2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--3410ad13-ef34-48c9-bc6f-b1b111a30e06" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:24:07.000Z" ,
"modified" : "2022-06-23T13:24:07.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--3410ad13-ef34-48c9-bc6f-b1b111a30e06" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:24:07.000Z" ,
"modified" : "2022-06-23T13:24:07.000Z" ,
"name" : "OSINT - Russia's APT28 uses fear of nuclear war to spread Follina docs in Ukraine" ,
"published" : "2022-06-23T13:24:54Z" ,
"object_refs" : [
"indicator--a2b0de0e-0e43-4d68-8260-8dbe7ead5974" ,
"indicator--76e69d5a-606d-46d8-a86b-85d37acaa083" ,
"indicator--4a4402ed-6eaa-4d60-a9ec-583a0dd055e0" ,
"indicator--28df2d44-32c4-49c9-8278-4b0166168f37" ,
"indicator--d80ef005-49c3-4954-80ba-4e8464676148" ,
"indicator--0256873d-b87d-4ac1-bd36-eb0729c0a837" ,
"indicator--8e8a18c9-e530-4225-a4a1-e5a0f662b14d" ,
"indicator--a93a3baa-3e24-4012-9589-564cb41b570b" ,
"indicator--70ba861c-a09a-417d-bd38-591fff364cce" ,
"indicator--71b683fa-9b57-4956-b6ff-3a65625e6da4" ,
"indicator--9b0ae517-772f-48ed-bfca-362cf0319f72" ,
"vulnerability--ce610b88-badf-44db-993c-86a7a97a2cc8" ,
"vulnerability--f793c30c-02de-4e84-8494-e06fc3013958" ,
"x-misp-object--ef1b6703-890c-4019-b137-efa8b682371b" ,
"indicator--b15f8aba-033f-4669-a02d-eda7a7c03e07" ,
"x-misp-object--afb7dae5-8291-437f-b353-fca9c4a10258" ,
"indicator--ed37f367-ef0e-471c-8635-9067d7dd01e7" ,
"indicator--522f93b9-5306-4866-8983-1ed7fdabfecf" ,
"x-misp-object--7928bdab-a27f-4dbf-8a5f-68cb84400261" ,
"x-misp-object--b96756a1-2717-4426-95ff-3332fe2ac70b" ,
"relationship--b480c86d-c42e-441a-b1b9-34561bfc696f" ,
"relationship--504289ab-b814-4a9e-9d87-515c1cb305b8" ,
"relationship--8b5b7512-b45d-49cb-b4df-7cfaf26f2328"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:threat-actor=\"Sofacy\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"misp-galaxy:target-information=\"Ukraine\"" ,
"misp-galaxy:country=\"russia\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a2b0de0e-0e43-4d68-8260-8dbe7ead5974" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:08:58.000Z" ,
"modified" : "2022-06-23T13:08:58.000Z" ,
"pattern" : "[domain-name:value = 'www.specialityllc.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-06-23T13:08:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--76e69d5a-606d-46d8-a86b-85d37acaa083" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:08:58.000Z" ,
"modified" : "2022-06-23T13:08:58.000Z" ,
"pattern" : "[domain-name:value = 'mail.sartoc.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-06-23T13:08:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4a4402ed-6eaa-4d60-a9ec-583a0dd055e0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:08:58.000Z" ,
"modified" : "2022-06-23T13:08:58.000Z" ,
"pattern" : "[url:value = 'http://kompartpomiar.pl/grafika/docx.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-06-23T13:08:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--28df2d44-32c4-49c9-8278-4b0166168f37" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:08:58.000Z" ,
"modified" : "2022-06-23T13:08:58.000Z" ,
"pattern" : "[url:value = 'http://kompartpomiar.pl/grafika/SQLite.Interop.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-06-23T13:08:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d80ef005-49c3-4954-80ba-4e8464676148" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:08:58.000Z" ,
"modified" : "2022-06-23T13:08:58.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.208.77.68']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-06-23T13:08:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0256873d-b87d-4ac1-bd36-eb0729c0a837" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:09:32.000Z" ,
"modified" : "2022-06-23T13:09:32.000Z" ,
"pattern" : "[file:hashes.SHA256 = 'daaa271cee97853bf4e235b55cb34c1f03ea6f8d3c958f86728d41f418b0bf01']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-06-23T13:09:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8e8a18c9-e530-4225-a4a1-e5a0f662b14d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:09:32.000Z" ,
"modified" : "2022-06-23T13:09:32.000Z" ,
"pattern" : "[file:hashes.SHA256 = '2318ae5d7c23bf186b88abecf892e23ce199381b22c8eb216ad1616ee8877933']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-06-23T13:09:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a93a3baa-3e24-4012-9589-564cb41b570b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:09:32.000Z" ,
"modified" : "2022-06-23T13:09:32.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'ebb0e34f44089fd4cc750b5fe0dcc14f6bb85a11']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-06-23T13:09:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--70ba861c-a09a-417d-bd38-591fff364cce" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:09:32.000Z" ,
"modified" : "2022-06-23T13:09:32.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'b1847c89143fad810b7a3686296b9c1e91ad087c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-06-23T13:09:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--71b683fa-9b57-4956-b6ff-3a65625e6da4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:09:32.000Z" ,
"modified" : "2022-06-23T13:09:32.000Z" ,
"pattern" : "[file:hashes.MD5 = 'eafa11070f213f16efc030f625a423d1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-06-23T13:09:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9b0ae517-772f-48ed-bfca-362cf0319f72" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:13:27.000Z" ,
"modified" : "2022-06-23T13:13:27.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' e a f a 11070 f 213 f 16 e f c 0 30 f 625 a 423 d 1 ' A N D f i l e : h a s h e s . S H A 1 = ' b 1847 c 89143 f a d 810 b 7 a 3686296 b 9 c 1e91 a d 0 87 c ' A N D f i l e : h a s h e s . S H A 256 = ' d a a a 271 c e e 97853 b f 4e235 b 55 c b 34 c 1 f 0 3 e a 6 f 8 d 3 c 958 f 86728 d 41 f 418 b 0 b f 0 1 ' A N D f i l e : h a s h e s . S H A 512 = ' 68 a 0 84 c 9 a 6 d e e 3 c 315181 c 97e661454 c 61 b 442539 f 4875136828 a 87 b e e f 40 f f f f 79 a 7 f 7 c 5 d f 549890 c e 42 e d 636 f a 4404e673877379 b 849 c d 0e4 e 6 c 2 a b 2642 d 0 a ' A N D f i l e : h a s h e s . S S D E E P = ' 6144 : U O j c X g k 3 f b 0 p Z m t c Q P b f U N n w e o a f h c d P 19 F 9 v Q Z / y 7 d m M c n F n 5 i Q i M 8 p o F D N s G r O : R m 4 z m t V b C 6 P 19 F a 67 d m x l 5 i N G F p d / L A ' A N D f i l e : n a m e = ' d a a a 271 c e e 97853 b f 4e235 b 55 c b 34 c 1 f 0 3 e a 6 f 8 d 3 c 958 f 86728 d 41 f 418 b 0 b f 0 1 ' A N D f i l e : s i z e = ' 411760 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A H 1 p 11 R 7 D j 7 R l z 8 G A H B I B g A g A B w A Z W F m Y T E x M D c w Z j I x M 2 Y x N m V m Y z A z M G Y 2 M j V h N D I z Z D F V V A k A A 55 m t G K e Z r R i d X g L A A E E I Q A A A A Q h A A A A 2 h z 31 Q r 3 X s T n J g a P B w / B o g L 5 y c j Z X 8 f u e S B A K B 6 y O 4 w W a s o N N c 6 Z I b U L 2 M x u E Z I z q 77 M W G q 49 X S 7 n o r p S p g Q q C e b h j 4 L K O J l j O k h x K p I H m q D D L F w V W 2e8 k R 9 l f E T M s / A R g I P 5 o 99 o D + n G k y s p E C L l u t y H 0 Y t U e a I j O 1 M 6 P r v I M 5 t z L K I s 74 U J z 29 f q H x Y g K n 7 G 0 H 0 Z d A Q G u 0 K G X 2 w V w C 70 l g r X T Q H i + 9 k q v r x m g 8 i M C 32 j z 0 a I g z 8 B 9 O C d u i h y 0 w w G 0 D e w x j T 46 s G 6 j L t S p 0 r a 5 J 2 d j p x x c 8 Q t v z g 6 F 9 x r y M A g 9 N R C 711 U o 3 q r 4 S 2 y C 6 q G x 3 Y x m V L Q X O j X j Z T B S Y t f b 3 + F L B E N z G D E k g j S d D V b 53 g H 0 q N J X d p i 5 K 2 i Q k n g g D v j 4 h U L R w h k N A E X s 5 h t k H q 9 m o 2 y r 38 P y z M L p 2 J L T Q 6 I 4 M W 5 X A I b A B q g H J i r p R X M K D f X G G N + 6 c q I g H 6 L w t K Z A 0 6 z B g p 54 L 1 u H x L G 5 V R 82 h 2 v C X j f r F b u Z w 1 t P D m c 2 C Y I + p Z o 6 r v B V T w V T K 3 O K n u K G Q h Y v y w G R I p 8 X 6 j i U i M o s Y 7 q v y Z F u k o m 18 r h D 2 t D a x Z h U l x j X x 2 / Y 0 M 21 R e 24 A Y I H H 1 V i O D e P g j m q J k e g 3 b 0 O 5 o L a D R y M j + z o K r R n a u 2 t O + z f y Y O 8 j l s 8 z J / Q S 6 M G I Z B l E t T S A Z 8 u Z 9 l u g e v V w N y 4 V s 1 A z p 87 w E J 6 v v y M j P m 6 / 48 q W w 7 p b M m h 0 0 k K q t U I / b q i U A E + r m o + X t 1 m b X c e d 5 f i K 8 C v B D h b Y 19 a i k h Y l o f I K V i 9 / w c 1 j b H s q E p 6 v C 4 l y B p z V c c e c d 9 U w 6 Z d H h J k H Y / f M I / J n Z + k 7 c g x G t m / F h p q T o w B b e F h P A H w o n R Z o x F v F X o b S N 560 V D c x q t x f 13 F B 0 R s r G 4 e O o 59 h R 7 Z m H s r G 8 P 5 l n p z W E o A 4 G j i m J x 7 r M o V 0 3 m F d g r n N Z 20 L E u g u w 6 y b q 9 x 5 P M y N i Y i d 861 h d n d 5 l x p L u b 7 U x B f K O / G p J k z R t N Q Y q Q c b h Q H f 9 P 1 O b G S U O w r A T 2 J / + f 77 x S Q P I P g x / 6 t P T X P K u 9 H / I g / t d F Y D Z C X R j 3 k x o d k v t l i G m O 6 X Z v M 5 Q m a P M Z T a a 7 j C O n R G h 3 Y L s P Z S o B l 4 / 6 P t 4 N t I E z U r V d c 0 Y + 4 p 0 k I G i Z M O E h J K U 62 V I t M i x s T j a l Y E b + 5 D 5 L u W v 1 F B c s Z 3 o + J 7 / B s a i H + l 7 H g O 3 D M U 1 y g G u 8 B R 1 G e T P M r d T G l n u N w K e m z A R 9 V G Y Z p R n x E 4 M y Y h z r p d + H g Y S L 0 k N u M N z 3 I x x f X L e 7 u 0 R w J G N N U D G p B a D 5 H a U H c M Y s n S R M 0 E k h Z 5 f L p q F X r T V m l 7 x A C F A x C X a V g Y T O m 69 s S l F / K V m x r E o s m F C r Z 7 d 9 b q m R V 1 D T m 96 P l R H t X X l Q T j w b W S d T O j O 179 n 969 y V 5 B x y p + m E B a S z O F H m k W j J F T u t W C 5 A 3 q s o I 8 g b y Q x F 1 z B l X z c M c J G 9 d n M A 1 A 5 m G X / 2 u W 6 L A r 9 V 113 D M e + J A A V 3 Y 4 z m y v v + Z P A M q K P m a K + Z o l 8 T l o k v a l v M I F G i v j u 3 V f d Y K 1 Y i e 8 O I M v R U q N 66 K e 3 + l n S K y V x 1 e K A y b k 3 / K K u M J 4 s 82 p T i N Y 0 60 Y + 5 C Q x A 6 q B Z B k I n 3 u N 9 d t u M a j 0 X W z i 0 b h A A s N A z F 3 w 0 a 0 H C d Y A 0 M y 4 J w h 1 l l P K 3 E S n O m o m s K K 0 e a N S Z o + v 766 W L 6 i z r u Y U x w 7 z 6 q s h x L j X + v o H h R T 7 f G f J M e V 4 v / L Y i v g j c r L i t W 5 F M n P Z r / 5 t 8 r w P + h A C K S q q o 6 K 2 m h Q c J S 9 X U u y s l p Y 3 B s 7 V P K S 7 n J F E R u w b B b / m v F 3 + Q c 9 G Z c 5 B Z C i u d z c 4 P P H R 9 o t b L F L G T b O n x K K e O D q h f S x g p 8 D g M C 24 E d J 9 d l f J p l 8 Q Q m 0 3 H b p s n T Y j O C a e f a 5 i K 2 / 3 / a m Q Z n A 3 L f B 6 N 6 m i n h l p r M a m x A 4 + L n L Z k A V h a u q K S R P v M e z q z 7 b P 4 A H u A W 65 N 4 Z + g 20 W H j p t 2 j k G p q m o 0 1 s + f 24 i I 74 e q 0 1 W r G 7 W a Z K d o n / q s I 2 C i j w l v 6 V o x C o F 8 x B 1 T B l n J r q o 5 y n U P P O c d c B V Z V t Z r 3 c + V p s G g q q g u S P i R X v M C t 4 S b 2 L v T V n 9 o x I R I U 675 N b 1 K x K z T J 3 k q 4 G 7 v e q R l Q 3 n J c n B / d o B t 5 y c z S 3 d 4 l s u G l 8 e K + e l a Y x c H x e x r a / x W v F F T 1 T r 9 U N X Z / E 5 q 6 V Z H c + 60 / M M G R u U p 6 e V f e o i R W z A w n G k 6e2 + m f N 0 9 u V Q T v 0 E U k Z c 0 1 v 5 E z l u 3 G E f M k 28 R 3 U 8 q F h q 98 P X X R i D + e T L f c 7 W p s / P w Q N A E w p y A L s Q j J K M z K t G H g v 6 I A G a r I C 3 t e n q j L F y O V u q R j L d D w L D s o / x 6 T O 9 Y l S f K 1 Q y h C 5 j g l S B q R 2 s A y 7 f X E 0 K W p 7 W V u x E N p d J v L l 0 U C 3 s 0 f Y 0 7 p I L a U Z Y V u 89 a A P 7 e V L T F 9 R H 8 V Q n p c f 8 l c E q 2 N j C 0 S l x j M v R p O F 17 y R Y r F t 0 k i o 5 M W C A 7 q O p m r 4 k g N 6 O 2 N 2 B 4 p M i E b Z R F W a n C 2 a V e R W y y k e 5 e h X R o y 1 T t y a 4 J 5 J I Z p q h g j N G Z s 2 t f k A C 7 o v 9 q w E C B 2 n z K 8 y J f R R K J 5 v g f 7 n Y v z 7 s s / C x G l p o A U m y 6 A X j 5 h M r G g 8 k B A M q o c + 2 g 8 z V u S 5 b B 2 / m j 8 E V N u q J 8 a 0 W v j k x 3 / r 91 X L f o V x t 1 r N V V A A J K R a c f e 1 E / b y J e L 8 D f l b v V e 0 c v / H 4 c 0 B g n s t W Y k I N o j L y N R T s m y 74 i 9 v M k U R h F M C B / H m S O q + G p o 8 A H M u O o h y y o e u m y R t R O O R I c B P S m d X h Y h J E W n 2 D 7 + R f r x P y m I a c Q V i d Z e I + U 0 T c y G W d l D s b p n i X C Y v p G x v a N q F R x X o J Q z S O 3 h 243 c t a S N t d d D 9 i E 5 y 79 R s U 0 I 7 M R j E M U + a O a H E z + r l f w x A c e N m 72 l D U 1 W X i T a v l f r K N 2 I f w z f G q b / K f H r C a z k 9 M 6 u 8 G I + x b w 2 m v g E q j k j E Z i k J H L u Z T 4 h e 4 D 3 P o I E F s / p e p 7 k E V E a 7 c D 3 r v d z 6 P c j 9 m q w D k K v C Q s Z u n k T 5 j d A I d c p P O N U g B S d A Q B B t T g q t u J F j A P x + q + I V A a D q X g j A T I E x i n 8 x G M h P w t R A 40 k Y + 8 b r F e L G k t I A P Y i + A E 3 v H 55 F J q g x l g N a 4 w a 5 W T Q h P v o X H r D X n e 1 X U C w + g 70 Q X I 0 y g S 3 i w u 3 V / m q T 2 Y N B P 2 I 6 g W n y y 6 E y s l Q J n t / 9 t 9 v 1 v L 0 d Q h v p D 3 O 92 Z Z g h s n P 0 5 S 4 o b A L O 9 G X b M E r 3 T Z a / z + O D 2 s v 84 J 5909 I j M Q m e / 57 f L v w j + 0 s n S / g w A x p P + X l q d v N I e O w O a k p v k q 4 f D f P 3 y E t Q h J 9 C X Q V y n p I 9 f e 69 T o h Y j e 1 P P + / o V m K f P e 8 u Q a P v o 7 z q j t Y y 3 Q H T P A T F G 2 k A f R 7 y 6 p c S 9 s x J 1 w C Y n Q i u t Z e U / G I Y R Q Y q i 6 W 5 l X U y f k i 9 o q Q s F i J N z l p H I S J T / w 1 / D i P D w 3 g t
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-06-23T13:13:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
2023-04-21 13:25:09 +00:00
"type" : "vulnerability" ,
2023-06-14 17:31:25 +00:00
"spec_version" : "2.1" ,
"id" : "vulnerability--ce610b88-badf-44db-993c-86a7a97a2cc8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:12:55.000Z" ,
"modified" : "2022-06-23T13:12:55.000Z" ,
"name" : "CVE-2022-30190" ,
"labels" : [
"misp:name=\"vulnerability\"" ,
"misp:meta-category=\"vulnerability\"" ,
"misp:to_ids=\"False\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2022-30190"
}
] ,
"x_misp_state" : "Published"
} ,
{
2023-04-21 13:25:09 +00:00
"type" : "vulnerability" ,
2023-06-14 17:31:25 +00:00
"spec_version" : "2.1" ,
"id" : "vulnerability--f793c30c-02de-4e84-8494-e06fc3013958" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:13:08.000Z" ,
"modified" : "2022-06-23T13:13:08.000Z" ,
"name" : "CVE-2022-30190" ,
"description" : "Microsoft\u00a0Windows\u00a0Support\u00a0Diagnostic\u00a0Tool\u00a0(MSDT)\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability." ,
"labels" : [
"misp:name=\"vulnerability\"" ,
"misp:meta-category=\"vulnerability\"" ,
"misp:to_ids=\"False\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2022-30190"
} ,
{
"source_name" : "url" ,
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30190"
} ,
{
"source_name" : "url" ,
"url" : "http://packetstormsecurity.com/files/167438/Microsoft-Office-Word-MSDTJS-Code-Execution.html"
}
] ,
"x_misp_cvss_score" : "9.3" ,
"x_misp_modified" : "2022-06-07T18:15:00+00:00" ,
"x_misp_published" : "2022-06-01T20:15:00+00:00" ,
"x_misp_state" : "Published" ,
"x_misp_vulnerable_configuration" : [
"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*" ,
"cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*" ,
"cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*" ,
"cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*"
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ef1b6703-890c-4019-b137-efa8b682371b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:15:31.000Z" ,
"modified" : "2022-06-23T13:15:31.000Z" ,
"labels" : [
"misp:name=\"report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://otx.alienvault.com/pulse/62b44a9d13580736f8547cb8" ,
"category" : "External analysis" ,
"uuid" : "195fe785-cea5-4b57-ad6b-5a37125fd4d0"
} ,
{
"type" : "link" ,
"object_relation" : "link" ,
"value" : "https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/" ,
"category" : "External analysis" ,
"uuid" : "db051bd7-c0f7-4f7d-8427-af2c358b133c"
} ,
{
"type" : "text" ,
"object_relation" : "summary" ,
"value" : "In a recent campaign, APT28, an advanced persistent threat actor linked with Russian intelligence, set its sights on Ukraine, targeting users with malware that steals credentials stored in browsers. APT28 (also known as Sofacy and Fancy Bear) is a notorious Russian threat actor that has been active since at least 2004 with its main activity being collecting intelligence for the Russian government. The group is known to have targeted US politicians, and US organizations, including US nuclear facilities." ,
"category" : "Other" ,
"uuid" : "3eaa5829-6bf0-4e60-aca5-4727b688094e"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Blog post" ,
"category" : "Other" ,
"uuid" : "7d9f1e05-13bd-433b-8f86-b0be6ae7e46f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b15f8aba-033f-4669-a02d-eda7a7c03e07" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:17:45.000Z" ,
"modified" : "2022-06-23T13:17:45.000Z" ,
"pattern" : "[url:value = 'http://kitten-268.frge.io/article.html' AND url:x_misp_host = 'kitten-268.frge.io' AND url:x_misp_scheme = 'http']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-06-23T13:17:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"url\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--afb7dae5-8291-437f-b353-fca9c4a10258" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:18:54.000Z" ,
"modified" : "2022-06-23T13:18:54.000Z" ,
"labels" : [
"misp:name=\"passive-dns\"" ,
"misp:meta-category=\"network\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "rdata" ,
"value" : "18.133.249.238" ,
"category" : "Other" ,
"comment" : "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io" ,
"uuid" : "98e360e9-9169-4516-91b1-401cfe61bdc4"
} ,
{
"type" : "counter" ,
"object_relation" : "count" ,
"value" : "88" ,
"category" : "Other" ,
"comment" : "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io" ,
"uuid" : "7cf96d0a-33a1-4b05-8cee-cfe62e822f38"
} ,
{
"type" : "datetime" ,
"object_relation" : "time_first" ,
"value" : "2022-06-20T20:54:14+00:00" ,
"category" : "Other" ,
"comment" : "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io" ,
"uuid" : "8784a4e4-1f09-46e9-bc88-73d566ff75ce"
} ,
{
"type" : "datetime" ,
"object_relation" : "time_last" ,
"value" : "2022-06-22T22:48:01+00:00" ,
"category" : "Other" ,
"comment" : "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io" ,
"uuid" : "725264e5-1243-4704-bc0b-d0bab4b52cc9"
} ,
{
"type" : "text" ,
"object_relation" : "rrname" ,
"value" : "kitten-268.frge.io." ,
"category" : "Other" ,
"comment" : "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io" ,
"uuid" : "759965a9-2e71-4624-8502-375fde6db497"
} ,
{
"type" : "text" ,
"object_relation" : "rrtype" ,
"value" : "A" ,
"category" : "Other" ,
"comment" : "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io" ,
"uuid" : "c3f15a92-140e-465d-9b52-9474a4e3fb55"
} ,
{
"type" : "domain" ,
"object_relation" : "bailiwick" ,
"value" : "frge.io" ,
"category" : "Network activity" ,
"comment" : "Result from a rrset lookup on DNSDB about the hostname: kitten-268.frge.io" ,
"to_ids" : true ,
"uuid" : "dec1d9bb-8d79-467d-956d-45a903872581"
}
] ,
"x_misp_comment" : "kitten-268.frge.io: Enriched via the farsight_passivedns module" ,
"x_misp_meta_category" : "network" ,
"x_misp_name" : "passive-dns"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ed37f367-ef0e-471c-8635-9067d7dd01e7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:22:51.000Z" ,
"modified" : "2022-06-23T13:22:51.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' d 3 b d d b 5 d e 864 a f d 7e4 f 5e56027 f 4e5 e a ' A N D f i l e : h a s h e s . S H A 1 = ' e b b 0e34 f 44089 f d 4 c c 750 b 5 f e 0 d c c 14 f 6 b b 85 a 11 ' A N D f i l e : h a s h e s . S H A 256 = ' 2318 a e 5 d 7 c 23 b f 186 b 88 a b e c f 892e23 c e 199381 b 22 c 8 e b 216 a d 1616 e e 8877933 ' A N D f i l e : h a s h e s . S H A 512 = ' 2905 a f 78720 f c c b 1167811 b 871 d 0 509 a 6200 c 9 c d c 920409 c 337 d 30 b f 89e0 b e 9 c 77195919e59 e 67 c 39 d e a 0 f 8881 d 64 f 272825434e9 e 9 a 546 d f 1 b 74451 e e 1e13 a 6 ' A N D f i l e : h a s h e s . S S D E E P = ' 98304 : T t C l V k o O S f J N p 8 F U c w t i 78 O q J 7 T P B L Y V r s k 9 N 8 i v y h A d s P S Q x 3 U G g d N : T l o b h H 8 F U c w t i 7 T Q l g V N 8 i N I S h N ' A N D f i l e : n a m e = ' 2318 a e 5 d 7 c 23 b f 186 b 88 a b e c f 892e23 c e 199381 b 22 c 8 e b 216 a d 1616 e e 8877933 ' A N D f i l e : s i z e = ' 5433824 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A N p q 11 R Q a s v V 4 P J R A O D p U g A g A B w A Z D N i Z G R i N W R l O D Y 0 Y W Z k N 2 U 0 Z j V l N T Y w M j d m N G U 1 Z W F V V A k A A y t p t G I r a b R i d X g L A A E E I Q A A A A Q h A A A A 2 Y n h G E t N G i R d 8 / 4 j F W t f 7 M e 25 N 1 M Y X / b A X 2 I 23 s o 56 P a J O e a K b 4 V d b g g y 840 M C J x P s Z u 3 z f U d 56 g r k u 5 o R W 7 c / W Q / i G P N Q g H J s b E z / O 7 l w 66 z C a K z O l s / h P r E z 281 C x C f L I Q t 3 k Q A 7 Z n T o 4 F T s U D t s Y g T j w E 5 z 8 z 11 / + U B 3 / f N j t 7 K V C s n + j 9 L Q Y k o p D x w H + w r N H G R t f k V r T p t h T 9 c / 1 A O Q i t w 9 r d z 8 Z h W t W d / 3 Q X J c 3 R 7 w k m Q 6 R o S 4 F R y k b l m 11 l 98 k T X n e 1 C 2 P + / Z n Q w l Z t C 8 m F + U z 1 b X O x r + k o p S 0 Y q X d J 9 v a P S m w i t I h 2 M E K v 2 O 0 n t E / O h h k K n k p r v d p J M N F G d / + T 4 X 0 B b + I s X 3 H Y z p F Y + 6 j L F e a V A L k d b + / f H G 5 p E H p g v / v l 85 E j P I d H / f w e X + 3 T 2 i G Q F O X z q S 3 z z z Q I P k l 6 q K 1 H H x G d g 77 S j p K l c Y 7 X / i g x M 4 M c i n a 9 B M 1 E G f l y D q k V a 2 p Y O N y g c J 3 a f V q a M / a j M c L I F X N c l 8802 l F g N M P d R t X y 2 O V 8 n X u 5E10 P A J H b 5 e i d 7 v q 3 e b a z G M 3 Y 2 h e j e D x T J Z 5 z K E i L n p D 6 I p Y l f J C l M J L 22 M c Q y T g T W a 7 K a G Q N h z 9 u J 0 T f i w / C F A H u y 2 q t b 5 F 55 E z P m O F s c N o p u 4 e g b X g p P W 8 o y b I + 7 w z L Y 7 e Y C R t 8 n g n Q p i m A T f G h E V g s 5 f 9 I H 2 f r C Z I y G q y 3 m x V a 9 r T T E O S A k f C 8 I 0 x s B 1 n S t a C g O r u s Y i d l Y w K b n N U 5 a 9 z 0 F 7 E m C J F F x t u Z k d k g 79 K 15 o h J X U E N P / M H k N 8 Y A d 1 L R Q 5 s B / y U 9 F F 3 x e U 7 i M B d G P U E Y L g M j n Z a y J G h r j U c U k h 1 F N Z h D R B G M B A E J 6 T X C b 0 h A M X i a D X R Q / + f Z G y w 7 A C M t 9 + t H q D p Z j y P m O z W Y J 9 y 8 U / A O 35 p F V l p i 1 K 1 y M U f f B E k x u 3 N 1 D 1 I 50 l P 8 C 7 n 428 n f e 0 b S m o C l z 5 B 6 y f Z x L O / p i J E N 1 f F o z s P K 802 M 0 M 6 d Y u X U z g N V b T T n 5 F D t P y S H t 9 j V V 9 i 7 I i Q r 7 u O g Z T r 8 a E A c G S 9 c r 2 c x 38 r K w z k Z 3 B 2 e d P C K P z n a U U y O 52 Y P p z J K T m R 1 s l E X y a b Q F U v H + P H h R Y c y u G U 2 H / B E 0 c r 1 U z L I 1 V M Z r X z E r X 6 p q a U R z U Z 1 v 2 a O + S W K u c p 8 g P 6 H I 8 s p D E A O p k L n g x X H y n Z Z 4 m Q J Y B C X b q W 4 c I b R J e 7 k A f N y I Y Y v r Q a a W g h u R 3 V Y w u N C l G L X y 0 X 1 L S h 8 W l u W v e / 0 J 5 X G m l / X W c Y 5 O c u S y P n k V U e y 2 s / n s A j u K B S J U A y m O m K J G j u 1 G k S i G H X r u w l I Q 3 Z j U 1 f A U 6 x 1 U P i 0 a w 0 g B O T V l L p 8 O w 173 J D 1 e m u t u C l 2 r b 9 E n Z F 7 g g Q / A V u u H W c Q + 8 V q 9 F T 0 + H g b Z b + x + G 1 J T B H b k R Y C e Y S w r w 0 d R Y M e X z k a F b T M i c G e I T A v c E y F k O V u N J k c q 8 y T s M D d f e X D F r w y s 1 W S I X j g V E t m L u 0 k l E 3 n 5 m J H t Y g 9 x t f M q L g Z M M N C a m I Q E O d m V U P 6 L K V I n o c B f k M g J Q x c P o Z p x A c q 0 i a U m E T 4 W K w I Y x F R L F B 9 V P G m u h r a 0 Y 2 w G h c y 5 P A e l 3 l J X A U h u + S k P i C 7 J 4 N y 8 g i o Z 4 L 6 U h p F S q d 5 s 2 i M Q W w l 1 g g / N G H P p E w c 7 U E o H k 9 J 1 J I y y I N v P D U 2 X M 3 j W k Q d W v F f x 4 / 3 w o e K T P m Q V + t 1 l 0 R I g r K T T G + Q 47 x g / C v R 4 x k L W w h z V 3 z B N J C q b C E 7 a O j t K J J g I f K a D X E 9 S R 0 v C t E J W K S Q + S e R c Z l a G 8 / c H o b O Y M y 8 x s Y 0 C a n a z 5 o 0 G y G D m 9 N j H x p A T 2 i l d 43 D 2 W U t f w x n h 57625 Q v I h r l R k t K h O X H b P I H F V Z 89 g O h 8 L g 2 V j M b Q A W u t S k T M J R n D V b A O h d 17 H J Y n g V o B t 9 L 7 f q t y 8 l l P A f f o i 0 g b 6 n A 8 o p 7 B g 2 z I f o d j y y / O S S c o J s e R 7 b g s r u M s C X L 8 b m h l L L d p z k 5 W M C C l h M + y O n D w / c 9 c s I s z a d k b 3 H U C x T s b 22 J i g B d s f X 8 m 9 F g A L A I 3 o s e M z 2 v 567 a n 4 C g b T 9 N l 5 H q y J l D C f d 5 X e 5 c J a Z n g P D t V x Y w s j 3 + / N E D j 2 f m V Q I P V z U 70 a v l c s 9 j 9 G Q Q u D 1 b t 2 T F C G w v i D g 3 d U Z f d + / N Q 8 T z n 9 m t 0 t / P 6 m n e z 5 n 3 b t E G 1 f C r e 8 B T Q t v q / m A 1 O 83 K R Y 21 l p J G K J 1 d K y 0 h A s L h P z U l j x D t J m K r K C 8 a x W O v 0 l m A 7 r 37 A p a J 7 v i / Q T M j 0 68 F R r d T 3 x m D x 51 G h 4 f f T H W f k X 4 z j p K z e W I A w F m 3 N / 1 t g 13 y Z W j 0 F N A d j 9 u 0 V J T y u C 1 T M O y 6 w 5 / k W x P k m 29 J u Q t G I e y p K B 4 G / S J + + 98 P o N O p j / t 6e7 o B 0 L 3 Q g v o W 9 j 2 Z i H r p G d o 1 s w X d 5 r T E H f f X p a Q w u o d c r X / x + 3 v 1 B X J Z y r Y y N j Z 8 v w g J 2 B c k Z m l z 9 l B d T p g d 1 p A T u 5 / N B u L V W 2 T S W q A A w 72 F w w O g q T / 3 U P s G 91 x D z 8 l r m R X + w D 9 b h j k H l 20 B Q 2 H F O p b a h U r T k M z 14 l F W M Z t R a w g 9 f Z y t 5 j Y 9 G W v n F D K q W m j k v s 6 G + O F 87 O J b Y E B 9 y s i j G r F f K j j b a F 4 e x 1 a r T x I S h o r Q + Y D b D 7 C 9 m a J 2 J b r K m l a O r w Q T y z T 7 A n B 86 T w / J N 4 A a g h m D i t 0 I F f Z 6 e H f k n R w O T g S L j M R c m A y C m 8 B d N i Z s P A T / p J v k o r i Z y y j a G d F T f K d m g P w G t Z g V c D s g K j c Z o d 4 Y w 43 S h J B 4 t U m / A G 2 S C O c 7 i E M C C s a R M y P y J c Q K 7 W F u Y n M j J Z t / Q c Q 6 M s H e z u a q 3 E C 2 f X 7 h 0 n 0 2 d d l H 8 R w q s F w d n / 1 + Y + 2 j K k 7 w S Y 3 e Q v Q r o J q 44 S D + f j + S 91 C 4 G 2 f a d 0 u 7 N E 6 W h 3 X U I c + F W w S A h V R / l 18E3 x E g A x q U w 7 N Z x M P n Y V 7 R q a b u A 19 S f L i U y 30 O 85 H K h e F F y t M R W 7 U t 0 q u / j P W U I u e n h K 8 h g 4 f 4 P + Y + M L O s G F S U T Z V W Q R M N n E Y 6 L q K T 9 N m R O R 1 I x o q o + c P 91 T T s Z 7 g R Y r J + U u 4 C w 2 g I 5 L + O s + 7 h Z + f 1 i P W R K u K s w L u u 2 K Z U M Q P Q m y Q f 4 q D x z o q z V t J q m 9 Z p 2 J m O N U I R u b E X P v D r P Y e 3 + D I v g A 96 m 5 e E + W 6 Z G i 0 W d I c 9 X 2 A w L i I 3 y 0 W r J R C q F N U Q k j 8 h R x i a V c f U 3 Q S b P S s G 1 S Q g s i V D + M 8 V I Q v 9 y s s A O R l d h T i k S c 1 K L 7 X 8 n A i W s s p 1 x I k M z K 9 x O B 4 v Z 32 x H C I 9 v G j D v p A D + / h x U S I o d A Y 0 V z o + D v N d L S I O 4 v H W M L v R L z F n f 1 Y z I o a h j M R H W J L T w 1 w m q K k 42 n n Y 9 o S m 7 w e / a A 7 + 84 p I y F A a 5 A c U c s 4 e L B Z m c / i p J 3 j Z x + g Z q + S m K k I O o G / Q T M w 3 L L 5 S H Z H A I v f G J 1 v e n t M 7 o E B E S G / h A 0 2 J + X B p r Y l / x n B u S X L i o 9 j U S r S H F A d 5 C
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-06-23T13:22:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--522f93b9-5306-4866-8983-1ed7fdabfecf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:22:51.000Z" ,
"modified" : "2022-06-23T13:22:51.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.number_of_sections = '2' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '4194304' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2048-12-25T08:35:47+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'docx.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'docx.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'DocumentSaver' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '1.0.0.0' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'DocumentSaver' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '1.0.0.0' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00a9 2022' AND file:extensions.'windows-pebinary-ext'.x_misp_entrypoint_section_at_position = '.text|0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2022-06-23T13:22:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7928bdab-a27f-4dbf-8a5f-68cb84400261" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:22:51.000Z" ,
"modified" : "2022-06-23T13:22:51.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".text" ,
"category" : "Other" ,
"uuid" : "130d01c8-7940-4d92-830a-25849d5c70a1"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "5431296" ,
"category" : "Other" ,
"uuid" : "4f5a4c0f-f701-4c85-ac6a-cce4213a7c3b"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.9973059211035" ,
"category" : "Other" ,
"uuid" : "e10ecd13-58b1-4312-892e-a8299fbf7721"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "2320acc1bfdb7507bd655f7c3753c2e4" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "8d1d3e44-824d-4e84-b4e3-b78c3b8035e0"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "cfb20c4dbf2de009a1dccac68a4c822d02f7ae94" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "02780d4c-5d17-4f53-aa7c-97fec37218f7"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "5653418e1ea815c908243332a9a7a82e0e0767a202899a2008ca2c21dc11861b" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "1b752e3f-3d00-49e7-9517-e5ee045dc559"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "40b94a92923116d9b4b3886c4b10ab6979f8e4be238403bb169d1ec3c116d6fabc61ae776eb5cf0d09fe78911bb9f6bdcf27b7630f7559ae7597aa092b2087e1" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "36c30f7f-6642-4701-83d2-cb7bd7bb8a2a"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "98304:gtClVkoOSfJNp8FUcwti78OqJ7TPBLYVrsk9N8ivyhAdsPSQx3UGgdv:globhH8FUcwti7TQlgVN8iNIShv" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "21f3823b-6089-477f-a4b6-80f18758f545"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b96756a1-2717-4426-95ff-3332fe2ac70b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2022-06-23T13:22:51.000Z" ,
"modified" : "2022-06-23T13:22:51.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rsrc" ,
"category" : "Other" ,
"uuid" : "650e7117-6687-4118-9e47-1420017e8427"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "1024" ,
"category" : "Other" ,
"uuid" : "4c15abcc-00cd-4f4c-be47-9162eefd5d92"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "3.1296610663897" ,
"category" : "Other" ,
"uuid" : "315d59a8-d965-4719-a68d-da99cda8d3b7"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "5e813a8b2d0cb12dc8e7fc43e0149395" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "68229cd9-a73f-400a-8b2a-1a52df879c9f"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "bc5083093539e54d748dd602eb0571ee5656744c" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "57ae40a7-972b-48d2-b02a-c82973619c87"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "6b330540046cfcc9d62b17ffbe2c15d5b6c7854a0ea16842cc99a05bb189fb78" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "03bfee90-3ca0-4083-9972-fb21c9cdc32f"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "cd573468335c18df128bdba83002a71e275c8a1daed1cb2edbf4f0b919b593503b6898cf81b19afabb8aa40509f37099a50ef4bab0236848f63dbc8031f2d816" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "c9d09084-096a-42d8-b1eb-d81bff2be279"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "12:Es9cmi3n6EtXRAHC5YArJyE60NaUGiq+jZAiN5prynthXF7YnqqD63JaMKPN5alQ:9cDR0EytrgjZhN4XFSD63fKPN8q" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "b3a6765b-22db-460b-b26b-a0909267750d"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--b480c86d-c42e-441a-b1b9-34561bfc696f" ,
"created" : "2022-06-23T13:13:27.000Z" ,
"modified" : "2022-06-23T13:13:27.000Z" ,
"relationship_type" : "abuses" ,
"source_ref" : "indicator--9b0ae517-772f-48ed-bfca-362cf0319f72" ,
"target_ref" : "vulnerability--ce610b88-badf-44db-993c-86a7a97a2cc8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--504289ab-b814-4a9e-9d87-515c1cb305b8" ,
"created" : "2022-06-23T13:13:08.000Z" ,
"modified" : "2022-06-23T13:13:08.000Z" ,
"relationship_type" : "related-to" ,
"source_ref" : "vulnerability--f793c30c-02de-4e84-8494-e06fc3013958" ,
"target_ref" : "vulnerability--ce610b88-badf-44db-993c-86a7a97a2cc8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--8b5b7512-b45d-49cb-b4df-7cfaf26f2328" ,
"created" : "2022-06-23T13:18:54.000Z" ,
"modified" : "2022-06-23T13:18:54.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "related-to" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "x-misp-object--afb7dae5-8291-437f-b353-fca9c4a10258" ,
"target_ref" : "indicator--b15f8aba-033f-4669-a02d-eda7a7c03e07"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}