adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/10a54888-bba3-4af5-bc5b-fcda933ac0e2.json

246 lines
21 KiB
JSON
Raw Permalink Normal View History

chg: [feeds] updated
2024-08-07 08:13:15 +00:00
{
"Event": {
"analysis": "2",
"date": "2024-07-19",
"extends_uuid": "",
"info": "TR-87 - CrowdStrike Agent causing BSOD loop on Windows - Faulty Update on Falcon Sensor",
"publish_timestamp": "1721380201",
"published": true,
"threat_level_id": "2",
"timestamp": "1721380187",
"uuid": "10a54888-bba3-4af5-bc5b-fcda933ac0e2",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:clear",
"relationship_type": ""
},
{
"colour": "#7b0059",
"local": false,
"name": "smart-airports-threats:system-failures=\"software-bugs\"",
"relationship_type": ""
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "24",
"timestamp": "1721379960",
"uuid": "2c00fe95-1d42-49c8-adee-3fb09588be59",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1721379960",
"to_ids": true,
"type": "filename",
"uuid": "22a24bb5-84c9-458c-ac99-6ab16f6a9c46",
"value": "ad492bc8b884f9c9a5ce0c96087e722a2732cdb31612e092cdbf4a9555b44362"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "size-in-bytes",
"timestamp": "1721379960",
"to_ids": false,
"type": "size-in-bytes",
"uuid": "a3270073-a940-4cbb-89e0-a355a4e309d8",
"value": "41004"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "entropy",
"timestamp": "1721379960",
"to_ids": false,
"type": "float",
"uuid": "167a4c9f-4311-49ee-8f73-fd7e40bc8c27",
"value": "4.5534410358575"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1721379960",
"to_ids": true,
"type": "md5",
"uuid": "fec7d494-67ea-4a29-aa8e-3721890c379a",
"value": "1618cd13c5263720ec958c3b24b9d1c8"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1721379960",
"to_ids": true,
"type": "sha1",
"uuid": "7d2fe15d-9165-48e2-84d4-05a614de0268",
"value": "cb8a27c7347d19bc0b23093a99816dfd8240dbc5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1721379960",
"to_ids": true,
"type": "sha256",
"uuid": "c9cb5cdc-f0de-4907-8685-1baaae930cc5",
"value": "ad492bc8b884f9c9a5ce0c96087e722a2732cdb31612e092cdbf4a9555b44362"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha512",
"timestamp": "1721379960",
"to_ids": true,
"type": "sha512",
"uuid": "1edd933d-f711-4c27-9e32-1a2bac5b7b2c",
"value": "2702ddd24a4160ba8f65287f71876afed1999f074d1885284ccc610bf412d99d00ae1bbe67bf1789a24a88e798d05c1e91090ae8d9d8c3df4d88cb2e7aa40cd6"
},
{
"category": "Payload delivery",
"comment": "",
"data": "UEsDBBQACQAIAKJI81g5t0D04SUAACygAAAgABwAMTYxOGNkMTNjNTI2MzcyMGVjOTU4YzNiMjRiOWQxYzhVVAkAA0AsmmZALJpmdXgLAAEEIQAAAAQhAAAA8FQnXr0Sf8CbzqVZJSB16ZM23QC7FgltmMPZ7SxwUfzUw3yMJFOW8gFnzCpqS2/ASBR37sGfLRQW+w+sEUmD4DvI/IHH+CIGsqIRUw8Gtp56AcwmGr67MCyi63O9JPmbNsQ5DgaE22GwKUcbk0Y4UQwDVZs7WmgBcUUsKw0zVP00jZkCMjvKO7oWRoYV21+NwLcK1fLhQBSg7OZtnPzq3ktdhKmTlVhS4XhiKAth7GHexq/v9VMpYSD2/YAM1ZibO3oZDsAUePjZywxl0O2LP5pJEpsNgIxvEaW5/Y7d01e6czeIkoiLNEiLo2LZF2pevv7MfP9JEeVjBICYpxqWw89KKVKH2EF1QxmuOh9CV2tYIwsoylTPj62mUWkvvOGo+rL4bIJ7inr3XRgUrAYfEiYtFMvFntmfCQEgk55RlZ0hqeA6IKkZGyiFPoe9o013xerOsS1wXzmL+vUDG2K2OgVDDtNeqIyIKxWLPFCNL6kx7jdij4yv1BiURqHvk76C0xOlIUdpCDEJXN683mfXOTLfobKRk440yg0utr+ntKbTgoH8YTF3Gy600UfwrZArhGP4zdOOm/xr902qp2Pbjhr8P86ClozOAinbyk/AWSSzllgkQhfNs78q+5RLU3RSAk4AIR2iCgAlFslv6wup/UzwsnRGMTFB+Z2Raq83wwIDeznccieSNQDPueFufJn6+xfGF/Xxbrq1S5CHeUmVJgPQuyEC01OhFBY4L5KiZ31sAwoNah7EzdCrrF8KE4Y8O7e07ZOikjb0txEQ/uixq98n0GvCmzx/6NucaSD4/TM0DJvVq6Gb4ORKW8na9EBeNyDnNXTqXbg1WE+ZFL19zzjTJsnfXX6pLg8hROAgVeB7IoZFCOD6Vdfs+QmN3GFU6LUWZ/74Cjts1tohT6H41P5oka2Klitch7QhHJ7U/eG+iTZKKuOtcSjqrIsYSI/tOGbVHrr8S0hMW7lf3Lj4K6Qhu7uYJCZO2C3Z8B0nFFPM0DKd/U1388HEfu4hWEc7OTGjV/M87h4rBKQM9k/v2VI1TgcgCxR4UG1g/Vs9quAwn6IPbosv6/wqpeOv9bBxms0GWJNYpj1eSIF4JDPKd2x8s19Qe/y9tT2hb2/Wsn5UaNQ8uCiTLDKvo7Y7KNR0vAhzkJdFcc3rnVuM41VU+ODaG6qqANynqDqXgt0tC5x7VNz3lhOwb0tCtIO68zXORp6jaQnj3Vhaoyo4I1UcQICD8ge1WeXamTuqHnWXtj/uiOHljZo5NWOKMEyNvPCvftxYj7gzZ6JYT4jIHnpdVN9mc2lRitpuiyNbCqh6Z8vPm/hGo4xwoXSqMrzgCZB+vF0rSULuUi95RY1JbR6IJVLI8ksPMC41wVzNBf3wfn/q4CBP1HTnwkYV8t9b7lxiozlP/GcjR8LRzSp0AsJ2hZ8XaeAYm/K0vztsJaXzbyAHsbZ4FawVajudOW/ZAxU8abZSJiZIddckHn6PLcBwJzdSAGxBP01DO90mTrv4wu9kRFrJXh2AOCE6PWa8sRZuZExjOzj43TjYgxnpNRkmO/kN+VmWyqkenKiyfxaCIARNMznevwZwTkWPccqq7YCYuLhr9hnJb0s9Q/dqst2zIFb4J0x8J9CpB7jpLCrklaK47KKkxspLpjlPBFNm+B2ngk/237J7BgME8CBUpCdEJufwUDVxUeTIbynPs5xTnhhU2APjfkDq+zImcjW/RaTpvI44KwF3ecCXx1N3IZSnsLA/+Jkkig4wrZTu3RlUGr60KKOMuih/4r/vLadsj/WqUVtcZVZpGLQvmwFg9nmzjPEkBOTKftQlK9MSf/fmtN0rMzLerXsl4LiwTWhsBNolAl/ev6P9Iw/0U56hkqIiysZAi0GX9ywLjKbBt78pAqC8vsBVr+ZqcXRLEt9/ukilvrFzXZ/LUVnw001yloKowAoblysfQxnko2WNtGuGKqKjGBsWXLOpezn9hZAYvihco+bND+I2wqtMQTVNytj2l6HL6sMAfvAGMnNALYbn0VNC+MTW9ib/ceXlBzp2Y8sQH1dJ3X+VLOfPNu+00PL7GO4ytgbFOyph9xn3EPEmJY++5YsrZD8LBZrXc0S5oNlm9dHr5VyUKjJK0d7w+y2vElYKlMNCmtRI3OGyoXkrrvaA3OeICnwqA0otj649uVy9nJK32yqG861FGSBph3a8yaaHkxAHPicCKT2R8DQagCzqCqVD8082pqdzUYnFSWHa6gvACG/AIVCNKo1rWjpuhVGfgHSuV24zRzCtLFmP0hks38bs8ypc/axHeir8We/EUlsfj6Vz/1vbkonaQ9NsJNS88tXlArX4RRWGXoef+zKJIj1I8KHjKJ5TbXx5AVUfsV/qdFsoj1EN1tHXBrla9/pmAY5hQbZ6+4+BoS4D0y3LYZxkH26NdLblunCkiDc2Ac9/PyA1IrwcuUnC0VB/USHbpyqhpO4F8bQ0WxO8eWrv/HinLwpxwqOqcMljlCkd59GbuKaivAYbBCE+xDEMlyfyRcgTjBmOlcjpiRbG38glGjTJj22CwqDuSulioHuPFCusZPpEnaTkBick0K68NPYP3gbKRPENbFQ3FokJt4y4q7xAABy6Zkwx5HacXNlM+Wc1ZFTjZ48vosjZycBSOUwknKknVts/z9Z8fL/jaKfOA9OuxdAI3h/kUlHUprMTgzyPqHhpqkaSXhgVh2JOxkROetuHv1/tU37JcFxgElytIaf39fAR2wL3xvQdVNRtbMzTTVKb+Za3tsKz0B6dcnVJvfnAytjHKc8yEwTSY+OEdBetF1x9wYbnfF42VoJ4Cd6uD7/Njd19RMHOytNMGrtHRRxDlLo92NvK7k2ohA4g6fSXgp7ZA8ucjjr7aZIJepBNJZA2BkBxpkZ8GbbOv8zekO07VGiIoLEFnsgOn68Mx71tLHRIPj0OVRCCAy7/C3ohpkWcgYZ8TgHu8tJutUeQWm8aMJJECDaVZYNnr4YX7hsRlVdByoa/u/L4mLwKQAI1drVGMUmLvUvdoXleci70iOQjZN1+BR9M3fT748MzxlJJ6flQxEfFGzRNeC1kNiamvbFRR2HqtwvG97QhNcbc/VwLGybZRQYwX/PLuvQ0mpmiDV6aERYgpkTaJX+hym7Tn0u41WaKOFwHDnOOEABStraFayCKX59kYdpILeSjysx7JQ+TDZsNHz7A0DUgk1jjcfVhDbGrrdSqebEB+eKkYD3uigQez0f95b84FTFcRtu3qPls3U2QEzPgTI4NKCAAl29PVCunem5BURaoHAuxNRMkRWEf6krfkPS6acObgDj+rPpqEYTv7hhfEuweqdQh/jsULp8O/hGah/d8OnTDy+8HqM7Kv+29sXKFYrainN/Ipwjnv1VtTwhJElVmOpK/NLkqLQet2LxJhNGmPXGV/QY4sQwfS3XtBUVRajxomb7wuwGJ1ODBjYsFGwC0Masf7tnUqukAeDYRXW/PCM1jcr817ez4UMRIlNGbBxCq/thppMDrQ4zccWUkbsVLOKNWcfSKUSvGVyZnb6/Vhw9MmVG5CmVt2ntMpf6tJE9JAX/iZLyWtvXwErs2rr1sWY1RGiKYg2KatSJPMiO3u+5EttsjC/4L2Z1fpy2+eSBDQ7L/SNwE+pkWM/ysNZk5zd5hONQlJqwbruf9Cc7/eT0XPSQUsPmzgypMiCHhrb8Ded4J0qf5/yX2pCGWQQJCgQW33QMChyteOpvZomsZ51rW4b5qPG9GNZliT6iFr3AbuZtMpCLOz+AfAnvuJJ0HaxBn41ELoORmlUnXgM/6nivo3slmEmy22sHMXKyC4cS3N2Qpk/rFUBMm1C6C3lSPCScv1RDQpZlJQ3AdxQNH6RZg9sX9yv4Ivexj9OjAeAZMoE8JY/ooo29pmiWpCmxDsGqylWS8Tqg9GcmirjwtMwbL8MTdK8+/LSd172cLuWhCEackTT
"deleted": false,
"disable_correlation": true,
"object_relation": "malware-sample",
"timestamp": "1721379960",
"to_ids": true,
"type": "malware-sample",
"uuid": "b6461d8d-3937-4a4c-a242-2b68039081da",
"value": "ad492bc8b884f9c9a5ce0c96087e722a2732cdb31612e092cdbf4a9555b44362|1618cd13c5263720ec958c3b24b9d1c8"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "mimetype",
"timestamp": "1721379960",
"to_ids": false,
"type": "mime-type",
"uuid": "c4111c05-c61b-4e8e-8fe3-ed0948d9203d",
"value": "application/octet-stream"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ssdeep",
"timestamp": "1721379960",
"to_ids": true,
"type": "ssdeep",
"uuid": "4f1b353a-51a1-4e16-ad46-b56347b79f9b",
"value": "384:bIy44Wo45c59r/qQqu1QhSn88MyU64guxkP5O84VLv8xB0+Cn:9495c59rSQBG8CJxfexBl0"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1721379960",
"to_ids": false,
"type": "text",
"uuid": "9cc5d373-1c01-4d10-a9e0-f9ad1352b4c1",
"value": "Trusted"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Report object to describe a report along with its metadata.",
"meta-category": "misc",
"name": "report",
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
"template_version": "8",
"timestamp": "1721380187",
"uuid": "10555906-70b1-43f3-944b-fa15f6436ea9",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "link",
"timestamp": "1721380187",
"to_ids": false,
"type": "link",
"uuid": "6a620f18-bdee-409a-a412-b52a5c8c0494",
"value": "https://www.circl.lu/pub/tr-87/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "title",
"timestamp": "1721380187",
"to_ids": false,
"type": "text",
"uuid": "1be6ed60-b90d-4329-a721-d3620891b736",
"value": "TR-87 - CrowdStrike Agent causing BSOD loop on Windows - Faulty Update on Falcon Sensor"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1721380187",
"to_ids": false,
"type": "text",
"uuid": "5aabba67-281e-4001-9ba0-f78afa74dfd6",
"value": "Report"
}
]
}
]
}
}
Reference in a new issue Copy permalink