2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5dee2bc3-47ac-4784-a52a-4da2950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:23.000Z" ,
"modified" : "2019-12-11T12:50:23.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5dee2bc3-47ac-4784-a52a-4da2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:23.000Z" ,
"modified" : "2019-12-11T12:50:23.000Z" ,
"name" : "OSINT - BfV Cyber-Brief Nr. 01/2019 - Hinweis auf aktuelle Angriffskampagne -" ,
"published" : "2019-12-11T12:52:13Z" ,
"object_refs" : [
"observed-data--5dee2bed-38b4-451c-8af4-425b950d210f" ,
"file--5dee2bed-38b4-451c-8af4-425b950d210f" ,
"artifact--5dee2bed-38b4-451c-8af4-425b950d210f" ,
"observed-data--5def5058-16e0-4979-b098-40af950d210f" ,
"file--5def5058-16e0-4979-b098-40af950d210f" ,
"artifact--5def5058-16e0-4979-b098-40af950d210f" ,
"indicator--5def55e8-180c-44e8-b55a-4516950d210f" ,
"indicator--5def55ec-a86c-46aa-be96-44fd950d210f" ,
"x-misp-attribute--5defaf66-c2b0-401b-b786-41b6950d210f" ,
"x-misp-attribute--5defafa7-c2d8-4682-9307-4b4b950d210f" ,
"indicator--5dee3f11-02e4-406f-ab0b-ba86950d210f" ,
"indicator--5dee3fda-b550-4d4b-9edb-a11c950d210f" ,
"indicator--5dee4b73-07c0-4f1b-b723-b9de950d210f" ,
"indicator--5dee4b9a-8b60-4fef-b39c-ba61950d210f" ,
"indicator--5dee4e51-f448-4a0a-815c-b79e950d210f" ,
"observed-data--5dee5202-0d70-4bd5-801e-4504950d210f" ,
"windows-registry-key--5dee5202-0d70-4bd5-801e-4504950d210f" ,
"observed-data--5dee5561-9df0-484c-bbb3-47ba950d210f" ,
"windows-registry-key--5dee5561-9df0-484c-bbb3-47ba950d210f" ,
"indicator--5def9c6b-dcd8-4fb6-95da-476d950d210f" ,
"indicator--5def9ed5-d278-4e6d-996d-4cc2950d210f" ,
"indicator--e53b7231-54cc-40b6-aced-498328713c3d" ,
"indicator--3c622f17-8eec-4e87-bd09-be3a072530b6" ,
"indicator--1a9c8641-e1f9-4716-9fbd-212be3259b9e" ,
"indicator--3b726112-4fbb-4986-8753-bb42dfb25f3a" ,
"indicator--9e7700e2-a2d3-4fc8-91e3-bdae4dad5240" ,
"indicator--52cf0eab-5342-49e6-80df-6d2a3e6d00dc" ,
"indicator--43c6c9cb-dbcc-498a-9346-3799c8ad30e1" ,
"indicator--da3cb9c5-efb4-4445-8c88-6d779bba3c3c" ,
"indicator--feb320b1-5ae5-4e21-a031-19746f89f645" ,
"indicator--b9d511cf-df43-4672-b8f9-d7537ac9d1ae" ,
"indicator--24f69e0a-39f7-4a2d-b91e-6c8a2f66d762" ,
"indicator--b33abe59-884c-4a46-acd4-5edbd734a6ae" ,
"indicator--e1ded9f0-7ece-454e-9cdb-cd7da4d80057" ,
"indicator--0840514f-9f4b-437d-93bf-ecb8dd861021" ,
"indicator--e37faa3a-3ad6-467b-a031-9be5cd3c86c4" ,
"indicator--cd6c577a-b5fe-472a-bd47-595bffa6660d" ,
"indicator--45ee5414-ac33-49c7-bf60-f92b0e2b4f98" ,
"indicator--598a154c-dcd5-43d5-b2c3-1f5cbf1c4c1d" ,
"indicator--a1bda197-5c10-413b-ab26-edeee972ded8" ,
"indicator--775b5784-ad3b-424e-b2af-7d89a1f81050" ,
"indicator--9db8e7fb-7fb4-45c8-89e4-a3a0c6abd021" ,
"indicator--b4db253c-2bcf-451c-ba44-15a673a3a3c4" ,
"indicator--cde94a42-8107-4e34-af08-ec8294eceea5" ,
"indicator--7f91bef0-d377-48e7-b126-6e7a5d3720ea" ,
"indicator--991c177a-7a0f-4926-95f6-4ac179a5a295" ,
"indicator--7b7ecfce-2bd5-46ae-b601-3e9eebc90db3" ,
"indicator--25f6a294-0dd2-4b0b-a3af-416e51364afd" ,
"indicator--3f909ac6-2c3b-46a9-be2c-94af99524de4" ,
"indicator--d470790a-b3bf-4ced-94f7-ca7401ddc629" ,
"indicator--fcda7810-080c-47f0-9216-a7cf669e4396" ,
"indicator--06d8a210-3a92-47eb-8fd2-0147b7281d7f" ,
"indicator--9a724f07-1f2b-48bb-bb25-32dfe637569b" ,
"indicator--dbd342d8-a43b-4f22-8be9-921186cdbf83" ,
"indicator--67abe83f-ef66-40d7-90e7-90ffe1513e52" ,
"indicator--97a2f864-44e3-4ab4-ab05-2053d5e1ccf4" ,
"indicator--3b43ab98-c605-43ec-8951-c456fa02c3bf" ,
"indicator--0db0c06d-d056-44c1-84e0-e3e6e13ce850" ,
"indicator--ba639956-fe15-45ce-a72c-666cb163e56e" ,
"indicator--7df5bc4b-4499-492b-9962-61ed0d12c542" ,
"indicator--08a0fa08-4b39-4c16-8574-bdb7d3e91283" ,
"indicator--48852a64-fa9d-4d5c-a7f1-45699a8882a2" ,
"indicator--fdca2f4c-bd45-4336-9e95-794b4a0526a8" ,
"indicator--997205fd-5ead-4a86-aba6-f2e99ddfce0b" ,
"indicator--1919f62b-5793-4c0f-ae20-518c4011c9cd" ,
"indicator--44190615-3989-4246-962b-0dcc4e5cd3c2" ,
"indicator--32ce7962-26dc-4ae7-9159-c0e362795392" ,
"indicator--c14890d7-e0e9-438c-a359-40718f2426a5" ,
"indicator--64707a06-5849-4739-ae9b-592b2c5d40c0" ,
"indicator--e0551fbd-a6c4-45e4-b42c-21576008ca5b" ,
"indicator--321b5b53-85a3-40e8-8840-8521b66fb118" ,
"indicator--681bdb7d-a852-4a13-9c90-55774971b482" ,
"indicator--5ec73a7f-829e-472a-9666-05b92c769b14" ,
"indicator--0032d7b5-43be-4a6c-bc62-56a5298cbaa7" ,
"indicator--5defae0e-25f0-4dd9-94b4-451e950d210f" ,
"indicator--5defaed6-e44c-4af8-8d06-4993950d210f" ,
"indicator--5defaf3c-d7e4-423c-82ad-4838950d210f" ,
"indicator--5defb18f-9100-4e25-ae16-4f69950d210f" ,
"indicator--5defb1ce-bf24-489f-9676-47fc950d210f" ,
"indicator--5df0a4ec-ea3c-43b7-a298-42f5950d210f" ,
"indicator--5df0a8fd-0cec-45d5-8023-1706950d210f" ,
"indicator--5df0ac98-e890-4c6a-b708-30d9950d210f" ,
"indicator--fbb2308c-ed30-4bdc-97ff-53b4136cf37f" ,
"x-misp-object--7286a3d2-41c0-4688-9e21-85ec78ff23e0" ,
"indicator--b9b6c463-ab69-4bc2-a053-248497aa95d5" ,
"x-misp-object--42bd75dc-5e99-4c09-bfca-66b22cb28fa1" ,
"indicator--00c6f164-f4b4-4e2c-a3ef-63c88e36f381" ,
"x-misp-object--9fe4012e-2085-4dcf-9f99-f73e92b3c7b0" ,
"indicator--f005a213-c2ee-448d-80f3-a58ff20fdb4c" ,
"x-misp-object--8d2143a2-20d9-4de0-a833-5b13445c2fac" ,
"indicator--25b3b742-2893-462b-a181-8a9c046f7995" ,
"x-misp-object--ee0c2e26-c418-4f6f-9e6d-86952c212952" ,
"indicator--26bfe728-c018-44e4-b6d6-c54af3d2b14a" ,
"x-misp-object--77072cd3-da5c-4204-b37d-72fc44ed0384" ,
"indicator--dab61fb6-c519-46a1-b060-fa178764d6da" ,
"x-misp-object--2254d0a1-5768-49d1-8f6f-55ef72367d31" ,
"indicator--53d444c2-5449-4082-b85a-e61c3760d6c4" ,
"x-misp-object--f3154e62-2ff1-4769-af0a-6115e01096bc" ,
"indicator--93f8b76b-2456-44b4-9a7c-cdb0166ccacc" ,
"x-misp-object--017ca493-a3dc-4bc8-a384-6efaf630477a" ,
"x-misp-object--5def9ca7-d33c-4f2e-83bc-45d0950d210f" ,
"x-misp-object--5def9ce1-f250-4d35-a51f-4b21950d210f" ,
"x-misp-object--5defae31-f31c-427b-ad96-48d4950d210f" ,
"x-misp-object--5defb221-e110-4c86-99bd-409e950d210f" ,
"x-misp-object--5df0ab37-3e44-44c5-85cf-4021950d210f" ,
"x-misp-object--5df0acec-e3d4-4767-abe7-4bf6950d210f" ,
2023-12-14 13:47:04 +00:00
"relationship--bf54bfb6-0c56-44b9-af58-9fe5970504ad" ,
"relationship--2cf6e64b-0411-4d7e-8ba2-9a091dfa9b68" ,
"relationship--cb3fd957-6550-4a02-b9ba-96a3d3c29f61" ,
"relationship--846cc7d8-b710-45d8-96a2-26f57db23624" ,
"relationship--63743d72-0d89-4b32-91f5-9d4b51e00fdf" ,
"relationship--bdacd5de-21f5-4bdd-89b7-7710fb35e3de" ,
"relationship--fcee888a-bf59-4074-a514-1dbd016d0c2a" ,
"relationship--5200a220-3f79-45dc-85de-91fb96149a5b" ,
"relationship--1f00ea60-f23a-4127-9755-57046f7badfc" ,
"relationship--06e2c19f-aec7-4b07-a32b-72d47f272a72" ,
"relationship--4689400c-52c6-4b68-892d-94f7bc4ded95" ,
"relationship--2e719fa9-0bf5-4be7-b2ea-35b57a224087" ,
"relationship--56e30fee-111e-4256-ba1a-db9d91562fd3" ,
"relationship--e9801d3c-3206-46cc-8dd3-4f2f3ebcfd04" ,
"relationship--b2c27023-910b-458f-af14-94763083e73d" ,
"relationship--ba2a0630-4e35-4146-8dd0-139d7055996f" ,
"relationship--cd3cf1ff-4f11-40ca-9b75-3708591bf6ea" ,
"relationship--e09b99c7-aafd-44a8-977d-32d4243a8510" ,
"relationship--a1725df5-0cd3-416f-ad5f-6f504da2e2d9" ,
"relationship--579585cd-d965-4c7d-86dc-304d375b1cb1" ,
"relationship--0fe587c2-71b2-4fef-b93a-c3141f3edc47" ,
"relationship--ef689f7d-cab0-4e70-871c-92fcde9a11a2"
2023-06-14 17:31:25 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"" ,
"misp-galaxy:mitre-attack-pattern=\"Command-Line Interface - T1059\"" ,
"misp-galaxy:mitre-attack-pattern=\"Execution through API - T1106\"" ,
"misp-galaxy:mitre-attack-pattern=\"Rundll32 - T1085\"" ,
"misp-galaxy:mitre-attack-pattern=\"Service Execution - T1035\"" ,
"misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"" ,
"misp-galaxy:mitre-attack-pattern=\"DLL Search Order Hijacking - T1038\"" ,
"misp-galaxy:mitre-attack-pattern=\"Kernel Modules and Extensions - T1215\"" ,
"misp-galaxy:mitre-attack-pattern=\"Port Knocking - T1205\"" ,
"misp-galaxy:mitre-attack-pattern=\"Redundant Access - T1108\"" ,
"misp-galaxy:mitre-attack-pattern=\"Binary Padding - T1009\"" ,
"misp-galaxy:mitre-attack-pattern=\"Code Signing - T1116\"" ,
"misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"" ,
"misp-galaxy:mitre-attack-pattern=\"Disabling Security Tools - T1089\"" ,
"misp-galaxy:mitre-attack-pattern=\"Execution Guardrails - T1480\"" ,
"misp-galaxy:mitre-attack-pattern=\"File Deletion - T1107\"" ,
"misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"" ,
"misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"" ,
"misp-galaxy:mitre-attack-pattern=\"Rootkit - T1014\"" ,
"misp-galaxy:mitre-attack-pattern=\"Software Packing - T1045\"" ,
"misp-galaxy:mitre-attack-pattern=\"Timestomp - T1099\"" ,
"misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\"" ,
"misp-galaxy:mitre-attack-pattern=\"Connection Proxy - T1090\"" ,
"misp-galaxy:mitre-attack-pattern=\"Custom Command and Control Protocol - T1094\"" ,
"misp-galaxy:mitre-attack-pattern=\"Custom Cryptographic Protocol - T1024\"" ,
"misp-galaxy:mitre-attack-pattern=\"Fallback Channels - T1008\"" ,
"misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\"" ,
"misp-galaxy:threat-actor=\"Axiom\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5dee2bed-38b4-451c-8af4-425b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-09T11:11:41.000Z" ,
"modified" : "2019-12-09T11:11:41.000Z" ,
"first_observed" : "2019-12-09T11:11:41Z" ,
"last_observed" : "2019-12-09T11:11:41Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5dee2bed-38b4-451c-8af4-425b950d210f" ,
"artifact--5dee2bed-38b4-451c-8af4-425b950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5dee2bed-38b4-451c-8af4-425b950d210f" ,
"name" : "broschuere-2019-12-bfv-cyber-brief-2019-01.pdf" ,
"content_ref" : "artifact--5dee2bed-38b4-451c-8af4-425b950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5dee2bed-38b4-451c-8af4-425b950d210f" ,
"payload_bin" : " J V B E R i 0 x L j M N J e L j z 9 M N C j c z I D A g b 2 J q D T w 8 L 0 x p b m V h c m l 6 Z W Q g M S 9 M I D E y M T k 4 N z A v T y A 3 N i 9 F I D U 4 M T Q 2 N i 9 O I D E 5 L 1 Q g M T I x O D I 5 M C 9 I I F s g M T Y x N i A 1 N j l d P j 4 N Z W 5 k b 2 J q D S A g I C A g I C A g I C A g D Q p 4 c m V m D Q o 3 M y A 2 N g 0 K M D A w M D A w M D A x N i A w M D A w M C B u D Q o w M D A w M D A y M T g 1 I D A w M D A w I G 4 N C j A w M D A w M D I z O T g g M D A w M D A g b g 0 K M D A w M D A w M j Q 0 M C A w M D A w M C B u D Q o w M D A w M D A z M D Y x I D A w M D A w I G 4 N C j A w M D A w M D U 3 N z A g M D A w M D A g b g 0 K M D A w M D A w O D Q 5 M S A w M D A w M C B u D Q o w M D A w M D E x M j g y I D A w M D A w I G 4 N C j A w M D A w M T M 5 M T k g M D A w M D A g b g 0 K M D A w M D A x N j c y O S A w M D A w M C B u D Q o w M D A w M D E 5 N T E y I D A w M D A w I G 4 N C j A w M D A w M T k 5 N T E g M D A w M D A g b g 0 K M D A w M D A y M D Q x N y A w M D A w M C B u D Q o w M D A w M D I w N T k 3 I D A w M D A w I G 4 N C j A w M D A w M j A 2 N T E g M D A w M D A g b g 0 K M D A w M D A y M T A x N C A w M D A w M C B u D Q o w M D A w M D I x M j I 5 I D A w M D A w I G 4 N C j A w M D A w M j E 2 M T I g M D A w M D A g b g 0 K M D A w M D A y M T g y M y A w M D A w M C B u D Q o w M D A w M D I 0 N j I 2 I D A w M D A w I G 4 N C j A w M D A w M j Y z M T U g M D A w M D A g b g 0 K M D A w M D A z M T I 4 M C A w M D A w M C B u D Q o w M D A w M D M 2 M T A 1 I D A w M D A w I G 4 N C j A w M D A w M z Y y N T k g M D A w M D A g b g 0 K M D A w M D A z N j M x N y A w M D A w M C B u D Q o w M D A w M D M 2 M z c x I D A w M D A w I G 4 N C j A w M D A w M z Y 0 N j Y g M D A w M D A g b g 0 K M D A w M D A z N z A 1 N C A w M D A w M C B u D Q o w M D A w M D M 3 M j Y x I D A w M D A w I G 4 N C j A w M D A w M z c 1 N D U g M D A w M D A g b g 0 K M D A w M D A 0 N T k w N y A w M D A w M C B u D Q o w M D A w M D Q 1 O T Q 2 I D A w M D A w I G 4 N C j A w M D A 0 O T k z M z Q g M D A w M D A g b g 0 K M D A w M D U 2 O T g 3 M y A w M D A w M C B u D Q o w M D A w N T c 5 M D M 3 I D A w M D A w I G 4 N C j A w M D A 1 N z k x M D k g M D A w M D A g b g 0 K M D A w M D U 3 O T I y M y A w M D A w M C B u D Q o w M D A w N T c 5 M z Q 2 I D A w M D A w I G 4 N C j A w M D A 1 N z k z O D k g M D A w M D A g b g 0 K M D A w M D U 3 O T U w M i A w M D A w M C B u D Q o w M D A w N T c 5 N j E 2 I D A w M D A w I G 4 N C j A w M D A 1 N z k 3 N T U g M D A w M D A g b g 0 K M D A w M D U 3 O T c 5 O C A w M D A w M C B u D Q o w M D A w N T c 5 O D g 3 I D A w M D A w I G 4 N C j A w M D A 1 O D A w M j I g M D A w M D A g b g 0 K M D A w M D U 4 M D A 2 N S A w M D A w M C B u D Q o w M D A w N T g w M j U 3 I D A w M D A w I G 4 N C j A w M D A 1 O D A y O T k g M D A w M D A g b g 0 K M D A w M D U 4 M D M 3 O C A w M D A w M C B u D Q o w M D A w N T g w N D Y 0 I D A w M D A w I G 4 N C j A w M D A 1 O D A 1 M D Y g M D A w M D A g b g 0 K M D A w M D U 4 M D U 0 O C A w M D A w M C B u D Q o w M D A w N T g w N T k x I D A w M D A w I G 4 N C j A w M D A 1 O D A 2 M z Q g M D A w M D A g b g 0 K M D A w M D U 4 M D c y M i A w M D A w M C B u D Q o w M D A w N T g w N z Y 1 I D A w M D A w I G 4 N C j A w M D A 1 O D A 4 O D M g M D A w M D A g b g 0 K M D A w M D U 4 M D k y N i A w M D A w M C B u D Q o w M D A w N T g x M D U x I D A w M D A w I G 4 N C j A w M D A 1 O D E w O T Q g M D A w M D A g b g 0 K M D A w M D U 4 M T I w M C A w M D A w M C B u D Q o w M D A w N T g x M j Q z I D A w M D A w I G 4 N C j A w M D A 1 O D E z M z c g M D A w M D A g b g 0 K M D A w M D U 4 M T M 4 M C A w M D A w M C B u D Q o w M D A w N T g x N D I z I D A w M D A w I G 4 N C j A w M D A w M D E 2 M T Y g M D A w M D A g b g 0 K d H J h a W x l c g 0 K P D w v U 2 l 6 Z S A x M z k v U m 9 v d C A 3 N C A w I F I v S W 5 m b y A 3 M i A w I F I v S U R b P D k z N E Z F R D A z Q z k 0 O U E 3 Q j Z C N z g 3 N z R F M U Y 4 N 0 E y N D U 0 P j w w N j k y M U M x M k M 1 Q U Q 0 N z Q z Q j F B R j l D M 0 F D R T A 5 N k U 0 Q z 5 d L 1 B y Z X Y g M T I x O D I 3 O T 4 + D Q p z d G F y d H h y Z W Y N C j A N C i U l R U 9 G D Q o g I C A g I C A g I C A g D Q o x M z g g M C B v Y m o N P D w v R m l s d G V y L 0 Z s Y X R l R G V j b 2 R l L 0 k g N j U w L 0 w g N j M 0 L 0 x l b m d 0 a C A 0 N z Q v T y A 2 M T g v U y A 0 N z Y + P n N 0 c m V h b Q 0 K a N 5 i Y G B g Y m B g 92 d g Z W D g n 8 M g w o A A I k A x N g Y W B o 4 X L I I s C h o Q w Z 7 k B D 4 J A 8 V A + W T Z x g + O O s I G D D y e b H s F W N Y x e A V w i j F 0 G 3 A c Y 5 j 7 g O s L A 5 M D A w O j + I O g O c 8 t v Z L n a n q e C 54 D N Z f p j M z l j j q W o J r L H W 0 W C 3 Q O X v R y f 9 w l 7 K f E d E Z W U g g o 2 K e R A B S c q A 4 S V N j M 3 g g U 3 M x u 8 k j B V f 20 Q b G f E k t Q H d M Z u c h e i 5 Y g o P i 8 X R m b b g i u e v 5 y U Q W 3 Q b X u W q l 1 d b P U N 916 o H P w L F A B S L x a d x 3 Y R l c t 7 F K y C C 0 X o e a U Z K G I w J S l A U E H y A c g g s X F A 0 S x h k Y A K S V l Y w s Q j 9 k 4 A i w I Z o M I M Y g G B p B w a C h Y L V C n a 2 g H k C E o G h q W 1 g E x B M 6 I Q F A u L h A j w S a z p W V 0 k B r 2 Q G 2 G D E I m K U B a H o j 1 w S 5 R Z x B m 8 D i g u Y P V l m E N g 4 g P 0 5 Y D o Q c Y J z C Y J j C Z M L A 3 i D g w J j C E M b A m c J 1 h O O f g 84 M z k o H d g E G N g f k A 4 w E m V Q Z R B u Y r A o 4 N D L x X T 7 n c Z J T V Y O B m Y D j A f I I h h o E j Q T C O I a S B V 4 P x I Y O o A r s M f y e D 2 A L G c w w 6 D W s N 4 C k q m 4 H j 8 h K I a z h r g b Q j g 1 D D c S D N C M S q Q O z B I D R Z E s J n n A o Q Y A B X y b T 4 D Q p l b m R z d H J l Y W 0 N Z W 5 k b 2 J q D T c 0 I D A g b 2 J q D T w 8 L 0 1 l d G F k Y X R h I D c x I D A g U i 9 P c G V u Q W N 0 a W 9 u I D c 1 I D A g U i 9 P d X R s a W 5 l c y A x M D c g M C B S L 1 B h Z 2 V M Y W J l b H M g N j U g M C B S L 1 B h Z 2 V M Y X l v d X Q v T 25 l Q 29 s d W 1 u L 1 B h Z 2 V N b 2 R l L 1 V z Z U 91 d G x p b m V z L 1 B h Z 2 V z I D Y 2 I D A g U i 9 U e X B l L 0 N h d G F s b 2 c v V m l l d 2 V y U H J l Z m V y Z W 5 j Z X M 8 P C 9 D Z W 50 Z X J X a W 5 k b 3 c g d H J 1 Z S 9 G a X R X a W 5 k b 3 c g d H J 1 Z T 4 + P j 4 N Z W 5 k b 2 J q D T c 1 I D A g b 2 J q D T w 8 L 0 R b N z Y g M C B S L 0 Z p d F 0 v U y 9 H b 1 R v P j 4 N Z W 5 k b 2 J q D T c 2 I D A g b 2 J q D T w 8 L 0 J s Z W V k Q m 94 W z A g M C 4 w M D A y N D Q x I D U 5 N S 4 y N z U 1 N y A 4 N D E u O D k w M D F d L 0 N v b n R l b n R z W z c 3 I D A g U i A 3 O C A w I F I g N z k g M C B S I D g w I D A g U i A 4 M S A w I F I g O D I g M C B S I D k x I D A g U i A 5 M i A w I F J d L 0 N y b 3 B C b 3 h b M C A w I D U 5 N S 4 y N z Y g O D Q x L j g 5 M D A x X S 9 N Z W R p Y U J v e F s w I D A g N T k 1 L j I 3 N i A 4 N D E u O D k w M D F d L 1 B h c m V u d C A 2 N y A w I F I v U m V z b 3 V y Y 2 V z P D w v Q 29 s b 3 J T c G F j Z T w 8 L 0 N T M C A 4 N i A w I F I + P i 9 F e H R H U 3 R h d G U 8 P C 9 H U z E g O T Y g M C B S L 0 d T N S A 5 N y A w I F I + P i 9 G b 250 P D w v R j A g O D M g M C B S L 0 Y y I D g 0 I D A g U i 9 G N C A 4 N S A w I F I + P i 9 Q c m 9 j U 2 V 0 W y 9 Q R E Y v V G V 4 d C 9 J b W F n Z U M v S W 1 h Z 2 V C L 0 l t Y W d l S V 0 v U H J v c G V y d G l l c z w 8 L 0 1 D M C A x M D M g M C B S P j 4 v W E 9 i a m V j d D w 8 L 0 l t M S A x M D Q g M C B S L 0 l t M i A x M D U g M C B S L 0 l t M y A x M D Y g M C B S P j 4 + P i 9 S b 3 R h d G U g M C 9 U c m l t Q m 94 W z A g M C 4 w M D A y N D Q x I D U 5 N S 4 y N z U 1 N y A 4 N D E u O D k w M D F d L 1 R 5 c G U v U G F n Z S 91 M n B N Y X R b M S A w I D A g L T E g M C A 4 N D E u O D k w M D F d L 3 h i M S A w L 3 h i M i A 1 O T U u M j c 1 N T c v e H Q x I D A v e H Q y I D U 5 N S 4 y N z U 1 N y 95 Y j E g M C 4 w M D A y N D Q x L 3 l i M i A 4 N D E u O D k w M D E v e X Q x I D A u M D A w M j Q 0 M S 95 d D I g O D Q x L j g 5 M D A
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5def5058-16e0-4979-b098-40af950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T07:59:20.000Z" ,
"modified" : "2019-12-10T07:59:20.000Z" ,
"first_observed" : "2019-12-10T07:59:20Z" ,
"last_observed" : "2019-12-10T07:59:20Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5def5058-16e0-4979-b098-40af950d210f" ,
"artifact--5def5058-16e0-4979-b098-40af950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5def5058-16e0-4979-b098-40af950d210f" ,
"name" : "anlage-2019-12-bfv-cyber-brief-2019-01.txt" ,
"content_ref" : "artifact--5def5058-16e0-4979-b098-40af950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5def5058-16e0-4979-b098-40af950d210f" ,
"payload_bin" : " R G V 0 Z W t 0 a W 9 u c 3 J l Z 2 V s b g 0 K W W F y Y S B S d W x l c y A o Z X N w Z W N p Y W x s e S B m b 3 I g b W V t b 3 J 5 I H N j Y W 5 u a W 5 n K Q 0 K c n V s Z S B j Y j J f M D E N C n s N C i A g c 3 R y a W 5 n c z o N C i A g I C A k Z T E g P S A i R 2 x v Y m F s X F x C R k V f T m 90 a W Z 5 X 0 V 2 Z W 50 X 3 s 2 N W E w O T d m Z S 0 2 M T A y L T Q 0 N m E t O W Y 5 Y y 0 1 N W R m Y z N m N D E x M D E 1 f S I g Y X N j a W k g b m 9 j Y X N l D Q o g I C A g J G U y I D 0 g I k d s b 2 J h b F x c Q k Z F X 0 5 v d G l m e V 9 F d m V u d F 97 N j V h M D k 3 Z m U t N j E w M i 0 0 N D Z h L T l m O W M t N T V k Z m M z Z j Q x M T A x N H 0 i I G F z Y 2 l p I G 5 v Y 2 F z Z Q 0 K I C A g I C R l M y A 9 I C J H b G 9 i Y W x c X E J G R V 9 O b 3 R p Z n l f R X Z l b n R f e z Y 1 Y T A 5 N 2 Z l L T Y x M D I t N D Q 2 Y S 0 5 Z j l j L T U 1 Z G Z j M 2 Y 0 M T E w M T Z 9 I i B h c 2 N p a S B u b 2 N h c 2 U N C i A g I C A k Z T Q g P S A i X F x C Y X N l T m F t Z W R P Y m p l Y 3 R z X F x 7 Q j J C O D d D Q 0 E t N j Z C Q y 0 0 Q z I 0 L T g 5 Q j I t Q z I z Q z l F Q U M y Q T Y 2 f S I g d 2 l k Z Q 0 K I C A g I C R l N S A 9 I C J C R k V f T m 90 a W Z 5 X 0 V 2 Z W 50 X 3 s 3 R D A w R k E z Q y 1 G Q k R D L T R B O E Q t Q U V F Q i 0 z R j U 1 Q T Q 4 O T B E M k F 9 I i B u b 2 N h c 2 U N C i A g Y 29 u Z G l 0 a W 9 u O g 0 K I C A g I C h h b n k g b 2 Y g K C R l K i k p D Q p 9 D Q p y d W x l I G N i M l 8 w M g 0 K e w 0 K I C B z d H J p b m d z O g 0 K I C A g I C R h M S A 9 I C J J U F N l Y 0 1 p b m l Q b 3 J 0 I i B 3 a W R l I G Z 1 b G x 3 b 3 J k D Q o g I C A g J G E y I D 0 g I m 5 k a X M 2 Z n c i I H d p Z G U g Z n V s b H d v c m Q N C i A g I C A k Y T M g P S A i V E N Q S V A i I H d p Z G U g Z n V s b H d v c m Q N C i A g I C A k Y T Q g P S A i T k R J U y 5 T W V M i I G F z Y 2 l p I G Z 1 b G x 3 b 3 J k D Q o g I C A g J G E 1 I D 0 g I m 50 b 3 N r c m 5 s L m V 4 Z S I g Y X N j a W k g Z n V s b H d v c m Q N C i A g I C A k Y T Y g P S A i X F x C Y X N l T m F t Z W R P Y m p l Y 3 R z X F x 7 Q j J C O D d D Q 0 E t N j Z C Q y 0 0 Q z I 0 L T g 5 Q j I t Q z I z Q z l F Q U M y Q T Y 2 f S I g d 2 l k Z Q 0 K I C A g I C R h N y A 9 I C J c X E R l d m l j Z V x c T n V s b C I g d 2 l k Z Q 0 K I C A g I C R h O C A 9 I C J c X E R l d m l j Z S I g d 2 l k Z Q 0 K I C A g I C R h O S A 9 I C J c X E R y a X Z l c i I g d 2 l k Z Q 0 K I C A g I C R i M S A 9 I H s g N j Y g O D E g N z 8 g P z 8 g N z A g M T c g f Q 0 K I C A g I C R i M i A 9 I H s g O D E g N z 8 g P z 8 g M D c g R T A g M T U g M D A g f Q 0 K I C A g I C R i M y A 9 I H s g O E I g N D Y g M T g g M 0 Q g M D M g N j A g M T U g M D A g f Q 0 K I C B j b 25 k a X R p b 246 D Q o g I C A g K D Y g b 2 Y g K C R h K i k p I G F u Z C A o M i B v Z i A o J G I q K S k N C n 0 N C n J 1 b G U g Y 2 I y X z A z D Q p 7 D Q o g I H N 0 c m l u Z 3 M 6 D Q o g I C A g J G I x I D 0 g e y A w R i B C N y A / P y A x N i B b M C 0 x X S A o O D E g R T 8 g f C A y N S k g M D A g M j A g W z A t M l 0 g W z h d I D h C I D 8 / I D U w I D Q x I E I 5 I D Q w I D A w I D A w I D A w I D Q x I E I 4 I D A w I D E w I D A w I D A w I H 0 N C i A g I C A k Y j I g P S B 7 I D h C I D Q w I D I 4 I F s 1 L T h d I D Q 4 I D A z I E M 4 I D Q 4 I D h C I E M x I F s 1 L T h d I D Q 4 I D g 5 I D Q x I D I 4 I H 0 N C i A g I C A k Y j M g P S B 7 I D Q 4 I D Z C I D 8 / I D I 4 I F s 1 L T h d I D h C I D 8 / I D 8 / I D E w I F s 1 L T h d I D Q 4 I D Z C I D 8 / I D I 4 I F s 1 L T h d I D h C I D 8 / I D 8 / I D E 0 I H 0 N C i A g I C A k Y j Q g P S B 7 I D g z I E I / I D k w I D A w I D A w I D A w I D A w I D B G I D g 0 I F s 5 L T E y X S A 4 M y B C P y A 5 N C A w M C A w M C A w M C A w M C A w R i A 4 N C B 9 D Q o g I C A g J G I 1 I D 0 g e y A o N D U g f C A 0 R C k g K D M x I H w g M z M p I E M w I E J B I D A x I D A w I D A w I D A w I F s x M C 0 x N l 0 g R k Y g N T 8 g M j g g W z A t M V 0 g K D g 0 I H w g O D U p I E M w I H 0 N C i A g Y 29 u Z G l 0 a W 9 u O g 0 K I C A g I C g 0 I G 9 m I C g k Y i o p K Q 0 K f Q 0 K c n V s Z S B j Y j J f M D Q N C n s N C i A g c 3 R y a W 5 n c z o N C i A g I C A k Y j E g P S B 7 I D R D I D h E I D Q x I D I 0 I D M z I E Q y I E I 5 I D A z I D A w I D F G I D A w I E Z G I D k / I E Y 4 I D A w I D A w I D A w I D Q 4 I D g 1 I E M w I D c 0 I H 0 N C i A g I C A k Y j I g P S B 7 I D R D I D h C I D Q / I D A 4 I E J B I D A x I D A w I D A w I D A w I D Q 5 I D h C I E M / I E Z G I E Q w I D g 1 I E M w I F s y L T Z d I E M 3 I D Q / I D F D I D A x I D A w I D A w I D A w I E I 4 I D A x I D A w I D A w I D A w I H 0 N C i A g I C A k Y j M g P S B 7 I D h C I D R C I E U 0 I D h C I D U z I E V D I D Q x I E I 4 I D A w I D Q w I D A w I D A w I D Q / I D B C I E M / I E Z G I D k / I E I 4 I D A w I D A w I D A w I E V C I H 0 N C i A g Y 29 u Z G l 0 a W 9 u O g 0 K I C A g I C g y I G 9 m I C g k Y i o p K Q 0 K f Q 0 K c n V s Z S B j Y j J f M D U N C n s N C i A g c 3 R y a W 5 n c z o N C i A g I C A k Y T E g P S A i L W s g b m V 0 c 3 Z j c y I g Y X N j a W k N C i A g I C A k Y T I g P S A i c 3 Z j a G 9 z d C 5 l e G U i I G F z Y 2 l p I G Z 1 b G x 3 b 3 J k D Q o g I C A g J G E z I D 0 g I i V T e X N 0 Z W 1 S b 290 J V x c U 3 l z d G V t M z J c X G 50 b 3 N r c m 5 s L m V 4 Z S I g Y X N j a W k N C i A g I C A k Y T Q g P S A i R 2 x v Y m F s X F x C R k V f T m 90 a W Z 5 X 0 V 2 Z W 50 X 3 s 2 N W E w O T d m Z S 0 2 M T A y L T Q 0 N m E t O W Y 5 Y y 0 1 N W R m Y z N m N D E x M D E 1 f S I g Y X N j a W k N C i A g I C A k Y T U g P S A i R 2 x v Y m F s X F x C R k V f T m 90 a W Z 5 X 0 V 2 Z W 50 X 3 s 2 N W E w O T d m Z S 0 2 M T A y L T Q 0 N m E t O W Y 5 Y y 0 1 N W R m Y z N m N D E x M D E 0 f S I g Y X N j a W k N C i A g I C A k Y T Y g P S A i R 2 x v Y m F s X F x C R k V f T m 90 a W Z 5 X 0 V 2 Z W 50 X 3 s 2 N W E w O T d m Z S 0 2 M T A y L T Q 0 N m E t O W Y 5 Y y 0 1 N W R m Y z N m N D E x M D E 2 f S I g Y X N j a W k N C i A g I C A k Y T c g P S A i Y 21 k L m V 4 Z S I g d 2 l k Z Q 0 K I C A g I C R h O C A 9 I C I s W E 1 M I i B 3 a W R l D Q o g I C A g J G E 5 I D 0 g I l x c c n V u Z G x s M z I u Z X h l I i B 3 a W R l D Q o g I C A g J G E x M C A 9 I C J c X G N v b m h v c 3 Q u Z X h l I i B 3 a W R l D Q o g I C A g J G E x M S A 9 I C J c X G N t Z C 5 l e G U i I H d p Z G U N C i A g I C A k Y T E y I D 0 g I k 50 U X V l c n l J b m Z v c m 1 h d G l v b l B y b 2 N l c 3 M i I G F z Y 2 l p D Q o g I C A g J G E x M y A 9 I C J E Z X R v d X J z I S I g Y X N j a W k g Z n V s b H d v c m Q N C i A g I C A k Y T E 0 I D 0 g I k x v Y W R p b m c g b W 9 k a W Z p Z W Q g Y n V p b G Q g b 2 Y g Z G V 0 b 3 V y c y B s a W J y Y X J 5 I G R l c 2 l n b m V k I G Z v c i B N U E M t S E M g c G x h e W V y I C h o d H R w O i 8 v c 291 c m N l Z m 9 y Z 2 U u b m V 0 L 3 B y b 2 p l Y 3 R z L 21 w Y y 1 o Y y 8 p I i B h c 2 N p a Q 0 K I C A g I C R h M T U g P S A i Q 0 9 O T 1 V U J C I g d 2 l k Z S B m d W x s d 29 y Z A 0 K I C A g I C R h M T Y g P S B 7 I E M 2 I D A / I E U 5 I D Q / I D g / I D Q / I D A 1 I F s y X S A 4 O S A 0 P y A w M S B 9 D Q o g I G N v b m R p d G l v b j o N C i A g I C A o M T I g b 2 Y g K C R h K i k p D Q p 9 D Q o N C l J l Z 2 l z d H J 5 I E t l e X M N C k h L T E 1 c U 0 9 G V F d S R V x N a W N y b 3 N v Z n R c T 2 x l X A 0 K C W x w V m F s d W V O Y W 1 l O i B H V U l E I C h j c m V h d G U p D Q o J b H B E Y X R h O i B Y W F h Y W C 1 Y W F h Y W C 1 Y W F h Y W C 1 Y W F h Y W C 1 Y W F h Y W C A g K H J l Y W Q v d 3 J p d G U p D Q o N C k h L T E 1 c U 3 l z d G V t X E N 1 c n J l b n R D b 250 c m 9 s U 2 V 0 X F N l c n Z p Y 2 V z X H R t c F h Y W F g g D Q o J b H B W Y W x 1 Z U 5 h b W U 6 I F R 5 c G U N C g l s c E R h d G E 6 I D B 4 M S A o d 3 J p d G U p D Q o J b H B W Y W x 1 Z U 5 h b W U 6 I E V y c m 9 y Q 29 u d H J v b A 0 K C W x w R G F 0 Y T o g M H g
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5def55e8-180c-44e8-b55a-4516950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T08:23:04.000Z" ,
"modified" : "2019-12-10T08:23:04.000Z" ,
"pattern" : "[file:name = '\\\\??\\\\%WINDIR%\\\\TEMP\\\\tmpXXXX.tmp']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T08:23:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5def55ec-a86c-46aa-be96-44fd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T08:23:08.000Z" ,
"modified" : "2019-12-10T08:23:08.000Z" ,
"pattern" : "[file:name = '\\\\??\\\\%WINDIR%\\\\TEMP\\\\NtXXXX.tmp']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T08:23:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5defaf66-c2b0-401b-b786-41b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:44:54.000Z" ,
"modified" : "2019-12-10T14:44:54.000Z" ,
"labels" : [
"misp:type=\"other\"" ,
"misp:category=\"Network activity\""
] ,
"x_misp_category" : "Network activity" ,
"x_misp_comment" : "Possible C2 DNS Domain Name" ,
"x_misp_type" : "other" ,
"x_misp_value" : "*.dick.mooo.com"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5defafa7-c2d8-4682-9307-4b4b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:45:59.000Z" ,
"modified" : "2019-12-10T14:45:59.000Z" ,
"labels" : [
"misp:type=\"other\"" ,
"misp:category=\"Network activity\""
] ,
"x_misp_category" : "Network activity" ,
"x_misp_comment" : "Possible C2 HTTP header" ,
"x_misp_type" : "other" ,
"x_misp_value" : "GET [Offset 0x10C in \"config\"] HTTP/1.1\\r\\n\r\nCookie: SN= [bin2hex(data_to_send)]\r\nAccept: text/html, */*\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) Chrome/53.0.2785.148\r\nHost: [Offset 0x8 in \"config\"]\r\nConnection: Keep-Alive"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dee3f11-02e4-406f-ab0b-ba86950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-09T12:36:55.000Z" ,
"modified" : "2019-12-09T12:36:55.000Z" ,
"name" : "rule cb2_01" ,
"pattern" : "{\r\nstrings:\r\n$e1 = \u00e2\u20ac\u017eGlobal\\\\\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411015}\u00e2\u20ac\u009d ascii nocase\r\n$e2 = \u00e2\u20ac\u017eGlobal\\\\\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411014}\u00e2\u20ac\u009d ascii nocase\r\n$e3 = \u00e2\u20ac\u017eGlobal\\\\\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411016}\u00e2\u20ac\u009d ascii nocase\r\n$e4 = \u00e2\u20ac\u017e\\\\\\\\BaseNamedObjects\\\\\\\\{B2B87CCA-66BC-4C24-89B2-C23C9EAC2A66}\u00e2\u20ac\u009d wide\r\n$e5 = \u00e2\u20ac\u017eBFE_Notify_Event_{7D00FA3C-FBDC-4A8D-AEEB-3F55A4890D2A}\u00e2\u20ac\u009d nocase\r\ncondition:\r\n}\r\n(any of ($e*))\r\n}" ,
"pattern_type" : "yara" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-09T12:36:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "misc"
}
] ,
"labels" : [
"misp:name=\"yara\"" ,
"misp:meta-category=\"misc\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_context" : "memory"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dee3fda-b550-4d4b-9edb-a11c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-09T12:36:42.000Z" ,
"modified" : "2019-12-09T12:36:42.000Z" ,
"name" : "rule cb2_02" ,
"pattern" : "{\r\n strings:\r\n $a1 = \\\\\"IPSecMiniPort\\\\\" wide fullword\r\n $a2 = \\\\\"ndis6fw\\\\\" wide fullword\r\n $a3 = \\\\\"TCPIP\\\\\" wide fullword\r\n $a4 = \\\\\"NDIS.SYS\\\\\" ascii fullword\r\n $a5 = \\\\\"ntoskrnl.exe\\\\\" ascii fullword\r\n $a6 = \\\\\"\\\\\\\\BaseNamedObjects\\\\\\\\{B2B87CCA-66BC-4C24-89B2-C23C9EAC2A66}\\\\\" wide\r\n $a7 = \\\\\"\\\\\\\\Device\\\\\\\\Null\\\\\" wide\r\n $a8 = \\\\\"\\\\\\\\Device\\\\\" wide\r\n $a9 = \\\\\"\\\\\\\\Driver\\\\\" wide\r\n $b1 = { 66 81 7? ?? 70 17 }\r\n $b2 = { 81 7? ?? 07 E0 15 00 }\r\n $b3 = { 8B 46 18 3D 03 60 15 00 }\r\n condition:\r\n (6 of ($a*)) and (2 of ($b*))\r\n}" ,
"pattern_type" : "yara" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-09T12:36:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "misc"
}
] ,
"labels" : [
"misp:name=\"yara\"" ,
"misp:meta-category=\"misc\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_context" : "memory"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dee4b73-07c0-4f1b-b723-b9de950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-09T13:26:11.000Z" ,
"modified" : "2019-12-09T13:26:11.000Z" ,
"name" : "rule cb2_03" ,
"pattern" : "{\r\n strings:\r\n $b1 = { 0F B7 ?? 16 [0-1] (81 E? | 25) 00 20 [0-2] [8] 8B ?? 50 41 B9 40 00 00 00 41 B8 00 10 00 00 }\r\n $b2 = { 8B 40 28 [5-8] 48 03 C8 48 8B C1 [5-8] 48 89 41 28 }\r\n $b3 = { 48 6B ?? 28 [5-8] 8B ?? ?? 10 [5-8] 48 6B ?? 28 [5-8] 8B ?? ?? 14 }\r\n $b4 = { 83 B? 90 00 00 00 00 0F 84 [9-12] 83 B? 94 00 00 00 00 0F 84 }\r\n $b5 = { (45 | 4D) (31 | 33) C0 BA 01 00 00 00 [10-16] FF 5? 28 [0-1] (84 | 85) C0 }\r\n condition:\r\n (4 of ($b*))\r\n}" ,
"pattern_type" : "yara" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-09T13:26:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "misc"
}
] ,
"labels" : [
"misp:name=\"yara\"" ,
"misp:meta-category=\"misc\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_context" : "memory"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dee4b9a-8b60-4fef-b39c-ba61950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-09T13:26:50.000Z" ,
"modified" : "2019-12-09T13:26:50.000Z" ,
"name" : "rule cb2_04" ,
"pattern" : "{\r\n strings:\r\n $b1 = { 4C 8D 41 24 33 D2 B9 03 00 1F 00 FF 9? F8 00 00 00 48 85 C0 74 }\r\n $b2 = { 4C 8B 4? 08 BA 01 00 00 00 49 8B C? FF D0 85 C0 [2-6] C7 4? 1C 01 00 00 00 B8 01 00 00 00 }\r\n $b3 = { 8B 4B E4 8B 53 EC 41 B8 00 40 00 00 4? 0B C? FF 9? B8 00 00 00 EB }\r\n condition:\r\n (2 of ($b*))\r\n}" ,
"pattern_type" : "yara" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-09T13:26:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "misc"
}
] ,
"labels" : [
"misp:name=\"yara\"" ,
"misp:meta-category=\"misc\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_context" : "memory"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dee4e51-f448-4a0a-815c-b79e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-09T13:38:25.000Z" ,
"modified" : "2019-12-09T13:38:25.000Z" ,
"name" : "rule cb2_05" ,
"pattern" : "{\r\n strings:\r\n $a1 = \\\\\"-k netsvcs\\\\\" ascii\r\n $a2 = \\\\\"svchost.exe\\\\\" ascii fullword\r\n $a3 = \\\\\"\\\\%SystemRoot\\\\%\\\\\\\\System32\\\\\\\\ntoskrnl.exe\\\\\" ascii\r\n $a4 = \\\\\"Global\\\\\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411015}\\\\\" ascii\r\n $a5 = \\\\\"Global\\\\\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411014}\\\\\" ascii\r\n $a6 = \\\\\"Global\\\\\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411016}\\\\\" ascii\r\n $a7 = \\\\\"cmd.exe\\\\\" wide\r\n $a8 = \\\\\",XML\\\\\" wide\r\n $a9 = \\\\\"\\\\\\\\rundll32.exe\\\\\" wide\r\n $a10 = \\\\\"\\\\\\\\conhost.exe\\\\\" wide\r\n $a11 = \\\\\"\\\\\\\\cmd.exe\\\\\" wide\r\n $a12 = \\\\\"NtQueryInformationProcess\\\\\" ascii\r\n $a13 = \\\\\"Detours!\\\\\" ascii fullword\r\n $a14 = \\\\\"Loading modified build of detours library designed for MPC-HC player (http://sourceforge.net/projects/mpc-hc/)\\\\\" ascii\r\n $a15 = \\\\\"CONOUT$\\\\\" wide fullword\r\n $a16 = { C6 0? E9 4? 8? 4? 05 [2] 89 4? 01 }\r\n condition:\r\n (12 of ($a*))\r\n}" ,
"pattern_type" : "yara" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-09T13:38:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "misc"
}
] ,
"labels" : [
"misp:name=\"yara\"" ,
"misp:meta-category=\"misc\"" ,
"misp:to_ids=\"True\""
] ,
"x_misp_context" : "memory"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5dee5202-0d70-4bd5-801e-4504950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-09T13:54:10.000Z" ,
"modified" : "2019-12-09T13:54:10.000Z" ,
"first_observed" : "2019-12-09T13:54:10Z" ,
"last_observed" : "2019-12-09T13:54:10Z" ,
"number_observed" : 1 ,
"object_refs" : [
"windows-registry-key--5dee5202-0d70-4bd5-801e-4504950d210f"
] ,
"labels" : [
"misp:name=\"registry-key\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "windows-registry-key" ,
"spec_version" : "2.1" ,
"id" : "windows-registry-key--5dee5202-0d70-4bd5-801e-4504950d210f" ,
"values" : [
{
"name" : "HKLM\\SOFTWRE\\Microsoft\\Ole\\"
}
] ,
"x_misp_root_keys" : "HKLM"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5dee5561-9df0-484c-bbb3-47ba950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-09T14:08:33.000Z" ,
"modified" : "2019-12-09T14:08:33.000Z" ,
"first_observed" : "2019-12-09T14:08:33Z" ,
"last_observed" : "2019-12-09T14:08:33Z" ,
"number_observed" : 1 ,
"object_refs" : [
"windows-registry-key--5dee5561-9df0-484c-bbb3-47ba950d210f"
] ,
"labels" : [
"misp:name=\"registry-key\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "windows-registry-key" ,
"spec_version" : "2.1" ,
"id" : "windows-registry-key--5dee5561-9df0-484c-bbb3-47ba950d210f" ,
"values" : [
{
"name" : "HKLM\\System\\CurrentControlSet\\Services\\tmpXXXX"
}
] ,
"x_misp_root_keys" : "HKLM"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5def9c6b-dcd8-4fb6-95da-476d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T13:27:04.000Z" ,
"modified" : "2019-12-10T13:27:04.000Z" ,
"description" : "Intermediate Loader (disk)\r\nType: PE32+ executable (DLL) (console) x86-64, for MS Windows" ,
"pattern" : "[file:hashes.SSDEEP = '3072:3ZvhT4Xd7ncWKby0T+SQ0IYevsxtjg9RfnJHarO:3LT4tVKO0wLsxt0TnJHaO' AND file:hashes.IMPHASH = '1fb46361b3762772e68127b42d1b1d5e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5def9ed5-d278-4e6d-996d-4cc2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T13:34:13.000Z" ,
"modified" : "2019-12-10T13:34:13.000Z" ,
"pattern" : "[file:hashes.MD5 = '25c735f0e64464e8c75db3d225912add' AND file:hashes.SHA1 = 'ec8fd561551db21c86766296611c1d8df9bf98c5' AND file:hashes.SSDEEP = '48:sKuCvM5L7NuPFi6YaLC8DNx+xlWEsOQGSmY0X1BHT5Hp5iwjS9d6ybxnAOmq/a7D:srCvk3NuH7LC4qlWST1B8Ma427a7D' AND file:size = '4410' AND file:x_misp_text = 'Reflective DLL Loading Shellcode Type 1 (used by Intermediate Loader and Loader, disk and memory)']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T13:34:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e53b7231-54cc-40b6-aced-498328713c3d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:22:27.000Z" ,
"modified" : "2019-12-10T14:22:27.000Z" ,
"pattern" : "[file:hashes.SHA1 = '8b966bc4c4adde90f51f68a78aa326b761981fb4' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'system.dat-output/' AND file:x_misp_fullpath = 'system.dat-output/driver1.sys' AND file:x_misp_text = 'variante-A/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:22:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3c622f17-8eec-4e87-bd09-be3a072530b6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:22:49.000Z" ,
"modified" : "2019-12-10T14:22:49.000Z" ,
"pattern" : "[file:hashes.SHA1 = '611b4c014d4a29b632c167a613b677c08d206d1e' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'system.dat-output/' AND file:x_misp_fullpath = 'system.dat-output/payload.dll' AND file:x_misp_text = 'variante-A/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:22:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1a9c8641-e1f9-4716-9fbd-212be3259b9e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:22:50.000Z" ,
"modified" : "2019-12-10T14:22:50.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'fd04c0168b844d17828ee03a1e5249e7986ce9ba' AND file:name = 'payload' AND file:parent_directory_ref.path = 'system.dat-output/' AND file:x_misp_fullpath = 'system.dat-output/payload' AND file:x_misp_text = 'variante-A/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:22:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3b726112-4fbb-4986-8753-bb42dfb25f3a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:22:50.000Z" ,
"modified" : "2019-12-10T14:22:50.000Z" ,
"pattern" : "[file:hashes.SHA1 = '5e00d36388ce0fe4bbd0624d674f2f007f7e500a' AND file:name = 'system.dat' AND file:parent_directory_ref.path = 'system.dat/' AND file:x_misp_fullpath = 'system.dat' AND file:x_misp_text = 'variante-A/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:22:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9e7700e2-a2d3-4fc8-91e3-bdae4dad5240" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:22:51.000Z" ,
"modified" : "2019-12-10T14:22:51.000Z" ,
"pattern" : "[file:hashes.SHA1 = '8b966bc4c4adde90f51f68a78aa326b761981fb4' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'TmsmHttp64.dll-output/' AND file:x_misp_fullpath = 'TmsmHttp64.dll-output/driver1.sys' AND file:x_misp_text = 'variante-B/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:22:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--52cf0eab-5342-49e6-80df-6d2a3e6d00dc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:22:52.000Z" ,
"modified" : "2019-12-10T14:22:52.000Z" ,
"pattern" : "[file:hashes.SHA1 = '003b5d82a9e208e0bc2f339d46bb907cbf588bc1' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'TmsmHttp64.dll-output/' AND file:x_misp_fullpath = 'TmsmHttp64.dll-output/driver2.sys' AND file:x_misp_text = 'variante-B/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:22:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--43c6c9cb-dbcc-498a-9346-3799c8ad30e1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:22:53.000Z" ,
"modified" : "2019-12-10T14:22:53.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'a224a276213eaecc91f0b36a66809b9cb2e7b244' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'TmsmHttp64.dll-output/' AND file:x_misp_fullpath = 'TmsmHttp64.dll-output/payload.dll' AND file:x_misp_text = 'variante-B/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:22:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--da3cb9c5-efb4-4445-8c88-6d779bba3c3c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:22:53.000Z" ,
"modified" : "2019-12-10T14:22:53.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'a2dd0e1f27fcaa51f42a7f5d4f2d50d8f4500bd9' AND file:name = 'payload' AND file:parent_directory_ref.path = 'TmsmHttp64.dll-output/' AND file:x_misp_fullpath = 'TmsmHttp64.dll-output/payload' AND file:x_misp_text = 'variante-B/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:22:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--feb320b1-5ae5-4e21-a031-19746f89f645" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:22:54.000Z" ,
"modified" : "2019-12-10T14:22:54.000Z" ,
"pattern" : "[file:hashes.SHA1 = '2da100999d323c0628df4878409269ac8f131cee' AND file:name = 'TmsmHttp64.dll' AND file:parent_directory_ref.path = 'TmsmHttp64.dll/' AND file:x_misp_fullpath = 'TmsmHttp64.dll' AND file:x_misp_text = 'variante-B/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:22:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b9d511cf-df43-4672-b8f9-d7537ac9d1ae" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:22:55.000Z" ,
"modified" : "2019-12-10T14:22:55.000Z" ,
"pattern" : "[file:hashes.SHA1 = '8b966bc4c4adde90f51f68a78aa326b761981fb4' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'iiscfg64.dll-output/' AND file:x_misp_fullpath = 'iiscfg64.dll-output/driver1.sys' AND file:x_misp_text = 'variante-C/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:22:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--24f69e0a-39f7-4a2d-b91e-6c8a2f66d762" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:22:55.000Z" ,
"modified" : "2019-12-10T14:22:55.000Z" ,
"pattern" : "[file:hashes.SHA1 = '3bb1daf9c5b39a026af5fd5a6c321cd3d0be04d6' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'iiscfg64.dll-output/' AND file:x_misp_fullpath = 'iiscfg64.dll-output/driver2.sys' AND file:x_misp_text = 'variante-C/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:22:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b33abe59-884c-4a46-acd4-5edbd734a6ae" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:00.000Z" ,
"modified" : "2019-12-10T14:23:00.000Z" ,
"pattern" : "[file:hashes.SHA1 = '76bd5e3261609041f29bb429bc1741303e61f328' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'iiscfg64.dll-output/' AND file:x_misp_fullpath = 'iiscfg64.dll-output/payload.dll' AND file:x_misp_text = 'variante-C/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e1ded9f0-7ece-454e-9cdb-cd7da4d80057" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:12.000Z" ,
"modified" : "2019-12-10T14:23:12.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'b0cfca2501096b914b0aedd35403d4505729c90c' AND file:name = 'payload' AND file:parent_directory_ref.path = 'iiscfg64.dll-output/' AND file:x_misp_fullpath = 'iiscfg64.dll-output/payload' AND file:x_misp_text = 'variante-C/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0840514f-9f4b-437d-93bf-ecb8dd861021" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:13.000Z" ,
"modified" : "2019-12-10T14:23:13.000Z" ,
"pattern" : "[file:hashes.SHA1 = '61032695b15bfcd1fbeceb015b16cea21bfaa791' AND file:name = 'iiscfg64.dll' AND file:parent_directory_ref.path = 'iiscfg64.dll/' AND file:x_misp_fullpath = 'iiscfg64.dll' AND file:x_misp_text = 'variante-C/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e37faa3a-3ad6-467b-a031-9be5cd3c86c4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:14.000Z" ,
"modified" : "2019-12-10T14:23:14.000Z" ,
"pattern" : "[file:hashes.SHA1 = '857197c37751dcbc10a89fa962d60e428952ce93' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'instapi64.dll-output/' AND file:x_misp_fullpath = 'instapi64.dll-output/driver1.sys' AND file:x_misp_text = 'variante-C/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cd6c577a-b5fe-472a-bd47-595bffa6660d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:15.000Z" ,
"modified" : "2019-12-10T14:23:15.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'dbe2e361989dd3e7d7c9e3c6aed69f2237c9aa02' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'instapi64.dll-output/' AND file:x_misp_fullpath = 'instapi64.dll-output/driver2.sys' AND file:x_misp_text = 'variante-C/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--45ee5414-ac33-49c7-bf60-f92b0e2b4f98" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:16.000Z" ,
"modified" : "2019-12-10T14:23:16.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'b8d35d436888b2f6d4ff2a958d48ca1df17e799e' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'instapi64.dll-output/' AND file:x_misp_fullpath = 'instapi64.dll-output/payload.dll' AND file:x_misp_text = 'variante-C/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--598a154c-dcd5-43d5-b2c3-1f5cbf1c4c1d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:16.000Z" ,
"modified" : "2019-12-10T14:23:16.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'e01c7793450e8b140fa13f88901fe041ea34be38' AND file:name = 'payload' AND file:parent_directory_ref.path = 'instapi64.dll-output/' AND file:x_misp_fullpath = 'instapi64.dll-output/payload' AND file:x_misp_text = 'variante-C/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a1bda197-5c10-413b-ab26-edeee972ded8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:17.000Z" ,
"modified" : "2019-12-10T14:23:17.000Z" ,
"pattern" : "[file:hashes.SHA1 = '8821beab255d943185c114c58f1996b40d5e1368' AND file:name = 'instapi64.dll' AND file:parent_directory_ref.path = 'instapi64.dll/' AND file:x_misp_fullpath = 'instapi64.dll' AND file:x_misp_text = 'variante-C/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--775b5784-ad3b-424e-b2af-7d89a1f81050" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:18.000Z" ,
"modified" : "2019-12-10T14:23:18.000Z" ,
"pattern" : "[file:hashes.SHA1 = '74cace25311ac0abead7bd94e039ef080e550328' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'payload-output/' AND file:x_misp_fullpath = 'payload-output/driver1.sys' AND file:x_misp_text = 'variante-CR/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9db8e7fb-7fb4-45c8-89e4-a3a0c6abd021" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:18.000Z" ,
"modified" : "2019-12-10T14:23:18.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'c539ca5aa16de324551c913b61d22652e66de93f' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'payload-output/' AND file:x_misp_fullpath = 'payload-output/driver2.sys' AND file:x_misp_text = 'variante-CR/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b4db253c-2bcf-451c-ba44-15a673a3a3c4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:19.000Z" ,
"modified" : "2019-12-10T14:23:19.000Z" ,
"pattern" : "[file:hashes.SHA1 = '595392a8c3eb723bdca1885db2598fea1fa2b516' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'payload-output/' AND file:x_misp_fullpath = 'payload-output/payload.dll' AND file:x_misp_text = 'variante-CR/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cde94a42-8107-4e34-af08-ec8294eceea5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:20.000Z" ,
"modified" : "2019-12-10T14:23:20.000Z" ,
"pattern" : "[file:hashes.SHA1 = '48f2da6aeaef0cc342ea4bf9ff20aa8bfcde9872' AND file:name = 'payload' AND file:parent_directory_ref.path = 'payload/' AND file:x_misp_fullpath = 'payload' AND file:x_misp_text = 'variante-CR/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7f91bef0-d377-48e7-b126-6e7a5d3720ea" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:21.000Z" ,
"modified" : "2019-12-10T14:23:21.000Z" ,
"pattern" : "[file:hashes.SHA1 = '74cace25311ac0abead7bd94e039ef080e550328' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'payload-output/' AND file:x_misp_fullpath = 'payload-output/driver1.sys' AND file:x_misp_text = 'variante-CRS/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--991c177a-7a0f-4926-95f6-4ac179a5a295" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:21.000Z" ,
"modified" : "2019-12-10T14:23:21.000Z" ,
"pattern" : "[file:hashes.SHA1 = '174101153536112422c594f6c3038aa47f3fd14e' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'payload-output/' AND file:x_misp_fullpath = 'payload-output/driver2.sys' AND file:x_misp_text = 'variante-CRS/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7b7ecfce-2bd5-46ae-b601-3e9eebc90db3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:22.000Z" ,
"modified" : "2019-12-10T14:23:22.000Z" ,
"pattern" : "[file:hashes.SHA1 = '3c8edeadaeb644341402d99ca8a0629368cb0125' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'payload-output/' AND file:x_misp_fullpath = 'payload-output/payload.dll' AND file:x_misp_text = 'variante-CRS/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--25f6a294-0dd2-4b0b-a3af-416e51364afd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:23.000Z" ,
"modified" : "2019-12-10T14:23:23.000Z" ,
"pattern" : "[file:hashes.SHA1 = '7cfe9d75b3f7bb31a6d0c86da7a43f4bb9bdc7bd' AND file:name = 'payload' AND file:parent_directory_ref.path = 'payload/' AND file:x_misp_fullpath = 'payload' AND file:x_misp_text = 'variante-CRS/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3f909ac6-2c3b-46a9-be2c-94af99524de4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:23.000Z" ,
"modified" : "2019-12-10T14:23:23.000Z" ,
"pattern" : "[file:hashes.SHA1 = '2b319b44451abb0596b9187e06f1fb7b4ace969d' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'tsmgetst.dll-output/' AND file:x_misp_fullpath = 'tsmgetst.dll-output/driver1.sys' AND file:x_misp_text = 'variante-D/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d470790a-b3bf-4ced-94f7-ca7401ddc629" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:24.000Z" ,
"modified" : "2019-12-10T14:23:24.000Z" ,
"pattern" : "[file:hashes.SHA1 = '30d1dd1dd4f0ace7a4f2c24e31fb6a0ee33e8a3a' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'tsmgetst.dll-output/' AND file:x_misp_fullpath = 'tsmgetst.dll-output/driver2.sys' AND file:x_misp_text = 'variante-D/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fcda7810-080c-47f0-9216-a7cf669e4396" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:25.000Z" ,
"modified" : "2019-12-10T14:23:25.000Z" ,
"pattern" : "[file:hashes.SHA1 = '2bc358ddc72f59ba0373b8635ab08ad747c12180' AND file:name = 'dsefix.exe' AND file:parent_directory_ref.path = 'tsmgetst.dll-output/' AND file:x_misp_fullpath = 'tsmgetst.dll-output/dsefix.exe' AND file:x_misp_text = 'variante-D/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--06d8a210-3a92-47eb-8fd2-0147b7281d7f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:25.000Z" ,
"modified" : "2019-12-10T14:23:25.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'df7732ce1a393c59889ae61321e7da3d3f1a1980' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'tsmgetst.dll-output/' AND file:x_misp_fullpath = 'tsmgetst.dll-output/payload.dll' AND file:x_misp_text = 'variante-D/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9a724f07-1f2b-48bb-bb25-32dfe637569b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:26.000Z" ,
"modified" : "2019-12-10T14:23:26.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'aaa6eeaf422b5a8451121513c66c6bd7cb3b9da3' AND file:name = 'payload' AND file:parent_directory_ref.path = 'tsmgetst.dll-output/' AND file:x_misp_fullpath = 'tsmgetst.dll-output/payload' AND file:x_misp_text = 'variante-D/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--dbd342d8-a43b-4f22-8be9-921186cdbf83" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:26.000Z" ,
"modified" : "2019-12-10T14:23:26.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'ffce6895a5bcade8631676ac67c1f919505d4f19' AND file:name = 'tsmgetst.dll' AND file:parent_directory_ref.path = 'tsmgetst.dll/' AND file:x_misp_fullpath = 'tsmgetst.dll' AND file:x_misp_text = 'variante-D/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--67abe83f-ef66-40d7-90e7-90ffe1513e52" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:27.000Z" ,
"modified" : "2019-12-10T14:23:27.000Z" ,
"pattern" : "[file:hashes.SHA1 = '3b1f3ed2eeb746733b3c2bb483a481ce2d7f7cf1' AND file:name = 'decrypted_strings.txt' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/decrypted_strings.txt' AND file:x_misp_text = 'variante-E/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--97a2f864-44e3-4ab4-ab05-2053d5e1ccf4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:28.000Z" ,
"modified" : "2019-12-10T14:23:28.000Z" ,
"pattern" : "[file:hashes.SHA1 = '98c32b4093ed1d7cba6fdcd7667f7ba10ba7a94c' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/driver1.sys' AND file:x_misp_text = 'variante-E/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3b43ab98-c605-43ec-8951-c456fa02c3bf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:28.000Z" ,
"modified" : "2019-12-10T14:23:28.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'ca00eafde42f1456de01140556d8c3002866cc74' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/driver2.sys' AND file:x_misp_text = 'variante-E/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0db0c06d-d056-44c1-84e0-e3e6e13ce850" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:29.000Z" ,
"modified" : "2019-12-10T14:23:29.000Z" ,
"pattern" : "[file:hashes.SHA1 = '54f7d7c145bbae0979ad0b42689a9008ab3d3883' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/payload.dll' AND file:x_misp_text = 'variante-E/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ba639956-fe15-45ce-a72c-666cb163e56e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:29.000Z" ,
"modified" : "2019-12-10T14:23:29.000Z" ,
"pattern" : "[file:hashes.SHA1 = '10ceb3bd963708895c394303651dde0da315490e' AND file:name = 'payload' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/payload' AND file:x_misp_text = 'variante-E/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7df5bc4b-4499-492b-9962-61ed0d12c542" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:38.000Z" ,
"modified" : "2019-12-10T14:23:38.000Z" ,
"pattern" : "[file:hashes.SHA1 = '11d6619900369643ebe6c0bbf6a28178cfa620bd' AND file:name = 'ShutDownEvent.dll' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/ShutDownEvent.dll' AND file:x_misp_text = 'variante-E/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--08a0fa08-4b39-4c16-8574-bdb7d3e91283" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:38.000Z" ,
"modified" : "2019-12-10T14:23:38.000Z" ,
"pattern" : "[file:hashes.SHA1 = '3efae65475cb1f6a34e11e012c53dac0412674d4' AND file:name = 'ShutDownEvent' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/ShutDownEvent' AND file:x_misp_text = 'variante-E/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--48852a64-fa9d-4d5c-a7f1-45699a8882a2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:39.000Z" ,
"modified" : "2019-12-10T14:23:39.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'ee2a177f2e2ae8679b28caa8aba222d3fd80cdbb' AND file:name = 'start_function.bin' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/start_function.bin' AND file:x_misp_text = 'variante-E/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fdca2f4c-bd45-4336-9e95-794b4a0526a8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:39.000Z" ,
"modified" : "2019-12-10T14:23:39.000Z" ,
"pattern" : "[file:hashes.SHA1 = '045e728362773c358b07e416d3cd3e66af71549c' AND file:name = 'sysmon-implant.dll' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/sysmon-implant.dll' AND file:x_misp_text = 'variante-E/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--997205fd-5ead-4a86-aba6-f2e99ddfce0b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:40.000Z" ,
"modified" : "2019-12-10T14:23:40.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'b3f04f4e41afe17117204e0b48162886b58932ce' AND file:name = 'sysmon-implant' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/sysmon-implant' AND file:x_misp_text = 'variante-E/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1919f62b-5793-4c0f-ae20-518c4011c9cd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:41.000Z" ,
"modified" : "2019-12-10T14:23:41.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'c11675257b9927cabd6e5e259021070a95266566' AND file:name = 'sigc-2.4.dll' AND file:parent_directory_ref.path = 'sigc-2.4.dll/' AND file:x_misp_fullpath = 'sigc-2.4.dll' AND file:x_misp_text = 'variante-E/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--44190615-3989-4246-962b-0dcc4e5cd3c2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:42.000Z" ,
"modified" : "2019-12-10T14:23:42.000Z" ,
"pattern" : "[file:hashes.SHA1 = '08a4fa8b98d2c7efcfcc7710586e498c34be6b3f' AND file:name = 'decrypted_strings.txt' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/decrypted_strings.txt' AND file:x_misp_text = 'variante-F/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--32ce7962-26dc-4ae7-9159-c0e362795392" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:42.000Z" ,
"modified" : "2019-12-10T14:23:42.000Z" ,
"pattern" : "[file:hashes.SHA1 = '894c71f4fb27aa0285797a2735b23c0aecd81d74' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/driver1.sys' AND file:x_misp_text = 'variante-F/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c14890d7-e0e9-438c-a359-40718f2426a5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:43.000Z" ,
"modified" : "2019-12-10T14:23:43.000Z" ,
"pattern" : "[file:hashes.SHA1 = '1994fdc0a26198e84c9e15ae071e3f759f85cfd0' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/driver2.sys' AND file:x_misp_text = 'variante-F/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--64707a06-5849-4739-ae9b-592b2c5d40c0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:43.000Z" ,
"modified" : "2019-12-10T14:23:43.000Z" ,
"pattern" : "[file:hashes.SHA1 = '550ceb58c15537c991ddf772200a888c0823eb06' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/payload.dll' AND file:x_misp_text = 'variante-F/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e0551fbd-a6c4-45e4-b42c-21576008ca5b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:44.000Z" ,
"modified" : "2019-12-10T14:23:44.000Z" ,
"pattern" : "[file:hashes.SHA1 = '48bc1d610f3f9219ad9f47f44368c2ef2eb4d64c' AND file:name = 'payload' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/payload' AND file:x_misp_text = 'variante-F/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--321b5b53-85a3-40e8-8840-8521b66fb118" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:44.000Z" ,
"modified" : "2019-12-10T14:23:44.000Z" ,
"pattern" : "[file:hashes.SHA1 = '263ca823e42eea1f062bf375a4204f01aa883ad1' AND file:name = 'start_function.bin' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/start_function.bin' AND file:x_misp_text = 'variante-F/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--681bdb7d-a852-4a13-9c90-55774971b482" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:45.000Z" ,
"modified" : "2019-12-10T14:23:45.000Z" ,
"pattern" : "[file:hashes.SHA1 = '045e728362773c358b07e416d3cd3e66af71549c' AND file:name = 'sysmon-implant.dll' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/sysmon-implant.dll' AND file:x_misp_text = 'variante-F/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ec73a7f-829e-472a-9666-05b92c769b14" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:47.000Z" ,
"modified" : "2019-12-10T14:23:47.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'b3f04f4e41afe17117204e0b48162886b58932ce' AND file:name = 'sysmon-implant' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/sysmon-implant' AND file:x_misp_text = 'variante-F/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0032d7b5-43be-4a6c-bc62-56a5298cbaa7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:23:47.000Z" ,
"modified" : "2019-12-10T14:23:47.000Z" ,
"pattern" : "[file:hashes.SHA1 = '39d8e4abc92ba068e30597cad0d195af4fe8372b' AND file:name = 'glmf-2.0.dll' AND file:parent_directory_ref.path = 'glmf-2.0.dll/' AND file:x_misp_fullpath = 'glmf-2.0.dll' AND file:x_misp_text = 'variante-F/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:23:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5defae0e-25f0-4dd9-94b4-451e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:40:50.000Z" ,
"modified" : "2019-12-10T14:40:50.000Z" ,
"pattern" : "[file:hashes.SSDEEP = '1536:B6Lf7rVA8vhTjRmIeYQv9jB0dMSI/qe9lD9:QLfrvhTjRNeYA9ieSbGlD9' AND file:x_misp_text = 'Intermediate Loader Payload DLL (memory only)']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:40:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5defaed6-e44c-4af8-8d06-4993950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:42:30.000Z" ,
"modified" : "2019-12-10T14:42:30.000Z" ,
"pattern" : "[file:hashes.SSDEEP = '12288:iUCXzbtTwr9ZnO7CMXvXD03WvR+WZj1EusOLw4owntX4SncgcP:ODbtTOnO7CMX7WeIWZgO7owtIScj' AND file:x_misp_text = 'WinNTI Payload DLL (Decrypted PE, unloaded/injected state, memory only)']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:42:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5defaf3c-d7e4-423c-82ad-4838950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:44:12.000Z" ,
"modified" : "2019-12-10T14:44:12.000Z" ,
"pattern" : "[file:hashes.MD5 = '119d144147662013ee85e8ee00024cc4' AND file:hashes.SHA1 = '715a1b53556be0f51951547b86ec8d38a74ec7d9' AND file:hashes.SHA256 = 'bd1cde125389590f75b808a27401de15b03f70795311881c5da3e079a44e39ef' AND file:hashes.SSDEEP = '48:FyaxW8RrvmX2EJtzXFurCXgj9e0tQ380Fon/keb5B7003/s:tepfzFiCwj9eVM0IkebX0Es' AND file:size = '2048' AND file:x_misp_text = 'Reflective DLL Loading Shellcode Type 2a (loads injected WinNTI Payload DLL, calls DllMain, memory only)']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:44:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5defb18f-9100-4e25-ae16-4f69950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:58:47.000Z" ,
"modified" : "2019-12-10T14:58:47.000Z" ,
"pattern" : "[file:hashes.MD5 = '42560fde33e1e5f83e61bcdfa77b5b9c' AND file:hashes.SHA1 = '29fee2e1138592a3c3167176849dee3f193bf4a8' AND file:hashes.SHA256 = '5aa25bb6795f0e72176b6d7b5f9808c8c4685ce4ca1ab34e0ce4e41eaf19ad61' AND file:hashes.SSDEEP = '48:/D7DxQaGZDz5b546czuXZUa0Gr2z44uLGswLBaZalxIJegXGplDYriXhwaul:3DxPGZTMzOmnG6zqLGsYBaMlCJegW3YD' AND file:x_misp_text = 'Reflective DLL Loading Shellcode Type 2b (loads injected WinNTI Payload DLL, calls DllMain, memory only)']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-10T14:58:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5defb1ce-bf24-489f-9676-47fc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T08:04:19.000Z" ,
"modified" : "2019-12-11T08:04:19.000Z" ,
"pattern" : "[file:hashes.MD5 = '3bb87749da36ebd1a564ee85e9f0fff0' AND file:hashes.SHA1 = '8a2356303356e2850a15401ee8b5727b152e200b' AND file:hashes.SHA256 = '806df629a0e58a70b4936bb9a28eafe555ff4ce190039bb26215782a93cff4cb' AND file:hashes.SSDEEP = '1536:vGzAkyjIOsTCT2IP+W0k+0X4a3Ro1MeAJhN9tdN9VtdNz9Tl1caSQZ/26XvX:vGzAkyE3TCqk+pIgMeAJhN9tdN9VtdNn' AND file:hashes.IMPHASH = 'f3c01ba3a71e1e0ef157c3b8cb0ad625' AND file:size = '90112' AND file:x_misp_text = 'Sysmon Implant (Decrypted PE, memory only)']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-11T08:04:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5df0a4ec-ea3c-43b7-a298-42f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T08:12:28.000Z" ,
"modified" : "2019-12-11T08:12:28.000Z" ,
"pattern" : "[file:hashes.MD5 = '1801319eb2b82016ae6a33ee18fcc3ad' AND file:hashes.SHA1 = '7bbed9fbff45b15dbf5cedfa3636a3caad65650f' AND file:hashes.SHA256 = 'ebdb8cfc3207b411a4d898489c8825cb2187221a473f2fbf7a43cbf637f2fe57' AND file:hashes.SSDEEP = '768:jZh+oyCeGqt/P76bbwYCmKGqV+VNQNDBKTW1/bz2vTvQtCK:jiCeB/Gbbi0qV6QNBK+QTvQQK' AND file:hashes.IMPHASH = 'c22f9228e1c400cb179800b69544162b' AND file:size = '47104' AND file:x_misp_text = 'Kernel Driver Type 1 (temporarily dropped to disk, deleted after loading)']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-11T08:12:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5df0a8fd-0cec-45d5-8023-1706950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T08:41:07.000Z" ,
"modified" : "2019-12-11T08:41:07.000Z" ,
"pattern" : "[file:hashes.MD5 = '50f624b3fb6ca04f352e0463a43df86f' AND file:hashes.SHA1 = '3c404486a5c443e43c1b7691de7801cece44a733' AND file:hashes.SHA256 = '3c25dcb33e018c21a3dc709c54495c0e504aeee78d7f103deaf19c1d802d57da' AND file:hashes.SSDEEP = '768:pQIbhJi7OB1/HzktBgWb8oiICMvahoICS4AIHOyMKIoAj:pQIDRBW4o8+ICS4AltoA' AND file:hashes.IMPHASH = 'fcccb379816ade76b537359d17969ca4' AND file:size = '44624' AND file:x_misp_text = 'Kernel Driver Type 2a (temporarily dropped to disk, deleted after loading, Example 1)']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-11T08:41:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5df0ac98-e890-4c6a-b708-30d9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T08:50:15.000Z" ,
"modified" : "2019-12-11T08:50:15.000Z" ,
"description" : "dumped from memory with moddump" ,
"pattern" : "[file:hashes.MD5 = 'b96dfbc749b99bc672c74708373bbc97' AND file:hashes.SHA1 = '4e45d9b0bc282cc93113c7ba51b1b4ac173a208d' AND file:hashes.SHA256 = '5af2edd199b6c4ea731449b202ea96faef6c11d1ac0ca7b22aa9023e0186621f' AND file:hashes.SSDEEP = '768:Zhf9ozikYw7rhcCMsahoICS4AIvm7tSw5iZ:W1Yw7rH7ICS4ANtSw5M' AND file:size = '34816' AND file:x_misp_text = 'Kernel Driver Type 2b (temporarily dropped to disk, deleted after loading, Example 2)']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-11T08:50:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fbb2308c-ed30-4bdc-97ff-53b4136cf37f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:20.000Z" ,
"modified" : "2019-12-11T12:50:20.000Z" ,
"pattern" : "[file:hashes.MD5 = '0eded1c3a20039a504bc256fcc892023' AND file:hashes.SHA1 = '98c32b4093ed1d7cba6fdcd7667f7ba10ba7a94c' AND file:hashes.SHA256 = '02a7dd784a87fd08b50515aa5ea7db5bebe95d13ee8df1e75d903c744827e01b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-11T12:50:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7286a3d2-41c0-4688-9e21-85ec78ff23e0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:21.000Z" ,
"modified" : "2019-12-11T12:50:21.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-12-06T23:44:03" ,
"category" : "Other" ,
"uuid" : "154a18b8-bb22-4a9d-9ac4-6d1789cc9d0b"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/02a7dd784a87fd08b50515aa5ea7db5bebe95d13ee8df1e75d903c744827e01b/analysis/1575675843/" ,
"category" : "Payload delivery" ,
"uuid" : "54d15f31-0cc6-419e-b6a3-0e9c5a0afa8a"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "30/70" ,
"category" : "Payload delivery" ,
"uuid" : "bb4ad868-327d-4b86-ba53-fdb5e6577626"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b9b6c463-ab69-4bc2-a053-248497aa95d5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:21.000Z" ,
"modified" : "2019-12-11T12:50:21.000Z" ,
"pattern" : "[file:hashes.MD5 = '5979cf5018c03be2524b87b7dda64a1a' AND file:hashes.SHA1 = '74cace25311ac0abead7bd94e039ef080e550328' AND file:hashes.SHA256 = 'e038450d226cc02529a34a0c89cdd3af4c033066bb9db57274d0cadb52bb1065']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-11T12:50:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--42bd75dc-5e99-4c09-bfca-66b22cb28fa1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:21.000Z" ,
"modified" : "2019-12-11T12:50:21.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-12-07T05:03:09" ,
"category" : "Other" ,
"uuid" : "1d38133b-f3bd-448f-9908-10c295194de9"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e038450d226cc02529a34a0c89cdd3af4c033066bb9db57274d0cadb52bb1065/analysis/1575694989/" ,
"category" : "Payload delivery" ,
"uuid" : "37ec8e23-3055-4264-8436-3a030b9f0ca0"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "50/71" ,
"category" : "Payload delivery" ,
"uuid" : "ee80466c-fe51-4735-86b4-6f4aa9d731d7"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--00c6f164-f4b4-4e2c-a3ef-63c88e36f381" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:21.000Z" ,
"modified" : "2019-12-11T12:50:21.000Z" ,
"pattern" : "[file:hashes.MD5 = '8e61219b18d36748ce956099277cc29b' AND file:hashes.SHA1 = '7cfe9d75b3f7bb31a6d0c86da7a43f4bb9bdc7bd' AND file:hashes.SHA256 = '14f40d1ca0019f38bb80e9d772952efbf643c34a2e236440e2e03ac9be1c5442']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-11T12:50:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9fe4012e-2085-4dcf-9f99-f73e92b3c7b0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:21.000Z" ,
"modified" : "2019-12-11T12:50:21.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-12-06T23:43:55" ,
"category" : "Other" ,
"uuid" : "34250df9-11b9-403a-b2c9-3ba00de86ea7"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/14f40d1ca0019f38bb80e9d772952efbf643c34a2e236440e2e03ac9be1c5442/analysis/1575675835/" ,
"category" : "Payload delivery" ,
"uuid" : "8006653e-147d-4441-b2ea-e52446ea404f"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "18/58" ,
"category" : "Payload delivery" ,
"uuid" : "4312e489-eda6-46e2-a403-03acf16bf20b"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f005a213-c2ee-448d-80f3-a58ff20fdb4c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:21.000Z" ,
"modified" : "2019-12-11T12:50:21.000Z" ,
"pattern" : "[file:hashes.MD5 = '516dcd4ecee6ac02c6a1a34ea8310917' AND file:hashes.SHA1 = 'c539ca5aa16de324551c913b61d22652e66de93f' AND file:hashes.SHA256 = '555413c77e8d97df2e26522984baef65b09269825fb80a6bffb5b456e009211a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-11T12:50:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8d2143a2-20d9-4de0-a833-5b13445c2fac" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:22.000Z" ,
"modified" : "2019-12-11T12:50:22.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-12-07T05:03:11" ,
"category" : "Other" ,
"uuid" : "720d70b9-3733-4b91-87fb-aa02de08fa7e"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/555413c77e8d97df2e26522984baef65b09269825fb80a6bffb5b456e009211a/analysis/1575694991/" ,
"category" : "Payload delivery" ,
"uuid" : "dbe684a8-0e46-445d-bea5-e9fe78e093f0"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "42/71" ,
"category" : "Payload delivery" ,
"uuid" : "7013e7a4-f70f-4510-a6cd-9ab0fb64c593"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--25b3b742-2893-462b-a181-8a9c046f7995" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:22.000Z" ,
"modified" : "2019-12-11T12:50:22.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b4e66b445b39d0368bbe4b91a3cd98ff' AND file:hashes.SHA1 = '2bc358ddc72f59ba0373b8635ab08ad747c12180' AND file:hashes.SHA256 = '1865013aaca0f12679e35f06c4dad4e00d6372415ee8390b17b4f910fee1f7a2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-11T12:50:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ee0c2e26-c418-4f6f-9e6d-86952c212952" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:22.000Z" ,
"modified" : "2019-12-11T12:50:22.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-12-07T05:03:15" ,
"category" : "Other" ,
"uuid" : "235c859e-25ec-4c50-ad5c-c53120f02538"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1865013aaca0f12679e35f06c4dad4e00d6372415ee8390b17b4f910fee1f7a2/analysis/1575694995/" ,
"category" : "Payload delivery" ,
"uuid" : "a1d0af80-6400-4aa0-8790-c5177337582e"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "21/71" ,
"category" : "Payload delivery" ,
"uuid" : "fda8a4b8-913d-482f-8357-7948be048ddf"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--26bfe728-c018-44e4-b6d6-c54af3d2b14a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:22.000Z" ,
"modified" : "2019-12-11T12:50:22.000Z" ,
"pattern" : "[file:hashes.MD5 = '52efa5da09fde23dd067c571389f49fa' AND file:hashes.SHA1 = 'ca00eafde42f1456de01140556d8c3002866cc74' AND file:hashes.SHA256 = '4f18df68ce89ba55b1bff0b1aac72a54c19862241f0fac9f957f8626114db418']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-11T12:50:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--77072cd3-da5c-4204-b37d-72fc44ed0384" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:22.000Z" ,
"modified" : "2019-12-11T12:50:22.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-12-07T05:03:17" ,
"category" : "Other" ,
"uuid" : "5f351c9c-4286-44da-a31a-0e8708cddf21"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/4f18df68ce89ba55b1bff0b1aac72a54c19862241f0fac9f957f8626114db418/analysis/1575694997/" ,
"category" : "Payload delivery" ,
"uuid" : "0b92f081-eca4-46d9-ab89-9edc194a1649"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "36/70" ,
"category" : "Payload delivery" ,
"uuid" : "ad5b6315-0d03-472b-8421-f2d5bf52d2db"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--dab61fb6-c519-46a1-b060-fa178764d6da" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:22.000Z" ,
"modified" : "2019-12-11T12:50:22.000Z" ,
"pattern" : "[file:hashes.MD5 = '5f8bf3dd940ef09ce25a8b3912c92220' AND file:hashes.SHA1 = '3bb1daf9c5b39a026af5fd5a6c321cd3d0be04d6' AND file:hashes.SHA256 = '38136d8d4146e75f03714f14d847777bf1cd17ddc942b95446b72954dfbd9f3e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-11T12:50:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2254d0a1-5768-49d1-8f6f-55ef72367d31" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:22.000Z" ,
"modified" : "2019-12-11T12:50:22.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-12-07T05:03:08" ,
"category" : "Other" ,
"uuid" : "a7071fb2-fb26-46c7-967e-d255748b6d85"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/38136d8d4146e75f03714f14d847777bf1cd17ddc942b95446b72954dfbd9f3e/analysis/1575694988/" ,
"category" : "Payload delivery" ,
"uuid" : "25d6382c-3518-4ea4-b664-ed4370405b1d"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "35/71" ,
"category" : "Payload delivery" ,
"uuid" : "c6ffd21b-553b-45ae-ac1d-4ae5f5f5f085"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--53d444c2-5449-4082-b85a-e61c3760d6c4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:23.000Z" ,
"modified" : "2019-12-11T12:50:23.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd747323e83fa4f20cc55647a6d5dc198' AND file:hashes.SHA1 = '8b966bc4c4adde90f51f68a78aa326b761981fb4' AND file:hashes.SHA256 = 'f39cdc437f4c8d7d4d80b8d1d17c9c75e54340df912a56afc1f9a4e7ce5e4cfb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-11T12:50:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f3154e62-2ff1-4769-af0a-6115e01096bc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:23.000Z" ,
"modified" : "2019-12-11T12:50:23.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-12-07T05:03:07" ,
"category" : "Other" ,
"uuid" : "021742ea-6364-4256-9c75-b0300898408f"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f39cdc437f4c8d7d4d80b8d1d17c9c75e54340df912a56afc1f9a4e7ce5e4cfb/analysis/1575694987/" ,
"category" : "Payload delivery" ,
"uuid" : "95770780-45d2-4e03-afda-e0127a4f7b52"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "40/71" ,
"category" : "Payload delivery" ,
"uuid" : "eb78fef4-df41-47c0-86a3-fd96f8b840b4"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--93f8b76b-2456-44b4-9a7c-cdb0166ccacc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:23.000Z" ,
"modified" : "2019-12-11T12:50:23.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b8ffea5aa357e8bac5efc03f8e202292' AND file:hashes.SHA1 = '48f2da6aeaef0cc342ea4bf9ff20aa8bfcde9872' AND file:hashes.SHA256 = '7c09b14a34114e5b6861530ac19ab1aaadf9e8c9a7fbbde96542c21175b094e0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-12-11T12:50:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--017ca493-a3dc-4bc8-a384-6efaf630477a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T12:50:23.000Z" ,
"modified" : "2019-12-11T12:50:23.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-12-07T05:03:12" ,
"category" : "Other" ,
"uuid" : "09e20c69-0a59-449c-8b52-fdbea1126f57"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/7c09b14a34114e5b6861530ac19ab1aaadf9e8c9a7fbbde96542c21175b094e0/analysis/1575694992/" ,
"category" : "Payload delivery" ,
"uuid" : "6b479fca-6542-4050-8295-15bde38b7881"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/60" ,
"category" : "Payload delivery" ,
"uuid" : "20f365c8-39e4-437e-b36b-b045cbc6dad6"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5def9ca7-d33c-4f2e-83bc-45d0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T13:27:21.000Z" ,
"modified" : "2019-12-10T13:27:21.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".text" ,
"category" : "Other" ,
"uuid" : "5def9ca7-1614-46e9-a9cf-44b7950d210f"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "768:zRWRzPlgivs6/lR/T4XxMJefllEHWcVDkPKbgB:S2ivhT4Xd7EWchkPKby" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5def9ca8-de1c-4ddb-a7d2-4fb3950d210f"
}
] ,
"x_misp_comment" : "Intermediate Loader (disk)\r\nType: PE32+ executable (DLL) (console) x86-64, for MS Windows" ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5def9ce1-f250-4d35-a51f-4b21950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T13:27:42.000Z" ,
"modified" : "2019-12-10T13:27:42.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".data" ,
"category" : "Other" ,
"uuid" : "5def9ce1-8cf8-4c0f-97eb-4699950d210f"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "1536:5Q0PgGT9YX/sLPdK0skw7KjgrrdqsE7ynJHarO7:5Q0IYevsxtjg9RfnJHarO" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5def9ce2-4a80-4e88-b6a4-48bb950d210f"
}
] ,
"x_misp_comment" : "Intermediate Loader (disk)\r\nType: PE32+ executable (DLL) (console) x86-64, for MS Windows" ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5defae31-f31c-427b-ad96-48d4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-10T14:41:16.000Z" ,
"modified" : "2019-12-10T14:41:16.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".text" ,
"category" : "Other" ,
"uuid" : "5defae31-f1c8-4c3d-97dd-4296950d210f"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "768:466RwzXvMmLrVAhu5ljDhTb/YWD8ChD/1gIeYQhtbpY8B0z5MSuN/:46Lf7rVA8vhTjRmIeYQv9jB0dMSI/" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5defae31-6900-4825-a85e-43da950d210f"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5defb221-e110-4c86-99bd-409e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T08:05:30.000Z" ,
"modified" : "2019-12-11T08:05:30.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "5e5dd13d6986f521c24e816f3a0880cc" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5defb221-3068-4900-a034-4bd7950d210f"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "9a3ca3a368fee2f2f9d824e6d8ffd1ef2ed62c72" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5defb222-dd1c-4a35-a66e-4bbd950d210f"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "28afc1eb9d37322257c9ee628b82ca1e44af29e2e40f28d70ee544a63113638f" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5defb222-8a98-4a68-b836-46ed950d210f"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "768:TiDxzGr+GAJxxtgyZiCcJ5Ev7AT5sFlloZ8RBT2I/HqhPO0i1+i5X4aFV/O3wds:6GzAkyjIOsTCT2IP+W0k+0X4a3Ro1Me" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5defb222-4ea0-4a7b-b41b-401a950d210f"
}
] ,
"x_misp_comment" : "code section" ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5df0ab37-3e44-44c5-85cf-4021950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T08:41:33.000Z" ,
"modified" : "2019-12-11T08:41:33.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "1e615b812bd1b6c205e27c4c5067fd8a" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5df0ab37-81a4-4c8f-8df0-43ee950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".text" ,
"category" : "Other" ,
"uuid" : "5df0ab37-feb4-49af-93ac-47a8950d210f"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "26d6f5c9a779dba2104fedb90d00bc1ff0aa5195" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5df0ab38-6830-4ce3-875c-487f950d210f"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "8cfa0f9caec35a80078db887a7cf80a4e903abdb010b3045ef6f54724ba0c4d2" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5df0ab38-0920-426c-8c1f-448d950d210f"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "384:BQIbhd3i7OGK10mXEGHzktMgM+mJ/RWb8oirUj0HM:BQIbhJi7OB1/HzktBgWb8oiICM" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5df0ab38-4904-44b0-8fdf-445d950d210f"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5df0acec-e3d4-4767-abe7-4bf6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-12-11T09:20:10.000Z" ,
"modified" : "2019-12-11T09:20:10.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "ace45cab5b340beed180fce546f16bd6" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5df0acec-885c-40f7-a54b-4c9c950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".text" ,
"category" : "Other" ,
"uuid" : "5df0acec-99d4-4fc2-8c82-46d1950d210f"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "d058fcef882a6bfa993cefb2371f1eb5d187e356" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5df0acec-5854-4f7b-a275-4b10950d210f"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "384:Hh/HusRuVIL7ozi1B82zfR27rhp0p0HM:Hhf9ozikYw7rhcCM" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5df0acec-c5f0-43b8-bac9-403d950d210f"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--bf54bfb6-0c56-44b9-af58-9fe5970504ad" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-10T13:26:36.000Z" ,
"modified" : "2019-12-10T13:26:36.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "contains" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5def9c6b-dcd8-4fb6-95da-476d950d210f" ,
"target_ref" : "x-misp-object--5def9ce1-f250-4d35-a51f-4b21950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--2cf6e64b-0411-4d7e-8ba2-9a091dfa9b68" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-10T13:27:04.000Z" ,
"modified" : "2019-12-10T13:27:04.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "contains" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5def9c6b-dcd8-4fb6-95da-476d950d210f" ,
"target_ref" : "x-misp-object--5def9ca7-d33c-4f2e-83bc-45d0950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--cb3fd957-6550-4a02-b9ba-96a3d3c29f61" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-10T14:40:50.000Z" ,
"modified" : "2019-12-10T14:40:50.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "contains" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5defae0e-25f0-4dd9-94b4-451e950d210f" ,
"target_ref" : "x-misp-object--5defae31-f31c-427b-ad96-48d4950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--846cc7d8-b710-45d8-96a2-26f57db23624" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-10T14:58:47.000Z" ,
"modified" : "2019-12-10T14:58:47.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "contains" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5defb18f-9100-4e25-ae16-4f69950d210f" ,
"target_ref" : "x-misp-object--5defb221-e110-4c86-99bd-409e950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--63743d72-0d89-4b32-91f5-9d4b51e00fdf" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T08:04:19.000Z" ,
"modified" : "2019-12-11T08:04:19.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "contains" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5defb1ce-bf24-489f-9676-47fc950d210f" ,
"target_ref" : "x-misp-object--5defb221-e110-4c86-99bd-409e950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--bdacd5de-21f5-4bdd-89b7-7710fb35e3de" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T08:41:07.000Z" ,
"modified" : "2019-12-11T08:41:07.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "contains" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5df0a8fd-0cec-45d5-8023-1706950d210f" ,
"target_ref" : "x-misp-object--5df0ab37-3e44-44c5-85cf-4021950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--fcee888a-bf59-4074-a514-1dbd016d0c2a" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T08:50:15.000Z" ,
"modified" : "2019-12-11T08:50:15.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "contains" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5df0ac98-e890-4c6a-b708-30d9950d210f" ,
"target_ref" : "x-misp-object--5df0acec-e3d4-4767-abe7-4bf6950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--5200a220-3f79-45dc-85de-91fb96149a5b" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T12:50:24.000Z" ,
"modified" : "2019-12-11T12:50:24.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--fbb2308c-ed30-4bdc-97ff-53b4136cf37f" ,
"target_ref" : "x-misp-object--7286a3d2-41c0-4688-9e21-85ec78ff23e0"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--1f00ea60-f23a-4127-9755-57046f7badfc" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T12:50:24.000Z" ,
"modified" : "2019-12-11T12:50:24.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--b9b6c463-ab69-4bc2-a053-248497aa95d5" ,
"target_ref" : "x-misp-object--42bd75dc-5e99-4c09-bfca-66b22cb28fa1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--06e2c19f-aec7-4b07-a32b-72d47f272a72" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T12:50:24.000Z" ,
"modified" : "2019-12-11T12:50:24.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--00c6f164-f4b4-4e2c-a3ef-63c88e36f381" ,
"target_ref" : "x-misp-object--9fe4012e-2085-4dcf-9f99-f73e92b3c7b0"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--4689400c-52c6-4b68-892d-94f7bc4ded95" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T12:50:24.000Z" ,
"modified" : "2019-12-11T12:50:24.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--f005a213-c2ee-448d-80f3-a58ff20fdb4c" ,
"target_ref" : "x-misp-object--8d2143a2-20d9-4de0-a833-5b13445c2fac"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--2e719fa9-0bf5-4be7-b2ea-35b57a224087" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T12:50:24.000Z" ,
"modified" : "2019-12-11T12:50:24.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--25b3b742-2893-462b-a181-8a9c046f7995" ,
"target_ref" : "x-misp-object--ee0c2e26-c418-4f6f-9e6d-86952c212952"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--56e30fee-111e-4256-ba1a-db9d91562fd3" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T12:50:25.000Z" ,
"modified" : "2019-12-11T12:50:25.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--26bfe728-c018-44e4-b6d6-c54af3d2b14a" ,
"target_ref" : "x-misp-object--77072cd3-da5c-4204-b37d-72fc44ed0384"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--e9801d3c-3206-46cc-8dd3-4f2f3ebcfd04" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T12:50:25.000Z" ,
"modified" : "2019-12-11T12:50:25.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--dab61fb6-c519-46a1-b060-fa178764d6da" ,
"target_ref" : "x-misp-object--2254d0a1-5768-49d1-8f6f-55ef72367d31"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--b2c27023-910b-458f-af14-94763083e73d" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T12:50:25.000Z" ,
"modified" : "2019-12-11T12:50:25.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--53d444c2-5449-4082-b85a-e61c3760d6c4" ,
"target_ref" : "x-misp-object--f3154e62-2ff1-4769-af0a-6115e01096bc"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--ba2a0630-4e35-4146-8dd0-139d7055996f" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T12:50:26.000Z" ,
"modified" : "2019-12-11T12:50:26.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--93f8b76b-2456-44b4-9a7c-cdb0166ccacc" ,
"target_ref" : "x-misp-object--017ca493-a3dc-4bc8-a384-6efaf630477a"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--cd3cf1ff-4f11-40ca-9b75-3708591bf6ea" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-10T13:27:21.000Z" ,
"modified" : "2019-12-10T13:27:21.000Z" ,
"relationship_type" : "contained-within" ,
"source_ref" : "x-misp-object--5def9ca7-d33c-4f2e-83bc-45d0950d210f" ,
"target_ref" : "indicator--5def9c6b-dcd8-4fb6-95da-476d950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--e09b99c7-aafd-44a8-977d-32d4243a8510" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-10T13:27:42.000Z" ,
"modified" : "2019-12-10T13:27:42.000Z" ,
"relationship_type" : "contained-within" ,
"source_ref" : "x-misp-object--5def9ce1-f250-4d35-a51f-4b21950d210f" ,
"target_ref" : "indicator--5def9c6b-dcd8-4fb6-95da-476d950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--a1725df5-0cd3-416f-ad5f-6f504da2e2d9" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-10T14:41:15.000Z" ,
"modified" : "2019-12-10T14:41:15.000Z" ,
"relationship_type" : "contained-within" ,
"source_ref" : "x-misp-object--5defae31-f31c-427b-ad96-48d4950d210f" ,
"target_ref" : "indicator--5defae0e-25f0-4dd9-94b4-451e950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--579585cd-d965-4c7d-86dc-304d375b1cb1" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T08:05:30.000Z" ,
"modified" : "2019-12-11T08:05:30.000Z" ,
"relationship_type" : "contained-within" ,
"source_ref" : "x-misp-object--5defb221-e110-4c86-99bd-409e950d210f" ,
"target_ref" : "indicator--5defb1ce-bf24-489f-9676-47fc950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--0fe587c2-71b2-4fef-b93a-c3141f3edc47" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T08:41:33.000Z" ,
"modified" : "2019-12-11T08:41:33.000Z" ,
"relationship_type" : "contained-within" ,
"source_ref" : "x-misp-object--5df0ab37-3e44-44c5-85cf-4021950d210f" ,
"target_ref" : "indicator--5df0a8fd-0cec-45d5-8023-1706950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 13:47:04 +00:00
"id" : "relationship--ef689f7d-cab0-4e70-871c-92fcde9a11a2" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-12-11T09:20:10.000Z" ,
"modified" : "2019-12-11T09:20:10.000Z" ,
"relationship_type" : "contained-within" ,
"source_ref" : "x-misp-object--5df0acec-e3d4-4767-abe7-4bf6950d210f" ,
"target_ref" : "indicator--5df0ac98-e890-4c6a-b708-30d9950d210f"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
