2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--abc51826-68fd-4cef-9a06-86ec17e66ef1" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-03-14T11:02:03.000Z" ,
"modified" : "2023-03-14T11:02:03.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--abc51826-68fd-4cef-9a06-86ec17e66ef1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-03-14T11:02:03.000Z" ,
"modified" : "2023-03-14T11:02:03.000Z" ,
"name" : "Pandora analysis (Ilnas-04570323.exe) - malicious files included in an email" ,
"published" : "2023-03-14T11:02:29Z" ,
"object_refs" : [
"indicator--c634774e-6f37-417a-806f-f6b393ac087a" ,
"x-misp-object--8444a337-9328-4edb-9b70-774272b5baf9" ,
"indicator--70beb14a-f0ac-406d-9dbf-0d9302a5ffe2" ,
"x-misp-object--67b8d93b-d243-4f88-8efb-728093442afb" ,
"x-misp-object--9c0bf704-01c8-4446-9bba-1304997a3a31" ,
"x-misp-object--07743820-a48b-4770-b916-2964442e527e" ,
"x-misp-object--9bb6e5bb-6eaa-4d7a-9bc7-f645b7cc062e" ,
"x-misp-object--701f0ec3-123a-4ea1-955c-ab1f01dc2073"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"tlp:clear" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c634774e-6f37-417a-806f-f6b393ac087a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-03-14T10:56:36.000Z" ,
"modified" : "2023-03-14T10:56:36.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' e 3 e d 2 b f 3 a f 0 0 f b 89488 c b a 4 e b 0 4e3 b a 0 ' A N D f i l e : h a s h e s . S H A 1 = ' 98689960e2 a c 62 f 3 b a 796 c 1464 a 191 d 49 d a 27 e e 6 ' A N D f i l e : h a s h e s . S H A 256 = ' a c 3 f 949 c b 6e892238 f a 6902 c a a c a a 5 c a 64e4181 c 563 a f 1e3650 c 9 d e c f a 64817 a ' A N D f i l e : h a s h e s . S H A 512 = ' c 6 f 9 c d 18 c 96 c b 9369063 b 6 b e 4 d a 1 a f 3e31800 b 0 9 d e 1 d 781 c b 6e2 a a 90874415 d 903 f b 7 c e b 1399531 b b b a 0 408 a a 47 c a 2 f 6 d a c 318000 d 3 a 6 b d 6 a f d 679 a c 36 f b e 156 ' A N D f i l e : h a s h e s . S S D E E P = ' 6144 : P Y a 6 l N B 1e2 Y s p 0 m c z E 7 R W c i b w l 0 C s b + 7 A j X x + I 7 j Q U O V P B q o H n y r J s q K o A e T 8 h : P Y X N X e y p p 1 c A A j B n g U + U A y r l T 8 h ' A N D f i l e : n a m e = ' I l n a s -0 4570323 . e x e ' A N D f i l e : s i z e = ' 304370 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A B J X b l Y K O 9 E n p 20 E A P K k B A A g A B w A Z T N l Z D J i Z j N h Z j A w Z m I 4 O T Q 4 O G N i Y T R l Y j A 0 Z T N i Y T B V V A k A A + R S E G T k U h B k d X g L A A E E I Q A A A A Q h A A A A x D s d p r / e K 0 Z a F 2 C O E v A d o S x 9 Z Z T c s P Z j u P I W t I Z d / 8 z / q i 76 v Q E I P A S 5 S X h X g j 9 D + 7 W K P r a Z S B c M j 8 d Y 1 n H X M S N 82 l e T B D l P t B N 40 K 61 a Y F Y C H r w N L n 5 f 5 g I 9 W Q u H N z U B z V j E / 3 D S 7 k 5 U y 3 b Y f h / 0 + l C z n V 1 L K 5 R u d t 0 n A b Y t c 3 y k r G 6 n + 5 e Z A m Q E v 2 S H b z U T U m i X G L + a 6 O W C y i / d H a j 7 q k y R p L q s W / p w H I 7 J q 0 9 o I E i S O X P r y S 2 + d N 4 I b 6 u i M F E r E l X a v 1 a Z d I J 1 a x b r U s 2 F K N K X X v M n w V c 5 P t q V 5 m X z X / I Y z l 6 P a c f u y + E H S 6 I i e + U M q Q O g + j 1 J x k 99 g i A 18 A e q B i u J 2 y Y 7 x P q k C r 6 H W V u Q H q Z D 0 n 7 k I 5 H e 0 k g d J P M F r P J g k Z h z 7 z s g W T E 0 G r T F L H O Y G I t t z i w P h C Q e K m Z S g V o J o v N P U k i G + n s 5 Z S M 7 + v I D b a j o o h 84 z y 0 G G 1 I V c X v 3 z c Y h Q 7 v r R G P j H H S U O D k + z x 2 p l j L x + + k E D E S G I 1 Y b o S b l 74 C L o t T Q Z I 36 K D 9 S h R y G Q o N m L S H R r + W l j 9 O m M O 0 U a G 418 x y n k 3 W q 3 m k f / 5 C K C m k a 3 q 2 W z b + + U 47 I 7 r K t R G M V 8 n a 8 S 78 M k 0 a v s x d 9 U w X w b 8 O b 1 c J D I f G e 1 c 19 j 5 Y w S + y 4 b m E 624 q 6 T B X I p t z c 9 M o A 0 4 y G j R n 6 C f T W 8 M U u x i M j 5 N x p C W + V g e W 0 X 3 i l i R U r T v J z X X P s C 1 k U / d M g 1 i Q q B J 0 I e R P v O / g E A M d u v g h 1 T u l 0 V 8 T 3 R i n Z F l K 3 K A 9 L N T v W h L L F i 1 I d R W s d 4 d d D + I C 47 f 3 Z G d g G 6 D 1 F Q O / 247 I V g b t 3 R 7 + 0 y F O 7 G 0 c C r E v K m 2 + L w B / S T K i o 2 a s i t 62 v d B h w Y P U h 8 w a h M L Z 9 e / 65 k W i W k 4 I y f K x f f a j J z 7 l u k R K 9 Y N / l V Y l Z O r z K p C 0 V z x 8 C p y 9 q o d f h b 6 M W 8 B J A t T M S T H m F y u 1 + E 3 V O X + y 4 k D 14 o Q d / X S H E 2 Q n b b M K 8 O L X O q A p T L H q t 36 H G y 52 d 6 k b U S j G J A / 68 k z Y J l m V P X 8 t j O k 9 n B a M 8 Y h 7 b q S L Q w D S E 6 r I d k 1 p P B o C f e L O 7 I b I R t y C J l + b g X 8 M + k c I K S Z G Y U R 1 n L b f y g o i 1 B I a V D W N w 0 Z e r 0 2 m e F 4 P q X p u D s u / Q G M J F z o D l K R F d g M 9 U g o k J R 8 L f 7 x K w 5 a 9 G e 15 h n z w I r W k H i o + l o + F o 3 B G s J M l t x m 0 y i s N L o n u / L u k v F j J T x O D + w / 7 V x l P 9 w G 3 S v x y 2 M f S A j l L O s + L W M 7 I + + Z o z l Z U / + B G I 5 Z E m W M x R H b K a p 5 s 0 n 2 n n E N A M X I / j 6 z n n H q 2 A j q z C E b 8 y r m v V f m I T O x A r 6 B I V + N L f r z 2 Y 9 t y q l k Z U X W / n N / M u V q + P 2 G 7 K J o 2 N P v d I O y v T 7 e F o K M b I 4 F M f K f a l 6 q m k 96 q + q F n Y S W o V V A u + M P P b T z z + k i 6 f D Z p u V O l I m c H z j 1 d u 1 H 8 A u Z a 6 h v 2 R + 2 Y 2 K F D 6 W p u G N R 2 v s 4 j Z P 4 Y z O K w M y B E 0 a 3 U X g K D s H U B M O E T M q K + M 8 g h W M z o 8 u V f m 3 W k X V x K 0 F X U Z 778 P E M R u 2 i B y E Q P 7 J + d U A J 52 m S y U m l 1 O E E 81 F p R Y L K O 0 M I V B O m g y Q 8 Z 0 F n c q l 9 Y 9 O K k I q 9 J U a Z C z 1 F O J 3 K P V Y I 76 N 0 V N f z N z L M o Q v p I x / 1 g X K T J J + 5 R d M A i f f d F A H Q T p A 3 g O X v j t 4 M b w B k p Y Z 4 B E b G g n q t o 38 y 2 R u c d q 2 S 9 P j 7 M Q 9 B X y g f 0 m / f + T 1 e R m R T B z v Y 4 R f G v g 3 S C a H b + g U V b I + Z N C j O f + F 8 L 7 L F x J V f X t U N S c t W 7 y H S x T K Z J L f 5 L R Y C Q 4 i A 2 M t v b d h H o g 1 d m h X J 6 I O F i M j 7 B G j E a Q B R o z //PRNCKyzY3ak+SPQ9Hd80jOc4L/blocCML3zlM/pHqt3UKEoPho0OPLdYwmxN4AoK+fg/q7ap6NbKaA7bWOwwyJNBIlEZh3n90NBHuzaflddJISfm7OZ8i3WFw6kcgyNU9axH1yfNKFs9w26nUfBb5QuQjKpZaU9yKZPa9S3ElVA7LMx+ssVe7EtzmkcFKSlcOeK4m/HapYd8DyGMsdFk6OfwZMP9Rj7tRFh1cQt5uyMpKbneHQypuagIsrfCszPizExybcc7KzMH0sVnQaAygdHu7G5E2SHM3Wf2aJMJIfKLGQjflJbKYyAM0edSQWMp8FaJ1HfNGQQjji8JoWZ72nk/RGx9+gNu2dFzjXV0bVzXHCrLuCTl+jfEYSixLHtf3fi9mpIqSMBMOmYRGpn7A+8EyyI5LikZygVUfLjIgJF8mAqFgZy2x7XOMTrCINM7kNa4bXnHhb9yxiEvAXiXoeI4Ee4LPikEHz5VbMk3kFps00BcvEmvDb9nFohgM2BcUxq6lxfGieySX7HB0PoK63lNO5lP7GuV8jshD/zcljdc02a7dUQJm981QgTpN8SLXgao+N+GHcpHRM6Vu/65T40zGRH0jb51oQKYyk/v6Py9L7sVokJppwiL8cGDx6bz5G+UbAIvNXKkXMnowDgO17NP/FimX/o8xbUsXknS9npK/g/UWQLKPEfQN3J2LQLBwAm1/oB6lc/7vwNLNrDrMjlBZLhw0lCd02J9u8hVMJ8EhpSf2q/BlswtKsTIQGMoqi8KKlGyK4DpoErwQeaTTytKa31DljCs/G1oIr58rsefw9rQ/kBHNXFyP8VGOy+o2u04xpLTwrlNsTTUy0F/G4kOAAbD+yCLC+ES3xRS1R+iTf5zlpt/y4QOXfoEOESg/2nW9xqtunzkhNNPQt7ovnfyOff4QORLR6+5wsJMPDiDlS1K/WPpwrI/TdxItBk71TYniNmbr8XHeH+qu7wHF94+KMz7dITe3sydj7GUPJ1A5tw/Yu00e8e0zCcLKCG5pU/b/NFmiHz91SxT32/5iHnno3B0jHNH8VgDLTIRXF3BPsvAdUfIlcPiDgNkWZhmLFZWkInk55SFXENCqLx8Aj5HLimXD3MHFzaREFxedvStShrACSvCT/BysdyY+dT5nTUzf/KktlT1Iu2rk3QxspdtncbTciiUr/FFi9jNKPObu6eoL6ClDFFl8eE3M7scpk84Dohyct3HBnhjmywPCvzijOoXxNW/DNEDt75B306lseu+Q6sY5FWL5lazwMarqa24EjHC6RkFcwf6K8EsaTMYAP/WRyJbw16pH4nPNeJH3tRJu0PJMYs8LqLsOXczeQFFXiZNv/Mu6cf2eBYD8S5ypYFHXbAaq4aA2/xml0+HVzsOG/h3c01Q7rIwdN2cHfGBLlPl1a9kIU0rKGR/xcjdlxXhuiLcQYPh5eTOYc2o8GD9Zm3jYg52mK/oepdwZCznDtIE6Nzv/0SF6VrsVCqwQl5QDVkWXXpAOJ19qFmMu5o5QgzTuJAQJSRPN5QkwOXCqKWnGpjvSbPF6fJqN7UPqU/ly05alvdWECH6oj
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-03-14T10:56:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8444a337-9328-4edb-9b70-774272b5baf9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-03-14T11:00:24.000Z" ,
"modified" : "2023-03-14T11:00:24.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/ac3f949cb6e892238fa6902caacaa5ca64e4181c563af1e3650c9decfa64817a" ,
"category" : "External analysis" ,
"uuid" : "053ea788-3d96-4ae6-b15e-96cec6109776"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "33/69" ,
"category" : "Other" ,
"uuid" : "cbd09660-1212-4654-a8b7-1f54374191d9"
}
] ,
"x_misp_comment" : "98689960e2ac62f3ba796c1464a191d49da27ee6: Enriched via the virustotal module" ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--70beb14a-f0ac-406d-9dbf-0d9302a5ffe2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-03-14T10:56:36.000Z" ,
"modified" : "2023-03-14T10:56:36.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.imphash = '61259b55b8912888e90f516ca08dc514' AND file:extensions.'windows-pebinary-ext'.number_of_sections = '5' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '4208192' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2021-09-25T21:56:47+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_authentihash = '897465623f825e3311d9c0947f25c142d570e2958eab6406348dc7f8317d59ac' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'completely' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '96.60.17.30' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '040904b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = '96.60.17.30' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'phlebostasis' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright hagbuts']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2023-03-14T10:56:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--67b8d93b-d243-4f88-8efb-728093442afb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-03-14T10:56:36.000Z" ,
"modified" : "2023-03-14T10:56:36.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".text" ,
"category" : "Other" ,
"uuid" : "9600290c-8952-4172-b019-bba585a93379"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "26624" ,
"category" : "Other" ,
"uuid" : "4ae10ffb-cc98-415c-9fbb-6e9255043ac6"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "6.4722766230246" ,
"category" : "Other" ,
"uuid" : "2ceda395-122a-4059-9b93-088d4381d0d9"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "0c41c917e7453e236c00cdcdc2ae3799" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e1f523e3-448c-48b4-a0a6-47dd77b53867"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "77015f6b2420831328e4a1d66ab2955072d70b12" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "f0d1dfd3-0ec5-42a9-9664-c5139499b050"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "6421606108c45bde6cb2c4251818d2c7498c4e5cf1d07a6d158db0f5581d07c2" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5e99f98f-5644-4da2-8b7b-9c2da3605d92"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "e555f8ca08565aa6584ac4e6fbf6765ec4b2faccb84b2157ed7baf0f5c3d2d759e91b04a2d875ff8d2630c98c351ae30bce7e763df293ce8b089df3ad410549c" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5e6cb371-9dfd-476e-b880-bb5e8954c94a"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "768:TXWsAYF0UQj0TU9a+IWNu9B1MxlthhMLWI02L:TmsAYBdTU9fEAIS2L" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "be6546b7-51be-4f56-ab1f-8aa783f9a72a"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9c0bf704-01c8-4446-9bba-1304997a3a31" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-03-14T10:56:36.000Z" ,
"modified" : "2023-03-14T10:56:36.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rdata" ,
"category" : "Other" ,
"uuid" : "353881bb-2ab4-4117-8b77-110146524476"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "5120" ,
"category" : "Other" ,
"uuid" : "584a30b9-4e3a-4dd8-ab6a-fecab4f4434e"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "5.2097955685559" ,
"category" : "Other" ,
"uuid" : "7621d06e-e524-4935-a1a1-433de25c532d"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "aa8a9071e074b05a85b53f165792b649" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "12dce1e4-fa83-48c8-9fe5-b440dbbd6c0a"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "1b14074680926c8b5b7471df62a5f86a7262596c" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "99d71efe-2b22-47b3-b29f-c5618947be27"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "4e281c639a6ab044696895106e2af7e7783426b78da0b471cb31978e4dc74a3d" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "99669350-f284-4766-892d-3f70fc9f983a"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "cb501b663a4d272463c992b0b5fe4ff0bb5b4740e117d2a425251ade765485c910e4004906ffb09e608ed1bc61cd9f7cc0bcece41d6be2e9e52320ca9b9f8fe8" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "20a9c44e-3a78-4e64-86d8-689c49766ace"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "96:hqGrMl8xCavqvIdvqEJdlTnDPhxyPYPkcmkJqiy0BjKwrYQ:lrLDdzFnDLyPYyk8UjKGB" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "dc18e4c5-41c5-4e1e-9568-7c2f30d4a384"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--07743820-a48b-4770-b916-2964442e527e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-03-14T10:56:36.000Z" ,
"modified" : "2023-03-14T10:56:36.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".data" ,
"category" : "Other" ,
"uuid" : "ea621ba2-c96e-4430-a5a1-49830d57db07"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "1536" ,
"category" : "Other" ,
"uuid" : "fea574bb-0225-498b-b76e-4b13ddfaf602"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "4.1105821276542" ,
"category" : "Other" ,
"uuid" : "7fd28358-b300-4022-8911-a7bbc8e8efb2"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "4b2421975c21b032f7ea000f5e7f9fbf" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "d66493c9-b383-4402-bea2-dc91d0f314cb"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "f45486287d474fdcafc99c24e37c4eb61bf613b3" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "7e7da7aa-659c-4e5d-8dee-39a3c4b446ed"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "f05daf3c91cc357d04794a740f21eaaeb870f250877e3a6dc498c5c3046cb414" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "584c9e6e-f0c0-4130-9318-0b1c1c93b7c2"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "45b9cc616c42014c0429c4b66e47f186d707cf9319ae7afeb824f71a52014a2fe63ae33ad8299b4a9be04ab00a5fe53353edb44485bc6eeefbe01f67037269c1" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "2a7aa27c-7d5a-42d7-b87a-8e330ff880ee"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "24:E2k68GXOn+C+ldL6KvtNxLyVA132BtfRtuuxOApcAmgLl:Hk9Gen+C+lwwNNyVDtbuuzpcZg" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "c56aeb83-2a0a-4710-ad0e-a017c73c02dc"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9bb6e5bb-6eaa-4d7a-9bc7-f645b7cc062e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-03-14T10:56:36.000Z" ,
"modified" : "2023-03-14T10:56:36.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".ndata" ,
"category" : "Other" ,
"uuid" : "72f54867-ceff-431f-abea-ad2e51314655"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "0" ,
"category" : "Other" ,
"uuid" : "1dafe2a7-5dcf-4854-a1eb-fa990e35f65f"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--701f0ec3-123a-4ea1-955c-ab1f01dc2073" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2023-03-14T10:56:36.000Z" ,
"modified" : "2023-03-14T10:56:36.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rsrc" ,
"category" : "Other" ,
"uuid" : "1904b87a-6e5a-42b3-b9b6-27f1ff65a416"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "3584" ,
"category" : "Other" ,
"uuid" : "05203d87-61d2-480b-9da8-cdb572b0bd9a"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "4.5011372937164" ,
"category" : "Other" ,
"uuid" : "633bb984-1e71-4e65-982e-f185a0393541"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "d7b4c49f480f78834fdfb3fd909bd202" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "51ec3a68-fbe5-436c-8bb3-6ff2c5de7b45"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "4593d427db96956aa2efa5ff8c2ee2efa0dcc2e8" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5735b4a1-cf2d-46ce-9867-7c36f29b34a8"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "9c0ce1dc62b139aa0fd73d61eb904fc072a3ce721e41f62724d37bfb9c7d6dc7" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "9f6dc94b-0561-4fdb-aa27-3de2aa4bc973"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "5553d2383e151ecde7a0971a4f4a911edd744eb2325292446001b5c1d67e6adbb61b238f528f846f8a33f1119ee01b3dc94bb8c138b66396a57cea99f1088d28" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "1d213fa0-fd3c-487c-852c-d77d06afde3f"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "48:iHy4yMXAQI/S0qK7/3zl63kMNngN4x5eO4orLz:iLAQrfO4xoOz/z" ,
"category" : "Payload delivery" ,
"uuid" : "5709d6f1-d620-4b65-a874-4af43d08446c"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
