adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/f78232e7-0b7a-49f7-9e57-1482db2b6335.json

1873 lines
1.8 MiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--f78232e7-0b7a-49f7-9e57-1482db2b6335",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:34:46.000Z",
"modified": "2020-12-14T07:34:46.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--f78232e7-0b7a-49f7-9e57-1482db2b6335",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:34:46.000Z",
"modified": "2020-12-14T07:34:46.000Z",
"name": "OSINT - UNC2452 / SUNBURST @vxunderground OSINT related findings",
"published": "2020-12-14T07:35:26Z",
"object_refs": [
"indicator--85510dea-92e3-4135-87db-06da6bce4c2c",
"indicator--f37e202e-5d7a-4a1b-a2e0-8909ce5945fd",
"indicator--a70342dd-16f8-415c-8796-d5139e24ad75",
"indicator--e6fe6399-3e40-4fbd-93e5-44fec18c2583",
"indicator--5d539d55-5211-42fa-a609-c2e471bfa43f",
"observed-data--ef7c91c3-3a91-48f9-a2fa-931cc4a228c2",
"url--ef7c91c3-3a91-48f9-a2fa-931cc4a228c2",
"indicator--da3da386-9fe0-4822-a352-64a138239031",
"indicator--fbe3a5fe-538b-4727-90d7-41a9d15a4c58",
"indicator--7370a818-1f90-492f-9c8d-213e3414d8cf",
"indicator--7794b113-2f04-424f-ae5a-dd801e020d01",
"indicator--d47e29ef-e08c-498c-a5c9-779a6a2b79f4",
"indicator--a224f9a3-c58e-41e0-9841-460afdd9f409",
"x-misp-object--8329451d-10ab-4ecb-9cff-d5de9c33c5f6",
"x-misp-object--aacff3c7-77c9-4c70-ab9c-9cea57951fa5",
"x-misp-object--a496eaac-08a1-4a65-b489-96cdb0868312",
"x-misp-object--96ffe3c5-a158-40f6-a5ff-156ac385d32e",
"x-misp-object--3073a9b9-f747-4ec4-99c4-f6b5c93fbd7f",
"indicator--a75bd08b-b215-436e-91f4-3382bbb70493",
"indicator--4d4b2085-63f5-46b0-978e-15e1117a003d",
"indicator--9934ff43-6bfc-42a6-baab-5d798458b78e",
"indicator--8ea7172c-eb93-4bf5-8baf-630fa26e5d2e",
"indicator--77c4c4d6-1725-4aa9-a5e3-ebdeb89500de",
"x-misp-object--c35e55e1-dc94-49a7-a3a1-4018b4f17a04",
"x-misp-object--fdf86a09-fb48-495d-8bf3-50579e86edd8",
"x-misp-object--4a09fc7a-97ba-434d-a669-fc640686e880",
"x-misp-object--9d50d8e5-8c9f-42d3-b0af-aba92a54dc19",
"x-misp-object--712c68c3-179a-442b-b713-fab9eaa9b67e",
"x-misp-object--6288dea8-53e7-4000-9bca-0ecc20bd35a4",
"x-misp-object--d1e0ec27-f60b-4a3c-931b-c7569be605db",
"x-misp-object--efe9facc-a05f-44d0-901f-62e4e870ef95",
"x-misp-object--aacf1b7b-aa96-4762-896a-a97ba1bd5c0e",
"x-misp-object--95432908-2bb1-4cca-8b88-db3d0c4bcd6d",
"x-misp-object--7d04169f-afa9-41b2-8992-c693a431abba",
"x-misp-object--9eb3ca01-80fb-4660-933b-05aa267d4a26",
"x-misp-object--4d9cc854-ade5-46a5-8df0-02ef90e5b8ea",
"x-misp-object--3592e786-423d-4e1f-abad-4e12fe86fc0b",
"x-misp-object--55c48bc2-d156-453e-a905-2649d1b0ee23",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"relationship--877e9959-b0f1-4b12-ab0f-0e49068b9352",
"relationship--7f30e064-3323-4cb9-8283-01b34030ad97",
"relationship--a52ac6c4-e992-494f-883c-b7184d93b729",
"relationship--c5f75fdc-6137-4b56-b656-859d0168c921",
"relationship--08523962-3be4-44af-98ac-43f5749c59ba"
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--85510dea-92e3-4135-87db-06da6bce4c2c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:22:26.000Z",
"modified": "2020-12-14T07:22:26.000Z",
"pattern": "[file:hashes.SHA1 = '1acf3108bf1e376c8848fbb25dc87424f2c2a39c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:22:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f37e202e-5d7a-4a1b-a2e0-8909ce5945fd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:22:26.000Z",
"modified": "2020-12-14T07:22:26.000Z",
"pattern": "[file:hashes.SHA1 = 'e257236206e99f5a5c62035c9c59c57206728b28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:22:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a70342dd-16f8-415c-8796-d5139e24ad75",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:22:26.000Z",
"modified": "2020-12-14T07:22:26.000Z",
"pattern": "[file:hashes.SHA1 = 'bcb5a4dcbc60d26a5f619518f2cfc1b4bb4e4387']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:22:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e6fe6399-3e40-4fbd-93e5-44fec18c2583",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:22:26.000Z",
"modified": "2020-12-14T07:22:26.000Z",
"pattern": "[file:hashes.SHA1 = '5e643654179e8b4cfe1d3c1906a90a4c8d611cea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:22:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d539d55-5211-42fa-a609-c2e471bfa43f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:22:26.000Z",
"modified": "2020-12-14T07:22:26.000Z",
"pattern": "[file:hashes.SHA1 = 'ebe711516d0f5cd8126f4d53e375c90b7b95e8f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:22:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--ef7c91c3-3a91-48f9-a2fa-931cc4a228c2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:23:07.000Z",
"modified": "2020-12-14T07:23:07.000Z",
"first_observed": "2020-12-14T07:23:07Z",
"last_observed": "2020-12-14T07:23:07Z",
"number_observed": 1,
"object_refs": [
"url--ef7c91c3-3a91-48f9-a2fa-931cc4a228c2"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--ef7c91c3-3a91-48f9-a2fa-931cc4a228c2",
"value": "https://vxug.fakedoma.in/samples/Exotic/UNC2452/SolarWinds%20Breach/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--da3da386-9fe0-4822-a352-64a138239031",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:34:46.000Z",
"modified": "2020-12-14T07:34:46.000Z",
"pattern": "[file:hashes.MD5 = '846e27a652a5e1bfbd0ddd38a16dc865' AND file:hashes.SHA1 = 'd130bd75645c2433f88ac03e73395fba172ef676' AND file:hashes.SHA256 = 'ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6' AND file:hashes.SHA512 = 'c26e275b4232be844f6c4062a4f42413099452085060ed4080b880b52800428cd32f69271c98977fa979a89355fbb3b485855ca3d51499bca12dfbf8c3168d2f' AND file:hashes.SSDEEP = '12288:5JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+BYvjenWHuhh9c0g8vkzK19Q:vEfDbO97P8TrK0YbenWH4c0g8vkzK19' AND file:name = 'ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6' AND file:size = '1028072' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAEE7jlGR+7XzxlYFAOivDwAgABwAODQ2ZTI3YTY1MmE1ZTFiZmJkMGRkZDM4YTE2ZGM4NjVVVAkAA4kT11+JE9dfdXgLAAEEIQAAAAQhAAAAQ6/IxEXU0PZol9U2hfgkfOjAiNSynfWpOU2ftgQQu8gVBHoBXZlK1etQcGrmoeCqr8CBLUqkN6o0d1uqRtpVrqi4FqU24WQEOTuSqYXcPqBJGVJDCFhz/NeuplVU+Onmss4QYgRlmxThB5pH8iLHImr4BcU08/U3QRKUgwN5J2yFYwzrmAgmW8vSrpdBD2uvrMF6sSQrqxRBxjXeWnADAu4EvEZzMje9SMCoE4tiGP5Rz5H9QNOaTYnQMP/Ghhkw3EDRB1bqm/NH3ElA5Eax/upYJokaZTbg+bNB2yXnGiOOX0Lrv0e54xtX54vofsuoZLnuK5Tp4aWofeReDE26vABzALIQvnbevekKHK1qeZ43zOiizyChejV9oZBFyyuDigmln0tME6ogOb7yypIXGJJxN1hUnuNnCv8TJAC7/5PVBddPYbMXwjWXLIb2PzqFrbvweK+bFcW5QM89W4PgjSH/8gjZ7zQNHzyM9UF+OT4FDYukNB2mgdIlYQAx7bOC84qWglupTBbaxF+/Dy9JHRRExN1zxqVDf53TcZO2zsQ6wJxHamNXt4eH5081EKyoued2cwRtHOjxrytaEIGTdMwDsos4D3lmJqIKgOEuCLQ/HXHRPAg3ozSAYCe5BSBD/Hd+crOdoo5+iBWvl3Xf+57L5ENwNWnjTlVBOFw4kbkxKCRl2QUz89KhwOgaetHVo7Tzm8UBEQcah5jyWzPZZK3tfDJ/BT8iyz9yn6TGTn8XS2yP5/hJAiFMVgjOveSb1af3n3SXT859OQktVORn6dgGj2ufXdhRHSCqBe61G0iYSuuPe1U2O5JNNhvIbLa3TkmHAACxzgGf46RORaaiCkAsIVGfpfsjKiaEapdODEbVmovHN7aCDU35DhyCJEQ750hCtGZhQhDYnaU+9OScWTzpA09MUX37v6fOKFonrVvpUUqJM9pmw+al3qPVIbSkFZqeJHGJJwTuStuzJxhy5f4E1wvglrokCo+HW4ucsqFTtst+HIprsOxmUoAkGL+H9Hwo8w2mwQPoOa8GnnsM1/dcvpYIzi5ZbyI3hmYhA0rLVyagOT+YxU/fOPTcJWxNcXJ0KtaDN8lEU0ERJ4ess0wrWAqheiyoXGwNVltDg7MedQs3KiA4PI21VCDKQkzloDeUnAc4L3lk/cGsvgFfbcwQp5VLl2m56IkuQimcuxE+rZIHRB4/7+ZlL8IlcEPNXx0MU4i41NgaNTyF/1XmrXywRwuqwyvaSkwlsffl9kvBg/+gxqGto5DsONQJa0OtkN2nXCPDhoH191Bbm24IjtCqOaq4IdYdA8rQ7qnpQdtjdsOOfNrDmSynbnWYpMIyoknWVZFgX5kt8R5QQhBLPyvlayaVBaUQUnPA426trOa6zMStHNOi+eilEOoTEwdpqNr6UNRZ4+Dwzrdhyd9e3hYGAPbo6oOmvcFwX/UxxEMztf9OKsQl2D/hIrvGVop4BLkt5ha5GSZhzDl0LUR8TRxxv/MIwZMPcEJw9TSMxIsqvUQLADU0r7UMEVcwnJZZ//DCuuN+SX7Rly56P82+yQu323xK1lLcydl093qU0LrMG1mnuSpgHOY+9936ZoWH/H2BoH4ZJiiE38++O7msahX8QDenxU+vpBee21GjWCtWI0HLzH8P1ipz4JZU/IhIXzi39zDrXOAS9fzMSdigdolSlti5r2wVSOXJreTgtw+tgkY4YwMbEHFzp1kUfG7+y+hbWS3ieQYi5w1oL1KStACaEVv1HIrRD1Sg59PcAcg066oeyiawY8340CQVXcUCeOzwmakZ47kBmCxqhGmx0UAaxUK4+1iE68LgSql+pkv2bbGPPBR3Y1tLRhdhGb4fAzTND7Gh5JUnrOs0oLHk+664FgpRRwk6ByL/p3ICQeK4I8cpWDBtjNLMKUGJCYZGDth/obIOMwKBgEOsFnLD4Wu2tomtH9BUziOFevoeqvYA6YhK+z71ShDCT2X2nP+U0gsag3gkNsPylwXSko1BWFUajqXP7Ma6t7Ryj0w7g+DmzU+2i+ysYFlszX7jEVQaxu6UMJblC3KSC6FyGhUUTG2+622463Utci5mbTuHwMOOexK96/uFZ6utNfEin6EFrR47a7hSxIP2Nzz1sYB2I19pLTVA95eaHUr+AUNgUJ0YonA5MJzDT6L7DRJM0FXU5CwnnOpK8JrS+npiV7luOgkri4OwXZ4Q7NFO6Ciy5Fgo1zrZKb5jvXvqglAJjsr9NXvm+2QQPRpiNSENh/Vfbf84qEtMgYCjgKCkIZAV0txsK9J4JlEf9SdZiNq78nNG56cE6Aai352QGzkA1ZEGpRi4sAoDT7dBt+dOmsIf1fHHdgkf6aLiLxsb/qdsymE+ITTRYIYJ7fVApDOMoghPbhsomNqumuN9jGLqmwNdFmeplQ4G5My9Ufg5OUTWZTlm2wh2VebqCPi1B0SpeXRUJaxXDdVtPnSh89vj2lPt/OTSISl+0yyUQsTyb0q1q15uGxADl5YYvWCEhFZf4K99hes6zRPGSZP3pziC5DwVXkJmn5HMNCATl5CnyMsLIIGeePrjWtZ7AeDus/9WJeqR2x1Jj1uUKX7XmZ/fsGUXP0iSf35GFwnj4bAR4wSufQsJ66SCBERr7gUolJ7w5I43dX7ijp8SwagqPV8ZAVBxKNm8i6Q0rz21sbyE1ZcSPAjL7S28K9HrEBAS4nwfmnaAueZr1LqoFzBs9/AKAKTW4dYYoQbPMGT8b/CDYQ21fq1ZA/AVBnzVXNRsRITZzCyphiLldJAWjFFVXAfUM3WxbFKHS21Xl3qyQgMHtNnAGmpamzafDOR7F5YpI5iDsRkbd9+6ULf0SBmlYYHaaZqfL2qhOwuJ3U2kYOF/wtpD8U7HCLVxIXMgdYpDHFHZsp1zNfN0WMoleBCRUrTOXL51XeGHIizosV8GEsU+NqbY4YM/pOLAIGci5buHTiVNA4Eu7yLqCgV/z9U41DRUTUZ9zxJuj139YXPYpFlgowTNWwH0TZvYLQ8EB+oOjKuYcfiJwzuwrY+sVqp987Enfen+lg18ZwuA0R1NJZN2H5paFotiaZSaVgOLWYfwMxOQoehVOe+kHzvYTww+5OXSCc46z4DGEtKfx+YSOY5BLl5xoZkVt/zxKX7m5qqsnyDN1mPFN40dwVcQUpGznQzZ2abm+SLx5XrBDCefd/+SuVaRt1bh4cnPnQ6X4hFf4YCqeKACFzUP5Pr10sc3r/iLk+XHZ7AZrXAWmYk20Lm6YbAbBVXorw7qImp6+wc2Ymxq+texZhg1X67QGdo0ZROG9GWSdvt0xxAp4
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fbe3a5fe-538b-4727-90d7-41a9d15a4c58",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:03.000Z",
"modified": "2020-12-14T07:26:03.000Z",
"pattern": "[file:hashes.MD5 = 'e18a6a21eb44e77ca8d739a72209c370' AND file:hashes.SHA1 = '5e643654179e8b4cfe1d3c1906a90a4c8d611cea' AND file:hashes.SHA256 = 'a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc' AND file:hashes.SHA512 = '17b4de6158de054c02849bb728b9767208d3f07ef18d4dc41963a370d34e9dbcf7cc4b729726903f1a7afd4ef7e8c1d781c20a3049a2c160dede23614352f11c' AND file:hashes.SSDEEP = '24576:ldBfeHcrhCECR1R/zoi8SHoN0W8vB8O3Icu:5e8nK/zopSHoN0W8vB83' AND file:name = 'a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc' AND file:size = '934232' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAEI7jlGcSEJO6tcEAFhBDgAgABwAZTE4YTZhMjFlYjQ0ZTc3Y2E4ZDczOWE3MjIwOWMzNzBVVAkAA4sT11+LE9dfdXgLAAEEIQAAAAQhAAAALowhQTsd871gRUQHCAcgbXn3w0qOyo35Ln68CODPgkZYwlZsXdRu5+fayJjee+0DkwIhO7u7kxII/MNtSDwanoEf6fuQwx7XO0M0dIL6gQAeGI7bitwLuc0S/lxcXrChwt9+3+rUsEA3n45fBzy+7ztN0Rwla2ghAyy2X5hUqH77VXBd4Mq2FG2nzQ+pWxODaIEmdsO64P385TgaejAA/C5waTwFUse59wtzZE8bQrVY94t+17a6ttmNUTciJWbdzra27PUT2h2nv00D0z364JUOeHdtueJqA3TfLoSftqYLbwzJtLO5dU7Fr7nnkuWlynJmx8DSpOIfiDMJ79Wu2w35C+re0R+YpPJ5nwR947ZQr8ATvaXzcbVTtxcVLxGkkw1tRM16OKvZ3mA2ZKVfDQP/4TGvaELgznOR3IVWWJCI7GM5taj2oyNnKLMxXZeGPbhqwWoMRZXP5mxvZTLewbjBG3mqpYEqYxmnqATbEQDas1b0eaza7/A5JN3psTjOZcD0lNOObEgbuPalscydv04FnRAs0vRQT4qfr2KswpDNhQRtMEbHwwlW/FDn31Pt3ogiD36D9fVdjJIbIxX/WI1OF0yyQl4ar3h4YBwfQCELIHA0PMuNBRVUoLYZRBS+lKTq3BHCaNl/CS+Yh4Kq4tMog/0YepqecHdhwna+jb8XOJ3oXyNUl5lTmPxqaYW4KMpjtIVOqqBvB5aNVSNTqpPcw/fGG7RS/nvKup8JuQrSMM/u0RrrELUFtSZ/SO0WwEXnkZXc66gvPTufcrUC5IEhouG5orkKktOA1XtSETLCllJ+xP4cHrYGZlUFa29N/0MwGM5bhFBnhrVI1h89ULfrkQ2ZJBRF0wgPXw11LCFw+GE7RGY8IGsaAY0ubUkMFb8MFf8DFyVFARdoFfO/pwscJbiQFhngHB7vFlLf3A+bNGfv1LCdXscErKtyYaQge459bGUiId03GSnJack9qB1ZLIoafYvmgpSdfpUI+ORZhfVct7/KR0liH7mboh0C3O0/8d6QsN+61gPW9VG+UwDaPIo4Uhyi/I44lyO1Nk9eZTJAIQWseM7peo5QBGG31Ca9jnyl/XexBcK985qk5iqdL6GimMgmVeKp/3WN2BQKyDNQCKLN1hOTFDXeJIj34W9UcDYaZq26XWKa0R/ueEpp+NIKvbT2xMGXcZxf/WJCtX3GfVAafUftYjdyJIYw8knbxoc1SXQLLY9M/+AOcTzzKyRp/oTfWyi2gtEIdO5dBE/7h3ydLz7xOZaOXHjxfMjLGwQA1qN+OAZnMg9C6oipNMMmWNY3IC/XORsnAt8XMao/sWb6DKID6OOW0wyyNKY2PYhjLe5wQZLfFQAQvS6znL4IQXuPupNCRpUjKqiPL3td6lBTxTIMSfEEXKGlNdm9lB7rF/A+Kc+iPyL7tVpMGWhes5NBz1yRwyFXX6nNLTTcNB5QroBLfGkMRQDM4ncHAa51nns1ioIRRTagKXSO4KTPvjxaEB7OPoWAbv9aD7ZsdZcBMUkOWU0uIFvxmK+k1tyKZn5oDcKH+nH3kB9nez1dO5W2HJZ7rY56IF8+bJ03TBUV7qVjhfz1PsM5f5VzqfajSmOOl0hJtv/4dlvCQyKjrvePYZn+sudnCF7RR1eQpLtjBwdGiH9Ay9O3XJQGrvtmjmUYcwrNkl1I9ctDrksvvqTTD83dXmgafm5/rhVk0V99bBDemWcvEwgavdzl2KfYzxS9kG9hN1VM/XAZGILJ1TKQ1WKO34nxu785Jm4/KZmTA3gi35npd9zzt18SakSilRxmuOMBNULXM1GihhXbRvDtGdPmTa/n5VTFziIVYHpoHv0ObzbK3eg8WxgRU/Lsl/nsztWY2T5dl5OYXOyn7SDgU1/zMJgr8Ypxrr/pFapDRFLUge4SOOwcHoE5RwjmKhcMwuzf+FGBWNM45LqUum1EPK2bG1JSglyTKJwLApH9uL0EOEZALr9DNmjJvJ0ScUYUCwAvJitFNd3CWojPgSp2JXsLVn6Auxdkqa2FA++huVtK3QBqGPiqLpm6L1qlQkyP6UJe3oWHI4Y956Dxodgqaaa50cTyoAuLY0bA0p1cKEDTOhRRLQN8CxBwyoVlJnLX4DPqLXvASbfWn1qLEKCp2v42ktPGyhBG9miQZaraRpDRu0E+Yd6uHtTSWDDMTg4E/sTzi0w/+2Lg8VktWq+gq8p+VZYOYiHCrx2M1mZkhec7s+PqEVBlhVeyIG5sbqGVTVOsLvTWR8zt8DRR6M5gAoINwpSVF9VnTilkhJ2DMKEeNUkg2sk81f4Dq+rgISs9tl4otpVDuPRRH57EUvfE6n++d/bHZKjRa+zlaSpSmC+puDx9potafwb3GS/nXaQkvB33gIogIcA8HLvWf7mr5IN3dBv8wiB3WsoZYar/RauVFHGOyj4FjcnE12BtBYphvf/LHtPJqzzpkeri9XX3XICJ7xibe33k5d928cz6KHX5MwljAzZq37z+RF0NrpzsL+taivYmpz56K7x2/WQddDDuRG3S8jekXUFJVWcIOz/LaKw+zC03Vcd3ROB7XiHZECQsBi4QAxeFX6jftOHaPFCkMDBsbvUwBkTHoLmtZW64xqrMUQ2Dj1eCpJ8z4+yd1ATs/4Zs6erucbjlKtMG/uz1cR/r775mz6gPIGXxbhRD0jcLLnojyeG0rN/4MWkZNnmKznsKvkXoxdd41F5NxfwS6XCTN0tSIj5+NYTJ08N3c3GM3le5ii44wyvI1Ir7TkAaToSwtKjwhYvLJ/Rp7vOIvG2bIle5+RHyp9WgthH6qt5c/9ZgfaZ0xesIrh045GLxV39roMYjag6OkUY7BqL9NH36d4PwTrcbRXRrm3OgmN7BWRBTmYvKxPpvXmFxSZfOeh1ry7s0lN005cL0kzwsYEAvSgRnLDPGtCiNcXKrc84VpOvJef7WgOQ0NkxaO34HUWAG4Q0VGZv/vhhog0aHVhbW3Cdii4A1XXvNyjfBQlViFyPrrugL/RaIDc3/Nv57SVZqAl5WQLUD0PjFMPVp5dHuUY8oeuOxLBIU5O5wNqc9AU/64peiD0TC4WwtQ8VeVPsLPR/UX2nrzivnh5ZxIdQVwjiczkPatbBJRMKyPofxDy+mpAYnK0gd4dHC026ZyQ3JjTRPhPVO8fDXSznzcAV6byLqtlWVnkj3jHsQt9MSFPGbh72AMxFpP3x+FitPHuVJWhvWaSrRMJg+RcAeyRQUx1VxpXdD6MFKEdsCgkolxn9f2uZrV/Kiy3+aK18odStfikB/UJ9SInWOZcvse3C5he//KYDcHdxu6N2kcIdzrAzj+kCkjCJUr7N5XdwthmpF
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:26:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7370a818-1f90-492f-9c8d-213e3414d8cf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:34:46.000Z",
"modified": "2020-12-14T07:34:46.000Z",
"pattern": "[file:hashes.MD5 = '2c4a910a1299cdae2a4e55988a2f102e' AND file:hashes.SHA1 = '2f1a5a7411d015d01aaee4535835400191645023' AND file:hashes.SHA256 = '019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134' AND file:hashes.SHA512 = '5cbfefe612a40c8872a0faf3db8d3835dc514fb3df159610095b47c595c6caa1ada79cce2b10fb99e648990c3f54f63344d1fa7025090bfcd4e2c55d7210a28d' AND file:hashes.SSDEEP = '12288:dJKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+cYvjenWHuhh9c0g8vkzE19Wv:rEfDbO97P8TrKhYbenWH4c0g8vkzE19e' AND file:name = '019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134' AND file:size = '1028072' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAEI7jlFniD4xx1YFAOivDwAgABwAMmM0YTkxMGExMjk5Y2RhZTJhNGU1NTk4OGEyZjEwMmVVVAkAA4wT11+ME9dfdXgLAAEEIQAAAAQhAAAAXp67qAHUmSaQVJjlQThFSZlvVbwWjJsEiRX5vvrSnIOWU2RaoNszCsE9C3zc2dcq09ye7OW/tqeBcL02lW5vKnhIQipJS3ae7wu1mHjbrpLEF9L86KrScUEWAh1PpM4v9BnSuQ0ENX7OP1Ldn+atSXL2Mp6xq/hzTrG2VXDE9FSxwBxk0w+AV1Xj8plhUxpKfkN4Hfikp4/SyN0f8eKK+Cz/IjzpRexLBiE3bSTWGm96t5eUdA9tljr6fUsYhhciBAkaQ2lV1aUlmm+4/21AJ+ZtNwpIlBP+OItqWzNzlRt/xWF0FfjNCBR3SGWSpKPmVfh9ilWtR209TOHASuQKUgM/3iBnxmHDoWNWt/EPINJ0OF7ctksjCob7xvdMaApNQsRCuAgfzXCZxoKl74YasF+DOS8FZ5M+CSUoFKW5xMVyYjRhrxEfLsC9eMUz8GL+8jPjdRBCNNowRNsf6EH7+Sr7C9SZNpzFshb9k60CNufyCpwyZ18UMkNHPsMSep3es6JdtvIHcuM3Iddh9NhaP1ufmh/0lnrYZizGDHto7TSfpTNRkk9BZfwVBs689xXSMiAOT0EsxzX18q2rGVJ01Xo50a24TiqEkaDHA4xJ7Pa0bIiO3PKfIwoVRWGUDEzBelFaZpreIILs/ioxoBQvCPUqHFG3JrMg7w0MCu3z25aJdWUdurraTUf9eXtAstm8AXfl6AeR5YHDVUOHrUXRFvXhfCnb3F4uuzf+Naxs1PLCdZNLXXS+KtE0f9jw/1bUNVHdBFCI8+hxwOf5F4/8D9+Sn4oubjhTm9fXRO1rZNs5D25NjeS6aqPy2rGV1PekCinx/FgYjcync+5uim+coA0ZV84K3sgweIuvEAImdLEdOMAM3vmoOgUED3NCRb1fV7anUJDpvMKx1uedEo30rZRzUT/7BL/87z2ICfSaoqHZ5l+p9l+aJzuuZBHqB+HFYCBflISaH2RldJYJHNGcqM7TcO4YF1EsAG7oEvzetLyenPa6tI1tJxqQFrNC8bzxCC/5Sd2yeVyTdiFaMk5YJiuTCfbCha7KM6RctMfSThTHvuSsjmT3ZZOx8lK3griv29vECbyyhJwHQPldH4407TUfkW3sItlXJQMWZzWfUEkyddYLJYgPxwdWgdgByjL0vzLtc00JBqjZBCyvE+9tOzT890cKNX06QnxcDpPE+bW1fEZbMkHnTYUmFPrlInxjIAt/g+RG8FA/m1+6O8Rt6sEujQJYuhTtmiPstq2qe08xjklgn0q5xdfbjQgXPDRr58xvbcTYtaEC/ntQ+Vw3iJqya8a02uMydnrn835KeeEo4PJu/DzWxlf15M/nEtLjJil7X3Rde8FBoGArjxThMHf2X0mjs4c+sCBbABdGVpSTLOm0DE4521ReTj+Kw4qL40SO7PWQGcqW2IsQOolZukjKze2ZHYUDPZsx2dIiMX1p1wpJPoHmNCRWmfAOo7QE0UnskC0dkDvkh5F43GIXlq39MOrkMKUsr/6t04FYCPz9fur3jOYR11Tse2R4oBxaO6PhREGHgtmpBhhcyMls0ZEM3A2V0NH/UOv6wPRnBcq2PkQ530hpWK8c4lJXLeDUAwuRKV57dNvZb7C+CjLPaVseBZefe6rvsvlOJTbN7uxwsaaXoQWY/trn+FuTQiZ5fmUggnehpxf/8TR1jgBYSJt7a6h53l2z8HielT9NJ8oRbZxfRZXZ2ewz1dL0WXclYzskfqCqJWPMtc/MwAGlXUkfD8idx+iyM0dhwW3FwOv4g9FCsn6dJT8CdFf9hdixcq5eGF78XqtmoxBeinQOM47yd9McgyDRl7E3U/V6caX8iJeEycZgL0IYupF3MEbCjKv/3SL64r4J2CirIQhoa5ioT+yVjNwwChms+YqzpTLh4Jvo5x4D1YNrpDkIdb72ZW4P4PpWCncOPxJp50YDSDe9IQOLUsYqmazFdUx2I7xzZGivEjM2gGCNjP55VsvaOkGzFs7psMHeh98OMVXwktCiqZgh1hmMNjyEEb/8FyV1xSpsuXXIAU+wIKGDQ5oX9uoUGln8IMeleg72FQOvZUcNiYBMsVaOHm8ZhrLPIUx787MHAXnPCIvpKtSMy2VqJJwqIrLfNVu6az20LFNfkl9qFYaGq8+okok0rmWHKs11MrD2VHdkFkUudIYNPRFDje5sZyco7apQwTl5XJRbiG2Z/SerB04wQuYEw0QyY1R0IreK/Cc/PsfGltU58ylB28N7jmaX+49FDrCerVXshxPpDdc7dX+USQt4QD62VTaSdyqNRpI9ngfvmQRA9Yymbw0YAo3jt1E/t8MvSLVDTKR6LRMjNMeWFu0NoXoUvirQdAeq3gu47BwNxcqmsLFm2n6D1i2/JqMMQmhOfo/3v4fWTEiMBriiWGEAIlryq0M1vv4y2sPCesE75D4meXGri+TaI/VLTo4wL1AMNcyWiHJYQheAy5y6uYT5eYm8qA1cniAiiD+WCssyNmGP6de1Mw1hhRYCCEGAZsx5hcx1Jry1q9FCSEvJQJVi06Ka00LlQhG/fdsBZGu5STU7npR7HTp0dDekBIB/3T6htfqe/urcEV/Yp44s1rFhttAtNtBOpUEOGScbufnVX9zCazXRnjXFX/4XLB8e4Wsab1Bc3VX+C8BP0W5naeIXdfzr85WYkCiuWygfk8lUTz0r/v1OzA5ITnQorxJn7kuQvSgP42twJavtwDDahW7yvMCxdxnSUpTt06EwHL3GeumoKKF3vhmmLoMds58L6nt4Fw+4a37Uf8Ag6laqNlIM2iPJIS2a9ZeQnjDgpdaO0calfFjXWRxXOz8gOtbAkgGmDi6HXnleNfgB4nLybxAo0lHGrVwxaHiXqSybZA68GUhWIC93oBksnUJbYG3AGinsXzc7BXyupRMBUNVzYBTsrz9rU38xN1pvVy/UIf3Rey+xv4ivCQvZght6f8cDGYHx42WojJxRZoZW8LELY5mp3i9AVhuuHfEFxmRyK/qs/1UiJ5WpDybEyoGU1dePelPLGmCz0cbChcQN5lSREXOuh6JWHQKK7Zwp9syextWXrFBRRFuqv5+YnSY2MQV6jkFifu8gdm+U1w3QukMwPfTI2TWqCjH9OhoaZ0btl/7KiwPRzFPMBeD9SGnDbDHBtuG0WxZBiB9hkppLAzUDaxgZLUsjxb72zQqg0yZ1PdRZGzgWnO40nHC0C3pAg1W7vo1qO2fcTZd2Ldvj2Io3KsDVBWzZiGMZkiOFu5rokKiDFZymkLy95lkLM+JcrS+5h7APQQtw7+Krdl+JO/Ma92QrLmRnTLImNqe
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7794b113-2f04-424f-ae5a-dd801e020d01",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:34:46.000Z",
"modified": "2020-12-14T07:34:46.000Z",
"pattern": "[file:hashes.MD5 = 'b91ce2fa41029f6955bff20079468448' AND file:hashes.SHA1 = '76640508b1e7759e548771a5359eaed353bf1eec' AND file:hashes.SHA256 = '32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77' AND file:hashes.SHA512 = '6a81f082f36ccbda48070772c5a97e1d7de61ad77465e7befe8cbd97df40dcc5da09c461311708e3d57527e323484b05cfd3e72a3c70e106e47f44cc77584bd7' AND file:hashes.SSDEEP = '12288:Zx7m/z9aEBzvnvLtYAi6uLlYQ69BBpIvF1tjpH7BKi+0A8vca9owQ:6aEBTvRBi6uL6dIvDtjpH9+0A8vca9oD' AND file:name = '32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77' AND file:size = '1011032' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAEM7jlGNIdI7jz8FAFhtDwAgABwAYjkxY2UyZmE0MTAyOWY2OTU1YmZmMjAwNzk0Njg0NDhVVAkAA44T11+OE9dfdXgLAAEEIQAAAAQhAAAA1Kzk958JdG3GeT2fvAT3KOOgpfwAibLL+kei38FP616Ui5vo9KL06SLeKYHblcVj1OYqMkUGkUqdMb83l3cJDe04hQaOnpdKtJl1dhM+8wQAy/KE8Ymf2iHorchJEfL4/eRT5/HTXYnlM26BmMEndoHXVB/vGopHhPv7r/P8uKw1vVIrm9pmOzUAtuKQXI8FDjbDXi7OasoIY0aZYbf789TzUY20KomU3ZCpBdBDFTduRnKlpYw4ES0XLpWtC87Th8JljxN9dph878xCr+0pNBaYfO/0xrkc41CSXJYhy1shi2FLBttzh92GPiX3d01HhHseOiU9IizYWhaic4Pthf6R9FCVDr/FSKTzUoxEZjTR/tohN0DW7U0jSWxJ9NB+evsx0dOhpTleCkufd/GDb4gtn+I0SWq6C1A3C7i0jl9P6h4gjTtx1G6I9k18xV+86Q8CUIuKeWdsNIpC3XOWlnyeJgFBdSj/UbLD0Gz46tbjwaLD5s+ZOkc0oOKwZjbPXi57HeHTvT3ojPPAAdGUpiMurh696k3LBMUxEM9QjiIQtMDzdQVdwxrFq2gl4aOemikWQ7n0bYoEtjSEyy2Y7MIxZO6ZnN7sK0ZGH9BRgNzjrXrdggsNd3lgvfo4UaKtcK8TwAzcOh5ZCKtVoN+6tSJKFBQoC7Iftb/vnvT8PjhqMtwHJtu9RfIJG2+JUBklMqgV1ZQ4eAuWSC3CVOZGREx2mx2AZtGwk3GsGS0Bk3A6udPUmIniCJ0I4oJQKWXdrMgXfyJTzzg92XYfzLXTZLlcxP6EAAYcpgJiYP+YYic8sfh3KL2hOiUkUp11GiD3gU5jmNHWzzhQbZqFvw1P6Rp03xOIPXXSCy+tNFKfTia/qLRIybXQq0WmKfCoY1oRLXsd5Q/s0NadXne7HQIfnVyNp6ElJq76McTn8ndPcasdL8NO/m/8ZPKkMwNMxCaYsiw2rHkTP6sY3Hb/jZJJ+do+4Se8yQPxo9I5Tqkec9ZNxv1HwLfl6FOICUH05Lltg0a56hgtC3+T9P9cLuDI2byY9l4Br8fIEuhZIR9aLkSv4Bmd00m9Ugvo7NuWBRLWjkKAUcYfCOlu/0Q+VutE2Vti/fe/yJWRDAlPE8EEmQhhzGBSVAsKO7x4224ZmX4hCg3JXAIRQ0+8sf3msjEETjG5VDkbJol93ClC08efd89DJD76y4N+o3cztuy8oTkLcKYYNcNzq5w17qzOmR68TcWHEoLWmD6BH5xqotzveUhz6JOt0igxqEepjKJekd1VRwhSwVGuYWCBg2h2Z59D0q7GEXqf9d595KV/LQvEhrKin/CdmBbrp4OywcUIg6LoworsprVl0ErY3PPDps3YfHeKBxxDgmaPYmCbxk1KaKsUyizPSMg+Pq+dVaaRbV0ynAXKJqQJnMS8ZqzLkVXJc9SYrJwARlkYQWN38I5TXmhuBNW4nu3cSD4xKIjOyLKl4VLC7fHuHXqT+XZq7UP27QSGXXityBJR/g29ZsaxC/EBPGYqueCOJxqOaoIqB3CMO6JTSkVVVDgHO6orwnZz7eHrpvdK8CgsGTE4VKY0hxclxMty3NB5eGmbnXueb+yP3esEUWWlv7tCZvRoLouoZXAByieoHD0SSnZhpVv2AsxLtgKpwTux5sYK01Ibk14c4bREizCP1uxXLR6QTV9zxM7YdLqD6nIIxwTA0XCgBF+WYc8NKbakzVd1E6jZIbxyTbHwxzVF+2X7nMrQWmpeP8Qu9343w2IC5VVrzEMXAlgjVIt7IiOUNmLH9IhgsMsmXt5ZXd1fG4uZPVw/DbYhCP0wHRdl8dOxQ+KumVQnBtuxMjb9Yx7KdyS+p3fHkaid70nxaVI2phs2+2eF/gej0jJ+CpN24fX7FJYv3LupTpoD+mBg6bVy853mVUQoP/EBOSulYlcwggaXD20MZg/cKkfYlZBYTMjAb37gi+VyJ1Qs9lU4pp7c2SV63iZ+1CCX6RAcVZIkZvPovJpYOjlk5x1T2JxKKnQqioBoP3OMHsWfRIcyxz6IUQt2osD487/50JVomPbiXX/gIartBXKn3ScMQuM9SaTdMRW30ONzmJg/0z1UkcX/1CVsCzqdOYm/u2Ujtc+SPB4xYNZyxXql9wJIGY8Pb0UcD6ikhjExkpa/XuZ2lUscVLjH1+5a48FAAVAV84sFy6EI0BpPKsqakpm0hnthtgEm7iVLAxFFGV82WYMNsMIQCIw3+tOZoqng/ZnuXzRqAWAVsG5NrXAQDli8r2XOwYp8IayNdm70pNYPCg2M10yJcMhfVfUwMsC00sZJZ6sFHWMZP6zkO4qqQTYEQ/ZulnvbX+jUS/O5twOPvfcAwIN+1VYAcj2/EiH28i4ouH5EQtHhJ5KejGxQfM3toKVTqM0qa14G818qV/BViyzwx6DPDISoKumTarcmyvaAz8wGDshfq77nkZLoCDW1Lr+LYF/FrPatkerr+G+2JKvPjqbPYaEzc4iTl9PVPH3TaZH76WBkgpG4BcsyxVu5sdUd5kULp9dRWJ5vqQWEfpUxTJhxfZyY611gGbci/sHHkxoGU6wA2/03a/DlIyfyynNbR+eN8bkAkZlSnZi2dbOv1nhGs3oMWIBzZlKn843C4AX82HAFp6IYPYo/5EMaL8aYaapGsYYyRx2+KD1+WcV/Dd93HYFBXL1aSoXtTdVnXlhOEAiX+3N8o9AIaND6iUY/VxEgpzgy9rH79c3bJ1r/udO+k3pTw0MZncjpgRdarwVjGtY8r3ZVkBjPL3+RsqoD3cflIpK0WWwBvIYHCX+HGas/Vv4dT/vwRrZkQBH0059WNspxHiHkLpK5MHkEXpB7yLWdxKusw5P/MLx9O++X4oL6g2O3tb6d/5vcBJ7Sq9AB2h9XqL6hAH26kiEQNUjERrydiMC46nIp82/d20LAiVpei9gWk/tUcFX9hcO29JjmQ9/q4xUkoH+FEvuN+gQgMb5/g9TpTl+/ZLpM0rGM4ebx0aEHRT/jarUQem8MWugwUdF+IWUlivHSHW0Kte6yxhqhcRCwlbUGk/8s28Sy8k54DKEjbM0PW+GmirUKbulD/BZHv6OoB+pOyorYCLHyZveiMY+6IeEg7QNchedGuN4KEeI+pT4LZmdGvLh6GRXTcgDgcS0FJio8zx254mgXF1Cc5o8gI40wkneehxaazUriQRrNsYxRwqTmYEQ1h+zJWZrUbFp4pXhPOTA4xSB8UtCNI58j64P+QbidGy+lWPHTjCp5JukAjoSeAqwIekhzVLaUEoGgmDOBBFQivr7ehAmKaSbnIZEjPxxmDduJekKZl
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d47e29ef-e08c-498c-a5c9-779a6a2b79f4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:34:46.000Z",
"modified": "2020-12-14T07:34:46.000Z",
"pattern": "[file:hashes.MD5 = '56ceb6d0011d87b6e4d7023d7ef85676' AND file:hashes.SHA1 = '75af292f34789a1c782ea36c7127bf6106f595e8' AND file:hashes.SHA256 = 'c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71' AND file:hashes.SHA512 = 'f7eac6ab99fe45ca46417cdca36ba27560d5f8a2f37f378ba97636662595d55fa34f749716971aa96a862e37e0199eb6cb905636e6ab0123cfa089adba450629' AND file:hashes.SSDEEP = '192:8/SqRzbt0GBDawA5uT8wSlyDDGTBNFkQ:8/SyHKGBDax5uThDD6BNr' AND file:name = 'c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71' AND file:size = '7680' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAFI7jlFASn3muw0AAAAeAAAgABwANTZjZWI2ZDAwMTFkODdiNmU0ZDcwMjNkN2VmODU2NzZVVAkAA6sT11+rE9dfdXgLAAEEIQAAAAQhAAAAAwASDPiOMLiEA50QsMqUcV+4i6QmiXpDMpeQq//ulcHIyOrETaN2WUcwieOvxAkiA+ERw1cl3sEJ9WJX21jv7t+jC0nQ2Rd2Cq3j6dbvFqtm0/mJ9qZHEr7HsuJhaWpVsjF46FkIOPj1gbk+kKbCJEPDircB1Xo8MUBW7IrOKutXGdKeZ1urjy9rzHhsb7kJJ8xwiA1t0Gs9emb4jflJmzW0fpAJ3E1iVTp+cj/cus0SvJ/Fam3PZp7TP8zNoWvTm049bjGgam6P8mN59CHDUDqMZeULW/c7K3zTePKntjGpSHnfQRx5bTmJh22trnRA7hdcsj00ucvMnGUG4yIV+mYkBmOBXUuU2+tSbOQWNlXeb8Z7E3nEepfT/rVs6GW2+iYEzkhY8YvKEpq8z6dTojgBXNv3AYFen2TKfcCO9t9sS4/yVqaH5zcNbfmWHL9DOCzYUYi0lLp59t46lXjTophEDvDAOjwoWpA0tYSLB3vNozmFFCyd/lbw0iCagaYDTae5GODyKNWzK0zHlTBXJBwQakG1QAtWLjmsvclTyUFjNrrMWsGE5e0Ggf+tUsGrsNWiI0alJYl7hT4MzNDrnCnHifkZtfd3wBjUQORIBrhqOHvJTX2fYDjNrVRzJVnYMebZ4z7/PgqVBuRf/XDbG8YLiqQrMj/4cbswWDYdf+ooqZSrlXq8MiVUzqYm4a0pt2uYth/L3t3SkwfTTQ0zT8IuwarkRFuE8ev5/3HzycH9kYSs6iHfLa+xPVMjVWed8miA+mXuVWGslEjhQ8s7mx5gOTvKFKcRG1TiuszMFOG14qIr8O6eZjwqNbdX4wUSNiNeI9B2T6TRW/vld3pvQ5nDOR2K3pQAIM20p2Fbi3qz9xfXEoiMcUy504k6c5U2QlovRVijaKztgySN6nWKL6JSa8ALJrTv90lbB1ZngONk/z4KH/0gtywHTqfLsTTsPjvZ+SMI3D38zJNsTp3nEcsDrUufTo9KL7/BbR7CTCW1RLIXrmhyYx8Ahc+ZyrvDqJwgK0zNpEnPjsaJsWuiwt9h22uAzaxEO3SaoKnEi8D1Sd74T9s13p+HadNhVJcgApgR6ab9EpUONm7fHpziFz4mNEQ49P6sBS5en3wFguZwSz5i+GsJmLUiEaX1eHZ0FsiXg7w3xgwzR7+TjU7aEiCYiYaRRJKlI3tweTbZCdwyOeatISj3hmKMbUHbcsRNPub1vJODhWRt+roYdkNDZv4S/KBeDiYB2yCG34fnXCQn393jKW3RolwrK3aDHi3jdGoorcUJV9WeuYn7HLKizjmcSHwNJiE/WglbIwiu1B78Ok5iNT32mjf4YdMS5R5PVbVu6wVssi0BoED0J+dfVuSSsTXolkBTLi7oFjYnNRY82TlQMj+TNXkq0PMKjGfI85JIWgY/pgD9gJRbthpyIi4LpwWyWJgZLvL70tuL1koaGeYv+BlK53MukYxgj7PpFbSJVjrhOKFoGcm8j2Q4u8O3rj5ZovTrYuxoD222ABPF5rYVErptYmeyl/dFuM/4sCvD7h1CJnQwQZpTjeJvt6yXw4Ib/14K8DNKyJChWbymxVYWi4U4wXpGVMGCvUw4Vfus3Cp2ht/7lTySiZJ0hbFw6UDSVRij9xU1wgAHG67R0anWj/2Co4mvXAlCxoKCqbFHr1eYXv00FjN5DQ4iKdlbL1SYzr3Gzc38BJVvVhoSmH9bSGnOKKGLq1Jv/SDcQdlvPZ8aMJ85TU57wFG+oMHCCRINxRYf6CXwh/qdD0wWeAIKvUDkjRo46QOsEiOF4Z4CnZhadK3QZdEYHsn6k9eFqZ+Iy1+4QYBJK3o24Ta9gKaehEEK41SFqyk45Y8ItIxNidEBFZX0wNl2aj51l4CCUjeSDdm/TAqj2laAqWICrDoueHLxnvTrET+LLfrBdHIjAu08wT6UjHVkZf5BwigKQNSVReD+xDDBa0ztA5KfHI3+XFhe+3xzqiu7clB6OjPdU5TTipO6cx5T2sYyo3ff5EkkivB3VLrLH6TOcRVcOoupd6MUhyAXaR0FkTY4K7Fs0VfxTB0/17Y4D4Nd8RblGNjtFRXRV8p65SVTI1DJn9OvAqZ4z+GpMkEEw93ODs+v7opX1JooGtw40QlkioJTCDpMGRvsWUrZlM/xQmoitkz4ZoemylM2HlrfOXImX83UjhR3rbbEHEHO0SZE8wo3eRRUTHreLtiKzbrGHwFXsF6R6gEmuhrFxjPgszXSrarEzbjCnuZUBqhWhifIj2G4XmBzO8cmSrgqnyzMrS2kVqo6j8UyOTqnkVXQguyl372+CvQKmZhhZh/WghFF430jhP6UJMR6KnBGrXtXd3kf1UKEEwE203gdmfqdzTrMQ5YnjkuUj3l6qhL+sgQnFbRzTYnT5X5x7mbotXgXbElHPLnBiTcKQkDE9GcJq1w+E+Zk2gOpp/hevW8CFWI9A9NjMXG9WqeKdZ7LfBhQlY2QRUMffAYvi46cE0/xT+1Vi69GVDdWPmCI2ALQwzLYOfkinT7VQgoMB73ebzROpqFLNxCFJV3M8fMCJUtirn7J+xXKy6U6GZGJOan0y7mkjm+KD+bgezTnAK5p8wuBM1jWob3PzcnA6y8M/J6umlEodUegOo7dfBR8ue392t+KB4nbjVayUKt8x5oQeQUvfwAU24YFxfL8NlNm3lMxyX4Ta6DV7jmOEWmFc7zsQVWeNLcehRL1J3jBX76FnvclIcbvkDemxCuQtkvStHgQMNVwYz+ijlLAR/SwehGrt6wRkzcrXFk55FE4+IQNHMnD8mvCaFbnAi/madMn0HtrzEpGsLCpKL0WnsOa6ZBh+wu4+Sobkg7XFxpHiMMAF5Drgwx6HDcQocktQw40EZnnB3hxdegRj4zxnRXkatLCKjLvBChgb2HqWqNRSPlM36fLNpk/eSzQ1FIEOKf+2De4r4qtvXzowLqQBXRhySQU4eXQzftX3HnbImEZU/sPp3nzxhGP1z80uDhbK004fuDpHM/p2IcwSRQZmLiAHTABaBm14BxWNTURhTAQZLZ+/rF7eHcXt+0gb0rwxt5oMCX1aij18bffixWITPk1r265qygWxqIzcbuIooIj0SwE0JuT59MIaOlWi4n4qopO31DfrpI8zoifUEnqNfYRlbGFXb10MbETJI2c1URt8pxAuQy84EN1sagwZ6qMOBzd7ZR/13SIIjkmNzK69IvxkDLdsdxUjfuxh+OhjvnIOJIgMthiqGNHd1u4OTQZO78jQqVyn7vuTmHE9ejvPJ+y6wHKReizIC0onDFOz0xetYXk/EEJHlxSL2Y2p9rLtLnW/Gf+dmz9+dn63Y+LcbFMx4hQBuVZrSxBvx
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a224f9a3-c58e-41e0-9841-460afdd9f409",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:34:46.000Z",
"modified": "2020-12-14T07:34:46.000Z",
"pattern": "[file:hashes.MD5 = '3e329a4c9030b26ba152fb602a1d5893' AND file:hashes.SHA1 = 'ebe711516d0f5cd8126f4d53e375c90b7b95e8f2' AND file:hashes.SHA256 = 'd3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8329451d-10ab-4ecb-9cff-d5de9c33c5f6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:34:46.000Z",
"modified": "2020-12-14T07:34:46.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-12-14T06:35:21+00:00",
"category": "Other",
"uuid": "32bebe83-ed53-4890-83a8-c1f30d094049"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af/detection/f-d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af-1607927721",
"category": "Payload delivery",
"uuid": "b25d78ff-0a83-49c4-97f6-7ce9590835e1"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/70",
"category": "Payload delivery",
"uuid": "6f0be67d-1893-4872-888e-43da04eb4441"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--aacff3c7-77c9-4c70-ab9c-9cea57951fa5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:34:46.000Z",
"modified": "2020-12-14T07:34:46.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-12-14T06:24:36+00:00",
"category": "Other",
"uuid": "f6bd095c-e876-423c-bd2e-b06a1dc0ec61"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134/detection/f-019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134-1607927076",
"category": "Payload delivery",
"uuid": "f4faa1e8-50a9-45a6-bd0e-e6aa68c71657"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "4/69",
"category": "Payload delivery",
"uuid": "fcef6a83-9fda-4149-bd1f-3cb0095da782"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a496eaac-08a1-4a65-b489-96cdb0868312",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:34:46.000Z",
"modified": "2020-12-14T07:34:46.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-12-14T06:47:17+00:00",
"category": "Other",
"uuid": "def1362d-ac36-4e3f-9364-f262bc26e8c2"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71/detection/f-c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71-1607928437",
"category": "Payload delivery",
"uuid": "14a0f1d8-d899-4f8d-89a0-a0e1648ec174"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "2/69",
"category": "Payload delivery",
"uuid": "33f7e434-f388-47ad-8948-f47392130df7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--96ffe3c5-a158-40f6-a5ff-156ac385d32e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:34:46.000Z",
"modified": "2020-12-14T07:34:46.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-12-14T07:32:31+00:00",
"category": "Other",
"uuid": "5c902c4a-bb50-4a28-9c0a-5b7036b66359"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77/detection/f-32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77-1607931151",
"category": "Payload delivery",
"uuid": "6f98031d-32e0-47b9-a557-c639ec483894"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "5/69",
"category": "Payload delivery",
"uuid": "f61f4bff-ab4f-42fe-b893-b67cc407453a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3073a9b9-f747-4ec4-99c4-f6b5c93fbd7f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:34:46.000Z",
"modified": "2020-12-14T07:34:46.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2020-12-14T07:28:34+00:00",
"category": "Other",
"uuid": "8532b5ab-88bc-43cb-aad1-d5da8dfbd1ab"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6/detection/f-ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6-1607930914",
"category": "Payload delivery",
"uuid": "8f2785bc-d455-4f9b-8910-41ee2cbb635c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "6/70",
"category": "Payload delivery",
"uuid": "b06e1baa-7b52-4b85-b2f5-bd32986ee1e9"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a75bd08b-b215-436e-91f4-3382bbb70493",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:01.000Z",
"modified": "2020-12-14T07:26:01.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '3' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '269460022' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2020-05-11T21:32:40+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '2020.2.5300.12432' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '2020.2.5300.12432' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'SolarWinds Worldwide, LLC.' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00a9 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:26:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4d4b2085-63f5-46b0-978e-15e1117a003d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:03.000Z",
"modified": "2020-12-14T07:26:03.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '3' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '269367810' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2019-10-10T13:26:39+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '2019.4.5200.8890' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '2019.4.5200.8890' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'SolarWinds Worldwide, LLC.' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00a9 1999-2019 SolarWinds Worldwide, LLC. All Rights Reserved.']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:26:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9934ff43-6bfc-42a6-baab-5d798458b78e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:05.000Z",
"modified": "2020-12-14T07:26:05.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '3' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '269460022' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2020-04-21T14:53:33+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '2020.2.5200.12394' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '2020.2.5200.12394' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'SolarWinds Worldwide, LLC.' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00a9 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:26:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8ea7172c-eb93-4bf5-8baf-630fa26e5d2e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:06.000Z",
"modified": "2020-12-14T07:26:06.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '3' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '269443494' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2020-03-24T08:52:34+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '2019.4.5200.9083' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '2019.4.5200.9083' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'SolarWinds Worldwide, LLC.' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00a9 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:26:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--77c4c4d6-1725-4aa9-a5e3-ebdeb89500de",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:35.000Z",
"modified": "2020-12-14T07:26:35.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '3' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '268448958' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2020-03-24T09:16:10+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'App_Web_logoimagehandler.ashx.b6031896.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'App_Web_logoimagehandler.ashx.b6031896.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '0.0.0.0' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '0.0.0.0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-12-14T07:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c35e55e1-dc94-49a7-a3a1-4018b4f17a04",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:00.000Z",
"modified": "2020-12-14T07:26:00.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "29a6c4d1-e274-4b6e-87be-255f793e2ff5"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1018368",
"category": "Other",
"uuid": "7777aaed-c062-4b75-8c18-53ca12873aa0"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.5695446259584",
"category": "Other",
"uuid": "c9860ec0-4232-48df-9481-ac92801b5e06"
},
{
"type": "md5",
"object_relation": "md5",
"value": "5a1c26db5b9b9a2d0a630e63ff83f0bf",
"category": "Payload delivery",
"to_ids": true,
"uuid": "842c8449-8cdc-4027-bfe8-0d55fc724f20"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "18ea74745f5c8992a95ae40bfe2158c8d7e34acf",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bcb1a128-68d1-45d4-8b66-6d5f38f7b797"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "02811d870295f78bf9aa3c9f42ca11f2838171fe73e70dbbc158fae590161573",
"category": "Payload delivery",
"to_ids": true,
"uuid": "b175ac6d-4eb6-4e13-a39c-4d8130d40704"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "c0e04da710f18443018aeef4ab387903f93f95a42b700a3a88b3ea7c35ae3821850f1583494172f5650a69a9acf8f9d63d1fca22aac115f1fdc4ec8b78c5d7e6",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e7364bdc-dafd-4a3e-bcb4-c8c59f8391aa"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "12288:6JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+BYvjenWHuhh9c0g8vkzK19QU:KEfDbO97P8TrK0YbenWH4c0g8vkzK19b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1c385fd7-be09-4cdf-a332-606181a5ba8f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fdf86a09-fb48-495d-8bf3-50579e86edd8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:01.000Z",
"modified": "2020-12-14T07:26:01.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "ea591c12-7d54-4190-b8ab-ffee6c3be07d"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1536",
"category": "Other",
"uuid": "9da5a332-1220-482b-9147-75e99a489c08"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.3927625723408",
"category": "Other",
"uuid": "bf6fdc37-fb1c-41fe-bd98-05cf7e27c864"
},
{
"type": "md5",
"object_relation": "md5",
"value": "da27d86acfb9504441eebac21f66a5df",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d6967720-07d1-410b-bb1a-865a055d44b2"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "939387cdbb29755bf192c2bfce2701c1a27354a6",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d3fd1a8b-83c8-443b-8cb4-64f08543632e"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "016bbefdcbda1e07eca63a07fabe2dad2b25a4b78cd0bc6564c6d0ad3a6b7523",
"category": "Payload delivery",
"to_ids": true,
"uuid": "af77388d-7b96-409d-82e6-6fce4d9ec10a"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "713dece3f4687ea6e4591a7e9e3975ce0bfae2dda5a742b29e78ee5088ae148992995373177a1d5583c6da4877c99e813ba440e386705c2bd7b1ea8c2058e498",
"category": "Payload delivery",
"to_ids": true,
"uuid": "0efba345-1b24-4f23-95fd-6a0147caebc9"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "24:YE66ZyxF4iPXOL1+N0MnaOL1hyYinXF4OL1F3YOL15PNMMDqMM:YrjleBw0MjBhyXBB9hB7MM2MM",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ecc669c8-844f-43aa-a285-2b37afa57330"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4a09fc7a-97ba-434d-a669-fc640686e880",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:01.000Z",
"modified": "2020-12-14T07:26:01.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "c4e41937-dabe-4fca-b7a7-22048028098f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "544072ea-6e62-4186-b27b-60a69ad71ac4"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1.9473387961876",
"category": "Other",
"uuid": "26a034d3-61de-4d2d-98a9-31890a2536db"
},
{
"type": "md5",
"object_relation": "md5",
"value": "a29f1db3dd779a4a629939ffeaa3835b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "15824c39-2aba-445a-a04e-114f3d0cd1b3"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "c306017f3277b148c4a8914a6c4e46abc1496c94",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1cf0120c-3b17-4185-b447-1adf982233d3"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "6743e59441d06b5b27d6c2c9cc28ba3e4e81d8955aa0ecde9233cfac0b6e019b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1b50cbfd-0808-4bca-9be6-9b14cf818f45"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "17a273facc124e6696eb6e1dc7c1c81c7dd478f2bff5b9160b6678dca0e460235b1f4a013e49f389a1d8d06bc0ca4471500219ee85e533a64afd2441f9bccef3",
"category": "Payload delivery",
"to_ids": true,
"uuid": "127e0360-f208-4e95-8961-28b7d04b2bcf"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:6/Pl:6/d",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9f1c7bde-9015-4801-a37b-23c3fa042d82"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9d50d8e5-8c9f-42d3-b0af-aba92a54dc19",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:02.000Z",
"modified": "2020-12-14T07:26:02.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "30cc66ed-6a2e-4562-a96c-fed8a4f2332f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "924672",
"category": "Other",
"uuid": "39f96b1d-f827-47dd-8b1a-320709384b70"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.6441844251496",
"category": "Other",
"uuid": "09165408-d87e-4886-8ab5-025954fd4c12"
},
{
"type": "md5",
"object_relation": "md5",
"value": "cf450191b90401e1015aa2433d7d0b47",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5c0872f1-daaa-4272-a776-789498ef0842"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "e812fddc3c622905954663d30b25fa8adcca6850",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a30b699d-1698-4113-bd88-0f5831fa729b"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "e29b19ea0c58095c3ab7a19374734bba58effb01498c3f748824fed32326cb06",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d74b6998-8f21-44e3-86b5-b46cec7b18c4"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "612f4238bbf10e162cf33b6ec9e69d975fb67a1f78f9a6f5436460fcd7664909ab2aaceaa4466eaafdde23b62e2dffe51a4e5addcfc028211c77981f0d6f9d13",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a54e65bb-446a-4bd4-8efd-66fe4b2ccf96"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "24576:GdBfeHcrhCECR1R/zoi8SHoN0W8vB8O3IcL:qe8nK/zopSHoN0W8vB8u",
"category": "Payload delivery",
"to_ids": true,
"uuid": "f824def2-d811-4ec5-9a91-12b5219e02fa"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--712c68c3-179a-442b-b713-fab9eaa9b67e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:02.000Z",
"modified": "2020-12-14T07:26:02.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "4bedfd30-2c41-47c3-aba4-f4fff9444674"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1536",
"category": "Other",
"uuid": "279e2b18-a2ee-44cb-9754-d56d5660035e"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.3987008123389",
"category": "Other",
"uuid": "52476f95-1cac-4995-ae75-0eb3763be6d4"
},
{
"type": "md5",
"object_relation": "md5",
"value": "005f91999efb988bc401181d2cf103de",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e15d2b4f-69f1-4e70-8f0d-1ef09b96da28"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "3a6f37bdbd8f812efd0805a5e14f468da79832cc",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bf883a99-7b50-47a3-9568-0e5423a3ce57"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "4497bf92f774c9d57a1ad1cf5842e82c94efe82adb78ff3a90a015376361b284",
"category": "Payload delivery",
"to_ids": true,
"uuid": "f0b176ab-60da-4fac-a282-541dd163cad8"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "3da3a9c6f0e53126d2c2723262dbfb08716c02af82157a952da7f2d66540fafabe8db2e2f7c8091ec68f4463feb070bb37ae1b54c91a1d0a07fdf98a5518192e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "52d42062-cf99-487e-b378-3288240ce4f5"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "24:LXsfQMKyxF4iPXOL1XNN9aOL1hninXF4OL1F3YOL1sPNelvq:LXsnjleBHJBhmBB9hB86i",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4be07240-bf2d-4e8b-afcf-9d21c956d1fe"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6288dea8-53e7-4000-9bca-0ecc20bd35a4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:02.000Z",
"modified": "2020-12-14T07:26:02.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "957cdc36-5b00-48d5-8ea6-dec1a745a264"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "99a27047-22f9-45c8-8d25-ada5de687f71"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1.9473387961876",
"category": "Other",
"uuid": "88da1e2c-8bc8-49b1-af8b-4701f34bc0b6"
},
{
"type": "md5",
"object_relation": "md5",
"value": "32e87d188187fe9b9f6afd9de48a41d6",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ed445919-2408-4cb4-8ccc-28336a289792"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "2e10d4aa9df60691736123b143dc3e1dc677330a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2020e53f-841b-4160-921b-f7527fdf4398"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "ca16d1bd56e607403c1b0b5d74c6dc3b8366fa3d982146cc0ec2948099ecfbad",
"category": "Payload delivery",
"to_ids": true,
"uuid": "f87cb4d6-55c1-4b5e-827c-9d9e485be032"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "8e56b8ec1f8828ac8eef7bb7758987aad8f09be39ae0873c2c1ccefa49b8416a48787488ce21c96159cfa536f881151a3372e1cba0dc40b59f338329287fc010",
"category": "Payload delivery",
"to_ids": true,
"uuid": "b35ce313-1666-47f0-9466-1434eabcaad3"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:HlZn:r",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c955f330-eea4-4c0b-a948-941e2d61253a"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d1e0ec27-f60b-4a3c-931b-c7569be605db",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:04.000Z",
"modified": "2020-12-14T07:26:04.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "b26d2207-a24d-4a8e-98cd-1b3299b0ea89"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1018368",
"category": "Other",
"uuid": "21bc5930-ee6a-4c21-bae5-8a06664078bf"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.5694865540978",
"category": "Other",
"uuid": "3a0c7663-908d-4b84-9982-fd4de2707f2a"
},
{
"type": "md5",
"object_relation": "md5",
"value": "26ec41a94ea4d2a3fbfebbe0a32cfa0b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4a199c6d-4dbb-4777-8c15-97e281bd19db"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "c83bb058abe34b411897a5feea274a4926ec20da",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5577a80e-e23a-436d-865d-9a1b7619aff0"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "6127115190de534d0f57f23add63dbc8c414ed99789644c1fa7e932cdbb01519",
"category": "Payload delivery",
"to_ids": true,
"uuid": "168b3a46-e015-4c5b-9d9b-e992849ca472"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "b4b49fe5725fe8807331672049dd4804929da896e63181eb7022825331fa64ec0eb18dd33c112688e23062b77248adf307151a3bcf71bd1816f5f79640abdc2f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "fefd0377-b14b-4979-85c4-622abbcbef75"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "12288:6JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+cYvjenWHuhh9c0g8vkzE19Wa:KEfDbO97P8TrKhYbenWH4c0g8vkzE19j",
"category": "Payload delivery",
"to_ids": true,
"uuid": "200b66fb-16b6-4087-82b9-2b54264d835d"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--efe9facc-a05f-44d0-901f-62e4e870ef95",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:04.000Z",
"modified": "2020-12-14T07:26:04.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "26139e8c-e100-4569-af6f-ccfedfa6906f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1536",
"category": "Other",
"uuid": "cb66ec54-f979-4792-a658-0406233b5e5b"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.389713791853",
"category": "Other",
"uuid": "a3f61a5e-aa20-4530-9260-6d8dcf176756"
},
{
"type": "md5",
"object_relation": "md5",
"value": "9bd1855b2d66ddb1fb9bfb0be0907ac2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1d256d49-3288-45c8-a593-13551ac656c0"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "d0b5359a9a5744d632dbd321ca3a00c1a3f547b9",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d91f9e3e-b9e7-446a-8a1e-befeec02bf86"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "7871935602a9354b0d04469b185dd7f20ddd0d80f45dd7946d6315c7352b8d8c",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a66c7b16-9422-4a7e-af78-c90f9ebb1916"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "24b2c0c16a3e87a2469bf3315a59153f5ffb74518b50a1ee25cde89f81b919489dca38188f32ebe78b8d488dc30c291ebec665360240d926d297afba89942630",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e4c9d18e-9dfb-4e31-abaf-1b5c69b2e0b0"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "24:YA66ZyxF4iPXOL1+N0ZaaOL1hyYinXF4OL1F3YOL15PNMZkqMZ:YPjleBw0gBhyXBB9hB7MzM",
"category": "Payload delivery",
"to_ids": true,
"uuid": "395e3935-1ca9-44d9-a108-36515bff2c3e"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--aacf1b7b-aa96-4762-896a-a97ba1bd5c0e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:04.000Z",
"modified": "2020-12-14T07:26:04.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "647774ef-f53d-473d-9429-67724f4b8b2d"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "a6085947-c708-44c8-bd93-150169ea147e"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1.9473387961876",
"category": "Other",
"uuid": "a9915b7b-eb4e-44d8-85b3-346cadecb853"
},
{
"type": "md5",
"object_relation": "md5",
"value": "a29f1db3dd779a4a629939ffeaa3835b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6ca239fa-c698-4a75-953e-4118e4184f2b"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "c306017f3277b148c4a8914a6c4e46abc1496c94",
"category": "Payload delivery",
"to_ids": true,
"uuid": "58b0a624-87d4-41e0-a113-2600f978e6ec"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "6743e59441d06b5b27d6c2c9cc28ba3e4e81d8955aa0ecde9233cfac0b6e019b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c7e6fff3-c9e7-4cb9-958b-a5741192a1f4"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "17a273facc124e6696eb6e1dc7c1c81c7dd478f2bff5b9160b6678dca0e460235b1f4a013e49f389a1d8d06bc0ca4471500219ee85e533a64afd2441f9bccef3",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d79d1f9e-9bed-4409-ab7e-f0b42019db3b"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:6/Pl:6/d",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d9820eb8-18b6-4587-867b-7a26d6d2d0c3"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--95432908-2bb1-4cca-8b88-db3d0c4bcd6d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:05.000Z",
"modified": "2020-12-14T07:26:05.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "9d6dd696-fa53-481c-8c42-089d18a7259a"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1001472",
"category": "Other",
"uuid": "7864c578-24e3-4840-8e03-5e8f9c278902"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.5697311444704",
"category": "Other",
"uuid": "602efb82-2338-428f-8041-841980dc83c6"
},
{
"type": "md5",
"object_relation": "md5",
"value": "c4a55257e26e3b07339fa125f5223a72",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d9607fc7-8d83-40f4-b7bc-3b8e51839167"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "6c2e6a1b9ebb7d0eedb9e11d8017ff6c795b9b98",
"category": "Payload delivery",
"to_ids": true,
"uuid": "b210f518-0549-4265-aa82-5912e23157ff"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "9e1e82ad740aba788850c5529e3eb84681b0a53b6c76ff5eadc6cb762823dba3",
"category": "Payload delivery",
"to_ids": true,
"uuid": "13759646-d63d-4749-9a02-621fa0165f7c"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "131e0b4fff35499da6e33f099f8fe96de1a65deec9522becbc8e55d0470f42f8d58cc2f3678eb2a82667bdcd96ed0f587464917290904f989678788a497849db",
"category": "Payload delivery",
"to_ids": true,
"uuid": "26dd4d5f-47d6-4dd2-8a7f-5986ac7157bf"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "12288:0x7m/z9aEBzvnvLtYAi6uLlYQ69BBpIvF1tjpH7BKi+0A8vca9owY:PaEBTvRBi6uL6dIvDtjpH9+0A8vca9oj",
"category": "Payload delivery",
"to_ids": true,
"uuid": "76524233-9eec-4f82-88d5-b65259c6f6f2"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7d04169f-afa9-41b2-8992-c693a431abba",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:05.000Z",
"modified": "2020-12-14T07:26:05.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "07078bbe-9887-4307-a2cb-259c994c96d9"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1536",
"category": "Other",
"uuid": "9d3331fc-865f-4ff3-ad8e-eeae43c356f7"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.4018646666713",
"category": "Other",
"uuid": "58debcd3-e4de-4dad-a43e-b3665d1c8d3d"
},
{
"type": "md5",
"object_relation": "md5",
"value": "7454e0d2a852d8d802490dbc6c07f42e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ec54cd2f-e5c4-4e3d-b24d-e950810fb7b7"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "b54275dd4daaa9467f91955b5b4670c20dfc4e49",
"category": "Payload delivery",
"to_ids": true,
"uuid": "fd622511-809c-458d-bccc-28e3b9d3bd44"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "e63d0b1280cd09f3d9236c4a7e428a000f0f87c6a707dbe2a6b5df3ceb24b48d",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ce67aaa2-f196-4ad6-912e-3aff8c28bab0"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "d982e2edba71923c7f9c4fdff636995fb475ba4146ea66dcb28b2b24c0e7f81742b4109ee9900ae7f9442ded32f1412311766cd374d88abdff2da317f752708d",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c43dbe58-0d94-4c82-899e-88d31e2e1cf3"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "24:wpyQMKyxF4iPXOL1XNNP+aOL1hyYinXF4OL1F3YOL1sPN3Flvq3:wp2jleBHSBhyXBB9hB8Pi",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9f694408-2bbc-4e8b-95cb-cb42df342310"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9eb3ca01-80fb-4660-933b-05aa267d4a26",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:06.000Z",
"modified": "2020-12-14T07:26:06.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "cc3d8e71-9f46-4ae8-8017-f7abd4d1f92b"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "9321f263-230d-4940-b7b5-c063882872d6"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1.9473387961876",
"category": "Other",
"uuid": "cbf11ba1-559a-4981-aa48-6e1588de4dac"
},
{
"type": "md5",
"object_relation": "md5",
"value": "89642b60883c693211567f54fcde5631",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6971af4b-4f08-4111-a1c4-2863ff56d8a4"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "0161b4dc14ed849384714b7d48e4ce8e31cee22d",
"category": "Payload delivery",
"to_ids": true,
"uuid": "84c2bedc-96ee-4d59-9c16-ad637657a02a"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "7e9191e9c1bd9624a97b0147d173abe2556a3b319dc1e1805d6ca2abc49c054b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4071bfcb-ba07-4f98-9a89-665f246147f7"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "32837f59e1063a10eff10e71f8ab2f78205122c136ac48bd1e73cb877b375da94c4f6553e84a7080c3a36b8af4461efad16ab251c2c777100b69fb44826aa3cf",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5a245eef-3ef3-4a5c-915d-1aabaf4e76f6"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:L:L",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bcc92be7-237e-43b9-a5d1-85f5bb186f18"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4d9cc854-ade5-46a5-8df0-02ef90e5b8ea",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:34.000Z",
"modified": "2020-12-14T07:26:34.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "59321a91-8be0-463c-8c4b-0858a31ccceb"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "5632",
"category": "Other",
"uuid": "16b4ce24-d0db-42e9-9112-1f5471f80233"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.4919156876928",
"category": "Other",
"uuid": "63a2a64d-9cc6-492d-a520-3323c1932e8c"
},
{
"type": "md5",
"object_relation": "md5",
"value": "2109d02a31c7032f2bcabdf436b6726e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "18a1477a-f748-4345-b710-5d7db45d0264"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "84d90343ae39a961e9e0f92127333b9cc9d62d33",
"category": "Payload delivery",
"to_ids": true,
"uuid": "fc59ff35-78b1-4657-929c-75d4eeb12e89"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "f04e002613102c556260dc57c5accb5db70b427a9c2fdd6f51419ff53499f173",
"category": "Payload delivery",
"to_ids": true,
"uuid": "124bb2fe-683d-4a43-b575-c4434ec79a62"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "3c343696c837d1efc28ae4a688b863c4dff41e3b80047cd2ec6c9d571a3f677f8c750a5dabc7530c56d04749e0972d4d13403f05d10635a69ac82707bc984f8d",
"category": "Payload delivery",
"to_ids": true,
"uuid": "02786a92-5495-44ac-a649-5da6a862d2fb"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "96:DKQSUZZa5aE8ibv1c8M1UBDawAjNXe+U8w15Gl+5DDGTBNF82gx:vqRzbt0GBDawA5uT8wSlyDDGTBNFS",
"category": "Payload delivery",
"to_ids": true,
"uuid": "0862c629-49c0-4f9f-a35c-c3c6fd8b1de0"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3592e786-423d-4e1f-abad-4e12fe86fc0b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:34.000Z",
"modified": "2020-12-14T07:26:34.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "f8437a8e-85f2-46e1-9efe-9b963a4dab48"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1024",
"category": "Other",
"uuid": "fdef9cef-a5d5-45b9-bfb9-9519a149aa1b"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.1419883961028",
"category": "Other",
"uuid": "86dc1631-47cd-481e-a3f3-613495d21ad9"
},
{
"type": "md5",
"object_relation": "md5",
"value": "27193464e3effc6950cde66a4ad4757a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c64cb507-ebda-493c-8916-c3e7eaa0a018"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "01d5d5696eadc1963ccbbf7ff2f79ba482ed17e1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "cc506e30-2538-454a-8edb-e9fbd9cdbb3d"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "a4c3bc5b8ba65bfff823212b5f2d76f618cbb12fd1e17db85ed1bbff35783336",
"category": "Payload delivery",
"to_ids": true,
"uuid": "67458d35-fd49-4cdd-bf7d-ec097283e63f"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "394e55d211fd73d6d5a5aaabeeb6f0330cd6b6fba40a07bcdd789976097875da6d130ba8308478a1991d0217f0b22b0159f07232e7119dc36367784b176ae1e7",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3fad7cd3-b92b-47f4-a0f4-3e9686974db2"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "12:Essi3ntuAHeswYAB19aUGiqMZAiN5Eryi1qD41hPvYnqqf1qD41hoPN5Dlq5J:lIfs1FuZhNu8+PWN8+oPNnqX",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4a101441-e6f4-49e4-813f-4974a1a74256"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--55c48bc2-d156-453e-a905-2649d1b0ee23",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-12-14T07:26:34.000Z",
"modified": "2020-12-14T07:26:34.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "427da0f8-d176-43b1-8b9e-197200c3c350"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "fe6116b4-5c3c-4144-b635-95f1bc421050"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1.5849625007212",
"category": "Other",
"uuid": "7046efd1-7f31-48cf-a710-a67fc3c075eb"
},
{
"type": "md5",
"object_relation": "md5",
"value": "6a8e92fdd78e813e24abd0a0932052b9",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a08999b6-9f47-42e6-9f33-2849a4938cd6"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "76e3423312516772e053f5d1861163dd27e99a8c",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ad03d9a1-a5db-4200-8089-561c966d2752"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "f81e587fb1c7b55c7daeeee2bca68e619df3c815b316e439ef006fd91894aa09",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8282e5c0-3497-4c78-94c1-010fa4ef19fa"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "e91dae684ce94faddd8a4b69d745524f15494f22a55b87d4ef1dd5fa3b78e017a911d55148819ca2736e4c500742f82584dbb6cb9aa3a0b61fadf91a56b0dc3c",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e320b313-ce86-4f90-9505-f6c68a4451f0"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:n:n",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bb2ea448-e454-4a70-a121-4086742cfd5f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--877e9959-b0f1-4b12-ab0f-0e49068b9352",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--da3da386-9fe0-4822-a352-64a138239031",
"target_ref": "x-misp-object--3073a9b9-f747-4ec4-99c4-f6b5c93fbd7f"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--7f30e064-3323-4cb9-8283-01b34030ad97",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--7370a818-1f90-492f-9c8d-213e3414d8cf",
"target_ref": "x-misp-object--aacff3c7-77c9-4c70-ab9c-9cea57951fa5"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--a52ac6c4-e992-494f-883c-b7184d93b729",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--7794b113-2f04-424f-ae5a-dd801e020d01",
"target_ref": "x-misp-object--96ffe3c5-a158-40f6-a5ff-156ac385d32e"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--c5f75fdc-6137-4b56-b656-859d0168c921",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--d47e29ef-e08c-498c-a5c9-779a6a2b79f4",
"target_ref": "x-misp-object--a496eaac-08a1-4a65-b489-96cdb0868312"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--08523962-3be4-44af-98ac-43f5749c59ba",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "1970-01-01T00:00:00.000Z",
"modified": "1970-01-01T00:00:00.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "indicator--a224f9a3-c58e-41e0-9841-460afdd9f409",
"target_ref": "x-misp-object--8329451d-10ab-4ecb-9cff-d5de9c33c5f6"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink