misp-circl-feed/feeds/circl/stix-2.1/5df8df26-fe0e-4858-94a7-6cf71d9519c9.json

{
    "type": "bundle",
    "id": "bundle--5df8df26-fe0e-4858-94a7-6cf71d9519c9",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-19T15:47:38.000Z",
            "modified": "2021-11-19T15:47:38.000Z",
            "name": "CIRCL",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--5df8df26-fe0e-4858-94a7-6cf71d9519c9",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-19T15:47:38.000Z",
            "modified": "2021-11-19T15:47:38.000Z",
            "name": "UEFI threats moving to the ESP: Introducing ESPecter bootkit",
            "published": "2021-11-19T15:49:17Z",
            "object_refs": [
                "x-misp-attribute--2a49a854-10b5-4365-91e9-3f4a585eaf42",
                "x-misp-attribute--e4f416a2-85e2-43fd-a0d0-f282188e291e",
                "x-misp-attribute--0e1708e4-f25e-4ebe-acc7-e77dc5a906dd",
                "indicator--a74af413-79fa-4909-9c0e-5da293a89d14",
                "indicator--ddf93926-3645-4e64-8e21-e3cadcb42dbe",
                "indicator--4822dadc-6680-4b7b-948b-5eb0eecf329c",
                "indicator--cd507edf-d207-4fc8-ab5a-981f43ba2a51",
                "indicator--8ce804d8-0129-47b2-aadb-e794772944d9",
                "indicator--6f4ef921-6bf4-4692-bbad-e48ce05eb228",
                "indicator--c2f4e331-a13d-49b0-a01a-bc053da56769",
                "indicator--043a8bb1-1a42-4737-b72c-26c5701aa7f8",
                "x-misp-attribute--c3972c5b-f600-426b-8a03-2b82bad6fedb",
                "x-misp-attribute--053dfa99-3d2f-4498-ab6a-544bdd2f06f1",
                "x-misp-attribute--604f4489-cfe4-48b6-a71e-4115cc6e1686",
                "x-misp-attribute--a41f57f0-b112-4bac-be5d-d079b1ef3654",
                "x-misp-attribute--a727a6a4-d692-46a6-a471-ca8438b99206",
                "x-misp-attribute--6bb145ae-a23b-4186-98e6-4af2afe63a85",
                "x-misp-attribute--36eab666-2303-41b4-86db-d2d4630b1c4b",
                "x-misp-attribute--5daed22d-ca0c-49d0-af03-d71fc869467b",
                "x-misp-attribute--e7adc49c-33af-4fc7-9111-d8a7a5479dce",
                "x-misp-attribute--53a6c33c-ba99-4e25-9741-bac2877adfe0",
                "x-misp-attribute--387b69b7-6336-4b2f-aaf2-61ca43c12dbf",
                "x-misp-attribute--f134b566-0efa-4e8d-a0c2-983ab1a10951",
                "x-misp-attribute--f9fc7f74-52ed-4b13-aa18-cb696b3f71b2",
                "x-misp-attribute--f07e6d67-1608-4ecf-841a-beebc4d55450",
                "x-misp-attribute--81db953f-ae79-4e07-95cf-86c9aa5f315b",
                "indicator--3de8d0d9-4538-4295-86c4-4a8c2115d031",
                "indicator--a1e4283a-d00f-4c04-b605-19b4df73fa29",
                "indicator--d3624e94-1ce5-439d-800d-b14cde62ca8c",
                "indicator--7ed3898f-469c-4503-9ced-31ef0edc4598",
                "indicator--bdfbf198-91a4-4e34-87fa-20ffbcb938cb",
                "indicator--44ecfdbb-15ad-4da5-ae60-ae9e86a8fcbd",
                "indicator--7c8585c7-f16d-4160-b518-f64330929a65",
                "indicator--6e6295bb-4caa-4c86-9c3b-7982df4b1579",
                "indicator--8434d591-d6d9-4043-a68b-b7f7aa7632cb",
                "indicator--3a91a09d-baab-4f83-b313-f17e83e6225b",
                "indicator--8f23b33c-1f63-4a59-88d5-f1913185f8c2",
                "indicator--5076da52-2497-4dcd-b7eb-6b13bd387df5",
                "indicator--313ae7bc-b8cb-4fc6-b646-8379f9fb0917",
                "indicator--0ac2f3e6-37a7-4ad6-ab4b-b6d20c19e775",
                "indicator--8cb316d8-7c13-4d62-ae36-65336aaa80fb",
                "indicator--d24fb77d-e776-4d2b-9480-4c430733a2d9",
                "indicator--3bae573d-d93e-468a-8406-47b55de6e76f",
                "indicator--436005da-d100-4543-9329-6939546bcd98",
                "indicator--59c35d4e-4420-4266-992f-1aa58906e157",
                "indicator--2f941274-cb1e-4499-8407-1af90a163231",
                "indicator--0e48addd-4a98-4045-9725-3d43918787c9",
                "indicator--28c3fa40-019d-4de0-b203-eb3b4921cf08",
                "indicator--bf9c1674-2f1d-4a0c-8fa6-7efa805f8dd6",
                "indicator--e2c5cac5-a603-44ad-a47a-e4e11795d57b",
                "indicator--a88b2df4-d1c2-4ad3-8f92-bca70dca1cc5",
                "indicator--83cd3826-3f69-48e2-b91d-c319ecd366be",
                "indicator--5d3cc885-69a8-44b6-942d-76a205b5b9bf",
                "indicator--c3680318-bdc8-4e35-9722-7401eac56247",
                "indicator--92800ef6-15f8-48b7-90ea-e8a819affda4",
                "indicator--4897f3a4-3ae7-45e3-82a3-b14314cbfc29",
                "indicator--2fe0f668-8003-49d9-98e8-d5123f12a56d",
                "x-misp-object--00757583-07b5-44cf-aaf0-7e71aebf60ff",
                "x-misp-object--704e5969-5b1d-4325-b7fc-4a6d923bbda5",
                "indicator--a9021b55-afc0-437c-b972-3079eab113d1",
                "x-misp-object--7ef11d83-1085-4d24-910e-5f66372ed7ef",
                "indicator--31bcc06e-f214-4193-bd07-83a32e27ad7d",
                "x-misp-object--aad7d8b5-905e-4cf6-9e67-6182ce4de562",
                "indicator--e69670e4-f98d-4be6-953c-933b681d802b",
                "x-misp-object--3e418ab5-d67d-46cd-b630-f40b287784b7",
                "indicator--0ce970ae-28ab-457c-a377-d083e527e699",
                "x-misp-object--9c96483f-0733-4016-80cf-7e5a090da564",
                "indicator--b9b484e5-731d-432a-b5eb-6013142e1fb7",
                "x-misp-object--6587653a-065f-49f1-958a-83869a219db6",
                "relationship--9e84b8af-e4d9-44b1-b662-a94a7f853803",
                "relationship--465a4345-6a7c-42cf-b45e-3507ea43a3d6",
                "relationship--a473aaa3-4a7f-4950-8ab3-1708da2993ff",
                "relationship--588b4ca8-9dc3-4972-af04-e5b1ae50ed64",
                "relationship--379e651e-4320-4ca7-ab30-e47df064e903"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "type:OSINT",
                "osint:lifetime=\"perpetual\"",
                "osint:certainty=\"50\"",
                "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"",
                "misp-galaxy:mitre-attack-pattern=\"Pre-OS Boot - T1542\"",
                "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"",
                "misp-galaxy:mitre-attack-pattern=\"Dynamic-link Library Injection - T1055.001\"",
                "misp-galaxy:mitre-attack-pattern=\"Hidden Files and Directories - T1564.001\"",
                "misp-galaxy:mitre-attack-pattern=\"Hidden File System - T1564.005\"",
                "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"",
                "misp-galaxy:mitre-attack-pattern=\"Impair Defenses - T1562\"",
                "misp-galaxy:mitre-attack-pattern=\"Rename System Utilities - T1036.003\"",
                "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"",
                "misp-galaxy:mitre-attack-pattern=\"Patch System Image - T1601.001\"",
                "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1406\"",
                "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"",
                "misp-galaxy:mitre-attack-pattern=\"Bootkit - T1542.003\"",
                "misp-galaxy:mitre-attack-pattern=\"Code Signing Policy Modification - T1553.006\"",
                "misp-galaxy:mitre-attack-pattern=\"Time Based Evasion - T1497.003\"",
                "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"",
                "misp-galaxy:mitre-attack-pattern=\"Application Window Discovery - T1010\"",
                "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"",
                "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1420\"",
                "misp-galaxy:mitre-attack-pattern=\"Peripheral Device Discovery - T1120\"",
                "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1424\"",
                "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"",
                "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1426\"",
                "misp-galaxy:mitre-attack-pattern=\"System Time Discovery - T1124\"",
                "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"",
                "misp-galaxy:mitre-attack-pattern=\"Data from Removable Media - T1025\"",
                "misp-galaxy:mitre-attack-pattern=\"Local Data Staging - T1074.001\"",
                "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1417\"",
                "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"",
                "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1513\"",
                "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"",
                "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"",
                "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"",
                "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"",
                "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"",
                "misp-galaxy:mitre-attack-pattern=\"Multi-Stage Channels - T1104\"",
                "misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"",
                "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"",
                "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"",
                "misp-galaxy:mitre-attack-pattern=\"Scheduled Transfer - T1029\"",
                "misp-galaxy:tool=\"ESPecter bootkit\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--2a49a854-10b5-4365-91e9-3f4a585eaf42",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-11T14:08:22.000Z",
            "modified": "2021-11-11T14:08:22.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Artifacts dropped\""
            ],
            "x_misp_category": "Artifacts dropped",
            "x_misp_type": "text",
            "x_misp_value": "EFI/Rootkit.ESPecter"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--e4f416a2-85e2-43fd-a0d0-f282188e291e",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-11T14:08:22.000Z",
            "modified": "2021-11-11T14:08:22.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Artifacts dropped\""
            ],
            "x_misp_category": "Artifacts dropped",
            "x_misp_type": "text",
            "x_misp_value": "Win32/Rootkit.ESPecter"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--0e1708e4-f25e-4ebe-acc7-e77dc5a906dd",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-11T14:08:22.000Z",
            "modified": "2021-11-11T14:08:22.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Artifacts dropped\""
            ],
            "x_misp_category": "Artifacts dropped",
            "x_misp_type": "text",
            "x_misp_value": "Win64/Rootkit.ESPecter"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--a74af413-79fa-4909-9c0e-5da293a89d14",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-11T14:46:40.000Z",
            "modified": "2021-11-11T14:46:40.000Z",
            "description": "C&C from configurations",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '196.1.2.111']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-11T14:46:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--ddf93926-3645-4e64-8e21-e3cadcb42dbe",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-11T14:46:40.000Z",
            "modified": "2021-11-11T14:46:40.000Z",
            "description": "C&C from configurations",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.212.69.175']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-11T14:46:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--4822dadc-6680-4b7b-948b-5eb0eecf329c",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-11T14:46:40.000Z",
            "modified": "2021-11-11T14:46:40.000Z",
            "description": "C&C from configurations",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '183.90.187.65']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-11T14:46:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--cd507edf-d207-4fc8-ab5a-981f43ba2a51",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-11T14:46:40.000Z",
            "modified": "2021-11-11T14:46:40.000Z",
            "description": "C&C from configurations",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.178.79.69']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-11T14:46:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--8ce804d8-0129-47b2-aadb-e794772944d9",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-11T14:46:40.000Z",
            "modified": "2021-11-11T14:46:40.000Z",
            "description": "C&C from configurations",
            "pattern": "[domain-name:value = 'swj02.gicp.net']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-11T14:46:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--6f4ef921-6bf4-4692-bbad-e48ce05eb228",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-11T14:46:40.000Z",
            "modified": "2021-11-11T14:46:40.000Z",
            "description": "C&C from configurations",
            "pattern": "[domain-name:value = 'server.microsoftassistant.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-11T14:46:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--c2f4e331-a13d-49b0-a01a-bc053da56769",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-11T14:46:40.000Z",
            "modified": "2021-11-11T14:46:40.000Z",
            "description": "C&C from configurations",
            "pattern": "[domain-name:value = 'yspark.justdied.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-11T14:46:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"hostname\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--043a8bb1-1a42-4737-b72c-26c5701aa7f8",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-11T14:46:40.000Z",
            "modified": "2021-11-11T14:46:40.000Z",
            "description": "C&C from configurations",
            "pattern": "[domain-name:value = 'crystalnba.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-11T14:46:40Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--c3972c5b-f600-426b-8a03-2b82bad6fedb",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T08:51:37.000Z",
            "modified": "2021-11-12T08:51:37.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Configuration file path",
            "x_misp_type": "text",
            "x_misp_value": "%windir%\\Temp\\syslog"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--053dfa99-3d2f-4498-ab6a-544bdd2f06f1",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T09:46:13.000Z",
            "modified": "2021-11-12T09:46:13.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Base directory for the collected data (%BaseDir%)",
            "x_misp_type": "text",
            "x_misp_value": "%sysdir%\\Media\\NPCSJDLFSD"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--604f4489-cfe4-48b6-a71e-4115cc6e1686",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T09:46:13.000Z",
            "modified": "2021-11-12T09:46:13.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Base directory for the collected data (%BaseDir%)",
            "x_misp_type": "text",
            "x_misp_value": "%windir%\\Temp\\NPCSJDLFSD"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--a41f57f0-b112-4bac-be5d-d079b1ef3654",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:18:01.000Z",
            "modified": "2021-11-12T10:18:01.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Screenshots directory",
            "x_misp_type": "text",
            "x_misp_value": "%BaseDir%\\SSQWCVBER"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--a727a6a4-d692-46a6-a471-ca8438b99206",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:18:36.000Z",
            "modified": "2021-11-12T10:18:36.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Stolen documents directory",
            "x_misp_type": "text",
            "x_misp_value": "%BaseDir%\\UTXZCZXQ"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--6bb145ae-a23b-4186-98e6-4af2afe63a85",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:19:05.000Z",
            "modified": "2021-11-12T10:19:05.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Intercepted keyboard logs directory",
            "x_misp_type": "text",
            "x_misp_value": "%BaseDir%\\KLACVSWER"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--36eab666-2303-41b4-86db-d2d4630b1c4b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:19:35.000Z",
            "modified": "2021-11-12T10:19:35.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Encrypted user-mode payloads files",
            "x_misp_type": "text",
            "x_misp_value": "%windir%\\Temp\\dd_vcredist"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--5daed22d-ca0c-49d0-af03-d71fc869467b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:19:35.000Z",
            "modified": "2021-11-12T10:19:35.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Encrypted user-mode payloads files",
            "x_misp_type": "text",
            "x_misp_value": "%windir%\\Temp\\memlog"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--e7adc49c-33af-4fc7-9111-d8a7a5479dce",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:19:35.000Z",
            "modified": "2021-11-12T10:19:35.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Encrypted user-mode payloads files",
            "x_misp_type": "text",
            "x_misp_value": "%windir%\\Temp\\vmmmlog"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--53a6c33c-ba99-4e25-9741-bac2877adfe0",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:19:35.000Z",
            "modified": "2021-11-12T10:19:35.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Encrypted user-mode payloads files",
            "x_misp_type": "text",
            "x_misp_value": "%windir%\\Temp\\vmmmmlog"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--387b69b7-6336-4b2f-aaf2-61ca43c12dbf",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:19:59.000Z",
            "modified": "2021-11-12T10:19:59.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Decrypted user-mode payloads files",
            "x_misp_type": "text",
            "x_misp_value": "%windir%\\Temp\\vmmmlog.exe"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--f134b566-0efa-4e8d-a0c2-983ab1a10951",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:19:59.000Z",
            "modified": "2021-11-12T10:19:59.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Decrypted user-mode payloads files",
            "x_misp_type": "text",
            "x_misp_value": "%windir%\\Temp\\vmmmmlog.exe"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--f9fc7f74-52ed-4b13-aa18-cb696b3f71b2",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:19:59.000Z",
            "modified": "2021-11-12T10:19:59.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Decrypted user-mode payloads files",
            "x_misp_type": "text",
            "x_misp_value": "\\SystemRoot\\System32\\Client.dll"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--f07e6d67-1608-4ecf-841a-beebc4d55450",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:19:59.000Z",
            "modified": "2021-11-12T10:19:59.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Decrypted user-mode payloads files",
            "x_misp_type": "text",
            "x_misp_value": "\\SystemRoot\\System32\\WinSys.dll"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--81db953f-ae79-4e07-95cf-86c9aa5f315b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:20:24.000Z",
            "modified": "2021-11-12T10:20:24.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"Other\""
            ],
            "x_misp_category": "Other",
            "x_misp_comment": "Backed up clean null.sys or beep.sys driver path",
            "x_misp_type": "text",
            "x_misp_value": "%windir%\\\\Help\\\\intel.chm"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--3de8d0d9-4538-4295-86c4-4a8c2115d031",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:24:19.000Z",
            "modified": "2021-11-12T10:24:19.000Z",
            "pattern": "[file:hashes.SHA1 = '6b2ad6114029d60f7c40f306271669b3a69ea270' AND file:name = 'WinSys.dll']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T10:24:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--a1e4283a-d00f-4c04-b605-19b4df73fa29",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:24:01.000Z",
            "modified": "2021-11-12T10:24:01.000Z",
            "pattern": "[file:hashes.SHA1 = '0a97efa15a62e90d71f643b693b3dd3cf2657b9f' AND file:name = 'WinSys.dll']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T10:24:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d3624e94-1ce5-439d-800d-b14cde62ca8c",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:22:26.000Z",
            "modified": "2021-11-12T10:22:26.000Z",
            "pattern": "[file:hashes.SHA1 = '7f501aeb51ce3232a979ccf0e11278346f746d1f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T10:22:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--7ed3898f-469c-4503-9ced-31ef0edc4598",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:23:44.000Z",
            "modified": "2021-11-12T10:23:44.000Z",
            "pattern": "[file:hashes.SHA1 = '81e6d19865647dc160861e2154d6903fc78c7dfb' AND file:name = 'WinSys.dll']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T10:23:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--bdfbf198-91a4-4e34-87fa-20ffbcb938cb",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:22:48.000Z",
            "modified": "2021-11-12T10:22:48.000Z",
            "pattern": "[file:hashes.SHA1 = 'cae4b2c049542fd28667ca6e9afa440b3f0138f9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T10:22:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--44ecfdbb-15ad-4da5-ae60-ae9e86a8fcbd",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:24:37.000Z",
            "modified": "2021-11-12T10:24:37.000Z",
            "pattern": "[file:hashes.SHA1 = '09f0f17aeccdef5cb1112bc9bef0fe4f828d6d3b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T10:24:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--7c8585c7-f16d-4160-b518-f64330929a65",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:24:53.000Z",
            "modified": "2021-11-12T10:24:53.000Z",
            "pattern": "[file:hashes.SHA1 = '99dc33bedf4cb9bdbdf04cc60e1da55cfbeadc09']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T10:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--6e6295bb-4caa-4c86-9c3b-7982df4b1579",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:25:14.000Z",
            "modified": "2021-11-12T10:25:14.000Z",
            "pattern": "[file:hashes.SHA1 = 'c06eeb1600cf4e8aac91730e00dd7c169738afde']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T10:25:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--8434d591-d6d9-4043-a68b-b7f7aa7632cb",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:25:25.000Z",
            "modified": "2021-11-12T10:25:25.000Z",
            "pattern": "[file:hashes.SHA1 = 'dcd42b04705b784ad62bb36e17305b6e6414f033']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T10:25:25Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--3a91a09d-baab-4f83-b313-f17e83e6225b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:25:39.000Z",
            "modified": "2021-11-12T10:25:39.000Z",
            "pattern": "[file:hashes.SHA1 = '374d1a399ef44472ee088563d621df28221cbcce']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T10:25:39Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--8f23b33c-1f63-4a59-88d5-f1913185f8c2",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:25:57.000Z",
            "modified": "2021-11-12T10:25:57.000Z",
            "pattern": "[file:hashes.SHA1 = '8ab33e432c8bee54ae759dfb5346d21387f26902']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T10:25:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5076da52-2497-4dcd-b7eb-6b13bd387df5",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:26:14.000Z",
            "modified": "2021-11-12T10:26:14.000Z",
            "pattern": "[file:hashes.SHA1 = '656c263fa004bb3e6f3ee6ef6767d101869c7f7c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T10:26:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--313ae7bc-b8cb-4fc6-b646-8379f9fb0917",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T10:26:35.000Z",
            "modified": "2021-11-12T10:26:35.000Z",
            "pattern": "[file:hashes.SHA1 = '1d75bfb18ffc0b820cb36acf8707343fa6679863']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T10:26:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--0ac2f3e6-37a7-4ad6-ab4b-b6d20c19e775",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:09:42.000Z",
            "modified": "2021-11-12T12:09:42.000Z",
            "pattern": "[file:hashes.SHA1 = '865f5b87b5f6fb75f3ec68ca05a21cc36446812f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:09:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--8cb316d8-7c13-4d62-ae36-65336aaa80fb",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:10:00.000Z",
            "modified": "2021-11-12T12:10:00.000Z",
            "pattern": "[file:hashes.SHA1 = '9f6df0a011748160b0c18fb2b44ebe9fa9d517e9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:10:00Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--d24fb77d-e776-4d2b-9480-4c430733a2d9",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:10:28.000Z",
            "modified": "2021-11-12T12:10:28.000Z",
            "pattern": "[file:hashes.SHA1 = '2c22ae243fdc08b84b38d9580900a9a9e3823acf']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:10:28Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--3bae573d-d93e-468a-8406-47b55de6e76f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:10:42.000Z",
            "modified": "2021-11-12T12:10:42.000Z",
            "pattern": "[file:hashes.SHA1 = 'abc03a234233c63330c744fda784385273af395b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:10:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--436005da-d100-4543-9329-6939546bcd98",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:12:44.000Z",
            "modified": "2021-11-12T12:12:44.000Z",
            "pattern": "[file:hashes.SHA1 = '7ad4442d3c02fa145bef9bf18c9464c3e4449224']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:12:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--59c35d4e-4420-4266-992f-1aa58906e157",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:12:58.000Z",
            "modified": "2021-11-12T12:12:58.000Z",
            "pattern": "[file:hashes.SHA1 = 'a8b4fe8a421c86eae060bb8bf525ef1e1fc133b2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:12:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--2f941274-cb1e-4499-8407-1af90a163231",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:13:23.000Z",
            "modified": "2021-11-12T12:13:23.000Z",
            "pattern": "[file:hashes.SHA1 = '08077d940f2b385fbd287d84edb58493136c8391']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:13:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--0e48addd-4a98-4045-9725-3d43918787c9",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:15:37.000Z",
            "modified": "2021-11-12T12:15:37.000Z",
            "pattern": "[file:hashes.SHA1 = '27ad0a8a88eab01e2b48ba19d2aaabf360ece5b8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:15:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--28c3fa40-019d-4de0-b203-eb3b4921cf08",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:16:48.000Z",
            "modified": "2021-11-12T12:16:48.000Z",
            "pattern": "[file:hashes.SHA1 = '3ac6f9458a4a1a16390379621fdd230c656fc444']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:16:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--bf9c1674-2f1d-4a0c-8fa6-7efa805f8dd6",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:17:32.000Z",
            "modified": "2021-11-12T12:17:32.000Z",
            "pattern": "[file:hashes.SHA1 = '37e49dbceb1354d508319548a7efbd149bfa0e8d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:17:32Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--e2c5cac5-a603-44ad-a47a-e4e11795d57b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:17:50.000Z",
            "modified": "2021-11-12T12:17:50.000Z",
            "pattern": "[file:hashes.SHA1 = 'ca19347287fce93f2c675efdf88c8b0db4910929']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:17:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--a88b2df4-d1c2-4ad3-8f92-bca70dca1cc5",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:23:33.000Z",
            "modified": "2021-11-12T12:23:33.000Z",
            "pattern": "[file:hashes.SHA1 = 'c8c2c127ec6af87d96b058ff023b534f1237215c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:23:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--83cd3826-3f69-48e2-b91d-c319ecd366be",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:36:30.000Z",
            "modified": "2021-11-12T12:36:30.000Z",
            "pattern": "[file:hashes.SHA1 = 'c7fe86e5981b39927275873c3a386cb1d8c93a6b' AND file:name = 'WinSys.dll']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:36:30Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5d3cc885-69a8-44b6-942d-76a205b5b9bf",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:39:33.000Z",
            "modified": "2021-11-12T12:39:33.000Z",
            "pattern": "[file:hashes.SHA1 = '180b0e6a4a3334aaa4249b3d631695a31eb45d7a' AND file:name = 'WinSys.dll']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:39:33Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--c3680318-bdc8-4e35-9722-7401eac56247",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:40:03.000Z",
            "modified": "2021-11-12T12:40:03.000Z",
            "pattern": "[file:hashes.SHA1 = '030b97860ed5a3089c5e8efb8edd7cc359134124' AND file:name = 'WinSys.dll']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:40:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--92800ef6-15f8-48b7-90ea-e8a819affda4",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T13:07:58.000Z",
            "modified": "2021-11-12T13:07:58.000Z",
            "pattern": "[file:hashes.SHA1 = '26f7757602000bcc3c18a887dbc7416ae43bf61a' AND file:name = 'WinSys.dll']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T13:07:58Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--4897f3a4-3ae7-45e3-82a3-b14314cbfc29",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T13:07:08.000Z",
            "modified": "2021-11-12T13:07:08.000Z",
            "pattern": "[file:hashes.SHA1 = 'abb410a4f863b101c218990664981914d14f1e58' AND file:name = 'WinSys.dll']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T13:07:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--2fe0f668-8003-49d9-98e8-d5123f12a56d",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T12:36:04.000Z",
            "modified": "2021-11-12T12:36:04.000Z",
            "pattern": "[file:hashes.SHA1 = '0a8a388911a7a368fc1cf111fb26ba92a19fed3e' AND file:name = 'WinSys.dll']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-12T12:36:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--00757583-07b5-44cf-aaf0-7e71aebf60ff",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-12T13:20:18.000Z",
            "modified": "2021-11-12T13:20:18.000Z",
            "labels": [
                "misp:name=\"report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "link",
                    "object_relation": "link",
                    "value": "https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit/",
                    "category": "External analysis",
                    "uuid": "0421b6c2-5056-4448-9950-199a346cada2"
                },
                {
                    "type": "text",
                    "object_relation": "summary",
                    "value": "ESET researchers have analyzed a previously undocumented, real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which we\u2019ve named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which facilitates its espionage activities. Alongside Kaspersky\u2019s recent discovery of the unrelated FinSpy bootkit, it is now safe to say that real-world UEFI threats are no longer limited to SPI flash implants, as used by Lojax.",
                    "category": "Other",
                    "uuid": "6eb32b17-8975-4ca9-994f-21f4e10f2203"
                },
                {
                    "type": "text",
                    "object_relation": "type",
                    "value": "Online Article",
                    "category": "Other",
                    "uuid": "66228cc7-a06e-41fe-bc32-f278038eb512"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "report"
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--704e5969-5b1d-4325-b7fc-4a6d923bbda5",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-19T08:11:44.000Z",
            "modified": "2021-11-19T08:11:44.000Z",
            "labels": [
                "misp:name=\"report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "link",
                    "object_relation": "link",
                    "value": "https://github.com/eset/malware-ioc/tree/master/especter",
                    "category": "External analysis",
                    "uuid": "d1c1cf4e-6d05-4e71-8e8f-fa03cf3a7ae8"
                },
                {
                    "type": "text",
                    "object_relation": "type",
                    "value": "Report",
                    "category": "Other",
                    "uuid": "b86f621a-6a55-4335-85b1-3d118630e883"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--a9021b55-afc0-437c-b972-3079eab113d1",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-19T15:31:04.000Z",
            "modified": "2021-11-19T15:31:04.000Z",
            "pattern": "[file:hashes.MD5 = '6d1a47574ef7598017c13d64769cccfb' AND file:hashes.SHA1 = '1d75bfb18ffc0b820cb36acf8707343fa6679863' AND file:hashes.SHA256 = 'd61417d72a054d45ee33e395079e9d674f891a42ed0ec5357b5a8d91c69858a6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-19T15:31:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--7ef11d83-1085-4d24-910e-5f66372ed7ef",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-19T15:31:04.000Z",
            "modified": "2021-11-19T15:31:04.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2021-10-23T06:24:22+00:00",
                    "category": "Other",
                    "comment": "Legacy BIOS version installers",
                    "uuid": "05c8364f-3b9f-43a2-bbfa-bc5ec545ceda"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/gui/file/d61417d72a054d45ee33e395079e9d674f891a42ed0ec5357b5a8d91c69858a6/detection/f-d61417d72a054d45ee33e395079e9d674f891a42ed0ec5357b5a8d91c69858a6-1634970262",
                    "category": "Payload delivery",
                    "comment": "Legacy BIOS version installers",
                    "uuid": "517a0bfc-2991-4230-8f32-53ae840b286d"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "51/68",
                    "category": "Payload delivery",
                    "comment": "Legacy BIOS version installers",
                    "uuid": "381a6904-7917-4045-abb1-d935df6f7bde"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--31bcc06e-f214-4193-bd07-83a32e27ad7d",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-19T15:31:04.000Z",
            "modified": "2021-11-19T15:31:04.000Z",
            "pattern": "[file:hashes.MD5 = '3846c93e3f937b2ba156d28943be1bc9' AND file:hashes.SHA1 = '2c22ae243fdc08b84b38d9580900a9a9e3823acf' AND file:hashes.SHA256 = '021ec918c30a65a9f93919cedf57e8c935df3e773e03b74704d14fabcab89c5b']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-19T15:31:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--aad7d8b5-905e-4cf6-9e67-6182ce4de562",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-19T15:31:04.000Z",
            "modified": "2021-11-19T15:31:04.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2021-10-27T13:27:29+00:00",
                    "category": "Other",
                    "comment": "Legacy BIOS version installers",
                    "uuid": "30970fd5-8c1f-400d-a782-c6fd7f440cf8"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/gui/file/021ec918c30a65a9f93919cedf57e8c935df3e773e03b74704d14fabcab89c5b/detection/f-021ec918c30a65a9f93919cedf57e8c935df3e773e03b74704d14fabcab89c5b-1635341249",
                    "category": "Payload delivery",
                    "comment": "Legacy BIOS version installers",
                    "uuid": "dea2c8bd-664a-4cfb-91dc-925ed568a53e"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "57/68",
                    "category": "Payload delivery",
                    "comment": "Legacy BIOS version installers",
                    "uuid": "fc178cf5-6ef6-4bf9-9647-bf9ad621c001"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--e69670e4-f98d-4be6-953c-933b681d802b",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-19T15:31:04.000Z",
            "modified": "2021-11-19T15:31:04.000Z",
            "pattern": "[file:hashes.MD5 = '73ba4d13914f30dd8b36bc2fd561c0df' AND file:hashes.SHA1 = 'c7fe86e5981b39927275873c3a386cb1d8c93a6b' AND file:hashes.SHA256 = 'e2bb96b57fa337e3ee2f7d26b1710a80e89449c41c77ff58073cd386dbf83b63']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-19T15:31:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--3e418ab5-d67d-46cd-b630-f40b287784b7",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-19T15:31:04.000Z",
            "modified": "2021-11-19T15:31:04.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2021-10-23T05:15:58+00:00",
                    "category": "Other",
                    "uuid": "42d04113-0f63-403b-a40e-bae622212d24"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/gui/file/e2bb96b57fa337e3ee2f7d26b1710a80e89449c41c77ff58073cd386dbf83b63/detection/f-e2bb96b57fa337e3ee2f7d26b1710a80e89449c41c77ff58073cd386dbf83b63-1634966158",
                    "category": "Payload delivery",
                    "uuid": "96171dfc-6935-4a36-ac21-57f3bab010e4"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "50/65",
                    "category": "Payload delivery",
                    "uuid": "3adb1480-8bc7-40cc-a306-c0a1f6ffd0ea"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--0ce970ae-28ab-457c-a377-d083e527e699",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-19T15:31:04.000Z",
            "modified": "2021-11-19T15:31:04.000Z",
            "pattern": "[file:hashes.MD5 = '2025cc89204d851a57c02a9fd441b619' AND file:hashes.SHA1 = '7f501aeb51ce3232a979ccf0e11278346f746d1f' AND file:hashes.SHA256 = '5ef62c780d7c9f82dea098972f66d5b3367841913444933cdb779adaecd06d1a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-19T15:31:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--9c96483f-0733-4016-80cf-7e5a090da564",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-19T15:31:04.000Z",
            "modified": "2021-11-19T15:31:04.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2021-10-27T13:33:01+00:00",
                    "category": "Other",
                    "comment": "Legacy BIOS version installers",
                    "uuid": "32a4ae15-59c8-4768-b6fc-8beb9fbf0ce0"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/gui/file/5ef62c780d7c9f82dea098972f66d5b3367841913444933cdb779adaecd06d1a/detection/f-5ef62c780d7c9f82dea098972f66d5b3367841913444933cdb779adaecd06d1a-1635341581",
                    "category": "Payload delivery",
                    "comment": "Legacy BIOS version installers",
                    "uuid": "f4b1d9c6-bb59-4700-8263-7855d059bdeb"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "56/67",
                    "category": "Payload delivery",
                    "comment": "Legacy BIOS version installers",
                    "uuid": "1d400c2b-d36d-4506-b05c-897f203ca794"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--b9b484e5-731d-432a-b5eb-6013142e1fb7",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-19T15:31:04.000Z",
            "modified": "2021-11-19T15:31:04.000Z",
            "pattern": "[file:hashes.MD5 = '64e1aa6f5dca669ba51678157058d54b' AND file:hashes.SHA1 = '9f6df0a011748160b0c18fb2b44ebe9fa9d517e9' AND file:hashes.SHA256 = '6b0cd074a6c556f4d1fe0088c15160eb13f847974c4307f9eeeea4dc33d49286']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2021-11-19T15:31:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--6587653a-065f-49f1-958a-83869a219db6",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2021-11-19T15:31:04.000Z",
            "modified": "2021-11-19T15:31:04.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2021-10-23T05:36:39+00:00",
                    "category": "Other",
                    "comment": "Legacy BIOS version installers",
                    "uuid": "f97edadd-688f-4cfb-8fb2-b69a83e217f1"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/gui/file/6b0cd074a6c556f4d1fe0088c15160eb13f847974c4307f9eeeea4dc33d49286/detection/f-6b0cd074a6c556f4d1fe0088c15160eb13f847974c4307f9eeeea4dc33d49286-1634967399",
                    "category": "Payload delivery",
                    "comment": "Legacy BIOS version installers",
                    "uuid": "3e1531f7-83ed-4473-b620-1096d22a40a6"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "52/68",
                    "category": "Payload delivery",
                    "comment": "Legacy BIOS version installers",
                    "uuid": "b5145342-6351-4be6-ac1b-b467ff01969d"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--9e84b8af-e4d9-44b1-b662-a94a7f853803",
            "created": "2021-11-19T15:31:04.000Z",
            "modified": "2021-11-19T15:31:04.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--a9021b55-afc0-437c-b972-3079eab113d1",
            "target_ref": "x-misp-object--7ef11d83-1085-4d24-910e-5f66372ed7ef"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--465a4345-6a7c-42cf-b45e-3507ea43a3d6",
            "created": "2021-11-19T15:31:04.000Z",
            "modified": "2021-11-19T15:31:04.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--31bcc06e-f214-4193-bd07-83a32e27ad7d",
            "target_ref": "x-misp-object--aad7d8b5-905e-4cf6-9e67-6182ce4de562"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--a473aaa3-4a7f-4950-8ab3-1708da2993ff",
            "created": "2021-11-19T15:31:04.000Z",
            "modified": "2021-11-19T15:31:04.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--e69670e4-f98d-4be6-953c-933b681d802b",
            "target_ref": "x-misp-object--3e418ab5-d67d-46cd-b630-f40b287784b7"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--588b4ca8-9dc3-4972-af04-e5b1ae50ed64",
            "created": "2021-11-19T15:31:05.000Z",
            "modified": "2021-11-19T15:31:05.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--0ce970ae-28ab-457c-a377-d083e527e699",
            "target_ref": "x-misp-object--9c96483f-0733-4016-80cf-7e5a090da564"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--379e651e-4320-4ca7-ab30-e47df064e903",
            "created": "2021-11-19T15:31:05.000Z",
            "modified": "2021-11-19T15:31:05.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--b9b484e5-731d-432a-b5eb-6013142e1fb7",
            "target_ref": "x-misp-object--6587653a-065f-49f1-958a-83869a219db6"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}