2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--0e887f03-5aa2-4a7b-b0f7-66208c6c657b" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:13:31.000Z" ,
"modified" : "2022-01-28T11:13:31.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--0e887f03-5aa2-4a7b-b0f7-66208c6c657b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:13:31.000Z" ,
"modified" : "2022-01-28T11:13:31.000Z" ,
"name" : "OSINT - North Korea\u2019s Lazarus APT leverages Windows Update client, GitHub in latest campaign" ,
"published" : "2022-01-28T11:13:43Z" ,
"object_refs" : [
"indicator--a80f5a34-353a-46b3-9fdc-114c972ab00f" ,
"indicator--88956f60-0e7f-4ec2-9761-3d9f198820f5" ,
"indicator--1893197b-59e0-4154-9277-4c877f17bf54" ,
"indicator--1cffc643-67f5-4791-9681-f897b103c810" ,
"indicator--94ba792a-7c50-4784-b3d1-12fc6b0c9da6" ,
"indicator--8b130b66-db7e-440a-9c71-5e9f027ae456" ,
"indicator--c4a4be82-39fb-4ffc-a7e5-3baa4de4d67f" ,
"indicator--78b06653-6b12-431b-b925-3383ed6e2bc6" ,
"indicator--4766f4f1-84a0-40ae-8cf7-0aa91ae1ddd4" ,
"indicator--db548277-c9b9-45da-8f10-019cba24e679" ,
"indicator--c1aaeb30-267b-4040-a69c-259060ee9ba2" ,
"indicator--8e0b53ea-8268-4007-90dc-56d8831db287" ,
"x-misp-object--982836ee-05aa-4b35-92d7-b83579145ce3" ,
"indicator--cb3799b8-19e7-4f2d-9783-0f711421d643" ,
"x-misp-object--621546b8-22b4-4034-bddc-90271cc81520" ,
"x-misp-object--b8f14a3e-4a67-4d1a-9d84-c226fb0a1c4f" ,
"x-misp-object--20622269-6f11-4e6c-952f-ee9c004af16a" ,
"x-misp-object--23add241-c3b2-45ca-b030-640f6fff6bbd" ,
"x-misp-object--63f07c3f-03be-4782-a1ea-3ac329dcfe19" ,
"x-misp-object--6d7032a0-0cdd-4498-8940-93ce1d0cc2b0" ,
"x-misp-object--4cdcd402-e02c-45ae-97c4-0c5939ac9d21"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"" ,
"misp-galaxy:threat-actor=\"Lazarus Group\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a80f5a34-353a-46b3-9fdc-114c972ab00f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:08:48.000Z" ,
"modified" : "2022-01-28T11:08:48.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'f14b1a91ed1ecd365088ba6de5846788f86689c6c2f2182855d5e0954d62af3b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-01-28T11:08:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--88956f60-0e7f-4ec2-9761-3d9f198820f5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:08:48.000Z" ,
"modified" : "2022-01-28T11:08:48.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'c677a79b853d3858f8c8b86ccd8c76ebbd1508cc9550f1da2d30be491625b744']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-01-28T11:08:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1893197b-59e0-4154-9277-4c877f17bf54" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:08:48.000Z" ,
"modified" : "2022-01-28T11:08:48.000Z" ,
"pattern" : "[file:hashes.SHA256 = '9d18defe7390c59a1473f79a2407d072a3f365de9834b8d8be25f7e35a76d818']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-01-28T11:08:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1cffc643-67f5-4791-9681-f897b103c810" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:08:48.000Z" ,
"modified" : "2022-01-28T11:08:48.000Z" ,
"pattern" : "[file:hashes.SHA256 = '829eceee720b0a3e505efbd3262c387b92abdf46183d51a50489e2b157dac3b1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-01-28T11:08:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--94ba792a-7c50-4784-b3d1-12fc6b0c9da6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:08:48.000Z" ,
"modified" : "2022-01-28T11:08:48.000Z" ,
"pattern" : "[file:hashes.SHA256 = '660e60cc1fd3e155017848a1f6befc4a335825a6ae04f3416b9b148ff156d143']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-01-28T11:08:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8b130b66-db7e-440a-9c71-5e9f027ae456" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:08:48.000Z" ,
"modified" : "2022-01-28T11:08:48.000Z" ,
"pattern" : "[file:hashes.SHA256 = '5098ec21c88e14d9039d232106560b3c87487b51b40d6fef28254c37e4865182']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-01-28T11:08:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c4a4be82-39fb-4ffc-a7e5-3baa4de4d67f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:08:48.000Z" ,
"modified" : "2022-01-28T11:08:48.000Z" ,
"pattern" : "[file:hashes.SHA256 = '4216f63870e2cdfe499d09fce9caa301f9546f60a69c4032cb5fb6d5ceb9af32']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-01-28T11:08:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--78b06653-6b12-431b-b925-3383ed6e2bc6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:08:48.000Z" ,
"modified" : "2022-01-28T11:08:48.000Z" ,
"pattern" : "[file:hashes.SHA256 = '11b5944715da95e4a57ea54968439d955114088222fd2032d4e0282d12a58abb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-01-28T11:08:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4766f4f1-84a0-40ae-8cf7-0aa91ae1ddd4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:08:50.000Z" ,
"modified" : "2022-01-28T11:08:50.000Z" ,
"pattern" : "[domain-name:value = 'markettrendingcenter.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-01-28T11:08:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--db548277-c9b9-45da-8f10-019cba24e679" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:08:50.000Z" ,
"modified" : "2022-01-28T11:08:50.000Z" ,
"pattern" : "[domain-name:value = 'lm-career.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-01-28T11:08:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c1aaeb30-267b-4040-a69c-259060ee9ba2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:10:56.000Z" ,
"modified" : "2022-01-28T11:10:56.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' a 27 a 9324 d 282 d 920e495832933 d 486 e e ' A N D f i l e : h a s h e s . S H A 1 = ' 0 a b 8602 c e e 94 f 36739 b 6649467 c e d 514301e58 f a ' A N D f i l e : h a s h e s . S H A 256 = ' 0 160375e19 e 606 d 0 6 f 672 b e 6e43 f 70 f a 70093 d 2 a 30031 a f f d 2929 a 5 c 446 d 0 7 c 1 ' A N D f i l e : h a s h e s . S H A 512 = ' 76 a 3 c e d 357 d 5 f b a e 7 b b b 0 288 c 4 d d d 23e2 f 8 f 77 b 7256 f 2555 b 34 f 666 f f 2 f f 7e5 a 1 f 1 b 68 f 0 f 53 b 859 c 41 d 57 d 5 a b 44129 f 910e0 f 1 c 7 b 9 a 51 c a 0 79 d b b f a c 6973 a 96 b ' A N D f i l e : h a s h e s . S S D E E P = ' 24576 : i g u U g X l N f A E I k 0 A K D x j 4 e i g e I A z T Q Y U r X : i n U g / I V G g e 8 ' A N D f i l e : n a m e = ' 0 160375e19 e 606 d 0 6 f 672 b e 6e43 f 70 f a 70093 d 2 a 30031 a f f d 2929 a 5 c 446 d 0 7 c 1 ' A N D f i l e : s i z e = ' 1293824 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A F x Z P F Q C l L D 7 o 9 I M A A C + E w A g A B w A Y T I 3 Y T k z M j R k M j g y Z D k y M G U 0 O T U 4 M z I 5 M z N k N D g 2 Z W V V V A k A A 0 D P 82 F A z / N h d X g L A A E E I Q A A A A Q h A A A A a i r l O J j h 2 / y f 5 S 0 T J p 11 P B r s j 0 0 D 9 G 4 w y U K l 5 a Y n N Q g I d W G N 0 a 8 r F u Y 7 Q F z u q C O E U 3 v 3 R A R u y R 0 s //gjPpE6C2rsTTyMXp29uavs0ZJfIZ+vHWx+Z6+Go3ce/Pv3ymIPVNgaCQXP1PRL+EfAnoYB8qlZeYPpz887K19BM46RSBqdbR+ER1xW6SectuHemiRiMhFm1WBNANaflrvFzh3vFQ+WAaajyyCaXBBtP2+3YoC/jf/IBTJQz0y++E+YNmjLBTKK383AtJCJ4+q2G4mR+UOr0fzrk3+k0Wg+WguC9zj2xZUjziYEPyTthsCLqH7MXipr1M/N63pqggJsmYmVI1lPDVdOpIzqfFl2ZwwbK55esiK0UfWAGtNkoFL6s+9petmLmeq3o575w+LRSisLEViaU+KMlbEfWK56S+SmYeodO/SRjujrc1He91+2zF5GGuYUZVNww8rwjTc3NI/OMx9zQWctiO2Jo7Y4cZER0JBUiH/5NqmdyYRW4G+IrEHZO9gqjNEliNjpmT+tqRgNnGfpSbCAX32VoOfPvaoFFh4yLa9r+W9oi1yozzEgR9JxSYDSpRDVKko1LxWciSSw6mWDygAdj+y0IjMZijff5i/tU2g4ebucK1v4hRYqhVtmc1nGru9Pi6CpyJ1ZLT1p8AKX81YYHA+m5KkNel1CGmpS4PUZ3ldp3ZGe1QlrIcsx18h7eI4PLFsgwq3YP+tnSqQ9clUT5XAhios7Ax2gveCswtua4pQopuITup9Di2b/FoiIoGNeTv2B2AgUrGRRS8rOCNfEF7gMlrRUNUcUADvKfW3apli/BDeamHU4Ny7d4mMBNWDrk5PhrVeLN8OEbYimbBpnN0Q9IUz01XBwj/ZegfphkYpRJyP+nIwP6vDaZiYPnD1JZ3mOhxZM7isdbuOkp/urB4SrQ731Xru90kha+Rcu68H4BzV+Fyh06bwHkPXywl8hX8LmU+NeTRRpU4Eye7AwLvi8MyVlRYSWBH3HatFnJ0Mlx1noYQPGwCDsBftOgOuCmqkqUKfgBLslqe1wocuHd5MncU/NTno4Y8DYNRgF98Z7ssOv1I9Snytp4CRQdwHwoPWdzZFb1itQ/lfvjvmxZMqRL91iy8qSF3zOUrLfgbPNJVLAVK3vOmYx74GgngQD3gDjSx8czyTjlmpqOSuh9sm1Z0i7oIiQCD8FuONUbUHGQYD0V0pV4VGpZRbqJZmoqQtvvBWUiNDbCGN5g9ilkagkoDK6/VkTYmZ2d9YFCWWohoQ5CZqys74CzT8uMWUSvk5xcfWgCm7IWCzIEejpUUBqlcWUCH0hcEzaDD2JLJmAXL97iGK0ko6jLeIOtQlsZM5T48yj/SKiJE5vQi7aROddSU7FkQrS7rV44RG6Wye/JfXdJ6DTqSV5tsshWy7ep/X/zXNazBl+ULku4U4lhs/81sz/s2g+jVEZNiNGdf/TTdNSHySjnYAyqrYUCVNIzuV5fDOWBmeTp1zsrnJED74+fSvjTCY9d3BzKutU6gpgOWyEY5nv2HEAh2qh1N3Xv1LzdkyuYi1QeAyIs/vXkVg5XYZHMy2fl6IOYSuNbBVBKtvui3u5o+OaR3k6r/2WAtTFbJQAGCDaCkBwoVR0t2aXKMJuJsiuCfpynlDM+FpokSQ0qEmK30X5bQKlDDViagtQynceMDfN9UFx6NmsXRAP3lQqNOPjCMdr+8SZiJgoejCgYCLHC6GJEzHASJLr0VVeEhCSqObLkCHC7PIRK4KkqxJJqYeHPIHqt6NVPhJ6SZurA9ZViN6oqwTgHQsFqHwvOOsq8T9juGqr5VuR1g1yy17nsot26IdBaI90HKu3xhVqstuXsyVk1Tw5s0q1RbdyUzpY8Xv6jVejNyvj3xsgTiM0Mxl3fPVLHqaMqJ6er9xOLbdFr8+YZT2Iv/KMLLXuYy6XSSa+pg4TqAwX57V4PWdVJwzy2ZdUkPs+4MjS8eVxb7+vLT2d0H6kdzRgbu56r0TMhnsGilbHw5meOXi6ARtrTRelhHuPXqeUxBifIGZ3ijLjVU6zEiKA4gR3vm60eBZcZvtWs4PW/EvuB78J121wqYYwjmRdzaPruUVW0B/cLulkx+vQoHHoFEpOJI/fMn612NQJb5DB0tXLv8ftlsr+Ba076czPNOsG0vXSxCUcfwD1hqlS/uIH3XS/5Ovxj6wdIMqGmvkMY5oXDS52Dg7CbhdRaVz178mPSWzjpwXW7X7GZoVh+eIYZOQBtyeKiPdYieS+o+RAHoq2D9YX5G26YDniGMFs6pqBN5EL/6lIwEOCWAqm/ZmtdMuRihgXdUSTEnK0tMNsq63KPX81WuHBevw9I97c6DfISv0sAGffOEAk+eYgLOqB1NNU4DV9r+Ehf4zesvI1nVcdjDxEuKM7g3cKLrmqq/1chVHMw2tmiCSGDC0VgAgoIn7m1CV4LFW15q6QhSHHuF0Yzv4EbUF6Ek5qZ6waGbyuA8+EkS+qUkPEhfVwvF6K5+9ensiYI8kyPnt0TDyLYVfMr76BOXxSmI27FPS9kyJvfbGYUpOPVIqUsU5mOjzf7i/p1cR91MCE+j3ja4Hecn0/gAjuBddfSVP9IynOxhtJRNEGzFLygMRRs5Lv2fYR9xTCaDWGZ49UzloEnAOYAng5kYSrd9BVZXpgnT04DrM5ob1Q5DSJ01r0xKQMdBiQOkdwrvODxzkEYF3uL5Wysprn6odyOH6AJTdEq0Op/hPbC3cHAb1uag++0lEKG/hlEt2/VF8OcjFVfWQjCs+7KPgCXgwDjMC2rYcsgfA+x2dhK5JuTYoTceWabjJk+fTtBlkj3fxYESOxFIP+2hySjjYta6vUD3k0uCuS+zNL75N3aYbA1n4+xX01QNrJGmcpdNjFVVf+ZeQ3BGuZKHubIGCAlG3FfltMlvQ2N3Ui0F0r337u7Pye75aZ/9p7czE0g6L0kxZxVsg6Y1c+UgBGXa2DdLsq3PUqL7Lroy7RmTADyE9w8v5IhlVe0tD5tdHjvqI1kg2QX7rwLDg1OfhELZa3+rYPpsmMKYNnTe593kLqsooILwc0f1qDm53HhYKb5vgv9L+rcoafQ5QioHbWrPF/BenmfcYDuIi5PzjmJX2TvAAL3R73QSRFnxszLpQPqwAyX+OCKglfRjJAORnfZBRaLcdtVOYCiZRFC5J1zNPpBYlc4S0MDIAO33nMLAh0aMUMDVbtyKVRKDHbNIqBLUqEA9ys+edhAOAtlzYnZcOaKUdRWpgA1Ippdg1Luh4O9GsJJkpCQtAX2RVv35XYqGfFYrDKel54T8Phnz/AK9q4c5BberxWZWs0x7DvRg/0NMoRLBojsoPLevHEnQq2QAPdQ5
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-01-28T11:10:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8e0b53ea-8268-4007-90dc-56d8831db287" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:11:35.000Z" ,
"modified" : "2022-01-28T11:11:35.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 490 c 885 d c 7 b a 0 f 32 c 0 7 d d f e 0 2 a 0 4 b b b 9 ' A N D f i l e : h a s h e s . S H A 1 = ' 294690 c 1 a e e 8 d c 7723858 d a f c b 2 a 0 e d 273296641 ' A N D f i l e : h a s h e s . S H A 256 = ' 829 e c e e e 720 b 0 a 3e505 e f b d 3262 c 387 b 92 a b d f 46183 d 51 a 50489e2 b 157 d a c 3 b 1 ' A N D f i l e : h a s h e s . S H A 512 = ' 127 f 0 14 d 18 b 926433 d 56 b f e e 85 b 350 f e 36 c c 26 a 1442 e f 8 f 16 c f 1 c 9e6 c c e 95 c 2 f 83 a 8609 b 9 d 29e53 b 7 b 5617739 f 760 b a 4263 b d 6222870 f d 25309 a 16 d 46000 d 29 c ' A N D f i l e : h a s h e s . S S D E E P = ' 6144 : f r S Y f j h A 5 J g Z 9 f A c b 7 P N b l I b R G C A O J q u F D u e 2 Z m r Y n p : T S Y a 5 e Z 9 f A c / P B q u O d c h Z j n p ' A N D f i l e : n a m e = ' 829 e c e e e 720 b 0 a 3e505 e f b d 3262 c 387 b 92 a b d f 46183 d 51 a 50489e2 b 157 d a c 3 b 1 ' A N D f i l e : s i z e = ' 232936 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A H J Z P F Q 5 D R T 9 d + U B A O i N A w A g A B w A N D k w Y z g 4 N W R j N 2 J h M G Y z M m M w N 2 R k Z m U w M m E w N G J i Y j l V V A k A A 2 f P 82 F n z / N h d X g L A A E E I Q A A A A Q h A A A A J g x w Q p s u 8 E W j 6 j h C 4 u 0 G S T S Y L F Y F V O C n g m M j v T 1 V d H G E d W b r Z 8 o v T Z F A y o q h t v r j 6 m n V E q e e k P L 8 B 1 f H I C a k o w 4 f Y w 86 S m g p l W U y T 5 m m e S j 6 N d / w s H F w + G t p U m N m Z h S g p l D d d u d J L o C I 1 a B l 6 k M I K h E I Q + Q 4 c s S k E t o i g J + F g H S 0 c 92 j 3 L Q W M R 8 u 0 r w t D A h p l K D 1 m a S I W 0 l o v a H F h P Z H c 2 w o 3 w 3 m 8 g G p Q W d w r G 7 k f o I L 9 u g x E k 62 t Z l W v K M 3 s j F R o w c h t Q U O q W F + B X w P r v 4 Z 5 / D v u j s X o J e v s S o Z 8 H 60 Y 3 A I V m R H + m 2 T T M L e Z k V Z u U N d Q G 2 I G Y X N q i N o I X x H 1 m h z / N m a 9 p w i 3 f 3 j 3 S G s a / 9 X k s + i 5 R D S 2 T u 60 v 6 s u M 6e5 Q n 6 a U + O U B i y F r v O 0 F 38 L T s I 4 K O F H k B j l l F H K s o 9 A 7 e l / t 4 e l K / U O V H P I W G g Y b n S N h + e s / Y P x D r 6 y 75 k l a z i q 8 h p j s t 6 y 7 k v / V f a Q x K Z s F I J / 9 K + J 3 q 2 D q e 2 K V 8 X b a q J j F 2 i h 6 B 7 Z j 8 y P E F 9 i U S o C 1 Z Z Y V V m Q 2 z b N x O B J 0 X Z 9 b X Q A V s W h m V t r 8 A Y W L n O e B z M I E m R a 0 F P S H B 9 l u 2 c N I t F e m / o i J T 8 H o F f p b K M C d d J 9 J l v N H K c r Y Y K 8 P x 20 u A z r 0 E D b w 1 M r 3 d v h G M J S d B P h 7 u S S 5 K z N b 9 x / 3 Y 9 O Z H F P A O U 1 x y v D P F 4 d I W D I a V R 0 / h K 4 y o n 1 E F t k p Q s v 6 j Z U 9 u a Y 1 O Q t T F w x R V F 27 B M a 8 t z o B C 2 M d T l J 1 n Z + E 3 H v 2 K j M d 0 F q 2 y A / E N w x r B X O C y r u t B u e J q 1 T 7 / p b A / x I m X Z a Z E i H 9 m y 9 g S l A n R z E 31 c 58 f v M A b 9 h K a Q C l T u Y q k 2 b W Q r M T A n e z N f e Y 8 D j b i / A i H T T 4 q Z M 23 O V l K p C P h Y 9 c 52 z w O u I h 5 y v o g W J W A P H F h e B 6 o P x s t c N R l j L R u m N D C g D d 7 Y E D N C p O h j I n z A z j + 2 S y B z r / f j g I I 826 u 1 o E s m z L F i z r w m K 0 1 Q j i o p A p 0 H 87 s N 7 E W s w A l f B g L i j w e 8 A 5 C U / + H k B e o J o r l W X K T q + y P Y N I 6 K X W r z b D x V N / L N 3 r l d x q N E / C 6 D k E D A / i 4 c i I X d d u J I r + 9 u / t 1 M s I r o N w E 1 g Z F 4 r T o J H S W l c 1 J g B b m c R o e s s 37 j 133 I W m h U + X V 6 b y l 6 w k E 1 C 0 f J 2 T P D v h d L I 4 p 0 v z / Z J 5 i + b n X Q B D l 0 F e 248324 S m 6 V B q O B a L 29 S J J 4 W H b n 3 W y R D z B T I 7 X U x H + c a V M O L k X N U R 4 v h t w 7 P p b l T 9 r X N l h g 6 p / 5 D 0 + 2 c 8 b M Q 1 f z f L W 14 m V 7 e Y z V E B 5 m / K + r L 5 X p T 9 m o W H I q F b A 9 //cdYwe+5cATc8tn7e6QzVJxx0SPHloCAULaPPzhjhP/E63yTsxgqZQ3+KLgeVXbMycfSGDvdAcJXLrHvZAcpsGz43668iu3c8gp9HL5euJgxwf7Ai8Dqi8HoKTqRlaDGNQjNZfBuQa1gVZeHVi8/KR5yu8yc8DullOlMS9cP3CAX2SQffcWz66PCP5RVRwZ6KqZ8ctYKVUZWrQ5e84PueCjvdTCesF+UdH2Sqs6MJbMUF4W/R2UsEQkLMvLUG4E1CyWNahNDD4bAILI48u0+82j/mxulspYVHiBGzpU7yxx0gvUoOSGYOLhtu1lb9MaD3Orbtljn+wJ+yJnhDWYz3A52faZGt3JfL5iVzubCgHRT26SelVNMgEAokXy3yjdTm56OdtDKD2dxnqak+8T5Ies3VMflwISHj6eXv1fzDiKlMOfyma9mFFjW7IJ/V1CMQ2IuAve45etBHPQkdGrx0Hsta9zKxCnZ6IBewYDi5gnGxrmCu2G7YiRk52tEhbxgq6hJeKEOfundt1aVO0aY3vNkO5LgNKV9EcShziHcO5DN91/8jurz7S9wjSRcajwoAU3CX+mrXdoHJCjc3QsunDU5Gv3Rs9hvd2i0KuEL1hclodL0xkGuSzYGGTg7rdS9AZcehtp6QRLd+cqBP2PXpAgTVNApt5Dy0KjrBOlsDkdGmaHhPvaZIJsvWexl/zuvIS7TMlOiL0cpgdh7FVVn2HS+OIonuzXhd72UCGFXxyfokTlU0C9nz0+g5Pv1gZc52QPW2G5U8csmQsYSOI5D80dvQM8k61fUOB7kURhyMSS387+29BhKmHWn7k8GK7ITMWZ84lfMzfYJt3ArdTniv71Cdu6zlQ0QdlIR1VFUhWpQnqBITwPaiXzHhHs3CepTDX6vKwI2czXp2klmFzjmtZJWT66yIqtlftb53CR7fBRS/+K7CgsEgnIOGJxS0oPWBSHNTYQHHrZesrmlJqBXbwc0ePQC8saFcMILZNK3hC2TK/0SMBFHzQYAujQlIG1ecW/8IJpuL5Mev8MCu4fn4WgOHZUa9wqMSUTjkFUAJPF/DoQ1dYYFNiupAppY4SaMKSR3bpagDWyvrbRTyxxGwbOJuLL8+FiYWpQ82a18DDeYoWN68ikbshxdlKCiIUmUuoS3TG3EF+eCsWxqOE3lV1/3uHoLYePY7h9fuKhvYdlYD46Dv+RCti0/R4QmFnUm/jOuM7d8zw+IXnqgvCeTwscOqMvMuHMzTmWjvgTK088kE0+kyQ4TUKOw/doBpBQo/Dh99Vsa2dW68VjfbAcQ1cVRHUbLWAAYX6bXlxMN/dulxsot3PJQaKH7p4kl8kdGFqGH51bpL0mMB1O2AxU9GlEIb0Lqh9tgNHpPWVB2s1wgN2ZNvSsMawBjc6t0DhEeuEvpKunvdNPtCe1nfGYBj0KrElAbL9Cn4uLW+WHVoG66TrKCJDeV/a9D/6fuN0dZLJ0ojZkjwV3rsG8Hr4JE7JNlhcrek3INfYnndFqrz8fyhgNQYTk5bKMjj5G8rIqoduvRaOY3IVS4luRczsBL2tg4lYRyxaeQKgRejkRr2Pr6kgyldouqQggbR97Ie7OuZaHZRnk9lEJVZ/SWph6gUNmKsUcQg4klS9MFC9U0K7hpYZuqbZngJY84pj7mYs9Sp9z3x8AhQFiKpxSM7gYbjvM8bgSJ9ifimqYS3rj0zGEZ91Ns1Z3w1SUiBqZ+FnmVhccCR8LINMovXJ6Hino/tB45Vqyfbx7pr7RE+XLpV72wK2NJ4gVvqxYVMYjtMgWNb7dmUdhO9+YFk5VT7vLxFmLNHcsLWi4CpRdo2xmuU1gpd1lb0mYA20RhwPoN1XBRZVXdW5+mCHm8SoIBlL6a/0HuksHEzRHgqkwRcB3Dhe72+yQVMTJqpcxXs3cKdFZ9AgZOmthJ64vLoU2I2MeIxPrM4C1pw5lTYc0/yzgKrZYHEdPevwyUi+29k0dYOTNQkNvkBeEnZtvOadyrOzKDq99F9Jis0U3XRMkULTQRkBxBOfZuCRjYrOIQk7YsRX2G
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-01-28T11:11:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--982836ee-05aa-4b35-92d7-b83579145ce3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:13:31.000Z" ,
"modified" : "2022-01-28T11:13:31.000Z" ,
"labels" : [
"misp:name=\"report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/" ,
"category" : "External analysis" ,
"uuid" : "b9af4626-d91e-4386-b8c1-ae2ee902eb8b"
} ,
{
"type" : "text" ,
"object_relation" : "summary" ,
"value" : "North Korea\u2019s Lazarus APT leverages Windows Update client, GitHub in latest campaign" ,
"category" : "Other" ,
"uuid" : "56c6c206-1bfa-46ed-9cd4-1f008d43b430"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Blog post" ,
"category" : "Other" ,
"uuid" : "315b1758-a08f-40e2-9d48-ada459bbc9c8"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cb3799b8-19e7-4f2d-9783-0f711421d643" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:11:35.000Z" ,
"modified" : "2022-01-28T11:11:35.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.number_of_sections = '7' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '6442460944' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2022-01-18T06:13:32+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'wuaueng.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'wuaueng.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'Windows Update Agent' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '4.0.1.25' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'Microsoft Configuration Application' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '4.0.1.25' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'Microsoft Corp' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright (C) Microsoft Corp.']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-01-28T11:11:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--621546b8-22b4-4034-bddc-90271cc81520" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:11:35.000Z" ,
"modified" : "2022-01-28T11:11:35.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".text" ,
"category" : "Other" ,
"uuid" : "c6dc3359-eae1-4005-a12d-934302be7fee"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "46592" ,
"category" : "Other" ,
"uuid" : "1306c7f5-9ef0-448e-91ab-2a2b03ab4fac"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "6.4148875927601" ,
"category" : "Other" ,
"uuid" : "09ef8f83-b679-4799-ad36-d06782752f91"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "f0aed239794be6230b9ab92f5ab704d5" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "39871a43-e818-4b40-8538-6b876b3e94cf"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "27e39594216d890ab8efd47faf297662ca4c1a2b" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "074a0050-a95d-4a80-bfcb-a24858205899"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "c1c9a7786bbae2cda2fab4c8cae8d52d40b6aedab454dde6d58dd37bf6f134e0" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "979ebe32-0b9d-4edd-900a-eed75ad6c820"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "c1a7afa5cba92b7a6ac1cdd339db46cfaeafa6f678a0ad3b81da0a5f61cdcda042ce2dd2046a5a2aa67fbecc7d06114135e24257f6597969051305085c7b59f5" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "fbee8059-ce26-4b9d-8911-1b40b21ba822"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "768:HBaDwy8w8oX1pBEIHy3nFka0aY62QltTDbZ6L6ySIdJjGj9H3AJf3CQG8fPPdltt:QDwr3w1pyBFfEqbUUj9XAJ/CuFJ92e" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "08059034-1ad6-41a0-9ee7-e9189b5a6881"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b8f14a3e-4a67-4d1a-9d84-c226fb0a1c4f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:11:35.000Z" ,
"modified" : "2022-01-28T11:11:35.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rdata" ,
"category" : "Other" ,
"uuid" : "de49c12b-e34f-480a-acd4-a43b10928060"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "36352" ,
"category" : "Other" ,
"uuid" : "0d0ac01d-8897-4d2b-8cc7-969d20fe8b8c"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "4.8217559509854" ,
"category" : "Other" ,
"uuid" : "c06d0c2a-aeb6-4006-ad35-f956213303d5"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "a32f7745a4f081d4552edf2a136e4c53" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "c6d251d4-adfb-4670-aa37-edeaadaf636a"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "a4234384c78c294f4f9936a5ff1483b0194a9874" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "04b11220-d4fb-479a-b766-8808d80f4567"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "6f8e1efdb5c256a50a99a63e8955c79eddf62d967a5914413cf00f164db21984" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "01052ccc-1428-452b-9617-1aba26e7f263"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "5854dc9e0929eb550f9956e4d04dbaa8bb1288c3203752466441d1a7fd7925fd37426e42fc93490f56defcab1e129dd84b975f4bf9f8093ba9ef12183328f0ee" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "1173a8cf-b63f-47d9-a6c7-ee11c45c0aa7"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "768:gCcoWVQxhgWMEjLs0uR2NBdTmV9dlt7atMYBY65:gCBRgW/sWTdc9dltoYO" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "21710e41-1080-49b3-bba9-f104ea738b0b"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--20622269-6f11-4e6c-952f-ee9c004af16a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:11:35.000Z" ,
"modified" : "2022-01-28T11:11:35.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".data" ,
"category" : "Other" ,
"uuid" : "8709b76c-9a18-48bd-848a-4df22c02ea16"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "131584" ,
"category" : "Other" ,
"uuid" : "1e0f74c9-28f4-475b-af48-1e9c39187dbc"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "6.1326950169619" ,
"category" : "Other" ,
"uuid" : "7c3e1f6e-f216-4151-b79a-330a81f2f97f"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "b09cf30705031f9ada3a712ada5736d5" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "21ee777a-2ca9-4e89-99d4-4853da30fd2b"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "16eec00e49128d6bfd7baafe462c0e5d80d15d94" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "9a670795-1321-4a05-9411-dfded67b4d77"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "50a28d8ef5327f37540d689f4009662ee98d59a18b1b23db1887c1d6f56cef48" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "1735dec5-4992-4ab0-9efd-bb49d5baaf88"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "d57213ab62eb8c6c6a32bafdb7e63cc48abd1ff892b6fae902bf261650482388745f496106559f9e2c12dddecabcdc6593ccf2636a92e49ac9956f22af28117d" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "d3bf5769-c4ff-4096-aefa-a5974bbb5075"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "3072:KDfRKcjX7Fq8RNbujkIb6w/XWlIA9EC8aLuSsqVEGklPbuWHF2Z6bp:KfAcb7PNblIbRGCAOJquFDue2Zm" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "bf2ba318-c805-4e24-8f63-b4f2965044a2"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--23add241-c3b2-45ca-b030-640f6fff6bbd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:11:35.000Z" ,
"modified" : "2022-01-28T11:11:35.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".pdata" ,
"category" : "Other" ,
"uuid" : "f694fd3e-0ff6-44d3-81d2-8dbf970769a8"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "3584" ,
"category" : "Other" ,
"uuid" : "7a9a9831-9c51-4d4e-a59a-381cf8d4b542"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "4.8448250072714" ,
"category" : "Other" ,
"uuid" : "75d54a4b-1b9e-44b5-8206-2ff2a8a5881b"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "5c3f6d30133d10d48d199e3bbff65923" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "9a9dcae3-05db-4678-bb66-caec59f7bb1f"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "c5ae3b1dfa841405ab6c9f7a0ca3b57046af35c4" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "437ed97b-f5c1-419f-b402-96924bb5cc23"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "c7a8677bf7e063ccb4509076f90b5dfd1a6c37d0e527bed5584d06fb1e5baf45" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e590952f-ba00-48d4-8d2a-b6c8c2be2039"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "219eace4c63e99889915bd1168fed4c49930e2a65c9fcab793b60a564c9cda970cd594cf2f0ddf8aa6020faf395d8329398ff2cdeb45fb923d66b47194932302" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "602aa7ff-e407-4c72-8b95-ca39e8d37983"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "96:gCjNiHYZdr3KEUFwqihpB/zvEqu+W2NuTwWiQeyaQ2DamCcUliQ:gGiHYvxUw1hpBrDpWXelBcliQ" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "4324b2ac-74bc-4fb7-b7c5-480fe21e8e9d"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--63f07c3f-03be-4782-a1ea-3ac329dcfe19" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:11:35.000Z" ,
"modified" : "2022-01-28T11:11:35.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".gfids" ,
"category" : "Other" ,
"uuid" : "78fdbd58-fbc3-4978-a48e-67af9807c129"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "512" ,
"category" : "Other" ,
"uuid" : "20640153-696a-4e59-bd2a-bb68e5777bd4"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "3.3224068006213" ,
"category" : "Other" ,
"uuid" : "026f6b1f-4fbe-450d-86d7-366ade7a3c49"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "77e0d0c0a0ec75ee8d0cb7aa217b54bc" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "c3910e98-a61f-408b-a073-60b8963686e5"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "7a6dd6e45e3064a5bf868a3476eb441b26cf9fa9" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "fb847a5e-9aef-44fb-9aa0-661c5b1ef024"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "68c518c2323a239bb752920566802e1933c4fad2b72f026f2418c4f6c4f64603" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "f4186ac7-41ef-49bf-9390-b2f79d718527"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "b8a721040d6ffac3b49a36dc2387583914e07d15f252c368a38fee47e2760d5b90514320aff9817424002fe18c4c807c500b884c48ac2eb923d93df5040934f4" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "493520e9-0a55-44c5-91d6-2edd765b106d"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "3:7nrllrxl1lJr/iAhlt/tJ7/elnlItr/3j8/RlNhfJYiDSBloFelUn:UAgl6tEZoOSTocUn" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e5b3cf0a-69d2-4a51-9c51-db8e17758a35"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6d7032a0-0cdd-4498-8940-93ce1d0cc2b0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:11:35.000Z" ,
"modified" : "2022-01-28T11:11:35.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rsrc" ,
"category" : "Other" ,
"uuid" : "1877862d-85d2-45a7-9fd1-ad0eb3806332"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "1536" ,
"category" : "Other" ,
"uuid" : "2ef6e290-3ce9-421e-9d55-377037f605ae"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "4.1795068332011" ,
"category" : "Other" ,
"uuid" : "b66d4c8b-e8cd-4f89-b2ce-edf447f510d5"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "6ad7e1cd7c023449d64b63c55d9e1f03" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "f3085f5a-f0a6-4448-938a-51d7e822eba5"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "298de049b63f759862b6d7aab081842c95580277" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "4b601d34-7ee8-45aa-a59c-41c10b35ca49"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "cab005c0cc2b47db9876d1241800c4c5ff1eb62b826a544f844ca98b40488259" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "9d5fe819-aa17-4a26-99d5-bfe3b0121d13"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "c65c8418fc1983ae47a849dc1ccc2578d0dba1e63249e8099b5c16206bd64661e7396a6f25306b87936c42fbf5eae15f59f55a53c057b92c9a628738a3cae711" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "131bdeb9-ac53-4e10-bfc5-4a995b44d14d"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "24:yiDxLCLnZW08TgUt2N7feCtg1ez35W0YwPNr1PnRuV4MPgich:yExLqnZWfTToreCe1e75Wc1RuqSS" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "6f9d6125-23c5-4e45-80fb-219811fc082f"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4cdcd402-e02c-45ae-97c4-0c5939ac9d21" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-01-28T11:11:35.000Z" ,
"modified" : "2022-01-28T11:11:35.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".reloc" ,
"category" : "Other" ,
"uuid" : "390ddc2b-5874-4f4c-b9e3-7b46292a6177"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "2048" ,
"category" : "Other" ,
"uuid" : "de73eef4-b811-41da-926a-8cc8b0e21ba5"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "5.4230113038396" ,
"category" : "Other" ,
"uuid" : "6fabb372-0cab-4188-a1ed-099f5bc7ffa7"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "2aa0d7b076707d0010e22ea3700e2908" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "84539c6e-52f5-4800-a417-354a1b37d0d2"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "cb29d6dd2e0436c534cf50b2a3a1cea870178a60" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "65a59f62-ee86-4361-ad4b-6f604f3665d9"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "3a571b93f652c298c7bc1aa946ed3da514ad8340625e98dd6031f16f2398c42f" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "7d411988-1383-4f37-89f2-ef6ff58e2fd0"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "085678dc31d9ba8b3962ba83a18e3f7a60bebd6a4f194dcf8fe4f1e1d2e1bca1d4b75a9b12503e53f6d5615560d7d77a8769fb1548cf931b04185892daeb7c69" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "4af9cf47-7a0c-4bf6-bf17-e0cbc97653f8"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "48:uo3X31nnHnnnruEP8P/vcvvf21PcPEvvXn:uYn1nnCvP8vv1PEvvXn" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "7d751f75-432f-4089-867d-76ff0b016ed7"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
