misp-circl-feed/feeds/circl/misp/65475a3f-5488-4cf8-b9da-29714522e9ae.json

806 lines
940 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--65475a3f-5488-4cf8-b9da-29714522e9ae",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:59:07.000Z",
"modified": "2022-07-08T12:59:07.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--65475a3f-5488-4cf8-b9da-29714522e9ae",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:59:07.000Z",
"modified": "2022-07-08T12:59:07.000Z",
"name": "CISA - MAR-10382254.r1.v1: XMRIG Cryptominer",
"published": "2022-07-08T12:59:20Z",
"object_refs": [
"indicator--641fa3ef-2015-4b92-b3b3-0313a0991173",
"indicator--a74a5821-adea-4928-888c-446a8f6139f3",
"x-misp-object--0fb740ae-44c9-4467-b143-82705bc768d2",
"indicator--c85dfd77-f937-49dc-a669-9e736e11ff23",
"indicator--e74bf036-36f8-45b7-bb24-45d0b463f8a5",
"x-misp-object--552050cf-9862-4a84-abe7-be19b0fcb40c",
"x-misp-object--38d3f402-7138-4d9e-a066-c90809f4fd3d",
"x-misp-object--37451b48-fd01-4426-81d8-d16f5d58378a",
"x-misp-object--f0df9767-1e75-411d-aa29-e8d51e3a77c8",
"x-misp-object--59f7ed84-9e24-4ea9-9760-128dac98151e",
"x-misp-object--da2b0c70-0190-4317-9d7a-aa85152262b1",
"x-misp-object--f1e39514-9883-499d-ab28-495417d1bdf2",
"x-misp-object--fdc564ff-f19c-4ae1-9dc9-c38592bb474f",
"x-misp-object--aab40fbf-9f1e-4aed-ae37-5b30beecef34",
"x-misp-object--d1b20988-10e4-4b66-a1f5-a8e5ff9cd971",
"x-misp-object--aaa8348a-7826-4ffc-aea8-f0b566a14be3",
"x-misp-object--b9dd2f0b-8afc-48f6-9e7d-91e5903c769a",
"x-misp-object--5a1cabbb-8aea-4b82-8ee5-e9b12d77007f",
"x-misp-object--d1fbdd38-0eb0-4fff-87b6-b5a64e744245"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--641fa3ef-2015-4b92-b3b3-0313a0991173",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"pattern": "[rule CISA_10382580_03 : loader\n{\n\tmeta:\n\t\tAuthor = \"CISA Code & Media Analysis\"\n\t\tIncident = \"10382580\"\n\t\tDate = \"2022-05-02\"\n\t\tLast_Modified = \"20220602_1200\"\n\t\tActor = \"n/a\"\n\t\tCategory = \"Loader\"\n\t\tFamily = \"n/a\"\n\t\tDescription = \"Detects loader samples\"\n\t\tMD5_1 = \"3764a0f1762a294f662f3bf86bac776f\"\n\t\tSHA256_1 = \"f7f7b059b6a7dbd75b30b685b148025a0d4ceceab405e553ca28cacdeae43fab\"\n\t\tMD5_2 = \"21fa1a043460c14709ef425ce24da4fd\"\n\t\tSHA256_2 = \"66966ceae7e3a8aace6c27183067d861f9d7267aed30473a95168c3fe19f2c16\"\n\t\tMD5_3 = \"e9c2b8bd1583baf3493824bf7b3ec51e\"\n\t\tSHA256_3 = \"7ea294d30903c0ab690bc02b64b20af0cfe66a168d4622e55dee4d6233783751\"\n\t\tMD5_4 = \"de0d57bdc10fee1e1e16e225788bb8de\"\n\t\tSHA256_4 = \"33b89b8915aaa59a3c9db23343e8c249b2db260b9b10e88593b6ff2fb5f71d2b\"\n\t\tMD5_5 = \"9b071311ecd1a72bfd715e34dbd1bd77\"\n\t\tSHA256_5 = \"3c2c835042a05f8d974d9b35b994bcf8d5a0ce19128ebb362804c2d0f3eb42c0\"\n\t\tMD5_6 = \"05d38bc82d362dd57190e3cb397f807d\"\n\t\tSHA256_6 = \"4cd7efdb1a7ac8c4387c515a7b1925931beb212b95c4f9d8b716dbe18f54624f\"\n\tstrings:\n\t\t$s0 = { B8 01 00 00 00 48 6B C0 00 C6 44 04 20 A8 B8 01 }\n\t\t$s1 = { 00 00 48 6B C0 01 C6 44 04 20 9A B8 01 00 00 }\n\t\t$s2 = { 48 6B C0 02 C6 44 04 20 93 B8 01 00 00 00 48 }\n\t\t$s3 = { C0 03 C6 44 04 20 9B B8 01 00 00 00 48 6B C0 }\n\tcondition:\n\t\tall of them\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2022-07-08T12:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a74a5821-adea-4928-888c-446a8f6139f3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"pattern": "[rule CISA_10382580_01 : rat\n{\n\tmeta:\n\t\tAuthor = \"CISA Code & Media Analysis\"\n\t\tIncident = \"10382580\"\n\t\tDate = \"2022-05-25\"\n\t\tLast_Modified = \"20220602_1200\"\n\t\tActor = \"n/a\"\n\t\tCategory = \"Remote Access Tool\"\n\t\tFamily = \"n/a\"\n\t\tDescription = \"Detects Remote Access Tool samples\"\n\t\tMD5_1 = \"199a32712998c6d736a05b2dbd24a761\"\n\t\tSHA256_1 = \"88a5e4b24747648a4e3f0a2d5282b51683260f9208b06788fc858c44559da1e8\"\n\tstrings:\n\t\t$s0 = { 0F B6 40 0F 6B C8 47 41 0F B6 40 0B 02 D1 6B C8 }\n\t\t$s1 = { 35 41 0F B6 00 41 88 58 01 41 88 78 02 41 88 70 }\n\t\t$s2 = { 66 83 F8 1E }\n\t\t$s3 = { 66 83 F8 52 }\n\tcondition:\n\t\tall of them\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2022-07-08T12:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0fb740ae-44c9-4467-b143-82705bc768d2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:41.000Z",
"modified": "2022-07-08T12:58:41.000Z",
"labels": [
"misp:name=\"original-imported-file\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "attachment",
"object_relation": "imported-sample",
"value": "MAR-10382254.r1.v1.WHITE_stix.xml",
"category": "External analysis",
"uuid": "413d5781-869d-4628-95ce-1ac97aeec504",
"data": "PHN0aXg6U1RJWF9QYWNrYWdlIHhtbG5zOmN5Ym94Q29tbW9uPSJodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIiB4bWxuczpjeWJveD0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIiB4bWxuczpjeWJveFZvY2Ficz0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0yIiB4bWxuczpBZGRyZXNzT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjQWRkcmVzc09iamVjdC0yIiB4bWxuczpBcnRpZmFjdE9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0FydGlmYWN0T2JqZWN0LTIiIHhtbG5zOkZpbGVPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNGaWxlT2JqZWN0LTIiIHhtbG5zOlBvcnRPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNQb3J0T2JqZWN0LTIiIHhtbG5zOldob2lzT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjV2hvaXNPYmplY3QtMiIgeG1sbnM6V2luRXhlY3V0YWJsZUZpbGVPYmo9Imh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNXaW5FeGVjdXRhYmxlRmlsZU9iamVjdC0yIiB4bWxuczpXaW5GaWxlT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjV2luRmlsZU9iamVjdC0yIiB4bWxuczptYXJraW5nPSJodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9NYXJraW5nLTEiIHhtbG5zOnRscE1hcmtpbmc9Imh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUTFAtMSIgeG1sbnM6VE9VTWFya2luZz0iaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvZXh0ZW5zaW9ucy9NYXJraW5nU3RydWN0dXJlI1Rlcm1zX09mX1VzZS0xIiB4bWxuczptYWVjQnVuZGxlPSJodHRwOi8vbWFlYy5taXRyZS5vcmcvWE1MU2NoZW1hL21hZWMtYnVuZGxlLTQiIHhtbG5zOm1hZWNQYWNrYWdlPSJodHRwOi8vbWFlYy5taXRyZS5vcmcvWE1MU2NoZW1hL21hZWMtcGFja2FnZS0yIiB4bWxuczptYWVjVm9jYWJzPSJodHRwOi8vbWFlYy5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMSIgeG1sbnM6aW5jaWRlbnQ9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9JbmNpZGVudC0xIiB4bWxuczppbmRpY2F0b3I9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9JbmRpY2F0b3ItMiIgeG1sbnM6dHRwPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvVFRQLTEiIHhtbG5zOnN0aXhDb21tb249Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9jb21tb24tMSIgeG1sbnM6c3RpeFZvY2Ficz0iaHR0cDovL3N0aXgubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTEiIHhtbG5zOnN0aXgtbWFlYz0iaHR0cDovL3N0aXgubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFsd2FyZSNNQUVDNC4xLTEiIHhtbG5zOnlhcmFUTT0iaHR0cDovL3N0aXgubWl0cmUub3JnL2V4dGVuc2lvbnMvVGVzdE1lY2hhbmlzbSNZQVJBLTEiIHhtbG5zOnN0aXg9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9zdGl4LTEiIHhtbG5zOk5DQ0lDPSJodHRwOi8vd3d3LmNpc2EuZ292LyIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnNjaGVtYUxvY2F0aW9uPSIgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvY29tbW9uLTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvY29tbW9uLzIuMS9jeWJveF9jb21tb24ueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL2N5Ym94LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvY29yZS8yLjEvY3lib3hfY29yZS54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvZGVmYXVsdF92b2NhYnVsYXJpZXMtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9kZWZhdWx0X3ZvY2FidWxhcmllcy8yLjEvY3lib3hfZGVmYXVsdF92b2NhYnVsYXJpZXMueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjQWRkcmVzc09iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvQWRkcmVzcy8yLjEvQWRkcmVzc19PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjQXJ0aWZhY3RPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0FydGlmYWN0LzIuMS9BcnRpZmFjdF9PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjRmlsZU9iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvRmlsZS8yLjEvRmlsZV9PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjUG9ydE9iamVjdC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL29iamVjdHMvUG9ydC8yLjEvUG9ydF9PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjV2hvaXNPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL1dob2lzLzIuMS9XaG9pc19PYmplY3QueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjV2luRXhlY3V0YWJsZUZpbGVPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL1dpbl9FeGVjdXRhYmxlX0ZpbGUvMi4xL1dpbl9FeGVjdXRhYmxlX0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1dpbkZpbGVPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL1dpbl9GaWxlLzIuMS9XaW5fRmlsZV9PYmplY3QueHNkICBodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9NYXJraW5nLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9kYXRhX21hcmtpbmcvMS4xLjEvZGF0YV9tYXJraW5nLnhzZCAgaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvZXh0ZW5zaW9ucy9NYXJraW5nU3RydWN0dXJlI1RMUC0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZXh0ZW5zaW9ucy9tYXJraW5nL3RscC8xLjEuMS90bHBfbWFya2luZy54c2QgIG
},
{
"type": "text",
"object_relation": "format",
"value": "STIX 1.1",
"category": "Other",
"uuid": "c2394ab1-c81b-4039-ac5e-98cc4288f397"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "original-imported-file"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c85dfd77-f937-49dc-a669-9e736e11ff23",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '7' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'hmsvc.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'hmsvc.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-08T12:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e74bf036-36f8-45b7-bb24-45d0b463f8a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '7' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = '658_dump_64.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = '658_dump_64.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-07-08T12:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--552050cf-9862-4a84-abe7-be19b0fcb40c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "float",
"object_relation": "entropy",
"value": "2.888609",
"category": "Other",
"uuid": "5572ea86-f3c7-4a77-8364-66c05f1e68ba"
},
{
"type": "md5",
"object_relation": "md5",
"value": "e16f93c6b1a062a1dc2156fc770594a6",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1f5530da-6cdf-48d6-bd2f-3f65cdc7476f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1024",
"category": "Other",
"uuid": "da928245-c200-41e9-b44b-1a10e1f77bf3"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--38d3f402-7138-4d9e-a066-c90809f4fd3d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "c4466c75f41681629fc2ead156f8de84",
"category": "Payload delivery",
"to_ids": true,
"uuid": "404a5362-df0b-4d92-8902-89b53d1cbb06"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.36696",
"category": "Other",
"uuid": "e76db6eb-e73a-4ef1-8e07-8c589a8373a7"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "e91cebbf-7307-481f-ad13-e820c39b3642"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "89088",
"category": "Other",
"uuid": "5ec66341-b1fe-45ae-aec3-23f38bdb092d"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--37451b48-fd01-4426-81d8-d16f5d58378a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "4d9a0bcd9467b5aaee5d4d762219821b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "694b9a3c-6e19-48f7-a865-1428dfd235de"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.425938",
"category": "Other",
"uuid": "2f53c04f-20d0-4710-954d-fb68345ead90"
},
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "53e8a07a-3727-4260-9abb-3aa204be3528"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "65536",
"category": "Other",
"uuid": "7d33a13d-6383-46be-985d-d4c4eb64d749"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f0df9767-1e75-411d-aa29-e8d51e3a77c8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "f80417eeab656641c6a5206454b398d3",
"category": "Payload delivery",
"to_ids": true,
"uuid": "73d3da59-0f1a-4653-a977-8e988c6c7f33"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.054858",
"category": "Other",
"uuid": "c6357bab-e251-45d4-91ab-fae03942a2bb"
},
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "8fb7f595-8954-4c9f-825d-7e6488f49a2d"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "6656",
"category": "Other",
"uuid": "3e688ed3-a9a8-47e2-a761-9e172ab710e8"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--59f7ed84-9e24-4ea9-9760-128dac98151e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "e0d2510e666231c532ff97edf51abd10",
"category": "Payload delivery",
"to_ids": true,
"uuid": "721bb295-8f44-4b12-84b6-4fd8fd56c830"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.855993",
"category": "Other",
"uuid": "98b0ef2b-6c2f-4dfc-8c46-0d8314292751"
},
{
"type": "text",
"object_relation": "name",
"value": ".pdata",
"category": "Other",
"uuid": "ff6cf6d9-6a24-460f-bdd3-9c1c4f40c150"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "5120",
"category": "Other",
"uuid": "5ba1319b-46c7-46f3-b4d1-9f60328158cf"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--da2b0c70-0190-4317-9d7a-aa85152262b1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "fff7f8f7be38486e0a6d01bc0472a6f2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e656390d-7139-4964-8710-c26abeb1f2bd"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.914631",
"category": "Other",
"uuid": "ce84c090-d2b9-4260-b8c9-133ffd99e56b"
},
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "9b370b63-006b-4961-80bb-0a60440bef53"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "550912",
"category": "Other",
"uuid": "44236a67-a8a8-4bca-be5b-b2fae9d7b51f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f1e39514-9883-499d-ab28-495417d1bdf2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "bca539afcd691a4a238b78fc830dc55a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "0331b0e0-a46f-43ce-8933-05db4babcd7a"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.939573",
"category": "Other",
"uuid": "379899d6-3638-4e14-8100-39c54db85487"
},
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "42c42cd4-47c3-4db1-87b7-6bc5f3ff6862"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "2048",
"category": "Other",
"uuid": "21295eea-0785-4145-b250-5734e8d9a841"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fdc564ff-f19c-4ae1-9dc9-c38592bb474f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "float",
"object_relation": "entropy",
"value": "0.893865",
"category": "Other",
"uuid": "d4c92425-95e5-47f3-9aa9-67890979a55a"
},
{
"type": "md5",
"object_relation": "md5",
"value": "60df3f67c31781bbec2444de6daf8a2b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4c0a8e46-5432-4bf5-b53b-7d43b7a5a8b0"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "8b369916-3128-4939-b596-1bf1678b2ec5"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--aab40fbf-9f1e-4aed-ae37-5b30beecef34",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "9ebe1be469e63ff47601b0c714285509",
"category": "Payload delivery",
"to_ids": true,
"uuid": "618e6bd6-cce6-4202-b0f0-06faaea64ecc"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.393378",
"category": "Other",
"uuid": "0e582204-8bf0-482f-a27d-bced4b6c39f2"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "63ad10a8-08d4-44b3-a09b-d47500ed5515"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "327680",
"category": "Other",
"uuid": "bf8ab005-68c1-4b0d-9d71-cbcfa092201a"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d1b20988-10e4-4b66-a1f5-a8e5ff9cd971",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "1cb5bcc8bcade2b3ddee4dc6c617824a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "50e1a5b0-af7a-4e28-9ded-36b0604ba7f2"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.552154",
"category": "Other",
"uuid": "0adf2170-661c-4b3e-b981-65630af1d8c4"
},
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "c5e58159-9778-4ee9-bc16-6b9c370754cb"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "110592",
"category": "Other",
"uuid": "797632eb-599f-4e8e-8e3c-59df131fc952"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--aaa8348a-7826-4ffc-aea8-f0b566a14be3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "e89305f8c6e571d82fb370f352192aa2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "cfe06662-8dd9-4b92-b8ba-f45fdf499174"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.781076",
"category": "Other",
"uuid": "fbd038ba-eeea-4d28-bcba-d58bad0b5892"
},
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "8a77563a-a603-4080-89a8-6e4e9f1a978f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "20480",
"category": "Other",
"uuid": "f26193ec-4cae-408f-8bd0-106a9fc566fa"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b9dd2f0b-8afc-48f6-9e7d-91e5903c769a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "ca8c03d7af637fa213b44d065c073c75",
"category": "Payload delivery",
"to_ids": true,
"uuid": "55dda9bd-fbf6-4b4b-98f1-77a72a29635b"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.309842",
"category": "Other",
"uuid": "fe8af98b-2bf6-4755-809a-fbcf941badf6"
},
{
"type": "text",
"object_relation": "name",
"value": ".pdata",
"category": "Other",
"uuid": "ddd0e9c4-8996-4b05-baf4-1d7c8bdc7d40"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "20480",
"category": "Other",
"uuid": "6ede7e9d-d429-4924-98bc-f8459c0728f7"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5a1cabbb-8aea-4b82-8ee5-e9b12d77007f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "bab9a0fee3d912c3b866d3ca88b47510",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8f449681-c325-4774-8b80-79128c97cf9f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "0.256806",
"category": "Other",
"uuid": "7140c032-5dcf-4b17-aa5e-77991c91b7f6"
},
{
"type": "text",
"object_relation": "name",
"value": "_RDATA",
"category": "Other",
"uuid": "76ad4eb8-bc1e-4958-a8eb-b1c6da0e2d2f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "5c2874f0-14ce-48b5-a5c9-9849763bd541"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d1fbdd38-0eb0-4fff-87b6-b5a64e744245",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-07-08T12:58:39.000Z",
"modified": "2022-07-08T12:58:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "9a68c3f572ae2b201926c193eeed1cab",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c9198317-63ec-4e25-b93b-fb82abfb4a1c"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.894447",
"category": "Other",
"uuid": "16bb3fbe-4de4-4bc1-baa5-2f0c2c6386de"
},
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "af5e6899-33c3-4ee7-8b5f-b68f5075319d"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "e9c430a7-ddf5-4a1b-9a0f-a7750bd464d6"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}