgBNETpfQIPM+UyrgkOfYErgaCJ12qn0WgP572FYM4zisL8CC2/qeBbtmL9FPqXNgaZSItmG5GFsBYh4XfrTMO5L0reGsut9Yi5zH7+KNx18zv5XxGmTZSewH8E9mQnYwex5Hj4gTndV96gpUEcN96vRnfUWjnSwbDgx3zl7Hd0Vbcm0JpMzCNDBSAwfokVFTxHqT9sJpeKT2mq7T+3DDmAy5/ZecYteV0Z/20CyoSxkOTYPxOHf8xqVn4EfMw6CXW/gRBfzMgbt2tLlJ1X5R/+ItwEKOUPwRrIl/kR43Xq+W4h6IOBf8AJrx70YWsPpvPlkjiMf9kPMu37Nb8//NzmCwAvpqtnWsVK8Lyt8ZtiG7i3o0J7MHL/FD9UdbuM577x+S4+DdILMUZ1qj1/9m/SxPknI0bXi6RFpsCB6sKLKp3YgMQZ+OHqBFcGR0CaWQ3FrIqGPI99NoyUZdcZT+vur+llOGtBCDoxEGQVRTQFDkFeSdVokfHBGy4LME7C1UOvfVmR8QRAtkgFhlyLba0Di9hAcEJmu3EcOF6fMbgTJfwKCPHn5QdUF3AB+Ru8WqRGe8hKncUuowa+re5BzT5At3WdLfFUsNkn7LDd8dme3sz3ZeNqznRaZeYQSYNrGBLA6UzIFETB/ENQnhaS9XOXniRVaK032+7denvJ94Vmwyn0xobv3jmnUqR/ekcOV2P1dQ9AzZgxqW4y6WJR8LWjTKMj2hGMlscvnS6NQdAvnIFRKborgwKuZTvZ/ceJWAkevP73zdnt1EQe7GPH5yhdL2JnFtxWQWkZ0+d
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:16:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\"",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea78354-c6a4-4698-bb37-69bd950d210f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:16:45.000Z",
"modified": "2020-04-28T01:16:45.000Z",
"pattern": "[file:hashes.MD5 = '444b446dd246829db1b7b343a7d4d9ce' AND file:hashes.SHA1 = '97a481c07f8ca2346f5167ae2ae0d992a8fdebf4' AND file:hashes.SHA256 = '199969c142a625ac50364623ba43898f3db4e4ff3441f93911717ce5cd68bb0f' AND file:name = 'ConsoleHost_history.txt' AND file:size = '29252' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIALwJnFCI8ahOUEMAAERyAAAgABwANDQ0YjQ0NmRkMjQ2ODI5ZGIxYjdiMzQzYTdkNGQ5Y2VVVAkAA1SDp15Ug6dedXgLAAEEIQAAAAQhAAAAXJDAYE6YhGPrUSsO54V0Ng8SI4RwlLQTJopEkezfNeG2eZgHLEmoRm6aNHxONU09SnmShWiN+TYXhWUQGYrCJrnfC+Ba4AWhPx4JEejOayaWUzQ0195eFAC5bT9Dl/D0qVWUvtGo92OGPIvNUz1Kwl86Gayv5QeGQBc7lxKZPq8w99UwyFcz9lAp4rg7GXKaJT5MpaqPrhjoIBgoTpQ88HrYRtgMVTjCEm8mqXOn16WhZGEIV8y/Vv8lLoPOfw8fpTkoP/Mjk20Xn/1MDqwbOmO/7hgut9jK3j3XzLfUJgCrwIWmrZ1AsdOH3G9vZx8HOQAQeoQJTq3e+djNBatiylczXUVTwg+d30ClOFpR4P0OBfVMaXzLFf7qzrGdhkmjB2fsmUXl0DMIZhl29OMlERtS4ngo/OxFA3ih8u03CylbgmG6gGCmCE/QO8/mB0BsBC44uBt4IrUZZ4jaP7QcBtTYlmwvZnhE6bTdkK/adsN+kf61KlBMsv/CP8zW9wHtJ3NzteX4VmNnGH7lwc3IM6C8GPJRyC1XoTcu7VOYlLgxL2SMoZF2gGdDoV+bXG54x1lgco9ATMiH48BaqYh+4ssruMBRHWfdL8kcJOIO8C+HplHTBYIN5onF1lwxXYBnYdCkSzJ7BDier8Un4bvW8hdZbQBM5dNRqJpIFnFYsAtzT6C6gy4/PcMFH/uXd21oQCDHzBjjSIqkPxkNy+rF8MvTf4FCySunQnOZx3UrhyyXfqvPFTTkFEvSNJnhrJPCfCDiooDb+5qt1JLSQT5ysUKhfVUsmgPhwy5LNp/JMZfg59yc1AAfWwXNx8lqZbWfymEhtR58HyDlsZhFlqgEg/dOrxLAL1yZR+oVR4ldv9BZ71ESMbRkbrAs05bbQdQA1zc24PetfqoKKWGP9GqMcMFxetV+LOH77sUCyZxtfzmL/kcwSD3znYKbkMxXJ1uIW+aJE73SRl4FkzM42IvoZotm4NIACFK0zoFmi7pauBVHMhj9Bj3u3xri55v9iSfcHspiQHK3j/NhcV9+Slk64n0ZVRn98NyEfhAA9qG3yC9ukrQky7dtSAliyHq4xKe828TNLB8m2AbBNxmNgVFhTxRUbPdvV8LyPxMkNB3FE3Hkj26ZKNm9LdsIdD94bno+ryxbi3PKJbiW55seqZRjLhgaDc7gYKRxMK1nvdIApXXvtec3q4AMI7Lbk7BD7XFK9+KDnVJWbGMfMot8PftQ6uwan7+cG0r0FDPguOhOU14zWPN5NZARy2qE4LVzazXf8iMAntpz4nfe6tonRHvTNjkfaas2kqnTaWxgXj+sOBQWpQZdhTPngMk8eIXDYmuq5TYGaRE5NuSaeODdzHsGAt3PjZQMTgUqrhjVg4gIUXklN8+YkJbiNfaqFj7VJAvLbHz1LjHYyd04JuSxgPKN+sB6iBm3VeZUktaRPREC5PqukPmxeaALRo3IFGbkwQXSgXvXQpJ3Y5Wwhskd06Fqdb2tBaZo4pMM8wuwjKrBEsGE9EXwxOxDzjlrb6f7TvhTYsXOoPnsA1MiOvTK8iolGPhu9jvv7Yd/v+rESuZ9HvMMBEwrG9KNminmjpgEIUlqE8I9h9MnbPmErxegYW9cE5Lt30nJl/KD8IkGvgxYbC8hNJy635o8l3xlP3bsZm/G76jmUlpnVs/vO5KwFHF1HBdrjEjNvwYH7Iu4uqlKRb1uk/MHmlFBh67R65RGRYoRcQ/Hmuv8MzezDb28jqOHumRgWjArEy55quZ6Aukz+wttvnJ2jks++ueDKqn4nqNJKLSy03M64eaAcqYCwI3GicjPuLG5tM9dztzK7Fv9dwSoBiL7+qTihnmFrHK2caDRAdFOJQuetWnYh+M2xvDPEvScwaO5hXv4rfurX+hNroeiGKWaHu2rlb4aGyB+kluf+qVNL5tm0pcqc01mbLAVjQWQcu9u0E202Et3UpgZKXQdPSy9uHlkGerIfCqEORyQ5JpIB8P9O0WfJq22di6Q7j0NlYZ0gQARPt2Ha4e9x2aB5VP3Oguobh7fcJ0NyfIpiBAyC82TMitTQqbesZUFPMKK5uBFkScjt5vU5HTmc3fxiPOViRzEscx452ZVSOmj2JT7ird8Ac60WygRR0PTVoKbUYehbiJeA/LQI+agN4yepCjqyiOc1Tly5k8izOlv8ePjID0zqEVwmPi4H6TihzNoGmlg1ppAmlbI2LtmtWvyqNNgQtPD51BlvV2Jc5kZDVHj5LKDGhXK2Aci7gOtzwzCfmr5KMhKzQhavlJJIO5PfcqXbSdsWb5E012o4uZptTOFvaWJUO496+VecGxrbYOnkEHvHd1J2ayLT57+aoZuWdTmT9aptv5IzRETQuVyRZLWkU6fsS4FgPG4uIf4tiJcxmPwL5YSbLbpkF40KPK7FMcPbRGJv/Skj7EZggOxZhqP6y55O0wch1WCbmpLteEvmy7fmNAaybbfMIwlez88ZKlDRQ/qBSsdjW3SKKptoSOTIBEsRwlzp4qoqmc9kWS09G9AwATIkTEP6eFvZvqIi4PMxut6YZCXqRqPb6H54mh8Tc2wC8eG9N2oQKsz3AJj216SWnxKT5bnUS7NJDj2D46RLa4SpzUIifJW+uKY8UDcF0zXm0fALvS3MFw4xQLkGlAmGrCMSaNSEPQ4jVWPUDe0nHSzKnVtvmMGM77DXP3qVfOai12HHLF2GJ5ArkF/3wcWa4r3vmlMMl6zTHBtWmaKT6swPAVRhD8z82QLpx85fCQul28f3qG8T1pXODk7rUvgGqzpVtwb11iSBKaKeSCpN3f1uWZ8yiUxKFAUIJh7O8GnQEYruMvPnTdmFSFrF2QeuzEPl6sTXQ+Q4rI7IRQG/cFLa2chjhqcFBt2HcgrJGLyUrDyQITcaUKBUbaXgQFF1nMpscKNeTPU84V+SEU2DOp+RnROhRV1ynfjXRBxLLGqYiMEPwH0vx50HHwkFwoZiuYVI81pbGVWnS2qnCkxm4EcEPxb3OWz5fK5sX/7qVTuIVUDmZih4JV+AIXQlXYgD1GLET8xnajv8BwYAMRvQpjbDrxENWA2T0WwrQv3Rom7kEj51ZQ4qGHxlM0OYvYHMwbr6G88Tpm4Q20mmSk/0gl1OlnWe8Ccj3qhyfCbf/iHutDw9tSg0pRBfEInzxagmS7qkH0qN2VpYlSzdIl8vqzFCPGZUEAlaOXfn+jUn0t9d7tCVDB5x7vG2p9oVbjS6LvIkqJnk8WY54MyHDtsk0AdiXXt2fJPUxRlj0kTjA5h8qA6CA4TByxqTQhfbltFx5+6sn4VUBi3DMLLTv9tHA9eJxNGZB0zZsTdOEu7iEJay+/2Ova12JZ+HfkCTYfPYj8InQZZaFVZZbtFT7IfcB79hOHiwFi0+8GtIU6Q8e8irezoR1M/r25kwwSIVC9dYumRwYBLkQVDVBNBIRkYDR6JB7IDFRGenuQvuB1j4kcE9VxkUFVvvB4QIKaMsHUX5cSX85lab/aSiNYEghvapl1Ull/viVr+OHZmf8QJyy+5pZrxtiB4vaTMsfVkHQvQMNpHCuKVYbqR01RHnvaSxzDSrNRPJbfMIQnhGerl5wU6+86HSSdrO66//c61oAAIdpmblOMircQn0NAWUu95fPYi
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:16:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\"",
"trickbot"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea783bb-2a1c-48fd-bb79-4b76950d210f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:17:25.000Z",
"modified": "2020-04-28T01:17:25.000Z",
"pattern": "[file:hashes.MD5 = '82df61349a9391a6cf236047c7471572' AND file:hashes.SHA1 = 'b8ec908cc4a0e8e406ce5d100a8f34a10fe3d064' AND file:hashes.SHA256 = '80bd15267756343f028cbe77afe810068b0e6a36ce32f52be63f620ef5b5ed89' AND file:name = 'LMIGuardianDll.dll' AND file:size = '38400' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAPQJnFCsn2t4t1AAAACWAAAgABwAODJkZjYxMzQ5YTkzOTFhNmNmMjM2MDQ3Yzc0NzE1NzJVVAkAA7uDp167g6dedXgLAAEEIQAAAAQhAAAA/ea4nIfZnlP4SFocS/5x/7dGIB9MXE3Z61082ouHr3VYF3JaFWVpKrRehPm9Ddfqavmr5Nuf/L0g7Dqk8D7rfpEB0/CdV0IcZ71bW3E79+fnGMfQJrtdLQH25paFX5quZAOZ155K3BDX93tCCyNFVDgPSpq86Gp/Q+12xVMxA7kYpgKbnNVy32SQSpR1LmUEDAi5LbiboOF861XBY3mCFZ88IDpmMwRPEr7VyrAfefIhPNhfh5BYCbsHvDh9Ovrb+Hs8poU7ASumINFTwtDrLj4wSugEuwhmeh+9ITUgaAi37kX3WNpy9zOVIrniMNxNYJNADhjgd/6i492jPmvBMvHqULw+ST35j01uzNTOy5K3vo5yCN5mC4pNhsvjqdL6wAWidav4h5P5yb5hjEbgG7FPzs9RskupnEMbu728cxsxTWX7F9evVeOqM1YbBa/h+MxRaA6P2R69II6M8h7mU/yYqz6El5/bSeTxKnO0sb1DyMjetB5KKPCrT3BaZDAdylAvU23SScpQFkNwoEPfjaz+Ou+uzKAXNAlcJvkXJgqig2/vGbQ+ZwYEQZIn9BCPS6BVn5aGWiGOsfThyuvaPUvBRVBcorPBAzk0ujezsPNZ1BgkOm/oZTk9VTN+TWXFcS9N1s2M0bN8UYQxYc+n5TtheOjyISlVdSwlyKtMWKfsF7cSjb62q+jjyLvi4XgvufPeCjSzTwgjqjte+tKMiODVcLj2304S+z1Thqmz/7Ej15h7ICE0EngpZIQ3H1GPz56k8I6ou14ACrqWjLahMMULI+YYoFA3YeXwlyrcv52g674ub8Bn9aXuNd67G2uCuSmsTsdSnPZx7YN+kmjb1yflA0mDVC9eEy6GLOiKMXt2DnrVghAThgOBjgq9VEM4U9lOD/4hGy7PLX54DOH0QnffBH8wk+c6/0yy0qD/H9TrXuSAmsT9WWvlPgzfFfAh3MaTtg3odH8w7R9QBFqMarQ28TdMJVaeDOkiIHHi1xjpfKQXgPGNYDjKB3KmonCaExySDWZvbuGnta+Hl8um8aBfF/POPoHX0E3CAZVqsdg+EOGr5YdtIRCjx4zwsVZ4+CvjgC2YKgrAcoddAwGxl7nyjxoKPcui4QifDX/ZSDhCTQRp24e9UJEPifPZwMlh3HsvL0w0hLkjZsfruhK2F5eVDsIE0ApuFTU/yfRlQxm/Ktxnw3eXqaKMKyq2k4eFwqyl64dHhZE+EvhILk6V4GWUnJvuxD8s4aaMt0vu+VyXkCu7W9o1kSxq2hQm39VHAeSZfh8N3NG+/R3vmdP6XIIQ/wQ7Nmdf0QDnm7QjuAqoiYepT7IVFhV4U0PNzDepo+0yrr/hUpLju/Ry35oR46cpuJdLzSUjWShCXXkfmktNrbm35jwuKDPJZrPC5KUVFFTYy8PEExqAN6+1OQGFNPivBZbElnuMYKH+GnfsAs17jIyWkXuhGShkW6A3wzK4W3XUkD0priwp0mHVDlXKX15UwGm/nHipElIKwjDOceN59Twib6YhWpDslemUoUhn4glZ74r16vHZZN5TzufveNO/qEise/gInMBdZQAuLlgwgALvrUKkXk5PvN8Aw81ezezi8CcMg2bNrwvN6u185MHT7CQtDW82Appd3BNTBhCs5wvUsG+AgA5pHa5v32dQEEG5bt/UnfIfLppuYFRFY7lfee9VQmXl4E4w6ZCjBzeUvJYmeybD5dBbRqTjScWgdg4AsxnSY9umj+f+l2QRqNCmHKdlYIkClnbvUfoGe9EXcm04LfHFpMRl4cZebHcPJ2RdRu5MT5j3cZ20dCvbiFYwM75hsdgVbIaubhBk2CsfqlhrYYkYsKsdzIvbMgM8PTjuL0c8gKnV3PQA6ZBdMoBC6U6h6t+7nf3fOugrgQKdamNli2zMRGv+SxGnucgB3OSJqdX2sCyg0JoWRUdd8rlsXg+JE/ZPwli9cn6jwbg+mcs16ruz2Gs/jCvVKEJDkUEwY96CI9+QI/QWwstT7vtCEeBvHVEg8Kj+iGirp8tYi0GVVi2a3LAkgnKTokP+v4G4KgXwgHwD8kjdDvjZ1JDhUgM2hx3dI2DXvd6EVvq/om4zSvl1aGsuO6+CdlnAwrep7/hQsgvzmHS5d9sM8LEr3w+NkRVYnmg+RG71Nc90/t54TKVV8tXkj4EOrJH84XLZ+zCuvPJw6osp2dreRpRHCa4ty0F0QeHyLtvZUPIBuTK3mYAHSPImpsZSWkB1ong1956eqgPXY60nAKDf2wp78OhN4Y1fGQf/54UKCtyeBaI1lbXGe2OMLHCFUTobdDdF8yJTEXyPHZ/hh3oDsw1I8nHHO4jhRuXmVsWFQJHTxox95ejL2Sf3Tcvy3HZcvsI5bTO/wsdMdTvFa+hwoaHRy+q6q6k94DZvxjhF5dZj8tfxX0W8UtEnbVAXr/EYmhgB4rCY6IPkfLJKOEXyVjAzjZqEy/vLgFXupmLSIMhm/+13VXilPU5xquO37Ykc78pvOm4fwd2pjl6kZjEJHlCLUT7N0H/07bCUWFpTa5q8yEPPZxvdBFQ3rkvLPNNR7M5CYszYaHUFyQ4DwEbL6Qsom3NKkHZT/Qq/szmmfQjuL0AOMN7FipzKEhokCbSumMJb2qtmb6mZg5w7ckIDaua+3ynTYkT27xr21/A3zhiIpr2x1XzgiVbUVoXO6xYxKxoTc0aBvkbGjmjH7HkNrPyso6sIIBUeDyPMCTSMawVWQ9in58ex8yv46vs1lk7fVNHpxGkTN8DNfnlpZnVoOo8UzZjtqBQgPjx5tZee2x7BWP0mpHWTMaN+C4r2gZ4D+vwW/OIRIGBQJZQ88UE0EF+fqEUYZm9NFoZsW9rJR3EgNDrakr+w+khJUY7M9prmEwun37AsLmxaYLJt1fUIt5XCtVRNbu8jbqqlLCEu6XBG3yInFNk2CwAxO9xaK4aDXTf99F5TVt3T0EuU393B1WQKKlB7CCrEQjUl4bINjcBcW+jEx0V3O7k3loJ5PPZQpEEslQK0+kazH9f9GyRqSOiD4QKCehLeuslgYOh3EOc2S7NECqw5YFpk8STsJaMey94Pa5GAafRUbRdbPO/frTwLBda+bivNd+em+g7IiD9XBuB9pU+wxWBhRG1jWR88zEOpfRg8f62bFXBAT5uqEpR9Umqc0QuD/Qev7jZFyKj/+q5Bqal/FX9/Sl/vXM9K5cxZzUj35eGuRyRDQmcm5M7Qw/oHkaZ5kWlDDCDracZf/rgIOdmLOnF/yJcEhLsbDqH1azSz0LtkpG8PByq2NrBCrlUUmW7XLFPBLIdg93HmWWM0y6A+22xxXxvRAeaV9TqDOxKNRFLlfWHHaY4//tdoTZWd1C/MmRaebAMIht3IjLkaFhSLni90F12ZKNswjL5pZV28rrpYnLcreDm+6P95T398+iF1YXiBRNQ28tAEtW7HgWx1NEA+KaAqyNKgpL7g0CLcLrKKt8UGLB/SYVJllyTWQ+Z3+yX5ikzegiaIShFybAo/u//3J3/mH50yqNm23GThN4F+6jLf6TJj/RZwZ1SYWzZnoLq75X9xPCsVV3gxfa4zKHa8oPqCyyvXFkJhFGn07Y82NADXTv+XMjkM42BuD6mle3iOSJ/C2EOwt7kwrWkPbuG77
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:17:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\"",
"PyXie"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea78453-1750-4d7b-9b04-4b38950d210f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:20:06.000Z",
"modified": "2020-04-28T01:20:06.000Z",
"pattern": "[file:hashes.MD5 = 'a82672168756becefe2dac9234ee61f6' AND file:hashes.SHA1 = '5bfc42ed380e5b9701ccaec2d2f312069ef4af11' AND file:hashes.SHA256 = '39646dd3bf20ff74415b806cea08daa8277ccc1bb7da5df4c5bd4313ae5cd697' AND file:name = 'LMIGuardianDll.dll.dat' AND file:size = '139280' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAEYKnFAp1AJVNSACABAgAgAgABwAYTgyNjcyMTY4NzU2YmVjZWZlMmRhYzkyMzRlZTYxZjZVVAkAA1OEp15ThKdedXgLAAEEIQAAAAQhAAAA9KNgCRHRA3olicKA8eM1YzkM8cK6Sro17/OkKydrygJTLYlOvpal4hljPDNZUQqbuvI8CZlzOIMCWKWcmnMdNXXxIGmmVYn4DUne6AAReVNCp8JbinhChV1XAVJS98N0vnm+P6LeTi/ZYMyz8T5bmXPBFzr6t0RCHjVLKrEMDE1xbwwdAR2IuhopKwm9iXmMcmjnJKY4TaTe2RYf6YnYuIeC92PCifaJDh5H9ItSYpNXXuSH/iUTPy6rbJCHYxql68bjA6Z5yrHPd6DmknRd+BsXzdMzJqtenCL2jD3DBaoklCKwlZzSPdLDmRCokd4Tkwq47TKnOTs7K5Zw8rpvP4eBB+eXwj1pwLhlcKbCanOk92etUACMwyqR+O5WAK8h/P+cG4KdY2VblR0/ozonAoOLa9YYDf96g0KVeLJIwjnMUTtrtwX+D7Z6l3gltLQr1cfxfmjcM79clyiB8iYpbG3RhlSh0aXpeFANdEuNnQjyywUMmJsIp+5Fut/Y7tOMRxZLhD/7Y/M74BYLEK3OvJOlOgxJ3ykjofMim0ktW0eCxrVFBiiJT+op4tKWQZrkOBIV99vpjWZwgn9Z6a4lrGPRF2rZDqZDxa/6B+3W506gjzazxuDe5W1coB0Q1zYAH6DLuZmpzqGAxhBYUoFTjhZs6oYxMwoi+CGBpSLAcS9tU8OnI4HQ7xahnNr/AdL+Y1suksTg+vtuHdL3DmovcPm+jA+vkRCfQzw12tooP2K3eG+D4hHrlOdbOSvkvqGxQhUk8jY2GwDJ8T95jd0/d4LLaYTIzyawxGfWEpfWp8D5/o1OujmYHCEblXk2fl7KM11aqDTh2W/Oene4088CzX5+11n5+hoOodU0btHfxyf/A/YrTVBmysroAzqNoRYDsPjOwbEJBXd4nxbrTqitKuAZW0fuaaoabg3+bv8ObtkWG5K/6pvvS3C93ShVUxbN12VByYPfAzx8Nss+6TX3Jd0TKErynZ4eycZhZSHvXi2tWRy/UMWGRXgMbjKmW+gcBHxrKzFSmSf1ONzv+qRStySB8J/mGV9ZsURza4XTRYGvdUGRAKNEVZ6PuNtRW2KxIOKDGsGPwaoZymAwQCj+clY0W3BYd+Uf/lY+OSyz9QSYmw2jYAtNcXafO3HwuBP9uXWDxFc4FW5f68upKb9R7wjZJyCtUKI1QNA4WAbSJ/NCxoZeCTWvO8hBfbHgqkL8w68xV2gPBTZHfu7lqpbXE28RsT7EzwTz7hNWcJPzqDlyQdxd8DDDcQReIQlgAIJ1NJw1gbO+cDyjjoktGNO8oIVwBrFZDHX+X/kgH/Oz4+GXPSr22NnOr6XXHWt2HTjpMHV9UCC+CdU2H0WF5aD5robBdQWvLVvaMtsWoqVI0IkRNy6uS/8QIjUyZVWThtrYa5rJEY/4Uunakc8UnHcyF7DOCYCeuhdxJiBnKLunEO17atKnXdl0XOf7NfgGmGGAl6sov/pV+wuKW9OhTUKySdK5WseS/lJLT25tV1gu18YipcaNx2RKBTEFJKQpTDbYKoA5HArR3FYHpsT7yU2zI/c1JZrZwETT+fMYYJRhSzqxDyC0WpeI6Ljde83DqmLNmN97E9y8SNPvMPteGdHC4V1u8AIwGAwMrg4smOaoN9H9TwdAHFE5dL7ZKX3dCTwidjZcxS5PUiRmJoEoCz/4E/n27HoISfMZCqWhCZYSoyns7JHvOy7wEp8bAky6e5YrNT2d7z/7II8MSdwPOBics7+U1FiCpgrFdHMs8YaDX+XxcBC8LrHAlOFU+tX8Fu8BovjIlzgPLMGcVQTeJvC8tSnQmTR8HNPUb00XeziwLOKVsczi4UyU9RotP0Jh90xNDtax+9ocLYAOCqKCERbVUj7cVUF6oub7MIaCz3sBsYhsk/WAnoENjPxervQ8clgmnMv9Ko66ZbTyJdKQJYvj41oXRxahTKVdjSLIq+wtHwO1jXOLIqiDatjeuV5rcSa/JtkscMowSwRDaKBhjUY5eob3grNPnL1EdgTq6yZncgp83M2/XSlqRh7IyfJLoh+whuXQU5DL3ug+pXG363C35XcWCqwbb5cf7+rwcOQh8LtqaIjetzTwTQjIO8Y3mp+iLu1V3BTOVslrZAG8UA26w2si5Tqg03PE1pMboMqzQilvsWrmTABnzeRanZSIN3XcJkvIa2utEYyFAIJW0roWGX/B5FR5nm7iSo0DvWS2dbm7yDnSNEmxiN028HXf64aopcbZ8gxKNtHY74FX13Qeisd0/c4WNuefy62ps0P/ruB1ZebKNWbE3mJajhE/1j/Yfq9+4JvsibKbqii/5u+e/+Z9CoBMlJ3X5H2R6r5lBE23a7fzqpneiD4xn+rL7ByQpFoC0b5HQD2e1FOfl97yrkfYAvsrTRVv5YM8/RVzjYvmLivC+0DnQls/UItm0NI2wyFvA8atoLmXjDpmHpfc1hEwrTj+7lW3oIiRc6imDgVzc/Y9duz1EjujEUXAAgKz+VQ3Vu8ABUpvMbeBoCLXHetPQ7vzSNSnfcd5Fvj5eWVQ2hM5z6eDrn03lvKFZmfeyR3hnZfz82jmyAA6AWje40owyhoCvprodFOobvJ35Skry9ND92wPXSx59pDE4U3dVbXvHEC0h2BKCRpgffJmcpd7HnETxpVR6qA8b8N4ortrfErIiHBXotgcUoIa0cMxf2Kh60MKgXWqxee/EI+ef+T6bfZS8wOmQ2rsH0Yqhbi8/1xgcQTxOcWM6HO7tFrl8mIHQztRR2rRhwLtlWOZWlbys/KU4+0bGSoY8YQyjPM4GeWnjqfL2Sp5RbaFr1xJF6gYEvMGwFQJs7B8dqzJp2Ic0krkmH6R330iYZ4K6wCDiDU0qZqcoyJvNI5Hd06j0zTRWTuqZHHVaDAQKIN00G+/bTYY0R8a/zACBj52tOupIdUTWyIUhOKN+N60Mfk76JsW/AzowhSwsbpo4iXtDGq4R9KXjwhstJUlcttbRb4pkhfmuu5xEUz4QJtTAirO2m+ybeJqGs4kZWJkBgjZQSVxPIS+lq8MAbuvqgb/YPIs78EIcXfmqPYrTb/O+FZYF8twt3pUpqhTl/Pfo5ORqrpEEB0Pj4UGwQZBE8tys05jnkh3x1vj9zoA2AGPbAiU4EzbzNZMHrjxbQW/2b2t04ipUApm6DkUhqkdsy5Mdd2BDaanXFXAJSLib1FB6AgR6Y7Aw5qvbn+SU7yL/ka9Jz3cScfErX9Rt6jT0b29uTuSVcyOATySQUVxXj2w4vbPUAZBjcKbfQ+7kjKQJ+e2wnXb6HzciakFKIPMSRjhAKzBPFFwxUGFejAPRGaRLTQqCrPsnIFFRCcoswmooWC8ivOHxV1hwPFY+GyJlAiO+KzfxNlNTT4JFhfe0qDKAggK+9+2v1oFXCy4Wam5vm18SKASqa6eaAc2bNNuQSekjNwVlAvCqzws1ifYDXj0+SsuVUx5HAWZLnyH0VhmMn7kYPl7lw2Z+5RHiYw7IHK6n7RLMhH1dE8TzWRoLAbb5UqmC3p8V9vO1utOV3ZC0w0hNwNwILf2Wsmb895IeevlslRFkT/L+DZ37QSAivuJrgM3KN1cSVYA63D1GWjSX7F0v6djsEjJtjUr3OaqDye1kf/YDoex2ILv
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:20:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\"",
"PyXie"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ea7848c-6f44-4c88-b135-2911950d210f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:19:47.000Z",
"modified": "2020-04-28T01:19:47.000Z",
"first_observed": "2020-04-28T01:19:47Z",
"last_observed": "2020-04-28T01:19:47Z",
"number_observed": 1,
"object_refs": [
"file--5ea7848c-6f44-4c88-b135-2911950d210f",
"artifact--5ea7848c-35c0-4f7c-862a-2911950d210f"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5ea7848c-6f44-4c88-b135-2911950d210f",
"hashes": {
"MD5": "629aa296fe4aa64c165b5ad954b7b022",
"SHA-1": "58c581a7f819cf326cadc3db4f43ffcd8203ee5e",
"SHA-256": "5aaca87020e9ef0435536ab151966c8ec054438fd26413d6cb39bb749668ffd1"
},
"size": 405456,
"name": "msfeeds.exe",
"content_ref": "artifact--5ea7848c-35c0-4f7c-862a-2911950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5ea7848c-35c0-4f7c-862a-2911950d210f",
"mime_type": "application/zip",
"payload_bin": "UEsDBBQACQAIAGQKnFBFBJG+6i8BANAvBgAgABwANjI5YWEyOTZmZTRhYTY0YzE2NWI1YWQ5NTRiN2IwMjJVVAkAA4uEp16LhKdedXgLAAEEIQAAAAQhAAAA88ZhfcvkT/tRuI8MyulekfPrp7q04XDXM/rVHI39LW+nSnFx+1jy17dw2Aryz1nj4qFHoNVgrmoeJR+ibzCZriRj/2JU1fX9FFOeccJ2+Iw84ltJw6vymY9jQ7cFXtXcn8VeMP1GykLZ8X5n3izTjvO5TSZUD1xUUX8sMUSEf6dIjgYXSipGdlhzWInjOBV2oCn0/HoxweE9wlrFHwSmsQ/d6FcJSRibx2UVxrMfS67TxyGFuzfiFTfq4X4bmg+xqApN+9VkGeaMjPlQCeipase9IM0EXfDRzgGygQHRaCMS2PGQY9b2tUi9e3ouvhrQyPfnPLBcry1nVfXetpOGjUpiQIFRzyKp/rpR7FSTT9tP+Yb133mHvaMwmq5sz5I2av/aBCT+bQJ2wfOqg/PsgFtwGDszQ3LAjoBtUEVf4jJMfozghb3fyEt4FH1WA0ow8TgMzQyHuQnQFnRO2h/3ITthfKEoHWxG0fUcOXIUy+NXiNLv8qjXpSnajErz+J0b9W4qdMw/ouxWbw8pEyZy2JQeFXsXwijYJj+cVMfRGjFm775L8o14gHID0U+x/3BoN8GYHfA+xNhCMg3wcX6v8WUzo2sfE+Zy5YeZ6jfiQ6Fyo7W8xWiuiALWaxfNJGpKcuCgKSXYmvb0LunKReas9W9PB3FYkpbbTZb8z176JJLfLKflVBpPVLmdVixiUKAhLmQ4JWRmCvSJntK/gD9FfrdvfkE75uR8Ox53ZJ3MV6kl5cZrS5X65n3bqXl22h1QQLauw+tF7DFtEcvNrQpc3obfqFE/EE6G80L0xJ0QMNx0vNVgZFRpfozNzOTBKcL6DIZ/iDbw8XyRYrbP377vf6uoAI11uAPEmbJkS/B2RPIhuci2poGf+CRjUS8YwhG6XIY1GlYxVRuZVbtGUljQPa58IJ2C7ajWyxBi8aDSzOXpbg8au9ozfXNVR9AHsmkCG5hPmQUWdWCbEOLJ4bZfMxJ1xoCss/tsddwCBkZ83FSKc/4Hj1EWk8i7ftUdnoOfDFQ4seWR+1ezLeNwwW0IrSauDBbYXFD4XlMby3Nt5vdmatKGULuf/AZZXQ2+kPRgyCG0WR/xVvfse5zVxPGi3tGQ4lFac36ngdojnkAHwYPd4U2Mci/FDrAvzJqebfVy4i0o2cpQAL0YHCK/d62yU4Mu9l4Kf+PGSznWsVPRjdUQfC/36W3bASXCr2liJdCyDDcp7M70PfOs9gU3VtIb579JHEvoElhNVr/UoMWDJpviNpVo8SAvQ6MJ2TPcg9w58RFPGLp2MdxJp+ybvDB0vgM8rCF9UQYQoMehefTuOT1ZdLAlweXRlfBOHzTQo/6PrNHt+PVTpxeKqqwl9aBmVrov8Tlmsf4easuizhoX16Y5dswF8/9/vg0X3Nldg4pa+LgtKN+Pn9JSylS5m9Or5fszp40S9I4yEnUmBgvmfrhPRti6ev52qQffd1WqrAKKP1q9guB0zmNOlY/CtDNxiYpvMOVhKpjudSa17/AQQKuPunbS4liRBKkttOyqYm3BivkA/5TX5cHqIDNgH7YM718mokJmkyvHFKMaRr9Im1nMFW8yJYZkbUqBl09JVBEyN8GnYUbeWP846AUzmTOghRaS4q1X53p+1VRZ6iAguO6cV44I5wIoVXn782B+pb8DatlrVd3Ow7tKfSTuoNJ0UVGlD0yXQX4O2m+RgmezFDp1/NbZnTKiK/cxLRosL/ttkf9LEav/k/AAAqCruknbeV5/nFrKgV9x31Lo8a6/01U4Uk1Wfy8PnusVb9f0jna59CGxI9pcHjcRc+Oq208pP9QvLel0FtvmBPrnHnRJuyaYIyV8rpWdN5MT+vO9lmj1gOCtFGOjgqvt2MrK8yOofMYKkphkZH4eAT//BUKnwNOt3LOOS+KbJnHBfkcnV2MPWnCo4drtf7qOHs/pidBfMHmahs7Q/pK4DBpeexAYCLDJpvfk12Z3Uqr3rbBCMS1Kaondd26zVI7i8tKK8WJ369QMuvTHx8AoHmOTkpWWg4oCZick/WmYcO9TBK/HI/CKPotEVVOUZGLLGroXCR5H5lkTx6dEBFIv4Whc7YQhcsB0Mcep99QH1+BsPJgq4G6jg+tQaHtmt4Womv8+TRfQbj+ExDc7muS1i9Et0+EXw6mAqWYhw+SZuWQXZ2WkO7iWQ3JsR/6yeiz36AtAlYctvHwX5SymILKD/PpRQ3qstoyWIYLltkdWzZMJ+2SQ4USnmkt7XbE8VheCVAGcRHzhHetgGDSrbrrYRsgIB44xKviQ9JKc32ud+b8tCpyWxL5dgntPJDmkSJX1csLIukSf/YCCtG4P9Nnx5S5nfTI506gao9uSCZu074xOXBt7Nk1mr8aFEGf3MSO/J3DJpZSUopNvoVF+wUaIRyoU59bkHP9epS7n8LqsvBZ6Sz9R+TeZJ0wa7mFR/MekcovXR7zArD5Gwo8+KZhPpvGtCztdfJI/WKSu2i7Q4CSyIK7ioYx1O4c9EAMh2+VrSBS3L20icd2zQrd1QdTli1Qh+EhpifFt9KYUWA2Q39ufik/ATCo4rmHvTRLrOfN2CsDciUly7u3nJKLIq9r8nXBxsvj0HM/W+LdM8q1YKGCTNcE+yD+9tRcy57R/4j88cG/vngk00EHvZb9ABK9dQInQ8FQk7znz6ZGDhdf00vrXKXG30baTQttP3RQ1lPav6gFHJSKfNgBcr010hkYXgC6IRY83WUnLet7YZqzE6ZMSDVltcUGa2I3KuyMkaJtsgnMh6yurOAu2x0TrdLj5BPG6xLmQ8D96b5uhcXGhzSqvOcPeGLp0BmSrPvD42tS4SvA0xKezjPewhBJ62YIbcrpD+ULJmiyNvVPJwNQ7610KEdYTRTZ3b5RcjN6u/OfH2gvcMvdgdIgU/06hJuP6g9dBIwusCNR9M2etBk4Az8GOPh9PD4gyTzhN8mpLhi70jsU1MBViiUXRpnMCazlividl96BqLNPQYur6t4+8zrzGAsRWHNZmM23jPnDt9T57PgZXGLEbKEe+pzbg2cvghZpdDTsmJO+KOkOU4r2eQdYOp4AFpyLFvfnIRpTHACnQ0lZztwuBojZHXxVHoGwHAj+mT35rmIQ0AHesBfTaYi+iqg5/chiSkyZeAReALwT/A30dIj9DexNa1kyZXzdB67wNkN+ztw5hD9qn/EPFiaQJFKzJOr7/src5SaAxJ6GYKk6csC3yMMWNg1C5WxicYXlwEDGBQqEhF+6STxrrX8Xe51Ml2VbXXZ4+zHYGvnLS2zPQ08OTBOq7KriEJvyYw30XQhH8XL8PDoDAsxX6Oe5K3h0JFCm3cJ/a7wUwmTqvazdSgQ80qSjbWmO98Us5LF/HE5lJxy6uPmc2f8n2gIm+Q8KqOZ/Mecua3AvOeXz0ZhsJgYTRGYIjKX9Yh/IJhqS+sADDq4U/MvpTFmw2WApx0FHmzAc8w59GDYA4IUf9mJZrnhL4j+nDPbrz3CATQiCvTDptXIxdIOP1z/NdOICxUofv71esL8CCNTUT0M+Nyc9Sb2RboW+B6AgRH5FgAfXWIbkPodN64WT6WnOa0jiGbXfxVRTamz3zchWF1g8jKRCECkVTDg24zoZ3QiIMcgas50ZhP4zvBDXisjvF/gjCP/OwdD3j8tfsRzbqE6gY1cmUM6VBMHPmQiz6IIfW7axs0r2Kx2K4pJIwkMZH2Gk76xsy1Zk2SWqo2Ir/pa2gQL5yww9ip0niZGnCm8MRVpqqfXgG8fLm922WbPiMiHaZ33qamM6pBhoekcf8WGlA/TddH/JGwSqd2nuySTjoGKFsBui/Zr0I393GSvkUk0jyAXKy5PEgpfgDXk0VNCNKlZPnL2uyYQvjwmA/Si0fkDnV0FMTrqmR0GLpiLH3X0yLc6657ZSpyAKWnhSWZNLMoyhmSAHp6mbG/z3bmB0NgwKghBkP78i
"hashes": {
"MD5": "629aa296fe4aa64c165b5ad954b7b022"
},
"encryption_algorithm": "mime-type-indicated",
"decryption_key": "infected",
"x_misp_filename": "msfeeds.exe"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ea784e8-6f5c-43a1-94ae-7fe1950d210f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-04-28T01:21:17.000Z",
"modified": "2020-04-28T01:21:17.000Z",
"pattern": "[file:hashes.MD5 = '6d0b192efb3909556cc6452ee5336b93' AND file:hashes.SHA1 = 'a4789b71f8382f23b39c656f797fe1c2f22e3cc8' AND file:hashes.SHA256 = '4beed76d5848fda5c41a9705ebef9bd81278e085ed57ffacc97b188ed8979b50' AND file:name = 'cmdline.txt' AND file:size = '49' AND (file:content_ref.payload_bin = 'UEsDBAoACQAAAJQKnFC+srRiPQAAADEAAAAgABwANmQwYjE5MmVmYjM5MDk1NTZjYzY0NTJlZTUzMzZiOTNVVAkAA+iEp17ohKdedXgLAAEEIQAAAAQhAAAATqvcNUqwGzX0vTv4XIGyFGeCJLG1Unpcs60Arg4cUx+wbyEPx1inIPRGAQJf8zV/qr8Wz0xjYePra5+2C1BLBwi+srRiPQAAADEAAABQSwMECgAJAAAAlAqcUDJq+t4XAAAACwAAAC0AHAA2ZDBiMTkyZWZiMzkwOTU1NmNjNjQ1MmVlNTMzNmI5My5maWxlbmFtZS50eHRVVAkAA+iEp17ohKdedXgLAAEEIQAAAAQhAAAA9WKSTENw/HJpsZ06ZqzT8wok24A+IMZQSwcIMmr63hcAAAALAAAAUEsBAh4DCgAJAAAAlAqcUL6ytGI9AAAAMQAAACAAGAAAAAAAAQAAAKSBAAAAADZkMGIxOTJlZmIzOTA5NTU2Y2M2NDUyZWU1MzM2YjkzVVQFAAPohKdedXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAlAqcUDJq+t4XAAAACwAAAC0AGAAAAAAAAQAAAKSBpwAAADZkMGIxOTJlZmIzOTA5NTU2Y2M2NDUyZWU1MzM2YjkzLmZpbGVuYW1lLnR4dFVUBQAD6ISnXnV4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAA1AQAAAAA=' AND file:content_ref.x_misp_filename = 'cmdline.txt' AND file:content_ref.hashes.MD5 = '6d0b192efb3909556cc6452ee5336b93' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-04-28T01:21:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink