misp-circl-feed/feeds/circl/stix-2.1/5dee2bc3-47ac-4784-a52a-4da2950d210f.json

2988 lines
1.7 MiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5dee2bc3-47ac-4784-a52a-4da2950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:23.000Z",
"modified": "2019-12-11T12:50:23.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5dee2bc3-47ac-4784-a52a-4da2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:23.000Z",
"modified": "2019-12-11T12:50:23.000Z",
"name": "OSINT - BfV Cyber-Brief Nr. 01/2019 - Hinweis auf aktuelle Angriffskampagne -",
"published": "2019-12-11T12:52:13Z",
"object_refs": [
"observed-data--5dee2bed-38b4-451c-8af4-425b950d210f",
"file--5dee2bed-38b4-451c-8af4-425b950d210f",
"artifact--5dee2bed-38b4-451c-8af4-425b950d210f",
"observed-data--5def5058-16e0-4979-b098-40af950d210f",
"file--5def5058-16e0-4979-b098-40af950d210f",
"artifact--5def5058-16e0-4979-b098-40af950d210f",
"indicator--5def55e8-180c-44e8-b55a-4516950d210f",
"indicator--5def55ec-a86c-46aa-be96-44fd950d210f",
"x-misp-attribute--5defaf66-c2b0-401b-b786-41b6950d210f",
"x-misp-attribute--5defafa7-c2d8-4682-9307-4b4b950d210f",
"indicator--5dee3f11-02e4-406f-ab0b-ba86950d210f",
"indicator--5dee3fda-b550-4d4b-9edb-a11c950d210f",
"indicator--5dee4b73-07c0-4f1b-b723-b9de950d210f",
"indicator--5dee4b9a-8b60-4fef-b39c-ba61950d210f",
"indicator--5dee4e51-f448-4a0a-815c-b79e950d210f",
"observed-data--5dee5202-0d70-4bd5-801e-4504950d210f",
"windows-registry-key--5dee5202-0d70-4bd5-801e-4504950d210f",
"observed-data--5dee5561-9df0-484c-bbb3-47ba950d210f",
"windows-registry-key--5dee5561-9df0-484c-bbb3-47ba950d210f",
"indicator--5def9c6b-dcd8-4fb6-95da-476d950d210f",
"indicator--5def9ed5-d278-4e6d-996d-4cc2950d210f",
"indicator--e53b7231-54cc-40b6-aced-498328713c3d",
"indicator--3c622f17-8eec-4e87-bd09-be3a072530b6",
"indicator--1a9c8641-e1f9-4716-9fbd-212be3259b9e",
"indicator--3b726112-4fbb-4986-8753-bb42dfb25f3a",
"indicator--9e7700e2-a2d3-4fc8-91e3-bdae4dad5240",
"indicator--52cf0eab-5342-49e6-80df-6d2a3e6d00dc",
"indicator--43c6c9cb-dbcc-498a-9346-3799c8ad30e1",
"indicator--da3cb9c5-efb4-4445-8c88-6d779bba3c3c",
"indicator--feb320b1-5ae5-4e21-a031-19746f89f645",
"indicator--b9d511cf-df43-4672-b8f9-d7537ac9d1ae",
"indicator--24f69e0a-39f7-4a2d-b91e-6c8a2f66d762",
"indicator--b33abe59-884c-4a46-acd4-5edbd734a6ae",
"indicator--e1ded9f0-7ece-454e-9cdb-cd7da4d80057",
"indicator--0840514f-9f4b-437d-93bf-ecb8dd861021",
"indicator--e37faa3a-3ad6-467b-a031-9be5cd3c86c4",
"indicator--cd6c577a-b5fe-472a-bd47-595bffa6660d",
"indicator--45ee5414-ac33-49c7-bf60-f92b0e2b4f98",
"indicator--598a154c-dcd5-43d5-b2c3-1f5cbf1c4c1d",
"indicator--a1bda197-5c10-413b-ab26-edeee972ded8",
"indicator--775b5784-ad3b-424e-b2af-7d89a1f81050",
"indicator--9db8e7fb-7fb4-45c8-89e4-a3a0c6abd021",
"indicator--b4db253c-2bcf-451c-ba44-15a673a3a3c4",
"indicator--cde94a42-8107-4e34-af08-ec8294eceea5",
"indicator--7f91bef0-d377-48e7-b126-6e7a5d3720ea",
"indicator--991c177a-7a0f-4926-95f6-4ac179a5a295",
"indicator--7b7ecfce-2bd5-46ae-b601-3e9eebc90db3",
"indicator--25f6a294-0dd2-4b0b-a3af-416e51364afd",
"indicator--3f909ac6-2c3b-46a9-be2c-94af99524de4",
"indicator--d470790a-b3bf-4ced-94f7-ca7401ddc629",
"indicator--fcda7810-080c-47f0-9216-a7cf669e4396",
"indicator--06d8a210-3a92-47eb-8fd2-0147b7281d7f",
"indicator--9a724f07-1f2b-48bb-bb25-32dfe637569b",
"indicator--dbd342d8-a43b-4f22-8be9-921186cdbf83",
"indicator--67abe83f-ef66-40d7-90e7-90ffe1513e52",
"indicator--97a2f864-44e3-4ab4-ab05-2053d5e1ccf4",
"indicator--3b43ab98-c605-43ec-8951-c456fa02c3bf",
"indicator--0db0c06d-d056-44c1-84e0-e3e6e13ce850",
"indicator--ba639956-fe15-45ce-a72c-666cb163e56e",
"indicator--7df5bc4b-4499-492b-9962-61ed0d12c542",
"indicator--08a0fa08-4b39-4c16-8574-bdb7d3e91283",
"indicator--48852a64-fa9d-4d5c-a7f1-45699a8882a2",
"indicator--fdca2f4c-bd45-4336-9e95-794b4a0526a8",
"indicator--997205fd-5ead-4a86-aba6-f2e99ddfce0b",
"indicator--1919f62b-5793-4c0f-ae20-518c4011c9cd",
"indicator--44190615-3989-4246-962b-0dcc4e5cd3c2",
"indicator--32ce7962-26dc-4ae7-9159-c0e362795392",
"indicator--c14890d7-e0e9-438c-a359-40718f2426a5",
"indicator--64707a06-5849-4739-ae9b-592b2c5d40c0",
"indicator--e0551fbd-a6c4-45e4-b42c-21576008ca5b",
"indicator--321b5b53-85a3-40e8-8840-8521b66fb118",
"indicator--681bdb7d-a852-4a13-9c90-55774971b482",
"indicator--5ec73a7f-829e-472a-9666-05b92c769b14",
"indicator--0032d7b5-43be-4a6c-bc62-56a5298cbaa7",
"indicator--5defae0e-25f0-4dd9-94b4-451e950d210f",
"indicator--5defaed6-e44c-4af8-8d06-4993950d210f",
"indicator--5defaf3c-d7e4-423c-82ad-4838950d210f",
"indicator--5defb18f-9100-4e25-ae16-4f69950d210f",
"indicator--5defb1ce-bf24-489f-9676-47fc950d210f",
"indicator--5df0a4ec-ea3c-43b7-a298-42f5950d210f",
"indicator--5df0a8fd-0cec-45d5-8023-1706950d210f",
"indicator--5df0ac98-e890-4c6a-b708-30d9950d210f",
"indicator--fbb2308c-ed30-4bdc-97ff-53b4136cf37f",
"x-misp-object--7286a3d2-41c0-4688-9e21-85ec78ff23e0",
"indicator--b9b6c463-ab69-4bc2-a053-248497aa95d5",
"x-misp-object--42bd75dc-5e99-4c09-bfca-66b22cb28fa1",
"indicator--00c6f164-f4b4-4e2c-a3ef-63c88e36f381",
"x-misp-object--9fe4012e-2085-4dcf-9f99-f73e92b3c7b0",
"indicator--f005a213-c2ee-448d-80f3-a58ff20fdb4c",
"x-misp-object--8d2143a2-20d9-4de0-a833-5b13445c2fac",
"indicator--25b3b742-2893-462b-a181-8a9c046f7995",
"x-misp-object--ee0c2e26-c418-4f6f-9e6d-86952c212952",
"indicator--26bfe728-c018-44e4-b6d6-c54af3d2b14a",
"x-misp-object--77072cd3-da5c-4204-b37d-72fc44ed0384",
"indicator--dab61fb6-c519-46a1-b060-fa178764d6da",
"x-misp-object--2254d0a1-5768-49d1-8f6f-55ef72367d31",
"indicator--53d444c2-5449-4082-b85a-e61c3760d6c4",
"x-misp-object--f3154e62-2ff1-4769-af0a-6115e01096bc",
"indicator--93f8b76b-2456-44b4-9a7c-cdb0166ccacc",
"x-misp-object--017ca493-a3dc-4bc8-a384-6efaf630477a",
"x-misp-object--5def9ca7-d33c-4f2e-83bc-45d0950d210f",
"x-misp-object--5def9ce1-f250-4d35-a51f-4b21950d210f",
"x-misp-object--5defae31-f31c-427b-ad96-48d4950d210f",
"x-misp-object--5defb221-e110-4c86-99bd-409e950d210f",
"x-misp-object--5df0ab37-3e44-44c5-85cf-4021950d210f",
"x-misp-object--5df0acec-e3d4-4767-abe7-4bf6950d210f",
2023-12-14 14:30:15 +00:00
"relationship--b657ea00-8789-49a4-8531-493977aa8436",
"relationship--8f3308f9-2586-4178-a615-0dfb6531d05b",
"relationship--2b42195b-5a55-49b8-ae5a-e92f57f43e22",
"relationship--cfe1ddae-388f-4eae-a79d-514b62183f30",
"relationship--cf995ae4-c127-4b4f-b960-4cf1e9789138",
"relationship--4ff23445-b8fa-404c-9bd8-0c942d3a2a18",
"relationship--30b6565a-e45a-457a-ac7c-c0758e5a29f4",
"relationship--a28f831c-1076-4b8a-91af-cb7d1d06841c",
"relationship--6bcabb47-e951-40c7-85b0-1427e8af46ce",
"relationship--d99b2019-37d8-4bb9-967a-43c87a69c535",
"relationship--03815d2b-60dc-482d-9fe2-ad5a9452a1eb",
"relationship--fc77d2e1-9ab8-44ef-a495-2a1c86e3e43f",
"relationship--a72ab947-371d-4b12-a129-5ab6d0868829",
"relationship--c8bca3d9-03b8-4461-b121-439ec1f798db",
"relationship--f93fdaf4-a3e4-4767-8164-ecd36b66978c",
"relationship--b76a5fdf-cc7e-4a8c-8168-51e1529a1734",
"relationship--6329e604-db97-4b98-8350-661853de4140",
"relationship--9ce763c8-40fc-4e53-b8c9-1ff7ea0cceaa",
"relationship--e20d93b8-33ec-4b8d-b306-595c18fa1b73",
"relationship--5cb602a9-e83b-4ca4-acfd-3a427ff7dfb3",
"relationship--9aa7cd72-0600-47ec-bdb5-22502aa264f1",
"relationship--a769a685-ebc6-43b6-9144-5ec2b35fd7e3"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"",
"misp-galaxy:mitre-attack-pattern=\"Command-Line Interface - T1059\"",
"misp-galaxy:mitre-attack-pattern=\"Execution through API - T1106\"",
"misp-galaxy:mitre-attack-pattern=\"Rundll32 - T1085\"",
"misp-galaxy:mitre-attack-pattern=\"Service Execution - T1035\"",
"misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"",
"misp-galaxy:mitre-attack-pattern=\"DLL Search Order Hijacking - T1038\"",
"misp-galaxy:mitre-attack-pattern=\"Kernel Modules and Extensions - T1215\"",
"misp-galaxy:mitre-attack-pattern=\"Port Knocking - T1205\"",
"misp-galaxy:mitre-attack-pattern=\"Redundant Access - T1108\"",
"misp-galaxy:mitre-attack-pattern=\"Binary Padding - T1009\"",
"misp-galaxy:mitre-attack-pattern=\"Code Signing - T1116\"",
"misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"",
"misp-galaxy:mitre-attack-pattern=\"Disabling Security Tools - T1089\"",
"misp-galaxy:mitre-attack-pattern=\"Execution Guardrails - T1480\"",
"misp-galaxy:mitre-attack-pattern=\"File Deletion - T1107\"",
"misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"",
"misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"",
"misp-galaxy:mitre-attack-pattern=\"Rootkit - T1014\"",
"misp-galaxy:mitre-attack-pattern=\"Software Packing - T1045\"",
"misp-galaxy:mitre-attack-pattern=\"Timestomp - T1099\"",
"misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\"",
"misp-galaxy:mitre-attack-pattern=\"Connection Proxy - T1090\"",
"misp-galaxy:mitre-attack-pattern=\"Custom Command and Control Protocol - T1094\"",
"misp-galaxy:mitre-attack-pattern=\"Custom Cryptographic Protocol - T1024\"",
"misp-galaxy:mitre-attack-pattern=\"Fallback Channels - T1008\"",
"misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:threat-actor=\"Axiom\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5dee2bed-38b4-451c-8af4-425b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-09T11:11:41.000Z",
"modified": "2019-12-09T11:11:41.000Z",
"first_observed": "2019-12-09T11:11:41Z",
"last_observed": "2019-12-09T11:11:41Z",
"number_observed": 1,
"object_refs": [
"file--5dee2bed-38b4-451c-8af4-425b950d210f",
"artifact--5dee2bed-38b4-451c-8af4-425b950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5dee2bed-38b4-451c-8af4-425b950d210f",
"name": "broschuere-2019-12-bfv-cyber-brief-2019-01.pdf",
"content_ref": "artifact--5dee2bed-38b4-451c-8af4-425b950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5dee2bed-38b4-451c-8af4-425b950d210f",
"payload_bin": "JVBERi0xLjMNJeLjz9MNCjczIDAgb2JqDTw8L0xpbmVhcml6ZWQgMS9MIDEyMTk4NzAvTyA3Ni9FIDU4MTQ2Ni9OIDE5L1QgMTIxODI5MC9IIFsgMTYxNiA1NjldPj4NZW5kb2JqDSAgICAgICAgICAgDQp4cmVmDQo3MyA2Ng0KMDAwMDAwMDAxNiAwMDAwMCBuDQowMDAwMDAyMTg1IDAwMDAwIG4NCjAwMDAwMDIzOTggMDAwMDAgbg0KMDAwMDAwMjQ0MCAwMDAwMCBuDQowMDAwMDAzMDYxIDAwMDAwIG4NCjAwMDAwMDU3NzAgMDAwMDAgbg0KMDAwMDAwODQ5MSAwMDAwMCBuDQowMDAwMDExMjgyIDAwMDAwIG4NCjAwMDAwMTM5MTkgMDAwMDAgbg0KMDAwMDAxNjcyOSAwMDAwMCBuDQowMDAwMDE5NTEyIDAwMDAwIG4NCjAwMDAwMTk5NTEgMDAwMDAgbg0KMDAwMDAyMDQxNyAwMDAwMCBuDQowMDAwMDIwNTk3IDAwMDAwIG4NCjAwMDAwMjA2NTEgMDAwMDAgbg0KMDAwMDAyMTAxNCAwMDAwMCBuDQowMDAwMDIxMjI5IDAwMDAwIG4NCjAwMDAwMjE2MTIgMDAwMDAgbg0KMDAwMDAyMTgyMyAwMDAwMCBuDQowMDAwMDI0NjI2IDAwMDAwIG4NCjAwMDAwMjYzMTUgMDAwMDAgbg0KMDAwMDAzMTI4MCAwMDAwMCBuDQowMDAwMDM2MTA1IDAwMDAwIG4NCjAwMDAwMzYyNTkgMDAwMDAgbg0KMDAwMDAzNjMxNyAwMDAwMCBuDQowMDAwMDM2MzcxIDAwMDAwIG4NCjAwMDAwMzY0NjYgMDAwMDAgbg0KMDAwMDAzNzA1NCAwMDAwMCBuDQowMDAwMDM3MjYxIDAwMDAwIG4NCjAwMDAwMzc1NDUgMDAwMDAgbg0KMDAwMDA0NTkwNyAwMDAwMCBuDQowMDAwMDQ1OTQ2IDAwMDAwIG4NCjAwMDA0OTkzMzQgMDAwMDAgbg0KMDAwMDU2OTg3MyAwMDAwMCBuDQowMDAwNTc5MDM3IDAwMDAwIG4NCjAwMDA1NzkxMDkgMDAwMDAgbg0KMDAwMDU3OTIyMyAwMDAwMCBuDQowMDAwNTc5MzQ2IDAwMDAwIG4NCjAwMDA1NzkzODkgMDAwMDAgbg0KMDAwMDU3OTUwMiAwMDAwMCBuDQowMDAwNTc5NjE2IDAwMDAwIG4NCjAwMDA1Nzk3NTUgMDAwMDAgbg0KMDAwMDU3OTc5OCAwMDAwMCBuDQowMDAwNTc5ODg3IDAwMDAwIG4NCjAwMDA1ODAwMjIgMDAwMDAgbg0KMDAwMDU4MDA2NSAwMDAwMCBuDQowMDAwNTgwMjU3IDAwMDAwIG4NCjAwMDA1ODAyOTkgMDAwMDAgbg0KMDAwMDU4MDM3OCAwMDAwMCBuDQowMDAwNTgwNDY0IDAwMDAwIG4NCjAwMDA1ODA1MDYgMDAwMDAgbg0KMDAwMDU4MDU0OCAwMDAwMCBuDQowMDAwNTgwNTkxIDAwMDAwIG4NCjAwMDA1ODA2MzQgMDAwMDAgbg0KMDAwMDU4MDcyMiAwMDAwMCBuDQowMDAwNTgwNzY1IDAwMDAwIG4NCjAwMDA1ODA4ODMgMDAwMDAgbg0KMDAwMDU4MDkyNiAwMDAwMCBuDQowMDAwNTgxMDUxIDAwMDAwIG4NCjAwMDA1ODEwOTQgMDAwMDAgbg0KMDAwMDU4MTIwMCAwMDAwMCBuDQowMDAwNTgxMjQzIDAwMDAwIG4NCjAwMDA1ODEzMzcgMDAwMDAgbg0KMDAwMDU4MTM4MCAwMDAwMCBuDQowMDAwNTgxNDIzIDAwMDAwIG4NCjAwMDAwMDE2MTYgMDAwMDAgbg0KdHJhaWxlcg0KPDwvU2l6ZSAxMzkvUm9vdCA3NCAwIFIvSW5mbyA3MiAwIFIvSURbPDkzNEZFRDAzQzk0OUE3QjZCNzg3NzRFMUY4N0EyNDU0PjwwNjkyMUMxMkM1QUQ0NzQzQjFBRjlDM0FDRTA5NkU0Qz5dL1ByZXYgMTIxODI3OT4+DQpzdGFydHhyZWYNCjANCiUlRU9GDQogICAgICAgICAgDQoxMzggMCBvYmoNPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0kgNjUwL0wgNjM0L0xlbmd0aCA0NzQvTyA2MTgvUyA0NzY+PnN0cmVhbQ0KaN5iYGBgYmBg92dgZWDgn8MgwoAAIkAxNgYWBo4XLIIsChoQwZ7kBD4JA8VA+WTZxg+OOsIGDDyebHsFWNYxeAVwijF0G3AcY5j7gOsLA5MDAwOj+IOgOc8tvZLnanqeC54DNZfpjMzljjqWoJrLHW0WC3QOXvRyf9wl7KfEdEZWUggo2KeRABScqA4SVNjM3ggU3Mxu8kjBVf20QbGfEktQHdMZuchei5YgoPi8XRmbbgiuev5yUQW3QbXuWql1dbPUN916oHPwLFABSLxadx3YRlct7FKyCC0XoeaUZKGIwJSlAUEHyAcggsXFA0SxhkYAKSVlYwsQj9k4AiwIZoMIMYgGBpBwaChYLVCna2gHkCEoGhqW1gExBM6IQFAuLhAjwSazpWV0kBr2QG2GDEImKUBaHoj1wS5RZxBm8DiguYPVlmENg4gP05YDoQcYJzCYJjCZMLA3iDgwJjCEMbAmcJ1hOOfg84MzkoHdgEGNgfkA4wEmVQZRBuYrAo4NDLxXT7ncZJTVYOBmYDjAfIIhhoEjQTCOIaSBV4PxIYOoArsMfyeD2ALGcww6DWsN4Ckqm4Hj8hKIazhrgbQjg1DDcSDNCMSqQOzBIDRZEsJnnAoQYABXybT4DQplbmRzdHJlYW0NZW5kb2JqDTc0IDAgb2JqDTw8L01ldGFkYXRhIDcxIDAgUi9PcGVuQWN0aW9uIDc1IDAgUi9PdXRsaW5lcyAxMDcgMCBSL1BhZ2VMYWJlbHMgNjUgMCBSL1BhZ2VMYXlvdXQvT25lQ29sdW1uL1BhZ2VNb2RlL1VzZU91dGxpbmVzL1BhZ2VzIDY2IDAgUi9UeXBlL0NhdGFsb2cvVmlld2VyUHJlZmVyZW5jZXM8PC9DZW50ZXJXaW5kb3cgdHJ1ZS9GaXRXaW5kb3cgdHJ1ZT4+Pj4NZW5kb2JqDTc1IDAgb2JqDTw8L0RbNzYgMCBSL0ZpdF0vUy9Hb1RvPj4NZW5kb2JqDTc2IDAgb2JqDTw8L0JsZWVkQm94WzAgMC4wMDAyNDQxIDU5NS4yNzU1NyA4NDEuODkwMDFdL0NvbnRlbnRzWzc3IDAgUiA3OCAwIFIgNzkgMCBSIDgwIDAgUiA4MSAwIFIgODIgMCBSIDkxIDAgUiA5MiAwIFJdL0Nyb3BCb3hbMCAwIDU5NS4yNzYgODQxLjg5MDAxXS9NZWRpYUJveFswIDAgNTk1LjI3NiA4NDEuODkwMDFdL1BhcmVudCA2NyAwIFIvUmVzb3VyY2VzPDwvQ29sb3JTcGFjZTw8L0NTMCA4NiAwIFI+Pi9FeHRHU3RhdGU8PC9HUzEgOTYgMCBSL0dTNSA5NyAwIFI+Pi9Gb250PDwvRjAgODMgMCBSL0YyIDg0IDAgUi9GNCA4NSAwIFI+Pi9Qcm9jU2V0Wy9QREYvVGV4dC9JbWFnZUMvSW1hZ2VCL0ltYWdlSV0vUHJvcGVydGllczw8L01DMCAxMDMgMCBSPj4vWE9iamVjdDw8L0ltMSAxMDQgMCBSL0ltMiAxMDUgMCBSL0ltMyAxMDYgMCBSPj4+Pi9Sb3RhdGUgMC9UcmltQm94WzAgMC4wMDAyNDQxIDU5NS4yNzU1NyA4NDEuODkwMDFdL1R5cGUvUGFnZS91MnBNYXRbMSAwIDAgLTEgMCA4NDEuODkwMDFdL3hiMSAwL3hiMiA1OTUuMjc1NTcveHQxIDAveHQyIDU5NS4yNzU1Ny95YjEgMC4wMDAyNDQxL3liMiA4NDEuODkwMDEveXQxIDAuMDAwMjQ0MS95dDIgODQxLjg5MDA
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5def5058-16e0-4979-b098-40af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T07:59:20.000Z",
"modified": "2019-12-10T07:59:20.000Z",
"first_observed": "2019-12-10T07:59:20Z",
"last_observed": "2019-12-10T07:59:20Z",
"number_observed": 1,
"object_refs": [
"file--5def5058-16e0-4979-b098-40af950d210f",
"artifact--5def5058-16e0-4979-b098-40af950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5def5058-16e0-4979-b098-40af950d210f",
"name": "anlage-2019-12-bfv-cyber-brief-2019-01.txt",
"content_ref": "artifact--5def5058-16e0-4979-b098-40af950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5def5058-16e0-4979-b098-40af950d210f",
"payload_bin": "RGV0ZWt0aW9uc3JlZ2Vsbg0KWWFyYSBSdWxlcyAoZXNwZWNpYWxseSBmb3IgbWVtb3J5IHNjYW5uaW5nKQ0KcnVsZSBjYjJfMDENCnsNCiAgc3RyaW5nczoNCiAgICAkZTEgPSAiR2xvYmFsXFxCRkVfTm90aWZ5X0V2ZW50X3s2NWEwOTdmZS02MTAyLTQ0NmEtOWY5Yy01NWRmYzNmNDExMDE1fSIgYXNjaWkgbm9jYXNlDQogICAgJGUyID0gIkdsb2JhbFxcQkZFX05vdGlmeV9FdmVudF97NjVhMDk3ZmUtNjEwMi00NDZhLTlmOWMtNTVkZmMzZjQxMTAxNH0iIGFzY2lpIG5vY2FzZQ0KICAgICRlMyA9ICJHbG9iYWxcXEJGRV9Ob3RpZnlfRXZlbnRfezY1YTA5N2ZlLTYxMDItNDQ2YS05ZjljLTU1ZGZjM2Y0MTEwMTZ9IiBhc2NpaSBub2Nhc2UNCiAgICAkZTQgPSAiXFxCYXNlTmFtZWRPYmplY3RzXFx7QjJCODdDQ0EtNjZCQy00QzI0LTg5QjItQzIzQzlFQUMyQTY2fSIgd2lkZQ0KICAgICRlNSA9ICJCRkVfTm90aWZ5X0V2ZW50X3s3RDAwRkEzQy1GQkRDLTRBOEQtQUVFQi0zRjU1QTQ4OTBEMkF9IiBub2Nhc2UNCiAgY29uZGl0aW9uOg0KICAgIChhbnkgb2YgKCRlKikpDQp9DQpydWxlIGNiMl8wMg0Kew0KICBzdHJpbmdzOg0KICAgICRhMSA9ICJJUFNlY01pbmlQb3J0IiB3aWRlIGZ1bGx3b3JkDQogICAgJGEyID0gIm5kaXM2ZnciIHdpZGUgZnVsbHdvcmQNCiAgICAkYTMgPSAiVENQSVAiIHdpZGUgZnVsbHdvcmQNCiAgICAkYTQgPSAiTkRJUy5TWVMiIGFzY2lpIGZ1bGx3b3JkDQogICAgJGE1ID0gIm50b3Nrcm5sLmV4ZSIgYXNjaWkgZnVsbHdvcmQNCiAgICAkYTYgPSAiXFxCYXNlTmFtZWRPYmplY3RzXFx7QjJCODdDQ0EtNjZCQy00QzI0LTg5QjItQzIzQzlFQUMyQTY2fSIgd2lkZQ0KICAgICRhNyA9ICJcXERldmljZVxcTnVsbCIgd2lkZQ0KICAgICRhOCA9ICJcXERldmljZSIgd2lkZQ0KICAgICRhOSA9ICJcXERyaXZlciIgd2lkZQ0KICAgICRiMSA9IHsgNjYgODEgNz8gPz8gNzAgMTcgfQ0KICAgICRiMiA9IHsgODEgNz8gPz8gMDcgRTAgMTUgMDAgfQ0KICAgICRiMyA9IHsgOEIgNDYgMTggM0QgMDMgNjAgMTUgMDAgfQ0KICBjb25kaXRpb246DQogICAgKDYgb2YgKCRhKikpIGFuZCAoMiBvZiAoJGIqKSkNCn0NCnJ1bGUgY2IyXzAzDQp7DQogIHN0cmluZ3M6DQogICAgJGIxID0geyAwRiBCNyA/PyAxNiBbMC0xXSAoODEgRT8gfCAyNSkgMDAgMjAgWzAtMl0gWzhdIDhCID8/IDUwIDQxIEI5IDQwIDAwIDAwIDAwIDQxIEI4IDAwIDEwIDAwIDAwIH0NCiAgICAkYjIgPSB7IDhCIDQwIDI4IFs1LThdIDQ4IDAzIEM4IDQ4IDhCIEMxIFs1LThdIDQ4IDg5IDQxIDI4IH0NCiAgICAkYjMgPSB7IDQ4IDZCID8/IDI4IFs1LThdIDhCID8/ID8/IDEwIFs1LThdIDQ4IDZCID8/IDI4IFs1LThdIDhCID8/ID8/IDE0IH0NCiAgICAkYjQgPSB7IDgzIEI/IDkwIDAwIDAwIDAwIDAwIDBGIDg0IFs5LTEyXSA4MyBCPyA5NCAwMCAwMCAwMCAwMCAwRiA4NCB9DQogICAgJGI1ID0geyAoNDUgfCA0RCkgKDMxIHwgMzMpIEMwIEJBIDAxIDAwIDAwIDAwIFsxMC0xNl0gRkYgNT8gMjggWzAtMV0gKDg0IHwgODUpIEMwIH0NCiAgY29uZGl0aW9uOg0KICAgICg0IG9mICgkYiopKQ0KfQ0KcnVsZSBjYjJfMDQNCnsNCiAgc3RyaW5nczoNCiAgICAkYjEgPSB7IDRDIDhEIDQxIDI0IDMzIEQyIEI5IDAzIDAwIDFGIDAwIEZGIDk/IEY4IDAwIDAwIDAwIDQ4IDg1IEMwIDc0IH0NCiAgICAkYjIgPSB7IDRDIDhCIDQ/IDA4IEJBIDAxIDAwIDAwIDAwIDQ5IDhCIEM/IEZGIEQwIDg1IEMwIFsyLTZdIEM3IDQ/IDFDIDAxIDAwIDAwIDAwIEI4IDAxIDAwIDAwIDAwIH0NCiAgICAkYjMgPSB7IDhCIDRCIEU0IDhCIDUzIEVDIDQxIEI4IDAwIDQwIDAwIDAwIDQ/IDBCIEM/IEZGIDk/IEI4IDAwIDAwIDAwIEVCIH0NCiAgY29uZGl0aW9uOg0KICAgICgyIG9mICgkYiopKQ0KfQ0KcnVsZSBjYjJfMDUNCnsNCiAgc3RyaW5nczoNCiAgICAkYTEgPSAiLWsgbmV0c3ZjcyIgYXNjaWkNCiAgICAkYTIgPSAic3ZjaG9zdC5leGUiIGFzY2lpIGZ1bGx3b3JkDQogICAgJGEzID0gIiVTeXN0ZW1Sb290JVxcU3lzdGVtMzJcXG50b3Nrcm5sLmV4ZSIgYXNjaWkNCiAgICAkYTQgPSAiR2xvYmFsXFxCRkVfTm90aWZ5X0V2ZW50X3s2NWEwOTdmZS02MTAyLTQ0NmEtOWY5Yy01NWRmYzNmNDExMDE1fSIgYXNjaWkNCiAgICAkYTUgPSAiR2xvYmFsXFxCRkVfTm90aWZ5X0V2ZW50X3s2NWEwOTdmZS02MTAyLTQ0NmEtOWY5Yy01NWRmYzNmNDExMDE0fSIgYXNjaWkNCiAgICAkYTYgPSAiR2xvYmFsXFxCRkVfTm90aWZ5X0V2ZW50X3s2NWEwOTdmZS02MTAyLTQ0NmEtOWY5Yy01NWRmYzNmNDExMDE2fSIgYXNjaWkNCiAgICAkYTcgPSAiY21kLmV4ZSIgd2lkZQ0KICAgICRhOCA9ICIsWE1MIiB3aWRlDQogICAgJGE5ID0gIlxccnVuZGxsMzIuZXhlIiB3aWRlDQogICAgJGExMCA9ICJcXGNvbmhvc3QuZXhlIiB3aWRlDQogICAgJGExMSA9ICJcXGNtZC5leGUiIHdpZGUNCiAgICAkYTEyID0gIk50UXVlcnlJbmZvcm1hdGlvblByb2Nlc3MiIGFzY2lpDQogICAgJGExMyA9ICJEZXRvdXJzISIgYXNjaWkgZnVsbHdvcmQNCiAgICAkYTE0ID0gIkxvYWRpbmcgbW9kaWZpZWQgYnVpbGQgb2YgZGV0b3VycyBsaWJyYXJ5IGRlc2lnbmVkIGZvciBNUEMtSEMgcGxheWVyIChodHRwOi8vc291cmNlZm9yZ2UubmV0L3Byb2plY3RzL21wYy1oYy8pIiBhc2NpaQ0KICAgICRhMTUgPSAiQ09OT1VUJCIgd2lkZSBmdWxsd29yZA0KICAgICRhMTYgPSB7IEM2IDA/IEU5IDQ/IDg/IDQ/IDA1IFsyXSA4OSA0PyAwMSB9DQogIGNvbmRpdGlvbjoNCiAgICAoMTIgb2YgKCRhKikpDQp9DQoNClJlZ2lzdHJ5IEtleXMNCkhLTE1cU09GVFdSRVxNaWNyb3NvZnRcT2xlXA0KCWxwVmFsdWVOYW1lOiBHVUlEIChjcmVhdGUpDQoJbHBEYXRhOiBYWFhYWC1YWFhYWC1YWFhYWC1YWFhYWC1YWFhYWCAgKHJlYWQvd3JpdGUpDQoNCkhLTE1cU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXHRtcFhYWFggDQoJbHBWYWx1ZU5hbWU6IFR5cGUNCglscERhdGE6IDB4MSAod3JpdGUpDQoJbHBWYWx1ZU5hbWU6IEVycm9yQ29udHJvbA0KCWxwRGF0YTogMHg
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5def55e8-180c-44e8-b55a-4516950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T08:23:04.000Z",
"modified": "2019-12-10T08:23:04.000Z",
"pattern": "[file:name = '\\\\??\\\\%WINDIR%\\\\TEMP\\\\tmpXXXX.tmp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T08:23:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5def55ec-a86c-46aa-be96-44fd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T08:23:08.000Z",
"modified": "2019-12-10T08:23:08.000Z",
"pattern": "[file:name = '\\\\??\\\\%WINDIR%\\\\TEMP\\\\NtXXXX.tmp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T08:23:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5defaf66-c2b0-401b-b786-41b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:44:54.000Z",
"modified": "2019-12-10T14:44:54.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "Possible C2 DNS Domain Name",
"x_misp_type": "other",
"x_misp_value": "*.dick.mooo.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5defafa7-c2d8-4682-9307-4b4b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:45:59.000Z",
"modified": "2019-12-10T14:45:59.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "Possible C2 HTTP header",
"x_misp_type": "other",
"x_misp_value": "GET [Offset 0x10C in \"config\"] HTTP/1.1\\r\\n\r\nCookie: SN= [bin2hex(data_to_send)]\r\nAccept: text/html, */*\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) Chrome/53.0.2785.148\r\nHost: [Offset 0x8 in \"config\"]\r\nConnection: Keep-Alive"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dee3f11-02e4-406f-ab0b-ba86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-09T12:36:55.000Z",
"modified": "2019-12-09T12:36:55.000Z",
"name": "rule cb2_01",
"pattern": "{\r\nstrings:\r\n$e1 = \u00e2\u20ac\u017eGlobal\\\\\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411015}\u00e2\u20ac\u009d ascii nocase\r\n$e2 = \u00e2\u20ac\u017eGlobal\\\\\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411014}\u00e2\u20ac\u009d ascii nocase\r\n$e3 = \u00e2\u20ac\u017eGlobal\\\\\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411016}\u00e2\u20ac\u009d ascii nocase\r\n$e4 = \u00e2\u20ac\u017e\\\\\\\\BaseNamedObjects\\\\\\\\{B2B87CCA-66BC-4C24-89B2-C23C9EAC2A66}\u00e2\u20ac\u009d wide\r\n$e5 = \u00e2\u20ac\u017eBFE_Notify_Event_{7D00FA3C-FBDC-4A8D-AEEB-3F55A4890D2A}\u00e2\u20ac\u009d nocase\r\ncondition:\r\n}\r\n(any of ($e*))\r\n}",
"pattern_type": "yara",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2019-12-09T12:36:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "misc"
}
],
"labels": [
"misp:name=\"yara\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"True\""
],
"x_misp_context": "memory"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dee3fda-b550-4d4b-9edb-a11c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-09T12:36:42.000Z",
"modified": "2019-12-09T12:36:42.000Z",
"name": "rule cb2_02",
"pattern": "{\r\n strings:\r\n $a1 = \\\\\"IPSecMiniPort\\\\\" wide fullword\r\n $a2 = \\\\\"ndis6fw\\\\\" wide fullword\r\n $a3 = \\\\\"TCPIP\\\\\" wide fullword\r\n $a4 = \\\\\"NDIS.SYS\\\\\" ascii fullword\r\n $a5 = \\\\\"ntoskrnl.exe\\\\\" ascii fullword\r\n $a6 = \\\\\"\\\\\\\\BaseNamedObjects\\\\\\\\{B2B87CCA-66BC-4C24-89B2-C23C9EAC2A66}\\\\\" wide\r\n $a7 = \\\\\"\\\\\\\\Device\\\\\\\\Null\\\\\" wide\r\n $a8 = \\\\\"\\\\\\\\Device\\\\\" wide\r\n $a9 = \\\\\"\\\\\\\\Driver\\\\\" wide\r\n $b1 = { 66 81 7? ?? 70 17 }\r\n $b2 = { 81 7? ?? 07 E0 15 00 }\r\n $b3 = { 8B 46 18 3D 03 60 15 00 }\r\n condition:\r\n (6 of ($a*)) and (2 of ($b*))\r\n}",
"pattern_type": "yara",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2019-12-09T12:36:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "misc"
}
],
"labels": [
"misp:name=\"yara\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"True\""
],
"x_misp_context": "memory"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dee4b73-07c0-4f1b-b723-b9de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-09T13:26:11.000Z",
"modified": "2019-12-09T13:26:11.000Z",
"name": "rule cb2_03",
"pattern": "{\r\n strings:\r\n $b1 = { 0F B7 ?? 16 [0-1] (81 E? | 25) 00 20 [0-2] [8] 8B ?? 50 41 B9 40 00 00 00 41 B8 00 10 00 00 }\r\n $b2 = { 8B 40 28 [5-8] 48 03 C8 48 8B C1 [5-8] 48 89 41 28 }\r\n $b3 = { 48 6B ?? 28 [5-8] 8B ?? ?? 10 [5-8] 48 6B ?? 28 [5-8] 8B ?? ?? 14 }\r\n $b4 = { 83 B? 90 00 00 00 00 0F 84 [9-12] 83 B? 94 00 00 00 00 0F 84 }\r\n $b5 = { (45 | 4D) (31 | 33) C0 BA 01 00 00 00 [10-16] FF 5? 28 [0-1] (84 | 85) C0 }\r\n condition:\r\n (4 of ($b*))\r\n}",
"pattern_type": "yara",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2019-12-09T13:26:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "misc"
}
],
"labels": [
"misp:name=\"yara\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"True\""
],
"x_misp_context": "memory"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dee4b9a-8b60-4fef-b39c-ba61950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-09T13:26:50.000Z",
"modified": "2019-12-09T13:26:50.000Z",
"name": "rule cb2_04",
"pattern": "{\r\n strings:\r\n $b1 = { 4C 8D 41 24 33 D2 B9 03 00 1F 00 FF 9? F8 00 00 00 48 85 C0 74 }\r\n $b2 = { 4C 8B 4? 08 BA 01 00 00 00 49 8B C? FF D0 85 C0 [2-6] C7 4? 1C 01 00 00 00 B8 01 00 00 00 }\r\n $b3 = { 8B 4B E4 8B 53 EC 41 B8 00 40 00 00 4? 0B C? FF 9? B8 00 00 00 EB }\r\n condition:\r\n (2 of ($b*))\r\n}",
"pattern_type": "yara",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2019-12-09T13:26:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "misc"
}
],
"labels": [
"misp:name=\"yara\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"True\""
],
"x_misp_context": "memory"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5dee4e51-f448-4a0a-815c-b79e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-09T13:38:25.000Z",
"modified": "2019-12-09T13:38:25.000Z",
"name": "rule cb2_05",
"pattern": "{\r\n strings:\r\n $a1 = \\\\\"-k netsvcs\\\\\" ascii\r\n $a2 = \\\\\"svchost.exe\\\\\" ascii fullword\r\n $a3 = \\\\\"\\\\%SystemRoot\\\\%\\\\\\\\System32\\\\\\\\ntoskrnl.exe\\\\\" ascii\r\n $a4 = \\\\\"Global\\\\\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411015}\\\\\" ascii\r\n $a5 = \\\\\"Global\\\\\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411014}\\\\\" ascii\r\n $a6 = \\\\\"Global\\\\\\\\BFE_Notify_Event_{65a097fe-6102-446a-9f9c-55dfc3f411016}\\\\\" ascii\r\n $a7 = \\\\\"cmd.exe\\\\\" wide\r\n $a8 = \\\\\",XML\\\\\" wide\r\n $a9 = \\\\\"\\\\\\\\rundll32.exe\\\\\" wide\r\n $a10 = \\\\\"\\\\\\\\conhost.exe\\\\\" wide\r\n $a11 = \\\\\"\\\\\\\\cmd.exe\\\\\" wide\r\n $a12 = \\\\\"NtQueryInformationProcess\\\\\" ascii\r\n $a13 = \\\\\"Detours!\\\\\" ascii fullword\r\n $a14 = \\\\\"Loading modified build of detours library designed for MPC-HC player (http://sourceforge.net/projects/mpc-hc/)\\\\\" ascii\r\n $a15 = \\\\\"CONOUT$\\\\\" wide fullword\r\n $a16 = { C6 0? E9 4? 8? 4? 05 [2] 89 4? 01 }\r\n condition:\r\n (12 of ($a*))\r\n}",
"pattern_type": "yara",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2019-12-09T13:38:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "misc"
}
],
"labels": [
"misp:name=\"yara\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"True\""
],
"x_misp_context": "memory"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5dee5202-0d70-4bd5-801e-4504950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-09T13:54:10.000Z",
"modified": "2019-12-09T13:54:10.000Z",
"first_observed": "2019-12-09T13:54:10Z",
"last_observed": "2019-12-09T13:54:10Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5dee5202-0d70-4bd5-801e-4504950d210f"
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5dee5202-0d70-4bd5-801e-4504950d210f",
"values": [
{
"name": "HKLM\\SOFTWRE\\Microsoft\\Ole\\"
}
],
"x_misp_root_keys": "HKLM"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5dee5561-9df0-484c-bbb3-47ba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-09T14:08:33.000Z",
"modified": "2019-12-09T14:08:33.000Z",
"first_observed": "2019-12-09T14:08:33Z",
"last_observed": "2019-12-09T14:08:33Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5dee5561-9df0-484c-bbb3-47ba950d210f"
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5dee5561-9df0-484c-bbb3-47ba950d210f",
"values": [
{
"name": "HKLM\\System\\CurrentControlSet\\Services\\tmpXXXX"
}
],
"x_misp_root_keys": "HKLM"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5def9c6b-dcd8-4fb6-95da-476d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T13:27:04.000Z",
"modified": "2019-12-10T13:27:04.000Z",
"description": "Intermediate Loader (disk)\r\nType: PE32+ executable (DLL) (console) x86-64, for MS Windows",
"pattern": "[file:hashes.SSDEEP = '3072:3ZvhT4Xd7ncWKby0T+SQ0IYevsxtjg9RfnJHarO:3LT4tVKO0wLsxt0TnJHaO' AND file:hashes.IMPHASH = '1fb46361b3762772e68127b42d1b1d5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5def9ed5-d278-4e6d-996d-4cc2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T13:34:13.000Z",
"modified": "2019-12-10T13:34:13.000Z",
"pattern": "[file:hashes.MD5 = '25c735f0e64464e8c75db3d225912add' AND file:hashes.SHA1 = 'ec8fd561551db21c86766296611c1d8df9bf98c5' AND file:hashes.SSDEEP = '48:sKuCvM5L7NuPFi6YaLC8DNx+xlWEsOQGSmY0X1BHT5Hp5iwjS9d6ybxnAOmq/a7D:srCvk3NuH7LC4qlWST1B8Ma427a7D' AND file:size = '4410' AND file:x_misp_text = 'Reflective DLL Loading Shellcode Type 1 (used by Intermediate Loader and Loader, disk and memory)']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T13:34:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e53b7231-54cc-40b6-aced-498328713c3d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:22:27.000Z",
"modified": "2019-12-10T14:22:27.000Z",
"pattern": "[file:hashes.SHA1 = '8b966bc4c4adde90f51f68a78aa326b761981fb4' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'system.dat-output/' AND file:x_misp_fullpath = 'system.dat-output/driver1.sys' AND file:x_misp_text = 'variante-A/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:22:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3c622f17-8eec-4e87-bd09-be3a072530b6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:22:49.000Z",
"modified": "2019-12-10T14:22:49.000Z",
"pattern": "[file:hashes.SHA1 = '611b4c014d4a29b632c167a613b677c08d206d1e' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'system.dat-output/' AND file:x_misp_fullpath = 'system.dat-output/payload.dll' AND file:x_misp_text = 'variante-A/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:22:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1a9c8641-e1f9-4716-9fbd-212be3259b9e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:22:50.000Z",
"modified": "2019-12-10T14:22:50.000Z",
"pattern": "[file:hashes.SHA1 = 'fd04c0168b844d17828ee03a1e5249e7986ce9ba' AND file:name = 'payload' AND file:parent_directory_ref.path = 'system.dat-output/' AND file:x_misp_fullpath = 'system.dat-output/payload' AND file:x_misp_text = 'variante-A/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:22:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3b726112-4fbb-4986-8753-bb42dfb25f3a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:22:50.000Z",
"modified": "2019-12-10T14:22:50.000Z",
"pattern": "[file:hashes.SHA1 = '5e00d36388ce0fe4bbd0624d674f2f007f7e500a' AND file:name = 'system.dat' AND file:parent_directory_ref.path = 'system.dat/' AND file:x_misp_fullpath = 'system.dat' AND file:x_misp_text = 'variante-A/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:22:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9e7700e2-a2d3-4fc8-91e3-bdae4dad5240",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:22:51.000Z",
"modified": "2019-12-10T14:22:51.000Z",
"pattern": "[file:hashes.SHA1 = '8b966bc4c4adde90f51f68a78aa326b761981fb4' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'TmsmHttp64.dll-output/' AND file:x_misp_fullpath = 'TmsmHttp64.dll-output/driver1.sys' AND file:x_misp_text = 'variante-B/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:22:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--52cf0eab-5342-49e6-80df-6d2a3e6d00dc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:22:52.000Z",
"modified": "2019-12-10T14:22:52.000Z",
"pattern": "[file:hashes.SHA1 = '003b5d82a9e208e0bc2f339d46bb907cbf588bc1' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'TmsmHttp64.dll-output/' AND file:x_misp_fullpath = 'TmsmHttp64.dll-output/driver2.sys' AND file:x_misp_text = 'variante-B/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:22:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--43c6c9cb-dbcc-498a-9346-3799c8ad30e1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:22:53.000Z",
"modified": "2019-12-10T14:22:53.000Z",
"pattern": "[file:hashes.SHA1 = 'a224a276213eaecc91f0b36a66809b9cb2e7b244' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'TmsmHttp64.dll-output/' AND file:x_misp_fullpath = 'TmsmHttp64.dll-output/payload.dll' AND file:x_misp_text = 'variante-B/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:22:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--da3cb9c5-efb4-4445-8c88-6d779bba3c3c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:22:53.000Z",
"modified": "2019-12-10T14:22:53.000Z",
"pattern": "[file:hashes.SHA1 = 'a2dd0e1f27fcaa51f42a7f5d4f2d50d8f4500bd9' AND file:name = 'payload' AND file:parent_directory_ref.path = 'TmsmHttp64.dll-output/' AND file:x_misp_fullpath = 'TmsmHttp64.dll-output/payload' AND file:x_misp_text = 'variante-B/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:22:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--feb320b1-5ae5-4e21-a031-19746f89f645",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:22:54.000Z",
"modified": "2019-12-10T14:22:54.000Z",
"pattern": "[file:hashes.SHA1 = '2da100999d323c0628df4878409269ac8f131cee' AND file:name = 'TmsmHttp64.dll' AND file:parent_directory_ref.path = 'TmsmHttp64.dll/' AND file:x_misp_fullpath = 'TmsmHttp64.dll' AND file:x_misp_text = 'variante-B/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b9d511cf-df43-4672-b8f9-d7537ac9d1ae",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:22:55.000Z",
"modified": "2019-12-10T14:22:55.000Z",
"pattern": "[file:hashes.SHA1 = '8b966bc4c4adde90f51f68a78aa326b761981fb4' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'iiscfg64.dll-output/' AND file:x_misp_fullpath = 'iiscfg64.dll-output/driver1.sys' AND file:x_misp_text = 'variante-C/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:22:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--24f69e0a-39f7-4a2d-b91e-6c8a2f66d762",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:22:55.000Z",
"modified": "2019-12-10T14:22:55.000Z",
"pattern": "[file:hashes.SHA1 = '3bb1daf9c5b39a026af5fd5a6c321cd3d0be04d6' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'iiscfg64.dll-output/' AND file:x_misp_fullpath = 'iiscfg64.dll-output/driver2.sys' AND file:x_misp_text = 'variante-C/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:22:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b33abe59-884c-4a46-acd4-5edbd734a6ae",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:00.000Z",
"modified": "2019-12-10T14:23:00.000Z",
"pattern": "[file:hashes.SHA1 = '76bd5e3261609041f29bb429bc1741303e61f328' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'iiscfg64.dll-output/' AND file:x_misp_fullpath = 'iiscfg64.dll-output/payload.dll' AND file:x_misp_text = 'variante-C/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e1ded9f0-7ece-454e-9cdb-cd7da4d80057",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:12.000Z",
"modified": "2019-12-10T14:23:12.000Z",
"pattern": "[file:hashes.SHA1 = 'b0cfca2501096b914b0aedd35403d4505729c90c' AND file:name = 'payload' AND file:parent_directory_ref.path = 'iiscfg64.dll-output/' AND file:x_misp_fullpath = 'iiscfg64.dll-output/payload' AND file:x_misp_text = 'variante-C/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0840514f-9f4b-437d-93bf-ecb8dd861021",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:13.000Z",
"modified": "2019-12-10T14:23:13.000Z",
"pattern": "[file:hashes.SHA1 = '61032695b15bfcd1fbeceb015b16cea21bfaa791' AND file:name = 'iiscfg64.dll' AND file:parent_directory_ref.path = 'iiscfg64.dll/' AND file:x_misp_fullpath = 'iiscfg64.dll' AND file:x_misp_text = 'variante-C/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e37faa3a-3ad6-467b-a031-9be5cd3c86c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:14.000Z",
"modified": "2019-12-10T14:23:14.000Z",
"pattern": "[file:hashes.SHA1 = '857197c37751dcbc10a89fa962d60e428952ce93' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'instapi64.dll-output/' AND file:x_misp_fullpath = 'instapi64.dll-output/driver1.sys' AND file:x_misp_text = 'variante-C/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cd6c577a-b5fe-472a-bd47-595bffa6660d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:15.000Z",
"modified": "2019-12-10T14:23:15.000Z",
"pattern": "[file:hashes.SHA1 = 'dbe2e361989dd3e7d7c9e3c6aed69f2237c9aa02' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'instapi64.dll-output/' AND file:x_misp_fullpath = 'instapi64.dll-output/driver2.sys' AND file:x_misp_text = 'variante-C/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--45ee5414-ac33-49c7-bf60-f92b0e2b4f98",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:16.000Z",
"modified": "2019-12-10T14:23:16.000Z",
"pattern": "[file:hashes.SHA1 = 'b8d35d436888b2f6d4ff2a958d48ca1df17e799e' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'instapi64.dll-output/' AND file:x_misp_fullpath = 'instapi64.dll-output/payload.dll' AND file:x_misp_text = 'variante-C/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--598a154c-dcd5-43d5-b2c3-1f5cbf1c4c1d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:16.000Z",
"modified": "2019-12-10T14:23:16.000Z",
"pattern": "[file:hashes.SHA1 = 'e01c7793450e8b140fa13f88901fe041ea34be38' AND file:name = 'payload' AND file:parent_directory_ref.path = 'instapi64.dll-output/' AND file:x_misp_fullpath = 'instapi64.dll-output/payload' AND file:x_misp_text = 'variante-C/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a1bda197-5c10-413b-ab26-edeee972ded8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:17.000Z",
"modified": "2019-12-10T14:23:17.000Z",
"pattern": "[file:hashes.SHA1 = '8821beab255d943185c114c58f1996b40d5e1368' AND file:name = 'instapi64.dll' AND file:parent_directory_ref.path = 'instapi64.dll/' AND file:x_misp_fullpath = 'instapi64.dll' AND file:x_misp_text = 'variante-C/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--775b5784-ad3b-424e-b2af-7d89a1f81050",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:18.000Z",
"modified": "2019-12-10T14:23:18.000Z",
"pattern": "[file:hashes.SHA1 = '74cace25311ac0abead7bd94e039ef080e550328' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'payload-output/' AND file:x_misp_fullpath = 'payload-output/driver1.sys' AND file:x_misp_text = 'variante-CR/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9db8e7fb-7fb4-45c8-89e4-a3a0c6abd021",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:18.000Z",
"modified": "2019-12-10T14:23:18.000Z",
"pattern": "[file:hashes.SHA1 = 'c539ca5aa16de324551c913b61d22652e66de93f' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'payload-output/' AND file:x_misp_fullpath = 'payload-output/driver2.sys' AND file:x_misp_text = 'variante-CR/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b4db253c-2bcf-451c-ba44-15a673a3a3c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:19.000Z",
"modified": "2019-12-10T14:23:19.000Z",
"pattern": "[file:hashes.SHA1 = '595392a8c3eb723bdca1885db2598fea1fa2b516' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'payload-output/' AND file:x_misp_fullpath = 'payload-output/payload.dll' AND file:x_misp_text = 'variante-CR/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cde94a42-8107-4e34-af08-ec8294eceea5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:20.000Z",
"modified": "2019-12-10T14:23:20.000Z",
"pattern": "[file:hashes.SHA1 = '48f2da6aeaef0cc342ea4bf9ff20aa8bfcde9872' AND file:name = 'payload' AND file:parent_directory_ref.path = 'payload/' AND file:x_misp_fullpath = 'payload' AND file:x_misp_text = 'variante-CR/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7f91bef0-d377-48e7-b126-6e7a5d3720ea",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:21.000Z",
"modified": "2019-12-10T14:23:21.000Z",
"pattern": "[file:hashes.SHA1 = '74cace25311ac0abead7bd94e039ef080e550328' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'payload-output/' AND file:x_misp_fullpath = 'payload-output/driver1.sys' AND file:x_misp_text = 'variante-CRS/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--991c177a-7a0f-4926-95f6-4ac179a5a295",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:21.000Z",
"modified": "2019-12-10T14:23:21.000Z",
"pattern": "[file:hashes.SHA1 = '174101153536112422c594f6c3038aa47f3fd14e' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'payload-output/' AND file:x_misp_fullpath = 'payload-output/driver2.sys' AND file:x_misp_text = 'variante-CRS/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7b7ecfce-2bd5-46ae-b601-3e9eebc90db3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:22.000Z",
"modified": "2019-12-10T14:23:22.000Z",
"pattern": "[file:hashes.SHA1 = '3c8edeadaeb644341402d99ca8a0629368cb0125' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'payload-output/' AND file:x_misp_fullpath = 'payload-output/payload.dll' AND file:x_misp_text = 'variante-CRS/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--25f6a294-0dd2-4b0b-a3af-416e51364afd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:23.000Z",
"modified": "2019-12-10T14:23:23.000Z",
"pattern": "[file:hashes.SHA1 = '7cfe9d75b3f7bb31a6d0c86da7a43f4bb9bdc7bd' AND file:name = 'payload' AND file:parent_directory_ref.path = 'payload/' AND file:x_misp_fullpath = 'payload' AND file:x_misp_text = 'variante-CRS/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3f909ac6-2c3b-46a9-be2c-94af99524de4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:23.000Z",
"modified": "2019-12-10T14:23:23.000Z",
"pattern": "[file:hashes.SHA1 = '2b319b44451abb0596b9187e06f1fb7b4ace969d' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'tsmgetst.dll-output/' AND file:x_misp_fullpath = 'tsmgetst.dll-output/driver1.sys' AND file:x_misp_text = 'variante-D/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d470790a-b3bf-4ced-94f7-ca7401ddc629",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:24.000Z",
"modified": "2019-12-10T14:23:24.000Z",
"pattern": "[file:hashes.SHA1 = '30d1dd1dd4f0ace7a4f2c24e31fb6a0ee33e8a3a' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'tsmgetst.dll-output/' AND file:x_misp_fullpath = 'tsmgetst.dll-output/driver2.sys' AND file:x_misp_text = 'variante-D/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fcda7810-080c-47f0-9216-a7cf669e4396",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:25.000Z",
"modified": "2019-12-10T14:23:25.000Z",
"pattern": "[file:hashes.SHA1 = '2bc358ddc72f59ba0373b8635ab08ad747c12180' AND file:name = 'dsefix.exe' AND file:parent_directory_ref.path = 'tsmgetst.dll-output/' AND file:x_misp_fullpath = 'tsmgetst.dll-output/dsefix.exe' AND file:x_misp_text = 'variante-D/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--06d8a210-3a92-47eb-8fd2-0147b7281d7f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:25.000Z",
"modified": "2019-12-10T14:23:25.000Z",
"pattern": "[file:hashes.SHA1 = 'df7732ce1a393c59889ae61321e7da3d3f1a1980' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'tsmgetst.dll-output/' AND file:x_misp_fullpath = 'tsmgetst.dll-output/payload.dll' AND file:x_misp_text = 'variante-D/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9a724f07-1f2b-48bb-bb25-32dfe637569b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:26.000Z",
"modified": "2019-12-10T14:23:26.000Z",
"pattern": "[file:hashes.SHA1 = 'aaa6eeaf422b5a8451121513c66c6bd7cb3b9da3' AND file:name = 'payload' AND file:parent_directory_ref.path = 'tsmgetst.dll-output/' AND file:x_misp_fullpath = 'tsmgetst.dll-output/payload' AND file:x_misp_text = 'variante-D/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dbd342d8-a43b-4f22-8be9-921186cdbf83",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:26.000Z",
"modified": "2019-12-10T14:23:26.000Z",
"pattern": "[file:hashes.SHA1 = 'ffce6895a5bcade8631676ac67c1f919505d4f19' AND file:name = 'tsmgetst.dll' AND file:parent_directory_ref.path = 'tsmgetst.dll/' AND file:x_misp_fullpath = 'tsmgetst.dll' AND file:x_misp_text = 'variante-D/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--67abe83f-ef66-40d7-90e7-90ffe1513e52",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:27.000Z",
"modified": "2019-12-10T14:23:27.000Z",
"pattern": "[file:hashes.SHA1 = '3b1f3ed2eeb746733b3c2bb483a481ce2d7f7cf1' AND file:name = 'decrypted_strings.txt' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/decrypted_strings.txt' AND file:x_misp_text = 'variante-E/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--97a2f864-44e3-4ab4-ab05-2053d5e1ccf4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:28.000Z",
"modified": "2019-12-10T14:23:28.000Z",
"pattern": "[file:hashes.SHA1 = '98c32b4093ed1d7cba6fdcd7667f7ba10ba7a94c' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/driver1.sys' AND file:x_misp_text = 'variante-E/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3b43ab98-c605-43ec-8951-c456fa02c3bf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:28.000Z",
"modified": "2019-12-10T14:23:28.000Z",
"pattern": "[file:hashes.SHA1 = 'ca00eafde42f1456de01140556d8c3002866cc74' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/driver2.sys' AND file:x_misp_text = 'variante-E/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0db0c06d-d056-44c1-84e0-e3e6e13ce850",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:29.000Z",
"modified": "2019-12-10T14:23:29.000Z",
"pattern": "[file:hashes.SHA1 = '54f7d7c145bbae0979ad0b42689a9008ab3d3883' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/payload.dll' AND file:x_misp_text = 'variante-E/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ba639956-fe15-45ce-a72c-666cb163e56e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:29.000Z",
"modified": "2019-12-10T14:23:29.000Z",
"pattern": "[file:hashes.SHA1 = '10ceb3bd963708895c394303651dde0da315490e' AND file:name = 'payload' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/payload' AND file:x_misp_text = 'variante-E/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7df5bc4b-4499-492b-9962-61ed0d12c542",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:38.000Z",
"modified": "2019-12-10T14:23:38.000Z",
"pattern": "[file:hashes.SHA1 = '11d6619900369643ebe6c0bbf6a28178cfa620bd' AND file:name = 'ShutDownEvent.dll' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/ShutDownEvent.dll' AND file:x_misp_text = 'variante-E/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--08a0fa08-4b39-4c16-8574-bdb7d3e91283",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:38.000Z",
"modified": "2019-12-10T14:23:38.000Z",
"pattern": "[file:hashes.SHA1 = '3efae65475cb1f6a34e11e012c53dac0412674d4' AND file:name = 'ShutDownEvent' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/ShutDownEvent' AND file:x_misp_text = 'variante-E/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--48852a64-fa9d-4d5c-a7f1-45699a8882a2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:39.000Z",
"modified": "2019-12-10T14:23:39.000Z",
"pattern": "[file:hashes.SHA1 = 'ee2a177f2e2ae8679b28caa8aba222d3fd80cdbb' AND file:name = 'start_function.bin' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/start_function.bin' AND file:x_misp_text = 'variante-E/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fdca2f4c-bd45-4336-9e95-794b4a0526a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:39.000Z",
"modified": "2019-12-10T14:23:39.000Z",
"pattern": "[file:hashes.SHA1 = '045e728362773c358b07e416d3cd3e66af71549c' AND file:name = 'sysmon-implant.dll' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/sysmon-implant.dll' AND file:x_misp_text = 'variante-E/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--997205fd-5ead-4a86-aba6-f2e99ddfce0b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:40.000Z",
"modified": "2019-12-10T14:23:40.000Z",
"pattern": "[file:hashes.SHA1 = 'b3f04f4e41afe17117204e0b48162886b58932ce' AND file:name = 'sysmon-implant' AND file:parent_directory_ref.path = 'sigc-2.4.dll-output/' AND file:x_misp_fullpath = 'sigc-2.4.dll-output/sysmon-implant' AND file:x_misp_text = 'variante-E/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1919f62b-5793-4c0f-ae20-518c4011c9cd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:41.000Z",
"modified": "2019-12-10T14:23:41.000Z",
"pattern": "[file:hashes.SHA1 = 'c11675257b9927cabd6e5e259021070a95266566' AND file:name = 'sigc-2.4.dll' AND file:parent_directory_ref.path = 'sigc-2.4.dll/' AND file:x_misp_fullpath = 'sigc-2.4.dll' AND file:x_misp_text = 'variante-E/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--44190615-3989-4246-962b-0dcc4e5cd3c2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:42.000Z",
"modified": "2019-12-10T14:23:42.000Z",
"pattern": "[file:hashes.SHA1 = '08a4fa8b98d2c7efcfcc7710586e498c34be6b3f' AND file:name = 'decrypted_strings.txt' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/decrypted_strings.txt' AND file:x_misp_text = 'variante-F/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--32ce7962-26dc-4ae7-9159-c0e362795392",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:42.000Z",
"modified": "2019-12-10T14:23:42.000Z",
"pattern": "[file:hashes.SHA1 = '894c71f4fb27aa0285797a2735b23c0aecd81d74' AND file:name = 'driver1.sys' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/driver1.sys' AND file:x_misp_text = 'variante-F/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c14890d7-e0e9-438c-a359-40718f2426a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:43.000Z",
"modified": "2019-12-10T14:23:43.000Z",
"pattern": "[file:hashes.SHA1 = '1994fdc0a26198e84c9e15ae071e3f759f85cfd0' AND file:name = 'driver2.sys' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/driver2.sys' AND file:x_misp_text = 'variante-F/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--64707a06-5849-4739-ae9b-592b2c5d40c0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:43.000Z",
"modified": "2019-12-10T14:23:43.000Z",
"pattern": "[file:hashes.SHA1 = '550ceb58c15537c991ddf772200a888c0823eb06' AND file:name = 'payload.dll' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/payload.dll' AND file:x_misp_text = 'variante-F/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0551fbd-a6c4-45e4-b42c-21576008ca5b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:44.000Z",
"modified": "2019-12-10T14:23:44.000Z",
"pattern": "[file:hashes.SHA1 = '48bc1d610f3f9219ad9f47f44368c2ef2eb4d64c' AND file:name = 'payload' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/payload' AND file:x_misp_text = 'variante-F/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--321b5b53-85a3-40e8-8840-8521b66fb118",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:44.000Z",
"modified": "2019-12-10T14:23:44.000Z",
"pattern": "[file:hashes.SHA1 = '263ca823e42eea1f062bf375a4204f01aa883ad1' AND file:name = 'start_function.bin' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/start_function.bin' AND file:x_misp_text = 'variante-F/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--681bdb7d-a852-4a13-9c90-55774971b482",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:45.000Z",
"modified": "2019-12-10T14:23:45.000Z",
"pattern": "[file:hashes.SHA1 = '045e728362773c358b07e416d3cd3e66af71549c' AND file:name = 'sysmon-implant.dll' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/sysmon-implant.dll' AND file:x_misp_text = 'variante-F/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ec73a7f-829e-472a-9666-05b92c769b14",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:47.000Z",
"modified": "2019-12-10T14:23:47.000Z",
"pattern": "[file:hashes.SHA1 = 'b3f04f4e41afe17117204e0b48162886b58932ce' AND file:name = 'sysmon-implant' AND file:parent_directory_ref.path = 'glmf-2.0.dll-output/' AND file:x_misp_fullpath = 'glmf-2.0.dll-output/sysmon-implant' AND file:x_misp_text = 'variante-F/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0032d7b5-43be-4a6c-bc62-56a5298cbaa7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:23:47.000Z",
"modified": "2019-12-10T14:23:47.000Z",
"pattern": "[file:hashes.SHA1 = '39d8e4abc92ba068e30597cad0d195af4fe8372b' AND file:name = 'glmf-2.0.dll' AND file:parent_directory_ref.path = 'glmf-2.0.dll/' AND file:x_misp_fullpath = 'glmf-2.0.dll' AND file:x_misp_text = 'variante-F/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:23:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defae0e-25f0-4dd9-94b4-451e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:40:50.000Z",
"modified": "2019-12-10T14:40:50.000Z",
"pattern": "[file:hashes.SSDEEP = '1536:B6Lf7rVA8vhTjRmIeYQv9jB0dMSI/qe9lD9:QLfrvhTjRNeYA9ieSbGlD9' AND file:x_misp_text = 'Intermediate Loader Payload DLL (memory only)']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:40:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defaed6-e44c-4af8-8d06-4993950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:42:30.000Z",
"modified": "2019-12-10T14:42:30.000Z",
"pattern": "[file:hashes.SSDEEP = '12288:iUCXzbtTwr9ZnO7CMXvXD03WvR+WZj1EusOLw4owntX4SncgcP:ODbtTOnO7CMX7WeIWZgO7owtIScj' AND file:x_misp_text = 'WinNTI Payload DLL (Decrypted PE, unloaded/injected state, memory only)']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:42:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defaf3c-d7e4-423c-82ad-4838950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:44:12.000Z",
"modified": "2019-12-10T14:44:12.000Z",
"pattern": "[file:hashes.MD5 = '119d144147662013ee85e8ee00024cc4' AND file:hashes.SHA1 = '715a1b53556be0f51951547b86ec8d38a74ec7d9' AND file:hashes.SHA256 = 'bd1cde125389590f75b808a27401de15b03f70795311881c5da3e079a44e39ef' AND file:hashes.SSDEEP = '48:FyaxW8RrvmX2EJtzXFurCXgj9e0tQ380Fon/keb5B7003/s:tepfzFiCwj9eVM0IkebX0Es' AND file:size = '2048' AND file:x_misp_text = 'Reflective DLL Loading Shellcode Type 2a (loads injected WinNTI Payload DLL, calls DllMain, memory only)']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:44:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defb18f-9100-4e25-ae16-4f69950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:58:47.000Z",
"modified": "2019-12-10T14:58:47.000Z",
"pattern": "[file:hashes.MD5 = '42560fde33e1e5f83e61bcdfa77b5b9c' AND file:hashes.SHA1 = '29fee2e1138592a3c3167176849dee3f193bf4a8' AND file:hashes.SHA256 = '5aa25bb6795f0e72176b6d7b5f9808c8c4685ce4ca1ab34e0ce4e41eaf19ad61' AND file:hashes.SSDEEP = '48:/D7DxQaGZDz5b546czuXZUa0Gr2z44uLGswLBaZalxIJegXGplDYriXhwaul:3DxPGZTMzOmnG6zqLGsYBaMlCJegW3YD' AND file:x_misp_text = 'Reflective DLL Loading Shellcode Type 2b (loads injected WinNTI Payload DLL, calls DllMain, memory only)']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-10T14:58:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5defb1ce-bf24-489f-9676-47fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T08:04:19.000Z",
"modified": "2019-12-11T08:04:19.000Z",
"pattern": "[file:hashes.MD5 = '3bb87749da36ebd1a564ee85e9f0fff0' AND file:hashes.SHA1 = '8a2356303356e2850a15401ee8b5727b152e200b' AND file:hashes.SHA256 = '806df629a0e58a70b4936bb9a28eafe555ff4ce190039bb26215782a93cff4cb' AND file:hashes.SSDEEP = '1536:vGzAkyjIOsTCT2IP+W0k+0X4a3Ro1MeAJhN9tdN9VtdNz9Tl1caSQZ/26XvX:vGzAkyE3TCqk+pIgMeAJhN9tdN9VtdNn' AND file:hashes.IMPHASH = 'f3c01ba3a71e1e0ef157c3b8cb0ad625' AND file:size = '90112' AND file:x_misp_text = 'Sysmon Implant (Decrypted PE, memory only)']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-11T08:04:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5df0a4ec-ea3c-43b7-a298-42f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T08:12:28.000Z",
"modified": "2019-12-11T08:12:28.000Z",
"pattern": "[file:hashes.MD5 = '1801319eb2b82016ae6a33ee18fcc3ad' AND file:hashes.SHA1 = '7bbed9fbff45b15dbf5cedfa3636a3caad65650f' AND file:hashes.SHA256 = 'ebdb8cfc3207b411a4d898489c8825cb2187221a473f2fbf7a43cbf637f2fe57' AND file:hashes.SSDEEP = '768:jZh+oyCeGqt/P76bbwYCmKGqV+VNQNDBKTW1/bz2vTvQtCK:jiCeB/Gbbi0qV6QNBK+QTvQQK' AND file:hashes.IMPHASH = 'c22f9228e1c400cb179800b69544162b' AND file:size = '47104' AND file:x_misp_text = 'Kernel Driver Type 1 (temporarily dropped to disk, deleted after loading)']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-11T08:12:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5df0a8fd-0cec-45d5-8023-1706950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T08:41:07.000Z",
"modified": "2019-12-11T08:41:07.000Z",
"pattern": "[file:hashes.MD5 = '50f624b3fb6ca04f352e0463a43df86f' AND file:hashes.SHA1 = '3c404486a5c443e43c1b7691de7801cece44a733' AND file:hashes.SHA256 = '3c25dcb33e018c21a3dc709c54495c0e504aeee78d7f103deaf19c1d802d57da' AND file:hashes.SSDEEP = '768:pQIbhJi7OB1/HzktBgWb8oiICMvahoICS4AIHOyMKIoAj:pQIDRBW4o8+ICS4AltoA' AND file:hashes.IMPHASH = 'fcccb379816ade76b537359d17969ca4' AND file:size = '44624' AND file:x_misp_text = 'Kernel Driver Type 2a (temporarily dropped to disk, deleted after loading, Example 1)']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-11T08:41:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5df0ac98-e890-4c6a-b708-30d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T08:50:15.000Z",
"modified": "2019-12-11T08:50:15.000Z",
"description": "dumped from memory with moddump",
"pattern": "[file:hashes.MD5 = 'b96dfbc749b99bc672c74708373bbc97' AND file:hashes.SHA1 = '4e45d9b0bc282cc93113c7ba51b1b4ac173a208d' AND file:hashes.SHA256 = '5af2edd199b6c4ea731449b202ea96faef6c11d1ac0ca7b22aa9023e0186621f' AND file:hashes.SSDEEP = '768:Zhf9ozikYw7rhcCMsahoICS4AIvm7tSw5iZ:W1Yw7rH7ICS4ANtSw5M' AND file:size = '34816' AND file:x_misp_text = 'Kernel Driver Type 2b (temporarily dropped to disk, deleted after loading, Example 2)']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-11T08:50:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fbb2308c-ed30-4bdc-97ff-53b4136cf37f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:20.000Z",
"modified": "2019-12-11T12:50:20.000Z",
"pattern": "[file:hashes.MD5 = '0eded1c3a20039a504bc256fcc892023' AND file:hashes.SHA1 = '98c32b4093ed1d7cba6fdcd7667f7ba10ba7a94c' AND file:hashes.SHA256 = '02a7dd784a87fd08b50515aa5ea7db5bebe95d13ee8df1e75d903c744827e01b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-11T12:50:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7286a3d2-41c0-4688-9e21-85ec78ff23e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:21.000Z",
"modified": "2019-12-11T12:50:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-12-06T23:44:03",
"category": "Other",
"uuid": "154a18b8-bb22-4a9d-9ac4-6d1789cc9d0b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/02a7dd784a87fd08b50515aa5ea7db5bebe95d13ee8df1e75d903c744827e01b/analysis/1575675843/",
"category": "Payload delivery",
"uuid": "54d15f31-0cc6-419e-b6a3-0e9c5a0afa8a"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/70",
"category": "Payload delivery",
"uuid": "bb4ad868-327d-4b86-ba53-fdb5e6577626"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b9b6c463-ab69-4bc2-a053-248497aa95d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:21.000Z",
"modified": "2019-12-11T12:50:21.000Z",
"pattern": "[file:hashes.MD5 = '5979cf5018c03be2524b87b7dda64a1a' AND file:hashes.SHA1 = '74cace25311ac0abead7bd94e039ef080e550328' AND file:hashes.SHA256 = 'e038450d226cc02529a34a0c89cdd3af4c033066bb9db57274d0cadb52bb1065']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-11T12:50:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--42bd75dc-5e99-4c09-bfca-66b22cb28fa1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:21.000Z",
"modified": "2019-12-11T12:50:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-12-07T05:03:09",
"category": "Other",
"uuid": "1d38133b-f3bd-448f-9908-10c295194de9"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e038450d226cc02529a34a0c89cdd3af4c033066bb9db57274d0cadb52bb1065/analysis/1575694989/",
"category": "Payload delivery",
"uuid": "37ec8e23-3055-4264-8436-3a030b9f0ca0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "50/71",
"category": "Payload delivery",
"uuid": "ee80466c-fe51-4735-86b4-6f4aa9d731d7"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--00c6f164-f4b4-4e2c-a3ef-63c88e36f381",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:21.000Z",
"modified": "2019-12-11T12:50:21.000Z",
"pattern": "[file:hashes.MD5 = '8e61219b18d36748ce956099277cc29b' AND file:hashes.SHA1 = '7cfe9d75b3f7bb31a6d0c86da7a43f4bb9bdc7bd' AND file:hashes.SHA256 = '14f40d1ca0019f38bb80e9d772952efbf643c34a2e236440e2e03ac9be1c5442']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-11T12:50:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9fe4012e-2085-4dcf-9f99-f73e92b3c7b0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:21.000Z",
"modified": "2019-12-11T12:50:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-12-06T23:43:55",
"category": "Other",
"uuid": "34250df9-11b9-403a-b2c9-3ba00de86ea7"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/14f40d1ca0019f38bb80e9d772952efbf643c34a2e236440e2e03ac9be1c5442/analysis/1575675835/",
"category": "Payload delivery",
"uuid": "8006653e-147d-4441-b2ea-e52446ea404f"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "18/58",
"category": "Payload delivery",
"uuid": "4312e489-eda6-46e2-a403-03acf16bf20b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f005a213-c2ee-448d-80f3-a58ff20fdb4c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:21.000Z",
"modified": "2019-12-11T12:50:21.000Z",
"pattern": "[file:hashes.MD5 = '516dcd4ecee6ac02c6a1a34ea8310917' AND file:hashes.SHA1 = 'c539ca5aa16de324551c913b61d22652e66de93f' AND file:hashes.SHA256 = '555413c77e8d97df2e26522984baef65b09269825fb80a6bffb5b456e009211a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-11T12:50:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8d2143a2-20d9-4de0-a833-5b13445c2fac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:22.000Z",
"modified": "2019-12-11T12:50:22.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-12-07T05:03:11",
"category": "Other",
"uuid": "720d70b9-3733-4b91-87fb-aa02de08fa7e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/555413c77e8d97df2e26522984baef65b09269825fb80a6bffb5b456e009211a/analysis/1575694991/",
"category": "Payload delivery",
"uuid": "dbe684a8-0e46-445d-bea5-e9fe78e093f0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/71",
"category": "Payload delivery",
"uuid": "7013e7a4-f70f-4510-a6cd-9ab0fb64c593"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--25b3b742-2893-462b-a181-8a9c046f7995",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:22.000Z",
"modified": "2019-12-11T12:50:22.000Z",
"pattern": "[file:hashes.MD5 = 'b4e66b445b39d0368bbe4b91a3cd98ff' AND file:hashes.SHA1 = '2bc358ddc72f59ba0373b8635ab08ad747c12180' AND file:hashes.SHA256 = '1865013aaca0f12679e35f06c4dad4e00d6372415ee8390b17b4f910fee1f7a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-11T12:50:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ee0c2e26-c418-4f6f-9e6d-86952c212952",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:22.000Z",
"modified": "2019-12-11T12:50:22.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-12-07T05:03:15",
"category": "Other",
"uuid": "235c859e-25ec-4c50-ad5c-c53120f02538"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1865013aaca0f12679e35f06c4dad4e00d6372415ee8390b17b4f910fee1f7a2/analysis/1575694995/",
"category": "Payload delivery",
"uuid": "a1d0af80-6400-4aa0-8790-c5177337582e"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "21/71",
"category": "Payload delivery",
"uuid": "fda8a4b8-913d-482f-8357-7948be048ddf"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--26bfe728-c018-44e4-b6d6-c54af3d2b14a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:22.000Z",
"modified": "2019-12-11T12:50:22.000Z",
"pattern": "[file:hashes.MD5 = '52efa5da09fde23dd067c571389f49fa' AND file:hashes.SHA1 = 'ca00eafde42f1456de01140556d8c3002866cc74' AND file:hashes.SHA256 = '4f18df68ce89ba55b1bff0b1aac72a54c19862241f0fac9f957f8626114db418']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-11T12:50:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--77072cd3-da5c-4204-b37d-72fc44ed0384",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:22.000Z",
"modified": "2019-12-11T12:50:22.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-12-07T05:03:17",
"category": "Other",
"uuid": "5f351c9c-4286-44da-a31a-0e8708cddf21"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4f18df68ce89ba55b1bff0b1aac72a54c19862241f0fac9f957f8626114db418/analysis/1575694997/",
"category": "Payload delivery",
"uuid": "0b92f081-eca4-46d9-ab89-9edc194a1649"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/70",
"category": "Payload delivery",
"uuid": "ad5b6315-0d03-472b-8421-f2d5bf52d2db"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dab61fb6-c519-46a1-b060-fa178764d6da",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:22.000Z",
"modified": "2019-12-11T12:50:22.000Z",
"pattern": "[file:hashes.MD5 = '5f8bf3dd940ef09ce25a8b3912c92220' AND file:hashes.SHA1 = '3bb1daf9c5b39a026af5fd5a6c321cd3d0be04d6' AND file:hashes.SHA256 = '38136d8d4146e75f03714f14d847777bf1cd17ddc942b95446b72954dfbd9f3e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-11T12:50:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2254d0a1-5768-49d1-8f6f-55ef72367d31",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:22.000Z",
"modified": "2019-12-11T12:50:22.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-12-07T05:03:08",
"category": "Other",
"uuid": "a7071fb2-fb26-46c7-967e-d255748b6d85"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/38136d8d4146e75f03714f14d847777bf1cd17ddc942b95446b72954dfbd9f3e/analysis/1575694988/",
"category": "Payload delivery",
"uuid": "25d6382c-3518-4ea4-b664-ed4370405b1d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/71",
"category": "Payload delivery",
"uuid": "c6ffd21b-553b-45ae-ac1d-4ae5f5f5f085"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--53d444c2-5449-4082-b85a-e61c3760d6c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:23.000Z",
"modified": "2019-12-11T12:50:23.000Z",
"pattern": "[file:hashes.MD5 = 'd747323e83fa4f20cc55647a6d5dc198' AND file:hashes.SHA1 = '8b966bc4c4adde90f51f68a78aa326b761981fb4' AND file:hashes.SHA256 = 'f39cdc437f4c8d7d4d80b8d1d17c9c75e54340df912a56afc1f9a4e7ce5e4cfb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-11T12:50:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f3154e62-2ff1-4769-af0a-6115e01096bc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:23.000Z",
"modified": "2019-12-11T12:50:23.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-12-07T05:03:07",
"category": "Other",
"uuid": "021742ea-6364-4256-9c75-b0300898408f"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f39cdc437f4c8d7d4d80b8d1d17c9c75e54340df912a56afc1f9a4e7ce5e4cfb/analysis/1575694987/",
"category": "Payload delivery",
"uuid": "95770780-45d2-4e03-afda-e0127a4f7b52"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/71",
"category": "Payload delivery",
"uuid": "eb78fef4-df41-47c0-86a3-fd96f8b840b4"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--93f8b76b-2456-44b4-9a7c-cdb0166ccacc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:23.000Z",
"modified": "2019-12-11T12:50:23.000Z",
"pattern": "[file:hashes.MD5 = 'b8ffea5aa357e8bac5efc03f8e202292' AND file:hashes.SHA1 = '48f2da6aeaef0cc342ea4bf9ff20aa8bfcde9872' AND file:hashes.SHA256 = '7c09b14a34114e5b6861530ac19ab1aaadf9e8c9a7fbbde96542c21175b094e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-11T12:50:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--017ca493-a3dc-4bc8-a384-6efaf630477a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T12:50:23.000Z",
"modified": "2019-12-11T12:50:23.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-12-07T05:03:12",
"category": "Other",
"uuid": "09e20c69-0a59-449c-8b52-fdbea1126f57"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7c09b14a34114e5b6861530ac19ab1aaadf9e8c9a7fbbde96542c21175b094e0/analysis/1575694992/",
"category": "Payload delivery",
"uuid": "6b479fca-6542-4050-8295-15bde38b7881"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/60",
"category": "Payload delivery",
"uuid": "20f365c8-39e4-437e-b36b-b045cbc6dad6"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5def9ca7-d33c-4f2e-83bc-45d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T13:27:21.000Z",
"modified": "2019-12-10T13:27:21.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "5def9ca7-1614-46e9-a9cf-44b7950d210f"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "768:zRWRzPlgivs6/lR/T4XxMJefllEHWcVDkPKbgB:S2ivhT4Xd7EWchkPKby",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5def9ca8-de1c-4ddb-a7d2-4fb3950d210f"
}
],
"x_misp_comment": "Intermediate Loader (disk)\r\nType: PE32+ executable (DLL) (console) x86-64, for MS Windows",
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5def9ce1-f250-4d35-a51f-4b21950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T13:27:42.000Z",
"modified": "2019-12-10T13:27:42.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "5def9ce1-8cf8-4c0f-97eb-4699950d210f"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "1536:5Q0PgGT9YX/sLPdK0skw7KjgrrdqsE7ynJHarO7:5Q0IYevsxtjg9RfnJHarO",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5def9ce2-4a80-4e88-b6a4-48bb950d210f"
}
],
"x_misp_comment": "Intermediate Loader (disk)\r\nType: PE32+ executable (DLL) (console) x86-64, for MS Windows",
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5defae31-f31c-427b-ad96-48d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-10T14:41:16.000Z",
"modified": "2019-12-10T14:41:16.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "5defae31-f1c8-4c3d-97dd-4296950d210f"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "768:466RwzXvMmLrVAhu5ljDhTb/YWD8ChD/1gIeYQhtbpY8B0z5MSuN/:46Lf7rVA8vhTjRmIeYQv9jB0dMSI/",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5defae31-6900-4825-a85e-43da950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5defb221-e110-4c86-99bd-409e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T08:05:30.000Z",
"modified": "2019-12-11T08:05:30.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "5e5dd13d6986f521c24e816f3a0880cc",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5defb221-3068-4900-a034-4bd7950d210f"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "9a3ca3a368fee2f2f9d824e6d8ffd1ef2ed62c72",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5defb222-dd1c-4a35-a66e-4bbd950d210f"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "28afc1eb9d37322257c9ee628b82ca1e44af29e2e40f28d70ee544a63113638f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5defb222-8a98-4a68-b836-46ed950d210f"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "768:TiDxzGr+GAJxxtgyZiCcJ5Ev7AT5sFlloZ8RBT2I/HqhPO0i1+i5X4aFV/O3wds:6GzAkyjIOsTCT2IP+W0k+0X4a3Ro1Me",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5defb222-4ea0-4a7b-b41b-401a950d210f"
}
],
"x_misp_comment": "code section",
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5df0ab37-3e44-44c5-85cf-4021950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T08:41:33.000Z",
"modified": "2019-12-11T08:41:33.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "1e615b812bd1b6c205e27c4c5067fd8a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5df0ab37-81a4-4c8f-8df0-43ee950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "5df0ab37-feb4-49af-93ac-47a8950d210f"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "26d6f5c9a779dba2104fedb90d00bc1ff0aa5195",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5df0ab38-6830-4ce3-875c-487f950d210f"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "8cfa0f9caec35a80078db887a7cf80a4e903abdb010b3045ef6f54724ba0c4d2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5df0ab38-0920-426c-8c1f-448d950d210f"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "384:BQIbhd3i7OGK10mXEGHzktMgM+mJ/RWb8oirUj0HM:BQIbhJi7OB1/HzktBgWb8oiICM",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5df0ab38-4904-44b0-8fdf-445d950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5df0acec-e3d4-4767-abe7-4bf6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-11T09:20:10.000Z",
"modified": "2019-12-11T09:20:10.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "ace45cab5b340beed180fce546f16bd6",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5df0acec-885c-40f7-a54b-4c9c950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "5df0acec-99d4-4fc2-8c82-46d1950d210f"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "d058fcef882a6bfa993cefb2371f1eb5d187e356",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5df0acec-5854-4f7b-a275-4b10950d210f"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "384:Hh/HusRuVIL7ozi1B82zfR27rhp0p0HM:Hhf9ozikYw7rhcCM",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5df0acec-c5f0-43b8-bac9-403d950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--b657ea00-8789-49a4-8531-493977aa8436",
2023-04-21 14:44:17 +00:00
"created": "2019-12-10T13:26:36.000Z",
"modified": "2019-12-10T13:26:36.000Z",
"relationship_type": "contains",
"source_ref": "indicator--5def9c6b-dcd8-4fb6-95da-476d950d210f",
"target_ref": "x-misp-object--5def9ce1-f250-4d35-a51f-4b21950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--8f3308f9-2586-4178-a615-0dfb6531d05b",
2023-04-21 14:44:17 +00:00
"created": "2019-12-10T13:27:04.000Z",
"modified": "2019-12-10T13:27:04.000Z",
"relationship_type": "contains",
"source_ref": "indicator--5def9c6b-dcd8-4fb6-95da-476d950d210f",
"target_ref": "x-misp-object--5def9ca7-d33c-4f2e-83bc-45d0950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--2b42195b-5a55-49b8-ae5a-e92f57f43e22",
2023-04-21 14:44:17 +00:00
"created": "2019-12-10T14:40:50.000Z",
"modified": "2019-12-10T14:40:50.000Z",
"relationship_type": "contains",
"source_ref": "indicator--5defae0e-25f0-4dd9-94b4-451e950d210f",
"target_ref": "x-misp-object--5defae31-f31c-427b-ad96-48d4950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--cfe1ddae-388f-4eae-a79d-514b62183f30",
2023-04-21 14:44:17 +00:00
"created": "2019-12-10T14:58:47.000Z",
"modified": "2019-12-10T14:58:47.000Z",
"relationship_type": "contains",
"source_ref": "indicator--5defb18f-9100-4e25-ae16-4f69950d210f",
"target_ref": "x-misp-object--5defb221-e110-4c86-99bd-409e950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--cf995ae4-c127-4b4f-b960-4cf1e9789138",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T08:04:19.000Z",
"modified": "2019-12-11T08:04:19.000Z",
"relationship_type": "contains",
"source_ref": "indicator--5defb1ce-bf24-489f-9676-47fc950d210f",
"target_ref": "x-misp-object--5defb221-e110-4c86-99bd-409e950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--4ff23445-b8fa-404c-9bd8-0c942d3a2a18",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T08:41:07.000Z",
"modified": "2019-12-11T08:41:07.000Z",
"relationship_type": "contains",
"source_ref": "indicator--5df0a8fd-0cec-45d5-8023-1706950d210f",
"target_ref": "x-misp-object--5df0ab37-3e44-44c5-85cf-4021950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--30b6565a-e45a-457a-ac7c-c0758e5a29f4",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T08:50:15.000Z",
"modified": "2019-12-11T08:50:15.000Z",
"relationship_type": "contains",
"source_ref": "indicator--5df0ac98-e890-4c6a-b708-30d9950d210f",
"target_ref": "x-misp-object--5df0acec-e3d4-4767-abe7-4bf6950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--a28f831c-1076-4b8a-91af-cb7d1d06841c",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T12:50:24.000Z",
"modified": "2019-12-11T12:50:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--fbb2308c-ed30-4bdc-97ff-53b4136cf37f",
"target_ref": "x-misp-object--7286a3d2-41c0-4688-9e21-85ec78ff23e0"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--6bcabb47-e951-40c7-85b0-1427e8af46ce",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T12:50:24.000Z",
"modified": "2019-12-11T12:50:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b9b6c463-ab69-4bc2-a053-248497aa95d5",
"target_ref": "x-misp-object--42bd75dc-5e99-4c09-bfca-66b22cb28fa1"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--d99b2019-37d8-4bb9-967a-43c87a69c535",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T12:50:24.000Z",
"modified": "2019-12-11T12:50:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--00c6f164-f4b4-4e2c-a3ef-63c88e36f381",
"target_ref": "x-misp-object--9fe4012e-2085-4dcf-9f99-f73e92b3c7b0"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--03815d2b-60dc-482d-9fe2-ad5a9452a1eb",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T12:50:24.000Z",
"modified": "2019-12-11T12:50:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f005a213-c2ee-448d-80f3-a58ff20fdb4c",
"target_ref": "x-misp-object--8d2143a2-20d9-4de0-a833-5b13445c2fac"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--fc77d2e1-9ab8-44ef-a495-2a1c86e3e43f",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T12:50:24.000Z",
"modified": "2019-12-11T12:50:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--25b3b742-2893-462b-a181-8a9c046f7995",
"target_ref": "x-misp-object--ee0c2e26-c418-4f6f-9e6d-86952c212952"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--a72ab947-371d-4b12-a129-5ab6d0868829",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T12:50:25.000Z",
"modified": "2019-12-11T12:50:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--26bfe728-c018-44e4-b6d6-c54af3d2b14a",
"target_ref": "x-misp-object--77072cd3-da5c-4204-b37d-72fc44ed0384"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--c8bca3d9-03b8-4461-b121-439ec1f798db",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T12:50:25.000Z",
"modified": "2019-12-11T12:50:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--dab61fb6-c519-46a1-b060-fa178764d6da",
"target_ref": "x-misp-object--2254d0a1-5768-49d1-8f6f-55ef72367d31"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--f93fdaf4-a3e4-4767-8164-ecd36b66978c",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T12:50:25.000Z",
"modified": "2019-12-11T12:50:25.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--53d444c2-5449-4082-b85a-e61c3760d6c4",
"target_ref": "x-misp-object--f3154e62-2ff1-4769-af0a-6115e01096bc"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--b76a5fdf-cc7e-4a8c-8168-51e1529a1734",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T12:50:26.000Z",
"modified": "2019-12-11T12:50:26.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--93f8b76b-2456-44b4-9a7c-cdb0166ccacc",
"target_ref": "x-misp-object--017ca493-a3dc-4bc8-a384-6efaf630477a"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--6329e604-db97-4b98-8350-661853de4140",
2023-04-21 14:44:17 +00:00
"created": "2019-12-10T13:27:21.000Z",
"modified": "2019-12-10T13:27:21.000Z",
"relationship_type": "contained-within",
"source_ref": "x-misp-object--5def9ca7-d33c-4f2e-83bc-45d0950d210f",
"target_ref": "indicator--5def9c6b-dcd8-4fb6-95da-476d950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--9ce763c8-40fc-4e53-b8c9-1ff7ea0cceaa",
2023-04-21 14:44:17 +00:00
"created": "2019-12-10T13:27:42.000Z",
"modified": "2019-12-10T13:27:42.000Z",
"relationship_type": "contained-within",
"source_ref": "x-misp-object--5def9ce1-f250-4d35-a51f-4b21950d210f",
"target_ref": "indicator--5def9c6b-dcd8-4fb6-95da-476d950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--e20d93b8-33ec-4b8d-b306-595c18fa1b73",
2023-04-21 14:44:17 +00:00
"created": "2019-12-10T14:41:15.000Z",
"modified": "2019-12-10T14:41:15.000Z",
"relationship_type": "contained-within",
"source_ref": "x-misp-object--5defae31-f31c-427b-ad96-48d4950d210f",
"target_ref": "indicator--5defae0e-25f0-4dd9-94b4-451e950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--5cb602a9-e83b-4ca4-acfd-3a427ff7dfb3",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T08:05:30.000Z",
"modified": "2019-12-11T08:05:30.000Z",
"relationship_type": "contained-within",
"source_ref": "x-misp-object--5defb221-e110-4c86-99bd-409e950d210f",
"target_ref": "indicator--5defb1ce-bf24-489f-9676-47fc950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--9aa7cd72-0600-47ec-bdb5-22502aa264f1",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T08:41:33.000Z",
"modified": "2019-12-11T08:41:33.000Z",
"relationship_type": "contained-within",
"source_ref": "x-misp-object--5df0ab37-3e44-44c5-85cf-4021950d210f",
"target_ref": "indicator--5df0a8fd-0cec-45d5-8023-1706950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--a769a685-ebc6-43b6-9144-5ec2b35fd7e3",
2023-04-21 14:44:17 +00:00
"created": "2019-12-11T09:20:10.000Z",
"modified": "2019-12-11T09:20:10.000Z",
"relationship_type": "contained-within",
"source_ref": "x-misp-object--5df0acec-e3d4-4767-abe7-4bf6950d210f",
"target_ref": "indicator--5df0ac98-e890-4c6a-b708-30d9950d210f"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}