841 lines
36 KiB
JSON
841 lines
36 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5b3b7b62-5728-4980-937b-40240acd0835",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:39:23.000Z",
|
||
|
"modified": "2018-07-03T13:39:23.000Z",
|
||
|
"name": "Synovus Financial",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5b3b7b62-5728-4980-937b-40240acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:39:23.000Z",
|
||
|
"modified": "2018-07-03T13:39:23.000Z",
|
||
|
"name": "Clipboard CryptoCoin Hijacker",
|
||
|
"published": "2018-07-03T13:39:51Z",
|
||
|
"object_refs": [
|
||
|
"indicator--5b3b7bda-702c-45b3-831a-024a0acd0835",
|
||
|
"indicator--5b3b7bda-c67c-4e90-8a40-024a0acd0835",
|
||
|
"indicator--5b3b7bda-6d70-4225-b6ad-024a0acd0835",
|
||
|
"indicator--5b3b7bda-e698-4e7c-86fa-024a0acd0835",
|
||
|
"indicator--5b3b7bda-cbb0-4075-9c70-024a0acd0835",
|
||
|
"indicator--5b3b7bda-2b64-42b1-b364-024a0acd0835",
|
||
|
"indicator--5b3b7bda-5fe0-459b-8a68-024a0acd0835",
|
||
|
"indicator--5b3b7bda-fcec-4230-94ba-024a0acd0835",
|
||
|
"indicator--5b3b7bda-d310-4dcb-be70-024a0acd0835",
|
||
|
"indicator--5b3b7bda-cb08-43c7-a5aa-024a0acd0835",
|
||
|
"indicator--5b3b7bdb-fe10-4c9d-af40-024a0acd0835",
|
||
|
"observed-data--5b3b7bf5-c840-40dd-ac6d-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-c840-40dd-ac6d-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-f378-43e3-b6f5-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-f378-43e3-b6f5-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-0998-428e-b04f-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-0998-428e-b04f-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-1978-4c09-995a-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-1978-4c09-995a-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-2764-426d-998b-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-2764-426d-998b-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-3294-4b11-92e1-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-3294-4b11-92e1-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-4788-4c49-9e44-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-4788-4c49-9e44-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-4ed0-48e1-98be-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-4ed0-48e1-98be-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-5230-4d33-bb44-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-5230-4d33-bb44-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-4e24-4424-bf77-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-4e24-4424-bf77-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-5e68-475b-bb2f-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-5e68-475b-bb2f-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-5ea8-4f33-8ddf-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-5ea8-4f33-8ddf-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-7464-428d-bd37-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-7464-428d-bd37-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-93e4-4134-8ab3-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-93e4-4134-8ab3-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-a6e4-4316-a19e-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-a6e4-4316-a19e-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-b5fc-41d6-b3a7-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-b5fc-41d6-b3a7-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-b768-43cb-8995-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-b768-43cb-8995-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-d9a4-40e4-b86f-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-d9a4-40e4-b86f-28b70acd0835",
|
||
|
"observed-data--5b3b7bf5-fa50-44a7-b755-28b70acd0835",
|
||
|
"windows-registry-key--5b3b7bf5-fa50-44a7-b755-28b70acd0835",
|
||
|
"observed-data--5b3b7c72-4be0-49cf-94eb-28b50acd0835",
|
||
|
"url--5b3b7c72-4be0-49cf-94eb-28b50acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b3b7bda-702c-45b3-831a-024a0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:26.000Z",
|
||
|
"modified": "2018-07-03T13:36:26.000Z",
|
||
|
"description": "Megasync.exe/allradio_4.27_portable.exe",
|
||
|
"pattern": "[file:hashes.SHA256 = '9d891048dddda8a65de966c71f81464b20e402766aaee8a284da8d25c98270bd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-03T13:36:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b3b7bda-c67c-4e90-8a40-024a0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:26.000Z",
|
||
|
"modified": "2018-07-03T13:36:26.000Z",
|
||
|
"description": "Clipboard CryptoCoin Hijacker, d3dx11_31.dll",
|
||
|
"pattern": "[file:hashes.SHA256 = '48b66dd02a336eb049a784b3fd1beb5312fb8c078b3729d49e92e3e986c98e91']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-03T13:36:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b3b7bda-6d70-4225-b6ad-024a0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:26.000Z",
|
||
|
"modified": "2018-07-03T13:36:26.000Z",
|
||
|
"description": "Logger.exe",
|
||
|
"pattern": "[file:hashes.SHA256 = '0cc32e6e6a407b2b69e1d89b3f005eecc54e238104725dcdcc8d3fc09c109bb4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-03T13:36:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b3b7bda-e698-4e7c-86fa-024a0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:26.000Z",
|
||
|
"modified": "2018-07-03T13:36:26.000Z",
|
||
|
"description": "Injected miner",
|
||
|
"pattern": "[file:hashes.SHA256 = 'cf8ef10678e63ffd02a5a35c84461d0195e0eed234bf9328eede52f3bef0e5f7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-03T13:36:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b3b7bda-cbb0-4075-9c70-024a0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:26.000Z",
|
||
|
"modified": "2018-07-03T13:36:26.000Z",
|
||
|
"description": "Hidden Service",
|
||
|
"pattern": "[file:hashes.SHA256 = '2e23ab52259e45eaced300811a6d6795db719b029d06b08ca7bac7d86cc289ad']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-03T13:36:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b3b7bda-2b64-42b1-b364-024a0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:26.000Z",
|
||
|
"modified": "2018-07-03T13:36:26.000Z",
|
||
|
"description": "Satamon.exe",
|
||
|
"pattern": "[file:hashes.SHA256 = '2c3eae980a88e7bb6a91f2b466856f612f34b8a37fac46bbbb52c0af0e695488']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-03T13:36:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b3b7bda-5fe0-459b-8a68-024a0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:26.000Z",
|
||
|
"modified": "2018-07-03T13:36:26.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ffdc286711557df5f0bfd6a96744e93633d13fe45c02c240d5d6cf7531b21847']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-03T13:36:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"Adware"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b3b7bda-fcec-4230-94ba-024a0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:26.000Z",
|
||
|
"modified": "2018-07-03T13:36:26.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '20bdef6e68bbec5ddeb7b893a9b4f387adbf2ee304963e905d98116a57334a41']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-03T13:36:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"Adware"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b3b7bda-d310-4dcb-be70-024a0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:26.000Z",
|
||
|
"modified": "2018-07-03T13:36:26.000Z",
|
||
|
"description": "Temp downloader",
|
||
|
"pattern": "[file:hashes.SHA256 = 'acf810c7bb3961fd42f5925fcd4417cb812eb6fdaad00c98830c522d54c7f6eb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-03T13:36:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b3b7bda-cb08-43c7-a5aa-024a0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:26.000Z",
|
||
|
"modified": "2018-07-03T13:36:26.000Z",
|
||
|
"description": "Temp downloader",
|
||
|
"pattern": "[file:hashes.SHA256 = '084d4811c47a5dc36df59bfaf477e1f0bf3a9b3901877de1d1548c3343d1e4d6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-03T13:36:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5b3b7bdb-fe10-4c9d-af40-024a0acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:27.000Z",
|
||
|
"modified": "2018-07-03T13:36:27.000Z",
|
||
|
"description": "Temp downloader",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ea92702d5fe168a57ccf5abbe6b9f5eca25f039e111db4b010183aa6909c38d2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-07-03T13:36:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-c840-40dd-ac6d-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-c840-40dd-ac6d-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-c840-40dd-ac6d-28b70acd0835",
|
||
|
"key": "HKCU\\Software\\All-Radio"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-f378-43e3-b6f5-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-f378-43e3-b6f5-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-f378-43e3-b6f5-28b70acd0835",
|
||
|
"key": "HKCU\\Software\\All-Radio\\Settings"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-0998-428e-b04f-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-0998-428e-b04f-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-0998-428e-b04f-28b70acd0835",
|
||
|
"key": "HKCU\\Software\\All-Radio\\Settings\\TimeStamp\t914BE45509E88CBE12C9C147B92F8928"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-1978-4c09-995a-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-1978-4c09-995a-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-1978-4c09-995a-28b70acd0835",
|
||
|
"key": "HKCU\\Software\\All-Radio\\Settings\\CurrentLanguage\tEnglish"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-2764-426d-998b-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-2764-426d-998b-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-2764-426d-998b-28b70acd0835",
|
||
|
"key": "HKCU\\Software\\All-Radio\\Settings\\skin name\tCold"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-3294-4b11-92e1-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-3294-4b11-92e1-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-3294-4b11-92e1-28b70acd0835",
|
||
|
"key": "HKCU\\Software\\All-Radio\\Settings\\color\t0"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-4788-4c49-9e44-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-4788-4c49-9e44-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-4788-4c49-9e44-28b70acd0835",
|
||
|
"key": "HKCU\\Software\\All-Radio\\Settings\\saturation\t0"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-4ed0-48e1-98be-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-4ed0-48e1-98be-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-4ed0-48e1-98be-28b70acd0835",
|
||
|
"key": "HKCU\\Software\\All-Radio\\Settings\\use skin\t1"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-5230-4d33-bb44-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-5230-4d33-bb44-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-5230-4d33-bb44-28b70acd0835",
|
||
|
"key": "HKCU\\Software\\All-Radio\\Settings\\CurrentServer\thttp://www.radioserver2.com/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-4e24-4424-bf77-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-4e24-4424-bf77-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-4e24-4424-bf77-28b70acd0835",
|
||
|
"key": "HKCU\\Software\\All-Radio\\Settings\\ServersCount\t8"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-5e68-475b-bb2f-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-5e68-475b-bb2f-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-5e68-475b-bb2f-28b70acd0835",
|
||
|
"key": "HKCU\\Software\\All-Radio\\Settings\\resize\t1"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-5ea8-4f33-8ddf-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-5ea8-4f33-8ddf-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-5ea8-4f33-8ddf-28b70acd0835",
|
||
|
"key": "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\agwpyjho\t\"%USERPROFILE%\\gidulfmf.exe\""
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-7464-428d-bd37-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-7464-428d-bd37-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-7464-428d-bd37-28b70acd0835",
|
||
|
"key": "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\DirectX 11\trundll32 %Temp%\\d3dx11_31.dll,includes_func_runnded"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-93e4-4134-8ab3-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-93e4-4134-8ab3-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-93e4-4134-8ab3-28b70acd0835",
|
||
|
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E50B01A9-6717-4321-B6C1-3444E35D4419}"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-a6e4-4316-a19e-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-a6e4-4316-a19e-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-a6e4-4316-a19e-28b70acd0835",
|
||
|
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E50B01A9-6717-4321-B6C1-3444E35D4419}\\Path\t\\Opera scheduled Autoupdate 1427321617"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-b5fc-41d6-b3a7-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-b5fc-41d6-b3a7-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-b5fc-41d6-b3a7-28b70acd0835",
|
||
|
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E50B01A9-6717-4321-B6C1-3444E35D4419}\\Hash\tBINARY SIZE=32 MD5=5520F781167B06815EF8BD54DD186F9C"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-b768-43cb-8995-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-b768-43cb-8995-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-b768-43cb-8995-28b70acd0835",
|
||
|
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E50B01A9-6717-4321-B6C1-3444E35D4419}\\Triggers\tBINARY SIZE=352 MD5=83356B89B15EAB067435487A7B92FDBE"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-d9a4-40e4-b86f-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-d9a4-40e4-b86f-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-d9a4-40e4-b86f-28b70acd0835",
|
||
|
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E50B01A9-6717-4321-B6C1-3444E35D4419}\\DynamicInfo\tBINARY SIZE=28 MD5=3068A03846DFF3649992C32FBA75E688"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7bf5-fa50-44a7-b755-28b70acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:36:53.000Z",
|
||
|
"modified": "2018-07-03T13:36:53.000Z",
|
||
|
"first_observed": "2018-07-03T13:36:53Z",
|
||
|
"last_observed": "2018-07-03T13:36:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"windows-registry-key--5b3b7bf5-fa50-44a7-b755-28b70acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"regkey\"",
|
||
|
"misp:category=\"Persistence mechanism\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "windows-registry-key",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "windows-registry-key--5b3b7bf5-fa50-44a7-b755-28b70acd0835",
|
||
|
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows Defender\\Exclusions\\Paths\\%WINDIR%\\SysWOW64\\kqgzitry\t0"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5b3b7c72-4be0-49cf-94eb-28b50acd0835",
|
||
|
"created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a",
|
||
|
"created": "2018-07-03T13:39:06.000Z",
|
||
|
"modified": "2018-07-03T13:39:06.000Z",
|
||
|
"first_observed": "2018-07-03T13:39:06Z",
|
||
|
"last_observed": "2018-07-03T13:39:06Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5b3b7c72-4be0-49cf-94eb-28b50acd0835"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5b3b7c72-4be0-49cf-94eb-28b50acd0835",
|
||
|
"value": "https://www.bleepingcomputer.com/news/security/all-radio-427-portable-cant-be-removed-then-your-pc-is-severely-infected/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|