2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--91a106b2-5ae3-4433-a885-fe3023adb768",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:25:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:25:35.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--91a106b2-5ae3-4433-a885-fe3023adb768",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:25:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:25:35.000Z",
|
|
|
|
"name": "Compromised host delivering malware (Mirai)",
|
|
|
|
"published": "2022-01-28T14:31:50Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--dc82a7fa-cd22-468d-8810-2ed1f22ba2eb",
|
|
|
|
"indicator--c3520808-4ace-4388-9940-1fb577023982",
|
|
|
|
"indicator--7fe8013c-5cd2-4359-ae1b-ea7be7583973",
|
|
|
|
"indicator--2a7f462b-5bf6-4ff7-a9f7-f9536c9e4982",
|
|
|
|
"indicator--f0aba59e-f6bd-43ce-9fdc-06bffe6f47b0",
|
|
|
|
"indicator--bfc5825b-72f1-47a1-94e1-bb2b6147266b",
|
|
|
|
"x-misp-object--14c643f9-c048-4601-b355-4101d32e721d",
|
|
|
|
"x-misp-object--6d288686-4691-4554-afdb-d06cbc07136b",
|
|
|
|
"x-misp-object--620c41d2-3464-44e1-9cc4-ac26810a471d",
|
|
|
|
"x-misp-object--c2f0df16-1c9f-4aee-9bd0-c28f8e7dc46b",
|
|
|
|
"x-misp-object--7ae73141-0fe0-468b-a637-048283310d7c",
|
|
|
|
"x-misp-object--605fb316-826f-4791-8595-462693a9c897",
|
|
|
|
"x-misp-object--d89db1f3-12a7-406c-b60a-407b435ff6f9",
|
|
|
|
"x-misp-object--5b967d2c-daa7-457a-892e-e6eb46927b02",
|
|
|
|
"x-misp-object--b96b81c1-c42b-4b21-b55e-ae110dcef254",
|
|
|
|
"x-misp-object--37324a84-f710-4d2b-b579-037be8400fd8",
|
|
|
|
"x-misp-object--9ef9d811-89d5-4acb-bdd3-8ceff6f2e3f1",
|
|
|
|
"x-misp-object--2b76c945-728a-4b11-bcae-4ca9dcfc9b1d",
|
|
|
|
"x-misp-object--2c752589-0653-4e0e-a6ee-0041b4454897",
|
|
|
|
"x-misp-object--e3b993ab-3058-409e-81c8-efc495bfddaa",
|
|
|
|
"x-misp-object--1893302e-a4f7-4e28-a8d0-7556e6567756",
|
|
|
|
"x-misp-object--dad3f610-d76c-4361-bb4d-41781cad97fd",
|
|
|
|
"x-misp-object--0af6fe82-6f45-40e0-b0f3-2168a9043770",
|
|
|
|
"x-misp-object--d29a7e9e-d334-4ca9-8d95-1f25cf320b85",
|
|
|
|
"x-misp-object--eda4b8fa-1906-4263-b685-77c79b9a494b",
|
|
|
|
"x-misp-object--3cf774f3-432c-4dab-b9a9-5ee8a5c7bf02",
|
|
|
|
"x-misp-object--3cc99722-ce57-4202-be55-fb8b973c88f3",
|
|
|
|
"x-misp-object--083c2484-551f-41ce-ad0e-5dc89744fdd6",
|
|
|
|
"x-misp-object--9ddc2aa3-59cd-4611-829d-6b0f9f82b99c",
|
|
|
|
"x-misp-object--f58ab9c8-011c-478a-af44-61d68d02930a",
|
|
|
|
"x-misp-object--3d1434a9-7510-4777-9bf3-d9ddeebf09c2",
|
|
|
|
"x-misp-object--f705c834-81fb-47f4-8938-85072ade512c",
|
|
|
|
"x-misp-object--34066ab4-0ce1-4d8d-ac87-937d1668d164",
|
|
|
|
"x-misp-object--89bebe98-9e8c-4987-9ade-80f48c2086aa",
|
|
|
|
"x-misp-object--142feb3d-6177-4bc7-9716-f7dfed0d65be",
|
|
|
|
"x-misp-object--159d2cc9-3205-4a2d-8aa3-5efa0389395e",
|
|
|
|
"x-misp-object--544a4239-ca3b-4d41-8e55-da5a0c40f195",
|
|
|
|
"x-misp-object--c2060b89-7937-4fe7-8f27-64813a461fa6",
|
|
|
|
"x-misp-object--361e875d-e54a-44b5-b9c7-6a9695705213",
|
|
|
|
"x-misp-object--af34567c-3eca-4ef6-a4d2-f47302a26efb",
|
|
|
|
"x-misp-object--aeabb0d9-b3f6-4097-8bb2-37e335e529c3",
|
|
|
|
"x-misp-object--4c5b90c8-dc4b-4aea-a678-0c6c284676ac",
|
|
|
|
"x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"indicator--7d7df874-930d-4b20-8c96-af63f55cbd84",
|
|
|
|
"x-misp-object--332737d8-78a4-43c1-8eea-1672a9c6211e",
|
|
|
|
"x-misp-object--86f548c8-b230-4c9a-b370-ab8c763247a4",
|
|
|
|
"x-misp-object--6994c40d-0d38-4742-83fa-223ab043ce4f",
|
|
|
|
"x-misp-object--08bdf6a7-c0ca-4804-b0b0-a85fe7e852dd",
|
|
|
|
"x-misp-object--04dc6d5f-9f25-4855-8ca7-724299500296",
|
|
|
|
"x-misp-object--8c4d1d56-076b-43f7-9fd4-a5ab61aef707",
|
|
|
|
"x-misp-object--477fe223-252c-4506-99cf-d5b0141824c1",
|
|
|
|
"x-misp-object--f6b98e69-863a-453d-b203-4ad6daf96031",
|
|
|
|
"x-misp-object--43f17071-8590-4431-b05a-1ba373f06156",
|
|
|
|
"x-misp-object--988dae6b-7878-45d3-bb52-3483cfaa90ac",
|
|
|
|
"x-misp-object--ff3dbf25-c91a-4c5e-a307-b09140d1e54d",
|
|
|
|
"x-misp-object--0e101d57-1d90-4076-8374-225d56ec15c6",
|
|
|
|
"x-misp-object--388ec59f-5fd6-4ece-b807-951ba9deab10",
|
|
|
|
"x-misp-object--95a48a4b-e0cd-4ac8-aa65-1616034ddb4e",
|
|
|
|
"x-misp-object--d3d5cf26-3fb5-422a-b09f-bd5608b748b0",
|
|
|
|
"x-misp-object--5ae76e6a-5bde-49ff-ae62-7a7a4f52aaa9",
|
|
|
|
"x-misp-object--bb1bfb74-9f6f-4449-b874-a765554cc9eb",
|
|
|
|
"x-misp-object--3f774191-fb1e-457e-9d1c-5bc8ad5454b6",
|
|
|
|
"x-misp-object--2d3fc584-84ff-429e-9894-e892146ce7cb",
|
|
|
|
"x-misp-object--22175547-a96b-4ec3-b03f-26f365d45c71",
|
|
|
|
"x-misp-object--0cbef961-ea90-4e1f-9f8d-3e4d24f62699",
|
|
|
|
"x-misp-object--05156594-1bb7-41af-b736-267ad8389d64",
|
|
|
|
"x-misp-object--0317c886-7db0-4827-a0b8-6dd84576ddb5",
|
|
|
|
"x-misp-object--ad40d950-54f9-4ba6-9616-62ec24267483",
|
|
|
|
"x-misp-object--0f049f52-42a6-42aa-b98f-6e2cb4e57fd3",
|
|
|
|
"x-misp-object--56143abf-cf39-4a32-b7e1-05145c5f4acf",
|
|
|
|
"x-misp-object--0e9e6b1b-69d5-4188-b72c-2736a564e607",
|
|
|
|
"x-misp-object--89bc1d5f-370c-4b63-8b0d-614340ef1ddd",
|
|
|
|
"x-misp-object--14b7ac86-f365-4e4b-ac83-cff6b629a56d",
|
|
|
|
"x-misp-object--92326210-9571-44a8-ba88-4ad34b339337",
|
|
|
|
"x-misp-object--85a572df-42d4-40a0-bd36-e132c4c83790",
|
|
|
|
"x-misp-object--5017c265-1aa5-4da9-ac98-f6a822ce6c42",
|
|
|
|
"x-misp-object--20c26b05-2d9c-481b-abc5-ac467675157b",
|
|
|
|
"x-misp-object--fbd07bfb-4432-45f0-b117-169e3c1b30c0",
|
|
|
|
"x-misp-object--22b34d51-5a31-483b-af3a-3e8e1957236e",
|
|
|
|
"x-misp-object--38e7e306-4dfb-4a52-b44c-03e0e3eadeef",
|
|
|
|
"x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"indicator--ecac3d0b-9083-48ec-b768-6c4931bda03f",
|
|
|
|
"indicator--f59db50e-b725-48ea-85bd-90baee6779ba",
|
2023-05-19 09:05:37 +00:00
|
|
|
"relationship--ae751f13-c2a1-4e07-8e78-4a62cb0ac633",
|
|
|
|
"relationship--86d6c305-06bd-4987-a4ec-fb140101c405",
|
|
|
|
"relationship--32136995-36af-4e36-9457-ee3015a24b0e",
|
|
|
|
"relationship--91243939-fbdc-41f2-b49e-61c8b500b1f3",
|
|
|
|
"relationship--bf60871c-03a7-49a7-b395-69489305a5eb",
|
|
|
|
"relationship--a61b8770-b406-460b-ae23-689995db7c07",
|
|
|
|
"relationship--12b204f4-3010-4c25-a700-1d5fa5cf8caa",
|
|
|
|
"relationship--897ef24b-0a20-4250-95d8-ef144665a27e",
|
|
|
|
"relationship--f6393ff4-3275-4bbc-9ede-4a55c345dc60",
|
|
|
|
"relationship--e78a4923-43be-4830-88fe-e3e3757bafb2",
|
|
|
|
"relationship--cc5673f3-a2e5-49c9-8d0f-577593273d06",
|
|
|
|
"relationship--d53bb1aa-b6d7-43e2-96a2-fb8a6dff0504",
|
|
|
|
"relationship--f03a8b71-403d-46fb-937f-93cd637badd2",
|
|
|
|
"relationship--e779fa46-ad37-42f2-ac9b-6c3d3df1c620",
|
|
|
|
"relationship--fcfa9be3-87cc-45a1-9d2c-6f2176afd92d",
|
|
|
|
"relationship--635e8ec7-e82b-4263-ae63-0ef96d8ac3d2",
|
|
|
|
"relationship--8c6600e7-c387-4860-b993-ac2761544a60",
|
|
|
|
"relationship--271e3725-8542-4ddb-abd1-b6a26660da21",
|
|
|
|
"relationship--72372d75-382a-472f-8627-6c949f0b9b81",
|
|
|
|
"relationship--049662c6-2f76-43d5-9db8-1c007760c9a1",
|
|
|
|
"relationship--5100fb4b-e6be-4493-b16f-602f51c37081",
|
|
|
|
"relationship--82ff9cc9-ae5c-47e2-b191-a7e2b9e933c4",
|
|
|
|
"relationship--79a47f91-a8f3-445c-8e55-19cb06e7c11c",
|
|
|
|
"relationship--0dc919d0-5032-49ac-bdc7-327735e293ee",
|
|
|
|
"relationship--1e7c7361-545b-4912-8883-80cb54de8425",
|
|
|
|
"relationship--2e675c20-b3ea-4334-9528-8d6e5d8dd6c8",
|
|
|
|
"relationship--006475ee-acbb-409c-926b-43234061dc97",
|
|
|
|
"relationship--797e59e9-a7db-4f02-b661-e90ff6d182cc",
|
|
|
|
"relationship--8b31456b-ea31-41fc-9bf3-9047098c78ea",
|
|
|
|
"relationship--757832a3-3e46-4519-8878-ef4607522296",
|
|
|
|
"relationship--df894017-9c10-407f-97ec-69dd4a3ab2ca",
|
|
|
|
"relationship--f8a1414b-df04-4426-bf69-917193a63b15",
|
|
|
|
"relationship--80427615-e4f2-455f-996c-e345c8471673",
|
|
|
|
"relationship--fca9efa9-cf66-4a01-a28e-04350b1b467f",
|
|
|
|
"relationship--53b5504f-4b69-4a6b-b1dc-952b8948958a",
|
|
|
|
"relationship--4a7a9ec3-288e-4db0-8f34-bdd732a6a402",
|
|
|
|
"relationship--1765bab9-a72a-4923-9baf-868586c851a9",
|
|
|
|
"relationship--32ec0939-6816-4912-b5ef-4d8b2abd354a",
|
|
|
|
"relationship--657cfa8e-fc84-4f30-8fee-b7e19c4faf53",
|
|
|
|
"relationship--8461f2ea-522a-4942-8a3f-2c0f463e7891",
|
|
|
|
"relationship--888b2883-5d6b-4221-b44f-2c95863c06a5",
|
|
|
|
"relationship--b7945768-dbda-4b8a-97c9-7de6cb0bfec5",
|
|
|
|
"relationship--61360dc5-f58f-4e9d-b9a7-519b3c506f94",
|
|
|
|
"relationship--c7710e5b-9f24-45e3-af7f-962799337384",
|
|
|
|
"relationship--a10fa365-d3e6-4496-a4d4-0b937a2021f1",
|
|
|
|
"relationship--26a41654-4826-4bb1-b34d-ba45adecf682",
|
|
|
|
"relationship--e7ba249a-18bc-4878-a55f-9fbf273fc8fc",
|
|
|
|
"relationship--3c0586b8-d168-4158-8120-d0e1bf585280",
|
|
|
|
"relationship--b518dd16-44fc-46bf-a5cd-60becbc47885",
|
|
|
|
"relationship--94cfc7d8-1605-48d3-820f-6fc7691f7f56",
|
|
|
|
"relationship--cb85769f-03a7-42ff-9e22-912cdac08d7b",
|
|
|
|
"relationship--40b7d182-7e00-4006-b401-1d638762bf8a",
|
|
|
|
"relationship--35584e5b-ae29-4978-9fd4-6a27614d9bb6",
|
|
|
|
"relationship--7f2a92d0-8224-4836-bdec-a950690e94b6",
|
|
|
|
"relationship--781dff88-aaa7-496d-b4c3-ce5e9c9eda72",
|
|
|
|
"relationship--794f8453-2ee1-48da-8503-108bcba0aea2",
|
|
|
|
"relationship--cc3c2c72-dd0d-4cbb-9f57-f7d462fac5e7",
|
|
|
|
"relationship--143f0cbe-cd14-4760-9d71-78d942251575",
|
|
|
|
"relationship--73243cf7-a0b8-4167-90f1-8934fb2ddc43",
|
|
|
|
"relationship--8495c4b0-799f-4587-b0cc-886d04957631",
|
|
|
|
"relationship--b9d37504-9f5b-47f3-a34a-3315cd38b9cc",
|
|
|
|
"relationship--2d60d128-a961-4881-b046-0985165e8cfb",
|
|
|
|
"relationship--7dcab6df-e317-4b97-b652-93b50483aec1",
|
|
|
|
"relationship--d4c0cba5-662a-439c-be7e-86b569182bc4",
|
|
|
|
"relationship--a3c8362d-ad32-4de8-8f69-987660a91c75",
|
|
|
|
"relationship--9e33066e-4276-48d9-97dd-a6d254ab098a",
|
|
|
|
"relationship--751e63bb-20ce-462f-993b-14701a64dfa1",
|
|
|
|
"relationship--5d6bd11e-b89a-4a27-9267-3594c436ea3f",
|
|
|
|
"relationship--20be7f29-c54b-431c-8120-f07ef2a73738",
|
|
|
|
"relationship--d565db99-b091-4c5c-8b83-b6dc5662ad6b",
|
|
|
|
"relationship--8ea3f316-72de-47c5-bd71-f62c9546df6c",
|
|
|
|
"relationship--60d26a85-b383-4520-977a-88f8d4962de4",
|
|
|
|
"relationship--bd88e1ef-db5a-4630-943a-51f9b8eb88d0",
|
|
|
|
"relationship--6b5f6ca1-f35f-4c2f-950b-c4584894f394"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"adversary:infrastructure-status=\"compromised\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\"",
|
|
|
|
"misp-galaxy:botnet=\"Mirai\"",
|
|
|
|
"misp-galaxy:tool=\"Mirai\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--dc82a7fa-cd22-468d-8810-2ed1f22ba2eb",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:18:19.000Z",
|
|
|
|
"modified": "2022-01-28T14:18:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://37.49.229.172/file']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2022-01-28T14:18:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--c3520808-4ace-4388-9940-1fb577023982",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:18:19.000Z",
|
|
|
|
"modified": "2022-01-28T14:18:19.000Z",
|
|
|
|
"pattern": "[url:value = 'https://teknowmuzical.top/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2022-01-28T14:18:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--7fe8013c-5cd2-4359-ae1b-ea7be7583973",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:18:19.000Z",
|
|
|
|
"modified": "2022-01-28T14:18:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://teknowmuzical.top/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2022-01-28T14:18:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--2a7f462b-5bf6-4ff7-a9f7-f9536c9e4982",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:18:19.000Z",
|
|
|
|
"modified": "2022-01-28T14:18:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://teknowmuzical.top/files.gz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2022-01-28T14:18:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--f0aba59e-f6bd-43ce-9fdc-06bffe6f47b0",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:18:19.000Z",
|
|
|
|
"modified": "2022-01-28T14:18:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://teknowmuzical.top/sfiles.gz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2022-01-28T14:18:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--bfc5825b-72f1-47a1-94e1-bb2b6147266b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:18:19.000Z",
|
|
|
|
"modified": "2022-01-28T14:18:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://37.49.229.172/i.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2022-01-28T14:18:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--14c643f9-c048-4601-b355-4101d32e721d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:37.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:37.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "NULL",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "90a2148c-d035-4a5a-afec-2792d14a413c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "0",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f7a95758-6d74-4a15-a956-b8ed6b08d329"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--6d288686-4691-4554-afdb-d06cbc07136b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:37.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:37.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".note.gnu.build-id",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a55010bf-6b0f-415f-921e-e97fecef4823"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "NOTE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c095fcfe-9cdd-4534-9584-fccfc63e28e2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2572358a-c67c-4e7a-8356-6d58c38a7136"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "36",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c9b4fd04-686c-4966-8eed-cc20f0c54b73"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "4.1360560861958",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7fd4bc6e-9a0b-46fa-bb65-6103ef68ad01"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "bf3ea22ac04c8eae8a62485d436c79b9",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "f4d1ec35-1111-4135-9c08-1df09bc2db1c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "ef08a0f6714663c35104ccbc1428f6ce198a2101",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d3725b7a-876e-4bd9-a8df-c72a09a232a1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "709e5cb7547e0b8cb200748b67058ace84f940095fc239d9c69d5774a8639f7a",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "4c20c5f5-545a-41be-a1b8-218f81fc30e4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "552272399253e57f8f84e1c17eb54cf29c38bae7d257ef7cc6702e2ad97431e7b8d561410ea75b7abf53e2a9a46cdd5db717249f390c62d6770668c0fb108f9c",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a00f5eab-a372-472d-b423-dca95f6c18c8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:ll/yly/s2rNn:io/Ln",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "0241c8bd-1b8a-4969-8ec9-d2830d743730"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--620c41d2-3464-44e1-9cc4-ac26810a471d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:37.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:37.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".note.ABI-tag",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b835b80f-d58c-4e46-8c1c-e9b7aef91704"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "NOTE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "458ba5ce-ab86-4509-a40a-5a086a6777fa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6b4d0d72-a42e-43cd-8a6e-6b79c3ecfa0d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "32",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ddb13072-a5f5-463a-ab3c-1af4ca2c2d27"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.5612781244591",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4dca6179-2ae3-4722-8afd-a5a2f3e61072"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "3ac31b2ebb8a59ed3542fd7de044fbeb",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "441492d6-68c7-4852-8e1b-46cb3695005e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "ff30407c37eea291004a26a28d988eeedd0ea449",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "094d2f92-99c6-4ee7-939e-5389eac97e67"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "6e48317ad93a8ac2dc04321465ede06d1274543fc8ab172e68171a9d684bb313",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "5c49bdf4-e33e-461d-a080-92aa3ff3d918"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "a4cbd38f6b8bf2cacbdc70c4db792e2a7d2159a36f84d41daec7164b1c435190667dfe16891cb6ef3339c0f0190bd43735b26794734ebe63a39f8694ae01aeb0",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "bdbce931-d90e-44ac-9862-04077fa0d9b2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:hlslqklllsl:wlqk",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "40659106-f8aa-4014-a371-6b5911bbc4cf"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--c2f0df16-1c9f-4aee-9bd0-c28f8e7dc46b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:37.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:37.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".rela.plt",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "985d6ea3-8631-4ce5-9fe7-2c77082e9096"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "RELA",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e445e261-59f4-48dd-8fdb-fa8bad437058"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "INFO_LINK",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "58fcbfd1-24e8-4d1c-929b-de2c3540ffc8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "bb7cce0c-090e-439a-a44a-760d6ea72323"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "720",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d2811aeb-e353-4810-a07d-057c5f365505"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.1805033054394",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9921f2b7-d67d-446f-9fc7-1036c469d635"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "9c55b12ecee452dfc4b21363c0f988e8",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6221fa09-6184-45ee-b055-23cb7d09a9a6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "a9b079210ea566585598ad0e97bc02c90741e657",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "24126647-df13-400c-8558-09c8cdfbc855"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "c63eea6064b2c14f0ccd7a2cb1ded9c0df7a3db79ce8f322fb2c9428476840d1",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d30aaa22-e1b5-4597-b923-5cd2e75b0a28"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "673a7cc843eb7b15a461d9b3990dab2586e44814e362f5e41a9a69db21f36625c4f9bd8e10db57f7d32cef4524b63486345545afe18cb710c5ac7d56df9b5c41",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2cb9db86-5063-4a8d-aba0-d80990965fd4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "12:zm01BgUqw8G0IKTXtJOOZVO26pGkw+XiZqm4J:zm01Bxqw83IKTXtJOOZVO26pGkweiZq3",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "bacfbcd4-b4d1-4a57-818d-c1de0ff23b76"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--7ae73141-0fe0-468b-a637-048283310d7c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:37.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:37.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".init",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c3486c39-8cd9-4a48-ae18-996fdd667788"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7ac7e518-3005-495f-8b32-f9466959eccc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9783586f-8f7a-4849-ba9f-c6419f2bf8f2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "EXECINSTR",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "813fc008-2243-4063-b373-080ffb62f8e8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "23",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b2be0944-a745-4f3f-af03-3ea6e9975910"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "3.5670402169266",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e448e3c3-f12d-4743-8fb0-ff62243494cc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "f04a7791ce8e0ac844b5836e22a70ef4",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "8e11a2b4-fe24-4603-b981-f896df19850d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "c6856938bdc9fcecb040e17b9c66931cdd56938a",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "b0715e62-869e-402c-8958-e9060bc145dc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "6435ea37bcfb4a907f6bbd90fc4846c2aa2ed0605eabd7dc43e3697401c95842",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "b55c31dd-c5c1-40ab-855b-60309519296b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "86b816440cb81f67209529f4b9e6b13c2848b07f80233515e909e551cfe7d643c31db1264cebd193b53d3dfd8a79c95aade026b4ae76de867f6a20f660098c89",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "82c58a51-7f79-46a6-9a90-badd192b21c6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:4QgRVhU:ngJU",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "35153863-6c19-4236-9ab5-5f08558810f3"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--605fb316-826f-4791-8595-462693a9c897",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:37.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:37.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".plt",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b88a680f-f22c-467f-b3d1-9f3480c02105"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c7972ff0-b52d-43fa-9366-ffcd1a73fd1f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ae8bb4ec-53f2-4127-8b86-362313009c1b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "EXECINSTR",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ee806079-7fd1-4c3e-93eb-c20060801525"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "240",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e0fcb054-2632-4b45-be23-a3509ec47bfb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "3",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c904503e-c1b5-4a5f-8427-cab5e838540d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "71b1324a418e99f531163b6bc2a9b45f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "415ddf61-f9e2-467a-b327-8c0599a655b9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "44abf51c6235774f8fcab452157b975526b5fdf1",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ea227c98-bbf1-4888-9fbc-d4ff34210c95"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "85dfb9afda74c54f07857c16630c80d22bf27869242b2e70e69e8e0a30ca2f06",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "9a83c356-89bd-4ece-bc1d-4afaa2a7ea9b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "eecdd17c872ab7a8daa2f962de564462518908b5adbdd1ad7dfb08ad90b6b6cf85de196176c97eb12e79bb60806b8ad79bfcc1f3d13e7289dc44618a7607b11e",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6dc6db42-4baa-4a33-8f25-b099b21e74e2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:LfKP0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0Ln:r/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "61254583-a3b2-49e9-bdd9-c3be2893d0cf"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--d89db1f3-12a7-406c-b60a-407b435ff6f9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:37.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:37.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".text",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "cbc64792-3e6b-4e05-95ed-b6a6072249a9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9285265f-cf17-4472-bda3-0ba22c7375ef"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "662c5969-efa4-4830-9c6b-3d88de93ab6b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "EXECINSTR",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e72464d4-e794-4acb-89a7-9b0293c84f1b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "751920",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "00ebc3ca-1e45-4df3-9796-0ff3791f4498"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "6.4136158596844",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "105175fa-1123-4a33-b923-0db5d31e9158"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "13632ccc865f0dcc9e7feeefc846937c",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "55fd9542-57d6-4a1d-a014-4f5b4aa819d3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "bcfdbe37f0c1fe09965ed0167dd6e54bb300edf9",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "89808b70-c367-45e2-aecb-5f06aad9214b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "c56a5bd81d3b5c6b297a779215ddf3e61ad8c7821931379c4d8dbdb27cfc9718",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "3b1d3eea-1b01-4558-8259-61917ef27b64"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "7e98a788963643730ee30a11c1cacf14118453badb7758d9cc3ada72408775ab61a573284e3f770ae7ee20f8e91ed331aad49df4f7cf33af16e07c5605862d71",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "584d7cd7-8589-4277-b507-d90a4a108302"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "12288:NUkkhE6pENVm/jwzAtRfYjz09InxIkLkBk:Gkm/jwzAt5koInxIm",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "65588906-fa3a-40c8-869a-a0cf7afeaa6c"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5b967d2c-daa7-457a-892e-e6eb46927b02",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:38.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:38.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": "__libc_freeres_fn",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e7f8ffcd-1538-4a0e-b5bc-05a0f2c1198b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "15be0061-d1cd-4331-875f-09db7db3900b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "081bd3aa-49d6-45d1-9f4b-67aa9f53e143"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "EXECINSTR",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5b49bab9-64fa-4e17-8ee7-3bcaf3063a91"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "2920",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "1c6ff20a-e0d9-4530-8c17-eace550df05c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "6.0319278491528",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4b57977f-d22a-46d4-8b8c-6fa37c5a7c27"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "f00fa594145d046eb63deb1480a06ad5",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "7262268a-0d3f-4e45-9842-e017faa05a4e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "8d4895ab5aee8b98edc300fc8a1efabe6fee7f3d",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6d5c8efb-2495-4094-8eae-fb460b750e58"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "e65d50cd4e3d5b752b13dfd83cf247ef2375e072b2a478cf8c2b724984152c87",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "61aa978a-fc07-4de2-9ca2-3a2f73fe1711"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "38ae36d8907ba3c03707f6ae76cc64527616033f522bd3c51fc078f5a3084eb02f3dbd3237cbdd82814ed53cf19bcb6d1f3821a2d5640ca71987fecf133179a0",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "e43a62ab-df62-473d-a5b9-1b2d822e4850"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "48:B9NQtAzX2ebokMynB2WrkBRA9f4AWMzWc5f64QeobI6wfU11KDpNZb6t1:BPLXtlMoqpCpobI6w8PKNNZba",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "886866ea-a0c9-4905-a0d3-02949ac703d9"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--b96b81c1-c42b-4b21-b55e-ae110dcef254",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:38.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:38.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".fini",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3981397e-ceb5-465e-938e-6ec5547200b2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5d43e89c-e36a-4810-83d5-da4873cb1da8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a89a4137-a77e-41ec-a708-f437a91b4922"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "EXECINSTR",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d0426e70-79e4-4ec8-924f-354463d7b71a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "9",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "79e63404-0d07-4061-83d9-8ba2b0d9acf8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.5032583347756",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6ab42e5e-410c-4740-af58-84e2e99692f8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "c0ebd410fb9cd5628270064c1ed937ed",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "f823b76b-a897-4f06-b39b-2a217295b5fe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "fa7de3c1bbc31c0cfd7a16048b53b1bce8d2c590",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "703201e7-4b99-4902-b102-342d627d2e53"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "66e6f54550612182b4ad78f30b140dd08318b968db3878de2db65fef87dc04d7",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "18fb9c22-fc49-4bd8-8923-dcb3e7494f1d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "4852df44be27a842795bdc6d623c510b381f027399198ec6d481d90f29dbd6c5a3721460086e1080bb53b9fb5cf852e710f97f1dd4912ad61711150979c9e715",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "36a32145-de3a-43a2-9a2e-104853c45e88"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:4Ui:ji",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "05e4102a-ef2e-41f9-a152-7d26a2c11193"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--37324a84-f710-4d2b-b579-037be8400fd8",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:38.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:38.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".rodata",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5865ae55-592d-4f0e-b4dd-3a8072cfc9c0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b3b171ab-247d-44c9-be57-c7fcc906260a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "74fb3ae4-f093-4c77-b339-620287e0a7bf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "131044",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "84271f38-df77-49c7-a996-be3c486151c1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "5.1104698168094",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7c620605-4e9e-4a76-9936-3215589c3f4a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "15e1a1b46c00913f46ae743a75af34a4",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "07a7e22d-5093-4190-9ac8-6278c47bb7c0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "48433bca2f819da39ea903f95f9d654981c85964",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "fc1ec5e7-4198-4f1d-9420-e25288a0dee4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "fcf2c653d4fb226e561d4e7916a60f4bfb10c0ec83cccbb410e8b206f122dca9",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "e82b593e-f8e5-4b74-9229-e1d3bf6a06d7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "c692588d5e8f2a762d5dad71c12650fc977c16105346f0389e5a4dd417b3379eed558586bee9556a6a7a7284b7a99d1ca5d2a11eb7eae168ab844672c4b1d571",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "5175174f-1cc7-459a-bdcb-1ad0cc29d5f0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "1536:3G5NAhVTxV3T9yyA5Gt057Q42YNzmp1Zuw/QDxHniA1jgMRmzW:iNydyyAEt05d2Y1G1inKMUS",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "0280929c-17a5-40b4-9adc-cecce1949ae1"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--9ef9d811-89d5-4acb-bdd3-8ceff6f2e3f1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:38.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:38.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".eh_frame",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e41a07c8-b25b-4016-b69e-dd5b731b7ac0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5d1623d5-4aba-4d5c-b208-5a9be347b206"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7418890c-5c4b-4fdb-9a78-8764bd2e1e71"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "54204",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "bc7dee46-3a1c-44a1-bca7-d35092f89e6a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "5.1471546712778",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5057ab77-12c7-4da4-ba6e-b7d1f5fba658"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "8c4e86ad4302734d629a3b7f84b02811",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "8eca9549-291f-45f6-93e5-a382eaac73dd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "b29345eae0424ef48d378c1f9a18c2e646f88de4",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "0a7c3bce-74f7-421b-bd62-6ce5436a7a05"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "fb3eed8684e3558e4f1ebc2c93be55ebdb946d30bc40a1798764372d42763fc0",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "06fc0dda-18cf-4eab-a8dd-0e0d083a42ff"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "7560e76d416de1ce7543eb0f65f5c00414c642af401e3d8614dffe934681c71966a1afaf5849053530c198f039491b15015da80b781303198bc4433af708d1c9",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "9c26f9a9-a3b5-422a-96be-6aba5b8802c4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "768:SFg9H3xSafgh+5sfYMn8BXy/jbCYY0Y6y:SFgB3LafDKybbXrB",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "87e4cb09-6bc9-49be-8c2b-90cccf95f4f5"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--2b76c945-728a-4b11-bcae-4ca9dcfc9b1d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:38.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:38.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".gcc_except_table",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c172122e-bc7a-48f7-93a5-5f99b27e8428"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "56a646cc-9e87-4a7e-b5e9-5f241b928fec"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8913d328-71bd-41f5-ae7d-1e740b9b60cc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "265",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "222f6b0a-6401-46ab-8d83-a0827a0f74c4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "4.2159746268458",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5d16b5c1-54db-47dd-af62-f0e597f1b67b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "07cbd76f4ce2496fb561f1355549bd39",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ca00295c-0bf9-4901-882a-0c98b0f02441"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "41bb3fe74080c09fd7213d78fd7a8d9c50a65ba9",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1a837fae-8917-40d4-bd1d-d54fc5e67347"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "596d5221ea646330c9284c4e867b834b7caea738857f00c9e92cdd0e94a2b257",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "149f6d5d-51fd-4a55-9aac-1008c234a531"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "89ca53c18286733eff4017a9e05a5cc2439ee213d538a867ef3a8005d64ca6ed877ec4e2ac8b037574baf0db40a7c71a1a324ed9e3b50f3c38360d301df6a720",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "b53edf24-0e58-4f26-ba66-8e7728fa1a77"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "6:zM4fH9rsHMER3D07sHFNZNa5tkNm+H5fk0pP7vHg:IuZss4RlNZIqLBpzg",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a1efc4ac-e7d8-41e6-ba85-7d9fb775bc3d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--2c752589-0653-4e0e-a6ee-0041b4454897",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:38.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:38.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".tdata",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "0724c04c-c2fa-468e-aed1-43b43694c3fb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "684cc67c-7eb3-4ad8-9886-909a6595596c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "TLS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "782998f7-25cc-4b43-8028-a883ff138702"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7c6b9f93-6660-4f39-9c00-6d64690575b1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "35a4756a-d991-4f51-bad0-775ae9b0f35e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "32",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "46da471a-c344-4f08-b204-4ee74e6fda04"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.6564514568588",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7dd7c503-c68c-441c-aa1b-2ea8d95f6282"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "d8445c6ea509a0cf49285586b5e798d3",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "343dc32c-690f-458e-a6a7-6d45a3ce8420"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "9d20affdfec75adee4bbf4f387628a4aa47d6917",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "90255a6b-a478-4a71-b194-c9fa681cfb9c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "8e92fc27dffc21dd34904958c7b11d51bf0c511259a04bcfbc9aa21c05c2f423",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "de15f6e2-1a38-4677-8d1d-be114a71cda7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "9153389116697477be8c100dcbbea350b486f5bf869837f05861fdd6b7506b26cc9c516b9de06ed19e0254ceec318d7d2ee2dfcb4e1025bd6cb526a074d7b6b4",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "78c17990-8db6-476a-8e3f-e996ded773a9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:hlFTlNjlltl8//n:S",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "75fb5334-3838-4948-afc2-0c97e1ec2ac9"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--e3b993ab-3058-409e-81c8-efc495bfddaa",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:38.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:38.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".tbss",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8318f28d-3dff-4bea-a647-f6a5b9325d0f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "NOBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e53d4b2c-53c5-4150-8883-593ddd18b4b8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "TLS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "0668fc08-9689-43b7-8eaa-04188eea20d4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "daf2b0aa-9bef-4471-9a3f-090fade3ae05"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9540445b-3c8f-4551-909c-fe5651464ca4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "88",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ef312f1c-9762-4c8a-956f-b15bf65d0dbe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.1027882315262",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "967360ef-57d7-4d74-af80-9bfde7d4b491"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "07310210869280f3b8d93637b67fec13",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "732afc57-d829-4655-8e68-c6d3121d1a34"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "9a21a82ee47d2744a5ef3b622a60d48d6a3ea8a3",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "700ac0cf-15e8-4d65-86f6-ed8eda2937c5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "549004bb6535c38518491cf2d132bc07306edf56e62ee50dfee46a60661404eb",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "168a3c5d-7c54-44d2-a731-9c963e7e7bbc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "0f5666d1a3476d57d0e8b97602acee9943d00446785868da9b470f441574ad88d29adb314fe8c1c65f0efeee2dfe7d26818342d73bdd7c1d62457d993b81163f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "381da935-fc51-4c9a-94dd-b8061471ec56"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:ZllNHllt15Hlll/n/lIwerl6lllsXlZ/l:6x6/W1T",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "f9d345c6-ee89-4e14-b1e2-41cda497185d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--1893302e-a4f7-4e28-a8d0-7556e6567756",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:39.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".init_array",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b7131be8-c61e-47fa-b104-ddd4ee74875a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "INIT_ARRAY",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "48087942-6d4c-4e69-9915-fd611ee8e438"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "72ef85f0-2774-4d0f-85cc-810fb104af10"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "516137fb-fc57-4542-861c-da9a77f26b57"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "16",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f67cf431-6bf3-41c5-a30a-9f3f4a65d1c5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.7987949406954",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e280517a-90f2-4b35-90d6-8e31cf2b060a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "f4f6ed406a4341622b421a3324a0a026",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "fa5cf51d-e273-4b67-952e-cdc2fa0d5978"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "d13126772e6c15aa390a6f9be53ac912653d1eac",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d0eb25a4-587c-450e-a302-f5dc68cf89de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "92d74ac19135504c8094828fb379927613e0d6b277636e0b2a8151ceb8b6bc6d",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c2103dde-13f4-4cd9-9ebb-84d533d80658"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "9bc8206330bba2adcc4cc598dfcf5d0d557cb37efbc66368f9c2de19aaf0554c6cc4cd678404d0bcf2498bb23e7c218e97ccc246d0f126a622205e28c2641ff7",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "f1a3ef79-329a-4c92-9115-f873f7cd7919"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:ZllNHlltn:h",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "eafe9abc-ed12-48ed-bd9b-a13a8e7a0e97"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--dad3f610-d76c-4361-bb4d-41781cad97fd",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:39.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".fini_array",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "53eebd03-f3b5-4918-9689-726ebc417326"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "FINI_ARRAY",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6974c76e-2eb7-454f-9978-99355f7bb109"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b30104f4-3519-4003-8a5a-05dd2898870a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2eac4c29-cb82-4d21-81b9-6b5b0de59d37"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "16",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "fcb8357c-ed13-4981-b95e-791688d77410"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.7987949406954",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ccaeee12-5402-40e1-b802-807ad12ecf09"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "7f55249ca89e16bbd67cd2212c30887b",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "b655e66c-ad0e-43ee-b9b0-2e622820f0c3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "35c8f139b12692703a6a7335fe6d2665d8279d35",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a7c828f9-6a9a-4ffc-9111-394b88847189"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "14e4a7583adbec3dea25604af97108567213271b44ba0728901dfb1b7fe69d44",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2238657a-1d7b-4a77-bf73-b8b12dc026c6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "f3736cde4c1187e5845bc1a937becfc68e31af62f212f06eb030275be82bdcb983c76cf0856189be384afefd63770bfb4e7e96f316fac87b15714db993182bf2",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "43d07c1d-96c0-4985-b63c-8e27a47e2c14"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:rHlll/n:h",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "841b8c69-5f41-418f-a97e-f8d14fcd6bdb"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0af6fe82-6f45-40e0-b0f3-2168a9043770",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:39.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".data.rel.ro",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "abc9fa0a-8cac-4f4c-a595-e81f7b412b10"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "34267fa5-8b9b-4d24-acda-d05487ef83b5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "44acb11d-6537-4cb0-8058-5d3f489baaea"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4e05ac1c-4091-472e-a5c8-bee57f1bfa88"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "11860",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5d94c89c-1de5-457b-98b2-f8b3a31f3928"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.582065799178",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "72b8e1f6-ecd8-45fe-b519-dd0f8481bb55"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "01ab2a7845109b20c8c13f7ac0d613bd",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "0a2126ae-6ea3-4ddd-a923-3bd1aa79e1fa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "f8500332f082a6ad3f5062b957e1045599e94b35",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1c640a7f-51f6-49d2-b135-db9c0fcca9ff"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "e8e6f19f4d67b220cb12f0c57d6df68a621586b268ef3851fa4330f425389c72",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "b9fe7fa7-1ffe-4865-9b54-b5277b7d6b1f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "14faee8f42246cdf660db6a97836fec8c20ee294d6cab6d59a24db8439a367f9d35eca9bef171c0d4aae335cafb31fa7ac2020c4ccffcba163a3a8bc19bfedcb",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1822ef5e-8490-4180-bf3f-70a2daf89b2f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "192:1aQKFKKKKKhZpxRKKKKK2kkkkHIEKKKKKKKKK3KKK5KKTMaKK4QKK3cskMv326Lm:1dKFKKKKKhbHKKKKKijKKKKKKKKK3KKR",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "69186b84-8334-4f23-ae23-8d9aa3d2f73a"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--d29a7e9e-d334-4ca9-8d95-1f25cf320b85",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:39.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".got",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "593b964a-c0bb-4b5a-a98f-83d81e796cae"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3701ae22-0cd6-4471-bfc0-5ea15618df24"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3a5fde3b-bdad-473c-8a75-6abe6f69b6c3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2f1ce981-e93c-419f-ac7d-9cf2413dac4c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "256",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "912452b7-0355-43c5-8754-eda65e7bfa69"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "0.51360896470411",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "69637cd0-0892-437d-9721-cbec8130cd91"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "1c8c84187d23ee1c8d68f8417b278aca",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "66b0c9b1-0203-4ceb-aa28-e8dbd6981dfb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "1bfad37f81b5d6d301446eb49a8deecc23830e97",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1b3d5487-42a2-42d5-ba6a-b7645568b3ae"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "1083d59035c57d50e538c7b411d1530dee4a6a547a7ac6fc7f4f20174ac0aa47",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "5e691194-3570-41ff-be83-6d7532122600"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "90c1f9e036cf299ca17a79fbd4d7584ca6f4c7489ad4f095d8ddbcb6768f0efadb5c865a47985401d6a9e4606d8d1be73351fbed273cb659463ec79d9e8d0323",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6b05a4ac-6ccf-4e55-bc00-6c131299f9c0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:flvlE/ltE//lvlvlzl:0/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2a4000b3-fe22-40fd-85d9-05e7ce5a79c3"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--eda4b8fa-1906-4263-b685-77c79b9a494b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:39.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".got.plt",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "62796316-a26c-4bda-91b2-dcc463b32228"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c4af0b07-21a7-46ba-b3f6-db267f21f5f3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7fff93af-ef81-4213-a4fa-4af17dd3924a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "13156f16-1b42-4388-b5cb-165b838db2c6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "264",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "14f3295f-16be-4d0c-8096-4a8d83a5eee8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.0475746685833",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3ffabbe0-3bb2-4e40-b50b-530cab96f39d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "3008c9c186720b10ea47fd550a93ab56",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ccbb4c0c-c4c6-49bf-a6c3-48411ee4c5d0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "87ff3f0af51fc81afb013c38d9aa5f19921d079a",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "0e27d112-1f2a-434d-9828-7c1c48cd2a33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "e98f9daa553e024fafbcc340c585b4d4552d2af4ea8e5233b38806e4ecc87ca3",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2ec00033-dce6-4890-86f3-c21ab75b011f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "2d3533d887d56bf7ed77df225eb00e22c085102c5045a2340fd4fb400e50bb27a6427821644e635cfcbfe2d84ddbbafdda248c31a22d62e27298a3e52103774d",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1539889a-abd9-40a4-9e5d-8928f1f650b1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:7xvB9/lJHpvp9/lxHBvx9/lZH5vZ9/lBHRvh9tpHlzvJ9tRHlbvR9t5Hljv59thi:Sl",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "133256d0-9721-4c46-9132-6496c22a36c6"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--3cf774f3-432c-4dab-b9a9-5ee8a5c7bf02",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:39.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".data",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "17e3df87-4eaf-41c5-891c-c8c899708d83"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "04e55fb7-a835-4a51-8b74-c5868a4c7aa2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9f7f961b-38a6-4c00-a6d2-c18b5a0243eb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "73020693-0a1c-47b8-a34e-af2bd56d436d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "7024",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d217f0e5-59dc-4fac-8e7e-c7570a4a8c72"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.0430913631884",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "cc9429fa-5b8c-44a5-b7ed-2c609beaa283"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "4c71995c363a73a808d51ba6952987eb",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1fba48e8-7408-4c5c-b96b-f2fb52d0143e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "182672579f020a410958b0a60b2bbb7a22899c70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a0a36815-da5d-4e1f-bfde-4d951ba3e438"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "88d32e252213dda69d8ea169fcc70e05b7e43dc898a8ef5cffa2e0bbd66ccfc5",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ef823879-f898-41b8-8607-56bb5b89636a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "6b02e688a0cf960626d1a1ef65618359ba997e153bd1b965ded96b0783ad0dcd957c8bfac6510b6e54e5e5dd99350c8da5ba44b452be6992f451a8000079b9c7",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c188667d-3543-475f-8149-12dc411f5e11"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "12:71+HybSvOH/Yruu8L0WVXsVa+y/HqYWx4ozKjKVCfak1iqE548/X0XaEwHfk1oHH:KLuLRQV47WVCfAOyvmY/mtytmE",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "9e6f261b-4160-4aaf-b945-40ce9d3593b8"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--3cc99722-ce57-4202-be55-fb8b973c88f3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:39.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": "__libc_subfreeres",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "bcf9db11-6786-4549-b3c1-8591f9b9ce34"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "476d7803-42f7-4813-b439-c8f6036faf8b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "38a44998-0e99-4fdb-ade2-f5025e09356e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "0df02b4b-9403-4f6b-8c7e-5dc77c9a00b5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "88",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d3205f99-653e-42c6-afb8-1f5c94f36707"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.268710941921",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c1881653-71dc-4100-bc6a-e166896f7189"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "1bd9d95b91e889015d43a1fae7afb599",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d9b9ac14-20f8-4bae-9fa7-07d275621d90"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "75d66019e66e2aec613630d5da16a3710d2dd4f6",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "77e101c5-3295-4703-99be-f809abb9cff6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "a0170dbd1427eb901b50ebdcfbad77699aee60229fa233e0f68ca994f657dcec",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2bb4c8c4-2c07-4266-bf2b-720999ec56f8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "89fe13f13a7cf3756334b5e2a98b321a6fe461d8a2214f3ab16a71ca82e8053cffb7ceb56d77b984c2a922b552a1ed52c2fa4d8a15a947a1bc7d6768c9a92153",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "13346bbd-4fc7-494f-8a2e-2506dfcd95b4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:kX44jK/C/i/2l8lu/Ft/n:kXjZ0u/3/n",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "9e4cf3e9-ee2f-483a-a70a-ce85e3306efc"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--083c2484-551f-41ce-ad0e-5dc89744fdd6",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:40.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": "__libc_IO_vtables",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "fc398b1e-0d5d-4607-bd21-f2476ccc6c9b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9da0481f-e72c-46bd-984c-c1a819cc0d1c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "abef6cb7-02c8-4a57-8410-0bb55fb4374a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3c87759a-27d9-4258-acfb-638503f5b512"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "2280",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "539d21bd-9270-4993-9d54-1736413d916e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.2294976354887",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a01372a6-f3ad-446a-97b2-59ec605e66f6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "ed1d48ef4103b6afcab39d66e62ef738",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "cdac9cad-7096-4ece-9a1a-56bc12394b8f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "8af062dde822380f0be1cdfbea4de73c24d2f76c",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "10a75293-1f2f-49cc-bbc6-ff48baa055c8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "35c8c325bee01068b3708d272f8d15a202b74b3f02019238fbc4d04ade1eff7e",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "f26b7fd4-fbad-4aef-8547-3b24f48b3fd4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "5fdb768539ca49508187fc019589a13cdc17daea06ded6ee7f948d2a3cf3dc36c38dcbd2f80849b61ed4398f449774410559694b7aa980ad25c3fb4e0eccfd9c",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c59e42ab-67d8-48ab-9074-4637869cdeb1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "24:mO28ThsyHcsyMpsyfcqhsLvosw5sGothh7dCG:u8Th3c8pkqhQvof5ethh70G",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "f687391b-1251-4215-84a5-951b9ee5f8a8"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--9ddc2aa3-59cd-4611-829d-6b0f9f82b99c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:40.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": "__libc_atexit",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "72f55adc-7ad9-4e41-b2db-bb20a1a8195f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ce9e2c11-b9dd-4c73-ad3f-05e74cd7cdee"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "0890ad50-a09b-44b6-af56-1ed776c5cd5a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "77195161-58a1-4e9d-a9ab-3d11d91eef37"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "8",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e6520602-6a08-45c6-a745-377df6acb8e5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.5487949406954",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d4d9a752-736f-4136-aa04-b198ec152996"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "7153176250fb8d700ef6473ea4ceaa30",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "fc2ad888-d8bd-48db-9c1b-0eb06d7dd670"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "2c8835a16b5f3b197e689ec77009511ca45fe7ec",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6572841d-87de-40fd-94c1-8ce43c32283f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "d76d1afcca1bd77506c5746a7790d6451f008fa563d0856b7904100b4bea4c41",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c18b446e-9850-4a01-9ce7-62c78b2037aa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "f762990995d926eb6276446d27c9c4fd454cd8fa69ad1f9308a39c20ab43b597ac6d7c24ed6f47180d7ed5e782e7fba56c4228e41232a273a71946cdd33b4f14",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "4312770f-3f88-4668-8bbe-9b62254ae272"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:4n:4",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "456de831-f310-4a34-b79c-7d40c01e6049"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--f58ab9c8-011c-478a-af44-61d68d02930a",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:40.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".bss",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "39dad15e-88ea-4e37-9521-8fc4a730e583"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "NOBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a7d011df-bc61-4bea-9b8f-5d0879c229a1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "932eb055-7c38-41fc-830b-b0a18e0c034e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "dcf06998-9a85-4a00-af76-b1862ccc2666"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "25856",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8e3864c6-cdbb-40c0-aecc-182bc1b67515"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "4.9527559123953",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a02bca27-2983-413e-950b-373dcb212f23"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "5fb32084f0356363c02c7f7b2fb0b500",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c4f711d2-9735-42f7-a11a-c490b2f98008"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "37db4047466a9f3af6ac23bdbd026e391621a519",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "00c6421b-67b0-4bf2-a3e0-5477b3a0eea9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "a6edb30315a56060cc170dda408099d2b915109932ceb78497b4724b4d67297c",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d43574f8-c208-46b5-98ca-03e28e103411"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "996b70e518cf54026a8aa8fe7302b21aaf785d5a0cc72249ef1a874b3509e92e45e29178a296f970c114b579570a14cdd7ab2438488f5a689ff1439114ae3ed0",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "0747c47e-ef46-4037-b1a5-bf2585b46082"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "384:VD6bSde+8gH08xxhinYcLEnkKkDLsyfJxG0f5cJj/1uBxc4OgHE:pCQxrOwkNsoxG0BaQBxc5",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ec687187-b78e-4ed0-b6ce-836412e43323"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--3d1434a9-7510-4777-9bf3-d9ddeebf09c2",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:40.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": "__libc_freeres_ptrs",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "971404ad-243e-4104-8db6-7d883d79d4bb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "NOBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "030743c2-2410-43f8-95db-0d4f9a1ab1d1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "702b6143-c905-4b5c-9fcd-855977041837"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "537d4fd9-dde2-49de-b5f2-8226d0fc5187"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "48",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b4811a5d-0d38-45b3-a000-897269f474e8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "3.892022398037",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "948d842c-2736-494b-912d-c6f474c8c8f3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "301cc0554eb03808eb0705bb65b19541",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "03d52093-ded8-4269-be41-779f87d6ba47"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "de36384981283a3537c5a2ef3a7fe3612e2da9a4",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d5058fa1-2e01-4711-a926-ab5088f592fc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "5e19d3b85d4510334a65729801a7e198041b513624804eadfe86bb77aa202ff0",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "8e3f17e8-1928-4c09-9981-168e856f0e9a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "661769b327528b01cb420638171726eb058505468e10c6c3e911fb07d76d89dd19f5dd035c49e1ba870aa25f9cd762a72bc98292f6457c4696815b4a1009aace",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a097a70c-7e15-469a-9f73-c597d01a36c9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:cfwFLFUhbUITMaLbUFmBLl:3FLAx3McR",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "817f8c36-d941-4080-b02b-5f714ed9fcb6"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--f705c834-81fb-47f4-8938-85072ade512c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:40.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".comment",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "dd44d3b0-4663-414d-956f-5d5b681e0965"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8dd69618-4a0d-4aac-bab9-567973fe777b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "MERGE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "360addb2-f139-497f-93ad-2c2220278ba2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "STRINGS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "25e69c11-2ebd-40c7-9e80-88ccc3d8487b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "39",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2c80b9fb-1af6-41e3-ba4d-df33ed33513d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "3.8171682463279",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2c21d2dd-229a-4222-99ec-23cdb687909e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "060ee9719872cacdcfc1d1d7d62630cd",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "17d6ba45-dc8e-4ad1-94be-2ec3b9232980"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "31dde06263e9efd9c38263e97ecf973572a14dd8",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "e84c0ace-3435-41a0-b354-08294e826c8c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "b0b5eb242adf04205862f7138af0b804dae204bde28316e127beb1b56c0f44d3",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "7e089697-f9f6-480c-8303-81e1bd168cca"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "7b2b6b7fa80f3d123512f63c15fa977eb74eff09969e021c501f2f8118c14d891586d925bcb92e449db6b3d00f5a8be0061684c6bfec4a279d56562b6948bf9e",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1837ada3-784e-44b4-a979-006985608b09"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:cfwFLFUhbUITMaLbUFmBl:3FLAx3Mcl",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "587dd955-24ca-4dcd-bcfa-3e65be3a48a3"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--34066ab4-0ce1-4d8d-ac87-937d1668d164",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:40.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".debug_aranges",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "814e3af4-c8b3-43e1-b675-64f26d2eeab2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "574a9f7a-e2af-4ba5-9119-77c8abd86db7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "592",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "07eb24e1-13c6-4c0a-a8f1-929c65b41365"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.7642294641781",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "10de5caa-f8e1-46e3-92c6-71536d69acb9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "b98f825a216283649d9b26adf2dffaab",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c200c723-7bdf-4ae5-9b08-2e2a3b316672"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "0c33651ddc6a2b31bd56006c76ec754c0588942c",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "54cfa785-b009-4941-8197-6bf25f0e2f35"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "ae2a57fe0e5d499db40eceecea2b57b757ce10a175dc8f87cbc514b584939a44",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "8a39dcf3-ba26-4357-a18c-0a17b847e201"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "0b9458da56eeb15b37962240cddc1c85e7f4719c125bb83ae6202df1a925a9949b5a942f711a864303854c24c4c907b5442244631ba1c021223a6811d8daf44f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "4fa32b4e-795f-438f-97e4-bf35ff357519"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:xlttlxllhlXLlRlUlllsz/txlm/X/iX3kplplrXtplllP6RsfR/dlBsNlXvLla/Q:O/WMp/SUl/d/YeFFX0f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "738aa6e3-08d1-4173-902f-3eb6d2c94a90"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--89bebe98-9e8c-4987-9ade-80f48c2086aa",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:40.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".debug_info",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b5b618b5-12ab-487d-ba59-bd30cebc97a3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "911abf9e-8c3d-4add-920f-9e689da37339"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "36952",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d3fe73e1-6b61-47d2-9fe5-d6e11c8bcdee"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "5.0500197744229",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "cff4d731-b6b2-4c61-8ad5-b0ee2dc544a8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "045fbe4bd619e48f21f0cfcaf57b9e15",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ed6d27c9-54dd-420c-9dcd-868800645e1d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "74860dd59db5f595449a706d87cad0c5e37b98b7",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "10448e3a-9022-4bd4-9a0f-7434765060f3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "ed723a7bcc1d67a2383a6daccb169fd11a77a2082e4fafded8fd5354340ee7cd",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "7758b3e6-e859-4ae5-a472-e900ddae02f2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "508ba3f6332338a8644dddece3d97cc96ecf2df077781840c1a92e588eb27fdf9da1a0e36067526f75379a546535808593ed859ce3b695f74baf64d47aaf1454",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ff875437-1a7c-4ee4-a9ee-555819d6f019"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "768:6CQxrOwkNsoxG0BaQBxcp3s7j6TagmDf7Mm2IFm:6ppOPNDDBxtfDf7b2IFm",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "10b56cd3-2cf3-4667-b4c8-43ec60fb6688"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--142feb3d-6177-4bc7-9716-f7dfed0d65be",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:41.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:41.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".debug_abbrev",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "077ee007-9679-43ca-a7b9-32c8a58d87fd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c42106fb-6b7d-4814-91e6-3d0464b2785e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "7226",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e9c015e5-8be7-47cc-a14c-81619f1d3711"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "4.8066037375965",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a6308ea2-f275-40d6-a048-67b156f40616"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "5d00ec694ac2134234c8bc7467578dbf",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1c9872d4-5779-43fc-8cdf-2464513e8e5e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "c5a863fe1dde9cd0d8e9eeff732e2ce44da5d57f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "29aec7ef-886c-4d83-a3c9-94c15513ee1e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "4ac1ddcde0ddc657785a41acbf30ab2becc1ca9798c6020285a644be9c2414a5",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6963b7f0-bdda-40ba-8395-c1535885a6bb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "840312df1852fa7af72d282db2666bbd9e896fde09d6711146274872c587c1f7d3b86e7c00212d68a556e44e775492bd4bfe63351bc19d7206ece04709506cc3",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "b2769571-4a34-497c-82e6-ebb279d22448"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "192:Jlf9eNOHMASpEbN9thLYs/HcmE9tau/isU+1N1glf5K38a85EZmsZj+DopVNCClw:JlOvST9PcklxFZE8GbK",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6393472d-f3e9-4b46-8395-0dc93f57afe0"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--159d2cc9-3205-4a2d-8aa3-5efa0389395e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:41.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:41.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".debug_line",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "1252aa5c-ef31-43d6-8a1a-4682fdbe4077"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a0f13210-6581-460a-85c1-55a5e9f6db8d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "18273",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7f48d070-c184-4039-89b2-8b2fe21151f0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "5.50868915771",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b393fea4-f3c7-49cb-86a3-3b13e571b044"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "42239062c8f83996d972d4f2a774aeaf",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "e0cccf9c-79e2-46d4-b4f4-6b25c1998537"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "d5699ba3a7bf79d5274757ec1c7b4c6a029c3833",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "cac74480-bd71-472c-b89c-2b6399ad007b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "f152dfc267191bb3ff64806412541af38c083eec6ab7a91a0d214ef8c0af6ad6",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1e9eb0eb-ffc7-4980-89ba-16572e5b9d6a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "b3d14782c2794020d1e19ce1d263971c90e06afc20b2f0442afbb3639cf0f9fe6cf4a6c39c3744e5f1980092588fa2849d9aa179e1dde6643597a76fb00d0d7e",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c8db20c9-65c7-482c-a4d0-f7ffec7d8a0d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "384:T1KBLtqwww+o+wAY1ZfjmoElYdo3rWdKd9umqDAroqnIe:Zwswww+o2Y7JwYd8CAnuFErDnx",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "28897f6a-30c6-4d97-bb93-996cfd291da1"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--544a4239-ca3b-4d41-8e55-da5a0c40f195",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:41.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:41.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".debug_str",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ac781ebb-1eed-444a-956f-65f56087402e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2b733ff7-2267-4811-89fd-8b9299a95ce7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "MERGE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4a7df149-b536-47ab-9067-e903bbf7657d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "STRINGS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ecb2502b-22b7-45ae-880a-42315fbc4ae9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "8151",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ea1cefd0-83db-443c-9ded-307bcaa280f6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "5.1679424031838",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "06bc4f69-964a-4115-aab4-644be37d6f4c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "4f6ed43c0bc1d482aa562f3517fc5893",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ee49dd5c-81aa-4828-83ac-acc312ffce31"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "db6795da93c7ec68d3b40d74c6763270fb3c8490",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2df6f186-0678-443b-b18d-bd13e0bee7aa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "c780118a92c61e5a72063b2faeb0f0367dc1a654cae01072f5c8c9c71ef96287",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "db55d510-68e4-48de-bca3-eeb17cd81b44"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "528cf96cce18a2311836ff31dc4e00a73bdf3c908dcc12a0a8f36b6fe281f144c3c29e7e97228629fd2e9284c388ab1cff750b3af2aca19d98a72c231a5b825e",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c83fd8ec-b59c-473c-ba5e-f460802e9362"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "192:TTRjmgBBg/WIDbEq1CalgHykkXXQ+MpovANYBj+nl:P5XEl4SFXXpSmCYR8",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "84004bdf-a01f-4491-9490-c75e272d2149"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--c2060b89-7937-4fe7-8f27-64813a461fa6",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:41.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:41.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".debug_loc",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "81442012-5b5f-4206-b2b3-2c99f4122542"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "bf181af7-e10c-4118-b48f-bbd01e705370"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "41324",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "522829d9-2525-4a06-a0be-478469ce9658"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.7911258913065",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7b5e4afc-bb6c-4918-8d71-77d5dc2d9926"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "75c826b91edea0f0bf83ff807f4ddeeb",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "8fcaf113-a377-4eff-a477-8fabea4fa14e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "7a17069df1dd38cafeebbf8ea769f303a11656bb",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "83b3ac5c-8e26-4f93-863f-3be6f70ee4f2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "c70288a77b2acfbaa35000491b8736ab70743f9ee9f2e0556ca2702d19a3544e",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "39dd9176-f918-4224-ab86-04a2e00feca8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "c55ae7bf38bdccfe6200be878b8d0adabe7fc86d2ce1844fc2fe043adcc9b45dc6edadd8c73011d3e68234b4cd3911a22a077dc23ee7424a5f01f066198a2686",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "4d8ef65f-0708-4636-b885-ee41534f8656"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "384:gah+ixHUA2JyWngl4+3pdIeRt8jXugN/lANhqTNwLzG1gtHIHbnk8c:gahbxHMJyWmdIqOXugNeNRLzG1/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "e4908286-663e-4bad-a819-c773834d7b7d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--361e875d-e54a-44b5-b9c7-6a9695705213",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:41.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:41.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".debug_ranges",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9e249bff-e708-4618-92b1-a0de5e1d8432"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f27659d3-005d-4e0b-aa35-9aad3f057acd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "4192",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "23453f14-b558-4b6f-b35b-a4d1a62d7a23"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.9426792068377",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6f4a4829-bc63-48b7-aea8-9cd4be4fbb04"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "b6ade8eb0c9af365f6abe8aee7703680",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "f5ac1a21-35b9-43e5-bb00-8bb63296fdd5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "e1648face620c760d64ed3f92ffbef8253cbb12f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "77369e49-6c44-4663-8f15-c0b97c115b3f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "9d3264bb78a7342b1f0d5b6e54c3e727a07af5b6b3455f45b94c0e24b50055a2",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "cfe7f0af-b294-442d-a431-cae367357721"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "2aa3305906824e493bc11d2361b2c8591d1bdfe124b6b7c6576b04c031a26135ab1b80cb1757a53a5bf94ff0d09841401fab389f78d74f691d44471087475cc2",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "907dd008-1343-4597-a30f-c8d7325b8367"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "48:UvXGHmmdFY4MpIOECv4DXDXDYpOF3mmtv5IO+AH275MD2drLy:UeHmmd6lE04DXDXDrF3mmtvV07Bd",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "32dbc301-add0-4a91-af3d-5c0d4eaed60a"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--af34567c-3eca-4ef6-a4d2-f47302a26efb",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:41.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:41.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".symtab",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "66f7ddf6-2ae7-4c9a-983c-3e0eb52c6327"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "SYMTAB",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c55ec9bd-e2d3-439b-b805-7a87040e89d3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "58632",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9656d762-2c95-4cc1-a8a4-35125d168062"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "3.2704167968698",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "12c1e68e-8b0d-4412-9441-336c8f585277"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "ebc7ccebf350980919d1dc66f337b7cc",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "084729e4-ad65-47ae-bc76-b276e3fea1ae"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "306412c77c1b4e74e4054e41ea1407c8fae327ab",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2b6558b6-ff97-40c5-ac64-303fed1b583a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "a99f6690c57912ee9b50a824677a0e73a33fe89e81178f1c341ba4cc5c734baa",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "e4731c91-a510-404c-84b3-d672e39631cf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "cded297ea05912e5cc7bd10375068648289a3476ce8f6de94b9acb8df41739362ae0da6ce1460c3de72f43389d44ecd068a9781ea48fe9548028e710648a83b4",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "af3ca2e9-0603-48db-8387-0cfc337a49ae"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "768:KSjjf7mk7Az7zEi7vay56R9mnExbIOH5vRBmQDN:vP7NAz7ggdc6ExbIWpBvD",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "cd87e494-7be6-48e6-bab8-9726fe29f98d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--aeabb0d9-b3f6-4097-8bb2-37e335e529c3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:41.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:41.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".strtab",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "05015846-1d38-4e25-836f-a91424ba1a23"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "STRTAB",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3aa8d0a8-a64f-4ea7-9cb4-59b4b88a0349"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "31843",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "11a0f58c-002f-40c7-aecb-d4dabfc5aa56"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "4.6314982295082",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9c0c090e-8660-46a5-bbd2-fe3db6bbc9cf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "2b6c9a19e7d219bf597c1fdbf0c5a8fe",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "74ab40cc-de69-4d46-bfca-93ac013bc53d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "86c5f200ef1779f5ca0e498f5fccefbfdfd776c1",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1ad5f158-4b0e-49aa-a0a9-fd88a5e2a727"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "c4a486864a5d0de1ef945f7ac7319c18b263a8c21bb512961425898911b8f78f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "bbff0a30-e005-4677-b07a-c76b29e8da0c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "a28514f9a00d95cd900598ca058de38e2f58f52885c7ed5e9b33464c70afe77e6e5e005d157f16612dc42453599282762fb9705dc22e7565ea70a31079f167c3",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "253f29c3-84a3-49e3-920f-83afc845d4f0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "768:EKrlWymHu/gARHNlByMDvnikLTB/nAhs2Xy2zDptDvpMimWycITFE+14zsk2zQFT:EKEycAHNKMDvikos2VltKiXTITv4zUQ9",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "48999ac0-fdd1-48f4-897a-3b59fde5d1f2"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--4c5b90c8-dc4b-4aea-a678-0c6c284676ac",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".shstrtab",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9c73b779-b22d-4408-b47a-ad2524fc6580"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "STRTAB",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e07dc6a2-8bb8-47eb-a5ca-d430f9c32517"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "385",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "0757dc0b-c15e-47e2-abcc-8cecc95e1266"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "4.317008081308",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "db9c2a0a-261e-43d0-8687-b2b98401dfff"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "85d1eb6d1e5b292a34cb5cf172d13e4f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "9a9f3510-32b2-4e4a-ba4e-351213436c37"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "7709ffafc8174f3690dc3a4799618dbac4489416",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "67eb4641-4b8b-4f24-9678-bf45d3897027"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "599c752bae6979fba10a5bd6241df6eb52ef5856593571aacf0e376906f00d40",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "0499e966-5240-4921-8a16-ee8b7a99a519"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "aad752254ff78edd1435e42187b747862618454cac5bb5d9567386d55f9e9165df9c3fd00afec1621c41ca95c8592404fce1ec76b968d38e767dfc587375e3d1",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "57fbf199-06c9-40ef-945f-ae067345fcb6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "12:IELkxo84O6OvXdRAJWlRWi77Iptxh8hc+:X6oujAs7Boph8z",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c311cb8b-e105-4f8f-b4d0-c0776da435b7"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "EXECUTABLE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7230f085-c606-4dc5-ba97-748d2ac9f7ec"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "entrypoint-address",
|
|
|
|
"value": "4201888",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7613fed9-925a-44d1-af46-090b90534d84"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "arch",
|
|
|
|
"value": "x86_64",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8da4056d-b2fe-40b0-82cf-dbe10269f80e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "os_abi",
|
|
|
|
"value": "LINUX",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c657af58-8cc5-483f-9b42-b97286f096fd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "counter",
|
|
|
|
"object_relation": "number-sections",
|
|
|
|
"value": "36",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "cda41629-ce78-44f6-8270-f4f3b390f627"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--7d7df874-930d-4b20-8c96-af63f55cbd84",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8392208ccce589326e3c72b6a80cfd1d' AND file:hashes.SHA1 = 'd532edd89facd147c341a81cb1b8c363c73eb0ae' AND file:hashes.SHA256 = '40ea141f04339799df7f98732e7f3c6b4591b86d0e3a924dff22c40304995e4f' AND file:hashes.SHA512 = 'c9cb45f1ef8feb8be6f9d458a1c94a65fc075435c4c312750fb1ba9180095ebe7dfb5a020130d249f00fa59172eea546ccdb0d4737545a36f3bc3b29f47ddb4f' AND file:hashes.SSDEEP = '12288:9UkkhE6pENVm/jwzAtRfYjz09InxIkLkByyyAI05AmRUAmxVSpVWq5ko3VlQQIM:2km/jwzAt5koInxIb6mRXm47F3Vl3' AND file:name = 'file' AND file:size = '1182192' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAFVxPFQgbKj1YTMHAPAJEgAgABwAODM5MjIwOGNjY2U1ODkzMjZlM2M3MmI2YTgwY2ZkMWRVVAkAA2L582Fi+fNhdXgLAAEEIQAAAAQhAAAA4gSS16mx44idEOekqiWKlKs+L6UZujJs8nOzbiNUcbM5Oze+3qcV1rpg/LhrJYCnXUoCnQCCQk8hLeB9mwxMeubliqTn+ye2ySZtTqf8rZygqpdJ+Vkk0Io7KWaMtZeOPR8w0b3G2JGusBO9AkrPklDIIHE6xjh/XpLN/HQ5Hh/a2/F+8dpYdEu803OGi2zpqKaQXD4c4/rF8/m/8n16CFCRbr4kEwAUy6eHmst5DVP/bvuIMLhQEOP6aE1Cil2jPbeDF0VFecxIPRbiMhGYA2fzJ79yqAvAmrMPxBWfySofHrvk/WteDycmSiMwAINNVKQ2rILdwx+lU/lXZOxYp/cVwWwbX/dSlagKxAiR0ugJLWXePaVS0A2F/iq78hAUyxdgQOgp7V7CEfwUl30dCl+ALZCyO9v5zzyT0QguJ/jMoZ3aokUUybfuv4Kdxtj/DepXD8vcXottA2dVvcC7H/GjpVSRSVywoQl+zmp0Uto/r5xrOINSDu8KafH4vbrhwtakSySZHMUUbvSM+4tQZ+9mhjMATG4RzJqS+9s3XX2Vd/OYj+uOsuArIMNqxUFd/OMqNbAGYXlN5fxVya7tKqf+Dxz8k4hdUStp4FvzYpDvRt+Di9Rkaj4PTD7n4lJDgxF6nho5MabcYbgLg0OwBCb/aYM4G8rK1muzBmKYX5QV+TIls6qNavAOOmOIn9deYm4ixNmujarm6Ieu/BKtsR78lccoy5huoK8nII5CUiGdacaJFN4cxzetMtDslDCeVIVs8beZ9hqTLr0YEMyMqnX/6XSW76G0D0cc4BlIy93IiB5+Z3hHyhqmUibY4cKQVIdp106eSLKzPDn5MCfPYYXSLLjvxTmwLY48KtRGcP/slfoEFISQdVnTHClli+vZElekqNWxxjW8fD3tiYTQjKxcYPXvESPaolcHs7FhJmGsRimeZOj5EzfuavxxwqVUCsimv4dABjzU1Yv5AQ5PWORzGZwjCYkyLlR1CPfyGXf9DAM8gcAAJmHsRqxWh4AwtJDXjNMECbMFsAdLpnvbTbBAh+OCMgi68+0x8h2t6bLr1P3BLrlcHkiHAK9E34wT6q54Io+lyHB5Zmq6FRmjFmt9Ah2VCz0myQ9bnUD2L09tgF6RsyFAhkrsiZadogcKRKzuqZw2D/Jjc928bASx42Je3iNV2S6AbEzuiPUOQaLDPXROQwF8gQn9HkaewcGcMEZO1wWYm7lakFdqPHbluz0PWZtt86EV8cvnewVVdB/3BWs1Aa2QiYaO4kxB2j42F6iw/EfbCwOzHNEw3u/gZEkJreL/7/FyNtNrxg7lTNwK0ZPLT9vaXbuaZeTX9rklzN3ceGa3A2Vt46oZYZTAb7O+3V1NAOZsFsMAIlj8EA/sHPndthq7o1mc7kbEj6sKj7FceMDGXzCvlrYf5L+bBeCkhO7ZiC9oYDZKQAB2xJNH+d0LU+OTulbHgUsGgiuo4I6Alt3P48FD8fSnaZCsCYXE9awFPoKlavdGskT+NGpi0LdxTkwj/Zj+aLeRrEHavZv61uHy14VaTLq8jemx9VTCuF/IMifR9aKzMi52nz836rkuVGJfLgPAcUkJxxOkpRQRhe2wwdBamu5ZPshXoTBCfN5Wn2p0fvq4bjGJum1+tQNIBprTULY48+HCcWjsVd8P9TlKYhilacT2Tp7XyANvFzqAfHT4D3Tqel1Mr+QUQQg2JsHpUm3nw3TdBYbGXmKlG3In/cENVILz9pus4m1+UU6X7CbatOURuk+U2PwYvpGMcslNXi2B1g8CUKSKWYrCc5Nq0mNbh75VAQcvX6qiEOEqBQEEoXgx8CCuVt4PLpxmpqSSHQ85PRTUiH0nSgqkuzakZlCJdQ2EIEy7267zXJTYXXlRJgv40kuz2DbZqltdcfQqpEMs1vzh4LK6jGEhlUfJBeVOA+p/TlSL5ODaGR5a19xq9vD43DbdV4WUpBNXJMh8PIPmFUw9kW2aMi/Gonq+njg9z3Ltg3JoV0/gRHUHkM2bHT7YmQ+O6tKCYs2s5UsYiPOboe5c0Efqcu21eM2pqCdVmqPbMjNR1PD91J6Wzuy540BjeNiF9AFhtOfM0ldEB1KoSDNm2pdWNI6E98Z75x9z5Fa5sgBL8SucvjI9v9G3bM8oNToGFfVXBOMUcP+DOzh6qclSSUuljZXJr6MIigejWupiwkI3P8Qn7HzPEyDnFd0lO+2YaZZqW8UtcmZTnyKQ8oGjP4gbKS20FUKzVVyxhoM/j2t4ENvkkeQmg8f2xfO01GTpNAFiEk0lXH4bqHYgOhhzy758ZVj33JEXyqpaKGohYeK91bbnajV6qTig8sOOhlWDHY8B8h9n23TNiYLk+itKzFzjLMk0G4ONe+pzpL01MuAcPBdiMyGEX6oGuopLfGKrDipXfFTkPUMjz+PSXRnNNIZGOELksD4dKTig26NU0ISURq6jqbFPiafB4ToDKkwfE8+lDlBmJG64IMktqxai+FYk4bV9lNBoeIL+DxFAQp8drKwOBVZd3EgfAtU1SbOEso42DhtRdd0S+TbJyWZM+JEjIJ+UyFy/marhrGSibynkJSwLverXJEqWKA5rgko15KPBAHuYpjPscOyOY+OCV2CW47PuNkRr/OPKKCVSXYSP+/5n6i9mG7q9J8fPM/qRjIpnBgNGdTwSpLdVoKndPLJWhInREQLzpbtJVfAXNDPVGBPD7X54fbGCxKwilfpw74N+i03ljukawlwZgXi2lGPiEOWRkOsFiUhlzssCgKjhEQFI3+l+vZxcZjF6nUVXXQhgThAJ4sREnfA9Kq+cDeB7iX8OziPZgVRrrxND0yhQOvcHJ1iH+vW6M67NIH2bNCwHZlnXi1nSU4+eeVoDqxz3GH88GNRv3MeBVs/xuKzdaAsTa5SmGKANFrQEFuKnyoIQmrzIl8d8SrLsTRjff7UpdS2RZ7GCf9vx9fLMuryHI49bd7mbyV6qYwIppLCAINhE9ZdFCGLMbvCCEitLjHu1am0wCGF/rP76ePH0tRZBecvQCQgKzxRfX40hA/IaQlIx/xLa3G5lDRHncuFmvwEF1VMF/bKg9TWS6DbZUZAyF7PEr16oTU8or2OWgOzoXI7ryvAEO3nSlQF6PK5KSnLYZpjlkTgYTQGRHQ7Hux+ua9WZpGBAQCgk89yXHYt0G8kIWwTxygivhhR9p8B06c9C9kBPk+FJoBWL+A0G2Lmu5IiS5pZvzlTK6HeSTsUqdqaYho8vbGC746d9Ko1kE4puRnoWa741vA7SRe4DdUE5AVGK6L+/r/6Du3dpL67EXKip5Ym9jGcA2BN36q8Z75B8RE4srsO0zHvYew96kX/FPsQvEFlWroG/jxj8zAQEjv
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2022-01-28T14:10:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--332737d8-78a4-43c1-8eea-1672a9c6211e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:30.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "NULL",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e04e8457-bb27-419c-8d67-cbd7ddfcab9d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "0",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c92ef81e-1f32-4882-bf6e-c775184996d7"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--86f548c8-b230-4c9a-b370-ab8c763247a4",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:30.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".note.gnu.build-id",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "be46d2bd-3169-4bec-9d7b-ec29d4b3fdb0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "NOTE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "23f9a169-2049-4ea5-be45-996fbc30fd71"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b04da04a-6d3e-4922-989c-0859c32fb0f4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "36",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a86f1bc3-ca3d-4956-9817-f08283218b04"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "4.1360560861958",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "008c8967-f970-4af0-9c9a-cd9caa9ffe59"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "bf3ea22ac04c8eae8a62485d436c79b9",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c452311e-7f2b-47be-af34-581cc2c913d9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "ef08a0f6714663c35104ccbc1428f6ce198a2101",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "74778584-8755-45d8-8db1-d7837456d0e5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "709e5cb7547e0b8cb200748b67058ace84f940095fc239d9c69d5774a8639f7a",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a2446929-92ad-40af-9657-8ddf609ee4b4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "552272399253e57f8f84e1c17eb54cf29c38bae7d257ef7cc6702e2ad97431e7b8d561410ea75b7abf53e2a9a46cdd5db717249f390c62d6770668c0fb108f9c",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "391d58e7-e118-4ebe-8293-0348c110f63d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:ll/yly/s2rNn:io/Ln",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "b755e492-5b5d-4753-8709-efcbe4abc073"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--6994c40d-0d38-4742-83fa-223ab043ce4f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:30.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".note.ABI-tag",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e4ff3336-b937-42dc-8e2e-7c4ff1a5b579"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "NOTE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "95934c3a-e127-4310-973c-ff87f362d442"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "1d02c03b-bee7-468a-895f-8f33dbd05574"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "32",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5b26bf2a-e8ab-4f0f-b6f9-dbbf15af5de8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.5612781244591",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4fb754ab-3f27-499e-884b-ce022858e0a3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "3ac31b2ebb8a59ed3542fd7de044fbeb",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "f1a1d586-4804-4257-bca8-6cd6e63f6408"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "ff30407c37eea291004a26a28d988eeedd0ea449",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a9775d84-874d-4eb8-bf87-fcdb02ddfc8a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "6e48317ad93a8ac2dc04321465ede06d1274543fc8ab172e68171a9d684bb313",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "24bbd133-92de-4740-b91d-4032bd5cf56b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "a4cbd38f6b8bf2cacbdc70c4db792e2a7d2159a36f84d41daec7164b1c435190667dfe16891cb6ef3339c0f0190bd43735b26794734ebe63a39f8694ae01aeb0",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "9c742c03-95b9-41bc-94ec-d7bbc7c159ef"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:hlslqklllsl:wlqk",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "7625057c-f200-4655-89d8-637267f9fa68"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--08bdf6a7-c0ca-4804-b0b0-a85fe7e852dd",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:30.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".rela.plt",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "87f686d7-56af-4c9c-963a-79c13e8e70f3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "RELA",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d7c84e9e-d0df-4251-a803-281e2516a04d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "INFO_LINK",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ea85a00a-bd1f-439e-996c-b3ff5dda589f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c63a5bdc-3ea0-4917-ae75-c63524d382f8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "720",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f2bd69aa-33c5-437c-8706-e30540b7a9e7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.1805033054394",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ccf47753-7da2-4d49-a58f-2fe5d8cd325c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "9c55b12ecee452dfc4b21363c0f988e8",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ea692360-0bc5-4591-823e-bb923cbaac33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "a9b079210ea566585598ad0e97bc02c90741e657",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c0389fe0-daa5-4c8f-9feb-a117f4c7e9d0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "c63eea6064b2c14f0ccd7a2cb1ded9c0df7a3db79ce8f322fb2c9428476840d1",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "4b6537d6-a48f-46b9-879e-7fed1993064a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "673a7cc843eb7b15a461d9b3990dab2586e44814e362f5e41a9a69db21f36625c4f9bd8e10db57f7d32cef4524b63486345545afe18cb710c5ac7d56df9b5c41",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6fe9e7c4-648e-4712-b7de-cd2945aff371"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "12:zm01BgUqw8G0IKTXtJOOZVO26pGkw+XiZqm4J:zm01Bxqw83IKTXtJOOZVO26pGkweiZq3",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "51e2547f-cc01-4c69-95ef-a08a21b5590e"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--04dc6d5f-9f25-4855-8ca7-724299500296",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:30.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".init",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d37371e1-ef36-48d4-8eef-c17dafaeeb5a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c66d2eba-76ae-4144-82ae-129edfbf82cb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "50152080-6337-42bc-93b7-114eba9aae05"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "EXECINSTR",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "aef54072-8bc3-4952-8cf7-3237972bc7cd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "23",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "fa133dbb-a1fb-48b3-b96f-9b1b071434bc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "3.5670402169266",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "12acbc4e-49aa-43e3-9a1a-37c9597db9e6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "f04a7791ce8e0ac844b5836e22a70ef4",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "076cb10b-042b-43cb-9038-e509b3f2be25"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "c6856938bdc9fcecb040e17b9c66931cdd56938a",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "20a37d83-f6a9-4b3c-93a8-b70d958490bc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "6435ea37bcfb4a907f6bbd90fc4846c2aa2ed0605eabd7dc43e3697401c95842",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ab9b5c1e-b989-4a0f-a9c0-f5c888bc35eb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "86b816440cb81f67209529f4b9e6b13c2848b07f80233515e909e551cfe7d643c31db1264cebd193b53d3dfd8a79c95aade026b4ae76de867f6a20f660098c89",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "27320a8a-50fc-4792-a9da-9a2f0f93d8ac"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:4QgRVhU:ngJU",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "f1d2c722-9cea-4628-91bf-7c65abd580da"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--8c4d1d56-076b-43f7-9fd4-a5ab61aef707",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:30.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".plt",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a02306e0-c952-4541-b522-2dd67b6edd37"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "715ea5c5-3e7b-4e43-b9ae-50953a7c2f8e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "22191ff0-f12c-479d-b0a2-807b19b36a06"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "EXECINSTR",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "fa9793a2-148f-4b84-9370-718238179012"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "240",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "1441ea9b-2f27-4728-a40e-3149803bbdb5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "3",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3cc9ea66-39aa-462e-bf10-240167ff3b7d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "71b1324a418e99f531163b6bc2a9b45f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a3906184-6c04-48c6-b15c-c68fbe770922"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "44abf51c6235774f8fcab452157b975526b5fdf1",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c06a2edd-1438-4368-a718-80535a9cb1a3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "85dfb9afda74c54f07857c16630c80d22bf27869242b2e70e69e8e0a30ca2f06",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "93ed3cd6-1161-435b-ad67-93579058786b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "eecdd17c872ab7a8daa2f962de564462518908b5adbdd1ad7dfb08ad90b6b6cf85de196176c97eb12e79bb60806b8ad79bfcc1f3d13e7289dc44618a7607b11e",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "cf3623da-5840-4304-abbc-bd03bd43edee"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:LfKP0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0L0Ln:r/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6f0a116d-7004-4e45-8e8b-b51fbaade85e"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--477fe223-252c-4506-99cf-d5b0141824c1",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:30.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".text",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f932e5c3-5001-423c-88c2-76292c78d086"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "23247184-0377-4696-93ea-df874e110427"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "841ff7d1-6c3c-4e57-ac66-9b59e3ca6dd6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "EXECINSTR",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ecc0e96c-f6d5-4301-b40a-ea38d5a9ed0f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "751920",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e3b05232-143f-4abf-9322-85c6d17236cf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "6.4136158596844",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "11cfd885-b304-4291-8c94-87e2fa009dfe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "13632ccc865f0dcc9e7feeefc846937c",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1e6aae70-04de-496b-8bcc-fa9aa0a69f0e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "bcfdbe37f0c1fe09965ed0167dd6e54bb300edf9",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ea42b660-193c-417c-86ea-53b534ecddb4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "c56a5bd81d3b5c6b297a779215ddf3e61ad8c7821931379c4d8dbdb27cfc9718",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "b4460c08-a460-4663-b31c-485754b3bc28"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "7e98a788963643730ee30a11c1cacf14118453badb7758d9cc3ada72408775ab61a573284e3f770ae7ee20f8e91ed331aad49df4f7cf33af16e07c5605862d71",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "53ab69ea-7c8f-4912-b61d-64f858c66bc7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "12288:NUkkhE6pENVm/jwzAtRfYjz09InxIkLkBk:Gkm/jwzAt5koInxIm",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "615dd661-7a08-4c68-b4af-c2b422b6cc34"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--f6b98e69-863a-453d-b203-4ad6daf96031",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:31.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:31.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": "__libc_freeres_fn",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4f4c1b18-7f63-48da-9b7f-004119a81d4d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "1e5f22d3-08a3-4975-90c5-44a64008f843"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "08bc2e04-41b2-4478-b5cd-433646d649f9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "EXECINSTR",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f9e38af2-3e23-4a81-a67f-5481fee84737"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "2920",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "76cffbc0-fbf0-4046-b35f-ed45e8fc3814"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "6.0319278491528",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8cb170f7-fbfe-4655-9836-89838af2c503"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "f00fa594145d046eb63deb1480a06ad5",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "31f44f13-372f-4ea8-bdba-e0d6495ae0b8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "8d4895ab5aee8b98edc300fc8a1efabe6fee7f3d",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6cd8573e-2262-4d88-945e-ea46582d91a8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "e65d50cd4e3d5b752b13dfd83cf247ef2375e072b2a478cf8c2b724984152c87",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "eed9a33d-f7de-4216-9a74-d6d3009c5c96"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "38ae36d8907ba3c03707f6ae76cc64527616033f522bd3c51fc078f5a3084eb02f3dbd3237cbdd82814ed53cf19bcb6d1f3821a2d5640ca71987fecf133179a0",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ab53d12f-8205-4fd0-b96c-5764d911ac80"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "48:B9NQtAzX2ebokMynB2WrkBRA9f4AWMzWc5f64QeobI6wfU11KDpNZb6t1:BPLXtlMoqpCpobI6w8PKNNZba",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1b608a60-0fad-4e69-9050-db81cdc7528f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--43f17071-8590-4431-b05a-1ba373f06156",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:31.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:31.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".fini",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d9f11433-67a9-4629-a1b7-ba819770b8a0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d8527bc9-957e-41db-a891-a0dd94233fa6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c385068b-4446-4c7c-8a7f-666428e7e94b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "EXECINSTR",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "fa45f561-9ae0-454c-abe0-141cabfecd29"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "9",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3b80da5e-59b0-40f7-95a3-c99d4b1fbec6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.5032583347756",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "95a18e1e-3049-4fda-9316-02d0031aedc6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "c0ebd410fb9cd5628270064c1ed937ed",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2f51308b-48ec-48a8-9f71-0ec08908f016"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "fa7de3c1bbc31c0cfd7a16048b53b1bce8d2c590",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d780a5b6-a9a7-42e2-932b-bfec53f2b0b3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "66e6f54550612182b4ad78f30b140dd08318b968db3878de2db65fef87dc04d7",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "9c3174f6-d986-4f56-83f4-0ecb88fc5e64"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "4852df44be27a842795bdc6d623c510b381f027399198ec6d481d90f29dbd6c5a3721460086e1080bb53b9fb5cf852e710f97f1dd4912ad61711150979c9e715",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "bc2754ef-81db-4bbb-bab8-7059d2c98bbb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:4Ui:ji",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a66a19d1-aa1d-4ef3-a46e-0492152392f4"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--988dae6b-7878-45d3-bb52-3483cfaa90ac",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:31.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:31.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".rodata",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3056b32b-4a25-4303-8571-c33249a006f4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "955eb041-7e5b-44db-b414-df5fa6fab44a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a8a45b73-d343-4665-927c-9c0f4811d353"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "131044",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d4fe52e2-4114-46e0-ab0f-1048d630e0bb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "5.1104698168094",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6d4c8c6c-5618-4865-96fd-e62329c2130a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "15e1a1b46c00913f46ae743a75af34a4",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "17157b60-dfd0-4dfa-8f88-98506887b81d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "48433bca2f819da39ea903f95f9d654981c85964",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2bda0f36-fa45-47a0-8a29-4e2a7785d412"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "fcf2c653d4fb226e561d4e7916a60f4bfb10c0ec83cccbb410e8b206f122dca9",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d4c32410-4873-40c9-afed-a77ffaba2825"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "c692588d5e8f2a762d5dad71c12650fc977c16105346f0389e5a4dd417b3379eed558586bee9556a6a7a7284b7a99d1ca5d2a11eb7eae168ab844672c4b1d571",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6ab7b8df-76d0-4496-a303-4d17454e8e2f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "1536:3G5NAhVTxV3T9yyA5Gt057Q42YNzmp1Zuw/QDxHniA1jgMRmzW:iNydyyAEt05d2Y1G1inKMUS",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6d44d8cb-0ebe-4ecb-b734-2d29d3d7c935"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--ff3dbf25-c91a-4c5e-a307-b09140d1e54d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:31.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:31.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".eh_frame",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9f097cd3-6289-4d49-b4d2-3b680b236c09"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "84c2ba1b-e21d-48f7-9b74-b3f3218db733"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "04ec7ca6-125a-4eec-af92-4cd5f57b1333"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "54204",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "41a36bb8-9bec-4cbc-bd9a-9f92d449debf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "5.1471546712778",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3e6a51dc-4e27-435a-a4eb-43148f0e627d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "8c4e86ad4302734d629a3b7f84b02811",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d102beed-64ae-4b9f-b275-d644fac0d564"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "b29345eae0424ef48d378c1f9a18c2e646f88de4",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "f1e480f6-4886-46c8-b16a-95be01106c7f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "fb3eed8684e3558e4f1ebc2c93be55ebdb946d30bc40a1798764372d42763fc0",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "8d5d64f1-10fa-4f5c-8690-eee7d3ab09ad"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "7560e76d416de1ce7543eb0f65f5c00414c642af401e3d8614dffe934681c71966a1afaf5849053530c198f039491b15015da80b781303198bc4433af708d1c9",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "195f1fb4-8cb8-433b-9916-6bb886a45b13"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "768:SFg9H3xSafgh+5sfYMn8BXy/jbCYY0Y6y:SFgB3LafDKybbXrB",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "282b4545-6187-4256-bdaf-563c788d0937"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0e101d57-1d90-4076-8374-225d56ec15c6",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:31.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:31.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".gcc_except_table",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9b97b14a-6d25-41e1-b354-c83509d8539c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "25e88d7f-a280-482c-a62a-a1ed81b9ab3c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "535270cc-94bd-4a3b-a5bf-2015ccc540af"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "265",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "80c33fc1-1644-40aa-8df0-ed9fd16d7827"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "4.2159746268458",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2b78a5aa-d2b4-4c01-b61c-eaa9e886dafd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "07cbd76f4ce2496fb561f1355549bd39",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "94c4b26c-697c-4840-a476-e5b9c43713c8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "41bb3fe74080c09fd7213d78fd7a8d9c50a65ba9",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d8bdcd8b-9481-4dbd-a033-4b13bd49f9eb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "596d5221ea646330c9284c4e867b834b7caea738857f00c9e92cdd0e94a2b257",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "8ff11f87-640c-45d7-bdad-5a9ceb8e30d7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "89ca53c18286733eff4017a9e05a5cc2439ee213d538a867ef3a8005d64ca6ed877ec4e2ac8b037574baf0db40a7c71a1a324ed9e3b50f3c38360d301df6a720",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "194d62d4-f9c5-412e-8284-4010d647f653"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "6:zM4fH9rsHMER3D07sHFNZNa5tkNm+H5fk0pP7vHg:IuZss4RlNZIqLBpzg",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "129f1b75-ecd4-424b-b590-9d4debb2d131"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--388ec59f-5fd6-4ece-b807-951ba9deab10",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:31.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:31.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".tdata",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "30630967-20ad-4503-9db3-3898ba23f766"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4df774b7-8b03-464b-b751-7fc1861082ea"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "TLS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "1abb1b9b-0bf9-4b29-ba1c-e5bff014f639"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7d37c6ed-1e43-4e1a-8aba-8fbda0223c7c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "0b2dee9a-94ca-4703-aa2d-ab6e04b74095"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "32",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a5d69900-a889-4d52-a3c9-391b6e2735db"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.6564514568588",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e9a7bffc-83ad-458b-a644-7bc910b2c2c9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "d8445c6ea509a0cf49285586b5e798d3",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "35d637a8-1425-42bf-be07-bd9aa5206467"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "9d20affdfec75adee4bbf4f387628a4aa47d6917",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "52b00a8a-042d-41bd-bc53-b72b3c196636"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "8e92fc27dffc21dd34904958c7b11d51bf0c511259a04bcfbc9aa21c05c2f423",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "fc9aa3dc-59f3-4170-950c-047af750f55e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "9153389116697477be8c100dcbbea350b486f5bf869837f05861fdd6b7506b26cc9c516b9de06ed19e0254ceec318d7d2ee2dfcb4e1025bd6cb526a074d7b6b4",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "564dd6e3-354f-4887-9010-f139ef5adf86"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:hlFTlNjlltl8//n:S",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "4d872ca1-5197-4c7f-9c05-805cdc2bb480"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--95a48a4b-e0cd-4ac8-aa65-1616034ddb4e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:32.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:32.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".tbss",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "80a8f8e9-cdea-4670-9261-d1601e6b0950"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "NOBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "fc0fa68c-0d03-4128-9796-924a24d787d9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "TLS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8e758b88-da99-4ada-8647-e88938690f01"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ad4a8188-dcc7-4b5a-99e6-a4a9e6cac9e3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6dbc19fd-8570-4dcb-a3f1-9f9009311aae"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "88",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d5ed7fab-519e-42fd-920a-b34ca20f6cde"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.1027882315262",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8eb76f65-46a3-41e4-bdee-06950dffe3ac"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "07310210869280f3b8d93637b67fec13",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "266eb1c1-550d-43d7-9040-689879925edf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "9a21a82ee47d2744a5ef3b622a60d48d6a3ea8a3",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a9a70bf6-6408-4753-9817-5e37c9199fac"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "549004bb6535c38518491cf2d132bc07306edf56e62ee50dfee46a60661404eb",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a90be2fc-a6a1-45a9-ba0f-f6f8ff0222d0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "0f5666d1a3476d57d0e8b97602acee9943d00446785868da9b470f441574ad88d29adb314fe8c1c65f0efeee2dfe7d26818342d73bdd7c1d62457d993b81163f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "3183bc51-987b-4da7-98d7-3c14d41ddce2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:ZllNHllt15Hlll/n/lIwerl6lllsXlZ/l:6x6/W1T",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "739d4b8f-a371-4b7e-a0fc-185590a3c15f"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--d3d5cf26-3fb5-422a-b09f-bd5608b748b0",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:32.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:32.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".init_array",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c33806fa-067b-468c-b1f4-82f36720e91f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "INIT_ARRAY",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "070664d0-1e8b-4354-916d-294661168ba3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c756c8bc-ead6-4593-b7b2-4b4195813726"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "70a225ce-129d-4333-8a64-4cddea42c809"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "16",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "28e82157-3a47-4a58-8ee8-cc97702d5c6f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.7987949406954",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e220c0a7-dcd9-44e9-ad0f-98b2e5eb4068"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "f4f6ed406a4341622b421a3324a0a026",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "b0e0c40c-0110-4adf-875b-a2c72ea6ec59"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "d13126772e6c15aa390a6f9be53ac912653d1eac",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "7de84109-d7d1-4e44-8dac-9c3ecde6dcc8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "92d74ac19135504c8094828fb379927613e0d6b277636e0b2a8151ceb8b6bc6d",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "f4bd050a-7b30-43e3-980a-d955b3c4502a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "9bc8206330bba2adcc4cc598dfcf5d0d557cb37efbc66368f9c2de19aaf0554c6cc4cd678404d0bcf2498bb23e7c218e97ccc246d0f126a622205e28c2641ff7",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "3d67c618-4f28-4dcc-9d83-c1d669fde2c1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:ZllNHlltn:h",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "90dd5c16-67b9-418c-a40d-c1a83f66de39"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5ae76e6a-5bde-49ff-ae62-7a7a4f52aaa9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:32.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:32.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".fini_array",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b1467e5f-7c15-4559-9174-08b0f7d10a51"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "FINI_ARRAY",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "77d8ff70-b701-47a5-beef-898e13f1378f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "cf63f135-2cbf-4cb9-953d-5755bf3f990b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "65a86f43-0421-4bfa-b289-3910c45efc7b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "16",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "85401a12-f82d-48cf-8fa8-c275600b9d8c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.7987949406954",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "0721ca2a-283f-46db-9027-d4688518b2e7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "7f55249ca89e16bbd67cd2212c30887b",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "7fa901cc-66a0-4bb7-ad7b-4339a393b476"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "35c8f139b12692703a6a7335fe6d2665d8279d35",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "949dca05-700e-42d5-8672-c6d8cdc2089a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "14e4a7583adbec3dea25604af97108567213271b44ba0728901dfb1b7fe69d44",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d21b4bcf-f10a-4bce-acfa-0a8fa8e65a57"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "f3736cde4c1187e5845bc1a937becfc68e31af62f212f06eb030275be82bdcb983c76cf0856189be384afefd63770bfb4e7e96f316fac87b15714db993182bf2",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2c2fe12c-f8d1-42fe-a618-52546a060e12"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:rHlll/n:h",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "f220869f-7415-4f77-80bd-ba70fe075ab9"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--bb1bfb74-9f6f-4449-b874-a765554cc9eb",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:32.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:32.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".data.rel.ro",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "586d2b40-7482-4e35-81aa-7dc6b23388b2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "16ee798c-bffe-4b0c-9f9d-77c3146cc4fb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a98bc1fa-3c47-4a72-a6c6-0da0ba815172"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "19a0f28e-b1d0-40c4-ac9b-be8035122838"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "11860",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c59d0bbb-b1f5-44ab-be24-ab3bdf6e8bac"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.582065799178",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ed8fe5a8-8a5b-4008-9678-3bc3c73bf622"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "01ab2a7845109b20c8c13f7ac0d613bd",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "35f84969-92fe-44df-be53-f8dcd3dbac1a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "f8500332f082a6ad3f5062b957e1045599e94b35",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "208e666b-b529-49d1-bbd8-0b39a6965710"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "e8e6f19f4d67b220cb12f0c57d6df68a621586b268ef3851fa4330f425389c72",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "053d9028-5f4d-475f-a37d-a7af1c737c32"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "14faee8f42246cdf660db6a97836fec8c20ee294d6cab6d59a24db8439a367f9d35eca9bef171c0d4aae335cafb31fa7ac2020c4ccffcba163a3a8bc19bfedcb",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6f9ed1ef-f7b9-4d93-ae14-f572c96ae582"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "192:1aQKFKKKKKhZpxRKKKKK2kkkkHIEKKKKKKKKK3KKK5KKTMaKK4QKK3cskMv326Lm:1dKFKKKKKhbHKKKKKijKKKKKKKKK3KKR",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2ed6a5bb-49ff-4d6a-a292-3da96738061b"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--3f774191-fb1e-457e-9d1c-5bc8ad5454b6",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:32.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:32.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".got",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "eb78402c-f017-4d5c-ac15-28e716b4a4bc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "05f1e889-4dfd-465d-b58c-4631023dd6b2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6cfadf96-3c7f-4aa8-9410-35b6572ea197"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ec2018ca-086f-4675-9442-617e6c3e15a1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "256",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e4a6ee16-445e-4484-ba85-13f7b83f3a7b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "0.51360896470411",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d5e0266c-58ed-4fb5-96ed-f3dc9057ae76"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "1c8c84187d23ee1c8d68f8417b278aca",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "94ed2d7c-f3f3-410e-8488-f98731e7bfa7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "1bfad37f81b5d6d301446eb49a8deecc23830e97",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1d17f67c-34c0-455d-8dda-9097dd02fe2a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "1083d59035c57d50e538c7b411d1530dee4a6a547a7ac6fc7f4f20174ac0aa47",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "3afd98a9-cbf9-47e7-a3f8-d3403d302dc2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "90c1f9e036cf299ca17a79fbd4d7584ca6f4c7489ad4f095d8ddbcb6768f0efadb5c865a47985401d6a9e4606d8d1be73351fbed273cb659463ec79d9e8d0323",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "3517d76f-0094-4670-a014-89b93b1b90c8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:flvlE/ltE//lvlvlzl:0/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "08ff3c5e-5097-4c04-ba48-43b426572cbf"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--2d3fc584-84ff-429e-9894-e892146ce7cb",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:32.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:32.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".got.plt",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d66abf31-dfa4-468c-93f5-ca9b442cce1b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "087341ea-723e-43cd-9902-1a5cb0c9e8d2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5fddf748-2bac-4461-b867-77ab846ebb7d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9294d6f1-2857-434a-91db-81443645b820"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "264",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7838ff94-b8d1-46db-a987-1999b55e8613"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.0475746685833",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "df6e6bb0-c886-427f-af13-43ffc7a0b750"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "3008c9c186720b10ea47fd550a93ab56",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2a263fd2-51fa-4966-a374-286e5b24e1ae"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "87ff3f0af51fc81afb013c38d9aa5f19921d079a",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "77fe4be6-c783-4ff9-9341-4563b697e1ae"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "e98f9daa553e024fafbcc340c585b4d4552d2af4ea8e5233b38806e4ecc87ca3",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1558c367-9875-4ed9-a7a6-3ee3b800d95d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "2d3533d887d56bf7ed77df225eb00e22c085102c5045a2340fd4fb400e50bb27a6427821644e635cfcbfe2d84ddbbafdda248c31a22d62e27298a3e52103774d",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "9c9aabfe-9ec2-4747-bea1-de0ef03e77b5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:7xvB9/lJHpvp9/lxHBvx9/lZH5vZ9/lBHRvh9tpHlzvJ9tRHlbvR9t5Hljv59thi:Sl",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "94a1e2dc-f835-4e5f-8405-cb05e12251ab"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--22175547-a96b-4ec3-b03f-26f365d45c71",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:32.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:32.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".data",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7e78b316-0ba3-485b-b8c3-6dfa90a5d936"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a194e241-f582-4a42-8a64-7ca72e08983f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "54500a24-2c51-48fa-8a60-ad5754669f90"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "465434be-2754-4585-8889-67317b058e7d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "7024",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "284f205c-b47a-406c-a2e2-9cc18fb718be"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.0430913631884",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8af208f7-8f42-495e-863f-2518413b5e44"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "4c71995c363a73a808d51ba6952987eb",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c0224635-ea0a-4eea-8d73-1f0e384bf41a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "182672579f020a410958b0a60b2bbb7a22899c70",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "cfeeae7d-0653-4e64-9471-231ea2d7db8b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "88d32e252213dda69d8ea169fcc70e05b7e43dc898a8ef5cffa2e0bbd66ccfc5",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1b12f7a6-cb97-4eab-9b1b-f48385385699"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "6b02e688a0cf960626d1a1ef65618359ba997e153bd1b965ded96b0783ad0dcd957c8bfac6510b6e54e5e5dd99350c8da5ba44b452be6992f451a8000079b9c7",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d7368c00-daf5-44ea-b3d1-934b7bbabc47"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "12:71+HybSvOH/Yruu8L0WVXsVa+y/HqYWx4ozKjKVCfak1iqE548/X0XaEwHfk1oHH:KLuLRQV47WVCfAOyvmY/mtytmE",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "cc8bbe2a-ae2c-4545-8834-7b1b43e4c775"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0cbef961-ea90-4e1f-9f8d-3e4d24f62699",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:33.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:33.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": "__libc_subfreeres",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "870d8265-d117-4a80-a136-b756ead6473d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "1148fa2b-8476-4b05-a8bc-23cf0f2cd26e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "cf77475c-6230-440a-ac54-4e49c51e450d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "eefce197-54de-4809-b2c8-1486a1707d74"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "88",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c356fcd1-08b3-4ab8-8570-7774701103bc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.268710941921",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b54dd844-578d-4b4e-9f1d-204eb707758c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "1bd9d95b91e889015d43a1fae7afb599",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "3f937952-08d8-4e40-9f21-3f89f7bfe589"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "75d66019e66e2aec613630d5da16a3710d2dd4f6",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "8e64b275-c0c8-4553-8fbc-8b8ae0ea6a64"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "a0170dbd1427eb901b50ebdcfbad77699aee60229fa233e0f68ca994f657dcec",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "95f8d5c7-8595-470a-a66d-1503a1e47ebc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "89fe13f13a7cf3756334b5e2a98b321a6fe461d8a2214f3ab16a71ca82e8053cffb7ceb56d77b984c2a922b552a1ed52c2fa4d8a15a947a1bc7d6768c9a92153",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "24b1d9e1-85c4-4d18-b38a-7eb4542bfd68"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:kX44jK/C/i/2l8lu/Ft/n:kXjZ0u/3/n",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "3ed48849-9f5b-46bf-9c5d-58f30506cf5a"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--05156594-1bb7-41af-b736-267ad8389d64",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:33.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:33.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": "__libc_IO_vtables",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d75baec6-c577-4bdc-bc65-9eb6d330dc31"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6e17c22d-d624-47c9-97bf-4de092d0dbb9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c2899bdc-61c6-47b2-b5a9-92172d54a8d5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e6eb5dca-8de4-4a13-94ed-62e245fe493e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "2280",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6617df30-749b-437c-8ad8-2f4545b09793"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.2294976354887",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "34fcbe58-22e1-4464-9280-a1f54b99500d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "ed1d48ef4103b6afcab39d66e62ef738",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "53d22076-0e40-40a7-b629-d92a4fadf280"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "8af062dde822380f0be1cdfbea4de73c24d2f76c",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d5829deb-3440-41bc-a2c1-3c81fdb2c6bf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "35c8c325bee01068b3708d272f8d15a202b74b3f02019238fbc4d04ade1eff7e",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ae9f0ca6-eec0-4212-8d8b-4adcd5aa27ac"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "5fdb768539ca49508187fc019589a13cdc17daea06ded6ee7f948d2a3cf3dc36c38dcbd2f80849b61ed4398f449774410559694b7aa980ad25c3fb4e0eccfd9c",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1613bf56-0747-4801-a368-edd1b136f069"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "24:mO28ThsyHcsyMpsyfcqhsLvosw5sGothh7dCG:u8Th3c8pkqhQvof5ethh70G",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "0c27eb70-9bbc-4cc0-9b7f-5eb3c1ba20af"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0317c886-7db0-4827-a0b8-6dd84576ddb5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:33.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:33.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": "__libc_atexit",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "60a9886f-de48-4cb3-a01c-5d9b8b7ac3de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "920876ed-348c-4d98-9cc3-ba28f6cc0a9d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4ae1593e-ed34-433b-8d8f-f0f1de75c347"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7bf6825f-22aa-4719-81a4-0de9844f614e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "8",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f13c1fa4-3198-4c9a-9bc4-d1f74b976af0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.5487949406954",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c9faaa24-39cf-40bc-918d-c1b94c943edf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "7153176250fb8d700ef6473ea4ceaa30",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a86158a3-b6d3-4604-b486-5ccbadef3558"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "2c8835a16b5f3b197e689ec77009511ca45fe7ec",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "00e507c7-ab20-4a86-bf17-18e2819da277"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "d76d1afcca1bd77506c5746a7790d6451f008fa563d0856b7904100b4bea4c41",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "1576ea4a-4ea9-4d1d-9c9f-f8980b1cfae7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "f762990995d926eb6276446d27c9c4fd454cd8fa69ad1f9308a39c20ab43b597ac6d7c24ed6f47180d7ed5e782e7fba56c4228e41232a273a71946cdd33b4f14",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "afd0f145-faaa-4724-8f31-154a449dcaaa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:4n:4",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "01e9c43b-5539-4acb-99a8-27e60450e65e"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--ad40d950-54f9-4ba6-9616-62ec24267483",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:33.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:33.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".bss",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "dd6a309d-3669-44b6-b277-1278a60ed3b1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "NOBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "c75f4091-5565-4e57-a952-637072190e1d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ffcdb95a-b76d-47bc-8708-5c9f2a6ae54d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "99439c4d-c8f5-448b-87da-20745fb9d9b4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "25856",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b1604d6a-bcd0-43fc-8415-3517527e7868"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "4.9527559123953",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "8572480c-0edf-4fe9-9456-cf9f6158b519"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "5fb32084f0356363c02c7f7b2fb0b500",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "cb418769-42b5-494b-9825-7659928c0f90"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "37db4047466a9f3af6ac23bdbd026e391621a519",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c1baa6c9-c48f-4873-b3d1-dd03014f4896"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "a6edb30315a56060cc170dda408099d2b915109932ceb78497b4724b4d67297c",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ce38270b-810c-4b82-8ba1-cf5011339522"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "996b70e518cf54026a8aa8fe7302b21aaf785d5a0cc72249ef1a874b3509e92e45e29178a296f970c114b579570a14cdd7ab2438488f5a689ff1439114ae3ed0",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c3ecfb3f-fd80-41f2-8c48-c0f7f54d96ec"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "384:VD6bSde+8gH08xxhinYcLEnkKkDLsyfJxG0f5cJj/1uBxc4OgHE:pCQxrOwkNsoxG0BaQBxc5",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "01868bc5-8edd-4a9b-a62b-6340d892f876"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0f049f52-42a6-42aa-b98f-6e2cb4e57fd3",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:33.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:33.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": "__libc_freeres_ptrs",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "601bd170-513b-4167-a58b-35c21daacb35"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "NOBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e0cf4a13-a377-40ab-bd79-47457a46b5fe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "WRITE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6bba33e8-76a5-44cf-aad9-8a79ca2212ec"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "ALLOC",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2d077bf0-6730-4e4f-8316-23be77aacd92"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "48",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b4f5aba3-4d7b-4317-bba0-ce75eba8b3f5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "3.892022398037",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "0b4ce519-5ba9-47cf-a66a-f6c14b235c54"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "301cc0554eb03808eb0705bb65b19541",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "9ff2e1d0-509d-4e7a-a641-27587dcd1b8a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "de36384981283a3537c5a2ef3a7fe3612e2da9a4",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "8fe4b966-e0a6-459c-b7fd-d4c1d98962d6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "5e19d3b85d4510334a65729801a7e198041b513624804eadfe86bb77aa202ff0",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a98628e0-915e-4ea8-b6f0-1bdb994eeca2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "661769b327528b01cb420638171726eb058505468e10c6c3e911fb07d76d89dd19f5dd035c49e1ba870aa25f9cd762a72bc98292f6457c4696815b4a1009aace",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2f7a58ed-5287-4eb0-9f7a-e0b91cc11ae2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:cfwFLFUhbUITMaLbUFmBLl:3FLAx3McR",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c0aadcfe-c544-487e-abfa-03b8a4614669"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--56143abf-cf39-4a32-b7e1-05145c5f4acf",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:33.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:33.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".comment",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a457ea77-8345-44fa-bcf5-2c228217638f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a144f17b-aa9d-42dd-a839-01e324938ded"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "MERGE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "835e0e81-3144-40ce-a6dc-bbd73c7079ea"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "STRINGS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6b5e059e-e965-444a-986d-d8ff227140c5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "39",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f0cc4987-a6a6-4e1a-8c3b-531a9b93b57a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "3.8171682463279",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "292a515d-5336-42b0-9c1e-d6abde44a4b6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "060ee9719872cacdcfc1d1d7d62630cd",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "bbb4d34e-d9fb-466f-84bd-d22676a708c6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "31dde06263e9efd9c38263e97ecf973572a14dd8",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "b4a6da24-346a-4f3a-99ef-0e1e93cc7241"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "b0b5eb242adf04205862f7138af0b804dae204bde28316e127beb1b56c0f44d3",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "54f27d08-b8f5-4bc8-a784-f42d3450ddcc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "7b2b6b7fa80f3d123512f63c15fa977eb74eff09969e021c501f2f8118c14d891586d925bcb92e449db6b3d00f5a8be0061684c6bfec4a279d56562b6948bf9e",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "fdde98d0-6c52-45fc-a562-b4ec90c524fa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:cfwFLFUhbUITMaLbUFmBl:3FLAx3Mcl",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ee0ebf46-1b09-41d9-be34-a87e3b1e65e1"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--0e9e6b1b-69d5-4188-b72c-2736a564e607",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:33.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:33.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".debug_aranges",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3c35d2df-3015-44a1-98c5-a6af9406d2f0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6d2bd8bd-68f9-48e7-a4df-b4e35aaeda62"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "592",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "fd5bfe27-0a1d-406d-94d4-de02fc8f04e0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.7642294641781",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e21d5611-e68a-4248-a989-36909096714f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "b98f825a216283649d9b26adf2dffaab",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "e8351465-d843-4292-b257-5c5bb065fdfa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "0c33651ddc6a2b31bd56006c76ec754c0588942c",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2004cfc9-39a4-4b52-8233-df3889c5c86f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "ae2a57fe0e5d499db40eceecea2b57b757ce10a175dc8f87cbc514b584939a44",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "b2819b4e-9d45-4397-990d-9a3b27f3fb96"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "0b9458da56eeb15b37962240cddc1c85e7f4719c125bb83ae6202df1a925a9949b5a942f711a864303854c24c4c907b5442244631ba1c021223a6811d8daf44f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a1468ede-049a-4a05-aed3-9b4c843d2d7a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "3:xlttlxllhlXLlRlUlllsz/txlm/X/iX3kplplrXtplllP6RsfR/dlBsNlXvLla/Q:O/WMp/SUl/d/YeFFX0f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "fae891e2-591a-46f1-8473-69cc54219c29"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--89bc1d5f-370c-4b63-8b0d-614340ef1ddd",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:33.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:33.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".debug_info",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "45d6e0a0-4077-41eb-be79-122eb82fb442"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a4de7b15-0502-4254-9a93-aba2fcaea0c6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "36952",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6191e200-a990-4c22-860c-b95d7abd0e54"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "5.0500197744229",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a438f935-ec61-4f82-a0c4-28e2c2a627de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "045fbe4bd619e48f21f0cfcaf57b9e15",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "dc3830e9-6b97-4d68-a674-8bf081e3e931"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "74860dd59db5f595449a706d87cad0c5e37b98b7",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "4724f4a5-3309-4ece-ab36-0f0cb0f41a3d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "ed723a7bcc1d67a2383a6daccb169fd11a77a2082e4fafded8fd5354340ee7cd",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d8470fef-6cf6-4711-85b4-60015f19a68e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "508ba3f6332338a8644dddece3d97cc96ecf2df077781840c1a92e588eb27fdf9da1a0e36067526f75379a546535808593ed859ce3b695f74baf64d47aaf1454",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "221fdd39-0266-4430-bf21-1307fa7b9ea8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "768:6CQxrOwkNsoxG0BaQBxcp3s7j6TagmDf7Mm2IFm:6ppOPNDDBxtfDf7b2IFm",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "0b00f404-393e-42cd-bf25-ec97e0b61577"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--14b7ac86-f365-4e4b-ac83-cff6b629a56d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:33.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:33.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".debug_abbrev",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ad5dd5c9-769a-4072-acf2-25c69bbe5d2c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "2769000d-290f-45cf-9a03-4785a274184b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "7226",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e98aa91c-27e2-4be3-b677-eff829c51519"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "4.8066037375965",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "57f89db9-c760-453b-ac1a-7cae8acad9b4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "5d00ec694ac2134234c8bc7467578dbf",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "71a516ba-e067-4e7a-bb79-119f32402b80"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "c5a863fe1dde9cd0d8e9eeff732e2ce44da5d57f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ac98940c-6c23-4398-9c32-794a8b2d007b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "4ac1ddcde0ddc657785a41acbf30ab2becc1ca9798c6020285a644be9c2414a5",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "021d9fda-6145-41ac-96bf-0598bb58143a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "840312df1852fa7af72d282db2666bbd9e896fde09d6711146274872c587c1f7d3b86e7c00212d68a556e44e775492bd4bfe63351bc19d7206ece04709506cc3",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c0371e8d-02ed-4ac8-bf8e-389b38948373"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "192:Jlf9eNOHMASpEbN9thLYs/HcmE9tau/isU+1N1glf5K38a85EZmsZj+DopVNCClw:JlOvST9PcklxFZE8GbK",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "9779d517-4a90-4b8f-ab33-fa9787602576"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--92326210-9571-44a8-ba88-4ad34b339337",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:34.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:34.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".debug_line",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7257058a-e68e-4720-996d-1890f19be2aa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "687e15fc-c826-4696-836c-712b052ac6d8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "18273",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "843e622f-dc93-4fb6-9a9c-5efc5196edab"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "5.50868915771",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "efef6446-f2fd-4879-894c-639c73dfef6f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "42239062c8f83996d972d4f2a774aeaf",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "22b6deb0-0d9e-4d8a-9fdb-e16b2ea5dafb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "d5699ba3a7bf79d5274757ec1c7b4c6a029c3833",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "df65707a-fe55-4c5b-b593-af242e90de08"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "f152dfc267191bb3ff64806412541af38c083eec6ab7a91a0d214ef8c0af6ad6",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ba61b3cb-5823-47e7-b17e-7a804f171263"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "b3d14782c2794020d1e19ce1d263971c90e06afc20b2f0442afbb3639cf0f9fe6cf4a6c39c3744e5f1980092588fa2849d9aa179e1dde6643597a76fb00d0d7e",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "7aca66ef-1668-4a3c-a546-2f24e0d3bc64"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "384:T1KBLtqwww+o+wAY1ZfjmoElYdo3rWdKd9umqDAroqnIe:Zwswww+o2Y7JwYd8CAnuFErDnx",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "84ec6a23-43a4-4ee6-85c2-416a5add3193"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--85a572df-42d4-40a0-bd36-e132c4c83790",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:34.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:34.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".debug_str",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "49b3293f-e19c-42b5-a067-db8bd6a5d0ae"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a51a8465-bb25-4e0a-ac70-f4f2650766bc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "MERGE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "28cf549a-7767-44e3-96c5-01031af6cd6e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "flag",
|
|
|
|
"value": "STRINGS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "473eca9e-df76-46b8-82c0-d549c6ebf3ba"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "8151",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f3363f67-6e2c-424c-9c2c-1d35ccb6a1d7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "5.1679424031838",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "58c350e6-fa43-4c84-9d37-55fa458c7ac0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "4f6ed43c0bc1d482aa562f3517fc5893",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6778f576-7e73-4b67-a4c2-be83ba6d87b1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "db6795da93c7ec68d3b40d74c6763270fb3c8490",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "09caac13-44dc-4b83-a231-3c9899afcd8e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "c780118a92c61e5a72063b2faeb0f0367dc1a654cae01072f5c8c9c71ef96287",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "9455d959-0da9-4d48-843c-b9c4bf6ede19"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "528cf96cce18a2311836ff31dc4e00a73bdf3c908dcc12a0a8f36b6fe281f144c3c29e7e97228629fd2e9284c388ab1cff750b3af2aca19d98a72c231a5b825e",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "e900271f-2da6-47c8-bde2-7ecf134db872"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "192:TTRjmgBBg/WIDbEq1CalgHykkXXQ+MpovANYBj+nl:P5XEl4SFXXpSmCYR8",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "3e2e8adc-cc90-49f9-8042-0d41db3da167"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5017c265-1aa5-4da9-ac98-f6a822ce6c42",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:34.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:34.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".debug_loc",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "846a7d86-f26a-4ad1-9735-a45aeb77a0bd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "ed0e7406-730a-4294-b194-7e20ff7faca4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "41324",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3a1ae2cf-6e1b-481a-abb2-6b58607da329"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "2.7911258913065",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "77505c7f-29d9-41f9-ae50-26d2df7daf3a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "75c826b91edea0f0bf83ff807f4ddeeb",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "a7e10f07-ec92-491f-a3a0-50e586bd4b41"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "7a17069df1dd38cafeebbf8ea769f303a11656bb",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2eb23ad1-0511-4aec-993c-386565960dcb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "c70288a77b2acfbaa35000491b8736ab70743f9ee9f2e0556ca2702d19a3544e",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "f22cda54-fa81-4b96-aa59-15ded4bfebb0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "c55ae7bf38bdccfe6200be878b8d0adabe7fc86d2ce1844fc2fe043adcc9b45dc6edadd8c73011d3e68234b4cd3911a22a077dc23ee7424a5f01f066198a2686",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "6cb78f0b-a360-4c70-8f2e-9f0507fefb19"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "384:gah+ixHUA2JyWngl4+3pdIeRt8jXugN/lANhqTNwLzG1gtHIHbnk8c:gahbxHMJyWmdIqOXugNeNRLzG1/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "8d38d03a-e4ac-46c0-bc4a-afafa7612f9a"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--20c26b05-2d9c-481b-abc5-ac467675157b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:34.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:34.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".debug_ranges",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a1421ab9-6145-48f7-94ab-2cb65a9fab43"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "PROGBITS",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "fadc84d3-8ee0-4517-b333-d9bd25311535"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "4192",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "0a3586b9-c522-4bf6-a601-14fb47becd80"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "1.9426792068377",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "fc93bf03-e938-406c-b5b5-48809639043e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "b6ade8eb0c9af365f6abe8aee7703680",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "0aef7613-566d-4940-a4e6-5a311799ce7a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "e1648face620c760d64ed3f92ffbef8253cbb12f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "5c73838a-a1c0-4bc7-838d-77b385b03aeb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "9d3264bb78a7342b1f0d5b6e54c3e727a07af5b6b3455f45b94c0e24b50055a2",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "2b42b78b-650a-47a6-9578-f0bfe8f73c2e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "2aa3305906824e493bc11d2361b2c8591d1bdfe124b6b7c6576b04c031a26135ab1b80cb1757a53a5bf94ff0d09841401fab389f78d74f691d44471087475cc2",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "e9e6ece1-3f7a-4405-b123-420aea21052d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "48:UvXGHmmdFY4MpIOECv4DXDXDYpOF3mmtv5IO+AH275MD2drLy:UeHmmd6lE04DXDXDrF3mmtvV07Bd",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "39fed865-44e8-4d9e-9e49-2b009eeba92d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--fbd07bfb-4432-45f0-b117-169e3c1b30c0",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:34.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:34.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".symtab",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "37d2e13e-16a2-49ef-b1e8-f50becd82b1a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "SYMTAB",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "b9a9d717-0c46-4e43-8ade-c1cc53ae06f5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "58632",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "81b6986b-6f1f-4b06-8877-ad6141dc8113"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "3.2704167968698",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "298a6f62-059b-4e1b-bd1b-e890c9f97fb0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "ebc7ccebf350980919d1dc66f337b7cc",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "0c54fc40-2bb3-4e94-b33d-f8fd29a39f1e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "306412c77c1b4e74e4054e41ea1407c8fae327ab",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "bbd07dbc-2e46-4ace-a90b-965e7742b032"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "a99f6690c57912ee9b50a824677a0e73a33fe89e81178f1c341ba4cc5c734baa",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "0e9fd7b8-ee8e-4738-bfd3-d01189edc185"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "cded297ea05912e5cc7bd10375068648289a3476ce8f6de94b9acb8df41739362ae0da6ce1460c3de72f43389d44ecd068a9781ea48fe9548028e710648a83b4",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "8a227579-6196-4cf0-b367-60f9111454f9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "768:KSjjf7mk7Az7zEi7vay56R9mnExbIOH5vRBmQDN:vP7NAz7ggdc6ExbIWpBvD",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c05f7bdf-9f85-404e-88bf-99f5b020d59c"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--22b34d51-5a31-483b-af3a-3e8e1957236e",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:34.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:34.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".strtab",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "e4ecca63-6afd-4a29-a818-9b1778134067"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "STRTAB",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "12fddd86-ce4c-4ee7-b81e-61300add3bfa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "31843",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6a978f01-c18a-466d-9f30-422a5482c788"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "4.6314982295082",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5c517924-b71b-4cb3-84ae-03992f37d830"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "2b6c9a19e7d219bf597c1fdbf0c5a8fe",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "d3f18327-5e24-47fe-a3ac-953ed921226f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "86c5f200ef1779f5ca0e498f5fccefbfdfd776c1",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "070b41ac-08c9-478e-8966-2b9c93dabdae"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "c4a486864a5d0de1ef945f7ac7319c18b263a8c21bb512961425898911b8f78f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "9f04cd80-f9b3-4725-926e-b37770d1093e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "a28514f9a00d95cd900598ca058de38e2f58f52885c7ed5e9b33464c70afe77e6e5e005d157f16612dc42453599282762fb9705dc22e7565ea70a31079f167c3",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "e4876d6a-aae9-4c58-a9c2-61435f9cde4a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "768:EKrlWymHu/gARHNlByMDvnikLTB/nAhs2Xy2zDptDvpMimWycITFE+14zsk2zQFT:EKEycAHNKMDvikos2VltKiXTITv4zUQ9",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c783b56f-49b8-4633-ae0a-8d4f2d176a29"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--38e7e306-4dfb-4a52-b44c-03e0e3eadeef",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:34.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:34.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf-section\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "name",
|
|
|
|
"value": ".shstrtab",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "1d21e0d6-1870-45ef-9a59-035137d43187"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "STRTAB",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a8cc3210-8872-498c-963b-5ea7ade732af"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "size-in-bytes",
|
|
|
|
"object_relation": "size-in-bytes",
|
|
|
|
"value": "385",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5deb0fa4-9f1b-43e3-b37a-ccb8fefb1260"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "float",
|
|
|
|
"object_relation": "entropy",
|
|
|
|
"value": "4.317008081308",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "460740f2-0171-42ab-aae2-ba6171f86c56"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "md5",
|
|
|
|
"object_relation": "md5",
|
|
|
|
"value": "85d1eb6d1e5b292a34cb5cf172d13e4f",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "440f4599-4248-4ddf-9369-837bcb6a9995"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha1",
|
|
|
|
"object_relation": "sha1",
|
|
|
|
"value": "7709ffafc8174f3690dc3a4799618dbac4489416",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "b1e2f9d7-b608-4c2d-a9db-32fe67876387"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha256",
|
|
|
|
"object_relation": "sha256",
|
|
|
|
"value": "599c752bae6979fba10a5bd6241df6eb52ef5856593571aacf0e376906f00d40",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "c2543f0b-1826-48fd-beb7-c3c63be017f3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "sha512",
|
|
|
|
"object_relation": "sha512",
|
|
|
|
"value": "aad752254ff78edd1435e42187b747862618454cac5bb5d9567386d55f9e9165df9c3fd00afec1621c41ca95c8592404fce1ec76b968d38e767dfc587375e3d1",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "f7277bb5-6ab0-4ddb-8460-7d0ea8266490"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ssdeep",
|
|
|
|
"object_relation": "ssdeep",
|
|
|
|
"value": "12:IELkxo84O6OvXdRAJWlRWi77Iptxh8hc+:X6oujAs7Boph8z",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"to_ids": true,
|
|
|
|
"uuid": "ba659e99-dba6-46ca-ab24-c0d5fbbd939c"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf-section"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"elf\"",
|
|
|
|
"misp:meta-category=\"file\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "type",
|
|
|
|
"value": "EXECUTABLE",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6c2b815f-ebdd-44f3-9504-1403a589d89f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "entrypoint-address",
|
|
|
|
"value": "4201888",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f461100c-e207-474c-a2ae-203e8c77d11c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "arch",
|
|
|
|
"value": "x86_64",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6a2bb75a-9393-4b20-b71d-4c3109b7e6d3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "os_abi",
|
|
|
|
"value": "LINUX",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "acf49386-9bc2-4471-8b61-f7d08855991f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "counter",
|
|
|
|
"object_relation": "number-sections",
|
|
|
|
"value": "36",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "4bbf4e67-f38c-47ca-937e-0f64bbd35168"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "file",
|
|
|
|
"x_misp_name": "elf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--ecac3d0b-9083-48ec-b768-6c4931bda03f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8392208ccce589326e3c72b6a80cfd1d' AND file:hashes.SHA1 = 'd532edd89facd147c341a81cb1b8c363c73eb0ae' AND file:hashes.SHA256 = '40ea141f04339799df7f98732e7f3c6b4591b86d0e3a924dff22c40304995e4f' AND file:hashes.SHA512 = 'c9cb45f1ef8feb8be6f9d458a1c94a65fc075435c4c312750fb1ba9180095ebe7dfb5a020130d249f00fa59172eea546ccdb0d4737545a36f3bc3b29f47ddb4f' AND file:hashes.SSDEEP = '12288:9UkkhE6pENVm/jwzAtRfYjz09InxIkLkByyyAI05AmRUAmxVSpVWq5ko3VlQQIM:2km/jwzAt5koInxIb6mRXm47F3Vl3' AND file:name = '40ea141f04339799df7f98732e7f3c6b4591b86d0e3a924dff22c40304995e4f' AND file:size = '1182192' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAPFyPFQgbKj1YTMHAPAJEgAgABwAODM5MjIwOGNjY2U1ODkzMjZlM2M3MmI2YTgwY2ZkMWRVVAkAA2b882Fm/PNhdXgLAAEEIQAAAAQhAAAAASNSs+FUfQPfc7hv4705dIOp/l9v7opV/KDM0hleSy/LH6sUIDEUPfCLTOVByvJEB24EKQeSRTBrlv9F6AHPjFERFxdiYYc9D2PtsMxSWIwk4s+QWAJSru2FU3nhacFSKeMtdYAZFU3Zq62qj8LDpbtkJDtS2XyRmFXzf6zRWjFx1m+kleWJUnwunUlM5zDdLD00BaGVHgnUfL6vXCIeKs+7Q51tVIWkx8ldwe64lK6eB2yW3iQzSfLWpJK+yvVQLonpCAM8DJuByggQ1Atio2cehqpLG41mIdZ4Vo3cWNgv2j/0yvX24SJVIffShjeXN/7qIRmq7vtowSfsbkE7kyF44CRHiVe4zZO0jd4s9fFgpmaphnruLl/umtpNkfH4XlFhdvyicX2hoiv7QKsM1KLnXzveVVJ9EBrxAFgwOeAgJ4uChC1SlyrjoZyaH2C8f8tvtjvjKWgjVZ3XTU2GhROlh75gFaa7guiLKFVPeleFKvweh0tRslCgztdvb8ONOPfvNQXmQyR2VXY6i/WjzeUCKyd05ZdnBtMyvP3VnfAeUQCIaYwxVDEKS1897h7XTkk6kyN4kaikelCoGyxmkfCnBt36RfiPd5nX0lGSRHyBpMckAllSeg4iKK3MwqTLrpMWA7umEy04DvdhxwyNuiIalkGmX9w7EoQvPbEhumgfWHXO3C6t8wa1AWEIE5a2+gPk8ozGI8ChcdMekcuH0fm3TxGxrcuJaBYqgXwIHEHm0LLwIcaX9rJDi6rNFTa0JacaiTgT+6VKSQFVKxcR5rm7b+KHKZ63F/pacIDBGgdstHjb8xu7Oj4Hvsz68Uyy17VDRNKhiA77Z0T8hpOyJ18ecoLWfgCTHQbvls4fQCIyAL2d7oOIg+hvqXR9pQuDCsqgzcEwT6mFS/jDx31+clGFNXYXmHk+NsZVwq/dXDjuiTNlNL4L+03F7eREmB8a0dpM6LmUuany1SlaLtrLnfVVhH1GgOv3bLhfINqQDYoiO1McwHqspHobSQciB5u8hHx9xmeFL5KbjKYnCBzWsJ7To2f19i2jY4Jq9R5v0I1sHidW2PWdwdLVm2kdMXRhAW6XnEDG7wG7diZXS5ZyM5cTk4qgjh8obRlFu2CkgJDM2fN8xCDGgKmqNdVC17a2SGYhh5s2Nx4YiVFdOhx6aF4uU93bPV6ekH4L8dT7eeEc8LOFsppKGi86GIBqAfmfNBRKST7PUlOMiox+oLepyumcD/U+kqYtrxPdFXQf/jNQO+u9p3ndOA33Zoj5C4IHAmcPbb7T8PyCqxsS2aKgY7DO4oBEbI1wWw/S8ypaIWyxbWTYOg9+8JVF0YxOhNdY6YqnpQHX6QMpuVYPh6jmH5U7S3Q3AjclbjBn7dhdQqGfs8bApM9uCowcENR1i0qdk6zc6s8lOu/SmChnKC7tH6NsznS4YLSZ/wt05GS6dcrfqrb18Km+6x03L+uE5Au30mriRid9/YLzOgEGUOpU6Wkb89u/WT6r7D1uihVrQ5/wUskFv7q8rAGtXSeKP82+UrInfHsQ/DzBdWRoDkB62+B8BaBu7zoZY6+td451smBwVEb+sZ34w0kmIDFc+ChRGB6SookqMNebKgXnXNdTHu2dCci8xJHJr8jClwT5ayrH7npNdn1Lqa3cXDzFYDV1s7unV/dUrG+1KXGmFPG2QM87npONvjES2g44jya75ur9FIxgFV4TNQz8+FANQ2eGC/ZiIpEkA8+pTp/E+KkCSJtAPcIZ68NypBG+HaTniCnOFitTUJp8lURsRmNSUVu3VhxIDRhFse3oumOg+SFWtYbc9aeKptE1fJzo0Yp9q2Lw78Snmodkf4d3OMWOH0a5gcqwoGrInX2QIbCOaQUbUEO0dCzRJbdMSXAluIimkjVX4qonxhXkbYCgGkwl/CoyVl7XNywqX/GT086ilQGVU0XX8VhosyrtM3K6ofTv0kAqyFuvdaQmkXi6dj2fIsxvAj3B2UfydfKjrP0kHn9cYnWjDFvvbLL5PkJi5Aujf6wZUyncDBe+/g24wu61k4Px6uZ4tHL2HrGsUIwSvkSoGQeEFJoFub2weFWXZP3SEDPTfgYAxw8pgocJx49Sa09XZl3NB7AkIDJoHAkPT4DtEHakq1ia23xyWZ0jWp9E94isTIWxZ1Gh2iduZ8x0ZzIW6KgJuYQI57XjkB8JhU6SnqMIkczM/0E92Gp8RCfxdsSn2UUjBe236MVZt5MZyoHAHKAm6/iad/HoD9wTUFmPO9CEi2rwqbyk1V+kW8V21DOot54H4ab4ucZq/eXWg/2S3cIp5ZMRkHE+ANAUNmS5WMqcjHTwhr5HqkE50ISqtkN38PVksG1kBW3dZpWuo4KdS+KBpI4fu3oN/Y0wBIg+XmxmVTFXV3tqYXC9fdrPA4wj4tgCRUC+KkTLkbmmuZnNqUqbi9PzPFHk1IhfNhfZUg//Arl7rfqz9G61dS1k6vTprOdZiGqjrWxbBv7gmJoSiZoa+rUqlEcH7siFOgqBTuGUmPTmvMzBqkIz3QXuz/hRzlfwa2xKo4iLhugMtf5DebwKt8Plubo+j8iFr+GQVPvYSvbCP5db0bxh3iIZUhEwIAYSzF7ngOTK4ZakWJVsnYZGvUubQR+fJIHZ9+nJUVkyeTq/Jgyj+p7Uuk7QncD+lBl0ut4KcGaP5j4TjeYimc06+m898NqtaB6TJb/sFfNAt8P8Rcs8MuYoE6ghL8r5s7ubMBJfAQsGvbWnxNzXi4zwV90IO/C1RNTBSz+4eaN6O19PedyGQJpvAdHXnyL1FaDoYEmvECkEzGolf0rn39eND5F+BcRxI/GPq3/8Je1lXkTTwa7d/361t/8IOmNcd6wHLq2MRh36rYNuHKbB1YM+2togikOA/a3ER1b2eVO/dIZB90Jm122QD5TSqJr6tZELcPuKHQoZ5kK48Sy24twfJvjoPpO6bolVCn9K9Hq8zUCod8jkwMIH63Le0P8y8lxhQlLg+rNwtjA/v851qSUP/RJSivlITsOTMR8TFrbMVH/pEtUSESZ1TyjIazFgPfcmU8qRQiV2eHkgjgUtQdAuPPvLGGhsvXQnnZoap4kgsiKpM2no3VR/cvRNghf9ZqlI5gptPQvm8VGgNEOF+aDMlJA4fU/BYiexeNGzm6lo44++DB6V9icivVLVXnX/TgTp3pEjXK8jeimCxHBNYW7EecFEKInzg628xIa2+jbo1sc7WyBvawyxehXVSVFLO9zXyAqRlKsOfMngVkH56Bu08I5J/mka3N/K1J9xg8r7FHjqq7hxQUyTPTilGm418z
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2022-01-28T14:23:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--f59db50e-b725-48ea-85bd-90baee6779ba",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2022-01-28T14:25:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:25:35.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'teknowmuzical.top' AND domain-name:resolves_to_refs[*].value = '37.49.229.172']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2022-01-28T14:25:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "network"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"domain-ip\"",
|
|
|
|
"misp:meta-category=\"network\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--ae751f13-c2a1-4e07-8e78-4a62cb0ac633",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--14c643f9-c048-4601-b355-4101d32e721d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--86d6c305-06bd-4987-a4ec-fb140101c405",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--6d288686-4691-4554-afdb-d06cbc07136b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--32136995-36af-4e36-9457-ee3015a24b0e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--620c41d2-3464-44e1-9cc4-ac26810a471d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--91243939-fbdc-41f2-b49e-61c8b500b1f3",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--c2f0df16-1c9f-4aee-9bd0-c28f8e7dc46b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--bf60871c-03a7-49a7-b395-69489305a5eb",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--7ae73141-0fe0-468b-a637-048283310d7c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--a61b8770-b406-460b-ae23-689995db7c07",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--605fb316-826f-4791-8595-462693a9c897"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--12b204f4-3010-4c25-a700-1d5fa5cf8caa",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--d89db1f3-12a7-406c-b60a-407b435ff6f9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--897ef24b-0a20-4250-95d8-ef144665a27e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--5b967d2c-daa7-457a-892e-e6eb46927b02"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--f6393ff4-3275-4bbc-9ede-4a55c345dc60",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--b96b81c1-c42b-4b21-b55e-ae110dcef254"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--e78a4923-43be-4830-88fe-e3e3757bafb2",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--37324a84-f710-4d2b-b579-037be8400fd8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--cc5673f3-a2e5-49c9-8d0f-577593273d06",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--9ef9d811-89d5-4acb-bdd3-8ceff6f2e3f1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--d53bb1aa-b6d7-43e2-96a2-fb8a6dff0504",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--2b76c945-728a-4b11-bcae-4ca9dcfc9b1d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--f03a8b71-403d-46fb-937f-93cd637badd2",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--2c752589-0653-4e0e-a6ee-0041b4454897"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--e779fa46-ad37-42f2-ac9b-6c3d3df1c620",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--e3b993ab-3058-409e-81c8-efc495bfddaa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--fcfa9be3-87cc-45a1-9d2c-6f2176afd92d",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--1893302e-a4f7-4e28-a8d0-7556e6567756"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--635e8ec7-e82b-4263-ae63-0ef96d8ac3d2",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--dad3f610-d76c-4361-bb4d-41781cad97fd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--8c6600e7-c387-4860-b993-ac2761544a60",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--0af6fe82-6f45-40e0-b0f3-2168a9043770"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--271e3725-8542-4ddb-abd1-b6a26660da21",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--d29a7e9e-d334-4ca9-8d95-1f25cf320b85"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--72372d75-382a-472f-8627-6c949f0b9b81",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--eda4b8fa-1906-4263-b685-77c79b9a494b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--049662c6-2f76-43d5-9db8-1c007760c9a1",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--3cf774f3-432c-4dab-b9a9-5ee8a5c7bf02"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--5100fb4b-e6be-4493-b16f-602f51c37081",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--3cc99722-ce57-4202-be55-fb8b973c88f3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--82ff9cc9-ae5c-47e2-b191-a7e2b9e933c4",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--083c2484-551f-41ce-ad0e-5dc89744fdd6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--79a47f91-a8f3-445c-8e55-19cb06e7c11c",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--9ddc2aa3-59cd-4611-829d-6b0f9f82b99c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--0dc919d0-5032-49ac-bdc7-327735e293ee",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--f58ab9c8-011c-478a-af44-61d68d02930a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--1e7c7361-545b-4912-8883-80cb54de8425",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--3d1434a9-7510-4777-9bf3-d9ddeebf09c2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--2e675c20-b3ea-4334-9528-8d6e5d8dd6c8",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--f705c834-81fb-47f4-8938-85072ade512c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--006475ee-acbb-409c-926b-43234061dc97",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--34066ab4-0ce1-4d8d-ac87-937d1668d164"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--797e59e9-a7db-4f02-b661-e90ff6d182cc",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--89bebe98-9e8c-4987-9ade-80f48c2086aa"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--8b31456b-ea31-41fc-9bf3-9047098c78ea",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--142feb3d-6177-4bc7-9716-f7dfed0d65be"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--757832a3-3e46-4519-8878-ef4607522296",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--159d2cc9-3205-4a2d-8aa3-5efa0389395e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--df894017-9c10-407f-97ec-69dd4a3ab2ca",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--544a4239-ca3b-4d41-8e55-da5a0c40f195"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--f8a1414b-df04-4426-bf69-917193a63b15",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--c2060b89-7937-4fe7-8f27-64813a461fa6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--80427615-e4f2-455f-996c-e345c8471673",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--361e875d-e54a-44b5-b9c7-6a9695705213"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--fca9efa9-cf66-4a01-a28e-04350b1b467f",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--af34567c-3eca-4ef6-a4d2-f47302a26efb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--53b5504f-4b69-4a6b-b1dc-952b8948958a",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--aeabb0d9-b3f6-4097-8bb2-37e335e529c3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--4a7a9ec3-288e-4db0-8f34-bdd732a6a402",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701",
|
|
|
|
"target_ref": "x-misp-object--4c5b90c8-dc4b-4aea-a678-0c6c284676ac"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--1765bab9-a72a-4923-9baf-868586c851a9",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:10:42.000Z",
|
|
|
|
"modified": "2022-01-28T14:10:42.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "indicator--7d7df874-930d-4b20-8c96-af63f55cbd84",
|
|
|
|
"target_ref": "x-misp-object--7a67d6bd-fc19-44ec-8cb2-bf4cab39d701"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--32ec0939-6816-4912-b5ef-4d8b2abd354a",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--332737d8-78a4-43c1-8eea-1672a9c6211e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--657cfa8e-fc84-4f30-8fee-b7e19c4faf53",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--86f548c8-b230-4c9a-b370-ab8c763247a4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--8461f2ea-522a-4942-8a3f-2c0f463e7891",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--6994c40d-0d38-4742-83fa-223ab043ce4f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--888b2883-5d6b-4221-b44f-2c95863c06a5",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--08bdf6a7-c0ca-4804-b0b0-a85fe7e852dd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--b7945768-dbda-4b8a-97c9-7de6cb0bfec5",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--04dc6d5f-9f25-4855-8ca7-724299500296"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--61360dc5-f58f-4e9d-b9a7-519b3c506f94",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--8c4d1d56-076b-43f7-9fd4-a5ab61aef707"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--c7710e5b-9f24-45e3-af7f-962799337384",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--477fe223-252c-4506-99cf-d5b0141824c1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--a10fa365-d3e6-4496-a4d4-0b937a2021f1",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--f6b98e69-863a-453d-b203-4ad6daf96031"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--26a41654-4826-4bb1-b34d-ba45adecf682",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--43f17071-8590-4431-b05a-1ba373f06156"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--e7ba249a-18bc-4878-a55f-9fbf273fc8fc",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--988dae6b-7878-45d3-bb52-3483cfaa90ac"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--3c0586b8-d168-4158-8120-d0e1bf585280",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--ff3dbf25-c91a-4c5e-a307-b09140d1e54d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--b518dd16-44fc-46bf-a5cd-60becbc47885",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--0e101d57-1d90-4076-8374-225d56ec15c6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--94cfc7d8-1605-48d3-820f-6fc7691f7f56",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--388ec59f-5fd6-4ece-b807-951ba9deab10"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--cb85769f-03a7-42ff-9e22-912cdac08d7b",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--95a48a4b-e0cd-4ac8-aa65-1616034ddb4e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--40b7d182-7e00-4006-b401-1d638762bf8a",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--d3d5cf26-3fb5-422a-b09f-bd5608b748b0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--35584e5b-ae29-4978-9fd4-6a27614d9bb6",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--5ae76e6a-5bde-49ff-ae62-7a7a4f52aaa9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--7f2a92d0-8224-4836-bdec-a950690e94b6",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--bb1bfb74-9f6f-4449-b874-a765554cc9eb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--781dff88-aaa7-496d-b4c3-ce5e9c9eda72",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--3f774191-fb1e-457e-9d1c-5bc8ad5454b6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--794f8453-2ee1-48da-8503-108bcba0aea2",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--2d3fc584-84ff-429e-9894-e892146ce7cb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--cc3c2c72-dd0d-4cbb-9f57-f7d462fac5e7",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--22175547-a96b-4ec3-b03f-26f365d45c71"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--143f0cbe-cd14-4760-9d71-78d942251575",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--0cbef961-ea90-4e1f-9f8d-3e4d24f62699"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--73243cf7-a0b8-4167-90f1-8934fb2ddc43",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--05156594-1bb7-41af-b736-267ad8389d64"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--8495c4b0-799f-4587-b0cc-886d04957631",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--0317c886-7db0-4827-a0b8-6dd84576ddb5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--b9d37504-9f5b-47f3-a34a-3315cd38b9cc",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--ad40d950-54f9-4ba6-9616-62ec24267483"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--2d60d128-a961-4881-b046-0985165e8cfb",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--0f049f52-42a6-42aa-b98f-6e2cb4e57fd3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--7dcab6df-e317-4b97-b652-93b50483aec1",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--56143abf-cf39-4a32-b7e1-05145c5f4acf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--d4c0cba5-662a-439c-be7e-86b569182bc4",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--0e9e6b1b-69d5-4188-b72c-2736a564e607"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--a3c8362d-ad32-4de8-8f69-987660a91c75",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--89bc1d5f-370c-4b63-8b0d-614340ef1ddd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--9e33066e-4276-48d9-97dd-a6d254ab098a",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--14b7ac86-f365-4e4b-ac83-cff6b629a56d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--751e63bb-20ce-462f-993b-14701a64dfa1",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--92326210-9571-44a8-ba88-4ad34b339337"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--5d6bd11e-b89a-4a27-9267-3594c436ea3f",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--85a572df-42d4-40a0-bd36-e132c4c83790"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--20be7f29-c54b-431c-8120-f07ef2a73738",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--5017c265-1aa5-4da9-ac98-f6a822ce6c42"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--d565db99-b091-4c5c-8b83-b6dc5662ad6b",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--20c26b05-2d9c-481b-abc5-ac467675157b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--8ea3f316-72de-47c5-bd71-f62c9546df6c",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--fbd07bfb-4432-45f0-b117-169e3c1b30c0"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--60d26a85-b383-4520-977a-88f8d4962de4",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--22b34d51-5a31-483b-af3a-3e8e1957236e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--bd88e1ef-db5a-4630-943a-51f9b8eb88d0",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5",
|
|
|
|
"target_ref": "x-misp-object--38e7e306-4dfb-4a52-b44c-03e0e3eadeef"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-05-19 09:05:37 +00:00
|
|
|
"id": "relationship--6b5f6ca1-f35f-4c2f-950b-c4584894f394",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2022-01-28T14:23:35.000Z",
|
|
|
|
"modified": "2022-01-28T14:23:35.000Z",
|
|
|
|
"relationship_type": "includes",
|
|
|
|
"source_ref": "indicator--ecac3d0b-9083-48ec-b768-6c4931bda03f",
|
|
|
|
"target_ref": "x-misp-object--ddf191cd-db3c-4917-bbc6-be5278589bd5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|