misp-circl-feed/feeds/circl/stix-2.1/5cffb200-f430-44b2-83a2-c922950d210f.json

590 lines
118 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5cffb200-f430-44b2-83a2-c922950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T14:38:31.000Z",
"modified": "2019-06-11T14:38:31.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5cffb200-f430-44b2-83a2-c922950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T14:38:31.000Z",
"modified": "2019-06-11T14:38:31.000Z",
"name": "Dharma Ransomware sample",
"published": "2019-06-11T14:41:51Z",
"object_refs": [
"observed-data--5cffb284-faf4-4802-b6b8-7f1e950d210f",
"url--5cffb284-faf4-4802-b6b8-7f1e950d210f",
"indicator--5cffb3b8-af68-4c12-a266-7303950d210f",
"indicator--5cffb43d-af50-4598-b611-72f8950d210f",
"indicator--5cffb4d4-65a4-461f-9138-c804950d210f",
"indicator--5cffb4d4-20b8-43f0-b3e4-c804950d210f",
"indicator--5cffb4d4-9518-4a8e-babf-c804950d210f",
"observed-data--5cffb52a-0430-44a6-85ec-c7e9950d210f",
"url--5cffb52a-0430-44a6-85ec-c7e9950d210f",
"indicator--5cffb25a-bbdc-467c-9fae-c805950d210f",
"indicator--41f3bbc0-3498-4e46-b709-ecf8ab06b7f7",
"x-misp-object--1e50392c-b19d-4eed-b377-f9d969518f18",
"observed-data--961d6906-3cf1-4681-baa0-1083e3236558",
"file--caf83adf-0962-5dcc-9e3f-8fef8fdab3a7",
"x-misp-object--7996b4b6-4218-487c-b44f-b692014499a5",
"x-misp-object--6553476c-da2b-4912-b792-1c1a66a974ac",
"x-misp-object--c39231fe-0086-4273-99d8-af059f62726b",
2023-05-19 09:05:37 +00:00
"relationship--1f514e1f-2492-4e85-986a-39a2c32b2185"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:ransomware=\"Dharma Ransomware\"",
"misp-galaxy:ransomware=\"Virus-Encoder\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5cffb284-faf4-4802-b6b8-7f1e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T13:54:12.000Z",
"modified": "2019-06-11T13:54:12.000Z",
"first_observed": "2019-06-11T13:54:12Z",
"last_observed": "2019-06-11T13:54:12Z",
"number_observed": 1,
"object_refs": [
"url--5cffb284-faf4-4802-b6b8-7f1e950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5cffb284-faf4-4802-b6b8-7f1e950d210f",
"value": "https://www.virustotal.com/gui/file/bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54/detection"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cffb3b8-af68-4c12-a266-7303950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T13:59:20.000Z",
"modified": "2019-06-11T13:59:20.000Z",
"pattern": "[mutex:name = 'Global\\\\syncronize_K8DWMVA']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-11T13:59:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cffb43d-af50-4598-b611-72f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T14:01:33.000Z",
"modified": "2019-06-11T14:01:33.000Z",
"pattern": "[mutex:name = 'Global\\\\syncronize_K8DWMVU']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-11T14:01:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cffb4d4-65a4-461f-9138-c804950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T14:04:04.000Z",
"modified": "2019-06-11T14:04:04.000Z",
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\system32\\\\996E.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-11T14:04:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cffb4d4-20b8-43f0-b3e4-c804950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T14:04:04.000Z",
"modified": "2019-06-11T14:04:04.000Z",
"pattern": "[file:name = '\\\\%USERPROFILE\\\\%\\\\\u00e3\u20ac\u0152\u00e5\u00bc\u20ac\u00e5\u00a7\u2039\u00e3\u20ac\u008d\u00e8\u008f\u0153\u00e5\u008d\u2022\\\\\u00e7\u00a8\u2039\u00e5\u00ba\u008f\\\\\u00e5\u0090\u00af\u00e5\u0160\u00a8\\\\996E.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-11T14:04:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cffb4d4-9518-4a8e-babf-c804950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T14:04:04.000Z",
"modified": "2019-06-11T14:04:04.000Z",
"pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\\u00e3\u20ac\u0152\u00e5\u00bc\u20ac\u00e5\u00a7\u2039\u00e3\u20ac\u008d\u00e8\u008f\u0153\u00e5\u008d\u2022\\\\\u00e7\u00a8\u2039\u00e5\u00ba\u008f\\\\\u00e5\u0090\u00af\u00e5\u0160\u00a8\\\\996E.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-11T14:04:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5cffb52a-0430-44a6-85ec-c7e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T14:05:30.000Z",
"modified": "2019-06-11T14:05:30.000Z",
"first_observed": "2019-06-11T14:05:30Z",
"last_observed": "2019-06-11T14:05:30Z",
"number_observed": 1,
"object_refs": [
"url--5cffb52a-0430-44a6-85ec-c7e9950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5cffb52a-0430-44a6-85ec-c7e9950d210f",
"value": "https://www.hybrid-analysis.com/sample/bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5cffb25a-bbdc-467c-9fae-c805950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T13:53:30.000Z",
"modified": "2019-06-11T13:53:30.000Z",
"pattern": "[file:hashes.MD5 = 'cde75b4c59682b1088ac09affa8a9d32' AND file:hashes.SHA1 = 'ffcba94f675e61f0b84e41163431fe62e8eba93b' AND file:hashes.SHA256 = 'bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54' AND file:name = 'bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54.bin' AND file:size = '94720' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAK9uy07xj8AUvxIBAAByAQAgABwAY2RlNzViNGM1OTY4MmIxMDg4YWMwOWFmZmE4YTlkMzJVVAkAA1qy/1xasv9cdXgLAAEEIQAAAAQhAAAAuIUu446zoMDd50yYZ0imffCeTrfi97OYaeOhkxNUkJmXmAAQe+V0XT+thz55hpNK59Nsv1xMjl9XRz/O+qtAvFHBLzHokkkXlg5AmaK8sWywYb/sEuGn0jZEQ1c7CGSuReHyeOQjocexmbIxTFZx8fL/nJ6MZe9BY7ysCFeJOPqhPsoLILMJcwbKrjd+akh8CR3j9jd59dVbHVKhfG1xbmeuXPGM3Q5DWBwPXGA7Bq1EZTRsYQGEYbmCKIXK27k9ApRwl5HThXAfhU5wUmOb+r5gmMnqbBlDgHmqKweviwmnj6Hw22Glm7rF1uwurB4mOJK745y5WtLWYimy6OxEZhaa7QE/d6RqJ/7jnLgXyGk3YymP96vy5+j3xNoSoQnRwMJ4aWHUN9m3QZv/KYuDzfy75g5ArUKjC0nvQ7IwRF5R/4rnXa/3eAjqXlfNrEJ5Vzmxt3NKLhGBqF8eP6ZoK6gbGaXpGjmMyI+xpNjx9hkCTCiPNQN7FDhkzRspZuuHhsEoGEWY8uV40mQwDMSzhLxKdWorCv3qxHEYOqO8GYP3bxbBolrXKOlJLDK2mxwKXdeOfshWIcHhrLXlMDa91LvDdIpNN7rIngMDP5WcZQy3kfqohkHfNjBCnU4l/cz26N7e60uCJK+1HRC3yg3sUHLVaeZvc4HLIgpS5BTcQTh394qdfIGFAmxBEQTg0+6SzkP9eIJ/PkMEkssorex4rj/Kabzmd35LMp9mje6FPD7VB3nasf4ljq+RUsm+g3ji4i91vFfxNnP302dTk8t0dY7Hr7fG1iYjSM/yy5be2jS4j0WryYR3CYGBUygbTj8/bxjkOCJrJw83tt2xzsowyGUmtZq91LmrvlsSyqIbb5Yn3weTj9XobN/BPYYGQ6ptUVmayEG0ZwFSYznJfhAmiuWxTzstZ9YAR1pQPaJTr1BGABrajfL0r6hBPz2ed2/pQ01z9RNG2CN6q/Yxpvhpma9uDr+5BRNEVCmUwdi9Nf9XDxfS8Vuj+nZ/meYC1ePbc5X78v/26Aaav5PSAtQLCdj0WbrhM+HL9YU0hwrAItm9sMGRcQ9HOrAEW6MfZBfLPdavB+N8O77i4+yXJ1E6oVdjENQuFgjvbXeSFTxybpJ6tHASKP+J3F4wSZUwTaGmfbjB+OuKBr7tQTorIFem25erFk4It80MM3e2aeAF0xJTkGpbNX/5o0Lkv4sa7NRoNh9wILNWj1Yby6JHdT7h8p8R4jx/QlKDdXcMg8yqZRczxxZBT1Eys+dPcQMIuNDJCsL1epoZRyw2BWL6JIoM+ljNhTPT27aPprZxf3nd7FNgpOUbwlsCCsGTmeHLH6KQZ00VYc5b8tYrSwZVin+lgCjrQ/PqP9jTrGyaOLrfRgmG8qOKZKmm++AJtNP9t1OemuNXJnt/W4V5jGCO0YNWl6Gd1ypsbvBvhYhwYICILn3yt+epfRPtqG9tiUNjAz5cMa3vjngqM6BxFWRFTUNiwQyLTqwACxarQJLMIvJ70MhkJztDYYiSLPe+aooDwWUP52dSWWgSMvjBxEEHJnbpUSIv+rnqJNf4GNrJCsQMSRWn6YulYvL5SnVDhfAM0XfrXmjPPK4SC8Q6zK9BJD8pEKnkc3qWQFCi5sOqie9aa3lj1e9Dwuvqw2RbmLCKZw0VHa9gtsUUdpjOdxNDtY0V1+N32lxf45Jx/NhIJiSVAP4YQutLuGeKEH1kFf8beYCKmBrIceLEok9Snbu5Hjav0Z9I0S1Kv44m2+8RhvECBaaZ9+ia/kSzTCSwdZfP49jDqcKaKfmWOhf/K/otiCNkOmYRp4445jJ6RssvUjZtsli6B0KQOQq0o5MQaYMfih1CWixQLmsC+LZAiOFAM+UUJtJE0LjcYrrE8WpxMCrRLXywuhhvRfEMuTEdwtUkgJccs2wUxfzZqhnKyadDFFc1LN6A89OgEQC69seWaUNEmlT42jy0oMPJxGZD9eaOmqs+lCuefhZ3x66Kf9GvOJoBsRPeKAMQNaXzx+JPGAW+MmFoeAhmfYQKQ5MrxAW6FXQtrHAp4xLWlAODbn1aOfpLAMczO5nNoh6OpFTHYho5U5HTcaYc1UipcamNnNLiNX4SGatB0GI0YQ5fhP2W/unnX3Hac/AFSTNEaoyjxRuWphUIYgOqnkh8K3DhDovxaPvw964EbR/agso5mA16UrOdHbkWzEPM7hZD1p+48LsEaTWOMOoyI/ete9cYBTOchQe4ZnpC3O59QTynlKZoAHi0fmqOC329/O+inWERDTsjjS38RNZDE38tyhT2yNqktCfQkSDvRm3YQvbnoqGKfll63OUshEh4YF4gRWtKDCAFRsoh5LLbjqkaaOiF7j3+/qKnoLkEsh+nD1Q1QYbWUwbC+K/Qz/V/737Ezx50AeYfDc3nIqRZHJ9AUxZJ4AngqMDSB3H2xFSB4zF85oUR70MfPYmAzCvbZ5B1z8KiZl/oyTAcz3RvNZOTNPXY5fGXH4UcD9rH26lxtbpVq7kcaG1FNEhB+/2lDSB089Te67P0mt9Ad1nILmqetu7tyC9QRRYCp+rfqK8CVBdOkZXTe1fYzFSwOyh19gXV4mpXjb1zug3c0OhGAJdiY2D8dYJat/0slKXW1/oE1zA/9y2JkGQu+RxW35JrI2tSbkms9/7daxiUTmz5C93smsr04acpyRk8+/MihVcT/i7gwg+ZtWKK/DHFmpt5mgu9PYYVXr41YDLkzLlaNEOVFvVHO3za9NsPyw1HbjOS9LrtZiQFlcHUtuj/2OtqXm1j4JI1Xm1Fd5DpyiPuQwCsGKaH8Kvm27FAsCqhrFk5LKP38VnngcdJOVC49NRD4luwTDJwuh7wyzib2GiQaKJlyu3hBXoMh+A8ZLMArbfajHAa0y5f+k2XMwzDu55D0ZXZhtvOt2GLK4sucAUeLKks1SRmd079+5v45Lofun/Mvay+ExJeetSovotSfRPP7TSOVn1u7s8i/2rlS+G1v5/TYEhJ730W/BdvPrHNhWLxmFKsug0c77zZBVwvNbBb+5pYAWoIJaRJF3Mi2i41KEsAdgVY8qw/DPtq/jpcGhtwE22B/SdhZ7OBRlAIslnoWj+Mvmd67c911hU5Yx1kcnhBBa/EH35GQEV9B5SIcck5rj28ZTKpi+jhtv/WnqrCJ6UYK6PMTmFyLCYPyljcjgnohE2krNwyv17geKD0QacUEi7AHmMqz6qQH5nK52k6BGGQPlM2msM3ptUTl20492TxyiR7pvbeBKOgDKlCc7WvNRJxobZzEDFIkogBQQmLC9okAKbbnKpchedyXn8vr9QX1FCgj1POxDe/mRwE8NR2mn2Hkc5rcBvW/922RjTV0lHJngUbVy/QNAvfIJZnWl23/IUt7x7NPwzpD8VJ93oK3lr1SpFhE1Z/7ckMCDWfECW9o7+JhJEs3xsE6TJFVoXEPr2gdgRZPvLwH5j7BRZLexc7uoF7xKDYOyL6B5M11S2RRaZPbaQunWima3sEcuXaz/uh3Oz9bkTj7wknQ5frtSr4tfqKRqMzuvJ5cLZqgZiBDbBOH6LUaj7p4Uo8DPJdxTerT2erc4e5Gj+Omtj
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-11T13:53:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--41f3bbc0-3498-4e46-b709-ecf8ab06b7f7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T14:21:16.000Z",
"modified": "2019-06-11T14:21:16.000Z",
"pattern": "[file:hashes.MD5 = 'cde75b4c59682b1088ac09affa8a9d32' AND file:hashes.SHA1 = 'ffcba94f675e61f0b84e41163431fe62e8eba93b' AND file:hashes.SHA256 = 'bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54' AND file:hashes.SHA512 = '6e1d6b8683205cb6e4334183d92ae746c33400dcd1eedd763109b2246513cd7b03f49fe6c607686286d38817e2d23d694eb8f6ad551fcce58311079a76b3c4ae' AND file:hashes.SSDEEP = '1536:mBwl+KXpsqN5vlwWYyhY9S4AaFAFLZYEKox+2yZzOcJwqCsQ:Qw+asqN5aW/hL0FABKa6S' AND file:name = 'bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54.bin' AND file:size = '94720' AND file:x_misp_entropy = '7.4429543683099' AND file:x_misp_mimetype = 'PE32 executable (GUI) Intel 80386, for MS Windows']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-11T14:21:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1e50392c-b19d-4eed-b377-f9d969518f18",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T14:21:16.000Z",
"modified": "2019-06-11T14:21:16.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-02-02T18:08:36",
"category": "Other",
"uuid": "0a544a91-ac88-45c7-b030-a0405cfcb72c"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54/analysis/1549130916/",
"category": "Payload delivery",
"uuid": "70f70408-602e-4f78-8918-d0e24a4d06cf"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "59/69",
"category": "Payload delivery",
"uuid": "aeab3071-f51a-4f34-8f4d-96ca079c2125"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--961d6906-3cf1-4681-baa0-1083e3236558",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T14:17:12.000Z",
"modified": "2019-06-11T14:17:12.000Z",
"first_observed": "2019-06-11T14:17:12Z",
"last_observed": "2019-06-11T14:17:12Z",
"number_observed": 1,
"object_refs": [
"file--caf83adf-0962-5dcc-9e3f-8fef8fdab3a7"
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--caf83adf-0962-5dcc-9e3f-8fef8fdab3a7",
"name": "",
"extensions": {
"windows-pebinary-ext": {
"pe_type": "exe",
"number_of_sections": 3,
"optional_header": {
"address_of_entry_point": 4237776
},
"x_misp_compilation_timestamp": "2017-03-02T23:49:06"
}
}
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7996b4b6-4218-487c-b44f-b692014499a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T14:17:10.000Z",
"modified": "2019-06-11T14:17:10.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "9440dca8-a32e-4ea3-967f-a697cbe84b40"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "40448",
"category": "Other",
"uuid": "6ff23e67-08d6-4c9c-9ae5-3c8e52e16d73"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.9960482530521",
"category": "Other",
"uuid": "fb1b5b5d-83c0-4b37-9b74-ee5d3b7e0290"
},
{
"type": "md5",
"object_relation": "md5",
"value": "a089253c3119b6d705e6f8891c3efc7f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "aa737ffe-ef31-4ab4-8cd7-4c5552c5b16f"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "2d8a3402038ad0dbf58cc87ae1e13c0b88338940",
"category": "Payload delivery",
"to_ids": true,
"uuid": "59e347d8-7b1b-4852-bfe5-7cd6c7562382"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "cdb6cc8ce78283d4bbab3f1527e681972ec3310dea3d22c11ed461438b463ffc",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ed660fde-8117-42b0-94e3-4be833b2af18"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "cabb1030f9710181d127eb4352e7e1cedbee93b114e60b979a6bf8962e399146de0e759d20f852702be99c9277e5edbcb7936dde6d448c6ba5871d01d17619ea",
"category": "Payload delivery",
"to_ids": true,
"uuid": "78466251-218c-42f5-8428-d8cb08804ea3"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "768:bBNNi5pl+CVzfqqXHKuAZTAr4I9saBGpwpB7+Evlw1wTg2AyQoRE:bBwl+KXpsqN5vlwWYyhE",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c96cbe9c-6cd3-4c1d-aaa8-d0bca31f034a"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6553476c-da2b-4912-b792-1c1a66a974ac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T14:17:11.000Z",
"modified": "2019-06-11T14:17:11.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "5005c76c-5e6a-48fc-adc8-eac71e252c03"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "10240",
"category": "Other",
"uuid": "f75fc266-c282-4e43-aab1-49e80e286c0b"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.934634534506",
"category": "Other",
"uuid": "9547fbe0-98ef-4978-8c5b-3d81b67c09bb"
},
{
"type": "md5",
"object_relation": "md5",
"value": "ec25b0d78eb75da6d2c3442f37e14483",
"category": "Payload delivery",
"to_ids": true,
"uuid": "29f11f89-e436-4ea2-b4f0-a0ff57730a88"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "1d13e7c63fcef26e1525cf0e1fe6d1eaddc069af",
"category": "Payload delivery",
"to_ids": true,
"uuid": "deae458d-adbe-4ef9-b170-05690f092908"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "409f08d916d46107980530f3ebb777329742c891d12d78dfc7da4d84ae0d7378",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4dc58246-f784-4eae-a8c7-8a54deaa035d"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "46b388ef10cbe9659a98092806f4b145baead82bd88558376d6c2f8170f209ce1d48d0806fc4dada69ad580db3064b2d5495bf0283c3a2f364a21d4fea474401",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2ca32899-d9a5-4a30-be46-24cde81b25e0"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "192:dcbI+LyvzbIQusOo8Vdpk0rsJUiPKDkBMnRKE9sfb8e:GLe37usOo8Vd6ciPKDkAKBfb8e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "b176ca0c-16d2-49d9-b9ba-f46bfb3d3f55"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c39231fe-0086-4273-99d8-af059f62726b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-11T14:17:11.000Z",
"modified": "2019-06-11T14:17:11.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "d48fd9bf-3e9d-454e-a709-c0ae0066d380"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "43008",
"category": "Other",
"uuid": "11831991-0caa-4ba1-971e-04b99bf703f9"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.9825769147348",
"category": "Other",
"uuid": "1947d27e-6d29-444c-b308-9f08f6a18135"
},
{
"type": "md5",
"object_relation": "md5",
"value": "0da80d06d2d6dc225daae951b2901c29",
"category": "Payload delivery",
"to_ids": true,
"uuid": "80af7503-9adf-4b9b-82c4-13db7cb504ad"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "87c60db200881b7f71ef5a6ab4c90539c7959506",
"category": "Payload delivery",
"to_ids": true,
"uuid": "faea2dce-ce15-45d0-9289-5a7b1bc6c066"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "859c6c8407b1f60ce3deea11cc41352c3f900aba6b7a808625850336fd39c2be",
"category": "Payload delivery",
"to_ids": true,
"uuid": "782eb604-c782-4064-a0e9-33ca42f225ca"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "6019897e209c2ff7921d5053b7432807f20f1165ba322b7026fc9f6f453a2a57ef60e41605f062cfa6c86cd4763b3de4f8e13419351228e742f8e925c0ce9af5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8ea56e36-c3d9-4ecb-8d30-07b36a35f357"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "768:rRuy6EAFLZYEl2doxbadck/ZzOAHJx7wHrLtu1CaRw5:FFAFLZYEKox+2yZzOcJwqCsQ",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e401c300-5d81-4a8e-9216-c5a0d7ef8351"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-05-19 09:05:37 +00:00
"id": "relationship--1f514e1f-2492-4e85-986a-39a2c32b2185",
2023-04-21 14:44:17 +00:00
"created": "2019-06-11T14:21:16.000Z",
"modified": "2019-06-11T14:21:16.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--41f3bbc0-3498-4e46-b709-ecf8ab06b7f7",
"target_ref": "x-misp-object--1e50392c-b19d-4eed-b377-f9d969518f18"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}