adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/abc51826-68fd-4cef-9a06-86ec17e66ef1.json

470 lines
400 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--abc51826-68fd-4cef-9a06-86ec17e66ef1",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-14T11:02:03.000Z",
"modified": "2023-03-14T11:02:03.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--abc51826-68fd-4cef-9a06-86ec17e66ef1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-14T11:02:03.000Z",
"modified": "2023-03-14T11:02:03.000Z",
"name": "Pandora analysis (Ilnas-04570323.exe) - malicious files included in an email",
"published": "2023-03-14T11:02:29Z",
"object_refs": [
"indicator--c634774e-6f37-417a-806f-f6b393ac087a",
"x-misp-object--8444a337-9328-4edb-9b70-774272b5baf9",
"indicator--70beb14a-f0ac-406d-9dbf-0d9302a5ffe2",
"x-misp-object--67b8d93b-d243-4f88-8efb-728093442afb",
"x-misp-object--9c0bf704-01c8-4446-9bba-1304997a3a31",
"x-misp-object--07743820-a48b-4770-b916-2964442e527e",
"x-misp-object--9bb6e5bb-6eaa-4d7a-9bc7-f645b7cc062e",
"x-misp-object--701f0ec3-123a-4ea1-955c-ab1f01dc2073"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"tlp:clear",
"type:OSINT",
"osint:lifetime=\"perpetual\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c634774e-6f37-417a-806f-f6b393ac087a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-14T10:56:36.000Z",
"modified": "2023-03-14T10:56:36.000Z",
"pattern": "[file:hashes.MD5 = 'e3ed2bf3af00fb89488cba4eb04e3ba0' AND file:hashes.SHA1 = '98689960e2ac62f3ba796c1464a191d49da27ee6' AND file:hashes.SHA256 = 'ac3f949cb6e892238fa6902caacaa5ca64e4181c563af1e3650c9decfa64817a' AND file:hashes.SHA512 = 'c6f9cd18c96cb9369063b6be4da1af3e31800b09de1d781cb6e2aa90874415d903fb7ceb1399531bbba0408aa47ca2f6dac318000d3a6bd6afd679ac36fbe156' AND file:hashes.SSDEEP = '6144:PYa6lNB1e2Ysp0mczE7RWcibwl0Csb+7AjXx+I7jQUOVPBqoHnyrJsqKoAeT8h:PYXNXeypp1cAAjBngU+UAyrlT8h' AND file:name = 'Ilnas-04570323.exe' AND file:size = '304370' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIABJXblYKO9Enp20EAPKkBAAgABwAZTNlZDJiZjNhZjAwZmI4OTQ4OGNiYTRlYjA0ZTNiYTBVVAkAA+RSEGTkUhBkdXgLAAEEIQAAAAQhAAAAxDsdpr/eK0ZaF2COEvAdoSx9ZZTcsPZjuPIWtIZd/8z/qi76vQEIPAS5SXhXgj9D+7WKPraZSBcMj8dY1nHXMSN82leTBDlPtBN40K61aYFYCHrwNLn5f5gI9WQuHNzUBzVjE/3DS7k5Uy3bYfh/0+lCznV1LK5Rudt0nAbYtc3ykrG6n+5eZAmQEv2SHbzUTUmiXGL+a6OWCyi/dHaj7qkyRpLqsW/pwHI7Jq09oIEiSOXPryS2+dN4Ib6uiMFErElXav1aZdIJ1axbrUs2FKNKXXvMnwVc5PtqV5mXzX/IYzl6Pacfuy+EHS6Iie+UMqQOg+j1Jxk99giA18AeqBiuJ2yY7xPqkCr6HWVuQHqZD0n7kI5He0kgdJPMFrPJgkZhz7zsgWTE0GrTFLHOYGIttziwPhCQeKmZSgVoJovNPUkiG+ns5ZSM7+vIDbajooh84zy0GG1IVcXv3zcYhQ7vrRGPjHHSUODk+zx2pljLx++kEDESGI1YboSbl74CLotTQZI36KD9ShRyGQoNmLSHRr+Wlj9OmMO0UaG418xynk3Wq3mkf/5CKCmka3q2Wzb++U47I7rKtRGMV8na8S78Mk0avsxd9UwXwb8Ob1cJDIfGe1c19j5YwS+y4bmE624q6TBXIptzc9MoA04yGjRn6CfTW8MUuxiMj5NxpCW+VgeW0X3iliRUrTvJzXXPsC1kU/dMg1iQqBJ0IeRPvO/gEAMduvgh1Tul0V8T3RinZFlK3KA9LNTvWhLLFi1IdRWsd4ddD+IC47f3ZGdgG6D1FQO/247IVgbt3R7+0yFO7G0cCrEvKm2+LwB/STKio2asit62vdBhwYPUh8wahMLZ9e/65kWiWk4IyfKxffajJz7lukRK9YN/lVYlZOrzKpC0Vzx8Cpy9qodfhb6MW8BJAtTMSTHmFyu1+E3VOX+y4kD14oQd/XSHE2QnbbMK8OLXOqApTLHqt36HGy52d6kbUSjGJA/68kzYJlmVPX8tjOk9nBaM8Yh7bqSLQwDSE6rIdk1pPBoCfeLO7IbIRtyCJl+bgX8M+kcIKSZGYUR1nLbfygoi1BIaVDWNw0Zer02meF4PqXpuDsu/QGMJFzoDlKRFdgM9UgokJR8Lf7xKw5a9Ge15hnzwIrWkHio+lo+Fo3BGsJMltxm0yisNLonu/LukvFjJTxOD+w/7VxlP9wG3Svxy2MfSAjlLOs+LWM7I++ZozlZU/+BGI5ZEmWMxRHbKap5s0n2nnENAMXI/j6znnHq2AjqzCEb8yrmvVfmITOxAr6BIV+NLfrz2Y9tyqlkZUXW/nN/MuVq+P2G7KJo2NPvdIOyvT7eFoKMbI4FMfKfal6qmk96q+qFnYSWoVVAu+MPPbTzz+ki6fDZpuVOlImcHzj1du1H8AuZa6hv2R+2Y2KFD6WpuGNR2vs4jZP4YzOKwMyBE0a3UXgKDsHUBMOETMqK+M8ghWMzo8uVfm3WkXVxK0FXUZ778PEMRu2iByEQP7J+dUAJ52mSyUml1OEE81FpRYLKO0MIVBOmgyQ8Z0Fncql9Y9OKkIq9JUaZCz1FOJ3KPVYI76N0VNfzNzLMoQvpIx/1gXKTJJ+5RdMAiffdFAHQTpA3gOXvjt4MbwBkpYZ4BEbGgnqto38y2Rucdq2S9Pj7MQ9BXygf0m/f+T1eRmRTBzvY4RfGvg3SCaHb+gUVbI+ZNCjOf+F8L7LFxJVfXtUNSctW7yHSxTKZJLf5LRYCQ4iA2MtvbdhHog1dmhXJ6IOFiMj7BGjEaQBRoz//PRNCKyzY3ak+SPQ9Hd80jOc4L/blocCML3zlM/pHqt3UKEoPho0OPLdYwmxN4AoK+fg/q7ap6NbKaA7bWOwwyJNBIlEZh3n90NBHuzaflddJISfm7OZ8i3WFw6kcgyNU9axH1yfNKFs9w26nUfBb5QuQjKpZaU9yKZPa9S3ElVA7LMx+ssVe7EtzmkcFKSlcOeK4m/HapYd8DyGMsdFk6OfwZMP9Rj7tRFh1cQt5uyMpKbneHQypuagIsrfCszPizExybcc7KzMH0sVnQaAygdHu7G5E2SHM3Wf2aJMJIfKLGQjflJbKYyAM0edSQWMp8FaJ1HfNGQQjji8JoWZ72nk/RGx9+gNu2dFzjXV0bVzXHCrLuCTl+jfEYSixLHtf3fi9mpIqSMBMOmYRGpn7A+8EyyI5LikZygVUfLjIgJF8mAqFgZy2x7XOMTrCINM7kNa4bXnHhb9yxiEvAXiXoeI4Ee4LPikEHz5VbMk3kFps00BcvEmvDb9nFohgM2BcUxq6lxfGieySX7HB0PoK63lNO5lP7GuV8jshD/zcljdc02a7dUQJm981QgTpN8SLXgao+N+GHcpHRM6Vu/65T40zGRH0jb51oQKYyk/v6Py9L7sVokJppwiL8cGDx6bz5G+UbAIvNXKkXMnowDgO17NP/FimX/o8xbUsXknS9npK/g/UWQLKPEfQN3J2LQLBwAm1/oB6lc/7vwNLNrDrMjlBZLhw0lCd02J9u8hVMJ8EhpSf2q/BlswtKsTIQGMoqi8KKlGyK4DpoErwQeaTTytKa31DljCs/G1oIr58rsefw9rQ/kBHNXFyP8VGOy+o2u04xpLTwrlNsTTUy0F/G4kOAAbD+yCLC+ES3xRS1R+iTf5zlpt/y4QOXfoEOESg/2nW9xqtunzkhNNPQt7ovnfyOff4QORLR6+5wsJMPDiDlS1K/WPpwrI/TdxItBk71TYniNmbr8XHeH+qu7wHF94+KMz7dITe3sydj7GUPJ1A5tw/Yu00e8e0zCcLKCG5pU/b/NFmiHz91SxT32/5iHnno3B0jHNH8VgDLTIRXF3BPsvAdUfIlcPiDgNkWZhmLFZWkInk55SFXENCqLx8Aj5HLimXD3MHFzaREFxedvStShrACSvCT/BysdyY+dT5nTUzf/KktlT1Iu2rk3QxspdtncbTciiUr/FFi9jNKPObu6eoL6ClDFFl8eE3M7scpk84Dohyct3HBnhjmywPCvzijOoXxNW/DNEDt75B306lseu+Q6sY5FWL5lazwMarqa24EjHC6RkFcwf6K8EsaTMYAP/WRyJbw16pH4nPNeJH3tRJu0PJMYs8LqLsOXczeQFFXiZNv/Mu6cf2eBYD8S5ypYFHXbAaq4aA2/xml0+HVzsOG/h3c01Q7rIwdN2cHfGBLlPl1a9kIU0rKGR/xcjdlxXhuiLcQYPh5eTOYc2o8GD9Zm3jYg52mK/oepdwZCznDtIE6Nzv/0SF6VrsVCqwQl5QDVkWXXpAOJ19qFmMu5o5QgzTuJAQJSRPN5QkwOXCqKWnGpjvSbPF6fJqN7UPqU/ly05alvdWECH6oj
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-03-14T10:56:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8444a337-9328-4edb-9b70-774272b5baf9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-14T11:00:24.000Z",
"modified": "2023-03-14T11:00:24.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/ac3f949cb6e892238fa6902caacaa5ca64e4181c563af1e3650c9decfa64817a",
"category": "External analysis",
"uuid": "053ea788-3d96-4ae6-b15e-96cec6109776"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "33/69",
"category": "Other",
"uuid": "cbd09660-1212-4654-a8b7-1f54374191d9"
}
],
"x_misp_comment": "98689960e2ac62f3ba796c1464a191d49da27ee6: Enriched via the virustotal module",
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--70beb14a-f0ac-406d-9dbf-0d9302a5ffe2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-14T10:56:36.000Z",
"modified": "2023-03-14T10:56:36.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.imphash = '61259b55b8912888e90f516ca08dc514' AND file:extensions.'windows-pebinary-ext'.number_of_sections = '5' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '4208192' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2021-09-25T21:56:47+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_authentihash = '897465623f825e3311d9c0947f25c142d570e2958eab6406348dc7f8317d59ac' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'completely' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '96.60.17.30' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '040904b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = '96.60.17.30' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'phlebostasis' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright hagbuts']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-03-14T10:56:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--67b8d93b-d243-4f88-8efb-728093442afb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-14T10:56:36.000Z",
"modified": "2023-03-14T10:56:36.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "9600290c-8952-4172-b019-bba585a93379"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "26624",
"category": "Other",
"uuid": "4ae10ffb-cc98-415c-9fbb-6e9255043ac6"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.4722766230246",
"category": "Other",
"uuid": "2ceda395-122a-4059-9b93-088d4381d0d9"
},
{
"type": "md5",
"object_relation": "md5",
"value": "0c41c917e7453e236c00cdcdc2ae3799",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e1f523e3-448c-48b4-a0a6-47dd77b53867"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "77015f6b2420831328e4a1d66ab2955072d70b12",
"category": "Payload delivery",
"to_ids": true,
"uuid": "f0d1dfd3-0ec5-42a9-9664-c5139499b050"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "6421606108c45bde6cb2c4251818d2c7498c4e5cf1d07a6d158db0f5581d07c2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5e99f98f-5644-4da2-8b7b-9c2da3605d92"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "e555f8ca08565aa6584ac4e6fbf6765ec4b2faccb84b2157ed7baf0f5c3d2d759e91b04a2d875ff8d2630c98c351ae30bce7e763df293ce8b089df3ad410549c",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5e6cb371-9dfd-476e-b880-bb5e8954c94a"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "768:TXWsAYF0UQj0TU9a+IWNu9B1MxlthhMLWI02L:TmsAYBdTU9fEAIS2L",
"category": "Payload delivery",
"to_ids": true,
"uuid": "be6546b7-51be-4f56-ab1f-8aa783f9a72a"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9c0bf704-01c8-4446-9bba-1304997a3a31",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-14T10:56:36.000Z",
"modified": "2023-03-14T10:56:36.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "353881bb-2ab4-4117-8b77-110146524476"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "5120",
"category": "Other",
"uuid": "584a30b9-4e3a-4dd8-ab6a-fecab4f4434e"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.2097955685559",
"category": "Other",
"uuid": "7621d06e-e524-4935-a1a1-433de25c532d"
},
{
"type": "md5",
"object_relation": "md5",
"value": "aa8a9071e074b05a85b53f165792b649",
"category": "Payload delivery",
"to_ids": true,
"uuid": "12dce1e4-fa83-48c8-9fe5-b440dbbd6c0a"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "1b14074680926c8b5b7471df62a5f86a7262596c",
"category": "Payload delivery",
"to_ids": true,
"uuid": "99d71efe-2b22-47b3-b29f-c5618947be27"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "4e281c639a6ab044696895106e2af7e7783426b78da0b471cb31978e4dc74a3d",
"category": "Payload delivery",
"to_ids": true,
"uuid": "99669350-f284-4766-892d-3f70fc9f983a"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "cb501b663a4d272463c992b0b5fe4ff0bb5b4740e117d2a425251ade765485c910e4004906ffb09e608ed1bc61cd9f7cc0bcece41d6be2e9e52320ca9b9f8fe8",
"category": "Payload delivery",
"to_ids": true,
"uuid": "20a9c44e-3a78-4e64-86d8-689c49766ace"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "96:hqGrMl8xCavqvIdvqEJdlTnDPhxyPYPkcmkJqiy0BjKwrYQ:lrLDdzFnDLyPYyk8UjKGB",
"category": "Payload delivery",
"to_ids": true,
"uuid": "dc18e4c5-41c5-4e1e-9568-7c2f30d4a384"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--07743820-a48b-4770-b916-2964442e527e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-14T10:56:36.000Z",
"modified": "2023-03-14T10:56:36.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "ea621ba2-c96e-4430-a5a1-49830d57db07"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1536",
"category": "Other",
"uuid": "fea574bb-0225-498b-b76e-4b13ddfaf602"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.1105821276542",
"category": "Other",
"uuid": "7fd28358-b300-4022-8911-a7bbc8e8efb2"
},
{
"type": "md5",
"object_relation": "md5",
"value": "4b2421975c21b032f7ea000f5e7f9fbf",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d66493c9-b383-4402-bea2-dc91d0f314cb"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "f45486287d474fdcafc99c24e37c4eb61bf613b3",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7e7da7aa-659c-4e5d-8dee-39a3c4b446ed"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "f05daf3c91cc357d04794a740f21eaaeb870f250877e3a6dc498c5c3046cb414",
"category": "Payload delivery",
"to_ids": true,
"uuid": "584c9e6e-f0c0-4130-9318-0b1c1c93b7c2"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "45b9cc616c42014c0429c4b66e47f186d707cf9319ae7afeb824f71a52014a2fe63ae33ad8299b4a9be04ab00a5fe53353edb44485bc6eeefbe01f67037269c1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2a7aa27c-7d5a-42d7-b87a-8e330ff880ee"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "24:E2k68GXOn+C+ldL6KvtNxLyVA132BtfRtuuxOApcAmgLl:Hk9Gen+C+lwwNNyVDtbuuzpcZg",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c56aeb83-2a0a-4710-ad0e-a017c73c02dc"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9bb6e5bb-6eaa-4d7a-9bc7-f645b7cc062e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-14T10:56:36.000Z",
"modified": "2023-03-14T10:56:36.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".ndata",
"category": "Other",
"uuid": "72f54867-ceff-431f-abea-ad2e51314655"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "0",
"category": "Other",
"uuid": "1dafe2a7-5dcf-4854-a1eb-fa990e35f65f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--701f0ec3-123a-4ea1-955c-ab1f01dc2073",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-03-14T10:56:36.000Z",
"modified": "2023-03-14T10:56:36.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "1904b87a-6e5a-42b3-b9b6-27f1ff65a416"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "3584",
"category": "Other",
"uuid": "05203d87-61d2-480b-9da8-cdb572b0bd9a"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.5011372937164",
"category": "Other",
"uuid": "633bb984-1e71-4e65-982e-f185a0393541"
},
{
"type": "md5",
"object_relation": "md5",
"value": "d7b4c49f480f78834fdfb3fd909bd202",
"category": "Payload delivery",
"to_ids": true,
"uuid": "51ec3a68-fbe5-436c-8bb3-6ff2c5de7b45"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "4593d427db96956aa2efa5ff8c2ee2efa0dcc2e8",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5735b4a1-cf2d-46ce-9867-7c36f29b34a8"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "9c0ce1dc62b139aa0fd73d61eb904fc072a3ce721e41f62724d37bfb9c7d6dc7",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9f6dc94b-0561-4fdb-aa27-3de2aa4bc973"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "5553d2383e151ecde7a0971a4f4a911edd744eb2325292446001b5c1d67e6adbb61b238f528f846f8a33f1119ee01b3dc94bb8c138b66396a57cea99f1088d28",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1d213fa0-fd3c-487c-852c-d77d06afde3f"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "48:iHy4yMXAQI/S0qK7/3zl63kMNngN4x5eO4orLz:iLAQrfO4xoOz/z",
"category": "Payload delivery",
"uuid": "5709d6f1-d620-4b65-a874-4af43d08446c"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink