misp-circl-feed/feeds/circl/stix-2.1/5c066106-263c-4b85-9387-4d3f950d210f.json

1019 lines
925 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5c066106-263c-4b85-9387-4d3f950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-05T10:21:07.000Z",
"modified": "2018-12-05T10:21:07.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5c066106-263c-4b85-9387-4d3f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-05T10:21:07.000Z",
"modified": "2018-12-05T10:21:07.000Z",
"name": "MAR-10166283.r1.v1 (SamSam ransomware)",
"published": "2018-12-05T10:21:20Z",
"object_refs": [
"observed-data--01ac1fec-a06f-404f-aa99-f9b406aa02ee",
"mutex--01ac1fec-a06f-404f-aa99-f9b406aa02ee",
"observed-data--45842d35-5c7f-4e0c-9ef5-6eee797d6360",
"mutex--45842d35-5c7f-4e0c-9ef5-6eee797d6360",
"observed-data--0b59335d-7ace-4391-b5af-c7b62357f7cf",
"mutex--0b59335d-7ace-4391-b5af-c7b62357f7cf",
"observed-data--efcfaeb6-9680-4b3e-9044-90ac70803ad5",
"mutex--efcfaeb6-9680-4b3e-9044-90ac70803ad5",
"observed-data--43216016-e16c-4036-aff5-cfad3a408f4e",
"mutex--43216016-e16c-4036-aff5-cfad3a408f4e",
"observed-data--7d433e27-4113-4693-a172-7608e37aab06",
"mutex--7d433e27-4113-4693-a172-7608e37aab06",
"observed-data--5e1d1941-44ba-4802-89bb-a4ae12a91c82",
"file--5e1d1941-44ba-4802-89bb-a4ae12a91c82",
"artifact--5e1d1941-44ba-4802-89bb-a4ae12a91c82",
"observed-data--cc591345-cc1f-4b60-ab71-cb45c398ba7d",
"url--cc591345-cc1f-4b60-ab71-cb45c398ba7d",
"observed-data--13479b70-b600-4fc6-b1da-eb567e08285f",
"url--13479b70-b600-4fc6-b1da-eb567e08285f",
"x-misp-object--94fdc615-b38e-4568-82de-7035d661e81c",
"indicator--7d67e1af-621d-46c1-ae2d-8e82b7795081",
"indicator--6558bca6-f000-4d75-9387-73a0c563d259",
"indicator--58d8c50e-98eb-4dd0-ad20-a8016c61a1e0",
"indicator--cd3a3681-483c-4703-9183-5eadf686e7ce",
"indicator--7e3ec1d9-6683-4c0c-8c22-6a23e389e481",
"observed-data--419c5f16-27ed-4fea-8c5d-9a4cc8d2d2a8",
"file--419c5f16-27ed-4fea-8c5d-9a4cc8d2d2a8",
"observed-data--073fe05f-3c0b-41a9-9cdb-206bf91314cf",
"file--073fe05f-3c0b-41a9-9cdb-206bf91314cf",
"observed-data--ebb5a994-7d19-493f-96a1-93d61ceec288",
"file--ebb5a994-7d19-493f-96a1-93d61ceec288",
"observed-data--ba87eeb3-df09-4d10-812e-1256c3f2c50d",
"file--ba87eeb3-df09-4d10-812e-1256c3f2c50d",
"observed-data--685afd26-9fcd-47ae-9bb8-837497b2de58",
"file--685afd26-9fcd-47ae-9bb8-837497b2de58",
"observed-data--54ff7ca3-3736-4067-8eff-8ac9cbc938a1",
"file--54ff7ca3-3736-4067-8eff-8ac9cbc938a1",
"indicator--34754e49-8e1e-4b82-a538-68c778a544f7",
"x-misp-object--dad20043-8913-4afa-92ba-cff12283824f",
"x-misp-object--ae01c9b0-1419-4a83-8c70-97790c4ce4a0",
"x-misp-object--20483bab-be45-4f17-83b2-a3446b94d0dd",
"x-misp-object--240c0f80-fcda-4ba8-9035-777a892b73c8",
2024-08-07 08:13:15 +00:00
"relationship--f5b7c94a-895e-45b4-ba50-8c0da09d17cc",
"relationship--5d884256-d5b3-45c0-ba62-0e8e2baa06b5",
"relationship--37badbcd-7dcf-4209-bdd6-4780070a9515",
"relationship--874115a4-c3b2-46b9-a1b1-0f44f47ac5a3",
"relationship--f669582e-eaf1-455f-b5fe-cbfbbc259189",
"relationship--df3768ec-28b5-4fa9-a3eb-75e5e7634aba",
"relationship--2256b096-ed14-4257-b096-cec53907d7c3",
"relationship--ea72e816-8189-4acf-b06c-5c9e500c62e0",
"relationship--32e33937-6fff-4b6c-8315-37cc6ca182f8",
"relationship--17375c59-9d91-4960-8098-ef849daa22ce",
"relationship--cb21c04c-8c36-4dd2-9fd5-2b7b1add0dd9",
"relationship--9b1e1874-a070-4d43-a42c-61f5953f964f",
"relationship--8acbbdc4-989f-4139-9244-2b546c3d7bee",
"relationship--36d33604-8313-447a-b334-755bfd8d8bc6"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:malpedia=\"SamSam\"",
"misp-galaxy:ransomware=\"Samas-Samsam\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--01ac1fec-a06f-404f-aa99-f9b406aa02ee",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:06.000Z",
"modified": "2018-12-04T11:12:06.000Z",
"first_observed": "2018-12-04T11:12:06Z",
"last_observed": "2018-12-04T11:12:06Z",
"number_observed": 1,
"object_refs": [
"mutex--01ac1fec-a06f-404f-aa99-f9b406aa02ee"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--01ac1fec-a06f-404f-aa99-f9b406aa02ee",
"name": "!IECompat!Mutex"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--45842d35-5c7f-4e0c-9ef5-6eee797d6360",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:07.000Z",
"modified": "2018-12-04T11:12:07.000Z",
"first_observed": "2018-12-04T11:12:07Z",
"last_observed": "2018-12-04T11:12:07Z",
"number_observed": 1,
"object_refs": [
"mutex--45842d35-5c7f-4e0c-9ef5-6eee797d6360"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--45842d35-5c7f-4e0c-9ef5-6eee797d6360",
"name": "!PrivacIE!SharedMem!Mutex"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--0b59335d-7ace-4391-b5af-c7b62357f7cf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:07.000Z",
"modified": "2018-12-04T11:12:07.000Z",
"first_observed": "2018-12-04T11:12:07Z",
"last_observed": "2018-12-04T11:12:07Z",
"number_observed": 1,
"object_refs": [
"mutex--0b59335d-7ace-4391-b5af-c7b62357f7cf"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--0b59335d-7ace-4391-b5af-c7b62357f7cf",
"name": "IsoScope_a44_IESQMMUTEX_2628_27"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--efcfaeb6-9680-4b3e-9044-90ac70803ad5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:08.000Z",
"modified": "2018-12-04T11:12:08.000Z",
"first_observed": "2018-12-04T11:12:08Z",
"last_observed": "2018-12-04T11:12:08Z",
"number_observed": 1,
"object_refs": [
"mutex--efcfaeb6-9680-4b3e-9044-90ac70803ad5"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--efcfaeb6-9680-4b3e-9044-90ac70803ad5",
"name": "IsoScope_a44_IESQMMUTEX_2628_274"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--43216016-e16c-4036-aff5-cfad3a408f4e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:08.000Z",
"modified": "2018-12-04T11:12:08.000Z",
"first_observed": "2018-12-04T11:12:08Z",
"last_observed": "2018-12-04T11:12:08Z",
"number_observed": 1,
"object_refs": [
"mutex--43216016-e16c-4036-aff5-cfad3a408f4e"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--43216016-e16c-4036-aff5-cfad3a408f4e",
"name": "Local\\ZonesCacheCounterMutex"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--7d433e27-4113-4693-a172-7608e37aab06",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:09.000Z",
"modified": "2018-12-04T11:12:09.000Z",
"first_observed": "2018-12-04T11:12:09Z",
"last_observed": "2018-12-04T11:12:09Z",
"number_observed": 1,
"object_refs": [
"mutex--7d433e27-4113-4693-a172-7608e37aab06"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--7d433e27-4113-4693-a172-7608e37aab06",
"name": "Local\\ZonesLockedCacheCounterMutex"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5e1d1941-44ba-4802-89bb-a4ae12a91c82",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:09.000Z",
"modified": "2018-12-04T11:12:09.000Z",
"first_observed": "2018-12-04T11:12:09Z",
"last_observed": "2018-12-04T11:12:09Z",
"number_observed": 1,
"object_refs": [
"file--5e1d1941-44ba-4802-89bb-a4ae12a91c82",
"artifact--5e1d1941-44ba-4802-89bb-a4ae12a91c82"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5e1d1941-44ba-4802-89bb-a4ae12a91c82",
"name": "Figure 1",
"content_ref": "artifact--5e1d1941-44ba-4802-89bb-a4ae12a91c82"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5e1d1941-44ba-4802-89bb-a4ae12a91c82",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAlgAAAGSCAIAAACwnyjEAAEAAElEQVR4nOz9d5gc13kmjp7KqatznJwxmEEGCBCBAEmAIEiQYoQYlNZaUl55vbbsn73X9pXD8/hauut1UKJlKlFZzIQYAJBEzjlOwACTU0/nUF256pz7xwFGI5DQmrYlcnX7ffiAPTPV1adOVZ/3fOn9CISQbdsIIZZldV0nCILnecdxQBVVfARg0tdeEAgAAEgECQBIBAgACQRIgPDvAQKAgAABm+IIBCgECBcA/CcCAAK4JIAkcIlrp6IQIBAgASDg9WOuAxEAAAB/+cd/N2j4Pue8AeScCzToX7y+4U/XZuD6u/CPzuzP/zaYFD37evbSfun86NpkkAgAABh406UAEdeuCBG/OJVF0ggASAAEgAsAAhAAQABIAEABSCPAQEhDQEAAEAIIOAzzwS6giip+DSBc1yVJEgDgui5FUfjfD3tUVVRxHeiGn+F7XvzSQYhgCPwLOOfXBAAkQARwr/9Ezb5p7vnfl/P+Y0T4nvHPOef7/ckhfukzyblDuOF4NOeIfzOsm/9p9rPmsu/7fCL45TkhfukveIbx3Ls33gFIA0ABSCAAEAAIAQAAVSXCKj58EAghAIBt26dOnaqpqVFVlaIoy7II4j+4AFRRxX8CvOa1F9j+QASABEQEwGaHSwIArv0IAIAEAIgmASAhoBAgESAQfgtwCQDJa+RJAkBctwhvwA1G23/QHAQAUOiXTvveE95g/Fm/PKZfYRFiuB9whLMXDd/zRmwCzv76+sDg3JHMxaw5COa8oF0am4N42hEBIXHt2OvWPCQAINA109Mh6PecuIoqftOgNU0jCOLq1asvvfTS6tWrHcehKAohxHHchz22KqoAAR2vp78gQpcALnmN2Fzi+l/BtRe8/Us8d40IwS/OAH6ZCD8okXxQzPLcr+bU2cPmujpv8ILeQJkYH3T8BPq3mpCYF13yl/YGN5iJ770ozrlGbAgASMLr9wUCcO1fAMDc/QaBqkRYxYcPWhRFAADHcZZl1dXVBQIBmqaxj/TDHlsVVQDWBeA6yc0SIbY2IEHC6z+C64uyx4TgOtXNxdwlG7MgBnw/Xngfr+BvCrPENndcNxDh3L9+UCKk3/eCb+LBBQA41PtENm82PwQCgj0b1IUAzG5BIKZDfLNc4hpHgjnEWUUVHyJo0zQBAJqmaZoGIRQEQdd113Wr+TJVfBRQYK4vxIgEeL1G114DADAjzPXy2bbzvjkp7/UxYrw32eQGO+yG1x/UWXrD8e+lkP/jCd93GP/2t994vPs+RDg7geiXfwQAOOT7p/jcEEf8xcAc+4YJxIbgNTuehHCOTY8IAKzqhruKDx80y7LYESqKomVZruuWy2WKogRB+LDHVkUVwGKurcokIq75MxFJEICCgEAkjjPhPwHsCCUJ4hfRRHD9vQDhTFEAyLnrPvFLlte1hXv2d8Schf4XB32w8cNftvDe592/nFB6A00R6MbMlBu58IOOh0LvZdNruTvXQ61gThYoMecD5maZXkvIJa6b18S1kTs0cS2t95rzGeIzkNfeSyECEgTA/wECVHMRqvgogIYQIoQIgmBZ1nEchmE4jpMkCVuKVVTx4YJxELiWW4EIACgIKIhIBCgEKIhwIQSJALZbSATKAoIAECRwiDkpKjhpBQKcUDrLlLOpi7847pf+P+fVe//0bwO8XrCB5rz/uqn0ixOi6z/eYID9iszNf9+AHPBLbDqXdyGaE4u9PnhskMNf/qhrLIhmDXRAXv+lSbmz0VkK4f3Ktfdcm+1rzAgIHNxFH3RGq6jiPx8khBAAwDAMhJBhGE3TSJKssmAVHxEEXdpnUX6blg3Ely2fS4UoljNcWrUigiQDkjIc3gU8IHhAQN3gAEUhQAKCYRiSoW0AXYAohiYIgqZpraJyNEMRZLlcBiSBCAI6LgkI13aQCyVJoknSMgxspsy1nGZL5Yib4Gbjx7tMksSGKkIuJBCgSZIiCORCWfKQgLBtWxRFgiBs2xYEwXEcCCHP86qqMgyj6zpN0zd8ELqOm33uzcbpkMAmkE0gB0AHQAcgFyEIAKApkqYQAWzXdREEFAkpwoauwPHIhdBxGIpiaQYh5DgOQsh1XYQQBIAgCIQQhBBCCCAqOQaQOMgzKrR15FoU0JBjAtclgTsna5dEgETXiiyrqOJDB/3erzH+TXWnVsVHAaJJOA6ubaUs5FKWCyEA0AEkmM7OMAwDaIBYkiRJ3TTkmExatmU5NnAhYiBHExQFEIIQkq7L8hxLUBRBusiVZRmQpGkaPkEyTVNgWFVVy7ZDEIRP9pqmSVHU+3od8cbxvcDFuO8Fgg6EEOGqBYQoAAiEoOPi75iqKDZ0CYIwDIMgCEmSVKWCiRk6LsewJEmyLDv3GzrXjgTgBpP2/wyHAgQgCPQLfzK21TRNY3kOAAABAgRBUSQJAOG6lWJJEARAkoZpuggyHMdx3LUcAoIgAAER9kYDEhAAAIIhDdcELkQMAUgSIpJmeIHjtIp6fWNBXjMWr8/oBxp/FVX8OkCTJDnLef/H7W0VVfyGASF0HIegSIphIHRU5FAAWByQfF6jUkaSoBm6Q+g0w5SdiochGyqUACiSoU2KNAGAEBLYKCMIlqAIAABClmXxsmRcMwYhsh2v7EW2AwFACAkcX8wXJEn6QHkov4ogISIQAghQBEkBQECEEKJpimMZRVNplqFZRjN0gqJwtrbP5yuXy9hD49oOAOAaMWOWAgBct8P+HfPpApcgCJIABCZCnLyJkMCzCEGSoliWdwAybQsRgGUogQQcoBACDiAIQFIEASByHAevGwghgBBCgCQIgABBEALFuJaDEKJJ0nEczdIIRJq2RREkSQCAyLmyNeA/o1Kziir+46Ax7c26WWa5sGoRVvFRgMaQJiQYimBYQgOEBQHJIZeg83oe8gQgNIO2HOAIEk37AgXTqC2bjMiRPItIYDiWAx2WpmmaphzHtR3SRRQEjmVTrmu5NsfzSHNIF0HTBrbr8/sqlYqtGzRJgus1iBizL8ibZKfc7PtCESQkrsnC0YCgCAIQCCFo6YbX56MJkgQEQ137GhqazhAEz7I6RTmOQ9O067o0STnQRQjN5QwIACAIcHNhmZttZyFAJLr23muF7RABiFiK0g0dEQ4riQghVzMQSYiyLDO0phkWclmWJTnGcl3LNiGEJEsCACCEJABojsNWtFwIEM0wJEmbyOZ4GhLAtl1AkQiRxHWnKInIaxJx71eeUUUVv2HQBEFg//4sEYKbf6urqOI3DI2lTETQNKJJZJEIUoBhCAQQCUiOoXRTC3gE3YCOUvKFw5aueRm/BUFFNy0bQgawDE1RFA7OGabOsyxOB7Ndx7AtySMwCDIMpxXLuq6F/AHSRXpF9cleB7rgF2Vw19gPgusm1HtwM9eoDSGB0HVdU4QQohBACAAXItthacZ2HMswOIZFBNAMgyQpVVVJknRdF29JGYahEJxbzvQfoQ4CAVzgTiBEQEBBQEJEIIA0UyRphJBVViEBJJolaQoYtqU4DE0xNAsBAW2XpABFkIAEBALQhRBC4loCKIAAIRdKqu0CxPCkCWzkOILXQwlcqVwBAEACkADAOUX9ZHWZqeKjARoAMBvrxnRYZcEqPjpwAEIUDUjCtR3gQomhGRuYqhYRBSNbCdNkVJA0wzU004uMUNnxev2Wa5mORrqI5miCZR3H0TTNgyjHtP1ev2vboiBUgENA0nJsVzcl2UNCxLMctB2e41RNIxGAjjtXkgbM0s8H/HJA6FIEicNy0HEBQgQiaJKMBkPlSsXjkyuqqmia5PNajs1QlCRImUwmEokYhuHaNgTANM3ZuCBB/EKdBe9Z4U2EL25mETIUCSAiISIhTsEFNCBoRDA0LYqi4zglpQxIQhI8CICiUmYIyuORSYoq6hXVsmiOBTQNXXuuA4kkSQAI4LoIoSYxpKkV5FAa4TqaCgkKIWRoOi9LOGOURCSeWKq6zFTxkcEvESGag5vtcKuo4jcJwoUcQbGAQpZJWciHSMq0ClPZmekkqmjL58/Xz48
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--cc591345-cc1f-4b60-ab71-cb45c398ba7d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:10.000Z",
"modified": "2018-12-04T11:12:10.000Z",
"first_observed": "2018-12-04T11:12:10Z",
"last_observed": "2018-12-04T11:12:10Z",
"number_observed": 1,
"object_refs": [
"url--cc591345-cc1f-4b60-ab71-cb45c398ba7d"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--cc591345-cc1f-4b60-ab71-cb45c398ba7d",
"value": "jcmi5n4c3mvgtyt5.onion"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--13479b70-b600-4fc6-b1da-eb567e08285f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:10.000Z",
"modified": "2018-12-04T11:12:10.000Z",
"first_observed": "2018-12-04T11:12:10Z",
"last_observed": "2018-12-04T11:12:10Z",
"number_observed": 1,
"object_refs": [
"url--13479b70-b600-4fc6-b1da-eb567e08285f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--13479b70-b600-4fc6-b1da-eb567e08285f",
"value": "http://jcmi5n4c3mvgtyt5.onion/"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--94fdc615-b38e-4568-82de-7035d661e81c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:11.000Z",
"modified": "2018-12-04T11:12:11.000Z",
"labels": [
"misp:name=\"original-imported-file\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "attachment",
"object_relation": "imported-sample",
"value": "MAR-10166283.r1.v1.stix.xml",
"category": "External analysis",
"uuid": "ce1896dc-ef47-433a-a758-d1bb3c0b6e6f",
"data": "PHN0aXg6U1RJWF9QYWNrYWdlIHhtbG5zOmN5Ym94Q29tbW9uPSJodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIiB4bWxuczpjeWJveD0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIiB4bWxuczpjeWJveFZvY2Ficz0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0yIiB4bWxuczpBcnRpZmFjdE9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0FydGlmYWN0T2JqZWN0LTIiIHhtbG5zOkZpbGVPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNGaWxlT2JqZWN0LTIiIHhtbG5zOk11dGV4T2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjTXV0ZXhPYmplY3QtMiIgeG1sbnM6VVJJT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjVVJJT2JqZWN0LTIiIHhtbG5zOldpbkV4ZWN1dGFibGVGaWxlT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjV2luRXhlY3V0YWJsZUZpbGVPYmplY3QtMiIgeG1sbnM6V2luRmlsZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1dpbkZpbGVPYmplY3QtMiIgeG1sbnM6bWFya2luZz0iaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvTWFya2luZy0xIiB4bWxuczp0bHBNYXJraW5nPSJodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVExQLTEiIHhtbG5zOlRPVU1hcmtpbmc9Imh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUZXJtc19PZl9Vc2UtMSIgeG1sbnM6bWFlY0J1bmRsZT0iaHR0cDovL21hZWMubWl0cmUub3JnL1hNTFNjaGVtYS9tYWVjLWJ1bmRsZS00IiB4bWxuczptYWVjUGFja2FnZT0iaHR0cDovL21hZWMubWl0cmUub3JnL1hNTFNjaGVtYS9tYWVjLXBhY2thZ2UtMiIgeG1sbnM6bWFlY1ZvY2Ficz0iaHR0cDovL21hZWMubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTEiIHhtbG5zOmluY2lkZW50PSJodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5jaWRlbnQtMSIgeG1sbnM6aW5kaWNhdG9yPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5kaWNhdG9yLTIiIHhtbG5zOnR0cD0iaHR0cDovL3N0aXgubWl0cmUub3JnL1RUUC0xIiB4bWxuczpzdGl4Q29tbW9uPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvY29tbW9uLTEiIHhtbG5zOnN0aXhWb2NhYnM9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0xIiB4bWxuczpzdGl4LW1hZWM9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9leHRlbnNpb25zL01hbHdhcmUjTUFFQzQuMS0xIiB4bWxuczpzdGl4PSJodHRwOi8vc3RpeC5taXRyZS5vcmcvc3RpeC0xIiB4bWxuczpOQ0NJQz0iaHR0cDovL3d3dy51cy1jZXJ0Lmdvdi8iIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpzY2hlbWFMb2NhdGlvbj0iICBodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2NvbW1vbi8yLjEvY3lib3hfY29tbW9uLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2NvcmUvMi4xL2N5Ym94X2NvcmUueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZGVmYXVsdF92b2NhYnVsYXJpZXMvMi4xL2N5Ym94X2RlZmF1bHRfdm9jYWJ1bGFyaWVzLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0FydGlmYWN0T2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9BcnRpZmFjdC8yLjEvQXJ0aWZhY3RfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0ZpbGUvMi4xL0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI011dGV4T2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9NdXRleC8yLjEvTXV0ZXhfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1VSSU9iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvVVJJLzIuMS9VUklfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1dpbkV4ZWN1dGFibGVGaWxlT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9XaW5fRXhlY3V0YWJsZV9GaWxlLzIuMS9XaW5fRXhlY3V0YWJsZV9GaWxlX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNXaW5GaWxlT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9XaW5fRmlsZS8yLjEvV2luX0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvTWFya2luZy0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZGF0YV9tYXJraW5nLzEuMS4xL2RhdGFfbWFya2luZy54c2QgIGh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUTFAtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2V4dGVuc2lvbnMvbWFya2luZy90bHAvMS4xLjEvdGxwX21hcmtpbmcueHNkICBodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVGVybXNfT2ZfVXNlLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9leHRlbnNpb25zL21hcmtpbmcvdGVybXNfb2ZfdXNlLzEuMC4xL3Rlcm1zX29mX3VzZV9tYXJraW5nLnhzZCAgaHR0cDovL21hZWMubWl0cmUub3JnL1hNTFNjaGVtYS9tYWVjLWJ1bmRsZS00IGh0dHA6Ly9tYWVjLm1pdHJlLm9yZy9sYW5ndWFnZS92ZXJzaW9uNC4xL2
},
{
"type": "text",
"object_relation": "format",
"value": "STIX 1.1.1",
"category": "Other",
"uuid": "32ef76bd-4567-49c6-8191-d5905d290f6b"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "original-imported-file"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7d67e1af-621d-46c1-ae2d-8e82b7795081",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:11.000Z",
"modified": "2018-12-04T11:12:11.000Z",
"pattern": "[file:hashes.MD5 = '9202651c295369eb01cc7a10cd59adff' AND file:hashes.SHA1 = 'ff2f511009b2813af9d12c6103206828560869db' AND file:hashes.SHA256 = '594b9b42a2d7ae71ef08795fca19d027135d86e82bc0d354d18bfd766ec2424c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-04T11:12:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6558bca6-f000-4d75-9387-73a0c563d259",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:13.000Z",
"modified": "2018-12-04T11:12:13.000Z",
"pattern": "[file:hashes.MD5 = '1afc39b101a64c61b763fdf07fde1d55' AND file:hashes.SHA1 = '89fe55d2669e6c995b9a0d9ed5d5aa404d20713b' AND file:hashes.SHA256 = '427091e1888c2bf1f2e11a1010b3ab6c8634eda4ddc34d37202d401fbaa8989d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-04T11:12:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d8c50e-98eb-4dd0-ad20-a8016c61a1e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:14.000Z",
"modified": "2018-12-04T11:12:14.000Z",
"pattern": "[file:hashes.MD5 = '5b168ad87a0de81c443656cc144df29a' AND file:hashes.SHA1 = 'c3cf36abda1463dbe81dc7a7283c6a089c922071' AND file:hashes.SHA256 = '2b06d2abc87f51aa7b8451da16270003ceba57184b0dd5f244670873409c75b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-04T11:12:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cd3a3681-483c-4703-9183-5eadf686e7ce",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:16.000Z",
"modified": "2018-12-04T11:12:16.000Z",
"pattern": "[file:hashes.MD5 = '62e21431e87e8a21cf06319da7438f11' AND file:hashes.SHA1 = 'a4708853f4a7e4e242a236a433e9b5e8593f1090' AND file:hashes.SHA256 = 'bc53f513df363dd999ac855b53831b3b31ac5516a4bf8f324489710cf06955f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-04T11:12:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7e3ec1d9-6683-4c0c-8c22-6a23e389e481",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:17.000Z",
"modified": "2018-12-04T11:12:17.000Z",
"pattern": "[file:hashes.MD5 = 'f702153b68628eff973abb2912af0d22' AND file:hashes.SHA1 = '138c3aae51e67db0c4134affae428fe91c0d1686' AND file:hashes.SHA256 = 'da9c2ecc88e092e3b8c13c6d1a71b968aa6f705eb5966370f21e306c26cd4fb5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-04T11:12:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--419c5f16-27ed-4fea-8c5d-9a4cc8d2d2a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:19.000Z",
"modified": "2018-12-04T11:12:19.000Z",
"first_observed": "2018-12-04T11:12:19Z",
"last_observed": "2018-12-04T11:12:19Z",
"number_observed": 1,
"object_refs": [
"file--419c5f16-27ed-4fea-8c5d-9a4cc8d2d2a8"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--419c5f16-27ed-4fea-8c5d-9a4cc8d2d2a8",
"hashes": {
"MD5": "9202651c295369eb01cc7a10cd59adff",
"SHA-1": "ff2f511009b2813af9d12c6103206828560869db",
"SHA-256": "594b9b42a2d7ae71ef08795fca19d027135d86e82bc0d354d18bfd766ec2424c",
"SHA-512": "547efea0c2407d1e2949e84fe107820a1efaab2eaddeaf60ceb8f23b53d635b7c86ceadb1e19c07432e51a3609d02f12aca99cb5e23b5d324febb67994f83a9c",
"SSDEEP": "6144:gXNGATWMK0AlJgQpQXFvr0Cn8wyrQ4EeGiEb53fSEnetKA:gjDoWiUFe+NPSEnQH"
},
"size": 278032,
"name": "ss2.stubbin",
"x_misp_entropy": "7.99919",
"x_misp_mimetype": "data"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--073fe05f-3c0b-41a9-9cdb-206bf91314cf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:21.000Z",
"modified": "2018-12-04T11:12:21.000Z",
"first_observed": "2018-12-04T11:12:21Z",
"last_observed": "2018-12-04T11:12:21Z",
"number_observed": 1,
"object_refs": [
"file--073fe05f-3c0b-41a9-9cdb-206bf91314cf"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--073fe05f-3c0b-41a9-9cdb-206bf91314cf",
"hashes": {
"MD5": "1afc39b101a64c61b763fdf07fde1d55",
"SHA-1": "89fe55d2669e6c995b9a0d9ed5d5aa404d20713b",
"SHA-256": "427091e1888c2bf1f2e11a1010b3ab6c8634eda4ddc34d37202d401fbaa8989d",
"SHA-512": "35b066679ce733b0de20b79cb7570570164eb695307cbb96173bd7c4485b62a42e5b67caab8b9373e45b9cd9abe72ab0eb78960256420144b9f609c3734320f0",
"SSDEEP": "1536:VLDPjQejqUjWMuX/28KIGsA/Nu4vlIXa5CjZwEclPcx6KtCNvmuxOfgQBAMyOk3t:V3Mexh8KIXAV9vOX6mz6ylgr"
},
"size": 278016,
"name": "ss2.exe",
"x_misp_entropy": "4.757791",
"x_misp_mimetype": "PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--ebb5a994-7d19-493f-96a1-93d61ceec288",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:23.000Z",
"modified": "2018-12-04T11:12:23.000Z",
"first_observed": "2018-12-04T11:12:23Z",
"last_observed": "2018-12-04T11:12:23Z",
"number_observed": 1,
"object_refs": [
"file--ebb5a994-7d19-493f-96a1-93d61ceec288"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--ebb5a994-7d19-493f-96a1-93d61ceec288",
"hashes": {
"MD5": "074e52525d5ec2b2af8675477180b5f0",
"SHA-1": "631e5f4b9a3ba6855dd93dbdccb416337560491d",
"SHA-256": "a660cc6155b307c0957c4c6ea119a295a852d28097196d85f00f5517944a3dcb",
"SHA-512": "16d5cab293ffe44a8bfe247fc8f60167741d4a44cb12542b378cf26b689abcff95065ab44e4725b2ab3e85295925faa695bce1159d06211c1bf971d437398414",
"SSDEEP": "96:2RPS2X4/vpRMdu4JW4Qy06pZu42yNSSa/kZLCXWQJxZEzQx:GulKuwscsR5"
},
"size": 3547,
"name": "SORRY-FOR-FILES.html",
"x_misp_entropy": "4.871033",
"x_misp_mimetype": "HTML document, ASCII text, with very long lines, with no line terminators"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--ba87eeb3-df09-4d10-812e-1256c3f2c50d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:26.000Z",
"modified": "2018-12-04T11:12:26.000Z",
"first_observed": "2018-12-04T11:12:26Z",
"last_observed": "2018-12-04T11:12:26Z",
"number_observed": 1,
"object_refs": [
"file--ba87eeb3-df09-4d10-812e-1256c3f2c50d"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--ba87eeb3-df09-4d10-812e-1256c3f2c50d",
"hashes": {
"MD5": "5b168ad87a0de81c443656cc144df29a",
"SHA-1": "c3cf36abda1463dbe81dc7a7283c6a089c922071",
"SHA-256": "2b06d2abc87f51aa7b8451da16270003ceba57184b0dd5f244670873409c75b9",
"SHA-512": "853eec13cba76de73361f1fb1e18d11ce3c1b9496f5e093d3050283643f569b659a5931b2092d8302cc8cfbfb69e4a6241461eed4c8931879818c4280af025cf",
"SSDEEP": "1536:YM84wQNIdSpfYy1wDcCxqwDcCxqwDcCxqwDcCxqwDcCxqwDcCxWAAPtR8XKvfOxx:R2dHD3DD3DD3DD3DD3DD3v"
},
"size": 239104,
"name": "winnetuse.exe",
"x_misp_entropy": "5.041215",
"x_misp_mimetype": "PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--685afd26-9fcd-47ae-9bb8-837497b2de58",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:28.000Z",
"modified": "2018-12-04T11:12:28.000Z",
"first_observed": "2018-12-04T11:12:28Z",
"last_observed": "2018-12-04T11:12:28Z",
"number_observed": 1,
"object_refs": [
"file--685afd26-9fcd-47ae-9bb8-837497b2de58"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--685afd26-9fcd-47ae-9bb8-837497b2de58",
"hashes": {
"MD5": "62e21431e87e8a21cf06319da7438f11",
"SHA-1": "a4708853f4a7e4e242a236a433e9b5e8593f1090",
"SHA-256": "bc53f513df363dd999ac855b53831b3b31ac5516a4bf8f324489710cf06955f0",
"SHA-512": "f2f60c6eb6d96c025a34eb58e175866e15a806f9ec805793676cc60ede00dbfd55b9ade816c6148235e4fc34c4c412d91ae873d324032f1dbd17b09a7a539233",
"SSDEEP": "6:JF1ZzANc4PgXsoFDVlAVyXHI+CIwZALICLA9X/1y/W:L1Jsc4PSJFDyyXo+Bb0L/1gW"
},
"size": 267,
"name": "g04inst.bat",
"x_misp_entropy": "4.884702",
"x_misp_mimetype": "ASCII text, with CRLF line terminators"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54ff7ca3-3736-4067-8eff-8ac9cbc938a1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:33.000Z",
"modified": "2018-12-04T11:12:33.000Z",
"first_observed": "2018-12-04T11:12:33Z",
"last_observed": "2018-12-04T11:12:33Z",
"number_observed": 1,
"object_refs": [
"file--54ff7ca3-3736-4067-8eff-8ac9cbc938a1"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--54ff7ca3-3736-4067-8eff-8ac9cbc938a1",
"hashes": {
"MD5": "f702153b68628eff973abb2912af0d22",
"SHA-1": "138c3aae51e67db0c4134affae428fe91c0d1686",
"SHA-256": "da9c2ecc88e092e3b8c13c6d1a71b968aa6f705eb5966370f21e306c26cd4fb5",
"SHA-512": "7b5c3a6dcc30225874b70e9aa5df803d7796322e5c6654b0ace265b95b0134035384e113112a7a17b09e24dbceb71a22867424cfc1c660ec2ebb605583980dcd",
"SSDEEP": "48:6/mWW45Rekl3tpEE4ln0LT8wVMM4W8i02+KU4AeyuNew0cxdn5Mla5GQ6bwN8ah:gBv3Z8we5i0/4Ae+2gMrG"
},
"size": 5632,
"name": "sdgasfse.dll",
"x_misp_entropy": "3.968484",
"x_misp_mimetype": "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--34754e49-8e1e-4b82-a538-68c778a544f7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:32.000Z",
"modified": "2018-12-04T11:12:32.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '4' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'sdgasfse.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'sdgasfse.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-04T11:12:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--dad20043-8913-4afa-92ba-cff12283824f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:30.000Z",
"modified": "2018-12-04T11:12:30.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "float",
"object_relation": "entropy",
"value": "2.535489",
"category": "Other",
"uuid": "d9fe6e44-cc30-40db-bfbf-469837c22e18"
},
{
"type": "md5",
"object_relation": "md5",
"value": "b85b73ffa6d2bc4679ee6ece174a93b1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8437bc0e-9ae7-441e-a654-2cfd7835cb01"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "1462f817-eb71-4f26-9dfc-8af55b8cf4db"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ae01c9b0-1419-4a83-8c70-97790c4ce4a0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:31.000Z",
"modified": "2018-12-04T11:12:31.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "12fe3b15c663fe9ed9480c352f9bded3",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4e08fd07-3346-482f-ad85-37264e2c0613"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.048626",
"category": "Other",
"uuid": "5802bcb3-8618-4d14-afd4-c9478936504b"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "e950da47-13af-486f-a114-c0a1580e730d"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "3072",
"category": "Other",
"uuid": "1090c057-514e-45c4-90e7-b743a6ba2294"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--20483bab-be45-4f17-83b2-a3446b94d0dd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:31.000Z",
"modified": "2018-12-04T11:12:31.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "9cf5eb0ba3d939001e41a98351a45be5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e6c370db-3b6e-4c18-bbf2-1d7bb2a10624"
},
{
"type": "float",
"object_relation": "entropy",
"value": "2.577418",
"category": "Other",
"uuid": "9940add1-16de-415a-a7ad-158744fda3e2"
},
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "85fd7bfa-8278-44dc-b2b3-559f1355ede4"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1536",
"category": "Other",
"uuid": "f78790b9-8dee-4a34-b293-5fbb2b0d8ede"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--240c0f80-fcda-4ba8-9035-777a892b73c8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:12:32.000Z",
"modified": "2018-12-04T11:12:32.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "8ef9498de2781e9f674c2727ab3546c6",
"category": "Payload delivery",
"to_ids": true,
"uuid": "90469d8a-fa11-418a-ba44-81f1fdaea539"
},
{
"type": "float",
"object_relation": "entropy",
"value": "0.081539",
"category": "Other",
"uuid": "2f4129dd-0f3e-49f5-a7f4-55d1a19934d0"
},
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "f9dff019-aaf7-4f00-bff6-b0dfec0e1b97"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "33d2bc49-b754-46cd-9f46-47510190f4b0"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--f5b7c94a-895e-45b4-ba50-8c0da09d17cc",
2023-04-21 14:44:17 +00:00
"created": "2018-12-04T11:12:35.000Z",
"modified": "2018-12-04T11:12:35.000Z",
"relationship_type": "contains",
"source_ref": "observed-data--419c5f16-27ed-4fea-8c5d-9a4cc8d2d2a8",
"target_ref": "observed-data--073fe05f-3c0b-41a9-9cdb-206bf91314cf"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--5d884256-d5b3-45c0-ba62-0e8e2baa06b5",
2023-04-21 14:44:17 +00:00
"created": "2018-12-04T11:12:35.000Z",
"modified": "2018-12-04T11:12:35.000Z",
"relationship_type": "contained-within",
"source_ref": "observed-data--073fe05f-3c0b-41a9-9cdb-206bf91314cf",
"target_ref": "observed-data--419c5f16-27ed-4fea-8c5d-9a4cc8d2d2a8"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--37badbcd-7dcf-4209-bdd6-4780070a9515",
2023-04-21 14:44:17 +00:00
"created": "2018-12-04T11:12:35.000Z",
"modified": "2018-12-04T11:12:35.000Z",
"relationship_type": "downloaded",
"source_ref": "observed-data--073fe05f-3c0b-41a9-9cdb-206bf91314cf",
"target_ref": "observed-data--ebb5a994-7d19-493f-96a1-93d61ceec288"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--874115a4-c3b2-46b9-a1b1-0f44f47ac5a3",
2023-04-21 14:44:17 +00:00
"created": "2018-12-04T11:12:36.000Z",
"modified": "2018-12-04T11:12:36.000Z",
"relationship_type": "created",
"source_ref": "observed-data--ebb5a994-7d19-493f-96a1-93d61ceec288",
"target_ref": "observed-data--01ac1fec-a06f-404f-aa99-f9b406aa02ee"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--f669582e-eaf1-455f-b5fe-cbfbbc259189",
2023-04-21 14:44:17 +00:00
"created": "2018-12-04T11:12:36.000Z",
"modified": "2018-12-04T11:12:36.000Z",
"relationship_type": "created",
"source_ref": "observed-data--ebb5a994-7d19-493f-96a1-93d61ceec288",
"target_ref": "observed-data--7d433e27-4113-4693-a172-7608e37aab06"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--df3768ec-28b5-4fa9-a3eb-75e5e7634aba",
2023-04-21 14:44:17 +00:00
"created": "2018-12-04T11:12:36.000Z",
"modified": "2018-12-04T11:12:36.000Z",
"relationship_type": "created",
"source_ref": "observed-data--ebb5a994-7d19-493f-96a1-93d61ceec288",
"target_ref": "observed-data--45842d35-5c7f-4e0c-9ef5-6eee797d6360"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--2256b096-ed14-4257-b096-cec53907d7c3",
2023-04-21 14:44:17 +00:00
"created": "2018-12-04T11:12:36.000Z",
"modified": "2018-12-04T11:12:36.000Z",
"relationship_type": "created",
"source_ref": "observed-data--ebb5a994-7d19-493f-96a1-93d61ceec288",
"target_ref": "observed-data--0b59335d-7ace-4391-b5af-c7b62357f7cf"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--ea72e816-8189-4acf-b06c-5c9e500c62e0",
2023-04-21 14:44:17 +00:00
"created": "2018-12-04T11:12:36.000Z",
"modified": "2018-12-04T11:12:36.000Z",
"relationship_type": "created",
"source_ref": "observed-data--ebb5a994-7d19-493f-96a1-93d61ceec288",
"target_ref": "observed-data--43216016-e16c-4036-aff5-cfad3a408f4e"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--32e33937-6fff-4b6c-8315-37cc6ca182f8",
2023-04-21 14:44:17 +00:00
"created": "2018-12-04T11:12:36.000Z",
"modified": "2018-12-04T11:12:36.000Z",
"relationship_type": "created",
"source_ref": "observed-data--ebb5a994-7d19-493f-96a1-93d61ceec288",
"target_ref": "observed-data--efcfaeb6-9680-4b3e-9044-90ac70803ad5"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--17375c59-9d91-4960-8098-ef849daa22ce",
2023-04-21 14:44:17 +00:00
"created": "2018-12-04T11:12:36.000Z",
"modified": "2018-12-04T11:12:36.000Z",
"relationship_type": "downloaded-by",
"source_ref": "observed-data--ebb5a994-7d19-493f-96a1-93d61ceec288",
"target_ref": "observed-data--073fe05f-3c0b-41a9-9cdb-206bf91314cf"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--cb21c04c-8c36-4dd2-9fd5-2b7b1add0dd9",
2023-04-21 14:44:17 +00:00
"created": "2018-12-04T11:12:36.000Z",
"modified": "2018-12-04T11:12:36.000Z",
"relationship_type": "contains",
"source_ref": "observed-data--ebb5a994-7d19-493f-96a1-93d61ceec288",
"target_ref": "observed-data--5e1d1941-44ba-4802-89bb-a4ae12a91c82"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--9b1e1874-a070-4d43-a42c-61f5953f964f",
2023-04-21 14:44:17 +00:00
"created": "2018-12-04T11:12:36.000Z",
"modified": "2018-12-04T11:12:36.000Z",
"relationship_type": "contains",
"source_ref": "observed-data--ebb5a994-7d19-493f-96a1-93d61ceec288",
"target_ref": "observed-data--cc591345-cc1f-4b60-ab71-cb45c398ba7d"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--8acbbdc4-989f-4139-9244-2b546c3d7bee",
2023-04-21 14:44:17 +00:00
"created": "2018-12-04T11:12:36.000Z",
"modified": "2018-12-04T11:12:36.000Z",
"relationship_type": "related-to",
"source_ref": "observed-data--ba87eeb3-df09-4d10-812e-1256c3f2c50d",
"target_ref": "observed-data--685afd26-9fcd-47ae-9bb8-837497b2de58"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--36d33604-8313-447a-b334-755bfd8d8bc6",
2023-04-21 14:44:17 +00:00
"created": "2018-12-04T11:12:36.000Z",
"modified": "2018-12-04T11:12:36.000Z",
"relationship_type": "related-to",
"source_ref": "observed-data--685afd26-9fcd-47ae-9bb8-837497b2de58",
"target_ref": "observed-data--ba87eeb3-df09-4d10-812e-1256c3f2c50d"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}