351 lines
709 KiB
JSON
351 lines
709 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5a63182c-6bc4-4774-99d4-04070a00020f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-05-24T09:46:22.000Z",
|
||
|
"modified": "2021-05-24T09:46:22.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5a63182c-6bc4-4774-99d4-04070a00020f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2021-05-24T09:46:22.000Z",
|
||
|
"modified": "2021-05-24T09:46:22.000Z",
|
||
|
"name": "Malware collected via pastebin",
|
||
|
"published": "2021-05-25T07:17:08Z",
|
||
|
"object_refs": [
|
||
|
"indicator--5a6324f4-2980-446a-aaaa-40ae0a00020f",
|
||
|
"indicator--5a63264f-1494-4ea1-9b45-052c0a00020f",
|
||
|
"indicator--5a63264f-4350-43e6-907f-052c0a00020f",
|
||
|
"indicator--5a63264f-1a8c-4255-bd59-052c0a00020f",
|
||
|
"indicator--5a63264f-e228-4e26-9164-052c0a00020f",
|
||
|
"indicator--5a63264f-a44c-4094-87ae-052c0a00020f",
|
||
|
"indicator--5a64bc13-2c60-4926-8c63-b232950d210f",
|
||
|
"observed-data--5a64bc01-e6a0-4c63-bac7-3bb1950d210f",
|
||
|
"url--5a64bc01-e6a0-4c63-bac7-3bb1950d210f",
|
||
|
"indicator--4bde24be-c45a-46a7-9bb4-2132e7d55349",
|
||
|
"x-misp-object--5a631973-1f04-4b1c-8357-04070a00020f",
|
||
|
"indicator--c05e8114-9477-413b-9961-d8f65ece230d",
|
||
|
"relationship--83b1a33b-cc08-4af6-b9d8-b72d1bd71c6b",
|
||
|
"relationship--41cca248-b506-44f9-a340-5dd7bbe55eda"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"ms-caro-malware:malware-type=\"Trojan\"",
|
||
|
"osint:source-type=\"pastie-website\"",
|
||
|
"osint:source-type=\"manual-analysis\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a6324f4-2980-446a-aaaa-40ae0a00020f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-20T11:16:04.000Z",
|
||
|
"modified": "2018-01-20T11:16:04.000Z",
|
||
|
"description": "Binary tried to resolve this",
|
||
|
"pattern": "[domain-name:value = 'spyrat.ddns.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-20T11:16:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a63264f-1494-4ea1-9b45-052c0a00020f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-20T11:21:51.000Z",
|
||
|
"modified": "2018-01-20T11:21:51.000Z",
|
||
|
"pattern": "[mutex:name = '_x_X_UPDATE_X_x_']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-20T11:21:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"mutex\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a63264f-4350-43e6-907f-052c0a00020f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-20T11:21:51.000Z",
|
||
|
"modified": "2018-01-20T11:21:51.000Z",
|
||
|
"pattern": "[mutex:name = '_x_X_PASSWORDLIST_X_x_']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-20T11:21:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"mutex\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a63264f-1a8c-4255-bd59-052c0a00020f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-20T11:21:51.000Z",
|
||
|
"modified": "2018-01-20T11:21:51.000Z",
|
||
|
"pattern": "[mutex:name = '_x_X_BLOCKMOUSE_X_x_']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-20T11:21:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"mutex\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a63264f-e228-4e26-9164-052c0a00020f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-20T11:21:51.000Z",
|
||
|
"modified": "2018-01-20T11:21:51.000Z",
|
||
|
"pattern": "[mutex:name = '***MUTEX***']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-20T11:21:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"mutex\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a63264f-a44c-4094-87ae-052c0a00020f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-20T11:21:51.000Z",
|
||
|
"modified": "2018-01-20T11:21:51.000Z",
|
||
|
"pattern": "[mutex:name = '***MUTEX***_SAIR']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-20T11:21:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"mutex\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a64bc13-2c60-4926-8c63-b232950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-21T16:13:07.000Z",
|
||
|
"modified": "2018-01-21T16:13:07.000Z",
|
||
|
"pattern": "[url:value = 'https://bahrainwatch.org/blog/2013/01/15/hacked-website-java-vulnerability-used-to-target-uae-activist-with-spyware/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-21T16:13:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Antivirus detection"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"Antivirus detection\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a64bc01-e6a0-4c63-bac7-3bb1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-06-01T06:22:20.000Z",
|
||
|
"modified": "2018-06-01T06:22:20.000Z",
|
||
|
"first_observed": "2018-06-01T06:22:20Z",
|
||
|
"last_observed": "2018-06-01T06:22:20Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5a64bc01-e6a0-4c63-bac7-3bb1950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"Antivirus detection\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5a64bc01-e6a0-4c63-bac7-3bb1950d210f",
|
||
|
"value": "https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=625"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4bde24be-c45a-46a7-9bb4-2132e7d55349",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-20T11:16:36.000Z",
|
||
|
"modified": "2018-01-20T11:16:36.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'f846b2cfa37a5b5e9ea1208b597796fa' AND file:hashes.SHA1 = 'ccfd4fd905bc9828fd528097acfbd29211d88f09' AND file:hashes.SHA256 = '18e2c163a1f275cc65ec1759bd1b5a44569d88c93025faab1c1d915bb4cf48b5' AND file:hashes.SHA512 = 'f1bb0b9b03eadcfb5c6e98fc1d20ec824a2a70354e83059120c73a412d0e84a219aaf12d96d1dbf71d0982c94068b01f37f22f835b66f7e833a74e609f9d4466' AND file:hashes.SSDEEP = '6144:zk4qm3IP3Ml6gDLTG3163kzHa5KK9RGLXnY2UrtfA6BxFPeiM93I3:I9zdgDLTtT5JLNbrt46B7e' AND file:name = 'dump' AND file:size = '282624' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIANNSNEzO1LiWJygEAABQBAAgABwAZjg0NmIyY2ZhMzdhNWI1ZTllYTEyMDhiNTk3Nzk2ZmFVVAkAA20YY1ptGGNadXgLAAEEIQAAAAQhAAAA5Q52+cFEakD++C6SWETLHxclxvj/J4s3dwkpvo2rG7mC5paikvhQYUztQU7NfA0XWNo440ZohKXJw1VIwcBzEtvzZfHSrTLshImZUoRls1xuFpRWLOVTCi1U++j0djNIU7F2HXEk6oimO3vnAsBeP6BphEP+bE+0H6zlfIq3FhpBAsZANbKg+zgTNgIeAGJBSmp/GpIbTdc2m4awGgw8py/roa5vJr8G8pwe6JS826De1hwe6VhjuHk6KuzfBKe8iFZu6OIp3XkMQICPq8t5KEch+mvslZqL3HSHubfPyElQkzSPyOXBGUk4GC/UvqDwJ20EcCPgSUUCXicjcclOMcA3smhjiHBDAiG4E41qSLzac8ymSM40q5z/eS86HrArIrTMbwGiJ3bVMIx8941C5wu9y9jxgSEn864roB5tfAIW5g+DCNU70lK0+GqcHs3vcyQnj380zLvemX/8vy/VsuwmD7m70/CfYD85xCJUNaz6TZzqiWIKRPdTGkmNSZDb7h0bSiW5WxxsQrWW/wNy/xBTGgYbRUKyh2PjlYhKn7vq0XLseL5RPS33tSNLYaqmeAWNJfuWb6RngsSEB/hE/mJSioGxFh2WGu66ub4tJmuXqWRVVJi2E0cK65CrfHQkDuk51VFNXIS95v24s/xFEPOQNMsM96MZVOnYUK+DBzKSzMOmb+xzoCNrtWVbUQ1YmlrD6CIx41VOuSn9kYSwMX8/vG3mQhi7wCA49pIb1l0jYFu5STOr4k5MGNsjjRvJ+NiAk35URWJE9zcDuTQnnC4O/aw/gMV/EqD2u8x2RBQ2bsmqvftwvr/Dg4ikOme0Tam4Kwkis9xxFO1i1S8R7xZK/TtXOkO1PsNjw5UORhF91UvmYsQ7IRI9mzS2WposRznUaRIA54WOgt7sR3uJxinEZ7CBDl/Lw8lMMWVMm4F6foz5F77ERt4K+R6tiGERPLQgeYLWg9SkJ/+OL7kR9Z/ISWQe0oeCN3NVUQjIs+ZBVVHUAFbxaMeAXtNTobYz8Z7tJljqMvqn6NxX9U+yIyT9qEzPQpuLVVk/v69fCqPIa7bbZD5CQXL3TGbiyT68AO45oE6mNybXK+Le4yhzbnhdc4zy3lKNVaXLx4FUhL0WE09tBWUqnyYaSj4G71rVhY3RgtF1peoXBvWhrLsZAFb9AiEBnX3MMd91R6ZqGRPPs8kNg5ekvvSvjGpSL0irmL1DVBl2r4NjU7Rg++quPUT/1YCvOZx322XZOuIwn2CVpQS0breoAn5vU6k5PwqFWCLfNtrh9vLYFA1cj5XCQvxfFOMrRgMx1EYnj5Spkfkb1QkItE8M91gOqbLqLaFb4ErYuwU5zzE4w6QbSE2j7Wg44vOxAu1nP8i4BhEKaqde6ucZAZ2kAum9TmX9HsMrcT80Ku2dhB3KnAZclhVFf/+vB9TRnQSyjPw9F8ew71Yhtb761Tx7gl0pqL/NqjbJg+T5RMSvbAxAjg/aSjjvBcoDglOQiqstE7PBOOJc2EnCHkJbDeHAjAYvESOgpinKvgqt1ZosGfHmXwnd4Q91bOnW11m22wgRsW27KK+IVa1kMSNVKBIa5BUPLxjMKm0nxUkhSsTW3HDrjSems7IA5Kg5RleXC6b4fZsWBU0urwvh8wNTu/KDzfkWZEyj2baWoxCygGmmmOFPwBcHfkHQEBqYo7MPICkgmOrontcP7vzEgpoNl5MHIXFfjBhiVY9OXLPxlZqPra6dE8+SLjHU/VHu2bDh1TwMK0sQlJ5bxrPYnTbDpt9I3e+gEw2/kOJcKsrzawpWe24rEW0crY/Xde3IZCTMOE4vKokGuD6lj3qgqClFjM8033YUk5Zv0HybqWKUDsm7Vof3ZG9Xk7dIvMN+1j3hCOmy1VNjzAu2R70N/C+/zYVi8A8zTfsRseDpyYaE/SfgVI824ZHUcD+pRdwPQ4UsPCHB8GHpkN7K6qYz3Q556mLxDFbZFxye/1tpsp7ALe1EJAtmzsZGebLoqnv8vYk1700C1rSzMIgbXAMH+WiiKPs98x+THB8zaiNMJs+r5npjCuJUxwq2mtIVFjrwg9V+rK/GpjBxOsBMtayZzamXjN0KM/gvKp0yFd6+ScWTbq+wR6MZjmkV7XZePtk4lNls/Dgtui8bkKg9OOvdJ6jeX/sH3xOse0myOqMDpqUiTLE14kg54q39CRm9+8QGjvCNf+Pyv7OPs0TRv5cKECVYHwv0vBA//fQT8IH4QudrswYfiomrlx7Rv27VcS2bfjZfrDtJaY/StRFHzRPDDWN05sfSugQGcLpiIcY/buY5tv6v0Wpiwa1EzitgAmhz1gdYUCTRRPhsO1YvlrrrI2KbH/GCAmmC+BzRgnXobfg8XZkPmasszR4X0nauIBletFesTw4u0VsYbLs9jpR9dLwd2spskI1KAFDid+bvoTThfoR6XuLBR8HCjsDzDayLzRvMqgB1/XdavGGGeYc0Afsm18GLNro/uM31FqNCIqF9oGehExsEqSUvPNMxOxutdBqmqShv3eWVeyomI1Av7oGuyvZBtB6CdNP11oR+OKujRGeL2P7rjH0ArTSPfxOxtHJ/ppT89A9zEv4n3c8SAVZVioOylYvmSOY3QVjiXDcGrpddmJ2GALAWA+kT8rVc+N6ZxmtcxqUnTfaO2/uDdwWSfy3hqgK4pQCjGYdqTpcc0HWCXSbAs4wxAVZFVGxJW53mhrnIkOq4RGbGBQ7cAkeAw1MIfOwQkYlZvAFy5uZXL7ctNLBDeCunDnJBejDxg5wkRza8OTSrNFsgk9hh24/vESsqWV6aVf8fTUZhpARZv/zpWwjGq92Yc7Vq2oCyV5swV+yPyuqCEbRL9TDnQ5xTerIAcGAo6LI9DoejH/TfKTY+ezPjW+3VbyFJSlGDFIg+8yS3FU523sDpU9Kpwdso1H+vzAI7XaGZi196oREMRu4nthU4cZhydgiah/8nqsJAkXSq0Qd5TloztJuqRx1oMvXtjKQGp3vNJ4OBtDYr7SOgz4FHNXicQ3+jEqopFmyzgkH/6AjdV1KXIt/azgGlNJjJX86+o2TzULxLqELFa1j2hncs0F5br13apeuut8HamFbKjUFcnyCQcuH5XOsjLHDw9xE5jnHGNf0D13jwQDM/eINb7MHkMxcO7i0An5k5azux7WcZbuok7D2hBnz7OgITniFHcLOLA4QQu9j0H8S/ynX7PH3roFqVNdWPdX1FNUls/Fk3ZXpP/v5F7Gxs2kYeUvJA6/CeWPypsB24JG0LkG+WciMUT/z4sd0iD5d+Qc73kgY5ylLsMo1dNjTFu0FjziWtPe3o7ctnxcChPmU7f/f/ISM1dEi2PK/8gfSSKc3ne56cfUewEgoN/ibyYQFHnYxLW6s9i
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-20T11:16:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--5a631973-1f04-4b1c-8357-04070a00020f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-06-01T06:22:09.000Z",
|
||
|
"modified": "2018-06-01T06:22:09.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"paste\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "origin",
|
||
|
"value": "pastebin.com_pro",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a631973-f38c-47ea-bfdd-04070a00020f"
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"object_relation": "url",
|
||
|
"value": "https://pastebin.com/eMtm4Nxg",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "5a631973-5000-4180-8ca8-04070a00020f"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-seen",
|
||
|
"value": "2017-12-01T00:00:00",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a631973-2cd4-4696-83a3-04070a00020f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "paste"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c05e8114-9477-413b-9961-d8f65ece230d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-20T11:16:51.000Z",
|
||
|
"modified": "2018-01-20T11:16:51.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '39e762098466d4694d0bdc78aa2063c3' AND file:hashes.SHA1 = '33fec8df554c636bf2ef5c7cc2f9c7d2b7496b63' AND file:hashes.SHA256 = 'd9cb958f223912ff5462c3d3bea46ff58b1a468f9797094efee5b94ee6824b87' AND file:hashes.SHA512 = '8eaa971a51554d27616f7196d172239d780bcc2e39613b8e1c2b593fbc094dea03c9ca5c1360bec9d0da8aadcb1546e5eb600c5ec97e8c7c2f25ebc9962548a3' AND file:hashes.SSDEEP = '6144:tmcD66R725JGmrpQsK3RD2u270jupCJsCxC:4cD661Z2zkPaCx' AND file:name = 'deupx' AND file:size = '297472' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAB1WNEySAe9/W/QDAACKBAAgABwAMzllNzYyMDk4NDY2ZDQ2OTRkMGJkYzc4YWEyMDYzYzNVVAkAA5keY1qZHmNadXgLAAEEIQAAAAQhAAAAif0qoHeiktKgRbDiJo/6qnuEd5fB3R4ur6idMaaiqZRuvjVguiF1BC26INdAYTPohrKz4HCllbhfCeCdTFukQRylTahVqVncwHssZ/nRTTcQFXQR0iljq6WgmhKga4TgsQ+xs3e+1B6tvB/V9+Y2qaitbkkUl7RIGWbGxOKHINsR3+Cx00HZggslLCPpeq6vJsm1QbnChceJpr63iDLkcbdI6MDoT8tHwuqxWgIuEeMU2yDSEmWQwbobQb9IKGxY58NuEPdBt7XW+qBa/3QWkZbAvzdn7/H7xuudGYeFK73xzpzIywLg/S4Z5OpNCzX3jIa2SeAGipVukBb/ySorPxqheNqc5lSdP50x1kNgPyxY8ct9aVyxqztjHOVLrmhq5RPfgkWFRPOfLmMy8dRXCZAd0j4D+qk1DESuBcZ/+7q09NKfRgV4ku+egahS2MnpBMutUyTH1mDGg93CPoce77bP6DDpi7L0oEhB/na0aSxP9GurgmRSt3pVnx6LvfVB8RAZ6e7wUOIpz1TiStkqs5F3XexLtBqe6O39cx8ETP4lInq/EcvXA5gIQKkp4xEpeq45a/wU00oH8MqtsvTEUj7RbyihO49M7Xxpjl4csQoeAVvgwlHLPo3Xd+lM0YjIgqWVFbWEVnh9SQdPcVlkBKYgkgdjAniMXmUZ/hu0Ip3856XSYEqon+GN57UObLbgOz+LwJzIKwmOacSirVaj6vQAT1PFu1axbNhJSElZMWswQdJ+984uaVSK+mkmLoVICl6hMlob8+NwTq0blpz1AL+7X7DcJaTEqhz+Mxx489VELuxuz/7Hxp0aIdGLDPWopSJVFXq713AaGqVZT30d4tMutLwZ9vgQ9YgPSi+x7WTJzEuzTyjPWSju0+nPJBMTC93JZROMGPczVWSTaa1I+7lrBMIJNRzUkMlPIs1H85gSlW13o+EVTtO3np3nWUOKHxc7t/CG1HMCUoIr3keg2q7Uc+8LPoYafdYs1PTMZUdDzT5kbqmj0W+LdQiqiemAFQJjpOqQ2f+q9wAahRj/2ugAPhXuaqutg2c0E5YC+yO5CbrRfvGPhVMEw0O7BUSKxnwe+Y+YbmSIKkI/splkx5OsdWFLTcSd1ew5v26BmTyRJH9B4LvFydIh3VS9p0o+dxxamTmt1vyyognFj7MfD0XvRp5GWowb0mnXiSVyIjQPR4tfC3V5HZCnCU7fphn+VPHxZsd2No9OmPpvscJQ4cCFgOfLwgToogr51b4Y9R5iavAdllPURsz0Dlb8Wrdjlh/G/AjJ8pQENVdoM3jMAvXaj1W3WHl6LXMQfRKQS4PCEpvFpl8tJicidtW6jnPLtT/Gy+ROW9m9esTflrKGLXZdf0YEi6i+VPiGhpn1TtSRUD0CbR+sBwEXJVi0hze1k6phRel+sIynApyiZdMROq1+QkCr6+l12FZ29Q/aBRhe3FN1MzI0DasvAtIODJa9eZC1zukDvdavPQ13ypjpM42l5/4gu+wY6ZtE/qNZrjdkxV1mdj0fTLKDM+Ud+IYoaUuauxCHsWoi8oIFL61bANfmDSj+zu5fpMqGloEvu5ej40wuFcTZNW2918FQ2QzvOgWIVqqanbsHM5khMF9LsClQSUVPQjk3D/onNpL0mlQQB0lxCThp/FxHUnFRnJxR2L7Gy+fayPe3vde0l+HfZCTzIF1xeJop7YJNToE6S3/g0Q6c1lk8UmpdFkrrKh2srZKT2sbDm+dEwo6f4BT/XUut6qm8f//Ev3zHdwPeJnMoVTjEgEqeCFhMCyxfAs0jckCLarHC6/P12M7dvZoaAKqOGBo7wuZcAoq38RB0X42G2FHXPy51VSqDmKQgX12iyUUoalsVNZVGo1Vzb5vIuC2DWMybtZpFoqJQn34j9qq4oCndKxCFatx1l6inVsGty32N9O17JJ9prOaHATOOh1i+hvTB46TMxe1TMRCyDTA2PFK/pqu3TxnUWqqXltjajajnCrRRQlPM4cLRXbALE1cbq1Zq/MRore3AGVQmTGfEBSskDQfbz1pdnWcVsk8KuCxb1lkcltWkHhhEd3Q9MH8J5SVy++lEonf49Ez4lRDACnT5TuFRW2sXSw9VijlGXTyILNopyoJdZQnxRvbpZ5nnT3l2IUsj7bQNnIr9+uTbisZxPSLgDZNodgAWZ5logEbKu2ifsTOVAoNs8EXwGxHmZQnpX2uc6KGaghKenqRlBoQJ5QxHsg66Npb2qK+kv6ZdqRz2H8kbYgdMbVgFe3WpAUlufRj7TchFJOmY5Kd3JV1CV8cKA3rKbUW/vM65IyxcDbyFJ39sj3wSeHNxEkMrZlrySDqrq0cetE1RzbjCyUBdbUgzMbOaMmkgBXjA1+gJiCz+XP2v9MYmT4eSisWSJyJOdhL6Gst89QueYFQP4RLWIwJBDBubYo4t+4mm8TXggbO/Ehrgn85gEqk0+2qO7AMOYQb2ysXDo5So7W2jScPyqhvWr5tn3XTQ9vKJQQ7Vewm4VIPCXPzmgT6c3+pvqkEwnZsLcJNUYztRKlU9I4a+edrSH5j4MKt2TtoWNchK8+ErTpBa0tZPdc5rMgDk4703UXNDgdVl4qCPGnBnsMDAQCkz3e4p0NmbGXj0WFUTJFvcpLlRZ9J7YsQ/JgVPBO5HMFgTxM94nz3sPTfqSLqf+UaOmX9Ls9ROZP3RIDlb/d6wCipojcJzKZbbQNdJ0e0sWrry2/NI4LSVLyEZC054YiLGIyniMxQcCk7EbTllleskz/8M8e8w0+GhLyDcs/YPP4AY9ovY03rFeJIxgMP1zYJPFweUjcIM/Xcih1S/Zv+XzElcqXeqt5eAPyZ0AZWhi2bRkf3pYrjNBFRNmS3a4C8ISd/01BpiUwTCtnYuppC7ffxctDviWlZQUwFSKN0zdq2h5+hLR8rsIVE5pDfx6sJFgCqoc/derqfICbB4UlWXWV7Q+CI9+7gdSc3CTclGqIjyQPzvfcPS/FK5Dy1TImOxsfguz6FJgwSUe/Sf/NrGte++6VyHmGIM2cP4RpJMWHTV3r72o3kqrOXrCX9RakyuUU0DzDukqCSyO9l+m7dumWwWXWdjwkmxCWkzqLs/6zjbo6zTZrTqseKClWl2Fesz29/LGjVCLXiw4vKicpoigmONIccoSs/fQ8g8+SolcHZE6TG8Tsy+/8axBUOkoJISKgL+AhfsXtEzX7RTK+7NcUOwusBfoJg6OaBTHcuxR+2F+ZgmVDbHSXwHS7Vf3yQ1Q/GlIC46zng7o9jDKsiLhtlYPe7kpu5v5AUd5Wf8+KCBtk64EYDFDwu+eWvMk0phV0PtnuzgH1f1fgVGBtx+nqL48+yc8BSznrm7rD1b+CCSXPkRGgIB0cFRNX2kqimQJj0j8Hg//W2omFvyp6esvDRkmRB1qnqHRo
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-20T11:16:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--83b1a33b-cc08-4af6-b9d8-b72d1bd71c6b",
|
||
|
"created": "2021-05-24T09:46:22.000Z",
|
||
|
"modified": "2021-05-24T09:46:22.000Z",
|
||
|
"relationship_type": "derived-from",
|
||
|
"source_ref": "indicator--4bde24be-c45a-46a7-9bb4-2132e7d55349",
|
||
|
"target_ref": "x-misp-object--5a631973-1f04-4b1c-8357-04070a00020f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--41cca248-b506-44f9-a340-5dd7bbe55eda",
|
||
|
"created": "2021-05-24T09:46:22.000Z",
|
||
|
"modified": "2021-05-24T09:46:22.000Z",
|
||
|
"relationship_type": "derived-from",
|
||
|
"source_ref": "indicator--c05e8114-9477-413b-9961-d8f65ece230d",
|
||
|
"target_ref": "indicator--4bde24be-c45a-46a7-9bb4-2132e7d55349"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|