2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--f78232e7-0b7a-49f7-9e57-1482db2b6335" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:34:46.000Z" ,
"modified" : "2020-12-14T07:34:46.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--f78232e7-0b7a-49f7-9e57-1482db2b6335" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:34:46.000Z" ,
"modified" : "2020-12-14T07:34:46.000Z" ,
"name" : "OSINT - UNC2452 / SUNBURST @vxunderground OSINT related findings" ,
"published" : "2020-12-14T07:35:26Z" ,
"object_refs" : [
"indicator--85510dea-92e3-4135-87db-06da6bce4c2c" ,
"indicator--f37e202e-5d7a-4a1b-a2e0-8909ce5945fd" ,
"indicator--a70342dd-16f8-415c-8796-d5139e24ad75" ,
"indicator--e6fe6399-3e40-4fbd-93e5-44fec18c2583" ,
"indicator--5d539d55-5211-42fa-a609-c2e471bfa43f" ,
"observed-data--ef7c91c3-3a91-48f9-a2fa-931cc4a228c2" ,
"url--ef7c91c3-3a91-48f9-a2fa-931cc4a228c2" ,
"indicator--da3da386-9fe0-4822-a352-64a138239031" ,
"indicator--fbe3a5fe-538b-4727-90d7-41a9d15a4c58" ,
"indicator--7370a818-1f90-492f-9c8d-213e3414d8cf" ,
"indicator--7794b113-2f04-424f-ae5a-dd801e020d01" ,
"indicator--d47e29ef-e08c-498c-a5c9-779a6a2b79f4" ,
"indicator--a224f9a3-c58e-41e0-9841-460afdd9f409" ,
"x-misp-object--8329451d-10ab-4ecb-9cff-d5de9c33c5f6" ,
"x-misp-object--aacff3c7-77c9-4c70-ab9c-9cea57951fa5" ,
"x-misp-object--a496eaac-08a1-4a65-b489-96cdb0868312" ,
"x-misp-object--96ffe3c5-a158-40f6-a5ff-156ac385d32e" ,
"x-misp-object--3073a9b9-f747-4ec4-99c4-f6b5c93fbd7f" ,
"indicator--a75bd08b-b215-436e-91f4-3382bbb70493" ,
"indicator--4d4b2085-63f5-46b0-978e-15e1117a003d" ,
"indicator--9934ff43-6bfc-42a6-baab-5d798458b78e" ,
"indicator--8ea7172c-eb93-4bf5-8baf-630fa26e5d2e" ,
"indicator--77c4c4d6-1725-4aa9-a5e3-ebdeb89500de" ,
"x-misp-object--c35e55e1-dc94-49a7-a3a1-4018b4f17a04" ,
"x-misp-object--fdf86a09-fb48-495d-8bf3-50579e86edd8" ,
"x-misp-object--4a09fc7a-97ba-434d-a669-fc640686e880" ,
"x-misp-object--9d50d8e5-8c9f-42d3-b0af-aba92a54dc19" ,
"x-misp-object--712c68c3-179a-442b-b713-fab9eaa9b67e" ,
"x-misp-object--6288dea8-53e7-4000-9bca-0ecc20bd35a4" ,
"x-misp-object--d1e0ec27-f60b-4a3c-931b-c7569be605db" ,
"x-misp-object--efe9facc-a05f-44d0-901f-62e4e870ef95" ,
"x-misp-object--aacf1b7b-aa96-4762-896a-a97ba1bd5c0e" ,
"x-misp-object--95432908-2bb1-4cca-8b88-db3d0c4bcd6d" ,
"x-misp-object--7d04169f-afa9-41b2-8992-c693a431abba" ,
"x-misp-object--9eb3ca01-80fb-4660-933b-05aa267d4a26" ,
"x-misp-object--4d9cc854-ade5-46a5-8df0-02ef90e5b8ea" ,
"x-misp-object--3592e786-423d-4e1f-abad-4e12fe86fc0b" ,
"x-misp-object--55c48bc2-d156-453e-a905-2649d1b0ee23" ,
"relationship--52204c50-57b0-4f6b-b29c-c54301cdb9f5" ,
"relationship--22eade95-9775-4725-a3ed-eeff959bc498" ,
"relationship--effa6eb9-78c5-4a06-a3d7-dedd3829d1b1" ,
"relationship--55e7e38d-a6cb-4e7a-82ec-5265baa858b5" ,
"relationship--705b403b-a4bf-4850-b161-4c023a1f5d25"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--85510dea-92e3-4135-87db-06da6bce4c2c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:22:26.000Z" ,
"modified" : "2020-12-14T07:22:26.000Z" ,
"pattern" : "[file:hashes.SHA1 = '1acf3108bf1e376c8848fbb25dc87424f2c2a39c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:22:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f37e202e-5d7a-4a1b-a2e0-8909ce5945fd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:22:26.000Z" ,
"modified" : "2020-12-14T07:22:26.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'e257236206e99f5a5c62035c9c59c57206728b28']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:22:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a70342dd-16f8-415c-8796-d5139e24ad75" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:22:26.000Z" ,
"modified" : "2020-12-14T07:22:26.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'bcb5a4dcbc60d26a5f619518f2cfc1b4bb4e4387']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:22:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e6fe6399-3e40-4fbd-93e5-44fec18c2583" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:22:26.000Z" ,
"modified" : "2020-12-14T07:22:26.000Z" ,
"pattern" : "[file:hashes.SHA1 = '5e643654179e8b4cfe1d3c1906a90a4c8d611cea']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:22:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d539d55-5211-42fa-a609-c2e471bfa43f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:22:26.000Z" ,
"modified" : "2020-12-14T07:22:26.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'ebe711516d0f5cd8126f4d53e375c90b7b95e8f2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:22:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--ef7c91c3-3a91-48f9-a2fa-931cc4a228c2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:23:07.000Z" ,
"modified" : "2020-12-14T07:23:07.000Z" ,
"first_observed" : "2020-12-14T07:23:07Z" ,
"last_observed" : "2020-12-14T07:23:07Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--ef7c91c3-3a91-48f9-a2fa-931cc4a228c2"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--ef7c91c3-3a91-48f9-a2fa-931cc4a228c2" ,
"value" : "https://vxug.fakedoma.in/samples/Exotic/UNC2452/SolarWinds%20Breach/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--da3da386-9fe0-4822-a352-64a138239031" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:34:46.000Z" ,
"modified" : "2020-12-14T07:34:46.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 846e27 a 652 a 5e1 b f b d 0 d d d 38 a 16 d c 865 ' A N D f i l e : h a s h e s . S H A 1 = ' d 130 b d 75645 c 2433 f 88 a c 0 3e73395 f b a 172 e f 676 ' A N D f i l e : h a s h e s . S H A 256 = ' c e 77 d 116 a 0 74 d a b 7 a 22 a 0 f d 4 f 2 c 1 a b 475 f 16 e e c 42e1 d e d 3 c 0 b 0 a a 8211 f e 858 d 6 ' A N D f i l e : h a s h e s . S H A 512 = ' c 26e275 b 4232 b e 844 f 6 c 4062 a 4 f 42413099452085060 e d 4080 b 880 b 52800428 c d 32 f 69271 c 98977 f a 979 a 89355 f b b 3 b 485855 c a 3 d 51499 b c a 12 d f b f 8 c 3168 d 2 f ' A N D f i l e : h a s h e s . S S D E E P = ' 12288 : 5 J K o H w f n / j z 3 b b O 4 Q a g 2 I 97 P M i e S L e z P K T + B Y v j e n W H u h h 9 c 0 g 8 v k z K 19 Q : v E f D b O 97 P 8 T r K 0 Y b e n W H 4 c 0 g 8 v k z K 19 ' A N D f i l e : n a m e = ' c e 77 d 116 a 0 74 d a b 7 a 22 a 0 f d 4 f 2 c 1 a b 475 f 16 e e c 42e1 d e d 3 c 0 b 0 a a 8211 f e 858 d 6 ' A N D f i l e : s i z e = ' 1028072 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A E E 7 j l G R + 7 X z x l Y F A O i v D w A g A B w A O D Q 2 Z T I 3 Y T Y 1 M m E 1 Z T F i Z m J k M G R k Z D M 4 Y T E 2 Z G M 4 N j V V V A k A A 4 k T 11 + J E 9 d f d X g L A A E E I Q A A A A Q h A A A A Q 6 / I x E X U 0 P Z o l 9 U 2 h f g k f O j A i N S y n f W p O U 2 f t g Q Q u 8 g V B H o B X Z l K 1 e t Q c G r m o e C q r 8 C B L U q k N 6 o 0 d 1 u q R t p V r q i 4 F q U 24 W Q E O T u S q Y X c P q B J G V J D C F h z / N e u p l V U + O n m s s 4 Q Y g R l m x T h B 5 p H 8 i L H I m r 4 B c U 0 8 / U 3 Q R K U g w N 5 J 2 y F Y w z r m A g m W 8 v S r p d B D 2 u v r M F 6 s S Q r q x R B x j X e W n A D A u 4 E v E Z z M j e 9 S M C o E 4 t i G P 5 R z 5 H 9 Q N O a T Y n Q M P / G h h k w 3 E D R B 1 b q m / N H 3 E l A 5 E a x / u p Y J o k a Z T b g + b N B 2 y X n G i O O X 0 L r v 0e54 x t X 54 v o f s u o Z L n u K 5 T p 4 a W o f e R e D E 26 v A B z A L I Q v n b e v e k K H K 1 q e Z 43 z O i i z y C h e j V 9 o Z B F y y u D i g m l n 0 t M E 6 o g O b 7 y y p I X G J J x N 1 h U n u N n C v 8 T J A C 7 / 5 P V B d d P Y b M X w j W X L I b 2 P z q F r b v w e K + b F c W 5 Q M 89 W 4 P g j S H / 8 g j Z 7 z Q N H z y M 9 U F + O T 4 F D Y u k N B 2 m g d I l Y Q A x 7 b O C 84 q W g l u p T B b a x F + / D y 9 J H R R E x N 1 z x q V D f 53 T c Z O 2 z s Q 6 w J x H a m N X t 4 e H 5081 E K y o u e d 2 c w R t H O j x r y t a E I G T d M w D s o s 4 D 3 l m J q I K g O E u C L Q / H X H R P A g 3 o z S A Y C e 5 B S B D / H d + c r O d o o 5 + i B W v l 3 X f + 57 L 5 E N w N W n j T l V B O F w 4 k b k x K C R l 2 Q U z 89 K h w O g a e t H V o 7 T z m 8 U B E Q c a h 5 j y W z P Z Z K 3 t f D J / B T 8 i y z 9 y n 6 T G T n 8 X S 2 y P 5 / h J A i F M V g j O v e S b 1 a f 3 n 3 S X T 859 O Q k t V O R n 6 d g G j 2 u f X d h R H S C q B e 61 G 0 i Y S u u P e 1 U 2 O 5 J N N h v I b L a 3 T k m H A A C x z g G f 46 R O R a a i C k A s I V G f p f s j K i a E a p d O D E b V m o v H N 7 a C D U 35 D h y C J E Q 750 h C t G Z h Q h D Y n a U + 9 O S c W T z p A 0 9 M U X 37 v 6 f O K F o n r V v p U U q J M 9 p m w + a l 3 q P V I b S k F Z q e J H G J J w T u S t u z J x h y 5 f 4E1 w v g l r o k C o + H W 4 u c s q F T t s t + H I p r s O x m U o A k G L + H 9 H w o 8 w 2 m w Q P o O a 8 G n n s M 1 / d c v p Y I z i 5 Z b y I 3 h m Y h A 0 r L V y a g O T + Y x U / f O P T c J W x N c X J 0 K t a D N 8 l E U 0 E R J 4 e s s 0 w r W A q h e i y o X G w N V l t D g 7 M e d Q s 3 K i A 4 P I 21 V C D K Q k z l o D e U n A c 4 L 3 l k / c G s v g F f b c w Q p 5 V L l 2 m 56 I k u Q i m c u x E + r Z I H R B 4 / 7 + Z l L 8 I l c E P N X x 0 M U 4 i 41 N g a N T y F / 1 X m r X y w R w u q w y v a S k w l s f f l 9 k v B g / + g x q G t o 5 D s O N Q J a 0 O t k N 2 n X C P D h o H 191 B b m 24 I j t C q O a q 4 I d Y d A 8 r Q 7 q n p Q d t j d s O O f N r D m S y n b n W Y p M I y o k n W V Z F g X 5 k t 8 R 5 Q Q h B L P y v l a y a V B a U Q U n P A 426 t r O a 6 z M S t H N O i + e i l E O o T E w d p q N r 6 U N R Z 4 + D w z r d h y d 9e3 h Y G A P b o 6 o O m v c F w X / U x x E M z t f 9 O K s Q l 2 D / h I r v G V o p 4 B L k t 5 h a 5 G S Z h z D l 0 L U R 8 T R x x v / M I w Z M P c E J w 9 T S M x I s q v U Q L A D U 0 r 7 U M E V c w n J Z Z //DCuuN+SX7Rly56P82+yQu323xK1lLcydl093qU0LrMG1mnuSpgHOY+9936ZoWH/H2BoH4ZJiiE38++O7msahX8QDenxU+vpBee21GjWCtWI0HLzH8P1ipz4JZU/IhIXzi39zDrXOAS9fzMSdigdolSlti5r2wVSOXJreTgtw+tgkY4YwMbEHFzp1kUfG7+y+hbWS3ieQYi5w1oL1KStACaEVv1HIrRD1Sg59PcAcg066oeyiawY8340CQVXcUCeOzwmakZ47kBmCxqhGmx0UAaxUK4+1iE68LgSql+pkv2bbGPPBR3Y1tLRhdhGb4fAzTND7Gh5JUnrOs0oLHk+664FgpRRwk6ByL/p3ICQeK4I8cpWDBtjNLMKUGJCYZGDth/obIOMwKBgEOsFnLD4Wu2tomtH9BUziOFevoeqvYA6YhK+z71ShDCT2X2nP+U0gsag3gkNsPylwXSko1BWFUajqXP7Ma6t7Ryj0w7g+DmzU+2i+ysYFlszX7jEVQaxu6UMJblC3KSC6FyGhUUTG2+622463Utci5mbTuHwMOOexK96/uFZ6utNfEin6EFrR47a7hSxIP2Nzz1sYB2I19pLTVA95eaHUr+AUNgUJ0YonA5MJzDT6L7DRJM0FXU5CwnnOpK8JrS+npiV7luOgkri4OwXZ4Q7NFO6Ciy5Fgo1zrZKb5jvXvqglAJjsr9NXvm+2QQPRpiNSENh/Vfbf84qEtMgYCjgKCkIZAV0txsK9J4JlEf9SdZiNq78nNG56cE6Aai352QGzkA1ZEGpRi4sAoDT7dBt+dOmsIf1fHHdgkf6aLiLxsb/qdsymE+ITTRYIYJ7fVApDOMoghPbhsomNqumuN9jGLqmwNdFmeplQ4G5My9Ufg5OUTWZTlm2wh2VebqCPi1B0SpeXRUJaxXDdVtPnSh89vj2lPt/OTSISl+0yyUQsTyb0q1q15uGxADl5YYvWCEhFZf4K99hes6zRPGSZP3pziC5DwVXkJmn5HMNCATl5CnyMsLIIGeePrjWtZ7AeDus/9WJeqR2x1Jj1uUKX7XmZ/fsGUXP0iSf35GFwnj4bAR4wSufQsJ66SCBERr7gUolJ7w5I43dX7ijp8SwagqPV8ZAVBxKNm8i6Q0rz21sbyE1ZcSPAjL7S28K9HrEBAS4nwfmnaAueZr1LqoFzBs9/AKAKTW4dYYoQbPMGT8b/CDYQ21fq1ZA/AVBnzVXNRsRITZzCyphiLldJAWjFFVXAfUM3WxbFKHS21Xl3qyQgMHtNnAGmpamzafDOR7F5YpI5iDsRkbd9+6ULf0SBmlYYHaaZqfL2qhOwuJ3U2kYOF/wtpD8U7HCLVxIXMgdYpDHFHZsp1zNfN0WMoleBCRUrTOXL51XeGHIizosV8GEsU+NqbY4YM/pOLAIGci5buHTiVNA4Eu7yLqCgV/z9U41DRUTUZ9zxJuj139YXPYpFlgowTNWwH0TZvYLQ8EB+oOjKuYcfiJwzuwrY+sVqp987Enfen+lg18ZwuA0R1NJZN2H5paFotiaZSaVgOLWYfwMxOQoehVOe+kHzvYTww+5OXSCc46z4DGEtKfx+YSOY5BLl5xoZkVt/zxKX7m5qqsnyDN1mPFN40dwVcQUpGznQzZ2abm+SLx5XrBDCefd/+SuVaRt1bh4cnPnQ6X4hFf4YCqeKACFzUP5Pr10sc3r/iLk+XHZ7AZrXAWmYk20Lm6YbAbBVXorw7qImp6+wc2Ymxq+texZhg1X67QGdo0ZROG9GWSdvt0xxAp4
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:34:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fbe3a5fe-538b-4727-90d7-41a9d15a4c58" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:03.000Z" ,
"modified" : "2020-12-14T07:26:03.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' e 18 a 6 a 21 e b 44e77 c a 8 d 739 a 72209 c 370 ' A N D f i l e : h a s h e s . S H A 1 = ' 5e643654179 e 8 b 4 c f e 1 d 3 c 1906 a 90 a 4 c 8 d 611 c e a ' A N D f i l e : h a s h e s . S H A 256 = ' a 25 c a d d 48 d 70 f 6 e a 0 c 4 a 241 d 99 c 5241269e6 f a c c b 4054e62 d 16784640 f 8e53 b c ' A N D f i l e : h a s h e s . S H A 512 = ' 17 b 4 d e 6158 d e 0 54 c 0 2849 b b 728 b 9767208 d 3 f 0 7 e f 18 d 4 d c 41963 a 370 d 34e9 d b c f 7 c c 4 b 729726903 f 1 a 7 a f d 4 e f 7e8 c 1 d 781 c 20 a 3049 a 2 c 160 d e d e 23614352 f 11 c ' A N D f i l e : h a s h e s . S S D E E P = ' 24576 : l d B f e H c r h C E C R 1 R / z o i 8 S H o N 0 W 8 v B 8 O 3 I c u : 5e8 n K / z o p S H o N 0 W 8 v B 83 ' A N D f i l e : n a m e = ' a 25 c a d d 48 d 70 f 6 e a 0 c 4 a 241 d 99 c 5241269e6 f a c c b 4054e62 d 16784640 f 8e53 b c ' A N D f i l e : s i z e = ' 934232 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A E I 7 j l G c S E J O 6 t c E A F h B D g A g A B w A Z T E 4 Y T Z h M j F l Y j Q 0 Z T c 3 Y 2E4 Z D c z O W E 3 M j I w O W M z N z B V V A k A A 4 s T 11 + L E 9 d f d X g L A A E E I Q A A A A Q h A A A A L o w h Q T s d 871 g R U Q H C A c g b X n 3 w 0 q O y o 35 L n 68 C O D P g k Z Y w l Z s X d R u 5 + f a y J j e e + 0 D k w I h O 7 u 7 k x I I / M N t S D w a n o E f 6 f u Q w x 7 X O 0 M 0 d I L 6 g Q A e G I 7 b i t w L u c 0 S / l x c X r C h w t 9 + 3 + r U s E A 3 n 45 f B z y + 7 z t N 0 R w l a 2 g h A y y 2 X 5 h U q H 77 V X B d 4 M q 2 F G 2 n z Q + p W x O D a I E m d s O 64 P 385 T g a e j A A / C 5 w a T w F U s e 59 w t z Z E 8 b Q r V Y 94 t + 17 a 6 t t m N U T c i J W b d z r a 27 P U T 2 h 2 n v 0 0 D 0 z 364 J U O e H d t u e J q A 3 T f L o S f t q Y L b w z J t L O 5 d U 7 F r 7 n n k u W l y n J m x 8 D S p O I f i D M J 79 W u 2 w 35 C + r e 0 R + Y p P J 5 n w R 947 Z Q r 8 A T v a X z c b V T t x c V L x G k k w 1 t R M 16 O K v Z 3 m A 2 Z K V f D Q P / 4 T G v a E L g z n O R 3 I V W W J C I 7 G M 5 t a j 2 o y N n K L M x X Z e G P b h q w W o M R Z X P 5 m x v Z T L e w b j B G 3 m q p Y E q Y x m n q A T b E Q D a s 1 b 0 e a z a 7 / A 5 J N 3 p s T j O Z c D 0 l N O O b E g b u P a l s c y d v 0 4 F n R A s 0 v R Q T 4 q f r 2 K s w p D N h Q R t M E b H w w l W / F D n 31 P t 3 o g i D 36 D 9 f V d j J I b I x X / W I 1 O F 0 y y Q l 4 a r 3 h 4 Y B w f Q C E L I H A 0 P M u N B R V U o L Y Z R B S + l K T q 3 B H C a N l / C S + Y h 4 K q 4 t M o g / 0 Y e p q e c H d h w n a + j b 8 X O J 3 o X y N U l 5 l T m P x q a Y W 4 K M p j t I V O q q B v B 5 a N V S N T q p P c w / f G G 7 R S / n v K u p 8 J u Q r S M M / u 0 R r r E L U F t S Z / S O 0 W w E X n k Z X c 66 g v P T u f c r U C 5 I E h o u G 5 o r k K k t O A 1 X t S E T L C l l J + x P 4 c H r Y G Z l U F a 29 N / 0 M w G M 5 b h F B n h r V I 1 h 89 U L f r k Q 2 Z J B R F 0 w g P X w 11 L C F w + G E 7 R G Y 8 I G s a A Y 0 u b U k M F b 8 M F f 8 D F y V F A R d o F f O / p w s c J b i Q F h n g H B 7 v F l L f 3 A + b N G f v 1 L C d X s c E r K t y Y a Q g e 459 b G U i I d 0 3 G S n J a c k 9 q B 1 Z L I o a f Y v m g p S d f p U I + O R Z h f V c t 7 / K R 0 l i H 7 m b o h 0 C 3 O 0 / 8 d 6 Q s N + 61 g P W 9 V G + U w D a P I o 4 U h y i / I 44 l y O 1 N k 9 e Z T J A I Q W s e M 7 p e o 5 Q B G G 31 C a 9 j n y l / X e x B c K 985 q k 5 i q d L 6 G i m M g m V e K p / 3 W N 2 B Q K y D N Q C K L N 1 h O T F D X e J I j 34 W 9 U c D Y a Z q 26 X W K a 0 R / u e E p p + N I K v b T 2 x M G X c Z x f / W J C t X 3 G f V A a f U f t Y j d y J I Y w 8 k n b x o c 1 S X Q L L Y 9 M / + A O c T z z K y R p / o T f W y i 2 g t E I d O 5 d B E / 7 h 3 y d L z 7 x O Z a O X H j x f M j L G w Q A 1 q N + O A Z n M g 9 C 6 o i p N M M m W N Y 3 I C / X O R s n A t 8 X M a o / s W b 6 D K I D 6 O O W 0 w y y N K Y 2 P Y h j L e 5 w Q Z L f F Q A Q v S 6 z n L 4 I Q X u P u p N C R p U j K q i P L 3 t d 6 l B T x T I M S f E E X K G l N d m 9 l B 7 r F / A + K c + i P y L 7 t V p M G W h e s 5 N B z 1 y R w y F X X 6 n N L T T c N B 5 Q r o B L f G k M R Q D M 4 n c H A a 51 n n s 1 i o I R R T a g K X S O 4 K T P v j x a E B 7 O P o W A b v 9 a D 7 Z s d Z c B M U k O W U 0 u I F v x m K + k 1 t y K Z n 5 o D c K H + n H 3 k B 9 n e z 1 d O 5 W 2 H J Z 7 r Y 56 I F 8 + b J 0 3 T B U V 7 q V j h f z 1 P s M 5 f 5 V z q f a j S m O O l 0 h J t v / 4 d l v C Q y K j r v e P Y Z n + s u d n C F 7 R R 1 e Q p L t j B w d G i H 9 A y 9 O 3 X J Q G r v t m j m U Y c w r N k l 1 I 9 c t D r k s v v q T T D 83 d X m g a f m 5 / r h V k 0 V 99 b B D e m W c v E w g a v d z l 2 K f Y z x S 9 k G 9 h N 1 V M / X A Z G I L J 1 T K Q 1 W K O 34 n x u 785 J m 4 / K Z m T A 3 g i 35 n p d 9 z z t 18 S a k S i l R x m u O M B N U L X M 1 G i h h X b R v D t G d P m T a / n 5 V T F z i I V Y H p o H v 0 O b z b K 3 e g 8 W x g R U / L s l / n s z t W Y 2 T 5 d l 5 O Y X O y n 7 S D g U 1 / z M J g r 8 Y p x r r / p F a p D R F L U g e 4 S O O w c H o E 5 R w j m K h c M w u z f + F G B W N M 45 L q U u m 1 E P K 2 b G 1 J S g l y T K J w L A p H 9 u L 0 E O E Z A L r 9 D N m j J v J 0 S c U Y U C w A v J i t F N d 3 C W o j P g S p 2 J X s L V n 6 A u x d k q a 2 F A + + h u V t K 3 Q B q G P i q L p m 6 L 1 q l Q k y P 6 U J e 3 o W H I 4 Y 956 D x o d g q a a a 50 c T y o A u L Y 0 b A 0 p 1 c K E D T O h R R L Q N 8 C x B w y o V l J n L X 4 D P q L X v A S b f W n 1 q L E K C p 2 v 42 k t P G y h B G 9 m i Q Z a r a R p D R u 0 E + Y d 6 u H t T S W D D M T g 4 E / s T z i 0 w / + 2 L g 8 V k t W q + g q 8 p + V Z Y O Y i H C r x 2 M 1 m Z k h e c 7 s + P q E V B l h V e y I G 5 s b q G V T V O s L v T W R 8 z t 8 D R R 6 M 5 g A o I N w p S V F 9 V n T i l k h J 2 D M K E e N U k g 2 s k 81 f 4 D q + r g I S s 9 t l 4 o t p V D u P R R H 57 E U v f E 6 n + + d / b H Z K j R a + z l a S p S m C + p u D x 9 p o t a f w b 3 G S / n X a Q k v B 33 g I o g I c A 8 H L v W f 7 m r 5 I N 3 d B v 8 w i B 3 W s o Z Y a r / R a u V F H G O y j 4 F j c n E 12 B t B Y p h v f / L H t P J q z z p k e r i 9 X X 3 X I C J 7 x i b e 33 k 5 d 928 c z 6 K H X 5 M w l j A z Z q 37 z + R F 0 N r p z s L + t a i v Y m p z 56 K 7 x 2 / W Q d d D D u R G 3 S 8 j e k X U F J V W c I O z / L a K w + z C 0 3 V c d 3 R O B 7 X i H Z E C Q s B i 4 Q A x e F X 6 j f t O H a P F C k M D B s b v U w B k T H o L m t Z W 64 x q r M U Q 2 D j 1 e C p J 8 z 4 + y d 1 A T s / 4 Z s 6 e r u c b j l K t M G / u z 1 c R / r 775 m z 6 g P I G X x b h R D 0 j c L L n o j y e G 0 r N / 4 M W k Z N n m K z n s K v k X o x d d 41 F 5 N x f w S 6 X C T N 0 t S I j 5 + N Y T J 0 8 N 3 c 3 G M 3 l e 5 i i 44 w y v I 1 I r 7 T k A a T o S w t K j w h Y v L J / R p 7 v O I v G 2 b I l e 5 + R H y p 9 W g t h H 6 q t 5 c / 9 Z g f a Z 0 x e s I r h 0 45 G L x V 39 r o M Y j a g 6 O k U Y 7 B q L 9 N H 36 d 4 P w T r c b R X R r m 3 O g m N 7 B W R B T m Y v K x P p v X m F x S Z f O e h 1 r y 7 s 0 l N 0 0 5 c L 0 k z w s Y E A v S g R n L D P G t C i N c X K r c 84 V p O v J e f 7 W g O Q 0 N k x a O 34 H U W A G 4 Q 0 V G Z v / v h h o g 0 a H V h b W 3 C d i i 4 A 1 X X v N y j f B Q l V i F y P r r u g L / R a I D c 3 / N v 57 S V Z q A l 5 W Q L U D 0 P j F M P V p 5 d H u U Y 8 o e u O x L B I U 5 O 5 w N q c 9 A U / 64 p e i D 0 T C 4 W w t Q 8 V e V P s L P R / U X 2 n r z i v n h 5 Z x I d Q V w j i c z k P a t b B J R M K y P o f x D y + m p A Y n K 0 g d 4 d H C 0 26 Z y Q 3 J j T R P h P V O 8 f D X S z n z c A V 6 b y L q t l W V n k j 3 j H s Q t 9 M S F P G b h 72 A M x F p P 3 x + F i t P H u V J W h v W a S r R M J g + R c A e y R Q U x 1 V x p X d D 6 M F K E d s C g k o l x n 9 f 2 u Z r V / K i y 3 + a K 18 o d S t f i k B / U J 9 S I n W O Z c v s e 3 C 5 h e //KYDcHdxu6N2kcIdzrAzj+kCkjCJUr7N5XdwthmpF
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:26:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7370a818-1f90-492f-9c8d-213e3414d8cf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:34:46.000Z" ,
"modified" : "2020-12-14T07:34:46.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 2 c 4 a 910 a 1299 c d a e 2 a 4e55988 a 2 f 102 e ' A N D f i l e : h a s h e s . S H A 1 = ' 2 f 1 a 5 a 7411 d 0 15 d 0 1 a a e e 4535835400191645023 ' A N D f i l e : h a s h e s . S H A 256 = ' 0 19085 a 76 b a 7126 f f f 22770 d 71 b d 901 c 325 f c 68 a c 55 a a 743327984e89 f 4 b 0 134 ' A N D f i l e : h a s h e s . S H A 512 = ' 5 c b f e f e 612 a 40 c 8872 a 0 f a f 3 d b 8 d 3835 d c 514 f b 3 d f 159610095 b 47 c 595 c 6 c a a 1 a d a 79 c c e 2 b 10 f b 99e648990 c 3 f 54 f 63344 d 1 f a 7025090 b f c d 4e2 c 55 d 7210 a 28 d ' A N D f i l e : h a s h e s . S S D E E P = ' 12288 : d J K o H w f n / j z 3 b b O 4 Q a g 2 I 97 P M i e S L e z P K T + c Y v j e n W H u h h 9 c 0 g 8 v k z E 19 W v : r E f D b O 97 P 8 T r K h Y b e n W H 4 c 0 g 8 v k z E 19 e ' A N D f i l e : n a m e = ' 0 19085 a 76 b a 7126 f f f 22770 d 71 b d 901 c 325 f c 68 a c 55 a a 743327984e89 f 4 b 0 134 ' A N D f i l e : s i z e = ' 1028072 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A E I 7 j l F n i D 4 x x 1 Y F A O i v D w A g A B w A M m M 0 Y T k x M G E x M j k 5 Y 2 R h Z T J h N G U 1 N T k 4 O G E y Z j E w M m V V V A k A A 4 w T 11 + M E 9 d f d X g L A A E E I Q A A A A Q h A A A A X p 67 q A H U m S a Q V J j l Q T h F S Z l v V b w W j J s E i R X 5 v v r S n I O W U 2 R a o N s z C s E 9 C 3 z c 2 d c q 0 9 y e 7 O W / t q e B c L 0 2 l W 5 v K n h I Q i p J S 3 a e 7 w u 1 m H j b r p L E F 9 L 86 K r S c U E W A h 1 P p M 4 v 9 B n S u Q 0 E N X 7 O P 1 L d n + a t S X L 2 M p 6 x q / h z T r G 2 V X D E 9 F S x w B x k 0 w + A V 1 X j 8 p l h U x p K f k N 4 H f i k p 4 / S y N 0 f 8 e K K + C z / I j z p R e x L B i E 3 b S T W G m 96 t 5 e U d A 9 t l j r 6 f U s Y h h c i B A k a Q 2 l V 1 a U l m m + 4 / 21 A J + Z t N w p I l B P + O I t q W z N z l R t / x W F 0 F f j N C B R 3 S G W S p K P m V f h 9 i l W t R 209 T O H A S u Q K U g M / 3 i B n x m H D o W N W t / E P I N J 0 O F 7 c t k s j C o b 7 x v d M a A p N Q s R C u A g f z X C Z x o K l 74 Y a s F + D O S 8 F Z 5 M + C S U o F K W 5 x M V y Y j R h r x E f L s C 9 e M U z 8 G L + 8 j P j d R B C N N o w R N s f 6 E H 7 + S r 7 C 9 S Z N p z F s h b 9 k 60 C N u f y C p w y Z 18 U M k N H P s M S e p 3 e s 6 J d t v I H c u M 3 I d d h 9 N h a P 1 u f m h / 0 l n r Y Z i z G D H t o 7 T S f p T N R k k 9 B Z f w V B s 689 x X S M i A O T 0 E s x z X 18 q 2 r G V J 0 1 X o 50 a 24 T i q E k a D H A 4 x J 7 P a 0 b I i O 3 P K f I w o V R W G U D E z B e l F a Z p r e I I L s / i o x o B Q v C P U q H F G 3 J r M g 7 w 0 M C u 3 z 25 a J d W U d u r r a T U f 9 e X t A s t m 8 A X f l 6 A e R 5 Y H D V U O H r U X R F v X h f C n b 3 F 4 u u z f + N a x s 1 P L C d Z N L X X S + K t E 0 f 9 j w / 1 b U N V H d B F C I 8 + h x w O f 5 F 4 / 8 D 9 + S n 4 o u b j h T m 9 f X R O 1 r Z N s 5 D 25 N j e S 6 a q P y 2 r G V 1 P e k C i n x / F g Y j c y n c + 5 u i m + c o A 0 Z V 84 K 3 s g w e I u v E A I m d L E d O M A M 3 v m o O g U E D 3 N C R b 1 f V 7 a n U J D p v M K x 1 u e d E o 30 r Z R z U T / 7 B L / 87 z 2 I C f S a o q H Z 5 l + p 9 l + a J z u u Z B H q B + H F Y C B f l I S a H 2 R l d J Y J H N G c q M 7 T c O 4 Y F 1 E s A G 7 o E v z e t L y e n P a 6 t I 1 t J x q Q F r N C 8 b z x C C / 5 S d 2 y e V y T d i F a M k 5 Y J i u T C f b C h a 7 K M 6 R c t M f S T h T H v u S s j m T 3 Z Z O x 8 l K 3 g r i v 29 v E C b y y h J w H Q P l d H 4407 T U f k W 3 s I t l X J Q M W Z z W f U E k y d d Y L J Y g P x w d W g d g B y j L 0 v z L t c 0 0 J B q j Z B C y v E + 9 t O z T 890 c K N X 0 6 Q n x c D p P E + b W 1 f E Z b M k H n T Y U m F P r l I n x j I A t / g + R G 8 F A / m 1 + 6 O 8 R t 6 s E u j Q J Y u h T t m i P s t q 2 q e 0 8 x j k l g n 0 q 5 x d f b j Q g X P D R r 58 x v b c T Y t a E C / n t Q + V w 3 i J q y a 8 a 0 2 u M y d n r n 835 K e e E o 4 P J u / D z W x l f 15 M / n E t L j J i l 7 X 3 R d e 8 F B o G A r j x T h M H f 2 X 0 m j s 4 c + s C B b A B d G V p S T L O m 0 D E 4521 R e T j + K w 4 q L 40 S O 7 P W Q G c q W 2 I s Q O o l Z u k j K z e 2 Z H Y U D P Z s x 2 d I i M X 1 p 1 w p J P o H m N C R W m f A O o 7 Q E 0 U n s k C 0 d k D v k h 5 F 43 G I X l q 39 M O r k M K U s r / 6 t 0 4 F Y C P z 9 f u r 3 j O Y R 11 T s e 2 R 4 o B x a O 6 P h R E G H g t m p B h h c y M l s 0 Z E M 3 A 2 V 0 N H / U O v 6 w P R n B c q 2 P k Q 530 h p W K 8 c 4 l J X L e D U A w u R K V 57 d N v Z b 7 C + C j L P a V s e B Z e f e 6 r v s v l O J T b N 7 u x w s a a X o Q W Y / t r n + F u T Q i Z 5 f m U g g n e h p x f / 8 T R 1 j g B Y S J t 7 a 6 h 53 l 2 z 8 H i e l T 9 N J 8 o R b Z x f R Z X Z 2 e w z 1 d L 0 W X c l Y z s k f q C q J W P M t c / M w A G l X U k f D 8 i d x + i y M 0 d h w W 3 F w O v 4 g 9 F C s n 6 d J T 8 C d F f 9 h d i x c q 5 e G F 78 X q t m o x B e i n Q O M 47 y d 9 M c g y D R l 7E3 U / V 6 c a X 8 i J e E y c Z g L 0 I Y u p F 3 M E b C j K v / 3 S L 64 r 4 J 2 C i r I Q h o a 5 i o T + y V j N w w C h m s + Y q z p T L h 4 J v o 5 x 4 D 1 Y N r p D k I d b 72 Z W 4 P 4 P p W C n c O P x J p 50 Y D S D e 9 I Q O L U s Y q m a z F d U x 2 I 7 x z Z G i v E j M 2 g G C N j P 55 V s v a O k G z F s 7 p s M H e h 98 O M V X w k t C i q Z g h 1 h m M N j y E E b / 8 F y V 1 x S p s u X X I A U + w I K G D Q 5 o X 9 u o U G l n 8 I M e l e g 72 F Q O v Z U c N i Y B M s V a O H m 8 Z h r L P I U x 787 M H A X n P C I v p K t S M y 2 V q J J w q I r L f N V u 6 a z 20 L F N f k l 9 q F Y a G q 8 + o k o k 0 r m W H K s 11 M r D 2 V H d k F k U u d I Y N P R F D j e 5 s Z y c o 7 a p Q w T l 5 X J R b i G 2 Z / S e r B 0 4 w Q u Y E w 0 Q y Y 1 R 0 I r e K / C c / P s f G l t U 58 y l B 28 N 7 j m a X + 49 F D r C e r V X s h x P p D d c 7 d X + U S Q t 4 Q D 62 V T a S d y q N R p I 9 n g f v m Q R A 9 Y y m b w 0 Y A o 3 j t 1 E / t 8 M v S L V D T K R 6 L R M j N M e W F u 0 N o X o U v i r Q d A e q 3 g u 47 B w N x c q m s L F m 2 n 6 D 1 i 2 / J q M M Q m h O f o / 3 v 4 f W T E i M B r i i W G E A I l r y q 0 M 1 v v 4 y 2 s P C e s E 75 D 4 m e X G r i + T a I / V L T o 4 w L 1 A M N c y W i H J Y Q h e A y 5 y 6 u Y T 5 e Y m 8 q A 1 c n i A i i D + W C s s y N m G P 6 d e 1 M w 1 h h R Y C C E G A Z s x 5 h c x 1 J r y 1 q 9 F C S E v J Q J V i 0 6 K a 0 0 L l Q h G / f d s B Z G u 5 S T U 7 n p R 7 H T p 0 d D e k B I B / 3 T 6 h t f q e / u r c E V / Y p 44 s 1 r F h t t A t N t B O p U E O G S c b u f n V X 9 z C a z X R n j X F X / 4 X L B 8e4 W s a b 1 B c 3 V X + C 8 B P 0 W 5 n a e I X d f z r 85 W Y k C i u W y g f k 8 l U T z 0 r / v 1 O z A 5 I T n Q o r x J n 7 k u Q v S g P 42 t w J a v t w D D a h W 7 y v M C x d x n S U p T t 0 6 E w H L 3 G e u m o K K F 3 v h m m L o M d s 58 L 6 n t 4 F w + 4 a 37 U f 8 A g 6 l a q N l I M 2 i P J I S 2 a 9 Z e Q n j D g p d a O 0 c a l f F j X W R x X O z 8 g O t b A k g G m D i 6 H X n l e N f g B 4 n L y b x A o 0 l H G r V w x a H i X q S y b Z A 68 G U h W I C 93 o B k s n U J b Y G 3 A G i n s X z c 7 B X y u p R M B U N V z Y B T s r z 9 r U 38 x N 1 p v V y / U I f 3 R e y + x v 4 i v C Q v Z g h t 6 f 8 c D G Y H x 42 W o j J x R Z o Z W 8 L E L Y 5 m p 3 i 9 A V h u u H f E F x m R y K / q s / 1 U i J 5 W p D y b E y o G U 1 d e P e l P L G m C z 0 c b C h c Q N 5 l S R E X O u h 6 J W H Q K K 7 Z w p 9 s y e x t W X r F B R R F u q v 5 + Y n S Y 2 M Q V 6 j k F i f u 8 g d m + U 1 w 3 Q u k M w P f T I 2 T W q C j H 9 O h o a Z 0 b t l / 7 K i w P R z F P M B e D 9 S G n D b D H B t u G 0 W x Z B i B 9 h k p p L A z U D a x g Z L U s j x b 72 z Q q g 0 y Z 1 P d R Z G z g W n O 40 n H C 0 C 3 p A g 1 W 7 v o 1 q O 2 f c T Z d 2 L d v j 2 I o 3 K s D V B W z Z i G M Z k i O F u 5 r o k K i D F Z y m k L y 95 l k L M + J c r S + 5 h 7 A P Q Q t w 7 + K r d l + J O / M a 92 Q r L m R n T L I m N q e
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:34:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7794b113-2f04-424f-ae5a-dd801e020d01" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:34:46.000Z" ,
"modified" : "2020-12-14T07:34:46.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' b 91 c e 2 f a 41029 f 6955 b f f 20079468448 ' A N D f i l e : h a s h e s . S H A 1 = ' 76640508 b 1e7759 e 548771 a 5359 e a e d 353 b f 1 e e c ' A N D f i l e : h a s h e s . S H A 256 = ' 32519 b 85 c 0 b 422e4656 d e 6e6 c 41878e95 f d 95026267 d a a b 4215 e e 59 c 107 d 6 c 77 ' A N D f i l e : h a s h e s . S H A 512 = ' 6 a 81 f 0 82 f 36 c c b d a 48070772 c 5 a 97e1 d 7 d e 61 a d 77465e7 b e f e 8 c b d 97 d f 40 d c c 5 d a 0 9 c 461311708e3 d 57527e323484 b 0 5 c f d 3e72 a 3 c 70e106 e 47 f 44 c c 77584 b d 7 ' A N D f i l e : h a s h e s . S S D E E P = ' 12288 : Z x 7 m / z 9 a E B z v n v L t Y A i 6 u L l Y Q 69 B B p I v F 1 t j p H 7 B K i + 0 A 8 v c a 9 o w Q : 6 a E B T v R B i 6 u L 6 d I v D t j p H 9 + 0 A 8 v c a 9 o D ' A N D f i l e : n a m e = ' 32519 b 85 c 0 b 422e4656 d e 6e6 c 41878e95 f d 95026267 d a a b 4215 e e 59 c 107 d 6 c 77 ' A N D f i l e : s i z e = ' 1011032 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A E M 7 j l G N I d I 7 j z 8 F A F h t D w A g A B w A Y j k x Y 2 U y Z m E 0 M T A y O W Y 2 O T U 1 Y m Z m M j A w N z k 0 N j g 0 N D h V V A k A A 44 T 11 + O E 9 d f d X g L A A E E I Q A A A A Q h A A A A 1 K z k 958 J d G 3 G e T 2 f v A T 3 K O O g p f w A i b L L + k e i 38 F P 616 U i 5 v o 9 K L 0 6 S L e K Y H b l c V j 1 O Y q M k U G k U q d M b 83 l 3 c J D e 0 4 h Q a O n p d K t J l 1 d h M + 8 w Q A y / K E 8 Y m f 2 i H o r c h J E f L 4 / e R T 5 / H T X Y n l M 26 B m M E n d o H X V B / v G o p H h P v 7 r / P 8 u K w 1 v V I r m 9 p m O z U A t u K Q X I 8 F D j b D X i 7 O a s o I Y 0 a Z Y b f 789 T z U Y 20 K o m U 3 Z C p B d B D F T d u R n K l p Y w 4 E S 0 X L p W t C 87 T h 8 J l j x N 9 d p h 878 x C r + 0 p N B a Y f O / 0 x r k c 41 C S X J Y h y 1 s h i 2 F L B t t z h 92 G P i X 3 d 0 1 H h H s e O i U 9 I i z Y W h a i c 4 P t h f 6 R 9 F C V D r / F S K T z U o x E Z j T R / t o h N 0 D W 7 U 0 j S W x J 9 N B + e v s x 0 d O h p T l e C k u f d / G D b 4 g t n + I 0 S W q 6 C 1 A 3 C 7 i 0 j l 9 P 6 h 4 g j T t x 1 G 6 I 9 k 18 x V + 86 Q 8 C U I u K e W d s N I p C 3 X O W l n y e J g F B d S j / U b L D 0 G z 46 t b j w a L D 5 s + Z O k c 0 o O K w Z j b P X i 57 H e H T v T 3 o j P P A A d G U p i M u r h 696 k 3 L B M U x E M 9 Q j i I Q t M D z d Q V d w x r F q 2 g l 4 a O e m i k W Q 7 n 0 b Y o E t j S E y y 2 Y 7 M I x Z O 6 Z n N 7 s K 0 Z G H 9 B R g N z j r X r d g g s N d 3 l g v f o 4 U a K t c K 8 T w A z c O h 5 Z C K t V o N + 6 t S J K F B Q o C 7 I f t b / v n v T 8 P j h q M t w H J t u 9 R f I J G 2 + J U B k l M q g V 1 Z Q 4 e A u W S C 3 C V O Z G R E x 2 m x 2 A Z t G w k 3 G s G S 0 B k 3 A 6 u d P U m I n i C J 0 I 4 o J Q K W X d r M g X f y J T z z g 92 X Y f z L X T Z L l c x P 6 E A A Y c p g J i Y P + Y Y i c 8 s f h 3 K L 2 h O i U k U p 11 G i D 3 g U 5 j m N H W z z h Q b Z q F v w 1 P 6 R p 0 3 x O I P X X S C y + t N F K f T i a / q L R I y b X Q q 0 W m K f C o Y 1 o R L X s d 5 Q / s 0 N a d X n e 7 H Q I f n V y N p 6 E l J q 76 M c T n 8 n d P c a s d L 8 N O / m / 8 Z P K k M w N M x C a Y s i w 2 r H k T P 6 s Y 3 H b / j Z J J + d o + 4 S e 8 y Q P x o 9 I 5 T q k e c 9 Z N x v 1 H w L f l 6 F O I C U H 0 5 L l t g 0 a 56 h g t C 3 + T 9 P 9 c L u D I 2 b y Y 9 l 4 B r 8 f I E u h Z I R 9 a L k S v 4 B m d 0 0 m 9 U g v o 7 N u W B R L W j k K A U c Y f C O l u / 0 Q + V u t E 2 V t i / f e / y J W R D A l P E 8 E E m Q h h z G B S V A s K O 7 x 4224 Z m X 4 h C g 3 J X A I R Q 0 + 8 s f 3 m s j E E T j G 5 V D k b J o l 93 C l C 0 8 e f d 89 D J D 76 y 4 N + o 3 c z t u y 8 o T k L c K Y Y N c N z q 5 w 17 q z O m R 68 T c W H E o L W m D 6 B H 5 x q o t z v e U h z 6 J O t 0 i g x q E e p j K J e k d 1 V R w h S w V G u Y W C B g 2 h 2 Z 59 D 0 q 7 G E X q f 9 d 595 K V / L Q v E h r K i n / C d m B b r p 4 O y w c U I g 6 L o w o r s p r V l 0 E r Y 3 P P D p s 3 Y f H e K B x x D g m a P Y m C b x k 1 K a K s U y i z P S M g + P q + d V a a R b V 0 y n A X K J q Q J n M S 8 Z q z L k V X J c 9 S Y r J w A R l k Y Q W N 38 I 5 T X m h u B N W 4 n u 3 c S D 4 x K I j O y L K l 4 V L C 7 f H u H X q T + X Z q 7 U P 27 Q S G X X i t y B J R / g 29 Z s a x C / E B P G Y q u e C O J x q O a o I q B 3 C M O 6 J T S k V V V D g H O 6 o r w n Z z 7 e H r p v d K 8 C g s G T E 4 V K Y 0 h x c l x M t y 3 N B 5 e G m b n X u e b + y P 3 e s E U W W l v 7 t C Z v R o L o u o Z X A B y i e o H D 0 S S n Z h p V v 2 A s x L t g K p w T u x 5 s Y K 0 1 I b k 14 c 4 b R E i z C P 1 u x X L R 6 Q T V 9 z x M 7 Y d L q D 6 n I I x w T A 0 X C g B F + W Y c 8 N K b a k z V d 1E6 j Z I b x y T b H w x z V F + 2 X 7 n M r Q W m p e P 8 Q u 9343 w 2 I C 5 V V r z E M X A l g j V I t 7 I i O U N m L H 9 I h g s M s m X t 5 Z X d 1 f G 4 u Z P V w / D b Y h C P 0 w H R d l 8 d O x Q + K u m V Q n B t u x M j b 9 Y x 7 K d y S + p 3 f H k a i d 70 n x a V I 2 p h s 2 + 2 e F / g e j 0 j J + C p N 24 f X 7 F J Y v 3 L u p T p o D + m B g 6 b V y 853 m V U Q o P / E B O S u l Y l c w g g a X D 20 M Z g / c K k f Y l Z B Y T M j A b 37 g i + V y J 1 Q s 9 l U 4 p p 7 c 2 S V 63 i Z + 1 C C X 6 R A c V Z I k Z v P o v J p Y O j l k 5 x 1 T 2 J x K K n Q q i o B o P 3 O M H s W f R I c y x z 6 I U Q t 2 o s D 487 / 50 J V o m P b i X X / g I a r t B X K n 3 S c M Q u M 9 S a T d M R W 30 O N z m J g / 0 z 1 U k c X / 1 C V s C z q d O Y m / u 2 U j t c + S P B 4 x Y N Z y x X q l 9 w J I G Y 8 P b 0 U c D 6 i k h j E x k p a / X u Z 2 l U s c V L j H 1 + 5 a 48 F A A V A V 84 s F y 6 E I 0 B p P K s q a k p m 0 h n t h t g E m 7 i V L A x F F G V 82 W Y M N s M I Q C I w 3 + t O Z o q n g / Z n u X z R q A W A V s G 5 N r X A Q D l i 8 r 2 X O w Y p 8 I a y N d m 70 p N Y P C g 2 M 10 y J c M h f V f U w M s C 0 0 s Z J Z 6 s F H W M Z P 6 z k O 4 q q Q T Y E Q / Z u l n v b X + j U S / O 5 t w O P v f c A w I N + 1 V Y A c j 2 / E i H 28 i 4 o u H 5 E Q t H h J 5 K e j G x Q f M 3 t o K V T q M 0 q a 14 G 818 q V / B V i y z w x 6 D P D I S o K u m T a r c m y v a A z 8 w G D s h f q 77 n k Z L o C D W 1 L r + L Y F / F r P a t k e r r + G + 2 J K v P j q b P Y a E z c 4 i T l 9 P V P H 3 T a Z H 76 W B k g p G 4 B c s y x V u 5 s d U d 5 k U L p 9 d R W J 5 v q Q W E f p U x T J h x f Z y Y 611 g G b c i / s H H k x o G U 6 w A 2 / 0 3 a / D l I y f y y n N b R + e N 8 b k A k Z l S n Z i 2 d b O v 1 n h G s 3 o M W I B z Z l K n 843 C 4 A X 82 H A F p 6 I Y P Y o / 5 E M a L 8 a Y a a p G s Y Y y R x 2 + K D 1 + W c V / D d 93 H Y F B X L 1 a S o X t T d V n X l h O E A i X + 3 N 8 o 9 A I a N D 6 i U Y / V x E g p z g y 9 r H 79 c 3 b J 1 r / u d O + k 3 p T w 0 M Z n c j p g R d a r w V j G t Y 8 r 3 Z V k B j P L 3 + R s q o D 3 c f l I p K 0 W W w B v I Y H C X + H G a s / V v 4 d T / v w R r Z k Q B H 0 0 59 W N s p x H i H k L p K 5 M H k E X p B 7 y L W d x K u s w 5 P / M L x 9 O + + X 4 o L 6 g 2 O 3 t b 6 d / 5 v c B J 7 S q 9 A B 2 h 9 X q L 6 h A H 26 k i E Q N U j E R r y d i M C 46 n I p 82 / d 20 L A i V p e i 9 g W k / t U c F X 9 h c O 29 J j m Q 9 / q 4 x U k o H + F E v u N + g Q g M b 5 / g 9 T p T l + / Z L p M 0 r G M 4 e b x 0 a E H R T / j a r U Q e m 8 M W u g w U d F + I W U l i v H S H W 0 K t e 6 y x h q h c R C w l b U G k / 8 s 28 S y 8 k 54 D K E j b M 0 P W + G m i r U K b u l D / B Z H v 6 O o B + p O y o r Y C L H y Z v e i M Y + 6 I e E g 7 Q N c h e d G u N 4 K E e I + p T 4 L Z m d G v L h 6 G R X T c g D g c S 0 F J i o 8 z x 254 m g X F 1 C c 5 o 8 g I 40 w k n e e h x a a z U r i Q R r N s Y x R w q T m Y E Q 1 h + z J W Z r U b F p 4 p X h P O T A 4 x S B 8 U t C N I 58 j 64 P + Q b i d G y + l W P H T j C p 5 J u k A j o S e A q w I e k h z V L a U E o G g m D O B B F Q i v r 7 e h A m K a S b n I Z E j P x x m D d u J e k K Z l
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:34:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d47e29ef-e08c-498c-a5c9-779a6a2b79f4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:34:46.000Z" ,
"modified" : "2020-12-14T07:34:46.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 56 c e b 6 d 0 0 11 d 87 b 6e4 d 7023 d 7 e f 85676 ' A N D f i l e : h a s h e s . S H A 1 = ' 75 a f 292 f 34789 a 1 c 782 e a 36 c 7127 b f 6106 f 595e8 ' A N D f i l e : h a s h e s . S H A 256 = ' c 15 a b a f 51e78 c a 56 c 0 376522 d 699 c 978217 b f 0 41 a 3 b d 3 c 71 d 0 9193 e f a 5717 c 71 ' A N D f i l e : h a s h e s . S H A 512 = ' f 7 e a c 6 a b 99 f e 45 c a 46417 c d c a 36 b a 27560 d 5 f 8 a 2 f 37 f 378 b a 97636662595 d 55 f a 34 f 749716971 a a 96 a 862e37 e 0 199 e b 6 c b 905636e6 a b 0 123 c f a 0 89 a d b a 450629 ' A N D f i l e : h a s h e s . S S D E E P = ' 192 : 8 / S q R z b t 0 G B D a w A 5 u T 8 w S l y D D G T B N F k Q : 8 / S y H K G B D a x 5 u T h D D 6 B N r ' A N D f i l e : n a m e = ' c 15 a b a f 51e78 c a 56 c 0 376522 d 699 c 978217 b f 0 41 a 3 b d 3 c 71 d 0 9193 e f a 5717 c 71 ' A N D f i l e : s i z e = ' 7680 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A F I 7 j l F A S n 3 m u w 0 A A A A e A A A g A B w A N T Z j Z W I 2 Z D A w M T F k O D d i N m U 0 Z D c w M j N k N 2 V m O D U 2 N z Z V V A k A A 6 s T 11 + r E 9 d f d X g L A A E E I Q A A A A Q h A A A A A w A S D P i O M L i E A 50 Q s M q U c V + 4 i 6 Q m i X p D M p e Q q //ulcHIyOrETaN2WUcwieOvxAkiA+ERw1cl3sEJ9WJX21jv7t+jC0nQ2Rd2Cq3j6dbvFqtm0/mJ9qZHEr7HsuJhaWpVsjF46FkIOPj1gbk+kKbCJEPDircB1Xo8MUBW7IrOKutXGdKeZ1urjy9rzHhsb7kJJ8xwiA1t0Gs9emb4jflJmzW0fpAJ3E1iVTp+cj/cus0SvJ/Fam3PZp7TP8zNoWvTm049bjGgam6P8mN59CHDUDqMZeULW/c7K3zTePKntjGpSHnfQRx5bTmJh22trnRA7hdcsj00ucvMnGUG4yIV+mYkBmOBXUuU2+tSbOQWNlXeb8Z7E3nEepfT/rVs6GW2+iYEzkhY8YvKEpq8z6dTojgBXNv3AYFen2TKfcCO9t9sS4/yVqaH5zcNbfmWHL9DOCzYUYi0lLp59t46lXjTophEDvDAOjwoWpA0tYSLB3vNozmFFCyd/lbw0iCagaYDTae5GODyKNWzK0zHlTBXJBwQakG1QAtWLjmsvclTyUFjNrrMWsGE5e0Ggf+tUsGrsNWiI0alJYl7hT4MzNDrnCnHifkZtfd3wBjUQORIBrhqOHvJTX2fYDjNrVRzJVnYMebZ4z7/PgqVBuRf/XDbG8YLiqQrMj/4cbswWDYdf+ooqZSrlXq8MiVUzqYm4a0pt2uYth/L3t3SkwfTTQ0zT8IuwarkRFuE8ev5/3HzycH9kYSs6iHfLa+xPVMjVWed8miA+mXuVWGslEjhQ8s7mx5gOTvKFKcRG1TiuszMFOG14qIr8O6eZjwqNbdX4wUSNiNeI9B2T6TRW/vld3pvQ5nDOR2K3pQAIM20p2Fbi3qz9xfXEoiMcUy504k6c5U2QlovRVijaKztgySN6nWKL6JSa8ALJrTv90lbB1ZngONk/z4KH/0gtywHTqfLsTTsPjvZ+SMI3D38zJNsTp3nEcsDrUufTo9KL7/BbR7CTCW1RLIXrmhyYx8Ahc+ZyrvDqJwgK0zNpEnPjsaJsWuiwt9h22uAzaxEO3SaoKnEi8D1Sd74T9s13p+HadNhVJcgApgR6ab9EpUONm7fHpziFz4mNEQ49P6sBS5en3wFguZwSz5i+GsJmLUiEaX1eHZ0FsiXg7w3xgwzR7+TjU7aEiCYiYaRRJKlI3tweTbZCdwyOeatISj3hmKMbUHbcsRNPub1vJODhWRt+roYdkNDZv4S/KBeDiYB2yCG34fnXCQn393jKW3RolwrK3aDHi3jdGoorcUJV9WeuYn7HLKizjmcSHwNJiE/WglbIwiu1B78Ok5iNT32mjf4YdMS5R5PVbVu6wVssi0BoED0J+dfVuSSsTXolkBTLi7oFjYnNRY82TlQMj+TNXkq0PMKjGfI85JIWgY/pgD9gJRbthpyIi4LpwWyWJgZLvL70tuL1koaGeYv+BlK53MukYxgj7PpFbSJVjrhOKFoGcm8j2Q4u8O3rj5ZovTrYuxoD222ABPF5rYVErptYmeyl/dFuM/4sCvD7h1CJnQwQZpTjeJvt6yXw4Ib/14K8DNKyJChWbymxVYWi4U4wXpGVMGCvUw4Vfus3Cp2ht/7lTySiZJ0hbFw6UDSVRij9xU1wgAHG67R0anWj/2Co4mvXAlCxoKCqbFHr1eYXv00FjN5DQ4iKdlbL1SYzr3Gzc38BJVvVhoSmH9bSGnOKKGLq1Jv/SDcQdlvPZ8aMJ85TU57wFG+oMHCCRINxRYf6CXwh/qdD0wWeAIKvUDkjRo46QOsEiOF4Z4CnZhadK3QZdEYHsn6k9eFqZ+Iy1+4QYBJK3o24Ta9gKaehEEK41SFqyk45Y8ItIxNidEBFZX0wNl2aj51l4CCUjeSDdm/TAqj2laAqWICrDoueHLxnvTrET+LLfrBdHIjAu08wT6UjHVkZf5BwigKQNSVReD+xDDBa0ztA5KfHI3+XFhe+3xzqiu7clB6OjPdU5TTipO6cx5T2sYyo3ff5EkkivB3VLrLH6TOcRVcOoupd6MUhyAXaR0FkTY4K7Fs0VfxTB0/17Y4D4Nd8RblGNjtFRXRV8p65SVTI1DJn9OvAqZ4z+GpMkEEw93ODs+v7opX1JooGtw40QlkioJTCDpMGRvsWUrZlM/xQmoitkz4ZoemylM2HlrfOXImX83UjhR3rbbEHEHO0SZE8wo3eRRUTHreLtiKzbrGHwFXsF6R6gEmuhrFxjPgszXSrarEzbjCnuZUBqhWhifIj2G4XmBzO8cmSrgqnyzMrS2kVqo6j8UyOTqnkVXQguyl372+CvQKmZhhZh/WghFF430jhP6UJMR6KnBGrXtXd3kf1UKEEwE203gdmfqdzTrMQ5YnjkuUj3l6qhL+sgQnFbRzTYnT5X5x7mbotXgXbElHPLnBiTcKQkDE9GcJq1w+E+Zk2gOpp/hevW8CFWI9A9NjMXG9WqeKdZ7LfBhQlY2QRUMffAYvi46cE0/xT+1Vi69GVDdWPmCI2ALQwzLYOfkinT7VQgoMB73ebzROpqFLNxCFJV3M8fMCJUtirn7J+xXKy6U6GZGJOan0y7mkjm+KD+bgezTnAK5p8wuBM1jWob3PzcnA6y8M/J6umlEodUegOo7dfBR8ue392t+KB4nbjVayUKt8x5oQeQUvfwAU24YFxfL8NlNm3lMxyX4Ta6DV7jmOEWmFc7zsQVWeNLcehRL1J3jBX76FnvclIcbvkDemxCuQtkvStHgQMNVwYz+ijlLAR/SwehGrt6wRkzcrXFk55FE4+IQNHMnD8mvCaFbnAi/madMn0HtrzEpGsLCpKL0WnsOa6ZBh+wu4+Sobkg7XFxpHiMMAF5Drgwx6HDcQocktQw40EZnnB3hxdegRj4zxnRXkatLCKjLvBChgb2HqWqNRSPlM36fLNpk/eSzQ1FIEOKf+2De4r4qtvXzowLqQBXRhySQU4eXQzftX3HnbImEZU/sPp3nzxhGP1z80uDhbK004fuDpHM/p2IcwSRQZmLiAHTABaBm14BxWNTURhTAQZLZ+/rF7eHcXt+0gb0rwxt5oMCX1aij18bffixWITPk1r265qygWxqIzcbuIooIj0SwE0JuT59MIaOlWi4n4qopO31DfrpI8zoifUEnqNfYRlbGFXb10MbETJI2c1URt8pxAuQy84EN1sagwZ6qMOBzd7ZR/13SIIjkmNzK69IvxkDLdsdxUjfuxh+OhjvnIOJIgMthiqGNHd1u4OTQZO78jQqVyn7vuTmHE9ejvPJ+y6wHKReizIC0onDFOz0xetYXk/EEJHlxSL2Y2p9rLtLnW/Gf+dmz9+dn63Y+LcbFMx4hQBuVZrSxBvx
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:34:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a224f9a3-c58e-41e0-9841-460afdd9f409" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:34:46.000Z" ,
"modified" : "2020-12-14T07:34:46.000Z" ,
"pattern" : "[file:hashes.MD5 = '3e329a4c9030b26ba152fb602a1d5893' AND file:hashes.SHA1 = 'ebe711516d0f5cd8126f4d53e375c90b7b95e8f2' AND file:hashes.SHA256 = 'd3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:34:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8329451d-10ab-4ecb-9cff-d5de9c33c5f6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:34:46.000Z" ,
"modified" : "2020-12-14T07:34:46.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2020-12-14T06:35:21+00:00" ,
"category" : "Other" ,
"uuid" : "32bebe83-ed53-4890-83a8-c1f30d094049"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af/detection/f-d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af-1607927721" ,
"category" : "Payload delivery" ,
"uuid" : "b25d78ff-0a83-49c4-97f6-7ce9590835e1"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/70" ,
"category" : "Payload delivery" ,
"uuid" : "6f0be67d-1893-4872-888e-43da04eb4441"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--aacff3c7-77c9-4c70-ab9c-9cea57951fa5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:34:46.000Z" ,
"modified" : "2020-12-14T07:34:46.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2020-12-14T06:24:36+00:00" ,
"category" : "Other" ,
"uuid" : "f6bd095c-e876-423c-bd2e-b06a1dc0ec61"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134/detection/f-019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134-1607927076" ,
"category" : "Payload delivery" ,
"uuid" : "f4faa1e8-50a9-45a6-bd0e-e6aa68c71657"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "4/69" ,
"category" : "Payload delivery" ,
"uuid" : "fcef6a83-9fda-4149-bd1f-3cb0095da782"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a496eaac-08a1-4a65-b489-96cdb0868312" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:34:46.000Z" ,
"modified" : "2020-12-14T07:34:46.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2020-12-14T06:47:17+00:00" ,
"category" : "Other" ,
"uuid" : "def1362d-ac36-4e3f-9364-f262bc26e8c2"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71/detection/f-c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71-1607928437" ,
"category" : "Payload delivery" ,
"uuid" : "14a0f1d8-d899-4f8d-89a0-a0e1648ec174"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "2/69" ,
"category" : "Payload delivery" ,
"uuid" : "33f7e434-f388-47ad-8948-f47392130df7"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--96ffe3c5-a158-40f6-a5ff-156ac385d32e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:34:46.000Z" ,
"modified" : "2020-12-14T07:34:46.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2020-12-14T07:32:31+00:00" ,
"category" : "Other" ,
"uuid" : "5c902c4a-bb50-4a28-9c0a-5b7036b66359"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77/detection/f-32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77-1607931151" ,
"category" : "Payload delivery" ,
"uuid" : "6f98031d-32e0-47b9-a557-c639ec483894"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "5/69" ,
"category" : "Payload delivery" ,
"uuid" : "f61f4bff-ab4f-42fe-b893-b67cc407453a"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3073a9b9-f747-4ec4-99c4-f6b5c93fbd7f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:34:46.000Z" ,
"modified" : "2020-12-14T07:34:46.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2020-12-14T07:28:34+00:00" ,
"category" : "Other" ,
"uuid" : "8532b5ab-88bc-43cb-aad1-d5da8dfbd1ab"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/gui/file/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6/detection/f-ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6-1607930914" ,
"category" : "Payload delivery" ,
"uuid" : "8f2785bc-d455-4f9b-8910-41ee2cbb635c"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "6/70" ,
"category" : "Payload delivery" ,
"uuid" : "b06e1baa-7b52-4b85-b2f5-bd32986ee1e9"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a75bd08b-b215-436e-91f4-3382bbb70493" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:01.000Z" ,
"modified" : "2020-12-14T07:26:01.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.number_of_sections = '3' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '269460022' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2020-05-11T21:32:40+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '2020.2.5300.12432' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '2020.2.5300.12432' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'SolarWinds Worldwide, LLC.' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00a9 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:26:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4d4b2085-63f5-46b0-978e-15e1117a003d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:03.000Z" ,
"modified" : "2020-12-14T07:26:03.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.number_of_sections = '3' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '269367810' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2019-10-10T13:26:39+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '2019.4.5200.8890' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '2019.4.5200.8890' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'SolarWinds Worldwide, LLC.' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00a9 1999-2019 SolarWinds Worldwide, LLC. All Rights Reserved.']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:26:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9934ff43-6bfc-42a6-baab-5d798458b78e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:05.000Z" ,
"modified" : "2020-12-14T07:26:05.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.number_of_sections = '3' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '269460022' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2020-04-21T14:53:33+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '2020.2.5200.12394' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '2020.2.5200.12394' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'SolarWinds Worldwide, LLC.' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00a9 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:26:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8ea7172c-eb93-4bf5-8baf-630fa26e5d2e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:06.000Z" ,
"modified" : "2020-12-14T07:26:06.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.number_of_sections = '3' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '269443494' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2020-03-24T08:52:34+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'SolarWinds.Orion.Core.BusinessLayer.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '2019.4.5200.9083' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'SolarWinds.Orion.Core.BusinessLayer' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '2019.4.5200.9083' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'SolarWinds Worldwide, LLC.' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00a9 1999-2020 SolarWinds Worldwide, LLC. All Rights Reserved.']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:26:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--77c4c4d6-1725-4aa9-a5e3-ebdeb89500de" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:35.000Z" ,
"modified" : "2020-12-14T07:26:35.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.number_of_sections = '3' AND file:extensions.'windows-pebinary-ext'.pe_type = 'dll' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '268448958' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2020-03-24T09:16:10+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'App_Web_logoimagehandler.ashx.b6031896.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'App_Web_logoimagehandler.ashx.b6031896.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '0.0.0.0' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '0.0.0.0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2020-12-14T07:26:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c35e55e1-dc94-49a7-a3a1-4018b4f17a04" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:00.000Z" ,
"modified" : "2020-12-14T07:26:00.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".text" ,
"category" : "Other" ,
"uuid" : "29a6c4d1-e274-4b6e-87be-255f793e2ff5"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "1018368" ,
"category" : "Other" ,
"uuid" : "7777aaed-c062-4b75-8c18-53ca12873aa0"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "5.5695446259584" ,
"category" : "Other" ,
"uuid" : "c9860ec0-4232-48df-9481-ac92801b5e06"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "5a1c26db5b9b9a2d0a630e63ff83f0bf" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "842c8449-8cdc-4027-bfe8-0d55fc724f20"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "18ea74745f5c8992a95ae40bfe2158c8d7e34acf" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "bcb1a128-68d1-45d4-8b66-6d5f38f7b797"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "02811d870295f78bf9aa3c9f42ca11f2838171fe73e70dbbc158fae590161573" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "b175ac6d-4eb6-4e13-a39c-4d8130d40704"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "c0e04da710f18443018aeef4ab387903f93f95a42b700a3a88b3ea7c35ae3821850f1583494172f5650a69a9acf8f9d63d1fca22aac115f1fdc4ec8b78c5d7e6" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e7364bdc-dafd-4a3e-bcb4-c8c59f8391aa"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "12288:6JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+BYvjenWHuhh9c0g8vkzK19QU:KEfDbO97P8TrK0YbenWH4c0g8vkzK19b" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "1c385fd7-be09-4cdf-a332-606181a5ba8f"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--fdf86a09-fb48-495d-8bf3-50579e86edd8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:01.000Z" ,
"modified" : "2020-12-14T07:26:01.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rsrc" ,
"category" : "Other" ,
"uuid" : "ea591c12-7d54-4190-b8ab-ffee6c3be07d"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "1536" ,
"category" : "Other" ,
"uuid" : "9da5a332-1220-482b-9147-75e99a489c08"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "3.3927625723408" ,
"category" : "Other" ,
"uuid" : "bf6fdc37-fb1c-41fe-bd98-05cf7e27c864"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "da27d86acfb9504441eebac21f66a5df" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "d6967720-07d1-410b-bb1a-865a055d44b2"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "939387cdbb29755bf192c2bfce2701c1a27354a6" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "d3fd1a8b-83c8-443b-8cb4-64f08543632e"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "016bbefdcbda1e07eca63a07fabe2dad2b25a4b78cd0bc6564c6d0ad3a6b7523" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "af77388d-7b96-409d-82e6-6fce4d9ec10a"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "713dece3f4687ea6e4591a7e9e3975ce0bfae2dda5a742b29e78ee5088ae148992995373177a1d5583c6da4877c99e813ba440e386705c2bd7b1ea8c2058e498" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "0efba345-1b24-4f23-95fd-6a0147caebc9"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "24:YE66ZyxF4iPXOL1+N0MnaOL1hyYinXF4OL1F3YOL15PNMMDqMM:YrjleBw0MjBhyXBB9hB7MM2MM" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "ecc669c8-844f-43aa-a285-2b37afa57330"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4a09fc7a-97ba-434d-a669-fc640686e880" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:01.000Z" ,
"modified" : "2020-12-14T07:26:01.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".reloc" ,
"category" : "Other" ,
"uuid" : "c4e41937-dabe-4fca-b7a7-22048028098f"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "512" ,
"category" : "Other" ,
"uuid" : "544072ea-6e62-4186-b27b-60a69ad71ac4"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "1.9473387961876" ,
"category" : "Other" ,
"uuid" : "26a034d3-61de-4d2d-98a9-31890a2536db"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "a29f1db3dd779a4a629939ffeaa3835b" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "15824c39-2aba-445a-a04e-114f3d0cd1b3"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "c306017f3277b148c4a8914a6c4e46abc1496c94" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "1cf0120c-3b17-4185-b447-1adf982233d3"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "6743e59441d06b5b27d6c2c9cc28ba3e4e81d8955aa0ecde9233cfac0b6e019b" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "1b50cbfd-0808-4bca-9be6-9b14cf818f45"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "17a273facc124e6696eb6e1dc7c1c81c7dd478f2bff5b9160b6678dca0e460235b1f4a013e49f389a1d8d06bc0ca4471500219ee85e533a64afd2441f9bccef3" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "127e0360-f208-4e95-8961-28b7d04b2bcf"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "3:6/Pl:6/d" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "9f1c7bde-9015-4801-a37b-23c3fa042d82"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9d50d8e5-8c9f-42d3-b0af-aba92a54dc19" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:02.000Z" ,
"modified" : "2020-12-14T07:26:02.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".text" ,
"category" : "Other" ,
"uuid" : "30cc66ed-6a2e-4562-a96c-fed8a4f2332f"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "924672" ,
"category" : "Other" ,
"uuid" : "39f96b1d-f827-47dd-8b1a-320709384b70"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "5.6441844251496" ,
"category" : "Other" ,
"uuid" : "09165408-d87e-4886-8ab5-025954fd4c12"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "cf450191b90401e1015aa2433d7d0b47" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5c0872f1-daaa-4272-a776-789498ef0842"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "e812fddc3c622905954663d30b25fa8adcca6850" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "a30b699d-1698-4113-bd88-0f5831fa729b"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "e29b19ea0c58095c3ab7a19374734bba58effb01498c3f748824fed32326cb06" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "d74b6998-8f21-44e3-86b5-b46cec7b18c4"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "612f4238bbf10e162cf33b6ec9e69d975fb67a1f78f9a6f5436460fcd7664909ab2aaceaa4466eaafdde23b62e2dffe51a4e5addcfc028211c77981f0d6f9d13" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "a54e65bb-446a-4bd4-8efd-66fe4b2ccf96"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "24576:GdBfeHcrhCECR1R/zoi8SHoN0W8vB8O3IcL:qe8nK/zopSHoN0W8vB8u" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "f824def2-d811-4ec5-9a91-12b5219e02fa"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--712c68c3-179a-442b-b713-fab9eaa9b67e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:02.000Z" ,
"modified" : "2020-12-14T07:26:02.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rsrc" ,
"category" : "Other" ,
"uuid" : "4bedfd30-2c41-47c3-aba4-f4fff9444674"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "1536" ,
"category" : "Other" ,
"uuid" : "279e2b18-a2ee-44cb-9754-d56d5660035e"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "3.3987008123389" ,
"category" : "Other" ,
"uuid" : "52476f95-1cac-4995-ae75-0eb3763be6d4"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "005f91999efb988bc401181d2cf103de" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e15d2b4f-69f1-4e70-8f0d-1ef09b96da28"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "3a6f37bdbd8f812efd0805a5e14f468da79832cc" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "bf883a99-7b50-47a3-9568-0e5423a3ce57"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "4497bf92f774c9d57a1ad1cf5842e82c94efe82adb78ff3a90a015376361b284" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "f0b176ab-60da-4fac-a282-541dd163cad8"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "3da3a9c6f0e53126d2c2723262dbfb08716c02af82157a952da7f2d66540fafabe8db2e2f7c8091ec68f4463feb070bb37ae1b54c91a1d0a07fdf98a5518192e" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "52d42062-cf99-487e-b378-3288240ce4f5"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "24:LXsfQMKyxF4iPXOL1XNN9aOL1hninXF4OL1F3YOL1sPNelvq:LXsnjleBHJBhmBB9hB86i" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "4be07240-bf2d-4e8b-afcf-9d21c956d1fe"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6288dea8-53e7-4000-9bca-0ecc20bd35a4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:02.000Z" ,
"modified" : "2020-12-14T07:26:02.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".reloc" ,
"category" : "Other" ,
"uuid" : "957cdc36-5b00-48d5-8ea6-dec1a745a264"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "512" ,
"category" : "Other" ,
"uuid" : "99a27047-22f9-45c8-8d25-ada5de687f71"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "1.9473387961876" ,
"category" : "Other" ,
"uuid" : "88da1e2c-8bc8-49b1-af8b-4701f34bc0b6"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "32e87d188187fe9b9f6afd9de48a41d6" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "ed445919-2408-4cb4-8ccc-28336a289792"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "2e10d4aa9df60691736123b143dc3e1dc677330a" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "2020e53f-841b-4160-921b-f7527fdf4398"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "ca16d1bd56e607403c1b0b5d74c6dc3b8366fa3d982146cc0ec2948099ecfbad" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "f87cb4d6-55c1-4b5e-827c-9d9e485be032"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "8e56b8ec1f8828ac8eef7bb7758987aad8f09be39ae0873c2c1ccefa49b8416a48787488ce21c96159cfa536f881151a3372e1cba0dc40b59f338329287fc010" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "b35ce313-1666-47f0-9466-1434eabcaad3"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "3:HlZn:r" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "c955f330-eea4-4c0b-a948-941e2d61253a"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d1e0ec27-f60b-4a3c-931b-c7569be605db" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:04.000Z" ,
"modified" : "2020-12-14T07:26:04.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".text" ,
"category" : "Other" ,
"uuid" : "b26d2207-a24d-4a8e-98cd-1b3299b0ea89"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "1018368" ,
"category" : "Other" ,
"uuid" : "21bc5930-ee6a-4c21-bae5-8a06664078bf"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "5.5694865540978" ,
"category" : "Other" ,
"uuid" : "3a0c7663-908d-4b84-9982-fd4de2707f2a"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "26ec41a94ea4d2a3fbfebbe0a32cfa0b" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "4a199c6d-4dbb-4777-8c15-97e281bd19db"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "c83bb058abe34b411897a5feea274a4926ec20da" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5577a80e-e23a-436d-865d-9a1b7619aff0"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "6127115190de534d0f57f23add63dbc8c414ed99789644c1fa7e932cdbb01519" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "168b3a46-e015-4c5b-9d9b-e992849ca472"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "b4b49fe5725fe8807331672049dd4804929da896e63181eb7022825331fa64ec0eb18dd33c112688e23062b77248adf307151a3bcf71bd1816f5f79640abdc2f" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "fefd0377-b14b-4979-85c4-622abbcbef75"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "12288:6JKoHwfn/jz3bbO4Qag2I97PMieSLezPKT+cYvjenWHuhh9c0g8vkzE19Wa:KEfDbO97P8TrKhYbenWH4c0g8vkzE19j" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "200b66fb-16b6-4087-82b9-2b54264d835d"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--efe9facc-a05f-44d0-901f-62e4e870ef95" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:04.000Z" ,
"modified" : "2020-12-14T07:26:04.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rsrc" ,
"category" : "Other" ,
"uuid" : "26139e8c-e100-4569-af6f-ccfedfa6906f"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "1536" ,
"category" : "Other" ,
"uuid" : "cb66ec54-f979-4792-a658-0406233b5e5b"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "3.389713791853" ,
"category" : "Other" ,
"uuid" : "a3f61a5e-aa20-4530-9260-6d8dcf176756"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "9bd1855b2d66ddb1fb9bfb0be0907ac2" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "1d256d49-3288-45c8-a593-13551ac656c0"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "d0b5359a9a5744d632dbd321ca3a00c1a3f547b9" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "d91f9e3e-b9e7-446a-8a1e-befeec02bf86"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "7871935602a9354b0d04469b185dd7f20ddd0d80f45dd7946d6315c7352b8d8c" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "a66c7b16-9422-4a7e-af78-c90f9ebb1916"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "24b2c0c16a3e87a2469bf3315a59153f5ffb74518b50a1ee25cde89f81b919489dca38188f32ebe78b8d488dc30c291ebec665360240d926d297afba89942630" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e4c9d18e-9dfb-4e31-abaf-1b5c69b2e0b0"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "24:YA66ZyxF4iPXOL1+N0ZaaOL1hyYinXF4OL1F3YOL15PNMZkqMZ:YPjleBw0gBhyXBB9hB7MzM" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "395e3935-1ca9-44d9-a108-36515bff2c3e"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--aacf1b7b-aa96-4762-896a-a97ba1bd5c0e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:04.000Z" ,
"modified" : "2020-12-14T07:26:04.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".reloc" ,
"category" : "Other" ,
"uuid" : "647774ef-f53d-473d-9429-67724f4b8b2d"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "512" ,
"category" : "Other" ,
"uuid" : "a6085947-c708-44c8-bd93-150169ea147e"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "1.9473387961876" ,
"category" : "Other" ,
"uuid" : "a9915b7b-eb4e-44d8-85b3-346cadecb853"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "a29f1db3dd779a4a629939ffeaa3835b" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "6ca239fa-c698-4a75-953e-4118e4184f2b"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "c306017f3277b148c4a8914a6c4e46abc1496c94" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "58b0a624-87d4-41e0-a113-2600f978e6ec"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "6743e59441d06b5b27d6c2c9cc28ba3e4e81d8955aa0ecde9233cfac0b6e019b" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "c7e6fff3-c9e7-4cb9-958b-a5741192a1f4"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "17a273facc124e6696eb6e1dc7c1c81c7dd478f2bff5b9160b6678dca0e460235b1f4a013e49f389a1d8d06bc0ca4471500219ee85e533a64afd2441f9bccef3" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "d79d1f9e-9bed-4409-ab7e-f0b42019db3b"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "3:6/Pl:6/d" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "d9820eb8-18b6-4587-867b-7a26d6d2d0c3"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--95432908-2bb1-4cca-8b88-db3d0c4bcd6d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:05.000Z" ,
"modified" : "2020-12-14T07:26:05.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".text" ,
"category" : "Other" ,
"uuid" : "9d6dd696-fa53-481c-8c42-089d18a7259a"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "1001472" ,
"category" : "Other" ,
"uuid" : "7864c578-24e3-4840-8e03-5e8f9c278902"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "5.5697311444704" ,
"category" : "Other" ,
"uuid" : "602efb82-2338-428f-8041-841980dc83c6"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "c4a55257e26e3b07339fa125f5223a72" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "d9607fc7-8d83-40f4-b7bc-3b8e51839167"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "6c2e6a1b9ebb7d0eedb9e11d8017ff6c795b9b98" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "b210f518-0549-4265-aa82-5912e23157ff"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "9e1e82ad740aba788850c5529e3eb84681b0a53b6c76ff5eadc6cb762823dba3" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "13759646-d63d-4749-9a02-621fa0165f7c"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "131e0b4fff35499da6e33f099f8fe96de1a65deec9522becbc8e55d0470f42f8d58cc2f3678eb2a82667bdcd96ed0f587464917290904f989678788a497849db" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "26dd4d5f-47d6-4dd2-8a7f-5986ac7157bf"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "12288:0x7m/z9aEBzvnvLtYAi6uLlYQ69BBpIvF1tjpH7BKi+0A8vca9owY:PaEBTvRBi6uL6dIvDtjpH9+0A8vca9oj" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "76524233-9eec-4f82-88d5-b65259c6f6f2"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7d04169f-afa9-41b2-8992-c693a431abba" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:05.000Z" ,
"modified" : "2020-12-14T07:26:05.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rsrc" ,
"category" : "Other" ,
"uuid" : "07078bbe-9887-4307-a2cb-259c994c96d9"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "1536" ,
"category" : "Other" ,
"uuid" : "9d3331fc-865f-4ff3-ad8e-eeae43c356f7"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "3.4018646666713" ,
"category" : "Other" ,
"uuid" : "58debcd3-e4de-4dad-a43e-b3665d1c8d3d"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "7454e0d2a852d8d802490dbc6c07f42e" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "ec54cd2f-e5c4-4e3d-b24d-e950810fb7b7"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "b54275dd4daaa9467f91955b5b4670c20dfc4e49" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "fd622511-809c-458d-bccc-28e3b9d3bd44"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "e63d0b1280cd09f3d9236c4a7e428a000f0f87c6a707dbe2a6b5df3ceb24b48d" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "ce67aaa2-f196-4ad6-912e-3aff8c28bab0"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "d982e2edba71923c7f9c4fdff636995fb475ba4146ea66dcb28b2b24c0e7f81742b4109ee9900ae7f9442ded32f1412311766cd374d88abdff2da317f752708d" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "c43dbe58-0d94-4c82-899e-88d31e2e1cf3"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "24:wpyQMKyxF4iPXOL1XNNP+aOL1hyYinXF4OL1F3YOL1sPN3Flvq3:wp2jleBHSBhyXBB9hB8Pi" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "9f694408-2bbc-4e8b-95cb-cb42df342310"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9eb3ca01-80fb-4660-933b-05aa267d4a26" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:06.000Z" ,
"modified" : "2020-12-14T07:26:06.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".reloc" ,
"category" : "Other" ,
"uuid" : "cc3d8e71-9f46-4ae8-8017-f7abd4d1f92b"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "512" ,
"category" : "Other" ,
"uuid" : "9321f263-230d-4940-b7b5-c063882872d6"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "1.9473387961876" ,
"category" : "Other" ,
"uuid" : "cbf11ba1-559a-4981-aa48-6e1588de4dac"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "89642b60883c693211567f54fcde5631" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "6971af4b-4f08-4111-a1c4-2863ff56d8a4"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "0161b4dc14ed849384714b7d48e4ce8e31cee22d" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "84c2bedc-96ee-4d59-9c16-ad637657a02a"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "7e9191e9c1bd9624a97b0147d173abe2556a3b319dc1e1805d6ca2abc49c054b" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "4071bfcb-ba07-4f98-9a89-665f246147f7"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "32837f59e1063a10eff10e71f8ab2f78205122c136ac48bd1e73cb877b375da94c4f6553e84a7080c3a36b8af4461efad16ab251c2c777100b69fb44826aa3cf" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5a245eef-3ef3-4a5c-915d-1aabaf4e76f6"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "3:L:L" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "bcc92be7-237e-43b9-a5d1-85f5bb186f18"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4d9cc854-ade5-46a5-8df0-02ef90e5b8ea" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:34.000Z" ,
"modified" : "2020-12-14T07:26:34.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".text" ,
"category" : "Other" ,
"uuid" : "59321a91-8be0-463c-8c4b-0858a31ccceb"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "5632" ,
"category" : "Other" ,
"uuid" : "16b4ce24-d0db-42e9-9112-1f5471f80233"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "5.4919156876928" ,
"category" : "Other" ,
"uuid" : "63a2a64d-9cc6-492d-a520-3323c1932e8c"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "2109d02a31c7032f2bcabdf436b6726e" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "18a1477a-f748-4345-b710-5d7db45d0264"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "84d90343ae39a961e9e0f92127333b9cc9d62d33" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "fc59ff35-78b1-4657-929c-75d4eeb12e89"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "f04e002613102c556260dc57c5accb5db70b427a9c2fdd6f51419ff53499f173" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "124bb2fe-683d-4a43-b575-c4434ec79a62"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "3c343696c837d1efc28ae4a688b863c4dff41e3b80047cd2ec6c9d571a3f677f8c750a5dabc7530c56d04749e0972d4d13403f05d10635a69ac82707bc984f8d" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "02786a92-5495-44ac-a649-5da6a862d2fb"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "96:DKQSUZZa5aE8ibv1c8M1UBDawAjNXe+U8w15Gl+5DDGTBNF82gx:vqRzbt0GBDawA5uT8wSlyDDGTBNFS" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "0862c629-49c0-4f9f-a35c-c3c6fd8b1de0"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3592e786-423d-4e1f-abad-4e12fe86fc0b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:34.000Z" ,
"modified" : "2020-12-14T07:26:34.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rsrc" ,
"category" : "Other" ,
"uuid" : "f8437a8e-85f2-46e1-9efe-9b963a4dab48"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "1024" ,
"category" : "Other" ,
"uuid" : "fdef9cef-a5d5-45b9-bfb9-9519a149aa1b"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "3.1419883961028" ,
"category" : "Other" ,
"uuid" : "86dc1631-47cd-481e-a3f3-613495d21ad9"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "27193464e3effc6950cde66a4ad4757a" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "c64cb507-ebda-493c-8916-c3e7eaa0a018"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "01d5d5696eadc1963ccbbf7ff2f79ba482ed17e1" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "cc506e30-2538-454a-8edb-e9fbd9cdbb3d"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "a4c3bc5b8ba65bfff823212b5f2d76f618cbb12fd1e17db85ed1bbff35783336" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "67458d35-fd49-4cdd-bf7d-ec097283e63f"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "394e55d211fd73d6d5a5aaabeeb6f0330cd6b6fba40a07bcdd789976097875da6d130ba8308478a1991d0217f0b22b0159f07232e7119dc36367784b176ae1e7" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "3fad7cd3-b92b-47f4-a0f4-3e9686974db2"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "12:Essi3ntuAHeswYAB19aUGiqMZAiN5Eryi1qD41hPvYnqqf1qD41hoPN5Dlq5J:lIfs1FuZhNu8+PWN8+oPNnqX" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "4a101441-e6f4-49e4-813f-4974a1a74256"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--55c48bc2-d156-453e-a905-2649d1b0ee23" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2020-12-14T07:26:34.000Z" ,
"modified" : "2020-12-14T07:26:34.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".reloc" ,
"category" : "Other" ,
"uuid" : "427da0f8-d176-43b1-8b9e-197200c3c350"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "512" ,
"category" : "Other" ,
"uuid" : "fe6116b4-5c3c-4144-b635-95f1bc421050"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "1.5849625007212" ,
"category" : "Other" ,
"uuid" : "7046efd1-7f31-48cf-a710-a67fc3c075eb"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "6a8e92fdd78e813e24abd0a0932052b9" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "a08999b6-9f47-42e6-9f33-2849a4938cd6"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "76e3423312516772e053f5d1861163dd27e99a8c" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "ad03d9a1-a5db-4200-8089-561c966d2752"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "f81e587fb1c7b55c7daeeee2bca68e619df3c815b316e439ef006fd91894aa09" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "8282e5c0-3497-4c78-94c1-010fa4ef19fa"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "e91dae684ce94faddd8a4b69d745524f15494f22a55b87d4ef1dd5fa3b78e017a911d55148819ca2736e4c500742f82584dbb6cb9aa3a0b61fadf91a56b0dc3c" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e320b313-ce86-4f90-9505-f6c68a4451f0"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "3:n:n" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "bb2ea448-e454-4a70-a121-4086742cfd5f"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--52204c50-57b0-4f6b-b29c-c54301cdb9f5" ,
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--da3da386-9fe0-4822-a352-64a138239031" ,
"target_ref" : "x-misp-object--3073a9b9-f747-4ec4-99c4-f6b5c93fbd7f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--22eade95-9775-4725-a3ed-eeff959bc498" ,
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--7370a818-1f90-492f-9c8d-213e3414d8cf" ,
"target_ref" : "x-misp-object--aacff3c7-77c9-4c70-ab9c-9cea57951fa5"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--effa6eb9-78c5-4a06-a3d7-dedd3829d1b1" ,
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--7794b113-2f04-424f-ae5a-dd801e020d01" ,
"target_ref" : "x-misp-object--96ffe3c5-a158-40f6-a5ff-156ac385d32e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--55e7e38d-a6cb-4e7a-82ec-5265baa858b5" ,
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--d47e29ef-e08c-498c-a5c9-779a6a2b79f4" ,
"target_ref" : "x-misp-object--a496eaac-08a1-4a65-b489-96cdb0868312"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--705b403b-a4bf-4850-b161-4c023a1f5d25" ,
"created" : "1970-01-01T00:00:00.000Z" ,
"modified" : "1970-01-01T00:00:00.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--a224f9a3-c58e-41e0-9841-460afdd9f409" ,
"target_ref" : "x-misp-object--8329451d-10ab-4ecb-9cff-d5de9c33c5f6"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}