adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5abc9cfc-4f24-40a6-b7e1-4870950d210f.json

274 lines
175 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5abc9cfc-4f24-40a6-b7e1-4870950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-29T14:52:37.000Z",
"modified": "2018-03-29T14:52:37.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5abc9cfc-4f24-40a6-b7e1-4870950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-29T14:52:37.000Z",
"modified": "2018-03-29T14:52:37.000Z",
"name": "OSINT - March 28, 2018: Malware Analysis Report (MAR-10135536.11) \u00e2\u20ac\u201c North Korean Trojan: SHARPKNOT",
"published": "2018-03-29T14:53:49Z",
"object_refs": [
"observed-data--5abc9cfc-3014-460b-bc7a-4f1d950d210f",
"file--5abc9cfc-3014-460b-bc7a-4f1d950d210f",
"artifact--5abc9cfc-3014-460b-bc7a-4f1d950d210f",
"observed-data--5abc9cfc-0ab0-4e02-a662-40d9950d210f",
"file--5abc9cfc-0ab0-4e02-a662-40d9950d210f",
"artifact--5abc9cfc-0ab0-4e02-a662-40d9950d210f",
"observed-data--5abc9cfd-c088-465d-b61c-452d950d210f",
"file--5abc9cfd-c088-465d-b61c-452d950d210f",
"artifact--5abc9cfd-c088-465d-b61c-452d950d210f",
"indicator--5abcf6c9-60b0-4aa8-b52b-4f7d950d210f",
"indicator--5abcf6f8-e8c4-4164-95fe-4ed7950d210f",
"observed-data--5abcf8df-cb18-4d66-b9dc-4453950d210f",
"url--5abcf8df-cb18-4d66-b9dc-4453950d210f",
"indicator--4cca3ed7-3809-49d4-b41c-2e0827db2d75",
"indicator--fdd73209-3bfc-4cc4-b70c-28f6bb7624f5"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"technical-report\"",
"misp-galaxy:tool=\"SHARPKNOT\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5abc9cfc-3014-460b-bc7a-4f1d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-29T08:06:43.000Z",
"modified": "2018-03-29T08:06:43.000Z",
"first_observed": "2018-03-29T08:06:43Z",
"last_observed": "2018-03-29T08:06:43Z",
"number_observed": 1,
"object_refs": [
"file--5abc9cfc-3014-460b-bc7a-4f1d950d210f",
"artifact--5abc9cfc-3014-460b-bc7a-4f1d950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5abc9cfc-3014-460b-bc7a-4f1d950d210f",
"name": "Figure 1",
"content_ref": "artifact--5abc9cfc-3014-460b-bc7a-4f1d950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5abc9cfc-3014-460b-bc7a-4f1d950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAI7AlgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3+iiigAooooAKKKKACiiigBK57xSxFlZlS4YXcZBRdzA4boO59q6GsPxGcR6cT0F/Cf501uOO6PH7XXfiHHDuC6xcTyQYKTaaAIyURiy/KMsD5gAPoB3rbF94wGiXd9bS6nPbWV6hhWeyWK6vLcqA42FeCrHg4GRmteH4gPLpb6q2hzxaY9vJPb3Ul1GBKFYKAR/AWJ4zUd54wv77wNqusWMR0+902Zo5Ip4/NDFduQM7TyGHJAI9K9BuTfwJar+v08jTTudRoMGo2+h2cerXRutQEYNxKVC5c8kAAAYHT8K0qwNXvr+z8TaHDDPGLO8llhmhMQLErGzhg+eOgGMVvnpXNJPfubR7BRRRUlHnniLVPFtt4yMNitytmDB9lWK0MscwJ/e7yFOCPdkwOeax9Fm8Qadql/a2cWr2+myXd/NJF/ZvywwkExyRMRlnLYwnOfTvXb6l4kvbTXxpFnoVxeztAs4dLiNF2btrE7umD+dZMvxMtI5Lpm0u9+xweeq3CjO5ogdwIxhc4ODk++K7aVKtOCUKad0uq+T3+75nPJx5tWQeEfEWs2ug6xqHiw6ir2aLLsmsxEvlhcgocDc5PUdjgV3NrMLm0hnaGSEyIrmKTG5MjODjuK42Tx8WsNRa78PylrTyFeETpKGM3K8qDwByeD9KdJ8RYRpthPDpktxPdpNKIYpg21I22t8wHJPGBge+KVTCVpu6p2u+jVtr9/mOM4rqVNR1TxZF46MES3K6eLqBYY0tC8MsBA8xmcKQGBzyXXGOhqraal4okS6e+vddgu44bkz20Okq0UTA4i8lsfP2wMtnJzit7TfF15qPiZ7FNJmWya1huEmdkQp5m7lwWzg4AAAzkHtioIfiGjverLpUsTWMU0l0HuE/clG2hW9Cx6e3NHsar0VNXSXVddv67i5o73Jvh/fa9e6Zct4iF4t+swDJPbCJFXHHlkD5gepPY8V159q4i48W3uoeCda1KyhOnXumswZJk80NtUNjkL1BHJHHvWhrni0aBMYpLCS422Bvi6yqoKh1Rhz3G4H3rOeGqznZRV7tW9En6dV1LjOKW509Gc1yUfjqGXxI2lR6fctEt39je4XkLLjPK4+72zn8K2de1mLQNHn1GaJ5VQqqxoQC7MwVRk8Dkjk1nKhUjKMHHWW3zKU0032NWmsR0NcfrGv61F4bvb0WX9l3VlcRq0cpSdZVJUHBGMfe6+1T+IPGsWhau+nrp0928MSzzGHqiMxAwMHceCccfWrjhK02lBXeuzXS3XbquovaxW51dFcnZeNY73xM2jRWDsGaZIrhZQVd4xll6YHXHUkHqBVNfHl2dI/tRvDdytmzrEkjXMXzOZPLwB6bu9Cwda9uXt1XXbr5MPaw7nb4orhrr4ix2tg0h0mU3kU80E9r56koYlDOQVB3DDDkDHrin3nxChhuzDbaVNcRp9mWVzMkZV5wDGoU8t15I6U1gq/8v4r/AD89O/QPaw7nbZo5zXIaT46i1bVvsdvpd0YpDMsE2RiRos5B4wucHHJ98Vn6f4k8Q3PhHXNduIDH5aym2jRIh5SozqzA7jv27eQ2MkccGh4OqtJpLZatfadl/wAHsHtY9D0DtSYrk9b8XvokNo50qa8Etm127pKibUQKXyD3wwPHXpSzeN4IvEttpK2Mkkc0kURnWQfI8ib1BXHHHqQfQGpjhqklzKOmr3XTfqHtYrqdZRXLWuuX1kniZ74fbF0uTMSwRBGZDGrhcZ5POM1jf8J3qGo2tlc6bYDzPt62ktoZFLSBoi4+YgeXgjuOxpxwtSTfLaytrfTVXX4A6kVueg5pa4l/iHClpBcJpk7RyWUd4MyqMK0oiK/UE/j2q1ZeLLpte1u0utMkis9PYYuA6cDy9/zDdklsZGB064oeGqpNuO3mu9u/cPaRex1dGBXnNp4+u47u/vL2ymWwe0t57C2xH5jec+xPmBxgnn5sY5/G6/xItrK/a01TTJrGSN2indp0dUkAUhQR97IZee3OehqngMReyjf0a/z6bO19dBKtDudzupa4OL4ilxbyyaBcx28kcMry/aIzsjkk8tWwOvzdvTmu77YrKrQnSspq1/NP8my4zjLYWiiisygooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAAdK5jxr/wAeGm/9hKD+T1046VzHjX/jw03/ALCUH8npPYip8LO4i/1Sf7oqSo4v9Un+6KkrI5QooooAKKKKACiiigAooooAKKKKACikzRmgQtFJmjNAC0UmaM0ALRSZozQAGsPxGQE04k4Av4ST+dbmawfEbFYdPZVLkX0RCg/ePPHPrTW447nJQW3w5lF/JAdDcSx4uikqkBXYe/ygtjpjnFSz6P4Bi0qZJ4dKWw+1bZd0vymdRjBO7lgCeK53Qfh7fXuhzQ62xsJFhuLa2gWKJvLErhy5ZSd+CAADjGD7VoX3gad9MlTUPENkJJdT+3mZ7TyVDmPZtUiQEHoQQ2eO9d75U7e0Zvra/KTSr8P5tYsNPubOyBW1jk0+4kkAikRnIVY23ZJ3Z7d673PNeb3vw9mmS3s28SwCYWEVonn2qtKwjm83cPnB6jHHYda9IHTDHJ7nHesp8tlyyuVC93dC0UUVkaHOX0fhSLxNbTXx0+PXG2+SZZgspxwuBn8uKyftHhGXxle2Nvp0B1JIna6vF8sxwFkO4sGbrjhiFPXDdak1nwIdW1W9ul1NYbTUXge7ha2V5CYcbfLkJ+QHAzwfardn4Vu7XxJq+r/b7Jl1BcCL+zxujIBC5bdyOfmGBu9q6I1LR+N7W3f3enlsYNO+3U5jwnb+EJdI1eSZzLpwuI/MuroQwQsyblTYsTZU9TkgE5BFdFc2/gV9Esjcf2SNODuLV2mAUsT8+1s5OT15+tUk8AXI8JPocmp2b/6Utwky6f5fRixBCvknJ4YEEDgVFP8ADeaXTtOhGtF7m0jnhaSeFnSSOVtxGBIG492Oe+a1lW5p8zqvfu+2/QUYtK3KapHg298UQ2Tw6e+qWMMRgBK5VeSipzyRjOMcZB71o6rbaFY6fq99f2sK208e+/cpnzVUYG4Dk8dMVkW/gd7DWrK/0+/t4FitoLaZWsUd3EWeUYn5CwOCcE4x6V0Gu6dJq+h3mnw3C273EZjErRiQLn1U8EdsVzubvG03b1emt/8Ag+upcVvdHK2cPge70W7km0uOxslmj84ahG0G59uUPzH5vlb8c1a1C18
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5abc9cfc-0ab0-4e02-a662-40d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-29T08:06:43.000Z",
"modified": "2018-03-29T08:06:43.000Z",
"first_observed": "2018-03-29T08:06:43Z",
"last_observed": "2018-03-29T08:06:43Z",
"number_observed": 1,
"object_refs": [
"file--5abc9cfc-0ab0-4e02-a662-40d9950d210f",
"artifact--5abc9cfc-0ab0-4e02-a662-40d9950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5abc9cfc-0ab0-4e02-a662-40d9950d210f",
"name": "Figure 2",
"content_ref": "artifact--5abc9cfc-0ab0-4e02-a662-40d9950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5abc9cfc-0ab0-4e02-a662-40d9950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAJYAbwDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD2XxT/AMinq3/XpJ/6CaqNrmkNqbacNVsjfByv2YTr5mfTbnOat+KTnwnq3/XpJ/6Ca8x1jwtrtx4zvdZi0xprOPUILhLYTRJ9pCJtLBs5VgQDgkAg+tdWEpQqOSqS5bLTbV9tSoylFXirnoEWu6TcJcvDqNpIlqCbhknUiEDOd3Py9D19Khk8TaDD/rda09PkEnzXSD5TjDdehyOfevO9O0DxfYandanJpCynVIbpLu3R4lKFyTHk78PjjHAwCRWfB4E8R22jXtv/AGWZjLYQwwRPNEWicTB5F3ZwRkMw9mA7V6H1DC8z5qqtp1j8/ud/VFOrPpH8z1063pg006j/AGnZ/Yc4+0+cvl59N2cURazpczhYdSs5GaH7QoSdSTF/f6/d9+leet4V1c37a7/YcKp/ai3P9irMh+QRFC2fub8ndjpWangTXrm8lkfT2sopI7iULBPGQiyvk23XuuRnoCc1EcFhne9W3/gPlpvrbutH06le0n/KeuQXcF1bR3FpPHPBIMpJEwZWHsR1qp/bujvfPYDVbI3ikqbfz08wEdRtzmsrw3qNlpHhrTtO1S7s7G+tYFimt5LqLKEDHOG7jB/GuTvfDetXfjG41uLThcacmoQXccCzwgXKqm3zFbqCCA2CQCDWEMLTlOcZy5Ur2emuum+jvpt37DdR8qaWp3cXivw9MzLFrWmSFFLsFukOFAySeegFPPiLQ13E6tp42RrK2blOEOMMeehyMH3FeaaH4Y1+xaZrjw48heK52edcwFYC4k2iIK3Vt4Dbhjj8q1t4N8T2GlXtpFpnmG7sobaPdLEWgBfdKCSfmxzt9mHpx1PBYbmaVXt1jr369CPaVP5fzPW01bTpDalL+1b7Xn7NiZT52Ouzn5vwqtN4o8P2/wDrtb06PLFDvukHzDqOvUV5vF4S8TtFaaK9iYrez1KW4tdRieNVhVgdpEe4naH52+hxUD+D/EKQadbJot2iWct1+9huYPMdZGUrks3OcHPfmlHAYa9nW/GO2tnv6abp+Q3VqfynsMF1Dc28c9vKk0Mi7kkjYMrD1BHWpMFvvA/lWZ4fimttAsYZ7GKwlSIBrWJspEf7oOTn8680tre41bx7qY0aRmktdTSY3f29sQwADzU8onkM2R0xnjjFcdPDRq+0tKyh13623Wn3X8i3UcYp21Z69n2H5UZPpXmek+FdUMerynT77T9SxO2m3M2oeYkQk4VAqscYBzkjrz2FVofDHif+ztSTT7a50xJLSGNraW/8xrmZXBkdXBOzcuVzxnPatY4Sndr2q0tvbrbs33+9O9lqL2kv5T1UZ9MUYHcVzHhDTDpy37jSbnS4ppE8uCe7E5AVcZGCdo9snPt0rK8faFqWsahZvZ6dcXUKWdwjmK7EQ8wr+6yCwzhhn8R6VlGhCVXkcrLvp29beW5XO+Xmsd7hvSkw2M44rye+8N+L7u6tbiWG8aX7NbLC8V3GDayIAJMktxkjJIDZBxV/+w/Ei/EJdWFhKYVvSWljuECPblNo4L7uDyVwBxxWzwdJL+LHZv5rpv1/pNake1l/KekhSOg/SlyfSuA8J+HLiDXrm81LSL+2aO4lltJZdQ8yNEbjYEDnqCScj0rv81y1qcacuVS5vP8A4Zs1jJyV2haKKKgoKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAQ968+tP+Qnrn/YUn/mK9BPevPrT/AJCeuf8AYUn/AJipmYVtkd94r/5FPVv+vST/ANBNSsfnb6movFX/ACKerf8AXpJ/6CaY99aC9NobqAXJJIhMg3n/AIDnNKLFSaV7k9FVUv7KSVYkvLdpGyFVZVJOOuBntSwX9ldOUt7y3mcZJWOVWIx9DVXRtzR7lnpR1qhqmq22kWyzXPmNvcRxxxIXeRz0VQOpqK31/SrqziuVvYYkkzhZ3EbAg4IIJyCCMUJpvlW4uePNy31J5dK06eVpZrC1kkblneBGJ+pIq0iLGioihVUYCqMAD0ApI3jmjWSJ1dGGVZCCCPYisbVvFOnaNqNlY3RkMl3IIw6bSsRPTzMsCoPPOOxqrSl7urHotTdzRmqi6lYsICt7bET5EJEy/vMddvPP4UxNX0ySCWePUbN4Ym2ySLOhVD6E5wD9aLPsO6L1FZ02tadFZ3Vyl3BMttxIsMqMQ2MheuNx7A4pND1m28QaRDqVokyQylgFmUK4KsVIIBPcHvT9617CutjSpAiqSQoBPUgVTl1TToLkW01/axzswQRPMocseQME5zUdvrWn3OrXemRXKm8tNnmxnjG8EjHrwDnHTvR7w7o0aKpRarp086QQ6haSSyZKRpOrM2OuADk471dpNNbhcMYoxmql/f2+mWE17dPshhXcxxk/QDuTUlrcx3lnDdQ58qZFkTIwcEZFInmV+W+pPRRRQWFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAh7159af8hPXP+wpP/MV6Ce9efWn/IT1z/sKT/zFTMwrbI7zxV/yKeq/9ekn/oNcje+F9Vm8TNqazWbRreJcJvLK21RjaVAwT1+bNdd4q/5FPVf+vST/ANBrjb3xdcweLvsInthZLeLbSJIoVxkctndu698YrCfJpz9zmqez5f3m10SWfhOWP+1ftkOmIbzzXiuLVGM0RcYwMgYAGenrWd4ZUaVqVxe31mba3W1itI5E0+SIuwJz8uCSSBknp0q5ZeI9VvpdRaG70u6WwaYi2hjbzZlUfKRycDOB781P4W8Rahq+qSQT3VpcQpaJOTBCyFXY/cOT/DWcPZ80eT5fj/wf6sZL2TlHlund9u/+fz+Rcv3XxGkEmj3IF3YXCXKrcQyIjcEbSSoPQnpWd/wr62vbaD+0bqQ3QaR5DbhAmXcsQN6k4GcVseLb65s9Ale3Eo3sElmjIzBGfvOMkDOOBz1Nczb674nm0LSJdEsmuojahZpJIllJkUkHnzV9K6qL/fNJ2lb+v0Oj3FVtLWVvl22O706xi0zTreyhZmjgQIpfGSB64AH6V57e/DvU5vEkl9GNHuLd9UGoNPco5uChADQEgEbMZxzXoGlSXc+lWsl/H5d20YMqbdu1vTGTj8zXlHiHxPfXvjG1iOoWmnvZa0tlDbM8glZMA+a6hgrRscdR9Dz
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5abc9cfd-c088-465d-b61c-452d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-29T08:06:43.000Z",
"modified": "2018-03-29T08:06:43.000Z",
"first_observed": "2018-03-29T08:06:43Z",
"last_observed": "2018-03-29T08:06:43Z",
"number_observed": 1,
"object_refs": [
"file--5abc9cfd-c088-465d-b61c-452d950d210f",
"artifact--5abc9cfd-c088-465d-b61c-452d950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5abc9cfd-c088-465d-b61c-452d950d210f",
"name": "Figure 3",
"content_ref": "artifact--5abc9cfd-c088-465d-b61c-452d950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5abc9cfd-c088-465d-b61c-452d950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCADUAlgDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD26TEcCMI1JIGSVpYyrW5do03D2qRSBCgIBBUcNSCeMjAZcdOhx/L3oAjtmWVjujXGOMLTN/7/AG+WmM4xtq3yoPyqPXFBPz/Koz60AHlR/wBxfyo8qP8AuL+VNaXa204z36nH44pxLAE4GPrQAeVH/cX8qPKj/uL+VIWITcQAo9z/AIUiSFxlce/+cUAO8qP+4v5UeVH/AHF/KlB65HTmk+Y84H5//WoAPKj/ALi/lR5Uf9xfypscvmAlMHBweT/hTwc5z2oATyo/7i/lR5Uf9xfyp1FADfKj/uL+VHlR/wBxfyp1FADfKj/uL+VHlR/3F/KnUUAN8qP+4v5UeVH/AHF/KnUUAN8qP+4v5UeVH/cX8qdRQA3yo/7i/lR5Uf8AcX8qdRQA3yo/7i/lR5Uf9xfyp1FADfKj/uL+VHlR/wBxfyp1FAEEyxxpuZBgdlHJqNZYns2mjVGAHG5cVaI3DH8jSKioMAYFAFFbpMENEjMODjC5OegB/wDr0fbYQ2PsxyG29BV/AHYelGB6DrmgCp5yNC8ghRCuMbsd8f561Et2gGXhQqMAkADnn/CtHFAAAwBQBSSdHjmby4lCIGBbkd+uO1MSZiwXyoSSpIGMZ4JzxnjoK0MCkwB2FAGfFcbp0RolwVBO1cnOAfy/D8aRrnEm0JBknAGOepGOv0rSwPT2pMD0HXNAFOWVUmCKkQ+Ukhxggc8n24/nTftMcdqJZY0J3FeMDPX/AD1q/gelJgYAxwO1AFJ5gLdZBHCrs7IA38WM4x78CpXZUfiJHTYWwoycjHH86sYHoKWgCgZx5MJCQ+Y/G0jr7DpSJPugmYRR7kYAYX35FX8A9RS0AZclzJEXRrePfj5flxk8k559BmrElzBHIyCJWAHUFfT/AOtVykCgMWAGT3xQBUjnjedYjAFJJBzjg4PHv07VZ8qP+4v5UeUnmebtXf03U+gBvlR/3F/Kjyo/7i/lTqKAG+VH/cX8qPKj/uL+VBY5OAOB60wzKJRGWQSHou7r+lAD/Kj/ALi/lR5Uf9xfypMtkjA/OlBOcED86ADyo/7i/lR5Uf8AcX8qMkjOAB9aZFMJlDRkHvjkf0oAf5Uf9xfyo8qP+4v5Uu7gkjpSEsqljtAHqf8A61AB5Uf9xfyo8qP+4v5UiuXXKlSPrz/KnL81ACeVH/cX8qPKj/uL+VS+X70eX70AReVH/cX8qPKj/uL+VS+X70eX70AReVH/AHF/Kjyo/wC4v5VL5fvSbB2bNAEflR/3F/Kjyo/7i/lUgUE4Dc0vl+9AEXlR/wBxfyo8qP8AuL+VSbPRqXy/egCLyo/7i/lR5Uf9xfyqXy/ejy/egCLyo/7i/lR5Uf8AcX8ql8v3o8v3oAryRoInIRc4PaipZUxC5z/CaKAIcHyF7fJ1/CowjiNkBTBIPBPt7e1Ykvik20zwfZs+WSmd3XFM/wCEvP8Az6f+PVusNVavYz9pA6PaA0jB3O7oOuPpTzwcnpiuZ/4S8/8APp/49Sf8Jef+fX/x+j6tV7B7WB0UkW9m2vjd22+lSBv3YB+9jp61zX/CXn/n0/8AHqP+EvP/AD6f+PUfVqvYPawOkcK8e1jjp2qOJPKdjuBU9TjpXP8A/CXn/n0/8eo/4S8/8+n/AI9R9Wq9g9rA6bqWx6CmSfNAyD7xXAFc7/wlx/59f/HqP+EuP/Pr/wCPUfVqvYPawN+MBZNwUKMdjnnOanHJY+tcz/wlp/59f/HqP+EsP/PqP++qX1ar2D2sDp6K5j/hLD/z6j/vqj/hLD/z6j/vqj6tV7B7WB09Fcz/AMJYf+fUf99Uf8JYf+fUf99UfVqvYPawOmormf8AhLD/AM+o/wC+qP8AhLD/AM+o/wC+qPq9XsHtYHTUVzX/AAlh/wCfUfnR/wAJWf8An1H50fV6vYPaQOlormv+ErP/AD6j/vqj/hKz/wA+o/76o+r1ewe1gdLRXNf8JWf+fUfnR/wlR/59R/31R9Xq9g9pA6Wiua/4So/8+o/76pf+EpP/AD6j86Pq9XsHtIHSUVzf/CUn/n1H/fVL/wAJT/07D/vqj6vU7B7SB0dFc5/wlJ/59h+dH/CUH/n2H/fVH1ep2D2sDo6K5z/hKD/z7D/vqj/hKD/z7D/vqj6vU7B7SB0dFc7/AMJOf+fYf99Uf8JOf+fYfnR9Xqdg9rA6Kiuc/wCEnb/n2H51atteinDbzHCQcYY9aTo1Er2GqkGbNFYtzr8cGBGUmY9l7VX/AOEmb/n2H50KjUavYTqQOiornf8AhJm/59h/31S/8JM3/PsP++qf1ep2D2kDoaK57/hJj/z7j86P+EmP/PuPzo+r1Owe0gdDRXPf8JKf+fcfnS/8JKf+fcfnR9Xqdg9pA6Ciuf8A+ElP/PuPzpP+EkP/ADwH50fV6nYPaQOhornv+EkP/PAfnS/8JIf+eA/Oj6vU7B7SB0FFc/8A8JI3/PAfnR/wkjf88B+dH1ep2D2kDeJwW6AnpmoLeFYSXbDSscs/P+FZP/CSN/zwH50DxGxIzAPzo+r1Ow/aQNtsNuG4jOORSrwRgkgL1NZE+veTLsRVlG3OVPFRf8JG3/PAfnSVGo+ge0gbL5MW0E7gRxkikjQByxyOwGScVkf8JEf+eA/Oj/hIm/54D86PY1Owe0gbZ+ZXxUU6+YU28jB44/rWT/wkR/54D86P+Ehb/ngPzo9jU7B7SBp28RidSTnAIJ45/ACrUZA5J71hf8JCx/5YD86P+Egb/ngPzo9jU7B7SB0XmJ/eX86PMT+8v51z3/CQN/zwH50f8JA3/PEfnR7Gp2D2kDofMT+8v50eYn95fzrnv+Egb/niPzo/4SBv+eI/Oj2NTsHtIHQb1P8AEv500EBvvrisL/hIG/54j86P+Egb/niPzo9jPsL2kDVaAbmYTKuTnA//AF0oh+8TcZJPHJ/xrJ/t9v8AniPzo/t9v+eI/Oj2M+we0gbEYWLnevI6Z/xNT+Yn95fzrA/t9v8AniPzo/t9v+eI/Oj2M+w/aQOg8xf7y/nR5if3l/Ouf/t9h/yxH51orcs8SPujG5A2McjIz61E4OGshxkpOyL/AJif3l/OjzE/vL+dZV9qRsrGa5+STy13bF6kfnVlpmViN8WRxj/JrPmRdixNIphkG5funv7UVmX+pG1ijJCP5sqw4U8jccZ/WijmEcHqur6Xa3t408GrARSP5ki2pMYweSGx0rLufF3hexSJrufULZZl3wmaEIH
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5abcf6c9-60b0-4aa8-b52b-4f7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-29T14:23:05.000Z",
"modified": "2018-03-29T14:23:05.000Z",
"pattern": "[rule r4_wiper_1\r\n{\r\nmeta:\r\nsource = \"NCCIC Partner\"\r\ndate = \"2017-12-12\"\r\nstrings:\r\n$mbr_code = { 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 5D 7C 33 C9 41 81 F9 00 ?? 74 24 B4 43 B0 00 CD 13 FE C2 80 FA 84 \r\n7C F3 B2 80 BF 65 7C 81 05 00 04 83 55 02 00 83 55 04 00 83 55 06 00 EB D5 BE 4D 7C B4 43 B0 00 CD 13 33 C9 BE 5D 7C EB C5 }\r\n$controlServiceFoundlnBoth = { 83 EC 1C 57 68 3F 00 0F 00 6A \r\n00 6A 00 FF 15 ?? ?? ?? ?? 8B F8 85 FF 74 44 8B 44 24 24 53 56 6A \r\n24 50 57 FF 15 ?? ?? ?? ?? 8B 1D ?? ?? ?? ?? 8B F0 85 F6 74 1C 8D 4C 24 0C 51 6A 01 56 FF 15 ?? ?? ?? ?? 68 E8 03 00 00 FF 15 ?\r\n? \r\n?? ?? ?? 56 FF D3 57 FF D3 5E 5B 33 C0 5F 83 C4 1C C3 33 C0 5F 83 C4 1C C3 }\r\ncondition:\r\nuint16(0) == 0x5a4d and uint16(uint32(0x3c)) == 0x4550 and any of them\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2018-03-29T14:23:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5abcf6f8-e8c4-4164-95fe-4ed7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-29T14:23:52.000Z",
"modified": "2018-03-29T14:23:52.000Z",
"pattern": "[rule r4_wiper_2\r\n{\r\nmeta:\r\nsource = \"NCCIC Partner\"\r\ndate = \"2017-12-12\" \r\nstrings:\r\n// BIOS Extended Write\r\n$PhysicalDriveSTR = \"\\\\\\\\.\\\\PhysicalDrive\" wide\r\n$ExtendedWrite = { B4 43 B0 00 CD 13 } \r\ncondition:\r\nuint16(0) == 0x5a4d and uint16(uint32(0x3c)) == 0x4550 and all of them\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2018-03-29T14:23:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5abcf8df-cb18-4d66-b9dc-4453950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-29T14:31:59.000Z",
"modified": "2018-03-29T14:31:59.000Z",
"first_observed": "2018-03-29T14:31:59Z",
"last_observed": "2018-03-29T14:31:59Z",
"number_observed": 1,
"object_refs": [
"url--5abcf8df-cb18-4d66-b9dc-4453950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5abcf8df-cb18-4d66-b9dc-4453950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4cca3ed7-3809-49d4-b41c-2e0827db2d75",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-29T07:59:57.000Z",
"modified": "2018-03-29T07:59:57.000Z",
"pattern": "[file:hashes.MD5 = '350cba65e28c723cbf0724c19bd7ee69' AND file:hashes.SHA1 = 'c8cb01bc1f62c6d6b95caa7bf2cae167d5736ffa' AND file:hashes.SHA256 = 'ca057fd197fc99cfb60b7379cb64475e6bd206fdd4b019f1f70c2214115f3b83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-29T07:59:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fdd73209-3bfc-4cc4-b70c-28f6bb7624f5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-29T07:59:59.000Z",
"modified": "2018-03-29T07:59:59.000Z",
"pattern": "[file:hashes.MD5 = '350cba65e28c723cbf0724c19bd7ee69' AND file:hashes.SHA1 = 'c8cb01bc1f62c6d6b95caa7bf2cae167d5736ffa' AND file:hashes.SHA256 = 'ca057fd197fc99cfb60b7379cb64475e6bd206fdd4b019f1f70c2214115f3b83' AND file:hashes.SHA512 = 'a1642a8011d5196a4efcbea6ec37e3c1c5f56e1d0160f33d681c5c673757d4e0688a031aebf40a8ec485cf55f4eb5b5fd4e268850a58e684d0fc3c7dc3b632ea' AND file:hashes.SSDEEP = '192:s/7pzppvWcUcHfHxSnx5LqSe/7m8EI2K3A+Y6Geny6VuwjZhfJP4oynQ6f:K7pvWc/HfHsFGqrI2K3AZwuwzV4+6f' AND file:name = '350CBA65E28C723CBF0724C19BD7EE69' AND file:size = '20480' AND file:x_misp_mimetype = 'PE32 executable (console) Intel 80386, for MS Windows' AND file:x_misp_entropy = '2.914359']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-29T07:59:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink