misp-circl-feed/feeds/circl/stix-2.1/1b2b6e15-3655-4648-afcb-c93214187736.json

2540 lines
5.1 MiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--1b2b6e15-3655-4648-afcb-c93214187736",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-20T06:22:25.000Z",
"modified": "2022-04-20T06:22:25.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--1b2b6e15-3655-4648-afcb-c93214187736",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-20T06:22:25.000Z",
"modified": "2022-04-20T06:22:25.000Z",
"name": "Related IoCs to https://cert.gov.ua/article/39708 - Cyberattack on state organizations of Ukraine using the topic \"Azovstal\" and the malicious program Cobalt Strike Beacon (CERT-UA # 4490)",
"published": "2022-04-20T06:25:00Z",
"object_refs": [
"indicator--cfeeffe0-0d4b-4bde-82be-c3e4f00ac770",
"indicator--2ce189ea-72be-4d9e-bfe1-09a89fc75fe5",
"indicator--3c77b174-1b0e-4098-9a75-57d17f3633fa",
"indicator--b23b81fe-1dec-49c7-bd8c-c4a8ba03a1d8",
"indicator--1dc91cd6-93eb-4201-8fb1-65cd3f7e7336",
"indicator--6b16e33c-33b8-4604-af27-c2966171b700",
"indicator--bb9b81f6-0f86-40a3-a269-b76a1dcdcfa9",
"indicator--066aee0a-674b-4bed-b365-c2db9056a8a2",
"indicator--b6357090-bde6-4f7b-b5df-ada2131ba85e",
"indicator--bb5336ff-5b37-42ac-877d-4ce2411a4f34",
"indicator--62049eb3-e963-46ce-9b81-d5545e85b86b",
"indicator--17cffd8c-62e9-4cd2-80c6-40ade431d9ed",
"indicator--25e7bbae-b61c-440b-b6af-02de7ee9f80e",
"indicator--7041d6a0-cc10-4464-9847-f398a2f6ed7b",
"indicator--0de23523-f165-459e-93c0-189aec49ef09",
"indicator--c7dbbdde-3d06-4112-a694-1ff68bf12576",
"indicator--5953cba9-4fa4-4b0d-b67e-859074a1784e",
"indicator--d75195a5-92aa-4e55-9f61-0ffb63f742b3",
"indicator--98c5d7ed-32cc-4b81-bbc4-f7f0c78f6dc9",
"indicator--21bf9fd1-3dbd-442f-a7e1-76ef0a6f519c",
"indicator--cb56d9e7-ff65-4664-a479-42bdda8d8cb3",
"indicator--fd55edb9-a125-4048-9cbb-f5d906b125d6",
"indicator--749d4786-b472-4bea-8e29-e9ced2a1b4d1",
"indicator--bcec041d-5924-47be-a917-98d53a510bd3",
"indicator--cf05a2ea-3013-451b-b596-efc6c2ffa0cc",
"indicator--600e0fe5-6fc5-4a8f-b73b-7c6d375e99d6",
"indicator--b3ab8dc5-0d44-40bb-b00c-fa058627b9c9",
"indicator--4c478ec0-5fbf-4ee4-bead-4add23c8ebe4",
"indicator--c447a873-9758-4cf6-b856-c0a739ef9191",
"indicator--0b22b71b-df3b-4783-a55c-138846d25c3e",
"indicator--38ebbd09-486e-416d-b026-c4d5d60969ff",
"indicator--7c57fd9b-2c63-47fe-9a4e-f1c676f45f6a",
"indicator--befda417-08da-46ae-938c-530b47403aed",
"indicator--bf542b70-4cdc-4b1a-8751-9356b62b9de5",
"indicator--6d4633e9-ebaa-405b-ae20-a4ad5541c643",
"indicator--8a2d2fe1-2c7e-4668-887b-4fd8e6a081ac",
"indicator--edefaf19-a841-4689-b56e-123b3efe06ef",
"indicator--f54e4b57-a5d0-4771-a556-4484192b636d",
"indicator--a7867a75-2882-4497-9fbd-b05cc522e0bf",
"indicator--73d9ec3f-9acd-401b-8602-33742ec0c88b",
"indicator--48f86dc7-c52c-4a54-8a73-1ea883c5ef83",
"indicator--e621c574-0af6-4498-bbe4-a53d9e558201",
"indicator--7e6e4ba4-fd5a-4915-9333-ab479f671484",
"indicator--24d9270f-b9ee-49f7-98e4-3412fe68d628",
"indicator--a8168f09-8001-4e55-a947-183cb0e46ed4",
"indicator--31dcc91d-77f0-4dfd-9434-ee552401ce91",
"indicator--d05c5391-4984-4627-aa49-876c2cd49c9c",
"indicator--26c49fcd-d8ba-47a4-b505-65addccb9aaf",
"indicator--cc520f0b-c55f-4041-8b07-08b4b6bcb037",
"indicator--578b0451-c007-4ff5-952c-f0a7332e9010",
"indicator--c316b3fc-7ed9-4b2b-a5e1-85ab48855746",
"indicator--af84df87-9c34-4b11-a3bd-9adb78906b6a",
"indicator--1c07fbfe-22cd-4775-8619-b26cec97e1bc",
"indicator--70299e93-ff93-45d6-b0bd-e0618f22ec23",
"indicator--0f770b42-5423-4d45-89b5-4c8b999865c9",
"indicator--b597cff7-58ca-4166-b08f-0374a1d0ebc3",
"indicator--fd8dccf8-a87f-4a2f-8930-84321eb1dd5b",
"indicator--280b384d-cb64-4edd-983e-c887f0ea4437",
"indicator--c3cd6f20-cd40-49bb-b6be-b617f1354389",
"indicator--278731e7-fb13-4357-9c87-a75bd712230f",
"indicator--f1d045ac-a519-48bd-897c-e0cc4541bca1",
"indicator--fb7c602d-9d27-4b32-a119-b11f96223e0b",
"indicator--840a46c4-9a71-4773-84da-f72ecfdaaab8",
"indicator--93349386-f6b3-429a-9b9f-2b7283c2bb6a",
"indicator--0f66306e-3c67-4b44-acda-2312d58f8f25",
"indicator--a0f99133-677d-4fa3-90f3-3b65eade4279",
"indicator--d23eb6c6-b17e-485c-b2a3-2ae9be8e71bb",
"indicator--bf3e79f2-5548-4293-8ccc-45f43acd0337",
"indicator--4447dafe-cc48-4b15-bcda-d2683475b01a",
"indicator--45bd3293-441c-4cbb-9f8d-1f787470d4ef",
"indicator--ada00487-2c2e-4de1-aa5e-53e0b814a023",
"indicator--3652f949-f109-4c5a-86b5-f2e976a19656",
"indicator--a0df3698-372d-48ab-aafb-0f4fbf9635d1",
"indicator--33590d94-5ae3-4853-b03b-62b9a56016f4",
"indicator--d295e514-5287-49c1-bc4e-8168dbacc05e",
"indicator--66613b64-69c5-4ab4-a7da-77cd07fe8cb7",
"indicator--c4a06d91-51e3-4386-b546-2214460e97f0",
"x-misp-object--edf044d9-c432-4fcb-868b-df6050828c39",
"indicator--1d5d82ed-2bec-4a8a-a8c4-ad72e7771a1f",
"indicator--c4725d25-2953-4fbc-be2e-c3c960e68f60",
"indicator--5cd304a2-a4c3-4878-95df-6c9da9a7fe29",
"x-misp-object--630cc256-f367-4f5f-83f3-757a28c587b1",
"observed-data--17746c0d-121f-402a-abe2-c98b8b362a55",
"file--1558f253-39fa-52c0-9878-078f8dc5e90a",
"x-misp-object--2c263270-3a18-4d23-b950-c5710c490a72",
"x-misp-object--230937bc-fea9-4714-8cbf-bdfd69c3da59",
"x-misp-object--809a3e46-68ae-46b5-84d3-2e77b2f8c2c2",
"x-misp-object--8fdf2a25-528c-4818-ba85-979144dfb69c",
"x-misp-object--f73d494f-0ac5-416d-83a2-69f80a69082d",
"x-misp-object--5df0d3ad-bc0b-45cb-813f-f6549bd4b098"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:target-information=\"Ukraine\"",
"misp-galaxy:tool=\"Cobalt Strike\"",
"misp-galaxy:tool=\"Trick Bot\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cfeeffe0-0d4b-4bde-82be-c3e4f00ac770",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:27:46.000Z",
"modified": "2022-04-19T13:27:46.000Z",
"pattern": "[file:hashes.SHA256 = '1f1029d94ca4656a577d554cedd79d447658f475af08620084897a5523587052']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:27:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2ce189ea-72be-4d9e-bfe1-09a89fc75fe5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:27:46.000Z",
"modified": "2022-04-19T13:27:46.000Z",
"pattern": "[file:hashes.SHA256 = '6f0ddfe6b68ea68b5e450e30b131137b6f01c60cc8383f3c48bea0c8acb6ef1c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:27:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3c77b174-1b0e-4098-9a75-57d17f3633fa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:27:46.000Z",
"modified": "2022-04-19T13:27:46.000Z",
"pattern": "[file:hashes.SHA256 = '9990fe0d8aac0b4a6040d5979afd822c2212d9aec2b90e5d10c0b15dee8d61b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:27:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b23b81fe-1dec-49c7-bd8c-c4a8ba03a1d8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:27:46.000Z",
"modified": "2022-04-19T13:27:46.000Z",
"pattern": "[file:hashes.SHA256 = 'df58100f881e2bfa694e00dd06bdb326b272a51ff9b75114819498a26bf6504c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:27:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1dc91cd6-93eb-4201-8fb1-65cd3f7e7336",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:27:46.000Z",
"modified": "2022-04-19T13:27:46.000Z",
"pattern": "[file:hashes.SHA256 = 'ea9dae45f81fe3527c62ad7b84b03d19629014b1a0e346b6aa933e52b0929d8a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:27:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6b16e33c-33b8-4604-af27-c2966171b700",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:29:38.000Z",
"modified": "2022-04-19T13:29:38.000Z",
"pattern": "[url:value = 'https://e5qo83-fedex.us/wzlco?VLakox?80934612']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:29:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bb9b81f6-0f86-40a3-a269-b76a1dcdcfa9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:29:38.000Z",
"modified": "2022-04-19T13:29:38.000Z",
"pattern": "[url:value = 'http://138.68.229.0/pe.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:29:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--066aee0a-674b-4bed-b365-c2db9056a8a2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:29:38.000Z",
"modified": "2022-04-19T13:29:38.000Z",
"pattern": "[url:value = 'https://138.68.229.0/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:29:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b6357090-bde6-4f7b-b5df-ada2131ba85e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:29:38.000Z",
"modified": "2022-04-19T13:29:38.000Z",
"pattern": "[url:value = 'https://dezword.com/apiv8/getStatus']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:29:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bb5336ff-5b37-42ac-877d-4ce2411a4f34",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:29:38.000Z",
"modified": "2022-04-19T13:29:38.000Z",
"pattern": "[url:value = 'http://138.68.229.0/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:29:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--62049eb3-e963-46ce-9b81-d5545e85b86b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:29:38.000Z",
"modified": "2022-04-19T13:29:38.000Z",
"pattern": "[url:value = 'https://dezword.com/apiv8/updateConfig']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:29:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--17cffd8c-62e9-4cd2-80c6-40ade431d9ed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:29:38.000Z",
"modified": "2022-04-19T13:29:38.000Z",
"pattern": "[url:value = 'https://dezword.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:29:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--25e7bbae-b61c-440b-b6af-02de7ee9f80e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:29:38.000Z",
"modified": "2022-04-19T13:29:38.000Z",
"pattern": "[url:value = 'http://84.32.188.29/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:29:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7041d6a0-cc10-4464-9847-f398a2f6ed7b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:29:38.000Z",
"modified": "2022-04-19T13:29:38.000Z",
"pattern": "[url:value = 'http://dezword.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:29:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0de23523-f165-459e-93c0-189aec49ef09",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:29:38.000Z",
"modified": "2022-04-19T13:29:38.000Z",
"pattern": "[url:value = 'http://dezword.com/apiv8/getstatus']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:29:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c7dbbdde-3d06-4112-a694-1ff68bf12576",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:08.000Z",
"modified": "2022-04-19T13:30:08.000Z",
"pattern": "[domain-name:value = 'dezword.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5953cba9-4fa4-4b0d-b67e-859074a1784e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:08.000Z",
"modified": "2022-04-19T13:30:08.000Z",
"pattern": "[domain-name:value = 'kitchenbath.mckillican.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d75195a5-92aa-4e55-9f61-0ffb63f742b3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:08.000Z",
"modified": "2022-04-19T13:30:08.000Z",
"pattern": "[domain-name:value = 'www.15ns84-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--98c5d7ed-32cc-4b81-bbc4-f7f0c78f6dc9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:08.000Z",
"modified": "2022-04-19T13:30:08.000Z",
"pattern": "[domain-name:value = 'www.ba4x83-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--21bf9fd1-3dbd-442f-a7e1-76ef0a6f519c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:08.000Z",
"modified": "2022-04-19T13:30:08.000Z",
"pattern": "[domain-name:value = 'www.c1tf83-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cb56d9e7-ff65-4664-a479-42bdda8d8cb3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:08.000Z",
"modified": "2022-04-19T13:30:08.000Z",
"pattern": "[domain-name:value = 'www.enzj84-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fd55edb9-a125-4048-9cbb-f5d906b125d6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:08.000Z",
"modified": "2022-04-19T13:30:08.000Z",
"pattern": "[domain-name:value = 'www.fx7u83-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--749d4786-b472-4bea-8e29-e9ced2a1b4d1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:08.000Z",
"modified": "2022-04-19T13:30:08.000Z",
"pattern": "[domain-name:value = 'www.fx7u84-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bcec041d-5924-47be-a917-98d53a510bd3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:08.000Z",
"modified": "2022-04-19T13:30:08.000Z",
"pattern": "[domain-name:value = 'www.glsc83-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cf05a2ea-3013-451b-b596-efc6c2ffa0cc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:09.000Z",
"modified": "2022-04-19T13:30:09.000Z",
"pattern": "[domain-name:value = 'www.igik83-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--600e0fe5-6fc5-4a8f-b73b-7c6d375e99d6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:09.000Z",
"modified": "2022-04-19T13:30:09.000Z",
"pattern": "[domain-name:value = 'www.jfws84-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b3ab8dc5-0d44-40bb-b00c-fa058627b9c9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:09.000Z",
"modified": "2022-04-19T13:30:09.000Z",
"pattern": "[domain-name:value = 'www.k9yr83-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4c478ec0-5fbf-4ee4-bead-4add23c8ebe4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:09.000Z",
"modified": "2022-04-19T13:30:09.000Z",
"pattern": "[domain-name:value = 'www.koda83-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c447a873-9758-4cf6-b856-c0a739ef9191",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:09.000Z",
"modified": "2022-04-19T13:30:09.000Z",
"pattern": "[domain-name:value = 'www.mqqo83-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0b22b71b-df3b-4783-a55c-138846d25c3e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:09.000Z",
"modified": "2022-04-19T13:30:09.000Z",
"pattern": "[domain-name:value = 'www.mqqo84-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--38ebbd09-486e-416d-b026-c4d5d60969ff",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:09.000Z",
"modified": "2022-04-19T13:30:09.000Z",
"pattern": "[domain-name:value = 'www.nktc83-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7c57fd9b-2c63-47fe-9a4e-f1c676f45f6a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:09.000Z",
"modified": "2022-04-19T13:30:09.000Z",
"pattern": "[domain-name:value = 'www.nktc84-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--befda417-08da-46ae-938c-530b47403aed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:09.000Z",
"modified": "2022-04-19T13:30:09.000Z",
"pattern": "[domain-name:value = 'www.nqe383-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bf542b70-4cdc-4b1a-8751-9356b62b9de5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:09.000Z",
"modified": "2022-04-19T13:30:09.000Z",
"pattern": "[domain-name:value = 'www.rl6s84-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6d4633e9-ebaa-405b-ae20-a4ad5541c643",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:09.000Z",
"modified": "2022-04-19T13:30:09.000Z",
"pattern": "[domain-name:value = 'www.wdhx83-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8a2d2fe1-2c7e-4668-887b-4fd8e6a081ac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:09.000Z",
"modified": "2022-04-19T13:30:09.000Z",
"pattern": "[domain-name:value = 'www.wubl84-fedex.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--edefaf19-a841-4689-b56e-123b3efe06ef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:30:09.000Z",
"modified": "2022-04-19T13:30:09.000Z",
"pattern": "[domain-name:value = 'www.www.dezword.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:30:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f54e4b57-a5d0-4771-a556-4484192b636d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '84.32.188.29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a7867a75-2882-4497-9fbd-b05cc522e0bf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '138.68.229.0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--73d9ec3f-9acd-401b-8602-33742ec0c88b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.225']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--48f86dc7-c52c-4a54-8a73-1ea883c5ef83",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e621c574-0af6-4498-bbe4-a53d9e558201",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7e6e4ba4-fd5a-4915-9333-ab479f671484",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--24d9270f-b9ee-49f7-98e4-3412fe68d628",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a8168f09-8001-4e55-a947-183cb0e46ed4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--31dcc91d-77f0-4dfd-9434-ee552401ce91",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d05c5391-4984-4627-aa49-876c2cd49c9c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.89']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--26c49fcd-d8ba-47a4-b505-65addccb9aaf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.209']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cc520f0b-c55f-4041-8b07-08b4b6bcb037",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--578b0451-c007-4ff5-952c-f0a7332e9010",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.160.51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c316b3fc-7ed9-4b2b-a5e1-85ab48855746",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.226']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--af84df87-9c34-4b11-a3bd-9adb78906b6a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1c07fbfe-22cd-4775-8619-b26cec97e1bc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.163']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--70299e93-ff93-45d6-b0bd-e0618f22ec23",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.160.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0f770b42-5423-4d45-89b5-4c8b999865c9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b597cff7-58ca-4166-b08f-0374a1d0ebc3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fd8dccf8-a87f-4a2f-8930-84321eb1dd5b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.161.60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--280b384d-cb64-4edd-983e-c887f0ea4437",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:20.000Z",
"modified": "2022-04-19T13:39:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.60.160.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c3cd6f20-cd40-49bb-b6be-b617f1354389",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'agreminj.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--278731e7-fb13-4357-9c87-a75bd712230f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'akaluij.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f1d045ac-a519-48bd-897c-e0cc4541bca1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'anidoz.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fb7c602d-9d27-4b32-a119-b11f96223e0b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'apeduze.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--840a46c4-9a71-4773-84da-f72ecfdaaab8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'apokil.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--93349386-f6b3-429a-9b9f-2b7283c2bb6a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'arentuk.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0f66306e-3c67-4b44-acda-2312d58f8f25",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'axikok.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a0f99133-677d-4fa3-90f3-3b65eade4279",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'azimurs.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d23eb6c6-b17e-485c-b2a3-2ae9be8e71bb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'baidencult.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bf3e79f2-5548-4293-8ccc-45f43acd0337",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'billiopa.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4447dafe-cc48-4b15-bcda-d2683475b01a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'blinkij.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--45bd3293-441c-4cbb-9f8d-1f787470d4ef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'blopik.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ada00487-2c2e-4de1-aa5e-53e0b814a023",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'borizhog.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3652f949-f109-4c5a-86b5-f2e976a19656",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'britxec.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a0df3698-372d-48ab-aafb-0f4fbf9635d1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'drimzis.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--33590d94-5ae3-4853-b03b-62b9a56016f4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'fluoxi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d295e514-5287-49c1-bc4e-8168dbacc05e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'shikjil.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--66613b64-69c5-4ab4-a7da-77cd07fe8cb7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'shormanz.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c4a06d91-51e3-4386-b546-2214460e97f0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:39:21.000Z",
"modified": "2022-04-19T13:39:21.000Z",
"pattern": "[domain-name:value = 'verofes.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:39:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--edf044d9-c432-4fcb-868b-df6050828c39",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:28:09.000Z",
"modified": "2022-04-19T13:28:09.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://pandora.circl.lu/analysis/d71d610b-0bae-4666-9a92-a5e0ea7084f1/seed-d4fz5w8r8y3HHLx-tVbbaioJfkNnwk1DOkXG3Y4s9xg",
"category": "External analysis",
"uuid": "6e184afc-1372-4157-be4f-c574beb1206a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1d5d82ed-2bec-4a8a-a8c4-ad72e7771a1f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:33:06.000Z",
"modified": "2022-04-19T13:33:06.000Z",
"pattern": "[file:hashes.MD5 = '877f834e8788d05b625ba639b9318512' AND file:hashes.SHA1 = '96bde83f4d3f29fb2801cd357c1abea827487e37' AND file:hashes.SHA256 = 'ea9dae45f81fe3527c62ad7b84b03d19629014b1a0e346b6aa933e52b0929d8a' AND file:hashes.SHA512 = 'cf72096dee679bce8cde6eacf922b5559dbac9b77367a7f2a3fba5022fd2b1303aa1c5805167c3cb8fb774e7390fab86eb3d16585fc72c31497a08bdf2b26518' AND file:hashes.SSDEEP = '768:pdzHDjCxD6czZ8K1PjOoDl8SZbKsLRGKpb8rGYrMPelwhKmFV5xtezEs/48/dgAX:pVHDjCxD6czZ8K1PjOoDl8SZbKsLRGKM' AND file:name = 'ea9dae45f81fe3527c62ad7b84b03d19629014b1a0e346b6aa933e52b0929d8a' AND file:size = '33280' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIACNsk1SSDKEEtCwAAACCAAAgABwAODc3ZjgzNGU4Nzg4ZDA1YjYyNWJhNjM5YjkzMTg1MTJVVAkAAxK6XmISul5idXgLAAEEIQAAAAQhAAAAaxGoM8u4rVkWOaYs+a4anqy1bXPuvVUUEPHeeyuHH3KN9PH164oBHm9rTChoOOoOggUKD72JJ6TQZWafoBoIyoeNlQys6GRaNtAmiZmvOfRzAcOOwnoamkp+Mv/Xn/TPxi6SLzUJCzoQyP8/uJpUoF7OjiEGbF286mcNyM3O4RTtFE3+4jpjZWZpJdXDS+joEgA2Fk9MJecsdq4srm1Xkv8QTuZ+9AoHplQZrkRPi/f0GTX3LDtoU+xvD0wbrFetf2xapeppK9jS6JpChQ6OWh+0Zc5Z0qxBVdWk3gQyzATDN8giA2M4GW06Eb/XUinZIhvQx83fG1j0VGMqa08X1TBk6qm3a5UIFZS3y47gSYyFr8UI3uu6NwSLUBX9gYOdY7xpfolU8jNfbAde+bzM+0KJiNukfNlbk6ADrkl84bKiGsyDe2xa7HkgadOn184oTRmpRFWUTZfyR+mKA2pp+9jKhlJHwi0FXwgubfC0zVqv0T6BE7VqpCThUoKVhzb6Dw1bJiCn28gcxSUza+4EPWvehR8CcuWzQfoG5pRZtCSqw4Y4AetXILeFQgdjfPElNzPXVl5JB6iRQGf/73ROkhDnguv+aUOJ4MuSUuPhT2u588IY/qqKA/90mZufEu78jXxfnBGSWoGky/Y+3U2nNpETG5XOmZr1N5OFRRSixlVPhcDLhTWdPqpBDrcCxChS4PJRAZsxvCb4of23N8Lc4WHK+3W+gOOl7tty7Z6wqcobBmOnjwCXqbS+yi8LJppLgxHEvH3/Sdq8ViLo4ioGgyE3x4QdXs4R8O1kReT5RCVjEty08fXEjmUNsqxX/inTLlowah9Gp5WjxWTAgrshUYaumEScBgxYAnbselUSzAnsG61yTR3mgVULZpTPI7cpxAWWfKz6048UeyIgp1zHoC6g92+BN0RVkyad/0mGcszaIFM0MxVCI12l7ZuqQKcrha1/xECrPfTgthWoPa4hee0HuLgZ5kFWwNG68Fn60VmKgGksJyxzgpK7KecSp/mh9ppqkSS+voTsiZA95MFcfiYo0//k5iKRtvJt1VtwAOMFkNtuIGVCBjsqa+cwx89pN44TTKiLG5JQ4M4hqJbWwKVTEAA/OciSA0Ha72JoQCtvQ9mEj9muEBOBQSVpcsTWL2VaqkXoSgACnUJgHekwmXNDot8cdFnywEtedrcs/weg4S8EOFpmVOEYNJbeWKreCpowhLuughxeEMiHeM39TiMRQrydveKB5ejwhmlwBwNKx6yX/IQD35918Gbo9QIstDIXMUZFyyBxYfHa9cJR3wm4QpZc7mnWWgKGWXU0Yd3tGunXwHZbq8FGREF5Rq2dLfJ6ZYn/krUaRupdFpkfeHRQGvW++7gbPX6c6u7mvPhA5RA8OFa+tpJlM5ShZGo095c2AH4Qm5oENwM6J0pt4fjIj1t+PZYpMAwh7iRMMJYxePw+SldHEvJewBXlfX2nDItwRTpfaBh0OG1BCx19damxw+xm0cQ1EQ3yiCSw9usqkp81LGmV+6rbZ9g76X/OuuD9hbccDtB5epJxTvKwoZYRwWqDtVDZEQs6ZdFdFqQGqUxgjyBLSrNWWFbQan3nm7awvq2I6n4ozsSgtRdydtKq824sBNVW5egCg0jqPGJXE9x8kNwClZ8ImBhVPadgJ1mEHaHhqGMljOeRz6YQMhh1oRcJl4JCW1cEtGLar4obbWdaHUpMaZB4kfm3K3pWhUnyJegTZ+W4SH6lgjtEtbyjgNrW/p/R23TFyoJm1J0BzhfqEegJ5/etX9qyS6xCKw0XP1GfB4vuw7jn57n43gPEJoh1HJ5r7sulKLnQlSgh23C3kNfOZl+TvLgJHcLKYvlz7P94L+nG6dyH+y00Fc40QQkXx08unZFZPna4JATk4mio/y9RN7u7FVcqSo4p/1CV6oTiuZ+GqdaWGrRbYpOqSxAuUpveOVhw+VQw4CGJ587gI07xnKLKAnKSqyPYPyCqwFpCre4AvLw+HkzeFyTFMI/WvZ1/YonRR5PxfvDLsW9Cn47RMobAlmOdQazmOcl7iEUNKgB1HEF4a5WojB5CbA7oDGXLS5MNJ5fQTkvEiF2iE/FGFnQ8qQA3GhfOzSdx9QHo93R2qD1OvBtIk0yCiZjAoIx6PxUTBVWzrYx3JWVkaBGEYQt7fu8BjokC18GLi6dSGHJU+ANgNbuh3v/Q95FI94eucb7hCMVzVDG9W1YJJ4TjjRRsZjEf8TCwtf9VvwyhiGQrkHTraYRyd/EU0y0009GqvJH/+AY/zptsgkWErZiIPJ4QHNizHCTq+hDsho7HfevVqJ0j/g2zQc7cXGJGXmQ2aAl4EfR9b+NRa3pT/tmUDDdqoUbAx0+obNpYyJgpUnxWId/SvyHmrH+6f07DjTvbDvhMchBFaqXx43E5USJEmGc7i+5mGOWFxV207XFAtiIupJ4ItOj3Sonie+vn41C8IiupB/7cQF22a/zIFKy63w6/F+XVLKokYxIZ3GDFTxicZirAHUIv+rmoHiUENmTGkKuF141gbjCdmBv5flVcGZlOZzH5DpgmH9E9R9IMkKUqgsmj0R2HQzaVT5vYs3onfVa2ZuC18LNrcGSCdY8VI6Kf0LpVNMvjctXdryZLkq/zOIZRK2JaWX6AjLAepbBXV2tpxXRpkkyEhpzA9xbmbnu8teYjVEweEE3vNgefqrmTmA5yuE+yhtK9uZBRsadYbNW4aUC7WLi9AT4+3WmGI3QyClc+65mmm1VTkzSS+Vyf0586BIC939xf9sCz/r5AQk2gMgJWXvXbD7kX+TfD4FHiLeAGkSYqkNuo5QUxYxfBsg8BwYpf+bk3WYEpEb2mBrmQhTP1j5WCpVGFD6AGYhB6Xc+mAaQyqcMlYXOreKTyd+cVGxehdNJ5xwvNGBUAb6Iqln56v5xmk1rAtiafiPomoBrwVONqoHZxgY4nONY1zCpvwH1YTWVgPHLWHUgO1ci2oC+mmliN9H7IBKnfB/V6aAX4TZp2axppPnRo49g1YCBvflB5lHw46nEY/2Ozk49bsvZrzy2PTlippg6iDhnEfx0TwKFDRO/D3qYKBhXxprX5xCeXWqIfNhOfxe+xCrgVrwCqesI1/jwkCYBsFhURTov8dpCGzjGzfQSBrkRzk8LY1/FuHURi7ZwIv0rRPeD16ywP+fV5Trxi4/p8T2B7BM5rTuuvMz8noKxH67KA2P3OXvrfyieKwqqojb1RYI5Y/S072HSxYf9S2trJyklbvkE4IIFLOOXk7VJiV2/8SEj4CW0shX2Blao8PVWppqnbMC7zti5NRw
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:33:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c4725d25-2953-4fbc-be2e-c3c960e68f60",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:33:07.000Z",
"modified": "2022-04-19T13:33:07.000Z",
"pattern": "[file:hashes.MD5 = 'e28ac0f94df75519a60ecc860475e6b3' AND file:hashes.SHA1 = '34bd51533865fe03756e7dc00f21e1d5f477db6f' AND file:hashes.SHA256 = '9990fe0d8aac0b4a6040d5979afd822c2212d9aec2b90e5d10c0b15dee8d61b1' AND file:hashes.SHA512 = 'be5171cadd8f1881bb1a9de006082ee003810979c11b503c511c8994acf31ceb002239eae6af8a910d84a7ab672f257f607ef11ad00bbbec8700823d88cdb093' AND file:hashes.SSDEEP = '49152:YS74RWcCACn04hdGniZH33waehC6CJCRpfBk0IIW9S+cCst03WIbfEWv+tD1lFTd:YS74gcCA94LyFT' AND file:name = '9990fe0d8aac0b4a6040d5979afd822c2212d9aec2b90e5d10c0b15dee8d61b1' AND file:size = '2448384' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIACRsk1SvqhrF9+kOAABcJQAgABwAZTI4YWMwZjk0ZGY3NTUxOWE2MGVjYzg2MDQ3NWU2YjNVVAkAAxO6XmITul5idXgLAAEEIQAAAAQhAAAAWZ8gH2KCSXUaeNs61KipD1RYt2is2bgL87d41bGIHh6o0AZ/W5TGPqR2j4ABjF5uj3X92QwXZYSD9dCzL0Xr68DEZXwlzFuVQ9l4w2bTId9BQl0ZvQmpmaPyTYy+oMsZFk140V50hO7L8WLGMXf5P4x2JU1bD7pHMAjZx7oRCqrgYFAb0EW/aMXUbVmY/KTeib4HNormF8r5mVkiXwQx/GVK9a9OWZilLsnKuJFDGpntxHMQMThJdSA/3ICTpt88dhgfrAlxsfAOlOrHifq+IDiyxPWUh5gEYI9dUVzqM6HJEVuIS0fK64sMOrU5WRywcZsGnKlCV5X4Ee0Xk2rUKItF6UfVshdGikCAg/wdFzxPep7C45fRQL4tJ/sYnlo9SbJ/IFykUeu7dVJc/fdfkhtSW/ayPTNo6zy2zM6BIVJ85iVPByBqG9QK6VHV1eQHbJl1UVxSXtNizujN+rFv7clVFBi7QXqmMHev0iaNlXKSxllokufNZIgb3n0mj0z5x69GKJhB6C0DC8nTcQ01zlX6KY1Wq6+qBYkZPYfOsDXDXjffYg6sVIRMKGRRue3IKiSze4+JlbcDR4cpX+lL/8ZlocrMuDYvSooDE9MxE8cwDjBDpu0kOb+D8+9zHq7XP+wIiVuQK/xYWB/UTi79M4BBoOJsI+iS/on7n0NriyN64bFEiSFkreDuaPPGtIIOE8TNNEcaZyHLiBr2xC+quzsXz0PnhScmgsHLRCwWheSbO7e2OMTa3ZwLwXBElFOubOzyVSgL7puwEvohc7KoNDyo03ewG0cfFKu1z1MztR6ZQoM79qadGNwIXtU3xmhUxH4t8hpw5WYsMPuIjQqojOZb8mDiQNn9L507xaQYdLkGhmOD5WZ+DMD5zQ8/9MYcL4WMUwzT4os9naMuPM7H7VQQ8iBC7ZijylhSabFGEmF6iDfMLamoDreQaRUjXTxDdMKDMST/6z7VflIv/LUJ++Q43eDwaldLYtQNWncxDqYAPUk7POhBZXfiOuBMr39b7+YP129HRg3TOr3g8foAcYqAmvFLce/YpVVGX3EMV5OA7Lvp+rP+E6LZPcfB9T/KTUdHBI9rqILYB9yJQhTiZ3LRPKuZUxPr1p6HXE7eFL/ME7Bsag+EgTsxAmE9rgfPnWW9cTft1dXH1MbO3yFh+ila03/sgkcSfg17pe6i3yaxCB5LoVGQcJa7B31W1DtaKlSYEAyseuzC1Iky4kW6iWd1FBHEaFp6uyYwqlowisxBFNm1Kx3mdb0Wc4E9KfMo6iQ6vn5WBd65lUtnmSZAFSnBOtkBg8aP/iQJMWR3tci6ZoeLMZPqx1UpRH1gDYkHALlCNNIEVwBuvDwTeg6eaFE9dhiFkLr0AEaVwQyp3ZNQP/dFz3eGDAOqtfDIMx7rgSHX6wqwjMMq8umF+5LtRPGo5XZIfpongS/75R2sIV+WMbhqOuXi9Zo/XM2sfzOA+/UUO8Fr7P3X1dCCGMy6deBduir+rM4MATfAl8bhCBCaL9A4bIfCNJqG+u7P1wjje8KrHk3nCsWpNVRHc4i1D3euOanMHvKSrDpfcHC0QC0z4Lx5pfeVyUI6rqQ4rkXIQNo190JXz/xld1Oh9dLr13SFauyBH4ZcqQkdJn/Dds+Oo8cg7BXwcSUETrWt9UJnBaScnb5sC/LRtd6eZcHUkD7VrqKpkiDcsLx68oolbblBEtUxeXOrnz5nHUTVzkJGZWIHQPXHu05/0Fl84/1VIaeLRarWM2uGoY4bwSQNdTXylkzD6Ec2z4RGDn2T6l8LsaWZOsZEKVkC8i7f+tpjXX/DbbEUEDD3gBZLw+S+zRTTflJOBG1qoybTT527ja9C3uoTvmqxpzuAS6DnHre94Bo4sTX2zoI9bOYMbS/Emo3jskCANYTZP/kNXhZaVVRN1x1mMy/1BBjn8VhUbtESSLnN5sCA6DMCrwwO2RRBQp1Jv01giZC2QfSFPob7nf+chh0V0eViRaINKeO4CMTbYpnhOXkNiulkw5UgqW9fJTLBxHg12FbQeF7xkorxuwKkRPaOY1SyKJzx0CCS5T1DCoFTCKW5oaUFX4np3nlI5y7Ofk275JUeTglVU/WqhqKw4nCAZvhosQoU/ebt3hAd0UvQtZzVfP5rlv7nTXMKVtoFbgGXFlQHsKgynH06SyuuoBogsPcdlbAGcEkuox30Eh3AQ1n7thRlVI8jnmRgoL4kJ2VtHI41Z1Fm6f3hTE+gwgoZ/tlsuiELGMBXCSLwPEKjB/IRFredTmLLqW9g9IOP+TjDjmtLqDYyo4SpldonEjz27AYrzkl82MJaETrBDII57JRV+B2MS3HMHObtZzxNObaDw6XKTtyoRRi5Z1GVvDWGYwzMTBuMZoJHAIw3WR9v5x8x2jkKknr4orydwFJmTji8wzYzqoM/ATHquq9Q8QjX0/y+KMCaJ1bcShq5AW9W7ZMHQWXcHoITszGhwFfQ9J76ZBdO8ZTcyHSQT78d8CwqcLMyifopGiXqDjS9Ikg7SBf3+nk8qUwRpp6X8GgZBugx+L/IZURI/ImtaH0aNfRQ4nY4uyqLxIaW1DilQ9tbNW/m3nv6xhGuaMnxwWQibHlOicAzaIRN6KTs5XoYGwrodLIbusF0y70gOToOojX+OzSaUrY6GUe5ZaaZjQmaFQ3jbB3Qfx+epgBWU+iFotDdqG1Z5VFk02HxmcHZC4fSb+3fu2DfWCpq1J6DE1XYbDsH3x9lrUno9/t+23/R9m9cwFhsSRTNvAsfS2mif1Ht1uVS4ZNiPg8Nb0Zdh+tw0oLLKbrnzLiWtDAAB2dxzorahIPoWhahVev5nGm14jX1JJF9bPKhGPw0P23749rPQFdokgmIPyifzh4I9oy7J6fvip/IhF1I3/pf2sn9dpBQNXt9Pz6NmGMb7XxgjvdZYy1RXSz7nDOv8fkmM8YuR93ecXV7Xq2ZaWHk/thyQ1C3Br8ygzyfQfhLtvnA3myvYAUwfwijVzJzYshnvb2SQikUEfkoEjscVevy1fQIvDGRibcBnwbGYLogiE/BiUuK2mfGMSon/OqyjUTvaadaluJ2EyvHUjH1QtrSI8zf3yhYn2C9kWlhH8ybY0oX7chrFHKvHSCxFnKsXSxqacZfIn4HmoyH+xDUqRAlZbYh3inFtr+cS9o5Vg3CcjnPpMFvUlenDM3zGJnEmr1sJpY+jpwA1v48CyfxnYT0ozfvXX+xULWrixKP7BqEz+LgJufN1g81sLJbTWIYFZ+vXx+esqnqTzWkIvgaTxrgex0+opE+RTDWDntccEWLZeGrlsfRtDF1G38ke41gJnPA
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:33:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cd304a2-a4c3-4878-95df-6c9da9a7fe29",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:33:08.000Z",
"modified": "2022-04-19T13:33:08.000Z",
"pattern": "[file:hashes.MD5 = '637481df32351129e60560d5a5c100b5' AND file:hashes.SHA1 = 'a46aee6e5a4a4893fba5806bcc14fc7fb3ce80ae' AND file:hashes.SHA256 = '1f1029d94ca4656a577d554cedd79d447658f475af08620084897a5523587052' AND file:hashes.SHA512 = '604bfd0a78a57dfddd45872803501ad89491e37e89e0778b0f13644fa9164ff509955a57469dfdd65a05bbedaf0acb669f68430e84800d17efe7d360a70569e3' AND file:hashes.SSDEEP = '1536:1ccLOuSwR3W8vM1pjd8MpGwIMESUnWWiidx34:1ccLm6W8vUBCMpGwIMEDnqe4' AND file:name = '1f1029d94ca4656a577d554cedd79d447658f475af08620084897a5523587052' AND file:size = '60992' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIACRsk1TaudpCVu4AAEDuAAAgABwANjM3NDgxZGYzMjM1MTEyOWU2MDU2MGQ1YTVjMTAwYjVVVAkAAxS6XmIUul5idXgLAAEEIQAAAAQhAAAAB3vodC7UQC9u2opGjJWQ4d7Cn+QFKxVIXmNyHF8SYcpkJuhRcucXcF3aGHrqwKpDDQxZscAy9//5pBObllBYKwwHP8cACzmtPgfpr02aYohc7xIVt0hwLjFpmlqKZ/0kE2/3+Sc2xNEs9EPZEfynIaKk4mBVVJtFEqkiuRGB2jWhA9/XPtmRZiGAvaQc2IHKbMtGYLlWXVo52aYNoVW7HAuOBRn0QcvxxsmppP4PDjcw/nY0C9H5u85DbpmVf9VI1RdHk0jSIuLyUe+tCOuTfVW6HW8B6cJnyoN3moGVzXJ7chHvVBrpx+heb2M8n8l0bRU43lb8wgz3irGWLQ2SnaaSYzxgHuQyxs7e6sgeRb5zBdmTWG1hdmaPa1ezo8WIyuq2gdIK35RfQlUErrkOLOZnWp4LHNdsMT+d+VThg2j7Qtkr0IiRfxw9d+SO4ca7ihi3Adp97IhIblqKquVVUc+pt929kVAYRl7EgPFI66HPNgpiKtyRtNhv4DaFhiw0NjxK7SUCXG1NfK2flCLjeIiPPJ7PUxpXh+ZBWpYA4nZ4oZXI9tGNA+7uAR7q3dDvuxBXhP8WukXpJ0SLEth5Bg+Y7PpwhObKT7aswM7Eu6oH/fSDB90NpJh0KawqzLRJJ0PmK0P3uuO18AM0XMFcAv0jhH3V2hLfnwfybXMCLluWXuG3bj9bkaimn7qW60SM2+vuwbPoLowQ4E53wvkJHm9DQ23JUWMeK3a0Hf/PTGcIsZfZq7ygqK7Ho1e/y1HKjoHIRg+q1/mhwubCU+AjnILW6ZXhwfxOS5Ag37GOFnrkTHMWIFpaE5G6HOnamDK/vORVjjslyhd207KADrrNhsUMjIia+ve80Q30c1aKg3Q1eG//qqcZRK+WvO+Yh+juTR33+nye1BXR+qLyi22UWkbx2g5BL+dyR/+O3tZuXNQ+7QeePiEkf4Owm+JGBL7AU3kU3ATOckiD9+R11PWq1QgHUzTjfEmxi0i/v+DvytI/ZqxBTrtDSOYGkWnKGTLKJbv63kL9nKPTjM6zFs4kFyqoV8oWyBTWSVMwPsaEERzEsi817ymdh7Hgv462E5Ya/5aKr/EoBgqLVCkS3+7ybD/z3g/JvEIOyVeSYv5oRnCSpqd8LX0EXpojKm+xkUTHOpjQsGIfgsdONh0BNMaHjpiL8fslqTWvRAMksv/ZGSTMtCh2udxRHyVB9/OX6DANcBRRVocOLyV+MxGqTLUQ9bNzCKilrjV2LaVS1WC0QnuTPmQTreFgZ0HceFr63hmZo4gdkBS4CLW9zdEvQPt95prMeD6Bs6/vHnwgYUAQAMm9VukoDHBlxEbbxL96reNIJPVrJZNIHrXYLbgbVNTeS+TQh7F9P78A2JEKsP88SWYAFBQCYrgbmh7+sPWrzjkk1xdLJnfUFHPdfLkUKEpcQN7SaOHP7ejQDogLTHB2B0FzGG2t0bvrK2ej5Xk+qbmZ0/6byNpN+zRP79AxwmWC4XAgeCifHYD7OCEjaZ5YrHTxD1PlyjFARZCZag6TjZT27cmYpi8QuqAzOy9CM2auXqQzCKNHmC5koSJEf73Xpv926cE10qys2gcHGYov3Tv+I6TNYgh6MfBJ97moSfvtft9GtZvFv1+UJpn8SMKg6wqoq0BcE8bEwgGKlj8SgArntDiE8IPT7fQYW3byY1L57H9WO/SfNYzwSgHDncpoBAQZ5arJd9LSeD8evfmolZe4kmOlH7b6jxjDVUsUrq0pozM7aHVUU0qZZBRgu0yH/OvoOr6q7Q1kB9/VQ+Xy7A+ny8F/VqTMVEa7gch8LGuL0IN3UMBspWcwOsAOG+2WNNtYDOR1gAbIKLUPHTLi0/uQdxwGt+ME+8e/qV5haS/tj/YgI6ZkYFoL5ECV1kWJ9t+rNDWciWKVfS72Xs24zS4zaL/FgTyad4YZyG2Gr6nQgQJcYB4rOOLPeFArgmOOVWOqIxrNcOUuYxoqvBQAH0zsIFBH6K46DfGYVm1VA99o+ciYjoE3DiaaEwQ0AMMPVjxNYXGfBz5oF75zHjCPTHpgQK7LxfN5U4G56VJhFgHGdHq/WL/u000EQg2K30EsJZZc7lBr0g2GYM5l+85wn8duagdsj4xMZPRtiFWeFqGYxqHX6AnPoefqCLo1nWrx79cCIsq3t9BvFfvS3vqudk4lniFcIrb1Na86rM/22if3j6jA42zRJTzisoUGkYC8+jgDV67dOjNDMNGFTMQtb884mB8PApyO1TiL753t3xphklZF3XeZVEtHK4ot9JWYXiHJafHLSheTw2EpF+S++5E3ulAuxcQiseGNwZFluG2t0fFpDzo4MS/TiSwgaM0FETzF7EYhkVPhuV89AUyyQ1dQPv0A3qwP4DcXb3lZeKv6lm8O3XA57xGIAO366Bh79vp+zOtZ06EQjgzO1A4YLwWGYz+0V+8iOeRdChrrT/xCe66lCKthkuDnXibzgkl7E4cQ+3SLvtcWWvbUA9OYB/f4jqeqc2Y6/6dnq75RscmDkoLOx2Aa+08tK4rJxCYC+ryngvcEw4lBcUyxDlSCVqU2s4Rkz7BavID/egO+RAfmntGAbvc353yeAauWcYBSyrVp0ui15IfmOpq+BsBHrf4mrgjbzKi5cQ6Ja4XDB73Mlbheiu2waxq8l/nIvLiKE2lE6FZlwTNhADuRer3L78OVSgZ/tXAung0nkcWr3xtqn36k9WMbJUGD2/0CqKcqktxtUAyDqAoiaRnQ0Bb5+DyOB2U4GiUytdEqNJzC2aeLNpDGEDoAEYP9ppNPLaGv1LUbqPoColsjk2ujNYwK7tHkSR492TVhypYVuqJxmUO7xjiyeVvtm8pMIJc6UYvGsXknjvL+i95HF2aT0xLJ0EBID1D6rUmf129aZ7WrQwEvmWz2ornnIA2XZZ/eXwgbU3aOWMQpCipBqrA86tzy9TgghoH9UCIAIVh8zxxv2pWXPoquzAf36KbW0W5XHr8G5YyDMwGhXoqYhKEFAp6yF8QL+Q+Qc9v9lleW2UGPykfLvlWkKgS14ph0AtXMUficrD1hEBxsHuqSpxRG1mfb0ZTFgJ/PnYj+U1pbQEerTzkuFQCzryG9helZ3a3nOnGYRjgfYE3NcmaEF3B272rMTEVKGBiXI21eRzQ6s+tNUQMW6MPrLsT1P3jhZVJWRC6OPSryIDpNHCpQcGkpSIUlK/Np+JLnHFV5/s/836wLTm2qko6jKdhjaU1UcSzjwvjWdPK+h0FgPOgPwRSn9HrlqBpJrdA2y442RqoN9jXA9tmSpv3/p9jSX/ewt+qRFlbhntLIdyahuGWglO4K5It11jI4/xc6/FNe2oVU7tBT
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-04-19T13:33:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--630cc256-f367-4f5f-83f3-757a28c587b1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-20T06:22:25.000Z",
"modified": "2022-04-20T06:22:25.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "summary",
"value": "Original page from CERT-UA",
"category": "Other",
"uuid": "70c5c20f-987a-4629-a359-0e12b00321ff"
},
{
"type": "attachment",
"object_relation": "report-file",
"value": "CERT-UA.html",
"category": "External analysis",
"uuid": "01348668-eae8-4b79-9340-ff3f8d952a0f",
"data": "PCFET0NUWVBFIGh0bWw+CjxodG1sIGlkPSJfaHRtbCIgI19odG1sPSIiIFtpZF09Il9odG1sIiBzdHlsZT0iZm9udC1zaXplOiAxNnB4OyIgbGFuZz0idWsiPjxoZWFkPgo8bWV0YSBodHRwLWVxdWl2PSJjb250ZW50LXR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCI+PG1ldGEgY2hhcnNldD0idXRmLTgiPjx0aXRsZT5DRVJULVVBPC90aXRsZT48IS0tIGJhc2UgaHJlZj0iaHR0cHM6Ly9jZXJ0Lmdvdi51YS8iIC0tPjxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsaW5pdGlhbC1zY2FsZT0xIj48bWV0YSBkYXRhLXZ1ZS1tZXRhPSJ0cnVlIiBwcm9wZXJ0eT0ib2c6c2l0ZV9uYW1lIiBjb250ZW50PSJjZXJ0Lmdvdi51YSI+PG1ldGEgcHJvcGVydHk9Im9nOnVybCIgY29udGVudD0iaHR0cHM6Ly9jZXJ0Lmdvdi51YS8iPjxtZXRhIHByb3BlcnR5PSJvZzp0eXBlIiBjb250ZW50PSJhcnRpY2xlIj48bWV0YSBwcm9wZXJ0eT0ib2c6dGl0bGUiIGNvbnRlbnQ9IkNFUlQtVUEiPjxtZXRhIHByb3BlcnR5PSJvZzpkZXNjcmlwdGlvbiIgY29udGVudD0i0KPRgNGP0LTQvtCy0LAg0LrQvtC80LDQvdC00LAg0YDQtdCw0LPRg9Cy0LDQvdC90Y8g0L3QsCDQutC+0LzQv+KAmdGO0YLQtdGA0L3RliDQvdCw0LTQt9Cy0LjRh9Cw0LnQvdGWINC/0L7QtNGW0Zcg0KPQutGA0LDRl9C90LgsINGP0LrQsCDRhNGD0L3QutGG0ZbQvtC90YPRlCDQsiDRgdC60LvQsNC00ZYg0JTQtdGA0LbQsNCy0L3QvtCz0L4g0YbQtdC90YLRgNGDINC60ZbQsdC10YDQt9Cw0YXQuNGB0YLRgyDQlNC10YDQttCw0LLQvdC+0Zcg0YHQu9GD0LbQsdC4INGB0L/QtdGG0ZbQsNC70YzQvdC+0LPQviDQt9Cy4oCZ0Y/Qt9C60YMg0YLQsCDQt9Cw0YXQuNGB0YLRgyDRltC90YTQvtGA0LzQsNGG0ZbRlyDQo9C60YDQsNGX0L3QuC4iPjxtZXRhIHByb3BlcnR5PSJvZzppbWFnZSIgY29udGVudD0iaHR0cHM6Ly9zY29udGVudC5maWV2MjUtMi5mbmEuZmJjZG4ubmV0L3YvdDEuMC05Lzk3ODYxMTEyXzMxMjYwMjg4Njc0MTg0OThfMzk2MzE2OTY0Nzc3MDk5MjY0MF9vLmpwZz9fbmNfY2F0PTExMSZhbXA7X25jX3NpZD02ZTVhZDkmYW1wO19uY19vaGM9VkMzS0w1SGRRd0VBWC1BM0o2MiZhbXA7X25jX2h0PXNjb250ZW50LmZpZXYyNS0yLmZuYSZhbXA7b2g9ZDY3ZjFiM2ZiMjIyZDMyYjJiZTZjMjljZmJlNGIzNmYmYW1wO29lPTVGNDY1RkMyIj48bWV0YSBwcm9wZXJ0eT0ib2c6aW1hZ2U6c2VjdXJlX3VybCIgY29udGVudD0iaHR0cHM6Ly9zY29udGVudC5maWV2MjUtMi5mbmEuZmJjZG4ubmV0L3YvdDEuMC05Lzk3ODYxMTEyXzMxMjYwMjg4Njc0MTg0OThfMzk2MzE2OTY0Nzc3MDk5MjY0MF9vLmpwZz9fbmNfY2F0PTExMSZhbXA7X25jX3NpZD02ZTVhZDkmYW1wO19uY19vaGM9VkMzS0w1SGRRd0VBWC1BM0o2MiZhbXA7X25jX2h0PXNjb250ZW50LmZpZXYyNS0yLmZuYSZhbXA7b2g9ZDY3ZjFiM2ZiMjIyZDMyYjJiZTZjMjljZmJlNGIzNmYmYW1wO29lPTVGNDY1RkMyIj48bWV0YSBuYW1lPSJ0d2l0dGVyOnRleHQ6dGl0bGUiIGNvbnRlbnQ9IkNFUlQtVUEiPjxtZXRhIG5hbWU9InR3aXR0ZXI6aW1hZ2UiIGNvbnRlbnQ9Imh0dHBzOi8vc2NvbnRlbnQuZmlldjI1LTIuZm5hLmZiY2RuLm5ldC92L3QxLjAtOS85Nzg2MTExMl8zMTI2MDI4ODY3NDE4NDk4XzM5NjMxNjk2NDc3NzA5OTI2NDBfby5qcGc/X25jX2NhdD0xMTEmYW1wO19uY19zaWQ9NmU1YWQ5JmFtcDtfbmNfb2hjPVZDM0tMNUhkUXdFQVgtQTNKNjImYW1wO19uY19odD1zY29udGVudC5maWV2MjUtMi5mbmEmYW1wO29oPWQ2N2YxYjNmYjIyMmQzMmIyYmU2YzI5Y2ZiZTRiMzZmJmFtcDtvZT01RjQ2NUZDMiI+PGxpbmsgcmVsPSJpY29uIiB0eXBlPSJpbWFnZS94LWljb24iIGhyZWY9Imh0dHBzOi8vY2VydC5nb3YudWEvZmF2aWNvbi5pY28iPjxzY3JpcHQgc3JjPSJDRVJULVVBX2ZpbGVzL3Nka18wMDIuanMiIGFzeW5jPSIiIGNyb3Nzb3JpZ2luPSJhbm9ueW1vdXMiPjwvc2NyaXB0PjxzY3JpcHQgc3JjPSJDRVJULVVBX2ZpbGVzL2pxdWVyeS5qcyI+PC9zY3JpcHQ+PHNjcmlwdCBzcmM9IkNFUlQtVUFfZmlsZXMvYm9vdHN0cmFwLmpzIj48L3NjcmlwdD48bGluayBocmVmPSJDRVJULVVBX2ZpbGVzL2Jvb3RzdHJhcC5jc3MiIHJlbD0ic3R5bGVzaGVldCI+PGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJDRVJULVVBX2ZpbGVzL2FuZ3VsYXItdG9hc3RyLmNzcyI+PGxpbmsgaHJlZj0iQ0VSVC1VQV9maWxlcy9zdHlsZXMuY3NzIiByZWw9InN0eWxlc2hlZXQiPjxzdHlsZT48L3N0eWxlPjxtZXRhIG5hbWU9InRpdGxlIiBjb250ZW50PSLQmtGW0LHQtdGA0LDRgtCw0LrQsCDQvdCwINC00LXRgNC20LDQstC90ZYg0L7RgNCz0LDQvdGW0LfQsNGG0ZbRlyDQo9C60YDQsNGX0L3QuCDQtyDQstC40LrQvtGA0LjRgdGC0LDQvdC90Y/QvCDRgtC10LzQuCAmcXVvdDvQkNC30L7QstGB0YLQsNC70ZYmcXVvdDsg0YLQsCDRiNC60ZbQtNC70LjQstC+0Zcg0L/RgNC+0LPRgNCw0LzQuCBDb2JhbHQgU3RyaWtlIEJlYWNvbiAoQ0VSVC1VQSM0NDkwKSI+PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiZsdDtwJmd0O9Cj0YDRj9C00L7QstC+0Y4g0LrQvtC80LDQvdC00L7RjiDRgNC10LDQs9GD0LLQsNC90L3RjyDQvdCwINC60L7QvNC/4oCZ0Y7RgtC10YDQvdGWINC90LDQtNC30LLQuNGH0LDQudC90ZYg0L/QvtC00ZbRlyDQo9C60YDQsNGX0L3QuCBDRVJULVVBINCy0LjRj9Cy0LvQtdC90L4g0YTQsNC60YIg0YDQvtC30L/QvtCy0YHRjtC00LbQtdC90L3RjyDQtdC70LXQutGC0YDQvtC90L3QuNGFINC70LjRgdGC0ZbQsiDQtyDRgtC10LzQvtGOICZxdW90O9Ch0YDQvtGH0L3QviEg0JTQtdCx0LvQvtC60LDRhtC40Y8g0JDQt9C+0LLRgdGC0LDQu9C4INCi0LXRgNC80ZbQvdC+0LLQviEg0KDQvtC30LHQu9C+0LrRg9Cy0LDQvdC90Y8gwqvQkNC30L7QstGB0YLQsNC70ZbCuyZxdW90OyDRgtCwINC00L7QtNCw0YLQutC+0Lwg0YMg0LLQuNCz0LvRj9C00ZYgWExTLdC00L7QutGD0LzQtd
},
{
"type": "attachment",
"object_relation": "report-file",
"value": "CERT-UA_files.zip",
"category": "External analysis",
"uuid": "618b0fda-db00-4758-b31b-594bccc4a94d",
"data": "UEsDBBQDAAAAAAdClFQAAAAAAAAAAAAAAAAOAAAAQ0VSVC1VQV9maWxlcy9QSwMEFAMAAAgAB0KUVPO142JHwQEAmMEBAB4AAABDRVJULVVBX2ZpbGVzL05TRENVX2VtYmxlbS5wbmdsWgVQHFESXSAEggbCosEWC+4S3N1lseAOwSG4Bnd3d3d3DxLcncDhuujix/nV1U3Vr2/9uuf1zHyZ/qGK8hKoSPhIAAAAVUpSVBkAgKH7W0J8/9bi5hXl/JbBOCpLCAOqJj4fvlVIjCSV5QAAd0oAwDcAAHgAvOUHAIAzEwBwpA8AcKcAADh2GW1KvG8dH+wkNR0BALSBvyWYRFo0gjdlYxaqGk4acrLcRrbWDAbGtoYmDK7WdoC/Xbyu3G9FaxMnAxJX6+82jtyufKC/S3C/lf/WzAgi+buIkxUfSENOkUTE1sGEhJ2BjYEJxI9EQkLC62Bsyq0sKv5P+FuND2Tu5GTHzcjo4uLC4MLKYOtgxsj89etXRiYWRhYW+jcJekc3GycDV3obR7J/KPmXHlETRyMHCzsnC1sbkr/VDQxtnZ34QKA3mX9f/zD0t1v6tyEbx3+yeuPH6Gpgx8jMwMT4/0BOFqam/x/1t55/wPj/g+N9M8It4mBi4GTroGpr+53fzsDCxonBxsSJ5I0/A/NXXsb/kfhv8N9Ucis4WJi8cf0bI35mXsb/bfs3e8b/of8P3zL+07n8SG+W/vWg+JEEPbUNAABBgJSokKorzEnnhxhjF+c9j7POVttEzccuZ7VzLW1hYVhRAiZTiM3I7ZJpD6t4E94VESMTEatRu8nk1vrkexTJ9+9g651+apKTB7yrhJeiL6W40eqc61I3UQOrnaVyXu15dcdX/vgYlYK4CulbVzZrkm7cdTh/3Xstd+y6yjwPYbOJBEJfDeDX+hF4cbL3QiVe/mLbdX2o97rwNKuAcGPmstk56QFxiZyMBJpXCBrBMxwiZfB79bhAAJR6UCjOr+5noru/UOmd87ud2/K7rzgfd/N4Cr7gTTFsNENaa2H/hurxOUBqQUDXwtG7GGD1uaGa9DyzPlvSa/jK6vM1g+9uWXv93PtBnchBZ7H6zsJ3YTDR0vPlrsr3/txLf8c+Esgli2++Zh+cT8t8tU3VdSbDdyfQeYy+7Lenm79CE+tgUdYwznX1KVjgymqTOjlat/HVVxW9oxbDgn3j6+sLkOnlGd2a91JaF2aRzxxviBBterbnZHryxcv55YKHo6hb47slHsQF/Zds/35i4Qh7KcW+40bTolhS/yMlt/fehFf+kPneVu+ql8ua/XBX3GK1/dlrF9D8Aum1y7k9j3i3LZgvqLa7LLyG93ZeZOjIkdMmyocZ57SDZuarsQyXQYg2a4FtjVoSIW1d441yb7YmnmaH2WnMcdRrgkFE0n72S7r+Jv2rAiRMd3ho5DVdPQfD4Dk9+WTUu2dwWFr9z/3583Kw5/Hki5vbH4JAjf0zxckcddA4jL0lkNmSiHmQdveb1J5Zc0FCrDTT0i4h47VAxnOlj+cvwqA/HS7ZruduQjTqt2EcEy+bdbCoaMebdVrqUC9GUbDLnBMe0evD+Wvy5TX6S0fcQ1cA94937Qg/MUODYWi1UV5Q0gbO2GuGiSGjinrF7/rZJ00hoq2MbdcLw1Q+Ny+e3hUyvUcbHpu4LX3JjfYPr0FAc1GN16DBtrjzozaJziB7ET587hvophcvz8v6ndioxCBOU0ZVLgdtRghA0TdREzjLNOir7QJcsYzCjZKQhpcwxV5YvzSttIR370xdOt6zcVut3rAMqNLkerlA6F/suKm+VL984Jh41muGjUQ81muWV7/uHPpFfK33rnzf+0LdpbVcobu61FOUd8Oy0Ey7GRgaPBBbhwvmg8bhZ1uqJbPv9DsUHo2Hd4/E5foRkeHv6bbilI23Et++bpUTP6cdEx0r1bTd9bQTxC4AnxkeFzM9yfoeFitngR7VxJEVE912k50EZkSezakPRQNkEMvNYd9fxNHSI3aDRthbFSjMVkktapIuydV8nhy0gCRa8DzWGCQss3r4UnV0nEol0aFgUv3ITfuy0fZh1wXPzwt907sdikYIkrVaw6e98NHwEw+48dFIGYoOjY7a0FGAi2VwNdOF/mVxq2LD2sZTpU9OR37/IIdq6i+fFktCEA5LSJNSqpKvJ2lHAiPo5KvDreC0GP7Sflr6uhGb50oGWu8/FS+pXD1OmlAXGTlv7HaCvjyuH10JFOo7X/g+1Vt22aO+WWVUzyG1gibTzkC7umA/nsAUIFP0lJmZnpRvOlISbepkPoZ9siBM6ooNANpchlTiEWckNoMDui/hwEUV9MUUrS1aCsg3PnwipwVRlN3VsSz+YmoSvL7gx9uSPxHormG0VNJEnNiuEI/Gx293UOcg+/Hr6XyXYJuWPxPCO8ps4C29KkG4mpfdMLYunDs7HTO1mUKu1xOql2FJ/s52titgMTXH9wbb8PTeFhjs+QEj10H7xGAXyXvLutoG0rF6iy5bkJiTiaOzSEcSBaFIZQykCrdsjcVz+0KMZFt6U7GeTt3lnrO+mDZrt7JI4jwVigC4pELp/5Ih/q2tmJTBpBe/mVjHT1waml8+DdVq4Lyoen48PrlXQRB4OotU2byPrFz+aeh03Wat3piS++5zosyuAl55GnUWvrW/TXxFBdjE2T2OiwZEbSUINhGk2SDS1BwZ6zup4wLi5LAUWgorpZqAKsugoCKn0xD8WNG1HeyZebTJvnSi1jtOIvv1wxb/+fVzseH5FnbwlgT4b1/8sOG3Q70FD7i7TSX1GoHnSrhuG8rsR9k5fpDpFw2Lzemzm18w5dJSdP1k7ANghlcUydvGwgy63wWDtj+kZ9plJtyrEVpk8Uqykmy+UqWHOxaE81sQH2Gx5uQpE0kgHV5MEpRLvdqV17oyGJnUq+xmge8iNx+3sz3HnOPPmSJuM/wXMu/YBgrVHzyutu85Acfb0t/+ZAMrbs8FFBHKf3XfInSfyXRe4PnsUvSMNj5KIHj5fWyjWa1Sh22EPUgblVYzcaSgHTmkb1Afr9vCi4l/0f6L7BZ7DCToL2NK9uFV1+1JBdgqhi3UXJUpIYwkalk/mcK/Y06F4c508tnQyak9tUaSFWaVPAdRdUGD0WeGruRXXFkkILMrdxv5aspi89JsNuoXSGyAY6QuKI5Cpy5qx5+Jti9Ol8se/K3uJwTdh/QC1BvmPWdr/AdXVH1VP1Y1kFSD0lihMYxcdV0ddFYqFnnFRFLvm0ZGeuQcOOwqv0O5C6Wx3odBUjENpxm9surttJALYpoaop3CZApMwNaW4UTbdPwq9ie4NsDjDIIvtlHA1e2z4+7HwGhPjxEdd4/maR2uC5N+uO5dNsHjbbV2FoE3n412nL16Ljj7Pwc9O9ekfX1JrdYMn3z2ZLqL2bEl/NHePOgZ2zJJr2YVVNjJsZbQXkfDv6whL+XAH/7NSZCjo33X+IL7K06HOAdfgVfMkS5siZxte8L4sZuqnLSomYi43FojsHac4vCzNUZ4sRNhHkc0+HN5A+RdoVmDTBJVeW/kWqmhRMWPVZns+ynO0V2y7uO7Tc9t39wDhC52G/UTJDbJO9rbGThsLdQ1n17nP0/h2ffK9nuPAt1Ol2ee5PzSR9h373aEmpUdI3y1QSzCJvpY02rzxlbUZFaf0pXjOFJRUUZrp5xZzrrR6joRmJDgLJWTuVP0ZUakh1UP8PHI1DKuvifHVaey1dGV77iVLh+0+JIsloZG3xLahxkOfrdYljo36GA0NwFL8w1Bo7MfekUYW5fJHt20JCotqrZkfgxmu5P1tQlvwgpYYrA6nmxUJ5pmQ+/77hmBRjqLAdoIsh8G+ZQrE491/IJk1CbZQzM66toaqNNnxbqsYwuKs7EuTFNvdMjwuqpJdUowxBIxYh5KyNMkicrAkkiA1bg7GuOPxqG8i5LWWk17V4DVJKcI0UHQHMuUmWYSKVBZXoGc5FmSCExJHiOjgF3GGizM2Lb3XMWzbIS7OiNxLvCx7Q8VOpuTlvqWh7rIydApkrbfT0mc2zMvM502u6fp7o
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--17746c0d-121f-402a-abe2-c98b8b362a55",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:33:07.000Z",
"modified": "2022-04-19T13:33:07.000Z",
"first_observed": "2022-04-19T13:33:07Z",
"last_observed": "2022-04-19T13:33:07Z",
"number_observed": 1,
"object_refs": [
"file--1558f253-39fa-52c0-9878-078f8dc5e90a"
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--1558f253-39fa-52c0-9878-078f8dc5e90a",
"name": "",
"extensions": {
"windows-pebinary-ext": {
"pe_type": "dll",
"number_of_sections": 6,
"optional_header": {
"address_of_entry_point": 6444291376
},
"x_misp_compilation_timestamp": "2022-04-15T14:06:15+00:00"
}
}
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2c263270-3a18-4d23-b950-c5710c490a72",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:33:07.000Z",
"modified": "2022-04-19T13:33:07.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "f4f099cd-1775-4181-bcd5-d47dfb7c53e8"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "2008064",
"category": "Other",
"uuid": "d1a15852-1dd7-42f5-8c6a-85dbdaeaca9f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.2176796284423",
"category": "Other",
"uuid": "3d75585a-57e4-47b2-a921-1660f5dac642"
},
{
"type": "md5",
"object_relation": "md5",
"value": "684289bf351c44dc953528df2ffef87c",
"category": "Payload delivery",
"to_ids": true,
"uuid": "efd228b3-f3cf-4a4c-81ce-8ed8466aed9f"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "df9128eb022b80bb078d48ecaac28e1327b2f586",
"category": "Payload delivery",
"to_ids": true,
"uuid": "00b6c9d0-d8eb-4af5-a1c3-32b5d4734e96"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "0ca1d82653e91144890ac93e172224d99808ac2df995711f1939a7df6775c88b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2f7ac303-7dde-433b-93de-12c5ad8eba2e"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "b1e4ac70996884d7a47eae933490e72b78ef4a74918d9fc71c554def1e6d386cbcda7020eb33b5dcfdb692df396fd1382116c615931480e482f18b684bab2334",
"category": "Payload delivery",
"to_ids": true,
"uuid": "27855c60-94a7-4ff0-96d2-29400e46b1a6"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "49152:+S74RWcCACn04hdGniZH33waehC6CJCRpfBk0IIW9S+cCst03WIbfEWv+tD1lFTN:+S74gcCA94LyFT9",
"category": "Payload delivery",
"to_ids": true,
"uuid": "eba0a1fe-3c08-48fe-8329-69654c8a2f5e"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--230937bc-fea9-4714-8cbf-bdfd69c3da59",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:33:07.000Z",
"modified": "2022-04-19T13:33:07.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "600be642-60b7-43b3-a3b0-373ce24ad6e5"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "189440",
"category": "Other",
"uuid": "65c87b67-fb9e-4d3f-86d6-cdd61580003f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.6118093937406",
"category": "Other",
"uuid": "c6eff9db-8dc4-40b4-9627-bcded48cd542"
},
{
"type": "md5",
"object_relation": "md5",
"value": "c1133122422cad249fc0b6d824ffeb06",
"category": "Payload delivery",
"to_ids": true,
"uuid": "eaf28612-f542-4b43-8a7f-eec5580e316e"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "ec10f523d0c96cd4fa8ebec9251b7e6dcab9adde",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ce111ab3-8dd9-4660-a17f-354fb48bbef7"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "cc19333d67022727a01821e0d6cb5c5f0d93e5ff808befc4f20064f9cf9471ee",
"category": "Payload delivery",
"to_ids": true,
"uuid": "84eed76f-7629-4702-b823-15fdd2860a5e"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "9dd84db6c9a036d3fbacc467a26c4313cb669a736e1bb68cc264157b01a87ca5fdcc51fbd883aa51e4eb888c1be4ce19c1856f77e0a2040a4105ef6308175423",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d904a07a-abf8-4ca6-991a-f1db2b3f9ea3"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "1536:g4uXN+5cluOmrydhN67qWJq906twHoWJ4/9dlZesW9ddXwl/zFbvaprJMF49AlU8:giyuZrVk906yoY4/EdkvapAMq80IGn",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3d99346f-5434-4714-9684-ccf958f4f705"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--809a3e46-68ae-46b5-84d3-2e77b2f8c2c2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:33:07.000Z",
"modified": "2022-04-19T13:33:07.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "c95ff4bf-76d7-48ec-9016-3adbccc65b52"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "193024",
"category": "Other",
"uuid": "86a8c647-63cd-486b-b51b-83c374b33892"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.8844151329756",
"category": "Other",
"uuid": "f228f1ce-0531-46db-9f83-67ca9e9a712d"
},
{
"type": "md5",
"object_relation": "md5",
"value": "23f1d1488d4b6b072f1fe3504723dae0",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bd624cb1-451a-4977-8e76-28a4003330f4"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "4cca8cdcb351b80cbe979eb56bab1823928be4bf",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c2bcc02e-c3b2-4101-b92b-e9d1f1a269c3"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "c9ee88150311891892c813cfbe143283f97e0bf3cd72749719114f3ac7329186",
"category": "Payload delivery",
"to_ids": true,
"uuid": "67e1eef0-3860-4b53-8e3a-f45cbbbdb2db"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "c35fcb393ca38ba8e8f76a7b6ba3edd4b80a195f7332202a93e9b35751f5e8983752f19ad99a6b9606b71e19301f1c9ea8f1712d08a3986354b2b46c86ce342e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "87f016ce-c366-4fc4-9978-3e6e285f4251"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3072:rG1F4Ac9ct4pWUDJ/d9Ml1GZ3u3GS33T+LXC7EltdfzVyZGraMQUgZXLUWSgg:S4pllV86iZ7Umg",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d0f34943-c9c8-42de-ae42-63b514a9f65f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8fdf2a25-528c-4818-ba85-979144dfb69c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:33:07.000Z",
"modified": "2022-04-19T13:33:07.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".pdata",
"category": "Other",
"uuid": "7e878648-fb58-412f-b01d-35f1ad9db7c7"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "47616",
"category": "Other",
"uuid": "27f20644-cdaa-4187-b998-1eff42a1cfe9"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.073585196443",
"category": "Other",
"uuid": "3f093617-0b6e-4919-aaf2-68ab0ce38533"
},
{
"type": "md5",
"object_relation": "md5",
"value": "fb7a1d64a3a58302f7c4700aad3e40bb",
"category": "Payload delivery",
"to_ids": true,
"uuid": "fd69ce9d-7c25-4f5d-a273-03a65be6de39"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "ce6e8eb73b5204c0162af5af2b71ac2f8ed64b99",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4a15d50f-2cad-4452-ad94-c4969f7d1bea"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "d1977b67ba6a3dfd54a3676ff395aaeaac76e16412bfb5036c470a1213e713d7",
"category": "Payload delivery",
"to_ids": true,
"uuid": "39dbe00f-4fb2-4905-93a2-4ccc7d7ee40a"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "f8376a0b75912b4d0bb330200d4f202eaf2d774f4aa98a575f7bb782d1b8b094980109ad60d3cd3be3a22e524409855de000393030fcfd1de4df2ee07e1d76aa",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3bd9f04a-26ff-4edd-8273-c19ec83071fa"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "768:rQMuxLdBpdlZSsF9Mx0Rln5oV8lcqd4KqLLw70txwixyvu444Je+lXYh0Wb5U:0lN7ZSsIxZQmKg60txwiT4Je+lBWlU",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8cb787e4-5526-4221-8c92-fd5c55d2934b"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f73d494f-0ac5-416d-83a2-69f80a69082d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:33:07.000Z",
"modified": "2022-04-19T13:33:07.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": "_RDATA",
"category": "Other",
"uuid": "9e327748-2e75-4a74-8586-8444e97d4c61"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "17ab255e-c59a-4fd0-a5d1-6a7280f90731"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.0548649085224",
"category": "Other",
"uuid": "33e8fcca-32cb-4ff4-83ca-c278785751c8"
},
{
"type": "md5",
"object_relation": "md5",
"value": "e102dd2a53e435be3b5cb44aaf810a93",
"category": "Payload delivery",
"to_ids": true,
"uuid": "55039e07-7c78-4ef4-9b37-5e7e14e8e3ce"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "ab13c0eaba8db274c9e9d9a74c4d82454f0eb3d7",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c84621cf-34b5-45f9-9563-7a9581b96e4e"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "3dcf2a5e725b4bf794505698566a17cd54e142996fb76cf10c4c17b00dff1707",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ad890487-386a-416e-912d-2bbddf0fdc46"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "d51fea97c18cde17926868833d6bea736554f694cb92cb2fefcf807ff0a9cd4cac055a992d72555e4aff4205cf21a31c3c8be0cb31f10e978a0bb62aa71fc298",
"category": "Payload delivery",
"to_ids": true,
"uuid": "97ae9c46-17d6-4e6a-b486-ba69dc7bf901"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "6:KIp+glWlEM63tL7duVGWBSQuUYU581iL23737XQv7wk:Kh7lIo3C1G67cck",
"category": "Payload delivery",
"to_ids": true,
"uuid": "34518e15-3cf1-4e78-9988-3be854df5fb5"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5df0d3ad-bc0b-45cb-813f-f6549bd4b098",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-04-19T13:33:07.000Z",
"modified": "2022-04-19T13:33:07.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "da202bc1-b55a-48e5-8ef7-27123dbd931c"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "8704",
"category": "Other",
"uuid": "1a051a7e-75cd-47db-8cfa-3972b8e4f928"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.4578968121665",
"category": "Other",
"uuid": "bef7e708-3d7e-43be-8589-e8ebd0707af1"
},
{
"type": "md5",
"object_relation": "md5",
"value": "83796fd40aa9446c00d898dbd22fcd56",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ed0cbb87-90fa-40c8-9cc6-8bd2db482b0d"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "04a4795a102c7cc4b9eeed7d6fe12711a1176741",
"category": "Payload delivery",
"to_ids": true,
"uuid": "897106e0-febe-45a8-89ce-e56915bc3062"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "22fb7e4ac5be03cd3bbc962313d0e2470acc96b7c60b84ae57a5966192e8b036",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a8aeb6a0-dc9d-48d3-ab50-7443e97a9ca8"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "6674ab2bd147138808cab67f2c57449ff1b475dda6c2af86c5f8abdb7dfe572d355f0f9ba846ce1df40e8789bef8d3ba25fb14caf8762dec3b15f2a629ec8c30",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5ab6c5d4-df18-4e41-9cfe-f8ce88da6a51"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "192:kdnfUHskn39nwVisGngSsbcM1gnVoX8UoNYEXTfHnVks8EXCJN2t7IQ:MfON9wfGv41gVoXkYE7HVks8ESJ0th",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3af65604-5d7c-4f82-b950-00a73ec7b7ce"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}